Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
Link
X-Pingback
P3P
X-Content-Type-Options
X-XSS-Protection
X-AspNet-Version
X-Cache
X-Frame-Options
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Keep-Alive
X-Template
X-Check
X-Language
X-Varnish
Strict-Transport-Security
X-Buckets
Access-Control-Allow-Origin
X-Cacheable
Content-Location
X-Generator
X-Drupal-Cache
Status
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Powered-By-Plesk
MS-Author-Via
X-Request-Id
X-Runtime
WP-Super-Cache
X-Type
X-Cache-Group
X-Pass-Why
X-Powered-CMS
P3p
Ngpass-Ngall
X-Pad
X-Mod-Pagespeed
Host-Header
X-Cache-Hits
Access-Control-Allow-Credentials
X-UA-Device
Content-Security-Policy-Report-Only
X-Logged-In
X-Iinfo
X-Backend
X-ShopId
X-Alternate-Cache-Key
X-Dc
X-ShardId
X-Via
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Host
X-Tumblr-Pixel-1
X-Request-ID
X-ServedBy
X-Server
X-ContextId
X-Tumblr-Pixel-2
X-Served-By
X-Cache-Hit
X-CDN
X-Served-From-Cache
X-Port
MicrosoftOfficeWebServer
X-PC-Key
X-PC-Hit
X-Robots-Tag
X-Cache-Lookup
Content-Security-Policy
X-Rack-Cache
MicrosoftSharePointTeamServices
X-PC-Host
X-PC-AppVer
X-PC-Date
SPRequestGuid
X-SharePointHealthScore
X-Request-Country
X-Varnish-Cache
X-Accel-Version
X-BC-Is-HA
Powered-By
Content-Encoding
X-XRDS-Location
X-Tumblr-Pixel-3
X-MS-InvokeApp
X-Safe-Firewall
X-Page-Speed
X-Sucuri-ID
X-Cnection
X-Amz-Cf-Id
X-AH-Environment
X-Webserver
X-PhApp
X-Ua-Compatible
X-Seen-By
X-Wix-Renderer-Server
X-Wix-Request-Id
X-W-DC
X-Turbo-Charged-By
X-Cache-Status
X-INKT-URI
X-INKT-SITE
X-FullPageCaching
Composed-By
CF-Cache-Status
X-Firenze-Processing-Times
X-Timer
Rating
X-Content-Digest
Served-By
Request-Id
X-GitHub-Request-Id
Public-Key-Pins
X-Tumblr-Content-Rating
SPIisLatency
SPRequestDuration
Upgrade
Liferay-Portal
X-Styx-Req-Id
X-Tumblr-Pixel-4
X-Pantheon-Styx-Hostname
X-Styx-Version
X-Pantheon-Endpoint
X-Cache-Enabled
X-Amz-Id-2
X-Amz-Request-Id
X-Spip-Cache
X-Node
X-Hyper-Cache
X-XN-Trace-Token
X-XN-XNHTML
X-Server-Name
X-Proxy
X-HeyJason
Permitted-Cross-Domain-Policies
Cf-Railgun
Content-Script-Type
Content-Style-Type
X-SERVER
X-CF-Powered-By
X-Proxy-Cache
X-Cache-Info
X-CDN-Geo-IP
X-CDN-Geo
X-CDN-Any-IP
X-Clacks-Overhead
X-FB-Debug
Alternate-Protocol
X-Content-Powered-By
Charset
Public-Key-Pins-Report-Only
X-Umbraco-Version
Refresh
X-Cache-Server
X-Hits
X-Cached-By
X-Content-Security-Policy
Timing-Allow-Origin
X-VCache
X-Powered-By-360WZB
Cartoon
X-Cache-Result
X-FW-Hash
Real-Hostname
X-TN-ServedBy
X-Device
X-Loop
X-FW-Serve
X-FW-Static
X-FW-Type
X-Cached
X-Tumblr-Pixel-5
X-DynaTrace-JS-Agent
X-Microcachable
X-PersistenceNode
X-TNCMS
X-Backend-Server
X-Px
X-Hostname
X-Permitted-Cross-Domain-Policies
X-Age
X-Fastly-Request-ID
EagleId
X-Swift-SaveTime
X-Swift-CacheTime
Access-Control-Max-Age
NS-RTIMER-COMPOSITE
X-Generated-By
Alt-Svc
X-ChromeLogger-Data
X-Jimdo-Pid
X-Jimdo-Wid
X-User-Agent
X-Outils-CS
TCN
X-Url
Content-MD5
X-Cache-Config
X-DDC-Arch-Trace
X-Varnish-TTL
X-CMS-Version
Grace
X-MiniProfiler-Ids
X-Whom
X-Varnish-Backend
X-URL
Response
Proxy-Connection
X-DynaTrace
Page-Completion-Status
X-From
X-LJ-Flow-ID
X-Gateway
X-VWS-Id
X-AWS-Id
X-Beta
Magicmarker
X-Forwarded-For
X-Msg-2-Log
X-Varnish-Cacheable
X-Micro-Cache
X-WebKit-CSP
X-Middleton-Display
X-Tumblr-Pixel-6
X-Middleton-Response
Display
X-Sol
X-Content-Options
Product
ServedBy
Surrogate-Control
Fastly-Debug-Digest
Imagetoolbar
X-Content-Encoded-By
Generator
X-Handled-By
Fpc-Cache-Id
ServerName
Rt-Fastcgi-Cache
IBM-Web2-Location
X-Expires-Orig
X-Matrix-Server
X-Matrix-Proxy
X-ServerName
X-Server-Powered-By
X-Hosted-By
X-Styx-Build-Sha
X-Styx-Build-Date
X-AspNetWebPages-Version
X-Styx-Build-Num
X-Country-Code
X-FORWARDED-FOR
X-Firenze-Processing-Time
DynaTrace
Powered-By-ChinaCache
X-TTL
X-LiteSpeed-Cache
Access-Control-Request-Method
X-Director
X-Processed-By
X-Original-Request
X-Passed-To
X-App-Hosting
X-ARC
X-Mobilized-By
X-Version
X-Actual-URL
X-Returned-From-DLL
X-Passed-To-DLL
X-Returned-From
Content-Hash
X-Cache-Rule
X-I
X-Geo
X-Geo-Port
X-Art-Request-Id
Node
PageSpeed
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-ApacheServer
X-Stale
X-S
Fhost
Content-Encoding-Handler
Cxy-All
X-Track
X-Nitra-Side
X-Instart-Request-ID
Retry-After
X-SDS
Proxy-Agent
Powered
X-Cache-TTL
Pics-Label
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-ATG-Version
X-Varnish-Beresp-Ttl
X-Cache-Age
MIME-Version
X-Varnish-Host
Lsrequestid
X-Varnish-Cache-Hits
X-UD-Method
Content-Disposition
Akamai-IP
X-CacheServer
X-FW
X-Varnish-Age
X-Time
RTSS
SID
X-PERF
X-Download-Options
X-Gamma-Serve
X-Duration
X-NoCache
X-Drupal-Dynamic-Cache
X-Cache-Debug
CC-CACHE
X-Server-ID
X-Location-Id
X-VTEX-Janus-Router-Backend-App
X-Vtex-Processado-Em:
X-Vtex-Remote-Cache
X-VTEX-Cache-Status-Janus-Edge
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-ApiCache
X-Powered-By-VTEX-Janus-Edge
No
X-Vtex-Processed-At
ServerID
X-Route-Server
Ngpass-Vcall
Location
X-PwB-Node
X-Cache-Expires
X-Xrds-Location
X-Varnish-Hits
X-Cache-Control-Orig
X-BS
X-Powered-By-Server
X-I-Sp
SN
Thanks
X-Client-IP
X-Cookie-Domain
VAR-Cache
Buuteeq-Source
X-HOST
X-Speed-Cache
Edge-Control
PICS-Label
X-CJ-Soft
X-Cache-Operation
X-GeoIP-Country-Name
X-GeoIP-Country-Code
X-Do-Not-Hack
X-Developer
Cache
X-Front
X-Purge-Host
X-Response-Time
X-ServerID
X-Recruiting
Access-Control-Expose-Headers
X-Cf-Requestid
X-Varnish-IP
X-PF-Uncompressing
X-Srv
X-Do-Esi
Host
NODE
X-DNS-Prefetch-Control
X-Amz-Meta-S3cmd-Attrs
X-CDN-Cache-Status
X-CDN-Node
X-Speed-Cache-Key
Server-Info
NtCoent-Length
Front-End-Https
X-App-Status
Accept-Encoding
Accept-Charset
X-Goog-Hash
X-Varnish-Hostname
X-Grace
X-DefendeR-Status
X-DefendeR-Runtime
X-Yadis-Location
Origin
X-Frontend
Srv
X-Geo-IP
X-Purge-URL
X-Abuse
X-N
Qs-Cache
X-Cache-Tags
X-ACMCache
Filter-Revision
IISExport
X-Distil-CS
X-Upstream
BDPAGETYPE
X-Blog
BDQID
NetMindSessionID
Webluker-Edge
BDUSERID
LBVIS
X-Device-Type
X-Drectory-Script
X-Domain-Checked
Frame-Options
X-Session-Reinit
X-Trace-Cache
X-Provisioner-Version
X-Fastcgi-Cache
X-Translation
X-Real-Server
X-Microcache-Status
X-Libra-UpstreamHost
X-Yottaa-Optimizations
COMMERCE-SERVER-SOFTWARE
X-Yottaa-Metrics
Mobiquo-Is-Login
Server-Name
A-Powered-By
X-ClientSide-Caching
S
Cm-Server
X-Highwire-RequestId
X-Geo-IP-Country
X-Geo-IPV
X-SmartBan-Host
X-Geo-IP-Metro
X-SmartBan-URL
Backend
X-Trace
X-Highwire-SessionId
Author
X-Geo-IP-Region
X-Daa-Tunnel
X-Ttl
X-Engine
X-Cocoon-Version
Arr-Disable-Session-Affinity
X-FIRSTBase
X-Debug
Last-Published
X-Storage
X-WR-Flags
X-Server-Id
X-Forwarded-Proto
X-Magnolia-Registration
X-Directory-Script
Version
X-App
X-Powered-By-VTEX-Janus-Router
X-SRV
X-Sys-Req-ID
X-WA-Info
X-Varnish-Debug-Age
Lfy
Sfy
X-VTEX-Janus-SO
X-Litespeed-Cache
X-Adobe-Content
X-UPSTREAM
X-BackendServer
WWW-Authenticate
HAVer
HCVer
X-Orig-Vary
Req-Id
X-Pagename
X-Adobe-Loc
X-Distributed-By
X-Cache-Control
Encoding
X-SCProxy
Nodo
X-WEBSERVER
X-Varnish-Server
X-Cache-Lifetime
X-Origin
Content-Transfer-Encoding
X-Src-Webcache
X-TempDebug
SVR
X-JG-Page-Cache
Set-Cookie2
X-W3TC-Minify
X-Source
X-Bettercache-Proxy
X-Distributor
Backend-Timing
SiteName
X-Analytics
X-SE-Debug
Id
X-EDGECONNECT-GUID-DEBUG
S-Cnection
X-Grid-Server
SRV
Cache-By-Node
X-Origin-Id
CacheControlHeader
XDomainRequestAllowed
X-Varnish-Action
X-Object-Id
X-Object-Type
X-Edge-Location
X-Content-Age
Beyond-Iis
Keywords
Smug-CDN
X-Env
X-Id
AMF-Ver
X-Balanceador
X-Amz-Storage-Class
X-Prefetched
X-NetCat-Version
X-TTFB
X-SmugMug-Hiring
X-SmugMug-Values
X-TTFB-L
Fastcgi-Cache
LBC
X-Server-Instance
CT
X-Secret
X-Empowered-By
X-Resolver-IP
X-Vary-Options
X-SV-CacheTags
X-NginX-Cache
X-NginX-Server
X-Varnish-HitMiss
X-SV-Nginx-Duration
X-Varnish-Count
X-Uid
X-SV-CreatedAt
X-SRCache-Store-Status
X-Machine-Name
X-SV-FromDBCache
X-SV-Pid
X-Full-URL
X-SV-Edge
X-SV-Duration
X-SRCache-Fetch-Status
Web-Server
MIH-PLATFORM
X-ID
MIH-CLIENT-FARM
MIH-PUBLIC-IDENTIFIER
NLCacheNote
X-Source-ID
X-Force
X-PRAM
X-Garden-Version
Hamster
X-Req-Host
Pool-Info
X-Captured
X-Varnish-Debug-TTL
X-APP
X-Nginx-Host
MW-Webserver
X-AISO-Cache
X-AISO-Server
X-AISO-Cacheable
X-FreeTag-Count
X-Edge-IP
CLMOB
X-Cache-Action
X-Nhost
X-NFE
X-Nurl
X-Phpwcms-Page-Processed-In
V-RESP
Description
X-Amz-Version-Id
X-AOL-SNH
X-Ruxit-JS-Agent
SSPAppContext
X-Server-IP
X-Phpwcms-Release
X-SDE-Name
X-Accel-Expires
X-Platform-Router
X-Platform-Processor
X-Amz-Id-1
X-Gannett-Site-Version
X-Unbounce-Variant
X-Atraveo-From-Varnish-Cache
X-Optimization
X-Atraveo-Param-Rm
X-Atraveo-Set-Cookie
X-Atraveo-Varnish-Server-Id
X-Atraveo-TTL
X-Atraveo-ETag
X-Atraveo-Cache-Control
WP-AdvCache-MemCached
X-Cache-CFC
X-CacheResult
X-Cache-TTL-Remaining
X-Cache-Keep
X-Atraveo-Zone
X-Atraveo-Expires
X-Unbounce-PageId
X-Cache-On
X-Dynatrace
X-Old-Content-Length
X-Unbounce-VisitorID
X-Real-IP
X-WP
X-Smartcache-Timeout
X-Smartcache-Keys
ORIGIN
X-AWS
X-Cookie
Device
X-IsCacheURL
Nitro-Cache
X-Platform
X-Rocket-Nginx-Bypass
X-Varnish-Esi-Access
Cneonction
X-Varnish-Esi-Method
X-Cache-Key
X-Framework
X-Cache-Doesi
W
Warning
X-REDIRECTSERVER
From
X-Varnish-Grace
X-Symfony-Cache
X-VTEX-Janus-Processado
X-Hit-Cache
X-Revision
ServerIP
ScoreTracker
X-Test
X-XTM-Node
X-Varnish-Ttl
X-Detected-Device
X-Expires
X-Stage
B-Powered-By
X-VTEX-Janus-System
X-Cms-Mode
X-Client-Vid
X-EPiphany-Vid
Host-Service
X-Page-Cache
TP-L2-Cache
TP-Cache
X-LB
Worker
X-Dev
X-Varnish-RemainingTTL
X-Hosts-Backend
X-Varnish-Seen-By
X-Varnish-Currency
X-Nginx-Cache
Accept-Language
X-Jphone-Copyright
X-Varnish-RemainingGrace
X-Processing-Time
X-Turpentine-Esi
X-ServerIndex
X-TYPO3-Pid
X-FFX-B
Cache-Ctrol
X-Middleton-PageSpeed
Cache-Rule
X-B2f-Not-Route
X-GSL-Server
X-Plat
X-ESI-Enable
X-N-ViewType
Jobb.Passal.Se
Open.Jobgate.Se
OT-RequestId
P3P:CP
Jobb.Gil.Se
X-Environment
BM-Cache-Bypass
Jobb.Assistentpoolen.Se
X-Is-Mobile
Test.Executivepeople.Se
Www.Mabracertifiering.Se
X-Apm-Telemetry-Syncmark
Ksid
X-Appmachine-Environment
X-Remove-Cookie
X-Max-Age
X-Cache-Served
Www.Mirrorgate.Se
Www.Myjob.Se
X-BLSR-COST
Vacache
X-CCC
X-Webstats-RespID
X-Actindo-RS
X-J-Proxy
X-Invoke-Duration
X-SSL
X-Kirra-SiteId
X-Hypernode
X-VAge
BALANCEDTO
Sophnep-Edge-FX
Sss
X-Varnish-Bot
Ttl
X-Discourse-Route
Cluster-ID
X-DTC
Hash
FROM-SERVER
X-PHP-Response-Code
X-B-Cache
X-J-Proxy-Hostname
X-Info
Apache
Prxy
X-CID
X-Response-Status
BM-Cache-Key
X-J-Proxy-Servername
WFE
X-Response
X-Site:
BM-Cache-Node
X-Powered
SBGI-1
Tk
SBGI-RenderTime
X-Obvious-Info
SBGI-Device
X-Varnish-Store
SBGI-5
SBGI-7
X-Obvious-Tid
SBGI-10
SBGI-9
SBGI-RealPath
X-NewRelic-App-Data
X-PHP-Engine
SS
Fastly-Backend-Name
X-Dispatch
Mime-Version
X-Worker
Microsoftsharepointteamservices
X-Frames-Options
Debug-3-1
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Header
X-Key
X-Span
Og
Section-Io-Id
X-Clara-ASAP
X-Varnish-URL
X-SilverStripe-Cache
X-Rot
X-Sov
X-ATM-RTime
X-ATM-RServer
Ibf5scheme
X-7d-Instance-Id
X-7d-Trace-Id
Allow
X-Remote-Addr
X-MrHost
Myheader
X-GUploader-UploadID
X-Goog-Stored-Content-Length
SIP
X-ASAP-Cache
X-DSMX-Rewrite-MS
X-DSMX-Render-MS
X-DN-Cache-Control
X-Goog-Stored-Content-Encoding
Sid
Xc
X-Cache-Ttl
X-ORACLE-DMS-ECID
Copyright
X-GeoIP
PROPSON-FARM
X-Ob-Mode
NnCoection
X-SERVER-ID
No-Cache
X-Dispatcher
BM-Cache-Status
X-Webkit-CSP
RATING
X-HITS
HOST-SERVICE
CpuTime
X-WorkerInstancename
X-DPWN-IS-SECURE
X-Sharepointhealthscore
X-This-Proto
X-Twitter-Response-Tags
X-Connection-Hash
X-Cache-PageType
X-Powered-By-Anquanbao
Sprequestguid
X-Transaction
X-Ms-Invokeapp
X-Cache-Fix
Language
X-Turpentine-Cache
X-WR-MODIFICATION
X-Node-Name
X-LB-Server
X-Varnish-Set-Cookie
X-Full-Url
X-Pagely-Cache
X-Ec-Custom-Error
X-Rack-Cors
X-Cache-Original-TTL
Nodeid
Nginx-Cache
X-Varnish-Instance
X-B
Imx-Cookies-Used
X-Nginx
X-PBY
Surrogate-Key
X-BC
X-Domino-CacheValidationWithETagResult
Progma
Content-Instance
X-Domino-CacheValidationWithETagReason
X-Status
X-Aberdeen-Cache
X-Cache-Backend
MachineName
Fw-Via
PServer
X-Aberdeen-Site
X-Author
DrivedBy
X-JSESSIONID
X-Flow-Powered
X-LW-Web-Server
Machine
If-Modified-Since
X-Powered-By-Home.Pl
X-CCM
Y-Trace
X-Built-By
Bs-Header
X-ProxyInstancename
Edgecast
X-Fw-Serve
Ews
X-Route
X-IP-Address
X-Fw-Type
X-Ar-Debug
Server-N
Provider
X-Fw-Static
X-Seschat-URL
CommunityServer
X-SV
X-Hit
X-SeschatRedID
X-SeschatLayout
X-SeschatDID
X-SeschatTemplateID
X-Cache-Set
X-Gyrobase-Publication
X-Fw-Hash
X-Cache-Engine
X-R4L-VHOST
X-Oracle-DMS-ECID
X-Content-Security-Policy-Report-Only
X-T
X-Render-Time
X-OPNET-Transaction-Trace
X-Pixelsilk-Version
X-Cache-Via
X-Request-Count
X-Pixelsilk-Server
X-Serendipity-InterfaceLang
X-Channel-Maxage
X-Time-Microsecs
X-Time-Spent
X-View
XDisk
X-Config-By
X-Cache-Extended
X-Request-Received
X-Request-Processing-Time
X-Ratelimit
X-Edge-V
X-Serendipity-InterfaceLangSource
X-MCB-Server
X-Say-Original-Host
X-Your-GrandPa-Would-Wait
X-ServedByHost
X-SayCDN-UA
Acdc-Web
X-Would-Your-GrandPa-Wait
X-Ocache
X-TTL-Age
X-Esi
X-Trace-App
X-Venda-Hitid
X-SayCDN-TTL
X-SayCDN-Original-UA
X-Say-Original-IP
X-LS-DEBUG
X-Say-Cacheable
X-App-Server
E-TAG
X-Say-Original-UA
X-SayCDN-Original-Path
X-SayCDN-Original-Host
X-Say-TTL
X-Say-Original-URL
X-TargSmaku
Pool
X-Healthy
X-Medium-Entity-Id
RequestId
Server-Id
X-MCF-ID
Cpu
Tempo
Ram
Noq
SL-NOREWRITE-REDIRECTS
V-Age
X-Static-Version
X-DELIVERYSERVER
X-EntryPoint
X-Fallback
X-Origin-Server
Www.Aujourdhui.Com
X-Search-Id
X-Medium-Entity-Type
-GCR
CtExclusions
X-COUNTRY-CODE
X-II
X-Instance
X-Frontal
X-EZPublish-NodeID
X-AOL-HN
X-ESI
X-EZPublish-InstallationID
X-Avvio-Cms-Cacheload
WebServer
SV-Duration
X-Ct-Info
GenSvr
Real-Server
Foglight-Request-UUID
Server-Ip
X-Tile-Url
Rewriter
X-ManagedFusion-Rewriter-Version
X-Compressor
X-UseReverse-Proxy
X-Webapp
Backend-Name-Original
Access-Control-Request-Headers
X-Router-Backend
X-ACCELERATE
X-B2f-Cache-Load
X-Router
Il-Cl
Mto-License-Status
X-VG-WebCache
X-Pressidium-NinukisWP-Ver
X-Block
X-Accel-Cache-Control
WP-Cache
SERVER-IP
X-WebKit-CSP-Report-Only
Requested-Host
Tracker
X-ServerCache-Info
X-Box
X-Sc-Path
X-Sc-Cache
X-Nucleus-Cache
X-Rewritten-By
X-AppServer-Cache-Rule
Server-Optimized-By
X-Server-Addr
X-CB-Server
NZSpeedy
X-4ormat-Cacheable
X-Benchmark-Cache
INCOMING-TIME
X-Benchmark-Db
X-Tags
HostGen
X-Benchmark-Sphinx
X-Backside-Transport
X-Benchmark-Total
X-Server-By
X-PageID
Servername
Sprequestduration
Spiislatency
X-Benchmark-Sphinx-Count
X-HostName
X-Panel-Name
X-RateLimit-Remaining
X-Farm-Server
X-F-Cache
X-B3-Traceid
X-LOCATION
X-Made-Cache-Ttl
X-Runtime-Memory
X-Panel-Id
X-Orig-Host
X-SATserver
Atp-Isdpp
Countrycode
Be-Va
Be-Ip
User-Agent
X-Cluster-Node
X-HA
X-Global-Transaction-ID
Ec
X-Pb-Mii
X-Flex-Lang
X-Flex-Evstart
X-Flex-Evend
X-Flex-Lastmod
X-Flex-Tag
X-Mii-Cache-Hit
X-Flex-Tags
DNNOutputCache
Redirect
Robots
X-HeBS-Cache-Status
X-KoobooCMS-Version
SINA-LB
SINA-TS
X-Vhost-ID
X-Purge-Level
DPOOL-HEADER
Apple-Itunes-App
X-Hosting
X-Pageid
X-Built-With
DB-Nickname
X-NMT-Proxy
X-EdgeConnect-Cache-Status
X-Flex-Community
X-Device-Group
X-Ghost-Cache-Status
X-GC-Write
X-GC-Read
X-Magento-Action
X-Magento-Lifetime
X-Newrelic-App-Data
X-PURGE-Server
X-GC-Pointer
X-GC-App
Aoestatic
X-We-Are-Hiring
Esi-Enabled
Full-Page-Cache
Svr
Head
X-Compressed-By
X-Enhanced-By
X-Varnish-Hashed-On
X-BE
X-Artvisual-Server
X-Varnish-ServiceNetIP
X-Web-Node
X-Atraveo-Accept-Language
X-ATP-Server
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Gondor-Server
X-FCMS-Cache
X-HOSTTYPE
X-Trace-Id
X-Webobjects-Loadaverage
X-USERNAME
X-CDNZZ-FCACHE
X-EPiLogOnScreen-PostUrl
X-VhostID
X-Rq
Access-Control-Allow-Origin:
X-EPiLogOnScreen
X-NID
X-Feature
X-IDS-WS
X-Application-Context
X-Backend-Name
MageStack-Web-Node
X-BPool
X-BServer
X-Cacheable-TTL
X-Obr-Rule
X-Origin-Cache
X-EdgeRouter
X-Cache-Me-Harder
X-Frame-Option
X-Hrouter
X-Hstore
X-Cache-Host
X-Airee-Node
Connecion
X-RAMCache
IsMobile
Web-Head
X-AccessDev
MageStack-Tag
MageStack-PageSpeed
X-Country
Thinkindot-Control
X-GeoIP-Country
X-Highwire-Cache
X-Highwire-Sitecode
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
BackendServer
X-Rack-CORS
ClientIP
F5-IpCliente
Gzip
X-Hiring
X-Node-Id
MageStack-Cacheable
MageStack-Cache-Status
MageStack-Config
MageStack-Debug
MageStack-Loadbalancer
MageStack-Cache-Lifetime
MageStack-Cache-Hits
X-RequesterIP
X-PHP
X-Catalyst
MageStack-Area
MageStack-Cache
X-Martin
X-Cluster-Host
RSL-Trace-ID
RouteID
X-ACLR-Version
X-BKSrc
X-Provided-By
X-Hitfpm
Publisher
HA-Front
X-Varnish-Debug-Pool-Recv
X-Varnish-Debug-Pool-Fetch
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Varnish-Restarts
X-Webbins-Node
Hostname
X-Brought-To-You-By
Fpc-Expire
Cteonnt-Length
Kanooh-Host
Kp-EeAlive
X-9XB-Server
X-Platform-Cache
X-Bcwwwid
X-Dynamic
X-Delivered-By
X-Varnish-Cookie-Debug
Akamai-Edgescape
X-Amz-Meta-Cb-Modifiedtime
X-Uplex
Rt-Server
X-T3CacheTags
X-T3Cache
X-MobileDetected
X-IP
X-SERVERID
X-Xhr-Current-Location
X-ETag
X-ZSITES-DNS
X-Proxy-Route
IM-Version
X-Lima-Id
X-GETTER-Cache
X-Backend-Ip
AGI-Request-ID
Url-Hash
X-Machine
At-Shoptype
At-Isb
X-Esi-Processing
X-HW
X-Webcelerate
X-DealerOn
X-AOESTATIC-FETCH
X-S-Misc
X-ProcessESI
X-RemovedCookies
X-MOBILE
X-IIJ-Cache
X-Varnish-GW-Backend
Railo-Version
X-Ec2-Vpc
X-SID
AC-ELC
X-Timestamp
X-Trans-Id
RVBD-CSH:
Hosted-By
UniqueName
MtcHosted
Xonnection
X-CO-Host
Cmstype
X-Accelerated-By
X-Cookie-Request-Debug
X-Cookie-Response-Debug
B2C-HG-008
X-ServerCache-Source
X-CPU-Time
X-SL-Norewrite
X-ServerCache-Key
X-Mod
X-Server-Upstream
X-Boot
INFO
X-Sn-Servicetimems
X-Fe
X-Cache-Node
X-UA-Vendor
X-Varnish-Max-Age
TotalTime
X-UA
Lookup-Cache-Hit
X-Client-Addr
X-Document-Folder-Guid
X-Document-Guid
X-Ants-Machine-Id
X-Ants-Host
Cmsid
X-Generation-Time
MwpReleaseVersion
X-Document-Guid-Path
X-Document-Path
X-Server-Generated
X-Server-Instance-Name
Cached
X-Allow-Redis
OutputRewritten
X-Document-Tracking-Type
X-HTML-Minification-Powered-By
Aurora-Node
X-LTM-ID
X-Kinja
X-Geo-Segment
X-Debug-Serve
X-Kinja-Build
X-Kinja-Revision
FX-Cache
FX-Forwarded-For
FX-TTL
X-Goog-Meta-Replace
X-KO-Site-Id
NodeId
X-Meta-Imagetoolbar
MSThemeCompatible
Strict-Transport-Security:
X-PoweredBy
X-Cdn-Fetch
X-T3CacheInfo
X-RSS-CACHE-STATUS
BX-TTL
BX-Cache
X-Node-ID
X-Obj-Ttl
X-Pardot-LB
X-Lang
X-Content-Parsed-By
Powered-By-VeryCDN
HostName
Disablevcache
X-Pardot-Route
X-Pardot-Rsp
X-UIN
X-Goog-Meta-Policy
X-Kinja-Server
X-Server-Node
X-PROCESSED-BY
X-PC3-Control
X-PC3-Time
MSSmartTagsPreventParsing
X-Meta-MSSmartTagsPreventParsing
X-RE-Ref
X-AG-MIPS
RlogId
X-Page-Id
X-SL-Notranslate
Content-Cache
X-FarmId
X-Memcached
Dynatrace
Login-Required
X-Cms-Server
X-Jcms-Ajax-Id
Instapage-Variant
Sunucu
X-FE
Noahs-Classifieds
SBMCLOUD
X-D-Time
X-Cachable
X-AVG
X-Cluster
X-Debug-Token
X-ENV
X-EBAY-C-REQUEST-ID
X-SRVID
X-Meta-MSThemeCompatible
Content-ID
Content
X-Confluence-Request-Time
X-PressLabs-Stats
X-AVG-REWRITE
Http
Orgin-Server
Activity-Id
X-InDy-Time
X-InDy-Memory
X-InDy-Query
X-Pj-Cache-Status