Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
X-AspNet-Version
P3P
Link
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
X-Adblock-Key
Content-Location
X-Frame-Options
Keep-Alive
CF-RAY
X-Varnish
X-Check
X-Language
X-Buckets
X-Template
X-Cacheable
Access-Control-Allow-Origin
P3p
X-Generator
X-Drupal-Cache
X-Hacker
WP-Super-Cache
Status
MS-Author-Via
X-Ac
X-Powered-By-Plesk
X-AspNetMvc-Version
X-Pad
X-Runtime
X-Geo
X-Geo-Port
X-Request-Id
Strict-Transport-Security
X-Powered-CMS
X-Server
MicrosoftOfficeWebServer
X-Host
X-Type
X-Cache-Group
Access-Control-Allow-Credentials
X-Cache-Lookup
Ngpass-Ngall
X-Logged-In
X-Mod-Pagespeed
X-UA-Device
X-Cache-Hits
MicrosoftSharePointTeamServices
Host-Header
X-Rack-Cache
X-Url
X-Via
X-Tumblr-User
X-XRDS-Location
X-Tumblr-Pixel-0
X-Tumblr-Pixel
SPRequestGuid
X-SharePointHealthScore
X-Iinfo
X-Tumblr-Pixel-1
X-Backend
Access-Control-Allow-Headers
X-Varnish-Cache
X-Forwarded-For
X-CF-Powered-By
Content-Encoding
Access-Control-Allow-Methods
X-Robots-Tag
X-Served-By
X-Accel-Version
X-Tumblr-Pixel-2
X-Webserver
X-MS-InvokeApp
X-ContextId
X-Cnection
X-PhApp
X-Page-Speed
X-ServedBy
X-BC-Is-HA
X-INKT-URI
X-INKT-SITE
X-Xss-Protection
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-CDN
X-Safe-Firewall
Composed-By
Served-By
X-Hostname
X-Firenze-Processing-Times
X-Cache-Hit
X-PC-Hit
X-PC-Key
X-Pass-Why
X-FRAME-OPTIONS
X-PC-Host
X-PC-AppVer
X-PC-Date
X-Served-With
X-Tumblr-Pixel-3
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId-Cached
X-XN-Trace-Token
X-AH-Environment
X-XN-XNHTML
X-Port
X-Source
X-Rot
X-Powered-By-360WZB
X-Cache-Status
X-Age
Content-Script-Type
Content-Style-Type
Liferay-Portal
X-Spip-Cache
X-Umbraco-Version
X-Amz-Cf-Id
X-Server-Name
X-Amz-Id-2
Cf-Railgun
Content-Security-Policy
Cartoon
X-Cache-Info
Request-Id
X-Amz-Request-Id
SPIisLatency
X-HeyJason
SPRequestDuration
X-Content-Digest
X-Cache-Server
Powered-By-ChinaCache
X-Cache-Result
X-FB-Debug
X-Request-ID
X-DynaTrace
X-Served-From-Cache
X-Hyper-Cache
Rating
X-Kafka-Logged
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Styx-Version
X-Pantheon-Endpoint
X-Styx-Build-Sha
X-Styx-Build-Num
X-Styx-Build-Date
X-Device
Real-Hostname
X-TN-ServedBy
TCN
X-PHP-Engine
X-Loop
X-Tumblr-Pixel-4
X-Outils-CS
Refresh
X-Timer
X-Cached-By
X-VCache
X-Px
X-Mobilized-By
DynaTrace
X-PersistenceNode
X-TNCMS-Memory-Usage
CF-Cache-Status
X-TNCMS-Version
X-TNCMS-Render-Time
X-TNCMS-Served-By
NS-RTIMER-COMPOSITE
X-URL
Magicmarker
Page-Completion-Status
IBM-Web2-Location
X-Generated-By
X-Cached
Imagetoolbar
X-Tumblr-Content-Rating
X-Original-Content-Length
X-Loc
X-Content-Encoded-By
X-From
X-Tumblr-Pixel-5
X-FullPageCaching
X-DynaTrace-JS-Agent
Thanks
X-CDN-Geo
X-CDN-Geo-IP
X-CDN-Any-IP
X-W3TC-Minify
X-Matrix-Proxy
X-Matrix-Server
X-CMS-Version
X-Zephyr
X-Content-Security-Policy
X-Node
X-Xrds-Location
Product
X-Backend-Server
X-Cache-Enabled
X-Firenze-Processing-Time
X-WebKit-CSP
X-Powered-By-Anquanbao
Access-Control-Max-Age
Pics-Label
Charset
X-DDC-Arch-Trace
Generator
ServedBy
X-Varnish-Cacheable
X-FORWARDED-FOR
X-Proxy-Cache
Node
Retry-After
IISExport
Proxy-Agent
ServerName
X-Content-Options
Set-Cookie2
Content-Encoding-Handler
MIME-Version
Powered-By
X-I
X-UD-Method
X-UD-Host
X-Drectory-Script
X-Processed-By
X-SDS
Response
X-Permitted-Cross-Domain-Policies
X-SERVER
X-Original-Request
X-DNS-Prefetch-Control
X-ATG-Version
X-Varnish-Backend
X-Passed-To-BeforeDispatch
X-Handled-By
X-Passed-To-DLL
X-Returned-From
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Actual-URL
X-Passed-To-PostProcessResponse
X-Passed-To
X-Varnish-Host
X-Cache-Debug
X-App-Hosting
Lsrequestid
X-FW-Hash
X-User-Agent
X-Sol
SID
X-HOST
X-ApacheServer
Access-Control-Request-Method
X-NoCache
X-Varnish-TTL
X-PF-Uncompressing
X-FW-Type
X-FW-Serve
X-FW-Static
X-Purge-Host
PICS-Label
Cache-By-Node
X-Expires-Orig
X-AspNetWebPages-Version
Edge-Control
X-Duration
X-Middleton-Response
X-Director
X-Cache-Expires
Host
Accept-Encoding
RTSS
X-Front
X-LiteSpeed-Cache
S
X-Hits
X-SN
X-PERF
X-Nitra-Side
Fhost
X-Purge-URL
X-Varnish-Hits
X-TTL
COMMERCE-SERVER-SOFTWARE
X-Yadis-Location
X-PwB-Node
X-Cache-Control-Orig
X-Cache-Config
Grace
WWW-Authenticate
Content-Disposition
NtCoent-Length
Cm-Server
X-Microcachable
X-Vary-Options
AMF-Ver
X-CJ-Soft
X-ServerID
X-Hosted-By
X-Cookie-Domain
X-Micro-Cache
X-Version
Website-Info
Server-Info
X-Response-Time
X-HOSTNAME
Accept-Charset
X-Engine
X-Whom
X-Art-Request-Id
NODE
SN
X-Blog
X-Session-Reinit
X-Varnish-IP
X-Track
Surrogate-Control
X-Speed-Cache-Key
Machine
X-Speed-Cache
MJ12bot
Cache
SEOMOZ
X-Stale
X-Highwire-RequestId
X-Highwire-SessionId
X-Trace-Cache
Ngpass-Vcall
Filter-Revision
X-ServerName
X-FIRSTBase
X-Swift-CacheTime
X-Swift-SaveTime
X-Cocoon-Version
X-FW
Upgrade
Srv
Proxy-Connection
X-Varnish-Age
X-Pangea-Version
X-App-Start
ServerID
X-Varnish-Server
Origin
X-Tumblr-Pixel-6
Id
X-Amz-Meta-S3cmd-Attrs
VAR-Cache
X-S
Powered
X-BackendServer
X-Cache-TTL
X-ACMCache
X-App
X-Transaction
X-Cache-Rule
A-Powered-By
X-Connection-Hash
Ms
X-Twitter-Response-Tags
Req-Id
X-App-Status
X-GeoIP-Country-Name
X-GeoIP-Country-Code
X-Distil-CS
X-Time
X-MJ-Upstream-Addr
X-Gamma-Serve
X-Provisioner-Version
X-Srv
Server-Name
Qs-Cache
X-Domain-Checked
NetMindSessionID
X-Orig-Vary
Time
CT
X-Varnish-Cache-Hits
X-Source-Host
X-Varnish-Object-Age
X-MiniProfiler-Ids
X-CHSN
X-Country-Code
MIH-PUBLIC-IDENTIFIER
X-Ttl
MIH-PLATFORM
X-Geo-IP
MIH-CLIENT-FARM
X-Trace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
Dispatcher
X-Cdn
X-LIGHTHTTP-PCDID
X-Machine-Name
X-Secret
X-ID
X-SRV
Webluker-Edge
X-Adobe-Content
X-MJ-Serve-Req-Time
X-Sys-Req-ID
XDomainRequestAllowed
X-Directory-Script
X-Device-Type
X-Microcache-Status
X-Seen-By
X-Cluster-Node
X-GeoIP
Warning
X-Server-ID
X-Cache-Operation
MW-Webserver
X-FreeTag-Count
Location
X-CacheHits
X-Vtex-Processado-Em
Beyond-Iis
Server2
X-ServerCache-Info
X-Stage
X-Frontend
X-Bettercache-Proxy
Fpc-Cache-Id
X-Translation
X-Cache-Age
X-Vtex-Remote-Cache
X-Vhost
NLCacheNote
No
CommunityServer
X-AOL-SNH
SS
X-Object-Type
LBVIS
X-Object-Id
X-Cache-Action
X-Cached-Status
X-Src-Webcache
X-Atraveo-Varnish-Server-Id
X-Atraveo-TTL
Buuteeq-Source
Be-Va
X-Atraveo-Cache-Control
Be-Ip
-GCR
X-Atraveo-From-Varnish-Cache
SVR
X-Atraveo-NC
X-Powered-By-VTEX-Janus-Edge
X-Vtex-Processed-At
From
Content-MD5
X-Header
X-VTEX-Janus-Router-Backend-App
X-VTEX-Cache-Status-Janus-Edge
X-Powered-By-VTEX-Janus-ApiCache
X-Recruiting
X-Powered-By-VTEX-Janus-Router
X-VTEX-Cache-Status-Janus-ApiCache
SiteName
X-Grid-Server
X-UPSTREAM
X-N
X-Resolver-IP
PageSpeedFilters
X-Request-Locale
X-Wily-Info
X-Server-Id
X-Wily-Servlet
X-TempDebug
X-Old-Content-Length
X-Accelerated-By
X-Powered-By-Server
UniqueName
Ngpass-All
Rt-Fastcgi-Cache
X-Developer
X-Dev
RATING
X-Jphone-Copyright
X-Expires
X-Amz-Id-1
Backend-Name-Original
Content-Transfer-Encoding
X-Ar-Debug
X-Li-Pop
X-Force
SFY
X-Block
X-LI-UUID
X-Id
X-Cms-Mode
X-Trace-App
LFY
Worker
X-PRAM
X-Cache-Lifetime
X-FS-UUID
X-Source-ID
X-Li-Fabric
X-Channel-Maxage
MirrorName
Cteonnt-Length
X-ORACLE-DMS-ECID
X-Venda-Hitid
X-Rewritten-By
X-ManagedFusion-Rewriter-Version
X-REDIRECTSERVER
Backend
Content-Security-Policy-Report-Only
X-UD-Target
X-UD-Loopcounter
X-UD-REMOTE-ADDR
Apache
X-Turbo-Control
X-LB
Front-End-Https
X-Enhanced-By
Nodo
X-Content-Age
X-Origin-Id
Pool
X-Empowered-By
X-Frames-Options
X-DeliveryServer
X-Real-Server
SRV
X-Cache-Ttl
ScoreTracker
X-Location-Id
X-Gannett-Site-Version
X-Do-Not-Hack
X-ChromeLogger-Data
X-Origin
X-PoweredBy
X-Varnish-ID
Front
X-Hash
BM-Cache-Node
BM-Cache-Key
Accept-Language
LBC
Hamster
Fastcgi-Cache
Access-Control-Expose-Headers
Ttl
X-DefendeR-Runtime
X-GC-Read
X-GC-Write
X-GC-App
X-Cache-Route
CDN
Cluster-ID
X-Actindo-RS
X-CacheServer
Www.Myjob.Se
Www.Mirrorgate.Se
P3P:CP
Test.Executivepeople.Se
Www.Mabracertifiering.Se
X-DTC
XX
X-Cache-On
X-Kirra-SiteId
X-Response
No-Cookie
X-ATM-RTime
X-ATM-RServer
Il-Cl
Ksid
Rt-Server
Open.Jobgate.Se
Jobb.Passal.Se
X-B2f-Not-Route
X-Goog-Hash
X-Powered
X-Varnish-Device
X-ASTRO-REWRITE
Web-Server
X-Vhost-ID
Compression-Control
SIP
X-Via-Kemp
Cpu
X-T3CacheTags
Jobb.Assistentpoolen.Se
Jobb.Gil.Se
X-T3CacheInfo
X-SSL
Noq
Ram
X-Country
X-Varnish-Cache-Local
X-Router
X-Oracle-DMS-ECID
X-Route
X-Varnish-Action
X-Hosting-Env
7e-Page-Cache
X-Router-Backend
X-Uid
X-UseReverse-Proxy
X-Webapp
Author
X-PvInfo
X-Geo-IPV
Content-Instance
X-Geo-IP-Region
X-Geo-IP-Metro
Provider
X-Garden-Version
At-Isb
X-Server-IP
PageSpeed
X-Geo-IP-Country
At-Shoptype
Atp-Isdpp
X-Varnish-Count
X-WR-MODIFICATION
X-NginX-Server
X-Phpwcms-Release
X-Phpwcms-Page-Processed-In
X-WP
Bs-Header
X-Server-By
X-Varnish-HitMiss
Provided-Host
X-Info
OriginServer
X-Monstercache-Timeout
X-Varnish-Debug-Pool-Fetch
X-Varnish-Debug-Pool-Recv
X-Vivastreet-KiwiiPage
X-OPNET-Transaction-Trace
X-Max-Age
Copyright
X-Hit-Cache
X-Catalyst
Cache-Ctrol
X-Vivastreet
X-Varnish-Restarts
BALANCEDTO
AV1080
X-Farm-Server
X-Nginx-Backend
X-NGINX-CACHED
X-B2f-Cache-Load
X-Nginx-Host
X-PM-ID
X-SV
X-Varnish-URL
X-NGINX-CACHED-AT
X-Accel-Expires
Cneonction
X-MobileDetected
X-FCMS-Cache
X-Uplex
Progma
X-Hstore
X-EdgeRouter
X-T3Cache
X-Hrouter
X-Varnish-Cache-Server
X-Pagename
X-GSL-Server
X-TempoPesquisa
X-Internal-IP
X-ACCELERATE
X-ESI
X-Host-Url
Aoestatic
X-FFX-B
X-Magento-Lifetime
X-Magento-Action
X-Nginx-Server
X-Hostingcenter
WEBO
X-SilverStripe-Cache
X-Wix-Renderer-Server
X-XHR-Current-Location
WP-AdvCache-MemCached
X-ESI-Enable
X-Nginx-Cache
X-Web-Node
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-UserAgent
Acdc-Web
X-Locale
Publisher
CC-UP
HCVer
ServerId
X-Upstream
ServerIP
SLB
No-Cache
AppDynamics-BT
CC-CACHE
X-VarnCache
X-7d-Traceid
X-Server-Instance
X-Cache-Backend
X-Remote-Addr
NnCoection
Ec
X-Wix-Request-Id
X-LAvg
X-Flow-Powered
Svr
X-CacheTTL
X-7d-Version
X-Dynatrace
X-Cache-Set
BM-Cache-Status
X-7dig
X-Drupal-Cache-Tags
X-Hit
Head
X-Life
X-DELIVERYSERVER
X-TISSERVER
X-RemovedCookies
X-ProcessESI
X-Debug
CP
X-SmugMug-Hiring
X-TLServer
X-Framework
X-App-Server
X-TTFB-L
X-TTFB
X-NID
X-SmugMug-Values
X-Purge-Level
X-Cache-Key
X-Allow-Redis
User-Cache-Control
Smug-Env
B-Powered-By
Server-N
X-MCB-Server
ExecutionTime
HAVer
INCOMING-TIME
Ozcache
X-Distributor
X-Caching-Rule-Id
X-Flex-Evstart
X-Edge-Location
Xc
X-Flex-Lang
X-Flex-Lastmod
X-Distributed-By
X-Flex-Tags
X-Flex-Evend
X-Flex-Tag
X-Flex-Community
X-Client-IP
X-Node-Name
X-D-Time
Cmstype
X-Generation-Time
X-S-Misc
Xonnection
Tracker
Cmsid
X-WorkerInstancename
ORIGIN
Secured
X-Header-Set-Id
X-Wix-Dispatcher-Cache-Hit
X-Varnish-Cookie-Debug
X-PBY
X-Time-Spent
Version
Web-Head
X-Lautre-Frontal
Mark
X-CMS
ServerConfigManager.WebBugTracker
X-Status
SV-Duration
X-WA-Info
X-Unbounce-PageId
X-AISO-Server
Tpt.Renderer
Sid
X-AISO-Cache
X-Haiku
X-Bcwwwid
X-GLaDOS
X-App-Container
X-Binarysec-Via
Before
ExecuteNonQuerySQLParam
After
X-Wikidot-Static-Cache
X-RSS-CACHE-STATUS
X-Wikidot-Backend
Tpt.Renderer1
Disaptch-Cache-Rule
Backend-Host
Render
X-Varnish-Debug-Age
X-Wm-VIP
X-Varnish-Debug-Hits
X-Varnish-Hit
X-Wm-1
X-SERVERID
X-SDE-Name
Accept
UNIQUE-ID
IsFullSiteRequest
X-Unbounce-VisitorID
X-Server-Generated
X-Unbounce-Variant
X-Varnish-Currency
X-WLD-LB
X-Confluence-Request-Time
X-DB-Content-Length
Http
POOL
X-SERVER-ID
X-Stackable-Node
X-DC-Origin-IP
X-ELC-Checkpoint4
X-Powered-Developer
X-Ratelimit
X-Page-Generation-Time
X-Page-Generated-At
X-IP-Address
ProxiaInstanceId
X-Forwarded-Proto
F-In-Cache
X-IDS-WS
X-RE-Ref
X-MSEdge-Ref
X-Nucleus-Cache
X-Fett
X-Client-Addr
Server-Optimized-By
X-Continum-Server
X-Artvisual-Server
X-Varnish-Ttl
Pool-Info
X-TTL-Age
X-JSON-API-LATENCY
X-Varnish-Debug-Varnish-TTL-Set-From-Server
OGHopCount
MachineName
X-Abuse
X-Would-Your-GrandPa-Wait
Test
X-Your-GrandPa-Would-Wait
X-Hc-Host
Redirect
Last-Published
X-Req-Host
X-V-TTL
X-NginX-Cache
X-V-Outer
X-Monstercache-Host
X-Req-Url
X-Created
X-Monstercache-Hash
X-DEBUG
X-V-I-TTL
X-Monstercache
X-Feed
X-Original-IP
X-GeoIP-Country
Nitro-Cache
X-Benchmark-Total
X-Benchmark-Sphinx-Count
XDisk
X-Mod-Oboe-PS
CacheControlHeader
X-Svr-Id
X-Benchmark-Sphinx
X-Benchmark-Db
SL-NOREWRITE-REDIRECTS
X-Serendipity-InterfaceLangSource
Tempo
X-Backend-IP
X-Benchmark-Cache
Esi-Enabled
X-Serendipity-InterfaceLang
X-Varnish-Hashed-On
X-ATP-Server
X-Client-Vid
Www.Aujourdhui.Com
X-Pixelsilk-Server
DBG-Timestamp
X-EPiphany-Vid
X-Device-Group
X-USERNAME
User-Id
Content
X-Edge-IP
User-Updated-At
X-Mii-Cache-Hit
X-Pb-Mii
DBG-TargetHost
DBG-HTTPHOST
Foglight-Request-UUID
Nginx-Cache
X-Cluster
X-N-ViewType
X-SATserver
X-Ocache
X-Backend-Ip
X-DSMX-Render-MS
X-Server-Node
X-Pagecache
X-Pixelsilk-Version
X-HOSTTYPE
Portlet.Expiration-Cache
X-DSMX-Rewrite-MS
X-RequesterIP
X-Backend-Name
Modurl
Prama
X-Hosting
Modhost
Modcookie
X-PS-MURDOCK-ORIG-FILEEXT
X-PS-MURDOCK-CASE-NORMALIZATION
Initialhost
X-Dokk-PortalId
X-ESI-Processing
X-AccessDev
TP-L2-Cache
TP-Cache
X-Jcms-Ajax-Id
X-Checkout
X-Cookie-Store
X-Compressed-By
X-PS-MURDOCK-ORIG-PROTOCOL
X-Symfony-Cache
X-ACLR-Version
BE
Ez
X-Time-Microsecs
X-T
X-Req-Counter
X-B
X-Author
MGIT
Ibf5scheme
X-ServerId
X-Var-Hash
X-Url-Store
X-Rack-Cors
X-WAP
'Ibf5scheme'
X-Webstats-RespID
S-Cnection
X-Backend-Status
WebDevSrc
X-VarnPar2
Hotelbookingid
X-Snapsis-PageBlaster
Server-IP
AcceptLangage
IsMobile
SBMCLOUD
CountryCode
X-Back
Content-Cache
X-Gondor-Server
Sigma
X-Config-By
Xforwardhost
X-FarmId
X-Cluster-Host
Hej
X-VarnPar1
X-CACHE-TTL
Mime-Version
X-Revision
WP-Cache
X-Brought-To-You-By
X-Mobile
AppServer
D
OutputRewritten
X-Planisys-CDN-Rules
X-Src-Loadbalancer
Robots
X-Varnish-Hostname
X-Trans-Id
X-V
X-Process-Time
X-Yqk-Set
X-Dynamic
X-Magnolia-Registration
X-AVG-REWRITE
X-Timestamp
Language
MASTERWEBLET
X-AVG
X-Cached-From
X-Test
X-Planisys-CDN-Cache
X-Debug-Token
X-Site
SobiPro
X-ProxyInstancename
Countrycode
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-Czt
Cached
X-Optimization
X-Instart-Request-ID
MageStack-Debug
X-Varnish-Set-Cookie
B2C-HG-008
MageStack-Cache-Hits
MageStack-Cache-Lifetime
MageStack-Cache-Status
MageStack-Cache
MageStack-Area
X-HW
MageStack-Config
X-Full-URL
WFE
X-FRONT-TTL
MageStack-Tag
MageStack-Response-Ttl
X-Powered-By-Yqk
MageStack-Cacheable
Requested-Host
X-VG-WebCache
MageStack-PageSpeed
X-Lang
X-Ec-Custom-Error
W
Public-Key-Pins
X-Request-Received
X-Request-Processing-Time
MageStack-Loadbalancer
Railo-Version
X-VAR-BackendHealthy
X-Aberdeen-Site
X-Cluster-ID
X-Environment
X-Aberdeen-Cache
PS-CapabilityList
DB-Nickname
Http.Set-Cookie
X-ServedByHost
X-Seschat-URL
X-VAR-Apache
X-VAR-Backend
X-VAR-Hash
X-SeschatTemplateID
X-SeschatRedID
X-SeschatDID
X-SeschatLayout
X-Dynatrace-Js-Agent
If-Modified-Since
HTTP
X-Content-Parsed-By
X-Papaya-Gzip
Noahs-Classifieds
Tracecode
X-Job-Offer
X-Varnish-Max-Age
Fw-Via
X-Papaya-Cache
X-Download-Options
Title
X-PHP-Cache
Description
X-Cache-Host
Keywords
X-VAR-Host
X-VAR-Logic
ID
X-Apublish-Id
X-Cache-Control
X-ErrorPage
X-CMS-Server
X-B2f-Cache-NotFromUrl
X-CacheStore
X-Cache-Via
Apple-Itunes-App
X-MidCOM-Meta-Cache
X-MSU-SOURCE
X-TAG
X-RNDPAGE
X-BIN
X-HITS
Rt-Proxy-Cache
CACHED-RESPONSE
X-VAR-Server
X-VAR-TTL
X-VAR-Url
X-VAR-RequestType
X-VAR-Referer
X-VAR-Mobile
X-VAR-PageSpeed
X-VAR-VCache
X-VAR-VCacheCount
X-Debug-Serve
X-Wix-Route-ID
Mobiquo-Is-Login
X-Instance
X-CCM
X-HeBS-Cache-Status
X-SiteConInfo