Leading tab in header name: Authorization

I have a violation / suggestion a detection of Leading tab in header named: "Authorization"

When I look at the request, I don't see the "TAB" in the header name. I expect to see something like this:

"    Authorization"

But, what I see is header named "Authorization"

I'm wondering whether the meaning here is header context or is there something else I'm missing.

Here is the request and F5 log:

BIG-IP Application Security Manager
Security Events Report
Exported on: 2024-08-11 16:40:22 | Exported by: 
Hostname: F5-AWAF | IP Address: 
Support ID: 5162895
Request Details
Requested URL [HTTPS] /ag/logout
Time     2024-08-11 15:46:57
Enforcement Action      Block
Enforced By      Application Security Policy
Violation Rating 1  Request is most likely a false positive
Attack Types     Detection Evasion
Geolocation      
Source IP Address   9.5.8.6.:53483
Device ID          N/A
Username         N/A
Session ID         ad8a5466e66666b6
Source IP Intelligence    N/A
Security Policy   /Common/SWAF
Virtual Server    /Common/s
Request Status  
Blocked
Blocking Exception Reason        N/A
Accept Status    Not Accepted
Host     s.co
Destination IP Address   16.16.16.6:443
Response Status Code   N/A
Protocol Info     HTTP/1.1
Severity            Error
Signatures CVEs N/A
Detected Violations
Attack signature detected [1]
Request
Request actual size: 1337 bytes.
GET /Ag/logout HTTP/1.1
Host: s.co.
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
sec-ch-ua: "Not)A;Brand";v="99", "Google Chrome";v="127", "Chromium";v="127"
Pragma: no-cache
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
Authorization: ************************************************************************************************************************************************************************************************
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
If-Modified-Since: 0
Expires: 0
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://s.co/Ag/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en,en-US;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: _ga=GA1.1.6666663693.6666667143; SL_C_23361dd035530_SID={"666666":{"sessionId":"6666-T6666666","visitorId":"666666HGfeRq"}}; _ga_QX6666666=GS1.1.6666661357.0.0; TS014666666
X-Forwarded-For: 6.6.6.6

Response
No response details are available because request was blocked
Violation Details
Attack signature detected [1]
Detected Keyword         
**** (sensitive data masked)
Attack Signature            ID
200018064

Name
Leading tab in header name

Context Header
Header Name   Authorization
Header Value    *****
Applied Blocking Settings           Block Alarm Learn
Violation Description
Description
The system examines the HTTP message for known attacks by matching it against known attack patterns.

Severity
Error