Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
X-XSS-Protection
CF-RAY
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Request-ID
X-Request-Id
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Status
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Ws-Request-Id
X-Proxy-Cache
X-Server
X-Ua-Compatible
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Cf-Apo-Via
X-Page-Speed
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
X-Akam-SW-Version
Surrogate-Control
X-Backend-Server
EagleEye-TraceId
X-Cache-Lookup
Request-Id
X-Readtime
X-Ruxit-JS-Agent
X-HW
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
X-CST
Permissions-Policy
Accept-CH-Lifetime
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-Mod-Pagespeed
Fastly-Restarts
X-Edge
X-Country
Content-Location
X-WebKit-CSP-Report-Only
X-Content-Type
X-Mcache
Rating
X-Clacks-Overhead
X-MS-InvokeApp
X-Url
X-ECACHE
X-PC
X-Vname
X-TtlSet
X-Amz-Server-Side-Encryption
X-Midtier
X-VARITI-CCR
RTSS
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
Verso
X-Ac
Origin-Trial
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Server-Name
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Rack-Cache
X-Cnection
X-Varnish-TTL
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-ESI
Xkey
X-Navigation-Version
X-GitHub-Request-Id
X-Client-IP
X-Abt-Application-Version
X-NWS-LOG-UUID
X-Amz-Rid
SPRequestGuid
Edge-Control
X-SharePointHealthScore
X-Ttl
X-Cached
X-Px
X-Fastcgi-Cache
X-Mg-S
X-Litespeed-Cache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Arr-Disable-Session-Affinity
X-Upstream
SPRequestDuration
SPIisLatency
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Correlation-Id
Content-MD5
X-Dw-Request-Base-Id
X-Cache-Key
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-Goog-Hash
X-Daa-Tunnel
X-RateLimit-Remaining
Front-End-Https
X-Country-Code
Public-Key-Pins
X-Version
X-XRDS-Location
X-Forwarded-For
X-Powered-CMS
AR-ATIME
AR-SID
AR-CACHE
AR-PoweredBy
AR-Request-ID
X-Id
X-MSEdge-Ref
TCN
X-Recruiting
X-T
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Content-Digest
X-Accel-Expires
Response
X-Middleton-Response
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Ser
TP-L2-Cache
TP-Cache
Nginx-Cache
X-Amzn-Trace-Id
X-Hits
S
X-Request-Received
X-Request-Processing-Time
X-Fastly-Request-ID
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
Cache-Status
X-Distributor
X-Kinsta-Cache
X-Edge-Location-Klb
X-Grace
Cache-Tags
Fastcgi-Cache
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Alternate-Protocol
MicrosoftSharePointTeamServices
X-Ratelimit-Limit
Server-Name
X-Protected-By
X-Ruxit-Js-Agent
X-DIS-Request-ID
X-Ezoic-Cdn
X-Geo-Country
X-Origin-Server
X-Ratelimit-Reset
X-Ua-Browser
X-LB-Cache
X-Request-Handler-Origin-Region
X-Frontend
X-Microsite
X-DataDome
X-Rid
X-TTL
X-Debug-Info
X-Varnish-Backend
X-Logged-In
Cleartype
X-Www-Served-By
Healthy
Payment
X-NGENIX-Cache
Filterid
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Git-Hash
X-FB-Debug
X-Page-Id
X-Webkit-Csp
X-PressLabs-Stats
X-Load-Cache
X-ASPNET-VERSION
Charset
X-B3-Sampled
Content-Disposition
X-VCache
X-Origin-Cache
X-Cluster-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-LLID
DC
X-Ratelimit-Remaining
MS-Author-Via
X-Hostname
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
Accept-Charset
Retry-After
Accept-Ch
X-Proxy
Access-Control-Allow-Method
X-Az
X-Activity-Id
X-AppVersion
Cross-Origin-Resource-Policy
X-F-Cache
X-Type
X-B-Cache
X-FastCGI-Cache
X-Contextid
X-Signature
X-Amz-Replication-Status
X-Amz-Meta-S3cmd-Attrs
Viewport
Paypal-Debug-Id
X-Revision
X-Flags
X-Varnish-Server
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Hosted-By
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Wix-Request-Id
X-ORACLE-DMS-RID
X-TT
X-Azure-Ref
X-Seen-By
X-ORACLE-DMS-ECID
X-Whom
X-Aspnetmvc-Version
X-B
X-App-Environment
X-Fb-Rlafr
X-Oracle-Dms-Rid
Referer-Policy
Surrogate-Key
X-Oracle-Dms-Ecid
X-Source
X-DynaTrace
Count-Hit
Realpath
X-RateLimit-Limit
X-Tt-Trace-Tag
X-Tt-Trace-Host
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
X-Mobile
X-App-Server
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Host
X-Cache-Control
X-Oneagent-Js-Injection
X-EdgeConnect-Cache-Status
X-N
X-HTML-Minification-Powered-By
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Cache-Age
X-Original-Request-Id
X-Response-Served-From
X-Tumblr-User
Version
X-Cache-Rule
X-Varnish-Age
X-Varnish-Grace
X-UUID
Refresh
X-Magnolia-Registration
VIX-Pulpo-Node
Access-Control-Request-Headers
MS-CV
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Nginx-Cache
X-Cache-Time
Ms-Operation-Id
X-Rule
Section-Io-Cache
X-Envoy-Decorator-Operation
X-RTag
Akamai-GRN
Protected
X-Cache-Grace
X-Adobe-Loc
X-Content-Powered-By
X-Adobe-Content
X-L-Path
X-FW-Server
X-FW-Serve
X-Cache-Expired-At
X-FW-Static
X-Cache-Status-Check
X-FW-Type
X-FW-Version
X-FW-Hash
X-FW-Dynamic
X-Status
X-Page-View
X-Environment-Context
X-Framework
X-B3-Traceid
X-Device-Type
X-Rendered-As
NGB
X-Jobs
GEO-INFO
X-NYM-Debug-Backend
X-Http-Reason
X-Servername
X-RemovedCookies
X-G
X-Instance
X-Is-Bot
X-ProcessESI
X-Cacheable-TTL
Url
X-Akamai-Request-ID2
X-Debug-IsPreview
X-Debug-IsConnected
X-Backend-Name
X-User-Agent
X-Newrelic-App-Data
X-Drupal-Cache-Contexts
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Drupal-Cache-Tags
CDN-RequestId
X-CDN-Forward
X-Tb
X-Cache-Hit
From-Origin
WPO-Cache-Message
WPO-Cache-Status
Country
X-Trace-Id
X-Pinterest-Rid
SRV
X-Tt-Logid
Pinterest-Generated-By
X-Region
Pinterest-Version
X-URL
X-Node-Name
Accept-Language
Front
X-Real-IP
X-Template
Backend
X-VC-Cache
Uber-Trace-Id
X-Mode
X-XRDS-LOCATION
X-Time
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Language
X-Content-Options
Fastly-Drupal-HTML
Content-Secure-Policy
Fastly-SWR
X-DynaTrace-JS-Agent
Fastly-SIE
Filters
X-Tumblr-Pixel-2
Meta-Geo
X-RN-RSRV
X-Cache-Operation
X-Rewrite-Enabled
X-Generation-Time
X-UPSTREAM-Address
X-Unique-Id
Azure-InstanceId
Azure-Version
X-IPS-LoggedIn
Azure-SlotName
Azure-SiteName
Webserver
X-Section
CDN-Cache
Azure-RegionName
CDN-RequestCountryCode
X-Amzn-Remapped-Content-Length
X-Cache-Server
X-Format
CDN-CachedAt
X-Cache-TTL-Remaining
X-Web-Node
X-Rocket-Nginx-Serving-Static
X-Access
Onion-Location
CDN-PullZone
CDN-EdgeStorageId
CF-IPCountry
CDN-Uid
X-Proxy-Cache-Info
X-Proxy-Cache-Status
X-Cms-Context
X-Debug
X-Sucuri-ID
X-Reqid
X-SayCDN-TTL
Apigw-Requestid
X-Adobe-Source
Cross-Origin-Window-Policy
X-Say-Cacheable
X-Say-TTL
X-Cache-Action
X-Sql-Count
X-Cache-Host
X-Zen-Fury
X-Sucuri-Cache
X-Sql-Duration-Ms
X-Ua
X-Fastly-Request-Id
X-BYPASS-REASON
X-AWS-Id
TWC-GeoIP-LatLong
TWC-Device-Class
X-Cluster
TWC-Connection-Speed
X-R9-Blue-Green-Version
TWC-GeoIP-Country
ServerID
X-SRV
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Content-Age
S-Rt
Web-Mar-Node
X-Forwarded-Host
X-PHP-Host
X-Ms-Version
X-Proto
Property-Id
X-ProxyCache-Status
X-ProxyCache-Key
X-Ms-Request-Id
X-LJ-Flow-ID
X-GeoCode
X-VWS-Id
X-GeoCountry
X-IPLB-Instance
X-Labrador-Cache-Channel
X-IPLB-Request-ID
X-Edge-Location
TWC-Locale-Group
X-Varnish-Beresp-Grace
X-UA-Device-Type
X-Soup
Node
Cache-Name
Webcakes-Region
X-Origin-Hint
X-Via-Fastly
X-Locale
X-Server-W
X-PHP-Backend
X-Skip-Cache
X-JoinUs
X-Handled-By
X-Extlb
X-LAGOON
X-Xfnlog-Site
X-Proxied
X-Cluster-Node
X-Zipkin-Id
X-No-Session
Cache-Hits
X-Urbn-Context-Path
X-LSADC-Cache
X-Urbn-Site-Id
X-Detected-As
X-Routing-Service
X-SaId
X-Site-Version
Locale
X-Timing-Wait
Mime-Version
WP-Super-Cache
Selected-Fe
X-WP-CF-Super-Cache-Cache-Control
Mn-Server-Ip
X-WP-CF-Super-Cache
X-Proxy-Build
Fastcgi-Useragent
X-Hl-Ver
DB-Nickname
X-TIME
X-FB-TRIP-ID
X-ECache
X-Request-Time
X-Tumblr-Pixel-3
X-Redis-Cache
ServedBy
Liferay-Portal
X-Cache-Debug
X-Optimistic-Header
X-Loop
X-TNCMS
X-NWS-UUID-VERIFY
Upgrade-Insecure-Requests
Source
Xserver
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Origin-Date
X-GEO
X-Generated-By
X-Mg-Request-UUID
X-Times
Countrycode
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tid
X-Akamai-Transformed
CF-Cached-On
X-CACHE-AGE
X-Varnish-Hits
X-COUNTRY
X-Uri
X-Cdn
X-Director
X-Storage
Xet-Cookie
X-Pass-Why
Frame-Options
X-TA-CDN-Provider
X-Varnish-Beresp-Ttl
X-Varnish-Ttl
X-Newrelic-Synthetics
X-Origin-TTL
X-Tx-Id
X-ARC
X-Origin-CC
X-FireWall-Port
X-Esi
X-Trace-ID
X-Service
X-Varnish-Cache-Hits
X-B3-Spanid
X-Presslabs-Stats
X-Alternate-Cache-Key
X-Endurance-Cache-Level
Environment
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Sampled
X-DC
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Varnish-Hostname
X-Buckets
Origin
Release
Rendered-Blocks
Redirect-Candidate
Req-Svc-Chain
Surrogated-Key
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
TDXMobile
X-Vdms-Version
Odigeo-Trace-Id
T-Server
Sslversion
X-We-Are-Hiring
DCR-Decision-By
DCR-Processing-Time-Ms
Candidate-Md5Url
BehaviorPad-Version
Xc-Version
A
Edge-Cache
Gannett-Cam-Experience-Id
X-VG-TLSProxy
Meta-Geo-Continent
MD5-Digest
Lang
WWW-Authenticate
Host-ID
Ngx.Var.Host
X-A-Dcw
X-S
X-Rojux
X-Ec-GeoHdr
X-External-Request-Id
X-Ec-Fail
X-Developer
X-Core-Value
X-D
X-Destination
X-Processor
X-Frame-Option
X-Mid
X-Platform-Cluster
X-Mobile-URL
X-Nyt-Route
X-Platform-Processor
X-Loc
X-Platform-Router
X-Gdpr
X-INCAP-ABP
X-CMSURLCustom
X-S-Cookie
X-Aed
X-Application
X-B-Cookie
X-Vdms-Path
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-Origin-Time
X-BBC-Edge-Cache-Status
X-TIM-N
X-Cache-NE
X-ScT
X-S-Maxage
X-Cache-Info
X-SRCache-Key
X-Thinkindot-L3
X-Bc-Bl
X-BCube-Filmed-By
X-A
X-Epic-Correlation-Id
Cache-Tv-Group
Server-Info
X-Request-Host
X-AIR-PT
SID
X-ServerID
Tube-Got-Eval
X-Sigma-Backend
Tube-Get-Contents
X-Sigma
X-SD-PageType
X-Rocket-Build-Number
X-Restarts
X-SB
Vix-Hermes-Req-Id
Tube-Return
X-Sn-Servicetimems
Tube-Got-Results
State
X-WADP-Cache
X-WA-Info
X-Worker
X-WP-CF-Super-Cache-Active
Magicmarker
X-VServer
X-Varnish-Remaining-TTL
X-Test
X-SVT-ORM-VERSION
X-Gamma-Serve
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-SVT-ORM-RULES
X-Platform-Server
X-DefElseHash
X-DefHash
X-CUA
X-HS-Content-Campaign-Id
X-Httpd
X-Core-Mission
X-Has-Esi
X-Developers
X-Geo-Header
X-Fmm-Version
X-Pubstack
X-GeoIP-City
X-Ec-Custom-Error
X-Human
X-Clara-WADP
X-Origin-Response-Time
X-Old-Content-Length
X-Auto-Login
X-Akamai-Device-Characteristics
Memcached
X-Cache-Bucket
X-NodeID
X-Cdn-Srv
X-Is-Gdpr
X-Cdn-Origin
X-JWT-State
X-Location
X-Req
Server-Host
X-Generated-On
X-Level-Front-Cache
Country-Code
Cluster
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
DSUID
Decoy-Debug-TTL
Click-Count-Error
Click-Count-Action-Start
Apple-News-Services-Host
Apple-News-Services-Handled
X-Served-From
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
C-Via
Cache-Host
Section-Io-Origin-Time-Seconds
X-App-Version
Section-Io-Origin-Status
X-RM-Cache-TTL
Section-Io-Id
Section-Origin-Responded
X-Parent-Response-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Cache-Provider
Cache-Key
X-Origin
X-Block-Status
CloudFront-Viewer-Country
CacheControlHeader
X-Thanos
X-Accel-Expires-Debug
X-Accel-Buffering
X-Varnish-Beresp-Status
X-Ad-Defer-Variation
CDCHOST
X-Cache-Backend
X-Planisys-CDN-TTL
X-App
Mail-Subject
Adler-Geo
Is-Eu
X-Gen-Mode
L
X-Pool
Kp-EeAlive
X-Hnp-Log
X-Hash
Ssr
X-Cache-Id
X-Cache-FS-Status
X-Vmg-Version
X-Node-Id
X-Nananana
X-Minions-Version
X-Date
X-Fastly-Backend
X-Request-Start
Platform
X-Fetched-On
X-GeoIP-Region-Code
X-Esi-Check
X-DPWN-IS-SECURE
X-Gzip
X-Slack-Backend
X-Up
Sever-Int
Server-Ext
Producers
X-Bip
X-GeoIP-Country-Code
Server-Hostname
X-Var-Ttl
X-Variation
X-Wix-Viewer-Type
X-GeoIP
Web-Mar-Region
We-Hiring
Cmsid
X-Conf
NM-Fastcgi-Cache
AKAMAI
Svr
X-Dispatcher-Number
X-Scale
Origin-CC
Gh-Request-Id
Cmstype
Origin-EX
User-Cache-Control
X-CSRF-Token
X-Region-Sid
X-Org
X-Varnishpool
X-V-Cache
X-HN
X-NCache
X-VarnishDD-TTL
X-Azure-Ref-OriginShield
X-Ckpd-Fst-Backend
X-Device-Os
Wxu-Next-Region
Wxu-Next-Hostname
NGX
Machine
Datacenter
Wxu-Next-Commit
X-Dispatcher-Server
X-Slack-Shared-Secret-Outcome
X-Mvc-Supplant-Cachable
X-LB-NoCache
X-Owner
X-Irp-Debug
X-Op-Id-All
X-Refresh
X-Server-IP
X-Men
On-Server
X-Nginx-Cache-Key
X-Qloud-Router
X-Platform
X-Cached-By
X-FC-Vary-Parameters
X-CacheTTL
X-Cache-Tags
Fastly-SSL
Pics-Label
PFcat
X-Aicache-OS
X-Forwarded-Site
X-Webkit-CSP-Report-Only
Canary
HA-Ipaddr
X-Csrf-Jwt
L5d-Success-Class
Cdn
X-CGP
X-Via-Popv
X-Eu-Site
HostName
Ha-Gx-Prefs
X-Via-Popn
X-Via-Poph
X-Tb-Optimization-Total-Bytes-Saved
X-Mvc-Supplant-OutputCached
Env
X-HA-Backend
X-AK-Request-ID
X-Cache-Date
X-APP-VERSION
Cdncip
Cdnsip
X-Cache-Remote
X-VC
GeoIP-Latitude
X-Servedbyhost
X-RCS-CacheZone
X-Microcachable
X-API-Version
X-Mly-Id
X-LB-ID
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Request-Id
Server-ID
X-Gateway-Cache-Key
X-Zone
X-DataCenter
Memory
Time
Cache
X-ZONE
X-Webkit-CSP
Request-ID
X-Fpc
X-Fastly-Cache
Load-Balancing
X-Via-NSCOPI
Eomportal-Instance
X-Wa
X-Generated-In
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Origin-Expires
Ngx-Var-Key
X-ND-Cache
X-Micro-Cache
X-Nc
X-Instance-Name
AMP-Access-Control-Allow-Source-Origin
X-Correlation-ID
OT-Force-Account-Verify
Srv
X-Check-Cacheable
X-Response-By
X-HS-Status
X-Release
X-Client-Ip
X-Vc
X-From
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Locid
IsBot
Srvid
Expect-Staple
X-Hcs-Proxy-Type
X-Request-URI
X-SIPLIST1
X-FL-QIT-DEBUG
X-FL-EDGE
X-VCL-Version
X-Cache-Enabled
X-Via-CDN
X-NewRelic-App-Data
Hostname
X-Cache-NGX
X-Info
X-Edge-Pop
X-CS
X-Via-JSL
NtCoent-Length
GeoIp-Country-Code
X-Via-SSL
X-Via-Edge
X-Api-Version
X-MCACHE
Edge-Copy-Time
X-Srv
X-Dc
X-CSRF-TOKEN
X-Provided-By
True-Client-Ip
X-Nf-Request-Id
X-Proxy-CacheRZ
XkeyRZ
Sid
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Store
Uri
True-Client-IP
X-Debug-Cache-Fetch
X-NGINX-Cache
X-Lambda-Id
Location
X-EC-Lua
X-Air-Pt
X-Vcl-Version
X-Cache-Expires
Path
X-Cs
CPC-Age
VNS-Age
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Fastly-Country-Code
X-Oss-Object-Type
X-Oss-Request-Id
X-Vtex-Remote-Cache
Fastly-Drupal-Html
X-Render-Time
VNS-Cache
X-Edge-POP
Resin-Trace
X-Oss-Storage-Class
CPC-Cache
GeoIP-Country-Code
X-Server-ID
X-B3-SpanId
CDN
Cross-Origin-Opener-Policy-Report-Only
Servername
X-Datadome
X-TH-Server
X-Moov-T
X-Moov-Xdn-Version
X-TX-ID
X-CACHE-KEY
X-VCT
X-CLOUD-TRACE-CONTEXT
Traceparent
X-Viewer-Country
X-Cdn-Request-ID
X-ATG-Version
X-Scheme
X-Varnish-Beresp-TTL
X-Pod-Name
X-FPC
X-PERF
X-Contensis-Viewer-Groups
X-ApacheServer
X-Cache-ASPX
Timeexpire
X-MSEdge-Flight
LB
X-Varnish-Authentication
Esi-Enabled
X-MSEdge-Features
X-Akamai-Pragma-Client-IP
X-Accel-Version
M-TraceId
X-WA
X-Datacenter
Powered-By
X-RateLimit-Reset
FSS-Cache
XServer
X-NAPM-TraceId
Rip
CountryCode
YJS-ID
X-RateLimit-Remaining-Second
X-NC
X-RateLimit-Limit-Second
X-Service-Response-Time
X-Cdn-Cache-Status
Sm-Log-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-SERVER-NAME
X-Upstream-Ht
Server-Id
X-Upstream-Ct
X-Cache-Type
X-Geo
X-Lb-Id
X-Srcache-Fetch-Status
X-ServedByHost
V-Age
X-Srcache-Store-Status
Ohc-File-Size
X-Cdn-Forward
Tracecode
True-Client-Country-4JS
X-Udemy-Cache-App-Namespace
X-Clientip
Proxy-Connection
RNT-Time
X-CDN-Cache-Status
X-Wikidot-Backend
X-LiteSpeed-Cache-Control
N-Cache
XM
X-VG-WebCache
HIT
X-TraceId
RNT-Machine
Geoip-Latitude
X-Wikidot-Static-Cache
ENV
X-Tenant
X-Shop-Environment
Yjs-Id
X-Orig-Expires
X-Ha-Backend
WZWS-RAY
X-Forwarded-Path
Ngx
Epwk-X-Cache
X-Hyper-Cache
X-Lb-Nocache
X-B3-Parentspanid
X-Bl-Debug
X-MiniProfiler-Ids
User-Agent
Inserted-Into-Cache-At
X-Via-PopV
X-Rebelmouse-Cache-Control
X-Serial
X-Cdn-Diag
X-Vgn-Hpd-Reason
X-Rebelmouse-Surrogate-Control
Ec-Rule-Version
X-Via-PopN
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
X-B3-Trace-ID
X-B3-ParentSpanId
Content-Script-Type
X-Via-PopH
X-Swift-Error
Content-Style-Type
X-MP-GENERATED-AT
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-F-Status
X-TT-LOGID
X-Wp-Cf-Super-Cache
X-M-Reqid
PICS-Label
ServerName
X-Amz-Meta-Opti
Lb
Hit
X-Policy
X-M-Log
X-App-Name
X-Qnm-Cache
X-LiteSpeed-Tag
X-Mid-Debug-Cache-Disk
X-Connection-Hash
X-IPS-Cached-Response
X-Mid-Debug-Cache-Key
X-Cache-Ngx
X-UP
X-Request-URL
Warning
X-Stale
Pramga
X-Th-Server
Req-ID
Expiry
My-App
Cneonction
MIME-Version
X-Snapshot-Date