Threat Level: green Handler on Duty: Brad Duncan

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
Link
X-AspNet-Version
P3P
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
X-Adblock-Key
Via
X-Frame-Options
Keep-Alive
CF-RAY
Content-Location
X-Varnish
X-Template
X-Language
X-Check
X-Buckets
X-Cacheable
Access-Control-Allow-Origin
X-Generator
X-Drupal-Cache
WP-Super-Cache
X-Ac
X-Hacker
Status
MS-Author-Via
X-AspNetMvc-Version
X-Powered-By-Plesk
Strict-Transport-Security
P3p
X-Runtime
X-Geo
X-Geo-Port
X-Pad
X-Mod-Pagespeed
X-Request-Id
X-Powered-CMS
X-Type
X-Cache-Group
MicrosoftOfficeWebServer
Access-Control-Allow-Credentials
X-Pass-Why
X-Logged-In
X-Host
X-Cache-Hits
Ngpass-Ngall
X-Cache-Lookup
X-Server
Host-Header
X-UA-Device
X-Proxy-Cache
X-Iinfo
Access-Control-Allow-Headers
X-Backend
X-Via
X-Rack-Cache
Access-Control-Allow-Methods
X-CF-Powered-By
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Request-ID
X-Xss-Protection
X-Served-By
X-Tumblr-Pixel-1
X-Varnish-Cache
SPRequestGuid
X-SharePointHealthScore
X-Accel-Version
X-Robots-Tag
X-Sorting-Hat-ShopId
X-Dc
X-Alternate-Cache-Key
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Seen-By
Content-Encoding
X-ContextId
X-Page-Speed
X-ServedBy
X-Cnection
X-Tumblr-Pixel-2
X-CDN
X-INKT-SITE
X-INKT-URI
X-BC-Is-HA
X-Webserver
X-Cache-Hit
X-PhApp
X-Safe-Firewall
X-MS-InvokeApp
Composed-By
X-Hostname
X-PC-Hit
X-PC-Key
X-Ua-Compatible
X-PC-AppVer
X-PC-Host
X-PC-Date
X-Port
X-FRAME-OPTIONS
X-FullPageCaching
Served-By
X-AH-Environment
Cartoon
X-Cache-Status
X-Firenze-Processing-Times
X-W-DC
X-Tumblr-Pixel-3
X-XN-Trace-Token
X-XN-XNHTML
Public-Key-Pins
X-Wix-Renderer-Server
X-Age
X-Wix-Dispatcher-Cache-Hit
Cf-Railgun
X-Wix-Request-Id
X-Amz-Cf-Id
X-Spip-Cache
X-HeyJason
Content-Security-Policy
Liferay-Portal
Content-Script-Type
X-Amz-Id-2
Content-Style-Type
X-Powered-By-360WZB
Request-Id
X-Content-Digest
CF-Cache-Status
X-Amz-Request-Id
X-Served-From-Cache
X-Server-Name
SPIisLatency
SPRequestDuration
X-Umbraco-Version
X-Cache-Info
X-Timer
X-Styx-Req-Id
X-Styx-Version
X-Styx-Build-Sha
X-Styx-Build-Num
X-Pantheon-Endpoint
X-Pantheon-Styx-Hostname
X-Styx-Build-Date
X-Hyper-Cache
X-Clacks-Overhead
X-Cache-Server
X-SERVER
X-DynaTrace
X-FB-Debug
Rating
X-Device
Powered-By
X-Forwarded-For
X-Outils-CS
X-TN-ServedBy
Real-Hostname
X-PHP-Engine
X-Loop
X-VCache
TCN
X-Tumblr-Pixel-4
X-Url
DynaTrace
X-Cache-Result
X-Cached-By
X-PersistenceNode
X-From
NS-RTIMER-COMPOSITE
X-TNCMS
X-CDN-Geo
X-CDN-Geo-IP
X-CDN-Any-IP
X-Cache-Enabled
X-Px
X-Generated-By
Refresh
X-Cached
X-Content-Encoded-By
X-Microcachable
Imagetoolbar
X-Tumblr-Content-Rating
Product
X-Hits
Powered-By-ChinaCache
Page-Completion-Status
IBM-Web2-Location
Access-Control-Max-Age
Ms-Author-Via
X-CMS-Version
X-Mobilized-By
X-Backend-Server
X-Loc
X-Powered-By-Anquanbao
Thanks
Magicmarker
X-Content-Security-Policy
Charset
X-Permitted-Cross-Domain-Policies
X-Matrix-Server
X-Matrix-Proxy
X-Node
X-Zephyr
Node
X-DynaTrace-JS-Agent
X-Tumblr-Pixel-5
Pics-Label
X-FW-Hash
X-Version
X-DDC-Arch-Trace
X-FW-Serve
X-FW-Static
X-FW-Type
X-Jimdo-Pid
X-Jimdo-Wid
X-I
X-Processed-By
Generator
X-Content-Options
X-User-Agent
Response
Proxy-Agent
ServedBy
CC-CACHE
X-Firenze-Processing-Time
X-WebKit-CSP
Retry-After
X-Expires-Orig
X-W3TC-Minify
X-DNS-Prefetch-Control
RTSS
Content-Encoding-Handler
X-Original-Content-Length
Set-Cookie2
X-SDS
X-Cache-Debug
X-URL
X-UD-Host
MIME-Version
X-UD-Method
SID
X-Sol
X-Varnish-Host
X-Middleton-Response
X-Middleton-Display
X-Purge-Host
X-Cache-Config
X-App-Hosting
X-AspNetWebPages-Version
Lsrequestid
X-Hosted-By
Display
Microsoftsharepointteamservices
X-Varnish-Backend
X-Varnish-TTL
X-LiteSpeed-Cache
X-ATG-Version
Access-Control-Request-Method
Sprequestguid
X-ApacheServer
X-Sharepointhealthscore
X-Cache-Expires
X-Whom
X-Original-Request
Host
X-Director
X-Passed-To-PostProcessResponse
X-Passed-To
X-Passed-To-BeforeDispatch
X-Actual-URL
X-Passed-To-DLL
X-Drectory-Script
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Handled-By
X-Returned-From
Edge-Control
X-Varnish-Cacheable
X-Ms-Invokeapp
X-MiniProfiler-Ids
X-Micro-Cache
X-Cdn
Content-Disposition
X-Art-Request-Id
X-TTL
X-NoCache
X-Cache-Control-Orig
Grace
X-PF-Uncompressing
X-Nitra-Side
X-Swift-SaveTime
X-Swift-CacheTime
Surrogate-Control
X-FW
ServerName
X-SN
X-Purge-URL
X-Response-Time
Fhost
X-Front
AMF-Ver
Cm-Server
X-Varnish-Hits
Accept-Encoding
VAR-Cache
X-PERF
Content-Security-Policy-Report-Only
Location
PICS-Label
X-PwB-Node
Proxy-Connection
X-Varnish-IP
X-ServerID
X-FIRSTBase
X-Distil-CS
ServerID
MJ12bot
SEOMOZ
X-Cookie-Domain
COMMERCE-SERVER-SOFTWARE
X-CJ-Soft
IISExport
Srv
X-Cache-Resuilt
X-Vary-Options
X-Tumblr-Pixel-6
X-Session-Reinit
X-Trace
X-Blog
Fpc-Cache-Id
SN
Rt-Fastcgi-Cache
Filter-Revision
WWW-Authenticate
X-Amz-Meta-S3cmd-Attrs
X-Duration
X-Cache-Rule
X-Speed-Cache-Key
X-Speed-Cache
S
X-Track
X-S
X-Cache-Age
Accept-Charset
X-SRV
X-Server-ID
X-Varnish-Cache-Hits
X-Varnish-Age
Upgrade
Server-Info
Website-Info
X-ACMCache
X-ID
X-ServerName
X-FORWARDED-FOR
X-Cache-TTL
Qs-Cache
X-Ttl
X-Time
Buuteeq-Source
Id
X-Orig-Vary
X-GeoIP-Country-Code
Nodo
NetMindSessionID
X-CHSN
X-GeoIP-Country-Name
A-Powered-By
Cache-By-Node
Cache
X-Trace-Cache
X-Stale
X-App-Status
X-Engine
NtCoent-Length
X-Xrds-Location
X-Instart-Request-ID
X-Sys-Req-ID
X-Adobe-Content
X-BackendServer
Powered
X-Cache-Operation
X-Directory-Script
X-Gamma-Serve
X-Highwire-RequestId
Req-Id
Server-Name
X-Highwire-SessionId
X-LIGHTHTTP-PCDID
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Bettercache-Proxy
X-Varnish-Beresp-Grace
X-Yadis-Location
X-Secret
X-Object-Type
X-Object-Id
X-Transaction
X-Twitter-Response-Tags
X-Connection-Hash
Ms
X-Provisioner-Version
X-Translation
X-Domain-Checked
X-App
NODE
Author
X-Microcache-Status
X-Cache-Lifetime
X-Device-Type
X-Distributed-By
X-Cache-Action
X-Cocoon-Version
LBVIS
CT
XX
PageSpeed
X-Src-Webcache
Origin
X-TempDebug
Backend
Front-End-Https
XDomainRequestAllowed
Content-Transfer-Encoding
X-Varnish-Server
BM-Cache-Key
BM-Cache-Node
X-Country-Code
X-Srv
X-AOL-SNH
X-FreeTag-Count
X-Symfony-Cache
X-N
X-Vtex-Processed-At
X-Vtex-Processado-Em
X-Powered-By-VTEX-Janus-Router
No
X-Vtex-Remote-Cache
NLCacheNote
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-Edge
X-Powered-By-VTEX-Janus-ApiCache
X-Ar-Debug
X-SDE-Name
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-Edge
X-B2f-Cache-Load
X-Amz-Id-1
X-Cache-On
X-Debug
X-Remote-Addr
X-Frontend
Dispatcher
Beyond-Iis
X-Expires
MIH-PUBLIC-IDENTIFIER
Access-Control-Expose-Headers
X-Varnish-HitMiss
X-Varnish-Count
X-Wily-Servlet
X-REDIRECTSERVER
SS
X-Recruiting
Content-MD5
Apache
X-Wily-Info
X-Varnish-Action
SRV
MW-Webserver
X-Location-Id
X-Grid-Server
X-Dynatrace
MIH-PLATFORM
X-Cluster-Node
MIH-CLIENT-FARM
X-Content-Age
X-Powered-By-Server
X-Stage
Provided-Host
X-Resolver-IP
X-Old-Content-Length
Pool
X-Header
X-ManagedFusion-Rewriter-Version
X-Turbo-Control
X-Rewritten-By
X-Gannett-Site-Version
Cteonnt-Length
X-WEBSERVER
X-ORACLE-DMS-ECID
BM-Cache-Status
X-Source-ID
X-Origin
X-PRAM
X-WR-MODIFICATION
X-SBGI-Cache-Codes
X-ServerCache-Info
X-Atraveo-TTL
X-Atraveo-NC
X-Country
X-Plat
X-Atraveo-Cache-Control
X-Atraveo-From-Varnish-Cache
X-BS
X-Atraveo-Varnish-Server-Id
X-UD-Loopcounter
Front
X-UD-REMOTE-ADDR
X-UD-Target
Last-Published
X-Real-Server
X-Info
X-Venda-Hitid
X-Dev
X-Geo-IPV
Warning
X-Varnish-Object-Age
X-DeliveryServer
-GCR
X-Built-By
X-Frames-Options
X-Geo-IP-Metro
X-SSL
X-UPSTREAM
SiteName
BM-CountryCode
ORIGIN
X-Geo-IP-Country
X-Geo-IP
Www.Myjob.Se
Www.Mirrorgate.Se
Open.Jobgate.Se
P3P:CP
Jobb.Passal.Se
Jobb.Gil.Se
X-UseReverse-Proxy
Jobb.Assistentpoolen.Se
SS-Request-ID2
X-Webapp
Www.Mabracertifiering.Se
X-Router-Backend
Test.Executivepeople.Se
Machine
TP-Cache
TP-L2-Cache
X-Router
X-Geo-IP-Region
Version
SVR
X-Machine-Name
X-Phpwcms-Page-Processed-In
X-Uid
X-WP
X-Monstercache-Timeout
LBC
Worker
X-Jphone-Copyright
X-Who
X-Cms-Mode
X-Phpwcms-Release
X-Garden-Version
X-Origin-Id
X-DSMX-Render-MS
X-Developer
X-Invoke-Duration
X-MCB-Server
CPOINT
X-DSMX-Rewrite-MS
X-Webstats-RespID
X-Beatles
Compression-Control
Cluster-ID
X-Author
X-Cache-CFC
X-Server-Id
X-B2f-Not-Route
Web-Server
X-PM-ID
X-MJ-Upstream-Addr
X-Libra-UpstreamHost
X-Actindo-RS
X-PageID
X-T3Cache
X-T3CacheTags
X-Cache-Set
X-Accel-Expires
X-Varnish-ID
Cneonction
NnCoection
X-ChromeLogger-Data
Host-Service
Server2
X-Monstercache
X-Distributor
From
X-Monstercache-Hash
X-Flow-Powered
WP-AdvCache-MemCached
X-Monstercache-Host
ScoreTracker
Progma
X-Li-Pop
X-LI-UUID
X-Li-Fabric
X-Route
X-FS-UUID
X-GC-Write
X-Purge-Url
X-GC-Read
X-Enhanced-By
X-GC-App
X-App-Container
ServerConfigManager.WebBugTracker
Tpt.Renderer1
X-ATM-RTime
X-ATM-RServer
X-TTFB-L
Tpt.Renderer
X-Cache-Ttl
X-TTFB
X-SmugMug-Hiring
X-SmugMug-Values
Ksid
X-Empowered-By
X-ESI-Enable
WFE
X-Via-Kemp
X-FFX-B
X-Kirra-SiteId
No-Cookie
Muha
HAVer
HCVer
X-Vhost-ID
Il-Cl
X-Response
X-HostName
After
Before
ExecuteNonQuerySQLParam
IsFullSiteRequest
X-CacheServer
X-Yottaa-Optimizations
X-Drupal-Cache-Tags
X-WLD-LB
X-DTC
X-Yottaa-Metrics
Render
X-Catalyst
X-Edge-Location
X-SV
X-EPiLogOnScreen-PostUrl
X-N-ViewType
X-Varnish-Debug-Hits
X-Goog-Hash
MirrorName
SIP
X-EPiLogOnScreen
X-Powered
X-Varnish-Device
X-ACCELERATE
X-Server-By
X-Max-Age
Smug-Env
Content-Instance
X-Varnish-Debug-Age
X-Force
X-Req-Host
X-DPWN-IS-SECURE
X-Planisys-CDN-Cache
Ibm-Web2-Location
X-Planisys-CDN-Rules
Ttl
X-Benchmark-Db
X-Server-Instance
X-Hash
X-Benchmark-Sphinx-Count
X-BKSrc
X-Benchmark-Sphinx
X-Benchmark-Cache
X-Benchmark-Total
Server-N
RATING
CP
X-T3CacheInfo
X-Powered-Developer
Test
X-Trace-App
X-Vhost
X-Fastcgi-Cache
X-Amz-Version-Id
X-MJ-Serve-Req-Time
X-WA-Info
Accept-Language
X-DB-Content-Length
WEBO
X-SilverStripe-Cache
X-ESI
X-Farm-Server
Cmsid
Cmstype
X-Node-Name
X-Storage
B-Powered-By
X-Nginx-Cache
X-LB
Provider
D
X-Varnish-Cache-Local
Servername
X-GitHub-Request-Id
X-Id
X-Oracle-DMS-ECID
X-OPNET-Transaction-Trace
Sid
Backend-Name-Original
X-Nginx-Host
X-Block
Redirect
X-MobileDetected
X-PvInfo
X-Hstore
X-EdgeRouter
Altran-C
X-Hrouter
X-Channel-Maxage
Bs-Header
BE
X-This-Proto
X-NFE
X-WorkerInstancename
7e-Page-Cache
ServerIP
Mobiquo-Is-Login
PServer
F-In-Cache
X-Is-Mobile
X-Varnish-Ttl
X-Nhost
X-Allow-Redis
X-Seschat-URL
X-SeschatDID
X-SeschatLayout
X-CMS
X-Purge-Level
X-Locale
Webluker-Edge
X-CacheTTL
X-Content-Security-Policy-Report-Only
No-Cache
BrandBucket-Domain
X-Client-IP
X-CCM
X-Client-Vid
X-Crafted
BM-Cache-Bypass
X-Varnish-Cache-Server
X-MidCOM-Meta-Cache
X-SeschatTemplateID
X-Source
X-UserAgent
X-Pagename
X-SeschatRedID
X-EPiphany-Vid
Rt-Server
Backend-Host
X-Hit-Cache
Disaptch-Cache-Rule
X-Frontal
Copyright
X-Varnish-Currency
X-Flex-Evstart
X-Flex-Evend
Ec
X-Yqk-Set
X-Flex-Lang
X-IP-Address
X-Powered-By-Yqk
MachineName
OGHopCount
X-Cache-Control
X-CDN-Cache-Status
X-CDN-Node
Web-Head
X-Cached-Status
Publisher
X-Flex-Community
X-Hosting
X-Flex-Lastmod
X-Mod-Oboe-PS
X-Varnish-Restarts
X-Varnish-Debug-Pool-Recv
X-ProcessESI
X-DefendeR-Status
X-DefendeR-Runtime
X-RemovedCookies
X-Varnish-Debug-Pool-Fetch
X-Uplex
X-Flex-Tags
WP-Cache
X-Flex-Tag
X-Web-Node
X-Middleton-PageSpeed
Content
Http
X-PBY
X-Server-IP
Be
CommunityServer
X-View
BALANCEDTO
X-Varnish-Cookie-Debug
Gzip
X-Prerender-Token
INCOMING-TIME
Cache-Ctrol
X-FCMS-Cache
X-NginX-Cache
X-Revision
X-DELIVERYSERVER
X-Test
CACHED-RESPONSE
X-Full-URL
X-Server-Node
X-NginX-Server
NZSpeedy
X-Dynatrace-Js-Agent
X-SATserver
Xonnection
X-App-Server
X-Sc-Path
X-CMS-Server
X-Cookie-Store
X-App-Reload-Settings
X-Dokk-PortalId
X-RequesterIP
X-ELC-Checkpoint4
X-Cache-Backend
X-JSON-API-LATENCY
X-Checkout
X-Hit
X-Cache-Doesi
X-Sc-Cache
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-Fett
X-GeoIP
LFY
X-Serendipity-InterfaceLangSource
SFY
If-Modified-Since
X-Serendipity-InterfaceLang
S-Cnection
X-Time-Microsecs
X-Planisys-CDN-Upstream
OriginServer
X-Req-Counter
SV-Duration
X-Page-Generated-At
X-Your-GrandPa-Would-Wait
X-Would-Your-GrandPa-Wait
X-Var-Hash
X-Artvisual-Server
Ibf5scheme
ProxiaInstanceId
X-Instance
Server-Optimized-By
X-Upstream
X-Request-Time
X-Magento-Action
X-Nucleus-Cache
X-Magento-Lifetime
X-Hostingcenter
X-Turpentine-Cache
X-TTL-Age
X-Url-Store
OutputRewritten
X-Sov
X-Page-Generation-Time
X-MaxAge
Aoestatic
X-CCC
X-CACHE-TTL
X-IDS-WS
X-IP
X-CID
X-Rot
CountryCode
Be-Ip
Access-Ip
AcceptLangage
MGIT
Hotelbookingid
X-Cachable
Be-Va
X-Backend-Status
X-Binarysec-Via
User-Id
X-Backend-IP
User-Updated-At
Robots
MageStack-Cache-Hits
Esi-Enabled
UniqueName
X-D-Time
X-HOSTTYPE
X-Process-Time
MageStack-Cache-Lifetime
X-Mobile
Tempo
X-7d-Traceid
X-7d-Version
Tracker
XDisk
AppDynamics-BT
Time
X-MSEdge-Ref
X-ACLR-Version
X-Cache-Extended
Content-ID
X-DC-Origin-IP
X-7dig
X-Ratelimit
MageStack-Cache
MageStack-Area
X-S-Misc
X-Generation-Time
MageStack-Debug
X-USERNAME
Thinkindot-Control
Thinkindot-CacheControl-Type
MageStack-Loadbalancer
MageStack-Config
MageStack-Cache-Status
X-GeoIP-Country
MageStack-Cacheable
X-Environment
X-Cookie
X-LTM-ID
Thinkindot-CacheControl
UNIQUE-ID
Fw-Via
MageStack-Tag
X-Wikidot-Static-Cache
MageStack-Response-Ttl
X-Wikidot-Backend
MageStack-PageSpeed
X-Unbounce-PageId
X-Unbounce-Variant
Xc
Dynatrace
X-TLServer
X-Magnolia-Registration
X-Abuse
Ozcache
X-Unbounce-VisitorID
Protected-By
X-Turpentine-Esi
Hamster
X-Domino-CacheValidationWithETagResult
X-Request-Received
X-Node-ID
X-Request-Processing-Time
X-Ruxit-Js-Agent
X-Domino-CacheValidationWithETagReason
X-Forwarded-Proto
X-RSS-CACHE-STATUS
Content-Cache
X-Cookie-Request-Debug
X-Render-Time
X-Cookie-Response-Debug
X-Cache-Via
X-BIN
X-Server-Generated
X-Request-Count
X-RNDPAGE
X-PoweredBy
At-Isb
X-Content-Parsed-By
X-TAG
X-RE-Ref
X-ESI-Processing
X-Cluster-Server
X-AccessDev
X-Static-Version
X-JG-Page-Cache
Apple-Itunes-App
X-Src-Loadbalancer
X-Varnish-URL
X-Varnish-Set-Cookie
Railo-Version
Redirect-Store
CData
X-Download-Options
F5-IpCliente
Noahs-Classifieds
ContentType
ClientIP
IsMobile
X-Bcwwwid
CacheControlHeader
X-VG-WebCache
Nitro-Cache
PROPSON-FARM
Sophnep-Edge-FX
X-AISO-Server
X-AISO-Cache
X-ProxyInstancename
Encoding
X-Aws-Ec2
X-Highwire-Cache
Nginx-Cache
Public-Extension
MwpReleaseVersion
Fpc-Expire
X-Highwire-Sitecode
Edgecast
X-Ec-Custom-Error
W
X-WAP
X-APP
X-Accel-Cache-Control
Rewriter
Pool-Info
Portlet.Expiration-Cache
X-HW
Requested-Host
X-Varnish-Hit
X-Compressed-By
X-Dynamic
X-Daa-Tunnel
Timing-Allow-Origin
X-Brought-To-You-By
ResourceTag
X-Client-Id
Max-Age
SLB
X-Edge-IP
X-Geolocation
X-Mii-Cache-Hit
X-Pb-Mii
X-Device-Group
X-Debug-Serve
X-ATP-Server
X-Cache-Key
X-Confluence-Request-Time
Www.Aujourdhui.Com
SSPAppContext
Serv
Description
X-Snapsis-PageBlaster
Keywords
X-ServiceProvider
X-Client-Addr
X-ARR
X-Cache-Host
X-CacheStore
X-B2f-Cache-NotFromUrl
Rt-Proxy-Cache
X-DEBUG
Ngpass-Vcall
X-SERVER-ID
Mime-Version
X-Panel-Id
X-Cached-From
X-Life
X-SiteConInfo
X-Ruxit-JS-Agent
KinteraFilter
GenSvr
EXT-CACHEEXPIRE
X-AVG
Fastcgi-Cache
Proc
X-AVG-REWRITE
HostName
X-Backend-Name
X-Pageid
X-AppServer-Status
SL-NOREWRITE-REDIRECTS
X-Compressor
X-Nginx
X-Docuri
X-Rq
X-R4L-VHOST
X-Varnish-Hashed-On
X-VhostID
Language
X-Webobjects-Loadaverage
X-Powered-By-Home.Pl
X-Path
X-PC3-Control
X-RateLimit
X-CMS-Powered-By
X-PC3-Time
X-Panel-Name
Z-NginxStatus
X-Debb
X-Cluster-ID
X-Client-True-IP
X-WebKit-CSP-Report-Only
X-XHR-Current-Location
DB-Nickname
Device
-Onnection
X-CDN-Version
Svr
Balanced-From
X-Optimization
AC-ELC
DBG-Timestamp
DBG-TargetHost
C-TTL
X-Mobile-Device
DBG-HTTPHOST
X-Gondor-Server
Backend-INFRA.WAN
AMFplus-Ver
X-Apublish-Id
X-Stackable-Node
Yola-ID
BM-Cache-BackendNode
X-HITS
X-Czt
BM-Cache-BackendTime
B2C-HG-008
Access-Control-Allow-Origin:
X-Node-Id
X-Eznode
X-Do-Not-Hack
X-CPU-Time
X-Upstream-Time
X-Provided-By
X-SEA-Instance-Name
X-Jcms-Ajax-Id