Yes, this is confusing me too… I have compared the XLF that gets in to HAG and the one that gets out and I completely agree with you that there is nothing that should need rewriting. Anyway when I look at them I see that all the xml is exactly the same, but HAG has added the letters “8ca” in before it, which naturally breaks the md5 checking. I’ll check again with the support if they know what the heck that is…
Say you had an embedded webpage in the XLF that mentioned the IP the HAG is rewriting for, then it would rewrite that for example as I understand it from what Daniel has said. And yes, Sendfile will be in use via Docker.
Understood - i’m curious to see where the 8ca comes from and what it means 
Turning sendfile mode off might improve this situation, because all files will be base64 encoded.