HTTP 305 Use Proxy
HTTP 305 Use Proxy was a status code that instructed clients to re-issue the request through a specific proxy server identified in the Location header. It was deprecated in RFC 9110 and must not be used in new implementations.
Quick reference
| Code | 305 |
|---|---|
| Name | Use Proxy |
| Category | 3xx Redirects |
| Specification | RFC 9110 §15.4.6 |
| Status | Deprecated. RFC 9110 explicitly states this code should not be used. |
| Correct response today | Remove or ignore the proxy requirement. Serve the resource directly, or configure proxy settings at the network level. |
| In-depth guide | HTTP 305 deprecation guide → |
Why it was deprecated
305 was originally defined in RFC 2068 (HTTP/1.1, 1997). The intent was to allow origin servers to tell clients to use a specific proxy for subsequent requests. In practice, this created a serious security vulnerability: a malicious server could use a 305 response to redirect a client to a malicious proxy that could then intercept, modify, or steal subsequent requests — including to unrelated servers.
RFC 2616 (HTTP/1.1, 1999) already noted that only origin servers should generate 305 and that clients should treat it with caution. RFC 7231 (2014) deprecated it. RFC 9110 (2022) formally marks 305 as deprecated and states that it "was defined in a previous version of this specification and is now deprecated due to security concerns."
No modern HTTP server or framework should generate 305. If you encounter 305 in traffic, it is either from very old legacy software or from a misconfiguration. Treat it as an error, not a redirect to follow.
What to do if you see 305
If a server under your control is returning 305: audit the codebase for any hardcoded 305 responses and remove them. Return a direct response to the request instead, and configure proxy requirements at the infrastructure level (via network policy or load balancer configuration) rather than via HTTP response codes.
If you receive a 305 from a third-party server: do not follow it. Log it as an anomaly. A 305 in 2026 from a production server is either a security issue or a very outdated server configuration.
Historical context in the 3xx range
| Code | Status | Purpose |
|---|---|---|
| 301 | Active | Permanent redirect (method may change) |
| 302 | Active | Temporary redirect (method may change) |
| 304 | Active | Not modified — use cached version |
| 305 | Deprecated | Use specified proxy — removed for security |
| 306 | Unused/reserved | Switch proxy — defined but unused |
| 307 | Active | Temporary redirect (method preserved) |
Related resources
On this site: HTTP 305 deprecation guide · HTTP 301 Moved Permanently · HTTP 307 Temporary Redirect · All 3xx redirect codes
Standards: RFC 9110 §15.4.6 · IANA Registry