You can enforce strict limitations on incoming headers intended for a service . You can sanitize HTTP headers that carry sensitive information, including information that identifies the client and some application-specific state information, passed as one or more HTTP headers. You can configure a header ACL to prevent specific attack types, block metacharacters, and block specific Header Names.
You can specify whether, when an active rule is broken, the request is blocked or monitored (tracked in a log).