421 Misdirected RequestWhat 421 Misdirected Request means
HTTP 421 was introduced alongside HTTP/2 to solve a specific problem: connection reuse across hostnames. HTTP/2 clients may coalesce requests for different domains onto one TLS connection when the certificate covers both names and DNS points at the same address. If the server — or the CDN edge in front of it — is not actually configured to serve the second hostname on that connection, it answers 421: this connection cannot produce a response for that authority.
The other big trigger is a mismatch between what the TLS layer and the HTTP layer claim. During the TLS handshake, the client names the host it wants in the SNI extension; the HTTP request then names a host in the Host header (or :authority pseudo-header). If those disagree — because a tool hardcoded one of them, DNS was pinned to the wrong IP, or a middlebox rewrote something — strict servers and CDN edges reject with 421.
The response is explicitly retryable on a new connection. That is the design: the client is expected to open a fresh connection dedicated to the requested hostname and try again. Persistent 421s mean something in your stack keeps recreating the mismatch.