Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
Link
ETag
X-Content-Type-Options
X-Pingback
P3P
X-XSS-Protection
X-Frame-Options
X-AspNet-Version
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Keep-Alive
Strict-Transport-Security
X-Varnish
Access-Control-Allow-Origin
X-Check
X-Language
X-Template
P3p
X-Buckets
X-Cacheable
X-Generator
Content-Location
X-Drupal-Cache
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Iinfo
X-Request-Id
X-Powered-By-Plesk
MS-Author-Via
X-Type
X-Pass-Why
X-Cache-Group
X-Runtime
Status
WP-Super-Cache
X-Powered-CMS
Ngpass-Ngall
Content-Security-Policy-Report-Only
X-UA-Device
X-Permitted-Cross-Domain-Policies
Host-Header
X-Cache-Hits
X-Download-Options
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Dc
Access-Control-Allow-Credentials
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Mod-Pagespeed
X-Tumblr-Pixel-1
X-Via
Access-Control-Allow-Headers
X-Logged-In
X-Tumblr-Pixel-2
X-Pad
X-Request-ID
X-Backend
Access-Control-Allow-Methods
X-ServedBy
X-ContextId
X-Served-By
X-PC-Key
X-PC-Hit
Content-Security-Policy
X-Host
X-CDN
X-Cache-Hit
Powered-By
X-Tumblr-Pixel-3
X-Port
Upgrade
X-PC-AppVer
X-PC-Host
X-PC-Date
X-Robots-Tag
X-Server
X-Rack-Cache
X-Cache-Lookup
X-Cache-Status
MicrosoftOfficeWebServer
MicrosoftSharePointTeamServices
X-Accel-Version
SPRequestGuid
X-SharePointHealthScore
X-Varnish-Cache
X-Page-Speed
X-Safe-Firewall
X-Request-Country
Rating
X-MS-InvokeApp
X-XRDS-Location
Content-Encoding
X-Amz-Cf-Id
X-Seen-By
X-Tumblr-Content-Rating
X-Wix-Renderer-Server
X-Wix-Request-Id
X-Cnection
X-AH-Environment
X-Turbo-Charged-By
CF-Cache-Status
X-Tumblr-Pixel-4
X-W-DC
X-SERVER
X-FullPageCaching
X-Webserver
X-Timer
X-GitHub-Request-Id
X-Content-Powered-By
X-Served-From-Cache
X-Content-Digest
X-PhApp
X-Cache-Enabled
X-INKT-SITE
X-INKT-URI
Public-Key-Pins
Request-Id
Composed-By
X-Firenze-Processing-Times
Served-By
Alt-Svc
SPIisLatency
SPRequestDuration
X-Proxy
X-Amz-Id-2
X-Amz-Request-Id
Cf-Railgun
X-Server-Powered-By
Liferay-Portal
X-Proxy-Cache
X-Hyper-Cache
Permitted-Cross-Domain-Policies
X-HeyJason
Timing-Allow-Origin
X-Spip-Cache
X-Styx-Req-Id
X-Styx-Version
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
X-Server-Name
X-Node
X-CF-Powered-By
X-Tumblr-Pixel-5
Access-Control-Max-Age
Refresh
Charset
X-XN-Trace-Token
Access-Control-Expose-Headers
X-XN-XNHTML
Content-MD5
X-Swift-SaveTime
X-Swift-CacheTime
Content-Script-Type
EagleId
Content-Style-Type
X-Content-Security-Policy
X-VWS-Id
X-Gateway
X-LJ-Flow-ID
X-Beta
X-AWS-Id
X-Hits
X-Umbraco-Version
X-FW-Hash
X-Clacks-Overhead
Grace
Access-Control-Allow-Method
X-Fastly-Request-ID
X-FB-Debug
Cartoon
X-Jimdo-Instance
X-FW-Static
X-FW-Serve
Public-Key-Pins-Report-Only
X-FW-Type
X-Jimdo-Wid
X-VCache
X-Backend-Server
X-Powered-By-360WZB
X-Device
X-DDC-Arch-Trace
X-Dw-Request-Base-Id
X-Cache-Server
Real-Hostname
X-Loop
X-Cloud-Trace-Context
X-User-Agent
X-Generated-By
X-MiniProfiler-Ids
X-TNCMS
X-Cache-Result
X-Tumblr-Pixel-6
X-Cache-Config
X-Cached-By
X-Url
X-CDN-Pop-IP
X-CDN-Pop
X-Px
X-Drupal-Dynamic-Cache
X-Cached
X-Hostname
X-Whom
X-Outils-CS
PageSpeed
X-Age
NS-RTIMER-COMPOSITE
X-DynaTrace-JS-Agent
X-CMS-Version
X-HOST
X-Forwarded-For
X-Do-Not-Hack
X-ServerName
TCN
Response
X-URL
Fpc-Cache-Id
Surrogate-Control
X-WebKit-CSP
X-DynaTrace
X-Middleton-Display
X-Middleton-Response
Display
X-Sol
Fastly-Debug-Digest
X-Handled-By
Edge-Control
X-LiteSpeed-Cache
ServedBy
Page-Completion-Status
X-Recruiting
Imagetoolbar
Magicmarker
ServerName
X-Expires-Orig
X-Micro-Cache
DynaTrace
X-Content-Options
X-Msg-2-Log
X-AspNetWebPages-Version
Product
Rt-Fastcgi-Cache
Fhost
X-CDN-Geo-IP
X-CDN-Geo
X-CDN-Any-IP
X-TTL
X-Country-Code
IBM-Web2-Location
X-Ruxit-JS-Agent
X-From
X-NetCat-Version
Generator
X-Server-ID
Access-Control-Request-Method
X-Content-Encoded-By
Alternate-Protocol
X-Returned-From
X-Passed-To-DLL
X-Actual-URL
X-Passed-To
X-Original-Request
X-Returned-From-DLL
X-Hosted-By
Powered-By-ChinaCache
X-Varnish-Cache-Hits
X-Varnish-Host
X-Varnish-Beresp-Ttl
X-ApacheServer
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-App-Hosting
X-Returned-From-PostProcessResponse
X-Stale
X-Matrix-Proxy
X-Matrix-Server
X-Track
X-Firenze-Processing-Time
Akamai-IP
X-Cache-TTL
Content-Hash
X-Version
X-ChromeLogger-Data
X-Varnish-TTL
USPLoggingUUID
Content-Encoding-Handler
Front-End-Https
X-Origin
X-Developer
X-I
X-PERF
X-UD-Method
Powered
X-ATG-Version
X-S
X-Varnish-Cacheable
X-FORWARDED-FOR
Ag-Send-Time
Ag-Execution-Time
Ag-Server-Time
MIME-Version
X-Varnish-Backend
X-Daa-Tunnel
X-SDS
X-Platform
X-Cache-Control-Orig
Node
X-CacheServer
Content-Disposition
X-I-Sp
X-BS
X-App-Status
Surrogate-Keys
X-Gamma-Serve
X-Director
X-Cache-Rule
X-Cache-Info
Proxy-Connection
X-Cache-Age
X-Microcachable
X-Vtex-Processed-At
X-Vtex-Remote-Cache
Lsrequestid
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-Edge
X-Powered-By-VTEX-Janus-ApiCache
X-Powered-By-VTEX-Janus-Edge
X-VTEX-Cache-Status-Janus-ApiCache
No
X-Vtex-Processado-Em:
X-DefendeR-Runtime
X-DefendeR-Status
X-Art-Request-Id
X-Cdn
X-Cache-Debug
X-Duration
X-Powered-By-Server
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Abuse
X-Varnish-Age
Host
Retry-After
X-Source
X-Request-Time
X-Location-Id
X-Front
X-URLSCHEME
X-FW
X-RESOURCE
X-CDN-Node
Origin
X-CDN-Cache-Status
X-Rocket-Nginx-Bypass
Content-Security-Policy-Rerport-Only
Buuteeq-Source
X-NoCache
Webluker-Edge
X-Route-Server
Version
Proxy-Agent
X-PwB-Node
X-Drectory-Script
X-Mobilized-By
X-Revision
ServerID
Fastcgi-Cache
X-Device-Type
Pics-Label
Location
X-Response-Time
X-Microcache-Status
X-Translation
X-Vcap-Request-Id
X-Cache-Expires
X-Geo-IP
X-CJ-Soft
X-Frontend
X-Time
Accept-Encoding
PICS-Label
X-ServerID
SN
X-Geo-IPV
X-Geo-IP-Region
X-Instart-Request-ID
X-Geo-IP-Country
X-Geo-IP-Metro
NetMindSessionID
X-Fastcgi-Cache
X-Cache-Tags
X-Page-Cache
X-Trace
AMF-Ver
X-Cache-Operation
Accept-Charset
CC-CACHE
X-Cookie-Domain
RTSS
X-Speed-Cache
X-B-Cache
Arr-Disable-Session-Affinity
X-Dispatch
VAR-Cache
X-Grace
X-Purge-Host
Server-Info
X-Real-Server
X-Provisioner-Version
Cache
X-Domain-Checked
X-Cache-Key
X-Upstream
NtCoent-Length
X-Trace-Cache
X-Goog-Hash
SID
Filter-Revision
Req-Id
X-Server-Response-Time
X-ClientSide-Caching
X-Speed-Cache-Key
X-Platform-Processor
X-UPSTREAM
X-Varnish-Server
Qs-Cache
Mobiquo-Is-Login
X-GeoIP-Country-Name
X-Platform-Router
X-Processed-By
X-GeoIP-Country-Code
X-Xrds-Location
X-SV-Pid
X-Yadis-Location
X-SV-Nginx-Duration
Content-Transfer-Encoding
X-SV-FromDBCache
X-SV-Duration
X-SV-CreatedAt
X-SV-Edge
X-Akamai-Device-Model
X-SV-Expires
X-SV-CacheTags
Last-Published
X-Cache-Lifetime
X-Server-Upstream
X-Varnish-Hits
Cxy-All
X-SE-Debug
Lfy
X-ACMCache
X-Akamai-Device-Characteristics
X-Libra-UpstreamHost
X-Magnolia-Registration
X-Cache-Doesi
X-Amz-Meta-S3cmd-Attrs
X-Engine
X-DNS-Prefetch-Control
SVR
Logging-CorrelationId
X-Nitra-Side
X-Origin-Id
X-AOL-HN
X-N
X-Purge-URL
X-Orig-Vary
NODE
X-LiteSpeed-Cache-Control
X-PF-Uncompressing
X-Blog
Nitro-Cache
HAVer
X-Varnish-Grace
HCVer
X-Client-IP
WSR-Cache
A-Powered-By
X-NginX-Node
X-Hypernode
Thanks
X-NginX-Upstream-Addr
X-NginX-Upstream-Response-Time
X-NginX-Cache-Status
X-NginX-Upstream-Status
X-WR-Flags
IISExport
X-Discourse-Route
X-AbeBooks-Version
X-Cache-Engine
X-Nginx-Cache
Author
X-Processing-Time
X-Litespeed-Cache
X-Varnish-Hostname
COMMERCE-SERVER-SOFTWARE
Frame-Options
X-Varnish-Seen-By
X-StackifyID
X-Sucuri-ID
X-Varnish-RemainingTTL
Srv
X-Distributed-By
X-Framework
X-Empowered-By
Tk
X-Obvious-Info
X-Varnish-Debug-Age
Hamster
X-Obvious-Tid
X-Varnish-RemainingGrace
LBVIS
X-Srv
Smug-CDN
X-Env
X-JG-Page-Cache
X-FIRSTBase
X-Varnish-Action
X-Prefetched
X-Newrelic-App-Data
X-SmugMug-Values
X-Debug
X-Ttl
X-Sys-Req-ID
X-Mobile-URL
X-Varnish-IP
X-Session-Reinit
X-TTFB-L
X-SmugMug-Hiring
X-TTFB
BALANCEDTO
Allow
X-Hit-Cache
Keywords
X-IsCacheURL
X-NB-Cached-Page
CacheControlHeader
Cm-Server
X-Grid-Server
X-AOL-SNH
X-Aicache-OS
Cache-Key
X-Pagename
X-BackendServer
X-Nhost
X-XTM-Node
Host-Service
X-Directory-Script
X-Nurl
X-NFE
X-Cookie
X-Amz-Version-Id
X-Flow-Powered
X-Varnish-Debug-TTL
X-Do-Esi
X-SmartBan-URL
Ibf5scheme
X-Symfony-Cache
X-Platform-Cache
X-Ob-Mode
X-LW-Web-Server
SSPAppContext
X-LB
SRV
X-Highwire-SessionId
X-SmartBan-Host
Nodo
X-Highwire-RequestId
X-Dns-Prefetch-Control
X-Cache-Control
X-Yottaa-Optimizations
X-Unique-ID
Server-Name
X-Garden-Version
S-Cnection
X-Machine-Name
S
X-Supported-By
Front
Mime-Version
Id
X-App-Server
X-Yottaa-Metrics
X-Uid
X-Adobe-Content
Beyond-Iis
Rewriter
X-NginX-Cache
X-Adobe-Loc
X-Cache-On
Description
X-Varnish-HitMiss
X-Dynatrace
X-Varnish-Count
LBC
X-TempDebug
X-Resolver-IP
X-NginX-Server
X-Twitter-Response-Tags
X-Transaction
X-Connection-Hash
SiteName
X-Smartcache-Timeout
WWW-Authenticate
X-Src-Webcache
X-Plat
X-Storage
X-App
X-APP
X-Smartcache-Keys
X-WP
X-Hosts-Backend
XDomainRequestAllowed
X-Balanceador
X-Middleton-PageSpeed
X-Object-Type
Set-Cookie2
X-Cf-Powered-By
X-Bettercache-Proxy
X-Object-Id
X-Cache-Keep
X-Node-Name
CT
Backend
WP-AdvCache-MemCached
X-CacheResult
X-Amz-Storage-Class
X-Cache-TTL-Remaining
W
X-Phpwcms-Page-Processed-In
X-Real-IP
X-Varnish-Esi-Method
X-Varnish-Esi-Access
X-Atraveo-Cache-Control
X-Atraveo-Expires
X-Content-Age
X-Phpwcms-Release
X-Atraveo-From-Varnish-Cache
X-Atraveo-Set-Cookie
X-Atraveo-ETag
X-Atraveo-Zone
X-Atraveo-Varnish-Server-Id
X-Atraveo-TTL
X-Config-By
X-WR-MODIFICATION
X-Cache-Fix
X-Accel-Expires
X-Cache-PageType
X-Atraveo-Param-Rm
X-WA-Info
X-HP-Trace-ID
X-Client-Vid
X-Distributor
X-Jphone-Copyright
ServerSignature
N365rili
X-Content-Security-Policy-Report-Only
X-Response
X-RDP
X-Captured
X-Worker
Prxy
Ksid
Cneonction
X-MrHost
Beid
X-Cache-Original-TTL
X-Full-Url
X-EPiphany-Vid
X-Analytics
X-Vary-Options
ServerTokens
Sophnep-Edge-FX
Pool
X-Cache-CFC
Backend-Timing
X-HP-Trace-Project
X-WorkerInstancename
X-Nginx-Host
X-Force
ScoreTracker
X-CB-Server
X-SDE-Name
X-Full-URL
X-RiS-UFDI
X-PRAM
X-Source-ID
X-ORACLE-DMS-ECID
X-Amz-Id-1
NnCoection
X-Rocket-Nginx-File
X-HW
X-Server-Id
X-Optimization
X-Cocoon-Version
X-Rocket-Nginx-Reason
X-Detected-Device
CpuTime
X-DPWN-IS-SECURE
NLCacheNote
IM-Version
X-ACCELERATE
X-Info
X-Varnish-Set-Cookie
Hash
X-ATM-RTime
X-Turpentine-Cache
X-ATM-RServer
X-Varnish-Currency
X-Turpentine-Esi
X-Stage
CLMOB
X-Author
Pool-Info
X-HOSTNAME
X-ID
X-Healthy
Real-Server
X-DOM
X-Server-Instance
X-BC-Stapler
X-Browser
X-CDN-Forward
X-Magento-Action
X-Webcelerate
X-VARNISH-Cache
X-Unbounce-PageId
X-Varnish-URL
X-Unbounce-Variant
X-Varnish-Store
X-Unbounce-VisitorID
X-Secret
X-Web
X-Trace-Id
X-Avvio-Cms-Cacheload
X-F-Cache
ServerIP
Xc
X-VTEX-Janus-System
X-Varnish-Instance
X-PHP-Engine
Bios
X-Kinsta-Cache
X-Cms-Mode
Dynatrace
Worker
X-REDIRECTSERVER
X-TN-ServedBy
X-Dev
X-V
X-Id
X-VTEX-Janus-SO
X-Vhost-ID
VC-NoCache
X-MAT-GEO
Cmsid
X-Varnish-Ttl
Surrogate-Key
Cache-Rule
X-LB-Server
X-Actindo-RS
X-Ghost-Cache-Status
Max-Age
X-B
X-Cache-Node
Cluster-ID
X-Environment
X-Edge-Location
X-T
X-Desc
Sid
X-Appmachine-Environment
X-Ocache
X-ARC
X-Runtime-Memory
GenSvr
X-DTC
X-Server-Instance-Name
X-Server-Generated
X-Pagely-Cache
WFE
X-ETag
X-Wikidot-Static-Cache
X-Wikidot-Backend
Edgecast
X-Invoke-Duration
Cmstype
X-OCTOPOD
X-Expires
Ec
P-LB
X-Trace-App
X-Cache-Level
X-Header
X-Site:
X-Apm-Telemetry-Syncmark
X-Is-Mobile
Il-Cl
P-WS
MW-Webserver
Noq
Ram
X-CID
X-B2f-Not-Route
Access-Control-Allow-Orgin
Backend-Name-Original
X-DSMX-Rewrite-MS
X-FreeTag-Count
X-Powered-By-Anquanbao
X-Block
X-CCC
X-Channel-Maxage
X-Domino-CacheValidationWithETagReason
X-Domino-CacheValidationWithETagResult
X-DSMX-Render-MS
Head
Cpu
Content-Instance
X-Pressidium-NinukisWP-Ver
X-GSL-Server
X-NewRelic-App-Data
Cached
Jobb.Gil.Se
Jobb.Assistentpoolen.Se
Accept-Language
X-N-ViewType
X-ProxyInstancename
Paypal-Debug-Id
OT-RequestId
X-HeBS-Cache-Status
X-AWS
Jobb.Passal.Se
X-AUSERNAME
X-T3CacheInfo
X-T3Cache
X-T3CacheTags
SS
X-Zen-Fury
Www.Myjob.Se
Www.Mirrorgate.Se
Open.Jobgate.Se
Myheader
P3P:CP
Test.Executivepeople.Se
Www.Mabracertifiering.Se
X-DealerOn
X-Frame-Option
Gzip
HOST-SERVICE
X-Clara-ASAP
F5-IpCliente
From
X-Artvisual-Server
ClientIP
X-Tile-Url
X-SV
X-Client-Ip
X-Cache-Action
X-ASAP-Cache
X-Rack-Cors
X-Varnish-Backend-Healthy
X-Restarts
Fastly-Backend-Name
X-Varnish-Error-Restart
MIH-PLATFORM
MIH-PUBLIC-IDENTIFIER
Device
MIH-CLIENT-FARM
X-HostName
Servername
X-Webstats-RespID
PServer
X-Instance
INCOMING-TIME
X-GeoIP
SBGI-1
Dispatcher
X-W3TC-Minify
Fw-Via
Section-Io-Id
X-Cache-Set
SBGI-7
SBGI-5
X-Process-Time
SBGI-10
X-72E-NoBeian-Transfer
Encoding
X-Backend-Name
CommunityServer
TP-Cache
X-Fallback
X-Hiawatha-Cache
X-ASEN
Kanooh-Host
X-HAProxy
X-Cache-Extended
Robots
Device-Type
X-AREQUESTID
X-EntryPoint
X-LW-T
Note
X-Old-Content-Length
X-Cache-Backend
AC-ELC
X-Timing
SBGI-Device
Og
X-Application-Context
SBGI-RenderTime
X-GRACE
SBGI-RealPath
TP-L2-Cache
Web
X-Server-Addr
AsisCache
X-SERVER-ID
X-Amz-Meta-Cb-Modifiedtime
X-Xhr-Current-Location
Warning
X-Enhanced-By
Apache
X-Render-Time
X-HTML-Minification-Powered-By
X-Forwarded-Proto
Machine
SBGI-9
X-IP-Address
X-FastCGI-Cache
X-Dispatcher
IsMobile
X-AccessDev
X-Status
X-Frames-Options
Resin-Trace
X-Test
X-VarnishCache
X-Signature
X-Pj-Cache-Status
X-COUNTRY-CODE
X-Oracle-DMS-ECID
X-Gyrobase-Publication
Fpc-Expire
X-Global-Transaction-ID
X-HA
X-OPNET-Transaction-Trace
X-Pj-Cache-Key
X-Hosting
X-NMT-Proxy
X-Powered-Developer
X-Cms-Server
CDN-Region
Mto-License-Status
Copyright
X-Accel-Cache-Control
X-ServedByHost
X-SilverStripe-Cache
Aoestatic
X-Pixelsilk-Version
CmsCacheEngine
Imx-Cookies-Used
X-Route
X-Sc-Path
X-Sc-Cache
X-Pixelsilk-Server
X-Jcms-Ajax-Id
User-Cache-Control
QC-Time
QC-Key
X-7d-Instance-Id
X-7d-Trace-Id
X-AppServer-Status
X-AppServer-Cache-Rule
QC-Hit
Content-Cache
X-Distil-CS
X-Box
X-EdgeConnect-MidMile-RTT
X-Ec-Custom-Error
Ibm-Web2-Location
X-Search-Id
X-LS-DEBUG
X-Clx-Request
X-ESI
HostGen
X-RAMCache
X-Catalyst
Cdate
PowerCDN
Publisher
X-Confluence-Request-Time
X-Mobile-Device-Type
X-Mobile-Device
X-Request-Count
X-MSU-SOURCE
X-IIJ-Cache
X-Static-Version
X-Fpc
DNI-Expires
X-JSESSIONID
X-9XB-Server
Ttl
X-Magento-Lifetime
X-DEBUG
X-DDM-SERVER-UPDATED
X-Provided-By
X-Purge-Level
X-Router-Backend
X-Router
X-DDM-SERVER
X-Cache-Type
SB-Cache-Life
RSL-Trace-ID
RouteID
SB-Cache-Remaining
SB-Site-Device
X-BeResp-Ttl
Server-ID
X-Site-Name
X-SuperCache
RATING
X-QHCDN
X-Medium-Entity-Type
Cteonnt-Length
Expire
SBMCLOUD
X-EdgeConnect-Origin-MEX-Latency
X-Medium-Entity-Id
X-Fedora-School-Id
X-Tradeindia-SMgmt
X-Tradeindia-Request-GUID
X-Tags
X-UseReverse-Proxy
X-Webapp
Nginx-Cache
XDisk
HA-Front
MachineName
X-SeschatRedID
X-SeschatLayout
X-SeschatDID
X-SeschatTemplateID
From-Origin
Language
ORIGIN
X-Seschat-URL
X-Remote-Addr
X-BE
X-AISO-Server
X-Capoed
X-EZPublish-InstallationID
X-Highwire-Sitecode
X-EZPublish-NodeID
X-PG
Server-IP
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-IB-Content-Type
X-GUploader-UploadID
X-Goog-Generation
X-FFX-B
X-Built-By
VANITY-HOST
X-Cached-Status
X-CCM
X-ESI-Enable
X-Client-Addr
X-AISO-Cacheable
X-AISO-Cache
X-Meta-Imagetoolbar
X-Meta-MSSmartTagsPreventParsing
X-Esi
X-FCMS-Cache
X-Key
X-Gondor-Server
X-Meta-MSThemeCompatible
X-BKSrc
X-Wm-VIP
X-Wm-1
X-VC-TTL
Hosted-By
X-4ormat-Cacheable
NZSpeedy
X-Proto
X-RealServer
Provider
Ngpass-Vcall
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-CPU-Time
Thinkindot-Control
X-Panel-Id
X-Panel-Name
MSSmartTagsPreventParsing
MSThemeCompatible
Content
X-Span
X-PHP-Response-Code
X-Venda-Hitid
X-IB-Content-Urn
X-RSS-CACHE-STATUS
X-Max-Age
X-DN-GyrobaseID
X-Cms
X-IB-Context-Urn
X-Mii-Cache-Hit
X-Device-Group
X-Pb-Mii
Server-Optimized-By
X-Cluster-Node
X-Cluster
X-Flex-Community
X-Flex-Lastmod
X-Flex-Lang
X-Backside-Transport
X-Flex-Evstart
X-Flex-Evend
X-Flex-Tag
X-DN-Cache-Control
X-Hash
X-Flex-Tags
X-RateLimit-Remaining
X-ATP-Server
X-PBY
X-Cache-Ttl
X-Varnish-Max-Age
TotalTime
X-ManagedFusion-Rewriter-Version
X-IB-Site-Name
XX
X-IB-Timestamp
RequestId
X-Rewritten-By
Www.Aujourdhui.Com
X-Rq
V-Age
X-Sid
CountryCode
Serverid
X-Rack-CORS
X-MobileDetected
X-Say-Cacheable
X-EdgeRouter
X-Url-Store
Inserted-Into-Cache-At
X-Hrouter
X-Cache-Me-Harder
X-Cookies-Stripped
Prototype-RootPath
X-NewCloud-V-Cache
X-Hstore
X-ENV
X-Backend-TTL
X-Var-Hash
X-Martin
X-Backend-Status
X-Pardot-Rsp
X-Pardot-Route
X-Request-Processing-Time
X-Request-Received
X-UUID
X-Server-By
X-Pardot-LB
X-MSEdge-Ref
X-RequesterIP
X-DB-Content-Length
Disablevcache
WN
MwpReleaseVersion
Wn-Vars
X-WN-ClientGroup
SL-NOREWRITE-REDIRECTS
X-Identity
X-Cookie-Store
X-Obr-Rule
X-Pj-Cache-Flags
X-Platform-Server
X-Pj-Cache-Time
X-Content-Type
X-Checkout
X-MCB-Server
X-Hcom-Styx-Info
X-This-Proto
AcceptLangage
X-Say-Original-Host
Host-Name
X-PM-ID
X-SayCDN-UA
X-Akamai-Edgescape
ThisTTL
X-Geo
X-Hosting-Env
X-ProcessESI
SINA-TS
SINA-LB
A
X-E
Debug-Status
DPOOL-HEADER
Requested-Host
X-RemovedCookies
X-Server-IP
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-Device-Class
X-Time-Microsecs
X-CO-Host
X-GETTER-Cache
X-BC
UniqueName
X-VG-WebCache
Apple-Itunes-App
Clientip
MtcHosted
X-A
Url-Hash
Returned-Status
X-SayCDN-TTL
X-Time-Spent
AGI-Request-ID
X-ACLR-Version
X-SayCDN-Original-UA
X-SayCDN-Original-Path
X-Say-Original-UA
X-Say-Original-URL
X-Say-TTL
X-SayCDN-Original-Host
X-Debug-Message
X-Serendipity-InterfaceLang
X-LOCATION
X-Lima-Id
At-Isb
At-Shoptype
Atp-Isdpp
X-CACHE-TTL
ReqUrl
X-Serendipity-InterfaceLangSource
X-TB-M
X-Wix-Route-ID
X-Zendesk-Origin-Server
X-Say-Original-IP
X-AG-MIPS
X-PS-MURDOCK-ORIG-FILEEXT
X-PS-MURDOCK-CASE-NORMALIZATION
X-PS-MURDOCK-ORIG-PROTOCOL
X-Security
Bs-Header
X-Not-Cacheable
X-Czt
X-PHP
X-Faeria
X-Hit
X-Firewall
WebServer
X-DataDome
X-DeliveryServer
X-Brought-To-You-By
X-Dynamic
Http
X-HASH
Vacache
X-Application
X-Country
Tempo
Redirect
Web-Server
X-Contact
Server-Version
Yola-ID
RN-Server
NKBVHEADER
Orgin-Server
X-TargSmaku
Count-Click-Attempt2
X-WEBFRONT
Session-Id
X-IP
X-Protected-By
X-Request-Uri
Aurora-Node
X-Varnish-ServiceNetIP
X-Edge-IP
Cache-Cookie-Set-Lfrom
Origin-Server
Secured-By
Server-N
Cache-Cookie-Set-Index-Page
Cache-Cookie-Set-Idcheck
X-Varnish-Hashed-On
X-Debug-Serve
X-Dynamic-Cache
Cache-Cookie-Set-From
X-KoobooCMS-Version
Access-Control-Request-Headers
X-PressLabs-Stats
X-Sn-Servicetimems
X-VC-Enabled
Expiries
Stats-API
X-SATserver
X-Powered-By-Home.Pl
X-Debug-Token
X-Beatles-Hits
X-MCF-ID
X-Orig-Host
Stats-HtmlMinAndCss
Stats-Rendering
X-Expose-Generated
REFRESH
X-Expose-Hostname
X-Expose-Site
X-Expose-Took
If-Modified-Since
B-Powered-By
X-Backend-Ip
X-Compressed-By
X-Esi-Processing
X-Gannett-Site-Version
X-DB-NAR
X-Bcwwwid
Be
X-Server-Ip
X-Akamai-Transformed
Be-Ip
Be-Va
X-Does-He-Have-Time
Tracker
X-Your-GrandPa-Would-Wait
X-UA
X-Would-Your-GrandPa-Wait
X-TTL-Age
NodeId
X-DODN-Id
DB-Nickname
Xonnection
INFO
X-Airee-Node
X-B3-Traceid
X-SID
X-IDS-WS
Powered-By-VeryCDN
X-Fe
Countrycode
Ews
X-Hiring