Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
CF-Ray
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Request-ID
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-UA-Device
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
P3p
X-Proxy-Cache
X-Dns-Prefetch-Control
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
X-Ua-Compatible
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Cf-Apo-Via
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Ruxit-JS-Agent
EagleEye-TraceId
X-Server-Id
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Cache-Spec
X-Content-Security-Policy-Report-Only
X-Cache-Lookup
X-HW
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Application-Context
X-Trace
X-Cloud-Trace-Context
X-Response-Time
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
Accept-CH-Lifetime
X-Country
X-Litespeed-Cache
Content-Location
X-Mcache
X-Content-Type
X-MS-InvokeApp
X-Url
X-Clacks-Overhead
X-PC
X-Vname
X-TtlSet
X-CST
X-Midtier
X-Amz-Server-Side-Encryption
Rating
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-Rack-Cache
Origin-Trial
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
Verso
X-VARITI-CCR
X-Server-Name
X-Ac
X-Powered-By-Plesk
Service-Worker-Allowed
X-Ttl
X-Cnection
X-ECACHE
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Client-IP
X-Navigation-Version
X-GitHub-Request-Id
Xkey
X-Abt-Application-Version
Edge-Control
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-Upstream
Arr-Disable-Session-Affinity
X-B3-TraceId
X-Cached
X-Dw-Request-Base-Id
X-Mg-S
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-NWS-LOG-UUID
X-Erf-Bev-Bev
X-Instrumentation
X-Px
X-FastCGI-Cache
X-Middleton-Display
Display
X-Sol
Pagespeed
X-Varnish-TTL
X-Cache-Key
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-NF-Request-ID
Access-Control-Request-Method
X-Forwarded-For
Edge-Cache-Tag
X-Country-Code
X-Correlation-Id
X-Goog-Hash
Content-MD5
TCN
X-Powered-CMS
Front-End-Https
X-Ser
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-SID
Public-Key-Pins
X-RateLimit-Remaining
X-Id
X-Version
Accept-Ch
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-MSEdge-Ref
X-Recruiting
X-Content-Digest
X-Amzn-Trace-Id
X-T
X-Ratelimit-Limit
Response
X-Middleton-Response
X-Accel-Expires
TP-Cache
TP-L2-Cache
MicrosoftSharePointTeamServices
X-Shield-Request-Id
X-XRDS-Location
S
Nginx-Cache
Cache-Status
X-Webkit-Csp
X-Daa-Tunnel
X-Request-Received
X-Request-Processing-Time
Server-Node
X-B3-TraceId-Primal
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
MRF-Tech
Mrf-Cache-Status
Cache-Tags
Cross-Origin-Opener-Policy
X-Fastcgi-Cache
X-Distributor
X-Hits
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Kinsta-Cache
X-LB-Cache
X-Edge-Location-Klb
X-Origin-Server
X-Ratelimit-Remaining
X-Ezoic-Cdn
X-Ua-Browser
X-PressLabs-Stats
X-Fastly-Request-ID
Alternate-Protocol
Fastcgi-Cache
Filterid
X-Grace
X-Hostname
X-Ratelimit-Reset
X-Frontend
X-LLID
X-ORACLE-DMS-RID
X-Request-Handler-Origin-Region
X-Geo-Country
Server-Name
X-ORACLE-DMS-ECID
X-Microsite
X-DIS-Request-ID
X-Rid
X-FB-Debug
Healthy
X-Logged-In
X-Git-Hash
X-Varnish-Backend
X-Debug-Info
X-NGENIX-Cache
Payment
Cleartype
X-Www-Served-By
Realpath
X-Protected-By
X-Cluster-Name
X-Page-Id
X-Load-Cache
X-Forwarded-Proto
DC
X-ASPNET-VERSION
MS-Author-Via
X-ECache
X-DataDome
Access-Control-Allow-Method
Content-Disposition
X-Origin-Cache
Charset
X-B3-Sampled
X-GUploader-UploadID
X-Goog-Metageneration
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Server-ID
X-Az
X-AppVersion
X-Activity-Id
X-Proxy
X-Seen-By
X-F-Cache
X-Cache-Age
Count-Hit
X-B3-Traceid
X-Times
X-Azure-Ref
X-Fb-Rlafr
X-TTL
X-Amz-Replication-Status
X-Whom
Cross-Origin-Resource-Policy
Paypal-Debug-Id
X-B
X-Amz-Meta-S3cmd-Attrs
X-Revision
Surrogate-Key
X-Akamai-Edgescape
X-Contextid
X-Type
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
Viewport
X-Route-Name
X-App-Environment
Accept-Charset
X-Flags
X-Aspnetmvc-Version
X-Wix-Request-Id
Retry-After
X-TT
X-Varnish-Server
X-Hosted-By
X-B-Cache
X-Signature
X-DynaTrace
X-Language
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Oracle-Dms-Ecid
X-Source
X-Oracle-Dms-Rid
X-Envoy-Decorator-Operation
X-App-Server
X-Varnish-Ttl
X-Magnolia-Registration
X-Mobile
X-Varnish-Grace
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-VCache
X-Goog-Stored-Content-Length
Host
Version
WPO-Cache-Message
WPO-Cache-Status
Referer-Policy
X-Fastly-Request-Id
X-Cache-Rule
Refresh
X-HTML-Minification-Powered-By
X-N
Access-Control-Request-Headers
X-Cache-Time
X-Response-Served-From
X-Original-Request-Id
X-Varnish-Age
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cache-Status-Check
X-Rule
X-Tumblr-Pixel-1
X-Amz-Apigw-Id
X-Tumblr-Pixel
X-Amzn-RequestId
X-Cacheable-TTL
X-Content-Powered-By
X-Cache-Grace
X-Jobs
X-RTag
X-EdgeConnect-Cache-Status
Ms-Operation-Id
MS-CV
X-UUID
X-User-Agent
Protected
SD-X-WS
X-Framework
CDN-RequestId
X-G
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
GEO-INFO
Section-Io-Cache
X-Backend-Name
X-Environment-Context
X-FW-Static
X-FW-Server
X-FW-Version
X-L-Path
X-ProcessESI
X-RemovedCookies
X-FW-Serve
X-FW-Type
From-Origin
X-FW-Hash
X-Device-Type
X-FW-Dynamic
X-Trace-Id
X-Page-View
X-Tt-Trace-Host
NGB
X-Tt-Trace-Tag
X-Instance
X-Rendered-As
X-Status
X-Region
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Http-Reason
X-Cache-Expired-At
X-Is-Bot
X-Adobe-Content
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-XRDS-LOCATION
X-Nginx-Cache
X-RateLimit-Limit
Front
Akamai-GRN
Url
X-Servername
X-Unique-Id
SRV
Accept-Language
X-Template
Pinterest-Generated-By
Liferay-Portal
X-CDN-Forward
X-Pinterest-Rid
Pinterest-Version
X-Debug-IsPreview
X-Content-Options
X-Debug-IsConnected
Fastly-SIE
Fastly-SWR
Backend
X-Yottaa-Optimizations
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Newrelic-App-Data
X-Yottaa-Metrics
X-Time
X-Cache-Hit
X-Zen-Fury
X-DynaTrace-JS-Agent
Country
X-Mode
X-COUNTRY
Content-Secure-Policy
X-Rocket-Nginx-Serving-Static
X-Cache-Operation
X-Uri
Node
X-Amzn-Remapped-Content-Length
Filters
X-Content-Age
X-RN-RSRV
Onion-Location
S-Rt
Uber-Trace-Id
Webserver
X-IPS-LoggedIn
Meta-Geo
X-Rewrite-Enabled
X-Proxy-Cache-Info
X-UPSTREAM-Address
X-Timing-Wait
X-Edge-Location
Selected-Fe
X-Tumblr-Pixel-2
X-Cache-Server
X-Proxy-Build
X-Tb
CF-IPCountry
X-PHP-Backend
X-Web-Node
Azure-Version
Cache-Hits
X-Locale
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Real-IP
X-Site-Version
X-Cluster-Node
X-Soup
X-Skip-Cache
X-Origin-Date
X-Proto
X-PHP-Host
Cache-Name
X-Server-W
X-Sucuri-Cache
X-BYPASS-REASON
X-Sucuri-ID
X-Cache-Action
X-ARC
X-ProxyCache-Status
X-Ms-Version
X-Via-Fastly
X-Varnish-Beresp-Grace
X-ProxyCache-Key
X-Say-TTL
X-Labrador-Cache-Channel
X-Say-Cacheable
X-Cms-Context
X-Ms-Request-Id
X-SayCDN-TTL
X-Tumblr-Pixel-3
X-Proxied
ServedBy
ServerID
X-Origin-Hint
X-Reqid
X-Zipkin-Id
Cross-Origin-Window-Policy
X-Proxy-Cache-Status
X-Routing-Service
X-R9-Blue-Green-Version
DB-Nickname
Property-Id
TWC-GeoIP-LatLong
X-Cache-Host
X-Generation-Time
X-Sql-Count
X-Forwarded-Host
X-Format
X-Section
X-Debug
X-Extlb
X-UA-Device-Type
X-Sql-Duration-Ms
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
TWC-Privacy
Webcakes-App-Version
X-Access
Webcakes-Region
X-VC-Cache
TWC-Connection-Speed
Webcakes-App-Name
WP-Super-Cache
Countrycode
Cache-Tv-Group
Apigw-Requestid
X-AWS-Id
X-IPLB-Instance
X-LAGOON
X-Handled-By
X-FB-TRIP-ID
X-IPLB-Request-ID
Web-Mar-Node
X-VWS-Id
X-Adobe-Source
X-Ruxit-Js-Agent
X-JoinUs
X-Optimistic-Header
X-SaId
X-LJ-Flow-ID
X-Detected-As
X-Cache-TTL-Remaining
X-No-Session
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Ua
X-Cluster
Locale
Mn-Server-Ip
X-GeoCountry
Fastcgi-Useragent
X-Node-Name
X-LSADC-Cache
X-GeoCode
X-Tt-Logid
X-Xfnlog-Site
X-App-Version
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Director
Mime-Version
X-Oneagent-Js-Injection
Source
Upgrade-Insecure-Requests
X-Varnish-Hits
X-GEO
X-Buckets
CDN-Cache
Frame-Options
X-Generated-By
X-Hl-Ver
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-Uid
Fastly-Drupal-HTML
CDN-RequestCountryCode
X-Tec-Api-Origin
X-TIME
X-Tec-Api-Version
X-Tec-Api-Root
X-Mg-Request-UUID
X-Request-Time
X-FireWall-Port
X-Varnish-Cache-Hits
X-Redis-Cache
Load-Balancing
X-Api-Version
Xet-Cookie
X-TA-CDN-Provider
X-Varnish-Hostname
X-Origin-CC
X-ServerID
X-URL
X-Origin-TTL
X-Webkit-CSP-Report-Only
X-RM-Cache-TTL
X-Loop
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Cache-Debug
X-Datadog-Parent-Id
CF-Cached-On
X-SRV
X-Datadog-Trace-Id
X-Tx-Id
X-Akamai-Transformed
X-Sorting-Hat-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Pubstack
X-Served-From
X-Endurance-Cache-Level
X-Pass-Why
X-Storage
X-Newrelic-Synthetics
X-CSRF-Token
X-Request-Host
Server-Info
X-Service
Xserver
X-Restarts
X-TNCMS
BehaviorPad-Version
NM-Fastcgi-Cache
Cache-Host
Candidate-Md5Url
DCR-Processing-Time-Ms
DCR-Decision-By
Thinkindot-Control
A
Odigeo-Trace-Id
Redirect-Candidate
X-A-Ccd
X-A
X-A-Dcw
X-A-Dam
WWW-Authenticate
Edge-Cache
Server-Host
Rendered-Blocks
Release
Sslversion
Thinkindot-CacheControl-Type
T-Server
TDXMobile
Thinkindot-CacheControl
Meta-Geo-Continent
Memcached
Ngx.Var.Host
Gannett-Cam-Experience-Id
Surrogated-Key
Host-ID
Lang
Origin
MD5-Digest
DSUID
X-Ec-Fail
X-Rocket-Build-Number
X-Processor
X-Rojux
X-S
X-S-Maxage
X-S-Cookie
X-Platform-Router
X-Platform-Processor
X-Nyt-Route
X-Mobile-URL
X-Origin
X-Origin-Time
X-Platform-Cluster
X-ScT
X-Sigma
X-Vdms-Path
X-TIM-N
X-Vdms-Version
X-We-Are-Hiring
Xc-Version
X-Thinkindot-L3
X-Thanos
X-Sn-Servicetimems
X-Sigma-Backend
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Mid
X-Men
X-Cache-NE
X-Cache-Info
X-Cdn-Origin
X-CMSURLCustom
X-Core-Mission
X-Conf
X-Bip
X-BCube-Filmed-By
X-Akamai-Device-Characteristics
X-A-Wwc
X-Application
X-B-Cookie
X-Bc-Bl
X-CUA
X-D
X-Httpd
X-Hash
X-INCAP-ABP
X-Level-Front-Cache
X-Loc
X-Generated-On
X-Gdpr
X-Developer
X-Destination
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-External-Request-Id
X-A-Dgt
X-Aed
X-Correlation-ID
X-WP-CF-Super-Cache-Active
X-Provided-By
HostName
X-Location
X-Node-Id
X-BBC-Edge-Cache-Status
Fastly-GeoIP-CountryCode
Gh-Request-Id
Section-Io-Id
X-Cache-Date
X-Cache-Bucket
X-Mvc-Supplant-Cachable
X-Org
X-DefHash
Platform
X-Platform
X-Auto-Login
Section-Origin-Responded
Is-Eu
X-Origin-Expires
X-Origin-Response-Time
X-NodeID
X-Dispatcher-Number
X-Ec-Custom-Error
Section-Io-Origin-Time-Seconds
X-Gamma-Serve
X-Fetched-On
Req-Svc-Chain
X-Esi-Check
X-Fastly-Backend
X-Fastly-Cache
Section-Io-Origin-Status
X-GeoIP
X-Gzip
X-Cache-Id
X-Pool
X-Dispatcher-Server
X-CacheTTL
Mail-Subject
Magicmarker
X-GeoIP-City
X-Human
Country-Code
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Date
Adler-Geo
X-Varnish-CookieHashed-On
X-Var-Ttl
X-Variation
X-Varnish-Beresp-Status
X-Varnishpool
Tube-Got-Results
X-Worker
We-Hiring
X-Response-By
Vix-Hermes-Req-Id
X-Varnish-Beresp-Ttl
X-Vmg-Version
X-VServer
Tube-Return
Tube-Got-Eval
X-Test
Click-Count-Error
Click-Count-Action-Start
X-Req
CloudFront-Viewer-Country
X-Accel-Expires-Debug
X-Region-Sid
Cmstype
Cmsid
X-DefElseHash
Tube-Get-Contents
Cache-Key
X-Slack-Shared-Secret-Outcome
C-Via
X-Slack-Backend
X-Server-IP
X-Scale
X-SD-PageType
X-Ad-Defer-Variation
X-Parent-Response-Time
Environment
X-Core-Value
X-Accel-Buffering
X-App
X-Azure-Ref-OriginShield
X-Ckpd-Fst-Backend
X-Cache-Tags
X-Cache-FS-Status
X-Clara-WADP
X-Irp-Debug
X-Release
X-Request-Start
X-Qloud-Router
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Air-Pt
X-V-Cache
X-Wix-Viewer-Type
Expect-Staple
X-WADP-Cache
X-WA-Info
X-VG-TLSProxy
X-Owner
X-Nginx-Cache-Key
X-Geo-Header
X-GeoIP-Country-Code
X-Forwarded-Site
X-Fmm-Version
X-DPWN-IS-SECURE
X-FC-Vary-Parameters
X-GeoIP-Region-Code
X-Has-Esi
X-Is-Gdpr
X-Mly-Id
Web-Mar-Region
X-Instance-Name
X-HS-Content-Campaign-Id
X-Device-Os
X-JWT-State
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CacheControlHeader
Apple-News-Services-Host
Ssr
Apple-News-Services-Handled
State
Datacenter
Producers
Kp-EeAlive
Machine
Fastly-Backend-Name
On-Server
Origin-EX
Origin-CC
AKAMAI
Canary
X-Via-CDN
X-Op-Id-All
Server-Ext
X-Cdn-Srv
X-Frame-Option
X-Hnp-Log
Server-Hostname
Cache-Provider
X-Minions-Version
User-Cache-Control
X-Developers
X-Platform-Server
X-Gen-Mode
PFcat
Wxu-Next-Hostname
X-Old-Content-Length
Wxu-Next-Commit
L
Wxu-Next-Region
NGX
Fastly-SSL
X-Aicache-OS
X-HN
X-VarnishDD-TTL
X-SB
X-NCache
Locid
X-Block-Status
Srvid
X-FL-QIT-DEBUG
X-FL-EDGE
Sever-Int
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
X-VC
X-Zone
X-CACHE-AGE
X-LB-NoCache
X-Mvc-Supplant-OutputCached
X-Microcachable
X-Eu-Site
X-B3-Spanid
X-From
X-CGP
X-Vcl-Version
X-Cache-Remote
L5d-Success-Class
X-Nananana
Ha-Gx-Prefs
HA-Ipaddr
X-Csrf-Jwt
CDCHOST
X-Up
X-Cache-Backend
X-DC
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Enabled
Env
GeoIP-Latitude
X-Generated-In
X-Debug-Cache-Fetch
Decoy-Debug-Key
X-Refresh
X-RCS-CacheZone
X-ND-Cache
X-Debug-Cache-Store
Decoy-Debug-Status
Cluster
X-Lambda-Id
Decoy-Debug-TTL
Pics-Label
X-Presslabs-Stats
X-Trace-ID
X-Dc
X-Via-Popn
X-Cached-By
X-Via-Popv
X-VCT
X-Tid
X-Via-Poph
X-NWS-UUID-VERIFY
X-Cs
NtCoent-Length
SID
Cache
CPC-Cache
VNS-Age
Sid
X-Vtex-Remote-Cache
X-Render-Time
Memory
CPC-Age
VNS-Cache
X-HS-Status
Time
X-B3-SpanId
X-Webkit-CSP
X-Servedbyhost
X-CCDN-Origin-Time
X-HA-Backend
X-Edge-Pop
X-Hcs-Proxy-Type
X-LB-ID
X-DataCenter
X-CCDN-CacheTTL
X-Srv
X-Upstream-Ht
X-Upstream-Ct
X-Esi
Fastly-Drupal-Html
X-TH-Server
X-Wa
X-Nc
X-AIR-PT
X-Vgn-Hpd-Ssi
Svr
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
Cdn
AMP-Access-Control-Allow-Source-Origin
X-Client-Ip
Server-ID
X-NewRelic-App-Data
X-ATG-Version
X-CLOUD-TRACE-CONTEXT
X-Cache-Type
X-Via-JSL
X-ZONE
X-Cache-ASPX
X-Varnish-Authentication
X-Contensis-Viewer-Groups
GeoIp-Country-Code
Srv
Uri
X-Fpc
XkeyRZ
X-Vc
X-Check-Cacheable
X-Proxy-CacheRZ
X-MP-GENERATED-AT
True-Client-IP
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-RateLimit-Limit-Second
X-CF-Lambda-Version
Esi-Enabled
X-RateLimit-Remaining-Second
XServer
X-Amz-Meta-Cb-Modifiedtime
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Varnish-Beresp-TTL
X-Nf-Request-Id
X-AK-Request-ID
Cdncip
M-TraceId
Cdnsip
Hostname
X-CS
X-Udemy-Cache-App-Namespace
X-NGINX-Cache
X-EC-Lua
X-Wikidot-Static-Cache
X-Via-NSCOPI
X-API-Version
True-Client-Ip
X-Wikidot-Backend
Resin-Trace
X-CSRF-TOKEN
YJS-ID
OT-Force-Account-Verify
X-FPC
N-Cache
X-MSEdge-Flight
X-MSEdge-Features
X-CDN-Cache-Status
Lb
X-Bl-Debug
X-Datadome
Eomportal-Instance
X-Orig-Expires
X-Fastly-Country-Code
X-Shop-Environment
RNT-Machine
RNT-Time
X-Forwarded-Path
X-Tenant
Request-ID
X-TX-ID
X-Policy
GeoIP-Country-Code
X-APP-VERSION
X-B3-Trace-ID
CDN
X-RateLimit-Reset
X-Cache-Ttl
X-App-Name
X-Service-Response-Time
Sm-Log-Id
Ngx-Var-Key
Server-Id
X-Micro-Cache
Path
X-CACHE-KEY
X-SIPLIST1
X-Accel-Version
X-VCL-Version
IsBot
X-WA
LB
X-Vcache
X-Logging-Id
Hit
X-Edge-POP
X-Lb-Id
X-Cache-NGX
X-Request-URI
X-MCACHE
X-Ha-Backend
X-NC
HIT
X-Container-Uri
X-Git-Commit
X-Info
X-Datacenter
X-Cdn-Cache-Status
Pramga
X-Cdn-Diag
X-Github-Request-Id
X-SERVER-NAME
X-ServedByHost
Location
Cross-Origin-Opener-Policy-Report-Only
X-Akamai-Pragma-Client-IP
X-Geo
X-Pod-Name
X-VG-WebCache
Ohc-File-Size
X-Tncms
X-Srcache-Store-Status
X-Cdn-Forward
X-Srcache-Fetch-Status
X-Snapshot-Date
Timeexpire
FSS-Cache
X-ID
ENV
X-Via-PopH
True-Client-Country-4JS
Epwk-X-Cache
Geoip-Latitude
XM
X-Via-PopN
X-Acquia-Purge-Cdn-Unconfigured
V-Age
Yjs-Id
X-Via-PopV
X-Ctl-Mach
Req-ID
X-Iauth-Set-Uid
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Oss-Object-Type
X-TT-LOGID
X-Hyper-Cache
X-Lb-Nocache
X-Oss-Request-Id
X-Amz-Meta-Opti
X-LiteSpeed-Cache-Control
X-Fastly-Backend-Reqs
X-Oss-Hash-Crc64ecma
Proxy-Connection
X-Clientip
X-Cache-Expires
X-Serial
X-Cdn-Request-ID
Servername
X-Dw-Trace-Id
X-Oss-Storage-Class
X-Oss-Server-Time
Warning
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-M-Reqid
X-M-Log
X-Acquia-Purge-Tags
X-Acquia-Site
X-B3-Parentspanid
X-RAMCache
X-Acquia-Application-UUID
X-Akamai-ERPolicy
Content-Script-Type
X-Swift-Error
WZWS-RAY
Cneonction
X-UP
X-Acquia-Application-Trace
Ec-Rule-Version
X-Qnm-Cache
Content-Style-Type
X-Akamai-ERRuleID
X-MiniProfiler-Ids
X-F-Status
X-Lsadc-Cache
CountryCode
X-UA
W
X-Cached-Since
X-WP-CF-Super-Cache-Cookies-Bypass
PICS-Label
Ohc-Cache-HIT
X-Moov-T
Ngx
X-Th-Server
X-Scheme
X-LiteSpeed-Tag
X-Cache-Ngx
MIME-Version
X-Moov-Xdn-Version
My-App
X-Litespeed-Cache-Control
X-Mg-Cache
X-Webstats-RespID
X-IPS-Cached-Response
X-Fastly-Cache-Hits
X-B3-ParentSpanId