Authorization header stripped when doing SigV4 in CloudFront function?

I was attempting to add SigV4 headers using cloudfront functions (not lambda@edge) to invoke a protected IAM Lambda function url origin. My origin behavior is the recommended settings for a lambda function url with caching disabled and send all headers but host. CloudFront is not sending the 'Authorization' header to my origin iff the value looks like SigV4 and I set the X-Amz-Date header. Is CF intentionally blocking this or is it a bug? The following table shows what I'm setting the headers to in my cloudfront function and what is received at the origin.

Additionally, if I set a header other than Authorization (i.e. use the header name my-authorization) to a SigV4 value, it makes it to the origin regardless of any other headers.

What is strange about this, is that when using Lambda@Edge, the authorization header is not blocked. Something like this works fine.

The way I was determining what made it to my origin was to turn off IAM on my Lambda URL origin and have it dump the headers it received. Using various permutations of this function on my viewer request I tested the different combinations to see what made it to the origin.

function handler(event) {
    let request = event.request;
    request.headers['x-amz-date'] = {value:'20240208T172448Z'};
    request.headers['third'] = {value:'thirdvalue'};
    request.headers['authorization'] = {value: 'AWS4-HMAC-SHA256 Credential=AKIAUVNOIOZWO3SOQDHA/20240208/us-east-1/lambda/aws4_request, SignedHeaders=host, Signature=4b10a98f09b54361a7a121b2dbb2bc97ad15a88f762ce7056d737693a006baaf'};
    request.headers['my-authorization'] = {value: 'AWS4-HMAC-SHA256 Credential=AKIAUVNOIOZWO3SOQDHA/20240208/us-east-1/lambda/aws4_request, SignedHeaders=host, Signature=4b10a98f09b54361a7a121b2dbb2bc97ad15a88f762ce7056d737693a006baaf'};
    //request.headers['authorization'] = {value: 'arbitrary'};
    return request;
}

If you want to see the full code I'm running to do SigV4 from a cloudfront function it's here.