diff --git a/aws-sdk-core/lib/aws-sdk-core/signers/v4.rb b/aws-sdk-core/lib/aws-sdk-core/signers/v4.rb
index f884d4d8a5d..b85c26e8358 100644
--- a/aws-sdk-core/lib/aws-sdk-core/signers/v4.rb
+++ b/aws-sdk-core/lib/aws-sdk-core/signers/v4.rb
@@ -5,6 +5,27 @@ module Aws
   module Signers
     class V4
 
+      BLACKLIST_HEADERS = [
+        'cache-control',
+        'content-length',
+        'expect',
+        'max-forwards',
+        'pragma',
+        'range',
+        'te',
+        'if-match',
+        'if-none-match',
+        'if-modified-since',
+        'if-unmodified-since',
+        'if-range',
+        'accept',
+        'authorization',
+        'proxy-authorization',
+        'from',
+        'referer',
+        'user-agent'
+      ]
+
       def self.sign(context)
         new(
           context.config.credentials,
@@ -162,7 +183,9 @@ def normalized_querystring(querystring)
       def signed_headers(request)
         request.headers.keys.inject([]) do |signed_headers, header_key|
           header_key = header_key.downcase
-          signed_headers << header_key unless header_key == 'authorization'
+          unless BLACKLIST_HEADERS.include?(header_key)
+            signed_headers << header_key
+          end
           signed_headers
         end.sort.join(';')
       end
@@ -171,7 +194,7 @@ def canonical_headers(request)
         headers = []
         request.headers.each_pair do |k,v|
           k = k.downcase
-          headers << [k,v] unless k == 'authorization'
+          headers << [k,v] unless BLACKLIST_HEADERS.include?(k)
         end
         headers = headers.sort_by(&:first)
         headers.map{|k,v| "#{k}:#{canonical_header_value(v.to_s)}" }.join("\n")
diff --git a/aws-sdk-core/spec/aws/signers/v4_spec.rb b/aws-sdk-core/spec/aws/signers/v4_spec.rb
index 9a31a9a38e8..d5182ab495a 100644
--- a/aws-sdk-core/spec/aws/signers/v4_spec.rb
+++ b/aws-sdk-core/spec/aws/signers/v4_spec.rb
@@ -99,7 +99,7 @@ module Signers
           http_request.headers['Bar2'] = '"bar  bar"'
           http_request.body = StringIO.new('http-body')
           http_request.headers['Content-Length'] = 9
-          expect(sign.headers['Authorization']).to eq('AWS4-HMAC-SHA256 Credential=akid/20120102/REGION/SERVICE/aws4_request, SignedHeaders=bar;bar2;content-length;foo;host;x-amz-content-sha256;x-amz-date, Signature=6b40912702f78866fcd13804e2bc2703bf5f73264ebe0fa54a28d16bcdddb88c')
+          expect(sign.headers['Authorization']).to eq('AWS4-HMAC-SHA256 Credential=akid/20120102/REGION/SERVICE/aws4_request, SignedHeaders=bar;bar2;foo;host;x-amz-content-sha256;x-amz-date, Signature=7066fb1a3fd7e436114d029b208143fdba353169990d430be4562a9c1d2749d5')
         end
 
       end
@@ -116,6 +116,16 @@ module Signers
           expect(signer.signed_headers(http_request)).to eq('abc;mno;xyz')
         end
 
+        it 'ignores certain headers such as user-agent and cache-control' do
+          http_request.headers = {}
+          http_request.headers['Xyz'] = '1'
+          http_request.headers['Abc'] = '2'
+          http_request.headers['Mno'] = '3'
+          http_request.headers['Cache-Control'] = '4'
+          http_request.headers['User-Agent'] = '5'
+          expect(signer.signed_headers(http_request)).to eq('abc;mno;xyz')
+        end
+
       end
 
       context '#canonical_headers' do