Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Date
Content-Type
Set-Cookie
Server
Connection
Cache-Control
Vary
X-Powered-By
Expires
Content-Length
Link
Last-Modified
Pragma
Accept-Ranges
ETag
X-Content-Type-Options
X-Frame-Options
Strict-Transport-Security
CF-RAY
X-XSS-Protection
Age
X-Cache
Expect-CT
Content-Language
P3P
X-AspNet-Version
X-Pingback
Via
X-UA-Compatible
Upgrade
X-Xss-Protection
Access-Control-Allow-Origin
Content-Security-Policy
X-Cacheable
X-Varnish
X-Adblock-Key
Referrer-Policy
X-Request-Id
X-Check
X-Generator
X-Language
X-Template
X-Buckets
X-Type
X-Cache-Group
X-Pass-Why
X-Drupal-Cache
WPE-Backend
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Download-Options
X-Ac
X-Hacker
X-Cache-Hits
Host-Header
X-AspNetMvc-Version
X-Dc
X-Sorting-Hat-Section
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-ShopId-Cached
X-ShardId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Via
X-Runtime
X-Powered-By-Plesk
X-Served-By
P3p
X-Contextid
X-PC-Key
X-PC-Hit
X-Amz-Cf-Id
X-UA-Device
X-PC-AppVer
X-ServedBy
MS-Author-Via
Content-Location
X-PC-Host
X-PC-Date
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Powered-CMS
X-Timer
X-IPLB-Instance
X-Seen-By
X-Wix-Request-Id
Status
X-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ua-Compatible
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
CF-Cache-Status
Cartoon
X-Tumblr-Pixel-1
X-Iinfo
Access-Control-Allow-Credentials
X-Tumblr-Pixel-2
X-Backend
X-WPE-Loopback-Upstream-Addr
X-Cache-Status
X-Host
Content-Encoding
X-CST
Powered-By
X-Endurance-Cache-Level
X-Mod-Pagespeed
X-Cache-Enabled
X-Cache-Hit
X-FRAME-OPTIONS
X-Port
X-NewRelic-App-Data
X-CDN
X-Tumblr-Pixel-3
X-Newrelic-App-Data
X-Logged-In
Keep-Alive
X-Server-Powered-By
X-DIS-Request-ID
X-Drupal-Dynamic-Cache
X-Server
X-Nginx-Cache-Status
X-Robots-Tag
X-Accel-Version
X-Request-ID
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Turbo-Charged-By
X-Proxy-Cache
X-Page-Speed
X-Content-Powered-By
X-LiteSpeed-Cache
X-GitHub-Request-Id
Content-Security-Policy-Report-Only
X-Content-Digest
X-Rack-Cache
X-AH-Environment
X-FW-Hash
X-FW-Server
X-Tumblr-Pixel-4
X-FW-Type
X-FW-Serve
X-FW-Static
Request-Context
X-Pad
X-Varnish-Cache
X-Hits
Edge-Control
X-Webcom-Cache-Status
X-Request-Country
X-XRDS-Location
X-Trace
X-BC-Stapler
SPRequestGuid
Access-Control-Expose-Headers
X-MS-InvokeApp
X-SharePointHealthScore
Cf-Railgun
X-Node
MicrosoftSharePointTeamServices
WP-Super-Cache
Edge-Cache-Tag
X-HS-Cache-Config
X-HS-Content-Id
X-Amz-Request-Id
X-Amz-Id-2
X-CF-Powered-By
X-HS-Combine-CSS
Timing-Allow-Origin
Charset
X-Died
X-Content-Security-Policy
X-Webserver
X-SERVER
X-FullPageCaching
X-Cache-Lookup
X-PHP-Backend
X-INKT-URI
X-PhApp
X-INKT-SITE
X-Cnection
X-Fastly-Request-ID
Request-Id
Access-Control-Max-Age
X-Backend-Server
SPIisLatency
SPRequestDuration
MicrosoftOfficeWebServer
X-Edge-Cache-Key
X-Edge-Cache
CONTENT-SECURITY-POLICY
EagleId
X-Swift-SaveTime
X-Swift-CacheTime
X-CDN-Pop-IP
X-CDN-Pop
X-SS-Conf
X-SS-Location
Rating
Composed-By
Grace
X-Tumblr-Pixel-5
X-Server-Name
X-Device
X-DDC-Arch-Trace
Liferay-Portal
Ali-Swift-Global-Savetime
X-Safe-Firewall
X-Tumblr-Content-Rating
Served-By
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Servedby
X-Spip-Cache
X-Hyper-Cache
X-Cloud-Trace-Context
X-VCache
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
Front-End-Https
X-Original-Date
Surrogate-Control
P-LB
X-Microcache
P-WS
X-Cluster-Node
X-LiteSpeed-Cache-Control
X-Loop
X-TNCMS
X-RateLimit-Remaining
X-RateLimit-Limit
X-OneAgent-JS-Injection
X-StackifyID
X-Clacks-Overhead
X-Sol
X-Middleton-Display
Display
X-Acc-Exp
X-Kinsta-Cache
Response
X-Middleton-Response
X-FB-Debug
Content-Style-Type
X-RateLimit-Reset
X-Jimdo-Instance
X-Jimdo-Wid
X-Wix-Punisher
Content-Script-Type
X-Firenze-Processing-Times
Public-Key-Pins
X-Vtex-Processado-Em
X-DNS-Prefetch-Control
X-Debug-Info
X-Age
X-Shopid
X-Sorting-Hat-Shopid-Cached
X-Sorting-Hat-Podid-Cached
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shardid
X-Sorting-Hat-Privacylevel
X-Sorting-Hat-Featureset
X-Amz-Version-Id
X-Magento-Tags
X-HOST
X-Tumblr-Pixel-6
X-DynaTrace-JS-Agent
X-Ruxit-JS-Agent
X-Zen-Fury
X-User-Agent
X-XN-Trace-Token
X-XN-XNHTML
X-Px
X-Goog-Hash
X-Cached
Fpc-Cache-Id
X-LW-Cache
X-Cache-Config
X-Url
X-N-OperationId
Wpe-Backend
PageSpeed
X-Version
X-WebKit-CSP
X-Hostname
Feature-Policy
Retry-After
X-Upstream
Xkey
X-Topify-Platform
X-Generated-By
Refresh
X-Frame-Option
X-Handled-By
X-Edge-Location
X-Goog-Stored-Content-Encoding
Allow
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Rt-Fastcgi-Cache
TCN
X-FORWARDED-FOR
Access-Control-Request-Method
Fastcgi-Cache
X-Source
X-Request-Time
X-Loopia-Node
X-MiniProfiler-Ids
X-Whom
X-EdgeConnect-Origin-MEX-Latency
X-B-Cache
X-Cached-By
X-Fastcgi-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-EdgeConnect-MidMile-RTT
X-Content-Options
X-ET-API-ROOT
X-ET-API-VERSION
X-ET-API-ORIGIN
X-CMS-Version
X-From
Powered
X-URLSCHEME
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
Last-Published
Product
X-Accel-Expires
X-RESOURCE
ServedBy
X-Outils-CS
X-AspNetWebPages-Version
X-Varnish-Host
X-Guploader-Uploadid
X-Magento-Cache-Debug
Imagetoolbar
X-Tec-Api-Version
X-Application-Context
X-Tec-Api-Root
X-Tec-Api-Origin
X-Vtex-Processed-At
X-Vtex-Remote-Cache
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-ApiCache
No
X-Powered-By-VTEX-Janus-ApiCache
X-Varnish-HitMiss
Warning
X-CacheServer
X-Varnish-Count
X-Cache-Info
X-Varnish-Cache-Hits
X-Signature
X-UD-Method
X-DynaTrace
Generator
Public-Key-Pins-Report-Only
X-Engine
X-Microcachable
X-Device-Type
X-Platform-Server
X-Developer
X-S
X-Umbraco-Version
Host
X-Location-Id
X-Cache-Key
Fhost
Dmn
X-PERF
X-ApacheServer
X-Response-Time
X-NWS-LOG-UUID
X-Returned-From-DLL
Pagespeed
X-Returned-From
X-Passed-To-DLL
X-Original-Request
X-Passed-To
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Actual-URL
X-Gateway-Cache-Status
Cache-Provider
Cache-Key
X-F-Cache
X-Shop-Id
X-Defender
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Msg-2-Log
X-HS-Content-Campaign-Id
X-ARC
X-Platform
X-Passed-To-BeforeDispatch
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
X-Micro-Cache
X-Recruiting
X-Stale
X-Translation
X-LBLID
X-Microcache-Status
X-Ezoic-Cdn
X-Hosted-By
Alternate-Protocol
Content-Hash
X-Cache-Rule
X-Dns-Prefetch-Control
X-Powered-By-360WZB
X-Platform-Cache
Origin
Surrogate-Key
X-Via-JSL
Arr-Disable-Session-Affinity
X-SSLUpstream
X-Acquia-Application-UUID
X-SSLProxy
Version
X-Akam-SW-Version
X-Cache-Age
X-Rnd
X-Lambda-Id
DynaTrace
X-Forwarded-For
X-Track
MIME-Version
X-Instart-Request-ID
X-Cache-Tags
X-SO
X-URL
X-I-Sp
X-BS
Content-Disposition
X-Sapient
X-Svr-Proxy
X-SVR-IIS
X-Dispatcher
WZWS-RAY
X-Duration
X-Powered-By-VTEX-Janus-Edge
USPLoggingUUID
X-Environment
X-Supported-By
S-Cnection
RTSS
Akamai-IP
X-Magento-Cache-Control
X-Correlation-Id
X-TransIP-Balancer
SSPAppContext
X-App-Status
X-Matrix-Proxy
X-Abgroup
X-Powered-By-VelaWeb
X-Matrix-Server
X-NetCat-Version
X-Director
X-Dealeron-Backend
X-Cache-TTL
X-TransIP-Backend
X-Cache-Namespace
X-DealerOn
X-Dealeron-Original-Url
X-Art-Request-Id
Pool
Node
Wsr-Cache
X-Server-Upstream
X-Rocket-Nginx-Bypass
X-Expires-Orig
X-Server-Id
X-ORACLE-DMS-ECID
X-Edge-IP
X-Page-Cache
X-CSRF-Protection
X-SSL-Cipher
X-Hypernode
X-App-Hosting
X-SSL-Protocol
X-LB-Node
X-Cache-Control-Orig
X-Debug
X-I
X-Cache-Debug
X-Correlation-ID
X-Generated
X-Revision
X-Daa-Tunnel
X-Drupal-Cache-Tags
X-ATG-Version
FAI-W-FLOW
X-Cache-Lifetime
X-VARITI-CCR
X-Vcap-Request-Id
X-SV-Pid
X-SV-Nginx-Duration
SN
X-Storage
X-SV-Expires
X-SV-CacheTags
X-SV-Cacheable
X-Gamma-Serve
X-SV-CreatedAt
X-SV-Duration
X-Varnish-Cacheable
X-SV-Edge
X-SV-FromDBCache
X-Varnish-ObjectSource
X-Varnish-Seen-By
X-Varnish-RemainingTTL
X-Varnish-RemainingLife
X-Varnish-GracePeriod
X-Client-IP
X-Now-Id
Accept-Encoding
X-Front
X-Rocket-Nginx-Serving-Static
X-Server-ID
X-ServerName
X-Acquia-Application-Trace
Update-Time
Src-Update
X-Cache-Level
X-Cache-Handler
X-Grace
X-NoCache
SiteSpeed
X-Route-Server
X-Hiawatha-Cache
ServerID
X-CJ-Soft
X-LB-Server
X-Cache-Server
Req-Id
X-Url-Base
X-Discourse-Route
X-Geo-Country
Content-Encoding-Handler
Edge-Control-Message
X-Vhost
Cneonction
X-Pressidium-NinukisWP-Ver
Contao-Page-Layout
X-SRV
X-Forwarded-Proto
X-Env
X-Amz-Meta-S3cmd-Attrs
X-Flow-Powered
Powered-By-ChinaCache
X-Dispatch
Cache
X-Varnish-TTL
X-SmugMug-Hiring
X-Drupal-Cache-Contexts
X-TTFB
X-Varnish-Age
X-Ttl
X-Litespeed-Cache-Control
X-SmugMug-Values
Smug-CDN
X-TTFB-L
X-GeoIP-Country-Code
X-Time
X-Cache-Operation
If-Modified-Since
X-TransIP-Reserved
X-Firenze-Processing-Time
X-Cache-Only-Varnish
Backend
X-Varnish-Backend
X-Sucuri-ID
X-Middleware-Start
X-Locale
X-Varnish-Url
Cache-Tags
X-Trace-Id
X-Sucuri-Cache
X-Cache-Engine
Lsrequestid
X-Content-Type-Option
X-Unbounce-VisitorID
X-Server-Instance
X-Country-Code
X-Unbounce-Variant
X-Unbounce-PageId
X-IsCacheURL
X-Esi
X-Transaction
Service-Worker-Allowed
X-Connection-Hash
X-Varnish-IP
X-Twitter-Response-Tags
X-Cache-Expires
Strikingly-Cache-Region
Strikingly-Cached
Strikingly-Cached-Version
X-GUploader-UploadID
W
MJ12bot
X-Last-Modified
X-Content-Encoded-By
X-Litespeed-Cache
X-Cache-Type
SEOMOZ
X-Amz-Rid
X-GeoIP-Country-Name
Use-Proxy
X-Service-Id
X-CF-Passed-Proto
X-Varnish-Retries
Proxy-Connection
X-PwB-Node
X-High-Performance
X-FIRSTBase
X-Speed-Cache-Key
X-Speed-Cache
X-ORACLE-DMS-RID
X-SRCache-Key
X-Akamai-Device-Model
X-Always-Cache
X-Akamai-Device-Characteristics
Custom-Header
Content-MD5
Server-Name
Location
Section-Io-Id
AMF-Ver
X-LB
X-Webkit-CSP
X-Cache-Control
X-WR-MODIFICATION
Srv
ServerName
X-Cookie-Domain
X-TTL
From-Origin
X-Cache-Device-Type
Page-Completion-Status
X-Now-Cache
PICS-Label
NnCoection
X-Magnolia-Registration
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Frontend
X-BackendServer
Author
MC
X-N
X-ServerID
X-Storage-Cache-Date
X-Storage-Cache-Expires
Nodo
X-Storage-Cache
X-Srv
X-Empowered-By
X-Nginx-Cache
Pv
X-CDN-Forward
X-Dynamic-Cache
X-Origin
X-Varnish-Server
X-Real-Server
FindLaw
X-Cache-Fix
X-Yadis-Location
X-Xrds-Location
Adm-Server
X-Cache-PageType
Qs-Cache
NetMindSessionID
X-Worker
X-Amz-Storage-Class
Swift-Performance
X-Processing-Time
Edit
X-Symfony-Cache
X-Pantheon-Site
IBM-Web2-Location
Https
X-Pantheon-Environment
X-FTR-Request-ID
X-Pantheon-Phpreq
Surrogate-Key-Raw
Local-Info
X-ID
Tracecode
X-Pool
X-Key
Content-Transfer-Encoding
X-HW
X-SDS
Fw-Via
X-Nitro-Cache
S
X-TB-M
X-Amz-Meta-Content-Md5
X-Content-Security-Policy-Report-Only
X-Content-Age
X-FW
X-Nbs
Ohc-File-Size
Content_type
X-BKSrc
X-Vip
X-ACMCache
X-FireWall-Port
X-LP
X-Cache-Miss-From
X-Browser
X-Varnish-Hits
X-Distributor
X-Shard
X-NginX-Cache
X-Shield-Request-Id
X-Id
X-Sedo-Request-Id
Pics-Label
CacheControlHeader
Hummingbird-Cache
IM-Version
Access-Control-Allow-Method
X-Varnish-Ttl
Drupal-Pagecache-Memcache
X-Analytics
Accept-Charset
Noq
Xc-Version
HCVer
X-SP-UniqueName
X-Disney-Akamai-Rule
X-Cache-2
X-A
X-4ormat-Cacheable
X-VC-Enabled
Backend-Timing
Ram
Ramp
X-WR-Flags
X-Orig-Vary
X-SP-Farm
HAVer
Server-Timing
X-LW-Web-Server
Prama
X-Location
SRV
X-Config-Blacklist-Version
X-Role
X-Varnish-ID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-WPL-DATA
RequestId
X-Drectory-Script
X-Runtime-Rack
X-Remote-Addr
X-Unique-ID
X-E
X-Resource
X-UPSTREAM
X-Redman-Final-Url
X-Redman-Backend
Cm-Server
X-App
Server-Info
X-SERVER-NAME
X-Adobe-Content
X-Cache-CFC
X-Real-IP
X-Adobe-Loc
X-Hit-Cache
X-RequestId
X-Hstore
X-Akamai-Edgescape
X-Hrouter
X-JSESSIONID
X-Pagename
Cached
X-AEM
AsisCache
X-AVG-Country-Code
X-Avg-Cookie-Expires
X-Sys-Req-ID
X-PF-Uncompressing
X-Proxy-Backend
X-App-Runtime
Accept-Language
X-Runtime-Affili
Lookup-Cache-Hit
Cteonnt-Length
Web-App-Origin-Name
X-GoCache-CacheStatus
X-Runtime-Memory
X-Span
X-Proxy
X-ClientSide-Caching
X-Dw-Trace-Id
X-V
X-Varnish-Hostname
X-RealServer
X-Fedora-School-Id
WWW-Authenticate
X-Path-Route
X-NginX-Server
A-Powered-By
X-Generated-Timestamp
Accept-CH
X-Balanceador
X-ServerIndex
X-Forwarded-Host
X-VC-TTL
Nginx-Cache
SHInfo
Dtk-Cache-Check-0
Lb
X-Force
Server-ID
X-PRAM
X-Request-Uri
X-SE-Debug
X-Source-ID
X-Atraveo-Param-Rm
X-Atraveo-TTL
X-Atraveo-Varnish-Server-Id
X-Atraveo-Zone
X-Vcache
X-Atraveo-From-Varnish-Cache
X-Atraveo-Expires
X-Atraveo-Cache-Control
X-Stage
X-CLOUD-TRACE-CONTEXT
X-Atraveo-ETag
X-Appmachine-Environment
X-Atraveo-Set-Cookie
X-ARRServer
X-Culture
X-Ratelimit-Limit
Beyond-Iis
X-CacheDebug
X-Debug-Token
X-HydroSheep
XDomainRequestAllowed
Access-Control-Request-Headers
X-Pantheon-Az
X-JG-Page-Cache
X-Varnish-Debug-TTL
X-Ratelimit-Reset
X-Jphone-Copyright
X-CB-Server
X-Varnish-Debug-Age
X-Distil-CS
Request-Country
X-NWS-UUID-VERIFY
X-Webstats-RespID
X-Ratelimit-Remaining
Pf.Web.Request.Id
X-Session-ID
X-Purge-Host
X-Purge-URL
X-GeoIP
Request-EU
X-IIJ-Cache
X-Hosting-Env
SVR
X-Processed-By
Url
Front
X-Frames-Options
VServer
X-Akamai-Transformed
X-SDE-Name
Disablevcache
X-VCS-Cacheable
X-RiS-UFDI
Identity
X-ESI
X-AF-Userserver
X-Rq
IISExport
Firespring-Website-Id
X-VCS-Ttl
X-CacheFROM
X-Cache-Ttl
X-Cacheable-TTL
X-Nginx-Host
X-Plat
X-Framework
X-Cms-Mode
X-Server-IP
Upgrade-Insecure-Requests
WP-FROM-CACHE
CS-SERVER
X-Domain-Checked
X-Backend-Status
Worker
X-Session-Reinit
X-Provisioner-Version
X-Dev
Referer
CLMOB
ScoreTracker
Proxy-Agent
X-Client-Image-Vid
X-Client-Vid
X-EPiphany-Vid
X-OpenCart-Lightning
X-Envoy-Upstream-Service-Time
X-Ms-Request-Id
Cmstype
Cmsid
X-Detected-Device
X-Agent
Eomportal-Instance
X-Upgrade-Enabled
X-HeBS-Cache-Status
X-Consent-Required
X-Req-Head-Response
X-Proxy-Skip
Copyright
X-Map-Context
Frame-Options
Machine
Proxy-Cache
AETN-Area-Code
Resin-Trace
Play-Detected-UserAgent
X-Bip
Play-Detected-Device
Il-Cl
Home
AETN-City
Max-Age
X-Upstream-Status
X-GSL-Server
AETN-Continent-Code
X-Upstream-Backend
*
X-Cache-On
X-PBY
X-Adnet
X-Oferteo-Domain
X-Actindo-Thread-Id
Paypal-Debug-Id
X-Rule
X-Proxy-Cache-Control
X-App-Server
X-Actindo-Rs
X-Actindo-Request-Id
VANITY-HOST
X-Soro
X-UA-Bot
X-Via-S
Access-Control
X-WebNode
X-Refresh
X-TKP-SRV-ID
X-Garden-Version
Myheader
X-CRA-DC
X-Resty-Request-Id
X-Cache-Doesi
X-Cocoon-Version
X-Cache-Dispatchercachecontrol
X-Confluence-Request-Time
X-Rebelmouse-Cache-Control
X-Amz-Id-1
X-HTML-Minification-Powered-By
X-Amcomm-Site
X-Cache-Dispatcherpragma
X-PHP-Response-Code
X-Autoru-Host
X-B2f-Not-Route
AETN-State-Code
X-DSMX-Rewrite-MS
X-7d-Trace-Id
AKA-DEVICE
Access-Control-Allow-Header
IES-Server
WP-AdvCache-MemCached
X-Domino-CacheValidationWithETagResult
X-Domino-CacheValidationWithETagReason
X-HashTwo
AETN-Longitude
AETN-Postal-Code
X-WP
X-Smartcache-Keys
X-Smartcache-Timeout
Load-Balancer
CF-Worker-Script
AR-ATIME
Dispatcher
AMP-Redirect-To
AR-CACHE
AR-PoweredBy
Num
AR-SID
X-Desc
X-HA-Frontend
X-MAT-GEO
X-Varnish-Cache-Local
Traffic-Origin
X-Application
X-HA-Backend
X-Data-Request
AETN-Latitude
X-DSMX-Render-MS
Environment
AETN-DEVICE
Cleartype
X-Aramark-SID
X-7d-Instance-Id
Thanks
X-Header
AETN-EU
AETN-Country-Code
X-Batcache
AETN-Country-Name
Pramga
Xc
NtCoent-Length
X-Dynatrace
X-Via-NSCOPI
Dynatrace
RN-Server
X-HostName
Web
X-Compress-Hint
COMMERCE-SERVER-SOFTWARE
Now
X-Rack-Cors
ServerTokens
X-Now-Trace
X-DataDome
ServerSignature
X-CACHE-TTL
X-Highwire-Sitecode
Bios
X-Varnish-URL
X-SV
X-Highwire-Smart-Code
X-Page
X-Geo-IP
Ttl
VAR-Cache
X-Flex-Lang
X-RiS-PX
X-Flex-Evend
FRONT-END-SECUREBROWSER
Fastly-Backend-Name
Edgecast
X-AOL-HN
X-AutoRu-App-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Detail
X-Flex-Community
X-Flex-Evstart
X-Served-Server
X-Cache-Varnish
X-Policy
X-Response
X-DN-Cache-Control
X-SmartBan-URL
X-SmartBan-Host
X-Beatles
X-Highwire-SessionId
X-Varnish-Id
X-Highwire-RequestId
X-M-Reqid
X-M-Log
X-Qnm-Cache
X-Timestamp
N365rili
X-Amzn-Trace-Id
Filters
X-Fastly-Request-Id
X-Flex-Tags
X-Flex-Tag
X-Test
X-SilverStripe-Cache
X-Gyrobase-Publication
XX
Ibf5scheme
Yoncu-Errno
X-Skip-Cache
X-Flex-Lastmod
X-Nx-All
X-Directory-Script
X-Lb
X-ASAP-Cache
X-Geo
Aurora-Node
Dis-Env
DNNOutputCache
Provider
X-SH-Cache-Status
X-Proxy-Cache-Key
X-Requestid
X-Resolver-IP
X-Ghost-Cache-Status
X-Generated-Time
X-Nx
X-Cache-Time
Prot
X-LBPoolMember
MageStack-Cache-Hits
MageStack-Cache-Lifetime
MageStack-Cache-Status
MageStack-Cache
MageStack-Area
PServer
X-WEBMGR-CACHE
MageStack-Cacheable
MageStack-Config
MageStack-Tag
MageStack-Web-Node
Viewport
MageStack-PageSpeed
MageStack-Magento-Version
MageStack-Debug
MageStack-Loadbalancer
X-UnsetCookies
ServerNode
X-Beluga-Response-Time-X
X-Blog
X-Secret
X-Beluga-Response-Time
X-Dynatrace-Js-Agent
X-Beluga-Node
X-CacheID
X-Beluga-Status
X-Beluga-Trace
X-Clara-ASAP
X-Custom-Name
X-Info
X-Depends
X-CAPServer
X-Protected-By
X-MCB-Server
X-Middleton-PageSpeed
X-Beluga-Record
X-Beget-Proxy
X-Beluga-Cache-Status
Magicmarker
X-WebKit-CSP-Report-Only
Fastly-Debug-Digest
X-Streams-Distribution
From
HitType
X-APIAUTH-VAL
Report-To
X-Cdn-Forward
BackendServer
X-Vary-Options
X-RAMCache
X-IP
X-Varnish-Debug-Hits
X-Appversion
X-Pj-Cache-Status
NLCacheNote
X-TLS-Version
X-ENDPOINT
Device
X-ROUTING
X-ORIKEY
X-APIVERSION
X-Sid
X-Tag-Playlist
X-Access-Control-Allow-Origin
X-Served
X-Deity
X-DB-Content-Length
X-FastCGI-Cache-Status
CommunityServer
NODE
X-Varnish-Action
X-Reflector-Cache
X-Reflector
X-Gateway-Rate-Limit-Delayed
X-Cache-Me-Harder
X-FORWARDED-PROTO
X-Varnish-Ip
X-Appid
X-Serv
Serverid
VSID
ViewMode
X-We-Are-Hiring
X-MainProfileID
HSTS
X-PBS-Appsvrip
X-Webcelerate
SINA-LB
X-Cache-FS-Status
Nitro-Cache
X-NewsFlow-Sitename
X-MrHost
X-MainProfileCategory
SINA-TS
X-DynamicCache
X-MainProfileURL
X-PBS-Fwsrvname
X-PBS-Appsvrname
X-MainProfileName
X-Status
X-HS-Status
X-Instance-Id
X-MyName
X-ServiceProvider
EagleEye-TraceId
CommercePlatform-Version
CDN-Uid
OracleCommerceCloud-Sandiego
OracleCommerceCloud-Version
Session-From
ServerIP
CDN-RequestId
CDN-PullZone
X-Layout
X-Static
Arrnode
BALANCEDTO
CDN-CachedAt
CDN-Cache
TC-Cache
TC-Cache-IC
X-SAPP
X-Obvious-Info
X-Obvious-Tid
Debug-Status
X-Client-Id
Tk
X-ACCELERATE
X-Origin-Date
X-Goog-Meta-Goog-Reserved-File-Mtime
TC-S-Cache
TC-Cache-U
TC-S-Cache-M
Ufe-Result
X-Varnish-Grace
X-FPC
Session-Id
X-Title
SBSS
Content
X-Svr
Webserver
X-Phpwcms-Page-Processed-In
X-ENV
X-Phpwcms-Release
X-Reqid
X-Nginx
X-Box
TP-L2-Cache
X-Cache-Action
X-Cache-Extended
X-Compressed-By
X-Cluster
X-Proxy-Id
X-Aramark-CSID
X-Block-Rule
TYPO3-Sitename
TYPO3-Pid
X-Block-RuleID
X-CacheLoc
X-HAProxy
X-DevSrv-CMS
Progma
Ohc-Response-Time
YF-ID
Backend-Powered-By
X-ZSITES-DNS
Description
Og
Keywords
TP-Cache
NGX
X-Pass-Through
X-Mighty-Proxy
Provided-Host
X-Search-Id
AMP-Access-Control-Allow-Source-Origin
X-Src-Webcache
X-Max-Age
Ssl-Proxy-Server
Cf-Ipcountry
CF-Cache-Key
Hit-Count
Purge-Cache-Tags
Response-Time
PBS
REFRESH
Hosted-By
X-Wodby-Node
Server-Id
X-Custom-Header
X-Instance
X-EC2-Instance-Id
X-Vol-Mrp
X-Vol-Correlation
X-Firefox-Spdy
X-Backside-Transport
X-FromPodPressCache
X-Global-Transaction-ID
X-Now-Instance
X-XHTML-Minification-Powered-By
X-W3TC-Minify
X-ProcessESI
X-Origin-Server
X-Proxy-Server
X-RemovedCookies
X-Who
X-ReqId
X-Nginx-Request-Processing-Time
X-Ms-Version
SB-Cache-Remaining
SB-Cache-Life
SB-Site-Device
SB-Site-IE-VERSION
X-AMAZEEIO
AC-ELC
CDCHOST
X-Powered-By-ADS
X-NodeID
X-Rewritten-By
X-SCM-Server-Number
X-Varnish-Cache-Ttl
X-Test-Debug
X-Node-Id
X-ManagedFusion-Rewriter-Version
X-BPool-Back
X-Airee-Node
X-BServer
X-Captured
X-Gannett-Site-Version
X-NoIndex
X-PM-ID
X-M
X-HA
X-Origin-Cache
X-Processed
MageStack-Cache-Lifetime-Sent
X-This-Proto
X-Cname-TryFiles
X-Cache-LB
GranicusServer
X-Varnish-Backend-Beresp-Backend
HTTPS
MS-CV
Tempo
MageStack-Cache-Warning
MageStack-Last-Modified
X-WN-ClientGroup
X-V-Cache
Amfplus-Ver
X-Cache-Node
X-CH-Device
X-SayCDN-TTL
X-Say-TTL
X-Build-Id
WN
X-MID-Host
X-ProBase-Server
X-Say-Cacheable
X-Rack-CORS
X-Powered-By-Home.Pl
X-Goog-Meta-Policy
X-ETag
X-Shopware-Allow-Nocache
X-Shopware-Cache-Id
X-Goog-Meta-Replace
X-Route
X-RENDER-TIME
X-PROCESSED-BY
X-Server-Addr
X-Xml-Http-Blocked
X-CACHE-KEY
X-DEBUG
X-Oracle-Dms-Ecid
X-Actual-Url
X-Scheme
X-COUNTRY-CODE
Server-Ip
X-Mobilized-By
SERVER-ID
X-AppServer-Status
Gzip
X-Appmachine-Duration
Language
X-Autoru-App-Id
X-Server-Hostname
X-AppServer-Cache-Rule
F5-IpCliente
Actioncode
X-NMT-Proxy
X-Vid
X-AppServer-Cache-Exception
X-Accel-Cache-Control
X-Amzn-Remapped-Date
X-CAMPUSSUITE-ENVIRONMENT
Fastly-Restarts
X-Ruxit-Js-Agent
X-Serverid
X-Appmachine-CreatedOn
Returned-Status
X-Itkg-Cache-Tags
X-ASAP-Age
X-Old-Content-Length
X-Server-Generated
X-TEST
X-Cache-Warmer
X-Machine
X-Enhanced-By
X-FG-RequestId
X-JoinUs
X-SSLTerm-Server
X-Time-Spent
X-CSRF-Token
WebServer
X-Ssl-Cipher
Fastly-Drupal-Html
ClientIP
X-UT-Cache
X-Appmachine-Name
Realaction
X-CAMPUSSUITE-TENANT
X-Expires
X-Mobile-Rewrite
X-InDy-Time
X-Origin-Upstream-Status
X-ORIGN-SERVER
X-Telligent-Evolution
X-Router
X-InDy-Query
X-InDy-Memory
PB-RID
PB-PID
X-SG-Server
PROGMA
X-Grid-Server
X-Front-Cache
Actual-Object-TTL
X-Enabled1
X-Healthy
X-Enabled2
X-Middleton-Pagespeed
X-Enabled3
X-No-Session
X-Cache-Id
X-Avvio-Cms-Cacheload
Ews
X-Bitrix-Composite
Servername
X-Catalyst
LB
X-Fastly-Backend-Reqs
ProxiaInstanceId
X-Tradeindia-SMgmt
X-Optimization
X-CAMPUSSUITE-DEBUGGING
Origin-Vm
X-Amz-Meta-S3b-Last-Modified
X-Magento-Route
Prototype-RootPath
X-Pageid
X-Cache-HT
X-Unique-Id
X-From-Cache
X-GZip
VC-NoCache
D
X-Country
X-Tradeindia-Request-GUID
Amp-Access-Control-Allow-Source-Origin
EQ-Cache
SERVER-NAME
PagesDisplayed
X-Varnish-TTL-Debug
Generate-Time
V-Cache-Ttl
RSL-Trace-ID
X-Beresp-Ttl
X-Varnish-Age-Debug
UrlWatchModule-Time
X-Az
X-Transaction-Name
X-SEA-Instance-Name
X-BeResp-Ttl
X-Content-Type
X-D2id
X-UPSTREAM-Address
X-Cachable
X-SCProxy
X-Activity-Id
X-SSL
X-Amz-Meta-Version-Id
X-Debug-Message
X-Mobile-Device-Type
X-Mobile-Device
X-HP-CAM-COLOR
X-Navigation-Version
Web-Server
Unique-Request-Id
X-Clx-Request
X-DDM-SERVER
X-MSU-SOURCE
X-DDM-SERVER-UPDATED
Requested-Host
X-Qiniu-Zone
HitInfo
X-Olaf
X-FastCGI-Cache
X-Log
X-Oracle-Dms-Rid
X-OPNET-Transaction-Trace
X-Cache-ID
X-Dck
X-Built-By
X-Render-Time
X-Ser
SS
Arrow-RequestId
X-Abuse
FastCGI-Cache
X-RequesterIP
X-Cache-Via
X-WA-Info
X-Zendesk-Origin-Server
EN-User
X-Zendesk-User-Id
X-PressLabs-Stats
Sl-Pgid
X-Served-From
X-BIT-Node
X-Varnish-Cache-Control
X-VHosting-Cache
X-Boot
ID
X-Batcache-Reason
X-Server-Ip
X-CloudBurst-Cache
X-CloudBurst-Backend
X-CloudBurst-Frontend
X-CloudBurst-WordPress
X-Pagely-Cache
X-PoweredBy
X-Requested-With
MSSmartTagsPreventParsing
Httpd-Identifier
MSThemeCompatible
StatusCode
X-Cache-TTL-Current
X-Cache-TTL-Age
CmsfirstPublishTimestamp
X-XHR-Current-Location
X-Ruby-Cluster-ID
X-NginX-Upstream
X-Sn-Servicetimems
X-UPServer
X-Varnish-Cached-TTL
X-Varnish-Cached
X-Firewall
X-Hit
Id
DrivedBy
MachineName
MwpReleaseVersion
Page-Template
NZSpeedy
X-Proto
X-Node-App
X-Meta-Imagetoolbar
X-Instance-Name
X-Meta-MSSmartTagsPreventParsing
X-Meta-MSThemeCompatible
X-Nginx-Page-Cache
X-MCF-ID
X-Jcms-Ajax-Id
HA-Geocity
HA-Cloudapp
HA-Geocountry
HA-Geolat
HA-Georegion
HA-Geolon
DB-Nickname
Content-Sn
X-Rocket-Nginx-Reason
X-Rocket-Nginx-File
X-SuperCache
X-UType
BlockPHPCallEnd
X-VG-WebCache
HA-Host
HA-Ipaddr
X-Built-With
X-Bcwwwid
X-Cdn-Origin
X-CGP
X-Homeaway-Requestmarker
X-Fpc
X-B3-Sampled
Request-Time
HA-Urlpath
HA-Servedtime
L5d-Success-Class
ModuleCacheType
NKBVHEADER
Pragrma