Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
Link
ETag
X-Content-Type-Options
P3P
X-Frame-Options
X-XSS-Protection
X-Pingback
X-AspNet-Version
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
Strict-Transport-Security
Via
X-Adblock-Key
Access-Control-Allow-Origin
X-Varnish
X-Language
X-Check
X-Template
X-Buckets
X-Generator
X-Cacheable
Content-Location
X-Drupal-Cache
X-AspNetMvc-Version
X-Hacker
X-Ac
P3p
X-Request-Id
X-Powered-By-Plesk
X-Type
X-Pass-Why
X-Cache-Group
MS-Author-Via
X-Runtime
WP-Super-Cache
X-Powered-CMS
X-Cache-Hits
Status
X-Permitted-Cross-Domain-Policies
Host-Header
Ngpass-Ngall
X-Download-Options
X-Alternate-Cache-Key
X-Dc
X-ShardId
X-ShopId
Access-Control-Allow-Credentials
X-UA-Device
Content-Security-Policy
Keep-Alive
Access-Control-Allow-Headers
X-Iinfo
X-Via
X-Request-ID
Access-Control-Allow-Methods
X-Mod-Pagespeed
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Logged-In
X-Backend
X-Served-By
X-Tumblr-Pixel-1
X-Pad
X-Contextid
X-ServedBy
X-Tumblr-Pixel-2
X-Xss-Protection
Upgrade
X-PC-Key
X-PC-Hit
X-Cache-Status
X-CDN
X-Host
Powered-By
X-Server
X-Cache-Hit
Content-Encoding
X-Port
X-PC-AppVer
X-PC-Date
X-PC-Host
X-Tumblr-Pixel-3
X-Timer
X-Robots-Tag
X-Accel-Version
X-Varnish-Cache
X-Cache-Lookup
X-Rack-Cache
X-Amz-Cf-Id
X-Cnection
X-Server-Powered-By
SPRequestGuid
MicrosoftSharePointTeamServices
X-SharePointHealthScore
X-Request-Country
MicrosoftOfficeWebServer
Alt-Svc
X-Safe-Firewall
X-Turbo-Charged-By
CF-Cache-Status
X-MS-InvokeApp
X-Page-Speed
X-AH-Environment
X-Content-Powered-By
X-XRDS-Location
Rating
X-Content-Digest
X-Tumblr-Content-Rating
X-W-DC
X-Cache-Enabled
X-Node
X-GitHub-Request-Id
X-Tumblr-Pixel-4
Public-Key-Pins
X-PhApp
X-FullPageCaching
X-Ua-Compatible
Content-Security-Policy-Report-Only
Request-Id
X-SERVER
Timing-Allow-Origin
X-Webserver
X-INKT-URI
X-INKT-SITE
X-Seen-By
X-Wix-Renderer-Server
X-Wix-Request-Id
X-Firenze-Processing-Times
Composed-By
SPIisLatency
SPRequestDuration
X-Proxy-Cache
Served-By
Cf-Railgun
Permitted-Cross-Domain-Policies
X-HeyJason
X-Amz-Request-Id
X-Amz-Id-2
Liferay-Portal
X-Swift-SaveTime
X-Swift-CacheTime
X-Hyper-Cache
X-Pantheon-Endpoint
X-Pantheon-Styx-Hostname
X-Styx-Version
Surrogate-Key-Raw
X-Styx-Req-Id
Access-Control-Expose-Headers
EagleId
X-Spip-Cache
Xkey
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Charset
Surrogate-Key
X-CDN-Pop-IP
X-CDN-Pop
X-Server-Name
X-Tumblr-Pixel-5
Grace
X-Nginx-Cache-Status
Content-Script-Type
X-Dw-Request-Base-Id
Content-MD5
Content-Style-Type
Access-Control-Allow-Method
X-Hits
X-FW-Hash
X-FB-Debug
X-FW-Type
X-FW-Serve
X-FW-Static
X-Device
X-XN-XNHTML
X-XN-Trace-Token
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
Public-Key-Pins-Report-Only
X-CF-Powered-By
X-User-Agent
X-VCache
X-Clacks-Overhead
X-Backend-Server
X-Fastly-Request-ID
X-DDC-Arch-Trace
X-Cache-Config
X-TNCMS
X-Loop
Real-Hostname
X-Age
X-Tumblr-Adult-Blog
X-Jimdo-Instance
X-Jimdo-Wid
X-Cache-Server
X-LiteSpeed-Cache
Fastly-Debug-Digest
X-ServerName
X-Cloud-Trace-Context
Refresh
X-Cache-Result
X-Umbraco-Version
X-Tumblr-Pixel-6
Edge-Control
X-MiniProfiler-Ids
X-Generated-By
Surrogate-Control
X-Cached
X-DynaTrace-JS-Agent
X-Hostname
X-Cached-By
X-Powered-By-360WZB
WZWS-RAY
X-Url
X-Px
PageSpeed
Cartoon
Fpc-Cache-Id
NS-RTIMER-COMPOSITE
X-DynaTrace
X-Outils-CS
X-CMS-Version
X-Whom
DynaTrace
TCN
X-WebKit-CSP
X-Newrelic-App-Data
Response
X-URL
X-Forwarded-For
X-Middleton-Response
X-Middleton-Display
X-Sol
Display
X-BC-Stapler
Product
X-From
Rt-Fastcgi-Cache
Front-End-Https
Imagetoolbar
X-Handled-By
X-AspNetWebPages-Version
Edge-Control-Message
X-Msg-2-Log
ServedBy
X-Recruiting
Origin
X-Content-Options
X-Varnish-Cache-Hits
X-Do-Not-Hack
X-EC-Security-Audit
Akamai-IP
Access-Control-Request-Method
X-NetCat-Version
X-FORWARDED-FOR
Page-Completion-Status
X-Engine
X-Country-Code
X-Director
X-Servedby
X-Matrix-Proxy
X-Hosted-By
X-Matrix-Server
Server-Info
X-Micro-Cache
Generator
X-Content-Encoded-By
Fhost
IBM-Web2-Location
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cache-Rule
X-TTL
X-UD-Method
X-I
X-Firenze-Processing-Time
Referrer-Policy
X-Xrds-Location
X-Returned-From
X-Returned-From-DLL
X-Passed-To
X-Passed-To-DLL
X-Original-Request
X-Actual-URL
X-LiteSpeed-Cache-Control
X-Returned-From-PostProcessResponse
X-Stale
X-Track
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Varnish-Backend
X-App-Hosting
X-Art-Request-Id
Alternate-Protocol
Powered-By-ChinaCache
Ag-Server-Time
Ag-Execution-Time
X-Dispatcher
Host
Ag-Send-Time
X-Varnish-TTL
Content-Encoding-Handler
X-Microcachable
X-Platform
X-CacheServer
X-Expires-Orig
Content-Disposition
X-S
X-Duration
X-Cache-Age
X-Location-Id
Powered
X-Abuse
X-I-Sp
X-BS
Surrogate-Keys
X-Origin
X-Cache-Info
X-ApacheServer
X-Varnish-Host
Magicmarker
X-PERF
X-Daa-Tunnel
X-SDS
X-Response-Time
X-SRCache-Store-Status
X-Cache-TTL
X-SRCache-Fetch-Status
X-Last-Modified
X-Request-Time
MIME-Version
X-VTEX-Janus-Router-Backend-App
X-Powered-By-VTEX-Janus-ApiCache
X-Vtex-Processado-Em:
X-VTEX-Cache-Status-Janus-ApiCache
X-Magnolia-Registration
X-Vtex-Remote-Cache
X-VTEX-Cache-Status-Janus-Edge
X-Powered-By-VTEX-Janus-Edge
No
X-Vtex-Processed-At
X-HOST
X-Version
X-Gamma-Serve
X-Varnish-Cacheable
Node
USPLoggingUUID
X-Server-ID
X-Translation
X-Device-Type
X-Microcache-Status
ServerName
X-Goog-Hash
X-Varnish-Age
X-URLSCHEME
X-RESOURCE
Lsrequestid
X-ATG-Version
X-Developer
X-Upstream
X-Cache-Debug
X-DNS-Prefetch-Control
X-B-Cache
X-Cache-Operation
X-Rocket-Nginx-Bypass
X-Ttl
X-Storage
X-Varnish-GracePeriod
X-Server-Id
X-Varnish-ObjectSource
X-Varnish-RemainingLife
X-Route-Server
X-Varnish-RemainingTTL
X-Varnish-Seen-By
X-Debug
ServerID
X-Cache-Lifetime
Fastcgi-Cache
X-OneAgent-JS-Injection
X-Fastcgi-Cache
X-DefendeR-Runtime
X-DefendeR-Status
X-Cf-Powered-By
X-Cache-Expires
SN
Proxy-Agent
X-Zen-Fury
X-Revision
X-Source
X-Cache-Tags
X-FW
X-PwB-Node
X-ServerID
X-N
Proxy-Connection
X-AOL-HN
X-NoCache
X-Instart-Request-ID
Location
X-CJ-Soft
RTSS
Content-Hash
Version
X-Cache-Control-Orig
PICS-Label
Buuteeq-Source
X-SV-Expires
X-SV-Duration
X-SV-CreatedAt
X-SV-FromDBCache
X-SV-CacheTags
X-SV-Pid
X-Vcap-Request-Id
Req-Id
X-Client-IP
X-WEBSERVER
X-SV-Nginx-Duration
X-SV-Edge
X-Nbs
X-Platform-Processor
MJ12bot
SEOMOZ
X-Correlation-Id
X-Amz-Version-Id
X-Platform-Router
X-Geo-IP
Arr-Disable-Session-Affinity
X-Cache-Key
X-Varnish-Hostname
Cache
X-Varnish-Hits
X-Purge-URL
X-Varnish-Count
X-Kinsta-Cache
X-Varnish-HitMiss
X-Drectory-Script
Content-Security-Policy-Rerport-Only
X-ACMCache
X-LB-Node
Content-Transfer-Encoding
Ufe-Result
X-ClientSide-Caching
HAVer
Webluker-Edge
X-Purge-Host
X-Cookie-Domain
HCVer
X-Frontend
X-Nurl
X-Geo-IP-Country
X-Geo-IP-Metro
Author
X-Nhost
NetMindSessionID
X-Edge-Location
X-Akamai-Device-Characteristics
X-Page-Cache
X-NFE
X-Geo-IPV
X-Dispatch
X-Akamai-Device-Model
X-Application-Context
Pics-Label
X-Speed-Cache
X-Front
X-Geo-IP-Region
Cache-Key
X-Speed-Cache-Key
S
X-Real-Server
Cm-Server
X-Platform-Cache
X-Varnish-IP
Qs-Cache
Warning
X-CDN-Forward
Backend
AMF-Ver
X-Hypernode
Srv
Nodo
Cached
X-Yadis-Location
X-Nginx-Host
X-Grace
WSR-Cache
Retry-After
X-Mobile-URL
Mobiquo-Is-Login
X-Orig-Vary
Last-Published
X-CDN-Cache-Status
X-CDN-Node
X-LB
X-Content-Age
X-Edge-IP
X-NginX-Upstream-Response-Time
X-Time
X-Blog
X-Config-Blacklist-Version
X-Supported-By
X-NginX-Upstream-Addr
X-NginX-Upstream-Status
X-GeoIP-Country-Code
Filter-Revision
X-AbeBooks-Version
X-Yottaa-Metrics
X-NginX-Node
X-Mobilized-By
X-Server-Upstream
X-WebServer
X-Yottaa-Optimizations
X-NB-Cached-Page
X-UPSTREAM
W
X-Varnish-Server
X-GeoIP-Country-Name
X-SE-Debug
X-Directory-Script
X-Discourse-Route
Eomportal-Instance
X-Session-Reinit
A-Powered-By
X-Cocoon-Version
X-Garden-Version
X-Sys-Req-ID
Accept-Charset
X-Highwire-RequestId
Front
X-SmartBan-URL
X-Highwire-SessionId
X-Cache-Doesi
X-PF-Uncompressing
X-WR-Flags
X-IIJ-Cache
X-Framework
X-Machine-Name
X-SSL-Cipher
SRV
X-SmartBan-Host
X-SSL-Protocol
X-Processing-Time
WWW-Authenticate
Rewriter
X-F-Cache
Accept-Encoding
Thanks
X-Unique-ID
X-Processed-By
Myheader
IISExport
CT
X-Adobe-Content
X-Adobe-Loc
X-AOL-SNH
Pool-Info
Ngpass-Vcall
X-Browser
X-Vhost
X-BKSrc
X-BackendServer
X-StackifyID
Beyond-Iis
X-EDGECONNECT-GUID-DEBUG
Server-Name
X-Empowered-By
X-Cache-Fix
X-Cache-PageType
X-Sucuri-ID
COMMERCE-SERVER-SOFTWARE
X-V
X-Cache-Control
X-Dns-Prefetch-Control
Nitro-Cache
Ibm-Web2-Location
X-LW-Web-Server
X-Analytics
P-WS
Allow
CC-CACHE
S-Cnection
P-LB
X-Varnish-Ttl
X-Symfony-Cache
X-Litespeed-Cache-Control
X-IsCacheURL
Backend-Timing
X-Flow-Powered
X-Connection-Hash
X-Transaction
X-Twitter-Response-Tags
X-Nginx-Cache
MC
X-Resolver-IP
BALANCEDTO
SSPAppContext
X-ARC
X-Cache-Only-Varnish
X-GeoIP
X-HTML-Minification-Powered-By
X-ServerIndex
NODE
X-Grid-Server
X-Jphone-Copyright
Ibf5scheme
CacheControlHeader
X-RiS-UFDI
X-Signature
Frame-Options
X-Source-ID
X-Magento-Tags
X-Key
X-Config-By
X-Force
SVR
X-Hit-Cache
X-PRAM
X-AEM
X-Pagename
MW-Webserver
Host-Service
Mime-Version
Cteonnt-Length
X-Webcelerate
X-HP-Trace-Project
X-HOSTNAME
X-NginX-Cache
A
X-Balanceador
X-Hiawatha-Cache
Resin-Trace
X-Trace
X-HP-Trace-ID
Keywords
X-Atraveo-Param-Rm
X-Atraveo-Expires
X-Atraveo-From-Varnish-Cache
X-Atraveo-ETag
Real-Server
X-WP
X-Atraveo-TTL
X-Atraveo-Varnish-Server-Id
X-Atraveo-Zone
X-Avvio-Cms-Cacheload
X-Atraveo-Set-Cookie
X-Smartcache-Keys
X-Smartcache-Timeout
X-Dynatrace
X-Real-IP
X-Varnish-Debug-Age
Cmstype
X-Plat
X-Plat-Be-Ip
X-Amz-Meta-S3cmd-Attrs
X-Plat-Va-Ip
X-ORACLE-DMS-ECID
Cneonction
CLMOB
X-Optimization
Section-Io-Id
X-Varnish-Debug-TTL
X-Worker
X-Atraveo-Cache-Control
X-ID
NLCacheNote
X-Vary-Options
Content-Server
X-Server-Response-Time
Cmsid
X-Id
X-HW
Head
X-WA-Info
Smug-CDN
X-Env
Bios
NnCoection
X-Amz-Storage-Class
X-TTFB-L
X-TTFB
X-Prefetched
X-SmugMug-Hiring
X-SmugMug-Values
X-We-Are-Hiring
ScoreTracker
X-HydroSheep
X-SRV
X-Server-IP
X-Detected-Device
X-Client-Image-Vid
X-Client-Vid
X-NginX-Server
X-Frames-Options
X-EPiphany-Vid
XDomainRequestAllowed
RN-Server
From
X-This-Proto
X-T3CacheTags
Ec
X-Server-By
X-Render-Time
X-Turpentine-Cache
X-Cache-Source
X-T3Cache
X-T3CacheInfo
X-Varnish-Currency
X-Cache-Provider
X-PG
X-AWS
Set-Cookie2
VAR-Cache
X-Turpentine-Esi
X-JG-Page-Cache
Cache-Rule
Paypal-Debug-Id
X-Appmachine-Environment
X-DSMX-Rewrite-MS
X-DSMX-Render-MS
X-DTC
X-Custom-Header
X-Varnish-Esi-Access
X-Varnish-Esi-Method
X-App-Runtime
X-TempDebug
X-Runtime-Affili
X-Server-Start-Time
OT-RequestId
X-B2f-Not-Route
X-A
Proxy-Cache
X-Origin-Id
Logging-CorrelationId
Il-Cl
X-Varnish-Cache-Local
Xc
X-LB-Server
X-Webstats-RespID
X-Varnish-Store
X-Varnish-Set-Cookie
X-REDIRECTSERVER
Cluster-ID
X-Amz-Id-1
X-Domino-CacheValidationWithETagReason
X-Domino-CacheValidationWithETagResult
X-Lifetime
X-Nitra-Side
X-GSL-Server
Imx-Cookies-Used
X-RDP
X-KoobooCMS-Version
X-Desc
X-Actindo-RS
X-App-Server
X-Rebelmouse-Cache-Control
X-Response
Web
Rel
X-Rebelmouse-Surrogate-Control
Sophnep-Edge-FX
X-Cache-CFC
Hash
Description
Prxy
N365rili
Machine
X-Cache-On
X-Provisioner-Version
X-DealerOn
X-Unbounce-Variant
Fastly-Backend-Name
X-Domain-Checked
NS-VaryByCustom-Key
X-Unbounce-VisitorID
X-Sucuri-Cache
X-Unbounce-PageId
X-Nginx
X-Server-Instance
ORIGIN
X-Rack-CORS
WP-AdvCache-MemCached
X-Restarts
X-EdgeConnect-MidMile-RTT
NtCoent-Length
X-Varnish-URL
X-Info
X-EdgeConnect-Origin-MEX-Latency
X-HITS
X-App-Status
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Ob-Mode
X-Goog-Storage-Class
D
RequestId
X-7d-Trace-Id
X-CB-Server
X-Goog-Generation
X-Goog-Metageneration
Yoncu-Errno
X-GUploader-UploadID
X-Cache-Engine
X-Forwarded-Host
X-Platform-Server
VServer
X-Oracle-DMS-ECID
X-7d-Instance-Id
X-RequestId
X-OPNET-Transaction-Trace
X-MrHost
X-Depends
X-SDE-Name
X-Distributed-By
X-Is-Mobile
CmsCacheEngine
X-Magento-Action
X-Cms-Mode
X-Cache-Set
X-Backend-Name
X-Jcms-Ajax-Id
X-Dev
X-ACLR-Version
X-Cache-Action
X-FIRSTBase
X-APP
X-Cluster-Node
PServer
Cpu
Noq
Ram
X-Captured
X-Varnish-Action
X-AccessDev
Worker
X-VC-TTL
Fw-Via
IM-Version
IsMobile
X-WR-MODIFICATION
X-SilverStripe-Cache
AsisCache
Accept-Language
Backend-Node
X-Hrouter
X-Hstore
X-Span
X-ProxyInstancename
Note
Device-Type
Fw-Cache-Status
X-Site:
X-Tile-Url
X-OpenCart-Lightning
X-MAT-GEO
X-Forwarded-Proto
X-Apm-Telemetry-Syncmark
X-Wikidot-Static-Cache
X-ManagedFusion-Rewriter-Version
X-ACCELERATE
Servername
X-Rewritten-By
X-Stage
Ctx
X-COUNTRY-CODE
X-Cache-TTL-Remaining
X-Cache-Keep
X-CacheResult
X-CSRF-TOKEN
RATING
Cpu:
Noq:
X-Cache-Node
X-Varnish-Error-Restart
X-WorkerInstancename
X-Accel-Expires
X-Srv
X-Varnish-Backend-Healthy
Nginx-Cache
X-Cache-Me-Harder
X-EC-Lua
X-Hosting
X-Distributor
Actual-Object-TTL
Ram:
Server-Id
X-Wikidot-Backend
X-Artvisual-Server
X-WHOIS-Cached
If-Modified-Since
X-Healthy
X-DEBUG
X-Enhanced-By
X-Fedora-School-Id
X-GoCache-CacheStatus
X-CACHE-TTL
X-Server-Generated
Id
SS
M
BKREF
ServerTokens
X-Cache-2
X-Server-Instance-Name
X-Author
Response-Time
X-EZPublish-NodeID
X-EZPublish-InstallationID
X-Nginx-Request-Time
X-Content-Security-Policy-Report-Only
X-Member
Session-Id
X-PBY
X-Old-Content-Length
X-RAMCache
X-WebNode
XDisk
Og
Sid
X-TB-M
X-Built-By
X-Status
VC-NoCache
INCOMING-TIME
X-Airee-Node
X-Bcwwwid
X-AppServer-Cache-Rule
X-Pagely-Cache
X-Phpwcms-Page-Processed-In
Content
X-Do-Esi
X-MSEdge-Ref
X-Amz-Meta-Cb-Modifiedtime
X-GRACE
Content-Cache
X-SV
Device
X-MCF-ID
X-Akamai-Edgescape
Tracker
X-Farm-Server
X-HAProxy
X-Ratelimit-Remaining
X-Box
X-Cache-Extended
Powerd-By
X-Varnish-Instance
X-SID
X-OCTOPOD
X-Company
X-Phpwcms-Release
RouteID
X-Upstream-Backend
X-NewRelic-App-Data
X-Hosts-Backend
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-Invoke-Duration
ServerSignature
X-AISO-Server
MageStack-Loadbalancer
MageStack-Debug
X-Backend-TTL
X-Varnish-Cache-Control
X-PoweredBy
Disablevcache
Cleartype
Content-Instance
Dispatcher
MageStack-PageSpeed
X-Cache-ID
X-Cms-Server
MageStack-Cache-Lifetime
WFE
MageStack-Cache
MageStack-Area
X-Header
MageStack-Cache-Status
MageStack-Config
HOST-SERVICE
MageStack-Cacheable
Be
X-Rq
X-Mobile
X-Generated
X-Pj-Cache-Expires
X-Pj-Cache-Flags
X-Hcom-Styx-Info
X-Max-Age
X-CCM
X-DN-Cache-Control
X-Gyrobase-Publication
X-Layout
X-Pj-Cache-Gzip
X-Pj-Cache-Key
X-B
Www.Aujourdhui.Com
MageStack-Web-Node
MageStack-Tag
X-Cache-Handler
X-Cache-Level
X-Pj-Cache-Status
X-Pj-Cache-Time
X-Distil-CS
Language
MageStack-Cache-Hits
Cdate
X-VARITI-CCR
Hamster
X-SeschatDID
X-Secret
X-SeschatRedID
X-Vhost-ID
X-Environment
X-UUID
X-FreeTag-Count
Host-Name
X-PF-CACHE-FAILED
X-SeschatTemplateID
Cache-Control:
X-TempoPesquisa
X-SeschatLayout
AC-ELC
X-Title
X-Catalyst
B-Powered-By
X-Serendipity-InterfaceLangSource
DrivedBy
X-Pixelsilk-Version
X-NewCloud-V-Cache
X-Pixelsilk-Server
X-Serendipity-InterfaceLang
PowerCDN
X-Pressidium-NinukisWP-Ver
X-HP-CAM-COLOR
X-Seschat-URL
X-Time-Spent
X-Qnm-Cache
X-VC-Enabled
X-Trace-Id
X-FastCGI-Cache
X-W3TC-Minify
Server-Ip
Serverid
Ttl
X-DDM-SERVER
X-Batcache
X-Cache-Via
RSL-Trace-ID
Pool
X-Request-Processing-Time
MageStack-Cache-Warning
X-Request-Received
SiteName
Lb
X-ESI-Enable
X-FFX-B
X-Pubstack
X-ITKG-Cache-Tags
X-Flex-Evend
X-Flex-Tags
X-Content-Type
X-Cluster
X-DB-Content-Length
X-DPWN-IS-SECURE
X-Hash
X-HA
X-Checkout
X-DDM-SERVER-UPDATED
X-Pb-Mii
X-Search-Id
X-Varnish-Max-Age
CpuTime
WWW
Ozcache
X-Name
X-Flex-Tag
X-Device-Group
X-Flex-Community
X-Cjtype
X-Transaction-Id
X-Accel-Cache-Control
X-VERSION
X-Flex-Evstart
X-Flex-Lang
X-Original-Host
X-Flex-Lastmod
X-Powered-By-Anquanbao
X-ProcessTime
X-Ser
X-Route
X-App
Expire
Kanooh-Host
Identity
X-Rack-Cors
LX-Ambiente
LX-Cliente
LX-MachineName
LX-Host-Api
LX-Host
X-Old-Varnish
Webserver
X-RemovedCookies
X-ProcessESI
X-PHP-Response-Code
X-Sid
Powered-By-VeryCDN
QC-Time
QC-Key
QC-Hit
LX-Server-GetCache-Id
LX-Site
X-UltraCart-Critical-Path-CSS-Key
X-UltraCart-Critical-Path-CSS-Injected
X-Powered-By-Server
X-UltraCart-Inject-Critical-Path-CSS
X-UltraCart-Server-Round-Trip
X-Ruxit-JS-Agent
X-Runtime-Memory
X-ETag
X-Powered-By-Home.Pl
X-LW-T
LX-Type
LX-Tipo-Container
LX-Static
LX-Url-Photo-Container
LX-Url-Skin-Container
X-Fpc
LX-Version-Package
LX-Version
X-LS-DEBUG
X-Dynamic
X-VCS-Hit
X-VCS-Cacheable
X-VCS-Cache-Server
X-VCS-Host
X-VCS-Nrhit
X-VCS-Url
X-VCS-Ttl
X-VCS-Status
X-VCS-Billing
X-UseReverse-Proxy
X-Provided-By
X-Pageid
X-IP-Address
X-Router
X-Router-Backend
X-T
X-SuperCache
X-Site-Name
X-Webapp
X-Zendesk-Origin-Server
Hostname
E-Tag
CommunityServer
Tempo
X-Brought-To-You-By
X-DeliveryServer
X-Delivered-By
X-Client-Ip
X-Timing
X-Frame-Option
X-Highwire-Sitecode
ReqUrl
MachineName
WSCLoggingUUID
Origin-Server
X-E
X-Akamai-Transformed
X-Front-Cache
X-Time-Microsecs
X-Diehard-Tags
X-Diehard-Blocks-Removed
X-Diehard-Blocks-Added
X-Dynamic-Cache
X-Faeria
X-NewsFlow-DoCache
Rt-Proxy-Cache
X-Diehard
Web-Server
X-Hit
X-BeResp-Ttl
X-PageType
X-AISO-Cacheable
X-AISO-Cache
Dynatrace
X-NewsFlow-Sitename
X-NGINX-Cache
Debug-Status
Copyright
X-DataDome
Pv
Requested-Host
X-Clx-Request
User-Cache-Control
TP-L2-Cache
TP-Cache
Foglight-Request-UUID
X-Not-Cacheable
EXT-CACHEEXPIRE
E-TAG
Svr
Max-Age
X-Pass-Through
Pw-Value
X-Server-Node
X-RateLimit-Remaining
X-PM-ID
X-Uid
X-Magento-Cache-Debug
X-Cacheable-TTL
X-Magento-Cache-Control
X-Origin-Cache
X-Obr-Rule
X-DOM
X-Clara-ASAP
X-VhostID
X-UA
X-NID
X-Static
X-C
X-BServer
X-TTL-Age
Aurora-Node
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
X-Remote-Addr
Fpc-Expire
X-Me
X-Does-He-Have-Time
Apache
X-BPool
Lookup-Cache-Hit
ServerIP
X-DEBUG-TTL
X-Beatles-Hits
X-Esi
X-Forwarded-Server
X-Gannett-Site-Version
X-FG-RequestId
X-FCMS-Cache
X-Proto
X-RealServer
Content-Generator
X-Src-Webcache
X-Compressed-By
X-Bypass-Ssl-Transform
X-Unique-Id
X-Server-Addr
Hosted-By
NZSpeedy
X-4ormat-Cacheable
Served-From
Provider
REFRESH
X-Matched-Rule
X-Expose-Took
X-Expose-Site
X-Nginx-VM-RT
X-Ocache
X-RSS-CACHE-STATUS
X-RequesterIP
X-Expose-Hostname
X-Expose-Generated
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
X-Apache2-RT-MicroSec
X-ESI
X-Cache-Time
X-Meta-MSThemeCompatible
X-Meta-MSSmartTagsPreventParsing
Atp-Isdpp
At-Shoptype
At-Isb
Brandcast-Brand-Id
Brandcast-Load-Balancer
ClientIP
Cache-Status
"
X-ASAP-Cache
X-VG-WebCache
X-MSU-SOURCE
Progma
X-AppServer-Status
X-Fe
X-ClusterID
F5-IpCliente
Gzip
MSThemeCompatible
MSSmartTagsPreventParsing
X-Dw-Trace-Id
X-Fstrz
X-Meta-Imagetoolbar
X-Ghost-Cache-Status
X-Node-Name
X-LOCATION
P
Kp-EeAlive
Url-Hash
X-Built-With
X-CPU-Time
X-Cache-Detail
VANITY-HOST