Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-Request-ID
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
X-Ua-Compatible
X-Via
X-Dns-Prefetch-Control
X-Cache-Group
Server-Timing
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Amz-Id-2
X-Backend
X-Proxy-Cache
X-Ws-Request-Id
X-Age
Host-Header
P3p
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
X-Akamai-Path-Stats
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-Aws-Lambda-Call-Status
X-Host
X-OneAgent-JS-Injection
X-Node
X-Server-Id
X-Pingback
EagleEye-TraceId
X-Cache-Spec
Request-Id
Cf-Railgun
Surrogate-Control
Accept-CH
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Readtime
X-Response-Time
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Accept-CH-Lifetime
Rating
X-Trace
Fastly-Restarts
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Country
X-WebKit-CSP-Report-Only
X-Url
X-Clacks-Overhead
X-Edge
X-B3-TraceId
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Rack-Cache
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Ruxit-JS-Agent
X-Nginx-Upstream-Cache-Status
Accept-Ch
X-Content-Type
X-ESI
X-Vcap-Request-Id
X-Mod-Pagespeed
X-Varnish-TTL
X-FastCGI-Cache
Xkey
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-D2id
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-Mcache
X-Amz-Rid
Verso
X-GitHub-Request-Id
Cache-Tag
X-VARITI-CCR
X-CST
X-Powered-By-Plesk
RTSS
X-ECACHE
Service-Worker-Allowed
X-Upstream
X-Cached
X-Navigation-Version
X-Ruxit-Js-Agent
X-Client-IP
X-Abt-Application-Version
X-Version
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
X-Px
X-Cnection
X-Ac
Public-Key-Pins
X-Instrumentation
X-Kraken-Loop-Name
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Element-Page-Cache
SPRequestGuid
X-SharePointHealthScore
X-Server-Name
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Ser
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-NWS-LOG-UUID
X-Country-Code
X-RateLimit-Remaining
Permissions-Policy
X-Midtier
X-Cache-Key
X-Middleton-Response
Response
X-Kinsta-Cache
X-Edge-Location-Klb
X-NF-Request-ID
X-Goog-Hash
X-Ttl
X-Forwarded-For
Access-Control-Request-Method
Content-MD5
X-DataDome
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Front-End-Https
X-MSEdge-Ref
X-Recruiting
X-T
X-Jurisdiction
Edge-Cache-Tag
Nginx-Cache
X-HP-Trace-Id
X-HP-Webp
TP-Cache
TP-L2-Cache
AR-SID
AR-Request-ID
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Powered-CMS
X-RateLimit-Limit
X-Accel-Expires
X-Correlation-Id
X-Daa-Tunnel
MicrosoftSharePointTeamServices
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Grace
TCN
X-TTL
X-Id
X-Hits
X-Mg-S
X-Content-Digest
Filters
X-Request-Received
X-Request-Processing-Time
Server-Node
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
Server-Name
X-Amzn-Trace-Id
X-Frontend
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Cf-Apo-Via
S
X-LLID
X-Distributor
MS-Author-Via
X-Geo-Country
X-Protected-By
Fastcgi-Cache
X-PressLabs-Stats
Cache-Status
X-Language
X-LB-Cache
X-Fastly-Request-Id
X-Origin-Server
Cross-Origin-Opener-Policy
X-Ezoic-Cdn
X-FB-Debug
Host
X-Amz-Meta-S3cmd-Attrs
Charset
X-Forwarded-Proto
X-F-Cache
X-B3-Sampled
X-Page-Id
X-Seen-By
Count-Hit
X-Git-Hash
X-Ua-Browser
X-Ab
Filterid
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
Payment
X-Microsite
X-Request-Handler-Origin-Region
X-Litespeed-Cache
Realpath
X-Cache-Age
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Cluster-Name
X-VCache
Surrogate-Key
Accept-Charset
Cache-Tags
X-Rid
X-Origin-Cache
Alternate-Protocol
X-XRDS-Location
X-Template
X-NGENIX-Cache
X-DynaTrace
Retry-After
X-AppVersion
X-Az
X-Activity-Id
X-Www-Served-By
Access-Control-Allow-Method
X-Webkit-Csp
Cleartype
X-Varnish-Backend
X-Amz-Replication-Status
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Type
X-Flags
X-Varnish-Grace
X-TT
X-DIS-Request-ID
X-Upgrade-Enabled
X-Is-Crawler
X-Signature
X-Tb
X-Wix-Request-Id
X-B-Cache
X-Node-Name
X-B
X-Fastcgi-Cache
X-Logged-In
X-App-Environment
Paypal-Debug-Id
DC
ServerID
X-Proxy
X-Debug
X-Drupal-Cache-Tags
X-Envoy-Decorator-Operation
Frame-Options
X-Hostname
X-Source
X-Content-Options
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Mobile
X-Fastly-Request-ID
X-Revision
X-Content
X-Load-Cache
X-Contextid
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Cache-Control
X-Cache-Rule
X-Kong-Upstream-Latency
Country
X-Kong-Proxy-Latency
X-N
X-Magnolia-Registration
Amp-Access-Control-Allow-Source-Origin
X-User-Agent
Referer-Policy
X-Whom
Node
X-Response-Served-From
X-Original-Request-Id
Refresh
Viewport
X-EdgeConnect-Cache-Status
Content-Disposition
NGB
X-Varnish-Age
X-L-Path
X-Cache-TTL-Remaining
X-Cacheable-TTL
X-Debug-IsConnected
X-Environment-Context
X-Debug-IsPreview
Access-Control-Request-Headers
X-Adobe-Loc
X-G
X-Framework
X-Jobs
X-Mid
X-Akamai-Request-ID2
X-Yottaa-Metrics
X-Varnish-Server
X-Real-IP
VIX-Pulpo-Node
Url
Uber-Trace-Id
X-Servername
X-Yottaa-Optimizations
X-Page-View
X-NYM-Debug-Backend
X-Adobe-Content
X-Unique-Id
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Cache-Grace
Akamai-GRN
X-Instance
X-Rendered-As
X-Status
X-Is-Bot
X-Mg-Request-UUID
X-XRDS-LOCATION
X-Content-Powered-By
X-Restarts
X-RemovedCookies
X-ProcessESI
X-Ratelimit-Remaining
Countrycode
X-Drupal-Cache-Contexts
Version
Srv
X-Server-ID
X-App-Server
X-COUNTRY
X-Http-Reason
X-Time
X-Debug-Info
X-CDN-Forward
Accept-Language
X-Trace-Id
Protected
X-IPLB-Instance
X-IPLB-Request-ID
X-Cache-Expired-At
Healthy
X-APP-VERSION
X-Hosted-By
X-Via-JSL
X-Tumblr-Pixel-0
X-Cache-Hit
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Nginx-Cache-Key
Liferay-Portal
X-Device-Type
X-Azure-Ref
X-FW-Server
Fastcgi-Useragent
X-FW-Hash
X-Ratelimit-Limit
X-Cache-Operation
X-FW-Dynamic
X-FW-Static
X-FW-Serve
X-FW-Type
X-Backend-Name
Section-Io-Cache
X-Tt-Logid
X-Cache-NGX
X-RTag
MS-CV
Ms-Operation-Id
Server-Info
X-Proxy-Cache-Status
Content-Secure-Policy
X-Correlation-ID
Backend
X-Akamai-Edgescape
X-Oracle-Dms-Ecid
X-UUID
X-Oracle-Dms-Rid
X-Mobile-URL
X-Mode
X-UPSTREAM-Address
Load-Balancing
Meta-Geo
X-RN-RSRV
X-Storage
Cross-Origin-Resource-Policy
X-Handled-By
CF-IPCountry
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
X-Forwarded-Host
GEO-INFO
X-AWS-Id
X-Cms-Context
X-Cache-Server
X-Edge-Location
X-Alternate-Cache-Key
TWC-GeoIP-Country
X-Access
X-Adobe-Source
X-Format
Onion-Location
X-Cache-Action
X-OCL
X-No-Session
X-Origin-Date
X-Origin-Hint
X-PHP-Backend
X-PCL
X-Locale
X-LJ-Flow-ID
Property-Id
S-Rt
TWC-Connection-Speed
X-Proto
Locale
Eomportal-Instance
X-Content-Age
TWC-Device-Class
X-HTML-Minification-Powered-By
X-Urbn-Context-Path
X-Urbn-Site-Id
X-SayCDN-TTL
X-Server-W
X-Say-Cacheable
X-Say-TTL
X-Section
X-Varnish-Cache-Hits
X-Storefront-Renderer-Rendered
X-VWS-Id
X-Sql-Duration-Ms
X-Varnishpool
X-Varnish-Hostname
X-Sorting-Hat-ShopId
X-Sql-Count
X-ShopId
X-Site-Version
X-Shopify-Stage
X-Region
X-Skip-Cache
X-Sorting-Hat-PodId
X-ShardId
X-Varnish-Beresp-Grace
X-GeoCode
X-Generation-Time
CDN-RequestCountryCode
X-GeoCountry
X-Timing-Wait
X-Xfnlog-Site
CDN-Uid
X-Hl-Ver
Mn-Server-Ip
DB-Nickname
X-Zipkin-Id
X-UA-Device-Type
CDN-PullZone
X-Detected-As
X-Extlb
X-FB-TRIP-ID
X-ServerID
X-BYPASS-REASON
X-Cache-Enabled
X-Cache-Host
Selected-Fe
Web-Mar-Node
X-Generated-By
X-Cache-Type
CDN-RequestId
X-Routing-Service
X-Rule
CDN-EdgeStorageId
X-VC-Cache
Apigw-Requestid
X-Via-Fastly
X-Request-Time
X-PHP-Host
X-ProxyCache-Key
X-Proxy-Build
X-Proxied
X-ProxyCache-Status
X-Redis-Cache
Azure-InstanceId
X-Uri
Azure-SiteName
CDN-Cache
Azure-RegionName
Azure-SlotName
CDN-CachedAt
X-Web-Node
Azure-Version
X-Labrador-Cache-Channel
X-Nginx-Cache
X-Tid
X-Cache-Status-Check
WP-Super-Cache
X-Zen-Fury
X-URL
X-Datadome
X-SaId
X-JoinUs
X-R9-Blue-Green-Version
X-SRV
X-Ms-Version
X-Ms-Request-Id
ServedBy
Cache-Name
X-Ua
X-Dc
X-FireWall-Port
X-DynaTrace-JS-Agent
X-Debug-Cache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-LSADC-Cache
X-App-Version
X-ECache
Xserver
X-Api-Version
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Human
Source
Cache
X-Cache-Tags
Xet-Cookie
SD-X-WS
X-Cached-By
X-Loop
X-RCS-CacheZone
X-MP-GENERATED-AT
X-TNCMS
X-Varnish-Hits
Cross-Origin-Window-Policy
X-TA-CDN-Provider
X-Reqid
LB
WPO-Cache-Message
X-Aspnetmvc-Version
WPO-Cache-Status
Origin
X-Pubstack
X-Soup
X-Amzn-Remapped-Content-Length
X-GEO
X-Cdn
X-Webkit-CSP
X-B3-SpanId
X-Origin-CC
X-Origin-TTL
X-Tumblr-Pixel-2
X-Via-NSCOPI
X-IPS-LoggedIn
X-Service
X-Vgn-Hpd-Reason
From-Origin
X-AOL-HN
X-NewRelic-App-Data
X-GG-Cache-Date
X-FW-Version
X-Newrelic-Synthetics
X-Xrds-Location
X-Provided-By
X-Varnish-Beresp-Ttl
X-Platform-Server
Rip
Webserver
Cache-Hits
X-Cluster-Node
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Request-Host
X-S
X-S-Cookie
BehaviorPad-Version
X-Rojux
A
X-NAPM-TraceId
X-PBS-Appsvrname
X-Owner
X-Orig-Expires
X-Processor
X-Rewrite-Enabled
Host-ID
X-ARC
X-B-Cookie
X-Bc-Bl
X-Application
X-AK-Request-ID
X-A-Dgt
X-A-Wwc
X-Aed
X-BCube-Filmed-By
X-Cache-NE
X-Ec-Fail
X-Ec-GeoHdr
X-External-Request-Id
X-Developer
X-Destination
X-Connection-Hash
X-D
X-A-Dcw
X-A-Dam
X-ScT
Lang
MD5-Digest
Expiry
Environment
Cdnsip
DCR-Decision-By
DCR-Processing-Time-Ms
Meta-Geo-Continent
Ngx.Var.Host
T-Server
X-A
X-A-Ccd
Surrogated-Key
Sslversion
Odigeo-Trace-Id
Rendered-Blocks
X-Forwarded-Path
Cdncip
X-User
HostName
X-CSRF-Token
Upgrade-Insecure-Requests
X-TIM-N
Xc-Version
X-Shop-Environment
X-SRCache-Key
X-Tenant
X-Vdms-Version
X-VG-WebCache
X-Served-From
X-Vdms-Path
OT-Force-Account-Verify
X-VC
X-Bip
X-Pool
X-Thanos
X-Generated-On
X-Accel-Buffering
X-Level-Front-Cache
X-Aicache-OS
X-WA-Info
Fastly-SSL
X-Qloud-Router
Cache-Tv-Group
X-Dispatcher-Number
X-Cluster
X-Origin-Response-Time
X-TIME
State
X-Forwarded-Site
X-Has-Esi
Req-Svc-Chain
Server-Host
TDXMobile
Servername
Thinkindot-CacheControl-Type
Tube-Got-Results
Tube-Return
V-Age
Tube-Got-Eval
Tube-Get-Contents
Release
Thinkindot-Control
Traceparent
Thinkindot-CacheControl
Redirect-Candidate
Machine
Memcached
Mobile-Detection-Method
X-Is-Gdpr
X-Fetched-On
Kp-EeAlive
L
L5d-Success-Class
NGX
NM-Fastcgi-Cache
Platform
Producers
X-Hash
X-Epic-Correlation-Id
Origin-EX
X-INCAP-ABP
Origin-CC
X-Eu-Site
Vix-Hermes-Req-Id
VNS-Age
X-Cdn-Origin
X-Datadog-Sampling-Priority
X-Cdn-Srv
X-CacheTTL
X-Branch-Name
X-DefHash
X-DefElseHash
X-Datadog-Trace-Id
X-Gdpr
X-Datadog-Parent-Id
X-Clientip
X-Core-Value
X-Gateway-Cache-Status
X-Ckpd-Fst-Backend
X-CGP
X-Csrf-Jwt
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-BBC-Edge-Cache-Status
X-Developers
X-Wix-Viewer-Type
X-Worker
X-Gamma-Serve
X-VServer
Wxu-Next-Region
VNS-Cache
Wxu-Next-Commit
Wxu-Next-Hostname
X-Ad-Defer-Variation
X-Ec-Custom-Error
X-Geo-Header
X-Device-Os
X-Auto-Login
X-GeoIP
X-GeoIP-City
X-DPWN-IS-SECURE
X-Gateway-Cache-Key
IsBot
X-Core-Mission
X-Irp-Debug
X-Variation
CPC-Age
Country-Code
Cmstype
X-SVT-ORM-VERSION
Cmsid
CPC-Cache
X-SVT-ORM-RULES
X-Slack-Backend
X-Varnish-Remaining-TTL
X-Sn-Servicetimems
X-Origin-Time
X-Origin
X-SplitTest
X-Policy
X-Planisys-CDN-TTL
X-Thinkindot-L3
Cache-Host
X-Varnish-CookieHashed-On
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Planisys-CDN-Cache
Apple-News-Services-Handled
X-Parent-Response-Time
Adler-Geo
Click-Count-Error
Click-Count-Action-Start
X-Planisys-CDN-Rules
Is-Eu
X-Varnish-CookieINHashed-On
X-NodeID
Decoy-Debug-Key
X-S-Maxage
Fastly-SWR
X-Optimistic-Header
Fastly-SIE
X-Origin-Expires
X-Nyt-Route
X-SB
X-Scale
HA-Ipaddr
X-JWT-State
Ha-Gx-Prefs
Gh-Request-Id
X-V-Cache
Apple-News-Services-Parsed-Url
X-Sigma
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
DSUID
Decoy-Debug-TTL
X-Rebelmouse-Cache-Control
Decoy-Debug-Status
X-Region-Sid
X-Request-URI
X-Rocket-Nginx-Serving-Static
X-Loc
X-VG-TLSProxy
X-Minions-Version
X-Rocket-Build-Number
X-Sigma-Backend
Mime-Version
X-Varnish-Beresp-Status
X-Clara-WADP
X-ZONE
X-Cache-Remote
X-Session-Fingerprint
X-Esi-Check
X-Fmm-Version
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Cache-Id
X-Cache-Bucket
X-Cache-Info
X-Gen-Mode
X-Proxy-Cache-Info
X-Block-Status
AKAMAI
Datacenter
Server-Hostname
Server-Ext
X-Viewer-Country
Svr
CloudFront-Viewer-Country
Cluster
X-Mvc-Supplant-OutputCached
X-Hnp-Log
Fastly-GeoIP-CountryCode
X-Scheme
Mail-Subject
Fastly-Backend-Name
Fastcgi-Cache-TTL
X-Mvc-Supplant-Cachable
X-HS-Content-Campaign-Id
X-Gzip
Sever-Int
Candidate-Md5Url
X-NCache
Web-Mar-Region
X-WADP-Cache
User-Cache-Control
We-Hiring
CDCHOST
Ec-Rule-Version
WebServer
X-Tx-Id
X-CMSURLCustom
Canary
X-LB-NoCache
X-Fastly-Cache
X-NWS-UUID-VERIFY
X-Udemy-Cache-App-Namespace
X-Pod-Name
X-Varnish-Ttl
X-WP-CF-Super-Cache-Active
Ssr
Pics-Label
X-Cache-Debug
AMP-Access-Control-Allow-Source-Origin
X-ND-Cache
SID
Sid
X-Sucuri-ID
X-Sucuri-Cache
Memory
Time
X-Via-Poph
X-Fastly-Backend
X-Generated-In
X-Var-Ttl
X-FC-Vary-Parameters
X-Via-Popv
X-Azure-Ref-OriginShield
X-Via-Popn
X-Ig-Push-State
X-ATG-Version
X-Cache-Date
X-Buckets
X-Newrelic-App-Data
X-Tb-Optimization-Total-Bytes-Saved
Server-ID
X-Akamai-Transformed
X-Refresh
X-Microcachable
Fastly-Drupal-Html
X-Conf
X-Edge-Pop
X-Presslabs-Stats
X-B3-Traceid
X-MSEdge-Features
X-MSEdge-Flight
X-TRACE-ID
X-Servedbyhost
X-Release
X-Cs
Fastly-Drupal-HTML
X-Dmc
X-Trace-ID
X-Yandex-Sdch-Disable
X-Fpc
X-NC
X-Be
X-Nf-Request-Id
X-RateLimit-Reset
X-Pass-Why
Env
X-Tumblr-Pixel-3
X-EC-Lua
X-Esi
X-Up
X-Endurance-Cache-Level
X-CS
X-PX
X-Air-Trace-Id
X-ID
X-Air-Hostname
My-App
X-MCACHE
GeoIp-Country-Code
X-Dispatch
X-Air-Source
Magicmarker
X-DC
X-CLOUD-TRACE-CONTEXT
CDN
X-TX-ID
X-CACHE-AGE
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Wa
X-Lambda-Id
X-Srv
True-Client-IP
X-Zone
X-NGINX-Cache
X-Webkit-CSP-Report-Only
X-Hyper-Cache
X-VCL-Version
Tcn
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Req
X-CACHE-KEY
X-Vc
Hostname
X-CSRF-TOKEN
X-App
X-Alfa-Service
X-M-Reqid
X-Micro-Cache
X-M-Log
Pramga
X-HS-Status
C-Via
X-Qnm-Cache
X-LB-ID
X-TH-Server
X-Vcl-Version
CacheControlHeader
X-Air-Pt
X-Varnish-Beresp-TTL
N-Cache
True-Client-Ip
Resin-Trace
X-TrackingId
True-Client-Country-4JS
X-Vercel-Id
X-Vercel-Cache
X-Platform
GeoIP-Country-Code
X-Edge-Origin-Shield-Region
On-Server
Path
X-Op-Id-All
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-Edge-Origin-Shield-Bytes
Tracecode
Esi-Enabled
X-Check-Cacheable
X-SERVER-NAME
X-FPC
GeoIP-Latitude
X-Vtex-Remote-Cache
Proxy-Connection
X-Datacenter
X-Vtex-Processado-Em
X-B3-Spanid
NtCoent-Length
X-AIR-PT
X-Geo
X-GeoIP-Country-Code
X-WA
X-GeoIP-Region-Code
Section-Io-Origin-Status
Section-Io-Id
X-ApacheServer
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Hit
X-Akamai-Pragma-Client-IP
X-PERF
X-Request-Start
X-LAGOON
ENV
X-SD-PageType
X-API-Version
X-Node-Id
X-Webkit-Csp-Report-Only
X-Mly-Id
X-ServedByHost
HIT
X-Via-CDN
X-Platform-Processor
X-Date
X-Platform-Cluster
Yjs-Id
X-Accel-Expires-Debug
Cache-Key
X-Platform-Router
Cdn
WWW-Authenticate
Server-Id
X-Edge-POP
DynaTrace
X-Lb-Id
Lb
YJS-ID
X-RAMCache
XkeyRZ
X-Proxy-CacheRZ
User-Agent
X-Render-Time
DT-Hot-News
X-Dw-Trace-Id
X-Cdn-Forward
X-TT-LOGID
X-Via-PopV
X-Via-PopN
X-VarnishDD-TTL
X-HN
X-Response-By
X-Instance-Name
X-Old-Content-Length
PFcat
FSS-Cache
X-Via-PopH
X-Via-Ucdn
XM
X-Proxy-Upstream
X-Traceid
Server-Ttl
X-LI-UUID
X-LI-Proto
X-Proxy-Cache-Hk
Powered-By
X-Li-Pop
X-CUA
X-CF-Powered-By
X-Cache-Ttl
X-Li-Fabric
X-FORWARDED-FOR
Dnion-Transfer-Encoding
Geoip-Latitude
Sm-Log-Id
X-Service-Response-Time
X-LiteSpeed-Cache-Control
Locid
X-DB
X-DI
Location
X-DSS
X-RSL
X-RPM
Ohc-File-Size
X-Fastly-Backend-Reqs
X-RPS
Srvid
PICS-Label
XServer
Nginx-CQVIP
X-Akamai-ERPolicy
X-Location
X-LiteSpeed-Tag
X-Akamai-ERRuleID
X-From
X-FL-EDGE
X-DW
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-UA
SRV
MIME-Version
X-Ftr-Request-Id
X-Nc
X-Request-Url
X-B3-ParentSpanId
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-Backend
X-Webstats-RespID
X-HostName
X-Cdn-Request-ID
Vha6-Origin
M-TraceId
Wpo-Cache-Message
X-Fastly-Cache-Hits
X-Lb-Nocache
Wpo-Cache-Status
X-Cache-ASPX
CountryCode
X-Cache-Ngx
Warning
Wp-Super-Cache
X-Ips-Loggedin
Req-ID
Fastcgi-Cache-Ttl
X-Director
X-Moov-T
X-Moov-Xdn-Version
X-MiniProfiler-Ids
X-IN-APIGATEWAY
X-HA-Backend
X-Snapshot-Date
X-Akamai-Request-ID
WZWS-RAY
X-Httpd
X-Cc-Via
X-Mg-Cache
X-IN-APIGATEWAYSSL