Cloudfront not sending If-None-Match to my origin

I'm trying to configure Cloudfront to send an If-None-Match to my custom origin when a resource expires, so that I can respond with a 304 if nothing has changed. For some reason, I'm unable to get Cloudfront to do so.

My origin responds with these headers:

HTTP/2 200 
content-type: application/json; charset=utf-8
content-length: 181691
access-control-allow-origin: *
cache-control: max-age=5
date: Fri, 17 Feb 2023 21:16:49 GMT
x-content-type-options: nosniff
x-frame-options: DENY
etag: W/"15-mbAPvGdFm9PuCZHJFTtrwm@3"
vary: Accept-Encoding

So, sending cache-control of 5 seconds and a weak e-tag.

My cloudfront cache policy has min ttl of 1, forwards headers Origin and a few x- ones, forwards all query strings. No cookies. Compression is turned on.

My origin request policy is "AllViewer".

The request is traveling to Cloudfront, which goes through a classic AWS load balancer, which hits a kubernetes pod that handles and sends the response.

For some reason, Cloudfront never sends an If-None-Match header to my origin when resource expires. If I manually specify an If-None-Match header in my request in a curl command to Cloudfront, my origin does see it and responds correctly. No no intermediate hop is removing the If-None-Match header, so it must be that Cloudfront is not sending it in the first place.

Any ideas what could be wrong? I've been pouring over the documentations but have not found anything that worked.

Thanks!

Turns out the reason is the Origin Request Policy. I had picked "All Viewer" which would've forwarded all headers / queries / cookies to the origin. However, this also prevented Cloudfront from sending if-none-match! Setting no Origin Request Policy fixed the issue...