Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-FRAME-OPTIONS
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
X-Dns-Prefetch-Control
X-Ua-Compatible
Access-Control-Max-Age
X-Request-ID
X-Via
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Backend
P3p
X-Amz-Id-2
X-Proxy-Cache
X-Ws-Request-Id
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Akamai-Path-Stats
X-Rq
EagleId
X-Vhost
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-OneAgent-JS-Injection
X-Node
X-Server-Id
EagleEye-TraceId
X-Pingback
X-Cache-Spec
Request-Id
Surrogate-Control
Cf-Railgun
X-Akam-SW-Version
X-Backend-Server
Accept-CH
X-Readtime
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-HW
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
Content-Location
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
Accept-Ch-Lifetime
X-Country
X-Edge
X-Amz-Server-Side-Encryption
X-Ruxit-JS-Agent
X-Rack-Cache
X-MS-InvokeApp
X-B3-TraceId
Edge-Control
X-Vname
X-TtlSet
X-PC
Accept-Ch
X-Content-Type
X-ESI
X-Vcap-Request-Id
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Varnish-TTL
Xkey
X-FastCGI-Cache
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Amz-Rid
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-D2id
X-Cdn-Fetch
X-Mcache
X-VARITI-CCR
X-CST
Verso
Cache-Tag
X-GitHub-Request-Id
RTSS
X-Powered-By-Plesk
X-ECACHE
X-Oneagent-Js-Injection
X-Cached
Service-Worker-Allowed
X-Upstream
X-Navigation-Version
X-Client-IP
X-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Px
X-Ruxit-Js-Agent
X-Cnection
X-Ac
Public-Key-Pins
X-Ser
Arr-Disable-Session-Affinity
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-SharePointHealthScore
SPRequestGuid
X-Element-Page-Cache
X-Sol
Display
X-Server-Name
Pagespeed
X-Middleton-Display
X-Country-Code
SPIisLatency
SPRequestDuration
X-Cache-TTL
X-Ttl
X-NWS-LOG-UUID
X-NF-Request-ID
X-RateLimit-Remaining
X-Midtier
X-Cache-Key
X-Middleton-Response
Permissions-Policy
Response
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-Forwarded-For
Access-Control-Request-Method
Content-MD5
X-DataDome
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
X-MSEdge-Ref
Front-End-Https
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Powered-CMS
X-Correlation-Id
Edge-Cache-Tag
TP-L2-Cache
X-T
X-Recruiting
TP-Cache
X-Jurisdiction
AR-PoweredBy
AR-CACHE
X-HP-Webp
X-HP-Trace-Id
AR-SID
AR-ATIME
AR-Request-ID
Nginx-Cache
X-Accel-Expires
X-RateLimit-Limit
TCN
X-Daa-Tunnel
MicrosoftSharePointTeamServices
X-Grace
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Id
X-Mg-S
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Hits
X-Content-Digest
Filters
X-Request-Received
X-Request-Processing-Time
Server-Node
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
Server-Name
X-Frontend
X-LLID
S
X-Fastly-Request-Id
X-TTL
X-Amzn-Trace-Id
X-Distributor
Cache-Status
X-Protected-By
X-Geo-Country
MS-Author-Via
Fastcgi-Cache
X-PressLabs-Stats
X-LB-Cache
X-Language
X-Microsite
X-Request-Handler-Origin-Region
Cross-Origin-Opener-Policy
X-Seen-By
X-Origin-Server
X-F-Cache
X-Ezoic-Cdn
X-Forwarded-Proto
X-B3-Sampled
Charset
X-Ab
Host
X-Ua-Browser
Filterid
X-Page-Id
X-FB-Debug
X-Git-Hash
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Litespeed-Cache
Payment
X-Ratelimit-Reset
X-ASPNET-VERSION
Count-Hit
Realpath
X-Cache-Age
X-VCache
X-Erf-Bev-Bev
X-Browser-Type
X-Cluster-Name
X-Erf-Bev-Bev-Is-Generated
Accept-Charset
Cf-Apo-Via
X-Origin-Cache
Surrogate-Key
Alternate-Protocol
Cache-Tags
X-DynaTrace
X-NGENIX-Cache
X-Rid
X-Webkit-Csp
Retry-After
X-Activity-Id
Cleartype
X-Az
X-AppVersion
X-Template
X-Fastcgi-Cache
X-Www-Served-By
Access-Control-Allow-Method
X-Wix-Request-Id
X-Route-Name
X-Flags
X-Node-Name
X-Is-Crawler
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Request-Guid
X-Varnish-Backend
X-Tb
X-Signature
X-B-Cache
X-Upgrade-Enabled
X-App-Environment
X-TT
X-Varnish-Grace
X-Type
X-Amz-Replication-Status
X-Content
X-Debug
ServerID
X-DIS-Request-ID
X-B
DC
Paypal-Debug-Id
X-Proxy
X-Drupal-Cache-Tags
X-Logged-In
Frame-Options
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Envoy-Decorator-Operation
X-Hostname
X-Source
X-Mobile
X-Content-Options
X-Revision
X-Load-Cache
X-COUNTRY
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Cache-Control
X-N
Amp-Access-Control-Allow-Source-Origin
X-Contextid
Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Magnolia-Registration
X-User-Agent
Referer-Policy
X-Whom
Viewport
X-Cache-Rule
NGB
X-EdgeConnect-Cache-Status
X-Ratelimit-Remaining
X-Original-Request-Id
X-Response-Served-From
Refresh
Node
X-Varnish-Age
Content-Disposition
X-Fastly-Request-ID
X-Restarts
X-L-Path
X-Cacheable-TTL
X-Page-View
X-Debug-IsPreview
X-Environment-Context
X-Cache-TTL-Remaining
Access-Control-Request-Headers
X-Debug-IsConnected
X-Framework
X-Adobe-Content
VIX-Pulpo-Upstream-Status
X-Jobs
X-G
Uber-Trace-Id
Akamai-GRN
Url
VIX-Pulpo-Node
X-Adobe-Loc
X-Instance
X-Is-Bot
X-Real-IP
X-Yottaa-Metrics
X-Cache-Grace
X-Akamai-Request-ID2
X-Yottaa-Optimizations
X-Rendered-As
X-Varnish-Server
X-Servername
X-Unique-Id
X-Mg-Request-UUID
X-NYM-Debug-Backend
X-Mid
X-Cache-Time
X-Drupal-Cache-Contexts
X-Status
X-Server-ID
Version
Countrycode
X-Content-Powered-By
X-Webkit-CSP
X-App-Server
X-RemovedCookies
X-ProcessESI
X-APP-VERSION
X-Debug-Info
X-Http-Reason
X-XRDS-LOCATION
X-CDN-Forward
Srv
Protected
X-IPLB-Request-ID
X-IPLB-Instance
X-Hosted-By
Accept-Language
X-Nginx-Cache-Key
X-Cache-Expired-At
X-Trace-Id
X-Tt-Logid
X-Ratelimit-Limit
Healthy
Liferay-Portal
X-Via-JSL
X-Device-Type
Fastcgi-Useragent
X-Time
X-Cache-Hit
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-FW-Serve
X-Tumblr-Pixel-0
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Dynamic
X-Azure-Ref
X-FW-Static
Section-Io-Cache
X-Backend-Name
X-RTag
X-UUID
X-Cache-NGX
Ms-Operation-Id
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
MS-CV
Backend
X-Cache-Operation
X-Proxy-Cache-Status
Server-Info
Content-Secure-Policy
X-Mobile-URL
Load-Balancing
X-RN-RSRV
X-UPSTREAM-Address
X-Storage
Meta-Geo
CF-IPCountry
X-Datadome
X-Mode
X-Sql-Duration-Ms
X-Content-Age
X-Sql-Count
X-Handled-By
X-HTML-Minification-Powered-By
TWC-GeoIP-LatLong
CDN-PullZone
CDN-RequestCountryCode
TWC-GeoIP-Country
TWC-Connection-Speed
X-OCL
X-No-Session
CDN-EdgeStorageId
X-Say-Cacheable
CDN-Cache
TWC-Locale-Group
CDN-CachedAt
X-Region
TWC-Privacy
X-Redis-Cache
Web-Mar-Node
Locale
X-PHP-Host
X-PHP-Backend
X-Origin-Hint
X-PCL
Onion-Location
Property-Id
X-Proto
X-Origin-Date
CDN-RequestId
CDN-Uid
Eomportal-Instance
S-Rt
Webcakes-App-Version
X-Site-Version
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Section
X-Server-W
X-ShardId
X-Forwarded-Host
X-Format
X-Adobe-Source
X-AWS-Id
X-Alternate-Cache-Key
X-Cache-Enabled
X-Cache-Host
X-Edge-Location
X-Cms-Context
X-Cache-Server
X-Access
X-Storefront-Renderer-Rendered
X-Akamai-Edgescape
Webcakes-Region
X-SayCDN-TTL
X-LJ-Flow-ID
X-Locale
X-Say-TTL
X-VWS-Id
X-VC-Cache
X-Varnishpool
X-Varnish-Hostname
X-Uri
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Skip-Cache
X-Varnish-Cache-Hits
X-Labrador-Cache-Channel
Azure-Version
WP-Super-Cache
Webcakes-App-Name
TWC-Device-Class
Azure-InstanceId
X-URL
GEO-INFO
Azure-SiteName
Azure-RegionName
Azure-SlotName
X-Zen-Fury
X-Generation-Time
X-Hl-Ver
X-GeoCode
X-Generated-By
X-GeoCountry
X-Debug-Cache
X-Cache-Type
X-BYPASS-REASON
X-JoinUs
X-Detected-As
X-Extlb
X-FB-TRIP-ID
X-ProxyCache-Status
X-UA-Device-Type
X-Timing-Wait
X-Via-Fastly
X-Web-Node
X-Xfnlog-Site
X-ServerID
X-SaId
X-Proxy-Build
X-ProxyCache-Key
X-Request-Time
X-Routing-Service
X-Proxied
X-Zipkin-Id
Mn-Server-Ip
Selected-Fe
DB-Nickname
Apigw-Requestid
X-SRV
X-Correlation-ID
X-Tid
X-Varnish-Beresp-Grace
X-Cache-Status-Check
ServedBy
X-Rule
X-Cache-Action
X-ECache
X-LSADC-Cache
X-Ua
X-R9-Blue-Green-Version
X-Ms-Request-Id
Cache-Name
X-Ms-Version
Cross-Origin-Resource-Policy
X-Dc
X-DynaTrace-JS-Agent
X-Human
X-FireWall-Port
X-Nginx-Cache
Cache
Xet-Cookie
X-Cache-Tags
SD-X-WS
X-Amz-Apigw-Id
X-Cached-By
X-Amzn-RequestId
Source
Cross-Origin-Window-Policy
LB
X-WP-CF-Super-Cache-Cache-Control
X-Aspnetmvc-Version
X-RCS-CacheZone
X-WP-CF-Super-Cache
X-Loop
X-TNCMS
X-Via-NSCOPI
X-Cdn
X-GEO
X-Varnish-Hits
X-NewRelic-App-Data
X-MP-GENERATED-AT
Origin
Xserver
WPO-Cache-Message
WPO-Cache-Status
X-GG-Cache-Date
X-App-Version
X-Reqid
X-Pubstack
X-IPS-LoggedIn
X-Origin-CC
X-Origin-TTL
X-Amzn-Remapped-Content-Length
X-Soup
X-TA-CDN-Provider
X-AOL-HN
X-B3-SpanId
Cache-Hits
X-Api-Version
X-Tumblr-Pixel-2
X-FW-Version
Rip
X-TIME
From-Origin
X-Newrelic-Synthetics
X-Service
X-Platform-Server
X-Vgn-Hpd-Reason
X-Cluster-Node
Upgrade-Insecure-Requests
Webserver
X-Request-Host
X-NAPM-TraceId
X-Orig-Expires
Environment
X-User
DCR-Processing-Time-Ms
X-Connection-Hash
DCR-Decision-By
X-TIM-N
Expiry
X-Accel-Buffering
X-BCube-Filmed-By
X-Bc-Bl
X-Served-From
Xc-Version
T-Server
X-Cache-NE
X-D
Cdnsip
X-External-Request-Id
A
X-Ec-GeoHdr
X-Forwarded-Path
X-Provided-By
X-VG-WebCache
X-SRCache-Key
X-Ec-Fail
BehaviorPad-Version
Cdncip
X-Vdms-Path
X-Session-Fingerprint
X-Destination
X-Developer
X-Shop-Environment
Host-ID
X-ScT
X-A-Dcw
X-S
Odigeo-Trace-Id
Ngx.Var.Host
X-A-Dgt
X-Owner
X-S-Cookie
X-A-Wwc
X-A-Dam
X-A-Ccd
Sslversion
Surrogated-Key
X-Rojux
Rendered-Blocks
Redirect-Candidate
X-Rewrite-Enabled
X-A
X-Processor
X-Vdms-Version
Lang
X-PBS-Appsvrname
X-AK-Request-ID
X-Application
X-ARC
X-Tenant
X-Aed
Meta-Geo-Continent
MD5-Digest
X-Origin-Response-Time
X-B-Cookie
X-Cluster
OT-Force-Account-Verify
Fastly-SSL
X-Varnish-Beresp-Ttl
X-Generated-On
X-Bip
X-Dispatcher-Number
Decoy-Debug-Key
Mobile-Detection-Method
Decoy-Debug-Status
Decoy-Debug-TTL
Candidate-Md5Url
Machine
X-Aicache-OS
X-Forwarded-Site
X-Thanos
X-Level-Front-Cache
X-Wix-Viewer-Type
X-Pool
X-Qloud-Router
X-Irp-Debug
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Ad-Defer-Variation
X-Proxy-Cache-Info
X-Policy
X-S-Maxage
X-Auto-Login
X-SB
X-Worker
X-SVT-ORM-RULES
X-Cache-Info
X-CacheTTL
X-Cdn-Origin
X-Origin-Expires
X-Cdn-Srv
X-Cache-Id
X-Cache-Bucket
X-Origin-Time
X-BBC-Edge-Cache-Status
X-Scale
X-Thinkindot-L3
X-Branch-Name
X-Parent-Response-Time
X-RateLimit-Remaining-Second
Tube-Got-Eval
Tube-Get-Contents
Tube-Got-Results
Tube-Return
V-Age
X-VServer
Traceparent
Thinkindot-Control
TDXMobile
X-Rocket-Nginx-Serving-Static
Thinkindot-CacheControl
X-WADP-Cache
Thinkindot-CacheControl-Type
X-SVT-ORM-VERSION
Vix-Hermes-Req-Id
X-Request-URI
X-Rocket-Build-Number
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-CGP
X-Rebelmouse-Cache-Control
Wxu-Next-Region
Wxu-Next-Hostname
VNS-Cache
VNS-Age
We-Hiring
Web-Mar-Region
X-Varnish-Remaining-TTL
X-RateLimit-Limit-Second
X-Ckpd-Fst-Backend
X-Hash
X-Fmm-Version
X-WA-Info
X-Gamma-Serve
X-Slack-Backend
X-Gateway-Cache-Key
X-Fetched-On
X-Fastly-Cache
X-Esi-Check
X-Epic-Correlation-Id
X-INCAP-ABP
X-Eu-Site
X-HS-Content-Campaign-Id
X-Gateway-Cache-Status
X-SIPLIST1
X-Viewer-Country
X-Gzip
X-Sigma-Backend
X-Geo-Header
X-GeoIP
X-VG-TLSProxy
X-Has-Esi
X-Sn-Servicetimems
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Gdpr
X-SplitTest
X-Is-Gdpr
X-Ec-Custom-Error
X-Minions-Version
X-Mvc-Supplant-Cachable
X-Core-Mission
X-Core-Value
X-Loc
X-Csrf-Jwt
X-Mvc-Supplant-OutputCached
X-NodeID
X-Clara-WADP
X-GeoIP-City
X-Clientip
X-Optimistic-Header
X-Nyt-Route
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Device-Os
X-Developers
X-Varnish-CookieINHashed-On
X-Sigma
X-DPWN-IS-SECURE
X-Varnish-CookieHashed-On
X-Variation
X-DefElseHash
X-Datadog-Trace-Id
X-DefHash
X-V-Cache
X-JWT-State
X-Origin
Wxu-Next-Commit
HA-Ipaddr
Adler-Geo
Ha-Gx-Prefs
Gh-Request-Id
Apple-News-Services-Host
Apple-News-Services-Handled
Is-Eu
IsBot
Country-Code
HostName
Cmsid
L
Kp-EeAlive
Apple-News-Services-Parsed-Url
Fastly-SWR
DSUID
Click-Count-Error
Cluster
Datacenter
CPC-Age
CPC-Cache
Click-Count-Action-Start
Cache-Tv-Group
Fastly-GeoIP-CountryCode
Fastly-SIE
Fastly-Backend-Name
Apple-News-Services-Request-Url
Cache-Host
Mail-Subject
L5d-Success-Class
Origin-EX
Origin-CC
Release
Producers
Memcached
Cmstype
Platform
Req-Svc-Chain
NGX
State
NM-Fastcgi-Cache
Servername
Server-Host
X-CSRF-Token
X-Cache-Remote
X-Xrds-Location
X-VC
Mime-Version
WebServer
X-Tx-Id
X-Gen-Mode
CloudFront-Viewer-Country
X-Scheme
X-Hnp-Log
X-NCache
X-NWS-UUID-VERIFY
Sever-Int
Server-Hostname
Fastcgi-Cache-TTL
X-Pod-Name
X-Block-Status
Svr
User-Cache-Control
AKAMAI
Server-Ext
CDCHOST
X-LB-NoCache
X-Varnish-Ttl
X-Varnish-Beresp-Status
Ec-Rule-Version
X-Udemy-Cache-App-Namespace
X-Ig-Push-State
Sid
Canary
X-CMSURLCustom
X-Cache-Date
Ssr
X-ZONE
Pics-Label
X-Tb-Optimization-Total-Bytes-Saved
X-Microcachable
X-Conf
X-Yandex-Sdch-Disable
Memory
Time
X-Sucuri-ID
X-Sucuri-Cache
SID
X-ATG-Version
X-Azure-Ref-OriginShield
X-Var-Ttl
X-Fastly-Backend
X-Generated-In
X-ND-Cache
Fastly-Drupal-Html
X-WP-CF-Super-Cache-Active
X-FC-Vary-Parameters
X-Cache-Debug
X-Presslabs-Stats
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Origin
X-Akamai-Transformed
X-Tec-Api-Version
X-Tec-Api-Root
X-Via-Popv
X-Via-Poph
Server-ID
X-Via-Popn
X-Dmc
X-TRACE-ID
X-Servedbyhost
X-Edge-Pop
X-Refresh
X-Be
Env
X-Cs
X-Trace-ID
X-Release
X-Newrelic-App-Data
X-Air-Hostname
X-NC
X-MSEdge-Features
X-MSEdge-Flight
Fastly-Drupal-HTML
X-Air-Trace-Id
X-CS
X-Air-Source
X-Fpc
X-Buckets
X-Esi
X-PX
X-ID
X-EC-Lua
X-Zone
X-MCACHE
X-Wikidot-Static-Cache
GeoIp-Country-Code
X-Wikidot-Backend
Magicmarker
X-Endurance-Cache-Level
X-DC
X-NGINX-Cache
CDN
X-Up
X-Tumblr-Pixel-3
X-CACHE-AGE
True-Client-IP
X-RateLimit-Reset
X-TX-ID
X-Hyper-Cache
X-Dispatch
X-Wa
My-App
X-CF-Lambda-Version
X-VCL-Version
X-Vc
X-Pass-Why
X-CF-Lambda-Fn
X-Srv
X-Webkit-CSP-Report-Only
Hostname
X-CSRF-TOKEN
X-Micro-Cache
X-M-Reqid
X-App
X-Lambda-Id
X-M-Log
Pramga
X-CACHE-KEY
C-Via
X-Qnm-Cache
X-Alfa-Service
X-Varnish-Beresp-TTL
X-Req
N-Cache
X-TrackingId
X-Edge-Origin-Shield-Region
X-Platform
On-Server
Resin-Trace
Fastcgi-X-Cache-Version
X-Air-Pt
Path
X-Vcl-Version
X-PAYTM-SRV-ID
X-Edge-Origin-Shield-Bytes
X-TH-Server
CacheControlHeader
X-Vercel-Cache
X-Vercel-Id
X-Check-Cacheable
X-HS-Status
Tcn
Esi-Enabled
True-Client-Ip
X-AIR-PT
X-Nf-Request-Id
GeoIP-Latitude
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-LB-ID
Tracecode
GeoIP-Country-Code
X-B3-Spanid
True-Client-Country-4JS
X-PERF
NtCoent-Length
X-SERVER-NAME
X-ApacheServer
X-Node-Id
Proxy-Connection
X-API-Version
X-LAGOON
X-Op-Id-All
X-Akamai-Pragma-Client-IP
X-Request-Start
X-SD-PageType
X-CLOUD-TRACE-CONTEXT
Cdn
X-Mly-Id
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
X-FPC
Cache-Key
Hit
HIT
Section-Io-Origin-Time-Seconds
DT-Hot-News
X-Webkit-Csp-Report-Only
X-Via-CDN
DynaTrace
X-Geo
X-Lb-Id
X-Render-Time
X-Proxy-CacheRZ
X-Platform-Cluster
X-WA
X-Platform-Processor
X-GeoIP-Country-Code
X-GeoIP-Region-Code
XkeyRZ
X-Platform-Router
ENV
X-Dw-Trace-Id
X-Via-PopH
X-Via-PopN
X-Date
X-Edge-POP
X-ServedByHost
X-VarnishDD-TTL
X-Via-PopV
X-Proxy-Upstream
X-Traceid
WWW-Authenticate
X-Datacenter
User-Agent
X-Via-Ucdn
Server-Id
Lb
PFcat
X-Accel-Expires-Debug
X-HN
XM
X-Cdn-Forward
X-LiteSpeed-Cache-Control
X-RAMCache
YJS-ID
XServer
X-Proxy-Cache-Hk
Server-Ttl
X-DB
X-Cache-Ttl
X-TT-LOGID
X-LI-UUID
X-CF-Powered-By
X-FORWARDED-FOR
X-Wp-Cf-Super-Cache
MIME-Version
X-LiteSpeed-Tag
SRV
X-Li-Pop
X-CUA
X-Wp-Cf-Super-Cache-Cache-Control
X-LI-Proto
X-RPS
X-RSL
X-Li-Fabric
Yjs-Id
X-DW
X-RPM
X-DI
Dnion-Transfer-Encoding
Geoip-Latitude
X-DSS
PICS-Label
X-Instance-Name
X-Response-By
X-Service-Response-Time
Sm-Log-Id
X-Nc
Wpo-Cache-Status
Wpo-Cache-Message
X-Old-Content-Length
Location
FSS-Cache
X-Akamai-ERRuleID
Nginx-CQVIP
Vha6-Origin
Ohc-File-Size
M-TraceId
X-Ftr-Request-Id
X-Akamai-ERPolicy
X-Cache-Backend
X-Fastly-Backend-Reqs
X-Litespeed-Cache-Control
X-UA
Powered-By
X-HA-Backend
X-Mg-Cache
X-Akamai-Request-ID
X-Request-Url
X-B3-ParentSpanId
X-Cc-Via
X-Fastly-Cache-Hits
X-HostName
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Httpd
X-Lb-Nocache
X-Cdn-Request-ID
X-Cache-Ngx
CountryCode
Warning
X-MiniProfiler-Ids
Locid
Srvid
X-Webstats-RespID
X-From
X-FL-EDGE
X-DataCenter
Uri
WZWS-RAY
X-Moov-Xdn-Version
X-Snapshot-Date
X-Serial
X-Moov-T
Fastcgi-Cache-Ttl
Req-ID
Ohc-Cache-HIT
X-Server-IP