A data communication gateway. The gateway comprises a processor, a non-transitory memory, and an application stored in the non-transitory memory. When executed by the processor, the application receives a secure socket layer (SSL) client hello message identifying a server and an application layer communication protocol from a client executing on one of a user equipment (UE), a laptop computer, a notebook computer, a tablet computer, or a desktop computer and determines to deny an application layer communication service access of the client to the identified server. In response to determining to deny service access, sending a SSL server hello message comprising a client redirection extension to the client that identifies a web server configured to provide a courtesy message associated with the service denial in response to a hypertext transfer protocol (HTTP) GET message or a secure hypertext transfer protocol (HTTPS) GET message.