Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Set-Cookie
Connection
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Link
Accept-Ranges
ETag
X-Content-Type-Options
P3P
X-Pingback
X-XSS-Protection
X-Frame-Options
X-AspNet-Version
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
Strict-Transport-Security
Via
X-Adblock-Key
Access-Control-Allow-Origin
X-Varnish
X-Language
X-Check
X-Template
X-Buckets
X-Cacheable
X-Generator
X-Drupal-Cache
Content-Location
X-Request-Id
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Powered-By-Plesk
X-Type
X-Cache-Group
X-Pass-Why
MS-Author-Via
X-Runtime
WP-Super-Cache
X-Powered-CMS
Status
X-Cache-Hits
X-Permitted-Cross-Domain-Policies
X-Download-Options
X-UA-Device
Host-Header
Ngpass-Ngall
X-Alternate-Cache-Key
X-Dc
X-ShopId
X-ShardId
Access-Control-Allow-Credentials
Keep-Alive
Access-Control-Allow-Headers
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Iinfo
X-Via
P3p
X-Tumblr-Pixel-1
Content-Security-Policy
Access-Control-Allow-Methods
X-Tumblr-Pixel-2
X-Mod-Pagespeed
X-Logged-In
X-Backend
X-Served-By
X-Pad
X-ServedBy
X-Cache-Status
X-PC-Key
X-PC-Hit
Powered-By
X-Server
X-Tumblr-Pixel-3
X-CDN
X-Contextid
X-Xss-Protection
Upgrade
X-Cache-Hit
X-Host
X-FRAME-OPTIONS
X-PC-Host
X-PC-AppVer
X-PC-Date
X-Port
Content-Encoding
X-Robots-Tag
X-Timer
X-Accel-Version
X-Rack-Cache
X-Request-ID
SPRequestGuid
MicrosoftSharePointTeamServices
X-Cache-Lookup
Rating
X-SharePointHealthScore
X-Amz-Cf-Id
X-Cnection
X-Server-Powered-By
X-Tumblr-Content-Rating
X-Varnish-Cache
Alt-Svc
MicrosoftOfficeWebServer
X-Page-Speed
X-MS-InvokeApp
X-Request-Country
X-Turbo-Charged-By
X-Tumblr-Pixel-4
X-Safe-Firewall
CF-Cache-Status
X-Content-Powered-By
X-XRDS-Location
X-AH-Environment
X-W-DC
X-Cache-Enabled
X-Content-Digest
X-GitHub-Request-Id
X-Wix-Renderer-Server
X-Seen-By
X-Wix-Request-Id
Public-Key-Pins
X-Node
Content-Security-Policy-Report-Only
X-FullPageCaching
Request-Id
X-PhApp
X-Webserver
SPIisLatency
SPRequestDuration
X-INKT-URI
X-INKT-SITE
Cf-Railgun
Composed-By
Timing-Allow-Origin
X-Amz-Request-Id
Served-By
X-Amz-Id-2
X-HeyJason
Permitted-Cross-Domain-Policies
X-Hyper-Cache
X-Firenze-Processing-Times
X-Proxy-Cache
Liferay-Portal
Surrogate-Key-Raw
X-Styx-Version
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
Xkey
Surrogate-Key
X-Spip-Cache
Access-Control-Max-Age
Content-MD5
X-ContextId
Access-Control-Expose-Headers
X-Tumblr-Pixel-5
Charset
X-Content-Security-Policy
X-Server-Name
X-CF-Powered-By
X-Swift-CacheTime
X-Swift-SaveTime
X-Drupal-Dynamic-Cache
X-SERVER
X-CDN-Pop
X-CDN-Pop-IP
EagleId
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
Grace
Content-Script-Type
Content-Style-Type
X-FW-Hash
X-Hits
X-Tumblr-Adult-Blog
Access-Control-Allow-Method
X-FW-Serve
X-FW-Type
X-FW-Static
X-FB-Debug
X-Device
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Clacks-Overhead
X-XN-Trace-Token
X-XN-XNHTML
X-User-Agent
Public-Key-Pins-Report-Only
X-VCache
X-DDC-Arch-Trace
X-Jimdo-Instance
X-Jimdo-Wid
Refresh
X-Backend-Server
X-Cache-Config
Real-Hostname
X-TNCMS
X-Loop
X-Tumblr-Pixel-6
X-ServerName
X-Cloud-Trace-Context
X-LiteSpeed-Cache
X-Umbraco-Version
X-Cache-Server
X-Generated-By
X-MiniProfiler-Ids
X-Cache-Result
X-Cached-By
Cartoon
Fastly-Debug-Digest
PageSpeed
Edge-Control
X-Cached
X-Age
X-Hostname
X-Powered-By-360WZB
WZWS-RAY
Surrogate-Control
X-Px
X-Url
X-Outils-CS
X-DynaTrace-JS-Agent
X-CMS-Version
X-Whom
X-HOST
NS-RTIMER-COMPOSITE
Fpc-Cache-Id
Response
X-DynaTrace
X-Forwarded-For
TCN
X-Middleton-Response
X-Sol
X-Middleton-Display
Display
X-URL
X-WebKit-CSP
X-Do-Not-Hack
X-Handled-By
Rt-Fastcgi-Cache
X-Cdn
Imagetoolbar
X-AspNetWebPages-Version
Product
X-TTL
Front-End-Https
X-Content-Options
X-Varnish-Cache-Hits
X-VARNISH-Cache
DynaTrace
X-Recruiting
IBM-Web2-Location
ServedBy
Fhost
X-Newrelic-App-Data
X-LiteSpeed-Cache-Control
Alternate-Protocol
Access-Control-Request-Method
X-From
X-NetCat-Version
X-Msg-2-Log
X-Servedby
X-BC-Stapler
X-Country-Code
X-Track
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Micro-Cache
X-Varnish-Beresp-Grace
Page-Completion-Status
X-EC-Security-Audit
Generator
Akamai-IP
Origin
X-Content-Encoded-By
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-App-Hosting
X-Returned-From
X-Returned-From-DLL
X-Platform
X-Passed-To
X-Actual-URL
X-Original-Request
X-Passed-To-DLL
X-ApacheServer
X-Varnish-Host
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
X-Stale
X-Passed-To-BeforeDispatch
X-Returned-From-BeforeDispatch
X-UD-Method
X-Varnish-TTL
Powered
X-Hosted-By
X-Matrix-Proxy
X-Matrix-Server
X-Expires-Orig
X-CacheServer
X-Daa-Tunnel
X-FORWARDED-FOR
X-Version
X-I
X-Microcachable
X-Origin
Content-Encoding-Handler
Magicmarker
X-Cache-Age
X-Powered-By-VTEX-Janus-Edge
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Cache-Status-Janus-ApiCache
X-BS
X-VTEX-Janus-Router-Backend-App
X-Vtex-Remote-Cache
X-Vtex-Processed-At
X-Vtex-Processado-Em:
X-I-Sp
X-VTEX-Cache-Status-Janus-Edge
No
Host
Powered-By-ChinaCache
Content-Hash
X-Developer
MIME-Version
X-Art-Request-Id
ServerName
X-Firenze-Processing-Time
X-Source
X-Abuse
Ag-Send-Time
Ag-Execution-Time
Ag-Server-Time
X-PERF
X-Cache-Lifetime
X-Varnish-Backend
X-Request-Time
X-Varnish-Cacheable
X-OneAgent-JS-Injection
X-Server-ID
X-Cache-TTL
X-Engine
X-Location-Id
X-Response-Time
X-Magnolia-Registration
X-S
X-Device-Type
Fastcgi-Cache
X-Cache-Rule
USPLoggingUUID
X-DefendeR-Status
Surrogate-Keys
X-DefendeR-Runtime
X-Upstream
X-Cache-Debug
X-ATG-Version
X-RESOURCE
X-URLSCHEME
X-Director
X-Translation
X-Microcache-Status
Content-Disposition
X-Zen-Fury
X-Server-Id
X-Drectory-Script
X-Route-Server
X-SDS
X-Gamma-Serve
X-Cache-Info
X-Cache-Expires
X-B-Cache
X-Goog-Hash
X-Varnish-RemainingTTL
Node
X-Varnish-Seen-By
X-Revision
X-CJ-Soft
X-Powered-By-Server
Lsrequestid
Proxy-Agent
Version
X-DNS-Prefetch-Control
ServerID
X-Xrds-Location
X-Geo-IP
X-Platform-Processor
X-Dispatch
X-Cache-Control-Orig
X-Platform-Router
Proxy-Connection
Content-Security-Policy-Rerport-Only
X-Duration
Last-Published
X-Fastcgi-Cache
Edge-Control-Message
X-Page-Cache
Location
X-PwB-Node
X-Vcap-Request-Id
X-Front
X-Rocket-Nginx-Bypass
X-NoCache
X-Instart-Request-ID
SN
Arr-Disable-Session-Affinity
Server-Info
X-N
S
X-Varnish-Age
X-Real-Server
Cache-Key
X-Geo-IP-Country
X-Geo-IP-Metro
Nitro-Cache
X-SV-Pid
X-FW
X-SV-FromDBCache
X-SV-Duration
X-Geo-IPV
X-SV-CreatedAt
X-Geo-IP-Region
X-SV-Nginx-Duration
X-Speed-Cache
X-Speed-Cache-Key
Webluker-Edge
X-Correlation-Id
X-SV-Expires
X-Cache-Key
X-Cache-Tags
CC-CACHE
X-SV-Edge
X-Processing-Time
X-Time
X-SV-CacheTags
X-Varnish-Server
X-Cache-Operation
PICS-Label
X-Nurl
Buuteeq-Source
X-Nhost
X-NFE
X-Platform-Cache
RTSS
X-Hypernode
X-StackifyID
SVR
Mobiquo-Is-Login
X-Varnish-GracePeriod
X-Grace
X-Varnish-RemainingLife
X-Cookie-Domain
X-Varnish-ObjectSource
X-Kinsta-Cache
X-LB
X-ServerID
Pics-Label
X-Akamai-Device-Characteristics
X-Akamai-Device-Model
X-Purge-URL
X-CDN-Cache-Status
X-Server-Upstream
HCVer
X-Processed-By
HAVer
X-GeoIP-Country-Code
X-Varnish-IP
X-Orig-Vary
X-CDN-Node
SEOMOZ
MJ12bot
X-Content-Age
X-ACMCache
X-Storage
Cache
X-Server-Response-Time
X-Client-IP
X-GeoIP-Country-Name
Srv
X-Framework
X-Amz-Version-Id
X-App-Server
Retry-After
X-Varnish-Count
X-Purge-Host
X-NB-Cached-Page
X-Varnish-HitMiss
X-Mobilized-By
Accept-Charset
Filter-Revision
X-Config-By
X-Nitra-Side
X-AOL-HN
X-Origin-Id
Nodo
Req-Id
Logging-CorrelationId
X-Server-Start-Time
X-SE-Debug
X-UPSTREAM
X-Frontend
Qs-Cache
Backend
X-ClientSide-Caching
X-Yottaa-Metrics
AMF-Ver
X-Directory-Script
X-Yadis-Location
X-Yottaa-Optimizations
X-Varnish-Hits
Author
W
X-ORACLE-DMS-ECID
X-WEBSERVER
X-Edge-Location
A-Powered-By
NetMindSessionID
X-Browser
X-Debug
X-Cache-Control
X-Cache-Doesi
X-Garden-Version
X-Application-Context
X-Discourse-Route
Accept-Encoding
Host-Service
Pool-Info
X-Mobile-URL
WSR-Cache
COMMERCE-SERVER-SOFTWARE
X-Grid-Server
X-NginX-Cache
X-Trace
X-Config-Blacklist-Version
X-Sys-Req-ID
NODE
X-NginX-Upstream-Addr
SSPAppContext
X-NginX-Upstream-Response-Time
X-NginX-Upstream-Status
Allow
X-Blog
X-Cache-Engine
Cm-Server
X-NginX-Node
Content-Transfer-Encoding
X-Jphone-Copyright
X-NginX-Cache-Status
X-CDN-Forward
X-BKSrc
X-LW-Web-Server
X-AbeBooks-Version
Frame-Options
IISExport
X-Hosts-Backend
X-GeoIP
Section-Io-Id
X-Nginx-Host
SRV
IM-Version
X-Plat-Be-Ip
X-PF-Uncompressing
X-Plat
X-Plat-Va-Ip
X-Session-Reinit
Cached
X-Varnish-Hostname
Head
X-F-Cache
X-Amz-Meta-S3cmd-Attrs
X-XTM-Node
Server-Name
Id
X-Empowered-By
X-JG-Page-Cache
X-Optimization
X-Ttl
X-Cocoon-Version
CacheControlHeader
X-Machine-Name
Dynatrace
Myheader
VAR-Cache
X-Member
X-AOL-SNH
X-Highwire-SessionId
X-Connection-Hash
X-SmartBan-URL
X-Provisioner-Version
Front
X-RiS-UFDI
X-Highwire-RequestId
X-Resolver-IP
X-Domain-Checked
X-App-Status
X-Worker
X-SmartBan-Host
X-TempDebug
X-ARC
X-IIJ-Cache
X-Twitter-Response-Tags
X-V
X-Hit-Cache
X-Transaction
X-PG
X-Adobe-Content
X-Adobe-Loc
X-Pagename
Rewriter
Thanks
X-Cache-Fix
X-Flow-Powered
X-HTML-Minification-Powered-By
X-Supported-By
X-IsCacheURL
X-Real-IP
X-Dev
X-Cache-PageType
X-HW
X-WR-Flags
XDomainRequestAllowed
X-Dispatcher
Eomportal-Instance
X-Varnish-Ttl
X-NginX-Server
Worker
WWW-Authenticate
X-Cms-Mode
X-Analytics
Backend-Timing
X-BackendServer
S-Cnection
X-LB-Server
Real-Server
ORIGIN
X-DealerOn
CT
Cneonction
Ibf5scheme
A
X-EDGECONNECT-GUID-DEBUG
X-Varnish-Grace
X-Balanceador
X-Airee-Node
X-EPiphany-Vid
Mime-Version
X-Symfony-Cache
X-Dynatrace
X-Client-Vid
X-Client-Image-Vid
X-Amz-Storage-Class
X-Unbounce-VisitorID
X-Avvio-Cms-Cacheload
X-SRV
Nginx-Cache
X-Unbounce-Variant
X-Atraveo-Param-Rm
X-Vhost
X-Atraveo-Set-Cookie
X-Atraveo-TTL
X-Vary-Options
X-Atraveo-Zone
X-Atraveo-Varnish-Server-Id
X-Atraveo-Expires
X-Atraveo-From-Varnish-Cache
X-Atraveo-ETag
X-Server-Instance
Noq
Ram
X-Unbounce-PageId
Cpu
X-Atraveo-Cache-Control
X-Unique-ID
X-PRAM
X-Prefetched
X-Env
Referrer-Policy
X-Force
X-Source-ID
X-TTFB-L
X-TTFB
X-SmugMug-Values
X-SmugMug-Hiring
X-Varnish-Debug-TTL
X-HP-Trace-Project
X-HP-Trace-ID
X-Varnish-Debug-Age
X-Sov
X-Sucuri-ID
X-Nginx-Cache
X-FIRSTBase
X-Webstats-RespID
Keywords
X-Edge-IP
BALANCEDTO
Smug-CDN
X-Rot
Ngpass-Vcall
X-WA-Info
X-Captured
X-Restarts
X-Webcelerate
X-SDE-Name
SBGI-1
X-Trace-Id
P-LB
X-Distributed-By
MC
SBGI-Device
VServer
X-Varnish-RemainingGrace
Cmstype
Cmsid
X-HOSTNAME
Bios
Beyond-Iis
SBGI-RenderTime
SBGI-7
SBGI-5
SBGI-9
X-Distributor
SBGI-RealPath
SBGI-10
P-WS
X-WP
X-Smartcache-Timeout
X-ID
ServerTokens
ServerSignature
X-Dns-Prefetch-Control
X-Smartcache-Keys
X-ServerIndex
Actual-Object-TTL
X-GUploader-UploadID
X-Unique-Id
X-Goog-Generation
Set-Cookie2
X-Goog-Metageneration
X-Hstore
X-Hrouter
X-Detected-Device
X-Enhanced-By
X-Goog-Stored-Content-Encoding
Paypal-Debug-Id
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GSL-Server
Web
X-Accel-Expires
Resin-Trace
NnCoection
X-Varnish-Backend-Healthy
X-Varnish-Error-Restart
NS-VaryByCustom-Key
D
From
X-Server-IP
X-MAT-GEO
CLMOB
X-Cache-Keep
X-Cache-TTL-Remaining
X-Invoke-Duration
Fw-Via
Device-Type
Ec
X-CacheResult
CmsCacheEngine
X-Healthy
X-Ser
X-Cache-Set
X-Rack-Cors
X-Esi
X-Varnish-Instance
X-Header
X-REDIRECTSERVER
X-Runtime-Affili
MW-Webserver
X-Srv
X-Id
NLCacheNote
X-Magento-Tags
X-SV
X-Pressidium-NinukisWP-Ver
N365rili
X-Remote-Addr
X-Clara-ASAP
ScoreTracker
X-WR-MODIFICATION
AsisCache
X-Lifetime
Content-Server
X-Desc
Cluster-ID
X-Actindo-RS
X-Not-Cacheable
X-NewsFlow-Sitename
VnhCdn-Status
X-NewsFlow-DoCache
Access-Control-Request-Headers
Cache-Rule
X-Cache-Var
X-Cache-Source
X-Cache-Var-Map
X-CDN-COMPRESS
X-Secret
X-Cache-Level
X-Site:
X-ASAP-Cache
X-DSMX-Render-MS
X-B2f-Not-Route
X-DSMX-Rewrite-MS
Proxy-Cache
X-COUNTRY-CODE
X-Apm-Telemetry-Syncmark
Warning
X-T3CacheTags
X-MrHost
X-Key
SS
X-RequestId
X-T3CacheInfo
X-T3Cache
Prxy
Ksid
Sid
X-Cache-Node
X-Cache-On
X-Fedora-School-Id
Sophnep-Edge-FX
X-B
X-Server-By
X-RDP
X-Varnish-Action
Description
X-Response
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Cache-Provider
OT-RequestId
Cdate
X-Content-Security-Policy-Report-Only
X-Hiawatha-Cache
X-Faeria
X-CB-Server
Imx-Cookies-Used
X-Frames-Options
PowerCDN
X-DTC
MageStack-Cacheable
X-Wikidot-Static-Cache
MageStack-Cache-Status
X-Wikidot-Backend
MageStack-Cache-Lifetime
MageStack-Loadbalancer
X-Ratelimit-Remaining
MageStack-PageSpeed
X-Ob-Mode
MageStack-Debug
MageStack-Config
NtCoent-Length
X-Cache-Action
X-VC-TTL
X-Pagely-Cache
X-Backend-Name
Servername
CommunityServer
X-Magento-Action
Ctx
X-Signature
X-DOM
X-Rack-CORS
MageStack-Tag
MageStack-Web-Node
MageStack-Cache-Hits
MageStack-Area
MageStack-Cache
X-DN-GyrobaseID
X-DN-Cache-Control
X-OCTOPOD
Copyright
X-Varnish-Set-Cookie
X-SID
T
Atp-Isdpp
X-Catalyst
X-Timing
APP-VERSION
X-Is-Mobile
X-LW-T
X-Varnish-Store
X-Nginx
X-Info
X-Varnish-Esi-Method
X-Time-Microsecs
Fastly-Restarts
Il-Cl
X-Varnish-Currency
X-Server-Instance-Name
X-We-Are-Hiring
X-Proxy-Cache-Key
X-Server-Generated
X-Fstrz
X-Phpwcms-Release
X-7d-Instance-Id
X-Phpwcms-Page-Processed-In
X-Search-Id
X-7d-Trace-Id
X-Varnish-Esi-Access
X-Nginx-Request-Time
X-OPNET-Transaction-Trace
X-Amz-Id-1
Xc
X-AWS
Max-Age
B-Powered-By
X-Environment
X-Generated
X-Turpentine-Cache
Session-Id
X-Cache-2
X-Appmachine-Environment
VC-NoCache
Ttl
X-Firewall
DrivedBy
WP-AdvCache-MemCached
X-Cache-Device-Type
X-Contact
Accept-Language
WFE
X-Middleton-PageSpeed
Og
X-HP-CAM-COLOR
If-Modified-Since
X-Node-Name
Kanooh-Host
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-ORACLE-DMS-RID
Pool
X-HITS
X-HAProxy
Expire
X-Platform-Server
X-FastCGI-Cache
X-Security
X-Forwarded-Proto
X-Ocache
TP-Cache
X-DEBUG
TP-L2-Cache
X-CSRF-TOKEN
NZSpeedy
X-ACCELERATE
X-RealServer
Provider
X-SeschatRedID
X-Cluster-Node
X-Stage
X-Rewritten-By
X-ManagedFusion-Rewriter-Version
X-SeschatLayout
X-Turpentine-Esi
X-PoweredBy
Content-Generator
X-Upstream-Backend
PServer
X-TB-M
X-TempoPesquisa
X-4ormat-Cacheable
X-Do-Esi
Server-Ip
HOST-SERVICE
INCOMING-TIME
X-Litespeed-Cache-Control
M
X-APP
X-Hosting
X-AccessDev
X-Seschat-URL
IsMobile
X-SeschatDID
Mto-License-Status
Server-Id
X-SeschatTemplateID
Www.Aujourdhui.Com
X-N-ViewType
RequestId
X-ATP-Server
X-RequesterIP
X-Flex-Evend
X-Flex-Community
MageStack-Cache-Warning
X-Device-Group
X-ESI-Enable
X-FFX-B
X-Hit
X-Span
X-Vhost-ID
X-Litespeed-Tag
X-Hcom-Styx-Info
Host-Name
Fastly-Backend-Name
BKREF
X-Varnish-URL
X-PBY
X-FreeTag-Count
XDisk
X-Webapp
X-UseReverse-Proxy
X-NGINX-Cache
X-WHOIS-Cached
X-Render-Time
Backend-Node
X-Status
X-Router-Backend
RouteID
Cache-Control:
X-Jcms-Ajax-Id
X-Old-Content-Length
X-Router
X-RAMCache
At-Isb
At-Shoptype
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-EPiLogOnScreen
X-EPiLogOnScreen-PostUrl
X-SSL-Protocol
X-SSL-Cipher
X-Domino-CacheValidationWithETagResult
X-Domino-CacheValidationWithETagReason
X-Tile-Url
Url-Hash
X-Custom-Header
X-ACLR-Version
X-Varnish-Cache-Local
X-IP-Address
X-SilverStripe-Cache
X-Serendipity-InterfaceLangSource
X-RateLimit-Remaining
X-PM-ID
X-Pb-Mii
X-Uid
X-Gyrobase-Publication
ServerIP
Be
X-Obr-Rule
X-Mii-Cache-Hit
X-Flex-Lastmod
X-Flex-Lang
X-Flex-Tag
X-Flex-Tags
X-Max-Age
X-Hash
X-Beatles-Hits
X-CCM
SAVVIS
Note
Version-Epoch
X-EZPublish-NodeID
X-Serendipity-InterfaceLang
X-PoolMember
Http
Apache
X-Does-He-Have-Time
X-Cms-Server
X-Route
X-TTL-Age
X-Your-GrandPa-Would-Wait
X-Would-Your-GrandPa-Wait
X-Flex-Evstart
X-EZPublish-InstallationID
X-Amz-Meta-Cb-Modifiedtime
X-Application
X-A
Response-Time
Origin-Server
X-Requested-Page
X-Box
DB-Nickname
X-Company
X-Cluster-Host
X-Cache-Extended
E-TAG
Dispatcher
X-Author
X-Dw-Trace-Id
X-WebNode
X-Runtime-Memory
X-HostName
X-AISO-Server
Cteonnt-Length
Content
GenSvr
User-Agent
X-Depends
X-E
QC-Key
X-LOCATION
QC-Time
User-Cache-Control
QC-Hit
AC-ELC
X-Wm-1
X-ProxyInstancename
X-Mobile
X-Wm-VIP
WSCLoggingUUID
X-Akamai-Edgescape
X-AppServer-Cache-Rule
X-AppServer-Status
X-Nocache
X-WorkerInstancename
Progma
X-MSU-SOURCE
X-Clx-Request
X-Egnyte-Request-Id
X-GRACE
X-Hosting-Env
X-Xhr-Current-Location
X-Bcwwwid
X-Proto
Apachenode
X-Server-Addr
X-Src-Webcache
X-Oracle-DMS-ECID
X-Gannett-Site-Version
X-ASAP-Age
X-Bypass-Ssl-Transform
X-FCMS-Cache
X-T
Edgecast
X-App
X-Artvisual-Server
X-DataDome
ReqUrl
Server-ID
Hamster
X-CACHE-TTL
Vacache
X-Ar-Debug
X-NewRelic-App-Data
Expiries
Serverid
X-Cache-Me-Harder
X-Pj-Cache-Status
X-Mod-Oboe-PS
X-Rq
X-Region
X-Varnish-Max-Age
X-Layout
X-This-Proto
X-Pj-Cache-Gzip
X-Title
X-Pj-Cache-Expires
HostName
X-Pj-Cache-Flags
X-Pj-Cache-Key
X-Powered-By-Anquanbao
X-RSS-CACHE-STATUS
X-Cache-Why
X-AG-MIPS
X-Venda-Hitid
X-Distil-CS
VANITY-HOST
Disablevcache
X-Pj-Cache-Time
DeleGate-Ver
EXT-CACHEEXPIRE
X-Built-By
MageStack-Response-Ttl
X-Cache-Ua
Language
X-BPool
X-Pubstack
X-Request-Processing-Time
SLB
X-OneLinkHost
WWW
X-VARITI-CCR
X-Request-Received
X-Checkout
X-Content-Type
X-W3TC-Minify
X-MobileDetected
X-OneLinkProcessing
X-Original-Host
X-Content-Parsed-By
X-Cacheable-TTL
MageStack-Cacheable-Reason
X-DB-Content-Length
X-BServer
X-ProcessTime
X-HA
X-UUID
X-GoCache-CacheStatus
X-VCS-Billing
X-Tradeindia-SMgmt
X-Tradeindia-Request-GUID
X-VCS-Cache-Server
X-VCS-Cacheable
X-VCS-Host
X-VCS-Hit
X-Tags
X-SuperCache
X-Pageid
X-Magento-Lifetime
X-PF-CACHE-FAILED
X-Provided-By
X-Site-Name
X-Session-ID
X-VCS-Nrhit
X-VCS-Status
X-PS-MURDOCK-ORIG-FILEEXT
X-PS-MURDOCK-CASE-NORMALIZATION
X-PS-MURDOCK-ORIG-PROTOCOL
X-Dynamic-Cache
X-KoobooCMS-Version
X-Frame-Option
X-POPSUGAR-Server-Name
X-Obj-Ttl
X-VCS-Url
X-VCS-Ttl
X-Zendesk-Origin-Server
X-Zendesk-User-Id
X-Beresp-Ttl
XX
X-Logword
X-DDM-SERVER-UPDATED
X-EdgeRouter
MwpReleaseVersion
X-NewCloud-V-Cache
X-Pixelsilk-Server
X-Time-Spent
X-Pixelsilk-Version
X-DEBUG-TTL
X-Cache-ID
X-Varnish-Cache-Control
X-Transaction-Id
Cleartype
Content-Instance
X-Backend-TTL
Lookup-Cache-Hit
X-VC-Enabled
Aoestatic
RSL-Trace-ID
ResourceTag
TMP
Web-Head
X-DDM-SERVER
X-Cache-Via
Redirect
Public-Extension
Exires
Beon-Cache-Status
HA-Front
HitInfo
Orgin-Server
LB
X-Reason-Bp
X-MOBILE
SiteName
X-AISO-Cache
P
From-Origin
X-UltraCart-Server-Round-Trip
"
X-AISO-Cacheable
X-CO-Host
X-JSESSIONID
X-Location
X-Ghost-Cache-Status
X-Cache-Served
X-DynamicCache
X-ETag
X-UltraCart-Inject-Critical-Path-CSS
X-UltraCart-Critical-Path-CSS-Key
X-MCF-ID
X-Orig-Host
X-Fpc
X-DB-NAR
X-B3-Traceid
Ews
X-Powered-By-Home.Pl
X-Ratelimit-Limit
X-Sn-Servicetimems
X-UltraCart-Critical-Path-CSS-Injected
X-Sentry-Token
X-Web-Node
X-Ratelimit-Reset
X-Nginx-Page-Cache
OutputRewritten
X-Original-IP
X-Nginx-VM-RT
X-Cache-Handler
X-SATserver
X-Apache2-RT-MicroSec
X-Theme
X-Matched-Rule
X-ESI
X-Expose-Took
X-Expose-Site
X-Expose-Generated
X-Feed
X-Highwire-Sitecode
Thinkindot-Control
Thinkindot-CacheControl-Type
X-MCB-Server
X-IP
LBVIS
X-Protected-By
X-VhostID
LBC
Served-From
X-Compressed-By
REFRESH
Thinkindot-CacheControl
Aurora-Node
X-BC
X-FG-RequestId
SERVER-IP
BlockPHPCallEnd
X-Farm-Server
X-OneLinkTook
X-OneLinkServiceType
Content-ID
MSSmartTagsPreventParsing
Httpd-Identifier
Powerd-By
Gzip
Brandcast-Load-Balancer
Brandcast-Brand-Id
Cache-Status
ClientIP
F5-IpCliente
MSThemeCompatible
Svr
X-SL-Notranslate
X-SL-Norewrite
X-UA
AGI-Request-ID
Hosted-By
CD1
X-Meta-MSThemeCompatible
X-Meta-MSSmartTagsPreventParsing
X-Goog-Meta-Policy
X-Cache-Backend
X-Goog-Meta-Replace
X-Instance-Name
X-Meta-Imagetoolbar
X-Wily-Info
X-Wily-Servlet
X-Memcached
X-FarmId
X-Mobile-Device
X-Powered-Developer
X-HASH
X-LS-DEBUG
X-Batcache
X-Accel-Cache-Control
NKBVHEADER
WP-Cache
Apple-Itunes-App
X-Test
V-Cache
X-TargSmaku
X-Geo
X-9XB-Server
X-AREQUESTID
Debug-Status
X-Expose-Hostname
X-OpenCart-Lightning
Charly
X-ASEN
X-AUSERNAME
Pw-Value
Fpc-Expire
X-BeResp-Ttl
X-DeliveryServer
X-Client-Ip
Machine