FWIW, I think that from a security and software quality perspective, explicitly defining which headers you want to feed to the API is the much better approach anyway. -- Alex -- Principal, Evariste Systems LLC (www.evaristesys.com) Sent from my Google Nexus.