Threat Level: green Handler on Duty: Tom Webb

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Date
Content-Type
Server
Set-Cookie
Connection
Cache-Control
Vary
X-Powered-By
Expires
Content-Length
Last-Modified
Pragma
Link
Accept-Ranges
ETag
X-Content-Type-Options
X-Frame-Options
X-XSS-Protection
Strict-Transport-Security
X-Cache
CF-RAY
P3P
X-AspNet-Version
Age
X-Pingback
Content-Language
Via
X-UA-Compatible
Expect-CT
Upgrade
Access-Control-Allow-Origin
X-Adblock-Key
Content-Security-Policy
X-Xss-Protection
X-Cacheable
X-Check
X-Language
X-Template
X-Varnish
X-Generator
X-Buckets
Alt-Svc
X-Request-Id
X-Drupal-Cache
X-Type
WPE-Backend
X-Cache-Group
X-Pass-Why
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Cache-Hits
P3p
X-Powered-By-Plesk
Content-Location
X-Permitted-Cross-Domain-Policies
X-Download-Options
Host-Header
MS-Author-Via
X-Runtime
X-ShopId
X-ShardId
X-Sorting-Hat-Section
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId-Cached
X-Dc
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId-Cached
X-Alternate-Cache-Key
X-FRAME-OPTIONS
Cartoon
X-IPLB-Instance
X-Powered-CMS
X-Served-By
X-UA-Device
Status
Access-Control-Allow-Credentials
Access-Control-Allow-Headers
X-Amz-Cf-Id
Access-Control-Allow-Methods
X-Cache-Status
X-Via
X-Iinfo
X-Timer
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
CF-Cache-Status
X-Contextid
Referrer-Policy
X-Backend
X-DIS-Request-ID
X-Mod-Pagespeed
Powered-By
X-PC-Hit
X-PC-Key
X-ServedBy
X-PC-AppVer
X-PC-Host
X-PC-Date
Content-Encoding
X-WPE-Loopback-Upstream-Addr
X-CST
X-Logged-In
X-Host
Keep-Alive
X-Server
X-Cache-Hit
X-CDN
X-Request-ID
X-Port
X-Rid
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Server-Powered-By
X-Cache-Enabled
X-Tumblr-Pixel-1
X-Endurance-Cache-Level
X-Robots-Tag
X-Nginx-Cache-Status
X-Accel-Version
X-Wix-Request-Id
X-Seen-By
X-Wix-Server-Artifact-Id
X-Turbo-Charged-By
X-Tumblr-Pixel-2
X-Page-Speed
X-Original-Date
X-Drupal-Dynamic-Cache
X-Pad
X-Content-Powered-By
Content-Security-Policy-Report-Only
X-Proxy-Cache
X-Content-Digest
WP-Super-Cache
X-AH-Environment
X-Rack-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Varnish-Cache
X-Tumblr-Pixel-3
X-LiteSpeed-Cache
X-Request-Country
X-GitHub-Request-Id
SPRequestGuid
X-SharePointHealthScore
X-XRDS-Location
X-MS-InvokeApp
Edge-Control
MicrosoftSharePointTeamServices
X-Cnection
X-Cache-Lookup
Timing-Allow-Origin
X-Node
X-Died
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-FW-Hash
Charset
X-Trace
Request-Id
X-FW-Static
X-FW-Type
X-FW-Serve
X-FullPageCaching
X-Webserver
X-Webcom-Cache-Status
X-Content-Security-Policy
Edge-Cache-Tag
MicrosoftOfficeWebServer
X-HS-Cache-Config
X-PhApp
X-HS-Content-Id
X-Safe-Firewall
X-Hits
X-PHP-Backend
X-CF-Powered-By
X-INKT-URI
X-INKT-SITE
SPIisLatency
SPRequestDuration
Request-Context
X-Newrelic-App-Data
Access-Control-Max-Age
X-BC-Stapler
X-Swift-SaveTime
X-Swift-CacheTime
EagleId
Composed-By
X-SERVER
Access-Control-Expose-Headers
Served-By
X-CDN-Pop-IP
X-CDN-Pop
Grace
Liferay-Portal
X-Hyper-Cache
X-Tumblr-Pixel-4
X-Spip-Cache
X-Backend-Server
X-Device
X-Server-Name
X-Ua-Compatible
X-Dw-Request-Base-Id
X-LiteSpeed-Cache-Control
X-Fastly-Request-ID
X-Microcache
X-VCache
X-Firenze-Processing-Times
X-FB-Debug
X-ServerName
X-Clacks-Overhead
Content-Style-Type
X-Cloud-Trace-Context
Rating
Content-Script-Type
X-RateLimit-Remaining
X-Loop
X-TNCMS
Real-Hostname
X-RateLimit-Limit
Surrogate-Control
Xkey
X-RateLimit-Reset
X-Acc-Exp
X-User-Agent
Front-End-Https
X-Jimdo-Instance
X-Jimdo-Wid
X-DDC-Arch-Trace
Public-Key-Pins
Refresh
X-HS-Combine-CSS
X-Cache-Config
X-Middleton-Display
X-Middleton-Response
Response
X-Sol
Display
X-XN-Trace-Token
X-XN-XNHTML
X-Age
Fpc-Cache-Id
X-StackifyID
X-SS-Conf
X-SS-Location
X-Servedby
X-Tumblr-Content-Rating
X-Hostname
X-Generated-By
X-OneAgent-JS-Injection
X-Wix-Renderer-Server
X-DNS-Prefetch-Control
X-Cached
X-Zen-Fury
X-Vtex-Processado-Em
X-Topify-Platform
X-Px
X-Microcachable
X-N-OperationId
X-Tumblr-Pixel-5
PageSpeed
X-Cdn
X-Frame-Option
X-MiniProfiler-Ids
X-Ruxit-JS-Agent
TCN
X-Magento-Tags
X-Correlation-Id
X-Url
X-Cached-By
X-Request-Time
X-CMS-Version
X-Amz-Version-Id
X-Whom
P-LB
X-URL
P-WS
X-WebKit-CSP
Rt-Fastcgi-Cache
X-Outils-CS
Product
X-Kinsta-Cache
X-Content-Options
X-Handled-By
X-DynaTrace-JS-Agent
X-Via-JSL
X-Varnish-TTL
Edge-Control-Message
X-DynaTrace
X-B-Cache
X-Forwarded-For
Host
Surrogate-Key
X-AspNetWebPages-Version
X-Msg-2-Log
Access-Control-Request-Method
Imagetoolbar
X-Ua-Device
X-Debug-Info
X-From
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Varnish-Cache-Hits
X-Edge-Location
X-FORWARDED-FOR
Fhost
X-Recruiting
X-HOST
Fastly-Debug-Digest
X-Engine
Powered
ServedBy
X-Umbraco-Version
X-Application-Context
X-LBLID
Alternate-Protocol
X-CacheServer
Generator
X-Upstream
X-Track
X-Micro-Cache
X-Cache-Rule
X-NWS-LOG-UUID
X-Response-Time
X-Vtex-Processed-At
X-Vtex-Remote-Cache
X-VTEX-Cache-Status-Janus-ApiCache
No
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Janus-Router-Backend-App
DynaTrace
X-ApacheServer
Public-Key-Pins-Report-Only
X-Cache-Age
X-Goog-Hash
X-PERF
X-Platform
X-Signature
Akamai-IP
WZWS-RAY
X-Powered-By-360WZB
X-Actual-URL
X-Original-Request
X-Passed-To-DLL
X-Passed-To
X-Returned-From
X-Returned-From-DLL
Dmn
X-Hosted-By
X-Location-Id
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Accel-Expires
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Powered-By-VTEX-Janus-Edge
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Arr-Disable-Session-Affinity
Retry-After
X-Developer
X-UD-Method
X-Varnish-Beresp-Grace
X-LW-Cache
X-Source
X-Platform-Processor
X-Platform-Router
X-Stale
X-RESOURCE
X-LB
X-VARNISH-Cache
X-Supported-By
X-Platform-Cluster
X-URLSCHEME
X-Instart-Request-ID
X-TransIP-Balancer
X-Version
X-Rnd
Cache-Provider
X-Rocket-Nginx-Bypass
X-Cache-Info
Fastcgi-Cache
HTTPS
X-I-Sp
X-S
X-BS
X-Magento-Cache-Debug
X-Varnish-Host
X-Pantheon-Site
Surrogate-Key-Raw
X-Device-Type
X-Pantheon-Phpreq
X-Pantheon-Environment
X-Defender
Content-Hash
X-Shop-Id
Origin
X-Tumblr-Pixel-6
X-Cache-TTL
X-Storage
X-NetCat-Version
X-TransIP-Backend
X-HS-Content-Campaign-Id
X-Fastcgi-Cache
X-AOL-HN
X-ATG-Version
X-F-Cache
X-Varnish-RemainingTTL
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-RemainingLife
X-Varnish-GracePeriod
X-Varnish-Seen-By
X-Cache-Key
X-Gamma-Serve
X-Varnish-ObjectSource
X-Varnish-HitMiss
IBM-Web2-Location
X-Varnish-Count
X-Dispatcher
USPLoggingUUID
X-Matrix-Server
X-Matrix-Proxy
X-App-Hosting
X-Platform-Server
X-CSRF-Protection
X-Art-Request-Id
X-Cache-Tags
Allow
Version
Pagespeed
X-Expires-Orig
X-EdgeConnect-MidMile-RTT
Ohc-File-Size
X-I
X-Microcache-Status
X-Translation
X-Powered-By-VelaWeb
Last-Published
X-Front
X-Route-Server
X-Daa-Tunnel
X-Page-Cache
X-LB-Node
X-Server-ID
Pool
X-Director
Powered-By-ChinaCache
X-Revision
X-Platform-Cache
X-Cache-Debug
X-Hypernode
X-NoCache
Content-Disposition
RTSS
Wsr-Cache
Cache-Key
X-Server-Upstream
Page-Completion-Status
X-Environment
X-Drupal-Cache-Tags
X-SSL-Cipher
X-SSL-Protocol
X-ARC
X-Flow-Powered
X-Content-Encoded-By
X-Cache-Operation
X-Abgroup
Accept-Encoding
X-Vcap-Request-Id
X-Debug
X-SV-Duration
X-SV-Pid
X-SV-Nginx-Duration
SSPAppContext
X-SV-Edge
Lsrequestid
X-SV-CacheTags
X-SV-CreatedAt
X-SV-Expires
X-SV-Cacheable
X-SV-FromDBCache
X-Loopia-Node
Srv
X-Grace
Content-MD5
MIME-Version
X-Varnish-Age
X-Ttl
X-Hiawatha-Cache
X-Id
X-UPSTREAM
Node
X-GeoIP-Country-Code
X-Github-Request-Id
X-Dispatch
X-Lambda-Id
X-Cache-Lifetime
X-ORACLE-DMS-ECID
X-Cache-Expires
X-Firenze-Processing-Time
X-Edge-IP
X-Cache-Server
X-Sentry-ID
X-Cache-Only-Varnish
X-Varnish-Cacheable
X-PwB-Node
X-Url-Base
FAI-W-FLOW
X-Generated
X-Sapient
If-Modified-Since
X-Litespeed-Cache
X-RequestId
Pv
X-Cache-Control-Orig
ServerName
X-Magento-Cache-Control
Cneonction
X-Drupal-Cache-Contexts
X-Ezoic-Cdn
X-Forwarded-Proto
X-IsCacheURL
Proxy-Connection
X-ServerID
Fw-Via
X-Speed-Cache-Key
Content-Encoding-Handler
X-Speed-Cache
X-Cookie-Domain
X-Cache-Type
S-Cnection
X-Country-Code
ServerID
Section-Io-Id
X-CJ-Soft
Location
X-Amz-Meta-S3cmd-Attrs
X-Frontend
X-Client-IP
Req-Id
X-GeoIP-Country-Name
Author
X-Location
X-FW
X-Vhost
X-Dns-Prefetch-Control
Backend
SN
X-Processing-Time
AMF-Ver
X-Duration
X-Proxy
X-Nbs
X-Worker
X-Server-Id
Nodo
X-Cache-Engine
IM-Version
X-N
X-Discourse-Route
PICS-Label
X-ACMCache
X-Browser
Server-Name
X-NB-Cached-Page
X-Content-Age
X-Goog-Generation
X-Dynatrace-Js-Agent
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Middleware-Start
X-Akamai-Transformed
NnCoection
Accept-Charset
X-Orig-Vary
X-SRCache-Key
X-Yadis-Location
X-Geo-Country
X-TTL
X-VTEX-Cache-Status-Janus-Edge
X-Nginx-Cache
X-Akamai-Device-Characteristics
Local-Info
X-Magnolia-Registration
Server-Info
SRV
X-Cache-Control
X-Akamai-Device-Model
X-Webkit-CSP
X-Time
X-Cache-CFC
X-Varnish-Url
Use-Proxy
Pf.Web.Request.Id
X-Xrds-Location
X-Cache-Namespace
Cache
X-WR-Flags
Cached
Thanks
X-Always-Cache
X-Server-IP
X-Cache-Level
X-Cache-Device-Type
X-Correlation-ID
Qs-Cache
X-Varnish-Backend
X-Pressidium-NinukisWP-Ver
X-Sucuri-ID
X-DealerOn
Cm-Server
X-BackendServer
X-Abuse
X-App-Server
X-Purge-URL
S
X-Cache-Fix
X-SERVER-NAME
X-SO
X-Cluster-Node
X-Cache-PageType
SEOMOZ
W
MJ12bot
HCVer
X-Ss-Conf
X-ClientSide-Caching
X-Ss-Location
HAVer
X-Real-Server
X-Framework
Adm-Server
Content-Transfer-Encoding
X-Srv
X-Purge-Host
Xc-Version
X-AF-Userserver
X-FTR-Request-ID
X-Shield-Request-Id
X-BKSrc
Pics-Label
X-Runtime-Rack
X-Content-Security-Policy-Report-Only
X-Config-Blacklist-Version
P-ID
X-JG-Page-Cache
X-Amz-Storage-Class
SVR
X-Session-ID
X-Processed-By
X-CDN-Forward
X-Last-Modified
X-Empowered-By
Server-Timing
X-Sucuri-Cache
X-Route-To
X-Traffic
NetMindSessionID
X-Varnish-Retries
SiteSpeed
MC
X-ORACLE-DMS-RID
X-HW
X-Litespeed-Cache-Control
X-High-Performance
X-Cache-Handler
X-Hit-Cache
X-Origin
X-Pagename
X-Wix-Punisher
X-HTML-Minification-Powered-By
X-Fastly-Request-Id
X-CF-Passed-Proto
Magicmarker
X-Unique-ID
X-Cf-Powered-By
X-FastCGI-Cache
X-Content-Type-Option
X-Varnish-IP
X-Client-Vid
X-VARITI-CCR
Eomportal-Instance
Tracecode
WWW-Authenticate
X-SDS
X-EPiphany-Vid
X-LP
X-Drectory-Script
X-LB-Server
X-PF-Uncompressing
EagleEye-TraceId
A-Powered-By
X-DataDome
Nitro-Cache
Frame-Options
X-Client-Image-Vid
X-Transaction
NODE
X-Twitter-Response-Tags
Cache-Tag
X-Unbounce-Variant
X-Unbounce-PageId
CacheControlHeader
X-Unbounce-VisitorID
X-Runtime-Affili
X-Varnish-ID
X-Server-Instance
AC-ELC
X-Sys-Req-ID
ScoreTracker
X-Runtime-Memory
X-HOSTNAME
X-LW-Web-Server
X-Yottaa-Metrics
X-Connection-Hash
X-Yottaa-Optimizations
X-App-Runtime
X-SRV
X-Directory-Script
Cache-Tags
X-Rq
X-NginX-Cache
X-Cache-Doesi
HitType
Keywords
X-Cache-TTL-Remaining
X-WN-ClientGroup
X-Adobe-Loc
WN
Content_type
X-Domain-Checked
X-Adobe-Content
X-Redman-Final-Url
X-Clara-ASAP
X-ASAP-Cache
ServerTokens
ServerSignature
X-App-Status
Ufe-Result
X-Amz-Meta-Cb-Modifiedtime
X-Cdn-Forward
Web-App-Origin-Name
X-Avg-Cookie-Expires
Access-Control-Allow-Header
X-AVG-Country-Code
X-Redman-Backend
X-ID
From
X-Provisioner-Version
VANITY-HOST
X-VNode
X-Akamai-Edgescape
X-Varnish-Hits
X-Cache-Node
Backend-Timing
From-Origin
X-Sorting-Hat-Expire-Cache
X-Analytics
X-Varnish-Ttl
X-Autoru-Host
X-Garden-Version
X-FireWall-Port
Machine
Proxy-Agent
X-Mobilized-By
X-WPL-DATA
X-AutoRu-App-Id
X-ARRServer
X-Autoru-LB
X-Esi
X-Balanceador
X-OpenCart-Lightning
X-Rocket-Nginx-Serving-Static
X-ServerIndex
X-HP-Trace-ID
Play-Detected-UserAgent
Play-Detected-Device
X-HP-Trace-Project
X-Mobile-URL
X-Cache-On
X-PRAM
X-Debug-Token
X-GoCache-CacheStatus
X-Page
X-RDP
Max-Age
X-GeoIP
Description
X-Viator-Tapersistentcookie
X-Varnish-Debug-Age
X-Varnish-Debug-TTL
X-Key
X-RiS-UFDI
X-Jphone-Copyright
X-Disney-Akamai-Rule
X-Trace-Id
Ibf5scheme
X-Varnish-Hostname
X-Bip
N365rili
X-MCB-Server
X-Atraveo-Cache-Control
Dispatcher
SBGI-Device
SBGI-RenderTime
SBGI-9
SBGI-7
SBGI-10
SBGI-5
X-AEM
Ramp
Identity
X-CB-Server
Front
X-CAPServer
Ram
Noq
X-Source-ID
SBGI-RealPath
X-Atraveo-ETag
X-Atraveo-Varnish-Server-Id
X-Force
X-Webkit-Csp
SBGI-1
X-Atraveo-TTL
X-Atraveo-Zone
X-Atraveo-From-Varnish-Cache
X-Atraveo-Set-Cookie
X-Atraveo-Expires
X-Atraveo-Param-Rm
Warning
X-Backend-Status
X-Webstats-RespID
Contao-Page-Layout
NLCacheNote
X-Culture
X-Resty-Request-Id
Beyond-Iis
X-Nginx-Host
SERVER-ID
X-Fedora-School-Id
X-Generated-Time
X-Response
Xc
X-Rebelmouse-Surrogate-Control
X-HydroSheep
X-Desc
Og
SG
Hname
Cteonnt-Length
BALANCEDTO
X-App
X-Wikidot-Backend
X-MAT-GEO
X-Machine-Name
X-Wikidot-Static-Cache
X-CRA-DC
X-Rebelmouse-Cache-Control
X-Server-Generated
X-SmugMug-Hiring
X-SmugMug-Values
X-Env
X-Cache-Dispatcherpragma
TC-S-Cache-M
X-Cache-Dispatchercachecontrol
X-Symfony-Cache
X-TTFB
X-Resolver-IP
X-Proxy-Cache-Key
Server-ID
X-Real-IP
X-TTFB-L
TC-S-Cache
TC-Cache-U
X-Varnish-Server
X-PHP-Response-Code
X-NginX-Server
XX
AsisCache
X-Detected-Device
X-Plat
RN-Server
TC-Cache
TC-Cache-IC
Smug-CDN
X-Frames-Options
X-Session-Reinit
Resin-Trace
X-Render-Time
X-Remote-Addr
Strikingly-Cached
X-Smartcache-Timeout
X-CacheResult
Strikingly-Cache-Region
X-Smartcache-Keys
X-WebKit-CSP-Report-Only
X-WP
XDomainRequestAllowed
Strikingly-Cached-Version
X-Cache-Keep
Fastly-Backend-Name
Cmstype
Id
X-A
X-Rack-CORS
X-Airee-Node
X-Stage
Cmsid
X-Fstrz
X-IIJ-Cache
X-PM-ID
X-Proto
X-VC-TTL
X-Varnish-Ip
MW-Webserver
Device
X-VC-Enabled
MS-CV
Lb
VServer
Custom-Header
AMP-Access-Control-Allow-Source-Origin
Dis-Env
Worker
X-V
X-Varnish-Action
Bios
X-Dev
X-Cms-Mode
OriginServer
X-Rewrite
X-Data-Request
PagesDisplayed
X-EC2-Instance-Id
X-Info
X-Captured
X-Batcache
X-Highwire-RequestId
X-Batcache-Reason
X-Cache-Varnish
X-Highwire-SessionId
Traffic-Origin
X-ETag
SHInfo
Arrnode
ClientIP
X-Req-Head-Response
X-Hstore
X-Gyrobase-Publication
X-DN-Cache-Control
Ctx
Hostname
X-B2f-Not-Route
Gzip
F5-IpCliente
COMMERCE-SERVER-SOFTWARE
WebServer
X-Apm-Telemetry-Syncmark
X-WR-MODIFICATION
X-SH-Cache-Status
X-Map-Context
Proxy-Cache
Il-Cl
X-Akamai-3PM-SW-Version
X-Refresh
X-Amz-Meta-S3b-Last-Modified
Paypal-Debug-Id
X-Varnish-Cache-Local
X-HashTwo
X-Hrouter
X-GSL-Server
X-Origin-Server
X-Compressed-By
X-Dw-Trace-Id
X-MSEdge-Ref
Service-Worker-Allowed
X-MidCOM-Meta-Cache
X-DDM-SERVER-UPDATED
X-Hosting-Env
X-SmartBan-URL
Nginx-Cache
X-Magento-Action
X-FPC
Content-Server
X-SmartBan-Host
Disablevcache
Hamster
X-Confluence-Request-Time
X-Adnet
Ews
X-Webcelerate
X-DDM-SERVER
X-Uncacheable
X-E
IISExport
Home
X-SuperCache
X-Aramark-SID
X-Distributor
ViewMode
X-DTC
X-SDE-Name
Myheader
DNNOutputCache
X-OPNET-Transaction-Trace
X-Amcomm-Site
CLMOB
X-TB-M
X-Pj-Cache-Status
X-UA
X-Rack-Cors
X-SV
X-W3TC-Minify
X-Cocoon-Version
X-Header
X-WA-Info
X-RealServer
X-KoobooCMS-Version
X-Avvio-Cms-Cacheload
X-Protected-By
X-CACHE-TTL
BackendServer
X-Goog-Meta-Replace
X-Goog-Meta-Policy
Url
Cleartype
X-Unique-Id
X-Dynamic-Cache
NtCoent-Length
X-HostName
X-Grid-Server
X-Author
Yoncu-Errno
Aoestatic
X-Gateway-Skip-Cache
X-CacheID
SS
X-Flex-Community
X-Src-Webcache
X-Secret
X-Flex-Evend
Edgecast
X-Cache-Via
X-Depends
X-Zendesk-User-Id
X-RemovedCookies
X-Gateway-Cache-Key
X-Powered-By-Home.Pl
X-ProcessESI
X-Flex-Evstart
X-Flex-Lang
PServer
ServerIP
X-Origin-Cache
X-Cache-Id
Accept-Language
X-VC-Cache
Session-From
Web
X-Flex-Tag
X-Flex-Lastmod
X-Flex-Tags
X-Cache-TTL-Current
X-Cache-TTL-Age
X-IP
X-Would-Your-GrandPa-Wait
X-Bcwwwid
Webserver
X-M
X-Gateway-Cache-Status
SB-Site-Device
X-Beatles
X-Lb
X-Zendesk-Origin-Server
X-D-Time
X-Distributed-By
X-Backend-Host
X-AppServer-Cache-Rule
SB-Cache-Remaining
SB-Cache-Life
X-We-Are-Hiring
X-JSESSIONID
X-Nginx
X-Forwarded-Host
X-Sc-Cache
CommunityServer
X-Cache-Extended
X-ASAP-Age
X-7d-Trace-Id
X-7d-Instance-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
Hummingbird-Cache
X-Environment-Context
X-Beatles-Hits
User-Agent
X-Cache-Set
X-Cache-Time
X-Does-He-Have-Time
X-LBPoolMember
X-Varnish-Id
Hosted-By
X-Magento-Lifetime
X-Ghost-Cache-Status
X-Tag-Playlist
X-DSMX-Render-MS
X-DSMX-Rewrite-MS
X-L-Path
FRONT-END-SECUREBROWSER
X-Your-GrandPa-Would-Wait
X-Proxy-Id
X-Generation-Time
X-Redirector
X-S-Misc
X-ENV
X-Streams-Distribution
X-Machine
X-TTL-Age
X-Old-Content-Length
X-HS-Status
X-Reflector
X-Reflector-Cache
X-Pagely-Cache
X-Server-Addr
X-RAMCache
X-Netrix-ID
X-HAProxy
X-Serv
X-HP-CAM-COLOR
X-4ormat-Cacheable
Server-Id
Serverid
NZSpeedy
Server-Ip
X-ReqId
Provider
X-ACCELERATE
X-DB-Content-Length
Viewport
X-CSRF-Token
X-Lw-Cache
VC-NoCache
X-Served-Server
X-FORWARDED-PROTO
X-Dynatrace
X-Resource
Mime-Version
X-Middleton-PageSpeed
X-Mobile-Rewrite
X-HA
Note
X-CH-Device
X-Hosting
X-Amz-Id-1
RequestId
X-FastCGI-Cache-Status
X-UT-Cache
X-Cache-Detail
Progma
X-Cname-TryFiles
X-Deity
Kanooh-Host
X-Made-On
UrlWatchModule-Time
Upgrade-Insecure-Requests
X-Config-By
Microcache
RSB-LINK
Tempo
X-Catalyst
X-Served
X-Server-Ip
X-AppVersion
X-Hash
X-Az
X-Say-Cacheable
X-Debug-Message
X-Activity-Id
Uuri
PB-PID
Generate-Time
PB-RID
Quri
Tesla.Performance
X-DynamicCache
SB-Site-IE-VERSION
X-Sid
X-Timestamp
X-Via-NSCOPI
Content-Cache
X-DEBUG
X-Cluster
X-Box
X-Cache-Me-Harder
X-Client-Ip
DbServerName
FindLaw
Ec-CorrId
Ec-Machine
X-WHOIS-Cached
X-Domino-CacheValidationWithETagResult
X-Domino-CacheValidationWithETagReason
Rewriter
X-Service-Id
X-FIRSTBase
TP-L2-Cache
TP-Cache
WP-AdvCache-MemCached
X-Instart-Cache-Id
X-Litespeed-Tag
X-Ser
Session-Id
EQ-Cache
X-SayCDN-TTL
Provided-Host
Referer
Access-Control-Request-Headers
Fastly-Restarts
X-PBS-Appsvrip
X-PBS-Appsvrname
X-PBS-Fwsrvname
X-NewsFlow-Sitename
X-Instance-Id
NS-VaryByCustom-Key
X-Application
X-Cache-FS-Status
X-Say-TTL
X-Nginx-Request-Time
X-AISO-Server
X-Cache-Original-TTL
X-Amz-Meta-Content-Md5
Ttl
X-Cjtype
X-SilverStripe-Cache
X-Status
X-Cache-V
X-AISO-Cacheable
X-Backend-Name
EN-User
X-AMAZEEIO
X-SCM-Server-Number
ServerNode
Www.Aujourdhui.Com
X-AISO-Cache
StatusCode
X-Node-ID
X-Instance
X-VC-Cacheable
X-VC-Debug
X-Pixelsilk-Version
MachineName
X-Turpentine-Esi
X-Search-Id
MwpReleaseVersion
X-VC-Hash
X-Pixelsilk-Server
X-Enhanced-By
Debug-Status
X-Gannett-Site-Version
X-Full-Url
Expiries
X-Max-Age
X-DS1D
X-CCM
X-Artvisual-Server
X-UnsetCookies
X-Blog
X-Upstream-Backend
X-Upstream-Status
X-Distil-CS
X-RequesterIP
X-Header-Treatment
X-Route
X-Router
CDCHOST
X-Node-Name
AR-SID
Access-Control-Allow-Method
Control-Cache
AR-PoweredBy
AR-CACHE
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
!~Request-OOB-Work
AR-ATIME
X-ManagedFusion-Rewriter-Version
X-Time-Microsecs
X-XHTML-Minification-Powered-By
X-XHR-Current-Location
X-Test-Debug
Cache-Status
X-NodeID
X-Nginx-Request-Processing-Time
X-DevSrv-CMS
Cacheid
X-Custom-Header
X-Enabled1
X-Pubstack
X-Enabled3
X-Enabled2
X-Rewritten-By
X-Oracle-DMS-ECID
X-Ruxit-Js-Agent
Dynatrace
X-Oneagent-Js-Injection
X-ESI
X-Cache-Ttl
X-CDN-COMPRESS
X-CDN-RULE
X-Ssl-Cipher
X-Server-App
Language
Powered-By-VeryCDN
X-Request-Received
X-Cache-Date
X-Request-Processing-Time
X-AWS
X-Archive-Orig-Server
X-Built-By
X-Varnish-URL
X-PBY
X-Debug-Serve
CpuTime
X-Varnish-Store
X-Varnish-Esi-Method
MageStack-Area
MageStack-Cache
MageStack-Cache-Hits
X-Varnish-Esi-Access
X-Varnish-Currency
GranicusServer
Aurora-Node
X-Country
X-Fastly-Backend-Reqs
X-Archive-Orig-ETag
X-Archive-Orig-Date
X-LB-Frontend
X-LB-Backend
X-Meta-Imagetoolbar
X-Meta-MSSmartTagsPreventParsing
X-Meta-MSThemeCompatible
X-Instance-Name
X-Cache-Warmer
MSSmartTagsPreventParsing
MSThemeCompatible
Realaction
WP-FROM-CACHE
X-Restarts
X-Server-Vrn
Memento-Datetime
X-Archive-Guessed-Charset
X-Archive-Orig-Connection
X-Archive-Orig-Content-Length
X-WHO
TTL
X-Wm-1
X-Wm-VIP
Actual-Object-TTL
CD4
MageStack-Cache-Lifetime
MageStack-Cacheable
X-Q-S
X-Pool-Info
X-S-C
X-S-V
X-T
X-Pageid
X-Nocache
X-M-P
X-M-T
X-M-V
X-Mw-Workerstats
X-Transaction-Name
ReqUrl
X-Server-Instance-Name
X-Compress-Hint
X-NewRelic-App-Data
X-Varnish-Grace
X-Server-Hostname
X-WebNode
X-UPSTREAM-Address
X-Healthy
X-Middleton-Pagespeed
X-MyName
X-OCTOPOD
X-I-V
X-Cacheable-TTL
MageStack-Web-Node
MageStack-Tag
X-Backend-TTL
X-NewCloud-V-Cache
X-Origin-Upstream-Status
MageStack-PageSpeed
MageStack-Magento-Version
Httpd-Identifier
MageStack-Config
MageStack-Debug
MageStack-Loadbalancer
X-ProBase-Server
X-Serverid
OracleCommerceCloud-Version
X-B
X-Beresp-Ttl
X-Cachable
OracleCommerceCloud-Sandiego
Key
AMFplus-Ver
CommercePlatform-Version
Accept-CH
X-ZSITES-DNS
MageStack-Cache-Status
CS-SERVER
X-MainProfileName
X-MainProfileID
X-MainProfileURL
Copyright
X-Not-Cacheable
X-MainProfileCategory
X-Accel-Cache-Control
X-Czt
X-Cache-Bypass
X-ACLR-Version
X-Cache-Served
X-Ar-Debug
Response-Time
VAR-Cache
Countrycode
X-Agent
Requested-Host
SINA-LB
Cache-Ctrol
INFO
WSCLoggingUUID
Head
E-TAG
OutputRewritten
X-Layout
X-Memcached
Yola-ID
X-Who
RlogId
Y-Trace
X-VCS-Cacheable
Fw-Cache-Status
X-IP-Address
X-Cache-2
X-Svr
X-This-Proto
Page-Template
X-VCS-Ttl
X-WAF-Proxy
X-Server-Ident
X-Powered-Developer
X-Nginx-Page-Cache
X-CO-Host
X-FG-RequestId
X-Title
X-ZORequestID
XDisk
X-EBAY-C-REQUEST-ID
DrivedBy
X-Brought-To-You-By
SINA-TS
Request-Time
Load-Balancer
X-B3-Spanid
X-B3-Traceid
X-Built-With
IES-Server
DB-Nickname
X-Ants-Host
X-Server-FQDN
X-PG
Cookie
X-CPU-Time
X-Fpc
X-UPServer
X-Varnish-Cached
X-Varnish-Cached-TTL
Actioncode
X-Sn-Servicetimems
X-ServerAddr
X-LOCATION
X-MCF-ID
X-Nitro-Cache
X-Script
X-Ants-Machine-Id
X-BC
X-Dynamic
X-DeliveryServer
X-ELB
X-Geo-IP
X-Varnish-Instance
X-MSU-SOURCE
X-Container
CmsfirstPublishTimestamp
X-Clx-Request
X-VLoc
X-Config-Version
X-REDIRECTSERVER
X-Rocket-Nginx-File
X-SID
X-VG-WebCache
X-ServiceProvider
Apple-Itunes-App
X-SE-Debug
X-Upgrade-Enabled
X-Rocket-Nginx-Reason
X-Time-Zone
X-Skip-Cache
X-PROCESSED-BY
X-BeResp-Ttl