diff --git a/packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts b/packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts
index 17e7894e6e84e..1bd4fde321080 100644
--- a/packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts
+++ b/packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts
@@ -184,9 +184,6 @@ export class OriginRequestHeaderBehavior {
     if (headers.length === 0) {
       throw new Error('At least one header to allow must be provided');
     }
-    if (headers.length > 10) {
-      throw new Error(`Maximum allowed headers in Origin Request Policy is 10; got ${headers.length}.`);
-    }
     if (/Authorization/i.test(headers.join('|')) || /Accept-Encoding/i.test(headers.join('|'))) {
       throw new Error('you cannot pass `Authorization` or `Accept-Encoding` as header values; use a CachePolicy to forward these headers instead');
     }
diff --git a/packages/@aws-cdk/aws-cloudfront/test/origin-request-policy.test.ts b/packages/@aws-cdk/aws-cloudfront/test/origin-request-policy.test.ts
index b342ac434e48e..f2f65107c180a 100644
--- a/packages/@aws-cdk/aws-cloudfront/test/origin-request-policy.test.ts
+++ b/packages/@aws-cdk/aws-cloudfront/test/origin-request-policy.test.ts
@@ -89,17 +89,6 @@ describe('OriginRequestPolicy', () => {
     expect(() => new OriginRequestPolicy(stack, 'OriginRequestPolicy7', { headerBehavior: OriginRequestHeaderBehavior.allowList('Foo', 'Bar') })).not.toThrow();
   });
 
-  test('throws if more than 10 OriginRequestHeaderBehavior headers are being passed', () => {
-    const errorMessage = /Maximum allowed headers in Origin Request Policy is 10; got (.*?)/;
-    expect(() => new OriginRequestPolicy(stack, 'OriginRequestPolicy1', {
-      headerBehavior: OriginRequestHeaderBehavior.allowList('Lorem', 'ipsum', 'dolor', 'sit', 'amet', 'consectetur', 'adipiscing', 'elit', 'sed', 'do', 'eiusmod'),
-    })).toThrow(errorMessage);
-
-    expect(() => new OriginRequestPolicy(stack, 'OriginRequestPolicy2', {
-      headerBehavior: OriginRequestHeaderBehavior.allowList('Lorem', 'ipsum', 'dolor', 'sit', 'amet', 'consectetur', 'adipiscing', 'elit', 'sed', 'do'),
-    })).not.toThrow();
-  });
-
   test('does not throw if originRequestPolicyName is a token', () => {
     expect(() => new OriginRequestPolicy(stack, 'CachePolicy', {
       originRequestPolicyName: Aws.STACK_NAME,