425 Too Early
The server declines to process a request that was replayed too early, to avoid replay attacks.
What it means
HTTP 425 Too Early means the server is unwilling to risk processing a request that arrived in TLS early data (the 0-RTT feature of TLS 1.3). Early data can be replayed by an attacker, so for any request that is not safe to repeat, the server asks the client to resend it once the connection is fully established.
When it happens
It happens with TLS 1.3 connections using 0-RTT early data, when a client sends a non-idempotent request in early data and the server refuses to act on it until the handshake completes.
How to fix it
- Retry the request after the TLS handshake finishes, without using early data.
- Send only safe, idempotent requests in 0-RTT early data; hold the rest until the connection is established.
- Disable 0-RTT for endpoints that must never receive replayable requests.
SEO impact
Negligible in practice. It is a TLS edge case, and crawlers do not depend on 0-RTT, so it rarely touches indexing.
Find out which of your URLs return 425
Paste a list of URLs and Sitewell checks the status code of every one at once — free and without signup.
Related codes
The server could not understand the request due to malformed syntax.
401 UnauthorizedAuthentication is required and has failed or not been provided.
402 Payment RequiredA largely reserved code intended for payment-gated access to a resource.
403 ForbiddenThe server understood the request but refuses to authorize it.
404 Not FoundThe server could not find the requested resource.
405 Method Not AllowedThe HTTP method used is not supported for the requested resource.
Related guides
A plain-English primer on HTTP status codes for SEOs: what the 2xx, 3xx, 4xx, and 5xx families mean, which ones affect rankings, and the codes worth knowing.
How to find and fix broken linksA practical walkthrough for finding broken links on your site, working out why each one breaks, and fixing them so visitors and crawlers stop hitting dead ends.