Servers love to ship more headers than the client actually needs. deleteResponseHeaderAction gives you a focused tool to remove the ones that get in the way of debugging, security testing, or sharing captures with colleagues. Combine it with a filter so the rewrite only touches the traffic you are actively investigating.
Use deleteResponseHeaderAction when you want the client to receive a response without a header the upstream sent. Every occurrence of the named header is removed in one pass.
Typical situations include:
Set-Cookie to test how a client behaves when a session cookie never arrives.Strict-Transport-Security or Content-Security-Policy while debugging a hard to reproduce browser issue.X-Powered-By, Server) before they reach an external observer.The action runs on the responseHeaderReceivedFromRemote scope, so the rewrite happens before the client receives the headers.
Forces the client to behave as if the server never issued a cookie, which is handy when debugging session bugs.
rules:
- filter:
typeKind: HostFilter
pattern: api.internal.example.com
actions:
- typeKind: DeleteResponseHeaderAction
headerName: Set-Cookie
Temporarily disables HSTS so you can reproduce a client side issue on a staging hostname that normally enforces HTTPS upgrade.
rules:
- filter:
typeKind: HostFilter
pattern: staging.example.com
actions:
- typeKind: DeleteResponseHeaderAction
headerName: Strict-Transport-Security
Useful when sharing a capture externally and you want to hide the server stack.
rules:
- filter:
typeKind: AnyFilter
actions:
- typeKind: DeleteResponseHeaderAction
headerName: X-Powered-By
- typeKind: DeleteResponseHeaderAction
headerName: Server
Remove response headers. This action removes every occurrence of the header from the response.
Evaluation scope defines the timing where this filter will be applied.
responseHeaderReceivedFromRemote This scope occurs the moment fluxzy has done parsing the response header.
deleteResponseHeaderAction
The following table describes the customizable properties available for this action:
| Property | Type | Description | DefaultValue |
|---|---|---|---|
| headerName | string |
The following examples apply this action to any exchanges
Remove every Set-Cookie header from response.
rules:
- filter:
typeKind: AnyFilter
actions:
- typeKind: DeleteResponseHeaderAction
headerName: Set-Cookie
View definition of DeleteResponseHeaderAction for .NET integration.
The following actions are related to this action:
Yes. Fluxzy stores the response after the rule pipeline runs, so the captured exchange reflects the rewritten headers.
removeResponseCookieAction operates on a single cookie inside a Set-Cookie header and leaves the rest in place. deleteResponseHeaderAction removes the whole header, including every cookie it carries.
Yes. Combine the action with an htmlResponseFilter inside a FilterCollection so the rule fires only on HTML payloads.
Most clients ignore missing optional headers, but security related headers like CSP or HSTS may change behaviour visibly. Make sure you understand the impact before stripping them in shared environments.