Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Request-ID
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Generator
X-Cache-Status
X-Check
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-UA-Device
X-Amz-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Amz-Id-2
EagleId
X-Backend
X-AH-Environment
X-Proxy-Cache
P3p
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Ua-Compatible
Cf-Apo-Via
X-Device
X-WebKit-CSP
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Ruxit-JS-Agent
EagleEye-TraceId
X-Server-Id
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
Accept-Ch-Lifetime
X-Content-Security-Policy-Report-Only
X-HW
X-Cache-Lookup
X-Cloud-Trace-Context
X-Cache-Spec
X-Litespeed-Cache
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Application-Context
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
Content-Location
X-Mcache
X-Content-Type
X-MS-InvokeApp
X-Url
X-Clacks-Overhead
X-PC
X-TtlSet
X-Vname
X-Midtier
X-Amz-Server-Side-Encryption
X-CST
Rating
Accept-CH-Lifetime
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Rack-Cache
X-Element-Page-Cache
Verso
Origin-Trial
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
X-ECACHE
Service-Worker-Allowed
X-Ac
X-Powered-By-Plesk
X-Amz-Rid
X-Cnection
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
X-Client-IP
Xkey
Edge-Control
SPRequestDuration
SPIisLatency
X-Abt-Application-Version
X-Cache-TTL
X-Upstream
Accept-Ch
X-Ttl
Arr-Disable-Session-Affinity
X-Cached
X-Dw-Request-Base-Id
X-Mg-S
X-Varnish-TTL
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Browser-Type
X-Instrumentation
X-Erf-Bev-Bev
X-B3-TraceId
X-NWS-LOG-UUID
X-Webkit-Csp
X-Px
Display
Pagespeed
X-Sol
X-Middleton-Display
X-NF-Request-ID
X-FastCGI-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-Correlation-Id
Edge-Cache-Tag
X-Forwarded-For
X-Cache-Key
X-Country-Code
X-Goog-Hash
X-Ser
X-Powered-CMS
X-Id
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
Content-MD5
AR-SID
Front-End-Https
Public-Key-Pins
X-RateLimit-Remaining
TCN
X-Amzn-Trace-Id
X-Version
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Recruiting
X-T
X-MSEdge-Ref
X-Content-Digest
Response
X-Middleton-Response
X-Accel-Expires
TP-Cache
X-Ratelimit-Limit
TP-L2-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
S
Cache-Status
Nginx-Cache
X-Fastcgi-Cache
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
Cross-Origin-Opener-Policy
Server-Node
X-Fastly-Request-ID
Cache-Tags
X-XRDS-Location
MRF-Tech
Mrf-Cache-Status
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Distributor
X-ORACLE-DMS-ECID
X-Hits
X-ORACLE-DMS-RID
X-PressLabs-Stats
X-LB-Cache
X-Kinsta-Cache
X-Edge-Location-Klb
X-Origin-Server
X-Ua-Browser
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Ezoic-Cdn
X-TEC-API-ORIGIN
X-Ratelimit-Reset
Filterid
Fastcgi-Cache
Alternate-Protocol
X-Ratelimit-Remaining
X-Frontend
X-LLID
X-Request-Handler-Origin-Region
X-Microsite
X-Grace
X-Rid
X-Hostname
X-Logged-In
X-DIS-Request-ID
Healthy
Realpath
X-Git-Hash
X-Varnish-Backend
X-FB-Debug
Server-Name
X-Www-Served-By
X-Geo-Country
Cleartype
X-NGENIX-Cache
X-Cluster-Name
X-Debug-Info
Payment
X-Page-Id
DC
X-Load-Cache
MS-Author-Via
X-TTL
X-Protected-By
X-Forwarded-Proto
X-Origin-Cache
Access-Control-Allow-Method
X-ASPNET-VERSION
Content-Disposition
X-ECache
X-B3-Traceid
Charset
X-Upgrade-Enabled
X-B3-Sampled
X-GUploader-UploadID
X-Goog-Metageneration
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Activity-Id
X-AppVersion
X-Az
X-Proxy
X-DataDome
X-Seen-By
X-Cache-Age
Count-Hit
X-Server-ID
X-Amz-Meta-S3cmd-Attrs
X-Whom
X-Fb-Rlafr
X-Amz-Replication-Status
X-F-Cache
Paypal-Debug-Id
X-Azure-Ref
X-Times
Cross-Origin-Resource-Policy
X-B
X-Revision
X-Contextid
Accept-Charset
X-Akamai-Edgescape
Surrogate-Key
X-Type
X-App-Environment
Viewport
X-Varnish-Server
X-Providence-Cookie
X-Flags
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-Aspnet-Duration-Ms
X-TT
Retry-After
X-Wix-Request-Id
X-Hosted-By
X-Aspnetmvc-Version
X-Language
X-Envoy-Decorator-Operation
X-DynaTrace
X-Cache-Control
X-B-Cache
X-Signature
X-Mobile
X-App-Server
X-Magnolia-Registration
X-Source
X-Varnish-Grace
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
Version
WPO-Cache-Status
WPO-Cache-Message
Host
X-VCache
Amp-Access-Control-Allow-Source-Origin
Refresh
X-Amzn-RequestId
X-N
X-Amz-Apigw-Id
Referer-Policy
X-Cache-Rule
X-HTML-Minification-Powered-By
X-RateLimit-Limit
X-Tumblr-Pixel
X-Response-Served-From
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Varnish-Age
X-Tumblr-User
X-Original-Request-Id
Access-Control-Request-Headers
X-XRDS-LOCATION
X-Cache-Time
X-Rule
X-RTag
X-UUID
Ms-Operation-Id
MS-CV
X-User-Agent
Protected
X-Jobs
X-Content-Powered-By
X-Cacheable-TTL
SD-X-WS
X-Framework
X-G
X-EdgeConnect-Cache-Status
X-Trace-Id
X-Environment-Context
X-RemovedCookies
X-L-Path
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Backend-Name
X-ProcessESI
X-Cache-Grace
NGB
X-FW-Dynamic
X-Device-Type
VIX-Pulpo-Upstream-Status
X-FW-Hash
VIX-Pulpo-Node
Section-Io-Cache
X-FW-Serve
X-Tt-Trace-Tag
From-Origin
Akamai-GRN
GEO-INFO
X-Region
X-Status
X-Tt-Trace-Host
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Version
Front
X-Http-Reason
X-Cache-Status-Check
X-Page-View
X-Rendered-As
X-Akamai-Request-ID2
X-Is-Bot
X-Varnish-Ttl
X-Cache-Expired-At
X-Drupal-Cache-Contexts
X-Adobe-Loc
X-Adobe-Content
X-Drupal-Cache-Tags
X-NYM-Debug-Backend
X-Instance
CDN-RequestId
X-Unique-Id
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Nginx-Cache
Url
X-Fastly-Request-Id
X-Servername
Liferay-Portal
Accept-Language
X-Content-Options
X-Template
X-Time
Fastly-SIE
Fastly-SWR
X-Debug-IsConnected
X-Air-Source
Backend
X-Zen-Fury
X-Air-Trace-Id
X-CDN-Forward
X-Air-Hostname
X-Debug-IsPreview
X-Cache-Hit
SRV
X-DynaTrace-JS-Agent
X-Yottaa-Optimizations
X-Newrelic-App-Data
X-Yottaa-Metrics
Country
X-Mode
X-Rocket-Nginx-Serving-Static
Content-Secure-Policy
X-Uri
X-Cache-Operation
Node
X-Edge-Location
X-ARC
X-UPSTREAM-Address
X-Amzn-Remapped-Content-Length
Webserver
X-App-Version
X-RN-RSRV
X-Generation-Time
S-Rt
X-IPS-LoggedIn
X-COUNTRY
X-Rewrite-Enabled
Meta-Geo
X-Tumblr-Pixel-2
Filters
X-Cache-Server
X-Tumblr-Pixel-3
Onion-Location
Selected-Fe
X-Content-Age
Azure-Version
Azure-SlotName
Cache-Hits
X-Proxy-Build
X-PHP-Backend
Azure-SiteName
Azure-RegionName
Countrycode
CF-IPCountry
X-Proxy-Cache-Info
Azure-InstanceId
X-Timing-Wait
X-Locale
Uber-Trace-Id
X-Ms-Version
X-Soup
X-Web-Node
X-Sucuri-Cache
X-Tb
X-Sucuri-ID
X-Cache-Action
X-Site-Version
X-Cms-Context
X-Server-W
Cache-Name
X-ProxyCache-Key
X-ProxyCache-Status
X-Reqid
WP-Super-Cache
X-BYPASS-REASON
X-Skip-Cache
X-Via-Fastly
X-Ua
X-Ms-Request-Id
X-Extlb
X-Format
X-Cluster-Node
Webcakes-App-Name
X-Zipkin-Id
X-IPLB-Request-ID
TWC-GeoIP-Country
X-UA-Device-Type
X-Origin-Hint
X-PHP-Host
TWC-Privacy
X-Origin-Date
X-Proto
X-Proxied
X-IPLB-Instance
Property-Id
Cache-Tv-Group
X-LJ-Flow-ID
X-Labrador-Cache-Channel
TWC-GeoIP-LatLong
TWC-Locale-Group
ServerID
X-Routing-Service
X-Cache-Host
TWC-Connection-Speed
TWC-Device-Class
X-Proxy-Cache-Status
X-SayCDN-TTL
Webcakes-Region
X-Section
Webcakes-App-Version
X-Access
X-Say-Cacheable
X-Say-TTL
X-AWS-Id
X-VWS-Id
X-LAGOON
X-JoinUs
Cross-Origin-Window-Policy
DB-Nickname
X-Optimistic-Header
X-No-Session
X-VC-Cache
Apigw-Requestid
X-Debug
X-Cluster
X-Sql-Duration-Ms
X-Sql-Count
X-R9-Blue-Green-Version
Web-Mar-Node
X-Forwarded-Host
X-SaId
X-Adobe-Source
X-Detected-As
X-FB-TRIP-ID
X-Handled-By
X-Cache-TTL-Remaining
Locale
Mn-Server-Ip
X-Urbn-Site-Id
X-Real-IP
X-Urbn-Context-Path
X-Varnish-Beresp-Grace
ServedBy
X-LSADC-Cache
X-Director
X-Node-Name
X-Xfnlog-Site
X-Ruxit-Js-Agent
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Fastcgi-Useragent
X-GeoCode
X-Tec-Api-Origin
X-Tec-Api-Root
Frame-Options
X-Tec-Api-Version
X-GeoCountry
Mime-Version
Upgrade-Insecure-Requests
X-Tt-Logid
X-Varnish-Hits
Source
X-Oneagent-Js-Injection
X-Api-Version
Load-Balancing
X-Hl-Ver
X-Generated-By
CDN-Cache
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
CDN-RequestCountryCode
CDN-Uid
X-GEO
X-Varnish-Cache-Hits
Fastly-Drupal-HTML
Xet-Cookie
X-Buckets
X-FireWall-Port
X-Request-Time
X-Varnish-Hostname
X-TIME
X-ServerID
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Mg-Request-UUID
X-RM-Cache-TTL
X-Datadog-Trace-Id
X-SRV
X-Origin-CC
X-Redis-Cache
X-Origin-TTL
CF-Cached-On
X-TA-CDN-Provider
X-URL
X-Cache-Debug
X-Loop
X-Served-From
X-Akamai-Transformed
X-Storage
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Pubstack
X-Restarts
X-Tx-Id
X-Endurance-Cache-Level
X-Provided-By
X-Pass-Why
X-Request-Host
X-Newrelic-Synthetics
X-Location
Xserver
X-A-Ccd
X-A-Dcw
X-A
X-A-Dam
X-Origin
X-Fetched-On
X-Nyt-Route
X-External-Request-Id
WWW-Authenticate
X-Origin-Time
X-A-Wwc
X-S
X-Rojux
X-S-Cookie
X-S-Maxage
X-BCube-Filmed-By
X-Bc-Bl
X-B-Cookie
X-Application
X-Generated-On
A
X-Aed
X-Gdpr
X-Rocket-Build-Number
X-Response-By
X-A-Dgt
Cache-Host
NM-Fastcgi-Cache
Odigeo-Trace-Id
X-Hash
Ngx.Var.Host
Meta-Geo-Continent
MD5-Digest
Memcached
Origin
T-Server
Surrogated-Key
Sslversion
Server-Host
Rendered-Blocks
Redirect-Candidate
Release
TDXMobile
X-INCAP-ABP
X-Mid
X-Men
DSUID
DCR-Processing-Time-Ms
DCR-Decision-By
Candidate-Md5Url
X-Mobile-URL
X-Level-Front-Cache
Edge-Cache
Thinkindot-CacheControl
Lang
Thinkindot-CacheControl-Type
Host-ID
Gannett-Cam-Experience-Id
Thinkindot-Control
BehaviorPad-Version
X-Processor
X-Cache-Date
X-SRCache-Key
X-SVT-ORM-RULES
X-Conf
X-CUA
Xc-Version
X-We-Are-Hiring
X-D
X-SVT-ORM-VERSION
X-CMSURLCustom
X-Cache-NE
X-Vdms-Path
X-TIM-N
X-Vdms-Version
X-Cache-Info
X-Test
X-Thanos
X-Thinkindot-L3
X-Destination
X-Core-Mission
X-Ec-Fail
X-Sigma
X-Sigma-Backend
X-Bip
X-Ec-GeoHdr
X-ScT
X-Epic-Correlation-Id
X-Developer
X-CSRF-Token
X-Service
Server-Info
X-HS-Content-Campaign-Id
Tube-Got-Results
Country-Code
Tube-Got-Eval
X-Varnishpool
X-Human
X-Esi-Check
Cmstype
Cmsid
X-Mvc-Supplant-Cachable
X-Node-Id
Click-Count-Action-Start
Click-Count-Error
X-Cdn-Origin
CloudFront-Viewer-Country
X-Fastly-Backend
Mail-Subject
Fastly-GeoIP-CountryCode
X-Dispatcher-Server
Fastly-Backend-Name
X-Ec-Custom-Error
C-Via
Gh-Request-Id
X-Gzip
Tube-Get-Contents
X-Date
X-Loc
Req-Svc-Chain
Magicmarker
X-Auto-Login
X-Httpd
X-Dispatcher-Number
X-CacheTTL
X-Fastly-Cache
X-Platform
X-Platform-Cluster
Tube-Return
X-Sn-Servicetimems
X-Akamai-Device-Characteristics
X-Cache-Id
X-Slack-Backend
X-Platform-Processor
X-Platform-Router
X-Region-Sid
X-Slack-Shared-Secret-Outcome
X-Req
X-Cache-Bucket
X-Accel-Expires-Debug
X-Pool
X-Gamma-Serve
X-Server-IP
X-Scale
X-Geo-Header
X-Origin-Response-Time
X-SD-PageType
We-Hiring
X-Org
Cache-Key
CacheControlHeader
X-BBC-Edge-Cache-Status
X-Var-Ttl
AKAMAI
Section-Origin-Responded
X-Vcl-Version
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-WP-CF-Super-Cache-Active
X-Via-CDN
HostName
Environment
Section-Io-Id
X-Azure-Ref-OriginShield
X-GeoIP-Country-Code
X-Device-Os
X-Frame-Option
X-Core-Value
Web-Mar-Region
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Fmm-Version
X-FC-Vary-Parameters
Vix-Hermes-Req-Id
X-Cache-FS-Status
X-GeoIP
State
X-DefHash
X-DefElseHash
X-Forwarded-Site
X-GeoIP-City
X-Ad-Defer-Variation
Canary
X-Cdn-Srv
X-Developers
X-V-Cache
X-Variation
X-Varnish-CookieHashed-On
X-TNCMS
X-FL-EDGE
X-Nginx-Cache-Key
Ssr
X-Instance-Name
X-FL-QIT-DEBUG
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
On-Server
Origin-CC
Origin-EX
Srvid
Locid
X-Worker
X-Vmg-Version
X-VServer
X-WA-Info
X-WADP-Cache
X-Planisys-CDN-TTL
X-SB
Datacenter
X-JWT-State
X-Is-Gdpr
X-Owner
X-Mly-Id
X-NodeID
Adler-Geo
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Expect-Staple
X-Has-Esi
Platform
X-GeoIP-Region-Code
Machine
Kp-EeAlive
X-Irp-Debug
Is-Eu
X-Origin-Expires
X-Air-Pt
X-Via-Edge
Edge-Copy-Time
X-Varnish-Beresp-Ttl
X-Via-SSL
Apple-News-Services-Request-Url
Cache-Provider
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
User-Cache-Control
PFcat
X-HN
Server-Hostname
Server-Ext
X-Qloud-Router
X-Wix-Viewer-Type
X-Release
L
X-From
X-Gen-Mode
Sever-Int
X-Block-Status
X-Old-Content-Length
X-VarnishDD-TTL
X-Hnp-Log
X-VG-TLSProxy
Wxu-Next-Region
Wxu-Next-Hostname
X-Op-Id-All
X-NCache
X-Minions-Version
Wxu-Next-Commit
X-DPWN-IS-SECURE
X-App
Producers
X-VC
X-Aicache-OS
X-Accel-Buffering
X-Cache-Tags
NGX
L5d-Success-Class
X-Csrf-Jwt
X-Cache-Remote
X-CGP
X-RCS-CacheZone
X-Ua-Device
X-Request-Start
X-Platform-Server
X-Eu-Site
X-Varnish-Beresp-Status
X-Mvc-Supplant-OutputCached
X-Nananana
Ha-Gx-Prefs
X-Microcachable
HA-Ipaddr
CDCHOST
X-Webkit-CSP-Report-Only
X-CACHE-AGE
X-Dc
X-B3-Spanid
X-Parent-Response-Time
X-Zone
X-Debug-Cache-Fetch
Fastly-SSL
X-VCT
X-Lambda-Id
X-Up
X-Debug-Cache-Store
X-Cache-Enabled
X-LB-NoCache
AMP-Access-Control-Allow-Source-Origin
Sid
X-Tb-Optimization-Total-Bytes-Saved
Pics-Label
X-Correlation-ID
X-Cs
X-Cache-Backend
X-Render-Time
X-Refresh
X-Via-Popv
X-Vtex-Remote-Cache
X-Via-Popn
Env
X-Upstream-Ht
CPC-Age
VNS-Cache
CPC-Cache
X-Cached-By
VNS-Age
X-Via-Poph
X-Generated-In
X-Upstream-Ct
NtCoent-Length
X-Trace-ID
X-DC
X-B3-SpanId
X-CCDN-Origin-Time
Decoy-Debug-Key
Memory
X-Hcs-Proxy-Type
Decoy-Debug-TTL
Decoy-Debug-Status
Time
Cluster
X-ND-Cache
GeoIP-Latitude
X-CCDN-CacheTTL
Cache
X-Cache-Type
X-AIR-PT
Fastly-Drupal-Html
X-TH-Server
X-HA-Backend
X-Webkit-CSP
X-Tid
X-NWS-UUID-VERIFY
X-Servedbyhost
SID
X-ATG-Version
X-Edge-Pop
X-LB-ID
X-HS-Status
Srv
X-NewRelic-App-Data
X-Via-JSL
X-Srv
X-Esi
X-Nc
X-Wa
X-Presslabs-Stats
X-DataCenter
Cdn
X-ZONE
Svr
X-Client-Ip
GeoIp-Country-Code
Server-ID
X-Cache-ASPX
X-Varnish-Authentication
X-Contensis-Viewer-Groups
Uri
X-MP-GENERATED-AT
X-Check-Cacheable
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-PAYTM-SRV-ID
Esi-Enabled
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
True-Client-IP
X-Vc
X-Amz-Meta-Cb-Modifiedtime
X-Proxy-CacheRZ
X-Datadome
YJS-ID
X-NGINX-Cache
XkeyRZ
XServer
Lb
Hostname
X-CDN-Cache-Status
N-Cache
X-Fpc
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Udemy-Cache-App-Namespace
X-Varnish-Beresp-TTL
X-Bl-Debug
Resin-Trace
X-Nf-Request-Id
X-Forwarded-Path
X-Orig-Expires
X-Tenant
X-Shop-Environment
RNT-Time
X-CACHE-KEY
M-TraceId
RNT-Machine
X-CSRF-TOKEN
X-TX-ID
X-CS
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-FPC
X-AK-Request-ID
OT-Force-Account-Verify
X-MSEdge-Features
Cdnsip
True-Client-Ip
X-MSEdge-Flight
Cdncip
X-EC-Lua
X-Policy
X-App-Name
X-Via-NSCOPI
X-B3-Trace-ID
X-Fastly-Country-Code
X-API-Version
X-Logging-Id
Server-Id
Eomportal-Instance
X-Service-Response-Time
Sm-Log-Id
CDN
X-Container-Uri
Hit
GeoIP-Country-Code
X-Cache-Ttl
Path
X-Git-Commit
X-WA
X-Lb-Id
X-Micro-Cache
X-Cdn-Diag
X-Vcache
Ngx-Var-Key
X-CLOUD-TRACE-CONTEXT
X-Accel-Version
X-APP-VERSION
X-Datacenter
X-MCACHE
X-VCL-Version
IsBot
X-NC
X-Ha-Backend
X-Cache-NGX
X-SIPLIST1
X-Request-URI
X-RateLimit-Reset
X-Edge-POP
HIT
LB
X-Geo
X-ServedByHost
X-Cdn-Forward
X-Akamai-Pragma-Client-IP
X-Tncms
X-Cdn-Cache-Status
X-Acquia-Purge-Cdn-Unconfigured
Pramga
V-Age
X-Info
X-VG-WebCache
X-SERVER-NAME
RATING
XM
X-Xrds-Location
FSS-Cache
X-Via-PopN
X-Rebelmouse-Surrogate-Control
X-Via-PopH
Timeexpire
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Via-PopV
X-Clientip
X-Rebelmouse-Cache-Control
Geoip-Latitude
CDN-RequestPullCode
ENV
Cross-Origin-Opener-Policy-Report-Only
Location
X-Snapshot-Date
CDN-RequestPullSuccess
Tcn
X-TT-LOGID
X-Lb-Nocache
Ohc-File-Size
Epwk-X-Cache
Req-ID
Yjs-Id
True-Client-Country-4JS
X-Ctl-Mach
X-Pod-Name
X-HostName
X-TimeS
X-Wp-Cf-Super-Cache-Cache-Control
X-Iauth-Set-Uid
X-Wp-Cf-Super-Cache
X-LiteSpeed-Cache-Control
X-Hyper-Cache
X-Amz-Meta-Opti
X-Serial
X-Dw-Trace-Id
W
Warning
X-M-Reqid
X-M-Log
X-LiteSpeed-Tag
X-ApacheServer
X-Cdn-Request-ID
X-User
X-Oss-Server-Time
X-Oss-Storage-Class
X-PERF
Ec-Rule-Version
Cdn-Requestid
WZWS-RAY
X-Litespeed-Cache-Control
Proxy-Connection
X-UP
X-Oss-Request-Id
X-Vgn-Hpd-Reason
X-Oss-Hash-Crc64ecma
X-Cache-Expires
Servername
Content-Script-Type
X-Fastly-Backend-Reqs
Content-Style-Type
X-Oss-Object-Type
X-Qnm-Cache
X-Viewer-Country
X-RAMCache
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Cneonction
X-Lsadc-Cache
CountryCode
X-MiniProfiler-Ids
Ngx
X-Webstats-RespID
X-Th-Server
X-IPS-Cached-Response
X-Fastly-Cache-Hits
X-Moov-Xdn-Version
X-Moov-T
Inserted-Into-Cache-At
X-Akamai-ERRuleID
X-Akamai-ERPolicy
My-App
Ohc-Cache-HIT
MIME-Version
X-B3-Parentspanid
X-Mg-Cache
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-ParentSpanId
PICS-Label
X-Swift-Error