We had to entirely remove the VIA header for some web servers. Yahoo and Flickr are on that list.
Via headers are used to identify which proxy the traffic has gone through in order to avoid a proxy loop.
There is a possibility that the same request could go though the same proxy again and again. That is why each proxy should put a unique identifier into the header to identify itself.
However, if the routing of your traffic is simply enough, why not just remove the Via header entirely?
Alternatively, you don't have to use the header named "Via" it can be anything. I use a custom header to perform the same task, X-MWG-Via, and populate it with the UUID of the system it traversed.
i did some Investigation for Flickr, a Yahoo company | Flickr - Photo Sharing!. I saw the same behavior. When doing a check with "policy tracing central" on the first look it Looks like a wrong HTTP 301 Redirect Response from flickr.com.I have not decrypted the SSL traffic for deeper inspection. The only thing i noticed in the packet capture...
I found a info about this protocol: http://www.chromium.org/spdy/spdy-whitepaper
Could this protocol produce some Problems?
Spdy had been pushed by Google, and implemented in most modern browsers. It has now been superseded by HTTP2, to which Google engineers had contributed significantly. Google has since announced to abandon Spdy in favor of HTTP2.
I do not think it's related to this issue with Flickr and Yahoo.
By the way, in response to Erik's post... we also use a Rule Set here to mask the full proxy info. Still using the standards VIA header but removing it first and populating it with a custom string that allows us to track which node was processing the traffic, and enable us to catch a loop in a subsequent rule.