Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Request-ID
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Generator
X-Check
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Status
Upgrade
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-UA-Device
X-Amz-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Amz-Id-2
EagleId
X-Backend
X-AH-Environment
X-Proxy-Cache
P3p
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
X-Ua-Compatible
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
X-Page-Speed
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Apo-Via
X-Device
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Server-Id
X-Host
EagleEye-TraceId
X-Ruxit-JS-Agent
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Readtime
X-Backend-Server
Request-Id
X-Content-Security-Policy-Report-Only
X-HW
X-Cache-Lookup
X-Cache-Spec
Accept-Ch-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Cloud-Trace-Context
X-Response-Time
X-Application-Context
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
Content-Location
X-Mcache
Accept-CH-Lifetime
X-Content-Type
X-MS-InvokeApp
X-Url
X-Litespeed-Cache
X-Clacks-Overhead
X-CST
X-Vname
X-PC
X-TtlSet
X-Midtier
X-Amz-Server-Side-Encryption
Rating
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Rack-Cache
X-Element-Page-Cache
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
Origin-Trial
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
Verso
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
X-Ac
Service-Worker-Allowed
X-ECACHE
X-Powered-By-Plesk
X-Cnection
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
X-Ttl
Xkey
X-Abt-Application-Version
X-Client-IP
Edge-Control
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-Upstream
Arr-Disable-Session-Affinity
X-B3-TraceId
X-Mg-S
X-Cached
X-Dw-Request-Base-Id
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Varnish-TTL
X-NWS-LOG-UUID
X-Px
Display
X-Middleton-Display
Pagespeed
X-Sol
X-SRCache-Fetch-Status
X-NF-Request-ID
Accept-Ch
X-SRCache-Store-Status
X-FastCGI-Cache
Access-Control-Request-Method
Edge-Cache-Tag
X-Forwarded-For
X-Cache-Key
X-Country-Code
X-Correlation-Id
X-Goog-Hash
X-Powered-CMS
X-Ser
X-Id
Content-MD5
AR-SID
X-Ratelimit-Limit
Front-End-Https
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Webkit-Csp
Public-Key-Pins
TCN
X-Version
X-Jurisdiction
X-HP-Webp
X-Amzn-Trace-Id
X-HP-Trace-Id
X-MSEdge-Ref
X-Content-Digest
X-T
X-Recruiting
X-RateLimit-Remaining
Response
X-Middleton-Response
X-Accel-Expires
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
S
Cache-Status
Nginx-Cache
X-XRDS-Location
X-Fastcgi-Cache
X-Daa-Tunnel
X-Request-Processing-Time
X-Request-Received
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
Server-Node
X-Fastly-Request-ID
Cross-Origin-Opener-Policy
X-B3-TraceId-Primal
Cache-Tags
MRF-Tech
Mrf-Cache-Status
X-Distributor
X-Hits
X-Ratelimit-Remaining
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Edge-Location-Klb
X-Kinsta-Cache
X-LB-Cache
X-Origin-Server
X-PressLabs-Stats
X-Ua-Browser
X-Ratelimit-Reset
X-Ezoic-Cdn
Alternate-Protocol
Fastcgi-Cache
Filterid
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Grace
X-LLID
X-Frontend
X-Request-Handler-Origin-Region
X-Microsite
X-Rid
Server-Name
X-DIS-Request-ID
X-Hostname
X-FB-Debug
Healthy
X-Geo-Country
X-Varnish-Backend
X-Logged-In
X-Git-Hash
Cleartype
X-Www-Served-By
Realpath
X-Debug-Info
X-NGENIX-Cache
Payment
X-Cluster-Name
X-Load-Cache
DC
X-Page-Id
X-Protected-By
X-Forwarded-Proto
MS-Author-Via
Access-Control-Allow-Method
Content-Disposition
X-ASPNET-VERSION
X-Origin-Cache
X-ECache
X-DataDome
Charset
X-B3-Sampled
X-Goog-Metageneration
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Upgrade-Enabled
X-TTL
X-Kong-Upstream-Latency
X-AppVersion
X-Activity-Id
X-Az
X-Proxy
X-Seen-By
Count-Hit
X-F-Cache
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
X-Azure-Ref
X-Fb-Rlafr
Paypal-Debug-Id
X-Whom
Cross-Origin-Resource-Policy
X-Times
X-B
X-Revision
X-Type
X-Akamai-Edgescape
X-Providence-Cookie
X-Request-Guid
Accept-Charset
Surrogate-Key
X-Route-Name
X-Cache-Age
Viewport
X-Aspnet-Duration-Ms
X-Contextid
X-App-Environment
X-Flags
X-Is-Crawler
Retry-After
X-Wix-Request-Id
X-B3-Traceid
X-Varnish-Server
X-TT
X-Hosted-By
X-Aspnetmvc-Version
X-B-Cache
X-Signature
X-DynaTrace
X-Language
X-Cache-Control
X-Envoy-Decorator-Operation
X-Source
Amp-Access-Control-Allow-Source-Origin
X-Mobile
X-App-Server
X-Varnish-Grace
X-Magnolia-Registration
X-Goog-Generation
X-Oracle-Dms-Ecid
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-VCache
X-Oracle-Dms-Rid
Host
WPO-Cache-Status
Version
WPO-Cache-Message
Referer-Policy
Refresh
X-N
X-XRDS-LOCATION
X-Server-ID
X-Cache-Rule
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Time
X-Original-Request-Id
X-Varnish-Age
X-Response-Served-From
X-EdgeConnect-Cache-Status
X-Oneagent-Js-Injection
X-Cache-Status-Check
X-Cache-Grace
X-Rule
X-Jobs
X-Cacheable-TTL
X-G
X-UUID
Protected
SD-X-WS
X-Framework
X-FW-Hash
X-FW-Server
Ms-Operation-Id
X-FW-Type
X-FW-Serve
X-RTag
X-Content-Powered-By
X-FW-Static
X-Environment-Context
X-FW-Dynamic
X-RemovedCookies
MS-CV
Section-Io-Cache
X-FW-Version
X-User-Agent
From-Origin
X-ProcessESI
X-L-Path
VIX-Pulpo-Node
GEO-INFO
X-Backend-Name
VIX-Pulpo-Upstream-Status
Akamai-GRN
X-Device-Type
X-Tt-Trace-Host
NGB
CDN-RequestId
X-Status
X-Tt-Trace-Tag
X-Page-View
X-Drupal-Cache-Tags
X-Rendered-As
X-Region
X-NYM-Debug-Backend
X-Varnish-Ttl
X-Is-Bot
X-Instance
X-Cache-Expired-At
X-Drupal-Cache-Contexts
X-Adobe-Content
X-Akamai-Request-ID2
X-Adobe-Loc
X-Http-Reason
X-Nginx-Cache
Front
X-Ruxit-Js-Agent
X-Trace-Id
X-Servername
Url
X-Unique-Id
X-Fastly-Request-Id
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Accept-Language
Liferay-Portal
X-Content-Options
SRV
X-Debug-IsConnected
Fastly-SWR
X-Debug-IsPreview
Fastly-SIE
X-Newrelic-App-Data
Backend
X-Template
X-CDN-Forward
X-Cache-Hit
X-Zen-Fury
X-Air-Hostname
X-Air-Source
X-Yottaa-Metrics
X-RateLimit-Limit
X-Air-Trace-Id
X-Yottaa-Optimizations
X-Time
X-DynaTrace-JS-Agent
Country
X-Mode
X-Rocket-Nginx-Serving-Static
Content-Secure-Policy
X-Cache-Operation
Node
X-Uri
X-IPS-LoggedIn
S-Rt
X-Generation-Time
X-Cache-Server
Webserver
Onion-Location
X-Proxy-Cache-Info
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Tumblr-Pixel-2
X-COUNTRY
X-RN-RSRV
Meta-Geo
X-Amzn-Remapped-Content-Length
Filters
X-Edge-Location
X-Content-Age
X-Tb
X-Tumblr-Pixel-3
X-Web-Node
X-Timing-Wait
Azure-InstanceId
X-ARC
Azure-SiteName
Azure-Version
CF-IPCountry
Selected-Fe
Azure-SlotName
X-Locale
X-Proxy-Build
X-PHP-Backend
Azure-RegionName
Uber-Trace-Id
X-Ms-Version
X-Via-Fastly
X-Soup
X-Skip-Cache
X-Origin-Date
X-Site-Version
Cache-Hits
X-ProxyCache-Key
X-Ua
X-Sucuri-ID
Cache-Name
X-Ms-Request-Id
X-Labrador-Cache-Channel
X-Cms-Context
X-Server-W
X-ProxyCache-Status
WP-Super-Cache
X-BYPASS-REASON
X-Cache-Action
X-Sucuri-Cache
X-Proto
X-SayCDN-TTL
X-PHP-Host
X-Say-Cacheable
X-Say-TTL
X-Origin-Hint
X-Cache-Host
X-Proxy-Cache-Status
X-Handled-By
X-Cluster-Node
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-Access
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Extlb
Property-Id
X-Format
ServerID
X-Debug
TWC-Device-Class
TWC-Connection-Speed
X-Forwarded-Host
X-Proxied
X-UA-Device-Type
X-Sql-Duration-Ms
X-Varnish-Beresp-Grace
X-Zipkin-Id
X-Reqid
X-Sql-Count
X-VC-Cache
X-Section
X-Routing-Service
X-Real-IP
Cache-Tv-Group
X-SaId
ServedBy
X-FB-TRIP-ID
X-Adobe-Source
X-IPLB-Instance
X-IPLB-Request-ID
X-App-Version
Web-Mar-Node
X-LJ-Flow-ID
X-AWS-Id
X-Optimistic-Header
X-R9-Blue-Green-Version
Cross-Origin-Window-Policy
X-VWS-Id
X-LAGOON
X-JoinUs
DB-Nickname
X-No-Session
X-Cluster
X-Urbn-Context-Path
X-Urbn-Site-Id
Apigw-Requestid
Mn-Server-Ip
Locale
X-Cache-TTL-Remaining
X-Detected-As
X-LSADC-Cache
X-GeoCountry
Countrycode
X-GeoCode
Fastcgi-Useragent
X-Director
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Xfnlog-Site
X-Node-Name
Mime-Version
X-Tt-Logid
Upgrade-Insecure-Requests
X-Varnish-Hits
Frame-Options
Source
X-TIME
X-GEO
CDN-RequestCountryCode
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-Generated-By
X-Buckets
Fastly-Drupal-HTML
X-Hl-Ver
X-Mg-Request-UUID
X-Request-Time
X-Varnish-Cache-Hits
Load-Balancing
X-FireWall-Port
X-Tec-Api-Origin
X-Tec-Api-Root
Xet-Cookie
X-Tec-Api-Version
X-ServerID
X-Varnish-Hostname
X-Redis-Cache
X-RM-Cache-TTL
X-Datadog-Parent-Id
X-Origin-TTL
X-Datadog-Trace-Id
X-Origin-CC
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Loop
X-SRV
X-Api-Version
X-TA-CDN-Provider
X-Cache-Debug
X-URL
CF-Cached-On
X-Akamai-Transformed
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Tx-Id
X-ShopId
X-Sorting-Hat-ShopId
X-ShardId
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Served-From
X-Storage
X-Pass-Why
X-Pubstack
X-Endurance-Cache-Level
Xserver
X-Newrelic-Synthetics
X-Request-Host
X-Provided-By
Server-Info
X-Location
X-Service
X-Restarts
X-Core-Mission
X-CUA
X-Mobile-URL
X-Men
DSUID
X-Nyt-Route
X-A-Ccd
Surrogated-Key
Redirect-Candidate
DCR-Processing-Time-Ms
X-D
X-Ec-Fail
Server-Host
Candidate-Md5Url
X-Developer
X-Destination
X-Gdpr
Rendered-Blocks
X-External-Request-Id
X-Ec-GeoHdr
BehaviorPad-Version
X-Epic-Correlation-Id
Cache-Host
X-Generated-On
X-A-Wwc
Sslversion
A
X-A-Dam
X-Level-Front-Cache
X-Loc
X-Origin
X-INCAP-ABP
X-A-Dgt
X-A-Dcw
X-Hash
X-Httpd
DCR-Decision-By
Thinkindot-CacheControl
Meta-Geo-Continent
X-Conf
Odigeo-Trace-Id
X-TIM-N
X-Bip
Memcached
MD5-Digest
X-A
X-Application
X-Cache-Date
X-Sigma-Backend
X-Bc-Bl
X-Thinkindot-L3
X-Thanos
X-S
X-BCube-Filmed-By
X-SVT-ORM-RULES
X-SRCache-Key
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-S-Cookie
X-Test
NM-Fastcgi-Cache
X-Rocket-Build-Number
X-Rojux
Ngx.Var.Host
X-S-Maxage
Thinkindot-Control
Origin
X-ScT
X-We-Are-Hiring
Lang
X-Cdn-Origin
X-Akamai-Device-Characteristics
X-Aed
Xc-Version
X-B-Cookie
Thinkindot-CacheControl-Type
X-CMSURLCustom
Gannett-Cam-Experience-Id
T-Server
Host-ID
X-Vdms-Version
X-Processor
X-Vdms-Path
TDXMobile
X-Sigma
X-CSRF-Token
X-Cache-NE
X-Cache-Info
X-Origin-Time
X-WP-CF-Super-Cache-Active
X-TNCMS
X-Dispatcher-Server
X-Dispatcher-Number
Release
Cache-Key
X-BBC-Edge-Cache-Status
CacheControlHeader
C-Via
X-Cache-Bucket
X-CacheTTL
Is-Eu
X-Date
Platform
Req-Svc-Chain
Fastly-Backend-Name
Edge-Cache
Fastly-GeoIP-CountryCode
X-Cache-Id
X-DefElseHash
X-DefHash
CloudFront-Viewer-Country
Click-Count-Error
Cmsid
Cmstype
Country-Code
Magicmarker
Mail-Subject
Click-Count-Action-Start
Section-Io-Origin-Time-Seconds
X-Auto-Login
X-VServer
X-Pool
X-Vmg-Version
X-Region-Sid
X-Varnishpool
Tube-Got-Eval
X-Platform-Router
Tube-Return
X-Worker
X-Platform-Cluster
X-Platform-Processor
Tube-Got-Results
X-Air-Pt
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Correlation-ID
X-Server-IP
X-SD-PageType
X-Scale
X-CACHE-AGE
X-Req
Tube-Get-Contents
X-Varnish-CookieHashed-On
X-Variation
X-Var-Ttl
WWW-Authenticate
X-Ec-Custom-Error
We-Hiring
X-Gamma-Serve
X-Accel-Expires-Debug
X-Geo-Header
X-GeoIP
X-Has-Esi
X-Gzip
X-Fetched-On
X-Ad-Defer-Variation
Adler-Geo
AKAMAI
X-Esi-Check
X-Fastly-Backend
X-Fastly-Cache
X-Origin-Response-Time
X-HS-Content-Campaign-Id
X-Response-By
X-Human
X-Mvc-Supplant-Cachable
X-Node-Id
X-Origin-Expires
X-Org
Section-Io-Id
X-Mid
X-Is-Gdpr
X-JWT-State
Section-Origin-Responded
Section-Io-Origin-Status
Environment
HostName
X-Accel-Buffering
Web-Mar-Region
X-App
X-Planisys-CDN-Rules
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-NodeID
X-Nginx-Cache-Key
X-Irp-Debug
X-Mly-Id
X-Platform
X-Qloud-Router
X-WADP-Cache
X-Wix-Viewer-Type
Expect-Staple
X-WA-Info
X-Varnish-Beresp-Status
X-Release
X-V-Cache
X-Instance-Name
X-GeoIP-Region-Code
X-Clara-WADP
X-Core-Value
X-Developers
X-Ckpd-Fst-Backend
X-Cdn-Srv
X-Cache-FS-Status
X-Cache-Tags
X-Device-Os
X-DPWN-IS-SECURE
X-GeoIP-City
X-GeoIP-Country-Code
X-Frame-Option
X-Forwarded-Site
X-FC-Vary-Parameters
X-Fmm-Version
X-Azure-Ref-OriginShield
State
Vix-Hermes-Req-Id
Ssr
X-Vcl-Version
Producers
Origin-EX
Origin-CC
Canary
Machine
Gh-Request-Id
On-Server
Datacenter
X-Varnish-Beresp-Ttl
Kp-EeAlive
X-Via-CDN
X-FL-QIT-DEBUG
Apple-News-Services-Request-Url
Cache-Provider
Srvid
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-SB
X-NCache
X-Request-Start
X-Old-Content-Length
X-Op-Id-All
X-Zone
X-Platform-Server
X-Minions-Version
X-Hnp-Log
X-Gen-Mode
L
X-VG-TLSProxy
X-VarnishDD-TTL
X-HN
Locid
X-FL-EDGE
Server-Hostname
Server-Ext
Wxu-Next-Hostname
PFcat
X-Block-Status
Sever-Int
NGX
Wxu-Next-Commit
Wxu-Next-Region
X-Aicache-OS
User-Cache-Control
X-Parent-Response-Time
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
X-From
X-Eu-Site
X-Microcachable
X-Ua-Device
HA-Ipaddr
X-Cache-Remote
CDCHOST
X-Mvc-Supplant-OutputCached
L5d-Success-Class
Fastly-SSL
Ha-Gx-Prefs
X-CGP
X-Csrf-Jwt
X-Nananana
X-VC
X-Webkit-CSP-Report-Only
X-Up
X-LB-NoCache
X-B3-Spanid
X-Cache-Enabled
X-Refresh
X-Client-Ip
Env
X-Debug-Cache-Fetch
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-Store
X-RCS-CacheZone
X-Dc
X-DC
X-Cache-Backend
X-Lambda-Id
Pics-Label
X-VCT
X-ND-Cache
X-Presslabs-Stats
X-Generated-In
Cluster
X-Via-Popv
X-Via-Popn
Decoy-Debug-Key
Decoy-Debug-Status
GeoIP-Latitude
X-Via-Poph
Decoy-Debug-TTL
X-Cached-By
Sid
NtCoent-Length
X-Trace-ID
X-B3-SpanId
VNS-Age
X-Tid
CPC-Cache
VNS-Cache
X-HS-Status
CPC-Age
X-Vtex-Remote-Cache
X-Render-Time
X-NWS-UUID-VERIFY
X-Upstream-Ct
X-Upstream-Ht
X-Cs
AMP-Access-Control-Allow-Source-Origin
SID
Time
Fastly-Drupal-Html
Memory
X-CCDN-Origin-Time
Cache
X-LB-ID
X-CCDN-CacheTTL
X-Edge-Pop
X-Hcs-Proxy-Type
X-HA-Backend
X-Cache-Type
X-Webkit-CSP
X-DataCenter
X-Servedbyhost
X-TH-Server
X-Srv
GeoIp-Country-Code
X-Wa
X-Vgn-Hpd-Variations-Key
X-ATG-Version
X-Nc
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-AIR-PT
X-Esi
X-Via-JSL
Svr
X-Contensis-Viewer-Groups
X-NewRelic-App-Data
X-Cache-ASPX
X-Check-Cacheable
Server-ID
X-Varnish-Authentication
X-CLOUD-TRACE-CONTEXT
Srv
Cdn
X-ZONE
X-Vc
Uri
True-Client-IP
X-Amz-Meta-Cb-Modifiedtime
Esi-Enabled
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-Fpc
X-MP-GENERATED-AT
X-CF-Lambda-Version
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
XkeyRZ
X-Proxy-CacheRZ
X-Varnish-Beresp-TTL
X-CS
Hostname
XServer
X-Udemy-Cache-App-Namespace
X-CSRF-TOKEN
X-Gateway-Skip-Cache
X-AK-Request-ID
N-Cache
X-CDN-Cache-Status
X-Wikidot-Backend
X-Wikidot-Static-Cache
M-TraceId
Resin-Trace
X-Gateway-Cache-Status
Cdncip
Cdnsip
X-API-Version
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-CACHE-KEY
X-Nf-Request-Id
X-EC-Lua
YJS-ID
X-NGINX-Cache
X-Datadome
X-Tenant
X-Shop-Environment
Lb
X-Via-NSCOPI
RNT-Machine
X-Orig-Expires
X-Bl-Debug
X-Forwarded-Path
RNT-Time
X-FPC
OT-Force-Account-Verify
True-Client-Ip
X-Fastly-Country-Code
X-MSEdge-Features
X-MSEdge-Flight
X-TX-ID
X-B3-Trace-ID
X-App-Name
Eomportal-Instance
CDN
Request-ID
X-APP-VERSION
X-Policy
Server-Id
X-Service-Response-Time
Sm-Log-Id
X-WA
X-Cache-Ttl
X-Logging-Id
Path
GeoIP-Country-Code
Ngx-Var-Key
X-Micro-Cache
X-NC
X-Accel-Version
IsBot
Hit
X-Vcache
X-SIPLIST1
X-Git-Commit
X-Container-Uri
X-Datacenter
LB
X-VCL-Version
X-Cdn-Diag
X-Lb-Id
X-Request-URI
X-Cache-NGX
X-Ha-Backend
X-MCACHE
X-RateLimit-Reset
X-ServedByHost
HIT
X-Info
X-Edge-POP
X-Cdn-Forward
Location
Cross-Origin-Opener-Policy-Report-Only
X-Tncms
RATING
Pramga
X-LiteSpeed-Cache-Control
X-SERVER-NAME
X-Cdn-Cache-Status
X-Akamai-Pragma-Client-IP
X-Geo
X-Snapshot-Date
X-VG-WebCache
Ohc-File-Size
X-Pod-Name
X-Acquia-Purge-Cdn-Unconfigured
X-Srcache-Store-Status
FSS-Cache
Geoip-Latitude
XM
X-Srcache-Fetch-Status
Timeexpire
V-Age
X-TT-LOGID
Tcn
X-Ctl-Mach
True-Client-Country-4JS
X-Serial
Epwk-X-Cache
Req-ID
X-Via-PopH
X-Via-PopV
X-Via-PopN
X-Clientip
CDN-RequestPullSuccess
CDN-RequestPullCode
Yjs-Id
ENV
X-Lb-Nocache
X-LiteSpeed-Tag
X-HostName
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Rebelmouse-Cache-Control
X-Iauth-Set-Uid
X-Rebelmouse-Surrogate-Control
CountryCode
X-Cdn-Request-ID
X-Hyper-Cache
X-Oss-Server-Time
X-Oss-Request-Id
Servername
X-Amz-Meta-Opti
X-Oss-Object-Type
X-Oss-Storage-Class
X-Fastly-Backend-Reqs
X-Oss-Hash-Crc64ecma
Proxy-Connection
X-Cache-Expires
X-Dw-Trace-Id
Warning
X-M-Reqid
X-M-Log
X-TRACE-ID
WZWS-RAY
X-Acquia-Site
X-RAMCache
Ec-Rule-Version
X-Acquia-Purge-Tags
X-Swift-Error
X-Acquia-Application-UUID
X-B3-Parentspanid
X-UP
Content-Script-Type
W
Cneonction
X-Acquia-Application-Trace
X-Qnm-Cache
Content-Style-Type
X-F-Status
X-MiniProfiler-Ids
X-Lsadc-Cache
PICS-Label
X-Moov-Xdn-Version
X-Moov-T
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Ngx
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Ohc-Cache-HIT
X-Scheme
X-Litespeed-Cache-Control
Ngx
X-Th-Server
X-Fastly-Cache-Hits
X-Mg-Cache
My-App
X-B3-ParentSpanId
X-IPS-Cached-Response
MIME-Version
X-Webstats-RespID