Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-Request-ID
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
X-Ua-Compatible
X-Via
X-Dns-Prefetch-Control
X-Cache-Group
Server-Timing
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Backend
X-Proxy-Cache
X-Amz-Id-2
X-Ws-Request-Id
X-Age
Host-Header
P3p
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
X-Akamai-Path-Stats
Cf-Edge-Cache
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
X-Nginx-Cache-Status
X-Page-Speed
X-Aws-Lambda-Call-Status
X-Host
X-Node
Accept-CH
X-OneAgent-JS-Injection
X-Pingback
X-Server-Id
X-Cache-Spec
Cf-Railgun
EagleEye-TraceId
Request-Id
Surrogate-Control
X-Backend-Server
X-Akam-SW-Version
X-Cache-Lookup
X-Response-Time
X-Readtime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
Accept-CH-Lifetime
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
X-Trace
Rating
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-Url
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Edge
X-Amz-Server-Side-Encryption
X-MS-InvokeApp
X-Rack-Cache
Edge-Control
X-B3-TraceId
X-Vname
X-TtlSet
X-PC
X-Nginx-Upstream-Cache-Status
X-Ruxit-JS-Agent
X-ESI
X-Content-Type
X-Vcap-Request-Id
X-Mod-Pagespeed
Xkey
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Oneagent-Js-Injection
X-Cdn-Fetch
X-D2id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Mcache
Verso
X-Amz-Rid
X-GitHub-Request-Id
Cache-Tag
X-FastCGI-Cache
X-VARITI-CCR
X-Powered-By-Plesk
RTSS
X-Varnish-TTL
X-CST
Service-Worker-Allowed
X-Upstream
X-Navigation-Version
X-Ruxit-Js-Agent
X-Cached
X-Abt-Application-Version
X-Version
X-Client-IP
X-ECACHE
X-Dw-Request-Base-Id
X-Cnection
Accept-Ch
X-Px
X-Ac
Public-Key-Pins
X-Server-Name
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Element-Page-Cache
Arr-Disable-Session-Affinity
X-SharePointHealthScore
SPRequestGuid
Display
X-Middleton-Display
X-Sol
X-Cache-TTL
Pagespeed
SPIisLatency
SPRequestDuration
X-Ttl
X-Country-Code
X-Ser
X-NWS-LOG-UUID
Permissions-Policy
X-RateLimit-Remaining
X-Midtier
X-Cache-Key
Response
X-Middleton-Response
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-Forwarded-For
Access-Control-Request-Method
Content-MD5
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-NF-Request-ID
X-DataDome
Front-End-Https
X-Shield-Request-Id
X-MSEdge-Ref
X-T
Nginx-Cache
X-HP-Trace-Id
X-HP-Webp
X-Recruiting
X-Jurisdiction
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
AR-ATIME
X-ORACLE-DMS-RID
X-Accel-Expires
AR-CACHE
X-ORACLE-DMS-ECID
AR-Request-ID
AR-PoweredBy
AR-SID
X-RateLimit-Limit
X-Powered-CMS
X-Correlation-Id
MicrosoftSharePointTeamServices
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
TCN
X-Daa-Tunnel
X-Grace
Cf-Apo-Via
X-Id
X-Mg-S
X-Hits
X-Content-Digest
X-Request-Processing-Time
Filters
X-Request-Received
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-HS-Content-Id
Server-Node
Server-Name
X-Amzn-Trace-Id
X-Frontend
S
X-Distributor
MS-Author-Via
X-Geo-Country
X-LLID
Fastcgi-Cache
X-Protected-By
X-PressLabs-Stats
Cache-Status
X-Language
X-TTL
X-Fastly-Request-Id
X-LB-Cache
X-Erf-Bev-Bev
X-Origin-Server
Cross-Origin-Opener-Policy
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-FB-Debug
X-Request-Handler-Origin-Region
X-B3-Sampled
Charset
X-Forwarded-Proto
Host
X-F-Cache
X-Microsite
Count-Hit
X-Ua-Browser
X-Ab
X-Page-Id
X-Seen-By
X-Git-Hash
Payment
Filterid
X-Litespeed-Cache
X-XRDS-Location
X-Cache-Age
X-ASPNET-VERSION
X-Ratelimit-Reset
X-VCache
X-Cluster-Name
Realpath
Surrogate-Key
X-Fastcgi-Cache
X-Rid
Cache-Tags
Accept-Charset
X-Origin-Cache
Alternate-Protocol
X-NGENIX-Cache
X-Template
Retry-After
X-Www-Served-By
X-Az
Access-Control-Allow-Method
X-DynaTrace
X-AppVersion
X-Activity-Id
X-Webkit-Csp
Cleartype
X-DIS-Request-ID
X-Amz-Replication-Status
X-Logged-In
X-Upgrade-Enabled
X-TT
X-Varnish-Grace
X-Route-Name
X-Varnish-Backend
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Wix-Request-Id
X-B
X-Tb
X-Type
X-B-Cache
X-Signature
X-Node-Name
X-App-Environment
ServerID
Paypal-Debug-Id
DC
X-Envoy-Decorator-Operation
X-Source
X-Drupal-Cache-Tags
X-Hostname
X-Proxy
X-Debug
Frame-Options
X-Revision
X-Fastly-Request-ID
X-Content-Options
X-Mobile
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Load-Cache
X-Contextid
Pinterest-Version
Amp-Access-Control-Allow-Source-Origin
X-Pinterest-Rid
Pinterest-Generated-By
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
X-Cache-Rule
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content
X-N
X-Cache-Control
Country
X-Magnolia-Registration
Node
X-Whom
X-User-Agent
Refresh
X-EdgeConnect-Cache-Status
Referer-Policy
X-Response-Served-From
X-Original-Request-Id
Viewport
NGB
Content-Disposition
X-Environment-Context
X-Cache-TTL-Remaining
Access-Control-Request-Headers
X-Debug-IsPreview
X-Cacheable-TTL
X-L-Path
X-Debug-IsConnected
X-Adobe-Loc
X-NYM-Debug-Backend
X-Yottaa-Optimizations
X-Real-IP
X-Adobe-Content
X-G
X-Page-View
X-Jobs
X-Framework
X-Varnish-Server
Uber-Trace-Id
Url
VIX-Pulpo-Node
X-Servername
X-Unique-Id
X-Mid
X-Yottaa-Metrics
VIX-Pulpo-Upstream-Status
X-Akamai-Request-ID2
X-Status
X-Content-Powered-By
X-Cache-Time
Akamai-GRN
X-Rendered-As
X-Varnish-Age
X-Cache-Grace
X-Is-Bot
Srv
X-RemovedCookies
X-Instance
X-ProcessESI
X-XRDS-LOCATION
X-Ratelimit-Remaining
Countrycode
X-Drupal-Cache-Contexts
X-Mg-Request-UUID
Version
X-Server-ID
X-Time
X-Restarts
X-COUNTRY
X-Http-Reason
X-App-Server
X-APP-VERSION
Accept-Language
X-Cache-Expired-At
X-Trace-Id
X-Debug-Info
X-Oracle-Dms-Ecid
X-CDN-Forward
X-Oracle-Dms-Rid
Protected
X-IPLB-Instance
Healthy
X-Via-JSL
X-IPLB-Request-ID
X-Hosted-By
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Hit
X-Tumblr-Pixel-1
X-Nginx-Cache-Key
Liferay-Portal
X-Azure-Ref
X-Device-Type
X-Cache-Operation
X-Ratelimit-Limit
X-Tt-Logid
X-Backend-Name
Section-Io-Cache
X-FW-Serve
X-FW-Static
X-FW-Type
Fastcgi-Useragent
X-FW-Server
X-FW-Hash
X-FW-Dynamic
Cross-Origin-Resource-Policy
Content-Secure-Policy
X-ECache
X-Akamai-Edgescape
Backend
X-Correlation-ID
Server-Info
Ms-Operation-Id
X-RTag
MS-CV
X-Proxy-Cache-Status
X-Storage
Load-Balancing
X-Mobile-URL
Meta-Geo
X-RN-RSRV
X-UPSTREAM-Address
X-Mode
X-UUID
X-Cache-Action
X-Cache-NGX
GEO-INFO
X-VC-Cache
X-Handled-By
X-Rule
X-Content-Age
X-No-Session
X-Proto
CF-IPCountry
X-OCL
X-PCL
Eomportal-Instance
X-PHP-Backend
X-LJ-Flow-ID
X-Format
X-Access
X-Adobe-Source
X-Cache-Server
X-AWS-Id
X-Cms-Context
X-Edge-Location
X-Region
Locale
Onion-Location
S-Rt
X-Forwarded-Host
X-SayCDN-TTL
X-Skip-Cache
X-Sql-Count
X-Varnishpool
X-Varnish-Hostname
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Varnish-Beresp-Grace
X-Site-Version
X-VWS-Id
X-Section
X-Sql-Duration-Ms
X-Say-TTL
X-Say-Cacheable
Mn-Server-Ip
Property-Id
X-GeoCountry
X-Varnish-Cache-Hits
X-FB-TRIP-ID
DB-Nickname
X-GeoCode
Selected-Fe
X-Generated-By
X-Generation-Time
X-BYPASS-REASON
X-Via-Fastly
TWC-Device-Class
X-UA-Device-Type
Webcakes-Region
Webcakes-App-Version
X-Timing-Wait
X-Cache-Type
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
Webcakes-App-Name
Web-Mar-Node
TWC-GeoIP-Country
Apigw-Requestid
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Detected-As
TWC-Privacy
X-Extlb
X-Hl-Ver
X-Proxied
X-Proxy-Build
CDN-RequestCountryCode
CDN-PullZone
CDN-Uid
CDN-EdgeStorageId
X-Labrador-Cache-Channel
X-Cache-Enabled
X-ProxyCache-Key
X-ProxyCache-Status
X-Server-W
X-SRV
X-Request-Time
X-ServerID
X-ShardId
CDN-RequestId
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-PHP-Host
X-Uri
X-Redis-Cache
X-Locale
X-HTML-Minification-Powered-By
X-Routing-Service
X-Xfnlog-Site
X-Web-Node
CDN-CachedAt
X-Zipkin-Id
X-Origin-Hint
CDN-Cache
X-Sorting-Hat-ShopId
X-Cache-Status-Check
Azure-SiteName
X-Api-Version
X-Cache-Host
X-Tid
X-Origin-Date
Azure-InstanceId
Azure-SlotName
Azure-Version
Azure-RegionName
X-Nginx-Cache
X-R9-Blue-Green-Version
WP-Super-Cache
X-URL
X-JoinUs
X-SaId
X-Ms-Request-Id
X-Datadome
X-Ms-Version
X-Zen-Fury
Cache-Name
X-FireWall-Port
Xserver
X-DynaTrace-JS-Agent
ServedBy
X-LSADC-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Ua
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Human
X-Debug-Cache
X-Varnish-Ttl
X-Dc
Xet-Cookie
X-Cache-Tags
Cache
X-TNCMS
X-Loop
X-MP-GENERATED-AT
Source
X-RCS-CacheZone
X-Reqid
X-Cached-By
X-GEO
X-TA-CDN-Provider
X-App-Version
SD-X-WS
X-Varnish-Hits
Cross-Origin-Window-Policy
X-Pubstack
X-Aspnetmvc-Version
X-Soup
Origin
WPO-Cache-Status
WPO-Cache-Message
X-Amzn-Remapped-Content-Length
X-Cdn
X-Webkit-CSP
X-Tumblr-Pixel-2
X-Newrelic-Synthetics
LB
X-Origin-TTL
X-Origin-CC
X-Vgn-Hpd-Reason
X-Service
X-IPS-LoggedIn
From-Origin
X-Provided-By
X-AOL-HN
X-NewRelic-App-Data
X-Via-NSCOPI
X-B3-SpanId
Rip
X-GG-Cache-Date
X-Varnish-Beresp-Ttl
X-Tec-Api-Origin
X-FW-Version
Webserver
X-Tec-Api-Version
X-Tec-Api-Root
X-Platform-Server
X-Request-Host
X-Cluster-Node
X-A-Dam
X-Rewrite-Enabled
X-A-Dcw
X-A-Ccd
Lang
X-Aed
X-B-Cookie
X-Orig-Expires
X-ARC
X-Cache-NE
X-Bc-Bl
X-NAPM-TraceId
X-BCube-Filmed-By
Expiry
X-Application
Host-ID
X-A-Wwc
X-A-Dgt
X-PBS-Appsvrname
X-Owner
X-Rojux
X-AK-Request-ID
X-Processor
Meta-Geo-Continent
X-Vdms-Path
X-Vdms-Version
A
X-VG-WebCache
X-Ec-Fail
X-Ec-GeoHdr
X-TIM-N
X-User
X-S
Cdncip
T-Server
Rendered-Blocks
X-CSRF-Token
BehaviorPad-Version
X-Destination
HostName
X-Developer
Surrogated-Key
Xc-Version
Sslversion
Odigeo-Trace-Id
Cdnsip
DCR-Decision-By
X-Connection-Hash
X-Shop-Environment
MD5-Digest
X-ScT
Environment
X-Served-From
X-Forwarded-Path
X-SRCache-Key
X-D
X-External-Request-Id
X-Tenant
X-S-Cookie
Ngx.Var.Host
DCR-Processing-Time-Ms
X-A
Cache-Hits
OT-Force-Account-Verify
Upgrade-Insecure-Requests
X-VC
X-B3-Traceid
X-Level-Front-Cache
Redirect-Candidate
X-Qloud-Router
X-Pool
X-Aicache-OS
X-Bip
X-Accel-Buffering
X-Generated-On
X-Dispatcher-Number
X-Thanos
Cache-Tv-Group
X-WA-Info
Mime-Version
Fastly-SSL
X-TIME
X-Cluster
Traceparent
Thinkindot-Control
Tube-Get-Contents
X-Datadog-Parent-Id
Thinkindot-CacheControl-Type
Tube-Got-Eval
TDXMobile
X-DefElseHash
Servername
X-Datadog-Trace-Id
State
Tube-Got-Results
X-Datadog-Sampling-Priority
Thinkindot-CacheControl
Tube-Return
X-DefHash
X-CGP
Wxu-Next-Region
X-Cdn-Srv
X-Cdn-Origin
X-Ad-Defer-Variation
X-CacheTTL
Wxu-Next-Hostname
Wxu-Next-Commit
X-Core-Mission
X-Core-Value
X-Csrf-Jwt
V-Age
X-Clientip
Vix-Hermes-Req-Id
X-Ckpd-Fst-Backend
X-Branch-Name
X-Origin-Time
X-Sigma-Backend
X-Sigma
X-Scale
X-SIPLIST1
X-Slack-Backend
X-SplitTest
X-Sn-Servicetimems
X-SB
X-S-Maxage
X-Policy
X-Planisys-CDN-TTL
X-Region-Sid
X-Request-URI
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Machine
X-Worker
X-Wix-Viewer-Type
X-Parent-Response-Time
X-Varnish-Beresp-Status
CPC-Cache
CPC-Age
X-VServer
X-VG-TLSProxy
X-V-Cache
X-Thinkindot-L3
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Planisys-CDN-Rules
VNS-Age
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-Gdpr
X-GeoIP
X-Geo-Header
X-Gamma-Serve
X-Forwarded-Site
X-DPWN-IS-SECURE
X-Device-Os
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-Fetched-On
X-Eu-Site
X-GeoIP-City
X-Has-Esi
X-Origin
X-Optimistic-Header
X-Origin-Response-Time
Server-Host
X-Planisys-CDN-Cache
VNS-Cache
X-Nyt-Route
X-NodeID
X-Irp-Debug
X-Hash
X-Is-Gdpr
X-JWT-State
X-Minions-Version
X-Loc
X-Developers
X-BBC-Edge-Cache-Status
Fastly-SWR
Ha-Gx-Prefs
Fastly-SIE
DSUID
Decoy-Debug-TTL
HA-Ipaddr
Is-Eu
L5d-Success-Class
L
Kp-EeAlive
IsBot
Decoy-Debug-Status
Country-Code
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
Cache-Host
Candidate-Md5Url
Cmstype
Cmsid
Click-Count-Error
Click-Count-Action-Start
Memcached
Decoy-Debug-Key
Origin-CC
NM-Fastcgi-Cache
Origin-EX
Platform
Req-Svc-Chain
Producers
NGX
Release
Mobile-Detection-Method
We-Hiring
X-INCAP-ABP
CDCHOST
CloudFront-Viewer-Country
Server-Ext
Svr
X-Scheme
Datacenter
Mail-Subject
Fastly-GeoIP-CountryCode
Cluster
Fastly-Backend-Name
Server-Hostname
Canary
X-Hnp-Log
X-Viewer-Country
AKAMAI
Ec-Rule-Version
X-Cache-Bucket
Sever-Int
X-RateLimit-Remaining-Second
User-Cache-Control
Web-Mar-Region
X-Proxy-Cache-Info
Gh-Request-Id
X-Fmm-Version
X-Auto-Login
X-Esi-Check
X-Gen-Mode
X-Gzip
X-HS-Content-Campaign-Id
X-WADP-Cache
X-Mvc-Supplant-Cachable
X-NCache
X-Mvc-Supplant-OutputCached
X-RateLimit-Limit-Second
X-CMSURLCustom
X-Cache-Info
X-Cache-Id
Fastcgi-Cache-TTL
X-Clara-WADP
X-Block-Status
WebServer
X-Xrds-Location
X-Tx-Id
X-Cache-Debug
X-Cache-Remote
X-Session-Fingerprint
X-Origin-Expires
X-LB-NoCache
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-ZONE
X-Udemy-Cache-App-Namespace
X-WP-CF-Super-Cache-Active
X-Sucuri-ID
X-Sucuri-Cache
X-ND-Cache
Ssr
X-Fastly-Cache
X-Pod-Name
Sid
X-Azure-Ref-OriginShield
Memory
X-Var-Ttl
X-FC-Vary-Parameters
Time
X-NWS-UUID-VERIFY
X-Newrelic-App-Data
X-Fastly-Backend
X-ATG-Version
Pics-Label
X-Tb-Optimization-Total-Bytes-Saved
X-Nf-Request-Id
SID
X-Via-Poph
X-Generated-In
X-Via-Popv
X-Via-Popn
X-Trace-ID
X-Akamai-Transformed
Fastly-Drupal-HTML
X-Cache-Date
X-Refresh
X-Ig-Push-State
X-Buckets
X-Presslabs-Stats
AMP-Access-Control-Allow-Source-Origin
Env
X-Servedbyhost
X-Conf
Server-ID
X-Edge-Pop
Fastly-Drupal-Html
X-Cs
X-Microcachable
X-MSEdge-Features
X-MSEdge-Flight
X-Release
X-Pass-Why
X-Fpc
X-NC
X-Dmc
X-Up
X-Tumblr-Pixel-3
X-DC
X-RateLimit-Reset
X-EC-Lua
X-Endurance-Cache-Level
X-TRACE-ID
My-App
X-Esi
X-Dispatch
X-Be
X-PX
X-MCACHE
X-Zone
X-CS
GeoIp-Country-Code
Magicmarker
X-Lambda-Id
X-Wa
X-ID
X-TX-ID
CDN
X-CACHE-AGE
X-Yandex-Sdch-Disable
True-Client-IP
X-VCL-Version
X-Air-Source
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Air-Trace-Id
X-Req
X-Air-Hostname
X-Webkit-CSP-Report-Only
X-NGINX-Cache
X-Srv
X-CACHE-KEY
X-Vc
X-Hyper-Cache
X-CF-Lambda-Version
CacheControlHeader
X-LB-ID
Hostname
X-CF-Lambda-Fn
X-CSRF-TOKEN
X-M-Reqid
X-App
Pramga
True-Client-Country-4JS
X-TH-Server
X-Alfa-Service
X-Micro-Cache
X-HS-Status
X-M-Log
X-Varnish-Beresp-TTL
Resin-Trace
C-Via
X-Air-Pt
Path
X-Vcl-Version
X-Op-Id-All
X-Qnm-Cache
True-Client-Ip
X-B3-Spanid
N-Cache
X-TrackingId
GeoIP-Country-Code
Tcn
Proxy-Connection
X-PAYTM-SRV-ID
Tracecode
Fastcgi-X-Cache-Version
X-Platform
X-Vercel-Cache
X-Vercel-Id
On-Server
X-Edge-Origin-Shield-Region
X-Check-Cacheable
X-SERVER-NAME
X-Edge-Origin-Shield-Bytes
Esi-Enabled
X-GeoIP-Region-Code
X-FPC
X-GeoIP-Country-Code
NtCoent-Length
X-CLOUD-TRACE-CONTEXT
X-Date
GeoIP-Latitude
Hit
WWW-Authenticate
Section-Io-Origin-Status
Section-Io-Id
X-Vtex-Processado-Em
X-Accel-Expires-Debug
Section-Io-Origin-Time-Seconds
X-WA
Section-Origin-Responded
X-Vtex-Remote-Cache
X-Akamai-Pragma-Client-IP
X-Datacenter
X-Webkit-Csp-Report-Only
X-Cdn-Forward
X-Geo
X-Via-CDN
Server-Id
X-Request-Start
X-ServedByHost
X-SD-PageType
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-API-Version
X-AIR-PT
X-Node-Id
Lb
X-RAMCache
X-LAGOON
X-Mly-Id
X-ApacheServer
X-PERF
FSS-Cache
X-Response-By
YJS-ID
X-Old-Content-Length
ENV
X-Lb-Id
User-Agent
HIT
X-Edge-POP
Cache-Key
X-Dw-Trace-Id
Cdn
Yjs-Id
X-LiteSpeed-Cache-Control
X-Via-PopH
X-Via-PopN
X-Render-Time
DynaTrace
X-Via-PopV
XkeyRZ
Powered-By
X-Proxy-CacheRZ
Server-Ttl
DT-Hot-News
X-TT-LOGID
X-UA
X-Location
XM
X-Cache-Ttl
X-FORWARDED-FOR
X-Proxy-Cache-Hk
PFcat
X-VarnishDD-TTL
Locid
X-Proxy-Upstream
X-CUA
X-Traceid
X-HN
X-FL-EDGE
Srvid
X-Instance-Name
X-Via-Ucdn
Dnion-Transfer-Encoding
X-LI-Proto
X-LI-UUID
Geoip-Latitude
X-From
X-Li-Fabric
X-Li-Pop
PICS-Label
Sm-Log-Id
X-Service-Response-Time
XServer
Ohc-File-Size
X-Webstats-RespID
X-Akamai-ERRuleID
Nginx-CQVIP
X-Akamai-ERPolicy
X-RPS
X-CF-Powered-By
X-RSL
X-RPM
X-LiteSpeed-Tag
X-DB
X-Fastly-Backend-Reqs
X-DI
X-DSS
X-DW
Location
X-Cache-Ngx
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache
X-Cache-ASPX
X-Fastly-Cache-Hits
Vha6-Origin
X-Contensis-Viewer-Groups
X-Request-Url
X-Director
X-Lb-Nocache
X-B3-ParentSpanId
X-HostName
X-Cdn-Request-ID
X-Varnish-Authentication
X-ElasticPress-Query
Wpo-Cache-Message
Wpo-Cache-Status
CountryCode
Warning
X-Ips-Loggedin
Wp-Super-Cache
X-Yottaa-OS
X-DataCenter
X-Cache-Backend
X-Nc
X-Snapshot-Date
X-Ftr-Request-Id
MIME-Version
M-TraceId
X-Moov-T
X-Moov-Xdn-Version
WZWS-RAY
SRV
Fastcgi-Cache-Ttl
Req-ID
X-Mg-Cache