Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
ETag
Pragma
CF-RAY
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
CF-Ray
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
X-Request-ID
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
EagleId
X-Age
X-Akamai-Path-Stats
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-Proxy-Cache
X-UA-Device
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
X-Dispatcher
CONTENT-SECURITY-POLICY
X-WebKit-CSP
Allow
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
X-ASPNET-VERSION
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-Url
X-Trace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-PC
X-Vname
X-TtlSet
Accept-Ch
X-Clacks-Overhead
RTSS
X-Server-Name
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
Cache-Tag
X-Amz-Server-Side-Encryption
X-Content-Type
X-B3-TraceId
X-Vcap-Request-Id
X-ESI
X-Dw-Request-Base-Id
X-Amz-Rid
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Variant
Public-Key-Pins
X-Px
X-Cnection
X-FastCGI-Cache
X-D2id
X-Ac
X-RateLimit-Remaining
X-Edge
X-Navigation-Version
X-Element-Page-Cache
Verso
X-Ser
Display
X-Middleton-Display
X-Client-IP
X-Sol
Pagespeed
X-Abt-Application-Version
X-Powered-By-Plesk
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
X-Ttl
X-Correlation-Id
Access-Control-Request-Method
X-Goog-Hash
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
X-Kinsta-Cache
X-Content-Security-Policy-Report-Only
X-Edge-Location-Klb
AR-Request-ID
AR-PoweredBy
X-Cached
AR-SID
AR-ATIME
AR-CACHE
SPRequestGuid
X-SharePointHealthScore
X-LLID
X-Powered-CMS
X-Upstream
X-RateLimit-Limit
Edge-Cache-Tag
X-NWS-LOG-UUID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Litespeed-Cache
X-TTL
X-Cache-Key
X-Forwarded-For
Nginx-Cache
Content-MD5
X-Id
X-MSEdge-Ref
MRF-Tech
Mrf-Cache-Status
X-Shield-Request-Id
TCN
X-T
X-B3-TraceId-Primal
X-Recruiting
X-Daa-Tunnel
X-TEC-API-ORIGIN
S
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Digest
X-Webkit-Csp
X-Ua-Device
X-Mg-S
X-ECACHE
MS-Author-Via
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HP-Webp
X-Accel-Expires
X-HP-Trace-Id
X-Jurisdiction
X-Ezoic-Cdn
X-Protected-By
X-DataDome
MicrosoftSharePointTeamServices
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Content
X-Frontend
X-Grace
X-Ua-Browser
X-Ab
X-Request-Processing-Time
X-Request-Received
Front-End-Https
Server-Node
Filters
X-Server-ID
TP-L2-Cache
TP-Cache
X-Yandex-Sdch-Disable
X-DynaTrace
X-WebKit-CSP-Report-Only
X-Origin-Server
X-Distributor
X-Mid
Fastcgi-Cache
X-Hits
X-PressLabs-Stats
X-Geo-Country
X-Request-Handler-Origin-Region
X-Microsite
X-Amzn-Trace-Id
X-Ratelimit-Reset
X-Tt-Trace-Tag
X-Tt-Trace-Host
Charset
Cleartype
X-Debug-Info
X-LB-Cache
X-Git-Hash
Host
X-F-Cache
X-Page-Id
X-ORACLE-DMS-ECID
X-B3-Sampled
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-ORACLE-DMS-RID
X-DIS-Request-ID
X-Cache-Age
X-Www-Served-By
X-MCACHE
Pinterest-Generated-By
X-Pinterest-Rid
X-Seen-By
Pinterest-Version
Access-Control-Allow-Method
Cache-Status
ServerID
X-AppVersion
X-Activity-Id
X-Az
Realpath
Accept-Charset
X-Aspnetmvc-Version
Cache-Tags
Filterid
X-Varnish-Age
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Language
X-Content-Options
X-Rid
X-Type
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-App-Environment
Retry-After
X-Fastly-Request-Id
X-Upgrade-Enabled
Viewport
X-Origin-Cache
X-Varnish-Grace
Server-Name
Country
Node
X-Varnish-Backend
X-Request-Guid
X-Route-Name
X-Drupal-Cache-Tags
X-Signature
X-Flags
X-B-Cache
X-FB-Debug
X-Wix-Request-Id
X-Providence-Cookie
Paypal-Debug-Id
X-Tb
X-Whom
DC
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Oneagent-Js-Injection
X-User-Agent
X-Mobile-URL
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-XRDS-LOCATION
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-TT
X-VCache
X-Goog-Stored-Content-Length
X-NWS-UUID-VERIFY
Fastcgi-Useragent
Protected
X-B
X-Debug
WPO-Cache-Message
WPO-Cache-Status
X-Via-JSL
X-N
X-Logged-In
X-Amz-Replication-Status
X-Cache-NGX
Permissions-Policy
X-XRDS-Location
Payment
X-Amz-Meta-S3cmd-Attrs
X-Load-Cache
X-Contextid
X-Mcache
Surrogate-Key
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Request-ID
X-Template
X-Node-Name
Count-Hit
Healthy
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Dynamic
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-Mobile
Content-Disposition
Refresh
X-Proxy
Akamai-GRN
X-Is-Bot
X-G
X-Cache-Time
X-Akamai-Request-ID2
X-Jobs
X-Zen-Fury
X-Revision
X-Rendered-As
X-Trace-Id
X-Real-IP
X-UUID
Alternate-Protocol
Uber-Trace-Id
X-Cacheable-TTL
X-Page-View
X-Http-Reason
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
X-Adobe-Content
X-Adobe-Loc
X-Proxy-Cache-Status
Url
NGB
VIX-Pulpo-Upstream-Status
X-Instance
X-Device-Type
X-Framework
VIX-Pulpo-Node
X-Hostname
X-Servername
X-Debug-IsPreview
X-Yottaa-Metrics
X-Yottaa-Optimizations
Access-Control-Request-Headers
X-Debug-IsConnected
X-Restarts
X-Cache-Grace
X-NGENIX-Cache
X-IPLB-Instance
X-ECache
X-B3-Traceid
X-Mg-Request-UUID
X-Varnish-Server
Version
X-Source
X-L-Path
X-Environment-Context
Accept-Language
X-EdgeConnect-Cache-Status
X-Datadome
X-HTML-Minification-Powered-By
X-Fastcgi-Cache
MS-CV
X-Cache-Rule
X-RTag
X-Cache-Hit
Ms-Operation-Id
X-Vgn-Hpd-Reason
From-Origin
X-Cache-Expired-At
Countrycode
Frame-Options
X-Midtier
Referer-Policy
X-NYM-Debug-Backend
Liferay-Portal
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Parallel-Accel
X-APP-VERSION
X-Tumblr-Pixel-1
Backend
X-COUNTRY
X-FW-Version
X-IPS-LoggedIn
X-Nginx-Cache
Content-Secure-Policy
X-Hosted-By
Section-Io-Cache
Upgrade-Insecure-Requests
X-RN-RSRV
X-UPSTREAM-Address
X-Redis-Cache
Meta-Geo
X-Cache-Server
X-OCL
X-Ua
X-Detected-As
X-No-Session
X-PCL
X-Unique-Id
X-Content-Age
X-ProcessESI
X-RemovedCookies
X-Generation-Time
X-Section
TWC-GeoIP-LatLong
S-Rt
X-Via-Fastly
X-Varnish-Cache-Hits
TWC-Device-Class
X-Site-Version
X-Sql-Duration-Ms
X-Sql-Count
TWC-GeoIP-Country
X-Urbn-Context-Path
X-Server-W
X-Uri
X-Urbn-Site-Id
X-UA-Device-Type
X-Cache-Enabled
X-Format
Locale
X-PHP-Backend
X-Cluster-Node
X-Access
X-Be
Fastly-SSL
X-Origin-Hint
TWC-Locale-Group
Cache-Tv-Group
Azure-Version
X-Human
Webcakes-Region
Azure-SlotName
Property-Id
X-FB-TRIP-ID
Webcakes-App-Name
Azure-InstanceId
Apigw-Requestid
Mn-Server-Ip
X-Region
Azure-SiteName
Webcakes-App-Version
TWC-Privacy
Azure-RegionName
X-Request-Time
TWC-Connection-Speed
CF-IPCountry
X-Cache-Action
X-Mode
CDN-Uid
CDN-RequestId
Ec-Rule-Version
Eomportal-Instance
X-Say-TTL
CDN-RequestCountryCode
CDN-PullZone
X-SayCDN-TTL
X-Sorting-Hat-ShopId
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-ApacheServer
X-Cache-Host
X-Akamai-Edgescape
X-Xfnlog-Site
X-AOL-HN
X-Generated-By
X-Origin-Date
X-Ratelimit-Remaining
X-Storage
X-Sorting-Hat-PodId
X-Locale
X-Nginx-Cache-Key
X-PERF
X-Status
X-Say-Cacheable
X-Debug-Cache
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShardId
X-ShopId
X-Routing-Service
X-SaId
X-Tid
X-Cache-Type
X-Webkit-CSP
X-Zipkin-Id
X-ProxyCache-Status
X-Proxied
X-Content-Powered-By
X-BYPASS-REASON
X-Extlb
X-Handled-By
X-Forwarded-Host
X-JoinUs
X-ProxyCache-Key
X-Varnishpool
X-Cache-Tags
X-PHP-Host
X-Platform-Server
X-Labrador-Cache-Channel
X-Web-Node
X-Cms-Context
X-Adobe-Source
X-ServerID
X-NewRelic-App-Data
X-AWS-Id
X-VWS-Id
WP-Super-Cache
X-LJ-Flow-ID
X-Proxy-Build
Selected-Fe
X-Timing-Wait
X-GG-Cache-Date
X-Backend-Name
X-Hl-Ver
X-VC-Cache
ServedBy
X-Hyper-Cache
X-Edge-Location
X-Storefront-Renderer-Rendered
Load-Balancing
X-TT-LOGID
Webserver
X-Proto
X-LSADC-Cache
Fastly-Drupal-Html
Mime-Version
Web-Mar-Node
SRV
X-Cache-Operation
X-TA-CDN-Provider
X-Dc
X-Rule
X-CDN-Forward
Onion-Location
X-GeoCode
X-Cached-By
X-GeoCountry
X-GEO
SID
X-Rewrite-Enabled
X-Soup
X-Accel-Buffering
X-Cache-Remote
X-Cdn
X-Varnish-Hostname
X-SRV
Cache-Hits
Xserver
X-App-Version
X-Pubstack
X-Cluster
X-Reqid
Country-Code
X-Origin-CC
X-Origin-TTL
X-Varnish-Hits
X-Ratelimit-Limit
X-Envoy-Decorator-Operation
X-Microcachable
X-Buckets
Xet-Cookie
X-Tumblr-Pixel-3
Decoy-Debug-Key
Server-Info
X-Tumblr-Pixel-2
Decoy-Debug-TTL
X-Request-Host
LB
Decoy-Debug-Status
X-MP-GENERATED-AT
X-Air-Source
X-IPLB-Request-ID
X-Air-Hostname
X-Air-Trace-Id
X-Magnolia-Registration
X-Ms-Version
DB-Nickname
X-Ms-Request-Id
X-Amzn-RequestId
X-CSRF-Token
X-Amz-Apigw-Id
Cache
X-B3-SpanId
X-Endurance-Cache-Level
X-Tx-Id
X-AK-Request-ID
X-CF-Lambda-Fn
X-A-Wwc
X-Cache-Bucket
Sslversion
X-CF-Lambda-Version
Host-ID
Fastcgi-X-Cache-Version
Rendered-Blocks
X-Cdn-Srv
X-A-Dam
Cmsid
X-A-Dcw
X-A-Dgt
Cmstype
X-A-Ccd
Surrogated-Key
X-Aed
X-Cache-Id
DCR-Decision-By
X-ARC
DCR-Processing-Time-Ms
X-Ec-GeoHdr
X-Developer
Mobile-Detection-Method
Meta-Geo-Continent
Expiry
X-Destination
X-D
BehaviorPad-Version
Odigeo-Trace-Id
T-Server
X-Application
X-Connection-Hash
X-Cache-NE
A
MD5-Digest
Cdnsip
X-B-Cookie
NM-Fastcgi-Cache
X-Conf
Pramga
X-Ec-Fail
Cdncip
X-A
X-HS-Content-Campaign-Id
X-RCS-CacheZone
X-SRCache-Key
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Orig-Expires
X-Tenant
X-Vdms-Path
X-User
X-TIM-N
X-Session-Fingerprint
X-NCache
X-Epic-Correlation-Id
X-Newrelic-Synthetics
X-ScT
X-SD-PageType
X-Shop-Environment
X-S-Cookie
X-Bc-Bl
X-Processor
X-Rojux
X-S
X-Ig-Push-State
X-NAPM-TraceId
X-Forwarded-Path
X-Vtex-Remote-Cache
X-Ftr-Request-Id
Xc-Version
X-Geo-Header
X-Gzip
X-Hash
X-Vtex-Processado-Em
X-External-Request-Id
X-Esi-Check
X-Vdms-Version
X-VG-WebCache
Lang
CDN
X-Via-NSCOPI
Source
X-Varnish-Ttl
X-Wix-Viewer-Type
Wxu-Next-Region
Memcached
X-Sigma-Backend
X-Worker
Mail-Subject
Machine
X-Sigma
X-WADP-Cache
State
X-Via-Ucdn
X-TNCMS
X-TrackingId
Server-Host
X-V-Cache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Web-Mar-Region
Wxu-Next-Commit
We-Hiring
X-Slack-Backend
User-Cache-Control
Wxu-Next-Hostname
X-Block-Status
X-Core-Value
X-Hnp-Log
X-Developers
X-Is-Gdpr
X-Core-Mission
X-LAGOON
X-JWT-State
X-Device-Os
X-Dispatcher-Number
X-Fmm-Version
X-Fetched-On
X-Fastly-Cache
X-Gdpr
X-Gen-Mode
X-Has-Esi
X-Ec-Custom-Error
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Cache-Backend
X-Planisys-CDN-TTL
X-Rocket-Build-Number
X-Scheme
X-SB
X-Cache-Info
X-Origin-Time
X-NodeID
X-Node-Id
X-Loop
X-Nyt-Route
X-CacheTTL
X-Origin-Response-Time
X-Origin
X-Server-IP
X-Amzn-Remapped-Content-Length
Environment
X-Varnish-Beresp-Grace
AKAMAI
X-Time
Fastly-GeoIP-CountryCode
DynaTrace
X-Skip-Cache
X-R9-Blue-Green-Version
Cache-Name
X-Azure-Ref
X-Varnish-Remaining-TTL
Producers
X-DefElseHash
X-DefHash
X-Eu-Site
Platform
X-Auto-Login
X-DPWN-IS-SECURE
Adler-Geo
Is-Eu
X-Datadog-Trace-Id
X-Variation
X-BBC-Edge-Cache-Status
X-Cache-Date
X-Varnish-CookieHashed-On
X-Branch-Name
X-CGP
X-Origin-Expires
X-Varnish-CookieINHashed-On
X-Datadog-Parent-Id
X-Forwarded-Site
X-Csrf-Jwt
X-GeoIP
X-Webstats-RespID
X-Pool
X-Proxy-Upstream
X-Pod-Name
X-Served-From
X-Thinkindot-L3
Kp-EeAlive
X-RateLimit-Limit-Second
X-Rocket-Nginx-Serving-Static
X-Request-URI
X-Region-Sid
X-RateLimit-Remaining-Second
X-Mvc-Supplant-Cachable
X-Minions-Version
X-VServer
X-HN
X-Generated-On
X-Gamma-Serve
X-Viewer-Country
X-Irp-Debug
X-VarnishDD-TTL
X-ZONE
X-VG-TLSProxy
X-Level-Front-Cache
X-From
X-Datadog-Sampling-Priority
N-Cache
CDCHOST
PFcat
Redirect-Candidate
Release
Svr
V-Age
Req-Svc-Chain
Traceparent
Fastcgi-Cache-TTL
Origin-CC
Origin
Thinkindot-Control
Thinkindot-CacheControl-Type
Origin-EX
TDXMobile
Thinkindot-CacheControl
Apple-News-Services-Request-Url
Vix-Hermes-Req-Id
Cluster
Apple-News-Services-Host
L5d-Success-Class
Apple-News-Services-Parsed-Url
Ha-Gx-Prefs
Ssr
HA-Ipaddr
L
CloudFront-Viewer-Country
Apple-News-Services-Handled
Sever-Int
Server-Ext
Server-Hostname
X-Tt-Logid
DSUID
X-Cdn-Origin
X-Aicache-OS
X-GeoIP-City
Datacenter
Ohc-File-Size
Fastly-SWR
IsBot
Fastly-SIE
X-Qloud-Router
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Platform
X-Httpd
X-Sn-Servicetimems
X-Scale
X-Policy
X-BCube-Filmed-By
Candidate-Md5Url
Cache-Key
Gh-Request-Id
X-SIPLIST1
X-Owner
NGX
X-Proxy-Cache-Info
X-Location
X-Loc
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Optimistic-Header
HostName
X-Refresh
VNS-Cache
X-CS
X-NC
XM
GEO-INFO
X-WP-CF-Super-Cache
VNS-Age
Pics-Label
X-SplitTest
X-WP-CF-Super-Cache-Cache-Control
CPC-Age
X-Cache-Status-Check
X-Ad-Defer-Variation
CPC-Cache
X-CACHE-KEY
Fastly-Backend-Name
X-Parent-Response-Time
Env
Arc-Country
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Ah-Environment
Locid
X-Men
X-WA-Info
Ms-Author-Via
X-VC
X-TIME
X-Tb-Optimization-Total-Bytes-Saved
X-LB-NoCache
X-Response-By
Servername
X-Old-Content-Length
X-Varnish-Authentication
X-Micro-Cache
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-AIR-PT
X-RSL
X-Amz-Meta-Cb-Modifiedtime
X-Mvc-Supplant-OutputCached
X-TraceId
X-DW
X-RPM
X-Edge-Pop
X-DSS
X-DI
X-RPS
X-DB
X-EC-Lua
Lb
X-Xrds-Location
Time
Memory
Path
GeoIp-Country-Code
X-Srv
X-Date
X-Via-Popv
X-Servedbyhost
X-Accel-Expires-Debug
X-Udemy-Cache-App-Namespace
X-Via-Poph
X-Via-Popn
X-Trace-ID
Ngx.Var.Host
Cache-Host
X-Generated-In
X-Api-Version
X-Presslabs-Stats
ITXSESSIONID
X-HA-Backend
X-Akamai-Transformed
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Ohc-Cache-HIT
X-RateLimit-Reset
X-Vc
X-DC
X-VCL-Version
Client
True-Client-IP
X-S-Maxage
FSS-Cache
X-Cache-Debug
XkeyRZ
X-Proxy-CacheRZ
Geoip-Latitude
X-Clientip
X-API-Version
X-Varnish-Beresp-TTL
Fusion-Content-Id
Fusion-Component-Id
X-VHOST
Fusion-Content-Source
X-Cs
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Hostname
CacheControlHeader
Server-ID
X-TH-Server
True-Client-Country-4JS
X-Action
X-FireWall-Port
X-Zone
X-Backend-TTL
X-Fpc
Geo-Info
NtCoent-Length
X-Webkit-Csp-Report-Only
Powered-By
X-Dmc
X-TX-ID
Edge-Cache
X-Render-Time
X-PX
X-Req
X-B3-Spanid
X-Traceid
X-MSEdge-Features
X-MSEdge-Flight
X-CSRF-TOKEN
X-Pass-Why
Test
Tcn
X-INCAP-ABP
My-App
X-NGINX-Cache
X-DynaTrace-JS-Agent
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Cdn-Request-ID
Rip
X-Gateway-Cache-Status
X-Service
C-Via
X-FPC
X-M-Reqid
X-Provided-By
X-Correlation-ID
X-Origin-Upstream-Status
X-M-Log
X-Beluga-Trace
Tube-Got-Eval
X-Beluga-Status
Tube-Got-Results
X-Qnm-Cache
Server-Id
X-Beluga-Node
X-Beluga-Cache-Status
User-Agent
X-Beluga-Record
X-HS-Status
Click-Count-Error
Click-Count-Action-Start
X-Beluga-Response-Time
Tube-Return
Tube-Get-Contents
Esi-Enabled
X-Up
X-Webkit-CSP-Report-Only
X-Esi
X-Varnish-Beresp-Ttl
OT-Force-Account-Verify
X-LB-ID
Cf-Int-Pingora-Origin-Digest
X-Vcl-Version
HIT
X-Alfa-Service
On-Server
X-Ha-Backend
GeoIP-Latitude
X-URL
Uri
X-Via-PopH
X-Via-PopN
X-Via-PopV
Resin-Trace
Srvid
Proxy-Connection
X-CLOUD-TRACE-CONTEXT
X-RAMCache
Sid
X-Li-Pop
X-Li-Fabric
X-UnsetCookies
X-LI-UUID
X-Proxy-Cache-Hk
DataCenter
X-APP
GeoIP-Country-Code
X-Akamai-Pragma-Client-IP
Epwk-X-Cache
X-LI-Proto
X-ND-Cache
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Geo
X-Fetch-By
X-Hcs-Proxy-Type
Srv
X-Time-Microsecs
X-ServedByHost
WZWS-RAY
X-Check-Cacheable
WebServer
X-TRACE-ID
X-Cdn-Forward
X-Edge-POP
X-Edge-Origin-Shield-Bytes
X-Fastly-Backend-Reqs
X-Backend-Host
MIME-Version
X-CUA
Cdn
Warning
X-Edge-Origin-Shield-Region
X-Platform-Cluster
X-App
X-Dynatrace
X-Platform-Processor
X-Platform-Router
M-TraceId
Cf-Device-Type
Tracecode
Target-Params
Fastly-Drupal-HTML
X-Fragments
X-Lb-Nocache
Server-Ttl
X-ATG-Version
ServerName
ENV
X-B3-Traceid-Primal
XServer
X-HostName
X-MG-S
PICS-Label
X-ElasticPress-Query
Wp-Super-Cache
X-Fastly-Backend
X-Azure-Ref-OriginShield
X-Var-Ttl
X-Request-Url
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-FC-Vary-Parameters
X-Sucuri-ID
X-Newrelic-App-Data
X-Yottaa-OS
Inserted-Into-Cache-At
CF-Cached-On
X-Sucuri-Cache
Lfy
Section-Io-Id
CountryCode
X-Dw-Trace-Id
X-Iplb-Request-Id
Cf-Ipcountry
Dt-Hot-News
X-Varnish-Beresp-Status
X-Vcache
X-LiteSpeed-Cache-Control
X-Iplb-Instance
X-Cache-Expires
X-CF-Powered-By
X-Nc
D-Url-Rewrites
X-Serial
DT-Hot-News
Servedby
X-Release
X-Back
X-Th-Server
Magicmarker
X-Vercel-Cache
Content-Style-Type
X-Bip
X-Thanos
Hit
Content-Script-Type
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Id
X-Storefront-Renderer-Verified
Ngx
X-Dist-Code
X-Request-URL
X-NU-AKA-ACS-Version
X-Snapshot-Date
Cneonction
X-BBC-Origin-Response-Status
X-Fastly-Cache-Hits
X-Backend-State
X-Li-Proto
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache