A typical HTTP response from XC LB:

HTTP/1.1 200 OK

date: Tue, 05 Sep 2023 23:31:43 GMT

content-type: text/html

content-length: 150

server: volt-adc

x-request-id: 0ee5193d69351fd898e2897835004589


x-envoy-upstream-service-time: 42

x-volterra-location: ny8-nyc

Note that the header names are all lowercase.

This is entirely compliant, but it is unusual. Unusual is undesirable: having such a distinct characteristic makes it trivial for bad actors to discern that a given application is run through F5 XC by observing the lowercase headers. It is an unnecessary disclosure.

The same HTTP response should be formatted:

HTTP/1.1 200 OK

Date: Tue, 05 Sep 2023 23:31:43 GMT

Content-Type: text/html

Content-Length: 150

Server: volt-adc

X-Request-Id: 0ee5193d69351fd898e2897835004589


X-Envoy-Upstream-Service-Time: 42

X-Volterra-Location: ny8-nyc