Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-Request-ID
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
P3p
Access-Control-Max-Age
X-Ua-Compatible
X-Via
X-Dns-Prefetch-Control
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Backend
X-Amz-Id-2
X-Proxy-Cache
X-Ws-Request-Id
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Akamai-Path-Stats
X-Server
X-Rq
EagleId
X-Vhost
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Server-Id
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Pingback
X-Cache-Spec
Request-Id
Surrogate-Control
Cf-Railgun
Accept-CH
X-Akam-SW-Version
X-Backend-Server
X-Readtime
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
Content-Location
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-Country
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
X-Edge
X-Amz-Server-Side-Encryption
Accept-Ch-Lifetime
X-MS-InvokeApp
X-B3-TraceId
X-Rack-Cache
Edge-Control
X-Ruxit-JS-Agent
X-PC
X-TtlSet
X-Vname
Accept-Ch
X-ESI
X-Vcap-Request-Id
X-Content-Type
Xkey
X-Mod-Pagespeed
X-Nginx-Upstream-Cache-Status
X-CST
X-D2id
X-Oneagent-Js-Injection
X-Mcache
X-VARITI-CCR
X-Exp-Id
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Amz-Rid
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-GitHub-Request-Id
Verso
Cache-Tag
RTSS
X-FastCGI-Cache
X-Varnish-TTL
X-Powered-By-Plesk
X-Cached
X-ECACHE
X-Navigation-Version
Service-Worker-Allowed
X-Upstream
X-Ruxit-Js-Agent
X-Version
X-Abt-Application-Version
X-Client-IP
X-Dw-Request-Base-Id
X-Cnection
X-Px
Public-Key-Pins
X-Ac
X-Ser
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Sol
X-Middleton-Display
Display
Pagespeed
X-SharePointHealthScore
SPRequestGuid
X-Element-Page-Cache
X-Server-Name
X-Ttl
X-Country-Code
SPIisLatency
SPRequestDuration
X-Cache-TTL
X-NWS-LOG-UUID
X-NF-Request-ID
X-Midtier
Response
X-Middleton-Response
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-RateLimit-Remaining
Permissions-Policy
X-Forwarded-For
X-Cache-Key
Access-Control-Request-Method
X-DataDome
Content-MD5
X-Shield-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Powered-CMS
X-MSEdge-Ref
Front-End-Https
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Recruiting
X-T
AR-SID
AR-Request-ID
Nginx-Cache
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Accel-Expires
X-Correlation-Id
TCN
X-Daa-Tunnel
X-Grace
MicrosoftSharePointTeamServices
X-RateLimit-Limit
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Id
X-Mg-S
Filters
X-Request-Received
X-Request-Processing-Time
X-Hits
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Node
X-Fastly-Request-Id
S
X-LLID
X-Frontend
Server-Name
X-Distributor
X-Amzn-Trace-Id
X-Protected-By
Cache-Status
X-TTL
MS-Author-Via
X-Geo-Country
Fastcgi-Cache
X-PressLabs-Stats
X-LB-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Language
Cross-Origin-Opener-Policy
X-Ezoic-Cdn
X-Forwarded-Proto
X-FB-Debug
Filterid
X-F-Cache
Charset
X-Ua-Browser
Host
X-Ab
X-Origin-Server
X-Git-Hash
X-Page-Id
X-Seen-By
X-B3-Sampled
X-Amz-Meta-S3cmd-Attrs
Realpath
Payment
Count-Hit
X-Ratelimit-Reset
X-Litespeed-Cache
X-ASPNET-VERSION
X-Cache-Age
X-Cluster-Name
Accept-Charset
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-DynaTrace
X-VCache
X-Fastcgi-Cache
X-Origin-Cache
X-NGENIX-Cache
Surrogate-Key
Cache-Tags
X-XRDS-Location
X-Rid
Alternate-Protocol
X-AppVersion
X-Az
Retry-After
X-Activity-Id
Cf-Apo-Via
Cleartype
X-Webkit-Csp
X-Template
X-Www-Served-By
Access-Control-Allow-Method
X-Webkit-CSP
X-Varnish-Backend
X-Content
X-Amz-Replication-Status
X-Node-Name
X-TT
X-App-Environment
X-B-Cache
X-Tb
ServerID
X-Signature
X-Type
X-Request-Guid
X-Aspnet-Duration-Ms
DC
X-Varnish-Grace
X-Debug
X-Providence-Cookie
X-Wix-Request-Id
X-Is-Crawler
X-Flags
X-B
X-DIS-Request-ID
X-Upgrade-Enabled
X-Route-Name
Paypal-Debug-Id
X-Logged-In
X-Drupal-Cache-Tags
X-Proxy
X-Tt-Trace-Host
X-Tt-Trace-Tag
Frame-Options
X-Hostname
X-Mobile
X-Envoy-Decorator-Operation
X-Source
X-Content-Options
X-Load-Cache
X-Revision
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
Pinterest-Version
Pinterest-Generated-By
X-Cache-Control
X-N
X-Pinterest-Rid
X-Ratelimit-Remaining
Country
X-Contextid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Magnolia-Registration
X-User-Agent
X-EdgeConnect-Cache-Status
X-XRDS-LOCATION
Referer-Policy
X-Whom
X-Cache-Rule
NGB
Viewport
X-Response-Served-From
X-Original-Request-Id
Node
X-Restarts
X-Varnish-Age
Refresh
Amp-Access-Control-Allow-Source-Origin
Content-Disposition
Access-Control-Request-Headers
X-Mid
X-Debug-IsConnected
X-Framework
X-Debug-IsPreview
X-Cacheable-TTL
X-L-Path
X-Cache-Time
X-Mg-Request-UUID
X-Environment-Context
Uber-Trace-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-TTL-Remaining
Akamai-GRN
X-Jobs
X-G
X-Page-View
Url
X-Akamai-Request-ID2
X-Yottaa-Optimizations
X-Cache-Grace
X-Adobe-Loc
X-Instance
X-Yottaa-Metrics
X-Varnish-Server
X-Real-IP
X-Adobe-Content
X-NYM-Debug-Backend
X-Unique-Id
X-Fastly-Request-ID
X-Drupal-Cache-Contexts
X-Is-Bot
X-Servername
X-Rendered-As
X-Status
Version
X-Content-Powered-By
Countrycode
X-App-Server
X-RemovedCookies
X-ProcessESI
X-Debug-Info
X-Server-ID
X-COUNTRY
X-Ratelimit-Limit
X-Http-Reason
Protected
X-APP-VERSION
X-Time
X-IPLB-Instance
X-IPLB-Request-ID
X-Hosted-By
X-Tt-Logid
Srv
X-CDN-Forward
Accept-Language
Healthy
Liferay-Portal
X-Cache-Expired-At
X-Device-Type
X-Nginx-Cache-Key
X-Via-JSL
X-Trace-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Cache-Hit
X-Tumblr-User
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-FW-Type
X-Azure-Ref
X-FW-Serve
Fastcgi-Useragent
MS-CV
X-RTag
Ms-Operation-Id
X-Proxy-Cache-Status
Section-Io-Cache
Backend
X-Cache-NGX
X-UUID
X-Backend-Name
X-Mobile-URL
Content-Secure-Policy
X-Cache-Operation
X-ECache
X-Oracle-Dms-Rid
Server-Info
X-Oracle-Dms-Ecid
X-Correlation-ID
Load-Balancing
Meta-Geo
X-UPSTREAM-Address
X-Storage
X-RN-RSRV
CF-IPCountry
X-HTML-Minification-Powered-By
X-Locale
X-Cache-Host
X-Cache-Server
X-Sorting-Hat-ShopId
Azure-SlotName
X-Akamai-Edgescape
X-Content-Age
X-Labrador-Cache-Channel
X-ShardId
X-OCL
Azure-InstanceId
Azure-RegionName
X-Storefront-Renderer-Rendered
Azure-Version
X-Handled-By
Azure-SiteName
X-Cache-Enabled
X-Sql-Count
X-VC-Cache
S-Rt
X-Sorting-Hat-PodId
Onion-Location
X-Skip-Cache
X-Varnishpool
X-Origin-Date
X-Varnish-Cache-Hits
X-Varnish-Hostname
X-Edge-Location
X-Shopify-Stage
X-PHP-Backend
X-PHP-Host
WP-Super-Cache
X-No-Session
X-Sql-Duration-Ms
X-Alternate-Cache-Key
X-PCL
Eomportal-Instance
X-Forwarded-Host
X-ShopId
X-ProxyCache-Key
X-Origin-Hint
DB-Nickname
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
Selected-Fe
X-Proxy-Build
X-Say-Cacheable
Apigw-Requestid
X-Section
X-Server-W
X-SaId
TWC-Privacy
X-ProxyCache-Status
X-Region
X-ServerID
X-LJ-Flow-ID
X-GeoCountry
X-GeoCode
Webcakes-App-Name
X-Proto
X-Hl-Ver
X-Via-Fastly
X-Debug-Cache
X-Urbn-Site-Id
X-Say-TTL
X-VWS-Id
X-Site-Version
X-UA-Device-Type
X-Generation-Time
X-Urbn-Context-Path
X-Cms-Context
X-Redis-Cache
X-Uri
TWC-Connection-Speed
X-FB-TRIP-ID
GEO-INFO
X-Access
Webcakes-App-Version
Webcakes-Region
X-Timing-Wait
Locale
X-JoinUs
X-BYPASS-REASON
X-AWS-Id
X-Adobe-Source
X-SayCDN-TTL
X-Format
X-Nginx-Cache
X-Cache-Status-Check
Web-Mar-Node
X-Tid
X-Mode
X-Zen-Fury
X-Generated-By
X-Web-Node
X-Cache-Type
X-Request-Time
X-Datadome
CDN-PullZone
CDN-CachedAt
CDN-RequestId
CDN-EdgeStorageId
CDN-RequestCountryCode
X-URL
ServedBy
CDN-Cache
X-Varnish-Beresp-Grace
CDN-Uid
X-Detected-As
X-Extlb
X-Xfnlog-Site
X-Routing-Service
X-Proxied
Mn-Server-Ip
X-Zipkin-Id
X-Cache-Action
X-Rule
X-SRV
X-Ua
X-Dc
X-LSADC-Cache
X-R9-Blue-Green-Version
X-DynaTrace-JS-Agent
Cache-Name
X-Ms-Request-Id
X-Ms-Version
X-Human
SD-X-WS
Cache
X-FireWall-Port
Xet-Cookie
Cross-Origin-Resource-Policy
X-Cache-Tags
Source
X-Amz-Apigw-Id
X-Amzn-RequestId
Cross-Origin-Window-Policy
X-App-Version
X-Varnish-Ttl
X-Cached-By
LB
Xserver
X-Varnish-Hits
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-RCS-CacheZone
WPO-Cache-Status
X-MP-GENERATED-AT
WPO-Cache-Message
X-Aspnetmvc-Version
X-GG-Cache-Date
X-Via-NSCOPI
Origin
X-TNCMS
X-GEO
X-Reqid
X-IPS-LoggedIn
X-Loop
X-Cdn
X-Origin-CC
X-Pubstack
X-Origin-TTL
X-NewRelic-App-Data
X-Amzn-Remapped-Content-Length
X-AOL-HN
X-Soup
X-B3-SpanId
Cache-Hits
X-Api-Version
X-TA-CDN-Provider
X-Tumblr-Pixel-2
X-FW-Version
Rip
From-Origin
X-Newrelic-Synthetics
X-Platform-Server
X-Cluster-Node
X-Service
Webserver
Upgrade-Insecure-Requests
X-Vgn-Hpd-Reason
X-Origin-Response-Time
Cdncip
Cdnsip
X-Rewrite-Enabled
A
BehaviorPad-Version
DCR-Decision-By
X-Owner
Expiry
Host-ID
Environment
X-PBS-Appsvrname
X-Processor
DCR-Processing-Time-Ms
X-Rojux
X-ScT
X-User
X-TIM-N
X-Vdms-Path
X-Vdms-Version
Xc-Version
X-VG-WebCache
X-Tenant
X-SRCache-Key
Lang
X-S-Cookie
X-Served-From
X-Session-Fingerprint
X-Shop-Environment
X-S
X-Orig-Expires
X-Developer
X-Destination
X-Ec-Fail
X-A-Wwc
X-External-Request-Id
X-Ec-GeoHdr
X-Aed
X-Application
X-Cache-NE
X-Connection-Hash
X-BCube-Filmed-By
X-Bc-Bl
X-ARC
X-B-Cookie
X-A-Dgt
X-Forwarded-Path
Redirect-Candidate
Rendered-Blocks
Odigeo-Trace-Id
Ngx.Var.Host
X-D
Meta-Geo-Continent
X-NAPM-TraceId
Sslversion
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
Surrogated-Key
T-Server
MD5-Digest
X-AK-Request-ID
X-CSRF-Token
HostName
X-Request-Host
X-VC
Fastly-SSL
OT-Force-Account-Verify
X-Forwarded-Site
X-Thanos
Machine
X-Bip
Decoy-Debug-Status
X-Provided-By
Decoy-Debug-Key
X-Irp-Debug
Candidate-Md5Url
X-Pool
Decoy-Debug-TTL
X-Cluster
X-Level-Front-Cache
X-Generated-On
X-Accel-Buffering
Mobile-Detection-Method
X-Qloud-Router
X-TIME
X-Datadog-Sampling-Priority
X-Core-Mission
X-Core-Value
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-DefElseHash
X-Eu-Site
X-Fastly-Cache
X-Fetched-On
X-Fmm-Version
X-Esi-Check
X-Epic-Correlation-Id
X-DefHash
X-Device-Os
X-DPWN-IS-SECURE
X-Clara-WADP
X-Branch-Name
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
Tube-Get-Contents
Tube-Got-Eval
TDXMobile
State
Producers
Release
Req-Svc-Chain
Server-Host
Tube-Got-Results
Tube-Return
X-Cache-Info
X-Cache-Id
X-CacheTTL
X-Cdn-Origin
X-CGP
X-Ad-Defer-Variation
We-Hiring
V-Age
Vix-Hermes-Req-Id
VNS-Age
VNS-Cache
X-Ckpd-Fst-Backend
X-Gdpr
X-Sigma-Backend
X-Sigma
X-Sn-Servicetimems
X-SplitTest
X-SVT-ORM-RULES
X-SB
X-S-Maxage
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Rocket-Build-Number
X-Rocket-Nginx-Serving-Static
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Viewer-Country
X-VG-TLSProxy
X-WA-Info
X-WADP-Cache
X-Aicache-OS
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Dispatcher-Number
X-V-Cache
X-Variation
X-Varnish-CookieHashed-On
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Gzip
X-GeoIP-City
X-Hash
X-HS-Content-Campaign-Id
X-INCAP-ABP
X-GeoIP
X-Geo-Header
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Gateway-Skip-Cache
Platform
X-Loc
X-Minions-Version
X-Origin-Time
X-Origin-Expires
X-Parent-Response-Time
X-Proxy-Cache-Info
X-RateLimit-Limit-Second
X-Origin
X-Optimistic-Header
X-Mvc-Supplant-Cachable
X-Wix-Viewer-Type
X-NodeID
X-Nyt-Route
X-Gamma-Serve
X-BBC-Edge-Cache-Status
Click-Count-Action-Start
Click-Count-Error
Cluster
Cmsid
Is-Eu
Cache-Tv-Group
Cache-Host
L5d-Success-Class
L
Kp-EeAlive
Cmstype
Country-Code
Fastly-GeoIP-CountryCode
Fastly-SIE
Fastly-SWR
Gh-Request-Id
Fastly-Backend-Name
DSUID
HA-Ipaddr
CPC-Age
CPC-Cache
Datacenter
Ha-Gx-Prefs
Mail-Subject
Adler-Geo
NGX
NM-Fastcgi-Cache
Memcached
X-NWS-UUID-VERIFY
X-Scheme
X-Has-Esi
X-Is-Gdpr
X-Scale
X-Developers
X-SIPLIST1
X-Varnish-Beresp-Ttl
X-Cache-Bucket
X-Clientip
X-Cache-Remote
X-JWT-State
X-Cdn-Srv
X-Ec-Custom-Error
X-Planisys-CDN-Cache
X-VServer
X-Slack-Backend
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
AKAMAI
Apple-News-Services-Handled
X-Pod-Name
X-Policy
CloudFront-Viewer-Country
X-Worker
X-Planisys-CDN-Rules
CDCHOST
X-Planisys-CDN-TTL
X-Mvc-Supplant-OutputCached
Apple-News-Services-Host
IsBot
Traceparent
Origin-EX
Wxu-Next-Commit
Wxu-Next-Hostname
X-ZONE
Wxu-Next-Region
Servername
Svr
Web-Mar-Region
Origin-CC
X-Auto-Login
WebServer
X-Yandex-Sdch-Disable
Mime-Version
AMP-Access-Control-Allow-Source-Origin
X-Xrds-Location
Fastcgi-Cache-TTL
X-NCache
X-Udemy-Cache-App-Namespace
Ec-Rule-Version
X-Tec-Api-Version
X-Tx-Id
Ssr
X-Microcachable
X-Gen-Mode
X-Hnp-Log
X-LB-NoCache
X-Tec-Api-Root
X-Varnish-Beresp-Status
X-Ig-Push-State
X-Tec-Api-Origin
Server-Hostname
Sever-Int
X-Cache-Date
X-Block-Status
Server-Ext
User-Cache-Control
X-Tb-Optimization-Total-Bytes-Saved
Sid
Memory
Pics-Label
Time
X-Conf
Canary
X-CMSURLCustom
X-TRACE-ID
SID
Fastly-Drupal-Html
X-Via-Poph
X-Via-Popv
X-Sucuri-ID
X-Via-Popn
X-Sucuri-Cache
X-Generated-In
X-Edge-Pop
X-Var-Ttl
X-Dmc
X-Azure-Ref-OriginShield
X-ND-Cache
X-Cache-Debug
X-WP-CF-Super-Cache-Active
X-FC-Vary-Parameters
X-ATG-Version
X-Refresh
X-Fastly-Backend
X-PX
X-Presslabs-Stats
X-Be
X-B3-Traceid
X-Akamai-Transformed
X-Air-Trace-Id
X-Servedbyhost
Server-ID
X-Air-Source
X-Newrelic-App-Data
X-Air-Hostname
X-CS
X-MSEdge-Features
Env
X-MSEdge-Flight
X-Buckets
X-Cs
X-Trace-ID
X-Release
X-Fpc
X-NC
Fastly-Drupal-HTML
X-CACHE-KEY
X-TX-ID
X-EC-Lua
X-Esi
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Endurance-Cache-Level
Magicmarker
X-ID
X-Tumblr-Pixel-3
GeoIp-Country-Code
X-MCACHE
X-Srv
X-DC
CDN
X-RateLimit-Reset
X-CF-Lambda-Fn
True-Client-IP
X-CACHE-AGE
X-Up
X-CF-Lambda-Version
X-Zone
X-Hyper-Cache
X-M-Log
My-App
Pramga
X-Dispatch
X-M-Reqid
X-Micro-Cache
X-Pass-Why
X-Webkit-CSP-Report-Only
X-NGINX-Cache
X-Varnish-Beresp-TTL
X-Wa
X-Qnm-Cache
X-Lambda-Id
C-Via
X-Alfa-Service
X-App
X-VCL-Version
X-Vc
X-Vcl-Version
Hostname
X-TrackingId
N-Cache
X-CSRF-TOKEN
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-Req
X-Platform
Path
On-Server
Esi-Enabled
Resin-Trace
True-Client-Ip
X-Check-Cacheable
X-Air-Pt
X-AIR-PT
X-TH-Server
X-Vercel-Id
Tcn
X-Vercel-Cache
X-HS-Status
X-ApacheServer
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-PERF
CacheControlHeader
X-LB-ID
GeoIP-Country-Code
True-Client-Country-4JS
X-SD-PageType
GeoIP-Latitude
Tracecode
X-Nf-Request-Id
X-Node-Id
X-B3-Spanid
X-SERVER-NAME
NtCoent-Length
X-LAGOON
X-FPC
Proxy-Connection
X-API-Version
X-Request-Start
Cdn
Cache-Key
DT-Hot-News
HIT
X-Akamai-Pragma-Client-IP
X-CLOUD-TRACE-CONTEXT
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Mly-Id
XkeyRZ
Hit
ENV
DynaTrace
X-WA
X-Geo
X-Render-Time
X-Op-Id-All
Section-Io-Origin-Status
Section-Io-Id
X-Proxy-CacheRZ
X-Cdn-Forward
X-Webkit-Csp-Report-Only
X-HN
X-Platform-Router
X-Platform-Processor
X-Via-Ucdn
XM
X-VarnishDD-TTL
X-Platform-Cluster
X-Traceid
Server-Id
X-Proxy-Upstream
PFcat
Lb
X-Via-CDN
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-ServedByHost
X-Dw-Trace-Id
X-Accel-Expires-Debug
X-Lb-Id
Server-Ttl
X-Date
X-Edge-POP
User-Agent
X-Datacenter
X-Proxy-Cache-Hk
WWW-Authenticate
SRV
MIME-Version
X-RAMCache
X-Via-PopN
X-Via-PopV
X-Via-PopH
YJS-ID
X-LiteSpeed-Cache-Control
X-Li-Fabric
X-Li-Pop
X-LiteSpeed-Tag
Dnion-Transfer-Encoding
M-TraceId
X-LI-Proto
Geoip-Latitude
X-LI-UUID
X-Cache-Ttl
X-DSS
X-DW
X-DI
X-RPM
X-RPS
X-DB
X-CUA
X-TT-LOGID
X-Cache-Backend
Yjs-Id
X-CF-Powered-By
X-RSL
X-FORWARDED-FOR
X-Ftr-Request-Id
X-Wp-Cf-Super-Cache-Cache-Control
PICS-Label
FSS-Cache
X-Wp-Cf-Super-Cache
X-Lb-Nocache
Wpo-Cache-Status
Sm-Log-Id
X-Instance-Name
Wpo-Cache-Message
X-Service-Response-Time
X-Old-Content-Length
X-Response-By
Location
Warning
XServer
Vha6-Origin
X-Fastly-Backend-Reqs
X-Nc
X-Akamai-Request-ID
X-Httpd
X-HITS
X-Request-Url
Ohc-File-Size
Nginx-CQVIP
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-HA-Backend
X-UA
X-Litespeed-Cache-Control
X-Mg-Cache
X-HostName
Powered-By
X-Server-IP
X-B3-ParentSpanId
X-Cdn-Request-ID
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cc-Via
X-Fastly-Cache-Hits
Cdn-Requestcountrycode
Cdn-Requestid
Cdn-Edgestorageid
Cdn-Cachedat
Cdn-Cache
Cdn-Pullzone
Cdn-Uid
CountryCode
X-Cache-Ngx
Ohc-Cache-HIT
X-Moov-Xdn-Version
Req-ID
X-From
X-Moov-T
X-Webstats-RespID
Fastcgi-Cache-Ttl
X-Snapshot-Date
X-MiniProfiler-Ids
X-Serial
Uri
WZWS-RAY