Xero Error Guide
How to Fix Xero Error 400 Bad Request
Xero stopped loading or connecting and displayed one of these messages:
"Bad Request - Request Too Long. HTTP Error 400. The size of the request headers is too long."
"400 Bad Request. Bad Request - Invalid URL"
"400 Bad Request. Request Header Or Cookie Too Large"
At QuickFix Bookkeeping, the most common Xero 400 is the "request too long / header too large" variant — and it is always a browser issue, never a Xero account problem. Clearing cookies and site data resolves it in under 2 minutes.
The QuickFix Bookkeeping Distinction
Xero 400 has two completely different audiences — end users and developers. The fix is entirely different for each. This page is for Xero users who see 400 in their browser.
You're a Xero USER
Error appears in your browser when trying to log in, open Xero, or use a Xero feature.
Cause: browser has accumulated too many cookies or corrupted session data. Fix: clear cookies for xero.com — takes 2 minutes.
You're a DEVELOPER
Error appears in API responses when your code calls Xero's API endpoints.
Cause: invalid request data, validation failure, or malformed request body. Fix: read the error detail in the response body — it tells you exactly what field failed.
Why the "request too long" variant happens: Every time you visit a website, your browser stores cookies — small data files that track your session and preferences. Over time, browsers accumulate a large number of cookies for xero.com (login tokens, session data, feature flags). When the total size of all these cookies exceeds what Xero's servers accept in a single request header, the server rejects the request entirely with "400 Bad Request — request too long." Clearing the xero.com cookies removes the bloated header and the error disappears immediately.
What Is Xero Error 400?
Error code
400
HTTP · Bad Request
Related: 401 · 403 · 404 · 500
What it means
HTTP 400 "Bad Request" is a standard web error code meaning the server received a request it could not understand or process. For Xero users, the most common cause is the browser sending too much cookie data with each request — Xero's servers have a size limit on request headers, and when your accumulated cookies exceed it, every request is rejected. For Xero integration developers, 400 means the API received invalid, malformed, or incomplete data in the request body.
Your Xero data is safe. A 400 error is a connection/browser issue — your accounts, invoices, and financial data are completely unaffected.
What Causes Xero Error 400?
🍪
Accumulated Browser Cookies
Primary cause for end users — years of Xero cookies have accumulated in your browser and the combined size now exceeds what Xero's server accepts. This is the "request too long / header too large" variant. Affects long-term Xero users more than new ones.
🔗
Corrupt or Expired Session
A Xero login session token has corrupted or expired and your browser keeps sending it. The server rejects the malformed session token with 400. Clearing cookies forces a fresh session to be created.
🔌
Browser Extension Interference
Certain browser extensions (ad blockers, VPNs, cookie managers) modify or add headers to outbound requests. If an extension adds data that pushes the request header size over Xero's limit, 400 results — even if your own cookies are clean.
📡
Corporate Proxy Modification
Corporate network proxies sometimes inject additional headers into all outgoing requests. If your workplace proxy adds identification or authentication headers, these combine with your Xero cookies and push the total size over the server's limit.
📋
Bookmarked Expired URL
Accessing Xero via an old bookmarked URL that contains an expired session token or organisation reference in the query string. Xero rejects the malformed URL with 400. Navigate to xero.com directly rather than using old bookmarks.
⚙️
Integration Sending Invalid Data
A connected app (accounting integration, bank feed, add-on) is sending malformed data to Xero's API. The 400 appears when Xero rejects the invalid data from the app. Disconnect the app and test Xero directly to confirm this is the cause.
How to Fix Xero Error 400 — Step by Step
Start with Method 1 — the incognito test confirms whether this is a browser/cookie issue in 30 seconds before you spend time clearing anything.
METHOD 1
Test in Incognito / Private Window First
30-second diagnostic — do this first
Incognito/private windows start with zero cookies and no extensions active. If Xero loads normally in incognito but not your regular browser — the issue is your browser's stored cookies or an extension. This confirms you need Method 2 (clear cookies) rather than wasting time on other fixes.
1
Chrome: Ctrl+Shift+N (Windows) or Cmd+Shift+N (Mac) | Safari: Cmd+Shift+N | Firefox: Ctrl+Shift+P
2
Navigate to xero.com and try to log in.
3
Xero loads in incognito? → Go to Method 2 (clear cookies). Still 400 in incognito? → The issue is not your browser — go to Method 4 (extensions and network).
METHOD 2
Clear Xero Cookies and Site Data
Resolves "request too long" variant — 2 minutes
Clear cookies specifically for xero.com — not your entire browser history. Clearing only the Xero site data removes the bloated cookie header without affecting your other saved passwords and browsing data.
Chrome:
1
Go to chrome://settings/cookies → search for xero.com → click the trash icon next to xero.com to delete all cookies for that site. Restart Chrome and try Xero again.
Safari (Mac):
1
Safari menu → Settings → Privacy → Manage Website Data. Search for xero → select all xero.com entries → Remove. Restart Safari.
Firefox:
1
about:preferences#privacy → Cookies and Site Data → Manage Data → search xero.com → Remove Selected. Restart Firefox.
QuickFix tip: Clear cookies for both xero.com and login.xero.com — Xero uses both domains for authentication and cookies on either can cause the "request too long" error. Clearing only xero.com while login.xero.com cookies remain bloated may not fully resolve the issue.
METHOD 3
Try a Different Browser
Immediate workaround while fixing the main browser
If you need to access Xero immediately, open a browser you don't normally use for Xero — it will have zero Xero cookies. Use this to keep working while you address the cookie issue in your main browser.
1
If you normally use Chrome — try Firefox, Edge, or Safari. Navigate directly to xero.com and log in. Once Xero loads, go back and clear cookies in your main browser using Method 2.
METHOD 4
Disable Browser Extensions and Check Corporate Network
If 400 persists in incognito or after clearing cookies
If Xero still returns 400 in incognito mode (where cookies are clean), or immediately after clearing cookies, the issue is external to your browser — either a browser extension injecting headers, or a corporate proxy adding headers to outbound requests.
1
Disable all extensions: Chrome → Extensions menu → toggle off all extensions. Try Xero. If it works — re-enable extensions one at a time to identify the culprit. Common offenders: VPN extensions, cookie managers, ad blockers.
2
Corporate network test: Try accessing Xero on your phone using mobile data (not the office WiFi). If Xero works on mobile data but not the office network — the corporate proxy is injecting headers and your IT team needs to whitelist xero.com from header injection.
METHOD 5
Contact Xero Support — Platform Issue
If all browsers and devices show 400
In rare cases, a 400 that appears on all browsers and all devices simultaneously indicates a Xero platform issue — either with your specific organisation or a broader Xero service incident. Check Xero's status page before contacting support.
1
Check status.xero.com for any active incidents or maintenance affecting your region.
2
If no incident is reported, contact Xero Support via the Help menu inside Xero (or xero.com/contact-xero-support). Provide the exact error message text and the time it started — this helps Xero identify whether it is account-specific.
Quick Reference — Match Your Situation to the Fix
| Your situation |
Most likely cause |
Start with |
| "Request too long / header too large" message |
Accumulated browser cookies |
Method 2 — clear Xero cookies |
| Works in incognito but not regular browser |
Cookies or extension issue |
Method 2 — clear cookies confirmed |
| Need access now while fixing the browser |
Browser-specific issue |
Method 3 — different browser now |
| Still 400 after clearing cookies |
Extension or corporate proxy |
Method 4 — disable extensions / test mobile data |
| 400 on all browsers and all devices |
Platform issue or account problem |
Method 5 — check status.xero.com |
Frequently Asked Questions
Why does clearing cookies fix the "request too long" error?
Every HTTP request your browser sends to xero.com includes all cookies stored for that domain in the request header. Xero's web servers have a maximum size limit for incoming request headers — typically around 8KB. Over months or years of use, your browser accumulates dozens of Xero cookies: login tokens, session identifiers, feature flags, A/B test assignments, and preference cookies. When the combined size of all these cookies exceeds the server's limit, the server refuses to process the request and returns "400 Bad Request — request too long." Clearing the cookies reduces the header size back below the limit and Xero accepts the requests normally.
Will clearing cookies log me out of Xero?
Yes — clearing cookies for xero.com will log you out of your Xero session. You will need to log in again with your email and password (or via your SSO provider if your organisation uses single sign-on). Your Xero data, settings, and financial records are stored on Xero's servers, not in your browser — they are completely unaffected by clearing cookies. Only your browser session is ended. If you use a password manager, your login credentials are safely stored there and will not be affected.
How is Xero 400 different from Xero 401?
Both are HTTP error codes that appear in Xero but they represent different problems. Error 400 means the request itself is malformed or too large — the server cannot process it regardless of who is asking. Error 401 means the request is fine but you are not authenticated — you need to log in or your access token has expired. The fix for 400 is clearing browser data or fixing the request format. The fix for 401 is re-authenticating with valid credentials or refreshing your OAuth token.
Related Xero Errors
Xero Issues Affecting Your Books?
Can't Get Xero Working?
Let QuickFix Bookkeeping Help.
Certified Xero Advisors · Xero Setup and Migration Specialists
Whether you need help with Xero errors, Xero setup, or migrating from Xero to QuickBooks — our certified Xero Advisors at QuickFix Bookkeeping provide expert guidance and hands-on support.
Book a Free 30-Minute Consultation
No obligation. Same-day response.
