Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
Link
X-Pingback
X-Content-Type-Options
P3P
X-AspNet-Version
X-XSS-Protection
X-Frame-Options
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Keep-Alive
Strict-Transport-Security
X-Template
X-Check
X-Language
X-Varnish
Access-Control-Allow-Origin
X-Buckets
X-Cacheable
Content-Location
X-Generator
X-Drupal-Cache
P3p
Status
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Iinfo
X-Powered-By-Plesk
X-Request-Id
MS-Author-Via
X-Runtime
X-Type
X-Pass-Why
X-Cache-Group
WP-Super-Cache
X-Powered-CMS
Ngpass-Ngall
Access-Control-Allow-Credentials
Host-Header
X-Cache-Hits
X-Mod-Pagespeed
X-Pad
Content-Security-Policy-Report-Only
X-UA-Device
X-Xss-Protection
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Dc
X-Logged-In
X-Via
X-Backend
Access-Control-Allow-Headers
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Access-Control-Allow-Methods
X-Served-From-Cache
X-Tumblr-Pixel-1
X-ServedBy
X-Host
X-CDN
X-ContextId
X-Tumblr-Pixel-2
X-Server
X-Served-By
X-Cache-Hit
X-PC-Key
X-PC-Hit
Content-Security-Policy
X-Request-ID
X-Port
X-Cache-Lookup
X-Robots-Tag
MicrosoftOfficeWebServer
X-Rack-Cache
Powered-By
MicrosoftSharePointTeamServices
X-Request-Country
X-Accel-Version
X-XRDS-Location
X-Varnish-Cache
SPRequestGuid
X-PC-Date
X-PC-Host
X-PC-AppVer
X-Tumblr-Pixel-3
X-SharePointHealthScore
X-Cache-Status
X-Safe-Firewall
X-MS-InvokeApp
X-Amz-Cf-Id
X-Page-Speed
Content-Encoding
X-Cnection
X-Ua-Compatible
X-AH-Environment
X-Webserver
X-Turbo-Charged-By
X-Seen-By
X-Wix-Renderer-Server
X-Wix-Request-Id
X-PhApp
X-Firenze-Processing-Times
X-INKT-SITE
X-INKT-URI
CF-Cache-Status
X-FullPageCaching
X-Content-Digest
Upgrade
X-W-DC
Composed-By
Rating
X-GitHub-Request-Id
Request-Id
Served-By
X-Tumblr-Content-Rating
X-Cache-Enabled
X-Tumblr-Pixel-4
SPIisLatency
Public-Key-Pins
X-Content-Powered-By
SPRequestDuration
Liferay-Portal
X-Amz-Id-2
X-Amz-Request-Id
Alternate-Protocol
X-SERVER
X-Node
Cf-Railgun
X-Spip-Cache
X-Proxy
X-Hyper-Cache
X-Pantheon-Styx-Hostname
X-Styx-Version
X-Pantheon-Endpoint
X-Styx-Req-Id
X-Proxy-Cache
X-CF-Powered-By
Alt-Svc
Access-Control-Expose-Headers
Timing-Allow-Origin
X-Server-Name
X-Timer
X-XN-Trace-Token
X-XN-XNHTML
Permitted-Cross-Domain-Policies
X-HeyJason
X-Server-Powered-By
Content-Script-Type
Content-Style-Type
Access-Control-Allow-Method
X-FB-Debug
Charset
X-CDN-Geo
X-CDN-Geo-IP
X-CDN-Any-IP
Public-Key-Pins-Report-Only
Access-Control-Max-Age
X-Powered-By-360WZB
X-Swift-SaveTime
X-Swift-CacheTime
X-Content-Security-Policy
EagleId
Refresh
X-Cache-Server
X-VCache
X-Hits
X-Clacks-Overhead
X-Umbraco-Version
X-FW-Hash
X-Cache-Result
Cartoon
X-Permitted-Cross-Domain-Policies
X-Loop
Real-Hostname
X-Device
X-Cached-By
X-Tumblr-Pixel-5
X-Url
X-FW-Type
X-FW-Serve
X-FW-Static
X-DynaTrace-JS-Agent
X-Px
X-TNCMS
X-Backend-Server
X-Fastly-Request-ID
X-User-Agent
X-Cached
X-Jimdo-Wid
X-Jimdo-Instance
X-Age
X-DDC-Arch-Trace
X-Cache-Config
NS-RTIMER-COMPOSITE
Grace
X-Generated-By
X-Hostname
X-Outils-CS
Content-MD5
X-MiniProfiler-Ids
TCN
X-Whom
X-Gateway
X-VWS-Id
X-AWS-Id
X-Beta
X-LJ-Flow-ID
X-Cloud-Trace-Context
Magicmarker
X-CMS-Version
X-DynaTrace
X-From
Response
X-Middleton-Display
Fpc-Cache-Id
Imagetoolbar
Fastly-Debug-Digest
Display
X-Sol
X-WebKit-CSP
X-Msg-2-Log
X-Tumblr-Pixel-6
Surrogate-Control
X-LiteSpeed-Cache
X-ServerName
Product
X-Drupal-Dynamic-Cache
X-FORWARDED-FOR
X-Middleton-Response
ServerName
X-Expires-Orig
X-AspNetWebPages-Version
X-Micro-Cache
PageSpeed
X-Content-Options
Page-Completion-Status
Rt-Fastcgi-Cache
ServedBy
X-Country-Code
Generator
X-Firenze-Processing-Time
X-Content-Encoded-By
X-Hosted-By
X-Varnish-Cache-Hits
Powered-By-ChinaCache
X-Handled-By
X-Forwarded-For
X-Matrix-Server
Ngpass-Vcall
X-URL
DynaTrace
X-Matrix-Proxy
X-ChromeLogger-Data
X-I
X-Director
Ag-Execution-Time
Akamai-IP
Ag-Send-Time
Ag-Server-Time
Node
X-SDS
IBM-Web2-Location
X-Cache-Info
X-UD-Method
X-Download-Options
Proxy-Connection
X-Server-ID
X-App-Hosting
X-Cache-TTL
Content-Hash
X-TTL
X-Varnish-TTL
Content-Encoding-Handler
Access-Control-Request-Method
X-ApacheServer
Content-Disposition
X-Processed-By
X-Version
Edge-Control
X-Cache-Control-Orig
X-Passed-To
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Track
X-Returned-From
X-Passed-To-DLL
X-Actual-URL
X-Original-Request
X-Passed-To-BeforeDispatch
X-NetCat-Version
X-Passed-To-PostProcessResponse
Pics-Label
MIME-Version
Fhost
X-S
X-Cache-Rule
X-Cache-Age
X-ATG-Version
X-Stale
X-Varnish-Beresp-Ttl
X-Varnish-Host
X-Varnish-Beresp-Status
Lsrequestid
X-Varnish-Beresp-Grace
Host
X-ARC
Powered
X-Gamma-Serve
Front-End-Https
X-Art-Request-Id
X-Varnish-Cacheable
Proxy-Agent
X-Mobilized-By
X-Cache-Debug
X-CDN-Cache-Status
X-CDN-Node
X-BS
X-I-Sp
X-Abuse
RTSS
X-Varnish-Backend
Surrogate-Keys
X-Frontend
X-Route-Server
X-Do-Not-Hack
X-Microcachable
Retry-After
X-Duration
X-App-Status
X-Varnish-Age
X-CacheServer
Webluker-Edge
X-PERF
X-Response-Time
X-HOST
X-Location-Id
VAR-Cache
X-Powered-By-Server
X-ServerID
ServerID
X-Recruiting
Cache
X-Front
X-Orig-Vary
CC-CACHE
X-Cache-Expires
X-PwB-Node
X-RESOURCE
X-VTEX-Cache-Status-Janus-Edge
X-VTEX-Cache-Status-Janus-ApiCache
Version
X-Vtex-Remote-Cache
X-Powered-By-VTEX-Janus-Edge
X-Vtex-Processed-At
X-Vtex-Processado-Em:
X-VTEX-Janus-SO
X-VTEX-Janus-Router-Backend-App
X-VTEX-Janus-System
X-Upstream
X-Powered-By-VTEX-Janus-ApiCache
X-Time
No
X-Vcap-Request-Id
X-Ttl
X-Developer
X-NoCache
X-Varnish-Hits
Buuteeq-Source
X-FW
PICS-Label
X-Amz-Meta-S3cmd-Attrs
X-DNS-Prefetch-Control
X-Trace-Cache
X-Device-Type
X-Translation
X-URLSCHEME
X-Do-Esi
X-Microcache-Status
SID
X-CJ-Soft
Content-Security-Policy-Rerport-Only
X-Mobile-URL
Thanks
X-Libra-UpstreamHost
SN
X-Purge-Host
NetMindSessionID
Frame-Options
X-Purge-URL
Qs-Cache
X-DefendeR-Runtime
X-DefendeR-Status
Vacache
X-Yadis-Location
X-Varnish-Server
X-ClientSide-Caching
X-Akamai-Device-Characteristics
X-Varnish-IP
X-Cookie
X-ACMCache
X-Cache-Operation
X-VARNISH-Cache
X-Client-IP
Server-Info
X-Cache-Tags
X-SRV
Filter-Revision
X-Grace
X-Instart-Request-ID
X-Daa-Tunnel
Arr-Disable-Session-Affinity
Server-Name
Srv
X-Varnish-Hostname
X-Akamai-Device-Model
Location
Origin
Accept-Charset
X-Dynatrace
X-Revision
NtCoent-Length
X-Engine
X-Geo-IP
A-Powered-By
X-Fastcgi-Cache
X-Highwire-RequestId
X-Cache-Lifetime
X-SmartBan-URL
X-Speed-Cache
X-Highwire-SessionId
X-N
X-SmartBan-Host
X-Goog-Hash
X-Real-Server
X-WR-Flags
Cxy-All
Sfy
Lfy
Accept-Encoding
X-Speed-Cache-Key
X-GeoIP-Country-Code
X-Srv
X-GeoIP-Country-Name
X-Trace
X-Source
X-B-Cache
X-Cookie-Domain
X-Cache-Doesi
IISExport
Last-Published
X-Geo-IP-Metro
X-Blog
X-Varnish-Grace
X-Geo-IP-Region
X-Geo-IPV
X-Geo-IP-Country
X-Directory-Script
X-Drectory-Script
Cm-Server
X-Cocoon-Version
Nodo
X-Provisioner-Version
X-Domain-Checked
X-Processing-Time
WSR-Cache
X-AOL-HN
X-Adobe-Loc
X-Adobe-Content
X-Sucuri-ID
X-SRCache-Store-Status
X-Sys-Req-ID
X-AOL-SNH
X-SRCache-Fetch-Status
Req-Id
NODE
HAVer
Fastcgi-Cache
AMF-Ver
X-Nginx-Cache
HCVer
X-Origin-Id
X-PF-Uncompressing
X-Nitra-Side
Author
Warning
Logging-CorrelationId
WWW-Authenticate
Hamster
X-Server-Upstream
CacheControlHeader
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-App
COMMERCE-SERVER-SOFTWARE
X-Varnish-Debug-Age
S
X-Varnish-RemainingGrace
X-Varnish-RemainingTTL
X-Varnish-Seen-By
X-Magnolia-Registration
Backend
X-Distributed-By
X-SV-CacheTags
X-Amz-Version-Id
X-Session-Reinit
LBVIS
Mobiquo-Is-Login
X-SV-CreatedAt
X-SV-Duration
X-SV-Pid
X-SV-Nginx-Duration
X-SV-FromDBCache
SVR
X-SV-Edge
X-FIRSTBase
X-Debug
X-Varnish-Action
X-Src-Webcache
Allow
X-Analytics
X-Cache-Key
Cache-By-Node
X-NB-Cached-Page
X-Platform-Processor
Ibf5scheme
X-Platform-Router
X-Content-Age
X-Balanceador
X-Resolver-IP
Backend-Timing
X-Framework
X-Accel-Expires
From
SRV
X-Ruxit-JS-Agent
X-Config-By
X-Platform
X-Rocket-Nginx-Bypass
X-SE-Debug
X-Secret
X-Plat
X-JG-Page-Cache
Content-Transfer-Encoding
Keywords
Nitro-Cache
X-Storage
X-Pagename
X-Vary-Options
X-Page-Cache
X-Distributor
X-Dispatch
X-BackendServer
X-Machine-Name
X-Bettercache-Proxy
X-Amz-Id-1
LBC
Host-Service
X-Varnish-Esi-Method
S-Cnection
X-NFE
X-SDE-Name
X-Nhost
X-Cache-Control
Beyond-Iis
X-ID
X-Varnish-Esi-Access
X-Nurl
X-Nginx-Host
X-Obvious-Tid
X-REDIRECTSERVER
Tk
X-Uid
X-WorkerInstancename
X-Object-Type
X-Object-Id
X-DOM
X-Obvious-Info
BALANCEDTO
WP-AdvCache-MemCached
XDomainRequestAllowed
CT
X-WA-Info
X-Varnish-Debug-TTL
X-Atraveo-TTL
X-Discourse-Route
X-Detected-Device
X-Atraveo-Set-Cookie
X-Atraveo-Varnish-Server-Id
X-Atraveo-Expires
ScoreTracker
X-Atraveo-Cache-Control
X-Atraveo-ETag
X-Atraveo-From-Varnish-Cache
X-Atraveo-Param-Rm
X-Hit-Cache
X-Cache-TTL-Remaining
X-Origin
X-Rack-Cors
X-Cache-Keep
X-PRAM
X-Flow-Powered
Description
X-Force
X-CacheResult
X-Real-IP
TP-L2-Cache
TP-Cache
X-Atraveo-Zone
X-Block
X-Cache-On
X-Trace-App
X-Channel-Maxage
X-Ob-Mode
X-WR-MODIFICATION
X-Edge-Location
Cache-Key
X-Hypernode
X-StackifyID
X-Captured
Backend-Name-Original
X-Grid-Server
CLMOB
X-Empowered-By
X-Varnish-Count
Set-Cookie2
X-Connection-Hash
X-Edge-IP
X-Varnish-HitMiss
X-Req-Host
X-Transaction
X-Newrelic-App-Data
XX
X-Twitter-Response-Tags
X-Varnish-Currency
X-LW-Web-Server
X-Airee-Node
X-Varnish-Store
X-Pagely-Cache
X-NewRelic-App-Data
X-Varnish-URL
X-TTFB-L
X-SmugMug-Hiring
X-Content-Security-Policy-Report-Only
Smug-CDN
X-Prefetched
X-W3TC-Minify
X-Gannett-Site-Version
Id
X-HITS
X-SmugMug-Values
SiteName
X-TTFB
X-UPSTREAM
X-Unbounce-PageId
X-Server-Instance
X-Unbounce-Variant
X-Test
X-Cache-Action
X-Unbounce-VisitorID
X-Garden-Version
X-Env
X-Jphone-Copyright
X-NginX-Server
X-NginX-Cache
X-Time-Spent
X-Actindo-RS
Cluster-ID
Front
X-Varnish-Bot
X-AISO-Server
X-AISO-Cacheable
X-AISO-Cache
X-Remote-Addr
X-Expires
X-CCC
YF-ID
SSPAppContext
X-Webstats-RespID
X-LB
X-CID
X-Site:
X-Platform-Cache
X-BC
X-Id
X-VAge
SBGI-Device
X-TempDebug
X-Full-URL
X-AWS
X-GSL-Server
ServerIP
X-Is-Mobile
X-Response
Sophnep-Edge-FX
Hash
X-Kirra-SiteId
ORIGIN
X-Source-ID
X-XTM-Node
X-Apm-Telemetry-Syncmark
SBGI-9
SBGI-7
N365rili
SBGI-RealPath
SBGI-RenderTime
SBGI-5
SBGI-10
X-EDGECONNECT-GUID-DEBUG
X-Desc
X-B2f-Not-Route
SBGI-1
X-Worker
X-Powered
Content-Instance
X-Cache-Set
X-Amz-Storage-Class
X-App-Server
X-EPiphany-Vid
X-APP
X-ProxyInstancename
Worker
Xc
X-Web
X-Cache-Node
X-Server-IP
X-Middleton-PageSpeed
X-Cms-Mode
Sss
X-Dev
X-ORACLE-DMS-ECID
X-Client-Vid
P3P:CP
X-RiS-UFDI
Test.Executivepeople.Se
OT-RequestId
X-IsCacheURL
X-Vhost-ID
X-T3Cache
X-ATM-RTime
X-Healthy
Cneonction
X-Optimization
X-ATM-RServer
SS
Jobb.Passal.Se
Jobb.Gil.Se
Www.Mabracertifiering.Se
Open.Jobgate.Se
X-Old-Content-Length
X-Node-Name
X-Symfony-Cache
X-Hosting
X-Smartcache-Keys
Pool
X-T3CacheInfo
X-T3CacheTags
X-Uplex
Fw-Via
MW-Webserver
X-Invoke-Duration
Machine
Www.Myjob.Se
X-HW
X-Hosts-Backend
X-Smartcache-Timeout
X-WP
Www.Mirrorgate.Se
Jobb.Assistentpoolen.Se
ServerSignature
ServerTokens
W
P-WS
X-Phpwcms-Page-Processed-In
X-Turpentine-Esi
Pool-Info
Copyright
X-Phpwcms-Release
P-LB
X-EdgeConnect-MidMile-RTT
X-Response-Status
Web-Server
Prxy
X-EdgeConnect-Origin-MEX-Latency
Myheader
PServer
Ews
B-Powered-By
X-Backside-Transport
X-HOSTNAME
X-SV
Bios
X-PHP-Engine
X-TN-ServedBy
X-Varnish-Ttl
X-IP-Address
X-GeoIP
MIH-PUBLIC-IDENTIFIER
X-Route
MIH-CLIENT-FARM
MIH-PLATFORM
X-SCProxy
X-Frames-Options
X-Cache-Engine
Mime-Version
X-CB-Server
X-Server-Response-Time
X-ASAP-Cache
No-Cache
Sid
X-DTC
X-ACCELERATE
X-Turpentine-Cache
WP-Cache
X-Stage
X-Clara-ASAP
X-Varnish-Set-Cookie
X-OPNET-Transaction-Trace
Accept-Language
Imx-Cookies-Used
X-Forwarded-Proto
X-N-ViewType
Ibm-Web2-Location
X-FFX-B
X-ESI-Enable
X-DPWN-IS-SECURE
X-EntryPoint
X-Fallback
X-PHP-Response-Code
X-Litespeed-Cache
X-Max-Age
Tracker
X-Cache-Served
X-Perf
X-T
X-B
X-Info
X-SV-Expires
If-Modified-Since
Cache-Rule
X-Full-Url
NLCacheNote
X-Oracle-DMS-ECID
X-BLSR-COST
X-Ocache
X-Author
X-Cache-Original-TTL
Access-Control-Request-Headers
Ec
IM-Version
X-PageID
X-Brought-To-You-By
Noq
X-Pj-Cache-Status
Ram
AC-ELC
X-Domino-CacheValidationWithETagReason
Il-Cl
X-Dynamic
Y-Trace
X-DSMX-Rewrite-MS
X-DSMX-Render-MS
Cpu
X-Domino-CacheValidationWithETagResult
Dynatrace
X-Debug-Token
X-Dispatcher
X-HostName
X-ManagedFusion-Rewriter-Version
Head
X-Esi
X-Artvisual-Server
X-Header
X-Varnish-Instance
Cached
X-LiteSpeed-Cache-Control
X-Avvio-Cms-Cacheload
X-Rewritten-By
X-LB-Server
X-7d-Instance-Id
Ttl
HostGen
X-Powered-By-Anquanbao
X-AccessDev
X-7d-Trace-Id
XDisk
IsMobile
Nginx-Cache
SERVER-IP
X-Sov
X-Rot
Server-Optimized-By
AsisCache
Section-Io-Id
User-Agent
X-Purge-Level
Be-Ip
X-JSESSIONID
X-KoobooCMS-Version
X-HeBS-Cache-Status
CpuTime
X-Upstream-Time
X-Medium-Entity-Id
X-IDS-WS
X-Medium-Entity-Type
X-Hit
X-Web-Node
X-FCMS-Cache
X-MrHost
RequestId
X-FreeTag-Count
X-WLD-LB
INCOMING-TIME
X-SayCDN-UA
DeleGate-Ver
X-Cache-Extended
Be-Va
X-RateLimit-Remaining
Fastly-Backend-Name
X-AppServer-Cache-Rule
X-VC-TTL
Be
X-Batcache
X-Box
Countrycode
Note
Redirect
X-Cache-Fix
X-Pj-Cache-Key
Http
X-Your-GrandPa-Would-Wait
Encoding
X-Cache-PageType
X-MobileDetected
X-Hrouter
X-Gyrobase-Publication
X-Global-Transaction-ID
X-Hstore
X-Martin
X-Frame-Option
X-ServedByHost
X-Would-Your-GrandPa-Wait
X-Say-Cacheable
X-TTL-Age
X-Say-TTL
X-Say-Original-URL
X-SayCDN-Original-Host
X-SayCDN-Original-Path
X-SayCDN-TTL
X-SayCDN-Original-UA
X-Varnish-Debug-Pool-Fetch
X-Varnish-Debug-Pool-Recv
X-Say-Original-Host
X-Venda-Hitid
X-Say-Original-IP
X-Varnish-Restarts
X-Say-Original-UA
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-ENV
Mto-License-Status
TotalTime
X-Does-He-Have-Time
X-DN-Cache-Control
X-EC2-Instance-Id
X-EdgeRouter
X-Site-Name
X-Beatles-Hits
Svr
X-Restarts
X-GRACE
X-Seschat-URL
X-SeschatLayout
Cmsid
Cmstype
X-IP
X-SeschatTemplateID
X-Tradeindia-Request-GUID
X-Server-Addr
X-SeschatRedID
X-SeschatDID
X-Dynatrace-Js-Agent
X-BKSrc
X-CO-Host
Real-Server
Server-IP
X-Wikidot-Static-Cache
VANITY-HOST
RN-Server
X-PHP
X-Server-By
MageStack-Web-Node
X-Serendipity-InterfaceLang
X-FarmId
X-EZPublish-NodeID
X-EZPublish-InstallationID
X-BE
SBMCLOUD
X-CCM
X-Ants-Machine-Id
X-Ants-Host
MageStack-Tag
X-Country
X-Enhanced-By
X-Client-Addr
MageStack-PageSpeed
Device-Type
MachineName
MageStack-Area
X-BC-Stapler
X-Cachable
X-Zendesk-Origin-Server
Aurora-Node
X-Zendesk-User-Id
X-ACLR-Version
MageStack-Cache
MageStack-Cache-Hits
X-Serendipity-InterfaceLangSource
MageStack-Debug
MageStack-Loadbalancer
X-Wikidot-Backend
MageStack-Config
MageStack-Cacheable
Max-Age
MageStack-Cache-Lifetime
MageStack-Cache-Status
DNNOutputCache
X-Document-Path
X-Flex-Lastmod
X-Flex-Lang
X-Flex-Tag
X-Flex-Tags
Gzip
X-Flex-Evstart
KeepAliveTimeout
X-Device-Group
X-Cluster-Node
X-Flex-Community
X-Search-Id
X-Flex-Evend
X-Mii-Cache-Hit
X-Nginx
Ksid
X-We-Are-Hiring
BM-Cache-Status
BM-Cache-Key
BM-Cache-Node
SB-Cache-Life
F5-IpCliente
Fpc-Expire
X-Obr-Rule
X-Ec-Custom-Error
X-Pb-Mii
X-Rq
SB-Cache-Remaining
X-Wix-Route-ID
X-Document-Tracking-Type
X-Tile-Url
X-F-Cache
X-MAT-GEO
X-Pj-Cache-Flags
X-ADI-STACK
X-Pj-Cache-Gzip
X-Document-Folder-Guid
X-DELIVERYSERVER
X-Document-Guid
X-Document-Guid-Path
ClientIP
X-ADI-VCache
X-Protected-By
OutputRewritten
X-CDNZZ-FCACHE
V-Age
Www.Aujourdhui.Com
X-ATP-Server
SB-Site-Device
X-Pj-Cache-Expires
Paypal-Debug-Id
X-Sc-Cache
X-Sc-Path
X-Signature
X-Pj-Cache-Time
X-MCF-ID
Akamai-Edgescape
CtExclusions
OriginServer
X-AppServer-Status
X-VG-WebCache
X-Static-Version
X-Render-Time
X-Request-Count
X-SID
X-SilverStripe-Cache
X-D-Time
X-Fe
Device
Og
Surrogate-Key
WebServer
X-Trans-Id
X-Timestamp
X-Generation-Time
X-Nginx-Backend
X-S-Misc
X-RemovedCookies
X-ProcessESI
Tempo
VC-NoCache
X-Cms-Server
X-Trace-Id
Noahs-Classifieds
X-Batcache-Reason
X-Proto
X-SSL
X-Cluster
X-Built-By
X-LTM-ID
X-Status
User-Cache-Control
X-HASH
X-IIJ-Cache
X-LS-DEBUG
Requested-Host
Hostname
X-View
Apachenode
Debug-Status
X-Powered-By-Home.Pl
Content-Cache
X-Ghost-Cache-Status
Hosted-By
X-Pressidium-NinukisWP-Ver
X-ETag
X-DealerOn
X-Cache-Level
X-Key
X-Runtime-Memory
NZSpeedy
X-GC-Write
NnCoection
X-GC-Read
X-GC-Pointer
X-Cache-CFC
X-GC-App
X-RSS-CACHE-STATUS
X-ESI
X-Span
X-Tradeindia-SMgmt
X-Webkit-CSP
X-4ormat-Cacheable
X-Varnish-Backend-Healthy
X-Varnish-Error-Restart
RATING
HOST-SERVICE
Resin-Trace
X-Pixelsilk-Version
X-Timing
X-Xhr-Current-Location
X-Instance
X-Delivered-By
Thinkindot-CacheControl-Type
Publisher
Thinkindot-Control
X-Hiring
X-Expose-Site
X-Capoed
X-Expose-Generated
X-ZSITES-DNS
WFE
X-Highwire-Sitecode
X-Expose-Took
X-Expose-Hostname
Provider
X-Esi-Processing
Stats-API
X-Gondor-Server
Xonnection
Stats-HtmlMinAndCss
Stats-Rendering
X-Compressed-By
X-HAProxy
Server-Ip
X-Pixelsilk-Server
Apache
REFRESH
X-Backend-Ip
Inserted-Into-Cache-At
X-FRONT-TTL
DB-Nickname
Thinkindot-CacheControl
CommunityServer
NS-VaryByCustom-Key
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Index-Page
EWHSERVER
Count-Click-Attempt2
Server-Version
X-Faeria
X-AUSERNAME
X-Powered-Developer
Pw-Value
BM-Cache-Bypass
X-BeResp-Ttl
X-Environment
X-HTML-Minification-Powered-By
X-QHCDN
Session-Id
Server-ID
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-WebNode
X-NewCloud-V-Cache
X-Fedora-School-Id
X-Goog-Generation
Content
X-Goog-Metageneration
X-Goog-Storage-Class
E-TAG
X-Ct-Info
Origin-Server
X-RequesterIP
Language
X-PageType
X-Goog-Stored-Content-Encoding
Bs-Header
X-Server-Instance-Name
X-Server-Generated
X-Backend-TTL
X-UUID
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-PBY
X-Node-Id
WEB
X-Orig-Host
X-Farm-Server
X-COUNTRY-CODE
X-Cache-Frontend
X-SATserver
X-Sn-Servicetimems
MSSmartTagsPreventParsing
Disablevcache
Aoestatic
X-TargSmaku
X-Built-With
X-B3-Traceid
X-ClusterID
Commerce-Server-Software
X-Frontal
X-Bip
X-Ar-Debug
X-VhostID
X-Nucleus-Cache
Kp-EeAlive
INFO
MSThemeCompatible
NodeId
AGI-Request-ID
X-Server-Id
X-Varnish-Hashed-On
X-Varnish-ServiceNetIP
X-PROCESSED-BY
Railo-Version
Foglight-Request-UUID
X-FastCGI-Cache
X-AG-MIPS
X-Tags
X-PressLabs-Stats
X-Lb-Server
X-KO-Site-Id
X-CACHE-TTL
SL-NOREWRITE-REDIRECTS
X-Magento-Action
X-Magento-Lifetime
X-Meta-MSThemeCompatible
X-Meta-MSSmartTagsPreventParsing
X-Meta-Imagetoolbar
SINA-TS
X-Croise-Owner
MtcHosted
NKBVHEADER
Robots
X-LW-T
Apple-Itunes-App
Kanooh-Host
X-Varnish-GW-Backend
X-WebKit-CSP-Report-Only
X-Hosting-Env
X-NWS-LOG-UUID
X-Process-Time
X-Bcwwwid
X-GETTER-Cache
X-Lima-Id
X-Panel-Id
X-Amz-Meta-Cb-Modifiedtime
X-NMT-Proxy
X-SERVER-ID
From-Origin
GenSvr
X-Varnish-Cookie-Debug
X-TNCMS-Bot-Tier
Orgin-Server
Web
X-UA-Profile
X-Cache-Via
Is-Cached
D
SINA-LB
DPOOL-HEADER
Balanced-From
X-Kinja-Server
X-RE-Ref
X-Geo-Segment
X-Distil-CS
Sunucu
X-Cdn-Fetch
X-Kinja
Cteonnt-Length
X-Kinja-Revision
X-Kinja-Build
X-UA-Vendor
X-Panel-Name