# Remove 'vanity' headers which don't contain debugging information,
# nor are they standard headers recognised by browsers
unset beresp.http.server;
unset beresp.http.x-generator;
unset beresp.http.via;

# Remove any upstream CORS headers which we're likely to want
# to set at the edge, specific to the requesting origin
unset beresp.http.access-control-allow-origin;
unset beresp.http.access-control-allow-credentials;
unset beresp.http.access-control-allow-methods;
unset beresp.http.access-control-max-age;

# Remove platform-specific proprietary headers
unset beresp.http.x-github-request-id;
unset beresp.http.x-amz-delete-marker;
unset beresp.http.x-amz-id-2;
unset beresp.http.x-amz-request-id;
unset beresp.http.x-amz-version-id;
unset beresp.http.x-goog-component-count;
unset beresp.http.x-goog-expiration;
unset beresp.http.x-goog-generation;
unset beresp.http.x-goog-metageneration;
unset beresp.http.x-goog-stored-content-encoding;
unset beresp.http.x-goog-stored-content-length;