Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
Link
X-Pingback
X-Content-Type-Options
P3P
X-AspNet-Version
X-XSS-Protection
X-Frame-Options
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Keep-Alive
Strict-Transport-Security
X-Template
X-Language
X-Check
X-Varnish
Access-Control-Allow-Origin
X-Buckets
X-Cacheable
Content-Location
X-Generator
X-Drupal-Cache
P3p
Status
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Iinfo
X-Request-Id
X-Powered-By-Plesk
MS-Author-Via
X-Runtime
X-Type
X-Cache-Group
X-Pass-Why
WP-Super-Cache
X-Powered-CMS
Ngpass-Ngall
Access-Control-Allow-Credentials
Host-Header
X-Cache-Hits
X-Mod-Pagespeed
X-UA-Device
X-Xss-Protection
X-Pad
Content-Security-Policy-Report-Only
X-ShopId
X-ShardId
X-Dc
X-Alternate-Cache-Key
X-Logged-In
X-Backend
X-Via
Access-Control-Allow-Headers
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Access-Control-Allow-Methods
X-Tumblr-Pixel-1
X-Host
X-Served-From-Cache
X-CDN
X-ServedBy
X-Tumblr-Pixel-2
X-ContextId
X-Server
X-Served-By
X-Cache-Hit
X-PC-Hit
X-PC-Key
Content-Security-Policy
X-Port
X-Cache-Lookup
X-Request-ID
X-Robots-Tag
MicrosoftOfficeWebServer
X-Rack-Cache
Powered-By
X-Varnish-Cache
MicrosoftSharePointTeamServices
X-Request-Country
X-Tumblr-Pixel-3
X-Accel-Version
SPRequestGuid
X-SharePointHealthScore
X-XRDS-Location
X-PC-Host
X-PC-AppVer
X-PC-Date
X-Cache-Status
X-Safe-Firewall
X-MS-InvokeApp
X-Cnection
X-Amz-Cf-Id
X-Page-Speed
Content-Encoding
X-Ua-Compatible
X-Seen-By
X-Wix-Renderer-Server
X-Wix-Request-Id
X-AH-Environment
X-Webserver
X-Turbo-Charged-By
X-PhApp
X-Firenze-Processing-Times
X-W-DC
X-INKT-URI
X-INKT-SITE
CF-Cache-Status
Upgrade
X-FullPageCaching
X-Content-Digest
Composed-By
Rating
X-GitHub-Request-Id
Request-Id
X-Tumblr-Content-Rating
Served-By
X-Tumblr-Pixel-4
X-Content-Powered-By
X-Cache-Enabled
SPIisLatency
SPRequestDuration
Public-Key-Pins
Liferay-Portal
Alternate-Protocol
X-Amz-Id-2
X-Node
X-SERVER
X-Amz-Request-Id
X-Spip-Cache
Cf-Railgun
X-Proxy
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Pantheon-Endpoint
X-Styx-Version
X-Hyper-Cache
X-Proxy-Cache
Alt-Svc
X-XN-Trace-Token
X-XN-XNHTML
X-Server-Name
X-CF-Powered-By
Access-Control-Expose-Headers
X-Timer
Timing-Allow-Origin
Content-Script-Type
Content-Style-Type
X-Server-Powered-By
Permitted-Cross-Domain-Policies
X-HeyJason
Access-Control-Allow-Method
Charset
X-FB-Debug
Public-Key-Pins-Report-Only
Access-Control-Max-Age
X-Content-Security-Policy
X-Powered-By-360WZB
Refresh
X-CDN-Geo
X-CDN-Any-IP
X-Swift-CacheTime
X-CDN-Geo-IP
X-Swift-SaveTime
Cartoon
EagleId
X-VCache
X-Clacks-Overhead
X-FW-Hash
X-Hits
X-Permitted-Cross-Domain-Policies
X-Umbraco-Version
X-Cache-Server
X-Cached-By
X-Tumblr-Pixel-5
X-Device
Real-Hostname
X-Loop
X-FW-Type
X-FW-Static
X-FW-Serve
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-Cache-Result
X-Url
X-Px
X-TNCMS
X-User-Agent
X-Jimdo-Wid
X-Jimdo-Instance
X-Cached
X-Backend-Server
NS-RTIMER-COMPOSITE
X-DDC-Arch-Trace
Grace
X-Outils-CS
X-Age
X-Generated-By
X-Cache-Config
Content-MD5
X-Hostname
X-Whom
X-MiniProfiler-Ids
TCN
X-Gateway
X-VWS-Id
X-Beta
X-LJ-Flow-ID
X-AWS-Id
X-From
Magicmarker
X-CMS-Version
X-Cloud-Trace-Context
X-DynaTrace
X-Msg-2-Log
Fpc-Cache-Id
X-Middleton-Display
X-FORWARDED-FOR
Fastly-Debug-Digest
Display
X-Sol
Imagetoolbar
X-Tumblr-Pixel-6
Response
X-WebKit-CSP
X-Drupal-Dynamic-Cache
X-ServerName
Surrogate-Control
X-LiteSpeed-Cache
X-Content-Options
Product
X-AspNetWebPages-Version
PageSpeed
X-Micro-Cache
ServedBy
X-Middleton-Response
X-Expires-Orig
ServerName
Page-Completion-Status
Rt-Fastcgi-Cache
X-Handled-By
X-Country-Code
X-Content-Encoded-By
X-Firenze-Processing-Time
Generator
X-Matrix-Server
Powered-By-ChinaCache
X-Matrix-Proxy
X-ChromeLogger-Data
X-Director
DynaTrace
X-Hosted-By
X-Varnish-Cache-Hits
X-I
Ag-Execution-Time
Ag-Send-Time
Ag-Server-Time
X-URL
X-App-Hosting
Ngpass-Vcall
IBM-Web2-Location
X-TTL
X-Cache-Info
Node
X-Server-ID
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Returned-From-PostProcessResponse
X-Original-Request
X-Actual-URL
X-Returned-From
X-Download-Options
X-Passed-To-PostProcessResponse
X-ApacheServer
X-Forwarded-For
MIME-Version
Content-Hash
Proxy-Connection
X-Processed-By
Edge-Control
Access-Control-Request-Method
X-Art-Request-Id
X-Cache-TTL
Content-Encoding-Handler
X-Stale
X-Varnish-TTL
X-Varnish-Beresp-Status
X-UD-Method
X-Varnish-Beresp-Ttl
X-Version
X-Varnish-Beresp-Grace
X-Track
X-Varnish-Host
X-Cache-Rule
Content-Disposition
Akamai-IP
X-NetCat-Version
Pics-Label
Powered
X-S
X-Cache-Control-Orig
Fhost
X-ATG-Version
X-Mobilized-By
X-Varnish-Cacheable
X-Duration
X-Varnish-Backend
Proxy-Agent
X-ARC
Lsrequestid
X-Gamma-Serve
X-Microcachable
X-CDN-Node
X-CDN-Cache-Status
X-SDS
Host
RTSS
Surrogate-Keys
X-BS
X-I-Sp
X-Do-Not-Hack
X-Cache-Age
X-CacheServer
X-PERF
X-Abuse
Front-End-Https
X-Cache-Debug
ServerID
X-Location-Id
X-Varnish-Age
Retry-After
X-App-Status
X-Time
X-Front
X-HOST
SID
X-Recruiting
X-VTEX-Janus-System
X-VTEX-Janus-SO
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-Edge
X-Vtex-Processed-At
X-Vtex-Remote-Cache
No
X-Orig-Vary
X-NoCache
X-VTEX-Cache-Status-Janus-ApiCache
X-Vtex-Processado-Em:
X-Powered-By-VTEX-Janus-ApiCache
X-Powered-By-VTEX-Janus-Edge
CC-CACHE
Webluker-Edge
X-ServerID
X-Route-Server
X-Upstream
X-Vcap-Request-Id
X-Varnish-Hits
SN
X-Libra-UpstreamHost
X-Powered-By-Server
X-Microcache-Status
X-Device-Type
X-Developer
X-Amz-Meta-S3cmd-Attrs
Version
X-Translation
VAR-Cache
X-Mobile-URL
X-Response-Time
X-Frontend
Buuteeq-Source
X-PwB-Node
X-CJ-Soft
X-FW
X-RESOURCE
X-Cache-Expires
X-DNS-Prefetch-Control
Cache
PICS-Label
X-Ttl
NetMindSessionID
Content-Security-Policy-Rerport-Only
X-Akamai-Device-Characteristics
X-Client-IP
Server-Info
X-Do-Esi
X-Cookie
X-Trace-Cache
Server-Name
Arr-Disable-Session-Affinity
X-Fastcgi-Cache
X-Akamai-Device-Model
X-Varnish-IP
X-Trace
X-DefendeR-Status
X-DefendeR-Runtime
Qs-Cache
X-Daa-Tunnel
Frame-Options
Thanks
X-URLSCHEME
X-Cache-Operation
X-Varnish-Hostname
X-Engine
X-SRV
Location
X-ClientSide-Caching
A-Powered-By
X-Speed-Cache-Key
X-Cookie-Domain
X-Speed-Cache
NtCoent-Length
X-Dynatrace
X-Purge-Host
Srv
X-ACMCache
X-Real-Server
X-Cache-Tags
X-SmartBan-Host
X-SmartBan-URL
X-Goog-Hash
X-Varnish-Server
X-Geo-IP
X-Highwire-SessionId
Vacache
X-Highwire-RequestId
X-Source
X-Grace
X-GeoIP-Country-Name
X-Directory-Script
X-Purge-URL
X-Cocoon-Version
X-GeoIP-Country-Code
X-Drectory-Script
X-Yadis-Location
Lfy
Cxy-All
X-Revision
Sfy
Filter-Revision
X-Instart-Request-ID
X-N
Cm-Server
X-Provisioner-Version
X-Domain-Checked
X-Cache-Lifetime
Origin
NODE
X-Geo-IP-Region
X-Geo-IP-Country
Last-Published
X-Geo-IPV
X-Geo-IP-Metro
X-Srv
X-Magnolia-Registration
X-B-Cache
X-Nginx-Cache
X-AOL-HN
X-Cache-Doesi
S
X-App
X-Processing-Time
IISExport
X-Sys-Req-ID
HAVer
X-AOL-SNH
X-Adobe-Loc
HCVer
X-Sucuri-ID
Backend
Accept-Charset
X-Adobe-Content
CacheControlHeader
X-Blog
Fastcgi-Cache
Accept-Encoding
X-WR-Flags
Warning
Req-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
LBVIS
Nodo
WSR-Cache
X-SV-FromDBCache
X-SV-Edge
X-Server-Upstream
X-SV-Duration
X-SV-CreatedAt
X-SV-Nginx-Duration
WWW-Authenticate
X-Platform
X-SV-Pid
X-Varnish-Debug-Age
X-Distributed-By
X-SV-CacheTags
X-Varnish-Grace
Mobiquo-Is-Login
X-Nginx-Host
X-Bettercache-Proxy
COMMERCE-SERVER-SOFTWARE
X-Amz-Version-Id
X-Session-Reinit
X-Nitra-Side
X-Origin-Id
X-Secret
X-Src-Webcache
X-FIRSTBase
Logging-CorrelationId
X-Debug
X-Dispatch
X-Object-Id
X-Balanceador
Hamster
X-Resolver-IP
X-Vary-Options
X-Object-Type
X-Page-Cache
X-Cache-Key
Beyond-Iis
X-PF-Uncompressing
X-Content-Age
Backend-Timing
X-Config-By
X-Plat
X-Ruxit-JS-Agent
X-Framework
X-Analytics
X-Varnish-RemainingGrace
AMF-Ver
X-Varnish-Seen-By
Author
X-Varnish-Esi-Access
X-Varnish-Esi-Method
X-Varnish-RemainingTTL
X-Uid
X-JG-Page-Cache
X-Rocket-Nginx-Bypass
X-SE-Debug
X-Atraveo-Varnish-Server-Id
X-Atraveo-Zone
X-Atraveo-TTL
X-Atraveo-Set-Cookie
X-Atraveo-Expires
X-Atraveo-From-Varnish-Cache
X-Atraveo-Param-Rm
X-Amz-Id-1
Cache-By-Node
SVR
X-Distributor
LBC
X-NB-Cached-Page
X-Grid-Server
X-Atraveo-ETag
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-PRAM
X-Force
X-Atraveo-Cache-Control
Host-Service
X-BackendServer
X-Platform-Processor
X-Platform-Router
X-Cache-Control
X-Discourse-Route
X-Nhost
S-Cnection
X-NFE
X-Nurl
CT
X-Req-Host
X-W3TC-Minify
X-Storage
CLMOB
Nitro-Cache
WP-AdvCache-MemCached
Allow
X-REDIRECTSERVER
XDomainRequestAllowed
Ibf5scheme
SiteName
X-Varnish-Currency
X-Varnish-Store
X-Machine-Name
X-TempDebug
X-Hypernode
X-Varnish-Debug-TTL
X-WA-Info
X-Jphone-Copyright
X-Origin
X-Rack-Cors
TP-L2-Cache
X-Accel-Expires
X-DOM
X-Edge-Location
X-Gannett-Site-Version
X-Varnish-Action
SSPAppContext
X-Detected-Device
Content-Transfer-Encoding
X-Flow-Powered
TP-Cache
X-Source-ID
X-Real-IP
X-ID
X-Newrelic-App-Data
Cache-Key
X-EDGECONNECT-GUID-DEBUG
X-Channel-Maxage
X-Trace-App
X-NewRelic-App-Data
X-Pagely-Cache
X-SDE-Name
X-Block
Backend-Name-Original
X-Empowered-By
Keywords
X-Litespeed-Cache
X-Varnish-Count
SRV
X-Varnish-HitMiss
X-Captured
X-Connection-Hash
X-Twitter-Response-Tags
X-StackifyID
X-Airee-Node
Front
X-Pagename
X-Transaction
X-Ob-Mode
BALANCEDTO
X-Client-Vid
X-EPiphany-Vid
X-Phpwcms-Release
X-UPSTREAM
Id
X-Cache-Action
From
X-TTFB-L
X-NginX-Cache
X-Phpwcms-Page-Processed-In
X-HITS
Smug-CDN
X-Content-Security-Policy-Report-Only
X-Env
X-SmugMug-Hiring
Worker
X-Full-URL
X-TTFB
X-SmugMug-Values
X-Prefetched
X-NginX-Server
X-Garden-Version
X-Time-Spent
X-Test
X-Cms-Mode
X-Dev
X-AISO-Server
X-Remote-Addr
SBGI-RenderTime
SBGI-RealPath
SBGI-10
SBGI-1
X-AISO-Cacheable
SBGI-5
SBGI-7
SBGI-Device
X-BC
P3P:CP
X-GSL-Server
Cneonction
OT-RequestId
Open.Jobgate.Se
X-Obvious-Info
X-Expires
X-Obvious-Tid
X-Response-Status
X-WR-MODIFICATION
Www.Mirrorgate.Se
X-Turpentine-Esi
X-T3CacheTags
X-T3CacheInfo
Www.Myjob.Se
X-T3Cache
X-AISO-Cache
SBGI-9
X-CCC
X-Site:
X-Symfony-Cache
Jobb.Passal.Se
Jobb.Assistentpoolen.Se
X-Varnish-Bot
ServerIP
ORIGIN
X-Apm-Telemetry-Syncmark
X-B2f-Not-Route
Jobb.Gil.Se
Tk
X-CID
X-IsCacheURL
YF-ID
X-VAge
X-XTM-Node
X-LW-Web-Server
X-Webstats-RespID
Pool
Www.Mabracertifiering.Se
X-Varnish-URL
XX
Test.Executivepeople.Se
Myheader
X-Id
X-Web
X-LB
X-App-Server
X-Amz-Storage-Class
Bios
X-HostName
Description
X-Unbounce-PageId
X-Unbounce-Variant
X-Cache-Set
Set-Cookie2
X-Unbounce-VisitorID
X-Server-Instance
X-ORACLE-DMS-ECID
X-Edge-IP
X-Hit-Cache
Sss
X-Middleton-PageSpeed
X-Cache-Served
X-ACCELERATE
ServerSignature
MW-Webserver
X-BLSR-COST
X-EdgeConnect-MidMile-RTT
X-Old-Content-Length
Fw-Via
X-Powered
X-RiS-UFDI
Hash
X-Vhost-ID
Cluster-ID
Content-Instance
X-Desc
X-Cache-On
X-HW
X-Actindo-RS
X-Invoke-Duration
X-Node-Name
X-WorkerInstancename
X-Turpentine-Cache
ServerTokens
X-Stage
X-Optimization
X-N-ViewType
X-Varnish-Set-Cookie
Cache-Rule
P-LB
X-Hosting
P-WS
X-EdgeConnect-Origin-MEX-Latency
X-Worker
X-Max-Age
X-Smartcache-Timeout
Copyright
X-Rewritten-By
X-ManagedFusion-Rewriter-Version
X-Hosts-Backend
Pool-Info
Web-Server
X-Smartcache-Keys
X-WP
X-Platform-Cache
SS
NLCacheNote
X-Varnish-Ttl
Ews
X-Server-IP
ScoreTracker
X-PHP-Engine
X-TN-ServedBy
X-SV
PServer
X-Backside-Transport
X-CB-Server
X-APP
X-Cache-Engine
X-Route
X-IP-Address
X-Frames-Options
X-GeoIP
B-Powered-By
Fastly-Backend-Name
Mime-Version
X-HOSTNAME
X-SCProxy
Ibm-Web2-Location
X-DPWN-IS-SECURE
X-OPNET-Transaction-Trace
X-ATM-RServer
MIH-CLIENT-FARM
Cpu
Access-Control-Request-Headers
X-WLD-LB
Imx-Cookies-Used
IM-Version
X-PageID
X-Clara-ASAP
Machine
No-Cache
MIH-PLATFORM
X-Pj-Cache-Status
X-DSMX-Render-MS
X-DSMX-Rewrite-MS
X-Domino-CacheValidationWithETagResult
X-Domino-CacheValidationWithETagReason
If-Modified-Since
CpuTime
X-Dynamic
X-Cache-Original-TTL
MIH-PUBLIC-IDENTIFIER
Il-Cl
Noq
Ram
X-Author
X-DTC
N365rili
WP-Cache
X-Ocache
Prxy
X-Full-Url
Tracker
X-Info
X-Oracle-DMS-ECID
X-Perf
X-Kirra-SiteId
X-ATM-RTime
X-Response
RequestId
X-T
X-Forwarded-Proto
X-Brought-To-You-By
Ec
X-ASAP-Cache
Y-Trace
Sophnep-Edge-FX
Sid
X-RateLimit-Remaining
X-AWS
X-B
X-Cache-Keep
BM-Cache-Key
X-ProxyInstancename
Head
X-Cache-TTL-Remaining
X-CacheResult
X-Dispatcher
Dynatrace
X-Header
BM-Cache-Status
X-Is-Mobile
X-Rq
BM-Cache-Node
X-Artvisual-Server
Cmstype
Cached
Cmsid
X-LiteSpeed-Cache-Control
X-LB-Server
X-Debug-Token
X-Avvio-Cms-Cacheload
X-Flex-Lastmod
X-Flex-Tag
X-Flex-Tags
X-Purge-Level
X-Device-Group
X-Powered-By-Anquanbao
X-Flex-Evend
X-Flex-Evstart
X-SV-Expires
X-Flex-Lang
X-Flex-Community
Svr
X-Cache-PageType
X-Frame-Option
X-Cache-Fix
Redirect
Note
X-ServedByHost
X-Webkit-CSP
X-Nginx
X-Cluster-Node
X-Pb-Mii
X-Site-Name
X-Mii-Cache-Hit
Section-Io-Id
W
X-IDS-WS
Nginx-Cache
X-KoobooCMS-Version
X-JSESSIONID
X-HeBS-Cache-Status
X-FFX-B
X-Web-Node
Resin-Trace
X-ESI-Enable
X-FCMS-Cache
X-MrHost
OutputRewritten
X-FreeTag-Count
Ttl
X-Box
Www.Aujourdhui.Com
Mto-License-Status
X-ATP-Server
X-Cache-Extended
X-Healthy
X-Rot
X-Sov
X-VC-TTL
X-PHP-Response-Code
XDisk
V-Age
X-SayCDN-TTL
X-Global-Transaction-ID
X-SayCDN-Original-UA
X-SayCDN-Original-Path
X-Say-TTL
X-SayCDN-Original-Host
X-SayCDN-UA
Countrycode
X-Hstore
X-Varnish-Debug-Pool-Fetch
X-Uplex
HostGen
X-TTL-Age
Be-Va
X-Say-Original-URL
X-Say-Original-UA
X-DN-Cache-Control
X-Say-Cacheable
DeleGate-Ver
User-Agent
INCOMING-TIME
X-Does-He-Have-Time
X-Say-Original-Host
X-EC2-Instance-Id
X-Say-Original-IP
X-ENV
X-EdgeRouter
X-MobileDetected
SERVER-IP
X-Pj-Cache-Key
X-Martin
AC-ELC
X-Would-Your-GrandPa-Wait
X-AccessDev
Be
Server-Optimized-By
X-Beatles-Hits
X-Your-GrandPa-Would-Wait
Http
Encoding
X-We-Are-Hiring
X-Hrouter
X-Gyrobase-Publication
X-Venda-Hitid
X-Varnish-Restarts
Xc
X-Batcache
Be-Ip
IsMobile
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Varnish-Debug-Pool-Recv
X-Server-Addr
X-SeschatTemplateID
X-Restarts
X-Cache-Node
X-BKSrc
X-Varnish-Instance
X-GRACE
X-IP
X-SeschatRedID
X-Seschat-URL
X-Dynatrace-Js-Agent
X-SeschatDID
X-Tradeindia-Request-GUID
X-CO-Host
X-Server-Id
Real-Server
X-SeschatLayout
X-Server-Response-Time
X-Esi
X-ETag
X-Ghost-Cache-Status
X-DealerOn
MageStack-Cache-Status
X-Signature
MageStack-Config
X-Pj-Cache-Gzip
X-Powered-By-Home.Pl
X-MCF-ID
X-Pj-Cache-Time
MageStack-Debug
X-Pj-Cache-Flags
X-Pj-Cache-Expires
X-Obr-Rule
MageStack-Cacheable
KeepAliveTimeout
X-Sc-Path
Language
X-Cache-Level
X-GC-Read
X-Country
X-EZPublish-InstallationID
X-EZPublish-NodeID
X-Hit
X-BE
X-Document-Path
X-RSS-CACHE-STATUS
X-Span
X-Trace-Id
X-PHP
X-BC-Stapler
X-Zendesk-User-Id
Aurora-Node
MageStack-Area
MageStack-Cache
X-Zendesk-Origin-Server
X-Cluster
X-Server-By
X-Document-Guid-Path
X-Document-Guid
X-Key
X-Enhanced-By
X-Wikidot-Static-Cache
NZSpeedy
BM-Cache-Bypass
X-Cache-CFC
X-Runtime-Memory
X-F-Cache
X-Protected-By
MageStack-Cache-Lifetime
X-Pressidium-NinukisWP-Ver
X-GC-App
X-GC-Pointer
X-Batcache-Reason
X-Document-Tracking-Type
X-ESI
NnCoection
Hosted-By
DNNOutputCache
X-GC-Write
X-Wikidot-Backend
X-Sc-Cache
SB-Cache-Remaining
Apachenode
AsisCache
X-Client-Addr
Debug-Status
X-View
X-ADI-STACK
X-Environment
X-Status
ClientIP
Server-IP
Hostname
X-7d-Trace-Id
MageStack-Loadbalancer
Device-Type
X-7d-Instance-Id
User-Cache-Control
RN-Server
SBMCLOUD
Max-Age
X-LTM-ID
X-ADI-VCache
X-Ants-Machine-Id
X-MAT-GEO
Noahs-Classifieds
X-SSL
X-Proto
Accept-Language
Ksid
X-CCM
Tempo
MageStack-Cache-Hits
VANITY-HOST
Paypal-Debug-Id
X-Search-Id
X-Document-Folder-Guid
X-Ants-Host
VC-NoCache
Gzip
X-Cms-Server
Fpc-Expire
X-Built-By
X-Tile-Url
X-FarmId
X-CDNZZ-FCACHE
MageStack-Tag
SB-Cache-Life
CtExclusions
X-EntryPoint
X-Serendipity-InterfaceLang
SB-Site-Device
X-Cachable
X-ACLR-Version
MachineName
Og
Surrogate-Key
WebServer
MageStack-PageSpeed
Device
X-Timestamp
X-Trans-Id
X-Wix-Route-ID
X-Serendipity-InterfaceLangSource
Akamai-Edgescape
X-IIJ-Cache
X-DELIVERYSERVER
X-LS-DEBUG
F5-IpCliente
X-HASH
X-Fallback
Cteonnt-Length
X-RemovedCookies
X-ProcessESI
X-Render-Time
SL-NOREWRITE-REDIRECTS
X-SID
X-Request-Count
MageStack-Web-Node
X-Static-Version
HOST-SERVICE
X-Varnish-Backend-Healthy
X-Varnish-Error-Restart
X-Request-Received
X-Tradeindia-SMgmt
RATING
X-4ormat-Cacheable
Serverid
X-Request-Processing-Time
X-Bcwwwid
X-Amz-Meta-Cb-Modifiedtime
X-GETTER-Cache
X-Lima-Id
GenSvr
From-Origin
X-NWS-LOG-UUID
X-Process-Time
X-Panel-Id
X-Panel-Name
Inserted-Into-Cache-At
Server-Ip
Stats-API
Apache
X-ZSITES-DNS
X-Timing
X-Xhr-Current-Location
Stats-HtmlMinAndCss
Cache-Cookie-Set-From
X-PageType
X-HTML-Minification-Powered-By
X-QHCDN
X-WebNode
Cache-Cookie-Set-Idcheck
X-LW-T
X-BeResp-Ttl
Session-Id
X-Powered-Developer
X-NewCloud-V-Cache
Count-Click-Attempt2
EWHSERVER
Server-ID
Pw-Value
Cache-Cookie-Set-Index-Page
Cache-Cookie-Set-Lfrom
X-Server-Instance-Name
X-Server-Generated
CommunityServer
Content
Publisher
Dispatcher
X-Medium-Entity-Type
X-Medium-Entity-Id
Server-Version
NS-VaryByCustom-Key
X-AUSERNAME
X-Faeria
X-Fedora-School-Id
X-Backend-TTL
X-UUID
Thinkindot-Control
Thinkindot-CacheControl-Type
WFE
X-Capoed
X-Expose-Hostname
X-Expose-Generated
Thinkindot-CacheControl
REFRESH
X-Compressed-By
X-Backend-Ip
X-Esi-Processing
X-Gondor-Server
Provider
DB-Nickname
X-Expose-Site
X-Expose-Took
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-PBY
X-GUploader-UploadID
X-Goog-Generation
X-Ct-Info
X-Hiring
X-Highwire-Sitecode
X-Instance
X-Node-Id
X-RequesterIP
Stats-Rendering
X-Generation-Time
X-ClusterID
X-D-Time
X-Fe
X-Nginx-Backend
X-AppServer-Status
X-AppServer-Cache-Rule
X-VG-WebCache
Commerce-Server-Software
Content-Cache
OriginServer
X-S-Misc
X-Upstream-Time
X-Farm-Server
X-Orig-Host
X-SATserver
X-Sn-Servicetimems
X-COUNTRY-CODE
X-Cache-Frontend
INFO
Kp-EeAlive
X-B3-Traceid
X-Built-With
X-SilverStripe-Cache
X-Frontal
X-NMT-Proxy
X-SERVER-ID
Apple-Itunes-App
X-Cdn-Fetch
X-Pixelsilk-Version
X-Pixelsilk-Server
SLB
X-Cluster-Host
X-Debug-Serve
X-This-Proto
X-Distil-CS
X-Geo-Segment
Requested-Host
SINA-LB
SINA-TS
X-Bip
DPOOL-HEADER
X-UA-Profile
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-TargSmaku
Aoestatic
Web
X-Cache-Via
X-RE-Ref
X-UA-Vendor
Orgin-Server
Is-Cached
X-Ar-Debug
X-Croise-Owner
Balanced-From
D
Sunucu
WEB
X-Hosting-Env
Kanooh-Host
MtcHosted
NKBVHEADER
X-Ec-Custom-Error
TotalTime
X-TNCMS-Bot-Tier
X-Varnish-Cookie-Debug
X-Varnish-GW-Backend
X-WebKit-CSP-Report-Only
X-VhostID
X-Nucleus-Cache
X-Lb-Server
X-Magento-Action
X-Magento-Lifetime
X-Meta-Imagetoolbar
X-KO-Site-Id
X-CACHE-TTL
Disablevcache
MSSmartTagsPreventParsing
MSThemeCompatible
NodeId
X-Meta-MSSmartTagsPreventParsing
X-Meta-MSThemeCompatible
Foglight-Request-UUID
X-PROCESSED-BY
X-Varnish-Hashed-On
X-Varnish-ServiceNetIP
X-FastCGI-Cache
X-AG-MIPS
X-PressLabs-Stats
X-Tags
AGI-Request-ID
Railo-Version
Robots