As currently implemented ServletServerHttpResponse.getHeaders().containsKey(String) always returns false for any pre-existing headers in the underlying HttpServletResponse. We should override the containsKey method or modify how the parent HttpHeaders class behaves so that the HttpServletResponse is consulted.
I'm logging this issue pretty quickly so I don't forget. There may be other methods on ServletResponseHttpHeaders that need fixed.
Note that this impacts the fix for #18124 since the intent is to only set the Content-Disposition if it has not been set.