How do you avoid setting too much cookie data? Creating a proxy is pretty much the only instance where I can think this would be unavoidable - if you ever encounter the problem elsewhere it could just be bad design. Basically the problem is servers limit the amount of data that can be received in a request header (in Apache its the LimitRequestFieldSize option) - normally that's fine because you only need to store very little data in the cookies themselves. But if you create a proxy script, you need to send all cookies for all sites to the server hosting the script, and it can mount up. Then as soon as you hit the limit, you get a 400 Bad Request error. The only solution I can think of is to store the cookie data server-side and only send a cookie to the client to link them to their stored data. Either that or every time I set another cookie, check the size of cookies already set and start deleting until I get back under the limit. Browsers can do this a bit easier (as per the cookie spec) with a least recently used algorithm but if I implement that, I'm making the problem worse by trying to store even more data (last sent) for each cookie. Any other ideas? I'll probably end up using a combination of both and give a choice of storing data server-side in the installation. Maybe I'm missing something obvious here, since searching for a similar problem for other scripts "400 bad request with phproxy" gives no results..