Header Transformations

Header transformations allow you to modify HTTP headers in both requests and responses. This feature is useful for security, compatibility, and customization purposes.

Configuration Structure

transformation:
  request_headers:
    - name: content-type
      action: remove
      enabled: true
    - name: user-agent
      action: set
      value: this_is_a_test_user_agent
      enabled: true
  response_headers:
    - name: content-type
      action: remove
      enabled: true
    - name: user-agent
      action: set
      value: this_is_a_test_response_header
      enabled: true

Configuration Options

Request Headers

• Type: Array
• Description: List of transformations to apply to request headers

Response Headers

• Type: Array
• Description: List of transformations to apply to response headers

Header Transformation Options

Name

• Type: String
• Required: Yes
• Description: Name of the header to transform
• Example: name: "content-type"

Action

• Type: String
• Required: Yes
• Options: remove, set, add
• Description: Action to perform on the header
• remove: Remove the header
• set: Set or replace the header value
• add: Add the header if it doesn't exist
• Example: action: "remove"

Value

• Type: String
• Required: When action is set or add
• Description: Value to set for the header
• Example: value: "application/json"

Enabled

• Type: Boolean
• Default: true
• Description: Whether the transformation is active
• Example: enabled: true

Best Practices

1. Use specific header names
2. Test transformations in a staging environment
3. Document header changes
4. Monitor for unexpected behavior
5. Keep transformations organized

Example Configurations

Basic Header Transformations

transformation:
  request_headers:
    - name: "x-forwarded-for"
      action: remove
      enabled: true
    - name: "user-agent"
      action: set
      value: "Custom User Agent"
      enabled: true
  response_headers:
    - name: "server"
      action: remove
      enabled: true
    - name: "x-frame-options"
      action: set
      value: "DENY"
      enabled: true

Security Headers

transformation:
  response_headers:
    - name: "x-content-type-options"
      action: set
      value: "nosniff"
      enabled: true
    - name: "x-xss-protection"
      action: set
      value: "1; mode=block"
      enabled: true
    - name: "strict-transport-security"
      action: set
      value: "max-age=31536000; includeSubDomains"
      enabled: true

Common Use Cases

1. Security Headers: Add security-related headers
2. Compatibility: Modify headers for compatibility
3. Privacy: Remove sensitive headers
4. Customization: Set custom header values
5. Standardization: Ensure consistent header values

Related Topics

• Global Settings
• WAF Rules
• Rate Limits