Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-DNS-Prefetch-Control
X-Request-ID
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Server-Timing
X-XSS-PROTECTION
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Robots-Tag
X-Backend
X-Cache-Group
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Proxy-Cache
X-Hacker
X-Server
X-Rq
X-UA-Device
X-Age
X-Server-Powered-By
Allow
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
EagleId
X-Dispatcher
X-Amz-Version-Id
Grace
Cf-Apo-Via
P3p
X-LiteSpeed-Cache
Nel
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Node
X-Host
Accept-CH
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-OneAgent-JS-Injection
X-Backend-Server
X-CST
X-Readtime
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Content-Security-Policy-Report-Only
Permissions-Policy
X-Cache-Lookup
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Trace
X-Response-Time
X-Edge
X-HW
X-Litespeed-Cache
X-Ua-Compatible
X-Mod-Pagespeed
X-Url
Content-Location
X-Clacks-Overhead
X-Ruxit-JS-Agent
Accept-CH-Lifetime
X-Oneagent-Js-Injection
X-Midtier
X-ECACHE
X-Mcache
Rating
X-Amz-Server-Side-Encryption
X-Country
X-ESI
X-Upstream
X-Vname
X-TtlSet
X-PC
Xkey
X-Vcap-Request-Id
X-MS-InvokeApp
Cache-Tag
X-D2id
X-Rack-Cache
X-Element-Page-Cache
Accept-Ch
Verso
Fastly-Restarts
X-Cache-TTL
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
Edge-Control
RTSS
X-Content-Type
X-Powered-By-Plesk
X-VARITI-CCR
X-Ac
Origin-Trial
X-Navigation-Version
X-Cached
X-WebKit-CSP-Report-Only
X-Abt-Application-Version
X-Goog-Hash
X-GitHub-Request-Id
Service-Worker-Allowed
X-Ruxit-Js-Agent
X-Country-Code
X-Amz-Rid
Display
X-Middleton-Display
Pagespeed
X-Sol
X-Ttl
X-Mg-S
X-Dw-Request-Base-Id
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Browser-Type
X-Server-Name
Arr-Disable-Session-Affinity
Cross-Origin-Opener-Policy
X-Varnish-TTL
X-Instrumentation
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Powered-CMS
AR-SID
X-Middleton-Response
Response
X-Amzn-Trace-Id
SPIisLatency
SPRequestDuration
X-Ua-Device
X-Cache-Key
AR-CACHE
X-Fastly-Request-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-ORACLE-DMS-ECID
X-Cnection
X-ORACLE-DMS-RID
X-Version
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-NF-Request-ID
X-T
X-Accel-Expires
Front-End-Https
X-Times
Cache-Status
Cache-Tags
Edge-Cache-Tag
X-Client-IP
X-Ser
X-Px
X-MSEdge-Ref
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Webkit-Csp
X-Fastcgi-Cache
Public-Key-Pins
X-Hits
Nginx-Cache
X-Recruiting
X-RateLimit-Remaining
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Shield-Request-Id
X-Request-Received
X-Request-Processing-Time
X-LLID
X-Frontend
Access-Control-Request-Method
X-NWS-LOG-UUID
Server-Node
X-Ua-Browser
X-Webkit-CSP
Payment
TP-Cache
X-DIS-Request-ID
X-FastCGI-Cache
X-RateLimit-Limit
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
S
TP-L2-Cache
X-B3-Traceid
X-LB-Cache
X-Goog-Metageneration
X-Content-Digest
Content-MD5
X-PressLabs-Stats
X-Distributor
X-Erf-Stays-Pdp-Viaduct-Migration-Web
Realpath
X-Kinja-CCPA
X-Microsite
X-Request-Handler-Origin-Region
X-Forwarded-For
X-Page-Id
X-Geo-Country
Access-Control-Allow-Method
X-Ezoic-Cdn
Accept-Charset
Fastcgi-Cache
X-FB-Debug
X-Envoy-Decorator-Operation
X-Webkit-CSP-Report-Only
X-Cluster-Name
X-Correlation-Id
X-GUploader-UploadID
X-Rid
X-Hostname
X-Protected-By
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Seen-By
X-Ratelimit-Remaining
Cleartype
TCN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-B3-Sampled
X-TEC-API-ORIGIN
DC
X-Origin-Server
X-Origin-Cache
X-TTL
X-Newrelic-App-Data
X-Goog-Storage-Class
X-Debug-Info
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Mobile
Referer-Policy
X-Varnish-Backend
X-Logged-In
X-Ratelimit-Limit
X-Git-Hash
X-Kinsta-Cache
X-Edge-Location-Klb
Cross-Origin-Resource-Policy
X-Azure-Ref
X-XRDS-Location
Alternate-Protocol
X-Varnish-Grace
X-Aspnet-Version
X-Fb-Rlafr
X-App-Environment
Surrogate-Key
Healthy
X-Aspnet-Duration-Ms
X-Amz-Replication-Status
X-Contextid
X-Revision
X-Flags
X-Grace
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-Amz-Meta-S3cmd-Attrs
X-TT
Count-Hit
X-Server-ID
X-Content-Options
X-Wix-Request-Id
X-Whom
X-IPS-LoggedIn
X-Forwarded-Proto
Filterid
MS-Author-Via
X-Akamai-Edgescape
Viewport
Frame-Options
X-App-Server
WPO-Cache-Status
WPO-Cache-Message
X-Id
Charset
X-Hosted-By
Paypal-Debug-Id
X-B
X-Cache-Age
X-Backend-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Magnolia-Registration
X-AppVersion
X-Daa-Tunnel
X-Activity-Id
X-Az
X-Cache-Control
X-Www-Served-By
X-Trace-Id
Retry-After
X-Client-Ip
Section-Io-Cache
Server-Name
Refresh
X-Varnish-Ttl
X-Type
X-Upgrade-Enabled
X-Proxy-Cache-Info
Version
X-F-Cache
X-Varnish-Server
X-Proxy
X-Time
Akamai-GRN
X-Original-Request-Id
X-Response-Served-From
X-Rule
X-Http-Reason
X-ARC
Host
SD-X-WS
X-App-Version
X-Cache-Rule
X-UUID
X-Varnish-Age
X-Instance
X-User-Agent
X-Status
Protected
X-Edge-Location
Front
X-Akamai-Request-ID2
X-Is-Bot
X-Jobs
X-Region
X-Rendered-As
X-Framework
X-Cacheable-TTL
SRV
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Amp-Access-Control-Allow-Source-Origin
X-Rocket-Nginx-Serving-Static
X-Cache-Grace
X-FW-Type
X-Cache-Time
X-FW-Static
X-FW-Version
Access-Control-Request-Headers
X-Page-View
X-N
X-Environment-Context
X-FW-Server
From-Origin
Fastly-SIE
X-FW-Dynamic
X-L-Path
X-FW-Serve
X-FW-Hash
Fastly-SWR
X-Unique-Id
X-Oracle-Dms-Ecid
X-Tumblr-Pixel
X-EdgeConnect-Cache-Status
X-ProcessESI
X-Tumblr-Pixel-0
X-RemovedCookies
X-Tumblr-Pixel-1
X-Adobe-Loc
X-Adobe-Content
X-Tumblr-User
X-G
X-Oracle-Dms-Rid
X-Source
X-Load-Cache
ServerID
X-COUNTRY
Content-Disposition
X-CDN-Forward
X-Drupal-Cache-Tags
Country
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-RateLimit-Reset
X-Language
X-HTML-Minification-Powered-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
Accept-Language
Countrycode
X-DynaTrace
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Datadog-Sampled
X-Amzn-Remapped-Content-Length
Liferay-Portal
X-Debug-IsConnected
X-Debug-IsPreview
X-Vcache
X-Mg-Request-UUID
X-DynaTrace-JS-Agent
X-B3-SpanId
X-Generated-By
Xet-Cookie
X-ID
X-XRDS-LOCATION
X-Nf-Request-Id
Backend
X-DataDome
X-ECache
X-WP-CF-Super-Cache
Webserver
X-Mode
X-WP-CF-Super-Cache-Cache-Control
X-Drupal-Cache-Contexts
Xserver
X-Content-Powered-By
X-Device-Type
X-NYM-Debug-Backend
X-B-Cache
X-Signature
CF-IPCountry
X-Zen-Fury
X-Tt-Logid
GEO-INFO
X-Httpd
X-Ratelimit-Reset
X-Servername
Url
X-Nginx-Cache
X-Erf-Web-Scheduler
X-Content-Age
Azure-SlotName
X-Sucuri-Cache
X-ServerID
X-Cache-Action
X-Urbn-Site-Id
X-Sucuri-ID
X-Urbn-Context-Path
X-Container-Uri
Meta-Geo
Locale
X-Varnish-Cache-Hits
X-SaId
X-JoinUs
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-LAGOON
Azure-Version
Filters
X-Rewrite-Enabled
X-Git-Commit
Onion-Location
Load-Balancing
X-UPSTREAM-Address
S-Rt
X-Director
X-Proto
X-Cache-Operation
X-Cluster-Node
X-Tb
X-Storage
X-Varnish-Hostname
X-Soup
X-Forwarded-Host
X-Generation-Time
X-Ms-Request-Id
X-Ms-Version
X-Say-Cacheable
X-Xrds-Location
X-Served-From
X-Labrador-Cache-Channel
X-Say-TTL
X-PHP-Host
X-RM-Cache-TTL
X-Detected-As
X-SayCDN-TTL
Web-Mar-Node
Uber-Trace-Id
X-Logging-Id
X-VCT
X-VC-Cache
X-Zipkin-Id
X-RCS-CacheZone
X-GeoCode
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
X-Origin-Hint
X-Proxied
X-Extlb
X-Adobe-Source
Webcakes-Region
X-Uri
X-Sql-Count
Fastcgi-Useragent
Node
X-Sql-Duration-Ms
Mn-Server-Ip
TWC-Connection-Speed
X-Skip-Cache
X-Cache-Server
Webcakes-App-Name
X-Routing-Service
Webcakes-App-Version
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
X-GeoCountry
DB-Nickname
Selected-Fe
X-Fetched-On
X-Tumblr-Pixel-3
X-Debug
X-R9-Blue-Green-Version
X-Timing-Wait
X-FB-TRIP-ID
X-Tumblr-Pixel-2
X-LSADC-Cache
X-Proxy-Build
X-Format
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Lambda-Id
CDN-RequestId
X-MP-GENERATED-AT
X-Origin-Date
X-Via-JSL
Fastly-Drupal-HTML
X-NGENIX-Cache
Source
OT-Force-Account-Verify
X-Cache-Expired-At
X-Cache-Hit
X-Template
X-Varnish-Hits
X-MCACHE
X-Node-Name
Content-Secure-Policy
X-Cache-TTL-Remaining
X-UA-Device-Type
X-Loop
X-Tncms
X-AIR-PT
X-Pass-Why
X-Endurance-Cache-Level
X-Ua
X-Srv
X-Redis-Cache
Upgrade-Insecure-Requests
Cross-Origin-Window-Policy
X-Server-W
X-Pubstack
NGB
X-PHP-Backend
X-Origin-TTL
X-Origin-CC
X-Fastly-Request-Id
X-Real-IP
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Datadome
X-Hcs-Proxy-Type
Cache-Hits
X-Cache-Host
MS-CV
Ms-Operation-Id
X-RTag
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Cache-Name
Section-Origin-Responded
X-Xfnlog-Site
X-Reqid
X-Restarts
X-S
X-Optimistic-Header
Cache-Provider
X-IPLB-Request-ID
X-CSRF-Token
X-IPLB-Instance
X-Cms-Context
X-GEO
CDN-Uid
CDN-RequestPullSuccess
X-Cache-Type
CDN-CachedAt
CDN-RequestPullCode
CDN-EdgeStorageId
CDN-Cache
CDN-RequestCountryCode
CDN-PullZone
X-Hl-Ver
X-BYPASS-REASON
X-No-Session
Apigw-Requestid
X-ProxyCache-Key
X-ProxyCache-Status
X-VWS-Id
X-Cluster
X-Via-Fastly
X-AWS-Id
X-Aspnetmvc-Version
X-LJ-Flow-ID
X-Rn-Rsrv
X-Accel-Expires-Debug
X-Aed
Redirect-Candidate
X-A-Wwc
X-Mvc-Supplant-Cachable
X-Fastly-Backend
Fastly-Backend-Name
X-Irp-Debug
X-A-Dgt
DCR-Decision-By
X-GeoIP-Country-Code
X-Application
X-Gdpr
CPC-Age
X-Forwarded-Path
X-Akamai-Transformed
CPC-Cache
X-GeoIP-Region-Code
X-FC-Vary-Parameters
DCR-Processing-Time-Ms
X-Eu-Site
X-CGP
X-CF-Lambda-Version
X-Bl-Debug
X-Conf
X-BCube-Filmed-By
X-CF-Lambda-Fn
X-Cdn-Diag
X-Cache-Bucket
Candidate-Md5Url
X-Cache-NE
X-CacheTTL
BehaviorPad-Version
X-Bc-Bl
X-Csrf-Jwt
X-Ec-Fail
X-Ec-Custom-Error
X-Ec-GeoHdr
X-B-Cookie
X-Nyt-Route
X-Dispatcher-Number
X-Developer
X-Date
X-D
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Destination
X-External-Request-Id
Ha-Gx-Prefs
Xc-Version
N-Cache
X-Wikidot-Static-Cache
X-SRCache-Key
X-Tenant
Ngx.Var.Host
Meta-Geo-Continent
X-Slack-Shared-Secret-Outcome
X-Shop-Environment
Mail-Subject
MD5-Digest
X-A-Dcw
X-Slack-Backend
X-Wikidot-Backend
Odigeo-Trace-Id
X-Vtex-Remote-Cache
Server-Host
Rendered-Blocks
X-Vdms-Path
X-Vdms-Version
Sslversion
X-Proxy-Cache-Status
X-TIM-N
T-Server
Surrogated-Key
X-We-Are-Hiring
X-Var-Ttl
Magicmarker
VNS-Age
X-SD-PageType
L
X-RateLimit-Limit-Second
X-Orig-Expires
X-Newrelic-Synthetics
Canary
X-Origin-Time
X-A-Ccd
X-A
HA-Ipaddr
Web-Mar-Region
X-Policy
X-RateLimit-Remaining-Second
X-Request-Host
X-Rojux
We-Hiring
W
X-S-Cookie
VNS-Cache
X-ScT
X-CACHE-AGE
L5d-Success-Class
Gh-Request-Id
Lang
X-A-Dam
X-Access
X-Section
Release
Thinkindot-CacheControl
Thinkindot-Control
X-Auto-Login
Vix-Hermes-Req-Id
Thinkindot-CacheControl-Type
X-App-Name
X-Bip
X-ApacheServer
TDXMobile
X-Alternate-Cache-Key
X-Fmm-Version
X-ShardId
X-Server-IP
X-ShopId
X-Shopify-Stage
X-Accel-Buffering
X-S-Maxage
X-Has-Esi
X-Pool
X-Platform
X-JWT-State
X-Is-Gdpr
X-Request-Time
Fastly-SSL
X-Sorting-Hat-PodId
X-WADP-Cache
X-Up
X-Varnishpool
X-Viewer-Country
X-VG-WebCache
X-Thinkindot-L3
X-Thanos
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Test
X-PERF
X-PAYTM-SRV-ID
X-Forwarded-Site
X-Esi-Check
X-Generated-On
X-Geo-Header
X-Gzip
X-Epic-Correlation-Id
X-Core-Value
X-Cache-Info
X-Cache-Id
X-Clara-WADP
X-CMSURLCustom
X-Core-Mission
X-Handled-By
X-Hash
X-Wix-Viewer-Type
X-Old-Content-Length
X-Org
X-Origin-Response-Time
X-Owner
X-Node-Id
X-Mly-Id
X-INCAP-ABP
X-Human
X-Level-Front-Cache
X-Mid
X-Worker
X-Cache-Debug
X-Clientip
Environment
Datacenter
Cmstype
Fastly-GeoIP-CountryCode
Gannett-Cam-Experience-Id
Machine
Memcached
Host-ID
Cmsid
Origin
AKAMAI
X-TimeS
WP-Super-Cache
User-Cache-Control
X-Vcl-Version
AMP-Access-Control-Allow-Source-Origin
X-Web-Node
X-DefHash
Esi-Enabled
X-Cdn-Srv
X-Qloud-Router
X-Sn-Servicetimems
X-DefElseHash
X-Varnish-CookieHashed-On
X-Device-Os
X-Cdn-Origin
X-BBC-Edge-Cache-Status
CloudFront-Viewer-Country
X-VG-TLSProxy
X-Block-Status
Country-Code
X-Dispatcher-Server
X-DPWN-IS-SECURE
DSUID
CDCHOST
X-Scale
X-From
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
Producers
Platform
NM-Fastcgi-Cache
X-Gen-Mode
Sever-Int
X-Mvc-Supplant-OutputCached
True-Client-Country-4JS
Req-Svc-Chain
X-Nginx-Cache-Key
Server-Ext
Server-Hostname
X-Nananana
X-TA-CDN-Provider
Is-Eu
X-Cs
X-Hnp-Log
X-Variation
X-Parent-Response-Time
Adler-Geo
X-WA-Info
X-Origin
Expect-Staple
X-Vmg-Version
X-VServer
X-NodeID
Apple-News-Services-Host
X-NCache
Apple-News-Services-Parsed-Url
C-Via
Apple-News-Services-Handled
X-Presslabs-Stats
X-GeoIP
X-Loc
X-Nitro-Cache
X-App
Pics-Label
X-Op-Id-All
X-Instance-Name
Apple-News-Services-Request-Url
X-Azure-Ref-OriginShield
Origin-CC
Wxu-Next-Hostname
ServedBy
Origin-EX
X-Akamai-Device-Characteristics
Wxu-Next-Commit
Ssr
Wxu-Next-Region
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
Time
X-Cache-Enabled
X-Refresh
Memory
X-Amz-Meta-Cb-Modifiedtime
X-LB-NoCache
Server-Info
X-Tx-Id
X-TIME
X-Cache-Status-Check
X-Platform-Router
Cache-Host
X-Platform-Cluster
X-Platform-Processor
X-HA-Backend
X-Microcachable
Server-ID
X-Locale
X-Site-Version
X-Correlation-ID
X-Dc
X-Origin-Expires
NGX
XM
PFcat
Hostname
X-HN
X-VarnishDD-TTL
X-Tb-Optimization-Total-Bytes-Saved
X-VHOST
X-API-Version
Cf-Device-Type
X-ZONE
GeoIP-Latitude
Resin-Trace
X-CACHE-GROUP
Edge-Copy-Time
X-Via-Edge
Origin-Agent-Cluster
Srvid
X-Via-CDN
X-Ad-Defer-Variation
X-Via-SSL
X-FL-EDGE
X-FL-QIT-DEBUG
Locid
A
X-Zone
X-Wp-Cf-Super-Cache-Active
X-Upstream-Ct
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Upstream-Ht
X-DC
X-Vgn-Hpd-Reason
Sid
Cdn-Requestid
X-Internal-Host
YJS-ID
X-Fpc
X-Webkit-Csp-Report-Only
X-ATG-Version
X-FireWall-Port
Cache-Key
X-Contensis-Viewer-Groups
X-Cache-ASPX
Uri
X-Micro-Cache
X-Moov-Xdn-Version
X-Varnish-Authentication
X-Moov-T
X-WP-CF-Super-Cache-Active
X-Pod-Name
X-Github-Request-Id
X-Cached-By
X-TraceId
X-LiteSpeed-Cache-Control
User-Agent
X-DataCenter
True-Client-Ip
X-VCache
X-NGINX-Cache
X-Provided-By
X-SIPLIST1
IsBot
State
X-Info
X-Planisys-CDN-TTL
X-HS-Content-Campaign-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Location
X-URL
X-AB
X-Buckets
X-B3-Spanid
X-Platform-Server
GeoIP-Country-Code
X-B3-Parentspanid
X-Fastly-Cache
X-RN-RSRV
X-Sigma
X-Sigma-Backend
X-Cache-Remote
X-Nitro-Rev
X-Nitro-Cache-From
X-Backend-Instance
GeoIp-Country-Code
X-Datacenter
X-Geo-Region
X-Release
X-Rocket-Build-Number
X-VC
X-Esi
X-LiteSpeed-Tag
X-Api-Version
X-MSEdge-Features
Cache
X-Accel-Version
Cdn
X-MSEdge-Flight
SID
X-Generated-In
XServer
X-Gamma-Serve
X-CS
True-Client-IP
CF-Ctrl
X-Geo
X-FTR-Request-ID
Tcn
X-CSRF-TOKEN
X-NewRelic-App-Data
Srv
X-HostName
Lb
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-GeoIP-City
X-Vgn-Hpd-Ssi
NtCoent-Length
Cache-Tv-Group
X-Is-Desktop
X-Tcp-Rtt
X-Is-Mobile
Fastly-Drupal-Html
X-Is-Supported-Browser
X-Browser-Name
X-Is-Tablet
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-HS-Status
X-FPC
Path
X-Scheme
X-TRACE-ID
X-SRV
Cf-Ipcountry
Epwk-X-Cache
X-Hyper-Cache
HostName
X-Frame-Option
X-CACHE-KEY
Kp-EeAlive
X-Amz-Meta-Opti
X-Service
Ohc-File-Size
X-Location
X-GoCache-CacheStatus
X-Mobile-URL
X-APP-VERSION
Serverid
X-TX-ID
X-UA
CountryCode
X-Developers
On-Server
X-Air-Pt
X-Aicache-OS
X-AK-Request-ID
X-Men
X-Webstats-RespID
Cdncip
Cdnsip
CacheControlHeader
X-Region-Sid
X-Guploader-Uploadid
Tube-Get-Contents
X-Traceid
X-LB-ID
Tube-Got-Eval
Click-Count-Action-Start
X-Acquia-Purge-Cdn-Unconfigured
Click-Count-Error
X-B3-Trace-ID
Proxy-Connection
X-Cache-FS-Status
V-Age
X-Minions-Version
Tube-Got-Results
Tube-Return
X-CDN-Cache-Status
X-Branch-Name
Mime-Version
X-Cache-Ttl
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-SB
X-EC-Lua
X-V-Cache
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Cache-Tags
RNT-Machine
WebServer
RNT-Time
X-Req
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Cdn-Cache-Status
CF-Cached-On
Yak-Timeinfo
ENV
X-Servedbyhost
X-Vc
X-Nc
WZWS-RAY
X-Wa
WWW-Authenticate
Env
X-Pad
X-Proxy-CacheRZ
Geoip-Latitude
XkeyRZ
Ohc-Cache-HIT
X-VCL-Version
CDN
X-Vercel-Cache
X-Edge-Server
Cdn-Request-Time
LB
X-Vercel-Id
Cdn-Host
X-Akamai-Pragma-Client-IP
X-Edge-Pop
X-NWS-UUID-VERIFY
Ngx
X-Cdn-Forward
X-TT-LOGID
X-User
X-Fastly-Country-Code
X-Lb-Cache
X-Check-Cacheable
X-FTR-Backend-Server
Content-Script-Type
X-Ha-Backend
Req-ID
Content-Style-Type
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-Ckpd-Fst-Backend
Server-Id
X-NMSegId
X-TH-Server
M-TraceId
X-FTR-Expires
X-Processor
X-FTR-Cache-Status
X-Origin-Cache-Key
X-Lb-Nocache
X-Acquia-Application-Trace
PICS-Label
X-Render-Time
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-APP
X-Litespeed-Cache-Control
Cluster
X-MiniProfiler-Ids
X-WP-CF-Super-Cache-Cookies-Bypass
X-Snapshot-Date
X-Cdn-Request-ID
X-Ad-Load-Variation
X-Edge-POP
X-Dw-Trace-Id
X-Via-Ucdn
X-CUA
X-IN-APIGATEWAY
HIT
X-IN-APIGATEWAYSSL
Yjs-Id
X-Miniprofiler-Ids
Cneonction
Log-Origin
Inserted-Into-Cache-At
X-Fastly-Cache-Hits
Vha6-Origin
CACHE-MISS-TO-ORIGIN
X-Fastly-Backend-Reqs
Edge-Cache
X-Iauth-Set-Uid
X-Cache-Date
X-Cached-Since
X-ElasticPress-Query
X-Response-By
X-RAMCache
X-Serial
X-M-Reqid
X-M-Log
X-Udemy-Cache-App-Namespace
Sm-Log-Id
X-Service-Response-Time