Lowering this limit can reject oversized request headers, but values that are too low can break clients that send larger cookies or authorization headers.