Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Request-ID
X-Cacheable
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
Timing-Allow-Origin
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
Upgrade
X-CDN
Access-Control-Max-Age
CF-Ray
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
X-Dns-Prefetch-Control
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
Host-Header
X-Ws-Request-Id
X-Hacker
X-Server-Powered-By
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
X-Amz-Version-Id
X-LiteSpeed-Cache
Grace
EagleId
X-Dispatcher
Cf-Edge-Cache
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Aws-Lambda-Call-Status
X-Host
X-Node
Accept-CH
Cf-Railgun
X-Pingback
X-Akamai-Path-Stats
X-Server-Id
X-Cache-Spec
X-OneAgent-JS-Injection
Surrogate-Control
X-Backend-Server
X-Akam-SW-Version
Request-Id
EagleEye-TraceId
X-Response-Time
X-Cache-Lookup
X-Readtime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-HW
Accept-CH-Lifetime
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Application-Context
Rating
X-Trace
Fastly-Restarts
Accept-Ch-Lifetime
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Country
X-Nginx-Upstream-Cache-Status
X-Url
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Edge
X-B3-TraceId
X-Oneagent-Js-Injection
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Mod-Pagespeed
X-CST
X-Ruxit-Js-Agent
X-Content-Type
X-Vcap-Request-Id
X-ESI
Verso
X-D2id
X-Mcache
X-GitHub-Request-Id
X-Use-Magma
Xkey
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
Cache-Tag
X-FastCGI-Cache
X-Amz-Rid
X-Powered-By-Plesk
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Varnish-TTL
RTSS
X-VARITI-CCR
X-Navigation-Version
X-ECACHE
X-Version
X-Upstream
X-Abt-Application-Version
X-Client-IP
X-Cached
X-Ac
X-Cnection
X-Dw-Request-Base-Id
Cf-Apo-Via
X-Server-Name
X-Element-Page-Cache
Arr-Disable-Session-Affinity
X-SharePointHealthScore
SPRequestGuid
X-Px
Permissions-Policy
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Accept-Ch
X-Ttl
SPRequestDuration
SPIisLatency
Public-Key-Pins
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Country-Code
X-Cache-TTL
X-NWS-LOG-UUID
X-Middleton-Response
Response
X-Ser
X-Cache-Key
X-Midtier
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-RateLimit-Remaining
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-For
Content-MD5
X-NF-Request-ID
X-Correlation-Id
Access-Control-Request-Method
X-DataDome
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
X-T
X-Recruiting
TP-L2-Cache
TP-Cache
AR-SID
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-HP-Webp
Edge-Cache-Tag
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-HP-Trace-Id
X-Jurisdiction
Nginx-Cache
MicrosoftSharePointTeamServices
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Accel-Expires
X-Daa-Tunnel
X-Mg-S
X-Powered-CMS
X-Grace
X-RateLimit-Limit
X-Content-Digest
TCN
X-Hits
X-Request-Received
X-Request-Processing-Time
Filters
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Amzn-Trace-Id
X-Id
Server-Node
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
Server-Name
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
MS-Author-Via
X-PressLabs-Stats
Fastcgi-Cache
X-Geo-Country
X-Frontend
X-Distributor
X-XRDS-Location
X-Webkit-Csp
X-Fastly-Request-Id
X-Origin-Server
S
X-Ezoic-Cdn
Count-Hit
X-Ua-Browser
X-Protected-By
X-LLID
X-Ab
Filterid
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Proto
X-F-Cache
X-Language
Cache-Status
Charset
Payment
X-Ratelimit-Reset
X-Seen-By
X-Microsite
X-Request-Handler-Origin-Region
X-LB-Cache
X-B3-Sampled
X-FB-Debug
Cross-Origin-Opener-Policy
X-Page-Id
Host
X-Git-Hash
X-ASPNET-VERSION
X-VCache
X-Fastcgi-Cache
X-TTL
X-Cluster-Name
Surrogate-Key
X-Rid
Realpath
X-Www-Served-By
Cache-Tags
Accept-Charset
Retry-After
X-Logged-In
X-Cdn
X-Origin-Cache
Access-Control-Allow-Method
Alternate-Protocol
X-Upgrade-Enabled
X-Source
X-NGENIX-Cache
X-Cache-Age
X-AppVersion
X-Activity-Id
X-Az
X-Varnish-Backend
X-DIS-Request-ID
X-Type
X-Template
X-Amz-Replication-Status
X-Wix-Request-Id
X-Route-Name
X-Signature
X-Request-Guid
X-B-Cache
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
ServerID
Cleartype
X-TT
Paypal-Debug-Id
DC
X-B
X-Envoy-Decorator-Operation
X-Tb
X-App-Environment
X-Varnish-Grace
X-Litespeed-Cache
X-Hostname
X-Node-Name
X-DynaTrace
X-Revision
Frame-Options
X-Drupal-Cache-Tags
X-Contextid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Proxy
Pinterest-Version
X-Pinterest-Rid
X-Fastly-Request-ID
Pinterest-Generated-By
X-Tt-Trace-Host
X-Cache-Rule
X-Tt-Trace-Tag
X-Debug
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Mobile
Refresh
X-Content-Options
X-Load-Cache
X-EdgeConnect-Cache-Status
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-N
Country
Node
X-Magnolia-Registration
NGB
Referer-Policy
X-Response-Served-From
X-Original-Request-Id
X-XRDS-LOCATION
Akamai-GRN
X-NYM-Debug-Backend
X-Status
X-Varnish-Age
X-L-Path
X-Varnish-Server
X-Debug-IsPreview
Content-Disposition
X-Instance
X-Environment-Context
X-Debug-IsConnected
X-Rendered-As
X-Content-Powered-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-TTL-Remaining
X-Is-Bot
X-Page-View
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Real-IP
X-Servername
Viewport
X-Cache-Time
Access-Control-Request-Headers
X-User-Agent
X-Cache-Grace
X-Cacheable-TTL
X-Akamai-Request-ID2
X-Adobe-Loc
Url
X-Adobe-Content
X-Whom
Uber-Trace-Id
X-Jobs
X-G
X-Framework
X-Ratelimit-Remaining
Srv
X-Mid
X-Unique-Id
X-ProcessESI
Cross-Origin-Resource-Policy
X-RemovedCookies
X-COUNTRY
Countrycode
X-Oracle-Dms-Ecid
X-Drupal-Cache-Contexts
X-Trace-Id
X-Cache-Expired-At
X-Via-JSL
X-CDN-Forward
X-Oracle-Dms-Rid
X-Time
Version
X-Content
X-Cache-Hit
X-URL
Accept-Language
X-APP-VERSION
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Api-Version
X-Mg-Request-UUID
X-Http-Reason
X-Cache-Operation
Protected
X-Backend-Name
X-App-Server
Healthy
X-Rule
X-Restarts
X-Debug-Info
X-Azure-Ref
X-IPLB-Instance
X-IPLB-Request-ID
Content-Secure-Policy
X-Cache-Action
X-Akamai-Edgescape
Section-Io-Cache
X-Ratelimit-Limit
X-Hosted-By
X-Server-ID
X-Generation-Time
X-VC-Cache
Backend
GEO-INFO
X-SRV
X-FW-Type
Liferay-Portal
X-Nginx-Cache-Key
X-Device-Type
X-FW-Dynamic
X-FW-Serve
Server-Info
X-FW-Hash
X-FW-Static
X-FW-Server
X-Tt-Logid
Xserver
Load-Balancing
X-Mobile-URL
X-RN-RSRV
Meta-Geo
X-UPSTREAM-Address
X-RTag
Ms-Operation-Id
MS-CV
Onion-Location
X-Generated-By
X-Storage
X-HTML-Minification-Powered-By
X-Access
X-FireWall-Port
X-Cms-Context
X-Mode
X-Format
X-Locale
Azure-SlotName
Azure-Version
CF-IPCountry
X-OCL
Azure-SiteName
X-PCL
X-Section
Azure-InstanceId
Azure-RegionName
Eomportal-Instance
X-Handled-By
X-Content-Age
S-Rt
Webcakes-Region
TWC-GeoIP-Country
CDN-RequestId
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
Property-Id
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
CDN-Uid
Webcakes-App-Version
CDN-RequestCountryCode
CDN-Cache
X-PHP-Host
X-Proto
X-Labrador-Cache-Channel
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
X-R9-Blue-Green-Version
Cache-Name
X-Say-TTL
X-Varnish-Cache-Hits
X-SaId
X-SayCDN-TTL
X-Redis-Cache
X-ShardId
X-ShopId
X-Shopify-Stage
X-Urbn-Site-Id
X-Cache-Server
X-Varnish-Beresp-Grace
X-Cache-Host
Web-Mar-Node
X-Alternate-Cache-Key
X-Urbn-Context-Path
X-Sql-Duration-Ms
X-Origin-Hint
X-Site-Version
X-Sorting-Hat-PodId
X-JoinUs
X-Sql-Count
X-Sorting-Hat-ShopId
Locale
X-Say-Cacheable
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Proxied
X-AWS-Id
X-VWS-Id
X-Via-Fastly
X-Server-W
X-Skip-Cache
X-Storefront-Renderer-Rendered
Apigw-Requestid
X-Varnishpool
X-Proxy-Cache-Status
X-Adobe-Source
X-PHP-Backend
X-Cache-Type
X-Xfnlog-Site
X-GeoCode
X-Region
X-No-Session
X-LJ-Flow-ID
X-Forwarded-Host
X-GeoCountry
X-Detected-As
X-Routing-Service
X-Extlb
X-Zipkin-Id
X-Edge-Location
Fastcgi-Useragent
X-Timing-Wait
Selected-Fe
X-Hl-Ver
Mn-Server-Ip
X-Tid
X-Varnish-Hostname
X-Proxy-Build
X-Cache-Status-Check
X-DynaTrace-JS-Agent
X-Ms-Request-Id
X-ProxyCache-Key
X-Uri
WP-Super-Cache
X-UA-Device-Type
X-ProxyCache-Status
X-Request-Time
X-Ms-Version
X-BYPASS-REASON
X-ServerID
DB-Nickname
X-Web-Node
X-FB-TRIP-ID
X-ECache
X-Cache-NGX
X-Cache-Enabled
X-WP-CF-Super-Cache
X-Nginx-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Provided-By
X-UUID
X-Ua
X-Varnish-Ttl
X-Amzn-Remapped-Content-Length
X-Loop
X-TNCMS
X-Dc
X-Origin-Date
X-Reqid
X-Datadome
X-Vgn-Hpd-Reason
X-LSADC-Cache
X-Pubstack
Xet-Cookie
X-Zen-Fury
X-Soup
X-Tumblr-Pixel-2
ServedBy
X-Newrelic-Synthetics
X-App-Version
X-Aspnetmvc-Version
X-Correlation-ID
X-Service
X-MP-GENERATED-AT
X-Origin-CC
X-Origin-TTL
Origin
X-Webkit-CSP
Cache
X-Human
X-TA-CDN-Provider
X-GEO
From-Origin
X-RCS-CacheZone
Source
X-Cache-Tags
X-Cached-By
Cross-Origin-Window-Policy
X-Varnish-Hits
X-Cache-Debug
X-Varnish-Beresp-Ttl
WPO-Cache-Message
WPO-Cache-Status
X-Debug-Cache
X-TIME
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
SD-X-WS
LB
MD5-Digest
Rendered-Blocks
BehaviorPad-Version
X-ScT
X-NewRelic-App-Data
X-B3-Traceid
X-Request-Host
Rip
Host-ID
A
DCR-Decision-By
CPC-Cache
CPC-Age
DCR-Processing-Time-Ms
VNS-Cache
X-Parent-Response-Time
X-Orig-Expires
X-PBS-Appsvrname
X-Processor
X-Rewrite-Enabled
X-NAPM-TraceId
X-External-Request-Id
X-Destination
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-Rojux
X-S
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
Xc-Version
X-User
X-TIM-N
X-S-Cookie
X-Shop-Environment
X-SRCache-Key
X-Tenant
X-D
X-Connection-Hash
Surrogated-Key
T-Server
VNS-Age
X-A
Sslversion
Odigeo-Trace-Id
Expiry
Lang
Meta-Geo-Continent
Ngx.Var.Host
X-A-Ccd
X-A-Dam
X-B-Cookie
X-Bc-Bl
X-BCube-Filmed-By
X-Cache-NE
X-ARC
X-Application
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Aed
Environment
X-Forwarded-Path
Webserver
X-AOL-HN
Fastly-Drupal-HTML
X-FW-Version
X-Accel-Buffering
X-Aicache-OS
Upgrade-Insecure-Requests
X-AK-Request-ID
X-Gdpr
X-Owner
X-Nyt-Route
Cdncip
Cdnsip
X-Dispatcher-Number
X-Cluster
Redirect-Candidate
X-Origin-Time
Fastly-Backend-Name
X-Core-Value
Server-Host
X-Cdn-Srv
X-Trace-ID
X-Auto-Login
X-Has-Esi
X-Worker
X-Sucuri-ID
Mime-Version
X-IPS-LoggedIn
X-Platform-Server
X-Sucuri-Cache
X-Level-Front-Cache
X-Geo-Header
X-Generated-On
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-JWT-State
X-Developers
AKAMAI
OT-Force-Account-Verify
Svr
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
State
X-Varnish-CookieINHashed-On
Req-Svc-Chain
Servername
V-Age
Vix-Hermes-Req-Id
X-Thanos
X-Served-From
X-Scheme
X-Var-Ttl
Web-Mar-Region
X-Varnish-Remaining-TTL
X-Variation
X-Scale
Producers
Fastly-SIE
Fastly-SSL
Fastly-SWR
Fastly-GeoIP-CountryCode
X-Wix-Viewer-Type
Decoy-Debug-Status
Decoy-Debug-TTL
Gh-Request-Id
Is-Eu
X-VG-TLSProxy
Mobile-Detection-Method
Platform
Machine
L
X-WADP-Cache
X-Viewer-Country
X-SB
X-Rocket-Nginx-Serving-Static
X-DefHash
X-Optimistic-Header
X-NodeID
X-DefElseHash
X-Clientip
Decoy-Debug-Key
X-Origin
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-NCache
X-Gamma-Serve
X-Gzip
X-Forwarded-Site
X-Fmm-Version
X-Esi-Check
X-Fastly-Backend
X-Planisys-CDN-Cache
X-Clara-WADP
X-RateLimit-Limit-Second
X-Qloud-Router
X-ATG-Version
X-RateLimit-Remaining-Second
X-Region-Sid
X-Request-URI
X-Ad-Defer-Variation
X-Pool
X-Azure-Ref-OriginShield
X-Cache-Id
X-Cache-Info
X-Planisys-CDN-Rules
X-Cache-Bucket
X-Bip
X-BBC-Edge-Cache-Status
X-Planisys-CDN-TTL
X-Minions-Version
X-Slack-Backend
Cluster
Cmsid
Cmstype
Adler-Geo
Apple-News-Services-Host
Candidate-Md5Url
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Country-Code
Apple-News-Services-Handled
HostName
Thinkindot-Control
Thinkindot-CacheControl
X-Cluster-Node
X-Thinkindot-L3
X-Newrelic-App-Data
X-WP-CF-Super-Cache-Active
Thinkindot-CacheControl-Type
TDXMobile
X-INCAP-ABP
X-CMSURLCustom
X-CSRF-Token
X-B3-SpanId
X-Core-Mission
X-Ckpd-Fst-Backend
X-Csrf-Jwt
X-Datadog-Parent-Id
Wxu-Next-Commit
X-Datadog-Sampling-Priority
X-CGP
X-Cdn-Origin
X-Block-Status
We-Hiring
Wxu-Next-Region
X-Branch-Name
X-CacheTTL
Wxu-Next-Hostname
X-Eu-Site
WebServer
X-Sigma
X-S-Maxage
X-VC
X-Proxy-Cache-Info
X-Rocket-Build-Number
X-Sigma-Backend
X-SIPLIST1
X-V-Cache
X-VServer
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-SplitTest
X-Policy
X-Origin-Response-Time
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-FC-Vary-Parameters
X-Epic-Correlation-Id
User-Cache-Control
X-Gen-Mode
X-GeoIP-City
X-Loc
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Hnp-Log
X-Hash
X-Datadog-Trace-Id
X-Gateway-Request-Id
L5d-Success-Class
CDCHOST
DSUID
Click-Count-Action-Start
Datacenter
Kp-EeAlive
Cache-Host
Ha-Gx-Prefs
HA-Ipaddr
Release
Server-Ext
Click-Count-Error
Mail-Subject
Memcached
Tube-Got-Eval
NM-Fastcgi-Cache
Sever-Int
Tube-Got-Results
Tube-Return
Tube-Get-Contents
IsBot
Origin-EX
Server-Hostname
Origin-CC
NGX
Traceparent
X-Esi
X-GeoIP
X-Device-Os
Canary
X-Fetched-On
Ec-Rule-Version
X-LB-NoCache
X-ND-Cache
X-Udemy-Cache-App-Namespace
X-Via-NSCOPI
X-Mvc-Supplant-OutputCached
X-Tx-Id
CloudFront-Viewer-Country
X-Cache-Remote
X-GG-Cache-Date
Pics-Label
Sid
AMP-Access-Control-Allow-Source-Origin
X-WA-Info
X-Nf-Request-Id
X-Pass-Why
Cache-Tv-Group
Memory
X-Up
Fastcgi-Cache-TTL
Time
X-Tumblr-Pixel-3
X-ZONE
Cache-Hits
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Poph
Request-ID
X-Via-Popv
X-Via-Popn
X-Session-Fingerprint
X-Refresh
X-Akamai-Transformed
SID
X-Fastly-Cache
Ssr
Server-ID
X-Pod-Name
X-Origin-Expires
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Cs
X-Generated-In
X-Lambda-Id
X-Servedbyhost
X-Edge-Pop
Env
X-Release
My-App
X-Dispatch
X-Wa
X-DC
X-CACHE-AGE
X-Zone
X-Req
X-Fpc
X-Presslabs-Stats
X-NWS-UUID-VERIFY
X-PX
X-Ig-Push-State
X-LB-ID
X-Cache-Date
GeoIp-Country-Code
X-ID
X-TX-ID
X-EC-Lua
CDN
X-Buckets
X-Endurance-Cache-Level
X-MSEdge-Flight
X-NC
X-Xrds-Location
CacheControlHeader
True-Client-Country-4JS
X-MSEdge-Features
X-Conf
X-Microcachable
X-VCL-Version
True-Client-IP
X-B3-Spanid
X-Vc
X-Webkit-CSP-Report-Only
X-CSRF-TOKEN
Hostname
X-NGINX-Cache
X-Op-Id-All
X-TH-Server
X-Dmc
X-CS
X-CACHE-KEY
Fastly-Drupal-Html
Tcn
X-TRACE-ID
X-GeoIP-Region-Code
Magicmarker
X-HS-Status
X-GeoIP-Country-Code
X-Be
X-Accel-Expires-Debug
X-Vcl-Version
X-Date
X-Check-Cacheable
X-Wikidot-Backend
WWW-Authenticate
X-Wikidot-Static-Cache
X-MCACHE
X-Srv
X-RateLimit-Reset
Resin-Trace
Path
X-RAMCache
X-Hyper-Cache
X-Vercel-Id
X-Alfa-Service
X-Old-Content-Length
X-Vercel-Cache
True-Client-Ip
X-Varnish-Beresp-TTL
X-SERVER-NAME
X-CF-Lambda-Fn
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Pramga
Section-Io-Origin-Status
X-CF-Lambda-Version
X-Akamai-Pragma-Client-IP
X-LiteSpeed-Cache-Control
GeoIP-Country-Code
X-Micro-Cache
Powered-By
X-M-Reqid
X-FPC
X-Datacenter
Section-Io-Id
X-M-Log
X-Geo
X-CLOUD-TRACE-CONTEXT
Yjs-Id
X-Cache-Ttl
X-Air-Trace-Id
Tracecode
X-Air-Hostname
X-Air-Source
Proxy-Connection
X-WA
X-App
X-Qnm-Cache
X-Air-Pt
YJS-ID
X-Edge-POP
X-Location
C-Via
ENV
X-Mly-Id
X-ServedByHost
X-Via-CDN
FSS-Cache
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-API-Version
Server-Id
X-Lb-Id
X-Platform-Router
X-Platform-Processor
N-Cache
X-Platform-Cluster
X-Webstats-RespID
X-Akamai-ERRuleID
X-TrackingId
Lb
X-Akamai-ERPolicy
User-Agent
X-Response-By
X-Director
X-TT-LOGID
NtCoent-Length
X-Cdn-Forward
X-Via-PopH
X-Via-PopN
HIT
X-Via-PopV
X-PAYTM-SRV-ID
Hit
Esi-Enabled
X-Server-IP
On-Server
Cdn
X-Platform
X-Client-Ip
Fastcgi-X-Cache-Version
X-Service-Response-Time
X-DataCenter
X-AIR-PT
Sm-Log-Id
X-Dw-Trace-Id
X-From
Uri
X-FL-EDGE
Swift-Performance
X-Instance-Name
X-Test
Location
X-Traceid
Locid
Srvid
X-HA-Backend
X-Li-Fabric
X-Li-Pop
X-FORWARDED-FOR
Geoip-Latitude
Dnion-Transfer-Encoding
X-LI-UUID
X-LI-Proto
X-CUA
X-LiteSpeed-Tag
X-UA
XServer
X-DB
GeoIP-Latitude
X-DI
X-Request-Url
X-RPS
X-Node-Id
X-CF-Powered-By
X-RSL
M-TraceId
X-DW
X-RPM
X-DSS
Ohc-File-Size
X-Vtex-Remote-Cache
X-Cache-Expires
PICS-Label
Nginx-CQVIP
X-Vtex-Processado-Em
X-Cache-Backend
X-Wp-Cf-Super-Cache
X-Cc-Via
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
X-Cache-Proxy
Vha6-Origin
X-Conten-Type-Options
X-LAGOON
X-Fastly-Cache-Hits
X-We-Are-Hiring
X-PERF
Wpo-Cache-Status
X-Fastly-Backend-Reqs
X-ApacheServer
X-Render-Time
X-Request-Start
X-B3-ParentSpanId
X-Lb-Nocache
X-SD-PageType
X-Cdn-Request-ID
Wpo-Cache-Message
X-HostName
Wp-Super-Cache
CountryCode
X-Cache-Ngx
Warning
X-Ips-Loggedin
X-Kebabable
X-Keep
X-LbNode
X-Loadbalancer
X-Kebab
X-Ittl
X-IBD-Cache
X-Header-Sub
X-IBD-SID
X-Matched-Rule
X-Is-SSL
X-Container-Uri
X-N-OperationId
X-NS-Authorization
X-NFL-Geo
X-Ntj-Investigation-Id
X-NXG
X-Nyt-Data-Last-Modified
X-NFL-Dma
X-Newegg-Index
X-MTS-Cache
X-Group
X-Nerd
X-Newegg-Flow
X-Matome-Cached
X-Git-Commit
X-Ee-Request-Id
X-Ee-Request-Date
X-Eid
X-Delivery
X-Dehri-Date
X-Ee-Origin
X-Developed-By
X-Edge-IP
X-DT-Node
X-Doge
X-Ee-Generated-By
X-Dcm-Pdtf
X-ETag
X-Full-Ttl
X-GG-Cache-Status
X-Odoo-Frontend
X-Global-Transaction-ID
X-Fstrz
X-Frame-Option
X-Eventloop-Lag
X-F-Status
X-Farm
X-Fastly-Is-Edge
X-GoCache-CacheStatus
X-SVR-IIS
X-U-Cache
X-True-Client-Ip
X-Upstream-State
X-User-Auth
X-Utime
X-Tried-To-Kebabify
X-Toujours-Debout-Location
X-Svr-Proxy
X-Colour
X-Test-Nginx-Ingress
X-Timestamp
X-Toujours-Debout-Branch
X-V2-Infrastructure
X-Vary-Devices
X-YSpaceId
X-Xms-Page-Cache-Actions
XV-Cache
XV-H
Timeexpire
X-WSR2
X-WP-Bypass
X-Ver
X-Wag-Acs
X-Waitingroom
X-Web-Hosting
X-Stack-Name
X-SSLProxy
X-Pver
X-PGF-Deflate
X-R-Cache
X-Reboot
X-Redis
X-PG-ACCESS
X-Paywall
X-Origin-Ops
X-Onedio-Env
X-OVcl
X-OVcl-Cache
X-PageType
X-Render-Method
X-Request-Origin
X-Site
X-Sh
X-Slack-Shared-Secret-Outcome
X-SMP-JWT
X-Square
X-ServiceName
X-Server-L
X-Route
X-Route-Akamai
X-Ruby
X-Save-Cache
X-Okws-Version
X-Akamai-CacheKeyMod
NB-ESI
Joe-X
Nikkei-App-Version
NLCacheNote
Npm-Cost
Is-Https
HTTPProtocol
Deeplink
CMS-200
Ec-Policy-Id
H1
HServer
Npm-Remaining
Ns
RawURL
Proxy-Cache
Region
Request-Uuid
Rt-Proxy-Cache
Panzer-Cache-Control
Origin-Site
Ns-Ua
Ok-Cache-Status
OK-Edge-Date
Ok-Edge-Key
Cluster-Host
Cf-Wrk
WZWS-RAY
DynaTrace
X-Mg-Cache
X-ElasticPress-Query
X-Yottaa-OS
SRV
X-Via-Ucdn
Fastcgi-Cache-Ttl
Req-ID
X-Moov-Xdn-Version
X-Moov-T
CF-Cached-On
Cache-Key
Cachekey
Cache-Stat
Cdn-Country-Code
Cf-Device-Type
Cf-Locale
Akamai-X-Url
X-Th-Server
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Cneonction
X-Serial
Scheme
Selected-Route
X-AspNetWebPages-Version
X-ASF-Cache
X-Backend-TTL
X-Backside-Transport
X-BeanStalkRole
X-ARRRG1
X-Arena-Request-Id
X-Akamai-Native
X-Akamai-DeviceType
X-Amz-Meta-Cb-Modifiedtime
X-Apache-Server
X-Ar-Stats
X-BeanStalkStage
X-Cache-Cookie
X-CDN-Pop
X-CacheVersion
X-CDN-Pop-IP
X-Cf-Node-Idx
X-Cms-Device
X-Cache-Response
X-Cache-ReqUri
X-Cache-IsMobileDevice
X-Cache-Length
X-Cache-NPR
X-Cache-Reason
X-Akamai-DeviceOS
X-AEO-Platform
T-Request-Id
Sw
Technodrome
Time-Cloud-Cache
Ttl
Store-Cloud-Cache
SII
Served
Service-Uuid
SFRVia
Shieldsquare-Response
TWC-AK-Req-ID
TWC-PATH-LOCALE
X-Accel-Version
X-77-NZT-Ray
X-Accepted-Fulllang
X-Accepted-Language
X-Accor-Asset
X-77-NZT
Vttl
TWC-Subs
TWC-Unit
Uniqueid
Userver
X-Coindesk-Cache