Type
New feature
Description
I serve a web API which does not require the HTTP request body or headers (only the HTTP method and URI). I understand cloudflare does not allow removing some headers (e.g. cf-*), but it would still help to remove all other headers. If possible, a header allowlist could be useful as well.
Benefit
Reduce Cloudflare’s traffic to the origin server, thus saving everyone’s bandwidth! Also, it would be an additional defense against DDOS attacks, because the origin server would receive smaller requests, allowing it to process more packets per second.