Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
CF-RAY
X-XSS-Protection
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Request-ID
X-Request-Id
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-Robots-Tag
Request-Context
X-UA-Device
X-Turbo-Charged-By
X-Cache-Group
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Ua-Compatible
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Accept-CH
X-Page-Speed
Cf-Apo-Via
X-Device
Cf-Railgun
X-Server-Id
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
X-Akam-SW-Version
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Cache-Lookup
X-Readtime
X-Ruxit-JS-Agent
X-HW
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
X-CST
Accept-CH-Lifetime
Fastly-Restarts
X-Mod-Pagespeed
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-Edge
X-WebKit-CSP-Report-Only
Content-Location
X-Country
X-Content-Type
X-Mcache
X-ECACHE
X-Clacks-Overhead
X-MS-InvokeApp
Rating
X-Url
X-Vname
X-TtlSet
X-PC
X-Midtier
X-Amz-Server-Side-Encryption
X-VARITI-CCR
RTSS
Cache-Tag
X-B3-TraceId
X-Vcap-Request-Id
X-Varnish-TTL
X-D2id
X-Element-Page-Cache
Verso
X-Ac
X-Server-Name
Origin-Trial
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-GoogleNews-Bot
X-Rack-Cache
X-Cnection
X-Cache-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-GitHub-Request-Id
X-ESI
X-Navigation-Version
Xkey
X-Client-IP
X-Abt-Application-Version
X-SharePointHealthScore
X-NWS-LOG-UUID
SPRequestGuid
X-Amz-Rid
Edge-Control
X-Cached
X-Px
X-Litespeed-Cache
X-Mg-S
X-Ttl
Arr-Disable-Session-Affinity
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Upstream
X-Instrumentation
SPRequestDuration
SPIisLatency
X-Fastcgi-Cache
X-Correlation-Id
Display
X-Sol
X-Middleton-Display
Pagespeed
Content-MD5
X-Dw-Request-Base-Id
X-Cache-Key
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-RateLimit-Remaining
X-Goog-Hash
Front-End-Https
X-Daa-Tunnel
X-Country-Code
Public-Key-Pins
X-Forwarded-For
X-Version
X-XRDS-Location
X-Powered-CMS
AR-SID
AR-Request-ID
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Id
X-HP-Trace-Id
X-T
X-HP-Webp
X-Jurisdiction
X-Recruiting
X-MSEdge-Ref
X-Content-Digest
X-Accel-Expires
TCN
X-Middleton-Response
Response
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Shield-Request-Id
X-Ser
TP-L2-Cache
TP-Cache
Nginx-Cache
X-Amzn-Trace-Id
S
X-Fastly-Request-ID
X-Request-Received
X-Request-Processing-Time
X-Hits
Server-Node
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Distributor
Cache-Status
X-Edge-Location-Klb
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Cache-Tags
X-Grace
Fastcgi-Cache
Alternate-Protocol
Server-Name
X-TTL
X-DataDome
X-Protected-By
X-Ruxit-Js-Agent
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ezoic-Cdn
X-TEC-API-ROOT
X-Ratelimit-Limit
X-Origin-Server
X-DIS-Request-ID
X-Ratelimit-Reset
X-LB-Cache
X-Ua-Browser
X-Geo-Country
Accept-Ch
X-Request-Handler-Origin-Region
X-Microsite
X-Frontend
X-Www-Served-By
X-Rid
X-Debug-Info
Filterid
X-Varnish-Backend
Cleartype
Healthy
Payment
X-Git-Hash
X-NGENIX-Cache
X-Logged-In
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-Page-Id
X-FB-Debug
X-Webkit-Csp
X-Load-Cache
X-ASPNET-VERSION
Charset
X-B3-Sampled
Content-Disposition
X-LLID
X-VCache
X-FastCGI-Cache
X-Ratelimit-Remaining
X-PressLabs-Stats
DC
X-Origin-Cache
X-Kong-Proxy-Latency
X-Cluster-Name
X-Kong-Upstream-Latency
MS-Author-Via
X-Goog-Metageneration
X-GUploader-UploadID
Retry-After
X-Hostname
X-Upgrade-Enabled
X-Proxy
Accept-Charset
Access-Control-Allow-Method
X-F-Cache
X-Az
X-AppVersion
X-Activity-Id
X-RateLimit-Limit
X-Type
Paypal-Debug-Id
X-Amz-Replication-Status
X-Signature
X-B-Cache
X-Contextid
X-Route-Name
X-Amz-Meta-S3cmd-Attrs
Cross-Origin-Resource-Policy
Viewport
X-Varnish-Server
X-Flags
X-Is-Crawler
X-Revision
X-Azure-Ref
X-Request-Guid
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-ORACLE-DMS-ECID
X-Whom
X-ORACLE-DMS-RID
X-Wix-Request-Id
X-App-Environment
X-Oracle-Dms-Rid
X-B
X-Seen-By
X-Aspnetmvc-Version
X-Oracle-Dms-Ecid
X-TT
X-Hosted-By
X-DynaTrace
X-Fb-Rlafr
Surrogate-Key
Realpath
X-Source
Referer-Policy
Count-Hit
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
X-Mobile
X-Tt-Trace-Tag
X-App-Server
X-Tt-Trace-Host
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Cache-Control
Host
X-Oneagent-Js-Injection
X-EdgeConnect-Cache-Status
X-N
X-Varnish-Grace
X-HTML-Minification-Powered-By
X-Response-Served-From
X-Magnolia-Registration
Version
X-Original-Request-Id
Refresh
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-UUID
X-Tumblr-Pixel
X-Cache-Time
X-RTag
X-Varnish-Age
X-Cache-Rule
X-Rule
MS-CV
Ms-Operation-Id
X-Cache-Expired-At
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Language
X-L-Path
X-Template
Protected
X-Status
X-Page-View
X-Envoy-Decorator-Operation
X-Cache-Status-Check
X-Environment-Context
Akamai-GRN
Section-Io-Cache
X-Adobe-Loc
X-Adobe-Content
X-Cacheable-TTL
GEO-INFO
NGB
Access-Control-Request-Headers
X-Content-Powered-By
X-Cache-Grace
X-FW-Dynamic
X-FW-Type
X-RemovedCookies
X-Is-Bot
X-Jobs
X-Rendered-As
X-B3-Traceid
X-Http-Reason
X-FW-Version
X-Instance
X-ProcessESI
X-FW-Static
X-FW-Hash
X-Framework
X-NYM-Debug-Backend
X-FW-Server
X-FW-Serve
X-Servername
X-Newrelic-App-Data
X-Backend-Name
X-User-Agent
X-Akamai-Request-ID2
Url
X-Device-Type
X-G
X-Nginx-Cache
X-Cache-Age
X-Debug-IsConnected
X-Debug-IsPreview
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Trace-Id
X-Drupal-Cache-Tags
SRV
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Hit
WPO-Cache-Status
WPO-Cache-Message
From-Origin
CDN-RequestId
Country
X-URL
Accept-Language
X-Tb
X-Region
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Node-Name
Front
X-Tt-Logid
X-Real-IP
X-Amz-Apigw-Id
X-Amzn-RequestId
Backend
X-Content-Options
Uber-Trace-Id
X-Mode
X-XRDS-LOCATION
X-VC-Cache
Fastly-Drupal-HTML
X-COUNTRY
X-DynaTrace-JS-Agent
Fastly-SWR
Content-Secure-Policy
X-Unique-Id
Fastly-SIE
X-UPSTREAM-Address
X-TIME
X-RN-RSRV
X-Rewrite-Enabled
X-Generation-Time
X-Tumblr-Pixel-2
Filters
Meta-Geo
X-Format
X-Rocket-Nginx-Serving-Static
X-Zen-Fury
Onion-Location
X-Cache-Server
X-IPS-LoggedIn
X-Section
X-Amzn-Remapped-Content-Length
X-Cache-Operation
X-Access
X-Cache-Host
X-Locale
Apigw-Requestid
TWC-Connection-Speed
Property-Id
Webcakes-Region
Webserver
X-PHP-Backend
Azure-SlotName
Webcakes-App-Version
X-Proxy-Cache-Info
Azure-Version
CF-IPCountry
X-Origin-Hint
X-Reqid
X-Cms-Context
TWC-Device-Class
TWC-Locale-Group
X-Sucuri-Cache
X-Sql-Duration-Ms
X-Sucuri-ID
Azure-SiteName
X-Varnish-Beresp-Grace
TWC-Privacy
X-Ua
X-Sql-Count
Azure-RegionName
X-Via-Fastly
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
X-Server-W
X-Soup
Azure-InstanceId
X-Cache-TTL-Remaining
X-Cache-Action
X-Fastly-Request-Id
CDN-RequestCountryCode
X-Handled-By
DB-Nickname
X-Cluster-Node
Cross-Origin-Window-Policy
CDN-PullZone
Cache-Name
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-Cluster
S-Rt
X-Ms-Version
X-AWS-Id
X-Ms-Request-Id
X-Adobe-Source
Web-Mar-Node
X-Proto
X-Say-Cacheable
ServerID
X-Proxy-Cache-Status
X-LJ-Flow-ID
X-R9-Blue-Green-Version
CDN-Uid
X-GeoCountry
X-Say-TTL
Node
X-Debug
X-VWS-Id
X-Content-Age
X-SayCDN-TTL
X-GeoCode
Cache-Hits
X-Site-Version
X-Skip-Cache
X-Detected-As
X-Web-Node
Selected-Fe
X-Proxy-Build
X-Xfnlog-Site
X-No-Session
X-Zipkin-Id
X-Extlb
X-PHP-Host
X-Edge-Location
X-Time
X-Proxied
X-BYPASS-REASON
X-Urbn-Context-Path
X-Urbn-Site-Id
X-UA-Device-Type
X-Timing-Wait
X-SaId
X-SRV
X-ProxyCache-Key
X-Routing-Service
Mn-Server-Ip
X-ProxyCache-Status
X-JoinUs
X-Forwarded-Host
X-LAGOON
X-Labrador-Cache-Channel
Locale
X-FB-TRIP-ID
X-LSADC-Cache
Mime-Version
X-Tec-Api-Root
X-Tec-Api-Origin
WP-Super-Cache
ServedBy
X-Tec-Api-Version
Fastcgi-Useragent
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-IPLB-Request-ID
X-IPLB-Instance
X-Hl-Ver
Liferay-Portal
X-Optimistic-Header
X-Air-Source
X-Air-Hostname
X-CACHE-AGE
X-Air-Trace-Id
X-Tumblr-Pixel-3
X-Redis-Cache
X-Buckets
X-Request-Time
Xserver
X-Cache-Debug
X-Loop
Upgrade-Insecure-Requests
X-TNCMS
Source
X-Origin-Date
X-NWS-UUID-VERIFY
X-Mg-Request-UUID
X-Times
X-Akamai-Transformed
X-Generated-By
Countrycode
CF-Cached-On
X-Uri
X-Varnish-Hits
X-Cdn
X-GEO
X-Varnish-Beresp-Ttl
X-Pass-Why
X-Director
X-Tid
X-Presslabs-Stats
X-ARC
Frame-Options
Xet-Cookie
X-Storage
X-Newrelic-Synthetics
X-FireWall-Port
X-Tx-Id
X-Origin-CC
X-Origin-TTL
X-TA-CDN-Provider
X-ECache
X-App-Version
X-Service
X-Esi
X-Varnish-Cache-Hits
X-DC
X-ShopId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
Cache-Tv-Group
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
Environment
X-Datadog-Parent-Id
X-Endurance-Cache-Level
X-Datadog-Trace-Id
X-Varnish-Hostname
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-AIR-PT
X-Request-Host
X-Frame-Option
X-Platform-Router
X-ServerID
X-Ec-GeoHdr
X-External-Request-Id
Lang
Candidate-Md5Url
BehaviorPad-Version
A
MD5-Digest
X-Generated-On
X-Gdpr
X-Processor
X-Platform-Processor
X-Ec-Fail
X-Destination
X-Mobile-URL
Edge-Cache
X-Developer
X-Nyt-Route
Memcached
X-D
X-Origin-Time
X-Core-Value
X-Level-Front-Cache
DCR-Decision-By
Host-ID
DCR-Processing-Time-Ms
X-Platform-Cluster
X-Cache-NE
X-Aed
Sslversion
X-BCube-Filmed-By
Req-Svc-Chain
X-A-Dgt
X-ScT
Rendered-Blocks
T-Server
X-A-Wwc
X-SRCache-Key
X-B-Cookie
X-Vdms-Version
X-Vdms-Path
X-VG-TLSProxy
Surrogated-Key
X-TIM-N
X-Bc-Bl
X-BBC-Edge-Cache-Status
X-A-Dcw
Origin
WWW-Authenticate
X-A-Ccd
Redirect-Candidate
X-S
X-B3-Spanid
X-Rojux
X-Application
Meta-Geo-Continent
X-S-Cookie
X-A
X-A-Dam
Ngx.Var.Host
X-Cache-Info
Odigeo-Trace-Id
Xc-Version
SID
X-RM-Cache-TTL
X-Fmm-Version
Cache-Key
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Cache-Host
Country-Code
Svr
Cluster
State
X-Gamma-Serve
Server-Host
X-Epic-Correlation-Id
Decoy-Debug-Status
X-CUA
Gannett-Cam-Experience-Id
X-Cache-Bucket
X-Bip
X-CMSURLCustom
X-Clara-WADP
Magicmarker
X-Cdn-Srv
Release
X-Developers
Fastly-GeoIP-CountryCode
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Apple-News-Services-Host
Thinkindot-Control
Decoy-Debug-Key
Fastly-Backend-Name
Decoy-Debug-TTL
X-Auto-Login
TDXMobile
X-Restarts
Vix-Hermes-Req-Id
X-Mid
X-Sigma
X-Location
X-Loc
X-JWT-State
X-Thinkindot-L3
Apple-News-Services-Handled
X-Req
X-Old-Content-Length
X-Varnish-Beresp-Status
X-Thanos
X-NodeID
X-SD-PageType
X-Sigma-Backend
X-Trace-ID
X-Is-Gdpr
X-WA-Info
X-INCAP-ABP
X-Has-Esi
X-Test
X-Served-From
AKAMAI
X-Geo-Header
X-S-Maxage
X-SB
X-We-Are-Hiring
X-Conf
X-Worker
Server-Info
X-WADP-Cache
X-Rocket-Build-Number
X-HS-Content-Campaign-Id
X-Pubstack
X-SVT-ORM-VERSION
X-Azure-Ref-OriginShield
X-SVT-ORM-RULES
X-Cache-Backend
X-Block-Status
X-Slack-Backend
X-Sn-Servicetimems
X-Accel-Buffering
X-WP-CF-Super-Cache-Active
X-Wix-Viewer-Type
X-VServer
X-Org
Wxu-Next-Region
We-Hiring
Web-Mar-Region
Wxu-Next-Hostname
X-Vmg-Version
X-Varnishpool
X-App
X-Var-Ttl
X-V-Cache
X-Akamai-Device-Characteristics
X-Accel-Expires-Debug
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Up
X-Cdn-Origin
X-Men
X-LB-NoCache
X-Esi-Check
X-Human
X-Minions-Version
X-Nananana
X-Dispatcher-Server
X-NCache
X-Ec-Custom-Error
X-Fastly-Backend
X-Fetched-On
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GeoIP-City
X-Gzip
X-Gen-Mode
X-Httpd
X-Hnp-Log
X-Hash
X-Dispatcher-Number
X-Nginx-Cache-Key
X-Pool
X-Platform-Server
X-Planisys-CDN-TTL
X-Core-Mission
X-Ckpd-Fst-Backend
X-Region-Sid
X-Cache-FS-Status
X-Cache-Id
X-Request-Start
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Origin
X-Op-Id-All
X-Node-Id
X-DefHash
X-DefElseHash
X-Owner
X-Origin-Response-Time
X-Date
X-Scale
Wxu-Next-Commit
Cache-Provider
C-Via
CacheControlHeader
Kp-EeAlive
CDCHOST
Machine
Server-Hostname
DSUID
Pics-Label
NM-Fastcgi-Cache
Mail-Subject
Server-Ext
On-Server
Sever-Int
Cmstype
Tube-Got-Results
Tube-Return
Datacenter
User-Cache-Control
Ssr
Tube-Got-Eval
Click-Count-Action-Start
Gh-Request-Id
Tube-Get-Contents
CloudFront-Viewer-Country
Cmsid
Click-Count-Error
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Parent-Response-Time
Section-Io-Id
X-Forwarded-Site
Is-Eu
X-Ad-Defer-Variation
X-Refresh
L
X-FC-Vary-Parameters
Canary
X-Server-IP
X-VarnishDD-TTL
X-DPWN-IS-SECURE
X-Device-Os
Fastly-SSL
X-Varnish-Ttl
X-Variation
Origin-EX
X-Qloud-Router
NGX
Producers
X-Mvc-Supplant-Cachable
Platform
Origin-CC
PFcat
X-HN
X-Irp-Debug
Adler-Geo
X-Slack-Shared-Secret-Outcome
X-Platform
X-CacheTTL
X-Cached-By
X-GeoIP
X-Webkit-CSP-Report-Only
X-CSRF-Token
X-Eu-Site
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Cache-Tags
X-CGP
X-Csrf-Jwt
L5d-Success-Class
Ha-Gx-Prefs
HA-Ipaddr
Cdn
X-Ua-Device
X-Cache-Remote
X-Aicache-OS
X-HA-Backend
X-Cache-Date
X-Microcachable
X-Mvc-Supplant-OutputCached
HostName
X-Mly-Id
Server-ID
Env
X-RCS-CacheZone
X-AK-Request-ID
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
Cdnsip
GeoIP-Latitude
Cdncip
X-VC
X-Zone
Load-Balancing
X-LB-ID
Memory
X-Fastly-Cache
Time
X-API-Version
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Webkit-CSP
X-ZONE
X-Nc
X-Instance-Name
X-APP-VERSION
X-ND-Cache
X-DataCenter
X-Generated-In
X-Fpc
X-Wa
Cache
X-Vc
X-Response-By
X-Via-NSCOPI
X-Check-Cacheable
X-Origin-Expires
Eomportal-Instance
X-CLOUD-TRACE-CONTEXT
X-Correlation-ID
AMP-Access-Control-Allow-Source-Origin
Locid
X-CCDN-Origin-Time
X-Vgn-Hpd-Ssi
X-CCDN-CacheTTL
X-Vgn-Hpd-Variations-Key
X-Hcs-Proxy-Type
X-Client-Ip
Srvid
Expect-Staple
X-From
Ngx-Var-Key
X-Vgn-Hpd-Cached
X-Micro-Cache
X-Release
X-HS-Status
X-FL-EDGE
X-FL-QIT-DEBUG
Hostname
OT-Force-Account-Verify
X-Api-Version
X-Via-CDN
X-CS
X-Edge-Pop
NtCoent-Length
X-CSRF-TOKEN
X-Request-URI
X-SIPLIST1
IsBot
X-Via-Edge
Srv
X-Cache-Enabled
GeoIp-Country-Code
X-Via-SSL
Edge-Copy-Time
X-NGINX-Cache
X-Provided-By
X-Info
X-MCACHE
X-VCL-Version
X-Cache-NGX
X-Dc
X-Srv
X-Via-JSL
X-NewRelic-App-Data
X-Debug-Cache-Fetch
Uri
X-Amz-Meta-Cb-Modifiedtime
X-Nf-Request-Id
X-Debug-Cache-Store
X-Lambda-Id
X-Vcl-Version
X-Proxy-CacheRZ
Sid
XkeyRZ
True-Client-IP
True-Client-Ip
X-B3-SpanId
X-EC-Lua
CPC-Cache
CPC-Age
X-Air-Pt
VNS-Age
Location
X-Render-Time
VNS-Cache
X-Vtex-Remote-Cache
X-Cs
Resin-Trace
X-Oss-Hash-Crc64ecma
X-Cache-Expires
Path
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
Request-ID
X-Server-ID
Fastly-Drupal-Html
X-Fastly-Country-Code
X-VCT
X-TH-Server
GeoIP-Country-Code
Servername
X-Edge-POP
CDN
X-TX-ID
X-ATG-Version
Cross-Origin-Opener-Policy-Report-Only
X-CACHE-KEY
X-Moov-T
X-Moov-Xdn-Version
X-Contensis-Viewer-Groups
X-Cache-ASPX
Traceparent
X-Varnish-Authentication
X-Scheme
Esi-Enabled
X-Accel-Version
X-MSEdge-Features
X-PERF
X-Cdn-Request-ID
YJS-ID
M-TraceId
X-Pod-Name
X-ApacheServer
X-MSEdge-Flight
X-Datacenter
Timeexpire
X-Viewer-Country
X-Upstream-Ct
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
LB
X-Upstream-Ht
X-Datadome
X-RateLimit-Limit-Second
X-FPC
X-WA
X-PAYTM-SRV-ID
X-RateLimit-Remaining-Second
X-CF-Lambda-Version
X-Cache-Type
X-Geo
X-RateLimit-Reset
CountryCode
X-CF-Lambda-Fn
HIT
Sm-Log-Id
X-Cdn-Cache-Status
X-Service-Response-Time
X-Udemy-Cache-App-Namespace
X-NC
X-SERVER-NAME
X-NAPM-TraceId
X-Lb-Id
FSS-Cache
Powered-By
Rip
XServer
X-Srcache-Store-Status
X-Wikidot-Backend
Proxy-Connection
X-Wikidot-Static-Cache
X-Srcache-Fetch-Status
ENV
Server-Id
X-CDN-Cache-Status
RNT-Time
N-Cache
Ohc-File-Size
RNT-Machine
X-Hyper-Cache
X-LiteSpeed-Cache-Control
X-Tenant
X-Shop-Environment
V-Age
X-TimeS
X-Forwarded-Path
X-ServedByHost
X-Clientip
True-Client-Country-4JS
Tracecode
X-Bl-Debug
X-TraceId
Epwk-X-Cache
Geoip-Latitude
X-Orig-Expires
Tcn
X-HostName
X-Cdn-Forward
WZWS-RAY
Yjs-Id
X-VG-WebCache
XM
X-B3-Trace-ID
X-MP-GENERATED-AT
X-Ha-Backend
X-M-Log
X-M-Reqid
X-TT-LOGID
X-Amz-Meta-Opti
Content-Script-Type
Cdn-Requestid
X-Fastly-Backend-Reqs
X-B3-ParentSpanId
X-B3-Parentspanid
X-App-Name
X-Qnm-Cache
Content-Style-Type
X-Via-PopV
X-Policy
X-Serial
X-Swift-Error
X-Rebelmouse-Cache-Control
X-Dw-Trace-Id
X-Via-PopN
Ngx
X-Rebelmouse-Surrogate-Control
X-Vgn-Hpd-Reason
Ec-Rule-Version
Inserted-Into-Cache-At
X-Via-PopH
X-Lb-Nocache
User-Agent
X-F-Status
X-Iplb-Instance
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-Iplb-Request-Id
X-Wp-Cf-Super-Cache
X-Mid-Debug-Cache-Key
X-UP
X-Mid-Debug-Cache-Disk
X-Cache-Ngx
Lb
X-Acquia-Application-Trace
X-Acquia-Site
X-MiniProfiler-Ids
X-Fastly-Cache-Hits
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Cneonction
X-Request-URL
X-Th-Server
X-Cdn-Diag
Pramga
X-LiteSpeed-Tag
My-App
X-IPS-Cached-Response
Warning
X-Snapshot-Date
MIME-Version
X-Stale