Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Set-Cookie
Connection
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
Link
ETag
X-Content-Type-Options
P3P
X-Pingback
X-XSS-Protection
X-Frame-Options
X-AspNet-Version
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
Via
Strict-Transport-Security
X-Adblock-Key
X-Varnish
Access-Control-Allow-Origin
X-Check
X-Language
X-Template
X-Buckets
X-Cacheable
X-Generator
Content-Location
X-Drupal-Cache
X-AspNetMvc-Version
X-Hacker
X-Ac
P3p
X-Powered-By-Plesk
MS-Author-Via
X-Type
X-Pass-Why
X-Cache-Group
X-Xss-Protection
X-Request-Id
X-Runtime
WP-Super-Cache
X-Powered-CMS
Status
X-Cache-Hits
Ngpass-Ngall
X-Permitted-Cross-Domain-Policies
X-Request-ID
Host-Header
X-Download-Options
Keep-Alive
Access-Control-Allow-Credentials
X-ShopId
X-Dc
X-Alternate-Cache-Key
X-ShardId
X-UA-Device
X-Iinfo
Access-Control-Allow-Headers
X-Via
X-Mod-Pagespeed
Access-Control-Allow-Methods
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Ua-Compatible
Content-Security-Policy
X-Logged-In
X-Pad
X-Tumblr-Pixel-1
X-Backend
X-Served-By
X-ServedBy
X-ContextId
X-Tumblr-Pixel-2
Content-Security-Policy-Report-Only
X-Cache-Status
X-PC-Key
X-PC-Hit
X-Host
X-Server
Powered-By
X-CDN
X-Frame-OPTIONS
X-FRAME-OPTIONS
X-Cache-Hit
Upgrade
Content-Encoding
X-Port
X-PC-AppVer
X-PC-Host
X-PC-Date
X-Tumblr-Pixel-3
X-Timer
X-Robots-Tag
X-Accel-Version
X-Cache-Lookup
X-Rack-Cache
MicrosoftSharePointTeamServices
MicrosoftOfficeWebServer
X-Varnish-Cache
SPRequestGuid
X-SharePointHealthScore
X-Cnection
X-Request-Country
X-Amz-Cf-Id
X-XRDS-Location
X-MS-InvokeApp
X-Page-Speed
X-Server-Powered-By
X-Turbo-Charged-By
X-AH-Environment
X-Safe-Firewall
X-Wix-Renderer-Server
X-Seen-By
X-Wix-Request-Id
Alt-Svc
CF-Cache-Status
Rating
X-Content-Powered-By
X-Tumblr-Content-Rating
X-Node
X-Content-Digest
X-W-DC
X-Cache-Enabled
X-Tumblr-Pixel-4
Public-Key-Pins
X-Webserver
X-GitHub-Request-Id
X-FullPageCaching
X-PhApp
Request-Id
X-INKT-URI
X-INKT-SITE
SPIisLatency
SPRequestDuration
Composed-By
X-Firenze-Processing-Times
Served-By
X-Amz-Request-Id
X-Amz-Id-2
X-HeyJason
Permitted-Cross-Domain-Policies
Cf-Railgun
Timing-Allow-Origin
Liferay-Portal
X-Proxy-Cache
X-SERVER
X-Hyper-Cache
Xkey
Surrogate-Key
X-Spip-Cache
Surrogate-Key-Raw
X-Styx-Version
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
Access-Control-Expose-Headers
X-Server-Name
X-Content-Security-Policy
Access-Control-Max-Age
X-Swift-SaveTime
X-Swift-CacheTime
Charset
EagleId
Content-Script-Type
X-CDN-Pop-IP
X-CDN-Pop
X-FW-Hash
X-Tumblr-Pixel-5
Content-Style-Type
X-CF-Powered-By
Grace
X-Drupal-Dynamic-Cache
Content-MD5
X-FW-Static
X-FW-Serve
X-FW-Type
X-Hits
Access-Control-Allow-Method
X-FB-Debug
X-XN-Trace-Token
X-XN-XNHTML
X-Clacks-Overhead
Public-Key-Pins-Report-Only
X-VCache
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-User-Agent
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
Refresh
X-Cache-Server
X-Device
X-Backend-Server
X-Jimdo-Instance
X-Jimdo-Wid
Real-Hostname
X-Loop
X-TNCMS
X-Cache-Result
X-Umbraco-Version
X-Tumblr-Adult-Blog
X-Cloud-Trace-Context
X-Cache-Config
X-DDC-Arch-Trace
X-MiniProfiler-Ids
X-ServerName
X-Age
X-Forwarded-For
X-Px
Edge-Control
X-Generated-By
X-Hostname
X-LiteSpeed-Cache
PageSpeed
X-Cached-By
X-Url
X-Tumblr-Pixel-6
X-Cached
X-DynaTrace-JS-Agent
Surrogate-Control
X-Powered-By-360WZB
Fastly-Debug-Digest
X-DynaTrace
Fpc-Cache-Id
NS-RTIMER-COMPOSITE
X-Outils-CS
Cartoon
TCN
X-CMS-Version
Response
X-Whom
X-Middleton-Response
Display
X-WebKit-CSP
X-Sol
X-Middleton-Display
WZWS-RAY
X-Msg-2-Log
X-URL
Imagetoolbar
Product
X-Recruiting
X-Varnish-Cache-Hits
X-TTL
X-Cdn
Rt-Fastcgi-Cache
X-From
DynaTrace
X-AspNetWebPages-Version
X-Handled-By
Front-End-Https
Page-Completion-Status
X-HOST
X-Country-Code
X-VARNISH-Cache
X-Content-Options
ServedBy
X-Do-Not-Hack
Access-Control-Request-Method
X-Content-Encoded-By
Fhost
X-NetCat-Version
Alternate-Protocol
IBM-Web2-Location
Generator
X-Server-ID
X-Matrix-Server
X-Newrelic-App-Data
X-Matrix-Proxy
X-Track
X-Micro-Cache
X-Hosted-By
Akamai-IP
X-App-Hosting
X-Origin
X-UD-Method
X-Varnish-Beresp-Ttl
X-ApacheServer
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Returned-From-DLL
X-OneAgent-JS-Injection
X-Passed-To-DLL
Powered-By-ChinaCache
X-Returned-From
X-Actual-URL
X-BC-Stapler
X-Original-Request
X-Expires-Orig
X-Passed-To
Magicmarker
X-Varnish-Backend
X-Firenze-Processing-Time
ServerName
X-Stale
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-Abuse
Powered
X-S
Origin
X-I
X-Platform
X-LiteSpeed-Cache-Control
X-Varnish-TTL
MIME-Version
X-Source
X-Cache-Age
X-Version
X-ATG-Version
X-Varnish-Host
Content-Hash
X-SDS
X-CacheServer
Content-Encoding-Handler
Content-Disposition
X-Art-Request-Id
X-PERF
X-Upstream
X-SRCache-Store-Status
X-SRCache-Fetch-Status
USPLoggingUUID
X-Vtex-Processado-Em:
X-Vtex-Processed-At
X-Vtex-Remote-Cache
No
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-Edge
X-Powered-By-VTEX-Janus-ApiCache
X-Powered-By-VTEX-Janus-Edge
X-VTEX-Cache-Status-Janus-ApiCache
X-Varnish-RemainingTTL
X-Powered-By-Server
X-Varnish-Seen-By
Surrogate-Keys
X-Gamma-Serve
X-Cache-TTL
Node
X-Location-Id
X-Magnolia-Registration
X-Developer
Host
X-URLSCHEME
X-Request-Time
X-Microcachable
X-RESOURCE
X-Response-Time
X-Daa-Tunnel
X-BS
Ag-Server-Time
X-I-Sp
X-Goog-Hash
Ag-Execution-Time
Ag-Send-Time
X-Varnish-Cacheable
Lsrequestid
X-Cache-Info
X-Device-Type
X-Microcache-Status
X-Duration
X-Translation
X-Director
ServerID
X-Beta
X-Gateway
X-Drectory-Script
X-Cache-Rule
X-Cache-Debug
X-DNS-Prefetch-Control
X-DefendeR-Runtime
X-DefendeR-Status
X-Instart-Request-ID
X-PwB-Node
X-Vcap-Request-Id
X-Zen-Fury
X-Cache-Lifetime
Pics-Label
X-Engine
X-Route-Server
Proxy-Connection
X-FW
Content-Security-Policy-Rerport-Only
X-Varnish-Age
Version
X-CJ-Soft
X-B-Cache
X-Cache-Control-Orig
X-Time
X-Geo-IP
X-Fastcgi-Cache
X-Cache-Tags
X-Rocket-Nginx-Bypass
SN
Arr-Disable-Session-Affinity
X-Front
X-ACMCache
Proxy-Agent
Fastcgi-Cache
CC-CACHE
Location
X-FORWARDED-FOR
X-Geo-IP-Region
X-Geo-IP-Metro
MJ12bot
X-Geo-IP-Country
X-NoCache
X-Geo-IPV
X-Revision
SEOMOZ
X-ServerID
Srv
Buuteeq-Source
X-Processing-Time
X-Mobilized-By
X-Cache-Expires
Server-Info
X-Platform-Router
X-Frontend
X-Akamai-Device-Characteristics
X-Platform-Processor
X-Varnish-Server
X-Akamai-Device-Model
X-N
Nodo
Nitro-Cache
X-Grace
Edge-Control-Message
Cache
Last-Published
Filter-Revision
X-NB-Cached-Page
PICS-Label
X-NFE
A-Powered-By
X-SE-Debug
Cache-Key
X-AbeBooks-Version
X-NginX-Upstream-Addr
X-NginX-Upstream-Status
Content-Transfer-Encoding
X-NginX-Upstream-Response-Time
X-NginX-Cache-Status
X-Nurl
X-NginX-Node
NetMindSessionID
X-Nhost
AMF-Ver
X-Real-Server
X-Cookie-Domain
X-Hypernode
Webluker-Edge
X-Yadis-Location
WSR-Cache
X-ClientSide-Caching
X-Varnish-Count
X-Varnish-HitMiss
X-SV-CreatedAt
Qs-Cache
X-SV-CacheTags
X-SV-Duration
X-SV-Edge
X-SV-Nginx-Duration
X-SV-Pid
X-SV-Expires
X-SV-FromDBCache
X-Amz-Version-Id
X-Varnish-GracePeriod
Author
X-Varnish-RemainingLife
X-LW-Web-Server
X-Dispatch
X-Varnish-ObjectSource
X-Speed-Cache
X-Speed-Cache-Key
X-Cache-Operation
X-A
X-AOL-HN
X-Content-Age
HCVer
X-StackifyID
X-Trace
X-Discourse-Route
X-Varnish-Grace
HAVer
X-Server-Upstream
Retry-After
X-Blog
WWW-Authenticate
X-Server-Response-Time
Accept-Charset
X-WR-Flags
X-Page-Cache
X-Varnish-IP
X-Processed-By
Host-Service
X-Garden-Version
X-Xrds-Location
X-Machine-Name
X-Adobe-Content
X-Adobe-Loc
X-Mobile-URL
W
X-Cache-Key
X-GeoIP-Country-Code
Accept-Encoding
X-Varnish-RemainingGrace
X-Directory-Script
X-Platform-Cache
X-CDN-Cache-Status
X-Varnish-Ttl
X-LB
X-Orig-Vary
X-CDN-Node
X-Nitra-Side
X-Empowered-By
X-Server-Id
Logging-CorrelationId
X-Origin-Id
X-Server-Start-Time
X-Config-By
X-Varnish-Hits
X-PF-Uncompressing
X-Client-IP
X-BackendServer
X-Sys-Req-ID
SSPAppContext
Cm-Server
X-XTM-Node
X-Varnish-Hostname
CacheControlHeader
Mobiquo-Is-Login
X-GeoIP-Country-Name
RTSS
S
X-Worker
X-Cf-Powered-By
X-Yottaa-Optimizations
NtCoent-Length
X-Yottaa-Metrics
X-Cocoon-Version
X-Dynatrace
X-Correlation-Id
X-Debug
S-Cnection
X-Framework
X-Session-Reinit
Ibf5scheme
COMMERCE-SERVER-SOFTWARE
X-Application-Context
X-Highwire-SessionId
X-Highwire-RequestId
X-FIRSTBase
X-GeoIP
X-SmartBan-Host
Server-Name
Req-Id
SVR
X-Grid-Server
X-Symfony-Cache
X-SmartBan-URL
X-Cache-Doesi
X-Storage
Frame-Options
VServer
Allow
X-UPSTREAM
X-Kinsta-Cache
X-Purge-URL
IISExport
X-SDE-Name
X-Cache-PageType
X-Ttl
Id
BALANCEDTO
X-Nginx-Host
X-Supported-By
X-AOL-SNH
Section-Io-Id
Cached
X-JG-Page-Cache
X-Cache-Fix
X-IsCacheURL
Backend
X-Edge-Location
X-V
X-CDN-Forward
X-Balanceador
Eomportal-Instance
X-Jphone-Copyright
X-Varnish-Debug-Age
X-IIJ-Cache
CT
Device-Type
X-Trace-Cache
NODE
X-Amz-Storage-Class
Keywords
Rewriter
X-NginX-Cache
X-Accel-Expires
X-Smartcache-Keys
Front
NnCoection
X-Smartcache-Timeout
X-TempDebug
SRV
X-Webcelerate
X-WA-Info
X-WP
X-App-Server
X-Pagename
X-Hit-Cache
X-Cache-Control
X-BKSrc
X-LB-Server
X-HW
X-Varnish-Action
Pool-Info
From
X-Nginx-Cache
XDomainRequestAllowed
Cneonction
X-Server-IP
X-SRV
X-Airee-Node
X-Sov
X-Provisioner-Version
X-Connection-Hash
X-Rot
X-Hosts-Backend
X-Resolver-IP
A
Warning
X-EDGECONNECT-GUID-DEBUG
X-Domain-Checked
X-Sucuri-ID
X-EC-Security-Audit
X-App-Status
X-PoweredBy
X-Twitter-Response-Tags
X-Webstats-RespID
X-Transaction
X-F-Cache
ScoreTracker
X-Purge-Host
Beyond-Iis
X-Vary-Options
Thanks
X-Plat
X-NginX-Server
X-HP-Trace-ID
IM-Version
X-WEBSERVER
X-Distributed-By
X-HP-Trace-Project
X-ORACLE-DMS-ECID
Xc
X-Response
X-B
X-Flow-Powered
X-TTFB-L
X-Amz-Meta-S3cmd-Attrs
X-TempoPesquisa
X-Actindo-RS
X-Force
X-App
X-Atraveo-Expires
X-Dispatcher
X-PRAM
X-Desc
X-Varnish-Debug-TTL
X-SmugMug-Values
X-Real-IP
Prxy
Ksid
X-RiS-UFDI
Smug-CDN
X-Env
X-Atraveo-Cache-Control
X-Atraveo-ETag
X-SmugMug-Hiring
X-Atraveo-From-Varnish-Cache
X-Prefetched
Cluster-ID
X-ARC
X-TTFB
X-Optimization
X-Cache-On
Myheader
X-Atraveo-Set-Cookie
X-RDP
N365rili
X-Plat-Be-Ip
X-Atraveo-TTL
X-Cache-Action
Sophnep-Edge-FX
X-Source-ID
X-Plat-Va-Ip
X-Atraveo-Varnish-Server-Id
X-Unique-Id
X-Akamai-Edgescape
X-Atraveo-Zone
Content-Server
X-Atraveo-Param-Rm
X-VC-TTL
X-ID
SiteName
X-Dw-Trace-Id
X-Varnish-Instance
X-Node-Name
Dynatrace
TP-Cache
X-REDIRECTSERVER
VAR-Cache
X-Cache-Engine
TP-L2-Cache
X-Uid
X-Id
D
X-ServerIndex
X-Captured
X-W3TC-Minify
X-SV
Cdate
MW-Webserver
NLCacheNote
X-NewRelic-App-Data
WP-AdvCache-MemCached
X-Invoke-Duration
X-Rebelmouse-Cache-Control
X-Cache-TTL-Remaining
X-Cache-Keep
Noq
X-Magento-Tags
PowerCDN
Ram
X-CacheResult
X-Rebelmouse-Surrogate-Control
Real-Server
RN-Server
Cpu
X-Unbounce-PageId
Ttl
X-Unbounce-Variant
X-Unbounce-VisitorID
X-Key
X-Esi
P-LB
X-Time-Microsecs
X-HTML-Minification-Powered-By
P-WS
X-Server-Instance
ORIGIN
X-Ratelimit-Remaining
ServerTokens
X-Unique-ID
Cmstype
X-Detected-Device
X-Edge-IP
X-Info
ServerSignature
Cmsid
X-EPiphany-Vid
X-Is-Mobile
X-Do-Esi
Description
MC
X-Client-Vid
X-Client-Image-Vid
Fastly-Backend-Name
X-Content-Security-Policy-Report-Only
Head
X-Vhost
X-Cms-Mode
X-B2f-Not-Route
X-Dev
Ngpass-Vcall
SBGI-1
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
Copyright
Worker
SBGI-RenderTime
Hosted-By
X-AWS
Sid
APP-VERSION
AC-ELC
X-N-ViewType
AsisCache
LBC
X-DSMX-Render-MS
CmsCacheEngine
X-ASAP-Cache
SBGI-Device
X-T3Cache
X-T3CacheInfo
SBGI-7
X-T3CacheTags
X-Middleton-PageSpeed
X-Healthy
X-Enhanced-By
CLMOB
SBGI-10
X-Clara-ASAP
SBGI-RealPath
SBGI-5
X-DSMX-Rewrite-MS
X-Srv
X-Forwarded-Proto
Hash
Web
X-Site:
X-Server-Instance-Name
X-Cache-Provider
SBGI-9
OT-RequestId
X-Server-By
Paypal-Debug-Id
X-HAProxy
X-WorkerInstancename
X-Distributor
X-CB-Server
X-GSL-Server
X-MrHost
X-Server-Generated
X-PG
X-MAT-GEO
X-Avvio-Cms-Cacheload
Bios
CommunityServer
X-Cache-Source
Ibm-Web2-Location
X-Remote-Addr
X-CSRF-TOKEN
Cache-Rule
X-Pagely-Cache
Accept-Language
X-Proxy-Cache-Key
X-Appmachine-Environment
Content
Hamster
X-Sentry-Token
Kanooh-Host
Servername
X-Cache-Node
X-Rack-Cors
Og
X-SID
Mime-Version
Imx-Cookies-Used
X-Src-Webcache
X-Cache-Set
X-Frames-Options
X-We-Are-Hiring
X-CACHE-TTL
X-Cache-Backend
X-Environment
X-Ocache
X-Hiawatha-Cache
User-Agent
MageStack-Debug
MageStack-Config
Ec
MageStack-Loadbalancer
MageStack-PageSpeed
MageStack-Cacheable
MageStack-Cache-Warning
MageStack-Cache
MageStack-Cache-Hits
MageStack-Cache-Lifetime
MageStack-Cache-Status
MageStack-Tag
MageStack-Web-Node
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
Il-Cl
X-RequestId
X-Platform-Server
MageStack-Area
X-Apm-Telemetry-Syncmark
X-MobileDetected
X-DTC
X-Hstore
X-Hrouter
Set-Cookie2
X-Trace-Id
X-Amz-Id-1
Note
Fw-Via
X-HP-CAM-COLOR
X-EdgeRouter
X-Varnish-Esi-Method
X-Varnish-Set-Cookie
X-Varnish-Store
X-Varnish-URL
X-Varnish-Esi-Access
X-Varnish-Currency
X-Render-Time
X-Turpentine-Cache
X-Turpentine-Esi
B-Powered-By
Dispatcher
X-AppServer-Status
X-AppServer-Cache-Rule
WSCLoggingUUID
X-MSU-SOURCE
Nginx-Cache
X-Full-URL
X-Box
X-Rack-CORS
X-Cache-Extended
X-GRACE
X-Fstrz
XX
X-Search-Id
X-WR-MODIFICATION
X-ProxyInstancename
User-Cache-Control
X-7d-Instance-Id
X-HITS
X-Clx-Request
X-7d-Trace-Id
NS-VaryByCustom-Key
X-Company
Ctx
Svr
Actual-Object-TTL
X-MCF-ID
X-Ob-Mode
PServer
X-Wm-VIP
X-Wm-1
X-OCTOPOD
LBVIS
E-TAG
Max-Age
WFE
X-ACCELERATE
X-Nginx
X-Varnish-Error-Restart
X-Varnish-Backend-Healthy
X-Stage
X-Litespeed-Cache-Control
X-COUNTRY-CODE
X-Hosting
X-TB-M
X-Magento-Action
X-Header
X-AccessDev
X-Restarts
IsMobile
Resin-Trace
X-DealerOn
Mto-License-Status
Cteonnt-Length
X-SeschatDID
X-Secret
Server-Id
X-DEBUG
X-SeschatTemplateID
X-Test
NZSpeedy
X-Pj-Cache-Status
X-Artvisual-Server
Server-Ip
X-SeschatLayout
X-SeschatRedID
X-Seschat-URL
Device
INCOMING-TIME
X-DN-Cache-Control
Referrer-Policy
X-Content-Type
Host-Name
X-LW-T
X-Flex-Tags
NKBVHEADER
X-Pj-Cache-Key
X-Varnish-Cache-Control
Apache
X-Gyrobase-Publication
X-Egnyte-Request-Id
ServerIP
X-DOM
Progma
X-DN-GyrobaseID
X-VC-Enabled
X-WebNode
X-Serendipity-InterfaceLangSource
X-Status
X-VCS-Billing
X-VCS-Cache-Server
X-Serendipity-InterfaceLang
X-FreeTag-Count
X-Dynamic-Cache
X-Faeria
X-Analytics
VC-NoCache
XDisk
X-Old-Content-Length
X-VCS-Cacheable
Session-Id
X-ACLR-Version
X-VCS-Status
X-VCS-Ttl
X-VCS-Url
X-BeResp-Ttl
X-Browser
X-VCS-Host
X-VCS-Hit
X-VCS-Nrhit
X-Nginx-Request-Time
X-Jcms-Ajax-Id
X-GoCache-CacheStatus
X-JSESSIONID
Apachenode
Access-Control-Request-Headers
X-NewCloud-V-Cache
X-LOCATION
X-Route
VnhCdn-Status
VANITY-HOST
X-Cache-Handler
X-Backend-TTL
X-Cache-ID
X-Cms-Server
Proxy-Cache
X-Say-Cacheable
X-Amz-Meta-Cb-Modifiedtime
Content-Instance
Backend-Timing
X-Not-Cacheable
X-MCB-Server
X-Magento-Cache-Debug
X-Time-Spent
X-Flex-Tag
X-Say-TTL
X-SayCDN-TTL
X-SayCDN-UA
X-Hosting-Env
X-CDN-COMPRESS
X-Cache-Level
X-Meta-MSSmartTagsPreventParsing
X-Meta-Imagetoolbar
X-Meta-MSThemeCompatible
X-Proto
X-RealServer
X-Instance-Name
MSThemeCompatible
X-Phpwcms-Page-Processed-In
X-CPU-Time
X-Phpwcms-Release
Httpd-Identifier
MSSmartTagsPreventParsing
X-Server-Addr
X-T
X-ORACLE-DMS-RID
X-FCMS-Cache
X-Pressidium-NinukisWP-Ver
X-RSS-CACHE-STATUS
X-Span
X-DataDome
X-ASAP-Age
AGI-Request-ID
Provider
X-4ormat-Cacheable
X-AG-MIPS
X-Author
X-AISO-Server
X-AUSERNAME
X-ATM-RTime
X-Client-Ip
X-DeliveryServer
X-Geo
X-ATM-RServer
X-ASEN
X-HostName
X-Litespeed-Cache
SS
X-Application
X-AREQUESTID
X-HASH
X-Flex-Lastmod
GenSvr
Apple-Itunes-App
Kp-EeAlive
X-AISO-Cache
X-AISO-Cacheable
X-Fpc
X-ClusterID
X-EntryPoint
X-Fallback
Content-Cache
Tracker
BKREF
X-LS-DEBUG
X-Flex-Evend
SL-NOREWRITE-REDIRECTS
X-Backend-Name
Aurora-Node
X-Flex-Evstart
X-PBY
X-Flex-Lang
X-Cache-CFC
X-Cluster-Node
X-Flex-Community
Pool
X-Signature
X-Rewritten-By
X-Hcom-Styx-Info
X-ManagedFusion-Rewriter-Version
X-Hit
WP-Cache
Machine
X-EZPublish-InstallationID
X-Built-By
X-EZPublish-NodeID
X-Nocache
Serverid
X-Cookies-Stripped
X-Domino-CacheValidationWithETagReason
X-Domino-CacheValidationWithETagResult
X-Powered-By-Home.Pl
X-Cache-Me-Harder
X-VERSION
X-Ratelimit-Limit
X-Capoed
X-Accel-Cache-Control
Cleartype
Prototype-RootPath
Aoestatic
Public-Extension
MachineName
Redirect
HA-Ipaddr
ResourceTag
HA-Urlpath
HA-Front
X-SayCDN-DevType
X-SilverStripe-Cache
X-RAMCache
Exires
X-OPNET-Transaction-Trace
X-Pixelsilk-Version
X-Generated
X-DynamicCache
X-Max-Age
X-Mii-Cache-Hit
X-Pb-Mii
X-Device-Group
X-ATP-Server
X-Vhost-ID
V-Age
Www.Aujourdhui.Com
X-Requested-Page
X-Varnish-Max-Age
From-Origin
X-Hash
X-Pixelsilk-Server
RouteID
X-Pj-Cache-Flags
X-HA
X-Cluster
X-Ratelimit-Reset
Tempo
X-CCM
X-Checkout
X-Pj-Cache-Time
X-Magento-Lifetime
Response-Time
Origin-Server
X-9XB-Server
SBMCLOUD
X-Cluster-Host
Expire
Charly
X-OneLinkTook
X-Wily-Info
X-Wily-Servlet
HA-Geolon
X-Depends
X-E
HA-Geolat
QC-Time
HA-Backend
HA-Cloudapp
HA-Geocity
QC-Key
QC-Hit
X-Mobile
X-Timing
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-OneLinkServiceType
X-OneLinkProcessing
X-Site-Name
X-Router-Backend
X-SuperCache
X-Tags
X-Magento-Cache-Control
HA-Host
X-Router
X-DDM-SERVER
X-DDM-SERVER-UPDATED
HA-Geocountry
X-Provided-By
X-Tradeindia-Request-GUID
X-Tradeindia-SMgmt
X-Fedora-School-Id
X-NewsFlow-DoCache
X-NewsFlow-Sitename
X-OneLinkHost
X-Catalyst
Server-ID
HA-Georegion
X-UseReverse-Proxy
X-Webapp
ReqUrl
RSL-Trace-ID
X-Expose-Took
SERVER-IP
Language
RequestId
Ews
Be
X-UUID
X-Beatles-Hits
X-SL-Norewrite
X-SL-Notranslate
X-Request-Received
X-TargSmaku
X-Block
X-Zendesk-Origin-Server
X-Zendesk-User-Id
X-Runtime-Memory
X-Wix-Route-ID
Backend-Name-Original
X-ETag
X-WHOIS-Cached
Pw-Value
X-Xhr-Current-Location
Expiries
Content-ID
EWHSERVER
Fpc-Expire
X-Powered-Developer
X-PF-CACHE-FAILED
Web-Server
DNNOutputCache
Http
X-FastCGI-Cache
X-Cache-Why
Rt-Proxy-Cache
X-Your-GrandPa-Would-Wait
X-Venda-Hitid
EXT-CACHEEXPIRE
X-Trace-App
X-TTL-Age
X-Would-Your-GrandPa-Wait
X-Does-He-Have-Time
X-DEBUG-TTL
X-FarmId
X-Cache-Via
X-Channel-Maxage
X-Gannett-Site-Version
X-Pageid
X-UA
X-Request-Processing-Time
MwpReleaseVersion
DrivedBy
CD2
X-Cachable
X-Ants-Host
X-PM-ID
HOST-SERVICE
DB-Nickname
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-VhostID
X-FG-RequestId
X-Static
X-Ghost-Cache-Status
X-Upstream-Backend
X-This-Proto
X-Bypass-Ssl-Transform
X-Batcache
X-ESI
X-Theme
X-RequesterIP
X-APP
X-ESI-Enable
X-FFX-B
X-Matched-Rule
X-Highwire-Sitecode
X-Expose-Generated
X-Expose-Hostname
X-Expose-Site
DeleGate-Ver
NodeId
X-DPWN-IS-SECURE
Realaction
X-BPool
X-Device-Class
X-BServer
MtcHosted
X-OpenCart-Lightning
X-IP-Address
X-Ants-Machine-Id
X-PageType
X-Obr-Rule
X-WebKit-CSP-Report-Only
X-Cacheable-TTL
X-KoobooCMS-Version
Brandcast-Brand-Id
X-Rq
Brandcast-Load-Balancer
Cache-Status
X-Cache-Detail
X-Forwarded-Server
X-Forwarded-Host
X-NGINX-Cache
X-RemovedCookies
X-ProcessESI
Debug-Status
X-IP