Artifactory will not verify checksums sent by clients and will trust the server's locally calculated checksums. An uploaded artifact is immediately available for use, but integrity might be compromised.
This policy is a bit riskier since the server will never compare the checksum that Artifactory calculated based on the file content to the checksum that the client uploaded.
Here's an example of how to deploy a file using Curl with the checksum header but without the actual bytes:
curl -uadmin:password -T file.jar -H "X-Checksum-Sha1:c9a355147857198da3bdb3f24c4e90bd98a61e8b""http://localhost:8081/artifactory/libs-release-local/file.jar" -i