Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
CF-RAY
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-DNS-Prefetch-Control
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
Server-Timing
X-Content-Security-Policy
Access-Control-Expose-Headers
Content-Encoding
X-XSS-PROTECTION
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Request-Context
X-Turbo-Charged-By
X-Backend
X-Cache-Group
X-AH-Environment
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-Proxy-Cache
X-Vhost
X-Server
X-Rq
X-UA-Device
Allow
X-Server-Powered-By
X-Ws-Request-Id
X-Age
X-Dispatcher
X-Varnish-Cache
EagleId
X-Amz-Version-Id
X-LiteSpeed-Cache
P3p
Nel
Grace
Cf-Apo-Via
X-Page-Speed
X-Styx-Req-Id
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Device
EagleEye-TraceId
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Pingback
X-Host
X-Node
Accept-CH
X-Cache-Lookup
X-CST
X-WebKit-CSP
X-Backend-Server
X-Server-Id
Surrogate-Control
X-Readtime
Permissions-Policy
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Request-Id
X-Application-Context
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Response-Time
X-HW
X-Ua-Compatible
X-Trace
Xkey
X-Ruxit-JS-Agent
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Rating
X-Url
Accept-Ch-Lifetime
X-ESI
X-Midtier
X-Amz-Server-Side-Encryption
X-Oneagent-Js-Injection
X-ECACHE
X-Mcache
X-Country
Cache-Tag
X-MS-InvokeApp
X-Rack-Cache
X-Upstream
X-D2id
X-Powered-By-Plesk
X-Vcap-Request-Id
Verso
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Element-Page-Cache
Accept-Ch
Edge-Control
Service-Worker-Allowed
X-Vname
X-TtlSet
X-PC
RTSS
X-Ac
X-Country-Code
X-Webkit-CSP
Origin-Trial
X-Goog-Hash
X-VARITI-CCR
X-Navigation-Version
Fastly-Restarts
X-Abt-Application-Version
X-Ruxit-Js-Agent
X-Cache-TTL
X-WebKit-CSP-Report-Only
X-GitHub-Request-Id
X-Browser-Type
X-Cached
X-Amz-Rid
X-Kinja-CCPA
X-Varnish-TTL
X-Aspnetmvc-Version
Cross-Origin-Opener-Policy
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Server-Name
X-NWS-LOG-UUID
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-SharePointHealthScore
SPRequestGuid
X-Content-Type
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Times
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
SPIisLatency
X-Erf-Bev-Bev-Is-Generated
SPRequestDuration
X-Instrumentation
X-Powered-CMS
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Cache-Key
X-Ttl
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Mg-S
X-B3-Traceid
Arr-Disable-Session-Affinity
X-Middleton-Response
Response
X-Litespeed-Cache
X-Client-IP
X-Fastly-Request-ID
X-Version
X-Cnection
X-Ser
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-FastCGI-Cache
AR-CACHE
Nginx-Cache
Cache-Tags
X-Accel-Expires
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-T
Cache-Status
Edge-Cache-Tag
X-B3-TraceId
X-Hits
Front-End-Https
X-RateLimit-Remaining
X-MSEdge-Ref
X-Ua-Device
X-Px
Public-Key-Pins
X-NF-Request-ID
X-Recruiting
Payment
S
X-LLID
X-Frontend
X-Ua-Browser
X-Shield-Request-Id
Server-Node
X-B3-TraceId-Primal
MRF-Tech
X-RateLimit-Limit
Mrf-Cache-Status
X-Request-Received
X-Request-Processing-Time
X-Server-ID
X-Daa-Tunnel
X-GUploader-UploadID
Content-MD5
X-Goog-Metageneration
X-TTL
X-DIS-Request-ID
MicrosoftSharePointTeamServices
Access-Control-Request-Method
X-PressLabs-Stats
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Content-Digest
TP-Cache
Realpath
X-Webkit-CSP-Report-Only
X-Protected-By
X-Microsite
X-HS-Hub-Id
X-Request-Handler-Origin-Region
X-HS-Combine-CSS
X-HS-Content-Id
X-Forwarded-For
X-HS-Cache-Config
X-Distributor
Fastcgi-Cache
X-FB-Debug
Access-Control-Allow-Method
X-Fastcgi-Cache
X-LB-Cache
X-Page-Id
X-Cluster-Name
Accept-Charset
X-Rid
X-Ratelimit-Remaining
TP-L2-Cache
X-Geo-Country
X-Hostname
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Goog-Stored-Content-Length
X-B3-Sampled
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
Count-Hit
X-Aspnet-Version
X-Seen-By
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
Cleartype
X-Newrelic-App-Data
TCN
X-Edge-Location-Klb
X-Kinsta-Cache
X-App-Server
Referer-Policy
X-Xrds-Location
X-Varnish-Backend
X-Logged-In
X-Mobile
X-Correlation-Id
DC
X-Ratelimit-Limit
X-Content-Options
X-Id
X-Hosted-By
X-Git-Hash
X-Origin-Cache
X-Fb-Rlafr
X-Contextid
X-Amz-Replication-Status
X-Debug-Info
X-Grace
Surrogate-Key
X-Revision
X-Providence-Cookie
Retry-After
X-Is-Crawler
X-Request-Guid
X-Flags
X-App-Environment
X-Aspnet-Duration-Ms
X-TT
X-Route-Name
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-IPS-LoggedIn
Frame-Options
X-Envoy-Decorator-Operation
X-F-Cache
X-Varnish-Grace
X-Azure-Ref
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Section-Io-Cache
X-RateLimit-Reset
X-Wix-Request-Id
X-Magnolia-Registration
X-Whom
MS-Author-Via
Healthy
X-Origin-Server
Charset
X-Proxy-Cache-Info
Alternate-Protocol
X-Akamai-Edgescape
Viewport
X-App-Version
X-Www-Served-By
X-Nf-Request-Id
X-COUNTRY
X-Backend-Name
X-Language
X-Webkit-Csp
X-AppVersion
X-Az
X-Activity-Id
Paypal-Debug-Id
X-B
X-Varnish-Server
Filterid
SRV
WPO-Cache-Message
WPO-Cache-Status
X-Datadog-Trace-Id
Server-Name
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-Rule
X-Datadog-Parent-Id
X-Http-Reason
Host
X-Response-Served-From
X-Original-Request-Id
X-Datadog-Sampling-Priority
X-UUID
Akamai-GRN
X-Edge-Location
X-User-Agent
X-Rule
X-Instance
X-Akamai-Request-ID2
From-Origin
X-L-Path
X-Jobs
X-Region
X-Status
X-Varnish-Age
X-Unique-Id
X-Environment-Context
X-Cache-Grace
Country
X-Kong-Upstream-Latency
Front
Protected
X-ARC
SD-X-WS
Amp-Access-Control-Allow-Source-Origin
X-Kong-Proxy-Latency
X-Time
X-FW-Serve
X-FW-Server
X-FW-Dynamic
X-Cacheable-TTL
Fastly-SWR
X-FW-Static
X-Framework
X-FW-Version
X-Rendered-As
X-Rocket-Nginx-Serving-Static
X-Page-View
X-Is-Bot
Fastly-SIE
X-EdgeConnect-Cache-Status
X-FW-Type
X-FW-Hash
X-N
X-Load-Cache
X-Vcache
X-Tumblr-Pixel-1
X-Adobe-Content
X-Tumblr-User
X-ProcessESI
X-Cache-Time
ServerID
X-Tumblr-Pixel
X-Client-Ip
X-Adobe-Loc
X-Type
X-DataDome
X-G
X-Tumblr-Pixel-0
X-RemovedCookies
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Trace-Id
Content-Disposition
X-Tec-Api-Version
X-Proxy
X-Tec-Api-Origin
X-Tec-Api-Root
X-Mg-Request-UUID
X-Datadog-Sampled
Access-Control-Request-Headers
X-B-Cache
X-Signature
X-Debug-IsPreview
X-Amzn-Remapped-Content-Length
X-Debug-IsConnected
X-CDN-Forward
X-Cache-Control
X-Cache-Age
Backend
X-ECache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Countrycode
Refresh
X-Nginx-Cache
X-DynaTrace
X-Drupal-Cache-Tags
Xet-Cookie
X-Servername
Accept-Language
X-Erf-Web-Scheduler
X-Httpd
Url
CF-IPCountry
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-DynaTrace-JS-Agent
X-Generated-By
X-Source
X-HTML-Minification-Powered-By
X-Template
X-XRDS-Location
X-Device-Type
Webserver
X-Mode
X-NYM-Debug-Backend
X-Content-Powered-By
Xserver
Version
X-Storage
X-Content-Age
GEO-INFO
X-JoinUs
X-Rn-Rsrv
OT-Force-Account-Verify
X-UPSTREAM-Address
S-Rt
X-GeoCode
X-Cache-Operation
X-Cache-Action
X-Director
X-Urbn-Site-Id
X-GeoCountry
X-LAGOON
X-Urbn-Context-Path
Meta-Geo
X-Rewrite-Enabled
X-SayCDN-TTL
X-ServerID
X-Say-TTL
Filters
X-Say-Cacheable
X-SaId
Locale
Load-Balancing
X-Soup
X-Varnish-Hostname
X-Forwarded-Host
X-Cluster-Node
X-Git-Commit
X-Varnish-Cache-Hits
X-Tt-Logid
X-Container-Uri
Onion-Location
Azure-SiteName
X-Cache-Hit
X-VC-Cache
X-Labrador-Cache-Channel
X-Tb
Azure-SlotName
X-Detected-As
X-VCT
X-Lambda-Id
Azure-RegionName
Azure-InstanceId
X-Sql-Duration-Ms
X-Loop
Azure-Version
X-Cache-Server
Web-Mar-Node
X-RM-Cache-TTL
X-Tncms
X-Ms-Version
X-PHP-Host
X-Ms-Request-Id
X-Served-From
X-Sql-Count
Mn-Server-Ip
X-Adobe-Source
Node
DB-Nickname
Cross-Origin-Window-Policy
X-R9-Blue-Green-Version
X-Proxied
X-Proto
X-XRDS-LOCATION
X-RCS-CacheZone
X-Routing-Service
X-URL
X-Skip-Cache
X-Zipkin-Id
X-Generation-Time
X-Logging-Id
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-FB-TRIP-ID
X-Extlb
X-CCDN-CacheTTL
X-Timing-Wait
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Uri
TWC-GeoIP-Country
TWC-Device-Class
X-Tumblr-Pixel-2
X-Proxy-Build
X-Format
X-Fetched-On
Webcakes-App-Version
Webcakes-App-Name
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
X-Debug
X-Tumblr-Pixel-3
Webcakes-Region
X-MCACHE
Property-Id
Fastcgi-Useragent
Selected-Fe
Uber-Trace-Id
X-Endurance-Cache-Level
X-LSADC-Cache
X-Zen-Fury
X-Ua
X-Redis-Cache
Source
X-Sucuri-Cache
X-Sucuri-ID
X-NGENIX-Cache
X-Srv
Section-Io-Origin-Status
CDN-RequestId
X-Drupal-Cache-Contexts
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-B3-SpanId
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-S
X-Upgrade-Enabled
X-Origin-Date
X-Ratelimit-Reset
X-MP-GENERATED-AT
X-Pass-Why
X-TimeS
Fastly-Drupal-HTML
X-FTR-Request-ID
X-Cache-Expired-At
X-Varnish-Ttl
X-Varnish-Hits
X-Origin-TTL
X-Origin-CC
Upgrade-Insecure-Requests
Liferay-Portal
X-Real-IP
NGB
X-Newrelic-Synthetics
X-Akamai-Transformed
X-Handled-By
X-CACHE-AGE
X-Optimistic-Header
X-Xfnlog-Site
X-Cache-TTL-Remaining
Apigw-Requestid
X-UA-Device-Type
X-Reqid
ServedBy
X-Hl-Ver
X-Cache-Type
X-Node-Name
X-Cms-Context
X-Restarts
X-Via-JSL
X-Correlation-ID
CDN-PullZone
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
MS-CV
X-No-Session
X-ProxyCache-Key
X-ProxyCache-Status
X-Cache-Host
X-BYPASS-REASON
X-RTag
CDN-Uid
X-CSRF-Token
Ms-Operation-Id
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Pubstack
X-GEO
X-ID
X-IPLB-Instance
X-IPLB-Request-ID
X-Server-W
X-Cluster
X-Parent-Response-Time
WP-Super-Cache
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
T-Server
X-External-Request-Id
X-Fastly-Backend
Canary
X-Eu-Site
Candidate-Md5Url
X-Epic-Correlation-Id
L5d-Success-Class
X-BCube-Filmed-By
X-FC-Vary-Parameters
X-Ec-GeoHdr
X-CacheTTL
L
X-Cache-NE
BehaviorPad-Version
W
Redirect-Candidate
X-CF-Lambda-Fn
X-Developer
X-Debug-Cache-Store
X-Tx-Id
Magicmarker
True-Client-Country-4JS
X-Debug-Cache-Fetch
X-D
X-Conf
MD5-Digest
X-Csrf-Jwt
Vix-Hermes-Req-Id
Lang
X-Bc-Bl
X-Dispatcher-Number
X-CF-Lambda-Version
X-Ec-Custom-Error
X-Destination
X-CGP
X-SRCache-Key
Meta-Geo-Continent
N-Cache
X-Ec-Fail
X-Bl-Debug
DCR-Decision-By
DCR-Processing-Time-Ms
Xc-Version
Ha-Gx-Prefs
X-Aed
Fastly-SSL
X-Request-Host
X-Vdms-Path
X-Vdms-Version
X-A-Wwc
X-A-Dgt
Server-Host
Origin-Agent-Cluster
X-A
Odigeo-Trace-Id
X-Vtex-Remote-Cache
X-A-Ccd
X-We-Are-Hiring
X-A-Dcw
X-A-Dam
HA-Ipaddr
Surrogated-Key
Rendered-Blocks
X-B-Cookie
X-App-Name
Gannett-Cam-Experience-Id
X-ScT
X-Worker
X-Slack-Shared-Secret-Outcome
Web-Mar-Region
Sslversion
X-Application
X-Viewer-Country
X-Slack-Backend
X-S-Cookie
X-Rojux
Ngx.Var.Host
X-AB
X-Proxy-Cache-Status
X-Datadome
We-Hiring
Thinkindot-Control
TDXMobile
X-CMSURLCustom
Thinkindot-CacheControl
Req-Svc-Chain
X-Cache-Info
X-Cdn-Diag
X-Cdn-Origin
X-Cache-Debug
X-Cache-Bucket
X-Bip
Release
VNS-Age
X-App
X-Accel-Buffering
X-Clientip
X-Accel-Expires-Debug
X-Alternate-Cache-Key
Thinkindot-CacheControl-Type
VNS-Cache
X-Core-Mission
X-Mly-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Sn-Servicetimems
X-Storefront-Renderer-Rendered
X-SVT-ORM-RULES
X-Tenant
X-SVT-ORM-VERSION
X-Shopify-Stage
X-ShopId
X-S-Maxage
X-Request-Time
X-Refresh
X-SD-PageType
X-Server-IP
X-Shop-Environment
X-ShardId
X-Test
X-Thanos
X-VServer
X-Vmg-Version
X-VG-WebCache
X-Wikidot-Backend
X-Wikidot-Static-Cache
Host-ID
X-Wix-Viewer-Type
X-VG-TLSProxy
X-Varnishpool
X-Var-Ttl
X-Up
X-Thinkindot-L3
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Human
X-Hash
X-GeoIP-Region-Code
X-Irp-Debug
X-Level-Front-Cache
X-Mid
X-Loc
X-GeoIP-Country-Code
X-Geo-Header
X-DefHash
X-DefElseHash
X-Date
X-DPWN-IS-SECURE
X-Forwarded-Path
X-Generated-On
X-Gdpr
Producers
X-Mvc-Supplant-Cachable
X-PAYTM-SRV-ID
X-Owner
X-Origin-Time
X-Platform
X-Policy
X-Qloud-Router
X-Pool
X-Orig-Expires
X-Org
X-Nitro-Cache
X-Nananana
X-Node-Id
X-NodeID
X-Old-Content-Length
X-Nyt-Route
X-Core-Value
X-BBC-Edge-Cache-Status
Cf-Device-Type
Fastly-GeoIP-CountryCode
X-B3-Spanid
Fastly-Backend-Name
Cache-Provider
Gh-Request-Id
CPC-Age
Mail-Subject
Is-Eu
X-Micro-Cache
Expect-Staple
Environment
Datacenter
Content-Secure-Policy
Cmstype
CPC-Cache
Cmsid
X-Cache-Status-Check
AKAMAI
Adler-Geo
Origin
Platform
User-Cache-Control
AMP-Access-Control-Allow-Source-Origin
X-TIME
X-Cdn-Srv
X-ApacheServer
X-Auto-Login
Apple-News-Services-Handled
X-INCAP-ABP
X-Clara-WADP
Country-Code
X-Esi-Check
X-Fmm-Version
Apple-News-Services-Host
X-Dispatcher-Server
X-Hnp-Log
X-Gzip
X-Block-Status
X-GeoIP
X-Gen-Mode
X-Cache-Id
Apple-News-Services-Request-Url
X-From
CloudFront-Viewer-Country
CDCHOST
X-Forwarded-Site
Apple-News-Services-Parsed-Url
X-Geo-Region
X-PERF
X-Origin-Response-Time
X-Origin
NM-Fastcgi-Cache
X-WA-Info
Cache-Name
X-WADP-Cache
X-Nginx-Cache-Key
Machine
X-Mvc-Supplant-OutputCached
DSUID
Esi-Enabled
X-Device-Os
X-Akamai-Device-Characteristics
X-Vcl-Version
X-TraceId
Sever-Int
Pics-Label
Server-Info
Server-Ext
X-Access
Server-Hostname
X-Instance-Name
NGX
Wxu-Next-Region
X-Op-Id-All
Wxu-Next-Hostname
X-NCache
X-AIR-PT
X-LB-NoCache
Wxu-Next-Commit
C-Via
X-Section
X-Cache-Enabled
Ssr
X-Dc
X-Via-Fastly
X-Fastly-Request-Id
Server-ID
X-Amz-Meta-Cb-Modifiedtime
X-Vgn-Hpd-Reason
X-API-Version
X-Accel-Version
X-Has-Esi
X-CACHE-GROUP
X-Varnish-Beresp-Grace
X-HA-Backend
Memcached
X-Varnish-Beresp-Ttl
X-Is-Gdpr
X-JWT-State
X-Is-Desktop
X-Browser-Name
X-Is-Mobile
X-Buckets
X-Is-Supported-Browser
X-Tcp-Rtt
X-Is-Tablet
Memory
Hostname
Time
Cdn-Requestid
X-SIPLIST1
IsBot
Cache-Hits
Sid
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
Origin-CC
X-Scale
Origin-EX
X-ZONE
X-Air-Hostname
X-Zone
X-Air-Source
CF-Ctrl
X-TIM-N
X-Wp-Cf-Super-Cache-Active
Location
YJS-ID
X-PHP-Backend
X-Air-Trace-Id
X-B3-Parentspanid
X-Tb-Optimization-Total-Bytes-Saved
X-Presslabs-Stats
X-Cached-By
X-WP-CF-Super-Cache-Active
X-Fpc
X-Internal-Host
X-Backend-Instance
X-Origin-Cache-Key
X-Frame-Option
Resin-Trace
X-Hyper-Cache
X-Azure-Ref-OriginShield
X-Cs
X-DC
GeoIP-Latitude
Uri
X-TA-CDN-Provider
X-VC
X-Webstats-RespID
True-Client-Ip
X-Origin-Expires
Epwk-X-Cache
X-Site-Version
X-Microcachable
Cache-Host
X-DataCenter
X-Service
X-LiteSpeed-Cache-Control
X-FTR-Backend-Server
X-Info
X-FTR-Cache-Status
X-Nitro-Cache-From
X-Nitro-Rev
X-FTR-Balancer
XM
X-FTR-Expires
X-Country-Code-Real
GeoIP-Country-Code
X-FTR-Backend
X-NGINX-Cache
X-Locale
X-Web-Node
X-VarnishDD-TTL
LB
PFcat
X-HN
X-Pod-Name
Cdn
GeoIp-Country-Code
X-VCache
X-Edge-Server
X-Cache-Ttl
X-CS
XServer
X-Ad-Defer-Variation
Cdn-Host
Cdn-Request-Time
X-Datacenter
X-Geo
User-Agent
NtCoent-Length
X-CSRF-TOKEN
X-NewRelic-App-Data
A
Req-ID
X-Via-CDN
X-NMSegId
WZWS-RAY
True-Client-IP
Srvid
X-FL-EDGE
X-FL-QIT-DEBUG
X-Via-Edge
X-Via-SSL
Locid
Edge-Copy-Time
M-TraceId
X-Vercel-Cache
X-Vercel-Id
X-SRV
WebServer
X-Ad-Load-Variation
X-TRACE-ID
SID
X-MSEdge-Flight
X-MSEdge-Features
X-Cache-ASPX
X-FireWall-Port
X-Contensis-Viewer-Groups
X-Pad
X-Moov-T
Cluster
X-Moov-Xdn-Version
Fastly-Drupal-Html
Pramga
X-M-Reqid
X-Scope-Id
X-Request-Start
X-M-Log
X-FPC
X-ATG-Version
X-Varnish-Authentication
X-HostName
Tcn
X-Request-URI
X-Qnm-Cache
X-Varnish-Beresp-Status
X-NWS-UUID-VERIFY
X-LiteSpeed-Tag
Cache-Key
X-Shield-Cache-Expires
CountryCode
HostName
X-APP-VERSION
X-Api-Version
X-Cdn-Request-ID
Cf-Ipcountry
X-Cache-Date
Content-Script-Type
X-Esi
Edge-Cache
Path
Cdnsip
Cdncip
X-Amz-Meta-Opti
X-Air-Pt
X-AK-Request-ID
Content-Style-Type
Cache-Tv-Group
X-TH-Server
X-Branch-Name
Wpo-Cache-Status
Wpo-Cache-Message
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Wa
Tube-Get-Contents
Click-Count-Error
X-B3-Trace-ID
X-LB-ID
X-Via-Popn
X-Cache-FS-Status
X-Proxy-CacheRZ
XkeyRZ
State
Yak-Timeinfo
X-Render-Time
Click-Count-Action-Start
X-Planisys-CDN-Cache
X-Acquia-Purge-Cdn-Unconfigured
X-Platform-Server
X-HS-Content-Campaign-Id
X-Req
X-Via-Poph
X-SB
X-V-Cache
X-Nc
X-Servedbyhost
X-Github-Request-Id
X-Planisys-CDN-TTL
X-Aicache-OS
Tube-Got-Eval
Tube-Got-Results
Tube-Return
X-Via-Popv
X-WP-CF-Super-Cache-Cookies-Bypass
X-Planisys-CDN-Rules
X-Upstream-Ct
CDN
X-CACHE-KEY
X-Rebelmouse-Cache-Control
X-Upstream-Ht
X-VCL-Version
Lb
X-Rebelmouse-Surrogate-Control
X-Cdn-Forward
Geoip-Latitude
X-Wp-Cf-Super-Cache-Cache-Control
X-Vgn-Hpd-Variations-Key
Srv
X-Vgn-Hpd-Cached
V-Age
X-Vgn-Hpd-Ssi
X-Wp-Cf-Super-Cache
Proxy-Connection
X-Akamai-Pragma-Client-IP
X-Men
X-Tim-N
X-Release
On-Server
X-Vary
X-Fastly-Cache
X-Lb-Cache
MIME-Version
X-User
Ngx-Var-Key
X-Rocket-Build-Number
X-UA
X-Dw-Trace-Id
X-Generated-In
X-Ha-Backend
Ohc-File-Size
X-Cache-Remote
CF-Cached-On
X-Traceid
X-HS-Status
X-Sigma
Server-Id
X-Sigma-Backend
X-TT-LOGID
Ohc-Cache-HIT
X-CUA
X-Fastly-Backend-Reqs
Cache
X-Acquia-Site
X-EC-Lua
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
PICS-Label
My-App
X-Lb-Nocache
X-Via-Ucdn
X-Acquia-Application-UUID
Yjs-Id
X-TX-ID
X-Iplb-Instance
X-Iplb-Request-Id
Mime-Version
X-APP
X-GoCache-CacheStatus
Warning
X-GeoIP-City
X-Gamma-Serve
Inserted-Into-Cache-At
X-CF-Cache-Header-Vary
Ngx
X-Litespeed-Cache-Control
X-CF-Cache-Header-Cache-Control
Log-Origin
X-Miniprofiler-Ids
X-RAMCache
X-Udemy-Cache-App-Namespace
X-ElasticPress-Query
Cneonction
CACHE-MISS-TO-ORIGIN
X-Fastly-Cache-Hits
X-Snapshot-Date
X-Cached-Since
Vha6-Origin
X-Scheme