diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml
index 46161e6f..2d102929 100644
--- a/charts/common/Chart.yaml
+++ b/charts/common/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.6-beta.1
+version: 0.8.6-beta.2
 
 
 # This is the version number of the application being deployed. This version number should be
diff --git a/charts/common/templates/service-cloudarmor.yaml b/charts/common/templates/service-cloudarmor.yaml
index 8ecfb219..864cddbc 100644
--- a/charts/common/templates/service-cloudarmor.yaml
+++ b/charts/common/templates/service-cloudarmor.yaml
@@ -7,9 +7,10 @@ metadata:
     {{- include "common.labels" . | nindent 4 }}
   annotations:
     {{- if .Values.cloudArmor.backendConfig.iap }}
-    cloud.google.com/backend-config: '{"ports": {"80":"{{ include "common.name" . }}", "443":"{{ include "common.name" . }}"},"default": "{{ include "common.name" . }}"}'
+    cloud.google.com/backend-config: '{"ports": {"80":"{{ include "common.name" . }}", "443":"{{ include "common.name" . }}"},"default": "{{ include "common.name" . }}", "customRequestHeaders": {{ .Values.cloudArmor.backendConfig.customHeaders | toJson }}}'
     {{- else }}
-    cloud.google.com/backend-config: '{"ports": {"80":"{{ include "common.name" . }}", "443":"{{ include "common.name" . }}"}}'
+    cloud.google.com/backend-config: '{"ports": {"80":"{{ include "common.name" . }}", "443":"{{ include "common.name" . }}"}, "customRequestHeaders": {{ .Values.cloudArmor.backendConfig.customHeaders | toJson }}}'
+    {{- end }}
     {{- end }}
 spec:
   type: {{ .Values.cloudArmor.service.type }}
diff --git a/charts/common/values.yaml b/charts/common/values.yaml
index 1357f0e0..d615a999 100644
--- a/charts/common/values.yaml
+++ b/charts/common/values.yaml
@@ -190,6 +190,18 @@ cloudArmor:
     #   enabled: true
     #   oauthclientCredentials:
     #     secretName: chart-iapsecret
+    customHeaders: []
+      # - name: X-Frame-Options
+      #   value: DENY
+      # - name: X-XSS-Protection
+      #   value: 1; mode=block
+      # - name: X-Content-Type-Options
+      #   value: nosniff
+      # - name: Referrer-Policy
+      #   value: no-referrer-when-downgrade
+      # - name: Content-Security-Policy
+      # - name: X-Client-Geo-Location
+      #   value: {client.region_code}, {client.city}
   # By default we always use redirectToHttps in frontendConfig if you want to define overwrite consider including it
   frontendConfig:
     redirectToHttps: