I've created a patch to add support for the artifactory HTTP headers:
to the file resource, when used with an http source. I've also enabled sha1 support as a checksum type. This was already in the code, and with the open source version of artifactory it is the strongest checksum type available.
The code will prioritize sha256, then sha1, then md5 from artifactory, then content-md5 from apache digest.
This reduces resource flapping if the source is an artifactory server.
A newer PR was filed in https://github.com/puppetlabs/puppet/pull/5707