ArticlesInternetOpen Source Software

Maximum HTTP request header size defaults compared across web servers

When a browser sends too much data in the HTTP header, a web server will (most likely) refuse the request. The most typical errors in this situation are 400 Bad Request or 413 Payload Too Large or 413 Request Entity Too Large.

Although the header size should in general be kept small (smaller = faster), there are many web applications storing a lot of data in the HTTP header. A very well known source of big data is the "Cookie" header which sometimes stores a lot of data. But also any other header field can be used to store additional data – there is no hard limit defined on how much data is allowed in a HTTP header. Or is there?

Each server application receiving and responding to HTTP requests has a default maximum size of the full HTTP header. Depending on the type of web or application server, these default values can differ and result in different behaviour when data is passed through multiple applications.

Updated comparison of max http header size

This list is based on the article Debugging a HTTP 400 Bad Request error and will be updated on a regular basis. It should serve as an up to date reference point to quickly look up the default values of maximum header size on different HTTP servers.

HTTP ServerSetting / Option nameDefault value
Apache 2.2LimitRequestFieldSize8190
Apache 2.4LimitRequestFieldSize8190
GolangMaxHeaderBytes (to override default)
DefaultMaxHeaderBytes (default)
none
1 << 20 // 1 MB
HAProxytune.bufsize / tune.maxrewrite16384 / half of bufsize
IIS 4.xMaxClientRequestBuffer2M
IIS 5.xMaxClientRequestBuffer128K
IIS 5.x /w Win 2k SP4MaxClientRequestBuffer16K
IIS 6.x and laterMaxRequestBytes16K
Lighttpdserver.max-request-field-sizenone
LiteSpeedmaxReqHeaderSize16380
Nginxlarge_client_header_buffers4 8k
Node.js < v13.13.0–max-http-header-size8KB
Node.js >= v13.13.0–max-http-header-size16KB
Tomcat 5.5maxHttpHeaderSize4096
Tomcat 6 and latermaxHttpHeaderSize8192
Varnishhttp_req_hdr_len8k
Wildfly 10 and latermax-header-size1048576
Claudio Kuenzler
Claudio has been writing way over 1000 articles on his own blog since 2008 already. He is fascinated by technology, especially Open Source Software. As a Senior Systems Engineer he has seen and solved a lot of problems - and writes about them.

Leave a reply

Your email address will not be published.

More in:Articles