diff --git a/.github/ISSUE_TEMPLATE/features_request.md b/.github/ISSUE_TEMPLATE/features_request.md
index 603c02f..38732d9 100644
--- a/.github/ISSUE_TEMPLATE/features_request.md
+++ b/.github/ISSUE_TEMPLATE/features_request.md
@@ -2,7 +2,7 @@
 name: Features request
 about: 提出新功能建议
 title: "[Features]"
-labels: enhancement
+labels: 改进
 assignees: ''
 
 ---
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 639dc60..fe627e5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # 更新日志
 
+25w29a - 2025-04-27
+---
+- PRE-RELEASE: 此版本是v3.0.3预发布版本,请勿在生产环境中使用;
+- CHANGE: 增加移除部分header的处置, 避免向服务端/客户端透露过多信息
+- FIX: 修正非预期的header操作行为
+- CHANGE: 合并header相关逻辑, 避免多次操作
+- CHANGE: 对editor模式下的input进行处置, 增加隐式关闭处理
+
 3.0.2 - 2025-04-15
 ---
 - CHANGE: 避免重复的re编译操作
diff --git a/DEV-VERSION b/DEV-VERSION
index f103177..f4abfe2 100644
--- a/DEV-VERSION
+++ b/DEV-VERSION
@@ -1 +1 @@
-25w29t-1
\ No newline at end of file
+25w29a
\ No newline at end of file
diff --git a/proxy/chunkreq.go b/proxy/chunkreq.go
index 7187e1f..b02ec4c 100644
--- a/proxy/chunkreq.go
+++ b/proxy/chunkreq.go
@@ -13,7 +13,7 @@ import (
 )
 
 var (
-	headersToRemove = map[string]struct{}{
+	respHeadersToRemove = map[string]struct{}{
 		"Content-Security-Policy":   {},
 		"Referrer-Policy":           {},
 		"Strict-Transport-Security": {},
@@ -22,6 +22,17 @@ var (
 		"X-Served-By":               {},
 		"X-Fastly-Request-Id":       {},
 	}
+
+	reqHeadersToRemove = map[string]struct{}{
+		"CF-IPCountry":     {},
+		"CF-RAY":           {},
+		"CF-Visitor":       {},
+		"CF-Connecting-IP": {},
+		"CF-EW-Via":        {},
+		"CDN-Loop":         {},
+		"Upgrade":          {},
+		"Connection":       {},
+	}
 )
 
 func ChunkedProxyRequest(ctx context.Context, c *app.RequestContext, u string, cfg *config.Config, matcher string) {
@@ -42,8 +53,9 @@ func ChunkedProxyRequest(ctx context.Context, c *app.RequestContext, u string, c
 		HandleError(c, fmt.Sprintf("Failed to create request: %v", err))
 		return
 	}
+
 	setRequestHeaders(c, req)
-	removeWSHeader(req) // 删除Conection Upgrade头, 避免与HTTP/2冲突(检查是否存在Upgrade头)
+	//removeWSHeader(req) // 删除Conection Upgrade头, 避免与HTTP/2冲突(检查是否存在Upgrade头)
 	AuthPassThrough(c, cfg, req)
 
 	resp, err = client.Do(req)
@@ -101,7 +113,7 @@ func ChunkedProxyRequest(ctx context.Context, c *app.RequestContext, u string, c
 
 	// 复制响应头，排除需要移除的 header
 	for key, values := range resp.Header {
-		if _, shouldRemove := headersToRemove[key]; !shouldRemove {
+		if _, shouldRemove := respHeadersToRemove[key]; !shouldRemove {
 			for _, value := range values {
 				c.Header(key, value)
 			}
diff --git a/proxy/gitreq.go b/proxy/gitreq.go
index c4f0cfd..55ede9a 100644
--- a/proxy/gitreq.go
+++ b/proxy/gitreq.go
@@ -43,7 +43,7 @@ func GitReq(ctx context.Context, c *app.RequestContext, u string, cfg *config.Co
 			return
 		}
 		setRequestHeaders(c, req)
-		removeWSHeader(req)
+		//removeWSHeader(req)
 		AuthPassThrough(c, cfg, req)
 
 		resp, err = gitclient.Do(req)
@@ -58,7 +58,7 @@ func GitReq(ctx context.Context, c *app.RequestContext, u string, cfg *config.Co
 			return
 		}
 		setRequestHeaders(c, req)
-		removeWSHeader(req)
+		//removeWSHeader(req)
 		AuthPassThrough(c, cfg, req)
 
 		resp, err = client.Do(req)
diff --git a/proxy/match.go b/proxy/match.go
index 8e6c0d9..1cae46c 100644
--- a/proxy/match.go
+++ b/proxy/match.go
@@ -246,7 +246,7 @@ func extractParts(rawURL string) (string, string, string, url.Values, error) {
 var urlPattern = regexp.MustCompile(`https?://[^\s'"]+`)
 
 // processLinks 处理链接，返回包含处理后数据的 io.Reader
-func processLinks(input io.Reader, compress string, host string, cfg *config.Config) (readerOut io.Reader, written int64, err error) {
+func processLinks(input io.ReadCloser, compress string, host string, cfg *config.Config) (readerOut io.Reader, written int64, err error) {
 	pipeReader, pipeWriter := io.Pipe() // 创建 io.Pipe
 	readerOut = pipeReader
 
@@ -268,6 +268,13 @@ func processLinks(input io.Reader, compress string, host string, cfg *config.Con
 			}
 		}()
 
+		defer func() {
+			if err := input.Close(); err != nil {
+				logError("input close failed: %v", err)
+			}
+
+		}()
+
 		var bufReader *bufio.Reader
 
 		if compress == "gzip" {
diff --git a/proxy/reqheader.go b/proxy/reqheader.go
index 01eab46..c338706 100644
--- a/proxy/reqheader.go
+++ b/proxy/reqheader.go
@@ -6,13 +6,27 @@ import (
 	"github.com/cloudwego/hertz/pkg/app"
 )
 
+/*
 // 设置请求头
 func setRequestHeaders(c *app.RequestContext, req *http.Request) {
 	c.Request.Header.VisitAll(func(key, value []byte) {
 		req.Header.Set(string(key), string(value))
 	})
 }
+*/
 
+func setRequestHeaders(c *app.RequestContext, req *http.Request) {
+	c.Request.Header.VisitAll(func(key, value []byte) {
+		headerKey := string(key)
+		headerValue := string(value)
+		if _, shouldRemove := reqHeadersToRemove[headerKey]; !shouldRemove {
+			req.Header.Set(headerKey, headerValue)
+		}
+
+	})
+}
+
+/*
 // removeWSHeader removes the "Upgrade" and "Connection" headers from the given
 // Request, which are added by the client when it wants to upgrade the
 // connection to a WebSocket connection.
@@ -20,3 +34,4 @@ func removeWSHeader(req *http.Request) {
 	req.Header.Del("Upgrade")
 	req.Header.Del("Connection")
 }
+*/