HTTP 305 Use Proxy

HTTP 305 Use Proxy indicates the requested resource must be accessed through the proxy specified in the Location header. This status code was deprecated in RFC 7231 due to security concerns — it could be exploited to redirect traffic through malicious proxies. Modern browsers ignore 305 responses entirely. It remains in the HTTP specification only for historical reference and backward compatibility documentation.

Debug HTTP 305 live
Analyze real 305 behavior — headers, caching, CORS, redirects
Open Inspector →

Try it (live endpoint)

Response includes the status code, standard headers (including Content-Type), and a small diagnostic JSON body describing the request and returned status.

Simulator URL (copy in the app after load — not a normal link):

https://httpstatus.com/api/status/305

Example request:

curl -i "https://httpstatus.com/api/status/305"
Try in playground

Meaning

DEPRECATED. Originally indicated that the requested resource must be accessed through a proxy. Deprecated in RFC 7231 due to security concerns and should not be used.

What it guarantees
  • A different URI is involved to complete the intent.
What it does NOT guarantee
  • All clients will automatically follow the redirect.
  • The redirect target is safe to cache unless headers allow it.

When to use this status

  • A resource is available at a different URI and the client should follow it.
  • Canonicalizing paths (slash, www/non-www, http→https).
  • Moving content between endpoints and updating bookmarks.

When NOT to use this status (common misuses)

Redirecting without a stable Location target.
Clients fail to follow; crawlers lose canonical signals.
Using 301/302 for non-GET methods without understanding method rewriting.
Clients can drop bodies or change methods, causing data loss and client bugs.
Redirect loops or long chains.
Crawlers waste crawl budget; clients hang; retries amplify load.

Critical headers that matter

Location
Tells clients where to go next.
Redirects fail or loop; crawlers lose canonical target.
Cache-Control
Controls whether redirects are cached.
Temporary redirects become sticky; permanent redirects never stick.
Vary
Prevents caches mixing redirect variants.
CDNs serve the wrong redirect for different hosts/headers.

Tool interpretation

Browsers
Follows Location for navigations; redirect caching can make behavior sticky. Redirect code choice affects method/body handling.
API clients
May not auto-follow; strict clients require explicit redirect handling. Incorrect redirect semantics can drop bodies or change methods.
Crawlers / SEO tools
Uses redirects for canonicalization; long chains/loops waste crawl budget and dilute signals.
Uptime monitors
Typically marks success; advanced checks may flag header anomalies or latency.
CDNs / reverse proxies
Can cache redirects; Location/Vary/Cache-Control correctness drives global consistency.

Inspector preview (read-only)

On this code, Inspector focuses on semantics, headers, and correctness warnings that commonly affect clients and caches.

Signals it will highlight
  • Status semantics vs method and body expectations
  • Header sanity (Content-Type, Cache-Control, Vary) and evidence completeness
  • Redirect chain length, loops, Location presence, protocol safety
Correctness warnings
No common correctness warnings are specific to this code.

Guided Lab outcome

  • Reproduce HTTP 305 Use Proxy using a controlled endpoint and capture the full exchange.
  • Practice distinguishing status semantics from transport issues (redirects, caching, proxies).
  • Validate redirect correctness (Location, hop count, protocol safety) and SEO impact.

Technical deep dive

305 Use Proxy was originally defined in RFC 2616 to allow servers to direct clients to a specific proxy for accessing a resource. The Location header would contain the proxy's URL. However, this created a significant security vulnerability: any HTTP response could redirect all future requests through an attacker-controlled proxy, enabling man-in-the-middle attacks. RFC 7231 deprecated it with 'has been deprecated due to security concerns regarding in-band configuration of a proxy.' Browsers that once supported it (early IE, Netscape) removed support. No modern browser or HTTP client honors 305 responses.

Real-world examples

Common 305 Use Proxy scenario 1
When a server returns 305 Use Proxy, it signals specific behavior that clients and intermediaries must handle correctly. For example, in web applications, this status is commonly encountered during URL routing, content negotiation, or resource management operations.
CDN and proxy behavior with 305
CDNs and reverse proxies handle 305 Use Proxy according to their configuration. The caching and forwarding behavior depends on whether the status is cacheable by default (per RFC 7231) and the presence of Cache-Control headers. Misconfigured intermediaries can cause redirect loops or cache stale redirects.
API design with 305 Use Proxy
In RESTful API design, 305 Use Proxy serves a specific semantic purpose. API gateways may intercept and modify these responses for versioning, rate limiting, or traffic management. Understanding when to use 305 versus similar status codes is critical for correct client behavior.

Framework behavior

Express.js (Node)
Express: res.redirect(305, 'https://new-url.com'). For 301/308 permanent: ensure the Location header is correct as browsers may cache it permanently.
Django / DRF (Python)
Django: return HttpResponseRedirect('/new-url/', status=305) or use the shortcut redirect() with permanent parameter for 301/308.
Spring Boot (Java)
Spring: return ResponseEntity.status(305).header("Location", "/new-url").build(). Spring's RedirectView can be configured with specific status codes.
FastAPI (Python)
FastAPI: return RedirectResponse(url='/new-url', status_code=305). For API redirects, ensure the client follows redirects with method preservation when using 307/308.

Debugging guide

  1. Check the Location header value — typos or relative URLs in Location can cause redirect loops or 404s
  2. Verify caching behavior: NOT cacheable by default — check Cache-Control headers
  3. Test with curl -v -L to follow redirects and see the full chain
  4. Check for redirect chains — each hop adds latency; aim for direct redirects
  5. Monitor for method preservation — 305 must keep the original method

Code snippets

Node.js
app.get('/old-path', (req, res) => {
  res.redirect(305, '/new-path');
});
Python
from fastapi.responses import RedirectResponse

@app.get('/old-path')
async def old_path():
    return RedirectResponse('/new-path', status_code=305)
Java (Spring)
@GetMapping("/old-path")
public ResponseEntity<Void> oldPath() {
    return ResponseEntity.status(305)
        .header("Location", "/new-path")
        .build();
}
Go
func oldPathHandler(w http.ResponseWriter, r *http.Request) {
	http.Redirect(w, r, "/new-path", 305)
}

FAQ

When should I use 305 Use Proxy vs other redirect codes?
305 Use Proxy is temporary and has specific semantics. Choose based on permanence (will the redirect stay?) and method preservation (does POST need to stay POST?).
How do search engines handle 305 Use Proxy?
Search engines have minimal interaction with this status code.
Is 305 Use Proxy cacheable?
305 has special caching considerations depending on the implementation.
What are common pitfalls with 305 Use Proxy?
Common issues include: redirect loops (A→B→A), missing Location header, relative vs absolute URLs in Location, browser compatibility issues, and excessive redirect chains that add latency.

Client expectation contract

Client can assume
  • A different URI is involved; Location may be required.
Client must NOT assume
  • Redirects will be followed automatically by all clients.
Retry behavior
Retries are generally unnecessary; treat as final unless domain rules require revalidation.
Monitoring classification
Redirect (policy-dependent)
Validate Location, caching headers, and chain behavior. Redirect loops/chains should alert.

Related status codes

304 Not Modified
Indicates that the resource has not been modified since the version specified by the request headers (If-None-Match or If-Modified-Since). The client should use its cached copy.
307 Temporary Redirect
The URL of the requested resource has been changed temporarily.

Explore more

Related tools
Related utilities