Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Request-ID
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Generator
X-Cache-Status
X-Check
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Status
Upgrade
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-UA-Device
X-Amz-Request-Id
X-Cache-Group
X-Amz-Id-2
EagleId
X-Backend
X-AH-Environment
X-Proxy-Cache
P3p
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
X-Ua-Compatible
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Apo-Via
X-Device
Cf-Railgun
X-WebKit-CSP
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Server-Id
X-Host
X-Ruxit-JS-Agent
EagleEye-TraceId
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Content-Security-Policy-Report-Only
Accept-Ch-Lifetime
X-HW
X-Cache-Lookup
X-Cloud-Trace-Context
X-Cache-Spec
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Application-Context
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Litespeed-Cache
Content-Location
X-Mcache
X-Content-Type
X-MS-InvokeApp
X-Country
X-Url
X-Clacks-Overhead
Accept-CH-Lifetime
X-Vname
X-PC
X-TtlSet
X-Midtier
X-Amz-Server-Side-Encryption
X-CST
Rating
RTSS
Cache-Tag
X-ESI
X-ECACHE
X-Vcap-Request-Id
X-D2id
X-Rack-Cache
X-Element-Page-Cache
Origin-Trial
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
Verso
X-Cdn-Fetch
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Service-Worker-Allowed
X-Ac
X-Powered-By-Plesk
X-Amz-Rid
X-Cnection
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
X-Client-IP
X-Webkit-Csp
Xkey
Edge-Control
X-Abt-Application-Version
SPRequestDuration
SPIisLatency
X-Upstream
X-Cache-TTL
X-Ttl
Arr-Disable-Session-Affinity
X-B3-TraceId
X-Varnish-TTL
X-Cached
X-Mg-S
X-Dw-Request-Base-Id
X-Browser-Type
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-NWS-LOG-UUID
X-Px
X-Middleton-Display
X-Sol
Display
Pagespeed
X-NF-Request-ID
Accept-Ch
X-FastCGI-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-Correlation-Id
Edge-Cache-Tag
X-Forwarded-For
X-Cache-Key
X-Country-Code
X-Goog-Hash
X-Ser
X-Powered-CMS
X-Id
Content-MD5
AR-Request-ID
AR-CACHE
AR-ATIME
AR-SID
AR-PoweredBy
Public-Key-Pins
Front-End-Https
TCN
X-Amzn-Trace-Id
X-Jurisdiction
X-Version
X-HP-Trace-Id
X-HP-Webp
X-Ratelimit-Limit
X-MSEdge-Ref
X-Content-Digest
X-Recruiting
X-T
X-Middleton-Response
Response
X-Accel-Expires
X-RateLimit-Remaining
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
S
Cache-Status
Nginx-Cache
X-Fastly-Request-ID
X-XRDS-Location
X-Fastcgi-Cache
X-Request-Processing-Time
X-Request-Received
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
Cross-Origin-Opener-Policy
X-HS-Combine-CSS
Server-Node
Cache-Tags
X-Daa-Tunnel
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Distributor
X-Hits
X-Ratelimit-Remaining
X-LB-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
X-Origin-Server
X-Ua-Browser
X-PressLabs-Stats
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Ratelimit-Reset
Filterid
Fastcgi-Cache
X-ORACLE-DMS-RID
Alternate-Protocol
X-Frontend
X-LLID
X-Grace
X-TEC-API-VERSION
X-Request-Handler-Origin-Region
X-Microsite
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Hostname
X-Rid
Realpath
X-DIS-Request-ID
Healthy
X-Logged-In
X-FB-Debug
X-Git-Hash
X-Varnish-Backend
Server-Name
X-NGENIX-Cache
X-Geo-Country
X-Www-Served-By
Cleartype
X-Cluster-Name
Payment
X-Page-Id
X-Debug-Info
DC
X-TTL
X-Load-Cache
MS-Author-Via
X-Forwarded-Proto
X-Origin-Cache
Access-Control-Allow-Method
X-Protected-By
X-ASPNET-VERSION
Content-Disposition
X-Upgrade-Enabled
X-B3-Sampled
X-Goog-Metageneration
Charset
X-GUploader-UploadID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Az
X-Activity-Id
X-AppVersion
X-Proxy
X-DataDome
X-Seen-By
Count-Hit
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
X-Times
Paypal-Debug-Id
X-Fb-Rlafr
X-F-Cache
X-Revision
X-Azure-Ref
X-Whom
Cross-Origin-Resource-Policy
X-Type
X-ECache
X-Contextid
X-B
X-Akamai-Edgescape
Accept-Charset
Viewport
X-App-Environment
Surrogate-Key
X-Is-Crawler
X-Aspnet-Duration-Ms
X-B3-Traceid
X-Varnish-Server
X-Flags
X-Cache-Age
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-TT
Retry-After
X-Wix-Request-Id
X-Hosted-By
X-Aspnetmvc-Version
X-Language
X-Envoy-Decorator-Operation
X-DynaTrace
X-Signature
X-B-Cache
X-Cache-Control
X-Source
X-Varnish-Grace
X-Magnolia-Registration
X-Mobile
X-App-Server
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
WPO-Cache-Message
Host
WPO-Cache-Status
Version
Amp-Access-Control-Allow-Source-Origin
X-VCache
Refresh
X-Amz-Apigw-Id
X-Amzn-RequestId
X-N
Referer-Policy
X-HTML-Minification-Powered-By
X-Cache-Rule
X-Server-ID
X-Response-Served-From
X-Original-Request-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-XRDS-LOCATION
X-Cache-Time
Access-Control-Request-Headers
X-Tumblr-Pixel-1
X-Varnish-Age
X-Rule
X-RTag
Ms-Operation-Id
MS-CV
SD-X-WS
X-Cacheable-TTL
X-Content-Powered-By
X-Framework
X-G
X-Jobs
Protected
X-EdgeConnect-Cache-Status
X-Trace-Id
X-RemovedCookies
X-User-Agent
X-UUID
X-Environment-Context
X-L-Path
X-ProcessESI
X-Backend-Name
X-Cache-Grace
VIX-Pulpo-Upstream-Status
X-FW-Dynamic
NGB
VIX-Pulpo-Node
X-Device-Type
X-FW-Hash
Section-Io-Cache
X-FW-Server
X-Tt-Trace-Host
X-Tt-Trace-Tag
Akamai-GRN
GEO-INFO
X-FW-Serve
X-Status
X-FW-Version
X-FW-Static
X-FW-Type
From-Origin
X-Http-Reason
X-Region
X-Cache-Status-Check
X-Is-Bot
X-Page-View
X-Rendered-As
X-Akamai-Request-ID2
X-Instance
X-Cache-Expired-At
X-Drupal-Cache-Tags
X-Adobe-Loc
X-Adobe-Content
X-NYM-Debug-Backend
Front
X-Drupal-Cache-Contexts
CDN-RequestId
X-Unique-Id
X-Pinterest-Rid
Pinterest-Version
X-Nginx-Cache
Url
X-RateLimit-Limit
Pinterest-Generated-By
X-Servername
X-COUNTRY
Liferay-Portal
Accept-Language
X-Content-Options
X-Template
X-Time
Fastly-SWR
Fastly-SIE
X-Varnish-Ttl
X-CDN-Forward
X-Zen-Fury
X-Air-Source
X-Air-Hostname
X-Debug-IsPreview
X-Debug-IsConnected
X-Air-Trace-Id
SRV
Backend
X-Cache-Hit
X-DynaTrace-JS-Agent
X-Fastly-Request-Id
X-Yottaa-Optimizations
X-Newrelic-App-Data
X-Yottaa-Metrics
Country
X-Mode
X-Rocket-Nginx-Serving-Static
Content-Secure-Policy
X-Cache-Operation
X-ARC
Node
X-Uri
X-Edge-Location
Onion-Location
X-Amzn-Remapped-Content-Length
X-Tumblr-Pixel-3
X-RN-RSRV
S-Rt
Filters
Meta-Geo
X-IPS-LoggedIn
X-Generation-Time
X-Tumblr-Pixel-2
X-App-Version
X-UPSTREAM-Address
Webserver
X-Rewrite-Enabled
X-Cache-Server
Cache-Hits
X-Locale
Azure-SiteName
Azure-InstanceId
X-Proxy-Cache-Info
Azure-RegionName
Azure-SlotName
Azure-Version
X-Content-Age
X-Timing-Wait
CF-IPCountry
X-Tec-Api-Origin
X-Tec-Api-Root
Uber-Trace-Id
X-Proxy-Build
X-Tec-Api-Version
Countrycode
Selected-Fe
X-Via-Fastly
X-Ua
X-Skip-Cache
X-Web-Node
X-Sucuri-Cache
X-Sucuri-ID
X-Soup
WP-Super-Cache
X-Site-Version
X-Server-W
X-PHP-Backend
X-Cache-Action
X-BYPASS-REASON
X-ProxyCache-Status
X-Ms-Request-Id
X-Cms-Context
X-ProxyCache-Key
X-Reqid
X-Ms-Version
Cache-Name
X-IPLB-Request-ID
X-Cache-Host
X-IPLB-Instance
X-Section
X-Say-TTL
X-Proto
X-SayCDN-TTL
Cache-Tv-Group
X-PHP-Host
X-Origin-Date
ServerID
X-Tb
X-Say-Cacheable
X-Labrador-Cache-Channel
X-AWS-Id
X-LJ-Flow-ID
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Version
Webcakes-App-Name
X-Cluster-Node
X-Extlb
X-Format
X-Access
Webcakes-Region
X-UA-Device-Type
TWC-Connection-Speed
X-Routing-Service
TWC-Locale-Group
TWC-Privacy
X-Proxy-Cache-Status
X-Origin-Hint
X-Zipkin-Id
TWC-GeoIP-LatLong
X-VWS-Id
Property-Id
X-Proxied
Cross-Origin-Window-Policy
X-R9-Blue-Green-Version
DB-Nickname
X-SaId
X-No-Session
X-JoinUs
X-Sql-Count
Web-Mar-Node
Apigw-Requestid
X-Sql-Duration-Ms
X-Debug
X-Cluster
X-VC-Cache
X-Optimistic-Header
X-LAGOON
X-Forwarded-Host
Locale
Mn-Server-Ip
X-Handled-By
X-FB-TRIP-ID
X-Urbn-Site-Id
X-Cache-TTL-Remaining
X-Real-IP
X-Detected-As
X-Varnish-Beresp-Grace
X-Urbn-Context-Path
X-Adobe-Source
X-Director
ServedBy
X-LSADC-Cache
X-Node-Name
X-Ruxit-Js-Agent
X-Xfnlog-Site
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Fastcgi-Useragent
Frame-Options
X-GeoCode
X-GeoCountry
Upgrade-Insecure-Requests
Mime-Version
X-Varnish-Hits
X-Tt-Logid
Source
X-Oneagent-Js-Injection
Fastly-Drupal-HTML
X-Api-Version
Load-Balancing
CDN-Cache
CDN-CachedAt
CDN-RequestCountryCode
CDN-Uid
X-Hl-Ver
CDN-PullZone
CDN-EdgeStorageId
X-Generated-By
X-Varnish-Cache-Hits
X-GEO
Xet-Cookie
X-Buckets
X-Request-Time
X-TIME
X-Varnish-Hostname
X-ServerID
X-Mg-Request-UUID
X-RM-Cache-TTL
X-Origin-CC
X-SRV
X-Datadog-Parent-Id
X-FireWall-Port
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Origin-TTL
X-Redis-Cache
X-Datadog-Sampling-Priority
X-TA-CDN-Provider
CF-Cached-On
X-URL
X-Cache-Debug
X-Loop
X-Served-From
X-Akamai-Transformed
X-Storage
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Pubstack
Xserver
X-Endurance-Cache-Level
X-Provided-By
X-Restarts
X-Tx-Id
X-Pass-Why
X-Newrelic-Synthetics
X-Location
X-Destination
DSUID
Sslversion
T-Server
X-A-Dcw
X-Developer
Surrogated-Key
X-Ec-GeoHdr
X-External-Request-Id
X-Fetched-On
X-We-Are-Hiring
Server-Host
X-A-Wwc
X-Ec-Fail
X-Epic-Correlation-Id
X-Aed
Xc-Version
X-Application
X-Cache-Info
X-B-Cookie
X-Cache-NE
X-CSRF-Token
Thinkindot-Control
X-Bc-Bl
Thinkindot-CacheControl-Type
X-Bip
X-BCube-Filmed-By
Thinkindot-CacheControl
X-Vdms-Version
X-CUA
X-Cache-Date
X-D
X-Core-Mission
TDXMobile
X-CMSURLCustom
X-Conf
X-Request-Host
X-Test
Rendered-Blocks
Host-ID
X-Rojux
X-S
X-A
X-S-Cookie
X-Rocket-Build-Number
X-Response-By
X-A-Dam
X-Processor
Lang
X-Vdms-Path
X-TIM-N
X-S-Maxage
WWW-Authenticate
X-Thinkindot-L3
X-SRCache-Key
X-Thanos
Edge-Cache
DCR-Processing-Time-Ms
DCR-Decision-By
X-ScT
Gannett-Cam-Experience-Id
X-Sigma
X-Sigma-Backend
MD5-Digest
X-A-Ccd
Cache-Host
BehaviorPad-Version
X-INCAP-ABP
X-Level-Front-Cache
Memcached
Release
X-Hash
X-Gdpr
X-Generated-On
A
X-A-Dgt
X-Men
Redirect-Candidate
NM-Fastcgi-Cache
X-Origin-Time
Ngx.Var.Host
Meta-Geo-Continent
X-Mid
X-Origin
X-Mobile-URL
Candidate-Md5Url
Origin
Odigeo-Trace-Id
X-Nyt-Route
Server-Info
X-Service
Tube-Got-Results
Req-Svc-Chain
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Gh-Request-Id
Magicmarker
Tube-Return
Mail-Subject
Tube-Got-Eval
X-Date
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Pool
X-Platform
X-Origin-Response-Time
X-Mvc-Supplant-Cachable
X-Node-Id
X-Org
X-Region-Sid
X-Req
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Varnishpool
X-Var-Ttl
X-SD-PageType
X-Loc
X-Human
X-Cdn-Origin
X-Scale
X-Auto-Login
X-Dispatcher-Number
X-Cache-Id
X-Cache-Bucket
X-Accel-Expires-Debug
X-Akamai-Device-Characteristics
X-BBC-Edge-Cache-Status
X-Dispatcher-Server
X-Ec-Custom-Error
X-Gzip
X-HS-Content-Campaign-Id
X-Httpd
X-Geo-Header
X-Gamma-Serve
C-Via
X-Esi-Check
X-Fastly-Cache
We-Hiring
Tube-Get-Contents
CacheControlHeader
Cache-Key
CloudFront-Viewer-Country
Cmstype
Click-Count-Action-Start
X-CACHE-AGE
Cmsid
Click-Count-Error
AKAMAI
X-WP-CF-Super-Cache-Active
Section-Io-Id
X-Varnish-Beresp-Ttl
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Vcl-Version
HostName
Environment
Section-Io-Origin-Status
X-Is-Gdpr
X-JWT-State
X-Fmm-Version
X-Irp-Debug
Origin-CC
X-VServer
X-Ad-Defer-Variation
X-TNCMS
On-Server
X-Variation
X-Clara-WADP
Vix-Hermes-Req-Id
Web-Mar-Region
X-Ckpd-Fst-Backend
X-Mly-Id
X-Vmg-Version
Origin-EX
X-CacheTTL
X-GeoIP
X-Forwarded-Site
X-Frame-Option
X-Cache-FS-Status
X-Cdn-Srv
Datacenter
X-Developers
X-Has-Esi
X-V-Cache
X-GeoIP-Region-Code
X-Azure-Ref-OriginShield
X-GeoIP-City
X-GeoIP-Country-Code
X-FC-Vary-Parameters
X-Fastly-Backend
Platform
X-DefElseHash
Kp-EeAlive
X-Nginx-Cache-Key
Is-Eu
Adler-Geo
Country-Code
X-DefHash
Canary
X-SB
Machine
X-Server-IP
X-WA-Info
X-Device-Os
X-WADP-Cache
X-Planisys-CDN-TTL
X-Worker
X-Origin-Expires
X-Varnish-Remaining-TTL
Expect-Staple
X-Core-Value
X-NodeID
X-Varnish-CookieHashed-On
X-Owner
X-Varnish-CookieINHashed-On
X-Instance-Name
X-Planisys-CDN-Cache
Ssr
X-Planisys-CDN-Rules
X-Via-CDN
X-Air-Pt
X-From
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-VarnishDD-TTL
Apple-News-Services-Host
X-Old-Content-Length
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Wix-Viewer-Type
X-Release
X-Qloud-Router
X-VC
Apple-News-Services-Request-Url
X-HN
Server-Hostname
Sever-Int
Srvid
Server-Ext
PFcat
L
Locid
User-Cache-Control
X-DPWN-IS-SECURE
X-Cache-Tags
X-App
State
Producers
X-FL-EDGE
Cache-Provider
X-Op-Id-All
X-Hnp-Log
X-Block-Status
X-Aicache-OS
X-FL-QIT-DEBUG
X-Accel-Buffering
X-Gen-Mode
NGX
X-VG-TLSProxy
X-NCache
X-Minions-Version
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
HA-Ipaddr
CDCHOST
L5d-Success-Class
X-Mvc-Supplant-OutputCached
Ha-Gx-Prefs
X-Nananana
X-Cache-Remote
X-Ua-Device
X-Platform-Server
X-Microcachable
X-Request-Start
X-Varnish-Beresp-Status
X-RCS-CacheZone
X-Eu-Site
X-CGP
X-Csrf-Jwt
X-Zone
X-Webkit-CSP-Report-Only
X-Parent-Response-Time
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-VCT
X-Cache-Enabled
X-LB-NoCache
Fastly-SSL
X-Up
X-B3-SpanId
AMP-Access-Control-Allow-Source-Origin
X-Tb-Optimization-Total-Bytes-Saved
X-Lambda-Id
Pics-Label
X-DC
X-Dc
X-Correlation-ID
X-B3-Spanid
X-Upstream-Ct
X-Via-Popv
Env
X-Generated-In
X-Via-Popn
X-Refresh
X-Cached-By
X-Cache-Backend
X-Vtex-Remote-Cache
X-Upstream-Ht
X-Via-Poph
X-Render-Time
Sid
X-Presslabs-Stats
X-Trace-ID
X-Cs
Cluster
X-CCDN-Origin-Time
Decoy-Debug-Status
CPC-Cache
X-CCDN-CacheTTL
Memory
Cache
VNS-Age
X-Hcs-Proxy-Type
CPC-Age
Time
GeoIP-Latitude
VNS-Cache
X-ND-Cache
Decoy-Debug-TTL
Decoy-Debug-Key
SID
NtCoent-Length
X-Cache-Type
X-TH-Server
X-AIR-PT
X-HA-Backend
X-Webkit-CSP
X-Tid
X-NWS-UUID-VERIFY
X-Edge-Pop
X-LB-ID
X-Servedbyhost
X-HS-Status
Srv
X-NewRelic-App-Data
X-Via-JSL
X-ATG-Version
X-Nc
X-DataCenter
Server-ID
X-Wa
X-Esi
Fastly-Drupal-Html
X-Srv
Cdn
X-ZONE
Svr
Uri
GeoIp-Country-Code
X-Client-Ip
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Varnish-Authentication
X-Check-Cacheable
X-PAYTM-SRV-ID
X-Vgn-Hpd-Cached
X-CF-Lambda-Version
X-RateLimit-Limit-Second
X-Vgn-Hpd-Ssi
Esi-Enabled
X-Vgn-Hpd-Variations-Key
X-MP-GENERATED-AT
X-RateLimit-Remaining-Second
X-CF-Lambda-Fn
X-Amz-Meta-Cb-Modifiedtime
True-Client-IP
X-Fpc
X-Vc
YJS-ID
X-Proxy-CacheRZ
X-Datadome
X-NGINX-Cache
XkeyRZ
Hostname
X-CDN-Cache-Status
N-Cache
X-Udemy-Cache-App-Namespace
X-CS
X-CSRF-TOKEN
M-TraceId
X-Tenant
X-Shop-Environment
X-Orig-Expires
RNT-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Bl-Debug
RNT-Machine
X-Nf-Request-Id
X-CACHE-KEY
Lb
X-Forwarded-Path
Resin-Trace
X-TX-ID
X-Varnish-Beresp-TTL
Cdnsip
Cdncip
X-AK-Request-ID
OT-Force-Account-Verify
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
True-Client-Ip
XServer
X-Gateway-Request-Id
X-MSEdge-Features
X-MSEdge-Flight
X-Gateway-Cache-Key
X-EC-Lua
X-App-Name
X-Via-NSCOPI
X-B3-Trace-ID
X-Policy
X-FPC
X-API-Version
X-Fastly-Country-Code
X-Logging-Id
X-Service-Response-Time
Eomportal-Instance
Sm-Log-Id
CDN
Server-Id
X-Cache-Ttl
GeoIP-Country-Code
X-Git-Commit
X-Container-Uri
Path
X-Lb-Id
Ngx-Var-Key
X-Micro-Cache
X-Vcache
X-APP-VERSION
Hit
X-CLOUD-TRACE-CONTEXT
X-Datacenter
X-WA
X-Cdn-Diag
X-Accel-Version
X-SIPLIST1
X-VCL-Version
LB
IsBot
X-Cache-NGX
X-NC
X-MCACHE
X-Geo
X-Edge-POP
X-Request-URI
X-ServedByHost
X-RateLimit-Reset
HIT
X-Ha-Backend
X-Akamai-Pragma-Client-IP
X-Cdn-Forward
XM
V-Age
X-VG-WebCache
X-Acquia-Purge-Cdn-Unconfigured
Pramga
X-SERVER-NAME
X-Cdn-Cache-Status
X-Tncms
RATING
X-Info
X-Srcache-Store-Status
X-Snapshot-Date
Timeexpire
X-Srcache-Fetch-Status
FSS-Cache
Cross-Origin-Opener-Policy-Report-Only
X-Rebelmouse-Surrogate-Control
Location
Geoip-Latitude
X-Clientip
X-Rebelmouse-Cache-Control
ENV
CDN-RequestPullSuccess
CDN-RequestPullCode
Tcn
X-TT-LOGID
X-Lb-Nocache
Ohc-File-Size
X-Via-PopH
X-Via-PopV
X-Ctl-Mach
True-Client-Country-4JS
Req-ID
Yjs-Id
Epwk-X-Cache
X-Pod-Name
X-Via-PopN
X-HostName
X-TimeS
X-Iauth-Set-Uid
X-LiteSpeed-Cache-Control
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
W
X-Hyper-Cache
X-Amz-Meta-Opti
X-Dw-Trace-Id
X-Serial
X-M-Log
X-LiteSpeed-Tag
Warning
X-M-Reqid
X-Cdn-Request-ID
X-Viewer-Country
Cneonction
WZWS-RAY
X-Vgn-Hpd-Reason
X-Litespeed-Cache-Control
X-PERF
X-ApacheServer
X-User
X-Oss-Storage-Class
Proxy-Connection
X-UP
Ec-Rule-Version
X-Oss-Request-Id
Servername
X-RAMCache
Content-Script-Type
Content-Style-Type
X-Fastly-Backend-Reqs
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Cdn-Requestid
X-Oss-Server-Time
X-Acquia-Site
X-Cache-Expires
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Qnm-Cache
X-MiniProfiler-Ids
CountryCode
X-Lsadc-Cache
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Moov-Xdn-Version
X-Moov-T
X-WP-CF-Super-Cache-Cookies-Bypass
Inserted-Into-Cache-At
X-Swift-Error
X-Th-Server
Ngx
X-Webstats-RespID
X-Fastly-Cache-Hits
X-IPS-Cached-Response
X-Mg-Cache
X-B3-ParentSpanId
PICS-Label
My-App
Ohc-Cache-HIT
MIME-Version
X-B3-Parentspanid