diff --git a/conf/config.example.toml b/conf/config.example.toml
index fbb65ff..ab59727 100644
--- a/conf/config.example.toml
+++ b/conf/config.example.toml
@@ -47,7 +47,7 @@ update-timeout = "60s"
 max-heap-size-ratio = 0.5 # * RAM_size
 forbidden-domains = []
 # allowed-repository-url-prefixes = <nil>
-allowed-custom-headers = []
+allowed-custom-headers = ["X-Clacks-Overhead"]
 
 [observability]
 slow-response-threshold = "500ms"
diff --git a/src/config.go b/src/config.go
index 6b19e67..e478c30 100644
--- a/src/config.go
+++ b/src/config.go
@@ -112,7 +112,7 @@ type LimitsConfig struct {
 	// List of allowed custom headers. Header name must be in the MIME canonical form,
 	// e.g. `Foo-Bar`. Setting this option permits including this custom header in `_headers`,
 	// unless it is fundamentally unsafe.
-	AllowedCustomHeaders []string `toml:"allowed-custom-headers" default:"[]"`
+	AllowedCustomHeaders []string `toml:"allowed-custom-headers" default:"[\"X-Clacks-Overhead\"]"`
 }
 
 type ObservabilityConfig struct {