A 451 status code returned by the Defense Distributed website to a client in Pennsylvania, 30 July 2018.[1]
HTTP
Persistence
Compression
HTTPS
QUIC
Request methods
OPTIONS
GET
HEAD
POST
PUT
DELETE
TRACE
CONNECT
PATCH
Header fields
Cookie
ETag
Location
HTTP referer
DNT
X-Forwarded-For
Response status codes
301 Moved Permanently
302 Found
303 See Other
403 Forbidden
404 Not Found
451 Unavailable for Legal Reasons
Security access control methods
Basic access authentication
Digest access authentication
Security vulnerabilities
HTTP header injection
HTTP request smuggling
HTTP response splitting
HTTP parameter pollution
v
t
e
In computer networking, HTTP 451 Unavailable For Legal Reasons is a proposed standard error status code of the HTTP protocol to be displayed when the user requests a resource which cannot be served for legal reasons, such as a web page censored by a government. The number 451 is a reference to Ray Bradbury's 1953 dystopian novel Fahrenheit 451, in which books are outlawed.[2] 451 provides more information than HTTP 403, which is often used for the same purpose.[3] This status code is currently a proposed standard in RFC 7725 but is not yet formally a part of HTTP, as of RFC 9110.
Examples of situations where an HTTP 451 error code could be displayed include web pages deemed a danger to national security, or web pages deemed to violate copyright, privacy, blasphemy laws, or any other law or court order.
After introduction of the GDPR in the EEA it became common practice for websites located outside the EEA to serve HTTP 451 errors to EEA visitors instead of trying to comply with this new privacy law. For instance, many regional U.S. news sites no longer serve web browsers from the EU.[4][5][6]
The RFC is specific that a 451 response does not indicate whether the resource exists but requests for it have been blocked, if the resource has been removed for legal reasons and no longer exists, or even if the resource has never existed, but any discussion of its topic has been legally forbidden (see injunction).[7] Some sites have previously returned HTTP 404 (missing) or similar if they are not legally permitted to disclose that the resource has been removed. It is used in the United Kingdom by some Internet service providers utilising the Internet Watch Foundation blacklist, returning a 404 message or another error message instead of showing a message indicating the site is blocked.[8][9]
The status code was formally proposed in 2013 by Tim Bray, following earlier informal proposals by Chris Applegate[10] in 2008 and Terence Eden[11] in 2012. It was approved by the IETF on December 18, 2015.[12] It was published as in the Proposed Standard RFC 7725 in February 2016.
HTTP 451 was mentioned by the BBC's From Our Own Correspondent programme, as an indication of the effects of sanctions on Sudan and the inability to access Airbnb, the App Store, or other Western web services.[13]
^"Attorney General Shapiro, Governor Wolf, State Police Successfully Block Access to 3D Downloadable Guns in Pennsylvania" (Press release). Pennsylvania Office of Attorney General. 29 July 2018.
^Flood, Alison (22 June 2012). "Call for Ray Bradbury to be honoured with internet error message". The Guardian. Retrieved 22 June 2012.
^Ducklin, Paul (19 August 2013). "HTTP error code 451: "Unavailable For Legal Reasons"". Naked Security. Sophos.
^Matt Burgess (29 August 2018). "The tyranny of GDPR popups and the websites failing to adapt". WIRED. Retrieved 1 October 2018.
^"More than 1,000 U.S. News sites are still unavailable in Europe, two months after GDPR took effect". www.niemanlab.org.
^"Major US news sites are still blocking Europeans due to GDPR". Engadget. Retrieved 27 July 2023.
^Bray, Tim (February 2016). "451 Unavailable For Legal Reasons". An HTTP Status Code to Report Legal Obstacles. sec. 3. doi:10.17487/RFC7725. RFC 7725.
^"Cleanfeed". ORG Wiki. Open Rights Group. If the request is for the blocked content then the proxy server will return a 404 error page to the customer
^Arthur, Charles (8 December 2008). "How the IWF blacklist stops you seeing the Scorpions' album cover". Technology blog, The Guardian. TCP Reset is sent back to the customer instead of content.
^Applegate, Chris (9 December 2008). "There is no HTTP code for censorship". qwghlm.co.uk. Retrieved 23 December 2015.
^Byrne, Michael (21 December 2015). "The HTTP 451 Error Code for Censorship Is Now an Internet Standard". Vice. Retrieved 3 July 2020.
^Nottingham, Mark (18 December 2015). "Why 451?". mnot’s blog. Retrieved 20 December 2015.
^Sally Hayden (28 September 2017). From Our Own Correspondent (radio). BBC Radio 4.
In computer networking, HTTP451 Unavailable For Legal Reasons is a proposed standard error status code of the HTTP protocol to be displayed when the...
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over...
Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is...
This is a list of Hypertext Transfer Protocol (HTTP) response status codes. Status codes are issued by a server in response to a client's request made...
communications, the HTTP 404, 404 not found, 404, 404 error, page not found, or file not found error message is a hypertext transfer protocol (HTTP) standard response...
HTTP 403 is an HTTP status code meaning access to the requested resource is forbidden. The server understood the request, but will not fulfill it, if...
HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user...
Fahrenheit 451 is a 1953 dystopian novel by American writer Ray Bradbury. It presents a future American society where books have been outlawed and "firemen"...
In HTTP, "Referer" (a misspelling of Referrer) is an optional HTTP header field that identifies the address of the web page (i.e., the URI or IRI), from...
The HTTP response status code 302 Found is a common way of performing URL redirection. The HTTP/1.0 specification (RFC 1945) initially defined this code...
On the World Wide Web, HTTP 301 is the HTTP response status code for 301 Moved Permanently. It is used for permanent redirecting, meaning that links or...
HTTP pipelining is a feature of HTTP/1.1, which allows multiple HTTP requests to be sent over a single TCP connection without waiting for the corresponding...
provider displaying the error message of "DEPLOYMENT DISABLED" and the HTTP451 status code, meaning "Unavailable For Legal Reasons".[better source needed]...
HTTP persistent connection, also called HTTP keep-alive, or HTTP connection reuse, is the idea of using a single TCP connection to send and receive multiple...
HTTP compression is a capability that can be built into web servers and web clients to improve transfer speed and bandwidth utilization. HTTP data is...
The ETag or entity tag is part of HTTP, the protocol for the World Wide Web. It is one of several mechanisms that HTTP provides for Web cache validation...
The HTTP response status code 303 See Other is a way to redirect web applications to a new URI, particularly after a HTTP POST has been performed, since...
(XHR) is an API in the form of a JavaScript object whose methods transmit HTTP requests from a web browser to a web server. The methods allow a browser-based...
The HTTP Location header field is returned in responses from an HTTP server under two circumstances: To ask a web browser to load a different web page...
HTTP Message Body is the data bytes transmitted in an HTTP transaction message immediately following the headers if there are any (in the case of HTTP/0...
HTTP header fields are a list of strings sent and received by both the client program and server on every HTTP request and response. These headers are...
HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically...
the HTTP protocol. This standard is obsolete since July 2011. Digest access authentication was originally specified by RFC 2069 (An Extension to HTTP: Digest...
HTTP request smuggling (HRS) is a security exploit on the HTTP protocol that takes advantage of an inconsistency between the interpretation of Content-Length...
parameter to requests through the Ajax APIs. Technological fix Do Not Track HTTP451 S. Bellovin (April 1, 2003). The Security Flag in the IPv4 Header. Network...
Global Information
