Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Date
Content-Type
Server
Set-Cookie
Connection
Cache-Control
Vary
X-Powered-By
Expires
Content-Length
Last-Modified
Pragma
Link
Accept-Ranges
ETag
X-Content-Type-Options
X-Frame-Options
X-XSS-Protection
Strict-Transport-Security
X-Cache
CF-RAY
X-AspNet-Version
Age
P3P
X-Pingback
Content-Language
Via
X-UA-Compatible
Expect-CT
Upgrade
Access-Control-Allow-Origin
X-Adblock-Key
Content-Security-Policy
X-Cacheable
X-Check
X-Language
X-Template
X-Request-Id
X-Varnish
Alt-Svc
X-Generator
X-Xss-Protection
X-Buckets
X-Drupal-Cache
P3p
X-Type
WPE-Backend
X-Cache-Group
X-Pass-Why
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Cache-Hits
X-Permitted-Cross-Domain-Policies
X-Download-Options
X-Powered-By-Plesk
Content-Location
Host-Header
X-Runtime
X-ShopId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Dc
X-Sorting-Hat-Section
X-ShardId
X-Sorting-Hat-PodId-Cached
X-Alternate-Cache-Key
MS-Author-Via
Referrer-Policy
X-UA-Device
Cartoon
X-Powered-CMS
X-IPLB-Instance
X-Served-By
X-Amz-Cf-Id
X-Cache-Status
Access-Control-Allow-Headers
Status
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Via
X-Ua-Compatible
X-Iinfo
X-Timer
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Wix-Server-Artifact-Id
X-ServedBy
X-Contextid
CF-Cache-Status
X-Backend
X-PC-Hit
X-PC-Key
Powered-By
X-Accel-Buffering
X-Mod-Pagespeed
X-PC-Date
X-PC-AppVer
X-PC-Host
Content-Encoding
X-CST
X-WPE-Loopback-Upstream-Addr
X-DIS-Request-ID
X-Logged-In
X-Host
Keep-Alive
X-CDN
X-Rid
X-Cache-Hit
X-Port
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Cache-Enabled
X-Server-Powered-By
X-Tumblr-Pixel-1
X-Endurance-Cache-Level
X-Server
X-Nginx-Cache-Status
X-Original-Date
X-Robots-Tag
X-Accel-Version
X-Wix-Request-Id
X-Seen-By
X-Tumblr-Pixel-2
X-Turbo-Charged-By
X-Page-Speed
X-Drupal-Dynamic-Cache
X-Pad
X-Content-Powered-By
X-Forwarded-For
X-Content-Digest
X-Wix-Punisher
X-Proxy-Cache
X-Rack-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-AH-Environment
WP-Super-Cache
X-NewRelic-App-Data
X-Sorting-Hat-PrivacyLevel
X-Varnish-Cache
X-Forwarded-Proto
X-Tumblr-Pixel-3
Content-Security-Policy-Report-Only
X-GitHub-Request-Id
X-LiteSpeed-Cache
Edge-Control
SPRequestGuid
X-Request-Country
X-SharePointHealthScore
X-MS-InvokeApp
MicrosoftSharePointTeamServices
X-XRDS-Location
Timing-Allow-Origin
X-Cache-Lookup
X-SERVER
X-Cnection
X-Newrelic-App-Data
X-Node
X-FW-Hash
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Died
X-Trace
X-Webcom-Cache-Status
Charset
X-Content-Security-Policy
X-FW-Static
X-FW-Type
X-FW-Serve
X-FullPageCaching
X-Webserver
Request-Id
Edge-Cache-Tag
X-CF-Powered-By
X-HS-Cache-Config
X-HS-Content-Id
X-PhApp
X-Hits
MicrosoftOfficeWebServer
Request-Context
X-PHP-Backend
X-BC-Stapler
SPIisLatency
SPRequestDuration
X-INKT-SITE
X-INKT-URI
X-Safe-Firewall
Access-Control-Max-Age
EagleId
X-Swift-CacheTime
X-Swift-SaveTime
Composed-By
Grace
Access-Control-Expose-Headers
X-CDN-Pop
X-CDN-Pop-IP
Served-By
X-HS-Combine-CSS
X-Hyper-Cache
Liferay-Portal
X-Spip-Cache
X-VCache
X-Server-Name
X-Tumblr-Pixel-4
X-Backend-Server
X-Dw-Request-Base-Id
X-Device
X-Fastly-Request-ID
X-Microcache
X-Firenze-Processing-Times
X-RateLimit-Remaining
X-RateLimit-Limit
X-LiteSpeed-Cache-Control
X-Cloud-Trace-Context
X-Clacks-Overhead
X-FB-Debug
Xkey
X-RateLimit-Reset
Rating
Front-End-Https
X-TNCMS
X-Loop
Surrogate-Control
X-Jimdo-Wid
X-Jimdo-Instance
Content-Style-Type
X-ServerName
Content-Script-Type
X-DDC-Arch-Trace
X-Acc-Exp
X-User-Agent
Public-Key-Pins
Refresh
Display
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
X-Cache-Config
X-DNS-Prefetch-Control
X-Vtex-Processado-Em
X-StackifyID
Fpc-Cache-Id
X-Frame-Option
X-XN-XNHTML
X-XN-Trace-Token
X-Age
Real-Hostname
X-Tumblr-Content-Rating
X-Hostname
X-SS-Location
X-SS-Conf
X-Generated-By
X-Px
X-WebKit-CSP
X-Zen-Fury
X-Cached
X-N-OperationId
X-Tumblr-Pixel-5
X-Topify-Platform
X-Dscp-Value
X-Correlation-Id
X-Magento-Tags
X-HOST
X-Request-Time
X-MiniProfiler-Ids
PageSpeed
X-OneAgent-JS-Injection
P-WS
P-LB
X-Amz-Version-Id
TCN
X-URL
X-CMS-Version
X-Whom
X-Url
Rt-Fastcgi-Cache
X-Handled-By
X-DynaTrace-JS-Agent
X-Kinsta-Cache
X-Cached-By
X-DynaTrace
X-Outils-CS
X-B-Cache
X-Msg-2-Log
Product
Access-Control-Request-Method
X-Ruxit-JS-Agent
X-AspNetWebPages-Version
X-From
X-Content-Options
X-Edge-Location
X-Debug-Info
X-Varnish-Cache-Hits
X-Cache-Rule
X-Varnish-TTL
ServedBy
Powered
Surrogate-Key
Host
Imagetoolbar
X-Cdn
X-Engine
X-Via-JSL
Public-Key-Pins-Report-Only
X-Upstream
Fhost
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Edge-Control-Message
X-CacheServer
X-Application-Context
DynaTrace
Alternate-Protocol
X-Powered-By-VTEX-Janus-ApiCache
X-Vtex-Remote-Cache
X-Vtex-Processed-At
X-VTEX-Cache-Status-Janus-ApiCache
X-VTEX-Janus-Router-Backend-App
X-Location-Id
No
X-Accel-Expires
X-Recruiting
X-Signature
X-Developer
X-LBLID
X-Umbraco-Version
X-LW-Cache
X-Track
X-Fastcgi-Cache
X-Platform
X-Response-Time
X-Platform-Router
X-Goog-Hash
X-Micro-Cache
X-Platform-Processor
X-Hosted-By
Fastcgi-Cache
X-Platform-Cluster
X-Original-Request
X-Passed-To
X-Passed-To-DLL
X-Defender
X-Shop-Id
X-Returned-From-DLL
X-Actual-URL
Pagespeed
X-Returned-From
Generator
X-Powered-By-VTEX-Janus-Edge
Retry-After
X-Magento-Cache-Debug
Dmn
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Returned-From-PostProcessResponse
X-Varnish-Beresp-Grace
X-Returned-From-BeforeDispatch
X-UD-Method
X-Passed-To-BeforeDispatch
X-Cache-Age
Arr-Disable-Session-Affinity
X-Passed-To-PostProcessResponse
X-Rnd
X-Loopia-Node
X-Stale
X-Source
HTTPS
X-I-Sp
X-BS
X-TransIP-Balancer
X-NWS-LOG-UUID
X-Device-Type
X-Cache-TTL
Origin
X-Powered-By-360WZB
X-VARNISH-Cache
Akamai-IP
X-Cache-Info
X-Version
WZWS-RAY
X-F-Cache
X-Microcachable
X-PERF
X-ApacheServer
X-URLSCHEME
X-Varnish-Host
X-Instart-Request-ID
X-Supported-By
X-RESOURCE
Ohc-File-Size
X-Dispatcher
Cache-Provider
X-Litespeed-Cache
X-TransIP-Backend
X-HS-Content-Campaign-Id
Content-Hash
X-Storage
Fastly-Debug-Digest
X-Tumblr-Pixel-6
X-Rocket-Nginx-Bypass
X-FORWARDED-FOR
X-S
X-Cache-Key
Version
X-Varnish-HitMiss
X-Varnish-Count
X-Cache-Operation
X-Platform-Server
X-Front
X-Server-ID
USPLoggingUUID
Surrogate-Key-Raw
X-I
X-Cache-Tags
X-Pantheon-Site
X-Pantheon-Phpreq
X-Pantheon-Environment
X-Gamma-Serve
X-App-Hosting
X-NetCat-Version
X-EdgeConnect-Origin-MEX-Latency
X-ATG-Version
X-Matrix-Server
X-Matrix-Proxy
X-Page-Cache
X-Translation
Last-Published
X-Platform-Cache
RTSS
X-Microcache-Status
X-Powered-By-VelaWeb
X-Director
X-Expires-Orig
X-CSRF-Protection
X-Sapient
X-Varnish-Seen-By
X-Varnish-RemainingTTL
X-Art-Request-Id
X-Varnish-RemainingLife
X-Varnish-ObjectSource
X-Varnish-GracePeriod
X-Shard
X-Cluster-Node
MIME-Version
X-Vcap-Request-Id
X-Cache-Namespace
Allow
X-Route-Server
X-Content-Encoded-By
X-Varnish-Age
X-ORACLE-DMS-ECID
X-Hypernode
X-Revision
X-Ezoic-Cdn
X-LB
X-EdgeConnect-MidMile-RTT
X-LB-Node
Wsr-Cache
X-Ttl
Content-Disposition
Cache-Key
Powered-By-ChinaCache
X-Server-Upstream
Pool
X-SSL-Cipher
X-Flow-Powered
X-Abgroup
IBM-Web2-Location
X-SSL-Protocol
X-ARC
X-Environment
X-NoCache
X-Daa-Tunnel
X-Edge-IP
X-Grace
X-IsCacheURL
X-Drupal-Cache-Tags
X-Litespeed-Cache-Control
X-SV-Cacheable
X-SV-Duration
X-SV-CreatedAt
X-Lambda-Id
X-SV-CacheTags
X-SV-Nginx-Duration
X-SV-Edge
X-SV-Pid
X-Cache-Debug
X-SV-FromDBCache
X-Varnish-Cacheable
X-SV-Expires
X-Firenze-Processing-Time
Content-MD5
Accept-Encoding
SSPAppContext
X-Xrds-Location
X-Github-Request-Id
X-Dispatch
S-Cnection
X-Nginx-Cache
Srv
FAI-W-FLOW
X-CJ-Soft
X-Cache-Control-Orig
X-Magento-Cache-Control
X-Cache-Only-Varnish
Lsrequestid
Section-Io-Id
Cneonction
ServerID
X-Url-Base
Content-Encoding-Handler
X-Varnish-Url
X-Varnish-Backend
X-Cache-Server
Backend
X-GeoIP-Country-Code
X-Cache-Type
X-Drupal-Cache-Contexts
X-Generated
X-Time
X-Vhost
X-Cache-Expires
Pv
X-Cache-Lifetime
Page-Completion-Status
X-Hiawatha-Cache
Location
SN
X-Ss-Conf
X-Ss-Location
X-Varnish-Ttl
X-RequestId
X-Duration
Fw-Via
X-PwB-Node
Proxy-Connection
X-Servedby
X-Amz-Meta-S3cmd-Attrs
Node
X-Debug
X-Client-IP
PICS-Label
Nodo
X-Proxy
X-ServerID
ServerName
X-AOL-HN
X-Akamai-Transformed
X-Speed-Cache
X-Middleware-Start
X-Speed-Cache-Key
X-Fastly-Request-Id
X-Magnolia-Registration
X-GeoIP-Country-Name
X-Varnish-IP
X-FW
X-N
X-Server-Id
Use-Proxy
AMF-Ver
If-Modified-Since
X-SO
X-Cookie-Domain
X-Country-Code
X-Cache-CFC
X-Geo-Country
X-Cache-Level
X-Frontend
X-Pressidium-NinukisWP-Ver
X-ID
X-Purge-URL
X-Processing-Time
Req-Id
X-Location
X-Real-Server
X-Cache-Handler
NnCoection
X-Akamai-Device-Model
X-Oneagent-Js-Injection
Server-Name
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-UPSTREAM
X-Goog-Stored-Content-Length
X-Always-Cache
X-GUploader-UploadID
X-Goog-Storage-Class
X-Akamai-Device-Characteristics
X-SRCache-Key
X-Worker
X-Cache-Device-Type
X-Discourse-Route
X-DealerOn
Server-Info
X-Cache-Engine
X-Cache-PageType
X-Dynatrace-Js-Agent
X-Cache-Fix
X-Nbs
IM-Version
Cache
X-Config-Blacklist-Version
X-ORACLE-DMS-RID
X-Content-Age
MJ12bot
X-Purge-Host
X-Empowered-By
Pf.Web.Request.Id
X-Yadis-Location
SEOMOZ
Xc-Version
Local-Info
P-ID
X-Browser
Author
X-Cache-Control
X-PF-Uncompressing
Nitro-Cache
Accept-Charset
X-Varnish-Retries
X-App-Server
X-High-Performance
X-Content-Type-Option
X-CF-Passed-Proto
X-BackendServer
X-Amz-Storage-Class
X-Correlation-ID
X-Runtime-Rack
Qs-Cache
Cached
X-WR-Flags
X-Sentry-ID
X-Srv
X-Rocket-Nginx-Serving-Static
X-Esi
X-Unbounce-VisitorID
X-Unbounce-Variant
X-Server-Instance
Content-Transfer-Encoding
X-Last-Modified
X-BKSrc
X-Unbounce-PageId
X-Id
X-OpenCart-Lightning
X-Pagename
X-Framework
X-Abuse
X-Hit-Cache
X-JG-Page-Cache
SRV
X-CDN-Forward
Thanks
X-TTL
X-SDS
HCVer
X-Server-IP
Adm-Server
HAVer
Front
CacheControlHeader
X-Content-Security-Policy-Report-Only
S
X-Runtime-Memory
X-FTR-Request-ID
X-Mobilized-By
X-Origin
X-AF-Userserver
X-ClientSide-Caching
NODE
X-NB-Cached-Page
Custom-Header
Eomportal-Instance
Server-Timing
Cm-Server
MC
X-ACMCache
X-VARITI-CCR
X-Ruxit-Js-Agent
Cteonnt-Length
Frame-Options
X-AEM
X-WPL-DATA
ServerSignature
X-Dns-Prefetch-Control
X-Session-ID
ServerTokens
Cache-Tags
X-HTML-Minification-Powered-By
X-CAPServer
X-Rq
X-Sucuri-ID
X-Varnish-Hits
X-HW
X-Adobe-Content
SiteSpeed
Magicmarker
X-Shield-Request-Id
X-Processed-By
X-LB-Server
X-DEBUG
NtCoent-Length
X-Adobe-Loc
WWW-Authenticate
NetMindSessionID
X-VTEX-Cache-Status-Janus-Edge
Tracecode
X-Cache-Dispatcherpragma
X-Trace-Id
X-Page
X-Cache-Dispatchercachecontrol
X-Env
W
X-LP
X-SRV
Ufe-Result
X-Sys-Req-ID
Cache-Tag
SVR
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Resty-Request-Id
WN
X-Gateway-Cache-Key
X-WN-ClientGroup
X-Orig-Vary
X-Fedora-School-Id
Content_type
X-Webkit-CSP
VServer
X-Jphone-Copyright
Yoncu-Errno
Contao-Page-Layout
X-CB-Server
X-LW-Web-Server
Proxy-Agent
X-Smartcache-Keys
X-Route-To
X-Smartcache-Timeout
X-WP
X-Garden-Version
X-HydroSheep
X-Traffic
EagleEye-TraceId
BALANCEDTO
X-Twitter-Response-Tags
X-EPiphany-Vid
X-A
X-SmugMug-Hiring
X-Clara-ASAP
X-Unique-ID
Max-Age
X-ASAP-Cache
RN-Server
X-Generated-Time
X-Yottaa-Optimizations
X-SmugMug-Values
X-Yottaa-Metrics
X-Client-Vid
Web-App-Origin-Name
X-Transaction
X-Connection-Hash
A-Powered-By
Smug-CDN
Keywords
X-TTFB-L
X-Drectory-Script
Description
Server-ID
X-Varnish-Hostname
X-TTFB
X-ServerIndex
X-Client-Image-Vid
Ram
Ramp
VANITY-HOST
X-Symfony-Cache
AsisCache
X-Redman-Backend
Noq
ScoreTracker
X-AVG-Country-Code
From-Origin
X-Akamai-Edgescape
X-Avg-Cookie-Expires
X-Redman-Final-Url
X-Cache-Doesi
X-WA-Info
Environment
X-Compress-Hint
X-Sorting-Hat-Expire-Cache
X-Response
X-RDP
SBGI-10
SBGI-5
X-Application
X-SDE-Name
X-Hosting-Env
SBGI-RenderTime
SBGI-RealPath
X-L-Path
X-GeoIP
X-Environment-Context
Og
X-Webstats-RespID
SBGI-Device
X-Disney-Akamai-Rule
SBGI-9
X-Plat
X-Viator-Tapersistentcookie
X-ARRServer
SBGI-7
Cmstype
Access-Control-Allow-Header
MW-Webserver
X-Varnish-Debug-Age
X-Varnish-Debug-TTL
Ibf5scheme
X-CRA-DC
X-PRAM
X-Force
N365rili
Service-Worker-Allowed
X-WebKit-CSP-Report-Only
Pics-Label
SG
X-VNode
IISExport
X-RiS-UFDI
Machine
X-VC-Enabled
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Stage
X-Sucuri-Cache
Play-Detected-Device
Cmsid
X-Provisioner-Version
X-Domain-Checked
X-Cache-Node
X-Cache-On
SBGI-1
Fastly-Backend-Name
X-Varnish-Id
Play-Detected-UserAgent
X-App-Status
X-Proto
X-Cdn-Forward
AC-ELC
X-Magento-Action
X-VC-TTL
X-Bip
X-Vcache
X-SV
Beyond-Iis
X-Cache-Varnish
X-GoCache-CacheStatus
X-NginX-Server
X-Forwarded-Host
Url
X-Backend-Status
X-CacheResult
Dispatcher
X-Resource
X-AutoRu-App-Id
X-Culture
X-Autoru-Host
X-App-Runtime
X-Autoru-LB
X-Amz-Meta-S3b-Last-Modified
X-Detected-Device
Dis-Env
X-Varnish-ID
Hostname
X-Frames-Options
X-Fstrz
X-Directory-Script
SHInfo
X-E
X-Cocoon-Version
Ctx
X-Airee-Node
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Meta-Content-Md5
X-Secret
X-Src-Webcache
X-TB-M
RequestId
X-Key
X-Lb
X-Acquia-Debug-Password
Backend-Timing
X-Varnish-Server
X-Analytics
Home
X-IIJ-Cache
X-Real-IP
X-WHOIS-Cached
XDomainRequestAllowed
X-Highwire-RequestId
X-Highwire-SessionId
X-Runtime-Affili
X-Balanceador
X-PHP-Response-Code
From
X-Rack-CORS
X-FireWall-Port
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Dev
X-SmartBan-Host
X-SmartBan-URL
X-Time-Microsecs
X-Request-Uri
X-Varnish-Action
X-Session-Reinit
X-Cms-Mode
X-Dw-Trace-Id
Worker
X-Redirector
Web
X-Origin-Server
X-Source-ID
X-Atraveo-Cache-Control
X-Atraveo-Expires
WP-AdvCache-MemCached
HitType
Nginx-Cache
Access-Control-Allow-Method
COMMERCE-SERVER-SOFTWARE
Bios
X-EC2-Instance-Id
Identity
X-Atraveo-ETag
Accept-Language
X-Atraveo-Param-Rm
X-Atraveo-Varnish-Server-Id
X-Atraveo-From-Varnish-Cache
X-Atraveo-Zone
X-Atraveo-TTL
X-Atraveo-Set-Cookie
SS
X-CACHE-TTL
X-Sites
X-Adnet
X-ACCELERATE
NLCacheNote
X-Depends
Disablevcache
Myheader
X-Resolver-IP
X-Pubstack
X-DTC
X-FPC
X-Cache-Via
Id
TC-S-Cache
TC-S-Cache-M
X-ETag
TC-Cache-U
TC-Cache-IC
X-Streams-Distribution
X-Origin-Cache
TC-Cache
X-Ghost-Cache-Status
X-Goog-Meta-Policy
X-Debug-Token
X-HAProxy
X-Machine
X-Flex-Community
X-NginX-Cache
X-Goog-Meta-Replace
X-Remote-Addr
X-RealServer
X-Flex-Tag
X-Hosting
X-Wikidot-Backend
X-Wikidot-Static-Cache
Ec-CorrId
X-Data-Request
X-Compressed-By
X-OPNET-Transaction-Trace
AMP-Access-Control-Allow-Source-Origin
X-HP-Trace-ID
X-Amcomm-Site
Ec-Machine
X-Confluence-Request-Time
Paypal-Debug-Id
X-Desc
X-MAT-GEO
X-Refresh
Hname
X-LDNR-NOT-ROOT-HL-NOTSET
X-Distributor
X-Rewrite
X-GSL-Server
X-HashTwo
Traffic-Origin
X-Nginx-Host
X-Req-Head-Response
X-Search-Id
Proxy-Cache
X-Map-Context
Device
X-Flex-Evstart
X-Flex-Lang
X-Flex-Lastmod
X-Flex-Tags
X-Mobile-URL
X-Aramark-SID
ClientIP
F5-IpCliente
Gzip
OriginServer
X-HP-Trace-Project
X-Varnish-Cache-Local
X-B2f-Not-Route
X-Cluster
X-DB-Content-Length
X-Flex-Evend
Il-Cl
XX
X-MidCOM-Meta-Cache
X-Node-Name
X-Info
X-Grid-Server
X-Bcwwwid
Xc
X-MCB-Server
SERVER-ID
X-Render-Time
Aoestatic
Hummingbird-Cache
X-Batcache
CLMOB
X-SH-Cache-Status
X-Cache-TTL-Remaining
X-Pagely-Cache
X-SERVER-NAME
X-Akamai-3PM-SW-Version
X-ESI
X-Magento-Lifetime
Strikingly-Cached
X-Dealeron-Original-Url
X-KoobooCMS-Version
X-Avvio-Cms-Cacheload
Strikingly-Cached-Version
Strikingly-Cache-Region
X-Dealeron-Backend
X-Author
X-Distil-CS
X-NID
TP-L2-Cache
TP-Cache
VC-NoCache
X-Proxy-Skip
X-AISO-Cache
X-DataDome
X-ASAP-Age
X-HS-Status
BackendServer
Progma
Accept-CH
X-AISO-Server
Upgrade-Insecure-Requests
X-AISO-Cacheable
X-4ormat-Cacheable
Ez
OracleCommerceCloud-Sandiego
Ohc-Response-Time
X-SuperCache
X-7d-Instance-Id
X-7d-Trace-Id
OracleCommerceCloud-Version
X-Proxy-Cache-Key
X-Amz-Id-1
X-NodeID
X-IP
X-DynamicCache
CommercePlatform-Version
Kanooh-Host
Server-Id
X-V
X-App
X-Client-Ip
X-Sid
X-Zendesk-Origin-Server
X-Zendesk-User-Id
X-Protected-By
X-Gannett-Site-Version
Lb
X-Agent
X-CacheID
PServer
Actual-Object-TTL
X-Gyrobase-Publication
Content-Generator
X-DN-Cache-Control
Copyright
X-LBPoolMember
X-DSMX-Rewrite-MS
X-DSMX-Render-MS
X-Rack-Cors
X-Config-By
X-Country
X-DDM-SERVER
X-OCTOPOD
Ews
X-Nitro-Cache
X-Served-Server
X-ServiceProvider
PagesDisplayed
Cleartype
X-Tag-Playlist
X-Captured
X-DDM-SERVER-UPDATED
X-Header
X-PM-ID
NS-VaryByCustom-Key
X-Powered-By-Home.Pl
X-Cache-Extended
X-HP-CAM-COLOR
X-Cache-Detail
Ttl
X-Batcache-Reason
X-Cache-Keep
X-Rewritten-By
X-Reflector
X-ManagedFusion-Rewriter-Version
X-Reflector-Cache
X-Server-Addr
X-Serv
Server-Ip
X-Nginx-Request-Processing-Time
X-Pj-Cache-Status
NZSpeedy
X-CloudBurst-Frontend
X-CloudBurst-Cache
MS-CV
Amfplus-Ver
X-Served
MageStack-Cache-Lifetime
X-Machine-Name
Key
MageStack-Area
MageStack-Cache
MageStack-Cache-Hits
X-Beatles
X-Cache-ID
X-CloudBurst-Backend
X-Cache-Time
X-UT-Cache
Generate-Time
X-Middleton-PageSpeed
X-Debug-Message
X-Deity
X-Activity-Id
Viewport
X-Domino-CacheValidationWithETagReason
X-Domino-CacheValidationWithETagResult
X-Az
X-AppVersion
X-HEAD
X-Amz-Meta-Version-Id
ViewMode
X-Made-On
X-JSESSIONID
X-Header-Treatment
X-Serverid
X-UA
X-HA
X-Cname-TryFiles
X-FastCGI-Cache-Status
X-CSRF-Token
Tesla.Performance
X-CloudBurst-WordPress
X-Q-S
X-Obvious-Tid
X-Obvious-Info
X-MainProfileURL
X-MainProfileName
FindLaw
Requested-Host
X-Box
X-Backend-Host
Swift-Performance
X-MainProfileID
X-MainProfileCategory
FRONT-END-SECUREBROWSER
Fastly-Restarts
X-WebNode
X-UPSTREAM-Address
Tk
X-Cache-Me-Harder
X-Hstore
X-Hrouter
X-Container
X-Hash
X-Phpwcms-Page-Processed-In
X-Catalyst
X-Built-With
Cache-Status
X-S-Misc
TZ-Server
ID
Hamster
X-CDN-RULE
X-CDN-COMPRESS
X-Generation-Time
X-D-Time
X-VG-WebCache
X-SE-Debug
X-REDIRECTSERVER
X-Phpwcms-Release
X-Via-NSCOPI
Content-Cache
X-AppServer-Cache-Rule
UrlWatchModule-Time
No-Cache
X-RiS-PX
X-Nginx-Request-Time
X-FIRSTBase
X-CH-Device
X-Cachable
X-Beresp-Ttl
X-HeBS-Cache-Status
X-I-V
X-M-T
X-M-P
X-Instart-Cache-Id
X-B
Provided-Host
MageStack-Debug
MageStack-Config
MageStack-Cacheable
MageStack-Cache-Warning
MageStack-Loadbalancer
MageStack-Magento-Version
MageStack-Web-Node
MageStack-Tag
MageStack-PageSpeed
X-M-V
X-Mw-Workerstats
AR-SID
AR-PoweredBy
AR-CACHE
AR-ATIME
CommunityServer
ProxiaInstanceId
X-Middleton-Pagespeed
X-Instance-Id
Session-Id
Z-Tpl
Y-Trace
X-Apm-Telemetry-Syncmark
X-Pool-Info
X-Pageid
X-RAMCache
X-S-C
X-Transaction-Name
X-T
X-S-V
MageStack-Cache-Status
X-Debug-Token-Link
X-Omnis-SiteID
X-SilverStripe-Cache
X-Timestamp
DeleGate-Ver
X-AMAZEEIO
Provider
X-ReqId
X-NO-BREACH
SB-Cache-Remaining
SB-Cache-Life
SB-Site-Device
X-DS1D
X-FG-RequestId
X-Enhanced-By
X-Artvisual-Server
X-Highwire-Sitecode
X-ZSITES-DNS
X-Who
DrivedBy
Language
X-Blog
TheAnswer
X-Webcelerate
X-Varnish-Grace
X-ServerAddr
X-Highwire-Smart-Code
X-Pass-Through
X-PBY
X-UnsetCookies
X-SCM-Server-Number
Page-Template
MachineName
Arrnode
X-MCF-ID
X-XHR-Current-Location
X-VLoc
X-Varnish-Instance
X-ELB
CmsfirstPublishTimestamp
StatusCode
MSThemeCompatible
MSSmartTagsPreventParsing
Response-Time
EN-User
Session-From
ServerIP
X-Cache-Bypass
X-Varnish-Cached-TTL
X-Node-App
X-Nginx-Page-Cache
X-Secure
X-Unique-Id
Debug-Status
X-Time-Zone
X-Meta-MSThemeCompatible
X-Meta-MSSmartTagsPreventParsing
X-Varnish-Cached
X-CO-Host
X-UPServer
X-Hit
X-Meta-Imagetoolbar
X-BPool
X-PROCESSED-BY
X-Static
X-Svr
X-Cjtype
X-ACLR-Version
User-Agent
X-Cacheable-TTL
X-Title
X-Server-FQDN
X-Route
X-Cache-Original-TTL
X-Cache-Id
X-Proxy-Id
X-Custom-Header
Cacheid
X-Layout
X-Full-Url
X-Script
X-BServer
X-VC-Cacheable
RSB-LINK
X-VC-Cache
X-BPool-Fx-Cache
X-VC-Debug
X-BPool-Bx-Cache
X-W3TC-Minify
X-VC-Hash
X-Turpentine-Esi
Warning
EQ-Cache
CpuTime
Control-Cache
X-BPool-Back
GranicusServer
HostName
Webserver
X-HOSTNAME
X-FORWARDED-PROTO
X-Akam-SW-Version
X-Pixelsilk-Version
FastCGI-Cache
X-Pixelsilk-Server
Apple-Itunes-App
X-Server-Hostname
Rewriter
X-SH-Cache-Disabled
Actioncode
CS-SERVER
X-Homeaway-Requestmarker
X-BackendProxy
X-Svr-Proxy
X-Server-Generated
Amp-Access-Control-Allow-Source-Origin
DbServerName
X-Sn-Servicetimems
Countrycode
Head
X-Geo-IP
X-Locale
X-Skip-Cache
Serverid
Xcache
X-CACHE-KEY
CD4
X-Member
X-PG
X-CPU-Time
X-Dynamic-Cache
X-Reason-Bp
X-Prerendered
X-NewsFlow-Sitename
X-MyName
X-Healthy
X-ClusterID
X-Backend-Name
X-PBS-Appsvrname
X-PBS-Appsvrip
X-Upgrade-Enabled
V-Age
X-Cache-FS-Status
X-Server-Instance-Name
X-Varnish-Debug-Hits
Request-Filtered-By
X-Proxy-Backend
Referer
X-Origin-Date
X-M
ReqUrl
X-Gateway-Rate-Limit-Conn
Powered-By-115
X-Gateway-Rate-Limit-Delayed
X-PBS-Fwsrvname
TestCC
X-MSEdge-Ref
X-SSLUpstream
X-ProcessESI
X-RemovedCookies
X-Instance
WSCLoggingUUID
WP-FROM-CACHE
X-Cache-TTL-Age
X-Cache-TTL-Current
X-Old-Content-Length
X-RequesterIP
X-SSLProxy
X-NMT-Proxy
X-Test-Debug
X-Varnish-Cache-Ttl
X-XHTML-Minification-Powered-By
X-Ants-Machine-Id
X-Ants-Host
X-Site
X-Theme
X-Prerender-Token
CDCHOST
Expiries
Returned-Status
V-TTL
SINA-TS
SINA-LB
DNNOutputCache
Www.Aujourdhui.Com
DB-Nickname
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-SCProxy
HA-Cloudapp
Edgecast
HA-Geocountry
X-K8s
HA-Geolat
HA-Geolon
X-Request-Processing-Time
Note
HA-Geocity
X-Ssl-Cipher
X-Request-Received
X-Processed
X-Mobile-Rewrite
X-Does-He-Have-Time
X-Distributed-By
X-TLS-Version
X-TTL-Age
X-DevSrv-CMS
Be
X-Beatles-Hits
X-Cache-Set
Redirect-Reason
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
X-Optimization
X-Max-Age
X-Uncacheable
BlockPHPCallEnd
X-Cache-LB
X-This-Proto
X-WR-MODIFICATION
PB-PID
PB-RID
X-Fastly-Backend-Reqs
HA-Georegion
X-B3-Traceid
X-Cacheable-By-Varnish
X-Olaf
X-Upstream-Status
X-B3-Spanid
VAR-Cache
Container
Resin-Trace
Server-Hostname
X-Cache-V
X-CGP
X-ENV
X-MSU-SOURCE
X-PoweredBy
Realaction
X-DeliveryServer
X-DEBUG-TTL
X-Fpc
X-Clx-Request
X-DEBUG-HOST
Arrow-RequestId
Access-Control-Request-Headers
User-Cache-Control
HA-Ipaddr
HA-Servedtime
HA-Urlpath
X-ACache
X-BIT-Node
HA-Host
X-Cache-ASPX
X-Built-By
X-Test
X-Status
NKBVHEADER
SB-Site-IE-VERSION
X-Ao-Cache-Key
MwpReleaseVersion
Load-Balancer
L5d-Success-Class
IES-Server
X-Session-Id
X-Restarts
X-Tt-Dbg