Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Date
Content-Type
Server
Set-Cookie
Connection
Cache-Control
Vary
X-Powered-By
Expires
Content-Length
Link
Last-Modified
Pragma
Accept-Ranges
ETag
X-Content-Type-Options
X-XSS-Protection
X-Frame-Options
Strict-Transport-Security
CF-RAY
Age
X-Cache
P3P
Expect-CT
Content-Language
X-AspNet-Version
X-Pingback
Upgrade
Via
X-UA-Compatible
Access-Control-Allow-Origin
Content-Security-Policy
X-Varnish
X-Cacheable
X-FRAME-OPTIONS
Referrer-Policy
X-Adblock-Key
X-Request-Id
X-Check
X-Generator
X-Language
X-Template
X-Buckets
X-Drupal-Cache
Alt-Svc
X-Type
WPE-Backend
X-Cache-Group
X-Pass-Why
X-Permitted-Cross-Domain-Policies
X-Download-Options
X-Ac
X-Hacker
X-Cache-Hits
X-AspNetMvc-Version
Host-Header
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-PodId-Cached
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
X-Sorting-Hat-FeatureSet
X-Alternate-Cache-Key
X-Dc
X-Xss-Protection
X-Served-By
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Powered-By-Plesk
X-Runtime
X-Via
MS-Author-Via
X-Amz-Cf-Id
Access-Control-Allow-Headers
X-IPLB-Instance
X-Powered-CMS
X-Contextid
Access-Control-Allow-Methods
Content-Location
X-UA-Device
X-Timer
P3p
X-ServedBy
Status
X-PC-AppVer
X-PC-Hit
X-PC-Key
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Cartoon
X-PC-Host
X-PC-Date
CF-Cache-Status
X-Iinfo
Access-Control-Allow-Credentials
X-Rid
Powered-By
X-Cache-Status
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-WPE-Loopback-Upstream-Addr
X-Mod-Pagespeed
X-Backend
Content-Encoding
X-Wix-Request-Id
X-Seen-By
X-CST
X-Tumblr-Pixel-1
X-Ua-Compatible
X-Endurance-Cache-Level
X-Cache-Enabled
X-Logged-In
X-Tumblr-Pixel-2
X-Drupal-Dynamic-Cache
X-Host
X-Cache-Hit
X-Server
X-Port
X-CDN
X-DIS-Request-ID
X-Server-Powered-By
Keep-Alive
X-Accel-Version
X-Nginx-Cache-Status
X-Robots-Tag
X-Request-ID
X-Turbo-Charged-By
X-Proxy-Cache
X-LiteSpeed-Cache
X-Tumblr-Pixel-3
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
Content-Security-Policy-Report-Only
X-Content-Digest
X-Page-Speed
X-Content-Powered-By
X-AH-Environment
Request-Context
X-Rack-Cache
X-GitHub-Request-Id
X-FW-Hash
X-Pad
X-FW-Server
X-Varnish-Cache
X-FW-Serve
X-FW-Static
Access-Control-Expose-Headers
X-FW-Type
SPRequestGuid
X-MS-InvokeApp
X-SharePointHealthScore
X-Request-Country
X-Hits
X-XRDS-Location
MicrosoftSharePointTeamServices
X-Content-Security-Policy
Edge-Control
X-Newrelic-App-Data
X-Node
Timing-Allow-Origin
X-BC-Stapler
X-Webcom-Cache-Status
X-Amz-Request-Id
Cf-Railgun
X-Amz-Id-2
X-Trace
X-HS-Cache-Config
Edge-Cache-Tag
Request-Id
X-HS-Content-Id
WP-Super-Cache
X-Tumblr-Pixel-4
Charset
X-CF-Powered-By
X-FullPageCaching
X-INKT-SITE
X-INKT-URI
X-PHP-Backend
X-Cache-Lookup
X-HOST
SPIisLatency
Access-Control-Max-Age
SPRequestDuration
X-Backend-Server
X-Fastly-Request-ID
X-Swift-CacheTime
X-Swift-SaveTime
X-Servedby
Ali-Swift-Global-Savetime
X-HS-Combine-CSS
X-Cnection
EagleId
X-Edge-Cache
X-Edge-Cache-Key
Composed-By
Grace
MicrosoftOfficeWebServer
X-SS-Location
X-SS-Conf
X-CDN-Pop-IP
X-CDN-Pop
Served-By
X-Safe-Firewall
X-Device
X-Spip-Cache
Liferay-Portal
X-Hyper-Cache
X-SERVER
X-Pc-Appver
X-RateLimit-Limit
X-Pc-Hit
X-Pc-Key
X-RateLimit-Remaining
Surrogate-Control
Front-End-Https
X-Dw-Request-Base-Id
X-VCache
X-Server-Name
X-DDC-Arch-Trace
X-Pc-Date
X-LiteSpeed-Cache-Control
X-Pc-Host
X-RateLimit-Reset
X-DNS-Prefetch-Control
Rating
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-FB-Debug
X-Died
X-HeyJason
X-Jimdo-Wid
X-Jimdo-Instance
X-Firenze-Processing-Times
X-Loop
X-Cloud-Trace-Context
X-TNCMS
X-Original-Date
X-OneAgent-JS-Injection
X-Tumblr-Pixel-5
Feature-Policy
X-Vtex-Processado-Em
X-Debug-Info
X-Cluster-Node
Content-Style-Type
Display
X-Middleton-Display
X-NF-Request-ID
X-Sol
X-ServerName
X-Clacks-Overhead
X-Kinsta-Cache
Content-Script-Type
X-WebKit-CSP
X-StackifyID
X-Tumblr-Content-Rating
P-WS
P-LB
Response
X-Middleton-Response
Xkey
X-Acc-Exp
Public-Key-Pins
X-Age
X-Ruxit-JS-Agent
X-Frame-Option
X-XN-Trace-Token
X-XN-XNHTML
Refresh
X-Edge-Location
X-DynaTrace-JS-Agent
X-Magento-Tags
X-Px
X-User-Agent
PageSpeed
Fpc-Cache-Id
X-N-OperationId
X-Cdn
X-Amz-Version-Id
X-FORWARDED-FOR
X-Hostname
X-Cache-Config
X-LW-Cache
WPX
X-Goog-Hash
X-Zen-Fury
X-Handled-By
X-Cached
X-Webserver
X-ARC
X-Tumblr-Pixel-6
X-Generated-By
X-Source
X-Outils-CS
X-MiniProfiler-Ids
X-Topify-Platform
Rt-Fastcgi-Cache
Retry-After
X-Loopia-Node
X-Platform-Server
X-B-Cache
Imagetoolbar
Dmn
Powered
TCN
X-URL
X-VTEX-Janus-Router-Backend-App
X-Vtex-Processed-At
X-VTEX-Cache-Status-Janus-ApiCache
X-Vtex-Remote-Cache
X-CacheServer
Fastcgi-Cache
Access-Control-Request-Method
X-Platform-Router
X-LBLID
X-Platform-Processor
ServedBy
X-Platform-Cluster
X-From
X-Powered-By-VTEX-Janus-ApiCache
No
X-CMS-Version
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Url
X-Magento-Cache-Debug
X-Request-Time
X-Accel-Expires
X-PhApp
X-EdgeConnect-Origin-MEX-Latency
X-ET-API-ORIGIN
X-Engine
X-Cached-By
X-URLSCHEME
X-DynaTrace
X-ET-API-ROOT
X-ET-API-VERSION
X-Msg-2-Log
X-EdgeConnect-MidMile-RTT
X-Cache-Key
Cache-Provider
X-Actual-URL
Fhost
X-Version
Pagespeed
X-Response-Time
X-Dispatcher
X-Location-Id
X-Original-Request
X-AspNetWebPages-Version
Host
X-Passed-To-BeforeDispatch
X-Upstream
X-Passed-To-DLL
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Cache-Info
X-Passed-To-PostProcessResponse
X-Application-Context
X-Returned-From
X-Passed-To
Public-Key-Pins-Report-Only
X-Varnish-HitMiss
X-Varnish-Count
X-RESOURCE
Alternate-Protocol
X-Stale
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Ezoic-Cdn
X-Varnish-Cache-Hits
X-Cache-Rule
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dealeron-Original-Url
X-DealerOn
X-Signature
X-Cache-Tags
X-Dealeron-Backend
Arr-Disable-Session-Affinity
X-NWS-LOG-UUID
X-HS-Content-Campaign-Id
X-S
X-Varnish-TTL
X-Server-ID
X-Platform-Cache
Origin
X-Content-Options
X-Acquia-Application-UUID
X-Developer
Last-Published
X-Acquia-Application-Trace
X-F-Cache
X-Art-Request-Id
X-Sapient
X-Platform
Warning
X-Rnd
X-Hosted-By
X-Varnish-Host
X-Cache-Age
DynaTrace
X-Microcachable
X-Whom
X-Shop-Id
X-Director
X-Defender
X-Magento-Cache-Control
X-Umbraco-Version
Powered-By-ChinaCache
X-Device-Type
X-Guploader-Uploadid
Product
X-I
X-Via-JSL
X-SO
X-I-Sp
X-Powered-By-360WZB
X-BS
X-Correlation-ID
Generator
X-Environment
X-Fastcgi-Cache
Version
X-Supported-By
X-Instart-Request-ID
X-Route-Server
S-Cnection
Server-Timing
X-Cache-2
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Esi
X-Forwarded-For
X-Gamma-Serve
X-Varnish-RemainingTTL
X-Varnish-Seen-By
X-Varnish-RemainingLife
X-Varnish-ObjectSource
Content-Disposition
X-Varnish-GracePeriod
X-Gateway-Cache-Key
X-Akam-SW-Version
X-App-Status
Akamai-IP
X-Translation
X-Vcap-Request-Id
Cache-Key
X-Cache-Debug
X-Helper-Autoassign-All
X-Microcache-Status
WZWS-RAY
X-Cache-Namespace
X-Micro-Cache
X-Cache-IO
X-Client-IP
Surrogate-Key
Content-Hash
X-Cache-TTL
X-Powered-By-VelaWeb
SN
X-NetCat-Version
X-VARITI-CCR
Service-Worker-Allowed
X-Lambda-Id
SSPAppContext
X-Cache-Server
CF-Worker-Version
X-Cache-Lifetime
X-Debug
Wsr-Cache
X-Dns-Prefetch-Control
X-TransIP-Balancer
X-Hypernode
X-Abgroup
X-Cache-Type
X-Geo-Country
X-TransIP-Backend
USPLoggingUUID
X-ApacheServer
X-PERF
X-Sucuri-ID
X-Nginx-Cache
Cneonction
X-Server-Upstream
X-Track
X-Cache-Operation
X-SSL-Protocol
X-SSL-Cipher
Edge-Control-Message
X-Edge-IP
Https
X-Nf-Srv-Version
X-ORACLE-DMS-ECID
X-Vhost
X-Drupal-Cache-Tags
X-Expires-Orig
X-CSRF-Protection
Srv
X-ORACLE-DMS-RID
X-Correlation-Id
RTSS
X-Amz-Meta-S3cmd-Attrs
X-Now-Id
X-App-Hosting
X-ATG-Version
Author
X-TTL
X-Sucuri-Cache
X-Last-Modified
X-Varnish-Age
Page-Completion-Status
X-SDS
X-Drupal-Cache-Contexts
X-Matrix-Proxy
X-Matrix-Server
X-Hostinger-Datacenter
X-Hostinger-Node
Nodo
X-SRV
X-Forwarded-Proto
X-Duration
X-Rocket-Nginx-Serving-Static
X-Cache-Control-Orig
MIME-Version
X-Firenze-Processing-Time
NnCoection
X-Server-Id
X-GUploader-UploadID
Strikingly-Cached
Strikingly-Cache-Region
Section-Io-Id
Strikingly-Cached-Version
X-HW
AMF-Ver
X-Daa-Tunnel
X-Cache-Level
X-SV-Pid
X-SV-Nginx-Duration
X-SV-FromDBCache
FAI-W-FLOW
X-Flow-Powered
X-LB
ServerName
X-SV-Edge
X-SV-Duration
X-SV-CreatedAt
Contao-Page-Layout
X-Rq
X-V
X-ID
X-Cache-Engine
X-N
Cache-Tags
X-SV-Cacheable
X-SV-CacheTags
X-Locale
X-Front
Lsrequestid
X-Ttl
X-Powered-By-VTEX-Janus-Edge
X-Cache-Device-Type
X-SV-Expires
X-FTR-Request-ID
X-FW
X-Pressidium-NinukisWP-Ver
X-Rocket-Nginx-Bypass
X-Varnish-IP
X-Varnish-Cacheable
Content-MD5
Src-Update
X-Akamai-Device-Model
Update-Time
PICS-Label
X-Akamai-Device-Characteristics
X-IsCacheURL
X-Storage
Cache
Proxy-Connection
X-Env
X-PwB-Node
X-Dynamic-Cache
X-Empowered-By
X-SSLProxy
X-SSLUpstream
X-Time
X-Url-Base
X-Recruiting
X-Generated
W
X-NoCache
Server-Name
Location
S
X-TTFB-L
Local-Info
X-TTFB
Dtk-Cache-Check-0
X-TransIP-Reserved
Server-Info
X-Grace
X-Page-Cache
Smug-CDN
X-SmugMug-Hiring
X-SmugMug-Values
X-Revision
X-UPSTREAM
X-ACMCache
X-Content-Type-Option
Pool
X-Content-Age
Frame-Options
X-Cache-TTL-Remaining
X-Trace-Id
X-Real-Server
X-CJ-Soft
X-CacheFROM
X-Disney-Akamai-Rule
If-Modified-Since
X-CACHE-TTL
Content-Transfer-Encoding
X-Middleware-Start
X-Cache-PageType
X-PF-Uncompressing
Accept-Charset
X-Varnish-Url
AC-ELC
Accept-CH
Pv
X-Adobe-Loc
X-Content-Security-Policy-Report-Only
X-Cache-Fix
X-Speed-Cache-Key
X-Adobe-Content
X-Country-Code
X-Speed-Cache
ServerID
Lb
Content_type
X-Litespeed-Cache-Control
X-Id
X-Framework
X-SRCache-Key
Pf.Web.Request.Id
X-Now-Cache
Cached
X-WR-Flags
X-Cache-Expires
Content-Encoding-Handler
Front
X-Nginx-Dummy
HAVer
Node
Ohc-File-Size
X-Proxy
X-Dispatch
Tracecode
Identity
Ufe-Result
HCVer
CDN-Cache
Req-Id
X-Orig-Vary
EagleEye-TraceId
X-NginX-Cache
X-Redman-Backend
X-LP
X-Processing-Time
X-CB-Server
X-BackendServer
X-Redman-Final-Url
MJ12bot
Qs-Cache
Url
X-Cache-Only-Varnish
X-Drectory-Script
X-Cache-Control
Adm-Server
X-Frontend
X-Remote-Addr
X-BKSrc
X-Pagename
X-Hit-Cache
X-SERVER-NAME
SHInfo
SEOMOZ
X-Magnolia-Registration
X-Config-Blacklist-Version
X-Avg-Cookie-Expires
X-Akamai-Edgescape
X-Varnish-Retries
X-Balanceador
X-CF-Passed-Proto
X-High-Performance
X-Service-Id
X-AVG-Country-Code
X-Atraveo-Expires
X-Atraveo-From-Varnish-Cache
X-Atraveo-Param-Rm
X-Atraveo-ETag
X-Atraveo-Cache-Control
X-Source-ID
X-Atraveo-Set-Cookie
X-Atraveo-TTL
X-PRAM
X-Request-Uri
X-Force
X-Atraveo-Zone
X-Atraveo-Varnish-Server-Id
CacheControlHeader
X-Forwarded-Host
X-Hstore
VServer
X-Cache-Dispatchercachecontrol
X-Hrouter
X-FastCGI-Cache
X-Amzn-RequestId
X-Amzn-Trace-Id
X-Discourse-Route
X-Cache-Dispatcherpragma
X-Cookie-Domain
X-Varnish-Debug-TTL
X-Varnish-Debug-Age
X-HTML-Minification-Powered-By
X-Hiawatha-Cache
X-Amz-Storage-Class
X-GeoIP-Country-Code
X-GeoIP-Country-Name
Eomportal-Instance
X-Amz-Apigw-Id
X-Symfony-Cache
X-Origin-Date
X-Sedo-Request-Id
,
X-Origin
X-FIRSTBase
X-Cache-Miss-From
X-Content-Encoded-By
X-Distributor
CDN-CachedAt
CDN-PullZone
X-HeBS-Cache-Status
X-RealServer
X-Consent-Required
X-LB-Server
X-Browser
CDN-RequestId
CDN-Uid
Drupal-Pagecache-Memcache
From-Origin
X-A
X-HydroSheep
X-AEM
Pics-Label
X-CAPServer
X-Resource
X-SVR-IIS
X-FORWARDED-PROTO
X-Svr-Proxy
X-ServerID
X-Origin-Name
X-Envoy-Upstream-Service-Time
Edit
SRV
X-Cf-Powered-By
X-Stage
X-TB-M
Nitro-Cache
X-Webstats-RespID
X-Key
X-Span
X-LW-Web-Server
X-Smartcache-Timeout
X-Smartcache-Keys
Backend
X-Analytics
X-Yottaa-Metrics
X-WP
X-JG-Page-Cache
X-SP-UniqueName
X-Worker
X-Unique-Id
X-Garden-Version
Request-Country
Serverid
X-Directory-Script
X-Yottaa-Optimizations
Report-To
Upgrade-Insecure-Requests
X-Distil-CS
X-GeoIP
X-Role
Backend-Timing
X-Plat
RN-Server
X-SP-Farm
Machine
Use-Proxy
Swift-Performance
Request-EU
X-UD-METHOD
X-App-Server
X-AOL-HN
X-Cache-Varnish
X-Server-Addr
X-Webkit-CSP
X-Scheme
X-Debug-Token
X-Adnet
X-Server-IP
AR-SID
X-RiS-UFDI
AR-PoweredBy
X-Instance-Id
X-Wikidot-Backend
X-Varnish-Ttl
From
X-DataDome
X-Wikidot-Static-Cache
X-Cache-Var
X-Cache-Var-Map
X-SAPP
X-Akamai-ERRuleID
X-Actindo-Request-Id
X-Actindo-Thread-Id
X-Amz-Meta-S3b-Last-Modified
Filters
X-Streams-Distribution
X-Ms-Request-Id
X-ARRServer
X-Actindo-Rs
Xc-Version
Environment
X-MSU-SOURCE
X-Oracle-Dms-Ecid
X-ACCELERATE
X-FireWall-Port
X-Desc
X-Akamai-Transformed
X-IP
X-Rebelmouse-Cache-Control
X-FPC
X-Proxy-Skip
Server-ID
X-7d-Instance-Id
X-7d-Trace-Id
Disablevcache
Ohc-Response-Time
X-4ormat-Cacheable
Resin-Trace
X-Clx-Request
X-AF-Userserver
X-Nx
X-Amzn-Remapped-Content-Length
ScoreTracker
AR-CACHE
X-WPL-DATA
Paypal-Debug-Id
X-NginX-Server
RequestId
Edgecast
AR-ATIME
Access-Control-Allow-Header
HitType
Locale
X-Nx-All
HitInfo
FRONT-END-SECUREBROWSER
IBM-Web2-Location
AMP-Redirect-To
VANITY-HOST
X-Akamai-ERPolicy
AETN-State-Code
AKA-DEVICE
*
AETN-Postal-Code
AETN-Longitude
AETN-DEVICE
AETN-EU
AETN-Latitude
X-Via-S
X-Fstrz
X-Soro
X-Client-Vid
X-Client-Image-Vid
X-Cocoon-Version
X-EPiphany-Vid
X-Storage-Cache-Expires
X-Storage-Cache-Date
X-Storage-Cache
AETN-Country-Name
AETN-Country-Code
X-Client-Id
X-IIJ-Cache
X-Highwire-SessionId
X-Resolver-IP
X-PHP-Response-Code
X-Response
X-SmartBan-Host
X-SmartBan-URL
X-Highwire-RequestId
X-GeoIP-Country
AETN-Area-Code
AETN-City
AETN-Continent-Code
Access-Control-Request-Headers
Access-Control-Allow-Method
X-UA-Bot
X-Varnish-Action
X-CRA-DC
MW-Webserver
X-Cacheable-TTL
F5-IpCliente
X-Protected-By
Gzip
Accept-Language
ClientIP
Accept-Encoding
NetMindSessionID
Prama
MC
VSID
SVR
Fastly-Restarts
Fastly-Backend-Name
Aurora-Node
N365rili
ViewMode
Srv-Name
IISExport
X-Connection-Hash
XX
X-Cache-On
X-Proxy-Cache-Control
X-Autoru-Host
X-Hit
X-GSL-Server
X-Depends
X-E
X-Varnish-Hostname
X-WebKit-CSP-Report-Only
X-NginX-Upstream
X-Backend-Status
X-VCS-Cacheable
X-Transaction
X-Twitter-Response-Tags
X-Autoru-App-Id
X-VCS-Ttl
AsisCache
X-Unique-ID
X-Via-NSCOPI
X-Reflector-Cache
X-Reflector
X-HostName
X-Rack-Cors
X-RequestId
Server-Ip
X-Oracle-DMS-ECID
X-Hosting-Env
X-Cache-Ttl
AMP-Access-Control-Allow-Source-Origin
X-WEBMGR-CACHE
PagesDisplayed
Cteonnt-Length
TYPO3-Pid
TYPO3-Sitename
X-SDE-Name
X-Session-ID
X-Cdn-Forward
X-Mobilized-By
X-Proto
X-Amz-Rid
X-RENDER-TIME
X-ReqId
X-PROCESSED-BY
X-UUID
Cmsid
Provider
Cf-Ipcountry
DNNOutputCache
Cmstype
X-Clara-ASAP
X-HTTPS-Cipher
X-HTTPS-Protocol
X-Goog-Meta-Replace
X-LAKANA-AB
X-Generated-Time
X-Info
X-Debounce
X-Goog-Meta-Policy
X-Instance
X-NWS-UUID-VERIFY
Cm-Server
MachineName
CD5
Actual-Object-TTL
Yoncu-Errno
A-Powered-By
NZSpeedy
Origin-Cache-Control
Returned-Status
SB-Cache-Life
SB-Site-Device
SB-Site-IE-VERSION
Origin-Edge-Control
Page-Template
X-VC-Cache
X-Varnish-Grace
X-Cache-Time
X-Purge-URL
X-Purge-Host
SB-Cache-Remaining
X-Instance-Name
X-Nginx-Page-Cache
X-Cache-Doesi
X-ASAP-Cache
X-TNCMS-Bot-Tier
X-Machine
X-Runtime-Memory
X-Route
X-ASAP-Age
X-Cache-Via
X-Origin-Server
X-Pantheon-Site
X-Pantheon-Phpreq
X-Pantheon-Environment
X-Pantheon-Az
X-Ruxit-Js-Agent
X-Secret
X-Upstream-Backend
X-Title
X-Serverid
X-Nginx-Host
X-Layout
X-VHOST
X-VC-TTL
X-VC-Enabled
X-Who
Custom-Header
X-Gannett-Site-Version
X-Airee-Node
Surrogate-Key-Raw
X-Upstream-Status
X-Varnish-Cache-Ttl
X-PressLabs-Stats
X-PM-ID
X-Map-Context
X-Flex-Tags
X-Req-Head-Response
X-Rule
X-UnsetCookies
X-Src-Webcache
X-Search-Id
X-Flex-Tag
X-Flex-Lastmod
NEL
Beyond-Iis
X-Yadis-Location
X-Flex-Community
X-Ghost-Cache-Status
X-Flex-Lang
X-Flex-Evstart
X-Flex-Evend
X-Ssl-Cipher
X-SCM-Server-Number
Bios
X-Zendesk-User-Id
X-Zendesk-Origin-Server
X-User-Agent-Tier
DeleGate-Ver
Disp
NLCacheNote
Memento-Datetime
Magicmarker
X-Timestamp
X-Svr
X-ProcessESI
X-Page-Cacheable
X-NodeID
X-Redir-Url
X-RemovedCookies
X-Status
X-Server-Generated
X-Serv
X-AMAZEEIO
X-Archive-Guessed-Charset
X-Built-By
X-Beluga-Trace
X-Beluga-Status
X-Highwire-Sitecode
X-Highwire-Smart-Code
X-Proxy-Cache-Key
X-PBY
X-Ms-Version
X-Beluga-Response-Time-X
X-Beluga-Response-Time
X-Archive-Orig-Date
X-Archive-Orig-Content-Type
X-Archive-Orig-Connection
X-Archive-Orig-Last-Modified
X-Archive-Orig-Server
X-Beluga-Record
X-Beluga-Node
X-Beluga-Cache-Status
X-Nginx-Request-Processing-Time
X-Geo-IP
X-Container
X-Cache-Handler
X-Cache-CFC
Web-Server
X-Dw-Trace-Id
X-Varnish-Backend
SERVER-NAME
Max-Age
X-VC-Cacheable
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Provisioner-Version
X-PBS-Fwsrvname
X-PBS-Appsvrname
X-Static
X-UPSTREAM-Address
Cache-Cookie-Set-From
X-WebNode
X-Varnish-Hits
TP-Cache
TP-L2-Cache
X-Compress-Hint
X-Cache-Extended
X-Cache-Action
X-Box
X-ENV
X-Geo
X-SilverStripe-Cache
X-Sid
X-Lb
D
X-Upgrade-Enabled
X-Cluster
X-Agent
WP-AdvCache-MemCached
X-Compressed-By
X-MAT-GEO
X-Sys-Req-ID
X-Skip-Cache
X-Nbs
X-PBS-Appsvrip
X-MyName
X-RAMCache
X-Processed-By
X-LB-Node
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-Req-Counter
X-RiS-PX
X-Webcelerate
X-Srv
X-Ser
X-CACHE-KEY
X-Amz-Id-1
Origin-Vm
CommunityServer
Amfplus-Ver
Provided-Host
Section-Io-Origin-Status
WWW-Authenticate
SWS-Security
Section-Io-Origin-Time-Seconds
X-XHR-Current-Location
XDomainRequestAllowed
X-Catalyst
X-CacheID
X-Cache-FS-Status
X-Blog
X-Dispatcher-Number
X-Domain-Checked
X-Middleton-Pagespeed
X-MCB-Server
X-DynamicCache
X-Avvio-Cms-Cacheload
VC-NoCache
NB-Cache
Hummingbird-Cache
Dis-Env
Nginx-Cache
NODE
Session-Id
ProxiaInstanceId
Pramga
Cache-Ctrol
Content
X-Cms
X-Cdn-Origin
X-Captured
X-Cache-Date
X-DevSrv-CMS
X-EC2-Instance-Id
X-MCF-ID
X-Jcms-Ajax-Id
X-Fpc
X-Built-With
X-Bcwwwid
ModuleCacheType
Load-Balancer
Keywords
Og
Request-Time
X-Batcache-Reason
X-Batcache
X-B3-Sampled
X-Nitro-Cache
X-Page
ServerTokens
ServerSignature
NtCoent-Length
IM-Version
StatusCode
Verto-Server
X-Cache-TTL-Age
X-Cache-Me-Harder
X-Amz-Meta-Content-Md5
Id
Httpd-Identifier
X-UPServer
X-Sn-Servicetimems
X-Refresh
X-Varnish-Cached
X-Varnish-Cached-TTL
DrivedBy
Debug-Status
Arrnode
IES-Server
GD-Server
X-AppServer-Status
X-AppServer-Cache-Rule
X-AppServer-Cache-Exception
X-App-Runtime
X-Bip
X-ClientSide-Caching
X-Location
X-DDM-SERVER-UPDATED
X-DDM-SERVER
Webserver
UrlWatchModule-Time
Firespring-Website-Id
FindLaw
Copyright
Nd
Requested-Host
Thanks
SS
SBSS
X-M-Log
X-M-Reqid
X-VG-WebCache
X-Time-Microsecs
X-SuperCache
Xc
Backend-Powered-By
Description
DB-Nickname
Content-Sn
X-SSLTerm-Server
X-SID
X-Qnm-Cache
X-Proxy-Id
X-Policy
X-Rocket-Nginx-File
X-Rocket-Nginx-Reason
X-Session-Reinit
X-SE-Debug
X-Runtime-Affili
X-Cache-TTL-Current