Current RateLimit-Policy fields look like this

RateLimit-Policy: "burst";q=100;w=60,"daily";q=1000;w=86400

The quota policy item is a SF String and so it must be quoted. If instead it was a SF Token, the field would look like this.

RateLimit-Policy: burst;q=100;w=60,daily;q=1000;w=86400

The decision to use string was based on the following text,

Note that Tokens are defined largely for compatibility with the data model of existing HTTP fields and may require additional steps to use in some implementations. As a result, new fields are encouraged to use Strings.

https://www.rfc-editor.org/rfc/rfc9651#section-3.3.4

If anyone has a good reason why we should change this, add a comment here.