These are the headers that are used by attackers to exploit Log4J critical zero day vulnerability in Java applications. Since this includes almost all the headers we know off this might be difficult for admins to block the requests with the headers that wont be requested normally!
Authorization
Cache-Control
Cf-Connecting_ip
Client-Ip
Contact
Cookie
Forwarded-For-Ip
Forwarded-For
Forwarded
If-Modified-Since
Originating-Ip
Referer
True-Client-Ip
User-Agent
X-Api-Version
X-Client-Ip
X-Forwarded-For
X-Leakix
X-Originating-Ip
X-Real-Ip
X-Remote-Addr
X-Remote-Ip
X-Wap-Profile
Authorization: Basic
Authorization: Bearer
Authorization: Oauth
Authorization: Token