Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
CF-Ray
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-DNS-Prefetch-Control
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
X-Dns-Prefetch-Control
Server-Timing
Upgrade
X-XSS-PROTECTION
X-CDN
Status
X-Request-ID
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Request-Context
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Cache-Group
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-Proxy-Cache
X-UA-Device
X-Server
X-Vhost
X-Rq
X-Server-Powered-By
Allow
X-Age
X-Ws-Request-Id
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
EagleId
P3p
Nel
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
Cf-Railgun
X-Device
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-OneAgent-JS-Injection
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Host
X-Node
Accept-CH
X-Backend-Server
X-CST
Surrogate-Control
X-Cache-Lookup
X-WebKit-CSP
X-Server-Id
Accept-CH-Lifetime
X-Nginx-Cache-Status
X-Readtime
Permissions-Policy
X-Akam-SW-Version
X-Nginx-Upstream-Cache-Status
Request-Id
X-Application-Context
X-Content-Security-Policy-Report-Only
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
X-Ua-Compatible
X-Trace
X-Response-Time
X-HW
X-Edge
Content-Location
X-Clacks-Overhead
Xkey
X-Mod-Pagespeed
Rating
X-Midtier
X-ESI
X-Url
X-Amz-Server-Side-Encryption
X-ECACHE
X-Ruxit-Js-Agent
X-Ruxit-JS-Agent
X-Mcache
X-Aspnetmvc-Version
X-Country
X-Upstream
X-Vcap-Request-Id
Cache-Tag
X-MS-InvokeApp
X-D2id
X-Rack-Cache
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
Verso
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Element-Page-Cache
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Litespeed-Cache
X-Powered-By-Plesk
Accept-Ch
Edge-Control
X-PC
X-Vname
X-TtlSet
RTSS
Fastly-Restarts
X-Cache-TTL
Accept-Ch-Lifetime
X-Ac
X-Webkit-CSP
X-VARITI-CCR
Origin-Trial
X-Navigation-Version
Service-Worker-Allowed
X-Country-Code
X-Oneagent-Js-Injection
X-Abt-Application-Version
X-Goog-Hash
X-WebKit-CSP-Report-Only
X-Cached
X-Varnish-TTL
X-Browser-Type
X-Amz-Rid
X-Middleton-Display
X-GitHub-Request-Id
Pagespeed
X-Sol
Display
Cross-Origin-Opener-Policy
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Server-Name
X-B3-TraceId
X-Ttl
X-Mg-S
X-Amzn-Trace-Id
X-Content-Type
X-Powered-CMS
Arr-Disable-Session-Affinity
X-Kinja-CCPA
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
AR-Request-ID
AR-SID
X-Middleton-Response
Response
AR-PoweredBy
AR-ATIME
SPIisLatency
SPRequestDuration
X-Server-ID
X-Cache-Key
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-NWS-LOG-UUID
X-Times
X-Version
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
AR-CACHE
X-NF-Request-ID
X-FastCGI-Cache
X-Accel-Expires
X-T
Cache-Tags
X-Cnection
X-Fastly-Request-ID
Cache-Status
Nginx-Cache
Front-End-Https
Edge-Cache-Tag
X-MSEdge-Ref
X-Ser
X-Hits
X-Client-IP
X-Px
Public-Key-Pins
X-B3-Traceid
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Recruiting
Payment
X-LLID
X-Frontend
X-Request-Received
X-RateLimit-Remaining
X-Request-Processing-Time
Server-Node
X-Ua-Browser
X-Shield-Request-Id
S
X-DIS-Request-ID
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-GUploader-UploadID
X-Goog-Metageneration
TP-Cache
X-RateLimit-Limit
MicrosoftSharePointTeamServices
Content-MD5
Access-Control-Request-Method
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Fastcgi-Cache
X-HS-Combine-CSS
X-HS-Content-Id
X-Content-Digest
X-HS-Hub-Id
X-HS-Cache-Config
X-Ratelimit-Remaining
X-Request-Handler-Origin-Region
X-Protected-By
X-Distributor
X-Microsite
X-LB-Cache
Realpath
X-TTL
Fastcgi-Cache
X-Page-Id
Access-Control-Allow-Method
X-FB-Debug
TP-L2-Cache
Accept-Charset
X-Forwarded-For
X-Cluster-Name
X-Geo-Country
X-Rid
X-PressLabs-Stats
X-Ezoic-Cdn
X-Hostname
X-B3-Sampled
X-Webkit-Csp
X-Seen-By
X-Daa-Tunnel
X-Ratelimit-Limit
X-Aspnet-Version
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Ua-Device
Cleartype
Referer-Policy
Cross-Origin-Resource-Policy
X-Newrelic-App-Data
TCN
X-Mobile
DC
X-Envoy-Decorator-Operation
X-Webkit-CSP-Report-Only
Count-Hit
X-Content-Options
X-Correlation-Id
X-Varnish-Backend
X-Origin-Cache
X-Debug-Info
X-Logged-In
X-App-Server
X-Contextid
X-Varnish-Grace
X-Hosted-By
X-Fb-Rlafr
X-Flags
Surrogate-Key
X-Aspnet-Duration-Ms
X-Amz-Replication-Status
X-App-Environment
X-Grace
X-Git-Hash
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-IPS-LoggedIn
X-Revision
X-TT
X-Azure-Ref
Frame-Options
X-Amz-Meta-S3cmd-Attrs
X-Edge-Location-Klb
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Kinsta-Cache
X-Origin-Server
X-Forwarded-Proto
X-Client-Ip
Retry-After
X-F-Cache
WPO-Cache-Message
WPO-Cache-Status
X-Wix-Request-Id
Alternate-Protocol
X-Whom
Healthy
Charset
X-Magnolia-Registration
X-Akamai-Edgescape
Section-Io-Cache
X-XRDS-Location
X-Backend-Name
Viewport
MS-Author-Via
X-Id
X-RateLimit-Reset
X-Proxy-Cache-Info
X-App-Version
Paypal-Debug-Id
X-B
X-COUNTRY
SRV
Amp-Access-Control-Allow-Source-Origin
X-Activity-Id
X-Az
X-AppVersion
ServerID
X-N
X-Language
X-DataDome
X-Www-Served-By
X-Xrds-Location
VIX-Pulpo-Node
X-ARC
SD-X-WS
X-Original-Request-Id
Host
X-Response-Served-From
X-Cache-Rule
VIX-Pulpo-Upstream-Status
X-Http-Reason
X-Instance
Akamai-GRN
X-Cache-Grace
X-Akamai-Request-ID2
X-Edge-Location
X-Varnish-Age
X-Rocket-Nginx-Serving-Static
X-UUID
Protected
Filterid
X-Varnish-Server
Front
X-Status
X-User-Agent
X-Rule
X-Environment-Context
X-FW-Server
X-Kong-Upstream-Latency
X-FW-Serve
X-Cacheable-TTL
X-Framework
X-FW-Dynamic
X-FW-Hash
X-Kong-Proxy-Latency
X-L-Path
X-Region
X-Page-View
X-Rendered-As
X-Unique-Id
Country
X-FW-Static
X-Jobs
From-Origin
Fastly-SWR
X-Is-Bot
X-FW-Type
Fastly-SIE
X-FW-Version
X-Cache-Time
X-Load-Cache
X-Time
X-Adobe-Loc
Server-Name
X-Adobe-Content
X-Datadog-Trace-Id
X-Trace-Id
X-Type
Access-Control-Request-Headers
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Tumblr-User
X-EdgeConnect-Cache-Status
X-ProcessESI
X-G
X-RemovedCookies
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Cache-Control
X-Proxy
X-Cache-Age
X-Vcache
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Datadog-Sampled
Refresh
X-Mg-Request-UUID
X-Amzn-Remapped-Content-Length
X-CDN-Forward
X-Debug-IsConnected
X-Debug-IsPreview
Content-Disposition
X-Signature
X-B-Cache
X-ECache
X-WP-CF-Super-Cache
X-Drupal-Cache-Tags
X-WP-CF-Super-Cache-Cache-Control
X-Source
Backend
X-Nf-Request-Id
X-Tec-Api-Origin
X-Tec-Api-Root
Countrycode
X-Tec-Api-Version
Accept-Language
X-DynaTrace
X-Generated-By
Version
Xet-Cookie
Webserver
X-HTML-Minification-Powered-By
X-Erf-Web-Scheduler
CF-IPCountry
X-Nginx-Cache
X-Servername
X-DynaTrace-JS-Agent
X-Httpd
Url
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Mode
Xserver
GEO-INFO
X-Upgrade-Enabled
X-Device-Type
X-NYM-Debug-Backend
X-Template
X-Storage
X-Oracle-Dms-Ecid
X-Content-Age
X-Content-Powered-By
Onion-Location
X-Rewrite-Enabled
Azure-InstanceId
X-Director
Azure-RegionName
X-Varnish-Cache-Hits
X-Tb
X-GeoCode
X-SaId
Azure-SiteName
Load-Balancing
Locale
X-SayCDN-TTL
X-Say-TTL
X-ServerID
X-GeoCountry
X-LAGOON
X-Cache-Action
X-Cache-Operation
Filters
S-Rt
Meta-Geo
X-Urbn-Context-Path
X-Proto
X-Oracle-Dms-Rid
X-Urbn-Site-Id
X-Say-Cacheable
X-UPSTREAM-Address
X-JoinUs
Azure-Version
Azure-SlotName
X-Cluster-Node
Uber-Trace-Id
X-Container-Uri
X-Labrador-Cache-Channel
X-VC-Cache
X-RM-Cache-TTL
X-Varnish-Hostname
X-ID
X-Soup
Fastcgi-Useragent
OT-Force-Account-Verify
X-PHP-Host
X-Tt-Logid
X-Forwarded-Host
X-Git-Commit
X-Sql-Count
X-VCT
X-Sql-Duration-Ms
X-Generation-Time
X-Ms-Request-Id
X-Ms-Version
Web-Mar-Node
X-Cache-Server
X-Served-From
X-Adobe-Source
X-LSADC-Cache
X-Detected-As
X-Routing-Service
Mn-Server-Ip
Node
X-Zen-Fury
X-Skip-Cache
X-FB-TRIP-ID
X-Debug
X-Extlb
TWC-Connection-Speed
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-Logging-Id
Webcakes-Region
X-Origin-Hint
TWC-GeoIP-Country
X-Zipkin-Id
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-Lambda-Id
X-Proxied
TWC-Device-Class
Property-Id
TWC-GeoIP-LatLong
X-XRDS-LOCATION
DB-Nickname
X-URL
X-Sucuri-ID
X-Sucuri-Cache
X-Proxy-Build
X-B3-SpanId
X-Timing-Wait
X-Tumblr-Pixel-3
X-Format
X-MCACHE
X-Fetched-On
X-Tumblr-Pixel-2
X-Uri
Selected-Fe
X-Loop
X-Tncms
X-Drupal-Cache-Contexts
X-Rn-Rsrv
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Cache-Hit
X-Hcs-Proxy-Type
Source
X-Srv
X-Endurance-Cache-Level
Liferay-Portal
Cross-Origin-Window-Policy
X-Ua
X-Redis-Cache
X-Ratelimit-Reset
CDN-RequestId
X-MP-GENERATED-AT
X-Fastly-Request-Id
X-Origin-Date
Fastly-Drupal-HTML
X-Varnish-Ttl
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Varnish-Hits
Section-Origin-Responded
Section-Io-Origin-Status
X-TimeS
X-Cache-Expired-At
X-S
Upgrade-Insecure-Requests
X-Pass-Why
X-Real-IP
X-Origin-TTL
X-Origin-CC
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-Newrelic-Synthetics
Content-Secure-Policy
X-Node-Name
X-Pubstack
X-GEO
X-CACHE-AGE
X-NGENIX-Cache
X-Via-JSL
X-Server-W
X-Correlation-ID
X-Hl-Ver
NGB
MS-CV
Ms-Operation-Id
CDN-RequestPullCode
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestPullSuccess
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-Uid
X-RTag
X-CSRF-Token
X-Handled-By
X-Cache-Type
X-Xfnlog-Site
Apigw-Requestid
X-Restarts
X-Cms-Context
X-Optimistic-Header
X-Reqid
X-IPLB-Request-ID
X-IPLB-Instance
WP-Super-Cache
ServedBy
We-Hiring
Canary
BehaviorPad-Version
W
Candidate-Md5Url
VNS-Age
VNS-Cache
CPC-Age
Origin-Agent-Cluster
Odigeo-Trace-Id
Web-Mar-Region
X-ProxyCache-Status
MD5-Digest
Mail-Subject
Magicmarker
Ngx.Var.Host
Lang
N-Cache
Vix-Hermes-Req-Id
CPC-Cache
Surrogated-Key
T-Server
True-Client-Country-4JS
Sslversion
Server-Host
Rendered-Blocks
Redirect-Candidate
L
HA-Ipaddr
Ha-Gx-Prefs
Fastly-Backend-Name
DCR-Processing-Time-Ms
DCR-Decision-By
Fastly-GeoIP-CountryCode
Fastly-SSL
Gh-Request-Id
Gannett-Cam-Experience-Id
Meta-Geo-Continent
L5d-Success-Class
X-Bc-Bl
X-Fastly-Backend
X-External-Request-Id
X-Vdms-Path
X-FC-Vary-Parameters
X-Forwarded-Path
X-Var-Ttl
X-Gdpr
X-Eu-Site
X-Epic-Correlation-Id
X-Developer
X-Destination
X-Dispatcher-Number
X-Ec-Custom-Error
X-Ec-GeoHdr
X-Ec-Fail
X-Nyt-Route
X-Vtex-Remote-Cache
X-Shop-Environment
X-SD-PageType
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Tenant
X-SRCache-Key
X-ScT
X-S-Cookie
X-Origin-Time
X-Orig-Expires
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rojux
X-Request-Host
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Vdms-Version
X-App
Xc-Version
X-Worker
X-Wikidot-Static-Cache
X-B-Cookie
X-Aed
X-Accel-Expires-Debug
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Viewer-Country
X-BCube-Filmed-By
X-Bl-Debug
X-CGP
X-We-Are-Hiring
X-Conf
X-Csrf-Jwt
X-Date
X-D
X-Wikidot-Backend
X-CF-Lambda-Version
X-ProxyCache-Key
X-Cache-Host
X-Cache-NE
X-CacheTTL
X-CF-Lambda-Fn
X-Cdn-Diag
X-A
X-Application
X-BYPASS-REASON
Cache-Provider
X-Presslabs-Stats
X-AIR-PT
X-No-Session
X-Parent-Response-Time
X-Vcl-Version
Cache-Name
X-DPWN-IS-SECURE
Origin
X-ShardId
X-ShopId
Platform
Release
X-Thanos
Producers
X-Server-IP
X-Shopify-Stage
X-Vmg-Version
X-Request-Time
Memcached
X-Bip
Machine
X-Refresh
X-App-Name
X-Varnish-CookieHashed-On
X-S-Maxage
X-Varnish-CookieINHashed-On
X-DefHash
X-VServer
X-Esi-Check
X-DefElseHash
X-VG-TLSProxy
X-Storefront-Renderer-Rendered
X-Cdn-Origin
Thinkindot-Control
Thinkindot-CacheControl-Type
X-SVT-ORM-RULES
X-Varnishpool
X-Cache-Id
X-Cache-Info
X-Varnish-Remaining-TTL
X-SVT-ORM-VERSION
Thinkindot-CacheControl
TDXMobile
X-Sn-Servicetimems
X-CMSURLCustom
X-Core-Mission
X-Core-Value
X-Generated-On
X-Clientip
X-Cache-Bucket
X-Cache-Debug
X-Sorting-Hat-ShopId
X-VG-WebCache
X-Sorting-Hat-PodId
Req-Svc-Chain
X-Wix-Viewer-Type
X-Owner
X-Auto-Login
X-Alternate-Cache-Key
X-Nitro-Cache
X-Node-Id
X-Mvc-Supplant-Cachable
X-Platform
Cmsid
X-Mid
Cf-Device-Type
X-Mly-Id
X-AWS-Id
X-NodeID
X-VWS-Id
X-Thinkindot-L3
X-PAYTM-SRV-ID
X-Cluster
X-LJ-Flow-ID
X-ApacheServer
Adler-Geo
X-Old-Content-Length
X-Org
X-PERF
AKAMAI
X-Geo-Header
Cmstype
X-Pool
X-GeoIP-Region-Code
X-Gzip
X-Hash
X-Accel-Buffering
X-GeoIP-Country-Code
Host-ID
X-Variation
X-Test
Is-Eu
X-Qloud-Router
X-Loc
Expect-Staple
X-Up
X-BBC-Edge-Cache-Status
Datacenter
X-Level-Front-Cache
X-Policy
X-Irp-Debug
X-Human
X-INCAP-ABP
Environment
X-TIME
User-Cache-Control
X-Tx-Id
X-Block-Status
X-From
X-Proxy-Cache-Status
X-JWT-State
X-Is-Gdpr
X-Mvc-Supplant-OutputCached
X-Nananana
X-Origin-Response-Time
X-Origin
X-Nginx-Cache-Key
X-Hnp-Log
X-Has-Esi
X-Dispatcher-Server
X-Device-Os
X-Clara-WADP
X-Fmm-Version
X-Forwarded-Site
X-GeoIP
X-Gen-Mode
X-Cdn-Srv
X-Akamai-Device-Characteristics
X-WADP-Cache
DSUID
Country-Code
X-WA-Info
Sever-Int
Server-Ext
NM-Fastcgi-Cache
Server-Hostname
CloudFront-Viewer-Country
Esi-Enabled
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Cache-Hits
X-Cache-Status-Check
Origin-CC
X-Access
Origin-EX
Server-Info
Memory
X-FTR-Request-ID
X-Datadome
X-Op-Id-All
X-Section
Ssr
C-Via
X-LB-NoCache
X-NCache
Wxu-Next-Commit
X-Cache-Enabled
X-Instance-Name
Wxu-Next-Region
Hostname
Wxu-Next-Hostname
Time
Pics-Label
X-PHP-Backend
X-Dc
X-API-Version
X-Micro-Cache
NGX
X-Amz-Meta-Cb-Modifiedtime
X-Via-Fastly
X-Scale
Server-ID
AMP-Access-Control-Allow-Source-Origin
X-HA-Backend
X-TIM-N
X-CACHE-GROUP
X-AB
X-B3-Spanid
X-Tb-Optimization-Total-Bytes-Saved
X-Vgn-Hpd-Reason
X-Cs
Cdn-Requestid
X-Internal-Host
X-Wp-Cf-Super-Cache-Active
X-Air-Source
X-Air-Trace-Id
X-Varnish-Beresp-Ttl
X-Air-Hostname
X-Varnish-Beresp-Grace
X-Geo-Region
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Buckets
Location
X-ZONE
X-Azure-Ref-OriginShield
X-Accel-Version
X-Webkit-Csp-Report-Only
X-Zone
X-WP-CF-Super-Cache-Active
X-TraceId
GeoIP-Latitude
X-Fpc
X-SIPLIST1
X-Backend-Instance
IsBot
Sid
X-B3-Parentspanid
X-Github-Request-Id
X-Web-Node
X-Microcachable
X-Browser-Name
X-Is-Mobile
X-Tcp-Rtt
X-Is-Supported-Browser
X-Origin-Expires
X-Is-Desktop
X-Is-Tablet
Cache-Host
YJS-ID
X-DataCenter
XM
CF-Ctrl
X-DC
X-Cached-By
X-HN
X-Pod-Name
Uri
PFcat
X-Info
X-VarnishDD-TTL
Resin-Trace
X-LiteSpeed-Cache-Control
X-TA-CDN-Provider
X-Ad-Defer-Variation
True-Client-Ip
User-Agent
X-Site-Version
X-Hyper-Cache
Epwk-X-Cache
X-Via-SSL
X-Via-CDN
X-Nitro-Cache-From
X-Nitro-Rev
X-Via-Edge
X-NGINX-Cache
X-Locale
X-FL-EDGE
GeoIP-Country-Code
Locid
Srvid
X-FL-QIT-DEBUG
Edge-Copy-Time
A
X-Frame-Option
Cdn
GeoIp-Country-Code
X-VCache
XServer
X-Service
X-FireWall-Port
X-Webstats-RespID
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Moov-Xdn-Version
X-Moov-T
X-CS
X-ATG-Version
X-CSRF-TOKEN
X-NewRelic-App-Data
X-Datacenter
True-Client-IP
SID
X-VC
X-MSEdge-Flight
X-MSEdge-Features
X-Varnish-Authentication
Cache-Key
X-Origin-Cache-Key
X-Geo
X-TRACE-ID
NtCoent-Length
LB
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Pad
X-Upstream-Ct
X-Vercel-Id
Fastly-Drupal-Html
Path
X-Vercel-Cache
Cdn-Host
X-FPC
X-Edge-Server
X-Upstream-Ht
Cdn-Request-Time
X-HostName
Tcn
X-NMSegId
X-SRV
Req-ID
X-HS-Content-Campaign-Id
WZWS-RAY
X-Planisys-CDN-Rules
State
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
M-TraceId
X-Platform-Server
X-LiteSpeed-Tag
X-Cdn-Request-ID
X-APP-VERSION
CountryCode
X-Api-Version
Cf-Ipcountry
X-WP-CF-Super-Cache-Cookies-Bypass
X-Vgn-Hpd-Cached
X-Amz-Meta-Opti
X-Release
X-Fastly-Cache
X-AK-Request-ID
X-Esi
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Air-Pt
X-Ad-Load-Variation
Cdncip
Cdnsip
Cluster
X-Branch-Name
X-NWS-UUID-VERIFY
Content-Script-Type
X-M-Reqid
Pramga
X-Request-Start
X-Scope-Id
X-Cache-Ttl
X-Cache-Remote
X-M-Log
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Traceid
Content-Style-Type
X-Sigma
WebServer
X-Sigma-Backend
X-Rocket-Build-Number
Lb
X-Generated-In
X-Rebelmouse-Cache-Control
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Rebelmouse-Surrogate-Control
X-Proxy-CacheRZ
X-Shield-Cache-Expires
Proxy-Connection
X-Qnm-Cache
Yak-Timeinfo
XkeyRZ
Cache
X-HS-Status
X-Varnish-Beresp-Status
X-UA
X-Provided-By
CDN
X-CACHE-KEY
Srv
X-Tim-N
X-Cache-Date
Edge-Cache
X-Akamai-Pragma-Client-IP
X-Gamma-Serve
Geoip-Latitude
X-GoCache-CacheStatus
X-Scheme
X-Request-URI
X-GeoIP-City
X-Cdn-Forward
X-Lb-Cache
X-Cdn-Cache-Status
Server-Id
X-CUA
X-RN-RSRV
X-User
HostName
CF-Cached-On
X-TH-Server
X-Vc
X-Ha-Backend
Ohc-File-Size
X-Render-Time
X-TT-LOGID
X-Aicache-OS
Tube-Got-Results
Tube-Return
Tube-Got-Eval
Click-Count-Error
Cache-Tv-Group
X-Acquia-Purge-Cdn-Unconfigured
X-B3-Trace-ID
Click-Count-Action-Start
X-EC-Lua
Tube-Get-Contents
PICS-Label
X-Servedbyhost
Env
X-SB
X-Req
X-Via-Ucdn
V-Age
X-V-Cache
X-Dw-Trace-Id
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Nc
X-Acquia-Application-Trace
X-LB-ID
X-Lb-Nocache
X-Edge-POP
X-Fastly-Backend-Reqs
X-Cache-FS-Status
Ngx
X-Wa
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
Yjs-Id
X-TX-ID
Mime-Version
X-ElasticPress-Query
X-Fastly-Cache-Hits
X-Snapshot-Date
Vha6-Origin
Inserted-Into-Cache-At
CACHE-MISS-TO-ORIGIN
X-VCL-Version
Kp-EeAlive
X-Cached-Since
X-Litespeed-Cache-Control
X-CF-Cache-Header-Cache-Control
X-CF-Cache-Header-Vary
Cneonction
X-Miniprofiler-Ids
Log-Origin
X-RAMCache
X-Udemy-Cache-App-Namespace