Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
X-Request-ID
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
P3p
X-Dns-Prefetch-Control
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Proxy-Cache
X-Amz-Id-2
X-Backend
X-Age
Host-Header
X-Ws-Request-Id
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
X-Amz-Version-Id
EagleId
Grace
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-Node
Accept-CH
X-OneAgent-JS-Injection
Cf-Railgun
X-Pingback
X-Server-Id
X-Cache-Spec
Surrogate-Control
X-Backend-Server
X-Akam-SW-Version
Request-Id
EagleEye-TraceId
X-Response-Time
X-Cache-Lookup
X-Readtime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-HW
Accept-CH-Lifetime
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Cloud-Trace-Context
X-Trace
Fastly-Restarts
Accept-Ch-Lifetime
X-Country
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
X-Nginx-Upstream-Cache-Status
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Rack-Cache
Edge-Control
X-Edge
X-B3-TraceId
X-Vname
X-TtlSet
X-PC
X-ESI
X-Content-Type
X-Mod-Pagespeed
X-Vcap-Request-Id
X-Ruxit-JS-Agent
X-CST
Verso
X-Oneagent-Js-Injection
X-Ruxit-Js-Agent
X-D2id
Xkey
X-Exp-Id
X-GitHub-Request-Id
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
Cache-Tag
X-Powered-By-Plesk
X-Amz-Rid
X-Mcache
X-Varnish-TTL
Service-Worker-Allowed
X-FastCGI-Cache
RTSS
X-VARITI-CCR
X-ECACHE
X-Upstream
X-Version
X-Navigation-Version
X-Abt-Application-Version
X-Cached
X-Client-IP
X-Ac
X-Cnection
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Server-Name
X-Px
Arr-Disable-Session-Affinity
SPRequestGuid
X-SharePointHealthScore
X-Ttl
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Public-Key-Pins
SPIisLatency
SPRequestDuration
X-Sol
Permissions-Policy
Pagespeed
X-Middleton-Display
Display
Accept-Ch
X-Country-Code
X-Cache-TTL
X-NWS-LOG-UUID
Cf-Apo-Via
X-Ser
X-Middleton-Response
Response
X-Cache-Key
X-Midtier
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-RateLimit-Remaining
X-Forwarded-For
X-Correlation-Id
Access-Control-Request-Method
X-NF-Request-ID
Content-MD5
X-MSEdge-Ref
Front-End-Https
X-DataDome
X-Shield-Request-Id
TP-L2-Cache
TP-Cache
X-T
X-Recruiting
Edge-Cache-Tag
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
MicrosoftSharePointTeamServices
Nginx-Cache
AR-SID
MRF-Tech
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Accel-Expires
X-Webkit-Csp
X-Powered-CMS
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Daa-Tunnel
X-Grace
X-Mg-S
X-Content-Digest
TCN
X-RateLimit-Limit
X-Id
X-Hits
X-Request-Received
X-Request-Processing-Time
Filters
X-HS-Content-Id
Server-Node
X-HS-Cache-Config
X-HS-Combine-CSS
X-Amzn-Trace-Id
X-HS-Hub-Id
Server-Name
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
MS-Author-Via
X-Frontend
Fastcgi-Cache
X-Distributor
X-Geo-Country
X-XRDS-Location
X-PressLabs-Stats
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
S
X-Protected-By
X-Origin-Server
X-Fastly-Request-Id
X-Ezoic-Cdn
X-LLID
X-Language
Cache-Status
X-Fastcgi-Cache
X-Ua-Browser
Filterid
Count-Hit
X-Ab
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Proto
X-F-Cache
X-Seen-By
X-LB-Cache
X-Request-Handler-Origin-Region
X-Page-Id
Payment
Cross-Origin-Opener-Policy
Charset
X-Microsite
X-B3-Sampled
X-FB-Debug
X-Litespeed-Cache
Host
X-Git-Hash
X-Ratelimit-Reset
X-VCache
X-Cluster-Name
X-ASPNET-VERSION
Surrogate-Key
X-TTL
X-Cache-Age
Cache-Tags
X-Rid
Realpath
Accept-Charset
X-Www-Served-By
Alternate-Protocol
Access-Control-Allow-Method
X-NGENIX-Cache
X-Logged-In
X-Origin-Cache
Retry-After
X-Template
X-Upgrade-Enabled
X-Source
X-Az
X-AppVersion
X-Activity-Id
X-Varnish-Backend
X-Type
Cleartype
X-DIS-Request-ID
ServerID
X-Providence-Cookie
X-B-Cache
X-Is-Crawler
X-Request-Guid
X-Wix-Request-Id
X-Signature
X-Route-Name
X-Aspnet-Duration-Ms
X-Flags
X-B
X-Amz-Replication-Status
X-Varnish-Grace
X-TT
X-App-Environment
X-Tb
X-Envoy-Decorator-Operation
Paypal-Debug-Id
DC
X-Hostname
X-DynaTrace
X-Node-Name
Frame-Options
X-Revision
X-Drupal-Cache-Tags
X-Fastly-Request-ID
X-Contextid
X-Proxy
X-Debug
X-Tt-Trace-Tag
X-Cache-Rule
X-Tt-Trace-Host
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-GUploader-UploadID
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Mobile
X-Load-Cache
X-Content-Options
X-Cache-Control
X-Ratelimit-Remaining
Refresh
X-N
Amp-Access-Control-Allow-Source-Origin
Country
X-EdgeConnect-Cache-Status
Node
X-Magnolia-Registration
NGB
X-Response-Served-From
X-Original-Request-Id
X-User-Agent
Akamai-GRN
X-Whom
Viewport
X-Oracle-Dms-Ecid
X-Environment-Context
X-Content-Powered-By
X-Cache-TTL-Remaining
X-Instance
X-Status
Content-Disposition
X-Varnish-Server
X-L-Path
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-Cache-Time
X-Is-Bot
VIX-Pulpo-Upstream-Status
Referer-Policy
X-Unique-Id
Access-Control-Request-Headers
X-Page-View
X-Rendered-As
X-Debug-IsPreview
X-Varnish-Age
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Servername
X-Yottaa-Metrics
X-Oracle-Dms-Rid
VIX-Pulpo-Node
X-Cacheable-TTL
Url
X-Adobe-Content
X-Real-IP
X-Cache-Grace
X-Framework
X-Adobe-Loc
X-Mid
X-G
Srv
X-XRDS-LOCATION
X-Jobs
Uber-Trace-Id
Countrycode
X-Time
X-Content
X-Drupal-Cache-Contexts
X-RemovedCookies
X-ProcessESI
X-COUNTRY
Version
X-CDN-Forward
X-Cache-Expired-At
Cross-Origin-Resource-Policy
Accept-Language
X-Via-JSL
X-Mg-Request-UUID
X-Ratelimit-Limit
X-Http-Reason
X-Trace-Id
X-Cache-Hit
X-Restarts
X-Cache-Operation
X-APP-VERSION
Protected
X-App-Server
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Api-Version
X-IPLB-Instance
X-Backend-Name
X-IPLB-Request-ID
X-Debug-Info
Healthy
X-Hosted-By
X-Azure-Ref
X-Rule
Content-Secure-Policy
Section-Io-Cache
X-Akamai-Edgescape
X-Cache-Action
X-Device-Type
X-FW-Static
X-FW-Server
X-Nginx-Cache-Key
X-FW-Serve
X-SRV
X-FW-Hash
X-FW-Type
Backend
X-Generation-Time
X-FW-Dynamic
Liferay-Portal
X-Tt-Logid
Server-Info
X-Server-ID
GEO-INFO
Load-Balancing
X-Mobile-URL
X-RTag
Meta-Geo
X-UPSTREAM-Address
Ms-Operation-Id
MS-CV
X-RN-RSRV
X-VC-Cache
Fastcgi-Useragent
X-HTML-Minification-Powered-By
X-Mode
X-Storage
CF-IPCountry
X-Section
X-Content-Age
X-Format
Azure-InstanceId
X-Handled-By
Azure-SiteName
X-Proxy-Cache-Status
Azure-SlotName
X-Access
Azure-RegionName
Azure-Version
Onion-Location
TWC-Device-Class
S-Rt
TWC-Locale-Group
TWC-Connection-Speed
TWC-GeoIP-Country
Eomportal-Instance
TWC-GeoIP-LatLong
Property-Id
X-ShardId
X-R9-Blue-Green-Version
X-Cache-Host
X-Proto
X-PCL
X-AWS-Id
X-Origin-Hint
X-Varnish-Beresp-Grace
CDN-RequestCountryCode
X-Urbn-Site-Id
X-OCL
X-Generated-By
X-JoinUs
X-PHP-Host
Web-Mar-Node
X-Alternate-Cache-Key
X-SaId
X-LJ-Flow-ID
CDN-Uid
X-Urbn-Context-Path
CDN-RequestId
X-Labrador-Cache-Channel
X-Locale
X-VWS-Id
X-Shopify-Stage
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
CDN-Cache
X-Sql-Count
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-SayCDN-TTL
X-Cache-Server
CDN-EdgeStorageId
X-Cms-Context
CDN-PullZone
X-FireWall-Port
X-Varnish-Cache-Hits
Locale
X-Say-TTL
X-Say-Cacheable
CDN-CachedAt
X-Sql-Duration-Ms
X-ShopId
Xserver
X-Routing-Service
X-Zipkin-Id
X-BYPASS-REASON
X-ServerID
X-No-Session
X-Hl-Ver
X-Storefront-Renderer-Rendered
X-Site-Version
X-Adobe-Source
X-Ms-Request-Id
X-Redis-Cache
X-Xfnlog-Site
X-Server-W
X-Cache-Type
X-Forwarded-Host
X-Region
X-Proxied
X-GeoCode
X-GeoCountry
X-Extlb
X-Ms-Version
Apigw-Requestid
X-ProxyCache-Status
X-Edge-Location
X-Detected-As
X-ProxyCache-Key
Selected-Fe
X-PHP-Backend
Mn-Server-Ip
X-Uri
X-Skip-Cache
X-Varnishpool
X-Timing-Wait
X-Cache-NGX
X-Tid
X-Varnish-Hostname
X-UA-Device-Type
X-Proxy-Build
X-Request-Time
Cache-Name
X-URL
X-Nginx-Cache
X-Amz-Apigw-Id
WP-Super-Cache
X-Amzn-RequestId
DB-Nickname
X-FB-TRIP-ID
X-Via-Fastly
X-Cache-Enabled
X-Web-Node
X-Datadome
X-Cache-Status-Check
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-UUID
X-DynaTrace-JS-Agent
X-Origin-Date
X-ECache
X-Ua
X-TNCMS
X-Loop
X-Amzn-Remapped-Content-Length
X-Pubstack
X-LSADC-Cache
X-Varnish-Ttl
ServedBy
Xet-Cookie
X-App-Version
X-Reqid
X-Provided-By
X-Zen-Fury
X-Dc
X-Vgn-Hpd-Reason
X-Human
X-Soup
X-RCS-CacheZone
X-Tec-Api-Origin
X-MP-GENERATED-AT
Cache
X-Tec-Api-Root
X-Cache-Tags
X-Tec-Api-Version
Source
X-Tumblr-Pixel-2
X-Aspnetmvc-Version
X-TA-CDN-Provider
X-Origin-TTL
X-Correlation-ID
Origin
X-Origin-CC
X-GEO
X-Cdn
X-Cached-By
X-Webkit-CSP
X-Service
Cross-Origin-Window-Policy
X-Varnish-Hits
X-Debug-Cache
From-Origin
SD-X-WS
WPO-Cache-Status
WPO-Cache-Message
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-NewRelic-App-Data
LB
Webserver
Rendered-Blocks
X-ScT
X-Cache-Debug
MD5-Digest
BehaviorPad-Version
Host-ID
X-Request-Host
Rip
X-IPS-LoggedIn
X-AOL-HN
X-FW-Version
X-Trace-ID
X-Vdms-Path
Surrogated-Key
X-Ec-Fail
X-Developer
X-Vdms-Version
X-Destination
X-Ec-GeoHdr
T-Server
CPC-Cache
CPC-Age
X-A-Dam
X-SRCache-Key
Expiry
Cdnsip
Environment
X-External-Request-Id
X-VG-WebCache
X-User
X-TIM-N
Sslversion
X-Connection-Hash
X-Application
X-ARC
X-B-Cookie
X-A-Ccd
X-AK-Request-ID
X-Aed
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Bc-Bl
X-BCube-Filmed-By
VNS-Age
DCR-Decision-By
X-Shop-Environment
VNS-Cache
X-Cache-NE
X-A
Xc-Version
DCR-Processing-Time-Ms
X-D
X-Tenant
X-Rojux
X-S
X-S-Cookie
Lang
Meta-Geo-Continent
X-PBS-Appsvrname
X-Processor
X-Rewrite-Enabled
Cdncip
X-Parent-Response-Time
X-Forwarded-Path
A
Ngx.Var.Host
X-Orig-Expires
Odigeo-Trace-Id
X-NAPM-TraceId
X-B3-SpanId
HostName
X-B3-Traceid
X-CSRF-Token
X-Platform-Server
X-Accel-Buffering
X-Dispatcher-Number
X-Served-From
Redirect-Candidate
X-Aicache-OS
X-Cluster
X-Owner
X-Cdn-Srv
X-TIME
X-JWT-State
X-Is-Gdpr
X-Auto-Login
X-Developers
Gh-Request-Id
Fastly-Drupal-HTML
Mime-Version
OT-Force-Account-Verify
Upgrade-Insecure-Requests
X-Has-Esi
X-Cluster-Node
X-VC
Web-Mar-Region
Mail-Subject
Machine
Mobile-Detection-Method
V-Age
Decoy-Debug-TTL
State
Fastly-SWR
Ha-Gx-Prefs
Fastly-SSL
Req-Svc-Chain
Servername
Fastly-SIE
Fastly-GeoIP-CountryCode
HA-Ipaddr
Is-Eu
NM-Fastcgi-Cache
L
L5d-Success-Class
Decoy-Debug-Status
Platform
Kp-EeAlive
Producers
Vix-Hermes-Req-Id
We-Hiring
X-Gateway-Skip-Cache
X-Pool
X-Policy
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-NodeID
X-Mvc-Supplant-Cachable
X-Optimistic-Header
X-Origin
X-Planisys-CDN-Cache
X-Request-URI
X-Rocket-Build-Number
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Viewer-Country
X-WADP-Cache
X-Wix-Viewer-Type
X-Variation
X-Thanos
X-Sigma
X-Scale
X-Sigma-Backend
X-Slack-Backend
X-SplitTest
X-Minions-Version
X-Irp-Debug
X-Clientip
X-Clara-WADP
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-CGP
X-CacheTTL
X-Bip
X-BBC-Edge-Cache-Status
X-Cache-Bucket
X-Cache-Id
X-Cache-Info
X-Datadog-Trace-Id
X-DPWN-IS-SECURE
X-Gateway-Request-Id
X-Gateway-Cache-Status
Decoy-Debug-Key
X-Gzip
X-INCAP-ABP
X-Gateway-Cache-Key
X-Forwarded-Site
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-Esi-Check
X-Eu-Site
X-Fmm-Version
X-Ad-Defer-Variation
X-Hash
Cache-Host
X-Origin-Time
Apple-News-Services-Parsed-Url
Adler-Geo
X-Via-NSCOPI
Candidate-Md5Url
X-Nyt-Route
Cmsid
Apple-News-Services-Request-Url
Country-Code
X-Gdpr
Apple-News-Services-Host
Apple-News-Services-Handled
Cmstype
X-Sucuri-ID
X-Core-Value
X-Geo-Header
X-Generated-On
X-HS-Content-Campaign-Id
X-Level-Front-Cache
Server-Host
X-Sucuri-Cache
Fastly-Backend-Name
X-Worker
X-WP-CF-Super-Cache-Active
X-GG-Cache-Date
Tube-Return
Tube-Got-Results
User-Cache-Control
X-Varnish-Remaining-TTL
X-FC-Vary-Parameters
Memcached
Cluster
X-Ckpd-Fst-Backend
X-Branch-Name
Tube-Get-Contents
X-Block-Status
X-Cdn-Origin
X-Fastly-Backend
Tube-Got-Eval
X-Gamma-Serve
X-Core-Mission
X-CMSURLCustom
X-DefHash
X-ATG-Version
Traceparent
X-DefElseHash
X-Varnish-CookieHashed-On
Thinkindot-CacheControl-Type
Wxu-Next-Region
TDXMobile
X-V-Cache
Thinkindot-CacheControl
Wxu-Next-Commit
X-Varnish-CookieINHashed-On
Wxu-Next-Hostname
Thinkindot-Control
Server-Hostname
X-Sn-Servicetimems
X-Hnp-Log
Canary
IsBot
Datacenter
X-GeoIP
X-GeoIP-City
X-SIPLIST1
CDCHOST
X-Proxy-Cache-Info
DSUID
X-Origin-Response-Time
X-Loc
Click-Count-Action-Start
Click-Count-Error
X-Region-Sid
X-Gen-Mode
X-SB
Release
Server-Ext
X-VServer
X-Rocket-Nginx-Serving-Static
Sever-Int
X-Var-Ttl
X-Thinkindot-L3
X-SVT-ORM-VERSION
NGX
Origin-EX
Origin-CC
X-SVT-ORM-RULES
AKAMAI
X-Fetched-On
X-Device-Os
X-Mvc-Supplant-OutputCached
X-LB-NoCache
X-Tx-Id
WebServer
Ec-Rule-Version
X-Azure-Ref-OriginShield
X-Scheme
X-NCache
Svr
X-S-Maxage
Cache-Tv-Group
X-Newrelic-App-Data
X-WA-Info
X-Cache-Remote
X-Udemy-Cache-App-Namespace
Pics-Label
CloudFront-Viewer-Country
Fastcgi-Cache-TTL
X-ND-Cache
Cache-Hits
Sid
Ssr
X-Session-Fingerprint
Time
X-ZONE
AMP-Access-Control-Allow-Source-Origin
Memory
X-Nf-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Generated-In
X-Via-Popn
X-Fastly-Cache
X-Via-Poph
X-Refresh
X-Rebelmouse-Surrogate-Control
X-Origin-Expires
X-Pod-Name
X-Via-Popv
SID
X-Rebelmouse-Cache-Control
X-Pass-Why
Request-ID
X-Up
Server-ID
X-Akamai-Transformed
X-Servedbyhost
X-Presslabs-Stats
Env
X-Tumblr-Pixel-3
X-DC
X-Cs
X-Edge-Pop
X-Dispatch
X-Wa
My-App
X-Release
X-Buckets
X-Fpc
X-Ig-Push-State
X-Lambda-Id
X-Cache-Date
X-Zone
X-MSEdge-Features
X-MSEdge-Flight
X-Esi
X-NC
X-NWS-UUID-VERIFY
X-Conf
X-PX
CDN
X-EC-Lua
X-ID
X-Endurance-Cache-Level
X-MCACHE
X-Req
GeoIp-Country-Code
X-TX-ID
X-Microcachable
X-Dmc
X-LB-ID
X-Xrds-Location
X-VCL-Version
X-CACHE-AGE
X-CS
CacheControlHeader
True-Client-Country-4JS
True-Client-IP
X-TH-Server
X-NGINX-Cache
X-Webkit-CSP-Report-Only
X-Be
Fastly-Drupal-Html
Magicmarker
X-RateLimit-Reset
X-CACHE-KEY
X-Vc
Tcn
X-B3-Spanid
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Op-Id-All
Hostname
X-CSRF-TOKEN
X-HS-Status
X-TRACE-ID
Path
X-Vcl-Version
Resin-Trace
True-Client-Ip
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Srv
X-Hyper-Cache
X-Date
X-Check-Cacheable
X-Air-Hostname
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-M-Log
X-Air-Trace-Id
X-Air-Source
X-Accel-Expires-Debug
X-Alfa-Service
X-Micro-Cache
WWW-Authenticate
X-M-Reqid
GeoIP-Country-Code
X-Air-Pt
X-Varnish-Beresp-TTL
X-Vercel-Cache
Tracecode
Pramga
X-Vercel-Id
X-App
X-Qnm-Cache
X-SERVER-NAME
X-Datacenter
C-Via
X-Old-Content-Length
X-Akamai-Pragma-Client-IP
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-RAMCache
Section-Io-Origin-Status
Section-Io-Id
X-Geo
Yjs-Id
NtCoent-Length
X-CLOUD-TRACE-CONTEXT
X-Cache-Ttl
X-Edge-POP
Powered-By
X-LiteSpeed-Cache-Control
X-WA
X-FPC
X-TrackingId
N-Cache
Proxy-Connection
YJS-ID
X-Webkit-Csp-Report-Only
X-Platform-Router
X-Platform-Cluster
FSS-Cache
Fastcgi-X-Cache-Version
X-Yandex-Sdch-Disable
X-PAYTM-SRV-ID
ENV
Hit
X-Mly-Id
On-Server
X-Platform-Processor
X-Platform
Esi-Enabled
X-Via-CDN
X-API-Version
X-Location
User-Agent
Lb
Server-Id
X-Lb-Id
X-Response-By
X-ServedByHost
X-Cdn-Forward
X-Dw-Trace-Id
X-TT-LOGID
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Varnish-Authentication
X-Via-PopH
HIT
X-Client-Ip
X-Director
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Webstats-RespID
X-Via-PopV
GeoIP-Latitude
X-Via-PopN
X-Edge-Origin-Shield-Bytes
X-Node-Id
X-UA
X-Edge-Origin-Shield-Region
X-Service-Response-Time
Sm-Log-Id
X-AIR-PT
X-FORWARDED-FOR
X-Request-Start
Cdn
X-FL-EDGE
X-Server-IP
X-SD-PageType
Location
X-LAGOON
X-Render-Time
Srvid
X-CUA
X-Akamai-ERRuleID
X-Li-Fabric
Locid
X-From
Dnion-Transfer-Encoding
Geoip-Latitude
X-Li-Pop
X-Akamai-ERPolicy
X-Traceid
X-LI-UUID
X-Instance-Name
X-LI-Proto
X-Test
X-RPS
Ohc-File-Size
X-RSL
X-RPM
X-DSS
X-DB
Swift-Performance
X-DI
X-HA-Backend
X-DW
X-DataCenter
Uri
Nginx-CQVIP
X-LiteSpeed-Tag
XServer
X-Request-Url
X-Via-Ucdn
Cache-Key
X-CF-Powered-By
PICS-Label
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
X-PERF
Server-Ttl
Wpo-Cache-Status
X-HostName
X-Cache-Backend
DynaTrace
X-ApacheServer
X-Cache-Expires
X-Fastly-Backend-Reqs
Wpo-Cache-Message
X-Cdn-Request-ID
Vha6-Origin
X-Proxy-Upstream
M-TraceId
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-Lb-Nocache
X-Cache-Ngx
X-Ramcache
X-Proxy-CacheRZ
Warning
XkeyRZ
CountryCode
Wp-Super-Cache
X-Cc-Via
X-Ips-Loggedin
X-Is-SSL
X-Kebab
X-Ittl
X-IBD-SID
X-Global-Transaction-ID
X-Git-Commit
X-GoCache-CacheStatus
X-Group
X-Header-Sub
X-IBD-Cache
X-Matome-Cached
X-Newegg-Index
X-Newegg-Flow
X-NFL-Dma
X-NFL-Geo
X-Ntj-Investigation-Id
X-NS-Authorization
X-Nerd
X-N-OperationId
X-LbNode
X-Keep
X-Loadbalancer
X-Matched-Rule
X-MTS-Cache
X-GG-Cache-Status
X-Kebabable
X-Ee-Generated-By
X-Delivery
X-Dehri-Date
X-Developed-By
X-Doge
X-DT-Node
X-Dcm-Pdtf
X-Conten-Type-Options
X-Cms-Device
X-Coindesk-Cache
X-Colour
X-Container-Uri
X-Edge-IP
X-NXG
X-Farm
X-F-Status
X-Fastly-Is-Edge
X-Frame-Option
X-Fstrz
X-Eventloop-Lag
X-ETag
X-Ee-Origin
X-Ee-Request-Date
X-Ee-Request-Id
X-Eid
X-Full-Ttl
X-Route-Akamai
X-True-Client-Ip
X-Tried-To-Kebabify
X-U-Cache
X-Upstream-State
X-User-Auth
X-Toujours-Debout-Location
X-Toujours-Debout-Branch
X-SVR-IIS
X-Stack-Name
X-Svr-Proxy
X-Test-Nginx-Ingress
X-Timestamp
X-Utime
X-V2-Infrastructure
X-Xms-Page-Cache-Actions
X-WSR2
X-YSpaceId
XV-Cache
XV-H
X-WP-Bypass
X-Web-Hosting
X-Vary-Devices
X-Ver
X-Wag-Acs
X-Waitingroom
X-SSLProxy
X-Square
X-PG-ACCESS
X-Paywall
X-PGF-Deflate
X-Pver
X-R-Cache
X-PageType
X-OVcl-Cache
X-Okws-Version
X-Odoo-Frontend
X-Onedio-Env
X-Origin-Ops
X-OVcl
X-Reboot
X-Redis
X-ServiceName
X-Server-L
X-Sh
X-Site
X-SMP-JWT
X-Save-Cache
X-Ruby
X-Render-Method
X-Request-Origin
X-Route
X-Cf-Node-Idx
X-Nyt-Data-Last-Modified
X-Arena-Request-Id
Is-Https
HTTPProtocol
Joe-X
NB-ESI
Nikkei-App-Version
HServer
H1
Cluster-Host
Cf-Wrk
CMS-200
Deeplink
Ec-Policy-Id
NLCacheNote
Npm-Cost
Panzer-Cache-Control
Origin-Site
Proxy-Cache
RawURL
Region
Ok-Edge-Key
OK-Edge-Date
Npm-Remaining
Ns
Ns-Ua
Ok-Cache-Status
Cf-Locale
Cf-Device-Type
PFcat
X-HN
WZWS-RAY
XM
X-Mg-Cache
X-VarnishDD-TTL
X-Moov-T
Fastcgi-Cache-Ttl
Req-ID
X-Moov-Xdn-Version
SRV
X-ElasticPress-Query
X-Yottaa-OS
Akamai-X-Url
X-Th-Server
Cache-Stat
Cachekey
Cdn-Country-Code
X-Serial
Cneonction
CF-Cached-On
X-Proxy-Cache-Hk
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Request-Uuid
Rt-Proxy-Cache
X-ARRRG1
X-Ar-Stats
X-ASF-Cache
X-AspNetWebPages-Version
X-Backend-TTL
X-Apache-Server
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-CacheKeyMod
X-AEO-Platform
X-Akamai-DeviceOS
X-Akamai-DeviceType
X-Akamai-Native
X-Backside-Transport
X-BeanStalkRole
X-Cache-ReqUri
X-Cache-Reason
X-Cache-Response
X-CacheVersion
X-CDN-Pop
X-Cache-Proxy
X-Cache-NPR
X-BeanStalkStage
X-Cache-Cookie
X-Cache-IsMobileDevice
X-Cache-Length
X-Accor-Asset
X-Accepted-Language
Store-Cloud-Cache
SII
Sw
T-Request-Id
Technodrome
Shieldsquare-Response
SFRVia
Scheme
Selected-Route
Served
Service-Uuid
Time-Cloud-Cache
Ttl
X-77-NZT
Vttl
X-77-NZT-Ray
X-Accel-Version
X-Accepted-Fulllang
Userver
Uniqueid
TWC-AK-Req-ID
TWC-PATH-LOCALE
TWC-Subs
TWC-Unit
X-CDN-Pop-IP