Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
X-Request-ID
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
X-Via
X-Cache-Group
X-Robots-Tag
Server-Timing
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Ws-Request-Id
X-Age
Host-Header
P3p
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
Cf-Edge-Cache
X-LiteSpeed-Cache
Allow
X-Akamai-Path-Stats
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Nginx-Cache-Status
X-Page-Speed
X-Aws-Lambda-Call-Status
X-Host
Accept-CH
X-Node
X-OneAgent-JS-Injection
X-Pingback
Cf-Railgun
X-Cache-Spec
Request-Id
Surrogate-Control
EagleEye-TraceId
X-Server-Id
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
Accept-CH-Lifetime
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-Url
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-MS-InvokeApp
X-Edge
X-Amz-Server-Side-Encryption
X-Rack-Cache
Edge-Control
X-Nginx-Upstream-Cache-Status
X-Ruxit-JS-Agent
X-Vname
X-PC
X-TtlSet
X-B3-TraceId
X-Content-Type
X-Mod-Pagespeed
X-ESI
X-Vcap-Request-Id
X-Use-Magma
X-D2id
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Oneagent-Js-Injection
X-Kinja-Revision
X-Exp-Id
Xkey
Verso
X-GitHub-Request-Id
X-Mcache
X-Amz-Rid
Cache-Tag
X-VARITI-CCR
X-Powered-By-Plesk
X-CST
RTSS
X-Varnish-TTL
Service-Worker-Allowed
X-ECACHE
X-Upstream
X-Ruxit-Js-Agent
X-Navigation-Version
X-Abt-Application-Version
X-Version
X-Cached
X-FastCGI-Cache
X-Client-IP
X-Cnection
X-Dw-Request-Base-Id
X-Ac
X-Px
X-Element-Page-Cache
SPRequestGuid
X-SharePointHealthScore
X-Instrumentation
X-Server-Name
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Arr-Disable-Session-Affinity
Public-Key-Pins
X-Cache-TTL
SPIisLatency
SPRequestDuration
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Ttl
X-NWS-LOG-UUID
X-Country-Code
Permissions-Policy
X-Ser
Accept-Ch
X-Cache-Key
X-RateLimit-Remaining
X-Midtier
Response
X-Middleton-Response
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-Forwarded-For
Content-MD5
X-SRCache-Store-Status
X-Correlation-Id
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-DataDome
Front-End-Https
X-Shield-Request-Id
X-NF-Request-ID
X-MSEdge-Ref
Cf-Apo-Via
X-Recruiting
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
Nginx-Cache
X-T
AR-SID
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-CACHE
X-Accel-Expires
MicrosoftSharePointTeamServices
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Daa-Tunnel
X-RateLimit-Limit
X-Powered-CMS
TCN
X-Litespeed-Cache
X-Grace
X-Mg-S
X-Id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Content-Digest
X-TEC-API-ROOT
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Server-Node
X-Request-Received
Filters
Server-Name
X-Request-Processing-Time
X-Amzn-Trace-Id
X-Frontend
X-Fastcgi-Cache
MS-Author-Via
X-Distributor
X-Geo-Country
X-XRDS-Location
S
Fastcgi-Cache
X-Protected-By
X-LLID
Cache-Status
X-Language
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-LB-Cache
X-PressLabs-Stats
X-Origin-Server
Cross-Origin-Opener-Policy
X-Ezoic-Cdn
Count-Hit
X-Request-Handler-Origin-Region
X-B3-Sampled
X-TTL
X-Forwarded-Proto
X-FB-Debug
Host
X-Microsite
X-Page-Id
Charset
X-F-Cache
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
X-Ab
X-Ua-Browser
Payment
X-Seen-By
Filterid
X-Fastly-Request-Id
X-Cache-Age
X-VCache
X-Cluster-Name
X-ASPNET-VERSION
Surrogate-Key
Realpath
X-Rid
X-Origin-Cache
Accept-Charset
X-Ratelimit-Reset
Cache-Tags
X-NGENIX-Cache
X-Template
Alternate-Protocol
X-Www-Served-By
Access-Control-Allow-Method
Retry-After
X-Webkit-Csp
X-Logged-In
X-Az
X-AppVersion
X-Activity-Id
X-DynaTrace
X-Upgrade-Enabled
X-DIS-Request-ID
X-Fastly-Request-ID
Cleartype
X-Tb
X-Varnish-Grace
X-TT
X-Route-Name
X-Varnish-Backend
X-Flags
X-Providence-Cookie
X-Amz-Replication-Status
X-Aspnet-Duration-Ms
X-Request-Guid
X-Is-Crawler
X-App-Environment
X-B
X-B-Cache
X-Wix-Request-Id
X-Type
X-Source
X-Signature
X-Envoy-Decorator-Operation
X-Node-Name
X-Hostname
Paypal-Debug-Id
DC
Frame-Options
X-Drupal-Cache-Tags
ServerID
X-Debug
X-Revision
X-Proxy
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Contextid
X-Server-ID
X-Mobile
X-Content-Options
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Amp-Access-Control-Allow-Source-Origin
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Load-Cache
X-Cache-Rule
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Cache-Control
X-N
Node
X-Magnolia-Registration
Country
Refresh
X-Content
Referer-Policy
X-Response-Served-From
X-Original-Request-Id
X-Whom
X-User-Agent
X-EdgeConnect-Cache-Status
NGB
X-Environment-Context
X-Debug-IsPreview
X-Debug-IsConnected
Access-Control-Request-Headers
X-Cache-TTL-Remaining
X-L-Path
X-Cacheable-TTL
X-Framework
X-Unique-Id
Uber-Trace-Id
Url
X-Mid
X-G
VIX-Pulpo-Upstream-Status
X-Real-IP
X-Jobs
X-Yottaa-Optimizations
X-Content-Powered-By
X-Page-View
X-Servername
X-Akamai-Request-ID2
Viewport
X-Yottaa-Metrics
VIX-Pulpo-Node
X-Adobe-Content
X-Adobe-Loc
Content-Disposition
X-Rendered-As
X-NYM-Debug-Backend
X-Varnish-Server
X-Varnish-Age
X-Status
X-Is-Bot
X-Cache-Time
Akamai-GRN
X-Cache-Grace
X-ProcessESI
Srv
X-RemovedCookies
Countrycode
X-Ratelimit-Remaining
X-Instance
X-Time
Version
X-Drupal-Cache-Contexts
X-Mg-Request-UUID
X-COUNTRY
X-CDN-Forward
X-Restarts
X-Http-Reason
X-Via-JSL
X-App-Server
X-Cache-Expired-At
Accept-Language
X-XRDS-LOCATION
Healthy
X-Cache-Hit
Protected
X-Debug-Info
X-APP-VERSION
X-IPLB-Instance
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-IPLB-Request-ID
X-Hosted-By
X-Tumblr-Pixel
X-Cache-Operation
Cross-Origin-Resource-Policy
X-Trace-Id
X-Azure-Ref
X-Nginx-Cache-Key
X-Ratelimit-Limit
X-Device-Type
X-Tt-Logid
X-Backend-Name
X-Akamai-Edgescape
Section-Io-Cache
Liferay-Portal
Backend
X-FW-Hash
Fastcgi-Useragent
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-FW-Serve
Server-Info
X-FW-Server
Content-Secure-Policy
X-RTag
X-Api-Version
MS-CV
X-Cache-Action
Ms-Operation-Id
X-Rule
X-RN-RSRV
Meta-Geo
X-Storage
X-UPSTREAM-Address
Load-Balancing
X-Mobile-URL
X-Proxy-Cache-Status
X-Cache-NGX
X-VC-Cache
GEO-INFO
X-Mode
X-Varnish-Beresp-Grace
X-Content-Age
X-Proto
X-Shopify-Stage
X-Site-Version
X-Skip-Cache
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Region
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Sorting-Hat-ShopId
X-Sql-Count
X-Varnishpool
X-VWS-Id
CF-IPCountry
X-Handled-By
X-Varnish-Hostname
X-Uri
X-Sql-Duration-Ms
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Redis-Cache
X-PHP-Host
CDN-Uid
Locale
S-Rt
X-Adobe-Source
CDN-RequestId
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
X-AWS-Id
X-Cache-Enabled
X-No-Session
X-OCL
X-PCL
X-PHP-Backend
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Cms-Context
X-Edge-Location
X-Forwarded-Host
CDN-Cache
X-Alternate-Cache-Key
X-UUID
X-ProxyCache-Status
X-Request-Time
X-ProxyCache-Key
X-Proxy-Build
X-Routing-Service
X-ServerID
X-Via-Fastly
X-UA-Device-Type
X-Timing-Wait
X-Proxied
X-Section
X-HTML-Minification-Powered-By
X-Detected-As
X-Cache-Type
X-Cache-Server
X-BYPASS-REASON
X-Extlb
X-FB-TRIP-ID
X-Hl-Ver
X-GeoCountry
X-GeoCode
X-Generated-By
X-Web-Node
X-Xfnlog-Site
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
X-Format
X-Generation-Time
X-Varnish-Cache-Hits
X-Origin-Hint
X-Locale
TWC-GeoIP-Country
TWC-Device-Class
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Zipkin-Id
Azure-SlotName
Azure-Version
TWC-Connection-Speed
Property-Id
Onion-Location
X-Access
TWC-GeoIP-LatLong
Selected-Fe
Mn-Server-Ip
X-SRV
Eomportal-Instance
Apigw-Requestid
DB-Nickname
X-Server-W
X-R9-Blue-Green-Version
X-Cache-Host
X-Cache-Status-Check
Web-Mar-Node
X-Storefront-Renderer-Rendered
X-Nginx-Cache
X-Tid
X-SaId
X-Ms-Version
X-Origin-Date
X-Ms-Request-Id
X-URL
WP-Super-Cache
X-JoinUs
Cache-Name
Xserver
X-Datadome
X-FireWall-Port
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-DynaTrace-JS-Agent
X-Zen-Fury
ServedBy
X-Amzn-RequestId
X-ECache
X-App-Version
X-LSADC-Cache
X-Amz-Apigw-Id
X-Human
X-Varnish-Ttl
X-B3-Traceid
Source
X-TNCMS
X-Loop
X-Debug-Cache
X-Cache-Tags
X-Ua
Xet-Cookie
Cache
X-TA-CDN-Provider
X-RCS-CacheZone
X-Reqid
X-GEO
X-Cached-By
X-Varnish-Hits
X-Soup
X-Amzn-Remapped-Content-Length
SD-X-WS
X-Correlation-ID
X-MP-GENERATED-AT
X-Pubstack
X-Newrelic-Synthetics
X-Aspnetmvc-Version
Cross-Origin-Window-Policy
Origin
X-Vgn-Hpd-Reason
X-Dc
X-Cdn
WPO-Cache-Status
X-Webkit-CSP
WPO-Cache-Message
X-Provided-By
X-Tumblr-Pixel-2
From-Origin
LB
X-Origin-TTL
X-Service
X-Varnish-Beresp-Ttl
X-Origin-CC
X-IPS-LoggedIn
Webserver
X-AOL-HN
Rip
X-Tec-Api-Origin
X-Tec-Api-Version
X-Via-NSCOPI
X-B3-SpanId
X-Tec-Api-Root
X-FW-Version
X-GG-Cache-Date
X-Platform-Server
X-Request-Host
X-Owner
X-Orig-Expires
X-NAPM-TraceId
X-Destination
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-AK-Request-ID
X-Aed
Host-ID
Lang
X-A
Surrogated-Key
Rendered-Blocks
Sslversion
T-Server
Odigeo-Trace-Id
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
X-Application
X-ARC
BehaviorPad-Version
X-D
X-Connection-Hash
X-Developer
A
X-External-Request-Id
X-Ec-GeoHdr
X-Ec-Fail
Cdncip
Cdnsip
X-BCube-Filmed-By
X-Bc-Bl
X-B-Cookie
Expiry
Environment
DCR-Decision-By
DCR-Processing-Time-Ms
X-Cache-NE
X-Forwarded-Path
X-PBS-Appsvrname
X-Tenant
X-SRCache-Key
X-User
X-Rojux
X-CSRF-Token
X-Processor
X-TIM-N
X-NewRelic-App-Data
X-Rewrite-Enabled
X-S
Xc-Version
X-ScT
X-Vdms-Version
X-Served-From
X-Shop-Environment
X-VG-WebCache
X-Vdms-Path
X-Trace-ID
HostName
X-S-Cookie
X-Cluster-Node
Mime-Version
X-VC
OT-Force-Account-Verify
X-Aicache-OS
X-Bip
X-Dispatcher-Number
X-Thanos
Machine
X-Generated-On
X-Parent-Response-Time
CPC-Cache
Redirect-Candidate
CPC-Age
X-Pool
X-Level-Front-Cache
VNS-Age
VNS-Cache
X-Varnish-Beresp-Status
X-Qloud-Router
X-Accel-Buffering
Upgrade-Insecure-Requests
X-TIME
X-WA-Info
X-Nf-Request-Id
X-Sn-Servicetimems
X-BBC-Edge-Cache-Status
X-Cache-Bucket
X-Cdn-Origin
State
X-Sigma
X-CGP
X-CacheTTL
X-Sigma-Backend
X-Branch-Name
X-SIPLIST1
X-Cache-Id
X-Cache-Info
X-Slack-Backend
X-Varnish-Remaining-TTL
Wxu-Next-Region
X-Thinkindot-L3
X-V-Cache
X-Ckpd-Fst-Backend
Wxu-Next-Hostname
Tube-Got-Results
Tube-Return
V-Age
Vix-Hermes-Req-Id
Wxu-Next-Commit
Tube-Get-Contents
Traceparent
TDXMobile
X-Ad-Defer-Variation
X-Variation
X-SplitTest
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Varnish-CookieHashed-On
Thinkindot-CacheControl
X-Varnish-CookieINHashed-On
X-Scale
X-RateLimit-Remaining-Second
X-Region-Sid
X-RateLimit-Limit-Second
X-Irp-Debug
X-Minions-Version
X-Loc
X-Hash
X-Gzip
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-GeoIP
X-GeoIP-City
X-Request-URI
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
Servername
X-Origin-Response-Time
X-Policy
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Origin
X-Worker
X-WADP-Cache
X-VServer
X-NodeID
X-Wix-Viewer-Type
X-Optimistic-Header
X-VG-TLSProxy
X-Gateway-Cache-Status
X-Planisys-CDN-Rules
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-DefElseHash
X-SB
X-DefHash
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Cluster
X-Clientip
X-CMSURLCustom
X-Core-Mission
X-Core-Value
X-S-Maxage
X-Device-Os
X-Rocket-Build-Number
X-Fmm-Version
X-Forwarded-Site
X-Gamma-Serve
X-Gateway-Cache-Key
X-Fetched-On
X-Rocket-Nginx-Serving-Static
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Epic-Correlation-Id
X-Esi-Check
X-Eu-Site
X-Clara-WADP
Tube-Got-Eval
Cmstype
L5d-Success-Class
L
Kp-EeAlive
Memcached
Cmsid
NGX
Decoy-Debug-TTL
Mobile-Detection-Method
IsBot
Is-Eu
Decoy-Debug-Key
Fastly-SWR
Fastly-SSL
Fastly-SIE
Decoy-Debug-Status
Apple-News-Services-Host
HA-Ipaddr
Ha-Gx-Prefs
Country-Code
Click-Count-Error
NM-Fastcgi-Cache
Req-Svc-Chain
Release
Cache-Host
Producers
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Cache-Hits
Server-Host
Apple-News-Services-Parsed-Url
Fastly-GeoIP-CountryCode
Platform
Origin-EX
Origin-CC
Click-Count-Action-Start
DSUID
Adler-Geo
Canary
Candidate-Md5Url
X-Cache-Debug
X-Tx-Id
Server-Hostname
CloudFront-Viewer-Country
CDCHOST
X-Developers
X-Scheme
X-Viewer-Country
Ec-Rule-Version
X-Cdn-Srv
X-INCAP-ABP
X-JWT-State
Mail-Subject
X-Is-Gdpr
We-Hiring
X-HS-Content-Campaign-Id
Gh-Request-Id
X-NCache
Sever-Int
Server-Ext
X-ZONE
Svr
User-Cache-Control
X-Hnp-Log
Fastly-Backend-Name
X-Nyt-Route
X-Origin-Time
X-Block-Status
X-Gen-Mode
X-Geo-Header
X-Auto-Login
X-Has-Esi
X-Gdpr
Cache-Tv-Group
X-Cache-Remote
X-WP-CF-Super-Cache-Active
X-Proxy-Cache-Info
Fastcgi-Cache-TTL
X-LB-NoCache
Web-Mar-Region
Cluster
Datacenter
X-Sucuri-Cache
X-Sucuri-ID
AKAMAI
X-Newrelic-App-Data
X-Udemy-Cache-App-Namespace
X-FC-Vary-Parameters
Fastly-Drupal-HTML
X-Rebelmouse-Cache-Control
Memory
Time
X-Origin-Expires
Pics-Label
X-Rebelmouse-Surrogate-Control
SID
X-Azure-Ref-OriginShield
X-Session-Fingerprint
X-Var-Ttl
X-ATG-Version
X-ND-Cache
X-Presslabs-Stats
X-Fastly-Cache
Ssr
X-Fastly-Backend
X-Tb-Optimization-Total-Bytes-Saved
WebServer
X-Generated-In
X-Via-Popv
X-Pod-Name
X-Via-Popn
X-Via-Poph
Sid
X-DC
X-NWS-UUID-VERIFY
Env
X-Akamai-Transformed
Server-ID
X-Servedbyhost
AMP-Access-Control-Allow-Source-Origin
X-Ig-Push-State
X-Cache-Date
X-RateLimit-Reset
X-Refresh
X-Buckets
X-Xrds-Location
X-VHOST
X-Conf
X-Release
X-Pass-Why
X-Up
X-Edge-Pop
X-Fpc
X-Cs
My-App
X-Dispatch
X-EC-Lua
X-MSEdge-Features
X-Wa
X-NC
X-Microcachable
X-MSEdge-Flight
X-Tumblr-Pixel-3
X-Esi
X-Endurance-Cache-Level
X-Dmc
X-Lambda-Id
X-PX
Fastly-Drupal-Html
X-MCACHE
X-VCL-Version
X-ID
CDN
X-CS
Magicmarker
X-Req
X-Be
GeoIp-Country-Code
X-CACHE-AGE
X-Zone
True-Client-IP
X-TX-ID
X-TRACE-ID
X-Webkit-CSP-Report-Only
X-NGINX-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-LB-ID
X-CACHE-KEY
X-Srv
X-Vc
True-Client-Country-4JS
X-TH-Server
CacheControlHeader
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
Hostname
X-CSRF-TOKEN
X-Yandex-Sdch-Disable
X-Hyper-Cache
X-B3-Spanid
X-NODE
X-CF-Lambda-Version
X-Op-Id-All
X-CF-Lambda-Fn
True-Client-Ip
X-Micro-Cache
X-Air-Pt
X-HS-Status
X-M-Log
Path
GeoIP-Country-Code
X-Alfa-Service
X-App
Resin-Trace
Pramga
X-M-Reqid
C-Via
Tcn
X-Vcl-Version
X-Qnm-Cache
X-Varnish-Beresp-TTL
X-GeoIP-Region-Code
X-TrackingId
X-GeoIP-Country-Code
Tracecode
N-Cache
X-SERVER-NAME
X-Vercel-Id
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-Datacenter
X-Vercel-Cache
X-Accel-Expires-Debug
Esi-Enabled
X-Platform
WWW-Authenticate
X-Date
On-Server
NtCoent-Length
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
Section-Io-Origin-Status
Yjs-Id
X-FPC
Proxy-Connection
Section-Origin-Responded
X-Edge-Origin-Shield-Bytes
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Edge-Origin-Shield-Region
Hit
X-Akamai-Pragma-Client-IP
X-Webkit-Csp-Report-Only
X-Platform-Processor
X-Platform-Cluster
FSS-Cache
X-Vtex-Processado-Em
X-Platform-Router
X-Via-CDN
X-Response-By
X-Mly-Id
X-Edge-POP
GeoIP-Latitude
X-RAMCache
X-Node-Id
X-Old-Content-Length
X-Vtex-Remote-Cache
X-WA
X-Geo
X-LiteSpeed-Cache-Control
Lb
YJS-ID
Powered-By
X-Lb-Id
User-Agent
X-LAGOON
X-Request-Start
ENV
X-ServedByHost
X-API-Version
Cdn
X-SD-PageType
Server-Id
X-UA
X-AIR-PT
X-Cdn-Forward
X-Dw-Trace-Id
HIT
X-From
X-Via-PopH
X-Via-PopN
X-FL-EDGE
Srvid
X-Via-PopV
Locid
X-Akamai-ERPolicy
X-Client-Ip
X-Akamai-ERRuleID
X-ApacheServer
X-PERF
Cache-Key
X-CUA
DynaTrace
X-Instance-Name
X-Via-Ucdn
X-Traceid
X-LI-Proto
XkeyRZ
X-TT-LOGID
Server-Ttl
X-Render-Time
X-Proxy-CacheRZ
Dnion-Transfer-Encoding
X-Li-Fabric
Geoip-Latitude
X-LI-UUID
X-FORWARDED-FOR
X-Cache-Ttl
X-Location
X-Webstats-RespID
X-Li-Pop
Sm-Log-Id
X-Service-Response-Time
X-DB
X-DI
DT-Hot-News
XM
X-Proxy-Cache-Hk
X-Director
X-RPM
X-VarnishDD-TTL
Ohc-File-Size
X-Cache-ASPX
X-RSL
X-RPS
X-DSS
X-Contensis-Viewer-Groups
X-DW
X-Varnish-Authentication
XServer
PICS-Label
PFcat
X-Proxy-Upstream
Location
Nginx-CQVIP
X-HN
X-CF-Powered-By
X-LiteSpeed-Tag
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-Server-IP
X-Fastly-Cache-Hits
Vha6-Origin
X-Yottaa-OS
X-B3-ParentSpanId
X-Lb-Nocache
X-HostName
X-Request-Url
X-Cdn-Request-ID
Wpo-Cache-Message
Wpo-Cache-Status
X-Fastly-Backend-Reqs
X-Ips-Loggedin
CountryCode
Warning
X-Cache-Ngx
Wp-Super-Cache
SRV
CF-Cached-On
X-Test
X-Ramcache
X-DataCenter
WZWS-RAY
X-Moov-T
Fastcgi-Cache-Ttl
Req-ID
X-Moov-Xdn-Version
X-Mg-Cache
X-ElasticPress-Query