HTTP 511 Network Authentication Required: What It Means and When You See It
Quick Answer
HTTP 511 Network Authentication Required means the client needs to authenticate to gain network access — typically used by captive portals on public Wi-Fi.
HTTP 511 Network Authentication Required
HTTP 511 is generated by captive portals on public Wi-Fi networks (hotels, airports, coffee shops). When you connect to the Wi-Fi but have not yet agreed to the terms or logged in, the captive portal intercepts your HTTP requests and returns 511 with a redirect to the login page. This is why HTTPS requests fail silently on captive portals - the portal cannot intercept them. HTTP 511 is not typically returned by regular web servers or APIs.
Why APIs Should Not Return 511
HTTP 511 is reserved for network-level authentication (captive portals), not application-level auth. If a user needs to authenticate with your API, use 401 Unauthorized. If they are authenticated but lack access, use 403. Returning 511 from an application would confuse clients expecting network-level behavior. Captive portal detection: browsers make test HTTP requests to known URLs - if they get 511 or an unexpected redirect, they show the captive portal dialog.
Try the interactive tool
Convert any value instantly — no sign-up required
Frequently Asked Questions
Related Values
100
HTTP 100 Continue means the server has received the request headers and the client should proceed to send the request body. It is an interim response used to inform the client to continue.
101
HTTP 101 Switching Protocols indicates the server is switching to the protocol specified in the Upgrade header field. Commonly used when upgrading to WebSocket connections.
200
HTTP 200 OK is the standard success response. The request has succeeded and the server has returned the requested resource in the response body.
201
HTTP 201 Created means the request succeeded and a new resource was created as a result. The Location header typically points to the new resource URL.