diff --git a/common/config.py b/common/config.py
index 0ab8134d8..d12c6d95c 100644
--- a/common/config.py
+++ b/common/config.py
@@ -151,6 +151,9 @@ def __init__(self):
         # Grouper
         self.grouper_messages_timeout_sec = int(os.getenv("GROUPER_MESSAGES_TIMEOUT_SECS", "10"))
 
+        # Manager
+        self.maximum_page_size = int(os.getenv("MAXIMUM_PAGE_SIZE", "100"))
+
         # Cluster job
         self.cluster_system_vulnerabilities = strtobool(os.getenv("CLUSTER_SYSTEM_VULNERABILITIES", "TRUE"))
         self.cluster_system_vulnerable_package = strtobool(os.getenv("CLUSTER_SYSTEM_VULNERABLE_PACKAGE", "TRUE"))
diff --git a/conf/manager.env b/conf/manager.env
index ff815e346..3d334639e 100644
--- a/conf/manager.env
+++ b/conf/manager.env
@@ -3,3 +3,4 @@ POSTGRES_PASSWORD=ve_db_user_manager_pwd
 DISABLE_RBAC=FALSE
 GRANULAR_RBAC=FALSE
 MAX_REQUEST_SIZE_MB=2
+MAXIMUM_PAGE_SIZE=1000
diff --git a/deploy/clowdapp.yaml b/deploy/clowdapp.yaml
index b4e7bb092..f3a08cbd2 100644
--- a/deploy/clowdapp.yaml
+++ b/deploy/clowdapp.yaml
@@ -100,6 +100,8 @@ objects:
           value: ${GRANULAR_RBAC}
         - name: UNLEASH_BOOTSTRAP_FILE
           value: ${UNLEASH_BOOTSTRAP_FILE}
+        - name: MAXIMUM_PAGE_SIZE
+          value: ${MAXIMUM_PAGE_SIZE}
         resources:
           limits:
             cpu: ${{CPU_LIMIT_MANAGER}}
@@ -1058,3 +1060,5 @@ parameters:
   value: "RHEL"
 - name: UNLEASH_BOOTSTRAP_FILE
   value: ''
+- name: MAXIMUM_PAGE_SIZE
+  value: "100"
diff --git a/manager/base.py b/manager/base.py
index 4a234e270..67c23cb4c 100644
--- a/manager/base.py
+++ b/manager/base.py
@@ -274,7 +274,10 @@ def _parse_list_arguments(cls, kwargs):
 
         data_format = kwargs.get("data_format", "json")
         if data_format not in ["json", "csv"]:
-            raise InvalidArgumentException("Invalid data format: %s" % kwargs.get("data_format", None))
+            raise InvalidArgumentException(f"Invalid data format: {kwargs.get('data_format', None)}")
+
+        if limit > CFG.maximum_page_size and UI_REFERER not in connexion.request.headers.get("referer", ""):
+            raise InvalidArgumentException(f"Page limit of size: {limit} is too high, maximum is {CFG.maximum_page_size}")
 
         return {
             "filter": remove_str_nulls(kwargs.get("filter", None)),