Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-FRAME-OPTIONS
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Request-ID
X-Iinfo
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
P3p
X-Ua-Compatible
Access-Control-Max-Age
CF-Ray
X-Dns-Prefetch-Control
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
Host-Header
X-Ws-Request-Id
X-Hacker
X-Server-Powered-By
X-Rq
X-Server
X-Vhost
X-Varnish-Cache
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
EagleId
X-Dispatcher
Cf-Edge-Cache
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Nginx-Cache-Status
X-WebKit-CSP
Ali-Swift-Global-Savetime
Accept-CH
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Akamai-Path-Stats
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Cache-Spec
X-Server-Id
Surrogate-Control
X-Backend-Server
X-Akam-SW-Version
Request-Id
EagleEye-TraceId
X-Response-Time
X-Cache-Lookup
Accept-CH-Lifetime
X-Readtime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-HW
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
X-Nginx-Upstream-Cache-Status
X-Country
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Edge
Edge-Control
Accept-Ch-Lifetime
X-PC
X-TtlSet
X-Vname
X-B3-TraceId
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Content-Type
X-ESI
X-CST
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-Mcache
X-D2id
Verso
Xkey
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-GitHub-Request-Id
Cache-Tag
X-Amz-Rid
X-Ruxit-Js-Agent
X-Powered-By-Plesk
X-FastCGI-Cache
Service-Worker-Allowed
RTSS
X-VARITI-CCR
X-Varnish-TTL
X-Navigation-Version
X-Upstream
X-ECACHE
X-Version
X-Abt-Application-Version
X-Client-IP
X-Cached
X-Ttl
X-Ac
X-Cnection
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Server-Name
X-SharePointHealthScore
Arr-Disable-Session-Affinity
SPRequestGuid
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Cf-Apo-Via
X-Px
SPRequestDuration
SPIisLatency
Permissions-Policy
Public-Key-Pins
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Country-Code
X-Cache-TTL
X-NWS-LOG-UUID
X-Middleton-Response
Response
X-Ser
X-Midtier
X-Cache-Key
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-RateLimit-Remaining
Content-MD5
X-Forwarded-For
X-NF-Request-ID
Access-Control-Request-Method
X-DataDome
X-MSEdge-Ref
X-Correlation-Id
X-Shield-Request-Id
Front-End-Https
X-T
X-Recruiting
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
AR-PoweredBy
X-HP-Trace-Id
X-HP-Webp
AR-ATIME
AR-CACHE
MicrosoftSharePointTeamServices
X-Jurisdiction
AR-Request-ID
AR-SID
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Nginx-Cache
X-Accel-Expires
X-Daa-Tunnel
X-Powered-CMS
Accept-Ch
X-Grace
X-Mg-S
TCN
X-Content-Digest
X-RateLimit-Limit
Filters
X-Request-Processing-Time
X-Request-Received
X-Amzn-Trace-Id
X-Hits
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
Server-Node
X-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Server-Name
X-TEC-API-VERSION
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
MS-Author-Via
X-XRDS-Location
Fastcgi-Cache
X-Fastly-Request-Id
X-PressLabs-Stats
X-Webkit-Csp
X-Geo-Country
X-Frontend
X-Distributor
S
Count-Hit
X-Origin-Server
X-Ezoic-Cdn
X-Ab
X-Ua-Browser
Cache-Status
X-Protected-By
X-Language
Filterid
X-LLID
Cross-Origin-Opener-Policy
X-Amz-Meta-S3cmd-Attrs
X-LB-Cache
X-Forwarded-Proto
X-ASPNET-VERSION
Payment
Charset
X-Page-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Seen-By
X-Ratelimit-Reset
X-F-Cache
X-Fastcgi-Cache
X-B3-Sampled
X-FB-Debug
Host
X-Git-Hash
X-Cluster-Name
X-VCache
Surrogate-Key
X-Rid
Cache-Tags
X-Www-Served-By
Realpath
Accept-Charset
X-Logged-In
Retry-After
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Cache-Age
X-Origin-Cache
X-NGENIX-Cache
X-Az
Alternate-Protocol
X-Source
X-AppVersion
X-Template
X-Activity-Id
X-DIS-Request-ID
X-Varnish-Backend
X-Litespeed-Cache
X-Amz-Replication-Status
ServerID
X-Type
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Envoy-Decorator-Operation
X-B-Cache
X-Flags
X-Tb
X-Request-Guid
X-Wix-Request-Id
X-Signature
X-Varnish-Grace
X-Route-Name
Cleartype
Paypal-Debug-Id
X-TT
DC
X-B
X-App-Environment
X-Hostname
X-DynaTrace
X-Node-Name
X-TTL
Frame-Options
X-Revision
X-Drupal-Cache-Tags
X-Contextid
X-Proxy
X-COUNTRY
X-Kong-Upstream-Latency
X-Debug
X-Kong-Proxy-Latency
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Rule
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
Pinterest-Generated-By
X-Goog-Storage-Class
X-Goog-Generation
X-Pinterest-Rid
Pinterest-Version
X-GUploader-UploadID
Amp-Access-Control-Allow-Source-Origin
X-Mobile
X-Load-Cache
X-Content-Options
Refresh
X-Fastly-Request-ID
X-Cache-Control
Node
X-Magnolia-Registration
Country
X-N
X-EdgeConnect-Cache-Status
NGB
X-Original-Request-Id
X-Response-Served-From
Akamai-GRN
X-Content-Powered-By
X-Ratelimit-Remaining
X-Varnish-Age
X-Debug-IsConnected
X-NYM-Debug-Backend
X-User-Agent
X-Debug-IsPreview
X-Instance
X-Cache-Time
Uber-Trace-Id
X-Mid
X-Framework
X-Real-IP
X-Rendered-As
X-Cache-TTL-Remaining
X-G
Access-Control-Request-Headers
Content-Disposition
X-Page-View
Referer-Policy
Viewport
X-Yottaa-Metrics
X-Servername
X-Yottaa-Optimizations
X-Adobe-Loc
X-Adobe-Content
X-Status
X-Is-Bot
X-Varnish-Server
Url
X-Whom
X-Akamai-Request-ID2
X-Cacheable-TTL
X-L-Path
X-Cache-Grace
X-Unique-Id
X-Environment-Context
Cross-Origin-Resource-Policy
X-RemovedCookies
X-Jobs
Srv
VIX-Pulpo-Upstream-Status
X-ProcessESI
VIX-Pulpo-Node
Countrycode
X-Trace-Id
X-XRDS-LOCATION
X-Drupal-Cache-Contexts
X-Content
X-Api-Version
X-Via-JSL
X-Cache-Expired-At
X-APP-VERSION
X-CDN-Forward
X-Mg-Request-UUID
X-Time
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
Version
X-Cache-Hit
Accept-Language
X-Oracle-Dms-Ecid
X-Cache-Operation
X-Http-Reason
X-Oracle-Dms-Rid
X-Backend-Name
X-Restarts
Protected
Healthy
X-App-Server
X-Ratelimit-Limit
X-Rule
X-IPLB-Instance
X-IPLB-Request-ID
X-Azure-Ref
X-Server-ID
X-Debug-Info
Section-Io-Cache
X-Akamai-Edgescape
X-Cache-Action
Content-Secure-Policy
X-Hosted-By
X-Tt-Logid
X-Generation-Time
X-Device-Type
Backend
Server-Info
X-Nginx-Cache-Key
GEO-INFO
X-VC-Cache
X-FW-Serve
X-FW-Static
X-FW-Server
Liferay-Portal
X-SRV
X-FW-Dynamic
X-FW-Type
X-FW-Hash
Meta-Geo
X-Mobile-URL
X-Storage
Load-Balancing
X-UPSTREAM-Address
X-RN-RSRV
X-URL
Ms-Operation-Id
X-HTML-Minification-Powered-By
MS-CV
CF-IPCountry
X-RTag
X-R9-Blue-Green-Version
X-Access
Azure-RegionName
Onion-Location
X-Mode
Azure-SlotName
X-Section
X-Cache-Server
Azure-Version
Azure-SiteName
X-Cms-Context
X-Proto
X-Amzn-RequestId
X-Handled-By
Azure-InstanceId
X-PCL
X-Amz-Apigw-Id
X-OCL
X-FireWall-Port
X-Format
X-Locale
Property-Id
X-JoinUs
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Generated-By
S-Rt
X-Ms-Request-Id
Eomportal-Instance
Cache-Name
Web-Mar-Node
X-Adobe-Source
X-Varnish-Cache-Hits
X-AWS-Id
X-Origin-Hint
TWC-Device-Class
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
X-SayCDN-TTL
Webcakes-Region
X-Sql-Count
X-Hl-Ver
X-Content-Age
X-VWS-Id
X-Varnish-Hostname
X-Sql-Duration-Ms
X-Ms-Version
X-Say-TTL
X-Proxy-Cache-Status
TWC-Connection-Speed
X-PHP-Host
X-No-Session
X-Say-Cacheable
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Redis-Cache
X-Region
X-SaId
CDN-Cache
X-Server-W
CDN-CachedAt
X-Edge-Location
X-Site-Version
X-Skip-Cache
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-Routing-Service
X-ShardId
X-UA-Device-Type
X-Urbn-Context-Path
X-Web-Node
X-Xfnlog-Site
X-Zipkin-Id
X-Via-Fastly
X-Varnishpool
X-Urbn-Site-Id
X-Varnish-Beresp-Grace
X-ProxyCache-Status
X-ProxyCache-Key
Locale
X-Alternate-Cache-Key
X-BYPASS-REASON
CDN-Uid
CDN-RequestId
CDN-PullZone
CDN-RequestCountryCode
X-Cache-Host
X-Cache-Type
X-GeoCountry
X-PHP-Backend
X-Proxied
X-GeoCode
X-Forwarded-Host
X-Detected-As
X-Extlb
CDN-EdgeStorageId
X-Sorting-Hat-PodId
Selected-Fe
X-Storefront-Renderer-Rendered
Apigw-Requestid
X-Timing-Wait
X-Request-Time
X-Proxy-Build
Xserver
Mn-Server-Ip
X-ECache
X-Cache-Enabled
Fastcgi-Useragent
X-ServerID
X-Cache-Status-Check
WP-Super-Cache
X-DynaTrace-JS-Agent
X-Tid
X-WP-CF-Super-Cache
X-FB-TRIP-ID
X-WP-CF-Super-Cache-Cache-Control
X-Cache-NGX
X-Uri
DB-Nickname
X-Varnish-Ttl
X-Origin-Date
X-UUID
X-Provided-By
X-Amzn-Remapped-Content-Length
X-Ua
X-Datadome
X-TNCMS
X-Loop
X-Dc
X-Pubstack
X-Nginx-Cache
X-Reqid
X-LSADC-Cache
X-Correlation-ID
X-Aspnetmvc-Version
X-Cdn
X-Zen-Fury
ServedBy
Xet-Cookie
X-Vgn-Hpd-Reason
X-Webkit-CSP
X-Tumblr-Pixel-2
X-Soup
X-MP-GENERATED-AT
X-Human
X-TA-CDN-Provider
X-Service
Source
X-Origin-TTL
Origin
X-Origin-CC
X-GEO
X-Newrelic-Synthetics
X-RCS-CacheZone
Cache
X-Cache-Tags
X-Varnish-Hits
X-App-Version
From-Origin
Cross-Origin-Window-Policy
X-TIME
X-Cached-By
X-Debug-Cache
X-Cache-Debug
X-Tec-Api-Origin
WPO-Cache-Message
X-Tec-Api-Root
WPO-Cache-Status
X-Tec-Api-Version
X-Varnish-Beresp-Ttl
X-NewRelic-App-Data
SD-X-WS
Rip
X-B3-Traceid
X-ScT
BehaviorPad-Version
MD5-Digest
Rendered-Blocks
Host-ID
X-Request-Host
LB
Cdncip
X-A-Dcw
X-Connection-Hash
Xc-Version
X-A-Dgt
X-Destination
X-A-Dam
X-A-Ccd
X-ARC
Meta-Geo-Continent
Cdnsip
X-Processor
Fastly-Drupal-HTML
X-Parent-Response-Time
Ngx.Var.Host
X-A
X-Orig-Expires
X-PBS-Appsvrname
X-Rewrite-Enabled
X-S
X-NAPM-TraceId
X-BCube-Filmed-By
X-Rojux
Surrogated-Key
X-Application
X-S-Cookie
X-AK-Request-ID
Sslversion
DCR-Processing-Time-Ms
X-Tenant
X-External-Request-Id
X-A-Wwc
CPC-Cache
X-User
VNS-Age
DCR-Decision-By
CPC-Age
X-Ec-Fail
X-TIM-N
X-Ec-GeoHdr
VNS-Cache
Expiry
T-Server
X-Aed
X-Developer
X-VG-WebCache
Lang
X-Bc-Bl
Odigeo-Trace-Id
X-Vdms-Version
X-Vdms-Path
X-Cache-NE
X-Forwarded-Path
X-B-Cookie
X-D
X-SRCache-Key
X-Shop-Environment
A
Webserver
X-FW-Version
X-IPS-LoggedIn
X-AOL-HN
X-Gdpr
X-Accel-Buffering
Redirect-Candidate
X-Origin-Time
X-Nyt-Route
X-Cluster
X-Dispatcher-Number
Environment
Upgrade-Insecure-Requests
X-Served-From
X-Aicache-OS
Gh-Request-Id
X-Cdn-Srv
X-Thinkindot-L3
X-Core-Value
X-CMSURLCustom
X-Level-Front-Cache
X-Auto-Login
Thinkindot-CacheControl
TDXMobile
X-Platform-Server
Thinkindot-CacheControl-Type
X-Sucuri-Cache
Thinkindot-Control
X-WP-CF-Super-Cache-Active
X-Sucuri-ID
WebServer
OT-Force-Account-Verify
AKAMAI
X-Has-Esi
X-INCAP-ABP
X-HS-Content-Campaign-Id
X-Developers
X-Geo-Header
X-JWT-State
Fastly-Backend-Name
X-Is-Gdpr
X-Worker
X-Generated-On
X-Core-Mission
X-Clientip
Decoy-Debug-TTL
Cmsid
Cmstype
DSUID
Country-Code
Decoy-Debug-Status
Decoy-Debug-Key
Origin-EX
Req-Svc-Chain
Server-Host
X-BBC-Edge-Cache-Status
Servername
Release
Producers
Origin-CC
X-Bip
Platform
Cluster
X-Azure-Ref-OriginShield
X-ATG-Version
X-Ad-Defer-Variation
Tube-Got-Eval
Tube-Got-Results
Tube-Return
Tube-Get-Contents
We-Hiring
State
Svr
Web-Mar-Region
Traceparent
NM-Fastcgi-Cache
NGX
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
IsBot
X-CacheTTL
X-CGP
Fastly-GeoIP-CountryCode
Fastly-SIE
Fastly-SSL
Fastly-SWR
Kp-EeAlive
L
X-Cache-Id
Mime-Version
Mobile-Detection-Method
X-Cache-Bucket
Memcached
Mail-Subject
L5d-Success-Class
Machine
X-Cache-Info
X-Clara-WADP
X-Gzip
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-Viewer-Country
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Var-Ttl
X-Variation
X-Varnish-Beresp-Status
X-VServer
X-WADP-Cache
Click-Count-Error
X-NCache
X-Mvc-Supplant-Cachable
X-Optimistic-Header
X-Origin
X-Wix-Viewer-Type
X-Owner
X-Origin-Response-Time
X-Policy
X-Pool
X-SIPLIST1
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-Sigma-Backend
X-Sigma
X-Scheme
X-SB
X-S-Maxage
X-SplitTest
X-Request-URI
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thanos
X-Proxy-Cache-Info
X-Qloud-Router
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Minions-Version
X-NodeID
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-DefHash
X-Epic-Correlation-Id
X-Loc
X-FC-Vary-Parameters
X-Fastly-Backend
X-Eu-Site
X-DefElseHash
Adler-Geo
Candidate-Md5Url
X-Csrf-Jwt
Click-Count-Action-Start
Cache-Host
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Fmm-Version
X-Esi-Check
X-GeoIP
X-GeoIP-City
X-Hash
X-Irp-Debug
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Forwarded-Site
X-Gateway-Cache-Key
X-Cluster-Node
X-Slack-Backend
X-Hnp-Log
X-Scale
X-Datadog-Sampling-Priority
X-Gamma-Serve
X-Sn-Servicetimems
X-Datadog-Parent-Id
X-ND-Cache
X-Block-Status
X-Planisys-CDN-Cache
X-Device-Os
X-Planisys-CDN-Rules
X-Ckpd-Fst-Backend
CloudFront-Viewer-Country
X-Datadog-Trace-Id
X-Gen-Mode
X-Region-Sid
X-Fetched-On
X-Planisys-CDN-TTL
X-Cdn-Origin
X-Tx-Id
Server-Ext
X-CSRF-Token
X-Via-NSCOPI
Wxu-Next-Region
Datacenter
CDCHOST
Canary
Sever-Int
Server-Hostname
User-Cache-Control
Wxu-Next-Commit
Vix-Hermes-Req-Id
V-Age
Wxu-Next-Hostname
X-B3-SpanId
HostName
X-Trace-ID
Sid
X-VC
X-GG-Cache-Date
X-Cache-Remote
X-V-Cache
X-LB-NoCache
X-Branch-Name
Ec-Rule-Version
X-Udemy-Cache-App-Namespace
X-Mvc-Supplant-OutputCached
X-Newrelic-App-Data
Cache-Tv-Group
X-Nf-Request-Id
X-WA-Info
Fastcgi-Cache-TTL
Memory
Pics-Label
Time
Cache-Hits
X-Tb-Optimization-Total-Bytes-Saved
X-ZONE
X-Pass-Why
X-Refresh
Request-ID
X-Session-Fingerprint
AMP-Access-Control-Allow-Source-Origin
X-Up
X-Tumblr-Pixel-3
X-Origin-Expires
X-Pod-Name
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Ssr
X-Fastly-Cache
X-Edge-Pop
X-Cs
X-Release
My-App
Env
X-Via-Popn
X-Via-Popv
X-Dispatch
X-Servedbyhost
X-Via-Poph
X-Generated-In
X-Akamai-Transformed
X-Lambda-Id
X-Wa
Server-ID
SID
X-Esi
X-Presslabs-Stats
X-PX
X-CACHE-AGE
GeoIp-Country-Code
X-ID
X-Zone
X-Req
X-Fpc
X-Cache-Date
X-Ig-Push-State
X-DC
X-EC-Lua
X-Buckets
X-NWS-UUID-VERIFY
X-MSEdge-Flight
True-Client-IP
X-Endurance-Cache-Level
X-MSEdge-Features
X-NC
X-NGINX-Cache
X-Conf
X-Xrds-Location
CacheControlHeader
X-Microcachable
CDN
X-VCL-Version
X-Vc
X-TX-ID
True-Client-Country-4JS
X-LB-ID
Hostname
X-Webkit-CSP-Report-Only
X-B3-Spanid
X-TH-Server
X-Dmc
X-CSRF-TOKEN
X-CACHE-KEY
X-Op-Id-All
X-HS-Status
X-CS
X-TRACE-ID
Magicmarker
Fastly-Drupal-Html
X-Be
X-Wikidot-Backend
X-GeoIP-Country-Code
X-Wikidot-Static-Cache
X-GeoIP-Region-Code
X-RateLimit-Reset
X-Srv
X-Check-Cacheable
X-MCACHE
WWW-Authenticate
Tcn
Path
X-Vcl-Version
Resin-Trace
X-RAMCache
X-Hyper-Cache
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
X-Accel-Expires-Debug
X-Vercel-Cache
X-Vercel-Id
X-Date
True-Client-Ip
X-Alfa-Service
X-SERVER-NAME
Section-Io-Origin-Time-Seconds
X-CF-Lambda-Fn
Section-Io-Id
X-M-Log
Section-Io-Origin-Status
GeoIP-Country-Code
X-CF-Lambda-Version
X-M-Reqid
Section-Origin-Responded
X-Old-Content-Length
Pramga
X-Micro-Cache
X-Cache-Ttl
Yjs-Id
X-CLOUD-TRACE-CONTEXT
X-Datacenter
X-LiteSpeed-Cache-Control
X-FPC
X-App
X-Air-Hostname
X-Air-Source
Tracecode
Proxy-Connection
X-Qnm-Cache
X-Air-Trace-Id
X-Air-Pt
YJS-ID
FSS-Cache
X-Geo
C-Via
X-Lb-Id
X-WA
X-Via-CDN
Powered-By
X-Mly-Id
X-Location
N-Cache
Lb
X-Platform-Processor
X-ServedByHost
X-Edge-POP
Server-Id
X-Response-By
X-Via-PopH
X-Webstats-RespID
X-Platform-Router
X-TrackingId
X-Via-PopV
X-Via-PopN
X-Platform-Cluster
User-Agent
ENV
X-API-Version
NtCoent-Length
X-Cdn-Forward
HIT
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Cache-ASPX
X-Contensis-Viewer-Groups
Hit
On-Server
X-Platform
X-PAYTM-SRV-ID
Esi-Enabled
Fastcgi-X-Cache-Version
X-Director
XServer
X-Varnish-Authentication
X-Client-Ip
X-Service-Response-Time
X-AIR-PT
Sm-Log-Id
X-DataCenter
X-Dw-Trace-Id
X-TT-LOGID
X-Li-Fabric
Cdn
X-CUA
Srvid
X-Server-IP
Locid
X-Traceid
X-Instance-Name
X-From
X-LI-UUID
X-LI-Proto
X-Li-Pop
Geoip-Latitude
Dnion-Transfer-Encoding
X-FL-EDGE
X-UA
X-FORWARDED-FOR
Location
X-Test
X-RPS
X-CF-Powered-By
GeoIP-Latitude
X-DSS
X-DW
X-DB
Ohc-File-Size
X-RPM
Swift-Performance
X-DI
X-LiteSpeed-Tag
X-Vtex-Remote-Cache
X-Node-Id
Uri
X-Request-Url
X-Vtex-Processado-Em
Nginx-CQVIP
X-RSL
PICS-Label
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Cache-Backend
X-HA-Backend
X-Cache-Expires
M-TraceId
X-Serial
Wpo-Cache-Status
X-SD-PageType
X-B3-ParentSpanId
X-Request-Start
X-Fastly-Cache-Hits
X-LAGOON
X-Fastly-Backend-Reqs
Vha6-Origin
X-HostName
X-Lb-Nocache
Wpo-Cache-Message
X-Cdn-Request-ID
X-Render-Time
X-Cache-Ngx
X-Cc-Via
Wp-Super-Cache
X-Ips-Loggedin
Warning
CountryCode
X-Kebab
X-Ittl
X-Kebabable
X-NXG
X-Ntj-Investigation-Id
X-Is-SSL
X-IBD-SID
X-Group
X-GoCache-CacheStatus
X-Ha-Backend
X-Header-Sub
X-IBD-Cache
X-Keep
X-LbNode
X-MTS-Cache
X-Newegg-Index
X-Global-Transaction-ID
X-N-OperationId
X-Newegg-Flow
X-Matome-Cached
X-Matched-Rule
X-Loadbalancer
X-NS-Authorization
X-NFL-Geo
X-NFL-Dma
X-Nerd
X-ETag
X-Doge
X-Developed-By
X-DT-Node
X-Edge-IP
X-Ee-Generated-By
X-Delivery
X-Dehri-Date
X-Colour
X-Container-Uri
X-Conten-Type-Options
X-Dcm-Pdtf
X-Ee-Origin
X-Ee-Request-Date
X-Frame-Option
X-Fastly-Is-Edge
X-Fstrz
X-Full-Ttl
X-GG-Cache-Status
X-Farm
X-F-Status
X-Ee-Request-Id
X-Eid
X-Nyt-Data-Last-Modified
X-Eventloop-Lag
X-Git-Commit
X-PGF-Deflate
X-U-Cache
X-True-Client-Ip
X-Upstream-State
X-User-Auth
X-Utime
X-Tried-To-Kebabify
X-Toujours-Debout-Location
X-Svr-Proxy
X-SVR-IIS
X-Test-Nginx-Ingress
X-Timestamp
X-Toujours-Debout-Branch
X-V2-Infrastructure
X-Vary-Devices
X-Xms-Page-Cache-Actions
X-WSR2
X-YSpaceId
XV-Cache
XV-H
X-WP-Bypass
X-Web-Hosting
X-Ver
X-Wag-Acs
X-Waitingroom
X-We-Are-Hiring
X-Stack-Name
X-SSLProxy
X-Coindesk-Cache
X-PG-ACCESS
X-Pver
X-R-Cache
X-Reboot
X-Paywall
X-PageType
X-Onedio-Env
X-Okws-Version
X-Origin-Ops
X-OVcl
X-OVcl-Cache
X-Redis
X-Render-Method
X-Sh
X-ServiceName
X-Site
X-SMP-JWT
X-Square
X-Server-L
X-Save-Cache
X-Request-Origin
X-Route
X-Route-Akamai
X-Ruby
X-Odoo-Frontend
X-Cache-NPR
NB-ESI
Joe-X
Nikkei-App-Version
NLCacheNote
Npm-Cost
Is-Https
HTTPProtocol
Deeplink
CMS-200
Ec-Policy-Id
H1
HServer
Npm-Remaining
Ns
RawURL
Proxy-Cache
Region
Request-Uuid
Rt-Proxy-Cache
Panzer-Cache-Control
Origin-Site
Ns-Ua
Ok-Cache-Status
OK-Edge-Date
Ok-Edge-Key
Cluster-Host
Cf-Wrk
X-Via-Ucdn
X-Moov-T
X-PERF
X-ElasticPress-Query
X-Yottaa-OS
X-Mg-Cache
X-Moov-Xdn-Version
Fastcgi-Cache-Ttl
SRV
DynaTrace
WZWS-RAY
Req-ID
CF-Cached-On
X-IN-APIGATEWAY
Cachekey
Cache-Stat
Cdn-Country-Code
Cf-Device-Type
Cf-Locale
Akamai-X-Url
X-Th-Server
X-IN-APIGATEWAYSSL
Cneonction
Cache-Key
X-ApacheServer
Scheme
Selected-Route
X-ASF-Cache
X-ARRRG1
X-AspNetWebPages-Version
X-Backend-TTL
X-Backside-Transport
X-Arena-Request-Id
X-Ar-Stats
X-Akamai-DeviceType
X-Akamai-DeviceOS
X-Akamai-Native
X-Amz-Meta-Cb-Modifiedtime
X-Apache-Server
X-BeanStalkRole
X-BeanStalkStage
X-CacheVersion
X-Cache-Response
X-CDN-Pop
X-CDN-Pop-IP
X-Cf-Node-Idx
X-Cache-ReqUri
X-Cache-Reason
X-Cache-Cookie
X-Cache-IsMobileDevice
X-Cache-Length
X-Cache-Proxy
X-Akamai-CacheKeyMod
X-AEO-Platform
T-Request-Id
Sw
Technodrome
Time-Cloud-Cache
Ttl
Store-Cloud-Cache
SII
Served
Service-Uuid
SFRVia
Shieldsquare-Response
TWC-AK-Req-ID
TWC-PATH-LOCALE
X-Accel-Version
X-77-NZT-Ray
X-Accepted-Fulllang
X-Accepted-Language
X-Accor-Asset
X-77-NZT
Vttl
TWC-Subs
TWC-Unit
Uniqueid
Userver
X-Cms-Device