425 Too Early: HTTP Status Code Meaning, Causes, and Fixes | TerminalFeed

What 425 Too Early means

425 Too Early is a TLS 1.3 / 0-RTT defense. When TLS 1.3 sends data in 0-RTT (early data) for low-latency reconnects, that data is replayable by an attacker. Servers protecting against replay attacks return 425 for any non-idempotent request that arrived in 0-RTT, telling the client to retry over a fully-established TLS session.

When servers should return it: Return 425 when a non-idempotent request arrives via TLS 1.3 0-RTT and you cannot guarantee it has not been replayed.

How to fix 425 Too Early

Retry the request without TLS 0-RTT
Most clients handle 425 automatically and retry

Example response

HTTP/2 425
content-type: text/plain
Replay protection: retry with full handshake

Related status codes

Frequently Asked Questions

When does 425 occur in practice?

Mostly invisibly. CDNs and modern servers handle it automatically. You rarely see it directly.

Defined in: RFC 8470 · Class: 4xx Client Error

More references

For a one-page reference of all HTTP status codes, see the HTTP cheat sheet. For testing API responses, try the API Tester tool. For inspecting responses on the command line, the curl cheat sheet covers the most common flags.