Cannot make delete headers work

Hi, I am evaluating Tyk and for that, I am doing a POC using Tyk CE installed with docker and I cannot make the transformation feature work. To build up knowledge about Tyk configuration I am trying to start with deleting a header from the response from my backend, but I am unable to do so. I am sending my API configuration below:
API Configuration

  "name": "Config-Api-Products",
  "api_id": "Config-Api-Products",
  "org_id": "1",
  "auth_configs": {
    "authToken": {
      "auth_header_name": "X-Api-Key"
  "definition": {
    "location": "header",
    "key": "X-Api-Version"
  "version_data": {
    "not_versioned": true,
    "versions": {
      "Default": {
        "name": "Default",
        "use_extended_paths": true,
        "extended_paths": {
          "transform_response_headers": [
              "path": "/api/product/list",
              "method": "GET",
              "delete_headers": ["Strict-Transport-Security"]
  "proxy": {
    "listen_path": "/api/product/list",
    "target_url": "https://my-server/api/config-api/products",
    "strip_listen_path": true
  "response_processors": [
      "name": "header_injector"
  "active": true

Below I am also attaching the request done through Tyk and the response headers:

Can anyone point me into the right direction? I’ve been reading the docs, but most of the time the docs don’t say what is in CE and what is not. The docs also don’t give you the whole path of an element inside the JSON a lot of times, so I may be missing something here.

Thank you.

Hi @rdasilva_fispan,

I noticed listen_path is stripped in the api def. So could you try removing any other header’s apart from
“Strict-Transport-Security” and let us know the result.

You can use the global scope for a quick test

"global_response_headers_remove": [