Every HTTP request from every device passes through several third party servers on its way to and from the destination server

It would be trivial for any server along the way to intercept and modify the unencrypted HTTP traffic.

Verizon recently made news for injecting customer-specific tracking codes in HTTP Headers.

MyHeaders.info makes two HTTP requests. One HTTP and one HTTPS. If the headers are different between those requests something may be modifying your traffic.