307 - Temporary Redirect
HTTP 307 Temporary Redirect means the resource is temporarily elsewhere and request method must be preserved.
Last reviewed: February 20, 2026|Editorial standard: source-backed technical guidance
What Does Temporary Redirect Mean?
The target is temporarily relocated, but request semantics must remain identical because method and body are required to be preserved.
Common Causes
- -Edge router temporarily reroutes traffic to regional endpoint and preserves original method and request body.
- -Maintenance failover policy sends write calls to standby cluster using temporary method-preserving redirect.
- -Device flow endpoint performs temporary relocation while requiring POST semantics to remain unchanged.
How to Fix Temporary Redirect
- 1Validate redirect targets and confirm destination endpoints safely accept the same method and request body.
- 2Verify client and SDK redirect handling preserves method and payload when automatically following 307.
- 3Disable auto-follow on sensitive non-idempotent routes until method-preserving behavior is validated.
Step-by-Step Diagnosis for Temporary Redirect
- 1Capture original request plus
Locationand follow-up request details for 307 flows. - 2Verify method/body/header preservation across each redirect-following client implementation.
- 3Inspect proxy/CDN behaviors for method rewrite or payload loss on temporary redirect hops.
- 4Retest non-idempotent flows with idempotency controls to catch replay anomalies.
Method-Preservation Redirect Integrity
- -Validate method and body equivalence pre/post redirect (example: POST body dropped when library auto-follows 307).
- -Check header preservation for auth/content metadata (example: Authorization header stripped on cross-host redirect).
Temporary Routing Safety and Replay Controls
- -Audit temporary route toggles and rollback windows (example: regional failover 307 persists beyond incident).
- -Verify idempotency controls on write methods (example: redirect retry leads to duplicate mutation without idempotency key).
Implementation Examples
curl -i -X POST https://api.example.com/v1/resource -H "Content-Type: application/json" -d "{"sample":true}"
# Response:
# HTTP/1.1 307 Temporary Redirect
# Location: https://api.example.com/v1/resource-temporaryconst response = await fetch('https://api.example.com/v1/resource', {
method: 'POST',
headers: { 'Accept': 'application/json', 'Content-Type': 'application/json' },
body: JSON.stringify({ sample: true }),
redirect: 'manual'
});
if (response.status === 307) {
console.error('Handle 307 Temporary Redirect:', response.headers.get('location'));
}import requests
response = requests.post(
'https://api.example.com/v1/resource',
headers={'Accept': 'application/json', 'Content-Type': 'application/json'},
json={'sample': True},
allow_redirects=False
)
if response.status_code == 307:
print('Handle 307 Temporary Redirect', response.headers.get('Location'))How to Verify the Fix
- -Confirm redirected requests keep method and body intact and succeed at the temporary target endpoint.
- -Validate no duplicate side effects occur for non-idempotent operations during redirect follow behavior.
- -Monitor redirect and write-operation logs for replay anomalies after rollout of 307 handling fixes.
How to Prevent Recurrence
- -Add contract tests that assert method and payload preservation for all 307 redirect paths.
- -Require idempotency keys for write operations that may cross temporary redirect boundaries.
- -Use temporary redirects for write paths only with documented rollback plans and observability gates.
Pro Tip
- -canary-test redirect behavior per SDK/runtime because 307 handling differences often appear only in specific client libraries.
Decision Support
Compare Guide
403 Forbidden vs 404 Not Found: When to Hide Resources
Use 403 for explicit access denial, or 404 to conceal resource existence when security policy requires reducing endpoint and object enumeration risk.
Compare Guide
404 Not Found vs 410 Gone: Missing vs Permanent Removal
Learn when to return 404 (missing or temporary absence) versus 410 (intentional permanent removal), including redirect and cache implications.
Playbook
Resource State Playbook (404 / 410 / ResourceNotFound)
Use this playbook to separate temporary missing-resource lookups from permanent removals, then fix scope, lifecycle, and identifier drift safely.
Official References
Provider Context
This guidance is specific to HTTP services. Always validate implementation details against official provider documentation before deploying to production.