431 Request Header Fields Too Large

HTTP response status code 431 Request Header Fields Too Large is returned by the server to indicate the HTTP headers are too large. This indicates the total size used by all HTTP headers or a specific HTTP header is too big.

Table of Contents

Usage

The 431 Request Header Fields Too Large status code indicates the server is refusing to process the HTTP request because there is too much data specified by the HTTP headers.

Depending on the server, this refers to the total length of HTTP headers combined or specific ones. In either case, the client has the option to remove one or more HTTP headers and try the request again. One possible solution for limiting the number of HTTP headers is to cut or reduce the Cookies being transmitted.

SEO impact

Search engines like Google will not index a URL with a 431 response status. Previously indexed URLs returning this status code will be removed from search results.

Example

The client requests a resource and the server responds with 431 Request Header Fields Too Large because the combination of two large cookie values exceeds the maximum limit set by the server for HTTP headers.

Request

GET /tech-news HTTP/1.1
Host: www.example.re
Cookie: first_cookie=<very_long>; second_cookie=<long_again>

Response

HTTP/1.1 431 Request Header Fields Too Large
Content-Type: text/html
Content-Length: 183

<html>
  <head>
    <title>Request Headers Too Long</title>
  </head>
  <body>
   <p>The request headers are too long.
   Try retrying without cookies.</p>
  </body>
</html>

How to fix

Clear Cookies for the affected domain in the browser. Cookie accumulation is the most frequent cause. Third-party scripts, analytics tags, and marketing pixels set cookies on every visit, and the combined size eventually exceeds the server limit. Clear site-specific cookies first before doing a full browser cookie purge.

Reduce custom header values sent with requests. Long authorization tokens, oversized X-Custom-* headers, and URL-encoded query parameters embedded in headers all contribute to the total size.

On the server side, increase the header buffer limits:

  • nginx: large_client_header_buffers 4 32k; sets four buffers of 32 KB each (the default is 4 buffers of 8 KB)
  • Apache: LimitRequestFieldSize 16384 raises the per-header limit from the default 8190 bytes to 16 KB
  • Node.js: launch with --max-http-header-size=16384 or set maxHeaderSize in the server options (the default dropped to 8 KB in Node 11.6.0 for security reasons)
  • IIS: adjust maxRequestLength and header limits in web.config

Audit cookie usage site-wide. Limit the number of cookies set per domain and use SameSite, Path, and Domain attributes to prevent cookies from propagating to subdomains and paths where they are not needed. Move session data to server-side storage or localStorage when the data does not need to travel with every request.

Raising server limits above 32 KB introduces denial-of-service risk. Increase limits only enough to accommodate legitimate traffic and combine the change with request-size monitoring.

Code references

.NET

HttpStatusCode.RequestHeaderFieldsTooLarge

Rust

http::StatusCode::REQUEST_HEADER_FIELDS_TOO_LARGE

Rails

:request_header_fields_too_large

Go

http.StatusRequestHeaderFieldsTooLarge

Symfony

Response::HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE

Python3.5+

http.HTTPStatus.REQUEST_HEADER_FIELDS_TOO_LARGE

Apache HttpComponents Core

org.apache.hc.core5.http.HttpStatus.SC_REQUEST_HEADER_FIELDS_TOO_LARGE

Angular

@angular/common/http/HttpStatusCode.RequestHeaderFieldsTooLarge

Takeaway

The 431 Request Header Fields Too Large status code is a client error sent by the server when the client sends an HTTP request with too much data in the HTTP headers. If the HTTP request is reduced in size while still making sense, the request is resubmitted with smaller HTTP headers.

See also

Last updated: March 11, 2026