I\'m trying to understand why \'authorizationtoken\' header is forwarded to my backend, though my CloudFront configuration behavior is configured as whitelist and it is NOT
