| RFC 9745 | The Deprecation HTTP Response Header Fie | March 2025 |
| Dalal & Wilde | Standards Track | [Page] |
The Deprecation HTTP response header field is used to signal to consumers of a resource (identified by a URI) that the resource will be or has been deprecated. Additionally, thedeprecation link relation can be used to link to a resource that provides further information about planned or existing deprecation. It may also provide ways in which client application developers can best manage deprecation.¶
This is an Internet Standards Track document.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained athttps://www.rfc-editor.org/info/rfc9745.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Deprecation of an HTTP resource (Section 3.1 of [HTTP]) communicates information about the lifecycle of a resource. It encourages client applications to migrate away from the resource, discourages applications from forming new dependencies on the resource, and informs applications about the risk of continued dependence upon the resource.¶
The act of deprecation does not change any behavior of the resource. It informs client applications of the fact that a resource will be or has been deprecated. The Deprecation HTTP response header field can be used to convey this information at runtime and indicate when the deprecation will be in effect.¶
In addition to theDeprecation header field, the resource provider can use other header fields such as theLink header field[LINK] to convey additional information related to deprecation. This can be information such as where to find documentation related to the deprecation, what can be used as a replacement, and when a deprecated resource becomes non-operational.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14[RFC2119][RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document uses "Structured Field Values for HTTP"[RFC9651] to specify syntax and parsing of date values.¶
The term "resource" is to be interpreted as defined inSection 3.1 of [HTTP].¶
TheDeprecation HTTP response header field allows a server to communicate to a client application that the resource in the context of the message will be or has been deprecated.¶
TheDeprecation HTTP response header field describes the deprecation of the resource identified with the response it occurred within (seeSection 6.4.2 of [HTTP]). It conveys the deprecation date, which may be in the future (the resource in context will be deprecated at that date) or in the past (the resource in context was deprecated at that date).¶
Deprecation is an Item Structured Header Field; its valueMUST be a Date as perSection 3.3.7 of [RFC9651].¶
The following example shows that the resource in context was deprecated on Friday, June 30, 2023 at 23:59:59 UTC:¶
Deprecation: @1688169599¶
TheDeprecation header field applies to the resource identified with the response it occurred within (seeSection 6.4.2 of [HTTP]), meaning that it announces the upcoming deprecation of that specific resource. However, there may be scenarios where the scope of the announced deprecation is larger than just the single resource where it appears.¶
Resources are free to define such an increased scope, and usually this scope will be documented by the resource so that consumers of the resource know about the increased scope and can behave accordingly. When doing so, it is important to take into account that such increased scoping is invisible for consumers who are unaware of the increased scoping rules. This means that these consumers will not be aware of the increased scope, and they will not interpret deprecation-related information differently from its standard meaning (i.e., it applies to the resource only).¶
Using such an increased scope still may make sense, as deprecation-related information is only a hint anyway. It is optional information that cannot be depended on, and client applications should always be implemented in ways that allow them to function without deprecation-related information. Increased scope information may help client application developers to glean additional hints from related resources and thus might allow them to implement behavior that enables them to make educated guesses about resources becoming deprecated.¶
For example, an API might not useDeprecation header fields on all of its resources but only on designated resources such as the API's home document. This means that deprecation-related information is available, but in order to get it, client application developers have to periodically inspect the home document. In this example, the extended context of theDeprecation header field would be all resources provided by the API, while the visibility of the information would only be on the home document.¶
Deprecation Link Relation TypeIn addition to the Deprecation HTTP response header field, the server can use links with thedeprecation link relation type to communicate to the client application developer where to find more information about deprecation of the context. This can happen before the actual deprecation to make a deprecation policy discoverable or after deprecation when there may be documentation about the deprecation and how to manage it.¶
This specification places no restrictions on the representation of the linked deprecation policy. In particular, the deprecation policy may be available as human-readable documentation or as a machine-readable description.¶
The purpose of theDeprecation header field is to provide a hint about deprecation to the resource consumer. Upon reception of theDeprecation header field, the client application developer can look up the resource's documentation in order to find deprecation-related information. The documentationMAY provide a guide and timeline for migrating away from the deprecated resource to a new resource(s) that replaces the deprecated resource, if applicable. The resource provider can provide a link to the resource's documentation using aLink header field with the relation typedeprecation as shown below:¶
Link: <https://developer.example.com/deprecation>; rel="deprecation"; type="text/html"¶
In this example, the linked content provides additional information aboutdeprecation of the resource in context. There is noDeprecation header field inthe response; thus, the resource is not (yet) deprecated. However, theresource already exposes a link where information describing how deprecationis managed for the resource is available. This may be the documentationexplaining the circumstances in which deprecation might take place and thedeprecation policies. For example, a policy may indicate that deprecation ofa resource(s) will always be signaled in the dedicated places at least N daysahead of the planned deprecation date and then the resource(s) would bedeprecated on the planned date. Or a policy may indicate that the resource(s)would be deprecated first and then be signaled as deprecated at dedicatedplaces. The documentation, in addition to the deprecation policy, may alsoprovide a migration guide explaining to consumers of the resource how tomigrate to a new or alternate resource(s) before the deprecation date. Suchpolicy and documentation would be very useful to consumers of the resource toplan ahead and migrate successfully.¶
The following example uses the sameLink header field but also announces a deprecation date using aDeprecation header field:¶
Deprecation: @1688169599Link: <https://developer.example.com/deprecation>; rel="deprecation"; type="text/html"¶
Given that the deprecation date is in the past, the linked information resource may have been updated to include information about the deprecation, allowing consumers to discover information about the deprecation and how to best manage it.¶
In addition to the deprecation-related information, if the resource provider wants to convey to the client application that the deprecated resource is expected to become unresponsive at a specific point in time, theSunset HTTP header field[RFC8594] can be used in addition to theDeprecation header field.¶
The timestamp given in theSunset HTTP header fieldMUST NOT be earlier than the one given in theDeprecation header field. If that happens (for example, due to misconfiguration of deployment of the resource or an error), the client application developerSHOULD consult the resource developer to get clarification.¶
The following example shows that the resource in context was deprecated on Friday, June 30, 2023 at 23:59:59 UTC and its sunset date is Sunday, June 30, 2024 at 23:59:59 UTC. Please note that for historical reasons theSunset HTTP header field uses a different data format for date.¶
Deprecation: @1688169599Sunset: Sun, 30 Jun 2024 23:59:59 UTC¶
The act of deprecation does not change any behavior of the resource. The presence of aDeprecation header field in a response is not meant to signal a change in the meaning or function of a resource in the context; consumers can still use the resource in the same way as they did before the resource was declared deprecated.¶
TheDeprecation HTTP response header field has been added to the "Hypertext Transfer Protocol (HTTP) Field Name Registry" (Section 16.3.1 of [HTTP]) as follows:¶
Deprecation Link Relation TypeThedeprecation link relation type has been added to the "Link Relation Types" registry (Section 4.2 of [LINK]) as follows:¶
TheDeprecation header field should be treated as a hint, meaning that the resource is indicating (but not guaranteeing with certainty) that it will be or has been deprecated. Deprecated resources function as they would have without sending theDeprecation header field, even though non-functional details may be affected (e.g., they have less efficiency and longer response times).¶
The resource's documentation should provide additional information about the deprecation, such as recommendations for replacement. Developers of client applications consuming the resourceSHOULD always check the referred resource's documentation to verify authenticity and accuracy. In cases where aLink header field is used to provide documentation, one should assume (unless served over HTTPS) that the content of theLink header field may not be secure, private, or integrity-guaranteed, so due caution should be exercised when using it (seeSection 5 of [LINK] for more details). In cases where theDeprecation header field value is in the past, the client application developersMUST no longer assume that the behavior of the resource will remain the same as before the deprecation date. In cases where theDeprecation header field value is a date in the future, it informs client application developers about the effective date in the future for deprecation. Therefore, client application developers consuming the resourceSHOULD, if possible, consult the resource developer to discuss potential impact due to deprecation and plan for possible transition to a recommended resource(s).¶
The authors would like to thankNikhil Kolekar,Darrel Miller,Mark Nottingham, andRoberto Polli for their contributions.¶
The authors take all responsibility for errors and omissions.¶