> Also, what a potential test scenario would look like. We saw “WARN HttpParser - Header is too large 8193>8192” in our log file and we would like to control it.
Before you go and make the header larger, know that there is a global probe of systems for vulnerabilities with large headers.
We, Jetty, have a CVE filed for it at CVE-2019-17638
Your version, 9.4.20, is not vulnerable to that header size issue, but it is subject to other security issues, see security-reports link, familiarize yourself with your 9.4.20 scoped security issues at a minimum.
If you want to configure for larger headers at the server side simply to eliminate that warning, know that it will still be there, the vulnerability probes will just keep increasing their header sizes until it triggers a different kind of response. You will continue to get these warnings.
No legitimate (and bug free) client will send headers that large.
Most modern browsers will even fail the request at the browser side before even attempting to send the request with headers that large, as they have internal limits (on overall header table size, individual header size, overall URL size, etc)