What Is the 503 Status Code? (503 Service Unavailable)

A 503 comes from one of two places. The first is the real server genuinely struggling: it's overloaded, restarting, mid-deployment, or its database timed out. These 503s are temporary and fix themselves within seconds or minutes. The second — the one scrapers see all the time — is bot detection. Cloudflare historically returned 503 alongside its "Checking your browser…" interstitial (a holding page shown while it inspects you); modern Cloudflare uses 403 for outright blocks and saves 503 for protecting capacity, but the old pattern still shows up. Akamai, AWS WAF, and Imperva also return 503 in various managed-block setups. The quickest way to tell the two apart: read the response body. A vendor-branded page means bot detection; a plain "Service Unavailable" or your own server's error template means real overload.

Treat 503 as worth retrying — but not blindly. If a `Retry-After` header is present, wait exactly that long. Otherwise use exponential backoff with jitter, meaning you double the wait each time and add a small random offset so many retries don't all fire at once: 2s, 4s, 8s, 16s, capping at a few minutes. If the body shows a bot-detection interstitial, retrying as the same "person" won't help — rotate your proxy (use a different exit IP) and refresh your fingerprint (the bundle of browser traits sites use to recognize you) before trying again. If 503s come in bursts and then recover, that's probably genuine origin overload and your retries will eventually get through. If your scraper gets 503s constantly but a normal browser doesn't, you're being blocked, not throttled.

Spread your requests out over time. Set concurrency limits (how many requests run at once) per-domain rather than globally — pointing 50 parallel workers at a single site reliably triggers 503s even on sturdy servers. Reuse TCP/TLS connections: a single HTTP/2 connection can carry many requests, and opening a fresh connection for every request is both slower and more obviously bot-like (TLS is the encryption layer behind https). Cache aggressively — if you scraped a page in the last 24 hours, don't fetch it again. And keep monitoring: a sudden jump in 503s from a target that was stable usually means it just rolled out new rate limits or a new bot-detection rule, and your strategy needs to adapt.