Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
X-AspNet-Version
Link
P3P
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
X-Adblock-Key
Keep-Alive
X-Frame-Options
CF-RAY
Content-Location
X-Varnish
X-Language
X-Check
X-Buckets
X-Template
X-Cacheable
Access-Control-Allow-Origin
P3p
X-Generator
X-Drupal-Cache
X-Ac
X-Hacker
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-AspNetMvc-Version
Strict-Transport-Security
X-Runtime
X-Geo-Port
X-Geo
X-Pad
X-Request-Id
X-Powered-CMS
X-Type
X-Cache-Group
X-Mod-Pagespeed
MicrosoftOfficeWebServer
X-Host
Access-Control-Allow-Credentials
X-Aspnet-Version
X-Logged-In
Ngpass-Ngall
X-Cache-Hits
X-Cache-Lookup
X-Server
X-UA-Device
Host-Header
X-Rack-Cache
X-Iinfo
X-Pass-Why
MicrosoftSharePointTeamServices
X-Via
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Backend
Access-Control-Allow-Headers
X-CF-Powered-By
X-Tumblr-Pixel-1
Access-Control-Allow-Methods
X-Seen-By
X-Varnish-Cache
X-Served-By
Content-Encoding
X-XRDS-Location
SPRequestGuid
X-SharePointHealthScore
X-Accel-Version
X-Robots-Tag
X-Tumblr-Pixel-2
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-ShopId
X-ShardId
X-Dc
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId-Cached
X-ContextId
X-ServedBy
X-Page-Speed
X-Cnection
X-BC-Is-HA
X-INKT-URI
X-INKT-SITE
X-Webserver
X-CDN
X-MS-InvokeApp
X-PhApp
X-Safe-Firewall
X-FullPageCaching
Composed-By
X-Cache-Hit
X-Request-ID
X-Hostname
X-PC-Hit
X-PC-Key
X-Url
Served-By
X-PC-Date
X-PC-Host
X-PC-AppVer
X-Proxy-Cache
X-Ua-Compatible
X-FRAME-OPTIONS
X-Port
X-Firenze-Processing-Times
X-Forwarded-For
X-W-DC
X-FRAME-Options
X-AH-Environment
X-Tumblr-Pixel-3
X-XN-Trace-Token
X-XN-XNHTML
X-Cache-Status
X-Wix-Renderer-Server
X-Wix-Dispatcher-Cache-Hit
Cartoon
X-Wix-Request-Id
Public-Key-Pins
X-Age
Cf-Railgun
X-HeyJason
X-Amz-Cf-Id
X-Spip-Cache
Liferay-Portal
Content-Security-Policy
X-Powered-By-360WZB
Content-Script-Type
Content-Style-Type
X-Amz-Id-2
X-Server-Name
X-Amz-Request-Id
X-Cache-Info
X-Served-From-Cache
X-Content-Digest
Request-Id
SPIisLatency
SPRequestDuration
X-Umbraco-Version
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Pantheon-Endpoint
X-Styx-Build-Sha
X-Styx-Build-Num
X-Styx-Version
X-Styx-Build-Date
X-Timer
X-SERVER
CF-Cache-Status
X-Hyper-Cache
X-FB-Debug
X-Clacks-Overhead
X-Cache-Server
X-Device
Rating
X-Cache-Result
X-Outils-CS
X-TN-ServedBy
Real-Hostname
X-DynaTrace
X-PHP-Engine
X-Loop
X-VCache
X-Tumblr-Pixel-4
TCN
Powered-By
X-PersistenceNode
X-TNCMS
X-Px
NS-RTIMER-COMPOSITE
X-Cached-By
Refresh
X-Microcachable
DynaTrace
X-Tumblr-Content-Rating
Imagetoolbar
X-Cache-Enabled
X-Generated-By
Powered-By-ChinaCache
X-CDN-Any-IP
X-CDN-Geo
X-CDN-Geo-IP
X-Cached
X-Content-Encoded-By
X-Xrds-Location
Page-Completion-Status
X-Mobilized-By
Access-Control-Max-Age
Product
X-Matrix-Server
X-Matrix-Proxy
Thanks
X-From
X-CMS-Version
X-Tumblr-Pixel-5
Magicmarker
X-Loc
X-Powered-By-Anquanbao
X-Original-Content-Length
X-Version
Charset
Node
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Backend-Server
CC-CACHE
IBM-Web2-Location
X-DynaTrace-JS-Agent
X-DDC-Arch-Trace
X-Zephyr
Pics-Label
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Serve
X-W3TC-Minify
ServedBy
X-Jimdo-Wid
X-Jimdo-Pid
X-Content-Options
X-Firenze-Processing-Time
X-Node
Response
X-FORWARDED-FOR
Generator
X-Hits
Content-Encoding-Handler
SID
X-User-Agent
X-Cache-Debug
Lsrequestid
X-Varnish-Cacheable
X-Varnish-Host
Proxy-Agent
X-WebKit-CSP
X-I
X-App-Hosting
X-NoCache
X-Varnish-Backend
X-Purge-Host
Access-Control-Request-Method
X-Middleton-Display
X-Sol
Display
MIME-Version
X-Original-Request
Set-Cookie2
X-Cache-Expires
X-Drectory-Script
X-UD-Method
X-Middleton-Response
X-UD-Host
X-Processed-By
X-DNS-Prefetch-Control
X-Passed-To
X-Handled-By
X-Actual-URL
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Whom
Retry-After
X-Passed-To-BeforeDispatch
X-Returned-From-DLL
X-Passed-To-DLL
X-Returned-From
X-Passed-To-PostProcessResponse
X-Cache-Config
X-AspNetWebPages-Version
Sprequestguid
X-Sharepointhealthscore
RTSS
X-SDS
X-Varnish-TTL
X-ApacheServer
Host
X-Duration
Edge-Control
X-Hosted-By
X-Cookie-Domain
Surrogate-Control
X-Purge-URL
X-PF-Uncompressing
X-SN
X-Cdn
Content-Disposition
X-Speed-Cache-Key
X-MiniProfiler-Ids
X-Speed-Cache
ServerName
X-Micro-Cache
X-TTL
X-Expires-Orig
COMMERCE-SERVER-SOFTWARE
X-PERF
X-Ms-Invokeapp
VAR-Cache
X-ATG-Version
X-PwB-Node
Fhost
X-Nitra-Side
X-Varnish-Hits
X-FIRSTBase
Accept-Encoding
X-URL
PICS-Label
X-Cache-Control-Orig
X-GeoIP-Country-Name
X-GeoIP-Country-Code
X-Director
WWW-Authenticate
X-Front
X-Response-Time
IISExport
SN
AMF-Ver
X-Swift-SaveTime
Proxy-Connection
X-Swift-CacheTime
S
Cm-Server
Location
X-CJ-Soft
Filter-Revision
X-Session-Reinit
X-Blog
X-ServerID
X-Vary-Options
X-LiteSpeed-Cache
MJ12bot
SEOMOZ
Cache-By-Node
Server-Info
Website-Info
X-Art-Request-Id
Microsoftsharepointteamservices
X-Varnish-Age
X-Cache-Rule
Grace
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-6
Req-Id
X-Cache-TTL
X-HOST
Srv
ServerID
X-ServerName
X-SRV
X-S
Cache
X-Country-Code
X-Varnish-IP
X-App-Status
X-Device-Type
Accept-Charset
X-Microcache-Status
Fpc-Cache-Id
X-ACMCache
Id
X-Distil-CS
X-Trace
X-Cache-Operation
Rt-Fastcgi-Cache
X-Trace-Cache
X-Stale
X-Translation
X-Gamma-Serve
X-Engine
Qs-Cache
X-Server-ID
X-Highwire-RequestId
X-Highwire-SessionId
X-Time
X-Track
X-Cocoon-Version
Powered
Nodo
X-Cluster-Node
Server-Name
Buuteeq-Source
X-App
Ngpass-Vcall
X-Yadis-Location
X-FW
X-ID
X-Provisioner-Version
A-Powered-By
X-Directory-Script
X-BackendServer
X-Domain-Checked
X-Varnish-Object-Age
NtCoent-Length
X-Ttl
X-LIGHTHTTP-PCDID
Upgrade
X-Varnish-Beresp-Status
X-CHSN
X-Orig-Vary
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Srv
NetMindSessionID
PageSpeed
Content-Security-Policy-Report-Only
X-Cache-Age
X-Varnish-Server
Ms
X-Connection-Hash
X-Twitter-Response-Tags
Webluker-Edge
X-Transaction
Backend
NLCacheNote
MIH-CLIENT-FARM
MIH-PLATFORM
X-Adobe-Content
X-Location-Id
X-Src-Webcache
X-Instart-Request-ID
MIH-PUBLIC-IDENTIFIER
X-Sys-Req-ID
X-Secret
X-Do-Not-Hack
X-Geo-IP
X-Request-Locale
X-Frontend
MW-Webserver
Content-Transfer-Encoding
X-Varnish-Cache-Hits
X-Old-Content-Length
X-FreeTag-Count
CT
NODE
X-AOL-SNH
X-Bettercache-Proxy
X-Recruiting
-GCR
BM-Cache-Node
XX
BM-Cache-Key
X-Resolver-IP
Dispatcher
X-TempDebug
X-Source-ID
Content-MD5
X-Info
Ibm-Web2-Location
X-Cache-On
X-Country
X-Object-Id
X-Object-Type
RATING
X-ServerCache-Info
X-Atraveo-Cache-Control
X-Cache-Action
X-Atraveo-NC
X-Atraveo-Varnish-Server-Id
X-Atraveo-TTL
X-Grid-Server
X-Atraveo-From-Varnish-Cache
Beyond-Iis
X-SDE-Name
Origin
X-PRAM
X-Force
X-Req-Host
X-Geo-IP-Country
X-Powered-By-Server
LBVIS
X-Geo-IP-Region
X-Wily-Info
X-Geo-IP-Metro
X-Geo-IPV
SS
X-Wily-Servlet
X-Varnish-HitMiss
X-Varnish-Count
BM-Cache-Status
Front-End-Https
Progma
X-Distributed-By
X-REDIRECTSERVER
Access-Control-Expose-Headers
No
X-Venda-Hitid
X-WA-Info
X-Powered-By-VTEX-Janus-ApiCache
X-Cache-Lifetime
X-VTEX-Janus-Router-Backend-App
X-Vtex-Processado-Em
X-Vtex-Processed-At
X-Vtex-Remote-Cache
X-VTEX-Cache-Status-Janus-Edge
X-Powered-By-VTEX-Janus-Edge
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-Router
CommunityServer
X-WR-MODIFICATION
X-Machine-Name
X-B2f-Cache-Load
If-Modified-Since
X-Pre-Strip-Debug
X-ManagedFusion-Rewriter-Version
X-Expires
X-Origin
Machine
X-BS
ORIGIN
X-ChromeLogger-Data
X-Rewritten-By
XDomainRequestAllowed
X-GeoIP
X-Header
X-Symfony-Cache
Apache
X-Cached-Status
Last-Published
Author
X-Gannett-Site-Version
Cmstype
X-Server-By
X-Developer
X-Content-Age
X-MJ-Upstream-Addr
Cmsid
X-Amz-Id-1
UniqueName
From
X-Vhost-ID
X-Frames-Options
X-Uid
Version
B-Powered-By
X-Cache-Set
X-Web-Node
X-N-ViewType
SRV
X-Turbo-Control
X-Accel-Expires
SVR
X-Router-Backend
X-Garden-Version
X-UD-Loopcounter
X-N
X-Webapp
TP-L2-Cache
Accept-Language
X-Enhanced-By
X-Origin-Id
SiteName
X-UD-Target
X-UseReverse-Proxy
X-UD-REMOTE-ADDR
X-Router
X-Jphone-Copyright
X-Cms-Mode
X-PvInfo
X-UPSTREAM
Worker
TP-Cache
X-Dev
Provider
X-Empowered-By
X-Catalyst
CP
Backend-Name-Original
X-App-Container
X-Varnish-Debug-Age
X-Varnish-Debug-Hits
X-Channel-Maxage
X-Goog-Hash
X-Varnish-Device
X-Varnish-ID
SIP
MirrorName
X-Trace-App
Content-Instance
X-Varnish-Cache-Local
X-Block
Tpt.Renderer1
Before
X-Beatles
X-Stage
X-Id
After
Be-Va
X-ACCELERATE
Front
X-WP
X-Monstercache-Timeout
ExecuteNonQuerySQLParam
ServerConfigManager.WebBugTracker
Sophnep-Edge-FX
Tpt.Renderer
X-HostName
Be-Ip
Render
NnCoection
IsFullSiteRequest
X-Allow-Redis
X-Ar-Debug
X-Amz-Version-Id
Bs-Header
X-SV
ScoreTracker
X-IDS-WS
X-Purge-Level
X-Monstercache-Hash
X-Monstercache
X-Varnish-Action
X-Phpwcms-Release
X-Monstercache-Host
X-Phpwcms-Page-Processed-In
X-DTC
Il-Cl
Ksid
X-CacheServer
X-Actindo-RS
Server2
Cteonnt-Length
WP-AdvCache-MemCached
X-Debug
Rt-Server
X-Pagename
X-ATM-RTime
D
X-Response
X-Kirra-SiteId
HAVer
HCVer
X-Hit-Cache
No-Cookie
Cluster-ID
X-ATM-RServer
AppDynamics-BT
X-EPiLogOnScreen
X-EPiLogOnScreen-PostUrl
X-B2f-Not-Route
SS-Request-ID2
X-T3CacheInfo
X-Powered
Ram
X-Via-Kemp
Web-Server
X-Vhost
Cpu
Noq
X-T3CacheTags
BM-CountryCode
Www.Mirrorgate.Se
Www.Mabracertifiering.Se
CacheControlHeader
Www.Myjob.Se
Compression-Control
Test.Executivepeople.Se
P3P:CP
Jobb.Gil.Se
Jobb.Assistentpoolen.Se
X-MJ-Serve-Req-Time
Jobb.Passal.Se
Open.Jobgate.Se
X-Built-By
X-SSL
X-ORACLE-DMS-ECID
Provided-Host
X-DefendeR-Runtime
X-GC-App
X-GC-Read
7e-Page-Cache
X-DeliveryServer
X-GC-Write
Fw-Via
LBC
X-Nginx-Host
Server-N
X-OPNET-Transaction-Trace
X-Dynatrace
X-Max-Age
X-Remote-Addr
Pool-Info
X-SilverStripe-Cache
Nitro-Cache
X-Server-Id
X-Li-Pop
X-Li-Fabric
X-LI-UUID
X-Real-Server
X-Client-IP
X-FS-UUID
X-Hstore
X-Varnish-URL
X-MobileDetected
Disaptch-Cache-Rule
Content
BM-Cache-Bypass
Access-Ip
X-EdgeRouter
X-DB-Content-Length
Aoestatic
X-Author
X-DELIVERYSERVER
X-NginX-Server
X-Hrouter
X-Client-Addr
X-MCB-Server
X-Distributor
X-MSEdge-Ref
X-DSMX-Rewrite-MS
X-DSMX-Render-MS
Pool
X-Snapsis-PageBlaster
X-Vivastreet-KiwiiPage
X-Vivastreet
X-Flex-Community
X-CCM
X-Storage
X-PM-ID
X-Varnish-Cache-Server
X-Drupal-Cache-Tags
X-Oracle-DMS-ECID
X-Hash
X-ESI-Enable
X-Flex-Evend
Sid
X-CacheHits
X-Farm-Server
X-FFX-B
X-Flex-Tag
X-Flex-Lastmod
Copyright
X-Flex-Tags
X-Flex-Lang
X-NginX-Cache
X-CacheTTL
X-Flex-Evstart
X-Webstats-RespID
X-T3Cache
X-Flow-Powered
Host-Service
SFY
X-Full-URL
X-Edge-Location
X-Server-Instance
X-Route
PServer
Svr
X-LB
LFY
X-Artvisual-Server
X-RemovedCookies
X-Hit
Cache-Ctrol
X-Abuse
X-Varnish-Restarts
X-ProcessESI
WP-Cache
X-SmugMug-Hiring
X-SmugMug-Values
X-Cookie
ServerIP
X-Domino-CacheValidationWithETagReason
X-Domino-CacheValidationWithETagResult
X-TTFB
X-TTFB-L
X-Uplex
X-Varnish-Debug-Pool-Fetch
X-LAvg
F-In-Cache
Test
X-XHR-Current-Location
X-Varnish-Debug-Pool-Recv
X-Magento-Lifetime
X-SeschatDID
X-SeschatLayout
X-Seschat-URL
Xonnection
X-EPiphany-Vid
X-Instance
X-SeschatRedID
X-SeschatTemplateID
X-FCMS-Cache
X-DefendeR-Status
CDN
X-Server-IP
X-Varnish-Ttl
X-Dynamic
X-Client-Vid
OutputRewritten
PROPSON-FARM
Backend-Host
CPOINT
Acdc-Web
Redirect
POOL
X-Brought-To-You-By
X-APP
X-Locale
X-UserAgent
BALANCEDTO
DBG-HTTPHOST
DBG-TargetHost
X-Node-Name
X-BKSrc
Allow
Foglight-Request-UUID
X-Magento-Action
Smug-Env
X-Cache-Extended
X-Upstream
BE
Ttl
X-7d-Version
X-7d-Traceid
X-7dig
X-IP
INCOMING-TIME
ProxiaInstanceId
Muha
Edgecast
DBG-Timestamp
Public-Extension
ResourceTag
X-ESI
Cneonction
SL-NOREWRITE-REDIRECTS
Server-Optimized-By
X-Nginx-Backend
X-TLServer
X-Yqk-Set
X-Revision
X-Unbounce-VisitorID
ServerId
X-Mod-Oboe-PS
X-Varnish-Cookie-Debug
X-Powered-By-Yqk
X-Server-Node
X-App-Server
X-Unbounce-Variant
X-Unbounce-PageId
X-AppServer-Status
Ec
MwpReleaseVersion
X-SATserver
MageStack-Cache
MageStack-Area
X-Yottaa-Metrics
X-USERNAME
X-ARR
X-WLD-LB
X-Varnish-Currency
X-PBY
XDisk
X-RSS-CACHE-STATUS
X-MidCOM-Meta-Cache
At-Isb
X-Nginx-Cache
X-Yottaa-Optimizations
X-Binarysec-Via
X-Bcwwwid
Tracker
X-D-Time
X-Generation-Time
X-S-Misc
No-Cache
Content-Cache
X-Render-Time
X-Request-Count
X-Server-Generated
X-Static-Version
X-Src-Loadbalancer
MageStack-Tag
MageStack-Cacheable
MageStack-Cache-Status
X-PoweredBy
MageStack-Cache-Hits
MageStack-Config
MageStack-Debug
MageStack-Response-Ttl
MageStack-PageSpeed
X-WorkerInstancename
MageStack-Loadbalancer
X-HOSTTYPE
MageStack-Cache-Lifetime
MGIT
OGHopCount
MachineName
Ibf5scheme
X-Dokk-PortalId
X-Purge-Url
X-Backend-Name
Publisher
X-DC-Origin-IP
X-Environment
X-CDN-Node
X-CDN-Cache-Status
X-Planisys-CDN-Cache
X-Cache-Control
X-Planisys-CDN-Rules
Warning
Protected-By
X-Rq
X-Request-Time
X-Nucleus-Cache
X-Fett
X-Hostingcenter
S-Cnection
Hotelbookingid
X-Varnish-Hashed-On
X-Optimization
X-Edge-IP
EXT-CACHEEXPIRE
Nginx-Cache
Language
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
Portlet.Expiration-Cache
Web-Head
Time
X-Cache-Ttl
Content-ID
WEBO
X-Benchmark-Db
X-CMS
X-Benchmark-Total
X-Benchmark-Sphinx-Count
X-Benchmark-Sphinx
Xc
X-Benchmark-Cache
X-Serendipity-InterfaceLangSource
X-Serendipity-InterfaceLang
X-Req-Counter
X-Ratelimit
X-Time-Microsecs
X-Powered-Developer
Servername
X-Middleton-PageSpeed
Dynatrace
X-This-Proto
X-DEBUG
X-Dynatrace-Js-Agent
X-NFE
X-Litespeed-Cache
Ozcache
X-IP-Address
Keywords
User-Id
X-Url-Store
IsMobile
Description
CountryCode
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
X-Var-Hash
User-Updated-At
X-TTL-Age
X-Page-Generation-Time
X-JSON-API-LATENCY
X-Mii-Cache-Hit
X-Page-Generated-At
X-Pb-Mii
X-Amz-Meta-S3fox-Filesize
X-Confluence-Request-Time
X-ELC-Checkpoint4
X-Fastcgi-Cache
X-Cache-Backend
X-Backend-Status
X-Checkout
X-Cookie-Store
X-Device-Group
Hamster
X-AccessDev
X-Varnish-Hit
Srv-N
X-Content-Security-Policy-Report-Only
X-Is-Mobile
Robots
Head
Atp-Isdpp
Esi-Enabled
X-Process-Time
UNIQUE-ID
X-GL-SRV
X-RequesterIP
Access-Control-Allow-Method
X-GeoIP-Country
X-App-Reload-Settings
WFE
X-Aws-Ec2
At-Shoptype
Ap-Exec-Time-Mks
SSPAppContext
X-Request-Received
X-Request-Processing-Time
X-HW
X-Cache-Via
Www.Aujourdhui.Com
X-Cachable
SBGI-CACHE-CODES
X-HP-CAM-COLOR
W
X-Crafted
Be
X-Proxy
REFRESH
AcceptLangage
X-ATP-Server
X-V-I-TTL
X-TISSERVER
X-FarmId
WebDevSrc
X-ErrorPage
97YES.COM
X-SBGI-Cache-Codes
X-Invoke-Duration
Mime-Version
X-Req-Url
X-Backend-IP
X-Created
CacheControlMode
X-Mobile
X-Time-Spent
X-View
X-TAG
X-RNDPAGE
X-BIN
Noahs-Classifieds
Apple-Itunes-App
Http
X-ESI-Processing
X-GitHub-Request-Id
X-Hosting
SV-Duration
SLB
User-Cache-Control
X-Varnish-Set-Cookie
X-Turpentine-Cache
X-Amz-Meta-S3fox-Modifiedtime
X-Wikidot-Static-Cache
X-V-Outer
X-Wikidot-Backend
X-V-TTL
X-Nhost
OriginServer
X-SERVER-ID
SBMCLOUD
X-Fpc
X-B2f-Cache-NotFromUrl
X-Varnish-Hostname
X-Pixelsilk-Version
X-AVG
X-AVG-REWRITE
X-InDy-Time
X-CacheStore
X-Mobile-Device
X-Nginx
X-Cluster
X-VarnPar2
X-VarnCache
X-Forwarded-Proto
X-CachedURL
Rt-Proxy-Cache
X-OrgURL
X-InDy-Query
X-Client-Ip
X-InDy-Memory
X-Pixelsilk-Server
Sigma
X-Content-Parsed-By
X-Turpentine-Esi
X-LTM-ID
X-Prerender-Token
X-Cache-Key
X-Debug-Serve
X-WentThroughDrupal-Deliver
X-WentThroughDrupal-Recv
Orgin-Server
X-RE-Ref
X-CMS-Server
CACHED-RESPONSE
X-ServicedByDrupal
X-SiteConInfo
Url-Hash
X-Twinwave
Device
X-Stackable-Node
V-Cache
-Onnection
ContentType
Mobiquo-Is-Login
Railo-Version
X-Cache-Host
X-Cached-From
X-Debug-Token
X-Gondor-Server
X-AISO-Server
X-AISO-Cache
X-Loopia-Cache
Server-IP
X-SUPERCACHE
X-Svr-Id
X-Cdn-View
X-Header-Set-Id
X-Caching-Rule-Id
TIMESTAMP
X-V
HGR-NOCACHE
X-Life
GenSvr
Tempo
Requested-Host
X-SEA-Instance-Name
X-Nginx-Server
X-Hosting-Env
X-Jcms-Ajax-Id
X-Backend-Ip
X-Apublish-Id
X-PHP-Cache
X-VG-WebCache
Powered-By-Scs
X-Powered-Load
X-Accel-Cache-Control
X-RAMCache
X-Pagecache
X-D2id
X-Accelerated-By
X-ACLR-Version
X-Http-Host
X-WAP
X-VhostID
X-PS-MURDOCK-ORIG-FILEEXT
X-PS-MURDOCK-ORIG-PROTOCOL
X-Path
X-Provided-By
Web
X-Client-Id
X-Ec-Custom-Error
X-Who
X-Varnish-Max-Age
Gzip
X-PS-MURDOCK-CASE-NORMALIZATION
X-Nocache
X-Rot
X-Source
X-Nginx-UpstreamHost
X-Nginx-Pool
X-Gyrobase-Publication
X-Libra-UpstreamHost
X-Sov
X-Upstream-Server
X-Compressed-By
X-Docuri
X-Cached-Until
X-Cached-On
Arr-Disable-Session-Affinity
X-Framework
Fpc-Expire