Many a head-scratching web application error investigation has resulted in an "a-ha" moment when you notice the `X-BlueCoat-Via` header in your logs. It does stuff like issuing GETs against URLs that only have POST handlers. It issues these random requests having procured its users' auth cookies even when the real user has since left the site.