Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Generator
X-Cache-Status
X-Check
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-UA-Device
X-Amz-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Amz-Id-2
EagleId
X-Backend
X-AH-Environment
X-Proxy-Cache
P3p
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ua-Compatible
Cf-Apo-Via
X-Device
X-WebKit-CSP
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Server-Id
X-Host
X-Ruxit-JS-Agent
EagleEye-TraceId
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Content-Security-Policy-Report-Only
Accept-Ch-Lifetime
X-HW
X-Cache-Lookup
X-Cloud-Trace-Context
X-Cache-Spec
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Application-Context
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Litespeed-Cache
Content-Location
X-Mcache
X-Content-Type
X-MS-InvokeApp
X-Country
X-Url
X-Clacks-Overhead
Accept-CH-Lifetime
X-Vname
X-PC
X-TtlSet
X-Midtier
X-Amz-Server-Side-Encryption
X-CST
Rating
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-ECACHE
X-D2id
X-Rack-Cache
X-Element-Page-Cache
Origin-Trial
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
Verso
X-Cdn-Fetch
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Service-Worker-Allowed
X-Ac
X-Powered-By-Plesk
X-Amz-Rid
X-Cnection
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
X-Client-IP
Xkey
Edge-Control
X-Abt-Application-Version
SPRequestDuration
SPIisLatency
X-Upstream
X-Cache-TTL
X-Ttl
Arr-Disable-Session-Affinity
X-B3-TraceId
X-Varnish-TTL
X-Cached
X-Mg-S
X-Dw-Request-Base-Id
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Instrumentation
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-NWS-LOG-UUID
X-Webkit-Csp
X-Px
Display
X-Sol
X-Middleton-Display
Pagespeed
Accept-Ch
X-NF-Request-ID
X-FastCGI-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-Correlation-Id
Edge-Cache-Tag
X-Forwarded-For
X-Cache-Key
X-Country-Code
X-Goog-Hash
X-Ser
X-Powered-CMS
X-Id
Content-MD5
AR-Request-ID
AR-PoweredBy
Front-End-Https
AR-ATIME
AR-SID
AR-CACHE
Public-Key-Pins
TCN
X-Amzn-Trace-Id
X-Version
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Content-Digest
X-Recruiting
X-MSEdge-Ref
X-Ratelimit-Limit
X-T
X-Middleton-Response
Response
X-RateLimit-Remaining
X-Accel-Expires
TP-L2-Cache
TP-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
S
Cache-Status
Nginx-Cache
X-XRDS-Location
X-Fastly-Request-ID
X-Fastcgi-Cache
X-Request-Processing-Time
X-Request-Received
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Cross-Origin-Opener-Policy
X-HS-Combine-CSS
Server-Node
Cache-Tags
X-Daa-Tunnel
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Distributor
X-Hits
X-Ratelimit-Remaining
X-LB-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
X-Origin-Server
X-Ua-Browser
X-PressLabs-Stats
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Ratelimit-Reset
Filterid
Fastcgi-Cache
X-ORACLE-DMS-RID
Alternate-Protocol
X-Frontend
X-LLID
X-Grace
X-TEC-API-VERSION
X-Request-Handler-Origin-Region
X-Microsite
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Hostname
X-Rid
Realpath
X-DIS-Request-ID
X-Logged-In
Healthy
X-FB-Debug
X-Git-Hash
X-Varnish-Backend
Server-Name
Cleartype
X-Www-Served-By
X-NGENIX-Cache
X-Geo-Country
X-Debug-Info
X-Cluster-Name
Payment
X-Page-Id
DC
X-TTL
MS-Author-Via
X-Load-Cache
X-Forwarded-Proto
X-Protected-By
X-Origin-Cache
Access-Control-Allow-Method
X-ASPNET-VERSION
Content-Disposition
X-Upgrade-Enabled
Charset
X-Goog-Metageneration
X-GUploader-UploadID
X-B3-Sampled
X-Kong-Proxy-Latency
X-Az
X-Kong-Upstream-Latency
X-Activity-Id
X-AppVersion
X-Proxy
X-DataDome
X-Seen-By
Count-Hit
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
X-Times
Paypal-Debug-Id
X-Fb-Rlafr
X-F-Cache
X-Revision
X-Azure-Ref
X-Whom
Cross-Origin-Resource-Policy
X-Type
X-ECache
X-Contextid
X-B
X-Akamai-Edgescape
Accept-Charset
Viewport
X-App-Environment
Surrogate-Key
X-Is-Crawler
X-Aspnet-Duration-Ms
X-B3-Traceid
X-Varnish-Server
X-Flags
X-Cache-Age
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-TT
Retry-After
X-Wix-Request-Id
X-Hosted-By
X-Aspnetmvc-Version
X-Language
X-Envoy-Decorator-Operation
X-DynaTrace
X-Signature
X-B-Cache
X-Cache-Control
X-Source
X-Varnish-Grace
X-Magnolia-Registration
X-Mobile
X-App-Server
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
WPO-Cache-Message
Host
WPO-Cache-Status
Version
Amp-Access-Control-Allow-Source-Origin
X-VCache
Refresh
X-Amz-Apigw-Id
X-Amzn-RequestId
X-N
Referer-Policy
X-HTML-Minification-Powered-By
X-Cache-Rule
X-Server-ID
X-Response-Served-From
X-Original-Request-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-XRDS-LOCATION
X-Cache-Time
Access-Control-Request-Headers
X-Tumblr-Pixel-1
X-Varnish-Age
X-Rule
X-RTag
Ms-Operation-Id
MS-CV
SD-X-WS
X-Cacheable-TTL
X-Content-Powered-By
X-Framework
X-G
X-Jobs
Protected
X-EdgeConnect-Cache-Status
X-Trace-Id
X-RemovedCookies
X-User-Agent
X-UUID
X-Environment-Context
X-L-Path
X-ProcessESI
X-Backend-Name
X-Cache-Grace
VIX-Pulpo-Upstream-Status
X-FW-Dynamic
NGB
VIX-Pulpo-Node
X-Device-Type
X-FW-Hash
Section-Io-Cache
X-FW-Server
X-Tt-Trace-Host
X-Tt-Trace-Tag
Akamai-GRN
GEO-INFO
X-FW-Serve
X-Status
X-FW-Version
X-FW-Static
X-FW-Type
From-Origin
X-Http-Reason
X-Region
X-Cache-Status-Check
X-Is-Bot
X-Page-View
X-Rendered-As
X-Akamai-Request-ID2
X-Instance
X-Cache-Expired-At
X-Drupal-Cache-Tags
X-Adobe-Loc
X-Adobe-Content
X-NYM-Debug-Backend
Front
X-Drupal-Cache-Contexts
CDN-RequestId
X-Unique-Id
X-Pinterest-Rid
Pinterest-Version
X-Nginx-Cache
Url
X-RateLimit-Limit
Pinterest-Generated-By
X-Servername
X-COUNTRY
Liferay-Portal
Accept-Language
X-Content-Options
X-Template
X-Time
Fastly-SWR
Fastly-SIE
X-Varnish-Ttl
X-CDN-Forward
X-Zen-Fury
X-Debug-IsPreview
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Debug-IsConnected
SRV
X-Cache-Hit
Backend
X-Fastly-Request-Id
X-DynaTrace-JS-Agent
X-Newrelic-App-Data
X-Yottaa-Optimizations
X-Yottaa-Metrics
Country
X-Mode
X-Rocket-Nginx-Serving-Static
Content-Secure-Policy
X-Uri
X-Edge-Location
X-Cache-Operation
Node
X-ARC
S-Rt
Webserver
Meta-Geo
X-App-Version
Filters
Onion-Location
X-RN-RSRV
X-Cache-Server
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Tumblr-Pixel-3
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Generation-Time
X-Amzn-Remapped-Content-Length
Selected-Fe
Azure-SiteName
X-Timing-Wait
Azure-Version
Cache-Hits
Azure-RegionName
X-Proxy-Build
X-PHP-Backend
Azure-InstanceId
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Locale
X-Content-Age
X-Proxy-Cache-Info
CF-IPCountry
Countrycode
Uber-Trace-Id
Azure-SlotName
X-Soup
X-Sucuri-Cache
X-Web-Node
X-Skip-Cache
X-Via-Fastly
X-Tb
X-Sucuri-ID
X-Ua
WP-Super-Cache
X-Server-W
X-ProxyCache-Status
X-Cache-Action
X-Site-Version
X-Ms-Version
X-BYPASS-REASON
X-Ms-Request-Id
X-Cms-Context
X-Reqid
Cache-Name
X-ProxyCache-Key
X-IPLB-Request-ID
X-Section
X-IPLB-Instance
X-Cache-Host
X-Say-TTL
X-SayCDN-TTL
Cache-Tv-Group
X-Proto
X-PHP-Host
ServerID
X-Origin-Date
X-Say-Cacheable
X-Labrador-Cache-Channel
X-AWS-Id
X-LJ-Flow-ID
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Version
Webcakes-App-Name
X-Cluster-Node
X-Extlb
X-Format
X-Access
Webcakes-Region
X-UA-Device-Type
TWC-Connection-Speed
X-Routing-Service
TWC-Locale-Group
TWC-Privacy
X-Proxy-Cache-Status
X-Origin-Hint
X-Zipkin-Id
TWC-GeoIP-LatLong
X-VWS-Id
Property-Id
X-Proxied
Cross-Origin-Window-Policy
X-R9-Blue-Green-Version
DB-Nickname
X-SaId
X-No-Session
X-JoinUs
X-Sql-Count
Web-Mar-Node
Apigw-Requestid
X-Sql-Duration-Ms
X-Debug
X-Cluster
X-VC-Cache
X-Optimistic-Header
X-LAGOON
X-Forwarded-Host
Locale
Mn-Server-Ip
X-Handled-By
X-FB-TRIP-ID
X-Urbn-Site-Id
X-Cache-TTL-Remaining
X-Real-IP
X-Detected-As
X-Varnish-Beresp-Grace
X-Urbn-Context-Path
X-Adobe-Source
X-Director
ServedBy
X-LSADC-Cache
X-Node-Name
X-Ruxit-Js-Agent
X-Xfnlog-Site
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Fastcgi-Useragent
Frame-Options
X-GeoCode
X-GeoCountry
Upgrade-Insecure-Requests
Mime-Version
X-Varnish-Hits
X-Tt-Logid
Source
X-Oneagent-Js-Injection
Fastly-Drupal-HTML
X-Api-Version
Load-Balancing
CDN-Cache
CDN-CachedAt
CDN-RequestCountryCode
CDN-Uid
X-Hl-Ver
CDN-PullZone
CDN-EdgeStorageId
X-Generated-By
X-Varnish-Cache-Hits
X-GEO
Xet-Cookie
X-Buckets
X-Request-Time
X-TIME
X-Varnish-Hostname
X-ServerID
X-Mg-Request-UUID
X-RM-Cache-TTL
X-Origin-CC
X-SRV
X-Datadog-Parent-Id
X-FireWall-Port
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Origin-TTL
X-Redis-Cache
X-Datadog-Sampling-Priority
X-TA-CDN-Provider
CF-Cached-On
X-URL
X-Cache-Debug
X-Loop
X-Served-From
X-Akamai-Transformed
X-Storage
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Pubstack
Xserver
X-Endurance-Cache-Level
X-Restarts
X-Tx-Id
X-Provided-By
X-Pass-Why
X-Newrelic-Synthetics
X-Request-Host
X-Location
Sslversion
DSUID
T-Server
X-A-Dcw
X-Developer
Surrogated-Key
X-Ec-GeoHdr
Server-Host
X-External-Request-Id
X-Fetched-On
X-We-Are-Hiring
X-A-Wwc
X-Aed
X-Ec-Fail
X-Destination
X-Epic-Correlation-Id
Xc-Version
X-Application
X-Cache-Info
X-B-Cookie
X-Cache-NE
Thinkindot-Control
X-Bc-Bl
Thinkindot-CacheControl-Type
X-Bip
X-BCube-Filmed-By
X-CSRF-Token
Thinkindot-CacheControl
X-CUA
X-Cache-Date
X-D
X-Core-Mission
TDXMobile
X-Vdms-Version
X-CMSURLCustom
X-Conf
X-Test
Rendered-Blocks
Host-ID
X-Rojux
X-S
X-A
X-S-Cookie
X-Rocket-Build-Number
X-Response-By
X-A-Dam
X-Processor
Lang
X-Vdms-Path
X-TIM-N
X-S-Maxage
WWW-Authenticate
X-Thinkindot-L3
X-SRCache-Key
X-Thanos
Edge-Cache
DCR-Processing-Time-Ms
DCR-Decision-By
X-ScT
Gannett-Cam-Experience-Id
X-Sigma
X-Sigma-Backend
MD5-Digest
X-A-Ccd
Cache-Host
BehaviorPad-Version
X-INCAP-ABP
X-Level-Front-Cache
Memcached
Release
X-Hash
X-Gdpr
X-Generated-On
A
X-A-Dgt
X-Men
Redirect-Candidate
NM-Fastcgi-Cache
X-Origin-Time
Ngx.Var.Host
Meta-Geo-Continent
X-Mid
X-Origin
X-Mobile-URL
Candidate-Md5Url
Origin
Odigeo-Trace-Id
X-Nyt-Route
Server-Info
X-Service
Tube-Got-Results
Req-Svc-Chain
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Gh-Request-Id
Magicmarker
Tube-Return
Mail-Subject
Tube-Got-Eval
X-Date
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Pool
X-Platform
X-Origin-Response-Time
X-Mvc-Supplant-Cachable
X-Node-Id
X-Org
X-Region-Sid
X-Req
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Varnishpool
X-Var-Ttl
X-SD-PageType
X-Loc
X-Human
X-Cdn-Origin
X-Scale
X-Auto-Login
X-Dispatcher-Number
X-Cache-Id
X-Cache-Bucket
X-Accel-Expires-Debug
X-Akamai-Device-Characteristics
X-BBC-Edge-Cache-Status
X-Dispatcher-Server
X-Ec-Custom-Error
X-Gzip
X-HS-Content-Campaign-Id
X-Httpd
X-Geo-Header
X-Gamma-Serve
C-Via
X-Esi-Check
X-Fastly-Cache
We-Hiring
Tube-Get-Contents
CacheControlHeader
Cache-Key
CloudFront-Viewer-Country
Cmstype
Click-Count-Action-Start
X-CACHE-AGE
Cmsid
Click-Count-Error
AKAMAI
X-WP-CF-Super-Cache-Active
Section-Io-Id
X-Varnish-Beresp-Ttl
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Vcl-Version
HostName
Environment
Section-Io-Origin-Status
X-Is-Gdpr
X-JWT-State
X-Fmm-Version
X-Irp-Debug
Origin-CC
X-VServer
X-Ad-Defer-Variation
X-TNCMS
On-Server
X-Variation
X-Clara-WADP
Vix-Hermes-Req-Id
Web-Mar-Region
X-Ckpd-Fst-Backend
X-Mly-Id
X-Vmg-Version
Origin-EX
X-CacheTTL
X-GeoIP
X-Forwarded-Site
X-Frame-Option
X-Cache-FS-Status
X-Cdn-Srv
Datacenter
X-Developers
X-Has-Esi
X-V-Cache
X-GeoIP-Region-Code
X-Azure-Ref-OriginShield
X-GeoIP-City
X-GeoIP-Country-Code
X-FC-Vary-Parameters
X-Fastly-Backend
Platform
X-DefElseHash
Kp-EeAlive
X-Nginx-Cache-Key
Is-Eu
Adler-Geo
Country-Code
X-DefHash
Canary
X-SB
Machine
X-Server-IP
X-WA-Info
X-Device-Os
X-WADP-Cache
X-Planisys-CDN-TTL
X-Worker
X-Origin-Expires
X-Varnish-Remaining-TTL
Expect-Staple
X-Core-Value
X-NodeID
X-Varnish-CookieHashed-On
X-Owner
X-Varnish-CookieINHashed-On
X-Instance-Name
X-Planisys-CDN-Cache
Ssr
X-Planisys-CDN-Rules
X-Via-CDN
X-Air-Pt
X-From
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-VarnishDD-TTL
Apple-News-Services-Host
X-Old-Content-Length
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Wix-Viewer-Type
X-Release
X-Qloud-Router
X-VC
Apple-News-Services-Request-Url
X-HN
Server-Hostname
Sever-Int
Srvid
Server-Ext
PFcat
L
Locid
User-Cache-Control
X-DPWN-IS-SECURE
X-Cache-Tags
X-App
State
Producers
X-FL-EDGE
Cache-Provider
X-Op-Id-All
X-Hnp-Log
X-Block-Status
X-Aicache-OS
X-FL-QIT-DEBUG
X-Accel-Buffering
X-Gen-Mode
NGX
X-VG-TLSProxy
X-NCache
X-Minions-Version
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
HA-Ipaddr
CDCHOST
L5d-Success-Class
X-Mvc-Supplant-OutputCached
Ha-Gx-Prefs
X-Nananana
X-Cache-Remote
X-Ua-Device
X-Platform-Server
X-Microcachable
X-Request-Start
X-Varnish-Beresp-Status
X-RCS-CacheZone
X-Eu-Site
X-CGP
X-Csrf-Jwt
X-Zone
X-Webkit-CSP-Report-Only
X-Parent-Response-Time
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-VCT
X-Cache-Enabled
X-LB-NoCache
Fastly-SSL
X-Up
X-B3-SpanId
AMP-Access-Control-Allow-Source-Origin
X-Tb-Optimization-Total-Bytes-Saved
X-Lambda-Id
Pics-Label
X-DC
X-Dc
X-Correlation-ID
X-B3-Spanid
X-Upstream-Ct
X-Via-Popv
Env
X-Generated-In
X-Via-Popn
X-Refresh
X-Cached-By
X-Cache-Backend
X-Vtex-Remote-Cache
X-Upstream-Ht
X-Via-Poph
X-Render-Time
Sid
X-Presslabs-Stats
X-Trace-ID
X-Cs
Cluster
X-CCDN-Origin-Time
Decoy-Debug-Status
CPC-Cache
X-CCDN-CacheTTL
Memory
Cache
VNS-Age
X-Hcs-Proxy-Type
CPC-Age
Time
GeoIP-Latitude
VNS-Cache
X-ND-Cache
Decoy-Debug-TTL
Decoy-Debug-Key
SID
NtCoent-Length
X-Cache-Type
X-TH-Server
X-AIR-PT
X-HA-Backend
X-Webkit-CSP
X-Tid
X-NWS-UUID-VERIFY
X-Edge-Pop
X-LB-ID
X-Servedbyhost
X-HS-Status
Srv
X-NewRelic-App-Data
X-Via-JSL
X-ATG-Version
X-Nc
X-DataCenter
Server-ID
X-Wa
X-Esi
Fastly-Drupal-Html
X-Srv
Cdn
X-ZONE
Svr
Uri
GeoIp-Country-Code
X-Client-Ip
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Varnish-Authentication
X-Check-Cacheable
X-PAYTM-SRV-ID
X-Vgn-Hpd-Cached
X-CF-Lambda-Version
X-RateLimit-Limit-Second
X-Vgn-Hpd-Ssi
Esi-Enabled
X-Vgn-Hpd-Variations-Key
X-MP-GENERATED-AT
X-RateLimit-Remaining-Second
X-CF-Lambda-Fn
X-Amz-Meta-Cb-Modifiedtime
True-Client-IP
X-Fpc
X-Vc
YJS-ID
X-Proxy-CacheRZ
X-Datadome
X-NGINX-Cache
XkeyRZ
Hostname
X-CDN-Cache-Status
N-Cache
X-Udemy-Cache-App-Namespace
X-CS
X-CSRF-TOKEN
M-TraceId
X-Tenant
X-Shop-Environment
X-Orig-Expires
RNT-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Bl-Debug
RNT-Machine
X-Nf-Request-Id
X-CACHE-KEY
Lb
X-Forwarded-Path
Resin-Trace
X-TX-ID
X-Varnish-Beresp-TTL
Cdnsip
Cdncip
X-AK-Request-ID
OT-Force-Account-Verify
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
True-Client-Ip
XServer
X-Gateway-Request-Id
X-MSEdge-Features
X-MSEdge-Flight
X-Gateway-Cache-Key
X-EC-Lua
X-App-Name
X-Via-NSCOPI
X-B3-Trace-ID
X-Policy
X-FPC
X-API-Version
X-Fastly-Country-Code
X-Logging-Id
X-Service-Response-Time
Eomportal-Instance
Sm-Log-Id
CDN
Server-Id
X-Cache-Ttl
GeoIP-Country-Code
X-Git-Commit
X-Container-Uri
Path
X-Lb-Id
Ngx-Var-Key
X-Micro-Cache
X-Vcache
X-APP-VERSION
Hit
X-CLOUD-TRACE-CONTEXT
X-Datacenter
X-WA
X-Cdn-Diag
X-Accel-Version
X-SIPLIST1
X-VCL-Version
LB
IsBot
X-Cache-NGX
X-NC
X-MCACHE
X-Geo
X-Edge-POP
X-Request-URI
X-ServedByHost
X-RateLimit-Reset
HIT
X-Ha-Backend
X-Akamai-Pragma-Client-IP
X-Cdn-Forward
XM
V-Age
X-VG-WebCache
X-Acquia-Purge-Cdn-Unconfigured
Pramga
X-SERVER-NAME
X-Cdn-Cache-Status
X-Tncms
RATING
X-Info
X-Srcache-Store-Status
X-Snapshot-Date
Timeexpire
X-Srcache-Fetch-Status
FSS-Cache
Cross-Origin-Opener-Policy-Report-Only
X-Rebelmouse-Surrogate-Control
Location
Geoip-Latitude
X-Clientip
X-Rebelmouse-Cache-Control
ENV
CDN-RequestPullSuccess
CDN-RequestPullCode
Tcn
X-TT-LOGID
X-Lb-Nocache
Ohc-File-Size
X-Via-PopH
X-Via-PopV
X-Ctl-Mach
True-Client-Country-4JS
Req-ID
Yjs-Id
Epwk-X-Cache
X-Pod-Name
X-Via-PopN
X-HostName
X-TimeS
X-Iauth-Set-Uid
X-LiteSpeed-Cache-Control
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
W
X-Hyper-Cache
X-Amz-Meta-Opti
X-Dw-Trace-Id
X-Serial
X-M-Log
X-LiteSpeed-Tag
Warning
X-M-Reqid
X-Cdn-Request-ID
X-Viewer-Country
Cneonction
WZWS-RAY
X-Vgn-Hpd-Reason
X-Litespeed-Cache-Control
X-PERF
X-ApacheServer
X-User
X-Oss-Storage-Class
Proxy-Connection
X-UP
Ec-Rule-Version
X-Oss-Request-Id
Servername
X-RAMCache
Content-Script-Type
Content-Style-Type
X-Fastly-Backend-Reqs
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Cdn-Requestid
X-Oss-Server-Time
X-Acquia-Site
X-Cache-Expires
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Qnm-Cache
X-MiniProfiler-Ids
CountryCode
X-Lsadc-Cache
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Moov-Xdn-Version
X-Moov-T
X-WP-CF-Super-Cache-Cookies-Bypass
Inserted-Into-Cache-At
X-Swift-Error
X-Th-Server
Ngx
X-Webstats-RespID
X-Fastly-Cache-Hits
X-IPS-Cached-Response
X-Mg-Cache
X-B3-ParentSpanId
PICS-Label
My-App
Ohc-Cache-HIT
MIME-Version
X-B3-Parentspanid