421 Misdirected Request
Request was directed at a server that is not able to produce a response.
Usually happens because:
- ☑ HTTP/2 connection reuse mismatch where
- ☑ Client browser sending requests to
🔍 Quick Checklist:
Meaning
The HTTP 421 Misdirected Request client error status code indicates that the request was directed at a server that is not able to produce a response. This can be sent by a server that is not configured to produce responses for the combination of scheme and authority that are included in the request URI.
Root Causes
- HTTP/2 connection reuse mismatch where DNS maps multiple hosts to the same IP but the server TLS certificate doesn't cover all domains.
- Client browser sending requests to wrong virtual host configurations.
| Cause | Frequency |
|---|---|
| HTTP/2 connection reuse mismatch where | ⭐⭐⭐⭐⭐ |
| Client browser sending requests to | ⭐⭐⭐⭐ |
Common Mistakes
- Using wildcards certificates incorrectly across distinct IP nodes.
- Assuming client browsers will never reuse HTTP/2 socket connections for different domains on same IPs.
How to Fix
Framework-Specific Examples
Express router returning 421 for hostname mismatches.
app.use((req, res, next) => {
if (req.hostname !== 'expected-domain.com') {
return res.status(421).send('Misdirected Request');
}
next();
});Server Configuration Examples
Configuring Nginx to handle host mismatches in HTTP/2.
server {
listen 443 ssl http2;
server_name expected.com;
# Nginx returns 421 automatically if HTTP/2 connection reuse fails SSL matching
}Prevention
- Keep server SAN certificates fully updated to list all mapped hostnames.
- Verify SNI configurations.
Frequently Asked Questions (FAQ)
Q: What is the main trigger of a 421 Misdirected Request?
It is almost always triggered by HTTP/2 or HTTP/3 connection reuse, when a browser tries to reuse an active TCP connection to load a different domain that is hosted on the same server IP but isn't covered by the server's TLS certificate.
Q: How do browsers react to a 421 response?
Browsers automatically close the reused TCP connection, establish a brand-new TCP socket for the second domain, and retry the request.
Q: Does 421 happen in HTTP/1.1?
No. HTTP/1.1 doesn't support request multiplexing or connection reuse across different hostnames on a single socket, making 421 obsolete for HTTP/1.1.
Q: Is 421 cacheable?
No. The 421 Misdirected Request status code is not cacheable by default.