A port 80 check tells you whether your web server is reachable over HTTP - the protocol that browsers use by default when you type a plain URL without "https://". If port 80 is blocked or not listening, visitors get connection errors, and your site goes dark. Here's exactly how to diagnose and fix it.
Content Table
What Port 80 Actually Does
Port 80 is the default TCP port for
HTTP (Hypertext Transfer Protocol)
. When a browser connects to
http://example.com
, it automatically targets port 80 on that server's IP address. The server software - Apache, Nginx, IIS, Caddy, or anything else - must be actively listening on port 80 for that connection to succeed.
Port 80 is defined in IANA's official port registry and standardized in RFC 9110. It's a "well-known" port, meaning numbers 0-1023 are reserved for system-level services and require elevated privileges to bind on Linux/macOS.
How to Check if Port 80 is Open
There are several ways to check if port 80 is open, depending on whether you're checking locally (on the server itself) or remotely (from another machine or the internet).
Using telnet
Telnet is the quickest manual test. Run this from any machine that has network access to the target host:
telnet example.com 80If port 80 is open and a web server is listening, you'll see a blank cursor or an HTTP banner. If it's closed or filtered, you'll get "Connection refused" or the command will hang until it times out.
Using curl
curl gives you more detail - it shows you the actual HTTP response:
curl -v http://example.com
The
-v
flag prints verbose output, including the TCP handshake and response headers. A successful connection shows
* Connected to example.com (93.184.216.34) port 80
. A failure shows
curl: (7) Failed to connect
.
Using nmap
nmap is the gold standard for port scanning. To test port 80 specifically:
nmap -p 80 example.comThe result will show one of three states: open (something is listening), closed (port is reachable but nothing is listening), or filtered (a firewall is dropping packets and nmap can't determine the state).
Using PowerShell on Windows
Test-NetConnection -ComputerName example.com -Port 80
PowerShell's
Test-NetConnection
returns a clean
TcpTestSucceeded : True
or
False
, making it easy to script. For a full guide on Windows port checking, see
checking open ports on Windows
.
Using netstat to Inspect Port 80
When you're on the server itself,
netstat
shows you exactly what process is bound to port 80. This is the right tool when you need to answer "is something actually listening on port 80 on this machine?"
Linux / macOS
sudo netstat -tlnp | grep :80Flags breakdown:
-
-t- TCP connections only -
-l- listening sockets only -
-n- show numeric addresses (faster, skips DNS lookups) -
-p- show the process name and PID
A typical result looks like:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1234/nginx
. That tells you nginx (PID 1234) is listening on all interfaces on port 80.
On modern Linux systems,
ss
is faster and preferred over
netstat
:
sudo ss -tlnp | grep :80Windows
netstat -ano | findstr :80This lists all connections with port 80 and their PID. To find the process name from the PID (say, PID 4892):
tasklist /fi "pid eq 4892"Diagnosing a Port 80 Blocked by Firewall
A firewall block is the most common reason port 80 appears closed from the outside even when your web server is running fine locally. There are three layers where the block can happen:
| Layer | Where to Check | Tool |
|---|---|---|
| OS firewall (server) | iptables / ufw (Linux), Windows Defender Firewall |
iptables -L -n
or Windows Firewall rules
|
| Cloud security group | AWS EC2 Security Groups, Azure NSG, GCP Firewall Rules | Cloud console inbound rules |
| Network/ISP firewall | Router ACL, ISP residential port blocking | Contact ISP or use external port scanner |
Check iptables on Linux
sudo iptables -L INPUT -n -v | grep 80If you see a DROP or REJECT rule for port 80, that's your culprit. To allow port 80 with ufw:
sudo ufw allow 80/tcp
sudo ufw reloadCheck AWS Security Groups
If your server is on EC2, go to EC2 console - Security Groups - Inbound rules. You need a rule allowing TCP port 80 from
0.0.0.0/0
(or your specific IP range). Without this, all port 80 traffic is dropped before it even reaches your OS firewall.
For a deeper look at Linux-side port diagnostics, the complete guide to checking open ports on Linux covers iptables, ufw, firewalld, and nftables in detail.
HTTP Port Not Responding: Common Causes and Fixes
When the HTTP port is not responding, the problem falls into one of these buckets:
-
Web server not running
- Check with
systemctl status nginxorsystemctl status apache2. If it's stopped, start it:sudo systemctl start nginx. -
Web server crashed on startup
- Check logs:
sudo journalctl -u nginx --since "10 minutes ago". A config syntax error or port conflict will be logged here. -
Server bound to localhost only
- If your server config says
listen 127.0.0.1:80instead oflisten 0.0.0.0:80, it won't accept external connections. Fix the bind address in your server config. - Port 80 already in use - Another process grabbed port 80 before your web server started. Use netstat to identify it, then stop it or reconfigure one of the services.
-
SELinux or AppArmor blocking the bind
- On RHEL/CentOS systems, SELinux may prevent a non-standard process from binding to port 80. Check
ausearch -m AVC -ts recentfor denials.
curl http://127.0.0.1
directly on the server. If that works but external connections fail, the problem is a firewall or network rule - not the web server itself.
Test Port 80 Connectivity From Outside Your Network
Testing from your own machine can be misleading - you might be on the same LAN as the server, bypassing firewall rules that apply to external traffic. To test port 80 connectivity as a real visitor would experience it, you need an external test.
You can check your server's HTTP response headers from outside using our HTTP Headers Checker tool . It fetches the headers from your URL and shows exactly what a browser receives - status codes, server type, redirect chains, and more - all from an external vantage point.
Other external options:
- Online port scanners - Sites like portchecker.co or canyouseeme.org let you type an IP and port number to test from their servers.
-
From a VPS or cloud shell
- Spin up a free-tier cloud instance in a different region and run
nc -zv your-server-ip 80from there. -
Using nc (netcat) locally
-
nc -zv example.com 80gives a quick open/closed result without installing anything extra on most Linux/macOS systems.
Port 80 vs. Port 443: When Each One Matters
Port 443 handles HTTPS (encrypted HTTP via TLS). Most modern sites redirect all port 80 traffic to port 443 immediately. But port 80 still matters for several reasons:
- ACME/Let's Encrypt HTTP-01 challenges - Let's Encrypt's certbot uses port 80 to verify domain ownership. If port 80 is blocked, certificate issuance fails.
- Internal services without TLS - Many internal tools, monitoring agents, and microservices communicate over plain HTTP on port 80 within a private network.
- Legacy clients and IoT devices - Some embedded devices and older clients don't support TLS and rely on port 80.
- Redirect infrastructure - Even if you serve everything over HTTPS, you need port 80 open to catch and redirect HTTP requests rather than leaving users with a connection error.
Instantly see what port 80 is actually returning
Our HTTP Headers Checker fetches the live response from any URL so you can confirm port 80 is open, check for redirect chains, and see the exact status codes your server sends - no command line needed.
Check HTTP Headers Now →
On Linux, run
sudo ss -tlnp | grep :80
or
sudo netstat -tlnp | grep :80
. Both commands show the process name and PID bound to port 80. On Windows, use
netstat -ano | findstr :80
to get the PID, then
tasklist /fi "pid eq [PID]"
to find the process name. Common occupants include nginx, apache2, IIS, and Node.js servers.
Use the same netstat or ss commands but filter for 8080 instead:
sudo ss -tlnp | grep :8080
on Linux, or
netstat -ano | findstr :8080
on Windows. Port 8080 is a common alternative HTTP port used by development servers, Tomcat, Jenkins, and proxies. If something is already bound there, you'll need to stop it or configure your new service to use a different port.
On dedicated web servers and VPS instances, yes - port 80 is typically open and expected. On residential internet connections, many ISPs block inbound port 80 to prevent customers from hosting public servers on home connections. On cloud instances, port 80 is often closed by default in the security group until you explicitly add an inbound rule allowing it.
From outside the server, use
nmap -p 80 your-server-ip
or
telnet your-server-ip 80
. From the server itself, use
ss -tlnp | grep :80
to confirm something is listening. Also check your firewall rules - on Linux with ufw, run
sudo ufw status
to see if port 80 is listed as allowed.
On Linux with ufw:
sudo ufw allow 80/tcp
. With iptables directly:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
. On Windows, add an inbound rule in Windows Defender Firewall for TCP port 80. On a cloud server, add an inbound rule in your security group or network security group allowing TCP port 80 from the desired source range.
Port 80 is open when a web server is configured to serve HTTP traffic, which is the standard for any public-facing website. It also stays open on servers that redirect HTTP to HTTPS (port 443), because the redirect itself requires accepting the initial port 80 connection. Certificate renewal tools like Let's Encrypt certbot also require port 80 for HTTP-01 domain validation challenges.
Open Windows Defender Firewall with Advanced Security, click "Inbound Rules", then "New Rule". Choose "Port", select TCP, enter 80 as the specific local port, choose "Allow the connection", apply to all profiles (Domain, Private, Public), and give the rule a name. Alternatively, run this in an elevated PowerShell prompt:
New-NetFirewallRule -DisplayName "HTTP Port 80" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
.
Yes, on Linux and macOS, port 80 is a privileged port (ports 0-1023 require root or CAP_NET_BIND_SERVICE capability to bind). This means a regular user process can't listen on port 80 without elevated permissions. Web servers like nginx and Apache are typically started as root to bind port 80, then drop to a lower-privilege user for request handling. On Windows, there is no equivalent restriction for port 80.
Port 80 (HTTP) is used instead of 443 (HTTPS) in scenarios where TLS is unnecessary or impractical - such as internal microservices on a trusted private network, local development environments, or IoT devices without TLS support. Port 80 is also required for Let's Encrypt HTTP-01 certificate challenges. For any public-facing site, port 443 with TLS is strongly preferred, with port 80 kept open only for redirects.
No, they are different ports. Port 80 is the IANA-assigned standard for HTTP and is used automatically by browsers when no port is specified. Port 8000 is an unofficial alternative commonly used by development servers - Python's
python -m http.server
defaults to 8000, as does Django's development server. To reach a service on port 8000, you must specify it explicitly in the URL:
http://example.com:8000
.