Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
Link
X-Pingback
P3P
X-Content-Type-Options
X-AspNet-Version
X-XSS-Protection
X-Cache
X-Frame-Options
Content-Language
Age
X-UA-Compatible
X-Adblock-Key
CF-RAY
Via
Keep-Alive
X-Template
X-Language
X-Check
X-Varnish
X-Cacheable
X-Buckets
Access-Control-Allow-Origin
Content-Location
Strict-Transport-Security
X-Generator
X-Drupal-Cache
Status
X-Ac
X-Hacker
X-AspNetMvc-Version
X-Powered-By-Plesk
MS-Author-Via
X-Request-Id
WP-Super-Cache
X-Runtime
X-Geo
X-Geo-Port
X-Type
X-Cache-Group
X-Pass-Why
X-Powered-CMS
X-Pad
X-Mod-Pagespeed
Ngpass-Ngall
P3p
Access-Control-Allow-Credentials
X-Cache-Hits
X-UA-Device
Host-Header
X-Logged-In
X-Iinfo
X-Host
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
Content-Security-Policy-Report-Only
X-Via
X-Backend
X-Tumblr-Pixel-1
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Dc
Access-Control-Allow-Headers
MicrosoftOfficeWebServer
X-Server
Access-Control-Allow-Methods
X-Tumblr-Pixel-2
X-ServedBy
X-Served-By
X-CDN
X-ContextId
X-Cache-Lookup
X-Cache-Hit
MicrosoftSharePointTeamServices
X-Rack-Cache
X-PC-Hit
X-PC-Key
X-Request-Country
X-Port
X-Robots-Tag
SPRequestGuid
X-SharePointHealthScore
X-PC-Host
X-PC-Date
X-PC-AppVer
X-BC-Is-HA
Content-Encoding
X-Accel-Version
X-Varnish-Cache
X-FRAME-OPTIONS
X-XRDS-Location
X-Tumblr-Pixel-3
X-MS-InvokeApp
X-Page-Speed
X-Safe-Firewall
Powered-By
X-Cnection
X-Webserver
X-Request-ID
X-Amz-Cf-Id
X-Ua-Compatible
X-PhApp
X-INKT-SITE
X-INKT-URI
X-FullPageCaching
Content-Security-Policy
Composed-By
X-AH-Environment
X-W-DC
X-Seen-By
X-Wix-Renderer-Server
X-Wix-Request-Id
Served-By
X-Served-From-Cache
X-Turbo-Charged-By
X-Timer
X-Firenze-Processing-Times
X-Cache-Status
CF-Cache-Status
X-GitHub-Request-Id
Rating
Request-Id
X-Content-Digest
X-SERVER
Liferay-Portal
SPIisLatency
SPRequestDuration
X-Tumblr-Content-Rating
X-Spip-Cache
X-Node
Public-Key-Pins
X-Tumblr-Pixel-4
X-Styx-Build-Num
X-Styx-Version
X-Styx-Req-Id
X-Styx-Build-Date
X-Styx-Build-Sha
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
X-Amz-Id-2
X-CF-Powered-By
X-XN-Trace-Token
X-XN-XNHTML
X-Amz-Request-Id
X-Cache-Enabled
X-Hyper-Cache
Cf-Railgun
X-Server-Name
Cartoon
Content-Script-Type
Permitted-Cross-Domain-Policies
X-HeyJason
Content-Style-Type
X-Cache-Info
Refresh
X-Powered-By-360WZB
X-Proxy-Cache
X-Umbraco-Version
X-Clacks-Overhead
X-FB-Debug
X-Cached-By
Alternate-Protocol
Timing-Allow-Origin
X-CDN-Any-IP
X-CDN-Geo
X-CDN-Geo-IP
Public-Key-Pins-Report-Only
X-Device
X-VCache
Charset
Real-Hostname
X-TN-ServedBy
X-Cache-Server
X-Tumblr-Pixel-5
X-PHP-Engine
X-Loop
X-Cache-Result
X-Url
X-Microcachable
X-Outils-CS
X-Cached
X-FW-Hash
X-Age
X-FW-Serve
NS-RTIMER-COMPOSITE
X-FW-Type
X-FW-Static
X-DynaTrace-JS-Agent
X-TNCMS
X-PersistenceNode
X-Px
X-Hostname
X-Generated-By
X-Fastly-Request-ID
X-Hits
TCN
X-Permitted-Cross-Domain-Policies
X-Swift-SaveTime
EagleId
Proxy-Connection
X-Swift-CacheTime
Alt-Svc
X-Jimdo-Pid
X-Jimdo-Wid
Magicmarker
X-User-Agent
Access-Control-Max-Age
X-DynaTrace
X-DDC-Arch-Trace
X-Backend-Server
Response
X-CMS-Version
X-Cache-Config
Grace
X-Content-Security-Policy
X-From
X-Whom
Content-MD5
X-Content-Encoded-By
X-Sol
X-Middleton-Response
Display
X-Middleton-Display
X-FORWARDED-FOR
X-Content-Options
Page-Completion-Status
X-Micro-Cache
Product
X-MiniProfiler-Ids
Imagetoolbar
X-Msg-2-Log
Generator
X-Matrix-Server
X-Handled-By
Powered-By-ChinaCache
X-Forwarded-For
X-Matrix-Proxy
X-Tumblr-Pixel-6
Surrogate-Control
ServedBy
X-Mobilized-By
IBM-Web2-Location
X-ARC
X-Version
X-AspNetWebPages-Version
X-Expires-Orig
X-Beta
X-VWS-Id
X-Gateway
X-LJ-Flow-ID
X-AWS-Id
Fastly-Debug-Digest
X-App-Hosting
X-Firenze-Processing-Time
X-Country-Code
X-Varnish-Backend
X-URL
Fpc-Cache-Id
X-Original-Request
X-Actual-URL
DynaTrace
X-Returned-From
X-Returned-From-DLL
X-Passed-To
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-LiteSpeed-Cache
X-Varnish-Host
Node
X-I
Upgrade
Access-Control-Request-Method
X-Varnish-TTL
X-ApacheServer
Cxy-All
CC-CACHE
X-Stale
Rt-Fastcgi-Cache
PageSpeed
X-Director
Proxy-Agent
X-UD-Method
Content-Encoding-Handler
X-ATG-Version
X-Hosted-By
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Retry-After
Lsrequestid
X-Processed-By
Ngpass-Vcall
Fhost
X-Instart-Request-ID
Pics-Label
X-Srv
X-Duration
X-Track
X-WebKit-CSP
X-Nitra-Side
Thanks
RTSS
X-NoCache
X-Varnish-Age
SID
X-PERF
Content-Disposition
X-Time
X-Cache-CFC
X-Cache-Rule
X-ServerName
VAR-Cache
X-Varnish-Hits
X-Cache-Debug
MIME-Version
X-SDS
X-Server-ID
Akamai-IP
ServerID
SN
Host
X-Cache-TTL
ServerName
Powered
X-Cache-Expires
X-CacheServer
S
X-TTL
X-Cookie-Domain
X-Varnish-Cacheable
X-S
X-Varnish-Cache-Hits
X-DNS-Prefetch-Control
X-PwB-Node
Access-Control-Expose-Headers
X-Ttl
X-Location-Id
NODE
X-CJ-Soft
X-Upstream
X-Xrds-Location
X-Art-Request-Id
X-Powered-By-Anquanbao
X-FW
Location
X-PF-Uncompressing
X-Speed-Cache
X-Front
X-Drectory-Script
Server-Info
X-Cache-Control-Orig
Server-Name
X-BackEnd
X-Powered-By-Server
X-Purge-Host
Buuteeq-Source
X-Amz-Meta-S3cmd-Attrs
X-Vtex-Processed-At
X-Vtex-Processado-Em:
X-VTEX-Cache-Status-Janus-ApiCache
X-FIRSTBase
X-Powered-By-VTEX-Janus-ApiCache
IISExport
X-Powered-By-VTEX-Janus-Router
No
X-VTEX-Cache-Status-Janus-Edge
X-Vtex-Remote-Cache
Cache
Accept-Encoding
X-Powered-By-VTEX-Janus-Edge
X-VTEX-Janus-Router-Backend-App
X-GeoIP-Country-Name
X-Varnish-IP
X-GeoIP-Country-Code
X-I-Sp
X-BS
BDPAGETYPE
X-Distil-CS
X-Speed-Cache-Key
Edge-Control
BDQID
X-Varnish-Hostname
COMMERCE-SERVER-SOFTWARE
WWW-Authenticate
BDUSERID
X-ServerID
X-Geo-IP
X-App-Status
X-Cache-Age
X-Purge-URL
Accept-Charset
X-Route-Server
X-Vary-Options
Webluker-Edge
X-Cache-Operation
X-Response-Time
X-Cache-Tags
X-Do-Not-Hack
X-VARNISH-Cache
X-App
X-Origin
X-Translation
X-Device-Type
Filter-Revision
X-Trace
X-Microcache-Status
X-Recruiting
Cm-Server
X-Yadis-Location
X-Do-Esi
Id
X-Symfony-Cache
X-Trace-Cache
X-Goog-Hash
A-Powered-By
X-Geo-IPV
X-Geo-IP-Metro
X-Geo-IP-Region
X-Geo-IP-Country
X-Blog
X-Sharepointhealthscore
Sprequestguid
X-Client-IP
Host-Service
X-Daa-Tunnel
Srv
X-ACMCache
NtCoent-Length
X-Session-Reinit
Backend
X-Developer
X-Empowered-By
X-Gamma-Serve
X-Provisioner-Version
X-BackendServer
AMF-Ver
X-Domain-Checked
X-Secret
X-Directory-Script
Front-End-Https
Arr-Disable-Session-Affinity
Sfy
Qs-Cache
Lfy
X-ClientSide-Caching
MJ12bot
Cache-By-Node
SEOMOZ
X-CDN-Cache-Status
X-CDN-Node
Content-Hash
X-Highwire-RequestId
X-Magnolia-Registration
X-Loc
PICS-Label
X-Highwire-SessionId
X-SmartBan-Host
Origin
X-Frontend
X-SmartBan-URL
X-N
NetMindSessionID
Last-Published
Version
X-Orig-Vary
LBVIS
X-Adobe-Loc
X-Libra-UpstreamHost
X-Adobe-Content
Frame-Options
Content-Transfer-Encoding
X-Cocoon-Version
Req-Id
X-Download-Options
X-Real-Server
X-Amz-Version-Id
X-UPSTREAM
X-Zephyr
X-Ms-Invokeapp
X-DefendeR-Status
X-Fastcgi-Cache
X-Src-Webcache
X-Varnish-Server
X-DefendeR-Runtime
Mobiquo-Is-Login
X-Edge-Location
S-Cnection
X-Varnish-HitMiss
X-TempDebug
X-Varnish-Count
CT
Nodo
X-Grace
BM-Cache-Node
X-WA-Info
X-Engine
BM-Cache-Key
X-Sys-Req-ID
X-ID
X-Bettercache-Proxy
CacheControlHeader
X-Yottaa-Metrics
X-SE-Debug
X-Yottaa-Optimizations
X-W3TC-Minify
X-Object-Type
Pool-Info
X-SCProxy
X-Amz-Storage-Class
X-Object-Id
X-Server-Id
X-Old-Content-Length
X-Gannett-Site-Version
Author
X-Cache-Lifetime
X-Resolver-IP
X-ServerCache-Info
X-WR-Flags
Fastcgi-Cache
X-Distributed-By
MW-Webserver
BM-Cache-Status
X-Atraveo-Varnish-Server-Id
X-Atraveo-Zone
X-Cf-Requestid
Mime-Version
X-B2f-Cache-Load
X-Distributor
X-Atraveo-Param-Rm
X-Atraveo-TTL
X-Atraveo-Cache-Control
X-Drupal-Dynamic-Cache
X-Who
X-Cache-Control
X-Atraveo-ETag
X-Atraveo-Set-Cookie
X-JG-Page-Cache
X-Atraveo-From-Varnish-Cache
X-Atraveo-Expires
X-Garden-Version
X-PRAM
X-Origin-Id
X-Source-ID
X-Req-Host
X-Force
SS
RlogId
Cneonction
Beyond-Iis
X-ORACLE-DMS-ECID
X-Expires
X-Revision
X-EBAY-C-REQUEST-ID
X-Uid
X-TTFB-L
X-SmugMug-Values
X-TTFB
X-Abuse
W
X-Storage
SiteName
X-Debug
X-Stage
X-Amz-Id-1
X-Env
XDomainRequestAllowed
X-Id
ORIGIN
WP-AdvCache-MemCached
X-AOL-SNH
X-Prefetched
X-SmugMug-Hiring
RATING
Smug-CDN
X-NginX-Server
LBC
X-NginX-Cache
X-Grid-Server
Ec
X-Plat
X-Varnish-Debug-Age
Sophnep-Edge-FX
X-GeoIP
Hamster
X-FreeTag-Count
X-Server-Instance
X-Varnish-Action
X-Content-Age
SVR
X-Full-URL
No-Cache
X-PBY
Spiislatency
X-Detected-Device
Sprequestduration
X-XTM-Node
X-Machine-Name
X-Cache-Set
NnCoection
SRV
X-APP
X-Nginx-Host
X-Cache-Action
BrandBucket-Domain
X-SERVER-ID
X-Hit-Cache
X-Pagename
X-Middleton-PageSpeed
WFE
HCVer
X-Info
HAVer
X-AWS
X-Dev
X-Cache-On
Set-Cookie2
X-Nurl
X-NFE
X-Phpwcms-Page-Processed-In
X-Phpwcms-Release
X-Bcwwwid
X-SV
X-Varnish-ID
Nitro-Cache
X-HOSTNAME
Vacache
Machine
X-Nhost
X-REDIRECTSERVER
X-Unbounce-PageId
NLCacheNote
Apache
X-Unbounce-Variant
X-NetCat-Version
X-Unbounce-VisitorID
X-Rewritten-By
X-Airee-Node
X-ManagedFusion-Rewriter-Version
X-ChromeLogger-Data
Keywords
X-Remote-Addr
Encoding
PROPSON-FARM
X-AIA-Log
TP-L2-Cache
X-CID
FROM-SERVER
-GCR
Ksid
Y-Trace
TP-Cache
X-CacheTTL
X-ACCELERATE
X-CCC
X-Cache-Ttl
Edgecast
B-Powered-By
X-Site:
Jobb.Passal.Se
Cache-Ctrol
X-Varnish-Debug-TTL
Cache-Id
X-T3CacheTags
X-Webstats-RespID
X-N-ViewType
Www.Mirrorgate.Se
Www.Myjob.Se
X-BLSR-COST
X-T3Cache
X-HostName
X-EPiLogOnScreen-PostUrl
X-ServerIndex
X-Varnish-Device
X-EPiLogOnScreen
X-SSL
Pool
SIP
X-B2f-Not-Route
BM-CountryCode
Www.Mabracertifiering.Se
X-J-Proxy-Servername
X-Max-Age
X-DPWN-IS-SECURE
X-Built-By
X-Cms-Mode
X-Edge-IP
X-J-Proxy
X-J-Proxy-Hostname
Worker
Cache-Rule
Jobb.Assistentpoolen.Se
P3P:CP
Test.Executivepeople.Se
BALANCEDTO
OT-RequestId
Open.Jobgate.Se
Jobb.Gil.Se
X-Jphone-Copyright
X-Rack-Cors
X-DTC
Description
X-Transaction
X-Twitter-Response-Tags
Fastly-Backend-Name
From
X-Frames-Options
X-Connection-Hash
X-SDE-Name
X-Client-Vid
X-EPiphany-Vid
Accept-Language
X-SRV
X-Render-Time
X-GC-Pointer
X-GC-App
X-Venda-Hitid
X-Actindo-RS
MIH-PUBLIC-IDENTIFIER
X-GC-Read
X-GC-Write
X-Real-IP
X-Server-Node
MIH-CLIENT-FARM
CommunityServer
X-Invoke-Duration
MIH-PLATFORM
Cluster-ID
X-Optimization
X-Ruxit-JS-Agent
X-Page-Cache
CtExclusions
X-Powered-Developer
X-Trace-App
X-Hash
X-Dispatch
ScoreTracker
SSPAppContext
X-Block
X-Cache-Engine
X-Ar-Debug
X-Channel-Maxage
Disablevcache
Backend-Name-Original
X-Farm-Server
X-MrHost
X-Key
X-Author
Ibf5scheme
X-DSMX-Render-MS
X-Span
BM-Cache-Bypass
X-DSMX-Rewrite-MS
SERVER-IP
X-SV-Edge
Server-N
PServer
Debug-3-1
X-Platform-Router
X-SV-Duration
X-Processing-Time
X-SV-CreatedAt
Content-Instance
MachineName
X-SV-CacheTags
X-SV-FromDBCache
X-Platform-Processor
X-HITS
Countrycode
Language
XDisk
X-Time-Spent
RouteID
OutputRewritten
X-CB-Server
X-B
X-Cache-Original-TTL
X-MCB-Server
Sss
X-Is-Mobile
X-PageID
Il-Cl
X-Plat-Be-Ip
X-Edge-V
X-Domino-CacheValidationWithETagResult
X-Cache-Backend
X-DeliveryServer
X-Domino-CacheValidationWithETagReason
X-Plat-Va-Ip
X-Compressor
X-IsCacheURL
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
X-Test
X-TTL-Age
X-T3CacheInfo
X-This-Proto
X-Turpentine-Cache
Acdc-Web
Imx-Cookies-Used
X-Catalyst
Nodeid
X-Proxy
X-ATM-RServer
X-HeBS-Cache-Status
X-Server-IP
X-Vhost-ID
X-ESI-Enable
X-FFX-B
X-ATM-RTime
X-Kirra-SiteId
Apachenode
Prxy
XX
Warning
No-Cookie
X-Purge-Level
Copyright
X-Response
X-GSL-Server
X-Source
X-KO-Site-Id
NZSpeedy
Provider
X-AISO-Cache
X-Rocket-Nginx-Bypass
X-Time-Microsecs
X-Nginx
X-Cache-Doesi
X-AISO-Server
Hash
X-Powered-By-Home.Pl
X-AISO-Cacheable
Ttl
X-Webobjects-Loadaverage
X-Analytics
X-LI-UUID
X-Route
X-DELIVERYSERVER
X-Framework
X-WorkerInstancename
X-Li-Pop
X-FS-UUID
X-Li-Fabric
Web
INCOMING-TIME
X-BKSrc
X-IP-Address
X-Backend-Status
ServerIP
X-NID
X-Server-Generated
Be-Va
X-Flex-Lastmod
Be-Ip
AcceptLangage
X-Flex-Tag
X-Flex-Lang
X-Flex-Evstart
X-Flex-Tags
X-Flex-Community
X-Flex-Evend
X-Gyrobase-Publication
X-Rack-CORS
Rt-Server
X-7d-Instance-Id
X-7d-Trace-Id
X-Esi
Ram
Noq
X-ProxyInstancename
X-Search-Id
X-SRVID
Cpu
X-Nginx-Cache
Apple-Itunes-App
X-Stiffia-Cache
X-Remove-Cookie
Httpd-Identifier
X-Instance-Name
X-Varnish-Esi-Method
X-Varnish-Esi-Access
Og
Tk
X-Obvious-Info
X-Obvious-Tid
X-Powered
X-Drupal-Cache-Tags
X-Hosting
X-Ratelimit
X-SilverStripe-Cache
X-Url-Store
X-HA
X-ENV
X-Checkout
X-Cookie-Store
X-DC-Origin-IP
X-ELC-Checkpoint4
X-Var-Hash
Bs-Header
X-Webbins-Node
Noahs-Classifieds
X-Cookie-Request-Debug
X-Cookie-Response-Debug
X-Serendipity-InterfaceLangSource
X-Serendipity-InterfaceLang
X-WHOIS-Cached
Xc
Http
X-Provided-By
X-Cache-Key
Redirect
X-WP
X-CPU-Time
X-Artvisual-Server
X-BE
X-Smartcache-Timeout
Sid
Foglight-Request-UUID
X-USERNAME
X-Wikidot-Backend
X-Wikidot-Static-Cache
AC-ELC
X-Smartcache-Keys
Device
X-SeschatTemplateID
X-Turpentine-Esi
X-Varnish-Hashed-On
X-Varnish-ServiceNetIP
X-SeschatRedID
X-SeschatLayout
X-Obj-Ttl
X-Server-By
X-Seschat-URL
X-SeschatDID
X-Server-Addr
X-RSS-CACHE-STATUS
X-Meta-MSSmartTagsPreventParsing
X-Meta-Imagetoolbar
X-Meta-MSThemeCompatible
X-Ocache
X-T
X-Magento-Lifetime
X-Magento-Action
MSThemeCompatible
MSSmartTagsPreventParsing
Serv
X-Accel-Expires
Aoestatic
Progma
X-ESI
X-FCMS-Cache
X-HOSTTYPE
X-Oracle-DMS-ECID
X-Confluence-Request-Time
X-Cluster-Node
Railo-Version
X-AG-MIPS
X-App-Server
X-Avvio-Cms-Cacheload
X-Prerender-Token
X-RP-WP-Expires
1
ResourceTag
X-Node-ID
X-VhostID
Public-Extension
SV-Duration
X-CCM
Server-Optimized-By
X-Node-Name
X-Worker
Cteonnt-Length
X-Cache-Fix
X-Cache-PageType
X-Varnish-Ttl
Disaptch-Cache-Rule
X-Wb-Version-Value
X-Varnish-Debug-Hits
Tempo
X-Router-Backend
X-Xhr-Current-Location
X-ProxyDuration
X-Wb-Version-Expiry
Svr
Web-Server
X-GLaDOS
X-TargSmaku
X-Cms-Server
X-Request-Count
X-Router
X-Cluster-Host
Login-Required
X-AVG-REWRITE
X-Foresight-Air
X-Foresight-Customresponse
X-RP-SuperCache
X-Origin-Cache
X-Dispatcher
X-Cache-Extended
X-BServer
X-Request-Time
X-Pb-Mii
X-Obr-Rule
X-LB
X-Mii-Cache-Hit
X-WN-ClientGroup
X-SID
X-Backend-Ip
X-Enhanced-By
Count-Click-Attempt2
X-Nucleus-Cache
X-AVG
Server-Ip
X-Cacheable-TTL
Esi-Enabled
X-Static-Version
X-9XB-Server
WebServer
X-Device-Group
X-AOESTATIC-FETCH
X-Built-With
Server-Hostname
Head
X-SRCache-Store-Status
X-Status
X-LTM-ID
Fw-Via
X-Pageid
X-View
X-Header
X-GUploader-UploadID
X-JSESSIONID
X-KoobooCMS-Version
X-Made-Cache-Ttl
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Ghost-Cache-Status
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-SRCache-Fetch-Status
X-Haiku
X-PURGE-Server
Www.Aujourdhui.Com
Content
X-PageCache-Ttl
X-PageCache-ParseTime
X-PvInfo
FindLaw
X-UseReverse-Proxy
X-Webapp
X-WR-MODIFICATION
X-Platform
Surrogate-Key
X-PageCache-PagePath
X-PageCache-Key
X-Hosts-Backend
X-PageCache-Expire
X-PageCache-Defaultable
X-Debug-Site-Time-OnInit.Master
X-PageCache-Level
X-R4L-VHOST
X-Aberdeen-Cache
X-Aberdeen-Site
X-AppServer-Cache-Rule
X-Runtime-Memory
WEBO
X-SERVERID
MDX-Naviid
X-Request-Received
X-Request-Processing-Time
X-SayCDN-UA
X-SayCDN-TTL
X-Say-TTL
X-SayCDN-Original-Host
X-SayCDN-Original-Path
X-SayCDN-Original-UA
X-Pardot-Rsp
X-Uplex
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-BPool
Ozcache
IsMobile
WN
X-Varnish-Debug-Pool-Recv
X-Pardot-Route
X-AccessDev
X-Pardot-LB
X-Varnish-Debug-Pool-Fetch
X-Say-Original-URL
X-Say-Original-UA
X-DN-Cache-Control
X-EdgeRouter
X-Cache-Host
Mto-License-Status
WP-Cache
X-Allow-Redis
X-Cache-Me-Harder
X-Cached-On
X-Cached-Until
Tracker
Response-Time
X-Hrouter
X-Varnish-URL
X-Say-Cacheable
X-Say-Original-Host
X-Say-Original-IP
Allow
X-ServedByHost
X-Hstore
X-Martin
X-MobileDetected
X-NODE-NAME
E-TAG
X-Varnish-Restarts
DNNOutputCache
X-Webkit-CSP
X-Path
X-PoolMember
Url-Hash
X-Hit
X-Cache-Via
Wn-Vars
X-Content-Parsed-By
Atp-Isdpp
X-Web-Node
Rewriter
Real-Server
X-UA-Vendor
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
HostName
Thinkindot-Control
X-Req-Counter
SL-NOREWRITE-REDIRECTS
At-Shoptype
X-Lang
RSL-Trace-ID
SAVVIS
RequestId
X-ATP-Server
HA-Front
MGIT
X-Instance
X-Discourse-Route
Time
At-Isb
X-Ct-Info
X-Cachable
X-ACLR-Version
X-Accelerated-By
Front
Web-Head
ContentType
X-UD-Host
X-Full-Url
X-RAMCache
X-BIN
D
MirrorName
X-RNDPAGE
Publisher
X-Cluster
X-Czt
0
X-Pixelsilk-Version
X-Pixelsilk-Server
Yola-ID
X-Accel-Cache-Control
X-Op
X-Orig-Host
X-LOCATION
X-B3-Traceid
X-Pagely-Cache
V-RESP
X-We-Are-Hiring
X-SATserver
Kanooh-Host
INFO
X-Timestamp
X-S-Misc
X-Trans-Id
X-UType
X-WorkerDuration
X-Brought-To-You-By
X-Clara-ASAP
X-ASAP-Cache
X-Trace-Id
X-PoweredBy
AGI-Request-ID
Exires
X-Forwarded-Proto
X-PC3-Time
X-PC3-Control
X-UA
X-Process-Time
NodeId
Content-ID
X-Generated-At
X-Goog-Meta-Policy
X-PressLabs-Stats
X-Goog-Meta-Replace
X-Cookie
X-Generation-Time
SBGI-9
SBGI-7
SBGI-5
SBGI-Device
SBGI-RealPath
X-Crafted
SBGI-RenderTime
SBGI-10
X-A
X-Zendesk-Request-Id
X-Zendesk-Origin-Server
X-Sov
X-Rot
SBGI-1
Requested-Host
X-Environment
X-Frontal
X-CacheResult
X-Cache-TTL-Remaining
X-Cache-Keep
X-Dynamic
X-D-Time
Ews
X-FE
X-Amz-Meta-Cb-Modifiedtime
Unique-Request-Id
X-LS-DEBUG
X-Lookup-Mode
X-Frame-Option
Is-Cached
X-VG-WebCache
X-Platform-Cache
X-TAG
Apple-Timing-App
X-SiteFrom
X-Tile-Url
X-Serverid
X-Highwire-Sitecode
X-Highwire-Cache
X-Varnish-Set-Cookie
Aurora-Node
Device-Type
Cmstype
Cmsid
Cluster
X-Cluster-ID
X-Ec-Custom-Error
X-Feature
SBMCLOUD
X-Nocache
X-Backend-IP
X-Apple-Translated-Wo-Url
Backend-Host
ClientIP
X-Http-Host
Gzip
F5-IpCliente
Be
HGR-NOCACHE
MageStack-Area
X-Ants-Machine-Id
X-NewRelic-App-Data
X-Ants-Host
TIMESTAMP
MwpReleaseVersion
X-Cdn-View
X-Client-Addr
X-Upstream-Time
X-Restarts
X-ErrorPage
X-IDS-WS
Servername
MageStack-Web-Node
MageStack-Cache-Status
MageStack-Cache-Lifetime
MageStack-Cache-Hits
MageStack-Cache
MageStack-Cacheable
MageStack-Config
MageStack-Tag
MageStack-PageSpeed
MageStack-Loadbalancer
MageStack-Debug
X-Apple-Partner
X-Apple-Orig-Url
X-Gondor-Server
X-Wm-VIP
X-Beatles
X-RequesterIP
X-OPNET-Transaction-Trace
X-Wm-1
X-Varnish-Store
X-Medium-Entity-Id
X-Medium-Entity-Type
X-Tags
X-Varnish-Currency
BX-Cache
BX-TTL
X-Mag
X-Country
X-Mobile
X-Region
X-Rq
X-Backend-Name
V-Age
FX-Cache
FX-Forwarded-For
FX-TTL
Test
X-Lima-Id
X-LB-Server
WEB-CLUSTER-NODE
X-EntryPoint
X-Fallback
X-Flow-Powered
X-Healthy
X-Akamai-Edgescape
X-Apple-Aka-Ttl
X-Apple-Jingle-Correlation-Key
X-Apple-ATS-Cache-Key
X-Apple-Application-Site
X-Apple-Application-Instance
X-ProcessESI
X-RemovedCookies
X-IsPremium
Fpc-Expire
X-ETag
X-GETTER-Cache
X-HasAuthorization
X-Upstream-Echo-Time
X-SiteConInfo
Portlet.Expiration-Cache
Robots
SERVER-NAME
Access-Control-Allow-Origin: