DevArbor
4xx Client Error

425 Too Early

What it means

Defined in RFC 8470, 425 indicates the server is unwilling to process a request sent via TLS 1.3 "0-RTT" early data because of the risk of replay attacks. 0-RTT allows data to be sent before the TLS handshake completes, but this data can potentially be replayed by an attacker.

Site Visitor

What can I do?

  • Check the URL for typos — a single wrong character causes most 4xx errors.
  • Try navigating to the site's homepage and searching from there.
  • If the problem persists after retrying, contact the site owner.
Developer

How to debug & fix

  1. Only use 0-RTT for safe, idempotent requests (GET, HEAD)
  2. Configure your TLS library to not send non-idempotent requests as early data
  3. Handle 425 by retrying the request with normal TLS (1-RTT)
  4. Configure your TLS library to only send idempotent requests (GET, HEAD) as 0-RTT early data.

Code Example

Node.js / Express
// 0-RTT is configured at the TLS layer
// Node.js TLS: { earlyData: false } to disable

Related Status Codes

400 Bad Request

How HTTP Status Codes Work

Every HTTP response carries a three-digit status code that tells the client — browser, API consumer, or search-engine crawler — exactly what happened. The first digit defines the class: 1xx informational (request in progress), 2xx success, 3xx redirection, 4xx client error (bad request, missing auth, not found), and 5xx server failure.

Status codes are standardised in RFC 9110 (HTTP Semantics, 2022). Extensions like WebDAV (RFC 4918) and rate-limit headers (RFC 6585) added codes beyond the core set. When a client receives an unrecognised code, the rule is to treat it as the generic x00 of its class.

Why the Right Code Matters

Semantically correct codes help search engines index accurately (301 passes link equity; 410 removes pages faster than 404), allow API clients to implement correct retry logic (429 + Retry-After, 503 + Retry-After), and let monitoring systems distinguish bugs (500) from load issues (503) from auth failures (401/403).

Looking up a different status code? The full reference covers all HTTP codes with causes, fix guides, and copyable code examples for Node.js and Python.

Browse the full HTTP Status Code reference →

Frequently Asked Questions

What does HTTP 425 Too Early mean?
Defined in RFC 8470, 425 indicates the server is unwilling to process a request sent via TLS 1.3 "0-RTT" early data because of the risk of replay attacks. 0-RTT allows data to be sent before the TLS handshake completes, but this data can potentially be replayed by an attacker.
Is HTTP 425 the visitor's fault?
HTTP 425 Too Early is generally a client-side error, meaning the request itself has an issue. However, many causes — such as a broken link on the site or a misconfigured redirect — are the website owner's responsibility, not the visitor's.
How do I fix HTTP 425 Too Early?
As a visitor: check the URL for typos, go to the homepage, or search for the content. As a developer: only use 0-RTT for safe, idempotent requests (GET, HEAD).