Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
Link
ETag
X-Content-Type-Options
X-Pingback
P3P
X-Frame-Options
X-XSS-Protection
X-Cache
X-AspNet-Version
Content-Language
Age
CF-RAY
X-UA-Compatible
Via
Strict-Transport-Security
X-Varnish
Access-Control-Allow-Origin
X-Adblock-Key
X-Check
X-Language
X-Template
X-Cacheable
X-Generator
X-Buckets
Content-Location
X-Drupal-Cache
X-AspNetMvc-Version
X-Hacker
X-Ac
P3p
X-Powered-By-Plesk
MS-Author-Via
X-Type
X-Pass-Why
X-Cache-Group
X-Request-Id
X-Runtime
WP-Super-Cache
Status
X-Powered-CMS
X-Iinfo
Keep-Alive
Ngpass-Ngall
X-Cache-Hits
Host-Header
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-UA-Device
X-Download-Options
Access-Control-Allow-Credentials
X-ShardId
X-Dc
X-Alternate-Cache-Key
X-ShopId
X-Request-ID
Access-Control-Allow-Headers
X-Mod-Pagespeed
X-Via
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Pad
X-Logged-In
X-Tumblr-Pixel-1
Access-Control-Allow-Methods
X-Backend
X-Server
X-Served-By
X-Tumblr-Pixel-2
X-ServedBy
Content-Security-Policy
X-ContextId
X-PC-Key
X-PC-Hit
X-CDN
X-Host
Powered-By
X-Cache-Hit
X-Cache-Status
Upgrade
Content-Encoding
X-Port
X-PC-AppVer
X-PC-Date
X-PC-Host
X-Tumblr-Pixel-3
X-Xss-Protection
X-Robots-Tag
X-Rack-Cache
X-Timer
X-Accel-Version
X-Cache-Lookup
MicrosoftSharePointTeamServices
MicrosoftOfficeWebServer
SPRequestGuid
X-SharePointHealthScore
X-Cnection
X-Varnish-Cache
X-Request-Country
X-XRDS-Location
X-Page-Speed
X-MS-InvokeApp
X-Amz-Cf-Id
X-Wix-Renderer-Server
X-Seen-By
X-Wix-Request-Id
Rating
X-Safe-Firewall
X-Turbo-Charged-By
X-AH-Environment
CF-Cache-Status
X-Tumblr-Content-Rating
X-W-DC
X-Content-Powered-By
X-Server-Powered-By
X-Tumblr-Pixel-4
X-Ua-Compatible
X-FullPageCaching
X-Content-Digest
X-Cache-Enabled
X-GitHub-Request-Id
X-PhApp
X-Webserver
Alt-Svc
X-Firenze-Processing-Times
Public-Key-Pins
Request-Id
X-INKT-URI
X-INKT-SITE
Composed-By
SPIisLatency
SPRequestDuration
X-Node
Served-By
Cf-Railgun
X-Amz-Id-2
X-Amz-Request-Id
X-Proxy-Cache
Permitted-Cross-Domain-Policies
X-HeyJason
Liferay-Portal
X-Spip-Cache
Timing-Allow-Origin
X-Hyper-Cache
Surrogate-Key
Xkey
X-Styx-Req-Id
X-Styx-Version
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
Surrogate-Key-Raw
X-Server-Name
Charset
X-OneAgent-JS-Injection
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Swift-CacheTime
X-Swift-SaveTime
X-Content-Security-Policy
Content-Script-Type
EagleId
Content-Style-Type
X-Tumblr-Pixel-5
X-XN-XNHTML
X-XN-Trace-Token
X-CF-Powered-By
Grace
X-FW-Hash
X-CDN-Pop
X-CDN-Pop-IP
Content-MD5
X-Clacks-Overhead
Refresh
X-FW-Serve
X-FW-Type
X-FW-Static
X-Hits
X-Dw-Request-Base-Id
X-VCache
Access-Control-Allow-Method
X-Drupal-Dynamic-Cache
X-FB-Debug
X-Fastly-Request-ID
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Beta
X-Jimdo-Wid
X-Jimdo-Instance
X-Gateway
Public-Key-Pins-Report-Only
X-Umbraco-Version
X-Loop
Real-Hostname
X-Device
X-TNCMS
X-User-Agent
X-Backend-Server
X-SERVER
X-DDC-Arch-Trace
X-MiniProfiler-Ids
X-Tumblr-Adult-Blog
X-Generated-By
X-Cache-Server
X-LiteSpeed-Cache
X-REQUEST-ID
X-Hostname
Edge-Control
X-Cache-Config
Cartoon
X-Cache-Result
X-Cached-By
PageSpeed
X-Px
X-Cloud-Trace-Context
X-Powered-By-360WZB
X-Url
Surrogate-Control
X-Age
X-Cached
X-Tumblr-Pixel-6
Fpc-Cache-Id
NS-RTIMER-COMPOSITE
X-Outils-CS
Fastly-Debug-Digest
X-ServerName
X-CMS-Version
X-DynaTrace-JS-Agent
Response
TCN
X-Whom
X-DynaTrace
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
X-WebKit-CSP
X-URL
X-Forwarded-For
Product
X-Recruiting
X-Served-From-Cache
DynaTrace
X-Content-Options
X-Handled-By
X-From
X-Varnish-Cache-Hits
Imagetoolbar
Rt-Fastcgi-Cache
X-TTL
ServedBy
Access-Control-Request-Method
X-FORWARDED-FOR
X-Country-Code
X-AspNetWebPages-Version
Powered-By-ChinaCache
X-HOST
X-NetCat-Version
X-Micro-Cache
X-Matrix-Proxy
X-Matrix-Server
X-Msg-2-Log
Alternate-Protocol
X-Content-Encoded-By
X-ApacheServer
X-Firenze-Processing-Time
Page-Completion-Status
X-Varnish-Host
Fhost
ServerName
Front-End-Https
IBM-Web2-Location
X-Hosted-By
X-Do-Not-Hack
X-Expires-Orig
X-Passed-To
X-Returned-From-DLL
X-Returned-From
X-Passed-To-DLL
X-Actual-URL
X-Original-Request
X-Magnolia-Registration
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-App-Hosting
X-Returned-From-PostProcessResponse
Magicmarker
Akamai-IP
Generator
X-Varnish-Beresp-Ttl
X-Stale
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Origin
X-PERF
X-Track
X-UD-Method
Ag-Send-Time
Ag-Server-Time
X-S
Ag-Execution-Time
X-Director
X-Art-Request-Id
X-ATG-Version
Content-Encoding-Handler
Surrogate-Keys
X-I
X-Platform
X-Varnish-Backend
X-Server-ID
X-Duration
Host
X-Request-Time
Content-Hash
USPLoggingUUID
X-Varnish-Cacheable
X-Version
Lsrequestid
X-Varnish-TTL
MIME-Version
Content-Disposition
Origin
X-CDN-Cache-Status
CONTENT-SECURITY-POLICY
X-Developer
X-LiteSpeed-Cache-Control
X-CDN-Node
X-Gamma-Serve
X-Cache-Age
X-I-Sp
X-BS
X-Microcachable
X-Powered-By-Server
X-VARNISH-Cache
X-Abuse
X-CacheServer
X-Cache-Debug
X-URLSCHEME
X-RESOURCE
X-Goog-Hash
X-Translation
ServerID
X-Microcache-Status
Powered
CC-CACHE
X-Location-Id
X-Device-Type
X-Cache-Info
X-Grace
X-Cache-TTL
X-SDS
X-CJ-Soft
X-Varnish-Seen-By
X-Varnish-RemainingTTL
X-Cache-Control-Orig
X-DefendeR-Runtime
X-Newrelic-App-Data
X-DefendeR-Status
X-BackEnd
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Node
X-VTEX-Janus-Router-Backend-App
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Cache-Status-Janus-Edge
X-Route-Server
No
X-Vtex-Remote-Cache
X-Vtex-Processed-At
X-Vtex-Processado-Em:
X-VTEX-Cache-Status-Janus-ApiCache
X-Cache-Rule
X-Powered-By-VTEX-Janus-Edge
Content-Security-Policy-Rerport-Only
X-Cache-Lifetime
X-Cache-Expires
X-BC-Stapler
X-Daa-Tunnel
X-DNS-Prefetch-Control
X-Instart-Request-ID
SN
X-Mobilized-By
X-Source
X-NoCache
X-Geo-IP
Buuteeq-Source
X-Front
X-FW
X-Cf-Powered-By
X-Response-Time
X-Vcap-Request-Id
Edge-Control-Message
X-Drectory-Script
X-Time
X-Fastcgi-Cache
X-N
X-WebServer
X-App-Status
X-Client-IP
Webluker-Edge
X-PwB-Node
X-Cache-Tags
Proxy-Agent
X-Orig-Vary
Accept-Charset
X-UPSTREAM
Proxy-Connection
X-ServerID
NetMindSessionID
X-Varnish-Age
PICS-Label
AMF-Ver
X-Akamai-Device-Model
Cache
X-Geo-IP-Region
Version
X-Geo-IP-Metro
X-Varnish-Server
X-Revision
X-Geo-IPV
X-Geo-IP-Country
Server-Info
X-Akamai-Device-Characteristics
Pics-Label
X-Discourse-Route
X-Purge-URL
Arr-Disable-Session-Affinity
Last-Published
Nitro-Cache
X-Server-Id
X-B-Cache
X-Frontend
Qs-Cache
Cache-Key
X-Trace
X-Purge-Host
X-Engine
X-Trace-Cache
X-Processed-By
SID
X-Processing-Time
Retry-After
X-Mobile-URL
X-Cache-Operation
Frame-Options
Mobiquo-Is-Login
NODE
Req-Id
Fastcgi-Cache
X-Content-Age
X-SV-Pid
X-Speed-Cache-Key
X-Cookie-Domain
X-Yottaa-Metrics
X-Speed-Cache
X-Zen-Fury
Author
X-Yottaa-Optimizations
X-SV-CacheTags
X-SV-FromDBCache
X-SV-Nginx-Duration
X-SE-Debug
X-Varnish-Grace
X-SV-Expires
X-SV-Edge
X-Ttl
X-CDN-Forward
Location
X-SV-Duration
X-SV-CreatedAt
SVR
X-Varnish-IP
X-Blog
X-ClientSide-Caching
X-Real-Server
Content-Transfer-Encoding
Accept-Encoding
X-Server-Response-Time
X-GeoIP-Country-Code
Srv
X-Varnish-RemainingGrace
X-Varnish-Hostname
X-Varnish-Hits
WWW-Authenticate
X-Rocket-Nginx-Bypass
COMMERCE-SERVER-SOFTWARE
X-Page-Cache
A-Powered-By
Cm-Server
X-Dispatch
X-Cache-Key
SRV
X-Platform-Processor
X-Platform-Router
HCVer
Filter-Revision
HAVer
X-Server-Start-Time
X-Nitra-Side
X-Hypernode
Logging-CorrelationId
X-Origin-Id
X-StackifyID
Cached
X-GeoIP-Country-Name
RTSS
X-Highwire-RequestId
X-Highwire-SessionId
X-SmartBan-URL
X-SmartBan-Host
X-Cocoon-Version
X-PF-Uncompressing
X-Session-Reinit
X-Cache-Doesi
X-Yadis-Location
X-Nginx-Host
Decompress
X-Nurl
X-Nhost
X-Varnish-Count
Nodo
X-Varnish-HitMiss
X-Domain-Checked
X-Provisioner-Version
Id
X-NFE
X-Resolver-IP
Rewriter
Front
X-Plat
X-SmugMug-Hiring
X-TTFB
X-TTFB-L
X-Unique-ID
X-SmugMug-Values
X-Prefetched
X-Garden-Version
X-Env
Keywords
Smug-CDN
MJ12bot
CT
CacheControlHeader
X-Varnish-RemainingLife
SEOMOZ
Thanks
X-Varnish-GracePeriod
X-Varnish-ObjectSource
X-Dynatrace
X-TempDebug
X-AOL-HN
X-NginX-Upstream-Addr
X-Nginx-Cache
X-NginX-Cache-Status
X-AbeBooks-Version
LBVIS
X-Sys-Req-ID
X-FIRSTBase
X-NewRelic-App-Data
X-NginX-Upstream-Response-Time
X-NginX-Upstream-Status
X-Grid-Server
Mime-Version
X-Config-By
X-NginX-Node
X-App-Server
ORIGIN
X-Flow-Powered
Backend
X-Machine-Name
X-Server-Upstream
X-Upstream
X-NB-Cached-Page
X-WR-Flags
X-ACMCache
X-WA-Info
X-ID
X-NginX-Cache
X-App
X-Uid
X-Sucuri-ID
Beyond-Iis
X-Debug
X-HP-Trace-ID
Host-Service
X-HP-Trace-Project
P-LB
X-Kinsta-Cache
P-WS
Cpu
WSR-Cache
X-IsCacheURL
Pool-Info
X-Twitter-Response-Tags
X-Transaction
X-Connection-Hash
Server-Name
IISExport
X-Application-Context
X-XTM-Node
X-Cache-Control
X-Empowered-By
Ram
Noq
X-Obvious-Info
X-Obvious-Tid
Tk
X-Atraveo-Cache-Control
X-Cache-Fix
X-Varnish-Debug-Age
X-Ruxit-JS-Agent
X-LB
X-Cache-PageType
X-Atraveo-ETag
X-Atraveo-From-Varnish-Cache
X-Atraveo-Zone
X-Framework
X-Force
X-Atraveo-Varnish-Server-Id
X-Atraveo-TTL
Eomportal-Instance
X-Atraveo-Param-Rm
X-Atraveo-Set-Cookie
X-Atraveo-Expires
X-LB-Server
Ibf5scheme
X-BKSrc
X-NginX-Server
X-Directory-Script
X-Aicache-OS
X-LW-Web-Server
X-Varnish-Debug-TTL
Real-Server
X-PRAM
X-Libra-UpstreamHost
S
X-Webcelerate
VAR-Cache
X-Analytics
X-Hosts-Backend
X-Amz-Version-Id
XDomainRequestAllowed
NtCoent-Length
X-Platform-Cache
Allow
Backend-Timing
W
X-Src-Webcache
X-Storage
X-Hiawatha-Cache
X-Smartcache-Timeout
X-EdgeConnect-Origin-MEX-Latency
ServerSignature
X-Detected-Device
X-Distributed-By
ServerTokens
X-EdgeConnect-MidMile-RTT
X-Ec-Custom-Error
X-Do-Esi
X-EPiphany-Vid
X-Dw-Trace-Id
X-SRV
X-Server-IP
X-Browser
X-Client-Vid
X-AOL-SNH
X-CB-Server
X-WP
BALANCEDTO
X-Cache-Engine
Description
X-V
X-Worker
LBC
X-RiS-UFDI
X-Smartcache-Keys
X-BackendServer
X-Dns-Prefetch-Control
Imx-Cookies-Used
X-Cache-Level
X-Pressidium-NinukisWP-Ver
X-DPWN-IS-SECURE
SiteName
From
X-Edge-Location
X-Source-ID
X-Srv
X-Middleton-PageSpeed
X-JG-Page-Cache
Cneonction
S-Cnection
Ibm-Web2-Location
X-Phpwcms-Page-Processed-In
X-DealerOn
X-Full-URL
Device-Type
MW-Webserver
X-Varnish-Ttl
X-Phpwcms-Release
Myheader
IM-Version
X-DOM
WP-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Cookie
Prxy
RN-Server
Accept-Language
XX
X-Captured
X-N-ViewType
Ksid
N365rili
OT-RequestId
Sid
X-Distributor
PowerCDN
Cdate
CLMOB
X-Secret
Cache-Rule
SBGI-Device
SBGI-RealPath
SBGI-RenderTime
X-MrHost
X-DTC
SBGI-9
SBGI-10
Hamster
SBGI-5
SBGI-7
X-Symfony-Cache
X-IIJ-Cache
X-Cache-Node
SSPAppContext
Dynatrace
X-GSL-Server
X-Cache-Original-TTL
Ctx
Beid
X-Key
X-Full-Url
X-Jphone-Copyright
X-Pagename
X-ARC
X-Apm-Telemetry-Syncmark
X-B2f-Not-Route
X-Balanceador
X-Accel-Expires
Il-Cl
CommunityServer
X-Info
X-Cache-Set
X-DSMX-Render-MS
X-DSMX-Rewrite-MS
Fw-Via
SBGI-1
X-Hit-Cache
NLCacheNote
Ec
X-Site:
X-ServerIndex
X-Amz-Id-1
X-Rack-CORS
CmsCacheEngine
X-Adobe-Loc
X-CacheResult
X-Is-Cachable
X-Cache-TTL-Remaining
X-Cache-Keep
X-Adobe-Content
X-Optimization
Warning
X-Litespeed-Cache
X-Ob-Mode
ScoreTracker
NnCoection
X-Magento-Cache-Debug
X-SERVER-ID
X-Trace-Id
X-Status
X-CACHE-TTL
X-Avvio-Cms-Cacheload
Section-Io-Id
X-HW
If-Modified-Since
B-Powered-By
X-Clara-ASAP
X-B
X-ASAP-Cache
X-Node-Name
X-Wix-Route-ID
X-Ocache
X-Cms-Server
X-REDIRECTSERVER
X-SilverStripe-Cache
X-EDGECONNECT-GUID-DEBUG
X-FreeTag-Count
WP-AdvCache-MemCached
X-T3CacheInfo
X-T3CacheTags
X-Vary-Options
X-CCC
X-CID
SB-Cache-Life
SB-Cache-Remaining
SB-Site-Device
X-Time-Microsecs
X-Magento-Action
X-Expires
X-Requested-Page
X-T3Cache
X-RequestId
Open.Jobgate.Se
P3P:CP
Test.Executivepeople.Se
Jobb.Passal.Se
Jobb.Gil.Se
Bios
X-Varnish-URL
Jobb.Assistentpoolen.Se
Www.Mabracertifiering.Se
Www.Mirrorgate.Se
X-Amz-Meta-S3cmd-Attrs
X-HP-CAM-COLOR
X-Id
X-HeBS-Cache-Status
X-F-Cache
Www.Myjob.Se
X-Backend-Name
X-Amz-Storage-Class
X-APP
X-WorkerInstancename
X-Server-Instance-Name
X-Server-Generated
X-Response
X-Rebelmouse-Surrogate-Control
X-XS4ALL-Server
X-SDE-Name
X-ORACLE-DMS-ECID
X-ATM-RServer
X-ATM-RTime
X-AWS
X-Rebelmouse-Cache-Control
X-Real-IP
X-Frames-Options
Worker
X-Healthy
X-Cms-Mode
PServer
X-Artvisual-Server
X-RDP
X-ProxyInstancename
X-Cache-On
X-Litespeed-Cache-Control
VServer
X-Varnish-Action
Content-Server
Hash
X-DEBUG
Sophnep-Edge-FX
Machine
D
HOST-SERVICE
X-Stage
X-Is-Mobile
X-Server-Instance
A
X-Unbounce-PageId
Xc
X-Unbounce-Variant
X-Unbounce-VisitorID
X-Hosting
Web
NZSpeedy
X-COUNTRY-CODE
X-Dev
X-Dispatcher
X-Oracle-DMS-ECID
SS
X-Varnish-Instance
INCOMING-TIME
X-ACCELERATE
X-Medium-Entity-Id
X-Cache-CFC
X-Medium-Entity-Type
Ngpass-Vcall
AsisCache
X-Backend-TTL
X-W3TC-Minify
Mto-License-Status
Cleartype
X-Would-Your-GrandPa-Wait
X-TTL-Age
X-Your-GrandPa-Would-Wait
X-Author
X-GeoIP
Backend-Name-Original
Content-Instance
X-Beatles-Hits
Countrycode
Ews
IsMobile
X-Flex-Evstart
X-We-Are-Hiring
X-Flex-Lang
X-Max-Age
X-Nginx
X-Flex-Tag
X-Flex-Lastmod
X-AccessDev
X-Block
X-Does-He-Have-Time
Pool
Host-Name
Fastly-Backend-Name
X-Flex-Tags
X-Beatles
X-Flex-Evend
X-Flex-Community
X-Cluster-Node
CpuTime
Note
TP-L2-Cache
TP-Cache
Url-Hash
X-Invoke-Duration
X-Timing
X-MAT-GEO
Paypal-Debug-Id
Cluster-ID
X-WebNode
X-Purge-Level
At-Isb
At-Shoptype
Atp-Isdpp
X-Wikidot-Backend
X-Wikidot-Static-Cache
Xxxxx-Hit-Count
Xxxxx-Cache
Xxxxx-Restarts-Count
X-Environment-Context
X-VC-TTL
X-L-Path
Xxxxx-Age
X-Appmachine-Environment
X-Actindo-RS
SharePointError
X-ESI
X-Tags
X-Environment
X-PHP-Response-Code
X-Old-Content-Length
Access-Control-Allow-Orgin
X-Trace-App
DNNOutputCache
X-Vhost-ID
Server-Id
RouteID
X-NewCloud-V-Cache
X-MobileDetected
X-EdgeRouter
X-Channel-Maxage
X-Header
X-Hrouter
X-Hstore
Ttl
X-Jcms-Ajax-Id
X-HITS
X-Cache-Device-Type
X-Cache-Action
X-Nginx-Request-Time
X-OCTOPOD
X-AISO-Server
X-AISO-Cacheable
X-Serendipity-InterfaceLangSource
X-Serendipity-InterfaceLang
X-Webstats-RespID
Session-Id
X-AISO-Cache
X-Cache-Me-Harder
Apache
X-EZPublish-InstallationID
X-Country
X-Hit
X-Runtime-Memory
X-RateLimit-Remaining
X-Remote-Addr
X-HAProxy
X-BE
X-PM-ID
X-Span
Foglight-Request-UUID
X-PG
Set-Cookie2
X-Powered-By-Home.Pl
X-Server-By
X-Seschat-URL
X-Varnish-Esi-Method
X-Varnish-Esi-Access
X-Varnish-Set-Cookie
X-Varnish-Store
X-Fallback
Aurora-Node
X-Varnish-Currency
X-Turpentine-Esi
X-SeschatLayout
X-SeschatDID
X-SeschatRedID
X-SeschatTemplateID
X-Turpentine-Cache
X-RSS-CACHE-STATUS
X-FCMS-Cache
X-Gannett-Site-Version
X-B3-Traceid
X-Meta-Imagetoolbar
X-Meta-MSSmartTagsPreventParsing
Og
X-Meta-MSThemeCompatible
X-Fpc
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-MCF-ID
X-Xhr-Current-Location
MSSmartTagsPreventParsing
MSThemeCompatible
X-JSESSIONID
X-LW-T
X-Proto
X-RealServer
Device
AGI-Request-ID
Provider
X-AG-MIPS
X-FastCGI-Cache
X-DataDome
X-Signature
X-Pagely-Cache
INFO
Kanooh-Host
X-Server-Addr
X-SV
X-Orig-Host
Cmsid
X-EZPublish-NodeID
MageStack-Cache-Hits
X-Akamai-Edgescape
MageStack-Cache
MageStack-Debug
TotalTime
Webserver
MageStack-Cache-Lifetime
MageStack-Cache-Status
MageStack-PageSpeed
MageStack-Loadbalancer
MageStack-Config
MageStack-Tag
MageStack-Cacheable
MageStack-Web-Node
MageStack-Area
VANITY-HOST
Backend-Node
X-Rewritten-By
X-Sn-Servicetimems
X-ETag
Publisher
X-SATserver
Cmstype
GenSvr
X-Ghost-Cache-Status
Max-Age
X-CCM
X-EntryPoint
X-ManagedFusion-Rewriter-Version
X-GRACE
X-HostName
X-Ratelimit-Remaining
Lfy
Servername
X-Mod-Oboe-PS
X-HOSTNAME
X-Esi
Cxy-All
X-Varnish-Backend-Healthy
X-Varnish-Error-Restart
X-Restarts
Resin-Trace
VC-NoCache
X-Supported-By
Head
X-ESI-Enable
X-PF-CACHE-FAILED
X-Goog-Storage-Class
X-Zendesk-Origin-Server
X-Goog-Metageneration
X-HASH
X-LS-DEBUG
X-Magento-Cache-Control
X-Zendesk-User-Id
X-VG-WebCache
X-Cache-Handler
User-Cache-Control
QC-Time
QC-Key
X-BeResp-Ttl
X-Goog-Stored-Content-Encoding
QC-Hit
X-Sid
X-Goog-Generation
X-ATP-Server
ServerIP
X-TB-M
X-Brought-To-You-By
X-Box
XDisk
SINA-LB
SINA-TS
Tempo
X-Cache-Extended
X-Device-Group
X-Dynamic
X-FFX-B
X-Clx-Request
X-Forwarded-Proto
X-Desc
X-DeliveryServer
V-Age
X-Client-Ip
X-Delivered-By
X-Geo
X-Magento-Tags
X-Process-Time
Cteonnt-Length
X-Ratelimit-Limit
X-Batcache
X-OpenCart-Lightning
Edgecast
X-EvoSuite-Machine
X-EvoSuite-Secs
X-Content-Type
X-WHOIS-Cached
X-Ratelimit-Reset
X-Client-Image-Vid
Expiries
X-Pb-Mii
X-ASAP-Age
X-Instance-Name
User-Agent
Httpd-Identifier
X-Enhanced-By
NodeId
Www.Aujourdhui.Com
X-DB-NAR
X-MSU-SOURCE
X-Rack-Cors
X-SID
X-Varnish-Cache-Control
Lookup-Cache-Hit
X-GUploader-UploadID
X-Cache-ID
X-Goog-Stored-Content-Length
X-Mii-Cache-Hit
X-WR-MODIFICATION
EXT-CACHEEXPIRE
X-Bcwwwid
X-Cache-Origin
X-Capoed
X-Airee-Node
OriginServer
BlockPHPCallEnd
DB-Nickname
NKBVHEADER
X-Test
X-T
X-Route
X-RAMCache
AC-ELC
X-Fe
Dispatcher
X-Pj-Cache-Status
X-Pj-Cache-Key
X-DN-GyrobaseID
X-D-Time
X-Gyrobase-Publication
X-IP-Address
X-Accel-Cache-Control
X-Render-Time
VM
X-Nginx-Backend
BKREF
X-ACLR-Version
X-Generation-Time
X-Pardot-LB
X-PHP
X-PBY
X-Pardot-Route
X-ServedByHost
X-DN-Cache-Control
X-DB-Content-Length
RequestId
X-Compressor
X-Cacheable-TTL
X-BServer
X-Hcom-Origin-Id
X-Hcom-Styx-Info
X-VhostID
X-Protected-By
X-Nucleus-Cache
Content-Cache
X-BPool
X-Ants-Machine-Id
X-AppServer-Cache-Rule
X-AppServer-Status
X-Webkit-CSP
Server-Optimized-By
X-Rq
X-Obr-Rule
X-Ants-Host
Tracker
X-Hash
SL-NOREWRITE-REDIRECTS
X-Cache-Via
X-DDM-SERVER
X-Compressed-By
Charly
Expire
X-Backend-Ip
X-PageType
X-OneLinkTook
X-MCB-Server
X-OneLinkHost
X-OneLinkProcessing
X-OneLinkServiceType
X-4ormat-Cacheable
X-A
X-Wm-VIP
Content
DPOOL-HEADER
POOL
X-Wm-1
X-Sov
X-Application
X-Cluster-Host
X-E
X-Rot
X-HTML-Minification-Powered-By
X-Highwire-Sitecode
X-UseReverse-Proxy
X-Webapp
X-S-Misc
Nginx-Cache
X-SuperCache
X-Site-Name
X-DDM-SERVER-UPDATED
X-Pageid
X-Router
X-Router-Backend
NS-VaryByCustom-Key
Public-Extension
Hosted-By
X-Catalyst
X-Content-Security-Policy-Report-Only
X-Fedora-School-Id
MwpReleaseVersion
Server-ID
Pw-Value
ReqUrl
ResourceTag
SLB
Requested-Host