X-Up-Location header should not be sent by default

[triskweline]

This Stack middleware automatically echoes the request URL in an X-Up-Location response header. I recommend removing this feature.

Echoing the request URL was needed to detect the final URL after a redirect in legacy browsers, namely Internet Explorer 11. Now that IE11 is finally dead, this is no longer necessary.

Also reflecting the user-controlled request URL can lead to a Denial of Service issue in particular server setups.

Thank you for maintaining this package!