Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Date
Content-Type
Set-Cookie
Server
Connection
Cache-Control
Vary
X-Powered-By
Expires
Content-Length
Link
Last-Modified
Pragma
Accept-Ranges
ETag
X-Content-Type-Options
X-Frame-Options
Strict-Transport-Security
CF-RAY
X-XSS-Protection
Age
X-Cache
Expect-CT
Content-Language
P3P
X-AspNet-Version
X-Pingback
Via
X-UA-Compatible
Upgrade
X-Xss-Protection
Access-Control-Allow-Origin
Content-Security-Policy
X-Cacheable
X-Request-Id
X-Adblock-Key
Referrer-Policy
X-Varnish
X-Check
X-Generator
X-Language
X-Template
X-Buckets
X-Type
X-Cache-Group
X-Pass-Why
WPE-Backend
X-Drupal-Cache
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Permitted-Cross-Domain-Policies
X-Download-Options
Alt-Svc
X-Ac
X-Hacker
X-Cache-Hits
Host-Header
X-Sorting-Hat-Section
X-Dc
X-Alternate-Cache-Key
X-AspNetMvc-Version
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-FeatureSet
P3p
X-Via
X-Runtime
X-Powered-By-Plesk
X-Served-By
X-Contextid
X-PC-Hit
X-PC-Key
X-UA-Device
X-ServedBy
X-PC-AppVer
X-Amz-Cf-Id
X-PC-Host
X-PC-Date
MS-Author-Via
Content-Location
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-IPLB-Instance
X-Wix-Request-Id
X-Seen-By
X-Powered-CMS
X-Timer
X-Rid
Status
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Tumblr-Pixel-1
CF-Cache-Status
Cartoon
X-Tumblr-Pixel-2
X-Iinfo
Access-Control-Allow-Credentials
X-Backend
X-WPE-Loopback-Upstream-Addr
X-NewRelic-App-Data
X-Host
X-CST
X-Ua-Compatible
X-Cache-Status
Powered-By
X-Endurance-Cache-Level
Content-Encoding
X-FRAME-OPTIONS
X-Mod-Pagespeed
X-Cache-Enabled
X-Cache-Hit
X-Port
X-CDN
X-Tumblr-Pixel-3
X-Logged-In
X-Newrelic-App-Data
Keep-Alive
X-DIS-Request-ID
X-Server-Powered-By
X-Server
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Robots-Tag
X-Accel-Version
X-Proxy-Cache
X-Turbo-Charged-By
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Request-ID
X-Content-Powered-By
X-GitHub-Request-Id
X-Content-Digest
X-LiteSpeed-Cache
Content-Security-Policy-Report-Only
X-Tumblr-Pixel-4
X-Rack-Cache
X-FW-Hash
X-FW-Server
X-AH-Environment
X-FW-Type
X-FW-Static
X-FW-Serve
X-ASPNET-VERSION
X-Pad
Request-Context
X-Varnish-Cache
Edge-Control
X-Hits
X-Webcom-Cache-Status
X-XRDS-Location
X-Trace
SPRequestGuid
X-Request-Country
X-BC-Stapler
X-SharePointHealthScore
X-MS-InvokeApp
Edge-Cache-Tag
MicrosoftSharePointTeamServices
Access-Control-Expose-Headers
X-HS-Cache-Config
X-Died
X-HS-Content-Id
WP-Super-Cache
Cf-Railgun
X-HS-Combine-CSS
X-Amz-Request-Id
X-Amz-Id-2
X-Node
X-CF-Powered-By
Timing-Allow-Origin
Charset
X-FullPageCaching
Server-Timing
X-Content-Security-Policy
X-INKT-URI
X-INKT-SITE
X-Webserver
X-Cache-Lookup
X-Fastly-Request-ID
X-Cnection
Request-Id
X-SERVER
X-PhApp
X-PHP-Backend
Access-Control-Max-Age
X-Backend-Server
SPIisLatency
SPRequestDuration
CONTENT-SECURITY-POLICY
MicrosoftOfficeWebServer
X-Edge-Cache
X-Edge-Cache-Key
EagleId
Rating
X-Swift-SaveTime
X-Swift-CacheTime
X-CDN-Pop-IP
X-CDN-Pop
Composed-By
Grace
X-Tumblr-Pixel-5
X-Safe-Firewall
X-SS-Location
X-SS-Conf
X-Server-Name
X-DDC-Arch-Trace
X-Device
X-Tumblr-Content-Rating
Served-By
Liferay-Portal
X-Spip-Cache
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Hyper-Cache
Front-End-Https
X-Cloud-Trace-Context
X-VCache
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Microcache
Surrogate-Control
P-WS
P-LB
X-Firenze-Processing-Times
X-Servedby
X-Cluster-Node
Ali-Swift-Global-Savetime
X-Wix-Punisher
X-Original-Date
X-Loop
X-TNCMS
X-LiteSpeed-Cache-Control
X-StackifyID
X-Acc-Exp
X-Clacks-Overhead
X-Sol
X-Middleton-Display
Display
X-OneAgent-JS-Injection
X-Middleton-Response
Response
X-Kinsta-Cache
X-FB-Debug
X-RateLimit-Remaining
X-RateLimit-Limit
X-Jimdo-Wid
X-RateLimit-Reset
Public-Key-Pins
X-Jimdo-Instance
Content-Style-Type
X-Shopid
Content-Script-Type
X-Sorting-Hat-Shopid-Cached
X-Sorting-Hat-Featureset
X-Shardid
X-Sorting-Hat-Podid
X-Sorting-Hat-Podid-Cached
X-Sorting-Hat-Shopid
X-Sorting-Hat-Privacylevel
X-Debug-Info
X-HOST
Refresh
X-Amz-Version-Id
X-DNS-Prefetch-Control
X-Tumblr-Pixel-6
X-Age
X-Magento-Tags
X-Vtex-Processado-Em
X-XN-XNHTML
X-XN-Trace-Token
X-Goog-Hash
Fpc-Cache-Id
X-Zen-Fury
X-Cached
X-Px
X-Hostname
X-N-OperationId
X-Ruxit-JS-Agent
Xkey
X-WebKit-CSP
X-User-Agent
Wpe-Backend
PageSpeed
X-LW-Cache
X-Cache-Config
Retry-After
Feature-Policy
X-DynaTrace-JS-Agent
X-Version
X-Url
X-Generated-By
X-Upstream
X-Topify-Platform
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Frame-Option
X-Handled-By
Access-Control-Request-Method
X-FORWARDED-FOR
X-MiniProfiler-Ids
Allow
Rt-Fastcgi-Cache
X-Edge-Location
TCN
X-Source
X-Whom
X-Request-Time
X-Loopia-Node
X-CMS-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Content-Options
X-ET-API-VERSION
X-ET-API-ROOT
X-ET-API-ORIGIN
X-B-Cache
X-Cached-By
Warning
X-URLSCHEME
Fastcgi-Cache
Product
ServedBy
X-Guploader-Uploadid
X-EdgeConnect-Origin-MEX-Latency
X-RESOURCE
Last-Published
X-Outils-CS
X-Platform-Processor
X-Accel-Expires
X-Platform-Router
X-Fastcgi-Cache
X-Platform-Cluster
X-Tec-Api-Version
X-Tec-Api-Origin
X-AspNetWebPages-Version
X-Tec-Api-Root
Fhost
X-EdgeConnect-MidMile-RTT
X-Magento-Cache-Debug
X-Engine
X-Varnish-Host
X-From
X-Cache-Key
Generator
X-Developer
X-LBLID
X-DynaTrace
X-Application-Context
X-Varnish-Count
X-URL
X-Varnish-HitMiss
Dmn
X-Signature
X-Varnish-Cache-Hits
Powered
Public-Key-Pins-Report-Only
X-Micro-Cache
X-Cache-Info
X-Platform-Server
X-NWS-LOG-UUID
X-F-Cache
X-Umbraco-Version
X-UD-Method
X-Device-Type
X-Original-Request
X-Returned-From-DLL
X-Returned-From
X-Location-Id
Cache-Key
X-Passed-To-DLL
X-Passed-To
X-S
X-Response-Time
X-HS-Content-Campaign-Id
X-Varnish-Beresp-Ttl
X-Actual-URL
X-Defender
X-Varnish-Beresp-Status
X-Shop-Id
X-Varnish-Beresp-Grace
X-CacheServer
Host
X-Powered-By-VTEX-Janus-ApiCache
No
X-VTEX-Janus-Router-Backend-App
X-Microcachable
X-VTEX-Cache-Status-Janus-ApiCache
X-Vtex-Remote-Cache
X-Vtex-Processed-At
X-Hosted-By
X-Platform
X-Stale
X-PERF
X-ApacheServer
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
Imagetoolbar
Origin
Surrogate-Key
Arr-Disable-Session-Affinity
Version
X-Forwarded-For
X-Gateway-Cache-Key
Cache-Provider
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
DynaTrace
X-Ezoic-Cdn
X-Sapient
X-Dns-Prefetch-Control
Pagespeed
X-SSLProxy
X-Recruiting
X-Rnd
X-Supported-By
X-SSLUpstream
Alternate-Protocol
X-Lambda-Id
X-Microcache-Status
X-Msg-2-Log
X-Translation
X-Via-JSL
Edge-Control-Message
X-I-Sp
X-Cache-Age
X-Environment
X-SO
X-ARC
X-BS
X-Platform-Cache
X-Cache-Namespace
X-SVR-IIS
X-Svr-Proxy
MIME-Version
Akamai-IP
SSPAppContext
X-Instart-Request-ID
X-App-Status
X-Akam-SW-Version
X-Duration
X-Cache-Rule
X-Correlation-Id
X-Dealeron-Backend
Content-Hash
X-Cache-TTL
X-Dealeron-Original-Url
X-TransIP-Balancer
X-DealerOn
X-Powered-By-360WZB
X-Magento-Cache-Control
X-TransIP-Backend
WZWS-RAY
S-Cnection
X-Server-Upstream
Node
Content-Disposition
X-SSL-Cipher
X-Expires-Orig
X-Matrix-Proxy
X-Cache-Tags
X-SSL-Protocol
X-Matrix-Server
X-NetCat-Version
X-Hypernode
X-ServerName
USPLoggingUUID
X-Abgroup
X-Art-Request-Id
Pool
X-Track
X-Cache-Control-Orig
Accept-Encoding
X-Director
SN
X-Server-Id
RTSS
X-Rocket-Nginx-Bypass
X-Acquia-Application-UUID
X-Edge-IP
X-Hiawatha-Cache
X-Daa-Tunnel
X-Cache-Debug
X-Last-Modified
X-App-Hosting
X-Powered-By-VelaWeb
X-CSRF-Protection
X-NoCache
X-Page-Cache
X-Powered-By-VTEX-Janus-Edge
X-Debug
X-Vcap-Request-Id
X-Varnish-Cacheable
X-Route-Server
X-Cache-Lifetime
X-Generated
X-Server-ID
X-Varnish-ObjectSource
X-Storage
X-Varnish-Seen-By
X-Varnish-GracePeriod
X-ORACLE-DMS-ECID
X-Cache-Handler
X-Varnish-RemainingTTL
FAI-W-FLOW
X-Varnish-RemainingLife
X-VARITI-CCR
Update-Time
X-SV-Cacheable
X-Front
Src-Update
X-SV-Nginx-Duration
X-SV-Edge
X-SV-Expires
X-Dispatcher
X-SV-FromDBCache
X-SV-Pid
X-SV-Duration
X-SV-CacheTags
SiteSpeed
X-SV-CreatedAt
Req-Id
X-Forwarded-Proto
Wsr-Cache
X-Drupal-Cache-Tags
X-Now-Id
X-Firenze-Processing-Time
Powered-By-ChinaCache
Contao-Page-Layout
X-Revision
X-Gamma-Serve
X-Discourse-Route
X-ATG-Version
Cache
X-Ttl
X-Flow-Powered
X-Grace
X-Amz-Meta-S3cmd-Attrs
X-GeoIP-Country-Code
X-Env
X-Rocket-Nginx-Serving-Static
X-Content-Type-Option
X-Cache-Level
X-CJ-Soft
X-SRV
X-Litespeed-Cache-Control
X-Correlation-ID
X-TTFB-L
Smug-CDN
X-SDS
X-SmugMug-Values
X-Client-IP
X-SmugMug-Hiring
X-Cache-Server
X-I
Content-Encoding-Handler
Lsrequestid
X-TTFB
X-Sucuri-ID
X-Locale
X-Pressidium-NinukisWP-Ver
ServerID
X-LB-Server
X-TransIP-Reserved
X-Speed-Cache-Key
X-Drupal-Cache-Contexts
X-Speed-Cache
W
X-IsCacheURL
X-GUploader-UploadID
X-Server-Instance
X-Cache-Expires
X-Geo-Country
X-Trace-Id
X-Country-Code
X-Cookie-Domain
Cneonction
X-Cache-Engine
X-GeoIP-Country-Name
X-Unbounce-Variant
X-Unbounce-PageId
X-Varnish-Age
X-Unbounce-VisitorID
X-Content-Encoded-By
Strikingly-Cached
X-Cache-Operation
Cache-Tags
If-Modified-Since
X-Middleware-Start
Backend
Strikingly-Cached-Version
X-Varnish-TTL
X-Time
X-Litespeed-Cache
Strikingly-Cache-Region
SEOMOZ
X-Sucuri-Cache
MJ12bot
X-Varnish-Url
X-Dispatch
Author
X-Esi
X-Varnish-Backend
Service-Worker-Allowed
X-Twitter-Response-Tags
X-Cache-Only-Varnish
X-Connection-Hash
X-Transaction
X-Varnish-IP
X-LB
X-Cache-Type
X-PwB-Node
X-LB-Node
X-N
Pv
X-Akamai-Device-Characteristics
Https
AMF-Ver
ServerName
X-BackendServer
X-Vhost
X-Akamai-Device-Model
X-Service-Id
Server-Name
X-Always-Cache
Use-Proxy
X-FTR-Request-ID
Srv
X-Varnish-Server
X-HW
Section-Io-Id
S
X-Storage-Cache-Expires
X-Storage-Cache-Date
X-Amz-Rid
X-Storage-Cache
Ohc-File-Size
X-Cache-Fix
NnCoection
PICS-Label
Content-MD5
X-Cache-PageType
X-Webkit-CSP
X-Cache-Device-Type
X-ORACLE-DMS-RID
X-Cache-Control
Location
X-High-Performance
Fw-Via
X-SRCache-Key
X-Xrds-Location
X-Wikidot-Static-Cache
FindLaw
X-Varnish-Retries
X-Wikidot-Backend
X-Dynamic-Cache
Page-Completion-Status
X-Yadis-Location
X-Amz-Storage-Class
X-ID
X-Amz-Meta-Content-Md5
X-Worker
X-FIRSTBase
X-CF-Passed-Proto
X-CacheFROM
Proxy-Connection
X-Now-Cache
X-Origin
X-Pantheon-Phpreq
Xc-Version
X-Empowered-By
X-Pool
MC
X-Url-Base
Local-Info
X-Acquia-Application-Trace
X-Frontend
Surrogate-Key-Raw
X-Pantheon-Environment
X-Pantheon-Site
X-Symfony-Cache
X-Real-Server
X-Config-Blacklist-Version
X-Varnish-Ttl
X-CDN-Forward
X-Key
X-Processing-Time
X-Content-Age
X-TTL
Content-Transfer-Encoding
Nodo
Custom-Header
From-Origin
X-ServerID
X-Vip
X-Runtime-Memory
X-Location
X-Browser
X-BKSrc
Prama
X-Magnolia-Registration
X-Content-Security-Policy-Report-Only
X-Nitro-Cache
Hummingbird-Cache
Edit
X-NginX-Cache
Swift-Performance
X-UPSTREAM
Web-App-Origin-Name
Qs-Cache
X-Ratelimit-Limit
X-AF-Userserver
Noq
X-Ratelimit-Remaining
X-Id
Ram
X-RequestId
X-SP-UniqueName
Dtk-Cache-Check-0
X-Rq
X-Runtime-Rack
SRV
Tracecode
X-SP-Farm
X-VC-Enabled
X-FW
Ramp
X-WPL-DATA
X-Varnish-ID
X-Varnish-Hits
X-Stage
X-Nginx-Cache
Access-Control-Allow-Method
X-Real-IP
IM-Version
Pics-Label
X-Hit-Cache
CacheControlHeader
X-Avg-Cookie-Expires
X-Proxy
X-App-Runtime
X-Runtime-Affili
X-Shield-Request-Id
Cm-Server
X-NginX-Server
X-CB-Server
Adm-Server
X-Cache-2
Front
X-Role
X-Pagename
X-Nbs
X-SE-Debug
X-Cache-CFC
X-GoCache-CacheStatus
Cached
X-Srv
X-LP
X-4ormat-Cacheable
X-RealServer
X-AVG-Country-Code
X-Akamai-Edgescape
X-Redman-Final-Url
X-Redman-Backend
X-Cache-Miss-From
X-IIJ-Cache
X-Span
X-TB-M
RequestId
Request-Country
X-ACMCache
X-Agent
Request-EU
X-Shard
X-Session-ID
X-ClientSide-Caching
AsisCache
X-Yottaa-Optimizations
X-CacheDebug
Accept-Language
X-Dynatrace-Js-Agent
X-Sedo-Request-Id
X-Yottaa-Metrics
Content_type
HAVer
HCVer
X-Atraveo-Param-Rm
X-Atraveo-Expires
X-Atraveo-From-Varnish-Cache
X-Atraveo-ETag
X-Atraveo-Cache-Control
X-JSESSIONID
X-Varnish-Hostname
Identity
X-Atraveo-Set-Cookie
X-Atraveo-Varnish-Server-Id
X-Hstore
X-CLOUD-TRACE-CONTEXT
X-PRAM
X-Request-Uri
X-Hrouter
X-Force
X-App
X-Atraveo-Zone
Frame-Options
X-Atraveo-TTL
X-Vcache
X-ServerIndex
X-LW-Web-Server
X-Path-Route
X-Remote-Addr
X-Appmachine-Environment
X-Backend-Status
X-FireWall-Port
Pf.Web.Request.Id
Server-Info
X-Analytics
X-CAPServer
X-Rule
X-WR-Flags
X-Culture
NetMindSessionID
X-AOL-HN
X-Source-ID
X-App-Server
X-Generated-Timestamp
X-Fedora-School-Id
Backend-Timing
X-GeoIP
X-Proxy-Backend
X-Ratelimit-Reset
Accept-CH
Beyond-Iis
Lookup-Cache-Hit
X-Pantheon-Az
ServerTokens
Environment
X-Resource
X-A
X-Varnish-Debug-Age
X-Varnish-Debug-TTL
A-Powered-By
X-HydroSheep
X-Unique-ID
ServerSignature
X-Purge-URL
X-Purge-Host
Proxy-Agent
X-Debug-Token
IBM-Web2-Location
Accept-Charset
X-Framework
X-Plat
X-Provisioner-Version
X-VCS-Ttl
Drupal-Pagecache-Memcache
X-VCS-Cacheable
X-PF-Uncompressing
X-Server-IP
X-ESI
Disablevcache
X-Domain-Checked
Dispatcher
X-Frames-Options
AR-ATIME
AR-SID
Lb
X-Cache-Ttl
AR-CACHE
X-Smartcache-Keys
X-Smartcache-Timeout
X-WP
Firespring-Website-Id
Thanks
X-Distributor
CS-SERVER
WP-FROM-CACHE
X-E
AR-PoweredBy
X-VC-TTL
X-WR-MODIFICATION
SHInfo
X-V
Upgrade-Insecure-Requests
CLMOB
X-Req-Head-Response
X-Map-Context
NtCoent-Length
X-Distil-CS
X-Dw-Trace-Id
X-JG-Page-Cache
X-Client-Image-Vid
X-Client-Vid
Cmsid
X-EPiphany-Vid
VServer
Cmstype
Eomportal-Instance
X-Jphone-Copyright
X-NWS-UUID-VERIFY
X-OpenCart-Lightning
From
X-HeBS-Cache-Status
X-Consent-Required
Proxy-Cache
X-Aramark-SID
X-B2f-Not-Route
Play-Detected-UserAgent
X-Batcache
Ibf5scheme
X-Via-S
N365rili
X-Soro
Access-Control
Home
X-Domino-CacheValidationWithETagReason
Il-Cl
Play-Detected-Device
X-DSMX-Render-MS
X-TKP-SRV-ID
X-Oferteo-Domain
X-HashTwo
WWW-Authenticate
X-Processed-By
X-Clara-ASAP
X-ASAP-Cache
X-Data-Request
Num
Access-Control-Allow-Header
X-DSMX-Rewrite-MS
X-Proxy-Cache-Control
X-Varnish-Cache-Local
Traffic-Origin
X-HA-Frontend
X-HA-Backend
X-Domino-CacheValidationWithETagResult
X-Cocoon-Version
X-Rebelmouse-Cache-Control
Filters
Ufe-Result
X-SAPP
X-Info
Resin-Trace
Machine
ScoreTracker
EagleEye-TraceId
X-Refresh
X-Cache-Dispatchercachecontrol
SVR
X-Block-RuleID
X-Cache-Dispatcherpragma
BALANCEDTO
Arrnode
X-CacheLoc
X-Cache-Doesi
Myheader
X-Upstream-Status
X-Upstream-Backend
X-Resty-Request-Id
X-Cache-On
X-Bip
X-Block-Rule
*
X-PBY
X-Nginx-Host
X-Actindo-Rs
X-Actindo-Request-Id
VANITY-HOST
X-CRA-DC
X-Actindo-Thread-Id
X-HTML-Minification-Powered-By
X-Adnet
WP-AdvCache-MemCached
X-Resolver-IP
X-SDE-Name
X-Rack-Cors
Load-Balancer
Server-ID
IISExport
X-Disney-Akamai-Rule
X-Hosting-Env
Url
X-Cms-Mode
X-Dev
Worker
X-Orig-Vary
X-Cacheable-TTL
X-SERVER-NAME
IES-Server
Cleartype
X-Forwarded-Host
X-Upgrade-Enabled
X-AEM
X-Cache-Detail
X-MCB-Server
X-Drectory-Script
X-Garden-Version
Now
X-Balanceador
X-Adobe-Content
X-Varnish-URL
COMMERCE-SERVER-SOFTWARE
X-Sys-Req-ID
Access-Control-Request-Headers
X-Adobe-Loc
Nginx-Cache
Bios
Dynatrace
X-Highwire-Smart-Code
X-Dynatrace
Referer
X-Highwire-Sitecode
X-Now-Trace
Cteonnt-Length
X-Autoru-Host
X-Ghost-Cache-Status
MageStack-Tag
X-Goog-Meta-Policy
X-Goog-Meta-Replace
Id
Pragrma
MageStack-Loadbalancer
X-AutoRu-App-Id
MageStack-Magento-Version
MageStack-PageSpeed
X-Session-Reinit
TC-S-Cache-M
TC-S-Cache
X-Protected-By
Viewport
X-SmartBan-URL
X-SmartBan-Host
PServer
ServerNode
Magicmarker
MageStack-Web-Node
Fastly-Debug-Digest
TC-Cache-U
TC-Cache-IC
TC-Cache
Aurora-Node
HitType
DNNOutputCache
MS-CV
MageStack-Cache
MageStack-Area
Max-Age
X-UnsetCookies
X-LBPoolMember
X-WEBMGR-CACHE
X-Cache-Time
X-WebKit-CSP-Report-Only
X-Blog
X-Amcomm-Site
X-Application
Prot
X-Generated-Time
X-Ms-Request-Id
X-Fastly-Request-Id
X-Webstats-RespID
Fastly-Backend-Name
MageStack-Cacheable
X-Served-Server
MageStack-Config
MageStack-Debug
X-Amz-Id-1
Edgecast
X-Custom-Name
MageStack-Cache-Hits
X-Test
Provider
MageStack-Cache-Lifetime
MageStack-Cache-Status
X-HA
X-Highwire-SessionId
AMP-Access-Control-Allow-Source-Origin
X-Response
X-DN-Cache-Control
X-Beatles
X-Desc
X-WebNode
X-Varnish-Action
X-Cdn-Forward
EN-User
X-UA-Bot
XX
X-Origin-Date
Ttl
X-Requestid
X-Nx-All
AMP-Redirect-To
AC-ELC
X-Timestamp
Copyright
X-Nx
X-Server-Addr
X-Directory-Script
X-7d-Trace-Id
X-7d-Instance-Id
RN-Server
VAR-Cache
X-Flex-Tags
X-Highwire-RequestId
X-Flex-Community
X-Flex-Evend
X-ETag
X-Flex-Tag
X-Envoy-Upstream-Service-Time
X-Flex-Evstart
X-Flex-Lang
X-Flex-Lastmod
X-Streams-Distribution
X-RiS-UFDI
X-PHP-Response-Code
X-Captured
X-Varnish-Id
X-Cf-Powered-By
X-Gyrobase-Publication
X-TLS-Version
X-Deity
X-Served
NLCacheNote
X-ENDPOINT
XDomainRequestAllowed
Device
X-ORIKEY
Serverid
X-Gateway-Rate-Limit-Delayed
X-Varnish-Debug-Hits
X-Cache-Me-Harder
X-Tag-Playlist
VSID
X-ROUTING
X-APIVERSION
X-Vary-Options
X-Appid
ViewMode
X-Varnish-Ip
X-APIAUTH-VAL
X-SV
Server-Ip
X-CACHE-TTL
X-Akamai-Transformed
X-Proxy-Skip
X-DB-Content-Length
X-IP
Report-To
Web
X-Pj-Cache-Status
X-Serv
X-Appversion
X-Detected-Device
X-Rack-CORS
X-Instance
X-EC2-Instance-Id
X-Shopware-Allow-Nocache
X-HostName
X-Varnish-Backend-Beresp-Backend
X-Route
X-NoIndex
Hosted-By
NGX
Server-Id
X-Origin-Cache
X-Lb
GranicusServer
HTTPS
X-Wodby-Node
X-Custom-Header
X-Access-Control-Allow-Origin
X-Skip-Cache
X-SilverStripe-Cache
X-Reqid
X-Svr
Yoncu-Errno
Description
X-Policy
X-Cache-Varnish
X-MAT-GEO
X-Geo-IP
X-Beget-Proxy
Paypal-Debug-Id
X-MrHost
X-CacheID
X-DataDome
X-Status
X-DynamicCache
Keywords
Og
X-Varnish-Grace
X-Obvious-Tid
X-Obvious-Info
X-FPC
X-Serverid
PagesDisplayed
X-Aramark-CSID
YF-ID
X-Client-Id
X-ASAP-Age
X-DevSrv-CMS
X-Lw-Cache
Ohc-Response-Time
ServerIP
Session-From
X-ACCELERATE
Tk
X-GSL-Server
Dis-Env
WN
MageStack-Last-Modified
MageStack-Cache-Warning
X-Build-Id
X-MID-Host
X-Say-TTL
X-Say-Cacheable
X-ProBase-Server
MageStack-Cache-Lifetime-Sent
X-This-Proto
X-ARRServer
X-Cname-TryFiles
X-Cache-LB
X-Header
X-M
X-Processed
X-Powered-By-Home.Pl
X-SayCDN-TTL
X-V-Cache
AETN-EU
AETN-DEVICE
AETN-Country-Name
AETN-Latitude
AETN-Longitude
AKA-DEVICE
AETN-State-Code
AETN-Postal-Code
AETN-Country-Code
AETN-Continent-Code
X-Confluence-Request-Time
X-Vol-Mrp
X-WN-ClientGroup
X-FastCGI-Cache-Status
X-SH-Cache-Status
AETN-City
AETN-Area-Code
Tempo
X-Shopware-Cache-Id
SB-Site-IE-VERSION
SB-Site-Device
X-AMAZEEIO
X-Ms-Version
X-Nginx-Request-Processing-Time
SB-Cache-Remaining
SB-Cache-Life
Page-Template
NZSpeedy
X-Cache-Warmer
X-Enhanced-By
X-Server-Generated
X-Origin-Server
X-ProcessESI
X-BServer
X-BPool-Back
X-Depends
X-Gannett-Site-Version
X-ManagedFusion-Rewriter-Version
X-Airee-Node
CDCHOST
X-Proxy-Server
X-Proxy-Cache-Key
X-RemovedCookies
X-ReqId
X-Who
X-Proto
X-Cache-TTL-Age
X-Vol-Correlation
Progma
X-Clx-Request
X-Amzn-Trace-Id
X-Amzn-RequestId
X-DDM-SERVER
Backend-Powered-By
X-Proxy-Id
X-MSU-SOURCE
X-DDM-SERVER-UPDATED
X-SuperCache
X-VG-WebCache
X-Amz-Apigw-Id
SBSS
X-Node-App
X-Built-With
StatusCode
X-Goog-Meta-Goog-Reserved-File-Mtime
DrivedBy
X-B3-Sampled
Xc
Content
Requested-Host
X-HAProxy
X-ServiceProvider
X-XHR-Current-Location
X-Node-Id
X-Cache-TTL-Current
PBS
X-Firefox-Spdy
Purge-Cache-Tags
Response-Time
Hit-Count
Cf-Ipcountry
X-Varnish-Cache-Ttl
X-W3TC-Minify
X-Now-Instance
REFRESH
X-FromPodPressCache
X-Qnm-Cache
X-Search-Id
X-Src-Webcache
X-M-Log
X-M-Reqid
X-Global-Transaction-ID
X-PM-ID
Ssl-Proxy-Server
X-Max-Age
X-Mighty-Proxy
X-Pass-Through
X-Test-Debug
X-XHTML-Minification-Powered-By
X-Rewritten-By
X-Powered-By-ADS
X-Backside-Transport
X-NodeID
X-Secret
X-SCM-Server-Number
X-RAMCache
SERVER-ID
X-Middleton-Pagespeed
X-Mobilized-By
X-DEBUG
X-Geo
X-Actual-Url
BackendServer
X-Scheme
X-FORWARDED-PROTO
X-Xml-Http-Blocked
X-COUNTRY-CODE
X-PROCESSED-BY
X-Compress-Hint
X-Sid
X-Oracle-Dms-Ecid
X-RENDER-TIME
X-T
MwpReleaseVersion
X-Meta-MSThemeCompatible
MachineName
X-Nginx-Page-Cache
X-Ocache
X-Meta-Imagetoolbar
X-Hit
X-Firewall
X-Time-Spent
Returned-Status
WebServer
Debug-Status
X-Instance-Name
X-Meta-MSSmartTagsPreventParsing
Httpd-Identifier
X-Fpc
X-Distributed-By
X-UT-Cache
X-Homeaway-Requestmarker
X-Jcms-Ajax-Id
X-NginX-Upstream
X-MCF-ID
X-CGP
X-Cdn-Origin
X-Beluga-Record
X-Beluga-Node
X-Beluga-Response-Time
X-Beluga-Response-Time-X
X-Beluga-Trace
X-Beluga-Status
X-Ruby-Cluster-ID
X-Sn-Servicetimems
X-FG-RequestId
CommercePlatform-Version
CmsfirstPublishTimestamp
MSSmartTagsPreventParsing
MSThemeCompatible
OracleCommerceCloud-Version
OracleCommerceCloud-Sandiego
CDN-Uid
CDN-RequestId
X-Varnish-Cached
X-UPServer
X-Varnish-Cached-TTL
CDN-Cache
CDN-PullZone
CDN-CachedAt
X-UA
X-Static
X-Expires
X-Magento-Route
X-InDy-Time
X-Mobile-Rewrite
X-CAMPUSSUITE-TENANT
X-CSRF-Token
X-Nginx
X-Page
PROGMA
PB-RID
X-Grid-Server
X-InDy-Memory
X-InDy-Query
X-CAMPUSSUITE-ENVIRONMENT
X-CAMPUSSUITE-DEBUGGING
X-Cache-Id
Servername
X-Enabled1
X-Enabled2
X-ENV
EQ-Cache
Ews
X-ZSITES-DNS
X-ORIGN-SERVER
X-Origin-Upstream-Status
V-Cache-Ttl
X-Router
X-Telligent-Evolution
X-SG-Server
PB-PID
X-NMT-Proxy
X-Layout
Generate-Time
X-Ruxit-Js-Agent
X-Title
X-Enabled3
Language
X-Ssl-Cipher
X-BP-NSA-REQID
X-Machine
X-Old-Content-Length
X-B
X-Amz-Meta-Cb-Modifiedtime
Fastly-Restarts
X-Appmachine-CreatedOn
Amp-Access-Control-Allow-Source-Origin
X-Varnish-TTL-Debug
LB
1A-CountryCode
X-We-Are-Hiring
X-Beluga-Cache-Status
X-Varnish-Age-Debug
X-Optimization
X-Appmachine-Name
X-Appmachine-Duration
X-Cache-HT
X-From-Cache
X-GZip
X-JoinUs
X-Oracle-Dms-Rid
X-Cache-Node
X-Cachable
X-CH-Device
X-SEA-Instance-Name
CommunityServer
X-Transaction-Name
Amfplus-Ver
X-Cache-Via
X-Zendesk-User-Id
X-SCProxy
X-Zendesk-Origin-Server
X-WA-Info
X-Middleton-PageSpeed
X-RequesterIP
Pramga
Provided-Host
SINA-TS
SINA-LB
X-Cache-FS-Status
X-S-Misc
X-HP-CAM-COLOR
X-D2id
Nitro-Cache
X-Webcelerate
X-BeResp-Ttl
Session-Id
X-Content-Type
Cache-Status
X-Via-NSCOPI
X-UPSTREAM-Address
FastCGI-Cache
X-Abuse
X-PressLabs-Stats
Sl-Pgid
SS
X-Served-From
Arrow-RequestId
X-Varnish-Cache-Control
X-BIT-Node
X-Batcache-Reason
X-Pagely-Cache
X-Server-Ip
X-CloudBurst-WordPress
X-CloudBurst-Frontend
X-CloudBurst-Backend
X-CloudBurst-Cache
X-VHosting-Cache
ID
X-Debug-Message
X-Az
X-Dck
X-Built-By
X-Mobile-Device-Type
X-Mobile-Device
X-Amz-Meta-Version-Id
X-Activity-Id
X-Cache-ID
X-Boot
X-OPNET-Transaction-Trace
X-Ser
X-Render-Time
X-SSL
X-HS-Status
X-Instance-Id
Content-Sn
BlockPHPCallEnd
DB-Nickname
X-Newrelic-Synthetics
HA-Geocity
HA-Cloudapp
X-UType
X-Rocket-Nginx-Reason
X-Phpwcms-Page-Processed-In
X-SID
X-Phpwcms-Release
X-PoweredBy
X-Rocket-Nginx-File
X-Requested-With
HA-Geocountry
HA-Geolat
X-MidCOM-Meta-Cache
NKBVHEADER
X-GEO
Request-Time
TYPO3-Sitename
TYPO3-Pid
ModuleCacheType
L5d-Success-Class
HA-Georegion
HA-Geolon
HA-Host
HA-Ipaddr
HA-Urlpath
HA-Servedtime
Webserver
Web-Server
X-PBS-Appsvrname
X-PBS-Appsvrip
X-PBS-Fwsrvname
X-Reflector
X-Generation-Time
X-Reflector-Cache
X-Olaf
X-NewsFlow-Sitename
X-MainProfileID
X-MainProfileCategory
X-MainProfileName
X-MainProfileURL
X-Navigation-Version
X-MyName
FRONT-END-SECUREBROWSER
HitInfo
X-D-Time
X-FastCGI-Cache
X-Log
X-Qiniu-Zone
Unique-Request-Id
End-User-Country
X-Compressed-By
X-Cluster
TP-Cache
HSTS
TP-L2-Cache
X-Box
X-Cache-Extended
X-Cache-Action
X-Bcwwwid