Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
CF-Ray
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Dns-Prefetch-Control
Server-Timing
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-XSS-PROTECTION
Content-Encoding
X-CDN
Status
X-Request-ID
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Ua-Compatible
X-Amz-Id-2
Request-Context
X-Backend
X-Cache-Group
X-Turbo-Charged-By
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-AH-Environment
X-Vhost
X-UA-Device
X-Hacker
X-Proxy-Cache
X-Server
Allow
X-Rq
X-Server-Powered-By
X-Ws-Request-Id
X-Dispatcher
EagleId
X-Age
X-Varnish-Cache
X-Amz-Version-Id
P3p
Nel
X-LiteSpeed-Cache
Grace
Cf-Apo-Via
Cf-Railgun
X-OneAgent-JS-Injection
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
X-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Cache-Lookup
X-CST
Accept-CH
X-Node
X-Backend-Server
X-WebKit-CSP
Surrogate-Control
X-Server-Id
Permissions-Policy
X-Readtime
X-Nginx-Upstream-Cache-Status
X-Akam-SW-Version
X-Nginx-Cache-Status
Accept-CH-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Request-Id
Xkey
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-Response-Time
X-HW
X-Trace
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
X-Url
Rating
X-ESI
X-Midtier
X-Amz-Server-Side-Encryption
Cache-Tag
X-ECACHE
X-Mcache
X-Powered-By-Plesk
X-Country
X-Rack-Cache
X-MS-InvokeApp
Accept-Ch
X-D2id
Service-Worker-Allowed
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Cdn-Fetch
X-Vcap-Request-Id
Verso
X-Element-Page-Cache
X-Upstream
Edge-Control
Accept-Ch-Lifetime
X-Country-Code
X-Ac
X-Kinja-CCPA
Origin-Trial
RTSS
X-PC
X-Vname
X-TtlSet
X-Goog-Hash
X-Navigation-Version
X-VARITI-CCR
X-Abt-Application-Version
X-Browser-Type
X-Cache-TTL
X-Oneagent-Js-Injection
Fastly-Restarts
X-NWS-LOG-UUID
X-Amz-Rid
X-Aspnetmvc-Version
X-Varnish-TTL
X-Litespeed-Cache
X-GitHub-Request-Id
X-Webkit-CSP
Cross-Origin-Opener-Policy
X-Cached
X-Server-Name
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-Times
X-WebKit-CSP-Report-Only
X-Sol
X-Middleton-Display
Display
Pagespeed
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
SPRequestGuid
X-SharePointHealthScore
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Ruxit-Js-Agent
X-Ttl
SPIisLatency
SPRequestDuration
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Instrumentation
X-Cache-Key
X-FastCGI-Cache
X-Content-Type
AR-Request-ID
AR-PoweredBy
AR-SID
AR-ATIME
X-Client-IP
X-Powered-CMS
Arr-Disable-Session-Affinity
X-Version
X-B3-Traceid
X-Mg-S
X-Cnection
Response
X-Middleton-Response
X-Ser
X-Server-ID
Nginx-Cache
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Accel-Expires
Cache-Tags
X-T
AR-CACHE
X-B3-TraceId
X-Fastly-Request-ID
X-RateLimit-Remaining
Cache-Status
X-NF-Request-ID
Edge-Cache-Tag
X-Hits
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-MSEdge-Ref
Public-Key-Pins
X-Px
X-Recruiting
Front-End-Https
S
X-Daa-Tunnel
X-Shield-Request-Id
Payment
X-Frontend
X-LLID
Server-Node
X-Ua-Browser
X-Request-Processing-Time
X-Request-Received
Content-MD5
X-B3-TraceId-Primal
X-RateLimit-Limit
Mrf-Cache-Status
MRF-Tech
X-GUploader-UploadID
X-Goog-Metageneration
X-Content-Digest
MicrosoftSharePointTeamServices
Access-Control-Request-Method
X-Amzn-RequestId
X-Amz-Apigw-Id
X-DIS-Request-ID
X-Webkit-CSP-Report-Only
X-Forwarded-For
X-TTL
X-Protected-By
Realpath
TP-Cache
X-Distributor
X-Request-Handler-Origin-Region
X-Microsite
X-FB-Debug
X-Webkit-Csp
X-PressLabs-Stats
Fastcgi-Cache
X-HS-Content-Id
X-Page-Id
Access-Control-Allow-Method
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-Cluster-Name
Accept-Charset
X-LB-Cache
X-Rid
X-Id
X-Xrds-Location
Count-Hit
X-Aspnet-Version
X-Ua-Device
X-Kinsta-Cache
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-B3-Sampled
X-Edge-Location-Klb
X-Geo-Country
Cross-Origin-Resource-Policy
X-Ratelimit-Remaining
TP-L2-Cache
X-Seen-By
X-App-Server
X-Hostname
X-Ratelimit-Limit
X-Correlation-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Logged-In
X-TEC-API-VERSION
X-Varnish-Backend
Cleartype
X-Ezoic-Cdn
X-Fastcgi-Cache
X-Hosted-By
X-Git-Hash
X-Content-Options
X-Mobile
Referer-Policy
Retry-After
X-Erf-Stays-Pdp-Viaduct-Migration-Web
DC
TCN
X-Newrelic-App-Data
X-Contextid
X-Fb-Rlafr
X-Route-Name
X-Providence-Cookie
X-Request-Guid
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-F-Cache
X-Origin-Cache
X-Forwarded-Proto
X-Grace
Surrogate-Key
X-Revision
X-Amz-Replication-Status
X-TT
X-App-Environment
X-Debug-Info
Frame-Options
X-IPS-LoggedIn
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Grace
X-RateLimit-Reset
X-Azure-Ref
X-Envoy-Decorator-Operation
MS-Author-Via
X-Magnolia-Registration
Section-Io-Cache
X-Www-Served-By
X-COUNTRY
X-Proxy-Cache-Info
X-Wix-Request-Id
X-Trace-Id
X-App-Version
X-Language
X-Whom
X-Activity-Id
X-Az
Healthy
X-AppVersion
Charset
Filterid
X-Akamai-Edgescape
WPO-Cache-Message
Viewport
WPO-Cache-Status
X-Kong-Upstream-Latency
X-Varnish-Server
X-Kong-Proxy-Latency
Alternate-Protocol
X-Origin-Server
Server-Name
X-Backend-Name
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Paypal-Debug-Id
X-EdgeConnect-Cache-Status
X-Original-Request-Id
X-Cache-Rule
Host
X-B
VIX-Pulpo-Node
X-Http-Reason
X-N
X-Response-Served-From
VIX-Pulpo-Upstream-Status
SRV
X-Yottaa-Optimizations
Front
X-UUID
X-User-Agent
X-Instance
X-Yottaa-Metrics
X-Cacheable-TTL
X-Akamai-Request-ID2
X-Nf-Request-Id
X-Edge-Location
X-Rule
X-Cache-Grace
X-Load-Cache
X-B-Cache
X-Page-View
SD-X-WS
X-Unique-Id
X-Signature
Protected
X-L-Path
X-Region
Country
X-Framework
From-Origin
Content-Disposition
X-ARC
X-Environment-Context
X-Jobs
X-Mg-Request-UUID
X-FW-Server
X-FW-Serve
X-FW-Type
X-FW-Version
X-FW-Static
X-FW-Hash
X-Adobe-Content
X-Adobe-Loc
X-RemovedCookies
Akamai-GRN
X-FW-Dynamic
X-Is-Bot
X-ProcessESI
X-Datadog-Sampled
Fastly-SIE
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-Status
Fastly-SWR
X-Rocket-Nginx-Serving-Static
X-Rendered-As
X-Tumblr-Pixel-0
X-Cache-Time
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Proxy
X-Type
X-Tumblr-User
X-G
X-Time
X-Amzn-Remapped-Content-Length
X-DataDome
X-Debug-IsConnected
X-Debug-IsPreview
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Vcache
Access-Control-Request-Headers
X-ECache
ServerID
X-Cache-Age
X-CDN-Forward
Backend
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Client-Ip
X-Erf-Web-Scheduler
Refresh
X-Servername
Xet-Cookie
X-DynaTrace
Url
X-Cache-Control
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-XRDS-LOCATION
Countrycode
X-Template
X-Httpd
Accept-Language
X-Drupal-Cache-Tags
X-Mode
X-Device-Type
X-Nginx-Cache
X-DynaTrace-JS-Agent
X-Content-Powered-By
X-NYM-Debug-Backend
X-Generated-By
X-FTR-Request-ID
CF-IPCountry
X-HTML-Minification-Powered-By
Webserver
Xserver
X-Cache-Hit
X-CCDN-Origin-Time
X-Storage
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
GEO-INFO
X-GeoCountry
X-GeoCode
X-LAGOON
X-Rewrite-Enabled
X-Loop
X-Director
X-JoinUs
Meta-Geo
Filters
Version
Load-Balancing
Locale
X-Content-Age
S-Rt
X-Rn-Rsrv
X-Tncms
X-UPSTREAM-Address
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
Cross-Origin-Window-Policy
X-Soup
X-ServerID
X-SaId
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Cache-Operation
X-Served-From
X-Forwarded-Host
X-Varnish-Cache-Hits
X-Cluster-Node
X-Git-Commit
OT-Force-Account-Verify
X-Cache-Action
Onion-Location
X-Container-Uri
X-NGENIX-Cache
X-MCACHE
X-Source
X-RM-Cache-TTL
X-Detected-As
X-Ms-Version
X-Adobe-Source
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Ms-Request-Id
Azure-Version
X-PHP-Host
X-Tb
X-Varnish-Hostname
X-VC-Cache
X-VCT
X-Sql-Duration-Ms
X-Sql-Count
X-Lambda-Id
X-R9-Blue-Green-Version
X-Skip-Cache
X-Labrador-Cache-Channel
Web-Mar-Node
X-Redis-Cache
X-Cache-Server
X-B3-SpanId
DB-Nickname
Node
X-Routing-Service
X-Proxied
X-Logging-Id
X-RCS-CacheZone
X-FB-TRIP-ID
X-Zipkin-Id
X-Extlb
Mn-Server-Ip
Webcakes-App-Name
Webcakes-App-Version
X-Fetched-On
TWC-Locale-Group
TWC-Privacy
X-Generation-Time
TWC-GeoIP-LatLong
X-Debug
Webcakes-Region
X-Timing-Wait
X-Origin-Hint
X-Format
X-Proxy-Build
Fastcgi-Useragent
TWC-Device-Class
X-Tumblr-Pixel-3
X-Uri
Selected-Fe
Property-Id
X-Tumblr-Pixel-2
TWC-Connection-Speed
TWC-GeoIP-Country
X-Proto
X-Tt-Logid
X-Endurance-Cache-Level
Source
Uber-Trace-Id
X-Zen-Fury
X-LSADC-Cache
CDN-RequestId
X-Ua
X-Sucuri-Cache
X-Sucuri-ID
X-S
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
NGB
X-TimeS
X-Origin-TTL
X-Newrelic-Synthetics
X-Origin-CC
X-Akamai-Transformed
X-URL
Upgrade-Insecure-Requests
X-Origin-Date
X-MP-GENERATED-AT
X-Drupal-Cache-Contexts
X-Real-IP
X-Handled-By
X-Pass-Why
X-Varnish-Hits
X-TraceId
X-Ratelimit-Reset
X-Cache-Expired-At
X-Cms-Context
X-Reqid
X-Srv
X-RTag
MS-CV
X-Xfnlog-Site
Apigw-Requestid
X-AB
Ms-Operation-Id
X-Optimistic-Header
X-No-Session
X-Restarts
ServedBy
X-BYPASS-REASON
X-ProxyCache-Status
Liferay-Portal
X-ProxyCache-Key
X-Cache-Host
X-GEO
Fastly-Drupal-HTML
X-XRDS-Location
X-Geo-Region
X-Hl-Ver
X-Varnish-Ttl
WP-Super-Cache
X-Cache-Type
X-Cluster
X-IPLB-Instance
X-AWS-Id
CDN-EdgeStorageId
X-VWS-Id
CDN-CachedAt
CDN-Uid
CDN-RequestPullSuccess
CDN-Cache
X-IPLB-Request-ID
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-PullZone
X-LJ-Flow-ID
X-Fastly-Request-Id
X-UA-Device-Type
X-Oracle-Dms-Ecid
X-Cache-TTL-Remaining
X-Oracle-Dms-Rid
X-CSRF-Token
X-CACHE-AGE
X-Proxy-Cache-Status
X-Node-Name
X-Tx-Id
Cache-Provider
X-Rojux
Redirect-Candidate
Web-Mar-Region
X-S-Cookie
Ngx.Var.Host
Odigeo-Trace-Id
Origin-Agent-Cluster
Rendered-Blocks
Server-Host
True-Client-Country-4JS
Vix-Hermes-Req-Id
T-Server
W
Sslversion
Surrogated-Key
X-Request-Host
Lang
Canary
Candidate-Md5Url
DCR-Decision-By
DCR-Processing-Time-Ms
BehaviorPad-Version
X-Slack-Backend
X-Via-JSL
X-SRCache-Key
X-Slack-Shared-Secret-Outcome
Fastly-SSL
Gannett-Cam-Experience-Id
Magicmarker
MD5-Digest
Meta-Geo-Continent
X-A
L5d-Success-Class
Ha-Gx-Prefs
HA-Ipaddr
L
N-Cache
X-A-Dgt
X-Destination
X-Developer
X-Dispatcher-Number
X-Ec-Custom-Error
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Csrf-Jwt
X-D
X-PAYTM-SRV-ID
X-Ec-Fail
X-Ec-GeoHdr
X-FC-Vary-Parameters
X-Generated-On
X-Level-Front-Cache
X-Owner
X-Fastly-Backend
X-Epic-Correlation-Id
X-Eu-Site
X-External-Request-Id
X-Conf
X-CGP
X-Pubstack
X-Pool
X-App
X-Aed
X-Qloud-Router
X-A-Dam
X-A-Dcw
X-A-Wwc
X-Application
X-B-Cookie
X-CacheTTL
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-NE
X-Bl-Debug
X-Bc-Bl
X-BCube-Filmed-By
X-Bip
X-A-Ccd
X-ScT
X-Thanos
X-Worker
X-Upgrade-Enabled
X-Vtex-Remote-Cache
X-Cache-Status-Check
X-Viewer-Country
X-Datadome
X-We-Are-Hiring
X-Vdms-Path
Xc-Version
X-Vdms-Version
X-Parent-Response-Time
X-Micro-Cache
Cache-Name
AMP-Access-Control-Allow-Source-Origin
X-TIME
X-Cache-Bucket
X-Platform
X-Cache-Debug
X-Policy
X-App-Name
X-ApacheServer
X-Alternate-Cache-Key
X-BBC-Edge-Cache-Status
X-VG-TLSProxy
X-Accel-Buffering
X-Varnish-CookieHashed-On
X-Refresh
TDXMobile
X-Variation
X-Request-Time
Producers
Release
Req-Svc-Chain
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Varnishpool
Origin
X-Cache-Info
VNS-Cache
VNS-Age
Thinkindot-Control
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Accel-Expires-Debug
Datacenter
X-Geo-Header
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-VServer
X-Gdpr
X-Origin-Time
X-Orig-Expires
X-Forwarded-Path
X-Old-Content-Length
X-Nyt-Route
X-Mid
X-Mly-Id
X-Nananana
X-Nitro-Cache
X-Loc
X-Human
X-NodeID
X-Irp-Debug
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-CMSURLCustom
X-PERF
X-Core-Mission
X-Clientip
Platform
X-Cdn-Origin
X-Vgn-Hpd-Reason
X-Server-W
X-Core-Value
X-VG-WebCache
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Wix-Viewer-Type
X-Correlation-ID
X-DefHash
X-Date
X-DefElseHash
X-Cdn-Diag
We-Hiring
X-SVT-ORM-RULES
X-Thinkindot-L3
Is-Eu
X-SD-PageType
X-Shop-Environment
X-ShardId
Machine
X-Vmg-Version
AKAMAI
X-ShopId
Gh-Request-Id
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sn-Servicetimems
Expect-Staple
Environment
X-Storefront-Renderer-Rendered
Cmsid
Host-ID
Fastly-Backend-Name
X-Up
CloudFront-Viewer-Country
CPC-Cache
Mail-Subject
CPC-Age
Cmstype
X-Hash
Fastly-GeoIP-CountryCode
X-Mvc-Supplant-Cachable
X-Var-Ttl
X-Server-IP
X-Tenant
X-SVT-ORM-VERSION
Adler-Geo
X-AIR-PT
X-Is-Desktop
X-Is-Mobile
X-Browser-Name
X-Is-Tablet
X-Accel-Version
X-Is-Supported-Browser
X-Tcp-Rtt
X-Clara-WADP
CDCHOST
Cf-Device-Type
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-From
X-Hnp-Log
X-Org
X-Gzip
X-GeoIP
X-INCAP-ABP
X-Node-Id
X-Mvc-Supplant-OutputCached
X-NCache
X-Nginx-Cache-Key
X-Gen-Mode
X-Test
X-WA-Info
X-WADP-Cache
X-Esi-Check
X-Origin-Response-Time
X-Origin
X-Op-Id-All
X-Forwarded-Site
X-Fmm-Version
X-Ah-Environment
Esi-Enabled
X-RateLimit-Limit-Second
DSUID
User-Cache-Control
X-Cache-Id
X-Device-Os
NM-Fastcgi-Cache
X-RateLimit-Remaining-Second
X-Auto-Login
Server-Ext
X-S-Maxage
Country-Code
X-Block-Status
Sever-Int
Server-Hostname
X-Dc
X-B3-Spanid
X-Buckets
Wxu-Next-Hostname
Wxu-Next-Region
NGX
X-Instance-Name
C-Via
X-Cdn-Srv
Ssr
Server-Info
Wxu-Next-Commit
X-Access
X-Vcl-Version
X-Cache-Enabled
Pics-Label
X-Section
X-Via-Fastly
Content-Secure-Policy
X-Varnish-Beresp-Grace
X-Zone
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-Device-Characteristics
X-LB-NoCache
X-Presslabs-Stats
X-CACHE-GROUP
X-API-Version
X-Origin-Cache-Key
X-HA-Backend
IsBot
X-SIPLIST1
YJS-ID
Server-ID
X-WP-CF-Super-Cache-Active
X-Varnish-Beresp-Ttl
Sid
X-B3-Parentspanid
CF-Ctrl
X-Cached-By
X-Frame-Option
Memcached
X-Is-Gdpr
X-JWT-State
X-Has-Esi
Cdn-Requestid
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Hyper-Cache
X-Internal-Host
Memory
Hostname
Location
Time
X-FTR-Backend-Server
X-FTR-Backend
X-Wp-Cf-Super-Cache-Active
X-FTR-Expires
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-Tb-Optimization-Total-Bytes-Saved
X-TIM-N
Cache-Hits
X-Scale
X-Air-Trace-Id
X-Air-Hostname
Origin-CC
Origin-EX
X-Air-Source
X-TA-CDN-Provider
X-LiteSpeed-Cache-Control
X-Fpc
X-Backend-Instance
X-Webstats-RespID
X-ID
X-Cs
X-NGINX-Cache
X-Service
X-SRV
X-PHP-Backend
X-ZONE
Uri
X-VCache
X-DC
X-NewRelic-App-Data
X-VC
Resin-Trace
Epwk-X-Cache
GeoIp-Country-Code
X-DataCenter
X-Site-Version
X-Azure-Ref-OriginShield
LB
X-Nitro-Rev
WZWS-RAY
True-Client-Ip
GeoIP-Latitude
X-Edge-Server
X-Locale
X-Nitro-Cache-From
Cdn-Host
Cdn-Request-Time
X-NODE
Req-ID
X-Microcachable
X-NMSegId
GeoIP-Country-Code
True-Client-IP
X-Cache-Ttl
Cache-Host
XServer
X-Origin-Expires
X-Ad-Load-Variation
X-Datacenter
Tcn
X-HostName
X-Request-URI
X-CSRF-TOKEN
X-Info
Pramga
X-M-Log
X-Request-Start
XM
NtCoent-Length
M-TraceId
Cdn
X-Scope-Id
X-M-Reqid
Fastly-Drupal-Html
X-Geo
HostName
Content-Style-Type
X-FPC
X-Shield-Cache-Expires
X-Varnish-Beresp-Status
X-Pad
X-Github-Request-Id
X-Vercel-Cache
Content-Script-Type
X-WP-CF-Super-Cache-Cookies-Bypass
X-Vercel-Id
X-Qnm-Cache
Cluster
WebServer
X-VarnishDD-TTL
PFcat
X-HN
X-Pod-Name
Cf-Ipcountry
SID
Cache-Tv-Group
X-Cache-Date
User-Agent
X-Ad-Defer-Variation
X-Web-Node
X-LiteSpeed-Tag
Srvid
X-MSEdge-Flight
X-Via-CDN
X-FL-EDGE
X-FL-QIT-DEBUG
X-Via-Edge
A
X-Via-SSL
Locid
X-MSEdge-Features
X-TH-Server
Edge-Cache
Edge-Copy-Time
CountryCode
X-CS
X-Api-Version
X-APP-VERSION
X-Cdn-Request-ID
X-Via-Poph
X-LB-ID
Cdncip
Cdnsip
X-AK-Request-ID
X-NWS-UUID-VERIFY
Tube-Got-Eval
Tube-Get-Contents
Click-Count-Error
Click-Count-Action-Start
X-Amz-Meta-Opti
Tube-Got-Results
Tube-Return
X-B3-Trace-ID
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
X-Cache-FS-Status
X-V-Cache
X-Via-Popn
X-Webkit-Csp-Report-Only
X-Esi
X-Via-Popv
On-Server
X-Moov-Xdn-Version
X-Cache-ASPX
X-Vary
X-ATG-Version
X-Men
V-Age
X-Nc
X-Branch-Name
X-Contensis-Viewer-Groups
X-FireWall-Port
X-Wa
Path
X-Servedbyhost
X-Req
X-SB
X-Moov-T
X-Varnish-Authentication
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-VCL-Version
Priority
MIME-Version
Ngx-Var-Key
XkeyRZ
Cache-Key
Yak-Timeinfo
X-Proxy-CacheRZ
X-CACHE-KEY
X-UA
CDN
Lb
X-TT-LOGID
My-App
Geoip-Latitude
X-Render-Time
X-Tim-N
Server-Id
Wpo-Cache-Message
X-Acquia-Application-Trace
Proxy-Connection
X-Cdn-Forward
Srv
X-Acquia-Application-UUID
Wpo-Cache-Status
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Acquia-Purge-Tags
X-Akamai-Pragma-Client-IP
X-Acquia-Site
X-Rebelmouse-Cache-Control
X-Lb-Cache
X-Rebelmouse-Surrogate-Control
X-Varnish-Director
X-Fastly-Country-Code
X-User
X-Fastly-Backend-Reqs
X-Lb-Nocache
X-Air-Pt
X-Ha-Backend
X-Provided-By
X-Generated-In
X-TRACE-ID
Fusion-Source
X-Via-Ucdn
Fusion-Template-Id
X-Wp-Cf-Super-Cache-Cache-Control
Type
Fusion-Deployment-Id
Fusion-Content-Source
X-Wp-Cf-Super-Cache
Ohc-File-Size
Fusion-Component-Id
State
Fusion-Content-Id
Ohc-Cache-HIT
X-Dw-Trace-Id
X-CUA
X-Planisys-CDN-Cache
X-Platform-Server
X-EC-Lua
X-HS-Content-Campaign-Id
X-Planisys-CDN-Rules
CF-Cached-On
PICS-Label
X-Planisys-CDN-TTL
X-TX-ID
Yjs-Id
X-Iplb-Instance
X-Varnish-Beresp-TTL
X-Iplb-Request-Id
X-WA
X-Vgn-Hpd-Ssi
Mime-Version
Cross-Origin-Embedder-Policy-Report-Only
X-Cdn-Cache-Status
X-CDN-Cache-Status
X-GoCache-CacheStatus
X-Vgn-Hpd-Variations-Key
X-ServedByHost
X-NC
Warning
Vha6-Origin
X-RAMCache
X-Udemy-Cache-App-Namespace
X-Vgn-Hpd-Cached
X-HS-Status
X-Miniprofiler-Ids
X-CF-Cache-Header-Vary
X-Fastly-Cache
Cneonction
X-CF-Cache-Header-Cache-Control
Log-Origin
Ngx
X-Fastly-Cache-Hits
Cache
X-Release
X-Cached-Since
X-ElasticPress-Query
X-Cache-Remote
Inserted-Into-Cache-At
X-Litespeed-Cache-Control
X-Snapshot-Date