#VERSION,2.008
#######################################################################
# File Source: https://cirt.net
# (c) 2001-2014 Chris Sullo, All Rights Reserved.
# This file may only be distributed and used with the full Nikto package.
# This file may not be used with any software product without written permission from
# Chris Sullo (csullo@gmail.com)
#
# Note:
# By submitting updates to this file you are transfering any and all copyright
# interest in the data to Chris Sullo so it can modified, incorporated into this product
# relicensed or reused.
#######################################################################
# Notes:
# - Use lower case letters
# - Keep list alphabetically (for readability and easy human lookup)
# Example to get the server headers: $ curl -I www.example.com
#######################################################################
"header"
"accept"
"accept-charset"
"accept-encoding"
"accept-language"
"accept-ranges"
"age"
"allow"
"alternates"
"authorization"
"cache-control"
"commerce-server-software"
"connection"
"content-encoding"
"content-language"
"content-length"
"content-location"
"content-md5"
"content-range"
"content-type"
"dasl"
"date"
"dav"
"etag"
"expect"
"expires"
"from"
"keep-alive"
"host"
"if-match"
"if-modified-since"
"if-none-match"
"if-range"
"if-unmodified-since"
"last-modified"
"location"
"max-forwards"
"mime-version"
"p3p"
"pragma"
"proxy-authenticate"
"proxy-authorization"
"proxy-connection"
"public"
"range"
"referer"
"retry-after"
"server"
"set-cookie"
"status"
"strict-transport-security"
"te"
"trailer"
"transfer-encoding"
"upgrade"
"user-agent"
"vary"
"via"
"warning"
"www-authenticate"
"whisker"
"nncoection"
"x-aspnet-version"
"x-cache-hits"
"x-content-type-options"
"x-cnection"
"x-id"
"x-frame-options"
"x-pad"
"x-pingback"
"x-powered-by"
"x-varnish"
"xmlns"
"persistent-auth"
"x-ua-compatible"
"x-xss-protection"
"content-security-policy-report-only"
"content-security-policy"
"x-content-security-policy"
"x-webkit-csp"
"x-aspnetmvc-version"
"x-mod-pagespeed"
"access-control-expose-headers"
"access-control-allow-methods"
"access-control-allow-headers"
"access-control-allow-origin"
"access-control-allow-credentials"
"access-control-max-age"
"x-clacks-overhead"
