Threat Level: green Handler on Duty: Didier Stevens

SANS ISC HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Date
Content-Type
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
X-Pingback
X-AspNet-Version
Link
P3P
X-Content-Type-Options
X-XSS-Protection
Age
X-Cache
Alternate-Protocol
Content-Language
X-UA-Compatible
Via
X-Adblock-Key
Content-Location
Keep-Alive
X-Frame-Options
CF-RAY
X-Varnish
X-Check
X-Language
X-Buckets
X-Template
X-Cacheable
P3p
Access-Control-Allow-Origin
X-Generator
X-Drupal-Cache
X-Ac
X-Hacker
WP-Super-Cache
Status
MS-Author-Via
X-AspNetMvc-Version
X-Powered-By-Plesk
X-Pad
X-Runtime
X-Geo-Port
X-Geo
Strict-Transport-Security
X-Request-Id
X-Powered-CMS
X-Host
MicrosoftOfficeWebServer
X-Type
X-Cache-Group
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Server
Ngpass-Ngall
X-Cache-Lookup
X-Logged-In
X-Mod-Pagespeed
X-Cache-Hits
X-UA-Device
Host-Header
X-Rack-Cache
X-Url
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Via
X-Iinfo
X-Forwarded-For
X-Backend
Access-Control-Allow-Headers
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
SPRequestGuid
X-SharePointHealthScore
Content-Encoding
Access-Control-Allow-Methods
X-CF-Powered-By
X-Tumblr-Pixel-1
X-Varnish-Cache
X-Served-By
X-Robots-Tag
X-Accel-Version
X-Page-Speed
X-INKT-SITE
X-INKT-URI
X-Cnection
X-Tumblr-Pixel-2
X-PhApp
X-ContextId
X-BC-Is-HA
X-CDN
X-Webserver
X-ServedBy
X-MS-InvokeApp
X-ShopId
X-ShardId
X-Alternate-Cache-Key
Composed-By
X-Safe-Firewall
Served-By
X-Hostname
X-Pass-Why
X-Firenze-Processing-Times
X-Cache-Hit
X-PC-Key
X-PC-Hit
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-PC-Date
X-PC-AppVer
X-PC-Host
X-Port
X-AH-Environment
X-XN-Trace-Token
X-XN-XNHTML
X-Tumblr-Pixel-3
X-Dc
X-Cache-Status
X-Seen-By
X-Request-ID
X-Powered-By-360WZB
Cartoon
X-Age
X-Spip-Cache
Liferay-Portal
Cf-Railgun
Content-Script-Type
Content-Style-Type
X-Amz-Cf-Id
Content-Security-Policy
X-Amz-Id-2
X-Umbraco-Version
X-Server-Name
X-Cache-Info
X-Amz-Request-Id
X-HeyJason
Request-Id
X-Content-Digest
SPIisLatency
SPRequestDuration
X-Source
X-Rot
X-Cache-Server
X-SERVER
X-Served-From-Cache
X-FB-Debug
X-Styx-Build-Num
X-Styx-Build-Sha
X-Styx-Version
X-Styx-Build-Date
X-Pantheon-Styx-Hostname
X-Cache-Result
X-Styx-Req-Id
X-Pantheon-Endpoint
X-Hyper-Cache
Rating
X-DynaTrace
X-W-DC
X-Timer
X-Outils-CS
Powered-By-ChinaCache
X-Device
X-Wix-Renderer-Server
CF-Cache-Status
X-TN-ServedBy
Real-Hostname
X-Loop
X-PHP-Engine
X-Wix-Dispatcher-Cache-Hit
X-Wix-Request-Id
TCN
X-VCache
X-Px
DynaTrace
Refresh
X-FullPageCaching
X-TNCMS-Memory-Usage
X-PersistenceNode
X-TNCMS-Render-Time
X-TNCMS-Served-By
X-TNCMS-Version
X-Mobilized-By
X-Cached-By
X-Tumblr-Pixel-4
NS-RTIMER-COMPOSITE
Imagetoolbar
X-Cached
X-Generated-By
Page-Completion-Status
X-DynaTrace-JS-Agent
X-Original-Content-Length
Magicmarker
X-From
X-Cache-Enabled
X-Tumblr-Content-Rating
X-CDN-Geo
X-CDN-Any-IP
X-Content-Encoded-By
X-Loc
X-CDN-Geo-IP
IBM-Web2-Location
X-Microcachable
Thanks
Powered-By
Product
X-W3TC-Minify
X-CMS-Version
X-Tumblr-Pixel-5
X-Matrix-Server
X-Matrix-Proxy
X-Content-Security-Policy
X-Powered-By-Anquanbao
X-Zephyr
Access-Control-Max-Age
X-Backend-Server
X-Served-With
X-Firenze-Processing-Time
Charset
PICS-Label
X-DDC-Arch-Trace
X-Node
Content-Encoding-Handler
Generator
X-Permitted-Cross-Domain-Policies
Node
ServedBy
Proxy-Agent
X-Varnish-Cacheable
X-WebKit-CSP
Retry-After
X-Content-Options
X-I
X-Processed-By
X-Clacks-Overhead
X-Cf-Powered-By
X-FW-Hash
MIME-Version
Response
X-SDS
X-Varnish-Backend
X-FW-Serve
X-FW-Type
X-FW-Static
SID
X-Drectory-Script
X-DNS-Prefetch-Control
X-Varnish-Host
Lsrequestid
X-User-Agent
X-ATG-Version
X-App-Hosting
X-Purge-Host
X-Cache-Debug
RTSS
ServerName
X-Cache-Expires
X-Jimdo-Wid
X-Jimdo-Pid
X-Sol
X-UD-Method
X-UD-Host
X-AspNetWebPages-Version
Set-Cookie2
X-VARNISH-Cache
X-Expires-Orig
X-Varnish-TTL
X-ApacheServer
X-NoCache
X-Middleton-Response
X-Original-Request
Access-Control-Request-Method
X-Actual-URL
X-Handled-By
X-Passed-To
X-Passed-To-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Passed-To-PostProcessResponse
IISExport
X-Passed-To-BeforeDispatch
X-Hits
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Duration
X-SN
Content-Disposition
Host
Pics-Label
X-LiteSpeed-Cache
Accept-Encoding
X-Purge-URL
Edge-Control
Cache-By-Node
X-PERF
X-Director
X-Nitra-Side
X-Swift-SaveTime
X-TTL
X-Swift-CacheTime
X-Cache-Config
X-PF-Uncompressing
X-Vary-Options
X-Varnish-Hits
AMF-Ver
X-Cache-Control-Orig
X-Micro-Cache
X-Hosted-By
COMMERCE-SERVER-SOFTWARE
X-ServerID
Fhost
NODE
VAR-Cache
X-Cookie-Domain
X-PwB-Node
X-Version
Website-Info
Server-Info
Display
X-Middleton-Display
MJ12bot
SEOMOZ
X-Front
X-Art-Request-Id
X-FIRSTBase
Cache
Id
SN
X-Engine
S
X-MiniProfiler-Ids
Cm-Server
X-URL
Surrogate-Control
X-Varnish-IP
Machine
X-Speed-Cache
X-Speed-Cache-Key
Grace
Filter-Revision
X-Cocoon-Version
X-Yadis-Location
X-Whom
X-Response-Time
X-Session-Reinit
X-Track
X-Blog
X-Highwire-RequestId
X-Highwire-SessionId
X-App-Status
WWW-Authenticate
Ngpass-Vcall
X-CJ-Soft
X-S
X-Provisioner-Version
X-ServerName
X-Trace-Cache
X-Domain-Checked
X-Stale
Qs-Cache
Accept-Charset
Server-Name
X-Distil-CS
X-Varnish-Age
X-FW
X-Cache-Rule
X-BackendServer
Microsoftsharepointteamservices
X-Time
X-GeoIP-Country-Name
X-GeoIP-Country-Code
Req-Id
Location
Upgrade
X-Microcache-Status
X-Device-Type
Srv
A-Powered-By
Webluker-Edge
X-Xrds-Location
X-Amz-Meta-S3cmd-Attrs
X-ACMCache
Nodo
X-SRV
X-Varnish-Cache-Hits
X-Directory-Script
NtCoent-Length
Sprequestguid
X-Varnish-Object-Age
X-Sharepointhealthscore
ServerID
X-Cdn
Powered
X-Proxy-Cache
NetMindSessionID
Proxy-Connection
X-Country-Code
MIH-PUBLIC-IDENTIFIER
X-Ms-Invokeapp
X-Cache-Operation
X-App
X-Orig-Vary
X-Varnish-Server
MIH-PLATFORM
MIH-CLIENT-FARM
X-Ttl
X-ID
Fpc-Cache-Id
X-LIGHTHTTP-PCDID
X-Gamma-Serve
X-Srv
X-Translation
X-WebServer
X-Source-Host
X-Sys-Req-ID
X-Server-ID
X-Bettercache-Proxy
X-AOL-SNH
X-Frontend
X-Header
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Buuteeq-Source
CC-CACHE
X-Adobe-Content
CT
Ms
X-Varnish-Beresp-Grace
X-Twitter-Response-Tags
X-Connection-Hash
X-Transaction
MW-Webserver
Rt-Fastcgi-Cache
X-CHSN
X-Secret
X-Recruiting
No
X-Tumblr-Pixel-6
Cteonnt-Length
X-Vtex-Processado-Em
X-Cache-Action
X-TempDebug
X-Object-Id
X-Cache-On
Dispatcher
X-Object-Type
X-Vtex-Remote-Cache
X-VTEX-Cache-Status-Janus-ApiCache
X-Powered-By-VTEX-Janus-Router
X-CacheHits
X-Powered-By-VTEX-Janus-ApiCache
Content-Transfer-Encoding
X-VTEX-Cache-Status-Janus-Edge
X-Cluster-Node
X-Src-Webcache
X-Vtex-Processed-At
Origin
X-MJ-Upstream-Addr
X-VTEX-Janus-Router-Backend-App
X-Cache-Age
X-Powered-By-VTEX-Janus-Edge
Backend
SS
PageSpeed
X-FORWARDED-FOR
X-Accelerated-By
NLCacheNote
X-Geo-IP
XDomainRequestAllowed
Beyond-Iis
Apache
CommunityServer
X-Resolver-IP
Server2
X-ORACLE-DMS-ECID
X-Location-Id
X-Cache-TTL
X-Grid-Server
X-Enhanced-By
X-Atraveo-Cache-Control
X-Atraveo-From-Varnish-Cache
X-Atraveo-TTL
X-Atraveo-NC
X-Atraveo-Varnish-Server-Id
LBVIS
Author
X-Wily-Info
X-Wily-Servlet
X-Id
X-Machine-Name
X-Source-ID
X-Force
SiteName
X-Info
X-Expires
X-Turbo-Control
X-PRAM
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-FS-UUID
Content-MD5
X-Developer
X-Old-Content-Length
MirrorName
X-GeoIP
X-Debug
X-Cache-Lifetime
From
X-Amz-Id-1
-GCR
X-Trace
X-MJ-Serve-Req-Time
X-FreeTag-Count
X-Stage
X-Venda-Hitid
X-Cached-Status
X-Server-Id
UniqueName
Backend-Name-Original
X-Powered-By-Server
Warning
X-Trace-App
X-Block
X-Channel-Maxage
X-Empowered-By
X-Nginx-Server
X-WEBSERVER
X-Ar-Debug
X-ChromeLogger-Data
X-ManagedFusion-Rewriter-Version
X-Rewritten-By
Allow
X-UD-Loopcounter
X-UD-Target
X-Server-By
X-Garden-Version
X-UD-REMOTE-ADDR
X-N
X-Varnish-HitMiss
X-Varnish-Count
X-Uid
X-Webapp
X-Jphone-Copyright
X-UseReverse-Proxy
X-Router-Backend
SRV
SVR
X-Router
X-Webkit-CSP
Public-Key-Pins
Front
X-Cms-Mode
Worker
X-T3CacheInfo
X-Cache-Ttl
X-Yqk-Set
X-Dev
X-Frames-Options
X-ServerCache-Info
X-Powered-By-Yqk
Provided-Host
X-Upstream
X-Origin-Id
X-Vhost
BM-Cache-Key
ScoreTracker
X-Hosting-Env
X-PvInfo
LFY
REFRESH
X-WR-MODIFICATION
Be-Va
Be-Ip
X-Distributed-By
X-Real-Server
SFY
BM-Cache-Node
X-Varnish-Debug-Hits
X-B2f-Not-Route
X-Varnish-Debug-Age
X-Content-Age
SS-Request-ID2
X-Varnish-Cache-Local
Ttl
X-SilverStripe-Cache
X-Geo-IP-Country
Ksid
X-Accel-Expires
X-Drupal-Cache-Tags
X-Varnish-ID
X-Via-Kemp
Content-Instance
Cpu
X-HOSTNAME
X-Varnish-Action
Ram
X-GSL-Server
Web-Server
SIP
X-Goog-Hash
X-Farm-Server
WP-AdvCache-MemCached
WP-Cache
OriginServer
Last-Published
Mark
X-Monstercache-Timeout
X-N-ViewType
Rt-Server
X-Geo-IPV
ORIGIN
X-Vhost-ID
X-Request-Locale
X-ATM-RTime
X-Max-Age
X-Geo-IP-Region
X-MCB-Server
X-ATM-RServer
Cache-Ctrol
Noq
X-WP
7e-Page-Cache
X-Geo-IP-Metro
X-T3CacheTags
X-Powered
X-SSL
CDN
Access-Control-Expose-Headers
Cluster-ID
X-Kirra-SiteId
X-PM-ID
No-Cookie
XX
X-Response
X-GC-Read
X-GC-Write
X-Server-Instance
X-Phpwcms-Release
X-GC-App
X-Phpwcms-Page-Processed-In
X-HostName
BM-Cache-Status
LBC
X-DefendeR-Runtime
Cmsid
X-Cache-Set
At-Isb
At-Shoptype
X-Remote-Addr
Aoestatic
Cmstype
Atp-Isdpp
AppDynamics-BT
X-DeliveryServer
X-Yottaa-Optimizations
X-CacheTTL
X-ASTRO-REWRITE
Compression-Control
X-Yottaa-Metrics
X-Nginx-Host
X-Web-Node
X-Vivastreet
Il-Cl
X-Compressed-By
X-UPSTREAM
X-Gannett-Site-Version
X-Abuse
X-Monstercache-Hash
X-Monstercache-Host
X-Origin
BALANCEDTO
X-DTC
X-Nginx-Backend
X-Distributor
X-Varnish-Cache-Server
X-CacheServer
X-Varnish-Currency
X-Actindo-RS
X-Monstercache
X-ESI
Jobb.Assistentpoolen.Se
Jobb.Gil.Se
Jobb.Passal.Se
Xonnection
X-Hit-Cache
X-B2f-Cache-Load
X-Varnish-Device
Open.Jobgate.Se
P3P:CP
Www.Mabracertifiering.Se
Www.Mirrorgate.Se
Www.Myjob.Se
Test.Executivepeople.Se
X-Route
X-Pagename
X-Vivastreet-KiwiiPage
X-OPNET-Transaction-Trace
X-Node-Name
ServerId
X-WorkerInstancename
User-Updated-At
X-Allow-Redis
ServerIP
Version
Cneonction
X-Varnish-Cookie-Debug
X-Purge-Level
User-Id
PServer
X-EdgeRouter
X-ACCELERATE
X-Varnish-URL
X-Hrouter
X-MobileDetected
X-Hstore
PageSpeedFilters
Head
INCOMING-TIME
X-FCMS-Cache
X-Uplex
Accept-Language
X-Varnish-Debug-Pool-Fetch
X-Varnish-Debug-Pool-Recv
Svr
X-Varnish-Restarts
HAVer
X-T3Cache
X-Flex-Tags
X-DB-Content-Length
User-Cache-Control
X-Flex-Tag
X-Symfony-Cache
X-Flex-Lang
X-Flex-Lastmod
X-Flex-Evend
X-Flex-Community
X-Confluence-Request-Time
Provider
Test
Content-Security-Policy-Report-Only
X-LB
Pool-Info
X-Hash
X-Hit
X-FFX-B
X-Full-URL
X-ESI-Enable
HCVer
Acdc-Web
ExecuteNonQuerySQLParam
Hamster
IsFullSiteRequest
Render
Before
After
X-S-Misc
X-TLServer
X-MSEdge-Ref
ServerConfigManager.WebBugTracker
Tpt.Renderer
Mobiquo-Is-Login
Ec
X-Instart-Request-ID
Ibm-Web2-Location
X-Flow-Powered
Tpt.Renderer1
CP
WFE
X-WA-Info
X-Revision
X-Edge-Location
Sigma
X-Host-Url
Progma
Copyright
X-Flex-Evstart
Backend-Host
X-LAvg
X-Client-IP
X-Catalyst
X-D-Time
Content
X-Generation-Time
X-Server-Generated
Pool
X-SV
X-Cache-Backend
X-Oracle-DMS-ECID
X-IDS-WS
X-Wix-Route-ID
Server-Optimized-By
X-Magento-Action
X-Magento-Lifetime
X-RemovedCookies
NnCoection
X-Internal-IP
Bs-Header
Ozcache
X-ProcessESI
Front-End-Https
X-IP-Address
X-App-Container
X-Config-By
Tracker
X-Cluster-Host
DBG-TargetHost
X-Unbounce-VisitorID
X-Unbounce-Variant
X-7d-Traceid
X-Unbounce-PageId
X-Seschat-URL
X-NID
X-SeschatDID
X-7dig
X-7d-Version
X-Do-Not-Hack
X-Trans-Id
F-In-Cache
X-Brought-To-You-By
Tempo
MageStack-Tag
MageStack-PageSpeed
MageStack-Response-Ttl
X-CMS
X-Dynamic
Server-N
X-REDIRECTSERVER
X-Timestamp
X-Time-Spent
X-Stackable-Node
X-Mobile
X-Optimization
Content-Cache
X-TTFB-L
X-USERNAME
B-Powered-By
X-TTFB
X-SmugMug-Values
DBG-HTTPHOST
X-HOSTTYPE
X-SmugMug-Hiring
Edgecast
Sid
Ngpass-All
X-ARR
X-AspNet-Browser-ID
DBG-Timestamp
X-BS
X-Client-Vid
X-EPiphany-Vid
If-Modified-Since
X-Binarysec-Via
X-Server-Node
X-SeschatTemplateID
X-Life
X-Process-Time
X-SeschatRedID
X-Framework
Hotelbookingid
SLB
ExecutionTime
Foglight-Request-UUID
Redirect
X-Client-Addr
Smug-Env
X-Artvisual-Server
X-CCM
SV-Duration
X-Nucleus-Cache
X-Hostingcenter
X-Locale
MageStack-Loadbalancer
X-SeschatLayout
X-PS-MURDOCK-CASE-NORMALIZATION
Xc
X-Dokk-PortalId
X-ELC-Checkpoint4
Ibf5scheme
X-Your-GrandPa-Would-Wait
X-Author
X-TTL-Age
POOL
X-Time-Microsecs
X-XHR-Current-Location
MachineName
X-PS-MURDOCK-ORIG-PROTOCOL
X-JSON-API-LATENCY
X-UserAgent
X-Country
X-App-Server
X-Powered-Developer
X-Ratelimit
X-PBY
MGIT
X-Hosting
Publisher
X-Benchmark-Cache
X-Benchmark-Db
X-Page-Generation-Time
MageStack-Cache
MageStack-Debug
MageStack-Area
MageStack-Cache-Hits
X-Page-Generated-At
MageStack-Config
MageStack-Cacheable
MageStack-Cache-Status
MageStack-Cache-Lifetime
X-Benchmark-Sphinx
X-Benchmark-Sphinx-Count
X-Webstats-RespID
X-PS-MURDOCK-ORIG-FILEEXT
X-Would-Your-GrandPa-Wait
X-Benchmark-Total
X-DC-Origin-IP
TP-L2-Cache
X-Varnish-Set-Cookie
Portlet.Expiration-Cache
TP-Cache
X-SERVER-ID
X-NginX-Cache
X-NginX-Server
Servername
X-Purge-Url
Fw-Via
Nitro-Cache
X-Gondor-Server
SL-NOREWRITE-REDIRECTS
CData
X-Cluster-ID
X-Environment
X-Server-IP
PROPSON-FARM
D
X-Wikidot-Static-Cache
OutputRewritten
X-Wikidot-Backend
X-Svr-Id
X-DSMX-Render-MS
X-Domino-CacheValidationWithETagResult
X-Url-Store
X-Var-Hash
X-Turpentine-Cache
X-Domino-CacheValidationWithETagReason
X-Cookie-Store
CountryCode
X-Backend-Status
X-Checkout
X-Turpentine-Esi
X-Varnish-Esi-Access
Ap-Exec-Time-Mks
Robots
Srv-N
X-ProxyInstancename
Disaptch-Cache-Rule
X-Varnish-Esi-Method
X-Varnish-Store
X-WLD-LB
CACHED-RESPONSE
AcceptLangage
X-DSMX-Rewrite-MS
X-Edge-IP
X-Mod-Oboe-PS
X-Work-With-Me
97YES.COM
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-SATserver
ProxiaInstanceId
Www.Aujourdhui.Com
X-Snapsis-PageBlaster
X-Pb-Mii
X-PHP-Cache
X-Mii-Cache-Hit
X-Gyrobase-Publication
X-ATP-Server
X-Cache-Key
X-Device-Group
X-Magnolia-Registration
X-AISO-Server
W
X-Cache-Host
X-Hc-Host
X-Status
Modhost
Modurl
X-Site
X-Req-Url
X-Cache-Via
WebDevSrc
X-Wm-1
X-NGINX-CACHED
X-Req-Host
X-NGINX-CACHED-AT
Modcookie
X-V-I-TTL
X-Provided-By
X-Req-Counter
X-AccessDev
AC-ELC
X-Varnish-Hit
X-Wm-VIP
X-Middleton-PageSpeed
X-Forwarded-Proto
Initialhost
X-V-Outer
X-V-TTL
CC-UP
X-Continum-Server
X-MSU-SOURCE
X-Ec-Custom-Error
X-Fett
No-Cache
X-Created
OGHopCount
XDisk
X-PoweredBy
Keywords
Description
X-AISO-Cache
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-WAP
IsMobile
Server-IP
X-Nocache
Time
X-ACLR-Version
Xforwardhost
SBMCLOUD
X-Nginx-Cache
Esi-Enabled
X-Varnish-Max-Age
X-Varnish-Ttl
X-VHOST
X-CACHE-TTL
Z-NginxStatus
X-Client-Id
X-GeoIP-Country
X-GL-SRV
X-Obvious-Info
X-Obvious-Tid
Requested-Host
X-Cookie
AppServer
X-Medium-Entity-Id
X-FRONT-TTL
X-Medium-Entity-Type
UNIQUE-ID
X-Aws-Ec2
X-Cluster
X-Czt
X-GitHub-Request-Id
Prama
X-SDE-Name
X-Cache-Control
X-Backend-Ip
X-Test
X-View
X-TAG
EWHSERVER
Web-Head
X-Amz-Version-Id
X-Http-Host
B2C-F-008
X-VG-WebCache
X-RNDPAGE
X-Apublish-Id
X-Accel-Cache-Control
V-Cache
X-Debug-Serve
Server-Ip
X-IP
S-Cnection
X-Varnish-Mode
Access-Control-Allow-Method
X-RE-Ref
X-BIN
Http
X-Nc
X-Frontal
X-Pixelsilk-Version
X-ESI-Processing
X-Pixelsilk-Server
X-RequesterIP
X-Header-Set-Id
X-Panel-Id
X-Panel-Name
X-Dynatrace-Js-Agent
X-Debug-Token
X-Cached-From
X-RSS-CACHE-STATUS
Language
X-Varnish-Hashed-On
HGR-NOCACHE
X-V
X-CMS-Powered-By
X-APP
X-Caching-Rule-Id
X-Src-Loadbalancer
X-B
X-CCC
AV1080
X-Papaya-Gzip
X-Papaya-Cache
X-CID
X-HW
Countrycode
X-FarmId
X-Bcwwwid
X-T
X-Ocache
MwpReleaseVersion
Protected-By
X-CMS-Server
X-Docuri
Rt-Proxy-Cache
DrivedBy
Arr-Disable-Session-Affinity
X-VhostID
BE
X-DN-Cache-Control
BrandBucket-Domain
X-Content-Parsed-By
X-Cms-Server
Content-ID
X-Xhr-Current-Location
X-Upstream-Server
X-Instance
X-Answer
X-DELIVERYSERVER
X-Cdn-View
TIMESTAMP
X-ASPID
X-D2id
X-NSPID
X-Nginx-UpstreamHost
X-Nginx-Pool
X-Libra-UpstreamHost
X-JG-Page-Cache