HTTP 307 Temporary Redirect

A strict temporary redirect: go to the other URL, and repeat the request exactly as you sent it.

What HTTP 307 means

HTTP 307 Temporary Redirect works like 302 with one guarantee added: the client must repeat the request to the new URL with the same method and body. A redirected POST stays a POST — nothing is silently converted to GET.

Browsers also generate 307 internally: when a site is on the HSTS preload list, the browser upgrades http:// to https:// itself and shows “307 Internal Redirect” in DevTools without any network request.

Common causes of 307 responses

  • An API redirects a POST/PUT request to another endpoint temporarily.
  • HSTS: the browser upgrades http:// to https:// internally (shown as 307 in DevTools).
  • Load shedding or maintenance windows that reroute writes to a standby endpoint.

Good practices for developers

  • Use 307 whenever a redirected request has a body that must survive the hop.
  • For permanent method-preserving moves use 308 instead.
  • Remember that clients re-send the full body — avoid 307 for very large uploads if you can point clients at the right URL up front.

Example response

HTTP/1.1 307 Temporary Redirect
Location: https://api.example.com/v2/orders
Retry-After: 0

FAQ

What is the difference between 302 and 307?

Both are temporary, but 307 forbids changing the request method — a POST is repeated as a POST. With 302, browsers historically switch to GET.

Why does DevTools show “307 Internal Redirect”?

The browser upgraded the request to HTTPS itself (HSTS) without contacting the server. It is displayed as a synthetic 307.

Is there a permanent version of 307?

Yes — 308 Permanent Redirect: same method-preserving rule, but caches and search engines treat the move as permanent.