Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
CF-Ray
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-DNS-Prefetch-Control
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
X-Dns-Prefetch-Control
Server-Timing
Upgrade
X-XSS-PROTECTION
X-CDN
Status
X-Request-ID
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Cache-Group
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-Proxy-Cache
X-UA-Device
X-Server
X-Vhost
X-Rq
X-Server-Powered-By
Allow
X-Age
X-Ws-Request-Id
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
EagleId
P3p
Nel
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Page-Speed
X-Device
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Host
X-Node
Accept-CH
X-Backend-Server
X-CST
Surrogate-Control
X-Cache-Lookup
X-WebKit-CSP
X-Server-Id
Accept-CH-Lifetime
X-Nginx-Cache-Status
X-Readtime
Permissions-Policy
X-Akam-SW-Version
X-Nginx-Upstream-Cache-Status
Request-Id
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Ua-Compatible
X-Trace
X-Response-Time
X-HW
X-Edge
Content-Location
X-Clacks-Overhead
Xkey
X-Mod-Pagespeed
Rating
X-Midtier
X-ESI
X-Url
X-Amz-Server-Side-Encryption
X-ECACHE
X-Ruxit-Js-Agent
X-Ruxit-JS-Agent
X-Mcache
X-Oneagent-Js-Injection
X-Country
X-Upstream
X-Vcap-Request-Id
Cache-Tag
X-MS-InvokeApp
X-D2id
X-Rack-Cache
X-Exp-Id
X-Element-Page-Cache
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
Verso
X-GoogleNews-Bot
X-Litespeed-Cache
X-Powered-By-Plesk
Accept-Ch
Edge-Control
X-TtlSet
X-Vname
X-PC
RTSS
X-Cache-TTL
Fastly-Restarts
Accept-Ch-Lifetime
X-Ac
X-Webkit-CSP
Origin-Trial
X-VARITI-CCR
X-Navigation-Version
Service-Worker-Allowed
X-Country-Code
X-Abt-Application-Version
X-Goog-Hash
X-WebKit-CSP-Report-Only
X-Cached
X-Browser-Type
X-Amz-Rid
Display
X-Sol
Pagespeed
X-Middleton-Display
X-GitHub-Request-Id
X-Aspnetmvc-Version
X-Ttl
X-Varnish-TTL
Cross-Origin-Opener-Policy
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Server-Name
X-B3-TraceId
X-Amzn-Trace-Id
X-Mg-S
X-Content-Type
X-Powered-CMS
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
Arr-Disable-Session-Affinity
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Kinja-CCPA
AR-ATIME
AR-Request-ID
AR-SID
Response
AR-PoweredBy
X-Middleton-Response
SPRequestDuration
SPIisLatency
X-ORACLE-DMS-ECID
X-Cache-Key
X-ORACLE-DMS-RID
X-NWS-LOG-UUID
Pinterest-Generated-By
X-Version
Pinterest-Version
X-Pinterest-Rid
X-SRCache-Fetch-Status
X-Jurisdiction
X-SRCache-Store-Status
X-HP-Trace-Id
X-HP-Webp
AR-CACHE
X-NF-Request-ID
X-Times
X-Accel-Expires
X-Cnection
X-T
Cache-Tags
X-Fastly-Request-ID
Cache-Status
Nginx-Cache
Front-End-Https
Edge-Cache-Tag
X-Server-ID
X-MSEdge-Ref
X-Ser
X-Hits
X-Client-IP
X-RateLimit-Remaining
X-FastCGI-Cache
X-Px
Public-Key-Pins
X-B3-TraceId-Primal
X-B3-Traceid
MRF-Tech
Mrf-Cache-Status
X-Recruiting
Payment
X-LLID
X-Frontend
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Ua-Browser
X-RateLimit-Limit
X-Fastcgi-Cache
X-Shield-Request-Id
S
X-DIS-Request-ID
X-GUploader-UploadID
X-Goog-Metageneration
X-Erf-Stays-Pdp-Viaduct-Migration-Web
TP-Cache
MicrosoftSharePointTeamServices
Content-MD5
Access-Control-Request-Method
X-Amz-Apigw-Id
X-Amzn-RequestId
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Digest
X-HS-Cache-Config
X-LB-Cache
X-Distributor
X-Protected-By
X-Microsite
X-Request-Handler-Origin-Region
Realpath
Access-Control-Allow-Method
X-Page-Id
X-FB-Debug
Fastcgi-Cache
TP-L2-Cache
Accept-Charset
X-Cluster-Name
X-Geo-Country
X-Forwarded-For
X-Rid
X-PressLabs-Stats
X-Ezoic-Cdn
X-Hostname
X-B3-Sampled
X-Daa-Tunnel
X-Webkit-Csp
X-Seen-By
X-Ratelimit-Remaining
X-Aspnet-Version
X-Goog-Stored-Content-Encoding
X-Ua-Device
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-TTL
Cleartype
Referer-Policy
Cross-Origin-Resource-Policy
X-Newrelic-App-Data
X-Mobile
TCN
DC
X-Envoy-Decorator-Operation
X-Webkit-CSP-Report-Only
Count-Hit
X-Correlation-Id
X-Content-Options
X-Varnish-Backend
X-Origin-Cache
X-Debug-Info
X-Ratelimit-Limit
X-Logged-In
X-App-Server
X-Hosted-By
X-Contextid
X-Varnish-Grace
X-Git-Hash
X-Is-Crawler
X-IPS-LoggedIn
X-Grace
X-Aspnet-Duration-Ms
Surrogate-Key
X-Amz-Replication-Status
X-App-Environment
X-Providence-Cookie
X-Flags
X-Fb-Rlafr
X-Route-Name
X-Request-Guid
X-Revision
X-Azure-Ref
Frame-Options
X-TT
X-TEC-API-ORIGIN
X-Edge-Location-Klb
X-Kinsta-Cache
X-Amz-Meta-S3cmd-Attrs
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Origin-Server
X-Forwarded-Proto
X-Client-Ip
Retry-After
WPO-Cache-Message
X-Wix-Request-Id
Alternate-Protocol
X-F-Cache
WPO-Cache-Status
X-Whom
X-RateLimit-Reset
Healthy
X-Magnolia-Registration
Charset
Section-Io-Cache
X-Akamai-Edgescape
X-Backend-Name
X-XRDS-Location
Viewport
MS-Author-Via
X-Id
X-Proxy-Cache-Info
X-App-Version
X-COUNTRY
X-B
Paypal-Debug-Id
SRV
X-Activity-Id
X-Az
X-AppVersion
ServerID
X-N
X-Www-Served-By
X-Language
Akamai-GRN
Host
Filterid
X-Cache-Rule
SD-X-WS
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-ARC
X-Response-Served-From
X-Instance
X-Original-Request-Id
X-Http-Reason
X-Cache-Grace
X-Rule
X-Rocket-Nginx-Serving-Static
X-Edge-Location
X-Varnish-Server
X-Varnish-Age
X-Akamai-Request-ID2
X-User-Agent
X-UUID
X-Status
Protected
Front
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Jobs
X-L-Path
X-Region
X-Is-Bot
X-Unique-Id
X-Rendered-As
X-Page-View
Country
X-FW-Type
X-Environment-Context
X-FW-Version
X-Cacheable-TTL
Fastly-SIE
Fastly-SWR
X-FW-Dynamic
X-Framework
X-FW-Static
Amp-Access-Control-Allow-Source-Origin
From-Origin
X-FW-Server
X-FW-Serve
X-FW-Hash
Server-Name
X-Datadog-Trace-Id
X-Adobe-Loc
X-Cache-Time
Access-Control-Request-Headers
X-Type
X-Adobe-Content
X-Load-Cache
X-Time
X-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-EdgeConnect-Cache-Status
X-G
X-ProcessESI
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-RemovedCookies
X-DataDome
X-Cache-Age
X-Proxy
X-Cache-Control
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Mg-Request-UUID
Refresh
X-Datadog-Sampled
X-Amzn-Remapped-Content-Length
X-CDN-Forward
X-Xrds-Location
X-Debug-IsPreview
X-Debug-IsConnected
Content-Disposition
X-Vcache
X-Signature
X-B-Cache
X-ECache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Drupal-Cache-Tags
X-Source
Backend
Accept-Language
X-Nf-Request-Id
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Countrycode
Webserver
X-DynaTrace
X-Generated-By
Version
Xet-Cookie
X-HTML-Minification-Powered-By
CF-IPCountry
X-Erf-Web-Scheduler
X-Nginx-Cache
X-XRDS-LOCATION
X-Servername
X-DynaTrace-JS-Agent
X-Httpd
X-Tt-Trace-Host
Url
X-Tt-Trace-Tag
X-Mode
Xserver
X-Upgrade-Enabled
X-Storage
GEO-INFO
X-Device-Type
X-NYM-Debug-Backend
X-Oracle-Dms-Ecid
X-Content-Powered-By
X-Template
X-Content-Age
X-Tb
X-Cache-Action
X-Cache-Operation
X-GeoCountry
X-GeoCode
Onion-Location
Azure-RegionName
Azure-InstanceId
X-Director
S-Rt
X-SayCDN-TTL
X-Oracle-Dms-Rid
X-Urbn-Site-Id
X-SaId
X-Urbn-Context-Path
X-Varnish-Cache-Hits
Load-Balancing
Meta-Geo
X-JoinUs
X-Rewrite-Enabled
Azure-Version
X-UPSTREAM-Address
X-Say-TTL
X-Say-Cacheable
Azure-SlotName
X-Proto
Filters
X-LAGOON
X-ServerID
Azure-SiteName
Locale
X-Cluster-Node
X-PHP-Host
Uber-Trace-Id
X-Container-Uri
X-RM-Cache-TTL
X-Labrador-Cache-Channel
X-Soup
X-Forwarded-Host
X-Tt-Logid
X-Git-Commit
Fastcgi-Useragent
X-Varnish-Hostname
X-ID
X-VC-Cache
OT-Force-Account-Verify
X-Varnish-Ttl
X-Sql-Duration-Ms
X-LSADC-Cache
X-Generation-Time
X-Ms-Request-Id
X-Ms-Version
X-Cache-Server
X-Sql-Count
X-Detected-As
X-Adobe-Source
X-Served-From
X-VCT
Web-Mar-Node
Node
TWC-Connection-Speed
Property-Id
Mn-Server-Ip
X-Logging-Id
X-R9-Blue-Green-Version
X-Proxied
X-Origin-Hint
X-RCS-CacheZone
X-Zipkin-Id
X-Skip-Cache
X-Zen-Fury
X-Routing-Service
X-Lambda-Id
X-FB-TRIP-ID
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
X-Extlb
X-Debug
Webcakes-Region
TWC-Device-Class
TWC-Locale-Group
DB-Nickname
X-URL
X-MCACHE
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Format
X-Uri
Selected-Fe
X-Proxy-Build
X-B3-SpanId
X-Sucuri-Cache
X-Fetched-On
X-Timing-Wait
X-Loop
X-Tncms
X-TimeS
X-Drupal-Cache-Contexts
X-Sucuri-ID
X-Rn-Rsrv
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Cache-Hit
Liferay-Portal
X-Srv
X-Endurance-Cache-Level
Source
Cross-Origin-Window-Policy
X-Ua
X-Redis-Cache
X-Origin-Date
CDN-RequestId
X-MP-GENERATED-AT
X-Fastly-Request-Id
Fastly-Drupal-HTML
Section-Io-Origin-Status
X-Varnish-Hits
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Cache-Expired-At
Upgrade-Insecure-Requests
X-S
X-Pass-Why
X-Ratelimit-Reset
X-Real-IP
X-Origin-TTL
X-Origin-CC
X-UA-Device-Type
X-Akamai-Transformed
X-Cache-TTL-Remaining
X-Newrelic-Synthetics
X-Node-Name
Content-Secure-Policy
X-Pubstack
X-CACHE-AGE
X-NGENIX-Cache
X-Via-JSL
X-Server-W
NGB
X-Hl-Ver
X-Correlation-ID
X-CSRF-Token
X-Handled-By
Ms-Operation-Id
X-RTag
MS-CV
CDN-Cache
CDN-RequestCountryCode
X-GEO
CDN-RequestPullSuccess
CDN-Uid
CDN-PullZone
CDN-RequestPullCode
CDN-EdgeStorageId
CDN-CachedAt
X-Optimistic-Header
X-Reqid
X-Cms-Context
X-Cache-Type
X-Restarts
Apigw-Requestid
X-Xfnlog-Site
X-IPLB-Request-ID
X-IPLB-Instance
WP-Super-Cache
ServedBy
X-Cdn-Diag
X-App
X-Application
Fastly-Backend-Name
X-CF-Lambda-Version
X-CF-Lambda-Fn
Candidate-Md5Url
Canary
X-Aed
X-Accel-Expires-Debug
Server-Host
X-CGP
X-Cache-NE
X-CacheTTL
BehaviorPad-Version
Fastly-SSL
Gannett-Cam-Experience-Id
Fastly-GeoIP-CountryCode
X-FC-Vary-Parameters
CPC-Age
X-Dispatcher-Number
X-Ec-Custom-Error
X-Ec-Fail
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-No-Session
X-Developer
X-Debug-Cache-Fetch
X-BYPASS-REASON
X-Debug-Cache-Store
X-Bc-Bl
X-Destination
X-D
CPC-Cache
X-Csrf-Jwt
X-B-Cookie
X-Gdpr
DCR-Decision-By
DCR-Processing-Time-Ms
X-Conf
X-BCube-Filmed-By
X-Forwarded-Path
X-Date
X-External-Request-Id
X-Eu-Site
X-ProxyCache-Key
X-ProxyCache-Status
X-Fastly-Backend
X-Bl-Debug
X-Parent-Response-Time
Odigeo-Trace-Id
X-Tenant
VNS-Cache
X-AIR-PT
VNS-Age
Vix-Hermes-Req-Id
Origin-Agent-Cluster
W
Ngx.Var.Host
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
Meta-Geo-Continent
Gh-Request-Id
X-SRCache-Key
We-Hiring
X-Var-Ttl
True-Client-Country-4JS
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-We-Are-Hiring
Sslversion
X-Worker
Cache-Provider
Xc-Version
X-Vtex-Remote-Cache
Surrogated-Key
X-Vdms-Version
X-Vdms-Path
Redirect-Candidate
T-Server
Rendered-Blocks
X-Viewer-Country
Web-Mar-Region
N-Cache
X-A
HA-Ipaddr
Ha-Gx-Prefs
X-Cache-Host
X-A-Dgt
X-RateLimit-Limit-Second
X-Orig-Expires
Lang
X-A-Dcw
X-A-Wwc
L
L5d-Success-Class
X-Origin-Time
X-A-Dam
X-RateLimit-Remaining-Second
X-Presslabs-Stats
X-Request-Host
Mail-Subject
X-Datadome
X-Shop-Environment
MD5-Digest
X-SD-PageType
X-Nyt-Route
X-Rojux
X-A-Ccd
X-ScT
X-S-Cookie
Magicmarker
Cache-Name
X-Vcl-Version
X-Cache-Debug
X-Accel-Buffering
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-BBC-Edge-Cache-Status
TDXMobile
X-App-Name
X-Bip
X-Alternate-Cache-Key
X-ApacheServer
X-Cache-Bucket
X-Node-Id
X-Shopify-Stage
X-ShopId
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ShardId
X-Server-IP
X-Pool
X-Policy
X-Qloud-Router
X-Refresh
X-S-Maxage
X-Request-Time
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VG-TLSProxy
X-Varnishpool
X-VG-WebCache
X-Vmg-Version
X-Wix-Viewer-Type
X-VServer
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Thanos
X-Test
X-Thinkindot-L3
X-Up
X-Varnish-CookieHashed-On
X-Variation
X-Platform
X-PERF
X-Esi-Check
X-DPWN-IS-SECURE
X-Generated-On
X-Geo-Header
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-DefHash
X-DefElseHash
X-Cdn-Origin
X-Cache-Info
X-Clientip
X-CMSURLCustom
X-Core-Value
X-Core-Mission
X-Gzip
X-Hash
X-NodeID
X-Nitro-Cache
X-Old-Content-Length
X-Org
X-PAYTM-SRV-ID
X-Owner
X-Mvc-Supplant-Cachable
X-Mly-Id
X-INCAP-ABP
X-Human
X-Irp-Debug
X-Level-Front-Cache
X-Mid
X-Loc
X-Cache-Id
X-Auto-Login
Machine
Is-Eu
X-VWS-Id
Memcached
X-LJ-Flow-ID
Cmsid
X-Cluster
Host-ID
Adler-Geo
Datacenter
Cmstype
Cf-Device-Type
Environment
AKAMAI
Expect-Staple
Origin
X-AWS-Id
Producers
Release
Platform
Req-Svc-Chain
X-TIME
X-Tx-Id
User-Cache-Control
AMP-Access-Control-Allow-Source-Origin
X-Cdn-Srv
X-Origin
Apple-News-Services-Host
X-Nginx-Cache-Key
Apple-News-Services-Parsed-Url
CDCHOST
CloudFront-Viewer-Country
Server-Hostname
X-Origin-Response-Time
X-Block-Status
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Clara-WADP
X-Is-Gdpr
X-JWT-State
X-Dispatcher-Server
X-Fmm-Version
X-Forwarded-Site
X-Hnp-Log
X-Gen-Mode
X-From
X-Mvc-Supplant-OutputCached
X-Has-Esi
X-GeoIP
X-Proxy-Cache-Status
X-Nananana
X-Device-Os
X-Akamai-Device-Characteristics
Esi-Enabled
X-WADP-Cache
Country-Code
X-WA-Info
NM-Fastcgi-Cache
Sever-Int
Server-Ext
DSUID
X-Cache-Status-Check
Cache-Hits
X-FTR-Request-ID
Wxu-Next-Region
Wxu-Next-Commit
Server-Info
Memory
Origin-CC
Hostname
Wxu-Next-Hostname
Origin-EX
X-Section
X-LB-NoCache
Ssr
X-Cache-Enabled
X-Op-Id-All
X-NCache
Pics-Label
C-Via
X-Instance-Name
X-Access
Time
X-PHP-Backend
X-API-Version
X-Dc
Server-ID
X-Via-Fastly
X-Scale
NGX
X-Micro-Cache
X-Amz-Meta-Cb-Modifiedtime
X-HA-Backend
X-AB
X-TIM-N
X-CACHE-GROUP
X-Tb-Optimization-Total-Bytes-Saved
X-B3-Spanid
X-Vgn-Hpd-Reason
Cdn-Requestid
X-Cs
X-Internal-Host
X-Varnish-Beresp-Ttl
X-Air-Source
X-Air-Hostname
X-Wp-Cf-Super-Cache-Active
X-Varnish-Beresp-Grace
X-Air-Trace-Id
X-Geo-Region
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Buckets
Location
X-Webkit-Csp-Report-Only
X-Zone
X-Azure-Ref-OriginShield
X-Accel-Version
X-ZONE
X-WP-CF-Super-Cache-Active
X-TraceId
X-SIPLIST1
X-Fpc
IsBot
X-Backend-Instance
GeoIP-Latitude
Sid
X-Browser-Name
X-Is-Tablet
X-Is-Mobile
X-Is-Supported-Browser
X-Web-Node
X-B3-Parentspanid
X-Github-Request-Id
Cache-Host
X-Is-Desktop
X-Tcp-Rtt
X-Origin-Expires
X-Microcachable
XM
YJS-ID
CF-Ctrl
X-DataCenter
X-DC
X-VarnishDD-TTL
X-Pod-Name
Uri
X-Cached-By
Resin-Trace
X-Info
PFcat
X-HN
X-TA-CDN-Provider
X-LiteSpeed-Cache-Control
X-VCache
X-Ad-Defer-Variation
User-Agent
True-Client-Ip
X-Hyper-Cache
X-Via-Edge
X-NGINX-Cache
Srvid
Locid
A
Edge-Copy-Time
GeoIP-Country-Code
X-FL-EDGE
X-FL-QIT-DEBUG
X-Locale
X-Nitro-Rev
X-Nitro-Cache-From
X-Site-Version
X-Via-SSL
Epwk-X-Cache
X-Via-CDN
X-Frame-Option
Cdn
GeoIp-Country-Code
XServer
X-Geo
X-FireWall-Port
X-Moov-T
X-Moov-Xdn-Version
X-Cache-ASPX
X-Service
X-ATG-Version
X-CS
X-Contensis-Viewer-Groups
X-Webstats-RespID
X-NewRelic-App-Data
X-CSRF-TOKEN
X-MSEdge-Features
X-MSEdge-Flight
Cache-Key
X-Datacenter
X-Varnish-Authentication
True-Client-IP
SID
X-VC
X-Origin-Cache-Key
NtCoent-Length
X-TRACE-ID
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-Vercel-Cache
Path
X-Pad
X-Upstream-Ht
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Vercel-Id
X-Upstream-Ct
X-FPC
Fastly-Drupal-Html
Tcn
X-HostName
LB
Req-ID
WZWS-RAY
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-LiteSpeed-Tag
X-Platform-Server
X-Planisys-CDN-Cache
State
M-TraceId
X-SRV
X-HS-Content-Campaign-Id
X-NMSegId
Cf-Ipcountry
Lb
X-WP-CF-Super-Cache-Cookies-Bypass
X-Api-Version
X-APP-VERSION
CountryCode
X-Cdn-Request-ID
Cdnsip
Cdncip
Cluster
X-Amz-Meta-Opti
X-AK-Request-ID
X-Ad-Load-Variation
X-Esi
X-Air-Pt
X-Release
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Fastly-Cache
X-Vgn-Hpd-Variations-Key
X-NWS-UUID-VERIFY
Content-Script-Type
X-Rocket-Build-Number
X-Cache-Ttl
X-Generated-In
X-Branch-Name
X-M-Reqid
X-Request-Start
X-Scope-Id
Pramga
X-Cache-Remote
X-Sigma
X-M-Log
Content-Style-Type
X-Sigma-Backend
WebServer
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Traceid
X-Rebelmouse-Cache-Control
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Rebelmouse-Surrogate-Control
X-Qnm-Cache
X-Proxy-CacheRZ
XkeyRZ
Cache
Yak-Timeinfo
X-Shield-Cache-Expires
X-HS-Status
Proxy-Connection
X-Varnish-Beresp-Status
X-UA
CDN
X-CACHE-KEY
X-Provided-By
X-Gamma-Serve
X-Cdn-Forward
X-Akamai-Pragma-Client-IP
Geoip-Latitude
X-GeoIP-City
X-Cache-Date
X-Request-URI
X-Tim-N
X-Scheme
Edge-Cache
X-GoCache-CacheStatus
Srv
X-Lb-Cache
X-Cdn-Cache-Status
CF-Cached-On
X-TH-Server
X-Render-Time
Ohc-File-Size
HostName
X-RN-RSRV
X-User
X-Ha-Backend
X-Vc
Server-Id
X-TT-LOGID
Click-Count-Action-Start
X-Wa
X-CUA
Cache-Tv-Group
V-Age
X-SB
X-Req
X-Nc
X-Servedbyhost
X-V-Cache
X-Via-Popn
X-Via-Popv
X-Via-Poph
X-LB-ID
X-Fastly-Backend-Reqs
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
Tube-Return
X-Acquia-Purge-Cdn-Unconfigured
X-Cache-FS-Status
X-B3-Trace-ID
X-Aicache-OS
Click-Count-Error
PICS-Label
X-Acquia-Site
X-Lb-Nocache
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Dw-Trace-Id
X-Via-Ucdn
X-Edge-POP
X-Acquia-Purge-Tags
Ngx
Env
X-EC-Lua
X-TX-ID
Yjs-Id
Inserted-Into-Cache-At
X-Snapshot-Date
X-Fastly-Cache-Hits
CACHE-MISS-TO-ORIGIN
X-CF-Cache-Header-Vary
X-Sucuri-Id
Mime-Version
X-VCL-Version
Vha6-Origin
X-ElasticPress-Query
X-CF-Cache-Header-Cache-Control
X-Udemy-Cache-App-Namespace
Cneonction
Kp-EeAlive
X-Miniprofiler-Ids
X-RAMCache
X-Litespeed-Cache-Control
Log-Origin
X-Cached-Since