diff --git a/docs/mcpgodebug.md b/docs/mcpgodebug.md
index 7c6773dc..b8243923 100644
--- a/docs/mcpgodebug.md
+++ b/docs/mcpgodebug.md
@@ -18,13 +18,37 @@
 
 ## `MCPGODEBUG` history
 
+### 1.6.0
+
+Options listed below were added and will be removed in the 1.8.0 version of the SDK.
+
+- `seterroroverwrite` added. If set to `1`, `SetError` will always overwrite
+  `Content` with the error text, restoring the previous behavior. The default
+  behavior was changed to preserve existing `Content` if it has already been
+  populated.
+
+- `enableoriginverification` added. If set to `1`, default (zero-value)
+  cross-origin protection will be applied when
+  `StreamableHTTPOptions.CrossOriginProtection` is nil, restoring the
+  behavior from v1.4.1-v1.5.0. The default behavior was changed to not
+  enable cross-origin protection.
+
+- `disablelocalhostprotection` removal was postponed until 1.8.0, as it is now
+  also used in the SSE transport.
+
+Options below were removed.
+
+- `disablecrossoriginprotection` removed. It was replaced by
+  `enableoriginverification` after the default was changed to not enable
+  cross-origin protection.
+
 ### 1.4.1
 
 Options listed below will be removed in the 1.6.0 version of the SDK.
 
 - `disablecrossoriginprotection` added. If set to `1`, newly added cross-origin
   protection will be disabled. The default behavior was changed to enable
-  cross-origin protection. **Removal of this option was postponed until 1.7.0.**
+  cross-origin protection.
 
 ### 1.4.0
 
@@ -39,4 +63,4 @@ Options listed below will be removed in the 1.6.0 version of the SDK.
   protection. The protection can also be disabled by setting the
   `DisableLocalhostProtection` field in the `StreamableHTTPOptions` or
   `SSEOptions` struct to `true`, which is the recommended way to disable
-  the protection long term. **Removal of this option was postponed until 1.7.0.**
+  the protection long term. **Removal of this option was postponed until 1.8.0.**
diff --git a/internal/docs/mcpgodebug.src.md b/internal/docs/mcpgodebug.src.md
index 592e9238..0b57447c 100644
--- a/internal/docs/mcpgodebug.src.md
+++ b/internal/docs/mcpgodebug.src.md
@@ -17,13 +17,37 @@
 
 ## `MCPGODEBUG` history
 
+### 1.6.0
+
+Options listed below were added and will be removed in the 1.8.0 version of the SDK.
+
+- `seterroroverwrite` added. If set to `1`, `SetError` will always overwrite
+  `Content` with the error text, restoring the previous behavior. The default
+  behavior was changed to preserve existing `Content` if it has already been
+  populated.
+
+- `enableoriginverification` added. If set to `1`, default (zero-value)
+  cross-origin protection will be applied when
+  `StreamableHTTPOptions.CrossOriginProtection` is nil, restoring the
+  behavior from v1.4.1-v1.5.0. The default behavior was changed to not
+  enable cross-origin protection.
+
+- `disablelocalhostprotection` removal was postponed until 1.8.0, as it is now
+  also used in the SSE transport.
+
+Options below were removed.
+
+- `disablecrossoriginprotection` removed. It was replaced by
+  `enableoriginverification` after the default was changed to not enable
+  cross-origin protection.
+
 ### 1.4.1
 
 Options listed below will be removed in the 1.6.0 version of the SDK.
 
 - `disablecrossoriginprotection` added. If set to `1`, newly added cross-origin
   protection will be disabled. The default behavior was changed to enable
-  cross-origin protection. **Removal of this option was postponed until 1.7.0.**
+  cross-origin protection.
 
 ### 1.4.0
 
@@ -38,4 +62,4 @@ Options listed below will be removed in the 1.6.0 version of the SDK.
   protection. The protection can also be disabled by setting the
   `DisableLocalhostProtection` field in the `StreamableHTTPOptions` or
   `SSEOptions` struct to `true`, which is the recommended way to disable
-  the protection long term. **Removal of this option was postponed until 1.7.0.**
+  the protection long term. **Removal of this option was postponed until 1.8.0.**
diff --git a/mcp/streamable.go b/mcp/streamable.go
index 1455238f..ef2dc8d4 100644
--- a/mcp/streamable.go
+++ b/mcp/streamable.go
@@ -241,7 +241,7 @@ func (h *StreamableHTTPHandler) closeAll() {
 // disablelocalhostprotection is a compatibility parameter that allows to disable
 // DNS rebinding protection, which was added in the 1.4.0 version of the SDK.
 // See the documentation for the mcpgodebug package for instructions how to enable it.
-// The option will be removed in the 1.6.0 version of the SDK.
+// The option will be removed in the 1.8.0 version of the SDK.
 var disablelocalhostprotection = mcpgodebug.Value("disablelocalhostprotection")
 
 // enableoriginverification is a compatibility parameter that restores the