Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-Id
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-CDN
X-AspNetMvc-Version
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Apo-Via
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Dns-Prefetch-Control
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Ruxit-JS-Agent
X-Readtime
X-Cache-Lookup
X-HW
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-CST
X-WebKit-CSP-Report-Only
Accept-Ch-Lifetime
Content-Location
X-Content-Type
X-Country
X-Mcache
X-Url
X-MS-InvokeApp
X-Clacks-Overhead
Rating
X-ECACHE
X-Midtier
X-Vname
X-PC
X-TtlSet
X-Amz-Server-Side-Encryption
RTSS
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-Element-Page-Cache
X-D2id
Origin-Trial
X-Litespeed-Cache
Verso
X-Server-Name
X-Ac
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Rack-Cache
X-ESI
X-Varnish-TTL
X-B3-TraceId
X-Cnection
X-Powered-By-Plesk
X-Cache-TTL
Service-Worker-Allowed
X-GitHub-Request-Id
X-Ttl
Xkey
X-Navigation-Version
X-Client-IP
X-Abt-Application-Version
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-NWS-LOG-UUID
Edge-Control
X-Cached
X-Px
Arr-Disable-Session-Affinity
X-Mg-S
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Browser-Type
SPRequestDuration
SPIisLatency
X-Upstream
X-Cache-Key
X-Correlation-Id
X-Dw-Request-Base-Id
Pagespeed
X-Middleton-Display
Content-MD5
X-Sol
Display
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastcgi-Cache
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-Goog-Hash
X-XRDS-Location
Front-End-Https
X-Country-Code
X-Daa-Tunnel
X-Forwarded-For
X-Version
X-RateLimit-Remaining
Public-Key-Pins
AR-Request-ID
X-Powered-CMS
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-SID
X-Id
TCN
X-T
X-Recruiting
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-MSEdge-Ref
X-Content-Digest
X-Accel-Expires
X-Middleton-Response
Response
X-Ser
X-Shield-Request-Id
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
TP-Cache
TP-L2-Cache
X-Amzn-Trace-Id
Nginx-Cache
S
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Content-Id
X-Hits
Server-Node
X-HS-Combine-CSS
X-HS-Cache-Config
Cache-Status
X-Distributor
MicrosoftSharePointTeamServices
X-Fastly-Request-ID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ratelimit-Limit
Cache-Tags
X-Grace
Fastcgi-Cache
Alternate-Protocol
Server-Name
X-DataDome
X-Ezoic-Cdn
X-Protected-By
X-DIS-Request-ID
X-Origin-Server
X-LB-Cache
X-Ua-Browser
X-Ratelimit-Reset
X-Geo-Country
X-FastCGI-Cache
X-Request-Handler-Origin-Region
X-Frontend
X-Microsite
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Rid
X-Ratelimit-Remaining
X-Debug-Info
Cross-Origin-Opener-Policy
X-Git-Hash
X-Www-Served-By
Filterid
X-Varnish-Backend
X-Logged-In
Healthy
Cleartype
X-Forwarded-Proto
Payment
X-NGENIX-Cache
X-FB-Debug
X-Page-Id
X-Load-Cache
X-Webkit-Csp
X-ASPNET-VERSION
Charset
X-LLID
X-B3-Sampled
DC
Content-Disposition
X-Hostname
X-Origin-Cache
X-Cluster-Name
X-VCache
X-TTL
MS-Author-Via
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Goog-Metageneration
X-GUploader-UploadID
X-PressLabs-Stats
X-Upgrade-Enabled
Retry-After
Access-Control-Allow-Method
X-Proxy
Accept-Ch
X-F-Cache
Accept-Charset
Cross-Origin-Resource-Policy
Paypal-Debug-Id
X-Amz-Replication-Status
Realpath
X-Activity-Id
X-AppVersion
X-Az
X-Oracle-Dms-Ecid
X-Type
X-Signature
X-Oracle-Dms-Rid
X-Contextid
X-B-Cache
X-Seen-By
X-Flags
X-Revision
Viewport
X-Route-Name
X-Varnish-Server
X-Amz-Meta-S3cmd-Attrs
X-Providence-Cookie
X-Request-Guid
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Azure-Ref
X-Hosted-By
X-ORACLE-DMS-ECID
X-Whom
X-Wix-Request-Id
X-App-Environment
X-Fb-Rlafr
X-ORACLE-DMS-RID
X-Aspnetmvc-Version
X-TT
X-B
X-DynaTrace
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
Count-Hit
Referer-Policy
X-Source
X-RateLimit-Limit
X-Akamai-Edgescape
X-Language
X-App-Server
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Mobile
X-Template
X-B3-Traceid
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Cache-Control
Host
X-EdgeConnect-Cache-Status
X-HTML-Minification-Powered-By
X-Varnish-Grace
X-Magnolia-Registration
X-N
X-Cache-Rule
SRV
X-Original-Request-Id
X-Tumblr-Pixel
Version
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Response-Served-From
X-Varnish-Age
X-Cache-Time
X-UUID
Section-Io-Cache
X-Cache-Status-Check
X-Envoy-Decorator-Operation
Refresh
SD-X-WS
X-Rule
Ms-Operation-Id
X-RTag
X-Cache-Expired-At
MS-CV
X-FW-Server
X-FW-Version
X-Cache-Grace
X-Framework
Akamai-GRN
X-FW-Serve
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-Content-Powered-By
Access-Control-Request-Headers
X-FW-Type
X-Status
X-Page-View
X-RemovedCookies
Protected
X-Adobe-Content
X-ProcessESI
X-Adobe-Loc
X-Rendered-As
X-Environment-Context
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
GEO-INFO
Url
X-Http-Reason
X-Jobs
X-L-Path
X-Servername
X-Is-Bot
X-Instance
X-Device-Type
X-NYM-Debug-Backend
NGB
X-G
X-Cacheable-TTL
X-User-Agent
X-Akamai-Request-ID2
X-Backend-Name
X-Trace-Id
X-Cache-Age
X-Debug-IsPreview
X-Debug-IsConnected
X-COUNTRY
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
CDN-RequestId
From-Origin
WPO-Cache-Message
WPO-Cache-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Hit
X-Region
X-Newrelic-App-Data
Accept-Language
X-Tb
Country
Front
X-Nginx-Cache
X-Node-Name
X-Tt-Logid
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Fastly-Request-Id
Backend
X-Content-Options
X-Real-IP
X-TIME
Fastly-SIE
Fastly-SWR
X-Buckets
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-VC-Cache
X-Unique-Id
X-Mode
Uber-Trace-Id
Fastly-Drupal-HTML
X-Times
X-Cache-Operation
X-DynaTrace-JS-Agent
X-Zen-Fury
Content-Secure-Policy
Filters
Meta-Geo
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Generation-Time
X-RN-RSRV
X-Tumblr-Pixel-2
Onion-Location
X-Web-Node
CF-IPCountry
Azure-InstanceId
X-Section
X-Access
X-Amzn-Remapped-Content-Length
Azure-SiteName
Azure-RegionName
Webserver
X-Rocket-Nginx-Serving-Static
X-Format
Azure-Version
X-IPS-LoggedIn
X-Proxy-Cache-Info
X-Cache-Server
Azure-SlotName
TWC-Connection-Speed
Property-Id
X-Content-Age
X-Sucuri-Cache
TWC-Device-Class
X-Sql-Duration-Ms
TWC-GeoIP-LatLong
X-Say-Cacheable
X-Proxy-Cache-Status
X-Say-TTL
Webcakes-App-Name
X-SayCDN-TTL
X-PHP-Backend
X-Origin-Hint
X-Adobe-Source
Webcakes-Region
X-Cache-TTL-Remaining
X-Debug
X-Locale
TWC-Privacy
X-Reqid
X-Varnish-Beresp-Grace
X-Via-Fastly
X-Ua
X-Sucuri-ID
X-Sql-Count
X-Soup
X-Skip-Cache
Cache-Hits
TWC-Locale-Group
X-Server-W
Webcakes-App-Version
TWC-GeoIP-Country
X-Cms-Context
X-Forwarded-Host
X-Edge-Location
X-Handled-By
X-Labrador-Cache-Channel
X-Site-Version
X-PHP-Host
X-Air-Hostname
X-Cache-Host
Web-Mar-Node
ServerID
X-Air-Trace-Id
X-Air-Source
X-Cache-Action
X-URL
X-AWS-Id
X-ProxyCache-Key
X-Proto
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-VWS-Id
X-UA-Device-Type
X-Ms-Version
X-LJ-Flow-ID
X-Cluster
X-BYPASS-REASON
X-Cluster-Node
X-IPLB-Instance
X-IPLB-Request-ID
S-Rt
X-Ms-Request-Id
Apigw-Requestid
DB-Nickname
Node
Cache-Name
X-Timing-Wait
X-Urbn-Context-Path
CDN-Uid
X-JoinUs
X-GeoCode
X-FB-TRIP-ID
X-Detected-As
X-Urbn-Site-Id
Cross-Origin-Window-Policy
X-Extlb
CDN-RequestCountryCode
X-LAGOON
X-Routing-Service
X-SaId
X-Zipkin-Id
CDN-EdgeStorageId
CDN-Cache
X-Proxy-Build
X-LSADC-Cache
CDN-CachedAt
CDN-PullZone
X-Proxied
X-Xfnlog-Site
X-GeoCountry
Locale
ServedBy
Selected-Fe
X-SRV
Mn-Server-Ip
X-No-Session
X-WP-CF-Super-Cache
WP-Super-Cache
Mime-Version
X-WP-CF-Super-Cache-Cache-Control
Liferay-Portal
Fastcgi-Useragent
X-ECache
X-XRDS-LOCATION
X-Time
X-Optimistic-Header
X-Hl-Ver
X-Request-Time
X-CACHE-AGE
X-Tumblr-Pixel-3
Source
X-Oneagent-Js-Injection
X-Redis-Cache
X-Cache-Debug
X-Presslabs-Stats
X-Origin-Date
X-Loop
Upgrade-Insecure-Requests
X-TNCMS
X-Mg-Request-UUID
X-Generated-By
X-GEO
CF-Cached-On
Xserver
X-Uri
X-Varnish-Hits
X-Akamai-Transformed
X-Director
Xet-Cookie
X-TA-CDN-Provider
Countrycode
X-NWS-UUID-VERIFY
X-Pass-Why
X-ARC
X-Tx-Id
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
Frame-Options
X-FireWall-Port
X-App-Version
X-Tid
X-Origin-TTL
X-Origin-CC
X-Storage
X-Varnish-Ttl
Cache-Tv-Group
X-Varnish-Cache-Hits
X-Service
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-ShardId
X-ShopId
X-DC
X-Sorting-Hat-PodId
X-Varnish-Hostname
X-RM-Cache-TTL
X-Datadog-Sampled
X-Endurance-Cache-Level
X-Datadog-Parent-Id
Environment
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-B3-Spanid
X-Frame-Option
X-Aed
X-Generated-On
X-Gdpr
X-A-Dgt
DCR-Decision-By
DCR-Processing-Time-Ms
X-A
X-INCAP-ABP
X-A-Ccd
X-Application
X-A-Dcw
X-A-Dam
X-A-Wwc
X-Epic-Correlation-Id
X-Core-Value
Candidate-Md5Url
X-D
X-Bc-Bl
X-BCube-Filmed-By
A
BehaviorPad-Version
X-Cache-Info
X-CMSURLCustom
X-Conf
X-BBC-Edge-Cache-Status
X-ServerID
X-Level-Front-Cache
X-External-Request-Id
X-Request-Host
Xc-Version
X-Ec-GeoHdr
X-Ec-Fail
X-Destination
X-Developer
X-B-Cookie
X-Served-From
X-Mobile-URL
X-S
Sslversion
MD5-Digest
Memcached
X-S-Cookie
X-Vdms-Path
X-Vdms-Version
X-Loc
Redirect-Candidate
X-VG-TLSProxy
Lang
X-S-Maxage
Meta-Geo-Continent
X-ScT
Rendered-Blocks
Origin
X-SRCache-Key
Release
Odigeo-Trace-Id
X-Test
X-TIM-N
Req-Svc-Chain
X-Thinkindot-L3
Ngx.Var.Host
T-Server
Surrogated-Key
X-Platform-Router
X-Nyt-Route
Host-ID
X-We-Are-Hiring
X-Platform-Processor
X-Platform-Cluster
Edge-Cache
X-Origin-Time
Server-Info
Thinkindot-Control
WWW-Authenticate
Gannett-Cam-Experience-Id
X-Rojux
X-Mid
TDXMobile
Thinkindot-CacheControl
X-Cache-NE
X-Processor
Thinkindot-CacheControl-Type
SID
Tube-Got-Results
X-Bip
Tube-Return
Tube-Get-Contents
Ssr
State
X-Akamai-Device-Characteristics
X-Auto-Login
Tube-Got-Eval
Server-Host
X-Fetched-On
X-VServer
X-WA-Info
Cache-Host
X-Vmg-Version
X-Httpd
X-Sigma
X-Restarts
X-Pool
X-WADP-Cache
X-Req
X-Sigma-Backend
X-Rocket-Build-Number
X-Varnish-Remaining-TTL
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SD-PageType
X-Sn-Servicetimems
X-Thanos
X-SB
X-Location
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-Platform-Server
X-Origin-Response-Time
X-Developers
X-Ec-Custom-Error
X-Fmm-Version
X-Gamma-Serve
X-DefHash
X-DefElseHash
X-Cdn-Srv
X-Clara-WADP
X-Core-Mission
X-CUA
X-Geo-Header
X-GeoIP-City
X-JWT-State
X-NodeID
X-Old-Content-Length
X-Org
X-Worker
X-Is-Gdpr
X-Has-Esi
X-WP-CF-Super-Cache-Active
X-HS-Content-Campaign-Id
X-Human
X-Cdn-Origin
X-Cache-Bucket
Fastly-GeoIP-CountryCode
Cluster
Magicmarker
Click-Count-Error
Fastly-Backend-Name
Country-Code
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
DSUID
Click-Count-Action-Start
CloudFront-Viewer-Country
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
C-Via
AKAMAI
Cache-Key
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
X-Parent-Response-Time
Adler-Geo
X-GeoIP-Region-Code
X-Date
X-Device-Os
X-Gzip
X-Dispatcher-Server
X-Gen-Mode
X-Hnp-Log
X-Fastly-Backend
X-DPWN-IS-SECURE
X-Dispatcher-Number
X-Ckpd-Fst-Backend
X-Esi-Check
X-GeoIP-Country-Code
X-Minions-Version
X-Wix-Viewer-Type
CacheControlHeader
X-Varnishpool
Pics-Label
X-Var-Ttl
X-Variation
Gh-Request-Id
Kp-EeAlive
X-Hash
X-Pubstack
X-GeoIP
We-Hiring
Mail-Subject
NM-Fastcgi-Cache
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Nginx-Cache-Key
X-Node-Id
X-NCache
X-Nananana
X-Men
X-Cache-Id
X-Op-Id-All
X-Planisys-CDN-Cache
X-Request-Start
X-Scale
X-Region-Sid
X-Qloud-Router
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-LB-NoCache
X-Origin
X-Ad-Defer-Variation
X-Accel-Expires-Debug
X-Accel-Buffering
Cmsid
Sever-Int
Origin-EX
Machine
X-Azure-Ref-OriginShield
X-App
Web-Mar-Region
Origin-CC
Cmstype
Wxu-Next-Hostname
Wxu-Next-Commit
Server-Ext
NGX
Vix-Hermes-Req-Id
Wxu-Next-Region
On-Server
Server-Hostname
Datacenter
Producers
User-Cache-Control
Svr
Platform
X-Cache-Backend
X-Block-Status
Is-Eu
X-Cache-FS-Status
L
Cache-Provider
CDCHOST
X-AIR-PT
X-Server-ID
X-Owner
X-Refresh
Canary
X-Cache-Date
Fastly-SSL
X-VarnishDD-TTL
X-CacheTTL
X-Cache-Tags
X-Up
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-FC-Vary-Parameters
X-HN
X-V-Cache
PFcat
X-Server-IP
X-Platform
X-Forwarded-Site
X-Webkit-CSP-Report-Only
X-Esi
X-Microcachable
X-Trace-ID
L5d-Success-Class
X-CGP
X-Csrf-Jwt
X-Eu-Site
HA-Ipaddr
Ha-Gx-Prefs
X-Cache-Remote
GeoIP-Latitude
X-CSRF-Token
Cdn
X-Mvc-Supplant-OutputCached
X-Via-Popv
X-Cached-By
X-Servedbyhost
X-Mly-Id
Env
X-Via-Poph
X-Aicache-OS
X-Via-Popn
X-HA-Backend
Load-Balancing
X-Tb-Optimization-Total-Bytes-Saved
X-RCS-CacheZone
HostName
X-Fastly-Cache
X-Nc
X-AK-Request-ID
Cdnsip
Server-ID
Cdncip
X-Zone
X-Origin-Expires
X-ND-Cache
X-Wa
X-Vc
X-VC
X-Instance-Name
X-DataCenter
X-ZONE
X-Webkit-CSP
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
Memory
X-Gateway-Cache-Key
X-Fpc
X-Release
X-API-Version
X-Api-Version
Time
X-Gateway-Request-Id
X-HS-Status
X-Response-By
X-NGINX-Cache
Cache
X-FL-EDGE
Expect-Staple
X-Via-NSCOPI
Srvid
Hostname
X-NewRelic-App-Data
Locid
X-From
X-FL-QIT-DEBUG
X-Generated-In
X-LB-ID
X-Correlation-ID
X-CS
X-Hcs-Proxy-Type
X-APP-VERSION
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Cache-Enabled
X-Via-CDN
Eomportal-Instance
X-Client-Ip
X-Edge-Pop
X-Check-Cacheable
X-CSRF-TOKEN
NtCoent-Length
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Provided-By
Edge-Copy-Time
X-Via-SSL
Ngx-Var-Key
GeoIp-Country-Code
X-Vgn-Hpd-Cached
X-Via-Edge
X-Micro-Cache
AMP-Access-Control-Allow-Source-Origin
X-Air-Pt
OT-Force-Account-Verify
XkeyRZ
X-Proxy-CacheRZ
X-Request-URI
X-Vcl-Version
True-Client-IP
IsBot
X-SIPLIST1
X-Debug-Cache-Fetch
X-MCACHE
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Store
X-Lambda-Id
X-Via-JSL
X-Dc
X-Srv
X-Nf-Request-Id
X-VCL-Version
X-Cache-NGX
X-Info
Sid
VNS-Age
X-Vtex-Remote-Cache
VNS-Cache
CPC-Cache
CPC-Age
X-Render-Time
X-EC-Lua
X-B3-SpanId
True-Client-Ip
Path
Uri
X-Cs
Srv
Fastly-Drupal-Html
X-VCT
X-TH-Server
Resin-Trace
Location
Request-ID
X-Cache-Expires
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Fastly-Country-Code
X-ATG-Version
X-Edge-POP
X-Varnish-Authentication
X-Cache-ASPX
Esi-Enabled
CDN
Cross-Origin-Opener-Policy-Report-Only
X-MSEdge-Features
X-MSEdge-Flight
X-CLOUD-TRACE-CONTEXT
GeoIP-Country-Code
X-Contensis-Viewer-Groups
Servername
X-Accel-Version
X-Upstream-Ht
X-Upstream-Ct
X-Varnish-Beresp-TTL
M-TraceId
X-Cache-Type
X-TX-ID
YJS-ID
Timeexpire
X-Lb-Id
X-CF-Lambda-Version
X-Moov-T
X-Pod-Name
X-FPC
X-RateLimit-Limit-Second
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-RateLimit-Remaining-Second
Traceparent
X-Scheme
X-Cdn-Request-ID
X-Moov-Xdn-Version
X-Udemy-Cache-App-Namespace
Sm-Log-Id
LB
X-Datacenter
X-Service-Response-Time
X-Datadome
X-Viewer-Country
X-ApacheServer
X-RateLimit-Reset
CountryCode
XServer
X-PERF
X-Akamai-Pragma-Client-IP
X-CDN-Cache-Status
Server-Id
RNT-Time
X-Wikidot-Backend
HIT
X-Wikidot-Static-Cache
X-Cdn-Cache-Status
X-SERVER-NAME
RNT-Machine
N-Cache
X-WA
X-Geo
Powered-By
X-Orig-Expires
Ohc-File-Size
X-Tenant
X-Shop-Environment
Proxy-Connection
X-CACHE-KEY
X-NAPM-TraceId
X-NC
X-Bl-Debug
X-Srcache-Fetch-Status
X-Forwarded-Path
X-Srcache-Store-Status
FSS-Cache
X-B3-Trace-ID
X-MP-GENERATED-AT
Rip
ENV
Epwk-X-Cache
X-LiteSpeed-Cache-Control
X-TraceId
X-Ha-Backend
X-ServedByHost
X-Policy
X-App-Name
X-Amz-Meta-Opti
X-Cdn-Forward
V-Age
X-Via-PopN
X-Hyper-Cache
Tracecode
True-Client-Country-4JS
X-Clientip
Yjs-Id
X-Dw-Trace-Id
WZWS-RAY
X-Via-PopH
X-Via-PopV
Geoip-Latitude
X-M-Log
X-M-Reqid
X-Swift-Error
X-Serial
Ec-Rule-Version
Content-Style-Type
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Lb-Nocache
X-B3-Parentspanid
X-Acquia-Purge-Tags
X-Acquia-Site
X-RAMCache
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Content-Script-Type
X-Qnm-Cache
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Reason
Ngx
X-B3-ParentSpanId
X-Snapshot-Date
User-Agent
Inserted-Into-Cache-At
XM
X-VG-WebCache
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-F-Status
X-TT-LOGID
X-Wp-Cf-Super-Cache
MIME-Version
X-Fastly-Cache-Hits
X-Webstats-RespID
Lb
Hit
Cneonction
My-App
X-Mid-Debug-Cache-Key
Warning
X-LiteSpeed-Tag
X-IPS-Cached-Response
X-Stale
X-Mid-Debug-Cache-Disk
X-Th-Server
X-Request-URL
X-UP
X-Cache-Ngx
X-MiniProfiler-Ids