431 Request Header Fields Too Large
Usage
The 431 Request Header Fields Too Large status code indicates the server is refusing to process the HTTP request because there is too much data specified by the HTTP headers.
Depending on the server, this refers to the total length of HTTP headers combined or specific ones. In either case, the client has the option to remove one or more HTTP headers and try the request again. One possible solution for limiting the number of HTTP headers is to cut or reduce the Cookies being transmitted.
Example
The client requests a resource and the server responds with 431 Request Header Fields Too Large because the combination of two large cookie values exceeds the maximum limit set by the server for HTTP headers.
Request
GET /tech-news HTTP/1.1
Host: example.com
Cookie: first_cookie=<very_long>; second_cookie=<long_again>
Response
HTTP/1.1 431 Request Header Fields Too Large
Content-Type: text/html
Content-Length: 183
<html>
<head>
<title>Request Headers Too Long</title>
</head>
<body>
<p>The request headers are too long.
Try retrying without cookies.</p>
</body>
</html>
How to fix
Clear Cookies for the affected domain in the browser. Cookie accumulation is the most frequent cause. Third-party scripts, analytics tags, and marketing pixels set cookies on every visit, and the combined size eventually exceeds the server limit. Clear site-specific cookies first before doing a full browser cookie purge.
Reduce custom header values sent with requests. Long authorization tokens, oversized X-Custom-* headers, and URL-encoded query parameters embedded in headers all contribute to the total size.
On the server side, increase the header buffer limits:
Audit cookie usage site-wide. Limit the number of cookies set per domain and use SameSite, Path, and Domain attributes to prevent cookies from propagating to subdomains and paths where they are not needed. Move session data to server-side storage or localStorage when the data does not need to travel with every request.
Raising server limits above 32 KB introduces denial-of-service risk. Increase limits only enough to accommodate legitimate traffic and combine the change with request-size monitoring.
Chrome and 431 errors
Chrome displays “Bad Request - Request Header Field Too Long” or “Bad message 431” when accumulated Cookies for a domain push the request headers past the server limit. Clearing Cookies for the specific site in Chrome settings (Settings > Privacy > Cookies > See all site data) resolves the error immediately without affecting other sites.
Code references
.NET
HttpStatusCode.RequestHeaderFieldsTooLarge
Rust
http::StatusCode::REQUEST_HEADER_FIELDS_TOO_LARGE
Rails
:request_header_fields_too_large
Go
http.StatusRequestHeaderFieldsTooLarge
Symfony
Response::HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE
Python3.5+
http.HTTPStatus.REQUEST_HEADER_FIELDS_TOO_LARGE
Apache HttpComponents Core
org.apache.hc.core5.http.HttpStatus.SC_REQUEST_HEADER_FIELDS_TOO_LARGE
Angular
@angular/common/http/HttpStatusCode.RequestHeaderFieldsTooLarge