Too Early

4xx Client Error

ELI5

You're trying to do something too early in the connection process. It's like trying to order food before the restaurant is fully open.

Use 425 when the server will not risk processing a replayable request sent in TLS early data.

•Return 425 for non-idempotent or replay-sensitive operations received too early
•Use it when the request should be retried after the handshake, not processed in 0-RTT
•TLS early data (0-RTT) security concerns
•Non-idempotent operations over early data
•Preventing replay attacks in TLS 1.3
•When server cannot guarantee request uniqueness

•A body is optional; include a short explanation only if clients need to understand early-data retry behavior.

Request:POST https://api.example.test/api/payment

This request was sent in TLS 0-RTT early data; an intermediary may add Early-Data: 1 before forwarding to the origin server.

Response:

425 Too Early

# Headers
Content-Type: application/json

# Body
{
  "error": "too_early"
}

Request:DELETE https://api.example.test/api/users/123

This request was sent in TLS 0-RTT early data; an intermediary may add Early-Data: 1 before forwarding to the origin server.

Response:

425 Too Early

# Headers
Content-Type: application/json

# Body
{
  "error": "too_early"
}

Slow down! You're making too many requests too quickly. Wait a bit and try again later.

Our service is temporarily down for maintenance or overloaded. Please try again later.