425 Too Early
Meaning
The server is unwilling to process a request that might be replayed, which could happen if the request is received prior to the proper handshake (e.g., replay of early data in TLS 1.3).
When to Use
When a server wants to reject a request that was sent in early TLS handshake (before handshake completion) because processing it could lead to a replay attack. Essentially, the server asks the client to wait for the handshake to complete and then retry.
Example
If a client sends a request in TLS 1.3 early data (0-RTT) and the server finds it unsafe to process because it could be replayed, it may respond with 425 Too Early, signaling the client to retry the request after the handshake.
When Not to Use
Do not use for general rate limiting or scheduling delays. 425 is specific to cases of potential replay attacks with early data. For normal conditions, use other codes like 503 if deferring processing for a short time.
Source
RFC 8470