FAQ

What Is a 499 Response?

Why 499s are the scraper signature and what they mean for your origin.

1 min readLast updated 26 April 2026
Jump to section

The 499 status code

499 is not an official HTTP status code. It's a convention used by NGINX (and Cloudflare, which uses NGINX internally) to indicate that the client closed the connection before the server finished sending the response.

Why scrapers cause 499s

A scraper typically:

  1. Opens a connection to your edge
  2. Sends the request
  3. Starts receiving the response
  4. Closes the connection as soon as it has the data it needs (or times out after a few seconds)

Because the scraper doesn't wait for the full response, Cloudflare logs this as a 499. Legitimate browsers almost never do this -- they wait for the page to finish loading.

The numbers

A healthy SFCC storefront typically has a 499 ratio of 0.1-0.6%. This is from normal browser behaviour: users navigating away mid-load, mobile connections dropping, browser tab closes.

During the reference VNPT incident, a single ASN's 499 ratio hit 70%+. That's not browser behaviour -- that's a scraper on a tight timeout.

Why it matters

499s don't cost you origin bandwidth (the connection closed before the full response was sent), but they do:

  • Consume edge capacity
  • Indicate that someone is systematically probing your site
  • Often accompany cache bypass (the scraper uses URL tricks to avoid the cache)
  • Mask their true intent (the 499 hides what data they actually extracted)

Still stuck? Email support or open the support widget in the bottom-right.