Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
P3p
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Ua-Compatible
X-Request-ID
X-Via
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-Turbo-Charged-By
X-Amz-Request-Id
X-AH-Environment
X-Ws-Request-Id
X-Backend
X-Amz-Id-2
X-Proxy-Cache
X-Akamai-Path-Stats
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
EagleId
X-Rq
X-Vhost
X-Varnish-Cache
Grace
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Cf-Edge-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Allow
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-OneAgent-JS-Injection
X-Server-Id
X-Node
EagleEye-TraceId
X-Pingback
X-Cache-Spec
Request-Id
Surrogate-Control
Cf-Railgun
X-Akam-SW-Version
X-Backend-Server
X-Readtime
Accept-CH
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-HW
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
X-Application-Context
Content-Location
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-WebKit-CSP-Report-Only
X-Url
X-Clacks-Overhead
X-Country
X-Edge
X-Amz-Server-Side-Encryption
X-B3-TraceId
X-MS-InvokeApp
X-Rack-Cache
Accept-Ch
Edge-Control
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-PC
X-Vname
X-TtlSet
X-ESI
X-Vcap-Request-Id
X-Content-Type
Xkey
X-Mod-Pagespeed
X-CST
X-Varnish-TTL
X-VARITI-CCR
X-Nginx-Upstream-Cache-Status
X-Mcache
X-D2id
X-Amz-Rid
X-Cdn-Fetch
X-GitHub-Request-Id
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Kinja-Build
Verso
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
Cache-Tag
RTSS
X-FastCGI-Cache
X-ECACHE
X-Powered-By-Plesk
X-Cached
X-Upstream
X-Navigation-Version
Service-Worker-Allowed
X-Client-IP
X-Version
X-Dw-Request-Base-Id
X-Px
X-Abt-Application-Version
X-Ruxit-Js-Agent
X-Oneagent-Js-Injection
Public-Key-Pins
X-Cnection
X-Ac
X-Ser
Arr-Disable-Session-Affinity
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Server-Name
X-SharePointHealthScore
SPRequestGuid
X-Element-Page-Cache
X-Ttl
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-NF-Request-ID
SPIisLatency
SPRequestDuration
X-Cache-TTL
X-Country-Code
X-RateLimit-Remaining
X-NWS-LOG-UUID
X-Midtier
Response
X-Goog-Hash
X-Middleton-Response
X-Cache-Key
X-Edge-Location-Klb
X-Kinsta-Cache
Permissions-Policy
Access-Control-Request-Method
X-Forwarded-For
X-DataDome
Content-MD5
X-Correlation-Id
X-Powered-CMS
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
Edge-Cache-Tag
Front-End-Https
X-RateLimit-Limit
X-T
X-Jurisdiction
X-HP-Trace-Id
X-Recruiting
X-HP-Webp
Nginx-Cache
TP-Cache
AR-CACHE
AR-SID
TP-L2-Cache
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Grace
TCN
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Id
X-Mg-S
Filters
X-Request-Received
X-Request-Processing-Time
X-HS-Content-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-HS-Combine-CSS
X-TEC-API-ORIGIN
X-HS-Hub-Id
X-Content-Digest
X-HS-Cache-Config
X-Hits
Server-Node
X-LLID
S
X-Fastly-Request-Id
X-Frontend
X-Distributor
X-Amzn-Trace-Id
Server-Name
Cache-Status
X-Protected-By
X-TTL
X-Webkit-Csp
X-Geo-Country
X-PressLabs-Stats
MS-Author-Via
Fastcgi-Cache
X-LB-Cache
X-Request-Handler-Origin-Region
X-Language
X-Microsite
X-Ezoic-Cdn
X-Ab
X-Ua-Browser
X-Origin-Server
X-Forwarded-Proto
X-F-Cache
Charset
Filterid
Cross-Origin-Opener-Policy
Host
X-B3-Sampled
X-Seen-By
X-FB-Debug
X-Page-Id
Realpath
X-Git-Hash
X-Ratelimit-Reset
X-Amz-Meta-S3cmd-Attrs
Payment
X-XRDS-Location
X-Litespeed-Cache
Count-Hit
X-ASPNET-VERSION
X-Cache-Age
Accept-Charset
X-VCache
X-Cluster-Name
X-Fastcgi-Cache
X-DynaTrace
X-NGENIX-Cache
Cache-Tags
Alternate-Protocol
X-Origin-Cache
Surrogate-Key
X-Browser-Type
X-Activity-Id
X-Erf-Bev-Bev-Is-Generated
X-Az
X-AppVersion
Retry-After
X-Erf-Bev-Bev
X-Content
Cleartype
X-Rid
X-Template
X-Www-Served-By
X-Webkit-CSP
X-Node-Name
X-Varnish-Backend
X-Type
X-App-Environment
X-Proxy
Access-Control-Allow-Method
X-Amz-Replication-Status
X-B
ServerID
X-TT
X-B-Cache
X-Upgrade-Enabled
X-Wix-Request-Id
X-Signature
X-Varnish-Grace
X-Drupal-Cache-Tags
X-Tb
X-Aspnet-Duration-Ms
DC
Paypal-Debug-Id
X-Flags
X-Debug
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Logged-In
X-DIS-Request-ID
Frame-Options
Cf-Apo-Via
X-Mobile
X-Content-Options
X-Hostname
X-Envoy-Decorator-Operation
X-Load-Cache
X-Source
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Cache-Control
X-Revision
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-N
Country
X-COUNTRY
X-Kong-Upstream-Latency
X-Contextid
X-Kong-Proxy-Latency
X-User-Agent
X-Whom
Amp-Access-Control-Allow-Source-Origin
Viewport
Referer-Policy
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-Restarts
X-XRDS-LOCATION
X-Original-Request-Id
X-Cache-Rule
X-Response-Served-From
Node
X-Varnish-Age
Refresh
X-Mid
Content-Disposition
NGB
X-L-Path
X-Cache-TTL-Remaining
X-Environment-Context
VIX-Pulpo-Node
X-Akamai-Request-ID2
X-Debug-IsConnected
X-Debug-IsPreview
X-Unique-Id
X-Framework
Akamai-GRN
X-Ratelimit-Remaining
VIX-Pulpo-Upstream-Status
Access-Control-Request-Headers
X-Varnish-Server
Uber-Trace-Id
X-Drupal-Cache-Contexts
X-Page-View
X-Real-IP
X-Yottaa-Optimizations
X-NYM-Debug-Backend
X-Cacheable-TTL
X-Jobs
Url
X-Yottaa-Metrics
X-Instance
X-Cache-Time
X-Servername
X-Is-Bot
X-Rendered-As
X-Adobe-Content
X-Fastly-Request-ID
X-Mg-Request-UUID
X-Cache-Grace
X-G
X-Adobe-Loc
X-Debug-Info
Countrycode
X-Status
Version
X-App-Server
X-Content-Powered-By
X-Server-ID
X-Http-Reason
X-RemovedCookies
X-ProcessESI
Protected
X-CDN-Forward
X-APP-VERSION
X-Tt-Logid
X-IPLB-Request-ID
X-IPLB-Instance
Accept-Language
X-Hosted-By
X-Trace-Id
Liferay-Portal
X-Device-Type
Healthy
X-Cache-Expired-At
X-Nginx-Cache-Key
Srv
Fastcgi-Useragent
X-Ratelimit-Limit
X-FW-Serve
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-Time
X-Via-JSL
X-FW-Type
X-FW-Hash
X-RTag
X-UUID
MS-CV
X-Cache-Hit
Ms-Operation-Id
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Azure-Ref
X-Cache-NGX
X-Proxy-Cache-Status
X-Mobile-URL
Backend
Section-Io-Cache
X-Backend-Name
Content-Secure-Policy
X-Oracle-Dms-Ecid
X-HTML-Minification-Powered-By
X-Oracle-Dms-Rid
Meta-Geo
Load-Balancing
X-UPSTREAM-Address
X-Cache-Operation
X-RN-RSRV
X-Zen-Fury
X-Storage
Server-Info
CF-IPCountry
X-Mode
TWC-GeoIP-Country
Azure-SlotName
TWC-GeoIP-LatLong
TWC-Locale-Group
X-LJ-Flow-ID
Azure-SiteName
TWC-Device-Class
X-Handled-By
X-Locale
Azure-RegionName
Azure-InstanceId
X-Cache-Host
Webcakes-App-Name
Webcakes-App-Version
X-Cache-Server
X-Content-Age
X-Access
X-VWS-Id
X-Format
TWC-Privacy
Web-Mar-Node
X-AWS-Id
X-Alternate-Cache-Key
X-Origin-Hint
X-Shopify-Stage
X-Uri
X-ShopId
X-ShardId
X-Varnish-Cache-Hits
Locale
X-Site-Version
X-Urbn-Site-Id
X-Sql-Duration-Ms
X-Storefront-Renderer-Rendered
X-Sql-Count
X-Urbn-Context-Path
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-No-Session
X-Server-W
Eomportal-Instance
Azure-Version
X-PHP-Backend
X-PCL
X-OCL
Webcakes-Region
X-Section
TWC-Connection-Speed
X-Redis-Cache
Onion-Location
X-Varnishpool
Property-Id
S-Rt
X-Say-Cacheable
Mn-Server-Ip
X-Say-TTL
Selected-Fe
X-SayCDN-TTL
X-Generation-Time
X-Proxied
X-Proxy-Build
X-Via-Fastly
X-Proto
X-Zipkin-Id
X-Xfnlog-Site
X-ProxyCache-Key
X-ProxyCache-Status
X-ServerID
X-Timing-Wait
X-SaId
X-Routing-Service
X-Request-Time
X-Akamai-Edgescape
X-Cache-Enabled
X-Cache-Type
X-Cms-Context
X-PHP-Host
X-BYPASS-REASON
X-Varnish-Hostname
X-Region
X-Origin-Date
X-Debug-Cache
X-JoinUs
X-Forwarded-Host
X-Labrador-Cache-Channel
X-Hl-Ver
X-Extlb
X-VC-Cache
X-Edge-Location
DB-Nickname
Apigw-Requestid
X-FB-TRIP-ID
X-UA-Device-Type
X-Tid
X-Datadome
GEO-INFO
X-SRV
X-Cache-Status-Check
ServedBy
X-Adobe-Source
X-Generated-By
WP-Super-Cache
CDN-Uid
CDN-EdgeStorageId
X-Skip-Cache
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
CDN-Cache
X-Varnish-Beresp-Grace
X-Web-Node
X-GeoCode
X-Detected-As
X-GeoCountry
X-DynaTrace-JS-Agent
X-Cache-Action
X-Human
X-Dc
X-Ua
SD-X-WS
X-LSADC-Cache
X-Nginx-Cache
X-Rule
X-R9-Blue-Green-Version
Cache-Name
X-ECache
X-FireWall-Port
Cache
X-Ms-Request-Id
X-Ms-Version
LB
Xet-Cookie
X-Cache-Tags
WPO-Cache-Message
Cross-Origin-Window-Policy
WPO-Cache-Status
X-Cached-By
X-Amzn-RequestId
Source
X-Amz-Apigw-Id
X-App-Version
X-GG-Cache-Date
X-Varnish-Hits
X-Via-NSCOPI
Cross-Origin-Resource-Policy
X-RCS-CacheZone
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-NewRelic-App-Data
Origin
X-Aspnetmvc-Version
X-Correlation-ID
X-Cdn
X-GEO
X-MP-GENERATED-AT
X-IPS-LoggedIn
X-Reqid
Xserver
X-Loop
X-TNCMS
Cache-Hits
X-AOL-HN
X-Origin-TTL
X-Pubstack
X-Origin-CC
X-Soup
X-B3-SpanId
X-Amzn-Remapped-Content-Length
X-URL
X-Newrelic-Synthetics
X-FW-Version
X-TA-CDN-Provider
Rip
X-Cluster-Node
X-Tumblr-Pixel-2
X-Platform-Server
X-Varnish-Ttl
X-TIME
X-Api-Version
X-Service
Upgrade-Insecure-Requests
X-Cluster
X-Origin-Response-Time
X-Vgn-Hpd-Reason
Xc-Version
Rendered-Blocks
Redirect-Candidate
X-A
X-Forwarded-Path
X-A-Ccd
X-A-Dcw
Candidate-Md5Url
Cdncip
X-A-Dam
Odigeo-Trace-Id
BehaviorPad-Version
A
X-External-Request-Id
X-VG-WebCache
X-Owner
X-SRCache-Key
X-Tenant
Surrogated-Key
Sslversion
X-ScT
X-Shop-Environment
X-Session-Fingerprint
X-Served-From
X-TIM-N
X-User
X-S-Cookie
From-Origin
X-S
X-Rojux
Cdnsip
X-PBS-Appsvrname
T-Server
X-Vdms-Path
X-Vdms-Version
Fastly-SSL
Ngx.Var.Host
X-BCube-Filmed-By
DCR-Processing-Time-Ms
X-Destination
X-Bc-Bl
DCR-Decision-By
X-Developer
X-B-Cookie
X-Cache-NE
Lang
X-D
X-Connection-Hash
X-Processor
Host-ID
Expiry
X-Rewrite-Enabled
Environment
X-ARC
X-Orig-Expires
MD5-Digest
X-Ec-Fail
X-AK-Request-ID
Meta-Geo-Continent
X-Aed
X-A-Wwc
X-NAPM-TraceId
X-Application
X-Ec-GeoHdr
X-A-Dgt
OT-Force-Account-Verify
X-Request-Host
Webserver
X-Level-Front-Cache
X-Accel-Buffering
Decoy-Debug-Status
X-Irp-Debug
Decoy-Debug-TTL
X-Generated-On
X-NWS-UUID-VERIFY
Machine
X-Dispatcher-Number
Decoy-Debug-Key
X-Pool
X-Forwarded-Site
X-Yandex-Sdch-Disable
HostName
X-CSRF-Token
L
Ha-Gx-Prefs
HA-Ipaddr
X-Gateway-Request-Id
Kp-EeAlive
Mobile-Detection-Method
Memcached
X-Planisys-CDN-Rules
Req-Svc-Chain
Mail-Subject
X-Pod-Name
X-Planisys-CDN-Cache
Server-Host
NM-Fastcgi-Cache
X-Planisys-CDN-TTL
X-Policy
L5d-Success-Class
VNS-Age
X-Branch-Name
X-BBC-Edge-Cache-Status
X-Optimistic-Header
X-Cache-Bucket
X-Cache-Id
X-Auto-Login
X-Developers
Gh-Request-Id
X-Geo-Header
X-Aicache-OS
X-Origin
X-Cache-Info
X-CacheTTL
X-Ckpd-Fst-Backend
X-CGP
X-Clara-WADP
X-Clientip
X-Core-Value
X-Datadog-Parent-Id
X-NodeID
X-Datadog-Trace-Id
X-Cdn-Srv
X-Nyt-Route
X-Datadog-Sampling-Priority
X-Gzip
X-Hash
Vix-Hermes-Req-Id
V-Age
X-Csrf-Jwt
VNS-Cache
We-Hiring
X-Gdpr
State
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gamma-Serve
Servername
Web-Mar-Region
Wxu-Next-Commit
X-Epic-Correlation-Id
X-HS-Content-Campaign-Id
X-Minions-Version
X-Gateway-Skip-Cache
X-Mvc-Supplant-Cachable
X-Esi-Check
X-Eu-Site
Wxu-Next-Hostname
Wxu-Next-Region
X-Fmm-Version
X-Fastly-Cache
X-Origin-Time
X-Sigma-Backend
X-Wix-Viewer-Type
X-SB
WebServer
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Cache-Remote
Apple-News-Services-Parsed-Url
X-Scale
X-Bip
X-VG-TLSProxy
X-SplitTest
X-Qloud-Router
X-Slack-Backend
X-Viewer-Country
X-WADP-Cache
X-Sigma
X-WA-Info
Cache-Host
X-Rocket-Nginx-Serving-Static
X-Request-URI
X-Thanos
X-Rocket-Build-Number
X-VC
X-Region-Sid
X-RateLimit-Remaining-Second
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Datacenter
CPC-Cache
Cluster
X-RateLimit-Limit-Second
Cache-Tv-Group
Cmsid
Cmstype
CPC-Age
Country-Code
X-V-Cache
X-Provided-By
X-Hnp-Log
Tube-Return
X-SVT-ORM-VERSION
X-GeoIP-City
X-GeoIP
X-Thinkindot-L3
X-JWT-State
X-Fetched-On
X-SVT-ORM-RULES
X-Sn-Servicetimems
TDXMobile
X-Rebelmouse-Cache-Control
X-Is-Gdpr
X-Rebelmouse-Surrogate-Control
X-S-Maxage
X-NCache
X-SIPLIST1
X-Variation
X-Ec-Custom-Error
X-Has-Esi
Tube-Got-Results
X-DefElseHash
X-Cdn-Origin
X-Gen-Mode
Traceparent
Tube-Got-Eval
X-Core-Mission
Thinkindot-Control
X-DefHash
Thinkindot-CacheControl
X-DPWN-IS-SECURE
X-Varnish-CookieHashed-On
X-Device-Os
X-Varnish-CookieINHashed-On
Thinkindot-CacheControl-Type
X-Varnish-Remaining-TTL
Tube-Get-Contents
Fastly-SWR
X-Proxy-Cache-Info
Adler-Geo
X-Worker
X-INCAP-ABP
X-Loc
Click-Count-Error
X-Origin-Expires
X-Varnish-Beresp-Ttl
User-Cache-Control
CDCHOST
Fastcgi-Cache-TTL
AKAMAI
X-Scheme
Svr
X-Ad-Defer-Variation
DSUID
Click-Count-Action-Start
NGX
X-Parent-Response-Time
Release
Producers
X-Block-Status
Origin-CC
IsBot
Origin-EX
Is-Eu
Platform
Fastly-SIE
X-Tx-Id
Server-Hostname
Server-Ext
X-LB-NoCache
X-Mvc-Supplant-OutputCached
CloudFront-Viewer-Country
X-Microcachable
X-Ig-Push-State
Sever-Int
X-VServer
Mime-Version
X-ZONE
X-Udemy-Cache-App-Namespace
SID
X-Cache-Date
Pics-Label
Ec-Rule-Version
Ssr
X-Conf
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Varnish-Beresp-Status
X-Tb-Optimization-Total-Bytes-Saved
Canary
X-CMSURLCustom
Memory
X-Generated-In
X-Be
Time
X-Dmc
Sid
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Server-ID
X-Edge-Pop
X-Sucuri-Cache
X-Sucuri-ID
X-MSEdge-Flight
X-Refresh
X-CS
X-Via-Popv
X-MSEdge-Features
X-Via-Popn
X-Via-Poph
X-ATG-Version
Fastly-Drupal-Html
X-B3-Traceid
X-Presslabs-Stats
X-Azure-Ref-OriginShield
X-Servedbyhost
X-WP-CF-Super-Cache-Active
X-Var-Ttl
X-ND-Cache
X-FC-Vary-Parameters
X-Fastly-Backend
X-TRACE-ID
X-Cache-Debug
X-Buckets
X-Xrds-Location
X-NC
Fastly-Drupal-HTML
Env
X-Trace-ID
X-Fpc
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Newrelic-App-Data
X-Akamai-Transformed
X-Cs
X-Endurance-Cache-Level
X-Esi
X-Release
GeoIp-Country-Code
X-PX
CDN
X-CF-Lambda-Fn
X-EC-Lua
X-MCACHE
X-Zone
X-ID
X-TX-ID
X-CF-Lambda-Version
Magicmarker
X-Hyper-Cache
X-Tumblr-Pixel-3
X-DC
X-NGINX-Cache
X-CACHE-AGE
X-RateLimit-Reset
X-M-Reqid
True-Client-IP
X-M-Log
X-Micro-Cache
Pramga
X-VCL-Version
X-Up
X-Qnm-Cache
X-Vc
Hostname
X-CSRF-TOKEN
X-Srv
X-Edge-Origin-Shield-Region
C-Via
X-TrackingId
X-Dispatch
X-App
My-App
X-Alfa-Service
X-Wa
X-Pass-Why
N-Cache
X-Varnish-Beresp-TTL
X-CACHE-KEY
X-Edge-Origin-Shield-Bytes
X-Lambda-Id
On-Server
Fastcgi-X-Cache-Version
X-Platform
X-PAYTM-SRV-ID
Tcn
Path
Esi-Enabled
X-Vcl-Version
X-ApacheServer
X-PERF
X-AIR-PT
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Req
Resin-Trace
X-HS-Status
X-Air-Pt
X-Check-Cacheable
True-Client-Ip
X-SD-PageType
X-Vercel-Id
X-Vercel-Cache
NtCoent-Length
Tracecode
GeoIP-Latitude
Proxy-Connection
X-Node-Id
X-TH-Server
X-B3-Spanid
HIT
Cache-Key
CacheControlHeader
X-LAGOON
X-SERVER-NAME
X-Request-Start
X-Proxy-CacheRZ
DT-Hot-News
GeoIP-Country-Code
XkeyRZ
X-API-Version
X-LB-ID
X-Akamai-Pragma-Client-IP
X-Render-Time
Cdn
True-Client-Country-4JS
X-CLOUD-TRACE-CONTEXT
X-Geo
X-Via-Ucdn
XM
X-Webkit-CSP-Report-Only
PFcat
Hit
X-HN
X-Proxy-Upstream
X-Op-Id-All
X-FPC
X-VarnishDD-TTL
ENV
DynaTrace
X-Webkit-Csp-Report-Only
X-Mly-Id
X-Platform-Processor
X-Platform-Cluster
Section-Origin-Responded
X-Platform-Router
X-Traceid
Section-Io-Origin-Time-Seconds
X-WA
SRV
Server-Ttl
MIME-Version
Section-Io-Origin-Status
Section-Io-Id
X-Via-CDN
X-Lb-Id
X-Dw-Trace-Id
X-GeoIP-Region-Code
X-Via-PopV
X-Edge-POP
X-GeoIP-Country-Code
Lb
X-Via-PopN
X-Via-PopH
Server-Id
X-Proxy-Cache-Hk
User-Agent
X-ServedByHost
X-Cdn-Forward
X-Nf-Request-Id
XServer
X-Cache-Backend
X-Date
X-Ftr-Request-Id
X-Datacenter
X-Accel-Expires-Debug
M-TraceId
YJS-ID
Yjs-Id
WWW-Authenticate
Geoip-Latitude
FSS-Cache
X-LiteSpeed-Cache-Control
Warning
X-TT-LOGID
X-HA-Backend
X-FORWARDED-FOR
X-LI-UUID
X-Li-Pop
X-LI-Proto
X-CUA
X-LiteSpeed-Tag
Dnion-Transfer-Encoding
X-RAMCache
X-CF-Powered-By
X-Cache-Ttl
X-Request-Url
X-Li-Fabric
X-Server-IP
X-RSL
X-RPS
X-RPM
X-DI
PICS-Label
X-HITS
Location
X-DB
X-DSS
X-Httpd
X-DW
X-Akamai-Request-ID
Nginx-CQVIP
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Vha6-Origin
X-Old-Content-Length
X-Nc
X-Fastly-Backend-Reqs
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
X-UA
X-Wp-Cf-Super-Cache-Cache-Control
X-Response-By
X-Fastly-Cache-Hits
X-B3-ParentSpanId
X-HostName
Wpo-Cache-Message
X-Lb-Nocache
Wpo-Cache-Status
X-Instance-Name
X-Cdn-Request-ID
X-Cc-Via
X-IN-APIGATEWAY
Ohc-File-Size
WZWS-RAY
X-IN-APIGATEWAYSSL
X-Service-Response-Time
Sm-Log-Id
Cdn-Cachedat
Wp-Super-Cache
Cdn-Cache
X-Cache-Ngx
CountryCode
Cdn-Edgestorageid
Cdn-Requestid
Cdn-Uid
Cdn-Pullzone
Cdn-Requestcountrycode
X-Moov-Xdn-Version
Uri
X-Moov-T
X-DataCenter
Ohc-Cache-HIT
X-MiniProfiler-Ids
X-Serial
X-Contensis-Viewer-Groups
Dt-Hot-News
X-Snapshot-Date
X-APP
X-Cache-ASPX
Req-ID
Fastcgi-Cache-Ttl
X-Varnish-Authentication