Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
CF-RAY
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Dns-Prefetch-Control
X-DNS-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
Server-Timing
X-Content-Security-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Request-Context
X-Backend
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
X-AH-Environment
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-UA-Device
X-Proxy-Cache
X-Vhost
X-Server
X-Rq
X-Server-Powered-By
Allow
X-Ws-Request-Id
X-Age
X-Dispatcher
EagleId
X-Varnish-Cache
X-Amz-Version-Id
X-LiteSpeed-Cache
P3p
Nel
Grace
Cf-Apo-Via
Cf-Railgun
X-Page-Speed
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Node
Accept-CH
X-Cache-Lookup
X-CST
X-WebKit-CSP
X-Backend-Server
Surrogate-Control
X-Server-Id
X-Readtime
Permissions-Policy
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
Request-Id
Accept-CH-Lifetime
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Response-Time
X-HW
X-Ua-Compatible
X-Trace
Xkey
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Rating
X-Url
X-ESI
X-Midtier
X-Amz-Server-Side-Encryption
X-ECACHE
X-Mcache
Accept-Ch-Lifetime
X-Country
Cache-Tag
X-MS-InvokeApp
X-Upstream
X-Rack-Cache
X-D2id
X-Powered-By-Plesk
X-Vcap-Request-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
Verso
X-Element-Page-Cache
Accept-Ch
Edge-Control
Service-Worker-Allowed
X-Vname
X-TtlSet
X-PC
RTSS
X-Oneagent-Js-Injection
X-Ac
X-Country-Code
Origin-Trial
X-Goog-Hash
X-VARITI-CCR
X-Navigation-Version
Fastly-Restarts
X-Abt-Application-Version
X-Cache-TTL
X-WebKit-CSP-Report-Only
X-Browser-Type
X-Varnish-TTL
X-Amz-Rid
X-GitHub-Request-Id
X-Cached
X-Kinja-CCPA
X-Aspnetmvc-Version
Cross-Origin-Opener-Policy
X-Webkit-CSP
X-Middleton-Display
Pagespeed
X-Sol
Display
X-Server-Name
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
SPRequestGuid
X-SharePointHealthScore
X-Ttl
X-Content-Type
SPRequestDuration
X-Times
SPIisLatency
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Powered-CMS
AR-ATIME
X-Cache-Key
AR-Request-ID
AR-PoweredBy
AR-SID
X-Mg-S
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
Response
X-Middleton-Response
X-Litespeed-Cache
X-Version
X-Cnection
X-HP-Webp
X-HP-Trace-Id
X-Ser
X-B3-Traceid
X-Jurisdiction
X-B3-TraceId
X-Fastly-Request-ID
X-FastCGI-Cache
AR-CACHE
Cache-Tags
Nginx-Cache
X-Accel-Expires
X-Client-IP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Server-ID
X-T
Cache-Status
X-NF-Request-ID
Edge-Cache-Tag
X-Hits
Front-End-Https
X-MSEdge-Ref
X-Px
Public-Key-Pins
X-Recruiting
Payment
S
X-RateLimit-Remaining
X-Frontend
X-LLID
X-Ua-Browser
X-Shield-Request-Id
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Goog-Metageneration
Content-MD5
X-GUploader-UploadID
X-Daa-Tunnel
X-DIS-Request-ID
X-RateLimit-Limit
MicrosoftSharePointTeamServices
Access-Control-Request-Method
X-Amzn-RequestId
X-Content-Digest
X-Amz-Apigw-Id
TP-Cache
X-Ratelimit-Remaining
X-Webkit-CSP-Report-Only
Realpath
X-PressLabs-Stats
X-Protected-By
X-Forwarded-For
X-Microsite
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Distributor
X-Request-Handler-Origin-Region
Fastcgi-Cache
Access-Control-Allow-Method
X-FB-Debug
X-TTL
X-Fastcgi-Cache
X-Page-Id
X-LB-Cache
Accept-Charset
X-Cluster-Name
X-Rid
X-Hostname
X-Geo-Country
X-Webkit-Csp
TP-L2-Cache
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Goog-Storage-Class
X-Goog-Generation
X-B3-Sampled
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Ratelimit-Limit
Count-Hit
X-Aspnet-Version
X-Ua-Device
X-Ezoic-Cdn
X-Seen-By
X-Correlation-Id
Cross-Origin-Resource-Policy
Cleartype
X-Kinsta-Cache
X-Edge-Location-Klb
TCN
X-Newrelic-App-Data
X-App-Server
X-Xrds-Location
Referer-Policy
X-Varnish-Backend
X-Logged-In
X-Mobile
X-Content-Options
DC
X-Id
X-Hosted-By
X-Git-Hash
X-Origin-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Contextid
X-Amz-Replication-Status
X-Is-Crawler
X-Debug-Info
X-Fb-Rlafr
X-Request-Guid
X-Flags
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Route-Name
Surrogate-Key
X-Revision
X-Grace
Retry-After
X-App-Environment
X-TT
X-Varnish-Grace
X-Amz-Meta-S3cmd-Attrs
Frame-Options
X-Forwarded-Proto
X-IPS-LoggedIn
X-Envoy-Decorator-Operation
X-F-Cache
X-Azure-Ref
Section-Io-Cache
X-Magnolia-Registration
X-Wix-Request-Id
X-Whom
MS-Author-Via
Healthy
Charset
X-Proxy-Cache-Info
Alternate-Protocol
X-Origin-Server
X-Client-Ip
X-Akamai-Edgescape
Viewport
X-Www-Served-By
X-App-Version
X-RateLimit-Reset
X-COUNTRY
X-Backend-Name
X-AppVersion
X-Az
Amp-Access-Control-Allow-Source-Origin
X-Activity-Id
X-Language
Paypal-Debug-Id
X-Varnish-Server
X-B
Filterid
SRV
WPO-Cache-Message
X-DataDome
WPO-Cache-Status
X-Http-Reason
SD-X-WS
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Response-Served-From
Server-Name
Host
X-Datadog-Parent-Id
X-Original-Request-Id
X-Cache-Rule
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Cache-Grace
X-Akamai-Request-ID2
Front
X-Instance
X-Rule
Akamai-GRN
X-UUID
X-Edge-Location
X-User-Agent
X-Kong-Proxy-Latency
From-Origin
X-Time
X-Kong-Upstream-Latency
Protected
X-Cacheable-TTL
X-Environment-Context
X-Page-View
X-L-Path
X-Jobs
X-ARC
X-Unique-Id
X-Varnish-Age
X-Status
X-Region
X-FW-Type
X-FW-Version
X-Is-Bot
X-Rendered-As
X-FW-Static
X-FW-Hash
Country
Fastly-SIE
Fastly-SWR
X-Framework
X-Rocket-Nginx-Serving-Static
X-FW-Serve
X-Adobe-Content
X-FW-Dynamic
X-FW-Server
X-Adobe-Loc
X-N
X-Load-Cache
X-Vcache
X-EdgeConnect-Cache-Status
X-Cache-Time
X-Type
X-Trace-Id
X-ProcessESI
X-RemovedCookies
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-G
X-Tumblr-User
X-Nf-Request-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Content-Disposition
ServerID
X-Proxy
Access-Control-Request-Headers
X-Mg-Request-UUID
X-Datadog-Sampled
X-B-Cache
X-Signature
X-Debug-IsPreview
X-Amzn-Remapped-Content-Length
X-Debug-IsConnected
X-CDN-Forward
X-Cache-Age
X-Cache-Control
Backend
X-ECache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
Countrycode
Refresh
X-Drupal-Cache-Tags
X-DynaTrace
X-Nginx-Cache
Accept-Language
X-Servername
Xet-Cookie
X-Httpd
X-Erf-Web-Scheduler
X-Tt-Trace-Host
X-Tt-Trace-Tag
CF-IPCountry
Url
X-DynaTrace-JS-Agent
X-Generated-By
X-Source
X-HTML-Minification-Powered-By
X-XRDS-Location
X-Template
X-Mode
X-Device-Type
Xserver
X-Content-Powered-By
X-NYM-Debug-Backend
X-Storage
Version
GEO-INFO
Webserver
X-Content-Age
X-Director
X-GeoCode
X-ServerID
X-JoinUs
OT-Force-Account-Verify
X-LAGOON
X-GeoCountry
X-Cache-Action
Load-Balancing
X-Rewrite-Enabled
X-Rn-Rsrv
S-Rt
X-Urbn-Site-Id
Meta-Geo
Locale
X-Urbn-Context-Path
X-UPSTREAM-Address
Filters
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-SaId
X-Cache-Operation
X-Git-Commit
X-Varnish-Cache-Hits
X-Cluster-Node
X-Container-Uri
X-Forwarded-Host
X-Soup
X-Varnish-Hostname
X-Tt-Logid
Onion-Location
Web-Mar-Node
X-Cache-Hit
X-Adobe-Source
X-Detected-As
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-SiteName
Azure-Version
X-Sql-Count
X-Tb
X-Cache-Server
X-Sql-Duration-Ms
X-VC-Cache
X-Ms-Version
X-RM-Cache-TTL
X-Tncms
X-Ms-Request-Id
X-PHP-Host
X-Labrador-Cache-Channel
X-Loop
X-VCT
X-Served-From
X-Lambda-Id
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-XRDS-LOCATION
Mn-Server-Ip
Node
X-Proxied
X-R9-Blue-Green-Version
X-Proto
DB-Nickname
X-RCS-CacheZone
X-Zipkin-Id
X-Logging-Id
X-Extlb
X-Routing-Service
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-FB-TRIP-ID
X-URL
Cross-Origin-Window-Policy
X-Skip-Cache
TWC-Device-Class
X-Proxy-Build
X-Fetched-On
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-Region
X-Uri
TWC-Locale-Group
TWC-Connection-Speed
Webcakes-App-Version
X-Timing-Wait
X-Origin-Hint
X-Debug
Webcakes-App-Name
X-MCACHE
Property-Id
Fastcgi-Useragent
Selected-Fe
X-Tumblr-Pixel-3
X-Format
Uber-Trace-Id
X-Tumblr-Pixel-2
X-Zen-Fury
X-LSADC-Cache
X-Generation-Time
X-Endurance-Cache-Level
X-B3-SpanId
Source
X-Redis-Cache
CDN-RequestId
X-Ratelimit-Reset
X-Sucuri-ID
X-Sucuri-Cache
X-Ua
X-NGENIX-Cache
Section-Io-Origin-Status
X-Drupal-Cache-Contexts
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-S
X-Srv
X-MP-GENERATED-AT
X-Origin-Date
X-Upgrade-Enabled
X-Pass-Why
X-Origin-TTL
Fastly-Drupal-HTML
X-Varnish-Hits
X-FTR-Request-ID
X-Origin-CC
X-TimeS
X-Cache-Expired-At
Upgrade-Insecure-Requests
Liferay-Portal
X-Real-IP
NGB
X-Newrelic-Synthetics
X-Akamai-Transformed
X-CACHE-AGE
X-GEO
X-Handled-By
X-Optimistic-Header
X-Cache-TTL-Remaining
X-Reqid
X-Xfnlog-Site
X-UA-Device-Type
Apigw-Requestid
X-Cms-Context
X-Restarts
ServedBy
X-Via-JSL
X-Node-Name
X-Hl-Ver
X-No-Session
CDN-Cache
X-ProxyCache-Status
X-Cache-Host
X-Tx-Id
X-ProxyCache-Key
CDN-Uid
X-BYPASS-REASON
CDN-CachedAt
X-CSRF-Token
X-RTag
MS-CV
Ms-Operation-Id
X-Pubstack
X-Cache-Type
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-EdgeStorageId
X-Varnish-Ttl
X-ID
WP-Super-Cache
X-Parent-Response-Time
X-AWS-Id
X-IPLB-Instance
X-Cluster
X-LJ-Flow-ID
X-VWS-Id
X-IPLB-Request-ID
X-Fastly-Request-Id
X-Server-W
Surrogated-Key
T-Server
X-Conf
Sslversion
X-Csrf-Jwt
Lang
L5d-Success-Class
Ha-Gx-Prefs
True-Client-Country-4JS
HA-Ipaddr
L
X-D
Gannett-Cam-Experience-Id
X-Debug-Cache-Fetch
X-Dispatcher-Number
X-Developer
Ngx.Var.Host
Redirect-Candidate
Odigeo-Trace-Id
N-Cache
Meta-Geo-Continent
Magicmarker
X-Debug-Cache-Store
Server-Host
X-Destination
MD5-Digest
Fastly-SSL
W
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-CGP
X-Application
X-App-Name
X-B-Cookie
X-Ec-Custom-Error
X-Cache-NE
X-Bl-Debug
BehaviorPad-Version
X-CacheTTL
X-Bc-Bl
X-App
Canary
DCR-Processing-Time-Ms
DCR-Decision-By
X-A
Web-Mar-Region
X-BCube-Filmed-By
X-A-Ccd
X-A-Dam
X-Aed
Candidate-Md5Url
X-A-Wwc
X-A-Dgt
X-A-Dcw
Vix-Hermes-Req-Id
X-External-Request-Id
X-Rojux
X-S-Cookie
X-Request-Host
X-Ec-Fail
Origin-Agent-Cluster
X-Worker
X-Vtex-Remote-Cache
X-SD-PageType
X-SRCache-Key
X-Vdms-Version
X-Viewer-Country
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
Xc-Version
X-We-Are-Hiring
X-Fastly-Backend
X-Ec-GeoHdr
X-Vdms-Path
X-Epic-Correlation-Id
X-FC-Vary-Parameters
X-Eu-Site
X-Proxy-Cache-Status
X-AB
X-Vmg-Version
VNS-Age
VNS-Cache
X-Accel-Expires-Debug
X-Sorting-Hat-ShopId
Thinkindot-Control
X-DPWN-IS-SECURE
X-Sorting-Hat-PodId
X-Accel-Buffering
X-VServer
X-Shopify-Stage
X-ShopId
Thinkindot-CacheControl-Type
X-Server-IP
We-Hiring
X-Sn-Servicetimems
X-ShardId
Thinkindot-CacheControl
X-VG-TLSProxy
Rendered-Blocks
Req-Svc-Chain
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Release
Platform
Producers
X-Varnishpool
X-Varnish-Remaining-TTL
X-Variation
X-Var-Ttl
X-SVT-ORM-VERSION
TDXMobile
X-Alternate-Cache-Key
X-SVT-ORM-RULES
X-Test
X-VG-WebCache
X-Up
X-Thinkindot-L3
X-Thanos
X-Storefront-Renderer-Rendered
X-S-Maxage
X-NodeID
X-Node-Id
X-Nitro-Cache
X-Nananana
X-Old-Content-Length
X-Org
X-Wix-Viewer-Type
X-PAYTM-SRV-ID
X-CMSURLCustom
X-Owner
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Irp-Debug
X-Core-Mission
X-Core-Value
X-Human
X-Level-Front-Cache
X-Date
X-Mid
X-Loc
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Clientip
X-Platform
X-Refresh
X-RateLimit-Remaining-Second
X-DefElseHash
X-Bip
Host-ID
X-Geo-Header
X-Hash
X-Generated-On
X-DefHash
X-Request-Time
X-RateLimit-Limit-Second
X-Cache-Bucket
X-Cdn-Origin
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Policy
X-Cdn-Diag
X-Pool
X-Cache-Debug
X-Cache-Info
X-Qloud-Router
X-ScT
X-BBC-Edge-Cache-Status
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Cf-Device-Type
Gh-Request-Id
Cache-Provider
Is-Eu
Expect-Staple
X-Cache-Status-Check
CPC-Age
Datacenter
Cmstype
Cmsid
Environment
CPC-Cache
Adler-Geo
Mail-Subject
X-Micro-Cache
Content-Secure-Policy
AKAMAI
Origin
User-Cache-Control
X-TIME
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Block-Status
Apple-News-Services-Parsed-Url
CloudFront-Viewer-Country
Country-Code
Apple-News-Services-Handled
X-Hnp-Log
X-Esi-Check
X-Akamai-Device-Characteristics
X-Gen-Mode
X-Gdpr
X-From
X-Auto-Login
X-Forwarded-Path
X-Fmm-Version
X-Forwarded-Site
CDCHOST
X-GeoIP
X-ApacheServer
X-Gzip
Esi-Enabled
X-Shop-Environment
Server-Hostname
X-Correlation-ID
Sever-Int
X-Device-Os
Server-Ext
X-Tenant
Cache-Name
X-Clara-WADP
NM-Fastcgi-Cache
X-WADP-Cache
X-WA-Info
Machine
X-Dispatcher-Server
X-Mvc-Supplant-OutputCached
X-Nginx-Cache-Key
X-Cdn-Srv
X-Geo-Region
X-INCAP-ABP
X-Nyt-Route
X-Cache-Id
X-Origin-Time
X-PERF
DSUID
X-Origin-Response-Time
X-Orig-Expires
X-Origin
X-TraceId
X-LB-NoCache
X-Instance-Name
X-Section
X-Datadome
X-AIR-PT
X-Op-Id-All
X-NCache
NGX
Wxu-Next-Region
Ssr
Wxu-Next-Commit
Pics-Label
C-Via
X-Access
Wxu-Next-Hostname
X-Cache-Enabled
Server-Info
X-B3-Spanid
X-Via-Fastly
X-Vcl-Version
X-Vgn-Hpd-Reason
Server-ID
AMP-Access-Control-Allow-Source-Origin
X-Accel-Version
X-Varnish-Beresp-Grace
X-JWT-State
X-Dc
X-Varnish-Beresp-Ttl
X-Is-Gdpr
X-Has-Esi
Memcached
X-Amz-Meta-Cb-Modifiedtime
X-HA-Backend
X-Presslabs-Stats
X-CACHE-GROUP
X-Is-Supported-Browser
X-Browser-Name
X-Is-Tablet
X-Is-Mobile
X-Is-Desktop
X-Tcp-Rtt
X-Buckets
X-API-Version
Hostname
IsBot
Memory
X-SIPLIST1
Time
Origin-EX
Origin-CC
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Scale
Cache-Hits
X-Wp-Cf-Super-Cache-Active
X-Air-Trace-Id
Location
X-TIM-N
X-Tb-Optimization-Total-Bytes-Saved
X-ZONE
Cdn-Requestid
X-PHP-Backend
X-Air-Hostname
X-Air-Source
X-Zone
CF-Ctrl
YJS-ID
X-B3-Parentspanid
Sid
X-WP-CF-Super-Cache-Active
X-Cached-By
X-Fpc
X-Backend-Instance
X-Internal-Host
X-DC
X-Frame-Option
X-Origin-Cache-Key
X-Azure-Ref-OriginShield
Resin-Trace
X-Hyper-Cache
X-Cs
X-TA-CDN-Provider
X-DataCenter
Uri
GeoIP-Latitude
X-VC
X-Microcachable
True-Client-Ip
X-Site-Version
X-Origin-Expires
Epwk-X-Cache
Cache-Host
X-Service
X-Webstats-RespID
LB
X-LiteSpeed-Cache-Control
X-Country-Code-Real
X-Locale
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Expires
X-NGINX-Cache
XM
X-Nitro-Rev
X-FTR-Backend
X-Info
X-Nitro-Cache-From
GeoIP-Country-Code
X-FTR-Backend-Server
X-Web-Node
X-HN
GeoIp-Country-Code
Cdn
PFcat
X-VarnishDD-TTL
X-Pod-Name
X-VCache
X-Edge-Server
User-Agent
X-CS
XServer
WebServer
NtCoent-Length
Cdn-Request-Time
X-Cache-Ttl
X-Ad-Defer-Variation
X-SRV
Cdn-Host
X-NewRelic-App-Data
X-CSRF-TOKEN
A
WZWS-RAY
True-Client-IP
Edge-Copy-Time
M-TraceId
Req-ID
X-FL-EDGE
Srvid
X-Via-Edge
X-Via-CDN
X-FL-QIT-DEBUG
X-Via-SSL
X-NMSegId
Locid
SID
X-Datacenter
X-Geo
X-TRACE-ID
X-Github-Request-Id
X-Ad-Load-Variation
Fastly-Drupal-Html
X-M-Log
X-Vercel-Cache
X-MSEdge-Flight
X-Vercel-Id
X-Cache-ASPX
X-ATG-Version
X-MSEdge-Features
X-Moov-Xdn-Version
X-M-Reqid
X-Request-Start
X-Varnish-Authentication
X-Scope-Id
X-Moov-T
X-FireWall-Port
X-Contensis-Viewer-Groups
X-Pad
Cluster
X-FPC
Pramga
Tcn
X-Request-URI
X-HostName
X-Shield-Cache-Expires
X-Varnish-Beresp-Status
Cache-Key
X-LiteSpeed-Tag
X-Qnm-Cache
X-NWS-UUID-VERIFY
X-Cdn-Request-ID
HostName
X-APP-VERSION
X-Api-Version
Cf-Ipcountry
CountryCode
X-Esi
Path
Content-Script-Type
X-AK-Request-ID
Cdnsip
X-Air-Pt
X-Amz-Meta-Opti
Cdncip
Content-Style-Type
Edge-Cache
X-Cache-Date
Cache-Tv-Group
Wpo-Cache-Message
X-TH-Server
X-Branch-Name
X-VCL-Version
Wpo-Cache-Status
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Via-Poph
X-Cache-FS-Status
XkeyRZ
X-Platform-Server
X-Acquia-Purge-Cdn-Unconfigured
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Aicache-OS
Yak-Timeinfo
X-B3-Trace-ID
X-Planisys-CDN-Cache
X-WP-CF-Super-Cache-Cookies-Bypass
Tube-Got-Results
Tube-Get-Contents
X-HS-Content-Campaign-Id
Tube-Got-Eval
X-Via-Popn
Click-Count-Error
X-Via-Popv
X-Render-Time
Click-Count-Action-Start
X-Servedbyhost
X-Proxy-CacheRZ
State
X-Wa
Tube-Return
X-Req
X-LB-ID
X-SB
X-Nc
X-V-Cache
X-CACHE-KEY
CDN
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-UA
X-Upstream-Ct
X-Upstream-Ht
Geoip-Latitude
X-Men
V-Age
On-Server
X-Vary
MIME-Version
X-Tim-N
X-Release
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
Srv
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache
X-Wp-Cf-Super-Cache
Proxy-Connection
X-Cdn-Forward
X-Akamai-Pragma-Client-IP
X-Lb-Cache
Lb
CF-Cached-On
X-HS-Status
X-Rocket-Build-Number
X-Dw-Trace-Id
X-Traceid
X-Sigma-Backend
X-Cache-Remote
Ngx-Var-Key
X-User
Server-Id
X-Ha-Backend
Ohc-File-Size
X-Sigma
X-Generated-In
X-TT-LOGID
PICS-Label
X-Lb-Nocache
My-App
Warning
Cache
Ohc-Cache-HIT
X-Acquia-Application-Trace
X-Fastly-Backend-Reqs
X-Acquia-Site
X-Acquia-Application-UUID
X-Via-Ucdn
X-CUA
X-EC-Lua
X-Acquia-Purge-Tags
X-Iplb-Instance
Yjs-Id
X-Iplb-Request-Id
Vha6-Origin
X-ElasticPress-Query
Log-Origin
Cneonction
Ngx
X-Litespeed-Cache-Control
X-Cached-Since
X-GeoIP-City
X-CF-Cache-Header-Vary
X-CF-Cache-Header-Cache-Control
X-RAMCache
X-Udemy-Cache-App-Namespace
X-Miniprofiler-Ids
CACHE-MISS-TO-ORIGIN
X-Scheme
X-GoCache-CacheStatus
X-Snapshot-Date
X-Fastly-Cache-Hits
Inserted-Into-Cache-At
X-Gamma-Serve