Request Header or Cookie Too Large

Problem statement

When calling the “/userinfo” endpoint, it returns a "Request Header or Cookie Too Large" error.


  • Error Message: Request Header or Cookie Too Large
  • Error seems to be returned from Nginx


  • Auth0 has a hard limit on the header size (8k), and if the header size exceeds that limit, you will see an error returned from Nginx (reverse proxy software Auth0 uses for its APIs) saying “Request Header or Cookie Too Large”.


Having an Access Token with too many scopes can bloat the size of the Access Token. However, there can be several other cases that can cause this error.

  1. Cookie size in the Request Header.
  2. You are using a Custom Domain with a Reverse Proxy that’s adding additional cookies to the Request Header.

There are also some cases where this error can be reproduced in Postman. Postman adds a cookie to the request headers, and it’s not possible to remove that cookie from the request.

The solution to this issue is to reduce the size of request headers. Ideally, removing any unnecessary cookies and request headers will help fix the issue.