diff --git a/docker/conf/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf b/docker/conf/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
index f2e9c3eec8772308091727aa240bd5c4fa0098c9..609a3083c8e2b88600d0607ee606e81a056a66e0 100644
--- a/docker/conf/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
+++ b/docker/conf/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
@@ -17,6 +17,10 @@ SecRuleRemoveById 950130
 SecRuleRemoveById 941160
 SecRuleRemoveById 941180
 
+# The Accept: charset check gets confused by some ActivityPub
+# headers (that specify a JSON-LD profile), just disable it.
+SecRuleRemoveById 920600
+
 # ModSec Rule Exclusion: 920273 : Invalid character in request (outside of very strict set)
 # ModSec Rule Exclusion: 942432 : Restricted SQL Character Anomaly Detection (args): 
 # number of special characters exceeded (2) (severity:  NONE/UNKOWN)