Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
CF-Ray
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-DNS-Prefetch-Control
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
X-Dns-Prefetch-Control
Content-Encoding
X-XSS-PROTECTION
Access-Control-Expose-Headers
Server-Timing
Upgrade
X-CDN
Status
X-Request-ID
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Cache-Group
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-Proxy-Cache
X-UA-Device
X-Server
X-Rq
X-Vhost
X-Server-Powered-By
Allow
X-Age
X-Varnish-Cache
X-Ws-Request-Id
X-Dispatcher
X-Amz-Version-Id
EagleId
P3p
Nel
X-Ua-Compatible
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
Cf-Railgun
X-Device
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-OneAgent-JS-Injection
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Host
X-Node
Accept-CH
X-WebKit-CSP
X-CST
X-Backend-Server
Surrogate-Control
X-Server-Id
X-Cache-Lookup
X-Nginx-Cache-Status
X-Readtime
Accept-CH-Lifetime
Permissions-Policy
X-Akam-SW-Version
X-Nginx-Upstream-Cache-Status
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Trace
X-Response-Time
X-HW
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Xkey
Rating
X-Midtier
X-ESI
X-Ruxit-JS-Agent
X-Url
X-Amz-Server-Side-Encryption
X-ECACHE
X-Mcache
X-Ruxit-Js-Agent
X-Upstream
X-Litespeed-Cache
Accept-Ch
X-Vcap-Request-Id
Cache-Tag
X-D2id
X-MS-InvokeApp
X-Exp-Id
X-Element-Page-Cache
X-Cdn-Fetch
Verso
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Rack-Cache
X-Powered-By-Plesk
X-TtlSet
X-Vname
X-PC
Edge-Control
Accept-Ch-Lifetime
X-WebKit-CSP-Report-Only
RTSS
X-Country
Fastly-Restarts
X-Cache-TTL
X-Oneagent-Js-Injection
X-Ac
X-VARITI-CCR
Origin-Trial
X-Navigation-Version
X-Abt-Application-Version
X-Country-Code
Service-Worker-Allowed
X-Goog-Hash
X-Cached
X-Ttl
X-Varnish-TTL
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Browser-Type
X-Amz-Rid
X-GitHub-Request-Id
Cross-Origin-Opener-Policy
X-SharePointHealthScore
X-Dw-Request-Base-Id
SPRequestGuid
X-Server-Name
X-Content-Type
X-Mg-S
X-Amzn-Trace-Id
X-B3-TraceId
X-Powered-CMS
X-Erf-Bev-Bev
Arr-Disable-Session-Affinity
X-Middleton-Response
Response
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
AR-ATIME
AR-PoweredBy
AR-SID
AR-Request-ID
X-NF-Request-ID
X-Kinja-CCPA
SPIisLatency
SPRequestDuration
X-Cache-Key
X-Webkit-CSP
X-Times
X-NWS-LOG-UUID
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Version
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
AR-CACHE
X-SRCache-Fetch-Status
X-Jurisdiction
X-HP-Trace-Id
X-SRCache-Store-Status
X-HP-Webp
X-Accel-Expires
Cache-Tags
X-T
X-Cnection
Cache-Status
X-RateLimit-Remaining
Front-End-Https
X-Aspnetmvc-Version
X-Fastly-Request-ID
Nginx-Cache
X-FastCGI-Cache
Edge-Cache-Tag
X-MSEdge-Ref
X-Hits
X-Ser
X-B3-Traceid
X-Px
X-Client-IP
MRF-Tech
Mrf-Cache-Status
X-RateLimit-Limit
X-B3-TraceId-Primal
Public-Key-Pins
Payment
X-Recruiting
X-LLID
X-Request-Received
X-Request-Processing-Time
X-Frontend
Server-Node
X-Ua-Browser
X-Server-ID
X-Shield-Request-Id
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-DIS-Request-ID
S
X-Fastcgi-Cache
TP-Cache
X-Goog-Metageneration
X-GUploader-UploadID
Access-Control-Request-Method
MicrosoftSharePointTeamServices
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-Amzn-RequestId
X-HS-Hub-Id
X-Amz-Apigw-Id
Content-MD5
X-Content-Digest
X-Distributor
X-LB-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
X-Page-Id
Access-Control-Allow-Method
X-FB-Debug
Realpath
Fastcgi-Cache
Accept-Charset
TP-L2-Cache
X-Cluster-Name
X-Ezoic-Cdn
X-Geo-Country
X-Forwarded-For
X-Rid
X-PressLabs-Stats
X-Webkit-Csp
X-Hostname
X-Aspnet-Version
X-B3-Sampled
X-Ua-Device
X-Correlation-Id
X-Seen-By
Cleartype
Referer-Policy
X-Daa-Tunnel
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Envoy-Decorator-Operation
X-Mobile
Cross-Origin-Resource-Policy
TCN
DC
X-Ratelimit-Remaining
X-Content-Options
Count-Hit
X-Debug-Info
X-Varnish-Backend
X-Newrelic-App-Data
X-TTL
X-COUNTRY
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Origin-Cache
X-TEC-API-ROOT
X-Varnish-Grace
X-XRDS-Location
X-Logged-In
X-Contextid
X-IPS-LoggedIn
X-Is-Crawler
X-Grace
X-Request-Guid
X-App-Environment
X-Git-Hash
X-Route-Name
X-Revision
X-Flags
Surrogate-Key
X-Hosted-By
X-Aspnet-Duration-Ms
X-Amz-Replication-Status
X-Fb-Rlafr
X-Providence-Cookie
X-App-Server
X-Azure-Ref
X-Client-Ip
Frame-Options
X-TT
X-Amz-Meta-S3cmd-Attrs
X-Ratelimit-Limit
X-Origin-Server
X-Kinsta-Cache
X-Edge-Location-Klb
X-RateLimit-Reset
X-Forwarded-Proto
X-Wix-Request-Id
Alternate-Protocol
Retry-After
WPO-Cache-Status
WPO-Cache-Message
X-Whom
Healthy
X-F-Cache
Charset
X-Magnolia-Registration
X-Akamai-Edgescape
Section-Io-Cache
X-Backend-Name
Viewport
MS-Author-Via
X-App-Version
X-Proxy-Cache-Info
Paypal-Debug-Id
X-B
X-Id
X-Webkit-CSP-Report-Only
ServerID
SRV
X-Az
X-AppVersion
X-Activity-Id
Amp-Access-Control-Allow-Source-Origin
X-Language
X-Http-Reason
X-Instance
X-Cache-Rule
Host
X-N
VIX-Pulpo-Node
SD-X-WS
X-Rule
VIX-Pulpo-Upstream-Status
X-Response-Served-From
X-ARC
X-Original-Request-Id
Akamai-GRN
X-Varnish-Age
X-Cache-Grace
X-Rocket-Nginx-Serving-Static
X-Www-Served-By
X-Akamai-Request-ID2
X-Status
X-Edge-Location
X-User-Agent
Front
X-DataDome
Filterid
Protected
Fastly-SWR
X-Load-Cache
X-Varnish-Server
Fastly-SIE
From-Origin
X-FW-Type
X-Region
X-Page-View
X-L-Path
X-Rendered-As
X-Unique-Id
Country
X-UUID
X-Jobs
X-Is-Bot
X-FW-Hash
X-FW-Dynamic
X-Framework
X-FW-Serve
X-FW-Server
X-FW-Version
X-FW-Static
X-Environment-Context
X-Cacheable-TTL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Datadog-Trace-Id
X-Adobe-Loc
Access-Control-Request-Headers
X-Type
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Cache-Time
X-Adobe-Content
Server-Name
X-EdgeConnect-Cache-Status
X-Cache-Control
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Trace-Id
X-Tumblr-Pixel-1
X-ProcessESI
X-RemovedCookies
X-G
X-Proxy
X-Yottaa-Optimizations
X-Vcache
X-Yottaa-Metrics
Refresh
X-Datadog-Sampled
X-Mg-Request-UUID
X-ECache
X-CDN-Forward
X-Time
X-Amzn-Remapped-Content-Length
X-Debug-IsConnected
X-Debug-IsPreview
X-Cache-Age
X-Oracle-Dms-Ecid
X-Source
X-B-Cache
X-Signature
Content-Disposition
X-Drupal-Cache-Tags
X-Oracle-Dms-Rid
X-Erf-Web-Scheduler
Accept-Language
X-WP-CF-Super-Cache-Cache-Control
Backend
Xet-Cookie
X-WP-CF-Super-Cache
X-Generated-By
Version
Countrycode
Webserver
X-DynaTrace
X-HTML-Minification-Powered-By
X-Xrds-Location
CF-IPCountry
X-DynaTrace-JS-Agent
X-Tec-Api-Origin
X-Servername
X-Httpd
X-Tec-Api-Version
X-Tec-Api-Root
X-Mode
Url
X-Tt-Trace-Host
X-Tt-Trace-Tag
Xserver
GEO-INFO
X-Upgrade-Enabled
X-Template
X-ID
X-Device-Type
X-NYM-Debug-Backend
X-Nginx-Cache
X-Content-Age
X-Storage
X-Varnish-Cache-Hits
X-Proto
X-Director
X-GeoCountry
X-GeoCode
X-Urbn-Site-Id
X-Cache-Action
X-Cache-Operation
X-Content-Powered-By
Meta-Geo
Onion-Location
Fastcgi-Useragent
Filters
Load-Balancing
Azure-Version
Azure-SlotName
X-URL
Azure-InstanceId
Azure-RegionName
Azure-SiteName
S-Rt
X-XRDS-LOCATION
X-Urbn-Context-Path
X-Rewrite-Enabled
X-SaId
Locale
X-UPSTREAM-Address
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-LAGOON
X-ServerID
X-JoinUs
X-PHP-Host
X-Varnish-Hostname
X-VC-Cache
X-RM-Cache-TTL
X-Container-Uri
X-Git-Commit
Uber-Trace-Id
X-Cluster-Node
X-Tb
X-MCACHE
OT-Force-Account-Verify
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Soup
X-Tt-Logid
X-Generation-Time
Web-Mar-Node
X-Served-From
X-Detected-As
X-LSADC-Cache
X-Logging-Id
X-VCT
X-Sql-Count
X-Ms-Version
X-Ms-Request-Id
X-Adobe-Source
X-Sql-Duration-Ms
X-Cache-Server
X-RCS-CacheZone
X-Skip-Cache
X-Sucuri-Cache
X-Sucuri-ID
Property-Id
Mn-Server-Ip
Node
X-R9-Blue-Green-Version
Webcakes-App-Version
X-Extlb
X-Origin-Hint
X-Debug
X-FB-TRIP-ID
X-Lambda-Id
X-Zipkin-Id
X-Zen-Fury
Webcakes-Region
X-Routing-Service
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
X-Proxied
TWC-Connection-Speed
TWC-GeoIP-Country
DB-Nickname
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Uri
X-Timing-Wait
X-Fetched-On
X-Proxy-Build
Selected-Fe
X-Format
CDN-RequestId
X-Drupal-Cache-Contexts
X-B3-SpanId
X-Tncms
X-Loop
X-Rn-Rsrv
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Cache-Hit
X-CCDN-Origin-Time
Source
X-Endurance-Cache-Level
Liferay-Portal
X-Nf-Request-Id
X-Fastly-Request-Id
Cross-Origin-Window-Policy
X-Redis-Cache
X-Ua
X-Varnish-Ttl
X-MP-GENERATED-AT
X-Origin-Date
Fastly-Drupal-HTML
X-Srv
X-TimeS
X-CACHE-AGE
X-Varnish-Hits
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Cache-Expired-At
X-Pass-Why
X-S
Upgrade-Insecure-Requests
X-Real-IP
Content-Secure-Policy
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-Origin-TTL
X-UA-Device-Type
X-Origin-CC
X-Newrelic-Synthetics
X-Node-Name
X-Pubstack
X-Ratelimit-Reset
CDN-CachedAt
CDN-Uid
X-TIME
CDN-EdgeStorageId
CDN-Cache
CDN-RequestPullSuccess
X-GEO
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
X-Via-JSL
X-Server-W
X-Hl-Ver
MS-CV
Cache-Provider
Ms-Operation-Id
X-Handled-By
X-Presslabs-Stats
NGB
X-NGENIX-Cache
X-RTag
X-Xfnlog-Site
X-IPLB-Instance
X-Cms-Context
X-Cache-Type
X-IPLB-Request-ID
Apigw-Requestid
WP-Super-Cache
X-Restarts
X-Optimistic-Header
X-Reqid
Redirect-Candidate
X-VG-WebCache
ServedBy
X-RateLimit-Remaining-Second
Rendered-Blocks
X-RateLimit-Limit-Second
Origin-Agent-Cluster
X-Is-Gdpr
X-Policy
Odigeo-Trace-Id
Server-Host
Ngx.Var.Host
X-S-Cookie
X-Forwarded-Path
X-Vdms-Path
X-Gdpr
X-SD-PageType
True-Client-Country-4JS
X-Vdms-Version
X-ScT
X-Rojux
X-JWT-State
Surrogated-Key
T-Server
Sslversion
Meta-Geo-Continent
Gannett-Cam-Experience-Id
Fastly-SSL
Gh-Request-Id
X-Nyt-Route
Ha-Gx-Prefs
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-Mvc-Supplant-Cachable
DCR-Decision-By
Candidate-Md5Url
Canary
HA-Ipaddr
BehaviorPad-Version
Mail-Subject
Magicmarker
MD5-Digest
DCR-Processing-Time-Ms
N-Cache
Vix-Hermes-Req-Id
X-Origin-Time
L
X-Orig-Expires
L5d-Success-Class
Lang
X-AIR-PT
W
X-SRCache-Key
X-Vtex-Remote-Cache
X-Ec-Fail
X-B-Cookie
X-We-Are-Hiring
X-Developer
X-Ec-GeoHdr
X-Application
X-Aed
X-Parent-Response-Time
X-Eu-Site
X-Epic-Correlation-Id
X-App
X-Ec-Custom-Error
X-Bc-Bl
X-CF-Lambda-Fn
X-Cache-Host
X-Var-Ttl
X-Cache-Info
X-Cache-NE
X-Cdn-Diag
X-Cache-Bucket
X-Has-Esi
X-Tenant
X-BCube-Filmed-By
X-Bl-Debug
X-Dispatcher-Number
X-CF-Lambda-Version
X-Accel-Expires-Debug
X-Wikidot-Backend
X-Debug-Cache-Store
X-Conf
X-Destination
Web-Mar-Region
X-Shop-Environment
X-A
X-Viewer-Country
X-GeoIP-Region-Code
We-Hiring
X-CacheTTL
X-GeoIP-Country-Code
X-D
X-Csrf-Jwt
X-A-Ccd
X-Date
X-Slack-Shared-Secret-Outcome
X-CGP
X-A-Wwc
X-Worker
X-Wikidot-Static-Cache
X-External-Request-Id
Xc-Version
X-Slack-Backend
X-A-Dcw
X-A-Dam
X-FC-Vary-Parameters
X-Fastly-Backend
X-A-Dgt
X-Debug-Cache-Fetch
X-Vcl-Version
X-ProxyCache-Key
X-No-Session
Cache-Name
X-ProxyCache-Status
Hostname
X-Tx-Id
X-BYPASS-REASON
X-CSRF-Token
X-Human
X-INCAP-ABP
X-Vmg-Version
Thinkindot-Control
X-Server-IP
VNS-Age
VNS-Cache
X-VG-TLSProxy
Thinkindot-CacheControl-Type
X-Varnishpool
X-ShardId
X-Varnish-Remaining-TTL
X-DefElseHash
Release
X-Refresh
Req-Svc-Chain
Producers
X-Gzip
X-Irp-Debug
X-DPWN-IS-SECURE
X-Request-Host
X-WADP-Cache
X-Core-Value
TDXMobile
X-S-Maxage
X-DefHash
X-Request-Time
X-VServer
Thinkindot-CacheControl
X-Varnish-CookieINHashed-On
X-Bip
X-Test
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Storefront-Renderer-Rendered
X-BBC-Edge-Cache-Status
X-Thanos
X-Cache-Debug
X-Cdn-Origin
X-Up
X-Thinkindot-L3
X-Cache-Id
X-Variation
X-Sorting-Hat-ShopId
X-Auto-Login
X-Clientip
X-Clara-WADP
X-Accel-Buffering
X-CMSURLCustom
X-ShopId
X-Shopify-Stage
X-Varnish-CookieHashed-On
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Hash
X-App-Name
X-Sn-Servicetimems
X-ApacheServer
X-Core-Mission
Platform
Datacenter
X-Mly-Id
X-Org
CPC-Cache
Machine
X-PAYTM-SRV-ID
X-Owner
X-Level-Front-Cache
Is-Eu
X-Mid
X-NodeID
Environment
X-Loc
X-Old-Content-Length
Host-ID
X-Fmm-Version
Expect-Staple
X-PERF
X-Nitro-Cache
X-Wix-Viewer-Type
Adler-Geo
X-Esi-Check
X-Node-Id
X-Qloud-Router
Origin
X-Pool
Memcached
X-Geo-Header
Cmstype
X-Platform
CPC-Age
AKAMAI
Cmsid
Cf-Device-Type
X-Generated-On
X-LJ-Flow-ID
User-Cache-Control
X-Cluster
Cache-Hits
X-AWS-Id
X-VWS-Id
X-Block-Status
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Forwarded-Site
X-From
X-Nginx-Cache-Key
X-Nananana
Apple-News-Services-Host
Server-Ext
NM-Fastcgi-Cache
X-Dispatcher-Server
Server-Hostname
X-Cdn-Srv
CDCHOST
Apple-News-Services-Handled
X-Datadome
X-Device-Os
X-Hnp-Log
X-Origin-Response-Time
DSUID
X-Origin
Esi-Enabled
X-GeoIP
X-Mvc-Supplant-OutputCached
X-Akamai-Device-Characteristics
Sever-Int
CloudFront-Viewer-Country
X-Gen-Mode
X-WA-Info
Country-Code
X-PHP-Backend
X-Proxy-Cache-Status
X-Section
Pics-Label
Origin-EX
Server-Info
X-Instance-Name
Time
X-Scale
Origin-CC
X-Cache-Status-Check
X-NCache
C-Via
X-Op-Id-All
X-LB-NoCache
Memory
Wxu-Next-Commit
Ssr
X-Cache-Enabled
Wxu-Next-Region
Wxu-Next-Hostname
X-Access
AMP-Access-Control-Allow-Source-Origin
X-API-Version
X-Micro-Cache
X-CACHE-GROUP
Server-ID
X-Amz-Meta-Cb-Modifiedtime
X-TIM-N
X-Via-Fastly
NGX
X-Correlation-ID
X-B3-Spanid
X-Dc
X-HA-Backend
X-FTR-Request-ID
X-Wp-Cf-Super-Cache-Active
X-ZONE
X-AB
X-Vgn-Hpd-Reason
X-Internal-Host
X-Tb-Optimization-Total-Bytes-Saved
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Azure-Ref-OriginShield
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Geo-Region
X-Webkit-Csp-Report-Only
X-Cs
X-Buckets
Location
GeoIP-Latitude
X-SIPLIST1
IsBot
Cdn-Requestid
X-Accel-Version
X-Origin-Expires
Cache-Host
X-Backend-Instance
X-Fpc
X-DC
X-Microcachable
X-B3-Parentspanid
X-DataCenter
X-Web-Node
X-Github-Request-Id
X-TraceId
X-WP-CF-Super-Cache-Active
XM
X-Zone
X-Tcp-Rtt
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Desktop
X-Browser-Name
X-Is-Mobile
X-NGINX-Cache
CF-Ctrl
YJS-ID
Resin-Trace
X-Info
Uri
X-VarnishDD-TTL
X-Pod-Name
PFcat
X-HN
X-LiteSpeed-Cache-Control
X-TA-CDN-Provider
Sid
X-Cached-By
X-Ad-Defer-Variation
User-Agent
X-Site-Version
X-Locale
Locid
Srvid
X-Nitro-Cache-From
Edge-Copy-Time
X-Nitro-Rev
GeoIp-Country-Code
X-FL-EDGE
X-Via-SSL
X-Via-Edge
A
X-Via-CDN
X-NewRelic-App-Data
X-FL-QIT-DEBUG
X-Hyper-Cache
True-Client-Ip
X-CSRF-TOKEN
X-CS
Epwk-X-Cache
SID
X-VCache
GeoIP-Country-Code
X-Moov-Xdn-Version
X-Frame-Option
X-ATG-Version
Cdn
X-Cache-ASPX
X-FireWall-Port
True-Client-IP
X-Contensis-Viewer-Groups
XServer
X-Moov-T
X-Webstats-RespID
Cache-Key
X-Service
X-MSEdge-Features
X-MSEdge-Flight
X-Varnish-Authentication
X-Geo
X-SRV
X-TRACE-ID
X-VC
NtCoent-Length
X-Datacenter
X-Upstream-Ht
X-Upstream-Ct
X-Origin-Cache-Key
Path
Fastly-Drupal-Html
X-FPC
X-HostName
LB
Tcn
Cdn-Host
X-Edge-Server
Cdn-Request-Time
State
X-Country-Code-Real
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Vercel-Cache
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Balancer
X-Platform-Server
X-Planisys-CDN-TTL
X-HS-Content-Campaign-Id
X-Vercel-Id
X-LiteSpeed-Tag
X-Api-Version
CountryCode
X-APP-VERSION
Cf-Ipcountry
X-NMSegId
Cdncip
X-AK-Request-ID
M-TraceId
X-Amz-Meta-Opti
X-Pad
Req-ID
WZWS-RAY
Cdnsip
X-Air-Pt
X-Vgn-Hpd-Cached
X-Esi
X-Fastly-Cache
X-Vgn-Hpd-Ssi
X-Release
X-Vgn-Hpd-Variations-Key
X-Cdn-Request-ID
WebServer
X-Sigma-Backend
Lb
X-Rocket-Build-Number
X-Branch-Name
X-Cache-Remote
X-WP-CF-Super-Cache-Cookies-Bypass
X-Sigma
X-Cache-Ttl
Cluster
X-Ad-Load-Variation
X-Generated-In
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Traceid
X-Rebelmouse-Cache-Control
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Rebelmouse-Surrogate-Control
X-M-Reqid
X-NWS-UUID-VERIFY
X-Request-Start
X-Scope-Id
X-HS-Status
Pramga
Content-Script-Type
X-Proxy-CacheRZ
XkeyRZ
Yak-Timeinfo
Content-Style-Type
Cache
X-M-Log
Proxy-Connection
CDN
X-UA
X-CACHE-KEY
X-Provided-By
X-Cdn-Forward
Geoip-Latitude
X-GeoIP-City
X-GoCache-CacheStatus
X-Gamma-Serve
X-Scheme
X-Tim-N
X-Varnish-Beresp-Status
X-Shield-Cache-Expires
X-Akamai-Pragma-Client-IP
Srv
X-Qnm-Cache
X-Lb-Cache
X-RN-RSRV
Ohc-File-Size
X-Cache-Date
Edge-Cache
X-Request-URI
CF-Cached-On
X-Cdn-Cache-Status
X-Vc
X-Ha-Backend
Server-Id
X-TT-LOGID
X-User
Env
X-CUA
X-Via-Ucdn
Inserted-Into-Cache-At
X-Render-Time
X-Edge-POP
X-TH-Server
X-Acquia-Application-UUID
Ngx
X-Lb-Nocache
X-Dw-Trace-Id
PICS-Label
X-Acquia-Site
X-EC-Lua
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
Yjs-Id
X-Aicache-OS
V-Age
Tube-Got-Eval
Tube-Got-Results
Tube-Return
X-B3-Trace-ID
X-Acquia-Purge-Cdn-Unconfigured
X-SB
X-Via-Poph
X-V-Cache
X-Via-Popn
X-Via-Popv
X-Wa
X-Servedbyhost
Tube-Get-Contents
X-Fastly-Backend-Reqs
X-Lb-Id
X-Nc
X-Req
X-Cache-FS-Status
X-CF-Cache-Header-Cache-Control
X-VCL-Version
CACHE-MISS-TO-ORIGIN
X-Litespeed-Cache-Control
Log-Origin
Cneonction
X-RAMCache
Kp-EeAlive
X-Miniprofiler-Ids
X-ElasticPress-Query
X-Cached-Since
Cache-Tv-Group
Click-Count-Action-Start
Click-Count-Error
X-Udemy-Cache-App-Namespace
X-CF-Cache-Header-Vary
Vha6-Origin
X-Fastly-Cache-Hits
X-Snapshot-Date
MIME-Version