HTTP 430 Unassigned (Shopify)

Quick reference

Cookie accumulation on Shopify stores

Shopify stores use cookies heavily: session tokens, cart identifiers, CSRF tokens, A/B test assignments, app-specific state, consent preferences, and tracking cookies from embedded third-party SDKs. On each HTTP request the browser sends all matching cookies in a single Cookie header. As a user visits a store repeatedly, installs and tests apps, or browses with developer tools open, cookies accumulate.

When the total Cookie header for a Shopify store domain exceeds the server’s limit (typically around 8KB at the CDN or edge layer), Shopify returns 430 before the request reaches the application server. The user sees a generic error page. Because the cookies were set across many sessions and app interactions, the user has no obvious reason the site suddenly stopped working.

The 430 code predates or diverged from the standardized 431 (defined in RFC 6585, 2012). Shopify’s CDN layer may have implemented the limit before the standard was published, or independently chose a different code number.

Diagnosing 430 on Shopify

Confirm the cause before clearing cookies. In Chrome DevTools (Network tab), click on a failing request and check the Cookie request header. If it is several kilobytes long, cookie accumulation is the cause.

# Check Cookie header size in curl
curl -sv https://store.example.myshopify.com/ 2>&1 | grep -i '^> cookie'
# Then measure total header length:
curl -sv https://store.example.myshopify.com/ 2>&1 |   awk '/^> /{len += length($0)} END{print "Request header bytes:", len}'

Also check whether 430 occurs only for specific users (cookie accumulation) or all users (a new deployment added a large cookie to all responses). Systematic 430 across all sessions points to a newly added large cookie or a header size regression in a recent deployment.

Fixing 430 as a user

Clear cookies for the affected Shopify store domain:

Chrome: Settings → Privacy and security → Cookies and other site data → See all cookies and site data → search for the store domain → delete all cookies for that domain. Alternatively, open an incognito window (which starts with no cookies) and test from there to confirm cookie accumulation is the cause.

Firefox: Settings → Privacy & Security → Cookies and Site Data → Manage Data → search the store domain → Remove Selected.

Safari: Settings → Privacy → Manage Website Data → search the domain → Remove.

After clearing, the error should resolve immediately. If it recurs within a short time, the store is setting cookies without expiry or with excessive data, and the fix requires changes on the Shopify merchant or app developer side.

Fixing 430 as a Shopify developer or merchant

Audit cookie usage: Use DevTools or a cookie audit tool to inventory every cookie set by your Shopify theme and installed apps. Identify which cookies are large, which have no expiry, and which are set by third-party app scripts that may not be needed.

Set cookie expiry: Session cookies (no Max-Age or Expires) persist until the browser closes but accumulate within a session. Use explicit short-lived expiry for cookies that do not need to persist across visits.

Scope cookies correctly: A cookie with Domain=.myshopify.com is sent to every subdomain. Scope cookies to the minimum domain needed. App-specific state does not need domain-wide scope.

Consolidate app cookies: Each installed Shopify app may set its own cookies. If your store has many apps, each contributing one or two cookies, the total can add up. Review app cookie usage and remove apps that set persistent large cookies if not essential.

Use server-side session storage: Instead of encoding session state in multiple cookies, use a single small session ID cookie that maps to server-side storage (Shopify session API or external Redis). The browser sends one small identifier; the server handles all state retrieval.

Non-Shopify occurrences of 430

Outside of Shopify, 430 is an unassigned code that any application may use for its own purposes. Per RFC 9110, a client receiving an unrecognized 4xx code treats it as 400 Bad Request. The response body is the only reliable source of meaning. Check the body for an application-specific error message.

If you are a developer who needs to signal header-size errors, use the standardized 431 Request Header Fields Too Large instead of 430. Standard codes are understood by all HTTP tools, monitoring systems, and on-call engineers without custom documentation.

430 vs 431 vs 400

Frequently asked questions

What does HTTP 430 mean on Shopify?

On Shopify, 430 means the total size of the request’s Cookie header exceeded the server’s limit. Accumulated cookies from browsing the store, testing apps, or running theme development have grown too large. Clear cookies for the store domain to resolve it.

Is HTTP 430 a standard code?

No. 430 is unassigned in the IANA HTTP Status Code Registry. It has no standardized meaning. Shopify’s use of it for header size limits is a non-standard implementation that predates or diverged from the standardized 431.

Does 430 affect SEO?

If Googlebot is receiving 430 responses on a Shopify store, it would treat them as 400-class errors and potentially de-index affected pages. 430 errors on public-facing pages should be investigated and resolved. They are most likely to occur for logged-in users with accumulated cookies, not for crawlers (which typically start with no cookies).

What is the standard code for headers too large?

The standard code is 431 Request Header Fields Too Large, defined in RFC 6585 §3. Servers implementing this behavior correctly should return 431, not 430.

Related guides

HTTP 431 Request Header Fields Too Large · HTTP 400 Bad Request · HTTP 427 Unassigned

Standards reference

Definitions from the IANA HTTP Status Code Registry. Shopify-specific behavior documented from public Shopify developer resources. · HTTP 430 quick reference →