@jokeyrhyme I don’t think that is a correct interpretation, see in the same section
12. The request MAY include any other header fields, for example,
cookies [RFC6265] and/or authentication-related header fields
such as the |Authorization| header field [RFC2616], which are
processed according to documents that define them.
This explicitly mentions
Authorization I want to use here, but allows for other fields as well.