302 Found 3xx
The requested resource has been temporarily moved to a different URL.
What does 302 mean?
A 302 Found response tells the client that the requested resource is temporarily available at a different URL, but the original URL remains the "real" one for future requests. Unlike 301, a 302 doesn't signal a permanent change — it's the HTTP equivalent of "the thing you're looking for is over there for now, but keep using this address going forward."
302 has an unusual history: in HTTP/1.0, this code was literally named "Moved Temporarily," but its real-world behavior across browsers became inconsistent (some converted POST to GET when following it, others didn't), which is part of why 307 was later introduced to provide a version with guaranteed, predictable behavior.
How a 302 behaves
- It includes a
Locationheader pointing to the temporary URL - It's not cached as aggressively as 301 — browsers treat it as a one-time redirect for this request, not a permanent rule to remember
- Search engines keep the original URL as canonical — ranking signals stay with the original URL rather than transferring to the temporary destination
- The HTTP method may not be preserved — like 301, a 302 doesn't guarantee that a POST request stays a POST after the redirect; this ambiguity is exactly what 307 was created to resolve
Common causes
If you're building the API or website:
- A page is temporarily unavailable and you're redirecting visitors to an alternative (e.g., a product page redirecting to a "currently out of stock, see similar items" page)
- Geolocation-based or A/B testing redirects, where the destination depends on conditions that might change
- Post-login redirects — after authenticating, a user is sent to wherever they were trying to go, but the login URL itself remains the "real" entry point
- Maintenance-mode redirects — temporarily sending traffic to a status/maintenance page while the main site is down
If you're calling an API:
- Some APIs use 302 for short-lived resource locations — e.g., a file download endpoint that redirects to a temporary, signed URL on a CDN or storage service
- OAuth flows commonly use 302 redirects to bounce between an application and an authentication provider
If you're a website visitor:
- You're being sent through a login flow, A/B test, or temporary promotional redirect
- A link you followed points to content that's been temporarily relocated (e.g., during a site redesign in progress)
How to fix it / use it correctly
As an API/website builder:
- Use 302 (or 307) when the redirect destination might change again soon, or when you specifically want the original URL to remain canonical for search engines
- For file downloads via signed/temporary URLs, 302 is the standard pattern — the permanent API endpoint redirects to a short-lived storage URL
- Be cautious with 302 redirects in OAuth/login flows — make sure redirect destinations are validated to prevent open-redirect vulnerabilities (where an attacker crafts a URL that redirects to a malicious site)
- If you're not sure whether a redirect is permanent or temporary, default to 302 — it's far easier to later upgrade a temporary redirect to a 301 than to undo the SEO effects of an incorrectly used 301
As an API consumer:
- Be aware that following a 302 might change your request method depending on your HTTP client's defaults — if you're sending a POST and need it to stay a POST through a redirect, check whether your client preserves the method on 302, or consider whether the API actually intends a 307
- Don't cache 302 redirect destinations long-term — they're explicitly temporary
As a website visitor:
- Nothing to do — 302s are transparent and handled automatically by your browser
301 vs 302 vs 307 vs 308
| Code | Permanent? | Method preserved? (spec-guaranteed) | Typical use |
|---|---|---|---|
| 301 Moved Permanently | Yes | Not guaranteed (historically often becomes GET) | Permanent URL changes, SEO-significant redirects |
| 302 Found | No | Not guaranteed | Temporary redirects (legacy default, ambiguous) |
| 307 Temporary Redirect | No | Guaranteed | Temporary redirects where the method/body must stay the same (e.g., a POST staying a POST) |
| 308 Permanent Redirect | Yes | Guaranteed | Permanent redirects where method preservation matters |
The simplest mental model: 301 and 308 are "permanent" (search engines transfer ranking signals), 302 and 307 are "temporary" (ranking signals stay with the original URL). Within each pair, the newer codes (307/308) guarantee the HTTP method is preserved; the older codes (301/302) historically don't guarantee this, which is the main reason 307/308 exist.
Real-world examples
OAuth authentication flows are one of the most common real-world uses of 302 — when you click "Log in with Google" on a website, you're typically being sent through one or more 302 redirects between the website and Google's authentication servers before landing back on the original site. Cloud storage services (AWS S3, Google Cloud Storage) frequently use 302 redirects for file downloads, where a permanent application URL redirects to a temporary, signed URL that grants time-limited access to the actual file.
SEO implications
A 302 tells search engines the original URL is still the canonical one — the destination of the redirect is treated as temporary content being shown at a different location, but ranking signals stay put. This is the correct behavior when a redirect truly is temporary (a sale page, a maintenance redirect). The common mistake is using 302 for what's actually a permanent change (like a site redesign with new URLs) — in that case, the old URLs keep their ranking signals indefinitely while the new URLs may struggle to rank, because search engines are waiting for the "permanent" signal that never comes.
FAQ
What's the difference between 301 and 302?
301 signals a permanent move — search engines transfer ranking signals to the new URL. 302 signals a temporary move — the original URL remains canonical, and ranking signals stay with it rather than transferring.
If I'm not sure whether a redirect is permanent, which should I use?
Default to 302. It's much easier to later change a 302 to a 301 once you're confident the move is permanent, than to undo the SEO consequences of having used 301 for something that turned out to be temporary.
Why was 302 originally called "Moved Temporarily"?
That was its name in the original HTTP/1.0 specification. The name was changed to "Found" in later specs partly because real-world browser behavior didn't always match "temporarily" — some browsers cached it more persistently than the name implied, creating ambiguity that eventually led to 307 being introduced for unambiguous temporary redirects.
Does a 302 redirect preserve POST data?
Not reliably — like 301, the spec doesn't guarantee it, and different clients handle this differently (some convert the POST to a GET on the redirected request, dropping the body). If preserving the method and body through a redirect is important, 307 is the code designed specifically to guarantee this.
Are 302 redirects bad for SEO?
Not inherently — they're the correct choice for genuinely temporary redirects. They become a problem only when used for changes that are actually permanent, since the original URL keeps accumulating ranking signals that never transfer to the new location.
Fun fact
302 is technically the "default" redirect status code returned by many web frameworks and server configurations when developers write a generic redirect() function without specifying a status code — meaning a huge number of redirects across the web are 302s not because anyone deliberately chose "temporary," but simply because it was the path of least resistance in the framework's API.