final String[] extraQueries = request.getParameterValues("ex_q");
        if (extraQueries == null || extraQueries.length == 0) {
            return new String[0];
        }
        // Build allowlist from configured facet queries
        final List<FacetQueryView> facetQueryViewList = ComponentUtil.getViewHelper().getFacetQueryViewList();
        final Set<String> allowedQueries = new java.util.HashSet<>();

    private development environments that only carry test data. Prefer this over creating an
    all-trusting `TrustManager` because only hosts on the allowlist are insecure. From
    [our DevServer sample][dev_server]:

    ```kotlin
    val clientCertificates = HandshakeCertificates.Builder()
        .addPlatformTrustedCertificates()
        .addInsecureHost("localhost")