# XFF trusted headers Type of document: Reference Product: F5 WAF for NGINX --- XFF trusted headers are disabled by default. The following example uses the default configuration while enabling XFF trusted headers. ```json { "policy": { "name": "xff_enabled", "template": { "name": "POLICY_TEMPLATE_NGINX_BASE" }, "applicationLanguage": "utf-8", "enforcementMode": "blocking", "general": { "customXffHeaders": [], "trustXff": true } } } ``` This alternative policy example enables XFF with custom-defined headers. ```json { "policy": { "name": "xff_custom_headers", "template": { "name": "POLICY_TEMPLATE_NGINX_BASE" }, "applicationLanguage": "utf-8", "enforcementMode": "blocking", "general": { "customXffHeaders": [ "xff" ], "trustXff": true } } } ```