Expedited Security

API

Allowlist IP Endpoint
API Overview
Blocklist IP Endpoint
Cache Clear Webhook Endpoint
Cache Invalidation Endpoint
Logs Endpoint
Origins Endpoint

Block Codes

Cache Rules

Asset File Caching
Automatic Cache Clearing with Heroku App Webhooks
Caching Profiles
Clearing Cache Manually
Compression Settings
Edge Network Points of Presence
HTTP "SPDY"

Content Security

Blocking HTML in Forms (XSS Prevention)
Enabling Security Headers
Forcing HTTPS
How WAF Blocking Works
Rate Limiting
SSL / HTTPS / TLS Certificate Settings
Stopping XSS, CSRF, SQL injection, and Framework Attacks
TLS Versions and Cipher Suites
TMP021 block

Protect Pages

CAPTCHA Protection
IP Protection
Password Protection

Setup and Onboarding

CAA Records and Certificate Renewal
Changing Your Domain
Choosing a Domain
DNS CNAME and A Records
Domain Verification CNAME Questions
ExpeditedWAF Setup and Onboarding
Heroku App URL and Custom Domains
Heroku Private Space Trusted IP Range Configuration
HTTP_X_FORWARDED_FOR Header Handling
Pentesting Considerations
Removing the WAF
SSL Key Requirements
Troubleshooting 403 WAF Blocks
Troubleshooting 502 and 504 Errors
Troubleshooting WAF Provisioning
Understanding HTTP Responses and Network Timeouts
Verifying SSL Prior to DNS Rollover
Websockets
Why Do I Need to Verify my Domain?
Wildcard Certificate Renewal

Traffic Rules

Allowlisting URL Paths
Blocking Anonymous Proxies
Blocking Clients via Cookies
Blocking IP Addresses
Blocking Referring Sites
Blocking Requests Based on Country
Blocking User Agents
DDoS HTTP Flood Protection

Docs / Content Security

Content Security

Blocking HTML in Forms (XSS Prevention)
Enabling Security Headers
Forcing HTTPS
How WAF Blocking Works
Rate Limiting
SSL / HTTPS / TLS Certificate Settings
Stopping XSS, CSRF, SQL injection, and Framework Attacks
TLS Versions and Cipher Suites
TMP021 block

© 2026 Expedited SSL Inc. All rights reserved.