Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
CF-RAY
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Request-ID
X-Request-Id
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Ua-Compatible
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Accept-CH
X-Device
X-Page-Speed
Cf-Apo-Via
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Dns-Prefetch-Control
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Cache-Lookup
X-Readtime
X-Ruxit-JS-Agent
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Accept-CH-Lifetime
X-CST
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
Accept-Ch-Lifetime
X-Edge
X-WebKit-CSP-Report-Only
Content-Location
X-Country
X-Content-Type
X-Mcache
X-Clacks-Overhead
X-MS-InvokeApp
Rating
X-Url
X-ECACHE
X-Midtier
X-TtlSet
X-Amz-Server-Side-Encryption
X-PC
X-Vname
X-VARITI-CCR
RTSS
Cache-Tag
X-Vcap-Request-Id
X-Element-Page-Cache
X-D2id
Origin-Trial
Verso
X-Ac
X-Server-Name
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Rack-Cache
X-B3-TraceId
X-Varnish-TTL
X-Cnection
X-Powered-By-Plesk
X-Cache-TTL
Service-Worker-Allowed
X-GitHub-Request-Id
X-ESI
Xkey
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
X-SharePointHealthScore
X-NWS-LOG-UUID
X-Amz-Rid
SPRequestGuid
Edge-Control
X-Ttl
X-Cached
X-Litespeed-Cache
X-Px
X-Mg-S
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
Arr-Disable-Session-Affinity
X-Upstream
SPRequestDuration
SPIisLatency
X-Fastcgi-Cache
X-Cache-Key
X-Sol
Pagespeed
X-Middleton-Display
X-Correlation-Id
Display
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-NF-Request-ID
Access-Control-Request-Method
Edge-Cache-Tag
X-Goog-Hash
X-RateLimit-Remaining
X-Daa-Tunnel
X-XRDS-Location
Front-End-Https
X-Country-Code
X-Forwarded-For
X-Version
Public-Key-Pins
AR-ATIME
AR-Request-ID
AR-SID
AR-PoweredBy
AR-CACHE
X-Powered-CMS
X-Id
TCN
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-T
X-Recruiting
X-MSEdge-Ref
X-Content-Digest
X-Accel-Expires
Response
X-Middleton-Response
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Shield-Request-Id
X-Ser
TP-Cache
X-Aspnetmvc-Version
TP-L2-Cache
Nginx-Cache
X-Amzn-Trace-Id
X-Webkit-Csp
S
X-Request-Processing-Time
X-Request-Received
X-Hits
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
Server-Node
Cache-Status
X-Distributor
X-Edge-Location-Klb
X-Kinsta-Cache
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-Grace
Cache-Tags
Fastcgi-Cache
Alternate-Protocol
Server-Name
Accept-Ch
X-DataDome
X-Protected-By
X-Ruxit-Js-Agent
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ezoic-Cdn
X-DIS-Request-ID
X-Ratelimit-Limit
X-Origin-Server
X-LB-Cache
X-Geo-Country
X-Ratelimit-Reset
X-Ua-Browser
X-Microsite
X-Frontend
X-Request-Handler-Origin-Region
X-TTL
X-Rid
X-Debug-Info
X-Git-Hash
X-Www-Served-By
X-Varnish-Backend
Cross-Origin-Opener-Policy
Filterid
Healthy
Cleartype
X-Logged-In
X-Forwarded-Proto
Payment
X-FB-Debug
X-NGENIX-Cache
X-Page-Id
X-Load-Cache
X-ASPNET-VERSION
Charset
X-B3-Sampled
X-LLID
Content-Disposition
X-FastCGI-Cache
X-PressLabs-Stats
X-VCache
X-Ratelimit-Remaining
DC
X-Origin-Cache
X-Cluster-Name
X-Hostname
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MS-Author-Via
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
Retry-After
X-Proxy
Access-Control-Allow-Method
Accept-Charset
X-F-Cache
X-AppVersion
X-RateLimit-Limit
X-Activity-Id
Cross-Origin-Resource-Policy
X-Az
Paypal-Debug-Id
X-Amz-Replication-Status
X-Type
X-B-Cache
X-Signature
X-Contextid
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Hosted-By
X-Amz-Meta-S3cmd-Attrs
X-Route-Name
X-Request-Guid
X-Revision
Viewport
X-Varnish-Server
X-Azure-Ref
X-Aspnet-Duration-Ms
X-Wix-Request-Id
X-Seen-By
X-Oracle-Dms-Ecid
X-App-Environment
X-ORACLE-DMS-RID
X-Whom
X-ORACLE-DMS-ECID
X-Oracle-Dms-Rid
X-TT
X-Fb-Rlafr
X-B
X-DynaTrace
Amp-Access-Control-Allow-Source-Origin
Realpath
Surrogate-Key
Referer-Policy
Count-Hit
X-Source
X-Akamai-Edgescape
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Mobile
X-App-Server
X-B3-Traceid
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Cache-Control
Host
X-EdgeConnect-Cache-Status
X-Oneagent-Js-Injection
X-N
X-HTML-Minification-Powered-By
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Tumblr-User
X-Tumblr-Pixel-1
X-Cache-Rule
X-Magnolia-Registration
X-Tumblr-Pixel
X-Response-Served-From
X-Original-Request-Id
X-UUID
X-Varnish-Age
Version
X-Language
Refresh
X-Cache-Time
Section-Io-Cache
X-Cache-Status-Check
X-RTag
X-Envoy-Decorator-Operation
X-Template
X-Rule
X-Cache-Expired-At
SD-X-WS
Ms-Operation-Id
MS-CV
X-FW-Static
X-FW-Version
X-FW-Type
X-Status
X-FW-Server
X-RemovedCookies
X-ProcessESI
X-Page-View
X-FW-Dynamic
X-Adobe-Loc
X-Adobe-Content
Access-Control-Request-Headers
X-Cache-Grace
X-Content-Powered-By
X-FW-Hash
Akamai-GRN
X-Framework
X-FW-Serve
Protected
X-Environment-Context
X-G
NGB
X-Instance
X-Device-Type
X-Cacheable-TTL
Url
GEO-INFO
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Is-Bot
X-Http-Reason
X-Rendered-As
X-Servername
X-Jobs
X-NYM-Debug-Backend
X-L-Path
X-User-Agent
X-Akamai-Request-ID2
X-Backend-Name
SRV
X-Debug-IsConnected
X-Debug-IsPreview
X-Cache-Age
X-CDN-Forward
X-Newrelic-App-Data
X-Drupal-Cache-Contexts
X-Trace-Id
X-Drupal-Cache-Tags
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Nginx-Cache
From-Origin
CDN-RequestId
X-Cache-Hit
WPO-Cache-Message
WPO-Cache-Status
X-Tb
X-Region
X-URL
Accept-Language
Country
X-Pinterest-Rid
Front
X-Tt-Logid
X-Node-Name
Pinterest-Generated-By
Pinterest-Version
X-Fastly-Request-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Real-IP
Backend
X-Content-Options
X-TIME
Uber-Trace-Id
X-VC-Cache
X-Mode
Fastly-SWR
Fastly-Drupal-HTML
Fastly-SIE
X-COUNTRY
X-Unique-Id
X-DynaTrace-JS-Agent
Content-Secure-Policy
X-Cache-Operation
X-Rewrite-Enabled
Filters
X-Generation-Time
X-Tumblr-Pixel-2
Meta-Geo
X-RN-RSRV
X-UPSTREAM-Address
Azure-RegionName
Azure-Version
Azure-SlotName
X-Zen-Fury
Azure-SiteName
X-Access
X-Format
X-Web-Node
X-Section
CF-IPCountry
X-Cache-Server
Azure-InstanceId
X-Amzn-Remapped-Content-Length
Webserver
X-IPS-LoggedIn
X-Rocket-Nginx-Serving-Static
Onion-Location
X-Proxy-Cache-Info
X-Adobe-Source
X-Cms-Context
X-Proxy-Cache-Status
X-Debug
X-Cache-TTL-Remaining
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Sql-Duration-Ms
X-Locale
X-Sucuri-Cache
TWC-Connection-Speed
X-Sucuri-ID
Property-Id
X-Server-W
X-Soup
X-Sql-Count
X-Skip-Cache
X-Origin-Hint
X-Reqid
X-Ua
X-Varnish-Beresp-Grace
X-Say-Cacheable
X-PHP-Backend
TWC-Locale-Group
X-Via-Fastly
TWC-Device-Class
X-Say-TTL
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-SayCDN-TTL
Web-Mar-Node
ServerID
S-Rt
X-VWS-Id
X-Handled-By
X-IPLB-Instance
X-UA-Device-Type
X-GeoCountry
X-PHP-Host
X-IPLB-Request-ID
X-Labrador-Cache-Channel
X-Site-Version
X-Ms-Version
X-Ms-Request-Id
X-LJ-Flow-ID
X-Proto
Cache-Hits
X-Cluster-Node
X-Content-Age
X-Cluster
X-Cache-Action
X-BYPASS-REASON
X-Edge-Location
X-Forwarded-Host
X-GeoCode
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-ProxyCache-Key
X-AWS-Id
X-Cache-Host
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
CDN-EdgeStorageId
CDN-CachedAt
Node
Apigw-Requestid
Cache-Name
Cross-Origin-Window-Policy
CDN-Cache
DB-Nickname
X-Routing-Service
X-SaId
X-Urbn-Site-Id
X-Proxy-Build
Locale
X-Proxied
X-LSADC-Cache
X-No-Session
X-JoinUs
X-Zipkin-Id
X-SRV
X-Detected-As
X-Urbn-Context-Path
Selected-Fe
X-Extlb
Mn-Server-Ip
X-Timing-Wait
X-FB-TRIP-ID
X-Xfnlog-Site
X-LAGOON
X-Tec-Api-Version
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
WP-Super-Cache
X-Tec-Api-Origin
ServedBy
X-Tec-Api-Root
Mime-Version
X-Times
Fastcgi-Useragent
X-Air-Hostname
X-Air-Source
X-Hl-Ver
X-Air-Trace-Id
X-ECache
X-XRDS-LOCATION
X-Request-Time
Liferay-Portal
X-Time
X-Buckets
X-Tumblr-Pixel-3
X-CACHE-AGE
X-Optimistic-Header
X-Redis-Cache
X-Cache-Debug
Source
X-TNCMS
Upgrade-Insecure-Requests
X-Loop
X-Origin-Date
Xserver
X-Mg-Request-UUID
X-NWS-UUID-VERIFY
X-GEO
X-Generated-By
X-Akamai-Transformed
X-Varnish-Hits
Countrycode
CF-Cached-On
X-Cdn
X-Director
X-Uri
X-Pass-Why
X-Tid
X-Tx-Id
X-Presslabs-Stats
Frame-Options
X-TA-CDN-Provider
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
Xet-Cookie
X-ARC
X-Storage
X-Origin-CC
X-FireWall-Port
X-Varnish-Ttl
X-Origin-TTL
X-Service
X-Esi
X-App-Version
X-Varnish-Cache-Hits
X-B3-Spanid
X-DC
X-ShardId
X-Storefront-Renderer-Rendered
X-ShopId
X-Alternate-Cache-Key
Cache-Tv-Group
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Datadog-Trace-Id
X-Varnish-Hostname
X-Endurance-Cache-Level
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Environment
X-Datadog-Sampled
Release
Redirect-Candidate
X-S-Maxage
Rendered-Blocks
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-Control
WWW-Authenticate
Thinkindot-CacheControl
T-Server
X-Mobile-URL
Sslversion
Surrogated-Key
Req-Svc-Chain
MD5-Digest
DCR-Processing-Time-Ms
Edge-Cache
X-Mid
DCR-Decision-By
Candidate-Md5Url
A
BehaviorPad-Version
Gannett-Cam-Experience-Id
Host-ID
Ngx.Var.Host
Odigeo-Trace-Id
Meta-Geo-Continent
Memcached
Lang
X-A
Origin
X-A-Dgt
X-Vdms-Version
X-Platform-Router
X-Ec-Fail
X-Platform-Processor
X-VG-TLSProxy
X-Developer
X-Core-Value
X-D
X-Destination
X-SRCache-Key
X-Platform-Cluster
X-Ec-GeoHdr
X-External-Request-Id
X-Nyt-Route
X-TIM-N
X-Frame-Option
X-Origin-Time
X-Epic-Correlation-Id
X-INCAP-ABP
X-Vdms-Path
X-Generated-On
X-CMSURLCustom
X-We-Are-Hiring
X-Application
X-Loc
X-Level-Front-Cache
X-B-Cookie
X-Aed
X-A-Wwc
X-A-Dam
X-ScT
X-A-Dcw
X-Gdpr
Xc-Version
X-Bc-Bl
X-Cache-NE
X-Served-From
X-Rojux
X-Processor
X-Cache-Info
X-Thinkindot-L3
X-BCube-Filmed-By
X-S-Cookie
X-S
X-A-Ccd
X-BBC-Edge-Cache-Status
X-RM-Cache-TTL
Server-Info
X-Request-Host
SID
X-ServerID
Magicmarker
X-WADP-Cache
X-Human
X-Sigma
X-WA-Info
X-VServer
Tube-Got-Results
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
X-SVT-ORM-RULES
X-Httpd
X-Sn-Servicetimems
X-Conf
Server-Host
X-Sigma-Backend
X-Location
X-Test
X-Worker
Ssr
X-Vmg-Version
X-JWT-State
Svr
State
X-Is-Gdpr
X-Has-Esi
X-Fmm-Version
X-Core-Mission
X-Varnish-Beresp-Status
X-Clara-WADP
X-Cdn-Srv
X-Fetched-On
X-CUA
X-Ec-Custom-Error
X-Thanos
X-Developers
X-DefHash
X-DefElseHash
X-Cdn-Origin
X-Varnish-CookieHashed-On
X-Geo-Header
X-Auto-Login
X-Akamai-Device-Characteristics
X-GeoIP-City
X-SD-PageType
X-SVT-ORM-VERSION
X-Bip
X-Gamma-Serve
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Cache-Bucket
X-HS-Content-Campaign-Id
X-WP-CF-Super-Cache-Active
Cache-Host
C-Via
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Cache-Key
X-SB
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-NodeID
DSUID
Decoy-Debug-TTL
Click-Count-Error
Click-Count-Action-Start
X-Rocket-Build-Number
X-Trace-ID
CloudFront-Viewer-Country
Cluster
Decoy-Debug-Status
Decoy-Debug-Key
X-Origin-Response-Time
Country-Code
AKAMAI
X-Old-Content-Length
X-Req
X-Restarts
X-Pool
X-Platform-Server
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Parent-Response-Time
Section-Io-Id
X-AIR-PT
X-Pubstack
X-DPWN-IS-SECURE
X-Dispatcher-Server
CacheControlHeader
X-App
X-Esi-Check
X-Accel-Buffering
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Gzip
X-Accel-Expires-Debug
X-Ad-Defer-Variation
X-Dispatcher-Number
X-GeoIP
X-Region-Sid
CDCHOST
X-Qloud-Router
X-Azure-Ref-OriginShield
X-Cache-Id
X-Request-Start
X-Cache-FS-Status
X-Planisys-CDN-TTL
X-Gen-Mode
X-Ckpd-Fst-Backend
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Variation
X-Cache-Backend
Adler-Geo
X-Var-Ttl
X-Device-Os
X-Fastly-Backend
X-Varnishpool
X-Block-Status
X-Date
Cache-Provider
Wxu-Next-Hostname
Producers
Machine
X-Hash
X-Nginx-Cache-Key
X-Men
X-Scale
X-Minions-Version
Server-Hostname
Server-Ext
X-Slack-Backend
X-Org
Mail-Subject
X-Node-Id
Gh-Request-Id
NM-Fastcgi-Cache
NGX
On-Server
Origin-CC
Platform
Pics-Label
Origin-EX
X-LB-NoCache
X-Nananana
Is-Eu
User-Cache-Control
L
Vix-Hermes-Req-Id
Wxu-Next-Commit
X-Hnp-Log
Web-Mar-Region
We-Hiring
Cmsid
Cmstype
X-Wix-Viewer-Type
Kp-EeAlive
Sever-Int
X-NCache
X-Op-Id-All
Datacenter
Wxu-Next-Region
X-Origin
X-Server-ID
X-Refresh
X-V-Cache
X-Up
X-Mvc-Supplant-Cachable
X-Server-IP
X-Cached-By
X-VarnishDD-TTL
Fastly-SSL
X-Irp-Debug
Canary
X-HN
X-FC-Vary-Parameters
X-Owner
X-Slack-Shared-Secret-Outcome
X-Forwarded-Site
X-Cache-Tags
X-CacheTTL
X-Platform
PFcat
X-Webkit-CSP-Report-Only
X-Eu-Site
X-Aicache-OS
HA-Ipaddr
X-Cache-Remote
X-Cache-Date
X-CGP
Ha-Gx-Prefs
X-Csrf-Jwt
L5d-Success-Class
Cdn
Env
X-Via-Popv
X-Via-Poph
X-CSRF-Token
X-Mvc-Supplant-OutputCached
X-Via-Popn
GeoIP-Latitude
X-Microcachable
X-Servedbyhost
X-HA-Backend
Cdncip
X-Mly-Id
X-RCS-CacheZone
X-Tb-Optimization-Total-Bytes-Saved
Cdnsip
X-AK-Request-ID
HostName
Server-ID
X-Zone
Load-Balancing
X-API-Version
X-Fastly-Cache
X-Gateway-Cache-Key
X-Nc
X-Gateway-Request-Id
X-Gateway-Skip-Cache
Memory
X-DataCenter
X-Vc
X-Wa
Time
X-Gateway-Cache-Status
X-VC
X-Webkit-CSP
X-ZONE
X-ND-Cache
X-Origin-Expires
X-Generated-In
X-Instance-Name
X-Fpc
X-LB-ID
X-APP-VERSION
Cache
Eomportal-Instance
X-Response-By
Hostname
X-Release
X-Via-NSCOPI
X-HS-Status
X-Correlation-ID
Expect-Staple
X-From
Locid
X-FL-QIT-DEBUG
X-FL-EDGE
Srvid
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Client-Ip
X-Micro-Cache
Ngx-Var-Key
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Check-Cacheable
X-CCDN-CacheTTL
X-Api-Version
X-CSRF-TOKEN
OT-Force-Account-Verify
X-Via-CDN
X-Edge-Pop
X-Cache-Enabled
X-NGINX-Cache
X-CS
X-NewRelic-App-Data
NtCoent-Length
Edge-Copy-Time
X-Via-SSL
X-Via-Edge
GeoIp-Country-Code
X-SIPLIST1
IsBot
AMP-Access-Control-Allow-Source-Origin
X-Request-URI
X-Provided-By
X-Info
X-VCL-Version
X-MCACHE
X-Cache-NGX
X-Proxy-CacheRZ
XkeyRZ
X-Dc
X-Srv
X-Via-JSL
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Lambda-Id
Uri
X-Air-Pt
X-Nf-Request-Id
True-Client-IP
X-Amz-Meta-Cb-Modifiedtime
Srv
X-Vcl-Version
Sid
True-Client-Ip
X-EC-Lua
X-Vtex-Remote-Cache
Path
CPC-Age
Location
VNS-Cache
Resin-Trace
X-Render-Time
VNS-Age
CPC-Cache
X-Cs
X-Oss-Hash-Crc64ecma
Fastly-Drupal-Html
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Cache-Expires
X-B3-SpanId
Request-ID
Servername
X-Fastly-Country-Code
X-VCT
GeoIP-Country-Code
X-TH-Server
X-Edge-POP
X-CLOUD-TRACE-CONTEXT
X-ATG-Version
Cross-Origin-Opener-Policy-Report-Only
CDN
X-Moov-Xdn-Version
X-Varnish-Authentication
X-Cache-ASPX
X-Scheme
X-Varnish-Beresp-TTL
X-MSEdge-Flight
X-Moov-T
X-MSEdge-Features
X-Contensis-Viewer-Groups
Esi-Enabled
Traceparent
X-TX-ID
X-Accel-Version
M-TraceId
X-Viewer-Country
X-ApacheServer
X-Cdn-Request-ID
X-FPC
X-PERF
X-Pod-Name
Timeexpire
X-Upstream-Ct
YJS-ID
X-Upstream-Ht
LB
X-Akamai-Pragma-Client-IP
X-Datadome
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Service-Response-Time
X-RateLimit-Limit-Second
X-RateLimit-Reset
X-Datacenter
XServer
CountryCode
X-Cache-Type
X-RateLimit-Remaining-Second
Sm-Log-Id
X-Lb-Id
X-WA
X-Cdn-Cache-Status
X-NAPM-TraceId
Powered-By
X-Udemy-Cache-App-Namespace
X-SERVER-NAME
FSS-Cache
Server-Id
X-Geo
Rip
X-NC
X-Wikidot-Static-Cache
RNT-Time
X-CDN-Cache-Status
X-Wikidot-Backend
Ohc-File-Size
X-CACHE-KEY
Proxy-Connection
RNT-Machine
X-Srcache-Store-Status
HIT
X-Srcache-Fetch-Status
N-Cache
V-Age
True-Client-Country-4JS
X-Shop-Environment
ENV
X-Tenant
X-Clientip
X-Forwarded-Path
X-Ha-Backend
X-ServedByHost
X-LiteSpeed-Cache-Control
Tracecode
Epwk-X-Cache
X-Orig-Expires
X-Hyper-Cache
X-Bl-Debug
X-TraceId
X-B3-Trace-ID
X-MP-GENERATED-AT
X-Via-PopN
X-Via-PopH
X-VG-WebCache
WZWS-RAY
X-Via-PopV
Geoip-Latitude
XM
Yjs-Id
X-Cdn-Forward
X-M-Log
X-M-Reqid
X-Amz-Meta-Opti
X-App-Name
X-Vgn-Hpd-Reason
X-Policy
X-Rebelmouse-Surrogate-Control
Inserted-Into-Cache-At
X-B3-ParentSpanId
Ngx
User-Agent
Content-Style-Type
X-Rebelmouse-Cache-Control
Content-Script-Type
X-Qnm-Cache
Ec-Rule-Version
X-Lb-Nocache
X-Dw-Trace-Id
X-Serial
X-Swift-Error
X-Fastly-Backend-Reqs
X-B3-Parentspanid
X-Lsadc-Cache
X-Wp-Cf-Super-Cache
X-F-Status
X-TT-LOGID
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
X-RAMCache
X-Acquia-Site
X-Acquia-Application-UUID
Lb
X-Acquia-Application-Trace
X-Cdn-Diag
Hit
X-Acquia-Purge-Tags
X-Snapshot-Date
X-LiteSpeed-Tag
X-Cache-Ngx
X-IPS-Cached-Response
Warning
MIME-Version
My-App
X-UP
X-MiniProfiler-Ids
Cneonction
X-Stale
X-Mid-Debug-Cache-Disk
X-Mid-Debug-Cache-Key
X-Th-Server
X-Request-URL
Pramga