Menu
I have a web application that adds contextual information to XmlHttpRequest objects using the setRequestHeader API. I am using a custom header name (e.g. X-Foo) and a JSON structured value. It isn't part of the URL QueryString or POST body because it is meta information about the request.
Is there a practical size limit to the header value? If my JSON gets truncated, it becomes unparseable. I am most concerned with limits in Apache 2, Tomcat 6 and IIS 7. I did a Google search for http header length limit, but many of the results seem dated. There are some relevant comments in How big can a user agent string get? but not as specific as I would like.
Edit: I just ran across this similar question - Maximum on http header values?
555
No, HTTP does not define any limit. However most web servers do limit size of headers they accept. For example in Apache default limit is 8KB, in IIS it's 16K. Server will return 413 Entity Too Large error if headers size exceeds that limit.
Chosen solution This issues is usually caused by a corrupted cookie that is too long. Clear the Cache and remove the Cookies for websites that cause problems via the "3-bar" Firefox menu button (Options/Preferences). If clearing cookies didn't help then it is possible that the cookies.
No, you shouldn't, and it's just plain invalid. field-name cannot have spaces. In Connection : close \r\n , the field-name is Connection , which is invalid.
Change HTTP header size Next, open a terminal and navigate to the directory where code for our server is saved. In the terminal type node --max-http-header-size=1024 server. js . If you now open URL http://127.0.0.1:9000 in browser, you should see updated value of HTTP headers size.
Although each web server software has some limitations, there is a difference whether there’s a limit for the HTTP request line plus header fields or for each header field.
Here’s a summary:
So to conclude: To be accepted by all web servers above, a request’s request line plus header fields should not exceed 8190 Bytes. This is also the limit for each header fields (effectively even less).
181
Yes, but the limits are configurable and dependent on platform. For example, Tomcat has a default limit of 8K. I believe that IIS 6, not sure about IIS 7, has a limit of 16K. I ran into this when using integrated windows authentication for several web sites. Turns out my security token was too large when encoded into the header. Fortunately, these are configurable. Registry settings for IIS can be found at http://support.microsoft.com/kb/820129. I believe the key settings to change are MaxFieldLength (per header size) and MaxRequestBytes (total size of request).
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
