diff --git a/Cargo.lock b/Cargo.lock
index 03fa7c1750..5226e98cc7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2764,6 +2764,7 @@ dependencies = [
  "anyhow",
  "gasoline",
  "internal",
+ "reqwest",
  "rivet-api-builder",
  "rivet-api-types",
  "rivet-api-util",
diff --git a/packages/services/namespace/Cargo.toml b/packages/services/namespace/Cargo.toml
index dbeba660ce..984e61b0c5 100644
--- a/packages/services/namespace/Cargo.toml
+++ b/packages/services/namespace/Cargo.toml
@@ -9,9 +9,10 @@ edition.workspace = true
 anyhow.workspace = true
 gas.workspace = true
 internal.workspace = true
+reqwest.workspace = true
 rivet-api-builder.workspace = true
-rivet-api-util.workspace = true
 rivet-api-types.workspace = true
+rivet-api-util.workspace = true
 rivet-data.workspace = true
 rivet-error.workspace = true
 rivet-types.workspace = true
diff --git a/packages/services/namespace/src/ops/runner_config/upsert.rs b/packages/services/namespace/src/ops/runner_config/upsert.rs
index 8c52057f56..416796fc0e 100644
--- a/packages/services/namespace/src/ops/runner_config/upsert.rs
+++ b/packages/services/namespace/src/ops/runner_config/upsert.rs
@@ -41,6 +41,7 @@ pub async fn namespace_runner_config_upsert(ctx: &OperationCtx, input: &Input) -
 			match &input.config {
 				RunnerConfig::Serverless {
 					url,
+					headers,
 					slots_per_runner,
 					..
 				} => {
@@ -51,6 +52,35 @@ pub async fn namespace_runner_config_upsert(ctx: &OperationCtx, input: &Input) -
 						}));
 					}
 
+					if headers.len() > 16 {
+						return Ok(Err(errors::RunnerConfig::Invalid {
+							reason: "too many headers (max 16)".to_string(),
+						}));
+					}
+
+					for (n, v) in headers {
+						if n.len() > 128 {
+							return Ok(Err(errors::RunnerConfig::Invalid {
+								reason: format!("invalid header name: too long (max 128)"),
+							}));
+						}
+						if let Err(err) = n.parse::<reqwest::header::HeaderName>() {
+							return Ok(Err(errors::RunnerConfig::Invalid {
+								reason: format!("invalid header name: {err}"),
+							}));
+						}
+						if v.len() > 4096 {
+							return Ok(Err(errors::RunnerConfig::Invalid {
+								reason: format!("invalid header value: too long (max 4096)"),
+							}));
+						}
+						if let Err(err) = v.parse::<reqwest::header::HeaderValue>() {
+							return Ok(Err(errors::RunnerConfig::Invalid {
+								reason: format!("invalid header value: {err}"),
+							}));
+						}
+					}
+
 					// Validate slots per runner
 					if *slots_per_runner == 0 {
 						return Ok(Err(errors::RunnerConfig::Invalid {