reverse proxy mapping of server with strict header checking

We are trying to map a number of separately developed apps onto the same domain with each app in a subdomain, so users can request https://.ourdomain.com/ and get directed to the correct app.

Apps we developed are in pools in our own hosting and working fine. We also need to map one app developed by a third party and hosted externally (https://thirdpartyapp.theirdomain.com/).

We have the ip address of this third party app in a pool and the traffic is flowing correctly but some browsers set headers which cause resource requests that follow the initial connection to receive a 403 FORBIDDEN response.

Unfortunately I don't have access to the Big-IP - it's a managed service, so writing and debugging iRules is a slow process.

What I need help with... Does this iRule effectively substitute headers in the outgoing request? I know the replace works, but how do I know these are the headers going over to the other end (I have no access to F5 or to 3rd party server).

{
        set uri [HTTP::uri]
        set httpver [HTTP::version]
        set headers [HTTP::header names]
        array unset request
        array set request {uri $uri}
        foreach header $headers {
          regsub -all {externalapp.ourdomain.com} [HTTP::header $header] prod-thirdpartyapp.theirdomain.com newheadervalue
          set request($header) $newheadervalue
                        }
    set ENCRYPT 1;pool POOL-thirdparty-443-external;snat [IP::local_addr] 
 }

I know the regsub is replacing the headers correctly. Where I am losing confidence is that I can't see the request headers of the outbound connection to the third party server.

Do I need to write the headers back into HTTP::header or does "set request" do that for the outbound request - i.e. is request a special object on the F5 that automatically sets the server side https request?

Thanks for your help