← All Status Codes
101
Switching Protocols
ℹ️ Informational
Medium Risk
📖 What Is HTTP 101?
The server is switching to a different protocol as requested by the client via the Upgrade header. Most commonly used for WebSocket upgrades from HTTP.
🛡️ Security Implications
WebSocket upgrades bypass many WAF and proxy security controls. Ensure WebSocket endpoints validate Origin headers to prevent cross-site WebSocket hijacking.
🔍 Common Causes
Client sends Upgrade: websocket header. Server agrees to switch from HTTP to WebSocket protocol.
🔧 How to Fix
Validate Origin header on WebSocket connections. Apply authentication to WebSocket endpoints just like HTTP routes.
🖥️ How to Check
curl -I -o /dev/null -w "%{http_code}" https://example.com