HTTP 431 Request Header Fields Too Large — Oversized Headers
Warning4xx client error
Overview
HTTP 431 Request Header Fields Too Large means the server refuses the request because the total header size or an individual header exceeds the server's limit.
Key Details
- Either the total header size or a single header field exceeds server limits
- Nginx default header buffer is 4KB-8KB, Apache default is 8KB
- Most commonly caused by excessive cookies accumulating over time
- Large Authorization tokens (JWT) can push headers over the limit
- Can also occur from custom headers, referrer URLs, or user-agent strings
Common Causes
- Too many or too large cookies accumulated for the domain
- Oversized JWT tokens in Authorization header
- CDN or proxy adding additional headers that push total over the limit
- Large Referer header from a URL with many query parameters
Steps
- 1Clear cookies for the affected domain in your browser
- 2Reduce cookie sizes: use session IDs instead of storing data in cookies
- 3For Nginx: increase large_client_header_buffers (e.g., large_client_header_buffers 4 16k)
- 4For Apache: increase LimitRequestFieldSize in httpd.conf
- 5Shorten JWT tokens by reducing claims or using opaque tokens with server-side lookup
Tags
http431header-too-largecookiesjwt
More in 4xx Client Error
http-400-bad-requestHTTP 400 Bad Request — What It Means & How to Fix It
Errorhttp-401-unauthorizedHTTP 401 Unauthorized — What It Means & How to Fix It
Errorhttp-402-payment-requiredHTTP 402 Payment Required — What It Means & How to Fix It
Errorhttp-403-forbiddenHTTP 403 Forbidden — What It Means & How to Fix It
Errorhttp-404-not-foundHTTP 404 Not Found — What It Means & How to Fix It
Errorhttp-405-method-not-allowedHTTP 405 Method Not Allowed — What It Means & How to Fix It
ErrorFrequently Asked Questions
Cookies are sent as headers with every request. If many cookies accumulate for a domain, the total header size exceeds the limit.