Cannot apply filter to egress gateway

The service mesh leaks x-envoy* headers outside of the mesh. To prevent this I’m trying to apply this filter:

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: egress-filter
  namespace: istio-system
spec:
  workloadSelector:
    labels:
      app: istio-egressgateway
  configPatches:
  - applyTo: HTTP_FILTER
    match:
      context: GATEWAY
      listener:
        filterChain:
          filter:
            name: "envoy.http_connection_manager"
            subFilter:
              name: "envoy.router"
    patch:
      operation: MERGE
      value:
        name: "envoy.router"
        typed_config:
          "@type": "type.googleapis.com/envoy.config.filter.http.router.v2.Router"
          suppress_envoy_headers: true

This doesn’t seem to work though as proxy-config reports the same filter chain configuration before and after applying the filter. However, if I change the workloadSelector so that the label is app: istio-ingressgateway, I do see a change in the configuration for the ingress gateway so I have no reason to believe there is a problem with the filter specification as such.

Does anyone know what might be happening here?