Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
X-Request-ID
X-Cacheable
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
Timing-Allow-Origin
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
Upgrade
X-CDN
Access-Control-Max-Age
CF-Ray
X-Dns-Prefetch-Control
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
Host-Header
X-Ws-Request-Id
X-Hacker
X-Server-Powered-By
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
EagleId
X-Dispatcher
Cf-Edge-Cache
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Aws-Lambda-Call-Status
Accept-CH
X-Node
X-Host
Cf-Railgun
X-Pingback
X-Akamai-Path-Stats
X-Server-Id
X-Cache-Spec
Surrogate-Control
X-Backend-Server
X-Akam-SW-Version
X-OneAgent-JS-Injection
Request-Id
EagleEye-TraceId
X-Response-Time
X-Cache-Lookup
X-Readtime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
X-HW
Accept-CH-Lifetime
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Application-Context
Rating
X-Trace
Fastly-Restarts
Accept-Ch-Lifetime
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Country
X-Oneagent-Js-Injection
X-Nginx-Upstream-Cache-Status
X-Url
X-Amz-Server-Side-Encryption
X-MS-InvokeApp
X-Edge
X-Rack-Cache
X-B3-TraceId
X-TtlSet
X-Vname
X-PC
Edge-Control
X-Mod-Pagespeed
X-Ruxit-Js-Agent
X-Content-Type
X-CST
X-Vcap-Request-Id
X-ESI
X-Mcache
X-D2id
Verso
Xkey
X-GitHub-Request-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
Cache-Tag
X-Exp-Variant
X-Amz-Rid
X-Powered-By-Plesk
X-Ruxit-JS-Agent
Service-Worker-Allowed
RTSS
X-FastCGI-Cache
X-Varnish-TTL
X-VARITI-CCR
X-ECACHE
X-Navigation-Version
X-Upstream
X-Version
X-Abt-Application-Version
X-Client-IP
X-Cached
X-Ac
X-Cnection
X-Dw-Request-Base-Id
X-Element-Page-Cache
Cf-Apo-Via
X-Server-Name
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
SPRequestGuid
X-SharePointHealthScore
X-Px
Permissions-Policy
X-Ttl
Public-Key-Pins
SPIisLatency
SPRequestDuration
X-Middleton-Display
Display
Pagespeed
X-Sol
X-Country-Code
X-Cache-TTL
X-NWS-LOG-UUID
Response
X-Middleton-Response
X-Ser
X-Edge-Location-Klb
X-Kinsta-Cache
X-Midtier
X-Cache-Key
X-RateLimit-Remaining
X-Goog-Hash
Accept-Ch
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-For
Content-MD5
X-NF-Request-ID
X-Correlation-Id
Access-Control-Request-Method
X-DataDome
X-MSEdge-Ref
X-Shield-Request-Id
Front-End-Https
X-Recruiting
X-T
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
Edge-Cache-Tag
AR-SID
Mrf-Cache-Status
X-HP-Trace-Id
X-HP-Webp
MRF-Tech
X-Jurisdiction
TP-Cache
X-B3-TraceId-Primal
TP-L2-Cache
Nginx-Cache
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Cdn
X-Webkit-Csp
TCN
X-Daa-Tunnel
X-Powered-CMS
X-Mg-S
X-RateLimit-Limit
X-Grace
X-Content-Digest
X-Request-Received
Filters
X-Request-Processing-Time
X-Hits
X-Id
X-Amzn-Trace-Id
X-HS-Hub-Id
Server-Node
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
Server-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
MS-Author-Via
X-PressLabs-Stats
Fastcgi-Cache
X-Geo-Country
X-Frontend
X-Distributor
X-XRDS-Location
X-Fastly-Request-Id
Count-Hit
X-Origin-Server
X-Fastcgi-Cache
S
X-Ua-Browser
X-Ezoic-Cdn
X-Protected-By
X-Ab
X-LLID
Filterid
X-Amz-Meta-S3cmd-Attrs
Cross-Origin-Opener-Policy
Cache-Status
X-LB-Cache
X-Language
X-Forwarded-Proto
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
X-Microsite
X-F-Cache
X-B3-Sampled
Payment
Charset
X-Seen-By
Host
X-FB-Debug
X-Git-Hash
X-Page-Id
X-ASPNET-VERSION
X-Cluster-Name
X-VCache
Surrogate-Key
X-TTL
X-Rid
Cache-Tags
X-Www-Served-By
Realpath
Retry-After
Accept-Charset
X-Logged-In
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Cache-Age
Alternate-Protocol
X-Origin-Cache
X-NGENIX-Cache
X-Source
X-DIS-Request-ID
X-Az
X-Activity-Id
X-AppVersion
X-Type
X-Amz-Replication-Status
X-Varnish-Backend
X-Template
X-Envoy-Decorator-Operation
X-Tb
X-TT
Cleartype
ServerID
DC
X-Signature
X-B-Cache
X-B
Paypal-Debug-Id
X-App-Environment
X-Wix-Request-Id
X-Route-Name
X-Litespeed-Cache
X-Request-Guid
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Providence-Cookie
X-Hostname
X-Varnish-Grace
X-Node-Name
X-Revision
X-DynaTrace
Frame-Options
X-Kong-Upstream-Latency
X-Drupal-Cache-Tags
X-Kong-Proxy-Latency
X-Proxy
X-Cache-Rule
X-Contextid
Pinterest-Version
X-Tt-Trace-Tag
X-Pinterest-Rid
X-Fastly-Request-ID
X-Tt-Trace-Host
Pinterest-Generated-By
X-Debug
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Refresh
X-Mobile
X-Content-Options
X-Load-Cache
X-EdgeConnect-Cache-Status
Amp-Access-Control-Allow-Source-Origin
X-N
X-Cache-Control
Country
Node
X-Magnolia-Registration
X-Original-Request-Id
Referer-Policy
X-Response-Served-From
NGB
X-Debug-IsPreview
Akamai-GRN
X-Debug-IsConnected
X-Varnish-Age
X-Cache-TTL-Remaining
X-Varnish-Server
Access-Control-Request-Headers
X-Environment-Context
X-Content-Powered-By
X-Status
X-L-Path
Content-Disposition
Viewport
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-G
VIX-Pulpo-Node
X-XRDS-LOCATION
X-Instance
Cross-Origin-Resource-Policy
X-NYM-Debug-Backend
X-Cacheable-TTL
X-Jobs
X-Cache-Grace
X-Adobe-Loc
Uber-Trace-Id
X-User-Agent
X-Adobe-Content
X-Framework
X-Akamai-Request-ID2
X-Mid
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Real-IP
X-Whom
X-Is-Bot
X-Servername
X-ProcessESI
X-Page-View
X-Ratelimit-Remaining
Url
Srv
X-Rendered-As
X-RemovedCookies
X-Unique-Id
X-COUNTRY
Countrycode
X-Oracle-Dms-Ecid
X-Time
X-CDN-Forward
X-Oracle-Dms-Rid
X-Cache-Expired-At
X-Via-JSL
X-Drupal-Cache-Contexts
Version
X-Trace-Id
X-Content
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Accept-Language
X-Cache-Hit
X-APP-VERSION
X-URL
X-Tumblr-User
X-Tumblr-Pixel-1
X-Cache-Operation
X-Http-Reason
X-Mg-Request-UUID
X-Api-Version
X-Backend-Name
Protected
X-App-Server
Healthy
X-Restarts
X-Rule
X-Azure-Ref
X-IPLB-Request-ID
X-IPLB-Instance
Content-Secure-Policy
X-Akamai-Edgescape
X-Ratelimit-Limit
X-Debug-Info
X-Tt-Logid
X-Cache-Action
Section-Io-Cache
X-Hosted-By
X-Server-ID
X-Generation-Time
X-VC-Cache
Backend
GEO-INFO
Server-Info
Liferay-Portal
X-Nginx-Cache-Key
X-Device-Type
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-Storage
X-Mobile-URL
Meta-Geo
X-UPSTREAM-Address
X-FW-Server
Load-Balancing
X-RN-RSRV
X-FW-Type
Xserver
X-FW-Static
CF-IPCountry
X-RTag
X-SRV
Ms-Operation-Id
MS-CV
Onion-Location
X-OCL
X-FireWall-Port
Eomportal-Instance
Azure-InstanceId
X-Mode
X-Locale
Azure-Version
Azure-SlotName
Azure-RegionName
X-HTML-Minification-Powered-By
X-PCL
X-Section
Azure-SiteName
S-Rt
X-Generated-By
X-Access
X-Format
X-Amz-Apigw-Id
CDN-EdgeStorageId
CDN-CachedAt
X-Region
CDN-PullZone
X-SaId
X-Alternate-Cache-Key
CDN-RequestCountryCode
X-Forwarded-Host
CDN-Cache
X-Amzn-RequestId
X-Redis-Cache
X-Cache-Host
X-Origin-Hint
X-Cms-Context
X-Content-Age
X-Cache-Server
X-Varnish-Cache-Hits
Cache-Name
X-R9-Blue-Green-Version
X-Proxy-Cache-Status
X-Edge-Location
CDN-RequestId
X-JoinUs
TWC-Connection-Speed
X-Sorting-Hat-PodId
X-Skip-Cache
X-Site-Version
Web-Mar-Node
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
X-Sorting-Hat-ShopId
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Shopify-Stage
X-ShopId
Webcakes-App-Version
Locale
Webcakes-Region
CDN-Uid
X-Urbn-Context-Path
X-Handled-By
Webcakes-App-Name
X-ShardId
X-Urbn-Site-Id
X-Varnish-Beresp-Grace
Property-Id
X-Proto
X-PHP-Host
X-Varnish-Hostname
X-Sql-Count
X-Varnishpool
X-Via-Fastly
X-Labrador-Cache-Channel
X-Adobe-Source
X-Storefront-Renderer-Rendered
X-AWS-Id
X-Cache-Type
X-Extlb
X-Sql-Duration-Ms
X-VWS-Id
X-LJ-Flow-ID
X-Zipkin-Id
X-Routing-Service
Apigw-Requestid
X-Server-W
X-Xfnlog-Site
X-Web-Node
X-SayCDN-TTL
X-No-Session
X-Say-TTL
X-PHP-Backend
X-Proxied
X-Say-Cacheable
X-ProxyCache-Status
X-Request-Time
X-Tid
X-ProxyCache-Key
Selected-Fe
Mn-Server-Ip
X-BYPASS-REASON
X-Hl-Ver
X-Timing-Wait
X-Proxy-Build
X-UA-Device-Type
X-Cache-Status-Check
X-Ms-Request-Id
X-Cache-Enabled
X-Uri
X-DynaTrace-JS-Agent
WP-Super-Cache
X-Ms-Version
X-GeoCountry
DB-Nickname
X-ServerID
X-Detected-As
X-GeoCode
X-Nginx-Cache
X-Cache-NGX
X-FB-TRIP-ID
Fastcgi-Useragent
X-ECache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Provided-By
X-Ua
X-UUID
X-Amzn-Remapped-Content-Length
X-Varnish-Ttl
X-Origin-Date
X-TNCMS
X-LSADC-Cache
X-Loop
X-Pubstack
X-Datadome
X-Reqid
X-Vgn-Hpd-Reason
X-Dc
Xet-Cookie
X-Zen-Fury
X-Tec-Api-Version
X-Tumblr-Pixel-2
X-Tec-Api-Root
ServedBy
X-Tec-Api-Origin
X-Soup
X-App-Version
X-Correlation-ID
X-Newrelic-Synthetics
X-Aspnetmvc-Version
X-Origin-CC
X-Human
X-Origin-TTL
X-MP-GENERATED-AT
X-Service
Origin
X-Webkit-CSP
Source
X-GEO
From-Origin
X-TA-CDN-Provider
X-Varnish-Hits
X-RCS-CacheZone
Cache
X-Cached-By
Cross-Origin-Window-Policy
X-Cache-Tags
X-Varnish-Beresp-Ttl
X-Cache-Debug
X-TIME
X-Debug-Cache
WPO-Cache-Message
WPO-Cache-Status
Webserver
SD-X-WS
Rip
LB
MD5-Digest
Rendered-Blocks
Fastly-Drupal-HTML
BehaviorPad-Version
X-ScT
Host-ID
X-Request-Host
X-B3-Traceid
X-NewRelic-App-Data
X-Developer
Meta-Geo-Continent
X-Forwarded-Path
X-Ec-GeoHdr
Ngx.Var.Host
X-External-Request-Id
CPC-Age
CPC-Cache
X-Rewrite-Enabled
Cdnsip
DCR-Decision-By
X-Ec-Fail
X-NAPM-TraceId
Lang
X-PBS-Appsvrname
X-Parent-Response-Time
X-Orig-Expires
X-ARC
X-Bc-Bl
X-B-Cookie
X-BCube-Filmed-By
DCR-Processing-Time-Ms
X-Connection-Hash
Environment
X-Cache-NE
Expiry
X-Processor
X-Rojux
X-A-Ccd
Odigeo-Trace-Id
X-VG-WebCache
Surrogated-Key
Sslversion
X-A-Dam
X-A-Dgt
X-A-Dcw
X-D
X-Vdms-Version
X-Vdms-Path
X-User
A
VNS-Age
VNS-Cache
X-TIM-N
X-Tenant
X-Destination
T-Server
X-A
X-A-Wwc
X-SRCache-Key
X-Aed
X-AK-Request-ID
X-Shop-Environment
Xc-Version
X-S-Cookie
X-S
Cdncip
X-Application
X-AOL-HN
X-Served-From
X-Nyt-Route
X-Gdpr
X-Cluster
Upgrade-Insecure-Requests
Redirect-Candidate
X-Owner
X-Origin-Time
X-Aicache-OS
X-Dispatcher-Number
Server-Host
X-Sucuri-ID
AKAMAI
X-Geo-Header
Fastly-Backend-Name
X-Thinkindot-L3
TDXMobile
X-Sucuri-Cache
X-Generated-On
X-INCAP-ABP
X-Level-Front-Cache
Thinkindot-CacheControl
OT-Force-Account-Verify
X-IPS-LoggedIn
X-Cdn-Srv
X-Core-Value
X-Developers
X-FW-Version
X-Trace-ID
X-HS-Content-Campaign-Id
Thinkindot-CacheControl-Type
X-Auto-Login
Thinkindot-Control
X-CMSURLCustom
Cluster
Apple-News-Services-Host
Cmsid
Click-Count-Action-Start
Click-Count-Error
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Candidate-Md5Url
X-Azure-Ref-OriginShield
Origin-EX
Release
Req-Svc-Chain
Origin-CC
NGX
Mime-Version
Mobile-Detection-Method
X-ATG-Version
Servername
State
Tube-Return
V-Age
Vix-Hermes-Req-Id
Tube-Got-Results
Tube-Got-Eval
Svr
Traceparent
Tube-Get-Contents
Apple-News-Services-Handled
X-BBC-Edge-Cache-Status
DSUID
X-Clientip
X-Clara-WADP
Decoy-Debug-TTL
Decoy-Debug-Status
Country-Code
X-Core-Mission
Decoy-Debug-Key
Fastly-GeoIP-CountryCode
X-Cdn-Origin
X-Bip
L
Machine
IsBot
X-Cache-Bucket
X-Cache-Info
Gh-Request-Id
X-Cache-Id
Cmstype
X-Gamma-Serve
X-Proxy-Cache-Info
X-Pool
X-Planisys-CDN-TTL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rocket-Nginx-Serving-Static
X-Request-URI
X-Region-Sid
X-Planisys-CDN-Rules
X-DefElseHash
X-NCache
X-Minions-Version
Web-Mar-Region
X-NodeID
X-Optimistic-Header
X-Origin-Response-Time
X-Origin
X-S-Maxage
X-SB
X-Varnish-Remaining-TTL
X-SVT-ORM-VERSION
X-VG-TLSProxy
X-Thanos
X-Var-Ttl
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-SVT-ORM-RULES
X-Accel-Buffering
X-WADP-Cache
X-Scheme
X-Scale
X-SIPLIST1
X-Slack-Backend
X-Viewer-Country
X-Sn-Servicetimems
X-Loc
X-Planisys-CDN-Cache
X-Varnish-Beresp-Status
X-Forwarded-Site
X-Gzip
X-Fastly-Backend
X-Fmm-Version
X-Esi-Check
X-DefHash
X-Epic-Correlation-Id
X-GeoIP-City
X-CSRF-Token
X-Is-Gdpr
X-Platform-Server
X-WP-CF-Super-Cache-Active
X-Has-Esi
X-Cluster-Node
X-JWT-State
HostName
X-B3-SpanId
X-Worker
X-VServer
X-Datadog-Trace-Id
X-DPWN-IS-SECURE
X-Variation
X-Device-Os
X-Ec-Custom-Error
X-SplitTest
Wxu-Next-Hostname
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
Wxu-Next-Region
X-V-Cache
Wxu-Next-Commit
X-Wix-Viewer-Type
X-GeoIP
X-Ckpd-Fst-Backend
X-Gen-Mode
X-Gateway-Skip-Cache
X-Policy
X-Hnp-Log
X-Block-Status
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-CGP
X-Branch-Name
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Eu-Site
X-CacheTTL
X-Sigma
X-Ad-Defer-Variation
X-FC-Vary-Parameters
X-Fetched-On
X-Qloud-Router
X-Gateway-Cache-Key
CloudFront-Viewer-Country
X-Rocket-Build-Number
X-Sigma-Backend
X-Hash
HA-Ipaddr
Cache-Host
Ha-Gx-Prefs
L5d-Success-Class
Adler-Geo
NM-Fastcgi-Cache
Mail-Subject
Memcached
X-VC
X-Newrelic-App-Data
Is-Eu
Platform
User-Cache-Control
Fastly-SIE
Datacenter
We-Hiring
CDCHOST
Producers
Fastly-SWR
Fastly-SSL
Kp-EeAlive
X-Cache-Remote
X-Esi
X-Tx-Id
X-Via-NSCOPI
Canary
X-Udemy-Cache-App-Namespace
X-LB-NoCache
Sever-Int
Ec-Rule-Version
Server-Hostname
Server-Ext
X-Mvc-Supplant-OutputCached
X-ND-Cache
WebServer
X-GG-Cache-Date
AMP-Access-Control-Allow-Source-Origin
Pics-Label
Sid
X-WA-Info
Cache-Tv-Group
X-Pass-Why
X-Nf-Request-Id
X-Up
Time
Memory
Fastcgi-Cache-TTL
X-Tumblr-Pixel-3
Cache-Hits
X-ZONE
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popn
X-Via-Poph
X-Session-Fingerprint
X-Via-Popv
Request-ID
X-Refresh
X-Rebelmouse-Surrogate-Control
Server-ID
Ssr
X-Servedbyhost
X-Origin-Expires
X-Pod-Name
SID
X-Dispatch
X-Fastly-Cache
X-Rebelmouse-Cache-Control
X-Cs
X-Akamai-Transformed
X-Generated-In
X-Edge-Pop
X-Release
X-Lambda-Id
My-App
Env
X-Wa
X-Fpc
X-DC
X-Zone
X-CACHE-AGE
X-Presslabs-Stats
X-Req
X-NWS-UUID-VERIFY
X-PX
X-ID
X-Ig-Push-State
X-Cache-Date
X-LB-ID
X-TX-ID
X-EC-Lua
X-Buckets
X-MSEdge-Features
X-MSEdge-Flight
True-Client-Country-4JS
X-Endurance-Cache-Level
X-NC
X-Conf
X-Xrds-Location
CacheControlHeader
GeoIp-Country-Code
X-Microcachable
CDN
True-Client-IP
X-Vc
X-VCL-Version
X-B3-Spanid
X-Webkit-CSP-Report-Only
X-NGINX-Cache
X-CSRF-TOKEN
Hostname
X-TH-Server
X-CS
X-Dmc
X-Op-Id-All
X-CACHE-KEY
X-HS-Status
X-TRACE-ID
X-Srv
Magicmarker
Fastly-Drupal-Html
X-Be
X-Vcl-Version
X-Wikidot-Static-Cache
X-Check-Cacheable
X-Accel-Expires-Debug
X-Date
WWW-Authenticate
X-Wikidot-Backend
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-RateLimit-Reset
X-MCACHE
True-Client-Ip
Path
Tcn
Resin-Trace
X-Hyper-Cache
X-RAMCache
X-Vercel-Id
X-Varnish-Beresp-TTL
X-Old-Content-Length
X-Alfa-Service
X-Vercel-Cache
X-LiteSpeed-Cache-Control
X-SERVER-NAME
Powered-By
X-Akamai-Pragma-Client-IP
X-Datacenter
Section-Io-Id
Pramga
X-Micro-Cache
X-M-Reqid
Section-Origin-Responded
X-M-Log
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-CF-Lambda-Version
X-CF-Lambda-Fn
GeoIP-Country-Code
X-CLOUD-TRACE-CONTEXT
X-Geo
X-Cache-Ttl
Yjs-Id
X-Air-Source
Proxy-Connection
X-Air-Hostname
X-Air-Trace-Id
Tracecode
X-Qnm-Cache
X-FPC
X-App
YJS-ID
X-Edge-POP
X-Air-Pt
X-Webstats-RespID
ENV
X-Mly-Id
X-Location
X-Via-CDN
FSS-Cache
X-WA
C-Via
X-Contensis-Viewer-Groups
X-API-Version
X-Varnish-Authentication
X-Cache-ASPX
X-Platform-Cluster
User-Agent
X-ServedByHost
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Lb
Server-Id
X-Lb-Id
X-Platform-Processor
N-Cache
X-Platform-Router
X-TrackingId
X-Response-By
X-Cdn-Forward
NtCoent-Length
HIT
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Director
Esi-Enabled
Fastcgi-X-Cache-Version
Hit
Cdn
X-Server-IP
On-Server
X-Client-Ip
X-PAYTM-SRV-ID
X-Platform
X-Service-Response-Time
Sm-Log-Id
X-Dw-Trace-Id
X-AIR-PT
X-DataCenter
X-TT-LOGID
Locid
Srvid
X-Instance-Name
X-Traceid
X-FL-EDGE
Location
X-UA
X-CUA
X-FORWARDED-FOR
Dnion-Transfer-Encoding
X-Test
X-LI-UUID
X-LiteSpeed-Tag
X-From
Geoip-Latitude
X-HA-Backend
Swift-Performance
X-Li-Fabric
Uri
X-Li-Pop
X-LI-Proto
GeoIP-Latitude
X-Cache-Expires
X-Request-Url
X-DB
X-CF-Powered-By
X-RPM
Ohc-File-Size
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
M-TraceId
X-RSL
X-DSS
X-DW
X-RPS
X-DI
X-Cache-Backend
X-Node-Id
Nginx-CQVIP
PICS-Label
XServer
X-Edge-Origin-Shield-Region
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
X-Edge-Origin-Shield-Bytes
X-Wp-Cf-Super-Cache-Cache-Control
X-Cc-Via
Wpo-Cache-Status
Vha6-Origin
X-Fastly-Backend-Reqs
X-Cache-Proxy
X-Request-Start
X-HostName
X-Fastly-Cache-Hits
X-Render-Time
X-LAGOON
X-We-Are-Hiring
Wpo-Cache-Message
X-SD-PageType
X-B3-ParentSpanId
X-Lb-Nocache
X-Cdn-Request-ID
X-Conten-Type-Options
X-Ips-Loggedin
Warning
Wp-Super-Cache
CountryCode
X-Cache-Ngx
X-LbNode
X-Loadbalancer
X-Keep
X-Kebab
X-IBD-Cache
X-Odoo-Frontend
X-IBD-SID
X-Header-Sub
X-Ittl
X-Is-SSL
X-Kebabable
X-NS-Authorization
X-Group
X-NFL-Geo
X-Ntj-Investigation-Id
X-NXG
X-Nyt-Data-Last-Modified
X-NFL-Dma
X-Newegg-Index
X-MTS-Cache
X-Matome-Cached
X-N-OperationId
X-Nerd
X-Newegg-Flow
X-Matched-Rule
X-Ee-Request-Id
X-Edge-IP
X-DT-Node
X-Ee-Generated-By
X-Ee-Origin
X-Ee-Request-Date
X-Doge
X-Developed-By
X-Container-Uri
X-Dcm-Pdtf
X-Dehri-Date
X-Delivery
X-Ramcache
X-Eid
X-Full-Ttl
X-Fstrz
X-GG-Cache-Status
X-Git-Commit
X-Global-Transaction-ID
X-Frame-Option
X-Fastly-Is-Edge
X-ETag
X-Eventloop-Lag
X-F-Status
X-Farm
X-GoCache-CacheStatus
X-Route
X-U-Cache
X-True-Client-Ip
X-Upstream-State
XV-Cache
X-User-Auth
X-Tried-To-Kebabify
X-Toujours-Debout-Location
X-Svr-Proxy
X-SVR-IIS
X-Test-Nginx-Ingress
X-Timestamp
X-Toujours-Debout-Branch
X-Utime
X-YSpaceId
XV-H
X-Waitingroom
X-Web-Hosting
Timeexpire
X-WP-Bypass
X-Colour
X-Wag-Acs
X-V2-Infrastructure
X-Vary-Devices
X-Ver
X-Xms-Page-Cache-Actions
X-Stack-Name
X-SSLProxy
X-Pver
X-PGF-Deflate
X-R-Cache
X-Reboot
X-Redis
X-PG-ACCESS
X-Paywall
X-Origin-Ops
X-Onedio-Env
X-OVcl
X-OVcl-Cache
X-PageType
X-Render-Method
X-Request-Origin
X-Site
X-Sh
X-Slack-Shared-Secret-Outcome
X-SMP-JWT
X-Square
X-ServiceName
X-Server-L
X-WSR2
X-Route-Akamai
X-Ruby
X-Save-Cache
X-Okws-Version
Served
Joe-X
Is-Https
NB-ESI
Nikkei-App-Version
NLCacheNote
HTTPProtocol
HServer
CMS-200
Cluster-Host
Deeplink
Ec-Policy-Id
H1
Npm-Cost
Npm-Remaining
Proxy-Cache
Panzer-Cache-Control
RawURL
Region
Request-Uuid
Origin-Site
Ok-Edge-Key
Ns
Ns-Ua
Ok-Cache-Status
OK-Edge-Date
Cf-Wrk
Cf-Locale
DynaTrace
SRV
WZWS-RAY
X-Mg-Cache
X-ApacheServer
Cache-Key
Fastcgi-Cache-Ttl
X-PERF
X-Via-Ucdn
X-Moov-T
X-Moov-Xdn-Version
Req-ID
X-ElasticPress-Query
X-Yottaa-OS
Cache-Stat
Akamai-X-Url
Cachekey
Cdn-Country-Code
Cf-Device-Type
X-Th-Server
X-Serial
CF-Cached-On
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Cneonction
Rt-Proxy-Cache
Scheme
X-AspNetWebPages-Version
X-ASF-Cache
X-Backend-TTL
X-Backside-Transport
X-BeanStalkRole
X-ARRRG1
X-Arena-Request-Id
X-Akamai-Native
X-Akamai-DeviceType
X-Amz-Meta-Cb-Modifiedtime
X-Apache-Server
X-Ar-Stats
X-BeanStalkStage
X-Cache-Cookie
X-CDN-Pop
X-CacheVersion
X-CDN-Pop-IP
X-Cf-Node-Idx
X-Cms-Device
X-Cache-Response
X-Cache-ReqUri
X-Cache-IsMobileDevice
X-Cache-Length
X-Cache-NPR
X-Cache-Reason
X-Akamai-DeviceOS
X-Akamai-CacheKeyMod
Technodrome
T-Request-Id
Time-Cloud-Cache
Ttl
TWC-AK-Req-ID
Sw
Store-Cloud-Cache
Service-Uuid
Selected-Route
SFRVia
Shieldsquare-Response
SII
TWC-PATH-LOCALE
TWC-Subs
X-Accepted-Fulllang
X-Accel-Version
X-Accepted-Language
X-Accor-Asset
X-AEO-Platform
X-77-NZT-Ray
X-77-NZT
TWC-Unit
Uniqueid
Userver
Vttl
X-Coindesk-Cache