Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
CF-Ray
X-Generator
X-Cacheable
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Request-ID
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
X-Ua-Compatible
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
X-Cache-Group
Server-Timing
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Backend
X-Proxy-Cache
X-Amz-Id-2
X-Ws-Request-Id
P3p
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Dispatcher
X-Akamai-Path-Stats
Cf-Edge-Cache
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Device
X-Nginx-Cache-Status
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-OneAgent-JS-Injection
X-Pingback
Accept-CH
X-Server-Id
Request-Id
EagleEye-TraceId
X-Cache-Spec
Cf-Railgun
Surrogate-Control
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
X-Trace
Rating
Fastly-Restarts
X-Cloud-Trace-Context
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
Accept-Ch-Lifetime
X-Country
X-MS-InvokeApp
X-Edge
X-Amz-Server-Side-Encryption
X-B3-TraceId
Edge-Control
X-Rack-Cache
X-Ruxit-JS-Agent
X-TtlSet
X-PC
X-Vname
X-Nginx-Upstream-Cache-Status
X-Content-Type
X-ESI
X-Mod-Pagespeed
X-Vcap-Request-Id
X-Varnish-TTL
X-FastCGI-Cache
Xkey
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-D2id
X-Amz-Rid
X-Mcache
Verso
X-GitHub-Request-Id
Cache-Tag
X-VARITI-CCR
X-Powered-By-Plesk
RTSS
X-CST
X-ECACHE
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Upstream
X-Cached
X-Navigation-Version
X-Abt-Application-Version
X-Version
X-Client-IP
Accept-Ch
X-Ruxit-Js-Agent
X-Dw-Request-Base-Id
X-Cnection
X-Px
X-Ac
Public-Key-Pins
SPRequestGuid
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-SharePointHealthScore
X-Element-Page-Cache
X-Server-Name
Arr-Disable-Session-Affinity
SPRequestDuration
SPIisLatency
X-Cache-TTL
Display
Pagespeed
X-Sol
X-Middleton-Display
X-NWS-LOG-UUID
X-Ser
X-Country-Code
X-Ttl
Permissions-Policy
X-Midtier
X-Cache-Key
X-RateLimit-Remaining
X-Middleton-Response
Response
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-NF-Request-ID
X-Forwarded-For
Content-MD5
Access-Control-Request-Method
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DataDome
X-Shield-Request-Id
Front-End-Https
X-MSEdge-Ref
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-T
X-Recruiting
X-Jurisdiction
X-Correlation-Id
X-HP-Webp
X-HP-Trace-Id
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
Nginx-Cache
AR-Request-ID
AR-SID
X-Accel-Expires
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Powered-CMS
X-Daa-Tunnel
MicrosoftSharePointTeamServices
X-RateLimit-Limit
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
TCN
X-Grace
X-Hits
X-Mg-S
X-Id
X-Content-Digest
X-Request-Received
X-Request-Processing-Time
Filters
Server-Node
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
Cf-Apo-Via
Server-Name
X-Amzn-Trace-Id
X-Frontend
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Webkit-Csp
S
X-Distributor
X-LLID
MS-Author-Via
X-Geo-Country
X-Protected-By
Fastcgi-Cache
X-Language
Cache-Status
X-Fastly-Request-Id
X-TTL
X-PressLabs-Stats
X-LB-Cache
Cross-Origin-Opener-Policy
X-Origin-Server
X-Request-Handler-Origin-Region
X-Amz-Meta-S3cmd-Attrs
X-Microsite
Charset
X-Ezoic-Cdn
X-Forwarded-Proto
X-FB-Debug
X-Seen-By
X-F-Cache
Count-Hit
X-Page-Id
Host
X-B3-Sampled
X-Git-Hash
X-Ua-Browser
X-XRDS-Location
X-Ab
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Payment
Filterid
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Cluster-Name
X-Cache-Age
X-VCache
Realpath
Surrogate-Key
X-Rid
Accept-Charset
X-Template
X-Origin-Cache
Cache-Tags
Alternate-Protocol
X-NGENIX-Cache
Retry-After
X-DynaTrace
X-Az
X-Www-Served-By
X-AppVersion
X-Activity-Id
Access-Control-Allow-Method
X-Fastcgi-Cache
Cleartype
X-Amz-Replication-Status
X-Upgrade-Enabled
X-Varnish-Backend
X-DIS-Request-ID
X-Route-Name
X-Varnish-Grace
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Signature
X-B-Cache
X-Wix-Request-Id
X-Type
X-Tb
X-Logged-In
X-Node-Name
X-App-Environment
X-TT
DC
Paypal-Debug-Id
X-Envoy-Decorator-Operation
ServerID
X-B
X-Drupal-Cache-Tags
X-Debug
X-Proxy
X-Hostname
Frame-Options
X-Source
X-Content-Options
X-Mobile
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Revision
X-Content
X-Load-Cache
X-Contextid
X-Fastly-Request-ID
Pinterest-Generated-By
Pinterest-Version
Amp-Access-Control-Allow-Source-Origin
X-Pinterest-Rid
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-COUNTRY
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Cache-Rule
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Control
Country
X-Litespeed-Cache
X-Magnolia-Registration
X-N
X-User-Agent
X-Response-Served-From
X-Whom
X-Original-Request-Id
X-EdgeConnect-Cache-Status
Referer-Policy
Viewport
Refresh
Node
NGB
X-Ratelimit-Remaining
X-Servername
X-Debug-IsConnected
X-Page-View
X-Yottaa-Metrics
X-Cache-TTL-Remaining
X-Cacheable-TTL
Access-Control-Request-Headers
X-Debug-IsPreview
Uber-Trace-Id
X-Mid
X-Yottaa-Optimizations
X-Framework
X-Real-IP
X-Varnish-Age
Url
Content-Disposition
X-Unique-Id
X-Jobs
X-L-Path
X-Content-Powered-By
X-Instance
Akamai-GRN
X-Environment-Context
X-Rendered-As
X-Cache-Time
X-NYM-Debug-Backend
X-Adobe-Content
X-Varnish-Server
X-Is-Bot
X-Adobe-Loc
X-Akamai-Request-ID2
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-RemovedCookies
X-Status
X-ProcessESI
X-Cache-Grace
Srv
X-G
X-Server-ID
Countrycode
X-Mg-Request-UUID
X-Restarts
X-Drupal-Cache-Contexts
X-APP-VERSION
Version
X-App-Server
X-Trace-Id
X-CDN-Forward
X-Http-Reason
X-XRDS-LOCATION
X-Debug-Info
Accept-Language
X-Cache-Expired-At
X-IPLB-Request-ID
X-IPLB-Instance
Protected
X-Time
Healthy
X-Via-JSL
X-Hosted-By
X-Ratelimit-Limit
X-Tumblr-User
X-Nginx-Cache-Key
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Cache-Hit
X-Device-Type
Liferay-Portal
X-Azure-Ref
X-Cache-Operation
X-FW-Server
X-FW-Serve
X-FW-Static
X-Tt-Logid
X-FW-Type
X-FW-Hash
Section-Io-Cache
X-Backend-Name
X-FW-Dynamic
Fastcgi-Useragent
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-RTag
Server-Info
Backend
MS-CV
Ms-Operation-Id
X-Cache-NGX
Content-Secure-Policy
X-Proxy-Cache-Status
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
X-Storage
X-Mobile-URL
X-Akamai-Edgescape
Cross-Origin-Resource-Policy
Load-Balancing
X-UUID
X-Mode
CF-IPCountry
X-Handled-By
GEO-INFO
X-Rule
X-No-Session
X-Region
X-Say-Cacheable
X-Say-TTL
X-Proto
X-PHP-Backend
X-Origin-Date
X-Origin-Hint
X-PCL
X-SayCDN-TTL
X-Section
X-Varnish-Hostname
X-Varnishpool
X-VWS-Id
X-Varnish-Cache-Hits
X-Sql-Duration-Ms
X-Server-W
X-Sql-Count
X-OCL
X-Content-Age
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
X-VC-Cache
Property-Id
TWC-Connection-Speed
Webcakes-App-Name
Webcakes-Region
X-Cms-Context
X-Format
X-LJ-Flow-ID
X-Cache-Server
X-AWS-Id
X-Access
X-Adobe-Source
X-Cache-Action
Webcakes-App-Version
X-URL
X-HTML-Minification-Powered-By
X-Hl-Ver
X-GeoCode
X-Locale
X-GeoCountry
X-Proxied
X-Routing-Service
X-Datadome
X-Request-Time
X-Proxy-Build
X-Generation-Time
X-Forwarded-Host
Web-Mar-Node
Selected-Fe
S-Rt
Onion-Location
X-Alternate-Cache-Key
X-Cache-Type
X-FB-TRIP-ID
X-Extlb
X-Edge-Location
X-Detected-As
X-ShardId
X-ShopId
X-Redis-Cache
X-Cache-Enabled
X-Zipkin-Id
X-Xfnlog-Site
X-Varnish-Beresp-Grace
Azure-InstanceId
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Web-Node
X-Via-Fastly
X-Sorting-Hat-PodId
X-Skip-Cache
X-Site-Version
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Urbn-Site-Id
X-UA-Device-Type
X-Timing-Wait
Mn-Server-Ip
X-Urbn-Context-Path
Eomportal-Instance
Locale
DB-Nickname
X-ProxyCache-Status
X-ServerID
CDN-Cache
X-ProxyCache-Key
Apigw-Requestid
X-Cache-Host
CDN-CachedAt
X-Generated-By
X-Cache-Status-Check
CDN-EdgeStorageId
X-Labrador-Cache-Channel
X-PHP-Host
X-Uri
X-BYPASS-REASON
CDN-Uid
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
X-R9-Blue-Green-Version
X-SRV
X-Correlation-ID
X-Tid
WP-Super-Cache
X-Ms-Request-Id
X-JoinUs
X-Ms-Version
X-Zen-Fury
X-SaId
X-FireWall-Port
Cache-Name
ServedBy
X-ECache
X-LSADC-Cache
X-Debug-Cache
X-DynaTrace-JS-Agent
X-Nginx-Cache
X-WP-CF-Super-Cache
X-Api-Version
X-WP-CF-Super-Cache-Cache-Control
X-Ua
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Dc
X-Human
X-TA-CDN-Provider
Xserver
Source
Xet-Cookie
X-Cache-Tags
Cache
X-Loop
X-MP-GENERATED-AT
X-TNCMS
X-RCS-CacheZone
X-Aspnetmvc-Version
SD-X-WS
X-Varnish-Hits
X-Cdn
X-Reqid
Cross-Origin-Window-Policy
X-Webkit-CSP
X-GEO
Origin
X-Cached-By
X-Pubstack
X-Soup
WPO-Cache-Message
X-Amzn-Remapped-Content-Length
WPO-Cache-Status
X-NewRelic-App-Data
X-App-Version
LB
X-Origin-CC
X-Origin-TTL
X-Tumblr-Pixel-2
From-Origin
X-Service
X-Via-NSCOPI
X-IPS-LoggedIn
X-B3-SpanId
X-Vgn-Hpd-Reason
X-AOL-HN
X-Newrelic-Synthetics
X-TIME
X-GG-Cache-Date
X-Tec-Api-Version
X-Varnish-Beresp-Ttl
X-Tec-Api-Origin
X-Tec-Api-Root
X-FW-Version
Rip
X-Provided-By
X-Platform-Server
X-Request-Host
Cache-Hits
X-Cluster-Node
X-Ec-Fail
X-VG-WebCache
X-Tenant
X-Cache-NE
Sslversion
X-Vdms-Version
X-A
X-Forwarded-Path
X-B-Cookie
X-Vdms-Path
Host-ID
X-S-Cookie
MD5-Digest
X-S
X-A-Dcw
X-A-Dgt
X-Aed
X-A-Wwc
X-Rojux
X-Shop-Environment
Odigeo-Trace-Id
X-A-Dam
X-A-Ccd
BehaviorPad-Version
Cdnsip
X-User
Cdncip
X-AK-Request-ID
DCR-Processing-Time-Ms
Xc-Version
X-BCube-Filmed-By
Expiry
X-NAPM-TraceId
Rendered-Blocks
X-Bc-Bl
X-Ec-GeoHdr
X-Connection-Hash
X-TIM-N
Ngx.Var.Host
Lang
Surrogated-Key
X-Served-From
T-Server
X-PBS-Appsvrname
X-ARC
X-Processor
X-Developer
Webserver
X-SRCache-Key
Meta-Geo-Continent
X-External-Request-Id
DCR-Decision-By
X-Rewrite-Enabled
A
X-Application
X-Orig-Expires
X-D
X-ScT
X-Destination
Upgrade-Insecure-Requests
OT-Force-Account-Verify
X-Aicache-OS
X-Dispatcher-Number
X-Qloud-Router
X-Generated-On
X-Pool
Environment
X-Accel-Buffering
X-Bip
X-Level-Front-Cache
Redirect-Candidate
X-Owner
X-Thanos
Fastly-SSL
Cache-Tv-Group
X-WA-Info
X-Cluster
X-BBC-Edge-Cache-Status
X-Auto-Login
Origin-CC
Wxu-Next-Region
X-CacheTTL
Thinkindot-CacheControl-Type
Release
Thinkindot-CacheControl
TDXMobile
Servername
Req-Svc-Chain
State
Traceparent
Tube-Get-Contents
Tube-Return
Wxu-Next-Commit
Wxu-Next-Hostname
Tube-Got-Results
Mobile-Detection-Method
Tube-Got-Eval
NGX
Origin-EX
X-Irp-Debug
X-Optimistic-Header
X-Nyt-Route
X-Wix-Viewer-Type
X-VServer
X-Origin-Response-Time
X-Origin-Expires
X-Worker
X-Minions-Version
X-Parent-Response-Time
X-Varnish-Beresp-Status
X-Loc
Machine
Memcached
X-Origin-Time
X-VG-TLSProxy
X-SIPLIST1
X-Sigma-Backend
X-Thinkindot-L3
X-SplitTest
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sigma
X-SB
X-Request-URI
X-Policy
X-Rocket-Build-Number
X-Rocket-Nginx-Serving-Static
X-S-Maxage
X-JWT-State
CPC-Age
X-Ec-Custom-Error
X-Device-Os
X-Epic-Correlation-Id
X-Eu-Site
X-Forwarded-Site
X-Fetched-On
X-Developers
X-Csrf-Jwt
X-Ckpd-Fst-Backend
X-CGP
X-Clientip
X-Core-Mission
X-Core-Value
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Has-Esi
VNS-Age
X-Hash
CPC-Cache
X-Is-Gdpr
X-INCAP-ABP
VNS-Cache
X-GeoIP-City
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Gdpr
X-Geo-Header
X-GeoIP
X-Cdn-Srv
Thinkindot-Control
DSUID
Decoy-Debug-TTL
Decoy-Debug-Status
Fastly-SIE
Fastly-SWR
Ha-Gx-Prefs
Gh-Request-Id
Apple-News-Services-Request-Url
Decoy-Debug-Key
Country-Code
Apple-News-Services-Parsed-Url
Candidate-Md5Url
Cache-Host
Click-Count-Action-Start
Click-Count-Error
Apple-News-Services-Handled
Apple-News-Services-Host
HA-Ipaddr
X-CSRF-Token
L
L5d-Success-Class
IsBot
Kp-EeAlive
HostName
X-Tx-Id
X-Xrds-Location
Mime-Version
WebServer
X-VC
X-Block-Status
X-CMSURLCustom
Adler-Geo
X-Scheme
AKAMAI
X-Scale
X-DefElseHash
X-Fmm-Version
X-Varnish-Remaining-TTL
X-Hnp-Log
Mail-Subject
X-Varnish-CookieINHashed-On
X-DefHash
X-Varnish-CookieHashed-On
X-Branch-Name
X-Session-Fingerprint
X-Sn-Servicetimems
X-Variation
X-Gen-Mode
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-V-Cache
X-Gamma-Serve
Canary
X-Cache-Bucket
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Clara-WADP
X-Cache-Info
X-Slack-Backend
X-Viewer-Country
X-Cdn-Origin
X-Datadog-Trace-Id
Cmstype
Is-Eu
X-Rebelmouse-Surrogate-Control
Producers
Server-Ext
Server-Host
Sever-Int
X-Region-Sid
Server-Hostname
X-Rebelmouse-Cache-Control
Platform
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Origin
NM-Fastcgi-Cache
X-Proxy-Cache-Info
X-NCache
X-NodeID
X-WADP-Cache
Svr
Cmsid
X-DPWN-IS-SECURE
Web-Mar-Region
Cluster
CloudFront-Viewer-Country
X-Ad-Defer-Variation
X-Mvc-Supplant-Cachable
CDCHOST
We-Hiring
Vix-Hermes-Req-Id
X-RateLimit-Limit-Second
Fastcgi-Cache-TTL
X-RateLimit-Remaining-Second
X-Mvc-Supplant-OutputCached
Datacenter
V-Age
User-Cache-Control
X-HS-Content-Campaign-Id
Ec-Rule-Version
X-Cache-Remote
X-Cache-Id
X-Fastly-Cache
X-Gzip
X-Varnish-Ttl
X-LB-NoCache
X-Cache-Debug
X-Esi-Check
X-WP-CF-Super-Cache-Active
X-Sucuri-ID
Pics-Label
X-ZONE
Ssr
X-Pod-Name
X-Sucuri-Cache
X-NWS-UUID-VERIFY
X-ND-Cache
X-Udemy-Cache-App-Namespace
Sid
Time
X-ATG-Version
Memory
X-Fastly-Backend
X-Azure-Ref-OriginShield
X-Var-Ttl
X-FC-Vary-Parameters
SID
X-Tb-Optimization-Total-Bytes-Saved
X-Buckets
X-Ig-Push-State
X-Cache-Date
X-Generated-In
Fastly-Drupal-HTML
X-B3-Traceid
X-Presslabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-Edge-Pop
X-Newrelic-App-Data
X-Conf
X-Akamai-Transformed
X-Refresh
X-Via-Popv
X-Servedbyhost
X-Via-Poph
X-Via-Popn
X-Microcachable
X-Cs
X-Release
Env
Server-ID
X-Trace-ID
Fastly-Drupal-Html
X-Nf-Request-Id
X-NC
X-Dmc
X-MSEdge-Features
X-MSEdge-Flight
X-TRACE-ID
X-Pass-Why
X-Fpc
X-Esi
X-Be
X-PX
X-ID
X-Tumblr-Pixel-3
X-Zone
GeoIp-Country-Code
X-Endurance-Cache-Level
Magicmarker
X-MCACHE
X-Dispatch
My-App
X-Up
CDN
X-DC
X-EC-Lua
X-Yandex-Sdch-Disable
X-CS
X-Lambda-Id
X-Wa
True-Client-IP
X-CACHE-AGE
X-NGINX-Cache
X-RateLimit-Reset
X-Air-Hostname
X-Air-Source
X-Vc
X-Wikidot-Static-Cache
X-Air-Trace-Id
X-VCL-Version
X-TX-ID
X-Wikidot-Backend
X-Webkit-CSP-Report-Only
Hostname
X-CSRF-TOKEN
X-Srv
X-Hyper-Cache
X-CACHE-KEY
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Req
Pramga
X-M-Log
X-M-Reqid
X-Alfa-Service
X-Micro-Cache
X-HS-Status
X-App
X-TH-Server
CacheControlHeader
True-Client-Country-4JS
C-Via
X-Air-Pt
X-Qnm-Cache
X-LB-ID
Resin-Trace
N-Cache
X-Varnish-Beresp-TTL
X-TrackingId
X-Op-Id-All
True-Client-Ip
Path
X-Vcl-Version
Tcn
On-Server
GeoIP-Country-Code
Tracecode
X-PAYTM-SRV-ID
X-Vercel-Cache
Fastcgi-X-Cache-Version
X-Vercel-Id
X-Platform
X-Check-Cacheable
X-SERVER-NAME
X-B3-Spanid
X-Edge-Origin-Shield-Region
Esi-Enabled
X-Edge-Origin-Shield-Bytes
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
Hit
X-FPC
X-Akamai-Pragma-Client-IP
GeoIP-Latitude
X-GeoIP-Region-Code
X-Datacenter
X-GeoIP-Country-Code
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Proxy-Connection
Section-Io-Origin-Time-Seconds
X-Webkit-Csp-Report-Only
WWW-Authenticate
X-Lb-Id
X-WA
X-Platform-Cluster
X-Via-CDN
X-Platform-Router
X-Mly-Id
X-Platform-Processor
X-AIR-PT
X-SD-PageType
X-LAGOON
X-Geo
X-Request-Start
X-API-Version
X-Node-Id
X-ApacheServer
X-PERF
User-Agent
X-ServedByHost
Lb
Server-Id
YJS-ID
X-RAMCache
X-Via-PopV
X-Date
X-Via-PopN
X-Via-PopH
Cache-Key
X-Accel-Expires-Debug
X-Edge-POP
HIT
ENV
Yjs-Id
X-Dw-Trace-Id
Cdn
X-Cdn-Forward
DynaTrace
X-Render-Time
X-Instance-Name
X-Response-By
X-Old-Content-Length
X-Proxy-CacheRZ
XServer
XkeyRZ
FSS-Cache
Server-Ttl
DT-Hot-News
X-VarnishDD-TTL
X-TT-LOGID
X-Proxy-Cache-Hk
PFcat
XM
X-Cache-Ttl
X-CUA
Geoip-Latitude
X-Traceid
X-HN
Dnion-Transfer-Encoding
X-FORWARDED-FOR
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Via-Ucdn
X-LI-UUID
X-Proxy-Upstream
X-Service-Response-Time
X-LiteSpeed-Cache-Control
Sm-Log-Id
Location
PICS-Label
X-DSS
Ohc-File-Size
X-Akamai-ERRuleID
X-DI
X-DB
X-CF-Powered-By
X-Fastly-Backend-Reqs
X-From
X-DW
Srvid
X-Location
X-LiteSpeed-Tag
Nginx-CQVIP
X-Akamai-ERPolicy
Locid
X-FL-EDGE
X-RPM
X-RPS
X-RSL
Powered-By
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache
X-UA
X-Varnish-Authentication
X-Webstats-RespID
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-HostName
X-Cdn-Request-ID
Vha6-Origin
X-Request-Url
Wpo-Cache-Message
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-Lb-Nocache
Wpo-Cache-Status
Wp-Super-Cache
Warning
X-Cache-Ngx
X-Ips-Loggedin
CountryCode
X-Moov-T
M-TraceId
X-Moov-Xdn-Version
SRV
X-DataCenter
Req-ID
X-Director
X-Snapshot-Date
X-Nc
X-Cache-Backend
X-Mg-Cache
MIME-Version
WZWS-RAY
X-Ftr-Request-Id
Fastcgi-Cache-Ttl