I have a very vague recollection that the Authorization header is special, and gets consumed by the http server. There is another forum post that suggests this is true, however, I have poked around in github and cannot find anything in logstash or netty that consumes it.
Sadly I cannot find the thread I recall from a couple of years ago on this subject.