Pero por seguridad, como el server no sabe que está detrás de un proxy confiable, no interpretará esos headers.

/// note | Detalles Técnicos

Los headers del proxy son:

* <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-For" class="external-link" target="_blank">X-Forwarded-For</a>

Mas, por segurança, como o servidor não sabe que está atrás de um proxy confiável, ele não interpretará esses headers.

/// note | Detalhes Técnicos

Os headers do proxy são:

     */
    @JvmField
    val FORCE_CACHE = commonForceCache()

    /**
     * Returns the cache directives of [headers]. This honors both Cache-Control and Pragma headers
     * if they are present.
     */
    @JvmStatic
    fun parse(headers: Headers): CacheControl = commonParse(headers)
  }

    response = client.get("/users/me", headers={"Authorization": "Bearer nonexistent"})
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_incorrect_token_type(client: TestClient):
    response = client.get(
        "/users/me", headers={"Authorization": "Notexistent testtoken"}
    )

## Headers reenviados por el proxy { #proxy-forwarded-headers }

Al usar un proxy para gestionar HTTPS, tu **servidor de aplicaciones** (por ejemplo Uvicorn vía FastAPI CLI) no sabe nada sobre el proceso HTTPS, se comunica con HTTP simple con el **TLS Termination Proxy**.

    assert response.headers["WWW-Authenticate"] == "Digest"


def test_security_http_digest_incorrect_scheme_credentials():
    response = client.get(
        "/users/me", headers={"Authorization": "Other invalidauthorization"}
    )
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Digest"

  /** The HTTP {@code Access-Control-Request-Headers} header field name. */
  public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";

  /** The HTTP {@code Access-Control-Request-Method} header field name. */
  public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";

  /** The HTTP {@code Authorization} header field name. */

 */
interface TrailersSource {
  @Throws(IOException::class)
  fun peek(): Headers? = null

  @Throws(IOException::class)
  fun get(): Headers

  companion object {
    @JvmField
    val EMPTY: TrailersSource =
      object : TrailersSource {
        override fun peek() = Headers.EMPTY

        override fun get() = Headers.EMPTY
      }
  }

from fastapi import FastAPI, Header
from pydantic import BaseModel

app = FastAPI()


class CommonHeaders(BaseModel):
    host: str
    save_data: bool
    if_modified_since: str | None = None
    traceparent: str | None = None
    x_tag: list[str] = []


@app.get("/items/")
async def read_items(headers: CommonHeaders = Header()):

    }

  fun assertHeader(
    name: String,
    vararg values: String?,
  ) = apply {
    assertThat(response!!.headers(name)).containsExactly(*values)
  }

  fun assertHeaders(headers: Headers) =
    apply {
      assertThat(response!!.headers).isEqualTo(headers)
    }

  fun assertBody(expectedBody: String) =
    apply {
      assertThat(body).isEqualTo(expectedBody)
    }