Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
Link
X-Pingback
X-Content-Type-Options
P3P
X-AspNet-Version
X-XSS-Protection
X-Frame-Options
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Keep-Alive
Strict-Transport-Security
X-Check
X-Template
X-Language
X-Varnish
Access-Control-Allow-Origin
X-Buckets
X-Cacheable
Content-Location
X-Generator
X-Drupal-Cache
P3p
Status
X-AspNetMvc-Version
X-Hacker
X-Ac
X-Iinfo
X-Powered-By-Plesk
MS-Author-Via
X-Request-Id
X-Runtime
X-Type
X-Cache-Group
X-Pass-Why
WP-Super-Cache
X-Powered-CMS
Ngpass-Ngall
Host-Header
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-UA-Device
X-Cache-Hits
X-Mod-Pagespeed
X-Alternate-Cache-Key
X-Dc
X-ShopId
X-ShardId
X-Xss-Protection
X-Pad
X-Logged-In
X-Backend
X-Via
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Access-Control-Allow-Headers
X-Tumblr-Pixel-1
Access-Control-Allow-Methods
X-Served-From-Cache
X-ServedBy
X-Request-ID
X-Host
X-Tumblr-Pixel-2
X-ContextId
X-CDN
X-Cache-Hit
X-Server
X-PC-Hit
X-PC-Key
X-Served-By
X-Port
Content-Security-Policy
X-Cache-Lookup
X-Robots-Tag
Powered-By
X-Rack-Cache
MicrosoftOfficeWebServer
X-Tumblr-Pixel-3
MicrosoftSharePointTeamServices
X-PC-Host
X-PC-AppVer
X-PC-Date
X-Accel-Version
SPRequestGuid
X-SharePointHealthScore
X-Varnish-Cache
X-Request-Country
X-XRDS-Location
X-Cache-Status
X-Safe-Firewall
X-MS-InvokeApp
X-Page-Speed
X-Amz-Cf-Id
Content-Encoding
X-Cnection
X-Ua-Compatible
X-AH-Environment
X-Turbo-Charged-By
X-Wix-Renderer-Server
X-Seen-By
X-Wix-Request-Id
X-Webserver
Rating
X-FullPageCaching
X-Firenze-Processing-Times
X-PhApp
Upgrade
X-W-DC
CF-Cache-Status
X-Tumblr-Content-Rating
X-Content-Digest
X-INKT-SITE
X-INKT-URI
X-Tumblr-Pixel-4
Composed-By
X-GitHub-Request-Id
Request-Id
X-Cache-Enabled
Served-By
X-Content-Powered-By
SPIisLatency
SPRequestDuration
Alternate-Protocol
Public-Key-Pins
Liferay-Portal
X-Amz-Id-2
X-Amz-Request-Id
X-Spip-Cache
X-Node
Cf-Railgun
X-Hyper-Cache
X-Proxy
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
X-Styx-Req-Id
X-Styx-Version
X-Proxy-Cache
Alt-Svc
X-SERVER
Timing-Allow-Origin
X-Server-Name
Access-Control-Expose-Headers
X-CF-Powered-By
X-Timer
X-Server-Powered-By
X-XN-Trace-Token
X-XN-XNHTML
Content-Script-Type
Permitted-Cross-Domain-Policies
X-HeyJason
Content-Style-Type
Charset
Access-Control-Allow-Method
X-FB-Debug
X-CDN-Any-IP
X-CDN-Geo-IP
X-CDN-Geo
Access-Control-Max-Age
X-Swift-CacheTime
X-Swift-SaveTime
Public-Key-Pins-Report-Only
X-Tumblr-Pixel-5
EagleId
X-Content-Security-Policy
X-Powered-By-360WZB
Refresh
X-Clacks-Overhead
X-Cache-Server
X-FW-Hash
X-Hits
X-VCache
X-Umbraco-Version
X-Permitted-Cross-Domain-Policies
Cartoon
X-Device
X-Cache-Result
X-User-Agent
X-FW-Static
X-FW-Type
X-FW-Serve
X-Backend-Server
Content-MD5
X-Cached-By
X-Jimdo-Wid
X-Jimdo-Instance
Real-Hostname
X-Loop
X-Fastly-Request-ID
X-Px
X-Url
X-DynaTrace-JS-Agent
X-Cache-Config
X-DDC-Arch-Trace
X-Cached
X-TNCMS
X-Gateway
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Beta
X-Generated-By
X-Age
X-Backend-Time
NS-RTIMER-COMPOSITE
Grace
X-Outils-CS
X-Hostname
X-MiniProfiler-Ids
X-Cloud-Trace-Context
TCN
X-Whom
X-Tumblr-Pixel-6
X-CMS-Version
Magicmarker
X-DynaTrace
X-From
Fpc-Cache-Id
X-WebKit-CSP
X-ServerName
X-Drupal-Dynamic-Cache
Imagetoolbar
Response
Surrogate-Control
X-Middleton-Display
Fastly-Debug-Digest
Display
X-Sol
X-LiteSpeed-Cache
Product
X-Micro-Cache
X-Msg-2-Log
X-AspNetWebPages-Version
X-Expires-Orig
ServerName
X-Content-Options
Rt-Fastcgi-Cache
X-Middleton-Response
X-FORWARDED-FOR
Page-Completion-Status
PageSpeed
ServedBy
X-URL
X-Forwarded-For
X-Firenze-Processing-Time
X-Content-Encoded-By
Generator
X-Country-Code
X-Handled-By
Powered-By-ChinaCache
X-Hosted-By
X-Varnish-Cache-Hits
DynaTrace
X-Cache-Info
X-Server-ID
X-Cache-TTL
X-Download-Options
X-Director
X-Matrix-Server
X-Matrix-Proxy
IBM-Web2-Location
Akamai-IP
Ag-Send-Time
Ag-Server-Time
Ag-Execution-Time
Ngpass-Vcall
X-I
Node
X-Version
X-Varnish-TTL
Fhost
Access-Control-Request-Method
X-SDS
Proxy-Connection
X-Track
X-TTL
X-App-Hosting
X-Cache-Rule
X-UD-Method
X-ApacheServer
Content-Encoding-Handler
X-ChromeLogger-Data
X-Do-Not-Hack
X-Cache-Control-Orig
MIME-Version
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
Edge-Control
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To
X-Returned-From-BeforeDispatch
X-Original-Request
X-Actual-URL
X-Returned-From
Content-Hash
X-Processed-By
X-Varnish-Host
Powered
Content-Disposition
X-Stale
X-NetCat-Version
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-S
X-Abuse
X-BS
X-I-Sp
X-ATG-Version
X-Cache-Age
X-Gamma-Serve
Surrogate-Keys
X-Varnish-Age
Pics-Label
X-App-Status
Front-End-Https
X-Varnish-Cacheable
X-Art-Request-Id
X-Mobilized-By
Proxy-Agent
Host
X-Recruiting
X-CacheServer
X-Varnish-Backend
Lsrequestid
X-Vcap-Request-Id
X-Developer
X-Cache-Debug
X-CDN-Node
X-Microcachable
PICS-Label
X-CDN-Cache-Status
X-PwB-Node
Retry-After
X-Route-Server
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-Edge
No
X-Powered-By-VTEX-Janus-ApiCache
X-ARC
X-Vtex-Remote-Cache
X-Location-Id
Webluker-Edge
X-Time
X-VTEX-Cache-Status-Janus-Edge
X-Vtex-Processed-At
X-VTEX-Janus-Router-Backend-App
X-VTEX-Janus-SO
X-VTEX-Janus-System
X-Vtex-Processado-Em:
X-PERF
X-Powered-By-Server
X-Duration
X-Response-Time
CC-CACHE
X-Frontend
RTSS
X-Orig-Vary
ServerID
X-DefendeR-Status
X-DefendeR-Runtime
Version
VAR-Cache
X-Front
X-Device-Type
X-Ttl
X-NoCache
X-RESOURCE
X-Amz-Meta-S3cmd-Attrs
Buuteeq-Source
X-CJ-Soft
X-Translation
X-Microcache-Status
X-FW
X-ServerID
X-Libra-UpstreamHost
X-Cache-Expires
Content-Security-Policy-Rerport-Only
X-DNS-Prefetch-Control
X-Cache-Operation
Cache
X-ClientSide-Caching
X-Trace-Cache
Location
X-ACMCache
Thanks
NetMindSessionID
X-Daa-Tunnel
X-Varnish-Hits
SN
X-Do-Esi
X-Upstream
X-URLSCHEME
X-Cookie
X-Yadis-Location
Qs-Cache
X-VARNISH-Cache
X-Cache-Tags
X-SRV
X-Engine
Vacache
X-Akamai-Device-Characteristics
X-Geo-IP
Srv
X-Mobile-URL
X-Grace
X-Purge-Host
X-Dynatrace
X-B-Cache
X-Varnish-IP
Arr-Disable-Session-Affinity
Accept-Charset
NtCoent-Length
X-Revision
X-Client-IP
SID
Frame-Options
X-Real-Server
Server-Info
X-Varnish-Server
X-Instart-Request-ID
X-Domain-Checked
Filter-Revision
X-Varnish-Hostname
X-Speed-Cache
X-Provisioner-Version
Server-Name
X-Purge-URL
X-Akamai-Device-Model
Origin
X-Drectory-Script
X-Sucuri-ID
X-Geo-IPV
X-Geo-IP-Region
X-WR-Flags
X-Geo-IP-Country
X-Geo-IP-Metro
X-Fastcgi-Cache
A-Powered-By
X-Speed-Cache-Key
HCVer
X-Cache-Lifetime
HAVer
X-Srv
X-SmartBan-URL
X-SmartBan-Host
X-Highwire-SessionId
X-GeoIP-Country-Name
X-Cookie-Domain
Req-Id
X-Source
X-Trace
X-Highwire-RequestId
X-GeoIP-Country-Code
X-N
X-Directory-Script
X-Goog-Hash
Mobiquo-Is-Login
Accept-Encoding
Sfy
X-Nitra-Side
Lfy
Cxy-All
X-Origin-Id
Logging-CorrelationId
X-FIRSTBase
X-Cache-Doesi
X-SE-Debug
Nodo
X-SRCache-Store-Status
X-Adobe-Loc
X-Adobe-Content
X-PF-Uncompressing
IISExport
X-AOL-HN
X-Platform-Router
X-Platform-Processor
X-Sys-Req-ID
X-SRCache-Fetch-Status
X-Cocoon-Version
X-Varnish-Grace
X-JG-Page-Cache
Last-Published
WSR-Cache
X-Platform
Fastcgi-Cache
Warning
X-Processing-Time
NODE
AMF-Ver
X-App
Author
CacheControlHeader
X-Server-Upstream
Cm-Server
X-SV-Duration
X-SV-CacheTags
X-SV-CreatedAt
X-Blog
X-SV-Edge
X-NB-Cached-Page
X-SV-Pid
X-SV-FromDBCache
X-SV-Nginx-Duration
X-Ruxit-JS-Agent
X-Accel-Expires
X-Nginx-Cache
X-Magnolia-Registration
S
LBVIS
X-Amz-Version-Id
Backend
X-Distributed-By
X-Page-Cache
X-BackendServer
X-Distributor
Keywords
COMMERCE-SERVER-SOFTWARE
Hamster
X-Varnish-Seen-By
X-Varnish-RemainingTTL
X-Varnish-Debug-Age
X-Varnish-RemainingGrace
WWW-Authenticate
X-XTM-Node
SVR
Cache-By-Node
X-Plat
Ibf5scheme
X-AOL-SNH
X-Yottaa-Metrics
X-Origin
X-Src-Webcache
X-Varnish-Action
X-Framework
X-Debug
X-Yottaa-Optimizations
X-Secret
X-LW-Web-Server
X-Grid-Server
X-Session-Reinit
Allow
Nitro-Cache
X-Analytics
X-Resolver-IP
X-Varnish-Count
X-Varnish-HitMiss
Backend-Timing
X-Dispatch
X-Cache-Key
X-Balanceador
X-Machine-Name
X-Vary-Options
X-Pagely-Cache
LBC
X-Bettercache-Proxy
X-Amz-Id-1
Host-Service
X-APP
Description
X-NFE
X-Nurl
X-NginX-Cache
S-Cnection
X-SDE-Name
X-Nhost
X-Config-By
SSPAppContext
X-NginX-Server
From
X-Real-IP
X-Smartcache-Keys
X-WP
X-Storage
X-Object-Id
X-Smartcache-Timeout
X-Rocket-Nginx-Bypass
X-Hosts-Backend
X-Content-Age
X-Airee-Node
X-IsCacheURL
X-Pagename
X-Captured
X-Platform-Cache
BALANCEDTO
X-WA-Info
X-Object-Type
X-Garden-Version
XDomainRequestAllowed
WP-AdvCache-MemCached
Content-Transfer-Encoding
SRV
X-Discourse-Route
X-Nginx-Host
X-Cache-Control
X-Flow-Powered
X-Content-Security-Policy-Report-Only
X-Detected-Device
P-LB
P-WS
X-Trace-App
Y-Trace
Cache-Key
X-Hypernode
X-Ob-Mode
X-Channel-Maxage
X-Varnish-Debug-TTL
X-Block
X-HW
X-Varnish-Esi-Method
XX
X-Symfony-Cache
X-Varnish-Esi-Access
X-REDIRECTSERVER
Backend-Name-Original
X-DOM
X-StackifyID
Beyond-Iis
X-Edge-Location
X-NewRelic-App-Data
X-Uid
Set-Cookie2
X-Cache-On
X-Server-Response-Time
X-Gannett-Site-Version
X-UPSTREAM
X-Prefetched
X-WorkerInstancename
X-W3TC-Minify
X-Unbounce-VisitorID
Id
TP-L2-Cache
X-Hit-Cache
X-Cache-Action
TP-Cache
X-TTFB-L
X-TTFB
X-SmugMug-Values
X-Unbounce-Variant
X-SmugMug-Hiring
X-HITS
X-ID
X-Server-Instance
Smug-CDN
X-Env
X-Unbounce-PageId
X-AISO-Server
SBGI-1
X-LB
X-Newrelic-App-Data
SBGI-10
X-VAge
X-Transaction
SBGI-5
X-Twitter-Response-Tags
X-Site:
X-Id
X-Actindo-RS
SBGI-RenderTime
X-Edge-IP
X-AISO-Cache
X-AISO-Cacheable
SBGI-RealPath
SBGI-Device
Cluster-ID
SBGI-7
X-Remote-Addr
SBGI-9
X-Varnish-Bot
X-Full-URL
X-SV-Expires
X-Cache-PageType
X-Cache-Fix
X-Empowered-By
X-Connection-Hash
X-Atraveo-Cache-Control
X-Atraveo-Param-Rm
X-Atraveo-From-Varnish-Cache
X-Atraveo-Expires
X-Atraveo-ETag
Front
ScoreTracker
X-Varnish-URL
Tk
CLMOB
X-Expires
X-Varnish-Store
X-Varnish-Currency
X-Obvious-Tid
CT
X-Obvious-Info
X-Req-Host
X-Atraveo-Set-Cookie
X-Source-ID
Sophnep-Edge-FX
N365rili
Hash
X-Kirra-SiteId
X-WR-MODIFICATION
X-Atraveo-TTL
X-Response
X-CID
X-CCC
X-Force
X-TempDebug
X-Atraveo-Zone
X-Atraveo-Varnish-Server-Id
X-PRAM
X-Desc
X-GSL-Server
Prxy
X-Cache-Keep
Content-Instance
X-App-Server
X-Powered
X-LB-Server
X-Varnish-Instance
X-Client-Vid
X-EPiphany-Vid
X-ORACLE-DMS-ECID
X-Amz-Storage-Class
X-Cache-TTL-Remaining
X-Web
SiteName
X-Rack-Cors
X-CacheResult
Sss
X-Middleton-PageSpeed
X-B2f-Not-Route
X-Apm-Telemetry-Syncmark
Pool
X-ATM-RServer
X-EdgeConnect-MidMile-RTT
ServerTokens
ServerSignature
X-Test
X-EdgeConnect-Origin-MEX-Latency
X-WLD-LB
X-Turpentine-Esi
X-Response-Status
X-Optimization
X-RateLimit-Remaining
X-JSESSIONID
ServerIP
X-Invoke-Duration
X-BC
MW-Webserver
X-Webstats-RespID
X-Old-Content-Length
X-RiS-UFDI
X-Worker
X-AWS
X-ATM-RTime
X-Vhost-ID
YF-ID
Fw-Via
X-Time-Spent
SS
X-EDGECONNECT-GUID-DEBUG
X-Jphone-Copyright
X-Phpwcms-Page-Processed-In
Web-Server
Copyright
X-Phpwcms-Release
X-ProxyInstancename
X-Server-IP
B-Powered-By
X-HOSTNAME
X-PHP-Engine
X-CB-Server
HOST-SERVICE
MIH-CLIENT-FARM
Bios
MIH-PLATFORM
X-TN-ServedBy
X-Tile-Url
Mime-Version
X-Is-Mobile
X-Cache-Engine
X-Cache-Set
MIH-PUBLIC-IDENTIFIER
X-Varnish-Ttl
F5-IpCliente
X-SV
ClientIP
Gzip
X-Ocache
Ksid
X-PageID
X-ASAP-Cache
X-Clara-ASAP
X-B
Sid
X-Forwarded-Proto
X-Node-Name
NLCacheNote
X-Full-Url
X-Cache-Node
W
Og
X-Info
Worker
Surrogate-Key
Device
X-Healthy
Pool-Info
Machine
X-PHP-Response-Code
X-Max-Age
X-MCF-ID
X-Powered-By-Home.Pl
X-DPWN-IS-SECURE
X-T
X-Cache-Original-TTL
Ibm-Web2-Location
X-Author
IM-Version
X-Cms-Mode
X-Perf
X-Dev
Xc
X-Oracle-DMS-ECID
ORIGIN
If-Modified-Since
Jobb.Assistentpoolen.Se
Jobb.Gil.Se
Cache-Rule
X-Varnish-Set-Cookie
X-Turpentine-Cache
P3P:CP
X-Hosting
Jobb.Passal.Se
X-Cache-Served
Open.Jobgate.Se
OT-RequestId
Test.Executivepeople.Se
Www.Mabracertifiering.Se
Www.Mirrorgate.Se
Imx-Cookies-Used
Cneonction
Www.Myjob.Se
X-BLSR-COST
X-N-ViewType
X-FFX-B
X-ESI-Enable
Access-Control-Request-Headers
X-Litespeed-Cache
X-T3Cache
X-T3CacheInfo
No-Cache
X-T3CacheTags
Ec
X-ACCELERATE
X-Stage
X-DTC
X-Avvio-Cms-Cacheload
Head
X-Dispatcher
X-HostName
X-Artvisual-Server
X-ManagedFusion-Rewriter-Version
X-Esi
X-Debug-Token
X-Rewritten-By
Cached
X-LiteSpeed-Cache-Control
X-Header
Dynatrace
AC-ELC
X-FreeTag-Count
X-HeBS-Cache-Status
X-Uplex
X-Pj-Cache-Status
Fastly-Backend-Name
Ews
RequestId
Noq
Ram
X-IDS-WS
X-Rot
X-MrHost
X-Hit
X-VC-TTL
X-FCMS-Cache
Cpu
Nginx-Cache
X-Brought-To-You-By
X-Web-Node
X-Sov
X-Orig-Host
X-KoobooCMS-Version
X-B3-Traceid
X-Sn-Servicetimems
CpuTime
X-Dynamic
Myheader
INCOMING-TIME
WebServer
Tracker
Section-Io-Id
X-Backside-Transport
X-Domino-CacheValidationWithETagReason
Svr
X-LW-T
X-NWS-LOG-UUID
X-Process-Time
Ttl
X-EntryPoint
Redirect
X-Cache-Extended
X-Box
X-7d-Instance-Id
X-Domino-CacheValidationWithETagResult
X-DSMX-Render-MS
X-GeoIP
Robots
X-Purge-Level
X-Powered-By-Anquanbao
X-IP-Address
X-ServedByHost
Kanooh-Host
X-Frame-Option
X-DSMX-Rewrite-MS
XDisk
DB-Nickname
X-Frames-Options
Note
X-7d-Trace-Id
Accept-Language
Encoding
X-Fallback
PServer
X-Timing
Http
X-Route
X-Site-Name
Il-Cl
Mto-License-Status
X-IP
X-Tradeindia-Request-GUID
X-BKSrc
Cmstype
X-Restarts
X-SCProxy
WP-Cache
X-Dynatrace-Js-Agent
X-Server-Addr
X-CO-Host
X-GRACE
X-SeschatRedID
Cmsid
X-SeschatTemplateID
X-OPNET-Transaction-Trace
X-SeschatLayout
X-SeschatDID
Real-Server
X-Seschat-URL
X-Rq
X-Enhanced-By
X-We-Are-Hiring
X-BC-Stapler
X-Wikidot-Backend
X-Medium-Entity-Type
X-Flex-Tag
X-Pb-Mii
X-Obr-Rule
X-Mii-Cache-Hit
X-Nginx
X-Flex-Tags
X-Device-Group
X-Protected-By
X-Medium-Entity-Id
X-Sc-Cache
X-Sc-Path
X-Signature
SB-Cache-Remaining
SB-Site-Device
X-Document-Tracking-Type
X-Document-Path
X-MAT-GEO
X-F-Cache
Paypal-Debug-Id
X-Document-Guid-Path
OutputRewritten
X-Flex-Lang
X-Flex-Evstart
SB-Cache-Life
X-Fpc
X-Flex-Lastmod
X-Flex-Evend
X-Flex-Community
V-Age
Www.Aujourdhui.Com
X-ATP-Server
X-Cluster-Node
X-Wikidot-Static-Cache
HostGen
X-Pj-Cache-Key
X-Cachable
X-Pj-Cache-Gzip
X-ACLR-Version
X-Pj-Cache-Time
X-Say-Original-Host
X-Say-Cacheable
X-Pj-Cache-Flags
X-CDNZZ-FCACHE
X-Hstore
X-HAProxy
X-Serendipity-InterfaceLang
X-Martin
X-MobileDetected
X-FarmId
X-Pj-Cache-Expires
X-Say-Original-IP
MachineName
X-SayCDN-UA
X-SayCDN-TTL
X-Venda-Hitid
X-TTL-Age
X-Varnish-Restarts
X-Varnish-Debug-Pool-Recv
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Would-Your-GrandPa-Wait
X-Your-GrandPa-Would-Wait
X-Say-TTL
X-Say-Original-URL
X-Say-Original-UA
X-SayCDN-Original-Host
X-SayCDN-Original-Path
X-SayCDN-Original-UA
DNNOutputCache
X-Serendipity-InterfaceLangSource
X-Hrouter
KeepAliveTimeout
IsMobile
X-Varnish-Debug-Pool-Fetch
Fpc-Expire
SERVER-IP
User-Agent
Server-Optimized-By
DeleGate-Ver
X-Bcwwwid
BM-Cache-Key
Be-Va
Be-Ip
BM-Cache-Node
BM-Cache-Status
X-Wix-Route-ID
Countrycode
X-AccessDev
X-Batcache
X-Global-Transaction-ID
X-ENV
X-ADI-STACK
SBMCLOUD
Max-Age
Device-Type
X-Gyrobase-Publication
X-EdgeRouter
X-EC2-Instance-Id
X-Does-He-Have-Time
X-DN-Cache-Control
X-Beatles-Hits
X-Ec-Custom-Error
TotalTime
X-ADI-VCache
X-Search-Id
Be
CtExclusions
X-SilverStripe-Cache
NZSpeedy
X-Cache-CFC
X-GC-App
X-Runtime-Memory
X-Static-Version
Akamai-Edgescape
X-VG-WebCache
X-Pressidium-NinukisWP-Ver
X-GC-Pointer
X-GC-Read
X-Render-Time
Noahs-Classifieds
X-ESI
X-RemovedCookies
NnCoection
Hosted-By
X-GC-Write
X-SID
X-Request-Count
Requested-Host
X-SSL
X-Timestamp
Apachenode
X-Status
X-LTM-ID
X-View
X-Trans-Id
INFO
X-Upstream-Time
Tempo
X-Cache-Level
AsisCache
OriginServer
X-Proto
Hostname
X-AppServer-Cache-Rule
X-Ghost-Cache-Status
X-DealerOn
Debug-Status
X-ETag
X-Built-With
X-Key
MageStack-Tag
MageStack-Web-Node
X-HASH
RN-Server
MageStack-PageSpeed
MageStack-Loadbalancer
MageStack-Cacheable
MageStack-Config
MageStack-Debug
Server-IP
User-Cache-Control
X-Client-Addr
X-DELIVERYSERVER
X-Document-Folder-Guid
X-CCM
X-Ants-Machine-Id
VANITY-HOST
VC-NoCache
X-Ants-Host
MageStack-Cache-Status
MageStack-Cache-Lifetime
X-EZPublish-InstallationID
X-EZPublish-NodeID
X-PHP
X-LS-DEBUG
X-Country
X-BE
X-Span
X-Trace-Id
X-ProcessESI
X-RSS-CACHE-STATUS
X-Server-By
MageStack-Cache
MageStack-Cache-Hits
X-Document-Guid
MageStack-Area
Aurora-Node
X-IIJ-Cache
X-Cms-Server
X-Zendesk-Origin-Server
X-Zendesk-User-Id
X-Varnish-Error-Restart
X-Tradeindia-SMgmt
Resin-Trace
X-Varnish-Backend-Healthy
X-4ormat-Cacheable
X-Webkit-CSP
RATING
X-Backend-Ip
X-Compressed-By
Apple-Itunes-App
Stats-Rendering
X-Node-Id
Server-Ip
Language
Inserted-Into-Cache-At
Stats-API
X-RequesterIP
X-Built-By
Stats-HtmlMinAndCss
X-Instance
X-Gondor-Server
X-Expose-Site
Thinkindot-Control
WFE
X-Capoed
X-Expose-Hostname
X-Expose-Generated
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Provider
X-SERVER-ID
REFRESH
X-Hiring
X-Expose-Took
X-Highwire-Sitecode
X-Esi-Processing
X-BeResp-Ttl
NS-VaryByCustom-Key
Server-Version
X-AUSERNAME
X-Faeria
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Index-Page
X-WebNode
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Fedora-School-Id
X-Server-Generated
Origin-Server
Publisher
X-Delivered-By
BlockPHPCallEnd
E-TAG
Content
X-Server-Instance-Name
Bs-Header
CommunityServer
X-QHCDN
X-PageType
X-GUploader-UploadID
X-PBY
X-UUID
X-Backend-TTL
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-NewCloud-V-Cache
X-Powered-Developer
Session-Id
X-Cluster
X-Environment
X-HTML-Minification-Powered-By
Server-ID
X-NMT-Proxy
Count-Click-Attempt2
EWHSERVER
Pw-Value
X-Ct-Info
SINA-TS
MSThemeCompatible
MSSmartTagsPreventParsing
Disablevcache
Aoestatic
NodeId
X-CACHE-TTL
X-KO-Site-Id
X-Batcache-Reason
X-Croise-Owner
X-TargSmaku
X-SATserver
X-Nginx-Backend
X-Generation-Time
X-Fe
X-D-Time
X-S-Misc
Kp-EeAlive
X-Farm-Server
X-COUNTRY-CODE
X-Cache-Frontend
X-Lb-Server
X-Magento-Action
X-Varnish-Hashed-On
X-PROCESSED-BY
Foglight-Request-UUID
X-FastCGI-Cache
X-Varnish-ServiceNetIP
X-Ar-Debug
X-Nucleus-Cache
SL-NOREWRITE-REDIRECTS
X-VhostID
X-AG-MIPS
Railo-Version
X-Meta-MSSmartTagsPreventParsing
X-Meta-Imagetoolbar
X-Magento-Lifetime
X-Meta-MSThemeCompatible
X-PressLabs-Stats
AGI-Request-ID
X-Server-Id
X-Tags
X-ClusterID
X-AppServer-Status
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Geo-Segment
X-Kinja-Server
NKBVHEADER
X-UA-Profile
X-Hosting-Env
MtcHosted
From-Origin
GenSvr
X-Panel-Name
X-Cdn-Fetch
X-Xhr-Current-Location
X-ZSITES-DNS
X-Panel-Id
X-Lima-Id
X-Amz-Meta-Cb-Modifiedtime
X-Distil-CS
X-GETTER-Cache
X-WebKit-CSP-Report-Only
X-Varnish-GW-Backend
Orgin-Server
Web
X-Frontal
X-Cache-Via
Is-Cached
D
Content-Cache
Commerce-Server-Software
Balanced-From
X-Bip
X-RE-Ref
WEB
X-TNCMS-Bot-Tier
X-Varnish-Cookie-Debug
Sunucu
DPOOL-HEADER
SINA-LB
X-UA-Vendor
Cteonnt-Length
Apache