HTTP 425 Too Early (RFC 8470) indicates the server is unwilling to risk processing a request that might be replayed. This is specifically related to TLS 1.3 early data (0-RTT) — data sent in the first flight of a TLS handshake can be replayed by an attacker. Non-idempotent requests (POST, PUT, DELETE) sent as early data may be dangerous, so the server returns 425 to tell the client to retry after the full handshake completes.
Response includes the status code, standard headers (including Content-Type), and a small diagnostic JSON body describing the request and returned status.
Simulator URL (copy in the app after load — not a normal link):
https://httpstatus.com/api/status/425
Example request:
curl -i "https://httpstatus.com/api/status/425"