diff --git a/lib/cors-anywhere.js b/lib/cors-anywhere.js
index a506bab..fd2859f 100644
--- a/lib/cors-anywhere.js
+++ b/lib/cors-anywhere.js
@@ -2,7 +2,7 @@
 // Released under the MIT license
 
 'use strict';
-/* jshint node:true, eqnull:true, sub:true, quotmark:single */
+/* jshint node:true, eqnull:true, sub:true, quotmark:single, unused:true */
 
 var httpProxy = require('http-proxy');
 var net = require('net');
@@ -71,13 +71,6 @@ function withCORS(headers, request) {
   return headers;
 }
 
-/**
- * @param host {string} Host name (excluding port) of requested resource
- */
-function isForbidden(host) {
-  return false; // TODO
-}
-
 /**
  * Performs the actual proxy request.
  *
@@ -87,10 +80,6 @@ function isForbidden(host) {
  */
 function proxyRequest(req, res, proxy) {
   var location = req.corsAnywhereRequestState.location;
-  if (isForbidden(location.hostname)) {
-    res.writeHead(403, 'Refused to visit', withCORS({'Location': location.full_url}, req));
-    return;
-  }
 
   req.url = location.pathAndQueryString;
   // Let the "Host" header be the host part of the path (including port, if specified).
@@ -307,7 +296,7 @@ var getHandler = exports.getHandler = function(options) {
 
 // Create server with default and given values
 // Creator still needs to call .listen()
-var createServer = exports.createServer = function(options) {
+exports.createServer = function createServer(options) {
   if (!options) options = {};
 
   // Default options: