Starting today, AWS WAF supports inspecting up to 64KB of the body of incoming HTTP/S requests, for Amazon API Gateway, Cognito user pools, App Runner and AWS Verified Access regional resources. For the resources where this new maximum applies, the default inspection size has also changed from 8KB to 16KB. This new default will be applied to all new and existing WAF web access control lists, without additional charges.
Source:: Amazon AWS