How to send only whitelisted http headers to backend?

[Jeff Potter]

Hi All,

This seems like an easy task, but I haven’t been able to figure out how to do it or find any posts online. Is there a way to only send certain headers to a backend? 

I.e. in our application, we know we only need X-Forwarded-For and Cookie headers. I know I can unset other known headers (User-Agent, etc) — but how can I unset *all* other headers?

(We’re on VCL format 4.0.)

Thanks!
-Jeff