diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.attributes.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.attributes.ts
index d9cb8ee087231..43107e0799af6 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.attributes.ts
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.attributes.ts
@@ -45,6 +45,12 @@ new elbv2.ApplicationLoadBalancer(stack, 'Http2EnabledTrue', {
   http2Enabled: true,
 });
 
+new elbv2.ApplicationLoadBalancer(stack, 'DropInvalidHeaderFieldsFalse', {
+  vpc,
+  internetFacing: true,
+  dropInvalidHeaderFields: false,
+});
+
 new integ.IntegTest(app, 'Elbv2Test', {
   testCases: [stack],
 });
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.js.snapshot/aws-cdk-elbv2-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.js.snapshot/aws-cdk-elbv2-integ.template.json
index ed3d8e4d27818..ff0ca0543a9a9 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.js.snapshot/aws-cdk-elbv2-integ.template.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.js.snapshot/aws-cdk-elbv2-integ.template.json
@@ -398,6 +398,10 @@
      {
       "Key": "deletion_protection.enabled",
       "Value": "false"
+     },
+     {
+      "Key": "routing.http.drop_invalid_header_fields.enabled",
+      "Value": "false"
      }
     ],
     "Scheme": "internet-facing",
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.ts
index 5a02b26222393..1c7db0c84fbed 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.ts
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.ts
@@ -14,6 +14,7 @@ const vpc = new ec2.Vpc(stack, 'VPC', {
 const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', {
   vpc,
   internetFacing: true,
+  dropInvalidHeaderFields: false,
 });
 
 const listener = lb.addListener('Listener', {
diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts
index 7abc778ea2c42..472aca8de8b70 100644
--- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts
+++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts
@@ -221,7 +221,7 @@ export class ApplicationLoadBalancer extends BaseLoadBalancer implements IApplic
 
     if (props.http2Enabled !== undefined) { this.setAttribute('routing.http2.enabled', props.http2Enabled ? 'true' : 'false'); }
     if (props.idleTimeout !== undefined) { this.setAttribute('idle_timeout.timeout_seconds', props.idleTimeout.toSeconds().toString()); }
-    if (props.dropInvalidHeaderFields) { this.setAttribute('routing.http.drop_invalid_header_fields.enabled', 'true'); }
+    if (props.dropInvalidHeaderFields !== undefined) { this.setAttribute('routing.http.drop_invalid_header_fields.enabled', props.dropInvalidHeaderFields ? 'true' : 'false'); }
     if (props.desyncMitigationMode !== undefined) { this.setAttribute('routing.http.desync_mitigation_mode', props.desyncMitigationMode); }
     if (props.preserveHostHeader) { this.setAttribute('routing.http.preserve_host_header.enabled', 'true'); }
     if (props.xAmznTlsVersionAndCipherSuiteHeaders) { this.setAttribute('routing.http.x_amzn_tls_version_and_cipher_suite.enabled', 'true'); }
diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts
index de18e1d08881c..90b6b9aee9405 100644
--- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts
+++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts
@@ -1519,4 +1519,51 @@ describe('tests', () => {
       }).toThrow('dual-stack without public IPv4 address can only be used with internet-facing scheme.');
     });
   });
+
+  describe('Drop Invalid Header Fields', () => {
+    test.each([true, false])('sets dropInvalidHeaderFields to %s', (dropInvalidHeaderFields) => {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const vpc = new ec2.Vpc(stack, 'Stack');
+
+      // WHEN
+      new elbv2.ApplicationLoadBalancer(stack, 'LB', {
+        vpc,
+        dropInvalidHeaderFields,
+      });
+
+      // THEN
+      Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+        LoadBalancerAttributes: Match.arrayWith([
+          {
+            Key: 'routing.http.drop_invalid_header_fields.enabled',
+            Value: String(dropInvalidHeaderFields),
+          },
+        ]),
+      });
+    });
+
+    test('dropInvalidHeaderFields is not set when undefined', () => {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const vpc = new ec2.Vpc(stack, 'Stack');
+
+      // WHEN
+      new elbv2.ApplicationLoadBalancer(stack, 'LB', {
+        vpc,
+      });
+
+      // THEN
+      Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+        LoadBalancerAttributes: Match.not(
+          Match.arrayWith([
+            {
+              Key: 'routing.http.drop_invalid_header_fields.enabled',
+              Value: Match.anyValue(),
+            },
+          ]),
+        ),
+      });
+    });
+  });
 });