Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
X-XSS-Protection
CF-RAY
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Request-ID
X-Request-Id
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Status
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-Robots-Tag
X-UA-Device
Request-Context
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Ws-Request-Id
X-Proxy-Cache
X-Server
X-Ua-Compatible
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
Grace
X-Dispatcher
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-OneAgent-JS-Injection
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Page-Speed
Cf-Apo-Via
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
X-Akam-SW-Version
Surrogate-Control
X-Backend-Server
EagleEye-TraceId
X-Cache-Lookup
Request-Id
X-Readtime
X-HW
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
X-CST
Permissions-Policy
Accept-CH-Lifetime
Accept-Ch-Lifetime
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
Fastly-Restarts
X-Edge
X-Country
Content-Location
X-WebKit-CSP-Report-Only
X-Content-Type
X-Mcache
Rating
X-ECACHE
X-Clacks-Overhead
X-MS-InvokeApp
X-Url
X-Amz-Server-Side-Encryption
X-Midtier
X-Vname
X-TtlSet
X-PC
X-VARITI-CCR
RTSS
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
Verso
X-Ac
Origin-Trial
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-Server-Name
X-Rack-Cache
X-Cnection
X-Varnish-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-ESI
X-Navigation-Version
Xkey
X-GitHub-Request-Id
X-Abt-Application-Version
X-Client-IP
X-Cache-TTL
X-NWS-LOG-UUID
X-Fastcgi-Cache
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-Ttl
Edge-Control
X-Cached
X-Px
X-Mg-S
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Browser-Type
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
Arr-Disable-Session-Affinity
X-Litespeed-Cache
X-Upstream
SPRequestDuration
SPIisLatency
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Cache-Key
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Correlation-Id
Access-Control-Request-Method
Edge-Cache-Tag
X-Goog-Hash
X-Daa-Tunnel
Front-End-Https
X-NF-Request-ID
X-RateLimit-Remaining
X-Country-Code
Public-Key-Pins
X-XRDS-Location
X-Forwarded-For
X-Version
X-Powered-CMS
X-Id
AR-Request-ID
AR-PoweredBy
AR-SID
AR-CACHE
AR-ATIME
TCN
X-Recruiting
X-HP-Webp
X-T
X-Jurisdiction
X-HP-Trace-Id
X-MSEdge-Ref
X-Content-Digest
X-Accel-Expires
Response
X-Middleton-Response
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Shield-Request-Id
TP-L2-Cache
TP-Cache
X-Ser
X-Ruxit-Js-Agent
Nginx-Cache
X-Amzn-Trace-Id
S
X-Request-Processing-Time
X-Request-Received
X-Hits
X-Fastly-Request-ID
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Node
Cache-Status
X-Distributor
X-Edge-Location-Klb
X-Kinsta-Cache
X-Grace
Cache-Tags
Fastcgi-Cache
Server-Name
Alternate-Protocol
MicrosoftSharePointTeamServices
X-Protected-By
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-DIS-Request-ID
X-Ezoic-Cdn
X-Ratelimit-Limit
X-Geo-Country
X-Origin-Server
X-Ua-Browser
X-LB-Cache
X-Frontend
X-Microsite
X-Request-Handler-Origin-Region
X-DataDome
X-TTL
X-Rid
X-Ratelimit-Reset
X-Varnish-Backend
X-Debug-Info
X-Logged-In
X-Www-Served-By
Cleartype
Healthy
Filterid
X-NGENIX-Cache
Cross-Origin-Opener-Policy
X-Forwarded-Proto
Payment
X-Git-Hash
X-FB-Debug
X-Webkit-Csp
X-PressLabs-Stats
X-Page-Id
X-ASPNET-VERSION
Charset
X-Load-Cache
X-B3-Sampled
Content-Disposition
X-VCache
X-Origin-Cache
X-Cluster-Name
X-LLID
X-Kong-Proxy-Latency
X-Oneagent-Js-Injection
X-Kong-Upstream-Latency
X-Ratelimit-Remaining
DC
MS-Author-Via
X-Hostname
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
Access-Control-Allow-Method
Retry-After
Accept-Ch
Accept-Charset
X-Proxy
X-Az
X-Activity-Id
X-AppVersion
X-F-Cache
Cross-Origin-Resource-Policy
X-Type
X-Signature
X-Amz-Replication-Status
X-B-Cache
Viewport
X-Contextid
X-Hosted-By
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Server
X-Revision
X-TT
X-B
X-Aspnetmvc-Version
X-RateLimit-Limit
X-Wix-Request-Id
X-Seen-By
X-Whom
X-Azure-Ref
Surrogate-Key
Referer-Policy
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Fb-Rlafr
X-Source
X-ORACLE-DMS-RID
X-App-Environment
X-ORACLE-DMS-ECID
X-Request-Guid
X-Providence-Cookie
X-Route-Name
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-DynaTrace
Count-Hit
Realpath
X-Tt-Trace-Host
X-Tt-Trace-Tag
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
X-Mobile
X-App-Server
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-FastCGI-Cache
Host
X-Cache-Control
X-EdgeConnect-Cache-Status
X-N
X-Original-Request-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
Version
X-HTML-Minification-Powered-By
X-Response-Served-From
X-Cache-Age
X-UUID
X-Varnish-Age
Refresh
X-Cache-Rule
X-Magnolia-Registration
X-Cache-Time
MS-CV
Access-Control-Request-Headers
X-Nginx-Cache
X-Envoy-Decorator-Operation
Ms-Operation-Id
VIX-Pulpo-Node
X-RTag
X-Rule
VIX-Pulpo-Upstream-Status
X-Varnish-Grace
X-Content-Powered-By
Akamai-GRN
X-Cache-Status-Check
X-Status
X-FW-Version
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Static
X-Cache-Expired-At
X-FW-Server
X-L-Path
Section-Io-Cache
X-Environment-Context
X-FW-Type
X-Adobe-Content
GEO-INFO
X-NYM-Debug-Backend
X-G
X-Jobs
NGB
X-Device-Type
X-ProcessESI
X-Framework
X-Cache-Grace
X-RemovedCookies
X-B3-Traceid
Protected
SD-X-WS
X-Adobe-Loc
X-Cacheable-TTL
X-Backend-Name
X-User-Agent
X-Http-Reason
X-Instance
Url
X-Servername
X-Debug-IsPreview
X-Debug-IsConnected
X-Rendered-As
X-Is-Bot
X-Akamai-Request-ID2
X-Page-View
X-CDN-Forward
X-Newrelic-App-Data
X-Drupal-Cache-Contexts
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Drupal-Cache-Tags
X-Tb
X-Cache-Hit
From-Origin
X-Pinterest-Rid
Country
Pinterest-Version
Pinterest-Generated-By
X-URL
X-Trace-Id
X-Region
SRV
X-Tt-Logid
WPO-Cache-Message
WPO-Cache-Status
X-Node-Name
CDN-RequestId
Accept-Language
Front
X-Real-IP
X-VC-Cache
Backend
Fastly-Drupal-HTML
X-Mode
Uber-Trace-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Time
X-Content-Options
X-Template
Content-Secure-Policy
X-XRDS-LOCATION
X-DynaTrace-JS-Agent
Fastly-SIE
Fastly-SWR
X-Generation-Time
Meta-Geo
X-Unique-Id
X-Cache-Operation
Filters
X-RN-RSRV
X-UPSTREAM-Address
X-Tumblr-Pixel-2
X-Rewrite-Enabled
X-Language
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Onion-Location
Azure-SlotName
Azure-Version
X-Proxy-Cache-Info
X-Rocket-Nginx-Serving-Static
X-Section
X-IPS-LoggedIn
Webserver
X-Cache-TTL-Remaining
X-Amzn-Remapped-Content-Length
X-Cache-Server
X-Access
X-Format
CDN-Cache
CDN-CachedAt
CDN-PullZone
X-Fastly-Request-Id
X-Ua
X-Web-Node
Apigw-Requestid
CDN-RequestCountryCode
CDN-Uid
X-Reqid
X-Proxy-Cache-Status
X-Debug
X-Cache-Host
CF-IPCountry
Cross-Origin-Window-Policy
X-Zen-Fury
CDN-EdgeStorageId
X-Skip-Cache
X-R9-Blue-Green-Version
X-Forwarded-Host
X-Varnish-Beresp-Grace
X-Via-Fastly
X-GeoCode
X-GeoCountry
X-Cache-Action
X-Labrador-Cache-Channel
X-IPLB-Request-ID
X-IPLB-Instance
X-Server-W
X-Sucuri-ID
X-Sucuri-Cache
X-Adobe-Source
X-Say-TTL
X-SayCDN-TTL
X-AWS-Id
X-BYPASS-REASON
X-Say-Cacheable
ServerID
X-Edge-Location
X-Locale
X-Cms-Context
X-Cluster
S-Rt
X-VWS-Id
X-UA-Device-Type
Property-Id
X-Ms-Version
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Ms-Request-Id
TWC-Connection-Speed
TWC-Device-Class
Webcakes-Region
X-PHP-Backend
X-ProxyCache-Status
TWC-Locale-Group
X-Origin-Hint
X-PHP-Host
X-WP-CF-Super-Cache
Webcakes-App-Name
X-WP-CF-Super-Cache-Cache-Control
X-ProxyCache-Key
TWC-Privacy
X-LJ-Flow-ID
Node
TWC-GeoIP-Country
Web-Mar-Node
X-Proto
X-No-Session
Cache-Hits
X-Cluster-Node
X-Routing-Service
Cache-Name
X-Xfnlog-Site
X-JoinUs
X-Zipkin-Id
X-LSADC-Cache
X-Extlb
X-SaId
X-Soup
X-Proxied
X-LAGOON
Locale
X-Urbn-Context-Path
X-Handled-By
X-Timing-Wait
X-Proxy-Build
X-Urbn-Site-Id
WP-Super-Cache
Selected-Fe
Mn-Server-Ip
X-Tec-Api-Version
X-Site-Version
X-Tec-Api-Root
X-Sql-Duration-Ms
X-Sql-Count
X-Tec-Api-Origin
X-Hl-Ver
Fastcgi-Useragent
DB-Nickname
X-Content-Age
X-TIME
Mime-Version
X-FB-TRIP-ID
X-Request-Time
X-Detected-As
X-SRV
ServedBy
Liferay-Portal
X-Tumblr-Pixel-3
Xserver
X-Optimistic-Header
X-NWS-UUID-VERIFY
X-Redis-Cache
X-Cache-Debug
Upgrade-Insecure-Requests
Source
X-TNCMS
X-Loop
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Mg-Request-UUID
X-Generated-By
Countrycode
X-Origin-Date
X-CACHE-AGE
CF-Cached-On
X-Tid
X-Varnish-Hits
X-Cdn
X-COUNTRY
X-Uri
X-GEO
X-Times
X-Akamai-Transformed
X-Varnish-Beresp-Ttl
X-Storage
X-Director
Xet-Cookie
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Pass-Why
Frame-Options
X-ARC
X-Origin-TTL
X-Origin-CC
X-Tx-Id
X-FireWall-Port
X-Varnish-Ttl
X-ECache
X-Esi
X-Trace-ID
X-Service
X-Varnish-Cache-Hits
X-B3-Spanid
X-AIR-PT
X-Presslabs-Stats
X-Shopify-Stage
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Varnish-Hostname
X-Endurance-Cache-Level
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
Environment
X-DC
X-App-Version
X-A-Ccd
X-CMSURLCustom
X-Core-Value
X-D
X-Cache-NE
X-A
X-BBC-Edge-Cache-Status
Gannett-Cam-Experience-Id
BehaviorPad-Version
X-Cache-Info
X-A-Dam
X-A-Dcw
X-Destination
X-Developer
X-Ec-GeoHdr
X-Ec-Fail
X-Aed
X-Application
X-B-Cookie
A
X-A-Dgt
X-BCube-Filmed-By
Candidate-Md5Url
Odigeo-Trace-Id
Ngx.Var.Host
DCR-Processing-Time-Ms
Meta-Geo-Continent
Req-Svc-Chain
Origin
Redirect-Candidate
Rendered-Blocks
Edge-Cache
X-A-Wwc
DCR-Decision-By
Sslversion
Thinkindot-CacheControl-Type
X-Bc-Bl
Lang
Thinkindot-Control
Thinkindot-CacheControl
MD5-Digest
Surrogated-Key
T-Server
TDXMobile
Release
X-Platform-Processor
X-Epic-Correlation-Id
X-Processor
X-Rojux
X-INCAP-ABP
X-S-Cookie
X-S
X-Platform-Router
Host-ID
X-Origin-Time
X-Mid
Server-Info
X-Loc
X-Platform-Cluster
X-Nyt-Route
X-S-Maxage
X-Frame-Option
X-VG-TLSProxy
X-We-Are-Hiring
X-External-Request-Id
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-SRCache-Key
X-ScT
X-Thinkindot-L3
X-TIM-N
X-Gdpr
X-Mobile-URL
SID
X-ServerID
Cache-Tv-Group
X-Request-Host
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
Server-Host
State
X-Varnish-CookieINHashed-On
X-GeoIP-City
X-Has-Esi
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Test
X-Geo-Header
X-Gamma-Serve
X-Generated-On
Memcached
Magicmarker
X-Level-Front-Cache
X-Served-From
X-Developers
X-Worker
Tube-Get-Contents
X-WA-Info
X-WADP-Cache
X-Fmm-Version
X-DefHash
Tube-Got-Eval
X-Akamai-Device-Characteristics
X-Req
X-Cdn-Srv
X-Restarts
X-Rocket-Build-Number
X-Auto-Login
X-Cdn-Origin
X-Location
X-JWT-State
X-Is-Gdpr
X-Platform-Server
X-Clara-WADP
X-Core-Mission
X-Sigma-Backend
X-Sigma
Tube-Return
Tube-Got-Results
X-NodeID
WWW-Authenticate
X-DefElseHash
X-Httpd
X-CUA
X-HS-Content-Campaign-Id
X-SB
X-Sn-Servicetimems
Vix-Hermes-Req-Id
Apple-News-Services-Handled
Click-Count-Action-Start
Country-Code
Click-Count-Error
Fastly-GeoIP-CountryCode
Cluster
Fastly-Backend-Name
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Pubstack
DSUID
C-Via
Cache-Host
Apple-News-Services-Request-Url
X-RM-Cache-TTL
Section-Origin-Responded
X-Buckets
Section-Io-Origin-Time-Seconds
X-Parent-Response-Time
Section-Io-Id
Section-Io-Origin-Status
X-Esi-Check
CloudFront-Viewer-Country
X-Variation
We-Hiring
X-Var-Ttl
X-Accel-Expires-Debug
AKAMAI
Adler-Geo
X-WP-CF-Super-Cache-Active
X-VServer
X-Up
X-Ad-Defer-Variation
X-Request-Start
X-Hash
X-Human
X-LB-NoCache
X-Minions-Version
X-Gzip
X-Date
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-GeoIP
X-Nananana
X-Node-Id
X-Cache-Bucket
X-Cache-Backend
X-Scale
X-SD-PageType
X-Cache-FS-Status
X-Cache-Id
X-Old-Content-Length
X-Origin
X-Origin-Response-Time
X-App
Cache-Key
Platform
L
X-Varnish-Beresp-Status
Producers
Decoy-Debug-TTL
X-Fetched-On
Decoy-Debug-Status
Pics-Label
Cache-Provider
X-Pool
NM-Fastcgi-Cache
Mail-Subject
Origin-CC
X-Thanos
Origin-EX
Kp-EeAlive
Decoy-Debug-Key
Svr
X-Conf
Ssr
CDCHOST
Gh-Request-Id
CacheControlHeader
Cmstype
Cmsid
Is-Eu
X-Bip
X-Vmg-Version
X-CSRF-Token
X-Org
X-Region-Sid
X-Qloud-Router
X-Fastly-Backend
X-Owner
X-V-Cache
X-Varnishpool
X-GeoIP-Country-Code
X-Hnp-Log
X-HN
X-GeoIP-Region-Code
X-Gen-Mode
X-Men
X-Wix-Viewer-Type
Wxu-Next-Region
X-Ckpd-Fst-Backend
X-VarnishDD-TTL
Wxu-Next-Hostname
Wxu-Next-Commit
Datacenter
Machine
NGX
On-Server
X-Device-Os
X-Dispatcher-Server
X-NCache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Nginx-Cache-Key
X-Planisys-CDN-TTL
X-Platform
Cdn
X-Server-IP
X-Refresh
X-Op-Id-All
X-Slack-Backend
X-Accel-Buffering
X-Aicache-OS
X-Block-Status
X-Cache-Tags
Web-Mar-Region
User-Cache-Control
PFcat
Server-Hostname
Sever-Int
X-CacheTTL
Server-Ext
X-Dispatcher-Number
X-Webkit-CSP-Report-Only
X-Mvc-Supplant-Cachable
X-FC-Vary-Parameters
Fastly-SSL
X-Csrf-Jwt
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
X-Slack-Shared-Secret-Outcome
X-Eu-Site
HostName
X-Azure-Ref-OriginShield
X-Cached-By
X-CGP
Canary
X-Via-Popv
X-Via-Popn
X-Cache-Remote
X-Irp-Debug
X-Forwarded-Site
X-Via-Poph
X-Correlation-ID
X-Cache-Date
X-Tb-Optimization-Total-Bytes-Saved
X-AK-Request-ID
Cdncip
Cdnsip
X-HA-Backend
X-Servedbyhost
X-VC
X-Mvc-Supplant-OutputCached
Env
GeoIP-Latitude
X-Microcachable
Server-ID
X-RCS-CacheZone
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-APP-VERSION
X-API-Version
X-Gateway-Cache-Status
X-Mly-Id
X-Gateway-Cache-Key
X-LB-ID
X-Zone
X-Wa
Memory
Time
Cache
X-Fpc
Request-ID
X-Webkit-CSP
X-ZONE
X-Via-NSCOPI
Eomportal-Instance
X-DataCenter
Load-Balancing
X-Generated-In
X-Nc
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-ND-Cache
Ngx-Var-Key
X-Instance-Name
X-Nf-Request-Id
X-Micro-Cache
X-Fastly-Cache
X-NewRelic-App-Data
OT-Force-Account-Verify
AMP-Access-Control-Allow-Source-Origin
X-Origin-Expires
X-Release
X-Client-Ip
X-Response-By
X-Vc
X-Check-Cacheable
X-HS-Status
Srv
X-Request-URI
Locid
X-CCDN-Origin-Time
X-From
Expect-Staple
X-CCDN-CacheTTL
Srvid
IsBot
X-SIPLIST1
X-FL-QIT-DEBUG
X-FL-EDGE
X-Hcs-Proxy-Type
X-Srv
X-VCL-Version
X-Via-CDN
X-Edge-Pop
X-Cache-Enabled
Hostname
X-Cache-NGX
X-Info
X-Via-JSL
NtCoent-Length
X-CS
True-Client-Ip
X-Via-Edge
Edge-Copy-Time
X-Api-Version
X-Via-SSL
X-MCACHE
X-Dc
X-CSRF-TOKEN
GeoIp-Country-Code
X-Provided-By
Uri
X-Lambda-Id
Location
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Amz-Meta-Cb-Modifiedtime
Path
X-NGINX-Cache
Sid
X-Proxy-CacheRZ
XkeyRZ
X-EC-Lua
X-Cache-Expires
X-Vcl-Version
True-Client-IP
X-Cs
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Edge-POP
X-Oss-Server-Time
GeoIP-Country-Code
X-Vtex-Remote-Cache
X-Fastly-Country-Code
X-Oss-Request-Id
X-Oss-Storage-Class
CPC-Cache
Resin-Trace
VNS-Age
X-Render-Time
CPC-Age
VNS-Cache
X-B3-SpanId
X-Server-ID
Servername
X-Air-Pt
Cross-Origin-Opener-Policy-Report-Only
X-Datadome
X-VCT
Traceparent
X-Moov-T
X-CLOUD-TRACE-CONTEXT
CDN
X-Moov-Xdn-Version
Fastly-Drupal-Html
X-TH-Server
X-TX-ID
X-Cdn-Request-ID
X-Scheme
X-ATG-Version
X-Viewer-Country
X-MSEdge-Flight
LB
Esi-Enabled
X-Datacenter
X-PERF
Timeexpire
X-MSEdge-Features
X-Pod-Name
X-ApacheServer
X-Akamai-Pragma-Client-IP
X-Varnish-Beresp-TTL
X-Varnish-Authentication
M-TraceId
X-FPC
FSS-Cache
X-RateLimit-Reset
Powered-By
Rip
X-Cache-ASPX
X-NAPM-TraceId
CountryCode
X-Contensis-Viewer-Groups
X-Geo
X-Accel-Version
X-RateLimit-Remaining-Second
X-SERVER-NAME
X-WA
X-Cdn-Cache-Status
X-Upstream-Ht
X-Upstream-Ct
X-RateLimit-Limit-Second
X-CF-Lambda-Fn
X-Service-Response-Time
X-CF-Lambda-Version
X-PAYTM-SRV-ID
Sm-Log-Id
X-Cache-Type
XServer
YJS-ID
X-Clientip
X-Udemy-Cache-App-Namespace
True-Client-Country-4JS
X-Srcache-Store-Status
HIT
ENV
Tracecode
X-Cache-Ttl
X-Srcache-Fetch-Status
X-CACHE-KEY
Ohc-File-Size
V-Age
Proxy-Connection
Server-Id
X-NC
X-Lb-Id
N-Cache
X-VG-WebCache
X-LiteSpeed-Cache-Control
X-CDN-Cache-Status
XM
RNT-Time
RNT-Machine
X-Wikidot-Static-Cache
X-TraceId
X-Wikidot-Backend
X-ServedByHost
X-Forwarded-Path
X-Bl-Debug
X-Tenant
X-B3-Parentspanid
X-Cdn-Forward
X-Ha-Backend
X-Hyper-Cache
Ngx
X-Orig-Expires
Yjs-Id
X-Shop-Environment
Geoip-Latitude
Epwk-X-Cache
WZWS-RAY
Content-Script-Type
Content-Style-Type
X-Dw-Trace-Id
X-MP-GENERATED-AT
X-Rebelmouse-Surrogate-Control
X-Vgn-Hpd-Reason
X-Via-PopH
X-Rebelmouse-Cache-Control
User-Agent
Cdn-Requestid
X-B3-ParentSpanId
Inserted-Into-Cache-At
X-Via-PopV
X-Via-PopN
X-Swift-Error
Ec-Rule-Version
X-MiniProfiler-Ids
X-Lb-Nocache
X-Cdn-Diag
X-Serial
X-Fastly-Backend-Reqs
X-B3-Trace-ID
X-TT-LOGID
X-F-Status
X-Lsadc-Cache
X-Qnm-Cache
X-M-Reqid
Lb
ServerName
X-Amz-Meta-Opti
X-M-Log
X-UP
X-Mid-Debug-Cache-Disk
X-Mid-Debug-Cache-Key
X-Request-URL
X-Stale
Expiry
Pramga
Req-ID
X-Cache-Ngx
X-Connection-Hash
My-App
X-LiteSpeed-Tag
X-Th-Server
MIME-Version
Cneonction
X-IPS-Cached-Response
Warning
X-Snapshot-Date