Set strict header to false. Closes #5436

This allows the application continue loading if a request has a cookie
that is in violation of RFC 6265.

Fixes #5525

src/server/http/index.js

@@ -14,6 +14,9 @@ module.exports = function (kbnServer, server, config) {
   var connectionOptions = {
     host: config.get('server.host'),
     port: config.get('server.port'),
+    state: {
+      strictHeader: false
+    },
     routes: {
       cors: config.get('server.cors')
     }