diff --git a/src/internal/agent/http/server.go b/src/internal/agent/http/server.go
index 4087308d3a..86ff5e828f 100644
--- a/src/internal/agent/http/server.go
+++ b/src/internal/agent/http/server.go
@@ -7,6 +7,7 @@ package http
 import (
 	"fmt"
 	"net/http"
+	"time"
 
 	"github.com/defenseunicorns/zarf/src/internal/agent/hooks"
 	"github.com/defenseunicorns/zarf/src/pkg/message"
@@ -34,8 +35,9 @@ func NewAdmissionServer(port string) *http.Server {
 	mux.Handle("/metrics", promhttp.Handler())
 
 	return &http.Server{
-		Addr:    fmt.Sprintf(":%s", port),
-		Handler: mux,
+		Addr:              fmt.Sprintf(":%s", port),
+		Handler:           mux,
+		ReadHeaderTimeout: 5 * time.Second, // Set ReadHeaderTimeout to avoid Slowloris attacks
 	}
 }
 
@@ -49,8 +51,9 @@ func NewProxyServer(port string) *http.Server {
 	mux.Handle("/metrics", promhttp.Handler())
 
 	return &http.Server{
-		Addr:    fmt.Sprintf(":%s", port),
-		Handler: mux,
+		Addr:              fmt.Sprintf(":%s", port),
+		Handler:           mux,
+		ReadHeaderTimeout: 5 * time.Second, // Set ReadHeaderTimeout to avoid Slowloris attacks
 	}
 }