425 Too Early
HTTP response status code 425 Too Early is a client error that is returned by the server to indicate that it has received the request but is not going to process it because there is a risk of it being replayed.
This status code is not cacheable by default, as its message body is not the representation of any identified resource.
Usage
When the 425 Too Early error message is received, it may be related to the time required to secure an HTTPS connection. In particular, when there is a great deal of latency, the time required for TLS to create a secure connection can be lengthy. One of the ways for a client to optimize this is by sending data early in the process, in advance of the secure connection being set up.
If there is an intermediary involved in the chain then it must include the Early-Data: 1 request header. Similarly, an intermediary must not remove it. This not only notifies the server that the request has been sent in early data, but also that the client understands the meaning of the 425 Too Early response.
Request
GET /tech-news HTTP/1.1
Host: www.example.re
Early-Data: 1
It is not necessary for the original initiator of a request to send this header. Simply by sending data early, it implies that the client understands the consequences of doing so, and can deal with the 425 Too Early response appropriately.
Sending early data may be unfavorable in certain situations, and in response, the server will return this error message. The risk is that the client request may be replayed, which can lead to side effects that compromise security.
When a client receives this status code, it can automatically retry the request, although it must wait until after the handshake is complete and the secure connection is in place.
Note
Search engines like Google will not index a URL with 425 Too Early response status, and consequently, URLs that have been indexed in the past but are now returning this HTTP status code will be removed from the search results.
Example
In the example, the client requests a resource and the server responds with the 425 Too Early response, instructing the client to wait until after the connection is fully set up before retrying the request.
Request
GET /tech-news HTTP/1.1
Host: www.example.re
Content-Type: application/xml
Content-length: 225
<Message includes early data>
Response
HTTP/1.1 425 Too Early
Code references
Go
http.StatusTooEarly
Symfony
Response::HTTP_TOO_EARLY
Python3.5+
http.HTTPStatus.TOO_EARLY
Apache HttpComponents Core
org.apache.hc.core5.http.HttpStatus.SC_TOO_EARLY
Angular
@angular/common/http/HttpStatusCode.TooEarly
Takeaway
The 425 Too Early status code is a client error that is sent by the server in response to the client sending a request in advance of a secure connection being established. If the server does not support early data, then this error will be returned.