500

HTTP 500 Internal Server Error

5xx Server Error

5xx Server Error RFC 7231, Section 6.6.1

What is HTTP 500 Internal Server Error?

The 500 (Internal Server Error) status code indicates that the server encountered an unexpected condition that prevented it from fulfilling the request. This is a generic catch-all error response. It usually indicates a server-side programming error, configuration issue, or resource constraint. The response body may include debugging information in development environments but should be generic in production.

Common Use Cases

  • Unhandled exceptions in server code
  • Database connection failures
  • Server configuration errors
  • Memory exhaustion

Usage Example

When an unhandled exception occurs in your application, the framework typically catches it and returns 500. In development, include the stack trace and error details. In production, log the full error server-side and return a generic message with a unique error reference ID for support tickets.

// Laravel - custom 500 error response in exceptions handler
public function render($request, \Throwable $e)
{
    if ($this->isHttpException($e)) {
        return $this->renderHttpException($e);
    }
    
    Log::error('Server error: ' . $e->getMessage(), [
        'trace' => $e->getTraceAsString(),
        'request_id' => $requestId,
    ]);
    
    return response()->json([
        'error' => 'Internal server error',
        'request_id' => $requestId,
    ], 500);
}

Common Mistakes

⚠️

Mistake: Exposing stack traces and debug information in 500 responses in production

Fix: Always suppress detailed error messages in production. Log the full error server-side and return a generic message. Stack traces expose internal paths, SQL queries, and code structure to potential attackers.

⚠️

Mistake: Catching exceptions and returning 500 without logging

Fix: Always log the full error with stack trace before returning 500. Without logs, you have no way to diagnose and fix the root cause of server errors.

⚠️

Mistake: Using 500 for client errors that should be 4xx

Fix: Do not catch and return 500 for validation errors, authentication failures, or other client-side issues. Return the appropriate 4xx status code instead.

Last updated: 21 Jun 2026