Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
X-AspNet-Version
Link
P3P
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
X-Adblock-Key
Keep-Alive
X-Frame-Options
CF-RAY
Content-Location
X-Varnish
X-Language
X-Check
X-Template
X-Buckets
X-Cacheable
Access-Control-Allow-Origin
X-Generator
P3p
X-Drupal-Cache
X-Ac
X-Hacker
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-AspNetMvc-Version
Strict-Transport-Security
X-Runtime
X-Pad
X-Geo
X-Geo-Port
X-Request-Id
X-Powered-CMS
X-Type
X-Cache-Group
X-Host
MicrosoftOfficeWebServer
X-Mod-Pagespeed
Access-Control-Allow-Credentials
X-Logged-In
Ngpass-Ngall
X-Server
X-Cache-Hits
X-Cache-Lookup
X-UA-Device
Host-Header
X-Rack-Cache
MicrosoftSharePointTeamServices
X-Iinfo
X-Via
X-Backend
Access-Control-Allow-Headers
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-CF-Powered-By
Access-Control-Allow-Methods
X-Pass-Why
X-Tumblr-Pixel-1
X-Varnish-Cache
X-XRDS-Location
X-Served-By
Content-Encoding
SPRequestGuid
X-SharePointHealthScore
X-Accel-Version
X-Robots-Tag
X-Tumblr-Pixel-2
X-Seen-By
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-ShardId
X-Dc
X-ShopId
X-Sorting-Hat-ShopId-Cached
X-ContextId
X-Page-Speed
X-INKT-URI
X-INKT-SITE
X-ServedBy
X-Request-ID
X-Webserver
X-Cnection
X-BC-Is-HA
X-PhApp
X-Url
X-CDN
X-MS-InvokeApp
Composed-By
X-Safe-Firewall
X-Cache-Hit
Served-By
X-FullPageCaching
X-PC-Key
X-PC-Hit
X-Hostname
X-PC-Date
X-PC-AppVer
X-PC-Host
X-FRAME-OPTIONS
X-Forwarded-For
X-Port
X-FRAME-Options
X-AH-Environment
X-Firenze-Processing-Times
X-Cache-Status
X-Tumblr-Pixel-3
X-XN-Trace-Token
X-XN-XNHTML
X-Proxy-Cache
Cartoon
X-W-DC
Public-Key-Pins
Cf-Railgun
X-Age
X-Wix-Renderer-Server
X-Wix-Dispatcher-Cache-Hit
X-Spip-Cache
X-Wix-Request-Id
X-HeyJason
X-Amz-Cf-Id
Liferay-Portal
Content-Security-Policy
X-Powered-By-360WZB
Content-Script-Type
Content-Style-Type
X-Amz-Id-2
X-Server-Name
X-Amz-Request-Id
X-Served-From-Cache
X-Cache-Info
X-Umbraco-Version
X-Content-Digest
Request-Id
SPIisLatency
SPRequestDuration
X-Timer
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Styx-Version
X-Styx-Build-Sha
X-Styx-Build-Date
X-Styx-Build-Num
X-Pantheon-Endpoint
CF-Cache-Status
X-Hyper-Cache
X-FB-Debug
X-Device
X-Clacks-Overhead
X-Cache-Server
Rating
X-DynaTrace
X-Outils-CS
X-Cache-Result
Real-Hostname
X-TN-ServedBy
X-PHP-Engine
X-Loop
Refresh
X-VCache
TCN
X-SERVER
X-Tumblr-Pixel-4
X-TNCMS
X-PersistenceNode
X-Cached-By
Powered-By
NS-RTIMER-COMPOSITE
X-Px
Wp-Super-Cache
X-FORWARDED-FOR
X-From
DynaTrace
X-Cache-Enabled
X-Generated-By
X-Cached
X-CDN-Geo-IP
X-Content-Encoded-By
X-CDN-Any-IP
X-CDN-Geo
Imagetoolbar
Powered-By-ChinaCache
X-Microcachable
X-Tumblr-Content-Rating
Page-Completion-Status
X-Mobilized-By
Access-Control-Max-Age
X-Loc
Thanks
Magicmarker
Product
X-Original-Content-Length
X-CMS-Version
X-Xrds-Location
X-Powered-By-Anquanbao
X-Matrix-Server
X-Matrix-Proxy
X-Zephyr
X-Tumblr-Pixel-5
X-Backend-Server
X-Permitted-Cross-Domain-Policies
IBM-Web2-Location
Charset
X-Version
X-DynaTrace-JS-Agent
X-Content-Security-Policy
X-Jimdo-Pid
X-DDC-Arch-Trace
X-Jimdo-Wid
CC-CACHE
Node
X-Node
X-FW-Hash
X-FW-Static
X-FW-Type
Pics-Label
X-FW-Serve
X-Content-Options
Response
X-W3TC-Minify
X-Processed-By
Generator
Content-Encoding-Handler
X-DNS-Prefetch-Control
Retry-After
ServedBy
X-I
X-Firenze-Processing-Time
X-Varnish-Backend
X-Varnish-Cacheable
X-Hits
X-User-Agent
X-Varnish-Host
Proxy-Agent
Display
X-Middleton-Display
X-Drectory-Script
X-Sol
Access-Control-Request-Method
X-Whom
MIME-Version
X-WebKit-CSP
X-UD-Method
X-UD-Host
X-Middleton-Response
RTSS
X-Purge-Host
Set-Cookie2
Lsrequestid
X-Cache-Debug
X-AspNetWebPages-Version
SID
X-App-Hosting
X-Varnish-TTL
X-NoCache
X-SDS
X-PF-Uncompressing
X-Hosted-By
X-ApacheServer
Sprequestguid
X-Original-Request
X-Sharepointhealthscore
X-Cache-Config
X-Handled-By
X-Actual-URL
ServerName
X-Duration
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Passed-To-DLL
X-Passed-To
X-Director
X-URL
Edge-Control
X-Cache-Expires
Host
X-PERF
X-Varnish-Hits
X-Micro-Cache
X-Expires-Orig
X-ATG-Version
X-Cdn
X-TTL
X-Cookie-Domain
X-Purge-URL
X-MiniProfiler-Ids
X-Speed-Cache-Key
VAR-Cache
X-Speed-Cache
Content-Disposition
X-Ms-Invokeapp
X-Art-Request-Id
X-Nitra-Side
IISExport
X-SN
Fhost
PICS-Label
X-Cache-Control-Orig
X-FIRSTBase
Surrogate-Control
X-Response-Time
X-LiteSpeed-Cache
Cm-Server
X-Vary-Options
COMMERCE-SERVER-SOFTWARE
Accept-Encoding
AMF-Ver
Location
X-GeoIP-Country-Name
X-GeoIP-Country-Code
X-PwB-Node
X-ServerID
X-Session-Reinit
X-Blog
SEOMOZ
S
WWW-Authenticate
MJ12bot
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Srv
X-CJ-Soft
X-ServerName
Proxy-Connection
X-S
Id
X-Front
X-App-Status
Website-Info
X-Cache-TTL
X-Varnish-IP
Server-Info
Microsoftsharepointteamservices
Filter-Revision
X-Trace-Cache
Cache
X-ACMCache
X-Distil-CS
SN
X-Tumblr-Pixel-6
X-Varnish-Age
Accept-Charset
X-Country-Code
Qs-Cache
Srv
X-Amz-Meta-S3cmd-Attrs
X-Cache-Rule
Rt-Fastcgi-Cache
A-Powered-By
X-Device-Type
X-Microcache-Status
X-Orig-Vary
X-FW
X-Time
Cache-By-Node
Req-Id
NODE
NtCoent-Length
ServerID
NetMindSessionID
X-CHSN
X-Yadis-Location
X-Gamma-Serve
X-Do-Not-Hack
X-Provisioner-Version
Fpc-Cache-Id
X-Engine
X-Domain-Checked
X-BackendServer
Nodo
X-App
X-ID
Buuteeq-Source
X-Adobe-Content
Upgrade
X-Varnish-Object-Age
X-Cache-Operation
X-Stale
X-Varnish-Server
X-SRV
X-Translation
X-Cocoon-Version
X-Bettercache-Proxy
X-Highwire-RequestId
X-Server-ID
X-LIGHTHTTP-PCDID
X-Cluster-Node
X-Highwire-SessionId
X-Track
X-Trace
CT
X-Object-Type
X-Sys-Req-ID
X-Cache-Age
X-Object-Id
X-AOL-SNH
Ngpass-Vcall
X-TempDebug
X-Recruiting
PageSpeed
X-HostName
Backend
X-Instart-Request-ID
X-Secret
X-Varnish-Cache-Hits
X-Ttl
MW-Webserver
Powered
X-Transaction
X-Connection-Hash
Server-Name
X-Twitter-Response-Tags
Ms
MIH-PLATFORM
MIH-CLIENT-FARM
MIH-PUBLIC-IDENTIFIER
X-Location-Id
X-Request-Locale
X-Src-Webcache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Req-Host
LBVIS
X-Varnish-Beresp-Grace
X-Resolver-IP
X-Frontend
X-Directory-Script
Machine
BM-Cache-Key
BM-Cache-Node
X-FreeTag-Count
X-Venda-Hitid
XDomainRequestAllowed
X-B2f-Cache-Load
X-Header
-GCR
X-Cache-Action
X-Expires
NLCacheNote
Dispatcher
Ibm-Web2-Location
X-Amz-Id-1
X-Cache-On
X-Distributed-By
Webluker-Edge
X-Powered-By-Server
X-Content-Age
X-Turbo-Control
SS
XX
X-GeoIP
ORIGIN
X-Atraveo-From-Varnish-Cache
X-SDE-Name
X-WR-MODIFICATION
X-Atraveo-Varnish-Server-Id
Content-MD5
X-Wily-Info
X-Geo-IP
X-Atraveo-TTL
Origin
X-Atraveo-NC
X-Wily-Servlet
X-Atraveo-Cache-Control
Content-Security-Policy-Report-Only
Apache
BM-Cache-Status
X-Cache-Lifetime
X-ServerCache-Info
X-Source-ID
X-Old-Content-Length
From
Beyond-Iis
X-REDIRECTSERVER
X-Grid-Server
X-Country
X-Varnish-HitMiss
X-Varnish-Count
TP-L2-Cache
X-Cms-Mode
X-Ar-Debug
X-Jphone-Copyright
X-Dev
TP-Cache
CommunityServer
Worker
UniqueName
X-Gannett-Site-Version
No
Access-Control-Expose-Headers
X-Developer
X-Force
X-PRAM
X-Trace-App
X-Channel-Maxage
X-Rewritten-By
X-Vtex-Remote-Cache
X-Vtex-Processed-At
Progma
Backend-Name-Original
X-UD-Target
X-Block
X-UD-REMOTE-ADDR
X-UD-Loopcounter
X-ACCELERATE
X-VTEX-Janus-Router-Backend-App
X-Vtex-Processado-Em
Version
X-VTEX-Cache-Status-Janus-ApiCache
X-Uid
X-Powered-By-VTEX-Janus-Router
X-Powered-By-VTEX-Janus-Edge
X-Pre-Strip-Debug
X-Powered-By-VTEX-Janus-ApiCache
X-ManagedFusion-Rewriter-Version
X-VTEX-Cache-Status-Janus-Edge
Content-Transfer-Encoding
SiteName
Front-End-Https
X-Monstercache-Hash
X-Cached-Status
X-Monstercache
X-Monstercache-Host
X-Info
Be-Va
Be-Ip
X-UPSTREAM
Front
X-Stage
X-Server-Id
Provided-Host
X-Garden-Version
Jobb.Assistentpoolen.Se
Jobb.Gil.Se
X-Vhost-ID
LBC
Open.Jobgate.Se
Jobb.Passal.Se
X-WP
NnCoection
X-Symfony-Cache
X-SSL
X-T3CacheInfo
X-T3CacheTags
X-Enhanced-By
X-Monstercache-Timeout
X-Machine-Name
P3P:CP
Www.Myjob.Se
Www.Mabracertifiering.Se
X-Id
BM-CountryCode
X-Varnish-ID
X-Built-By
X-Empowered-By
X-Frames-Options
Www.Mirrorgate.Se
Test.Executivepeople.Se
SS-Request-ID2
7e-Page-Cache
X-MJ-Upstream-Addr
X-WA-Info
X-ORACLE-DMS-ECID
SVR
Last-Published
X-Accel-Expires
Cteonnt-Length
X-SilverStripe-Cache
X-Origin-Id
Accept-Language
X-Geo-IPV
X-EPiLogOnScreen-PostUrl
ScoreTracker
X-Geo-IP-Region
X-DeliveryServer
X-Actindo-RS
X-EPiLogOnScreen
Cluster-ID
X-Amz-Version-Id
X-Goog-Hash
X-EdgeRouter
X-Powered
X-Geo-IP-Country
X-MobileDetected
X-Geo-IP-Metro
X-Hstore
X-Hrouter
Compression-Control
X-CacheServer
X-Phpwcms-Page-Processed-In
If-Modified-Since
X-B2f-Not-Route
Noq
X-Phpwcms-Release
X-Webstats-RespID
X-MCB-Server
MirrorName
X-Cache-Set
Server2
Cpu
X-Via-Kemp
X-Varnish-Device
SIP
X-DTC
X-Vhost
Svr
Ram
Provider
X-Webapp
X-Distributor
X-UseReverse-Proxy
X-Origin
X-Router-Backend
X-Varnish-Debug-Pool-Fetch
X-Varnish-Debug-Pool-Recv
X-Web-Node
X-DefendeR-Runtime
X-Uplex
X-SV
Fw-Via
WP-AdvCache-MemCached
X-Varnish-Restarts
X-ChromeLogger-Data
SRV
X-BS
Content-Instance
X-Real-Server
X-Router
X-Varnish-URL
X-ATM-RTime
Cache-Ctrol
X-Kirra-SiteId
X-Varnish-Cache-Server
X-Response
HCVer
X-Storage
X-Cache-Ttl
Content
CacheControlHeader
X-Domino-CacheValidationWithETagReason
HAVer
X-Drupal-Cache-Tags
X-Beatles
X-Varnish-Debug-Hits
X-Varnish-Debug-Age
X-DB-Content-Length
X-Domino-CacheValidationWithETagResult
Web-Server
CDN
X-Varnish-Cache-Local
X-Oracle-DMS-ECID
X-N-ViewType
X-Server-By
X-GC-App
X-GC-Read
IsFullSiteRequest
Render
X-GC-Write
X-Remote-Addr
X-T3Cache
Author
X-Varnish-Action
CP
X-Nginx-Backend
Tpt.Renderer1
ServerConfigManager.WebBugTracker
Sophnep-Edge-FX
Tpt.Renderer
ExecuteNonQuerySQLParam
AppDynamics-BT
X-PM-ID
X-Catalyst
Ksid
Rt-Server
X-Hit-Cache
Before
Il-Cl
After
No-Cookie
X-Pagename
X-ATM-RServer
X-TTFB
X-TTFB-L
X-Benchmark-Sphinx
X-Benchmark-Sphinx-Count
X-SmugMug-Values
Smug-Env
X-App-Container
X-Max-Age
B-Powered-By
X-Benchmark-Db
X-Benchmark-Total
X-SmugMug-Hiring
Pool-Info
X-Benchmark-Cache
X-Nginx-Host
Cmstype
Cmsid
X-N
X-Route
X-Flow-Powered
X-OPNET-Transaction-Trace
ServerId
X-Edge-Location
BALANCEDTO
X-LAvg
X-CacheHits
X-Locale
X-Varnish-Currency
X-Author
X-Time-Spent
X-UserAgent
Warning
X-DSMX-Rewrite-MS
Bs-Header
X-PvInfo
Server-N
X-Hash
X-Debug
X-Purge-Level
X-Allow-Redis
RATING
X-DSMX-Render-MS
X-Node-Name
X-MJ-Serve-Req-Time
Ttl
X-Hit
X-Farm-Server
Pool
WP-Cache
X-LI-UUID
X-FS-UUID
LFY
Host-Service
PServer
X-Full-URL
SFY
X-Powered-By-Yqk
X-App-Server
X-PBY
X-Li-Fabric
X-FCMS-Cache
X-Dynatrace
X-Server-Instance
X-Yqk-Set
X-Li-Pop
Xc
Nitro-Cache
Edgecast
BM-Cache-Bypass
X-CMS
X-CDN-Node
X-CacheTTL
Test
WEBO
Web-Head
X-Edge-IP
X-XHR-Current-Location
Time
X-Upstream
Aoestatic
X-CDN-Cache-Status
X-Cache-Control
X-Client-IP
X-MSEdge-Ref
X-7dig
X-7d-Version
X-7d-Traceid
X-ESI-Enable
X-Abuse
No-Cache
X-WLD-LB
X-WorkerInstancename
Acdc-Web
X-FFX-B
X-Vivastreet
X-MidCOM-Meta-Cache
X-ESI
D
Sid
X-Brought-To-You-By
XDisk
X-Vivastreet-KiwiiPage
Backend-Host
X-Dynamic
Access-Ip
X-NginX-Cache
Allow
X-TLServer
Portlet.Expiration-Cache
Ibf5scheme
INCOMING-TIME
X-IDS-WS
X-NginX-Server
X-Server-IP
X-Ratelimit
X-Varnish-Cookie-Debug
X-RemovedCookies
X-ProcessESI
X-Powered-Developer
X-Dokk-PortalId
X-Revision
X-DC-Origin-IP
X-Flex-Community
X-LB
OGHopCount
ServerIP
MachineName
BE
X-Flex-Tags
X-Flex-Tag
X-Flex-Evstart
X-Flex-Evend
X-Flex-Lang
X-Flex-Lastmod
Publisher
X-BKSrc
Xonnection
X-Generation-Time
Ozcache
X-DELIVERYSERVER
X-S-Misc
X-Varnish-Set-Cookie
X-Mod-Oboe-PS
X-Artvisual-Server
X-D-Time
User-Cache-Control
X-Dynatrace-Js-Agent
X-Optimization
F-In-Cache
SLB
X-Purge-Url
MGIT
X-ARR
X-Magento-Lifetime
X-RSS-CACHE-STATUS
X-HOSTTYPE
X-Snapsis-PageBlaster
X-Binarysec-Via
Hotelbookingid
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-Req-Counter
X-FarmId
MwpReleaseVersion
Ec
CPOINT
X-Bcwwwid
Disaptch-Cache-Rule
Servername
Cneonction
X-Serendipity-InterfaceLangSource
X-Serendipity-InterfaceLang
X-Time-Microsecs
Content-ID
X-Cookie
X-Cache-Extended
X-Magento-Action
X-SATserver
SL-NOREWRITE-REDIRECTS
Server-Optimized-By
Tracker
X-CCM
X-SeschatRedID
X-SeschatTemplateID
ResourceTag
DBG-HTTPHOST
EXT-CACHEEXPIRE
Public-Extension
X-SERVER-ID
DBG-Timestamp
DBG-TargetHost
X-SeschatLayout
X-SeschatDID
OutputRewritten
PROPSON-FARM
Foglight-Request-UUID
X-IP
X-USERNAME
Copyright
X-Client-Addr
Redirect
X-Instance
X-Seschat-URL
X-EPiphany-Vid
X-Environment
X-Client-Vid
Tempo
ProxiaInstanceId
X-Mobile
MageStack-PageSpeed
MageStack-Response-Ttl
IsMobile
Http
MageStack-Loadbalancer
Description
MageStack-Cacheable
MageStack-Config
X-Fett
MageStack-Tag
Keywords
X-HW
X-IP-Address
Apple-Itunes-App
X-Hosting
X-Cache-Backend
X-Yottaa-Optimizations
X-BIN
X-TAG
X-RNDPAGE
X-AccessDev
X-Server-Generated
MageStack-Debug
97YES.COM
X-Unbounce-VisitorID
Head
MageStack-Cache-Status
Content-Cache
X-View
MageStack-Area
X-Yottaa-Metrics
X-Unbounce-Variant
MageStack-Cache-Lifetime
MageStack-Cache-Hits
CacheControlMode
X-Unbounce-PageId
MageStack-Cache
X-Middleton-PageSpeed
X-CACHE-ON
POOL
X-Life
X-Litespeed-Cache
X-NFE
X-DefendeR-Status
X-Varnish-Ttl
Dynatrace
X-GitHub-Request-Id
X-Http-Host
X-Provided-By
X-ErrorPage
Mime-Version
X-Turpentine-Cache
X-Turpentine-Esi
WebDevSrc
X-Rq
REFRESH
X-Nucleus-Cache
Hamster
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Created
X-TTL-Age
X-Url-Store
X-Var-Hash
X-Page-Generation-Time
X-Page-Generated-At
X-Cookie-Store
X-ELC-Checkpoint4
X-JSON-API-LATENCY
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
SBGI-CACHE-CODES
X-HP-CAM-COLOR
X-Nginx-Cache
X-ACLR-Version
Muha
X-Cachable
X-Cache-Via
X-Confluence-Request-Time
X-Checkout
X-Request-Count
X-Static-Version
X-Src-Loadbalancer
X-Render-Time
X-PoweredBy
X-WAP
X-Jcms-Ajax-Id
X-Req-Url
X-V-I-TTL
AcceptLangage
CountryCode
X-Backend-Status
X-Server-Node
X-AppServer-Status
X-V-Outer
X-V-TTL
Noahs-Classifieds
X-Request-Time
Language
Nginx-Cache
X-Backend-Ip
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Crafted
User-Id
X-APP
X-Ec-Custom-Error
X-Amz-Meta-S3fox-Modifiedtime
X-Amz-Meta-S3fox-Filesize
User-Updated-At
X-PS-MURDOCK-ORIG-PROTOCOL
X-Svr-Id
Server-IP
X-Nginx-Server
X-Source
Arr-Disable-Session-Affinity
X-VG-WebCache
X-AISO-Cache
X-AISO-Server
X-Framework
X-ESI-Processing
X-Gondor-Server
X-Debug-Token
X-Cached-From
X-Planisys-CDN-Cache
X-Accel-Cache-Control
X-PS-MURDOCK-ORIG-FILEEXT
Protected-By
X-PS-MURDOCK-CASE-NORMALIZATION
X-Backend-Name
X-Varnish-Hashed-On
X-Hostingcenter
Requested-Host
X-Planisys-CDN-Rules
S-Cnection
OriginServer
X-Nhost
Esi-Enabled
UNIQUE-ID
X-B2f-Cache-NotFromUrl
Atp-Isdpp
Robots
X-WentThroughDrupal-Deliver
X-Is-Mobile
Rt-Proxy-Cache
Web
X-Stackable-Node
Srv-N
X-Process-Time
Orgin-Server
X-Invoke-Duration
W
X-LTM-ID
Be
X-Prerender-Token
X-Who
Ap-Exec-Time-Mks
X-Hop-By
SBMCLOUD
At-Shoptype
WFE
X-Varnish-Hit
X-RE-Ref
At-Isb
X-WentThroughDrupal-Recv
X-Client-Id
X-Pb-Mii
X-Pixelsilk-Version
X-Pixelsilk-Server
X-This-Proto
V-Cache
Mobiquo-Is-Login
X-InDy-Memory
SSPAppContext
Www.Aujourdhui.Com
X-InDy-Query
X-Device-Group
X-OrgURL
X-Debug-Serve
X-Fastcgi-Cache
X-InDy-Time
X-Mii-Cache-Hit
X-ATP-Server
CACHED-RESPONSE
X-Forwarded-Proto
Access-Control-Allow-Method
Fpc-Expire
SV-Duration
X-RequesterIP
X-ServicedByDrupal
X-Cache-Key
X-GeoIP-Country
X-GL-SRV
X-CachedURL
X-App-Reload-Settings
X-CMS-Server
X-Request-Processing-Time
X-Request-Received
X-Cluster
X-Proxy
X-CacheStore
X-Content-Security-Policy-Report-Only
X-Aws-Ec2
X-SEA-Instance-Name
X-Backend-IP
X-Papaya-Gzip
X-TISSERVER
X-Papaya-Cache
Server-Ip
X-PageCache-ParseTime
X-PageCache-Ttl
X-PHP-Cache
Powered-By-Scs
X-Varnish-Esi-Access
X-Varnish-Esi-Method
X-Varnish-Store
X-Apublish-Id
X-Rack-Cors
X-Powered-Load
X-RAMCache
X-PageCache-PagePath
X-PageCache-Level
BrandBucket-Domain
X-ProxyInstancename
X-Nc
Application-Version
X-Test
Disablevcache
X-FRONT-TTL
X-Frontal
X-Panel-Id
X-PageCache-Expire
X-PageCache-Key
X-PageCache-Defaultable
X-Bip
X-Panel-Name
X-Czt
X-Hosting-Env
X-DEBUG
X-Cached-On
X-Cached-Until
X-Compressed-By
X-Cache-Host
X-Upstream-Server
X-Rot
X-Sov
X-Docuri
X-Nocache
X-Varnish-Max-Age
BM-Cache-BackendTime
X-Path
X-Accelerated-By
X-VhostID
X-BCube-Filmed-By
X-Nginx-UpstreamHost
X-Nginx-Pool
X-V
BM-Cache-BackendNode
HGR-NOCACHE
X-SUPERCACHE
B2C-F-008
GenSvr
X-Loopia-Cache
TIMESTAMP
X-Caching-Rule-Id
X-Gyrobase-Publication
X-Libra-UpstreamHost
X-D2id
X-Pagecache
X-Cdn-View
X-Header-Set-Id
Gzip