Expand Authors Top

If you have a few years of experience in the Java ecosystem and you’d like to share that with the community, have a look at our Contribution Guidelines.

Expanded Audience – Frontegg – Security (partner)
announcement - icon User management is very complex, when implemented properly. No surprise here.

Not having to roll all of that out manually, but instead integrating a mature, fully-fledged solution - yeah, that makes a lot of sense.
That's basically what Frontegg is - User Management for your application. It's focused on making your app scalable, secure and enjoyable for your users.
From signup to authentication, it supports simple scenarios all the way to complex and custom application logic.

Have a look:

>> Elegant User Management, Tailor-made for B2B SaaS

November Discount Launch 2022 – Top
We’re finally running a Black Friday launch. All Courses are 30% off until tomorrow:


November Discount Launch 2022 – TEMP TOP (NPI)
We’re finally running a Black Friday launch. All Courses are 30% off until tomorrow:


1. Overview

Spring Boot web applications include a pre-configured, embedded web server by default. In some situations, though, we'd like to modify the default configuration to meet custom requirements.

In this tutorial, we’ll see how to set and use the max-http-header-size property for request headers in the application.properties file in a Spring Boot 2.x application.

2. Max-HTTP-Header-Size

Spring Boot supports Tomcat, Undertow, and Jetty as embedded servers. In general, we write the server configurations inside the application.properties file or application.yaml file in a Spring Boot application.

Most web servers have their own set of size limits for HTTP request headers. The HTTP header values are restricted by server implementations. In a Spring Boot application, the max HTTP header size is configured using server.max-http-header-size.

The actual default value for Tomcat and Jetty is 8kB, and the default value for Undertow is 1MB.

To modify the max HTTP header size, we'll add the property to our application.properties file:


Likewise for the application.yaml format:

    max-http-header-size: 20000

From Spring Boot 2.1, we'll now use a DataSize parsable value:


3. Request Header Is Too Large

Suppose a request is sent where the total HTTP header size is larger than the max-http-header-size value. The server rejects the request with a “400 Bad request” error. We'll see this error in our log file in the next example.

Let's create a controller which has a header property called token:

@RequestMapping(value = "/request-header-test")
public class MaxHttpHeaderSizeController {
    public boolean testMaxHTTPHeaderSize(@RequestHeader(value = "token") String token) {
	return true;

Next, let's add some properties to our application.properties file:

## Server connections configuration

When we pass a String value that has a size greater than 8kb in the token, we'll get the 400 error as below:

400 for max-http-header-size

And in the log, we see the below error:

19:41:50.757 [http-nio-8080-exec-7] INFO  o.a.coyote.http11.Http11Processor - Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Request header is too large

4. Solution

We can increase the value of the max-http-header-size property in our application.properties file as per our requirements.

In the above program, we can upgrade its value from the default 8kb to 40KB, which will resolve the problem.


Now, the server will process the request and send back a 200 response as below:


Hence, whenever the header size exceeds the default values listed by the server, we'll see the server returns a 400-Bad Request with an error “request header is too large”. We have to override the max-http-header-size value in the application configuration file to match the request header length, as we see in the above example.

In general, a request header might become too large when for example, the token used is very long due to encryption.

5. Conclusion

In this tutorial, we've learned how to use the max-http-header-size property in the application configuration files of our Spring Boot application.

Then, we saw what happens when we pass a request header exceeding this size and how to increase the size of max-http-header-size in our application.properties.

As always, the source code for these examples is available over on GitHub.

November Discount Launch 2022 – Bottom
We’re finally running a Black Friday launch. All Courses are 30% off until tomorrow:


Generic footer banner
Comments are closed on this article!