responseHeaderFilter is the natural counterpart to requestHeaderFilter. Combine it with the response header actions in the same rule to inspect, mutate or strip server side metadata before it reaches the client.
Use responseHeaderFilter when the meaningful selector for your rule lives in what the server sends back, not in the request. Response headers carry caching directives, security policies, content negotiation results and a wealth of server side metadata that is often easier to match than the body.
Typical situations:
Strict-Transport-Security header.Content-Encoding such as br or gzip.X-Powered-By value you want to track.The filter evaluates on the responseHeaderReceivedFromRemote scope, as soon as the response status line and headers are parsed. The default operation is Contains, which keeps simple substring matches concise.
Tag every response that does not carry a Strict-Transport-Security header so you can build a list of endpoints that still need to be hardened.
rules:
- filter:
typeKind: ResponseHeaderFilter
headerName: strict-transport-security
pattern: .*
operation: Regex
inverted: true
actions:
- typeKind: ApplyTagAction
tag:
value: missing-hsts
Remove the Server header from any response that declares an upstream technology, useful when you want to scrub fingerprinting information before forwarding traffic.
rules:
- filter:
typeKind: ResponseHeaderFilter
headerName: Server
pattern: .+
operation: Regex
actions:
- typeKind: DeleteResponseHeaderAction
headerName: Server
Apply a tag to any exchange where the server returned a Brotli encoded body so you can correlate compression with payload size in the timeline.
rules:
- filter:
typeKind: ResponseHeaderFilter
headerName: Content-Encoding
pattern: br
operation: Contains
actions:
- typeKind: ApplyTagAction
tag:
value: brotli
Select exchanges according to response header values.
Evaluation scope defines the timing where this filter will be applied.
responseHeaderReceivedFromRemote This scope occurs the moment fluxzy has done parsing the response header.
responseHeaderFilter
The following table describes the customizable properties available for this filter:
| Property | Type | Description | DefaultValue |
|---|---|---|---|
| headerName | string | Header name | |
| pattern | string | The string pattern to search | |
| operation | exact | contains | startsWith | endsWith | regex | The search operation performed | contains |
| caseSensitive | boolean | true if the Search should be case sensitive | false |
| inverted | boolean | Negate the filter result | false |
The following examples apply a comment to the filtered exchange
Retains only exchanges with a strict-transport-security response header.
rules:
- filter:
typeKind: ResponseHeaderFilter
headerName: strict-transport-security
pattern: .*
operation: Regex
actions:
- typeKind: ApplyCommentAction
comment: filter was applied
View definition of ResponseHeaderFilter for .NET integration.
This filter has no related filter
No by default. Header names are usually case insensitive on the wire, and the value comparison is also case insensitive unless you set caseSensitive: true.
Exact, Contains, StartsWith, EndsWith and Regex. Contains is the default because most response headers are matched on a substring.
Yes. When several values are present for the same header name the filter matches as soon as one of them satisfies the pattern.
Use Regex with .* and inverted: true. The rule then fires every time the named header is absent or its value does not match.