This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Remove Specific Request Headers From Response
- Former user (Deleted)
- Former user (Deleted)
Web services may contain response headers with sensitive information. This tutorial explains how to remove HTTP request headers from the responses for security reasons
To remove request headers from responses for per API or globally, add the name of the header to be removed as a property in your custom out sequence.
- For details on adding custom sequences per API, see Creating per-API extensions.
- For details on adding custom sequences to all APIs of a specific tenant at once, see Creating global extensions.
To handle error responses, follow the instructions below.
- To address the scenario where the API does not exist, open the
<API-M_HOME>/repository/deployment/server/synapse-configs/default/sequences/main.xmlfile. Add the name of the header to be removed as a property, just before the beginning of
sendmediator, as shown below- To address the scenario where an error occurs during execution of API requests, open the
<API-M_HOME>/repository/deployment/server/synapse-configs/default/sequences/fault.xmlfile. Add the name of the header to be removed as a property, just before the beginning of "CORS request handler" sequence, as shown below.
Note : The above method removes only the specified headers from the response. If you need to remove all the headers, add the TRANSPORT_HEADERS property as shown below.
<property name="TRANSPORT_HEADERS" action="remove" scope="axis2"/> <send/>