| HTTP |
|---|
 |
| Request methods |
| Header fields |
| Response status codes |
| Security access control methods |
| Security vulnerabilities |
InHTTP, the451response status code indicates that a request cannot be satisfied for legal reasons, such as a web page censored by a government. The code value refers toRay Bradbury's 1953dystopian novelFahrenheit 451, in which books are outlawed.[2] 451 provides more information thanHTTP 403, which is often used for the same purpose.[3] This status code is currently a proposed standard inRFC 7725, which updated the IANA HTTP Status Codes Registry to include 451.[4]
Examples of situations where an 451 could be used include web pages deemed a danger to national security, or web pages deemed to violate copyright, privacy,blasphemy laws, or any other law or court order.
After introduction of theGeneral Data Protection Regulation (GDPR) in theEuropean Economic Area (EEA) it became common practice for websites located outside the EEA to respond with 451 to EEA visitors instead of trying to comply with this new privacy law. For instance, many regional U.S. news sites no longer serve web browsers from the EU.[5][6][7]
The RFC is specific that a 451 response does not indicate whether the resource exists but requests for it have been blocked, if the resource has been removed for legal reasons and no longer exists, or even if the resource has never existed, but any discussion of its topic has been legally forbidden (seeinjunction).[8] Some sites have previously returnedHTTP 404 (missing) or similar if they are not legally permitted to disclose that the resource has been removed. It is used in theUnited Kingdom by someInternet service providers utilising theInternet Watch Foundation blacklist, returning a 404 message or another error message instead of showing a message indicating the site is blocked.[9][10]
The status code was formally proposed in 2013 byTim Bray, following earlier informal proposals by Chris Applegate[11] in 2008 andTerence Eden[12] in 2012. It was approved by theInternet Engineering Task Force (IETF) on 18 December 2015.[13] It was published as in the Proposed StandardRFC 7725 in February 2016.
HTTP 451 was mentioned by the BBC'sFrom Our Own Correspondent programme, as an indication of the effects of sanctions onSudan and the inability to accessAirbnb, theApp Store, or other Western web services.[14]
.png)
When an entity intercepts the request and returns status 451, it should include a "Link" HTTP header field whose value is a URI reference identifying itself. The "Link" header field must then have a "rel" parameter whose value is "blocked-by". This is intended to identify the entity implementing the blocking (an ISP, DNS provider, caching system, etc.), not the legal authority mandating the block.[15] At an IETF hackathon, participants used a web crawler to discover that several implementations misunderstood this header and gave the legal authority instead.[16]
The meaning of "a resource which cannot be served for legal reasons" has been interpreted to extend beyond government censorship:
HTTP/1.1451Unavailable For Legal ReasonsLink:<https://search.example.net/legal>; rel="blocked-by"Content-Type:text/html<html><head><title>Unavailable For Legal Reasons</title></head><body><h1>Unavailable For Legal Reasons</h1><p>This request may not be serviced in the Roman Province of Judea due to the Lex Julia Majestatis, which disallows access to resources hosted on servers deemed to be operated by the People's Front of Judea.</p></body></html>
If the request is for the blocked content then the proxy server will return a 404 error page to the customer
TCP Reset is sent back to the customer instead of content.
Media related toHTTP 451 at Wikimedia Commons