Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
X-Ua-Compatible
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
X-Cache-Group
Server-Timing
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Backend
X-Amz-Id-2
X-Proxy-Cache
X-Ws-Request-Id
P3p
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Akamai-Path-Stats
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
X-Device
X-WebKit-CSP
X-Page-Speed
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-OneAgent-JS-Injection
X-Server-Id
X-Pingback
EagleEye-TraceId
X-Cache-Spec
Request-Id
Accept-CH
Surrogate-Control
Cf-Railgun
X-Backend-Server
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-Response-Time
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
Accept-Ch-Lifetime
X-Country
X-Edge
X-Amz-Server-Side-Encryption
X-MS-InvokeApp
X-B3-TraceId
X-Rack-Cache
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Ruxit-JS-Agent
X-Nginx-Upstream-Cache-Status
X-Content-Type
X-ESI
X-Vcap-Request-Id
X-Mod-Pagespeed
X-Varnish-TTL
Xkey
Accept-Ch
X-FastCGI-Cache
X-Exp-Id
X-D2id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Amz-Rid
Verso
X-VARITI-CCR
X-GitHub-Request-Id
Cache-Tag
X-CST
X-Powered-By-Plesk
RTSS
X-Mcache
X-Ruxit-Js-Agent
X-ECACHE
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-Upstream
X-Cached
X-Navigation-Version
X-Client-IP
X-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Px
X-Cnection
X-Ac
Public-Key-Pins
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Arr-Disable-Session-Affinity
X-Instrumentation
SPRequestGuid
X-SharePointHealthScore
X-Element-Page-Cache
X-Server-Name
X-Ser
X-Sol
X-Middleton-Display
Pagespeed
Display
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-NWS-LOG-UUID
X-Country-Code
X-Ttl
X-RateLimit-Remaining
Permissions-Policy
X-Midtier
X-Cache-Key
X-NF-Request-ID
X-Middleton-Response
Response
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-Forwarded-For
Content-MD5
Access-Control-Request-Method
X-DataDome
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
Front-End-Https
X-MSEdge-Ref
X-Correlation-Id
X-Recruiting
X-T
TP-L2-Cache
Edge-Cache-Tag
TP-Cache
Nginx-Cache
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
AR-Request-ID
AR-PoweredBy
X-Powered-CMS
AR-SID
AR-ATIME
AR-CACHE
X-Accel-Expires
X-RateLimit-Limit
X-Daa-Tunnel
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
MicrosoftSharePointTeamServices
TCN
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Grace
X-Mg-S
X-Id
X-Hits
X-Content-Digest
X-Request-Processing-Time
X-Request-Received
Filters
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
Server-Node
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Server-Name
X-Frontend
X-Amzn-Trace-Id
S
X-Distributor
X-LLID
X-TTL
MS-Author-Via
X-Geo-Country
X-Protected-By
Cache-Status
X-Language
Fastcgi-Cache
X-LB-Cache
Cf-Apo-Via
X-PressLabs-Stats
X-Origin-Server
Cross-Origin-Opener-Policy
X-Ezoic-Cdn
X-Fastly-Request-Id
X-F-Cache
Filterid
Charset
X-B3-Sampled
Host
X-Microsite
X-Page-Id
X-Forwarded-Proto
X-Seen-By
X-Request-Handler-Origin-Region
X-FB-Debug
X-Amz-Meta-S3cmd-Attrs
X-Ua-Browser
X-Git-Hash
X-XRDS-Location
X-Ab
Count-Hit
Payment
X-Litespeed-Cache
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Realpath
X-VCache
X-Cluster-Name
X-Template
X-Origin-Cache
Surrogate-Key
Accept-Charset
Cache-Tags
X-Rid
Alternate-Protocol
X-Cache-Age
X-NGENIX-Cache
X-Webkit-Csp
X-DynaTrace
Retry-After
X-Az
Cleartype
X-Activity-Id
X-AppVersion
X-Www-Served-By
X-Fastcgi-Cache
Access-Control-Allow-Method
X-Varnish-Backend
X-Tb
X-Aspnet-Duration-Ms
X-Signature
X-Upgrade-Enabled
X-App-Environment
X-TT
X-B-Cache
X-Wix-Request-Id
X-Flags
X-Varnish-Grace
X-Type
X-Node-Name
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Amz-Replication-Status
X-DIS-Request-ID
X-Is-Crawler
X-B
ServerID
Paypal-Debug-Id
DC
X-Logged-In
X-Proxy
X-Drupal-Cache-Tags
X-Debug
X-Fastly-Request-ID
X-Envoy-Decorator-Operation
X-Source
X-Hostname
Frame-Options
X-Content
X-Content-Options
X-Mobile
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Revision
X-Load-Cache
X-COUNTRY
X-Contextid
Pinterest-Version
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Amp-Access-Control-Allow-Source-Origin
X-GUploader-UploadID
X-Goog-Storage-Class
Pinterest-Generated-By
X-N
X-Pinterest-Rid
X-Cache-Control
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Country
X-Magnolia-Registration
X-Cache-Rule
Referer-Policy
X-User-Agent
X-Whom
Viewport
X-EdgeConnect-Cache-Status
X-Response-Served-From
X-Original-Request-Id
Node
NGB
Refresh
Content-Disposition
X-Environment-Context
X-Debug-IsPreview
X-Debug-IsConnected
X-Ratelimit-Remaining
X-Varnish-Age
X-Cache-TTL-Remaining
X-L-Path
X-Cacheable-TTL
X-Framework
Url
Uber-Trace-Id
X-Real-IP
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Akamai-GRN
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-Varnish-Server
X-Status
X-Servername
X-Rendered-As
X-Adobe-Content
X-Adobe-Loc
X-Unique-Id
X-Mg-Request-UUID
X-G
X-Yottaa-Metrics
X-Instance
X-Mid
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-Cache-Grace
X-Cache-Time
X-Page-View
X-Is-Bot
X-Jobs
X-Restarts
X-Drupal-Cache-Contexts
X-Server-ID
X-Content-Powered-By
X-ProcessESI
X-RemovedCookies
Version
X-App-Server
X-APP-VERSION
Srv
Countrycode
X-Http-Reason
X-Debug-Info
X-CDN-Forward
X-XRDS-LOCATION
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Protected
Accept-Language
X-IPLB-Request-ID
X-IPLB-Instance
X-Hosted-By
X-Cache-Expired-At
X-Via-JSL
X-Trace-Id
X-Nginx-Cache-Key
Healthy
X-Time
X-Cache-Hit
Liferay-Portal
X-Ratelimit-Limit
X-Tumblr-Pixel-0
X-Device-Type
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Fastcgi-Useragent
X-Azure-Ref
X-Tt-Logid
X-FW-Static
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Server
X-Cache-Operation
Section-Io-Cache
X-Backend-Name
Ms-Operation-Id
Content-Secure-Policy
MS-CV
Backend
X-RTag
Server-Info
X-UUID
X-Proxy-Cache-Status
X-Mobile-URL
Meta-Geo
X-UPSTREAM-Address
Load-Balancing
X-Storage
X-Cache-NGX
X-RN-RSRV
X-Mode
X-Akamai-Edgescape
X-Handled-By
CF-IPCountry
GEO-INFO
X-Cache-Host
X-Origin-Hint
X-Origin-Date
Locale
X-OCL
X-URL
X-Say-Cacheable
X-VWS-Id
S-Rt
X-Content-Age
X-PHP-Host
TWC-Connection-Speed
X-Varnishpool
X-PCL
Property-Id
X-No-Session
X-Cache-Server
Onion-Location
X-Locale
CDN-CachedAt
CDN-Cache
X-Cms-Context
CDN-EdgeStorageId
CDN-PullZone
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
Azure-Version
Azure-SlotName
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Urbn-Site-Id
X-Cache-Enabled
Eomportal-Instance
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Urbn-Context-Path
X-Forwarded-Host
WP-Super-Cache
X-SayCDN-TTL
X-Skip-Cache
X-Sorting-Hat-PodId
Webcakes-Region
X-Site-Version
Webcakes-App-Name
X-Region
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Access
X-Uri
X-HTML-Minification-Powered-By
X-Sql-Duration-Ms
X-Sql-Count
X-Alternate-Cache-Key
X-Edge-Location
X-AWS-Id
X-Sorting-Hat-ShopId
X-Adobe-Source
X-ShopId
Webcakes-App-Version
TWC-Privacy
TWC-GeoIP-Country
X-Proto
TWC-Locale-Group
X-VC-Cache
TWC-GeoIP-LatLong
X-Varnish-Hostname
X-Say-TTL
X-Redis-Cache
X-Varnish-Cache-Hits
TWC-Device-Class
X-Section
X-Server-W
X-ShardId
Web-Mar-Node
X-Format
X-UA-Device-Type
X-Hl-Ver
X-Detected-As
Selected-Fe
X-Extlb
X-Generated-By
X-GeoCode
X-Generation-Time
X-GeoCountry
Mn-Server-Ip
X-SaId
X-FB-TRIP-ID
DB-Nickname
X-Via-Fastly
X-Zipkin-Id
X-PHP-Backend
X-Xfnlog-Site
X-Cache-Type
X-Proxied
X-Timing-Wait
X-ServerID
X-ProxyCache-Key
X-Proxy-Build
X-ProxyCache-Status
X-Rule
X-Varnish-Beresp-Grace
X-Datadome
X-BYPASS-REASON
Apigw-Requestid
X-JoinUs
X-Routing-Service
X-Cache-Action
Cross-Origin-Resource-Policy
X-Web-Node
X-Request-Time
X-SRV
X-Tid
X-Zen-Fury
X-Correlation-ID
X-Cache-Status-Check
X-R9-Blue-Green-Version
ServedBy
X-Debug-Cache
X-Ms-Version
X-Ua
X-Ms-Request-Id
X-ECache
X-DynaTrace-JS-Agent
X-LSADC-Cache
Cache-Name
X-Dc
X-FireWall-Port
X-Nginx-Cache
X-Human
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
Xserver
X-Cache-Tags
Source
Xet-Cookie
SD-X-WS
X-Cached-By
Cross-Origin-Window-Policy
X-TNCMS
X-Loop
X-RCS-CacheZone
X-Aspnetmvc-Version
LB
X-TA-CDN-Provider
X-Api-Version
X-Cdn
X-MP-GENERATED-AT
X-Varnish-Hits
X-GEO
X-Reqid
X-Webkit-CSP
WPO-Cache-Status
Origin
WPO-Cache-Message
X-Pubstack
X-App-Version
X-Soup
X-Via-NSCOPI
X-Amzn-Remapped-Content-Length
X-Origin-TTL
X-Origin-CC
X-NewRelic-App-Data
X-GG-Cache-Date
X-Tumblr-Pixel-2
X-AOL-HN
X-B3-SpanId
X-Service
From-Origin
X-IPS-LoggedIn
X-TIME
Webserver
X-Vgn-Hpd-Reason
X-FW-Version
X-Newrelic-Synthetics
Cache-Hits
X-Platform-Server
Rip
X-Provided-By
X-Cluster-Node
X-Varnish-Beresp-Ttl
X-A-Dcw
Host-ID
X-A-Dgt
X-A-Dam
Lang
X-Cache-NE
X-A
X-A-Ccd
X-Processor
Surrogated-Key
Environment
X-Aed
Sslversion
X-B-Cookie
Expiry
Xc-Version
X-Destination
X-Bc-Bl
X-BCube-Filmed-By
X-NAPM-TraceId
X-ARC
X-Owner
BehaviorPad-Version
X-PBS-Appsvrname
X-Rewrite-Enabled
X-Orig-Expires
X-Application
X-AK-Request-ID
X-A-Wwc
X-S-Cookie
DCR-Processing-Time-Ms
X-SRCache-Key
DCR-Decision-By
Odigeo-Trace-Id
A
Cdncip
Ngx.Var.Host
X-Ec-Fail
X-Tenant
X-User
X-D
Cdnsip
X-TIM-N
X-External-Request-Id
X-Connection-Hash
X-Forwarded-Path
MD5-Digest
X-Vdms-Path
Rendered-Blocks
Meta-Geo-Continent
X-Developer
X-Ec-GeoHdr
X-S
T-Server
X-Rojux
X-Vdms-Version
X-VG-WebCache
X-ScT
Upgrade-Insecure-Requests
X-Served-From
X-Shop-Environment
X-Request-Host
OT-Force-Account-Verify
X-Generated-On
X-Bip
X-Level-Front-Cache
X-Dispatcher-Number
X-Qloud-Router
Machine
Redirect-Candidate
Mobile-Detection-Method
Fastly-SSL
X-Accel-Buffering
X-Thanos
X-Pool
X-Aicache-OS
X-Cluster
Mime-Version
X-Origin-Response-Time
Cache-Tv-Group
Tube-Get-Contents
Tube-Got-Eval
X-Core-Mission
X-Datadog-Parent-Id
X-Core-Value
X-Csrf-Jwt
Thinkindot-CacheControl
X-DefElseHash
TDXMobile
State
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Clara-WADP
Traceparent
X-Cdn-Srv
X-Cache-Info
Wxu-Next-Hostname
Wxu-Next-Commit
Web-Mar-Region
X-Cache-Bucket
Wxu-Next-Region
X-Auto-Login
X-Ad-Defer-Variation
X-Branch-Name
X-DefHash
We-Hiring
VNS-Cache
Tube-Return
Tube-Got-Results
X-BBC-Edge-Cache-Status
X-CGP
V-Age
Vix-Hermes-Req-Id
X-CacheTTL
X-Cdn-Origin
VNS-Age
X-Ckpd-Fst-Backend
X-HS-Content-Campaign-Id
X-S-Maxage
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-SB
X-Scale
X-Sigma-Backend
X-Sigma
X-Session-Fingerprint
X-Request-URI
X-Region-Sid
X-Proxy-Cache-Info
X-Policy
X-Planisys-CDN-TTL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-SIPLIST1
X-Slack-Backend
X-Viewer-Country
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-VServer
X-WA-Info
X-Worker
X-Wix-Viewer-Type
X-WADP-Cache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-SVT-ORM-RULES
X-SplitTest
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Variation
X-V-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gamma-Serve
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-GeoIP
X-Geo-Header
X-Gdpr
X-Forwarded-Site
X-Fmm-Version
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Device-Os
X-Epic-Correlation-Id
X-Esi-Check
X-Fetched-On
X-Eu-Site
X-GeoIP-City
X-Gzip
X-NodeID
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Optimistic-Header
X-Parent-Response-Time
X-Origin-Time
X-Origin-Expires
X-Minions-Version
X-Loc
Servername
X-Hash
X-Has-Esi
X-INCAP-ABP
X-Irp-Debug
X-JWT-State
X-Is-Gdpr
X-Developers
X-Cache-Id
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
HostName
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-SIE
Fastly-SWR
Is-Eu
IsBot
HA-Ipaddr
Ha-Gx-Prefs
X-CSRF-Token
Gh-Request-Id
Datacenter
CPC-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Xrds-Location
Adler-Geo
Cache-Host
Candidate-Md5Url
Country-Code
CPC-Age
Cmstype
Cmsid
Click-Count-Action-Start
Cluster
Kp-EeAlive
Click-Count-Error
L
Origin-CC
NM-Fastcgi-Cache
Platform
Producers
Server-Host
Req-Svc-Chain
Release
NGX
Origin-EX
Mail-Subject
L5d-Success-Class
Memcached
X-Tx-Id
X-VC
X-Tec-Api-Root
X-NWS-UUID-VERIFY
X-Tec-Api-Origin
X-Tec-Api-Version
Server-Ext
CDCHOST
X-Varnish-Beresp-Status
X-Clientip
X-Scheme
Svr
CloudFront-Viewer-Country
X-Origin
Server-Hostname
X-Hnp-Log
X-Gen-Mode
X-Block-Status
Fastcgi-Cache-TTL
X-NCache
AKAMAI
X-Fastly-Cache
Sever-Int
User-Cache-Control
DSUID
X-Cache-Remote
X-Presslabs-Stats
Canary
X-Pod-Name
X-CMSURLCustom
Ec-Rule-Version
X-LB-NoCache
X-Varnish-Ttl
X-Udemy-Cache-App-Namespace
WebServer
Ssr
SID
X-Sucuri-Cache
Pics-Label
X-Sucuri-ID
X-ZONE
X-Cache-Debug
X-WP-CF-Super-Cache-Active
X-Tb-Optimization-Total-Bytes-Saved
X-Var-Ttl
X-ND-Cache
X-Cache-Date
X-ATG-Version
X-Buckets
X-Ig-Push-State
Sid
X-MCACHE
X-Generated-In
Time
X-Via-Popv
X-FC-Vary-Parameters
Memory
X-Fastly-Backend
X-Via-Poph
X-Via-Popn
X-Azure-Ref-OriginShield
X-Microcachable
X-Conf
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Refresh
Server-ID
X-Edge-Pop
X-Newrelic-App-Data
X-TRACE-ID
X-Servedbyhost
Fastly-Drupal-HTML
Fastly-Drupal-Html
X-Akamai-Transformed
X-MSEdge-Flight
X-MSEdge-Features
X-Dmc
X-Release
Env
X-Yandex-Sdch-Disable
X-CACHE-AGE
X-Trace-ID
X-Cs
X-Be
X-NC
X-Fpc
X-CS
X-Esi
X-Pass-Why
X-PX
X-Endurance-Cache-Level
Magicmarker
GeoIp-Country-Code
X-Up
X-Air-Source
X-Air-Trace-Id
X-ID
X-Air-Hostname
X-Tumblr-Pixel-3
CDN
X-DC
X-NGINX-Cache
X-Wa
X-RateLimit-Reset
X-EC-Lua
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Dispatch
My-App
True-Client-IP
X-Zone
X-Vc
X-VCL-Version
X-Lambda-Id
X-TX-ID
X-Hyper-Cache
Hostname
X-Srv
X-CSRF-TOKEN
X-Webkit-CSP-Report-Only
X-Nf-Request-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-CACHE-KEY
Pramga
X-Req
X-App
X-Micro-Cache
X-Alfa-Service
X-M-Log
X-M-Reqid
X-Qnm-Cache
C-Via
X-TH-Server
X-TrackingId
Resin-Trace
X-HS-Status
X-Varnish-Beresp-TTL
X-Vcl-Version
X-Air-Pt
N-Cache
CacheControlHeader
Fastcgi-X-Cache-Version
True-Client-Country-4JS
X-Edge-Origin-Shield-Region
X-Vercel-Id
Path
X-Vercel-Cache
On-Server
X-LB-ID
True-Client-Ip
X-Platform
Tcn
X-PAYTM-SRV-ID
X-Edge-Origin-Shield-Bytes
Esi-Enabled
X-Op-Id-All
Tracecode
GeoIP-Country-Code
X-B3-Spanid
X-SERVER-NAME
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Proxy-Connection
GeoIP-Latitude
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
X-AIR-PT
Hit
X-GeoIP-Region-Code
X-PERF
Section-Origin-Responded
X-SD-PageType
Section-Io-Origin-Time-Seconds
X-API-Version
X-LAGOON
X-FPC
X-Request-Start
X-ApacheServer
Section-Io-Origin-Status
X-GeoIP-Country-Code
X-Node-Id
Section-Io-Id
X-Webkit-Csp-Report-Only
WWW-Authenticate
X-Accel-Expires-Debug
HIT
X-Date
X-WA
ENV
Cdn
X-Geo
X-Via-CDN
X-Lb-Id
X-Mly-Id
Cache-Key
X-Platform-Processor
X-Datacenter
X-Platform-Cluster
X-Platform-Router
Lb
YJS-ID
X-ServedByHost
User-Agent
X-RAMCache
Server-Id
X-Render-Time
X-Proxy-CacheRZ
DynaTrace
X-Edge-POP
DT-Hot-News
XkeyRZ
Yjs-Id
X-Dw-Trace-Id
X-Cdn-Forward
X-Via-PopN
X-Proxy-Upstream
PFcat
X-HN
XM
X-Via-PopV
X-Via-PopH
X-VarnishDD-TTL
X-Traceid
Server-Ttl
X-Via-Ucdn
X-Service-Response-Time
Sm-Log-Id
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-CF-Powered-By
X-Li-Fabric
X-Response-By
X-TT-LOGID
X-Proxy-Cache-Hk
X-Cache-Ttl
X-FORWARDED-FOR
X-CUA
X-Instance-Name
Geoip-Latitude
Dnion-Transfer-Encoding
X-Old-Content-Length
X-LiteSpeed-Cache-Control
XServer
FSS-Cache
CountryCode
PICS-Label
Nginx-CQVIP
X-RPM
X-Akamai-ERPolicy
X-RPS
X-RSL
X-Fastly-Backend-Reqs
Powered-By
X-DB
X-Akamai-ERRuleID
X-LiteSpeed-Tag
X-DI
Location
X-DSS
X-DW
X-Cache-Ngx
X-Wp-Cf-Super-Cache-Cache-Control
X-UA
SRV
MIME-Version
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache
X-Lb-Nocache
Wpo-Cache-Status
X-Cache-Backend
Locid
Ohc-File-Size
M-TraceId
Vha6-Origin
X-Fastly-Cache-Hits
X-Webstats-RespID
Wpo-Cache-Message
X-Nc
X-B3-ParentSpanId
X-HostName
X-Request-Url
X-From
X-Location
X-Ftr-Request-Id
X-Cdn-Request-ID
Srvid
X-FL-EDGE
X-Ips-Loggedin
Warning
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Mg-Cache
X-DataCenter
X-HA-Backend
X-MiniProfiler-Ids
Req-ID
X-Moov-Xdn-Version
X-Moov-T
X-Snapshot-Date
X-IN-APIGATEWAYSSL
Fastcgi-Cache-Ttl
X-Akamai-Request-ID
X-Cc-Via
X-Httpd
X-IN-APIGATEWAY
WZWS-RAY