Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
CF-Ray
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-DNS-Prefetch-Control
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Request-ID
X-Dns-Prefetch-Control
Feature-Policy
X-Content-Security-Policy
Server-Timing
Content-Encoding
Access-Control-Expose-Headers
X-XSS-PROTECTION
Upgrade
X-CDN
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Via
X-Turbo-Charged-By
X-Backend
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-Proxy-Cache
X-Server
X-Vhost
X-Rq
X-UA-Device
X-Server-Powered-By
Allow
X-Age
X-Ws-Request-Id
X-Varnish-Cache
X-Dispatcher
EagleId
X-Amz-Version-Id
P3p
Nel
Grace
Cf-Apo-Via
X-LiteSpeed-Cache
X-Styx-Req-Id
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Device
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Host
X-Node
Accept-CH
X-CST
X-Backend-Server
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Server-Id
X-Readtime
X-Nginx-Cache-Status
Accept-CH-Lifetime
Permissions-Policy
X-Akam-SW-Version
X-Nginx-Upstream-Cache-Status
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Request-Id
X-Application-Context
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Ua-Compatible
X-Response-Time
X-Trace
X-HW
X-Edge
Xkey
Content-Location
X-Ruxit-JS-Agent
X-Clacks-Overhead
X-Mod-Pagespeed
X-Midtier
Rating
X-Litespeed-Cache
X-ESI
X-Url
X-Amz-Server-Side-Encryption
Accept-Ch
X-ECACHE
X-Mcache
X-Country
X-Upstream
Cache-Tag
X-Vcap-Request-Id
X-MS-InvokeApp
X-Rack-Cache
X-D2id
Verso
X-Exp-Id
X-Cdn-Fetch
X-Element-Page-Cache
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Powered-By-Plesk
Edge-Control
X-TtlSet
X-Vname
X-PC
RTSS
X-Cache-TTL
Accept-Ch-Lifetime
X-Ac
X-WebKit-CSP-Report-Only
Fastly-Restarts
X-Ruxit-Js-Agent
Service-Worker-Allowed
X-VARITI-CCR
X-Country-Code
Origin-Trial
X-Navigation-Version
X-Goog-Hash
X-Abt-Application-Version
X-Varnish-TTL
X-Cached
X-GitHub-Request-Id
X-Browser-Type
X-Amz-Rid
Pagespeed
X-Middleton-Display
X-Aspnetmvc-Version
Display
X-Sol
X-Oneagent-Js-Injection
Cross-Origin-Opener-Policy
X-Webkit-CSP
X-Dw-Request-Base-Id
X-Server-Name
X-SharePointHealthScore
SPRequestGuid
X-Amzn-Trace-Id
X-Kinja-CCPA
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Mg-S
X-NWS-LOG-UUID
X-Powered-CMS
SPIisLatency
X-Ttl
SPRequestDuration
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Content-Type
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
Arr-Disable-Session-Affinity
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-Cache-Key
X-Middleton-Response
Response
X-B3-TraceId
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Version
X-Times
X-NF-Request-ID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-SRCache-Fetch-Status
X-Cnection
X-SRCache-Store-Status
X-Fastly-Request-ID
AR-CACHE
X-FastCGI-Cache
Cache-Tags
X-T
X-Client-IP
X-Accel-Expires
Nginx-Cache
X-Server-ID
X-Ser
Cache-Status
Edge-Cache-Tag
X-B3-Traceid
Front-End-Https
X-MSEdge-Ref
X-Ua-Device
X-RateLimit-Remaining
X-Hits
X-Px
Public-Key-Pins
X-Recruiting
X-Webkit-Csp
Payment
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Request-Processing-Time
X-Frontend
X-Request-Received
X-LLID
Server-Node
X-Ua-Browser
X-RateLimit-Limit
S
X-Shield-Request-Id
X-DIS-Request-ID
X-TTL
X-GUploader-UploadID
X-Goog-Metageneration
TP-Cache
Content-MD5
Access-Control-Request-Method
MicrosoftSharePointTeamServices
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Content-Digest
X-Fastcgi-Cache
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-PressLabs-Stats
X-HS-Combine-CSS
Realpath
X-Distributor
X-Microsite
X-Protected-By
X-Request-Handler-Origin-Region
Fastcgi-Cache
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-LB-Cache
X-FB-Debug
Access-Control-Allow-Method
X-Page-Id
X-Cluster-Name
X-Forwarded-For
Accept-Charset
X-Daa-Tunnel
X-Geo-Country
TP-L2-Cache
X-Ezoic-Cdn
X-Rid
X-B3-Sampled
X-Ratelimit-Remaining
X-Hostname
X-Seen-By
X-Aspnet-Version
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Correlation-Id
Cleartype
Cross-Origin-Resource-Policy
Count-Hit
Referer-Policy
X-Mobile
DC
X-Newrelic-App-Data
X-Varnish-Backend
X-Content-Options
X-App-Server
X-Envoy-Decorator-Operation
TCN
X-Logged-In
X-Ratelimit-Limit
X-Debug-Info
X-Edge-Location-Klb
X-Git-Hash
X-Hosted-By
X-Kinsta-Cache
X-Contextid
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-IPS-LoggedIn
X-Amz-Replication-Status
X-Fb-Rlafr
X-Flags
X-Grace
X-Revision
Surrogate-Key
X-Varnish-Grace
X-Origin-Cache
X-TT
X-App-Environment
X-Azure-Ref
X-Amz-Meta-S3cmd-Attrs
Frame-Options
X-Forwarded-Proto
Retry-After
X-Origin-Server
X-F-Cache
X-Id
X-Wix-Request-Id
X-Magnolia-Registration
WPO-Cache-Message
X-TEC-API-VERSION
X-Whom
X-TEC-API-ROOT
X-Webkit-CSP-Report-Only
WPO-Cache-Status
X-TEC-API-ORIGIN
X-RateLimit-Reset
Alternate-Protocol
Healthy
Section-Io-Cache
Charset
X-Akamai-Edgescape
MS-Author-Via
Viewport
X-Backend-Name
X-Proxy-Cache-Info
X-App-Version
X-Client-Ip
X-COUNTRY
X-B
Paypal-Debug-Id
SRV
X-Activity-Id
X-Az
X-AppVersion
X-Www-Served-By
ServerID
X-Language
Filterid
X-Http-Reason
X-Varnish-Server
X-Response-Served-From
X-Instance
X-XRDS-Location
X-Cache-Rule
X-Original-Request-Id
VIX-Pulpo-Node
SD-X-WS
Host
X-N
X-ARC
VIX-Pulpo-Upstream-Status
X-Xrds-Location
Akamai-GRN
Country
X-EdgeConnect-Cache-Status
X-Cache-Grace
X-UUID
X-Edge-Location
X-Rule
Front
Protected
X-Akamai-Request-ID2
X-User-Agent
X-Varnish-Age
X-Datadog-Parent-Id
X-Page-View
X-L-Path
X-Status
X-FW-Dynamic
X-Datadog-Sampling-Priority
X-Unique-Id
X-Jobs
X-Datadog-Trace-Id
X-Environment-Context
X-Cacheable-TTL
X-FW-Server
X-FW-Type
From-Origin
X-Region
X-FW-Static
X-FW-Version
X-FW-Serve
X-FW-Hash
Amp-Access-Control-Allow-Source-Origin
X-Tumblr-Pixel
X-Cache-Time
X-Adobe-Loc
X-Adobe-Content
Server-Name
X-Tumblr-Pixel-0
X-Framework
X-Rendered-As
X-Is-Bot
X-Rocket-Nginx-Serving-Static
Fastly-SWR
Fastly-SIE
Access-Control-Request-Headers
X-Tumblr-User
X-Load-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Type
X-Trace-Id
X-Time
X-Tumblr-Pixel-1
X-Tec-Api-Root
X-Tec-Api-Version
X-G
X-RemovedCookies
X-ProcessESI
X-DataDome
X-Tec-Api-Origin
X-Proxy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Age
X-Cache-Control
X-Mg-Request-UUID
X-Datadog-Sampled
Content-Disposition
X-Amzn-Remapped-Content-Length
X-Signature
X-CDN-Forward
X-Debug-IsPreview
X-Debug-IsConnected
X-B-Cache
X-Vcache
Refresh
X-ECache
Backend
X-Drupal-Cache-Tags
X-Source
X-WP-CF-Super-Cache-Cache-Control
Accept-Language
X-WP-CF-Super-Cache
X-Nf-Request-Id
Countrycode
X-DynaTrace
Xet-Cookie
Webserver
CF-IPCountry
X-Erf-Web-Scheduler
X-Generated-By
X-Nginx-Cache
X-HTML-Minification-Powered-By
X-XRDS-LOCATION
X-Httpd
Version
X-Servername
X-Tt-Trace-Tag
Url
X-Tt-Trace-Host
X-DynaTrace-JS-Agent
X-Mode
Xserver
X-NYM-Debug-Backend
X-Device-Type
X-Storage
X-Content-Powered-By
X-Template
GEO-INFO
X-Content-Age
OT-Force-Account-Verify
X-Director
X-LAGOON
Load-Balancing
Filters
X-Cache-Operation
X-Rewrite-Enabled
Locale
X-SayCDN-TTL
X-SaId
X-Cache-Action
Meta-Geo
X-Say-Cacheable
X-Varnish-Cache-Hits
X-GeoCountry
X-GeoCode
X-UPSTREAM-Address
S-Rt
X-Urbn-Site-Id
X-JoinUs
X-Say-TTL
X-Urbn-Context-Path
X-ServerID
Onion-Location
X-Varnish-Hostname
X-Cluster-Node
X-Container-Uri
Azure-InstanceId
Azure-SiteName
X-Proto
X-Generation-Time
X-Tt-Logid
X-Tb
X-Soup
Azure-Version
Azure-RegionName
X-Forwarded-Host
Azure-SlotName
X-Git-Commit
Web-Mar-Node
X-Cache-Server
X-Adobe-Source
X-Labrador-Cache-Channel
X-VCT
X-Ms-Request-Id
X-Ms-Version
X-PHP-Host
X-RM-Cache-TTL
X-Sql-Duration-Ms
X-VC-Cache
X-Sql-Count
X-Served-From
X-Detected-As
Mn-Server-Ip
Node
X-Routing-Service
Property-Id
X-Lambda-Id
X-Zipkin-Id
DB-Nickname
X-Tumblr-Pixel-3
X-RCS-CacheZone
X-Zen-Fury
X-Skip-Cache
X-Tumblr-Pixel-2
X-Proxied
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Logging-Id
X-Format
X-Extlb
X-FB-TRIP-ID
Uber-Trace-Id
X-Rn-Rsrv
TWC-Device-Class
X-Debug
TWC-Connection-Speed
TWC-GeoIP-Country
X-Origin-Hint
TWC-Locale-Group
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
TWC-Privacy
X-URL
X-Proxy-Build
X-Loop
X-Tncms
X-Timing-Wait
Selected-Fe
X-MCACHE
X-Fetched-On
Fastcgi-Useragent
X-LSADC-Cache
X-TimeS
X-Uri
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Upgrade-Enabled
X-Cache-Hit
X-Ua
X-Endurance-Cache-Level
X-Sucuri-ID
X-Sucuri-Cache
Cross-Origin-Window-Policy
Source
X-Drupal-Cache-Contexts
X-Redis-Cache
X-B3-SpanId
X-ID
X-Oracle-Dms-Ecid
X-Srv
CDN-RequestId
X-Oracle-Dms-Rid
X-MP-GENERATED-AT
X-Origin-Date
Liferay-Portal
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Origin-Responded
X-Varnish-Hits
X-Pass-Why
X-Ratelimit-Reset
X-S
X-Cache-Expired-At
X-Akamai-Transformed
Fastly-Drupal-HTML
X-Newrelic-Synthetics
Upgrade-Insecure-Requests
X-Origin-CC
X-NGENIX-Cache
X-Real-IP
X-Origin-TTL
X-Cache-TTL-Remaining
X-UA-Device-Type
X-Handled-By
X-Node-Name
NGB
X-CACHE-AGE
X-Pubstack
X-Fastly-Request-Id
X-Via-JSL
X-Hl-Ver
Content-Secure-Policy
X-Server-W
X-RTag
CDN-Cache
X-Optimistic-Header
X-Cms-Context
X-Reqid
X-Restarts
X-Xfnlog-Site
X-Cache-Type
Apigw-Requestid
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestPullSuccess
CDN-Uid
CDN-CachedAt
CDN-RequestPullCode
Ms-Operation-Id
MS-CV
X-GEO
X-CSRF-Token
X-Parent-Response-Time
ServedBy
X-Varnish-Ttl
X-BYPASS-REASON
WP-Super-Cache
X-No-Session
X-ProxyCache-Status
X-ProxyCache-Key
X-CacheTTL
X-CF-Lambda-Fn
Xc-Version
X-CF-Lambda-Version
X-External-Request-Id
X-Cache-NE
BehaviorPad-Version
X-Bc-Bl
X-B-Cookie
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-Host
X-Fastly-Backend
X-CGP
X-Eu-Site
X-Destination
X-Debug-Cache-Fetch
X-Developer
X-Dispatcher-Number
X-We-Are-Hiring
X-Ec-Custom-Error
X-D
X-Csrf-Jwt
X-Conf
X-Ec-Fail
Canary
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Worker
X-Application
T-Server
MD5-Digest
Surrogated-Key
Magicmarker
Lang
True-Client-Country-4JS
L
L5d-Success-Class
Sslversion
Meta-Geo-Continent
Rendered-Blocks
Origin-Agent-Cluster
Redirect-Candidate
Odigeo-Trace-Id
Ngx.Var.Host
N-Cache
Server-Host
HA-Ipaddr
Ha-Gx-Prefs
DCR-Decision-By
DCR-Processing-Time-Ms
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Vtex-Remote-Cache
X-App
X-Aed
X-A-Dam
X-A-Ccd
Gannett-Cam-Experience-Id
Vix-Hermes-Req-Id
Gh-Request-Id
Fastly-SSL
W
X-A
Web-Mar-Region
Candidate-Md5Url
X-Debug-Cache-Store
X-FTR-Request-ID
X-Slack-Backend
X-Rojux
X-Datadome
X-Viewer-Country
X-Nyt-Route
X-Request-Host
X-Vdms-Version
X-Tenant
X-Vdms-Path
X-Slack-Shared-Secret-Outcome
X-FC-Vary-Parameters
X-S-Cookie
X-Origin-Time
X-Orig-Expires
X-Gdpr
X-Forwarded-Path
X-Shop-Environment
X-SD-PageType
X-SRCache-Key
X-ScT
X-Cluster
X-Vcl-Version
Cache-Provider
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-SVT-ORM-RULES
X-Storefront-Renderer-Rendered
X-Policy
We-Hiring
X-Platform
X-Accel-Buffering
X-Owner
X-Alternate-Cache-Key
X-App-Name
X-Accel-Expires-Debug
X-PAYTM-SRV-ID
X-PERF
X-Test
X-SVT-ORM-VERSION
X-RateLimit-Remaining-Second
X-S-Maxage
X-Request-Time
TDXMobile
Thinkindot-CacheControl
X-Shopify-Stage
Req-Svc-Chain
Producers
X-Server-IP
Release
X-ShopId
X-Sn-Servicetimems
Thinkindot-CacheControl-Type
X-Qloud-Router
VNS-Age
X-Sorting-Hat-ShopId
VNS-Cache
X-RateLimit-Limit-Second
X-Thanos
Thinkindot-Control
X-Refresh
X-Sorting-Hat-PodId
X-Pool
X-Var-Ttl
X-Level-Front-Cache
X-Loc
X-Date
X-Irp-Debug
X-ShardId
X-Core-Value
X-Wikidot-Backend
X-Mid
X-Wikidot-Static-Cache
X-VG-TLSProxy
X-Core-Mission
X-DefElseHash
X-DefHash
X-GeoIP-Region-Code
X-Hash
X-GeoIP-Country-Code
X-Geo-Header
X-Generated-On
X-Human
X-INCAP-ABP
X-VG-WebCache
X-Vmg-Version
X-VServer
X-DPWN-IS-SECURE
X-Mly-Id
X-CMSURLCustom
X-Cache-Debug
X-Cache-Bucket
X-NodeID
X-Cache-Info
X-Node-Id
X-Bip
X-Old-Content-Length
X-Auto-Login
X-Org
X-BBC-Edge-Cache-Status
X-Up
X-Nitro-Cache
X-Cdn-Diag
X-Wix-Viewer-Type
X-Varnishpool
Platform
X-Clientip
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Cdn-Origin
X-Mvc-Supplant-Cachable
X-Variation
X-Varnish-CookieHashed-On
X-Thinkindot-L3
X-ApacheServer
CPC-Age
Expect-Staple
Adler-Geo
CPC-Cache
Datacenter
AKAMAI
Mail-Subject
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-Tx-Id
Cache-Name
Cf-Device-Type
Cmsid
Cmstype
X-AIR-PT
Host-ID
Is-Eu
Origin
Environment
User-Cache-Control
AMP-Access-Control-Allow-Source-Origin
X-TIME
X-Proxy-Cache-Status
X-IPLB-Request-ID
X-IPLB-Instance
Apple-News-Services-Host
Apple-News-Services-Request-Url
CDCHOST
Apple-News-Services-Parsed-Url
X-Block-Status
X-Cache-Id
Apple-News-Services-Handled
X-Cdn-Srv
X-Device-Os
X-Origin
X-Nginx-Cache-Key
X-Mvc-Supplant-OutputCached
X-Origin-Response-Time
X-Correlation-ID
X-WADP-Cache
X-WA-Info
X-Nananana
X-Hnp-Log
X-Gzip
X-Cache-Status-Check
X-Dispatcher-Server
CloudFront-Viewer-Country
X-Esi-Check
X-Fmm-Version
X-Gen-Mode
X-From
X-Forwarded-Site
X-Clara-WADP
X-GeoIP
Country-Code
NM-Fastcgi-Cache
DSUID
Sever-Int
Machine
Server-Ext
Esi-Enabled
Server-Hostname
X-Akamai-Device-Characteristics
Wxu-Next-Commit
X-Amz-Meta-Cb-Modifiedtime
NGX
X-Has-Esi
Wxu-Next-Hostname
Server-Info
X-Section
X-NCache
Wxu-Next-Region
X-Is-Gdpr
C-Via
X-Micro-Cache
Memcached
Ssr
X-Instance-Name
X-Cache-Enabled
X-Access
X-JWT-State
X-LB-NoCache
X-Op-Id-All
Pics-Label
X-B3-Spanid
X-Dc
X-AB
X-API-Version
X-Presslabs-Stats
Server-ID
Cache-Hits
Hostname
X-Via-Fastly
Origin-EX
X-Scale
Memory
X-HA-Backend
Origin-CC
X-Geo-Region
Time
X-PHP-Backend
X-Vgn-Hpd-Reason
X-CACHE-GROUP
Cdn-Requestid
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-TIM-N
X-Accel-Version
Location
X-Wp-Cf-Super-Cache-Active
X-TraceId
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Tb-Optimization-Total-Bytes-Saved
X-Buckets
IsBot
X-Internal-Host
X-Zone
X-Webkit-Csp-Report-Only
X-SIPLIST1
Sid
X-ZONE
X-Cs
X-Is-Desktop
X-Browser-Name
X-Is-Mobile
X-Is-Tablet
X-Is-Supported-Browser
X-Tcp-Rtt
X-Azure-Ref-OriginShield
X-TA-CDN-Provider
X-WP-CF-Super-Cache-Active
YJS-ID
CF-Ctrl
X-B3-Parentspanid
X-Fpc
Resin-Trace
GeoIP-Latitude
X-Backend-Instance
Cache-Host
X-Microcachable
X-Origin-Expires
X-Cached-By
X-DC
X-Web-Node
X-Info
Uri
X-DataCenter
XM
X-NewRelic-App-Data
X-Site-Version
X-HN
X-VarnishDD-TTL
X-Hyper-Cache
True-Client-Ip
X-VCache
X-Pod-Name
X-Locale
Epwk-X-Cache
PFcat
X-Frame-Option
X-LiteSpeed-Cache-Control
X-Ad-Defer-Variation
User-Agent
GeoIp-Country-Code
X-Nitro-Cache-From
X-NGINX-Cache
X-Nitro-Rev
X-Service
A
X-Via-SSL
X-Webstats-RespID
X-FL-QIT-DEBUG
X-FL-EDGE
Edge-Copy-Time
X-Via-Edge
X-Via-CDN
Srvid
GeoIP-Country-Code
Locid
X-VC
X-Origin-Cache-Key
X-Datacenter
X-Github-Request-Id
XServer
X-Geo
Cdn
X-CS
X-CSRF-TOKEN
Tcn
X-HostName
X-Varnish-Authentication
True-Client-IP
X-Moov-T
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-ATG-Version
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Moov-Xdn-Version
X-FireWall-Port
Fastly-Drupal-Html
Cdn-Host
NtCoent-Length
SID
X-Vercel-Cache
Cdn-Request-Time
Cache-Key
X-SRV
X-Edge-Server
X-Vercel-Id
LB
X-Pad
X-MSEdge-Features
X-TRACE-ID
X-MSEdge-Flight
X-FPC
X-NMSegId
Req-ID
M-TraceId
Path
WZWS-RAY
Cluster
X-Ad-Load-Variation
X-LiteSpeed-Tag
Cf-Ipcountry
X-Upstream-Ct
X-Api-Version
X-APP-VERSION
CountryCode
X-Upstream-Ht
X-Cdn-Request-ID
Cdnsip
Content-Script-Type
Pramga
X-Request-Start
Content-Style-Type
X-Scope-Id
X-Esi
X-Air-Pt
State
X-Amz-Meta-Opti
X-M-Reqid
X-HS-Content-Campaign-Id
X-M-Log
Cdncip
X-AK-Request-ID
X-Platform-Server
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Lb
X-Varnish-Beresp-Status
X-Shield-Cache-Expires
X-Qnm-Cache
X-Branch-Name
X-Cache-Ttl
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache
X-Wp-Cf-Super-Cache
X-Release
X-WP-CF-Super-Cache-Cookies-Bypass
X-Vgn-Hpd-Cached
WebServer
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
CDN
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-NWS-UUID-VERIFY
X-Rocket-Build-Number
Edge-Cache
X-Generated-In
Yak-Timeinfo
X-Sigma
X-Proxy-CacheRZ
XkeyRZ
X-Cache-Date
Proxy-Connection
X-Traceid
X-Request-URI
Ohc-File-Size
X-Cache-Remote
X-Sigma-Backend
X-Rebelmouse-Surrogate-Control
X-CACHE-KEY
X-Rebelmouse-Cache-Control
HostName
Geoip-Latitude
X-Render-Time
X-Dw-Trace-Id
Cache
X-Cdn-Forward
Srv
X-Akamai-Pragma-Client-IP
X-Tim-N
X-HS-Status
X-User
X-TH-Server
Cache-Tv-Group
X-Lb-Cache
X-GeoIP-City
X-GoCache-CacheStatus
X-Iplb-Instance
X-Iplb-Request-Id
X-Gamma-Serve
X-Acquia-Purge-Cdn-Unconfigured
X-V-Cache
X-SB
X-Req
X-Scheme
X-Via-Poph
X-Provided-By
CF-Cached-On
X-Via-Popv
X-Via-Popn
X-RID
X-LB-ID
X-Cache-FS-Status
Tube-Got-Eval
Tube-Get-Contents
Click-Count-Error
Click-Count-Action-Start
Tube-Got-Results
Tube-Return
X-B3-Trace-ID
X-Aicache-OS
X-UA
X-Ha-Backend
Server-Id
X-TT-LOGID
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Site
X-Servedbyhost
Ohc-Cache-HIT
X-Acquia-Application-Trace
X-Via-Ucdn
X-Nc
X-Vc
X-Wa
V-Age
X-Lb-Nocache
PICS-Label
On-Server
X-Cdn-Cache-Status
X-Vary
X-EC-Lua
X-CUA
X-Men
X-RN-RSRV
X-TX-ID
X-VCL-Version
Yjs-Id
Inserted-Into-Cache-At
X-Fastly-Cache-Hits
CACHE-MISS-TO-ORIGIN
X-ServedByHost
Mime-Version
X-NC
MIME-Version
X-WA
Ngx
X-CF-Cache-Header-Cache-Control
X-CF-Cache-Header-Vary
X-Miniprofiler-Ids
X-Edge-POP
Env
Cneonction
X-RAMCache
X-Udemy-Cache-App-Namespace
X-Fastly-Backend-Reqs
Vha6-Origin
X-Cached-Since
X-ElasticPress-Query
Log-Origin
X-Litespeed-Cache-Control
X-Snapshot-Date