diff --git a/readme.md b/readme.md
index 3ee5b97..72ca9d7 100644
--- a/readme.md
+++ b/readme.md
@@ -34,6 +34,9 @@ It works with different HTTP servers:
 
 By default you can access your metrics on this endpoint: http://localhost:9350/metrics
 
+In order to handle remote attack and to avoid high cardinality, the default behavior of this lib is to
+override the `path` label in case of HTTP code 404.
+
 # Installation
 
 ```console
diff --git a/src/http_hook.js b/src/http_hook.js
index 2091334..4ccda64 100644
--- a/src/http_hook.js
+++ b/src/http_hook.js
@@ -41,6 +41,10 @@ const init = function (client, config) {
                     status: res.statusCode
                 }
 
+                if (res.statusCode === 404) {
+                    labels.route = '/404' // avoid high cardinality in case of remote attack
+                }
+
                 const spanContext = opentelemetry.trace.getSpanContext(opentelemetry.context.active())
                 const traceId = spanContext && spanContext.traceId
                 exemplarLabels.traceID = traceId
diff --git a/tests/http.test.js b/tests/http.test.js
index d550074..b7312fb 100644
--- a/tests/http.test.js
+++ b/tests/http.test.js
@@ -55,6 +55,16 @@ describe('retry', () => {
         expect(data.indexOf('http_request_duration_seconds_count{method="GET",route="/test/1234",status="200"} 20') > -1).toEqual(true)
     })
 
+    it('should handle 404', async () => {
+        try {
+            await httpRequest('http://localhost:3000/unknown')
+        } catch (err) {
+            expect(err.message).toEqual('statusCode=404')
+            const data = await httpRequest('http://localhost:9350/metrics')
+            expect(data.indexOf('http_request_duration_seconds_count{method="GET",route="/404",status="404"}') > -1).toEqual(true)
+        }
+    })
+
     it('should return 404', async () => {
         try {
             await httpRequest('http://localhost:9350/unknown')