Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
Link
X-Pingback
X-Content-Type-Options
P3P
X-AspNet-Version
X-XSS-Protection
X-Frame-Options
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Keep-Alive
Strict-Transport-Security
X-Template
X-Language
X-Check
X-Varnish
Access-Control-Allow-Origin
X-Buckets
X-Cacheable
Content-Location
X-Generator
X-Drupal-Cache
P3p
Status
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Iinfo
X-Powered-By-Plesk
X-Request-Id
MS-Author-Via
X-Runtime
X-Type
X-Pass-Why
X-Cache-Group
WP-Super-Cache
X-Powered-CMS
Ngpass-Ngall
Access-Control-Allow-Credentials
Host-Header
X-Cache-Hits
X-Mod-Pagespeed
X-Xss-Protection
X-Pad
Content-Security-Policy-Report-Only
X-UA-Device
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Dc
X-Logged-In
X-Backend
X-Via
Access-Control-Allow-Headers
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
Access-Control-Allow-Methods
X-Tumblr-Pixel-1
X-Served-From-Cache
X-ServedBy
X-Host
X-CDN
X-ContextId
X-Tumblr-Pixel-2
X-Served-By
X-Cache-Hit
X-Request-ID
X-PC-Key
X-PC-Hit
X-Server
Content-Security-Policy
X-Port
X-Cache-Lookup
X-Robots-Tag
MicrosoftOfficeWebServer
X-Rack-Cache
Powered-By
MicrosoftSharePointTeamServices
X-Varnish-Cache
X-Request-Country
X-Accel-Version
X-XRDS-Location
X-Tumblr-Pixel-3
SPRequestGuid
X-SharePointHealthScore
X-PC-AppVer
X-PC-Host
X-PC-Date
X-Cache-Status
X-Safe-Firewall
X-MS-InvokeApp
X-Amz-Cf-Id
Content-Encoding
X-Page-Speed
X-Ua-Compatible
X-Cnection
X-AH-Environment
X-Turbo-Charged-By
X-Seen-By
X-Wix-Renderer-Server
X-Webserver
X-Wix-Request-Id
X-PhApp
X-Firenze-Processing-Times
X-INKT-SITE
X-INKT-URI
CF-Cache-Status
X-Content-Digest
X-FullPageCaching
Upgrade
X-W-DC
Composed-By
Rating
X-GitHub-Request-Id
Request-Id
X-Tumblr-Content-Rating
Served-By
X-Tumblr-Pixel-4
X-SERVER
X-Cache-Enabled
SPIisLatency
X-Content-Powered-By
SPRequestDuration
Public-Key-Pins
Liferay-Portal
Alternate-Protocol
X-Amz-Id-2
X-Amz-Request-Id
X-Node
Cf-Railgun
X-Spip-Cache
X-Proxy
X-Hyper-Cache
X-Styx-Req-Id
X-Styx-Version
X-Pantheon-Endpoint
X-Pantheon-Styx-Hostname
X-Proxy-Cache
Alt-Svc
X-CF-Powered-By
X-Server-Name
Access-Control-Expose-Headers
Timing-Allow-Origin
X-XN-Trace-Token
X-Timer
X-XN-XNHTML
Content-Script-Type
Content-Style-Type
Permitted-Cross-Domain-Policies
X-Server-Powered-By
X-HeyJason
Access-Control-Allow-Method
X-FB-Debug
Charset
Public-Key-Pins-Report-Only
X-Powered-By-360WZB
X-CDN-Geo
X-CDN-Any-IP
X-CDN-Geo-IP
X-Content-Security-Policy
Access-Control-Max-Age
X-Swift-SaveTime
X-Swift-CacheTime
Refresh
EagleId
X-Cache-Server
X-Clacks-Overhead
X-VCache
X-Hits
X-FW-Hash
Cartoon
X-Umbraco-Version
X-Permitted-Cross-Domain-Policies
X-Cache-Result
X-Cached-By
X-Device
X-Tumblr-Pixel-5
Real-Hostname
X-Loop
X-FW-Static
X-FW-Type
X-FW-Serve
X-DynaTrace-JS-Agent
X-Px
X-Fastly-Request-ID
X-User-Agent
X-Url
X-TNCMS
X-Backend-Server
X-Cached
X-Jimdo-Instance
X-Jimdo-Wid
X-DDC-Arch-Trace
X-Age
NS-RTIMER-COMPOSITE
X-Cache-Config
Grace
X-Generated-By
X-Outils-CS
X-Hostname
Content-MD5
X-Whom
X-MiniProfiler-Ids
TCN
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-Beta
X-Gateway
Magicmarker
X-Cloud-Trace-Context
X-CMS-Version
X-From
X-DynaTrace
Fpc-Cache-Id
Fastly-Debug-Digest
X-Msg-2-Log
Response
X-WebKit-CSP
X-Middleton-Display
Imagetoolbar
X-Tumblr-Pixel-6
Display
X-Sol
X-LiteSpeed-Cache
X-Drupal-Dynamic-Cache
X-FORWARDED-FOR
Surrogate-Control
X-ServerName
Product
X-AspNetWebPages-Version
X-Content-Options
ServerName
X-Middleton-Response
X-Expires-Orig
X-Micro-Cache
Rt-Fastcgi-Cache
PageSpeed
ServedBy
X-Firenze-Processing-Time
X-Content-Encoded-By
Page-Completion-Status
Generator
X-Country-Code
X-Handled-By
X-Hosted-By
X-Varnish-Cache-Hits
Powered-By-ChinaCache
X-URL
DynaTrace
X-I
X-Director
X-Matrix-Server
Ngpass-Vcall
X-Matrix-Proxy
X-Forwarded-For
Ag-Send-Time
Ag-Execution-Time
Ag-Server-Time
X-SDS
X-Cache-Info
X-ChromeLogger-Data
Node
X-Server-ID
X-App-Hosting
X-TTL
IBM-Web2-Location
X-Cache-TTL
Proxy-Connection
X-Download-Options
Akamai-IP
X-ApacheServer
X-Track
X-Version
Access-Control-Request-Method
X-UD-Method
Content-Hash
X-Varnish-TTL
Content-Encoding-Handler
X-Processed-By
X-Passed-To-PostProcessResponse
X-Original-Request
X-Passed-To-BeforeDispatch
X-Returned-From
X-Actual-URL
X-Returned-From-PostProcessResponse
X-Passed-To-DLL
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Passed-To
Edge-Control
MIME-Version
X-Varnish-Host
Pics-Label
X-Stale
X-NetCat-Version
X-Cache-Rule
X-S
X-Varnish-Beresp-Grace
Content-Disposition
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Cache-Control-Orig
Fhost
Powered
X-ATG-Version
X-Cache-Age
X-ARC
Lsrequestid
X-Art-Request-Id
X-Varnish-Cacheable
Host
Proxy-Agent
X-Abuse
X-Mobilized-By
X-CDN-Node
X-CDN-Cache-Status
X-Varnish-Backend
Retry-After
X-Gamma-Serve
Surrogate-Keys
Front-End-Https
X-Cache-Debug
X-Do-Not-Hack
X-PERF
X-Response-Time
X-BS
RTSS
X-I-Sp
X-Duration
X-App-Status
X-Varnish-Age
X-Microcachable
X-CacheServer
Webluker-Edge
X-HOST
X-Route-Server
X-Location-Id
X-Frontend
X-Recruiting
ServerID
X-Front
X-Orig-Vary
CC-CACHE
VAR-Cache
Cache
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Cache-Status-Janus-Edge
X-Powered-By-VTEX-Janus-Edge
X-VTEX-Janus-System
X-Vtex-Remote-Cache
X-Vtex-Processed-At
X-Vtex-Processado-Em:
X-VTEX-Janus-SO
X-VTEX-Janus-Router-Backend-App
X-Time
X-NoCache
Version
No
X-ServerID
X-Vcap-Request-Id
X-Powered-By-Server
X-PwB-Node
X-Varnish-Hits
X-Upstream
X-Cache-Expires
X-RESOURCE
Buuteeq-Source
X-Developer
X-FW
X-DNS-Prefetch-Control
X-Ttl
X-Amz-Meta-S3cmd-Attrs
SID
SN
PICS-Label
X-CJ-Soft
X-Mobile-URL
X-Trace-Cache
Content-Security-Policy-Rerport-Only
X-Libra-UpstreamHost
NetMindSessionID
X-Translation
X-Device-Type
X-Microcache-Status
Thanks
X-Do-Esi
X-URLSCHEME
X-Akamai-Device-Characteristics
Srv
Qs-Cache
X-Varnish-IP
X-DefendeR-Status
X-Client-IP
X-Purge-Host
X-ACMCache
X-DefendeR-Runtime
X-Daa-Tunnel
X-SRV
X-Yadis-Location
Arr-Disable-Session-Affinity
Server-Info
Frame-Options
Server-Name
X-Akamai-Device-Model
X-Purge-URL
X-Varnish-Hostname
X-Cache-Operation
X-ClientSide-Caching
X-Cookie
X-Cache-Tags
Location
Vacache
NtCoent-Length
X-Speed-Cache
X-Dynatrace
X-Varnish-Server
A-Powered-By
X-Engine
X-Fastcgi-Cache
Filter-Revision
X-Geo-IP
X-Highwire-RequestId
X-SmartBan-Host
X-SmartBan-URL
X-Highwire-SessionId
X-Speed-Cache-Key
X-Srv
X-Revision
X-Instart-Request-ID
X-Real-Server
X-Grace
X-WR-Flags
Cxy-All
Lfy
Sfy
X-Goog-Hash
X-GeoIP-Country-Code
X-Source
X-GeoIP-Country-Name
X-Cookie-Domain
X-Trace
X-B-Cache
Origin
X-Cache-Doesi
X-Cache-Lifetime
X-Geo-IP-Metro
X-Geo-IP-Region
X-Geo-IP-Country
X-Geo-IPV
Last-Published
Accept-Charset
X-Directory-Script
Cm-Server
X-Processing-Time
Nodo
X-Cocoon-Version
X-Domain-Checked
X-N
X-Provisioner-Version
X-AOL-HN
Accept-Encoding
X-AOL-SNH
X-Sys-Req-ID
X-Sucuri-ID
X-Adobe-Loc
X-Adobe-Content
X-Blog
IISExport
X-Drectory-Script
HAVer
HCVer
X-Varnish-Grace
Warning
Fastcgi-Cache
NODE
X-Nginx-Cache
Req-Id
X-App
X-Server-Upstream
Hamster
CacheControlHeader
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Varnish-Debug-Age
WSR-Cache
X-Magnolia-Registration
S
X-Origin-Id
Logging-CorrelationId
X-Nitra-Side
X-Distributed-By
LBVIS
Author
X-Amz-Version-Id
COMMERCE-SERVER-SOFTWARE
Backend
X-Yottaa-Optimizations
X-PF-Uncompressing
X-Yottaa-Metrics
X-FIRSTBase
X-Varnish-RemainingGrace
X-Varnish-RemainingTTL
X-Varnish-Seen-By
X-Src-Webcache
X-SV-FromDBCache
X-SV-Edge
SVR
X-Content-Age
X-SV-Nginx-Duration
X-Varnish-Action
X-Analytics
X-SV-Duration
X-SV-CreatedAt
X-Session-Reinit
Cache-By-Node
Mobiquo-Is-Login
X-SV-CacheTags
Backend-Timing
X-Platform-Processor
X-Platform-Router
X-SV-Pid
X-Cache-Key
X-BackendServer
X-Resolver-IP
X-Balanceador
X-Accel-Expires
X-Debug
AMF-Ver
X-SE-Debug
X-Secret
X-JG-Page-Cache
WWW-Authenticate
X-Plat
X-Platform
X-Framework
X-Config-By
X-Rocket-Nginx-Bypass
X-Ruxit-JS-Agent
X-Page-Cache
X-Distributor
Ibf5scheme
X-Vary-Options
Host-Service
X-NB-Cached-Page
X-Amz-Id-1
Nitro-Cache
X-SDE-Name
X-Dispatch
X-Bettercache-Proxy
Allow
LBC
X-Machine-Name
Beyond-Iis
S-Cnection
X-Varnish-Esi-Method
X-Nurl
X-Nginx-Host
X-Varnish-Esi-Access
X-NFE
X-Nhost
X-Storage
Set-Cookie2
X-Uid
X-Object-Type
BALANCEDTO
Keywords
X-REDIRECTSERVER
CT
XDomainRequestAllowed
X-Object-Id
WP-AdvCache-MemCached
From
X-Pagename
Content-Transfer-Encoding
X-Varnish-Debug-TTL
X-WA-Info
TP-Cache
TP-L2-Cache
X-Atraveo-From-Varnish-Cache
X-Cache-Control
X-Rack-Cors
X-ID
X-Atraveo-Cache-Control
X-Atraveo-ETag
X-Atraveo-Set-Cookie
X-Atraveo-Expires
X-Atraveo-Param-Rm
X-Discourse-Route
X-Force
X-PRAM
X-Detected-Device
X-Origin
X-Flow-Powered
X-Atraveo-TTL
X-Atraveo-Varnish-Server-Id
X-Atraveo-Zone
X-Empowered-By
X-Varnish-Count
X-Pagely-Cache
X-DOM
X-Airee-Node
X-StackifyID
X-Trace-App
CLMOB
X-Hypernode
X-Grid-Server
SRV
Cache-Key
X-Ob-Mode
X-Varnish-Currency
X-Twitter-Response-Tags
Backend-Name-Original
X-Varnish-URL
X-Captured
X-Varnish-HitMiss
X-Obvious-Info
X-Connection-Hash
X-Req-Host
X-Transaction
X-Block
X-NewRelic-App-Data
X-Edge-Location
Tk
X-Varnish-Store
X-Newrelic-App-Data
XX
X-Obvious-Tid
X-Channel-Maxage
X-Env
X-UPSTREAM
X-HITS
X-NginX-Server
ScoreTracker
X-Test
X-Content-Security-Policy-Report-Only
X-NginX-Cache
Smug-CDN
Description
X-WorkerInstancename
X-TTFB
X-Garden-Version
X-SmugMug-Values
X-Unbounce-Variant
X-Unbounce-VisitorID
X-TTFB-L
X-Cache-Action
X-Gannett-Site-Version
Id
X-Time-Spent
SiteName
X-W3TC-Minify
X-Real-IP
X-Hit-Cache
X-Prefetched
X-Jphone-Copyright
X-Unbounce-PageId
X-SmugMug-Hiring
X-Server-Instance
SBGI-RenderTime
X-Remote-Addr
X-EDGECONNECT-GUID-DEBUG
SBGI-10
SBGI-7
SBGI-5
X-Edge-IP
SBGI-9
X-Id
SBGI-Device
SSPAppContext
SBGI-1
SBGI-RealPath
X-Platform-Cache
X-AISO-Cacheable
X-AISO-Cache
X-Actindo-RS
X-Webstats-RespID
X-AISO-Server
X-GSL-Server
X-Desc
X-Cache-On
YF-ID
X-CCC
X-XTM-Node
X-Varnish-Bot
Cluster-ID
X-TempDebug
X-VAge
X-CID
X-Site:
X-Expires
X-BC
X-LB
X-Kirra-SiteId
Front
X-Source-ID
X-Full-URL
Hash
X-WR-MODIFICATION
X-Apm-Telemetry-Syncmark
X-B2f-Not-Route
X-LW-Web-Server
ServerIP
ORIGIN
X-Powered
X-Amz-Storage-Class
X-App-Server
X-Cache-Set
Content-Instance
X-Client-Vid
MIH-PUBLIC-IDENTIFIER
X-Middleton-PageSpeed
X-EPiphany-Vid
MIH-PLATFORM
MIH-CLIENT-FARM
X-Web
Worker
X-Cms-Mode
Sss
X-Dev
X-ORACLE-DMS-ECID
X-Server-IP
Cneonction
X-Smartcache-Keys
Pool
MW-Webserver
Jobb.Assistentpoolen.Se
X-EdgeConnect-MidMile-RTT
X-CacheResult
X-ATM-RServer
X-ATM-RTime
X-Hosts-Backend
X-Response-Status
X-Cache-Keep
X-Cache-TTL-Remaining
X-WP
X-Symfony-Cache
X-Old-Content-Length
Jobb.Gil.Se
Jobb.Passal.Se
X-Vhost-ID
N365rili
P-WS
X-EdgeConnect-Origin-MEX-Latency
P-LB
X-AWS
X-Worker
X-Hosting
X-Node-Name
Www.Myjob.Se
OT-RequestId
Open.Jobgate.Se
X-RiS-UFDI
P3P:CP
Sophnep-Edge-FX
Www.Mirrorgate.Se
Www.Mabracertifiering.Se
Test.Executivepeople.Se
X-Turpentine-Esi
X-Smartcache-Timeout
ServerTokens
ServerSignature
X-Phpwcms-Release
X-Invoke-Duration
Web-Server
X-Response
X-HW
X-Phpwcms-Page-Processed-In
X-IsCacheURL
Pool-Info
Fw-Via
Copyright
X-Optimization
X-T3Cache
X-T3CacheInfo
SS
X-T3CacheTags
X-Frames-Options
Ews
X-GeoIP
X-SV
X-Route
X-SCProxy
X-Is-Mobile
X-PHP-Engine
X-TN-ServedBy
X-IP-Address
B-Powered-By
Myheader
X-ProxyInstancename
X-CB-Server
X-APP
Mime-Version
X-HOSTNAME
X-Backside-Transport
X-Varnish-Ttl
Bios
PServer
X-Cache-Engine
X-Litespeed-Cache
Imx-Cookies-Used
X-Ocache
X-ASAP-Cache
X-Perf
X-Dynamic
X-Author
X-OPNET-Transaction-Trace
IM-Version
X-DPWN-IS-SECURE
X-Forwarded-Proto
X-Max-Age
X-Pj-Cache-Status
Y-Trace
WP-Cache
X-T
X-Clara-ASAP
X-Oracle-DMS-ECID
W
X-DTC
X-Varnish-Set-Cookie
Cache-Rule
If-Modified-Since
X-BLSR-COST
X-Turpentine-Cache
X-DSMX-Rewrite-MS
Cpu
Ec
NLCacheNote
X-Cache-Node
X-ACCELERATE
X-Cache-Served
X-PageID
X-Stage
X-PHP-Response-Code
X-Healthy
X-Full-Url
X-ESI-Enable
X-FFX-B
X-N-ViewType
X-Info
AC-ELC
X-Brought-To-You-By
Il-Cl
X-Cache-Original-TTL
No-Cache
Prxy
X-DSMX-Render-MS
X-Domino-CacheValidationWithETagResult
X-Domino-CacheValidationWithETagReason
X-GRACE
Access-Control-Request-Headers
X-B
Sid
Ram
Ibm-Web2-Location
Noq
X-ManagedFusion-Rewriter-Version
Cached
X-Avvio-Cms-Cacheload
X-HostName
X-Rewritten-By
Dynatrace
X-Debug-Token
Head
X-LiteSpeed-Cache-Control
X-Esi
X-Dispatcher
X-LB-Server
X-Header
X-Artvisual-Server
X-Server-Response-Time
Svr
Machine
X-Static-Version
X-Box
X-7d-Trace-Id
X-7d-Instance-Id
User-Cache-Control
X-Cache-Extended
X-EntryPoint
X-Render-Time
X-IIJ-Cache
X-Request-Count
X-Fallback
Ttl
X-VC-TTL
X-Powered-By-Anquanbao
X-JSESSIONID
X-KoobooCMS-Version
X-Rot
X-Purge-Level
XDisk
Section-Io-Id
Fastly-Backend-Name
Tracker
X-FreeTag-Count
X-Sov
X-Say-Original-URL
X-Beatles-Hits
X-ESI
X-DN-Cache-Control
X-Batcache
X-AccessDev
Server-Optimized-By
User-Agent
X-Does-He-Have-Time
X-EC2-Instance-Id
X-Hrouter
X-Hstore
X-Martin
X-Gyrobase-Publication
X-Global-Transaction-ID
X-EdgeRouter
X-ENV
SERVER-IP
IsMobile
CpuTime
X-HeBS-Cache-Status
INCOMING-TIME
RequestId
X-RateLimit-Remaining
Nginx-Cache
X-WLD-LB
X-Web-Node
Xc
Countrycode
DeleGate-Ver
HostGen
X-Hit
Be-Va
Be
Be-Ip
X-MobileDetected
X-FCMS-Cache
Encoding
Http
Mto-License-Status
Accept-Language
X-Your-GrandPa-Would-Wait
X-Venda-Hitid
X-Would-Your-GrandPa-Wait
Note
Redirect
X-MrHost
X-ServedByHost
X-IDS-WS
X-Frame-Option
X-SV-Expires
X-Cache-Fix
X-Cache-PageType
X-Varnish-Restarts
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Say-Original-UA
X-Say-TTL
X-SayCDN-Original-Host
X-Say-Original-IP
X-Say-Original-Host
X-Pj-Cache-Key
X-Say-Cacheable
X-SayCDN-Original-Path
X-SayCDN-Original-UA
X-Varnish-Debug-Pool-Fetch
X-Varnish-Debug-Pool-Recv
X-Uplex
X-TTL-Age
X-SayCDN-TTL
X-SayCDN-UA
X-Site-Name
X-Dynatrace-Js-Agent
X-SeschatTemplateID
X-SeschatRedID
Cmsid
Cmstype
X-Tradeindia-Request-GUID
X-IP
X-SeschatLayout
X-SeschatDID
X-Varnish-Instance
X-CO-Host
X-BKSrc
X-Server-Addr
X-Seschat-URL
Real-Server
X-Restarts
CtExclusions
MageStack-Area
MageStack-Cache
MageStack-Cache-Hits
Aurora-Node
X-Zendesk-User-Id
BM-Cache-Node
BM-Cache-Key
X-Zendesk-Origin-Server
MageStack-Cache-Lifetime
MageStack-Cache-Status
MageStack-Tag
MageStack-Web-Node
RN-Server
Server-IP
MageStack-PageSpeed
MageStack-Loadbalancer
MageStack-Cacheable
MageStack-Config
MageStack-Debug
X-LS-DEBUG
X-Server-By
X-RemovedCookies
X-Built-By
X-Key
X-RSS-CACHE-STATUS
X-Pj-Cache-Expires
X-Pb-Mii
X-Pj-Cache-Flags
Hosted-By
NnCoection
X-Span
X-Trace-Id
KeepAliveTimeout
X-PHP
BM-Cache-Status
X-EZPublish-NodeID
X-EZPublish-InstallationID
X-Batcache-Reason
X-BE
X-Country
VANITY-HOST
X-Ants-Host
X-ATP-Server
X-SID
X-Cluster-Node
X-Device-Group
X-HASH
Www.Aujourdhui.Com
OutputRewritten
X-SilverStripe-Cache
V-Age
X-Flex-Community
X-Flex-Evend
X-Mii-Cache-Hit
X-Nginx
X-Obr-Rule
X-Flex-Tags
X-Flex-Tag
X-Flex-Evstart
X-Flex-Lang
X-Flex-Lastmod
X-Rq
X-Wikidot-Backend
X-Document-Guid
X-Document-Guid-Path
X-Document-Path
X-Document-Tracking-Type
X-Document-Folder-Guid
X-DELIVERYSERVER
X-Ants-Machine-Id
X-CCM
X-Client-Addr
Akamai-Edgescape
X-F-Cache
X-Sc-Cache
X-Sc-Path
X-Signature
X-Protected-By
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-VG-WebCache
Paypal-Debug-Id
X-Pj-Cache-Gzip
X-Cluster
X-LTM-ID
X-MCF-ID
X-Powered-By-Home.Pl
X-Search-Id
X-Wix-Route-ID
TotalTime
WebServer
X-Ec-Custom-Error
X-Status
X-ADI-VCache
X-ADI-STACK
Max-Age
Device-Type
X-Cms-Server
X-GC-Write
X-Medium-Entity-Type
X-MAT-GEO
X-Medium-Entity-Id
X-ProcessESI
Surrogate-Key
X-Tile-Url
Gzip
Debug-Status
AsisCache
ClientIP
F5-IpCliente
Requested-Host
Hostname
Fpc-Expire
Ksid
X-Timestamp
SB-Cache-Life
Og
X-View
SB-Cache-Remaining
Device
X-Trans-Id
SB-Site-Device
Apachenode
X-Serendipity-InterfaceLangSource
SBMCLOUD
X-Pressidium-NinukisWP-Ver
X-BC-Stapler
X-Runtime-Memory
X-Proto
MachineName
X-CDNZZ-FCACHE
X-Cachable
X-Cache-Level
DNNOutputCache
NZSpeedy
X-GC-App
X-GC-Pointer
X-GC-Read
X-Pj-Cache-Time
X-Enhanced-By
VC-NoCache
X-Cache-CFC
X-SSL
X-ACLR-Version
X-DealerOn
X-Ghost-Cache-Status
X-FarmId
Tempo
X-ETag
X-Serendipity-InterfaceLang
Noahs-Classifieds
X-Webkit-CSP
X-4ormat-Cacheable
HOST-SERVICE
RATING
X-Tradeindia-SMgmt
X-Varnish-Error-Restart
X-Varnish-Backend-Healthy
Resin-Trace
X-GETTER-Cache
X-Lima-Id
X-Bcwwwid
X-Amz-Meta-Cb-Modifiedtime
Inserted-Into-Cache-At
X-Esi-Processing
Server-Ip
Stats-API
Stats-Rendering
Stats-HtmlMinAndCss
X-Timing
X-ZSITES-DNS
X-Backend-Ip
X-Xhr-Current-Location
X-Compressed-By
X-Panel-Name
Apache
GenSvr
X-Panel-Id
Cache-Cookie-Set-Index-Page
X-UUID
X-PBY
X-Backend-TTL
X-NewCloud-V-Cache
X-Powered-Developer
X-Fedora-School-Id
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Server-Generated
X-Server-Instance-Name
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Count-Click-Attempt2
EWHSERVER
X-QHCDN
X-PageType
X-WebNode
X-AUSERNAME
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-HTML-Minification-Powered-By
X-Environment
X-Faeria
Pw-Value
Server-ID
Session-Id
X-BeResp-Ttl
Bs-Header
X-Goog-Generation
Thinkindot-CacheControl-Type
X-Delivered-By
Thinkindot-Control
WFE
X-Expose-Generated
X-Capoed
Thinkindot-CacheControl
REFRESH
NS-VaryByCustom-Key
X-Gondor-Server
Server-Version
DB-Nickname
Provider
X-Expose-Hostname
Publisher
X-RequesterIP
X-Node-Id
Language
X-Ct-Info
CommunityServer
Content
X-Instance
X-Hiring
E-TAG
Origin-Server
X-Expose-Site
X-Expose-Took
X-Highwire-Sitecode
Cache-Cookie-Set-Lfrom
X-Built-With
X-Upstream-Time
INFO
Kp-EeAlive
X-B3-Traceid
X-S-Misc
X-Nginx-Backend
X-ClusterID
X-D-Time
X-Fe
X-Generation-Time
X-Cache-Frontend
X-COUNTRY-CODE
Disablevcache
MSSmartTagsPreventParsing
MSThemeCompatible
NodeId
Aoestatic
X-TargSmaku
X-Farm-Server
X-Orig-Host
X-SATserver
X-Sn-Servicetimems
X-AppServer-Status
X-AppServer-Cache-Rule
X-Cdn-Fetch
X-Distil-CS
X-Geo-Segment
X-Kinja
Apple-Itunes-App
X-SERVER-ID
BM-Cache-Bypass
X-Pixelsilk-Server
X-Pixelsilk-Version
X-NMT-Proxy
X-Kinja-Build
X-Kinja-Revision
X-Frontal
Commerce-Server-Software
Content-Cache
OriginServer
X-Bip
SINA-TS
X-Kinja-Server
X-UA-Profile
DPOOL-HEADER
SINA-LB
X-CACHE-TTL
X-KO-Site-Id
X-UA-Vendor
Cteonnt-Length
Sunucu
WEB
X-RE-Ref
X-Cache-Via
D
Is-Cached
Orgin-Server
Web
X-TNCMS-Bot-Tier
X-Varnish-Cookie-Debug
Robots
X-LW-T
X-NWS-LOG-UUID
X-Process-Time
NKBVHEADER
MtcHosted
X-Varnish-GW-Backend
X-WebKit-CSP-Report-Only
X-Hosting-Env
Kanooh-Host
Balanced-From
X-Croise-Owner
X-PressLabs-Stats
X-Tags
X-Server-Id
AGI-Request-ID
X-Meta-MSThemeCompatible
X-Meta-MSSmartTagsPreventParsing
X-Lb-Server
X-Magento-Action
X-Magento-Lifetime
X-Meta-Imagetoolbar
Railo-Version
X-AG-MIPS
SL-NOREWRITE-REDIRECTS
X-Nucleus-Cache
X-VhostID
X-Ar-Debug
X-Varnish-ServiceNetIP
X-Varnish-Hashed-On
X-FastCGI-Cache
Foglight-Request-UUID
X-PROCESSED-BY
From-Origin