Importance of User-Agent and X-Forwarded-For headers in trusted application authentication

I have a requirement to authenticate users inside a back-end application. According to documentation in https://developer.okta.com/docs/reference/api/authn, it seems I should be using the trusted application authentication.

In the example given for trusted application authentication, there are headers for User-Agent and X-Forwarded-For to pass information to Okta about the end user.

From a quick test I did, it does not seem to be mandatory to have those two headers for a successful authentication. For example, the following request succeeds:

curl -X POST \
  https://mydomain.okta.com/api/v1/authn \
  -H 'Accept: application/json' \
  -H 'Authorization: SSWS MyAPIToken' \
  -H 'Content-Type: application/json' \
  -d '{
  "username": "user@example.com",
  "password" : "correcthorsebatterystaple"
}  '

(Note that I have a SSWS header but no X-Forwarded-For or User-Agent headers set in the request)

My questions are:

  1. What would be the impact of not passing through User-Agent and X-Forwarded-For headers?

  2. It is possible that Okta would start rejecting requests with high volume of authentication requests originating from my back-end application? (Legitimate volume due to multiple users trying to authenticate themselves)

According to Okta support team, these two headers only matters for matrics, but not the actual authentication function.