Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-Id
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-DNS-Prefetch-Control
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-WebKit-CSP
X-OneAgent-JS-Injection
Accept-CH
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Page-Speed
Cf-Apo-Via
Cf-Railgun
X-Server-Id
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Readtime
X-Cache-Lookup
X-Ruxit-JS-Agent
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
X-CST
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-WebKit-CSP-Report-Only
Content-Location
X-Content-Type
Accept-Ch-Lifetime
X-Country
X-Mcache
X-ECACHE
X-Clacks-Overhead
Rating
X-MS-InvokeApp
X-Url
X-Midtier
X-TtlSet
X-Vname
X-PC
X-Amz-Server-Side-Encryption
RTSS
X-VARITI-CCR
Cache-Tag
X-B3-TraceId
X-Vcap-Request-Id
X-Varnish-TTL
X-D2id
X-Element-Page-Cache
Origin-Trial
X-Ac
X-Server-Name
Verso
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Rack-Cache
X-Litespeed-Cache
X-Cnection
Service-Worker-Allowed
X-Cache-TTL
X-Powered-By-Plesk
X-ESI
Xkey
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-Ttl
X-Amz-Rid
X-NWS-LOG-UUID
SPRequestGuid
X-SharePointHealthScore
Edge-Control
X-Client-IP
X-Cached
X-Mg-S
X-Px
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Instrumentation
X-Fastcgi-Cache
X-Upstream
SPIisLatency
SPRequestDuration
X-Cache-Key
X-Correlation-Id
Pagespeed
X-Middleton-Display
Display
X-Sol
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-NF-Request-ID
Access-Control-Request-Method
Edge-Cache-Tag
X-Goog-Hash
X-XRDS-Location
Front-End-Https
X-Daa-Tunnel
X-Country-Code
X-Forwarded-For
X-Version
Public-Key-Pins
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-SID
AR-Request-ID
X-Powered-CMS
X-Id
TCN
X-Recruiting
X-T
X-MSEdge-Ref
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-RateLimit-Remaining
X-Content-Digest
X-Accel-Expires
Response
X-Middleton-Response
X-Shield-Request-Id
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Ser
TP-L2-Cache
TP-Cache
X-Amzn-Trace-Id
Nginx-Cache
X-Fastly-Request-ID
S
X-Ruxit-Js-Agent
X-Request-Processing-Time
X-Request-Received
X-Hits
Server-Node
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-Distributor
X-Ratelimit-Limit
X-Edge-Location-Klb
Cache-Status
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Cache-Tags
Fastcgi-Cache
X-Grace
Alternate-Protocol
Server-Name
X-DataDome
X-Protected-By
X-Ezoic-Cdn
X-Ratelimit-Remaining
X-Origin-Server
X-DIS-Request-ID
X-LB-Cache
X-Ua-Browser
X-Ratelimit-Reset
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Geo-Country
X-TEC-API-ORIGIN
X-Microsite
X-Frontend
X-Request-Handler-Origin-Region
X-Rid
Cross-Origin-Opener-Policy
X-Debug-Info
X-Git-Hash
X-Varnish-Backend
X-Www-Served-By
Cleartype
Healthy
Filterid
X-Logged-In
X-FB-Debug
Payment
X-Forwarded-Proto
X-TTL
X-NGENIX-Cache
X-Load-Cache
X-Page-Id
Charset
X-LLID
X-B3-Sampled
X-Webkit-Csp
Content-Disposition
DC
X-ASPNET-VERSION
X-Hostname
X-Cluster-Name
X-VCache
X-Origin-Cache
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
MS-Author-Via
X-Oneagent-Js-Injection
X-Kong-Proxy-Latency
X-FastCGI-Cache
X-Kong-Upstream-Latency
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
Retry-After
X-Proxy
Access-Control-Allow-Method
Accept-Charset
X-PressLabs-Stats
X-F-Cache
Cross-Origin-Resource-Policy
X-Activity-Id
Paypal-Debug-Id
X-AppVersion
X-Type
X-Az
X-Amz-Replication-Status
X-Signature
X-Revision
X-B-Cache
X-Request-Guid
X-Varnish-Server
X-Providence-Cookie
X-Hosted-By
X-Route-Name
Accept-Ch
X-Flags
X-Amz-Meta-S3cmd-Attrs
X-Contextid
Viewport
X-Azure-Ref
X-Aspnet-Duration-Ms
X-Is-Crawler
X-B
X-TT
X-Wix-Request-Id
X-Seen-By
X-App-Environment
X-Whom
X-DynaTrace
Realpath
X-Fb-Rlafr
Amp-Access-Control-Allow-Source-Origin
Surrogate-Key
Count-Hit
X-Aspnetmvc-Version
Referer-Policy
X-Source
X-Akamai-Edgescape
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Mobile
X-Language
X-App-Server
X-RateLimit-Limit
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Template
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cache-Control
Host
X-EdgeConnect-Cache-Status
X-Varnish-Grace
X-N
X-Cache-Rule
X-Original-Request-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-HTML-Minification-Powered-By
X-Response-Served-From
X-UUID
X-Magnolia-Registration
X-Varnish-Age
X-Cache-Time
Version
VIX-Pulpo-Node
X-Cache-Status-Check
Access-Control-Request-Headers
VIX-Pulpo-Upstream-Status
Section-Io-Cache
Refresh
SD-X-WS
X-Cache-Expired-At
MS-CV
Akamai-GRN
Ms-Operation-Id
X-Adobe-Loc
X-Jobs
X-L-Path
X-FW-Version
X-FW-Static
X-FW-Server
X-Page-View
X-ProcessESI
X-Status
X-Rule
X-RTag
X-RemovedCookies
X-FW-Serve
X-FW-Type
X-Cacheable-TTL
X-FW-Hash
X-Cache-Grace
X-Adobe-Content
Protected
X-Envoy-Decorator-Operation
X-Environment-Context
X-FW-Dynamic
X-Framework
Url
X-Servername
X-Instance
NGB
X-Rendered-As
X-Content-Powered-By
X-G
X-Is-Bot
X-NYM-Debug-Backend
SRV
X-Akamai-Request-ID2
GEO-INFO
X-Device-Type
X-Http-Reason
X-Backend-Name
X-User-Agent
X-Debug-IsConnected
X-Debug-IsPreview
X-B3-Traceid
X-CDN-Forward
X-Newrelic-App-Data
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Nginx-Cache
CDN-RequestId
X-Trace-Id
From-Origin
X-COUNTRY
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Hit
WPO-Cache-Status
WPO-Cache-Message
X-Region
X-Tb
Accept-Language
Country
X-Cache-Age
Front
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Tt-Logid
X-URL
X-Node-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
Backend
Fastly-Drupal-HTML
X-TIME
X-Content-Options
X-Real-IP
X-VC-Cache
Uber-Trace-Id
Fastly-SWR
X-Mode
Fastly-SIE
X-Buckets
X-Unique-Id
Content-Secure-Policy
X-Cache-Operation
X-DynaTrace-JS-Agent
X-Tec-Api-Root
X-Tec-Api-Version
X-CACHE-AGE
X-Tec-Api-Origin
X-RN-RSRV
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Zen-Fury
X-Tumblr-Pixel-2
X-Generation-Time
Meta-Geo
Filters
X-Proxy-Cache-Info
Onion-Location
X-Cache-Server
Azure-InstanceId
X-Access
Azure-RegionName
X-Amzn-Remapped-Content-Length
CF-IPCountry
Azure-Version
X-Section
X-Format
X-Web-Node
X-IPS-LoggedIn
Azure-SiteName
X-Rocket-Nginx-Serving-Static
Webserver
Azure-SlotName
TWC-Device-Class
Property-Id
TWC-Connection-Speed
Apigw-Requestid
TWC-GeoIP-Country
X-Cache-Action
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Locale
X-Sucuri-ID
X-Ua
X-Varnish-Beresp-Grace
X-Proxy-Cache-Status
X-PHP-Backend
X-Origin-Hint
X-Reqid
X-Via-Fastly
X-Sucuri-Cache
X-Sql-Duration-Ms
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-Adobe-Source
X-Server-W
X-Sql-Count
X-Debug
X-Soup
X-Skip-Cache
X-Cms-Context
TWC-GeoIP-LatLong
X-Cache-Host
X-SRV
X-AWS-Id
X-LJ-Flow-ID
X-Ms-Request-Id
X-Ms-Version
X-PHP-Host
DB-Nickname
X-Edge-Location
S-Rt
X-GeoCountry
X-GeoCode
X-Handled-By
X-IPLB-Instance
X-Proto
X-IPLB-Request-ID
X-Labrador-Cache-Channel
X-Times
X-VWS-Id
X-Cluster
Node
X-Cache-TTL-Remaining
X-BYPASS-REASON
Web-Mar-Node
X-UA-Device-Type
X-Site-Version
X-ProxyCache-Key
X-Forwarded-Host
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Cluster-Node
X-Content-Age
ServerID
X-Detected-As
X-Extlb
X-LSADC-Cache
X-Urbn-Site-Id
X-Xfnlog-Site
X-Zipkin-Id
Cache-Hits
X-Urbn-Context-Path
X-SaId
X-JoinUs
X-LAGOON
X-Proxied
X-Routing-Service
X-FB-TRIP-ID
X-No-Session
CDN-Uid
Cross-Origin-Window-Policy
Locale
Mn-Server-Ip
CDN-RequestCountryCode
CDN-PullZone
Cache-Name
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
ServedBy
Mime-Version
WP-Super-Cache
X-Fastly-Request-Id
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Presslabs-Stats
Fastcgi-Useragent
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Liferay-Portal
Selected-Fe
X-Timing-Wait
X-Proxy-Build
X-Request-Time
X-Tumblr-Pixel-3
Xserver
X-Redis-Cache
X-Time
X-XRDS-LOCATION
X-Cache-Debug
X-Hl-Ver
Source
X-Optimistic-Header
X-Loop
X-Origin-Date
X-TNCMS
Upgrade-Insecure-Requests
X-GEO
X-Generated-By
X-Akamai-Transformed
X-Varnish-Hits
X-Mg-Request-UUID
X-Uri
X-Pass-Why
X-Director
X-NWS-UUID-VERIFY
X-TA-CDN-Provider
X-Varnish-Beresp-Ttl
Countrycode
CF-Cached-On
Xet-Cookie
X-Tx-Id
X-ARC
X-Cdn
Frame-Options
X-Newrelic-Synthetics
X-Tid
X-Storage
X-DC
X-FireWall-Port
X-Origin-CC
X-Origin-TTL
X-App-Version
X-Service
X-Varnish-Cache-Hits
X-ShardId
X-Alternate-Cache-Key
X-ECache
Cache-Tv-Group
X-ShopId
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Varnish-Hostname
X-Esi
SID
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Sampled
Environment
X-Datadog-Parent-Id
X-Endurance-Cache-Level
X-ServerID
X-RM-Cache-TTL
X-Destination
Surrogated-Key
X-CMSURLCustom
X-Ec-Fail
X-Nyt-Route
Memcached
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Core-Value
X-D
Odigeo-Trace-Id
X-Request-Host
Lang
T-Server
X-Mobile-URL
Sslversion
Origin
X-Bc-Bl
X-BCube-Filmed-By
X-Level-Front-Cache
Req-Svc-Chain
X-Generated-On
BehaviorPad-Version
Thinkindot-CacheControl
X-Gdpr
Candidate-Md5Url
Rendered-Blocks
Thinkindot-CacheControl-Type
DCR-Processing-Time-Ms
MD5-Digest
Thinkindot-Control
A
X-INCAP-ABP
Host-ID
X-External-Request-Id
Meta-Geo-Continent
Ngx.Var.Host
DCR-Decision-By
X-Cache-Info
TDXMobile
X-Developer
Gannett-Cam-Experience-Id
X-Frame-Option
Redirect-Candidate
X-Loc
X-S
X-A-Dcw
X-Rojux
X-Cache-NE
X-VG-TLSProxy
X-TIM-N
X-Processor
X-Application
X-Thinkindot-L3
X-S-Cookie
X-A-Dgt
X-Vdms-Path
X-ScT
X-A
X-Vdms-Version
X-S-Maxage
Server-Info
X-A-Wwc
X-We-Are-Hiring
X-A-Dam
X-Aed
X-Served-From
X-B-Cookie
X-Origin-Time
X-BBC-Edge-Cache-Status
X-A-Ccd
X-SRCache-Key
Xc-Version
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Varnish-CookieINHashed-On
Decoy-Debug-TTL
X-Varnish-Beresp-Status
X-Ec-Custom-Error
X-Varnish-CookieHashed-On
X-SVT-ORM-VERSION
Edge-Cache
X-Fetched-On
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
X-Gamma-Serve
X-Fmm-Version
X-SVT-ORM-RULES
X-Sn-Servicetimems
DSUID
X-B3-Spanid
X-WP-CF-Super-Cache-Active
X-Clara-WADP
X-Core-Mission
X-Worker
X-Akamai-Device-Characteristics
Release
X-Conf
X-Cdn-Origin
Server-Host
X-Cdn-Srv
X-Test
X-DefElseHash
X-WADP-Cache
Ssr
State
Magicmarker
X-Varnish-Remaining-TTL
Decoy-Debug-Status
X-Developers
X-DefHash
X-WA-Info
X-VServer
X-Vmg-Version
Svr
CloudFront-Viewer-Country
Tube-Get-Contents
X-Location
Tube-Got-Eval
X-Rocket-Build-Number
X-JWT-State
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-Httpd
Decoy-Debug-Key
X-SB
X-Restarts
X-Req
WWW-Authenticate
X-NodeID
X-Origin-Response-Time
Vix-Hermes-Req-Id
X-Auto-Login
Tube-Return
X-Mid
X-Pool
Tube-Got-Results
X-Platform-Server
AKAMAI
X-Human
X-Cache-Bucket
Cluster
X-SD-PageType
Apple-News-Services-Handled
Click-Count-Action-Start
X-Old-Content-Length
Country-Code
Click-Count-Error
X-Has-Esi
X-Sigma
X-Geo-Header
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
C-Via
Apple-News-Services-Request-Url
Cache-Host
X-Sigma-Backend
Cache-Key
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
X-Parent-Response-Time
Section-Io-Origin-Time-Seconds
X-Azure-Ref-OriginShield
X-Cache-FS-Status
X-Bip
X-Block-Status
X-Cache-Backend
X-App
X-Cache-Id
X-Planisys-CDN-Cache
X-Ad-Defer-Variation
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Owner
X-Origin
X-NCache
X-Nginx-Cache-Key
X-Op-Id-All
X-Qloud-Router
X-Region-Sid
X-Variation
X-Wix-Viewer-Type
X-Org
X-V-Cache
X-Up
X-Scale
X-Slack-Backend
X-Thanos
X-Nananana
X-Minions-Version
X-DPWN-IS-SECURE
X-Esi-Check
X-Fastly-Backend
X-Dispatcher-Server
X-Dispatcher-Number
X-CUA
X-Date
X-Device-Os
X-Gen-Mode
X-GeoIP
X-Hnp-Log
X-LB-NoCache
X-Men
X-Hash
X-Gzip
X-GeoIP-City
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Ckpd-Fst-Backend
X-Accel-Expires-Debug
Server-Ext
Datacenter
Producers
Platform
Server-Hostname
Cmstype
Mail-Subject
CDCHOST
Cmsid
Is-Eu
Pics-Label
NM-Fastcgi-Cache
Machine
NGX
On-Server
Origin-CC
Kp-EeAlive
L
Origin-EX
Cache-Provider
CacheControlHeader
Wxu-Next-Commit
User-Cache-Control
Web-Mar-Region
Adler-Geo
We-Hiring
Wxu-Next-Region
Wxu-Next-Hostname
X-Trace-ID
Sever-Int
X-Accel-Buffering
X-Pubstack
X-AIR-PT
X-Var-Ttl
X-VarnishDD-TTL
X-Varnishpool
X-Forwarded-Site
X-Mvc-Supplant-Cachable
X-Slack-Shared-Secret-Outcome
Canary
X-HN
X-Node-Id
X-Refresh
Gh-Request-Id
Fastly-SSL
X-Request-Start
X-FC-Vary-Parameters
X-Irp-Debug
X-Cache-Tags
X-CacheTTL
PFcat
Cdn
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-Cache-Remote
X-Varnish-Ttl
X-Platform
X-Server-IP
X-CGP
Ha-Gx-Prefs
X-Aicache-OS
L5d-Success-Class
X-Csrf-Jwt
X-Eu-Site
HA-Ipaddr
X-Cache-Date
X-Webkit-CSP-Report-Only
X-Mvc-Supplant-OutputCached
X-Microcachable
Env
X-Cached-By
X-HA-Backend
GeoIP-Latitude
X-Servedbyhost
X-RCS-CacheZone
Server-ID
X-CSRF-Token
X-Mly-Id
X-Client-Ip
Load-Balancing
X-AK-Request-ID
X-Tb-Optimization-Total-Bytes-Saved
Cdncip
Cdnsip
X-Vc
HostName
X-Fpc
X-ZONE
X-DataCenter
X-Nc
X-Fastly-Cache
X-Wa
X-Zone
X-API-Version
X-Gateway-Cache-Status
X-VC
Time
X-Generated-In
Memory
X-ND-Cache
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Instance-Name
X-Gateway-Request-Id
X-Origin-Expires
X-Webkit-CSP
Hostname
X-HS-Status
X-Response-By
X-Release
X-LB-ID
X-APP-VERSION
X-Api-Version
X-CS
Cache
X-From
X-FL-EDGE
X-CCDN-CacheTTL
Eomportal-Instance
X-Via-NSCOPI
X-CSRF-TOKEN
Srvid
Locid
X-CCDN-Origin-Time
X-FL-QIT-DEBUG
X-Hcs-Proxy-Type
Expect-Staple
X-Correlation-ID
X-NGINX-Cache
X-Cache-Enabled
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Via-CDN
Ngx-Var-Key
X-Vgn-Hpd-Ssi
X-Micro-Cache
X-Check-Cacheable
OT-Force-Account-Verify
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
X-Provided-By
GeoIp-Country-Code
X-Edge-Pop
NtCoent-Length
X-NewRelic-App-Data
X-Air-Pt
AMP-Access-Control-Allow-Source-Origin
X-SIPLIST1
IsBot
X-Request-URI
X-Proxy-CacheRZ
XkeyRZ
X-Lambda-Id
X-VCL-Version
X-Debug-Cache-Store
X-Amz-Meta-Cb-Modifiedtime
X-MCACHE
X-Vcl-Version
X-Info
X-Cache-NGX
X-Debug-Cache-Fetch
True-Client-IP
X-Via-JSL
X-B3-SpanId
X-Srv
X-Nf-Request-Id
Srv
True-Client-Ip
VNS-Cache
Uri
Path
X-Render-Time
VNS-Age
Resin-Trace
CPC-Age
CPC-Cache
X-Vtex-Remote-Cache
X-EC-Lua
X-Dc
Sid
Location
X-TH-Server
X-Oss-Server-Time
X-VCT
X-Oss-Object-Type
X-Oss-Storage-Class
X-Cache-Expires
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
Request-ID
X-Server-ID
X-Fastly-Country-Code
GeoIP-Country-Code
X-Cs
Servername
X-Edge-POP
X-ATG-Version
X-MSEdge-Features
X-Varnish-Authentication
X-MSEdge-Flight
X-Contensis-Viewer-Groups
X-Cache-ASPX
Esi-Enabled
YJS-ID
CDN
X-CLOUD-TRACE-CONTEXT
Cross-Origin-Opener-Policy-Report-Only
Fastly-Drupal-Html
LB
X-Scheme
X-Upstream-Ht
M-TraceId
X-Moov-T
X-Moov-Xdn-Version
Traceparent
X-Accel-Version
X-Upstream-Ct
CountryCode
X-Cache-Type
X-TX-ID
X-RateLimit-Remaining-Second
X-Cdn-Request-ID
X-RateLimit-Limit-Second
X-Pod-Name
X-PAYTM-SRV-ID
Sm-Log-Id
X-CF-Lambda-Version
X-Viewer-Country
Timeexpire
X-Service-Response-Time
X-PERF
X-CF-Lambda-Fn
X-ApacheServer
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
X-Datacenter
HIT
X-Datadome
X-RateLimit-Reset
X-FPC
X-Lb-Id
X-WA
X-Wikidot-Static-Cache
Powered-By
FSS-Cache
X-Cdn-Cache-Status
X-Udemy-Cache-App-Namespace
X-NAPM-TraceId
N-Cache
X-CDN-Cache-Status
X-SERVER-NAME
RNT-Time
X-Wikidot-Backend
RNT-Machine
Rip
XServer
X-Geo
X-Orig-Expires
X-Tenant
X-Shop-Environment
X-Forwarded-Path
Epwk-X-Cache
Proxy-Connection
Server-Id
X-NC
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Bl-Debug
X-CACHE-KEY
Ohc-File-Size
True-Client-Country-4JS
X-B3-Trace-ID
X-Clientip
Tracecode
X-Dw-Trace-Id
X-MP-GENERATED-AT
X-TraceId
V-Age
X-ServedByHost
ENV
X-LiteSpeed-Cache-Control
Yjs-Id
X-Hyper-Cache
X-Cdn-Forward
XM
X-Ha-Backend
X-Amz-Meta-Opti
Geoip-Latitude
WZWS-RAY
X-VG-WebCache
X-App-Name
X-M-Reqid
X-M-Log
X-Acquia-Application-UUID
X-B3-Parentspanid
X-Via-PopN
X-Fastly-Cache-Hits
X-Acquia-Purge-Tags
X-Via-PopV
Content-Script-Type
X-Acquia-Application-Trace
X-Acquia-Site
X-Via-PopH
Content-Style-Type
X-Serial
X-Policy
User-Agent
Ngx
Inserted-Into-Cache-At
X-B3-ParentSpanId
X-Qnm-Cache
X-Rebelmouse-Cache-Control
Ec-Rule-Version
X-Swift-Error
X-Lb-Nocache
X-Vgn-Hpd-Reason
X-Rebelmouse-Surrogate-Control
X-Fastly-Backend-Reqs
X-F-Status
X-Wp-Cf-Super-Cache
X-Lsadc-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-TT-LOGID
X-UP
X-Cache-Ngx
X-Stale
X-MiniProfiler-Ids
X-Mid-Debug-Cache-Disk
X-RAMCache
X-IPS-Cached-Response
X-Ramcache
X-Request-URL
MIME-Version
X-Th-Server
Pramga
X-Cdn-Diag
X-LiteSpeed-Tag
X-Mid-Debug-Cache-Key
Cneonction
X-Snapshot-Date
My-App
Warning