If you use one of the setAuthorizationHeaderField*
methods on the http client to add the authorisation then calling clearAuthorizationHeader
is the correct approach to take.
If you explicitly set the header or parameter then you need to clear that header or stored attribute.