Threat Level: green Handler on Duty: Russ McRee

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
X-AspNet-Version
Link
P3P
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
X-Adblock-Key
Content-Location
Keep-Alive
X-Frame-Options
CF-RAY
X-Varnish
X-Check
X-Language
X-Buckets
X-Template
X-Cacheable
P3p
Access-Control-Allow-Origin
X-Generator
X-Drupal-Cache
X-Ac
X-Hacker
WP-Super-Cache
Status
MS-Author-Via
X-AspNetMvc-Version
X-Powered-By-Plesk
X-Pad
X-Runtime
X-Geo-Port
X-Geo
Strict-Transport-Security
X-Request-Id
X-Powered-CMS
X-Host
MicrosoftOfficeWebServer
X-Type
X-Cache-Group
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Server
Ngpass-Ngall
X-Cache-Lookup
X-Logged-In
X-Mod-Pagespeed
X-Cache-Hits
Host-Header
X-UA-Device
X-Rack-Cache
X-Url
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Via
X-Forwarded-For
X-Iinfo
X-Backend
Access-Control-Allow-Headers
SPRequestGuid
X-SharePointHealthScore
X-Tumblr-User
Content-Encoding
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Access-Control-Allow-Methods
X-CF-Powered-By
X-Varnish-Cache
X-Tumblr-Pixel-1
X-Served-By
X-Accel-Version
X-Robots-Tag
X-Page-Speed
X-INKT-SITE
X-INKT-URI
X-Cnection
X-PhApp
X-ContextId
X-BC-Is-HA
X-CDN
X-ServedBy
X-MS-InvokeApp
X-Webserver
X-Tumblr-Pixel-2
X-Alternate-Cache-Key
X-ShopId
X-ShardId
Composed-By
X-Safe-Firewall
Served-By
X-Hostname
X-Firenze-Processing-Times
X-Pass-Why
X-Cache-Hit
X-PC-Key
X-PC-Hit
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId-Cached
X-PC-AppVer
X-PC-Host
X-PC-Date
X-Port
X-AH-Environment
X-XN-Trace-Token
X-XN-XNHTML
X-Cache-Status
X-Seen-By
X-Dc
X-Request-ID
X-Tumblr-Pixel-3
X-Powered-By-360WZB
Cartoon
X-Age
X-Spip-Cache
Liferay-Portal
Content-Script-Type
Cf-Railgun
Content-Style-Type
X-Amz-Cf-Id
X-Amz-Id-2
Content-Security-Policy
X-Umbraco-Version
X-Server-Name
X-Cache-Info
X-HeyJason
X-Amz-Request-Id
X-Content-Digest
X-Source
Request-Id
SPIisLatency
X-Rot
SPRequestDuration
X-SERVER
X-Cache-Server
X-FB-Debug
X-Served-From-Cache
X-Cache-Result
X-Styx-Version
X-Styx-Build-Sha
X-Styx-Build-Num
X-Pantheon-Endpoint
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Styx-Build-Date
X-Hyper-Cache
Rating
X-W-DC
X-Timer
X-Wix-Renderer-Server
CF-Cache-Status
X-Device
Powered-By-ChinaCache
X-Outils-CS
Real-Hostname
X-TN-ServedBy
X-Wix-Dispatcher-Cache-Hit
X-Wix-Request-Id
X-PHP-Engine
X-Loop
TCN
X-VCache
X-Px
X-DynaTrace
X-FullPageCaching
X-TNCMS-Memory-Usage
X-PersistenceNode
X-TNCMS-Version
X-TNCMS-Render-Time
X-TNCMS-Served-By
Refresh
X-Cached-By
X-Mobilized-By
NS-RTIMER-COMPOSITE
X-Tumblr-Pixel-4
Imagetoolbar
X-Cached
DynaTrace
Page-Completion-Status
X-Generated-By
Magicmarker
X-DynaTrace-JS-Agent
X-Original-Content-Length
X-From
X-CDN-Geo
X-CDN-Geo-IP
X-Cache-Enabled
X-CDN-Any-IP
IBM-Web2-Location
X-Loc
X-Content-Encoded-By
X-Microcachable
X-Tumblr-Content-Rating
Thanks
Product
Powered-By
X-Powered-By-Anquanbao
X-W3TC-Minify
X-CMS-Version
X-Matrix-Proxy
X-Matrix-Server
X-Served-With
X-Zephyr
X-Content-Security-Policy
X-Backend-Server
Access-Control-Max-Age
X-Firenze-Processing-Time
X-Tumblr-Pixel-5
Charset
PICS-Label
X-DDC-Arch-Trace
Generator
X-Node
Content-Encoding-Handler
X-Permitted-Cross-Domain-Policies
Node
ServedBy
Retry-After
X-Processed-By
X-Content-Options
Proxy-Agent
X-Varnish-Cacheable
X-Cf-Powered-By
X-I
Response
X-WebKit-CSP
X-Clacks-Overhead
MIME-Version
X-SDS
SID
X-Varnish-Backend
X-DNS-Prefetch-Control
X-FW-Hash
X-Drectory-Script
X-FW-Type
X-Varnish-Host
X-FW-Static
X-FW-Serve
X-User-Agent
Lsrequestid
X-ATG-Version
X-Cache-Debug
X-Sol
X-App-Hosting
ServerName
X-Purge-Host
RTSS
X-Cache-Expires
X-UD-Host
X-UD-Method
X-VARNISH-Cache
X-Expires-Orig
Set-Cookie2
X-NoCache
X-AspNetWebPages-Version
X-Middleton-Response
Access-Control-Request-Method
X-Jimdo-Pid
X-Jimdo-Wid
X-Varnish-TTL
X-ApacheServer
X-Duration
X-SN
Content-Disposition
Pics-Label
X-Original-Request
IISExport
X-Hits
X-LiteSpeed-Cache
X-Director
Edge-Control
Host
Accept-Encoding
X-Handled-By
X-Actual-URL
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Cache-Config
X-PERF
X-PF-Uncompressing
Cache-By-Node
X-TTL
X-Nitra-Side
X-Purge-URL
X-Swift-SaveTime
X-Swift-CacheTime
X-Cache-Control-Orig
X-Varnish-Hits
X-ServerID
X-Vary-Options
X-Hosted-By
NODE
X-Micro-Cache
COMMERCE-SERVER-SOFTWARE
VAR-Cache
AMF-Ver
X-Cookie-Domain
X-Version
Fhost
SEOMOZ
MJ12bot
Display
X-Middleton-Display
X-Front
X-Art-Request-Id
X-PwB-Node
Cache
S
X-Engine
Cm-Server
Surrogate-Control
Server-Info
X-URL
Website-Info
X-FIRSTBase
SN
Grace
Id
X-Speed-Cache-Key
X-Speed-Cache
X-MiniProfiler-Ids
X-Cocoon-Version
X-Whom
X-Varnish-IP
X-Yadis-Location
Filter-Revision
X-Highwire-RequestId
X-Highwire-SessionId
X-Track
X-App-Status
X-Blog
X-Response-Time
WWW-Authenticate
X-Session-Reinit
X-ServerName
X-S
X-Trace-Cache
X-Provisioner-Version
Machine
Ngpass-Vcall
X-CJ-Soft
X-Domain-Checked
Qs-Cache
Server-Name
X-Varnish-Age
Accept-Charset
Microsoftsharepointteamservices
X-Cache-Rule
X-Stale
X-FW
X-GeoIP-Country-Name
X-GeoIP-Country-Code
Srv
X-Microcache-Status
Req-Id
X-Distil-CS
X-Device-Type
Nodo
X-SRV
X-Xrds-Location
X-ACMCache
X-Time
Upgrade
Sprequestguid
X-Sharepointhealthscore
X-Directory-Script
NtCoent-Length
A-Powered-By
Webluker-Edge
X-Amz-Meta-S3cmd-Attrs
X-Cdn
X-Proxy-Cache
Powered
X-BackendServer
Proxy-Connection
Location
ServerID
NetMindSessionID
X-Varnish-Object-Age
X-Ttl
X-Cache-Operation
X-Ms-Invokeapp
X-Orig-Vary
X-Varnish-Cache-Hits
X-Srv
MIH-PUBLIC-IDENTIFIER
X-Gamma-Serve
X-Translation
X-Server-ID
X-Source-Host
X-Frontend
MIH-PLATFORM
MIH-CLIENT-FARM
X-Bettercache-Proxy
X-Country-Code
X-Sys-Req-ID
X-Varnish-Server
X-AOL-SNH
X-WebServer
X-Adobe-Content
X-Header
X-App
CC-CACHE
Buuteeq-Source
CT
X-CHSN
X-Secret
Fpc-Cache-Id
Rt-Fastcgi-Cache
X-Cache-On
X-Cache-Action
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Twitter-Response-Tags
X-TempDebug
X-Varnish-Beresp-Status
X-Vtex-Remote-Cache
X-LIGHTHTTP-PCDID
X-ID
X-Transaction
X-Vtex-Processado-Em
X-Connection-Hash
No
Ms
X-Object-Id
X-Object-Type
X-CacheHits
X-VTEX-Cache-Status-Janus-Edge
Content-Transfer-Encoding
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-Router
MW-Webserver
X-Powered-By-VTEX-Janus-ApiCache
X-Powered-By-VTEX-Janus-Edge
X-Src-Webcache
X-VTEX-Janus-Router-Backend-App
X-Recruiting
X-Cache-Age
Origin
X-MJ-Upstream-Addr
X-Vtex-Processed-At
SS
Cteonnt-Length
PageSpeed
Dispatcher
Backend
X-Cluster-Node
NLCacheNote
Beyond-Iis
X-Tumblr-Pixel-6
XDomainRequestAllowed
X-Geo-IP
X-FORWARDED-FOR
CommunityServer
X-ORACLE-DMS-ECID
X-Cache-TTL
X-Location-Id
Server2
X-Wily-Servlet
X-Wily-Info
X-Atraveo-Varnish-Server-Id
X-Atraveo-TTL
X-Machine-Name
X-Grid-Server
X-Atraveo-Cache-Control
X-Atraveo-From-Varnish-Cache
X-Atraveo-NC
LBVIS
Author
X-Enhanced-By
X-Id
X-Source-ID
X-Li-Fabric
X-Debug
X-Amz-Id-1
X-Cache-Lifetime
X-Old-Content-Length
X-PRAM
X-GeoIP
X-Turbo-Control
X-Info
X-FS-UUID
X-Li-Pop
X-Accelerated-By
X-Expires
MirrorName
From
SiteName
Apache
X-Force
X-LI-UUID
X-Resolver-IP
X-MJ-Serve-Req-Time
X-Stage
X-FreeTag-Count
X-Venda-Hitid
X-Cached-Status
UniqueName
X-Trace
X-Server-Id
Backend-Name-Original
X-Powered-By-Server
X-Developer
X-ManagedFusion-Rewriter-Version
X-Ar-Debug
X-Trace-App
X-Nginx-Server
X-Empowered-By
Allow
X-Rewritten-By
X-ChromeLogger-Data
X-Block
Content-MD5
Warning
X-Channel-Maxage
X-WEBSERVER
-GCR
X-N
X-Garden-Version
X-UD-Loopcounter
X-UD-REMOTE-ADDR
X-Varnish-Count
X-Varnish-HitMiss
X-Server-By
X-UD-Target
X-Uid
X-UseReverse-Proxy
X-Webapp
X-Upstream
X-Cms-Mode
Worker
X-Vhost
X-Frames-Options
X-Dev
Provided-Host
X-Webkit-CSP
Front
Public-Key-Pins
X-Router
X-Origin-Id
X-Cache-Ttl
X-ServerCache-Info
X-Router-Backend
X-T3CacheInfo
X-Jphone-Copyright
SVR
SRV
X-PvInfo
X-WR-MODIFICATION
X-Hosting-Env
X-Real-Server
X-Distributed-By
BM-Cache-Node
LFY
BM-Cache-Key
Be-Va
REFRESH
ScoreTracker
SFY
Be-Ip
WP-Cache
X-Yqk-Set
7e-Page-Cache
X-Powered-By-Yqk
Web-Server
SIP
X-Powered
XX
X-Request-Locale
X-Geo-IP-Metro
Access-Control-Expose-Headers
X-PM-ID
X-Response
X-Via-Kemp
X-Varnish-Action
X-ATM-RServer
X-Vhost-ID
Ttl
X-SilverStripe-Cache
X-ATM-RTime
X-B2f-Not-Route
SS-Request-ID2
X-Geo-IP-Country
X-HOSTNAME
X-Kirra-SiteId
Rt-Server
X-Max-Age
X-N-ViewType
Noq
X-Farm-Server
X-Varnish-Cache-Local
X-Accel-Expires
Mark
X-Goog-Hash
X-GSL-Server
X-Content-Age
X-Varnish-Debug-Age
X-T3CacheTags
ORIGIN
Ksid
X-Varnish-Debug-Hits
X-Geo-IP-Region
CDN
WP-AdvCache-MemCached
Ram
X-Drupal-Cache-Tags
Cluster-ID
X-SSL
Cpu
OriginServer
X-Geo-IPV
X-Varnish-ID
BM-Cache-Status
At-Shoptype
X-HostName
Aoestatic
At-Isb
Cmstype
Atp-Isdpp
Cmsid
X-Remote-Addr
X-Phpwcms-Page-Processed-In
X-Phpwcms-Release
LBC
X-Cache-Set
X-Server-Instance
X-Varnish-Cache-Server
X-Pagename
X-ESI
P3P:CP
X-Varnish-Currency
X-OPNET-Transaction-Trace
Www.Myjob.Se
Compression-Control
Cache-Ctrol
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Nginx-Host
Open.Jobgate.Se
X-Abuse
X-Origin
X-DTC
X-WP
X-Hit-Cache
Il-Cl
X-CacheTTL
X-CacheServer
Jobb.Assistentpoolen.Se
Jobb.Passal.Se
Jobb.Gil.Se
X-MCB-Server
X-Gannett-Site-Version
X-Monstercache-Timeout
AppDynamics-BT
X-Actindo-RS
X-Monstercache-Host
X-Monstercache-Hash
X-Monstercache
No-Cookie
X-Nginx-Backend
BALANCEDTO
X-DeliveryServer
Www.Mabracertifiering.Se
X-Web-Node
X-B2f-Cache-Load
X-Distributor
Test.Executivepeople.Se
Www.Mirrorgate.Se
X-Varnish-Device
X-ASTRO-REWRITE
X-Route
Content-Instance
X-UPSTREAM
PServer
X-Varnish-URL
X-DefendeR-Runtime
PageSpeedFilters
X-Purge-Level
X-GC-Read
X-GC-App
X-EdgeRouter
X-Allow-Redis
Cneonction
X-GC-Write
X-Varnish-Cookie-Debug
X-WorkerInstancename
User-Updated-At
ServerId
User-Id
X-ACCELERATE
Last-Published
ServerIP
Version
X-MobileDetected
X-Node-Name
X-Hrouter
X-Hstore
ServerConfigManager.WebBugTracker
X-Compressed-By
Tpt.Renderer1
Tpt.Renderer
Render
X-Confluence-Request-Time
X-Host-Url
X-WA-Info
X-Vivastreet-KiwiiPage
Sigma
Progma
WFE
X-Vivastreet
X-Client-IP
Pool
Ibm-Web2-Location
X-Catalyst
Pool-Info
Test
X-DB-Content-Length
X-Edge-Location
User-Cache-Control
X-MSEdge-Ref
Provider
Copyright
Content-Security-Policy-Report-Only
CP
X-SV
ExecuteNonQuerySQLParam
After
X-Symfony-Cache
Content
Before
X-LAvg
Accept-Language
Acdc-Web
X-Varnish-Restarts
X-Varnish-Debug-Pool-Recv
Backend-Host
X-Uplex
X-Varnish-Debug-Pool-Fetch
X-Hit
Ec
X-LB
IsFullSiteRequest
X-Flex-Lastmod
X-Hash
HCVer
X-Flex-Lang
X-Flex-Evstart
X-Server-Generated
X-ESI-Enable
X-FFX-B
X-Flex-Community
X-Flex-Evend
HAVer
X-Flex-Tag
X-Flex-Tags
X-T3Cache
X-Full-URL
Hamster
X-Cache-Backend
X-IP-Address
X-IDS-WS
X-Internal-IP
X-Magento-Action
X-Wix-Route-ID
X-Magento-Lifetime
X-ProcessESI
X-Oracle-DMS-ECID
Ozcache
NnCoection
Server-Optimized-By
X-RemovedCookies
Bs-Header
Xonnection
X-Seschat-URL
X-TTFB-L
X-CCM
X-Generation-Time
X-S-Misc
X-Trans-Id
X-TTFB
X-TTL-Age
X-Framework
X-NID
X-SeschatDID
X-Client-Addr
X-Benchmark-Cache
X-Mobile
X-Flow-Powered
X-Locale
X-BS
X-Benchmark-Sphinx-Count
X-Benchmark-Total
X-Benchmark-Sphinx
X-Benchmark-Db
X-JSON-API-LATENCY
X-Instart-Request-ID
X-Time-Microsecs
X-Time-Spent
X-Brought-To-You-By
X-TLServer
X-Hosting
X-Binarysec-Via
X-Timestamp
X-Hostingcenter
X-Revision
X-Nucleus-Cache
X-D-Time
X-SeschatTemplateID
X-DC-Origin-IP
X-PBY
X-SmugMug-Hiring
X-Country
X-UserAgent
X-PS-MURDOCK-ORIG-PROTOCOL
X-PS-MURDOCK-ORIG-FILEEXT
X-Do-Not-Hack
X-Unbounce-VisitorID
X-Powered-Developer
X-PS-MURDOCK-CASE-NORMALIZATION
X-Dokk-PortalId
X-Unbounce-PageId
X-SmugMug-Values
X-Config-By
X-Cluster-Host
X-Optimization
X-ELC-Checkpoint4
X-Client-Vid
X-Stackable-Node
X-EPiphany-Vid
X-CMS
X-Dynamic
X-Ratelimit
X-Page-Generation-Time
X-SeschatRedID
X-REDIRECTSERVER
X-Page-Generated-At
X-SeschatLayout
X-Unbounce-Variant
TP-L2-Cache
X-Webstats-RespID
DBG-Timestamp
Publisher
Redirect
Portlet.Expiration-Cache
Edgecast
F-In-Cache
ExecutionTime
X-Would-Your-GrandPa-Wait
DBG-TargetHost
DBG-HTTPHOST
Svr
B-Powered-By
Tempo
SV-Duration
Smug-Env
X-XHR-Current-Location
Server-N
X-Your-GrandPa-Would-Wait
Ngpass-All
Foglight-Request-UUID
Ibf5scheme
MageStack-Cache-Lifetime
MageStack-Cache-Status
MageStack-Cache-Hits
MageStack-Cache
If-Modified-Since
MachineName
MageStack-Area
MageStack-Cacheable
MageStack-Config
MageStack-Tag
MGIT
Mobiquo-Is-Login
MageStack-Response-Ttl
Hotelbookingid
MageStack-Debug
MageStack-Loadbalancer
MageStack-PageSpeed
Xc
Sid
X-App-Server
X-Author
POOL
X-SERVER-ID
X-Varnish-Set-Cookie
X-7d-Traceid
Tracker
X-Artvisual-Server
X-7d-Version
TP-Cache
X-7dig
X-Server-Node
Nitro-Cache
X-FCMS-Cache
INCOMING-TIME
Front-End-Https
Head
Fw-Via
X-App-Container
Servername
X-NginX-Cache
X-Purge-Url
X-NginX-Server
X-Middleton-PageSpeed
X-Mii-Cache-Hit
X-Mod-Oboe-PS
X-Req-Counter
X-Wm-1
X-Life
X-Server-IP
Initialhost
X-SATserver
X-Magnolia-Registration
X-Req-Host
X-Req-Url
X-Work-With-Me
X-Wm-VIP
Disaptch-Cache-Rule
IsMobile
CC-UP
CData
X-Planisys-CDN-Rules
AcceptLangage
Content-Cache
CACHED-RESPONSE
X-Planisys-CDN-Cache
XDisk
X-Pb-Mii
X-PHP-Cache
X-Snapsis-PageBlaster
X-Nocache
X-Site
X-Status
CountryCode
X-Nginx-Cache
X-NGINX-CACHED
X-ProxyInstancename
Description
Xforwardhost
X-MSU-SOURCE
X-NGINX-CACHED-AT
X-Provided-By
AC-ELC
D
X-Svr-Id
X-PoweredBy
X-Process-Time
97YES.COM
X-Gyrobase-Publication
X-Cluster-ID
W
X-V-Outer
X-V-TTL
WebDevSrc
X-Var-Hash
Www.Aujourdhui.Com
X-V-I-TTL
X-USERNAME
Keywords
SLB
SL-NOREWRITE-REDIRECTS
Time
X-Created
X-Continum-Server
X-Cookie-Store
X-Checkout
X-Varnish-Store
X-Varnish-Hit
X-ARR
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-AspNet-Browser-ID
X-ATP-Server
X-Backend-Status
X-Varnish-Esi-Method
X-Cache-Host
X-Cache-Key
X-ACLR-Version
X-AccessDev
X-AISO-Cache
X-AISO-Server
X-Cache-Via
X-Varnish-Max-Age
X-Device-Group
X-Url-Store
X-Fett
No-Cache
X-Forwarded-Proto
OGHopCount
OutputRewritten
X-Environment
X-Turpentine-Cache
X-Wikidot-Static-Cache
Modurl
X-Hc-Host
X-HOSTTYPE
X-WLD-LB
X-Varnish-Esi-Access
X-Gondor-Server
Modhost
Modcookie
PROPSON-FARM
X-Wikidot-Backend
X-DSMX-Render-MS
X-DSMX-Rewrite-MS
SBMCLOUD
X-WAP
Server-IP
X-Domino-CacheValidationWithETagReason
X-Domino-CacheValidationWithETagResult
X-Ec-Custom-Error
X-Turpentine-Esi
X-Edge-IP
ProxiaInstanceId
X-Varnish-Ttl
X-CACHE-TTL
X-VHOST
X-Upstream-Server
X-Xhr-Current-Location
X-TAG
X-Varnish-Hashed-On
X-Test
X-Varnish-Mode
Z-NginxStatus
X-T
X-View
X-V
X-VhostID
X-VG-WebCache
X-Src-Loadbalancer
X-Backend-Ip
X-Accel-Cache-Control
X-Amz-Version-Id
X-Answer
X-APP
Web-Head
V-Cache
Server-Ip
Srv-N
TIMESTAMP
UNIQUE-ID
X-Apublish-Id
X-ASPID
X-Caching-Rule-Id
X-CCC
X-Cdn-View
X-CID
X-Cached-From
X-Cache-Control
X-Aws-Ec2
X-B
X-Bcwwwid
X-BIN
S-Cnection
Rt-Proxy-Cache
BE
BrandBucket-Domain
Content-ID
Countrycode
B2C-F-008
AV1080
Access-Control-Allow-Method
Ap-Exec-Time-Mks
AppServer
Arr-Disable-Session-Affinity
DrivedBy
Esi-Enabled
Prama
Protected-By
Requested-Host
Robots
MwpReleaseVersion
Language
EWHSERVER
HGR-NOCACHE
Http
X-Client-Id
X-Cluster
X-Nginx-Pool
X-Nginx-UpstreamHost
X-NSPID
X-Obvious-Info
X-Nc
X-Medium-Entity-Type
X-IP
X-JG-Page-Cache
X-Libra-UpstreamHost
X-Medium-Entity-Id
X-Obvious-Tid
X-Ocache
X-RE-Ref
X-RequesterIP
X-RNDPAGE
X-RSS-CACHE-STATUS
X-Pixelsilk-Version
X-Pixelsilk-Server
X-Panel-Id
X-Panel-Name
X-Papaya-Cache
X-Papaya-Gzip
X-Instance
X-HW
X-Debug-Serve
X-Debug-Token
X-DELIVERYSERVER
X-DN-Cache-Control
X-D2id
X-Czt
X-CMS-Powered-By
X-CMS-Server
X-Cms-Server
X-Content-Parsed-By
X-Docuri
X-Dynatrace-Js-Agent
X-GitHub-Request-Id
X-GL-SRV
X-Header-Set-Id
X-Http-Host
X-GeoIP-Country
X-Frontal
X-ESI-Processing
X-FarmId
X-FRONT-TTL
X-SDE-Name