HTTP

417 - Expectation Failed

HTTP 417 Expectation Failed means the server cannot meet requirements in the Expect request header.

Last reviewed: March 11, 2026|Editorial standard: source-backed technical guidance

What Does Expectation Failed Mean?

The request is blocked before body processing because expectation requirements declared by the client cannot be satisfied by this server path.

Common Causes

-Client sends Expect: 100-continue, but intermediary proxy does not implement expectation handling correctly.
-Legacy SDK always adds Expect header even for tiny payloads, and origin policy rejects that negotiation path.
-WAF rule flags Expect header as anomalous and blocks request before application reads request body.

How to Fix Expectation Failed

1Remove unsupported Expect values or use only Expect: 100-continue where explicitly supported.
2Verify intermediaries preserve expectation headers and properly relay interim 100 Continue responses.
3Retest large-body requests with expectation flow enabled and disabled to isolate compatibility gaps.

Step-by-Step Diagnosis for Expectation Failed

1Capture raw request/response headers to inspect exact Expect value and server reaction.
2Confirm whether failure occurs at origin or intermediary (proxy/CDN/WAF) layer.
3Validate 100-continue support across the full path, including timeout behavior before body send.
4Retest with minimal payload and explicit expectation settings to isolate mismatch source.

Expect Header and Interim Response Validation

-Inspect whether client sends unsupported expectation token (example: custom Expect value rejected by origin).
-Verify server/intermediary handles 100 Continue handshake correctly (example: proxy drops interim response and origin emits 417).

Intermediary Compatibility and Request Flow Trace

-Audit header normalization rules in gateways (example: WAF strips Expect and leaves client waiting for 100 Continue).
-Compare direct-origin vs edge-path behavior (example: direct succeeds, CDN path returns 417 due to legacy proxy behavior).

Implementation Examples

Reproduce HTTP 417 Expectation Failedcurl

curl -i -X POST https://api.example.com/v1/upload -H "Expect: 100-continue" -H "Content-Type: application/octet-stream" --data-binary @large.bin
# Response:
# HTTP/1.1 417 Expectation Failed
# {"error":"Expectation Failed","code":"417"}

Handle 417 in JavaScriptjavascript

const response = await fetch('https://api.example.com/v1/upload', {
  method: 'POST',
  headers: { 'Accept': 'application/json', 'Content-Type': 'application/octet-stream', 'Expect': '100-continue' },
  body: new Uint8Array([1, 2, 3])
});
if (response.status === 417) {
  console.error('Handle 417 Expectation Failed');
}

Handle 417 in Pythonpython

import requests

response = requests.post(
    'https://api.example.com/v1/upload',
    headers={'Accept': 'application/json', 'Content-Type': 'application/octet-stream', 'Expect': '100-continue'},
    data=b'example-binary'
)
if response.status_code == 417:
    print('Handle 417 Expectation Failed')

How to Verify the Fix

-Repeat affected requests and confirm expectation handling succeeds without 417.
-Validate large-body upload flows complete with correct 100 Continue behavior.
-Ensure expectation-related retries do not cause duplicate body transmission.

How to Prevent Recurrence

-Standardize Expect usage policy in SDKs and disable custom expectation tokens by default.
-Add integration tests for 100 Continue across every ingress path.
-Version gateway header policies and enforce no-drop rules for expectation handshake headers.

Pro Tip

-simulate slow-upload clients in CI to catch expectation timeout bugs that only appear under partial-body send conditions.

Decision Support

Compare Guide

401 Unauthorized vs 403 Forbidden: Auth vs Access Denied

Fix 401 Unauthorized vs 403 Forbidden by separating authentication failures from authorization denials, then apply the right login or permission fix fast.

Compare Guide

403 Forbidden vs 404 Not Found: When to Hide Resources

Use 403 for explicit access denial, or 404 to conceal resource existence when security policy requires reducing endpoint and object enumeration risk.

Playbook

Authorization Denial Playbook (403 / AccessDenied / PERMISSION_DENIED)

Use this playbook to triage policy-based access denials after authentication succeeds, isolate the deny layer, and apply least-privilege remediation safely.

Official References

Provider Context

This guidance is specific to HTTP services. Always validate implementation details against official provider documentation before deploying to production.

Common Causes

-Client sends Expect: 100-continue, but intermediary proxy does not implement expectation handling correctly.

-Legacy SDK always adds Expect header even for tiny payloads, and origin policy rejects that negotiation path.

-WAF rule flags Expect header as anomalous and blocks request before application reads request body.

Step-by-Step Diagnosis for Expectation Failed

1Capture raw request/response headers to inspect exact Expect value and server reaction.

2Confirm whether failure occurs at origin or intermediary (proxy/CDN/WAF) layer.

3Validate 100-continue support across the full path, including timeout behavior before body send.

4Retest with minimal payload and explicit expectation settings to isolate mismatch source.

Expect Header and Interim Response Validation

-Inspect whether client sends unsupported expectation token (example: custom Expect value rejected by origin).
-Verify server/intermediary handles 100 Continue handshake correctly (example: proxy drops interim response and origin emits 417).

Intermediary Compatibility and Request Flow Trace

-Audit header normalization rules in gateways (example: WAF strips Expect and leaves client waiting for 100 Continue).
-Compare direct-origin vs edge-path behavior (example: direct succeeds, CDN path returns 417 due to legacy proxy behavior).

Implementation Examples

Reproduce HTTP 417 Expectation Failedcurl

curl -i -X POST https://api.example.com/v1/upload -H "Expect: 100-continue" -H "Content-Type: application/octet-stream" --data-binary @large.bin
# Response:
# HTTP/1.1 417 Expectation Failed
# {"error":"Expectation Failed","code":"417"}

Handle 417 in JavaScriptjavascript

const response = await fetch('https://api.example.com/v1/upload', {
  method: 'POST',
  headers: { 'Accept': 'application/json', 'Content-Type': 'application/octet-stream', 'Expect': '100-continue' },
  body: new Uint8Array([1, 2, 3])
});
if (response.status === 417) {
  console.error('Handle 417 Expectation Failed');
}

Handle 417 in Pythonpython

import requests

response = requests.post(
    'https://api.example.com/v1/upload',
    headers={'Accept': 'application/json', 'Content-Type': 'application/octet-stream', 'Expect': '100-continue'},
    data=b'example-binary'
)
if response.status_code == 417:
    print('Handle 417 Expectation Failed')

What Does Expectation Failed Mean?

Common Causes

How to Fix Expectation Failed

Step-by-Step Diagnosis for Expectation Failed

Expect Header and Interim Response Validation

Intermediary Compatibility and Request Flow Trace

Implementation Examples

How to Verify the Fix

How to Prevent Recurrence

Pro Tip

Related Errors

Decision Support

401 Unauthorized vs 403 Forbidden: Auth vs Access Denied

403 Forbidden vs 404 Not Found: When to Hide Resources

Authorization Denial Playbook (403 / AccessDenied / PERMISSION_DENIED)

Official References

Provider Context

What Does Expectation Failed Mean?

Common Causes

How to Fix Expectation Failed

Step-by-Step Diagnosis for Expectation Failed

Expect Header and Interim Response Validation

Intermediary Compatibility and Request Flow Trace

Implementation Examples

How to Verify the Fix

How to Prevent Recurrence

Pro Tip

Related Errors

Decision Support

401 Unauthorized vs 403 Forbidden: Auth vs Access Denied

403 Forbidden vs 404 Not Found: When to Hide Resources

Authorization Denial Playbook (403 / AccessDenied / PERMISSION_DENIED)

Official References

Provider Context