Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
Link
X-Pingback
X-Content-Type-Options
P3P
X-XSS-Protection
X-AspNet-Version
X-Frame-Options
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Strict-Transport-Security
Keep-Alive
X-Template
X-Check
X-Language
X-Varnish
Access-Control-Allow-Origin
X-Buckets
X-Cacheable
X-Generator
Content-Location
P3p
X-Drupal-Cache
X-Hacker
X-Ac
X-AspNetMvc-Version
X-Iinfo
X-Powered-By-Plesk
MS-Author-Via
X-Request-ID
X-Type
X-Cache-Group
X-Pass-Why
X-Runtime
WP-Super-Cache
Status
Ngpass-Ngall
X-Powered-CMS
X-UA-Device
Content-Security-Policy-Report-Only
Host-Header
Access-Control-Allow-Credentials
X-Cache-Hits
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Dc
X-Request-Id
X-Mod-Pagespeed
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Via
X-Pad
X-Logged-In
X-Backend
Access-Control-Allow-Headers
X-Tumblr-Pixel-2
X-ServedBy
Access-Control-Allow-Methods
X-Host
X-ContextId
X-Served-From-Cache
X-PC-Key
X-Server
X-PC-Hit
X-Served-By
X-Cache-Hit
X-CDN
Content-Security-Policy
X-Port
X-Tumblr-Pixel-3
Powered-By
X-Robots-Tag
X-PC-AppVer
X-PC-Date
X-PC-Host
X-Cache-Lookup
X-Xss-Protection
X-Rack-Cache
MicrosoftOfficeWebServer
X-FRAME-OPTIONS
MicrosoftSharePointTeamServices
SPRequestGuid
X-SharePointHealthScore
X-Accel-Version
X-Request-Country
X-Cache-Status
X-Varnish-Cache
X-Safe-Firewall
X-MS-InvokeApp
Upgrade
X-Page-Speed
X-Amz-Cf-Id
Rating
X-Wix-Renderer-Server
X-Seen-By
X-Wix-Request-Id
X-XRDS-Location
X-Tumblr-Content-Rating
Content-Encoding
X-Turbo-Charged-By
X-AH-Environment
X-Cnection
X-W-DC
X-Tumblr-Pixel-4
X-FullPageCaching
CF-Cache-Status
X-Webserver
X-INKT-URI
X-INKT-SITE
X-Content-Digest
X-PhApp
X-GitHub-Request-Id
Composed-By
Request-Id
X-Content-Powered-By
X-Firenze-Processing-Times
X-Cache-Enabled
SPIisLatency
Alternate-Protocol
SPRequestDuration
Served-By
Public-Key-Pins
X-Proxy
X-Amz-Id-2
X-Amz-Request-Id
Liferay-Portal
Alt-Svc
X-Timer
Cf-Railgun
X-Spip-Cache
X-Proxy-Cache
X-Hyper-Cache
X-Backend-Time
Timing-Allow-Origin
X-Node
X-Pantheon-Endpoint
X-Styx-Version
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Powered-By
X-CF-Powered-By
X-Server-Name
X-XN-Trace-Token
Permitted-Cross-Domain-Policies
X-HeyJason
X-XN-XNHTML
X-Tumblr-Pixel-5
Charset
Access-Control-Expose-Headers
Content-Script-Type
Content-Style-Type
X-SERVER
Access-Control-Max-Age
X-Content-Security-Policy
X-Swift-CacheTime
X-Swift-SaveTime
Content-MD5
EagleId
X-CDN-Geo-IP
X-CDN-Geo
Refresh
X-CDN-Any-IP
X-Hits
Access-Control-Allow-Method
X-Umbraco-Version
X-FB-Debug
X-FW-Hash
X-Powered-By-360WZB
X-Clacks-Overhead
X-Fastly-Request-ID
Public-Key-Pins-Report-Only
X-Gateway
X-Url
X-VWS-Id
X-Beta
X-LJ-Flow-ID
X-AWS-Id
X-VCache
X-Permitted-Cross-Domain-Policies
X-Jimdo-Wid
X-Jimdo-Instance
X-Cache-Server
X-FW-Serve
X-FW-Static
X-FW-Type
X-Device
Real-Hostname
X-Loop
X-DDC-Arch-Trace
X-Cached-By
X-Backend-Server
X-User-Agent
X-Generated-By
Grace
Cartoon
X-Cache-Result
X-TNCMS
X-Cache-Config
X-Px
X-DynaTrace-JS-Agent
X-Tumblr-Pixel-6
X-Cloud-Trace-Context
X-Outils-CS
X-Age
X-Cached
NS-RTIMER-COMPOSITE
X-MiniProfiler-Ids
X-CMS-Version
PageSpeed
TCN
X-Hostname
X-DynaTrace
X-Whom
Fpc-Cache-Id
Response
X-Drupal-Dynamic-Cache
Magicmarker
Surrogate-Control
X-ServerName
Fastly-Debug-Digest
X-LiteSpeed-Cache
X-Middleton-Display
Display
X-WebKit-CSP
X-Middleton-Response
X-Sol
X-Xrds-Location
Imagetoolbar
Rt-Fastcgi-Cache
ServerName
X-Expires-Orig
X-Forwarded-For
Product
X-From
X-AspNetWebPages-Version
X-Micro-Cache
X-Msg-2-Log
ServedBy
X-Handled-By
IBM-Web2-Location
Powered-By-ChinaCache
DynaTrace
X-Content-Options
X-Cache-Info
X-Download-Options
Page-Completion-Status
Generator
X-Do-Not-Hack
X-Varnish-Cache-Hits
X-Content-Encoded-By
X-NetCat-Version
X-TTL
Fhost
X-Varnish-Host
X-App-Hosting
X-Hosted-By
X-Country-Code
X-Cache-TTL
Proxy-Connection
X-Firenze-Processing-Time
X-ApacheServer
X-Matrix-Server
X-Matrix-Proxy
X-Art-Request-Id
X-FORWARDED-FOR
Access-Control-Request-Method
X-Server-ID
X-Version
X-Track
X-Actual-URL
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-ATG-Version
X-Returned-From
X-Original-Request
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
Surrogate-Keys
Content-Hash
X-Stale
X-URL
Akamai-IP
X-I
Content-Disposition
MIME-Version
X-Cache-Age
Edge-Control
X-Cache-Rule
X-Varnish-Cacheable
X-Cache-Control-Orig
X-Abuse
Powered
X-SDS
X-S
X-I-Sp
X-BS
X-CacheServer
X-Varnish-TTL
X-PERF
Ag-Execution-Time
X-Ruxit-JS-Agent
X-UD-Method
Ag-Server-Time
Ag-Send-Time
Content-Encoding-Handler
X-Gamma-Serve
X-Cache-Debug
X-Varnish-Backend
Lsrequestid
X-Cdn
Front-End-Https
X-ChromeLogger-Data
Node
X-Microcachable
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Cache-Status-Janus-ApiCache
X-Daa-Tunnel
X-VTEX-Janus-System
X-VTEX-Cache-Status-Janus-Edge
X-VTEX-Janus-Router-Backend-App
X-Vtex-Processado-Em:
X-Vtex-Processed-At
X-Powered-By-VTEX-Janus-Edge
X-VTEX-Janus-SO
X-Developer
X-Vtex-Remote-Cache
No
X-NoCache
X-Director
X-Powered-By-Server
Proxy-Agent
X-Varnish-Age
X-Location-Id
Webluker-Edge
Host
X-Route-Server
Retry-After
X-App-Status
Pics-Label
CC-CACHE
X-FW
X-Recruiting
X-RESOURCE
X-Duration
X-PwB-Node
X-URLSCHEME
X-Cache-Expires
X-Platform
Content-Security-Policy-Rerport-Only
Version
X-Drectory-Script
X-Mobilized-By
X-Cache-Operation
X-Revision
X-DefendeR-Runtime
X-DefendeR-Status
X-Geo-IP
RTSS
X-CJ-Soft
ServerID
X-Front
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Processed-By
X-Speed-Cache
X-Response-Time
X-Varnish-Server
X-Vcap-Request-Id
X-Device-Type
X-Trace
SN
X-Speed-Cache-Key
X-CDN-Cache-Status
X-CDN-Node
X-Instart-Request-ID
X-Frontend
Arr-Disable-Session-Affinity
X-Cache-Lifetime
Ngpass-Vcall
X-Cache-Tags
Buuteeq-Source
X-Purge-Host
X-Fastcgi-Cache
X-GeoIP-Country-Code
X-Varnish-Hits
Req-Id
X-Upstream
X-Geo-IP-Country
X-Translation
X-ARC
X-Libra-UpstreamHost
X-Geo-IPV
X-Microcache-Status
X-Purge-URL
X-GeoIP-Country-Name
X-Cookie-Domain
X-Geo-IP-Region
NODE
X-Geo-IP-Metro
Location
Accept-Charset
VAR-Cache
X-Time
X-Amz-Meta-S3cmd-Attrs
Cxy-All
X-DNS-Prefetch-Control
PICS-Label
Server-Info
X-Akamai-Device-Characteristics
X-Goog-Hash
Thanks
Fastcgi-Cache
X-Page-Cache
Accept-Encoding
Cache
X-Source
X-Client-IP
COMMERCE-SERVER-SOFTWARE
X-Yadis-Location
X-ClientSide-Caching
Last-Published
Origin
X-VARNISH-Cache
X-Akamai-Device-Model
X-ACMCache
X-N
Mobiquo-Is-Login
X-Engine
AMF-Ver
Qs-Cache
X-ServerID
Filter-Revision
X-Dispatch
X-B-Cache
X-Varnish-Grace
NtCoent-Length
X-Srv
X-Varnish-Hostname
X-Platform-Processor
X-Real-Server
X-Server-Response-Time
X-Platform-Router
X-Cache-Key
WSR-Cache
X-Grace
NetMindSessionID
X-Origin-Id
Lfy
X-Magnolia-Registration
Logging-CorrelationId
X-Request-Time
X-Nitra-Side
X-Trace-Cache
X-Varnish-IP
X-Provisioner-Version
X-Domain-Checked
X-Varnish-Seen-By
X-Ttl
X-Framework
X-Varnish-RemainingTTL
X-PF-Uncompressing
HCVer
X-Varnish-RemainingGrace
HAVer
X-SE-Debug
Sfy
IISExport
A-Powered-By
X-JG-Page-Cache
SID
Srv
X-Newrelic-App-Data
X-Directory-Script
X-Processing-Time
X-Discourse-Route
Frame-Options
X-App
SVR
X-Do-Esi
LBVIS
X-AOL-HN
X-Server-Upstream
X-FIRSTBase
X-Orig-Vary
Server-Name
X-Sucuri-ID
X-Blog
X-Hypernode
X-WR-Flags
Host-Service
X-Cache-Doesi
Cm-Server
X-Mobile-URL
Id
X-Cookie
X-Cache-Engine
X-Highwire-SessionId
X-SmartBan-Host
X-Highwire-RequestId
X-Machine-Name
X-SmartBan-URL
X-HOSTNAME
X-Varnish-Debug-Age
X-Rocket-Nginx-Bypass
SRV
Author
Content-Transfer-Encoding
X-SV-Expires
X-SV-FromDBCache
Cache-Key
X-SV-Nginx-Duration
X-SV-Pid
X-Accel-Expires
Vacache
X-SV-CreatedAt
X-NginX-Cache
X-SV-CacheTags
X-SV-Edge
X-BackendServer
X-SV-Duration
X-StackifyID
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Plat
X-Varnish-HitMiss
X-Varnish-Count
X-Garden-Version
LBC
Tk
Nitro-Cache
X-Storage
X-Distributed-By
Allow
X-Flow-Powered
X-Amz-Version-Id
Backend
X-Platform-Cache
X-Grid-Server
X-Bettercache-Proxy
X-Obvious-Info
X-Obvious-Tid
X-Debug
X-Analytics
X-Secret
CacheControlHeader
W
X-SmugMug-Hiring
X-Prefetched
X-Resolver-IP
X-Env
X-TTFB
Nodo
Smug-CDN
X-Object-Id
X-TTFB-L
X-Object-Type
X-SmugMug-Values
X-TempDebug
X-Sys-Req-ID
X-Varnish-Ttl
WWW-Authenticate
X-AOL-SNH
Backend-Timing
X-NginX-Server
Keywords
SSPAppContext
X-App-Server
X-NFE
X-Session-Reinit
X-Nhost
X-Nurl
Cneonction
X-XTM-Node
X-Nginx-Cache
X-Client-Vid
Set-Cookie2
X-EPiphany-Vid
Hamster
X-UPSTREAM
X-APP
X-Varnish-Debug-TTL
X-Cache-Control
X-Edge-Location
X-Varnish-Action
X-Ob-Mode
X-Cocoon-Version
X-Config-By
X-IsCacheURL
X-Real-IP
Ibf5scheme
X-Src-Webcache
X-NB-Cached-Page
X-WA-Info
X-Distributor
X-Content-Age
X-LW-Web-Server
XDomainRequestAllowed
X-Uid
Front
X-Adobe-Content
X-Adobe-Loc
X-Info
X-Server-Instance
X-Balanceador
S
X-Symfony-Cache
X-Unbounce-Variant
Description
X-Req-Host
X-Unbounce-VisitorID
X-Cache-On
X-Unbounce-PageId
BALANCEDTO
X-Middleton-PageSpeed
X-Amz-Storage-Class
X-PHP-Engine
X-Full-URL
X-Source-ID
X-Smartcache-Keys
X-Pagename
X-WP
X-TN-ServedBy
X-Smartcache-Timeout
X-Hit-Cache
X-Gannett-Site-Version
X-WEBSERVER
X-Medium-Entity-Id
X-DOM
X-Captured
X-Medium-Entity-Type
X-Content-Security-Policy-Report-Only
P-WS
Beyond-Iis
X-Hosts-Backend
P-LB
Y-Trace
X-HostName
ServerIP
X-Origin
X-AWS
X-Empowered-By
X-CacheResult
X-Twitter-Response-Tags
X-Varnish-Esi-Access
From
X-Varnish-Esi-Method
Warning
ORIGIN
X-Connection-Hash
X-Transaction
X-SDE-Name
X-Optimization
X-BC-Stapler
X-Id
X-Cache-TTL-Remaining
WP-AdvCache-MemCached
X-Cache-Keep
X-Avvio-Cms-Cacheload
X-Edge-IP
MW-Webserver
X-Rack-Cors
X-AISO-Cacheable
Prxy
X-AISO-Cache
X-MrHost
X-Jphone-Copyright
ServerSignature
ServerTokens
X-ESI-Enable
X-CB-Server
X-DTC
X-Node-Name
X-FFX-B
Ksid
X-AISO-Server
X-SV
X-W3TC-Minify
X-Response
X-Atraveo-TTL
X-Atraveo-Set-Cookie
X-Atraveo-Varnish-Server-Id
X-Atraveo-Zone
X-LB
X-Atraveo-Param-Rm
X-Atraveo-From-Varnish-Cache
Sophnep-Edge-FX
X-ORACLE-DMS-ECID
X-Atraveo-Cache-Control
X-Atraveo-ETag
X-Atraveo-Expires
Sid
X-ID
Cached
ScoreTracker
CLMOB
X-Wix-Route-ID
X-V
X-Phpwcms-Release
X-PRAM
X-Force
N365rili
X-Phpwcms-Page-Processed-In
X-Nginx-Host
X-Cache-PageType
RATING
X-Cache-Set
X-Cache-Fix
Bios
X-Varnish-Store
SBGI-1
SBGI-10
X-Tile-Url
NLCacheNote
X-Healthy
X-Varnish-Currency
SBGI-7
SBGI-5
SBGI-RenderTime
X-Browser
SBGI-RealPath
SBGI-9
SBGI-Device
Pool-Info
X-Unique-ID
X-NginX-Node
X-NewRelic-App-Data
X-Cache-Node
Cache-By-Node
Cluster-ID
ClientIP
X-Clara-ASAP
X-NginX-Upstream-Status
X-NginX-Upstream-Response-Time
X-Response-Status
X-NginX-Upstream-Addr
X-ASAP-Cache
X-Expires
X-Cms-Mode
X-Vhost-ID
X-Oracle-DMS-ECID
X-Dev
X-Detected-Device
X-NginX-Cache-Status
X-REDIRECTSERVER
Worker
X-Old-Content-Length
Machine
X-HW
X-WR-MODIFICATION
X-4ormat-Cacheable
X-Worker
Hash
X-Varnish-URL
X-HeBS-Cache-Status
X-N-ViewType
F5-IpCliente
X-Actindo-RS
X-CCM
Cache-Rule
X-Wikidot-Static-Cache
X-AbeBooks-Version
Real-Server
X-Wikidot-Backend
Gzip
X-Vary-Options
X-Timing
X-Desc
X-Server-Id
TP-L2-Cache
TP-Cache
X-ATM-RServer
X-ATM-RTime
X-Trace-Id
X-B
X-Ocache
X-T
X-BKSrc
Cmsid
Cmstype
SS
INCOMING-TIME
X-Varnish-Instance
VC-NoCache
X-WorkerInstancename
X-Amz-Id-1
X-Time-Spent
X-LiteSpeed-Cache-Control
X-FreeTag-Count
X-DealerOn
X-Artvisual-Server
X-LB-Server
X-VC-TTL
X-Pagely-Cache
X-RateLimit-Remaining
X-Author
Section-Io-Id
Fpc-Expire
X-T3CacheTags
X-Server-Instance-Name
X-Webstats-RespID
X-Site:
X-BC
X-Apm-Telemetry-Syncmark
X-DSMX-Rewrite-MS
X-T3Cache
X-T3CacheInfo
Ec
X-GSL-Server
X-Forwarded-Proto
X-Invoke-Duration
X-MAT-GEO
Web
X-Server-Generated
X-Magento-Action
X-Powered-By-Anquanbao
Paypal-Debug-Id
X-DSMX-Render-MS
Pool
Jobb.Gil.Se
Jobb.Passal.Se
Open.Jobgate.Se
Jobb.Assistentpoolen.Se
If-Modified-Since
X-Full-Url
No-Cache
X-Cache-CFC
OT-RequestId
P3P:CP
X-ManagedFusion-Rewriter-Version
X-Rewritten-By
CpuTime
Www.Myjob.Se
Www.Mirrorgate.Se
Test.Executivepeople.Se
Www.Mabracertifiering.Se
X-Cache-Original-TTL
Backend-Name-Original
X-Block
X-Esi
X-Turpentine-Cache
X-Web
X-Channel-Maxage
X-IP
X-Trace-App
X-Test
Myheader
X-SERVER-ID
X-Turpentine-Esi
X-Is-Mobile
X-Varnish-Set-Cookie
Head
Sss
Surrogate-Key
X-Ec-Custom-Error
Xc
Og
CT
X-Airee-Node
X-Seschat-URL
X-SeschatDID
X-SeschatLayout
X-SeschatRedID
Web-Server
NZSpeedy
Device
X-ProxyInstancename
X-Server-Addr
Hosted-By
Fastly-Backend-Name
S-Cnection
X-Stage
X-SeschatTemplateID
X-SRV
X-Header
X-Node-Id
X-PHP
X-Key
X-Instance
MIH-PLATFORM
X-B2f-Not-Route
X-Span
B-Powered-By
PServer
Aurora-Node
Mime-Version
X-RequesterIP
Ews
X-Expose-Hostname
X-Expose-Site
X-Expose-Generated
MIH-PUBLIC-IDENTIFIER
Thinkindot-Control
X-Capoed
IM-Version
X-Expose-Took
X-EZPublish-NodeID
X-Highwire-Sitecode
X-F-Cache
Content-Instance
X-EZPublish-InstallationID
X-Backside-Transport
X-7d-Trace-Id
Noq
SB-Cache-Life
Thinkindot-CacheControl-Type
X-Client-Addr
Ram
Il-Cl
SB-Cache-Remaining
RN-Server
Server-IP
RequestTrackId
SB-Site-Device
Cpu
Fw-Via
X-PHP-Response-Code
X-Varnish-Error-Restart
X-GeoIP
X-Frames-Options
MIH-CLIENT-FARM
SiteName
X-Varnish-Backend-Healthy
X-Restarts
X-HP-Trace-ID
X-HP-Trace-Project
X-IP-Address
X-Application-Context
X-Cache-Action
X-7d-Instance-Id
WFE
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Level
X-PBY
X-EntryPoint
X-Uplex
X-Fallback
Thinkindot-CacheControl
X-CO-Host
X-Lima-Id
X-Pressidium-NinukisWP-Ver
Imx-Cookies-Used
X-IDS-WS
X-Ghost-Cache-Status
CmsCacheEngine
X-OCTOPOD
X-LW-T
X-NWS-LOG-UUID
X-JSESSIONID
X-Server-IP
Robots
X-HAProxy
Kanooh-Host
X-Powered-By-Home.Pl
XX
GenSvr
X-CDN-Pop
X-CDN-Pop-IP
X-Process-Time
X-Runtime-Memory
Accept-Language
Access-Control-Request-Headers
X-FCMS-Cache
X-Enhanced-By
X-CID
X-Venda-Hitid
X-GC-App
X-GC-Write
X-Supported-By
X-GC-Read
X-GC-Pointer
X-DPWN-IS-SECURE
X-AG-MIPS
X-RSS-CACHE-STATUS
AGI-Request-ID
Akamai-Edgescape
X-Xhr-Current-Location
Provider
X-CCC
X-RealServer
NnCoection
X-Webkit-CSP
X-Tradeindia-Request-GUID
X-Tradeindia-SMgmt
X-Dispatcher
X-Webapp
X-Status
X-Router
X-Router-Backend
X-Varnish-Debug-Pool-Fetch
X-UseReverse-Proxy
X-Serendipity-InterfaceLangSource
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Index-Page
X-SayCDN-UA
Dispatcher
Expire
Cache-Cookie-Set-Idcheck
Max-Age
XDisk
X-ServedByHost
X-Fedora-School-Id
Cache-Cookie-Set-From
X-TTL-Age
X-Frame-Option
Http
MachineName
Count-Click-Attempt2
DNNOutputCache
X-Cache-Ttl
Mto-License-Status
Note
D
X-COUNTRY-CODE
Redirect
RouteID
Server-ID
Session-Id
X-RiS-UFDI
X-Varnish-Restarts
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Varnish-Debug-Pool-Recv
X-Powered-Developer
X-Would-Your-GrandPa-Wait
Copyright
X-HTML-Minification-Powered-By
X-FarmId
X-Your-GrandPa-Would-Wait
X-Serendipity-InterfaceLang
X-ETag
Language
X-Signature
X-Esi-Processing
X-Built-By
X-Cached-Status
X-Ct-Info
X-Catalyst
X-Compressed-By
X-Backend-Ip
Powered-By-VeryCDN
Expiries
Stats-API
Stats-HtmlMinAndCss
X-ASAP-Age
Stats-Rendering
X-Goog-Generation
X-Goog-Metageneration
BDPAGETYPE
PowerCDN
Cdate
BDQID
BDUSERID
X-Appmachine-Environment
Beid
Ttl
Access-Control-Allow-Orgin
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-ACCELERATE
X-Protected-By
X-Panel-Name
X-Panel-Id
X-Wm-1
X-Remote-Addr
X-Perf
X-Wm-VIP
AsisCache
Encoding
Debug-Status
X-HP-CAM-COLOR
Servername
X-HITS
Resin-Trace
X-A
X-Box
X-E
X-Cache-Extended
User-Cache-Control
X-Application
X-Timestamp
MtcHosted
X-Static-Version
X-Trans-Id
From-Origin
X-GETTER-Cache
X-SayCDN-Original-UA
X-SID
X-Request-Count
X-Hosting-Env
X-GRACE
X-IIJ-Cache
X-ProcessESI
X-Render-Time
X-RemovedCookies
X-FastCGI-Cache
X-SayCDN-TTL
X-Environment
X-Dynamic-Cache
X-Flex-Community
X-Flex-Evend
X-Flex-Evstart
X-Device-Group
X-Fpc
Www.Aujourdhui.Com
V-Age
X-Ar-Debug
X-ATP-Server
X-Cluster-Node
X-Flex-Lang
X-Flex-Lastmod
X-Mii-Cache-Hit
X-Max-Age
X-Nginx
X-NID
X-Obr-Rule
X-IB-Timestamp
X-IB-Site-Name
X-Flex-Tags
X-Flex-Tag
X-IB-Content-Type
X-IB-Content-Urn
X-IB-Context-Urn
Server-Optimized-By
OutputRewritten
Apache
X-Meta-MSThemeCompatible
MwpReleaseVersion
Railo-Version
X-Gondor-Server
X-Meta-MSSmartTagsPreventParsing
X-Meta-Imagetoolbar
X-AppServer-Cache-Rule
MSThemeCompatible
TotalTime
AC-ELC
X-Lb-Server
MSSmartTagsPreventParsing
X-Kinsta-Cache
BM-Cache-Node
BM-Cache-Key
BM-Cache-Status
DB-Nickname
X-MCF-ID
BlockPHPCallEnd
X-WLD-LB
X-Zendesk-Origin-Server
X-ESI
X-Zendesk-User-Id
X-SayCDN-Original-Path
Disablevcache
X-Origin-Cache
RequestId
X-Dynamic
X-Domino-CacheValidationWithETagResult
X-Say-Original-UA
X-Say-Original-IP
X-Say-Original-Host
X-Domino-CacheValidationWithETagReason
X-Does-He-Have-Time
X-Beatles-Hits
X-Batcache
X-Brought-To-You-By
X-Say-TTL
X-Say-Original-URL
X-Say-Cacheable
X-OPNET-Transaction-Trace
X-Hosting
X-EdgeRouter
X-ENV
X-Gyrobase-Publication
X-Global-Transaction-ID
X-Hrouter
X-Pb-Mii
X-EC2-Instance-Id
X-MobileDetected
X-Martin
X-Hstore
X-AccessDev
X-DN-Cache-Control
Be-Va
Be-Ip
Countrycode
DeleGate-Ver
HostGen
X-Web-Node
X-We-Are-Hiring
X-Pj-Cache-Status
X-Purge-Level
X-Rq
X-This-Proto
IsMobile
Be
User-Agent
X-SayCDN-Original-Host
WP-Cache
HOST-SERVICE
Instapage-Variant
X-Dynatrace
X-Client-Ip
X-Pixelsilk-Server
X-Pixelsilk-Version
Uitdaging
X-NewCloud-V-Cache
CDN-Region
X-Cachable
X-DDM-SERVER-UPDATED
NodeId
X-DDM-SERVER
X-Cache-Via
X-ACLR-Version
X-Backend-Name
Web-Head
CommunityServer
X-Debug-Serve
X-Request-Uri
X-Geo
X-Route
X-Jcms-Ajax-Id
X-WEBFRONT
X-Backend-TTL
X-Server-By
X-Cluster-Host
Is-Cached
X-PM-ID
X-Pj-Cache-Key
X-Server-Ip
X-SilverStripe-Cache
X-Upstream-Time
X-JV
CtExclusions
NKBVHEADER
Url-Hash
X-Varnish-ServiceNetIP
X-Orig-Host
X-MOBILE
X-Search-Id
Bs-Header
URI
X-DistilledODN-Id
OriginServer
X-Bcwwwid
X-Country
X-Cache-Backend
X-BE
X-Proto
X-DataDome
X-Hit
X-Varnish-Hashed-On
X-Recruitment-Address
X-RAMCache
X-Machine
X-Debug-Token
X-Sn-Servicetimems
X-UA-Vendor
NS-VaryByCustom-Key
ReqUrl
Server-Version
X-SuperCache
X-Sov
X-Rack-CORS
X-Rot
X-Session-ID
X-Site-Name
X-Beresp-Ttl
X-LOCATION
X-OneLinkTook
X-PageType
X-WebNode
SBMCLOUD
X-OneLinkServiceType
X-OneLinkProcessing
X-M
X-Obj-Ttl
X-OneLinkHost
X-Provided-By
MageStack-Config
X-Document-Guid-Path
X-Document-Guid
X-Document-Folder-Guid
X-DELIVERYSERVER
X-LS-DEBUG
X-Document-Path
X-Sc-Path
X-Sc-Cache
X-Document-Tracking-Type
X-Ants-Machine-Id
X-Ants-Host
Orgin-Server
Tracker
UniqueName
X-AppServer-Status
MageStack-Web-Node
Content-Cache
X-VG-WebCache
Apple-Itunes-App
Clientip
SINA-TS
SINA-LB
SERVER-IP
X-BeResp-Ttl
X-Cache-Type
X-Cluster
Pw-Value
Device-Type
X-B3-Traceid
X-SCProxy
X-Batcache-Reason
X-Nginx-Request-Time
X-OpenCart-Lightning
DPOOL-HEADER
Hostname
Requested-Host
X-Service-Location
X-Allow-Redis
Cteonnt-Length
X-Content-Type
X-KS-Cache-Status
X-ClusterID
X-Device-Class
X-PressLabs-Stats
X-Lookup-Mode
X-Nosy-Parker
X-Op
X-Litespeed-Cache-Control
X-Hiring
X-Hiawatha-Cache
X-HOSTTYPE
X-Ec2-Vpc
X-Pardot-LB
X-Pardot-Route
At-Isb
At-Shoptype
Atp-Isdpp
X-UUID
X-Request-Received
X-Pardot-Rsp
X-Kirra-SiteId
X-Request-Processing-Time
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
RVBD-CSH:
WebServer
X-9XB-Server
X-CPU-Time
MageStack-Loadbalancer
XServer
X-Nginx-Backend
MageStack-Tag
MageStack-PageSpeed
MageStack-Debug
X-NMT-Proxy
MageStack-Cache
MageStack-Area
X-USERNAME
MageStack-Cache-Hits
X-TNCMS-Bot-Tier
MageStack-Cacheable
MageStack-Cache-Status
MageStack-Cache-Lifetime
SLB