DNS-rebinding protection: reject requests whose Host/Origin is not a
recognized localhost value (or in the explicit allow-lists below). On by
default per the MCP transport security guidance; disable when fronting
the server with a trusted reverse proxy.
DNS-rebinding protection: reject requests whose Host/Origin is not a recognized localhost value (or in the explicit allow-lists below). On by default per the MCP transport security guidance; disable when fronting the server with a trusted reverse proxy.