Mule 4 - Unable to override some of the values of HTTP Response headers
I am facing difficulties in overriding the list of HTTP Response headers listed below
X-Content-Type-Options (from 1 to nosniff)
X-Frame-Options (from SAMEORIGIN to deny)
Set-Cookie (add HttpOnly;Secure)
I have tried to put these values into the Listener's HTTP Response headers as well as utilizing the Header Removal and Header Injection in the API Manager policies but to no success in overriding to the intended values.
May I know how do override the HTTP Response headers? Kindly refer to the photo of the values that I have set.
API Policies
Header Removal
Header Injection
Listener's response header values in the mule project
Response header from the API call
These headers "X-Content-Type-Options", "X-Frame-Options" are injected by DLB, so not able to remove or modify at Mule app or policy level, unless not using DLB. MuleSoft has fixed it and should be available in their next release.