Skip to contentSkip to navigationSkip to topbar
On this page

Limitations



Headers

headers page anchor

Restricted headers

restricted-headers page anchor

The following headers are not accessible within a Function. Avoid developing any code that depends on these headers or their variants.

Header Name
Connection Proxy-Connection
Expect
Host
Proxy-Authorization Proxy-Authenticate
Referer
Trailer
Transfer-Encoding
Upgrade
Via
X-Accel-*
X-Forwarded-* X-Real-IP

You cannot interact with the pre-flight OPTIONS request(link takes you to an external page) that is sent by browsers. The Runtime client will automatically respond to OPTIONS requests with Access-Control-Allow-Headers: *, and pass along all included request headers to the targeted Function (unless they are in the exclusions list above). In addition, the Runtime client allows all origins by returning Access-Control-Allow-Origin: *.

Headers and cookies in both incoming requests and outgoing responses are subject to these limits:

  • Max header size: 15kb (including cookies)
  • Max header count: 90 (including cookies)

If either of these limits is exceeded, your Function will throw a 431 error. The error will include the message Request headers or cookies too long if the limits are exceeded by a request, or Response headers or cookies too long if you've constructed a response that exceeds these limits.

This will also generate a Twilio Error 82008.


  • Runtime automatically adds the HttpOnly and Secure attributes to your cookies by default, unless you manually set those values.
  • You cannot manually set the value of the Domain attribute on a cookie. The value will be removed and set to the domain of the Function creating the response.
  • If you do not set a Max-Age or Expires on a cookie, it will be considered a Session cookie(link takes you to an external page) .
  • If you set both Max-Age and Expires on a cookie, Max-Age takes precedence.
  • If you set the Max-Age or Expires of a cookie to greater than 24 hours, your Function will return a 400 error with the message Cookies max-age cannot be greater than a day .

Need some help?

Terms of service

Copyright © 2024 Twilio Inc.