How do I return just the Http header from tshark?

You can use the specific HTTP header display filters to show either just the request headers, just the response headers or both.

For just the request headers:

tshark tcp port 80 or tcp port 443 -V -R "http.request"

For just the response headers:

tshark tcp port 80 or tcp port 443 -V -R "http.response"

And for both the request and response headers:

tshark tcp port 80 or tcp port 443 -V -R "http.request || http.response"

Note: This does not filter out just the headers, just the packets that contain the headers, so you will likely still get some data, but the amount of data should be less than you would otherwise.

In fact you can! All previous answers were very close. All you need is -O flag which filters out all the information but HTTP.

tshark -O http -R http.request tcp port 80 or tcp port 443

I was able to combine the answer from @heavyd and run it through a sed filter I got from an SO article - (F.J.'s answer) to cook up this baby, which filters out just the headers :)

sudo tshark tcp port 80 or tcp port 443 -V -R "http.request || http.response" | sed -rn '/Hypertext Transfer Protocol/{:a;N;/    \\r\\n:?/{/.*/p;d};ba}' >> /tmp/filtered