diff --git a/rust/src/http2/detect.rs b/rust/src/http2/detect.rs
index 0f32b8cb13..d24d0c490b 100644
--- a/rust/src/http2/detect.rs
+++ b/rust/src/http2/detect.rs
@@ -857,8 +857,10 @@ pub unsafe extern "C" fn SCHttp2TxGetHeaders(
 #[no_mangle]
 pub unsafe extern "C" fn SCHttp2TxGetHeadersRaw(
     tx: &mut HTTP2Transaction, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
+    tbuf: *mut c_void,
 ) -> u8 {
-    let mut vec = Vec::new();
+    let tbuf = cast_pointer!(tbuf, Http2ThreadBuf);
+    tbuf.data = Vec::new();
     let frames = if direction & Direction::ToServer as u8 != 0 {
         &tx.frames_ts
     } else {
@@ -868,19 +870,16 @@ pub unsafe extern "C" fn SCHttp2TxGetHeadersRaw(
         if let Some(blocks) = http2_header_blocks(frame) {
             for block in blocks.iter() {
                 // we do not escape linefeeds nor : in headers names
-                vec.extend_from_slice(&block.name);
-                vec.extend_from_slice(b": ");
-                vec.extend_from_slice(&block.value);
-                vec.extend_from_slice(b"\r\n");
+                tbuf.data.extend_from_slice(&block.name);
+                tbuf.data.extend_from_slice(b": ");
+                tbuf.data.extend_from_slice(&block.value);
+                tbuf.data.extend_from_slice(b"\r\n");
             }
         }
     }
-    if !vec.is_empty() {
-        tx.escaped.push(vec);
-        let idx = tx.escaped.len() - 1;
-        let value = &tx.escaped[idx];
-        *buffer = value.as_ptr(); //unsafe
-        *buffer_len = value.len() as u32;
+    if !tbuf.data.is_empty() {
+        *buffer = tbuf.data.as_ptr(); //unsafe
+        *buffer_len = tbuf.data.len() as u32;
         return 1;
     }
     return 0;
diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c
index 1dd7da04af..7054ff4b35 100644
--- a/src/detect-http-raw-header.c
+++ b/src/detect-http-raw-header.c
@@ -62,6 +62,8 @@ static void DetectHttpRawHeaderRegisterTests(void);
 static bool DetectHttpRawHeaderValidateCallback(
         const Signature *s, const char **sigerror, const DetectBufferType *dbt);
 static int g_http_raw_header_buffer_id = 0;
+static int g_http2_thread_id = 0;
+
 static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
         const DetectEngineTransforms *transforms, Flow *_f,
         const uint8_t flow_flags, void *txv, const int list_id);
@@ -127,6 +129,8 @@ void DetectHttpRawHeaderRegister(void)
 
     DetectBufferTypeRegisterValidateCallback("http_raw_header",
             DetectHttpRawHeaderValidateCallback);
+    g_http2_thread_id = DetectRegisterThreadCtxGlobalFuncs(
+            "http2.raw_header", SCHttp2ThreadBufDataInit, NULL, SCHttp2ThreadBufDataFree);
 
     g_http_raw_header_buffer_id = DetectBufferTypeGetByName("http_raw_header");
 }
@@ -217,7 +221,10 @@ static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
         uint32_t b_len = 0;
         const uint8_t *b = NULL;
 
-        if (SCHttp2TxGetHeadersRaw(txv, flow_flags, &b, &b_len) != 1)
+        void *thread_buf = DetectThreadCtxGetGlobalKeywordThreadCtx(det_ctx, g_http2_thread_id);
+        if (thread_buf == NULL)
+            return NULL;
+        if (SCHttp2TxGetHeadersRaw(txv, flow_flags, &b, &b_len, thread_buf) != 1)
             return NULL;
         if (b == NULL || b_len == 0)
             return NULL;