Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Date
Content-Type
Set-Cookie
Server
Connection
Cache-Control
Vary
X-Powered-By
Expires
Content-Length
Link
Last-Modified
Pragma
Accept-Ranges
ETag
X-Content-Type-Options
X-Frame-Options
Strict-Transport-Security
CF-RAY
X-XSS-Protection
Age
X-Cache
Expect-CT
Content-Language
P3P
X-AspNet-Version
X-Pingback
Via
X-UA-Compatible
Upgrade
Access-Control-Allow-Origin
X-Xss-Protection
Content-Security-Policy
X-Cacheable
X-Request-Id
X-Varnish
Referrer-Policy
X-Adblock-Key
X-Check
X-Generator
X-Language
X-Template
X-Type
X-Buckets
X-Cache-Group
X-Pass-Why
WPE-Backend
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Download-Options
Alt-Svc
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Ac
Host-Header
X-Hacker
X-Cache-Hits
X-Sorting-Hat-Section
X-Dc
X-Alternate-Cache-Key
X-AspNetMvc-Version
X-ShopId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-FeatureSet
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-Via
X-Runtime
X-Powered-By-Plesk
X-Served-By
P3p
X-Contextid
X-PC-Key
X-PC-Hit
X-Amz-Cf-Id
X-UA-Device
X-PC-AppVer
X-ServedBy
MS-Author-Via
X-PC-Date
X-PC-Host
Content-Location
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Powered-CMS
X-Timer
X-IPLB-Instance
X-Seen-By
X-Wix-Request-Id
Status
X-Rid
X-Ua-Compatible
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
CF-Cache-Status
X-Tumblr-Pixel-1
Cartoon
X-Iinfo
X-Tumblr-Pixel-2
Access-Control-Allow-Credentials
X-Backend
X-WPE-Loopback-Upstream-Addr
X-Cache-Status
Content-Encoding
X-Host
X-CST
Powered-By
X-Endurance-Cache-Level
X-Mod-Pagespeed
X-Cache-Enabled
X-FRAME-OPTIONS
X-Cache-Hit
X-Port
X-NewRelic-App-Data
X-CDN
X-Tumblr-Pixel-3
X-Newrelic-App-Data
X-Logged-In
X-Server-Powered-By
Keep-Alive
X-DIS-Request-ID
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Server
X-Robots-Tag
X-Accel-Version
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Page-Speed
X-Content-Powered-By
X-GitHub-Request-Id
X-LiteSpeed-Cache
X-Content-Digest
Content-Security-Policy-Report-Only
X-Request-ID
X-Rack-Cache
X-Tumblr-Pixel-4
X-FW-Hash
X-FW-Server
X-AH-Environment
X-FW-Type
X-FW-Serve
X-FW-Static
X-Pad
Request-Context
X-Varnish-Cache
X-Hits
Edge-Control
X-Webcom-Cache-Status
X-Request-Country
X-Trace
X-XRDS-Location
SPRequestGuid
Access-Control-Expose-Headers
X-BC-Stapler
X-MS-InvokeApp
X-SharePointHealthScore
WP-Super-Cache
X-Node
Cf-Railgun
Edge-Cache-Tag
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-HS-Content-Id
X-CF-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-SERVER
Charset
Timing-Allow-Origin
X-HS-Combine-CSS
X-Died
X-Webserver
X-FullPageCaching
X-Content-Security-Policy
X-Cache-Lookup
X-Fastly-Request-ID
X-PHP-Backend
X-PhApp
X-INKT-SITE
X-INKT-URI
X-Cnection
Access-Control-Max-Age
Request-Id
X-Backend-Server
SPIisLatency
SPRequestDuration
X-Edge-Cache
X-Edge-Cache-Key
CONTENT-SECURITY-POLICY
MicrosoftOfficeWebServer
X-Servedby
EagleId
X-Swift-SaveTime
X-Swift-CacheTime
Rating
X-CDN-Pop-IP
X-CDN-Pop
X-SS-Conf
X-SS-Location
Composed-By
X-Tumblr-Pixel-5
Grace
X-Device
X-Server-Name
X-Tumblr-Content-Rating
Ali-Swift-Global-Savetime
X-Safe-Firewall
X-NF-Request-ID
X-DDC-Arch-Trace
Liferay-Portal
X-Dw-Request-Base-Id
Served-By
X-Spip-Cache
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Cloud-Trace-Context
X-Hyper-Cache
Front-End-Https
X-VCache
X-Microcache
P-LB
P-WS
X-Original-Date
Surrogate-Control
X-Firenze-Processing-Times
X-Cluster-Node
X-RateLimit-Remaining
X-RateLimit-Limit
X-LiteSpeed-Cache-Control
X-TNCMS
X-Loop
X-OneAgent-JS-Injection
X-StackifyID
X-Middleton-Display
Display
X-Clacks-Overhead
X-Sol
X-RateLimit-Reset
X-Jimdo-Wid
X-Jimdo-Instance
X-Middleton-Response
Response
X-Acc-Exp
Content-Style-Type
X-Kinsta-Cache
X-FB-Debug
Content-Script-Type
X-Wix-Punisher
Public-Key-Pins
X-DNS-Prefetch-Control
X-Vtex-Processado-Em
X-Debug-Info
X-Shopid
X-Sorting-Hat-Featureset
X-Shardid
X-Sorting-Hat-Podid-Cached
X-Sorting-Hat-Privacylevel
X-Sorting-Hat-Shopid-Cached
X-Sorting-Hat-Shopid
X-Tumblr-Pixel-6
X-Sorting-Hat-Podid
X-Age
X-Amz-Version-Id
X-HOST
X-User-Agent
X-DynaTrace-JS-Agent
X-Magento-Tags
Fpc-Cache-Id
X-LW-Cache
X-XN-XNHTML
X-XN-Trace-Token
X-Zen-Fury
X-Ruxit-JS-Agent
X-Cache-Config
X-Goog-Hash
X-Px
X-Url
X-Cached
Wpe-Backend
PageSpeed
X-N-OperationId
X-WebKit-CSP
X-Hostname
X-Version
Feature-Policy
Retry-After
X-Upstream
Refresh
Xkey
X-Topify-Platform
X-Frame-Option
X-Generated-By
Rt-Fastcgi-Cache
X-Edge-Location
Allow
X-Handled-By
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Source
Access-Control-Request-Method
X-Loopia-Node
X-FORWARDED-FOR
X-MiniProfiler-Ids
TCN
X-EdgeConnect-Origin-MEX-Latency
Fastcgi-Cache
X-Whom
X-Request-Time
X-Cached-By
X-ET-API-ROOT
X-ET-API-VERSION
X-ET-API-ORIGIN
X-EdgeConnect-MidMile-RTT
X-B-Cache
Product
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-URLSCHEME
X-RESOURCE
X-Accel-Expires
Powered
X-From
X-Fastcgi-Cache
X-CMS-Version
X-AspNetWebPages-Version
X-Outils-CS
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
ServedBy
X-DynaTrace
X-Content-Options
Last-Published
X-Varnish-Host
X-Tec-Api-Root
X-Tec-Api-Origin
X-Varnish-HitMiss
X-Varnish-Count
X-Tec-Api-Version
X-Magento-Cache-Debug
X-Guploader-Uploadid
X-Engine
X-CacheServer
No
X-VTEX-Cache-Status-Janus-ApiCache
X-Vtex-Remote-Cache
X-Vtex-Processed-At
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Janus-Router-Backend-App
X-Varnish-Cache-Hits
X-UD-Method
X-Application-Context
Warning
Public-Key-Pins-Report-Only
X-Signature
X-Developer
Imagetoolbar
Generator
X-Platform-Server
X-S
X-Location-Id
Dmn
X-Device-Type
X-Cache-Key
Cache-Provider
X-Response-Time
X-NWS-LOG-UUID
X-Microcachable
X-Cache-Info
Fhost
Pagespeed
X-Umbraco-Version
X-PERF
X-ApacheServer
Host
Alternate-Protocol
Cache-Key
X-Platform
X-Shop-Id
X-F-Cache
X-Defender
X-HS-Content-Campaign-Id
X-ARC
X-Msg-2-Log
X-Passed-To-DLL
X-Returned-From
X-Passed-To
X-Returned-From-DLL
X-Original-Request
X-Hosted-By
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Ezoic-Cdn
X-Actual-URL
X-Gateway-Cache-Status
Origin
DynaTrace
X-LBLID
X-Recruiting
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Passed-To-BeforeDispatch
X-Returned-From-BeforeDispatch
X-Micro-Cache
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
X-Microcache-Status
X-Stale
X-Forwarded-For
X-Cache-Rule
X-Translation
X-Via-JSL
X-Lambda-Id
X-Powered-By-360WZB
X-SSLUpstream
X-SSLProxy
Akamai-IP
Version
X-Sapient
Content-Hash
X-Akam-SW-Version
X-Acquia-Application-UUID
X-Track
X-Cache-Age
X-Platform-Cache
Surrogate-Key
X-SO
MIME-Version
X-I-Sp
X-BS
X-Instart-Request-ID
Arr-Disable-Session-Affinity
X-Dispatcher
X-Svr-Proxy
WZWS-RAY
X-URL
X-SVR-IIS
X-Rnd
X-Correlation-Id
X-Cache-Tags
RTSS
S-Cnection
X-Dns-Prefetch-Control
X-Cache-Namespace
X-Environment
X-Duration
X-Supported-By
X-Cache-TTL
X-Magento-Cache-Control
USPLoggingUUID
X-Powered-By-VTEX-Janus-Edge
Content-Disposition
SSPAppContext
X-Dealeron-Original-Url
X-DealerOn
X-Dealeron-Backend
X-Abgroup
X-Powered-By-VelaWeb
Node
X-Matrix-Proxy
X-Matrix-Server
X-Art-Request-Id
X-Director
X-NetCat-Version
X-App-Status
X-ORACLE-DMS-ECID
Wsr-Cache
X-TransIP-Balancer
X-Page-Cache
X-Vcap-Request-Id
Pool
X-Expires-Orig
X-CSRF-Protection
X-Cache-Control-Orig
X-App-Hosting
X-LB-Node
X-TransIP-Backend
X-Server-Upstream
X-Rocket-Nginx-Bypass
X-Debug
X-SSL-Protocol
X-Correlation-ID
X-Revision
X-Hypernode
X-SSL-Cipher
X-Edge-IP
FAI-W-FLOW
X-Generated
X-Front
X-Server-Id
X-Client-IP
X-I
X-ServerName
X-Storage
X-Daa-Tunnel
X-ATG-Version
X-Geo-Country
Accept-Encoding
X-Cache-Debug
X-Drupal-Cache-Tags
X-Cache-Handler
X-Server-ID
X-Now-Id
Src-Update
ServerID
X-Hiawatha-Cache
Update-Time
X-VARITI-CCR
SN
X-Cache-Lifetime
X-Gamma-Serve
X-SV-Edge
SiteSpeed
X-SV-Expires
X-SV-FromDBCache
X-Rocket-Nginx-Serving-Static
X-SV-CacheTags
X-SV-CreatedAt
X-SV-Duration
X-SV-Nginx-Duration
X-Route-Server
X-Varnish-RemainingLife
X-Varnish-Cacheable
X-Varnish-GracePeriod
X-Varnish-RemainingTTL
X-Varnish-ObjectSource
X-SV-Cacheable
X-SV-Pid
X-Varnish-Seen-By
X-NoCache
X-Cache-Server
X-LB-Server
X-Acquia-Application-Trace
Contao-Page-Layout
Cache
X-Url-Base
Content-Encoding-Handler
Powered-By-ChinaCache
X-Varnish-Age
X-Firenze-Processing-Time
X-SRV
X-Grace
X-Cache-Level
X-Vhost
Edge-Control-Message
X-Env
X-Flow-Powered
X-Discourse-Route
X-Dispatch
X-Varnish-Url
X-IsCacheURL
X-Cache-Operation
X-GeoIP-Country-Code
X-Litespeed-Cache-Control
Req-Id
X-TTFB
X-Cache-Only-Varnish
X-SmugMug-Hiring
Smug-CDN
X-TTFB-L
X-SmugMug-Values
Cneonction
X-Amz-Meta-S3cmd-Attrs
X-Time
Backend
Cache-Tags
X-Pressidium-NinukisWP-Ver
X-Ttl
X-Varnish-TTL
X-Varnish-IP
X-Sucuri-ID
X-Drupal-Cache-Contexts
X-Forwarded-Proto
X-Sucuri-Cache
Lsrequestid
X-Country-Code
X-Server-Instance
X-Cache-Engine
X-Unbounce-VisitorID
X-Unbounce-PageId
X-CJ-Soft
X-TransIP-Reserved
X-Unbounce-Variant
Author
If-Modified-Since
X-Varnish-Backend
X-Middleware-Start
Service-Worker-Allowed
X-Service-Id
X-Content-Type-Option
Strikingly-Cached
Strikingly-Cache-Region
X-Always-Cache
X-Content-Encoded-By
X-ORACLE-DMS-RID
X-GUploader-UploadID
X-Litespeed-Cache
Strikingly-Cached-Version
X-Amz-Rid
Location
SEOMOZ
MJ12bot
X-Twitter-Response-Tags
X-Magnolia-Registration
Proxy-Connection
X-Transaction
X-GeoIP-Country-Name
X-Speed-Cache-Key
X-Trace-Id
X-Connection-Hash
X-Locale
X-Cache-Expires
X-FIRSTBase
X-Speed-Cache
X-SRCache-Key
X-Last-Modified
From-Origin
Content-MD5
Custom-Header
Server-Name
X-BackendServer
X-Cache-PageType
X-Cache-Fix
W
X-Esi
X-High-Performance
Use-Proxy
X-Cache-Control
X-Cache-Type
X-Webkit-CSP
X-CF-Passed-Proto
AMF-Ver
Https
Section-Io-Id
X-PwB-Node
X-Varnish-Retries
X-TTL
X-Akamai-Device-Model
X-Cookie-Domain
X-Akamai-Device-Characteristics
Srv
ServerName
X-LB
X-Now-Cache
X-WR-MODIFICATION
Page-Completion-Status
X-Symfony-Cache
NnCoection
X-Content-Security-Policy-Report-Only
X-N
X-Frontend
MC
X-ServerID
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Dynamic-Cache
X-Real-Server
X-Nginx-Cache
Edit
Pv
X-CDN-Forward
X-Storage-Cache-Date
X-Processing-Time
X-Storage-Cache
X-Storage-Cache-Expires
FindLaw
Qs-Cache
X-Xrds-Location
X-Nitro-Cache
NetMindSessionID
X-Cache-Device-Type
X-Varnish-Server
X-HW
Local-Info
X-ID
Swift-Performance
X-Shard
X-Pool
X-Empowered-By
X-Key
X-FTR-Request-ID
X-Srv
S
X-NginX-Cache
Nodo
X-SDS
X-Amz-Meta-Content-Md5
Content-Transfer-Encoding
X-Yadis-Location
Drupal-Pagecache-Memcache
Fw-Via
PICS-Label
X-Vip
X-Pantheon-Site
X-Pantheon-Phpreq
Surrogate-Key-Raw
X-FW
Ohc-File-Size
X-Pantheon-Environment
Tracecode
Content_type
X-Nbs
X-ACMCache
Prama
IBM-Web2-Location
IM-Version
X-Varnish-Ttl
X-Amz-Storage-Class
Pics-Label
X-Varnish-Hits
Hummingbird-Cache
X-Distributor
X-Sedo-Request-Id
X-PF-Uncompressing
X-Origin
X-Cache-Miss-From
X-Browser
X-FireWall-Port
Access-Control-Allow-Method
X-Analytics
X-Shield-Request-Id
X-Id
Backend-Timing
X-SP-Farm
Cached
X-Worker
X-Location
X-Content-Age
X-WR-Flags
X-Varnish-Hostname
Xc-Version
X-Disney-Akamai-Rule
Ram
X-Orig-Vary
X-LP
Ramp
X-A
X-SP-UniqueName
Server-Timing
Noq
X-Yottaa-Optimizations
X-BKSrc
CacheControlHeader
X-Varnish-ID
X-Yottaa-Metrics
X-Role
X-Cache-2
X-Config-Blacklist-Version
RequestId
Dtk-Cache-Check-0
X-Unique-ID
X-Rq
X-Runtime-Rack
X-Hit-Cache
X-Hstore
X-Pagename
X-Hrouter
X-App
X-Real-IP
X-Drectory-Script
X-Cache-CFC
AsisCache
HAVer
X-Redman-Final-Url
X-AEM
X-NginX-Server
X-RequestId
X-Sys-Req-ID
X-4ormat-Cacheable
X-LW-Web-Server
X-E
Server-Info
HCVer
X-UPSTREAM
Adm-Server
X-SERVER-NAME
X-Redman-Backend
X-JSESSIONID
X-Adobe-Loc
X-Adobe-Content
X-TB-M
X-VC-Enabled
X-Avg-Cookie-Expires
X-AVG-Country-Code
X-Akamai-Edgescape
SRV
Cm-Server
X-WPL-DATA
Web-App-Origin-Name
X-Proxy
X-Span
Accept-Language
X-Runtime-Affili
X-Proxy-Backend
X-Runtime-Memory
X-App-Runtime
Accept-Charset
Cteonnt-Length
X-ClientSide-Caching
X-GoCache-CacheStatus
X-Agent
X-CB-Server
Lookup-Cache-Hit
A-Powered-By
WWW-Authenticate
X-JG-Page-Cache
X-VC-TTL
X-Stage
X-Appmachine-Environment
X-ServerIndex
X-Vcache
Nginx-Cache
X-CAPServer
X-Remote-Addr
SHInfo
X-Source-ID
X-Rule
X-Atraveo-Cache-Control
X-CLOUD-TRACE-CONTEXT
X-Culture
X-Generated-Timestamp
Lb
X-Force
X-RealServer
X-App-Server
X-Dw-Trace-Id
Server-ID
X-PRAM
X-Forwarded-Host
X-V
X-ARRServer
X-Request-Uri
X-Path-Route
Accept-CH
X-Atraveo-From-Varnish-Cache
X-Atraveo-Zone
X-Balanceador
X-Atraveo-Expires
X-Atraveo-ETag
X-Atraveo-Param-Rm
X-Fedora-School-Id
X-Atraveo-Varnish-Server-Id
X-Atraveo-Set-Cookie
X-Atraveo-TTL
X-Webstats-RespID
Access-Control-Request-Headers
X-Distil-CS
X-GeoIP
XDomainRequestAllowed
X-Varnish-Debug-Age
X-Pantheon-Az
X-Varnish-Debug-TTL
X-Ratelimit-Reset
X-Jphone-Copyright
X-Ratelimit-Limit
Eomportal-Instance
X-Session-ID
X-Ratelimit-Remaining
X-Purge-Host
X-Purge-URL
Request-Country
Beyond-Iis
X-CacheDebug
Request-EU
X-HydroSheep
Pf.Web.Request.Id
X-NWS-UUID-VERIFY
X-Akamai-Transformed
X-Backend-Status
X-SmartBan-Host
CS-SERVER
X-SDE-Name
IES-Server
Load-Balancer
X-Server-IP
X-Hosting-Env
Disablevcache
X-Processed-By
X-RiS-UFDI
Firespring-Website-Id
X-Framework
IISExport
Front
SVR
X-Cache-Ttl
X-CacheFROM
X-Nginx-Host
X-Highwire-SessionId
Url
X-Cacheable-TTL
X-Highwire-RequestId
X-ESI
X-SE-Debug
X-Session-Reinit
Upgrade-Insecure-Requests
X-SmartBan-URL
X-Cache-Dispatcherpragma
X-Domain-Checked
X-Batcache
X-Plat
X-Cache-Dispatchercachecontrol
X-Dev
X-Cms-Mode
Worker
X-Frames-Options
X-Provisioner-Version
WP-FROM-CACHE
X-Map-Context
Proxy-Agent
X-Client-Image-Vid
X-Upgrade-Enabled
X-IIJ-Cache
X-HeBS-Cache-Status
X-Consent-Required
X-Envoy-Upstream-Service-Time
X-Req-Head-Response
X-EPiphany-Vid
ScoreTracker
X-Resource
Referer
CLMOB
X-Proxy-Skip
X-Client-Vid
Copyright
X-Detected-Device
Cmsid
Cmstype
Frame-Options
Paypal-Debug-Id
X-PBY
AETN-DEVICE
X-Resty-Request-Id
AETN-EU
AETN-Latitude
AETN-Longitude
X-DSMX-Render-MS
AETN-State-Code
X-Actindo-Thread-Id
X-Adnet
X-GSL-Server
X-Aramark-SID
X-B2f-Not-Route
Myheader
X-Actindo-Request-Id
X-Actindo-Rs
CF-Worker-Script
Thanks
VANITY-HOST
X-HTML-Minification-Powered-By
AETN-Postal-Code
AKA-DEVICE
X-Domino-CacheValidationWithETagReason
WP-AdvCache-MemCached
Proxy-Cache
X-Domino-CacheValidationWithETagResult
AETN-City
AR-ATIME
AR-CACHE
X-Oferteo-Domain
X-Proxy-Cache-Control
X-HA-Frontend
X-TKP-SRV-ID
X-Autoru-Host
X-Cocoon-Version
Max-Age
AR-PoweredBy
X-Soro
Access-Control
AR-SID
X-Debug-Token
X-Data-Request
X-WebNode
X-Via-S
X-Header
X-UA-Bot
X-HashTwo
X-HA-Backend
X-Amcomm-Site
Home
Num
X-Upstream-Backend
X-Upstream-Status
Il-Cl
AETN-Continent-Code
AETN-Country-Name
AETN-Country-Code
Play-Detected-Device
AETN-Area-Code
X-Varnish-Cache-Local
Traffic-Origin
X-Application
X-Amz-Id-1
X-DSMX-Rewrite-MS
X-Confluence-Request-Time
*
X-VCS-Cacheable
X-VCS-Ttl
Play-Detected-UserAgent
X-Garden-Version
X-7d-Instance-Id
X-Block-RuleID
X-MAT-GEO
Identity
X-7d-Trace-Id
Cleartype
Description
X-CacheLoc
Access-Control-Allow-Header
Filters
X-Rebelmouse-Cache-Control
X-Block-Rule
VServer
X-Desc
X-AF-Userserver
Dispatcher
X-DevSrv-CMS
X-PHP-Response-Code
AMP-Redirect-To
X-Bip
X-Cache-On
X-Cache-Varnish
X-CRA-DC
Keywords
X-Refresh
Og
X-Compress-Hint
ServerSignature
Bios
ServerTokens
Web
X-Varnish-URL
X-OpenCart-Lightning
COMMERCE-SERVER-SOFTWARE
Serverid
NtCoent-Length
X-WP
X-Via-NSCOPI
X-Rack-Cors
X-Now-Trace
X-Smartcache-Timeout
X-Smartcache-Keys
X-Dynatrace
X-SV
RN-Server
X-DataDome
X-Ms-Request-Id
Pramga
X-HostName
Dynatrace
Now
X-CACHE-TTL
X-M-Log
X-Cache-Detail
XX
X-WEBMGR-CACHE
X-Clara-ASAP
X-Geo
PServer
X-ASAP-Cache
X-Gyrobase-Publication
X-Beatles
MageStack-Magento-Version
MageStack-PageSpeed
VAR-Cache
MageStack-Tag
MageStack-Loadbalancer
X-Cache-Doesi
MageStack-Config
MageStack-Cacheable
MageStack-Debug
X-DN-Cache-Control
X-EC2-Instance-Id
Ttl
MageStack-Web-Node
X-Varnish-Id
MageStack-Area
X-Timestamp
X-Qnm-Cache
X-AOL-HN
MageStack-Cache
X-Test
X-LBPoolMember
Viewport
MageStack-Cache-Lifetime
X-Served-Server
MageStack-Cache-Hits
X-M-Reqid
X-AutoRu-App-Id
Yoncu-Errno
X-Depends
X-Custom-Name
X-Captured
X-Skip-Cache
Dis-Env
Ibf5scheme
N365rili
X-Protected-By
X-Amz-Apigw-Id
Environment
X-Lb
X-MCB-Server
X-SilverStripe-Cache
X-Blog
Fastly-Debug-Digest
From
MageStack-Cache-Status
ServerNode
X-Beget-Proxy
HitType
Machine
X-RiS-PX
X-Geo-IP
FRONT-END-SECUREBROWSER
Resin-Trace
Magicmarker
X-Amzn-RequestId
X-Secret
X-Flex-Evend
X-Flex-Evstart
X-Flex-Community
Aurora-Node
X-CacheID
Arrnode
X-Flex-Lang
X-Flex-Lastmod
DNNOutputCache
Prot
X-Fastly-Request-Id
X-Flex-Tags
X-Flex-Tag
X-Response
X-Dynatrace-Js-Agent
X-WebKit-CSP-Report-Only
X-Ghost-Cache-Status
X-SH-Cache-Status
X-Requestid
X-Amzn-Trace-Id
X-Nx-All
X-Nx
X-Info
X-Policy
X-Middleton-PageSpeed
Fastly-Backend-Name
Edgecast
X-Streams-Distribution
X-ROUTING
X-Gateway-Rate-Limit-Delayed
X-DB-Content-Length
X-Deity
X-Appid
VSID
X-Highwire-Sitecode
X-Highwire-Smart-Code
ViewMode
X-Served
X-Tag-Playlist
X-Varnish-Action
Xc
CACHE
X-Reflector-Cache
X-Reflector
X-Cache-Me-Harder
X-FastCGI-Cache-Status
CommunityServer
X-Varnish-Ip
X-FORWARDED-PROTO
X-ENDPOINT
X-ORIKEY
X-Varnish-Debug-Hits
X-APIVERSION
X-APIAUTH-VAL
Report-To
NLCacheNote
X-IP
X-Vary-Options
X-TLS-Version
X-RAMCache
X-Cdn-Forward
X-Sid
BackendServer
Device
X-Appversion
X-Pj-Cache-Status
NODE
X-Access-Control-Allow-Origin
CDN-PullZone
CDN-CachedAt
X-We-Are-Hiring
CDN-Cache
X-Varnish-Backend-Beresp-Backend
CDN-RequestId
X-Cluster
X-Compressed-By
X-FromPodPressCache
CDN-Uid
X-Reqid
X-Rack-CORS
X-Now-Instance
X-Page
SBSS
X-Nginx
X-Global-Transaction-ID
Content
X-Obvious-Tid
X-Svr
BALANCEDTO
X-Instance
X-Cache-Extended
X-Cache-Action
X-MyName
OracleCommerceCloud-Sandiego
X-NewsFlow-Sitename
EagleEye-TraceId
X-MainProfileURL
X-MainProfileName
X-HS-Status
X-Instance-Id
X-MainProfileCategory
X-MainProfileID
X-PBS-Appsvrip
X-PBS-Appsvrname
HSTS
TP-Cache
TP-L2-Cache
X-Box
CommercePlatform-Version
X-Firefox-Spdy
X-PBS-Fwsrvname
X-Status
CF-Cache-Key
X-Varnish-Cached-TTL
Webserver
X-ENV
X-Beluga-Cache-Status
X-B3-Sampled
X-Wodby-Node
X-Beluga-Node
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Response-Time-X
X-Beluga-Response-Time
Backend-Powered-By
Content-Sn
YF-ID
X-ZSITES-DNS
ModuleCacheType
X-Vol-Mrp
Ohc-Response-Time
X-Aramark-CSID
DB-Nickname
X-Vol-Correlation
TYPO3-Sitename
TYPO3-Pid
Hosted-By
X-Proxy-Id
X-NoIndex
HTTPS
X-Sn-Servicetimems
X-Origin-Cache
X-UPServer
X-Varnish-Cached
X-Goog-Meta-Replace
X-Goog-Meta-Policy
X-ETag
X-Cache-Time
Server-Id
X-MCF-ID
X-Phpwcms-Page-Processed-In
X-Phpwcms-Release
X-Shopware-Cache-Id
X-Built-With
X-Shopware-Allow-Nocache
NGX
X-Fpc
X-Route
X-Cdn-Origin
X-Custom-Header
OracleCommerceCloud-Version
MageStack-Cache-Warning
MageStack-Last-Modified
X-Max-Age
WN
MageStack-Cache-Lifetime-Sent
X-Mighty-Proxy
X-Processed
X-This-Proto
X-PM-ID
X-Pass-Through
Ssl-Proxy-Server
GranicusServer
Cf-Ipcountry
X-Say-Cacheable
X-Say-TTL
ServerIP
X-ProBase-Server
Hit-Count
Response-Time
X-Build-Id
Purge-Cache-Tags
X-MID-Host
X-Powered-By-Home.Pl
Provider
X-Backside-Transport
X-ACCELERATE
X-Cache-LB
X-Cname-TryFiles
X-Resolver-IP
X-Client-Id
MS-CV
X-Obvious-Info
Tempo
X-Origin-Date
REFRESH
Tk
X-M
X-Varnish-Grace
X-FPC
X-Search-Id
X-Src-Webcache
X-UnsetCookies
PBS
AMP-Access-Control-Allow-Source-Origin
X-HA
X-V-Cache
X-SayCDN-TTL
X-Generated-Time
X-Airee-Node
X-MrHost
TC-S-Cache
X-BPool-Back
TC-S-Cache-M
Provided-Host
Session-Id
X-BServer
Ufe-Result
TC-Cache-U
X-Webcelerate
X-Cache-FS-Status
AC-ELC
Session-From
X-DynamicCache
CDCHOST
TC-Cache
Nitro-Cache
TC-Cache-IC
SINA-LB
SINA-TS
X-WN-ClientGroup
X-Goog-Meta-Goog-Reserved-File-Mtime
X-W3TC-Minify
X-SAPP
X-Varnish-Cache-Ttl
X-Test-Debug
Debug-Status
X-XHTML-Minification-Powered-By
X-CH-Device
X-Proxy-Cache-Key
X-Batcache-Reason
X-Title
X-Layout
X-Node-Id
X-ManagedFusion-Rewriter-Version
X-Gannett-Site-Version
Amfplus-Ver
X-NodeID
X-Powered-By-ADS
X-SCM-Server-Number
X-Rewritten-By
X-Static
X-Cache-Node
X-Actual-Url
SERVER-ID
X-DEBUG
X-PROCESSED-BY
X-RENDER-TIME
X-COUNTRY-CODE
X-Xml-Http-Blocked
X-Mobilized-By
X-Scheme
X-Directory-Script
X-Serv
X-Server-Addr
X-Oracle-Dms-Ecid
Server-Ip
X-CACHE-KEY
SERVER-NAME
X-Time-Spent
X-No-Session
X-Appmachine-Name
X-Serverid
X-Ruxit-Js-Agent
Language
X-TEST
X-Pageid
X-NMT-Proxy
X-Front-Cache
X-Fastly-Backend-Reqs
X-Appmachine-Duration
X-Country
Origin-Vm
X-Beresp-Ttl
X-Appmachine-CreatedOn
X-Who
X-UT-Cache
Fastly-Drupal-Html
Fastly-Restarts
RSL-Trace-ID
X-Tradeindia-SMgmt
X-Avvio-Cms-Cacheload
X-Bitrix-Composite
X-Server-Generated
VC-NoCache
ProxiaInstanceId
X-ReqId
X-Catalyst
X-Old-Content-Length
X-Middleton-Pagespeed
X-Healthy
X-ProcessESI
X-RemovedCookies
X-AMAZEEIO
Gzip
X-Proxy-Server
X-Vid
X-SSLTerm-Server
X-Ssl-Cipher
X-Tradeindia-Request-GUID
X-Origin-Server
X-Cache-Bypass
X-Ms-Version
X-Nginx-Request-Processing-Time
F5-IpCliente
ClientIP
Actual-Object-TTL
Prototype-RootPath
EQ-Cache
PagesDisplayed
X-AppServer-Cache-Rule
X-Enabled3
X-InDy-Memory
V-Cache-Ttl
X-Autoru-App-Id
X-Grid-Server
X-AppServer-Cache-Exception
X-CAMPUSSUITE-ENVIRONMENT
X-CAMPUSSUITE-DEBUGGING
X-Enabled2
X-AppServer-Status
X-Mobile-Rewrite
X-Telligent-Evolution
X-Origin-Upstream-Status
X-Router
Ews
Servername
X-Enabled1
X-Cache-Id
X-InDy-Query
X-InDy-Time
X-Server-Hostname
X-CAMPUSSUITE-TENANT
D
Generate-Time
X-SG-Server
X-Amz-Meta-S3b-Last-Modified
X-Varnish-Age-Debug
X-ORIGN-SERVER
X-Optimization
X-From-Cache
X-GZip
X-Itkg-Cache-Tags
X-Accel-Cache-Control
X-Magento-Route
X-Unique-Id
X-CSRF-Token
PB-PID
PB-RID
PROGMA
LB
X-Amzn-Remapped-Date
UrlWatchModule-Time
X-Varnish-TTL-Debug
Amp-Access-Control-Allow-Source-Origin
X-Expires
X-Cache-HT
HA-Urlpath
X-D2id
EN-User
X-HP-CAM-COLOR
X-Navigation-Version
HitInfo
X-Olaf
FastCGI-Cache
X-UPSTREAM-Address
X-Dck
X-Render-Time
X-Built-By
X-BeResp-Ttl
X-Abuse
X-Content-Type
X-FastCGI-Cache
X-Log
X-MSU-SOURCE
X-DDM-SERVER-UPDATED
X-PoweredBy
X-Requested-With
X-Rocket-Nginx-Reason
X-Rocket-Nginx-File
X-DDM-SERVER
X-Clx-Request
X-Qiniu-Zone
X-Oracle-Dms-Rid
Requested-Host
Unique-Request-Id
Web-Server
X-Ser
X-Transaction-Name
X-Cache-ID
X-Boot
X-OPNET-Transaction-Trace
X-SSL
X-CloudBurst-Frontend
X-CloudBurst-WordPress
X-Pagely-Cache
X-Server-Ip
X-Served-From
X-BIT-Node
X-Varnish-Cache-Control
X-VHosting-Cache
ID
X-CloudBurst-Cache
X-CloudBurst-Backend
X-SCProxy
X-PressLabs-Stats
SS
X-Cachable
X-SEA-Instance-Name
Arrow-RequestId
X-Mobile-Device-Type
X-Mobile-Device
X-Amz-Meta-Version-Id
X-Activity-Id
X-Az
Sl-Pgid
X-Debug-Message
X-SuperCache
X-UType
X-Node-App
X-Nginx-Page-Cache
X-Proto
DrivedBy
MachineName
Id
X-Meta-MSThemeCompatible
X-Meta-MSSmartTagsPreventParsing
X-Firewall
X-Cache-TTL-Current
X-Hit
X-Instance-Name
X-Meta-Imagetoolbar
MwpReleaseVersion
NZSpeedy
X-ASAP-Age
WebServer
X-Cache-Warmer
X-Enhanced-By
X-JoinUs
X-FG-RequestId
SB-Site-IE-VERSION
SB-Site-Device
Pragrma
Page-Template
Returned-Status
SB-Cache-Life
SB-Cache-Remaining
X-Cache-TTL-Age
StatusCode
HA-Host
HA-Georegion
HA-Ipaddr
HA-Servedtime
NKBVHEADER
L5d-Success-Class
HA-Geolon
HA-Geolat
BlockPHPCallEnd
X-VG-WebCache
HA-Cloudapp
HA-Geocity
HA-Geocountry
Progma
Request-Time
X-XHR-Current-Location
X-ServiceProvider
CmsfirstPublishTimestamp
Httpd-Identifier
MSThemeCompatible
MSSmartTagsPreventParsing
X-Ruby-Cluster-ID
X-NginX-Upstream
X-CGP
X-Bcwwwid
X-HAProxy
X-Homeaway-Requestmarker
X-Jcms-Ajax-Id
X-Machine