Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
CF-RAY
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Dns-Prefetch-Control
Server-Timing
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-XSS-PROTECTION
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Request-ID
X-Via
X-Amz-Request-Id
X-Ua-Compatible
X-Amz-Id-2
Request-Context
X-Backend
X-Cache-Group
X-Turbo-Charged-By
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-AH-Environment
X-Vhost
X-UA-Device
X-Hacker
X-Proxy-Cache
X-Server
Allow
X-Rq
X-Server-Powered-By
X-Ws-Request-Id
X-Dispatcher
EagleId
X-Age
X-Varnish-Cache
X-Amz-Version-Id
P3p
Nel
X-LiteSpeed-Cache
Grace
Cf-Apo-Via
Cf-Railgun
X-OneAgent-JS-Injection
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
X-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Cache-Lookup
X-CST
X-Node
X-WebKit-CSP
X-Backend-Server
Accept-CH
Surrogate-Control
X-Server-Id
Permissions-Policy
X-Readtime
X-Nginx-Upstream-Cache-Status
X-Akam-SW-Version
X-Nginx-Cache-Status
Accept-CH-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Request-Id
Xkey
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-Response-Time
X-HW
X-Trace
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
X-Url
Rating
Accept-Ch
X-ESI
X-Midtier
X-Aspnetmvc-Version
X-Amz-Server-Side-Encryption
Cache-Tag
X-Mcache
X-Country
X-Powered-By-Plesk
X-Rack-Cache
X-MS-InvokeApp
X-Aspnet-Version
Service-Worker-Allowed
X-ECACHE
X-D2id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Vcap-Request-Id
Verso
X-Element-Page-Cache
X-Upstream
Edge-Control
Accept-Ch-Lifetime
X-Country-Code
Origin-Trial
X-Kinja-CCPA
X-Ac
RTSS
X-Vname
X-PC
X-TtlSet
X-Goog-Hash
X-Navigation-Version
X-VARITI-CCR
X-Abt-Application-Version
X-Browser-Type
X-Cache-TTL
X-Oneagent-Js-Injection
Fastly-Restarts
X-NWS-LOG-UUID
X-Amz-Rid
X-Litespeed-Cache
X-GitHub-Request-Id
X-Webkit-CSP
Cross-Origin-Opener-Policy
X-Cached
X-Server-Name
X-Varnish-TTL
X-Ttl
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-Times
X-WebKit-CSP-Report-Only
Display
X-Middleton-Display
Pagespeed
X-Sol
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
SPRequestGuid
X-SharePointHealthScore
X-Ruxit-Js-Agent
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
SPRequestDuration
SPIisLatency
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Cache-Key
X-FastCGI-Cache
X-Content-Type
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Powered-CMS
X-Client-IP
Arr-Disable-Session-Affinity
X-B3-Traceid
X-Version
X-Cnection
X-Mg-S
X-Middleton-Response
Response
X-Ser
X-Server-ID
Nginx-Cache
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Accel-Expires
Cache-Tags
X-T
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-B3-TraceId
X-Fastly-Request-ID
Cache-Status
X-NF-Request-ID
Edge-Cache-Tag
X-Hits
Public-Key-Pins
X-MSEdge-Ref
X-Px
X-Recruiting
X-RateLimit-Remaining
Front-End-Https
S
X-Daa-Tunnel
X-Shield-Request-Id
Payment
X-Frontend
X-LLID
Server-Node
X-Ua-Browser
X-Request-Processing-Time
X-Request-Received
Content-MD5
MRF-Tech
Mrf-Cache-Status
X-RateLimit-Limit
X-B3-TraceId-Primal
X-GUploader-UploadID
X-Goog-Metageneration
MicrosoftSharePointTeamServices
X-Content-Digest
X-Amz-Apigw-Id
Access-Control-Request-Method
X-Amzn-RequestId
X-DIS-Request-ID
X-Webkit-CSP-Report-Only
X-Forwarded-For
X-Protected-By
TP-Cache
Realpath
X-Distributor
X-Microsite
X-Request-Handler-Origin-Region
X-Ratelimit-Remaining
X-FB-Debug
Fastcgi-Cache
X-PressLabs-Stats
X-HS-Combine-CSS
X-HS-Cache-Config
Access-Control-Allow-Method
X-Page-Id
X-HS-Content-Id
X-HS-Hub-Id
Accept-Charset
X-Cluster-Name
X-Rid
X-LB-Cache
X-Id
Count-Hit
X-Xrds-Location
X-Ua-Device
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Edge-Location-Klb
X-B3-Sampled
X-Geo-Country
X-Kinsta-Cache
X-Goog-Generation
X-TTL
X-Hostname
Cross-Origin-Resource-Policy
TP-L2-Cache
X-App-Server
X-Seen-By
X-Ratelimit-Limit
X-Correlation-Id
X-Logged-In
TCN
X-Varnish-Backend
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Cleartype
X-Fastcgi-Cache
X-Ezoic-Cdn
X-Hosted-By
X-Git-Hash
X-Mobile
X-Content-Options
Referer-Policy
Retry-After
X-Erf-Stays-Pdp-Viaduct-Migration-Web
DC
X-Fb-Rlafr
X-Contextid
X-Newrelic-App-Data
X-Providence-Cookie
X-Request-Guid
X-Aspnet-Duration-Ms
X-Route-Name
X-Flags
X-Is-Crawler
X-F-Cache
X-Revision
X-Origin-Cache
Surrogate-Key
X-Forwarded-Proto
X-Grace
X-Amz-Replication-Status
X-App-Environment
X-TT
X-Debug-Info
Frame-Options
X-Varnish-Grace
X-Amz-Meta-S3cmd-Attrs
X-IPS-LoggedIn
X-RateLimit-Reset
X-Azure-Ref
X-Envoy-Decorator-Operation
MS-Author-Via
Section-Io-Cache
X-Magnolia-Registration
X-Www-Served-By
X-Proxy-Cache-Info
X-COUNTRY
X-Wix-Request-Id
X-Trace-Id
X-Webkit-Csp
X-Language
X-Whom
X-Az
Healthy
X-AppVersion
X-Activity-Id
X-ECache
Filterid
Charset
X-Akamai-Edgescape
WPO-Cache-Status
WPO-Cache-Message
X-App-Version
Viewport
X-Varnish-Server
X-Origin-Server
Server-Name
Alternate-Protocol
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Datadog-Trace-Id
X-Backend-Name
X-Datadog-Sampling-Priority
Amp-Access-Control-Allow-Source-Origin
X-Datadog-Parent-Id
Paypal-Debug-Id
X-EdgeConnect-Cache-Status
X-Cache-Rule
X-N
X-B
Host
X-Original-Request-Id
VIX-Pulpo-Node
X-Http-Reason
VIX-Pulpo-Upstream-Status
X-Response-Served-From
X-Nf-Request-Id
X-Yottaa-Optimizations
X-UUID
X-DataDome
X-Rule
X-User-Agent
X-Akamai-Request-ID2
X-Instance
X-Yottaa-Metrics
Front
X-Cacheable-TTL
X-Edge-Location
X-Cache-Grace
X-Mg-Request-UUID
X-Region
Protected
X-ARC
SD-X-WS
X-Jobs
X-Load-Cache
X-L-Path
X-B-Cache
X-Signature
X-Framework
X-Environment-Context
X-Page-View
X-Vcache
X-Unique-Id
Content-Disposition
Country
From-Origin
X-FW-Type
X-FW-Version
X-Rendered-As
X-FW-Static
Fastly-SWR
X-FW-Serve
Akamai-GRN
X-RemovedCookies
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-Is-Bot
X-Varnish-Age
X-Adobe-Loc
Fastly-SIE
X-Rocket-Nginx-Serving-Static
X-Datadog-Sampled
X-ProcessESI
X-Adobe-Content
X-Status
X-Type
X-Cache-Time
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Proxy
X-G
X-Tumblr-Pixel-0
X-Time
X-Debug-IsPreview
X-Debug-IsConnected
SRV
X-Amzn-Remapped-Content-Length
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Access-Control-Request-Headers
ServerID
X-Cache-Age
Backend
X-Tec-Api-Origin
X-Tec-Api-Version
X-Client-Ip
X-Tec-Api-Root
X-Erf-Web-Scheduler
X-CDN-Forward
Refresh
X-Servername
Xet-Cookie
X-Cache-Control
Url
X-DynaTrace
X-XRDS-LOCATION
X-Tt-Trace-Tag
X-Tt-Trace-Host
Countrycode
X-Httpd
X-Template
Accept-Language
X-Drupal-Cache-Tags
X-Nginx-Cache
X-Device-Type
X-DynaTrace-JS-Agent
X-Content-Powered-By
X-Mode
X-NYM-Debug-Backend
X-Generated-By
X-FTR-Request-ID
CF-IPCountry
Webserver
X-HTML-Minification-Powered-By
X-Cache-Hit
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Storage
GEO-INFO
X-SaId
X-ServerID
X-Say-Cacheable
X-Say-TTL
X-JoinUs
X-SayCDN-TTL
X-Rn-Rsrv
X-Rewrite-Enabled
Cross-Origin-Window-Policy
X-GeoCode
S-Rt
X-Content-Age
X-GeoCountry
X-Loop
X-LAGOON
Meta-Geo
X-Urbn-Site-Id
X-UPSTREAM-Address
Locale
Load-Balancing
Filters
X-Tncms
X-Urbn-Context-Path
X-Soup
X-Director
X-Cache-Operation
X-Git-Commit
OT-Force-Account-Verify
X-Cluster-Node
X-Cache-Action
X-Tt-Logid
X-Forwarded-Host
X-Container-Uri
X-Source
Version
Xserver
Onion-Location
X-Served-From
X-NGENIX-Cache
X-Varnish-Cache-Hits
X-MCACHE
Azure-RegionName
Azure-SlotName
Azure-Version
X-Adobe-Source
Web-Mar-Node
Azure-InstanceId
X-VC-Cache
X-Varnish-Hostname
X-Tb
X-VCT
X-Ms-Request-Id
X-RM-Cache-TTL
X-Ms-Version
X-Sql-Duration-Ms
X-Sql-Count
X-Lambda-Id
X-Labrador-Cache-Channel
X-PHP-Host
X-R9-Blue-Green-Version
X-Skip-Cache
Azure-SiteName
X-Detected-As
X-Proxied
DB-Nickname
X-FB-TRIP-ID
X-RCS-CacheZone
X-Redis-Cache
X-Zipkin-Id
X-Routing-Service
X-Cache-Server
X-Extlb
X-Logging-Id
Node
Mn-Server-Ip
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Format
X-Uri
Property-Id
X-Origin-Hint
X-Timing-Wait
Selected-Fe
X-Tumblr-Pixel-2
X-Generation-Time
X-Tumblr-Pixel-3
Webcakes-Region
X-Debug
X-Fetched-On
X-Proxy-Build
Fastcgi-Useragent
X-Endurance-Cache-Level
X-Proto
Uber-Trace-Id
Source
X-LSADC-Cache
X-Zen-Fury
CDN-RequestId
X-B3-SpanId
X-Ua
X-Sucuri-ID
X-Varnish-Ttl
X-Sucuri-Cache
X-S
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
X-TimeS
NGB
X-Origin-TTL
X-Origin-CC
X-Newrelic-Synthetics
Upgrade-Insecure-Requests
X-Akamai-Transformed
X-URL
X-MP-GENERATED-AT
X-Origin-Date
X-Real-IP
X-Drupal-Cache-Contexts
X-Handled-By
X-Pass-Why
X-Varnish-Hits
X-Cache-Expired-At
X-TraceId
X-Ratelimit-Reset
X-Cms-Context
X-RTag
X-AB
X-Srv
X-Xfnlog-Site
Apigw-Requestid
X-Reqid
Ms-Operation-Id
X-No-Session
X-Optimistic-Header
MS-CV
X-Restarts
ServedBy
X-XRDS-Location
Fastly-Drupal-HTML
X-GEO
X-Cache-Host
X-ProxyCache-Status
X-ProxyCache-Key
Liferay-Portal
X-BYPASS-REASON
X-Hl-Ver
X-Tx-Id
X-Geo-Region
WP-Super-Cache
X-LJ-Flow-ID
CDN-EdgeStorageId
X-IPLB-Instance
X-IPLB-Request-ID
CDN-CachedAt
CDN-Cache
X-Fastly-Request-Id
X-Cluster
X-Cache-Type
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
CDN-RequestCountryCode
X-AWS-Id
CDN-PullZone
X-VWS-Id
X-Cache-TTL-Remaining
X-Oracle-Dms-Ecid
X-CSRF-Token
X-Oracle-Dms-Rid
X-UA-Device-Type
X-Node-Name
X-B3-Spanid
Cache-Provider
X-Proxy-Cache-Status
X-CACHE-AGE
X-B-Cookie
X-Generated-On
X-BCube-Filmed-By
X-Level-Front-Cache
X-Bc-Bl
DCR-Processing-Time-Ms
DCR-Decision-By
X-Ec-Custom-Error
X-Debug-Cache-Fetch
X-Cache-NE
X-Debug-Cache-Store
Canary
X-Destination
Candidate-Md5Url
X-D
X-Csrf-Jwt
X-CGP
X-CF-Lambda-Version
X-Conf
BehaviorPad-Version
X-CacheTTL
X-Developer
X-Dispatcher-Number
X-Fastly-Backend
X-External-Request-Id
X-FC-Vary-Parameters
X-Micro-Cache
X-Bl-Debug
X-Eu-Site
X-Cache-Status-Check
X-Ec-Fail
X-Application
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Parent-Response-Time
X-Bip
X-A-Dgt
X-A
Redirect-Candidate
MD5-Digest
Meta-Geo-Continent
X-Via-JSL
X-Upgrade-Enabled
Rendered-Blocks
Magicmarker
X-A-Ccd
X-Vdms-Version
T-Server
X-Vdms-Path
N-Cache
Web-Mar-Region
X-SRCache-Key
X-Qloud-Router
Vix-Hermes-Req-Id
X-Pool
X-Pubstack
X-Slack-Shared-Secret-Outcome
W
Odigeo-Trace-Id
Ngx.Var.Host
Origin-Agent-Cluster
X-Thanos
X-Slack-Backend
X-A-Dam
X-Viewer-Country
Ha-Gx-Prefs
X-Request-Host
X-ScT
Xc-Version
X-Worker
X-Aed
Gannett-Cam-Experience-Id
X-App
X-Rojux
Surrogated-Key
X-S-Cookie
Fastly-SSL
X-Owner
HA-Ipaddr
L
Sslversion
L5d-Success-Class
Lang
X-A-Dcw
X-Vtex-Remote-Cache
X-We-Are-Hiring
X-PAYTM-SRV-ID
X-A-Wwc
Server-Host
True-Client-Country-4JS
X-CF-Lambda-Fn
Cache-Name
X-TIME
X-BBC-Edge-Cache-Status
X-Accel-Buffering
X-Cache-Bucket
X-Accel-Expires-Debug
X-Cdn-Diag
X-ApacheServer
X-Alternate-Cache-Key
X-Cdn-Origin
X-Cache-Debug
TDXMobile
We-Hiring
VNS-Cache
VNS-Age
X-App-Name
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Cache-Info
Thinkindot-Control
X-Mvc-Supplant-Cachable
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Variation
X-Up
X-Var-Ttl
X-Varnishpool
X-VG-TLSProxy
X-Platform
X-VServer
X-Vmg-Version
X-Policy
X-VG-WebCache
Origin
X-Thinkindot-L3
X-Tenant
X-ShardId
X-Shop-Environment
X-Server-IP
X-Refresh
X-Request-Time
X-SD-PageType
X-ShopId
X-Shopify-Stage
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-PERF
X-Wikidot-Backend
X-Forwarded-Path
X-Hash
X-Gdpr
X-Geo-Header
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Core-Mission
X-CMSURLCustom
X-Core-Value
X-Date
X-DefHash
X-DefElseHash
X-Human
X-Irp-Debug
Datacenter
X-Old-Content-Length
X-Orig-Expires
X-Origin-Time
X-Wikidot-Static-Cache
X-Wix-Viewer-Type
X-Nyt-Route
X-NodeID
X-Mid
X-Loc
X-Mly-Id
X-Nananana
X-Nitro-Cache
X-Clientip
Adler-Geo
Host-ID
X-Correlation-ID
Gh-Request-Id
X-Vgn-Hpd-Reason
Cmstype
Is-Eu
CPC-Age
Machine
Mail-Subject
Environment
Cmsid
Fastly-GeoIP-CountryCode
CloudFront-Viewer-Country
X-Server-W
AKAMAI
Fastly-Backend-Name
CPC-Cache
Req-Svc-Chain
Platform
Producers
Release
Expect-Staple
X-AIR-PT
X-Is-Supported-Browser
X-Accel-Version
X-Browser-Name
X-Is-Desktop
X-Is-Mobile
X-Tcp-Rtt
X-Is-Tablet
X-Origin-Response-Time
X-RateLimit-Remaining-Second
Apple-News-Services-Handled
Apple-News-Services-Host
X-Clara-WADP
X-S-Maxage
X-RateLimit-Limit-Second
X-Test
X-Ah-Environment
X-Nginx-Cache-Key
X-Device-Os
X-Gzip
X-Gen-Mode
X-Hnp-Log
X-GeoIP
Sever-Int
X-From
X-INCAP-ABP
X-Forwarded-Site
X-Mvc-Supplant-OutputCached
X-Org
X-Op-Id-All
X-Esi-Check
X-Node-Id
Apple-News-Services-Parsed-Url
X-Fmm-Version
X-NCache
X-Origin
Apple-News-Services-Request-Url
X-Datadome
Server-Ext
Server-Hostname
Country-Code
X-WADP-Cache
User-Cache-Control
NM-Fastcgi-Cache
X-Auto-Login
X-WA-Info
X-Block-Status
DSUID
CDCHOST
Cf-Device-Type
X-Cache-Id
Esi-Enabled
X-Buckets
X-Dc
X-Access
C-Via
NGX
X-Via-Fastly
Ssr
Server-Info
Wxu-Next-Region
Wxu-Next-Commit
X-Cdn-Srv
X-Cache-Enabled
X-Vcl-Version
Wxu-Next-Hostname
X-Section
X-Instance-Name
Content-Secure-Policy
AMP-Access-Control-Allow-Source-Origin
X-LB-NoCache
Pics-Label
X-Varnish-Beresp-Grace
X-Zone
X-CACHE-GROUP
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
X-Presslabs-Stats
X-Origin-Cache-Key
X-API-Version
IsBot
Server-ID
YJS-ID
X-SIPLIST1
X-Varnish-Beresp-Ttl
X-HA-Backend
CF-Ctrl
Sid
X-WP-CF-Super-Cache-Active
X-B3-Parentspanid
Hostname
X-Is-Gdpr
X-Cached-By
X-JWT-State
X-Platform-Cluster
Cdn-Requestid
X-Frame-Option
Memcached
X-Platform-Processor
X-Platform-Router
X-Has-Esi
Time
Memory
X-Internal-Host
X-Hyper-Cache
Location
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-Wp-Cf-Super-Cache-Active
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
Origin-EX
Origin-CC
X-Air-Hostname
X-Scale
X-Tb-Optimization-Total-Bytes-Saved
X-TIM-N
X-Air-Trace-Id
X-Air-Source
Cache-Hits
X-TA-CDN-Provider
X-LiteSpeed-Cache-Control
X-Backend-Instance
X-Webstats-RespID
X-Fpc
X-NGINX-Cache
X-Cs
X-ID
X-SRV
X-Service
X-ZONE
X-PHP-Backend
X-DC
Epwk-X-Cache
Resin-Trace
Uri
X-NewRelic-App-Data
X-DataCenter
X-VC
GeoIp-Country-Code
X-Site-Version
X-Azure-Ref-OriginShield
XServer
Req-ID
X-Locale
X-Microcachable
True-Client-Ip
Cdn-Request-Time
Cdn-Host
LB
WZWS-RAY
X-Edge-Server
X-Nitro-Cache-From
X-NMSegId
X-Nitro-Rev
GeoIP-Latitude
X-NODE
X-VCache
X-Cache-Ttl
X-Ad-Load-Variation
True-Client-IP
Cache-Host
X-Origin-Expires
GeoIP-Country-Code
X-Request-URI
X-CSRF-TOKEN
XM
Cdn
X-Request-Start
NtCoent-Length
Pramga
X-M-Reqid
X-M-Log
X-Scope-Id
X-Datacenter
M-TraceId
X-Info
Fastly-Drupal-Html
X-Geo
X-Pod-Name
X-FPC
X-Shield-Cache-Expires
PFcat
X-VarnishDD-TTL
X-HN
Content-Style-Type
Content-Script-Type
X-APP-VERSION
X-Vercel-Cache
X-Vercel-Id
WebServer
X-Pad
X-Github-Request-Id
X-Qnm-Cache
Cluster
X-Varnish-Beresp-Status
X-WP-CF-Super-Cache-Cookies-Bypass
SID
Cf-Ipcountry
X-Web-Node
User-Agent
X-Cache-Date
X-Ad-Defer-Variation
HostName
Cache-Tv-Group
X-HostName
Tcn
Edge-Copy-Time
X-Via-Edge
X-Via-CDN
Srvid
X-TH-Server
X-MSEdge-Features
Edge-Cache
X-Via-SSL
X-LiteSpeed-Tag
Locid
X-FL-EDGE
A
X-FL-QIT-DEBUG
X-MSEdge-Flight
X-CS
X-Api-Version
X-Cdn-Request-ID
CountryCode
Cdnsip
Cdncip
Tube-Return
X-Servedbyhost
X-AK-Request-ID
X-NWS-UUID-VERIFY
X-Nc
X-Aicache-OS
X-V-Cache
X-Acquia-Purge-Cdn-Unconfigured
X-B3-Trace-ID
Tube-Got-Eval
Tube-Got-Results
X-Webkit-Csp-Report-Only
X-Wa
X-Amz-Meta-Opti
Click-Count-Action-Start
X-Esi
X-Cache-FS-Status
Click-Count-Error
Tube-Get-Contents
Path
X-Cdn-Forward
Srv
V-Age
X-LB-ID
X-Via-Popn
X-Branch-Name
X-Moov-Xdn-Version
MIME-Version
On-Server
X-Vary
X-Men
X-Varnish-Authentication
X-Moov-T
X-Via-Popv
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Via-Poph
X-SB
X-Req
X-FireWall-Port
X-ATG-Version
X-VCL-Version
X-Wp-Cf-Super-Cache-Cookies-Bypass
Priority
XkeyRZ
Ngx-Var-Key
Yak-Timeinfo
X-Proxy-CacheRZ
Cache-Key
X-CACHE-KEY
Lb
CDN
X-UA
X-Ha-Backend
My-App
X-Tim-N
X-Render-Time
Wpo-Cache-Status
Server-Id
X-Akamai-Pragma-Client-IP
Wpo-Cache-Message
X-Acquia-Site
X-Acquia-Application-UUID
Geoip-Latitude
X-Fastly-Backend-Reqs
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
Proxy-Connection
X-Lb-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Provided-By
X-User
X-Lb-Nocache
X-Fastly-Country-Code
PICS-Label
X-Varnish-Director
X-Generated-In
X-Air-Pt
X-TRACE-ID
X-TT-LOGID
Fusion-Template-Id
Type
X-Planisys-CDN-Cache
X-HS-Content-Campaign-Id
State
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-Via-Ucdn
Fusion-Component-Id
CF-Cached-On
X-Planisys-CDN-Rules
X-Wp-Cf-Super-Cache-Cache-Control
X-EC-Lua
X-Wp-Cf-Super-Cache
X-Platform-Server
Ohc-Cache-HIT
Ohc-File-Size
X-CUA
X-Planisys-CDN-TTL
X-Dw-Trace-Id
X-Iplb-Request-Id
Yjs-Id
X-Varnish-Beresp-TTL
X-Iplb-Instance
X-Vgn-Hpd-Variations-Key
X-Lb-Id
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Vgn-Hpd-Ssi
X-GoCache-CacheStatus
X-Cdn-Cache-Status
Cross-Origin-Embedder-Policy-Report-Only
X-CDN-Cache-Status
Warning
Ngx
X-Udemy-Cache-App-Namespace
Log-Origin
Inserted-Into-Cache-At
X-RAMCache
X-CF-Cache-Header-Vary
X-CF-Cache-Header-Cache-Control
X-Miniprofiler-Ids
X-HS-Status
Cneonction
X-Cache-Remote
X-Litespeed-Cache-Control
X-Release
X-Fastly-Cache-Hits
X-Snapshot-Date
X-Fastly-Cache
Cache
X-ElasticPress-Query
X-Cached-Since
Vha6-Origin
X-Vgn-Hpd-Cached