Looks like headers beginning with "X-" have been removed from CGI output in v10.1.
This is problematic for the Drupal CMS since it is setting its own headers for security. Here is a sample set of response headers that have been removed.
X-Generator: Drupal 8 (https://www.drupal.org)
The main one that is causing problems is X-Drupal-Ajax-Token as it is used for verification of XMLHttpRequest responses to prevent cross-site scripting attacks.