Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Date
Content-Type
Set-Cookie
Server
Connection
Cache-Control
Vary
X-Powered-By
Expires
Content-Length
Link
Last-Modified
Pragma
Accept-Ranges
ETag
X-Content-Type-Options
X-Frame-Options
Strict-Transport-Security
CF-RAY
X-XSS-Protection
Age
X-Cache
Expect-CT
Content-Language
P3P
X-AspNet-Version
X-Pingback
X-UA-Compatible
Via
Upgrade
X-Xss-Protection
Access-Control-Allow-Origin
Content-Security-Policy
X-Cacheable
X-Adblock-Key
Referrer-Policy
X-Varnish
X-Request-Id
X-Check
X-Generator
X-Language
X-Template
X-Buckets
X-Type
X-Cache-Group
X-Pass-Why
X-Drupal-Cache
WPE-Backend
X-Permitted-Cross-Domain-Policies
X-Download-Options
Alt-Svc
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Ac
X-Hacker
Host-Header
X-Cache-Hits
X-AspNetMvc-Version
X-Dc
X-Sorting-Hat-Section
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-ShopId
X-Sorting-Hat-PrivacyLevel
P3p
X-Via
X-Runtime
X-Powered-By-Plesk
X-Served-By
X-Contextid
X-PC-Hit
X-PC-Key
X-UA-Device
X-ServedBy
X-Amz-Cf-Id
X-PC-AppVer
MS-Author-Via
X-PC-Date
X-PC-Host
Content-Location
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Powered-CMS
X-IPLB-Instance
X-Timer
X-Rid
X-Seen-By
X-Wix-Request-Id
Status
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Tumblr-Pixel-1
Cartoon
CF-Cache-Status
X-Tumblr-Pixel-2
X-Iinfo
Access-Control-Allow-Credentials
X-Backend
X-WPE-Loopback-Upstream-Addr
X-Cache-Status
X-CST
X-Host
Powered-By
Content-Encoding
X-Ua-Compatible
X-Endurance-Cache-Level
X-NewRelic-App-Data
X-Mod-Pagespeed
X-FRAME-OPTIONS
X-Cache-Hit
X-Cache-Enabled
X-Port
X-CDN
X-Tumblr-Pixel-3
X-Newrelic-App-Data
X-Logged-In
Keep-Alive
X-Server-Powered-By
X-DIS-Request-ID
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Robots-Tag
X-Server
X-Accel-Version
X-Request-ID
X-Proxy-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Turbo-Charged-By
X-Page-Speed
X-Content-Powered-By
X-Content-Digest
X-LiteSpeed-Cache
Content-Security-Policy-Report-Only
X-GitHub-Request-Id
X-Tumblr-Pixel-4
X-Rack-Cache
X-AH-Environment
X-FW-Hash
X-FW-Server
X-Pad
X-FW-Type
X-FW-Static
X-FW-Serve
Request-Context
X-ASPNET-VERSION
X-Varnish-Cache
Edge-Control
X-Hits
X-Webcom-Cache-Status
X-XRDS-Location
X-Request-Country
X-Node
X-Trace
X-BC-Stapler
SPRequestGuid
Access-Control-Expose-Headers
X-SharePointHealthScore
X-MS-InvokeApp
X-SERVER
Edge-Cache-Tag
MicrosoftSharePointTeamServices
Cf-Railgun
X-HS-Cache-Config
WP-Super-Cache
X-HS-Content-Id
X-CF-Powered-By
X-HS-Combine-CSS
Timing-Allow-Origin
X-Amz-Id-2
X-Amz-Request-Id
Charset
X-Content-Security-Policy
X-FullPageCaching
X-Died
X-Webserver
X-PHP-Backend
X-Cache-Lookup
X-INKT-SITE
X-INKT-URI
X-PhApp
X-Cnection
X-Fastly-Request-ID
Request-Id
Access-Control-Max-Age
X-Backend-Server
SPIisLatency
SPRequestDuration
X-Edge-Cache-Key
X-Edge-Cache
Server-Timing
MicrosoftOfficeWebServer
EagleId
CONTENT-SECURITY-POLICY
Composed-By
X-Swift-SaveTime
X-Swift-CacheTime
Rating
X-CDN-Pop
X-CDN-Pop-IP
Grace
X-SS-Location
X-SS-Conf
X-Tumblr-Pixel-5
X-Server-Name
X-Safe-Firewall
X-DDC-Arch-Trace
X-Tumblr-Content-Rating
X-Spip-Cache
X-NF-Request-ID
Served-By
X-Device
Liferay-Portal
X-Dw-Request-Base-Id
X-Hyper-Cache
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Cloud-Trace-Context
Ali-Swift-Global-Savetime
X-VCache
X-Original-Date
Front-End-Https
Surrogate-Control
X-Microcache
P-LB
P-WS
X-LiteSpeed-Cache-Control
X-Loop
X-TNCMS
X-Servedby
X-Acc-Exp
X-StackifyID
Content-Style-Type
X-RateLimit-Remaining
X-RateLimit-Limit
X-Firenze-Processing-Times
X-Wix-Punisher
X-Clacks-Overhead
X-Cluster-Node
Content-Script-Type
X-RateLimit-Reset
Display
X-Middleton-Display
X-Sol
X-Jimdo-Wid
X-Jimdo-Instance
X-FB-Debug
X-OneAgent-JS-Injection
Response
X-Middleton-Response
X-Kinsta-Cache
Public-Key-Pins
X-Debug-Info
X-DNS-Prefetch-Control
X-Shopid
X-Shardid
X-Sorting-Hat-Podid
X-Sorting-Hat-Featureset
X-Sorting-Hat-Shopid
X-Sorting-Hat-Shopid-Cached
X-Sorting-Hat-Privacylevel
X-Sorting-Hat-Podid-Cached
X-Vtex-Processado-Em
X-Age
X-Amz-Version-Id
Refresh
X-HOST
X-Tumblr-Pixel-6
X-Magento-Tags
X-Goog-Hash
X-XN-XNHTML
X-XN-Trace-Token
Fpc-Cache-Id
X-Cached
PageSpeed
X-Zen-Fury
X-N-OperationId
X-User-Agent
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Ruxit-JS-Agent
X-Px
X-WebKit-CSP
X-Cache-Config
X-Hostname
X-DynaTrace-JS-Agent
Retry-After
X-LW-Cache
Wpe-Backend
Feature-Policy
X-Version
X-Url
Xkey
X-Generated-By
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Handled-By
X-Frame-Option
X-Topify-Platform
X-Upstream
X-Edge-Location
Access-Control-Request-Method
Fastcgi-Cache
X-FORWARDED-FOR
X-Source
Rt-Fastcgi-Cache
TCN
X-Request-Time
Allow
X-Loopia-Node
X-MiniProfiler-Ids
X-CMS-Version
X-B-Cache
X-ET-API-ORIGIN
X-ET-API-ROOT
X-ET-API-VERSION
X-Whom
Product
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Outils-CS
X-Fastcgi-Cache
X-Cached-By
X-Content-Options
X-EdgeConnect-Origin-MEX-Latency
ServedBy
Warning
X-Platform-Processor
X-Platform-Router
X-URLSCHEME
X-Platform-Cluster
X-EdgeConnect-MidMile-RTT
X-AspNetWebPages-Version
Last-Published
X-Guploader-Uploadid
X-Varnish-Host
Public-Key-Pins-Report-Only
Fhost
X-RESOURCE
X-Accel-Expires
Powered
X-From
X-Application-Context
X-Signature
X-Cache-Info
X-Cache-Key
X-Developer
X-Location-Id
X-Magento-Cache-Debug
Generator
X-Varnish-Count
X-Varnish-HitMiss
X-Engine
X-Platform-Server
X-Varnish-Cache-Hits
X-LBLID
Dmn
X-VTEX-Janus-Router-Backend-App
X-Vtex-Processed-At
X-VTEX-Cache-Status-Janus-ApiCache
X-Vtex-Remote-Cache
X-Returned-From
X-Returned-From-DLL
X-Response-Time
X-Umbraco-Version
X-Passed-To-DLL
X-Passed-To
X-CacheServer
No
X-Original-Request
X-Powered-By-VTEX-Janus-ApiCache
X-NWS-LOG-UUID
X-Device-Type
Cache-Key
X-URL
X-S
X-UD-Method
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-DynaTrace
X-Defender
X-Shop-Id
X-Actual-URL
X-Stale
X-ApacheServer
X-PERF
X-Microcachable
X-F-Cache
X-HS-Content-Campaign-Id
X-Micro-Cache
X-Hosted-By
X-Platform
Origin
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
Imagetoolbar
X-Passed-To-PostProcessResponse
Cache-Provider
Host
Alternate-Protocol
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
X-Gateway-Cache-Status
X-Gateway-Cache-Key
Surrogate-Key
X-Gateway-Skip-Cache
X-Cache-Rule
X-ARC
X-Msg-2-Log
X-Sapient
X-Dns-Prefetch-Control
X-Recruiting
X-Rnd
Akamai-IP
Version
X-Microcache-Status
X-Cache-Namespace
MIME-Version
X-Translation
X-SSLProxy
X-Via-JSL
X-SSLUpstream
X-Forwarded-For
X-Instart-Request-ID
X-Director
SSPAppContext
DynaTrace
X-Lambda-Id
X-App-Status
Content-Hash
X-Supported-By
X-Cache-Age
X-Powered-By-360WZB
X-BS
X-I-Sp
X-Akam-SW-Version
X-SO
X-Platform-Cache
X-SVR-IIS
X-Svr-Proxy
WZWS-RAY
Pagespeed
Node
X-Dealeron-Backend
X-DealerOn
X-Track
X-Dealeron-Original-Url
Edge-Control-Message
X-Cache-TTL
X-Duration
X-Correlation-Id
X-Acquia-Application-UUID
X-Magento-Cache-Control
S-Cnection
X-Cache-Tags
RTSS
USPLoggingUUID
X-Art-Request-Id
X-Powered-By-VelaWeb
X-Powered-By-VTEX-Janus-Edge
X-Edge-IP
X-Environment
X-TransIP-Balancer
Pool
X-Expires-Orig
X-Matrix-Proxy
X-TransIP-Backend
X-NetCat-Version
X-Matrix-Server
X-SSL-Cipher
X-Hypernode
X-Server-Upstream
Content-Disposition
X-CSRF-Protection
X-Server-ID
X-SSL-Protocol
X-Rocket-Nginx-Bypass
X-Cache-Control-Orig
X-LB-Node
X-Storage
X-Dispatcher
X-ServerName
SN
X-Abgroup
X-App-Hosting
X-Server-Id
X-Cache-Debug
Accept-Encoding
X-Daa-Tunnel
X-Varnish-Cacheable
X-Generated
X-Front
X-Page-Cache
X-ORACLE-DMS-ECID
Wsr-Cache
X-Hiawatha-Cache
X-Correlation-ID
X-Debug
X-Drupal-Cache-Tags
X-Grace
X-Cache-Lifetime
X-Last-Modified
X-Vcap-Request-Id
X-VARITI-CCR
X-Gamma-Serve
FAI-W-FLOW
X-SV-Duration
X-SV-FromDBCache
X-NoCache
X-SV-CreatedAt
X-SV-Pid
X-SV-Nginx-Duration
X-SV-Edge
X-SV-Expires
X-SV-CacheTags
X-GUploader-UploadID
X-SV-Cacheable
Src-Update
Update-Time
Content-Encoding-Handler
X-Rocket-Nginx-Serving-Static
SiteSpeed
X-I
Req-Id
ServerID
X-Cache-Handler
Contao-Page-Layout
X-Varnish-Seen-By
X-Varnish-RemainingTTL
X-Varnish-ObjectSource
Powered-By-ChinaCache
X-Varnish-RemainingLife
X-Varnish-GracePeriod
X-Client-IP
X-SRV
X-Geo-Country
X-Cache-Operation
X-Now-Id
X-Forwarded-Proto
X-Flow-Powered
X-Sucuri-ID
X-Cache-Server
X-Ttl
X-CJ-Soft
X-Amz-Meta-S3cmd-Attrs
X-Firenze-Processing-Time
X-Env
X-Discourse-Route
X-ATG-Version
X-Drupal-Cache-Contexts
X-Country-Code
X-LB-Server
X-Litespeed-Cache-Control
X-Revision
X-SmugMug-Values
X-TTFB
X-SmugMug-Hiring
Smug-CDN
X-Route-Server
X-TTFB-L
Cache
X-Content-Type-Option
X-Cache-Engine
X-Content-Encoded-By
X-IsCacheURL
X-Sucuri-Cache
Lsrequestid
X-Varnish-TTL
X-Always-Cache
X-Cache-Level
X-TransIP-Reserved
X-GeoIP-Country-Code
X-Locale
X-Vhost
X-Time
Cneonction
X-Varnish-Age
X-SDS
X-Service-Id
Https
X-Transaction
X-Connection-Hash
X-Twitter-Response-Tags
X-Varnish-IP
X-Pressidium-NinukisWP-Ver
X-Cache-Expires
X-Cache-Type
X-Trace-Id
X-Server-Instance
W
Cache-Tags
Section-Io-Id
If-Modified-Since
X-Unbounce-VisitorID
Strikingly-Cached
Backend
X-Unbounce-PageId
X-Varnish-Backend
X-Litespeed-Cache
X-Amz-Rid
X-Magnolia-Registration
Strikingly-Cache-Region
X-Unbounce-Variant
Strikingly-Cached-Version
Author
X-Acquia-Application-Trace
S
X-Varnish-Url
Service-Worker-Allowed
X-FIRSTBase
X-Dispatch
ServerName
X-Esi
X-N
X-Github-Request-Id
X-GeoIP-Country-Name
Pv
X-Cache-Only-Varnish
X-TTL
X-Middleware-Start
Server-Name
X-Akamai-Device-Characteristics
X-BackendServer
X-Dynamic-Cache
X-Speed-Cache-Key
X-Akamai-Device-Model
X-Speed-Cache
SEOMOZ
AMF-Ver
MJ12bot
X-Cookie-Domain
X-Url-Base
X-Cache-Device-Type
Use-Proxy
Location
Content-MD5
X-PwB-Node
Fw-Via
X-Cache-Control
X-LB
X-Real-Server
X-FTR-Request-ID
X-ServerID
X-Cache-Fix
Custom-Header
X-SRCache-Key
X-Cache-PageType
X-Config-Blacklist-Version
X-Varnish-Server
X-Storage-Cache-Date
X-Storage-Cache-Expires
X-Symfony-Cache
X-Storage-Cache
X-ORACLE-DMS-RID
X-Webkit-CSP
PICS-Label
X-Amz-Meta-Content-Md5
NetMindSessionID
X-Content-Security-Policy-Report-Only
X-Content-Age
X-CF-Passed-Proto
X-Amz-Storage-Class
X-ID
X-HW
Nodo
Srv
X-Xrds-Location
X-Yadis-Location
X-Varnish-Retries
X-High-Performance
X-Wikidot-Static-Cache
X-Wikidot-Backend
Page-Completion-Status
Proxy-Connection
X-Fastly-Request-Id
X-Pantheon-Phpreq
X-Pantheon-Site
Tracecode
X-Key
Surrogate-Key-Raw
MC
X-Browser
Ohc-File-Size
X-Pantheon-Environment
X-Pool
Xc-Version
X-Now-Cache
X-CacheFROM
X-Processing-Time
X-Varnish-Ttl
X-CDN-Forward
X-UPSTREAM
X-Origin
X-TB-M
From-Origin
NnCoection
FindLaw
X-Frontend
X-Id
Pics-Label
Qs-Cache
X-Worker
X-Varnish-Hits
X-Srv
X-Vip
Prama
X-Nginx-Cache
X-Empowered-By
Access-Control-Allow-Method
X-NginX-Cache
Local-Info
X-Distributor
X-Nitro-Cache
Content_type
X-Sedo-Request-Id
IM-Version
X-Shield-Request-Id
IBM-Web2-Location
X-FW
CacheControlHeader
X-Cache-Miss-From
Hummingbird-Cache
X-Rq
X-Runtime-Memory
X-SP-UniqueName
X-SP-Farm
X-Runtime-Rack
X-VC-Enabled
X-BKSrc
Content-Transfer-Encoding
X-Nbs
Dtk-Cache-Check-0
X-Orig-Vary
X-Ratelimit-Limit
HCVer
X-Location
HAVer
X-Ratelimit-Remaining
X-RequestId
SRV
Ramp
Ram
Noq
Accept-Charset
X-Shard
X-Stage
X-Varnish-ID
X-WPL-DATA
RequestId
Swift-Performance
X-Redman-Final-Url
X-Analytics
X-Hrouter
X-Resource
X-Hstore
X-Redman-Backend
Cm-Server
Adm-Server
X-App
X-AVG-Country-Code
Edit
X-AF-Userserver
A-Powered-By
Front
X-Cache-CFC
X-A
X-Cache-2
X-Akamai-Edgescape
X-Avg-Cookie-Expires
X-NginX-Server
Cteonnt-Length
X-Unique-ID
X-Real-IP
X-JSESSIONID
Drupal-Pagecache-Memcache
X-RealServer
Cached
X-Proxy
X-4ormat-Cacheable
X-CB-Server
X-Proxy-Backend
Web-App-Origin-Name
X-App-Runtime
X-Yottaa-Metrics
X-Span
X-Yottaa-Optimizations
X-Runtime-Affili
Backend-Timing
Accept-Language
X-ClientSide-Caching
X-GoCache-CacheStatus
Lookup-Cache-Hit
X-Force
X-Varnish-Hostname
X-App-Server
X-Atraveo-Zone
X-Request-Uri
X-PRAM
X-Disney-Akamai-Rule
Nginx-Cache
X-Fedora-School-Id
X-ServerIndex
X-Rule
X-FireWall-Port
Access-Control-Request-Headers
X-ARRServer
X-Path-Route
X-CAPServer
X-Atraveo-ETag
X-Culture
X-Atraveo-Varnish-Server-Id
X-CLOUD-TRACE-CONTEXT
X-Dw-Trace-Id
WWW-Authenticate
X-ESI
Frame-Options
X-E
X-Remote-Addr
X-PF-Uncompressing
X-Source-ID
X-Processed-By
X-Vcache
X-Backend-Status
X-LP
X-Atraveo-From-Varnish-Cache
X-Generated-Timestamp
X-Atraveo-Param-Rm
X-Atraveo-Set-Cookie
X-Atraveo-TTL
X-Atraveo-Expires
X-Atraveo-Cache-Control
X-SE-Debug
X-Appmachine-Environment
Identity
X-Pagename
X-Hit-Cache
Environment
X-Distil-CS
X-Pantheon-Az
X-Session-ID
X-CacheDebug
X-Varnish-Debug-TTL
Beyond-Iis
XDomainRequestAllowed
X-Purge-URL
Referer
X-IIJ-Cache
X-Purge-Host
X-Varnish-Debug-Age
Proxy-Agent
Request-EU
X-Agent
Request-Country
X-Role
X-Balanceador
X-NWS-UUID-VERIFY
X-GeoIP
X-Sys-Req-ID
X-HydroSheep
X-Debug-Token
X-JG-Page-Cache
X-Ratelimit-Reset
X-VCS-Cacheable
X-VC-TTL
Upgrade-Insecure-Requests
X-Cocoon-Version
X-VCS-Ttl
Server-Info
Lb
X-AOL-HN
X-Plat
X-Nginx-Host
SHInfo
X-Cacheable-TTL
AR-SID
AR-PoweredBy
CS-SERVER
WP-FROM-CACHE
X-Domain-Checked
Url
AR-CACHE
X-Frames-Options
AsisCache
Firespring-Website-Id
X-Cache-Ttl
AR-ATIME
X-Provisioner-Version
X-LW-Web-Server
X-WR-MODIFICATION
X-Smartcache-Keys
X-WP
X-Smartcache-Timeout
X-OpenCart-Lightning
Cmstype
X-AEM
X-HeBS-Cache-Status
X-Consent-Required
Dis-Env
X-EPiphany-Vid
X-Detected-Device
Eomportal-Instance
X-Jphone-Copyright
CLMOB
Accept-CH
X-Client-Vid
ServerTokens
X-Map-Context
X-Req-Head-Response
Cmsid
ServerSignature
X-Client-Image-Vid
X-Webstats-RespID
X-V
X-Amcomm-Site
EagleEye-TraceId
X-TKP-SRV-ID
X-Amz-Id-1
X-Oferteo-Domain
X-Ghost-Cache-Status
Ufe-Result
X-CacheLoc
AETN-Longitude
BALANCEDTO
SVR
AETN-Country-Name
X-Block-Rule
Arrnode
Filters
AETN-EU
AETN-DEVICE
AETN-Latitude
X-Refresh
X-Block-RuleID
AETN-Postal-Code
AETN-Continent-Code
AETN-City
X-GSL-Server
AETN-Area-Code
X-SAPP
X-Cache-Dispatcherpragma
AETN-State-Code
AETN-Country-Code
X-Cache-Dispatchercachecontrol
AKA-DEVICE
X-Confluence-Request-Time
X-Resolver-IP
Play-Detected-UserAgent
X-HTML-Minification-Powered-By
Play-Detected-Device
Il-Cl
Home
Proxy-Cache
Thanks
X-Adnet
X-B2f-Not-Route
X-Aramark-SID
X-Blog
X-Timestamp
X-PBY
X-Via-S
*
X-Soro
X-Server-IP
X-Upstream-Status
X-Upstream-Backend
Access-Control
X-WebNode
X-Resty-Request-Id
X-Session-Reinit
X-Actindo-Thread-Id
X-Actindo-Rs
Resin-Trace
X-HA-Frontend
X-HA-Backend
X-Cache-Doesi
Traffic-Origin
Machine
Num
X-Header
X-HashTwo
X-Data-Request
X-Proxy-Cache-Control
X-Generated-Time
X-Varnish-Cache-Local
X-Domino-CacheValidationWithETagReason
VANITY-HOST
X-Batcache
X-Actindo-Request-Id
Myheader
Disablevcache
X-Ms-Request-Id
X-DSMX-Rewrite-MS
X-DSMX-Render-MS
X-Domino-CacheValidationWithETagResult
X-Info
IES-Server
Dispatcher
Load-Balancer
Worker
X-Cms-Mode
X-Dev
X-CACHE-TTL
Server-ID
X-SERVER-NAME
X-ACMCache
IISExport
Cleartype
X-RAMCache
X-WR-Flags
BackendServer
X-HostName
X-Drectory-Script
X-Dynatrace
Dynatrace
COMMERCE-SERVER-SOFTWARE
X-Garden-Version
X-Highwire-Smart-Code
X-Highwire-Sitecode
X-Now-Trace
Now
Bios
X-Adobe-Loc
X-Varnish-URL
NtCoent-Length
X-Forwarded-Host
Copyright
CommunityServer
VServer
X-Upgrade-Enabled
X-Adobe-Content
X-Proxy-Skip
X-Flex-Evstart
X-Flex-Lang
X-Autoru-Host
MageStack-Magento-Version
Magicmarker
X-Flex-Community
X-Flex-Evend
X-Flex-Tag
From
MageStack-Config
MageStack-Cacheable
HitType
MageStack-Debug
X-AutoRu-App-Id
X-Flex-Tags
MageStack-Loadbalancer
X-Flex-Lastmod
X-WebKit-CSP-Report-Only
X-LBPoolMember
X-CRA-DC
X-Secret
X-Protected-By
X-MCB-Server
X-Custom-Name
X-DEBUG
X-Actual-Url
X-UA-Bot
X-Captured
MageStack-Tag
Edgecast
Fastly-Backend-Name
X-Depends
MageStack-Web-Node
X-Cache-On
Viewport
MageStack-PageSpeed
PServer
N365rili
Ibf5scheme
X-Varnish-Id
X-Cf-Powered-By
ServerNode
Pf.Web.Request.Id
X-Server-Addr
Max-Age
X-Middleton-PageSpeed
WP-AdvCache-MemCached
EN-User
X-Nx
X-Nx-All
X-Requestid
X-Clara-ASAP
X-ASAP-Cache
X-RiS-UFDI
X-Webcelerate
X-Framework
X-Directory-Script
X-Cache-Detail
Fastly-Debug-Digest
Ttl
VAR-Cache
X-WEBMGR-CACHE
X-Bip
MageStack-Area
MageStack-Cache-Lifetime
MageStack-Cache-Hits
MageStack-Cache
X-Beatles
X-DN-Cache-Control
Access-Control-Allow-Header
DNNOutputCache
Aurora-Node
X-Application
Prot
X-Gyrobase-Publication
X-Served-Server
X-Test
MageStack-Cache-Status
RN-Server
X-Cache-Time
TC-Cache-IC
TC-Cache-U
X-Envoy-Upstream-Service-Time
X-Rebelmouse-Cache-Control
X-Highwire-RequestId
X-ETag
X-PHP-Response-Code
TC-S-Cache
TC-S-Cache-M
Pragrma
Id
X-Goog-Meta-Replace
X-Goog-Meta-Policy
X-Streams-Distribution
Provider
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Highwire-SessionId
TC-Cache
X-SmartBan-Host
X-Origin-Date
X-SmartBan-URL
X-UnsetCookies
X-Pj-Cache-Status
Pramga
X-SV
Server-Ip
X-Appversion
VSID
X-Vary-Options
X-Appid
X-TLS-Version
X-Akamai-Transformed
X-Serv
Report-To
X-IP
X-Tag-Playlist
X-Served
NODE
X-Varnish-Ip
X-Gateway-Rate-Limit-Delayed
X-FastCGI-Cache-Status
X-Cache-Me-Harder
X-Access-Control-Allow-Origin
X-Deity
X-DB-Content-Length
X-Hosting-Env
X-APIVERSION
X-ROUTING
Serverid
X-ENDPOINT
X-APIAUTH-VAL
X-ORIKEY
X-Varnish-Debug-Hits
Device
NLCacheNote
X-Rack-Cors
Web
ViewMode
X-SDE-Name
X-V-Cache
X-SayCDN-TTL
X-CH-Device
X-WN-ClientGroup
X-Say-TTL
X-Cname-TryFiles
X-Node-App
X-M
X-HA
X-Cache-Node
Tempo
Backend-Powered-By
Amfplus-Ver
X-Built-With
X-Powered-By-Home.Pl
MageStack-Last-Modified
X-Cache-LB
MageStack-Cache-Warning
MageStack-Cache-Lifetime-Sent
X-This-Proto
MS-CV
X-Processed
WN
X-Lb
X-MID-Host
X-SH-Cache-Status
X-ProBase-Server
X-Build-Id
GranicusServer
ScoreTracker
HTTPS
X-Say-Cacheable
XX
X-DevSrv-CMS
X-Beluga-Trace
X-Beluga-Status
ServerIP
Session-From
Tk
Debug-Status
X-Beluga-Response-Time-X
X-Beluga-Response-Time
Og
Keywords
Ohc-Response-Time
X-Beluga-Cache-Status
X-Beluga-Record
X-Beluga-Node
X-ACCELERATE
X-Client-Id
X-Aramark-CSID
YF-ID
X-ZSITES-DNS
X-Nginx
X-Page
X-RiS-PX
X-We-Are-Hiring
X-Title
X-Static
X-Obvious-Tid
X-Obvious-Info
X-Varnish-Grace
X-FPC
X-Layout
X-HAProxy
Description
X-Policy
X-MrHost
X-Varnish-Action
X-Content-Type
X-ServiceProvider
X-UPSTREAM-Address
Paypal-Debug-Id
X-Via-NSCOPI
X-BeResp-Ttl
X-XHR-Current-Location
X-Lw-Cache
X-B3-Sampled
X-Varnish-Backend-Beresp-Backend
Xc
Session-Id
Provided-Host
X-Beget-Proxy
X-DataDome
X-Svr
X-Skip-Cache
X-SilverStripe-Cache
Yoncu-Errno
X-7d-Instance-Id
X-Cache-Varnish
X-7d-Trace-Id
X-Reqid
X-MAT-GEO
AMP-Redirect-To
X-Status
X-Compressed-By
X-Desc
X-Geo-IP
X-Response
Progma
X-CacheID
X-Mighty-Proxy
X-Pass-Through
X-Cache-TTL-Current
X-Search-Id
X-Max-Age
X-Proto
X-Enhanced-By
X-Cache-Warmer
Page-Template
NZSpeedy
X-Cache-TTL-Age
X-Src-Webcache
X-NodeID
X-Node-Id
X-Ms-Version
X-Nginx-Request-Processing-Time
X-Backside-Transport
X-Powered-By-ADS
DrivedBy
AMP-Access-Control-Allow-Source-Origin
PBS
REFRESH
X-Server-Generated
Ssl-Proxy-Server
X-Test-Debug
SB-Cache-Remaining
Cf-Ipcountry
SB-Cache-Life
X-XHTML-Minification-Powered-By
SB-Site-Device
X-AMAZEEIO
X-Varnish-Cache-Ttl
SB-Site-IE-VERSION
X-W3TC-Minify
Hit-Count
X-Who
X-BPool-Back
CDCHOST
X-Rewritten-By
X-BServer
X-Airee-Node
X-SCM-Server-Number
Purge-Cache-Tags
Response-Time
X-ReqId
X-RemovedCookies
X-ManagedFusion-Rewriter-Version
X-PM-ID
StatusCode
X-ProcessESI
X-Shopware-Allow-Nocache
X-NoIndex
NGX
Server-Id
X-Custom-Header
X-Route
X-Firefox-Spdy
X-Origin-Cache
X-Instance
X-Proxy-Server
X-EC2-Instance-Id
X-Proxy-Cache-Key
Hosted-By
X-Gannett-Site-Version
AC-ELC
X-Vol-Correlation
X-Qnm-Cache
X-Origin-Server
X-Now-Instance
X-Shopware-Cache-Id
X-Rack-CORS
X-M-Reqid
X-FromPodPressCache
X-Wodby-Node
X-Global-Transaction-ID
X-Vol-Mrp
X-M-Log
X-CACHE-KEY
X-Sid
X-COUNTRY-CODE
X-Oracle-Dms-Ecid
X-Cdn-Forward
X-Compress-Hint
X-Geo
X-Xml-Http-Blocked
X-RENDER-TIME
X-PROCESSED-BY
SERVER-ID
X-Scheme
X-Mobilized-By
X-FORWARDED-PROTO
X-Serverid
OracleCommerceCloud-Sandiego
X-RequesterIP
OracleCommerceCloud-Version
Fastly-Restarts
CDN-Uid
X-Ruxit-Js-Agent
CmsfirstPublishTimestamp
CDN-RequestId
X-From-Cache
X-Optimization
X-GZip
CommercePlatform-Version
Httpd-Identifier
X-Appmachine-Duration
MSThemeCompatible
X-Appmachine-Name
MSSmartTagsPreventParsing
X-Cache-HT
X-Appmachine-CreatedOn
X-ASAP-Age
X-Built-By
X-Hit
MachineName
MwpReleaseVersion
Returned-Status
X-Instance-Name
X-Varnish-Age-Debug
X-Meta-Imagetoolbar
X-Meta-MSSmartTagsPreventParsing
X-Meta-MSThemeCompatible
X-Nginx-Page-Cache
X-Firewall
WebServer
X-Ssl-Cipher
X-Dck
Language
X-Abuse
X-Generation-Time
X-Old-Content-Length
X-D-Time
X-FG-RequestId
X-JoinUs
X-Machine
X-NMT-Proxy
X-Enabled2
X-Country
X-Beresp-Ttl
RSL-Trace-ID
X-Fastly-Backend-Reqs
X-Front-Cache
X-Pageid
X-No-Session
Origin-Vm
Fastly-Drupal-Html
X-Itkg-Cache-Tags
X-Accel-Cache-Control
Prototype-RootPath
X-SSLTerm-Server
X-TEST
X-UT-Cache
X-Time-Spent
X-Tradeindia-Request-GUID
X-Tradeindia-SMgmt
X-Rocket-Domain-Eq
X-Rocket-Domain
X-Pilvia-Engine
X-Rocket-SiteInfo
X-Rocket-Viewer
X-Trans-Id
X-Stiffia-Cache
X-OCTOPOD
X-Middleton-Pagespeed
ClientIP
X-Vid
F5-IpCliente
Gzip
X-Gate-Blk
X-Gate
Generate-Time
X-SG-Server
X-ORIGN-SERVER
X-Origin-Upstream-Status
X-Mobile-Rewrite
X-Router
X-Telligent-Evolution
Ews
X-WA-Info
X-InDy-Time
X-InDy-Query
PB-PID
LB
Amp-Access-Control-Allow-Source-Origin
PB-RID
PROGMA
X-InDy-Memory
X-Grid-Server
Servername
X-Zendesk-Origin-Server
X-CAMPUSSUITE-TENANT
X-CAMPUSSUITE-ENVIRONMENT
X-CAMPUSSUITE-DEBUGGING
X-CSRF-Token
X-Expires
FastCGI-Cache
X-Magento-Route
V-Cache-Ttl
PagesDisplayed
X-Enabled1
X-Cache-Id
CDN-PullZone
X-Enabled3
EQ-Cache
X-ENV
X-Varnish-TTL-Debug
HA-Georegion
X-MainProfileID
X-MainProfileCategory
X-Instance-Id
X-MainProfileName
X-MainProfileURL
X-Navigation-Version
X-MyName
X-HS-Status
X-HP-CAM-COLOR
X-Cache-FS-Status
SINA-TS
X-Zendesk-User-Id
X-D2id
X-DynamicCache
SS
X-NewsFlow-Sitename
X-Olaf
TP-L2-Cache
TP-Cache
X-Box
X-Cache-Action
X-Cluster
X-Cache-Extended
HSTS
HitInfo
X-PBS-Appsvrname
X-PBS-Appsvrip
X-PBS-Fwsrvname
X-Reflector
FRONT-END-SECUREBROWSER
X-Reflector-Cache
SINA-LB
Nitro-Cache
X-Served-From
X-Az
X-Debug-Message
X-Mobile-Device
X-BIT-Node
X-Mobile-Device-Type
X-Amz-Meta-Version-Id
X-Activity-Id
X-Cache-ID
X-OPNET-Transaction-Trace
X-Boot
ID
X-Varnish-Cache-Control
X-VHosting-Cache
X-SCProxy
X-Batcache-Reason
Sl-Pgid
X-SEA-Instance-Name
X-Transaction-Name
Cache-Status
X-S-Misc
X-PressLabs-Stats
X-CloudBurst-Backend
X-CloudBurst-Cache
X-Server-Ip
End-User-Country
X-Pagely-Cache
X-CloudBurst-WordPress
X-Cachable
X-CloudBurst-Frontend
X-FastCGI-Cache
Arrow-RequestId
ModuleCacheType
L5d-Success-Class
NKBVHEADER
X-Cache-Via
Request-Time
X-Render-Time
HA-Urlpath
HA-Servedtime
HA-Geolat
HA-Geocountry
HA-Geolon
X-SSL
HA-Ipaddr
HA-Host
TYPO3-Pid
TYPO3-Sitename
X-Sn-Servicetimems
X-Ruby-Cluster-ID
X-UPServer
X-Varnish-Cached
CDN-Cache
X-Varnish-Cached-TTL
X-NginX-Upstream
X-MCF-ID
X-Cdn-Origin
X-Bcwwwid
X-CGP
X-Fpc
X-Jcms-Ajax-Id
X-Homeaway-Requestmarker
HA-Geocity
HA-Cloudapp
X-Amz-Apigw-Id
Webserver
X-Amzn-RequestId
X-Amzn-Trace-Id
X-DDM-SERVER
X-Clx-Request
Web-Server
Unique-Request-Id
X-Oracle-Dms-Rid
X-Log
X-Qiniu-Zone
Content
SBSS
Requested-Host
X-DDM-SERVER-UPDATED
X-MSU-SOURCE
X-UType
X-SuperCache
X-VG-WebCache
BlockPHPCallEnd
DB-Nickname
Content-Sn
X-Rocket-Nginx-Reason
X-Rocket-Nginx-File
X-Phpwcms-Release
X-Phpwcms-Page-Processed-In
X-Ser
X-PoweredBy
X-Requested-With
X-Proxy-Id
CDN-CachedAt