When relying on specific headers and/or cookies to be set for specific calls, it would be useful to have validation for those as well.