Is it safe to use HTTP status 308 Permanent Redirect?
Solution 1:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/308
The RFC 7538 proposal have wide support today. It's safe.
308 instead 301. 307 instead 302.
move != redirect
Move reminds a specific address and/or file moved. Redirect is a new location or address.
Solution 2:
Although 308 is now a standard (https://tools.ietf.org/html/rfc7538), it is not currently Safe [Edit] (as of 3 April 2019), especially for desktop applications, but may be almost safe in some specific regions (e.g. India), or for applications targeted at tablets and mobile devices.
The lack of safety is because IE 11 on Windows 7 and 8.1 does not support it. In IE 11 the site just appears to hang. Luckily the IE that ships with Windows 10 does support it, so it will be just a case of waiting until the general populous moves on from Windows 7 (Win 7 has only just been surpassed by Win 10 in global usage stats, Win 8 is significantly less popular than both) [Edit] or your company makes a decision to no longer support it (which you can make a very strong case for from 14th January 2020 when Windows 7 loses even long term support).
All other modern browsers support it (Chrome, Firefox, Safari, Edge, Opera).
[Edit] Usage stats from March 2019 to help make your decision:
- 36.52% of desktop users are still on Windows 7
- 9.83% of desktop users were on IE; as Win10 pushed Edge so much, I'd assume most of these users to be on Win 7. Ref netmarketshare
So, a decision to use 308 would affect probably (my guesstimate based on above stats) between 5 and 9% of desktop users as of this edit (3/4/2019). If your application is geared more towards tablets/mobile devices, this value will be significantly lower. Similarly if your app is specifically for the Indian market.
You can test if your browser supports 308 redirects here: https://webdbg.com/test/308/
Solution 3:
To end this: No it is not safe to use that status code. See comments for details.
308 is not a standard - it's a proposal, still in the experimental stage. Browers should fall back to a 300 interpretation of any 301-399 error that they don't specifically understand.
Some browsers just fail completely on that status code.