TL;DR
HTTP 503 Service Unavailable is a deliberate “I can’t help you right now” response from a server that is up and reachable, but is choosing not to serve your request. The two most common reasons are: the server is overloaded and shedding traffic to protect itself, or it’s in scheduled maintenance mode with a manual maintenance page enabled.
Unlike 502 (which means an unintended failure between layers), 503 is an intentional response. The server knows it can’t serve you well right now and is being upfront about it.
If you’re a visitor: refresh in a few minutes — most 503s clear themselves once the underlying overload subsides or the maintenance window ends. If it persists past 30 minutes, the site has a more serious capacity problem.
How 503 differs from 502
These two error codes are easy to confuse:
| Code | Cause | Server intent |
|---|---|---|
| 502 Bad Gateway | The gateway tried to forward your request, but upstream returned something invalid or unreachable | Unintentional — something broke that wasn’t supposed to |
| 503 Service Unavailable | The server is up but is refusing to handle the request right now | Intentional — the server is choosing to defer your request |
| 504 Gateway Timeout | The gateway tried to forward your request, but upstream took too long to respond | Unintentional — upstream stalled |
A 503 is essentially the server saying “I’m here, I see your request, but I can’t process it. Try again later.” It often includes a Retry-After HTTP header telling well-behaved clients exactly how long to wait before retrying.
The five most common causes
1. Server overload — application-level rate limiting
The server’s CPU, memory, or connection pool is saturated. Application code or the load balancer detects this and returns 503 to shed load before things get catastrophic. This is a defensive mechanism — without it, the server would either crash entirely (causing 502s for everyone) or get so slow that responses time out (causing 504s).
Symptom pattern: clusters around traffic spikes — product launches, viral content, sale events. Resolves on its own as traffic subsides.
2. Scheduled maintenance window
The site operator has put up a maintenance page. The web server returns 503 for all requests, and the response body is the static “we’ll be back soon” page. Many CDNs and reverse proxies have a one-click maintenance-mode toggle that does exactly this.
Symptom pattern: announced in advance (sometimes), starts at a round-numbered time (2 AM UTC, midnight local), affects every page on the site uniformly.
3. Auto-scaling lag
The site uses auto-scaling — when traffic increases, more server instances spin up automatically. But spinning up new instances takes 30 seconds to several minutes. During the lag, the existing instances can’t handle the load, and they emit 503s.
Symptom pattern: brief 503 spikes at the leading edge of a traffic surge, then they clear once the new instances are warm and serving.
4. Backend dependency outage with circuit breaker
The site’s backend depends on a third-party service (a payment processor, an authentication provider, a search engine). That third party is down. A circuit breaker in the application code detects this and returns 503 instead of letting requests pile up waiting for the broken dependency.
Symptom pattern: affects only the parts of the site that depend on the broken service. Login fails with 503 while browsing works fine, for example.
5. Anti-bot or DDoS mitigation
The site is under attack (DDoS, scraping bots, credential stuffing). The CDN or WAF is rate-limiting suspicious traffic by returning 503. Legitimate users with similar traffic patterns can get caught in the false positives.
Symptom pattern: affects users with unusual fingerprints (VPN, datacenter IP, Tor, automated scripts). Often resolves by switching networks or browsers.
How to diagnose 503 as a visitor
- Read the page body. Many 503 responses include a human-readable explanation: “Site is undergoing maintenance until 4 AM UTC”, or “Too many requests from your network”. The text usually tells you the cause directly.
- Check the
Retry-Afterheader. If your browser tools show aRetry-Aftervalue, that’s the server telling you exactly when to come back. Modern browsers honor this for some auto-retry behaviors. - Wait 5 minutes and retry. If 503 was caused by a brief overload or auto-scaling lag, this is enough time for it to clear.
- Check our status page at
/check/{domain}to see if other users are reporting 503s. A spike in user reports plus a 503 from our servers confirms it’s a site-side incident, not local. - Try a different network if you suspect anti-bot mitigation. A 503 that appears only on your VPN but not on cellular is almost certainly a rate-limit false positive.
How to diagnose 503 as an operator
- Check whether you have maintenance mode enabled. Sounds obvious, but maintenance pages are sometimes left up by mistake.
- Check application metrics: request rate, error rate, latency, queue depth. A 503 spike during high traffic is the easy case; one during normal traffic is the hard case.
- Check whether your circuit breakers tripped. Most modern frameworks expose this; if
payment-servicecircuit is OPEN, your 503s are the breaker doing its job. - Check auto-scaling state. Are instances queued for launch? Did a recent scale-down event leave you under-provisioned for the current traffic?
- Check WAF/anti-bot rules. A new rule deployed in the last day is the most likely culprit if 503s started recently with no traffic change.
- Look at the upstream chain. If your CDN is returning 503 but your origin is healthy, the CDN’s rate limit or anti-bot is the cause.
Why a 503 is “better” than a crash
It can feel counterintuitive, but a server returning 503 is making a good engineering choice. The alternatives are worse:
- Letting requests pile up until the server runs out of memory and crashes — now everyone gets 502s and recovery takes minutes.
- Letting requests time out with no response — now the user’s browser hangs for 30+ seconds before showing an error.
- Returning partial or corrupted responses — now the user sees broken pages, double-charges on checkout, etc.
A clean 503 with a Retry-After header is the polite way for an overwhelmed server to tell clients “I can’t help right now, come back in a moment.”
How a website operator prevents 503s
- Capacity planning. Know your traffic peaks and provision for them.
- Auto-scaling with warm pools. Pre-warm instances during predictable traffic ramps so the scale-up lag doesn’t hit user-facing requests.
- Caching aggressively. A request that hits a cache never reaches the origin server, so cached responses don’t contribute to overload.
- Circuit breakers with fallbacks. When a non-critical dependency fails, return a degraded response (cached results, simplified UI) instead of 503-ing the entire request.
- WAF tuning. Review false-positive rates regularly. Anti-bot rules that block 0.5% of legitimate users are too aggressive.
- Maintenance windows during low-traffic hours. Schedule planned 503s for 3 AM local time, not noon.
Related concepts
- HTTP 502 Bad Gateway — the cousin error code, with different causes.
- DNS resolution — how request routing works before any HTTP status code is generated.
- Time to first byte (TTFB) — the metric that often reveals overload conditions before they cause 503s.
- SSL/TLS errors — handshake failures look similar to 503 from the user’s seat.
How we surface 503-pattern outages
When our monitoring sees a /check/{domain} HTTP probe return 503, we record it as a down status. Combined with our crowd-sourced report channel, this catches both server-side overload (where many users hit 503 simultaneously) and silent maintenance windows that the operator forgot to announce. Our methodology page describes the dual-signal detection in detail. For a real-time view of which sites are currently 503-ing or otherwise unreachable, see our live outages feed.