Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
CF-Ray
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-DNS-Prefetch-Control
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Request-ID
X-Dns-Prefetch-Control
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
Server-Timing
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Backend
X-Robots-Tag
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Hacker
X-Proxy-Cache
X-UA-Device
X-Server
X-Rq
X-Vhost
X-Server-Powered-By
Allow
X-Age
X-Varnish-Cache
X-Ws-Request-Id
X-Dispatcher
X-Amz-Version-Id
EagleId
P3p
Nel
Grace
Cf-Apo-Via
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Host
X-Node
X-WebKit-CSP
Accept-CH
X-CST
X-Backend-Server
X-Server-Id
Surrogate-Control
X-Cache-Lookup
X-Nginx-Cache-Status
X-Readtime
Permissions-Policy
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Request-Id
X-Nginx-Upstream-Cache-Status
X-Application-Context
X-Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Ua-Compatible
X-Trace
X-Response-Time
X-HW
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Xkey
X-Ruxit-JS-Agent
X-Midtier
Rating
Accept-Ch-Lifetime
X-ESI
X-Litespeed-Cache
X-Url
X-Amz-Server-Side-Encryption
Accept-Ch
X-Mcache
X-ECACHE
X-Upstream
X-Country
X-Oneagent-Js-Injection
X-Vcap-Request-Id
Cache-Tag
X-D2id
X-MS-InvokeApp
X-Ruxit-Js-Agent
Verso
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Element-Page-Cache
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Rack-Cache
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Powered-By-Plesk
RTSS
Fastly-Restarts
X-Ac
X-WebKit-CSP-Report-Only
X-VARITI-CCR
Origin-Trial
X-Cache-TTL
X-Navigation-Version
X-Abt-Application-Version
X-Country-Code
Service-Worker-Allowed
X-Goog-Hash
X-Cached
X-Ttl
X-Middleton-Display
Display
Pagespeed
X-Sol
X-Amz-Rid
X-GitHub-Request-Id
X-Browser-Type
Cross-Origin-Opener-Policy
X-Dw-Request-Base-Id
X-Content-Type
X-SharePointHealthScore
SPRequestGuid
X-Varnish-TTL
X-Server-Name
X-Mg-S
X-Amzn-Trace-Id
X-Powered-CMS
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
Response
X-Erf-Bev-Bev
X-Middleton-Response
Arr-Disable-Session-Affinity
X-Instrumentation
X-Server-Lifecycle-Phase
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
SPRequestDuration
SPIisLatency
X-Cache-Key
X-Kinja-CCPA
X-NF-Request-ID
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Webkit-CSP
X-B3-TraceId
X-B3-Traceid
X-Times
X-Version
AR-CACHE
X-NWS-LOG-UUID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Accel-Expires
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Cache-Tags
X-T
X-Fastly-Request-ID
X-Cnection
Cache-Status
Front-End-Https
Nginx-Cache
Edge-Cache-Tag
X-MSEdge-Ref
X-Client-IP
X-Aspnetmvc-Version
X-Hits
X-FastCGI-Cache
X-Ser
X-Px
Public-Key-Pins
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Recruiting
Payment
X-LLID
X-RateLimit-Remaining
X-Request-Processing-Time
X-Frontend
X-Request-Received
Server-Node
X-Ua-Browser
X-Fastcgi-Cache
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Shield-Request-Id
X-DIS-Request-ID
S
X-Server-ID
TP-Cache
X-RateLimit-Limit
X-GUploader-UploadID
X-Goog-Metageneration
Access-Control-Request-Method
MicrosoftSharePointTeamServices
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Content-Digest
X-Amz-Apigw-Id
X-Amzn-RequestId
X-LB-Cache
Content-MD5
X-Request-Handler-Origin-Region
X-Distributor
X-Protected-By
X-Microsite
TP-L2-Cache
X-FB-Debug
Access-Control-Allow-Method
X-Page-Id
X-Ratelimit-Remaining
Accept-Charset
Fastcgi-Cache
X-Ezoic-Cdn
Realpath
X-PressLabs-Stats
X-Forwarded-For
X-Cluster-Name
X-Rid
X-Geo-Country
X-Hostname
X-Correlation-Id
X-B3-Sampled
X-Seen-By
X-Webkit-Csp
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Aspnet-Version
X-Ratelimit-Limit
X-Ua-Device
Cleartype
Referer-Policy
X-Envoy-Decorator-Operation
X-Mobile
X-Newrelic-App-Data
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Cross-Origin-Resource-Policy
TCN
DC
X-Daa-Tunnel
X-Content-Options
X-Debug-Info
Count-Hit
X-Varnish-Backend
X-Logged-In
X-Origin-Cache
X-Varnish-Grace
X-Contextid
X-Grace
X-Request-Guid
X-Fb-Rlafr
X-Git-Hash
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-App-Server
X-Route-Name
Surrogate-Key
X-Revision
X-Amz-Replication-Status
X-App-Environment
X-IPS-LoggedIn
X-Azure-Ref
X-Hosted-By
X-TTL
X-TT
X-Origin-Server
Frame-Options
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
X-Webkit-CSP-Report-Only
X-Forwarded-Proto
X-Client-Ip
X-Edge-Location-Klb
X-Kinsta-Cache
Alternate-Protocol
X-Wix-Request-Id
WPO-Cache-Message
Retry-After
WPO-Cache-Status
X-Whom
Healthy
X-F-Cache
X-RateLimit-Reset
Charset
X-Akamai-Edgescape
X-Magnolia-Registration
Viewport
MS-Author-Via
Section-Io-Cache
X-Backend-Name
Paypal-Debug-Id
X-B
X-Proxy-Cache-Info
SRV
X-COUNTRY
X-Az
X-AppVersion
Amp-Access-Control-Allow-Source-Origin
X-Activity-Id
X-ECache
X-Id
X-Language
ServerID
X-Rule
X-Response-Served-From
X-Instance
Host
X-Cache-Rule
Akamai-GRN
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Http-Reason
X-ARC
X-Original-Request-Id
X-N
X-App-Version
Filterid
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
X-Rocket-Nginx-Serving-Static
X-Cache-Grace
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Edge-Location
Protected
X-User-Agent
X-Status
X-Www-Served-By
Front
X-UUID
X-Varnish-Age
X-FW-Server
X-FW-Serve
X-FW-Type
X-Is-Bot
Fastly-SIE
X-FW-Static
X-Environment-Context
X-Varnish-Server
From-Origin
Fastly-SWR
X-Cacheable-TTL
X-Jobs
X-Load-Cache
X-FW-Dynamic
X-Framework
X-FW-Hash
X-FW-Version
X-Rendered-As
Server-Name
X-Unique-Id
X-Region
X-L-Path
X-Page-View
Country
X-Cache-Control
X-Trace-Id
X-Adobe-Content
X-Cache-Age
X-Adobe-Loc
Access-Control-Request-Headers
X-Type
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Cache-Time
X-Tumblr-Pixel-0
X-RemovedCookies
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-G
X-ProcessESI
X-Datadog-Trace-Id
X-DataDome
X-Proxy
Refresh
X-Vcache
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Time
X-CDN-Forward
X-Datadog-Sampled
X-Mg-Request-UUID
X-Amzn-Remapped-Content-Length
X-Debug-IsConnected
X-Source
X-Debug-IsPreview
Content-Disposition
X-Drupal-Cache-Tags
Version
X-Signature
X-B-Cache
X-Varnish-Ttl
X-Oracle-Dms-Ecid
Accept-Language
X-WP-CF-Super-Cache-Cache-Control
Xet-Cookie
X-Oracle-Dms-Rid
Backend
Countrycode
X-WP-CF-Super-Cache
X-Generated-By
X-HTML-Minification-Powered-By
X-Erf-Web-Scheduler
X-DynaTrace
Webserver
CF-IPCountry
X-DynaTrace-JS-Agent
X-XRDS-LOCATION
X-ID
X-Nginx-Cache
X-Xrds-Location
X-Servername
X-Httpd
X-Tt-Trace-Tag
X-Tt-Trace-Host
Url
X-Mode
X-Upgrade-Enabled
X-Template
GEO-INFO
X-NYM-Debug-Backend
X-Device-Type
X-Storage
X-Content-Age
Azure-InstanceId
X-Director
X-Tb
S-Rt
Xserver
Onion-Location
X-UPSTREAM-Address
X-Proto
X-Content-Powered-By
X-SayCDN-TTL
X-GeoCode
Fastcgi-Useragent
X-LAGOON
X-Cache-Action
Meta-Geo
Locale
Load-Balancing
X-ServerID
X-GeoCountry
X-JoinUs
X-SaId
X-Say-Cacheable
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Rewrite-Enabled
X-Varnish-Cache-Hits
X-Say-TTL
Azure-RegionName
Filters
Azure-SiteName
X-Cache-Operation
Azure-Version
Azure-SlotName
X-Nf-Request-Id
X-Cluster-Node
Uber-Trace-Id
X-Container-Uri
X-Git-Commit
X-Labrador-Cache-Channel
X-PHP-Host
X-VC-Cache
X-Varnish-Hostname
X-Forwarded-Host
X-Tt-Logid
X-Soup
X-RM-Cache-TTL
X-Served-From
X-Ms-Version
X-Ms-Request-Id
OT-Force-Account-Verify
Web-Mar-Node
X-Sql-Count
X-Sql-Duration-Ms
X-VCT
X-Adobe-Source
X-Logging-Id
X-Generation-Time
X-Detected-As
X-Cache-Server
X-RCS-CacheZone
X-Sucuri-Cache
X-Sucuri-ID
Mn-Server-Ip
X-R9-Blue-Green-Version
X-Routing-Service
X-Skip-Cache
X-Debug
X-Extlb
Node
X-FB-TRIP-ID
X-LSADC-Cache
Property-Id
TWC-Locale-Group
TWC-GeoIP-Country
Webcakes-Region
TWC-Privacy
Webcakes-App-Version
X-Zen-Fury
TWC-Device-Class
X-Lambda-Id
Webcakes-App-Name
X-Origin-Hint
X-Zipkin-Id
TWC-Connection-Speed
X-Proxied
TWC-GeoIP-LatLong
DB-Nickname
X-URL
X-Tumblr-Pixel-3
Selected-Fe
X-MCACHE
X-Proxy-Build
X-Uri
X-Format
X-Drupal-Cache-Contexts
X-Tumblr-Pixel-2
CDN-RequestId
X-Fetched-On
X-Timing-Wait
Liferay-Portal
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Tncms
X-Loop
Source
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Srv
X-Hcs-Proxy-Type
X-Rn-Rsrv
X-B3-SpanId
X-Endurance-Cache-Level
X-Cache-Hit
X-Origin-Date
Cross-Origin-Window-Policy
X-Redis-Cache
X-MP-GENERATED-AT
X-Fastly-Request-Id
X-Ua
X-Varnish-Hits
Fastly-Drupal-HTML
X-TimeS
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Cache-Expired-At
Section-Io-Id
X-Pass-Why
Upgrade-Insecure-Requests
X-S
X-Ratelimit-Reset
Content-Secure-Policy
X-Real-IP
X-UA-Device-Type
X-Origin-TTL
X-Cache-TTL-Remaining
X-Origin-CC
X-Node-Name
X-Akamai-Transformed
X-Pubstack
X-CACHE-AGE
X-GEO
X-Server-W
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-PullZone
CDN-Uid
CDN-EdgeStorageId
CDN-Cache
X-Via-JSL
X-Hl-Ver
Cache-Provider
X-Newrelic-Synthetics
X-RTag
Ms-Operation-Id
X-TIME
X-CSRF-Token
MS-CV
NGB
X-AIR-PT
X-NGENIX-Cache
X-Handled-By
X-Xfnlog-Site
X-Restarts
Apigw-Requestid
X-Cache-Type
X-Cms-Context
X-IPLB-Instance
X-IPLB-Request-ID
X-Reqid
X-Optimistic-Header
X-Parent-Response-Time
X-Cache-Host
ServedBy
X-Application
L
DCR-Decision-By
N-Cache
Cache-Name
CPC-Cache
X-Origin-Time
X-Accel-Expires-Debug
X-Aed
CPC-Age
X-Policy
X-App
DCR-Processing-Time-Ms
X-Rojux
X-Bl-Debug
X-S-Cookie
X-Cache-Bucket
X-SD-PageType
X-ScT
X-Request-Host
Meta-Geo-Continent
X-RateLimit-Limit-Second
X-JWT-State
X-RateLimit-Remaining-Second
X-Bc-Bl
X-BCube-Filmed-By
X-B-Cookie
X-A-Wwc
T-Server
Surrogated-Key
Odigeo-Trace-Id
True-Client-Country-4JS
X-Nyt-Route
X-Is-Gdpr
Sslversion
Server-Host
Canary
Redirect-Candidate
Rendered-Blocks
Candidate-Md5Url
BehaviorPad-Version
Ngx.Var.Host
Vix-Hermes-Req-Id
Xc-Version
X-A-Dam
X-A-Dcw
X-Worker
X-Mvc-Supplant-Cachable
X-A-Dgt
X-A-Ccd
X-A
VNS-Cache
VNS-Age
W
We-Hiring
Web-Mar-Region
X-Orig-Expires
X-Has-Esi
X-Vdms-Path
X-Developer
X-Dispatcher-Number
Gh-Request-Id
X-Ec-Fail
X-Ec-Custom-Error
X-Destination
X-SRCache-Key
X-Date
X-D
X-Debug-Cache-Fetch
X-Vdms-Version
Magicmarker
X-Ec-GeoHdr
X-Tenant
X-Var-Ttl
X-FC-Vary-Parameters
X-Gdpr
L5d-Success-Class
X-Forwarded-Path
Lang
X-Fastly-Backend
X-Epic-Correlation-Id
Ha-Gx-Prefs
HA-Ipaddr
X-Eu-Site
X-External-Request-Id
X-Csrf-Jwt
X-Debug-Cache-Store
X-We-Are-Hiring
Mail-Subject
X-Wikidot-Backend
X-CF-Lambda-Fn
X-CF-Lambda-Version
Gannett-Cam-Experience-Id
X-Vtex-Remote-Cache
X-Cdn-Diag
X-GeoIP-Region-Code
X-Cache-NE
X-Cache-Info
MD5-Digest
X-CacheTTL
X-Wikidot-Static-Cache
X-Shop-Environment
X-Presslabs-Stats
X-CGP
X-GeoIP-Country-Code
X-Slack-Backend
X-VG-WebCache
Fastly-SSL
X-Slack-Shared-Secret-Outcome
X-Conf
X-Viewer-Country
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-BYPASS-REASON
WP-Super-Cache
X-ProxyCache-Status
X-No-Session
X-ProxyCache-Key
X-Tx-Id
Hostname
Producers
Origin
Machine
X-Irp-Debug
Platform
Memcached
X-Hash
X-CMSURLCustom
X-Core-Mission
X-Clientip
X-Clara-WADP
X-Gzip
X-Cdn-Origin
X-Core-Value
X-DefElseHash
X-Generated-On
X-Fmm-Version
X-Esi-Check
X-Geo-Header
X-DefHash
X-DPWN-IS-SECURE
X-Cache-Id
X-Cache-Debug
Thinkindot-Control
X-INCAP-ABP
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Req-Svc-Chain
TDXMobile
X-Human
X-Accel-Buffering
X-BBC-Edge-Cache-Status
X-Bip
X-Auto-Login
X-App-Name
X-Alternate-Cache-Key
X-ApacheServer
Release
Expect-Staple
X-Thanos
X-Thinkindot-L3
X-Varnish-CookieHashed-On
X-Pool
X-Qloud-Router
X-Varnish-CookieINHashed-On
X-Test
X-Refresh
X-PERF
X-Level-Front-Cache
Cache-Hits
X-Node-Id
Adler-Geo
X-Old-Content-Length
X-Variation
X-PAYTM-SRV-ID
X-Owner
X-Org
X-Request-Time
X-S-Maxage
X-Shopify-Stage
X-Vmg-Version
X-VServer
X-Sn-Servicetimems
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-VG-TLSProxy
X-Sorting-Hat-PodId
X-WADP-Cache
X-SVT-ORM-RULES
X-Wix-Viewer-Type
X-SVT-ORM-VERSION
X-Varnish-Remaining-TTL
X-Varnishpool
X-Server-IP
X-ShopId
X-ShardId
AKAMAI
Origin-Agent-Cluster
X-Loc
Datacenter
Cmstype
X-Mly-Id
X-Datadome
X-Mid
Environment
X-Nitro-Cache
Host-ID
Is-Eu
Cf-Device-Type
Cmsid
X-Cluster
User-Cache-Control
X-AWS-Id
X-VWS-Id
X-Vcl-Version
X-LJ-Flow-ID
X-Nananana
X-Device-Os
Apple-News-Services-Handled
X-Nginx-Cache-Key
X-Mvc-Supplant-OutputCached
X-Cdn-Srv
Country-Code
CloudFront-Viewer-Country
X-Scale
DSUID
X-WA-Info
Server-Ext
X-Block-Status
CDCHOST
Esi-Enabled
X-Gen-Mode
X-GeoIP
X-Platform
X-Forwarded-Site
X-NodeID
Apple-News-Services-Parsed-Url
X-From
Apple-News-Services-Host
X-PHP-Backend
X-Up
Server-Hostname
Apple-News-Services-Request-Url
Sever-Int
X-Akamai-Device-Characteristics
X-Origin-Response-Time
X-Hnp-Log
X-Proxy-Cache-Status
X-Dispatcher-Server
X-LB-NoCache
X-B3-Spanid
X-Cache-Status-Check
X-Origin
X-Access
Server-Info
X-Op-Id-All
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
NM-Fastcgi-Cache
X-Instance-Name
X-Section
X-Cache-Enabled
Origin-CC
Origin-EX
Pics-Label
C-Via
X-NCache
Ssr
X-API-Version
X-TIM-N
X-Amz-Meta-Cb-Modifiedtime
Memory
Time
X-Via-Fastly
AMP-Access-Control-Allow-Source-Origin
X-Dc
Server-ID
NGX
X-Micro-Cache
X-CACHE-GROUP
X-Cs
X-Correlation-ID
X-Internal-Host
X-FTR-Request-ID
X-HA-Backend
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Tb-Optimization-Total-Bytes-Saved
X-ZONE
X-AB
X-Wp-Cf-Super-Cache-Active
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
X-Azure-Ref-OriginShield
X-Varnish-Beresp-Grace
X-Vgn-Hpd-Reason
X-Geo-Region
X-Webkit-Csp-Report-Only
GeoIP-Latitude
X-Varnish-Beresp-Ttl
X-Buckets
X-Web-Node
Location
IsBot
X-Microcachable
X-Origin-Expires
Cache-Host
X-SIPLIST1
X-WP-CF-Super-Cache-Active
X-Accel-Version
X-TraceId
Cdn-Requestid
X-Zone
X-DC
X-B3-Parentspanid
Sid
X-Fpc
X-Github-Request-Id
XM
X-Backend-Instance
X-DataCenter
X-VarnishDD-TTL
Uri
X-Pod-Name
PFcat
X-HN
X-Tcp-Rtt
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Mobile
X-Is-Desktop
X-Browser-Name
User-Agent
Resin-Trace
X-Cached-By
X-Ad-Defer-Variation
X-Info
YJS-ID
CF-Ctrl
X-TA-CDN-Provider
X-LiteSpeed-Cache-Control
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
Locid
X-Via-CDN
X-Site-Version
X-FL-EDGE
X-Locale
A
X-FL-QIT-DEBUG
Srvid
GeoIp-Country-Code
X-NGINX-Cache
X-Nitro-Cache-From
XServer
True-Client-Ip
X-Nitro-Rev
X-Contensis-Viewer-Groups
GeoIP-Country-Code
X-Moov-T
X-Moov-Xdn-Version
Epwk-X-Cache
X-Hyper-Cache
X-FireWall-Port
X-Cache-ASPX
X-ATG-Version
X-VCache
Cdn
X-CS
X-Frame-Option
True-Client-IP
X-Varnish-Authentication
Cache-Key
X-NewRelic-App-Data
X-CSRF-TOKEN
X-Cache-Ttl
X-MSEdge-Features
X-Service
X-Webstats-RespID
X-MSEdge-Flight
SID
X-APP-VERSION
X-Upstream-Ht
X-Upstream-Ct
Fastly-Drupal-Html
X-Geo
X-FPC
X-TRACE-ID
NtCoent-Length
X-Datacenter
X-VC
Path
X-Platform-Server
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
State
X-Origin-Cache-Key
X-Planisys-CDN-Cache
X-HS-Content-Campaign-Id
X-HostName
Tcn
Lb
X-FTR-Balancer
X-FTR-Backend-Server
X-SRV
X-FTR-Cache-Status
X-FTR-Expires
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Edge-Server
X-Country-Code-Real
X-Fastly-Cache
Cdn-Host
X-Vercel-Cache
Cdn-Request-Time
X-Release
X-FTR-Backend
X-Vercel-Id
X-LiteSpeed-Tag
Cf-Ipcountry
CountryCode
X-Api-Version
LB
X-Pad
X-Rocket-Build-Number
X-Generated-In
X-Sigma
Cdncip
Cdnsip
M-TraceId
Req-ID
X-Cache-Remote
X-Amz-Meta-Opti
X-AK-Request-ID
X-Sigma-Backend
WZWS-RAY
X-Air-Pt
X-Esi
X-Cdn-Request-ID
X-Provided-By
X-NMSegId
Cluster
Cache
X-Ad-Load-Variation
X-HS-Status
WebServer
X-Branch-Name
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-WP-CF-Super-Cache-Cookies-Bypass
X-UA
X-Traceid
X-Rebelmouse-Cache-Control
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Rebelmouse-Surrogate-Control
CDN
X-GeoIP-City
X-Scheme
X-Proxy-CacheRZ
X-Gamma-Serve
Content-Style-Type
Content-Script-Type
X-M-Log
X-M-Reqid
X-NWS-UUID-VERIFY
XkeyRZ
Pramga
Yak-Timeinfo
Proxy-Connection
X-GoCache-CacheStatus
X-Request-Start
X-Scope-Id
X-RN-RSRV
X-CACHE-KEY
Server-Id
X-Qnm-Cache
X-Ha-Backend
X-Cdn-Forward
X-Shield-Cache-Expires
X-Cdn-Cache-Status
Geoip-Latitude
X-Tim-N
X-Varnish-Beresp-Status
X-Akamai-Pragma-Client-IP
Srv
X-Vc
X-Lb-Cache
CF-Cached-On
Ngx
Ohc-File-Size
X-Cache-Date
Edge-Cache
Env
X-Request-URI
X-TT-LOGID
Serverid
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-EC-Lua
Kp-EeAlive
X-VCL-Version
X-Acquia-Purge-Tags
X-Edge-POP
X-Udemy-Cache-App-Namespace
X-User
X-TH-Server
X-Render-Time
X-Via-Ucdn
X-CUA
Cache-Tv-Group
X-Dw-Trace-Id
PICS-Label
X-Lb-Nocache
Inserted-Into-Cache-At
X-Acquia-Site
X-Varnish-Beresp-TTL
Yjs-Id
Tube-Got-Eval
Tube-Return
Tube-Got-Results
X-Via-PopH
X-Via-PopN
X-Wa
X-Via-PopV
Tube-Get-Contents
X-Servedbyhost
X-Lb-Id
X-Aicache-OS
MIME-Version
X-B3-Trace-ID
X-Nc
X-Req
X-UP
X-Fastly-Backend-Reqs
X-SB
X-Acquia-Purge-Cdn-Unconfigured
Log-Origin
X-ElasticPress-Query
X-Mobile-URL
X-Snapshot-Date
X-RAMCache
X-MiniProfiler-Ids
X-Iauth-Set-Uid
Vha6-Origin
X-Location
X-Fastly-Cache-Hits
X-Miniprofiler-Ids
X-CF-Cache-Header-Cache-Control
X-CF-Cache-Header-Vary
Click-Count-Action-Start
X-Litespeed-Cache-Control
X-Cached-Since
Cneonction
CACHE-MISS-TO-ORIGIN
X-Edge-Pop
Click-Count-Error