HTTP::header remove will remove all of the headers that you specify.
If you want to attack it from the other direction you can use HTTP::header sanitize.
HTTP::header sanitize [header name]+¶
- Removes all headers except the ones you specify and the following: Connection, Content-Encoding, Content-Length, Content-Type, Proxy-Connection, Set-Cookie, Set-Cookie2, and Transfer-Encoding.
- Note that the Host header (required by HTTP/1.1) is removed unless explicitly specified.
- This command can be used in the client-side or server-side context, depending on whether you want to sanitize request and/or response headers.
- If you are using the command in the server-side context, you may want to consider adding Location to the list of retained headers if your application requires they be sent to clients.
- If you are using the command in the client-side context, you may want to consider adding Cookie, Accept, and Accept-Encoding to the list of retained headers.