diff --git a/docs/modules/setup/pages/configuration.adoc b/docs/modules/setup/pages/configuration.adoc
index 9ade3259e..36d212e47 100644
--- a/docs/modules/setup/pages/configuration.adoc
+++ b/docs/modules/setup/pages/configuration.adoc
@@ -216,6 +216,10 @@ TIP: Keep in mind that browsers also have a URI limit on `![]()
` tags.
Most modern browsers https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers/417184#417184[support a URI length greater than 64000] on `![]()
` tags but this value is probably a bit excessive.
We recommend to use a maximum length that's not greater than 8192 and not greater than 5120 if you are supporting IE 11.
+== Max header size
+
+KROKI_MAX_HEADER_SIZE:: The maximum length of all headers. If the sum of the length of each header exceeds this value, 431 (Request Header Fields Too Large) response status code is sent. Defaults to 8192.
+
== Excalidraw static assets
By default, Excalidraw loads assets from a public CDN (https://unpkg.com).
diff --git a/server/src/main/java/io/kroki/server/Server.java b/server/src/main/java/io/kroki/server/Server.java
index 0b64e36f8..95761d6a7 100644
--- a/server/src/main/java/io/kroki/server/Server.java
+++ b/server/src/main/java/io/kroki/server/Server.java
@@ -59,7 +59,9 @@ public void start(Promise startPromise) {
static void start(Vertx vertx, VertxOptions vertxOptions, JsonObject config, Handler> listenHandler) {
HttpServerOptions serverOptions = new HttpServerOptions();
Optional maxUriLength = Optional.ofNullable(config.getInteger("KROKI_MAX_URI_LENGTH"));
+ Optional maxHeaderSize = Optional.ofNullable(config.getInteger("KROKI_MAX_HEADER_SIZE"));
maxUriLength.ifPresent(serverOptions::setMaxInitialLineLength);
+ maxHeaderSize.ifPresent(serverOptions::setMaxHeaderSize);
boolean enableSSL = config.getBoolean("KROKI_SSL", false);
serverOptions.setSsl(enableSSL);
setPemKeyCertOptions(config, serverOptions, enableSSL);