Mas, por segurança, como o servidor não sabe que está atrás de um proxy confiável, ele não interpretará esses headers.

/// note | Detalhes Técnicos

Os headers do proxy são:

Pero por seguridad, como el server no sabe que está detrás de un proxy confiable, no interpretará esos headers.

/// note | Detalles Técnicos

Los headers del proxy son:

* <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-For" class="external-link" target="_blank">X-Forwarded-For</a>

    response = client.get(
        "/items?token=jessica", headers={"X-Token": "fake-super-secret-token"}
    )
    assert response.status_code == 200
    assert response.json() == {
        "plumbus": {"name": "Plumbus"},
        "gun": {"name": "Portal Gun"},
    }


def test_items_with_no_token_jessica(client: TestClient):
    response = client.get("/items", headers={"X-Token": "fake-super-secret-token"})

import org.dbflute.cbean.result.PagingResultBean;
import org.dbflute.optional.OptionalEntity;

import jakarta.annotation.Resource;

/**
 * Service class for managing request headers used in web crawling configurations.
 * This service provides CRUD operations for request headers that are applied
 * during web crawling to configure HTTP request behavior.
 *
 */
public class RequestHeaderService {

    /**

    List<Class<? extends AbstractTester>> testers = copyToList(super.getTesters());
    testers.add(SetMultimapAsMapTester.class);
    testers.add(SetMultimapEqualsTester.class);
    testers.add(SetMultimapPutTester.class);
    testers.add(SetMultimapPutAllTester.class);
    testers.add(SetMultimapReplaceValuesTester.class);
    return testers;
  }

  @Override
  TestSuite computeMultimapGetTestSuite(

Este **proxy** normalmente configuraría algunos headers HTTP sobre la marcha antes de transmitir el request al **servidor de aplicaciones**, para hacerle saber al servidor de aplicaciones que el request está siendo **reenviado** por el proxy.

/// note | Detalles técnicos

Los headers del proxy son:

    response = client.get("/users/me", headers={"Authorization": "Bearer nonexistent"})
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_incorrect_token_type(client: TestClient):
    response = client.get(
        "/users/me", headers={"Authorization": "Notexistent testtoken"}
    )

    else -> null
  }
}

fun CookieJar.receiveHeaders(
  url: HttpUrl,
  headers: Headers,
) {
  if (this === CookieJar.NO_COOKIES) return

  val cookies = Cookie.parseAll(url, headers)
  if (cookies.isEmpty()) return

  saveFromResponse(url, cookies)
}

/**
 * Returns true if the response headers and status indicate that this response has a (possibly
 * 0-length) body. See RFC 7231.
 */

	public final fun addUnsafeNonAscii (Ljava/lang/String;Ljava/lang/String;)Lokhttp3/Headers$Builder;
	public final fun build ()Lokhttp3/Headers;
	public final fun get (Ljava/lang/String;)Ljava/lang/String;
	public final fun removeAll (Ljava/lang/String;)Lokhttp3/Headers$Builder;
	public final fun set (Ljava/lang/String;Ljava/lang/String;)Lokhttp3/Headers$Builder;

    assert response.headers["WWW-Authenticate"] == "Digest"


def test_security_http_digest_incorrect_scheme_credentials():
    response = client.get(
        "/users/me", headers={"Authorization": "Other invalidauthorization"}
    )
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Digest"