Akamai will block you if you have the wrong order.

$ curl -v -H "$UA" -H "$ACCEPT" -H "$ENCODING" $URL |& grep '< HTTP'
< HTTP/1.1 403 Forbidden
$ curl -v -H "$ACCEPT" -H "$UA" -H "$ENCODING" $URL |& grep '< HTTP'
< HTTP/1.1 301 Moved Permanently

They use the implicit ordering of specific clients to detect malicious user agents. See my blog the topic:

http://gwillem.gitlab.io/2017/05/02/http-header-order-is-important/

I my experience with Chrome's webRequest api, there is never any guaranteed order of http headers. So, on that front, header order doesn't matter.

The order of HTTP Headers doesn't matter for headers with different names. If there are multiple headers with the same name, however, the order is important.

See RFC 2616

The order in which header fields with differing field names are received is not significant. However, it is "good practice" to send general-header fields first, followed by request-header or response- header fields, and ending with the entity-header fields.

Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy MUST NOT change the order of these field values when a message is forwarded.