Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-Request-Id
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Status
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
X-Hacker
Host-Header
X-Ua-Compatible
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Dispatcher
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Cf-Apo-Via
X-Page-Speed
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Host
X-Server-Id
X-Pingback
X-Node
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
X-Dns-Prefetch-Control
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Cache-Lookup
X-Readtime
X-Ruxit-JS-Agent
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-Application-Context
X-Trace
X-Response-Time
X-CST
Permissions-Policy
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
Accept-CH-Lifetime
X-Edge
X-Country
Content-Location
X-Content-Type
X-WebKit-CSP-Report-Only
X-Mcache
X-ECACHE
Rating
X-Url
X-Clacks-Overhead
X-MS-InvokeApp
X-TtlSet
X-PC
X-Vname
X-Amz-Server-Side-Encryption
X-Midtier
X-VARITI-CCR
RTSS
Cache-Tag
X-Vcap-Request-Id
X-Element-Page-Cache
X-Ac
Verso
Origin-Trial
X-B3-TraceId
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-D2id
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Server-Name
X-Rack-Cache
X-Varnish-TTL
X-Cnection
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-ESI
Xkey
X-Abt-Application-Version
X-Fastcgi-Cache
X-Navigation-Version
Edge-Control
X-NWS-LOG-UUID
X-SharePointHealthScore
SPRequestGuid
X-GitHub-Request-Id
X-Amz-Rid
X-Cached
X-Client-IP
X-Px
X-Ttl
X-Mg-S
X-Erf-Bev-Bev
X-Browser-Type
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Arr-Disable-Session-Affinity
X-Upstream
SPIisLatency
SPRequestDuration
X-Correlation-Id
X-Cache-Key
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Litespeed-Cache
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-RateLimit-Remaining
X-Goog-Hash
Edge-Cache-Tag
X-XRDS-Location
X-Daa-Tunnel
Front-End-Https
X-NF-Request-ID
X-Country-Code
Public-Key-Pins
X-Version
X-Forwarded-For
AR-SID
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Powered-CMS
AR-Request-ID
X-HP-Webp
X-Jurisdiction
TCN
X-HP-Trace-Id
X-MSEdge-Ref
X-T
X-Recruiting
X-Content-Digest
X-Id
X-Accel-Expires
X-Middleton-Response
Response
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Ser
X-Shield-Request-Id
TP-L2-Cache
TP-Cache
Nginx-Cache
S
X-Hits
X-Amzn-Trace-Id
X-Kinsta-Cache
X-Edge-Location-Klb
Cache-Status
X-Request-Processing-Time
X-Request-Received
Server-Node
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-Distributor
X-TEC-API-ORIGIN
X-Fastly-Request-ID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Grace
Alternate-Protocol
Cache-Tags
MicrosoftSharePointTeamServices
Fastcgi-Cache
Server-Name
X-Protected-By
X-DataDome
X-TTL
X-DIS-Request-ID
X-Ezoic-Cdn
X-Geo-Country
X-Ruxit-Js-Agent
X-Origin-Server
X-LB-Cache
X-Frontend
X-Request-Handler-Origin-Region
X-Microsite
X-Ua-Browser
X-Debug-Info
X-Ratelimit-Limit
X-Rid
Cross-Origin-Opener-Policy
Healthy
X-NGENIX-Cache
X-Www-Served-By
X-Varnish-Backend
X-Forwarded-Proto
X-Git-Hash
Filterid
Payment
X-FB-Debug
X-Logged-In
Cleartype
X-Page-Id
X-Ratelimit-Reset
X-Load-Cache
Charset
X-B3-Sampled
X-VCache
Content-Disposition
X-Webkit-Csp
X-PressLabs-Stats
X-ASPNET-VERSION
X-Origin-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-LLID
X-Cluster-Name
MS-Author-Via
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
DC
X-Hostname
X-GUploader-UploadID
X-Goog-Metageneration
X-Ratelimit-Remaining
X-Upgrade-Enabled
X-RateLimit-Limit
Accept-Charset
Access-Control-Allow-Method
Retry-After
Cross-Origin-Resource-Policy
X-Proxy
X-Az
X-Activity-Id
X-F-Cache
X-AppVersion
X-Contextid
X-Seen-By
Accept-Ch
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-B-Cache
X-Amz-Replication-Status
X-Type
X-Signature
X-Hosted-By
X-Revision
X-Flags
X-Aspnet-Duration-Ms
X-TT
X-Wix-Request-Id
X-Varnish-Server
X-B
X-Azure-Ref
X-Amz-Meta-S3cmd-Attrs
Referer-Policy
X-Whom
Surrogate-Key
Paypal-Debug-Id
Viewport
X-App-Environment
Amp-Access-Control-Allow-Source-Origin
X-DynaTrace
X-Source
X-Aspnetmvc-Version
Count-Hit
X-Fb-Rlafr
X-Tt-Trace-Tag
Realpath
X-Tt-Trace-Host
X-Akamai-Edgescape
X-Mobile
X-App-Server
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-B3-Traceid
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Host
X-FastCGI-Cache
X-Cache-Control
X-EdgeConnect-Cache-Status
X-Cache-Age
X-HTML-Minification-Powered-By
Version
X-N
X-Response-Served-From
Refresh
X-Original-Request-Id
X-Nginx-Cache
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Rule
X-Varnish-Grace
X-Oneagent-Js-Injection
VIX-Pulpo-Node
X-Envoy-Decorator-Operation
X-Varnish-Age
VIX-Pulpo-Upstream-Status
SD-X-WS
Access-Control-Request-Headers
Section-Io-Cache
X-Magnolia-Registration
X-RTag
MS-CV
X-Newrelic-App-Data
X-Cache-Time
X-UUID
Ms-Operation-Id
X-Cache-Expired-At
X-Environment-Context
X-Adobe-Content
X-L-Path
X-Page-View
X-Cache-Status-Check
X-Adobe-Loc
NGB
X-Device-Type
X-Cacheable-TTL
X-Status
X-Cache-Grace
X-Content-Powered-By
X-Is-Bot
Protected
X-ProcessESI
X-Servername
X-Rendered-As
X-RemovedCookies
X-G
X-Jobs
GEO-INFO
X-Framework
X-Rule
X-FW-Dynamic
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-FW-Version
X-Http-Reason
Url
Akamai-GRN
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Backend-Name
X-Instance
X-User-Agent
X-Debug-IsConnected
X-Debug-IsPreview
X-CDN-Forward
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tb
X-Cache-Hit
X-Drupal-Cache-Contexts
CDN-RequestId
X-Drupal-Cache-Tags
From-Origin
SRV
X-Pinterest-Rid
Pinterest-Version
X-Tt-Logid
Pinterest-Generated-By
WPO-Cache-Message
WPO-Cache-Status
Country
X-Region
X-Node-Name
Accept-Language
X-Trace-Id
Front
X-URL
X-Real-IP
X-VC-Cache
Fastly-Drupal-HTML
X-Time
Backend
X-Fastly-Request-Id
Uber-Trace-Id
X-Mode
X-Template
X-Content-Options
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Language
X-UPSTREAM-Address
X-RN-RSRV
X-Rewrite-Enabled
Fastly-SWR
Fastly-SIE
X-Generation-Time
Filters
X-Cache-Operation
Meta-Geo
X-Tumblr-Pixel-2
Content-Secure-Policy
X-DynaTrace-JS-Agent
Webserver
X-Web-Node
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
X-Cache-TTL-Remaining
X-SayCDN-TTL
X-Format
X-Rocket-Nginx-Serving-Static
X-Sql-Count
Apigw-Requestid
Cross-Origin-Window-Policy
X-Adobe-Source
X-Cache-Action
X-Sql-Duration-Ms
X-Proxy-Cache-Status
X-Say-TTL
X-Say-Cacheable
X-IPS-LoggedIn
X-Proxy-Cache-Info
X-Section
X-Cache-Server
Azure-SlotName
CF-IPCountry
X-Access
Azure-SiteName
X-WP-CF-Super-Cache-Cache-Control
Azure-InstanceId
Azure-RegionName
X-WP-CF-Super-Cache
X-Cms-Context
Azure-Version
X-PHP-Backend
X-ProxyCache-Status
X-ProxyCache-Key
X-PHP-Host
Cache-Name
X-Ms-Version
X-Labrador-Cache-Channel
X-AWS-Id
X-Edge-Location
X-BYPASS-REASON
X-Content-Age
X-Cluster
X-VWS-Id
X-Forwarded-Host
X-Via-Fastly
Node
X-LJ-Flow-ID
X-Varnish-Beresp-Grace
X-GeoCountry
X-GeoCode
X-Ms-Request-Id
X-Zen-Fury
X-Soup
X-UA-Device-Type
X-Skip-Cache
X-Sucuri-Cache
X-Sucuri-ID
X-Reqid
X-Debug
X-Cache-Host
X-Unique-Id
X-JoinUs
TWC-Locale-Group
X-Site-Version
X-R9-Blue-Green-Version
X-Xfnlog-Site
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Detected-As
X-IPLB-Request-ID
X-Extlb
X-Zipkin-Id
X-Proxied
X-Urbn-Site-Id
X-Locale
X-Urbn-Context-Path
Web-Mar-Node
S-Rt
X-Server-W
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
X-No-Session
Onion-Location
Webcakes-App-Name
X-Proto
X-Amzn-Remapped-Content-Length
X-Routing-Service
X-IPLB-Instance
X-SaId
TWC-Privacy
X-LAGOON
Locale
X-Cluster-Node
X-LSADC-Cache
Mime-Version
Selected-Fe
X-Handled-By
X-Proxy-Build
X-Timing-Wait
Mn-Server-Ip
WP-Super-Cache
Fastcgi-Useragent
X-SRV
DB-Nickname
ServerID
Cache-Hits
X-Request-Time
Xserver
X-FB-TRIP-ID
X-Hl-Ver
Liferay-Portal
X-Redis-Cache
X-Cache-Debug
X-Ua
X-Tumblr-Pixel-3
ServedBy
X-TIME
X-TNCMS
Upgrade-Insecure-Requests
X-Optimistic-Header
X-XRDS-LOCATION
X-NWS-UUID-VERIFY
X-Loop
Source
Countrycode
X-Generated-By
X-GEO
X-Origin-Date
X-Mg-Request-UUID
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Varnish-Hits
X-Tid
CF-Cached-On
X-Storage
X-Tec-Api-Origin
X-Times
X-Uri
X-Tec-Api-Root
X-Tec-Api-Version
X-Varnish-Beresp-Ttl
X-Server-ID
X-Director
X-Akamai-Transformed
X-CACHE-AGE
X-Cdn
Xet-Cookie
X-COUNTRY
X-Tx-Id
X-TA-CDN-Provider
X-Webkit-CSP-Report-Only
X-Trace-ID
X-Pass-Why
Frame-Options
X-Origin-CC
X-Presslabs-Stats
X-Origin-TTL
X-Newrelic-Synthetics
X-ARC
X-DC
X-Varnish-Ttl
X-Service
X-B3-Spanid
X-FireWall-Port
X-ECache
X-AIR-PT
X-Esi
X-App-Version
X-Varnish-Hostname
X-Varnish-Cache-Hits
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
Environment
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Alternate-Cache-Key
X-ShardId
X-Datadog-Parent-Id
X-ShopId
X-Datadog-Sampled
X-Storefront-Renderer-Rendered
SID
Server-Info
MD5-Digest
Meta-Geo-Continent
Lang
X-Origin-Time
X-Platform-Cluster
Gannett-Cam-Experience-Id
Ngx.Var.Host
Odigeo-Trace-Id
Release
Rendered-Blocks
Redirect-Candidate
X-Nyt-Route
Origin
X-Platform-Processor
X-Platform-Router
X-S
X-Rojux
X-S-Cookie
X-S-Maxage
X-ScT
A
BehaviorPad-Version
DCR-Processing-Time-Ms
Req-Svc-Chain
DCR-Decision-By
X-Processor
Candidate-Md5Url
X-Ec-GeoHdr
X-Mobile-URL
X-Cache-Info
X-Cache-NE
X-BCube-Filmed-By
X-Bc-Bl
X-B-Cookie
X-BBC-Edge-Cache-Status
X-Gdpr
X-External-Request-Id
X-Epic-Correlation-Id
X-Ec-Fail
X-Developer
X-Destination
X-D
X-Application
X-Aed
X-Mid
X-Loc
T-Server
Surrogated-Key
Sslversion
WWW-Authenticate
X-A
X-A-Dgt
X-A-Wwc
X-A-Dcw
X-A-Dam
X-A-Ccd
X-Request-Host
Edge-Cache
X-TIM-N
X-Vdms-Path
X-SRCache-Key
X-Vdms-Version
Xc-Version
X-Endurance-Cache-Level
X-VG-TLSProxy
X-ServerID
Fastly-GeoIP-CountryCode
X-Akamai-Device-Characteristics
Cache-Tv-Group
X-Origin-Response-Time
X-WP-CF-Super-Cache-Active
X-GeoIP-City
Decoy-Debug-Status
X-Cache-Bucket
Cluster
Click-Count-Error
Click-Count-Action-Start
Country-Code
X-SVT-ORM-VERSION
Decoy-Debug-TTL
Magicmarker
Decoy-Debug-Key
DSUID
X-Varnish-CookieHashed-On
Tube-Return
X-INCAP-ABP
Vix-Hermes-Req-Id
X-NodeID
Tube-Got-Results
Tube-Got-Eval
X-Frame-Option
State
Tube-Get-Contents
X-Human
X-Httpd
X-WA-Info
X-Old-Content-Length
X-WADP-Cache
Thinkindot-Control
X-CMSURLCustom
X-Varnish-CookieINHashed-On
X-VServer
X-Core-Value
X-Varnish-Remaining-TTL
Memcached
X-Platform-Server
X-Rocket-Build-Number
X-Sn-Servicetimems
TDXMobile
X-Served-From
X-Ec-Custom-Error
X-We-Are-Hiring
Host-ID
X-Pubstack
X-Core-Mission
X-SD-PageType
X-Thinkindot-L3
X-DefElseHash
X-DefHash
Thinkindot-CacheControl
X-SB
Thinkindot-CacheControl-Type
X-CUA
X-Req
X-Clara-WADP
X-Cdn-Origin
Apple-News-Services-Request-Url
X-Gamma-Serve
C-Via
Cache-Host
X-SVT-ORM-RULES
Apple-News-Services-Parsed-Url
X-Sigma
X-Fmm-Version
Apple-News-Services-Handled
Apple-News-Services-Host
X-Sigma-Backend
Section-Io-Id
X-Parent-Response-Time
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Minions-Version
X-Esi-Check
X-Vmg-Version
X-DPWN-IS-SECURE
User-Cache-Control
X-LB-NoCache
We-Hiring
X-Dispatcher-Number
X-Developers
X-Hnp-Log
X-Accel-Expires-Debug
X-Auto-Login
X-Fetched-On
X-CSRF-Token
X-GeoIP
X-Bip
Svr
X-Cache-Id
X-Cache-FS-Status
X-Gen-Mode
X-Block-Status
X-Cdn-Srv
X-App
X-Fastly-Backend
Fastly-Backend-Name
X-Accel-Buffering
X-Wix-Viewer-Type
X-Ad-Defer-Variation
X-Hash
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Gzip
X-Date
Origin-EX
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Var-Ttl
X-Level-Front-Cache
X-Geo-Header
X-Planisys-CDN-Cache
X-Generated-On
Kp-EeAlive
X-Request-Start
X-Variation
Is-Eu
X-Scale
X-Up
X-JWT-State
CloudFront-Viewer-Country
X-Test
X-Restarts
CDCHOST
Cmsid
Cmstype
Server-Host
Cache-Provider
X-Thanos
X-Pool
L
X-Origin
Adler-Geo
X-Worker
X-Buckets
Producers
Server-Ext
Server-Hostname
Ssr
X-Has-Esi
Sever-Int
X-HS-Content-Campaign-Id
X-Location
X-Node-Id
X-Is-Gdpr
Cache-Key
X-Varnish-Beresp-Status
Mail-Subject
NM-Fastcgi-Cache
Origin-CC
X-Slack-Backend
Platform
Pics-Label
Cdn
X-RM-Cache-TTL
X-FC-Vary-Parameters
Gh-Request-Id
X-Slack-Shared-Secret-Outcome
X-Server-IP
AKAMAI
X-Conf
X-Nananana
X-Cache-Backend
X-Varnishpool
X-VarnishDD-TTL
X-Op-Id-All
X-Irp-Debug
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-NCache
X-HN
X-Owner
X-Qloud-Router
X-Refresh
X-Forwarded-Site
CacheControlHeader
Web-Mar-Region
X-Platform
X-V-Cache
X-Region-Sid
X-Ckpd-Fst-Backend
Wxu-Next-Region
X-Aicache-OS
X-Azure-Ref-OriginShield
Wxu-Next-Commit
X-Dispatcher-Server
Machine
PFcat
Fastly-SSL
Datacenter
Wxu-Next-Hostname
X-CacheTTL
X-Cache-Tags
X-Device-Os
HostName
L5d-Success-Class
HA-Ipaddr
X-CGP
X-Cache-Remote
X-Cached-By
X-Tb-Optimization-Total-Bytes-Saved
NGX
X-Men
X-Org
Ha-Gx-Prefs
X-Csrf-Jwt
Canary
X-Via-Popn
X-Via-Popv
On-Server
X-Via-Poph
X-Eu-Site
X-HA-Backend
GeoIP-Latitude
X-VC
X-Mvc-Supplant-OutputCached
Cdncip
Env
X-AK-Request-ID
X-Servedbyhost
Cdnsip
X-Client-Ip
Server-ID
X-Cache-Date
X-RCS-CacheZone
X-Microcachable
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-LB-ID
X-API-Version
X-Mly-Id
Cache
X-Wa
X-ZONE
X-APP-VERSION
X-Fpc
X-Zone
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-DataCenter
X-Generated-In
Time
X-Vgn-Hpd-Cached
Memory
Request-ID
X-Webkit-CSP
Eomportal-Instance
X-Via-NSCOPI
OT-Force-Account-Verify
Load-Balancing
X-Nc
X-Micro-Cache
X-Fastly-Cache
Ngx-Var-Key
X-ND-Cache
X-Instance-Name
X-Origin-Expires
X-HS-Status
X-VCL-Version
X-Correlation-ID
X-SIPLIST1
X-Release
X-Response-By
X-Vc
X-Request-URI
IsBot
X-Check-Cacheable
X-Via-JSL
Srv
X-Nf-Request-Id
X-Info
X-Cache-NGX
Srvid
X-FL-EDGE
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-FL-QIT-DEBUG
Expect-Staple
X-From
Locid
NtCoent-Length
X-Cache-Enabled
AMP-Access-Control-Allow-Source-Origin
True-Client-Ip
X-Via-CDN
X-NewRelic-App-Data
X-Srv
Hostname
X-CS
Edge-Copy-Time
X-MCACHE
X-Edge-Pop
X-Via-SSL
X-Api-Version
X-Via-Edge
X-CSRF-TOKEN
GeoIp-Country-Code
X-Provided-By
XkeyRZ
X-Proxy-CacheRZ
X-Lambda-Id
GeoIP-Country-Code
Path
Location
X-Debug-Cache-Store
Uri
X-NGINX-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Fetch
X-Cache-Expires
X-EC-Lua
X-Dc
True-Client-IP
X-Edge-POP
X-RateLimit-Reset
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Resin-Trace
Sid
X-Oss-Server-Time
X-Cs
X-Render-Time
Cross-Origin-Opener-Policy-Report-Only
Servername
VNS-Cache
CPC-Age
CPC-Cache
VNS-Age
X-Fastly-Country-Code
X-Vtex-Remote-Cache
X-Vcl-Version
X-B3-SpanId
X-NODE
Traceparent
X-Moov-Xdn-Version
X-Air-Pt
X-Moov-T
Fastly-Drupal-Html
X-CLOUD-TRACE-CONTEXT
X-TH-Server
X-Viewer-Country
X-Scheme
CDN
X-VCT
LB
X-Cdn-Request-ID
X-ATG-Version
X-PERF
X-ApacheServer
Rip
X-TX-ID
FSS-Cache
X-Pod-Name
X-NAPM-TraceId
X-MSEdge-Flight
X-MSEdge-Features
Powered-By
Esi-Enabled
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Timeexpire
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
X-FPC
X-Accel-Version
X-Cdn-Cache-Status
M-TraceId
CountryCode
X-Datadome
X-Datacenter
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Upstream-Ct
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-WA
X-SERVER-NAME
True-Client-Country-4JS
X-Service-Response-Time
X-Github-Request-Id
Tracecode
X-Clientip
V-Age
X-Upstream-Ht
Sm-Log-Id
X-PAYTM-SRV-ID
X-Cache-Type
YJS-ID
X-Geo
XServer
X-NC
X-LiteSpeed-Cache-Control
X-Udemy-Cache-App-Namespace
X-Lb-Id
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Proxy-Connection
X-CACHE-KEY
X-VG-WebCache
XM
Ohc-File-Size
Server-Id
HIT
X-ID
ENV
X-B3-Parentspanid
N-Cache
X-Wikidot-Backend
RNT-Time
X-ServedByHost
Ngx
X-Wikidot-Static-Cache
RNT-Machine
X-TraceId
X-Cdn-Forward
X-Bl-Debug
X-Orig-Expires
X-Forwarded-Path
X-Hyper-Cache
X-Rebelmouse-Surrogate-Control
Geoip-Latitude
Epwk-X-Cache
X-Ha-Backend
X-CDN-Cache-Status
X-Rebelmouse-Cache-Control
WZWS-RAY
X-Tenant
X-Shop-Environment
Yjs-Id
Content-Style-Type
X-Dw-Trace-Id
Content-Script-Type
X-Via-PopN
X-Cdn-Diag
X-Vgn-Hpd-Reason
X-Connection-Hash
User-Agent
Inserted-Into-Cache-At
X-MiniProfiler-Ids
X-B3-ParentSpanId
Expiry
X-Via-PopV
X-Via-PopH
X-Swift-Error
X-Serial
Ec-Rule-Version
X-Lb-Nocache
X-B3-Trace-ID
Pramga
X-Fastly-Backend-Reqs
X-MP-GENERATED-AT
Req-ID
Serverid
X-TT-LOGID
X-F-Status
X-Lsadc-Cache
X-UA
X-Qnm-Cache
X-M-Reqid
X-App-Name
Lb
X-Amz-Meta-Opti
X-M-Log
X-Cache-Ngx
X-Mid-Debug-Cache-Key
X-Request-URL
X-UP
X-Mid-Debug-Cache-Disk
X-Stale
X-Yottaa-OS
X-Webstats-RespID
X-IPS-Cached-Response
X-Akamai-ERPolicy
My-App
X-LiteSpeed-Tag
X-Th-Server
MIME-Version
Cneonction
Warning
X-Akamai-ERRuleID
X-Snapshot-Date