HTTP status code 431 indicates that the server cannot process the request because the request header fields are too large. This status code is defined in RFC 6585 and is primarily used to handle situations where request headers exceed acceptable limits.
Purpose
- Indicates that the total size of the request header fields exceeds the limit that the server is willing or able to process.
- This can be due to a single header field being too large or the combined size of all header fields exceeding the limit.
Use Cases
- Prevents server memory exhaustion due to oversized request headers.
- Protects against certain forms of Denial of Service (DoS) attacks.
- Handles exceptionally large cookies or other custom header fields.
Server Behavior
- The server may choose to close the connection to prevent the client from continuing to send requests.
- Typically includes information in the response about which header fields caused the issue.
Client Response
- Upon receiving this status code, the client should attempt to reduce the size of the request headers.
- This may involve clearing cookies or reducing custom header fields.
Implementation Considerations
- The server should set reasonable limits on the size of request headers.
- Different limits can be set for different resources or paths.
Example Response
HTTP/1.1 431 Request Header Fields Too Large
Content-Type: application/json
Connection: close
{
"error": "Request Header Fields Too Large",
"message": "The size of the request headers exceeds server limits.",
"details": "Consider reducing the size of the Cookie header or removing unnecessary custom headers."
}
Excessive Cookies
- Cause: Accumulation of cookies over time may lead to oversized request headers.
- Solution: Clean up unnecessary cookies and use server-side session management.
Large Custom Headers
- Cause: The client adds too many or excessively large custom header fields.
- Solution: Optimize header field usage and consider moving some data to the request body.
Long URLs
- Cause: URLs in GET requests are excessively long.
- Solution: Use POST requests instead or optimize the URL structure.
Headers Added by Proxy Servers
- Cause: Each proxy may add additional header information when passing through multiple proxies.
- Solution: Optimize proxy configurations to reduce unnecessary header additions.
Preventive Measures
- Regularly clean up cookies and local storage.
- Implement self-checks for request header sizes on the client side.
- Use compression techniques to reduce the size of transmitted data.
- Implement a progressive response strategy on the server side, issuing warnings before rejecting requests.
By effectively using the 431 status code, servers can maintain stability and security while providing clear error feedback to clients, aiding in quick diagnosis and resolution of issues.
Related 4xx error code
- 400 Bad Request
- 401 Unauthorized
- 402 Payment Required
- 403 Forbidden
- 404 Not Found
- 405 Method Not Allowed
- 406 Not Acceptable
- 407 Proxy Authentication Required
- 408 Request Timeout
- 409 Conflict
- 410 Gone
- 411 Length Required
- 412 Precondition Failed
- 413 Payload Too Large
- 414 URI Too Long
- 415 Unsupported Media Type
- 416 Range Not Satisfiable
- 417 Expectation Failed
- 418 I’m a teapot
- 421 Misdirected Request
- 422 Unprocessable Entity (WebDAV)
- 423 Locked (WebDAV)
- 424 Failed Dependency (WebDAV)
- 425 Too Early
- 426 Upgrade Required
- 428 Precondition Required
- 429 Too Many Requests
- 451 Unavailable For Legal Reasons
- 499 Client Closed Request