Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
P3p
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
X-Ua-Compatible
X-Request-ID
X-Via
X-Dns-Prefetch-Control
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Backend
X-Ws-Request-Id
X-Amz-Id-2
X-Proxy-Cache
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Akamai-Path-Stats
X-Server
X-Rq
EagleId
X-Vhost
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Server-Id
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Pingback
X-Cache-Spec
Request-Id
Surrogate-Control
Cf-Railgun
Accept-CH
X-Akam-SW-Version
X-Backend-Server
X-Readtime
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-HW
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
Content-Location
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-Country
X-WebKit-CSP-Report-Only
X-Url
X-Clacks-Overhead
X-Edge
X-Amz-Server-Side-Encryption
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-B3-TraceId
Edge-Control
X-Ruxit-JS-Agent
X-Vname
X-PC
X-TtlSet
Accept-Ch
X-Content-Type
X-Vcap-Request-Id
X-ESI
X-Mod-Pagespeed
Xkey
X-Nginx-Upstream-Cache-Status
X-CST
X-Varnish-TTL
X-Mcache
X-D2id
X-Oneagent-Js-Injection
X-Kinja
X-VARITI-CCR
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-Amz-Rid
X-GitHub-Request-Id
Cache-Tag
Verso
RTSS
X-FastCGI-Cache
X-Powered-By-Plesk
X-ECACHE
X-Cached
Service-Worker-Allowed
X-Navigation-Version
X-Client-IP
X-Upstream
X-Ruxit-Js-Agent
X-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Px
X-Cnection
X-Ac
Public-Key-Pins
Arr-Disable-Session-Affinity
X-Ser
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
SPRequestGuid
X-SharePointHealthScore
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Element-Page-Cache
X-Server-Name
SPIisLatency
SPRequestDuration
X-Ttl
X-Cache-TTL
X-Country-Code
X-NF-Request-ID
X-NWS-LOG-UUID
X-Midtier
X-Middleton-Response
Response
X-Edge-Location-Klb
X-Kinsta-Cache
X-RateLimit-Remaining
X-Goog-Hash
Permissions-Policy
X-Forwarded-For
X-Cache-Key
Access-Control-Request-Method
Content-MD5
X-Shield-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DataDome
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Powered-CMS
Front-End-Https
X-MSEdge-Ref
Edge-Cache-Tag
AR-SID
AR-CACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Correlation-Id
TP-Cache
X-T
TP-L2-Cache
Nginx-Cache
X-HP-Trace-Id
X-Recruiting
X-Jurisdiction
X-HP-Webp
X-Accel-Expires
TCN
X-Daa-Tunnel
X-Grace
MicrosoftSharePointTeamServices
X-RateLimit-Limit
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Id
X-Mg-S
Filters
X-Request-Processing-Time
X-Request-Received
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-HS-Content-Id
X-Hits
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-TEC-API-VERSION
X-Content-Digest
Server-Node
X-Fastly-Request-Id
X-LLID
S
X-Frontend
X-Distributor
X-Amzn-Trace-Id
Server-Name
Cache-Status
X-Protected-By
X-TTL
X-Geo-Country
MS-Author-Via
Fastcgi-Cache
X-PressLabs-Stats
X-LB-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Language
X-Origin-Server
Cross-Origin-Opener-Policy
X-Ua-Browser
X-FB-Debug
X-Ab
Host
X-B3-Sampled
X-Ezoic-Cdn
X-Forwarded-Proto
X-F-Cache
Filterid
X-Seen-By
X-Page-Id
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
Charset
Realpath
X-Ratelimit-Reset
Payment
Count-Hit
X-Litespeed-Cache
X-ASPNET-VERSION
X-Cache-Age
X-Cluster-Name
X-VCache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Accept-Charset
Surrogate-Key
X-DynaTrace
X-Fastcgi-Cache
X-Origin-Cache
Cache-Tags
X-NGENIX-Cache
X-XRDS-Location
X-Rid
Alternate-Protocol
X-AppVersion
X-Activity-Id
Retry-After
X-Az
Cleartype
Cf-Apo-Via
X-Template
X-Webkit-Csp
X-Www-Served-By
X-Webkit-CSP
X-Varnish-Backend
Access-Control-Allow-Method
X-Node-Name
X-Content
X-Tb
X-TT
X-Amz-Replication-Status
X-Debug
X-B
X-DIS-Request-ID
ServerID
X-Type
X-App-Environment
X-Wix-Request-Id
X-Upgrade-Enabled
X-Varnish-Grace
X-Drupal-Cache-Tags
X-B-Cache
X-Signature
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Flags
X-Aspnet-Duration-Ms
DC
Paypal-Debug-Id
X-Logged-In
X-Proxy
X-Tt-Trace-Host
X-Tt-Trace-Tag
Frame-Options
X-Mobile
X-Hostname
X-Envoy-Decorator-Operation
X-Source
X-Content-Options
X-Load-Cache
X-Revision
Pinterest-Generated-By
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Pinterest-Version
X-Goog-Metageneration
X-N
X-Cache-Control
X-Goog-Generation
X-GUploader-UploadID
X-Pinterest-Rid
X-Goog-Stored-Content-Length
X-Ratelimit-Remaining
Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Magnolia-Registration
X-User-Agent
X-Contextid
Referer-Policy
X-Whom
X-XRDS-LOCATION
Viewport
X-EdgeConnect-Cache-Status
NGB
X-Cache-Rule
X-Response-Served-From
X-Original-Request-Id
X-Varnish-Age
Refresh
X-Restarts
Node
Content-Disposition
Amp-Access-Control-Allow-Source-Origin
X-Framework
X-Mid
X-Debug-IsConnected
X-Debug-IsPreview
Access-Control-Request-Headers
X-Cache-TTL-Remaining
X-G
X-Jobs
X-Varnish-Server
Url
X-Cacheable-TTL
X-Cache-Time
X-Mg-Request-UUID
X-L-Path
X-Environment-Context
Akamai-GRN
Uber-Trace-Id
X-Unique-Id
X-Servername
X-Adobe-Content
X-Real-IP
X-Page-View
X-Drupal-Cache-Contexts
X-Cache-Grace
X-Adobe-Loc
X-Status
X-Rendered-As
X-Is-Bot
X-Akamai-Request-ID2
X-Instance
X-NYM-Debug-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Fastly-Request-ID
X-Yottaa-Metrics
X-Yottaa-Optimizations
Version
X-Content-Powered-By
X-App-Server
Countrycode
X-RemovedCookies
X-ProcessESI
X-Server-ID
X-Debug-Info
X-COUNTRY
X-Ratelimit-Limit
X-Http-Reason
Protected
X-Time
X-IPLB-Instance
X-IPLB-Request-ID
X-Hosted-By
X-CDN-Forward
X-Tt-Logid
Accept-Language
X-APP-VERSION
X-Nginx-Cache-Key
Liferay-Portal
X-Device-Type
Healthy
X-Via-JSL
X-Cache-Expired-At
Srv
X-FW-Hash
X-FW-Server
X-Tumblr-Pixel-0
X-FW-Type
X-Trace-Id
X-FW-Static
X-Tumblr-Pixel
X-FW-Dynamic
X-Tumblr-Pixel-1
X-Tumblr-User
X-FW-Serve
Fastcgi-Useragent
X-Azure-Ref
X-Cache-Hit
X-RTag
Ms-Operation-Id
MS-CV
X-Proxy-Cache-Status
X-Backend-Name
X-Datadome
X-UUID
Section-Io-Cache
Backend
X-Mobile-URL
X-Cache-NGX
Server-Info
Content-Secure-Policy
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Cache-Operation
X-UPSTREAM-Address
Meta-Geo
Load-Balancing
X-RN-RSRV
CF-IPCountry
X-HTML-Minification-Powered-By
X-Storage
X-Mode
X-ShardId
TWC-Locale-Group
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
TWC-Privacy
X-Server-W
X-Uri
X-Varnish-Hostname
TWC-GeoIP-Country
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Cache-Server
X-Cache-Host
X-Cache-Enabled
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
X-Locale
X-Sql-Duration-Ms
X-Sql-Count
X-Origin-Hint
X-Origin-Date
WP-Super-Cache
X-Alternate-Cache-Key
X-No-Session
X-AWS-Id
X-ShopId
X-Akamai-Edgescape
Webcakes-Region
X-Varnishpool
Webcakes-App-Version
X-PHP-Backend
X-Region
X-PHP-Host
X-VC-Cache
X-Skip-Cache
X-Handled-By
Property-Id
S-Rt
X-VWS-Id
Onion-Location
X-Shopify-Stage
Eomportal-Instance
X-Sorting-Hat-PodId
Webcakes-App-Name
X-Content-Age
X-Zen-Fury
X-Proxied
X-PCL
X-Debug-Cache
X-Proxy-Build
X-ProxyCache-Key
X-OCL
X-Access
X-Cms-Context
X-Hl-Ver
X-Adobe-Source
Web-Mar-Node
X-JoinUs
X-ProxyCache-Status
X-Zipkin-Id
X-Routing-Service
Selected-Fe
X-UA-Device-Type
X-Section
X-SaId
X-Request-Time
X-Varnish-Cache-Hits
X-ServerID
X-Xfnlog-Site
Mn-Server-Ip
X-Via-Fastly
X-Timing-Wait
Azure-Version
X-Format
X-Generation-Time
X-Redis-Cache
Azure-SlotName
X-BYPASS-REASON
X-Site-Version
X-Forwarded-Host
X-FB-TRIP-ID
X-Proto
Azure-RegionName
Azure-SiteName
X-Edge-Location
X-Extlb
Azure-InstanceId
X-Web-Node
X-Cache-Status-Check
X-Tid
GEO-INFO
X-Urbn-Site-Id
X-Say-Cacheable
X-GeoCountry
Locale
Apigw-Requestid
X-Generated-By
X-GeoCode
DB-Nickname
X-SayCDN-TTL
X-Say-TTL
X-Nginx-Cache
X-Urbn-Context-Path
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
X-URL
CDN-CachedAt
CDN-Uid
CDN-Cache
X-Varnish-Beresp-Grace
X-Detected-As
X-Cache-Type
X-Rule
X-Cache-Action
X-SRV
X-Ua
X-Dc
X-LSADC-Cache
ServedBy
X-Correlation-ID
X-DynaTrace-JS-Agent
X-R9-Blue-Green-Version
X-Ms-Version
Cache-Name
X-Ms-Request-Id
X-Human
Cache
X-ECache
X-FireWall-Port
SD-X-WS
X-App-Version
Xet-Cookie
Cross-Origin-Resource-Policy
X-Cache-Tags
X-Amzn-RequestId
X-Amz-Apigw-Id
Source
X-Varnish-Hits
X-Cached-By
Xserver
LB
X-Via-NSCOPI
Cross-Origin-Window-Policy
X-RCS-CacheZone
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-GG-Cache-Date
X-MP-GENERATED-AT
WPO-Cache-Status
Origin
X-Aspnetmvc-Version
WPO-Cache-Message
X-Reqid
X-Cdn
X-B3-SpanId
X-TNCMS
X-Loop
X-Origin-CC
X-IPS-LoggedIn
X-GEO
X-NewRelic-App-Data
X-Origin-TTL
X-Amzn-Remapped-Content-Length
X-Pubstack
X-Api-Version
Cache-Hits
X-Soup
X-AOL-HN
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Tumblr-Pixel-2
X-FW-Version
Rip
From-Origin
X-Platform-Server
X-Service
Webserver
X-Varnish-Ttl
Upgrade-Insecure-Requests
X-Cluster-Node
X-Vgn-Hpd-Reason
X-Origin-Response-Time
X-BCube-Filmed-By
MD5-Digest
Host-ID
T-Server
Meta-Geo-Continent
Lang
X-S-Cookie
Redirect-Candidate
Rendered-Blocks
Sslversion
X-Cache-NE
Surrogated-Key
X-Shop-Environment
X-A
Ngx.Var.Host
X-Served-From
Odigeo-Trace-Id
X-Session-Fingerprint
X-ScT
X-NAPM-TraceId
X-Processor
X-Aed
Cdncip
Cdnsip
X-A-Wwc
X-Orig-Expires
X-PBS-Appsvrname
X-Application
BehaviorPad-Version
A
X-Owner
DCR-Decision-By
DCR-Processing-Time-Ms
X-AK-Request-ID
X-A-Ccd
X-Rewrite-Enabled
X-B-Cookie
X-Rojux
Expiry
X-A-Dam
X-A-Dgt
X-ARC
X-A-Dcw
Environment
X-S
X-Bc-Bl
X-User
X-Connection-Hash
X-Ec-Fail
HostName
X-Developer
X-TIM-N
X-D
X-SRCache-Key
X-Tenant
X-Destination
X-Vdms-Path
X-Ec-GeoHdr
X-Cluster
X-Forwarded-Path
X-VG-WebCache
Xc-Version
X-CSRF-Token
X-Vdms-Version
X-External-Request-Id
X-VC
X-Request-Host
X-Provided-By
X-Irp-Debug
Mobile-Detection-Method
Machine
X-Forwarded-Site
X-Generated-On
X-Level-Front-Cache
X-Thanos
X-Qloud-Router
Candidate-Md5Url
X-Accel-Buffering
X-Bip
Fastly-SSL
X-TIME
OT-Force-Account-Verify
X-Minions-Version
X-Geo-Header
Wxu-Next-Hostname
Mail-Subject
Wxu-Next-Region
Is-Eu
IsBot
VNS-Cache
We-Hiring
X-Ckpd-Fst-Backend
L
Wxu-Next-Commit
X-Clara-WADP
X-Mvc-Supplant-Cachable
X-Varnish-Remaining-TTL
X-Gateway-Skip-Cache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
DSUID
X-Nyt-Route
X-Cache-Id
Traceparent
Fastly-SWR
Thinkindot-Control
Fastly-SIE
X-Esi-Check
Thinkindot-CacheControl-Type
Fastly-Backend-Name
Gh-Request-Id
X-Gateway-Cache-Status
X-Fetched-On
TDXMobile
Release
X-Cdn-Srv
X-Hash
Producers
Server-Host
X-Gzip
X-Cdn-Origin
Tube-Got-Eval
State
Tube-Got-Results
X-GeoIP-City
Tube-Return
Platform
X-HS-Content-Campaign-Id
NGX
X-Fastly-Cache
VNS-Age
X-CacheTTL
Decoy-Debug-TTL
X-WADP-Cache
NM-Fastcgi-Cache
X-Cache-Remote
X-INCAP-ABP
Thinkindot-CacheControl
Origin-EX
Origin-CC
X-Gateway-Request-Id
Memcached
X-SIPLIST1
X-Proxy-Cache-Info
X-Thinkindot-L3
X-Core-Mission
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-Core-Value
X-S-Maxage
X-Pool
X-Scale
X-Parent-Response-Time
X-Pod-Name
X-Policy
X-SB
X-SVT-ORM-RULES
X-Fmm-Version
X-Request-URI
X-DefHash
X-Datadog-Sampling-Priority
X-Dispatcher-Number
Tube-Get-Contents
X-DefElseHash
X-Region-Sid
X-SplitTest
X-Auto-Login
X-GeoIP
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Datadog-Parent-Id
X-Origin-Time
X-Origin-Expires
Cluster
Cmsid
X-Branch-Name
Click-Count-Error
X-DPWN-IS-SECURE
Click-Count-Action-Start
Cmstype
Country-Code
X-Datadog-Trace-Id
Decoy-Debug-Key
X-Gateway-Cache-Key
Datacenter
CPC-Age
CPC-Cache
X-Ad-Defer-Variation
X-Wix-Viewer-Type
X-WA-Info
X-Developers
Adler-Geo
X-V-Cache
X-Origin
X-Gdpr
X-Variation
X-Optimistic-Header
Cache-Tv-Group
Decoy-Debug-Status
X-Aicache-OS
X-Gamma-Serve
X-Device-Os
X-NWS-UUID-VERIFY
X-BBC-Edge-Cache-Status
X-Epic-Correlation-Id
X-Eu-Site
X-Csrf-Jwt
X-CGP
Vix-Hermes-Req-Id
X-Cache-Info
V-Age
AKAMAI
X-Is-Gdpr
X-Viewer-Country
X-Scheme
X-Varnish-Beresp-Ttl
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
Apple-News-Services-Handled
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-JWT-State
Web-Mar-Region
X-VServer
X-Sigma
AMP-Access-Control-Allow-Source-Origin
X-Slack-Backend
X-Worker
X-Sigma-Backend
X-Mvc-Supplant-OutputCached
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Loc
L5d-Success-Class
Kp-EeAlive
HA-Ipaddr
X-Clientip
X-VG-TLSProxy
X-Cache-Bucket
Servername
Req-Svc-Chain
Ha-Gx-Prefs
Fastly-GeoIP-CountryCode
X-Has-Esi
Cache-Host
Apple-News-Services-Request-Url
CloudFront-Viewer-Country
X-ZONE
Fastcgi-Cache-TTL
X-NCache
X-NodeID
X-Planisys-CDN-TTL
WebServer
X-Yandex-Sdch-Disable
Mime-Version
X-Xrds-Location
X-Ec-Custom-Error
User-Cache-Control
Server-Hostname
Sever-Int
X-Gen-Mode
X-Hnp-Log
Svr
X-Block-Status
Server-Ext
CDCHOST
X-Udemy-Cache-App-Namespace
X-Microcachable
X-LB-NoCache
X-Ig-Push-State
Ssr
X-Tec-Api-Version
X-Tec-Api-Root
X-Tx-Id
X-Tec-Api-Origin
X-Cache-Date
Ec-Rule-Version
X-Tb-Optimization-Total-Bytes-Saved
X-CMSURLCustom
X-Varnish-Beresp-Status
Canary
Time
Pics-Label
SID
Sid
X-TRACE-ID
X-Conf
Memory
Fastly-Drupal-Html
X-Sucuri-ID
X-Sucuri-Cache
X-Via-Popv
X-Via-Popn
X-Generated-In
X-Via-Poph
X-FC-Vary-Parameters
X-ATG-Version
X-Refresh
X-WP-CF-Super-Cache-Active
X-Azure-Ref-OriginShield
X-Fastly-Backend
X-Var-Ttl
X-Dmc
X-Edge-Pop
X-ND-Cache
X-Akamai-Transformed
X-Cache-Debug
X-B3-Traceid
X-Presslabs-Stats
X-Be
X-Air-Trace-Id
X-Air-Source
Server-ID
X-Servedbyhost
X-Air-Hostname
X-Newrelic-App-Data
X-CS
X-MSEdge-Flight
X-MSEdge-Features
X-Cs
X-Trace-ID
X-Buckets
X-Fpc
X-NC
Env
Fastly-Drupal-HTML
X-TX-ID
X-Endurance-Cache-Level
X-CACHE-KEY
X-Esi
X-Release
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-EC-Lua
X-PX
X-MCACHE
X-ID
Magicmarker
X-Tumblr-Pixel-3
GeoIp-Country-Code
CDN
X-DC
X-Srv
X-RateLimit-Reset
True-Client-IP
X-Up
X-CF-Lambda-Version
X-CACHE-AGE
X-CF-Lambda-Fn
X-Hyper-Cache
X-Zone
My-App
X-M-Log
X-Micro-Cache
X-M-Reqid
X-Dispatch
Pramga
X-Pass-Why
X-NGINX-Cache
X-Webkit-CSP-Report-Only
X-Lambda-Id
X-Wa
X-VCL-Version
X-App
X-Alfa-Service
X-Varnish-Beresp-TTL
X-Qnm-Cache
C-Via
X-Vc
X-TrackingId
X-CSRF-TOKEN
N-Cache
X-Vcl-Version
Hostname
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
Path
Fastcgi-X-Cache-Version
X-Req
On-Server
X-PAYTM-SRV-ID
X-Platform
Resin-Trace
True-Client-Ip
Esi-Enabled
X-Check-Cacheable
X-Air-Pt
X-AIR-PT
X-Vercel-Id
X-LB-ID
X-Vtex-Remote-Cache
X-ApacheServer
X-HS-Status
X-Vtex-Processado-Em
X-PERF
Tcn
X-Vercel-Cache
CacheControlHeader
X-TH-Server
X-Node-Id
X-Nf-Request-Id
GeoIP-Country-Code
GeoIP-Latitude
X-SD-PageType
Tracecode
NtCoent-Length
X-SERVER-NAME
X-LAGOON
X-API-Version
True-Client-Country-4JS
Cache-Key
Proxy-Connection
DT-Hot-News
X-FPC
X-Request-Start
X-Akamai-Pragma-Client-IP
Cdn
X-Op-Id-All
HIT
X-B3-Spanid
X-CLOUD-TRACE-CONTEXT
X-Mly-Id
X-WA
DynaTrace
ENV
Hit
X-Render-Time
XkeyRZ
X-Geo
X-Proxy-CacheRZ
X-Webkit-Csp-Report-Only
Section-Io-Origin-Time-Seconds
X-ServedByHost
X-Cdn-Forward
X-Via-CDN
X-Traceid
Section-Io-Origin-Status
XM
X-Platform-Router
PFcat
X-HN
X-Platform-Processor
X-Platform-Cluster
X-Proxy-Upstream
X-VarnishDD-TTL
X-Via-Ucdn
Section-Io-Id
Section-Origin-Responded
X-GeoIP-Region-Code
X-Datacenter
X-GeoIP-Country-Code
X-Dw-Trace-Id
X-Accel-Expires-Debug
Server-Ttl
Lb
X-Proxy-Cache-Hk
X-Edge-POP
User-Agent
X-Lb-Id
X-Date
Server-Id
WWW-Authenticate
SRV
MIME-Version
X-TT-LOGID
X-RAMCache
X-Via-PopV
X-Via-PopN
X-Via-PopH
YJS-ID
X-LiteSpeed-Cache-Control
Yjs-Id
Geoip-Latitude
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-RSL
X-RPS
X-DB
X-Ftr-Request-Id
X-Cache-Backend
X-DI
X-DSS
X-RPM
X-DW
Dnion-Transfer-Encoding
X-Li-Fabric
M-TraceId
X-Cache-Ttl
FSS-Cache
X-Wp-Cf-Super-Cache
X-LiteSpeed-Tag
X-CF-Powered-By
X-CUA
X-Wp-Cf-Super-Cache-Cache-Control
X-FORWARDED-FOR
X-Akamai-ERRuleID
Warning
X-Akamai-Request-ID
Vha6-Origin
Wpo-Cache-Message
PICS-Label
X-Request-Url
Location
X-Nc
X-Service-Response-Time
X-Instance-Name
X-Response-By
X-Old-Content-Length
Sm-Log-Id
X-Fastly-Backend-Reqs
X-Akamai-ERPolicy
Wpo-Cache-Status
Nginx-CQVIP
Ohc-File-Size
X-Httpd
XServer
X-HA-Backend
X-HITS
X-UA
X-Litespeed-Cache-Control
X-HostName
X-Cdn-Request-ID
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Mg-Cache
X-Lb-Nocache
X-Cc-Via
X-Fastly-Cache-Hits
Powered-By
X-B3-ParentSpanId
X-Server-IP
Cdn-Requestcountrycode
Cdn-Pullzone
Cdn-Uid
Cdn-Requestid
Cdn-Edgestorageid
CountryCode
Cdn-Cache
X-Cache-Ngx
Cdn-Cachedat
X-Snapshot-Date
Uri
Locid
Srvid
X-FL-EDGE
X-Moov-Xdn-Version
X-Webstats-RespID
X-MiniProfiler-Ids
X-Serial
Fastcgi-Cache-Ttl
Req-ID
X-Moov-T
WZWS-RAY
Ohc-Cache-HIT