Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Request-ID
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
X-Ua-Compatible
X-Via
X-Dns-Prefetch-Control
X-Cache-Group
Server-Timing
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Backend
X-Proxy-Cache
X-Amz-Id-2
X-Ws-Request-Id
X-Age
Host-Header
P3p
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
X-Akamai-Path-Stats
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-Nginx-Cache-Status
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-OneAgent-JS-Injection
X-Node
X-Server-Id
X-Pingback
EagleEye-TraceId
Accept-CH
X-Cache-Spec
Request-Id
Cf-Railgun
Surrogate-Control
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Readtime
X-Response-Time
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
Accept-CH-Lifetime
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-WebKit-CSP-Report-Only
X-Url
X-Clacks-Overhead
X-Edge
X-Ruxit-JS-Agent
X-B3-TraceId
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Rack-Cache
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Nginx-Upstream-Cache-Status
X-Content-Type
X-ESI
X-Vcap-Request-Id
X-Mod-Pagespeed
X-Varnish-TTL
X-FastCGI-Cache
Xkey
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Exp-Id
X-Exp-Variant
X-D2id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Mcache
X-Amz-Rid
Verso
X-GitHub-Request-Id
X-VARITI-CCR
Cache-Tag
Accept-Ch
X-Powered-By-Plesk
RTSS
X-CST
Service-Worker-Allowed
X-Upstream
X-Cached
X-Navigation-Version
X-Version
X-Client-IP
X-Abt-Application-Version
X-ECACHE
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
X-Px
X-Cnection
X-Ac
X-Ruxit-Js-Agent
Public-Key-Pins
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Arr-Disable-Session-Affinity
X-Element-Page-Cache
X-Instrumentation
X-SharePointHealthScore
SPRequestGuid
X-Server-Name
X-Sol
Pagespeed
X-Middleton-Display
Display
SPIisLatency
SPRequestDuration
X-Ser
X-Cache-TTL
X-NWS-LOG-UUID
X-Country-Code
X-RateLimit-Remaining
Permissions-Policy
X-Ttl
X-Midtier
X-Cache-Key
X-Middleton-Response
Response
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-NF-Request-ID
X-Forwarded-For
Content-MD5
Access-Control-Request-Method
X-DataDome
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Shield-Request-Id
Front-End-Https
X-MSEdge-Ref
X-Recruiting
X-T
X-Jurisdiction
X-HP-Trace-Id
Nginx-Cache
Edge-Cache-Tag
X-HP-Webp
TP-L2-Cache
TP-Cache
AR-PoweredBy
AR-Request-ID
AR-CACHE
AR-SID
AR-ATIME
X-Powered-CMS
X-Accel-Expires
X-RateLimit-Limit
X-Daa-Tunnel
TCN
MicrosoftSharePointTeamServices
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Grace
X-Correlation-Id
X-Id
X-Hits
X-Mg-S
X-Content-Digest
X-Request-Received
X-Request-Processing-Time
Filters
Server-Node
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-TTL
Server-Name
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Amzn-Trace-Id
X-Frontend
Cf-Apo-Via
X-LLID
S
X-Distributor
MS-Author-Via
X-Geo-Country
X-Protected-By
Fastcgi-Cache
X-Webkit-Csp
Cache-Status
X-PressLabs-Stats
X-Language
X-LB-Cache
X-Fastly-Request-Id
X-Origin-Server
Cross-Origin-Opener-Policy
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-F-Cache
X-B3-Sampled
Host
Charset
X-FB-Debug
X-Microsite
X-Request-Handler-Origin-Region
X-Forwarded-Proto
X-Page-Id
X-Seen-By
X-Ab
X-Git-Hash
X-Ua-Browser
Count-Hit
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Filterid
Payment
X-Cache-Age
Realpath
X-Litespeed-Cache
X-ASPNET-VERSION
X-Cluster-Name
X-Ratelimit-Reset
X-VCache
Surrogate-Key
Accept-Charset
X-Rid
Cache-Tags
X-Origin-Cache
X-XRDS-Location
Alternate-Protocol
X-Template
X-NGENIX-Cache
X-DynaTrace
Retry-After
X-Az
X-AppVersion
X-Activity-Id
X-Www-Served-By
Cleartype
Access-Control-Allow-Method
X-Varnish-Backend
X-Amz-Replication-Status
X-TT
X-Type
X-Varnish-Grace
X-Upgrade-Enabled
X-Request-Guid
X-Aspnet-Duration-Ms
X-DIS-Request-ID
X-Providence-Cookie
X-Flags
X-Route-Name
X-Is-Crawler
X-Fastcgi-Cache
X-B
X-Node-Name
X-Signature
X-B-Cache
X-Tb
X-Wix-Request-Id
X-Logged-In
X-App-Environment
DC
ServerID
Paypal-Debug-Id
X-Debug
X-Proxy
X-Drupal-Cache-Tags
X-Envoy-Decorator-Operation
X-Source
Frame-Options
X-Hostname
X-Content-Options
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Mobile
X-Fastly-Request-ID
X-Revision
X-Content
X-Load-Cache
Amp-Access-Control-Allow-Source-Origin
Pinterest-Version
X-Contextid
Pinterest-Generated-By
X-Pinterest-Rid
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-N
X-Cache-Rule
Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Control
X-Magnolia-Registration
Referer-Policy
X-Whom
X-User-Agent
Node
Viewport
X-Original-Request-Id
X-Response-Served-From
Refresh
X-EdgeConnect-Cache-Status
Content-Disposition
NGB
X-Debug-IsPreview
X-Environment-Context
X-Cacheable-TTL
X-Cache-TTL-Remaining
Access-Control-Request-Headers
X-Varnish-Age
X-Debug-IsConnected
X-L-Path
X-Varnish-Server
X-Mid
X-G
X-Real-IP
X-Yottaa-Metrics
X-Unique-Id
X-Yottaa-Optimizations
X-Jobs
X-Servername
Url
Uber-Trace-Id
VIX-Pulpo-Node
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-Adobe-Loc
X-Framework
X-Page-View
X-Cache-Time
VIX-Pulpo-Upstream-Status
X-Adobe-Content
X-Rendered-As
X-Instance
Akamai-GRN
X-Status
X-Cache-Grace
X-Is-Bot
X-Content-Powered-By
X-XRDS-LOCATION
X-Mg-Request-UUID
X-RemovedCookies
X-Restarts
X-Ratelimit-Remaining
Countrycode
X-ProcessESI
X-Drupal-Cache-Contexts
Version
Srv
X-Server-ID
X-COUNTRY
X-App-Server
X-Http-Reason
X-Debug-Info
X-CDN-Forward
X-APP-VERSION
Accept-Language
X-Trace-Id
Protected
X-Correlation-ID
X-IPLB-Instance
X-Cache-Expired-At
X-IPLB-Request-ID
X-Time
Healthy
X-Hosted-By
X-Via-JSL
X-Cache-Hit
X-Tumblr-Pixel-0
X-Tumblr-User
X-Nginx-Cache-Key
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Liferay-Portal
X-Device-Type
X-Azure-Ref
X-Tt-Logid
X-Cache-Operation
X-FW-Server
X-FW-Static
X-FW-Type
X-Ratelimit-Limit
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
Fastcgi-Useragent
Section-Io-Cache
X-Backend-Name
X-Cache-NGX
MS-CV
X-RTag
Ms-Operation-Id
X-ECache
Content-Secure-Policy
X-Proxy-Cache-Status
Server-Info
Backend
X-Oracle-Dms-Rid
X-Akamai-Edgescape
X-UUID
X-Mobile-URL
X-Oracle-Dms-Ecid
X-Storage
Meta-Geo
X-RN-RSRV
X-UPSTREAM-Address
Load-Balancing
X-Mode
CF-IPCountry
X-Handled-By
Cross-Origin-Resource-Policy
X-PHP-Backend
X-Sorting-Hat-ShopId
TWC-Privacy
X-LJ-Flow-ID
X-Origin-Date
X-Sorting-Hat-PodId
X-Locale
X-Sql-Count
Webcakes-App-Name
GEO-INFO
X-Cache-Server
Webcakes-Region
X-Content-Age
X-No-Session
X-Shopify-Stage
X-Forwarded-Host
X-Cache-Action
X-Format
X-Edge-Location
X-Cms-Context
X-VC-Cache
X-Server-W
X-Section
X-Origin-Hint
X-Site-Version
X-ShopId
X-ShardId
X-SayCDN-TTL
Webcakes-App-Version
X-Skip-Cache
X-OCL
X-Varnish-Hostname
X-Urbn-Site-Id
X-Sql-Duration-Ms
X-Varnishpool
X-Urbn-Context-Path
Property-Id
X-Varnish-Cache-Hits
X-Alternate-Cache-Key
X-AWS-Id
X-Proto
X-HTML-Minification-Powered-By
Locale
X-Region
S-Rt
Onion-Location
X-Say-Cacheable
Eomportal-Instance
X-Say-TTL
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
X-VWS-Id
TWC-Locale-Group
TWC-GeoIP-Country
X-Adobe-Source
X-Access
X-Storefront-Renderer-Rendered
X-PCL
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
Azure-Version
X-Cache-Type
X-BYPASS-REASON
Web-Mar-Node
CDN-Uid
X-Cache-Enabled
Selected-Fe
DB-Nickname
Mn-Server-Ip
X-Cache-Host
Azure-SlotName
CDN-RequestCountryCode
CDN-RequestId
CDN-PullZone
X-PHP-Host
X-Request-Time
X-Uri
X-Via-Fastly
X-Redis-Cache
X-ProxyCache-Status
X-Proxy-Build
Azure-SiteName
X-Routing-Service
X-UA-Device-Type
X-Varnish-Beresp-Grace
X-ServerID
X-Zipkin-Id
X-Xfnlog-Site
X-Timing-Wait
X-Web-Node
X-Proxied
X-ProxyCache-Key
X-Extlb
X-Generated-By
X-Detected-As
Apigw-Requestid
Azure-RegionName
Azure-InstanceId
X-Generation-Time
X-FB-TRIP-ID
X-Rule
X-Hl-Ver
X-Labrador-Cache-Channel
X-GeoCountry
X-GeoCode
X-Tid
X-Cache-Status-Check
X-Nginx-Cache
WP-Super-Cache
X-Zen-Fury
X-URL
X-Datadome
X-R9-Blue-Green-Version
X-JoinUs
X-SaId
X-Ms-Request-Id
X-Ms-Version
ServedBy
X-Dc
X-DynaTrace-JS-Agent
X-Ua
X-LSADC-Cache
X-FireWall-Port
Cache-Name
X-Debug-Cache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Human
X-Amzn-RequestId
X-Api-Version
X-Amz-Apigw-Id
X-SRV
X-Cache-Tags
Cache
Source
Xserver
Xet-Cookie
SD-X-WS
X-Cached-By
X-RCS-CacheZone
X-MP-GENERATED-AT
X-App-Version
X-GEO
X-TNCMS
Cross-Origin-Window-Policy
X-Loop
X-Varnish-Hits
X-TA-CDN-Provider
X-Reqid
WPO-Cache-Status
X-Aspnetmvc-Version
WPO-Cache-Message
Origin
LB
X-Pubstack
X-Soup
X-Amzn-Remapped-Content-Length
X-Cdn
X-Webkit-CSP
X-Origin-CC
X-Origin-TTL
X-NewRelic-App-Data
X-IPS-LoggedIn
X-Via-NSCOPI
X-Tumblr-Pixel-2
X-Vgn-Hpd-Reason
X-AOL-HN
X-B3-SpanId
X-Service
From-Origin
X-GG-Cache-Date
X-FW-Version
X-Provided-By
X-Newrelic-Synthetics
X-Xrds-Location
X-Platform-Server
X-TIME
Rip
X-Cluster-Node
Webserver
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Cache-Hits
X-Request-Host
Xc-Version
Upgrade-Insecure-Requests
X-Processor
X-A
X-A-Wwc
Environment
X-A-Dgt
DCR-Decision-By
X-Aed
DCR-Processing-Time-Ms
X-Application
X-AK-Request-ID
X-ARC
Expiry
X-Orig-Expires
X-Owner
X-B-Cookie
X-A-Ccd
X-A-Dam
X-Varnish-Beresp-Ttl
X-A-Dcw
X-NAPM-TraceId
X-PBS-Appsvrname
X-Connection-Hash
Rendered-Blocks
X-Tenant
X-Ec-Fail
Cdnsip
X-Ec-GeoHdr
X-VG-WebCache
A
X-SRCache-Key
Meta-Geo-Continent
Sslversion
X-TIM-N
X-Destination
X-CSRF-Token
Odigeo-Trace-Id
X-Developer
Cdncip
Ngx.Var.Host
X-Vdms-Version
X-User
X-Vdms-Path
Host-ID
Surrogated-Key
Lang
X-ScT
BehaviorPad-Version
X-Rewrite-Enabled
X-BCube-Filmed-By
X-S
X-S-Cookie
X-Forwarded-Path
X-Served-From
X-Shop-Environment
MD5-Digest
T-Server
X-Bc-Bl
X-Cache-NE
X-D
X-External-Request-Id
X-Rojux
OT-Force-Account-Verify
X-Generated-On
Cache-Tv-Group
X-Bip
X-Dispatcher-Number
X-Qloud-Router
X-Pool
X-Accel-Buffering
Fastly-SSL
X-Thanos
X-Aicache-OS
X-Cluster
X-Level-Front-Cache
Redirect-Candidate
X-Origin-Response-Time
HostName
X-WA-Info
Servername
X-CacheTTL
State
Server-Host
X-Cdn-Srv
Release
Producers
X-Clientip
X-Ckpd-Fst-Backend
Req-Svc-Chain
X-CGP
X-Cdn-Origin
X-Branch-Name
VNS-Cache
VNS-Age
Vix-Hermes-Req-Id
X-Auto-Login
Wxu-Next-Commit
X-Ad-Defer-Variation
Wxu-Next-Region
Wxu-Next-Hostname
V-Age
Tube-Return
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Traceparent
Tube-Get-Contents
X-Core-Mission
Tube-Got-Results
Tube-Got-Eval
TDXMobile
X-INCAP-ABP
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-Request-URI
X-S-Maxage
X-SB
X-Sigma
X-Scale
X-Region-Sid
X-Policy
X-Origin-Time
X-Origin-Expires
X-Origin
X-Parent-Response-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Sigma-Backend
X-SIPLIST1
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-VG-TLSProxy
X-VServer
X-Worker
X-Wix-Viewer-Type
X-Variation
X-V-Cache
X-Sn-Servicetimems
X-Slack-Backend
X-SplitTest
X-SVT-ORM-RULES
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Optimistic-Header
X-Nyt-Route
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Eu-Site
X-Fetched-On
X-Gamma-Serve
X-Forwarded-Site
X-Device-Os
X-Developers
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-DefHash
X-DefElseHash
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Is-Gdpr
X-Irp-Debug
Platform
X-JWT-State
X-Loc
X-NodeID
X-Minions-Version
X-Hash
X-Has-Esi
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Gdpr
X-Geo-Header
X-GeoIP-City
X-GeoIP
X-Core-Value
X-BBC-Edge-Cache-Status
IsBot
Is-Eu
Decoy-Debug-TTL
DSUID
Kp-EeAlive
Decoy-Debug-Status
L5d-Success-Class
Candidate-Md5Url
L
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SIE
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Fastly-SWR
Adler-Geo
Gh-Request-Id
Cache-Host
Apple-News-Services-Request-Url
Apple-News-Services-Host
Machine
NM-Fastcgi-Cache
CPC-Cache
Click-Count-Action-Start
CPC-Age
Country-Code
Cmstype
Origin-EX
Origin-CC
Cmsid
NGX
Decoy-Debug-Key
Memcached
Mobile-Detection-Method
X-VC
Click-Count-Error
X-Tx-Id
Mime-Version
X-Cache-Bucket
X-Cache-Id
X-Cache-Info
CDCHOST
X-Clara-WADP
X-Gzip
X-Scheme
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-Session-Fingerprint
X-Cache-Remote
X-Varnish-Beresp-Status
X-WADP-Cache
X-Viewer-Country
X-Proxy-Cache-Info
X-NCache
X-Gen-Mode
X-Fmm-Version
X-Esi-Check
CloudFront-Viewer-Country
X-Hnp-Log
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-HS-Content-Campaign-Id
AKAMAI
X-RateLimit-Remaining-Second
We-Hiring
Web-Mar-Region
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Mail-Subject
Svr
Server-Hostname
Sever-Int
Server-Ext
Fastcgi-Cache-TTL
User-Cache-Control
Cluster
X-Block-Status
Datacenter
WebServer
Ec-Rule-Version
X-Fastly-Cache
X-CMSURLCustom
Canary
X-LB-NoCache
X-NWS-UUID-VERIFY
X-Udemy-Cache-App-Namespace
X-ZONE
X-Cache-Debug
X-Varnish-Ttl
Ssr
X-Pod-Name
Pics-Label
X-WP-CF-Super-Cache-Active
Time
Sid
X-Sucuri-Cache
SID
X-Sucuri-ID
X-ND-Cache
Memory
X-Ig-Push-State
X-FC-Vary-Parameters
X-Fastly-Backend
X-Generated-In
X-Buckets
X-Cache-Date
X-ATG-Version
X-Azure-Ref-OriginShield
X-Var-Ttl
X-Tb-Optimization-Total-Bytes-Saved
X-Microcachable
X-Via-Popn
X-Via-Popv
X-Akamai-Transformed
Fastly-Drupal-Html
X-Conf
X-Edge-Pop
X-Servedbyhost
X-Refresh
X-Via-Poph
X-B3-Traceid
X-Presslabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-Newrelic-App-Data
Server-ID
X-TRACE-ID
Fastly-Drupal-HTML
X-Cs
X-Dmc
X-MSEdge-Features
X-MSEdge-Flight
Env
X-Release
X-Trace-ID
X-Yandex-Sdch-Disable
X-Fpc
X-Pass-Why
X-Nf-Request-Id
X-RateLimit-Reset
X-Be
X-NC
X-EC-Lua
X-Srv
X-Endurance-Cache-Level
X-Tumblr-Pixel-3
X-Esi
X-CS
X-PX
X-ID
X-MCACHE
X-Air-Source
X-Up
X-Zone
X-Air-Trace-Id
Magicmarker
GeoIp-Country-Code
My-App
X-Dispatch
X-Air-Hostname
X-DC
CDN
X-Wa
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-CACHE-AGE
X-Lambda-Id
True-Client-IP
X-TX-ID
X-Vc
X-VCL-Version
X-Webkit-CSP-Report-Only
X-Hyper-Cache
X-NGINX-Cache
Hostname
X-CF-Lambda-Fn
X-Req
X-CF-Lambda-Version
X-CACHE-KEY
X-M-Reqid
X-Micro-Cache
X-Alfa-Service
X-M-Log
X-App
X-CSRF-TOKEN
Pramga
X-Varnish-Beresp-TTL
CacheControlHeader
X-HS-Status
C-Via
X-Qnm-Cache
X-TH-Server
X-Vcl-Version
X-Air-Pt
Path
Resin-Trace
True-Client-Country-4JS
X-LB-ID
X-TrackingId
True-Client-Ip
N-Cache
X-Vercel-Id
X-Vercel-Cache
Fastcgi-X-Cache-Version
On-Server
X-Platform
X-PAYTM-SRV-ID
X-Op-Id-All
Tcn
X-Edge-Origin-Shield-Region
GeoIP-Country-Code
X-Edge-Origin-Shield-Bytes
X-Check-Cacheable
Tracecode
Esi-Enabled
X-B3-Spanid
X-SERVER-NAME
Proxy-Connection
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-FPC
X-Akamai-Pragma-Client-IP
GeoIP-Latitude
NtCoent-Length
X-AIR-PT
X-CLOUD-TRACE-CONTEXT
X-ApacheServer
X-GeoIP-Region-Code
X-LAGOON
X-Datacenter
X-GeoIP-Country-Code
X-WA
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Hit
X-Node-Id
X-API-Version
X-PERF
X-SD-PageType
X-Request-Start
X-Webkit-Csp-Report-Only
HIT
Cache-Key
X-Date
Cdn
X-Via-CDN
Server-Id
Lb
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
Yjs-Id
X-Geo
WWW-Authenticate
X-Lb-Id
ENV
X-Accel-Expires-Debug
X-Mly-Id
XkeyRZ
X-Via-PopH
DynaTrace
X-Render-Time
X-Proxy-CacheRZ
X-RAMCache
X-ServedByHost
YJS-ID
User-Agent
X-Via-PopN
X-Via-PopV
DT-Hot-News
X-Edge-POP
X-Cdn-Forward
X-Dw-Trace-Id
X-Traceid
FSS-Cache
X-HN
XM
X-Old-Content-Length
X-Proxy-Upstream
PFcat
X-Via-Ucdn
X-Response-By
Server-Ttl
XServer
X-Instance-Name
X-VarnishDD-TTL
Powered-By
X-LI-Proto
X-CF-Powered-By
X-Li-Fabric
X-LI-UUID
X-Li-Pop
X-FORWARDED-FOR
X-Proxy-Cache-Hk
X-CUA
X-Cache-Ttl
X-TT-LOGID
Dnion-Transfer-Encoding
Geoip-Latitude
X-LiteSpeed-Cache-Control
Sm-Log-Id
X-Service-Response-Time
PICS-Label
Nginx-CQVIP
Srvid
X-FL-EDGE
Location
X-Location
X-DB
X-From
X-DI
Locid
X-Akamai-ERPolicy
X-Fastly-Backend-Reqs
X-LiteSpeed-Tag
Ohc-File-Size
X-Akamai-ERRuleID
X-DSS
X-RSL
X-DW
X-RPM
X-RPS
SRV
X-UA
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
MIME-Version
X-Litespeed-Cache-Control
X-HostName
X-Cache-Backend
M-TraceId
X-Nc
X-Contensis-Viewer-Groups
Vha6-Origin
X-Lb-Nocache
X-Varnish-Authentication
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-Ftr-Request-Id
X-Request-Url
Wpo-Cache-Message
Wpo-Cache-Status
X-Webstats-RespID
X-Cache-ASPX
X-Cdn-Request-ID
X-Cache-Ngx
Warning
X-Ips-Loggedin
CountryCode
Wp-Super-Cache
X-UP
X-Mg-Cache
X-DataCenter
X-Director
X-Snapshot-Date
Fastcgi-Cache-Ttl
X-HA-Backend
Req-ID
X-Moov-T
X-Moov-Xdn-Version
X-Akamai-Request-ID
X-Httpd
X-MiniProfiler-Ids
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Cc-Via
WZWS-RAY