In the current version of ModSecurity, you can not edit/manipulate outbound data.
The exception here is the new Content Injection actions in Mod 2.5, however that is for response body data and it can not manipulate response headers.
In order to do what you need, you will probably need to use mod_headers - http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache