426 Upgrade Required

HTTP response status code 426 Upgrade Required is a client error returned by the server to indicate the server is unwilling to process the request using the current protocol. The server does not guarantee processing after the client upgrades, though the server is willing to do so.

Table of Contents

Usage

When the 426 Upgrade Required status code is received, the response includes an Upgrade response header field indicating the required protocol(s).

This message is related to the 101 Switching Protocols message, sent in response to the client asking the server to Upgrade the connection.

SEO impact

Search engines like Google will not index a URL with a 426 response status. Previously indexed URLs returning this status code will be removed from search results.

Example

The client requests a resource over plain HTTP and the server responds with 426 Upgrade Required because TLS is mandatory. The client switches to HTTPS and the request succeeds.

HTTP/2 and HTTP/3

HTTP/2 and HTTP/3 are negotiated through ALPN during the TLS handshake, not through the Upgrade header. The cleartext HTTP/2 upgrade mechanism (h2c) was removed from the specification. The Upgrade header applies to protocol switches such as TLS and WebSocket.

Initial request

GET /tech-news HTTP/1.1
Host: www.example.re

Initial response

HTTP/1.1 426 Upgrade Required
Upgrade: TLS/1.2
Connection: upgrade
Content-Type: text/html
Content-Length: 140

<html>
  <head>
    <title>TLS Required</title>
  </head>
  <body>
   <p>This service requires TLS.</p>
  </body>
</html>

Subsequent request over HTTPS

GET /tech-news HTTP/1.1
Host: www.example.re

Response

HTTP/1.1 200 OK
Content-Type: text/html

How to fix

Read the Upgrade header in the response to identify the required protocol. The server lists one or more acceptable protocols such as TLS/1.2, HTTP/2, HTTP/3, or websocket.

For protocol version upgrades, switch the client to the specified protocol and re-send the request. HTTP/2 and HTTP/3 use ALPN during the TLS handshake rather than the Upgrade header. For other protocols like WebSocket, include Connection: upgrade and the matching Upgrade header. The server responds with 101 Switching Protocols and the connection proceeds under the new protocol.

For WebSocket connections through nginx, configure the proxy to forward upgrade headers:

  • proxy_http_version 1.1;
  • proxy_set_header Upgrade $http_upgrade;
  • proxy_set_header Connection "upgrade";

Without these directives, nginx defaults to HTTP/1.0 for upstream connections and strips the upgrade headers, producing 426 on every WebSocket handshake attempt.

When a server enforces HTTPS, change the request URL scheme from http:// to https://. Verify TLS 1.2 or TLS 1.3 is enabled in the client or runtime environment. Older TLS versions are commonly rejected.

Update client libraries and SDKs when they lack support for the required protocol. Outdated HTTP libraries default to HTTP/1.1 and have no HTTP/2 or HTTP/3 negotiation capability.

Remove unnecessary Upgrade headers from requests not intended for protocol switching. Some proxies interpret a stray Upgrade header as a protocol negotiation attempt and return 426.

Code references

.NET

HttpStatusCode.UpgradeRequired

Rust

http::StatusCode::UPGRADE_REQUIRED

Rails

:upgrade_required

Go

http.StatusUpgradeRequired

Symfony

Response::HTTP_UPGRADE_REQUIRED

Python3.5+

http.HTTPStatus.UPGRADE_REQUIRED

Apache HttpComponents Core

org.apache.hc.core5.http.HttpStatus.SC_UPGRADE_REQUIRED

Angular

@angular/common/http/HttpStatusCode.UpgradeRequired

Takeaway

The 426 Upgrade Required status code is a client error sent by the server when the client is using a protocol the server does not support. Subsequent requests are processed if the protocol is upgraded.

See also

Last updated: March 6, 2026