Header Removal Policy
Policy name |
Header Removal |
Summary |
Removes headers from a request or a response |
Category |
Transformation |
Returned Status Codes |
500 - The configuration includes an expression that was not evaluated. |
Summary
The Header Removal policy removes all listed headers from a request or a response of a message when you specify an inbound and outbound map of the headers that you want to remove with a key-value pair.
You can optionally include DataWeave expressions in the value of the header. For example, all headers matching the following configured expression are injected to the message:
“#[attributes.requestPath]”
The following headers may not be removed: user-agent, accept, host, content-type, content-length, date, transfer-encoding, connection, |
Configuring Policy Parameters
Mule Gateway
When you apply the Header Removal policy to your API from the UI, you can configure the following parameters:
Parameter | Description |
---|---|
Inbound Header Map |
List of header names or regular expressions (comma separated) to be removed at the beginning of the message processing, for example, |
Outbound Header Map |
List of header names or regular expressions (comma separated) to be removed at the end of the message processing, for example, |
Method & Resource conditions |
The option to add configurations to only a select few or all methods and resources of the API |
How This Policy Works
Because every header that matches a Header Removal policy parameter is removed from the message, you must be careful about how you configure that parameter.
For example, the following parameter configuration removes any header starting with the word Access-Control
, such as the Access-Control-Allow-Credentials
and Access-Control-Allow-Origin
headers from a message. The configuration also removes the Cache-Control
header: