Contact Us 1-800-596-4880

Header Removal Policy

Policy name

Header Removal

Summary

Removes headers from a request or a response

Category

Transformation

Returned Status Codes

500 - The configuration includes an expression that was not evaluated.

Summary

The Header Removal policy removes all listed headers from a request or a response of a message when you specify an inbound and outbound map of the headers that you want to remove with a key-value pair.

header inject remove diagram

You can optionally include DataWeave expressions in the value of the header. For example, all headers matching the following configured expression are injected to the message:

“#[attributes.requestPath]”

The following headers may not be removed: user-agent, accept, host, content-type, content-length, date, transfer-encoding, connection,

Configuring Policy Parameters

Mule Gateway

When you apply the Header Removal policy to your API from the UI, you can configure the following parameters:

Parameter Description

Inbound Header Map

List of header names or regular expressions (comma separated) to be removed at the beginning of the message processing, for example, Cache-Control, Access-Control.*

Outbound Header Map

List of header names or regular expressions (comma separated) to be removed at the end of the message processing, for example, Access-Control-Allow-Credentials

Method & Resource conditions

The option to add configurations to only a select few or all methods and resources of the API

How This Policy Works

Because every header that matches a Header Removal policy parameter is removed from the message, you must be careful about how you configure that parameter.

For example, the following parameter configuration removes any header starting with the word Access-Control, such as the Access-Control-Allow-Credentials and Access-Control-Allow-Origin headers from a message. The configuration also removes the Cache-Control header:

remove inbound header
Figure 1. Inbound Header