Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Set-Cookie
Connection
Cache-Control
Vary
X-Powered-By
Expires
Content-Length
Last-Modified
Pragma
Link
Accept-Ranges
ETag
X-Content-Type-Options
X-Frame-Options
X-XSS-Protection
X-Cache
P3P
X-AspNet-Version
Strict-Transport-Security
CF-RAY
X-Pingback
Age
Content-Language
Via
X-UA-Compatible
Access-Control-Allow-Origin
X-Adblock-Key
X-Xss-Protection
X-Varnish
Upgrade
X-Check
X-Language
X-Template
X-Cacheable
X-Generator
Content-Security-Policy
X-Buckets
X-Drupal-Cache
P3p
X-Request-Id
X-AspNetMvc-Version
X-Type
X-Cache-Group
X-Pass-Why
X-Hacker
X-Ac
Content-Location
X-Powered-By-Plesk
X-Cache-Hits
X-Runtime
X-Permitted-Cross-Domain-Policies
MS-Author-Via
X-Download-Options
Host-Header
X-ShopId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-Section
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId
X-ShardId
X-Dc
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-IPLB-Instance
Alt-Svc
Cartoon
X-Powered-CMS
Status
X-UA-Device
X-Served-By
WPE-Backend
Access-Control-Allow-Credentials
Access-Control-Allow-Headers
X-Request-ID
Access-Control-Allow-Methods
X-Via
X-Amz-Cf-Id
X-Iinfo
X-Backend
X-Cache-Status
X-ServedBy
X-Contextid
X-Timer
X-PC-Hit
X-PC-Key
Powered-By
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Mod-Pagespeed
X-DIS-Request-ID
X-PC-AppVer
X-PC-Date
X-PC-Host
X-Logged-In
CF-Cache-Status
Keep-Alive
X-Ua-Compatible
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-CDN
X-Cache-Hit
X-Server
X-Host
X-Port
X-Tumblr-Pixel-1
Content-Encoding
X-Tumblr-Pixel-2
X-Robots-Tag
X-CST
X-Server-Powered-By
WP-Super-Cache
X-Pad
X-Cache-Enabled
X-Rid
Referrer-Policy
X-Nginx-Cache-Status
X-Seen-By
X-Wix-Renderer-Server
X-Wix-Request-Id
X-Accel-Version
Fastly-Debug-Digest
X-Endurance-Cache-Level
X-Page-Speed
X-Turbo-Charged-By
X-Tumblr-Pixel-3
X-Content-Powered-By
X-Wix-PunisherID
X-Rack-Cache
X-Varnish-Cache
X-Content-Digest
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Styx-Req-Id
Surrogate-Key-Raw
X-Pantheon-Styx-Hostname
X-Forwarded-For
SPRequestGuid
Content-Security-Policy-Report-Only
X-SharePointHealthScore
X-Cnection
X-Proxy-Cache
MicrosoftSharePointTeamServices
X-Request-Country
X-Forwarded-Proto
X-MS-InvokeApp
X-XRDS-Location
X-GitHub-Request-Id
X-Cache-Lookup
X-Original-Date
X-Safe-Firewall
X-Died
Cf-Railgun
X-LiteSpeed-Cache
MicrosoftOfficeWebServer
Timing-Allow-Origin
Edge-Control
X-FullPageCaching
Request-Id
X-Webserver
X-Amz-Id-2
X-Amz-Request-Id
Charset
X-Node
X-PhApp
SPIisLatency
SPRequestDuration
X-Tumblr-Pixel-4
X-INKT-URI
X-INKT-SITE
X-FW-Hash
X-Content-Security-Policy
X-CF-Powered-By
X-FW-Type
X-FW-Serve
X-FW-Static
Composed-By
X-Hits
X-Swift-CacheTime
X-Swift-SaveTime
Access-Control-Max-Age
EagleId
Content-MD5
Served-By
Rating
X-Hyper-Cache
Grace
Access-Control-Expose-Headers
Liferay-Portal
X-Firenze-Processing-Times
X-Spip-Cache
X-HS-Cache-Config
Edge-Cache-Tag
X-CDN-Pop
X-CDN-Pop-IP
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-HS-Content-Id
X-SERVER
X-Server-Name
X-Tumblr-Content-Rating
X-Device
X-BC-Stapler
X-Newrelic-App-Data
X-Dw-Request-Base-Id
X-Backend-Server
X-Microcache
X-Fastly-Request-ID
Request-Context
X-VCache
X-RateLimit-Remaining
X-RateLimit-Limit
X-RateLimit-Reset
Content-Style-Type
X-FB-Debug
X-User-Agent
Public-Key-Pins
X-ServerName
Content-Script-Type
X-Jimdo-Wid
X-Jimdo-Instance
X-Cloud-Trace-Context
X-Clacks-Overhead
Refresh
X-Loop
X-TNCMS
Real-Hostname
X-Acc-Exp
X-Cache-Config
Xkey
X-XN-XNHTML
X-XN-Trace-Token
X-DDC-Arch-Trace
Front-End-Https
X-Age
Fpc-Cache-Id
X-Microcachable
X-Url
X-N-OperationId
X-LiteSpeed-Cache-Control
Surrogate-Control
X-Generated-By
X-Cached
X-Hostname
PageSpeed
X-Px
X-DNS-Prefetch-Control
X-Tumblr-Pixel-5
Display
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
Surrogate-Key
X-WebKit-CSP
X-Pantheon-Environment
X-StackifyID
X-Pantheon-Phpreq
X-Topify-Platform
X-MiniProfiler-Ids
X-Pantheon-Site
X-Cached-By
X-Zen-Fury
X-SS-Location
X-SS-Conf
X-Content-Options
X-CMS-Version
Rt-Fastcgi-Cache
X-Outils-CS
TCN
X-HOST
X-Request-Time
X-PERF
X-ApacheServer
X-DynaTrace-JS-Agent
X-Whom
X-Handled-By
Edge-Control-Message
X-OneAgent-JS-Injection
X-Umbraco-Version
Product
X-DynaTrace
X-AspNetWebPages-Version
X-Amz-Version-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
Imagetoolbar
X-Ruxit-JS-Agent
X-Varnish-Cache-Hits
X-FORWARDED-FOR
Host
Alternate-Protocol
X-Cache-Rule
X-Tumblr-Pixel-6
X-Engine
X-Recruiting
X-Correlation-Id
X-NWS-LOG-UUID
X-Kinsta-Cache
X-Micro-Cache
WZWS-RAY
X-Powered-By-360WZB
ServedBy
Powered
DynaTrace
X-Magento-Tags
X-LBLID
X-Varnish-TTL
Fhost
X-Track
Generator
X-From
X-Msg-2-Log
X-CacheServer
P-WS
P-LB
X-Location-Id
X-URL
X-VARNISH-Cache
X-Edge-Location
X-Hosted-By
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-ApiCache
No
X-Vtex-Processado-Em
X-Vtex-Processed-At
X-Vtex-Remote-Cache
Dmn
X-Powered-By-VTEX-Janus-Edge
X-Upstream
X-Goog-Hash
Fastcgi-Cache
X-Actual-URL
X-B-Cache
X-Varnish-Host
X-Varnish-Backend
X-Passed-To-DLL
X-Original-Request
X-Returned-From
X-Passed-To
X-Returned-From-DLL
X-Instart-Request-ID
Akamai-IP
X-Cache-Age
Origin
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
X-URLSCHEME
X-Returned-From-BeforeDispatch
X-RESOURCE
X-Response-Time
X-I-Sp
X-BS
X-Fastcgi-Cache
X-LB
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Matrix-Server
X-Matrix-Proxy
X-App-Hosting
X-Developer
X-Stale
Expect-CT
X-Internal-ReqID
X-Application-Context
X-Source
X-UD-Method
X-TransIP-Balancer
X-Defender
Pool
X-Shop-Id
X-Cache-Info
X-S
Powered-By-ChinaCache
X-Varnish-Cacheable
X-Origin
X-NetCat-Version
Content-Hash
X-Device-Type
X-I
X-Version
X-Accel-Expires
X-Content-Encoded-By
X-Art-Request-Id
X-Platform
IBM-Web2-Location
X-Expires-Orig
X-Platform-Processor
X-Daa-Tunnel
X-VTEX-Cache-Status-Janus-Edge
HTTPS
X-Platform-Cluster
X-Platform-Router
X-Rocket-Nginx-Bypass
Cache-Tag
X-Server-ID
X-Powered-By-VelaWeb
X-Storage
X-Cache-Operation
X-Gamma-Serve
X-Revision
X-Cache-Debug
X-TransIP-Backend
X-Front
Version
X-Cache-Tags
X-Varnish-RemainingTTL
X-Varnish-Seen-By
X-Varnish-ObjectSource
X-Varnish-RemainingLife
X-Varnish-GracePeriod
Node
USPLoggingUUID
X-Firenze-Processing-Time
X-LB-Node
X-TTL
X-HS-Content-Campaign-Id
X-Microcache-Status
X-Translation
X-Varnish-HitMiss
X-Signature
X-Varnish-Count
X-Supported-By
X-EdgeConnect-Origin-MEX-Latency
X-Route-Server
X-Page-Cache
X-NoCache
Ohc-File-Size
MIME-Version
Last-Published
X-Dispatcher
X-Dispatch
Content-Disposition
X-EdgeConnect-MidMile-RTT
X-Cache-Key
X-Tec-Api-Root
X-Cache-Control-Orig
X-Akamai-Transformed
X-Tec-Api-Origin
X-Tec-Api-Version
X-Duration
X-Server-Upstream
X-Cache-Only-Varnish
X-Hypernode
SSPAppContext
X-Flow-Powered
X-Platform-Server
X-Akamai-Device-Characteristics
X-SV-CreatedAt
X-Abuse
ServerName
X-SV-FromDBCache
X-SV-Cacheable
X-SV-Edge
X-SV-CacheTags
X-SV-Nginx-Duration
X-SV-Duration
X-SV-Expires
X-SV-Pid
X-Varnish-Age
Page-Completion-Status
X-Cache-Lifetime
X-ATG-Version
X-Github-Request-Id
X-AOL-HN
Content-Encoding-Handler
ServerID
X-CJ-Soft
X-Director
Lsrequestid
X-SSL-Protocol
Srv
Cache-Key
X-ARC
Cneonction
FAI-W-FLOW
X-Magento-Cache-Debug
X-SSL-Cipher
X-Last-Modified
SN
X-F-Cache
X-Cookie-Domain
IM-Version
X-PwB-Node
X-Vcap-Request-Id
X-Debug
X-SE-Debug
X-Amz-Meta-S3cmd-Attrs
X-Geo-Country
X-Edge-IP
X-SDS
X-Country-Code
X-Content-Age
PICS-Label
Proxy-Connection
X-Grace
X-UPSTREAM
X-ServerID
S-Cnection
X-Nbs
X-Platform-Cache
X-Url-Base
Accept-Encoding
X-GeoIP-Country-Code
X-Akamai-Device-Model
X-Cache-Server
Allow
X-Sapient
X-Internal-UserID
X-Abgroup
X-ORACLE-DMS-ECID
X-Processing-Time
X-Speed-Cache-Key
X-Cache-Engine
X-Speed-Cache
X-Client-IP
Location
X-CDN-Node
X-Orig-Vary
Qs-Cache
X-GeoIP-Country-Name
X-CDN-Cache-Status
If-Modified-Since
X-Proxy
X-Time
A-Powered-By
X-Frontend
X-Shield-Request-Id
Cached
X-RequestId
NnCoection
AMF-Ver
Magicmarker
Backend
X-Middleware-Start
X-Lambda-Id
X-Real-Server
X-NB-Cached-Page
X-Browser
X-Varnish-Url
X-Cache-Expires
X-Server-Id
X-Processed-By
X-Varnish-Ttl
Section-Io-Id
Req-Id
X-BackendServer
CacheControlHeader
X-Sucuri-ID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
Cm-Server
X-Srv
X-NewRelic-App-Data
X-Always-Cache
SRV
WSR-Cache
Author
RTSS
Content-Transfer-Encoding
X-N
Accept-Charset
X-AF-Userserver
S
X-FW
MJ12bot
Server-Info
X-Nginx-Cache
Cteonnt-Length
X-VC-Enabled
X-VC-TTL
X-Sucuri-Cache
Retry-After
NetMindSessionID
SEOMOZ
Pv
X-IsCacheURL
X-Worker
X-EC-Security-Audit
X-Framework
Tracecode
X-Varnish-Hits
X-ID
Use-Proxy
Fw-Via
X-Ttl
X-Config-Blacklist-Version
X-Loopia-Node
MC
X-SRCache-Key
X-DealerOn
X-Id
X-Cache-Control
X-Discourse-Route
Cache
X-Purge-URL
X-Cache-Level
EagleEye-TraceId
Nodo
X-Varnish-IP
X-Pressidium-NinukisWP-Ver
X-PF-Uncompressing
HCVer
HAVer
X-BKSrc
X-Generated
X-Drectory-Script
Local-Info
X-Empowered-By
X-TB-M
X-Cache-Type
X-Dns-Prefetch-Control
X-Directory-Script
X-Magnolia-Registration
Server-Name
Buuteeq-Source
SVR
X-Correlation-ID
X-ACMCache
X-Yadis-Location
X-Served-Server
X-Varnish-Hostname
Thanks
X-WR-MODIFICATION
X-Cache-PageType
X-Amz-Storage-Class
Identity
X-Pagename
Cache-Provider
X-Hit-Cache
X-Cache-Fix
X-Litespeed-Cache
WWW-Authenticate
X-Cache-TTL-Remaining
X-Purge-Host
X-Healthy
Nitro-Cache
X-Environment
X-Trace
X-Route-To
X-Traffic
Xc-Version
X-Hiawatha-Cache
X-Vhost
X-JG-Page-Cache
X-Mobilized-By
X-Nginx-Host
X-OpenCart-Lightning
X-Cache-Doesi
SS
X-Powered-By-Server
X-Yottaa-Metrics
X-Adobe-Content
X-Adobe-Loc
Keywords
X-Cache-Handler
X-Drupal-Cache-Tags
X-Cocoon-Version
X-Yottaa-Optimizations
X-FireWall-Port
X-Transaction
X-LB-Server
X-Twitter-Response-Tags
X-Connection-Hash
X-Unique-ID
Ufe-Result
X-Sys-Req-ID
X-Session-ID
BALANCEDTO
X-Magento-Cache-Control
X-Unbounce-VisitorID
X-WR-Flags
X-Garden-Version
Frame-Options
Eomportal-Instance
X-Unbounce-PageId
X-Unbounce-Variant
X-Fastly-Request-Id
X-Server-Instance
X-ClientSide-Caching
X-Site-Name
X-Session-Reinit
X-Resolver-IP
X-SmugMug-Values
X-TTFB-L
X-TTFB
X-High-Performance
X-Balanceador
X-CF-Passed-Proto
X-Varnish-Retries
X-NginX-Cache
Description
Smug-CDN
X-Runtime-Rack
X-SmugMug-Hiring
X-Content-Security-Policy-Report-Only
HitType
X-Domain-Checked
X-App-Status
IISExport
X-Varnish-ID
X-CDN-Forward
X-LP
X-Provisioner-Version
X-HP-Trace-ID
X-Runtime-Memory
NODE
X-HP-Trace-Project
Front
X-Cache-Source
X-LW-Web-Server
Disablevcache
X-VARITI-CCR
X-Webcelerate
X-Cache-Device-Type
X-Location
X-Author
X-Debug-Token
X-Cache-Dispatchercachecontrol
X-Client-Image-Vid
X-EPiphany-Vid
X-Client-Vid
X-Cache-Dispatcherpragma
X-HOSTNAME
X-Cache-Node
X-Cache-Provider
X-CB-Server
X-Atraveo-Expires
X-Atraveo-ETag
X-Atraveo-Cache-Control
X-Amz-Meta-Cb-Modifiedtime
From-Origin
X-GeoIP
X-HW
X-Rack-Cors
X-Atraveo-Set-Cookie
Strikingly-Cached
Strikingly-Cached-Version
X-Highwire-RequestId
X-Highwire-SessionId
X-Distributor
X-SmartBan-Host
WN
X-Env
X-Atraveo-Zone
X-Atraveo-Param-Rm
X-Atraveo-From-Varnish-Cache
X-Atraveo-TTL
X-WN-ClientGroup
X-Atraveo-Varnish-Server-Id
X-Trace-Id
X-SmartBan-URL
X-NginX-Server
X-Source-ID
ServerSignature
NLCacheNote
Max-Age
X-App-Server
Beyond-Iis
ServerTokens
Content_type
X-OPNET-Transaction-Trace
X-Server-IP
X-RiS-UFDI
X-Mobile-URL
X-HydroSheep
X-CAPServer
X-PRAM
X-Blog
Dispatcher
X-Force
X-Varnish-Server
Web-App-Origin-Name
X-Symfony-Cache
X-ORACLE-DMS-RID
X-Disney-Akamai-Rule
X-HTML-Minification-Powered-By
X-DEBUG
X-Grid-Server
X-ARRServer
X-Nginx
X-Optimization
Cmstype
Cmsid
X-We-Are-Hiring
X-Generated-Time
X-WebKit-CSP-Report-Only
X-Key
X-App
Public-Key-Pins-Report-Only
Pics-Label
X-HITS
CLMOB
X-Jphone-Copyright
Ohc-Upstream-Trace
X-Machine
X-Config-By
SiteSpeed
X-Varnish-Debug-TTL
X-Varnish-Debug-Age
Access-Control-Allow-Method
X-Cache-CFC
X-Node-Name
X-Time-Microsecs
X-Runtime-Affili
XDomainRequestAllowed
X-Culture
X-Remote-Addr
X-HP-Redirect
X-Site
X-Cf-Powered-By
X-WP
Ttl
X-IIJ-Cache
X-Dynatrace-Js-Agent
AsisCache
MW-Webserver
X-Cache-Detail
Id
Set-Cookie2
Dis-Env
X-SDE-Name
X-ServerIndex
X-Client-Ip
X-Render-Time
Url
X-Smartcache-Timeout
X-Smartcache-Keys
X-Cache-Keep
X-AEM
X-App-Runtime
X-C2M-Runtime
OriginServer
X-Hosting-Env
X-C2M-Server
X-Wikidot-Static-Cache
X-Fedora-School-Id
WP-AdvCache-MemCached
ScoreTracker
Backend-Timing
X-Analytics
X-Resource
X-Wikidot-Backend
X-Resty-Request-Id
Bios
X-Esi
X-Captured
X-CacheResult
X-Ser
X-A
Machine
Og
X-Rq
X-Powered-By-Home.Pl
X-HA-Backend
X-Distil-CS
Myheader
X-Pageid
X-HA-Frontend
X-HashTwo
X-Ezoic-Cdn
ViewMode
TC-Cache-IC
X-Test
NtCoent-Length
X-Refresh
X-Amcomm-Site
TC-Cache
X-Magento-Action
TC-S-Cache-M
X-EC-Lua
Yoncu-Errno
X-Adnet
TC-S-Cache
X-Rewrite
SG
X-Bcwwwid
X-Cache-On
X-Desc
X-Rebelmouse-Surrogate-Control
X-Response
X-ASAP-Cache
Paypal-Debug-Id
X-Fpc
X-MAT-GEO
X-Server-Generated
X-Search-Id
N365rili
Content-Server
X-RDP
Sophnep-Edge-FX
TC-Cache-U
W
X-Rebelmouse-Cache-Control
Hname
Cluster-ID
Ibf5scheme
X-AutoRu-App-Id
DNNOutputCache
X-Page
X-Dw-Trace-Id
X-Proto
X-Autoru-LB
X-Autoru-Host
X-Viator-Tapersistentcookie
X-Clara-ASAP
X-GSL-Server
X-DTC
X-CRA-DC
X-E
X-Machine-Name
Nginx-Cache
X-SV
X-MidCOM-Meta-Cache
X-DataDome
Strikingly-Cache-Region
From
CP
X-Cdn-Forward
Traffic-Origin
Expect-Ct
RN-Server
X-Hstore
Ctx
X-This-Proto
X-PageType
X-Detected-Device
Xc
X-Data-Request
X-Lb
VANITY-HOST
X-Beresp-Ttl
X-Batcache
X-Cluster-Node
Fastly-Backend-Name
X-WA-Info
X-Req-Head-Response
X-UA
MS-CV
Ews
Resin-Trace
X-Map-Context
NS-VaryByCustom-Key
X-SERVER-NAME
Debug-Status
X-RAMCache
X-Info
X-RealServer
X-Atg-Version
X-APP
X-CACHE-KEY
X-SCM-Server-Number
X-Cache-Time
X-Hrouter
X-Server-Instance-Name
SINA-LB
X-Header
X-Frame-Option
X-Depends
Warning
SINA-TS
X-Sc-Cache
X-Artvisual-Server
SHInfo
Server-Id
DrivedBy
X-Webstats-RespID
X-Application
X-AWS
X-Layout
X-Avvio-Cms-Cacheload
X-Agent
X-Airee-Node
Response-Time
X-DB-Content-Length
X-Pagely-Cache
X-Actindo-RS
X-Obj.Ttl
PServer
X-Cluster
X-Webapp
COMMERCE-SERVER-SOFTWARE
X-ACCELERATE
X-W3TC-Minify
X-Vary-Options
X-Stage
X-ACLR-Version
X-OCTOPOD
X-Title
Actual-Object-TTL
X-Amz-Meta-Content-Md5
X-Frames-Options
X-Fstrz
X-Cache-Warmer
ClientIP
X-Plat
SBMCLOUD
X-Ghost-Cache-Status
Lb
Proxy-Cache
X-CDN-RULE
VServer
X-Unique-Id
X-CACHE-TTL
X-Backend-Status
X-Turpentine-Esi
X-MSEdge-Ref
X-Cms-Mode
X-SO
X-Dev
Worker
X-Cache-Action
F5-IpCliente
Webluker-Edge
Gzip
Hostname
X-M
Il-Cl
X-Apm-Telemetry-Syncmark
X-7d-Instance-Id
Server-Ip
Access-Control-Request-Headers
X-Amz-Id-1
X-Compressed-By
Mime-Version
X-7d-Trace-Id
X-B2f-Not-Route
RequestId
X-Svr
X-Phpwcms-Page-Processed-In
X-CDN-COMPRESS
X-Hosting
X-Phpwcms-Release
Home
X-V
X-MCB-Server
X-Cache-Via
X-Cacheable-TTL
X-Varnish-Cache-Local
PagesDisplayed
X-RPS
Device
X-RPM
X-ChromeLogger-Data
X-DB
X-Reflector-Cache
Web
X-Sid
X-Reflector
X-PBY
X-Tag-Playlist
X-DSS
X-RSL
X-DW
X-Varnish-URL
X-KoobooCMS-Version
X-Cache-Extended
SERVER-ID
X-Nginx-Request-Time
Ibm-Web2-Location
X-Drupal-Cache-Contexts
X-ENV
X-Varnish-Action
X-Cache-Id
X-PM-ID
X-ReqId
Provider
X-Cache-Varnish
X-Webkit-Csp
X-Ssl-Cipher
X-Middleton-PageSpeed
X-Does-He-Have-Time
X-Instance-Name
X-Meta-Imagetoolbar
X-Domino-CacheValidationWithETagReason
X-Content-Type-Option
X-Domino-CacheValidationWithETagResult
X-TTL-Age
X-Goog-Meta-Replace
X-Cache-TTL-Current
X-Goog-Meta-Policy
X-Meta-MSSmartTagsPreventParsing
X-Meta-MSThemeCompatible
X-Wm-1
Accept-Language
X-Real-IP
X-Wm-VIP
X-AMAZEEIO
X-Beatles
X-CCM
X-Cache-Set
X-Beatles-Hits
X-Server-Addr
X-Would-Your-GrandPa-Wait
X-Node-ID
X-RemovedCookies
X-XHR-Current-Location
X-ProcessESI
X-UnsetCookies
X-Hcom-Origin-Id
X-VLoc
Cache-Tags
X-Hcom-Styx-Info
X-Built-With
Httpd-Identifier
X-Forwarded-Host
X-FIRSTBase
X-Rocket-Nginx-Serving-Static
X-Your-GrandPa-Would-Wait
X-Cache-TTL-Age
GP-Remote-Addr
StatusCode
GP-Version
MSSmartTagsPreventParsing
MSThemeCompatible
X-WPL-DATA
X-Pixelsilk-Server
MageStack-Cache-Lifetime
MageStack-Cache-Hits
MageStack-Cache
X-Serv
MageStack-Cache-Status
MageStack-Cacheable
MageStack-Config
X-Sites
X-AG-MIPS
X-ASAP-Age
X-DS1D
MageStack-Area
X-Varnish-VCL
X-Generated-Date
X-Rewritten-By
X-ManagedFusion-Rewriter-Version
X-Nocache
X-Restarts
X-Enhanced-By
X-XHTML-Minification-Powered-By
X-Forwarded-By
X-4ormat-Cacheable
MageStack-Debug
X-Ezpublish-Nodeid
X-Ezpublish-Installationid
X-Nginx-Request-Processing-Time
Edgecast
X-DN-Cache-Control
X-EC2-Instance-Id
X-Cjtype
AGI-Request-ID
X-Flex-Evend
X-Gyrobase-Publication
MageStack-Web-Node
X-Proxy-Cache-Key
NZSpeedy
MageStack-Magento-Version
MageStack-Loadbalancer
Server-ID
MageStack-PageSpeed
Language
MwpReleaseVersion
MageStack-Tag
X-Src-Webcache
X-Pixelsilk-Version
Container
X-Secret
X-Router-Backend
X-Serendipity-InterfaceLang
X-Serendipity-InterfaceLangSource
X-Zendesk-Origin-Server
X-UseReverse-Proxy
X-Router
X-RiS-PX
Note
FastCGI-Cache-Status
Provided-Host
Server-Hostname
X-Provided-By
X-FreeTag-Count
X-Zendesk-User-Id
BackendServer
X-NewsFlow-Sitename
X-Len
X-Obj-Ttl
X-PBS-Appsvrip
X-PBS-Fwsrvname
X-PBS-Appsvrname
X-Catalyst
X-CacheID
SB-Cache-Remaining
SB-Cache-Life
SB-Site-Device
Session-Id
X-Cached-Status
X-Cache-FS-Status
AMFplus-Ver
X-VID
RSB-LINK
X-Made-On
X-Served
X-UPSTREAM-Address
ENV
X-Varnish-Auto-Cache-Miss
X-Cname-TryFiles
X-Deity
X-Flex-Lang
X-Flex-Evstart
X-Flex-Lastmod
X-Flex-Tag
X-Flex-Community
X-Flex-Tags
X-Varnish-Mode
Drupal-Pagecache-Memcache
X-Backend-TTL
Cleartype
X-Cms-Server
X-DI
X-NewCloud-V-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
Brightspot-Id
X-WHOIS-Cached
AR-PoweredBy
AR-SID
AR-CACHE
X-JSESSIONID
AR-ATIME
X-LBPoolMember
X-PHP-Response-Code
Content-Legth
X-MSU-SOURCE
X-DDM-SERVER-UPDATED
X-PoweredBy
X-SuperCache
X-VG-WebCache
X-Uncacheable
X-DDM-SERVER
X-Clx-Request
X-SH-Cache-Status
X-REDIRECTSERVER
X-Upgrade-Enabled
Cache-Ctrol
Requested-Host
Hamster
Content-Cache
Kanooh-Host
X-Server-FQDN
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-ServiceProvider
X-Streams-Distribution
X-Varnish-Instance
X-Time-Zone
X-HAProxy
X-FastCGI-Cache
UrlWatchModule-Time
Progma
X-AppServer-Cache-Rule
X-Country
X-ELB
X-Container
X-PG
Vserver
TP-L2-Cache
X-Box
TP-Cache
X-WebNode
VAR-Cache
X-Litespeed-Cache-Control
X-FF
X-Oracle-DMS-ECID
X-Srcache-Store-Status
X-Lima-Id
X-Srcache-Fetch-Status
X-CSRF-Token
HA-Ipaddr
NKBVHEADER
HA-Host
HA-Servedtime
HA-Urlpath
IES-Server
L5d-Success-Class
Load-Balancer
Redkiwi-Cloud
X-CGP
X-MCF-ID
X-Sn-Servicetimems
X-Cache-Why
X-Varnish-Cached
Cache-Status
X-Varnish-Esi-Method
X-B3-Traceid
X-Batcache-Reason
X-Cache-Origin
X-Group
X-B3-Spanid
HA-Geolat
X-DEBUG-TTL
X-Brought-To-You-By
X-DeliveryServer
X-Dynamic
X-Grow-Cache
X-Highwire-Sitecode
X-Bip
X-Highwire-Smart-Code
X-Obvious-Tid
X-Obvious-Info
X-SRV
X-VC-Debug
X-Magento-Lifetime
FindLaw
X-Grow-Guest
X-HASH
HA-Cloudapp
DB-Nickname
HA-Geocity
HA-Geocountry
HA-Geolon
X-Varnish-Cached-TTL
BlockPHPCallEnd
Apple-Itunes-App
X-Varnish-Currency
X-Turpentine-Cache
X-SilverStripe-Cache
X-Tt-Dbg
X-Varnish-Esi-Access
HA-Georegion
Proxy-Agent
X-IP
X-Content-Parsed-By
X-Pubstack
X-Request-Processing-Time
X-Request-Received
X-Built-By
X-Archive-Orig-Server
X-Archive-Orig-Connection
X-Archive-Guessed-Charset
X-Archive-Orig-Content-Length
X-Archive-Orig-Date
X-Archive-Orig-ETag
X-UUID
Www.Aujourdhui.Com
X-Hash
X-DSMX-Rewrite-MS
X-Lb-Server
X-Prerendered
X-Route
X-DSMX-Render-MS
X-Custom-Header
X-Max-Age
X-AppVersion
X-Varnish-Max-Age
CpuTime
TestCC
X-ACache
Server-Node
X-AISO-Server
X-AISO-Cacheable
X-Cache-V
X-ETag
X-Nginx-Page-Cache
X-AISO-Cache
WebServer
Origin-Content-Encoding
X-Varnish-Set-Cookie
X-Not-Cacheable
Session-From
Type
X-PvInfo
CD4
X-Vol-Correlation
X-Varnish-Grace
X-Vol-Mrp
DeleGate-Ver
Memento-Datetime
X-Requestid
X-RequesterIP
Debug-Cache-Control
Debug-Expires
LCache
Returned-Status
Accept-CH
VC-NoCache
X-NID
X-Name
X-Origin-Cache
LB
X-Reason-Bp
X-BC
PB-PID
X-Cachable
X-CH-Device
X-GRACE
X-Backend-Name
PB-RID
TheAnswer
X-UType
X-Xrds-Location
X-Cache-ID
Referer-Policy
X-LOCATION
X-Pass-Through
X-FORWARDED-PROTO
AC-ELC
X-COUNTRY-CODE
EagleEye-TraceId-Daily
INFO
Aurora-Node
Aoestatic
V-Age
X-Count
X-Skip-Cache
X-Gannett-Site-Version
X-Transaction-Name
Ina-Bwaf
X-TargSmaku
X-Scache
Developer
X-Protected-By
X-Geo-IP
ReqUrl
MachineName
X-Static
Copyright
X-BServer
X-Powered-Developer
X-BPool-Back
X-Pool-Info
MageStack-Response-Ttl
X-BPool
X-Rack-CORS
X-BPool-Bx-Cache
X-BPool-Fx-Cache
MageStack-Cache-Warning
Unique-Request-Id
MageStack-Cacheable-Reason
X-Origin-Server
X-NodeID
X-Front-Cache
X-Instance
X-IP-Address
X-No-Session
X-Tradeindia-Request-GUID
WFE
SB-Site-IE-VERSION
CommunityServer
X-FRUIT
Fw-Cache-Status
X-Status
RSL-Trace-ID
X-Tradeindia-SMgmt
X-W-Cache
X-Faeria
X-Dynamic-Cache
X-MainProfileCategory
X-MainProfileID
X-MainProfileName
X-NMT-Proxy
Tk
X-W-Cache-Hits
XDisk
Ez
Lookup-Cache-Hit
X-Netrix-ID
X-Cache-Me-Harder
X-Amz-Meta-Version-Id
Tempo
X-Cache-BE
X-Cache-HT
X-Cache-LB
GranicusServer
X-Varnish-Debug-Hits
X-NO-BREACH
X-Varnish-Store
X-Ss-Conf
X-Ss-Location
XX
X-Csrf-Token
X-Debug-Message
IsMobile
Application
Prototype-RootPath
X-Accel-Cache-Control
X-App-Version
X-SCProxy
EQ-Cache
X-Imforza-Hosted
X-Ocache
X-Pj-Cache-Status
X-Processed
X-MainProfileURL