Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
X-AspNet-Version
P3P
Link
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
X-Adblock-Key
Content-Location
X-Frame-Options
Keep-Alive
CF-RAY
X-Varnish
X-Check
X-Language
X-Template
X-Buckets
X-Cacheable
P3p
Access-Control-Allow-Origin
X-Generator
X-Drupal-Cache
X-Hacker
WP-Super-Cache
X-Ac
Status
MS-Author-Via
X-Powered-By-Plesk
X-AspNetMvc-Version
X-Pad
X-Geo-Port
X-Geo
X-Runtime
X-Request-Id
Strict-Transport-Security
X-Powered-CMS
X-Server
MicrosoftOfficeWebServer
X-Host
X-Type
X-Cache-Group
Access-Control-Allow-Credentials
X-Cache-Lookup
Ngpass-Ngall
X-Logged-In
X-Mod-Pagespeed
X-UA-Device
X-Cache-Hits
MicrosoftSharePointTeamServices
Host-Header
X-Rack-Cache
X-Url
X-Via
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-XRDS-Location
X-Iinfo
SPRequestGuid
X-SharePointHealthScore
X-Forwarded-For
X-Tumblr-Pixel-1
X-Backend
Access-Control-Allow-Headers
X-Varnish-Cache
Content-Encoding
X-CF-Powered-By
Access-Control-Allow-Methods
X-Robots-Tag
X-Accel-Version
X-Served-By
X-Tumblr-Pixel-2
X-MS-InvokeApp
X-Webserver
X-ContextId
X-Page-Speed
X-BC-Is-HA
X-ServedBy
X-Safe-Firewall
X-PhApp
X-Xss-Protection
X-Cnection
X-CDN
X-INKT-SITE
X-INKT-URI
X-ShopId
X-Alternate-Cache-Key
X-ShardId
Composed-By
Served-By
X-Hostname
X-Firenze-Processing-Times
X-Cache-Hit
X-FRAME-OPTIONS
X-PC-Hit
X-PC-Key
X-PC-Host
X-PC-AppVer
X-PC-Date
X-Pass-Why
X-Served-With
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Tumblr-Pixel-3
X-XN-Trace-Token
X-XN-XNHTML
X-Port
X-AH-Environment
X-Powered-By-360WZB
X-Source
X-Rot
X-Cache-Status
X-Age
X-Spip-Cache
Liferay-Portal
Content-Script-Type
Content-Style-Type
X-Amz-Id-2
Content-Security-Policy
X-Umbraco-Version
Cf-Railgun
X-HeyJason
X-Amz-Cf-Id
Cartoon
X-Server-Name
Request-Id
X-Amz-Request-Id
SPIisLatency
SPRequestDuration
X-Cache-Info
X-Content-Digest
Powered-By-ChinaCache
X-Cache-Server
X-Cache-Result
X-FB-Debug
X-DynaTrace
X-Hyper-Cache
X-Served-From-Cache
X-Pantheon-Endpoint
X-Styx-Build-Date
X-Styx-Build-Num
X-Styx-Build-Sha
X-Styx-Version
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Rating
X-Outils-CS
Refresh
TCN
X-TN-ServedBy
Real-Hostname
X-PHP-Engine
X-Loop
X-Timer
X-Cached-By
X-Tumblr-Pixel-4
X-VCache
X-Px
X-Mobilized-By
X-Kafka-Logged
DynaTrace
CF-Cache-Status
X-TNCMS-Version
X-TNCMS-Served-By
X-TNCMS-Render-Time
X-URL
X-TNCMS-Memory-Usage
X-PersistenceNode
Magicmarker
X-Request-ID
NS-RTIMER-COMPOSITE
X-Cached
X-Generated-By
X-FullPageCaching
IBM-Web2-Location
Page-Completion-Status
X-Content-Encoded-By
X-Original-Content-Length
X-From
Imagetoolbar
X-Loc
X-Tumblr-Content-Rating
Product
Thanks
X-Content-Security-Policy
X-Tumblr-Pixel-5
X-CDN-Geo-IP
X-CDN-Any-IP
X-CDN-Geo
X-W3TC-Minify
X-CMS-Version
X-Xrds-Location
X-Zephyr
X-DynaTrace-JS-Agent
X-Node
X-WebKit-CSP
X-Matrix-Proxy
X-Matrix-Server
X-Cache-Enabled
X-Backend-Server
X-Powered-By-Anquanbao
X-Firenze-Processing-Time
X-DDC-Arch-Trace
Generator
Access-Control-Max-Age
Node
Retry-After
Charset
ServedBy
Pics-Label
Powered-By
X-Seen-By
X-Content-Options
Set-Cookie2
Content-Encoding-Handler
IISExport
X-Varnish-Cacheable
X-UD-Method
X-UD-Host
X-Processed-By
X-I
Proxy-Agent
X-DNS-Prefetch-Control
X-SDS
X-Drectory-Script
X-SERVER
X-Permitted-Cross-Domain-Policies
X-App-Hosting
X-Cache-Debug
Lsrequestid
ServerName
X-Proxy-Cache
MIME-Version
X-FW-Hash
X-ATG-Version
Cache-By-Node
Response
X-Original-Request
X-FW-Serve
X-User-Agent
X-FW-Type
X-Purge-Host
X-FW-Static
X-HOST
PICS-Label
X-Actual-URL
X-Passed-To-BeforeDispatch
X-Passed-To
X-Handled-By
X-Passed-To-DLL
X-Returned-From
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Varnish-Backend
X-Varnish-Host
X-PF-Uncompressing
X-Expires-Orig
Accept-Encoding
X-AspNetWebPages-Version
Access-Control-Request-Method
X-ApacheServer
X-Sol
X-NoCache
X-Varnish-TTL
X-Director
X-Cache-Expires
Edge-Control
X-Duration
X-Purge-URL
X-HOSTNAME
Host
X-PwB-Node
X-Middleton-Response
RTSS
X-Hits
X-Nitra-Side
X-Cache-Control-Orig
S
X-Cache-Config
X-W-DC
Fhost
X-Micro-Cache
X-PERF
X-Varnish-Hits
COMMERCE-SERVER-SOFTWARE
X-LiteSpeed-Cache
X-Front
X-Microcachable
X-TTL
X-Hosted-By
X-Yadis-Location
Grace
AMF-Ver
X-Vary-Options
X-FORWARDED-FOR
MJ12bot
SEOMOZ
Content-Disposition
Cm-Server
SID
NtCoent-Length
X-Response-Time
X-Cookie-Domain
X-Swift-CacheTime
X-Swift-SaveTime
Cache
X-CJ-Soft
Accept-Charset
Filter-Revision
WWW-Authenticate
VAR-Cache
X-FIRSTBase
X-Art-Request-Id
X-ServerID
X-Speed-Cache-Key
X-Blog
X-Session-Reinit
X-Speed-Cache
X-Varnish-IP
SN
X-Highwire-RequestId
X-Highwire-SessionId
X-Varnish-Age
X-Version
Srv
Ngpass-Vcall
X-Whom
X-Cocoon-Version
Server-Info
Website-Info
X-Track
Machine
X-ServerName
X-FW
X-Wix-Renderer-Server
Req-Id
X-Engine
X-Cache-Rule
X-SN
X-Trace-Cache
X-Stale
NODE
X-Amz-Meta-S3cmd-Attrs
Surrogate-Control
X-Wix-Request-Id
X-Time
X-S
X-Geo-IP
Upgrade
Proxy-Connection
Id
X-BackendServer
X-GeoIP-Country-Code
X-GeoIP-Country-Name
X-Cache-TTL
X-Connection-Hash
X-Varnish-Server
X-App
X-Twitter-Response-Tags
X-Transaction
X-MiniProfiler-Ids
Ms
X-Wix-Dispatcher-Cache-Hit
X-Tumblr-Pixel-6
X-ACMCache
X-App-Status
Server-Name
X-Cache-Operation
X-MJ-Upstream-Addr
X-Domain-Checked
X-Srv
X-Provisioner-Version
X-SRV
X-Distil-CS
X-Cf-Powered-By
Time
X-Orig-Vary
A-Powered-By
X-Varnish-Cache-Hits
NetMindSessionID
X-CHSN
MIH-PLATFORM
MIH-PUBLIC-IDENTIFIER
X-Ttl
X-Trace
MIH-CLIENT-FARM
Powered
X-LIGHTHTTP-PCDID
X-Machine-Name
ServerID
Qs-Cache
Dispatcher
Origin
X-Gamma-Serve
X-Adobe-Content
Webluker-Edge
X-ID
X-MJ-Serve-Req-Time
Warning
X-Sys-Req-ID
XDomainRequestAllowed
X-Cluster-Node
X-Server-ID
X-Country-Code
X-Source-Host
X-Varnish-Object-Age
CT
X-Secret
Location
SS
CommunityServer
X-FreeTag-Count
X-CacheHits
Server2
X-Pangea-Version
X-App-Start
X-Stage
-GCR
Buuteeq-Source
X-Directory-Script
X-Bettercache-Proxy
Fpc-Cache-Id
X-Device-Type
X-AOL-SNH
X-Object-Type
X-Object-Id
X-Microcache-Status
X-Vhost
X-Frontend
SVR
X-Varnish-Beresp-Status
NLCacheNote
X-GeoIP
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Info
Content-MD5
X-UPSTREAM
X-Translation
MW-Webserver
X-Cache-Age
From
X-Header
X-Src-Webcache
X-Accelerated-By
LBVIS
Be-Ip
Be-Va
Beyond-Iis
X-Request-Locale
X-TempDebug
X-ServerCache-Info
X-Cached-Status
X-Powered-By-Server
X-Cache-Action
UniqueName
X-Grid-Server
X-Recruiting
Ngpass-All
X-Dev
X-Old-Content-Length
X-Rewritten-By
SiteName
X-Resolver-IP
X-Wily-Info
PageSpeedFilters
X-N
X-Expires
X-Amz-Id-1
SFY
X-Frames-Options
X-Atraveo-TTL
RATING
X-Atraveo-NC
X-Atraveo-From-Varnish-Cache
X-Atraveo-Cache-Control
X-Jphone-Copyright
Worker
LFY
X-Location-Id
X-Vtex-Processado-Em
X-ManagedFusion-Rewriter-Version
X-Wily-Servlet
X-Id
X-Cms-Mode
X-Atraveo-Varnish-Server-Id
X-Developer
Cteonnt-Length
X-ORACLE-DMS-ECID
X-Venda-Hitid
X-Vtex-Remote-Cache
No
Rt-Fastcgi-Cache
Content-Transfer-Encoding
Apache
X-Powered-By-VTEX-Janus-ApiCache
X-Trace-App
X-Geo-IP-Region
Backend-Name-Original
X-UD-REMOTE-ADDR
X-UD-Target
Content-Security-Policy-Report-Only
X-UD-Loopcounter
X-Channel-Maxage
X-Webapp
X-Block
X-Turbo-Control
X-Geo-IPV
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-Edge
X-VTEX-Cache-Status-Janus-ApiCache
X-Vtex-Processed-At
X-Cache-Lifetime
X-Geo-IP-Metro
X-Geo-IP-Country
X-Powered-By-VTEX-Janus-Router
X-Powered-By-VTEX-Janus-Edge
X-Router
Backend
Author
X-UseReverse-Proxy
X-Ar-Debug
X-REDIRECTSERVER
X-Server-Id
X-Router-Backend
SRV
Nodo
X-Server-By
X-Content-Age
MirrorName
X-Enhanced-By
Front-End-Https
X-LB
ScoreTracker
X-Empowered-By
Front
X-Gannett-Site-Version
X-Origin
X-Vhost-ID
X-PoweredBy
X-Do-Not-Hack
X-DeliveryServer
X-Cache-Ttl
LBC
X-PvInfo
X-Hash
X-Li-Fabric
X-LI-UUID
X-Li-Pop
X-FS-UUID
Hamster
Accept-Language
X-GC-Write
Il-Cl
Open.Jobgate.Se
X-Varnish-ID
Ram
X-GC-App
X-Origin-Id
Pool
XX
X-DefendeR-Runtime
X-Real-Server
X-Response
Jobb.Assistentpoolen.Se
Jobb.Gil.Se
Www.Mirrorgate.Se
Www.Myjob.Se
Cluster-ID
X-Hosting-Env
Jobb.Passal.Se
Version
Cpu
Noq
X-Country
X-GSL-Server
CDN
X-Kirra-SiteId
X-Cache-On
X-GC-Read
X-T3CacheTags
X-PRAM
Test.Executivepeople.Se
X-Source-ID
P3P:CP
X-Cache-Route
Ksid
Www.Mabracertifiering.Se
No-Cookie
Cneonction
X-ATM-RTime
Rt-Server
X-Force
X-Actindo-RS
X-CacheServer
X-SSL
X-DTC
X-T3CacheInfo
X-ChromeLogger-Data
X-ATM-RServer
7e-Page-Cache
X-Yottaa-Metrics
At-Isb
Content-Instance
X-Yottaa-Optimizations
At-Shoptype
Provided-Host
PageSpeed
X-NginX-Server
X-WR-MODIFICATION
X-Garden-Version
X-Server-IP
Atp-Isdpp
X-Monstercache-Timeout
X-Phpwcms-Page-Processed-In
X-Phpwcms-Release
Provider
X-WP
OriginServer
BM-Cache-Node
BM-Cache-Key
Bs-Header
X-Varnish-HitMiss
X-Varnish-Count
BALANCEDTO
AV1080
Cmstype
X-PM-ID
Progma
Copyright
X-Max-Age
Compression-Control
Web-Server
X-Varnish-URL
X-Varnish-Cache-Server
SIP
X-NGINX-CACHED-AT
X-NGINX-CACHED
X-Cache-Set
X-B2f-Cache-Load
X-Via-Kemp
X-B2f-Not-Route
X-Route
X-Nginx-Backend
User-Id
X-ASTRO-REWRITE
Cmsid
User-Updated-At
X-Varnish-Device
X-FCMS-Cache
X-Varnish-Debug-Age
X-Varnish-Debug-Hits
X-Hit-Cache
X-Goog-Hash
X-Powered
X-SV
X-Catalyst
X-Uplex
Mark
X-Varnish-Debug-Pool-Recv
X-Varnish-Restarts
X-Varnish-Debug-Pool-Fetch
X-ACCELERATE
SV-Duration
X-Host-Url
X-MobileDetected
X-TempoPesquisa
X-Upstream
Cache-Ctrol
X-Vivastreet-KiwiiPage
X-Farm-Server
X-Pagename
Ttl
X-Vivastreet
X-Hrouter
X-Hstore
X-EdgeRouter
X-Accel-Expires
X-ESI
X-T3Cache
X-CacheTTL
X-Nginx-Server
X-Oracle-DMS-ECID
X-Varnish-Action
X-ESI-Enable
WP-AdvCache-MemCached
X-Uid
WEBO
X-FFX-B
X-SilverStripe-Cache
No-Cache
X-IDS-WS
CC-UP
CC-CACHE
X-Client-Addr
X-UserAgent
Head
X-Hit
SLB
X-Life
X-Server-Node
X-Varnish-Cache-Local
X-TLServer
INCOMING-TIME
X-ProcessESI
X-RemovedCookies
X-7d-Traceid
User-Cache-Control
Svr
Fastcgi-Cache
Publisher
X-Flow-Powered
X-Locale
X-SmugMug-Hiring
X-Cache-Backend
X-7dig
Acdc-Web
X-N-ViewType
ServerId
X-SmugMug-Values
X-Dynatrace
X-App-Server
X-TTFB
Access-Control-Expose-Headers
X-7d-Version
X-Server-Instance
Ec
X-OPNET-Transaction-Trace
X-LAvg
X-Remote-Addr
AppDynamics-BT
X-TTFB-L
ServerIP
X-MCB-Server
HAVer
Smug-Env
HCVer
X-Drupal-Cache-Tags
X-Internal-IP
X-Node-Name
X-Distributed-By
Xc
ORIGIN
Ozcache
X-Nginx-Host
X-DELIVERYSERVER
Redirect
X-XHR-Current-Location
Secured
X-Distributor
X-Varnish-Cookie-Debug
X-Nginx-Cache
X-WorkerInstancename
Last-Published
X-S-Misc
Xonnection
Tracker
X-D-Time
X-Generation-Time
X-Wm-1
X-Wm-VIP
X-Varnish-Currency
X-WLD-LB
Backend-Host
X-Time-Spent
X-Varnish-Hit
Foglight-Request-UUID
Tpt.Renderer1
UNIQUE-ID
X-CCM
X-DSMX-Render-MS
Tpt.Renderer
Sid
Render
Server-N
ServerConfigManager.WebBugTracker
X-DSMX-Rewrite-MS
X-Lautre-Frontal
ExecutionTime
X-NID
X-Framework
X-WA-Info
X-Debug
BM-Cache-Status
CP
X-Cache-Key
IsFullSiteRequest
ExecuteNonQuerySQLParam
Disaptch-Cache-Rule
X-Bcwwwid
X-GLaDOS
X-Haiku
Accept
X-Unbounce-VisitorID
X-Server-Generated
X-Unbounce-PageId
X-Unbounce-Variant
X-AISO-Cache
X-AISO-Server
After
B-Powered-By
Before
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-App-Container
X-Binarysec-Via
X-RSS-CACHE-STATUS
X-SDE-Name
POOL
X-Hostingcenter
X-Magento-Action
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-VarnCache
X-Varnish-Ttl
X-Magento-Lifetime
X-Would-Your-GrandPa-Wait
Http
OGHopCount
MachineName
NnCoection
X-Web-Node
X-TTL-Age
X-Ratelimit
X-ELC-Checkpoint4
X-IP-Address
X-DC-Origin-IP
X-DB-Content-Length
X-Confluence-Request-Time
X-JSON-API-LATENCY
Aoestatic
X-Powered-Developer
X-SERVERID
X-Page-Generation-Time
X-Page-Generated-At
Test
X-Your-GrandPa-Would-Wait
X-SERVER-ID
X-Hc-Host
X-PBY
Web-Head
X-Status
X-Abuse
X-CMS
X-Flex-Evstart
X-Flex-Lang
X-Flex-Tag
X-Purge-Level
X-Flex-Lastmod
X-Flex-Evend
X-Allow-Redis
X-Caching-Rule-Id
Mime-Version
X-Flex-Community
X-NginX-Cache
X-DEBUG
X-Flex-Tags
X-Req-Url
X-Req-Host
X-Created
X-V-I-TTL
X-V-Outer
X-Monstercache
X-V-TTL
X-Monstercache-Hash
X-Client-IP
X-Header-Set-Id
X-Edge-Location
X-Monstercache-Host
DBG-Timestamp
X-Fett
X-Varnish-Hashed-On
X-Rack-Cors
F-In-Cache
DBG-TargetHost
DBG-HTTPHOST
X-SeschatDID
X-SeschatRedID
X-SeschatTemplateID
Nginx-Cache
X-SeschatLayout
X-Seschat-URL
X-Device-Group
X-Client-Vid
Tempo
X-Benchmark-Cache
X-Benchmark-Db
X-Serendipity-InterfaceLangSource
X-Serendipity-InterfaceLang
X-EPiphany-Vid
X-Feed
X-Original-IP
X-Benchmark-Sphinx
X-Benchmark-Sphinx-Count
Esi-Enabled
X-Artvisual-Server
X-ServerId
X-HOSTTYPE
X-USERNAME
X-Benchmark-Total
XDisk
CacheControlHeader
X-Backend-Ip
Portlet.Expiration-Cache
X-Nucleus-Cache
X-MSEdge-Ref
X-Pb-Mii
X-RE-Ref
X-Mii-Cache-Hit
X-RequesterIP
Server-Optimized-By
Www.Aujourdhui.Com
X-ATP-Server
X-TISSERVER
X-Wix-Route-ID
X-Pixelsilk-Server
X-Pixelsilk-Version
X-Stackable-Node
X-Forwarded-Proto
X-Edge-IP
Content
X-Cluster
X-Continum-Server
ProxiaInstanceId
X-SATserver
X-Back
X-Compressed-By
X-ACLR-Version
X-Cookie-Store
Server-IP
X-Hosting
X-Dokk-PortalId
X-Gondor-Server
X-Jcms-Ajax-Id
X-AccessDev
TP-L2-Cache
TP-Cache
X-Svr-Id
X-Backend-Status
X-Checkout
X-Author
X-FarmId
X-ESI-Processing
X-Var-Hash
Ibf5scheme
X-Url-Store
Xforwardhost
'Ibf5scheme'
X-WAP
X-Webstats-RespID
X-Symfony-Cache
X-PS-MURDOCK-ORIG-PROTOCOL
Sigma
MGIT
X-PS-MURDOCK-CASE-NORMALIZATION
Hej
Content-Cache
X-PS-MURDOCK-ORIG-FILEEXT
S-Cnection
X-B
X-Time-Microsecs
Initialhost
Ez
X-T
X-Req-Counter
Pool-Info
X-GeoIP-Country
Nitro-Cache
AcceptLangage
IsMobile
BE
Prama
Modurl
Modhost
Modcookie
CountryCode
X-Ocache
X-Revision
WP-Cache
X-CACHE-TTL
SL-NOREWRITE-REDIRECTS
SobiPro
X-Cached-From
X-Debug-Token
X-AVG-REWRITE
X-ProxyInstancename
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-AVG
X-Varnish-Hostname
X-Lang
X-Yqk-Set
X-Test
X-Powered-By-Yqk
MASTERWEBLET
Railo-Version
X-Request-Received
X-Request-Processing-Time
X-V
Language
X-Magnolia-Registration
W
B2C-HG-008
X-HW
MageStack-Area
MageStack-Cache
X-Varnish-Set-Cookie
X-Czt
WebDevSrc
X-Config-By
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
MageStack-Cache-Hits
MageStack-Cache-Lifetime
MageStack-Response-Ttl
MageStack-PageSpeed
MageStack-Loadbalancer
MageStack-Tag
MageStack-Debug
MageStack-Cache-Status
MageStack-Cacheable
MageStack-Config
Requested-Host
X-Brought-To-You-By
X-Ec-Custom-Error
OutputRewritten
Public-Key-Pins
X-Instart-Request-ID
X-Full-URL
X-FRONT-TTL
X-Backend-IP
X-Backend-Name
X-Optimization
Cached
X-Site
X-Mobile
X-Dynamic
X-Timestamp
SBMCLOUD
Countrycode
X-VG-WebCache
X-Trans-Id
WFE
X-HeBS-Cache-Status
X-Cluster-ID
X-Environment
X-ServedByHost
X-Aberdeen-Site
X-Aberdeen-Cache
Http.Set-Cookie
PS-CapabilityList
X-VAR-Apache
X-VAR-Backend
X-VAR-Mobile
X-VAR-PageSpeed
X-VAR-Referer
X-VAR-Logic
X-VAR-Host
X-VAR-BackendHealthy
X-VAR-Hash
DB-Nickname
Description
X-Job-Offer
Tracecode
HTTP
Fw-Via
X-Varnish-Max-Age
X-Content-Parsed-By
Noahs-Classifieds
X-VarnPar2
X-VarnPar1
X-Cache-Host
Keywords
X-Dynatrace-Js-Agent
X-Download-Options
X-Papaya-Gzip
X-Papaya-Cache
X-VAR-RequestType
X-VAR-Server
X-BIN
X-HITS
X-RNDPAGE
Apple-Itunes-App
X-Cache-Via
X-Apublish-Id
X-Cache-Control
X-TAG
X-MidCOM-Meta-Cache
X-Src-Loadbalancer
AppServer
X-Process-Time
Robots
X-MSU-SOURCE
X-SiteConInfo
ID
X-ErrorPage
X-Instance
Hotelbookingid
Mobiquo-Is-Login
X-VAR-VCacheCount
X-VAR-VCache
X-VAR-TTL
X-VAR-Url
X-Cluster-Host
X-Debug-Serve
X-CacheStore
X-CMS-Server
X-B2f-Cache-NotFromUrl
Rt-Proxy-Cache
X-Pagecache
CACHED-RESPONSE
D