425

HTTP 425 Too Early

4xx Client Error

4xx Client Error RFC 8470, Section 5.2

What is HTTP 425 Too Early?

The 425 (Too Early) status code indicates that the server is unwilling to risk processing a request that might be replayed. This is related to the Early Data mechanism in TLS 1.3 where a client can send data immediately after the handshake without waiting for the server to confirm receipt.

Common Use Cases

  • TLS 1.3 early data (0-RTT) protection
  • Preventing replay attacks

Usage Example

When your server accepts TLS 1.3 early data, return 425 Too Early for non-idempotent requests like payment processing or resource creation. The client should wait for the handshake to complete before retrying, ensuring the request is not a replay.

# Nginx - rejecting early data for non-idempotent endpoints
location /api/payments {
    proxy_set_header Early-Data $ssl_early_data;
    if ($ssl_early_data = 1) {
        return 425;
    }
    proxy_pass http://backend;
}

Related Status Codes

Last updated: 21 Jun 2026