Some are authentication headers (missing some structure, no expire tag, wrong signature), some are simple headers when mirroring (no size, or content type, or hash mismatch), some upload with wrong content type or generic one, and so on and so forth 😂
Discussion
oh yeah... http metadata, its annoying how every client / http implementation includes different defaults. the browser will automatically include a lot of extra headers where as curl wont add anything
It might be worth being more strict on things like bad auth headers or missing content-length header since that "might" help the clients start to implement those things