Difference between CL.0 Desync and HTTP Pipelining?

Question

I am trying to decide if my server is vulnerable to CL.0 Desync attack. I did some tests but not sure if it is normal behavior of HTTP pipelining or CL.0 Desync.

Tool: Blurp Community Edition

query 1:

POST /login HTTP/1.1
Host: 127.0.0.1
Referer: https://127.0.0.1
Content-Length: 0


GET /api/status HTTP/1.1
Host: 127.0.0.1
Connection: keep-alive

Response:

HTTP/1.1: 401 Unauthorized
Set-Cookie: ....
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Cache-Control: must-revalidate,no-cache,no-store
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Length: 74

HTTP Status 401 - Full authentication is required
HTTP/1.1: 401 Unauthorized
Date: Wed, ...
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Length: 74

HTTP Status 401 - Full authentication is required

401 is expected for both endpoints because no token is passed.

query 2:

POST /login HTTP/1.1
Host: 127.0.0.1
Referer: https://127.0.0.1


GET /api/status HTTP/1.1
Host: 127.0.0.1
Connection: keep-alive

Response:

HTTP/1.1: 401 Unauthorized
Date: Wed, ...
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Length: 74

HTTP Status 401 - Full authentication is required

I am not sure for query 1, if it is just normal pipelining behavior. What's the difference anyway?

Thank you.