Expedited Security Docs

Expedited Security

Bridge certs
Concepts
Log shipping ingestion
Sucuri apex normalization
Sucuri uses Eastern time; we use UTC
WAF onboarding flow
waf_metrics is blocked-only

Datasets
Primary application database

ExpeditedSSL / Expedited Security

DNS
HelpScout
Heroku Platform API
Services
SSLStore
Sucuri

Sucuri API v2 — Add / Delete Site
Sucuri API v2 — Add SSL Certificate
Sucuri API v2 — Advanced Settings (update_setting)
Sucuri API v2 — Allow / Block IP
Sucuri API v2 — Audit Trails
Sucuri API v2 — Clear Cache
Sucuri API v2 — Protected Pages
Sucuri API v2 — Reports Settings
Sucuri API v2 — Response Format
Sucuri API v2 — Show Settings

apps
certs
metrics
Tables
wafs

ProcessCertWorker
SucuriSetupWorker
Workers

API

Allowlist IP Endpoint
API Overview
Blocklist IP Endpoint
Cache Clear Webhook Endpoint
Cache Invalidation Endpoint
Log Formats
Log Shipping Error Codes
Logs Endpoint
Origins Endpoint

Block Codes

Cache Rules

Asset File Caching
Automatic Cache Clearing with Heroku App Webhooks
Caching Profiles
Clearing Cache Manually
Compression Settings
HTTP "SPDY"

Content Security

Blocking HTML in Forms (XSS Prevention)
Enabling Security Headers
Forcing HTTPS
How WAF Blocking Works
Managing HTTP Security Headers
Rate Limiting
SSL / HTTPS / TLS Certificate Settings
Stopping XSS, CSRF, SQL injection, and Framework Attacks
TLS Versions and Cipher Suites
TMP021 block

Protect Pages

CAPTCHA Protection
IP Protection
Password Protection

Setup and Onboarding

CAA Records and Certificate Renewal
Changing Your Domain
Changing Your Heroku App Name
Choosing a Domain
Common WAF Use Cases
DNS CNAME and A Records
Domain Verification CNAME Questions
Edge Network Points of Presence
ExpeditedWAF Setup and Onboarding
File Upload API Blocked
Heroku ACM and the WAF
Heroku App URL and Custom Domains
Heroku Private Space Trusted IP Range Configuration
HTTP_X_FORWARDED_FOR Header Handling
Maximum Request Size
Pentesting Considerations
Removing the WAF
SNI (Server Name Indication) Requirement
SSL Certificate Renewal Process
SSL Key Requirements
Troubleshooting 403 WAF Blocks
Troubleshooting 502 and 504 Errors
Troubleshooting API Blocks
Troubleshooting SSL Certificate Issues
Troubleshooting WAF Provisioning
Understanding HTTP Responses and Network Timeouts
Upgrading Your WAF Plan
Verifying SSL Prior to DNS Rollover
WAF and Email Security
WAF and Outbound Connections
Websockets
Why Do I Need to Verify my Domain?
Wildcard Certificate Renewal

Traffic Rules

Allowlisting URL Paths
Blocking Anonymous Proxies
Blocking Clients via Cookies
Blocking IP Addresses
Blocking Referring Sites
Blocking Requests Based on Country
Blocking User Agents
Bulk IP Allowlisting and Blocklisting
DDoS HTTP Flood Protection

Docs /

apps
certs
metrics
Tables
wafs

© 2026 Expedited SSL Inc. All rights reserved.