HTTP/2 pseudo-header used in an invalid context

Q: How to fix Node.js ERR_HTTP2_PSEUDOHEADER_NOT_ALLOWED HTTP/2 pseudo-header used in an invalid context?

Use pseudo-headers only in their correct direction: Keeping pseudo-headers direction-correct and before regular headers satisfies HTTP/2 validation.

Production Risk

Causes stream or session errors; ensure header construction is direction-aware.

What this means

Thrown when an HTTP/2 pseudo-header is used in an incorrect direction or position. Request pseudo-headers (:method, :path, :scheme, :authority) cannot appear in responses; the response pseudo-header (:status) cannot appear in requests. All pseudo-headers must appear before regular headers.

Why it happens

1Including :status in a client request
2Including :method or :path in a server response
3Placing pseudo-headers after regular headers

How to reproduce

Triggered when the HTTP/2 stack validates headers and finds a pseudo-header in the wrong direction.

trigger — this will error

const req = client.request({
  ':method': 'GET',
  ':path': '/',
  ':status': '200', // invalid in a request
});

expected output

Error [ERR_HTTP2_PSEUDOHEADER_NOT_ALLOWED]: Cannot set HTTP/2 pseudo-headers

Fix

Use pseudo-headers only in their correct direction

WHEN When constructing HTTP/2 headers

Use pseudo-headers only in their correct direction

// Client request
const reqHeaders = { ':method': 'GET', ':path': '/', ':scheme': 'https', ':authority': 'example.com' };

// Server response
stream.respond({ ':status': 200, 'content-type': 'text/plain' });

Why this works

Keeping pseudo-headers direction-correct and before regular headers satisfies HTTP/2 validation.

Code examples

Triggerjs

const req = client.request({
  ':method': 'GET',
  ':path': '/',
  ':status': '200', // invalid in a request
});  // this triggers ERR_HTTP2_PSEUDOHEADER_NOT_ALLOWED

Handle in try/catchjs

try {
  // operation that may throw ERR_HTTP2_PSEUDOHEADER_NOT_ALLOWED
  riskyOperation()
} catch (err) {
  if (err.code === 'ERR_HTTP2_PSEUDOHEADER_NOT_ALLOWED') {
    console.error('ERR_HTTP2_PSEUDOHEADER_NOT_ALLOWED:', err.message)
  } else {
    throw err
  }
}

Defensive pattern to avoid itjs

// Validate inputs before calling the operation
function safe_err_http2_pseudoheader_not_allowed(...args) {
  // validate args here
  return performOperation(...args)
}

What not to do

✕ Mix request and response pseudo-headers

Direction-specific pseudo-headers cause immediate validation errors if used in the wrong context.

Same error in other languages

ValueErrorin Python→

Sources

Official documentation ↗

Node.js Error Codes Documentation

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformNode.js Error Codes

CodeERR_HTTP2_PSEUDOHEADER_NOT_ALLOWED

ClassHTTP/2

SeverityERROR

TierNotable

ConfidenceHIGH

← All Node.js errors