HTTP

101 - Switching Protocols

HTTP 101 Switching Protocols is an informational success response indicating that the server agrees to switch the application protocol of the current connection. It is the mandatory handshake response for establishing WebSockets (wss://) or upgrading to HTTP/2.

Last reviewed: March 9, 2026|Editorial standard: source-backed technical guidance

What Does Switching Protocols Mean?

The 101 status code marks a "one-way door" transition in the network stack. Unlike 200 OK, which concludes a transaction and allows the connection to be closed, 101 transforms the existing TCP socket into a persistent, bidirectional (full-duplex) communication channel. It relies on "Hop-by-Hop" headers (Upgrade and Connection) which are frequently stripped by misconfigured reverse proxies, causing the handshake to fail.

Common Causes

-Header Stripping: Reverse proxies (Nginx, HAProxy) or Cloudflare stripping the Upgrade header before it reaches the application server.
-Idle Timeouts: The 101 connection is established, but an intermediate Load Balancer (AWS ALB, Azure) kills the connection after 60s of inactivity.
-Protocol Version Mismatch: Attempting an upgrade over HTTP/1.0, which does not support the protocol switching mechanism.
-WAF/DPI Interference: Web Application Firewalls or Deep Packet Inspection tools identifying the long-lived connection as a security threat and terminating the stream.

How to Fix Switching Protocols

1Enable Passthrough: Configure your reverse proxy to explicitly forward the Upgrade and Connection headers.
2Implement Heartbeats: Use a Ping/Pong mechanism at the application level to keep the 101 connection alive across load balancers.
3Use Secure WebSockets (WSS): Encapsulate the handshake in TLS to prevent transparent proxies from intercepting or altering headers.
4Nginx Update: Ensure proxy_http_version 1.1 is set, as 1.0 cannot perform the upgrade handshake.

Step-by-Step Diagnosis for Switching Protocols

1Use curl -v -N -H "Connection: Upgrade" -H "Upgrade: websocket" to see if the server returns 101 directly.
2Verify the presence of the Sec-WebSocket-Accept header in the response; its absence indicates the handshake was rejected.
3Check Load Balancer logs for 502 Bad Gateway or 408 Request Timeout during the handshake phase.
4Inspect the browser’s "Network > WS" tab to confirm the status code is exactly 101.

Handshake Anatomy (RFC 6455)

-The Trigger: Client sends Upgrade: websocket and Sec-WebSocket-Key.
-The Agreement: Server responds with 101 Switching Protocols and a hashed key in Sec-WebSocket-Accept.
-The Shift: HTTP headers are discarded, and the connection becomes a binary stream for WebSocket frames.

Protocol Decision Matrix (101 vs. Others)

-Choose 101: When switching from HTTP/1.1 to WebSockets or a binary protocol.
-Choose 426 (Upgrade Required): When the server refuses to fulfill the request unless the client upgrades first.
-Choose 200 OK: If the server decides to ignore the upgrade and stays on standard HTTP.

Implementation Examples

Production-Ready Nginx WebSocket Confignginx

location /ws/ {
    proxy_pass http://backend_upstream;
    proxy_http_version 1.1; # Crucial for 101
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_read_timeout 86400s; # Prevents idle disconnects
}

Client-Side Handshake Verificationjavascript

const ws = new WebSocket('wss://api.errorreference.com/v1/realtime');
ws.onopen = (e) => {
    console.log('101 Switching Protocols: Handshake Successful');
};
ws.onerror = (e) => {
    console.error('Handshake Failed: Potential Proxy/WAF interference');
};

How to Verify the Fix

-Successfully establish a WebSocket connection and send/receive data.
-Confirm the connection survives beyond the default 60-second proxy timeout.
-Verify proxy access logs show an HTTP/1.1 101 status with non-zero upstream response time.

How to Prevent Recurrence

-IaC Hardening: Include WebSocket-specific headers in your standard Terraform/Ansible Nginx configurations.
-Deployment Smoke Tests: Add automated tests that specifically attempt a WebSocket handshake in the staging environment.
-SLA Monitoring: Alert on high rates of 426 or 502 errors on real-time endpoints.
-Pro-tip: Never assume a 101 connection is "stable" by default; always implement application-level reconnect logic (Exponential Backoff).

Decision Support

Playbook

API Timeout Playbook (502 / 504 / DEADLINE_EXCEEDED)

Use this playbook to separate invalid upstream responses from upstream wait expiration and deadline exhaustion, and apply timeout budgets, safe retries, and circuit-breaker controls safely.

Official References

Provider Context

This guidance is specific to HTTP services. Always validate implementation details against official provider documentation before deploying to production.

What Does Switching Protocols Mean?

Common Causes

-Header Stripping: Reverse proxies (Nginx, HAProxy) or Cloudflare stripping the Upgrade header before it reaches the application server.

-Idle Timeouts: The 101 connection is established, but an intermediate Load Balancer (AWS ALB, Azure) kills the connection after 60s of inactivity.

-Protocol Version Mismatch: Attempting an upgrade over HTTP/1.0, which does not support the protocol switching mechanism.

-WAF/DPI Interference: Web Application Firewalls or Deep Packet Inspection tools identifying the long-lived connection as a security threat and terminating the stream.

How to Fix Switching Protocols

1Enable Passthrough: Configure your reverse proxy to explicitly forward the Upgrade and Connection headers.

2Implement Heartbeats: Use a Ping/Pong mechanism at the application level to keep the 101 connection alive across load balancers.

3Use Secure WebSockets (WSS): Encapsulate the handshake in TLS to prevent transparent proxies from intercepting or altering headers.

4Nginx Update: Ensure proxy_http_version 1.1 is set, as 1.0 cannot perform the upgrade handshake.

Step-by-Step Diagnosis for Switching Protocols

1Use curl -v -N -H "Connection: Upgrade" -H "Upgrade: websocket" to see if the server returns 101 directly.

2Verify the presence of the Sec-WebSocket-Accept header in the response; its absence indicates the handshake was rejected.

3Check Load Balancer logs for 502 Bad Gateway or 408 Request Timeout during the handshake phase.

4Inspect the browser’s "Network > WS" tab to confirm the status code is exactly 101.

Handshake Anatomy (RFC 6455)

-The Trigger: Client sends Upgrade: websocket and Sec-WebSocket-Key.
-The Agreement: Server responds with 101 Switching Protocols and a hashed key in Sec-WebSocket-Accept.
-The Shift: HTTP headers are discarded, and the connection becomes a binary stream for WebSocket frames.

Protocol Decision Matrix (101 vs. Others)

-Choose 101: When switching from HTTP/1.1 to WebSockets or a binary protocol.
-Choose 426 (Upgrade Required): When the server refuses to fulfill the request unless the client upgrades first.
-Choose 200 OK: If the server decides to ignore the upgrade and stays on standard HTTP.

Implementation Examples

Production-Ready Nginx WebSocket Confignginx

location /ws/ {
    proxy_pass http://backend_upstream;
    proxy_http_version 1.1; # Crucial for 101
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_read_timeout 86400s; # Prevents idle disconnects
}

Client-Side Handshake Verificationjavascript

const ws = new WebSocket('wss://api.errorreference.com/v1/realtime');
ws.onopen = (e) => {
    console.log('101 Switching Protocols: Handshake Successful');
};
ws.onerror = (e) => {
    console.error('Handshake Failed: Potential Proxy/WAF interference');
};

How to Prevent Recurrence

-IaC Hardening: Include WebSocket-specific headers in your standard Terraform/Ansible Nginx configurations.

-Deployment Smoke Tests: Add automated tests that specifically attempt a WebSocket handshake in the staging environment.

-SLA Monitoring: Alert on high rates of 426 or 502 errors on real-time endpoints.

-Pro-tip: Never assume a 101 connection is "stable" by default; always implement application-level reconnect logic (Exponential Backoff).

What Does Switching Protocols Mean?

Common Causes

How to Fix Switching Protocols

Step-by-Step Diagnosis for Switching Protocols

Handshake Anatomy (RFC 6455)

Protocol Decision Matrix (101 vs. Others)

Implementation Examples

How to Verify the Fix

How to Prevent Recurrence

Related Errors

Decision Support

API Timeout Playbook (502 / 504 / DEADLINE_EXCEEDED)

Official References

Provider Context

What Does Switching Protocols Mean?

Common Causes

How to Fix Switching Protocols

Step-by-Step Diagnosis for Switching Protocols

Handshake Anatomy (RFC 6455)

Protocol Decision Matrix (101 vs. Others)

Implementation Examples

How to Verify the Fix

How to Prevent Recurrence

Related Errors

Decision Support

API Timeout Playbook (502 / 504 / DEADLINE_EXCEEDED)

Official References

Provider Context