Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
X-XSS-Protection
CF-RAY
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Request-ID
X-Request-Id
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Ws-Request-Id
X-Proxy-Cache
X-Server
X-Ua-Compatible
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Apo-Via
X-Page-Speed
X-Device
Cf-Railgun
X-Server-Id
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
X-Akam-SW-Version
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Readtime
X-Cache-Lookup
X-Ruxit-JS-Agent
X-HW
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
X-CST
X-Mod-Pagespeed
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
Accept-Ch-Lifetime
X-WebKit-CSP-Report-Only
Content-Location
X-Country
X-Content-Type
X-Mcache
X-Clacks-Overhead
X-MS-InvokeApp
Rating
X-Url
X-ECACHE
X-Vname
X-Midtier
X-TtlSet
X-PC
X-Amz-Server-Side-Encryption
X-VARITI-CCR
RTSS
Cache-Tag
X-Vcap-Request-Id
X-B3-TraceId
X-D2id
Origin-Trial
X-Element-Page-Cache
X-Litespeed-Cache
X-Kinja-Server
X-Kinja
X-Ac
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
Verso
X-Server-Name
X-Rack-Cache
X-Varnish-TTL
X-Cnection
X-Cache-TTL
Service-Worker-Allowed
X-GitHub-Request-Id
X-Powered-By-Plesk
X-Navigation-Version
X-ESI
Xkey
X-Abt-Application-Version
X-Client-IP
X-SharePointHealthScore
SPRequestGuid
X-NWS-LOG-UUID
X-Amz-Rid
Edge-Control
X-Ttl
X-Cached
X-Mg-S
X-Px
Arr-Disable-Session-Affinity
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Instrumentation
X-Server-Lifecycle-Phase
SPIisLatency
SPRequestDuration
X-Upstream
X-Fastcgi-Cache
Pagespeed
Display
Content-MD5
X-Middleton-Display
X-Sol
X-Correlation-Id
X-Dw-Request-Base-Id
X-Cache-Key
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-NF-Request-ID
Access-Control-Request-Method
Edge-Cache-Tag
X-Goog-Hash
X-RateLimit-Remaining
Front-End-Https
X-Daa-Tunnel
X-Country-Code
X-Forwarded-For
Public-Key-Pins
X-Version
X-XRDS-Location
AR-CACHE
X-Powered-CMS
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
TCN
X-Id
X-HP-Trace-Id
X-Jurisdiction
X-T
X-HP-Webp
X-MSEdge-Ref
X-Recruiting
X-Content-Digest
X-Accel-Expires
X-Middleton-Response
Response
X-Shield-Request-Id
MRF-Tech
X-B3-TraceId-Primal
X-Ser
Mrf-Cache-Status
TP-L2-Cache
TP-Cache
Nginx-Cache
X-Amzn-Trace-Id
X-Fastly-Request-ID
S
X-Request-Received
X-Request-Processing-Time
X-Hits
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
Cache-Status
X-Distributor
Server-Node
X-Edge-Location-Klb
X-Kinsta-Cache
MicrosoftSharePointTeamServices
X-Grace
X-Ratelimit-Limit
Cache-Tags
Fastcgi-Cache
Alternate-Protocol
Server-Name
X-Protected-By
X-Ruxit-Js-Agent
X-Ezoic-Cdn
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-DIS-Request-ID
X-TEC-API-VERSION
X-Ratelimit-Reset
X-Origin-Server
X-LB-Cache
X-DataDome
X-Geo-Country
X-Microsite
X-Ua-Browser
X-Request-Handler-Origin-Region
X-Rid
X-Frontend
X-TTL
X-Debug-Info
X-Varnish-Backend
X-Www-Served-By
X-Git-Hash
Cross-Origin-Opener-Policy
X-Logged-In
Filterid
Cleartype
X-NGENIX-Cache
Healthy
X-FB-Debug
X-Forwarded-Proto
Payment
X-Page-Id
X-Webkit-Csp
X-Load-Cache
X-ASPNET-VERSION
X-B3-Sampled
Charset
X-LLID
X-FastCGI-Cache
Content-Disposition
X-Ratelimit-Remaining
DC
X-PressLabs-Stats
X-Cluster-Name
X-Origin-Cache
X-VCache
X-Hostname
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MS-Author-Via
X-GUploader-UploadID
X-Goog-Metageneration
Retry-After
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Proxy
Accept-Ch
Accept-Charset
X-AppVersion
X-Activity-Id
Cross-Origin-Resource-Policy
X-F-Cache
X-Az
Paypal-Debug-Id
X-Amz-Replication-Status
X-B-Cache
X-Contextid
X-Revision
X-Signature
X-Aspnet-Duration-Ms
X-Amz-Meta-S3cmd-Attrs
X-Azure-Ref
X-Hosted-By
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-Type
X-Oracle-Dms-Rid
X-Varnish-Server
X-Oracle-Dms-Ecid
X-B
Viewport
X-App-Environment
X-Whom
X-TT
X-Aspnetmvc-Version
X-DynaTrace
X-Seen-By
X-ORACLE-DMS-RID
X-Wix-Request-Id
X-ORACLE-DMS-ECID
X-Fb-Rlafr
Realpath
Surrogate-Key
Count-Hit
X-Source
Referer-Policy
X-RateLimit-Limit
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
X-App-Server
X-Tt-Trace-Host
X-Mobile
X-Tt-Trace-Tag
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Cache-Control
Host
X-Oneagent-Js-Injection
X-EdgeConnect-Cache-Status
X-N
X-Varnish-Grace
X-HTML-Minification-Powered-By
X-Response-Served-From
X-Tumblr-Pixel-1
Version
X-Tumblr-Pixel
X-Original-Request-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Magnolia-Registration
X-UUID
X-Cache-Time
X-Cache-Rule
X-Varnish-Age
Refresh
X-Cache-Status-Check
Access-Control-Request-Headers
Section-Io-Cache
MS-CV
Ms-Operation-Id
SD-X-WS
X-Rule
X-Envoy-Decorator-Operation
X-RTag
X-Adobe-Loc
X-Cache-Expired-At
X-Environment-Context
X-Adobe-Content
Protected
X-Cacheable-TTL
X-Cache-Grace
X-Content-Powered-By
X-FW-Dynamic
X-Framework
X-FW-Version
X-L-Path
X-Page-View
X-RemovedCookies
X-ProcessESI
X-FW-Type
X-Jobs
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Server
X-Rendered-As
Akamai-GRN
X-Status
VIX-Pulpo-Node
X-B3-Traceid
VIX-Pulpo-Upstream-Status
NGB
X-Device-Type
X-Language
X-G
X-Is-Bot
X-User-Agent
X-NYM-Debug-Backend
Url
GEO-INFO
X-Http-Reason
X-Servername
X-Backend-Name
X-Instance
X-Template
X-Debug-IsPreview
X-Newrelic-App-Data
X-Nginx-Cache
X-Akamai-Request-ID2
X-Debug-IsConnected
X-Cache-Age
X-Drupal-Cache-Contexts
X-Trace-Id
SRV
X-Drupal-Cache-Tags
From-Origin
X-Cache-Hit
X-CDN-Forward
WPO-Cache-Message
WPO-Cache-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
CDN-RequestId
X-Tb
X-Region
X-URL
Country
Front
Accept-Language
Pinterest-Version
X-Node-Name
Pinterest-Generated-By
X-Pinterest-Rid
X-Tt-Logid
Backend
X-Real-IP
X-Amzn-RequestId
X-Amz-Apigw-Id
X-VC-Cache
Uber-Trace-Id
X-Content-Options
X-XRDS-LOCATION
X-Mode
Fastly-SIE
Fastly-Drupal-HTML
X-COUNTRY
Fastly-SWR
Content-Secure-Policy
X-DynaTrace-JS-Agent
X-Unique-Id
Meta-Geo
X-TIME
X-Generation-Time
X-UPSTREAM-Address
X-Cache-Operation
Filters
X-RN-RSRV
X-Tumblr-Pixel-2
X-Rewrite-Enabled
X-Amzn-Remapped-Content-Length
X-Proxy-Cache-Info
X-Rocket-Nginx-Serving-Static
Azure-SlotName
Onion-Location
Azure-SiteName
X-Web-Node
Azure-Version
CF-IPCountry
Azure-InstanceId
X-Zen-Fury
Webserver
X-IPS-LoggedIn
Azure-RegionName
X-Cache-Server
X-Reqid
X-Proxy-Cache-Status
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Time
X-Locale
X-Fastly-Request-Id
X-Cache-Action
X-Cache-Host
X-Cms-Context
X-Debug
X-Adobe-Source
X-Server-W
X-PHP-Backend
X-Sucuri-Cache
X-Ua
X-Via-Fastly
X-Sql-Duration-Ms
X-Sucuri-ID
X-Sql-Count
X-Skip-Cache
X-Soup
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestCountryCode
X-Varnish-Beresp-Grace
CDN-PullZone
X-GeoCode
X-Handled-By
X-GeoCountry
CDN-Uid
Cache-Name
CDN-Cache
X-BYPASS-REASON
X-Content-Age
Webcakes-App-Name
Cache-Hits
X-SRV
X-VWS-Id
Property-Id
X-AWS-Id
S-Rt
TWC-Connection-Speed
ServerID
X-LJ-Flow-ID
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Proto
X-PHP-Host
X-ProxyCache-Key
X-ProxyCache-Status
Webcakes-Region
TWC-Privacy
X-R9-Blue-Green-Version
X-Labrador-Cache-Channel
X-Origin-Hint
X-Site-Version
Webcakes-App-Version
Apigw-Requestid
X-UA-Device-Type
TWC-Device-Class
TWC-GeoIP-Country
X-Ms-Version
Node
X-Ms-Request-Id
X-Access
X-Cache-TTL-Remaining
X-LAGOON
X-Proxy-Build
X-Proxied
X-No-Session
X-Routing-Service
X-SaId
X-Zipkin-Id
X-Section
X-LSADC-Cache
X-JoinUs
X-Edge-Location
X-Detected-As
X-Cluster-Node
X-Extlb
X-FB-TRIP-ID
X-Forwarded-Host
X-Format
X-Cluster
X-Timing-Wait
Web-Mar-Node
Selected-Fe
DB-Nickname
X-Tec-Api-Origin
X-WP-CF-Super-Cache
Locale
X-WP-CF-Super-Cache-Cache-Control
X-Tec-Api-Version
WP-Super-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
Mime-Version
Cross-Origin-Window-Policy
X-Tec-Api-Root
Mn-Server-Ip
X-IPLB-Instance
Fastcgi-Useragent
X-Times
X-IPLB-Request-ID
X-Request-Time
Liferay-Portal
X-Hl-Ver
X-Xfnlog-Site
X-Air-Trace-Id
X-Tumblr-Pixel-3
X-Optimistic-Header
X-Air-Source
X-CACHE-AGE
X-Air-Hostname
ServedBy
X-Cache-Debug
X-Redis-Cache
X-ECache
Source
Upgrade-Insecure-Requests
X-TNCMS
X-Buckets
X-Loop
Xserver
X-Origin-Date
X-Mg-Request-UUID
X-NWS-UUID-VERIFY
X-Generated-By
X-Akamai-Transformed
X-GEO
Countrycode
X-Uri
CF-Cached-On
X-Varnish-Hits
X-Director
X-Cdn
X-Pass-Why
X-Tid
X-Presslabs-Stats
X-Storage
Xet-Cookie
X-Varnish-Beresp-Ttl
Frame-Options
X-ARC
X-TA-CDN-Provider
X-FireWall-Port
X-Origin-TTL
X-Newrelic-Synthetics
X-Origin-CC
X-Tx-Id
X-Varnish-Ttl
X-Service
X-Esi
X-Varnish-Cache-Hits
X-Varnish-Hostname
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShardId
Cache-Tv-Group
X-DC
Environment
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Endurance-Cache-Level
X-Request-Host
X-App-Version
MD5-Digest
Edge-Cache
Surrogated-Key
X-BBC-Edge-Cache-Status
X-Loc
X-RM-Cache-TTL
X-Epic-Correlation-Id
X-TIM-N
X-Ec-GeoHdr
T-Server
X-Ec-Fail
X-Vdms-Version
X-SRCache-Key
Origin
X-Cache-NE
X-S-Cookie
X-Aed
X-INCAP-ABP
TDXMobile
X-Level-Front-Cache
X-A-Dam
X-We-Are-Hiring
Req-Svc-Chain
Xc-Version
X-ScT
A
X-Generated-On
X-Gdpr
Candidate-Md5Url
BehaviorPad-Version
X-Frame-Option
X-External-Request-Id
DCR-Decision-By
Rendered-Blocks
Sslversion
WWW-Authenticate
X-Core-Value
X-Thinkindot-L3
X-Bc-Bl
X-ServerID
DCR-Processing-Time-Ms
X-BCube-Filmed-By
Release
X-S
Ngx.Var.Host
Host-ID
X-A-Dcw
Server-Info
X-A-Dgt
X-Served-From
X-S-Maxage
Lang
X-Cache-Info
X-Rojux
X-Destination
Memcached
Meta-Geo-Continent
X-A-Ccd
X-CMSURLCustom
X-D
X-Processor
X-A-Wwc
X-A
X-Origin-Time
X-Developer
X-B3-Spanid
Redirect-Candidate
X-Application
Thinkindot-Control
Gannett-Cam-Experience-Id
Thinkindot-CacheControl-Type
X-Mobile-URL
Odigeo-Trace-Id
X-B-Cookie
Thinkindot-CacheControl
X-Nyt-Route
X-Vdms-Path
X-Mid
SID
X-DefElseHash
CloudFront-Viewer-Country
X-Thanos
X-Core-Mission
Click-Count-Action-Start
Cluster
X-Fmm-Version
X-Gamma-Serve
Fastly-GeoIP-CountryCode
Click-Count-Error
X-Cdn-Origin
Magicmarker
X-Clara-WADP
X-CUA
X-VServer
X-Vmg-Version
X-Ec-Custom-Error
Fastly-Backend-Name
X-Cache-Bucket
X-DefHash
Country-Code
DSUID
X-WA-Info
X-Fetched-On
X-Varnish-CookieHashed-On
Tube-Return
X-SVT-ORM-RULES
X-VG-TLSProxy
X-Sn-Servicetimems
X-Sigma-Backend
Tube-Got-Results
X-SVT-ORM-VERSION
X-Old-Content-Length
X-Auto-Login
X-Origin-Response-Time
Tube-Get-Contents
Tube-Got-Eval
X-Sigma
X-Akamai-Device-Characteristics
X-Platform-Processor
X-Platform-Cluster
X-Pool
X-Platform-Server
X-Platform-Router
X-Req
X-Restarts
X-SD-PageType
X-Trace-ID
X-SB
X-Rocket-Build-Number
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Geo-Header
X-WADP-Cache
X-Worker
X-WP-CF-Super-Cache-Active
X-Conf
AKAMAI
Apple-News-Services-Handled
C-Via
Cache-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Server-Host
X-GeoIP-City
X-Human
X-Httpd
X-Is-Gdpr
X-JWT-State
X-Location
State
X-HS-Content-Campaign-Id
X-Bip
X-Has-Esi
Ssr
X-Test
Cache-Key
X-AIR-PT
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
X-Parent-Response-Time
X-Var-Ttl
X-Variation
X-V-Cache
X-App
X-Up
X-Varnish-Beresp-Status
X-Origin
X-Nginx-Cache-Key
X-Azure-Ref-OriginShield
X-Node-Id
X-NodeID
X-Owner
X-Planisys-CDN-Cache
X-Region-Sid
X-Request-Start
X-Scale
X-Slack-Backend
X-Qloud-Router
X-Accel-Buffering
X-Planisys-CDN-Rules
X-Ad-Defer-Variation
X-Planisys-CDN-TTL
X-Accel-Expires-Debug
X-Nananana
X-Minions-Version
X-Fastly-Backend
X-Gen-Mode
X-Cache-Backend
X-GeoIP
X-Esi-Check
X-DPWN-IS-SECURE
X-Device-Os
X-Cache-FS-Status
X-Dispatcher-Number
X-Dispatcher-Server
X-Block-Status
X-GeoIP-Country-Code
X-Varnishpool
X-Cdn-Srv
X-Ckpd-Fst-Backend
X-Men
X-Date
X-Developers
X-GeoIP-Region-Code
X-Gzip
X-Hash
X-Hnp-Log
X-Cache-Id
CacheControlHeader
Mail-Subject
Machine
Kp-EeAlive
Is-Eu
NGX
NM-Fastcgi-Cache
Platform
Origin-EX
On-Server
X-Org
Gh-Request-Id
Datacenter
Cmstype
Cmsid
Decoy-Debug-Key
Decoy-Debug-Status
X-Wix-Viewer-Type
Adler-Geo
Decoy-Debug-TTL
Producers
Origin-CC
User-Cache-Control
We-Hiring
Server-Hostname
Vix-Hermes-Req-Id
Sever-Int
Web-Mar-Region
Svr
Server-Ext
X-Pubstack
X-Slack-Shared-Secret-Outcome
Wxu-Next-Region
X-Platform
X-Refresh
Cache-Provider
Wxu-Next-Hostname
CDCHOST
X-FC-Vary-Parameters
Wxu-Next-Commit
X-Server-IP
Canary
L
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-NCache
X-Forwarded-Site
X-Cache-Tags
X-Cached-By
Pics-Label
X-LB-NoCache
X-CacheTTL
X-Op-Id-All
X-CSRF-Token
X-Webkit-CSP-Report-Only
PFcat
X-Via-Popv
X-VarnishDD-TTL
X-Cache-Remote
Fastly-SSL
X-Cache-Date
X-Via-Poph
X-HN
X-Via-Popn
Cdn
X-Microcachable
X-Mvc-Supplant-OutputCached
HostName
X-HA-Backend
Ha-Gx-Prefs
X-Csrf-Jwt
L5d-Success-Class
X-Aicache-OS
X-CGP
HA-Ipaddr
X-Eu-Site
X-AK-Request-ID
X-Servedbyhost
GeoIP-Latitude
Env
X-Mly-Id
X-Tb-Optimization-Total-Bytes-Saved
Cdncip
Cdnsip
X-VC
Server-ID
X-RCS-CacheZone
Load-Balancing
X-Zone
X-APP-VERSION
X-Gateway-Skip-Cache
Time
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Fastly-Cache
Memory
X-LB-ID
X-API-Version
X-Webkit-CSP
X-ZONE
X-Wa
X-DataCenter
X-Nc
X-Fpc
X-ND-Cache
X-Origin-Expires
Cache
X-Vc
X-Check-Cacheable
X-Response-By
X-Release
X-Instance-Name
X-Via-NSCOPI
Eomportal-Instance
X-HS-Status
X-Generated-In
AMP-Access-Control-Allow-Source-Origin
X-Correlation-ID
X-CCDN-CacheTTL
X-Client-Ip
X-Vgn-Hpd-Variations-Key
X-From
Ngx-Var-Key
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Micro-Cache
X-Vgn-Hpd-Ssi
Expect-Staple
X-Vgn-Hpd-Cached
OT-Force-Account-Verify
Hostname
X-Api-Version
X-Edge-Pop
Srvid
X-Via-CDN
X-Cache-Enabled
X-FL-QIT-DEBUG
X-CS
X-FL-EDGE
Locid
NtCoent-Length
GeoIp-Country-Code
X-Request-URI
IsBot
X-Via-SSL
X-CSRF-TOKEN
Edge-Copy-Time
X-Via-Edge
X-SIPLIST1
X-Provided-By
X-NGINX-Cache
X-Cache-NGX
X-MCACHE
X-VCL-Version
X-Info
Srv
X-Proxy-CacheRZ
X-Srv
X-NewRelic-App-Data
X-Via-JSL
XkeyRZ
X-Dc
X-Amz-Meta-Cb-Modifiedtime
X-Lambda-Id
X-Nf-Request-Id
True-Client-IP
Uri
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Vcl-Version
Sid
True-Client-Ip
X-Air-Pt
X-EC-Lua
X-B3-SpanId
Path
X-Render-Time
Location
VNS-Cache
CPC-Cache
CPC-Age
Resin-Trace
VNS-Age
X-Vtex-Remote-Cache
X-Cs
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Cache-Expires
Fastly-Drupal-Html
X-Oss-Request-Id
X-Server-ID
Request-ID
X-TH-Server
X-Edge-POP
GeoIP-Country-Code
Servername
X-Fastly-Country-Code
CDN
X-VCT
X-Datadome
Cross-Origin-Opener-Policy-Report-Only
X-CACHE-KEY
X-CLOUD-TRACE-CONTEXT
X-TX-ID
X-ATG-Version
X-Moov-Xdn-Version
X-Cache-ASPX
X-Varnish-Authentication
Traceparent
X-Scheme
Esi-Enabled
X-MSEdge-Flight
X-Moov-T
X-Contensis-Viewer-Groups
X-MSEdge-Features
X-Varnish-Beresp-TTL
X-Accel-Version
X-PERF
X-Cdn-Request-ID
X-Viewer-Country
X-Pod-Name
M-TraceId
X-FPC
YJS-ID
Timeexpire
X-ApacheServer
X-Akamai-Pragma-Client-IP
X-Upstream-Ct
LB
X-Upstream-Ht
X-RateLimit-Limit-Second
X-RateLimit-Reset
X-RateLimit-Remaining-Second
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Datacenter
X-WA
X-PAYTM-SRV-ID
CountryCode
X-Udemy-Cache-App-Namespace
X-Cache-Type
X-Cdn-Cache-Status
Sm-Log-Id
X-Service-Response-Time
X-SERVER-NAME
X-NC
X-Lb-Id
Server-Id
Powered-By
X-NAPM-TraceId
FSS-Cache
XServer
X-Geo
Rip
HIT
X-Srcache-Fetch-Status
Ohc-File-Size
N-Cache
X-CDN-Cache-Status
X-Srcache-Store-Status
Proxy-Connection
X-Wikidot-Static-Cache
X-Wikidot-Backend
RNT-Time
X-ServedByHost
RNT-Machine
X-Cdn-Forward
Tracecode
Geoip-Latitude
V-Age
X-Bl-Debug
X-LiteSpeed-Cache-Control
X-Hyper-Cache
X-Orig-Expires
X-Forwarded-Path
Epwk-X-Cache
True-Client-Country-4JS
X-Tenant
X-Shop-Environment
X-Clientip
X-TraceId
ENV
X-Lb-Nocache
Yjs-Id
WZWS-RAY
XM
X-Ha-Backend
X-VG-WebCache
X-B3-Trace-ID
X-M-Reqid
X-M-Log
X-B3-ParentSpanId
Content-Script-Type
Content-Style-Type
X-MP-GENERATED-AT
X-App-Name
X-Serial
X-Swift-Error
Ec-Rule-Version
X-Rebelmouse-Surrogate-Control
X-Fastly-Backend-Reqs
X-B3-Parentspanid
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Rebelmouse-Cache-Control
X-Vgn-Hpd-Reason
Ngx
Inserted-Into-Cache-At
X-Dw-Trace-Id
X-Amz-Meta-Opti
User-Agent
X-Policy
X-Qnm-Cache
X-Wp-Cf-Super-Cache
X-Iplb-Request-Id
X-Wp-Cf-Super-Cache-Cache-Control
X-TT-LOGID
X-Iplb-Instance
X-Lsadc-Cache
X-F-Status
X-RAMCache
X-Fastly-Cache-Hits
X-Acquia-Purge-Tags
Lb
X-Acquia-Application-Trace
Hit
X-Acquia-Application-UUID
X-Acquia-Site
X-LiteSpeed-Tag
X-Mid-Debug-Cache-Key
X-Mid-Debug-Cache-Disk
X-IPS-Cached-Response
X-Request-URL
X-Cache-Ngx
X-MiniProfiler-Ids
X-UP
Warning
Cneonction
X-Th-Server
X-Cdn-Diag
Pramga
My-App
X-Stale
MIME-Version
X-Snapshot-Date