I don't know of any way to log the outbound headers, but yes I've logged and sent the card processor the response headers.
I assume app engine urlfetch adds some headers on outbound but I can't see how that would matter.
Stumped. Waiting for their reply after they look into it.
Can I assume that outbound https with java8 native is "unmolested" or does google still intercept requests and responses?