Threat Level: green Handler on Duty: Rick Wanner

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
X-AspNet-Version
Link
P3P
X-Content-Type-Options
X-XSS-Protection
X-Cache
Age
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
X-Adblock-Key
X-Frame-Options
Keep-Alive
Content-Location
CF-RAY
X-Varnish
X-Check
X-Language
X-Template
X-Buckets
X-Cacheable
P3p
Access-Control-Allow-Origin
X-Generator
X-Drupal-Cache
X-Ac
X-Hacker
WP-Super-Cache
Status
MS-Author-Via
X-AspNetMvc-Version
X-Powered-By-Plesk
Strict-Transport-Security
X-Pad
X-Runtime
X-Geo-Port
X-Geo
X-Request-Id
X-Powered-CMS
X-Host
MicrosoftOfficeWebServer
X-Type
X-Cache-Group
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Server
Ngpass-Ngall
X-Cache-Lookup
X-Logged-In
X-Mod-Pagespeed
X-Cache-Hits
X-UA-Device
Host-Header
X-Rack-Cache
MicrosoftSharePointTeamServices
X-Via
X-Url
X-Iinfo
X-CF-Powered-By
X-Tumblr-User
X-Backend
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Allow-Headers
X-XRDS-Location
SPRequestGuid
X-Forwarded-For
X-SharePointHealthScore
Access-Control-Allow-Methods
X-Tumblr-Pixel-1
Content-Encoding
X-Served-By
X-Varnish-Cache
X-Robots-Tag
X-Accel-Version
X-Tumblr-Pixel-2
X-INKT-SITE
X-INKT-URI
X-Page-Speed
X-Ua-Compatible
X-MS-InvokeApp
X-BC-Is-HA
X-ContextId
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-ServedBy
X-Cnection
X-PhApp
X-CDN
X-Seen-By
X-Webserver
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId
X-Dc
X-Sorting-Hat-PodId-Cached
Composed-By
X-Safe-Firewall
X-Pass-Why
Served-By
X-Cache-Hit
X-Firenze-Processing-Times
X-Hostname
X-PC-Key
X-PC-Hit
X-PC-Date
X-PC-Host
X-PC-AppVer
X-Request-ID
X-Port
X-AH-Environment
X-XN-Trace-Token
X-XN-XNHTML
X-Cache-Status
X-Tumblr-Pixel-3
Cartoon
X-Powered-By-360WZB
X-Spip-Cache
X-W-DC
Content-Security-Policy
Liferay-Portal
Cf-Railgun
X-Amz-Cf-Id
X-Age
X-Wix-Renderer-Server
X-Wix-Dispatcher-Cache-Hit
X-FullPageCaching
X-Wix-Request-Id
X-Amz-Id-2
Content-Script-Type
X-Server-Name
Content-Style-Type
X-Umbraco-Version
X-Cache-Info
X-Amz-Request-Id
X-HeyJason
X-Content-Digest
Request-Id
SPIisLatency
SPRequestDuration
X-Served-From-Cache
X-SERVER
X-FB-Debug
X-Pantheon-Endpoint
X-Styx-Build-Date
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Hyper-Cache
X-Styx-Build-Num
X-Styx-Build-Sha
X-Styx-Version
X-Cache-Server
Rating
X-Timer
X-Device
X-Cache-Result
X-Outils-CS
X-Clacks-Overhead
CF-Cache-Status
X-DynaTrace
X-TN-ServedBy
Real-Hostname
X-Loop
X-PHP-Engine
X-VCache
X-Source
X-Px
Refresh
X-Tumblr-Pixel-4
X-PersistenceNode
TCN
X-Cached-By
X-Rot
DynaTrace
X-Mobilized-By
X-TNCMS-Served-By
X-TNCMS-Version
X-TNCMS-Render-Time
X-TNCMS-Memory-Usage
X-Cache-Enabled
NS-RTIMER-COMPOSITE
Powered-By-ChinaCache
Imagetoolbar
X-Generated-By
X-CDN-Any-IP
X-CDN-Geo
X-DynaTrace-JS-Agent
X-CDN-Geo-IP
Powered-By
Public-Key-Pins
X-Cached
Magicmarker
IBM-Web2-Location
Page-Completion-Status
X-From
X-Microcachable
X-Original-Content-Length
X-Tumblr-Content-Rating
X-Content-Encoded-By
X-Content-Security-Policy
X-Loc
Product
Thanks
X-CMS-Version
X-Backend-Server
X-Tumblr-Pixel-5
Access-Control-Max-Age
X-Matrix-Server
X-Zephyr
X-Matrix-Proxy
X-W3TC-Minify
Charset
X-Firenze-Processing-Time
X-DDC-Arch-Trace
X-WebKit-CSP
X-Powered-By-Anquanbao
X-Xrds-Location
X-Permitted-Cross-Domain-Policies
X-Jimdo-Pid
X-Jimdo-Wid
X-Node
Generator
Response
Proxy-Agent
Pics-Label
X-Sov
X-I
X-FW-Hash
Retry-After
X-FW-Serve
X-FW-Type
X-FW-Static
MIME-Version
Content-Encoding-Handler
X-Processed-By
ServedBy
X-Varnish-Host
X-App-Hosting
X-Varnish-Cacheable
X-SDS
Display
X-Sol
X-Middleton-Display
X-FORWARDED-FOR
X-Version
Lsrequestid
Node
X-Varnish-Backend
X-Content-Options
X-Drectory-Script
CC-CACHE
X-Middleton-Response
X-User-Agent
Set-Cookie2
Access-Control-Request-Method
X-Cache-Debug
X-DNS-Prefetch-Control
PICS-Label
X-UD-Host
X-UD-Method
SID
X-AspNetWebPages-Version
X-NoCache
ServerName
X-Purge-Host
X-Cache-Expires
X-Expires-Orig
X-Original-Request
X-Varnish-TTL
X-Duration
X-VARNISH-Cache
Host
RTSS
X-Returned-From-PostProcessResponse
X-LiteSpeed-Cache
X-Actual-URL
X-Hits
X-Returned-From-DLL
X-Handled-By
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Returned-From
X-Passed-To-BeforeDispatch
X-Passed-To
X-Returned-From-BeforeDispatch
X-PF-Uncompressing
IISExport
X-ATG-Version
X-ApacheServer
X-Swift-SaveTime
X-Swift-CacheTime
X-SN
X-Cache-Config
Id
X-Hosted-By
X-Whom
X-Cache-Control-Orig
VAR-Cache
Edge-Control
NODE
X-Nitra-Side
AMF-Ver
X-Director
Cache-By-Node
COMMERCE-SERVER-SOFTWARE
X-Proxy-Cache
Content-Disposition
X-Micro-Cache
Accept-Encoding
X-PERF
X-Varnish-Hits
X-Cookie-Domain
MJ12bot
X-PwB-Node
SEOMOZ
Machine
X-TTL
Surrogate-Control
X-Front
X-Purge-URL
X-Art-Request-Id
Fhost
X-MiniProfiler-Ids
X-ServerID
X-Vary-Options
Cm-Server
Filter-Revision
SN
X-Speed-Cache
X-Speed-Cache-Key
X-FIRSTBase
X-Cocoon-Version
S
X-App-Status
X-URL
Srv
X-WEBSERVER
X-Cache-Rule
WWW-Authenticate
X-Varnish-IP
Cache
Server-Info
X-Engine
X-CJ-Soft
Website-Info
X-Blog
X-Session-Reinit
X-Varnish-Server
Upgrade
X-Highwire-RequestId
X-ServerName
X-Highwire-SessionId
Ngpass-Vcall
X-Varnish-Age
X-Trace-Cache
X-Response-Time
X-Track
Accept-Charset
X-Stale
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-S
X-Yadis-Location
X-SRV
X-Domain-Checked
X-GeoIP-Country-Code
X-Cache-Operation
X-Provisioner-Version
Grace
X-GeoIP-Country-Name
Origin
X-Distil-CS
Req-Id
X-FW
Nodo
A-Powered-By
Server-Name
X-Varnish-Cache-Hits
Fpc-Cache-Id
X-HostName
X-Cache-TTL
Proxy-Connection
NtCoent-Length
Powered
X-Time
X-Country-Code
Location
X-BackendServer
Buuteeq-Source
X-App
X-ID
X-ACMCache
X-Cluster-Node
MIH-CLIENT-FARM
MIH-PLATFORM
X-Server-ID
MIH-PUBLIC-IDENTIFIER
NetMindSessionID
X-Microcache-Status
Webluker-Edge
X-Geo-IP
ServerID
X-Ttl
X-Device-Type
X-Varnish-Object-Age
Backend
X-Orig-Vary
Qs-Cache
X-Frontend
X-Cache-Age
X-Sys-Req-ID
X-Gamma-Serve
X-Secret
X-LIGHTHTTP-PCDID
X-Bettercache-Proxy
CT
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Tumblr-Pixel-6
X-Varnish-Beresp-Ttl
X-Adobe-Content
X-TempDebug
XDomainRequestAllowed
X-Object-Type
PageSpeed
X-Object-Id
X-Server-Id
X-Header
X-Srv
MW-Webserver
X-Location-Id
Beyond-Iis
CommunityServer
X-Translation
X-AOL-SNH
LBVIS
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-Edge
Dispatcher
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
SS
X-VTEX-Cache-Status-Janus-ApiCache
Content-Transfer-Encoding
X-Powered-By-VTEX-Janus-Router
Apache
X-Powered-By-VTEX-Janus-ApiCache
X-Vtex-Processed-At
Server2
No
X-Request-Locale
X-Powered-By-VTEX-Janus-Edge
Content-MD5
X-Directory-Script
X-TNCMS
Rt-Fastcgi-Cache
X-Cache-Lifetime
X-Cache-Action
X-Connection-Hash
X-Distributed-By
X-Transaction
X-Twitter-Response-Tags
X-Varnish-Count
Ms
X-Cache-On
X-Venda-Hitid
X-Wily-Info
X-Src-Webcache
X-ServerCache-Info
X-CHSN
X-Varnish-HitMiss
X-Recruiting
X-Wily-Servlet
X-Atraveo-Cache-Control
X-Atraveo-Varnish-Server-Id
X-Atraveo-TTL
X-Atraveo-NC
X-Machine-Name
X-Atraveo-From-Varnish-Cache
X-FreeTag-Count
UniqueName
X-Source-ID
X-Enhanced-By
SFY
X-Amz-Id-1
X-Force
X-Info
X-T3CacheInfo
X-Cms-Mode
X-Dev
X-Jphone-Copyright
X-Instart-Request-ID
Worker
X-PRAM
X-Resolver-IP
X-Ar-Debug
From
LFY
X-Expires
X-Trace
NLCacheNote
Cteonnt-Length
X-WebServer
X-Frames-Options
X-BS
Author
X-Empowered-By
X-N
X-Grid-Server
X-Turbo-Control
X-ORACLE-DMS-ECID
X-Varnish-ID
X-Varnish-Debug-Hits
X-Cached-Status
X-ManagedFusion-Rewriter-Version
SiteName
Warning
-GCR
BM-Cache-Key
MirrorName
X-Rewritten-By
BM-Cache-Node
X-Varnish-Debug-Age
X-LI-UUID
X-Li-Pop
Front
X-MJ-Upstream-Addr
X-Remote-Addr
X-UD-Loopcounter
X-UD-Target
X-Developer
X-UD-REMOTE-ADDR
X-Max-Age
ScoreTracker
LBC
X-Li-Fabric
X-WR-MODIFICATION
Allow
X-GeoIP
X-Geo-IP-Region
X-Geo-IP-Metro
X-Geo-IP-Country
X-Geo-IPV
X-Uid
X-FS-UUID
X-Debug
WP-AdvCache-MemCached
SVR
Be-Ip
Access-Control-Expose-Headers
Be-Va
X-Stage
X-B2f-Cache-Load
X-ACCELERATE
X-UseReverse-Proxy
X-Varnish-Action
X-MJ-Serve-Req-Time
Version
X-Hash
X-Router
X-Id
X-Router-Backend
X-Powered-By-Server
X-Origin-Id
X-Webapp
X-Vhost-ID
X-ATM-RTime
Backend-Name-Original
X-Farm-Server
X-Kirra-SiteId
Cneonction
X-Host-Url
X-OPNET-Transaction-Trace
X-Client-IP
X-CacheTTL
Backend-Host
Sid
X-Origin
X-Varnish-Cache-Server
X-SmugMug-Hiring
X-Catalyst
X-SmugMug-Values
X-TTFB-L
X-Server-By
Last-Published
X-Response
X-Block
X-Vhost
X-Via-Kemp
Www.Myjob.Se
X-T3CacheTags
X-T3Cache
Web-Server
X-B2f-Not-Route
Www.Mirrorgate.Se
Www.Mabracertifiering.Se
Open.Jobgate.Se
OriginServer
P3P:CP
Test.Executivepeople.Se
Jobb.Passal.Se
Jobb.Assistentpoolen.Se
Jobb.Gil.Se
SS-Request-ID2
Cluster-ID
XX
X-Channel-Maxage
X-Goog-Hash
Ksid
SIP
Smug-Env
Rt-Server
X-LAvg
X-Gannett-Site-Version
Noq
Ec
Ram
Cpu
Compression-Control
X-Trace-App
X-Varnish-Device
X-ATM-RServer
X-TTFB
7e-Page-Cache
NnCoection
X-CacheHits
X-Phpwcms-Page-Processed-In
X-Phpwcms-Release
X-SDE-Name
X-Content-Age
X-Garden-Version
X-ChromeLogger-Data
Front-End-Https
X-Edge-Location
X-Old-Content-Length
X-WorkerInstancename
X-GC-Read
X-Varnish-URL
Provided-Host
X-Web-Node
X-GC-App
X-GC-Write
X-Cache-Set
Cmsid
X-Accelerated-By
Bs-Header
Content
After
X-Nginx-Server
X-UserAgent
X-Powered
Il-Cl
X-Yqk-Set
Cache-Ctrol
Provider
X-SSL
BALANCEDTO
If-Modified-Since
X-EPiphany-Vid
X-Varnish-Cache-Local
X-Locale
X-Purge-Url
X-DB-Content-Length
97YES.COM
X-Client-Vid
Cmstype
CDN
X-ARR
X-Hit-Cache
X-PM-ID
Accept-Language
Before
WFE
X-Powered-By-Yqk
X-Cache-Ttl
Copyright
X-Pagename
X-Work-With-Me
Tpt.Renderer1
Tpt.Renderer
ExecuteNonQuerySQLParam
IsFullSiteRequest
X-Route
Render
RATING
ServerConfigManager.WebBugTracker
X-Vivastreet
X-Vivastreet-KiwiiPage
No-Cookie
Tracker
X-Flow-Powered
BM-Cache-Status
Server-N
X-UPSTREAM
X-Monstercache-Timeout
X-S-Misc
User-Id
X-Nginx-Host
X-Hstore
X-WP
X-EdgeRouter
Fw-Via
X-MobileDetected
X-Distributor
X-Hrouter
X-Generation-Time
X-D-Time
User-Updated-At
X-WA-Info
X-7d-Version
X-Actindo-RS
CP
X-7dig
X-Node-Name
X-Real-Server
X-Server-Instance
X-Amz-Version-Id
X-Drupal-Cache-Tags
X-Varnish-Cookie-Debug
X-MCB-Server
X-Accel-Expires
X-ProcessESI
X-Ms-Invokeapp
X-CacheServer
X-7d-Traceid
Redirect
X-GSL-Server
X-Do-Not-Hack
X-Dynamic
BM-CountryCode
X-Full-URL
TP-Cache
At-Shoptype
Atp-Isdpp
TP-L2-Cache
Nitro-Cache
X-Brought-To-You-By
Edgecast
X-EPiLogOnScreen
X-EPiLogOnScreen-PostUrl
Content-Security-Policy-Report-Only
Pool
X-Varnish-Currency
PServer
Progma
X-SV
At-Isb
X-DTC
X-PvInfo
X-N-ViewType
Hamster
X-Snapsis-PageBlaster
X-Upstream
X-Yottaa-Optimizations
X-Yottaa-Metrics
ServerId
X-FFX-B
X-Edge-IP
X-ESI-Enable
X-RemovedCookies
Mark
X-Nginx-Backend
X-Server-Generated
X-Flex-Evstart
ORIGIN
X-Hosting-Env
X-Flex-Lang
X-Flex-Tag
X-Flex-Tags
X-Flex-Lastmod
X-Internal-IP
X-Hit
X-SeschatRedID
X-SeschatTemplateID
X-SeschatLayout
X-SeschatDID
X-Seschat-URL
User-Cache-Control
X-Cache-Control
Head
X-SilverStripe-Cache
X-DefendeR-Runtime
X-Revision
X-TLServer
X-Varnish-Debug-Pool-Recv
X-Varnish-Restarts
Sprequestguid
X-Varnish-Debug-Pool-Fetch
X-Flex-Community
X-Purge-Level
B-Powered-By
X-Flex-Evend
X-Uplex
X-Allow-Redis
X-DC-Origin-IP
X-GitHub-Request-Id
X-Monstercache
Test
X-Hosting
X-Monstercache-Hash
X-Author
X-Cache-Backend
X-Monstercache-Host
X-Abuse
X-ProxyInstancename
Publisher
X-Unbounce-PageId
X-Unbounce-Variant
X-Mobile
X-ESI-Processing
XDisk
Content-Instance
Requested-Host
X-Beatles
X-Unbounce-VisitorID
F-In-Cache
Esi-Enabled
No-Cache
Svr
X-FCMS-Cache
Xonnection
X-Oracle-DMS-ECID
X-VG-WebCache
X-WLD-LB
Acdc-Web
X-Req-Host
X-REDIRECTSERVER
Tempo
Time
Web-Head
X-Benchmark-Cache
Xc
X-Time-Microsecs
X-PS-MURDOCK-CASE-NORMALIZATION
X-PS-MURDOCK-ORIG-FILEEXT
X-PS-MURDOCK-ORIG-PROTOCOL
X-Benchmark-Db
X-Benchmark-Sphinx
X-RNDPAGE
X-TAG
X-Time-Spent
X-View
X-PBY
X-CMS
X-Benchmark-Sphinx-Count
X-Benchmark-Total
X-BIN
X-Powered-Developer
X-Sharepointhealthscore
X-NginX-Cache
X-NginX-Server
X-Server-Node
X-IDS-WS
X-Client-Addr
S-Cnection
SV-Duration
X-CCM
AppDynamics-BT
Pool-Info
Ozcache
SBMCLOUD
ServerIP
X-Source-Host
X-Hostingcenter
Ttl
X-DeliveryServer
Foglight-Request-UUID
D
PROPSON-FARM
UNIQUE-ID
X-Binarysec-Via
HCVer
HAVer
INCOMING-TIME
X-CACHE-TTL
POOL
X-Client-Id
X-Cluster-ID
X-Planisys-CDN-Rules
X-RequesterIP
Portlet.Expiration-Cache
X-Planisys-CDN-Cache
X-GeoIP-Country
X-Environment
X-ESI
WP-Cache
X-SATserver
X-Stackable-Node
X-Would-Your-GrandPa-Wait
X-Page-Generation-Time
X-Your-GrandPa-Would-Wait
MachineName
Ibf5scheme
MGIT
X-TTL-Age
X-Forwarded-Proto
Http
X-JSON-API-LATENCY
X-Page-Generated-At
X-Life
X-SERVERID
X-Varnish-Ttl
X-Compressed-By
X-AspNet-Browser-ID
SLB
X-Backend-Ip
X-Aws-Ec2
X-Apublish-Id
X-FRONT-TTL
X-GL-SRV
X-Webstats-RespID
X-Pixelsilk-Version
X-Trans-Id
X-Timestamp
X-IP-Address
X-Nc
Access-Control-Allow-Method
X-Varnish-Mode
X-Obvious-Info
X-Obvious-Tid
X-Czt
X-Pixelsilk-Server
Disaptch-Cache-Rule
X-HOSTTYPE
X-Bcwwwid
X-NID
X-From-TL-Proxy
Arr-Disable-Session-Affinity
WebDevSrc
X-Middleton-PageSpeed
Sophnep-Edge-FX
SharePointError
CacheControlHeader
X-Built-By
X-Domino-CacheValidationWithETagResult
X-Domino-CacheValidationWithETagReason
ASD-WEB-40
Cached
CPOINT
X-Svr-Id
X-Test
X-LB
X-MSEdge-Ref
X-AISO-Server
X-Gondor-Server
X-USERNAME
X-Wikidot-Backend
X-RSS-CACHE-STATUS
X-Server-IP
Host-Service
DB-Nickname
X-Wikidot-Static-Cache
X-AISO-Cache
X-Accel-Cache-Control
MageStack-Area
MageStack-Cache
X-Artvisual-Server
X-ATP-Server
X-Cluster-Host
MageStack-Cache-Hits
MageStack-Cache-Lifetime
MageStack-Debug
MageStack-Loadbalancer
MageStack-Config
MageStack-Cacheable
MageStack-Cache-Status
X-Confluence-Request-Time
X-Cache-Key
X-Pb-Mii
X-Dokk-PortalId
X-PHP-Cache
X-App-Server
CACHED-RESPONSE
X-Optimization
X-Nucleus-Cache
X-Varnish-Set-Cookie
X-Device-Group
X-Http-Host
CData
X-Mii-Cache-Hit
MageStack-PageSpeed
Www.Aujourdhui.Com
DBG-Timestamp
Server-Ip
Server-Optimized-By
MageStack-Response-Ttl
Hotelbookingid
X-Framework
X-Cluster
Mobiquo-Is-Login
DBG-TargetHost
X-Frontal
Prama
SL-NOREWRITE-REDIRECTS
X-Ratelimit
X-IP
DBG-HTTPHOST
MageStack-Tag
Tracecode
Public-Extension
X-Process-Time
X-DELIVERYSERVER
X-Loopia-Cache
EWHSERVER
Serv
Nginx-Cache
ResourceTag
X-Amz-Meta-S3fox-Filesize
X-Src-Loadbalancer
Server-IP
Encoding
BrandBucket-Domain
X-App-Container
CountryCode
X-Amz-Meta-S3fox-Modifiedtime
X-Aberdeen-Site
X-Aberdeen-Cache
MwpReleaseVersion
Content-Cache
X-SiteConInfo
WEBO
BE
AcceptLangage
X-PoweredBy
X-MSU-SOURCE
X-HW
X-Cookie
X-BKSrc
X-DEBUG
Apple-Itunes-App
X-Serendipity-InterfaceLangSource
Robots
X-Varnish-Esi-Access
X-FarmId
SRV
GenSvr
B2C-F-008
X-Serendipity-InterfaceLang
X-Ec-Custom-Error
CacheControlMode
X-Varnish-Esi-Method
X-Backend-Status
X-Xhr-Current-Location
X-Checkout
X-Varnish-Store
X-Var-Hash
X-Url-Store
V-Cache
X-ASTRO-REWRITE
X-Magento-Action
X-Turpentine-Cache
X-Debug-Token
X-Debug-Serve
Sigma
X-Medium-Entity-Id
X-Cookie-Store
X-ELC-Checkpoint4
X-DSMX-Render-MS
X-DSMX-Rewrite-MS
X-Continum-Server
X-Config-By
X-Medium-Entity-Type
ProxiaInstanceId
Aoestatic
CC-UP
Vacache
X-Req-Counter
X-Cachable
Secured
OGHopCount
X-V
X-Turpentine-Esi
X-V-Outer
X-V-I-TTL
X-Req-Url
X-Created
X-RE-Ref
X-WAP
X-ErrorPage
AppServer
X-Magento-Lifetime
X-Fett
X-Gyrobase-Publication
Description
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Cache-Host
Keywords
X-V-TTL