A typical HTTP response from XC LB:
HTTP/1.1 200 OK
date: Tue, 05 Sep 2023 23:31:43 GMT
content-type: text/html
content-length: 150
server: volt-adc
x-request-id: 0ee5193d69351fd898e2897835004589
x-envoy-upstream-service-time: 42
x-volterra-location: ny8-nyc
Note that the header names are all lowercase.
This is entirely compliant, but it is unusual. Unusual is undesirable: having such a distinct characteristic makes it trivial for bad actors to discern that a given application is run through F5 XC by observing the lowercase headers. It is an unnecessary disclosure.
The same HTTP response should be formatted:
HTTP/1.1 200 OK
Date: Tue, 05 Sep 2023 23:31:43 GMT
Content-Type: text/html
Content-Length: 150
Server: volt-adc
X-Request-Id: 0ee5193d69351fd898e2897835004589
X-Envoy-Upstream-Service-Time: 42
X-Volterra-Location: ny8-nyc