Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Request-ID
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-UA-Device
Server-Timing
Request-Context
X-Dns-Prefetch-Control
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
X-Amz-Id-2
EagleId
X-Backend
X-AH-Environment
P3p
X-Proxy-Cache
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Ua-Compatible
X-Page-Speed
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
Cf-Apo-Via
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
EagleEye-TraceId
X-Server-Id
X-Ruxit-JS-Agent
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Cache-Spec
X-Content-Security-Policy-Report-Only
X-Cache-Lookup
X-HW
Accept-Ch-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Application-Context
X-Trace
X-Response-Time
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Litespeed-Cache
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
Content-Location
X-Mcache
X-MS-InvokeApp
X-Content-Type
X-Url
Accept-CH-Lifetime
X-Clacks-Overhead
X-PC
X-Vname
X-CST
X-TtlSet
X-Amz-Server-Side-Encryption
X-Midtier
Rating
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Rack-Cache
X-Element-Page-Cache
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
Origin-Trial
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Exp-Variant
Verso
X-VARITI-CCR
X-Server-Name
X-Ac
X-GitHub-Request-Id
X-Powered-By-Plesk
Service-Worker-Allowed
X-Ttl
X-Cnection
X-ECACHE
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
X-Client-IP
Xkey
X-Abt-Application-Version
Edge-Control
SPRequestDuration
SPIisLatency
X-Upstream
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Cached
X-Mg-S
X-Dw-Request-Base-Id
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-NWS-LOG-UUID
X-B3-TraceId
X-Px
X-FastCGI-Cache
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Varnish-TTL
X-Cache-Key
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-Forwarded-For
Edge-Cache-Tag
X-Country-Code
X-Correlation-Id
X-NF-Request-ID
X-Goog-Hash
X-Webkit-Csp
X-Powered-CMS
Content-MD5
TCN
X-Ser
Front-End-Https
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-SID
Public-Key-Pins
X-RateLimit-Remaining
X-Id
X-Version
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
Accept-Ch
X-Content-Digest
X-Amzn-Trace-Id
X-Recruiting
X-MSEdge-Ref
X-T
X-Ratelimit-Limit
Response
X-Middleton-Response
X-Accel-Expires
TP-L2-Cache
TP-Cache
MicrosoftSharePointTeamServices
X-Shield-Request-Id
X-XRDS-Location
S
Nginx-Cache
Cache-Status
X-Daa-Tunnel
X-Request-Received
Server-Node
X-Request-Processing-Time
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
MRF-Tech
Cache-Tags
X-B3-TraceId-Primal
Mrf-Cache-Status
Cross-Origin-Opener-Policy
X-Fastcgi-Cache
X-Distributor
X-Hits
X-Fastly-Request-ID
X-TEC-API-ORIGIN
X-PressLabs-Stats
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Kinsta-Cache
X-Edge-Location-Klb
X-LB-Cache
X-Origin-Server
X-Ratelimit-Remaining
X-Ezoic-Cdn
X-Ua-Browser
Fastcgi-Cache
Alternate-Protocol
Filterid
X-Grace
X-Hostname
X-Ratelimit-Reset
X-Frontend
X-LLID
X-Geo-Country
X-Request-Handler-Origin-Region
X-ORACLE-DMS-RID
Server-Name
X-ORACLE-DMS-ECID
X-Microsite
X-DIS-Request-ID
X-Rid
X-Logged-In
Healthy
X-FB-Debug
X-Varnish-Backend
X-Git-Hash
X-Www-Served-By
X-NGENIX-Cache
X-Debug-Info
Cleartype
Payment
Realpath
X-Protected-By
X-Cluster-Name
X-Load-Cache
X-Page-Id
DC
X-Forwarded-Proto
MS-Author-Via
X-ASPNET-VERSION
X-ECache
X-DataDome
Content-Disposition
Access-Control-Allow-Method
X-B3-Traceid
X-Origin-Cache
Charset
X-B3-Sampled
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Server-ID
X-Activity-Id
X-Az
X-AppVersion
X-Proxy
X-Seen-By
X-F-Cache
Count-Hit
X-Cache-Age
X-Amz-Replication-Status
X-Amz-Meta-S3cmd-Attrs
X-Azure-Ref
X-Fb-Rlafr
X-Whom
Paypal-Debug-Id
X-TTL
X-Times
Cross-Origin-Resource-Policy
X-Revision
X-B
X-Type
Surrogate-Key
X-Contextid
X-Akamai-Edgescape
X-Flags
Accept-Charset
X-Aspnetmvc-Version
Viewport
X-App-Environment
X-Is-Crawler
X-Providence-Cookie
Retry-After
X-Aspnet-Duration-Ms
X-Route-Name
X-Request-Guid
X-Wix-Request-Id
X-Varnish-Server
X-TT
X-Hosted-By
X-B-Cache
X-Signature
X-Language
X-DynaTrace
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Source
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Varnish-Ttl
X-Envoy-Decorator-Operation
X-App-Server
X-Mobile
X-Magnolia-Registration
X-Varnish-Grace
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-VCache
Host
WPO-Cache-Message
X-Oneagent-Js-Injection
Version
WPO-Cache-Status
Referer-Policy
X-Cache-Rule
X-N
X-HTML-Minification-Powered-By
Refresh
X-Response-Served-From
X-Varnish-Age
X-Original-Request-Id
Access-Control-Request-Headers
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Cache-Time
X-Tumblr-Pixel-0
X-Rule
X-Amz-Apigw-Id
X-Cache-Status-Check
X-EdgeConnect-Cache-Status
X-Amzn-RequestId
VIX-Pulpo-Node
X-UUID
X-User-Agent
SD-X-WS
Protected
Ms-Operation-Id
MS-CV
X-Content-Powered-By
X-Cacheable-TTL
X-Framework
X-G
CDN-RequestId
X-Cache-Grace
X-Jobs
X-RTag
VIX-Pulpo-Upstream-Status
X-Ruxit-Js-Agent
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-Device-Type
From-Origin
GEO-INFO
X-Backend-Name
Section-Io-Cache
X-Environment-Context
X-FW-Type
X-RemovedCookies
X-L-Path
X-ProcessESI
X-FW-Version
X-Tt-Trace-Host
X-Tt-Trace-Tag
NGB
X-Status
Akamai-GRN
X-Instance
X-Trace-Id
X-Page-View
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-RateLimit-Limit
X-Cache-Expired-At
X-Akamai-Request-ID2
X-Adobe-Content
X-Adobe-Loc
X-Http-Reason
X-Is-Bot
X-Region
X-XRDS-LOCATION
X-Nginx-Cache
X-NYM-Debug-Backend
X-Rendered-As
Front
X-Servername
Url
X-Fastly-Request-Id
X-Unique-Id
SRV
Accept-Language
X-Template
X-CDN-Forward
Liferay-Portal
Pinterest-Generated-By
X-Content-Options
X-Pinterest-Rid
Pinterest-Version
X-Debug-IsConnected
X-Debug-IsPreview
Fastly-SIE
Fastly-SWR
Backend
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Newrelic-App-Data
X-Air-Trace-Id
X-Time
X-Cache-Hit
X-Air-Hostname
X-Air-Source
X-Zen-Fury
Country
X-DynaTrace-JS-Agent
X-Mode
Content-Secure-Policy
X-COUNTRY
X-Cache-Operation
X-Rocket-Nginx-Serving-Static
Node
X-Uri
Webserver
Meta-Geo
X-RN-RSRV
Filters
X-Generation-Time
X-IPS-LoggedIn
X-UPSTREAM-Address
X-Cache-Server
X-Content-Age
Uber-Trace-Id
S-Rt
X-Proxy-Cache-Info
X-Rewrite-Enabled
X-Tumblr-Pixel-2
Onion-Location
X-Amzn-Remapped-Content-Length
X-Proxy-Build
Azure-SiteName
Cache-Hits
CF-IPCountry
X-Locale
X-Web-Node
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Timing-Wait
X-PHP-Backend
Azure-RegionName
X-Tumblr-Pixel-3
X-Edge-Location
X-Tb
Selected-Fe
X-Soup
X-Cache-Action
X-ARC
X-Access
X-Cluster-Node
Cache-Name
X-BYPASS-REASON
X-Format
X-Cms-Context
X-Site-Version
X-Sucuri-Cache
X-Real-IP
X-Server-W
X-ProxyCache-Status
X-Via-Fastly
X-ProxyCache-Key
X-Sucuri-ID
X-SayCDN-TTL
X-Section
X-PHP-Host
X-Origin-Date
X-Varnish-Beresp-Grace
X-Ms-Request-Id
X-Labrador-Cache-Channel
X-Say-Cacheable
X-Say-TTL
X-Skip-Cache
X-Proto
X-Ms-Version
Property-Id
X-Zipkin-Id
ServedBy
Cross-Origin-Window-Policy
X-UA-Device-Type
TWC-Connection-Speed
X-Proxied
X-VC-Cache
X-R9-Blue-Green-Version
DB-Nickname
TWC-Privacy
X-Sql-Duration-Ms
X-Cache-Host
X-Reqid
X-Debug
X-Extlb
X-Handled-By
X-Routing-Service
X-Sql-Count
Webcakes-Region
X-Proxy-Cache-Status
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
X-Forwarded-Host
Webcakes-App-Name
X-Origin-Hint
TWC-Device-Class
Webcakes-App-Version
Countrycode
WP-Super-Cache
X-VWS-Id
X-IPLB-Instance
X-LJ-Flow-ID
X-SaId
X-AWS-Id
X-IPLB-Request-ID
X-Optimistic-Header
Cache-Tv-Group
Web-Mar-Node
X-LAGOON
X-JoinUs
Apigw-Requestid
X-FB-TRIP-ID
X-Adobe-Source
X-Detected-As
X-No-Session
X-Cluster
X-Ua
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Cache-TTL-Remaining
Mn-Server-Ip
X-App-Version
X-LSADC-Cache
ServerID
Fastcgi-Useragent
X-GeoCountry
X-GeoCode
X-Node-Name
X-Tt-Logid
X-WP-CF-Super-Cache-Cache-Control
X-Xfnlog-Site
X-WP-CF-Super-Cache
X-Director
Mime-Version
Source
Upgrade-Insecure-Requests
X-Varnish-Hits
Frame-Options
X-GEO
X-Buckets
CDN-Cache
CDN-Uid
X-Hl-Ver
Fastly-Drupal-HTML
CDN-CachedAt
X-Generated-By
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
X-Tec-Api-Origin
X-Tec-Api-Version
X-TIME
X-Tec-Api-Root
X-Mg-Request-UUID
X-Request-Time
X-FireWall-Port
X-Varnish-Cache-Hits
Load-Balancing
X-Api-Version
X-TA-CDN-Provider
X-Redis-Cache
X-Webkit-CSP-Report-Only
Xet-Cookie
X-Loop
X-Origin-CC
X-Varnish-Hostname
X-URL
X-RM-Cache-TTL
X-Origin-TTL
X-ServerID
X-Datadog-Sampled
CF-Cached-On
X-Datadog-Trace-Id
X-SRV
X-Cache-Debug
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Tx-Id
X-Akamai-Transformed
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Storefront-Renderer-Rendered
X-Served-From
X-Pubstack
X-Endurance-Cache-Level
X-Pass-Why
X-Newrelic-Synthetics
X-Storage
X-CSRF-Token
X-Request-Host
Xserver
X-Service
X-Location
X-Restarts
X-TNCMS
Server-Info
Odigeo-Trace-Id
A
Lang
Origin
X-A
Release
Redirect-Candidate
X-A-Ccd
X-A-Dam
Ngx.Var.Host
Meta-Geo-Continent
X-A-Dcw
Memcached
MD5-Digest
Host-ID
X-A-Dgt
NM-Fastcgi-Cache
Cache-Host
Sslversion
Gannett-Cam-Experience-Id
Server-Host
Thinkindot-CacheControl
TDXMobile
Surrogated-Key
Edge-Cache
DSUID
Rendered-Blocks
Candidate-Md5Url
WWW-Authenticate
T-Server
DCR-Decision-By
Thinkindot-Control
DCR-Processing-Time-Ms
Thinkindot-CacheControl-Type
BehaviorPad-Version
X-Ec-GeoHdr
X-Rocket-Build-Number
X-Processor
X-Rojux
X-S
X-S-Maxage
X-S-Cookie
X-Platform-Router
X-Platform-Processor
X-Nyt-Route
X-Mobile-URL
X-Origin
X-Origin-Time
X-Platform-Cluster
X-ScT
X-Sigma
X-TIM-N
X-Thinkindot-L3
X-Vdms-Path
X-Vdms-Version
Xc-Version
X-We-Are-Hiring
X-Thanos
X-Test
X-Sn-Servicetimems
X-Sigma-Backend
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Mid
X-Men
X-Cache-NE
X-Cache-Info
X-Cdn-Origin
X-CMSURLCustom
X-Core-Mission
X-Conf
X-Cache-Date
X-Bip
X-Application
X-Akamai-Device-Characteristics
X-B-Cookie
X-Bc-Bl
X-BCube-Filmed-By
X-CUA
X-D
X-Httpd
X-Hash
X-INCAP-ABP
X-Level-Front-Cache
X-Loc
X-Generated-On
X-Gdpr
X-Developer
X-Destination
X-Ec-Fail
X-Epic-Correlation-Id
X-External-Request-Id
X-A-Wwc
X-Aed
X-Correlation-ID
X-Provided-By
X-WP-CF-Super-Cache-Active
HostName
X-Date
X-DefHash
X-DefElseHash
X-CacheTTL
X-Cache-Bucket
X-Cache-Id
X-Dispatcher-Number
X-Ec-Custom-Error
X-Fastly-Backend
X-Fastly-Cache
X-Esi-Check
X-Gamma-Serve
X-Fetched-On
X-BBC-Edge-Cache-Status
X-Dispatcher-Server
X-Ad-Defer-Variation
Section-Io-Id
Tube-Get-Contents
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Req-Svc-Chain
Section-Origin-Responded
Tube-Got-Eval
Tube-Got-Results
X-Accel-Expires-Debug
X-Geo-Header
X-Varnish-Beresp-Ttl
We-Hiring
Tube-Return
Vix-Hermes-Req-Id
X-Auto-Login
X-GeoIP-City
X-Var-Ttl
X-Variation
X-Varnish-Beresp-Status
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-SD-PageType
X-Server-IP
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Worker
X-Response-By
X-VServer
X-Vmg-Version
X-Varnish-Remaining-TTL
X-Varnishpool
X-Scale
X-Req
X-Human
X-Is-Gdpr
X-Mvc-Supplant-Cachable
X-HS-Content-Campaign-Id
X-Has-Esi
Platform
X-Gzip
X-Node-Id
X-NodeID
X-Pool
X-Region-Sid
X-Platform
X-Origin-Response-Time
X-Org
X-Origin-Expires
X-GeoIP
X-JWT-State
Is-Eu
Mail-Subject
Click-Count-Action-Start
Fastly-Backend-Name
CloudFront-Viewer-Country
Cmsid
Country-Code
Cmstype
Magicmarker
C-Via
Fastly-GeoIP-CountryCode
Click-Count-Error
CacheControlHeader
Cache-Key
AKAMAI
Adler-Geo
Gh-Request-Id
Environment
X-Parent-Response-Time
Apple-News-Services-Host
X-Planisys-CDN-TTL
X-Core-Value
X-Developers
X-Wix-Viewer-Type
Expect-Staple
X-Clara-WADP
X-Cdn-Srv
X-Cache-Tags
X-Air-Pt
X-Device-Os
X-Accel-Buffering
X-Azure-Ref-OriginShield
X-Cache-FS-Status
X-App
X-Fmm-Version
X-Irp-Debug
X-Instance-Name
X-Planisys-CDN-Cache
X-V-Cache
X-Owner
Apple-News-Services-Handled
Canary
X-Nginx-Cache-Key
X-Mly-Id
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Datacenter
X-Planisys-CDN-Rules
X-WADP-Cache
X-WA-Info
X-FC-Vary-Parameters
X-VG-TLSProxy
X-Frame-Option
X-Forwarded-Site
X-DPWN-IS-SECURE
X-Ckpd-Fst-Backend
Ssr
Apple-News-Services-Request-Url
State
X-Qloud-Router
Kp-EeAlive
X-Release
Apple-News-Services-Parsed-Url
On-Server
X-Request-Start
Origin-CC
Origin-EX
Producers
Web-Mar-Region
Machine
X-Via-CDN
Wxu-Next-Region
X-NCache
X-Aicache-OS
X-SB
Wxu-Next-Commit
L
X-Gen-Mode
Server-Ext
Srvid
Sever-Int
Locid
X-FL-EDGE
X-Minions-Version
X-Platform-Server
Server-Hostname
X-Old-Content-Length
NGX
Cache-Provider
Wxu-Next-Hostname
X-HN
Fastly-SSL
X-FL-QIT-DEBUG
X-Hnp-Log
PFcat
X-Block-Status
X-VarnishDD-TTL
X-Op-Id-All
User-Cache-Control
Edge-Copy-Time
X-CACHE-AGE
X-Via-SSL
X-Via-Edge
X-VC
X-Zone
X-Vcl-Version
X-Eu-Site
X-Microcachable
X-LB-NoCache
X-Cache-Remote
X-B3-Spanid
Ha-Gx-Prefs
X-Nananana
CDCHOST
HA-Ipaddr
X-From
X-Mvc-Supplant-OutputCached
L5d-Success-Class
X-Csrf-Jwt
X-CGP
X-Up
X-Refresh
X-Cache-Backend
Env
X-DC
X-Cache-Enabled
X-Tb-Optimization-Total-Bytes-Saved
X-ND-Cache
GeoIP-Latitude
Cluster
X-Generated-In
Pics-Label
X-Debug-Cache-Store
Decoy-Debug-Status
X-Lambda-Id
Decoy-Debug-Key
X-RCS-CacheZone
Decoy-Debug-TTL
X-Debug-Cache-Fetch
X-Dc
X-Trace-ID
X-Via-Popv
X-Via-Popn
X-Cached-By
X-VCT
X-NWS-UUID-VERIFY
X-Tid
X-Via-Poph
NtCoent-Length
SID
Cache
X-Cs
CPC-Cache
CPC-Age
Memory
Sid
X-Render-Time
Time
X-Edge-Pop
X-HS-Status
X-Vtex-Remote-Cache
VNS-Age
VNS-Cache
X-B3-SpanId
X-Webkit-CSP
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Upstream-Ct
X-HA-Backend
X-LB-ID
X-Servedbyhost
X-Upstream-Ht
X-Hcs-Proxy-Type
X-Srv
X-Nf-Request-Id
Fastly-Drupal-Html
X-DataCenter
Svr
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Nc
X-AIR-PT
X-Vgn-Hpd-Variations-Key
X-Wa
X-Cache-Type
X-TH-Server
X-Presslabs-Stats
X-Esi
AMP-Access-Control-Allow-Source-Origin
Cdn
X-ATG-Version
X-Client-Ip
X-CLOUD-TRACE-CONTEXT
X-NewRelic-App-Data
Server-ID
X-Via-JSL
X-Contensis-Viewer-Groups
GeoIp-Country-Code
X-Cache-ASPX
X-Varnish-Authentication
X-ZONE
Srv
X-Check-Cacheable
X-Fpc
Uri
XkeyRZ
X-Proxy-CacheRZ
X-Vc
X-CF-Lambda-Version
True-Client-IP
X-PAYTM-SRV-ID
X-RateLimit-Limit-Second
X-CF-Lambda-Fn
X-Amz-Meta-Cb-Modifiedtime
X-RateLimit-Remaining-Second
X-MP-GENERATED-AT
Esi-Enabled
XServer
Cdncip
X-Gateway-Skip-Cache
Cdnsip
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-AK-Request-ID
X-Varnish-Beresp-TTL
M-TraceId
X-Gateway-Request-Id
X-Udemy-Cache-App-Namespace
X-CS
X-EC-Lua
X-NGINX-Cache
Hostname
X-Wikidot-Backend
X-Via-NSCOPI
X-Wikidot-Static-Cache
N-Cache
Resin-Trace
X-API-Version
True-Client-Ip
X-CSRF-TOKEN
YJS-ID
RNT-Machine
OT-Force-Account-Verify
X-Orig-Expires
X-CDN-Cache-Status
X-Tenant
X-Shop-Environment
X-MSEdge-Features
X-MSEdge-Flight
RNT-Time
X-FPC
X-Bl-Debug
Lb
X-Forwarded-Path
X-Datadome
X-Fastly-Country-Code
Eomportal-Instance
X-TX-ID
Request-ID
X-Policy
GeoIP-Country-Code
X-APP-VERSION
X-B3-Trace-ID
X-App-Name
X-RateLimit-Reset
CDN
Ngx-Var-Key
X-CACHE-KEY
X-Service-Response-Time
Path
Sm-Log-Id
X-Micro-Cache
Server-Id
X-Cache-Ttl
X-VCL-Version
X-Accel-Version
X-Vcache
X-SIPLIST1
LB
X-WA
IsBot
X-Logging-Id
X-Lb-Id
X-NC
Hit
X-Datacenter
X-Cache-NGX
X-Ha-Backend
X-Request-URI
X-MCACHE
X-Git-Commit
X-Container-Uri
HIT
X-Cdn-Cache-Status
X-Edge-POP
Pramga
X-Info
X-Cdn-Diag
Location
X-SERVER-NAME
X-ServedByHost
Cross-Origin-Opener-Policy-Report-Only
X-Akamai-Pragma-Client-IP
X-Geo
X-ID
X-Cdn-Forward
X-Snapshot-Date
X-Pod-Name
Ohc-File-Size
X-Srcache-Fetch-Status
FSS-Cache
X-VG-WebCache
X-Tncms
Timeexpire
X-Srcache-Store-Status
X-Via-PopV
XM
X-Ctl-Mach
Req-ID
True-Client-Country-4JS
Yjs-Id
X-Acquia-Purge-Cdn-Unconfigured
V-Age
ENV
X-Via-PopN
Geoip-Latitude
Epwk-X-Cache
X-Via-PopH
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Iauth-Set-Uid
X-Clientip
CDN-RequestPullSuccess
X-Amz-Meta-Opti
X-Hyper-Cache
CDN-RequestPullCode
X-Oss-Server-Time
X-Oss-Storage-Class
X-Cache-Expires
X-Cdn-Request-ID
X-Lb-Nocache
X-Fastly-Backend-Reqs
X-Serial
X-Oss-Request-Id
X-Oss-Object-Type
X-Dw-Trace-Id
X-Oss-Hash-Crc64ecma
X-LiteSpeed-Cache-Control
Proxy-Connection
Servername
X-TT-LOGID
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-M-Reqid
X-M-Log
Warning
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Acquia-Application-UUID
X-UP
X-Acquia-Application-Trace
X-RAMCache
X-Acquia-Purge-Tags
X-B3-Parentspanid
X-Acquia-Site
Content-Script-Type
Ec-Rule-Version
X-Swift-Error
X-Qnm-Cache
Cneonction
WZWS-RAY
Content-Style-Type
X-MiniProfiler-Ids
X-Lsadc-Cache
Serverid
X-F-Status
CountryCode
X-UA
X-Cached-Since
Ohc-Cache-HIT
W
X-LiteSpeed-Tag
X-WP-CF-Super-Cache-Cookies-Bypass
PICS-Label
My-App
Ngx
X-Mg-Cache
X-Moov-Xdn-Version
X-Scheme
X-Fastly-Cache-Hits
X-Th-Server
X-Moov-T
X-Webstats-RespID
X-Cache-Ngx
X-Litespeed-Cache-Control
X-IPS-Cached-Response
X-B3-ParentSpanId
MIME-Version