Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
X-AspNet-Version
Link
P3P
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
X-Adblock-Key
Keep-Alive
X-Frame-Options
CF-RAY
Content-Location
X-Varnish
X-Language
X-Check
X-Buckets
X-Template
X-Cacheable
Access-Control-Allow-Origin
X-Generator
X-Drupal-Cache
P3p
X-Ac
X-Hacker
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-AspNetMvc-Version
Strict-Transport-Security
X-Runtime
X-Geo-Port
X-Geo
X-Pad
X-Request-Id
X-Powered-CMS
X-Type
X-Cache-Group
X-Mod-Pagespeed
MicrosoftOfficeWebServer
X-Host
Access-Control-Allow-Credentials
X-Logged-In
Ngpass-Ngall
X-Cache-Hits
X-Cache-Lookup
X-Server
X-UA-Device
Host-Header
X-Rack-Cache
X-Iinfo
X-Pass-Why
MicrosoftSharePointTeamServices
X-Via
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Backend
Access-Control-Allow-Headers
X-CF-Powered-By
X-Tumblr-Pixel-1
Access-Control-Allow-Methods
X-Varnish-Cache
X-Seen-By
X-Served-By
X-XRDS-Location
Content-Encoding
SPRequestGuid
X-SharePointHealthScore
X-Accel-Version
X-Robots-Tag
X-Tumblr-Pixel-2
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Dc
X-Alternate-Cache-Key
X-ContextId
X-Page-Speed
X-ServedBy
X-Cnection
X-BC-Is-HA
X-INKT-SITE
X-INKT-URI
X-Webserver
X-CDN
X-MS-InvokeApp
X-PhApp
X-Safe-Firewall
Composed-By
X-FullPageCaching
X-Cache-Hit
X-Request-ID
X-Hostname
X-PC-Hit
X-PC-Key
X-Url
Served-By
X-PC-AppVer
X-PC-Host
X-PC-Date
X-Proxy-Cache
X-Ua-Compatible
X-FRAME-OPTIONS
X-Port
X-Firenze-Processing-Times
X-W-DC
X-Forwarded-For
X-FRAME-Options
X-AH-Environment
X-XN-Trace-Token
X-Tumblr-Pixel-3
X-XN-XNHTML
X-Cache-Status
X-Wix-Renderer-Server
X-Wix-Dispatcher-Cache-Hit
Cartoon
X-Wix-Request-Id
Public-Key-Pins
X-Age
Cf-Railgun
X-HeyJason
X-Amz-Cf-Id
X-Spip-Cache
Content-Security-Policy
Liferay-Portal
X-Powered-By-360WZB
Content-Script-Type
Content-Style-Type
X-Server-Name
X-Amz-Id-2
X-Amz-Request-Id
X-Cache-Info
X-Served-From-Cache
Request-Id
X-Content-Digest
SPIisLatency
SPRequestDuration
X-Umbraco-Version
X-Styx-Build-Date
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
X-Timer
X-Styx-Build-Num
X-Styx-Build-Sha
X-Styx-Version
X-Styx-Req-Id
X-SERVER
CF-Cache-Status
X-Hyper-Cache
X-FB-Debug
X-Device
X-Clacks-Overhead
X-Cache-Server
Rating
X-Cache-Result
X-Outils-CS
X-TN-ServedBy
Real-Hostname
X-DynaTrace
X-Loop
X-PHP-Engine
X-VCache
X-Tumblr-Pixel-4
TCN
Powered-By
X-PersistenceNode
X-TNCMS
X-Px
NS-RTIMER-COMPOSITE
Refresh
X-Cached-By
X-Microcachable
DynaTrace
X-Tumblr-Content-Rating
Imagetoolbar
X-Cache-Enabled
Powered-By-ChinaCache
X-CDN-Any-IP
X-CDN-Geo
X-CDN-Geo-IP
X-Generated-By
X-Cached
Page-Completion-Status
X-Content-Encoded-By
X-Mobilized-By
Access-Control-Max-Age
Product
X-Matrix-Proxy
Thanks
X-Matrix-Server
X-From
X-Tumblr-Pixel-5
X-CMS-Version
X-Loc
Magicmarker
X-Original-Content-Length
Charset
X-Powered-By-Anquanbao
X-Version
X-Xrds-Location
X-Permitted-Cross-Domain-Policies
Node
X-Content-Security-Policy
X-DynaTrace-JS-Agent
X-Backend-Server
CC-CACHE
X-DDC-Arch-Trace
IBM-Web2-Location
Pics-Label
X-Zephyr
X-FW-Hash
X-FW-Serve
X-FW-Static
X-W3TC-Minify
X-FW-Type
ServedBy
X-Content-Options
X-Jimdo-Wid
X-Jimdo-Pid
X-Firenze-Processing-Time
X-Node
Response
X-FORWARDED-FOR
Generator
X-Hits
Content-Encoding-Handler
SID
X-User-Agent
X-Varnish-Host
X-Varnish-Cacheable
X-Cache-Debug
Lsrequestid
Proxy-Agent
X-WebKit-CSP
X-Varnish-Backend
X-NoCache
X-I
X-App-Hosting
X-Purge-Host
X-Middleton-Display
X-Sol
Display
Access-Control-Request-Method
X-Original-Request
MIME-Version
X-Cache-Expires
Set-Cookie2
X-Middleton-Response
X-Drectory-Script
X-UD-Host
X-UD-Method
X-DNS-Prefetch-Control
X-Processed-By
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Passed-To-DLL
X-Actual-URL
X-Passed-To
X-Handled-By
X-Returned-From
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
Retry-After
X-Whom
X-Cache-Config
X-AspNetWebPages-Version
Sprequestguid
X-Sharepointhealthscore
RTSS
X-SDS
X-Varnish-TTL
X-ApacheServer
X-Duration
Edge-Control
Host
X-Cookie-Domain
X-Hosted-By
X-PF-Uncompressing
X-Speed-Cache
Surrogate-Control
X-SN
X-Purge-URL
X-Speed-Cache-Key
X-TTL
Content-Disposition
X-Cdn
X-Micro-Cache
ServerName
X-MiniProfiler-Ids
X-Expires-Orig
COMMERCE-SERVER-SOFTWARE
X-PERF
VAR-Cache
X-Ms-Invokeapp
Fhost
X-ATG-Version
X-Varnish-Hits
X-FIRSTBase
Accept-Encoding
X-PwB-Node
X-Nitra-Side
X-URL
X-GeoIP-Country-Code
PICS-Label
X-GeoIP-Country-Name
X-Cache-Control-Orig
IISExport
X-Director
X-Front
WWW-Authenticate
AMF-Ver
X-Response-Time
X-Swift-CacheTime
X-Swift-SaveTime
S
SN
Cm-Server
Location
Proxy-Connection
X-CJ-Soft
MJ12bot
X-Blog
SEOMOZ
X-ServerID
X-Session-Reinit
X-LiteSpeed-Cache
X-Vary-Options
X-Tumblr-Pixel-6
Filter-Revision
Server-Info
Website-Info
Cache-By-Node
X-Amz-Meta-S3cmd-Attrs
X-Cache-TTL
X-Art-Request-Id
Microsoftsharepointteamservices
X-Cache-Rule
Grace
X-Varnish-Age
Req-Id
X-HOST
ServerID
X-ServerName
Srv
X-S
X-App-Status
X-Varnish-IP
X-Country-Code
Cache
X-ACMCache
Id
X-SRV
Accept-Charset
Fpc-Cache-Id
X-Trace
X-Device-Type
X-Distil-CS
X-Microcache-Status
X-Stale
X-Cache-Operation
Rt-Fastcgi-Cache
X-Trace-Cache
X-Track
X-Time
X-Highwire-SessionId
X-Highwire-RequestId
X-Server-ID
Powered
X-Gamma-Serve
X-Engine
Qs-Cache
X-Translation
X-Domain-Checked
Nodo
X-Cluster-Node
X-Provisioner-Version
X-Cocoon-Version
X-ID
Buuteeq-Source
Ngpass-Vcall
X-App
X-Yadis-Location
X-FW
X-BackendServer
Server-Name
X-Directory-Script
A-Powered-By
X-Varnish-Object-Age
NtCoent-Length
X-Ttl
NetMindSessionID
X-Varnish-Beresp-Status
X-Srv
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-CHSN
X-Orig-Vary
Upgrade
X-LIGHTHTTP-PCDID
X-Cache-Age
X-Varnish-Server
PageSpeed
X-Transaction
X-Connection-Hash
X-Twitter-Response-Tags
Content-Security-Policy-Report-Only
Webluker-Edge
Ms
Backend
X-Src-Webcache
X-Location-Id
X-Adobe-Content
MIH-CLIENT-FARM
X-Instart-Request-ID
MIH-PLATFORM
MIH-PUBLIC-IDENTIFIER
X-Varnish-Cache-Hits
NLCacheNote
X-Geo-IP
X-Do-Not-Hack
X-Sys-Req-ID
X-Secret
Content-Transfer-Encoding
X-Frontend
X-Request-Locale
X-AOL-SNH
CT
NODE
X-FreeTag-Count
MW-Webserver
X-Resolver-IP
X-Recruiting
-GCR
X-Bettercache-Proxy
Dispatcher
X-TempDebug
BM-Cache-Key
X-Old-Content-Length
XX
BM-Cache-Node
Beyond-Iis
Content-MD5
X-Country
X-Source-ID
X-Cache-On
Ibm-Web2-Location
X-Info
X-Object-Type
X-Object-Id
X-Cache-Action
X-ServerCache-Info
X-Atraveo-Varnish-Server-Id
RATING
X-Atraveo-NC
X-Atraveo-From-Varnish-Cache
X-Atraveo-TTL
X-Grid-Server
X-Atraveo-Cache-Control
X-Geo-IP-Country
Origin
LBVIS
No
X-Powered-By-VTEX-Janus-Edge
SS
X-Geo-IP-Metro
X-VTEX-Janus-Router-Backend-App
X-Vtex-Processado-Em
X-Geo-IPV
X-VTEX-Cache-Status-Janus-Edge
X-PRAM
X-Geo-IP-Region
X-Powered-By-VTEX-Janus-Router
X-SDE-Name
X-Force
X-Powered-By-Server
X-Wily-Servlet
X-Req-Host
X-Vtex-Processed-At
X-Powered-By-VTEX-Janus-ApiCache
X-Vtex-Remote-Cache
X-VTEX-Cache-Status-Janus-ApiCache
X-Wily-Info
BM-Cache-Status
Progma
X-Varnish-HitMiss
Front-End-Https
X-REDIRECTSERVER
X-Distributed-By
X-Varnish-Count
Access-Control-Expose-Headers
X-WA-Info
X-Venda-Hitid
X-Uid
CommunityServer
X-Cache-Lifetime
If-Modified-Since
X-Header
X-Expires
X-ManagedFusion-Rewriter-Version
X-Rewritten-By
ORIGIN
X-Pre-Strip-Debug
X-WR-MODIFICATION
Machine
XDomainRequestAllowed
Apache
X-BS
X-Symfony-Cache
X-GeoIP
X-B2f-Cache-Load
X-ChromeLogger-Data
Last-Published
X-Cached-Status
X-Developer
X-MJ-Upstream-Addr
X-Origin
X-Amz-Id-1
X-Server-By
Author
X-Gannett-Site-Version
X-Content-Age
SRV
X-Frames-Options
Version
X-Web-Node
Cmstype
Cmsid
X-Turbo-Control
X-N-ViewType
X-Machine-Name
UniqueName
From
SVR
X-Cache-Set
X-Accel-Expires
B-Powered-By
SiteName
TP-Cache
TP-L2-Cache
X-Garden-Version
X-Enhanced-By
X-Router-Backend
X-UD-REMOTE-ADDR
Accept-Language
X-N
X-Webapp
X-UseReverse-Proxy
X-Origin-Id
X-UD-Target
X-UD-Loopcounter
X-Router
X-Dev
X-PvInfo
Provider
X-Jphone-Copyright
X-Cms-Mode
X-UPSTREAM
Worker
X-Varnish-Debug-Age
X-App-Container
X-Empowered-By
CP
X-Varnish-Debug-Hits
X-Block
Backend-Name-Original
Front
X-Trace-App
SIP
X-Goog-Hash
X-Varnish-Device
X-Varnish-ID
MirrorName
X-Vhost-ID
X-ORACLE-DMS-ECID
Content-Instance
X-Varnish-Cache-Local
X-Channel-Maxage
X-Catalyst
Before
X-Beatles
ExecuteNonQuerySQLParam
X-Monstercache-Timeout
After
Be-Ip
X-ACCELERATE
X-WP
X-Stage
Be-Va
IsFullSiteRequest
Render
Tpt.Renderer
X-HostName
Tpt.Renderer1
X-Id
Sophnep-Edge-FX
NnCoection
ServerConfigManager.WebBugTracker
X-Ar-Debug
Bs-Header
X-SV
X-Amz-Version-Id
ScoreTracker
X-Allow-Redis
X-Monstercache-Host
X-Monstercache-Hash
X-Varnish-Action
X-Purge-Level
X-Phpwcms-Release
X-Monstercache
X-Phpwcms-Page-Processed-In
X-CacheServer
Cteonnt-Length
Il-Cl
X-Actindo-RS
X-DTC
X-Pagename
Cluster-ID
Server2
WP-AdvCache-MemCached
X-Debug
Ksid
Rt-Server
HAVer
X-ATM-RTime
D
X-Kirra-SiteId
X-Response
HCVer
X-ATM-RServer
X-Built-By
No-Cookie
X-Hit-Cache
Www.Myjob.Se
X-EPiLogOnScreen
X-EPiLogOnScreen-PostUrl
X-B2f-Not-Route
Ram
SS-Request-ID2
Noq
X-Powered
Compression-Control
X-Vhost
Web-Server
Cpu
X-Storage
X-T3CacheInfo
X-T3CacheTags
Www.Mabracertifiering.Se
Test.Executivepeople.Se
CacheControlHeader
Www.Mirrorgate.Se
AppDynamics-BT
P3P:CP
Open.Jobgate.Se
Jobb.Assistentpoolen.Se
BM-CountryCode
X-MJ-Serve-Req-Time
Jobb.Gil.Se
Jobb.Passal.Se
X-Via-Kemp
X-SSL
Fw-Via
7e-Page-Cache
X-DefendeR-Runtime
X-DeliveryServer
LBC
X-Edge-Location
Provided-Host
X-GC-Read
X-GC-App
X-GC-Write
X-Remote-Addr
X-OPNET-Transaction-Trace
X-FS-UUID
X-Server-Id
X-Nginx-Host
Server-N
X-Li-Fabric
X-Li-Pop
X-Real-Server
X-Dynatrace
X-Client-IP
X-SilverStripe-Cache
X-LI-UUID
X-Max-Age
Nitro-Cache
X-Varnish-Cache-Server
X-Hstore
X-Hrouter
X-NginX-Server
Content
X-DSMX-Render-MS
X-Upstream
X-Snapsis-PageBlaster
X-MSEdge-Ref
X-CCM
X-Hash
X-DSMX-Rewrite-MS
X-DELIVERYSERVER
X-Vivastreet
X-Vivastreet-KiwiiPage
X-MobileDetected
X-Flex-Tag
X-Oracle-DMS-ECID
X-Flex-Community
X-Flex-Evend
X-CacheHits
X-Author
X-Drupal-Cache-Tags
X-MCB-Server
X-Varnish-URL
X-PM-ID
X-Distributor
X-Flex-Evstart
X-Flex-Lang
X-Webstats-RespID
X-T3Cache
X-DB-Content-Length
X-EdgeRouter
X-Flex-Tags
X-Flex-Lastmod
X-ESI-Enable
X-Farm-Server
X-FFX-B
X-IDS-WS
Pool
X-CacheTTL
X-NginX-Cache
Sid
Aoestatic
Copyright
Disaptch-Cache-Rule
Access-Ip
BM-Cache-Bypass
Pool-Info
X-Server-Instance
X-Artvisual-Server
SFY
X-LB
Svr
X-Full-URL
PServer
X-Route
X-Flow-Powered
LFY
Host-Service
F-In-Cache
X-UserAgent
ServerIP
POOL
X-ProcessESI
X-Brought-To-You-By
X-TTFB-L
X-TTFB
X-EPiphany-Vid
X-Instance
X-XHR-Current-Location
X-SmugMug-Values
X-Dynamic
X-Domino-CacheValidationWithETagReason
X-Domino-CacheValidationWithETagResult
X-DefendeR-Status
X-Client-Vid
X-APP
X-Locale
CPOINT
BALANCEDTO
CDN
Muha
Smug-Env
Backend-Host
Acdc-Web
X-Cookie
X-Cache-Extended
X-Nginx-Backend
X-7d-Traceid
X-7d-Version
Test
X-RemovedCookies
OutputRewritten
PROPSON-FARM
WP-Cache
Foglight-Request-UUID
X-7dig
X-Abuse
X-Hit
Redirect
X-SmugMug-Hiring
X-IP
Cneonction
X-Client-Addr
X-FCMS-Cache
X-Magento-Action
X-Magento-Lifetime
X-Varnish-Ttl
Ttl
X-BKSrc
X-Node-Name
X-ESI
SL-NOREWRITE-REDIRECTS
Edgecast
DBG-Timestamp
DBG-TargetHost
DBG-HTTPHOST
INCOMING-TIME
ProxiaInstanceId
Server-Optimized-By
ResourceTag
Public-Extension
BE
Allow
X-SeschatLayout
X-SeschatDID
X-SeschatRedID
X-Varnish-Restarts
X-LAvg
X-Varnish-Debug-Pool-Recv
X-Edge-IP
Xonnection
X-SeschatTemplateID
X-Server-IP
X-Uplex
X-Varnish-Debug-Pool-Fetch
X-Seschat-URL
Cache-Ctrol
ServerId
X-Varnish-Cookie-Debug
X-Unbounce-Variant
X-Revision
X-TLServer
X-Unbounce-PageId
X-Unbounce-VisitorID
X-App-Server
X-Server-Node
X-Mod-Oboe-PS
X-Yqk-Set
X-Powered-By-Yqk
X-RSS-CACHE-STATUS
MwpReleaseVersion
X-HOSTTYPE
Ec
X-Bcwwwid
X-SATserver
MageStack-Area
X-Static-Version
X-Server-Generated
XDisk
Tracker
At-Isb
X-Render-Time
X-ARR
X-PoweredBy
X-PBY
X-D-Time
X-WLD-LB
X-Varnish-Currency
X-Yottaa-Metrics
MageStack-Cache-Hits
X-Binarysec-Via
MageStack-Tag
MageStack-Response-Ttl
X-Request-Count
X-Nginx-Cache
X-Src-Loadbalancer
X-WorkerInstancename
No-Cache
X-AppServer-Status
X-MidCOM-Meta-Cache
MageStack-PageSpeed
MageStack-Loadbalancer
MageStack-Cache-Lifetime
X-Generation-Time
X-Yottaa-Optimizations
X-USERNAME
X-S-Misc
Content-Cache
MageStack-Debug
MageStack-Config
MageStack-Cacheable
MageStack-Cache
MageStack-Cache-Status
S-Cnection
X-Rq
X-DC-Origin-IP
X-CDN-Node
X-CDN-Cache-Status
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-Powered-Developer
X-Dokk-PortalId
X-Serendipity-InterfaceLang
X-Req-Counter
X-Ratelimit
X-Cache-Control
Nginx-Cache
Ibf5scheme
MachineName
X-Optimization
Warning
X-Purge-Url
MGIT
Language
Hotelbookingid
Publisher
Portlet.Expiration-Cache
OGHopCount
X-Time-Microsecs
X-Serendipity-InterfaceLangSource
X-Fett
X-Hostingcenter
X-Benchmark-Sphinx-Count
Servername
X-Backend-Name
EXT-CACHEEXPIRE
X-CMS
X-Planisys-CDN-Rules
X-Varnish-Hashed-On
X-Benchmark-Total
X-Benchmark-Sphinx
X-Benchmark-Db
X-Request-Time
X-Nucleus-Cache
Content-ID
X-Cache-Ttl
Xc
X-Environment
Time
X-Benchmark-Cache
X-Planisys-CDN-Cache
WEBO
Web-Head
X-This-Proto
X-Dynatrace-Js-Agent
X-Litespeed-Cache
Dynatrace
X-NFE
X-Middleton-PageSpeed
Ozcache
X-DEBUG
X-Pb-Mii
X-RequesterIP
X-Mii-Cache-Hit
X-Page-Generation-Time
X-Page-Generated-At
X-JSON-API-LATENCY
X-Amz-Meta-S3fox-Filesize
X-Fastcgi-Cache
X-TTL-Age
User-Updated-At
X-Var-Hash
X-Url-Store
X-GeoIP-Country
X-IP-Address
X-GL-SRV
X-Device-Group
X-ELC-Checkpoint4
Keywords
X-AccessDev
IsMobile
Description
AcceptLangage
CountryCode
X-Backend-Status
X-Cache-Backend
X-App-Reload-Settings
X-Would-Your-GrandPa-Wait
Hamster
X-Cookie-Store
X-Checkout
X-Confluence-Request-Time
Access-Control-Allow-Method
User-Id
X-Request-Received
SBGI-CACHE-CODES
At-Shoptype
Atp-Isdpp
Head
Esi-Enabled
X-HP-CAM-COLOR
REFRESH
X-Proxy
Be
X-Request-Processing-Time
X-Source
Ap-Exec-Time-Mks
X-Varnish-Hit
Robots
Srv-N
X-Cache-Via
Www.Aujourdhui.Com
X-Cachable
X-ATP-Server
W
X-Content-Security-Policy-Report-Only
X-Aws-Ec2
WFE
SSPAppContext
X-Crafted
X-HW
X-Is-Mobile
UNIQUE-ID
X-Process-Time
X-Your-GrandPa-Would-Wait
X-V-Outer
Mime-Version
X-Req-Url
Protected-By
Http
X-Mobile
X-ESI-Processing
X-Wikidot-Backend
X-V-TTL
X-V-I-TTL
X-Backend-IP
CacheControlMode
X-ErrorPage
X-FarmId
X-TISSERVER
WebDevSrc
X-SBGI-Cache-Codes
SLB
97YES.COM
X-Created
X-Invoke-Duration
X-Wikidot-Static-Cache
SV-Duration
X-View
Noahs-Classifieds
Apple-Itunes-App
X-Varnish-Set-Cookie
X-Time-Spent
X-BIN
X-RNDPAGE
X-TAG
X-Hosting
User-Cache-Control
X-Turpentine-Cache
X-Amz-Meta-S3fox-Modifiedtime
X-GitHub-Request-Id
X-Nhost
OriginServer
X-SERVER-ID
X-Nginx
Sigma
X-Fpc
X-VarnCache
X-VarnPar2
X-SiteConInfo
X-Twinwave
X-AVG
X-Client-Ip
Railo-Version
X-Varnish-Hostname
X-AVG-REWRITE
X-Mobile-Device
Url-Hash
X-Prerender-Token
X-ServicedByDrupal
X-Pixelsilk-Version
X-CachedURL
X-B2f-Cache-NotFromUrl
X-Stackable-Node
SBMCLOUD
X-Pixelsilk-Server
X-OrgURL
X-Cluster
X-CMS-Server
X-InDy-Memory
X-CacheStore
X-InDy-Time
X-InDy-Query
Rt-Proxy-Cache
X-Turpentine-Esi
X-Forwarded-Proto
X-LTM-ID
-Onnection
V-Cache
Mobiquo-Is-Login
ContentType
X-Cache-Key
X-Content-Parsed-By
X-WentThroughDrupal-Deliver
CACHED-RESPONSE
X-WentThroughDrupal-Recv
Orgin-Server
X-Debug-Serve
X-RE-Ref
Device
X-Cached-On
X-Cached-From
X-Debug-Token
X-Gondor-Server
X-AISO-Server
X-AISO-Cache
X-Loopia-Cache
Server-IP
X-SUPERCACHE
X-Svr-Id
X-Cdn-View
X-Header-Set-Id
X-Caching-Rule-Id
TIMESTAMP
X-V
HGR-NOCACHE
X-Life
GenSvr
Tempo
Requested-Host
X-SEA-Instance-Name
X-Nginx-Server
X-Jcms-Ajax-Id
X-Framework
X-Backend-Ip
X-Apublish-Id
X-VG-WebCache
X-PHP-Cache
Powered-By-Scs
X-Powered-Load
X-Accel-Cache-Control
X-RAMCache
X-Pagecache
X-D2id
X-ACLR-Version
X-Http-Host
X-Accelerated-By
X-WAP
X-PS-MURDOCK-ORIG-PROTOCOL
X-VhostID
X-Path
X-Provided-By
Web
X-Client-Id
X-Ec-Custom-Error
X-Who
X-Varnish-Max-Age
Gzip
X-PS-MURDOCK-ORIG-FILEEXT
X-PS-MURDOCK-CASE-NORMALIZATION
X-Rot
X-Sov
X-Nginx-UpstreamHost
X-Nginx-Pool
X-Gyrobase-Publication
X-Libra-UpstreamHost
X-Upstream-Server
Arr-Disable-Session-Affinity
X-Docuri
X-Nocache
X-Compressed-By
X-Cached-Until
X-Cache-Host
X-Hosting-Env
Fpc-Expire