421 Misdirected Request
When a request arrives on a connection not intended for the target server, the response is 421 Misdirected Request. Originally defined in HTTP/2, this status is now part of general HTTP semantics.
Usage
The 421 Misdirected Request error indicates the server is unable to produce a response. This status is sent as a result of connection reuse, where the server does not want clients to reuse connections. In response, a client tries to resubmit the request over a different connection.
This also occurs when an alternative service (Alt-Svc) is selected.
This status will not be generated by proxies.
SEO impact
Google recommends returning 421 to opt out of Googlebot crawling over HTTP/2. Googlebot supports both HTTP/1.1 and HTTP/2 and defaults to HTTP/1.1. Responding with 421 to HTTP/2 requests from Googlebot stops HTTP/2 crawling for the site. Pages returning 421 are not indexed, and previously indexed URLs returning this code are removed from search results.
Example
The client requests a resource and the server responds with 421 Misdirected Request because the request arrived on a connection not intended for this host.
Request
GET /tech-news HTTP/2
Host: www.example.re
Response
HTTP/2 421 Misdirected Request
How to fix
Retry the request on a new, dedicated connection to the intended origin. The browser or client opens a fresh TCP/TLS session rather than reusing an existing HTTP/2 multiplexed connection.
On the server side, verify the TLS certificate covers every hostname the server handles. A mismatch between the SNI (Server Name Indication) value and the Host header is the most common trigger.
When nginx reverse-proxies to an Apache backend over HTTPS, enable SNI forwarding so Apache sees the correct hostname:
proxy_ssl_server_name on;proxy_ssl_name $host;proxy_ssl_session_reuse off;
In Apache, confirm each virtual host has a matching
ServerName and a valid certificate. Tightened SNI
checks in recent Apache releases reject requests
where the SNI hostname and the Host header
conflict.
For CDNs and load balancers re-encrypting traffic to the origin, ensure the upstream TLS handshake sends the correct SNI value. Cloudflare and similar services need the origin certificate to list all served hostnames.
Disable HTTP/2 connection coalescing on the server when multiple domains share an IP but use different certificates. Each domain needs a separate connection.
Code references
.NET
HttpStatusCode.MisdirectedRequest
Rust
http::StatusCode::MISDIRECTED_REQUEST
Rails
:misdirected_request
Go
http.StatusMisdirectedRequest
Symfony
Response::HTTP_MISDIRECTED_REQUEST
Python3.5+
http.HTTPStatus.MISDIRECTED_REQUEST
Apache HttpComponents Core
org.apache.hc.core5.http.HttpStatus.SC_MISDIRECTED_REQUEST
Angular
@angular/common/http/HttpStatusCode.MisdirectedRequest
See also
- RFC 9110: HTTP Semantics
- Google: HTTP status codes and network errors
- RFC 7838: HTTP Alternative Services
- Alt-Svc
- HTTP status codes