Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
X-Served-By
CF-Ray
X-Request-Id
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
X-Dns-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
Server-Timing
X-Drupal-Dynamic-Cache
X-DNS-Prefetch-Control
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Content-Encoding
X-XSS-PROTECTION
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Ua-Compatible
X-Amz-Id-2
Request-Context
X-Backend
X-Cache-Group
X-Robots-Tag
X-Turbo-Charged-By
Cf-Edge-Cache
Keep-Alive
Host-Header
X-AH-Environment
X-Vhost
X-UA-Device
X-Hacker
X-Proxy-Cache
Allow
X-Server
X-Rq
X-Server-Powered-By
X-Ws-Request-Id
EagleId
X-Dispatcher
X-Age
X-Request-ID
X-Varnish-Cache
X-Amz-Version-Id
P3p
Nel
X-LiteSpeed-Cache
Grace
Cf-Apo-Via
Cf-Railgun
X-Page-Speed
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
EagleEye-TraceId
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
X-OneAgent-JS-Injection
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-CST
X-Cache-Lookup
Accept-CH
X-Node
X-WebKit-CSP
X-Backend-Server
Surrogate-Control
Permissions-Policy
X-Server-Id
X-Nginx-Upstream-Cache-Status
X-Readtime
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Cache-Status
Accept-CH-Lifetime
Xkey
X-Application-Context
Request-Id
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-Response-Time
X-Content-Security-Policy-Report-Only
X-HW
X-Trace
Content-Location
X-Edge
X-Clacks-Overhead
X-Mod-Pagespeed
X-Url
Rating
X-ESI
X-Midtier
X-Aspnetmvc-Version
X-Amz-Server-Side-Encryption
Cache-Tag
X-ECACHE
X-Powered-By-Plesk
X-Rack-Cache
X-Mcache
X-MS-InvokeApp
X-Oneagent-Js-Injection
Service-Worker-Allowed
Accept-Ch
X-D2id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
X-Upstream
Verso
X-Kinja-CCPA
Edge-Control
X-Element-Page-Cache
X-Vcap-Request-Id
X-Country-Code
X-Country
Accept-Ch-Lifetime
Origin-Trial
X-Ac
RTSS
X-Vname
X-TtlSet
X-PC
X-Goog-Hash
X-Navigation-Version
X-VARITI-CCR
X-Abt-Application-Version
X-Browser-Type
X-NWS-LOG-UUID
X-Cache-TTL
X-Amz-Rid
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Varnish-TTL
X-Litespeed-Cache
X-Webkit-CSP
X-GitHub-Request-Id
X-Server-Name
X-Cached
X-Ttl
X-Amzn-Trace-Id
X-Times
X-Dw-Request-Base-Id
Pinterest-Generated-By
X-Server-ID
X-Pinterest-Rid
Pinterest-Version
Pagespeed
SPRequestGuid
X-Middleton-Display
Display
X-SharePointHealthScore
X-Sol
X-Ruxit-Js-Agent
X-Client-IP
SPIisLatency
SPRequestDuration
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cache-Key
AR-ATIME
X-Content-Type
AR-SID
AR-PoweredBy
AR-Request-ID
X-FastCGI-Cache
X-WebKit-CSP-Report-Only
X-Powered-CMS
Arr-Disable-Session-Affinity
X-Cnection
X-Version
X-B3-Traceid
X-Ser
Nginx-Cache
X-Mg-S
X-Middleton-Response
Response
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Accel-Expires
Cache-Tags
X-T
X-SRCache-Store-Status
AR-CACHE
X-SRCache-Fetch-Status
Cache-Status
X-RateLimit-Remaining
X-NF-Request-ID
Edge-Cache-Tag
X-B3-TraceId
X-Hits
X-Daa-Tunnel
Public-Key-Pins
X-Fastly-Request-ID
X-Px
X-MSEdge-Ref
S
X-Recruiting
Front-End-Https
X-Shield-Request-Id
X-RateLimit-Limit
Payment
X-Frontend
X-LLID
Content-MD5
Server-Node
X-Ua-Browser
X-Request-Processing-Time
X-Request-Received
X-Goog-Metageneration
X-GUploader-UploadID
X-Content-Digest
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Amz-Apigw-Id
X-Amzn-RequestId
MicrosoftSharePointTeamServices
Access-Control-Request-Method
X-DIS-Request-ID
X-Webkit-CSP-Report-Only
X-Forwarded-For
X-Xrds-Location
X-ASPNET-VERSION
X-Protected-By
Realpath
TP-Cache
X-Id
X-Distributor
X-Request-Handler-Origin-Region
X-Microsite
Fastcgi-Cache
Access-Control-Allow-Method
X-PressLabs-Stats
X-FB-Debug
X-Page-Id
Accept-Charset
X-Cluster-Name
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
Count-Hit
X-Rid
X-LB-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
X-Aspnet-Version
X-Ua-Device
Cross-Origin-Resource-Policy
X-Goog-Stored-Content-Length
X-TTL
X-Ratelimit-Remaining
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Hostname
X-Geo-Country
X-B3-Sampled
X-App-Server
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
TP-L2-Cache
X-Correlation-Id
X-Seen-By
X-Varnish-Backend
X-Fastcgi-Cache
X-Logged-In
TCN
X-Git-Hash
X-Hosted-By
Cleartype
Retry-After
X-Content-Options
X-Ezoic-Cdn
X-Mobile
X-COUNTRY
Referer-Policy
DC
X-F-Cache
X-Contextid
X-Request-Guid
X-Is-Crawler
X-Origin-Cache
X-Grace
X-Revision
X-Aspnet-Duration-Ms
X-App-Environment
X-Route-Name
X-Forwarded-Proto
X-Providence-Cookie
X-Flags
Surrogate-Key
X-Fb-Rlafr
X-Ratelimit-Limit
X-TT
X-Amz-Replication-Status
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Debug-Info
Frame-Options
X-Varnish-Grace
X-IPS-LoggedIn
X-Newrelic-App-Data
X-Amz-Meta-S3cmd-Attrs
X-RateLimit-Reset
MS-Author-Via
X-Azure-Ref
X-Envoy-Decorator-Operation
X-Trace-Id
X-Magnolia-Registration
Section-Io-Cache
X-Www-Served-By
X-Proxy-Cache-Info
X-App-Version
Filterid
X-AppVersion
X-Activity-Id
X-Az
X-Language
X-Wix-Request-Id
X-Webkit-Csp
X-Whom
Healthy
Charset
X-Akamai-Edgescape
X-Kong-Proxy-Latency
Server-Name
X-Kong-Upstream-Latency
X-Varnish-Server
WPO-Cache-Status
X-Origin-Server
WPO-Cache-Message
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Viewport
X-Datadog-Parent-Id
Amp-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-EdgeConnect-Cache-Status
X-Backend-Name
X-Akamai-Request-ID2
X-Unique-Id
X-Response-Served-From
X-Http-Reason
X-Original-Request-Id
X-User-Agent
VIX-Pulpo-Upstream-Status
X-B-Cache
X-Signature
VIX-Pulpo-Node
Host
X-N
Paypal-Debug-Id
X-Mg-Request-UUID
X-Yottaa-Metrics
X-Nf-Request-Id
From-Origin
Front
X-UUID
X-Rule
X-Cache-Rule
X-Jobs
X-Instance
X-Region
X-B
X-Yottaa-Optimizations
Content-Disposition
X-Edge-Location
X-Cacheable-TTL
X-Environment-Context
SRV
X-Cache-Grace
X-Vcache
SD-X-WS
X-Datadog-Sampled
X-Load-Cache
X-Page-View
Protected
X-L-Path
Fastly-SWR
Fastly-SIE
X-DataDome
X-Framework
Country
X-Rendered-As
X-RemovedCookies
X-Cache-Time
X-Rocket-Nginx-Serving-Static
X-ProcessESI
X-Is-Bot
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-FW-Server
X-Adobe-Loc
Akamai-GRN
X-Amzn-Remapped-Content-Length
X-Adobe-Content
X-FW-Dynamic
X-FW-Hash
X-Status
X-FW-Version
X-FW-Type
X-FW-Static
X-FW-Serve
X-ARC
X-G
X-Proxy
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Type
X-Varnish-Age
X-Time
X-Debug-IsPreview
X-Tumblr-Pixel
X-Debug-IsConnected
Access-Control-Request-Headers
X-ECache
X-CDN-Forward
ServerID
Backend
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-FTR-Request-ID
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Servername
Url
Refresh
X-Cache-Age
X-Httpd
Xet-Cookie
X-DynaTrace
Countrycode
X-Template
X-Cache-Control
X-Device-Type
CF-IPCountry
Accept-Language
X-Nginx-Cache
X-Drupal-Cache-Tags
Webserver
X-Content-Powered-By
X-NYM-Debug-Backend
X-DynaTrace-JS-Agent
X-Generated-By
X-Erf-Web-Scheduler
X-Mode
X-Cache-Hit
X-Client-Ip
X-HTML-Minification-Powered-By
X-NGENIX-Cache
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Xserver
X-Storage
Cross-Origin-Window-Policy
X-Tt-Logid
Version
GEO-INFO
X-SaId
X-Say-Cacheable
DB-Nickname
X-ServerID
X-XRDS-LOCATION
X-SayCDN-TTL
X-UPSTREAM-Address
X-Rn-Rsrv
X-Rewrite-Enabled
Meta-Geo
OT-Force-Account-Verify
Locale
S-Rt
Load-Balancing
X-Cache-Operation
Filters
X-Say-TTL
X-Urbn-Site-Id
X-Urbn-Context-Path
X-JoinUs
X-Soup
X-Cluster-Node
X-GeoCountry
X-FB-TRIP-ID
X-Director
X-GeoCode
X-LAGOON
X-Loop
X-Tncms
X-Git-Commit
X-RM-Cache-TTL
X-Content-Age
X-Cache-Action
X-Ms-Request-Id
X-Varnish-Cache-Hits
X-Served-From
X-Ms-Version
X-Container-Uri
X-Fetched-On
X-MCACHE
X-Detected-As
X-PHP-Host
X-Skip-Cache
X-Forwarded-Host
X-Adobe-Source
X-Sql-Duration-Ms
X-VC-Cache
Onion-Location
Mn-Server-Ip
X-VCT
X-Labrador-Cache-Channel
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-InstanceId
X-Lambda-Id
X-Tb
Azure-Version
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-Sql-Count
X-Redis-Cache
Web-Mar-Node
X-Cache-Server
Node
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-Timing-Wait
X-Logging-Id
X-Varnish-Hostname
TWC-GeoIP-Country
X-Origin-Hint
Selected-Fe
TWC-Connection-Speed
TWC-Device-Class
X-Proxy-Build
Property-Id
TWC-Locale-Group
X-Source
X-Proxied
X-Tumblr-Pixel-2
X-Generation-Time
X-Extlb
X-Debug
X-Tumblr-Pixel-3
X-Format
X-Routing-Service
X-Zipkin-Id
X-Endurance-Cache-Level
X-Uri
Fastcgi-Useragent
X-B3-SpanId
X-Proto
Uber-Trace-Id
Source
X-LSADC-Cache
X-Zen-Fury
CDN-RequestId
X-Ua
X-S
NGB
Section-Io-Id
Section-Io-Origin-Status
X-Sucuri-Cache
X-Sucuri-ID
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Newrelic-Synthetics
X-URL
X-TimeS
X-TraceId
X-Origin-TTL
Upgrade-Insecure-Requests
X-Origin-CC
X-Real-IP
X-Fastly-Request-Id
X-Akamai-Transformed
X-Handled-By
X-Oracle-Dms-Ecid
X-Pass-Why
X-Oracle-Dms-Rid
X-AB
X-RTag
X-Varnish-Hits
X-MP-GENERATED-AT
Ms-Operation-Id
X-Origin-Date
X-Drupal-Cache-Contexts
X-Ratelimit-Reset
MS-CV
X-Optimistic-Header
X-Reqid
X-Cms-Context
Apigw-Requestid
X-Cache-Expired-At
X-No-Session
Fastly-Drupal-HTML
X-Xfnlog-Site
X-Geo-Region
X-Restarts
ServedBy
X-AWS-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-LJ-Flow-ID
X-VWS-Id
X-BYPASS-REASON
X-Cache-Host
X-GEO
Liferay-Portal
WP-Super-Cache
X-Tx-Id
X-XRDS-Location
X-Srv
X-Hl-Ver
X-Varnish-Ttl
X-CACHE-AGE
X-IPLB-Request-ID
X-Cluster
X-IPLB-Instance
CDN-RequestCountryCode
CDN-Uid
X-Cache-Type
CDN-RequestPullCode
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
CDN-RequestPullSuccess
Cache-Provider
X-Proxy-Cache-Status
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Parent-Response-Time
X-Vtex-Remote-Cache
T-Server
Surrogated-Key
X-CF-Lambda-Fn
X-Destination
X-Vdms-Path
True-Client-Country-4JS
X-CF-Lambda-Version
Magicmarker
X-Vdms-Version
X-A
X-Cache-Status-Check
Vix-Hermes-Req-Id
MD5-Digest
X-A-Dcw
Meta-Geo-Continent
X-A-Dam
X-S-Cookie
X-Thanos
X-Developer
X-CGP
X-Application
X-A-Ccd
Sslversion
X-CacheTTL
X-Eu-Site
Canary
X-External-Request-Id
X-Fastly-Backend
X-FC-Vary-Parameters
Candidate-Md5Url
X-Epic-Correlation-Id
DCR-Processing-Time-Ms
Datacenter
X-Ec-Custom-Error
X-Ec-Fail
X-Ec-GeoHdr
BehaviorPad-Version
W
L
X-Hash
L5d-Success-Class
Lang
X-Cache-NE
Cache-Name
HA-Ipaddr
Gannett-Cam-Experience-Id
Fastly-SSL
Web-Mar-Region
X-Generated-On
Ha-Gx-Prefs
X-Level-Front-Cache
X-Viewer-Country
Redirect-Candidate
X-Bip
X-Request-Host
X-Micro-Cache
X-Debug-Cache-Fetch
Server-Host
DCR-Decision-By
X-Rojux
Origin-Agent-Cluster
Ngx.Var.Host
X-Bc-Bl
Odigeo-Trace-Id
Origin
X-Pubstack
X-Qloud-Router
X-Aed
X-BCube-Filmed-By
X-Worker
X-Bl-Debug
Xc-Version
X-Vgn-Hpd-Reason
Rendered-Blocks
X-Pool
X-We-Are-Hiring
X-Conf
X-Is-Supported-Browser
X-Csrf-Jwt
X-Is-Tablet
X-A-Wwc
X-A-Dgt
X-Browser-Name
X-Is-Desktop
X-Is-Mobile
X-SRCache-Key
X-App
X-PAYTM-SRV-ID
X-Tcp-Rtt
N-Cache
X-Owner
X-Debug-Cache-Store
X-D
X-B-Cookie
X-ScT
X-CSRF-Token
X-Upgrade-Enabled
X-Node-Name
X-TIME
X-Via-JSL
X-Accel-Version
Producers
Esi-Enabled
Fastly-GeoIP-CountryCode
Release
Fastly-Backend-Name
Environment
VNS-Age
Platform
Expect-Staple
X-DPWN-IS-SECURE
Req-Svc-Chain
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Mail-Subject
X-CMSURLCustom
X-DefElseHash
X-DefHash
X-Clientip
X-Cache-Info
X-Core-Mission
Is-Eu
Host-ID
Gh-Request-Id
X-Dispatcher-Number
X-Device-Os
NM-Fastcgi-Cache
X-Cdn-Diag
Machine
X-Core-Value
X-Dispatcher-Server
X-Nitro-Cache
X-Wikidot-Static-Cache
X-Origin-Cache-Key
X-Correlation-ID
X-Wikidot-Backend
X-Slack-Backend
X-BBC-Edge-Cache-Status
X-Slack-Shared-Secret-Outcome
X-Shop-Environment
X-Server-W
X-Refresh
X-Policy
X-Request-Time
X-App-Name
X-Server-IP
X-SD-PageType
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnishpool
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-VG-TLSProxy
X-VServer
X-Vmg-Version
X-VG-WebCache
X-Varnish-CookieHashed-On
X-Variation
X-Test
X-Tenant
X-Thinkindot-L3
X-Up
X-Var-Ttl
X-ApacheServer
X-Platform
X-PERF
X-Gdpr
Adler-Geo
AKAMAI
X-Geo-Header
X-GeoIP
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-From
We-Hiring
Cmstype
CPC-Age
Cmsid
CloudFront-Viewer-Country
X-Forwarded-Path
VNS-Cache
X-Cache-Debug
X-Human
X-Nyt-Route
X-NodeID
X-Old-Content-Length
X-Org
X-Origin-Time
X-Orig-Expires
CPC-Cache
X-Nananana
X-Mvc-Supplant-Cachable
X-Cache-Bucket
X-Loc
X-Irp-Debug
X-Mid
X-Mly-Id
X-Buckets
X-Cache-Id
X-Block-Status
X-NCache
X-ShopId
X-Shopify-Stage
X-ShardId
X-RateLimit-Remaining-Second
X-Origin-Response-Time
X-RateLimit-Limit-Second
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-WADP-Cache
X-Wix-Viewer-Type
X-WA-Info
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Origin
X-Op-Id-All
X-Fmm-Version
X-Forwarded-Site
X-Esi-Check
X-Date
X-Clara-WADP
X-Gen-Mode
X-Gzip
X-Nginx-Cache-Key
X-Node-Id
X-Mvc-Supplant-OutputCached
X-INCAP-ABP
X-Hnp-Log
X-Cdn-Origin
X-Auto-Login
Wxu-Next-Hostname
Wxu-Next-Region
Apple-News-Services-Handled
Ssr
Server-Hostname
Wxu-Next-Commit
X-Datadome
Apple-News-Services-Host
User-Cache-Control
X-Accel-Buffering
X-Accel-Expires-Debug
CDCHOST
X-Alternate-Cache-Key
DSUID
Country-Code
Cf-Device-Type
Apple-News-Services-Request-Url
Server-Ext
Sever-Int
X-Ah-Environment
Apple-News-Services-Parsed-Url
X-B3-Spanid
X-Vcl-Version
X-LB-NoCache
Pics-Label
Server-Info
NGX
X-Access
X-Via-Fastly
X-AIR-PT
C-Via
X-Cdn-Srv
X-Cache-Enabled
X-S-Maxage
X-Section
X-Instance-Name
X-Varnish-Beresp-Ttl
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Beresp-Grace
IsBot
X-CACHE-GROUP
X-Zone
Content-Secure-Policy
X-Amz-Meta-Cb-Modifiedtime
X-Dc
X-SIPLIST1
X-Presslabs-Stats
Server-ID
X-API-Version
YJS-ID
CF-Ctrl
X-WP-CF-Super-Cache-Active
X-Akamai-Device-Characteristics
X-Frame-Option
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
X-HA-Backend
Sid
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
Hostname
Cache-Hits
X-Cached-By
X-Platform-Cluster
X-Platform-Processor
Memcached
X-Platform-Router
Cdn-Requestid
X-B3-Parentspanid
Memory
X-Has-Esi
X-JWT-State
Time
Location
X-Is-Gdpr
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-NewRelic-App-Data
X-Hyper-Cache
X-Internal-Host
X-SRV
X-Webstats-RespID
X-TIM-N
Origin-CC
X-Fpc
X-Tb-Optimization-Total-Bytes-Saved
Origin-EX
X-Service
X-Wp-Cf-Super-Cache-Active
X-Scale
X-Cs
X-NGINX-Cache
X-VC
X-DC
X-Backend-Instance
X-LiteSpeed-Cache-Control
X-ZONE
X-TA-CDN-Provider
X-DataCenter
LB
Epwk-X-Cache
X-PHP-Backend
Req-ID
Resin-Trace
Cdn-Host
X-NMSegId
True-Client-Ip
X-Edge-Server
X-Webkit-Csp-Report-Only
X-Site-Version
GeoIp-Country-Code
Cdn-Request-Time
WZWS-RAY
GeoIP-Country-Code
X-Azure-Ref-OriginShield
X-Locale
X-Request-URI
X-CSRF-TOKEN
X-Ad-Load-Variation
X-NODE
Uri
X-VCache
X-ID
GeoIP-Latitude
XServer
X-M-Reqid
X-M-Log
Pramga
X-Microcachable
X-Nitro-Cache-From
X-Nitro-Rev
X-Cache-Ttl
True-Client-IP
X-Scope-Id
X-Request-Start
Content-Script-Type
Cdn
Content-Style-Type
Cluster
X-Qnm-Cache
X-Vercel-Id
X-Shield-Cache-Expires
NtCoent-Length
Cache-Host
X-Vercel-Cache
X-Varnish-Beresp-Status
M-TraceId
X-Datacenter
X-Origin-Expires
X-Geo
Cache-Tv-Group
HostName
X-Github-Request-Id
X-Pad
SID
XM
X-WP-CF-Super-Cache-Cookies-Bypass
X-Info
X-Cache-Date
X-TH-Server
X-FPC
Fastly-Drupal-Html
X-Pod-Name
X-HN
X-VarnishDD-TTL
PFcat
Tcn
X-HostName
X-Cache-FS-Status
X-Nc
X-Wa
X-B3-Trace-ID
X-V-Cache
X-Servedbyhost
Click-Count-Error
Tube-Get-Contents
Click-Count-Action-Start
Tube-Got-Eval
Tube-Got-Results
X-Acquia-Purge-Cdn-Unconfigured
Tube-Return
X-Aicache-OS
WebServer
User-Agent
X-Ad-Defer-Variation
X-APP-VERSION
X-Web-Node
X-Cdn-Request-ID
CountryCode
X-Api-Version
Cf-Ipcountry
X-Req
X-FL-QIT-DEBUG
X-LB-ID
X-SB
X-Via-Poph
MIME-Version
X-Via-Popv
X-Via-Popn
Locid
X-Esi
X-MSEdge-Features
X-MSEdge-Flight
X-Via-SSL
Edge-Cache
Srvid
A
V-Age
X-Amz-Meta-Opti
On-Server
X-FL-EDGE
X-NWS-UUID-VERIFY
Cdnsip
Cdncip
X-Vary
Edge-Copy-Time
X-Via-Edge
Priority
X-AK-Request-ID
X-Via-CDN
X-LiteSpeed-Tag
X-CS
Ngx-Var-Key
X-Men
X-Branch-Name
X-VCL-Version
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Moov-Xdn-Version
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Moov-T
XkeyRZ
X-Proxy-CacheRZ
Path
Yak-Timeinfo
X-FireWall-Port
My-App
Cache-Key
X-Cache-ASPX
X-ATG-Version
X-Akamai-Pragma-Client-IP
X-CACHE-KEY
X-UA
CDN
X-Air-Pt
X-Provided-By
Wpo-Cache-Status
X-Fastly-Country-Code
X-Render-Time
X-Fastly-Backend-Reqs
X-Varnish-Director
X-Tim-N
Wpo-Cache-Message
X-Acquia-Purge-Tags
X-Acquia-Site
Geoip-Latitude
X-Acquia-Application-Trace
X-Cdn-Forward
Proxy-Connection
X-Ha-Backend
Srv
X-Acquia-Application-UUID
X-Lb-Cache
Cache
X-User
X-Generated-In
Server-Id
Lb
X-TT-LOGID
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Cdn-Cache-Status
X-Dw-Trace-Id
Ohc-File-Size
X-Via-Ucdn
X-GeoIP-City
PICS-Label
X-GoCache-CacheStatus
X-Gamma-Serve
Ohc-Cache-HIT
X-Lb-Nocache
X-EC-Lua
X-CUA
Cross-Origin-Embedder-Policy-Report-Only
CF-Cached-On
X-Upstream-Ct
Yjs-Id
X-Iplb-Instance
X-Upstream-Ht
X-Iplb-Request-Id
Fusion-Content-Source
Fusion-Content-Id
Type
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
X-Serial
X-Scheme
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Mg-Cache
X-Litespeed-Tag
Fusion-Component-Id
X-CDN-Cache-Status
X-Lb-Id
X-Check-Cacheable
X-Planisys-CDN-TTL
X-RAMCache
X-HS-Content-Campaign-Id
X-Release
X-HS-Status
State
X-Udemy-Cache-App-Namespace
X-Miniprofiler-Ids
X-CF-Cache-Header-Cache-Control
X-CF-Cache-Header-Vary
Cneonction
X-Planisys-CDN-Cache
X-ElasticPress-Query
X-Cached-Since
Warning
Vha6-Origin
X-Litespeed-Cache-Control
X-Cache-Remote
Log-Origin
X-Platform-Server
Ngx
X-Planisys-CDN-Rules