425 Too Early

HTTP response status code 425 Too Early is a client error that is returned by the server to indicate that it has received the request but is not going to process it because there is a risk of it being replayed.

This status code is not cacheable by default, as its message body is not the representation of any identified resource.

Usage

When the 425 Too Early error message is received, it may be related to the time required to secure an HTTPS connection. In particular, when there is a great deal of latency, the time required for TLS to create a secure connection can be lengthy. One of the ways for a client to optimize this is by sending data early in the process, in advance of the secure connection being set up.

If there is an intermediary involved in the chain then it must include the Early-Data: 1 request header. Similarly, an intermediary must not remove it. This not only notifies the server that the request has been sent in early data, but also that the client understands the meaning of the 425 Too Early response.

Request

GET /tech-news HTTP/1.1
Host: www.example.re
Early-Data: 1

It is not necessary for the original initiator of a request to send this header. Simply by sending data early, it implies that the client understands the consequences of doing so, and can deal with the 425 Too Early response appropriately.

Sending early data may be unfavorable in certain situations, and in response, the server will return this error message. The risk is that the client request may be replayed, which can lead to side effects that compromise security.

When a client receives this status code, it can automatically retry the request, although it must wait until after the handshake is complete and the secure connection is in place.

Note

Search engines like Google will not index a URL with 425 Too Early response status, and consequently, URLs that have been indexed in the past but are now returning this HTTP status code will be removed from the search results.

Example

In the example, the client requests a resource and the server responds with the 425 Too Early response, instructing the client to wait until after the connection is fully set up before retrying the request.

Request

GET /tech-news HTTP/1.1
Host: www.example.re
Content-Type: application/xml
Content-length: 225

<Message includes early data>

Response

HTTP/1.1 425 Too Early

Code references

Go

http.StatusTooEarly

Symfony

Response::HTTP_TOO_EARLY

Python3.5+

http.HTTPStatus.TOO_EARLY

Apache HttpComponents Core

org.apache.hc.core5.http.HttpStatus.SC_TOO_EARLY

Angular

@angular/common/http/HttpStatusCode.TooEarly

Takeaway

The 425 Too Early status code is a client error that is sent by the server in response to the client sending a request in advance of a secure connection being established. If the server does not support early data, then this error will be returned.

See also

Last updated: August 2, 2023