Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-Id
Access-Control-Allow-Credentials
X-Request-ID
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Status
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
X-Hacker
Host-Header
X-Ua-Compatible
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Dispatcher
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Cf-Apo-Via
X-Page-Speed
Cf-Railgun
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Pingback
X-Node
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
X-Backend-Server
EagleEye-TraceId
X-Cache-Lookup
Request-Id
X-Readtime
X-Ruxit-JS-Agent
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Content-Security-Policy-Report-Only
X-Application-Context
X-Trace
X-Response-Time
X-CST
Permissions-Policy
X-Mod-Pagespeed
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Country
Content-Location
Accept-CH-Lifetime
X-Content-Type
X-WebKit-CSP-Report-Only
X-Mcache
X-ECACHE
Rating
X-Url
X-Clacks-Overhead
X-MS-InvokeApp
X-Vname
X-TtlSet
X-PC
X-Amz-Server-Side-Encryption
X-Midtier
X-VARITI-CCR
RTSS
Cache-Tag
X-Varnish-TTL
X-Vcap-Request-Id
X-Element-Page-Cache
X-Ac
Verso
Origin-Trial
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-D2id
X-GoogleNews-Bot
X-Server-Name
X-Rack-Cache
X-Cnection
X-B3-TraceId
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-ESI
Xkey
X-GitHub-Request-Id
X-Client-IP
X-Abt-Application-Version
X-Fastcgi-Cache
X-Navigation-Version
Edge-Control
X-NWS-LOG-UUID
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-Cached
X-Px
X-Mg-S
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Browser-Type
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
Arr-Disable-Session-Affinity
X-Ttl
X-Upstream
SPIisLatency
SPRequestDuration
X-Correlation-Id
X-Cache-Key
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Litespeed-Cache
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-RateLimit-Remaining
Edge-Cache-Tag
X-Goog-Hash
X-Daa-Tunnel
Front-End-Https
X-Country-Code
Public-Key-Pins
X-XRDS-Location
X-Version
X-NF-Request-ID
X-Forwarded-For
AR-ATIME
X-Powered-CMS
AR-SID
AR-CACHE
AR-PoweredBy
AR-Request-ID
X-Id
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
TCN
X-MSEdge-Ref
X-Recruiting
X-T
X-Content-Digest
X-Accel-Expires
Response
X-Middleton-Response
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Ser
X-Shield-Request-Id
TP-Cache
TP-L2-Cache
X-Fastly-Request-ID
Nginx-Cache
S
X-Hits
X-Amzn-Trace-Id
X-Edge-Location-Klb
Cache-Status
X-Request-Received
X-Request-Processing-Time
X-Kinsta-Cache
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
X-HS-Hub-Id
X-HS-Combine-CSS
X-Distributor
X-TTL
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Grace
Alternate-Protocol
Cache-Tags
MicrosoftSharePointTeamServices
Fastcgi-Cache
Server-Name
X-Protected-By
X-DataDome
X-DIS-Request-ID
X-Ezoic-Cdn
X-Geo-Country
X-Ruxit-Js-Agent
X-LB-Cache
X-Origin-Server
X-Request-Handler-Origin-Region
X-Frontend
X-Microsite
X-Ua-Browser
X-Ratelimit-Limit
X-Rid
X-Debug-Info
Healthy
Cross-Origin-Opener-Policy
X-Varnish-Backend
X-Forwarded-Proto
X-Www-Served-By
X-NGENIX-Cache
Filterid
X-Git-Hash
Payment
X-FB-Debug
X-Logged-In
Cleartype
X-Page-Id
X-PressLabs-Stats
X-Load-Cache
X-Ratelimit-Reset
X-B3-Sampled
Charset
X-VCache
Content-Disposition
X-Webkit-Csp
X-ASPNET-VERSION
X-Origin-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-LLID
X-Cluster-Name
MS-Author-Via
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
DC
X-Hostname
X-GUploader-UploadID
X-Goog-Metageneration
X-Ratelimit-Remaining
Accept-Charset
X-RateLimit-Limit
X-Upgrade-Enabled
Access-Control-Allow-Method
Retry-After
Cross-Origin-Resource-Policy
X-Proxy
X-Activity-Id
X-Az
X-AppVersion
X-F-Cache
X-Contextid
X-Revision
X-Request-Guid
X-Route-Name
X-Seen-By
X-Signature
X-B-Cache
X-Is-Crawler
X-Type
X-Providence-Cookie
Accept-Ch
X-Amz-Replication-Status
X-Flags
X-Hosted-By
X-Aspnet-Duration-Ms
X-Wix-Request-Id
X-TT
X-B
X-Varnish-Server
X-Whom
Referer-Policy
X-Amz-Meta-S3cmd-Attrs
X-Azure-Ref
Paypal-Debug-Id
Viewport
X-B3-Traceid
X-App-Environment
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-DynaTrace
X-Source
X-Aspnetmvc-Version
Count-Hit
X-Fb-Rlafr
X-Tt-Trace-Tag
X-Tt-Trace-Host
Realpath
X-Akamai-Edgescape
X-Mobile
X-App-Server
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-FastCGI-Cache
Host
X-Cache-Control
X-EdgeConnect-Cache-Status
X-Cache-Age
X-HTML-Minification-Powered-By
Refresh
Version
X-N
X-Response-Served-From
X-Original-Request-Id
X-Oneagent-Js-Injection
X-Varnish-Grace
X-Nginx-Cache
X-Tumblr-Pixel
X-Cache-Rule
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
VIX-Pulpo-Node
X-Varnish-Age
Access-Control-Request-Headers
SD-X-WS
X-Envoy-Decorator-Operation
Section-Io-Cache
VIX-Pulpo-Upstream-Status
X-Magnolia-Registration
X-UUID
X-Cache-Status-Check
X-L-Path
X-Cache-Expired-At
X-Adobe-Loc
X-RTag
X-Newrelic-App-Data
X-Environment-Context
X-Page-View
X-Cache-Time
X-Adobe-Content
MS-CV
Ms-Operation-Id
NGB
X-Device-Type
X-Cacheable-TTL
X-Status
X-Cache-Grace
X-Content-Powered-By
X-Jobs
Protected
X-ProcessESI
X-Servername
X-Rendered-As
X-RemovedCookies
X-G
X-Is-Bot
X-Rule
GEO-INFO
X-Framework
X-Akamai-Request-ID2
X-NYM-Debug-Backend
Akamai-GRN
Url
X-FW-Version
X-Http-Reason
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
X-User-Agent
X-Instance
X-Backend-Name
X-Debug-IsConnected
X-Debug-IsPreview
X-CDN-Forward
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tb
CDN-RequestId
X-Cache-Hit
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
From-Origin
SRV
X-Pinterest-Rid
Pinterest-Generated-By
X-Tt-Logid
Pinterest-Version
WPO-Cache-Status
WPO-Cache-Message
Country
Accept-Language
X-Node-Name
X-Region
X-Trace-Id
Front
X-URL
X-Real-IP
X-VC-Cache
Fastly-Drupal-HTML
X-Time
Backend
X-Template
Uber-Trace-Id
X-Mode
X-Language
X-Content-Options
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Generation-Time
Fastly-SIE
Meta-Geo
X-Cache-Operation
X-RN-RSRV
Fastly-SWR
X-Rewrite-Enabled
X-UPSTREAM-Address
Filters
X-DynaTrace-JS-Agent
X-Tumblr-Pixel-2
Content-Secure-Policy
Webserver
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-Uid
X-Web-Node
CDN-PullZone
X-Cache-TTL-Remaining
CDN-Cache
X-Proxy-Cache-Info
X-Adobe-Source
X-Cache-Action
X-Cms-Context
X-Format
X-Section
Cross-Origin-Window-Policy
X-Sql-Count
Apigw-Requestid
X-IPS-LoggedIn
X-Proxy-Cache-Status
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Rocket-Nginx-Serving-Static
Azure-Version
X-Access
CF-IPCountry
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Cache-Server
X-WP-CF-Super-Cache-Cache-Control
X-Sql-Duration-Ms
X-WP-CF-Super-Cache
X-ProxyCache-Key
Node
X-Zen-Fury
X-PHP-Host
X-Ms-Version
X-PHP-Backend
Cache-Name
X-Labrador-Cache-Channel
X-BYPASS-REASON
X-AWS-Id
X-VWS-Id
X-Via-Fastly
X-Content-Age
X-Cluster
X-Edge-Location
ServerID
X-ProxyCache-Status
X-LJ-Flow-ID
X-GeoCountry
X-GeoCode
X-Forwarded-Host
X-Varnish-Beresp-Grace
X-Ms-Request-Id
X-UA-Device-Type
X-Debug
X-Unique-Id
X-Soup
X-Skip-Cache
X-Cache-Host
X-Sucuri-Cache
X-Reqid
X-Sucuri-ID
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
X-JoinUs
X-Urbn-Site-Id
X-Site-Version
X-Extlb
Webcakes-App-Name
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
TWC-GeoIP-Country
X-Detected-As
TWC-Device-Class
X-Proto
Onion-Location
X-Locale
X-Urbn-Context-Path
Web-Mar-Node
X-Proxied
X-Server-W
Property-Id
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
X-Zipkin-Id
X-IPLB-Request-ID
S-Rt
X-No-Session
X-IPLB-Instance
X-Amzn-Remapped-Content-Length
X-Routing-Service
X-SaId
X-Xfnlog-Site
X-LAGOON
Locale
X-Cluster-Node
Mn-Server-Ip
X-Handled-By
Mime-Version
X-Proxy-Build
X-Ua
WP-Super-Cache
X-Fastly-Request-Id
X-Timing-Wait
X-LSADC-Cache
Selected-Fe
DB-Nickname
Fastcgi-Useragent
Cache-Hits
Xserver
X-Hl-Ver
X-Request-Time
X-FB-TRIP-ID
Liferay-Portal
X-Redis-Cache
X-Cache-Debug
ServedBy
X-TIME
X-Tumblr-Pixel-3
X-TNCMS
X-SRV
Upgrade-Insecure-Requests
X-XRDS-LOCATION
X-Optimistic-Header
X-NWS-UUID-VERIFY
X-Loop
Source
X-Generated-By
X-GEO
Countrycode
X-Origin-Date
X-Mg-Request-UUID
X-Tid
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Varnish-Hits
CF-Cached-On
X-Storage
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Times
X-Uri
X-Varnish-Beresp-Ttl
X-Akamai-Transformed
X-Director
X-CACHE-AGE
Xet-Cookie
X-Cdn
X-Tx-Id
X-COUNTRY
X-TA-CDN-Provider
X-Webkit-CSP-Report-Only
X-B3-Spanid
X-Trace-ID
Frame-Options
X-Pass-Why
X-Origin-TTL
X-Origin-CC
X-Newrelic-Synthetics
X-ARC
X-DC
X-Service
X-FireWall-Port
X-ECache
X-AIR-PT
X-Esi
X-App-Version
X-Varnish-Cache-Hits
Environment
SID
X-Shopify-Stage
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Datadog-Trace-Id
X-Varnish-Hostname
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Presslabs-Stats
Server-Info
X-Endurance-Cache-Level
X-B-Cookie
X-Developer
X-Vdms-Path
X-Ec-Fail
X-BBC-Edge-Cache-Status
X-Destination
X-Bc-Bl
X-Request-Host
X-Cache-Info
X-Cache-NE
Edge-Cache
Gannett-Cam-Experience-Id
X-D
X-BCube-Filmed-By
DCR-Processing-Time-Ms
Meta-Geo-Continent
BehaviorPad-Version
T-Server
Origin
WWW-Authenticate
A
Surrogated-Key
Sslversion
MD5-Digest
Release
Rendered-Blocks
Req-Svc-Chain
Candidate-Md5Url
X-A
X-A-Ccd
X-Aed
X-A-Wwc
Ngx.Var.Host
X-Application
Redirect-Candidate
X-Epic-Correlation-Id
DCR-Decision-By
Lang
X-A-Dam
X-A-Dcw
X-A-Dgt
Odigeo-Trace-Id
X-Ec-GeoHdr
X-Processor
X-Rojux
X-External-Request-Id
X-Platform-Router
X-Platform-Processor
X-Origin-Time
X-Platform-Cluster
X-S-Cookie
X-S-Maxage
X-VG-TLSProxy
X-Vdms-Version
X-TIM-N
X-SRCache-Key
X-ScT
Xc-Version
X-Nyt-Route
X-S
X-Mid
X-Gdpr
X-Mobile-URL
X-Loc
X-ServerID
State
X-Sigma-Backend
X-Fmm-Version
X-Sn-Servicetimems
X-WP-CF-Super-Cache-Active
Host-ID
X-Sigma
Tube-Got-Results
Tube-Return
Tube-Got-Eval
X-Served-From
Tube-Get-Contents
X-Gamma-Serve
X-SVT-ORM-RULES
X-Varnish-CookieINHashed-On
Memcached
Magicmarker
X-Varnish-Remaining-TTL
X-WA-Info
X-Ec-Custom-Error
X-Varnish-CookieHashed-On
Vix-Hermes-Req-Id
X-WADP-Cache
X-SVT-ORM-VERSION
Fastly-GeoIP-CountryCode
X-Thinkindot-L3
X-VServer
X-GeoIP-City
X-CUA
X-Origin-Response-Time
X-CMSURLCustom
X-DefElseHash
X-Platform-Server
X-Old-Content-Length
X-Core-Value
X-NodeID
X-Cdn-Origin
X-Core-Mission
X-Cache-Bucket
X-Frame-Option
DSUID
X-Req
X-DefHash
Thinkindot-CacheControl
X-SB
X-We-Are-Hiring
TDXMobile
Thinkindot-CacheControl-Type
X-Httpd
X-Akamai-Device-Characteristics
X-Rocket-Build-Number
X-Human
X-INCAP-ABP
Thinkindot-Control
X-SD-PageType
X-Clara-WADP
Cache-Host
C-Via
Click-Count-Action-Start
Click-Count-Error
Cluster
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Decoy-Debug-TTL
X-Buckets
Cache-Tv-Group
Apple-News-Services-Handled
Apple-News-Services-Host
Country-Code
X-Pubstack
Decoy-Debug-Status
Decoy-Debug-Key
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Parent-Response-Time
Section-Io-Id
Section-Origin-Responded
X-Hash
X-Geo-Header
X-Hnp-Log
X-Accel-Expires-Debug
X-Worker
X-Ad-Defer-Variation
X-Accel-Buffering
X-Gzip
X-Esi-Check
X-LB-NoCache
X-Generated-On
User-Cache-Control
We-Hiring
Adler-Geo
Fastly-Backend-Name
X-Up
X-Dispatcher-Number
X-Developers
X-CSRF-Token
X-Cache-FS-Status
X-Thanos
X-Block-Status
X-Bip
X-Cache-Id
X-HS-Content-Campaign-Id
X-Fastly-Backend
X-Fetched-On
Server-Host
X-Is-Gdpr
X-JWT-State
X-Test
X-Has-Esi
X-Level-Front-Cache
X-GeoIP-Country-Code
X-Restarts
X-App
X-Location
X-Gen-Mode
X-GeoIP
X-GeoIP-Region-Code
X-Wix-Viewer-Type
Origin-EX
Origin-CC
Is-Eu
CloudFront-Viewer-Country
X-Planisys-CDN-Cache
Pics-Label
X-Variation
X-Slack-Backend
Platform
NM-Fastcgi-Cache
L
Mail-Subject
X-Scale
X-Cdn-Srv
X-Var-Ttl
Kp-EeAlive
Cmstype
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Cmsid
X-Pool
Producers
Svr
Cache-Key
Cache-Provider
X-Auto-Login
X-Request-Start
X-Minions-Version
X-Vmg-Version
Ssr
Sever-Int
X-Origin
CDCHOST
X-DPWN-IS-SECURE
X-Varnish-Beresp-Status
Server-Hostname
Server-Ext
X-Date
X-Node-Id
Cdn
X-RM-Cache-TTL
X-Dispatcher-Server
X-Cache-Backend
Web-Mar-Region
X-Irp-Debug
X-Varnishpool
X-Op-Id-All
X-VarnishDD-TTL
X-Owner
X-V-Cache
X-Platform
X-Nginx-Cache-Key
X-NCache
Gh-Request-Id
X-Forwarded-Site
X-HN
X-Qloud-Router
X-Mvc-Supplant-Cachable
CacheControlHeader
X-FC-Vary-Parameters
X-CacheTTL
Wxu-Next-Region
Wxu-Next-Hostname
AKAMAI
X-Aicache-OS
X-Azure-Ref-OriginShield
X-Region-Sid
X-Device-Os
Fastly-SSL
Machine
Datacenter
X-Server-IP
PFcat
X-Conf
X-Slack-Shared-Secret-Outcome
X-Nananana
Wxu-Next-Commit
X-Cache-Tags
X-Refresh
X-Ckpd-Fst-Backend
HostName
X-Men
HA-Ipaddr
X-Csrf-Jwt
X-Org
X-CGP
X-Via-Popv
X-Via-Poph
X-Via-Popn
Canary
Ha-Gx-Prefs
X-Varnish-Ttl
X-Eu-Site
X-Tb-Optimization-Total-Bytes-Saved
X-Cached-By
L5d-Success-Class
X-Cache-Remote
NGX
On-Server
Cdnsip
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-AK-Request-ID
X-VC
Env
X-HA-Backend
Cdncip
GeoIP-Latitude
Server-ID
X-Cache-Date
X-RCS-CacheZone
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-LB-ID
X-Gateway-Cache-Status
X-API-Version
X-Gateway-Request-Id
X-Microcachable
X-Nf-Request-Id
X-Wa
Cache
X-Fpc
X-ZONE
X-APP-VERSION
X-Mly-Id
X-Zone
X-Generated-In
Memory
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Server-ID
Time
Request-ID
X-Webkit-CSP
X-DataCenter
X-Via-NSCOPI
X-Micro-Cache
X-Fastly-Cache
Ngx-Var-Key
OT-Force-Account-Verify
X-Nc
Load-Balancing
Eomportal-Instance
X-ND-Cache
X-Instance-Name
X-Origin-Expires
X-HS-Status
X-VCL-Version
X-Correlation-ID
X-Response-By
X-Srv
X-Release
X-SIPLIST1
X-Request-URI
X-Vc
X-Check-Cacheable
X-Client-Ip
IsBot
X-Via-JSL
Srv
X-Cache-NGX
Locid
Srvid
Expect-Staple
X-Info
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-FL-EDGE
X-From
X-CCDN-CacheTTL
X-FL-QIT-DEBUG
NtCoent-Length
AMP-Access-Control-Allow-Source-Origin
True-Client-Ip
X-Edge-Pop
Hostname
X-NewRelic-App-Data
X-Via-CDN
X-Cache-Enabled
X-CS
X-Via-SSL
X-Via-Edge
X-MCACHE
Edge-Copy-Time
X-Api-Version
X-CSRF-TOKEN
X-Provided-By
GeoIp-Country-Code
X-Proxy-CacheRZ
XkeyRZ
Path
Location
X-Lambda-Id
X-Debug-Cache-Fetch
GeoIP-Country-Code
X-Debug-Cache-Store
X-Cache-Expires
Uri
X-Amz-Meta-Cb-Modifiedtime
X-NGINX-Cache
X-EC-Lua
X-Dc
X-Oss-Object-Type
Sid
X-RateLimit-Reset
X-Oss-Request-Id
True-Client-IP
Resin-Trace
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Cs
VNS-Cache
X-Vtex-Remote-Cache
X-Fastly-Country-Code
VNS-Age
Servername
X-Edge-POP
X-Render-Time
CPC-Cache
CPC-Age
Cross-Origin-Opener-Policy-Report-Only
X-Vcl-Version
X-NODE
X-Moov-Xdn-Version
X-Air-Pt
Traceparent
X-Moov-T
X-CLOUD-TRACE-CONTEXT
CDN
X-Viewer-Country
X-TH-Server
Fastly-Drupal-Html
X-Scheme
X-VCT
X-B3-SpanId
LB
X-PERF
X-ATG-Version
X-Cdn-Request-ID
X-ApacheServer
Rip
X-TX-ID
X-MSEdge-Features
X-Contensis-Viewer-Groups
X-Datacenter
X-Varnish-Authentication
X-MSEdge-Flight
X-Pod-Name
X-Cache-ASPX
X-NAPM-TraceId
FSS-Cache
Timeexpire
Esi-Enabled
Powered-By
X-Akamai-Pragma-Client-IP
X-Varnish-Beresp-TTL
X-Datadome
M-TraceId
CountryCode
X-Accel-Version
X-FPC
X-Cdn-Cache-Status
X-SERVER-NAME
X-WA
Tracecode
X-CF-Lambda-Version
True-Client-Country-4JS
V-Age
X-RateLimit-Limit-Second
X-Upstream-Ht
X-PAYTM-SRV-ID
Sm-Log-Id
X-CF-Lambda-Fn
X-Service-Response-Time
X-Clientip
X-RateLimit-Remaining-Second
X-Upstream-Ct
X-Geo
XServer
X-Xrds-Location
X-Cache-Type
YJS-ID
Server-Id
X-LiteSpeed-Cache-Control
X-Srcache-Fetch-Status
Proxy-Connection
X-CACHE-KEY
X-Lb-Id
X-NC
XM
Ohc-File-Size
X-Srcache-Store-Status
X-Udemy-Cache-App-Namespace
HIT
X-VG-WebCache
ENV
X-Wikidot-Static-Cache
X-B3-Parentspanid
Ngx
X-Wikidot-Backend
N-Cache
RNT-Machine
X-ServedByHost
X-CDN-Cache-Status
RNT-Time
X-TraceId
X-Hyper-Cache
X-Bl-Debug
X-Cdn-Forward
X-Forwarded-Path
Yjs-Id
X-Ha-Backend
X-Shop-Environment
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Epwk-X-Cache
Geoip-Latitude
X-Tenant
X-Orig-Expires
WZWS-RAY
X-Dw-Trace-Id
Content-Script-Type
Content-Style-Type
X-B3-Trace-ID
User-Agent
X-Lb-Nocache
X-Vgn-Hpd-Reason
Inserted-Into-Cache-At
X-B3-ParentSpanId
X-Cdn-Diag
X-Connection-Hash
X-MiniProfiler-Ids
Req-ID
Expiry
X-Fastly-Backend-Reqs
X-Serial
X-Swift-Error
Ec-Rule-Version
X-Via-PopV
Pramga
X-MP-GENERATED-AT
X-Via-PopH
X-Via-PopN
X-TT-LOGID
X-F-Status
X-Lsadc-Cache
X-M-Reqid
X-Qnm-Cache
X-App-Name
X-Amz-Meta-Opti
Lb
X-M-Log
X-UP
X-Stale
X-Mid-Debug-Cache-Disk
X-Mid-Debug-Cache-Key
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Yottaa-OS
X-Webstats-RespID
X-Request-URL
X-Cache-Ngx
My-App
X-LiteSpeed-Tag
X-Th-Server
MIME-Version
Cneonction
X-IPS-Cached-Response
Warning
X-Snapshot-Date