Internet Engineering Task Force (IETF) J. Reschke
Request for Comments: 7538 greenbytes
Obsoletes: 7238 April 2015
Category: Standards Track
The Hypertext Transfer Protocol Status Code 308 (Permanent Redirect)
This document specifies the additional Hypertext Transfer Protocol
(HTTP) status code 308 (Permanent Redirect).
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
3. 308 Permanent Redirect
The 308 (Permanent Redirect) status code indicates that the target
resource has been assigned a new permanent URI and any future
references to this resource ought to use one of the enclosed URIs.
Clients with link editing capabilities ought to automatically re-link
references to the effective request URI (Section 5.5 of [RFC7230]) to
one or more of the new references sent by the server, where possible.
The server SHOULD generate a Location header field ([RFC7231],
Section 7.1.2) in the response containing a preferred URI reference
for the new permanent URI. The user agent MAY use the Location field
value for automatic redirection. The server's response payload
usually contains a short hypertext note with a hyperlink to the new
A 308 response is cacheable by default; i.e., unless otherwise
indicated by the method definition or explicit cache controls (see
[RFC7234], Section 4.2.2).
Note: This status code is similar to 301 (Moved Permanently)
([RFC7231], Section 6.4.2), except that it does not allow changing
the request method from POST to GET.
4. Deployment Considerations
Section 6 of [RFC7231] requires recipients to treat unknown 3xx
status codes the same way as status code 300 (Multiple Choices)
([RFC7231], Section 6.4.1). Thus, servers will not be able to rely
on automatic redirection happening similar to status codes 301, 302,
Therefore, the use of status code 308 is restricted to cases where
the server has sufficient confidence in the client's understanding
the new code or when a fallback to the semantics of status code 300
is not problematic. Server implementers are advised not to vary the
status code based on characteristics of the request, such as the
User-Agent header field ("User-Agent Sniffing") -- doing so usually
results in code that is both hard to maintain and hard to debug and
would also require special attention to caching (i.e., setting a
"Vary" response header field, as defined in Section 7.1.4 of
Note that many existing HTML-based user agents will emulate a refresh
when encountering an HTML <meta> refresh directive ([HTML],
Section 18.104.22.168). This can be used as another fallback. For
GET / HTTP/1.1
HTTP/1.1 308 Permanent Redirect
Content-Type: text/html; charset=UTF-8
The document has been moved to
5. Security Considerations
All security considerations that apply to HTTP redirects apply to the
308 status code as well (see Section 9 of [RFC7231]).
Unsecured communication over the Internet is subject to man-in-the-
middle modification of messages, including changing status codes or
redirect targets. Use of Transport Layer Security (TLS) is one way
to mitigate those attacks. See Section 9 of [RFC7230] for related
attacks on authority and message integrity.
The definition for the new status code 308 reuses text from the
HTTP/1.1 definitions of status codes 301 and 307.
Furthermore, thanks to Ben Campbell, Cyrus Daboo, Adrian Farrell,
Eran Hammer-Lahav, Bjoern Hoehrmann, Barry Leiba, Subramanian
Moonesamy, Kathleen Moriarty, Peter Saint-Andre, Robert Sparks, and
Roy Fielding for feedback on this document.
Julian F. Reschke
Muenster, NW 48155