Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
CF-RAY
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Request-ID
X-Request-Id
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Status
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Ws-Request-Id
X-Proxy-Cache
X-Server
X-Ua-Compatible
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-LiteSpeed-Cache
X-Amz-Version-Id
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Accept-CH
X-Device
Cf-Apo-Via
X-Page-Speed
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
X-Akam-SW-Version
Surrogate-Control
X-Backend-Server
EagleEye-TraceId
X-Cache-Lookup
Request-Id
X-Readtime
X-Ruxit-JS-Agent
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
Accept-Ch-Lifetime
X-Trace
X-Application-Context
X-Response-Time
X-CST
Permissions-Policy
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
Fastly-Restarts
X-Edge
X-Country
Accept-CH-Lifetime
Content-Location
X-WebKit-CSP-Report-Only
X-Content-Type
X-Mcache
X-ECACHE
Rating
X-Clacks-Overhead
X-MS-InvokeApp
X-Url
X-PC
X-Vname
X-TtlSet
X-Amz-Server-Side-Encryption
X-Midtier
X-VARITI-CCR
RTSS
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-Varnish-TTL
X-Element-Page-Cache
X-D2id
Verso
Origin-Trial
X-Ac
X-Kinja
X-Server-Name
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Rack-Cache
X-Cnection
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-ESI
Xkey
X-Navigation-Version
X-GitHub-Request-Id
X-Client-IP
X-Abt-Application-Version
X-NWS-LOG-UUID
Edge-Control
SPRequestGuid
X-Amz-Rid
X-SharePointHealthScore
X-Cached
X-Px
X-Fastcgi-Cache
X-Mg-S
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Ttl
X-Server-Lifecycle-Phase
X-Browser-Type
Arr-Disable-Session-Affinity
X-Upstream
SPRequestDuration
SPIisLatency
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Correlation-Id
Content-MD5
X-Dw-Request-Base-Id
X-Cache-Key
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-Daa-Tunnel
X-Goog-Hash
X-RateLimit-Remaining
Front-End-Https
X-Country-Code
Public-Key-Pins
X-Version
X-XRDS-Location
X-Forwarded-For
X-Powered-CMS
X-Litespeed-Cache
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-SID
AR-Request-ID
X-Id
X-MSEdge-Ref
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Recruiting
X-T
X-Content-Digest
X-Accel-Expires
TCN
X-Middleton-Response
Response
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Shield-Request-Id
X-Ser
TP-Cache
TP-L2-Cache
Nginx-Cache
X-Amzn-Trace-Id
X-Hits
S
X-Request-Processing-Time
X-Request-Received
X-Fastly-Request-ID
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
Cache-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Distributor
X-Grace
Cache-Tags
X-TEC-API-ORIGIN
Fastcgi-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
MicrosoftSharePointTeamServices
Alternate-Protocol
Server-Name
X-TTL
Accept-Ch
X-Protected-By
X-Ruxit-Js-Agent
X-Ezoic-Cdn
X-DIS-Request-ID
X-Origin-Server
X-Ratelimit-Limit
X-Geo-Country
X-Ratelimit-Reset
X-LB-Cache
X-Ua-Browser
X-Microsite
X-Frontend
X-Request-Handler-Origin-Region
X-DataDome
X-Rid
X-Debug-Info
X-Varnish-Backend
Cleartype
X-Logged-In
Healthy
X-Www-Served-By
Filterid
X-Git-Hash
X-NGENIX-Cache
Payment
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-FB-Debug
X-Page-Id
X-PressLabs-Stats
X-Webkit-Csp
X-Load-Cache
X-ASPNET-VERSION
Charset
X-B3-Sampled
X-VCache
Content-Disposition
X-Cluster-Name
X-LLID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Origin-Cache
DC
X-Ratelimit-Remaining
MS-Author-Via
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
Retry-After
Accept-Charset
X-Proxy
Access-Control-Allow-Method
X-Hostname
X-Az
X-Activity-Id
X-AppVersion
X-RateLimit-Limit
X-F-Cache
Cross-Origin-Resource-Policy
X-Type
X-FastCGI-Cache
X-B-Cache
X-Amz-Replication-Status
X-Contextid
X-Signature
X-Hosted-By
Paypal-Debug-Id
X-Aspnet-Duration-Ms
X-Flags
X-Revision
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Server
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
Viewport
X-Aspnetmvc-Version
X-TT
X-ORACLE-DMS-RID
X-Seen-By
X-ORACLE-DMS-ECID
X-Azure-Ref
X-Wix-Request-Id
X-Whom
X-B
Surrogate-Key
X-Fb-Rlafr
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Referer-Policy
X-App-Environment
X-DynaTrace
X-Source
Count-Hit
Realpath
X-Tt-Trace-Tag
X-Tt-Trace-Host
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
X-Mobile
X-App-Server
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
Host
X-Cache-Control
X-Oneagent-Js-Injection
X-EdgeConnect-Cache-Status
X-HTML-Minification-Powered-By
X-N
X-Cache-Age
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Response-Served-From
X-Original-Request-Id
X-Tumblr-Pixel-1
X-Tumblr-User
Version
X-Varnish-Age
X-UUID
Refresh
X-Cache-Rule
X-Varnish-Grace
X-Magnolia-Registration
Access-Control-Request-Headers
X-Nginx-Cache
X-Cache-Time
MS-CV
Ms-Operation-Id
VIX-Pulpo-Node
X-Envoy-Decorator-Operation
SD-X-WS
X-RTag
X-Rule
VIX-Pulpo-Upstream-Status
Section-Io-Cache
X-Environment-Context
X-FW-Dynamic
X-FW-Hash
X-Content-Powered-By
X-Cache-Grace
Protected
X-Adobe-Content
X-Adobe-Loc
X-FW-Serve
X-FW-Server
X-Page-View
X-Status
X-Cache-Status-Check
X-L-Path
X-FW-Version
X-FW-Static
X-FW-Type
Akamai-GRN
X-Cache-Expired-At
X-Http-Reason
X-Instance
X-G
X-Device-Type
X-B3-Traceid
NGB
X-Is-Bot
X-Rendered-As
X-ProcessESI
X-RemovedCookies
X-Jobs
X-Framework
X-Servername
X-Cacheable-TTL
GEO-INFO
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-Backend-Name
X-Newrelic-App-Data
X-Debug-IsPreview
X-Debug-IsConnected
X-User-Agent
Url
X-CDN-Forward
X-Yottaa-Optimizations
X-Drupal-Cache-Contexts
X-Yottaa-Metrics
X-Drupal-Cache-Tags
X-Tb
X-Cache-Hit
From-Origin
X-Pinterest-Rid
X-Trace-Id
Pinterest-Generated-By
Pinterest-Version
WPO-Cache-Status
WPO-Cache-Message
Country
SRV
X-Region
X-URL
Accept-Language
CDN-RequestId
X-Node-Name
Front
X-Tt-Logid
X-Real-IP
X-VC-Cache
Backend
Uber-Trace-Id
X-Mode
X-Template
X-Amz-Apigw-Id
X-Amzn-RequestId
X-XRDS-LOCATION
X-Time
X-Content-Options
X-Language
Fastly-Drupal-HTML
Content-Secure-Policy
Fastly-SWR
Fastly-SIE
X-DynaTrace-JS-Agent
X-Tumblr-Pixel-2
X-Rewrite-Enabled
X-Cache-Operation
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
Filters
X-Generation-Time
X-Unique-Id
CDN-Cache
CDN-PullZone
X-Section
CDN-RequestCountryCode
Azure-SlotName
Webserver
CDN-EdgeStorageId
X-Rocket-Nginx-Serving-Static
X-Cache-TTL-Remaining
Azure-InstanceId
X-Cache-Server
Onion-Location
Azure-SiteName
Azure-RegionName
X-Web-Node
X-IPS-LoggedIn
X-Access
X-Format
X-Amzn-Remapped-Content-Length
CF-IPCountry
CDN-Uid
Azure-Version
X-Proxy-Cache-Info
CDN-CachedAt
X-Sql-Duration-Ms
X-Proxy-Cache-Status
X-Sucuri-ID
X-Ua
X-Sql-Count
X-Cms-Context
X-Say-TTL
X-Zen-Fury
X-Debug
Apigw-Requestid
X-Say-Cacheable
X-SayCDN-TTL
X-Cache-Host
X-Reqid
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-Adobe-Source
X-Cache-Action
X-Fastly-Request-Id
X-PHP-Host
X-IPLB-Instance
X-IPLB-Request-ID
X-Cluster
X-Labrador-Cache-Channel
X-Content-Age
X-Edge-Location
X-GeoCountry
X-GeoCode
X-R9-Blue-Green-Version
X-Forwarded-Host
X-BYPASS-REASON
X-AWS-Id
X-Ms-Version
X-ProxyCache-Status
X-ProxyCache-Key
X-Proto
X-Ms-Request-Id
S-Rt
X-LJ-Flow-ID
Web-Mar-Node
ServerID
Cache-Name
X-UA-Device-Type
Webcakes-Region
X-Varnish-Beresp-Grace
TWC-Connection-Speed
X-Soup
X-Skip-Cache
Property-Id
X-Via-Fastly
X-VWS-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Country
Webcakes-App-Version
X-Server-W
TWC-Device-Class
X-Locale
Node
X-Origin-Hint
X-SRV
X-PHP-Backend
Cache-Hits
X-Extlb
X-Handled-By
X-JoinUs
X-Cluster-Node
X-LSADC-Cache
X-Proxied
X-SaId
X-Webkit-CSP
X-No-Session
X-LAGOON
X-Zipkin-Id
X-Xfnlog-Site
X-Detected-As
X-Urbn-Site-Id
X-Site-Version
X-Urbn-Context-Path
X-Routing-Service
Locale
X-Proxy-Build
Selected-Fe
WP-Super-Cache
X-WP-CF-Super-Cache
Mime-Version
Mn-Server-Ip
X-WP-CF-Super-Cache-Cache-Control
X-Timing-Wait
DB-Nickname
Fastcgi-Useragent
X-TIME
X-Hl-Ver
X-FB-TRIP-ID
X-Request-Time
ServedBy
Liferay-Portal
X-Tumblr-Pixel-3
Xserver
X-Cache-Debug
X-Redis-Cache
X-Optimistic-Header
X-Loop
X-NWS-UUID-VERIFY
Upgrade-Insecure-Requests
X-TNCMS
Source
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Origin-Date
X-Generated-By
X-Mg-Request-UUID
Countrycode
X-Times
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Varnish-Hits
X-CACHE-AGE
CF-Cached-On
X-Tid
X-Akamai-Transformed
X-Cdn
X-GEO
X-COUNTRY
X-Uri
X-Director
X-Storage
Xet-Cookie
X-Varnish-Beresp-Ttl
X-Pass-Why
X-Newrelic-Synthetics
Frame-Options
X-TA-CDN-Provider
X-Tx-Id
X-Origin-TTL
X-ARC
X-Origin-CC
X-FireWall-Port
X-ECache
X-Service
X-Trace-ID
X-Esi
X-Varnish-Cache-Hits
X-B3-Spanid
X-AIR-PT
X-Presslabs-Stats
X-Endurance-Cache-Level
X-Alternate-Cache-Key
X-Datadog-Sampling-Priority
X-DC
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Datadog-Parent-Id
X-Varnish-Hostname
X-Datadog-Sampled
X-Datadog-Trace-Id
Environment
X-App-Version
Surrogated-Key
Thinkindot-CacheControl-Type
Sslversion
Thinkindot-CacheControl
T-Server
WWW-Authenticate
Thinkindot-Control
X-A
TDXMobile
Gannett-Cam-Experience-Id
Edge-Cache
X-A-Ccd
Host-ID
DCR-Processing-Time-Ms
DCR-Decision-By
A
BehaviorPad-Version
Candidate-Md5Url
Lang
MD5-Digest
Redirect-Candidate
Release
Rendered-Blocks
Origin
Odigeo-Trace-Id
Meta-Geo-Continent
Ngx.Var.Host
Req-Svc-Chain
X-Bc-Bl
X-We-Are-Hiring
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Origin-Time
X-Nyt-Route
X-INCAP-ABP
X-Loc
X-Mid
X-Mobile-URL
X-Processor
X-Rojux
X-SRCache-Key
X-Thinkindot-L3
X-TIM-N
X-Vdms-Path
X-ScT
X-S-Maxage
X-S
X-S-Cookie
X-VG-TLSProxy
X-Gdpr
X-Frame-Option
X-B-Cookie
X-BBC-Edge-Cache-Status
X-Vdms-Version
X-BCube-Filmed-By
X-Application
X-Aed
X-A-Dcw
X-A-Dgt
X-A-Wwc
Xc-Version
X-Cache-Info
X-Developer
X-Ec-Fail
X-Epic-Correlation-Id
X-External-Request-Id
X-Destination
X-D
X-Cache-NE
X-CMSURLCustom
X-Core-Value
X-A-Dam
X-Ec-GeoHdr
Cache-Tv-Group
X-Request-Host
Server-Info
X-Buckets
SID
X-ServerID
X-SVT-ORM-VERSION
X-JWT-State
X-Location
X-NodeID
X-Test
X-Is-Gdpr
X-Has-Esi
X-HS-Content-Campaign-Id
X-Httpd
X-Human
X-Old-Content-Length
X-Origin-Response-Time
X-Rocket-Build-Number
X-SD-PageType
X-Sigma
X-Sigma-Backend
X-Restarts
X-Req
Magicmarker
X-Platform-Server
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Geo-Header
X-Clara-WADP
X-Core-Mission
X-CUA
Tube-Return
Vix-Hermes-Req-Id
X-Cdn-Srv
X-Akamai-Device-Characteristics
X-Auto-Login
X-Cache-Bucket
X-Cdn-Origin
Tube-Got-Results
Tube-Got-Eval
X-Fmm-Version
X-Gamma-Serve
Fastly-GeoIP-CountryCode
Server-Host
State
X-Ec-Custom-Error
Tube-Get-Contents
X-DefElseHash
X-DefHash
X-Developers
X-GeoIP-City
X-SB
X-WADP-Cache
Cluster
Apple-News-Services-Request-Url
X-WA-Info
C-Via
X-Generated-On
Apple-News-Services-Parsed-Url
Memcached
Click-Count-Error
X-Pubstack
X-Level-Front-Cache
X-WP-CF-Super-Cache-Active
X-Worker
Click-Count-Action-Start
X-Served-From
X-VServer
Country-Code
DSUID
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Fastly-Backend-Name
Cache-Host
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Apple-News-Services-Handled
Apple-News-Services-Host
Section-Io-Id
X-Parent-Response-Time
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-RM-Cache-TTL
Section-Io-Origin-Status
X-Date
Svr
X-DPWN-IS-SECURE
X-Dispatcher-Number
Ssr
X-Bip
X-Thanos
X-Block-Status
X-Vmg-Version
X-App
X-Conf
X-Cache-Backend
X-Cache-FS-Status
X-Pool
X-Varnish-Beresp-Status
X-Cache-Id
X-Fetched-On
X-GeoIP-Region-Code
X-Planisys-CDN-Rules
X-Request-Start
X-Planisys-CDN-Cache
X-Origin
X-Node-Id
X-Ad-Defer-Variation
X-Scale
X-Up
X-Var-Ttl
X-Variation
X-Slack-Backend
X-Nananana
X-Minions-Version
X-GeoIP
Cache-Key
X-Gen-Mode
X-Fastly-Backend
CloudFront-Viewer-Country
X-GeoIP-Country-Code
X-Gzip
X-Wix-Viewer-Type
X-Hnp-Log
X-Hash
AKAMAI
X-Esi-Check
X-Planisys-CDN-TTL
CDCHOST
Cmsid
Cmstype
CacheControlHeader
Cache-Provider
We-Hiring
User-Cache-Control
Platform
Origin-EX
Sever-Int
Pics-Label
L
Producers
Kp-EeAlive
Is-Eu
Gh-Request-Id
Server-Hostname
Server-Ext
Web-Mar-Region
Adler-Geo
X-Accel-Buffering
X-Accel-Expires-Debug
NM-Fastcgi-Cache
Origin-CC
Mail-Subject
X-CSRF-Token
X-Org
X-Device-Os
X-Slack-Shared-Secret-Outcome
X-V-Cache
X-Platform
X-Mvc-Supplant-Cachable
X-Region-Sid
PFcat
X-Varnish-Ttl
Fastly-SSL
X-Irp-Debug
X-Varnishpool
X-VarnishDD-TTL
X-FC-Vary-Parameters
X-Qloud-Router
X-Forwarded-Site
X-Refresh
X-Owner
X-LB-NoCache
X-Azure-Ref-OriginShield
Wxu-Next-Region
Wxu-Next-Hostname
X-Men
X-Dispatcher-Server
X-Cache-Tags
X-Cached-By
X-CacheTTL
X-Ckpd-Fst-Backend
X-Server-IP
X-NCache
Datacenter
X-Nginx-Cache-Key
X-Aicache-OS
X-Op-Id-All
Wxu-Next-Commit
Machine
X-HN
On-Server
NGX
X-Webkit-CSP-Report-Only
L5d-Success-Class
X-Via-Popv
X-Via-Popn
Canary
X-Csrf-Jwt
X-CGP
HA-Ipaddr
X-Via-Poph
Ha-Gx-Prefs
Cdn
HostName
X-Eu-Site
X-Mvc-Supplant-OutputCached
Cdnsip
X-HA-Backend
Cdncip
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Date
X-AK-Request-ID
X-Cache-Remote
X-VC
X-Microcachable
Env
X-Servedbyhost
X-RCS-CacheZone
GeoIP-Latitude
X-Mly-Id
X-APP-VERSION
X-API-Version
Server-ID
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-LB-ID
X-Gateway-Request-Id
X-Zone
Cache
Memory
Time
Request-ID
X-ZONE
X-Generated-In
Load-Balancing
X-DataCenter
X-Wa
X-Via-NSCOPI
X-Fpc
Eomportal-Instance
X-Fastly-Cache
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-ND-Cache
X-CLOUD-TRACE-CONTEXT
X-Nc
X-Instance-Name
AMP-Access-Control-Allow-Source-Origin
X-Micro-Cache
X-Origin-Expires
Ngx-Var-Key
OT-Force-Account-Verify
X-Correlation-ID
X-Client-Ip
X-Response-By
X-Release
Srv
X-Vc
X-Check-Cacheable
X-HS-Status
X-From
X-Hcs-Proxy-Type
X-SIPLIST1
Expect-Staple
X-FL-EDGE
X-CCDN-CacheTTL
Srvid
X-Request-URI
Locid
X-CCDN-Origin-Time
X-FL-QIT-DEBUG
IsBot
X-Cache-NGX
X-NewRelic-App-Data
X-Edge-Pop
Hostname
X-Via-CDN
X-Cache-Enabled
X-Info
X-VCL-Version
X-Via-JSL
NtCoent-Length
X-CS
Edge-Copy-Time
X-MCACHE
X-Via-Edge
X-Api-Version
X-Via-SSL
GeoIp-Country-Code
X-Dc
X-CSRF-TOKEN
X-Srv
X-Provided-By
X-Nf-Request-Id
True-Client-Ip
X-Proxy-CacheRZ
XkeyRZ
Sid
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Amz-Meta-Cb-Modifiedtime
X-Lambda-Id
Location
X-NGINX-Cache
True-Client-IP
Uri
X-EC-Lua
X-Cache-Expires
X-Vcl-Version
Path
X-Cs
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
CPC-Cache
GeoIP-Country-Code
VNS-Cache
X-Render-Time
Fastly-Drupal-Html
X-Fastly-Country-Code
X-Vtex-Remote-Cache
Resin-Trace
VNS-Age
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Edge-POP
CPC-Age
X-B3-SpanId
X-Server-ID
CDN
Servername
X-Datadome
Cross-Origin-Opener-Policy-Report-Only
X-Air-Pt
X-TX-ID
X-Moov-T
X-Moov-Xdn-Version
X-VCT
X-TH-Server
X-CACHE-KEY
Traceparent
X-Cdn-Request-ID
X-Viewer-Country
X-Scheme
X-ATG-Version
X-MSEdge-Flight
X-Varnish-Authentication
X-Pod-Name
X-MSEdge-Features
Esi-Enabled
X-Datacenter
X-FPC
X-Cache-ASPX
X-Contensis-Viewer-Groups
Timeexpire
X-PERF
LB
X-ApacheServer
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
CountryCode
M-TraceId
Powered-By
FSS-Cache
X-RateLimit-Reset
Rip
X-Geo
X-WA
X-NAPM-TraceId
X-Accel-Version
YJS-ID
X-RateLimit-Remaining-Second
X-Upstream-Ht
X-Service-Response-Time
X-Upstream-Ct
X-NC
X-Cdn-Cache-Status
Sm-Log-Id
X-SERVER-NAME
X-PAYTM-SRV-ID
X-RateLimit-Limit-Second
X-CF-Lambda-Version
Server-Id
X-CF-Lambda-Fn
XServer
X-Cache-Type
X-Udemy-Cache-App-Namespace
ENV
X-Lb-Id
X-Srcache-Store-Status
Tracecode
X-ServedByHost
True-Client-Country-4JS
V-Age
X-Clientip
Proxy-Connection
X-Srcache-Fetch-Status
Ohc-File-Size
Tcn
X-Wikidot-Static-Cache
XM
RNT-Time
RNT-Machine
N-Cache
HIT
X-CDN-Cache-Status
X-Wikidot-Backend
X-VG-WebCache
Geoip-Latitude
X-LiteSpeed-Cache-Control
X-TraceId
X-HostName
Yjs-Id
X-TT-LOGID
X-Forwarded-Path
X-Shop-Environment
X-Hyper-Cache
X-Ha-Backend
X-Tenant
WZWS-RAY
X-Lb-Nocache
Ngx
X-Orig-Expires
X-Bl-Debug
Epwk-X-Cache
X-B3-Parentspanid
X-Cdn-Forward
Cdn-Requestid
X-MiniProfiler-Ids
Content-Script-Type
User-Agent
X-B3-ParentSpanId
Inserted-Into-Cache-At
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Vgn-Hpd-Reason
Content-Style-Type
X-Cdn-Diag
X-Via-PopV
X-Swift-Error
X-Serial
Ec-Rule-Version
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
X-MP-GENERATED-AT
X-Via-PopH
X-Via-PopN
X-B3-Trace-ID
X-Wp-Cf-Super-Cache
X-F-Status
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-Qnm-Cache
X-Policy
ServerName
Lb
Hit
X-Amz-Meta-Opti
X-App-Name
X-M-Log
X-M-Reqid
X-Th-Server
MIME-Version
My-App
X-Connection-Hash
Expiry
Cneonction
X-IPS-Cached-Response
Warning
X-Cache-Ngx
X-UP
X-Mid-Debug-Cache-Key
X-Mid-Debug-Cache-Disk
X-Snapshot-Date
Pramga
X-Request-URL
X-LiteSpeed-Tag
Req-ID
X-Stale