How to fix 400 Bad Request: Request Header or Cookie too Large with Nginx

This article outlines steps to fix the Nginx 400 Bad Request error related to headers or cookies.

I manage several websites using Nginx HTTP servers, and I have different configurations set up for various environments. When I encountered the error message “400 Bad Request: Request Header or Cookie Too Large” on one of my servers, I promptly researched the issue and found a solution.

If you are in a similar situation, follow the steps below to resolve it quickly.

Just to clarify, the issue you’re experiencing could be due to your browser sending a large cookie, which the server might be refusing to process. Additionally, if a browser is sending oversized cookies, it might indicate a configuration problem with Nginx. Adjusting the buffer size in Nginx to handle larger cookies could potentially resolve this issue.

If you prefer not to clear or reset your browser cookies, follow the steps below to modify the Nginx configuration to permit larger cookies.

When you encounter this error message, it indicates that one or more headers sent to Nginx exceed the allowed size limit, resulting in Nginx rejecting them. To resolve this issue, follow the steps outlined below:

Oh, so you know, Nginx’s default buffer number and size are 4 and 8k, respectively.

So you’ll get that error message if a header size is above the limit.

Next, on the Nginx HTTP server, open the server configuration file.

sudo nano /etc/nginx/sites-available/example.com.conf

The location of your server configuration file may vary. When the file opens, add this line of configuration and save it.

server {
    # .
    large_client_header_buffers 4 16k;
    # .
}

Save the file and exit.

The Nginx states that the line is only valid in HTTP or server contexts. So make sure you add the configuration line or context. After that, restart or reload the Nginx server.

sudo systemctl reload nginx.service

Test again, and the error should be gone.

If you still get the error after restarting, bump the number to 4 and 32k. Then restart the Nginx server.

Another thing to look at is if you’re running an Nginx proxy with proxy_set_header config, you should remove that line from your proxy configuration block.

For example, remove the line below from your proxy configuration block if you have it configured, then save and restart Nginx.

proxy_set_header Host app.example.com;

These steps above should get you back to a functioning site.

If all the steps above don’t work, other issues may be in play there. First, please clear your browser’s cookies and maybe reset them by deleting all stored data. Then, hopefully, it should work.