CONCEPT Cited by 3 sources

HTTP 402 Payment Required

HTTP 402 Payment Required is an HTTP client-error status code defined in the HTTP/1.1 standard as "reserved for future use" — a placeholder for digital-payment flows that never materialized in the 1990s-2000s web. Until 2025 it was one of the few essentially-unused response codes in the HTTP status table. Cloudflare's 2025-07-01 pay-per-crawl launch is the first widely-deployed commercial use of 402 as the negotiation signal for paid content access.

Protocol semantics (as resurrected by pay-per-crawl)

1. Client (a bot / agent) requests a resource without declaring payment intent.
2. Server responds:

   HTTP/1.1 402 Payment Required
   crawler-price: USD 0.01
   

3. Client decides whether to pay; if yes, re-requests with an agreement header (crawler-exact-price: USD 0.01); otherwise abandons or tries a cheaper path.
4. Server replies 200 OK with crawler-charged: USD 0.01 on success, or returns 402 again if the agreement doesn't meet policy.

Why 402 specifically

• Already defined as a client error. Intermediaries (proxies, CDNs, log collectors, HTTP clients) treat it as a 4xx — not an origin server error, not a redirect. No infrastructure churn.
• Unused. No existing deployments to conflict with; unlike repurposing 403, 429, or inventing a vendor-specific 4xx, there is no backwards-compat drag.
• Semantically intended. The RFC reservation was explicitly for payment; using it for payment is lawful, not a protocol abuse.
• Minimal client surface. Existing HTTP libraries surface the status code and header to application code without changes; agents can react to 402 in whatever way they want without custom protocol support at the network layer.

Role in the agentic-paywall vision

402 is the negotiation primitive for the agentic paywall: an agent given a user's spending budget hits a 402, reads the crawler-price, consults the budget, and programmatically retries with crawler-exact-price. No human-in-the-loop. No custom protocol. The shape generalizes from "crawler paying for content" to "agent paying for any priced resource" — the 402 status code is the syntactic indirection that lets the same HTTP flow carry any priced interaction.

Not yet standardized

As of pay-per-crawl's 2025-07-01 launch, the crawler-price / crawler-max-price / crawler-exact-price / crawler-charged headers are Cloudflare-defined, not IETF-standardized. Cloudflare signals an intention for "many different types of interactions and marketplaces" to develop simultaneously and for standardization / multi-implementation to follow — but in the meantime the de-facto substrate is the Cloudflare header shape.

Distinction from 403 Forbidden

A 403 = you may not have this, full stop. A 402 = you may have this for a price. Pay-per-crawl's Charge outcome for a crawler without a billing relationship is functionally a 403 (no content) but deliberately returns 402 with price — it advertises "a relationship could exist" rather than slamming the door. Changing the semantics of a block from terminal-denial to standing-offer is a subtle but intentional piece of pay-per-crawl's design.

Seen in

• sources/2025-07-01-cloudflare-pay-per-crawl — pay-per-crawl launch; canonical wiki instance. (systems/pay-per-crawl)
• sources/2026-04-17-cloudflare-introducing-the-agent-readiness-score-is-your-site-agent-ready — generalisation of the pay-per-crawl-specific revival into the x402 open standard (Cloudflare + Coinbase co-founded x402 Foundation) — the substrate of the non-scoring Agentic Commerce check-layer in the Agent Readiness Score. 402 evolves from "one-vendor header set" to "industry payment-primitive for agents."
• sources/2026-04-01-cloudflare-emdash-wordpress-spiritual-successor — CMS-primitive deployment. EmDash ships built-in x402 / HTTP 402 support in every site. "All you need to do is configure which content should require payment, set how much to charge, and provide a Wallet address." 402 progression on this wiki is now pay-per-crawl (one-vendor) → x402 Foundation (open standard) → EmDash (CMS primitive) — each step generalises the reach of the same HTTP status code. Every EmDash site becomes a 402-negotiating origin out of the box. Canonical wiki instance of agentic paywall shipped as a CMS default.

Related

• concepts/agentic-paywall — target end-state where 402 is the programmatic-negotiation primitive.
• concepts/http-message-signatures — sibling primitive carrying the bot identity that makes 402-gated content chargeable.
• systems/pay-per-crawl — canonical deployment.
• systems/x402-protocol — the open-standard foundation Cloudflare + Coinbase co-founded on top of HTTP 402.
• systems/emdash — built-in x402 support as a CMS primitive.
• patterns/price-header-negotiation — reactive + preemptive price-header flows built on 402.