Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
CF-Ray
X-Generator
X-Cacheable
X-Request-ID
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
X-CDN
Access-Control-Max-Age
X-Via
X-Cache-Group
X-Robots-Tag
Server-Timing
X-UA-Device
Request-Context
X-Dns-Prefetch-Control
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
P3p
X-Age
X-Ws-Request-Id
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
EagleId
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Akamai-Path-Stats
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-Node
Accept-CH
X-Pingback
Cf-Railgun
X-Server-Id
X-Cache-Spec
X-OneAgent-JS-Injection
Surrogate-Control
Request-Id
X-Akam-SW-Version
X-Backend-Server
EagleEye-TraceId
X-Response-Time
X-Cache-Lookup
X-Readtime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
Accept-Ch-Lifetime
X-Nginx-Upstream-Cache-Status
X-Url
X-MS-InvokeApp
X-Edge
X-Amz-Server-Side-Encryption
X-Rack-Cache
Edge-Control
X-B3-TraceId
X-Oneagent-Js-Injection
X-TtlSet
X-PC
X-Vname
X-Mod-Pagespeed
X-Content-Type
X-Vcap-Request-Id
X-ESI
X-Ruxit-JS-Agent
X-CST
X-Ruxit-Js-Agent
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
Xkey
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
Verso
X-Exp-Variant
X-GitHub-Request-Id
X-Amz-Rid
Cache-Tag
X-Mcache
X-D2id
X-Powered-By-Plesk
X-FastCGI-Cache
X-VARITI-CCR
Service-Worker-Allowed
RTSS
X-Varnish-TTL
X-ECACHE
X-Version
X-Upstream
X-Abt-Application-Version
X-Navigation-Version
X-Cached
X-Client-IP
X-Cnection
X-Ac
X-Dw-Request-Base-Id
X-Server-Name
X-Px
X-SharePointHealthScore
SPRequestGuid
Arr-Disable-Session-Affinity
X-Element-Page-Cache
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Ttl
X-Cache-TTL
SPRequestDuration
SPIisLatency
Public-Key-Pins
Accept-Ch
Permissions-Policy
X-Country-Code
X-Middleton-Display
Display
Pagespeed
X-Sol
X-NWS-LOG-UUID
X-Ser
Response
X-Midtier
X-Middleton-Response
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-Cache-Key
X-RateLimit-Remaining
Cf-Apo-Via
X-Forwarded-For
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
X-Correlation-Id
Access-Control-Request-Method
X-NF-Request-ID
X-Shield-Request-Id
Front-End-Https
X-MSEdge-Ref
X-DataDome
TP-L2-Cache
TP-Cache
X-T
X-HP-Trace-Id
AR-CACHE
AR-PoweredBy
X-Jurisdiction
X-HP-Webp
X-Recruiting
AR-ATIME
AR-Request-ID
X-Accel-Expires
AR-SID
MicrosoftSharePointTeamServices
X-B3-TraceId-Primal
Edge-Cache-Tag
Mrf-Cache-Status
MRF-Tech
Nginx-Cache
X-Powered-CMS
X-Daa-Tunnel
TCN
X-Mg-S
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-RateLimit-Limit
X-Grace
X-Content-Digest
X-Id
X-Hits
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Request-Received
X-Request-Processing-Time
Server-Name
Server-Node
Filters
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Amzn-Trace-Id
X-XRDS-Location
MS-Author-Via
X-Frontend
X-Geo-Country
X-Distributor
Fastcgi-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Webkit-Csp
S
X-Protected-By
X-PressLabs-Stats
X-LLID
X-Language
Cache-Status
X-Origin-Server
Count-Hit
X-Litespeed-Cache
X-Ezoic-Cdn
X-Ua-Browser
X-Ab
Filterid
Cross-Origin-Opener-Policy
X-LB-Cache
X-Forwarded-Proto
X-F-Cache
X-Fastly-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Microsite
X-B3-Sampled
X-Seen-By
X-Request-Handler-Origin-Region
Payment
X-FB-Debug
X-Git-Hash
Charset
Host
X-Page-Id
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Fastcgi-Cache
X-VCache
X-Cluster-Name
X-TTL
Surrogate-Key
X-Rid
Realpath
Accept-Charset
Cache-Tags
X-Cache-Age
X-Origin-Cache
X-Template
X-Www-Served-By
Alternate-Protocol
X-NGENIX-Cache
Access-Control-Allow-Method
X-Upgrade-Enabled
Retry-After
X-Source
X-DIS-Request-ID
Cleartype
X-Logged-In
X-TT
X-Flags
X-Request-Guid
X-Activity-Id
X-Wix-Request-Id
X-Az
X-Is-Crawler
X-Type
X-Route-Name
X-Signature
X-Aspnet-Duration-Ms
X-App-Environment
ServerID
X-Tb
X-Amz-Replication-Status
X-B-Cache
X-Providence-Cookie
X-AppVersion
X-Varnish-Backend
X-B
X-Varnish-Grace
X-Envoy-Decorator-Operation
DC
Paypal-Debug-Id
X-Cdn
X-Fastly-Request-ID
X-Node-Name
X-DynaTrace
X-Hostname
X-Drupal-Cache-Tags
X-Revision
Frame-Options
X-Proxy
X-Debug
X-Contextid
X-Tt-Trace-Host
X-Tt-Trace-Tag
Pinterest-Generated-By
X-Cache-Rule
X-Pinterest-Rid
Pinterest-Version
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Mobile
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Amp-Access-Control-Allow-Source-Origin
X-Content-Options
X-Load-Cache
Refresh
Country
X-Cache-Control
X-N
X-EdgeConnect-Cache-Status
Node
X-Magnolia-Registration
X-Original-Request-Id
NGB
X-Response-Served-From
X-Oracle-Dms-Ecid
Viewport
X-Ratelimit-Remaining
Access-Control-Request-Headers
X-Cache-TTL-Remaining
X-Environment-Context
X-Varnish-Age
X-L-Path
X-Whom
X-User-Agent
X-Cacheable-TTL
X-Oracle-Dms-Rid
X-Yottaa-Metrics
X-Rendered-As
X-Debug-IsPreview
X-Debug-IsConnected
X-Real-IP
X-NYM-Debug-Backend
X-Page-View
Url
X-Yottaa-Optimizations
X-Cache-Time
X-Cache-Grace
X-Jobs
X-Varnish-Server
X-Instance
X-G
X-Framework
Akamai-GRN
X-Status
X-Servername
Referer-Policy
Content-Disposition
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Adobe-Loc
X-Adobe-Content
X-Is-Bot
X-Akamai-Request-ID2
X-Content-Powered-By
Uber-Trace-Id
X-Content
X-Unique-Id
X-Mid
Srv
X-ProcessESI
X-RemovedCookies
X-COUNTRY
Countrycode
X-APP-VERSION
X-Drupal-Cache-Contexts
Version
X-Mg-Request-UUID
X-Time
X-Via-JSL
Cross-Origin-Resource-Policy
X-XRDS-LOCATION
X-Cache-Expired-At
X-CDN-Forward
X-Http-Reason
Accept-Language
X-URL
X-Cache-Hit
X-Restarts
X-App-Server
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Trace-Id
Protected
X-Cache-Operation
Healthy
X-Ratelimit-Limit
X-IPLB-Instance
X-IPLB-Request-ID
X-Azure-Ref
X-Hosted-By
X-Debug-Info
Content-Secure-Policy
Section-Io-Cache
X-Backend-Name
X-Nginx-Cache-Key
X-Tt-Logid
X-Akamai-Edgescape
X-Server-ID
X-Device-Type
Server-Info
Liferay-Portal
X-SRV
X-Cache-Action
Backend
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Type
X-FW-Static
X-Rule
X-FW-Dynamic
GEO-INFO
X-Api-Version
X-UPSTREAM-Address
Meta-Geo
X-RN-RSRV
X-VC-Cache
Load-Balancing
X-Mobile-URL
X-Storage
X-Generation-Time
X-Proxy-Cache-Status
MS-CV
Fastcgi-Useragent
X-Mode
X-RTag
Ms-Operation-Id
CF-IPCountry
X-Varnish-Beresp-Grace
X-Content-Age
X-Handled-By
X-PHP-Host
X-Origin-Hint
X-JoinUs
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
TWC-Connection-Speed
X-Edge-Location
Property-Id
X-Cache-Host
TWC-Privacy
Web-Mar-Node
X-Access
X-Adobe-Source
X-AWS-Id
X-Cache-Enabled
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
Locale
X-Format
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-HTML-Minification-Powered-By
X-Labrador-Cache-Channel
X-Generated-By
Azure-Version
X-Forwarded-Host
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-LJ-Flow-ID
X-Say-Cacheable
X-Urbn-Site-Id
X-Site-Version
X-ShardId
X-Redis-Cache
X-Section
X-Varnish-Cache-Hits
X-VWS-Id
X-Locale
X-Skip-Cache
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-SayCDN-TTL
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Sql-Count
X-Urbn-Context-Path
X-Region
X-Say-TTL
X-SaId
X-Sql-Duration-Ms
X-Detected-As
Mn-Server-Ip
X-Extlb
DB-Nickname
X-FB-TRIP-ID
X-Uri
X-Timing-Wait
S-Rt
X-Storefront-Renderer-Rendered
X-Via-Fastly
X-PHP-Backend
X-Cache-Type
X-Varnish-Hostname
X-Varnishpool
Selected-Fe
X-Datadome
X-GeoCountry
X-GeoCode
Onion-Location
Eomportal-Instance
X-Server-W
X-Cache-NGX
X-Proxy-Build
Xserver
X-Request-Time
X-Routing-Service
X-Zipkin-Id
Apigw-Requestid
X-No-Session
X-Proxied
X-OCL
X-PCL
X-Cache-Server
X-Web-Node
X-FireWall-Port
X-Xfnlog-Site
X-Cms-Context
X-ProxyCache-Key
X-Proto
Cache-Name
X-BYPASS-REASON
X-Tid
X-Cache-Status-Check
X-UA-Device-Type
X-R9-Blue-Green-Version
X-ProxyCache-Status
WP-Super-Cache
X-Nginx-Cache
X-Ms-Request-Id
X-WP-CF-Super-Cache-Cache-Control
X-ServerID
X-Ms-Version
X-WP-CF-Super-Cache
X-UUID
X-ECache
X-Hl-Ver
X-Amz-Apigw-Id
X-Origin-Date
X-Amzn-RequestId
X-DynaTrace-JS-Agent
X-Varnish-Ttl
ServedBy
X-Zen-Fury
X-Loop
X-TNCMS
X-LSADC-Cache
X-Ua
X-Pubstack
Xet-Cookie
X-Human
X-MP-GENERATED-AT
X-Soup
X-Reqid
X-Provided-By
X-Correlation-ID
X-Aspnetmvc-Version
X-TA-CDN-Provider
X-RCS-CacheZone
X-Vgn-Hpd-Reason
Source
X-Amzn-Remapped-Content-Length
X-GEO
Cache
X-Dc
X-Webkit-CSP
Origin
X-Origin-TTL
X-Tumblr-Pixel-2
X-Cache-Tags
X-Origin-CC
X-Debug-Cache
X-Cached-By
X-Varnish-Hits
Cross-Origin-Window-Policy
From-Origin
X-Service
WPO-Cache-Message
SD-X-WS
WPO-Cache-Status
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-App-Version
X-TIME
LB
X-Tec-Api-Root
Webserver
X-Tec-Api-Origin
X-Tec-Api-Version
X-IPS-LoggedIn
X-AOL-HN
Rip
X-Trace-ID
X-Request-Host
X-NewRelic-App-Data
X-B3-Traceid
X-Cache-Debug
X-Destination
X-B-Cookie
X-D
X-Developer
Cdncip
X-Owner
Cdnsip
X-Parent-Response-Time
X-PBS-Appsvrname
X-Connection-Hash
A
X-Cache-NE
CPC-Cache
X-Forwarded-Path
BehaviorPad-Version
X-Bc-Bl
X-BCube-Filmed-By
Expiry
CPC-Age
X-Ec-Fail
X-A-Dam
X-A-Ccd
X-Ec-GeoHdr
X-A-Dcw
DCR-Processing-Time-Ms
X-A-Dgt
DCR-Decision-By
X-Application
X-NAPM-TraceId
Environment
X-Orig-Expires
X-Aed
X-A
X-External-Request-Id
X-ARC
X-AK-Request-ID
X-A-Wwc
X-Rojux
X-Tenant
X-TIM-N
Lang
Sslversion
X-SRCache-Key
Host-ID
T-Server
Surrogated-Key
Rendered-Blocks
X-Vdms-Path
Xc-Version
Ngx.Var.Host
Odigeo-Trace-Id
Meta-Geo-Continent
X-VG-WebCache
X-Vdms-Version
X-FW-Version
MD5-Digest
X-Shop-Environment
X-User
X-Processor
VNS-Cache
X-S
VNS-Age
X-ScT
X-S-Cookie
X-Served-From
X-Rewrite-Enabled
OT-Force-Account-Verify
X-Platform-Server
X-Cluster-Node
X-Varnish-Beresp-Status
Machine
X-Via-NSCOPI
X-Aicache-OS
X-Accel-Buffering
X-Qloud-Router
Redirect-Candidate
X-B3-SpanId
X-Bip
X-Dispatcher-Number
X-Thanos
X-Pool
Mime-Version
X-WP-CF-Super-Cache-Active
Upgrade-Insecure-Requests
X-GG-Cache-Date
Traceparent
Tube-Get-Contents
Tube-Got-Results
State
X-BBC-Edge-Cache-Status
Tube-Got-Eval
Platform
X-Cache-Bucket
Origin-EX
Web-Mar-Region
X-Branch-Name
Wxu-Next-Commit
Producers
Servername
Tube-Return
Req-Svc-Chain
V-Age
Wxu-Next-Hostname
Release
X-Auto-Login
X-Ad-Defer-Variation
Wxu-Next-Region
X-Cache-Id
Vix-Hermes-Req-Id
X-Origin-Response-Time
X-SIPLIST1
X-Sigma-Backend
X-Slack-Backend
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SplitTest
X-Sigma
X-Scale
X-Proxy-Cache-Info
X-Planisys-CDN-TTL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rocket-Build-Number
X-Request-URI
X-SVT-ORM-VERSION
X-V-Cache
X-Wix-Viewer-Type
X-WADP-Cache
X-Generated-On
X-Geo-Header
X-Region-Sid
X-Level-Front-Cache
X-VServer
X-Viewer-Country
X-Varnish-CookieHashed-On
X-Variation
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Device-Os
X-Developers
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Esi-Check
X-Epic-Correlation-Id
X-DefHash
X-DefElseHash
X-Cdn-Srv
X-Cdn-Origin
X-Clara-WADP
X-Clientip
X-Core-Mission
X-Cluster
X-Fetched-On
X-Fmm-Version
X-Minions-Version
X-Loc
X-NodeID
X-Optimistic-Header
Origin-CC
X-Origin
X-JWT-State
X-Is-Gdpr
X-GeoIP-City
X-Forwarded-Site
X-Gzip
X-Has-Esi
X-INCAP-ABP
X-Cache-Info
X-Ckpd-Fst-Backend
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Datacenter
DSUID
Fastly-GeoIP-CountryCode
Fastly-SWR
Fastly-SSL
Fastly-SIE
Country-Code
Cmstype
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cmsid
Click-Count-Error
Candidate-Md5Url
X-CSRF-Token
Click-Count-Action-Start
HostName
L
Mobile-Detection-Method
IsBot
NGX
Is-Eu
Fastly-Drupal-HTML
X-Origin-Time
X-Hash
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Nyt-Route
X-Csrf-Jwt
X-S-Maxage
X-Sucuri-ID
X-Thinkindot-L3
X-Var-Ttl
X-Sucuri-Cache
X-CGP
X-Datadog-Trace-Id
X-SB
X-Rocket-Nginx-Serving-Static
X-Gdpr
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-ATG-Version
X-Eu-Site
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Gateway-Cache-Key
X-CMSURLCustom
X-Core-Value
Server-Host
X-Gamma-Serve
X-CacheTTL
X-Fastly-Backend
X-GeoIP
X-Gateway-Skip-Cache
X-Gen-Mode
X-HS-Content-Campaign-Id
X-Hnp-Log
Memcached
Fastly-Backend-Name
X-Scheme
X-Irp-Debug
X-NCache
X-VC
L5d-Success-Class
Sever-Int
We-Hiring
X-Mvc-Supplant-OutputCached
Ha-Gx-Prefs
HA-Ipaddr
CloudFront-Viewer-Country
Gh-Request-Id
Cluster
Kp-EeAlive
User-Cache-Control
Server-Ext
Server-Hostname
X-Worker
Cache-Host
AKAMAI
X-Block-Status
X-Policy
NM-Fastcgi-Cache
X-Mvc-Supplant-Cachable
Canary
CDCHOST
X-Azure-Ref-OriginShield
Mail-Subject
TDXMobile
X-Tx-Id
Svr
Ec-Rule-Version
X-WA-Info
X-Cache-Remote
Cache-Tv-Group
X-Newrelic-App-Data
Cache-Hits
X-LB-NoCache
X-FC-Vary-Parameters
X-ND-Cache
X-Esi
WebServer
X-ZONE
Pics-Label
Fastcgi-Cache-TTL
X-Udemy-Cache-App-Namespace
Ssr
X-Nf-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Origin-Expires
X-Session-Fingerprint
SID
X-Rebelmouse-Cache-Control
X-Fastly-Cache
X-Rebelmouse-Surrogate-Control
Sid
X-Via-Poph
Time
X-Via-Popv
X-Via-Popn
X-Pod-Name
Memory
AMP-Access-Control-Allow-Source-Origin
X-Up
Env
X-Generated-In
X-Servedbyhost
Server-ID
X-Presslabs-Stats
X-Pass-Why
X-Refresh
X-DC
X-Dispatch
X-Release
X-Wa
X-Akamai-Transformed
X-Tumblr-Pixel-3
X-Cs
X-CACHE-AGE
X-Lambda-Id
X-Buckets
My-App
X-Edge-Pop
X-Ig-Push-State
X-Cache-Date
X-Fpc
X-EC-Lua
X-Conf
X-MSEdge-Features
X-MSEdge-Flight
X-NC
X-NWS-UUID-VERIFY
X-PX
X-Zone
X-MCACHE
X-ID
CDN
X-Microcachable
X-Endurance-Cache-Level
X-Dmc
X-CS
GeoIp-Country-Code
X-Req
X-Xrds-Location
X-VCL-Version
X-LB-ID
X-Vc
X-TX-ID
True-Client-IP
Fastly-Drupal-Html
X-NGINX-Cache
Hostname
X-CSRF-TOKEN
X-Webkit-CSP-Report-Only
True-Client-Country-4JS
Magicmarker
X-CACHE-KEY
X-RateLimit-Reset
X-B3-Spanid
X-Be
CacheControlHeader
X-TH-Server
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Op-Id-All
X-TRACE-ID
Resin-Trace
Request-ID
X-HS-Status
Path
X-Hyper-Cache
X-Srv
X-M-Reqid
X-Air-Trace-Id
X-Alfa-Service
X-M-Log
X-Air-Hostname
True-Client-Ip
X-Air-Source
X-GeoIP-Country-Code
Tcn
X-GeoIP-Region-Code
X-Micro-Cache
X-Vcl-Version
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Air-Pt
X-Accel-Expires-Debug
X-Date
WWW-Authenticate
X-App
Tracecode
Pramga
X-Varnish-Beresp-TTL
GeoIP-Country-Code
X-Check-Cacheable
X-Qnm-Cache
X-SERVER-NAME
C-Via
X-RAMCache
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
X-Akamai-Pragma-Client-IP
X-Vercel-Cache
X-Vercel-Id
NtCoent-Length
X-CLOUD-TRACE-CONTEXT
X-TrackingId
X-FPC
X-Old-Content-Length
X-Edge-POP
X-Datacenter
Proxy-Connection
X-LiteSpeed-Cache-Control
N-Cache
X-Webkit-Csp-Report-Only
YJS-ID
Yjs-Id
On-Server
FSS-Cache
Fastcgi-X-Cache-Version
X-Platform
Esi-Enabled
X-Platform-Router
X-PAYTM-SRV-ID
X-Platform-Processor
X-WA
X-Yandex-Sdch-Disable
X-Mly-Id
Hit
Powered-By
X-Geo
X-Via-CDN
X-Platform-Cluster
X-API-Version
ENV
X-Response-By
X-Lb-Id
Lb
User-Agent
Server-Id
X-ServedByHost
X-Dw-Trace-Id
X-Cdn-Forward
HIT
X-Client-Ip
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-UA
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Node-Id
GeoIP-Latitude
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
X-Webstats-RespID
X-AIR-PT
X-FORWARDED-FOR
X-Instance-Name
X-Traceid
X-Request-Start
Cdn
X-Cache-Ttl
X-SD-PageType
X-Location
X-From
X-FL-EDGE
X-CUA
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Director
X-TT-LOGID
X-LI-UUID
Locid
Srvid
X-LAGOON
Geoip-Latitude
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Akamai-ERRuleID
Dnion-Transfer-Encoding
X-Akamai-ERPolicy
Sm-Log-Id
X-Service-Response-Time
X-Via-Ucdn
Ohc-File-Size
X-DB
X-Render-Time
XServer
X-DI
X-Server-IP
X-DSS
X-DataCenter
X-RPS
X-Request-Url
X-LiteSpeed-Tag
X-DW
Nginx-CQVIP
X-CF-Powered-By
Cache-Key
X-RPM
PICS-Label
Location
X-RSL
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-HA-Backend
Swift-Performance
X-Fastly-Backend-Reqs
Uri
X-Fastly-Cache-Hits
Server-Ttl
X-PERF
X-B3-ParentSpanId
DynaTrace
X-HostName
X-ApacheServer
Vha6-Origin
X-Test
X-Lb-Nocache
Wpo-Cache-Message
Wpo-Cache-Status
X-Cdn-Request-ID
X-Proxy-Upstream
Wp-Super-Cache
X-Ips-Loggedin
CountryCode
XkeyRZ
Warning
X-Cache-Ngx
X-Proxy-CacheRZ
X-Cache-Expires
X-Cache-Backend
Cneonction
X-Th-Server
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Serial
CF-Cached-On
M-TraceId
X-Moov-Xdn-Version
X-HN
X-VarnishDD-TTL
PFcat
XM
X-Proxy-Cache-Hk
X-Moov-T
Req-ID
X-Mg-Cache
X-ElasticPress-Query
WZWS-RAY
SRV
Fastcgi-Cache-Ttl
X-Yottaa-OS