Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
CF-RAY
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Dns-Prefetch-Control
Server-Timing
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-XSS-PROTECTION
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Request-ID
X-Ua-Compatible
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Request-Context
X-Backend
X-Cache-Group
X-Turbo-Charged-By
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-AH-Environment
X-Vhost
X-Hacker
X-UA-Device
X-Proxy-Cache
X-Server
Allow
X-Rq
X-Server-Powered-By
X-Ws-Request-Id
X-Dispatcher
X-Age
EagleId
X-Varnish-Cache
X-Amz-Version-Id
P3p
Nel
X-LiteSpeed-Cache
Grace
Cf-Apo-Via
Cf-Railgun
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
EagleEye-TraceId
X-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Cache-Lookup
X-CST
X-Node
X-WebKit-CSP
X-Backend-Server
Accept-CH
Surrogate-Control
X-Server-Id
Permissions-Policy
X-Readtime
X-Nginx-Upstream-Cache-Status
X-Akam-SW-Version
X-Nginx-Cache-Status
Accept-CH-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
Request-Id
Xkey
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-Response-Time
X-HW
X-Trace
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
X-Url
Rating
Accept-Ch
X-ESI
X-Midtier
X-Amz-Server-Side-Encryption
Cache-Tag
X-Aspnetmvc-Version
X-Mcache
X-MS-InvokeApp
X-Powered-By-Plesk
X-Country
X-Rack-Cache
X-D2id
X-ECACHE
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
Service-Worker-Allowed
X-Vcap-Request-Id
X-Element-Page-Cache
Verso
X-Upstream
Edge-Control
Accept-Ch-Lifetime
X-Country-Code
X-Kinja-CCPA
Origin-Trial
X-Ac
RTSS
X-PC
X-TtlSet
X-Vname
X-Goog-Hash
X-Aspnet-Version
X-Navigation-Version
X-VARITI-CCR
X-Abt-Application-Version
X-Browser-Type
X-Cache-TTL
X-Oneagent-Js-Injection
Fastly-Restarts
X-NWS-LOG-UUID
X-Amz-Rid
X-Litespeed-Cache
X-GitHub-Request-Id
X-Webkit-CSP
Cross-Origin-Opener-Policy
X-Varnish-TTL
X-Cached
X-Server-Name
X-Ttl
X-Times
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-Sol
X-Middleton-Display
Pagespeed
Display
X-WebKit-CSP-Report-Only
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-SharePointHealthScore
SPRequestGuid
X-Ruxit-Js-Agent
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
SPRequestDuration
SPIisLatency
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Cache-Key
X-FastCGI-Cache
X-Content-Type
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-Powered-CMS
X-Client-IP
Arr-Disable-Session-Affinity
X-B3-Traceid
X-Mg-S
X-Version
X-Ser
Response
X-Middleton-Response
X-Cnection
X-Server-ID
Nginx-Cache
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Accel-Expires
Cache-Tags
X-T
AR-CACHE
X-Fastly-Request-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Cache-Status
X-B3-TraceId
X-NF-Request-ID
X-Hits
Edge-Cache-Tag
Public-Key-Pins
X-MSEdge-Ref
X-Px
X-Recruiting
Front-End-Https
X-RateLimit-Remaining
X-Daa-Tunnel
S
X-Shield-Request-Id
Payment
X-LLID
X-Frontend
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Ua-Browser
X-RateLimit-Limit
Content-MD5
X-Goog-Metageneration
X-GUploader-UploadID
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
MicrosoftSharePointTeamServices
X-Content-Digest
X-Amz-Apigw-Id
X-Amzn-RequestId
Access-Control-Request-Method
X-DIS-Request-ID
X-Webkit-CSP-Report-Only
X-Protected-By
X-Forwarded-For
TP-Cache
Realpath
X-Microsite
X-Request-Handler-Origin-Region
X-Distributor
X-Ratelimit-Remaining
X-FB-Debug
Fastcgi-Cache
Access-Control-Allow-Method
X-PressLabs-Stats
X-Page-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Cluster-Name
X-HS-Combine-CSS
X-Rid
X-LB-Cache
Accept-Charset
X-Id
X-Xrds-Location
Count-Hit
X-Ua-Device
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Geo-Country
X-Goog-Stored-Content-Length
X-TTL
X-Edge-Location-Klb
X-Kinsta-Cache
Cross-Origin-Resource-Policy
X-Hostname
X-B3-Sampled
TP-L2-Cache
X-Seen-By
X-App-Server
X-Ratelimit-Limit
X-TEC-API-ORIGIN
X-Correlation-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Varnish-Backend
X-Logged-In
TCN
X-Ezoic-Cdn
X-Fastcgi-Cache
Cleartype
X-Hosted-By
X-Git-Hash
X-Mobile
X-Content-Options
X-Erf-Stays-Pdp-Viaduct-Migration-Web
DC
Referer-Policy
Retry-After
X-Fb-Rlafr
X-Contextid
X-F-Cache
X-Newrelic-App-Data
X-Request-Guid
X-Providence-Cookie
X-Flags
X-Route-Name
X-Grace
X-Revision
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Origin-Cache
X-TT
X-Amz-Replication-Status
Surrogate-Key
X-Forwarded-Proto
X-App-Environment
X-Debug-Info
Frame-Options
X-Varnish-Grace
X-Amz-Meta-S3cmd-Attrs
X-IPS-LoggedIn
X-RateLimit-Reset
X-Azure-Ref
X-Envoy-Decorator-Operation
MS-Author-Via
Section-Io-Cache
X-Magnolia-Registration
X-COUNTRY
X-Wix-Request-Id
X-Proxy-Cache-Info
X-Www-Served-By
X-Trace-Id
X-Webkit-Csp
X-Language
X-Whom
Filterid
Healthy
Charset
X-Az
X-AppVersion
X-Activity-Id
X-Akamai-Edgescape
WPO-Cache-Message
X-App-Version
WPO-Cache-Status
X-ECache
Server-Name
Viewport
X-Origin-Server
Alternate-Protocol
X-Backend-Name
X-Datadog-Sampling-Priority
X-Kong-Proxy-Latency
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Kong-Upstream-Latency
X-Varnish-Server
Paypal-Debug-Id
X-EdgeConnect-Cache-Status
Amp-Access-Control-Allow-Source-Origin
X-Response-Served-From
X-N
VIX-Pulpo-Node
X-Original-Request-Id
X-Cache-Rule
VIX-Pulpo-Upstream-Status
X-Nf-Request-Id
X-UUID
X-Cache-Grace
X-B
X-Cacheable-TTL
Front
Host
X-Rule
X-User-Agent
X-Yottaa-Optimizations
X-Http-Reason
X-Yottaa-Metrics
Country
X-Unique-Id
X-B-Cache
X-Mg-Request-UUID
X-Signature
X-Load-Cache
X-Instance
Protected
X-DataDome
SD-X-WS
X-ARC
X-Akamai-Request-ID2
X-Framework
From-Origin
X-Edge-Location
X-Jobs
X-Datadog-Sampled
Fastly-SIE
X-RemovedCookies
X-Rocket-Nginx-Serving-Static
X-ProcessESI
X-Page-View
X-Environment-Context
X-Adobe-Loc
Fastly-SWR
X-Region
X-Varnish-Age
X-Adobe-Content
X-L-Path
X-FW-Type
X-FW-Static
X-G
X-FW-Version
X-Time
X-FW-Dynamic
Akamai-GRN
X-Is-Bot
X-Rendered-As
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Tumblr-Pixel
X-Tumblr-User
X-Status
X-Cache-Time
Content-Disposition
X-Tumblr-Pixel-1
X-Vcache
X-Tumblr-Pixel-0
X-Debug-IsPreview
X-Type
X-Debug-IsConnected
SRV
X-Amzn-Remapped-Content-Length
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Proxy
Access-Control-Request-Headers
ServerID
X-Cache-Age
X-Tec-Api-Origin
X-Tec-Api-Version
Backend
X-Client-Ip
X-Tec-Api-Root
X-Erf-Web-Scheduler
X-CDN-Forward
Refresh
X-XRDS-LOCATION
X-Servername
X-DynaTrace
Countrycode
X-Cache-Control
Xet-Cookie
X-Httpd
Url
X-Template
X-Tt-Trace-Tag
X-Tt-Trace-Host
Accept-Language
X-Nginx-Cache
X-Drupal-Cache-Tags
X-DynaTrace-JS-Agent
X-Device-Type
X-Generated-By
X-FTR-Request-ID
X-Content-Powered-By
CF-IPCountry
X-NYM-Debug-Backend
Webserver
X-Mode
X-HTML-Minification-Powered-By
X-Cache-Hit
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Storage
X-CCDN-CacheTTL
X-Say-Cacheable
X-SaId
X-Rn-Rsrv
X-Rewrite-Enabled
X-Say-TTL
X-Cache-Operation
X-Tncms
X-Content-Age
X-ServerID
X-SayCDN-TTL
Cross-Origin-Window-Policy
GEO-INFO
Filters
Load-Balancing
Meta-Geo
S-Rt
X-Director
X-GeoCode
X-Loop
X-LAGOON
X-JoinUs
X-GeoCountry
X-UPSTREAM-Address
X-Soup
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Git-Commit
X-Source
X-Cluster-Node
X-Container-Uri
X-Served-From
X-MCACHE
Version
X-Varnish-Cache-Hits
Locale
OT-Force-Account-Verify
Onion-Location
X-Cache-Action
Xserver
X-Tt-Logid
X-Ms-Request-Id
X-PHP-Host
X-Labrador-Cache-Channel
X-Adobe-Source
X-Ms-Version
X-Forwarded-Host
Azure-InstanceId
Azure-RegionName
X-Skip-Cache
Azure-SlotName
X-RM-Cache-TTL
Azure-Version
Azure-SiteName
X-R9-Blue-Green-Version
X-VC-Cache
X-Varnish-Hostname
X-VCT
X-Tb
X-Sql-Duration-Ms
X-Cache-Server
X-Logging-Id
X-Lambda-Id
X-Sql-Count
X-FB-TRIP-ID
DB-Nickname
X-Redis-Cache
X-Detected-As
Node
Web-Mar-Node
X-Timing-Wait
X-Generation-Time
X-RCS-CacheZone
Fastcgi-Useragent
Selected-Fe
X-Proxy-Build
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Fetched-On
TWC-Device-Class
Property-Id
Webcakes-Region
X-Endurance-Cache-Level
TWC-Connection-Speed
X-Debug
Webcakes-App-Name
Webcakes-App-Version
X-Proto
TWC-Locale-Group
TWC-GeoIP-LatLong
X-NGENIX-Cache
X-Format
TWC-Privacy
X-Origin-Hint
TWC-GeoIP-Country
X-Uri
X-Zipkin-Id
X-Routing-Service
X-Extlb
X-Proxied
Mn-Server-Ip
Source
Uber-Trace-Id
CDN-RequestId
X-B3-SpanId
X-Zen-Fury
X-Ua
X-LSADC-Cache
X-Sucuri-Cache
X-S
X-Sucuri-ID
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Varnish-Ttl
X-TimeS
X-Origin-TTL
X-Origin-CC
NGB
X-Newrelic-Synthetics
Upgrade-Insecure-Requests
X-Akamai-Transformed
X-URL
X-Real-IP
X-Origin-Date
X-MP-GENERATED-AT
X-Drupal-Cache-Contexts
X-Handled-By
X-Pass-Why
X-Varnish-Hits
X-Cache-Expired-At
X-Ratelimit-Reset
X-TraceId
X-Srv
X-Xfnlog-Site
X-AB
X-Cms-Context
X-RTag
MS-CV
X-Optimistic-Header
Apigw-Requestid
Ms-Operation-Id
X-Reqid
X-No-Session
Liferay-Portal
ServedBy
Fastly-Drupal-HTML
X-Restarts
X-GEO
X-Cache-Host
X-XRDS-Location
X-Hl-Ver
X-ProxyCache-Status
X-Geo-Region
X-ProxyCache-Key
X-BYPASS-REASON
WP-Super-Cache
CDN-Cache
X-Fastly-Request-Id
CDN-CachedAt
X-Tx-Id
CDN-EdgeStorageId
X-Cache-Type
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
CDN-PullZone
CDN-RequestCountryCode
X-IPLB-Instance
X-IPLB-Request-ID
X-Oracle-Dms-Rid
X-CSRF-Token
X-Oracle-Dms-Ecid
X-Node-Name
X-CACHE-AGE
Candidate-Md5Url
X-BCube-Filmed-By
Canary
X-Slack-Shared-Secret-Outcome
BehaviorPad-Version
X-B-Cookie
X-Bc-Bl
Cache-Provider
DCR-Decision-By
DCR-Processing-Time-Ms
Lang
Magicmarker
X-Pool
X-PAYTM-SRV-ID
Gannett-Cam-Experience-Id
X-Bl-Debug
X-AWS-Id
X-Pubstack
X-Bip
X-VWS-Id
X-Slack-Backend
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Cluster
X-A-Dam
X-A
Web-Mar-Region
X-A-Ccd
X-LJ-Flow-ID
X-Aed
X-Request-Host
X-Qloud-Router
X-Application
X-App
X-ScT
X-Rojux
X-S-Cookie
X-D
MD5-Digest
Vix-Hermes-Req-Id
Sslversion
X-External-Request-Id
X-Fastly-Backend
Surrogated-Key
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Ec-Custom-Error
Server-Host
X-Ec-Fail
X-FC-Vary-Parameters
X-Viewer-Country
X-Conf
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Level-Front-Cache
X-We-Are-Hiring
X-Generated-On
Xc-Version
X-Worker
X-Dispatcher-Number
X-Developer
True-Client-Country-4JS
X-Vdms-Version
Meta-Geo-Continent
N-Cache
X-Cache-NE
X-Vdms-Path
X-SRCache-Key
X-Owner
X-Thanos
Ngx.Var.Host
X-Debug-Cache-Fetch
Redirect-Candidate
X-Destination
Rendered-Blocks
X-CacheTTL
X-Debug-Cache-Store
T-Server
Odigeo-Trace-Id
Origin-Agent-Cluster
X-Vtex-Remote-Cache
X-Cache-TTL-Remaining
X-UA-Device-Type
X-Micro-Cache
X-Via-JSL
X-Parent-Response-Time
X-Cache-Status-Check
X-Upgrade-Enabled
X-TIME
X-B3-Spanid
Cache-Name
X-Clientip
X-Cache-Info
X-CGP
X-Varnishpool
X-Cdn-Diag
X-CMSURLCustom
X-Cdn-Origin
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Core-Mission
X-DefElseHash
X-DefHash
X-Dispatcher-Server
X-Date
X-Varnish-CookieHashed-On
X-Cache-Debug
X-Core-Value
X-Csrf-Jwt
X-Varnish-CookieINHashed-On
X-BBC-Edge-Cache-Status
VNS-Age
VNS-Cache
W
We-Hiring
Thinkindot-Control
Thinkindot-CacheControl-Type
Datacenter
TDXMobile
Thinkindot-CacheControl
X-Wix-Viewer-Type
X-Wikidot-Static-Cache
X-VServer
X-DPWN-IS-SECURE
X-Vmg-Version
X-VG-WebCache
X-App-Name
X-Alternate-Cache-Key
X-Wikidot-Backend
X-Accel-Buffering
X-Accel-Expires-Debug
X-Cache-Bucket
X-Up
X-NodeID
X-Nyt-Route
X-Old-Content-Length
X-Orig-Expires
X-ShopId
X-Shopify-Stage
X-Mvc-Supplant-Cachable
X-Nananana
X-Nitro-Cache
X-Shop-Environment
X-Origin-Time
X-Platform
X-Policy
X-Refresh
X-Request-Time
X-Correlation-ID
X-SD-PageType
X-ShardId
X-Server-IP
X-PERF
X-Sn-Servicetimems
X-Mly-Id
X-Forwarded-Path
X-Gdpr
X-Geo-Header
X-GeoIP-Country-Code
X-Tenant
X-Thinkindot-L3
X-Variation
X-Var-Ttl
Req-Svc-Chain
X-GeoIP-Region-Code
X-SVT-ORM-VERSION
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Mid
X-Loc
X-Storefront-Renderer-Rendered
X-Human
X-SVT-ORM-RULES
X-Irp-Debug
X-Eu-Site
X-ApacheServer
HA-Ipaddr
Host-ID
Is-Eu
Ha-Gx-Prefs
Gh-Request-Id
Fastly-GeoIP-CountryCode
Fastly-SSL
Adler-Geo
AKAMAI
Machine
Mail-Subject
Origin
X-Hash
L
L5d-Success-Class
X-Proxy-Cache-Status
Fastly-Backend-Name
Expect-Staple
Cmstype
Cmsid
CloudFront-Viewer-Country
Release
CPC-Age
CPC-Cache
Producers
Platform
X-Vgn-Hpd-Reason
Environment
X-Tcp-Rtt
X-Is-Mobile
X-Browser-Name
X-Is-Supported-Browser
X-Is-Desktop
X-Is-Tablet
X-Accel-Version
X-AIR-PT
X-Org
Cf-Device-Type
X-Clara-WADP
X-S-Maxage
CDCHOST
X-Node-Id
Esi-Enabled
X-Fmm-Version
X-Ah-Environment
X-RateLimit-Remaining-Second
X-Server-W
X-Datadome
X-RateLimit-Limit-Second
X-Test
X-Device-Os
X-Esi-Check
DSUID
X-Mvc-Supplant-OutputCached
X-INCAP-ABP
X-Cache-Id
X-Forwarded-Site
X-WA-Info
X-From
X-Origin-Response-Time
X-WADP-Cache
X-Gzip
NM-Fastcgi-Cache
X-Origin
X-GeoIP
X-Buckets
X-Dc
Server-Info
Server-Ext
Country-Code
X-Gen-Mode
X-Block-Status
Apple-News-Services-Parsed-Url
X-NCache
X-Hnp-Log
Apple-News-Services-Host
Ssr
X-Op-Id-All
NGX
X-Nginx-Cache-Key
X-Auto-Login
X-Cache-Enabled
Apple-News-Services-Handled
User-Cache-Control
Sever-Int
Server-Hostname
Apple-News-Services-Request-Url
AMP-Access-Control-Allow-Source-Origin
X-Vcl-Version
Content-Secure-Policy
C-Via
X-LB-NoCache
X-Presslabs-Stats
Wxu-Next-Commit
Wxu-Next-Region
X-Cdn-Srv
X-CACHE-GROUP
X-Instance-Name
X-Via-Fastly
X-Access
X-Akamai-Device-Characteristics
X-Section
X-Varnish-Beresp-Grace
Wxu-Next-Hostname
Pics-Label
X-API-Version
X-Zone
X-Amz-Meta-Cb-Modifiedtime
Server-ID
X-Origin-Cache-Key
YJS-ID
X-Varnish-Beresp-Ttl
X-SIPLIST1
X-HA-Backend
X-WP-CF-Super-Cache-Active
IsBot
Sid
X-B3-Parentspanid
X-JWT-State
X-Is-Gdpr
X-Cached-By
X-Platform-Router
Memcached
Hostname
X-Frame-Option
X-Platform-Processor
X-Platform-Cluster
X-Has-Esi
Cdn-Requestid
CF-Ctrl
X-Hyper-Cache
Memory
Time
X-FTR-Balancer
X-FTR-Backend-Server
X-Wp-Cf-Super-Cache-Active
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
X-FTR-Backend
X-Scale
Origin-CC
Origin-EX
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Internal-Host
Location
Cache-Hits
X-TIM-N
X-Tb-Optimization-Total-Bytes-Saved
X-TA-CDN-Provider
X-Fpc
X-LiteSpeed-Cache-Control
X-Backend-Instance
X-Webstats-RespID
X-NGINX-Cache
X-ID
X-Cs
X-Service
X-SRV
X-ZONE
X-PHP-Backend
Epwk-X-Cache
Uri
X-DC
X-NewRelic-App-Data
Resin-Trace
X-VC
GeoIp-Country-Code
X-Site-Version
X-DataCenter
X-Azure-Ref-OriginShield
XServer
Req-ID
X-Edge-Server
True-Client-Ip
Cdn-Host
X-NODE
X-NMSegId
Cdn-Request-Time
WZWS-RAY
X-Nitro-Cache-From
LB
X-Microcachable
X-Nitro-Rev
GeoIP-Latitude
X-Locale
X-VCache
X-Ad-Load-Variation
X-Origin-Expires
True-Client-IP
X-Cache-Ttl
Cache-Host
GeoIP-Country-Code
X-Request-URI
X-CSRF-TOKEN
NtCoent-Length
X-M-Reqid
X-M-Log
XM
X-Info
X-Datacenter
X-Request-Start
X-Scope-Id
Cdn
Pramga
M-TraceId
Fastly-Drupal-Html
X-Geo
PFcat
X-Qnm-Cache
X-Shield-Cache-Expires
X-Varnish-Beresp-Status
X-Vercel-Id
X-Vercel-Cache
Content-Style-Type
X-FPC
Cluster
Content-Script-Type
X-Pad
X-Github-Request-Id
X-Pod-Name
WebServer
X-VarnishDD-TTL
X-HN
SID
X-WP-CF-Super-Cache-Cookies-Bypass
X-APP-VERSION
Cf-Ipcountry
X-Cache-Date
HostName
X-Ad-Defer-Variation
X-Web-Node
User-Agent
X-HostName
Cache-Tv-Group
Tcn
X-MSEdge-Features
Locid
X-FL-QIT-DEBUG
Srvid
X-MSEdge-Flight
X-LiteSpeed-Tag
Edge-Cache
Edge-Copy-Time
X-FL-EDGE
X-TH-Server
A
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-Api-Version
CountryCode
X-CS
X-Cdn-Request-ID
X-Esi
X-Cache-FS-Status
X-Amz-Meta-Opti
X-V-Cache
X-AK-Request-ID
X-Aicache-OS
X-Webkit-Csp-Report-Only
Cdnsip
X-NWS-UUID-VERIFY
Cdncip
X-Servedbyhost
X-FireWall-Port
X-ATG-Version
X-Via-Poph
X-Cache-ASPX
X-Vary
X-Men
X-Via-Popv
On-Server
X-Via-Popn
X-Moov-Xdn-Version
X-Moov-T
Click-Count-Error
Click-Count-Action-Start
X-Varnish-Authentication
X-Branch-Name
V-Age
Tube-Return
X-Contensis-Viewer-Groups
X-B3-Trace-ID
X-Nc
Path
X-LB-ID
Tube-Got-Results
X-Acquia-Purge-Cdn-Unconfigured
Tube-Get-Contents
Tube-Got-Eval
X-Wa
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Cdn-Forward
X-VCL-Version
Srv
Priority
XkeyRZ
Cache-Key
MIME-Version
Yak-Timeinfo
Ngx-Var-Key
X-Req
X-SB
X-Proxy-CacheRZ
X-UA
X-CACHE-KEY
Lb
CDN
X-Render-Time
X-Tim-N
X-Acquia-Application-Trace
X-Acquia-Site
Server-Id
X-Acquia-Purge-Tags
My-App
Proxy-Connection
Geoip-Latitude
X-Akamai-Pragma-Client-IP
X-Acquia-Application-UUID
Wpo-Cache-Message
Wpo-Cache-Status
X-Rebelmouse-Surrogate-Control
X-Lb-Cache
X-Rebelmouse-Cache-Control
X-Air-Pt
X-Ha-Backend
X-Fastly-Backend-Reqs
X-Provided-By
X-User
X-Varnish-Director
X-Lb-Nocache
X-Generated-In
X-TRACE-ID
X-TT-LOGID
Type
Fusion-Content-Id
Fusion-Source
X-Wp-Cf-Super-Cache
State
Fusion-Component-Id
Fusion-Template-Id
Fusion-Deployment-Id
X-Wp-Cf-Super-Cache-Cache-Control
Fusion-Content-Source
X-Fastly-Country-Code
X-Via-Ucdn
X-Planisys-CDN-Cache
X-CUA
X-Dw-Trace-Id
CF-Cached-On
X-HS-Content-Campaign-Id
PICS-Label
X-EC-Lua
X-Planisys-CDN-Rules
X-Platform-Server
Ohc-File-Size
X-Planisys-CDN-TTL
Ohc-Cache-HIT
Yjs-Id
X-Iplb-Instance
X-Iplb-Request-Id
X-Varnish-Beresp-TTL
X-Cdn-Cache-Status
Warning
X-GoCache-CacheStatus
Cross-Origin-Embedder-Policy-Report-Only
X-CDN-Cache-Status
X-Cache-Remote
Inserted-Into-Cache-At
X-Release
Cache
Vha6-Origin
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Snapshot-Date
X-Fastly-Cache-Hits
X-Fastly-Cache
X-Vgn-Hpd-Cached
X-Cached-Since
X-ElasticPress-Query
X-Miniprofiler-Ids
Cneonction
X-CF-Cache-Header-Cache-Control
X-CF-Cache-Header-Vary
X-RAMCache
X-HS-Status
X-Litespeed-Cache-Control
Ngx
Log-Origin
X-Udemy-Cache-App-Namespace