Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
CF-RAY
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Dns-Prefetch-Control
X-Request-ID
X-Drupal-Dynamic-Cache
Nel
Server-Timing
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-XSS-PROTECTION
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Request-Context
X-Turbo-Charged-By
X-Backend
X-Cache-Group
X-AH-Environment
X-Robots-Tag
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Hacker
X-UA-Device
X-Proxy-Cache
X-Vhost
X-Server
X-Rq
Allow
X-Server-Powered-By
X-Ws-Request-Id
X-Age
X-Dispatcher
X-Varnish-Cache
EagleId
X-Amz-Version-Id
P3p
X-LiteSpeed-Cache
Grace
Cf-Apo-Via
Cf-Railgun
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Node
X-Cache-Lookup
X-CST
X-WebKit-CSP
Accept-CH
X-Backend-Server
X-Server-Id
Surrogate-Control
Permissions-Policy
X-Readtime
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
Accept-CH-Lifetime
X-Akam-SW-Version
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Ua-Compatible
X-Response-Time
X-HW
Xkey
X-Trace
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Rating
X-Url
Accept-Ch
X-ESI
X-Midtier
X-Amz-Server-Side-Encryption
X-Aspnetmvc-Version
X-Mcache
Cache-Tag
X-MS-InvokeApp
X-ECACHE
X-Country
X-D2id
X-Powered-By-Plesk
X-Rack-Cache
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Exp-Id
X-Use-Magma
X-Exp-Variant
X-Vcap-Request-Id
X-Upstream
X-Element-Page-Cache
Verso
Edge-Control
Accept-Ch-Lifetime
Service-Worker-Allowed
X-TtlSet
RTSS
X-Vname
X-PC
X-Country-Code
Origin-Trial
X-Ac
X-Goog-Hash
X-Aspnet-Version
X-Navigation-Version
X-VARITI-CCR
X-Abt-Application-Version
X-WebKit-CSP-Report-Only
Fastly-Restarts
X-Cache-TTL
X-GitHub-Request-Id
X-Oneagent-Js-Injection
X-Browser-Type
X-Kinja-CCPA
X-Amz-Rid
X-Cached
X-Webkit-CSP
X-Varnish-TTL
Cross-Origin-Opener-Policy
X-NWS-LOG-UUID
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Server-Name
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-SharePointHealthScore
SPRequestGuid
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Ruxit-Js-Agent
X-Times
SPIisLatency
X-Ttl
SPRequestDuration
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Content-Type
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
AR-SID
AR-Request-ID
X-Powered-CMS
AR-PoweredBy
AR-ATIME
X-Cache-Key
X-FastCGI-Cache
X-Litespeed-Cache
X-Mg-S
X-Client-IP
Arr-Disable-Session-Affinity
Response
X-Middleton-Response
X-B3-Traceid
X-Version
X-Fastly-Request-ID
X-Ser
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Cnection
Nginx-Cache
X-Accel-Expires
X-T
AR-CACHE
Cache-Tags
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Cache-Status
X-B3-TraceId
Edge-Cache-Tag
Front-End-Https
X-Hits
X-NF-Request-ID
X-MSEdge-Ref
Public-Key-Pins
X-Px
X-RateLimit-Remaining
X-Recruiting
Payment
S
X-Server-ID
X-LLID
X-Request-Processing-Time
X-Shield-Request-Id
X-Request-Received
X-Frontend
X-Ua-Browser
Server-Node
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Daa-Tunnel
X-RateLimit-Limit
X-Goog-Metageneration
X-GUploader-UploadID
Content-MD5
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Content-Digest
Access-Control-Request-Method
X-PressLabs-Stats
TP-Cache
X-TTL
X-Protected-By
Realpath
X-Microsite
X-Request-Handler-Origin-Region
X-Distributor
X-Forwarded-For
X-FB-Debug
Access-Control-Allow-Method
Fastcgi-Cache
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-Rid
X-Ratelimit-Remaining
X-Page-Id
X-LB-Cache
X-Cluster-Name
Accept-Charset
X-Webkit-CSP-Report-Only
X-Geo-Country
X-Ua-Device
X-Hostname
TP-L2-Cache
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Erf-Stays-Pdp-Viaduct-Migration-Web
Count-Hit
X-B3-Sampled
X-Ezoic-Cdn
X-Seen-By
Cross-Origin-Resource-Policy
X-Ratelimit-Limit
X-App-Server
Cleartype
X-Id
TCN
X-Edge-Location-Klb
X-Kinsta-Cache
X-Correlation-Id
X-Fastcgi-Cache
X-Newrelic-App-Data
X-Mobile
X-Logged-In
X-Varnish-Backend
Referer-Policy
X-Hosted-By
DC
X-Content-Options
X-Git-Hash
X-Origin-Cache
X-Contextid
X-Xrds-Location
X-Amz-Replication-Status
X-Fb-Rlafr
X-Flags
X-Request-Guid
X-Debug-Info
X-Aspnet-Duration-Ms
X-TEC-API-ROOT
X-Revision
X-TEC-API-ORIGIN
X-Grace
X-Providence-Cookie
X-Route-Name
Retry-After
X-Is-Crawler
X-TEC-API-VERSION
X-TT
Frame-Options
Surrogate-Key
X-App-Environment
X-IPS-LoggedIn
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Grace
X-Forwarded-Proto
X-F-Cache
X-Envoy-Decorator-Operation
X-Azure-Ref
X-RateLimit-Reset
Section-Io-Cache
X-Magnolia-Registration
X-Wix-Request-Id
X-Whom
X-Proxy-Cache-Info
MS-Author-Via
X-COUNTRY
Healthy
X-Webkit-Csp
Charset
X-Akamai-Edgescape
Alternate-Protocol
Viewport
X-Origin-Server
X-Language
X-Backend-Name
X-Www-Served-By
WPO-Cache-Status
WPO-Cache-Message
X-ECache
X-App-Version
Filterid
X-AppVersion
X-Activity-Id
X-Az
Paypal-Debug-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-B
X-Varnish-Server
Server-Name
X-Response-Served-From
SD-X-WS
VIX-Pulpo-Upstream-Status
Amp-Access-Control-Allow-Source-Origin
X-Cache-Rule
X-Original-Request-Id
VIX-Pulpo-Node
X-EdgeConnect-Cache-Status
X-Nf-Request-Id
X-UUID
X-Http-Reason
X-Cache-Grace
X-DataDome
Host
X-Trace-Id
X-Rule
Front
X-User-Agent
X-Cacheable-TTL
X-Akamai-Request-ID2
From-Origin
Protected
X-ARC
Country
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Varnish-Age
X-Unique-Id
X-Kong-Proxy-Latency
X-Rocket-Nginx-Serving-Static
X-Instance
X-N
X-Jobs
Akamai-GRN
X-Kong-Upstream-Latency
X-Edge-Location
X-Framework
X-ProcessESI
X-Status
X-RemovedCookies
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Region
X-Page-View
Fastly-SWR
X-Adobe-Loc
X-Environment-Context
X-L-Path
Fastly-SIE
X-Adobe-Content
X-Load-Cache
SRV
X-Time
X-FW-Static
X-FW-Type
X-FW-Version
X-G
X-FW-Server
X-FW-Serve
X-Cache-Time
X-FW-Dynamic
X-FW-Hash
X-Rendered-As
X-Is-Bot
X-Type
X-Vcache
X-Datadog-Sampled
X-Mg-Request-UUID
ServerID
X-B-Cache
X-Signature
Access-Control-Request-Headers
Content-Disposition
X-Amzn-Remapped-Content-Length
X-Debug-IsConnected
X-Debug-IsPreview
X-Proxy
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Backend
X-Cache-Control
X-Client-Ip
X-Cache-Age
X-WP-CF-Super-Cache
X-Erf-Web-Scheduler
X-WP-CF-Super-Cache-Cache-Control
X-CDN-Forward
Countrycode
X-XRDS-LOCATION
X-DynaTrace
Refresh
X-Httpd
Xet-Cookie
X-Drupal-Cache-Tags
X-Servername
Accept-Language
X-DynaTrace-JS-Agent
Url
X-Template
X-Generated-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Source
X-Nginx-Cache
X-HTML-Minification-Powered-By
Webserver
X-Device-Type
CF-IPCountry
X-Content-Powered-By
X-Storage
X-NYM-Debug-Backend
X-Mode
OT-Force-Account-Verify
X-ServerID
X-GeoCode
X-Say-Cacheable
X-Say-TTL
Filters
X-SaId
X-Rewrite-Enabled
X-SayCDN-TTL
X-JoinUs
X-Rn-Rsrv
X-UPSTREAM-Address
X-Cache-Operation
X-URL
X-Director
X-Content-Age
S-Rt
X-GeoCountry
X-LAGOON
X-Cache-Action
Load-Balancing
GEO-INFO
Meta-Geo
X-Cluster-Node
X-MCACHE
X-Tumblr-Pixel-2
Locale
Onion-Location
X-Soup
X-Cache-Server
X-Tncms
X-Cache-Hit
X-Tumblr-Pixel-3
X-Urbn-Context-Path
X-Git-Commit
X-Varnish-Cache-Hits
X-Loop
Version
Xserver
X-Container-Uri
X-Varnish-Hostname
X-Urbn-Site-Id
Azure-SiteName
Cross-Origin-Window-Policy
X-CCDN-Origin-Time
Azure-Version
X-CCDN-CacheTTL
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-Hcs-Proxy-Type
X-Served-From
X-VCT
X-VC-Cache
X-Ms-Request-Id
X-Ms-Version
X-Forwarded-Host
X-PHP-Host
X-RM-Cache-TTL
X-XRDS-Location
X-Labrador-Cache-Channel
X-Adobe-Source
X-Tb
X-Skip-Cache
X-Generation-Time
X-FB-TRIP-ID
X-Sql-Duration-Ms
X-Logging-Id
DB-Nickname
X-Detected-As
Node
X-Proto
X-Lambda-Id
X-R9-Blue-Green-Version
X-Sql-Count
Web-Mar-Node
X-Tt-Logid
Fastcgi-Useragent
Selected-Fe
X-Fetched-On
X-Timing-Wait
X-RCS-CacheZone
X-Proxy-Build
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
Uber-Trace-Id
TWC-Device-Class
TWC-GeoIP-Country
X-Debug
X-Uri
X-Origin-Hint
X-Endurance-Cache-Level
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
X-Format
Property-Id
X-Extlb
X-Redis-Cache
X-Proxied
X-Zipkin-Id
X-Routing-Service
Mn-Server-Ip
X-Ua
Source
X-LSADC-Cache
X-Zen-Fury
X-Sucuri-Cache
X-Sucuri-ID
CDN-RequestId
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
X-S
X-FTR-Request-ID
X-TimeS
X-NGENIX-Cache
X-Drupal-Cache-Contexts
X-B3-SpanId
X-Varnish-Ttl
X-Srv
X-MP-GENERATED-AT
X-Origin-Date
X-Pass-Why
X-Origin-CC
X-Origin-TTL
X-Varnish-Hits
X-Cache-Expired-At
Upgrade-Insecure-Requests
X-Upgrade-Enabled
X-Real-IP
Liferay-Portal
X-Ratelimit-Reset
X-Newrelic-Synthetics
NGB
X-CACHE-AGE
X-Handled-By
Fastly-Drupal-HTML
X-Akamai-Transformed
X-GEO
X-Oracle-Dms-Rid
X-Hl-Ver
X-Oracle-Dms-Ecid
X-Cms-Context
Apigw-Requestid
X-Reqid
X-Optimistic-Header
X-Node-Name
X-Cache-Host
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
X-Cache-Type
CDN-Cache
ServedBy
CDN-PullZone
CDN-EdgeStorageId
X-Restarts
CDN-RequestCountryCode
CDN-CachedAt
X-CSRF-Token
X-Tx-Id
WP-Super-Cache
X-ProxyCache-Status
Ms-Operation-Id
X-Pubstack
X-Via-JSL
X-Parent-Response-Time
X-Cache-TTL-Remaining
X-No-Session
X-ProxyCache-Key
X-BYPASS-REASON
X-RTag
X-UA-Device-Type
X-Xfnlog-Site
MS-CV
X-AB
Ngx.Var.Host
Origin-Agent-Cluster
Odigeo-Trace-Id
N-Cache
Candidate-Md5Url
Canary
Redirect-Candidate
BehaviorPad-Version
X-IPLB-Request-ID
X-IPLB-Instance
DCR-Decision-By
DCR-Processing-Time-Ms
Magicmarker
MD5-Digest
Lang
Host-ID
Gannett-Cam-Experience-Id
Meta-Geo-Continent
X-BCube-Filmed-By
X-Fastly-Backend
X-External-Request-Id
X-FC-Vary-Parameters
X-Request-Host
X-Rojux
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Developer
X-Destination
X-Dispatcher-Number
X-Ec-Custom-Error
X-Ec-Fail
X-S-Cookie
X-ScT
X-Vtex-Remote-Cache
X-Viewer-Country
X-We-Are-Hiring
X-Worker
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-SD-PageType
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-SRCache-Key
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
Web-Mar-Region
Vix-Hermes-Req-Id
Sslversion
Server-Host
Surrogated-Key
T-Server
True-Client-Country-4JS
X-A-Wwc
X-App
X-CF-Lambda-Fn
X-CacheTTL
X-CF-Lambda-Version
X-Conf
X-D
X-Cache-NE
X-Bl-Debug
X-App-Name
X-Application
X-B-Cookie
X-Bc-Bl
Rendered-Blocks
X-Aed
X-Micro-Cache
X-TIME
X-B3-Spanid
X-Mid
X-Level-Front-Cache
X-Loc
X-Mly-Id
X-Mvc-Supplant-Cachable
X-Irp-Debug
Origin
Platform
X-Hash
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Req-Svc-Chain
Release
Producers
X-Human
X-Nananana
X-Nitro-Cache
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
X-Origin-Time
X-Owner
Fastly-SSL
X-Platform
Is-Eu
X-Orig-Expires
Mail-Subject
X-NodeID
X-Node-Id
X-Nyt-Route
X-Old-Content-Length
L5d-Success-Class
X-Org
X-Generated-On
X-Forwarded-Path
X-CGP
X-Cdn-Origin
X-Alternate-Cache-Key
X-Accel-Expires-Debug
X-Accel-Buffering
X-CMSURLCustom
X-Clientip
X-Cdn-Diag
X-Correlation-ID
X-Cache-Bucket
X-Bip
X-BBC-Edge-Cache-Status
X-Cache-Debug
X-Server-W
X-Cache-Info
X-Core-Mission
X-Core-Value
Thinkindot-Control
X-Eu-Site
X-DPWN-IS-SECURE
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Fastly-GeoIP-CountryCode
TDXMobile
X-DefHash
VNS-Age
X-Date
X-Csrf-Jwt
X-DefElseHash
We-Hiring
VNS-Cache
W
X-Gdpr
L
X-Thanos
X-Test
Fastly-Backend-Name
X-Thinkindot-L3
X-Up
X-Variation
X-Var-Ttl
X-Tenant
X-SVT-ORM-RULES
X-Sorting-Hat-PodId
X-Sn-Servicetimems
X-Sorting-Hat-ShopId
X-Geo-Header
X-Storefront-Renderer-Rendered
Adler-Geo
X-Varnish-CookieHashed-On
X-VWS-Id
X-AWS-Id
X-Cluster
X-Cache-Status-Check
X-Wikidot-Backend
X-Wikidot-Static-Cache
AKAMAI
X-Wix-Viewer-Type
X-VServer
X-Vmg-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnishpool
X-VG-TLSProxy
X-LJ-Flow-ID
X-VG-WebCache
X-Shopify-Stage
X-SVT-ORM-VERSION
X-Pool
CPC-Age
X-PAYTM-SRV-ID
X-Policy
X-Request-Time
X-Geo-Region
X-Refresh
Cmstype
X-RateLimit-Limit-Second
Cf-Device-Type
X-RateLimit-Remaining-Second
Environment
X-Qloud-Router
X-Server-IP
X-S-Maxage
X-ShardId
X-Shop-Environment
X-ShopId
Cache-Name
Datacenter
CPC-Cache
Cache-Provider
Expect-Staple
Cmsid
Content-Secure-Policy
X-TraceId
X-ID
X-Datadome
Esi-Enabled
CloudFront-Viewer-Country
X-Cache-Id
X-Akamai-Device-Characteristics
X-Origin-Response-Time
X-WADP-Cache
X-Clara-WADP
DSUID
X-ApacheServer
X-WA-Info
X-Device-Os
X-From
X-Forwarded-Site
NM-Fastcgi-Cache
X-Mvc-Supplant-OutputCached
X-Gzip
X-GeoIP
X-Origin
X-Fmm-Version
X-PERF
X-Proxy-Cache-Status
X-Dispatcher-Server
X-INCAP-ABP
Machine
X-Esi-Check
X-AIR-PT
X-Dc
User-Cache-Control
X-Cache-Enabled
X-Gen-Mode
X-Block-Status
X-Nginx-Cache-Key
X-Hnp-Log
X-Vcl-Version
X-Cdn-Srv
X-Instance-Name
Server-Ext
Server-Hostname
Apple-News-Services-Request-Url
X-Fastly-Request-Id
X-Vgn-Hpd-Reason
Apple-News-Services-Handled
Server-Info
Sever-Int
CDCHOST
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Country-Code
Ssr
X-Auto-Login
NGX
AMP-Access-Control-Allow-Source-Origin
X-Accel-Version
X-Access
C-Via
X-CACHE-GROUP
X-Via-Fastly
X-Op-Id-All
Wxu-Next-Commit
X-NCache
Pics-Label
X-LB-NoCache
Wxu-Next-Region
X-Section
Wxu-Next-Hostname
X-Buckets
X-Is-Supported-Browser
X-Is-Tablet
X-API-Version
X-Tcp-Rtt
X-Is-Mobile
X-Is-Desktop
X-Browser-Name
X-Has-Esi
X-JWT-State
Memcached
X-Is-Gdpr
Hostname
Server-ID
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-Beresp-Grace
Sid
X-HA-Backend
X-SIPLIST1
Time
Memory
IsBot
X-Varnish-Beresp-Ttl
X-Scale
Origin-EX
X-Platform-Cluster
YJS-ID
Origin-CC
Cache-Hits
Cdn-Requestid
X-Platform-Processor
X-B3-Parentspanid
X-Wp-Cf-Super-Cache-Active
X-Platform-Router
X-ZONE
X-Presslabs-Stats
X-Cached-By
X-Tb-Optimization-Total-Bytes-Saved
CF-Ctrl
X-TIM-N
X-Air-Source
X-Zone
X-Air-Trace-Id
X-Air-Hostname
X-PHP-Backend
X-Backend-Instance
Location
X-Frame-Option
X-WP-CF-Super-Cache-Active
X-TA-CDN-Provider
X-Fpc
Resin-Trace
X-Origin-Cache-Key
X-Hyper-Cache
X-Internal-Host
X-Cs
X-NGINX-Cache
X-Azure-Ref-OriginShield
X-LiteSpeed-Cache-Control
X-Webstats-RespID
Uri
X-Service
GeoIP-Latitude
Epwk-X-Cache
X-DC
X-Country-Code-Real
X-Origin-Expires
X-Microcachable
GeoIp-Country-Code
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Site-Version
X-FTR-Expires
X-DataCenter
X-Nitro-Rev
X-Nitro-Cache-From
Cache-Host
X-VC
XServer
X-Locale
X-Info
XM
True-Client-Ip
X-VCache
LB
Cdn
X-VarnishDD-TTL
X-SRV
True-Client-IP
Cdn-Request-Time
X-Web-Node
NtCoent-Length
PFcat
X-Edge-Server
X-HN
GeoIP-Country-Code
X-Cache-Ttl
Cdn-Host
X-Pod-Name
X-NewRelic-App-Data
X-CSRF-TOKEN
X-Datacenter
User-Agent
X-Ad-Defer-Variation
X-NMSegId
Req-ID
WZWS-RAY
M-TraceId
X-Geo
X-CS
Fastly-Drupal-Html
X-FPC
Srvid
X-Vercel-Id
X-Vercel-Cache
X-Ad-Load-Variation
Edge-Copy-Time
Locid
WebServer
A
X-FL-EDGE
X-Via-SSL
X-FL-QIT-DEBUG
X-Via-CDN
X-Via-Edge
Cf-Ipcountry
X-APP-VERSION
X-Request-Start
X-Scope-Id
X-MSEdge-Features
X-LiteSpeed-Tag
X-MSEdge-Flight
Pramga
X-M-Log
X-Pad
Cluster
X-M-Reqid
SID
X-Request-URI
Tcn
X-HostName
X-NWS-UUID-VERIFY
X-Qnm-Cache
X-Varnish-Beresp-Status
X-Shield-Cache-Expires
X-Varnish-Authentication
X-Moov-T
X-Contensis-Viewer-Groups
X-ATG-Version
X-Cache-ASPX
X-Moov-Xdn-Version
X-FireWall-Port
CountryCode
X-Api-Version
X-TRACE-ID
X-Cdn-Request-ID
Content-Style-Type
X-Cache-Date
Cdnsip
X-Esi
Cdncip
Path
X-AK-Request-ID
X-Amz-Meta-Opti
Content-Script-Type
Cache-Key
Edge-Cache
X-Branch-Name
Cache-Tv-Group
HostName
X-TH-Server
CDN
Srv
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Cdn-Forward
X-Cache-FS-Status
X-Aicache-OS
X-Render-Time
X-WP-CF-Super-Cache-Cookies-Bypass
XkeyRZ
Yak-Timeinfo
X-Air-Pt
X-Proxy-CacheRZ
X-V-Cache
X-Github-Request-Id
X-VCL-Version
X-CACHE-KEY
Lb
Tube-Get-Contents
Click-Count-Action-Start
Click-Count-Error
State
Wpo-Cache-Message
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Geoip-Latitude
X-Tim-N
Server-Id
X-Akamai-Pragma-Client-IP
Tube-Got-Eval
X-HS-Content-Campaign-Id
Proxy-Connection
X-Servedbyhost
X-Via-Poph
X-SB
X-Platform-Server
Tube-Got-Results
X-Via-Popn
X-Via-Popv
X-Vary
Wpo-Cache-Status
X-Men
On-Server
X-Wa
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Acquia-Purge-Cdn-Unconfigured
Tube-Return
X-Req
X-Planisys-CDN-Cache
V-Age
X-Nc
X-LB-ID
X-B3-Trace-ID
X-Rebelmouse-Cache-Control
X-Lb-Cache
X-Rebelmouse-Surrogate-Control
Ngx-Var-Key
X-Vgn-Hpd-Variations-Key
X-Upstream-Ct
MIME-Version
X-User
X-Lb-Nocache
X-Upstream-Ht
X-Generated-In
X-Vgn-Hpd-Ssi
X-Release
X-Ha-Backend
X-UA
X-Vgn-Hpd-Cached
X-Fastly-Cache
X-Dw-Trace-Id
CF-Cached-On
X-TT-LOGID
X-Rocket-Build-Number
Ohc-File-Size
X-Sigma
X-Sigma-Backend
X-Via-Ucdn
X-Traceid
Ohc-Cache-HIT
X-Fastly-Backend-Reqs
X-Acquia-Application-Trace
PICS-Label
My-App
X-EC-Lua
X-Cache-Remote
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
X-CUA
X-HS-Status
X-Iplb-Request-Id
Yjs-Id
X-Varnish-Beresp-TTL
X-Iplb-Instance
X-Varnish-Director
CACHE-MISS-TO-ORIGIN
Warning
X-Litespeed-Cache-Control
X-CF-Cache-Header-Vary
X-Udemy-Cache-App-Namespace
X-CF-Cache-Header-Cache-Control
X-RAMCache
Cneonction
X-Miniprofiler-Ids
Log-Origin
Ngx
X-Snapshot-Date
X-Fastly-Cache-Hits
Cache
Vha6-Origin
X-ElasticPress-Query
X-Cached-Since
Inserted-Into-Cache-At