My only concern is that if you are not running a Pound proxy, you are not protected against bogus headers. That feels wrong, though I can't immediately think of a reason why someone would want to fake these.
How about a parameter for enabling or disabling the header checking? It should be off by default.
However, this involves a more substantial change and
requires upgrade scripts to the data model.
Are we talking about anything more than one new parameter (it could be a space-separated list)? Adding a new parameter is a simple change to the package info file, no upgrade scripts are needed.
