Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
X-Request-ID
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
P3p
Access-Control-Max-Age
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Dns-Prefetch-Control
X-Proxy-Cache
X-Turbo-Charged-By
X-Backend
X-Amz-Id-2
X-Age
X-Ws-Request-Id
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
EagleId
Grace
X-Amz-Version-Id
X-Dispatcher
Cf-Edge-Cache
X-LiteSpeed-Cache
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-WebKit-CSP
X-Aws-Lambda-Call-Status
Accept-CH
X-Host
X-Node
X-Pingback
Cf-Railgun
X-OneAgent-JS-Injection
X-Cache-Spec
X-Server-Id
Surrogate-Control
X-Akam-SW-Version
X-Backend-Server
Request-Id
EagleEye-TraceId
X-Response-Time
X-Cache-Lookup
X-Readtime
Accept-CH-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-HW
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
X-Url
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Edge
X-Rack-Cache
Edge-Control
X-B3-TraceId
X-Vname
X-PC
X-TtlSet
X-Oneagent-Js-Injection
X-ESI
X-Mod-Pagespeed
X-Content-Type
X-Ruxit-JS-Agent
X-Vcap-Request-Id
X-CST
Verso
Xkey
X-Use-Magma
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-GitHub-Request-Id
X-Ruxit-Js-Agent
X-Mcache
X-Amz-Rid
Cache-Tag
X-Powered-By-Plesk
X-D2id
RTSS
X-VARITI-CCR
Service-Worker-Allowed
X-ECACHE
X-Version
X-Varnish-TTL
X-Upstream
X-Abt-Application-Version
X-Cached
X-FastCGI-Cache
X-Navigation-Version
X-Ac
X-Cnection
X-Ttl
X-Client-IP
X-Dw-Request-Base-Id
X-Server-Name
X-SharePointHealthScore
SPRequestGuid
X-Px
Arr-Disable-Session-Affinity
X-Element-Page-Cache
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
SPRequestDuration
SPIisLatency
Permissions-Policy
Public-Key-Pins
X-Country-Code
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Cache-TTL
X-NWS-LOG-UUID
X-Ser
Cf-Apo-Via
X-Middleton-Response
Response
X-Midtier
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-Cache-Key
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-For
Content-MD5
X-Correlation-Id
Access-Control-Request-Method
X-NF-Request-ID
Front-End-Https
Accept-Ch
X-Shield-Request-Id
X-RateLimit-Remaining
X-DataDome
X-MSEdge-Ref
TP-L2-Cache
X-HP-Trace-Id
TP-Cache
X-HP-Webp
X-Jurisdiction
MicrosoftSharePointTeamServices
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
AR-SID
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Accel-Expires
X-T
X-Recruiting
Edge-Cache-Tag
Nginx-Cache
X-Daa-Tunnel
X-Powered-CMS
X-Litespeed-Cache
TCN
X-Mg-S
X-Grace
X-Content-Digest
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Hits
Server-Name
Server-Node
X-XRDS-Location
X-RateLimit-Limit
X-Request-Processing-Time
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Request-Received
Filters
X-Amzn-Trace-Id
MS-Author-Via
X-Frontend
X-Fastcgi-Cache
X-Distributor
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Geo-Country
Fastcgi-Cache
S
X-Protected-By
X-Origin-Server
X-Webkit-Csp
X-LLID
Count-Hit
Cache-Status
X-Language
X-PressLabs-Stats
X-Ezoic-Cdn
Filterid
Cross-Origin-Opener-Policy
X-LB-Cache
X-Ua-Browser
X-Ab
X-F-Cache
X-Forwarded-Proto
Payment
X-Seen-By
X-B3-Sampled
X-Page-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Amz-Meta-S3cmd-Attrs
X-FB-Debug
Charset
Host
X-Git-Hash
X-Fastly-Request-Id
X-Ratelimit-Reset
X-VCache
X-Cluster-Name
Surrogate-Key
X-ASPNET-VERSION
X-Cache-Age
X-Rid
Realpath
Accept-Charset
Cache-Tags
Access-Control-Allow-Method
X-NGENIX-Cache
Alternate-Protocol
X-Www-Served-By
X-Template
X-Source
X-DIS-Request-ID
X-Upgrade-Enabled
X-Origin-Cache
X-Logged-In
Retry-After
X-Fastly-Request-ID
Cleartype
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-B-Cache
X-Request-Guid
X-Route-Name
X-TT
X-Tb
X-Signature
X-Wix-Request-Id
X-Envoy-Decorator-Operation
X-TTL
X-B
X-Varnish-Grace
X-Varnish-Backend
X-Type
ServerID
X-Amz-Replication-Status
X-App-Environment
X-Activity-Id
X-Az
X-AppVersion
Paypal-Debug-Id
DC
X-DynaTrace
X-Hostname
X-Node-Name
Frame-Options
X-Drupal-Cache-Tags
X-Revision
X-Ratelimit-Remaining
X-Contextid
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Debug
X-Proxy
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Goog-Stored-Content-Encoding
X-Kong-Proxy-Latency
X-Cache-Rule
X-Goog-Generation
X-Goog-Metageneration
X-Kong-Upstream-Latency
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Oracle-Dms-Ecid
Amp-Access-Control-Allow-Source-Origin
X-Oracle-Dms-Rid
X-Mobile
X-Content-Options
X-Load-Cache
Refresh
Node
X-Cache-Control
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-N
Country
X-Original-Request-Id
NGB
X-Response-Served-From
X-User-Agent
X-Whom
Access-Control-Request-Headers
X-L-Path
X-Environment-Context
Viewport
X-Cache-TTL-Remaining
X-Cache-Grace
X-Page-View
X-Is-Bot
X-Varnish-Age
X-Rendered-As
X-Servername
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Framework
X-G
X-Adobe-Content
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Referer-Policy
X-Cacheable-TTL
X-Adobe-Loc
X-Cache-Time
X-Akamai-Request-ID2
X-Content-Powered-By
X-Debug-IsConnected
X-Debug-IsPreview
X-Real-IP
X-Mid
X-NYM-Debug-Backend
X-Jobs
X-Instance
Content-Disposition
X-Status
X-Varnish-Server
Uber-Trace-Id
Url
Akamai-GRN
X-Unique-Id
Srv
Countrycode
X-Time
X-Ratelimit-Limit
X-Content
X-Server-ID
X-RemovedCookies
X-ProcessESI
X-Drupal-Cache-Contexts
X-COUNTRY
Version
Cross-Origin-Resource-Policy
Accept-Language
X-Via-JSL
X-Mg-Request-UUID
X-Cache-Expired-At
X-CDN-Forward
X-Http-Reason
X-Cache-Hit
X-XRDS-LOCATION
X-APP-VERSION
X-App-Server
X-Tumblr-User
Protected
X-Cache-Operation
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Healthy
X-Restarts
X-Tumblr-Pixel-1
X-Backend-Name
X-IPLB-Instance
X-Hosted-By
X-IPLB-Request-ID
X-Trace-Id
X-Debug-Info
X-Azure-Ref
Content-Secure-Policy
Section-Io-Cache
X-Tt-Logid
X-Akamai-Edgescape
X-Device-Type
X-SRV
X-Cache-Action
X-Nginx-Cache-Key
Backend
Liferay-Portal
X-FW-Server
X-FW-Serve
X-Rule
Server-Info
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Dynamic
GEO-INFO
X-RN-RSRV
Load-Balancing
X-Mobile-URL
Meta-Geo
X-Generation-Time
X-UPSTREAM-Address
X-Storage
X-VC-Cache
X-HTML-Minification-Powered-By
X-Proxy-Cache-Status
X-Mode
X-Api-Version
Fastcgi-Useragent
X-Varnish-Ttl
CF-IPCountry
Ms-Operation-Id
X-Content-Age
MS-CV
X-RTag
X-ShopId
X-PHP-Host
X-Cache-Host
X-Sql-Count
X-LJ-Flow-ID
Azure-InstanceId
X-Labrador-Cache-Channel
Azure-RegionName
X-Edge-Location
X-AWS-Id
X-Alternate-Cache-Key
X-Generated-By
X-VWS-Id
X-Varnish-Beresp-Grace
X-Urbn-Context-Path
X-Sorting-Hat-ShopId
Web-Mar-Node
X-Urbn-Site-Id
X-Adobe-Source
Xserver
X-Sorting-Hat-PodId
X-Region
X-ShardId
X-Sql-Duration-Ms
CDN-PullZone
Azure-SiteName
CDN-RequestCountryCode
CDN-RequestId
Locale
X-SayCDN-TTL
X-Say-TTL
CDN-Uid
X-Say-Cacheable
X-JoinUs
CDN-Cache
Azure-Version
X-Shopify-Stage
CDN-CachedAt
X-Forwarded-Host
Azure-SlotName
CDN-EdgeStorageId
X-SaId
X-Origin-Hint
Webcakes-App-Name
Webcakes-App-Version
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Property-Id
X-Web-Node
X-Proxied
X-Skip-Cache
X-Site-Version
X-Ms-Request-Id
X-Zipkin-Id
X-Locale
X-Routing-Service
X-ProxyCache-Key
X-Section
X-Ms-Version
X-ServerID
X-Varnish-Hostname
X-Format
X-Extlb
X-Handled-By
X-UA-Device-Type
X-Storefront-Renderer-Rendered
X-Access
X-No-Session
X-Varnish-Cache-Hits
X-Redis-Cache
X-Xfnlog-Site
X-ProxyCache-Status
X-GeoCountry
X-Detected-As
X-Cache-Type
X-BYPASS-REASON
X-GeoCode
Webcakes-Region
Apigw-Requestid
X-FireWall-Port
X-Tid
X-Varnishpool
X-Proxy-Build
X-R9-Blue-Green-Version
X-Cms-Context
X-PCL
X-Cache-NGX
Eomportal-Instance
X-Uri
X-Proto
X-Timing-Wait
X-Cache-Enabled
X-Request-Time
X-OCL
Mn-Server-Ip
Selected-Fe
X-Cache-Server
X-Server-W
S-Rt
X-Nginx-Cache
X-PHP-Backend
X-URL
X-Hl-Ver
WP-Super-Cache
Cache-Name
Onion-Location
X-Via-Fastly
X-FB-TRIP-ID
DB-Nickname
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Datadome
X-Cache-Status-Check
X-Origin-Date
X-Amz-Apigw-Id
X-Amzn-RequestId
X-UUID
X-ECache
X-TNCMS
X-LSADC-Cache
X-Loop
X-DynaTrace-JS-Agent
ServedBy
X-Pubstack
X-App-Version
X-Zen-Fury
X-TA-CDN-Provider
X-Vgn-Hpd-Reason
X-Reqid
Xet-Cookie
X-Human
X-GEO
X-RCS-CacheZone
X-Amzn-Remapped-Content-Length
X-Provided-By
Source
X-Soup
X-Ua
X-Cache-Tags
Cache
X-Aspnetmvc-Version
Origin
X-Origin-CC
X-Correlation-ID
X-Origin-TTL
X-Cdn
X-Cached-By
X-Varnish-Hits
X-Dc
From-Origin
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
Cross-Origin-Window-Policy
X-Webkit-CSP
X-Debug-Cache
X-Service
SD-X-WS
WPO-Cache-Message
X-Varnish-Beresp-Ttl
WPO-Cache-Status
X-Trace-ID
Webserver
X-Newrelic-Synthetics
LB
X-NewRelic-App-Data
Rip
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Debug
X-IPS-LoggedIn
X-AOL-HN
X-Request-Host
A
Lang
BehaviorPad-Version
Expiry
Cdncip
DCR-Decision-By
CPC-Cache
DCR-Processing-Time-Ms
Cdnsip
CPC-Age
Environment
X-A-Dgt
X-PBS-Appsvrname
X-Parent-Response-Time
X-Processor
X-Rewrite-Enabled
X-Rojux
X-Orig-Expires
X-NAPM-TraceId
X-Ec-Fail
X-Ec-GeoHdr
X-External-Request-Id
X-Forwarded-Path
X-S
X-S-Cookie
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
Xc-Version
X-User
X-TIM-N
X-ScT
X-Shop-Environment
X-SRCache-Key
X-Tenant
X-Developer
X-Destination
VNS-Age
T-Server
VNS-Cache
X-A
X-A-Ccd
Surrogated-Key
Sslversion
Meta-Geo-Continent
Ngx.Var.Host
Odigeo-Trace-Id
Rendered-Blocks
X-A-Dam
X-A-Dcw
X-Bc-Bl
X-Cache-NE
X-Connection-Hash
X-D
X-B-Cookie
X-ARC
X-A-Wwc
X-Aed
X-AK-Request-ID
X-Application
MD5-Digest
X-BCube-Filmed-By
X-FW-Version
X-CSRF-Token
X-Platform-Server
X-B3-Traceid
HostName
X-Dispatcher-Number
X-Served-From
X-Accel-Buffering
X-Owner
X-Aicache-OS
Redirect-Candidate
Host-ID
X-Cluster
Upgrade-Insecure-Requests
X-VC
X-TIME
X-Cluster-Node
X-WP-CF-Super-Cache-Active
Mime-Version
OT-Force-Account-Verify
Fastly-Drupal-HTML
X-Gateway-Cache-Status
Origin-EX
Origin-CC
Platform
X-Gateway-Request-Id
X-Forwarded-Site
Producers
Release
X-Gateway-Cache-Key
Req-Svc-Chain
Mobile-Detection-Method
IsBot
Kp-EeAlive
L
Is-Eu
X-Hash
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
X-Via-NSCOPI
X-GeoIP
NGX
NM-Fastcgi-Cache
X-Fmm-Version
X-GeoIP-City
Machine
Mail-Subject
X-Gzip
X-Gateway-Skip-Cache
X-DPWN-IS-SECURE
X-Clientip
X-Clara-WADP
X-Ad-Defer-Variation
X-Core-Mission
X-Csrf-Jwt
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-CGP
X-Cdn-Origin
X-BBC-Edge-Cache-Status
X-Cache-Bucket
X-Bip
X-Cache-Id
X-Auto-Login
X-CacheTTL
X-Cache-Info
X-Datadog-Trace-Id
Web-Mar-Region
State
X-INCAP-ABP
Traceparent
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-Esi-Check
Servername
Tube-Get-Contents
Tube-Got-Eval
X-DefHash
X-DefElseHash
We-Hiring
Vix-Hermes-Req-Id
V-Age
Tube-Got-Results
Tube-Return
X-Eu-Site
Fastly-SSL
X-Rocket-Build-Number
X-Request-URI
X-RateLimit-Remaining-Second
X-Scale
X-Sigma
X-SIPLIST1
X-Sigma-Backend
X-RateLimit-Limit-Second
Adler-Geo
X-Proxy-Cache-Info
Cache-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
X-Slack-Backend
X-Sn-Servicetimems
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Viewer-Country
X-VServer
X-Wix-Viewer-Type
X-WADP-Cache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-SVT-ORM-RULES
X-SplitTest
X-SVT-ORM-VERSION
X-Thanos
X-Varnish-Beresp-Status
X-Variation
X-Pool
X-Qloud-Router
X-Policy
DSUID
Decoy-Debug-Status
Decoy-Debug-Key
X-Origin
X-Optimistic-Header
X-NodeID
X-Mvc-Supplant-Cachable
Fastly-SIE
Fastly-SWR
Fastly-GeoIP-CountryCode
X-Irp-Debug
X-Minions-Version
X-Loc
X-Origin-Response-Time
Decoy-Debug-TTL
Click-Count-Error
Cmsid
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Candidate-Md5Url
X-Planisys-CDN-TTL
Cmstype
Click-Count-Action-Start
X-B3-SpanId
Country-Code
X-Tx-Id
X-GG-Cache-Date
Cluster
X-S-Maxage
X-Branch-Name
Memcached
X-Fastly-Backend
X-Gamma-Serve
X-FC-Vary-Parameters
X-Developers
X-ATG-Version
X-Region-Sid
X-Is-Gdpr
X-V-Cache
X-Hnp-Log
X-Rocket-Nginx-Serving-Static
X-Has-Esi
X-Device-Os
X-Gen-Mode
X-SB
X-Ckpd-Fst-Backend
X-JWT-State
X-Var-Ttl
X-Fetched-On
X-Cdn-Srv
Wxu-Next-Hostname
Wxu-Next-Region
Canary
CDCHOST
User-Cache-Control
X-Block-Status
Server-Ext
Server-Hostname
Sever-Int
Datacenter
Wxu-Next-Commit
X-Cache-Remote
Svr
Fastly-Backend-Name
X-Scheme
X-Core-Value
X-Mvc-Supplant-OutputCached
X-Sucuri-ID
Thinkindot-Control
X-Sucuri-Cache
Thinkindot-CacheControl-Type
CloudFront-Viewer-Country
X-Thinkindot-L3
X-Worker
Server-Host
X-Gdpr
X-Nyt-Route
X-Geo-Header
X-LB-NoCache
X-Level-Front-Cache
X-NCache
X-HS-Content-Campaign-Id
TDXMobile
X-CMSURLCustom
X-Azure-Ref-OriginShield
X-Generated-On
X-Origin-Time
Thinkindot-CacheControl
X-Newrelic-App-Data
X-WA-Info
Cache-Tv-Group
X-Udemy-Cache-App-Namespace
AKAMAI
Pics-Label
X-ND-Cache
Cache-Hits
X-Tb-Optimization-Total-Bytes-Saved
SID
Ec-Rule-Version
WebServer
X-Presslabs-Stats
Ssr
Fastcgi-Cache-TTL
X-ZONE
Time
Memory
X-Nf-Request-Id
X-Rebelmouse-Surrogate-Control
X-Via-Popv
X-Via-Poph
X-Session-Fingerprint
X-Origin-Expires
X-Generated-In
X-Rebelmouse-Cache-Control
X-Via-Popn
X-Fastly-Cache
X-DC
Sid
Env
X-Refresh
X-Pod-Name
X-Up
X-Servedbyhost
Server-ID
Request-ID
AMP-Access-Control-Allow-Source-Origin
X-Pass-Why
X-Wa
X-Dispatch
X-Akamai-Transformed
X-Fpc
My-App
X-Tumblr-Pixel-3
X-Release
X-Cs
X-Edge-Pop
X-Buckets
X-Lambda-Id
X-Ig-Push-State
X-Cache-Date
X-Zone
X-NWS-UUID-VERIFY
X-MSEdge-Flight
X-NC
X-Esi
X-Conf
X-MSEdge-Features
X-EC-Lua
X-PX
X-VCL-Version
X-CS
X-MCACHE
X-ID
X-Req
X-Microcachable
CDN
X-Endurance-Cache-Level
X-Xrds-Location
X-Dmc
X-CACHE-AGE
X-LB-ID
GeoIp-Country-Code
X-B3-Spanid
X-TX-ID
True-Client-Country-4JS
True-Client-IP
Fastly-Drupal-Html
X-Webkit-CSP-Report-Only
X-NGINX-Cache
CacheControlHeader
Magicmarker
X-RateLimit-Reset
X-Vc
X-CACHE-KEY
X-Be
X-Op-Id-All
X-Wikidot-Backend
X-HS-Status
X-TH-Server
X-Wikidot-Static-Cache
X-CSRF-TOKEN
Hostname
X-TRACE-ID
Path
True-Client-Ip
X-GeoIP-Region-Code
GeoIP-Country-Code
X-GeoIP-Country-Code
Resin-Trace
X-Srv
X-Hyper-Cache
X-Check-Cacheable
X-Alfa-Service
WWW-Authenticate
X-Micro-Cache
X-M-Reqid
X-Air-Trace-Id
X-Accel-Expires-Debug
X-Air-Source
X-Date
X-Air-Hostname
X-M-Log
X-Vcl-Version
Tcn
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Air-Pt
X-App
Pramga
X-Client-Ip
Tracecode
X-Qnm-Cache
X-Varnish-Beresp-TTL
X-SERVER-NAME
X-LiteSpeed-Cache-Control
X-Edge-POP
X-RAMCache
Section-Io-Id
Section-Origin-Responded
X-Vercel-Id
Section-Io-Origin-Status
X-Vercel-Cache
Section-Io-Origin-Time-Seconds
X-Akamai-Pragma-Client-IP
C-Via
X-Old-Content-Length
X-Cache-Ttl
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
Yjs-Id
X-FPC
X-Datacenter
X-TrackingId
Proxy-Connection
N-Cache
Powered-By
YJS-ID
X-Webkit-Csp-Report-Only
X-Platform-Processor
X-Platform-Router
X-WA
On-Server
X-Mly-Id
Hit
Fastcgi-X-Cache-Version
X-Platform-Cluster
Esi-Enabled
X-Yandex-Sdch-Disable
X-PAYTM-SRV-ID
X-Geo
FSS-Cache
X-Platform
X-Via-CDN
X-API-Version
X-UA
X-Lb-Id
X-Webstats-RespID
X-Response-By
ENV
User-Agent
Server-Id
X-ServedByHost
Lb
X-Dw-Trace-Id
X-Cdn-Forward
HIT
X-Via-PopH
X-Director
X-Via-PopN
X-Contensis-Viewer-Groups
Cdn
X-Location
X-Cache-ASPX
X-Varnish-Authentication
X-Via-PopV
X-Node-Id
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Edge-Origin-Shield-Bytes
GeoIP-Latitude
X-Edge-Origin-Shield-Region
X-AIR-PT
Locid
X-FL-EDGE
X-FORWARDED-FOR
Srvid
X-SD-PageType
X-LAGOON
X-Traceid
X-Request-Start
X-From
X-Instance-Name
X-TT-LOGID
X-LI-UUID
X-CUA
X-Akamai-ERRuleID
X-LI-Proto
X-Li-Pop
Geoip-Latitude
X-Li-Fabric
X-Akamai-ERPolicy
Dnion-Transfer-Encoding
X-Server-IP
X-DataCenter
X-Service-Response-Time
Sm-Log-Id
Uri
Swift-Performance
XServer
Cache-Key
Nginx-CQVIP
X-DI
X-HA-Backend
X-RSL
X-RPS
X-RPM
X-DSS
X-DW
X-DB
Ohc-File-Size
X-Via-Ucdn
X-CF-Powered-By
X-Request-Url
X-Render-Time
X-LiteSpeed-Tag
PICS-Label
Location
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Cache-Expires
X-Cache-Backend
Vha6-Origin
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-Test
X-Lb-Nocache
M-TraceId
X-HostName
Wpo-Cache-Message
X-ApacheServer
X-PERF
DynaTrace
X-Proxy-Upstream
Server-Ttl
X-Cdn-Request-ID
X-Fastly-Backend-Reqs
Wpo-Cache-Status
X-Proxy-CacheRZ
Warning
CountryCode
X-Cache-Ngx
X-Ips-Loggedin
Wp-Super-Cache
XkeyRZ
X-Serial
CF-Cached-On
X-Moov-Xdn-Version
Cneonction
X-Th-Server
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Mg-Cache
WZWS-RAY
PFcat
XM
X-Proxy-Cache-Hk
SRV
X-HN
X-VarnishDD-TTL
X-Moov-T
X-ElasticPress-Query
Req-ID
Fastcgi-Cache-Ttl
X-Yottaa-OS