LocalHost.Co
Home / Articles / http error 431
error-codes

http error 431

Discover the causes of HTTP Error 431 Request Header Fields Too Large. Learn how excessive cookies and server limits trigger this error, and how developers can fix it.

21 Mar 2026

The http error 431, officially titled "Request Header Fields Too Large," is an HTTP status code indicating that the server refuses to process a request because either a single HTTP header field, or the collective set of all header fields, is significantly larger than the server is configured to allow. When this happens, the connection is instantly closed, and the user is presented with a 431 error.

Understanding HTTP Headers and Limits

Every time your browser requests a webpage, it sends a payload of metadata called HTTP headers. These headers contain essential information such as your browser type (User-Agent), the languages you accept, and crucially, your Cookies.

Web servers (like Nginx, Apache, or Node.js) set strict limits on the maximum allowed size for incoming headers. This is a fundamental security measure designed to protect the server against buffer overflow attacks or Denial of Service (DoS) attacks where a malicious actor might send a request with gigabytes of garbage headers to crash the server's memory.

When the total size of the incoming headers exceeds this predefined limit (often around 8KB or 16KB depending on the software), the server immediately rejects the request with a 431 status code.

Common Causes of a 431 Error

A 431 error is almost exclusively a client-side issue (from the server's perspective), but it is usually caused by how the web application manages client state. The most common culprits are:

1. Bloated Cookies

This is by far the most frequent cause. Whenever you visit a site, it can store cookies in your browser. With every subsequent request to that domain, your browser sends all those cookies back to the server in the Cookie header. If a website (or a poorly coded analytics script) stores too much data in cookies—such as massive JSON objects, long session tokens, or redundant tracking IDs—the Cookie header can easily exceed the server's 8KB limit.

2. Long Referer URLs

The Referer header tells the server the URL of the page you came from. If you click a link from a page that has a ridiculously long URL containing hundreds of query parameters, that massive string is sent in the header, potentially tripping the size limit.

3. Complex Authentication Tokens

Modern applications often use JWTs (JSON Web Tokens) for authentication, sent via the Authorization: Bearer header. If an application packs too many roles, permissions, or user metadata directly into the token instead of storing it on the server, the token becomes bloated, leading to a 431 error.

How to Fix the HTTP 431 Error

Resolving a 431 error requires different steps depending on whether you are the end-user experiencing the issue or the developer managing the server.

For Web Users

If you encounter a 431 error while trying to access a website, the fix is usually very simple:

  • Clear Your Cookies: Since bloated cookies are the primary cause, clearing the cookies for that specific domain will shrink your header size back to normal. In Chrome, click the padlock icon next to the URL, select "Cookies and site data," and clear them.
  • Use Incognito Mode: Browsing in an incognito or private window starts a session without any pre-existing cookies. If the site loads fine in incognito, it proves that your saved cookies were the problem.
  • Shorten the URL: If you are trying to access a URL with massive tracking parameters (e.g., ?utm_source=...), delete everything after the ? and try loading the base URL.

For Developers and Administrators

If your users are frequently complaining about 431 errors, you need to address the root cause in your application architecture:

  • Audit Cookie Usage: Stop using cookies as a local database. Only store essential session IDs in cookies. Move user preferences and large data blobs to local storage (which is not sent to the server on every request) or a server-side database.
  • Increase Server Limits (Use with Caution): If your application legitimately requires larger headers (e.g., passing large SSO tokens), you can configure your server to accept them.
    • Node.js: You can increase the max header size by starting your app with the flag: node --max-http-header-size=32768 app.js.
    • Nginx: Adjust the large_client_header_buffers directive in your nginx.conf file.
    • Apache: Modify the LimitRequestFieldSize directive.

Frequently Asked Questions

Why does a 431 error suddenly appear on sites I use daily?

Over time, as you interact with a site, it may drop multiple cookies for analytics, A/B testing, and session tracking. Eventually, the accumulated size of these cookies crosses the server's threshold, triggering a sudden 431 error on a site that worked perfectly yesterday.

Is a 431 error a security risk?

The error itself is a security feature. It protects the server from being overwhelmed by massive, malicious requests. However, if your application stores massive amounts of data in cookies to the point of triggering this error, it might be a sign of poor architectural design.

How is a 431 error different from a 413 Payload Too Large?

A 431 error occurs when the HTTP headers (metadata, cookies) are too large. A 413 Payload Too Large error occurs when the HTTP body (the actual data being uploaded, like a video or a massive JSON file) exceeds the server's limit.

Can caching cause a 431 error?

While caching doesn't directly cause a 431, proxy servers or CDNs might aggressively cache the 431 error page if they are misconfigured. This can result in the user continuing to see the error even after clearing their cookies, requiring a hard refresh or server-side cache purge.

Reviews

No approved reviews yet.

Name, review, and a 5-star rating.
Showing approved comments for this article and language.

Related Articles

  • err_ssl_protocol_error

    Learn how to fix the err_ssl_protocol_error in your browser. This comprehensive guide covers common causes like date/time issues, cached data, and antivirus settings.

  • err_http2_protocol_error

    Encountering the err_http2_protocol_error? Discover the root causes behind this HTTP/2 connection failure and follow our detailed solutions to restore access.

  • err_quic_protocol_error

    Resolve the err_quic_protocol_error quickly with our step-by-step troubleshooting guide. Fix connection issues by disabling QUIC, resetting flags, or checking extensions.

  • ssl_error_bad_cert_domain

    Fix the ssl_error_bad_cert_domain warning by understanding why a website's SSL certificate domain doesn't match the URL you visited and how to bypass it safely.

  • ssl_error_no_cypher_overlap

    The ssl_error_no_cypher_overlap occurs when the client and server share no common encryption ciphers. Find out how to update protocols and bypass this barrier safely.

  • ssl_error_rx_record_too_long

    Struggling with ssl_error_rx_record_too_long? Learn how to fix this Firefox-specific secure connection error caused by server misconfigurations or port conflicts.

  • whea_uncorrectable_error

    A whea_uncorrectable_error is a serious hardware BSOD in Windows. Read our guide to diagnose CPU, RAM, or voltage issues and restore system stability permanently.

  • dxgi_error_device_removed

    Fix the dxgi_error_device_removed crash. Find out why your system thinks the graphics card was physically removed and how to resolve driver and power supply issues.