Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
Link
X-AspNet-Version
P3P
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-Adblock-Key
X-UA-Compatible
Via
Keep-Alive
X-Frame-Options
CF-RAY
Content-Location
X-Varnish
X-Template
X-Language
X-Check
X-Buckets
X-Cacheable
Access-Control-Allow-Origin
X-Generator
X-Drupal-Cache
WP-Super-Cache
X-Ac
X-Hacker
Status
MS-Author-Via
Strict-Transport-Security
X-AspNetMvc-Version
X-Powered-By-Plesk
X-Runtime
X-Pad
X-Geo-Port
X-Geo
X-Request-Id
X-Mod-Pagespeed
X-Powered-CMS
X-Type
X-Cache-Group
MicrosoftOfficeWebServer
X-Pass-Why
Access-Control-Allow-Credentials
P3p
X-Logged-In
X-Host
X-Cache-Hits
Ngpass-Ngall
X-Cache-Lookup
X-Server
Host-Header
X-UA-Device
X-FRAME-OPTIONS
X-Proxy-Cache
X-Iinfo
X-Via
X-Backend
Access-Control-Allow-Headers
X-Rack-Cache
MicrosoftSharePointTeamServices
Access-Control-Allow-Methods
X-CF-Powered-By
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-XRDS-Location
X-Served-By
X-Tumblr-Pixel-1
X-Varnish-Cache
SPRequestGuid
X-SharePointHealthScore
X-Accel-Version
X-Sorting-Hat-PodId-Cached
X-ShardId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Dc
X-Sorting-Hat-ShopId-Cached
X-ShopId
X-Sorting-Hat-ShopId
X-Robots-Tag
X-Request-ID
X-Seen-By
X-ContextId
X-ServedBy
X-Page-Speed
X-CDN
Content-Encoding
X-INKT-SITE
X-INKT-URI
X-Tumblr-Pixel-2
X-Cnection
X-BC-Is-HA
X-Webserver
X-MS-InvokeApp
X-PhApp
X-Safe-Firewall
X-Hostname
X-Cache-Hit
X-PC-Key
X-PC-Hit
X-PC-Date
X-PC-AppVer
X-PC-Host
Composed-By
X-Ua-Compatible
X-FullPageCaching
X-Port
Served-By
X-AH-Environment
Cartoon
X-Firenze-Processing-Times
X-Cache-Status
X-W-DC
X-Tumblr-Pixel-3
X-XN-Trace-Token
X-XN-XNHTML
Public-Key-Pins
X-Age
X-Wix-Renderer-Server
X-Wix-Dispatcher-Cache-Hit
Cf-Railgun
X-Wix-Request-Id
X-Amz-Cf-Id
X-HeyJason
Content-Security-Policy
Liferay-Portal
X-Spip-Cache
X-Powered-By-360WZB
X-Amz-Id-2
Content-Script-Type
Request-Id
Content-Style-Type
CF-Cache-Status
X-Amz-Request-Id
SPIisLatency
X-Served-From-Cache
SPRequestDuration
X-Umbraco-Version
X-Content-Digest
X-Cache-Info
X-Server-Name
X-Timer
X-Cache-Server
X-Pantheon-Endpoint
X-Styx-Build-Num
X-Styx-Build-Sha
X-Styx-Version
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Styx-Build-Date
X-DynaTrace
X-Hyper-Cache
X-Clacks-Overhead
X-SERVER
X-Forwarded-For
Rating
X-FB-Debug
X-Device
Powered-By
X-TN-ServedBy
Real-Hostname
DynaTrace
X-PHP-Engine
X-Loop
X-VCache
X-Outils-CS
TCN
X-Tumblr-Pixel-4
X-Url
X-PersistenceNode
X-TNCMS
X-Cache-Result
X-Px
X-Cache-Enabled
X-From
X-Cached-By
NS-RTIMER-COMPOSITE
X-CDN-Any-IP
X-CDN-Geo-IP
X-CDN-Geo
Refresh
X-Tumblr-Content-Rating
X-Cached
X-Generated-By
X-Microcachable
Imagetoolbar
X-Content-Encoded-By
X-Hits
Page-Completion-Status
Product
Powered-By-ChinaCache
X-Mobilized-By
Access-Control-Max-Age
X-Powered-By-Anquanbao
X-Loc
X-Backend-Server
Ms-Author-Via
IBM-Web2-Location
X-Content-Security-Policy
Thanks
Magicmarker
X-CMS-Version
X-Matrix-Proxy
X-Matrix-Server
Charset
X-Zephyr
X-Jimdo-Wid
X-Jimdo-Pid
X-Tumblr-Pixel-5
Node
X-FW-Hash
X-Node
X-Permitted-Cross-Domain-Policies
X-FW-Type
X-FW-Static
X-FW-Serve
X-DDC-Arch-Trace
X-SDS
X-DynaTrace-JS-Agent
X-Version
X-Processed-By
Pics-Label
X-User-Agent
X-I
Generator
X-Content-Options
X-Firenze-Processing-Time
X-URL
Response
X-WebKit-CSP
X-Expires-Orig
X-Original-Content-Length
ServedBy
Set-Cookie2
CC-CACHE
X-W3TC-Minify
X-Cache-Debug
X-Purge-Host
RTSS
Content-Encoding-Handler
X-UD-Host
X-UD-Method
X-Varnish-TTL
Retry-After
X-Varnish-Host
SID
X-Sol
X-Middleton-Display
X-Cache-Config
X-Middleton-Response
MIME-Version
X-AspNetWebPages-Version
Lsrequestid
Proxy-Agent
Microsoftsharepointteamservices
X-App-Hosting
Host
X-Cache-Expires
Display
Sprequestguid
Edge-Control
X-Cache-Resuilt
X-DNS-Prefetch-Control
X-Sharepointhealthscore
X-Varnish-Backend
X-LiteSpeed-Cache
PICS-Label
X-Hosted-By
X-Original-Request
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Returned-From-BeforeDispatch
X-Passed-To
X-Returned-From-PostProcessResponse
X-Handled-By
X-ApacheServer
X-Returned-From-DLL
X-Actual-URL
X-Returned-From
Access-Control-Request-Method
X-ATG-Version
X-MiniProfiler-Ids
X-Whom
X-Ms-Invokeapp
Content-Disposition
X-PF-Uncompressing
X-Swift-SaveTime
X-Varnish-Cacheable
X-Cdn
X-Swift-CacheTime
X-Nitra-Side
X-Drectory-Script
X-NoCache
Grace
Accept-Encoding
Content-Security-Policy-Report-Only
VAR-Cache
X-Micro-Cache
X-Purge-URL
X-Response-Time
X-Cache-Control-Orig
Fhost
X-SN
COMMERCE-SERVER-SOFTWARE
X-ServerID
Srv
IISExport
Surrogate-Control
ServerName
AMF-Ver
X-PwB-Node
SEOMOZ
MJ12bot
X-Front
Location
X-Director
X-FW
X-TTL
X-Tumblr-Pixel-6
X-Trace
Cm-Server
WWW-Authenticate
X-PERF
X-Art-Request-Id
X-Varnish-IP
Proxy-Connection
ServerID
X-Session-Reinit
X-Blog
X-Vary-Options
X-Varnish-Hits
Filter-Revision
Accept-Charset
X-Cache-Rule
X-Duration
X-CJ-Soft
X-Cookie-Domain
X-Ttl
X-ACMCache
X-Cache-TTL
X-Varnish-Age
X-Varnish-Cache-Hits
X-Amz-Meta-S3cmd-Attrs
SN
X-FIRSTBase
S
Id
Cache-By-Node
X-Distil-CS
Fpc-Cache-Id
X-SRV
Rt-Fastcgi-Cache
X-Track
Website-Info
Server-Info
X-BackendServer
X-Server-ID
X-Speed-Cache-Key
X-Speed-Cache
Nodo
X-Cache-Age
X-FORWARDED-FOR
X-S
X-Time
Upgrade
X-Instart-Request-ID
A-Powered-By
X-ServerName
Qs-Cache
X-Cache-Operation
X-Directory-Script
X-GeoIP-Country-Name
X-GeoIP-Country-Code
X-ID
X-VARNISH-Cache
Powered
X-Gamma-Serve
X-Xrds-Location
X-Trace-Cache
X-Adobe-Content
X-App
X-LIGHTHTTP-PCDID
X-Stale
X-App-Status
X-CHSN
NtCoent-Length
Buuteeq-Source
X-Yadis-Location
X-Engine
X-Highwire-SessionId
Server-Name
X-Highwire-RequestId
X-Varnish-Beresp-Ttl
X-Cache-Lifetime
Author
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Cache
X-Twitter-Response-Tags
Req-Id
X-Secret
LBVIS
X-Sys-Req-ID
Ms
X-Connection-Hash
X-Transaction
Front-End-Https
X-Device-Type
X-Translation
X-Microcache-Status
Content-Transfer-Encoding
XX
Origin
X-Orig-Vary
NetMindSessionID
PageSpeed
X-FreeTag-Count
MIH-PUBLIC-IDENTIFIER
X-SDE-Name
Dispatcher
X-Cocoon-Version
X-Provisioner-Version
X-Domain-Checked
X-Frontend
X-Distributed-By
Backend
X-Bettercache-Proxy
MIH-PLATFORM
MIH-CLIENT-FARM
X-Object-Type
X-Cache-Action
X-Object-Id
X-Varnish-Server
X-Varnish-Action
SS
X-Debug
X-AOL-SNH
X-Country-Code
X-Powered-By-VTEX-Janus-Edge
X-VTEX-Cache-Status-Janus-Edge
X-VTEX-Janus-Router-Backend-App
X-Vtex-Processado-Em
X-Vtex-Processed-At
X-VTEX-Cache-Status-Janus-ApiCache
X-Recruiting
X-Powered-By-VTEX-Janus-ApiCache
X-Powered-By-VTEX-Janus-Router
X-TempDebug
No
X-Vtex-Remote-Cache
X-N
X-Src-Webcache
X-Srv
X-Cache-On
X-Symfony-Cache
Apache
X-ServerCache-Info
X-Varnish-HitMiss
CT
X-Wily-Servlet
X-Varnish-Count
BM-Cache-Key
X-SBGI-Cache-Codes
RATING
BM-Cache-Node
X-Wily-Info
Version
Content-MD5
X-Dynatrace
NLCacheNote
Beyond-Iis
X-Grid-Server
X-Location-Id
SVR
X-Old-Content-Length
X-Expires
X-UD-Loopcounter
X-UD-Target
X-Machine-Name
X-REDIRECTSERVER
X-Cluster-Node
X-UD-REMOTE-ADDR
X-Plat
X-Remote-Addr
NODE
Front
X-Webapp
X-Router
X-Router-Backend
Cteonnt-Length
X-UseReverse-Proxy
X-Powered-By-Server
X-WEBSERVER
Access-Control-Expose-Headers
X-Origin-Id
X-Gannett-Site-Version
X-Atraveo-Varnish-Server-Id
X-Country
X-Atraveo-TTL
X-Atraveo-From-Varnish-Cache
X-Turbo-Control
X-Resolver-IP
X-Atraveo-Cache-Control
X-ManagedFusion-Rewriter-Version
X-Atraveo-NC
X-PRAM
ScoreTracker
-GCR
X-WR-MODIFICATION
LBC
X-B2f-Cache-Load
XDomainRequestAllowed
X-Phpwcms-Release
X-BS
X-Source-ID
X-Phpwcms-Page-Processed-In
Machine
Pool
X-Origin
X-Cache-CFC
X-Ar-Debug
Warning
X-Beatles
X-Rewritten-By
X-Venda-Hitid
X-Info
X-Header
Last-Published
X-Amz-Id-1
Il-Cl
X-ATM-RTime
Muha
X-Actindo-RS
Cluster-ID
X-Developer
X-Kirra-SiteId
X-Geo-IP-Country
X-Geo-IP-Metro
TP-L2-Cache
X-Geo-IP-Region
X-Geo-IP
X-Response
From
X-ATM-RServer
X-Geo-IPV
X-Varnish-Object-Age
Ksid
X-Stage
BM-Cache-Status
SRV
X-ORACLE-DMS-ECID
X-Req-Host
TP-Cache
MW-Webserver
Server2
CPOINT
X-DPWN-IS-SECURE
X-WP
X-LI-UUID
X-Li-Pop
X-FS-UUID
X-Monstercache-Timeout
X-Li-Fabric
X-Content-Age
X-Max-Age
X-App-Container
X-Flow-Powered
X-Uid
X-GC-App
X-GC-Read
X-Who
X-Real-Server
X-GC-Write
X-TTFB-L
Smug-Env
X-TTFB
X-SmugMug-Hiring
X-SmugMug-Values
X-Varnish-ID
X-Farm-Server
WFE
BM-CountryCode
X-Catalyst
X-FFX-B
X-Author
X-Invoke-Duration
X-Frames-Options
No-Cookie
X-Varnish-Debug-Age
X-ESI-Enable
X-Varnish-Debug-Hits
X-DeliveryServer
X-MJ-Upstream-Addr
X-SV
NnCoection
X-Libra-UpstreamHost
X-UPSTREAM
X-ChromeLogger-Data
X-Cache-Set
Accept-Language
X-Server-Id
X-Id
SiteName
X-Purge-Url
X-Garden-Version
Content-Instance
X-WorkerInstancename
X-Enhanced-By
X-Dev
Provided-Host
Progma
ORIGIN
X-Varnish-Device
HCVer
Compression-Control
X-Is-Mobile
SIP
X-PM-ID
X-EPiLogOnScreen-PostUrl
X-EPiLogOnScreen
X-Powered
X-WLD-LB
X-Goog-Hash
X-BKSrc
X-Drupal-Cache-Tags
X-Nginx-Cache
X-CacheServer
X-Planisys-CDN-Cache
X-DTC
X-Empowered-By
Tpt.Renderer
X-MidCOM-Meta-Cache
Tpt.Renderer1
X-Planisys-CDN-Rules
X-MCB-Server
SS-Request-ID2
Ttl
MirrorName
X-N-ViewType
X-SSL
ServerConfigManager.WebBugTracker
Render
X-Vhost-ID
BALANCEDTO
IsFullSiteRequest
X-Built-By
X-Oracle-DMS-ECID
P3P:CP
Test.Executivepeople.Se
Www.Mabracertifiering.Se
X-T3CacheTags
Www.Mirrorgate.Se
Open.Jobgate.Se
Ibm-Web2-Location
X-Webstats-RespID
Cneonction
Before
Jobb.Assistentpoolen.Se
X-HostName
Jobb.Passal.Se
Jobb.Gil.Se
Www.Myjob.Se
X-B2f-Not-Route
Web-Server
HAVer
After
X-DSMX-Render-MS
X-Force
X-T3Cache
ExecuteNonQuerySQLParam
X-Server-By
X-Edge-Location
X-DSMX-Rewrite-MS
X-Cms-Mode
X-ProcessESI
7e-Page-Cache
X-Hash
Server-N
X-PageID
X-Route
WP-AdvCache-MemCached
X-RemovedCookies
X-Jphone-Copyright
Worker
X-Monstercache-Host
Bs-Header
X-Server-Instance
X-Monstercache-Hash
X-Monstercache
Provider
X-Yottaa-Optimizations
X-ESI
X-Distributor
Servername
Altran-C
X-Via-Kemp
X-Pagename
X-Nginx-Host
X-Hit-Cache
WEBO
X-Varnish-Cache-Local
X-Fastcgi-Cache
X-MJ-Serve-Req-Time
X-GitHub-Request-Id
X-DefendeR-Status
X-Accel-Expires
X-DefendeR-Runtime
X-Storage
X-OPNET-Transaction-Trace
Cmsid
Cmstype
Host-Service
X-WA-Info
B-Powered-By
X-Varnish-Cookie-Debug
X-DB-Content-Length
Redirect
Backend-Host
D
X-Yottaa-Metrics
X-LB
X-PvInfo
No-Cache
X-SilverStripe-Cache
Be
Test
X-Node-Name
CP
Sid
X-Nhost
ServerIP
F-In-Cache
X-Revision
User-Id
User-Updated-At
Xonnection
X-ACCELERATE
X-This-Proto
X-Varnish-Ttl
PServer
X-NFE
BE
X-D-Time
Mobiquo-Is-Login
X-S-Misc
X-Generation-Time
X-Seschat-URL
X-Amz-Version-Id
Backend-Name-Original
X-SeschatDID
X-Block
X-Vhost
X-Channel-Maxage
X-Server-Generated
Cache-Ctrol
Fw-Via
X-Client-IP
X-Trace-App
X-UserAgent
X-T3CacheInfo
X-Content-Security-Policy-Report-Only
X-CacheTTL
BM-Cache-Bypass
X-Purge-Level
X-Allow-Redis
X-CCM
Webluker-Edge
X-Locale
X-SeschatRedID
Copyright
X-SeschatTemplateID
X-SeschatLayout
X-Client-Vid
X-CMS
X-Varnish-Debug-Pool-Recv
MageStack-Cache-Status
X-FCMS-Cache
MageStack-Tag
X-Flex-Tag
X-Crafted
X-Varnish-Restarts
X-Frontal
X-Mobile
X-Hrouter
Gzip
INCOMING-TIME
X-Flex-Tags
X-Hstore
X-Cache-Extended
X-Flex-Lang
X-Flex-Lastmod
X-Middleton-PageSpeed
X-Flex-Evstart
X-Flex-Community
X-Cached-Status
X-7d-Traceid
X-7d-Version
X-7dig
X-Varnish-Debug-Pool-Fetch
X-Uplex
Content-ID
X-MobileDetected
CommunityServer
MageStack-Response-Ttl
X-Source
Disaptch-Cache-Rule
X-EdgeRouter
BrandBucket-Domain
MageStack-Debug
MageStack-Cache-Hits
X-Mod-Oboe-PS
X-Abuse
X-TLServer
X-EPiphany-Vid
MageStack-Cacheable
MageStack-Cache-Lifetime
MageStack-Config
X-Flex-Evend
MageStack-Loadbalancer
MageStack-PageSpeed
X-Varnish-Cache-Server
X-Cache-Ttl
MageStack-Area
Rt-Server
MageStack-Cache
X-Web-Node
Tracker
X-Dynatrace-Js-Agent
X-Full-URL
X-Server-Node
NZSpeedy
X-NginX-Cache
X-SATserver
CACHED-RESPONSE
X-NginX-Server
X-DELIVERYSERVER
X-Would-Your-GrandPa-Wait
X-Page-Generated-At
X-Cache-Backend
X-Checkout
X-CMS-Server
X-Cookie-Store
X-Backend-Status
WP-Cache
Access-Ip
Be-Ip
Be-Va
CountryCode
X-Dokk-PortalId
OriginServer
X-Rot
X-Sov
X-TTL-Age
X-Turpentine-Cache
X-Page-Generation-Time
X-JSON-API-LATENCY
X-ELC-Checkpoint4
X-GeoIP
X-Hosting
X-IP-Address
X-Var-Hash
Publisher
X-Cookie
Web-Head
X-LTM-ID
X-Prerender-Token
X-Varnish-Currency
ContentType
X-Yqk-Set
X-Serendipity-InterfaceLang
X-Serendipity-InterfaceLangSource
X-Time-Microsecs
X-CACHE-TTL
X-View
At-Isb
X-Static-Version
Content-Cache
X-Bcwwwid
CacheControlHeader
LFY
X-Request-Count
SFY
X-ESI-Processing
X-PoweredBy
X-Render-Time
X-Req-Counter
X-Powered-Developer
AcceptLangage
OGHopCount
X-Benchmark-Cache
X-Benchmark-Db
X-Benchmark-Sphinx
MGIT
MachineName
Content
Http
Ibf5scheme
X-MaxAge
X-Benchmark-Sphinx-Count
X-Benchmark-Total
X-Hit
X-JAVAX-PORTLET-FACES-NAMESPACED-RESPONSE
X-Planisys-CDN-Upstream
X-Powered-By-Yqk
X-CID
X-CDN-Node
X-Cachable
X-Cache-Control
X-CCC
X-CDN-Cache-Status
X-Your-GrandPa-Would-Wait
X-Url-Store
X-Fett
X-IDS-WS
X-IP
X-ProxyInstancename
X-Cache-Doesi
S-Cnection
SV-Duration
X-App-Reload-Settings
Esi-Enabled
X-Wikidot-Static-Cache
X-Backend-IP
Hotelbookingid
OutputRewritten
X-USERNAME
Ec
X-Wikidot-Backend
Robots
Aoestatic
W
X-VG-WebCache
X-RequesterIP
X-Sc-Cache
X-Sc-Path
UNIQUE-ID
X-Instance
X-Binarysec-Via
X-Environment
X-GeoIP-Country
X-Server-IP
UniqueName
Thinkindot-CacheControl
If-Modified-Since
X-Varnish-Hit
Thinkindot-CacheControl-Type
Requested-Host
Timing-Allow-Origin
X-MSEdge-Ref
Thinkindot-Control
ProxiaInstanceId
X-Process-Time
X-Magento-Action
X-Nucleus-Cache
X-Artvisual-Server
X-Magento-Lifetime
X-Hostingcenter
Server-Optimized-By
X-Request-Time
X-Upstream
X-HOSTTYPE
X-Unbounce-PageId
X-Magnolia-Registration
Dynatrace
X-Unbounce-Variant
X-DEBUG
X-Unbounce-VisitorID
X-App-Server
X-Test
Sophnep-Edge-FX
X-Ruxit-JS-Agent
X-APP
Cpu
X-RE-Ref
X-Ratelimit
X-Dynamic
X-Aws-Ec2
X-Grace
Ram
X-Domino-CacheValidationWithETagReason
X-Domino-CacheValidationWithETagResult
X-Cookie-Response-Debug
Noq
X-SiteConInfo
X-PBY
X-Daa-Tunnel
X-AISO-Server
X-AISO-Cache
X-Request-Processing-Time
X-Request-Received
X-Node-ID
X-Download-Options
X-RSS-CACHE-STATUS
Railo-Version
X-Ruxit-Js-Agent
X-Src-Loadbalancer
Protected-By
X-Cluster-Server
F5-IpCliente
X-Ec-Custom-Error
Noahs-Classifieds
X-Cookie-Request-Debug
X-Content-Parsed-By
ClientIP
X-XHR-Current-Location
Hamster
Encoding
Redirect-Store
X-JG-Page-Cache
Nitro-Cache
PROPSON-FARM
Max-Age
X-Turpentine-Esi
SLB
SSPAppContext
Www.Aujourdhui.Com
X-Varnish-Set-Cookie
X-Varnish-URL
IsMobile
X-Client-Addr
CData
X-ServiceProvider
X-Snapsis-PageBlaster
X-ATP-Server
X-Cache-Key
X-CacheStore
X-Geolocation
X-Cache-Host
X-B2f-Cache-NotFromUrl
X-Mii-Cache-Hit
X-Compressed-By
X-Edge-IP
X-Confluence-Request-Time
X-Forwarded-Proto
X-Client-Id
X-Debug-Serve
X-Device-Group
X-ARR
Rt-Proxy-Cache
Tempo
X-Cache-Via
X-Brought-To-You-By
X-Highwire-Sitecode
AppDynamics-BT
Nginx-Cache
Edgecast
Fpc-Expire
X-ACLR-Version
MwpReleaseVersion
X-AccessDev
Public-Extension
X-DC-Origin-IP
X-Pb-Mii
X-Highwire-Cache
Description
Serv
Keywords
ResourceTag
Mime-Version
Ozcache
Tracecode
X-FRONT-TTL
X-Panel-Name
X-Panel-Id
Proc
X-Varnish-Hashed-On
X-Cached-From
X-RateLimit
X-Powered-By-Home.Pl
X-AVG-REWRITE
HostName
X-AVG
X-Webobjects-Loadaverage
X-PC3-Time
X-PC3-Control
Language
X-Compressor
X-WAP
X-Platform-Processor
X-VhostID
X-Life
X-Optimization
X-Platform-Cache
X-CMS-Powered-By
Rewriter
EXT-CACHEEXPIRE
BKREF
X-Path
X-Docuri
Pool-Info
Webserver
Nodeid
X-Backend-Name
X-AppServer-Status
Disablevcache
X-Nginx
X-Rq
X-Platform-Router
X-R4L-VHOST
Arr-Disable-Session-Affinity
SL-NOREWRITE-REDIRECTS
X-Accel-Cache-Control
Balanced-From
Device
-Onnection
X-WebKit-CSP-Report-Only
X-Mobile-Device
DBG-HTTPHOST
X-Gondor-Server
DBG-TargetHost
Backend-INFRA.WAN
DB-Nickname
X-Do-Not-Hack
AC-ELC
C-TTL
Xc
X-Cluster-ID
Svr
X-CDN-Version
X-Debb
Portlet.Expiration-Cache
X-Client-True-IP
X-Eznode
DBG-Timestamp
X-Jcms-Ajax-Id
X-HITS
X-BIN
Time
X-Pageid
X-RNDPAGE
KinteraFilter
XDisk
X-TAG
BM-Cache-BackendTime
BM-Cache-BackendNode
X-Upstream-Time
X-CPU-Time
X-Node-Id
Z-NginxStatus
Access-Control-Allow-Origin:
X-HW
Apple-Itunes-App
X-Apublish-Id
X-Stackable-Node
GenSvr