Request Header Fields Too Large (Shopify) / Security Rejection
Production Risk
Low — only encountered when making requests to Shopify-hosted stores at high volume.
430 is used by Shopify to indicate that the request has been rejected by their security layer, typically due to suspicious request patterns, WAF rules, or bot detection. It is distinct from the standard 431 (Request Header Fields Too Large).
- 1Shopify's WAF or bot-detection system flagged the request as suspicious.
- 2The request was made by an automated tool or scraper that triggered security rules.
- 3An unusually large number of requests from the same IP within a short period.
- 4The request contained headers or a user agent pattern associated with malicious bots.
Automated requests or scripts hitting Shopify storefronts at high frequency.
GET /products.json HTTP/1.1 Host: mystore.myshopify.com User-Agent: python-requests/2.28.0 # High-frequency automated request
expected output
HTTP/1.1 430 Request Header Fields Too Large
Fix
Slow down request rate and use a browser-like User-Agent
WHEN Legitimate automation is being blocked.
# Add delays and a realistic User-Agent
import time
headers = {'User-Agent': 'Mozilla/5.0 ...'}
time.sleep(2) # between requestsWhy this works
Reduces the signal patterns that trigger Shopify's security rules.
✕ Do not scrape Shopify storefronts with automated tools without using their API
Use the Shopify Storefront API or Admin API instead — they provide authorised programmatic access.
Specific to Shopify's infrastructure. Not a standard IETF code.
Shopify platform (unofficial status code)
https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#430 ↗Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev