diff --git a/libi2pd_client/I2PTunnel.cpp b/libi2pd_client/I2PTunnel.cpp
index 1213b439..12c6485f 100644
--- a/libi2pd_client/I2PTunnel.cpp
+++ b/libi2pd_client/I2PTunnel.cpp
@@ -321,8 +321,13 @@ namespace client
 				m_HeaderSent = true;
 				I2PTunnelConnection::Write ((uint8_t *)m_OutHeader.str ().c_str (), m_OutHeader.str ().length ());
 			}
-			else
+			else if (m_OutHeader.tellp () < I2P_TUNNEL_HTTP_MAX_HEADER_SIZE)
 				StreamReceive (); // read more header
+			else
+			{
+				LogPrint (eLogError, "I2PTunnel: HTTP header exceeds max size ", I2P_TUNNEL_HTTP_MAX_HEADER_SIZE);	
+				Terminate ();
+			}		
 		}
 	}
 
@@ -406,8 +411,13 @@ namespace client
 				m_HeaderSent = true;
 				I2PTunnelConnection::Write ((uint8_t *)m_OutHeader.str ().c_str (), m_OutHeader.str ().length ());
 			}
+			else if (m_OutHeader.tellp () < I2P_TUNNEL_HTTP_MAX_HEADER_SIZE)
+				StreamReceive (); // read more header
 			else
-				StreamReceive (); // read more header	
+			{
+				LogPrint (eLogError, "I2PTunnel: HTTP header exceeds max size ", I2P_TUNNEL_HTTP_MAX_HEADER_SIZE);	
+				Terminate ();
+			}
 		}
 	}
 
diff --git a/libi2pd_client/I2PTunnel.h b/libi2pd_client/I2PTunnel.h
index dfa23fb2..90c5864e 100644
--- a/libi2pd_client/I2PTunnel.h
+++ b/libi2pd_client/I2PTunnel.h
@@ -34,7 +34,8 @@ namespace client
 	const char X_I2P_DEST_HASH[] = "X-I2P-DestHash"; // hash in base64
 	const char X_I2P_DEST_B64[] = "X-I2P-DestB64"; // full address in base64
 	const char X_I2P_DEST_B32[] = "X-I2P-DestB32"; // .b32.i2p address
-
+	const int I2P_TUNNEL_HTTP_MAX_HEADER_SIZE = 8192;
+	
 	class I2PTunnelConnection: public I2PServiceHandler, public std::enable_shared_from_this<I2PTunnelConnection>
 	{
 		public: