Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Date
Content-Type
Server
Set-Cookie
Connection
Cache-Control
Vary
X-Powered-By
Expires
Content-Length
Link
Last-Modified
Pragma
Accept-Ranges
ETag
X-Content-Type-Options
X-Frame-Options
Strict-Transport-Security
X-XSS-Protection
CF-RAY
Age
X-Cache
P3P
Expect-CT
Content-Language
X-AspNet-Version
X-Pingback
Via
X-UA-Compatible
Upgrade
Access-Control-Allow-Origin
Content-Security-Policy
X-Cacheable
X-Varnish
X-Xss-Protection
Referrer-Policy
X-Adblock-Key
X-Request-Id
X-Check
X-Generator
X-Type
WPE-Backend
X-Cache-Group
X-Pass-Why
X-Language
X-Template
X-Drupal-Cache
X-Buckets
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Download-Options
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Ac
X-Hacker
X-Cache-Hits
Host-Header
X-AspNetMvc-Version
X-ShopId
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
X-Dc
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId-Cached
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-FeatureSet
X-Alternate-Cache-Key
X-Via
X-Served-By
X-Powered-By-Plesk
X-Contextid
X-Runtime
X-PC-Key
X-PC-Hit
X-PC-AppVer
X-UA-Device
X-ServedBy
X-Amz-Cf-Id
X-PC-Date
X-PC-Host
MS-Author-Via
Content-Location
Access-Control-Allow-Headers
X-IPLB-Instance
Access-Control-Allow-Methods
X-Timer
X-Powered-CMS
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Rid
X-Ua-Compatible
X-Seen-By
X-Wix-Request-Id
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Status
CF-Cache-Status
X-Tumblr-Pixel-1
Cartoon
X-FRAME-OPTIONS
X-Tumblr-Pixel-2
X-Iinfo
X-Backend
Access-Control-Allow-Credentials
X-Request-ID
X-Cache-Status
X-Host
X-WPE-Loopback-Upstream-Addr
X-CST
X-Shopify-Stage
Content-Encoding
X-Endurance-Cache-Level
Powered-By
X-Cache-Hit
X-Cache-Enabled
X-Port
P3p
X-Mod-Pagespeed
X-Tumblr-Pixel-3
X-CDN
X-Logged-In
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Keep-Alive
X-DIS-Request-ID
X-Server
X-Nginx-Cache-Status
X-Robots-Tag
X-Accel-Version
X-Proxy-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Turbo-Charged-By
X-LiteSpeed-Cache
X-Page-Speed
X-Content-Digest
Content-Security-Policy-Report-Only
X-Content-Powered-By
X-GitHub-Request-Id
X-AH-Environment
X-FW-Hash
X-Tumblr-Pixel-4
X-FW-Server
X-Rack-Cache
Request-Context
X-FW-Type
X-FW-Serve
X-FW-Static
X-Pad
X-Varnish-Cache
X-Hits
Access-Control-Expose-Headers
X-Webcom-Cache-Status
Edge-Control
X-Newrelic-App-Data
X-XRDS-Location
X-BC-Stapler
SPRequestGuid
X-Trace
X-Node
X-MS-InvokeApp
X-SharePointHealthScore
X-Request-Country
MicrosoftSharePointTeamServices
WP-Super-Cache
Edge-Cache-Tag
Cf-Railgun
X-HS-Cache-Config
X-HS-Content-Id
X-Amz-Request-Id
X-Amz-Id-2
Timing-Allow-Origin
X-CF-Powered-By
X-Content-Security-Policy
Charset
X-PHP-Backend
X-Died
X-FullPageCaching
X-INKT-SITE
X-INKT-URI
X-Cache-Lookup
Request-Id
X-HS-Combine-CSS
X-Fastly-Request-ID
Access-Control-Max-Age
X-Cnection
X-Backend-Server
SPIisLatency
SPRequestDuration
X-Edge-Cache-Key
X-SERVER
X-Edge-Cache
Composed-By
Ali-Swift-Global-Savetime
X-Swift-CacheTime
X-Swift-SaveTime
MicrosoftOfficeWebServer
EagleId
Rating
X-CDN-Pop-IP
X-CDN-Pop
X-Tumblr-Pixel-5
Grace
X-Server-Name
X-SS-Conf
X-SS-Location
Allow
X-Device
Served-By
X-Spip-Cache
X-DDC-Arch-Trace
X-NF-Request-ID
X-Tumblr-Content-Rating
X-Safe-Firewall
Liferay-Portal
X-Dw-Request-Base-Id
X-VCache
X-Hyper-Cache
Front-End-Https
P-WS
P-LB
X-LiteSpeed-Cache-Control
Surrogate-Control
X-OneAgent-JS-Injection
X-Servedby
X-RateLimit-Limit
X-RateLimit-Remaining
X-Cloud-Trace-Context
X-Cluster-Node
X-Original-Date
X-Loop
X-TNCMS
X-Webserver
X-RateLimit-Reset
X-HeyJason
X-Middleton-Display
Display
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Sol
X-Kinsta-Cache
X-Clacks-Overhead
X-PhApp
X-Vtex-Processado-Em
X-FB-Debug
X-Acc-Exp
Response
X-Middleton-Response
X-Jimdo-Wid
X-Jimdo-Instance
X-StackifyID
X-Firenze-Processing-Times
Content-Style-Type
Content-Script-Type
X-Debug-Info
Public-Key-Pins
X-DNS-Prefetch-Control
X-Tumblr-Pixel-6
X-Amz-Version-Id
Feature-Policy
X-Age
X-Ruxit-JS-Agent
X-LW-Cache
X-Magento-Tags
X-XN-Trace-Token
X-DynaTrace-JS-Agent
X-XN-XNHTML
X-WebKit-CSP
X-Frame-Option
Refresh
Xkey
Fpc-Cache-Id
X-User-Agent
X-Zen-Fury
X-Cached
X-N-OperationId
X-Goog-Hash
X-HOST
X-Cache-Config
X-Px
X-Version
Retry-After
X-Hostname
X-ARC
PageSpeed
X-Generated-By
X-Handled-By
X-Edge-Location
X-Topify-Platform
X-Upstream
X-Url
X-FORWARDED-FOR
X-Microcache
Rt-Fastcgi-Cache
Fastcgi-Cache
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Source
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-EdgeConnect-Origin-MEX-Latency
X-Loopia-Node
WPX
Powered
Access-Control-Request-Method
X-Outils-CS
X-B-Cache
TCN
X-EdgeConnect-MidMile-RTT
X-MiniProfiler-Ids
X-ET-API-ORIGIN
X-ET-API-ROOT
X-ET-API-VERSION
X-Whom
X-CMS-Version
ServedBy
No
X-CacheServer
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Janus-Router-Backend-App
X-Vtex-Remote-Cache
X-Vtex-Processed-At
X-Magento-Cache-Debug
X-VTEX-Cache-Status-Janus-ApiCache
X-Dns-Prefetch-Control
X-RESOURCE
X-Cached-By
X-Accel-Expires
X-URLSCHEME
Last-Published
X-Request-Time
X-Engine
Pagespeed
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
X-Varnish-Cache-Hits
X-Varnish-Count
X-Varnish-HitMiss
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-NewRelic-App-Data
X-DynaTrace
X-Platform-Server
X-Application-Context
X-From
X-Fastcgi-Cache
X-Cache-Info
Imagetoolbar
X-Content-Options
X-URL
X-AspNetWebPages-Version
X-Actual-URL
X-LBLID
X-Location-Id
X-S
Public-Key-Pins-Report-Only
X-Passed-To
X-Original-Request
Product
X-Returned-From-DLL
X-Passed-To-DLL
X-Returned-From
Dmn
Fhost
X-Signature
Warning
X-Developer
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Stale
X-Varnish-Host
Host
Cache-Key
X-ApacheServer
X-PERF
X-F-Cache
X-Response-Time
X-Microcachable
X-Passed-To-BeforeDispatch
X-Cache-Key
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Ezoic-Cdn
Generator
Cache-Provider
Alternate-Protocol
X-Acquia-Application-UUID
X-Defender
X-Shop-Id
X-Acquia-Application-Trace
X-Device-Type
X-Powered-By-360WZB
X-Cache-Age
X-Platform
X-HS-Content-Campaign-Id
Arr-Disable-Session-Affinity
X-Umbraco-Version
X-SSLUpstream
Origin
X-SSLProxy
X-Gateway-Cache-Key
X-Gateway-Cache-Status
Content-Hash
X-Hosted-By
X-Gateway-Skip-Cache
X-Msg-2-Log
X-Magento-Cache-Control
X-Platform-Cache
X-Microcache-Status
X-Cache-Rule
X-NWS-LOG-UUID
X-Translation
X-Varnish-TTL
X-Svr-Proxy
X-Via-JSL
X-SVR-IIS
X-Micro-Cache
X-Track
X-Cache-Tags
Surrogate-Key
Version
X-Rnd
USPLoggingUUID
X-Cdn
X-Forwarded-For
X-Dispatcher
X-Sapient
X-Guploader-Uploadid
DynaTrace
X-Akam-SW-Version
X-GUploader-UploadID
WZWS-RAY
X-Environment
S-Cnection
X-ORACLE-DMS-ECID
X-Lambda-Id
X-Instart-Request-ID
X-SO
SSPAppContext
X-BS
X-I-Sp
Content-Disposition
X-Dealeron-Backend
X-DealerOn
X-Powered-By-VTEX-Janus-Edge
X-Dealeron-Original-Url
MIME-Version
X-Cache-Namespace
X-Server-ID
X-CSRF-Protection
X-Duration
X-Powered-By-VelaWeb
X-TransIP-Balancer
X-SSL-Cipher
X-Abgroup
RTSS
X-Server-Upstream
X-Drupal-Cache-Tags
X-Cache-TTL
X-Correlation-Id
X-Director
X-NetCat-Version
X-Art-Request-Id
X-SSL-Protocol
X-TransIP-Backend
X-Supported-By
X-Correlation-ID
X-Gamma-Serve
X-UD-Method
Wsr-Cache
X-App-Hosting
X-Generated
X-App-Status
X-Debug
X-Varnish-RemainingLife
X-Varnish-GracePeriod
X-Varnish-Seen-By
X-Varnish-ObjectSource
X-Varnish-RemainingTTL
X-Matrix-Proxy
X-Front
X-VARITI-CCR
X-Matrix-Server
Pool
FAI-W-FLOW
X-I
X-Expires-Orig
X-Hypernode
X-Client-IP
X-Sucuri-ID
Powered-By-ChinaCache
Update-Time
X-Vcap-Request-Id
X-ATG-Version
X-Helper-Autoassign-All
Src-Update
SN
X-Cache-Lifetime
X-Cache-Control-Orig
X-Grace
X-Edge-IP
X-Cache-Server
Cache
X-Route-Server
X-Varnish-Cacheable
X-Amz-Meta-S3cmd-Attrs
Node
Content-Encoding-Handler
Req-Id
X-Env
ServerID
X-Rocket-Nginx-Bypass
X-Github-Request-Id
X-Sucuri-Cache
X-Page-Cache
X-Content-Encoded-By
X-Last-Modified
X-Geo-Country
X-SmugMug-Hiring
X-Storage
X-Drupal-Cache-Contexts
Edge-Control-Message
X-SmugMug-Values
X-TTFB
X-TTFB-L
X-Cache-Debug
Smug-CDN
Cneonction
X-ServerName
X-Now-Id
X-Flow-Powered
X-Daa-Tunnel
CF-Worker-Script
Cache-Tags
X-Cache-Level
X-Pressidium-NinukisWP-Ver
X-NoCache
X-UPSTREAM
Service-Worker-Allowed
X-Revision
X-LB-Server
X-Country-Code
X-Varnish-Url
X-Vhost
X-Esi
X-ORACLE-DMS-RID
X-Cache-Engine
X-Recruiting
X-Rocket-Nginx-Serving-Static
X-Url-Base
Contao-Page-Layout
X-FTR-Request-ID
X-SV-CacheTags
X-SV-Cacheable
X-SV-Duration
X-SV-Edge
X-SV-CreatedAt
X-SV-FromDBCache
X-Forwarded-Proto
X-SV-Pid
X-SV-Expires
X-SRV
X-SV-Nginx-Duration
X-Cache-Handler
X-Locale
Author
X-Firenze-Processing-Time
X-Varnish-Age
X-Server-Id
X-PwB-Node
Lsrequestid
X-Ttl
If-Modified-Since
X-CJ-Soft
X-Discourse-Route
CF-Worker-Version
X-GeoIP-Country-Code
SiteSpeed
X-TTL
X-Unbounce-VisitorID
X-Unbounce-Variant
X-IsCacheURL
X-Trace-Id
X-Server-Instance
X-Cache-Type
X-Unbounce-PageId
Accept-Encoding
X-TransIP-Reserved
X-Time
X-NginX-Cache
X-FIRSTBase
Section-Io-Id
X-Middleware-Start
X-Magnolia-Registration
X-SDS
Proxy-Connection
Strikingly-Cached-Version
X-NA-CachePolicy
X-Nginx-Cache
X-Varnish-Backend
Custom-Header
Strikingly-Cached
X-Cache-Control
Strikingly-Cache-Region
X-Content-Type-Option
X-Cache-Operation
X-Cache-Expires
X-N
Srv
AMF-Ver
X-Dispatch
X-GeoIP-Country-Name
Server-Name
PICS-Label
Page-Completion-Status
X-Speed-Cache-Key
Https
X-Hiawatha-Cache
X-Connection-Hash
Location
X-Speed-Cache
Backend
X-LB
X-Twitter-Response-Tags
X-LB-Node
Use-Proxy
X-Transaction
X-Akamai-Device-Characteristics
X-Akamai-Device-Model
Akamai-IP
X-Varnish-IP
Content-MD5
X-Rq
W
X-CF-Passed-Proto
X-Cache-Only-Varnish
X-Fastly-Request-Id
X-Amz-Rid
Nodo
X-Varnish-Retries
X-High-Performance
X-Cache-Device-Type
X-Service-Id
X-Storage-Cache-Date
X-Storage-Cache-Expires
X-SRCache-Key
X-Storage-Cache
Server-Timing
Accept-Charset
X-FW
X-Now-Cache
X-Empowered-By
NnCoection
X-Content-Age
X-Processing-Time
IBM-Web2-Location
X-Real-Server
X-Config-Blacklist-Version
X-PF-Uncompressing
MC
FindLaw
Qs-Cache
X-Dynamic-Cache
S
MJ12bot
SEOMOZ
X-ServerID
X-Litespeed-Cache-Control
X-TB-M
ServerName
Local-Info
X-BKSrc
X-CacheFROM
From-Origin
X-Frontend
X-Amz-Storage-Class
X-Cache-Fix
NetMindSessionID
X-Content-Security-Policy-Report-Only
X-Cookie-Domain
X-Srv
X-Cache-PageType
X-Wikidot-Backend
X-Shard
X-BackendServer
X-Wikidot-Static-Cache
X-Disney-Akamai-Rule
Ohc-File-Size
X-HW
Edit
Dtk-Cache-Check-0
Pv
X-WR-MODIFICATION
X-Adobe-Content
X-ACMCache
X-Adobe-Loc
X-Worker
X-Cache-2
X-SP-UniqueName
X-ARRServer
Drupal-Pagecache-Memcache
Pics-Label
Content-Transfer-Encoding
X-SP-Farm
X-Orig-Vary
X-A
X-Stage
Swift-Performance
X-Symfony-Cache
X-Distributor
Cm-Server
X-Amz-Meta-Content-Md5
X-WEBSERVER
X-Analytics
X-Key
X-Ruxit-Js-Agent
X-ID
Tracecode
Prama
X-Webkit-CSP
X-4ormat-Cacheable
X-WR-Flags
X-Processed-By
X-Sedo-Request-Id
Backend-Timing
HCVer
Content_type
HAVer
Cached
X-Cache-Miss-From
X-RequestId
X-Webstats-RespID
X-Cache-TTL-Remaining
CacheControlHeader
X-CB-Server
X-RealServer
X-App-Server
RequestId
X-Nitro-Cache
X-Forwarded-Host
Server-Info
Pf.Web.Request.Id
X-FireWall-Port
Proxy-Agent
X-Browser
X-NginX-Server
X-EPiphany-Vid
X-Origin
Xc-Version
X-Hstore
X-Hrouter
Adm-Server
X-Client-Vid
X-Nbs
X-AVG-Country-Code
X-Redman-Backend
X-Avg-Cookie-Expires
X-Client-Image-Vid
X-LP
X-Akamai-Edgescape
X-Redman-Final-Url
X-Remote-Addr
Frame-Options
X-Sys-Req-ID
X-Drectory-Script
X-AEM
X-Hit-Cache
X-Pagename
Front
X-Akamai-Transformed
X-Pantheon-Site
X-HydroSheep
X-Varnish-Server
X-Cache-Ttl
IM-Version
X-JG-Page-Cache
SHInfo
Surrogate-Key-Raw
Lookup-Cache-Hit
Accept-CH
X-LW-Web-Server
X-Pantheon-Environment
X-Pantheon-Phpreq
Url
X-CLOUD-TRACE-CONTEXT
X-Pantheon-Az
X-PRAM
X-CAPServer
Environment
X-Cache-Dispatcherpragma
A-Powered-By
X-Cache-Dispatchercachecontrol
X-Culture
X-Span
IISExport
X-Unique-ID
X-Shield-Request-Id
X-Proxy-Backend
X-HTML-Minification-Powered-By
Request-Country
X-Varnish-Hostname
X-RiS-PX
X-Request-Uri
X-Force
X-Server-IP
SRV
X-Yottaa-Optimizations
Cteonnt-Length
X-Yottaa-Metrics
X-E
X-VC-Enabled
X-Role
X-CDN-Forward
X-Source-ID
Request-EU
Report-To
X-Distil-CS
X-Via-NSCOPI
WWW-Authenticate
X-Backend-Status
X-Oneagent-Js-Injection
Access-Control-Allow-Method
X-Runtime-Memory
Hummingbird-Cache
X-Cacheable-TTL
Referer
Accept-Language
X-UnsetCookies
CDN-Cache
XDomainRequestAllowed
X-Framework
Web-App-Origin-Name
Ramp
X-VCS-Cacheable
X-VCS-Ttl
Ram
Noq
X-Proxy-Cache-Key
X-Yadis-Location
X-GoCache-CacheStatus
X-WPL-DATA
X-Jphone-Copyright
X-JSESSIONID
X-GeoIP
Nginx-Cache
X-Proxy
X-Appmachine-Environment
X-Plat
Max-Age
AsisCache
X-Balanceador
X-Generated-Timestamp
X-Varnish-Hits
CDN-Uid
NODE
SVR
CDN-RequestId
CDN-PullZone
Copyright
CDN-CachedAt
ScoreTracker
X-Akamai-ERRuleID
Eomportal-Instance
RN-Server
X-Akamai-ERPolicy
X-Envoy-Upstream-Service-Time
X-SERVER-ID
X-Unique-Id
X-CACHE-TTL
X-PBY
X-Hosting-Env
X-SDE-Name
X-Atraveo-Varnish-Server-Id
X-Atraveo-Param-Rm
X-Nginx-Host
X-Atraveo-TTL
X-Atraveo-Set-Cookie
X-FastCGI-Cache
X-Detected-Device
X-ClientSide-Caching
Disablevcache
X-Atraveo-From-Varnish-Cache
X-AOL-HN
X-Real-IP
Server-ID
X-Atraveo-Zone
X-Vcache
X-Debug-Token
X-Resource
X-Consent-Required
Identity
Pramga
Lb
X-V
Machine
X-HeBS-Cache-Status
X-Atraveo-Cache-Control
X-Atraveo-Expires
X-NginX-Upstream
X-Atraveo-ETag
AETN-State-Code
AKA-DEVICE
AETN-Postal-Code
AETN-EU
X-MAT-GEO
Filters
AETN-Longitude
AETN-Latitude
AETN-DEVICE
X-Confluence-Request-Time
X-Session-Reinit
X-Secret
X-Amzn-Trace-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-ZSITES-DNS
X-Garden-Version
X-GSL-Server
Paypal-Debug-Id
X-Compress-Hint
X-WebNode
AETN-Country-Name
Arrnode
X-RiS-UFDI
X-Desc
AETN-Area-Code
X-CRA-DC
X-Middleton-PageSpeed
X-Purge-Host
X-Purge-URL
BALANCEDTO
X-Cache-On
X-Highwire-SessionId
X-MCB-Server
Access-Control-Allow-Header
X-Cache-Varnish
X-Response
X-Rebelmouse-Cache-Control
X-Highwire-RequestId
X-Refresh
AMP-Redirect-To
X-Upstream-Status
X-SmartBan-URL
X-Varnish-Grace
AETN-City
AETN-Country-Code
AETN-Continent-Code
X-Upstream-Backend
X-Amcomm-Site
Yoncu-Errno
X-SmartBan-Host
X-Batcache
X-App
X-Amz-Id-1
XX
TC-Cache-IC
X-Actindo-Request-Id
X-Resolver-IP
VANITY-HOST
X-Varnish-Debug-TTL
Firespring-Website-Id
X-Varnish-Debug-Age
Worker
X-Server-Addr
X-Actindo-Rs
X-AF-Userserver
Access-Control-Request-Headers
Load-Balancer
IES-Server
Nitro-Cache
WP-FROM-CACHE
X-Proxy-Cache-Control
X-Location
X-Soro
X-Ms-Request-Id
DNNOutputCache
Resin-Trace
Myheader
Cleartype
X-Actindo-Thread-Id
X-ACCELERATE
X-Origin-Date
*
X-Cms-Mode
Locale
X-Runtime-Affili
X-Via-S
X-Dev
CS-SERVER
X-SAPP
VServer
X-App-Runtime
X-FPC
X-Amz-Meta-S3b-Last-Modified
TC-S-Cache
X-Adnet
TC-Cache-U
TC-S-Cache-M
X-HostName
TC-Cache
X-Goog-Meta-Replace
X-Fstrz
MICROSOFTOFFICEWEBSERVER
Serverid
X-Cache-CFC
Magicmarker
X-Goog-Meta-Policy
X-Always-Cache
X-FastCGI-Cache-Status
Dispatcher
X-CacheDebug
X-Session-ID
NLCacheNote
Nopic
Beyond-Iis
Dis-Env
Prot
X-Cocoon-Version
X-Smartcache-Timeout
X-WP
X-Smartcache-Keys
X-Bip
X-Dw-Trace-Id
X-Flex-Lang
X-WEBMGR-CACHE
X-Flex-Evstart
Actual-Object-TTL
Edgecast
X-Flex-Lastmod
X-Flex-Tag
Upgrade-Insecure-Requests
Srv-Name
X-Req-Head-Response
X-Instance-Id
X-Map-Context
X-Provisioner-Version
X-Static
X-Flex-Community
X-Flex-Evend
X-VC-TTL
X-Flex-Tags
X-CacheID
Access-Control
X-Domain-Checked
Fastly-Backend-Name
CommercePlatform-Version
X-Autoru-Host
X-Route
X-PHP-Response-Code
X-Autoru-App-Id
N365rili
X-Client-Id
X-Cache-Doesi
X-Mobilized-By
X-Nginx-Dummy
X-Rule
X-Hit
X-ETag
DrivedBy
Pragrma
X-UA-Bot
X-Captured
X-Status
X-Qnm-Cache
AC-ELC
X-SH-Cache-Status
X-Upgrade-Enabled
X-Custom-Name
Home
X-Fedora-School-Id
X-Global-Transaction-ID
OracleCommerceCloud-Sandiego
OracleCommerceCloud-Version
X-Timestamp
X-M-Log
X-M-Reqid
X-Cdn-Forward
X-Varnish-Backend-Beresp-Backend
X-7d-Instance-Id
X-7d-Trace-Id
X-Backside-Transport
FRONT-END-SECUREBROWSER
X-HA-Backend
Xc
X-Generated-Time
X-Layout
X-Depends
X-NWS-UUID-VERIFY
X-Varnish-Action
X-HA-Frontend
X-Reflector-Cache
X-SERVER-NAME
X-Geo
X-Country
X-Data-Request
CLMOB
Cf-Ipcountry
X-Path-Route
X-Title
X-TKP-SRV-ID
Aurora-Node
X-Varnish-Ttl
Traffic-Origin
Cmsid
Cmstype
Num
X-Dynatrace-Js-Agent
X-Reflector
MageStack-Cacheable
X-Webcelerate
MageStack-Config
X-Id
MageStack-Loadbalancer
MageStack-Cache-Status
MageStack-Cache-Lifetime
X-Lb
X-Info
MageStack-Area
MageStack-Cache
MageStack-Cache-Hits
MageStack-Magento-Version
MageStack-Debug
X-Proxy-Skip
MageStack-PageSpeed
X-WebServer
X-Varnish-Id
X-LBPoolMember
X-HashTwo
MageStack-Tag
X-Cache-Me-Harder
MageStack-Web-Node
X-Header
Viewport
Og
Keywords
X-DevSrv-CMS
Description
X-UUID
X-ESI
Provider
X-Proto
X-Directory-Script
Bios
NZSpeedy
X-DataDome
X-Varnish-ID
X-Access-Control-Allow-Origin
CommunityServer
X-IP
AMP-Access-Control-Allow-Source-Origin
Device
TP-Cache
TP-L2-Cache
X-Xml-Http-Blocked
X-We-Are-Hiring
X-ServerIndex
X-Nginx
X-Cache-Extended
X-ReqId
X-NodeID
X-Netrix-ID
X-PBS-Fwsrvname
X-Protected-By
X-Rewritten-By
X-Render-Time
X-ManagedFusion-Rewriter-Version
X-Gannett-Site-Version
X-BPool-Back
X-Blog
X-BServer
X-Built-By
X-Ghost-Cache-Status
X-W3TC-Minify
X-PBS-Appsvrname
VSID
ViewMode
X-Cache-HT
X-RAMCache
X-FORWARDED-PROTO
X-Middleton-Pagespeed
Thanks
X-ProBase-Server
X-PBS-Appsvrip
Response-Time
X-MyName
Ssl-Proxy-Server
X-Airee-Node
X-Fastly-Backend-Reqs
X-Cache-Via
Web
X-Highwire-Sitecode
X-Highwire-Smart-Code
X-Nginx-Request-Processing-Time
X-IIJ-Cache
SS
MwpReleaseVersion
X-Agent
X-Meta-MSThemeCompatible
X-Scheme
X-SSL-Host
MachineName
X-Origin-Server
X-ProcessESI
From
X-Zendesk-User-Id
HitType
ProxiaInstanceId
X-CH-Device
X-Zendesk-Origin-Server
X-Beresp-Ttl
X-RemovedCookies
X-Proxy-Server
X-Serv
X-Server-Generated
HSTS
X-DynamicCache
X-GZip
X-Aramark-CSID
Proxy-Cache
X-Aramark-SID
X-B2f-Not-Route
X-Domino-CacheValidationWithETagResult
X-Domino-CacheValidationWithETagReason
Play-Detected-UserAgent
Play-Detected-Device
YF-ID
X-Vary-Options
SINA-TS
Il-Cl
NGX
X-Frames-Options
X-GeoIP-Country
Gzip
Session-Id
X-Nx
X-Nx-All
CINC-Endpoint
Apachenode
X-WA-Info
X-Rack-CORS
X-Varnish-Cache-Local
X-SE-Debug
X-Cache-Date
SINA-LB
X-Served-Server
X-Origin-Upstream-Status
X-Avvio-Cms-Cacheload
X-Beget-Proxy
X-Vid
GranicusServer
Now
X-Src-Webcache
X-Cache-FS-Status
X-Mighty-Proxy
X-Catalyst
X-Optimization
X-PM-ID
X-Podname
PB-PID
PB-RID
X-Instance
F5-IpCliente
X-Mobile-Rewrite
X-Now-Trace
X-Origin-Cache
X-FromPodPressCache
X-Firefox-Spdy
REFRESH
PBS
Sl-Pgid
ClientIP
VC-NoCache
X-Meta-MSSmartTagsPreventParsing
X-Pageid
Generate-Time
X-Rack-Cors
X-Requestid
X-Cdn-Origin
X-Phpwcms-Release
X-EC2-Instance-Id
X-Batcache-Reason
TYPO3-Sitename
MageStack-Cache-Warning
Content-Sn
MageStack-Cache-Lifetime-Sent
ModuleCacheType
TYPO3-Pid
Debug-Status
X-MCF-ID
X-WN-ClientGroup
X-V-Cache
X-Node-App
Amfplus-Ver
Httpd-Identifier
Hosted-By
X-UT-Cache
X-Varnish-Cached-TTL
X-Streams-Distribution
X-Time-Spent
X-UPServer
X-Phpwcms-Page-Processed-In
X-Varnish-Cached
MageStack-Last-Modified
Content
X-AppServer-Cache-Rule
X-AppServer-Cache-Exception
X-AppServer-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-Detail
X-SilverStripe-Cache
X-Amzn-Remapped-Date
X-SV
X-Cache-Action
X-Box
SBSS
UrlWatchModule-Time
Webserver
X-Beluga-Trace
X-Beluga-Status
X-Server-Hostname
X-Beluga-Node
X-Beluga-Cache-Status
WN
D
X-Beluga-Record
X-Beluga-Response-Time
X-Sid
X-Policy
X-Beluga-Response-Time-X
X-Proxy-Id
X-Meta-Imagetoolbar
Id
CF-Cache-Key
X-Application
X-Instance-Name
MSThemeCompatible
StatusCode
X-Compressed-By
Origin-Vm
ServerIP
Session-From
X-Firewall
X-Cache-TTL-Current
X-Cache-TTL-Age
Provided-Host
MSSmartTagsPreventParsing
X-Cluster
X-HS-Status
X-ENV
X-Page
Server-Ip
X-Oferteo-Domain
X-OpenCart-Lightning
X-WHO
X-Appversion
X-Serverid
X-Gateway-Rate-Limit-Delayed
PServer
X-Appid
X-Cache-Warmer
X-Ms-Version
X-CACHE-KEY
X-Clx-Request
Z
X-MSU-SOURCE
X-Expires
X-DB-Content-Length
X-Request-Received
HitInfo
Language
X-Tag-Playlist
HTTPS
MS-CV
Tempo
Tesla.Performance
X-Clara-ASAP
X-Enhanced-By
X-LAKANA-AB
X-RunCloud-Cache
X-Say-Cacheable
X-Request-Processing-Time
X-Cache-ID
X-Nws-Log-Uuid
X-VC-Debug
X-Served-From
X-Shopware-Allow-Nocache
X-VC-Cacheable
X-Shopware-Cache-Id
X-VC-Hash
X-NoIndex
X-DSMX-Render-MS
X-HS-Content-Group-Id
X-DSMX-Rewrite-MS
NEL
X-Gyrobase-Publication
X-Test
X-TLS-Version
X-Cache-Time
X-Pool
X-InstanceId
X-Cjtype
Www.Aujourdhui.Com
X-Activity-Id
NS-VaryByCustom-Key
X-Varnish-Ip
X-VC-Cache
EQ-Cache
Ews
ID
X-CSRF-Token
Page-Template
X-Croise-Owner
316pxxline
Powered-By-115
X-AWS
X-Container
X-Author
262prline
259pxline
129prxHost
Ibf5scheme
X-ServiceProvider
135prxHost
196prxHost
Xxline
AR-ATIME
X-VG-WebCache
X-DDM-SERVER
X-DDM-SERVER-UPDATED
X-Thanos
X-Newrelic-Synthetics
X-Amz-Meta-Cb-Modifiedtime
Requested-Host
AR-PoweredBy
AR-CACHE
Progma
No-Cache
AR-SID
X-UPSTREAM-Address
X-Stiffia-Cache
X-HA
X-Deity
X-TNCMS-Bot-Tier
X-Pj-Cache-Status
X-Resty-Request-Id
X-Processed
X-SuperCache
X-ASAP-Age
X-Cache-LB
X-Itkg-Cache-Tags
X-Cname-TryFiles
X-ASAP-Cache
X-Debug-Message
X-Served
X-This-Proto
NB-Cache
Apple-Itunes-App
AddDefaultCharset
X-Dispatcher-Number
X-OCTOPOD
NtCoent-Length
X-Transaction-Name
X-B
X-ZORequestID
X-Built-With
X-Req-Counter
X-T
X-Az
X-From-Cache
X-Abuse
Ohc-Response-Time
X-Front-Cache
Expiries
X-Dck
BackendServer
X-Geo-IP
HA-Status
X-User-Agent-Tier
RSL-Trace-ID
X-Cache-Node
Fastly-Drupal-Html
CDCHOST
X-No-Session
X-NMT-Proxy
X-Test-Debug
X-SCM-Server-Number
X-Varnish-Cache-Ttl
X-WebKit-CSP-Report-Only
X-XHTML-Minification-Powered-By
X-Rocket-Nginx-Reason
X-Rocket-Nginx-File
X-Cache-Bypass
X-Node-Id
X-Pass-Through
X-Skip-Cache
X-Powered-By-ADS
X-SATserver
X-RequesterIP
SB-Cache-Life
WP-AdvCache-MemCached
SB-Cache-Remaining
SB-Site-Device
ServerSignature
SB-Site-IE-VERSION
Origin-Edge-Control
Origin-Cache-Control
X-Old-Content-Length
X-LB-Frontend
X-LB-Backend
X-UA
X-DODN-Region
ServerTokens
X-DODN-Id
X-Obvious-Info
X-Nginx-VM-RT
X-Obvious-Tid
X-Page-Cacheable
Fw-Via
X-Machine
X-Client-Ip
TTL
Tk
X-AMAZEEIO
X-Apache2-RT-MicroSec
SERVER-NAME
X-Sn-Servicetimems
X-NewsFlow-Sitename
X-Build-Id
X-InDy-Time
X-Reqid
X-Router
X-Telligent-Evolution
X-TEST
X-InDy-Query
X-InDy-Memory
Prototype-RootPath
Cache-Ctrol
X-Accel-Cache-Control
PROGMA
X-Grid-Server
X-Varnish-URL
X-SSLTerm-Server
Ttl
TestCC
VAR-Cache
X-Beatles
X-Custom-Header
X-Say-TTL
X-SayCDN-TTL
X-Vol-Mrp
X-Vol-Correlation
X-Wodby-Node
COMMERCE-SERVER-SOFTWARE
Fastly-Debug-Digest
Backend-Powered-By
X-Varnish-Debug-Hits
X-MainProfileName
X-APIVERSION
X-ENDPOINT
X-MainProfileID
X-MainProfileCategory
X-APIAUTH-VAL
X-MainProfileURL
Hit-Count
Fastly-Restarts
Purge-Cache-Tags
X-Fpc
Value-Of-Url
X-Healthy
X-CacheLoc
X-ROUTING
X-Tradeindia-SMgmt
X-Search-Id
X-Bitrix-Composite
DB-Nickname
X-PressLabs-Stats
X-ORIKEY
X-Block-Rule
X-Block-RuleID
X-Tradeindia-Request-GUID
X-B3-Sampled
X-Max-Age
X-DN-Cache-Control