Threat Level: green Handler on Duty: Brad Duncan

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
Link
X-AspNet-Version
P3P
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
X-Adblock-Key
Via
X-Frame-Options
Keep-Alive
CF-RAY
Content-Location
X-Varnish
X-Language
X-Template
X-Check
X-Buckets
X-Cacheable
Access-Control-Allow-Origin
X-Generator
X-Drupal-Cache
WP-Super-Cache
X-Ac
X-Hacker
P3p
Status
X-AspNetMvc-Version
MS-Author-Via
X-Powered-By-Plesk
Strict-Transport-Security
X-Runtime
X-Pad
X-Geo
X-Geo-Port
X-Request-Id
X-Mod-Pagespeed
X-Powered-CMS
X-Type
X-Cache-Group
MicrosoftOfficeWebServer
Access-Control-Allow-Credentials
X-Pass-Why
X-Logged-In
X-Cache-Hits
X-Host
Ngpass-Ngall
X-Cache-Lookup
X-Server
Host-Header
X-UA-Device
X-FRAME-OPTIONS
X-Proxy-Cache
X-Iinfo
X-Via
Access-Control-Allow-Headers
X-Backend
X-Rack-Cache
Access-Control-Allow-Methods
MicrosoftSharePointTeamServices
X-CF-Powered-By
X-XRDS-Location
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Served-By
X-Varnish-Cache
X-Xss-Protection
X-Tumblr-Pixel-1
SPRequestGuid
X-SharePointHealthScore
X-Accel-Version
X-Robots-Tag
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Dc
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
X-Seen-By
X-Request-ID
X-ContextId
Content-Encoding
X-Page-Speed
X-ServedBy
X-CDN
X-Cnection
X-INKT-URI
X-INKT-SITE
X-BC-Is-HA
X-Tumblr-Pixel-2
X-Webserver
X-PhApp
X-Safe-Firewall
X-MS-InvokeApp
X-Cache-Hit
X-Hostname
Composed-By
X-PC-Hit
X-PC-Key
X-PC-Date
X-PC-Host
X-PC-AppVer
X-Port
X-Ua-Compatible
Served-By
X-FullPageCaching
X-AH-Environment
Cartoon
X-Cache-Status
X-Firenze-Processing-Times
X-W-DC
X-XN-Trace-Token
X-Tumblr-Pixel-3
X-XN-XNHTML
Public-Key-Pins
X-Age
X-Wix-Renderer-Server
Cf-Railgun
X-Wix-Dispatcher-Cache-Hit
X-Wix-Request-Id
X-Amz-Cf-Id
X-Spip-Cache
X-HeyJason
Liferay-Portal
Content-Security-Policy
Content-Script-Type
Content-Style-Type
X-Amz-Id-2
X-Powered-By-360WZB
Request-Id
X-Amz-Request-Id
CF-Cache-Status
X-Served-From-Cache
X-Content-Digest
X-Server-Name
SPIisLatency
X-Umbraco-Version
SPRequestDuration
X-Cache-Info
X-Timer
X-Pantheon-Styx-Hostname
X-Styx-Build-Num
X-Styx-Version
X-Styx-Req-Id
X-Styx-Build-Sha
X-Styx-Build-Date
X-Pantheon-Endpoint
X-Hyper-Cache
X-Cache-Server
X-Clacks-Overhead
X-DynaTrace
X-FB-Debug
X-SERVER
X-Device
Rating
X-Forwarded-For
Powered-By
X-TN-ServedBy
X-From
Real-Hostname
X-Outils-CS
X-Loop
X-PHP-Engine
X-VCache
TCN
X-Url
X-Tumblr-Pixel-4
DynaTrace
X-Cache-Result
NS-RTIMER-COMPOSITE
X-TNCMS
X-PersistenceNode
X-CDN-Geo
X-CDN-Any-IP
X-CDN-Geo-IP
X-Cached-By
X-Cache-Enabled
X-Px
Refresh
X-Generated-By
X-Microcachable
Imagetoolbar
X-Cached
X-Content-Encoded-By
Page-Completion-Status
X-Tumblr-Content-Rating
Product
Powered-By-ChinaCache
X-Hits
Access-Control-Max-Age
IBM-Web2-Location
X-Loc
X-Backend-Server
X-Powered-By-Anquanbao
X-Mobilized-By
Ms-Author-Via
X-CMS-Version
Thanks
Magicmarker
Charset
X-Content-Security-Policy
X-Processed-By
X-Zephyr
X-Permitted-Cross-Domain-Policies
X-Matrix-Server
X-Matrix-Proxy
Node
X-Node
X-DynaTrace-JS-Agent
X-Jimdo-Wid
X-Jimdo-Pid
X-Tumblr-Pixel-5
X-Version
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-DDC-Arch-Trace
X-I
X-Content-Options
Generator
Pics-Label
X-User-Agent
Retry-After
X-Firenze-Processing-Time
ServedBy
Response
CC-CACHE
X-WebKit-CSP
X-Expires-Orig
Set-Cookie2
X-DNS-Prefetch-Control
X-W3TC-Minify
Proxy-Agent
RTSS
X-Original-Content-Length
X-Cache-Debug
Content-Encoding-Handler
MIME-Version
X-Purge-Host
X-SDS
X-Varnish-Host
X-Cache-Config
X-App-Hosting
SID
X-Sol
X-Middleton-Display
X-Middleton-Response
X-Varnish-Backend
X-URL
X-UD-Method
X-UD-Host
Lsrequestid
X-Hosted-By
X-AspNetWebPages-Version
Display
X-Varnish-TTL
X-LiteSpeed-Cache
X-ATG-Version
Microsoftsharepointteamservices
Edge-Control
Access-Control-Request-Method
X-ApacheServer
Host
Sprequestguid
X-Drectory-Script
X-Sharepointhealthscore
X-Cache-Expires
X-Whom
PICS-Label
X-Varnish-Cacheable
X-Director
X-Original-Request
X-MiniProfiler-Ids
X-Micro-Cache
Content-Disposition
X-Returned-From-DLL
X-Actual-URL
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Returned-From
X-Handled-By
X-Ms-Invokeapp
X-PF-Uncompressing
X-Cache-Control-Orig
X-NoCache
X-Art-Request-Id
X-Cdn
Grace
X-Swift-SaveTime
X-Swift-CacheTime
ServerName
X-Nitra-Side
X-Cache-Resuilt
X-FW
X-Varnish-Hits
Surrogate-Control
X-SN
VAR-Cache
X-Front
Fhost
Accept-Encoding
X-TTL
X-PERF
Cm-Server
X-Response-Time
X-Purge-URL
X-PwB-Node
AMF-Ver
Content-Security-Policy-Report-Only
Location
X-Varnish-IP
X-ServerID
ServerID
SEOMOZ
Proxy-Connection
MJ12bot
WWW-Authenticate
X-SRV
X-Cookie-Domain
X-Distil-CS
X-Trace
Srv
IISExport
X-Cache-Rule
X-CJ-Soft
X-Ttl
COMMERCE-SERVER-SOFTWARE
X-Vary-Options
X-Cache-TTL
X-FIRSTBase
X-Varnish-Age
X-Tumblr-Pixel-6
X-Amz-Meta-S3cmd-Attrs
X-Session-Reinit
X-Blog
Accept-Charset
X-Speed-Cache-Key
X-Duration
X-ACMCache
X-Speed-Cache
Fpc-Cache-Id
Filter-Revision
X-Track
X-Varnish-Cache-Hits
SN
X-Cache-Age
S
Upgrade
X-ServerName
X-Time
A-Powered-By
X-Server-ID
Rt-Fastcgi-Cache
X-S
X-Adobe-Content
Website-Info
Server-Info
Nodo
X-FORWARDED-FOR
X-GeoIP-Country-Code
Buuteeq-Source
Cache-By-Node
X-GeoIP-Country-Name
Qs-Cache
X-ID
Id
X-Trace-Cache
X-BackendServer
X-Orig-Vary
X-CHSN
X-Directory-Script
NetMindSessionID
X-Bettercache-Proxy
X-Instart-Request-ID
Powered
X-Cache-Operation
X-Sys-Req-ID
Cache
X-Object-Type
X-Object-Id
X-App-Status
X-Stale
X-Engine
Server-Name
X-Xrds-Location
NtCoent-Length
X-Gamma-Serve
X-Highwire-RequestId
X-Highwire-SessionId
X-Cache-Action
X-LIGHTHTTP-PCDID
Req-Id
LBVIS
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Microcache-Status
X-Translation
X-Cache-Lifetime
X-Device-Type
X-Varnish-Beresp-Ttl
X-Distributed-By
Ms
X-Transaction
X-Connection-Hash
X-Twitter-Response-Tags
X-Yadis-Location
X-App
Author
NODE
X-Provisioner-Version
X-Domain-Checked
Backend
Origin
X-Secret
XX
X-SDE-Name
X-Cocoon-Version
CT
Dispatcher
X-Src-Webcache
PageSpeed
X-TempDebug
Front-End-Https
No
X-Vtex-Processado-Em
X-Powered-By-VTEX-Janus-Edge
X-Vtex-Processed-At
X-Powered-By-VTEX-Janus-Router
X-Vtex-Remote-Cache
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Cache-Status-Janus-ApiCache
X-VTEX-Cache-Status-Janus-Edge
X-VTEX-Janus-Router-Backend-App
XDomainRequestAllowed
Content-Transfer-Encoding
X-Cache-On
BM-Cache-Key
BM-Cache-Node
X-Varnish-Server
X-Recruiting
X-AOL-SNH
X-FreeTag-Count
X-Srv
MIH-PUBLIC-IDENTIFIER
Content-MD5
X-Symfony-Cache
X-Country-Code
NLCacheNote
X-N
MIH-CLIENT-FARM
X-B2f-Cache-Load
X-Varnish-Count
X-Wily-Servlet
X-Wily-Info
X-Varnish-HitMiss
MIH-PLATFORM
X-Remote-Addr
X-Debug
X-Frontend
X-Expires
X-Amz-Id-1
Beyond-Iis
X-ORACLE-DMS-ECID
Access-Control-Expose-Headers
X-Varnish-Action
Apache
SS
X-Stage
X-Header
X-Old-Content-Length
X-REDIRECTSERVER
X-Location-Id
X-Dynatrace
X-Cluster-Node
X-Grid-Server
X-Ar-Debug
X-Powered-By-Server
X-Content-Age
Pool
X-Resolver-IP
X-ManagedFusion-Rewriter-Version
MW-Webserver
X-Machine-Name
X-Rewritten-By
X-Turbo-Control
X-SBGI-Cache-Codes
LBC
X-Real-Server
X-WEBSERVER
SRV
X-Gannett-Site-Version
Front
Cteonnt-Length
BM-Cache-Status
TP-Cache
TP-L2-Cache
X-Source-ID
X-ServerCache-Info
X-Origin
X-PRAM
X-WR-MODIFICATION
X-Atraveo-NC
X-Atraveo-Cache-Control
X-Plat
X-Atraveo-From-Varnish-Cache
X-Atraveo-Varnish-Server-Id
X-BS
X-Country
X-Atraveo-TTL
Version
Provided-Host
X-Venda-Hitid
X-UD-Target
X-Dev
X-UD-Loopcounter
X-Server-Id
X-Info
X-Who
Last-Published
X-UD-REMOTE-ADDR
HAVer
BM-CountryCode
X-Geo-IP-Metro
X-Router
X-UseReverse-Proxy
X-Webapp
Machine
-GCR
X-Geo-IPV
X-Router-Backend
X-Geo-IP-Region
HCVer
X-Geo-IP-Country
CPOINT
Cluster-ID
X-Beatles
Server2
X-Actindo-RS
X-DeliveryServer
ORIGIN
X-UPSTREAM
X-SSL
X-Varnish-Object-Age
X-Geo-IP
X-Invoke-Duration
SiteName
Www.Mirrorgate.Se
Www.Myjob.Se
SVR
Jobb.Gil.Se
Www.Mabracertifiering.Se
Test.Executivepeople.Se
Open.Jobgate.Se
Jobb.Passal.Se
SS-Request-ID2
P3P:CP
X-Built-By
X-Frames-Options
Jobb.Assistentpoolen.Se
Content-Instance
Warning
X-Origin-Id
X-Garden-Version
X-Cms-Mode
X-Uid
X-Monstercache-Timeout
Ttl
X-DPWN-IS-SECURE
X-Enhanced-By
X-Jphone-Copyright
X-WP
X-Phpwcms-Release
Worker
X-Phpwcms-Page-Processed-In
X-T3Cache
X-T3CacheTags
Ksid
X-MJ-Upstream-Addr
Compression-Control
X-DSMX-Rewrite-MS
X-Developer
X-Drupal-Cache-Tags
X-Webstats-RespID
Web-Server
X-PM-ID
Cneonction
X-B2f-Not-Route
X-Server-Instance
NnCoection
X-DSMX-Render-MS
X-ATM-RTime
X-Varnish-ID
X-BKSrc
X-Farm-Server
X-Empowered-By
X-Libra-UpstreamHost
X-ATM-RServer
X-Cache-Set
X-ACCELERATE
X-ChromeLogger-Data
X-PageID
X-Vhost-ID
X-Cache-CFC
X-Author
Progma
X-Distributor
X-Flow-Powered
X-Route
ScoreTracker
X-App-Container
X-GC-App
X-GC-Write
X-Node-Name
X-FS-UUID
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Monstercache
X-Monstercache-Hash
X-Purge-Url
From
X-Monstercache-Host
X-GC-Read
X-Planisys-CDN-Rules
X-Catalyst
Ibm-Web2-Location
X-Planisys-CDN-Cache
X-WA-Info
X-N-ViewType
X-Varnish-Debug-Hits
X-EPiLogOnScreen
X-Varnish-Device
X-Powered
X-EPiLogOnScreen-PostUrl
SIP
Tpt.Renderer1
X-Cache-Ttl
X-Goog-Hash
MirrorName
X-Varnish-Debug-Age
X-Via-Kemp
X-MCB-Server
X-Accel-Expires
X-WLD-LB
Muha
X-Kirra-SiteId
X-DTC
WEBO
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-CacheServer
No-Cookie
WFE
IsFullSiteRequest
Render
ServerConfigManager.WebBugTracker
X-HostName
ExecuteNonQuerySQLParam
Before
X-ESI-Enable
X-FFX-B
X-Response
After
Tpt.Renderer
Il-Cl
Smug-Env
X-SV
X-TTFB-L
X-SmugMug-Hiring
X-TTFB
X-Req-Host
X-SmugMug-Values
X-Edge-Location
X-Server-By
Host-Service
X-Force
X-Max-Age
X-SilverStripe-Cache
WP-AdvCache-MemCached
RATING
X-Hash
X-Varnish-Cookie-Debug
Gzip
Server-N
Bs-Header
X-MobileDetected
Be
Redirect
X-MJ-Serve-Req-Time
X-PvInfo
X-Id
Test
B-Powered-By
X-Amz-Version-Id
Provider
X-Varnish-Currency
X-Varnish-Cache-Local
X-Hstore
X-Oracle-DMS-ECID
X-DB-Content-Length
Sid
CP
Cmstype
X-Fastcgi-Cache
Altran-C
Accept-Language
X-Nginx-Host
X-Storage
X-Nginx-Cache
X-MidCOM-Meta-Cache
X-CMS
X-Cache-Extended
X-EdgeRouter
X-GitHub-Request-Id
X-ESI
Cmsid
X-Frontal
X-LB
X-Hrouter
Content-ID
X-Vhost
Servername
X-Trace-App
X-Block
X-T3CacheInfo
D
X-OPNET-Transaction-Trace
X-Channel-Maxage
X-Powered-Developer
Backend-Name-Original
F-In-Cache
PServer
BE
X-This-Proto
X-Varnish-Ttl
X-Benchmark-Db
X-Benchmark-Total
X-Benchmark-Sphinx-Count
X-NFE
X-Nhost
X-Is-Mobile
X-WorkerInstancename
Mobiquo-Is-Login
ServerIP
X-Benchmark-Cache
X-Benchmark-Sphinx
7e-Page-Cache
X-Mobile
X-MSEdge-Ref
X-Source
X-SeschatLayout
Cache-Ctrol
X-Middleton-PageSpeed
X-Web-Node
X-SeschatRedID
BM-Cache-Bypass
X-SeschatTemplateID
WP-Cache
X-Crafted
X-SeschatDID
Rt-Server
No-Cache
X-Client-Vid
CommunityServer
Disaptch-Cache-Rule
BrandBucket-Domain
X-EPiphany-Vid
X-Purge-Level
Copyright
Backend-Host
X-Allow-Redis
X-Pagename
X-Hit-Cache
Content
X-Cached-Status
X-Flex-Lastmod
X-Flex-Lang
X-Flex-Tag
X-Flex-Tags
X-Varnish-Hit
X-Hosting
Webluker-Edge
X-Flex-Community
Http
X-Flex-Evend
INCOMING-TIME
X-Flex-Evstart
X-Varnish-Cache-Server
X-Mod-Oboe-PS
X-UserAgent
X-CCM
X-Prerender-Token
X-Server-IP
X-CDN-Node
X-Locale
X-View
X-Powered-By-Yqk
X-Varnish-Debug-Pool-Recv
X-Varnish-Restarts
X-Client-IP
X-CDN-Cache-Status
X-Cache-Control
X-ProcessESI
Ec
X-RemovedCookies
X-Content-Security-Policy-Report-Only
X-Yqk-Set
X-DefendeR-Runtime
MachineName
X-DefendeR-Status
Web-Head
Publisher
OGHopCount
BALANCEDTO
X-Seschat-URL
X-CacheTTL
MageStack-Config
Timing-Allow-Origin
UniqueName
MageStack-Cacheable
MageStack-Debug
X-Varnish-Debug-Pool-Fetch
MageStack-PageSpeed
MageStack-Loadbalancer
MageStack-Response-Ttl
MageStack-Tag
MageStack-Cache-Status
MageStack-Cache-Lifetime
MageStack-Cache
MageStack-Area
X-Uplex
X-IP-Address
MageStack-Cache-Hits
Aoestatic
X-FCMS-Cache
CACHED-RESPONSE
X-Server-Node
X-Unbounce-PageId
X-DELIVERYSERVER
X-Unbounce-Variant
X-NginX-Server
X-Unbounce-VisitorID
X-Test
X-SATserver
X-Dynatrace-Js-Agent
X-NginX-Cache
X-App-Server
X-Full-URL
Xonnection
NZSpeedy
X-Revision
Hotelbookingid
X-Artvisual-Server
X-App-Reload-Settings
X-Cache-Doesi
SV-Duration
S-Cnection
ProxiaInstanceId
X-IDS-WS
Server-Optimized-By
X-Fett
X-IP
OutputRewritten
X-JSON-API-LATENCY
X-CCC
X-Cachable
X-CID
X-Hit
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
MGIT
Ibf5scheme
X-Url-Store
X-Var-Hash
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
X-Planisys-CDN-Upstream
X-Req-Counter
ClientIP
F5-IpCliente
X-Cookie-Request-Debug
X-Cookie-Response-Debug
Fw-Via
X-LTM-ID
X-Serendipity-InterfaceLang
X-Serendipity-InterfaceLangSource
X-Time-Microsecs
X-Cookie
X-Turpentine-Cache
X-TTL-Age
Access-Ip
Be-Ip
Be-Va
CountryCode
AcceptLangage
X-Upstream
X-Magento-Action
X-Magento-Lifetime
X-Nucleus-Cache
X-Request-Time
X-Backend-Status
X-Cache-Backend
X-Page-Generated-At
X-Page-Generation-Time
X-Rot
X-Sov
X-GeoIP
X-ELC-Checkpoint4
X-Checkout
X-CMS-Server
X-Cookie-Store
X-Dokk-PortalId
X-Hostingcenter
X-Sc-Cache
X-D-Time
X-Generation-Time
X-Backend-IP
Robots
Tracker
Esi-Enabled
X-HOSTTYPE
X-Process-Time
X-Wikidot-Static-Cache
Thinkindot-CacheControl
X-Wikidot-Backend
X-USERNAME
X-S-Misc
X-MaxAge
X-7dig
LFY
X-ACLR-Version
AppDynamics-BT
X-Ratelimit
X-DC-Origin-IP
X-CACHE-TTL
X-PBY
X-7d-Traceid
X-7d-Version
User-Updated-At
User-Id
OriginServer
Thinkindot-CacheControl-Type
SFY
X-GeoIP-Country
X-RequesterIP
X-Instance
If-Modified-Since
X-Binarysec-Via
Thinkindot-Control
X-Environment
UNIQUE-ID
X-Sc-Path
Ozcache
Dynatrace
Xc
X-Magnolia-Registration
X-Abuse
X-TLServer
Serv
Nginx-Cache
X-XHR-Current-Location
X-WAP
ContentType
X-RE-Ref
ResourceTag
X-Content-Parsed-By
Time
X-Varnish-URL
Fpc-Expire
X-Varnish-Set-Cookie
X-ARR
X-Turpentine-Esi
X-HW
CData
MwpReleaseVersion
X-AccessDev
Public-Extension
IsMobile
X-Cache-Via
X-ESI-Processing
Protected-By
Hamster
Portlet.Expiration-Cache
X-Request-Received
X-Node-ID
X-Request-Processing-Time
Redirect-Store
X-JG-Page-Cache
X-Domino-CacheValidationWithETagReason
X-Domino-CacheValidationWithETagResult
CacheControlHeader
Noahs-Classifieds
Pool-Info
X-Ruxit-Js-Agent
X-RSS-CACHE-STATUS
X-Render-Time
X-Request-Count
X-PoweredBy
Edgecast
Rewriter
X-Cluster-Server
X-Server-Generated
X-Static-Version
X-Src-Loadbalancer
Railo-Version
X-Download-Options
X-Bcwwwid
Content-Cache
At-Isb
X-Accel-Cache-Control
SSPAppContext
X-Aws-Ec2
X-Ec-Custom-Error
X-ProxyInstancename
X-Device-Group
X-Geolocation
X-Pb-Mii
Keywords
Description
SLB
X-Mii-Cache-Hit
Www.Aujourdhui.Com
X-ServiceProvider
X-Snapsis-PageBlaster
X-Cache-Key
X-Confluence-Request-Time
X-AISO-Server
X-AISO-Cache
Encoding
X-Client-Id
X-Debug-Serve
X-ATP-Server
X-B2f-Cache-NotFromUrl
Rt-Proxy-Cache
X-Brought-To-You-By
X-Forwarded-Proto
X-Daa-Tunnel
X-Dynamic
X-Highwire-Sitecode
X-Client-Addr
Requested-Host
X-Edge-IP
XDisk
Tempo
W
X-APP
PROPSON-FARM
Sophnep-Edge-FX
Nitro-Cache
Max-Age
X-Compressed-By
X-Cache-Host
X-Highwire-Cache
X-CacheStore
X-VG-WebCache
X-DEBUG
Mime-Version
X-SERVER-ID
Ngpass-Vcall
KinteraFilter
X-Ruxit-JS-Agent
X-TAG
X-RNDPAGE
X-SiteConInfo
GenSvr
X-AVG
Proc
X-Life
X-AVG-REWRITE
X-PC3-Time
X-Rq
X-Docuri
X-R4L-VHOST
X-Nginx
X-Compressor
DBG-TargetHost
X-VhostID
EXT-CACHEEXPIRE
X-Grace
BKREF
X-Path
X-CMS-Powered-By
X-Backend-Name
X-AppServer-Status
X-Webobjects-Loadaverage
HostName
X-Powered-By-Home.Pl
X-Panel-Name
X-Panel-Id
Language
X-PC3-Control
SL-NOREWRITE-REDIRECTS
X-Varnish-Hashed-On
X-RateLimit
X-Pageid
X-Cached-From
X-CPU-Time
X-CDN-Version
Svr
X-Do-Not-Hack
X-Client-True-IP
X-Debb
AC-ELC
-Onnection
X-WebKit-CSP-Report-Only
C-TTL
DBG-Timestamp
Balanced-From
X-Provided-By
X-SEA-Instance-Name
B2C-HG-008
X-Mobile-Device
X-Czt
Yola-ID
AMFplus-Ver
Device
X-Cluster-ID
X-Apublish-Id
X-Stackable-Node
DB-Nickname
Apple-Itunes-App
BM-Cache-BackendNode
X-HITS
X-BIN
BM-Cache-BackendTime
Access-Control-Allow-Origin:
X-Upstream-Time
Backend-INFRA.WAN
X-Optimization
X-Gondor-Server
X-Eznode
Z-NginxStatus
X-Node-Id
DBG-HTTPHOST
X-Jcms-Ajax-Id