javascript – Blacklisted Param/Header Names in NodeJS?

I’ve experienced a behavior where I would specify a header/parameter with a certain name in the request and send it to the Node application (using Postman/BurpSuite), but it doesn’t appear in the request body/headers in the application’s controller. I suspect it’s a NodeJS builtin security feature, but I’m not sure.

Are there blacklisted header/parameter names in NodeJS?