Threat Level: green Handler on Duty: Brad Duncan

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Date
Content-Type
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
X-AspNet-Version
Link
P3P
X-Content-Type-Options
X-XSS-Protection
X-Cache
Age
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
X-Adblock-Key
Content-Location
Keep-Alive
X-Frame-Options
CF-RAY
X-Varnish
X-Check
X-Language
X-Template
X-Buckets
X-Cacheable
Access-Control-Allow-Origin
P3p
X-Generator
X-Drupal-Cache
X-Ac
X-Hacker
WP-Super-Cache
Status
MS-Author-Via
X-Powered-By-Plesk
X-AspNetMvc-Version
X-Pad
X-Geo-Port
X-Geo
X-Runtime
Strict-Transport-Security
X-Request-Id
X-Powered-CMS
X-Host
MicrosoftOfficeWebServer
X-Type
X-Cache-Group
Access-Control-Allow-Credentials
X-Server
Ngpass-Ngall
X-FRAME-OPTIONS
X-Cache-Lookup
X-Logged-In
X-Mod-Pagespeed
X-UA-Device
X-Cache-Hits
Host-Header
X-Rack-Cache
X-Url
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Via
X-Iinfo
X-Tumblr-User
X-Forwarded-For
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Backend
Access-Control-Allow-Headers
X-Tumblr-Pixel-1
Content-Encoding
SPRequestGuid
X-CF-Powered-By
X-SharePointHealthScore
Access-Control-Allow-Methods
X-Robots-Tag
X-Served-By
X-Varnish-Cache
X-Accel-Version
X-Tumblr-Pixel-2
X-Page-Speed
X-INKT-URI
X-INKT-SITE
X-Cnection
X-BC-Is-HA
X-ContextId
X-ServedBy
X-PhApp
X-MS-InvokeApp
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-CDN
X-Webserver
Composed-By
X-Safe-Firewall
Served-By
X-Hostname
X-Pass-Why
X-Cache-Hit
X-Firenze-Processing-Times
X-PC-Hit
X-PC-Key
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
X-PC-Host
X-PC-AppVer
X-PC-Date
X-Request-ID
X-Port
X-XN-Trace-Token
X-XN-XNHTML
X-Seen-By
X-AH-Environment
X-Tumblr-Pixel-3
X-Dc
X-Cache-Status
X-Powered-By-360WZB
Cartoon
X-Age
X-Spip-Cache
Liferay-Portal
Content-Script-Type
Content-Style-Type
Cf-Railgun
Content-Security-Policy
X-Amz-Id-2
X-Amz-Cf-Id
X-Umbraco-Version
X-Server-Name
X-Amz-Request-Id
X-HeyJason
X-Cache-Info
Request-Id
X-Content-Digest
SPIisLatency
SPRequestDuration
X-Source
X-W-DC
X-Rot
X-FB-Debug
X-Cache-Server
X-Served-From-Cache
X-Styx-Build-Sha
X-Styx-Build-Date
X-Styx-Version
X-Styx-Build-Num
X-Styx-Req-Id
X-Pantheon-Endpoint
X-Pantheon-Styx-Hostname
X-Wix-Renderer-Server
Rating
X-Cache-Result
X-Hyper-Cache
X-Wix-Dispatcher-Cache-Hit
X-SERVER
X-Wix-Request-Id
X-Outils-CS
X-DynaTrace
X-Timer
X-Device
Powered-By-ChinaCache
Real-Hostname
X-TN-ServedBy
X-FullPageCaching
X-Loop
X-PHP-Engine
CF-Cache-Status
TCN
X-VCache
X-Px
X-Tumblr-Pixel-4
DynaTrace
X-Cached-By
Refresh
X-PersistenceNode
X-TNCMS-Memory-Usage
X-TNCMS-Served-By
X-TNCMS-Version
X-TNCMS-Render-Time
X-Mobilized-By
NS-RTIMER-COMPOSITE
Imagetoolbar
X-Cached
X-Generated-By
Magicmarker
X-Microcachable
Page-Completion-Status
X-Original-Content-Length
IBM-Web2-Location
X-Cache-Enabled
X-DynaTrace-JS-Agent
X-Tumblr-Content-Rating
X-CDN-Any-IP
X-CDN-Geo
X-CDN-Geo-IP
X-Content-Encoded-By
X-From
X-Loc
Powered-By
Product
X-W3TC-Minify
X-CMS-Version
X-Matrix-Proxy
X-Matrix-Server
Thanks
X-Tumblr-Pixel-5
X-Content-Security-Policy
X-Zephyr
X-Backend-Server
X-Powered-By-Anquanbao
Access-Control-Max-Age
Charset
X-DDC-Arch-Trace
X-Firenze-Processing-Time
X-Served-With
Generator
X-Clacks-Overhead
X-Permitted-Cross-Domain-Policies
X-Node
PICS-Label
Content-Encoding-Handler
Node
ServedBy
X-Content-Options
X-WebKit-CSP
Proxy-Agent
X-FW-Hash
Retry-After
MIME-Version
X-Varnish-Cacheable
X-I
X-FW-Serve
Lsrequestid
X-FW-Static
X-FW-Type
X-App-Hosting
Response
X-Cache-Debug
X-Varnish-Backend
X-Varnish-Host
X-Processed-By
X-Purge-Host
X-User-Agent
X-Drectory-Script
X-Cache-Expires
X-SDS
X-Cf-Powered-By
X-ATG-Version
X-DNS-Prefetch-Control
Set-Cookie2
X-UD-Host
X-UD-Method
X-Sol
Pics-Label
SID
ServerName
X-AspNetWebPages-Version
Access-Control-Request-Method
X-Original-Request
X-Jimdo-Wid
X-Jimdo-Pid
X-NoCache
X-Expires-Orig
RTSS
X-Varnish-TTL
Content-Disposition
X-Handled-By
X-Actual-URL
X-Passed-To
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
X-Middleton-Response
X-Returned-From-BeforeDispatch
X-Returned-From
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Returned-From-DLL
Host
X-Duration
X-VARNISH-Cache
X-Hits
Cache-By-Node
IISExport
X-PF-Uncompressing
X-Purge-URL
Accept-Encoding
X-Cache-Config
X-ApacheServer
X-LiteSpeed-Cache
X-Nitra-Side
X-Micro-Cache
X-TTL
X-SN
AMF-Ver
X-Swift-SaveTime
X-Swift-CacheTime
X-Cache-Control-Orig
VAR-Cache
X-Director
Edge-Control
COMMERCE-SERVER-SOFTWARE
X-Hosted-By
X-PwB-Node
X-Vary-Options
X-PERF
X-Cookie-Domain
X-FIRSTBase
X-Varnish-Hits
MJ12bot
X-Version
SEOMOZ
Fhost
SN
X-ServerID
Cache
X-Middleton-Display
Display
Surrogate-Control
Cm-Server
X-Front
NODE
S
Id
X-Yadis-Location
X-Speed-Cache
X-Speed-Cache-Key
X-Track
Server-Info
X-MiniProfiler-Ids
Website-Info
X-FORWARDED-FOR
X-Varnish-IP
Machine
X-App-Status
X-Art-Request-Id
X-Whom
X-Cocoon-Version
Filter-Revision
Req-Id
X-CJ-Soft
X-Engine
X-URL
X-Blog
X-Session-Reinit
Grace
Ngpass-Vcall
X-Varnish-Age
WWW-Authenticate
X-Cache-Rule
X-S
X-Domain-Checked
X-Provisioner-Version
X-Highwire-SessionId
X-Highwire-RequestId
X-Response-Time
X-Stale
X-Microcache-Status
Server-Name
X-Device-Type
Srv
X-GeoIP-Country-Code
X-GeoIP-Country-Name
Accept-Charset
X-Trace-Cache
Powered
X-ServerName
X-Amz-Meta-S3cmd-Attrs
X-SRV
Qs-Cache
X-FW
X-ACMCache
CC-CACHE
Upgrade
ServerID
X-Time
X-Distil-CS
X-BackendServer
X-Cache-Operation
Microsoftsharepointteamservices
Webluker-Edge
A-Powered-By
NtCoent-Length
Fpc-Cache-Id
X-Proxy-Cache
X-Translation
X-Directory-Script
Proxy-Connection
Location
X-Xrds-Location
Nodo
X-App
X-Sharepointhealthscore
X-Varnish-Object-Age
Sprequestguid
X-Country-Code
X-Ttl
X-WEBSERVER
X-Cdn
Buuteeq-Source
X-Server-ID
X-Varnish-Cache-Hits
X-ID
X-Varnish-Beresp-Grace
X-Srv
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
MIH-PUBLIC-IDENTIFIER
NetMindSessionID
X-Varnish-Server
X-Tumblr-Pixel-6
MIH-PLATFORM
X-Ms-Invokeapp
MIH-CLIENT-FARM
X-Orig-Vary
No
X-Gamma-Serve
X-Vtex-Processado-Em
X-LIGHTHTTP-PCDID
X-Vtex-Remote-Cache
Rt-Fastcgi-Cache
X-VTEX-Cache-Status-Janus-ApiCache
X-VTEX-Janus-Router-Backend-App
X-Vtex-Processed-At
X-Sys-Req-ID
X-VTEX-Cache-Status-Janus-Edge
X-Powered-By-VTEX-Janus-Router
X-Powered-By-VTEX-Janus-ApiCache
X-Powered-By-VTEX-Janus-Edge
Content-Transfer-Encoding
X-Source-Host
X-Bettercache-Proxy
X-Frontend
X-AOL-SNH
X-WebServer
Ms
X-Geo-IP
X-Cache-Age
CT
X-Cache-Action
X-Header
NLCacheNote
X-Transaction
Backend
X-Connection-Hash
Cteonnt-Length
X-Twitter-Response-Tags
X-Adobe-Content
X-Location-Id
CommunityServer
MW-Webserver
Origin
X-Secret
X-CHSN
X-Object-Id
X-Object-Type
X-TempDebug
X-Cache-On
Dispatcher
Server2
SS
X-Info
X-Machine-Name
X-Cluster-Node
Beyond-Iis
X-Src-Webcache
X-Wily-Servlet
X-Wily-Info
X-CacheHits
X-Recruiting
Author
X-MJ-Upstream-Addr
X-Source-ID
PageSpeed
Apache
XDomainRequestAllowed
X-Grid-Server
X-Cache-Lifetime
X-Enhanced-By
X-Varnish-HitMiss
X-Varnish-Count
X-Li-Pop
X-LI-UUID
X-Li-Fabric
X-FS-UUID
Public-Key-Pins
X-Debug
X-ChromeLogger-Data
X-Resolver-IP
X-ORACLE-DMS-ECID
-GCR
X-Cache-TTL
LBVIS
X-Server-By
X-Atraveo-NC
X-Atraveo-TTL
X-Venda-Hitid
X-Server-Id
X-Atraveo-Cache-Control
X-Atraveo-From-Varnish-Cache
X-N
X-Atraveo-Varnish-Server-Id
Allow
X-FreeTag-Count
X-Id
X-Amz-Id-1
X-Old-Content-Length
X-Expires
X-Developer
X-Rewritten-By
X-PvInfo
MirrorName
X-Accelerated-By
X-ManagedFusion-Rewriter-Version
X-PRAM
From
SiteName
X-Turbo-Control
X-Empowered-By
X-Force
X-Frames-Options
Content-MD5
X-GeoIP
X-Garden-Version
UniqueName
X-MJ-Serve-Req-Time
X-Trace
X-Cached-Status
X-Stage
X-Router
X-Router-Backend
Backend-Name-Original
SVR
X-Vhost
X-Powered-By-Server
X-Webapp
X-Channel-Maxage
X-Block
X-Trace-App
X-Varnish-Debug-Age
Warning
X-Varnish-Debug-Hits
X-GSL-Server
X-N-ViewType
X-UseReverse-Proxy
X-Request-Locale
X-Nginx-Server
X-Ar-Debug
Cmsid
X-UD-Target
X-Geo-IP-Metro
X-Geo-IPV
X-Uid
Cmstype
X-Geo-IP-Country
X-Distributed-By
X-UD-REMOTE-ADDR
SFY
X-Geo-IP-Region
LFY
X-UD-Loopcounter
X-T3CacheInfo
X-Origin-Id
Worker
Mark
X-Yottaa-Optimizations
X-CacheTTL
X-Cache-Ttl
X-Upstream
X-Cache-Set
X-Webkit-CSP
X-Yottaa-Metrics
X-Cms-Mode
Provided-Host
X-Jphone-Copyright
X-ServerCache-Info
Last-Published
X-Vhost-ID
X-Dev
Front
X-Varnish-Cache-Local
Cneonction
Access-Control-Expose-Headers
X-Max-Age
X-Hosting-Env
X-Remote-Addr
BM-Cache-Node
Be-Ip
X-WR-MODIFICATION
ScoreTracker
X-UPSTREAM
X-Real-Server
Be-Va
BM-Cache-Key
REFRESH
X-T3CacheTags
X-GC-Write
X-GC-Read
X-GC-App
ORIGIN
X-Origin
X-PM-ID
SS-Request-ID2
X-Powered
X-Accel-Expires
WP-Cache
X-OPNET-Transaction-Trace
OriginServer
Web-Server
X-B2f-Not-Route
X-Goog-Hash
WFE
Ttl
Ram
X-Drupal-Cache-Tags
X-ESI
Noq
AppDynamics-BT
X-Varnish-ID
X-Via-Kemp
Cpu
X-SSL
X-Varnish-Action
X-Farm-Server
Cache-Ctrol
X-SilverStripe-Cache
X-HOSTNAME
Tpt.Renderer
SIP
X-Powered-By-Yqk
Rt-Server
X-Yqk-Set
7e-Page-Cache
ServerConfigManager.WebBugTracker
After
Before
ExecuteNonQuerySQLParam
X-Content-Age
XX
Hamster
SRV
Render
IsFullSiteRequest
X-ATM-RTime
Tpt.Renderer1
No-Cookie
User-Updated-At
X-Response
Ksid
X-Kirra-SiteId
Version
User-Id
X-ATM-RServer
CDN
WP-AdvCache-MemCached
Cluster-ID
At-Shoptype
Atp-Isdpp
B-Powered-By
At-Isb
Provider
X-Server-Instance
X-Phpwcms-Page-Processed-In
X-IDS-WS
X-Phpwcms-Release
BM-Cache-Status
LBC
X-HostName
Aoestatic
X-Client-IP
Il-Cl
Backend-Host
X-BS
X-Hit-Cache
X-Pagename
BALANCEDTO
X-Catalyst
X-ASTRO-REWRITE
X-Varnish-Device
X-SV
X-Vivastreet-KiwiiPage
X-Vivastreet
Jobb.Assistentpoolen.Se
Test.Executivepeople.Se
Progma
Edgecast
X-CacheServer
X-DTC
X-Monstercache-Timeout
Copyright
X-Actindo-RS
X-WP
X-MCB-Server
Content-Security-Policy-Report-Only
X-Gannett-Site-Version
HAVer
HCVer
X-Abuse
X-Monstercache-Host
X-Monstercache
X-Varnish-Cache-Server
X-Host-Url
P3P:CP
Open.Jobgate.Se
Jobb.Passal.Se
X-Varnish-Currency
X-EPiphany-Vid
X-Client-Vid
X-Nginx-Backend
X-LB
Sid
Www.Myjob.Se
Www.Mabracertifiering.Se
Www.Mirrorgate.Se
Jobb.Gil.Se
X-Monstercache-Hash
Content-Instance
X-ESI-Enable
X-FFX-B
Redirect
X-Nginx-Host
X-Web-Node
X-Distributor
X-B2f-Cache-Load
X-Purge-Url
X-DeliveryServer
X-Route
Compression-Control
Server-N
X-WorkerInstancename
X-Hstore
X-Hrouter
ServerId
ServerIP
PageSpeedFilters
X-DefendeR-Runtime
X-Varnish-Cookie-Debug
X-Node-Name
X-Varnish-URL
X-EdgeRouter
X-MobileDetected
X-Purge-Level
X-Allow-Redis
X-ACCELERATE
PServer
X-Brought-To-You-By
User-Cache-Control
X-ARR
X-T3Cache
X-Symfony-Cache
X-Flex-Community
X-Flex-Evend
X-Flex-Evstart
Nitro-Cache
Svr
X-Dynamic
Ec
Front-End-Https
X-Hash
INCOMING-TIME
X-Flex-Lastmod
X-Flex-Tag
X-Flex-Tags
X-Flex-Lang
Sigma
X-Binarysec-Via
Smug-Env
Ibm-Web2-Location
X-Compressed-By
X-Flow-Powered
X-TTFB-L
X-SmugMug-Values
X-SmugMug-Hiring
X-TTFB
X-Uplex
X-Varnish-Debug-Pool-Fetch
X-LAvg
X-Hit
If-Modified-Since
X-WA-Info
Content
Pool
X-Varnish-Debug-Pool-Recv
X-Varnish-Restarts
X-Server-Generated
Acdc-Web
X-Full-URL
X-Instart-Request-ID
X-CCM
X-DB-Content-Length
SV-Duration
X-Client-Addr
X-Server-Node
X-REDIRECTSERVER
TP-Cache
CP
Pool-Info
Foglight-Request-UUID
X-SeschatLayout
TP-L2-Cache
X-SeschatRedID
X-SeschatDID
X-Seschat-URL
X-SeschatTemplateID
Test
X-Confluence-Request-Time
X-Artvisual-Server
Accept-Language
X-Edge-Location
X-MSEdge-Ref
NnCoection
X-IP-Address
X-ProcessESI
X-Wix-Route-ID
Head
X-RemovedCookies
Ozcache
Bs-Header
X-NginX-Cache
X-NginX-Server
Server-Optimized-By
X-Internal-IP
X-Magento-Lifetime
X-Magento-Action
Xonnection
X-Cache-Backend
X-FCMS-Cache
X-Oracle-DMS-ECID
Mobiquo-Is-Login
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Nucleus-Cache
Portlet.Expiration-Cache
X-TLServer
X-Fett
ExecutionTime
X-Planisys-CDN-Rules
X-SATserver
D
X-Timestamp
X-USERNAME
X-HOSTTYPE
X-Config-By
X-Cluster-Host
X-Optimization
POOL
No-Cache
X-SERVER-ID
X-Time-Spent
X-Gondor-Server
X-Page-Generated-At
X-Trans-Id
X-S-Misc
DBG-HTTPHOST
PROPSON-FARM
X-Unbounce-VisitorID
X-Unbounce-Variant
X-Unbounce-PageId
X-Environment
X-Cluster-ID
DBG-Timestamp
Ngpass-All
Hotelbookingid
SLB
DBG-TargetHost
F-In-Cache
X-Framework
X-7d-Traceid
X-7d-Version
X-Planisys-CDN-Cache
Tracker
X-Revision
X-7dig
SL-NOREWRITE-REDIRECTS
X-AISO-Cache
X-Generation-Time
X-NID
X-Stackable-Node
X-AISO-Server
X-D-Time
X-Mobile
X-XHR-Current-Location
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
Xc
X-Dokk-PortalId
X-CACHE-TTL
X-Time-Microsecs
X-Webstats-RespID
X-JSON-API-LATENCY
MageStack-Area
X-Hostingcenter
X-DC-Origin-IP
X-Svr-Id
X-PBY
X-ELC-Checkpoint4
X-Benchmark-Sphinx
X-Benchmark-Sphinx-Count
X-Benchmark-Db
X-Benchmark-Cache
X-App-Server
X-Author
X-Benchmark-Total
Publisher
MachineName
Ibf5scheme
X-Hosting
MGIT
X-Locale
X-Varnish-Set-Cookie
X-Country
MageStack-PageSpeed
MageStack-Cache
MageStack-Loadbalancer
X-Ratelimit
X-Server-IP
Tempo
MageStack-Response-Ttl
X-Powered-Developer
X-PS-MURDOCK-CASE-NORMALIZATION
X-PS-MURDOCK-ORIG-FILEEXT
X-PS-MURDOCK-ORIG-PROTOCOL
MageStack-Tag
MageStack-Debug
MageStack-Cache-Status
MageStack-Cache-Lifetime
MageStack-Cache-Hits
X-CMS
MageStack-Cacheable
MageStack-Config
X-Page-Generation-Time
X-UserAgent
X-TTL-Age
X-App-Container
Fw-Via
Servername
X-Client-Id
X-Edge-IP
X-ProxyInstancename
X-RequesterIP
CData
UNIQUE-ID
X-Varnish-Mode
S-Cnection
X-Test
X-IP
X-Snapsis-PageBlaster
OutputRewritten
X-AspNet-Browser-ID
X-Aws-Ec2
X-Turpentine-Esi
X-ATP-Server
X-Cache-Key
X-Device-Group
Www.Aujourdhui.Com
X-Mod-Oboe-PS
X-DELIVERYSERVER
X-DSMX-Render-MS
X-DSMX-Rewrite-MS
X-Gyrobase-Publication
X-Mii-Cache-Hit
X-GeoIP-Country
CountryCode
X-GL-SRV
CACHED-RESPONSE
AcceptLangage
X-Pb-Mii
X-PHP-Cache
X-Work-With-Me
97YES.COM
X-Varnish-Esi-Access
X-Backend-Status
X-Obvious-Tid
X-Varnish-Esi-Method
X-Varnish-Store
X-WLD-LB
X-Nocache
X-Turpentine-Cache
X-Obvious-Info
X-Domino-CacheValidationWithETagReason
X-Cookie-Store
X-Checkout
X-Domino-CacheValidationWithETagResult
X-Magnolia-Registration
X-Var-Hash
X-Url-Store
Disaptch-Cache-Rule
X-MSU-SOURCE
SBMCLOUD
XDisk
X-Created
X-Varnish-Max-Age
WebDevSrc
X-Req-Counter
X-Status
X-Nginx-Cache
X-NGINX-CACHED
X-V-Outer
X-V-TTL
X-Varnish-Hit
X-V-I-TTL
X-Site
X-NGINX-CACHED-AT
X-Req-Host
X-Provided-By
X-Hc-Host
X-WAP
OGHopCount
IsMobile
Keywords
X-AccessDev
X-Cache-Host
X-Varnish-Debug-Varnish-TTL-Set-From-Server
Description
ProxiaInstanceId
X-Continum-Server
X-Cache-Via
X-RSS-CACHE-STATUS
X-Forwarded-Proto
X-Middleton-PageSpeed
Time
X-ACLR-Version
X-Wm-1
X-Req-Url
X-PoweredBy
Xforwardhost
X-Ec-Custom-Error
Modurl
Modhost
Content-Cache
Esi-Enabled
Server-IP
X-Debug-Token
X-Process-Time
X-Life
X-Do-Not-Hack
Modcookie
W
X-Wm-VIP
AC-ELC
Initialhost
CC-UP
X-VHOST
X-Varnish-Ttl
Vacache
X-Nc
Web-Head
X-Frontal
V-Cache
X-RE-Ref
CPOINT
X-Debug-Serve
X-SDE-Name
Access-Control-Allow-Method
Host-Service
DB-Nickname
X-Medium-Entity-Type
X-FRONT-TTL
X-VG-WebCache
X-Amz-Version-Id
X-Caching-Rule-Id
X-ESI-Processing
X-Medium-Entity-Id
X-Cluster
X-Apublish-Id
Prama
X-Accel-Cache-Control
Http
B2C-F-008
X-Backend-Ip
X-Czt
X-TAG
X-View
X-Cache-Control
Requested-Host
Server-Ip
EWHSERVER
X-Pixelsilk-Server
X-Header-Set-Id
X-GitHub-Request-Id
X-RNDPAGE
X-Pixelsilk-Version
X-Papaya-Cache
Countrycode
X-BIN
X-Http-Host
X-CID
X-Cdn-View
X-Instance
TIMESTAMP
Protected-By
MwpReleaseVersion
X-Answer
X-ASPID
X-Nginx-UpstreamHost
X-NSPID
X-Nginx-Pool
X-Libra-UpstreamHost
X-D2id
HGR-NOCACHE
X-Varnish-Hashed-On
X-Cached-From
X-Src-Loadbalancer
X-Dynatrace-Js-Agent
X-Panel-Id
X-Panel-Name
Language
X-FarmId
X-V
X-CMS-Powered-By
X-Bcwwwid
X-APP
X-Upstream-Server
X-Xhr-Current-Location
Ap-Exec-Time-Mks
BrandBucket-Domain
X-DN-Cache-Control
X-B
X-Content-Parsed-By
Robots
Srv-N
AppServer
Z-NginxStatus
X-JG-Page-Cache
AV1080
X-Cms-Server
Content-ID
X-CMS-Server
X-Docuri
Rt-Proxy-Cache
DrivedBy
Arr-Disable-Session-Affinity
X-T
X-VhostID
BE
X-CCC
X-HW
X-Ocache
X-Papaya-Gzip