Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-ID
X-Request-Id
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
P3p
Access-Control-Max-Age
X-Via
Server-Timing
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-UA-Device
X-Cache-Group
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-AH-Environment
Keep-Alive
X-Proxy-Cache
X-Ua-Compatible
X-Server
X-Ws-Request-Id
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
Allow
X-Amz-Version-Id
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
Cf-Apo-Via
X-Device
X-Dns-Prefetch-Control
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Node
X-Host
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
EagleEye-TraceId
Surrogate-Control
X-Ruxit-JS-Agent
X-Backend-Server
Request-Id
X-Readtime
X-Cache-Lookup
X-HW
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-WebKit-CSP-Report-Only
X-CST
Accept-Ch-Lifetime
Content-Location
X-Content-Type
X-Url
X-Mcache
X-MS-InvokeApp
X-Clacks-Overhead
X-Country
Rating
X-Midtier
X-PC
X-Vname
X-TtlSet
X-Amz-Server-Side-Encryption
X-Litespeed-Cache
X-ECACHE
RTSS
X-VARITI-CCR
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-Server-Name
Origin-Trial
Verso
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Ac
X-Ttl
X-Rack-Cache
X-Cnection
X-Powered-By-Plesk
Service-Worker-Allowed
X-GitHub-Request-Id
X-Varnish-TTL
X-Navigation-Version
X-B3-TraceId
Xkey
X-Client-IP
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-Abt-Application-Version
X-Cache-TTL
Edge-Control
X-NWS-LOG-UUID
SPRequestDuration
SPIisLatency
X-Cached
Arr-Disable-Session-Affinity
X-Upstream
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Browser-Type
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Mg-S
X-Px
X-Cache-Key
X-Dw-Request-Base-Id
X-Sol
X-Middleton-Display
Display
Pagespeed
Content-MD5
X-Correlation-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
Edge-Cache-Tag
X-NF-Request-ID
X-Goog-Hash
X-Country-Code
Front-End-Https
X-Forwarded-For
X-Daa-Tunnel
X-Version
X-XRDS-Location
X-Powered-CMS
TCN
X-Id
Public-Key-Pins
AR-SID
AR-PoweredBy
AR-CACHE
AR-Request-ID
AR-ATIME
X-HP-Webp
X-Fastcgi-Cache
X-HP-Trace-Id
X-Jurisdiction
X-Recruiting
X-MSEdge-Ref
X-Content-Digest
X-T
X-RateLimit-Remaining
X-Accel-Expires
X-Middleton-Response
Response
X-Ser
X-Amzn-Trace-Id
X-Shield-Request-Id
X-Ratelimit-Limit
TP-L2-Cache
TP-Cache
X-FastCGI-Cache
X-Webkit-Csp
Nginx-Cache
X-B3-TraceId-Primal
S
MRF-Tech
Mrf-Cache-Status
X-Request-Received
X-Request-Processing-Time
Server-Node
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
Cache-Status
X-Distributor
Cache-Tags
X-Hits
X-Kinsta-Cache
X-Edge-Location-Klb
X-Grace
Fastcgi-Cache
X-Fastly-Request-ID
Server-Name
X-Ratelimit-Remaining
Alternate-Protocol
X-LB-Cache
X-Ezoic-Cdn
X-Origin-Server
X-Ua-Browser
X-Ratelimit-Reset
X-DIS-Request-ID
X-Geo-Country
X-DataDome
X-Protected-By
Cross-Origin-Opener-Policy
X-Request-Handler-Origin-Region
X-Microsite
X-Rid
Filterid
X-TEC-API-ORIGIN
X-Frontend
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Varnish-Backend
Healthy
X-Debug-Info
X-Git-Hash
X-Logged-In
Cleartype
X-FB-Debug
X-Www-Served-By
Payment
X-NGENIX-Cache
X-Page-Id
X-Load-Cache
X-Forwarded-Proto
X-Hostname
X-LLID
X-ASPNET-VERSION
X-Origin-Cache
Charset
X-Cluster-Name
DC
X-PressLabs-Stats
X-B3-Sampled
Content-Disposition
MS-Author-Via
X-GUploader-UploadID
X-Goog-Metageneration
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Accept-Ch
X-VCache
Access-Control-Allow-Method
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Upgrade-Enabled
Realpath
X-Proxy
X-F-Cache
Retry-After
X-AppVersion
X-Az
X-Activity-Id
Cross-Origin-Resource-Policy
Paypal-Debug-Id
X-TTL
X-Amz-Replication-Status
X-Seen-By
X-Amz-Meta-S3cmd-Attrs
X-Type
Accept-Charset
X-Contextid
X-Revision
Viewport
X-Signature
X-Fb-Rlafr
X-B-Cache
X-Whom
X-Azure-Ref
X-Hosted-By
X-Aspnet-Duration-Ms
X-Wix-Request-Id
X-Varnish-Server
Surrogate-Key
X-Aspnetmvc-Version
X-Request-Guid
X-Flags
X-App-Environment
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
Count-Hit
X-DynaTrace
X-TT
X-B
X-Akamai-Edgescape
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Language
X-Source
X-Ruxit-Js-Agent
Referer-Policy
X-App-Server
X-Mobile
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Cache-Control
X-COUNTRY
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Template
Host
X-Varnish-Grace
X-Magnolia-Registration
X-N
Version
X-Cache-Age
X-EdgeConnect-Cache-Status
X-HTML-Minification-Powered-By
X-Cache-Rule
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-User
X-Original-Request-Id
X-Response-Served-From
X-Varnish-Age
SRV
X-RateLimit-Limit
X-Cache-Time
X-Rule
X-Trace-Id
VIX-Pulpo-Upstream-Status
Ms-Operation-Id
X-Cache-Expired-At
VIX-Pulpo-Node
SD-X-WS
X-RTag
MS-CV
X-Content-Powered-By
X-Framework
X-UUID
Access-Control-Request-Headers
X-Cache-Status-Check
X-Backend-Name
X-Cache-Grace
Section-Io-Cache
X-User-Agent
X-ECache
X-ProcessESI
Akamai-GRN
X-Envoy-Decorator-Operation
X-Device-Type
X-Cacheable-TTL
Protected
X-RemovedCookies
X-FW-Server
X-FW-Serve
Url
NGB
GEO-INFO
X-FW-Dynamic
Refresh
X-FW-Hash
X-Adobe-Loc
X-Adobe-Content
X-Akamai-Request-ID2
X-Http-Reason
X-Instance
X-G
X-Jobs
X-Page-View
X-Servername
X-Status
X-FW-Version
X-NYM-Debug-Backend
X-FW-Type
X-FW-Static
X-Rendered-As
X-L-Path
X-Is-Bot
X-Environment-Context
X-Drupal-Cache-Contexts
From-Origin
X-Drupal-Cache-Tags
WPO-Cache-Status
CDN-RequestId
WPO-Cache-Message
X-Debug-IsConnected
X-Fastly-Request-Id
X-Debug-IsPreview
X-CDN-Forward
X-Region
X-Times
Front
X-Cache-Hit
Accept-Language
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Amz-Apigw-Id
X-Amzn-RequestId
Country
X-Tb
X-Nginx-Cache
Backend
X-Content-Options
X-Newrelic-App-Data
X-Unique-Id
X-Tt-Logid
X-Node-Name
Fastly-SIE
Fastly-SWR
X-Zen-Fury
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Tec-Api-Origin
X-Real-IP
X-TIME
X-Tec-Api-Version
X-XRDS-LOCATION
X-Tec-Api-Root
X-Air-Hostname
X-DynaTrace-JS-Agent
X-Mode
X-Air-Trace-Id
X-Air-Source
Uber-Trace-Id
Content-Secure-Policy
X-Cache-Operation
X-VC-Cache
X-Buckets
Webserver
X-Tumblr-Pixel-2
X-UPSTREAM-Address
Meta-Geo
X-RN-RSRV
X-Rewrite-Enabled
X-Amzn-Remapped-Content-Length
X-Proxy-Cache-Info
X-Cache-Server
Filters
X-Generation-Time
Azure-SlotName
X-Format
Azure-InstanceId
Azure-SiteName
Onion-Location
Azure-RegionName
X-IPS-LoggedIn
X-Content-Age
X-Rocket-Nginx-Serving-Static
Azure-Version
X-Section
X-Web-Node
X-Access
CF-IPCountry
X-Reqid
Cache-Hits
X-Ms-Request-Id
X-Ms-Version
TWC-Connection-Speed
ServedBy
TWC-Device-Class
Property-Id
X-Server-W
X-SayCDN-TTL
X-Ua
X-Locale
X-LJ-Flow-ID
X-Origin-Hint
X-PHP-Backend
X-Proto
X-Say-TTL
X-Cms-Context
X-AWS-Id
X-BYPASS-REASON
X-Cluster
X-Cluster-Node
X-ProxyCache-Key
X-ProxyCache-Status
TWC-Locale-Group
X-Sucuri-Cache
TWC-GeoIP-LatLong
X-Soup
X-Say-Cacheable
TWC-Privacy
Webcakes-App-Name
X-VWS-Id
X-Via-Fastly
X-Sucuri-ID
Webcakes-App-Version
TWC-GeoIP-Country
Webcakes-Region
Node
Liferay-Portal
Fastly-Drupal-HTML
X-Sql-Duration-Ms
S-Rt
X-Varnish-Beresp-Grace
X-Sql-Count
DB-Nickname
X-Adobe-Source
ServerID
X-UA-Device-Type
X-Site-Version
Web-Mar-Node
X-PHP-Host
X-No-Session
X-Cache-Action
X-Debug
X-Skip-Cache
X-Cache-TTL-Remaining
X-R9-Blue-Green-Version
X-Forwarded-Host
Cache-Name
X-Handled-By
Apigw-Requestid
X-Proxy-Cache-Status
X-Labrador-Cache-Channel
X-Zipkin-Id
X-Cache-Host
X-GeoCountry
X-Proxy-Build
X-Xfnlog-Site
X-LAGOON
X-Server-ID
X-LSADC-Cache
X-Timing-Wait
X-JoinUs
X-GeoCode
X-Routing-Service
Selected-Fe
X-FB-TRIP-ID
Cross-Origin-Window-Policy
X-Extlb
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Proxied
X-SaId
Mn-Server-Ip
X-Edge-Location
X-Detected-As
X-IPLB-Request-ID
X-IPLB-Instance
WP-Super-Cache
Mime-Version
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Fastcgi-Useragent
X-SRV
X-Tumblr-Pixel-3
X-Time
X-Origin-Date
X-Hl-Ver
X-Optimistic-Header
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-Cache
CDN-Uid
CDN-CachedAt
CDN-PullZone
Source
X-Oneagent-Js-Injection
X-Varnish-Ttl
X-Request-Time
X-Uri
CF-Cached-On
X-Redis-Cache
Countrycode
Upgrade-Insecure-Requests
X-Mg-Request-UUID
X-GEO
X-Varnish-Hits
X-Generated-By
X-Director
X-Loop
Xet-Cookie
X-Cache-Debug
X-ARC
X-TNCMS
X-CACHE-AGE
X-Akamai-Transformed
X-App-Version
Cache-Tv-Group
X-URL
X-FireWall-Port
X-Presslabs-Stats
Frame-Options
X-Pass-Why
X-Origin-TTL
X-Tx-Id
X-Origin-CC
Xserver
X-NWS-UUID-VERIFY
X-Varnish-Cache-Hits
X-Service
X-Varnish-Beresp-Ttl
X-Varnish-Hostname
X-RM-Cache-TTL
X-Newrelic-Synthetics
X-ServerID
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Tid
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-ShopId
X-Endurance-Cache-Level
X-Storage
X-TA-CDN-Provider
Release
Rendered-Blocks
Thinkindot-Control
WWW-Authenticate
Xc-Version
X-A
X-A-Ccd
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Surrogated-Key
T-Server
TDXMobile
Sslversion
A
Edge-Cache
Gannett-Cam-Experience-Id
BehaviorPad-Version
DCR-Processing-Time-Ms
DCR-Decision-By
Cache-Host
Candidate-Md5Url
Host-ID
Lang
Ngx.Var.Host
Odigeo-Trace-Id
Origin
Meta-Geo-Continent
X-A-Dam
MD5-Digest
Memcached
Redirect-Candidate
X-B-Cookie
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-External-Request-Id
X-Frame-Option
X-Platform-Router
X-Processor
X-Rocket-Build-Number
X-Developer
X-S
X-Ec-Fail
X-Rojux
X-Platform-Processor
X-Gdpr
X-Nyt-Route
X-Loc
X-Mobile-URL
X-Location
X-Level-Front-Cache
X-Origin-Time
X-Generated-On
X-Httpd
X-INCAP-ABP
X-Platform-Cluster
X-S-Cookie
X-Destination
X-BCube-Filmed-By
X-Vdms-Version
X-Vdms-Path
X-TIM-N
X-Thinkindot-L3
X-Bc-Bl
X-Mid
X-We-Are-Hiring
X-A-Wwc
X-Aed
X-Application
X-Test
X-Cache-Info
X-Served-From
X-ScT
X-S-Maxage
X-D
X-Sigma
X-Sigma-Backend
X-Cache-NE
X-CMSURLCustom
X-SRCache-Key
X-Conf
X-A-Dcw
X-A-Dgt
X-Request-Host
X-B3-Spanid
X-Pubstack
X-HS-Content-Campaign-Id
X-Human
NM-Fastcgi-Cache
X-Hash
X-GeoIP-City
Req-Svc-Chain
X-Fetched-On
X-Geo-Header
X-GeoIP
X-Has-Esi
X-JWT-State
X-Pool
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-Req
Gh-Request-Id
X-Origin-Response-Time
Server-Host
Mail-Subject
Magicmarker
X-Org
X-Is-Gdpr
Server-Info
X-Cache-Bucket
Tube-Return
Tube-Got-Results
Tube-Got-Eval
Vix-Hermes-Req-Id
We-Hiring
X-Akamai-Device-Characteristics
X-Auto-Login
X-BBC-Edge-Cache-Status
X-Bip
Tube-Get-Contents
X-Cdn-Origin
X-DefHash
X-Developers
Ssr
X-Restarts
X-DefElseHash
X-CUA
X-Cdn-Srv
X-Core-Mission
X-Core-Value
X-Ec-Custom-Error
X-NodeID
Click-Count-Action-Start
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-DC
Click-Count-Error
X-VG-TLSProxy
X-Vmg-Version
Apple-News-Services-Request-Url
Cluster
CloudFront-Viewer-Country
X-Thanos
X-Varnish-Remaining-TTL
C-Via
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
Apple-News-Services-Handled
CacheControlHeader
X-Varnish-CookieINHashed-On
AKAMAI
Cache-Key
X-VServer
X-Sn-Servicetimems
Decoy-Debug-Key
Environment
X-SB
X-SD-PageType
X-Cache-Date
X-Worker
X-WP-CF-Super-Cache-Active
DSUID
Decoy-Debug-TTL
Decoy-Debug-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Parent-Response-Time
Section-Io-Origin-Status
Section-Origin-Responded
X-App
X-Ad-Defer-Variation
X-Date
X-Accel-Expires-Debug
X-Clara-WADP
X-Mvc-Supplant-Cachable
X-Azure-Ref-OriginShield
X-Wix-Viewer-Type
X-WADP-Cache
X-Cache-Backend
X-WA-Info
X-Varnishpool
X-Cache-Tags
X-Cache-Id
X-VarnishDD-TTL
X-CacheTTL
X-Ckpd-Fst-Backend
X-Gamma-Serve
X-Node-Id
X-Accel-Buffering
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-NCache
X-Nginx-Cache-Key
X-Old-Content-Length
X-Op-Id-All
X-Qloud-Router
X-Region-Sid
X-Scale
X-Platform-Server
X-Origin
X-Platform
X-Men
X-Irp-Debug
X-Fastly-Backend
X-FC-Vary-Parameters
X-Esi-Check
X-DPWN-IS-SECURE
X-Dispatcher-Number
X-Dispatcher-Server
X-Variation
X-Request-Start
X-Gzip
X-HN
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Var-Ttl
X-Device-Os
X-Fmm-Version
PFcat
Machine
Datacenter
Wxu-Next-Commit
L
Web-Mar-Region
State
Kp-EeAlive
Platform
Producers
Wxu-Next-Hostname
Origin-EX
Canary
Cache-Provider
Adler-Geo
On-Server
Origin-CC
NGX
Wxu-Next-Region
Country-Code
Cmstype
Cmsid
Is-Eu
X-Forwarded-Site
X-Eu-Site
Server-Hostname
Sever-Int
Server-Ext
X-Hnp-Log
X-Gen-Mode
Load-Balancing
Pics-Label
X-Owner
X-Server-IP
Fastly-SSL
CDCHOST
X-V-Cache
X-Mly-Id
X-Refresh
Ha-Gx-Prefs
L5d-Success-Class
X-Minions-Version
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
HA-Ipaddr
X-LB-NoCache
X-Planisys-CDN-Cache
User-Cache-Control
X-Csrf-Jwt
X-Cache-FS-Status
X-Block-Status
X-CGP
SID
X-Webkit-CSP-Report-Only
X-Ua-Device
X-CSRF-Token
X-Mvc-Supplant-OutputCached
X-Cache-Remote
X-Up
X-Microcachable
X-Nananana
X-Api-Version
Svr
GeoIP-Latitude
X-Fastly-Cache
Env
HostName
X-Aicache-OS
X-AIR-PT
X-Tb-Optimization-Total-Bytes-Saved
X-Correlation-ID
X-Origin-Expires
X-Instance-Name
X-ND-Cache
X-Via-Popv
X-RCS-CacheZone
X-Servedbyhost
X-Via-Poph
X-Via-Popn
X-NGINX-Cache
X-Trace-ID
X-VC
X-Response-By
Memory
Time
X-Release
X-Cached-By
X-NewRelic-App-Data
Cdn
Srvid
X-HS-Status
X-Nc
X-FL-QIT-DEBUG
Expect-Staple
X-Zone
X-Generated-In
X-HA-Backend
Locid
X-DataCenter
X-FL-EDGE
X-ZONE
X-Webkit-CSP
Cache
X-AK-Request-ID
X-From
X-Provided-By
X-Wa
X-Edge-Pop
Server-ID
X-Air-Pt
Cdncip
Cdnsip
X-Via-CDN
X-Vc
NtCoent-Length
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Esi
Edge-Copy-Time
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Cache-Enabled
X-Via-SSL
X-Via-Edge
X-Via-NSCOPI
X-Fpc
X-Vcl-Version
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-API-Version
X-Hcs-Proxy-Type
X-Client-Ip
GeoIp-Country-Code
X-Check-Cacheable
X-LB-ID
Hostname
X-Dc
X-Debug-Cache-Store
X-Lambda-Id
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Debug-Cache-Fetch
Sid
X-CS
X-APP-VERSION
True-Client-IP
AMP-Access-Control-Allow-Source-Origin
Eomportal-Instance
X-Srv
X-CSRF-TOKEN
XkeyRZ
X-Proxy-CacheRZ
X-Render-Time
VNS-Cache
X-Micro-Cache
Ngx-Var-Key
X-Vtex-Remote-Cache
VNS-Age
CPC-Cache
X-MCACHE
X-Via-JSL
X-Amz-Meta-Cb-Modifiedtime
CPC-Age
X-B3-SpanId
X-Cs
X-Nf-Request-Id
X-VCT
X-TH-Server
X-SIPLIST1
X-Request-URI
Fastly-Drupal-Html
IsBot
OT-Force-Account-Verify
X-EC-Lua
X-Fastly-Country-Code
X-Info
X-VCL-Version
Path
X-ATG-Version
X-Cache-NGX
True-Client-Ip
Uri
Srv
X-Upstream-Ct
X-Upstream-Ht
X-MSEdge-Features
X-MSEdge-Flight
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
Request-ID
X-Cache-Type
M-TraceId
Resin-Trace
Location
Esi-Enabled
X-TX-ID
X-Varnish-Beresp-TTL
XServer
X-Datadome
X-PAYTM-SRV-ID
X-RateLimit-Remaining-Second
GeoIP-Country-Code
CDN
X-RateLimit-Limit-Second
X-Cdn-Request-ID
X-CLOUD-TRACE-CONTEXT
X-FPC
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Udemy-Cache-App-Namespace
YJS-ID
X-Oss-Storage-Class
Cross-Origin-Opener-Policy-Report-Only
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Accel-Version
X-Oss-Server-Time
X-Lb-Id
Servername
X-Cache-Expires
N-Cache
RNT-Time
Sm-Log-Id
X-Service-Response-Time
X-Wikidot-Backend
RNT-Machine
X-Wikidot-Static-Cache
X-Edge-POP
X-Pod-Name
X-CDN-Cache-Status
X-Akamai-Pragma-Client-IP
X-RateLimit-Reset
X-Bl-Debug
X-WA
X-Forwarded-Path
Server-Id
Timeexpire
X-Orig-Expires
LB
X-Tenant
X-Datacenter
X-Shop-Environment
X-MP-GENERATED-AT
X-NC
X-SERVER-NAME
HIT
Traceparent
X-B3-Trace-ID
X-Scheme
X-Moov-T
X-Cdn-Cache-Status
X-Ha-Backend
X-Moov-Xdn-Version
X-Geo
X-PERF
X-ApacheServer
X-App-Name
CountryCode
X-Srcache-Store-Status
X-Viewer-Country
FSS-Cache
X-Policy
X-ServedByHost
X-CACHE-KEY
X-Srcache-Fetch-Status
Ohc-File-Size
X-Cache-Ttl
Epwk-X-Cache
X-Snapshot-Date
X-LiteSpeed-Cache-Control
X-TraceId
X-Via-PopH
X-Via-PopN
X-Via-PopV
Proxy-Connection
Yjs-Id
ENV
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Hit
X-Amz-Meta-Opti
X-NAPM-TraceId
WZWS-RAY
Powered-By
X-Hyper-Cache
Lb
X-Cdn-Forward
X-Serial
X-Fastly-Backend-Reqs
Geoip-Latitude
X-Dw-Trace-Id
X-M-Log
X-MiniProfiler-Ids
X-M-Reqid
Content-Script-Type
X-Qnm-Cache
User-Agent
X-Swift-Error
Cneonction
X-Lb-Nocache
Ec-Rule-Version
X-Acquia-Application-UUID
Content-Style-Type
X-Acquia-Application-Trace
X-RAMCache
X-Vgn-Hpd-Reason
X-B3-Parentspanid
X-Acquia-Purge-Tags
X-Acquia-Site
X-Iplb-Request-Id
X-Iplb-Instance
X-F-Status
X-TT-LOGID
X-Wp-Cf-Super-Cache
X-Lsadc-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
X-Cdn-Diag
X-Ctl-Mach
Req-ID
X-B3-ParentSpanId
Pramga
X-IPS-Cached-Response
X-Webstats-RespID
Rip
Ngx
X-Mid-Debug-Cache-Key
X-Mid-Debug-Cache-Disk
X-Request-URL
X-Cache-Ngx
Inserted-Into-Cache-At
X-UP
X-Th-Server
X-Stale
True-Client-Country-4JS
Tracecode
X-LiteSpeed-Tag
V-Age
Warning
My-App
X-Clientip
MIME-Version