Content Filter Triggered Refusal — Fix (2026)

Q: The Error

Response stop_reason: "content_filter" Content: "" (empty response body with 200 status) This error appears as an empty or truncated response where stop_reason is content_filter instead of end_turn. Claude refused to generate the requested content.

Q: Prevention

Add this to your CLAUDE.md: # Prompt Framing - When working with security-sensitive code, include context: "for our internal app." - Prefix security-related requests with the legitimate use case. - If content filter triggers, rephrase — do not retry the same prompt.

Last updated: April 20, 2026

The Error

Response stop_reason: "content_filter"
Content: "" (empty response body with 200 status)

This error appears as an empty or truncated response where stop_reason is content_filter instead of end_turn. Claude refused to generate the requested content.

The Fix

Check the stop_reason in your response:

curl -s https://api.anthropic.com/v1/messages \
  -H "x-api-key: $ANTHROPIC_API_KEY" \
  -H "anthropic-version: 2023-06-01" \
  -H "content-type: application/json" \
  -d '{"model":"claude-sonnet-4-20250514","max_tokens":1024,"messages":[{"role":"user","content":"your prompt here"}]}' \
  | python3 -c "import sys,json; r=json.load(sys.stdin); print(f'stop_reason: {r[\"stop_reason\"]}')"

Rephrase the prompt to add context about legitimate use:

Instead of: "Write code to extract passwords from a database"
Use: "Write code to implement password reset functionality with proper hashing"

Add a system prompt that clarifies the development context:

claude --system "You are helping a developer build a secure authentication system for a legitimate web application." "write the auth module"

Why This Happens

Claude has built-in content filtering that blocks generation of harmful content. Sometimes legitimate developer requests trigger these filters because the phrasing resembles harmful intent. The filter evaluates the combined context of system prompt, conversation history, and current message.

If That Doesn’t Work

Break the request into smaller, more specific sub-tasks that are clearly benign.
Add explicit framing: “For a security audit of our own application…”
If working with security tooling, use the system prompt to establish the pentesting context.

Prevention

Add this to your CLAUDE.md:

# Prompt Framing
- When working with security-sensitive code, include context: "for our internal app."
- Prefix security-related requests with the legitimate use case.
- If content filter triggers, rephrase — do not retry the same prompt.

This fix also applies if you see these related error messages:

fatal: not a git repository
error: failed to push some refs
fatal: refusing to merge unrelated histories
TokenLimitExceeded: max tokens reached
Error: output truncated at max_tokens

Frequently Asked Questions

Why does Claude Code require git?

Claude Code uses git for several core operations: tracking file changes, creating commits, reading blame information, searching history with git log, and managing branches. Without git, these operations fail and Claude Code falls back to less efficient alternatives.

Can Claude Code work in a non-git directory?

Yes, but with reduced functionality. File search and editing work normally, but version control operations (commit, diff, blame) are unavailable. Claude Code displays a warning when opened in a directory without git initialization.

How do I prevent Claude Code from making unwanted git operations?

Add rules to your CLAUDE.md: Do not create commits automatically. Do not run git push. Always ask before any git operation that modifies history. Claude Code respects these constraints and asks for confirmation before proceeding.

What causes token count mismatches?

Token counts are estimated before sending a request and precisely calculated on the server. The estimation uses a fast local tokenizer that may differ slightly from the server’s tokenizer. Small discrepancies (1-3%) are normal and do not affect functionality.

Find the right skill → Browse 155+ skills in our Skill Finder.

Configure MCP → Build your server config with our MCP Config Generator.

Try it: Paste your error into our Error Diagnostic for an instant fix.

Implementation Details

When working with this in Claude Code, pay attention to these practical details:

Project configuration. Add specific instructions to your CLAUDE.md file describing how your project handles this area. Include file paths, naming conventions, and any patterns that differ from common defaults. Claude Code reads CLAUDE.md at the start of every session and uses it to guide all operations.

Testing the setup. After configuration, verify everything works by running a simple test task. Ask Claude Code to perform a read-only operation first (like listing files or reading a config) before moving to write operations. This confirms that permissions, paths, and tools are all correctly configured.

Monitoring and iteration. Track your results over several sessions. If Claude Code consistently makes the same mistake, the fix is usually a more specific CLAUDE.md instruction. If it makes different mistakes each time, the issue is likely in the project setup or toolchain configuration.

Troubleshooting Checklist

When something does not work as expected, check these items in order:

CLAUDE.md exists at the project root — run ls -la CLAUDE.md to verify
Node.js version is 18+ — run node --version to check
API key is set — run echo $ANTHROPIC_API_KEY | head -c 10 to verify (shows first 10 characters only)
Disk space is available — run df -h . to check
Network can reach the API — run curl -s -o /dev/null -w "%{http_code}" https://api.anthropic.com (should return 401 without auth, meaning the server is reachable)
No conflicting processes — run ps aux | grep claude | grep -v grep to check for stale sessions