Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-FRAME-OPTIONS
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
X-Request-ID
X-Iinfo
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
P3p
X-Ua-Compatible
Access-Control-Max-Age
CF-Ray
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-Dns-Prefetch-Control
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Amz-Id-2
X-Backend
X-Age
Host-Header
X-Ws-Request-Id
X-Hacker
X-Server-Powered-By
X-Rq
X-Server
X-Vhost
X-Varnish-Cache
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
EagleId
X-Dispatcher
Cf-Edge-Cache
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Nginx-Cache-Status
X-WebKit-CSP
Ali-Swift-Global-Savetime
Accept-CH
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Akamai-Path-Stats
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Cache-Spec
X-Server-Id
Surrogate-Control
X-Backend-Server
X-Akam-SW-Version
Request-Id
EagleEye-TraceId
X-Response-Time
X-Cache-Lookup
Accept-CH-Lifetime
X-Readtime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
X-HW
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-Url
X-Country
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Edge
Edge-Control
X-Rack-Cache
Accept-Ch-Lifetime
X-B3-TraceId
X-TtlSet
X-Vname
X-PC
X-Mod-Pagespeed
X-Content-Type
X-ESI
X-CST
X-Vcap-Request-Id
X-Ruxit-Js-Agent
X-Oneagent-Js-Injection
X-Mcache
X-Ruxit-JS-Agent
X-D2id
Verso
Xkey
X-GitHub-Request-Id
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
Cache-Tag
X-Amz-Rid
X-Powered-By-Plesk
X-FastCGI-Cache
Service-Worker-Allowed
RTSS
X-VARITI-CCR
X-Varnish-TTL
X-Navigation-Version
X-Upstream
X-ECACHE
X-Version
X-Abt-Application-Version
X-Cached
X-Ttl
X-Client-IP
X-Ac
X-Cnection
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Server-Name
X-Instrumentation
X-Kraken-Loop-Name
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
SPRequestGuid
X-SharePointHealthScore
Cf-Apo-Via
X-Px
SPIisLatency
SPRequestDuration
Public-Key-Pins
Permissions-Policy
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Country-Code
X-NWS-LOG-UUID
X-Cache-TTL
X-Middleton-Response
Response
X-Ser
X-Kinsta-Cache
X-Midtier
X-Cache-Key
X-Edge-Location-Klb
X-Goog-Hash
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-RateLimit-Remaining
Content-MD5
X-Forwarded-For
Access-Control-Request-Method
X-NF-Request-ID
X-Shield-Request-Id
X-Correlation-Id
X-MSEdge-Ref
X-DataDome
Front-End-Https
X-T
X-Recruiting
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
X-Jurisdiction
X-HP-Webp
MicrosoftSharePointTeamServices
X-HP-Trace-Id
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
AR-SID
AR-PoweredBy
AR-Request-ID
Nginx-Cache
AR-CACHE
AR-ATIME
X-Accel-Expires
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Daa-Tunnel
X-Powered-CMS
Accept-Ch
TCN
X-Mg-S
X-Grace
X-Content-Digest
X-RateLimit-Limit
X-Request-Processing-Time
X-Request-Received
Filters
X-Hits
X-Amzn-Trace-Id
Server-Node
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Id
Server-Name
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
MS-Author-Via
Fastcgi-Cache
X-XRDS-Location
X-Geo-Country
X-Webkit-Csp
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Distributor
X-Frontend
S
X-PressLabs-Stats
Count-Hit
X-Fastly-Request-Id
X-Origin-Server
X-Ab
X-Ezoic-Cdn
X-Ua-Browser
Cache-Status
X-Language
Filterid
X-LLID
X-Protected-By
X-LB-Cache
Cross-Origin-Opener-Policy
X-Forwarded-Proto
Payment
X-Amz-Meta-S3cmd-Attrs
X-ASPNET-VERSION
Charset
X-Seen-By
X-Microsite
X-Ratelimit-Reset
X-Page-Id
X-Request-Handler-Origin-Region
X-F-Cache
X-Fastcgi-Cache
X-FB-Debug
X-Git-Hash
Host
X-B3-Sampled
X-Cluster-Name
X-VCache
Surrogate-Key
X-Rid
Cache-Tags
X-Www-Served-By
Realpath
Retry-After
X-Logged-In
Accept-Charset
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Origin-Cache
X-Cache-Age
X-NGENIX-Cache
X-DIS-Request-ID
X-Template
X-AppVersion
X-Az
X-Activity-Id
Alternate-Protocol
X-Source
X-Varnish-Backend
X-Litespeed-Cache
ServerID
X-Amz-Replication-Status
X-Type
X-Varnish-Grace
X-Is-Crawler
X-Wix-Request-Id
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Tb
X-Route-Name
X-Request-Guid
X-Flags
Cleartype
X-Envoy-Decorator-Operation
X-Signature
X-TT
X-B-Cache
Paypal-Debug-Id
DC
X-App-Environment
X-Hostname
X-B
X-Node-Name
X-DynaTrace
X-TTL
X-Revision
X-Drupal-Cache-Tags
X-Fastly-Request-ID
Frame-Options
X-Proxy
X-COUNTRY
X-Contextid
X-Debug
X-Kong-Upstream-Latency
X-Cache-Rule
X-Kong-Proxy-Latency
X-Tt-Trace-Host
X-Tt-Trace-Tag
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Mobile
Amp-Access-Control-Allow-Source-Origin
X-GUploader-UploadID
X-Load-Cache
Refresh
X-Content-Options
X-Cache-Control
Node
X-Magnolia-Registration
X-N
X-EdgeConnect-Cache-Status
Country
X-Original-Request-Id
X-Response-Served-From
NGB
Akamai-GRN
X-Ratelimit-Remaining
X-Content-Powered-By
X-Varnish-Age
X-NYM-Debug-Backend
X-Debug-IsConnected
X-Debug-IsPreview
X-Instance
X-Cache-Time
X-Page-View
X-Adobe-Loc
X-Adobe-Content
X-Mid
X-Yottaa-Metrics
X-Cache-TTL-Remaining
X-Yottaa-Optimizations
X-User-Agent
X-G
X-Rendered-As
X-Framework
X-Is-Bot
X-Status
Referer-Policy
Access-Control-Request-Headers
Content-Disposition
Uber-Trace-Id
Viewport
X-Cacheable-TTL
X-L-Path
X-Environment-Context
X-Varnish-Server
X-Unique-Id
X-Cache-Grace
X-Akamai-Request-ID2
X-Real-IP
X-Servername
Srv
X-ProcessESI
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Cross-Origin-Resource-Policy
X-Whom
Url
X-RemovedCookies
Countrycode
X-Oracle-Dms-Ecid
X-Jobs
X-Oracle-Dms-Rid
X-Trace-Id
X-XRDS-LOCATION
X-Drupal-Cache-Contexts
X-Content
X-Api-Version
X-Cache-Expired-At
X-APP-VERSION
X-CDN-Forward
X-Via-JSL
X-Time
X-Mg-Request-UUID
Version
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Accept-Language
X-Cache-Hit
X-Cache-Operation
X-Http-Reason
X-Backend-Name
Healthy
X-Restarts
Protected
X-Rule
X-Ratelimit-Limit
X-IPLB-Request-ID
X-App-Server
X-IPLB-Instance
X-Server-ID
X-Azure-Ref
Section-Io-Cache
X-Debug-Info
X-Akamai-Edgescape
Content-Secure-Policy
X-Cache-Action
X-Hosted-By
X-Tt-Logid
X-Generation-Time
X-Nginx-Cache-Key
Server-Info
GEO-INFO
X-VC-Cache
X-Device-Type
Backend
X-SRV
Liferay-Portal
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Mobile-URL
X-Storage
Meta-Geo
X-RN-RSRV
Load-Balancing
X-UPSTREAM-Address
X-URL
X-HTML-Minification-Powered-By
CF-IPCountry
MS-CV
X-RTag
Ms-Operation-Id
Onion-Location
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
Xserver
Azure-RegionName
X-Format
X-Cms-Context
X-Cache-Server
X-Access
X-OCL
X-PCL
X-Section
X-R9-Blue-Green-Version
X-Proto
X-Amz-Apigw-Id
X-Handled-By
X-Amzn-RequestId
X-Proxy-Cache-Status
X-Locale
X-Adobe-Source
X-PHP-Host
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Ms-Request-Id
X-Redis-Cache
X-LJ-Flow-ID
X-Sql-Count
X-Generated-By
X-FireWall-Port
X-Ms-Version
X-JoinUs
X-Labrador-Cache-Channel
X-No-Session
X-AWS-Id
X-Varnish-Cache-Hits
Webcakes-App-Version
TWC-Connection-Speed
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Hl-Ver
X-Origin-Hint
Eomportal-Instance
X-Varnish-Hostname
X-Sql-Duration-Ms
X-VWS-Id
Cache-Name
Property-Id
TWC-Device-Class
Web-Mar-Node
X-SaId
X-Mode
X-Content-Age
X-Edge-Location
X-Detected-As
X-Cache-Host
X-Cache-Type
X-Forwarded-Host
X-ProxyCache-Status
X-PHP-Backend
X-GeoCountry
X-GeoCode
X-BYPASS-REASON
X-Alternate-Cache-Key
CDN-EdgeStorageId
X-Server-W
CDN-CachedAt
CDN-Cache
CDN-PullZone
CDN-RequestCountryCode
Locale
CDN-Uid
CDN-RequestId
S-Rt
X-ProxyCache-Key
X-Site-Version
X-Shopify-Stage
X-ShopId
X-Skip-Cache
X-Region
X-UA-Device-Type
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Urbn-Context-Path
X-ShardId
X-Web-Node
X-Xfnlog-Site
X-Via-Fastly
X-Varnishpool
X-Urbn-Site-Id
X-Varnish-Beresp-Grace
X-Zipkin-Id
Mn-Server-Ip
X-Cache-Enabled
X-Proxied
X-Proxy-Build
Apigw-Requestid
X-Request-Time
X-Routing-Service
X-ECache
Selected-Fe
X-Extlb
X-ServerID
X-Timing-Wait
X-Storefront-Renderer-Rendered
Fastcgi-Useragent
X-Cache-Status-Check
X-Tid
WP-Super-Cache
X-DynaTrace-JS-Agent
X-Uri
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
DB-Nickname
X-Cache-NGX
X-FB-TRIP-ID
X-Varnish-Ttl
X-Origin-Date
X-UUID
X-Provided-By
X-Datadome
X-Amzn-Remapped-Content-Length
X-Ua
X-Dc
X-LSADC-Cache
X-TNCMS
X-Reqid
X-Pubstack
X-Nginx-Cache
X-Loop
X-Tec-Api-Origin
X-Correlation-ID
X-Aspnetmvc-Version
X-Tec-Api-Version
X-Tec-Api-Root
X-Cdn
ServedBy
X-Zen-Fury
X-Webkit-CSP
X-Soup
Xet-Cookie
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-2
X-Human
X-MP-GENERATED-AT
X-Origin-TTL
Source
X-TA-CDN-Provider
X-Origin-CC
Origin
Cache
X-Service
X-RCS-CacheZone
X-GEO
X-Newrelic-Synthetics
X-Cache-Tags
X-App-Version
From-Origin
X-Varnish-Hits
X-TIME
X-Cached-By
X-Debug-Cache
WPO-Cache-Message
Cross-Origin-Window-Policy
WPO-Cache-Status
X-Cache-Debug
X-Varnish-Beresp-Ttl
X-NewRelic-App-Data
SD-X-WS
Rip
X-B3-Traceid
X-ScT
MD5-Digest
Webserver
BehaviorPad-Version
Rendered-Blocks
LB
Host-ID
X-Request-Host
X-BCube-Filmed-By
X-Bc-Bl
Cdnsip
X-Aed
X-A-Wwc
X-AK-Request-ID
T-Server
X-ARC
X-Cache-NE
X-B-Cookie
X-NAPM-TraceId
Xc-Version
X-Ec-Fail
A
X-Developer
X-External-Request-Id
X-Application
X-A-Ccd
X-A
X-Ec-GeoHdr
X-Forwarded-Path
VNS-Cache
X-Connection-Hash
X-A-Dcw
X-A-Dgt
Fastly-Drupal-HTML
X-D
VNS-Age
X-Destination
X-A-Dam
Cdncip
X-VG-WebCache
X-TIM-N
X-S
Ngx.Var.Host
X-S-Cookie
Meta-Geo-Continent
X-Parent-Response-Time
X-Processor
X-Rojux
Lang
X-Rewrite-Enabled
Odigeo-Trace-Id
Expiry
X-User
X-SRCache-Key
X-PBS-Appsvrname
X-Vdms-Version
X-Shop-Environment
CPC-Cache
DCR-Processing-Time-Ms
CPC-Age
X-Tenant
X-Orig-Expires
Sslversion
Surrogated-Key
X-Vdms-Path
DCR-Decision-By
X-FW-Version
X-AOL-HN
X-IPS-LoggedIn
X-Gdpr
X-Nyt-Route
Environment
X-Origin-Time
X-Served-From
X-Accel-Buffering
X-Cluster
Upgrade-Insecure-Requests
Redirect-Candidate
X-Aicache-OS
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-INCAP-ABP
X-Has-Esi
Fastly-Backend-Name
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Auto-Login
X-Cdn-Srv
X-Core-Value
X-CMSURLCustom
Thinkindot-CacheControl
TDXMobile
X-Generated-On
X-WP-CF-Super-Cache-Active
AKAMAI
X-JWT-State
Gh-Request-Id
X-Geo-Header
X-Thinkindot-L3
X-Worker
X-Platform-Server
X-Developers
X-Sucuri-ID
OT-Force-Account-Verify
X-Sucuri-Cache
X-Level-Front-Cache
Tube-Got-Eval
Producers
Tube-Got-Results
Tube-Get-Contents
Tube-Return
Release
Servername
Server-Host
Req-Svc-Chain
We-Hiring
Traceparent
Platform
NGX
Mime-Version
Svr
Machine
Mail-Subject
NM-Fastcgi-Cache
Origin-CC
Origin-EX
Web-Mar-Region
Memcached
L
L5d-Success-Class
Mobile-Detection-Method
X-GeoIP-City
X-Owner
X-Varnish-Remaining-TTL
X-Policy
X-Pool
X-Qloud-Router
X-Proxy-Cache-Info
X-Origin-Response-Time
X-Origin
X-Viewer-Country
X-NCache
Kp-EeAlive
X-NodeID
X-VG-TLSProxy
X-Optimistic-Header
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Sigma
X-Variation
X-Sigma-Backend
X-SIPLIST1
X-Var-Ttl
X-SplitTest
X-SB
X-S-Maxage
X-Varnish-CookieINHashed-On
X-Request-URI
X-Varnish-CookieHashed-On
X-Rocket-Build-Number
X-Varnish-Beresp-Status
X-Rocket-Nginx-Serving-Static
X-VServer
X-WADP-Cache
X-Clientip
X-Clara-WADP
X-Csrf-Jwt
X-DefElseHash
X-Dispatcher-Number
X-DefHash
X-CGP
X-Cache-Info
X-Azure-Ref-OriginShield
X-ATG-Version
X-BBC-Edge-Cache-Status
X-Bip
X-Cache-Id
X-Cache-Bucket
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Irp-Debug
X-Gzip
X-Loc
X-Minions-Version
X-Wix-Viewer-Type
X-Mvc-Supplant-Cachable
X-Thanos
X-GeoIP
X-Eu-Site
X-Epic-Correlation-Id
X-FC-Vary-Parameters
X-Fmm-Version
X-Forwarded-Site
X-Ad-Defer-Variation
X-Esi-Check
Click-Count-Error
IsBot
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
DSUID
Decoy-Debug-TTL
Candidate-Md5Url
Cache-Host
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-SIE
Fastly-GeoIP-CountryCode
Apple-News-Services-Host
Cluster
Ha-Gx-Prefs
Apple-News-Services-Handled
HA-Ipaddr
Click-Count-Action-Start
Fastly-SWR
Is-Eu
Adler-Geo
Fastly-SSL
X-Cluster-Node
X-Fetched-On
X-Gateway-Cache-Status
X-Fastly-Backend
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-Core-Mission
X-Cdn-Origin
X-CacheTTL
X-Ckpd-Fst-Backend
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Device-Os
X-ND-Cache
HostName
X-Scheme
X-Scale
X-B3-SpanId
X-Slack-Backend
X-Sn-Servicetimems
CloudFront-Viewer-Country
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Region-Sid
X-CSRF-Token
X-Via-NSCOPI
X-Hnp-Log
X-Hash
X-Gen-Mode
X-Tx-Id
X-Block-Status
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Gateway-Skip-Cache
X-Gamma-Serve
Wxu-Next-Hostname
Country-Code
Wxu-Next-Commit
Vix-Hermes-Req-Id
Wxu-Next-Region
Server-Ext
Datacenter
Cmstype
Canary
Cmsid
Server-Hostname
CDCHOST
User-Cache-Control
State
Sever-Int
V-Age
X-Trace-ID
X-VC
X-GG-Cache-Date
WebServer
X-Cache-Remote
X-Newrelic-App-Data
X-Mvc-Supplant-OutputCached
X-V-Cache
X-Branch-Name
X-LB-NoCache
Ec-Rule-Version
X-Udemy-Cache-App-Namespace
X-WA-Info
Cache-Tv-Group
X-Nf-Request-Id
Pics-Label
Time
Fastcgi-Cache-TTL
Memory
X-Pass-Why
X-ZONE
Cache-Hits
Sid
X-Tb-Optimization-Total-Bytes-Saved
X-Presslabs-Stats
X-Refresh
Request-ID
X-Session-Fingerprint
AMP-Access-Control-Allow-Source-Origin
X-Up
X-Fastly-Cache
X-Rebelmouse-Surrogate-Control
Ssr
X-Rebelmouse-Cache-Control
X-Pod-Name
X-Tumblr-Pixel-3
X-Origin-Expires
SID
X-Edge-Pop
X-Via-Popv
X-Servedbyhost
My-App
Env
X-Dispatch
X-Generated-In
X-Via-Poph
X-Via-Popn
X-Release
X-Cs
X-Akamai-Transformed
X-Wa
Server-ID
X-Esi
X-Lambda-Id
X-PX
X-CACHE-AGE
X-Zone
X-Req
X-Ig-Push-State
X-Fpc
GeoIp-Country-Code
X-Cache-Date
X-ID
X-Buckets
X-EC-Lua
X-NWS-UUID-VERIFY
X-DC
X-NGINX-Cache
X-MSEdge-Flight
X-NC
X-Conf
True-Client-IP
X-MSEdge-Features
X-Xrds-Location
X-Endurance-Cache-Level
CDN
X-Microcachable
CacheControlHeader
X-Vc
X-LB-ID
X-VCL-Version
X-TX-ID
True-Client-Country-4JS
X-B3-Spanid
X-Webkit-CSP-Report-Only
X-TH-Server
X-Dmc
Hostname
X-CACHE-KEY
X-Op-Id-All
X-CS
X-CSRF-TOKEN
X-HS-Status
X-TRACE-ID
Magicmarker
X-Be
Fastly-Drupal-Html
X-GeoIP-Region-Code
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-GeoIP-Country-Code
X-Check-Cacheable
X-RateLimit-Reset
X-MCACHE
X-Srv
Tcn
WWW-Authenticate
Path
X-Vcl-Version
Resin-Trace
X-RAMCache
X-Hyper-Cache
X-Varnish-Beresp-TTL
X-Vercel-Cache
X-Date
X-Akamai-Pragma-Client-IP
X-Accel-Expires-Debug
True-Client-Ip
X-Vercel-Id
X-Alfa-Service
X-SERVER-NAME
GeoIP-Country-Code
X-M-Log
Pramga
Section-Io-Id
X-M-Reqid
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Old-Content-Length
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Micro-Cache
Section-Origin-Responded
X-CLOUD-TRACE-CONTEXT
X-Cache-Ttl
Yjs-Id
X-App
X-Air-Trace-Id
X-Air-Source
X-Datacenter
X-FPC
X-LiteSpeed-Cache-Control
X-Qnm-Cache
Proxy-Connection
Tracecode
X-Air-Hostname
YJS-ID
X-Air-Pt
X-Mly-Id
FSS-Cache
X-Geo
Powered-By
C-Via
X-WA
X-Via-CDN
X-Lb-Id
X-Location
Lb
Server-Id
X-Platform-Cluster
X-Platform-Processor
X-Edge-POP
X-ServedByHost
ENV
X-Response-By
User-Agent
X-TrackingId
X-Platform-Router
N-Cache
X-Webstats-RespID
X-Cdn-Forward
X-API-Version
NtCoent-Length
X-Akamai-ERRuleID
HIT
X-Varnish-Authentication
X-Via-PopH
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Director
X-Akamai-ERPolicy
X-Via-PopV
X-Via-PopN
Esi-Enabled
Fastcgi-X-Cache-Version
X-Client-Ip
X-Platform
X-PAYTM-SRV-ID
Hit
On-Server
X-Service-Response-Time
Sm-Log-Id
X-AIR-PT
X-Dw-Trace-Id
X-DataCenter
X-Instance-Name
X-Traceid
Cdn
X-TT-LOGID
Location
X-UA
Locid
X-FL-EDGE
Geoip-Latitude
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-FORWARDED-FOR
Dnion-Transfer-Encoding
X-Li-Fabric
X-CUA
X-From
Srvid
X-Test
GeoIP-Latitude
Ohc-File-Size
X-Server-IP
Swift-Performance
Uri
X-CF-Powered-By
X-RSL
X-DB
X-DSS
X-DW
X-RPM
X-DI
X-RPS
X-Request-Url
PICS-Label
X-LiteSpeed-Tag
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Nginx-CQVIP
XServer
X-Node-Id
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
Wpo-Cache-Message
X-Serial
X-Render-Time
M-TraceId
X-Cdn-Request-ID
X-Cache-Expires
X-Request-Start
X-Cache-Backend
X-Fastly-Cache-Hits
X-Lb-Nocache
X-SD-PageType
X-HA-Backend
Vha6-Origin
X-Fastly-Backend-Reqs
X-HostName
X-LAGOON
X-B3-ParentSpanId
Wpo-Cache-Status
X-Cc-Via
X-Cache-Ngx
Warning
CountryCode
X-Ips-Loggedin
Wp-Super-Cache
X-Keep
X-Kebabable
X-Is-SSL
X-Header-Sub
X-Group
X-GoCache-CacheStatus
X-LbNode
X-IBD-Cache
X-Ittl
X-IBD-SID
X-Kebab
X-Nerd
X-NFL-Geo
X-NFL-Dma
X-NS-Authorization
X-Ntj-Investigation-Id
X-Nyt-Data-Last-Modified
X-NXG
X-Newegg-Index
X-Newegg-Flow
X-Matome-Cached
X-Matched-Rule
X-MTS-Cache
X-N-OperationId
X-Global-Transaction-ID
X-Loadbalancer
X-Ee-Request-Date
X-Edge-IP
X-DT-Node
X-Container-Uri
X-Colour
X-Ee-Generated-By
X-Conten-Type-Options
X-Doge
X-Delivery
X-Dehri-Date
X-Odoo-Frontend
X-Dcm-Pdtf
X-Developed-By
X-Ee-Origin
X-Coindesk-Cache
X-Frame-Option
X-Fastly-Is-Edge
X-Fstrz
X-Full-Ttl
X-GG-Cache-Status
X-Farm
X-F-Status
X-Ee-Request-Id
X-Eid
X-ETag
X-Eventloop-Lag
X-Git-Commit
X-Upstream-State
X-U-Cache
X-True-Client-Ip
X-Cms-Device
X-User-Auth
X-Utime
X-Tried-To-Kebabify
X-Toujours-Debout-Location
X-Svr-Proxy
X-SVR-IIS
X-Test-Nginx-Ingress
X-Timestamp
X-Toujours-Debout-Branch
X-V2-Infrastructure
X-Vary-Devices
X-Xms-Page-Cache-Actions
X-WSR2
X-YSpaceId
XV-Cache
XV-H
X-WP-Bypass
X-Web-Hosting
X-Ver
X-Wag-Acs
X-Waitingroom
X-We-Are-Hiring
X-Stack-Name
X-SSLProxy
X-PGF-Deflate
X-PG-ACCESS
X-Pver
X-R-Cache
X-Reboot
X-Paywall
X-PageType
X-Onedio-Env
X-Origin-Ops
X-OVcl
X-OVcl-Cache
X-Redis
X-Render-Method
X-Sh
X-ServiceName
X-Site
X-SMP-JWT
X-Square
X-Server-L
X-Save-Cache
X-Request-Origin
X-Route
X-Route-Akamai
X-Ruby
X-Okws-Version
TWC-AK-Req-ID
NB-ESI
Joe-X
Nikkei-App-Version
NLCacheNote
Npm-Cost
Is-Https
HTTPProtocol
Deeplink
CMS-200
Ec-Policy-Id
H1
HServer
Npm-Remaining
Ns
RawURL
Proxy-Cache
Region
Request-Uuid
Rt-Proxy-Cache
Panzer-Cache-Control
Origin-Site
Ns-Ua
Ok-Cache-Status
OK-Edge-Date
Ok-Edge-Key
Cluster-Host
Cf-Wrk
DynaTrace
X-ApacheServer
WZWS-RAY
Cache-Key
X-Mg-Cache
SRV
X-PERF
X-Moov-T
X-Via-Ucdn
Req-ID
Fastcgi-Cache-Ttl
X-ElasticPress-Query
X-Yottaa-OS
Cachekey
Cache-Stat
Cdn-Country-Code
Cf-Device-Type
Cf-Locale
Akamai-X-Url
X-Th-Server
CF-Cached-On
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Cneonction
Scheme
Selected-Route
X-ASF-Cache
X-ARRRG1
X-AspNetWebPages-Version
X-Backend-TTL
X-Backside-Transport
X-Arena-Request-Id
X-Ar-Stats
X-Akamai-DeviceType
X-Akamai-DeviceOS
X-Akamai-Native
X-Amz-Meta-Cb-Modifiedtime
X-Apache-Server
X-BeanStalkRole
X-BeanStalkStage
X-Cache-Response
X-Cache-ReqUri
X-CacheVersion
X-CDN-Pop
X-CDN-Pop-IP
X-Cache-Reason
X-Cache-Proxy
X-Cache-Cookie
X-Cache-IsMobileDevice
X-Cache-Length
X-Cache-NPR
X-Akamai-CacheKeyMod
X-AEO-Platform
T-Request-Id
Sw
Technodrome
Time-Cloud-Cache
Ttl
Store-Cloud-Cache
SII
Served
Service-Uuid
SFRVia
Shieldsquare-Response
X-Moov-Xdn-Version
TWC-PATH-LOCALE
X-Accel-Version
X-77-NZT-Ray
X-Accepted-Fulllang
X-Accepted-Language
X-Accor-Asset
X-77-NZT
Vttl
TWC-Subs
TWC-Unit
Uniqueid
Userver
X-Cf-Node-Idx