HTTP status codes / 4xx — Client errors
Headers (often cookies) exceed server limits.
One header or the header block as a whole is too big. In browsers the culprit is almost always an accumulation of cookies; in APIs, oversized JWTs or debug headers.
Clear cookies for the domain / shrink the JWT (drop custom claims) — and check proxy header-size limits if you control the server.
Server-side note: Shrink the token (drop custom claims) or raise proxy header limits (nginx large_client_header_buffers).
The fastest way to pin down a 431 is to reproduce the exact request and inspect what actually went over the wire — status, headers, timing and body, without your app code in the way. That is what an API client is for; ReqPad does it from your phone, with every request saved to history.
400 Bad Request · 401 Unauthorized · 402 Payment Required · 403 Forbidden · 404 Not Found · 405 Method Not Allowed — or the full reference.
Build the request, send it, read status + headers + timing — on your iPhone. Free to start.