Why not just limit n at the parser level? Far simpler than any alternative. It's not like your application really needs to handle arbitrary numbers of fields all at once.
You have to be careful with HTTP header fields too.
It does not solve the initial problem: a malicious entity, which uses its knowledge of the hash function to generate hash collisions. If you keep the hash function a secret (typically by using a random member of a universal hash function family) the problem goes away anyway, and you don't necessarily need cuckoo hashing to avoid disaster, which typically uses 2 members of that same hash function family.
BTW: Hopscotch hashing is another hashing variant that looks interesting.