Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
Link
X-Pingback
X-Content-Type-Options
P3P
X-AspNet-Version
X-XSS-Protection
X-Cache
X-Frame-Options
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Keep-Alive
X-Template
X-Check
X-Language
Strict-Transport-Security
X-Varnish
P3p
X-Buckets
Access-Control-Allow-Origin
X-Cacheable
Content-Location
X-Generator
X-Drupal-Cache
Status
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Powered-By-Plesk
MS-Author-Via
X-Request-Id
X-Runtime
X-Type
WP-Super-Cache
X-Pass-Why
X-Cache-Group
X-Powered-CMS
Ngpass-Ngall
X-Pad
Host-Header
X-Cache-Hits
Access-Control-Allow-Credentials
X-UA-Device
X-Mod-Pagespeed
Content-Security-Policy-Report-Only
X-Logged-In
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Dc
X-Iinfo
X-Via
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Backend
X-Tumblr-Pixel-1
Access-Control-Allow-Headers
X-Request-ID
Access-Control-Allow-Methods
X-Served-From-Cache
X-ServedBy
X-Host
X-Ua-Compatible
X-Tumblr-Pixel-2
X-ContextId
X-Server
X-Served-By
X-CDN
X-PC-Key
X-PC-Hit
X-Cache-Hit
X-Xss-Protection
MicrosoftOfficeWebServer
Content-Security-Policy
X-Port
X-Robots-Tag
X-PC-Host
X-PC-Date
X-PC-AppVer
X-Cache-Lookup
MicrosoftSharePointTeamServices
X-Rack-Cache
X-Request-Country
SPRequestGuid
Powered-By
X-SharePointHealthScore
X-Tumblr-Pixel-3
X-Accel-Version
X-Varnish-Cache
X-XRDS-Location
X-MS-InvokeApp
X-Safe-Firewall
Content-Encoding
X-FRAME-OPTIONS
X-Page-Speed
X-Cache-Status
X-AH-Environment
X-Amz-Cf-Id
X-Cnection
X-Wix-Renderer-Server
X-Seen-By
X-PhApp
X-Turbo-Charged-By
X-Wix-Request-Id
X-FullPageCaching
X-Webserver
X-W-DC
X-INKT-URI
X-INKT-SITE
Rating
Composed-By
Served-By
X-Firenze-Processing-Times
CF-Cache-Status
X-Tumblr-Content-Rating
X-Content-Digest
Request-Id
X-GitHub-Request-Id
X-Tumblr-Pixel-4
SPIisLatency
SPRequestDuration
X-Cache-Enabled
Public-Key-Pins
Liferay-Portal
X-Pantheon-Endpoint
X-Styx-Version
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Id-2
X-Amz-Request-Id
X-Hyper-Cache
X-BC-Is-HA
X-Spip-Cache
X-Node
X-Proxy
X-Timer
X-XN-Trace-Token
X-XN-XNHTML
Cf-Railgun
X-CF-Powered-By
X-Server-Name
X-SERVER
X-HeyJason
Permitted-Cross-Domain-Policies
X-Content-Powered-By
Content-Script-Type
X-Proxy-Cache
Content-Style-Type
Alternate-Protocol
X-Cache-Info
X-Sucuri-ID
Refresh
Timing-Allow-Origin
Upgrade
X-Powered-By-360WZB
X-Clacks-Overhead
Charset
X-FB-Debug
X-Cache-Server
X-Content-Security-Policy
X-Umbraco-Version
Public-Key-Pins-Report-Only
X-Hits
X-Tumblr-Pixel-5
X-Cache-Result
X-VCache
Alt-Svc
Cartoon
X-Swift-CacheTime
EagleId
X-Swift-SaveTime
X-FW-Hash
X-DynaTrace-JS-Agent
Real-Hostname
X-TN-ServedBy
X-Device
X-Loop
X-Cached-By
X-Px
X-CDN-Geo
X-Permitted-Cross-Domain-Policies
X-Cached
X-CDN-Any-IP
X-CDN-Geo-IP
X-FW-Type
X-FW-Serve
X-FW-Static
X-Microcachable
X-Backend-Server
X-Age
X-Fastly-Request-ID
X-Generated-By
X-Jimdo-Wid
X-Jimdo-Pid
NS-RTIMER-COMPOSITE
X-TNCMS
Access-Control-Max-Age
X-PersistenceNode
X-Hostname
X-Url
X-Outils-CS
X-Server-Powered-By
X-User-Agent
Content-MD5
X-Cache-Config
X-ChromeLogger-Data
TCN
Grace
X-DDC-Arch-Trace
Access-Control-Expose-Headers
X-CMS-Version
X-MiniProfiler-Ids
X-DynaTrace
X-Forwarded-For
X-Whom
X-VWS-Id
X-Gateway
X-Tumblr-Pixel-6
X-Beta
X-AWS-Id
X-LJ-Flow-ID
Response
Magicmarker
ServedBy
X-Content-Encoded-By
X-URL
X-Micro-Cache
X-Handled-By
Fastly-Debug-Digest
Imagetoolbar
X-Content-Options
Page-Completion-Status
Fpc-Cache-Id
Generator
Product
X-Middleton-Display
Display
X-Middleton-Response
X-Sol
X-From
X-Expires-Orig
Access-Control-Allow-Method
X-Varnish-TTL
ServerName
Rt-Fastcgi-Cache
X-Msg-2-Log
X-WebKit-CSP
Surrogate-Control
DynaTrace
IBM-Web2-Location
X-AspNetWebPages-Version
Powered-By-ChinaCache
X-Hosted-By
X-Varnish-Backend
X-ServerName
X-App-Hosting
X-Matrix-Server
X-Matrix-Proxy
X-Passed-To
X-Passed-To-BeforeDispatch
X-Original-Request
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Actual-URL
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
X-Varnish-Cache-Hits
X-Stale
Cxy-All
PICS-Label
X-Firenze-Processing-Time
X-Director
X-Country-Code
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Processed-By
X-TTL
X-I
X-Download-Options
X-Varnish-Cacheable
X-Version
Fhost
X-ApacheServer
X-Cache-Rule
X-FORWARDED-FOR
X-UD-Method
X-Mobilized-By
X-Drupal-Dynamic-Cache
X-Track
PageSpeed
Node
Content-Hash
Retry-After
X-Nitra-Side
X-Instart-Request-ID
X-Server-ID
X-LiteSpeed-Cache
MIME-Version
X-Cache-TTL
Akamai-IP
X-Varnish-Host
X-S
X-SDS
Ngpass-Vcall
X-Art-Request-Id
Access-Control-Request-Method
X-ARC
X-Varnish-Age
Powered
X-Time
X-ATG-Version
Proxy-Connection
Content-Encoding-Handler
X-Cache-Age
X-PERF
Content-Disposition
X-Gamma-Serve
Proxy-Agent
X-FW
X-Cache-Debug
X-CacheServer
VAR-Cache
X-BS
X-I-Sp
CC-CACHE
RTSS
Lsrequestid
X-WEBSERVER
X-Location-Id
X-Ua-Device
X-Powered-By-Server
X-Cache-Control-Orig
X-Vtex-Processed-At
X-Vtex-Processado-Em:
X-Vtex-Remote-Cache
X-HOST
X-Powered-By-VTEX-Janus-Edge
X-Front
No
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Cache-Status-Janus-Edge
X-VTEX-Janus-Router-Backend-App
X-VTEX-Janus-System
X-VTEX-Janus-SO
Front-End-Https
X-NoCache
X-Cache-Expires
Host
X-Do-Not-Hack
SID
X-CJ-Soft
X-Response-Time
X-PwB-Node
X-ServerID
X-Varnish-Hits
X-DNS-Prefetch-Control
X-Route-Server
X-Client-IP
X-Developer
X-Purge-Host
X-Abuse
Edge-Control
SN
X-Cache-Operation
X-CDN-Node
X-PF-Uncompressing
X-CDN-Cache-Status
Location
Buuteeq-Source
Thanks
X-Trace
NODE
X-Duration
Cache
X-DefendeR-Runtime
ServerID
X-Cookie-Domain
X-Grace
X-DefendeR-Status
X-Cache-Tags
X-VARNISH-Cache
Webluker-Edge
Server-Info
X-Cdn
X-Recruiting
X-Varnish-IP
X-Purge-URL
X-SRV
Srv
X-Cookie
NetMindSessionID
X-Ttl
X-Goog-Hash
X-Geo-IP
Sfy
X-Yadis-Location
NtCoent-Length
Accept-Charset
Lfy
Version
X-Do-Esi
Filter-Revision
BDPAGETYPE
BDQID
BDUSERID
X-App-Status
X-Frontend
X-Cache-CFC
X-ACMCache
X-N
IISExport
X-Speed-Cache
X-Libra-UpstreamHost
Pics-Label
S
Accept-Encoding
X-GeoIP-Country-Name
X-GeoIP-Country-Code
X-Upstream
Warning
X-Blog
X-Varnish-Grace
X-Litespeed-Cache
X-Real-Server
A-Powered-By
X-Trace-Cache
X-Varnish-Hostname
X-Device-Type
Server-Name
X-Geo-IP-Region
X-Session-Reinit
Last-Published
X-Amz-Meta-S3cmd-Attrs
X-Geo-IP-Metro
X-Geo-IPV
X-Geo-IP-Country
X-Speed-Cache-Key
X-WA-Info
X-Drectory-Script
Arr-Disable-Session-Affinity
Frame-Options
X-Srv
X-ClientSide-Caching
X-Varnish-Server
COMMERCE-SERVER-SOFTWARE
Qs-Cache
X-Source
X-Varnish-Seen-By
X-WR-Flags
X-Magnolia-Registration
X-Varnish-RemainingGrace
X-Translation
Cm-Server
X-Yottaa-Metrics
X-Microcache-Status
X-Yottaa-Optimizations
X-Daa-Tunnel
X-Varnish-RemainingTTL
X-NetCat-Version
Origin
X-Fastcgi-Cache
X-Domain-Checked
X-Provisioner-Version
HCVer
HAVer
X-Orig-Vary
AMF-Ver
X-Origin
Req-Id
X-FIRSTBase
Backend
Author
X-BackendServer
X-Adobe-Content
X-Content-Age
X-Adobe-Loc
Id
Cneonction
X-Engine
X-SE-Debug
LBVIS
Mobiquo-Is-Login
X-Directory-Script
X-W3TC-Minify
X-App
Cache-By-Node
CacheControlHeader
SVR
Vacache
X-JG-Page-Cache
X-UPSTREAM
X-Vcap-Request-Id
Set-Cookie2
X-Highwire-SessionId
X-SmartBan-Host
X-Highwire-RequestId
X-SmartBan-URL
X-Origin-Id
X-Bettercache-Proxy
X-Cache-On
X-Resolver-IP
X-Varnish-Debug-Age
X-Cache-Control
Hamster
X-Sys-Req-ID
X-Varnish-Count
X-Varnish-HitMiss
X-Forwarded-Proto
X-Cache-Lifetime
X-Cocoon-Version
X-Secret
Nodo
X-TTFB
X-TTFB-L
BALANCEDTO
WWW-Authenticate
X-Empowered-By
X-Cache-Doesi
X-SmugMug-Values
X-SmugMug-Hiring
X-Ruxit-JS-Agent
X-NewRelic-App-Data
Backend-Timing
Smug-CDN
X-Prefetched
X-Env
X-Analytics
Ag-Server-Time
X-Src-Webcache
Ag-Send-Time
X-Amz-Version-Id
X-Distributed-By
Beyond-Iis
Keywords
X-Distributor
X-FreeTag-Count
X-Object-Type
X-Object-Id
X-B-Cache
X-ID
Content-Transfer-Encoding
X-Expires
X-Balanceador
X-Gannett-Site-Version
X-Pagename
Nitro-Cache
X-Machine-Name
X-Accel-Expires
X-NginX-Cache
X-Edge-Location
X-NginX-Server
Fastcgi-Cache
SSPAppContext
X-Grid-Server
X-Cache-Action
X-Dynatrace
X-XTM-Node
X-Symfony-Cache
X-Amz-Storage-Class
X-SCProxy
S-Cnection
X-Varnish-Esi-Method
X-SV-FromDBCache
X-Uid
X-Varnish-Currency
X-Cf-Requestid
X-SV-Nginx-Duration
X-Storage
X-SV-CacheTags
X-Framework
MW-Webserver
X-Debug
X-SV-CreatedAt
SRV
X-SV-Pid
Encoding
X-TempDebug
X-Varnish-Esi-Access
X-SV-Edge
Description
CT
No-Cache
X-Hit-Cache
X-SV-Duration
X-AISO-Server
MIH-PLATFORM
X-CacheResult
MIH-PUBLIC-IDENTIFIER
X-Detected-Device
X-Cache-Keep
ScoreTracker
Web-Server
X-IsCacheURL
X-Turpentine-Esi
X-Cache-TTL-Remaining
SS
X-AISO-Cacheable
From
X-LB
Logging-CorrelationId
X-Varnish-Action
TP-L2-Cache
X-Full-URL
X-AISO-Cache
X-APP
MIH-CLIENT-FARM
TP-Cache
X-Revision
X-Turpentine-Cache
X-Req-Host
X-Amz-Id-1
NLCacheNote
X-Platform-Router
X-Platform-Processor
X-Span
X-Remote-Addr
X-Key
XDomainRequestAllowed
X-Varnish-Set-Cookie
Accept-Language
Debug-3-1
X-Vary-Options
X-SDE-Name
X-Nginx-Host
Pool-Info
X-Varnish-Debug-TTL
X-Garden-Version
X-Cache-Key
X-Fw-Static
X-Fw-Serve
X-Fw-Hash
X-Fw-Type
X-Middleton-PageSpeed
X-Page-Cache
B-Powered-By
HOST-SERVICE
X-Edge-IP
X-Server-IP
X-Nginx-Cache
X-Old-Content-Length
X-GSL-Server
X-Invoke-Duration
X-CID
ServerIP
Device
X-Powered-By-Home.Pl
X-CDNZZ-FCACHE
X-Site:
X-Varnish-Bot
X-EDGECONNECT-GUID-DEBUG
X-VAge
X-Varnish-Store
X-Processing-Time
X-Stage
Allow
X-App-Server
X-PHP-Response-Code
Sophnep-Edge-FX
FROM-SERVER
X-Powered
Prxy
X-Actindo-RS
WFE
Hash
X-Response
X-Appmachine-Environment
X-MrHost
W
X-Real-IP
Cluster-ID
X-CCC
X-Atraveo-Varnish-Server-Id
X-Atraveo-Set-Cookie
X-AOL-SNH
ORIGIN
X-Hit
X-Force
X-Atraveo-TTL
X-Atraveo-Param-Rm
X-Atraveo-From-Varnish-Cache
X-Atraveo-ETag
X-Atraveo-Cache-Control
X-DPWN-IS-SECURE
X-Atraveo-Expires
X-Source-ID
X-PHP-Engine
X-Atraveo-Zone
X-PRAM
X-Is-Mobile
X-Server-Instance
X-SERVER-ID
X-Plat
X-Platform
X-Smartcache-Timeout
Microsoftsharepointteamservices
X-AOL-HN
Tk
X-Nhost
X-Ob-Mode
X-Rot
X-WP
X-Varnish-Ttl
X-Sov
X-Smartcache-Keys
Fw-Via
SiteName
X-ASAP-Cache
WP-AdvCache-MemCached
X-Webkit-CSP
X-Dev
X-Phpwcms-Page-Processed-In
X-Clara-ASAP
X-Obvious-Info
X-Obvious-Tid
LBC
X-Optimization
X-NFE
Host-Service
X-Phpwcms-Release
X-Nurl
X-Oracle-DMS-ECID
X-Cache-Original-TTL
X-Powered-By-Anquanbao
X-BKSrc
X-Webstats-RespID
Ksid
X-Akamai-Device-Characteristics
Imx-Cookies-Used
X-Hosts-Backend
Ttl
X-Varnish-URL
X-Id
X-Apm-Telemetry-Syncmark
Sss
Nginx-Cache
X-Server-Id
X-Hosting
X-DTC
X-SSL
X-Full-Url
INCOMING-TIME
X-Unbounce-Variant
X-Info
NnCoection
X-SilverStripe-Cache
X-ProxyInstancename
CLMOB
X-Unbounce-VisitorID
X-Kirra-SiteId
X-Hypernode
X-Environment
X-ATM-RTime
X-ATM-RServer
Pool
Myheader
Ibf5scheme
X-Unbounce-PageId
X-Rocket-Nginx-Bypass
X-Captured
X-Node-Name
X-Avvio-Cms-Cacheload
Worker
Xc
Sprequestguid
X-Dispatch
X-Jphone-Copyright
X-Cms-Mode
X-Frames-Options
X-Sharepointhealthscore
X-Ms-Invokeapp
X-Trace-Id
X-Worker
X-AWS
Section-Io-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Copyright
X-B
X-Frontal
SBGI-7
X-LW-Web-Server
SBGI-5
X-Status
X-FCMS-Cache
SERVER-IP
X-7d-Instance-Id
Bs-Header
X-Amz-Meta-Cb-Modifiedtime
X-Author
Akamai-Edgescape
CommunityServer
GenSvr
Progma
X-F-Cache
X-Cache-PageType
Y-Trace
X-7d-Trace-Id
SBGI-10
SBGI-1
X-Cache-Fix
MachineName
Apache
Jobb.Gil.Se
SIP
Fastly-Backend-Name
Tracker
X-B2f-Not-Route
X-DSMX-Rewrite-MS
X-DSMX-Render-MS
Cache-Ctrol
X-Vhost-ID
X-Response-Status
X-REDIRECTSERVER
X-Tags
X-Client-Vid
X-EPiphany-Vid
X-Route
X-ServerIndex
ServerSignature
X-Fe
ServerTokens
Bios
PServer
X-Venda-Hitid
X-WorkerInstancename
X-Magento-Action
X-Magento-Lifetime
X-CB-Server
Aoestatic
X-Uplex
X-N-ViewType
X-IDS-WS
Machine
Cache-Rule
PROPSON-FARM
X-Dispatcher
BM-Cache-Bypass
X-ESI
SBGI-RenderTime
SBGI-Device
SBGI-9
X-Pageid
X-T
SBGI-RealPath
If-Modified-Since
Jobb.Assistentpoolen.Se
Www.Mirrorgate.Se
Www.Mabracertifiering.Se
Www.Myjob.Se
X-BLSR-COST
X-Cache-Served
Test.Executivepeople.Se
P3P:CP
Jobb.Passal.Se
Publisher
Open.Jobgate.Se
Ec
OT-RequestId
X-Ocache
Dynatrace
X-Connection-Hash
X-SeschatTemplateID
X-SeschatRedID
X-SeschatDID
X-CO-Host
X-Test
X-Transaction
Surrogate-Key
X-Twitter-Response-Tags
X-Varnish-Instance
X-Seschat-URL
X-SeschatLayout
Ews
X-Tile-Url
X-Country
X-GeoIP
X-Cache-Set
X-Pressidium-NinukisWP-Ver
X-UseReverse-Proxy
X-USERNAME
AGI-Request-ID
Railo-Version
X-Header
X-Origin-Server
X-AG-MIPS
Sid
X-SV
X-HW
NZSpeedy
X-HOSTTYPE
X-Router-Backend
X-Wikidot-Backend
X-Search-Id
X-Wikidot-Static-Cache
X-Router
X-RSS-CACHE-STATUS
X-Server-Addr
X-ASAP-Age
X-Time-Microsecs
X-4ormat-Cacheable
X-Provided-By
X-Ar-Debug
X-Block
Il-Cl
X-Built-With
X-CCM
X-Channel-Maxage
Cached
X-ManagedFusion-Rewriter-Version
BM-Cache-Node
BM-Cache-Status
BM-Cache-Key
X-Rewritten-By
Backend-Name-Original
Acdc-Web
HA-Front
X-EZPublish-NodeID
X-PHP
X-EZPublish-InstallationID
X-BE
Svr
Ibm-Web2-Location
X-Made-Cache-Ttl
RouteID
Redirect
RSL-Trace-ID
X-Trace-App
X-ACCELERATE
Access-Control-Request-Headers
X-Flow-Powered
X-Dynamic
X-VG-WebCache
X-JSESSIONID
X-Delivered-By
Hostname
X-COUNTRY-CODE
X-LB-Server
X-Pagely-Cache
Content-Instance
XDisk
DPOOL-HEADER
X-Varnish-Cookie-Debug
Provider
X-TargSmaku
Requested-Host
X-Cache-Extended
Tempo
X-AppServer-Cache-Rule
SINA-TS
Og
X-Instance
DB-Nickname
X-Box
X-Healthy
SINA-LB
X-EntryPoint
X-Brought-To-You-By
X-ESI-Enable
X-FFX-B
X-Fallback
X-WR-MODIFICATION
X-MCF-ID
X-Goog-Metageneration
X-Webapp
X-Goog-Generation
X-Akamai-Device-Model
X-GUploader-UploadID
X-Ghost-Cache-Status
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Max-Age
X-Discourse-Route
X-Goog-Stored-Content-Length
X-View
X-LS-DEBUG
CountryCode
X-Gyrobase-Publication
Server-Optimized-By
WP-Cache
X-Accelerated-By
X-Server-By
X-PBY
IsMobile
Servername
Sprequestduration
X-This-Proto
X-AccessDev
Spiislatency
X-T3Cache
X-Flex-Lastmod
X-Say-Original-Host
X-Hrouter
X-Say-Original-IP
X-Say-Original-UA
X-Flex-Tag
X-EdgeRouter
X-Ratelimit
X-MobileDetected
X-OPNET-Transaction-Trace
X-Edge-V
X-Pixelsilk-Version
X-Martin
X-Hstore
X-Pixelsilk-Server
X-Flex-Lang
X-Say-Cacheable
Noq
X-IP-Address
X-Domino-CacheValidationWithETagReason
X-Say-Original-URL
X-Global-Transaction-ID
X-RAMCache
X-Ajaxblocks-Esi
X-Obr-Rule
X-ORACLE-DMS-ECID
X-Origin-Cache
X-NID
X-Domino-CacheValidationWithETagResult
X-T3CacheTags
N365rili
X-Platform-Cache
X-Cache-Me-Harder
X-Flex-Tags
X-Accel-Cache-Control
Ram
X-T3CacheInfo
Cpu
Mto-License-Status
X-Config-By
X-Varnish-Restarts
X-Farm-Server
X-B3-Traceid
WebServer
F5-IpCliente
X-KoobooCMS-Version
X-Webobjects-Loadaverage
ClientIP
Gzip
Kp-EeAlive
Viewport-Width
Viewport-Initial-Scale
Content-Cache
Disaptch-Cache-Rule
INFO
Xonnection
X-Orig-Host
X-SATserver
X-Meta-MSThemeCompatible
X-Meta-MSSmartTagsPreventParsing
X-PressLabs-Stats
X-VC-TTL
X-Gondor-Server
X-Debug-Token
X-Meta-Imagetoolbar
X-KO-Site-Id
X-UA
X-Sn-Servicetimems
MSSmartTagsPreventParsing
MSThemeCompatible
X-Cache-Engine
NodeId
Resolution-Width
Resolution-Height
X-Varnish-Debug-Pool-Fetch
X-Capoed
X-TTL-Age
X-Varnish-Debug-Pool-Recv
X-Varnish-Debug-Varnish-TTL-Set-From-Server
Thinkindot-Control
X-Enhanced-By
X-Highwire-Cache
X-Highwire-Sitecode
X-SayCDN-Original-Path
X-SayCDN-Original-Host
X-SayCDN-Original-UA
X-SayCDN-TTL
X-ServedByHost
X-SayCDN-UA
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
Thinkindot-CacheControl
Mobile-Browser
Mobile-Browser-Version
OriginServer
Physical-Screen-Width
Physical-Screen-Height
Is-Wireless-Device
Is-Tablet
Thinkindot-CacheControl-Type
Ajax-Preferred-Geoloc-Api
Dbabc
Device-Os
Is-Mobile
Device-Os-Version
X-Say-TTL
X-Flex-Evstart
X-Artvisual-Server
X-Esi
X-IP
X-Pardot-LB
X-Pardot-Route
X-Distil-CS
X-Ec-Custom-Error
X-GC-Write
X-GC-Read
X-Mod
X-MCB-Server
X-Render-Time
X-Pardot-Rsp
X-Cookie-Response-Debug
X-Web-Node
X-ACLR-Version
Aurora-Node
Cmsid
Cmstype
X-Varnish-ServiceNetIP
X-Varnish-Hashed-On
X-Request-Processing-Time
X-Request-Received
X-Cookie-Request-Debug
X-Cache-Via
X-GC-Pointer
X-GC-App
Fpc-Expire
X-RateLimit-Remaining
Head
X-Bcwwwid
X-Varnish-Max-Age
X-HostName
X-Aberdeen-Site
X-Static-Version
X-Rack-Cors
X-Rack-CORS
Robots
X-Aberdeen-Cache
X-KS-Cache-Status
X-Lima-Id
X-Server-Upstream
X-Time-Spent
X-Serendipity-InterfaceLangSource
X-Compressed-By
X-Serendipity-InterfaceLang
X-UA-Vendor
X-Flex-Evend
X-Request-Count
X-Runtime-Memory
X-Signature
XServer
Language
Real-Server
X-Ants-Machine-Id
X-Document-Path
X-Document-Guid-Path
X-Document-Guid
X-Ants-Host
X-Document-Tracking-Type
X-Client-Addr
SL-NOREWRITE-REDIRECTS
X-Rq
X-HeBS-Cache-Status
X-Random
X-VhostID
X-BPool
X-Backside-Transport
X-BServer
X-Cacheable-TTL
X-Compressor
X-DELIVERYSERVER
Access-Control-Allow-Origin:
CpuTime
V-Age
X-Document-Folder-Guid
X-HTML-Minification-Powered-By
Server-IP
RequestId
X-DN-Cache-Control
MageStack-Cache
X-Protected-By
MageStack-Cache-Status
MageStack-Area
MageStack-Cache-Hits
MageStack-Cache-Lifetime
MageStack-Config
MageStack-Cacheable
X-Flex-Community
E-TAG
DNNOutputCache
MageStack-Tag
MageStack-Web-Node
MageStack-PageSpeed
MageStack-Loadbalancer
MageStack-Debug
REFRESH
X-GRACE
RATING
X-RequesterIP
X-Node-Id
X-Zendesk-Request-Id
Debug-Status
X-RESOURCE
X-Cookies-Stripped
X-Czt
X-Frame-Option
X-NewCloud-V-Cache
X-Backend-TTL
Lookup-Cache-Hit
X-Relocation
X-Url-Store
X-Var-Hash
Http
X-NMT-Proxy
X-PageID
X-HP-CAM-COLOR
X-Instance-Name
X-RE-Ref
X-UA-Profile
X-Cms-Server
Httpd-Identifier
X-V
Yola-ID
Fw-Cache-Status
X-Zendesk-Origin-Server
X-Forwarded-Port
X-Goog-Meta-Policy
X-Goog-Meta-Replace
X-SL-Norewrite
Content
AC-ELC
X-LOCATION
X-Panel-Id
X-Panel-Name
X-Ec2-Vpc
X-SL-Notranslate
At-Shoptype
Atp-Isdpp
BackendServer
At-Isb
X-PoweredBy
X-Stiffia-Cache
X-VC-Enabled
Cache-Contril
X-CPU-Time
X-Application-Context
X-D-Time
X-Expose-Site
X-Expose-Hostname
X-ClusterID
X-AppServer-Status
X-GeoIP-Country
X-SID
X-Expose-Took
X-Forwarded-Host
Url-Hash
X-Timestamp
X-Trans-Id
X-9XB-Server
X-S-Misc
X-Nginx-Backend
X-Expose-Generated
X-Generation-Time
X-Hiring
Esi-Enabled
X-Medium-Entity-Type
X-TAProxy
Instapage-Variant
X-Medium-Entity-Id
X-IIJ-Cache
X-A
Orgin-Server
D
X-Feature
RlogId
X-EvoSuite-Machine
X-EvoSuite-Secs
Server-Ip
ResponseSpeed
Kanooh-Host
X-EBAY-C-REQUEST-ID
TIMESTAMP
X-Lang
X-R4L-VHOST
User-Agent
Web-Head
X-Server-Instance-Name
X-Server-Generated
X-Sc-Path
X-Sc-Cache
X-BC
B2C-HG-008
BX-Cache
B2C-F-008
X-Cache-Ttl
BX-TTL
FX-Cache
FX-TTL
FX-Forwarded-For
Mime-Version
X-Process-Time
X-LANG
X-SL
V-RESP
X-IB-Timestamp
X-IB-Site-Name
X-IB-Content-Urn
X-IB-Context-Urn
X-Cache-Node
TotalTime
X-Cluster
X-Cluster-Node
X-Cookie-Store
X-Checkout
X-Backend-Status
AcceptLangage
Get-Dictionary
X-IB-Content-Type
X-Cluster-Host
X-ZSITES-DNS
Server-N
X-Proxy-Route
X-DealerOn
X-Backend-Ip
Disablevcache
X-Esi-Processing
X-ETag
X-AOESTATIC-FETCH
MwpReleaseVersion
RN-Server
X-Bstat
Front
X-Serverid
DrivedBy
CtExclusions
X-DEBUG