Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Set-Cookie
Connection
Cache-Control
Vary
X-Powered-By
Expires
Content-Length
Last-Modified
Pragma
Link
Accept-Ranges
ETag
X-Content-Type-Options
X-Frame-Options
X-XSS-Protection
X-Cache
Strict-Transport-Security
X-AspNet-Version
CF-RAY
P3P
X-Pingback
Age
Content-Language
X-UA-Compatible
Via
Access-Control-Allow-Origin
X-Adblock-Key
Upgrade
X-Varnish
X-Cacheable
P3p
X-Check
X-Template
X-Language
Content-Security-Policy
X-Generator
X-Buckets
X-Drupal-Cache
X-Xss-Protection
X-Type
X-Cache-Group
X-Pass-Why
X-AspNetMvc-Version
X-Request-Id
X-Hacker
X-Ac
X-Powered-By-Plesk
X-Cache-Hits
Content-Location
X-Runtime
X-Permitted-Cross-Domain-Policies
X-Download-Options
MS-Author-Via
Host-Header
Alt-Svc
X-ShopId
X-Sorting-Hat-ShopId
X-Dc
X-Sorting-Hat-PodId
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId-Cached
X-ShardId
X-Sorting-Hat-PodId-Cached
X-Alternate-Cache-Key
X-Request-ID
X-IPLB-Instance
Cartoon
X-Powered-CMS
X-UA-Device
Status
X-Served-By
Access-Control-Allow-Credentials
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Via
X-Amz-Cf-Id
X-Iinfo
X-Cache-Status
X-Backend
X-Contextid
X-Wix-Server-Artifact-Id
X-Timer
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-ServedBy
X-PC-Key
X-PC-Hit
Powered-By
CF-Cache-Status
X-PC-Date
X-PC-AppVer
X-PC-Host
X-Mod-Pagespeed
X-DIS-Request-ID
X-Logged-In
X-Server
Content-Encoding
X-Rid
Keep-Alive
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-CDN
X-Cache-Hit
X-Host
X-Tumblr-Pixel-1
X-Port
X-CST
X-Server-Powered-By
X-Tumblr-Pixel-2
X-Robots-Tag
Referrer-Policy
X-Pad
X-Cache-Enabled
X-Nginx-Cache-Status
WP-Super-Cache
X-Endurance-Cache-Level
Expect-CT
Fastly-Debug-Digest
X-Accel-Version
X-Page-Speed
X-Turbo-Charged-By
X-Seen-By
X-Wix-Renderer-Server
X-Wix-Request-Id
X-Wix-PunisherID
X-Content-Powered-By
X-Tumblr-Pixel-3
X-Rack-Cache
X-Drupal-Dynamic-Cache
X-Content-Digest
X-Forwarded-For
X-FRAME-OPTIONS
X-AH-Environment
X-Varnish-Cache
X-Forwarded-Proto
Content-Security-Policy-Report-Only
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Key-Raw
X-Proxy-Cache
X-GitHub-Request-Id
SPRequestGuid
X-SharePointHealthScore
MicrosoftSharePointTeamServices
X-MS-InvokeApp
X-Cnection
X-Request-Country
X-XRDS-Location
X-LiteSpeed-Cache
X-Cache-Lookup
Edge-Control
X-Original-Date
Cf-Railgun
X-Safe-Firewall
Timing-Allow-Origin
X-FullPageCaching
X-Amz-Request-Id
X-Amz-Id-2
Request-Id
MicrosoftOfficeWebServer
X-Webserver
X-Died
Charset
X-FW-Hash
X-PhApp
X-Node
X-FW-Static
X-FW-Serve
X-FW-Type
Edge-Cache-Tag
SPIisLatency
SPRequestDuration
X-INKT-SITE
X-INKT-URI
X-HS-Cache-Config
X-HS-Content-Id
X-Content-Security-Policy
X-Tumblr-Pixel-4
X-Hits
Composed-By
Access-Control-Max-Age
X-CF-Powered-By
Content-MD5
Liferay-Portal
X-Swift-CacheTime
X-Swift-SaveTime
Grace
EagleId
Served-By
X-Hyper-Cache
Access-Control-Expose-Headers
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-CDN-Pop
X-CDN-Pop-IP
X-Spip-Cache
X-BC-Stapler
Rating
Request-Context
X-Device
X-Backend-Server
X-Fastly-Request-ID
X-Server-Name
X-Dw-Request-Base-Id
X-Microcache
Refresh
X-Tumblr-Content-Rating
X-Newrelic-App-Data
X-Firenze-Processing-Times
X-Microcachable
X-RateLimit-Remaining
X-RateLimit-Limit
X-VCache
X-RateLimit-Reset
X-Jimdo-Wid
X-Jimdo-Instance
X-User-Agent
X-ServerName
X-FB-Debug
X-Cloud-Trace-Context
Content-Style-Type
X-Clacks-Overhead
Public-Key-Pins
Content-Script-Type
X-Loop
Real-Hostname
X-TNCMS
X-Cache-Config
X-Acc-Exp
X-SERVER
Xkey
Surrogate-Control
Front-End-Https
X-DDC-Arch-Trace
X-XN-XNHTML
X-XN-Trace-Token
X-Aspnetmvc-Version
Fpc-Cache-Id
X-Age
X-Hostname
X-Tumblr-Pixel-5
X-Generated-By
X-N-OperationId
PageSpeed
X-Px
X-Cached
X-LiteSpeed-Cache-Control
Response
X-Sol
X-Middleton-Display
Display
X-Middleton-Response
X-DNS-Prefetch-Control
X-SS-Location
X-SS-Conf
X-MiniProfiler-Ids
X-Url
X-Topify-Platform
X-WebKit-CSP
X-Cached-By
Surrogate-Key
X-StackifyID
X-Request-Time
X-Zen-Fury
X-Outils-CS
X-CMS-Version
X-Servedby
X-Content-Options
X-URL
Rt-Fastcgi-Cache
X-Pantheon-Phpreq
X-Whom
X-Pantheon-Environment
X-Pantheon-Site
X-FORWARDED-FOR
X-HOST
TCN
X-OneAgent-JS-Injection
X-Handled-By
Edge-Control-Message
X-Amz-Version-Id
X-Ruxit-JS-Agent
X-AspNetWebPages-Version
X-Varnish-TTL
X-Umbraco-Version
X-ApacheServer
X-Varnish-Cache-Hits
X-PERF
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Correlation-Id
Access-Control-Request-Method
Product
X-DynaTrace
X-DynaTrace-JS-Agent
Imagetoolbar
Alternate-Protocol
X-Engine
Host
X-Kinsta-Cache
ServedBy
Fhost
P-WS
P-LB
Powered
DynaTrace
X-Micro-Cache
WZWS-RAY
X-Powered-By-360WZB
X-NWS-LOG-UUID
X-From
Generator
X-Hosted-By
X-Cache-Rule
X-Msg-2-Log
X-Magento-Tags
X-Track
X-Edge-Location
X-Location-Id
X-CacheServer
X-LBLID
X-Goog-Hash
X-Tumblr-Pixel-6
X-B-Cache
X-Vtex-Processed-At
X-VTEX-Janus-Router-Backend-App
No
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Cache-Status-Janus-ApiCache
X-VARNISH-Cache
X-Recruiting
X-Actual-URL
X-I-Sp
X-BS
Arr-Disable-Session-Affinity
X-RESOURCE
X-Passed-To-DLL
X-Original-Request
Origin
X-Returned-From-DLL
X-Passed-To
X-Returned-From
X-Powered-By-VTEX-Janus-Edge
X-Developer
Fastcgi-Cache
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-URLSCHEME
X-Varnish-Beresp-Grace
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Cache-Age
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Stale
X-Response-Time
X-Varnish-Host
X-Application-Context
X-App-Hosting
X-Fastcgi-Cache
X-Defender
X-Shop-Id
X-LB
Akamai-IP
X-Instart-Request-ID
X-Internal-ReqID
X-UD-Method
Dmn
X-Cache-Info
X-TransIP-Balancer
X-Upstream
X-Cdn
X-Source
X-Accel-Expires
X-Matrix-Server
X-Matrix-Proxy
X-Cache-TTL
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Storage
Content-Hash
X-Device-Type
X-Akamai-Transformed
X-NetCat-Version
X-HS-Content-Campaign-Id
X-Varnish-Count
X-Varnish-GracePeriod
X-Varnish-RemainingTTL
X-Varnish-Seen-By
X-Varnish-RemainingLife
IBM-Web2-Location
X-Varnish-ObjectSource
X-Varnish-HitMiss
X-Version
Version
USPLoggingUUID
Ohc-File-Size
X-Varnish-Cacheable
X-Cache-Debug
X-S
X-Powered-By-VelaWeb
X-Gamma-Serve
Pool
X-TransIP-Backend
X-Revision
X-Origin
Powered-By-ChinaCache
HTTPS
X-Front
X-VTEX-Cache-Status-Janus-Edge
X-Cache-Key
X-Expires-Orig
X-I
X-Rocket-Nginx-Bypass
X-Cache-Tags
X-UPSTREAM
X-Microcache-Status
X-Translation
X-Supported-By
X-Content-Encoded-By
Last-Published
X-Platform
X-Dispatcher
X-Route-Server
Public-Key-Pins-Report-Only
X-Server-Upstream
X-Signature
X-Cache-Operation
MIME-Version
Content-Disposition
X-Daa-Tunnel
X-EdgeConnect-Origin-MEX-Latency
X-ATG-Version
X-NewRelic-App-Data
X-SSL-Protocol
X-SSL-Cipher
X-Varnish-Age
X-Debug-Info
X-NoCache
X-Dispatch
ServerName
Srv
X-Cache-Lifetime
X-Vcap-Request-Id
X-Art-Request-Id
X-Varnish-Backend
X-Page-Cache
X-EdgeConnect-MidMile-RTT
X-Sapient
X-Server-ID
X-Hypernode
X-AOL-HN
Page-Completion-Status
X-Cache-Only-Varnish
X-SV-Edge
X-SV-Expires
X-SV-CreatedAt
X-Platform-Cache
X-Duration
SSPAppContext
X-SV-FromDBCache
X-SV-CacheTags
X-SV-Pid
X-SV-Nginx-Duration
Proxy-Connection
X-Firenze-Processing-Time
X-SV-Cacheable
X-SV-Duration
X-LB-Node
X-Last-Modified
Node
Cache-Tag
Cache-Key
X-TTL
X-Server-Id
FAI-W-FLOW
X-Geo-Country
X-SDS
X-Platform-Server
ServerID
X-F-Cache
X-Cache-Control-Orig
X-Flow-Powered
X-PwB-Node
X-Abgroup
X-Edge-IP
X-Director
X-LW-Cache
Allow
X-Url-Base
X-Abuse
Lsrequestid
SN
X-Country-Code
X-Client-IP
X-Cookie-Domain
X-Magento-Cache-Debug
X-Debug
Edge-Content-Tag
IM-Version
WSR-Cache
X-CJ-Soft
X-Grace
X-Dns-Prefetch-Control
Accept-Encoding
X-Cache-CFC
Cneonction
X-ORACLE-DMS-ECID
X-Cache-Expires
X-GeoIP-Country-Code
X-Cache-Server
X-Speed-Cache
X-Speed-Cache-Key
X-ServerID
Author
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
Req-Id
X-Purge-URL
X-GeoIP-Country-Name
X-Goog-Generation
NnCoection
X-Nbs
Location
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-BackendServer
X-Proxy
Pv
X-Processing-Time
X-RequestId
Cache-Provider
X-Frontend
AMF-Ver
X-SERVER-NAME
X-ARC
X-Amz-Meta-S3cmd-Attrs
X-Akamai-Device-Characteristics
X-IsCacheURL
Content-Encoding-Handler
X-Loopia-Node
X-NB-Cached-Page
X-Id
X-FW
X-Middleware-Start
Section-Io-Id
If-Modified-Since
X-Purge-Host
X-Browser
Cached
Backend
X-Content-Age
X-Discourse-Route
X-Akamai-Device-Model
Fw-Via
A-Powered-By
X-SE-Debug
PICS-Label
X-Varnish-IP
X-N
X-Varnish-Url
X-Time
X-Ttl
X-DealerOn
X-Cache-Engine
X-Cache-Handler
Use-Proxy
Frame-Options
X-SRCache-Key
S
X-Vhost
X-Real-Server
X-Yadis-Location
X-Sucuri-ID
Cteonnt-Length
X-Processed-By
Access-Control-Allow-Header
X-Lambda-Id
X-Cache-Type
X-Nginx-Cache
Cache
X-Empowered-By
X-Content-Type-Option
X-Pressidium-NinukisWP-Ver
X-Cache-Level
S-Cnection
SEOMOZ
MJ12bot
RTSS
X-Cache-Control
Server-Info
X-Config-Blacklist-Version
X-PF-Uncompressing
Accept-Charset
X-CDN-Node
Xc-Version
X-CDN-Cache-Status
X-Orig-Vary
X-Sucuri-Cache
X-Shield-Request-Id
X-Generated
X-Framework
X-Cf-Powered-By
Nitro-Cache
X-Healthy
X-Hiawatha-Cache
X-Worker
X-Mobilized-By
X-Cache-Fix
X-ID
X-WR-Flags
CacheControlHeader
X-CDN-Forward
Qs-Cache
Local-Info
X-Cache-PageType
Nodo
NetMindSessionID
SVR
Identity
X-Trace
X-BKSrc
Retry-After
EagleEye-TraceId
X-SO
BALANCEDTO
Tracecode
MC
X-ClientSide-Caching
HitType
X-Always-Cache
Content-Transfer-Encoding
X-Cache-TTL-Remaining
X-Adobe-Content
X-CB-Server
X-Adobe-Loc
Thanks
X-Powered-By-Server
X-Varnish-Server
Eomportal-Instance
Keywords
X-Magento-Cache-Control
X-JG-Page-Cache
X-Amz-Storage-Class
X-Varnish-Hits
WWW-Authenticate
X-Transaction
X-HP-Trace-ID
X-Cache-Device-Type
X-Unique-ID
X-Connection-Hash
X-HP-Trace-Project
X-Twitter-Response-Tags
Front
X-Varnish-Ttl
RATING
X-Environment
X-LB-Server
X-Magnolia-Registration
X-Pagename
X-Content-Security-Policy-Report-Only
SRV
X-Symfony-Cache
From-Origin
X-Hit-Cache
X-VC-TTL
X-Drectory-Script
X-TB-M
X-Route-To
X-Traffic
X-Varnish-ID
X-Site-Name
X-Sys-Req-ID
X-Server-IP
X-Fedora-School-Id
X-AF-Userserver
X-Resty-Request-Id
HAVer
HCVer
X-Drupal-Cache-Tags
Ufe-Result
X-LW-Web-Server
X-NginX-Cache
Buuteeq-Source
X-ACMCache
X-Directory-Script
NODE
X-Cache-Doesi
Cm-Server
X-Static
Description
SBGI-9
SBGI-7
X-TTFB
SBGI-RenderTime
SBGI-RealPath
SBGI-Device
X-Session-Reinit
ServerSignature
X-Disney-Akamai-Rule
X-Runtime-Memory
X-Srv
Smug-CDN
SBGI-5
X-SmugMug-Hiring
X-SmugMug-Values
SBGI-10
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Retries
X-CAPServer
X-HydroSheep
X-EPiphany-Vid
X-Client-Image-Vid
Max-Age
X-Client-Vid
X-App-Server
ServerTokens
Disablevcache
X-High-Performance
X-CF-Passed-Proto
X-TTFB-L
SBGI-1
X-FORWARDED-PROTO
Fastly-Backend-Name
X-VC-Enabled
X-Remote-Addr
X-LP
Server-Name
X-OPNET-Transaction-Trace
X-Generated-Time
X-Cocoon-Version
Content_type
Pics-Label
X-FireWall-Port
Magicmarker
X-Cache-Dispatchercachecontrol
X-OpenCart-Lightning
X-HW
X-NginX-Server
X-ORACLE-DMS-RID
X-Key
X-Nginx-Host
X-Cache-Dispatcherpragma
X-RiS-UFDI
X-Env
X-Frame-Option
X-Varnish-Hostname
NtCoent-Length
X-GeoIP
X-Runtime-Rack
X-Page
X-Mobile-URL
AC-ELC
X-Location
Machine
Ctx
X-Proto
X-Cache-Detail
X-WP
CLMOB
X-Dynatrace-Js-Agent
X-Smartcache-Timeout
X-Smartcache-Keys
X-WHOIS-Cached
X-UA
X-Amz-Meta-Cb-Modifiedtime
RN-Server
X-Garden-Version
WN
X-Middleton-PageSpeed
IISExport
AsisCache
X-App-Status
Home
X-Backend-Status
X-Debug-Token
X-A
Response-Time
X-Unbounce-Variant
X-Webcelerate
X-Unbounce-VisitorID
X-Server-Instance
X-Unbounce-PageId
X-Application
X-Cache-Source
X-Cache-Provider
X-Goog-Meta-Policy
X-Cached-Status
X-Goog-Meta-Replace
X-Served-Server
X-WN-ClientGroup
X-Resolver-IP
MW-Webserver
X-PageType
Backend-Timing
Web-App-Origin-Name
X-DataDome
ScoreTracker
X-Author
X-AEM
X-Analytics
Strikingly-Cached-Version
X-Jphone-Copyright
X-Esi
Provider
Id
X-Cache-Node
X-App
From
X-ARRServer
X-WR-MODIFICATION
X-Balanceador
X-VARITI-CCR
Strikingly-Cache-Region
Strikingly-Cached
Yoncu-Errno
X-ServerIndex
X-RDP
X-Info
X-Captured
DNNOutputCache
X-Machine-Name
X-Machine
X-E
X-Rebelmouse-Cache-Control
X-Desc
X-Blog
Hname
X-MAT-GEO
SG
X-Actindo-RS
X-HP-Redirect
X-Rebelmouse-Surrogate-Control
X-ETag
Og
X-Cache-Keep
X-Wikidot-Static-Cache
X-Cache-On
Sophnep-Edge-FX
X-Time-Microsecs
NLCacheNote
Paypal-Debug-Id
X-Wikidot-Backend
X-Atraveo-Cache-Control
X-Atraveo-Set-Cookie
Dispatcher
X-Atraveo-TTL
X-Domain-Checked
X-Atraveo-Expires
Dis-Env
X-Atraveo-Param-Rm
X-PRAM
X-Rq
X-Atraveo-From-Varnish-Cache
X-Atraveo-ETag
Bios
Cmsid
X-Atraveo-Zone
X-Source-ID
X-Atraveo-Varnish-Server-Id
X-Distributor
X-Provisioner-Version
X-Grid-Server
Cmstype
X-Force
X-Autoru-Host
X-Culture
X-Cdn-Forward
X-Render-Time
Xc
X-PM-ID
X-Ser
X-Autoru-LB
X-RealServer
X-Cache-Warmer
X-AutoRu-App-Id
X-Runtime-Affili
X-Req-Head-Response
X-SDE-Name
Resin-Trace
X-Hosting-Env
X-App-Runtime
X-CacheResult
VServer
X-Correlation-ID
X-Stage
X-Map-Context
X-Session-ID
CommunityServer
X-ASAP-Cache
Cluster-ID
VANITY-HOST
X-Proxy-Cache-Key
X-CRA-DC
X-Varnish-Debug-TTL
X-Config-By
Web
X-ProcessESI
X-IIJ-Cache
Server-Ip
Content-Server
N365rili
X-Rewrite
X-Environment-Context
X-L-Path
Ibf5scheme
X-Trace-Id
SS
X-Varnish-Debug-Age
X-RemovedCookies
X-GSL-Server
W
X-Clara-ASAP
X-Cluster-Node
X-SH-Cache-Status
X-Response
TC-S-Cache
X-Batcache
X-Frames-Options
TC-Cache
X-Cache-TTL-Current
X-Cache-TTL-Age
X-Viator-Tapersistentcookie
X-KoobooCMS-Version
XDomainRequestAllowed
Beyond-Iis
X-MSEdge-Ref
TC-Cache-U
X-Plat
X-Ghost-Cache-Status
TC-Cache-IC
X-Rocket-Nginx-Serving-Static
X-Site
TC-S-Cache-M
X-FRUIT
NZSpeedy
X-Hstore
X-Lb
X-Drupal-Cache-Contexts
X-Rack-Cors
X-Optimization
X-ENV
X-We-Are-Hiring
X-Nginx
X-Varnish-Action
X-Hrouter
X-Dw-Trace-Id
X-ACCELERATE
Ttl
X-Batcache-Reason
X-EC2-Instance-Id
Device
X-Varnish-Info
X-Secret
X-This-Proto
X-Src-Webcache
X-SV
X-Rack-CORS
X-Wm-VIP
Access-Control-Request-Headers
X-Highwire-SessionId
X-SmartBan-URL
X-Wm-1
X-SmartBan-Host
X-MidCOM-Meta-Cache
X-Forwarded-Host
Expect-Ct
X-Node-Name
X-AISO-Server
X-AISO-Cacheable
X-Powered-By-Home.Pl
X-Detected-Device
X-Webapp
ServerIP
X-Avvio-Cms-Cacheload
X-HTML-Minification-Powered-By
X-Airee-Node
ClientIP
Gzip
X-DTC
F5-IpCliente
X-AISO-Cache
X-Adnet
X-Old-Content-Length
NCache
X-Refresh
Server-ID
X-Distil-CS
Session-From
X-Highwire-RequestId
X-Reflector-Cache
NS-VaryByCustom-Key
X-Oracle-DMS-ECID
AccessControlAllowOrigin
WP-AdvCache-MemCached
X-Catalyst
Lb
X-Amz-Id-1
Set-Cookie2
X-Varnish-Cache-Local
X-HA-Frontend
Proxy-Cache
X-HA-Backend
X-Ezoic-Cdn
Il-Cl
X-Hosting
X-Sc-Cache
X-CDN-RULE
X-CDN-COMPRESS
X-HashTwo
OriginServer
X-Amcomm-Site
X-7d-Instance-Id
X-Cms-Mode
Tempo
X-Dev
X-Reflector
X-Magento-Action
X-V
X-7d-Trace-Id
X-Data-Request
Worker
ViewMode
X-Pageid
X-Header
PagesDisplayed
Nginx-Cache
X-APP
X-MCB-Server
X-HAProxy
X-Gannett-Site-Version
SBMCLOUD
BackendServer
StatusCode
SERVER-ID
X-DB-Content-Length
X-4ormat-Cacheable
X-CACHE-TTL
X-Server-Addr
X-Gyrobase-Publication
X-DS1D
X-CCM
X-DN-Cache-Control
MSSmartTagsPreventParsing
X-Pagely-Cache
X-Compressed-By
FastCGI-Cache-Status
X-Streams-Distribution
Traffic-Origin
X-Backend-Host
Expiries
MSThemeCompatible
Debug-Status
X-Flex-Evstart
X-Flex-Evend
X-Flex-Community
X-Flex-Lang
X-Zendesk-User-Id
X-Flex-Lastmod
X-Server-Generated
X-Zendesk-Origin-Server
X-Obj.Ttl
X-DSMX-Rewrite-MS
Myheader
VAR-Cache
RequestId
X-WebKit-CSP-Report-Only
X-DevSrv-CMS
X-SCM-Server-Number
X-Upstream-Backend
X-Flex-Tag
X-Flex-Tags
X-ACLR-Version
X-Meta-MSThemeCompatible
X-Unique-Id
X-Meta-MSSmartTagsPreventParsing
X-Apm-Telemetry-Syncmark
X-B2f-Not-Route
X-Meta-Imagetoolbar
X-DSMX-Render-MS
COMMERCE-SERVER-SOFTWARE
X-Cache-Via
X-Cacheable-TTL
X-Depends
X-Search-Id
X-Cache-Time
X-Test
Progma
X-Fstrz
Rewriter
X-Node-ID
FindLaw
PServer
DbServerName
Content-Cache
X-ReqId
X-Cache-FS-Status
Note
SiteSpeed
X-DEBUG
X-W3TC-Minify
X-AppServer-Cache-Rule
X-Country
X-Amzn-Trace-Id
X-Amzn-RequestId
SINA-TS
UrlWatchModule-Time
Webserver
X-Upgrade-Enabled
X-CacheID
X-Artvisual-Server
X-Box
X-PHP-Response-Code
X-EC-Security-Audit
X-Dynamic
X-Cache-Extended
X-Brought-To-You-By
X-DeliveryServer
Url
Ews
X-Sid
X-PBS-Appsvrip
X-SilverStripe-Cache
X-PBS-Appsvrname
X-PBS-Fwsrvname
X-REDIRECTSERVER
X-VC-Debug
X-D-Time
SINA-LB
X-VLoc
Accept-Language
X-Varnish-Instance
X-Uncacheable
X-ServiceProvider
X-Time-Zone
Cache-Status
X-Bcwwwid
X-LOCATION
X-M
X-Farm-Server
X-Cache-Varnish
X-Built-With
X-Server-FQDN
X-XHR-Current-Location
X-Session-Id
X-HostName
X-Generation-Time
X-Proxy-Id
X-ELB
X-S-Misc
MS-CV
X-Nginx-Request-Time
X-Cache-BE
X-Pixelsilk-Server
X-Pixelsilk-Version
X-Nocache
X-Lima-Id
X-LBPoolMember
X-Webkit-CSP
X-Cache-HT
Warning
X-Resource
X-RAMCache
X-Tag-Playlist
X-Turpentine-Esi
X-Dynamic-Cache
X-IP
Cleartype
Swift-Performance
X-ChromeLogger-Data
X-Ocache
X-PBY
MageStack-Tag
X-Cache-Me-Harder
X-UPSTREAM-Address
MageStack-Web-Node
X-Beatles
X-App-Version
!~Request-OOB-Work
X-Backend-TTL
Access-Control-Allow-Method
MageStack-PageSpeed
Brightspot-Id
MageStack-Area
MageStack-Cache
X-Served
X-Debug-Message
X-Made-On
X-Rocket-Nginx-Reason
X-Deity
MageStack-Cache-Hits
MageStack-Cache-Lifetime
MageStack-Magento-Version
X-Cname-TryFiles
ENV
MageStack-Loadbalancer
MageStack-Debug
MageStack-Cache-Status
MageStack-Cacheable
MageStack-Config
RSB-LINK
Session-Id
X-MainProfileID
X-MainProfileCategory
X-MainProfileName
X-MainProfileURL
X-Not-Cacheable
X-NewsFlow-Sitename
X-HP-CAM-COLOR
X-Faeria
TP-Cache
SHInfo
TP-L2-Cache
X-Webkit-Csp
Ibm-Web2-Location
X-Agent
X-Server-Instance-Name
PLCDN
Server-Id
X-Origin-Server
X-Aramark-SID
X-CM-FE
CD4
X-WPL-DATA
X-GoCache-CacheStatus
DrivedBy
No-Cache
X-Config-Version
Apple-Itunes-App
X-9XB-Server
X-Cache-Bypass
XDisk
X-Webstats-RespID
SB-Cache-Life
RSL-Trace-ID
SB-Cache-Remaining
SB-Site-Device
X-Route
SB-Site-IE-VERSION
Provided-Host
AMFplus-Ver
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cms-Server
X-JSESSIONID
X-Layout
X-Title
X-NewCloud-V-Cache
WFE
X-CACHE-KEY
X-Tradeindia-SMgmt
X-Tradeindia-Request-GUID
X-Ss-Conf
X-UseReverse-Proxy
X-WebNode
X-CSRF-Token
X-Router-Backend
X-Router
X-IP-Address
X-Front-Cache
X-Ss-Location
X-Provided-By
X-RiS-PX
X-CH-Device
AMP-Access-Control-Allow-Source-Origin
X-Pubstack
X-Rewritten-By
X-Test-Debug
X-HASH
X-ManagedFusion-Rewriter-Version
X-FIRSTBase
X-AppVersion
X-Varnish-Cached-TTL
X-AWS
X-Varnish-Cached
X-XHTML-Minification-Powered-By
Cache-Tags
X-OCTOPOD
X-Origin-Cache
X-Phpwcms-Page-Processed-In
X-Phpwcms-Release
X-NID
X-Container
X-Backend-Name
X-Cjtype
X-Fpc
X-AMAZEEIO
Edgecast
X-SuperCache
X-Instance-Name
X-NodeID
X-Restarts
X-UnsetCookies
D
Httpd-Identifier
Hosted-By
Kp-EeAlive
Kanooh-Host
X-DDM-SERVER-UPDATED
X-DDM-SERVER
X-WA-Info
GP-Remote-Addr
Aurora-Node
CDCHOST
GP-Version
X-RequesterIP
Actual-Object-TTL
X-Enhanced-By
X-Nginx-Request-Processing-Time
X-Real-IP
X-Who
X-Cache-Id
X-Amz-Meta-Content-Md5
INFO
X-Svr
X-Custom-Header
X-MCF-ID
X-Header-Treatment
FrontEnd
X-C2M-Runtime
X-C2M-Server
X-Ssl-Cipher
X-Varnish-URL
X-Webkit-CSP-Report-Only
X-Beresp-Ttl
X-COUNTRY-CODE
X-Tt-Dbg
X-Ants-Host
TheAnswer
Accept-CH
X-Geo-IP
Language
X-Skip-Cache
DB-Nickname
Content-Generator
X-BC
X-BPool
X-BPool-Back
E-TAG
X-Generated-Date
X-Theme
X-Client-Ip
Lookup-Cache-Hit
X-Ants-Machine-Id
X-Pass-Through
Page-Template
X-LB-Backend
X-Nginx-Page-Cache
X-Highwire-Sitecode
X-Highwire-Smart-Code
X-LB-Frontend
X-FPC
WSCLoggingUUID
X-ESI
X-Ezpublish-Installationid
X-Ezpublish-Nodeid
X-CO-Host
X-Obvious-Info
X-Obvious-Tid
X-CPU-Time
Tk
X-PROCESSED-BY
X-BPool-Bx-Cache
X-PG
Serverid
Head
Countrycode
X-Varnish-VCL
X-SVR
X-Protected-By
Tesla.Performance
IsMobile
User-Cache-Control
X-Serendipity-InterfaceLang
X-ASAP-Age
Generate-Time
X-Varnish-Debug-Hits
X-Cache-ID
X-HEAD
X-Magento-Lifetime
X-Support
X-Pool-Info
X-Obj-Ttl
Fw-Cache-Status
X-FreeTag-Count
X-Cachable
X-Build-Id
X-Sn-Servicetimems
X-VNode
X-DynamicCache
X-Serverid
X-UT-Cache
X-Vary-Options
X-Serendipity-InterfaceLangSource
WP-Cache
X-Prerendered
X-Cluster
Aoestatic
X-Netrix-ID
X-Instance-Id
V-Age
CpuTime
X-Stiffia-Cache
X-SRV
X-BServer
X-NMT-Proxy
Session
Be
Upgrade-Insecure-Requests
ReqUrl
X-FG-RequestId
X-Transaction-Name
Microcache
HostName
Contao-Page-Layout
Server-Tuning
EQ-Cache
Resource
X-BPool-Fx-Cache
Debug-Cache-Control
X-Turpentine-Cache
X-Varnish-Currency
X-Max-Age
X-Hash
Vserver
Copyright
0
X-Varnish-Max-Age
X-Varnish-Esi-Method
X-SCProxy
X-Varnish-Esi-Access
Prototype-RootPath
X-Accel-Cache-Control
X-Czt
X-FCMS-Cache
Www.Aujourdhui.Com
WebServer
X-Count
X-Ar-Debug
X-FastCGI-Cache
X-Debug-Serve
X-Debug-Out
X-Cache-Served
X-Processed
X-Pj-Cache-Status
AR-PoweredBy
AR-CACHE
AR-SID
X-Does-He-Have-Time
GranicusServer
AR-ATIME
X-Enabled1
X-Enabled3
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
X-Enabled2
X-Cache-Set
ProxiaInstanceId
Content-Legth
X-Imforza-Hosted
X-Varnish-Store
X-Varnish-Set-Cookie
X-Csrf-Token
Public-Extension
X-Beatles-Hits
X-Amz-Meta-Version-Id
ResourceTag
X-Cache-LB
X-HS-Status
ServerNode
Container
X-TTL-Age
AGI-Request-ID
CD1
Url-Hash
Debug-Expires
MwpReleaseVersion
X-Vol-Correlation
VC-NoCache
X-Forwarded-By
X-AG-MIPS
X-Jcms-Ajax-Id
X-Auto-Login
X-UPServer
B-Rlogid
M
Rlogid
X-ServerAddr
X-Script
X-B3-Spanid
X-Diazo-Applied
X-EC-Custom-Error
X-B3-Traceid
X-Vol-Mrp
Ez
X-Request-Processing-Time
X-Request-Received
X-Content-Parsed-By
X-Built-By
X-BeResp-Ttl
X-Server-App
X-UUID
OutputRewritten
X-Op-Benvironment
X-ZORequestID
Yola-ID
X-Cache-Action
X-Archive-Orig-Server
Memento-Datetime
EXT-CACHEEXPIRE
X-W-Cache
X-W-Cache-Hits
Server-Node
X-Archive-Guessed-Charset
X-Archive-Orig-ETag
X-Archive-Orig-Date
X-Archive-Orig-Content-Length
X-Archive-Orig-Connection
X-EBAY-C-REQUEST-ID