diff --git a/src/lib.rs b/src/lib.rs
index 7c0a873..a0ae373 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -61,12 +61,14 @@ pub async fn start() -> io::Result<()> {
         The closure is defining the configuration for the Actix web server.
         The purpose of the closure is to configure the server before it starts listening for incoming requests.
      */
+    let max_payload_size = 10 * 1024 * 1024 * 1024; // 10 GB
     let application = move || {
         App::new()  // Creates a new Actix web application
             .app_data(web::Data::new(config_clone.clone()))
             .app_data(web::Data::new(jinja.clone()))
             .app_data(web::Data::new(fernet.clone()))
             .app_data(web::Data::new(session.clone()))
+            .app_data(web::PayloadConfig::default().limit(max_payload_size))
             .wrap(squire::middleware::get_cors(config_clone.websites.clone()))
             .wrap(middleware::Logger::default())  // Adds a default logger middleware to the application
             .service(routes::basics::health)  // Registers a service for handling requests
diff --git a/src/routes/upload.rs b/src/routes/upload.rs
index 9cb7e64..b588ae9 100644
--- a/src/routes/upload.rs
+++ b/src/routes/upload.rs
@@ -40,8 +40,8 @@ pub async fn save_files(request: HttpRequest,
     }
     let mut upload_path = config.media_source.clone();  // cannot be borrowed as mutable
     let mut secure_str = "";
-    if let Some(dedicated) = request.headers().get("dedicated_directory") {
-        if dedicated.to_str().unwrap_or("false") == "true" {
+    if let Some(secure_flag) = request.headers().get("secure-flag") {
+        if secure_flag.to_str().unwrap_or("false") == "true" {
             secure_str = "to secure index ";
             upload_path.extend([format!("{}_{}", &auth_response.username, constant::SECURE_INDEX)])
         }
diff --git a/src/squire/middleware.rs b/src/squire/middleware.rs
index ff3232d..50925c9 100644
--- a/src/squire/middleware.rs
+++ b/src/squire/middleware.rs
@@ -21,7 +21,7 @@ pub fn get_cors(websites: Vec<String>) -> Cors {
     let mut cors = Cors::default()
         .allowed_methods(vec!["GET", "POST"])
         .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT, header::CONTENT_TYPE])
-        .allowed_header("dedicated_directory")
+        .allowed_header("secure-flag")
         .max_age(3600);  // Maximum time (in seconds) for which this CORS request may be cached
     for origin in origins {
         cors = cors.allowed_origin(&origin);
diff --git a/src/templates/upload.rs b/src/templates/upload.rs
index 7712a76..b5ac3fc 100644
--- a/src/templates/upload.rs
+++ b/src/templates/upload.rs
@@ -463,7 +463,7 @@ pub fn get_content() -> String {
                 li.querySelectorAll('span')[1].style.width = percent_complete + '%'
             }
             http.open('POST', window.location.origin + '/upload', true);  // asynchronous session
-            http.setRequestHeader('dedicated_directory', checkbox.checked);
+            http.setRequestHeader('secure-flag', checkbox.checked);
             http.send(data)
             li.querySelector('.cross').onclick = () => http.abort()
             http.onabort = () => {