Threat Level: green Handler on Duty: Russ McRee

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
Link
X-AspNet-Version
X-Content-Type-Options
P3P
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-Adblock-Key
X-UA-Compatible
Via
X-Frame-Options
Keep-Alive
CF-RAY
P3p
Content-Location
X-Varnish
X-Template
X-Language
X-Check
X-Buckets
X-Cacheable
Access-Control-Allow-Origin
X-Generator
X-Drupal-Cache
WP-Super-Cache
X-Ac
X-Hacker
Status
X-Powered-By-Plesk
Strict-Transport-Security
X-AspNetMvc-Version
MS-Author-Via
X-Request-Id
X-Runtime
X-Pad
X-Geo
X-Geo-Port
X-Mod-Pagespeed
X-Powered-CMS
X-Type
X-Cache-Group
X-Pass-Why
Access-Control-Allow-Credentials
MicrosoftOfficeWebServer
X-Logged-In
X-Cache-Hits
Ngpass-Ngall
X-Host
X-Cache-Lookup
X-Server
Host-Header
X-UA-Device
X-Proxy-Cache
X-FRAME-OPTIONS
X-Iinfo
Access-Control-Allow-Headers
MicrosoftSharePointTeamServices
X-Via
X-Backend
Access-Control-Allow-Methods
X-Rack-Cache
X-CF-Powered-By
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-XRDS-Location
SPRequestGuid
X-SharePointHealthScore
X-Served-By
X-Tumblr-Pixel-1
X-Varnish-Cache
X-Robots-Tag
X-Accel-Version
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId-Cached
X-Dc
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-Seen-By
Content-Encoding
X-ContextId
X-ServedBy
X-CDN
X-MS-InvokeApp
X-Page-Speed
X-Tumblr-Pixel-2
X-Cnection
X-BC-Is-HA
X-Safe-Firewall
X-INKT-URI
X-INKT-SITE
X-PhApp
X-Webserver
X-Cache-Hit
Composed-By
X-Hostname
X-PC-Hit
X-PC-Key
X-PC-AppVer
X-PC-Host
X-PC-Date
X-Port
X-FullPageCaching
Served-By
Cartoon
X-Firenze-Processing-Times
X-AH-Environment
X-Cache-Status
X-Tumblr-Pixel-3
Public-Key-Pins
X-W-DC
X-XN-Trace-Token
X-XN-XNHTML
X-Amz-Cf-Id
X-Age
Cf-Railgun
X-Wix-Renderer-Server
X-Wix-Dispatcher-Cache-Hit
X-HeyJason
Content-Security-Policy
X-Spip-Cache
X-Wix-Request-Id
Request-Id
Liferay-Portal
X-Powered-By-360WZB
CF-Cache-Status
X-Amz-Id-2
SPIisLatency
X-Served-From-Cache
SPRequestDuration
Content-Script-Type
Content-Style-Type
X-Content-Digest
X-Amz-Request-Id
X-Server-Name
X-Umbraco-Version
X-Timer
X-Cache-Info
X-Styx-Build-Sha
X-Styx-Req-Id
X-Styx-Version
X-Styx-Build-Num
X-Styx-Build-Date
X-Pantheon-Endpoint
X-Pantheon-Styx-Hostname
X-Hyper-Cache
X-Clacks-Overhead
Powered-By
X-SERVER
X-Cache-Server
X-FB-Debug
X-Request-ID
Rating
X-DynaTrace
X-Device
Real-Hostname
X-TN-ServedBy
X-Loop
X-PHP-Engine
X-Url
X-Tumblr-Pixel-4
X-Outils-CS
X-VCache
TCN
X-Cache-Enabled
X-Cached-By
X-TNCMS
X-PersistenceNode
NS-RTIMER-COMPOSITE
X-CDN-Any-IP
X-CDN-Geo-IP
X-CDN-Geo
Refresh
X-Px
DynaTrace
X-Hits
X-Cached
X-Microcachable
X-Forwarded-For
X-Generated-By
X-Cache-Resuilt
Imagetoolbar
X-Tumblr-Content-Rating
X-Content-Encoded-By
Magicmarker
Access-Control-Max-Age
X-Content-Security-Policy
X-From
Page-Completion-Status
Product
IBM-Web2-Location
X-Loc
Charset
Powered-By-ChinaCache
Ms-Author-Via
X-CMS-Version
X-Mobilized-By
X-Powered-By-Anquanbao
X-Permitted-Cross-Domain-Policies
X-Tumblr-Pixel-5
X-Node
X-Backend-Server
X-FW-Hash
X-Matrix-Proxy
X-Zephyr
X-Matrix-Server
X-FW-Type
X-FW-Serve
X-FW-Static
Thanks
X-DDC-Arch-Trace
Response
Generator
X-Whom
X-User-Agent
X-Jimdo-Wid
X-Jimdo-Pid
X-Content-Options
X-Firenze-Processing-Time
X-DynaTrace-JS-Agent
Node
X-Version
X-Expires-Orig
X-MiniProfiler-Ids
X-I
X-Processed-By
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
ServedBy
CC-CACHE
X-Cache-Config
Access-Control-Request-Method
Set-Cookie2
X-Cdn
X-WebKit-CSP
X-DNS-Prefetch-Control
RTSS
X-App-Hosting
Content-Encoding-Handler
Retry-After
X-UD-Host
X-UD-Method
SID
X-AspNetWebPages-Version
X-Varnish-Backend
X-Varnish-Host
X-Purge-Host
X-SDS
X-W3TC-Minify
X-Director
X-Varnish-TTL
X-ApacheServer
X-Cache-Debug
PICS-Label
MIME-Version
Proxy-Agent
X-Cache-Expires
Lsrequestid
X-ATG-Version
Grace
Edge-Control
X-Purge-URL
Pics-Label
X-Micro-Cache
VAR-Cache
Host
X-Hosted-By
X-PERF
X-Cache-Result
X-Instart-Request-ID
X-Varnish-Hits
X-Swift-SaveTime
X-SN
X-Swift-CacheTime
X-FW
Content-Security-Policy-Report-Only
Proxy-Connection
X-Original-Content-Length
X-TTL
X-Original-Request
X-Art-Request-Id
Content-Disposition
ServerName
X-NoCache
X-Response-Time
X-Nitra-Side
X-Passed-To-BeforeDispatch
X-Passed-To
X-Handled-By
X-Passed-To-DLL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Actual-URL
X-Passed-To-PostProcessResponse
X-FORWARDED-FOR
X-Duration
X-Cache-Control-Orig
Surrogate-Control
X-LiteSpeed-Cache
Cm-Server
ServerID
X-PwB-Node
Accept-Encoding
X-ServerID
AMF-Ver
X-SRV
NODE
X-Front
Location
X-CJ-Soft
X-Tumblr-Pixel-6
Fhost
COMMERCE-SERVER-SOFTWARE
X-Varnish-Cacheable
X-Time
X-S
X-Cookie-Domain
X-Drectory-Script
X-URL
IISExport
SN
X-Trace-Cache
S
X-Distil-CS
X-Amz-Meta-S3cmd-Attrs
Fpc-Cache-Id
X-Varnish-IP
Srv
Qs-Cache
WWW-Authenticate
X-Directory-Script
X-Speed-Cache
X-Speed-Cache-Key
X-Trace
X-Varnish-Age
X-PF-Uncompressing
Server-Info
Website-Info
Upgrade
X-Cache-Rule
A-Powered-By
X-Vary-Options
Rt-Fastcgi-Cache
X-Location-Id
X-ACMCache
Cache
X-Ttl
X-Varnish-Cache-Hits
X-Session-Reinit
X-Cache-Age
X-Blog
Filter-Revision
X-Orig-Vary
X-Highwire-RequestId
NetMindSessionID
Buuteeq-Source
X-Highwire-SessionId
X-CHSN
X-GeoIP-Country-Code
X-Track
X-GeoIP-Country-Name
X-Cache-TTL
X-FIRSTBase
NtCoent-Length
X-Turbo-Charged-By
Server-Name
Accept-Charset
X-Distributed-By
X-ServerName
X-Server-ID
Nodo
X-Cocoon-Version
Req-Id
Id
X-Stale
SEOMOZ
X-Gamma-Serve
MJ12bot
CT
X-Device-Type
X-Translation
X-Microcache-Status
X-BackendServer
X-Adobe-Content
PageSpeed
X-Src-Webcache
X-Sys-Req-ID
Powered
X-AOL-SNH
X-Yadis-Location
X-WebServer
X-Engine
X-Bettercache-Proxy
X-TempDebug
X-LIGHTHTTP-PCDID
X-Connection-Hash
X-Twitter-Response-Tags
Ms
X-Xrds-Location
X-Transaction
X-ID
X-Object-Type
X-Cache-Operation
X-Cache-Lifetime
X-Country-Code
X-Object-Id
XDomainRequestAllowed
X-Recruiting
X-Varnish-Beresp-Grace
Backend
X-Varnish-Beresp-Status
X-App
X-Varnish-Beresp-Ttl
X-N
X-FreeTag-Count
Access-Control-Expose-Headers
ORIGIN
X-Header
X-Cache-Action
X-Secret
X-Frontend
LBVIS
Machine
Cache-By-Node
Origin
X-Varnish-Server
MIH-CLIENT-FARM
Beyond-Iis
MIH-PLATFORM
MIH-PUBLIC-IDENTIFIER
Dispatcher
BM-Cache-Node
X-Atraveo-Cache-Control
BM-Cache-Key
X-Atraveo-TTL
X-Atraveo-Varnish-Server-Id
X-Atraveo-NC
X-Resolver-IP
X-Powered-By-Server
XX
X-Symfony-Cache
Apache
X-Expires
X-B2f-Cache-Load
X-Atraveo-From-Varnish-Cache
X-Remote-Addr
X-Server-Id
Version
X-Turbo-Control
X-Geo-IP-Region
Content-Transfer-Encoding
X-Geo-IPV
X-App-Status
X-Geo-IP-Metro
X-Varnish-Action
MW-Webserver
X-Geo-IP-Country
X-Geo-IP
X-Frames-Options
Author
X-Cache-CFC
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-ApiCache
X-Vtex-Processado-Em
X-Powered-By-VTEX-Janus-Router
X-Powered-By-VTEX-Janus-Edge
X-VTEX-Cache-Status-Janus-Edge
NLCacheNote
Content-MD5
SRV
X-SBGI-Cache-Codes
Pool
X-Content-Age
-GCR
No
X-Vtex-Processed-At
X-Vtex-Remote-Cache
X-Oracle-DMS-ECID
X-Source-ID
X-Stage
X-ORACLE-DMS-ECID
X-UPSTREAM
BM-Cache-Status
X-Country
X-Cache-On
X-Varnish-Count
TP-L2-Cache
X-Origin-Id
TP-Cache
X-Varnish-HitMiss
X-ServerCache-Info
X-Uid
X-REDIRECTSERVER
Front-End-Https
X-Origin
X-Provisioner-Version
X-Old-Content-Length
Webluker-Edge
X-Domain-Checked
X-Varnish-ID
SiteName
X-Who
W
X-ManagedFusion-Rewriter-Version
X-Dynatrace
X-Rewritten-By
X-Cache-Control
X-Info
X-Cache-Ttl
X-Wily-Info
X-Machine-Name
X-WR-MODIFICATION
X-Wily-Servlet
Tracecode
X-TTFB
X-UD-REMOTE-ADDR
X-UD-Loopcounter
X-TTFB-L
X-Id
Provided-Host
X-SmugMug-Hiring
X-UD-Target
X-Force
X-PRAM
Last-Published
X-SmugMug-Values
X-Li-Pop
Front
X-Li-Fabric
X-LI-UUID
X-Real-Server
X-Max-Age
X-Gannett-Site-Version
X-Ar-Debug
X-Amz-Id-1
X-FS-UUID
From
Dynatrace
X-Webstats-RespID
X-Cms-Mode
Worker
X-EPiLogOnScreen-PostUrl
Jobb.Gil.Se
P3P:CP
Www.Mabracertifiering.Se
Www.Mirrorgate.Se
Www.Myjob.Se
X-Srv
Open.Jobgate.Se
Jobb.Assistentpoolen.Se
X-T3CacheTags
Jobb.Passal.Se
BM-CountryCode
X-SSL
X-Varnish-Device
Cache-Ctrol
NnCoection
X-B2f-Not-Route
X-Goog-Hash
MirrorName
X-EPiLogOnScreen
SIP
Cteonnt-Length
X-Vhost
X-Plat
X-T3Cache
X-Edge-Location
X-Jphone-Copyright
X-Built-By
X-Empowered-By
SS-Request-ID2
Server-N
Web-Server
X-Dev
Test.Executivepeople.Se
X-Cluster-Node
X-Phpwcms-Page-Processed-In
X-Phpwcms-Release
X-Developer
X-Grid-Server
X-Monstercache-Timeout
X-Venda-Hitid
X-BS
X-WP
X-DPWN-IS-SECURE
X-SDE-Name
Servername
X-Do-Not-Hack
X-Storage
X-Nginx-Host
X-DSMX-Rewrite-MS
X-Accel-Expires
X-Router-Backend
X-Router
X-APP
Backend-Name-Original
X-Block
X-Grace
X-Libra-UpstreamHost
CommunityServer
X-UseReverse-Proxy
X-DB-Content-Length
X-Channel-Maxage
X-Debug
X-Trace-App
X-DeliveryServer
Cluster-ID
X-Varnish-Cache-Local
X-Webapp
X-Powered-Developer
X-N-ViewType
X-Flow-Powered
X-Invoke-Duration
Progma
X-DSMX-Render-MS
X-Vhost-ID
X-Route
ScoreTracker
X-Req-Host
X-Distributor
X-ChromeLogger-Data
X-Web-Node
X-Cache-Set
X-NFE
X-Server-By
X-Nhost
X-Kirra-SiteId
X-MidCOM-Meta-Cache
X-Response
LBC
X-Monstercache-Host
X-MobileDetected
X-Monstercache
X-Monstercache-Hash
Cmsid
X-Fastcgi-Cache
No-Cookie
Disaptch-Cache-Rule
Cmstype
X-Middleton-PageSpeed
Muha
WEBO
X-EdgeRouter
X-Test
X-Actindo-RS
X-SilverStripe-Cache
X-Farm-Server
HCVer
X-Amz-Version-Id
Smug-CDN
Cneonction
X-PM-ID
CPOINT
HAVer
Warning
X-WA-Info
X-Garden-Version
X-Domino-CacheValidationWithETagResult
X-Hstore
X-Domino-CacheValidationWithETagReason
X-ATM-RServer
X-WorkerInstancename
X-ATM-RTime
SVR
Smug-Env
SS
X-Hash
X-This-Proto
X-Hrouter
Il-Cl
X-PageID
X-Beatles
X-GC-App
X-Flex-Community
X-Cached-Status
X-Flex-Evend
X-Webkit-CSP
X-Flex-Evstart
Mobiquo-Is-Login
PServer
X-GC-Read
Content-Instance
X-GC-Write
X-Enhanced-By
X-SV
X-Flex-Lang
X-Flex-Lastmod
Publisher
X-Var-Hash
X-CCC
X-CID
X-Nginx-Cache
Cxy-All
RATING
X-Flex-Tag
X-Flex-Tags
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-UserAgent
X-Author
X-WLD-LB
OriginServer
Sid
LFY
SFY
X-Pagename
X-CacheTTL
X-OPNET-Transaction-Trace
X-Client-IP
S-Cnection
CP
X-Loopia-Cache
X-Hit-Cache
X-Locale
X-FFX-B
X-ESI-Enable
X-Render-Time
X-Varnish-Debug-Age
X-Catalyst
X-App-Container
X-Varnish-Debug-Hits
WFE
BALANCEDTO
Pool-Info
X-Environment
X-Varnish-Debug-Pool-Recv
MachineName
X-Varnish-Debug-Pool-Fetch
X-BKSrc
X-Prerender-Token
CACHED-RESPONSE
X-Varnish-Restarts
X-NginX-Cache
X-NginX-Server
X-PvInfo
X-LB
X-Abuse
Ttl
X-ACCELERATE
Mime-Version
X-Uplex
X-Purge-Level
Tracker
X-Allow-Redis
X-Varnish-Currency
X-Seschat-URL
X-Is-Mobile
X-SeschatDID
Be
X-7dig
X-7d-Version
X-7d-Traceid
X-GeoIP
X-GitHub-Request-Id
Cache-Rule
X-Time-Microsecs
BM-Cache-Bypass
Hotelbookingid
X-Serendipity-InterfaceLangSource
X-Serendipity-InterfaceLang
X-Upstream
Hamster
Server2
X-App-Server
Ec
X-Backend-Status
X-CMS
B-Powered-By
X-Via-Kemp
X-MCB-Server
AcceptLangage
Tpt.Renderer
X-SeschatTemplateID
After
ServerConfigManager.WebBugTracker
IsFullSiteRequest
ExecuteNonQuerySQLParam
Render
Before
Tpt.Renderer1
X-CACHE-TTL
X-Server-IP
ServerIP
X-Drupal-Cache-Tags
X-SeschatRedID
X-Ruxit-Js-Agent
X-Brought-To-You-By
CountryCode
Arr-Disable-Session-Affinity
X-Req-Counter
X-Dynamic
Rt-Server
X-SeschatLayout
X-T3CacheInfo
X-Cache-Host
Sophnep-Edge-FX
X-Node-Name
X-ACLR-Version
X-ESI
Accept-Language
X-Benchmark-Sphinx
X-Benchmark-Sphinx-Count
X-Benchmark-Cache
X-Cache-Backend
OGHopCount
X-TTL-Age
X-Url-Store
X-Would-Your-GrandPa-Wait
Xonnection
X-Your-GrandPa-Would-Wait
X-AccessDev
X-ProxyInstancename
X-Checkout
X-Compressed-By
X-ELC-Checkpoint4
Bs-Header
X-VhostID
X-Cookie-Store
X-Dokk-PortalId
X-Benchmark-Db
Nitro-Cache
X-CDN-Cache-Status
INCOMING-TIME
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-Cache-Via
X-Benchmark-Total
X-CDN-Node
X-Hosting
X-Hit
X-IP-Address
Ibf5scheme
X-CMS-Powered-By
IsMobile
X-FCMS-Cache
Nodeid
Content
X-Dynatrace-Js-Agent
X-ProcessESI
X-S-Misc
WP-AdvCache-MemCached
X-TLServer
Protected-By
X-Server-Instance
X-Revision
X-IDS-WS
REFRESH
X-Generation-Time
User-Id
NZSpeedy
X-RemovedCookies
X-D-Time
X-DefendeR-Runtime
X-DefendeR-Status
User-Updated-At
XDisk
Public-Extension
ResourceTag
X-Env
X-Varnish-Cookie-Debug
X-Varnish-Hashed-On
Esi-Enabled
Aoestatic
X-VG-WebCache
X-Full-URL
X-Magnolia-Registration
Be-Va
Be-Ip
Server-IP
X-SATserver
X-Sc-Cache
OutputRewritten
X-HOSTTYPE
X-Gondor-Server
X-Sc-Path
X-USERNAME
D
BrandBucket-Domain
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webobjects-Loadaverage
X-Content-Security-Policy-Report-Only
Redirect
X-Edge-IP
X-Cache-Doesi
X-Client-Vid
X-SERVER-ID
X-EPiphany-Vid
Webserver
Ibm-Web2-Location
X-AISO-Server
X-Binarysec-Via
X-AISO-Cacheable
X-AISO-Cache
Provider
X-Download-Options
X-DELIVERYSERVER
At-Isb
Backend-Host
X-Confluence-Request-Time
X-Node-ID
X-Server-Node
X-Varnish-Hit
X-MSEdge-Ref
CacheControlHeader
MageStack-Cache-Hits
MageStack-Cache-Lifetime
X-VAR-Hash
MageStack-Area
Cpu
X-IP
X-Frontal
X-Cookie-Response-Debug
X-ErrorPage
Content-ID
X-Origin-Cache
X-Planisys-CDN-Cache
X-NID
X-Planisys-CDN-Rules
Server-Optimized-By
Access-Control-Allow-Origin:
X-Upstream-Time
X-Cookie-Request-Debug
X-Cache-Extended
X-Cachable
Timing-Allow-Origin
MageStack-Cache-Status
MageStack-Cache
BE
Redirect-Store
Rt-Proxy-Cache
MageStack-Cacheable
X-Fett
MGIT
X-Mobile
X-Artvisual-Server
X-Ruxit-JS-Agent
X-CCM
X-Client-Addr
X-Compressor
Test
Copyright
MageStack-Tag
MageStack-Debug
MageStack-PageSpeed
MageStack-Loadbalancer
Noq
MageStack-Response-Ttl
X-CMS-Server
Ram
MageStack-Config
Requested-Host
X-Daa-Tunnel
Gzip
F-In-Cache
X-PBY
X-Varnish-Max-Age
X-Provided-By
Fastcgi-Cache
Smug-Prefetched
X-Cached-On
X-Cached-Until
Tempo
If-Modified-Since
X-B
X-Prefetched
X-GeoIP-Country
X-Cluster-ID
X-HW
X-Highwire-Cache
X-Highwire-Sitecode
X-Client-Id
X-Aberdeen-Site
Thinkindot-CacheControl-Type
Thinkindot-Control
UNIQUE-ID
X-Aberdeen-Cache
X-Instance
X-Mod-Oboe-PS
X-RateLimit
X-ATP-Server
Www.Aujourdhui.Com
Max-Age
X-ARR
SV-Duration
X-Node-Id
X-RequesterIP
MwpReleaseVersion
Serv
Thinkindot-CacheControl
DB-Nickname
X-Ec-Custom-Error
X-Geolocation
X-EntryPoint
X-Device-Group
X-Fallback
X-Hostingcenter
X-T
X-Pb-Mii
X-Nucleus-Cache
X-Mii-Cache-Hit
X-Ocache
X-Foresight-Air
X-Foresight-Customresponse
Access-Ip
Host-Service
X-Backend-IP
X-ENV
X-Cache-Key
Encoding
X-Healthy
Z-NginxStatus
DrivedBy
SSPAppContext
X-Request-Time
X-Pageid
ClientIP
X-Request-Count
ProxiaInstanceId
X-JSON-API-LATENCY
Compression-Control
X-WAP
X-Docuri
Content-Cache
PROPSON-FARM
X-Page-Generated-At
X-Static-Version
X-Panel-Name
X-RSS-CACHE-STATUS
Foglight-Request-UUID
X-Page-Generation-Time
X-Server-Generated
Altran-C
X-Magento-Action
Web-Head
X-Cookie
X-Process-Time
WebDevSrc
Noahs-Classifieds
X-Powered
F5-IpCliente
X-Yqk-Set
X-XHR-Current-Location
X-Bcwwwid
WP-Cache
X-Magento-Lifetime
Ksid
X-Path
X-Powered-By-Yqk
Commerce-Server-Software
X-Panel-Id
X-Hop-By
Http
X-JG-Page-Cache
X-Planisys-CDN-Upstream
BKREF
X-Debug-Serve
X-Sov
X-Rot
X-Source
X-Avvio-Cms-Cacheload
X-MJ-Upstream-Addr
X-Cms-Server
RayEngine
X-Ants-Machine-Id
X-Ec2-Vpc
Xc
X-Eznode
X-Key
Ozcache
X-B2f-Cache-NotFromUrl
SAVVIS
X-PoolMember
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Rack-Cors
X-CacheStore
X-HA
Robots
Backend-INFRA.WAN
X-Created
X-Req-Url
UniqueName
Masquerade
CorrelationVector
Domain-Id
X-UA-Profile
X-Unbounce-PageId
X-V-TTL
Description
X-V-Outer
X-V-I-TTL
X-Unbounce-Variant
X-Unbounce-VisitorID
Keywords
X-DEBUG
X-AppServer-Status
X-Restarts
X-Backend-Name
X-Accelerated-By
Time
X-SEA-Instance-Name
SL-NOREWRITE-REDIRECTS
X-Crafted
X-Powered-By-Home.Pl
Language
Prama
X-Lang
BM-Cache-BackendTime
BM-Cache-BackendNode
X-Accel-Cache-Control
X-Rq
X-Stackable-Node
X-RAMCache
X-Forwarded-Proto
X-R4L-VHOST
X-Nginx
AC-ELC
AMFplus-Ver
X-TAProxy
X-Ratelimit
X-DC-Origin-IP
At-Shoptype
Atp-Isdpp
X-Platform-Processor
X-Platform-Cache
X-Platform-Router
X-PoweredBy
Ngpass-All
X-ESI-Processing
X-Gyrobase-Publication
X-View
X-LTM-ID
7e-Page-Cache
ContentType
Fw-Via
X-Mobile-Device-Type
X-Mobile-Device
Url-Hash
X-Varnish-Ttl
Railo-Version
X-Cached-From
Fqdn
X-Src-Loadbalancer
X-Life
X-SiteConInfo
Nginx-Cache
GenSvr
No-Cache
X-FRONT-TTL
EXT-CACHEEXPIRE