Panel Discussion: API Security in DevSecOps. Register Now

Panel Discussion: API Security in DevSecOps. Register Now

Panel Discussion: API Security in DevSecOps. Register Now

/

/

307 Status Code - Temporary Redirect

307 Status Code - Temporary Redirect

307 Status Code
307 Status Code
307 Status Code

Luke Stephens

Luke Stephens

Luke Stephens

What is 307 HTTP Status Code

The HTTP Status Code 307, known as "Temporary Redirect", is a redirection response status code. It indicates that the client must send its request to a different location, but future requests should still use the original URI. This redirection is only temporary. Notably 307 Temporary Redirect ensures that the method and the body of the original request are preserved when the redirection is followed.

307 Status code

Understanding 307 Temporary Redirect

  • Temporary Redirection: The 307 Temporary Redirect response code communicates that the resource the client is seeking has been temporarily relocated to another URI, but this change isn't permanent.

HTTP/1.1 307 Temporary Redirect
  • Location Header: This header typically accompanies the 307 Temporary Redirect status code, indicating the temporary URI where the requested resource can currently be accessed.

Location: <https://www.example.com/temporary-location>

Why 307 Temporary Redirect?

The 307 Temporary Redirect is especially useful when there's a need for temporary redirection without altering the request method or body. This can be beneficial during server maintenance or when a resource is temporarily available under a different URI.

Location: https://www.example.com/temporary-location

Characteristics of 307 Temporary Redirect

  • Method Preservation: Unlike some other redirects, the 307 Temporary Redirect ensures that the HTTP method (like GET, POST, PUT, etc.) remains the same when the client follows the redirect. For example, if the original request was a POST, the redirected request will also be a POST.

  • Temporary Nature: This code is used for temporary redirections only. Clients should continue to use the original URI for future requests.

How does 307 Temporary Redirect Work?

  1. Client Sends a Request:

    The client sends a request to a specific resource on the server using a URL.

POST /submit-data HTTP/1.1
Host: www.example.com
  1. Server Sends a Response:

    The server determines that the resource has been temporarily moved and returns a 307 Temporary Redirect response, along with a Location header pointing to the new URI.

HTTP/1.1 307 Temporary Redirect
Location: https://www.example.com/temporary-submit-location

Components of a 307 Temporary Redirect Response

In a 307 Temporary Redirect response, you'll often find:

  • Status Line: Indicating the 307 Temporary Redirect status code.

HTTP/1.1 307 Temporary Redirect
  • Headers: The Location header is crucial, signaling the new temporary URI where the resource can be accessed.

Example of 307 Temporary Redirect

Suppose a bank customer tries to access their account statement through the bank's web application. However, due to server maintenance or updates, the specific page for account statements has been temporarily moved to another URL. When the customer clicks on the link to view their statement, the server responds with a 307 http status code, along with a Location header pointing to the new, temporary URL where the account statements can be accessed.

Form Submission during Maintenance:

GET /account-statements HTTP/1.1
Host: www.bankexample.com

Response:

HTTP/1.1 307 Temporary Redirect
Location: https://www.bankexample.com/temporary-account-statements

The client (bank customer) sends a GET request to access their account statements.

  • The server, due to ongoing maintenance, responds with a 307 status code, indicating a temporary redirect.

  • The Location header specifies the temporary URL where the account statements can be accessed during this period.

  • Once the maintenance is over, the server will stop sending the 307 redirect, and the original URL will serve the account statements again.

This ensures that the customer's request is seamlessly redirected to the correct page without any disruption in their experience, and without changing the nature of their original request (like keeping it a GET request). Once the maintenance is completed, the redirect will be removed, and requests will again be served from the original URL.

Use Cases of 307 Redirect

  1. E-Commerce Site Maintenance: During website updates, an e-commerce site might use a 307 redirect to temporarily send customers from a product page to a maintenance notice page, ensuring they know when to come back for purchases.

  2. Form Submission During Backend Changes: If a website is updating its data processing backend, a 307 redirect can temporarily redirect form submissions to a different server or endpoint, ensuring that user submissions are not lost and are processed correctly.

  3. A/B Testing: For conducting A/B tests on a webpage, a 307 redirect can temporarily route some users to a new page version while keeping the original page intact for others, facilitating real-time comparison and testing.

  4. Load Balancing: During periods of high traffic, a server might use 307 redirects to distribute requests among multiple servers, ensuring the site remains responsive and available.

  5. Temporary Content Relocation: If a content section of a website (like a blog or news page) is being redesigned, a 307 redirect can temporarily send users to an alternate page, allowing access to the content while the main page is under construction.

  6. Geolocation-based Redirection: For sites that have region-specific content or language versions, a 307 redirect can temporarily redirect users to the appropriate regional version based on their location, without changing the original URL's association with the global content.

Conclusion

The 307 Temporary Redirect status code serves a unique role in the HTTP status code family by ensuring that temporary redirections retain the integrity of the original request. It's particularly valuable when you want to temporarily move a resource without altering the request's nature.

Learn about other codes in 3xx family of HTTP status codes such as 301 Status Code, 304 Status Code and 302 Status Code.

On this page

Title

Protect your APIs from attacks now

Protect your APIs from attacks now

Protect your APIs from attacks now

Explore more from Akto

Blog

Be updated about everything related to API Security, new API vulnerabilities, industry news and product updates.

Events

Browse and register for upcoming sessions or catch up on what you missed with exclusive recordings

CVE Database

Find out everything about latest API CVE in popular products

Test Library

Discover and find tests from Akto's 100+ API Security test library. Choose your template or add a new template to start your API Security testing.

Documentation

Check out Akto's product documentation for all information related to features and how to use them.