header line too long

Q: How to fix Go http.ErrLineTooLong header line too long?

Return 431 on detection: Returning 431 Request Header Fields Too Large is the correct HTTP response for this condition.

Quick Answer

Reject the connection or return a 431 status; do not attempt to parse the oversized header.

What this means

Returned when an HTTP request or response contains a header line exceeding the server maximum allowed length. Often a sign of malformed or malicious input.

Why it happens

1Client sends an abnormally large cookie or custom header value
2Proxy forwarding accumulated headers that exceed the limit

Fix

Return 431 on detection

if errors.Is(err, http.ErrLineTooLong) {
    http.Error(w, "header too large", 431)
    return
}

Why this works

Returning 431 Request Header Fields Too Large is the correct HTTP response for this condition.

Code examples

Detect in handlergo

if errors.Is(err, http.ErrLineTooLong) {
    http.Error(w, "431", 431)
    return
}

Limit header sizego

srv := &http.Server{
    MaxHeaderBytes: 1 << 16,
}

Log and dropgo

if errors.Is(err, http.ErrLineTooLong) {
    log.Println("oversized header, dropping")
    return
}

Same error in other languages

431 Request Header Fields Too Largein HTTP→bufio.ErrTooLongin Go→

Sources

Official documentation ↗

Go standard library

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformGo Standard Library Errors

Codehttp.ErrLineTooLong

ClassHTTP

SeverityERROR

TierNotable