This is what the clients sees. In this case the client was Chrome 32.0.1700.77.
Modsec on, Custom-Header
is not passed
HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Wed, 04 Jun 2014 18:07:40 GMT
Content-Type: application/json
Content-Length: 36
Connection: keep-alive
Modsec off, Custom-Header
is passed
HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Wed, 04 Jun 2014 18:20:02 GMT
Content-Type: application/json
Content-Length: 36
Connection: keep-alive
Custom-Header: y-u-no-work