header_access

This directive defines a set of access rules for filtering HTTP headers from both requests and responses. You can use it to remove headers that may violate your privacy, or that cause interoperation issues. For example, this configuration removes Cookie headers sent to a well-known web advertising company:

acl DC dstdomain .doubleclick.net

header_access Cookie deny DC

The header-name field must be one of the HTTP headers Squid knows about or one of the keywords Other or All. Squid currently knows the following HTTP headers:

Accept

 Accept-Charset

 Accept-Encoding

Accept-Language

 Accept-Ranges

 Age

Allow

 Authentication-Info

 Authorization

Cache-Control

 Connection

 Content-Base

Content-Encoding

 Content-Language

 Content-Length

Content-Location

 Content-MD5

 Content-Range

Content-Type

 Cookie

 Date

ETag

 Expires

 From

Host

 If-Match

 If-Modified-Since

If-None-Match

 If-Range

 Last-Modified

Link

 Location

 Max-Forwards

Mime-Version

 Negotiate

 Pragma

Proxy-Authenticate

 Proxy-Authentication-Info

 Proxy-Authorization

Proxy-Connection

 Public

 Range

Referer

 Request-Range

 Retry-After

Server

 Set-Cookie

 Title

Transfer-Encoding

 Upgrade

 User-Agent

Vary

 Via

 WWW-Authenticate

Warning

 X-Accelerator-Vary

 X-Cache

X-Cache-Lookup

 X-Forwarded-For

 X-Request-URI

X-Squid-Error

Unfortunately, you can't refer to an unknown header individually. The best you can do is use the keyword Other to refer to all unknown HTTP headers. The keyword All refers to all (known and unknown) HTTP headers.

Note that if you deny the Via header, Squid can't detect forwarding loops (see Section 10.2).

Removing headers from requests and responses is a violation of HTTP.

header_access header-name allow|deny [!]ACLname ...

header_access From deny All