Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
Link
ETag
X-Content-Type-Options
X-Pingback
P3P
X-Frame-Options
X-XSS-Protection
X-AspNet-Version
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Keep-Alive
Strict-Transport-Security
X-Varnish
Access-Control-Allow-Origin
X-Language
X-Check
X-Template
P3p
X-Buckets
X-Cacheable
X-Generator
Content-Location
X-Drupal-Cache
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Iinfo
X-Powered-By-Plesk
MS-Author-Via
X-Type
X-Pass-Why
X-Cache-Group
X-Request-Id
X-Runtime
WP-Super-Cache
Status
X-Powered-CMS
Ngpass-Ngall
Content-Security-Policy-Report-Only
X-Cache-Hits
X-Permitted-Cross-Domain-Policies
Host-Header
X-UA-Device
X-Request-ID
X-Download-Options
Access-Control-Allow-Credentials
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Dc
X-Mod-Pagespeed
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Via
X-Logged-In
X-Tumblr-Pixel-1
Access-Control-Allow-Headers
X-Pad
X-Backend
X-Tumblr-Pixel-2
Access-Control-Allow-Methods
X-ServedBy
X-ContextId
X-Served-By
X-PC-Hit
X-PC-Key
Content-Security-Policy
X-Host
X-CDN
X-Cache-Hit
X-Xss-Protection
X-Port
Powered-By
X-Tumblr-Pixel-3
X-Server
X-Robots-Tag
Upgrade
X-PC-Host
X-PC-Date
X-PC-AppVer
X-Cache-Lookup
X-Rack-Cache
MicrosoftOfficeWebServer
X-Cache-Status
MicrosoftSharePointTeamServices
X-Accel-Version
SPRequestGuid
X-SharePointHealthScore
X-Varnish-Cache
X-Request-Country
X-Page-Speed
X-Safe-Firewall
X-XRDS-Location
X-MS-InvokeApp
Content-Encoding
X-Cnection
X-Amz-Cf-Id
Rating
X-Wix-Renderer-Server
X-Seen-By
X-Wix-Request-Id
X-AH-Environment
X-Tumblr-Content-Rating
CF-Cache-Status
X-Turbo-Charged-By
X-Served-From-Cache
X-Tumblr-Pixel-4
X-W-DC
X-GitHub-Request-Id
X-Webserver
X-Timer
X-FullPageCaching
X-PhApp
X-Content-Powered-By
X-Content-Digest
X-INKT-URI
X-INKT-SITE
X-SERVER
X-Cache-Enabled
Request-Id
X-Firenze-Processing-Times
Public-Key-Pins
Composed-By
Served-By
SPIisLatency
SPRequestDuration
Alt-Svc
X-Amz-Id-2
X-Amz-Request-Id
X-Proxy
Cf-Railgun
X-Server-Powered-By
Liferay-Portal
X-Proxy-Cache
Timing-Allow-Origin
X-HeyJason
Permitted-Cross-Domain-Policies
X-Hyper-Cache
X-Spip-Cache
X-Node
X-Pantheon-Endpoint
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Styx-Version
Content-Style-Type
Content-Script-Type
Charset
X-Server-Name
X-CF-Powered-By
Access-Control-Max-Age
X-Tumblr-Pixel-5
X-Swift-SaveTime
X-Swift-CacheTime
EagleId
X-XN-Trace-Token
X-XN-XNHTML
Access-Control-Expose-Headers
Content-MD5
X-Hits
X-FW-Hash
X-Clacks-Overhead
X-Content-Security-Policy
X-Umbraco-Version
Access-Control-Allow-Method
X-VWS-Id
X-Fastly-Request-ID
X-AWS-Id
X-Beta
X-LJ-Flow-ID
X-Gateway
X-Cache-Server
Cartoon
X-FB-Debug
X-FW-Serve
X-FW-Type
X-FW-Static
X-Device
Public-Key-Pins-Report-Only
X-Jimdo-Instance
X-Jimdo-Wid
X-Backend-Server
Refresh
X-Powered-By-360WZB
X-Cache-Result
X-DDC-Arch-Trace
X-VCache
Grace
X-Cloud-Trace-Context
X-User-Agent
Real-Hostname
X-Loop
X-Cached-By
X-MiniProfiler-Ids
X-Px
X-Dw-Request-Base-Id
X-TNCMS
X-Generated-By
X-Age
X-Cache-Config
X-DynaTrace-JS-Agent
X-Tumblr-Pixel-6
X-Outils-CS
X-Drupal-Dynamic-Cache
PageSpeed
X-Cached
X-Url
X-Hostname
NS-RTIMER-COMPOSITE
X-Whom
X-CMS-Version
X-DynaTrace
X-CDN-Pop
X-CDN-Pop-IP
X-ServerName
TCN
Response
X-Do-Not-Hack
X-Forwarded-For
Fpc-Cache-Id
X-Middleton-Display
X-Middleton-Response
Alternate-Protocol
X-Sol
X-LiteSpeed-Cache
Surrogate-Control
Display
Fastly-Debug-Digest
X-URL
X-WebKit-CSP
Imagetoolbar
X-CDN-Geo-IP
X-CDN-Any-IP
X-CDN-Geo
X-Recruiting
ServerName
DynaTrace
Magicmarker
X-Msg-2-Log
Rt-Fastcgi-Cache
Edge-Control
Page-Completion-Status
X-AspNetWebPages-Version
X-From
Product
X-Expires-Orig
X-Country-Code
ServedBy
X-Handled-By
X-Micro-Cache
X-Content-Options
X-NetCat-Version
Generator
IBM-Web2-Location
X-TTL
X-Hosted-By
X-Ruxit-JS-Agent
X-HOST
X-Content-Encoded-By
Access-Control-Request-Method
X-ApacheServer
X-Firenze-Processing-Time
Akamai-IP
X-Track
X-SDS
Ag-Send-Time
Ag-Execution-Time
Ag-Server-Time
Powered-By-ChinaCache
X-I
Fhost
X-App-Hosting
X-Matrix-Proxy
X-Varnish-Cache-Hits
X-Matrix-Server
X-Varnish-Host
X-Cache-TTL
X-FORWARDED-FOR
X-PERF
X-Varnish-Backend
X-Varnish-TTL
X-Varnish-Beresp-Status
X-UD-Method
X-ATG-Version
Powered
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Version
X-Director
USPLoggingUUID
Content-Disposition
X-Passed-To
X-Passed-To-DLL
X-Original-Request
X-Returned-From
X-Returned-From-DLL
Front-End-Https
X-Actual-URL
X-Returned-From-PostProcessResponse
Content-Hash
Content-Encoding-Handler
X-Cache-Rule
MIME-Version
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Returned-From-BeforeDispatch
X-Stale
X-CacheServer
X-S
X-Daa-Tunnel
X-Platform
Proxy-Connection
X-Abuse
X-Cache-Age
X-Origin
X-Vtex-Remote-Cache
X-ChromeLogger-Data
No
X-Powered-By-VTEX-Janus-ApiCache
X-Vtex-Processed-At
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-ApiCache
X-VTEX-Cache-Status-Janus-Edge
X-Powered-By-VTEX-Janus-Edge
X-Vtex-Processado-Em:
X-Server-ID
X-Microcachable
X-Cache-Info
Lsrequestid
X-Varnish-Cacheable
Surrogate-Keys
Node
Host
X-Powered-By-Server
X-Request-Time
X-Response-Time
X-Cdn
X-Developer
X-Art-Request-Id
X-Duration
X-Varnish-Age
X-Gamma-Serve
X-CDN-Cache-Status
X-CDN-Node
X-RESOURCE
X-URLSCHEME
X-App-Status
X-I-Sp
X-BS
X-FW
X-PwB-Node
X-Cache-Control-Orig
X-Source
X-Cache-Debug
X-Route-Server
X-Revision
X-Rocket-Nginx-Bypass
Proxy-Agent
X-Front
Origin
Content-Security-Policy-Rerport-Only
ServerID
X-Device-Type
X-Translation
X-Microcache-Status
X-Cache-Tags
X-Frontend
Fastcgi-Cache
X-NoCache
X-ServerID
Retry-After
X-Mobilized-By
Webluker-Edge
X-Cache-Expires
X-Location-Id
X-Drectory-Script
X-SRCache-Store-Status
Location
Version
X-SRCache-Fetch-Status
X-Processed-By
NetMindSessionID
X-Cache-Operation
Buuteeq-Source
X-DefendeR-Runtime
X-DefendeR-Status
Pics-Label
PICS-Label
X-CJ-Soft
RTSS
X-Time
X-Fastcgi-Cache
X-Page-Cache
SN
X-Upstream
X-Instart-Request-ID
Accept-Encoding
VAR-Cache
X-Dispatch
X-Geo-IP
CC-CACHE
X-Amz-Meta-S3cmd-Attrs
NODE
Accept-Charset
Cache
X-Vcap-Request-Id
X-B-Cache
Content-Transfer-Encoding
X-Real-Server
X-Trace-Cache
Qs-Cache
X-Trace
X-DNS-Prefetch-Control
HCVer
Mobiquo-Is-Login
Server-Info
X-ClientSide-Caching
X-Geo-IP-Country
AMF-Ver
HAVer
X-Geo-IP-Metro
X-ACMCache
X-Geo-IP-Region
X-Geo-IPV
X-Cache-Lifetime
Srv
X-AOL-HN
X-Platform-Processor
SID
X-Varnish-Hits
A-Powered-By
X-Platform-Router
SVR
X-Orig-Vary
X-Speed-Cache
NtCoent-Length
X-Cache-Key
Arr-Disable-Session-Affinity
X-Varnish-Server
Thanks
X-Engine
X-Yadis-Location
X-Nginx-Cache
X-NginX-Upstream-Addr
X-Akamai-Device-Characteristics
X-Akamai-Device-Model
X-Purge-Host
X-Purge-URL
Req-Id
X-Xrds-Location
X-NginX-Upstream-Status
X-WR-Flags
X-AbeBooks-Version
X-NginX-Node
X-NginX-Cache-Status
X-NginX-Upstream-Response-Time
X-Distributed-By
Nitro-Cache
X-SV-CreatedAt
Last-Published
X-Cookie-Domain
X-SV-CacheTags
WSR-Cache
X-SV-Duration
X-SV-Nginx-Duration
X-Grace
X-SV-Edge
X-Magnolia-Registration
X-SV-Pid
X-SV-Expires
X-SV-FromDBCache
X-Varnish-Grace
X-Client-IP
X-Goog-Hash
X-Cache-Doesi
COMMERCE-SERVER-SOFTWARE
X-Libra-UpstreamHost
X-Provisioner-Version
X-Varnish-Hostname
X-Domain-Checked
X-Srv
X-UPSTREAM
IISExport
X-Speed-Cache-Key
X-Varnish-RemainingTTL
X-Server-Upstream
X-Framework
X-Varnish-Seen-By
X-Blog
X-Server-Response-Time
X-Processing-Time
X-Sys-Req-ID
X-Sucuri-ID
X-Varnish-Action
Filter-Revision
X-PF-Uncompressing
Allow
X-Discourse-Route
Author
Nodo
CacheControlHeader
X-LiteSpeed-Cache-Control
X-GeoIP-Country-Name
X-GeoIP-Country-Code
X-Ttl
X-Varnish-RemainingGrace
Lfy
Cxy-All
X-Origin-Id
Logging-CorrelationId
X-Supported-By
X-BackendServer
LBVIS
Hamster
X-Nitra-Side
X-Directory-Script
X-Hit-Cache
X-Pagename
X-Litespeed-Cache
X-Highwire-SessionId
X-Varnish-IP
X-SmartBan-Host
X-SmartBan-URL
X-Highwire-RequestId
X-Adobe-Loc
X-Adobe-Content
X-Debug
Cm-Server
X-SE-Debug
X-Platform-Cache
X-Unique-ID
S
X-Newrelic-App-Data
X-NB-Cached-Page
Server-Name
X-StackifyID
X-Session-Reinit
X-Mobile-URL
X-Cache-Control
X-Varnish-HitMiss
X-LB
X-Varnish-Count
X-Amz-Version-Id
X-Flow-Powered
Frame-Options
S-Cnection
SRV
X-N
X-Balanceador
X-Hypernode
X-Grid-Server
X-Varnish-Debug-Age
X-Yottaa-Optimizations
X-Cache-On
X-VTEX-Janus-System
Ibf5scheme
X-VTEX-Janus-SO
X-FIRSTBase
X-Aicache-OS
X-Yottaa-Metrics
Cache-Key
X-Cache-Engine
X-JG-Page-Cache
Rewriter
X-AOL-SNH
X-SDE-Name
X-Empowered-By
Tk
X-NFE
X-Cookie
X-Nurl
X-Dynatrace
X-Nhost
Set-Cookie2
Backend
X-Machine-Name
X-Obvious-Info
X-Obvious-Tid
X-LW-Web-Server
LBC
W
WP-AdvCache-MemCached
Host-Service
BALANCEDTO
WWW-Authenticate
XDomainRequestAllowed
SS
X-App
X-Storage
X-Src-Webcache
X-WR-MODIFICATION
X-App-Server
Id
X-Distributor
X-Do-Esi
X-Object-Type
X-Object-Id
X-Cache-CFC
X-Garden-Version
X-Connection-Hash
X-Bettercache-Proxy
X-Symfony-Cache
X-TempDebug
Beyond-Iis
X-Transaction
X-Twitter-Response-Tags
X-Resolver-IP
SSPAppContext
Smug-CDN
X-Config-By
X-Content-Age
X-SmugMug-Values
Keywords
X-ORACLE-DMS-ECID
X-Prefetched
X-SmugMug-Hiring
X-Env
X-TTFB-L
X-Analytics
Backend-Timing
Real-Server
X-TTFB
X-RiS-UFDI
X-WA-Info
X-Cocoon-Version
Mime-Version
CT
X-Accel-Expires
X-Cache-Keep
X-CB-Server
ScoreTracker
X-Vary-Options
From
X-Cf-Powered-By
VC-NoCache
X-CacheResult
X-Varnish-Debug-TTL
X-Full-URL
X-Cache-TTL-Remaining
IM-Version
X-Amz-Id-1
X-Content-Security-Policy-Report-Only
X-Jphone-Copyright
X-Unbounce-VisitorID
X-Hosts-Backend
X-Server-Instance
X-Unbounce-PageId
X-Unbounce-Variant
X-Healthy
X-Atraveo-TTL
X-Atraveo-Expires
X-Atraveo-Cache-Control
X-Atraveo-ETag
X-Atraveo-From-Varnish-Cache
X-Atraveo-Param-Rm
X-Atraveo-Set-Cookie
X-Plat
X-XTM-Node
X-Atraveo-Varnish-Server-Id
X-Cache-Node
X-Atraveo-Zone
X-Optimization
X-Varnish-Esi-Access
X-Varnish-Esi-Method
Cluster-ID
X-Uid
X-Magento-Action
X-Force
X-Secret
X-MAT-GEO
X-Browser
X-Desc
MW-Webserver
Hash
X-Invoke-Duration
X-PRAM
X-HP-Trace-ID
X-EPiphany-Vid
X-Client-Vid
Cneonction
Ec
X-HeBS-Cache-Status
Pool
X-NginX-Cache
X-NginX-Server
X-APP
MIH-CLIENT-FARM
X-WorkerInstancename
MIH-PLATFORM
Front
MIH-PUBLIC-IDENTIFIER
X-Worker
X-Amz-Storage-Class
X-Source-ID
X-Nginx-Host
Paypal-Debug-Id
X-ATM-RTime
X-ATM-RServer
X-GSL-Server
X-Expires
Sophnep-Edge-FX
X-RDP
X-HP-Trace-Project
X-DOM
Description
N365rili
X-Response
X-Server-Id
X-Vhost-ID
X-Ob-Mode
X-Avvio-Cms-Cacheload
NnCoection
X-Id
SBGI-RealPath
SBGI-Device
SBGI-RenderTime
X-F-Cache
X-IsCacheURL
Head
X-Real-IP
SBGI-9
SiteName
SBGI-1
SBGI-10
SBGI-5
SBGI-7
X-Turpentine-Cache
X-ID
X-Turpentine-Esi
X-Captured
X-Block
X-AUSERNAME
Backend-Name-Original
Access-Control-Allow-Orgin
X-Edge-Location
X-Webcelerate
X-Middleton-PageSpeed
X-HW
CLMOB
X-HOSTNAME
Cached
ServerTokens
X-Varnish-Currency
X-Wikidot-Backend
X-Node-Name
X-Powered-By-Anquanbao
X-BC-Stapler
X-Site:
X-Trace-App
Content-Instance
X-VARNISH-Cache
X-Varnish-URL
X-Varnish-Store
X-ProxyInstancename
X-Channel-Maxage
X-Wikidot-Static-Cache
X-Varnish-Set-Cookie
X-CID
X-Actindo-RS
ServerSignature
X-CCC
X-AWS
X-Detected-Device
X-CDN-Forward
X-WP
X-Smartcache-Timeout
X-NewRelic-App-Data
X-ACCELERATE
X-Web
X-DPWN-IS-SECURE
X-Stage
X-Smartcache-Keys
X-Cache-PageType
X-ARC
X-Info
X-Cache-Action
X-Rack-Cors
X-Restarts
X-Cache-Fix
X-Varnish-Error-Restart
X-Varnish-Backend-Healthy
Pool-Info
NLCacheNote
X-Phpwcms-Page-Processed-In
Gzip
X-Phpwcms-Release
X-Tile-Url
X-SV
X-TN-ServedBy
RATING
Dynatrace
F5-IpCliente
ClientIP
X-REDIRECTSERVER
X-Dev
X-Esi
X-Cms-Mode
X-V
X-Trace-Id
X-GRACE
X-Client-Ip
X-PHP-Engine
X-Kinsta-Cache
X-Rocket-Nginx-Reason
Worker
X-Rocket-Nginx-File
Bios
X-Domino-CacheValidationWithETagReason
X-T
AsisCache
X-Domino-CacheValidationWithETagResult
X-EntryPoint
X-DSMX-Render-MS
X-Ocache
P-WS
X-Fallback
Sid
X-Appmachine-Environment
Accept-Language
Il-Cl
X-Dns-Prefetch-Control
X-HTML-Minification-Powered-By
X-Header
X-Apm-Telemetry-Syncmark
X-DSMX-Rewrite-MS
X-Application-Context
X-B2f-Not-Route
X-Pagely-Cache
CommunityServer
X-Cache-Extended
Ksid
P-LB
Prxy
Encoding
X-7d-Instance-Id
X-7d-Trace-Id
Cdate
XX
X-MrHost
X-Server-Instance-Name
X-Server-Generated
User-Cache-Control
X-FreeTag-Count
X-Full-Url
X-Timing
Beid
X-B
X-Cache-Original-TTL
X-Ec-Custom-Error
CpuTime
Open.Jobgate.Se
X-DealerOn
Myheader
Jobb.Passal.Se
X-Status
P3P:CP
Test.Executivepeople.Se
Www.Mirrorgate.Se
X-DTC
Www.Mabracertifiering.Se
X-Old-Content-Length
Max-Age
Jobb.Gil.Se
X-ASEN
PowerCDN
OT-RequestId
Note
Fw-Via
X-N-ViewType
Cmstype
Cmsid
X-AREQUESTID
Jobb.Assistentpoolen.Se
Surrogate-Key
Cache-Rule
Www.Myjob.Se
X-OCTOPOD
X-T3CacheTags
X-Webstats-RespID
X-Render-Time
Resin-Trace
TP-L2-Cache
TP-Cache
X-Environment
X-T3CacheInfo
X-Zen-Fury
Edgecast
Warning
WFE
X-T3Cache
X-ASAP-Cache
X-Dispatcher
Nginx-Cache
X-HostName
HOST-SERVICE
Servername
X-Frame-Option
X-Artvisual-Server
X-Clara-ASAP
Noq
X-EdgeConnect-MidMile-RTT
TotalTime
X-VarnishCache
Ram
X-Enhanced-By
Web
X-Author
Apache
X-W3TC-Minify
X-Instance
Xc
X-Cache-Set
Cpu
X-LB-Server
X-Varnish-Instance
Machine
X-EdgeConnect-Origin-MEX-Latency
INCOMING-TIME
Expire
X-Clx-Request
QC-Time
X-IIJ-Cache
X-MSU-SOURCE
X-Webapp
XDisk
QC-Key
QC-Hit
Dispatcher
X-GeoIP
PServer
X-Forwarded-Proto
Section-Io-Id
AC-ELC
Device-Type
X-VC-TTL
X-UseReverse-Proxy
SB-Site-Device
Server-ID
X-BeResp-Ttl
SB-Cache-Remaining
SB-Cache-Life
Fpc-Expire
RouteID
X-Cache-Type
X-Cluster
X-Router-Backend
X-Static-Version
X-Request-Count
X-Router
X-Purge-Level
X-DEBUG
X-Jcms-Ajax-Id
X-Wm-1
X-SERVER-ID
X-Backend-Name
X-LS-DEBUG
X-Hiawatha-Cache
CmsCacheEngine
X-SilverStripe-Cache
Ttl
X-Wm-VIP
X-Box
Fastly-Backend-Name
X-IP-Address
X-SID
X-FastCGI-Cache
X-Pj-Cache-Status
IsMobile
X-Is-Mobile
X-Oracle-DMS-ECID
X-HITS
X-AccessDev
X-Test
X-Signature
X-COUNTRY-CODE
X-Frames-Options
X-IB-Content-Urn
MachineName
X-IB-Content-Type
X-IB-Context-Urn
X-Cache-Level
V-Age
X-IB-Site-Name
Www.Aujourdhui.Com
X-Pressidium-NinukisWP-Ver
X-ATP-Server
X-Cluster-Node
X-Flex-Evstart
HA-Front
X-Flex-Lang
Aoestatic
X-Flex-Evend
X-Flex-Community
DNI-Expires
X-Device-Group
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Site-Name
X-Rewritten-By
X-PBY
X-Goog-Stored-Content-Encoding
X-Confluence-Request-Time
X-Mobile-Device-Type
X-Server-IP
X-Hosting-Env
X-RAMCache
X-Catalyst
RSL-Trace-ID
X-DDM-SERVER
X-ProcessESI
RequestId
X-IB-Timestamp
X-DDM-SERVER-UPDATED
X-ManagedFusion-Rewriter-Version
X-Provided-By
X-Flex-Lastmod
A
X-Magento-Lifetime
X-Mobile-Device
X-Pb-Mii
X-QHCDN
CDN-Region
X-Medium-Entity-Type
X-Medium-Entity-Id
X-Fedora-School-Id
Cteonnt-Length
X-DN-GyrobaseID
X-Cms
SBMCLOUD
X-DN-Cache-Control
Copyright
Debug-Status
X-Global-Transaction-ID
X-Pj-Cache-Key
X-Pixelsilk-Version
X-Route
X-Sc-Cache
X-Sc-Path
X-Pixelsilk-Server
X-OPNET-Transaction-Trace
X-Gyrobase-Publication
X-Tradeindia-SMgmt
X-HA
ThisTTL
X-Backside-Transport
Imx-Cookies-Used
X-Rq
X-RateLimit-Remaining
X-Powered-Developer
X-NMT-Proxy
X-Varnish-Max-Age
X-ServedByHost
X-SuperCache
X-Flex-Tags
X-Hash
X-Max-Age
X-Mii-Cache-Hit
X-Hosting
X-ESI
X-Search-Id
X-Tradeindia-Request-GUID
Mto-License-Status
X-Distil-CS
Server-Optimized-By
X-Tags
X-Accel-Cache-Control
X-DODN-Id
X-Akamai-Edgescape
X-Cms-Server
X-RemovedCookies
X-Flex-Tag
GenSvr
X-LW-T
X-HAProxy
X-Process-Time
ServerIP
X-ETag
X-72E-NoBeian-Transfer
Robots
X-PG
X-Cache-Ttl
Device
Kanooh-Host
ORIGIN
X-Runtime-Memory
Content
X-FCMS-Cache
X-BKSrc
X-Gondor-Server
X-Key
X-Proto
X-4ormat-Cacheable
NZSpeedy
X-Cache-Backend
X-Ghost-Cache-Status
X-Server-Addr
Hosted-By
X-VG-WebCache
X-PHP-Response-Code
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Index-Page
Secured-By
Server-Version
X-A
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Ibm-Web2-Location
Count-Click-Attempt2
Session-Id
X-ACLR-Version
X-E
X-EdgeRouter
Requested-Host
Origin-Server
X-Brought-To-You-By
X-Dynamic
X-HASH
X-Time-Spent
X-MobileDetected
X-Goog-Storage-Class
X-Hstore
X-JSESSIONID
X-KoobooCMS-Version
X-RealServer
X-Hrouter
X-Seschat-URL
X-SeschatDID
X-SeschatLayout
X-SeschatRedID
X-Remote-Addr
X-EZPublish-NodeID
X-BE
X-Capoed
X-EZPublish-InstallationID
X-SeschatTemplateID
Language
X-Cached-Status
X-CCM
X-Client-Addr
X-RSS-CACHE-STATUS
X-ESI-Enable
X-Built-By
X-FFX-B
Server-IP
VANITY-HOST
Thinkindot-Control
X-Highwire-Sitecode
X-Goog-Generation
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Goog-Metageneration
X-Venda-Hitid
Provider
X-Span
Ngpass-Vcall
CountryCode
Serverid
X-Rack-CORS
X-Sid
X-Varnish-Ttl
X-MSEdge-Ref
Wn-Vars
WN
AcceptLangage
X-This-Proto
X-Pardot-LB
X-MCB-Server
X-Request-Processing-Time
X-Hcom-Styx-Info
SL-NOREWRITE-REDIRECTS
X-WN-ClientGroup
X-UUID
X-Server-By
X-Pardot-Rsp
X-Geo
X-Request-Received
X-Pardot-Route
X-RequesterIP
Stats-Rendering
Stats-HtmlMinAndCss
X-Backend-Ip
X-Compressed-By
X-Esi-Processing
Stats-API
Expiries
X-Amz-Meta-Cb-Modifiedtime
X-RiS-PX
X-PageType
X-Pageid
X-Xhr-Current-Location
X-Gannett-Site-Version
B-Powered-By
X-Expose-Took
X-Expose-Site
X-Hiring
X-Nginx-Request-Time
Host-Name
X-Expose-Hostname
X-Expose-Generated
X-MOBILE
If-Modified-Since
URI
REFRESH
Backend-Node
Disablevcache
X-Cookie-Store
X-SayCDN-TTL
X-SayCDN-Original-UA
X-SayCDN-UA
X-Debug-Message
X-Serendipity-InterfaceLang
X-SayCDN-Original-Path
X-SayCDN-Original-Host
X-Say-Original-IP
X-Say-Original-UA
X-Say-Original-URL
X-Say-TTL
X-Serendipity-InterfaceLangSource
X-TB-M
At-Shoptype
At-Isb
Atp-Isdpp
D
Url-Hash
X-LOCATION
X-Lima-Id
X-Wix-Route-ID
X-Zendesk-Origin-Server
ReqUrl
X-CACHE-TTL
X-Say-Original-Host
X-Say-Cacheable
X-Sn-Servicetimems
X-Pj-Cache-Time
SINA-TS
SINA-LB
X-Platform-Server
X-Pj-Cache-Flags
X-Obr-Rule
X-Checkout
X-Content-Type
EWHSERVER
X-Identity
X-PM-ID
Pw-Value
X-Cache-Me-Harder
X-Cookies-Stripped
X-Martin
X-NewCloud-V-Cache
X-Backend-TTL
DPOOL-HEADER
X-Url-Store
X-Var-Hash
HostGen
Prototype-RootPath
X-Backend-Status
X-Timestamp
X-Panel-Id
X-TTL-Age
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
X-AISO-Server
X-Server-Ip
X-Panel-Name
MSThemeCompatible
NodeId
MSSmartTagsPreventParsing
X-AISO-Cache
X-AISO-Cacheable
X-CPU-Time
Http
X-Country
X-Debug-Serve
X-TargSmaku
Yola-ID
X-DataDome
X-Czt
X-Dynamic-Cache
WebServer
X-Edge-IP
Redirect
From-Origin
Powered-By-VeryCDN
Web-Server
Ews
X-Debug-Token
X-AG-MIPS
Returned-Status
MwpReleaseVersion
Access-Control-Request-Headers
Countrycode
X-UA
Be
Be-Ip
Be-Va
Inserted-Into-Cache-At
X-Beatles-Hits
X-ENV
X-Meta-MSSmartTagsPreventParsing
X-Meta-Imagetoolbar
X-IDS-WS
Vacache
X-Meta-MSThemeCompatible
X-PressLabs-Stats
X-DB-Content-Length
AGI-Request-ID
X-VC-Enabled
X-Does-He-Have-Time
Orgin-Server
NKBVHEADER
Ez
X-AppServer-Status
X-IP
X-Fe
X-WebNode
X-AppServer-Cache-Rule
X-Akamai-Transformed
Content-Cache
NS-VaryByCustom-Key
Lookup-Cache-Hit
Tracker
X-Trans-Id
Xonnection
X-Fpc
X-DB-NAR
X-MCF-ID
X-Orig-Host
X-Powered-By-Home.Pl
X-Bcwwwid
X-B3-Traceid
DB-Nickname
INFO
Og
X-Airee-Node
X-Company
X-DeliveryServer
X-Varnish-ServiceNetIP
X-Faeria
X-Firewall
X-KS-Cache-Status
X-WEBFRONT
X-Contact
Server-N
X-Hit
X-PHP
X-Delivered-By
X-Varnish-Hashed-On
X-Not-Cacheable
X-PS-MURDOCK-CASE-NORMALIZATION
X-Protected-By
X-Request-Uri
Tempo
X-9XB-Server
X-Application
RN-Server
Bs-Header
X-PS-MURDOCK-ORIG-FILEEXT
X-PS-MURDOCK-ORIG-PROTOCOL
Aurora-Node
X-Security
X-SATserver