Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
X-Ua-Compatible
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Request-ID
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Dns-Prefetch-Control
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Ws-Request-Id
X-Age
Host-Header
P3p
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Akamai-Path-Stats
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
Accept-CH
X-Node
X-Pingback
Cf-Railgun
X-Cache-Spec
X-OneAgent-JS-Injection
Request-Id
Surrogate-Control
EagleEye-TraceId
X-Server-Id
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
X-Clacks-Overhead
X-Url
X-WebKit-CSP-Report-Only
X-Edge
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
Edge-Control
X-B3-TraceId
X-TtlSet
X-Vname
X-PC
X-Oneagent-Js-Injection
X-Content-Type
X-Mod-Pagespeed
X-ESI
X-Ruxit-JS-Agent
X-Vcap-Request-Id
X-D2id
X-Use-Magma
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
Xkey
X-Mcache
X-Ruxit-Js-Agent
Verso
X-GitHub-Request-Id
X-Amz-Rid
Cache-Tag
X-Powered-By-Plesk
X-VARITI-CCR
X-CST
X-Varnish-TTL
RTSS
Service-Worker-Allowed
X-ECACHE
X-FastCGI-Cache
X-Upstream
X-Navigation-Version
X-Abt-Application-Version
X-Version
X-Cached
X-Client-IP
X-Cnection
X-Ac
X-Dw-Request-Base-Id
X-Px
X-Element-Page-Cache
X-Instrumentation
X-Server-Name
Arr-Disable-Session-Affinity
X-Kraken-Loop-Name
X-SharePointHealthScore
Public-Key-Pins
SPRequestGuid
X-Server-Lifecycle-Phase
X-Cache-TTL
SPRequestDuration
SPIisLatency
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Ttl
X-Country-Code
X-NWS-LOG-UUID
Permissions-Policy
X-Ser
Accept-Ch
X-Cache-Key
X-Midtier
Response
X-Middleton-Response
X-RateLimit-Remaining
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-Forwarded-For
Content-MD5
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-DataDome
Front-End-Https
X-Shield-Request-Id
X-Correlation-Id
X-NF-Request-ID
X-MSEdge-Ref
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Recruiting
TP-Cache
TP-L2-Cache
Edge-Cache-Tag
Nginx-Cache
AR-ATIME
AR-PoweredBy
X-T
AR-Request-ID
AR-CACHE
Cf-Apo-Via
AR-SID
X-Accel-Expires
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Powered-CMS
X-RateLimit-Limit
X-ORACLE-DMS-ECID
TCN
X-ORACLE-DMS-RID
X-Grace
X-Mg-S
X-Id
X-Content-Digest
X-Hits
X-HS-Combine-CSS
Server-Node
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Request-Received
Filters
X-Request-Processing-Time
Server-Name
X-Amzn-Trace-Id
X-TEC-API-VERSION
X-Frontend
X-TEC-API-ROOT
X-TEC-API-ORIGIN
MS-Author-Via
X-Geo-Country
X-Distributor
X-XRDS-Location
S
Fastcgi-Cache
X-Protected-By
X-LLID
Cache-Status
X-Language
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Fastly-Request-Id
X-LB-Cache
X-Origin-Server
X-PressLabs-Stats
Cross-Origin-Opener-Policy
Count-Hit
X-Fastcgi-Cache
X-TTL
X-Ezoic-Cdn
X-B3-Sampled
X-FB-Debug
Host
X-Request-Handler-Origin-Region
X-Forwarded-Proto
X-F-Cache
X-Microsite
X-Ua-Browser
X-Amz-Meta-S3cmd-Attrs
X-Ab
Charset
X-Seen-By
Filterid
X-Git-Hash
Payment
X-Page-Id
X-Litespeed-Cache
X-Cluster-Name
X-VCache
X-ASPNET-VERSION
X-Cache-Age
Surrogate-Key
X-Ratelimit-Reset
Realpath
X-Rid
X-Origin-Cache
Accept-Charset
Cache-Tags
X-NGENIX-Cache
X-Template
Access-Control-Allow-Method
X-Www-Served-By
Alternate-Protocol
Retry-After
X-Webkit-Csp
X-Logged-In
Cleartype
X-DIS-Request-ID
X-Activity-Id
X-Upgrade-Enabled
X-Az
X-AppVersion
X-DynaTrace
X-Tb
X-Amz-Replication-Status
X-TT
X-Varnish-Backend
X-Wix-Request-Id
X-App-Environment
X-B
X-B-Cache
X-Signature
X-Varnish-Grace
X-Type
X-Source
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Route-Name
X-Envoy-Decorator-Operation
X-Providence-Cookie
X-Request-Guid
X-Node-Name
Paypal-Debug-Id
X-Hostname
DC
ServerID
X-Drupal-Cache-Tags
Frame-Options
X-Revision
X-Debug
X-Fastly-Request-ID
X-Proxy
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Server-ID
X-Mobile
X-Contextid
X-Content-Options
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Load-Cache
X-Cache-Rule
X-Goog-Generation
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Kong-Upstream-Latency
X-N
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Node
X-Magnolia-Registration
Country
Refresh
X-Content
Referer-Policy
X-User-Agent
X-Original-Request-Id
X-Response-Served-From
X-Whom
X-EdgeConnect-Cache-Status
Viewport
NGB
X-Debug-IsPreview
X-Cache-TTL-Remaining
X-L-Path
X-Environment-Context
Access-Control-Request-Headers
X-Debug-IsConnected
X-Framework
X-Content-Powered-By
X-Yottaa-Metrics
X-G
VIX-Pulpo-Upstream-Status
Uber-Trace-Id
X-Unique-Id
X-Jobs
X-Adobe-Content
X-Cacheable-TTL
Url
X-Adobe-Loc
X-Yottaa-Optimizations
X-Mid
X-Servername
VIX-Pulpo-Node
X-NYM-Debug-Backend
X-Varnish-Age
Content-Disposition
X-Varnish-Server
X-Akamai-Request-ID2
X-Cache-Time
X-Real-IP
X-Status
X-Cache-Grace
X-Oracle-Dms-Ecid
X-ProcessESI
X-Instance
X-RemovedCookies
X-Oracle-Dms-Rid
X-Page-View
Srv
Akamai-GRN
X-Is-Bot
X-Ratelimit-Remaining
X-Rendered-As
X-Time
Countrycode
X-Drupal-Cache-Contexts
X-Mg-Request-UUID
Version
X-COUNTRY
X-Restarts
X-CDN-Forward
X-Webkit-CSP
X-Http-Reason
X-Cache-Expired-At
X-App-Server
X-Via-JSL
Accept-Language
X-XRDS-LOCATION
Healthy
X-APP-VERSION
X-Debug-Info
Protected
X-Tumblr-Pixel-1
X-IPLB-Instance
X-IPLB-Request-ID
X-Tumblr-User
X-Hosted-By
X-Tumblr-Pixel-0
X-URL
X-Cache-Hit
X-Tumblr-Pixel
X-Cache-Operation
Cross-Origin-Resource-Policy
X-Nginx-Cache-Key
X-Trace-Id
X-Azure-Ref
X-Backend-Name
X-Ratelimit-Limit
X-Tt-Logid
X-Device-Type
Liferay-Portal
Section-Io-Cache
Backend
Content-Secure-Policy
X-Akamai-Edgescape
X-FW-Type
X-FW-Static
Server-Info
X-FW-Dynamic
X-FW-Hash
Fastcgi-Useragent
X-FW-Serve
X-FW-Server
X-RTag
Ms-Operation-Id
X-Api-Version
MS-CV
X-Mobile-URL
X-UPSTREAM-Address
X-Cache-Action
X-Rule
Meta-Geo
X-RN-RSRV
X-Proxy-Cache-Status
X-Storage
Load-Balancing
GEO-INFO
X-Cache-NGX
X-VC-Cache
X-Mode
X-Content-Age
X-Varnish-Beresp-Grace
X-Varnishpool
X-AWS-Id
X-VWS-Id
X-Alternate-Cache-Key
X-Cache-Enabled
X-Varnish-Hostname
X-Adobe-Source
X-Edge-Location
X-No-Session
X-Skip-Cache
CDN-Cache
X-Region
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Handled-By
CDN-CachedAt
CDN-EdgeStorageId
X-ShopId
X-Shopify-Stage
X-ShardId
CDN-RequestCountryCode
CDN-PullZone
S-Rt
X-Proto
X-UUID
X-LJ-Flow-ID
X-Labrador-Cache-Channel
CF-IPCountry
X-Forwarded-Host
CDN-RequestId
X-OCL
CDN-Uid
X-PHP-Host
X-PHP-Backend
X-PCL
X-Uri
Eomportal-Instance
Azure-Version
Locale
Azure-InstanceId
Azure-RegionName
Selected-Fe
Mn-Server-Ip
X-Access
Azure-SiteName
Azure-SlotName
X-GeoCode
X-Say-Cacheable
X-Say-TTL
X-Routing-Service
X-Request-Time
X-ProxyCache-Status
X-Redis-Cache
X-SayCDN-TTL
X-Section
X-Sql-Duration-Ms
X-Timing-Wait
X-Sql-Count
X-Site-Version
X-ServerID
X-ProxyCache-Key
X-Urbn-Context-Path
X-Cache-Type
X-Cms-Context
X-Cache-Server
X-BYPASS-REASON
X-Xfnlog-Site
X-Via-Fastly
X-Extlb
X-FB-TRIP-ID
X-Proxied
X-Proxy-Build
X-Urbn-Site-Id
X-Hl-Ver
X-GeoCountry
X-Zipkin-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
X-Format
X-Locale
X-SRV
TWC-Locale-Group
X-Generation-Time
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
X-Origin-Hint
Apigw-Requestid
DB-Nickname
Onion-Location
X-Cache-Host
Property-Id
Webcakes-Region
X-Varnish-Cache-Hits
TWC-Connection-Speed
X-UA-Device-Type
X-HTML-Minification-Powered-By
X-R9-Blue-Green-Version
X-Cache-Status-Check
X-Server-W
X-Nginx-Cache
X-Generated-By
X-Web-Node
Web-Mar-Node
X-Tid
X-Storefront-Renderer-Rendered
WP-Super-Cache
X-Origin-Date
X-SaId
X-Ms-Version
X-Ms-Request-Id
X-JoinUs
X-Datadome
X-Detected-As
Xserver
X-Correlation-ID
Cache-Name
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-DynaTrace-JS-Agent
X-FireWall-Port
ServedBy
X-Zen-Fury
X-LSADC-Cache
X-ECache
X-App-Version
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Varnish-Ttl
Source
X-TNCMS
X-TA-CDN-Provider
X-Ua
X-Loop
X-Cache-Tags
Cache
X-Dc
Xet-Cookie
X-Debug-Cache
X-Human
X-Tec-Api-Origin
X-Tec-Api-Root
X-Reqid
X-RCS-CacheZone
X-Tec-Api-Version
X-Pubstack
X-Varnish-Hits
SD-X-WS
Cross-Origin-Window-Policy
Origin
X-Aspnetmvc-Version
X-Amzn-Remapped-Content-Length
X-MP-GENERATED-AT
X-Newrelic-Synthetics
X-Soup
X-GEO
X-Cached-By
X-Vgn-Hpd-Reason
X-Cdn
WPO-Cache-Status
WPO-Cache-Message
X-Origin-TTL
From-Origin
X-Origin-CC
LB
X-Varnish-Beresp-Ttl
X-Service
X-Provided-By
X-Tumblr-Pixel-2
Webserver
X-IPS-LoggedIn
X-AOL-HN
X-B3-SpanId
Rip
X-Via-NSCOPI
X-NewRelic-App-Data
X-FW-Version
X-GG-Cache-Date
X-Platform-Server
X-A-Ccd
X-A
X-Application
Surrogated-Key
T-Server
X-A-Dam
X-AK-Request-ID
X-Aed
X-A-Wwc
X-A-Dgt
Sslversion
X-A-Dcw
Ngx.Var.Host
DCR-Decision-By
DCR-Processing-Time-Ms
Cdnsip
Cdncip
A
BehaviorPad-Version
Environment
Expiry
X-ARC
Odigeo-Trace-Id
Meta-Geo-Continent
MD5-Digest
Host-ID
Lang
Rendered-Blocks
X-Cache-NE
X-Served-From
X-Shop-Environment
X-ScT
X-S-Cookie
X-Rojux
X-S
X-SRCache-Key
X-Tenant
X-VG-WebCache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-TIM-N
X-User
X-Rewrite-Enabled
X-Processor
X-Destination
X-Developer
X-D
X-Connection-Hash
X-Bc-Bl
X-BCube-Filmed-By
X-Ec-GeoHdr
X-External-Request-Id
X-Owner
X-PBS-Appsvrname
X-Orig-Expires
X-NAPM-TraceId
X-Forwarded-Path
X-B-Cookie
X-Ec-Fail
X-Cluster-Node
X-CSRF-Token
HostName
X-Request-Host
X-B3-Traceid
Mime-Version
OT-Force-Account-Verify
X-VC
CPC-Cache
X-Pool
X-Accel-Buffering
CPC-Age
X-Bip
X-Parent-Response-Time
X-Varnish-Beresp-Status
X-Thanos
VNS-Age
X-Level-Front-Cache
Redirect-Candidate
X-Generated-On
Machine
X-Qloud-Router
Upgrade-Insecure-Requests
X-Aicache-OS
VNS-Cache
X-TIME
X-WA-Info
X-Nf-Request-Id
Tube-Got-Eval
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-Origin
Tube-Got-Results
Wxu-Next-Hostname
V-Age
X-Origin-Response-Time
Wxu-Next-Region
Tube-Return
Tube-Get-Contents
Servername
X-Gateway-Skip-Cache
X-RateLimit-Limit-Second
Platform
Producers
Origin-CC
X-RateLimit-Remaining-Second
Mobile-Detection-Method
NGX
NM-Fastcgi-Cache
Release
Req-Svc-Chain
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
TDXMobile
State
Server-Host
X-Policy
X-Optimistic-Header
Traceparent
X-BBC-Edge-Cache-Status
X-Device-Os
X-Dispatcher-Number
X-Gzip
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-GeoIP-City
X-GeoIP
X-Gamma-Serve
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Fmm-Version
X-Fetched-On
X-Epic-Correlation-Id
X-Esi-Check
X-Eu-Site
X-Hash
X-Csrf-Jwt
X-Region-Sid
X-Loc
X-Branch-Name
X-Cache-Id
X-Minions-Version
X-Mvc-Supplant-Cachable
X-NodeID
Cache-Hits
X-Mvc-Supplant-OutputCached
X-Cache-Info
X-CacheTTL
X-CMSURLCustom
X-Core-Mission
X-Core-Value
X-Cluster
X-Clara-WADP
X-Cdn-Origin
X-CGP
X-Ckpd-Fst-Backend
X-Ad-Defer-Variation
Origin-EX
X-Sn-Servicetimems
Click-Count-Action-Start
Click-Count-Error
X-SplitTest
Candidate-Md5Url
Cache-Host
Canary
Cmsid
Cmstype
Decoy-Debug-TTL
DSUID
X-Sigma-Backend
Decoy-Debug-Status
Decoy-Debug-Key
Country-Code
X-SIPLIST1
X-SVT-ORM-VERSION
Apple-News-Services-Request-Url
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-VServer
X-WADP-Cache
X-Worker
X-Wix-Viewer-Type
X-Varnish-CookieHashed-On
X-Variation
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Adler-Geo
X-V-Cache
X-Thinkindot-L3
X-Sigma
X-SVT-ORM-RULES
X-Rocket-Nginx-Serving-Static
Fastly-SIE
X-Rocket-Build-Number
HA-Ipaddr
Fastly-GeoIP-CountryCode
X-SB
X-S-Maxage
Ha-Gx-Prefs
Is-Eu
L5d-Success-Class
Fastly-SSL
IsBot
X-Request-URI
Kp-EeAlive
X-Scale
L
Memcached
Fastly-SWR
X-Cache-Debug
X-Irp-Debug
Ec-Rule-Version
X-Clientip
X-HS-Content-Campaign-Id
X-ZONE
Cluster
X-Origin-Time
X-Nyt-Route
X-INCAP-ABP
X-Geo-Header
X-Proxy-Cache-Info
X-Forwarded-Site
X-Viewer-Country
X-Gdpr
X-Auto-Login
X-Developers
Datacenter
X-Has-Esi
Gh-Request-Id
Mail-Subject
X-Ec-Custom-Error
We-Hiring
X-Cdn-Srv
X-Is-Gdpr
X-Planisys-CDN-TTL
CloudFront-Viewer-Country
Sever-Int
X-Slack-Backend
X-NCache
Server-Hostname
Server-Ext
X-Planisys-CDN-Rules
X-Cache-Bucket
Svr
X-Scheme
X-JWT-State
X-Planisys-CDN-Cache
CDCHOST
Fastly-Backend-Name
X-Tx-Id
X-Trace-ID
X-WP-CF-Super-Cache-Active
X-Cache-Remote
Cache-Tv-Group
X-Sucuri-ID
X-LB-NoCache
X-Sucuri-Cache
Fastcgi-Cache-TTL
X-Block-Status
X-Gen-Mode
User-Cache-Control
Web-Mar-Region
AKAMAI
X-Hnp-Log
X-Udemy-Cache-App-Namespace
X-ND-Cache
Time
Memory
X-Rebelmouse-Cache-Control
X-Var-Ttl
X-Presslabs-Stats
Fastly-Drupal-HTML
Ssr
X-Rebelmouse-Surrogate-Control
Pics-Label
X-Fastly-Cache
X-Origin-Expires
X-Session-Fingerprint
WebServer
AMP-Access-Control-Allow-Source-Origin
X-Azure-Ref-OriginShield
X-ATG-Version
X-FC-Vary-Parameters
X-Fastly-Backend
X-Newrelic-App-Data
Sid
X-Tb-Optimization-Total-Bytes-Saved
SID
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-Pod-Name
X-Generated-In
X-NWS-UUID-VERIFY
X-Webkit-CSP-Report-Only
X-Servedbyhost
Server-ID
X-Buckets
Env
X-Xrds-Location
X-Refresh
X-Akamai-Transformed
X-Ig-Push-State
X-Cache-Date
X-Cs
X-DC
X-Pass-Why
X-Up
X-Fpc
X-Release
X-Edge-Pop
X-Conf
X-NC
X-MSEdge-Flight
X-EC-Lua
My-App
X-Dispatch
X-MSEdge-Features
X-Wa
X-Microcachable
X-Tumblr-Pixel-3
X-Dmc
X-TRACE-ID
X-Lambda-Id
X-Esi
X-RateLimit-Reset
X-Endurance-Cache-Level
X-PX
Fastly-Drupal-Html
X-MCACHE
X-ID
CDN
X-CS
X-TX-ID
X-CACHE-AGE
GeoIp-Country-Code
X-Req
X-VCL-Version
Magicmarker
X-Be
X-Zone
True-Client-IP
X-NGINX-Cache
X-Wikidot-Static-Cache
X-LB-ID
X-Srv
X-Wikidot-Backend
X-CACHE-KEY
X-Vc
X-TH-Server
X-CSRF-TOKEN
X-Air-Source
CacheControlHeader
True-Client-Country-4JS
X-Air-Hostname
X-Air-Trace-Id
Hostname
X-Hyper-Cache
X-Yandex-Sdch-Disable
X-CF-Lambda-Fn
X-CF-Lambda-Version
True-Client-Ip
X-Micro-Cache
X-Op-Id-All
GeoIP-Country-Code
X-Air-Pt
X-Alfa-Service
X-M-Reqid
X-HS-Status
X-Vcl-Version
Pramga
X-App
Path
Resin-Trace
X-M-Log
X-B3-Spanid
X-Qnm-Cache
C-Via
Tcn
N-Cache
X-Varnish-Beresp-TTL
X-TrackingId
Tracecode
X-SERVER-NAME
X-GeoIP-Region-Code
X-Platform
Esi-Enabled
X-PAYTM-SRV-ID
X-Vercel-Cache
X-Vercel-Id
On-Server
X-Date
Fastcgi-X-Cache-Version
X-GeoIP-Country-Code
X-Datacenter
X-Accel-Expires-Debug
WWW-Authenticate
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
NtCoent-Length
X-Edge-Origin-Shield-Bytes
Section-Io-Id
X-Edge-Origin-Shield-Region
Section-Io-Origin-Time-Seconds
X-Geo
Section-Origin-Responded
Hit
Section-Io-Origin-Status
X-Akamai-Pragma-Client-IP
Yjs-Id
Proxy-Connection
X-FPC
X-Webkit-Csp-Report-Only
X-Node-Id
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
GeoIP-Latitude
ENV
X-WA
X-Mly-Id
X-Edge-POP
X-RAMCache
FSS-Cache
X-Via-CDN
X-Vtex-Processado-Em
X-Response-By
X-Vtex-Remote-Cache
X-Lb-Id
User-Agent
X-ServedByHost
Lb
Server-Id
YJS-ID
Powered-By
X-Old-Content-Length
X-LAGOON
Cdn
X-API-Version
X-Request-Start
X-SD-PageType
X-Cdn-Forward
X-UA
X-Dw-Trace-Id
X-AIR-PT
X-Via-PopN
X-Via-PopH
HIT
X-Via-PopV
X-From
X-LiteSpeed-Cache-Control
X-PERF
Cache-Key
X-ApacheServer
X-Client-Ip
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Render-Time
X-Via-Ucdn
XkeyRZ
X-Traceid
X-TT-LOGID
X-Cache-Ttl
DynaTrace
Server-Ttl
X-LI-Proto
X-FORWARDED-FOR
X-Instance-Name
X-Webstats-RespID
X-Location
X-Li-Fabric
X-LI-UUID
X-Li-Pop
Dnion-Transfer-Encoding
X-CUA
Locid
Srvid
Geoip-Latitude
X-FL-EDGE
X-Proxy-CacheRZ
X-Litespeed-Cache-Control
X-Service-Response-Time
Sm-Log-Id
X-DSS
X-DW
X-RPM
PICS-Label
X-DB
DT-Hot-News
X-Proxy-Cache-Hk
XServer
X-RPS
X-RSL
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-LiteSpeed-Tag
XM
X-CF-Powered-By
X-VarnishDD-TTL
Nginx-CQVIP
X-HN
X-DI
PFcat
Ohc-File-Size
X-Proxy-Upstream
Location
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Vha6-Origin
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-Request-Url
X-Cdn-Request-ID
X-Lb-Nocache
X-Fastly-Backend-Reqs
X-Server-IP
X-Yottaa-OS
X-HostName
X-Director
Wpo-Cache-Message
Wpo-Cache-Status
Wp-Super-Cache
CountryCode
Warning
X-Ips-Loggedin
X-Cache-Ngx
SRV
X-Mg-Cache
CF-Cached-On
X-Ramcache
X-Test
X-DataCenter
X-ElasticPress-Query
WZWS-RAY
X-Moov-T
X-Moov-Xdn-Version
Req-ID
Fastcgi-Cache-Ttl