Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
Link
X-Pingback
X-Content-Type-Options
P3P
X-XSS-Protection
X-AspNet-Version
X-Frame-Options
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Strict-Transport-Security
Keep-Alive
X-Template
X-Check
X-Language
X-Varnish
Access-Control-Allow-Origin
X-Buckets
X-Cacheable
X-Generator
Content-Location
P3p
X-Drupal-Cache
X-Hacker
X-Ac
X-AspNetMvc-Version
X-Iinfo
X-Powered-By-Plesk
MS-Author-Via
X-Type
X-Pass-Why
X-Cache-Group
X-Request-ID
X-Runtime
WP-Super-Cache
Status
Ngpass-Ngall
X-Powered-CMS
X-UA-Device
Content-Security-Policy-Report-Only
Host-Header
Access-Control-Allow-Credentials
X-Cache-Hits
X-Request-Id
X-ShardId
X-Dc
X-ShopId
X-Alternate-Cache-Key
X-Mod-Pagespeed
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Via
X-Pad
X-Logged-In
X-Backend
Access-Control-Allow-Headers
X-Tumblr-Pixel-2
Access-Control-Allow-Methods
X-ServedBy
X-Host
X-ContextId
X-Server
X-Served-From-Cache
X-PC-Key
X-PC-Hit
X-Served-By
X-Cache-Hit
Content-Security-Policy
X-CDN
X-Port
X-Tumblr-Pixel-3
Powered-By
X-Robots-Tag
X-Xss-Protection
X-PC-AppVer
X-PC-Host
X-PC-Date
X-Cache-Lookup
X-Rack-Cache
X-FRAME-OPTIONS
MicrosoftOfficeWebServer
MicrosoftSharePointTeamServices
SPRequestGuid
X-SharePointHealthScore
X-Accel-Version
X-Varnish-Cache
X-Request-Country
X-Cache-Status
Upgrade
X-Safe-Firewall
X-MS-InvokeApp
X-Page-Speed
X-Amz-Cf-Id
X-Wix-Renderer-Server
X-Seen-By
Rating
X-Wix-Request-Id
X-Tumblr-Content-Rating
Content-Encoding
X-W-DC
X-XRDS-Location
X-Cnection
X-Turbo-Charged-By
X-AH-Environment
X-Tumblr-Pixel-4
X-FullPageCaching
CF-Cache-Status
X-Webserver
X-Content-Digest
X-INKT-SITE
X-PhApp
X-INKT-URI
X-GitHub-Request-Id
Composed-By
Request-Id
X-Content-Powered-By
X-Firenze-Processing-Times
X-Cache-Enabled
SPIisLatency
SPRequestDuration
Alternate-Protocol
Served-By
Public-Key-Pins
X-Proxy
X-Amz-Id-2
X-Amz-Request-Id
Liferay-Portal
Alt-Svc
X-Timer
Cf-Railgun
X-Spip-Cache
X-Proxy-Cache
X-Hyper-Cache
X-Backend-Time
X-Node
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
X-Styx-Version
X-Styx-Req-Id
X-Server-Name
Timing-Allow-Origin
X-Server-Powered-By
X-XN-Trace-Token
X-XN-XNHTML
X-CF-Powered-By
X-Tumblr-Pixel-5
Permitted-Cross-Domain-Policies
X-HeyJason
Access-Control-Expose-Headers
Charset
Content-Script-Type
Content-Style-Type
Access-Control-Max-Age
X-Content-Security-Policy
Content-MD5
X-Swift-SaveTime
X-Swift-CacheTime
EagleId
Refresh
X-CDN-Geo-IP
X-CDN-Geo
Access-Control-Allow-Method
X-FB-Debug
X-CDN-Any-IP
X-Hits
X-Clacks-Overhead
X-FW-Hash
X-Umbraco-Version
Public-Key-Pins-Report-Only
X-Fastly-Request-ID
X-Gateway
X-VWS-Id
X-LJ-Flow-ID
X-Beta
X-AWS-Id
X-Powered-By-360WZB
X-Permitted-Cross-Domain-Policies
X-Url
X-VCache
X-SERVER
X-Jimdo-Wid
X-Jimdo-Instance
X-Device
X-FW-Type
X-FW-Serve
X-FW-Static
X-DDC-Arch-Trace
X-Loop
Real-Hostname
X-Cached-By
X-Cache-Server
Cartoon
X-User-Agent
X-Generated-By
Grace
X-Backend-Server
X-TNCMS
X-Cache-Config
X-Cache-Result
X-Tumblr-Pixel-6
X-Outils-CS
X-DynaTrace-JS-Agent
X-Px
X-Cloud-Trace-Context
NS-RTIMER-COMPOSITE
X-Age
X-Cached
X-MiniProfiler-Ids
X-CMS-Version
PageSpeed
TCN
X-DynaTrace
X-Whom
X-Hostname
X-Drupal-Dynamic-Cache
Fpc-Cache-Id
Response
Fastly-Debug-Digest
Surrogate-Control
X-ServerName
Magicmarker
X-Middleton-Response
X-LiteSpeed-Cache
Display
X-Sol
X-WebKit-CSP
X-Middleton-Display
X-From
X-Xrds-Location
X-Msg-2-Log
Imagetoolbar
ServerName
X-Expires-Orig
X-Forwarded-For
Rt-Fastcgi-Cache
ServedBy
X-Handled-By
Product
X-Micro-Cache
X-AspNetWebPages-Version
X-Content-Options
Powered-By-ChinaCache
DynaTrace
IBM-Web2-Location
X-Cdn
X-Cache-Info
X-Download-Options
Page-Completion-Status
X-Country-Code
X-App-Hosting
X-Do-Not-Hack
X-Content-Encoded-By
X-TTL
Generator
X-Varnish-Host
X-Varnish-Cache-Hits
X-FORWARDED-FOR
X-Matrix-Proxy
X-Matrix-Server
Fhost
X-Hosted-By
X-ApacheServer
X-NetCat-Version
X-Firenze-Processing-Time
Proxy-Connection
X-Art-Request-Id
X-Cache-TTL
X-Returned-From-PostProcessResponse
X-Original-Request
X-Actual-URL
X-Passed-To
X-Passed-To-BeforeDispatch
X-Returned-From
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Server-ID
Access-Control-Request-Method
X-Varnish-Beresp-Ttl
X-Version
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Stale
X-Track
Edge-Control
Content-Hash
Surrogate-Keys
X-ATG-Version
MIME-Version
X-I
Content-Disposition
X-Cache-Rule
Ag-Send-Time
Powered
Ag-Execution-Time
Ag-Server-Time
X-URL
X-S
X-Varnish-Cacheable
X-Cache-Control-Orig
X-Varnish-Backend
X-Cache-Age
X-Abuse
X-Varnish-TTL
X-Ruxit-JS-Agent
X-CacheServer
X-PERF
Akamai-IP
X-Cache-Debug
X-I-Sp
X-BS
X-Microcachable
Node
X-Recruiting
Content-Encoding-Handler
X-NoCache
X-Gamma-Serve
Lsrequestid
X-VTEX-Cache-Status-Janus-ApiCache
X-VTEX-Janus-SO
X-Vtex-Remote-Cache
X-Powered-By-VTEX-Janus-ApiCache
X-UD-Method
X-VTEX-Janus-System
X-Developer
X-Vtex-Processado-Em:
X-Vtex-Processed-At
No
X-SDS
X-Powered-By-VTEX-Janus-Edge
X-ChromeLogger-Data
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-Edge
Front-End-Https
X-Daa-Tunnel
X-Location-Id
X-Duration
X-Director
Proxy-Agent
X-Platform
X-Varnish-Age
Retry-After
X-Route-Server
X-App-Status
Pics-Label
Content-Security-Policy-Rerport-Only
Webluker-Edge
X-Powered-By-Server
Host
CC-CACHE
X-Mobilized-By
X-FW
X-Speed-Cache
ServerID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-RESOURCE
X-URLSCHEME
Version
SN
X-Drectory-Script
X-Cache-Expires
X-Cache-Operation
X-PwB-Node
RTSS
X-DefendeR-Runtime
X-CJ-Soft
X-DefendeR-Status
X-Processed-By
X-Device-Type
X-Geo-IP
X-Speed-Cache-Key
X-Fastcgi-Cache
X-Trace
X-Revision
X-Front
X-Time
Req-Id
X-Cookie-Domain
X-Response-Time
X-Upstream
X-Microcache-Status
X-Libra-UpstreamHost
X-Translation
X-Cache-Lifetime
X-CDN-Node
X-Varnish-Hits
Cxy-All
X-GeoIP-Country-Code
X-GeoIP-Country-Name
X-CDN-Cache-Status
X-Varnish-Server
Buuteeq-Source
X-Vcap-Request-Id
NODE
X-Instart-Request-ID
X-Geo-IPV
X-Geo-IP-Country
X-Geo-IP-Region
X-Engine
X-Geo-IP-Metro
X-Source
X-Goog-Hash
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
X-DNS-Prefetch-Control
Location
X-Purge-Host
X-Akamai-Device-Characteristics
Ngpass-Vcall
Server-Info
X-Page-Cache
X-ARC
VAR-Cache
X-Client-IP
Fastcgi-Cache
COMMERCE-SERVER-SOFTWARE
X-Purge-URL
X-Cache-Tags
Last-Published
SID
Accept-Charset
X-Frontend
X-Akamai-Device-Model
Cache
Mobiquo-Is-Login
X-Magnolia-Registration
Qs-Cache
X-Request-Time
Accept-Encoding
X-ClientSide-Caching
X-Yadis-Location
X-N
X-Real-Server
X-Dispatch
X-ServerID
NetMindSessionID
Origin
Thanks
X-Varnish-Hostname
Lfy
X-Srv
PICS-Label
NtCoent-Length
X-ACMCache
AMF-Ver
Filter-Revision
X-Cache-Key
X-B-Cache
WSR-Cache
X-Platform-Processor
X-Server-Response-Time
X-Newrelic-App-Data
X-Varnish-Grace
X-Platform-Router
X-Framework
HAVer
HCVer
X-Grace
X-Provisioner-Version
X-Domain-Checked
X-Trace-Cache
X-Directory-Script
Server-Name
X-AOL-HN
X-SE-Debug
Sfy
A-Powered-By
Logging-CorrelationId
X-JG-Page-Cache
X-Nitra-Side
Srv
X-Origin-Id
X-Hypernode
X-Processing-Time
X-PF-Uncompressing
X-Varnish-RemainingTTL
IISExport
X-Varnish-Seen-By
X-Varnish-RemainingGrace
X-Discourse-Route
X-App
X-SV-Duration
X-SV-CreatedAt
X-SV-CacheTags
X-SV-Edge
X-SV-Expires
X-SV-Pid
X-SV-Nginx-Duration
X-Varnish-IP
X-SV-FromDBCache
LBVIS
X-FIRSTBase
X-Rocket-Nginx-Bypass
X-Server-Upstream
X-Ttl
X-Orig-Vary
X-Sucuri-ID
X-Blog
SVR
Cm-Server
X-Cache-Engine
Host-Service
X-Do-Esi
Id
X-Cookie
X-Mobile-URL
X-Bettercache-Proxy
X-TempDebug
X-Object-Id
X-Highwire-RequestId
X-Object-Type
X-SmartBan-Host
X-SmartBan-URL
X-Plat
X-Highwire-SessionId
X-Grid-Server
X-HOSTNAME
Frame-Options
CacheControlHeader
X-BackendServer
X-Flow-Powered
Cache-Key
X-Cache-Doesi
X-Distributed-By
X-Varnish-Debug-Age
X-StackifyID
X-Machine-Name
Content-Transfer-Encoding
X-Varnish-HitMiss
Vacache
Backend
X-Amz-Version-Id
SRV
LBC
X-Varnish-Count
X-Accel-Expires
X-NginX-Cache
X-Cocoon-Version
Nitro-Cache
X-Garden-Version
Smug-CDN
X-WR-Flags
X-Debug
X-Varnish-Ttl
X-AOL-SNH
X-TTFB-L
X-TTFB
X-Resolver-IP
X-SmugMug-Values
X-Storage
X-Yottaa-Metrics
X-Env
X-Prefetched
X-Sys-Req-ID
X-Yottaa-Optimizations
X-Secret
Author
X-SmugMug-Hiring
WWW-Authenticate
X-Nhost
X-Ob-Mode
X-NFE
X-Obvious-Info
X-Obvious-Tid
X-Platform-Cache
X-Nurl
X-App-Server
Tk
SSPAppContext
X-Session-Reinit
Allow
X-XTM-Node
Keywords
X-Config-By
W
S
X-Nginx-Cache
X-NginX-Server
X-Source-ID
X-UPSTREAM
Set-Cookie2
X-Real-IP
X-WA-Info
X-Src-Webcache
Nodo
X-Analytics
X-Distributor
Cneonction
X-NB-Cached-Page
Backend-Timing
X-IsCacheURL
X-Content-Age
X-EPiphany-Vid
X-Client-Vid
Hamster
X-Symfony-Cache
X-Uid
X-HostName
X-Cache-Control
X-Req-Host
Front
XDomainRequestAllowed
X-Varnish-Debug-TTL
Beyond-Iis
X-APP
X-Adobe-Content
X-LW-Web-Server
X-Balanceador
X-Info
X-Adobe-Loc
X-PHP-Engine
X-Force
X-Edge-Location
X-TN-ServedBy
X-PRAM
X-Varnish-Action
X-WP
X-Amz-Storage-Class
X-Smartcache-Timeout
X-Smartcache-Keys
X-Full-URL
X-Varnish-Esi-Method
X-W3TC-Minify
X-Varnish-Esi-Access
X-Middleton-PageSpeed
Ibf5scheme
X-Unbounce-Variant
X-Unbounce-PageId
X-Server-Instance
X-Gannett-Site-Version
X-Nginx-Host
X-ID
X-Phpwcms-Page-Processed-In
Description
X-Content-Security-Policy-Report-Only
X-Phpwcms-Release
ServerIP
P-WS
P-LB
Y-Trace
X-Cache-On
BALANCEDTO
X-Hosts-Backend
X-Captured
X-Unbounce-VisitorID
WP-AdvCache-MemCached
NLCacheNote
X-Empowered-By
ORIGIN
X-Varnish-Currency
X-Varnish-Store
X-Rack-Cors
X-Origin
X-Pagename
X-BC-Stapler
X-Connection-Hash
X-Optimization
X-Twitter-Response-Tags
X-Transaction
X-Hit-Cache
X-Avvio-Cms-Cacheload
X-DTC
X-Wix-Route-ID
X-V
X-N-ViewType
Sid
X-MrHost
OT-RequestId
Cache-Rule
X-AISO-Cache
Prxy
Ksid
X-Id
X-SV
ServerSignature
ServerTokens
X-Node-Name
X-Medium-Entity-Id
X-AISO-Server
X-AISO-Cacheable
X-Medium-Entity-Type
X-Atraveo-Varnish-Server-Id
X-Atraveo-Zone
X-DOM
X-Atraveo-TTL
X-Atraveo-Set-Cookie
X-Jphone-Copyright
Cached
X-CB-Server
X-Vary-Options
CLMOB
X-Atraveo-Expires
X-ORACLE-DMS-ECID
X-LB
X-Atraveo-Param-Rm
X-Atraveo-Cache-Control
X-Atraveo-From-Varnish-Cache
X-Atraveo-ETag
SBGI-5
SBGI-RenderTime
SBGI-10
SBGI-7
X-Cache-PageType
X-SDE-Name
X-Cache-Set
X-Cache-Fix
SBGI-1
RATING
MW-Webserver
Warning
SBGI-Device
Bios
SBGI-RealPath
X-Tile-Url
SBGI-9
X-Browser
X-AWS
X-HW
X-Timing
X-Response
Myheader
X-Unique-ID
X-T3CacheTags
F5-IpCliente
Gzip
X-4ormat-Cacheable
ClientIP
Sophnep-Edge-FX
X-REDIRECTSERVER
X-AbeBooks-Version
X-Response-Status
Open.Jobgate.Se
X-NginX-Cache-Status
P3P:CP
X-NginX-Upstream-Addr
X-NginX-Node
Real-Server
X-Server-Id
Jobb.Assistentpoolen.Se
X-Detected-Device
X-Wikidot-Static-Cache
X-Wikidot-Backend
Jobb.Passal.Se
Jobb.Gil.Se
X-NginX-Upstream-Response-Time
Test.Executivepeople.Se
X-HeBS-Cache-Status
X-FFX-B
X-Oracle-DMS-ECID
X-Old-Content-Length
X-T3Cache
X-Vhost-ID
X-ESI-Enable
X-ASAP-Cache
Www.Mirrorgate.Se
Www.Mabracertifiering.Se
X-NginX-Upstream-Status
Www.Myjob.Se
X-Clara-ASAP
X-CCM
X-T3CacheInfo
N365rili
X-Edge-IP
X-Dev
TP-L2-Cache
X-Turpentine-Esi
X-Cms-Mode
X-Varnish-Set-Cookie
From
X-Turpentine-Cache
Worker
X-Expires
TP-Cache
Pool-Info
X-Artvisual-Server
X-DealerOn
X-LB-Server
X-VC-TTL
X-Healthy
X-CacheResult
X-Trace-Id
INCOMING-TIME
X-Varnish-Instance
X-Amz-Id-1
X-Cache-Keep
X-LiteSpeed-Cache-Control
X-Cache-TTL-Remaining
X-BKSrc
Cmsid
X-T
X-Ocache
X-B
Cmstype
X-Time-Spent
X-FreeTag-Count
VC-NoCache
SS
ScoreTracker
Machine
Cluster-ID
X-Supported-By
X-Rewritten-By
CpuTime
Pool
X-DSMX-Rewrite-MS
Backend-Name-Original
X-Author
X-Full-Url
X-DSMX-Render-MS
X-Cache-Original-TTL
X-ATM-RTime
Section-Io-Id
X-CDN-Pop
Head
X-Invoke-Duration
X-MAT-GEO
X-Desc
X-Test
X-Forwarded-Proto
If-Modified-Since
X-CDN-Pop-IP
X-Web
X-Trace-App
X-Actindo-RS
X-Channel-Maxage
Paypal-Debug-Id
Cache-By-Node
X-Server-Instance-Name
X-ManagedFusion-Rewriter-Version
No-Cache
Web
X-Block
X-Server-Generated
X-Cache-CFC
CT
Hash
X-WR-MODIFICATION
X-GSL-Server
Surrogate-Key
X-Magento-Action
X-Webstats-RespID
X-Apm-Telemetry-Syncmark
X-BC
Og
X-Powered-By-Anquanbao
X-IP
SiteName
X-Esi
X-SERVER-ID
X-Site:
Ec
X-Pagely-Cache
Sss
Fpc-Expire
X-ATM-RServer
X-Worker
X-Varnish-URL
X-RateLimit-Remaining
X-Airee-Node
X-SeschatLayout
X-SeschatDID
X-SeschatRedID
X-Server-Addr
X-Header
NZSpeedy
X-Seschat-URL
X-SRV
X-Cache-Node
X-NewRelic-App-Data
Web-Server
Fastly-Backend-Name
Hosted-By
X-Stage
S-Cnection
X-SeschatTemplateID
Device
X-Application-Context
X-This-Proto
Ram
X-Cluster-Node
X-7d-Trace-Id
Noq
Content-Instance
X-Server-IP
X-7d-Instance-Id
X-DPWN-IS-SECURE
B-Powered-By
Aurora-Node
X-Node-Id
X-Key
X-Instance
X-Highwire-Sitecode
X-PHP
XX
X-Span
X-RequesterIP
Fw-Via
X-F-Cache
IM-Version
X-CCC
X-EZPublish-NodeID
X-PHP-Response-Code
X-WorkerInstancename
X-Ec-Custom-Error
SB-Cache-Life
X-Client-Addr
SB-Cache-Remaining
SB-Site-Device
X-B2f-Not-Route
Cpu
X-Rq
Language
Il-Cl
CmsCacheEngine
RequestTrackId
X-OCTOPOD
Server-IP
RN-Server
Imx-Cookies-Used
X-CID
X-IP-Address
X-Lima-Id
X-HP-Trace-ID
X-LW-T
X-EZPublish-InstallationID
X-NWS-LOG-UUID
MIH-PUBLIC-IDENTIFIER
X-HP-Trace-Project
X-IDS-WS
X-Pressidium-NinukisWP-Ver
X-Runtime-Memory
X-AG-MIPS
X-Enhanced-By
X-FCMS-Cache
Xc
X-Is-Mobile
AGI-Request-ID
Akamai-Edgescape
X-Ghost-Cache-Status
X-CO-Host
PServer
GenSvr
X-Cache-Action
X-Backside-Transport
X-Frames-Options
X-GeoIP
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Level
Ews
X-Restarts
X-Process-Time
X-Powered-By-Home.Pl
MIH-PLATFORM
MIH-CLIENT-FARM
X-Varnish-Error-Restart
X-Cache-Ttl
X-Varnish-Backend-Healthy
X-GC-App
X-Xhr-Current-Location
X-HAProxy
X-RealServer
Robots
X-Venda-Hitid
X-RSS-CACHE-STATUS
Access-Control-Request-Headers
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Provider
Kanooh-Host
WFE
X-Capoed
X-GC-Write
X-GC-Read
X-Expose-Site
X-Expose-Took
X-Expose-Hostname
X-Expose-Generated
X-GC-Pointer
X-JSESSIONID
Mime-Version
Thinkindot-Control
X-Dispatcher
X-Tradeindia-Request-GUID
X-Tradeindia-SMgmt
X-ProxyInstancename
X-Webkit-CSP
NnCoection
Copyright
MachineName
Expire
Dispatcher
Http
X-E
DNNOutputCache
X-A
Resin-Trace
Max-Age
X-Cache-Extended
X-Box
Cache-Cookie-Set-Index-Page
Session-Id
Server-ID
X-Serendipity-InterfaceLang
X-HP-CAM-COLOR
X-Powered-Developer
X-HTML-Minification-Powered-By
X-Serendipity-InterfaceLangSource
X-ServedByHost
Count-Click-Attempt2
DB-Nickname
D
BlockPHPCallEnd
RouteID
X-RiS-UFDI
X-Router
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Redirect
Note
XDisk
X-Webapp
X-Router-Backend
X-Frame-Option
X-Status
X-FarmId
X-UseReverse-Proxy
Mto-License-Status
X-Hosting-Env
X-Goog-Generation
X-Ct-Info
X-Catalyst
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-HITS
X-FastCGI-Cache
X-Backend-Ip
X-ASAP-Age
X-Compressed-By
X-Esi-Processing
X-Signature
X-Hiawatha-Cache
X-GUploader-UploadID
X-PBY
BDPAGETYPE
X-Perf
BDQID
BDUSERID
X-Appmachine-Environment
Beid
PowerCDN
Cdate
X-ACCELERATE
X-Protected-By
X-Cluster-Host
Servername
Ttl
Access-Control-Allow-Orgin
Stats-Rendering
Stats-HtmlMinAndCss
X-GRACE
X-Fallback
X-EntryPoint
X-Fpc
X-IIJ-Cache
X-RemovedCookies
X-ProcessESI
X-COUNTRY-CODE
X-Application
X-Wm-VIP
X-Wm-1
AsisCache
Debug-Status
User-Cache-Control
Encoding
X-Render-Time
X-Request-Count
X-Panel-Id
X-GETTER-Cache
X-Panel-Name
Expiries
Stats-API
Powered-By-VeryCDN
X-ETag
From-Origin
X-Static-Version
X-SID
Accept-Language
MtcHosted
X-Trans-Id
X-Timestamp
X-Remote-Addr
X-Fedora-School-Id
X-Max-Age
X-IB-Timestamp
X-Mii-Cache-Hit
X-Nginx
X-Obr-Rule
X-NID
X-IB-Site-Name
X-IB-Context-Urn
X-Flex-Tag
X-Flex-Lastmod
X-Flex-Tags
X-IB-Content-Type
X-IB-Content-Urn
X-Origin-Cache
X-Pb-Mii
Be-Ip
Be
Be-Va
Countrycode
DeleGate-Ver
X-WLD-LB
Disablevcache
X-Web-Node
X-Purge-Level
X-Pj-Cache-Status
MSThemeCompatible
MSSmartTagsPreventParsing
X-We-Are-Hiring
X-Flex-Lang
X-Flex-Evstart
X-Meta-MSThemeCompatible
Apache
BM-Cache-Key
BM-Cache-Node
X-Meta-MSSmartTagsPreventParsing
BM-Cache-Status
MwpReleaseVersion
Railo-Version
X-Zendesk-Origin-Server
X-ESI
X-Zendesk-User-Id
X-Kinsta-Cache
X-Gondor-Server
X-Meta-Imagetoolbar
X-Your-GrandPa-Would-Wait
X-Dynamic-Cache
X-Device-Group
X-Environment
X-Flex-Community
X-Flex-Evend
X-Lb-Server
X-ATP-Server
Server-Optimized-By
RequestId
V-Age
Www.Aujourdhui.Com
X-Ar-Debug
HostGen
OutputRewritten
X-OPNET-Transaction-Trace
X-MobileDetected
X-Varnish-Restarts
X-Say-Cacheable
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Martin
X-Hstore
X-Gyrobase-Publication
X-Global-Transaction-ID
X-Would-Your-GrandPa-Wait
X-Hosting
X-Hrouter
X-Say-Original-IP
X-Say-Original-UA
X-TTL-Age
X-SayCDN-UA
X-Uplex
X-Varnish-Debug-Pool-Fetch
X-Varnish-Debug-Pool-Recv
X-SayCDN-TTL
X-SayCDN-Original-UA
X-Say-Original-URL
X-Say-TTL
X-SayCDN-Original-Host
X-SayCDN-Original-Path
X-ENV
X-Say-Original-Host
X-DN-Cache-Control
X-Brought-To-You-By
X-Does-He-Have-Time
X-Domino-CacheValidationWithETagReason
X-Domino-CacheValidationWithETagResult
X-Beatles-Hits
X-MCF-ID
IsMobile
User-Agent
WP-Cache
X-AccessDev
X-Dynamic
X-Batcache
X-EC2-Instance-Id
X-EdgeRouter
X-Client-Ip
X-Dynatrace
Instapage-Variant
HOST-SERVICE
X-Rot
X-Site-Name
X-Session-ID
X-Rack-CORS
X-DDM-SERVER-UPDATED
X-Country
X-Jcms-Ajax-Id
X-Provided-By
X-Sov
X-UA-Vendor
MageStack-Cache-Status
ReqUrl
X-BCube-Filmed-By
NS-VaryByCustom-Key
X-Aicache-OS
X-BE
X-DDM-SERVER
MageStack-Cacheable
X-SuperCache
X-ACLR-Version
X-Pixelsilk-Version
X-Pj-Cache-Key
X-Route
X-Server-By
X-Pixelsilk-Server
X-NewCloud-V-Cache
X-PM-ID
CDN-Region
X-Backend-TTL
X-Server-Ip
X-SilverStripe-Cache
Web-Head
Server-Version
X-Cachable
Uitdaging
MageStack-Config
MageStack-Debug
CommunityServer
Is-Cached
X-Cache-Via
X-M
TotalTime
URI
X-DistilledODN-Id
X-MOBILE
Bs-Header
MageStack-Cache
MageStack-Loadbalancer
X-Debug-Token
X-Search-Id
MageStack-Area
X-USERNAME
X-RAMCache
X-Cache-Backend
X-Recruitment-Address
X-Varnish-Hashed-On
X-Bcwwwid
CtExclusions
NKBVHEADER
X-Proto
MageStack-Cache-Hits
MageStack-Cache-Lifetime
AC-ELC
SL-NOREWRITE-REDIRECTS
X-OneLinkProcessing
X-OneLinkHost
X-Obj-Ttl
X-JV
X-LOCATION
X-Machine
X-DataDome
X-WEBFRONT
X-WebNode
SBMCLOUD
X-Varnish-ServiceNetIP
X-PageType
X-OneLinkTook
X-OneLinkServiceType
X-Hit
X-Request-Uri
X-Beresp-Ttl
X-HOSTTYPE
Tracker
UniqueName
X-AppServer-Cache-Rule
X-AppServer-Status
Orgin-Server
Device-Type
Apple-Itunes-App
Clientip
Content-Cache
X-ClusterID
X-Device-Class
X-9XB-Server
X-CPU-Time
X-NMT-Proxy
WebServer
RVBD-CSH:
X-Nginx-Backend
X-Allow-Redis
XServer
X-Content-Type
X-VG-WebCache
X-KS-Cache-Status
X-Service-Location
X-OpenCart-Lightning
DPOOL-HEADER
NodeId
X-Batcache-Reason
SERVER-IP
Cteonnt-Length
X-Orig-Host
Hostname
Requested-Host
X-BeResp-Ttl
X-LS-DEBUG
Pw-Value
X-Cache-Type
X-Cluster
SINA-LB
SINA-TS
X-Nginx-Request-Time
X-TNCMS-Bot-Tier
OriginServer
X-B3-Traceid
MageStack-Web-Node
X-Request-Processing-Time
X-Request-Received
X-Pardot-Rsp
X-Pardot-Route
X-Nosy-Parker
X-Op
X-Pardot-LB
X-UUID
At-Isb
X-Backend-Name
MageStack-PageSpeed
X-Debug-Serve
MageStack-Tag
Url-Hash
At-Shoptype
Atp-Isdpp
SLB
X-Lookup-Mode
X-Sn-Servicetimems
X-EdgeConnect-Origin-MEX-Latency
X-Document-Tracking-Type
X-Ec2-Vpc
X-Hiring
X-EdgeConnect-MidMile-RTT
X-PressLabs-Stats
X-SCProxy
X-Sc-Path
X-Sc-Cache
X-Litespeed-Cache-Control
X-Document-Path
X-DELIVERYSERVER
X-Ants-Machine-Id
X-Ants-Host
X-Document-Folder-Guid
X-Document-Guid
X-Built-By
X-Cached-Status
X-Document-Guid-Path
X-Geo