Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
CF-Ray
X-Generator
X-Cacheable
X-Iinfo
Timing-Allow-Origin
X-Request-ID
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
X-Ua-Compatible
Access-Control-Max-Age
X-Via
X-Cache-Group
X-Robots-Tag
Server-Timing
X-UA-Device
Request-Context
X-Dns-Prefetch-Control
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Proxy-Cache
X-Amz-Id-2
X-Backend
X-Ws-Request-Id
P3p
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
X-Akamai-Path-Stats
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
X-Nginx-Cache-Status
X-Page-Speed
X-Aws-Lambda-Call-Status
X-Host
X-Node
Accept-CH
X-Pingback
X-OneAgent-JS-Injection
X-Server-Id
Cf-Railgun
X-Cache-Spec
Request-Id
EagleEye-TraceId
Surrogate-Control
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
X-Trace
Rating
X-Cloud-Trace-Context
Fastly-Restarts
X-Clacks-Overhead
X-Url
X-WebKit-CSP-Report-Only
Accept-Ch-Lifetime
X-Country
X-MS-InvokeApp
X-Edge
X-Amz-Server-Side-Encryption
Edge-Control
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-B3-TraceId
X-PC
X-TtlSet
X-Vname
X-Content-Type
X-ESI
X-Mod-Pagespeed
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-Ruxit-JS-Agent
X-Ruxit-Js-Agent
X-Exp-Variant
X-Kinja-Build
X-D2id
X-Kinja-Server
Xkey
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
Verso
X-Amz-Rid
X-Varnish-TTL
X-GitHub-Request-Id
X-Mcache
Cache-Tag
X-Powered-By-Plesk
X-VARITI-CCR
X-FastCGI-Cache
RTSS
X-CST
Service-Worker-Allowed
X-ECACHE
X-Upstream
X-Navigation-Version
X-Version
X-Client-IP
X-Abt-Application-Version
X-Cached
X-Cnection
X-Dw-Request-Base-Id
X-Ac
X-Px
X-Ttl
X-Server-Name
X-Kraken-Loop-Name
X-Element-Page-Cache
X-Instrumentation
Public-Key-Pins
X-Server-Lifecycle-Phase
X-SharePointHealthScore
SPRequestGuid
Arr-Disable-Session-Affinity
X-Cache-TTL
SPIisLatency
SPRequestDuration
X-Middleton-Display
X-Sol
Display
Accept-Ch
Pagespeed
X-NWS-LOG-UUID
X-Country-Code
X-Ser
Permissions-Policy
X-Cache-Key
X-Midtier
Response
X-RateLimit-Remaining
X-Middleton-Response
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-Forwarded-For
Content-MD5
Access-Control-Request-Method
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Correlation-Id
X-NF-Request-ID
X-DataDome
Front-End-Https
X-Shield-Request-Id
X-MSEdge-Ref
X-T
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
Edge-Cache-Tag
TP-L2-Cache
X-Recruiting
TP-Cache
Nginx-Cache
AR-PoweredBy
AR-Request-ID
AR-SID
AR-CACHE
AR-ATIME
X-Accel-Expires
MicrosoftSharePointTeamServices
MRF-Tech
Mrf-Cache-Status
X-Powered-CMS
X-B3-TraceId-Primal
X-Daa-Tunnel
X-RateLimit-Limit
TCN
Cf-Apo-Via
X-Grace
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Mg-S
X-Id
X-Content-Digest
X-Hits
Filters
X-Request-Processing-Time
X-Request-Received
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
Server-Node
Server-Name
X-Amzn-Trace-Id
X-Frontend
X-Distributor
MS-Author-Via
X-Geo-Country
S
Fastcgi-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Protected-By
X-TEC-API-ORIGIN
X-LLID
X-Language
X-XRDS-Location
Cache-Status
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-LB-Cache
Cross-Origin-Opener-Policy
X-Origin-Server
X-PressLabs-Stats
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
Count-Hit
X-Fastly-Request-Id
X-Forwarded-Proto
X-F-Cache
X-Request-Handler-Origin-Region
X-Microsite
Charset
X-Litespeed-Cache
Host
X-B3-Sampled
X-FB-Debug
X-Ab
X-Ua-Browser
X-Page-Id
X-Git-Hash
X-Seen-By
Filterid
Payment
X-ASPNET-VERSION
X-Ratelimit-Reset
X-TTL
X-Fastcgi-Cache
X-VCache
X-Cluster-Name
Surrogate-Key
Realpath
X-Origin-Cache
X-Rid
Accept-Charset
Cache-Tags
X-Cache-Age
X-Template
X-NGENIX-Cache
X-Webkit-Csp
Alternate-Protocol
X-Www-Served-By
Retry-After
Access-Control-Allow-Method
X-AppVersion
X-Activity-Id
X-Az
X-DynaTrace
Cleartype
X-Logged-In
X-Upgrade-Enabled
X-DIS-Request-ID
X-Amz-Replication-Status
X-Flags
X-App-Environment
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Varnish-Grace
X-TT
X-Route-Name
X-Request-Guid
X-Varnish-Backend
X-Wix-Request-Id
X-Signature
X-Tb
X-Type
X-B
X-B-Cache
X-Node-Name
X-Envoy-Decorator-Operation
X-Source
ServerID
Paypal-Debug-Id
DC
X-Hostname
X-Fastly-Request-ID
X-Drupal-Cache-Tags
X-Debug
X-Proxy
Frame-Options
X-Revision
X-Mobile
X-Content-Options
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-COUNTRY
X-Contextid
X-Load-Cache
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Cache-Rule
Amp-Access-Control-Allow-Source-Origin
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Kong-Upstream-Latency
X-N
X-Kong-Proxy-Latency
X-Content
X-Cache-Control
Country
X-Magnolia-Registration
Node
Refresh
Referer-Policy
X-Whom
X-EdgeConnect-Cache-Status
X-Response-Served-From
X-User-Agent
X-Original-Request-Id
X-Oracle-Dms-Rid
NGB
X-Oracle-Dms-Ecid
Viewport
Access-Control-Request-Headers
X-Cacheable-TTL
X-L-Path
X-Environment-Context
X-Framework
X-Debug-IsPreview
X-Debug-IsConnected
X-Cache-TTL-Remaining
X-Ratelimit-Remaining
Content-Disposition
X-Real-IP
X-Adobe-Loc
VIX-Pulpo-Upstream-Status
X-Unique-Id
VIX-Pulpo-Node
X-Adobe-Content
X-Status
Akamai-GRN
X-Yottaa-Metrics
X-Servername
X-Content-Powered-By
X-Akamai-Request-ID2
X-Varnish-Server
X-Mid
Url
X-Yottaa-Optimizations
X-Page-View
Uber-Trace-Id
X-Jobs
X-G
X-NYM-Debug-Backend
X-Rendered-As
X-Cache-Time
X-Is-Bot
X-Varnish-Age
X-Cache-Grace
X-ProcessESI
X-Instance
Srv
X-RemovedCookies
X-Server-ID
Countrycode
X-Drupal-Cache-Contexts
X-Mg-Request-UUID
Version
X-APP-VERSION
X-Restarts
X-Trace-Id
X-Http-Reason
X-XRDS-LOCATION
X-App-Server
X-CDN-Forward
Accept-Language
X-Via-JSL
X-Time
X-Cache-Expired-At
Protected
X-Debug-Info
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Hit
X-Tumblr-Pixel-1
X-Tumblr-User
X-IPLB-Instance
X-IPLB-Request-ID
X-Hosted-By
Healthy
X-Ratelimit-Limit
X-Nginx-Cache-Key
X-Cache-Operation
X-Azure-Ref
X-Device-Type
Cross-Origin-Resource-Policy
Section-Io-Cache
X-Tt-Logid
Liferay-Portal
X-Backend-Name
Server-Info
Backend
X-FW-Server
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
X-Akamai-Edgescape
X-FW-Static
Fastcgi-Useragent
Content-Secure-Policy
X-FW-Type
MS-CV
X-RTag
X-Rule
Ms-Operation-Id
X-RN-RSRV
Meta-Geo
Load-Balancing
X-Storage
X-Mobile-URL
X-UPSTREAM-Address
X-Cache-Action
X-Proxy-Cache-Status
X-Mode
GEO-INFO
X-SRV
X-Varnish-Beresp-Grace
X-Handled-By
X-Cache-NGX
X-VC-Cache
X-Api-Version
X-Content-Age
X-UUID
X-Redis-Cache
X-LJ-Flow-ID
CDN-RequestId
X-No-Session
X-PHP-Host
X-PHP-Backend
X-PCL
X-OCL
X-Proto
CDN-Cache
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-Uid
Eomportal-Instance
X-Sql-Count
X-Site-Version
X-Edge-Location
X-Sql-Duration-Ms
X-Forwarded-Host
Locale
X-Urbn-Context-Path
X-Skip-Cache
X-Cms-Context
X-AWS-Id
X-Sorting-Hat-ShopId
X-Adobe-Source
S-Rt
X-Cache-Enabled
X-Sorting-Hat-PodId
X-Cache-Server
X-Urbn-Site-Id
X-Uri
X-Say-TTL
X-SayCDN-TTL
X-Section
X-Access
X-Format
X-Labrador-Cache-Channel
X-Say-Cacheable
Onion-Location
CF-IPCountry
X-ShopId
X-Shopify-Stage
X-Varnish-Hostname
X-Varnishpool
X-ShardId
X-VWS-Id
X-Region
X-Alternate-Cache-Key
X-URL
X-Cache-Type
Azure-SiteName
Azure-RegionName
X-ServerID
Azure-InstanceId
X-Xfnlog-Site
X-Zipkin-Id
X-Detected-As
X-BYPASS-REASON
Azure-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
TWC-Connection-Speed
X-Web-Node
X-Via-Fastly
X-Proxied
X-Datadome
X-Storefront-Renderer-Rendered
X-Proxy-Build
X-ProxyCache-Key
X-Routing-Service
X-Request-Time
X-ProxyCache-Status
X-Timing-Wait
X-UA-Device-Type
X-Generated-By
X-FB-TRIP-ID
X-Extlb
X-GeoCode
X-GeoCountry
X-HTML-Minification-Powered-By
X-Hl-Ver
Web-Mar-Node
Azure-SlotName
X-Cache-Host
X-Server-W
X-Locale
DB-Nickname
X-Varnish-Cache-Hits
X-Origin-Hint
Mn-Server-Ip
Webcakes-Region
Webcakes-App-Name
X-Generation-Time
Webcakes-App-Version
Apigw-Requestid
Selected-Fe
X-Origin-Date
X-Cache-Status-Check
X-R9-Blue-Green-Version
X-Tid
X-SaId
X-JoinUs
X-Ms-Version
WP-Super-Cache
X-Ms-Request-Id
Cache-Name
Xserver
X-ECache
X-FireWall-Port
ServedBy
X-WP-CF-Super-Cache
X-Zen-Fury
X-WP-CF-Super-Cache-Cache-Control
X-DynaTrace-JS-Agent
X-LSADC-Cache
X-Nginx-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Ua
X-Debug-Cache
X-Dc
X-Human
Xet-Cookie
X-Tec-Api-Origin
X-Tec-Api-Root
X-TA-CDN-Provider
X-Tec-Api-Version
X-Cache-Tags
X-TNCMS
Cache
X-MP-GENERATED-AT
X-Loop
X-Aspnetmvc-Version
Source
X-RCS-CacheZone
X-Correlation-ID
X-Reqid
X-GEO
X-Varnish-Hits
X-Cdn
X-Cached-By
SD-X-WS
X-Webkit-CSP
X-Pubstack
Cross-Origin-Window-Policy
Origin
X-Soup
X-Newrelic-Synthetics
X-Amzn-Remapped-Content-Length
X-App-Version
WPO-Cache-Message
WPO-Cache-Status
X-Origin-TTL
X-Tumblr-Pixel-2
X-Provided-By
X-Origin-CC
LB
X-Vgn-Hpd-Reason
X-Service
X-Varnish-Beresp-Ttl
From-Origin
X-IPS-LoggedIn
X-Varnish-Ttl
X-TIME
Webserver
X-AOL-HN
X-B3-SpanId
X-Via-NSCOPI
X-NewRelic-App-Data
X-GG-Cache-Date
Rip
X-B3-Traceid
X-FW-Version
X-Platform-Server
X-Request-Host
X-A-Dam
X-A
X-A-Ccd
Rendered-Blocks
T-Server
Surrogated-Key
Sslversion
Odigeo-Trace-Id
X-A-Dcw
Meta-Geo-Continent
X-A-Wwc
X-A-Dgt
X-Aed
MD5-Digest
Lang
X-PBS-Appsvrname
Ngx.Var.Host
X-AK-Request-ID
Host-ID
X-Destination
X-Developer
Cdncip
Cdnsip
X-D
BehaviorPad-Version
X-Ec-Fail
X-Forwarded-Path
X-External-Request-Id
A
X-Ec-GeoHdr
DCR-Decision-By
X-NAPM-TraceId
X-BCube-Filmed-By
X-Cache-NE
X-Bc-Bl
X-B-Cookie
X-ARC
X-Owner
Expiry
DCR-Processing-Time-Ms
X-Orig-Expires
X-Connection-Hash
Environment
X-Application
X-Processor
X-S
Xc-Version
X-Rojux
X-SRCache-Key
X-Rewrite-Enabled
X-ScT
X-Served-From
X-Shop-Environment
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-User
X-S-Cookie
X-Tenant
X-Cluster-Node
X-TIM-N
OT-Force-Account-Verify
Mime-Version
X-Varnish-Beresp-Status
X-Bip
X-Qloud-Router
CPC-Cache
Cache-Hits
X-Pool
X-Aicache-OS
Machine
Upgrade-Insecure-Requests
X-Level-Front-Cache
X-Generated-On
X-Thanos
CPC-Age
X-Accel-Buffering
VNS-Age
Redirect-Candidate
X-Parent-Response-Time
VNS-Cache
X-Dispatcher-Number
X-WA-Info
X-Cluster
X-Branch-Name
X-V-Cache
X-Ckpd-Fst-Backend
X-Core-Mission
X-Clientip
X-Cdn-Origin
X-Variation
X-CacheTTL
X-Varnish-CookieHashed-On
X-Clara-WADP
X-Cache-Info
X-CMSURLCustom
X-Cdn-Srv
X-Cache-Bucket
X-Cache-Id
X-CGP
X-Ad-Defer-Variation
Traceparent
Thinkindot-Control
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Origin-Time
X-Nyt-Route
X-Gdpr
TDXMobile
Tube-Return
Vix-Hermes-Req-Id
X-VServer
X-Thinkindot-L3
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-BBC-Edge-Cache-Status
X-WADP-Cache
X-Wix-Viewer-Type
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Worker
X-Varnish-CookieINHashed-On
X-DefElseHash
X-SB
X-JWT-State
X-S-Maxage
X-Loc
X-Mvc-Supplant-Cachable
X-Minions-Version
X-Scale
X-Is-Gdpr
X-Gzip
X-GeoIP-City
X-Has-Esi
X-Hash
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Mvc-Supplant-OutputCached
X-Rocket-Nginx-Serving-Static
X-RateLimit-Limit-Second
X-Origin-Response-Time
State
X-Policy
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Origin
X-RateLimit-Remaining-Second
X-NodeID
X-Rocket-Build-Number
X-Optimistic-Header
X-Request-URI
X-Region-Sid
X-GeoIP
X-Geo-Header
X-Developers
X-SplitTest
X-Device-Os
X-Sn-Servicetimems
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-DefHash
X-Planisys-CDN-Cache
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Slack-Backend
X-SIPLIST1
X-Gamma-Serve
X-Forwarded-Site
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Fmm-Version
X-Fetched-On
X-Esi-Check
X-Epic-Correlation-Id
X-Sigma-Backend
X-Eu-Site
X-Sigma
X-Core-Value
V-Age
Is-Eu
IsBot
HA-Ipaddr
Ha-Gx-Prefs
HostName
Kp-EeAlive
L
Cache-Host
Memcached
Canary
Candidate-Md5Url
L5d-Success-Class
Click-Count-Action-Start
Click-Count-Error
Country-Code
Cmstype
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Cmsid
Fastly-Backend-Name
Fastly-SWR
Fastly-SSL
Fastly-SIE
Fastly-GeoIP-CountryCode
Apple-News-Services-Request-Url
Mobile-Detection-Method
DSUID
X-CSRF-Token
Platform
Release
Req-Svc-Chain
Servername
Server-Host
Adler-Geo
Producers
Apple-News-Services-Host
NGX
NM-Fastcgi-Cache
Origin-CC
Origin-EX
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Cache-Debug
X-VC
Cache-Tv-Group
X-Tx-Id
X-NCache
X-Scheme
Ec-Rule-Version
CloudFront-Viewer-Country
AKAMAI
X-Gen-Mode
X-Hnp-Log
CDCHOST
X-Auto-Login
Web-Mar-Region
We-Hiring
X-Proxy-Cache-Info
User-Cache-Control
Server-Ext
Svr
Sever-Int
Server-Hostname
X-Block-Status
X-INCAP-ABP
Cluster
X-Viewer-Country
Datacenter
Mail-Subject
Fastcgi-Cache-TTL
Gh-Request-Id
X-WP-CF-Super-Cache-Active
X-Presslabs-Stats
X-Cache-Remote
X-Sucuri-Cache
X-Session-Fingerprint
X-Sucuri-ID
X-Fastly-Cache
X-LB-NoCache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-ND-Cache
X-Origin-Expires
WebServer
X-Udemy-Cache-App-Namespace
Time
X-ZONE
Ssr
X-Var-Ttl
X-Azure-Ref-OriginShield
X-FC-Vary-Parameters
X-Fastly-Backend
X-ATG-Version
Memory
Pics-Label
X-Tb-Optimization-Total-Bytes-Saved
X-Nf-Request-Id
SID
Fastly-Drupal-HTML
X-Pod-Name
X-Trace-ID
Sid
X-NWS-UUID-VERIFY
X-Newrelic-App-Data
X-Generated-In
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-Akamai-Transformed
AMP-Access-Control-Allow-Source-Origin
Server-ID
X-Buckets
X-Xrds-Location
X-Ig-Push-State
X-Refresh
Env
X-Cache-Date
X-Servedbyhost
X-Release
X-Conf
X-Edge-Pop
X-Cs
X-Fpc
X-CACHE-AGE
X-MSEdge-Features
X-Microcachable
X-NC
X-MSEdge-Flight
X-Up
X-EC-Lua
X-DC
X-Pass-Why
X-Wa
X-Esi
My-App
X-Dispatch
X-Dmc
Fastly-Drupal-Html
X-PX
X-Tumblr-Pixel-3
X-Lambda-Id
X-ID
X-Endurance-Cache-Level
GeoIp-Country-Code
X-MCACHE
X-Zone
CDN
X-NGINX-Cache
X-CS
True-Client-IP
X-VCL-Version
X-Be
Magicmarker
X-Req
X-Vc
X-RateLimit-Reset
X-TRACE-ID
X-TX-ID
X-CSRF-TOKEN
Hostname
X-Webkit-CSP-Report-Only
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-CACHE-KEY
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
CacheControlHeader
X-Hyper-Cache
X-Yandex-Sdch-Disable
X-Micro-Cache
X-CF-Lambda-Fn
X-Srv
X-LB-ID
X-CF-Lambda-Version
X-TH-Server
True-Client-Country-4JS
X-Air-Pt
X-App
X-M-Reqid
X-M-Log
X-HS-Status
Pramga
X-Alfa-Service
Resin-Trace
X-Op-Id-All
X-B3-Spanid
Path
C-Via
Tcn
X-Vcl-Version
True-Client-Ip
X-Qnm-Cache
X-TrackingId
GeoIP-Country-Code
N-Cache
X-Varnish-Beresp-TTL
Tracecode
X-SERVER-NAME
Fastcgi-X-Cache-Version
X-Platform
On-Server
X-Vercel-Cache
X-GeoIP-Country-Code
X-PAYTM-SRV-ID
X-Vercel-Id
Esi-Enabled
X-GeoIP-Region-Code
Proxy-Connection
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
NtCoent-Length
Section-Io-Origin-Time-Seconds
X-Date
Section-Io-Id
X-Accel-Expires-Debug
Section-Origin-Responded
Section-Io-Origin-Status
WWW-Authenticate
X-Datacenter
X-FPC
X-Edge-Origin-Shield-Region
Hit
X-Edge-Origin-Shield-Bytes
X-Akamai-Pragma-Client-IP
X-Webkit-Csp-Report-Only
X-Platform-Processor
X-Platform-Cluster
X-Via-CDN
X-Platform-Router
X-Geo
GeoIP-Latitude
X-Node-Id
X-Vtex-Processado-Em
X-Lb-Id
X-Mly-Id
X-Vtex-Remote-Cache
X-RAMCache
X-WA
Yjs-Id
YJS-ID
X-Request-Start
X-Old-Content-Length
X-Response-By
X-API-Version
Lb
ENV
X-SD-PageType
FSS-Cache
X-LAGOON
X-Edge-POP
X-ServedByHost
Server-Id
User-Agent
X-Dw-Trace-Id
X-Cdn-Forward
X-AIR-PT
Cache-Key
X-Via-PopN
X-LiteSpeed-Cache-Control
Powered-By
X-PERF
X-ApacheServer
Cdn
X-Via-PopV
HIT
X-Via-PopH
DynaTrace
X-TT-LOGID
X-Traceid
Server-Ttl
Dnion-Transfer-Encoding
X-FORWARDED-FOR
X-Proxy-CacheRZ
Locid
X-CUA
XkeyRZ
X-Cache-Ttl
Srvid
X-Render-Time
X-Location
X-Via-Ucdn
X-From
X-FL-EDGE
X-Instance-Name
X-UA
X-Li-Pop
X-LI-Proto
X-LI-UUID
Geoip-Latitude
X-Li-Fabric
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Service-Response-Time
Sm-Log-Id
X-DSS
X-RPS
X-Webstats-RespID
X-DI
X-DW
X-RPM
X-RSL
Ohc-File-Size
PFcat
X-DB
X-HN
X-CF-Powered-By
X-Proxy-Cache-Hk
X-LiteSpeed-Tag
X-VarnishDD-TTL
DT-Hot-News
X-Proxy-Upstream
XM
XServer
Nginx-CQVIP
PICS-Label
Location
X-Wp-Cf-Super-Cache-Cache-Control
X-Cache-Ngx
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache
Wpo-Cache-Message
X-B3-ParentSpanId
Wpo-Cache-Status
X-Request-Url
X-Cdn-Request-ID
X-Lb-Nocache
X-HostName
X-Fastly-Cache-Hits
X-Fastly-Backend-Reqs
X-ElasticPress-Query
X-Director
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Vha6-Origin
X-Ips-Loggedin
CountryCode
Warning
Wp-Super-Cache
Fastcgi-Cache-Ttl
X-DataCenter
X-Server-IP
X-Yottaa-OS
Req-ID
SRV
X-Moov-T
X-Moov-Xdn-Version
X-Mg-Cache
WZWS-RAY