2.2.7.6.3 HTTP Request Restrictions
Each MIME part body which represents a single request SHOULD NOT:
Include authentication or authorization related HTTP headers because it is unlikely the infrastructure used for authentication will parse and utilize such headers.
Include Expect, From, Max-Forwards, Range, or TE headers because their contents will be ignored.
Data services can choose to disallow additional HTTP constructs in HTTP requests serialized within MIME part bodies. For example, a data service might choose to disallow chunked encoding to be used by such HTTP requests.