Checklist

• I added a descriptive title
• I searched open reports and couldn't find a duplicate

What happened?

Looks like the logic for custom HTTP headers is not checking which headers are passed from plugins (only making sure that the headers from requests are added last to avoid overwrites), which might lead to unexpected network errors if someone is not careful.

I wonder if we should prevent some known headers from being set from plugins; e.g. https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_request_header.

Conda Info

Conda Config

Conda list

Additional Context

No response