Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Date
Content-Type
Server
Set-Cookie
Connection
Cache-Control
Vary
X-Powered-By
Expires
Content-Length
Link
Last-Modified
Pragma
Accept-Ranges
ETag
X-Content-Type-Options
X-XSS-Protection
X-Frame-Options
Strict-Transport-Security
CF-RAY
Age
X-Cache
Expect-CT
P3P
Content-Language
X-AspNet-Version
X-Pingback
Upgrade
Via
X-UA-Compatible
Access-Control-Allow-Origin
Content-Security-Policy
X-FRAME-OPTIONS
X-Varnish
X-Cacheable
Referrer-Policy
X-Adblock-Key
X-Request-Id
X-Check
X-Generator
X-Language
X-Template
X-Buckets
X-Drupal-Cache
Alt-Svc
X-Type
WPE-Backend
X-Cache-Group
X-Pass-Why
X-Ac
X-Permitted-Cross-Domain-Policies
X-Hacker
X-Download-Options
X-Cache-Hits
X-Xss-Protection
X-AspNetMvc-Version
Host-Header
X-ShopId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sorting-Hat-PrivacyLevel
X-ShardId
X-Dc
X-Alternate-Cache-Key
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Served-By
X-Via
X-Powered-By-Plesk
X-Runtime
MS-Author-Via
P3p
X-Contextid
X-IPLB-Instance
X-Amz-Cf-Id
Access-Control-Allow-Headers
Content-Location
Access-Control-Allow-Methods
X-Timer
X-Powered-CMS
X-UA-Device
X-PC-AppVer
X-PC-Key
X-PC-Hit
X-ServedBy
Status
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-PC-Host
X-PC-Date
CF-Cache-Status
X-Iinfo
X-Ua-Compatible
Cartoon
Access-Control-Allow-Credentials
X-Seen-By
X-Wix-Request-Id
X-Rid
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-WPE-Loopback-Upstream-Addr
X-Mod-Pagespeed
X-CST
Powered-By
Content-Encoding
X-Cache-Status
X-Backend
X-Tumblr-Pixel-1
X-Endurance-Cache-Level
X-Cache-Enabled
X-Request-ID
X-Logged-In
X-Drupal-Dynamic-Cache
X-Tumblr-Pixel-2
X-Host
X-DIS-Request-ID
X-CDN
X-Server
X-Cache-Hit
X-Port
X-Server-Powered-By
Keep-Alive
X-Accel-Version
X-Nginx-Cache-Status
X-Turbo-Charged-By
X-Robots-Tag
X-Proxy-Cache
X-LiteSpeed-Cache
X-Tumblr-Pixel-3
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
X-Content-Digest
X-Page-Speed
X-Content-Powered-By
Content-Security-Policy-Report-Only
X-AH-Environment
Request-Context
X-Pad
X-Rack-Cache
X-FW-Hash
X-FW-Server
X-GitHub-Request-Id
X-FW-Static
X-FW-Serve
X-FW-Type
X-Varnish-Cache
Access-Control-Expose-Headers
SPRequestGuid
X-MS-InvokeApp
X-SharePointHealthScore
X-Request-Country
X-XRDS-Location
X-Hits
MicrosoftSharePointTeamServices
Edge-Control
X-Newrelic-App-Data
X-Content-Security-Policy
X-Amz-Request-Id
X-Webcom-Cache-Status
X-Amz-Id-2
Timing-Allow-Origin
X-BC-Stapler
X-HOST
X-Trace
Cf-Railgun
X-FullPageCaching
X-Node
Request-Id
Edge-Cache-Tag
X-HS-Cache-Config
X-HS-Content-Id
X-INKT-SITE
X-Tumblr-Pixel-4
X-INKT-URI
Charset
X-Servedby
X-CF-Powered-By
SPIisLatency
SPRequestDuration
WP-Super-Cache
X-Cache-Lookup
Access-Control-Max-Age
X-PHP-Backend
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Swift-SaveTime
X-Backend-Server
X-Fastly-Request-ID
X-HS-Combine-CSS
EagleId
X-Edge-Cache
X-Edge-Cache-Key
MicrosoftOfficeWebServer
X-Cnection
X-SERVER
Grace
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-SS-Location
X-SS-Conf
X-CDN-Pop
X-CDN-Pop-IP
X-Pc-Host
X-Pc-Date
X-Safe-Firewall
Composed-By
Served-By
X-Firenze-Processing-Times
X-Device
Front-End-Https
X-Spip-Cache
X-DNS-Prefetch-Control
X-DDC-Arch-Trace
Liferay-Portal
X-Hyper-Cache
X-VCache
Surrogate-Control
X-ServerName
X-Server-Name
X-Died
X-LiteSpeed-Cache-Control
X-Dw-Request-Base-Id
X-TNCMS
X-Loop
X-Cluster-Node
X-Cloud-Trace-Context
X-Tumblr-Pixel-5
X-WebKit-CSP
Feature-Policy
X-Original-Date
Rating
X-FB-Debug
X-RateLimit-Limit
X-RateLimit-Remaining
X-NF-Request-ID
X-Clacks-Overhead
X-RateLimit-Reset
X-Debug-Info
X-StackifyID
X-Kinsta-Cache
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
Display
X-OneAgent-JS-Injection
X-Middleton-Display
X-Jimdo-Wid
X-Jimdo-Instance
X-Sol
Xkey
P-LB
X-Tumblr-Content-Rating
Refresh
P-WS
Content-Style-Type
Response
X-Middleton-Response
Content-Script-Type
X-Acc-Exp
X-Vtex-Processado-Em
X-XN-Trace-Token
X-XN-XNHTML
X-Cdn
Public-Key-Pins
X-Age
X-N-OperationId
X-Frame-Option
X-Hostname
X-DynaTrace-JS-Agent
X-Px
X-Magento-Tags
X-Amz-Version-Id
X-LW-Cache
X-Ruxit-JS-Agent
X-FORWARDED-FOR
Fpc-Cache-Id
X-User-Agent
X-Generated-By
X-Zen-Fury
X-Cached
X-Topify-Platform
X-Goog-Hash
X-Handled-By
X-Source
PageSpeed
X-Webserver
X-Tumblr-Pixel-6
Dmn
WPX
X-Edge-Location
Retry-After
X-LBLID
X-Cache-Config
X-ARC
X-MiniProfiler-Ids
X-Loopia-Node
X-Platform-Server
Imagetoolbar
ServedBy
Access-Control-Request-Method
X-Outils-CS
TCN
Rt-Fastcgi-Cache
X-Url
X-CMS-Version
X-ET-API-VERSION
X-ET-API-ORIGIN
X-ET-API-ROOT
X-PhApp
X-DynaTrace
X-From
X-Upstream
X-Magento-Cache-Debug
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Engine
X-Cache-Key
X-Msg-2-Log
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Actual-URL
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From
X-Passed-To-PostProcessResponse
X-Passed-To
X-Passed-To-DLL
X-Original-Request
X-Passed-To-BeforeDispatch
X-URL
X-B-Cache
X-Varnish-Beresp-Ttl
Pagespeed
Cache-Provider
X-Varnish-Beresp-Grace
X-URLSCHEME
X-Varnish-Beresp-Status
X-Accel-Expires
X-Request-Time
X-Stale
X-Cached-By
X-Art-Request-Id
X-Varnish-Cache-Hits
Fhost
X-EdgeConnect-Origin-MEX-Latency
Host
X-Varnish-TTL
X-Cache-Info
X-Varnish-Count
X-Version
X-Varnish-HitMiss
No
X-EdgeConnect-MidMile-RTT
X-Dealeron-Original-Url
Powered
X-Vtex-Processed-At
X-VTEX-Janus-Router-Backend-App
X-Vtex-Remote-Cache
X-AspNetWebPages-Version
X-S
X-Dealeron-Backend
X-VTEX-Cache-Status-Janus-ApiCache
X-DealerOn
X-CacheServer
X-Powered-By-VTEX-Janus-ApiCache
DynaTrace
X-Platform
Alternate-Protocol
X-RESOURCE
X-Content-Options
X-NWS-LOG-UUID
X-Ezoic-Cdn
Public-Key-Pins-Report-Only
X-Response-Time
Fastcgi-Cache
X-HS-Content-Campaign-Id
X-Hosted-By
Warning
X-Cache-Tags
X-Whom
X-Application-Context
X-Acquia-Application-UUID
X-SRCache-Fetch-Status
Arr-Disable-Session-Affinity
X-Acquia-Application-Trace
X-SRCache-Store-Status
X-Server-ID
X-Developer
Last-Published
X-Location-Id
X-Route-Server
X-Varnish-RemainingTTL
X-I
X-Varnish-ObjectSource
X-Varnish-GracePeriod
X-Cache-2
X-Sapient
X-Platform-Cache
X-Varnish-RemainingLife
X-Forwarded-For
X-Helper-Autoassign-All
X-Varnish-Host
X-Varnish-Seen-By
X-Cache-TTL
X-Defender
S-Cnection
Generator
X-Supported-By
SN
X-Cache-IO
X-Micro-Cache
Powered-By-ChinaCache
Origin
X-Shop-Id
X-F-Cache
X-Environment
X-Rnd
Cache-Key
X-Signature
X-Magento-Cache-Control
X-Gamma-Serve
X-Akam-SW-Version
Service-Worker-Allowed
X-Instart-Request-ID
X-Device-Type
X-Esi
Product
Surrogate-Key
X-Microcachable
X-TransIP-Backend
X-TransIP-Balancer
X-Via-JSL
X-Dispatcher
X-Nginx-Cache
X-Powered-By-360WZB
X-CSRF-Protection
SSPAppContext
X-Nf-Srv-Version
X-Cache-Rule
X-Client-IP
Server-Timing
X-Lambda-Id
Version
X-VARITI-CCR
Akamai-IP
X-NetCat-Version
X-PERF
X-Hypernode
X-Umbraco-Version
Content-Disposition
X-Guploader-Uploadid
X-Cache-Namespace
X-SDS
X-Cache-Debug
X-Matrix-Proxy
X-ApacheServer
X-Last-Modified
X-Matrix-Server
X-Vcap-Request-Id
X-Cache-Age
X-Sucuri-ID
USPLoggingUUID
X-HW
X-Track
Wsr-Cache
X-SSL-Protocol
X-Director
X-Firenze-Processing-Time
X-Fastcgi-Cache
X-GUploader-UploadID
Strikingly-Cached-Version
Strikingly-Cached
Strikingly-Cache-Region
X-Microcache-Status
X-Translation
X-SSL-Cipher
X-Debug
WZWS-RAY
X-SO
X-Drupal-Cache-Tags
X-I-Sp
X-Amz-Meta-S3cmd-Attrs
X-App-Hosting
X-Server-Upstream
X-App-Status
X-BS
X-Rq
Contao-Page-Layout
X-Daa-Tunnel
X-Hostinger-Node
X-Cache-Server
X-Drupal-Cache-Contexts
Srv
X-Sucuri-Cache
X-Powered-By-VelaWeb
X-Hostinger-Datacenter
X-Abgroup
X-Varnish-Age
X-Flow-Powered
Cneonction
X-Edge-IP
Edge-Control-Message
Content-Hash
X-Expires-Orig
X-Correlation-Id
X-Locale
X-Ttl
X-SRV
X-Geo-Country
X-Server-Id
X-N
Cache-Tags
RTSS
X-ORACLE-DMS-RID
X-Now-Id
X-Gateway-Cache-Status
NnCoection
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Correlation-ID
X-Env
X-Akamai-Device-Characteristics
X-Akamai-Device-Model
X-Cache-Type
X-SV-Duration
X-Empowered-By
ServerName
X-ATG-Version
PICS-Label
FAI-W-FLOW
X-SV-CreatedAt
X-Generated
X-SV-Pid
Nodo
W
X-Forwarded-Proto
X-SV-Nginx-Duration
X-SSLUpstream
Cache
X-LB
X-SV-Edge
Author
Page-Completion-Status
X-PwB-Node
X-Url-Base
X-Cache-Lifetime
X-Cache-Level
X-SV-FromDBCache
X-SSLProxy
X-SmugMug-Values
X-Trace-Id
Lsrequestid
X-SV-CacheTags
X-SV-Cacheable
X-SmugMug-Hiring
X-Pressidium-NinukisWP-Ver
X-ACMCache
X-Rocket-Nginx-Bypass
Local-Info
X-TTL
X-Cache-TTL-Remaining
X-TTFB-L
X-SV-Expires
X-CacheFROM
Dtk-Cache-Check-0
X-ORACLE-DMS-ECID
X-Cache-Control-Orig
MIME-Version
X-FTR-Request-ID
X-Duration
X-Content-Type-Option
X-Cache-Operation
X-Cache-Engine
X-TransIP-Reserved
Smug-CDN
X-CJ-Soft
X-TTFB
Frame-Options
X-Rocket-Nginx-Serving-Static
X-Varnish-Url
X-Recruiting
Accept-CH
X-Adobe-Content
Section-Io-Id
X-Front
Content-Transfer-Encoding
X-V
X-Powered-By-VTEX-Janus-Edge
X-Middleware-Start
Server-Name
X-IsCacheURL
Location
AC-ELC
X-Cache-Fix
X-Cache-PageType
AMF-Ver
X-NoCache
S
Proxy-Connection
X-Adobe-Loc
Pv
Update-Time
Src-Update
Ohc-File-Size
Ufe-Result
X-Cache-Expires
EagleEye-TraceId
Server-Info
Req-Id
Content-MD5
X-Varnish-Cacheable
X-Nginx-Dummy
Pf.Web.Request.Id
X-WR-Flags
Front
X-Litespeed-Cache-Control
X-UPSTREAM
X-ID
X-Content-Age
X-Real-Server
X-Time
Pool
X-Grace
Identity
X-NginX-Cache
X-Pagename
X-FW
X-Hit-Cache
X-Dynamic-Cache
X-Redman-Backend
X-Config-Blacklist-Version
X-Processing-Time
X-Speed-Cache-Key
X-Speed-Cache
X-Remote-Addr
X-PF-Uncompressing
Qs-Cache
X-AVG-Country-Code
X-Avg-Cookie-Expires
X-Akamai-Edgescape
X-Dns-Prefetch-Control
X-Redman-Final-Url
Adm-Server
X-Varnish-Retries
X-High-Performance
X-Frontend
CF-Worker-Version
MJ12bot
X-Cache-Device-Type
SEOMOZ
X-SERVER-NAME
X-CF-Passed-Proto
X-CB-Server
ServerID
SHInfo
X-Atraveo-Cache-Control
X-Atraveo-Zone
X-Atraveo-Varnish-Server-Id
X-Atraveo-TTL
X-Atraveo-Set-Cookie
X-Force
X-PRAM
X-Atraveo-From-Varnish-Cache
X-Request-Uri
X-Atraveo-Param-Rm
X-Atraveo-ETag
X-Atraveo-Expires
X-Varnish-IP
X-Stage
X-HTML-Minification-Powered-By
X-Varnish-Debug-Age
X-HydroSheep
HAVer
HCVer
X-Proxy
X-SVR-IIS
SRV
Node
X-CAPServer
X-Varnish-Debug-TTL
X-Consent-Required
X-HeBS-Cache-Status
Https
X-Resource
X-Cf-Powered-By
X-Source-ID
X-Amz-Storage-Class
If-Modified-Since
Content-Encoding-Handler
X-Hiawatha-Cache
X-Svr-Proxy
Edit
CDN-Cache
X-Cache-Dispatchercachecontrol
Cached
X-FastCGI-Cache
X-Hrouter
VServer
X-Vhost
X-Cache-Dispatcherpragma
X-Discourse-Route
X-GeoIP-Country-Code
X-GeoIP-Country-Name
Eomportal-Instance
X-Hstore
X-Country-Code
X-Envoy-Upstream-Service-Time
X-Cookie-Domain
X-Content-Security-Policy-Report-Only
X-Span
Lb
Report-To
Upgrade-Insecure-Requests
X-Key
X-Id
Serverid
X-SP-Farm
X-SP-UniqueName
X-Balanceador
X-BackendServer
X-Garden-Version
X-App-Server
Use-Proxy
X-Yottaa-Optimizations
X-JG-Page-Cache
X-Smartcache-Keys
Request-EU
Request-Country
X-WP
X-Smartcache-Timeout
X-Yottaa-Metrics
X-Unique-Id
Accept-Charset
RN-Server
X-Analytics
Backend-Timing
Backend
X-LP
X-LW-Web-Server
X-Role
X-Revision
X-CACHE-TTL
X-BKSrc
Swift-Performance
X-Cache-Varnish
X-Storage
X-Server-Addr
X-GeoIP
X-Plat
Machine
X-Worker
X-Directory-Script
X-AOL-HN
X-Debug-Token
X-UA-Bot
X-PHP-Response-Code
X-SmartBan-URL
X-SmartBan-Host
X-WPL-DATA
X-Sedo-Request-Id
X-Response
X-Nx-All
X-Nx
Content_type
X-IP
Filters
Accept-Language
Accept-Encoding
X-Varnish-Hostname
X-AEM
XX
X-Varnish-Action
X-Forwarded-Host
X-Amzn-RequestId
X-Amzn-Trace-Id
X-Autoru-App-Id
X-Amz-Apigw-Id
N365rili
From
IBM-Web2-Location
MW-Webserver
X-Autoru-Host
X-Cache-On
X-FPC
X-GeoIP-Country
X-Highwire-RequestId
RequestId
VANITY-HOST
X-Cocoon-Version
X-CRA-DC
X-Adnet
X-Highwire-SessionId
Prama
X-Service-Id
X-Protected-By
X-Client-Id
X-SAPP
X-Fstrz
X-EPiphany-Vid
X-Resolver-IP
X-Client-Image-Vid
X-Client-Vid
X-Oracle-Dms-Ecid
X-ServerID
X-ACCELERATE
X-4ormat-Cacheable
Tracecode
Resin-Trace
Locale
Environment
Xc-Version
ScoreTracker
X-AF-Userserver
X-Backend-Status
X-VCS-Cacheable
X-NginX-Server
X-Actindo-Request-Id
X-RealServer
X-Streams-Distribution
X-Actindo-Rs
X-Actindo-Thread-Id
X-Cache-Miss-From
Ohc-Response-Time
CDN-Uid
X-Symfony-Cache
IISExport
Fastly-Restarts
Url
X-VCS-Ttl
Fastly-Backend-Name
X-Wikidot-Static-Cache
X-Amz-Meta-S3b-Last-Modified
X-Varnish-Ttl
X-Wikidot-Backend
X-FIRSTBase
X-IIJ-Cache
VSID
ViewMode
X-Desc
X-Proxy-Cache-Control
X-Clx-Request
HitInfo
FRONT-END-SECUREBROWSER
X-Framework
X-Rebelmouse-Cache-Control
Aurora-Node
X-Storage-Cache
X-MSU-SOURCE
Srv-Name
From-Origin
X-Soro
HitType
X-Storage-Cache-Expires
X-Akamai-Transformed
X-Storage-Cache-Date
X-NginX-Upstream
X-Page-Cache
X-Proxy-Skip
Disablevcache
Server-ID
X-Via-S
*
X-7d-Trace-Id
X-Browser
X-7d-Instance-Id
AMP-Redirect-To
X-Now-Cache
AR-SID
AR-CACHE
AR-ATIME
X-FireWall-Port
X-Distributor
CDN-RequestId
CDN-PullZone
CDN-CachedAt
Access-Control-Allow-Header
AR-PoweredBy
X-Mobilized-By
X-Oracle-DMS-ECID
X-FORWARDED-PROTO
X-Proto
Cmsid
Server-Ip
X-WEBMGR-CACHE
AMP-Access-Control-Allow-Source-Origin
X-RequestId
X-Cdn-Forward
X-Origin-Name
Provider
X-Distil-CS
X-Cache-Control
Nitro-Cache
X-Hosting-Env
X-ReqId
X-SDE-Name
X-Scheme
X-Cache-Ttl
PagesDisplayed
X-PROCESSED-BY
TYPO3-Pid
X-Webstats-RespID
DNNOutputCache
X-RENDER-TIME
Cmstype
X-UUID
X-Session-ID
Cf-Ipcountry
AsisCache
X-TB-M
TYPO3-Sitename
X-Rack-Cors
X-Src-Webcache
Magicmarker
X-Zendesk-User-Id
X-Zendesk-Origin-Server
X-Rule
X-Search-Id
X-Req-Head-Response
Gzip
F5-IpCliente
Disp
ClientIP
DeleGate-Ver
Bios
X-LAKANA-AB
X-Cache-Via
X-Cache-Time
X-Clara-ASAP
X-Content-Encoded-By
X-Generated-Time
X-Debounce
X-Cache-Doesi
X-ASAP-Cache
SB-Site-Device
SB-Cache-Remaining
SB-Site-IE-VERSION
X-Amzn-Remapped-Content-Length
X-ASAP-Age
X-Instance
X-Machine
X-Serv
X-RemovedCookies
X-Server-Generated
X-Status
X-Timestamp
X-Svr
X-UnsetCookies
X-Redir-Url
X-NodeID
X-Nginx-Request-Processing-Time
X-Origin-Date
X-Page-Cacheable
X-ProcessESI
X-User-Agent-Tier
X-Beluga-Status
Surrogate-Key-Raw
NEL
Pics-Label
Edgecast
Beyond-Iis
X-Yadis-Location
SB-Cache-Life
Custom-Header
Access-Control-Allow-Method
X-UD-METHOD
X-Ssl-Cipher
X-Flex-Community
X-VC-Enabled
X-VC-TTL
X-Who
X-VHOST
X-Airee-Node
X-Cacheable-TTL
X-Ruxit-Js-Agent
X-Pantheon-Site
X-Pantheon-Phpreq
X-Secret
X-Serverid
X-Upstream-Backend
X-Title
X-Pantheon-Environment
X-Pantheon-Az
X-Gannett-Site-Version
X-Depends
X-WebKit-CSP-Report-Only
X-Varnish-Cache-Ttl
X-Nginx-Host
X-Layout
X-SCM-Server-Number
X-Flex-Evend
X-Beluga-Record
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Response-Time
X-Beluga-Response-Time-X
X-PM-ID
X-Upstream-Status
X-Archive-Orig-Server
X-Archive-Orig-Last-Modified
X-AMAZEEIO
X-PressLabs-Stats
NLCacheNote
X-Archive-Guessed-Charset
X-Archive-Orig-Connection
X-Archive-Orig-Date
X-Archive-Orig-Content-Type
X-Beluga-Trace
X-Built-By
X-Flex-Lang
X-Origin
X-Flex-Lastmod
X-Flex-Evstart
X-Origin-Server
X-Proxy-Cache-Key
X-PBY
X-Flex-Tag
X-Ms-Version
X-Highwire-Sitecode
X-Map-Context
X-Instance-Id
X-Highwire-Smart-Code
X-Ms-Request-Id
X-Flex-Tags
Memento-Datetime
X-Nitro-Cache
X-AppServer-Status
X-AppServer-Cache-Rule
X-AppServer-Cache-Exception
X-Bip
X-ClientSide-Caching
X-DDM-SERVER-UPDATED
X-DDM-SERVER
X-DataDome
X-App-Runtime
X-A
SBSS
Requested-Host
Nd
SS
Thanks
Webserver
UrlWatchModule-Time
X-E
X-Location
X-SID
X-Session-Reinit
X-Server-IP
X-SSLTerm-Server
X-SuperCache
Xc
X-VG-WebCache
X-Time-Microsecs
X-SE-Debug
X-Runtime-Affili
X-Policy
X-M-Reqid
X-M-Log
X-Proxy-Id
X-Qnm-Cache
X-Rocket-Nginx-Reason
X-Rocket-Nginx-File
Firespring-Website-Id
FindLaw
X-Drectory-Script
X-Dispatch
X-Compressed-By
X-Geo-IP
X-LB-Server
X-Skip-Cache
X-Nbs
X-MAT-GEO
X-Cluster
X-Cache-Only-Varnish
SERVER-NAME
Paypal-Debug-Id
Max-Age
TP-Cache
TP-L2-Cache
X-Agent
WP-AdvCache-MemCached
X-Sys-Req-ID
X-Upgrade-Enabled
X-Transaction
X-SilverStripe-Cache
X-Sid
X-Twitter-Response-Tags
Cache-Ctrol
Copyright
Content
CacheControlHeader
X-Lb
X-Geo
X-Cache-Action
X-Box
D
X-Cache-Extended
X-Compress-Hint
X-ENV
X-Connection-Hash
Backend-Powered-By
Content-Sn
X-Goog-Meta-Replace
X-Goog-Meta-Policy
X-Ghost-Cache-Status
X-Hit
X-HTTPS-Cipher
X-Instance-Name
X-Info
X-HTTPS-Protocol
X-Cache-TTL-Current
X-Cache-TTL-Age
StatusCode
ServerTokens
ServerSignature
SVR
Verto-Server
X-Cache-Me-Harder
X-Amz-Meta-Content-Md5
X-Nginx-Page-Cache
X-NWS-UUID-VERIFY
Cm-Server
CD5
Actual-Object-TTL
MachineName
NZSpeedy
Page-Template
Origin-Edge-Control
Origin-Cache-Control
A-Powered-By
Yoncu-Errno
X-Route
X-Purge-URL
X-Purge-Host
X-Runtime-Memory
X-TNCMS-Bot-Tier
X-VC-Cache
X-Varnish-Grace
NtCoent-Length
IM-Version
X-Batcache
X-B3-Sampled
Request-Time
X-Batcache-Reason
X-Bcwwwid
X-Captured
X-Cache-Date
X-Built-With
Og
ModuleCacheType
Drupal-Pagecache-Memcache
Description
DB-Nickname
GD-Server
IES-Server
Load-Balancer
Keywords
X-Cdn-Origin
X-Cms
,
X-Varnish-Cached-TTL
X-Varnish-Cached
Arrnode
Debug-Status
Id
Httpd-Identifier
DrivedBy
X-UPServer
X-Sn-Servicetimems
X-Fpc
X-EC2-Instance-Id
X-DevSrv-CMS
X-Jcms-Ajax-Id
X-MCF-ID
X-Refresh
X-Page
Returned-Status