While trying to play with AJAX I tried to add "Range" header to the request. Sniffing with wireshark revealed the "X-Removed" header.
Couldn't find anything relevant on the web. Does anyone knows what's this header?
Testcase headers (using Chrome):
GET /img/initializing.png HTTP/1.1
Host: fiddle.jshell.net
Connection: keep-alive
X-REMOVED: Range
Accept: */*
Referer: http://fiddle.jshell.net/_display/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,he;q=0.6
Range: bytes=0-
Historically, designers and implementers of application protocols have often distinguished between standardized and unstandardized parameters by prefixing the names of unstandardized parameters with the string "X-" or similar constructs (e.g., "x."), where the "X" is commonly understood to stand for "eXperimental" or "eXtension".
Under this convention, the name of a parameter not only identified the data, but also embedded the status of the parameter into the name itself: a parameter defined in a specification produced by a recognized standards development organization (or registered according to processes defined in such a specification) did not start with "X-" or similar constructs, whereas a parameter defined outside such a specification or process started with "X-" or similar constructs.
"X-" headers are "non-standard headers" that is defined by the developer, and can mean anything they like it to mean, they don't really have to follow any standards as there is non.
However some X- headers are common, such as X-Requested-With which is sent with Ajax requests in all the widely used frameworks, like jQuery, and X-Frame-Options and X-Powered-By that is supported by most browsers, or the IE specific X-UA-Compatible but they are still not standardized headers.
In other words, any "X-" header is valid, and using the "X-" prefix means it's not a standard header, and it could do anything really.
I cannot verify your test case, since it throws a FileError before even attempting the XHR.
Just a hunch: disable all Chrome extensions you might have installed and try your test case again. This might be a case of an overzealous security / privacy / adblocking extension at work.