HTTPREF
← Back to status codes

HTTP Status Code

425 Too Early

Client Error

The server is unwilling to process the request because it may be replayed.

HTTP status code reference, response example, common causes, fixes, and related status codes.

What does HTTP 425 Too Early mean?

HTTP 425 Too Early is a status code sent by a server to indicate the result of an HTTP request.

Status codes help browsers, APIs, apps, and backend systems understand whether a request succeeded, failed, was redirected, or needs additional action.

In practice, HTTP 425 Too Early usually appears when a server responds under specific request, validation, permission, or infrastructure conditions.

Response example

HTTP/1.1 425 Too Early
Content-Type: application/json

{
  "error": "too_early",
  "message": "Retry this request without early data."
}

HTTP example

HTTP/1.1 425 Too Early

Common causes

  • The client sent TLS early data for a request the server considers unsafe
  • The server wants to reduce the risk of replay attacks
  • A non-idempotent request was sent too early in the connection lifecycle

How to fix it

  • Retry the request normally without using early data
  • Avoid sending non-idempotent requests with TLS 0-RTT
  • Check reverse proxy, CDN, or TLS configuration if early data is enabled

Common mistakes

  • Assuming the status code alone explains the full backend issue
  • Ignoring related response headers that add important context
  • Treating temporary errors as permanent failures
  • Retrying too aggressively without checking the cause
  • Debugging the frontend only when the problem is server-side

How browsers and APIs use it

Browsers, APIs, and backend services use HTTP status codes to understand the outcome of a request. Depending on the status code, an application may render content, retry a request, redirect the user, show an error, or trigger a different flow in the client or server.

Practical developer insight

425 Too Early is defined in RFC 8470 and is mainly relevant for TLS 1.3 early data and replay protection. It is a modern and relatively rare status code, but important for understanding how servers handle potentially replayable requests.

Client-side example

if (response.status === 425) {
  console.warn("Retrying request without TLS early data.");
}

Related status codes

HTTP 400HTTP 409HTTP 421