Threat Level: green Handler on Duty: Brad Duncan

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
Link
X-AspNet-Version
P3P
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
X-Adblock-Key
Via
X-Frame-Options
Keep-Alive
CF-RAY
Content-Location
X-Varnish
X-Language
X-Template
X-Check
X-Buckets
X-Cacheable
Access-Control-Allow-Origin
X-Generator
X-Drupal-Cache
WP-Super-Cache
X-Ac
X-Hacker
Status
MS-Author-Via
X-AspNetMvc-Version
Strict-Transport-Security
X-Powered-By-Plesk
X-Runtime
P3p
X-Pad
X-Geo-Port
X-Geo
X-Request-Id
X-Mod-Pagespeed
X-Powered-CMS
X-Type
X-Cache-Group
MicrosoftOfficeWebServer
Access-Control-Allow-Credentials
X-Pass-Why
X-Logged-In
X-Cache-Hits
X-Host
Ngpass-Ngall
X-Cache-Lookup
X-Server
Host-Header
X-UA-Device
X-FRAME-OPTIONS
X-Proxy-Cache
X-Iinfo
Access-Control-Allow-Headers
X-Via
X-Backend
X-Rack-Cache
Access-Control-Allow-Methods
MicrosoftSharePointTeamServices
X-CF-Powered-By
X-XRDS-Location
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Served-By
X-Varnish-Cache
X-Xss-Protection
X-Tumblr-Pixel-1
SPRequestGuid
X-SharePointHealthScore
X-Accel-Version
X-Robots-Tag
X-Dc
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId-Cached
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Seen-By
X-Request-ID
X-ContextId
Content-Encoding
X-ServedBy
X-Page-Speed
X-CDN
X-Cnection
X-INKT-URI
X-Tumblr-Pixel-2
X-INKT-SITE
X-BC-Is-HA
X-Webserver
X-PhApp
X-Safe-Firewall
X-MS-InvokeApp
X-Cache-Hit
X-Hostname
Composed-By
X-PC-Key
X-PC-Hit
X-PC-Host
X-PC-AppVer
X-PC-Date
X-Port
X-Ua-Compatible
Served-By
X-FullPageCaching
X-AH-Environment
Cartoon
X-Cache-Status
X-Firenze-Processing-Times
X-W-DC
X-Tumblr-Pixel-3
X-XN-Trace-Token
X-XN-XNHTML
Public-Key-Pins
X-Age
X-Wix-Renderer-Server
Cf-Railgun
X-Wix-Dispatcher-Cache-Hit
X-Wix-Request-Id
X-Spip-Cache
X-Amz-Cf-Id
X-HeyJason
Liferay-Portal
Content-Security-Policy
Content-Script-Type
Content-Style-Type
X-Amz-Id-2
X-Powered-By-360WZB
Request-Id
X-Amz-Request-Id
CF-Cache-Status
X-Content-Digest
X-Served-From-Cache
X-Server-Name
SPIisLatency
X-Umbraco-Version
SPRequestDuration
X-Cache-Info
X-Timer
X-Pantheon-Endpoint
X-Styx-Build-Num
X-Styx-Build-Date
X-Styx-Build-Sha
X-Styx-Version
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Server
X-Hyper-Cache
X-Clacks-Overhead
X-DynaTrace
X-FB-Debug
X-SERVER
X-Device
Rating
X-Forwarded-For
Powered-By
Real-Hostname
X-TN-ServedBy
X-PHP-Engine
X-Outils-CS
X-From
X-Loop
X-VCache
TCN
X-Url
X-Tumblr-Pixel-4
DynaTrace
X-Cache-Result
X-PersistenceNode
X-TNCMS
NS-RTIMER-COMPOSITE
X-Cached-By
X-CDN-Any-IP
X-CDN-Geo-IP
X-CDN-Geo
X-Cache-Enabled
X-Px
Refresh
X-Generated-By
Imagetoolbar
X-Microcachable
X-Cached
X-Content-Encoded-By
Page-Completion-Status
X-Tumblr-Content-Rating
Product
Powered-By-ChinaCache
X-Hits
IBM-Web2-Location
Access-Control-Max-Age
X-Backend-Server
X-Loc
X-Powered-By-Anquanbao
X-Mobilized-By
Ms-Author-Via
X-CMS-Version
Charset
Magicmarker
X-Content-Security-Policy
Thanks
X-Processed-By
X-Zephyr
X-Permitted-Cross-Domain-Policies
X-Matrix-Proxy
X-Matrix-Server
Node
X-Node
X-DynaTrace-JS-Agent
X-Tumblr-Pixel-5
X-Jimdo-Wid
X-Jimdo-Pid
X-Version
Pics-Label
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Type
X-DDC-Arch-Trace
X-I
Generator
X-Content-Options
X-User-Agent
Retry-After
ServedBy
X-Firenze-Processing-Time
Set-Cookie2
Response
CC-CACHE
X-WebKit-CSP
X-Expires-Orig
X-DNS-Prefetch-Control
X-W3TC-Minify
Proxy-Agent
RTSS
X-Original-Content-Length
X-Cache-Debug
MIME-Version
Content-Encoding-Handler
X-Purge-Host
X-SDS
X-Varnish-Host
X-Cache-Config
X-App-Hosting
X-Middleton-Display
X-UD-Host
SID
X-UD-Method
X-Sol
X-Middleton-Response
X-Varnish-Backend
X-URL
Lsrequestid
X-AspNetWebPages-Version
X-Hosted-By
Display
X-Varnish-TTL
X-LiteSpeed-Cache
Microsoftsharepointteamservices
Edge-Control
X-ATG-Version
X-ApacheServer
Access-Control-Request-Method
Host
X-Drectory-Script
Sprequestguid
X-Whom
X-Sharepointhealthscore
X-Cache-Expires
X-Varnish-Cacheable
X-Director
X-Original-Request
X-MiniProfiler-Ids
X-Passed-To
X-Passed-To-DLL
Content-Disposition
X-Handled-By
X-Actual-URL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From
X-Ms-Invokeapp
X-Micro-Cache
X-PF-Uncompressing
X-Cache-Control-Orig
X-NoCache
X-Cdn
X-Art-Request-Id
Grace
ServerName
PICS-Label
X-Nitra-Side
X-Cache-Resuilt
X-Swift-SaveTime
X-Swift-CacheTime
VAR-Cache
X-FW
X-SN
X-Response-Time
Surrogate-Control
Content-Security-Policy-Report-Only
Accept-Encoding
X-PERF
X-TTL
Fhost
X-Varnish-Hits
X-Front
Cm-Server
X-Purge-URL
AMF-Ver
Location
X-PwB-Node
X-Varnish-IP
SEOMOZ
MJ12bot
ServerID
X-ServerID
Srv
Proxy-Connection
X-Cookie-Domain
X-SRV
WWW-Authenticate
X-Distil-CS
IISExport
X-Trace
X-Ttl
X-CJ-Soft
X-Vary-Options
X-Cache-Rule
COMMERCE-SERVER-SOFTWARE
X-Cache-TTL
X-FIRSTBase
X-Varnish-Age
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-6
X-ACMCache
X-Duration
X-Speed-Cache
Accept-Charset
X-Blog
X-Speed-Cache-Key
X-Session-Reinit
SN
X-Cache-Age
X-Varnish-Cache-Hits
X-Track
Fpc-Cache-Id
Filter-Revision
S
Upgrade
A-Powered-By
X-ServerName
X-Server-ID
X-S
Rt-Fastcgi-Cache
X-Adobe-Content
Cache-By-Node
Website-Info
Server-Info
X-FORWARDED-FOR
Nodo
X-Time
X-GeoIP-Country-Name
X-GeoIP-Country-Code
Buuteeq-Source
Qs-Cache
X-ID
Id
X-Orig-Vary
X-BackendServer
NetMindSessionID
X-CHSN
X-Trace-Cache
X-Directory-Script
X-Sys-Req-ID
X-Cache-Operation
X-Instart-Request-ID
Powered
Cache
X-Stale
X-Engine
X-App-Status
NtCoent-Length
X-Bettercache-Proxy
Server-Name
X-Xrds-Location
X-Highwire-RequestId
X-Gamma-Serve
X-Highwire-SessionId
X-Object-Id
X-Object-Type
X-LIGHTHTTP-PCDID
X-Cache-Action
Req-Id
X-Device-Type
X-Microcache-Status
X-Varnish-Beresp-Grace
X-Cache-Lifetime
LBVIS
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Translation
X-Distributed-By
X-Secret
X-Yadis-Location
X-Twitter-Response-Tags
Ms
X-Connection-Hash
X-Transaction
NODE
X-Provisioner-Version
Backend
X-Domain-Checked
Author
X-App
Origin
XX
X-SDE-Name
X-Cocoon-Version
PageSpeed
X-TempDebug
CT
X-Src-Webcache
Front-End-Https
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Powered-By-VTEX-Janus-ApiCache
Dispatcher
X-Vtex-Processed-At
X-Recruiting
X-Powered-By-VTEX-Janus-Edge
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-Router
X-VTEX-Cache-Status-Janus-Edge
X-VTEX-Janus-Router-Backend-App
No
Content-Transfer-Encoding
X-Cache-On
BM-Cache-Key
BM-Cache-Node
XDomainRequestAllowed
X-Varnish-Server
X-Srv
X-Country-Code
X-FreeTag-Count
X-AOL-SNH
X-Symfony-Cache
MIH-PUBLIC-IDENTIFIER
Content-MD5
X-Varnish-HitMiss
X-Varnish-Count
X-Wily-Servlet
X-B2f-Cache-Load
NLCacheNote
MIH-CLIENT-FARM
MIH-PLATFORM
X-Wily-Info
X-N
X-Frontend
X-Amz-Id-1
X-Expires
X-Remote-Addr
Beyond-Iis
X-Debug
Apache
X-ORACLE-DMS-ECID
X-Stage
X-Old-Content-Length
SS
X-Cluster-Node
X-REDIRECTSERVER
Access-Control-Expose-Headers
X-Varnish-Action
X-Grid-Server
X-Ar-Debug
X-Location-Id
X-Dynatrace
X-Rewritten-By
X-Machine-Name
Pool
MW-Webserver
X-Resolver-IP
X-SBGI-Cache-Codes
X-Header
X-Powered-By-Server
X-Content-Age
X-ManagedFusion-Rewriter-Version
X-Turbo-Control
Front
X-WEBSERVER
LBC
X-Gannett-Site-Version
BM-Cache-Status
SRV
Cteonnt-Length
X-Origin
X-Source-ID
X-Plat
X-Atraveo-TTL
TP-Cache
X-Atraveo-Varnish-Server-Id
TP-L2-Cache
X-Atraveo-NC
X-WR-MODIFICATION
X-ServerCache-Info
X-BS
X-Country
X-Atraveo-Cache-Control
X-PRAM
X-Atraveo-From-Varnish-Cache
Version
X-UD-REMOTE-ADDR
X-UD-Loopcounter
X-UD-Target
Provided-Host
Last-Published
X-Real-Server
X-Cache-CFC
X-Venda-Hitid
X-Who
X-Server-Id
X-Info
X-Dev
X-UPSTREAM
Www.Myjob.Se
X-Router-Backend
Machine
SiteName
X-UseReverse-Proxy
X-Router
X-Webapp
X-Frames-Options
ORIGIN
X-Varnish-Object-Age
X-Geo-IP
X-DeliveryServer
BM-CountryCode
Open.Jobgate.Se
X-Geo-IP-Country
X-Geo-IP-Metro
X-SSL
X-Invoke-Duration
X-Geo-IPV
X-Geo-IP-Region
-GCR
X-Built-By
Www.Mirrorgate.Se
X-Beatles
SS-Request-ID2
Content-Instance
Jobb.Gil.Se
Jobb.Assistentpoolen.Se
X-Actindo-RS
SVR
P3P:CP
Warning
Test.Executivepeople.Se
Cluster-ID
Www.Mabracertifiering.Se
CPOINT
Jobb.Passal.Se
Server2
X-Phpwcms-Page-Processed-In
X-WP
X-Uid
X-Phpwcms-Release
X-Enhanced-By
From
X-Origin-Id
X-Cms-Mode
Ttl
Worker
X-Monstercache-Timeout
X-DPWN-IS-SECURE
X-Garden-Version
X-Jphone-Copyright
HAVer
Compression-Control
X-Drupal-Cache-Tags
X-Developer
X-MJ-Upstream-Addr
X-B2f-Not-Route
Web-Server
X-DSMX-Render-MS
X-T3Cache
X-PM-ID
X-DSMX-Rewrite-MS
X-T3CacheTags
Cneonction
X-BKSrc
X-Farm-Server
X-ChromeLogger-Data
X-Webstats-RespID
X-PageID
X-Varnish-ID
X-Cache-Set
Ksid
X-ATM-RTime
X-ATM-RServer
X-Author
X-Libra-UpstreamHost
X-Empowered-By
NnCoection
X-ACCELERATE
HCVer
X-Vhost-ID
X-Flow-Powered
Progma
X-Li-Fabric
X-Server-Instance
X-GC-App
X-App-Container
X-Distributor
X-GC-Write
X-GC-Read
X-LI-UUID
ScoreTracker
X-Monstercache-Host
X-Node-Name
X-Monstercache-Hash
X-Monstercache
X-Route
X-Purge-Url
X-FS-UUID
X-Li-Pop
X-SmugMug-Values
X-Cache-Ttl
X-SmugMug-Hiring
X-TTFB-L
No-Cookie
X-TTFB
Tpt.Renderer1
X-DTC
X-SV
ServerConfigManager.WebBugTracker
X-HostName
X-N-ViewType
Before
X-Varnish-Device
X-SilverStripe-Cache
WEBO
After
ExecuteNonQuerySQLParam
Render
X-Catalyst
Ibm-Web2-Location
X-CacheServer
IsFullSiteRequest
Tpt.Renderer
X-Force
X-Kirra-SiteId
SIP
X-Max-Age
X-EPiLogOnScreen
WFE
X-EPiLogOnScreen-PostUrl
MirrorName
X-MCB-Server
X-Accel-Expires
X-FFX-B
X-ESI-Enable
X-Via-Kemp
X-Varnish-Debug-Hits
X-Varnish-Debug-Age
Host-Service
X-Edge-Location
X-Response
X-Yottaa-Optimizations
Il-Cl
X-Powered
Smug-Env
Muha
X-Goog-Hash
X-Yottaa-Metrics
X-WA-Info
X-WLD-LB
X-Req-Host
X-Planisys-CDN-Rules
X-Server-By
X-Planisys-CDN-Cache
RATING
WP-AdvCache-MemCached
Server-N
Gzip
X-Hash
Bs-Header
X-Varnish-Cookie-Debug
X-Vhost
X-MJ-Serve-Req-Time
Provider
X-Oracle-DMS-ECID
X-Id
X-Trace-App
Test
X-Frontal
X-T3CacheInfo
D
Cmstype
X-Fastcgi-Cache
X-EdgeRouter
X-Hrouter
X-PvInfo
X-Varnish-Cache-Local
X-LB
X-Hstore
X-MobileDetected
Servername
X-DB-Content-Length
X-MidCOM-Meta-Cache
X-Nginx-Cache
CP
Redirect
Cmsid
X-OPNET-Transaction-Trace
X-Block
X-Cache-Extended
X-Amz-Version-Id
X-Storage
X-Nginx-Host
Backend-Name-Original
Sid
X-GitHub-Request-Id
Accept-Language
X-CMS
X-Channel-Maxage
X-Powered-Developer
Content-ID
X-ProcessESI
X-RemovedCookies
X-ESI
Altran-C
B-Powered-By
Be
7e-Page-Cache
X-This-Proto
X-Benchmark-Total
X-Varnish-Ttl
X-Benchmark-Sphinx-Count
X-Benchmark-Sphinx
X-Benchmark-Db
X-WorkerInstancename
X-Benchmark-Cache
X-Is-Mobile
X-NFE
Mobiquo-Is-Login
F-In-Cache
BE
ServerIP
X-Nhost
PServer
X-Seschat-URL
X-Client-Vid
UniqueName
X-SeschatDID
X-SeschatLayout
X-Crafted
X-SeschatRedID
X-Purge-Level
X-Pagename
X-Client-IP
X-Hit-Cache
No-Cache
X-CacheTTL
Backend-Host
X-EPiphany-Vid
Timing-Allow-Origin
Copyright
X-MSEdge-Ref
X-Mobile
Rt-Server
BM-Cache-Bypass
X-Varnish-Cache-Server
X-Source
X-Locale
Cache-Ctrol
X-Allow-Redis
X-UserAgent
X-Varnish-Hit
BrandBucket-Domain
X-SeschatTemplateID
Webluker-Edge
X-Content-Security-Policy-Report-Only
X-CCM
Disaptch-Cache-Rule
X-Cached-Status
INCOMING-TIME
X-Uplex
X-FCMS-Cache
X-Yqk-Set
X-Powered-By-Yqk
X-Server-IP
X-Varnish-Debug-Pool-Fetch
MachineName
X-CDN-Cache-Status
X-CDN-Node
X-Cache-Control
Web-Head
OGHopCount
Publisher
X-IP-Address
X-Middleton-PageSpeed
X-Flex-Lang
X-Flex-Tags
X-Flex-Tag
X-Flex-Lastmod
Content
Http
X-Flex-Evstart
WP-Cache
X-Web-Node
X-Hosting
CommunityServer
X-Flex-Community
X-Flex-Evend
X-Varnish-Debug-Pool-Recv
Ec
MageStack-Cacheable
MageStack-Config
X-Mod-Oboe-PS
MageStack-Cache-Lifetime
MageStack-Cache-Hits
X-DefendeR-Runtime
MageStack-Debug
MageStack-Tag
X-Varnish-Restarts
MageStack-Response-Ttl
MageStack-PageSpeed
MageStack-Loadbalancer
MageStack-Cache
MageStack-Cache-Status
X-Varnish-Currency
BALANCEDTO
X-View
X-Prerender-Token
X-DefendeR-Status
MageStack-Area
X-DELIVERYSERVER
X-Full-URL
Xonnection
X-Server-Node
X-Revision
X-NginX-Cache
X-NginX-Server
CACHED-RESPONSE
NZSpeedy
X-Dynatrace-Js-Agent
X-App-Server
X-SATserver
X-Test
X-Cachable
X-Req-Counter
If-Modified-Since
X-App-Reload-Settings
X-Serendipity-InterfaceLangSource
X-Serendipity-InterfaceLang
X-Cache-Doesi
S-Cnection
X-IP
X-Hit
X-Planisys-CDN-Upstream
X-IDS-WS
SV-Duration
X-CID
X-MaxAge
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-Fett
X-CCC
Aoestatic
X-Hostingcenter
X-Sov
X-Rot
X-Page-Generation-Time
X-Page-Generated-At
CountryCode
Be-Va
AcceptLangage
Access-Ip
Be-Ip
X-Backend-Status
X-Cache-Backend
X-GeoIP
X-Dokk-PortalId
X-ELC-Checkpoint4
X-Cookie-Store
X-JSON-API-LATENCY
X-CACHE-TTL
X-Checkout
X-CMS-Server
X-TTL-Age
X-Turpentine-Cache
Ibf5scheme
X-Artvisual-Server
X-Your-GrandPa-Would-Wait
X-Would-Your-GrandPa-Wait
MGIT
Server-Optimized-By
LFY
OutputRewritten
ProxiaInstanceId
Tempo
X-Var-Hash
X-Url-Store
X-Request-Time
X-Upstream
X-Nucleus-Cache
SFY
X-Time-Microsecs
X-Magento-Action
X-Magento-Lifetime
Hotelbookingid
X-Environment
Robots
X-Backend-IP
Esi-Enabled
X-Ratelimit
AppDynamics-BT
X-DC-Origin-IP
X-D-Time
X-USERNAME
X-Wikidot-Backend
X-S-Misc
X-Process-Time
X-Generation-Time
Tracker
ClientIP
X-7d-Version
X-7dig
X-7d-Traceid
User-Updated-At
User-Id
X-Brought-To-You-By
X-Dynamic
X-ACLR-Version
F5-IpCliente
X-PBY
X-Cookie-Request-Debug
X-Cookie-Response-Debug
X-Wikidot-Static-Cache
X-HOSTTYPE
X-Cookie
X-Instance
X-Sc-Cache
Thinkindot-Control
UNIQUE-ID
X-GeoIP-Country
X-Binarysec-Via
X-LTM-ID
Fw-Via
Thinkindot-CacheControl-Type
X-RequesterIP
OriginServer
X-Sc-Path
Thinkindot-CacheControl
Ozcache
Dynatrace
X-Unbounce-PageId
X-Abuse
Xc
X-Unbounce-VisitorID
X-Unbounce-Variant
X-TLServer
X-Magnolia-Registration
Redirect-Store
X-JG-Page-Cache
Hamster
Protected-By
X-Domino-CacheValidationWithETagReason
X-APP
X-Content-Parsed-By
Noahs-Classifieds
X-Request-Received
X-Domino-CacheValidationWithETagResult
X-Forwarded-Proto
CacheControlHeader
X-RE-Ref
At-Isb
X-Static-Version
X-Server-Generated
IsMobile
Content-Cache
ContentType
X-Request-Count
X-Render-Time
X-ESI-Processing
X-Cache-Via
X-PoweredBy
X-AccessDev
CData
X-Bcwwwid
X-Ruxit-Js-Agent
X-Cluster-Server
X-XHR-Current-Location
X-Turpentine-Esi
X-Node-ID
X-RSS-CACHE-STATUS
Railo-Version
X-Download-Options
X-Varnish-URL
X-Varnish-Set-Cookie
X-Src-Loadbalancer
X-Request-Processing-Time
X-Edge-IP
Time
Edgecast
Requested-Host
X-Daa-Tunnel
X-Highwire-Cache
X-Highwire-Sitecode
X-VG-WebCache
Fpc-Expire
Serv
X-ARR
ResourceTag
Public-Extension
X-ProxyInstancename
Nginx-Cache
X-Client-Id
W
X-Ec-Custom-Error
X-Accel-Cache-Control
X-AISO-Server
X-AISO-Cache
X-WAP
Encoding
Rewriter
Portlet.Expiration-Cache
Sophnep-Edge-FX
X-Aws-Ec2
PROPSON-FARM
Nitro-Cache
Pool-Info
X-Client-Addr
MwpReleaseVersion
X-Device-Group
X-HW
X-Debug-Serve
Keywords
X-Confluence-Request-Time
X-Geolocation
X-Mii-Cache-Hit
Description
Rt-Proxy-Cache
X-Pb-Mii
XDisk
X-Cache-Key
X-B2f-Cache-NotFromUrl
X-CacheStore
X-Cache-Host
X-Compressed-By
X-Snapsis-PageBlaster
X-ServiceProvider
SLB
Max-Age
X-ATP-Server
Www.Aujourdhui.Com
SSPAppContext
X-SERVER-ID
Ngpass-Vcall
Mime-Version
X-DEBUG
HostName
X-Panel-Name
X-Powered-By-Home.Pl
X-Webobjects-Loadaverage
X-AVG-REWRITE
KinteraFilter
X-Ruxit-JS-Agent
X-SiteConInfo
GenSvr
X-Life
Proc
X-TAG
X-Cached-From
X-AVG
X-Panel-Id
X-R4L-VHOST
X-Path
X-CMS-Powered-By
X-VhostID
X-Docuri
BKREF
EXT-CACHEEXPIRE
X-T
X-Ocache
X-Grace
X-B
X-Rq
X-RNDPAGE
X-Varnish-Hashed-On
X-RateLimit
X-PC3-Time
X-PC3-Control
SL-NOREWRITE-REDIRECTS
X-AppServer-Status
X-Nginx
X-Compressor
X-Backend-Name
Language
X-Node-Id
X-WebKit-CSP-Report-Only
X-Cluster-ID
X-Debb
X-Client-True-IP
-Onnection
Device
X-Gondor-Server
Backend-INFRA.WAN
DB-Nickname
X-CDN-Version
Svr
Balanced-From
X-Optimization
AC-ELC
DBG-Timestamp
DBG-TargetHost
C-TTL
X-Mobile-Device
DBG-HTTPHOST
X-Eznode
X-Czt
BM-Cache-BackendTime
BM-Cache-BackendNode
Apple-Itunes-App
X-BIN
X-Provided-By
X-Jcms-Ajax-Id
X-HITS
X-SEA-Instance-Name
X-Apublish-Id
X-Stackable-Node
Yola-ID
X-CPU-Time
Z-NginxStatus
X-Upstream-Time
AMFplus-Ver
B2C-HG-008
X-Do-Not-Hack
Access-Control-Allow-Origin:
X-Pageid