That's nothing to do with ASP.NET; those headers are being sent the client.
The order in which header fields with differing field names are received is not significant. However, it is "good practice" to send general-header fields first, followed by request-header or response-header fields, and ending with the entity-header fields.
Most clients will put "general" headers - like
Connection
and
Keep-Alive
- before any other headers.
Relying on headers being sent in a specific order is extremely fragile, and will break almost immediately.
Instead, you should test whether the headers dictionary contains the expected header:
public async Task Invoke(HttpContext httpContext)
{
if (!httpContext.Request.Headers.ContainsKey("UserKey"))
{
throw new InvalidOperationException("Required header is missing.");
}
await _next(httpContext);
}