Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Request-ID
Feature-Policy
X-Ua-Compatible
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
X-Via
X-Dns-Prefetch-Control
X-Cache-Group
Server-Timing
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Backend
X-Proxy-Cache
X-Amz-Id-2
X-Ws-Request-Id
X-Age
Host-Header
P3p
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
X-Akamai-Path-Stats
Cf-Edge-Cache
Allow
Nel
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
X-Nginx-Cache-Status
X-Page-Speed
X-Aws-Lambda-Call-Status
X-Host
X-Node
Accept-CH
X-OneAgent-JS-Injection
X-Pingback
X-Server-Id
X-Cache-Spec
EagleEye-TraceId
Cf-Railgun
Request-Id
Surrogate-Control
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
Accept-CH-Lifetime
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
X-Trace
Rating
X-Cloud-Trace-Context
Fastly-Restarts
Accept-Ch-Lifetime
X-Country
X-Url
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Edge
X-Amz-Server-Side-Encryption
X-MS-InvokeApp
X-Rack-Cache
Edge-Control
X-TtlSet
X-Vname
X-B3-TraceId
X-PC
X-Nginx-Upstream-Cache-Status
X-Ruxit-JS-Agent
X-ESI
X-Content-Type
X-Vcap-Request-Id
X-Mod-Pagespeed
Xkey
X-Oneagent-Js-Injection
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-D2id
X-Use-Magma
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
Verso
X-Amz-Rid
X-Mcache
X-GitHub-Request-Id
X-FastCGI-Cache
Cache-Tag
X-VARITI-CCR
X-Powered-By-Plesk
RTSS
X-Varnish-TTL
X-CST
Service-Worker-Allowed
X-Upstream
X-Ruxit-Js-Agent
X-Navigation-Version
X-Abt-Application-Version
X-Cached
X-Client-IP
X-Version
X-ECACHE
X-Dw-Request-Base-Id
X-Cnection
Accept-Ch
X-Ac
X-Px
Public-Key-Pins
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Name
X-Element-Page-Cache
X-SharePointHealthScore
Arr-Disable-Session-Affinity
SPRequestGuid
X-Cache-TTL
Pagespeed
X-Sol
X-Middleton-Display
Display
SPIisLatency
SPRequestDuration
X-Ttl
X-Ser
X-Country-Code
X-NWS-LOG-UUID
Permissions-Policy
X-RateLimit-Remaining
X-Midtier
X-Cache-Key
Response
X-Middleton-Response
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-Forwarded-For
Content-MD5
Access-Control-Request-Method
X-DataDome
X-SRCache-Fetch-Status
X-NF-Request-ID
X-SRCache-Store-Status
Front-End-Https
X-Shield-Request-Id
X-MSEdge-Ref
X-T
Nginx-Cache
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Recruiting
TP-Cache
TP-L2-Cache
AR-Request-ID
Edge-Cache-Tag
AR-SID
AR-CACHE
AR-PoweredBy
X-Accel-Expires
AR-ATIME
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Powered-CMS
X-RateLimit-Limit
X-Correlation-Id
MicrosoftSharePointTeamServices
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
TCN
X-Daa-Tunnel
X-Grace
Cf-Apo-Via
X-Id
X-Mg-S
X-Hits
X-Content-Digest
X-Request-Processing-Time
Filters
X-Request-Received
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-HS-Hub-Id
Server-Name
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
X-HS-Combine-CSS
X-Amzn-Trace-Id
X-Frontend
S
X-Distributor
MS-Author-Via
X-Geo-Country
X-LLID
X-Protected-By
Fastcgi-Cache
X-PressLabs-Stats
Cache-Status
X-Language
X-TTL
X-Fastly-Request-Id
X-LB-Cache
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
Cross-Origin-Opener-Policy
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
Count-Hit
X-Origin-Server
X-Request-Handler-Origin-Region
X-Microsite
X-F-Cache
Host
Charset
X-FB-Debug
X-Forwarded-Proto
X-Ua-Browser
X-Seen-By
X-Ab
X-Page-Id
X-Git-Hash
X-B3-Sampled
Payment
Filterid
X-Litespeed-Cache
X-XRDS-Location
X-ASPNET-VERSION
X-Cache-Age
X-Cluster-Name
X-Ratelimit-Reset
X-VCache
Realpath
Surrogate-Key
X-Fastcgi-Cache
X-Rid
Cache-Tags
Accept-Charset
X-Origin-Cache
Alternate-Protocol
X-NGENIX-Cache
X-Template
Retry-After
X-Www-Served-By
X-DynaTrace
Access-Control-Allow-Method
X-Activity-Id
X-AppVersion
X-Webkit-Csp
X-Az
Cleartype
X-Amz-Replication-Status
X-Logged-In
X-Upgrade-Enabled
X-TT
X-DIS-Request-ID
X-Varnish-Grace
X-Varnish-Backend
X-Signature
X-Type
X-Route-Name
X-Is-Crawler
X-Aspnet-Duration-Ms
X-B-Cache
X-Flags
X-Wix-Request-Id
X-Providence-Cookie
X-Request-Guid
X-B
X-Node-Name
X-App-Environment
X-Tb
X-Envoy-Decorator-Operation
ServerID
Paypal-Debug-Id
DC
X-Source
X-Hostname
X-Proxy
X-Drupal-Cache-Tags
Frame-Options
X-Debug
X-Aspnetmvc-Version
X-Revision
X-Fastly-Request-ID
X-Mobile
X-Content-Options
X-Tt-Trace-Tag
X-Load-Cache
X-Tt-Trace-Host
X-Contextid
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Amp-Access-Control-Allow-Source-Origin
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Cache-Rule
X-Content
X-Kong-Proxy-Latency
X-N
X-Kong-Upstream-Latency
X-Cache-Control
Country
X-Magnolia-Registration
Node
X-User-Agent
Refresh
X-Whom
X-EdgeConnect-Cache-Status
X-Response-Served-From
X-Original-Request-Id
Referer-Policy
Viewport
NGB
Content-Disposition
Access-Control-Request-Headers
X-Cacheable-TTL
X-Debug-IsConnected
X-Cache-TTL-Remaining
X-Debug-IsPreview
X-Environment-Context
X-Adobe-Loc
X-Jobs
X-Framework
X-Mid
VIX-Pulpo-Node
X-Akamai-Request-ID2
Url
VIX-Pulpo-Upstream-Status
Uber-Trace-Id
X-NYM-Debug-Backend
X-Yottaa-Metrics
X-Adobe-Content
X-Varnish-Server
X-Servername
X-Real-IP
X-Yottaa-Optimizations
X-L-Path
X-G
Akamai-GRN
X-Content-Powered-By
X-Status
X-Cache-Grace
X-Cache-Time
X-Varnish-Age
X-Page-View
X-Rendered-As
X-Is-Bot
X-XRDS-LOCATION
X-Instance
X-ProcessESI
X-RemovedCookies
Srv
X-Unique-Id
X-Ratelimit-Remaining
Countrycode
X-Drupal-Cache-Contexts
X-Mg-Request-UUID
X-Server-ID
Version
X-Time
X-COUNTRY
X-Restarts
X-App-Server
X-Http-Reason
X-APP-VERSION
Accept-Language
X-Debug-Info
X-Trace-Id
X-Cache-Expired-At
X-CDN-Forward
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Protected
Healthy
X-Via-JSL
X-IPLB-Request-ID
X-IPLB-Instance
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Hosted-By
X-Cache-Hit
X-Azure-Ref
X-Cache-Operation
Liferay-Portal
X-Device-Type
X-Nginx-Cache-Key
X-Ratelimit-Limit
X-Backend-Name
Section-Io-Cache
X-Tt-Logid
Fastcgi-Useragent
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-FW-Static
X-ECache
X-FW-Type
Cross-Origin-Resource-Policy
Backend
X-Akamai-Edgescape
Content-Secure-Policy
Server-Info
Ms-Operation-Id
X-RTag
MS-CV
X-Correlation-ID
Load-Balancing
X-Proxy-Cache-Status
X-RN-RSRV
X-UPSTREAM-Address
Meta-Geo
X-Mobile-URL
X-Storage
X-Cache-Action
X-UUID
X-Cache-NGX
X-Content-Age
X-Rule
GEO-INFO
X-VC-Cache
X-Handled-By
X-Section
X-Edge-Location
X-ShardId
X-ShopId
Onion-Location
S-Rt
X-Shopify-Stage
Locale
X-Proto
X-Cms-Context
X-PCL
X-No-Session
X-Forwarded-Host
X-Say-TTL
X-SayCDN-TTL
X-OCL
CF-IPCountry
X-PHP-Backend
X-Region
Eomportal-Instance
X-Format
X-Adobe-Source
X-Site-Version
X-Urbn-Context-Path
X-Varnishpool
X-Cache-Server
X-Alternate-Cache-Key
X-Say-Cacheable
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Grace
X-Varnish-Hostname
X-Storefront-Renderer-Rendered
X-Skip-Cache
X-Urbn-Site-Id
X-Sorting-Hat-PodId
X-Access
X-Generated-By
Webcakes-App-Version
Apigw-Requestid
Webcakes-Region
CDN-PullZone
X-GeoCountry
X-GeoCode
X-AWS-Id
Webcakes-App-Name
X-BYPASS-REASON
X-Generation-Time
Web-Mar-Node
TWC-Connection-Speed
TWC-Device-Class
X-Cache-Host
Property-Id
X-Cache-Type
TWC-GeoIP-Country
X-Hl-Ver
Selected-Fe
X-FB-TRIP-ID
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
DB-Nickname
X-Proxy-Build
X-Labrador-Cache-Channel
X-PHP-Host
X-SRV
X-Mode
X-VWS-Id
X-Redis-Cache
X-Via-Fastly
X-Sql-Count
X-ServerID
X-Sql-Duration-Ms
X-Timing-Wait
X-Varnish-Cache-Hits
X-ProxyCache-Key
X-ProxyCache-Status
CDN-RequestCountryCode
X-Locale
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
X-Web-Node
X-LJ-Flow-ID
X-Origin-Hint
X-Cache-Enabled
CDN-RequestId
CDN-Uid
X-Server-W
X-Api-Version
X-Nginx-Cache
X-UA-Device-Type
Azure-Version
Azure-RegionName
X-Xfnlog-Site
X-Request-Time
X-Origin-Date
X-HTML-Minification-Powered-By
Mn-Server-Ip
X-Cache-Status-Check
X-Uri
Azure-SiteName
Azure-SlotName
X-Detected-As
Azure-InstanceId
X-R9-Blue-Green-Version
WP-Super-Cache
X-URL
X-Routing-Service
X-Ms-Version
X-Extlb
X-Datadome
X-Proxied
X-Ms-Request-Id
X-Zipkin-Id
X-SaId
X-JoinUs
Cache-Name
X-Tid
Xserver
X-DynaTrace-JS-Agent
ServedBy
X-FireWall-Port
X-WP-CF-Super-Cache
X-LSADC-Cache
X-Zen-Fury
X-WP-CF-Super-Cache-Cache-Control
X-Ua
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Human
X-Dc
X-Varnish-Ttl
X-Debug-Cache
Xet-Cookie
X-Cache-Tags
Cache
X-MP-GENERATED-AT
Source
X-Loop
X-TNCMS
X-App-Version
X-TA-CDN-Provider
X-Reqid
SD-X-WS
X-GEO
X-Cached-By
Cross-Origin-Window-Policy
X-Varnish-Hits
X-Pubstack
X-Soup
X-RCS-CacheZone
X-Cdn
WPO-Cache-Message
WPO-Cache-Status
X-Amzn-Remapped-Content-Length
Origin
X-Webkit-CSP
LB
X-Origin-TTL
X-Vgn-Hpd-Reason
X-Origin-CC
X-Tumblr-Pixel-2
X-Newrelic-Synthetics
X-Service
From-Origin
X-IPS-LoggedIn
X-Provided-By
X-AOL-HN
X-Via-NSCOPI
X-NewRelic-App-Data
X-B3-SpanId
X-GG-Cache-Date
Rip
X-Varnish-Beresp-Ttl
Webserver
X-FW-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Platform-Server
X-Request-Host
X-Cluster-Node
X-Cache-NE
X-Ec-Fail
X-ScT
X-Connection-Hash
X-Ec-GeoHdr
X-S-Cookie
X-S
X-Rojux
X-Served-From
X-Rewrite-Enabled
X-BCube-Filmed-By
X-Bc-Bl
X-ARC
X-B-Cookie
X-Application
X-Orig-Expires
Odigeo-Trace-Id
X-D
Rendered-Blocks
X-A-Wwc
Ngx.Var.Host
MD5-Digest
Meta-Geo-Continent
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
X-Forwarded-Path
T-Server
Sslversion
Surrogated-Key
Lang
X-Shop-Environment
BehaviorPad-Version
X-AK-Request-ID
Cdncip
A
X-A-Dam
X-PBS-Appsvrname
X-Owner
Cdnsip
X-Aed
Expiry
Host-ID
Environment
X-NAPM-TraceId
DCR-Decision-By
DCR-Processing-Time-Ms
X-External-Request-Id
X-Processor
X-User
X-Destination
X-TIM-N
X-VG-WebCache
X-Developer
X-Vdms-Version
X-Vdms-Path
X-CSRF-Token
X-Tenant
HostName
Xc-Version
X-SRCache-Key
Cache-Hits
Upgrade-Insecure-Requests
X-B3-Traceid
OT-Force-Account-Verify
X-VC
X-Pool
Redirect-Candidate
X-Aicache-OS
X-Dispatcher-Number
X-Generated-On
X-Accel-Buffering
X-Level-Front-Cache
X-Bip
X-Qloud-Router
X-Thanos
Fastly-SSL
X-WA-Info
Cache-Tv-Group
Mime-Version
X-TIME
X-Eu-Site
X-GeoIP-City
X-Hash
Mobile-Detection-Method
X-Has-Esi
Fastly-SWR
X-Epic-Correlation-Id
NM-Fastcgi-Cache
NGX
X-BBC-Edge-Cache-Status
X-Sigma
Kp-EeAlive
X-JWT-State
Is-Eu
HA-Ipaddr
X-Is-Gdpr
L
L5d-Success-Class
Machine
Memcached
Ha-Gx-Prefs
CPC-Age
X-Irp-Debug
X-Datadog-Parent-Id
Release
X-Forwarded-Site
Tube-Get-Contents
Tube-Got-Eval
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
Tube-Got-Results
Tube-Return
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-Parent-Response-Time
V-Age
X-Ad-Defer-Variation
State
Fastly-SIE
X-Fetched-On
Req-Svc-Chain
X-Varnish-Beresp-Status
Producers
X-Geo-Header
Platform
X-Gdpr
Server-Host
X-Developers
X-Gamma-Serve
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-GeoIP
Decoy-Debug-Key
X-DefElseHash
X-Datadog-Trace-Id
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Region-Sid
X-Varnish-CookieHashed-On
X-Request-URI
X-Clientip
X-Csrf-Jwt
X-Planisys-CDN-Cache
X-Origin-Time
X-Loc
X-Planisys-CDN-Rules
X-Device-Os
X-Ckpd-Fst-Backend
X-Planisys-CDN-TTL
X-Variation
X-V-Cache
X-Sn-Servicetimems
X-SplitTest
X-Core-Mission
X-Slack-Backend
X-Core-Value
X-DefHash
X-Sigma-Backend
VNS-Cache
X-SB
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-S-Maxage
X-Origin-Response-Time
X-CGP
X-CacheTTL
Cmsid
Cmstype
X-Cdn-Origin
Click-Count-Error
X-VServer
Click-Count-Action-Start
VNS-Age
CPC-Cache
DSUID
X-Branch-Name
Decoy-Debug-TTL
Decoy-Debug-Status
X-Wix-Viewer-Type
X-Worker
X-Datadog-Sampling-Priority
X-Cdn-Srv
X-DPWN-IS-SECURE
Apple-News-Services-Host
Adler-Geo
X-Optimistic-Header
X-Origin
X-VG-TLSProxy
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Cache-Host
X-NodeID
Candidate-Md5Url
Apple-News-Services-Request-Url
X-Nyt-Route
X-Ec-Custom-Error
X-Cluster
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-HS-Content-Campaign-Id
X-WADP-Cache
IsBot
Cluster
CloudFront-Viewer-Country
X-NCache
Country-Code
Datacenter
Gh-Request-Id
X-Minions-Version
Canary
X-Viewer-Country
AKAMAI
X-Scale
X-Scheme
X-SIPLIST1
X-ZONE
X-Proxy-Cache-Info
Ec-Rule-Version
X-Policy
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Svr
X-Esi-Check
Servername
X-Fmm-Version
Traceparent
We-Hiring
X-Gzip
X-CMSURLCustom
X-Clara-WADP
X-Cache-Bucket
Mail-Subject
X-INCAP-ABP
X-Cache-Id
X-Cache-Info
Origin-EX
Origin-CC
Web-Mar-Region
X-Cache-Debug
X-Xrds-Location
X-Tx-Id
WebServer
X-Session-Fingerprint
X-Rebelmouse-Surrogate-Control
X-Hnp-Log
X-Origin-Expires
X-Rebelmouse-Cache-Control
X-Gen-Mode
X-Block-Status
CDCHOST
User-Cache-Control
Server-Hostname
Server-Ext
Fastcgi-Cache-TTL
X-Auto-Login
Sever-Int
X-WP-CF-Super-Cache-Active
X-Udemy-Cache-App-Namespace
X-Cache-Remote
X-Fastly-Cache
X-Sucuri-Cache
Ssr
X-LB-NoCache
X-Sucuri-ID
X-ND-Cache
Sid
Time
X-NWS-UUID-VERIFY
X-Fastly-Backend
X-Pod-Name
Memory
X-ATG-Version
Pics-Label
X-Azure-Ref-OriginShield
X-Newrelic-App-Data
X-Var-Ttl
X-FC-Vary-Parameters
X-Tb-Optimization-Total-Bytes-Saved
SID
X-Nf-Request-Id
X-Via-Poph
X-Trace-ID
X-Via-Popv
X-Generated-In
X-Via-Popn
X-Akamai-Transformed
Fastly-Drupal-HTML
X-Buckets
X-Ig-Push-State
X-Refresh
X-Cache-Date
AMP-Access-Control-Allow-Source-Origin
X-Presslabs-Stats
Env
X-Servedbyhost
Server-ID
X-Conf
X-Edge-Pop
X-Microcachable
Fastly-Drupal-Html
X-Cs
X-Release
X-MSEdge-Flight
X-MSEdge-Features
X-Pass-Why
X-Dmc
X-Up
X-NC
X-Fpc
X-Tumblr-Pixel-3
X-DC
X-RateLimit-Reset
X-EC-Lua
X-TRACE-ID
My-App
X-Endurance-Cache-Level
X-Esi
X-Dispatch
X-PX
X-Be
X-MCACHE
X-CS
X-ID
X-Wa
X-Lambda-Id
Magicmarker
GeoIp-Country-Code
X-TX-ID
CDN
X-Yandex-Sdch-Disable
X-CACHE-AGE
True-Client-IP
X-Zone
X-Req
X-Air-Source
X-Wikidot-Static-Cache
X-Air-Trace-Id
X-Air-Hostname
X-VCL-Version
X-Wikidot-Backend
X-NGINX-Cache
X-Webkit-CSP-Report-Only
X-Srv
X-Vc
X-Hyper-Cache
X-CACHE-KEY
X-CSRF-TOKEN
X-LB-ID
X-CF-Lambda-Fn
Hostname
CacheControlHeader
X-CF-Lambda-Version
X-App
X-Alfa-Service
True-Client-Country-4JS
X-HS-Status
X-Micro-Cache
Pramga
X-M-Log
X-M-Reqid
X-TH-Server
X-Varnish-Beresp-TTL
X-Air-Pt
X-Vcl-Version
True-Client-Ip
X-Op-Id-All
Resin-Trace
X-Qnm-Cache
C-Via
Path
X-B3-Spanid
N-Cache
GeoIP-Country-Code
Tcn
X-TrackingId
X-Check-Cacheable
Tracecode
On-Server
Proxy-Connection
Fastcgi-X-Cache-Version
X-Vercel-Cache
X-Vercel-Id
X-Platform
X-PAYTM-SRV-ID
X-SERVER-NAME
X-Edge-Origin-Shield-Region
X-FPC
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Esi-Enabled
X-Edge-Origin-Shield-Bytes
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
X-Akamai-Pragma-Client-IP
Hit
X-Datacenter
Section-Origin-Responded
GeoIP-Latitude
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-WA
X-Accel-Expires-Debug
X-Date
X-Vtex-Processado-Em
WWW-Authenticate
X-Vtex-Remote-Cache
X-Webkit-Csp-Report-Only
X-Cdn-Forward
Server-Id
X-Via-CDN
X-AIR-PT
X-Platform-Cluster
Lb
X-LAGOON
X-Geo
X-Platform-Router
X-Platform-Processor
X-ServedByHost
X-API-Version
X-RAMCache
X-Node-Id
X-SD-PageType
X-Request-Start
X-Mly-Id
X-PERF
X-ApacheServer
User-Agent
X-Edge-POP
FSS-Cache
ENV
YJS-ID
X-Old-Content-Length
X-Response-By
Cache-Key
HIT
X-Lb-Id
Yjs-Id
Cdn
X-Dw-Trace-Id
Powered-By
X-Via-PopN
X-Via-PopV
Server-Ttl
DynaTrace
X-Via-PopH
X-Proxy-CacheRZ
XkeyRZ
X-Render-Time
X-LiteSpeed-Cache-Control
DT-Hot-News
PFcat
X-CUA
X-Via-Ucdn
PICS-Label
X-HN
X-Proxy-Upstream
X-Traceid
X-UA
X-Proxy-Cache-Hk
X-Instance-Name
X-TT-LOGID
X-VarnishDD-TTL
X-LI-Proto
XM
X-Li-Pop
X-Li-Fabric
Geoip-Latitude
X-FL-EDGE
X-LI-UUID
Srvid
X-FORWARDED-FOR
X-Location
X-From
X-Cache-Ttl
Locid
Dnion-Transfer-Encoding
Sm-Log-Id
X-Service-Response-Time
X-Fastly-Backend-Reqs
X-Lb-Nocache
X-RPM
X-RPS
X-RSL
X-Webstats-RespID
X-DW
X-DSS
X-DB
X-DI
Ohc-File-Size
XServer
X-Akamai-ERPolicy
Location
X-CF-Powered-By
X-LiteSpeed-Tag
Nginx-CQVIP
X-Akamai-ERRuleID
X-Cache-Ngx
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-Request-Url
X-Fastly-Cache-Hits
X-Cache-ASPX
Vha6-Origin
X-Contensis-Viewer-Groups
X-B3-ParentSpanId
Wpo-Cache-Status
Wpo-Cache-Message
X-ElasticPress-Query
X-Cdn-Request-ID
X-Director
X-HostName
X-Varnish-Authentication
Warning
Wp-Super-Cache
X-Ips-Loggedin
CountryCode
X-DataCenter
X-Moov-Xdn-Version
X-Yottaa-OS
Fastcgi-Cache-Ttl
MIME-Version
SRV
X-Cache-Backend
X-Ftr-Request-Id
M-TraceId
X-Snapshot-Date
X-Mg-Cache
WZWS-RAY
Req-ID
X-Moov-T
X-Nc