HTTP error 431 returns the status code: Request header fields too large

You've tried to look at content on your own website, and you've hit an error. Read through it, and you'll know that the system thinks "request header fields too large." But you have no idea what that means.

HTTP errors are meant to give you information about the communication between your device and a website server. But the codes were written for developers, not average people. And even experts can be confused by obscure codes like this one. 

Fixing HTTP error 431 is relatively easy once you know what to look for. We'll walk you through the steps.

Understand the HTTP Language 

The acronym HTTP stands for "hypertext transfer protocol," which was established in 1991. Think of this protocol as the language of requests and responses between devices and servers. 

Each time you visit a website, a predictable set of steps happens.

• Browser request: You need data or information from the web server to visit the page. 
• Data movement: Buried within that request is information about you, your browser, and more. 
• The server’s response: You're either given access, or you get a code that explains the denial. 

Requests are sometimes called "headers." The HTTP protocol doesn't specify how long or big these pieces of data can be. But some servers limit size for security reasons. 

And that's where HTTP error 431 comes in.

Unpacking HTTP Error 431

Several types of HTTP errors exist, and they're numerically grouped. All of the codes in the 400 level involve user errors. These aren't problems that technically originate with the website or your server. Instead, they involve some kind of request from the user that a website's server can't process. 

Error 431, which officially says "Request header fields too large," means the server has dropped the request. The header sent by the user is either too long or too large, and the server denies it. 

Web developers can request all kinds of data from users. You might ask for information about these things:

• Preferred languages
• Credentials 
• Hosts 
• Referring sites 

If you ask for too much information, or the data you get back is somehow chunky or lengthy, your user will hit this error code. The page won't load until the problem is resolved.

Fix Error 431 in 4 Steps 

Every HTTP error 431 message is different, and your website could throw up this barrier for reasons that don't apply to other businesses you know. But for most companies, the problem comes down to one of two factors.

Your visitors could see the code due to cookies or the referring URL is too long. 

Try fixing the problem by:

• Eliminating the referrer URL. If you know you have active links on a site with a very long URL, eliminate this query before allowing access.
• Walking through your code. Spaces in your code are applied toward character limits, and they're not always needed. You could also ask for data you never use or need, which could force users up against your character limits.
• Examining your cookie settings. If you have authorization code mistakes, you could be setting multiple cookies for your users, and that could cause unwelcome HTTP errors.
• Accepting more cookies. If cookies are at the crux of your problem, let more in. Cookies do come with security vulnerabilities, so proceed with care. But if eliminating an error code at all costs is your goal, accepting more cookies could be helpful. 

You may need to talk with your server host before making some changes. If you adjust your code to accept more data, but your server doesn't agree, your users could hit a similar HTTP code involving server access. An open conversation before you adjust code is always wise.

Get Help From Okta 

If HTTP errors plague you, we can help. We'll walk through the problems with you, and we'll figure out how to give your users access without compromising your security. Contact us to find out more.

References

Brief History of HTTP. High Performance Browser Networking. O'Reilly. 

Additional HTTP Status Codes. (April 2012). Internet Engineering Task Force. 

Risk Associated With Cookies. (November 2013). Infosec.

5 Tips to Avoid Potential Dangers of Cookies. (November 2020). C Online Mag.