Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

asamadyar's avatar
asamadyar
Icon for Nimbostratus rankNimbostratus
Apr 11, 2022

Remove values of a response header

Hi everybody, I need to remove the values of a response header. For example: access-control-allow-headers    ----->  X-Request-UUID, X-Web-Optimize-Response, X-Web-Client-Id, X-Web-City-Id, X-Web-C...
application delivery
security
asamadyar's avatar
asamadyar
Icon for Nimbostratus rankNimbostratus
Apr 14, 2022

Many thanks, Dario_Garrido 

I don`t want to remove the header; I need to remove one value.

header ------------------------------------------- value

x-x-x                                                       t1, t2, t3, t4, t5

 

And I need to remove, for example, "t3" and keep everything intact in the response header.

I think your code will completely remove the header (x-x-x).

Dario_Garrido's avatar
Dario_Garrido
Icon for Noctilucent rankNoctilucent
Apr 19, 2022

Hello Asamadyar.

Try with this code

 

when HTTP_RESPONSE {
	if { [HTTP::header "access-control-allow-headers"] ne "" } {
		if { [HTTP::header "access-control-allow-headers"] contains "," }{
			set acheaders [split [HTTP::header "access-control-allow-headers"] ","]
			set output ""
			foreach acheader $acheaders {
				if { $output eq "" } {
					if { !($acheader contains "X-Web-City-Id") } { set output "$acheader" }
				} else {
					if { !($acheader contains "X-Web-City-Id") } { set output "$output,$acheader" }
				}
			}
			#log local0. "INPUT: [HTTP::header "access-control-allow-headers"]"
			HTTP::header replace "access-control-allow-headers" $output
			#log local0. "OUTPUT: [HTTP::header "access-control-allow-headers"]"
		}
	}
}