diff --git a/nodes/core/io/22-websocket.js b/nodes/core/io/22-websocket.js
index 2e5808473..2723c1d60 100644
--- a/nodes/core/io/22-websocket.js
+++ b/nodes/core/io/22-websocket.js
@@ -82,16 +82,15 @@ module.exports = function(RED) {
 
             RED.server.addListener('newListener',storeListener);
 
-            // Create a WebSocket Server
-            node.server = new ws.Server({
+            var serverOptions = {
                 server:RED.server,
-                path:path,
-                // Disable the deflate option due to this issue
-                //  https://github.com/websockets/ws/pull/632
-                // that is fixed in the 1.x release of the ws module
-                // that we cannot currently pickup as it drops node 0.10 support
-                perMessageDeflate: false
-            });
+                path:path
+            }
+            if (RED.settings.webSocketNodeVerifyClient) {
+                serverOptions.verifyClient = RED.settings.webSocketNodeVerifyClient;
+            }
+            // Create a WebSocket Server
+            node.server = new ws.Server(serverOptions);
 
             // Workaround https://github.com/einaros/ws/pull/253
             // Stop listening for new listener events
diff --git a/settings.js b/settings.js
index dd04b4394..79e8839f7 100644
--- a/settings.js
+++ b/settings.js
@@ -167,6 +167,25 @@ module.exports = {
     //    next();
     //},
 
+    // The following property can be used to verify websocket connection attempts.
+    // This allows, for example, the HTTP request headers to be checked to ensure
+    // they include valid authentication information.
+    //webSocketVerifyClient: function(info) {
+    //    // 'info' has three properties:
+    //    //   - origin : the value in the Origin header
+    //    //   - req : the HTTP request
+    //    //   - secure : true if req.connection.authorized or req.connection.encrypted is set
+    //    //
+    //    // The function should return true if the connection should be accepted, false otherwise.
+    //    //
+    //    // Alternatively, if this function is defined to accept a second argument, callback,
+    //    // it can be used to verify the client asynchronously.
+    //    // The callback takes three arguments:
+    //    //   - result : boolean, whether to accept the connection or not
+    //    //   - code : if result is false, the HTTP error status to return
+    //    //   - reason: if result is false, the HTTP reason string to return
+    //},
+
     // Anything in this hash is globally available to all functions.
     // It is accessed as context.global.
     // eg: