HTTP 451

Last updated September 27, 2023

In computer networking, HTTP 451 Unavailable For Legal Reasons is a proposed standard error status code of the HTTP protocol to be displayed when the user requests a resource which cannot be served for legal reasons, such as a web page censored by a government. The number 451 is a reference to Ray Bradbury's 1953 dystopian novel Fahrenheit 451 , in which books are outlawed.^[2] 451 provides more information than HTTP 403, which is often used for the same purpose.^[3] This status code is currently a proposed standard in RFC 7725 but is not yet formally a part of HTTP, as of RFC 9110.

The RFC is specific that a 451 response does not indicate whether the resource exists but requests for it have been blocked, if the resource has been removed for legal reasons and no longer exists, or even if the resource has never existed, but any discussion of its topic has been legally forbidden (see injunction).^[7] Some sites have previously returned HTTP 404 (missing) or similar if they are not legally permitted to disclose that the resource has been removed. It is used in the United Kingdom by some Internet service providers utilising the Internet Watch Foundation blacklist, returning a 404 message or another error message instead of showing a message indicating the site is blocked.^[8]^[9]

The status code was formally proposed in 2013 by Tim Bray, following earlier informal proposals by Chris Applegate^[10] in 2008 and Terence Eden ^[11] in 2012. It was approved by the IETF on December 18, 2015.^[12] It was published as in the Proposed Standard RFC 7725 in February 2016.

HTTP 451 was mentioned by the BBC's From Our Own Correspondent programme, as an indication of the effects of sanctions on Sudan and the inability to access Airbnb, the App Store, or other Western web services.^[13]

Usage

When an entity intercepts the request and returns status 451, it should include a "Link" HTTP header field whose value is a URI reference identifying itself. The "Link" header field must then have a "rel" parameter whose value is "blocked-by". This is intended to identify the entity implementing the blocking (an ISP, DNS provider, caching system, etc.), not the legal authority mandating the block.^[14] At an IETF hackathon, participants used a web crawler to discover that several implementations misunderstood this header and gave the legal authority instead.^[15]

Additional uses

The meaning of "a resource which cannot be served for legal reasons" has been interpreted to extend beyond government censorship:

When content cannot be shown in the user's country, due to contractual or licensing restrictions with the content owner, for example, a TV program may not be available to users in some countries.
When a publisher refuses to serve content to a user, because the user's country adds regulatory requirements that the publisher refuses to comply with, e.g. websites based outside of the EU may refuse to serve users in the EU because they do not want to comply with the GDPR.

Example

HTTP/1.1451Unavailable For Legal ReasonsLink:<https://search.example.net/legal>; rel="blocked-by"Content-Type:text/html<html><head><title>Unavailable For Legal Reasons</title></head><body><h1>Unavailable For Legal Reasons</h1><p>This request may not be serviced in the Roman Province   of Judea due to the Lex Julia Majestatis, which disallows   access to resources hosted on servers deemed to be   operated by the People's Front of Judea.</p></body></html>

Related Research Articles

Electronic mail is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.

A Uniform Resource Identifier (URI) is a unique sequence of characters that identifies a logical or physical resource used by web technologies. URIs may be used to identify anything, including real-world objects, such as people and places, concepts, or information resources such as web pages and books. Some URIs provide a means of locating and retrieving information resources on a network ; these are Uniform Resource Locators (URLs). A URL provides the location of the resource. A URI identifies the resource by name at the specified location or URL. Other URIs provide only a unique name, without a means of locating or retrieving the resource or information about it, these are Uniform Resource Names (URNs). The web technologies that use URIs are not limited to web browsers. URIs are used to identify anything described using the Resource Description Framework (RDF), for example, concepts that are part of an ontology defined using the Web Ontology Language (OWL), and people who are described using the Friend of a Friend vocabulary would each have an individual URI.

A web server is computer software and underlying hardware that accepts requests via HTTP or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiates communication by making a request for a web page or other resource using HTTP, and the server responds with the content of that resource or an error message. A web server can also accept and store resources sent from the user agent if configured to do so.

In computer network communications, the HTTP 404, 404 not found, 404, 404 error, page not found, or file not found error message is a hypertext transfer protocol (HTTP) standard response code, to indicate that the browser was able to communicate with a given server, but the server could not find what was requested. The error may also be used when a server does not wish to disclose whether it has the requested information.

URL redirection, also called URL forwarding, is a World Wide Web technique for making a web page available under more than one URL address. When a web browser attempts to open a URL that has been redirected, a page with a different URL is opened. Similarly, domain redirection or domain forwarding is when all pages in a URL domain are redirected to a different domain, as when wikipedia.com and wikipedia.net are automatically redirected to wikipedia.org.

Web standards are the formal, non-proprietary standards and other technical specifications that define and describe aspects of the World Wide Web. In recent years, the term has been more frequently associated with the trend of endorsing a set of standardized best practices for building web sites, and a philosophy of web design and development that includes those methods.

In computing, syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the type of system generating the message, and is assigned a severity level.

In HTTP, "Referer" is an optional HTTP header field that identifies the address of the web page, from which the resource has been requested. By checking the referrer, the server providing the new web page can see where the request originated.

HTTP 403 is an HTTP status code meaning access to the requested resource is forbidden. The server understood the request, but will not fulfill it, if it was correct.

HTTP Status Code 402, also known as "Payment Required," is a standard response status code in the Hypertext Transfer Protocol (HTTP). It is part of the HTTP/1.1 protocol defined by the Internet Engineering Task Force (IETF) in the RFC 7231 specification.

The HTTP Location header field is returned in responses from an HTTP server under two circumstances:

To ask a web browser to load a different web page. In this circumstance, the Location header should be sent with an HTTP status code of 3xx. It is passed as part of the response by a web server when the requested URI has:
To provide information about the location of a newly created resource. In this circumstance, the Location header should be sent with an HTTP status code of 201 or 202.

HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. HSTS is an IETF standards track protocol and is specified in RFC 6797.

<span class="mw-page-title-main">WebSocket</span> Computer network protocol

WebSocket is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. The WebSocket protocol was standardized by the IETF as RFC 6455 in 2011. The current API specification allowing web applications to use this protocol is known as WebSockets. It is a living standard maintained by the WHATWG and a successor to The WebSocket API from the W3C.

Constrained Application Protocol (CoAP) is a specialized Internet application protocol for constrained devices, as defined in RFC 7252. It enables those constrained devices called "nodes" to communicate with the wider Internet using similar protocols. CoAP is designed for use between devices on the same constrained network, between devices and general nodes on the Internet, and between devices on different constrained networks both joined by an internet. CoAP is also being used via other mechanisms, such as SMS on mobile communication networks.

The Session Initiation Protocol (SIP) is the signaling protocol selected by the 3rd Generation Partnership Project (3GPP) to create and control multimedia sessions with multiple participants in the IP Multimedia Subsystem (IMS). It is therefore a key element in the IMS framework.

In computing, the PATCH method is a request method in HTTP for making partial changes to an existing resource. The PATCH method provides an entity containing a list of changes to be applied to the resource requested using the HTTP Uniform Resource Identifier (URI). The list of changes are supplied in the form of a PATCH document. If the requested resource does not exist then the server may create the resource depending on the PATCH document media type and permissions. The changes described in the PATCH document must be semantically well defined but can have a different media type than the resource being patched. Languages such as XML or JSON can be used in describing the changes in the PATCH document.

References

↑ "Attorney General Shapiro, Governor Wolf, State Police Successfully Block Access to 3D Downloadable Guns in Pennsylvania" (Press release). Pennsylvania Office of Attorney General. 29 July 2018.
↑ Flood, Alison (22 June 2012). "Call for Ray Bradbury to be honoured with internet error message". The Guardian . Retrieved 22 June 2012.
↑ Ducklin, Paul (19 August 2013). "HTTP error code 451: "Unavailable For Legal Reasons"". Naked Security. Sophos.
↑ Matt Burgess (29 August 2018). "The tyranny of GDPR popups and the websites failing to adapt". WIRED. Retrieved 1 October 2018.
↑ "More than 1,000 U.S. News sites are still unavailable in Europe, two months after GDPR took effect". www.niemanlab.org.
↑ "Major US news sites are still blocking Europeans due to GDPR". Engadget . Retrieved 27 July 2023.
↑ Bray, Tim (February 2016). "451 Unavailable For Legal Reasons". An HTTP Status Code to Report Legal Obstacles. sec. 3. doi: 10.17487/RFC7725 . RFC 7725.
↑ "Cleanfeed". ORG Wiki. Open Rights Group. If the request is for the blocked content then the proxy server will return a 404 error page to the customer
↑ Arthur, Charles (8 December 2008). "How the IWF blacklist stops you seeing the Scorpions' album cover". Technology blog, The Guardian . TCP Reset is sent back to the customer instead of content.
↑ Applegate, Chris (9 December 2008). "There is no HTTP code for censorship". qwghlm.co.uk. Retrieved 23 December 2015.
↑ Byrne, Michael (21 December 2015). "The HTTP 451 Error Code for Censorship Is Now an Internet Standard". Vice . Retrieved 3 July 2020.
↑ Nottingham, Mark (18 December 2015). "Why 451?". mnot’s blog. Retrieved 20 December 2015.
↑ Sally Hayden (28 September 2017). From Our Own Correspondent (radio). BBC Radio 4.
↑ Bray, Tim (February 2016). "Identifying Blocking Entities". An HTTP Status Code to Report Legal Obstacles. sec. 4. doi: 10.17487/RFC7725 . RFC 7725.
↑ Stéphane Bortzmeyer (11 November 2017). "RFC Errata Report". IETF Tools. Retrieved 3 December 2018.

External links

Media related to HTTP 451 at Wikimedia Commons

RFC 7725 – An HTTP Status Code to Report Legal Obstacles

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Attorney General Shapiro, Governor Wolf, State Police Successfully Block Access to 3D Downloadable Guns in Pennsylvania" (Press release). Pennsylvania Office of Attorney General. 29 July 2018.

[2] Flood, Alison (22 June 2012). "Call for Ray Bradbury to be honoured with internet error message". The Guardian . Retrieved 22 June 2012.

[3] Ducklin, Paul (19 August 2013). "HTTP error code 451: "Unavailable For Legal Reasons"". Naked Security. Sophos.

[4] Matt Burgess (29 August 2018). "The tyranny of GDPR popups and the websites failing to adapt". WIRED. Retrieved 1 October 2018.

[5] "More than 1,000 U.S. News sites are still unavailable in Europe, two months after GDPR took effect". www.niemanlab.org.

[6] "Major US news sites are still blocking Europeans due to GDPR". Engadget . Retrieved 27 July 2023.

[7] Bray, Tim (February 2016). "451 Unavailable For Legal Reasons". An HTTP Status Code to Report Legal Obstacles. sec. 3. doi: 10.17487/RFC7725 . RFC 7725.

[8] "Cleanfeed". ORG Wiki. Open Rights Group. If the request is for the blocked content then the proxy server will return a 404 error page to the customer

[9] Arthur, Charles (8 December 2008). "How the IWF blacklist stops you seeing the Scorpions' album cover". Technology blog, The Guardian . TCP Reset is sent back to the customer instead of content.

[Applegate-10] Applegate, Chris (9 December 2008). "There is no HTTP code for censorship". qwghlm.co.uk. Retrieved 23 December 2015.

[Byrne-11] Byrne, Michael (21 December 2015). "The HTTP 451 Error Code for Censorship Is Now an Internet Standard". Vice . Retrieved 3 July 2020.

[12] Nottingham, Mark (18 December 2015). "Why 451?". mnot’s blog. Retrieved 20 December 2015.

[13] Sally Hayden (28 September 2017). From Our Own Correspondent (radio). BBC Radio 4.

[14] Bray, Tim (February 2016). "Identifying Blocking Entities". An HTTP Status Code to Report Legal Obstacles. sec. 4. doi: 10.17487/RFC7725 . RFC 7725.

[15] Stéphane Bortzmeyer (11 November 2017). "RFC Errata Report". IETF Tools. Retrieved 3 December 2018.

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]