Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Request-ID
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Request-Id
Alt-Svc
X-Runtime
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Ua-Compatible
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Device
Cf-Apo-Via
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Backend-Server
Request-Id
X-Cache-Lookup
X-Readtime
X-Ruxit-JS-Agent
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-CST
X-Edge
Content-Location
X-Content-Type
Accept-Ch-Lifetime
X-WebKit-CSP-Report-Only
X-Country
X-Mcache
X-ECACHE
X-MS-InvokeApp
X-Clacks-Overhead
Rating
X-Url
X-Midtier
X-TtlSet
X-Amz-Server-Side-Encryption
X-Vname
X-PC
RTSS
X-VARITI-CCR
Cache-Tag
X-B3-TraceId
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
Origin-Trial
Verso
X-Server-Name
X-Ac
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Rack-Cache
X-Varnish-TTL
X-Cnection
X-Litespeed-Cache
X-Cache-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-ESI
Xkey
X-Navigation-Version
X-Abt-Application-Version
X-Amz-Rid
X-SharePointHealthScore
X-Ttl
X-GitHub-Request-Id
SPRequestGuid
X-NWS-LOG-UUID
Edge-Control
X-Client-IP
X-Cached
X-Mg-S
Arr-Disable-Session-Affinity
X-Px
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Browser-Type
X-Fastcgi-Cache
SPIisLatency
X-Upstream
SPRequestDuration
X-Correlation-Id
X-Cache-Key
X-Sol
Display
Pagespeed
X-Middleton-Display
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-NF-Request-ID
Access-Control-Request-Method
Edge-Cache-Tag
X-Goog-Hash
X-XRDS-Location
X-Daa-Tunnel
X-Country-Code
Front-End-Https
X-Forwarded-For
X-RateLimit-Remaining
Public-Key-Pins
X-Version
AR-CACHE
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Powered-CMS
TCN
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-T
X-MSEdge-Ref
X-Recruiting
X-Content-Digest
X-Id
X-Accel-Expires
Response
X-Middleton-Response
X-Shield-Request-Id
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Ser
TP-L2-Cache
TP-Cache
X-Amzn-Trace-Id
Nginx-Cache
S
X-Request-Processing-Time
X-Request-Received
X-Hits
Server-Node
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-Fastly-Request-ID
X-Distributor
Cache-Status
X-Kinsta-Cache
X-Edge-Location-Klb
MicrosoftSharePointTeamServices
Cache-Tags
Fastcgi-Cache
X-Grace
Alternate-Protocol
Server-Name
X-Ratelimit-Limit
X-DataDome
X-Protected-By
X-Ezoic-Cdn
X-DIS-Request-ID
X-Origin-Server
X-LB-Cache
X-Ua-Browser
X-Ruxit-Js-Agent
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Geo-Country
X-TEC-API-ROOT
X-Frontend
X-Microsite
X-Request-Handler-Origin-Region
X-Rid
X-Debug-Info
X-Ratelimit-Reset
Cross-Origin-Opener-Policy
X-Git-Hash
X-Www-Served-By
X-Varnish-Backend
Filterid
Healthy
X-Logged-In
Cleartype
Payment
X-NGENIX-Cache
X-Forwarded-Proto
X-FB-Debug
X-Ratelimit-Remaining
X-Page-Id
X-TTL
X-Load-Cache
Charset
X-LLID
X-B3-Sampled
X-Webkit-Csp
Content-Disposition
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
DC
X-ASPNET-VERSION
X-Origin-Cache
X-Hostname
X-VCache
X-Cluster-Name
MS-Author-Via
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FastCGI-Cache
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
Access-Control-Allow-Method
Retry-After
X-Proxy
Accept-Charset
X-F-Cache
X-PressLabs-Stats
X-AppVersion
X-Az
X-Activity-Id
Cross-Origin-Resource-Policy
X-Amz-Replication-Status
X-Type
Paypal-Debug-Id
X-B-Cache
X-Contextid
X-Revision
X-Signature
X-Azure-Ref
Viewport
X-Amz-Meta-S3cmd-Attrs
X-Aspnet-Duration-Ms
Realpath
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Varnish-Server
X-Is-Crawler
Accept-Ch
X-Hosted-By
X-Flags
X-Wix-Request-Id
X-B
X-App-Environment
X-TT
X-Whom
X-Seen-By
Amp-Access-Control-Allow-Source-Origin
X-DynaTrace
X-Fb-Rlafr
X-RateLimit-Limit
Surrogate-Key
Count-Hit
X-Source
Referer-Policy
X-Aspnetmvc-Version
X-Akamai-Edgescape
X-Language
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-App-Server
X-Mobile
X-Template
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cache-Control
Host
X-EdgeConnect-Cache-Status
X-Varnish-Grace
X-Cache-Rule
X-N
X-HTML-Minification-Powered-By
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Original-Request-Id
X-Response-Served-From
Version
X-Magnolia-Registration
X-Cache-Time
Refresh
X-Oneagent-Js-Injection
X-Varnish-Age
X-UUID
VIX-Pulpo-Upstream-Status
Access-Control-Request-Headers
X-Cache-Expired-At
X-Envoy-Decorator-Operation
SD-X-WS
X-Cache-Status-Check
VIX-Pulpo-Node
MS-CV
Section-Io-Cache
X-RTag
X-Rule
Ms-Operation-Id
X-Environment-Context
Akamai-GRN
X-Framework
X-Content-Powered-By
X-Cacheable-TTL
X-Cache-Grace
Protected
X-Adobe-Content
X-Adobe-Loc
X-FW-Dynamic
X-Page-View
X-L-Path
X-ProcessESI
X-RemovedCookies
X-Status
X-Jobs
X-FW-Hash
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Version
X-Rendered-As
GEO-INFO
X-Servername
Url
NGB
X-NYM-Debug-Backend
X-Http-Reason
X-G
X-Instance
X-Is-Bot
X-Device-Type
SRV
X-User-Agent
X-Backend-Name
X-Akamai-Request-ID2
X-Debug-IsPreview
X-Debug-IsConnected
X-CDN-Forward
X-B3-Traceid
X-Newrelic-App-Data
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Trace-Id
X-Nginx-Cache
X-Cache-Age
CDN-RequestId
From-Origin
X-Yottaa-Optimizations
WPO-Cache-Status
WPO-Cache-Message
X-COUNTRY
X-Yottaa-Metrics
X-Cache-Hit
X-Region
X-Tb
Accept-Language
Front
Country
X-Pinterest-Rid
Pinterest-Generated-By
X-Tt-Logid
Pinterest-Version
X-URL
X-Node-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
Backend
Fastly-Drupal-HTML
X-Real-IP
X-Buckets
X-Content-Options
X-Fastly-Request-Id
Uber-Trace-Id
X-VC-Cache
Fastly-SWR
Fastly-SIE
X-Mode
X-Unique-Id
X-TIME
Content-Secure-Policy
X-Cache-Operation
X-DynaTrace-JS-Agent
X-Tec-Api-Origin
X-Zen-Fury
X-Tec-Api-Root
X-Tec-Api-Version
X-RN-RSRV
X-Generation-Time
X-Tumblr-Pixel-2
X-UPSTREAM-Address
Meta-Geo
X-Rewrite-Enabled
Filters
Onion-Location
X-Section
X-Cache-Server
CF-IPCountry
X-Web-Node
X-Rocket-Nginx-Serving-Static
X-Format
Webserver
X-Amzn-Remapped-Content-Length
X-Access
X-IPS-LoggedIn
Azure-InstanceId
Azure-RegionName
Azure-Version
Azure-SiteName
Azure-SlotName
X-Proxy-Cache-Info
X-Content-Age
Property-Id
Apigw-Requestid
TWC-Connection-Speed
X-Debug
TWC-Privacy
X-Say-TTL
X-Soup
X-Varnish-Beresp-Grace
X-Reqid
X-Via-Fastly
X-Say-Cacheable
X-Sucuri-ID
X-Sql-Duration-Ms
TWC-Locale-Group
X-Adobe-Source
X-Sucuri-Cache
TWC-GeoIP-LatLong
X-Proxy-Cache-Status
X-PHP-Backend
X-Cache-Host
TWC-GeoIP-Country
TWC-Device-Class
X-Skip-Cache
X-Server-W
X-Cms-Context
Webcakes-Region
X-Origin-Hint
Webcakes-App-Name
Webcakes-App-Version
X-Locale
X-Sql-Count
X-SayCDN-TTL
X-Cache-Action
X-Times
X-SRV
X-Ms-Version
X-AWS-Id
X-BYPASS-REASON
DB-Nickname
X-ProxyCache-Key
X-LJ-Flow-ID
X-Site-Version
X-Ms-Request-Id
X-PHP-Host
X-Handled-By
X-ProxyCache-Status
S-Rt
X-R9-Blue-Green-Version
Web-Mar-Node
X-Proto
X-Cluster
X-Cache-TTL-Remaining
X-VWS-Id
X-IPLB-Instance
X-Edge-Location
X-Cluster-Node
X-Forwarded-Host
X-IPLB-Request-ID
Cache-Hits
X-GeoCode
X-GeoCountry
Cache-Name
X-Labrador-Cache-Channel
Node
X-UA-Device-Type
X-Proxy-Build
X-Proxied
X-No-Session
X-Time
X-LAGOON
X-LSADC-Cache
X-JoinUs
X-Extlb
X-Detected-As
X-FB-TRIP-ID
Selected-Fe
X-Urbn-Context-Path
X-Urbn-Site-Id
CDN-RequestCountryCode
Locale
X-Timing-Wait
CDN-CachedAt
CDN-Cache
Cross-Origin-Window-Policy
X-Xfnlog-Site
X-Zipkin-Id
CDN-Uid
CDN-PullZone
X-Routing-Service
Mn-Server-Ip
X-SaId
CDN-EdgeStorageId
X-WP-CF-Super-Cache
ServedBy
X-CACHE-AGE
X-WP-CF-Super-Cache-Cache-Control
WP-Super-Cache
X-Air-Hostname
X-Air-Trace-Id
Mime-Version
X-Air-Source
X-Ua
Fastcgi-Useragent
Liferay-Portal
X-Presslabs-Stats
ServerID
X-Hl-Ver
X-Optimistic-Header
X-Request-Time
X-Tumblr-Pixel-3
Xserver
X-XRDS-LOCATION
Source
X-Redis-Cache
X-Cache-Debug
Upgrade-Insecure-Requests
X-Loop
X-TNCMS
X-Origin-Date
X-GEO
X-Generated-By
X-Varnish-Hits
X-Akamai-Transformed
X-Mg-Request-UUID
X-Uri
Countrycode
X-NWS-UUID-VERIFY
X-Director
CF-Cached-On
X-Varnish-Beresp-Ttl
X-Tx-Id
X-Pass-Why
X-TA-CDN-Provider
X-ARC
Xet-Cookie
X-Cdn
Frame-Options
X-Webkit-CSP-Report-Only
X-Tid
X-Newrelic-Synthetics
X-Storage
X-Origin-CC
X-Origin-TTL
X-DC
X-FireWall-Port
X-App-Version
X-Service
X-Varnish-Cache-Hits
X-Varnish-Ttl
X-ECache
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Varnish-Hostname
X-Shopify-Stage
X-Alternate-Cache-Key
Cache-Tv-Group
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Esi
SID
Environment
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Endurance-Cache-Level
X-ServerID
X-RM-Cache-TTL
T-Server
TDXMobile
Sslversion
Surrogated-Key
Thinkindot-CacheControl
BehaviorPad-Version
WWW-Authenticate
X-A
Thinkindot-Control
A
Thinkindot-CacheControl-Type
Candidate-Md5Url
DCR-Processing-Time-Ms
Memcached
Redirect-Candidate
Origin
Odigeo-Trace-Id
Ngx.Var.Host
Meta-Geo-Continent
MD5-Digest
Lang
Rendered-Blocks
DCR-Decision-By
Edge-Cache
Gannett-Cam-Experience-Id
Release
Host-ID
Req-Svc-Chain
X-Vdms-Version
X-Gdpr
X-Frame-Option
X-S-Cookie
X-Generated-On
X-S
X-External-Request-Id
X-S-Maxage
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-ScT
X-INCAP-ABP
X-Rojux
X-Origin-Time
X-Nyt-Route
X-Mobile-URL
X-Mid
X-Loc
X-Platform-Cluster
X-Processor
X-Platform-Router
X-Level-Front-Cache
X-Platform-Processor
X-Developer
X-Served-From
Xc-Version
X-We-Are-Hiring
X-VG-TLSProxy
X-BBC-Edge-Cache-Status
X-B-Cookie
X-Application
X-A-Dam
X-A-Dcw
X-A-Wwc
X-Aed
X-Bc-Bl
X-Vdms-Path
X-Core-Value
X-SRCache-Key
X-D
X-Destination
X-Thinkindot-L3
X-CMSURLCustom
X-BCube-Filmed-By
X-Cache-Info
X-Cache-NE
X-TIM-N
X-A-Ccd
X-A-Dgt
Server-Info
X-Request-Host
X-AIR-PT
X-JWT-State
X-Location
X-NodeID
X-Is-Gdpr
X-Httpd
Server-Host
X-GeoIP-City
X-Has-Esi
X-HS-Content-Campaign-Id
X-Old-Content-Length
X-Human
X-Akamai-Device-Characteristics
X-Restarts
X-Rocket-Build-Number
X-SB
Fastly-GeoIP-CountryCode
X-Req
X-Pool
X-Geo-Header
X-B3-Spanid
X-Platform-Server
X-Origin-Response-Time
Ssr
Vix-Hermes-Req-Id
X-Core-Mission
X-CUA
Tube-Return
X-Clara-WADP
X-Cdn-Srv
X-Auto-Login
X-Bip
X-Cache-Bucket
X-Cdn-Origin
Tube-Got-Results
Tube-Got-Eval
X-Fetched-On
X-Fmm-Version
State
Fastly-Backend-Name
X-Ec-Custom-Error
X-Developers
Tube-Get-Contents
X-DefElseHash
X-DefHash
X-Gamma-Serve
Magicmarker
Click-Count-Action-Start
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thanos
Click-Count-Error
CloudFront-Viewer-Country
Apple-News-Services-Parsed-Url
X-WA-Info
X-VServer
X-Vmg-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
Cache-Host
C-Via
X-Varnish-Beresp-Status
Apple-News-Services-Request-Url
Cache-Key
Apple-News-Services-Host
X-SD-PageType
X-Varnish-CookieHashed-On
AKAMAI
Apple-News-Services-Handled
Cluster
X-WADP-Cache
X-WP-CF-Super-Cache-Active
Country-Code
DSUID
Decoy-Debug-TTL
X-Sigma-Backend
X-Conf
X-Sn-Servicetimems
X-Sigma
Decoy-Debug-Key
Decoy-Debug-Status
X-Worker
X-Test
Section-Origin-Responded
Section-Io-Origin-Status
X-Parent-Response-Time
X-Pubstack
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Device-Os
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-App
X-Dispatcher-Number
X-Varnishpool
X-Cache-Id
X-Ckpd-Fst-Backend
X-Wix-Viewer-Type
X-Cache-FS-Status
X-Date
X-Org
X-Block-Status
X-Cache-Backend
X-Azure-Ref-OriginShield
X-Gzip
X-Origin
X-Slack-Backend
X-Op-Id-All
X-Node-Id
X-NCache
X-Nginx-Cache-Key
X-Owner
X-Planisys-CDN-Cache
X-Request-Start
X-Scale
X-Region-Sid
X-Qloud-Router
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Nananana
X-Trace-ID
X-Var-Ttl
X-V-Cache
X-GeoIP
X-Variation
X-Fastly-Backend
X-Gen-Mode
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-LB-NoCache
X-Men
X-Hnp-Log
X-Hash
X-Up
X-Esi-Check
X-Minions-Version
Mail-Subject
NGX
NM-Fastcgi-Cache
Machine
L
Wxu-Next-Hostname
Kp-EeAlive
Producers
Wxu-Next-Commit
Origin-EX
User-Cache-Control
Pics-Label
We-Hiring
Web-Mar-Region
On-Server
Origin-CC
Wxu-Next-Region
Is-Eu
Cache-Provider
X-Accel-Buffering
CacheControlHeader
X-Accel-Expires-Debug
Adler-Geo
Svr
X-Ad-Defer-Variation
CDCHOST
Cmsid
Server-Hostname
Gh-Request-Id
Platform
Sever-Int
Cmstype
Datacenter
Server-Ext
X-HN
X-Forwarded-Site
X-Platform
X-Server-IP
X-VarnishDD-TTL
X-Slack-Shared-Secret-Outcome
Fastly-SSL
X-Refresh
PFcat
X-Mvc-Supplant-Cachable
X-FC-Vary-Parameters
X-Irp-Debug
Canary
X-Server-ID
X-Cache-Tags
X-CacheTTL
Cdn
X-Csrf-Jwt
X-Aicache-OS
HA-Ipaddr
L5d-Success-Class
Ha-Gx-Prefs
X-Eu-Site
X-Cache-Date
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-Cache-Remote
X-CGP
X-CSRF-Token
X-Servedbyhost
X-Microcachable
X-Mvc-Supplant-OutputCached
GeoIP-Latitude
X-HA-Backend
Env
X-Cached-By
X-Client-Ip
HostName
X-RCS-CacheZone
Server-ID
X-Mly-Id
Load-Balancing
X-AK-Request-ID
Cdncip
Cdnsip
X-Tb-Optimization-Total-Bytes-Saved
X-VC
X-Wa
X-Nc
X-DataCenter
X-Fastly-Cache
X-ZONE
X-Fpc
X-Zone
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-Gateway-Cache-Status
Memory
Time
X-API-Version
X-Gateway-Skip-Cache
X-Vc
X-ND-Cache
X-LB-ID
X-Origin-Expires
X-Instance-Name
X-Webkit-CSP
X-APP-VERSION
X-Response-By
X-Release
X-HS-Status
X-Generated-In
X-Api-Version
Cache
Locid
Hostname
Srvid
X-From
Eomportal-Instance
Expect-Staple
X-Via-NSCOPI
X-FL-QIT-DEBUG
X-FL-EDGE
X-CS
X-Correlation-ID
X-Vgn-Hpd-Cached
X-NGINX-Cache
X-Vgn-Hpd-Ssi
X-Check-Cacheable
X-CCDN-Origin-Time
X-Micro-Cache
X-Hcs-Proxy-Type
Ngx-Var-Key
X-Via-CDN
X-CCDN-CacheTTL
X-Cache-Enabled
X-Vgn-Hpd-Variations-Key
NtCoent-Length
OT-Force-Account-Verify
X-CSRF-TOKEN
X-Provided-By
X-Via-SSL
X-Via-Edge
X-Edge-Pop
Edge-Copy-Time
X-NewRelic-App-Data
X-VCL-Version
AMP-Access-Control-Allow-Source-Origin
X-SIPLIST1
GeoIp-Country-Code
IsBot
X-Request-URI
XkeyRZ
X-Proxy-CacheRZ
X-Via-JSL
X-Lambda-Id
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Amz-Meta-Cb-Modifiedtime
X-Cache-NGX
X-MCACHE
X-Info
X-B3-SpanId
X-Srv
True-Client-IP
X-Air-Pt
X-Nf-Request-Id
True-Client-Ip
Srv
X-EC-Lua
X-Vcl-Version
X-Render-Time
VNS-Cache
CPC-Age
VNS-Age
X-Vtex-Remote-Cache
Uri
Resin-Trace
CPC-Cache
Path
X-Dc
Sid
Location
X-Cs
X-Edge-POP
X-VCT
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Cache-Expires
X-Oss-Storage-Class
X-TH-Server
GeoIP-Country-Code
Request-ID
X-Fastly-Country-Code
X-ATG-Version
Servername
X-RateLimit-Reset
Cross-Origin-Opener-Policy-Report-Only
X-MSEdge-Features
X-Contensis-Viewer-Groups
X-MSEdge-Flight
X-Varnish-Authentication
X-Cache-ASPX
CDN
X-CLOUD-TRACE-CONTEXT
Fastly-Drupal-Html
Esi-Enabled
YJS-ID
X-Scheme
Traceparent
X-Upstream-Ct
X-Moov-T
X-Accel-Version
M-TraceId
X-Upstream-Ht
X-Moov-Xdn-Version
X-TX-ID
LB
X-Cache-Type
X-PERF
X-ApacheServer
X-Service-Response-Time
X-Viewer-Country
X-Cdn-Request-ID
X-RateLimit-Limit-Second
X-Pod-Name
Timeexpire
Sm-Log-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-RateLimit-Remaining-Second
X-PAYTM-SRV-ID
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
X-FPC
X-Datadome
X-Cdn-Cache-Status
CountryCode
HIT
X-Lb-Id
X-Datacenter
X-NAPM-TraceId
RNT-Time
RNT-Machine
X-WA
N-Cache
X-Github-Request-Id
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-SERVER-NAME
X-Udemy-Cache-App-Namespace
FSS-Cache
Powered-By
X-Geo
XServer
Rip
X-Srcache-Store-Status
X-CACHE-KEY
X-Bl-Debug
X-Srcache-Fetch-Status
Proxy-Connection
X-Tenant
Server-Id
X-CDN-Cache-Status
X-Forwarded-Path
X-NC
Ohc-File-Size
X-Orig-Expires
X-Shop-Environment
X-ID
Epwk-X-Cache
X-Dw-Trace-Id
ENV
X-B3-Trace-ID
X-TraceId
X-MP-GENERATED-AT
True-Client-Country-4JS
V-Age
X-LiteSpeed-Cache-Control
X-Clientip
Tracecode
X-ServedByHost
X-Policy
X-App-Name
X-Ha-Backend
WZWS-RAY
X-Amz-Meta-Opti
Geoip-Latitude
XM
X-VG-WebCache
Yjs-Id
X-Hyper-Cache
X-Cdn-Forward
X-M-Reqid
X-M-Log
Ngx
Inserted-Into-Cache-At
X-B3-ParentSpanId
X-Acquia-Application-Trace
Content-Script-Type
Content-Style-Type
X-Qnm-Cache
X-Rebelmouse-Surrogate-Control
X-Fastly-Backend-Reqs
X-Fastly-Cache-Hits
X-B3-Parentspanid
X-Serial
X-Swift-Error
X-Lb-Nocache
Ec-Rule-Version
X-Acquia-Site
X-Acquia-Purge-Tags
X-Rebelmouse-Cache-Control
X-Acquia-Application-UUID
X-Vgn-Hpd-Reason
X-Via-PopH
X-Via-PopV
X-Via-PopN
User-Agent
X-Wp-Cf-Super-Cache-Cache-Control
X-TT-LOGID
X-UA
Serverid
X-Wp-Cf-Super-Cache
X-F-Status
X-Lsadc-Cache
X-Ramcache
X-Webstats-RespID
Lb
X-Cdn-Diag
X-RAMCache
Pramga
X-Stale
X-Mid-Debug-Cache-Disk
MIME-Version
Cneonction
My-App
X-LiteSpeed-Tag
X-Th-Server
Warning
X-IPS-Cached-Response
X-Request-URL
X-Mid-Debug-Cache-Key
X-MiniProfiler-Ids
X-UP
X-Cache-Ngx
X-Snapshot-Date