Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
X-Request-ID
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
P3p
Access-Control-Max-Age
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Dns-Prefetch-Control
X-Proxy-Cache
X-Turbo-Charged-By
X-Amz-Id-2
X-Backend
X-Age
Host-Header
X-Ws-Request-Id
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
EagleId
X-Amz-Version-Id
Grace
X-Dispatcher
Cf-Edge-Cache
X-LiteSpeed-Cache
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-WebKit-CSP
X-Aws-Lambda-Call-Status
Accept-CH
X-Host
X-Node
X-OneAgent-JS-Injection
X-Pingback
Cf-Railgun
X-Cache-Spec
X-Server-Id
Surrogate-Control
X-Akam-SW-Version
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Response-Time
X-Cache-Lookup
X-Readtime
Accept-CH-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-HW
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
X-Url
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-MS-InvokeApp
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Edge
Edge-Control
X-B3-TraceId
X-Ruxit-JS-Agent
X-Vname
X-TtlSet
X-PC
X-ESI
X-Mod-Pagespeed
X-Content-Type
X-Vcap-Request-Id
X-CST
Verso
X-Oneagent-Js-Injection
Xkey
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-GitHub-Request-Id
X-Amz-Rid
X-Mcache
Cache-Tag
X-Powered-By-Plesk
X-D2id
X-Varnish-TTL
RTSS
Service-Worker-Allowed
X-VARITI-CCR
X-FastCGI-Cache
X-ECACHE
X-Ruxit-Js-Agent
X-Version
X-Upstream
X-Abt-Application-Version
X-Cached
X-Client-IP
X-Ac
X-Navigation-Version
X-Ttl
X-Cnection
X-Dw-Request-Base-Id
X-Server-Name
X-SharePointHealthScore
SPRequestGuid
X-Element-Page-Cache
X-Px
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
SPRequestDuration
SPIisLatency
Permissions-Policy
Public-Key-Pins
X-Country-Code
Display
X-Middleton-Display
X-Sol
Pagespeed
X-Cache-TTL
X-NWS-LOG-UUID
X-Ser
Cf-Apo-Via
X-Middleton-Response
Response
X-Midtier
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-Cache-Key
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-For
Content-MD5
X-Correlation-Id
Access-Control-Request-Method
X-NF-Request-ID
Front-End-Https
Accept-Ch
X-Shield-Request-Id
X-RateLimit-Remaining
X-MSEdge-Ref
X-DataDome
TP-Cache
TP-L2-Cache
X-HP-Webp
X-Jurisdiction
MicrosoftSharePointTeamServices
X-HP-Trace-Id
X-T
AR-Request-ID
AR-SID
AR-CACHE
AR-ATIME
AR-PoweredBy
MRF-Tech
X-Recruiting
Edge-Cache-Tag
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Accel-Expires
Nginx-Cache
X-Powered-CMS
X-Litespeed-Cache
X-Daa-Tunnel
TCN
X-Mg-S
X-Grace
X-Webkit-Csp
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Content-Digest
X-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Hits
X-TEC-API-VERSION
X-Request-Processing-Time
Server-Node
X-Request-Received
X-XRDS-Location
Filters
Server-Name
X-HS-Combine-CSS
X-HS-Content-Id
X-RateLimit-Limit
X-HS-Cache-Config
X-HS-Hub-Id
X-Amzn-Trace-Id
MS-Author-Via
X-Frontend
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Distributor
X-Erf-Bev-Bev
X-Geo-Country
Fastcgi-Cache
S
X-PressLabs-Stats
X-Protected-By
Cache-Status
X-LLID
X-Origin-Server
Count-Hit
X-Language
X-Ezoic-Cdn
X-Fastcgi-Cache
Filterid
X-Ua-Browser
Cross-Origin-Opener-Policy
X-Ab
X-F-Cache
X-Amz-Meta-S3cmd-Attrs
X-LB-Cache
X-Forwarded-Proto
X-B3-Sampled
X-Seen-By
Payment
X-Page-Id
X-Microsite
X-Request-Handler-Origin-Region
Charset
X-FB-Debug
Host
X-Git-Hash
X-Fastly-Request-Id
X-Ratelimit-Reset
X-VCache
X-Cluster-Name
X-ASPNET-VERSION
Surrogate-Key
X-Cache-Age
X-Rid
Realpath
Cache-Tags
Accept-Charset
Access-Control-Allow-Method
X-Www-Served-By
Alternate-Protocol
X-NGENIX-Cache
X-Template
X-Upgrade-Enabled
X-DIS-Request-ID
X-Source
Retry-After
X-Origin-Cache
X-Logged-In
Cleartype
X-Fastly-Request-ID
X-Tb
X-Signature
X-Wix-Request-Id
X-Route-Name
X-Type
X-TT
X-Providence-Cookie
X-Aspnet-Duration-Ms
ServerID
X-B-Cache
X-Flags
X-Is-Crawler
X-Request-Guid
X-Az
X-B
X-Envoy-Decorator-Operation
X-Varnish-Grace
X-TTL
X-Amz-Replication-Status
X-AppVersion
X-Varnish-Backend
X-Activity-Id
X-App-Environment
DC
Paypal-Debug-Id
X-DynaTrace
X-Node-Name
X-Hostname
Frame-Options
X-Revision
X-Drupal-Cache-Tags
X-Ratelimit-Remaining
X-Contextid
X-Proxy
X-Debug
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Rule
Pinterest-Generated-By
X-Pinterest-Rid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Goog-Generation
Pinterest-Version
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Oracle-Dms-Ecid
Amp-Access-Control-Allow-Source-Origin
X-Oracle-Dms-Rid
X-Mobile
X-Content-Options
X-Load-Cache
Refresh
X-Cache-Control
X-EdgeConnect-Cache-Status
Country
X-Magnolia-Registration
Node
X-N
X-Response-Served-From
X-Original-Request-Id
NGB
X-User-Agent
X-Whom
X-L-Path
Viewport
Access-Control-Request-Headers
X-Cache-TTL-Remaining
X-Environment-Context
Referer-Policy
X-Rendered-As
X-Page-View
X-NYM-Debug-Backend
X-Is-Bot
X-Servername
X-Status
X-Varnish-Age
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Server
X-Instance
X-G
X-Adobe-Loc
X-Adobe-Content
VIX-Pulpo-Upstream-Status
Content-Disposition
X-Akamai-Request-ID2
X-Cache-Grace
X-Framework
X-Cacheable-TTL
X-Cache-Time
Akamai-GRN
VIX-Pulpo-Node
X-Content-Powered-By
Uber-Trace-Id
Url
X-Debug-IsConnected
X-Debug-IsPreview
X-Real-IP
X-Jobs
X-Mid
Srv
X-Unique-Id
Countrycode
X-Time
X-Server-ID
X-Content
X-Ratelimit-Limit
X-RemovedCookies
X-ProcessESI
X-Drupal-Cache-Contexts
X-COUNTRY
Cross-Origin-Resource-Policy
Version
Accept-Language
X-Via-JSL
X-Mg-Request-UUID
X-Cache-Expired-At
X-CDN-Forward
X-Cache-Hit
X-Http-Reason
X-XRDS-LOCATION
X-Restarts
X-APP-VERSION
X-Tumblr-Pixel-1
X-App-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Operation
Healthy
Protected
X-IPLB-Instance
X-IPLB-Request-ID
X-Backend-Name
X-Hosted-By
X-Trace-Id
X-Debug-Info
X-Azure-Ref
Content-Secure-Policy
Section-Io-Cache
X-Tt-Logid
X-Akamai-Edgescape
X-Device-Type
X-Rule
X-SRV
X-Cache-Action
X-Nginx-Cache-Key
Backend
Liferay-Portal
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
Server-Info
GEO-INFO
X-VC-Cache
X-Generation-Time
X-Storage
Meta-Geo
Load-Balancing
X-Mobile-URL
X-UPSTREAM-Address
X-RN-RSRV
X-Api-Version
X-Proxy-Cache-Status
X-HTML-Minification-Powered-By
X-Mode
Fastcgi-Useragent
MS-CV
X-Content-Age
CF-IPCountry
X-RTag
Ms-Operation-Id
X-Forwarded-Host
Azure-SiteName
X-Access
Azure-Version
Azure-SlotName
X-Cache-Host
X-Adobe-Source
X-Alternate-Cache-Key
Web-Mar-Node
X-Urbn-Site-Id
X-Varnish-Beresp-Grace
Xserver
X-AWS-Id
X-Format
Azure-InstanceId
X-Edge-Location
X-Urbn-Context-Path
Azure-RegionName
X-PHP-Host
X-ShopId
CDN-Uid
X-ShardId
CDN-PullZone
X-Section
X-Sorting-Hat-PodId
CDN-RequestCountryCode
CDN-RequestId
X-Handled-By
X-Shopify-Stage
X-JoinUs
X-Labrador-Cache-Channel
Locale
X-SayCDN-TTL
X-Generated-By
CDN-EdgeStorageId
X-LJ-Flow-ID
X-Sql-Duration-Ms
CDN-Cache
CDN-CachedAt
X-Sql-Count
X-SaId
X-VWS-Id
X-Say-TTL
X-Region
X-Sorting-Hat-ShopId
X-Say-Cacheable
Webcakes-App-Version
Property-Id
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
X-Routing-Service
X-Proxied
X-ServerID
X-Storefront-Renderer-Rendered
X-UA-Device-Type
X-No-Session
X-Origin-Hint
X-ProxyCache-Key
X-Varnish-Hostname
X-Skip-Cache
X-ProxyCache-Status
X-GeoCode
X-Site-Version
X-Redis-Cache
X-Ms-Version
X-Varnish-Cache-Hits
X-Cache-Server
X-FireWall-Port
Eomportal-Instance
X-Zipkin-Id
X-Xfnlog-Site
X-Locale
X-Ms-Request-Id
X-Extlb
X-GeoCountry
X-Detected-As
X-Cache-Type
X-BYPASS-REASON
X-Web-Node
Webcakes-Region
Apigw-Requestid
Onion-Location
X-Cache-Enabled
S-Rt
X-Cms-Context
X-OCL
X-Cache-NGX
X-Varnishpool
X-PCL
X-Uri
X-Request-Time
X-Proxy-Build
X-Proto
Mn-Server-Ip
X-Server-W
X-Timing-Wait
Selected-Fe
X-Tid
X-R9-Blue-Green-Version
Cache-Name
X-Nginx-Cache
X-URL
X-Hl-Ver
X-PHP-Backend
WP-Super-Cache
X-WP-CF-Super-Cache
X-Datadome
X-Via-Fastly
DB-Nickname
X-WP-CF-Super-Cache-Cache-Control
X-FB-TRIP-ID
X-Cache-Status-Check
X-Origin-Date
X-Amzn-RequestId
X-Amz-Apigw-Id
X-ECache
X-UUID
X-TNCMS
X-Loop
X-LSADC-Cache
X-App-Version
X-Pubstack
ServedBy
X-Varnish-Ttl
X-DynaTrace-JS-Agent
X-Zen-Fury
X-Reqid
Xet-Cookie
X-Vgn-Hpd-Reason
X-Provided-By
X-Human
X-TA-CDN-Provider
X-Soup
X-Amzn-Remapped-Content-Length
X-Ua
X-RCS-CacheZone
Source
X-GEO
Cache
X-Cache-Tags
X-Origin-CC
X-Aspnetmvc-Version
X-Correlation-ID
X-MP-GENERATED-AT
X-Origin-TTL
Origin
X-Cached-By
X-Varnish-Hits
X-Dc
X-Cdn
X-Tumblr-Pixel-2
X-Webkit-CSP
From-Origin
Cross-Origin-Window-Policy
X-Debug-Cache
X-Service
WPO-Cache-Message
WPO-Cache-Status
X-Trace-ID
SD-X-WS
Request-ID
X-Varnish-Beresp-Ttl
Webserver
X-Newrelic-Synthetics
LB
X-NewRelic-App-Data
Rip
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Cache-Debug
X-Request-Host
X-IPS-LoggedIn
X-AOL-HN
X-A-Wwc
X-Connection-Hash
X-A-Dam
Expiry
X-Cache-NE
X-Aed
X-NAPM-TraceId
X-A-Dgt
X-Developer
X-D
A
X-Orig-Expires
BehaviorPad-Version
X-Destination
Environment
X-A-Dcw
X-Ec-GeoHdr
X-Forwarded-Path
X-External-Request-Id
DCR-Decision-By
Xc-Version
X-BCube-Filmed-By
CPC-Age
X-Bc-Bl
X-SRCache-Key
Cdnsip
X-Application
X-AK-Request-ID
CPC-Cache
X-ARC
Cdncip
DCR-Processing-Time-Ms
X-B-Cookie
X-Ec-Fail
X-VG-WebCache
MD5-Digest
Meta-Geo-Continent
X-Rojux
Surrogated-Key
T-Server
X-Processor
Lang
X-TIM-N
X-S
X-S-Cookie
Odigeo-Trace-Id
Rendered-Blocks
X-FW-Version
Ngx.Var.Host
X-Tenant
Sslversion
X-ScT
X-Shop-Environment
X-User
X-Rewrite-Enabled
X-A-Ccd
X-Vdms-Version
X-A
X-Vdms-Path
VNS-Cache
VNS-Age
X-Parent-Response-Time
X-PBS-Appsvrname
HostName
X-CSRF-Token
X-B3-Traceid
X-Platform-Server
Redirect-Candidate
X-Cluster
X-Accel-Buffering
X-Served-From
X-Dispatcher-Number
X-Owner
X-Aicache-OS
Host-ID
X-Cluster-Node
Upgrade-Insecure-Requests
OT-Force-Account-Verify
X-TIME
X-WP-CF-Super-Cache-Active
Fastly-Drupal-HTML
X-VC
Mime-Version
X-Cdn-Origin
Tube-Get-Contents
Producers
Tube-Got-Eval
X-Cdn-Srv
Release
X-Clara-WADP
X-CacheTTL
X-CGP
Tube-Return
X-Clientip
V-Age
Traceparent
X-Cache-Bucket
State
We-Hiring
X-BBC-Edge-Cache-Status
Vix-Hermes-Req-Id
Tube-Got-Results
X-Ad-Defer-Variation
X-Cache-Info
X-Core-Mission
Servername
X-Auto-Login
X-Cache-Id
Web-Mar-Region
Req-Svc-Chain
X-Gzip
X-Planisys-CDN-Cache
X-Variation
X-Varnish-Beresp-Status
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Pool
X-Policy
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Viewer-Country
Platform
X-VG-TLSProxy
X-Origin
X-Varnish-Remaining-TTL
X-Origin-Response-Time
X-Proxy-Cache-Info
X-Qloud-Router
X-SVT-ORM-VERSION
X-SIPLIST1
X-Slack-Backend
X-SVT-ORM-RULES
X-SplitTest
X-Sn-Servicetimems
X-Sigma-Backend
X-Sigma
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Request-URI
X-Rocket-Build-Number
X-Scale
X-Thanos
X-VServer
X-WADP-Cache
X-Eu-Site
X-Esi-Check
X-Epic-Correlation-Id
X-Fmm-Version
X-Forwarded-Site
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-DefElseHash
X-Developers
X-DefHash
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Loc
X-JWT-State
X-Minions-Version
X-Mvc-Supplant-Cachable
X-Optimistic-Header
X-NodeID
X-Is-Gdpr
X-Irp-Debug
X-GeoIP
X-Wix-Viewer-Type
X-GeoIP-City
X-Has-Esi
X-INCAP-ABP
X-Hash
X-Csrf-Jwt
X-Bip
DSUID
Fastly-GeoIP-CountryCode
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Fastly-SIE
Fastly-SSL
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Fastly-SWR
Cmstype
Cmsid
Apple-News-Services-Handled
Apple-News-Services-Host
Adler-Geo
X-B3-SpanId
X-Via-NSCOPI
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Click-Count-Error
Click-Count-Action-Start
Candidate-Md5Url
Cache-Host
Is-Eu
Country-Code
Mobile-Detection-Method
Machine
Mail-Subject
Origin-CC
NM-Fastcgi-Cache
L5d-Success-Class
Origin-EX
Kp-EeAlive
L
IsBot
NGX
X-Tx-Id
X-GG-Cache-Date
X-Fastly-Backend
User-Cache-Control
Canary
X-Ckpd-Fst-Backend
CDCHOST
Server-Hostname
X-FC-Vary-Parameters
Memcached
X-V-Cache
X-Fetched-On
X-Hnp-Log
Cluster
Fastly-Backend-Name
X-ATG-Version
X-Device-Os
X-Branch-Name
Server-Ext
X-Gamma-Serve
X-Block-Status
X-Var-Ttl
X-HS-Content-Campaign-Id
X-S-Maxage
X-Region-Sid
X-Rocket-Nginx-Serving-Static
Datacenter
X-Geo-Header
X-Gen-Mode
Wxu-Next-Commit
Sever-Int
Wxu-Next-Hostname
Wxu-Next-Region
X-SB
X-Cache-Remote
Server-Host
TDXMobile
X-LB-NoCache
CloudFront-Viewer-Country
X-Mvc-Supplant-OutputCached
X-Sucuri-ID
X-Thinkindot-L3
X-Scheme
Thinkindot-Control
X-Gdpr
X-Worker
X-NCache
AKAMAI
X-Azure-Ref-OriginShield
X-Generated-On
Svr
X-Core-Value
X-Level-Front-Cache
X-Origin-Time
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-CMSURLCustom
X-Sucuri-Cache
X-Nyt-Route
X-Udemy-Cache-App-Namespace
X-Newrelic-App-Data
Cache-Tv-Group
X-WA-Info
Ec-Rule-Version
X-ND-Cache
Pics-Label
Cache-Hits
X-Tb-Optimization-Total-Bytes-Saved
SID
WebServer
Fastcgi-Cache-TTL
Time
Memory
Ssr
X-ZONE
X-Nf-Request-Id
X-Via-Poph
X-Generated-In
X-Via-Popn
X-Via-Popv
X-Rebelmouse-Cache-Control
X-Session-Fingerprint
X-Rebelmouse-Surrogate-Control
X-Origin-Expires
X-Fastly-Cache
Sid
X-DC
X-Servedbyhost
Server-ID
Env
X-Up
X-Refresh
X-Pod-Name
AMP-Access-Control-Allow-Source-Origin
X-Pass-Why
X-Wa
X-Presslabs-Stats
X-Tumblr-Pixel-3
X-Akamai-Transformed
X-Fpc
X-Release
X-Dispatch
My-App
X-Cs
X-Lambda-Id
X-Edge-Pop
X-Cache-Date
X-Ig-Push-State
X-Buckets
X-Zone
X-NWS-UUID-VERIFY
X-Conf
X-MSEdge-Flight
X-NC
X-Esi
X-MSEdge-Features
X-PX
X-EC-Lua
X-CS
X-Req
X-VCL-Version
X-MCACHE
X-ID
CDN
X-Microcachable
X-CACHE-AGE
X-Dmc
X-LB-ID
X-Endurance-Cache-Level
X-Xrds-Location
GeoIp-Country-Code
X-B3-Spanid
True-Client-IP
X-TX-ID
CacheControlHeader
True-Client-Country-4JS
X-NGINX-Cache
Fastly-Drupal-Html
X-Webkit-CSP-Report-Only
Magicmarker
X-CACHE-KEY
X-RateLimit-Reset
X-Vc
X-Be
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-TH-Server
X-HS-Status
X-Op-Id-All
X-CSRF-TOKEN
Hostname
X-TRACE-ID
True-Client-Ip
Path
GeoIP-Country-Code
X-GeoIP-Region-Code
Resin-Trace
X-GeoIP-Country-Code
X-Check-Cacheable
X-Hyper-Cache
X-Srv
WWW-Authenticate
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-M-Log
X-Date
X-Accel-Expires-Debug
X-Vcl-Version
X-M-Reqid
X-Micro-Cache
X-Alfa-Service
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Tcn
X-Air-Pt
X-Varnish-Beresp-TTL
Pramga
Tracecode
X-RAMCache
X-App
X-Qnm-Cache
X-SERVER-NAME
X-LiteSpeed-Cache-Control
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
C-Via
X-Edge-POP
X-Akamai-Pragma-Client-IP
Section-Io-Id
X-Vercel-Id
X-Old-Content-Length
X-Vercel-Cache
Section-Io-Origin-Status
X-Cache-Ttl
NtCoent-Length
X-CLOUD-TRACE-CONTEXT
Yjs-Id
N-Cache
X-TrackingId
Powered-By
X-FPC
X-Datacenter
Proxy-Connection
X-Webkit-Csp-Report-Only
YJS-ID
X-API-Version
Fastcgi-X-Cache-Version
On-Server
X-Yandex-Sdch-Disable
Hit
X-Via-CDN
X-Platform-Router
X-Platform
X-Geo
X-Mly-Id
X-WA
X-PAYTM-SRV-ID
X-Platform-Processor
FSS-Cache
Esi-Enabled
X-Platform-Cluster
Server-Id
X-ServedByHost
ENV
Lb
X-Lb-Id
User-Agent
X-Webstats-RespID
X-Response-By
X-Location
X-UA
X-Dw-Trace-Id
X-Cdn-Forward
HIT
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Vtex-Processado-Em
X-Director
X-Varnish-Authentication
X-Cache-ASPX
GeoIP-Latitude
X-Vtex-Remote-Cache
X-Edge-Origin-Shield-Bytes
X-Node-Id
X-Client-Ip
X-Edge-Origin-Shield-Region
Cdn
X-Contensis-Viewer-Groups
X-AIR-PT
X-FORWARDED-FOR
X-SD-PageType
X-Instance-Name
X-Akamai-ERRuleID
X-FL-EDGE
X-Request-Start
X-LAGOON
X-Akamai-ERPolicy
X-Traceid
Dnion-Transfer-Encoding
X-TT-LOGID
Locid
X-Li-Fabric
X-Li-Pop
X-LI-Proto
Srvid
X-CUA
Geoip-Latitude
X-Server-IP
X-DataCenter
X-From
X-LI-UUID
Sm-Log-Id
X-Service-Response-Time
X-Test
X-Render-Time
X-HA-Backend
X-LiteSpeed-Tag
Ohc-File-Size
X-RPM
X-DI
X-DB
X-DW
XServer
X-RSL
X-RPS
X-Request-Url
Cache-Key
PICS-Label
Location
Nginx-CQVIP
X-DSS
X-CF-Powered-By
X-Via-Ucdn
Swift-Performance
Uri
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache
M-TraceId
X-Cache-Backend
X-Th-Server
X-Serial
X-Cache-Expires
DynaTrace
X-Proxy-Upstream
X-Fastly-Cache-Hits
X-B3-ParentSpanId
Server-Ttl
X-Fastly-Backend-Reqs
X-ApacheServer
X-PERF
X-HostName
Vha6-Origin
Wpo-Cache-Status
X-Lb-Nocache
X-Cdn-Request-ID
Wpo-Cache-Message
Warning
Wp-Super-Cache
X-Ips-Loggedin
XkeyRZ
X-Proxy-CacheRZ
X-Cache-Ngx
CountryCode
X-IN-APIGATEWAY
Cneonction
X-Proxy-Cache-Hk
XM
X-IN-APIGATEWAYSSL
X-HN
Req-ID
X-Mg-Cache
Fastcgi-Cache-Ttl
WZWS-RAY
SRV
X-Moov-Xdn-Version
X-Moov-T
X-Yottaa-OS
PFcat
X-ElasticPress-Query
X-VarnishDD-TTL
CF-Cached-On