Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
X-AspNet-Version
Link
P3P
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
X-Adblock-Key
Keep-Alive
X-Frame-Options
CF-RAY
Content-Location
X-Varnish
X-Language
X-Check
X-Template
X-Buckets
X-Cacheable
Access-Control-Allow-Origin
X-Generator
P3p
X-Drupal-Cache
X-Ac
X-Hacker
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-AspNetMvc-Version
Strict-Transport-Security
X-Runtime
X-Pad
X-Geo
X-Geo-Port
X-Request-Id
X-Powered-CMS
X-Type
X-Cache-Group
X-Mod-Pagespeed
MicrosoftOfficeWebServer
X-Host
Access-Control-Allow-Credentials
X-Logged-In
Ngpass-Ngall
X-Cache-Hits
X-Cache-Lookup
X-Server
Host-Header
X-UA-Device
X-Rack-Cache
MicrosoftSharePointTeamServices
X-Via
X-Iinfo
X-Backend
Access-Control-Allow-Headers
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Allow-Methods
X-Pass-Why
X-CF-Powered-By
X-XRDS-Location
X-Tumblr-Pixel-1
X-Varnish-Cache
X-Served-By
SPRequestGuid
X-SharePointHealthScore
Content-Encoding
X-Accel-Version
X-Robots-Tag
X-ContextId
X-Sorting-Hat-PodId
X-ShopId
X-Dc
X-Alternate-Cache-Key
X-Sorting-Hat-PodId-Cached
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-Tumblr-Pixel-2
X-Seen-By
X-ServedBy
X-Page-Speed
X-INKT-URI
X-INKT-SITE
X-Cnection
X-Webserver
X-BC-Is-HA
X-PhApp
X-MS-InvokeApp
X-CDN
X-Url
X-Safe-Firewall
Composed-By
X-Hostname
X-Cache-Hit
X-Request-ID
X-PC-Hit
X-PC-Key
X-FullPageCaching
Served-By
X-PC-Host
X-PC-Date
X-PC-AppVer
X-Ua-Compatible
X-FRAME-OPTIONS
X-Port
X-Forwarded-For
X-FRAME-Options
X-AH-Environment
X-Firenze-Processing-Times
X-Proxy-Cache
X-Cache-Status
X-Tumblr-Pixel-3
X-XN-Trace-Token
X-XN-XNHTML
Cartoon
X-W-DC
X-Age
Public-Key-Pins
Cf-Railgun
X-Wix-Renderer-Server
X-Wix-Dispatcher-Cache-Hit
X-Wix-Request-Id
X-HeyJason
X-Spip-Cache
X-Amz-Cf-Id
X-Powered-By-360WZB
Content-Security-Policy
Liferay-Portal
Content-Script-Type
X-Amz-Id-2
Content-Style-Type
X-Amz-Request-Id
X-Server-Name
X-Served-From-Cache
X-Umbraco-Version
X-Cache-Info
X-Content-Digest
Request-Id
SPIisLatency
SPRequestDuration
X-Timer
X-Styx-Version
X-Styx-Build-Sha
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
X-Styx-Build-Num
X-Styx-Req-Id
X-Styx-Build-Date
X-Cache-Server
X-SERVER
X-Hyper-Cache
CF-Cache-Status
X-Cache-Result
X-FB-Debug
X-Device
X-Clacks-Overhead
Rating
X-Outils-CS
X-DynaTrace
X-TN-ServedBy
Real-Hostname
TCN
X-PHP-Engine
X-Loop
Refresh
X-VCache
X-Px
X-Tumblr-Pixel-4
Powered-By
X-PersistenceNode
X-TNCMS
X-Cached-By
NS-RTIMER-COMPOSITE
X-FORWARDED-FOR
Wp-Super-Cache
X-Cache-Enabled
X-From
DynaTrace
Powered-By-ChinaCache
Imagetoolbar
X-Generated-By
X-Content-Encoded-By
X-Cached
X-Microcachable
X-CDN-Geo-IP
X-Tumblr-Content-Rating
X-CDN-Geo
X-CDN-Any-IP
X-Mobilized-By
Access-Control-Max-Age
Page-Completion-Status
Thanks
X-Loc
Magicmarker
X-Original-Content-Length
Product
X-Powered-By-Anquanbao
X-Matrix-Server
X-CMS-Version
X-Matrix-Proxy
X-Zephyr
X-Backend-Server
X-Tumblr-Pixel-5
Charset
Pics-Label
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Version
IBM-Web2-Location
X-DynaTrace-JS-Agent
X-Jimdo-Pid
X-Jimdo-Wid
Node
CC-CACHE
X-DDC-Arch-Trace
Response
X-FW-Hash
X-FW-Static
X-FW-Serve
X-FW-Type
X-Node
X-W3TC-Minify
X-Processed-By
Content-Encoding-Handler
X-Content-Options
X-I
X-Firenze-Processing-Time
ServedBy
Generator
X-SDS
X-Varnish-Cacheable
Retry-After
X-User-Agent
X-Varnish-Backend
X-UD-Method
X-WebKit-CSP
X-Varnish-Host
X-UD-Host
X-Hits
X-Sol
X-Xrds-Location
Display
X-Middleton-Display
X-Middleton-Response
X-DNS-Prefetch-Control
Set-Cookie2
X-Purge-Host
Proxy-Agent
X-Whom
X-PF-Uncompressing
X-Drectory-Script
X-AspNetWebPages-Version
X-Cache-Debug
MIME-Version
Lsrequestid
X-Varnish-TTL
Access-Control-Request-Method
SID
X-Hosted-By
X-App-Hosting
X-ApacheServer
RTSS
Sprequestguid
X-NoCache
X-Sharepointhealthscore
X-Duration
X-Original-Request
X-Cache-Expires
X-Cache-Config
Edge-Control
ServerName
X-URL
Host
X-Passed-To
X-Handled-By
X-Director
X-Actual-URL
X-Returned-From
X-Passed-To-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Expires-Orig
X-Passed-To-DLL
X-PERF
IISExport
X-Cdn
Content-Disposition
X-Purge-URL
X-Micro-Cache
X-TTL
VAR-Cache
X-Cookie-Domain
X-ATG-Version
X-Ms-Invokeapp
X-Nitra-Side
Fhost
X-Varnish-Hits
COMMERCE-SERVER-SOFTWARE
X-Cache-Control-Orig
X-MiniProfiler-Ids
X-Speed-Cache
X-Speed-Cache-Key
Accept-Encoding
X-Response-Time
X-SN
Surrogate-Control
X-PwB-Node
X-LiteSpeed-Cache
WWW-Authenticate
Id
PICS-Label
X-Vary-Options
X-ServerID
SEOMOZ
MJ12bot
S
X-Swift-SaveTime
X-FIRSTBase
AMF-Ver
X-Swift-CacheTime
Cm-Server
Location
X-GeoIP-Country-Code
X-Cache-TTL
Filter-Revision
X-GeoIP-Country-Name
X-ACMCache
X-CJ-Soft
X-Session-Reinit
X-Blog
X-Front
Srv
X-ServerName
Server-Info
Website-Info
X-S
X-App-Status
Microsoftsharepointteamservices
X-Art-Request-Id
X-Varnish-Age
Accept-Charset
X-SRV
X-Varnish-IP
X-Cache-Rule
Proxy-Connection
Grace
X-HOST
X-Tumblr-Pixel-6
SN
Cache-By-Node
Nodo
X-Distil-CS
X-Trace-Cache
X-Amz-Meta-S3cmd-Attrs
X-BackendServer
A-Powered-By
Rt-Fastcgi-Cache
ServerID
X-Country-Code
X-App
X-FW
Qs-Cache
X-CHSN
Cache
X-Orig-Vary
X-Device-Type
X-Time
X-Microcache-Status
X-Gamma-Serve
X-Srv
X-Yadis-Location
X-Cache-Operation
Req-Id
X-Varnish-Object-Age
X-Engine
X-Cluster-Node
NtCoent-Length
X-Domain-Checked
X-Provisioner-Version
X-Adobe-Content
Fpc-Cache-Id
MIH-PLATFORM
MIH-CLIENT-FARM
X-Do-Not-Hack
MIH-PUBLIC-IDENTIFIER
X-Trace
X-Cocoon-Version
NetMindSessionID
X-Highwire-SessionId
X-LIGHTHTTP-PCDID
X-Highwire-RequestId
X-Server-ID
X-ID
X-Bettercache-Proxy
X-Stale
X-Translation
X-Track
X-Object-Id
Upgrade
Ngpass-Vcall
X-Object-Type
X-TempDebug
Backend
X-Secret
X-Varnish-Server
Powered
X-Recruiting
X-Sys-Req-ID
X-Cache-Age
Dispatcher
MW-Webserver
X-Ttl
X-Instart-Request-ID
Server-Name
Buuteeq-Source
CT
X-Frontend
PageSpeed
X-Varnish-Cache-Hits
LBVIS
X-Twitter-Response-Tags
Ms
X-Request-Locale
X-Transaction
X-Directory-Script
X-Connection-Hash
NODE
X-Location-Id
X-Req-Host
BM-Cache-Key
X-Varnish-Beresp-Status
BM-Cache-Node
X-AOL-SNH
X-FreeTag-Count
X-Varnish-Beresp-Ttl
X-SDE-Name
X-Varnish-Beresp-Grace
X-Cache-On
Machine
X-Expires
NLCacheNote
X-Venda-Hitid
XX
-GCR
SS
X-Resolver-IP
X-Cache-Action
Content-Security-Policy-Report-Only
X-Wily-Info
X-Src-Webcache
Ibm-Web2-Location
X-Wily-Servlet
X-ServerCache-Info
RATING
UniqueName
Webluker-Edge
X-Distributed-By
Content-MD5
X-Country
X-Powered-By-Server
Origin
ORIGIN
X-B2f-Cache-Load
X-Cached-Status
X-Header
X-Grid-Server
Content-Transfer-Encoding
Apache
X-Dynatrace
From
X-WR-MODIFICATION
X-Turbo-Control
X-Machine-Name
X-Source-ID
BM-Cache-Status
X-Amz-Id-1
X-Old-Content-Length
No
Front
X-Varnish-HitMiss
X-Varnish-Count
X-Id
X-VTEX-Cache-Status-Janus-Edge
TP-L2-Cache
X-Content-Age
X-Vtex-Remote-Cache
X-Vtex-Processed-At
X-UD-Loopcounter
X-UD-REMOTE-ADDR
X-Ar-Debug
X-Gannett-Site-Version
X-Geo-IP
X-UD-Target
X-Vtex-Processado-Em
TP-Cache
X-Powered-By-VTEX-Janus-Router
X-VTEX-Janus-Router-Backend-App
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-Edge
Front-End-Https
X-Enhanced-By
Progma
X-Atraveo-Varnish-Server-Id
X-Atraveo-NC
X-Cache-Lifetime
X-Developer
X-REDIRECTSERVER
X-PRAM
Version
X-Force
X-Atraveo-Cache-Control
X-Atraveo-TTL
SVR
X-Atraveo-From-Varnish-Cache
X-GeoIP
X-Pre-Strip-Debug
ScoreTracker
Beyond-Iis
7e-Page-Cache
XDomainRequestAllowed
X-Jphone-Copyright
X-Origin-Id
X-UPSTREAM
LBC
CommunityServer
X-Dev
X-MJ-Upstream-Addr
Worker
X-Info
X-Cms-Mode
X-DTC
Access-Control-Expose-Headers
X-Empowered-By
X-Actindo-RS
X-CacheServer
X-Beatles
X-ManagedFusion-Rewriter-Version
X-Router-Backend
X-Channel-Maxage
X-ACCELERATE
X-Uid
NnCoection
X-Symfony-Cache
X-ORACLE-DMS-ECID
X-Rewritten-By
Provided-Host
BM-CountryCode
Cluster-ID
X-UseReverse-Proxy
X-Trace-App
X-Block
X-Webapp
X-Vhost-ID
Backend-Name-Original
X-Phpwcms-Page-Processed-In
X-Phpwcms-Release
X-Router
Server2
Fw-Via
SiteName
Author
X-Monstercache-Host
X-Monstercache
X-Accel-Expires
Bs-Header
X-Amz-Version-Id
X-Monstercache-Hash
Last-Published
X-SV
WP-AdvCache-MemCached
Cteonnt-Length
Accept-Language
X-WA-Info
X-GC-App
Jobb.Assistentpoolen.Se
X-Varnish-ID
Jobb.Passal.Se
Www.Mirrorgate.Se
Www.Myjob.Se
Jobb.Gil.Se
X-Varnish-Cache-Server
X-HostName
X-GC-Write
Www.Mabracertifiering.Se
X-T3CacheTags
Open.Jobgate.Se
X-Geo-IPV
Rt-Server
P3P:CP
X-T3CacheInfo
X-ATM-RServer
X-ATM-RTime
X-SSL
X-Kirra-SiteId
SRV
Content-Instance
X-Geo-IP-Region
AppDynamics-BT
SS-Request-ID2
Il-Cl
Ksid
Test.Executivepeople.Se
X-Geo-IP-Country
X-Response
X-GC-Read
Be-Ip
X-Stage
Svr
X-Cache-Set
X-Geo-IP-Metro
X-Max-Age
X-Monstercache-Timeout
Be-Va
X-Built-By
X-WP
X-Server-Id
X-Varnish-Action
X-Frames-Options
If-Modified-Since
X-ChromeLogger-Data
X-BS
X-DefendeR-Runtime
X-Web-Node
X-Origin
Provider
X-SilverStripe-Cache
X-Real-Server
X-Garden-Version
X-Goog-Hash
X-EPiLogOnScreen-PostUrl
HCVer
X-Drupal-Cache-Tags
X-CacheHits
X-Server-Instance
SIP
X-B2f-Not-Route
X-LAvg
HAVer
X-EPiLogOnScreen
BALANCEDTO
Compression-Control
CDN
Cpu
Sophnep-Edge-FX
Web-Server
X-Via-Kemp
Noq
Ram
X-Powered
X-Varnish-Device
X-Vhost
X-Webstats-RespID
MirrorName
No-Cookie
X-Catalyst
Cache-Ctrol
ExecuteNonQuerySQLParam
X-Nginx-Backend
X-MCB-Server
Before
After
Tpt.Renderer1
X-Hit-Cache
X-MJ-Serve-Req-Time
X-Pagename
X-Oracle-DMS-ECID
X-Varnish-Debug-Hits
X-Varnish-Debug-Age
X-DeliveryServer
Tpt.Renderer
X-Varnish-Cache-Local
Render
X-N-ViewType
X-Server-By
IsFullSiteRequest
CP
X-Storage
X-Farm-Server
ServerConfigManager.WebBugTracker
X-ProcessESI
X-RemovedCookies
X-Nginx-Host
Cmstype
X-TTFB-L
SFY
X-Edge-Location
X-App-Container
X-OPNET-Transaction-Trace
B-Powered-By
LFY
X-N
Cmsid
X-SmugMug-Values
X-SmugMug-Hiring
X-TTFB
X-Flow-Powered
X-Node-Name
Smug-Env
X-Domino-CacheValidationWithETagResult
X-Domino-CacheValidationWithETagReason
X-Vivastreet
X-DSMX-Render-MS
X-Vivastreet-KiwiiPage
X-ESI-Enable
X-Debug
X-DSMX-Rewrite-MS
Content
X-Varnish-URL
X-PM-ID
X-T3Cache
X-DB-Content-Length
Acdc-Web
X-WorkerInstancename
X-7d-Version
X-7d-Traceid
Warning
CacheControlHeader
X-7dig
X-Abuse
X-MSEdge-Ref
X-MidCOM-Meta-Cache
X-Author
Backend-Host
X-FFX-B
X-MobileDetected
X-Hstore
X-Uplex
X-Varnish-Debug-Pool-Fetch
X-Varnish-Restarts
X-Varnish-Debug-Pool-Recv
X-Hrouter
X-EdgeRouter
X-Allow-Redis
X-Varnish-Cookie-Debug
X-Purge-Level
X-PvInfo
X-Hit
X-Distributor
Ttl
Server-N
X-Unbounce-VisitorID
Host-Service
X-LI-UUID
X-Benchmark-Sphinx-Count
X-Unbounce-Variant
X-Unbounce-PageId
X-Benchmark-Sphinx
X-Li-Fabric
X-Benchmark-Db
X-FS-UUID
X-PBY
X-Benchmark-Total
PServer
X-Remote-Addr
X-Route
Nitro-Cache
Pool-Info
X-Li-Pop
X-Benchmark-Cache
X-App-Server
X-Full-URL
Web-Head
X-WLD-LB
X-Cache-Control
X-IDS-WS
X-NginX-Server
X-BKSrc
X-XHR-Current-Location
X-CMS
BE
D
X-UserAgent
X-Server-Generated
Time
X-CDN-Node
X-Flex-Lang
X-Flex-Lastmod
X-Flex-Tag
X-Flex-Tags
X-Flex-Evstart
X-Flex-Evend
X-ESI
X-Client-IP
X-LB
X-Flex-Community
X-Cache-Extended
ServerIP
No-Cache
X-CDN-Cache-Status
Edgecast
WEBO
Tracker
Pool
X-Locale
X-Upstream
X-Hash
Allow
X-NginX-Cache
MageStack-Config
MageStack-Cache-Status
MageStack-Cache-Lifetime
MageStack-Cache-Hits
MageStack-Debug
MageStack-Loadbalancer
Sid
MageStack-Tag
MageStack-Response-Ttl
MageStack-PageSpeed
MageStack-Cache
MageStack-Area
MachineName
X-Time-Spent
OGHopCount
Publisher
X-Varnish-Currency
WP-Cache
X-CacheTTL
XDisk
Test
Access-Ip
MageStack-Cacheable
X-TLServer
BM-Cache-Bypass
X-Brought-To-You-By
CPOINT
X-Edge-IP
X-Dynamic
INCOMING-TIME
Aoestatic
X-Revision
X-Dynatrace-Js-Agent
Xonnection
X-D-Time
ServerId
X-DELIVERYSERVER
X-FCMS-Cache
X-Powered-By-Yqk
X-Artvisual-Server
X-Mod-Oboe-PS
X-Generation-Time
X-Yqk-Set
X-S-Misc
ResourceTag
Public-Extension
DBG-Timestamp
X-Instance
Server-Optimized-By
SL-NOREWRITE-REDIRECTS
X-SeschatRedID
X-CCM
X-Static-Version
DBG-TargetHost
ProxiaInstanceId
X-Seschat-URL
EXT-CACHEEXPIRE
X-SeschatTemplateID
Cneonction
X-Cache-Ttl
DBG-HTTPHOST
X-Server-IP
X-SeschatLayout
X-SeschatDID
X-SERVER-ID
X-Req-Counter
F-In-Cache
X-Serendipity-InterfaceLang
X-Dokk-PortalId
X-Time-Microsecs
X-Serendipity-InterfaceLangSource
X-Ratelimit
Ibf5scheme
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-DC-Origin-IP
X-Powered-Developer
Portlet.Expiration-Cache
MGIT
Xc
X-Optimization
X-Magento-Action
X-Magento-Lifetime
X-IP
X-Render-Time
X-Request-Count
X-PoweredBy
X-Cookie
Content-ID
X-EPiphany-Vid
X-BIN
Hotelbookingid
X-Snapsis-PageBlaster
X-Client-Addr
X-Binarysec-Via
Head
Content-Cache
Servername
X-RNDPAGE
X-Bcwwwid
X-Environment
X-HOSTTYPE
X-ARR
SLB
X-HW
X-Mobile
X-Purge-Url
Disaptch-Cache-Rule
X-View
Muha
X-TAG
X-Yottaa-Metrics
X-Yottaa-Optimizations
Ec
X-ESI-Processing
Apple-Itunes-App
X-Fett
X-FarmId
X-RSS-CACHE-STATUS
Redirect
X-SATserver
X-USERNAME
Copyright
MwpReleaseVersion
Foglight-Request-UUID
OutputRewritten
PROPSON-FARM
X-Client-Vid
Dynatrace
X-Life
POOL
X-Middleton-PageSpeed
Ozcache
X-Varnish-Ttl
X-DefendeR-Status
X-NFE
X-DEBUG
X-CACHE-ON
X-Litespeed-Cache
X-Cachable
X-V-Outer
X-Server-Node
X-V-I-TTL
X-V-TTL
X-Req-Url
X-AppServer-Status
Be
X-Nginx-Cache
X-HP-CAM-COLOR
SBGI-CACHE-CODES
X-Varnish-Hit
X-Your-GrandPa-Would-Wait
X-Cache-Via
X-Created
X-TTL-Age
X-SBGI-Cache-Codes
X-Checkout
X-Confluence-Request-Time
X-Hosting
X-ELC-Checkpoint4
X-Cookie-Store
X-Cache-Backend
W
X-Src-Loadbalancer
Description
Keywords
X-AccessDev
X-Backend-Status
X-IP-Address
X-JSON-API-LATENCY
Hamster
X-Page-Generation-Time
IsMobile
At-Isb
X-Var-Hash
X-Url-Store
X-Page-Generated-At
User-Cache-Control
CountryCode
Noahs-Classifieds
X-Invoke-Duration
X-Varnish-Set-Cookie
AcceptLangage
X-Would-Your-GrandPa-Wait
WebDevSrc
X-Amz-Meta-S3fox-Modifiedtime
X-Amz-Meta-S3fox-Filesize
User-Updated-At
X-Cached-From
X-APP
X-AISO-Server
X-Varnish-Hashed-On
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-ACLR-Version
User-Id
X-Crafted
X-GitHub-Request-Id
X-Nginx-Server
X-Svr-Id
X-Wikidot-Backend
X-Wikidot-Static-Cache
Language
Nginx-Cache
X-Debug-Token
X-Gondor-Server
X-Framework
X-Source
Protected-By
X-Http-Host
Tempo
X-VG-WebCache
X-Rq
Mime-Version
Server-IP
Http
CacheControlMode
97YES.COM
X-Request-Time
X-ErrorPage
REFRESH
X-AISO-Cache
Requested-Host
X-Provided-By
X-Hostingcenter
X-Backend-Name
X-Nucleus-Cache
S-Cnection
OriginServer
X-Nhost
X-ATP-Server
X-Cache-Key
Www.Aujourdhui.Com
V-Cache
SSPAppContext
Mobiquo-Is-Login
X-Request-Received
X-RequesterIP
UNIQUE-ID
WFE
X-Aws-Ec2
X-Process-Time
X-Is-Mobile
Robots
Srv-N
Web
X-Client-Id
X-GeoIP-Country
X-App-Reload-Settings
X-Content-Security-Policy-Report-Only
X-Proxy
SV-Duration
Fpc-Expire
X-GL-SRV
X-Debug-Serve
Access-Control-Allow-Method
X-Request-Processing-Time
X-B2f-Cache-NotFromUrl
X-WentThroughDrupal-Recv
Orgin-Server
X-RE-Ref
X-WentThroughDrupal-Deliver
X-Turpentine-Esi
X-ServicedByDrupal
X-Stackable-Node
X-Turpentine-Cache
X-Content-Parsed-By
X-BCube-Filmed-By
Device
Sigma
X-SiteConInfo
ContentType
-Onnection
X-LTM-ID
X-Prerender-Token
X-Pixelsilk-Version
X-Pixelsilk-Server
Rt-Proxy-Cache
SBMCLOUD
Esi-Enabled
CACHED-RESPONSE
X-This-Proto
X-Fastcgi-Cache
X-Mii-Cache-Hit
X-Pb-Mii
X-CachedURL
X-CacheStore
X-InDy-Query
X-InDy-Time
X-OrgURL
X-InDy-Memory
X-Forwarded-Proto
X-Cluster
X-CMS-Server
X-Device-Group
X-Frontal
X-Pagecache
X-D2id
X-Gyrobase-Publication
X-Header-Set-Id
X-Cdn-View
TIMESTAMP
X-Caching-Rule-Id
X-Libra-UpstreamHost
X-Nginx-Pool
Arr-Disable-Session-Affinity
X-Panel-Name
X-Upstream-Server
X-Sov
X-Nginx-UpstreamHost
X-Rot
HGR-NOCACHE
X-V
X-Powered-Load
Powered-By-Scs
X-PHP-Cache
X-RAMCache
X-Accel-Cache-Control
X-Backend-Ip
X-Apublish-Id
X-TISSERVER
X-Hosting-Env
X-Backend-IP
X-SUPERCACHE
X-Loopia-Cache
GenSvr
X-Jcms-Ajax-Id
X-SEA-Instance-Name
X-Panel-Id
X-Cache-Host
Gzip
X-Bip
Server-Ip
X-Varnish-Max-Age
X-Path
X-Nc
X-Accelerated-By
X-Who
B2C-F-008
X-Rack-Cors
At-Shoptype
Ap-Exec-Time-Mks
X-Ec-Custom-Error
BM-Cache-BackendNode
BM-Cache-BackendTime
X-WAP
X-VhostID
BrandBucket-Domain
Application-Version
X-Test
X-Docuri
X-Compressed-By
X-Cached-On
X-Cached-Until
X-FRONT-TTL
X-Nocache
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-ProxyInstancename
X-PS-MURDOCK-ORIG-PROTOCOL
X-PS-MURDOCK-ORIG-FILEEXT
Disablevcache
X-PS-MURDOCK-CASE-NORMALIZATION
Atp-Isdpp