Header Removal Policy

Policy name

Header Removal

Summary

Removes headers from a request or a response

Category

Transformation

First Mule version available

v4.1.0

Returned Status Codes

500 - The configuration includes an expression that was not evaluated.

The Header Removal policy removes all listed headers from a request or a response of a message when you specify an inbound and outbound map of the headers that you want to remove with a key-value pair:

header inject remove diagram

You can optionally include DataWeave expressions for Mule 4.0 and Mule runtime engine (Mule) expressions for Mule 3.0 and in the value of the header:

“#[attributes.requestPath]”

In this example, all the headers matching the configured expression are removed from the message.

How This Policy Works

Because every header that matches a Header Removal policy parameter is removed from the message, you must be careful about how you configure that parameter.

For example, the following parameter configuration removes any header starting with the word Access-Control, such as the Access-Control-Allow-Credentials and Access-Control-Allow-Origin headers from a message. The configuration also removes the Cache-Control header:

remove inbound header
Figure 1. Inbound Header

Configuring Policy Parameters

When you apply the Header Removal policy to your API from the UI, you can configure the following parameters:

Parameter Description

Inbound Header Map

List of header names or regular expressions (comma separated) to be removed at the beginning of the message processing, for example, Cache-Control, Access-Control.*

Outbound Header Map

List of header names or regular expressions (comma separated) to be removed at the end of the message processing, for example, Access-Control-Allow-Credentials

Method & Resource conditions

The option to add configurations to only a select few or all methods and resources of the API

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub