Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-ID
X-Request-Id
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
P3p
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
Keep-Alive
X-Proxy-Cache
X-Server
X-Ua-Compatible
X-Ws-Request-Id
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
Allow
X-Amz-Version-Id
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
Cf-Apo-Via
X-Device
X-Dns-Prefetch-Control
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Host
X-Pingback
X-Server-Id
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
EagleEye-TraceId
X-Ruxit-JS-Agent
X-Backend-Server
Request-Id
X-Readtime
X-Cache-Lookup
X-HW
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
Accept-CH-Lifetime
X-Mod-Pagespeed
Accept-Ch-Lifetime
X-Edge
X-CST
X-WebKit-CSP-Report-Only
X-Litespeed-Cache
Content-Location
X-Content-Type
X-Url
X-Mcache
X-MS-InvokeApp
X-Clacks-Overhead
X-Country
Rating
X-Midtier
X-Vname
X-TtlSet
X-PC
X-Amz-Server-Side-Encryption
X-ECACHE
RTSS
X-VARITI-CCR
Cache-Tag
X-ESI
X-D2id
X-Vcap-Request-Id
X-Element-Page-Cache
Origin-Trial
X-Server-Name
Verso
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Ac
X-Ttl
X-Rack-Cache
X-Varnish-TTL
X-Cnection
X-Powered-By-Plesk
Service-Worker-Allowed
X-GitHub-Request-Id
X-Cache-TTL
Xkey
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
X-B3-TraceId
X-Client-IP
X-Abt-Application-Version
X-Amz-Rid
Edge-Control
X-NWS-LOG-UUID
SPIisLatency
SPRequestDuration
X-Cached
Arr-Disable-Session-Affinity
X-Upstream
X-Browser-Type
X-Mg-S
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Px
X-Cache-Key
X-Dw-Request-Base-Id
X-Correlation-Id
Display
X-Middleton-Display
X-Sol
Pagespeed
Content-MD5
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
Edge-Cache-Tag
X-Goog-Hash
X-Fastcgi-Cache
X-XRDS-Location
X-NF-Request-ID
X-Country-Code
Front-End-Https
X-Forwarded-For
X-Version
X-Daa-Tunnel
X-Powered-CMS
TCN
Public-Key-Pins
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-SID
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-MSEdge-Ref
X-T
X-Recruiting
X-Content-Digest
X-RateLimit-Remaining
X-Id
X-Accel-Expires
Response
X-Middleton-Response
X-Ser
X-Amzn-Trace-Id
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Nginx-Cache
S
X-Webkit-Csp
X-Request-Processing-Time
X-Request-Received
X-Ratelimit-Limit
MicrosoftSharePointTeamServices
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
Server-Node
Cache-Status
X-Distributor
X-Hits
Cache-Tags
X-FastCGI-Cache
X-Kinsta-Cache
X-Edge-Location-Klb
X-Grace
Fastcgi-Cache
X-Fastly-Request-ID
Alternate-Protocol
X-Ratelimit-Remaining
Server-Name
X-DataDome
X-LB-Cache
X-Ezoic-Cdn
X-Origin-Server
X-DIS-Request-ID
X-Ua-Browser
X-Geo-Country
X-Protected-By
Cross-Origin-Opener-Policy
X-Microsite
X-Request-Handler-Origin-Region
X-Rid
Filterid
X-Ratelimit-Reset
X-Frontend
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Debug-Info
X-Varnish-Backend
Healthy
X-Logged-In
X-Git-Hash
X-Www-Served-By
X-FB-Debug
Payment
X-Page-Id
X-NGENIX-Cache
X-Forwarded-Proto
Cleartype
X-Load-Cache
X-LLID
X-Hostname
X-ASPNET-VERSION
Charset
X-Origin-Cache
X-Cluster-Name
X-B3-Sampled
X-PressLabs-Stats
Content-Disposition
MS-Author-Via
DC
X-GUploader-UploadID
X-Goog-Metageneration
Accept-Ch
X-VCache
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-Upgrade-Enabled
Realpath
X-Proxy
X-F-Cache
X-Oracle-Dms-Ecid
Retry-After
X-Oracle-Dms-Rid
X-Az
X-Activity-Id
X-AppVersion
Cross-Origin-Resource-Policy
X-Amz-Replication-Status
X-TTL
Accept-Charset
X-Contextid
X-Seen-By
X-Revision
X-Type
X-Amz-Meta-S3cmd-Attrs
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-B-Cache
X-Signature
X-Hosted-By
Paypal-Debug-Id
X-Flags
X-Fb-Rlafr
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Request-Guid
X-Is-Crawler
X-Route-Name
X-Aspnetmvc-Version
X-Azure-Ref
Surrogate-Key
X-App-Environment
X-Varnish-Server
X-Whom
X-Wix-Request-Id
Viewport
X-B3-Traceid
X-B
X-TT
X-DynaTrace
Count-Hit
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
X-Language
X-Source
X-Ruxit-Js-Agent
Referer-Policy
X-App-Server
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Mobile
X-Goog-Generation
X-RateLimit-Limit
X-Goog-Stored-Content-Encoding
X-Template
X-Cache-Control
X-COUNTRY
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Magnolia-Registration
Host
X-Varnish-Grace
X-N
Version
X-EdgeConnect-Cache-Status
X-Oneagent-Js-Injection
X-HTML-Minification-Powered-By
X-Cache-Rule
X-Cache-Age
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Response-Served-From
X-Original-Request-Id
SRV
X-UUID
X-Cache-Time
X-Rule
X-Varnish-Age
X-RTag
MS-CV
Ms-Operation-Id
VIX-Pulpo-Node
X-Cache-Expired-At
X-Framework
SD-X-WS
Section-Io-Cache
X-Trace-Id
X-Cache-Status-Check
Access-Control-Request-Headers
VIX-Pulpo-Upstream-Status
X-Envoy-Decorator-Operation
X-Content-Powered-By
X-Cache-Grace
X-Adobe-Loc
X-Backend-Name
X-ProcessESI
Protected
Akamai-GRN
X-User-Agent
X-RemovedCookies
X-Cacheable-TTL
X-Device-Type
X-Page-View
X-Adobe-Content
Refresh
NGB
Url
X-Akamai-Request-ID2
X-FW-Hash
X-Jobs
X-Is-Bot
X-Instance
X-Http-Reason
X-L-Path
X-NYM-Debug-Backend
X-Status
X-Servername
X-Rendered-As
X-FW-Version
X-G
X-FW-Type
GEO-INFO
X-FW-Dynamic
X-Environment-Context
X-FW-Server
X-FW-Serve
X-FW-Static
X-Server-ID
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
From-Origin
X-CDN-Forward
CDN-RequestId
X-Debug-IsConnected
X-Debug-IsPreview
WPO-Cache-Status
WPO-Cache-Message
X-Fastly-Request-Id
X-Region
X-Times
Front
X-Yottaa-Optimizations
Accept-Language
X-Cache-Hit
X-Yottaa-Metrics
X-Amz-Apigw-Id
X-Amzn-RequestId
Country
X-Tb
X-ECache
Backend
X-Nginx-Cache
X-Newrelic-App-Data
X-Content-Options
X-Unique-Id
Fastly-SWR
Fastly-SIE
X-Node-Name
X-Tt-Logid
Pinterest-Generated-By
X-Zen-Fury
X-Pinterest-Rid
Pinterest-Version
X-Tec-Api-Origin
X-Real-IP
X-Tec-Api-Root
X-Tec-Api-Version
X-DynaTrace-JS-Agent
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Mode
Uber-Trace-Id
X-VC-Cache
Content-Secure-Policy
X-Cache-Operation
Fastly-Drupal-HTML
X-Buckets
Webserver
X-Cache-Server
X-RN-RSRV
X-Ms-Request-Id
Meta-Geo
X-Tumblr-Pixel-2
X-Ms-Version
X-Generation-Time
Filters
X-UPSTREAM-Address
X-Rewrite-Enabled
CF-IPCountry
Azure-Version
X-Format
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Cache-Hits
Onion-Location
X-Time
X-Access
X-Proxy-Cache-Info
Azure-SiteName
X-TIME
X-Web-Node
X-IPS-LoggedIn
X-Reqid
X-Rocket-Nginx-Serving-Static
X-Section
X-Content-Age
X-Amzn-Remapped-Content-Length
TWC-Connection-Speed
TWC-Device-Class
ServedBy
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
X-Cluster-Node
X-Say-Cacheable
X-Say-TTL
X-UA-Device-Type
X-Via-Fastly
X-VWS-Id
X-Origin-Hint
X-SayCDN-TTL
X-Sucuri-Cache
X-Sql-Duration-Ms
X-Sucuri-ID
X-Debug
X-LJ-Flow-ID
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-Cache-TTL-Remaining
X-Cluster
X-BYPASS-REASON
X-AWS-Id
Webcakes-Region
X-PHP-Backend
X-Soup
X-ProxyCache-Key
X-Sql-Count
X-Proxy-Cache-Status
X-Proto
X-Cms-Context
Webcakes-App-Version
X-Adobe-Source
Liferay-Portal
Node
X-Locale
X-Skip-Cache
Web-Mar-Node
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Cache-Action
X-Handled-By
X-Varnish-Beresp-Grace
S-Rt
DB-Nickname
Apigw-Requestid
X-PHP-Host
X-Site-Version
X-SRV
Cache-Name
X-Server-W
X-No-Session
X-Cache-Host
X-Urbn-Context-Path
X-Xfnlog-Site
X-FB-TRIP-ID
X-Detected-As
X-Timing-Wait
X-Urbn-Site-Id
X-Edge-Location
X-Extlb
Mn-Server-Ip
X-LSADC-Cache
Cross-Origin-Window-Policy
X-SaId
X-Routing-Service
X-Proxy-Build
X-Proxied
X-LAGOON
X-JoinUs
X-GeoCountry
X-Zipkin-Id
Locale
Selected-Fe
X-GeoCode
X-IPLB-Instance
X-IPLB-Request-ID
X-Ua
WP-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Mime-Version
CDN-Uid
Fastcgi-Useragent
ServerID
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-Origin-Date
X-Tumblr-Pixel-3
X-Optimistic-Header
X-XRDS-LOCATION
X-Hl-Ver
Source
CF-Cached-On
X-Uri
X-Request-Time
Countrycode
X-Cache-Debug
X-Redis-Cache
X-Varnish-Hits
X-App-Version
X-Mg-Request-UUID
X-GEO
Upgrade-Insecure-Requests
X-Generated-By
X-TNCMS
X-Director
Xet-Cookie
X-ARC
X-Loop
X-Akamai-Transformed
X-CACHE-AGE
X-Tx-Id
Xserver
Cache-Tv-Group
X-Origin-CC
X-Pass-Why
X-Webkit-CSP-Report-Only
X-Origin-TTL
X-Presslabs-Stats
X-FireWall-Port
X-URL
Frame-Options
X-Varnish-Beresp-Ttl
X-NWS-UUID-VERIFY
X-Varnish-Ttl
X-Varnish-Cache-Hits
X-Service
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Varnish-Hostname
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ServerID
X-Newrelic-Synthetics
X-RM-Cache-TTL
X-Storage
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Tid
X-DC
X-Mobile-URL
X-TIM-N
X-BBC-Edge-Cache-Status
X-D
X-Mid
X-Loc
X-Level-Front-Cache
X-BCube-Filmed-By
X-Location
X-TA-CDN-Provider
X-Thinkindot-L3
X-Test
X-Nyt-Route
X-Aed
Req-Svc-Chain
X-Bc-Bl
Rendered-Blocks
Release
Origin
X-Conf
X-CMSURLCustom
Redirect-Candidate
X-Core-Value
Odigeo-Trace-Id
X-External-Request-Id
Gannett-Cam-Experience-Id
X-Epic-Correlation-Id
Cache-Host
Host-ID
Candidate-Md5Url
X-Generated-On
DCR-Decision-By
X-Frame-Option
X-Gdpr
Edge-Cache
BehaviorPad-Version
X-Ec-GeoHdr
X-Developer
X-Httpd
Ngx.Var.Host
X-B-Cookie
Meta-Geo-Continent
Memcached
X-Ec-Fail
Lang
A
MD5-Digest
X-Destination
X-Request-Host
Thinkindot-CacheControl
WWW-Authenticate
X-A-Wwc
Thinkindot-CacheControl-Type
X-A-Dgt
X-S-Cookie
X-S
TDXMobile
T-Server
Xc-Version
X-Rocket-Build-Number
X-Rojux
X-A-Dcw
X-A-Dam
DCR-Processing-Time-Ms
X-Application
X-Cache-Info
X-VG-TLSProxy
X-Vdms-Version
X-A
X-A-Ccd
Thinkindot-Control
X-ScT
X-Served-From
X-Sigma
X-Sigma-Backend
X-Cache-NE
X-S-Maxage
X-Vdms-Path
X-Platform-Router
Sslversion
X-Platform-Cluster
X-Origin-Time
X-SRCache-Key
X-Endurance-Cache-Level
X-Processor
X-Platform-Processor
Environment
Surrogated-Key
X-Pubstack
X-B3-Spanid
X-Auto-Login
Fastly-Backend-Name
X-Akamai-Device-Characteristics
Gh-Request-Id
Tube-Return
X-Cdn-Srv
X-Fetched-On
Fastly-GeoIP-CountryCode
X-Cache-Bucket
Decoy-Debug-Key
Server-Host
X-DefElseHash
Decoy-Debug-Status
X-Clara-WADP
X-Cdn-Origin
DSUID
Decoy-Debug-TTL
X-Fmm-Version
Server-Info
X-DefHash
NGX
X-Developers
Ssr
Tube-Got-Results
We-Hiring
NM-Fastcgi-Cache
X-Core-Mission
State
Tube-Get-Contents
X-CUA
Vix-Hermes-Req-Id
X-Ec-Custom-Error
Magicmarker
Tube-Got-Eval
Mail-Subject
X-Bip
X-Old-Content-Length
X-HS-Content-Campaign-Id
X-Thanos
X-Human
X-INCAP-ABP
X-SVT-ORM-VERSION
X-Varnish-Beresp-Status
X-Hash
AKAMAI
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Pool
X-NodeID
X-Platform-Server
X-Origin-Response-Time
X-Req
X-Restarts
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-SD-PageType
X-SB
X-Org
X-Varnish-Remaining-TTL
X-Geo-Header
X-GeoIP
X-WP-CF-Super-Cache-Active
X-GeoIP-City
Click-Count-Action-Start
Click-Count-Error
Country-Code
X-Cache-Date
Cluster
CloudFront-Viewer-Country
X-Worker
CacheControlHeader
Apple-News-Services-Host
X-WA-Info
X-VServer
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-We-Are-Hiring
X-WADP-Cache
Cache-Key
X-Vmg-Version
C-Via
X-Parent-Response-Time
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Device-Os
X-Varnishpool
X-Azure-Ref-OriginShield
X-GeoIP-Region-Code
X-VarnishDD-TTL
X-HN
X-Hnp-Log
X-Var-Ttl
X-Variation
X-Dispatcher-Number
X-Gzip
X-DPWN-IS-SECURE
X-FC-Vary-Parameters
X-App
X-Gen-Mode
X-Mvc-Supplant-Cachable
X-Fastly-Backend
X-Wix-Viewer-Type
X-Irp-Debug
X-Esi-Check
X-GeoIP-Country-Code
X-Dispatcher-Server
X-Block-Status
X-Node-Id
X-Qloud-Router
X-Region-Sid
X-Nginx-Cache-Key
X-Cache-Tags
X-CacheTTL
X-Ckpd-Fst-Backend
X-Gamma-Serve
X-Origin
X-Platform
X-Request-Start
X-NCache
X-Slack-Shared-Secret-Outcome
X-Cache-Backend
X-Op-Id-All
X-Men
X-Cache-Id
X-Slack-Backend
X-Minions-Version
X-Scale
X-Date
X-LB-NoCache
X-Accel-Expires-Debug
Pics-Label
Origin-EX
Datacenter
SID
Cmstype
PFcat
Machine
Platform
Is-Eu
Server-Ext
Server-Hostname
Producers
Sever-Int
L
Cmsid
X-Accel-Buffering
Wxu-Next-Region
On-Server
X-Ad-Defer-Variation
Origin-CC
CDCHOST
Wxu-Next-Hostname
Cache-Provider
Canary
User-Cache-Control
Adler-Geo
Web-Mar-Region
Wxu-Next-Commit
X-Server-IP
X-Mly-Id
Fastly-SSL
X-Forwarded-Site
X-Refresh
X-V-Cache
X-Up
Load-Balancing
X-Eu-Site
X-AIR-PT
HA-Ipaddr
Ha-Gx-Prefs
Kp-EeAlive
L5d-Success-Class
X-CGP
X-Planisys-CDN-TTL
X-Cache-Remote
X-Cache-FS-Status
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Owner
X-Csrf-Jwt
X-CSRF-Token
X-Microcachable
Svr
X-Api-Version
X-Nananana
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
Env
X-Aicache-OS
HostName
GeoIP-Latitude
X-Fastly-Cache
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-Instance-Name
X-ND-Cache
X-Origin-Expires
X-RCS-CacheZone
X-VC
X-Trace-ID
X-NGINX-Cache
X-Nc
Time
X-HA-Backend
X-Response-By
X-HS-Status
Memory
X-Release
X-Cached-By
X-NewRelic-App-Data
X-Zone
Cdn
X-FL-EDGE
Srvid
Locid
X-FL-QIT-DEBUG
X-Generated-In
X-Wa
Server-ID
X-From
Expect-Staple
Cache
X-ZONE
X-Webkit-CSP
X-Provided-By
X-Edge-Pop
X-DataCenter
X-Via-CDN
X-Cache-Enabled
Cdncip
Cdnsip
X-AK-Request-ID
NtCoent-Length
X-Vc
Edge-Copy-Time
X-Via-Edge
X-Via-SSL
X-Gateway-Cache-Status
X-Via-NSCOPI
X-Nf-Request-Id
X-Gateway-Skip-Cache
X-Fpc
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Esi
X-Check-Cacheable
X-Correlation-ID
X-Hcs-Proxy-Type
X-API-Version
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Client-Ip
X-Air-Pt
X-LB-ID
Hostname
X-Debug-Cache-Fetch
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
GeoIp-Country-Code
X-Lambda-Id
X-Vgn-Hpd-Cached
X-Debug-Cache-Store
X-Vcl-Version
X-Dc
X-CS
X-CSRF-TOKEN
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
XkeyRZ
X-Proxy-CacheRZ
CPC-Age
X-Via-JSL
CPC-Cache
VNS-Cache
X-MCACHE
X-Amz-Meta-Cb-Modifiedtime
VNS-Age
Ngx-Var-Key
True-Client-IP
X-Micro-Cache
X-Vtex-Remote-Cache
Sid
X-B3-SpanId
X-Srv
X-Cs
X-Render-Time
X-APP-VERSION
X-VCL-Version
True-Client-Ip
X-Request-URI
X-VCT
OT-Force-Account-Verify
IsBot
Path
X-SIPLIST1
X-TH-Server
X-EC-Lua
X-Info
Uri
X-Fastly-Country-Code
X-ATG-Version
X-Cache-NGX
Srv
Fastly-Drupal-Html
X-MSEdge-Features
X-Upstream-Ht
X-MSEdge-Flight
Esi-Enabled
X-Upstream-Ct
X-Cache-Type
Request-ID
X-Cache-ASPX
Location
GeoIP-Country-Code
X-Contensis-Viewer-Groups
Resin-Trace
X-Varnish-Authentication
M-TraceId
X-RateLimit-Reset
X-RateLimit-Limit-Second
X-PAYTM-SRV-ID
CDN
X-CLOUD-TRACE-CONTEXT
X-Cdn-Request-ID
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-RateLimit-Remaining-Second
YJS-ID
X-Udemy-Cache-App-Namespace
X-Oss-Storage-Class
X-Oss-Server-Time
X-Cache-Expires
X-Accel-Version
X-Varnish-Beresp-TTL
X-FPC
X-Oss-Request-Id
X-Lb-Id
Cross-Origin-Opener-Policy-Report-Only
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-TX-ID
XServer
N-Cache
Servername
X-Service-Response-Time
X-Wikidot-Static-Cache
Sm-Log-Id
X-Pod-Name
X-Datacenter
X-Edge-POP
RNT-Machine
RNT-Time
X-Wikidot-Backend
X-Akamai-Pragma-Client-IP
X-Shop-Environment
X-Tenant
Timeexpire
X-Cdn-Cache-Status
HIT
X-Orig-Expires
X-CDN-Cache-Status
X-Datadome
X-Bl-Debug
LB
X-MP-GENERATED-AT
X-Forwarded-Path
Traceparent
X-B3-Trace-ID
X-Moov-Xdn-Version
X-Moov-T
X-Scheme
Server-Id
X-SERVER-NAME
X-WA
X-Geo
X-ApacheServer
X-Viewer-Country
X-PERF
CountryCode
X-Ha-Backend
FSS-Cache
X-Srcache-Fetch-Status
X-NC
X-App-Name
X-Policy
Ohc-File-Size
X-Srcache-Store-Status
X-CACHE-KEY
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-ID
Epwk-X-Cache
X-Via-PopV
X-Via-PopN
Yjs-Id
X-Via-PopH
X-TraceId
X-LiteSpeed-Cache-Control
X-MiniProfiler-Ids
X-ServedByHost
Proxy-Connection
ENV
X-NAPM-TraceId
X-Dw-Trace-Id
X-Serial
X-Amz-Meta-Opti
Cneonction
Powered-By
WZWS-RAY
X-Cdn-Forward
X-Snapshot-Date
Geoip-Latitude
X-Hyper-Cache
X-M-Log
X-M-Reqid
Content-Script-Type
X-Vgn-Hpd-Reason
User-Agent
Content-Style-Type
X-Qnm-Cache
Ec-Rule-Version
X-Swift-Error
X-Lb-Nocache
Lb
Hit
X-RAMCache
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-B3-Parentspanid
X-Fastly-Backend-Reqs
Serverid
X-Iplb-Instance
X-F-Status
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-TT-LOGID
X-Wp-Cf-Super-Cache
X-UA
X-Iplb-Request-Id
X-Fastly-Cache-Hits
X-Ctl-Mach
X-Webstats-RespID
X-Cdn-Diag
Req-ID
X-Mid-Debug-Cache-Disk
MIME-Version
My-App
Rip
X-B3-ParentSpanId
Tracecode
V-Age
True-Client-Country-4JS
X-IPS-Cached-Response
X-LiteSpeed-Tag
X-Clientip
X-Request-URL
X-Mid-Debug-Cache-Key
Warning
X-Th-Server
Inserted-Into-Cache-At
X-Cache-Ngx
X-UP
Ngx
X-Stale