You can also define allowed WebSocket subprotocols and extensions, providing more fine-grained control over how the application behaves.

  1. Click Access and then go to Rules > Rules.
  2. Click + Add Rule.
  3. In the Name field, enter a unique name up to 64 characters long.

    Special characters and spaces are allowed.

  4. From the Type list, select WebSocket Handshake.
  5. In the Allowed Origins, enter one or more origins.

    If no origins are defined, all cross-origin WebSocket requests are denied.


    Avoid using a value of * in this field. While this is a valid configuration, it is considered an insecure practice.

  6. Modify the list of Allowed Subprotocols.

    Subprotocols are defined in the Sec-WebSocket-Protocol handshake header. The default value of * allows all subprotocols.

  7. Modify the list of Allowed Extensions.

    WebSocket extensions are defined in the Sec-WebSocket-Extensions handshake header. The default value of * allows all extensions.

    Additional advanced fields for handling error responses can also be defined here. For more information, see Advanced Fields.

  8. Click Save.