{"section":"troubleshooting","requestedLocale":"en","requestedSlug":"removing-error-message-request-headers-must-only-contain-ascii","locale":"en","slug":"removing-error-message-request-headers-must-only-contain-ascii","path":"docs/en/troubleshooting/data-access-and-security/removing-error-message-request-headers-must-only-contain-ascii.md","branch":"main","content":"The message \"__Request headers must contain only ASCII characters__\" can be displayed in the user's browser when they navigate the store and try to access a new page or perform an action on the site, such as adding items to the shopping cart.\n\nThis scenario occurs if the requested page or feature contains a cookie with special characters (non-ASCII).\n\n![ascii_1](https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/troubleshooting/data-access-and-security/removing-error-message-request-headers-must-only-contain-ascii_1.png)\n\nPer [IETF](https://www.ietf.org/) (Internet Engineering Task Force) standards, the institution that documents the standards used on the internet, cookies should not contain special characters (non-ASCII). For more information on the characters accepted in cookies and headers, see [IETF - Request for Comments 7230 - Section 3.2.6 - Field Value Components](https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6).\n\n## Solutions\n\nTo remove the error message and allow the page or feature to be accessed again, you need to do the following:\n\n- [Identify cookies with special characters](#identifying-cookies-with-special-characters)\n- [Disable cookies with special characters](#disabling-cookies-with-special-characters)\n- [Creating a script to remove cookies](#creating-a-script-to-remove-cookies)\n\n### Identifying cookies with special characters\n\nOn the page where the message \"__Request headers must contain only ASCII characters__\" is displayed, follow the steps below to identify which cookie contains special characters:\n\n1. Access [DevTools](/en/docs/tutorials/products-and-skus) in your browser by pressing **F12** or by right-clicking and choosing the **Inspect** option.\n\n  2. In the top bar of the screen, go to the **Network** tab and sort the requests by clicking **Status**. The **400** information in the status indicates that a request has not been processed correctly, and there may be incorrect cookies among the possible errors.\n\n![ascii 2](https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/troubleshooting/data-access-and-security/removing-error-message-request-headers-must-only-contain-ascii_2.png)\n\n3. Click a request and then the **Preview** tab to identify whether the error found refers to the message \"**Request headers must contain only ASCII characters**\".\n\n![ascii 3](https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/troubleshooting/data-access-and-security/removing-error-message-request-headers-must-only-contain-ascii_3.png)\n\n4. Click the **Headers** tab and copy the cookie details.\n\n![ascii 4](https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/troubleshooting/data-access-and-security/removing-error-message-request-headers-must-only-contain-ascii_4.png)\n\n5. Go to [online ASCII character validator](https://pages.cs.wisc.edu/~markm/ascii.html) and enter the cookie information. If one or more special characters are identified, the types and positions will be displayed at the bottom of the character validator.\n\n![ascii 5](https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/troubleshooting/data-access-and-security/removing-error-message-request-headers-must-only-contain-ascii_5.png)\n\n6. Repeat steps 3 to 5 with all the requests that have errors to identify which of them contain cookies with special characters.\n\n### Disabling cookies with special characters\n\nOnce cookies containing special characters have been identified, their origin must be verified so that they can be removed from the page. The most common sources of incorrect cookies are:\n\n- [UTMs](/en/docs/tutorials/what-are-the-internal-utms) created in your store or in advertising campaigns on Google, Meta, or others with special characters. Example of UTM used on a holiday date in Spanish: `www.site.com?utm_source=mothers-day`.\n- Custom Javascript, where frontend implementations are used to store data or other types of functions, may contain special characters.\n- Scripts from partner clients that create cookies with special characters.\n\nOnce you have located the source of the cookie, carry out the necessary procedures to remove it from the page or ask the partner client to stop sending the cookie to your store.\n\n### Creating a script to remove cookies\n\nWhen you remove the cookie with special characters, the page or feature should go back to normal, and the message \"__Request headers must contain only ASCII characters__\" will no longer be displayed. However, this will only work for new users, i.e., customers who have not accessed the page when the incorrect cookie was enabled.\n\nUsers who visited the page or feature while the incorrect cookie was enabled will continue to see the error message \"Request headers must contain only ASCII characters\" in their browser. This is because the cookie has been stored in the user's browser cache.\n\nTo solve this problem and allow all users to have the correct access to the store, you must create a script on the page to be executed in the user's browser (client-side) to expire the incorrect cookie.\n\nThe script must set the cookie to expire on an old date (a date before the script was created). See the example below:\n\n`document.cookie = \"cookiename= ; expires = Thu, 01 Jan 1970 00:00:00 GMT\"`\n\nIf you want, you can also include the following functions in the script:\n- Intercept cookie values upon page request\n- Validate ASCII characters in cookies\n- Automatically expire cookies containing special characters\n- Trigger page reload using the function `window.location.reload()`\n\n> ⚠️ Deleting cookies via script is not a permanent solution. As described in the **Disabling cookies with special characters** section, you must identify the source and stop sending cookies with special characters."}