Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
CF-Ray
X-Generator
X-Cacheable
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Content-Security-Policy
Status
X-Request-ID
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
X-Ua-Compatible
Access-Control-Max-Age
X-Via
X-Cache-Group
X-Robots-Tag
Server-Timing
X-UA-Device
Request-Context
X-Dns-Prefetch-Control
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Amz-Id-2
X-Proxy-Cache
X-Backend
X-Ws-Request-Id
P3p
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
X-Akamai-Path-Stats
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Device
X-Nginx-Cache-Status
X-WebKit-CSP
X-Page-Speed
X-Aws-Lambda-Call-Status
X-Host
X-Node
Accept-CH
X-Pingback
X-OneAgent-JS-Injection
X-Server-Id
Cf-Railgun
X-Cache-Spec
Request-Id
EagleEye-TraceId
Surrogate-Control
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
X-Trace
Rating
X-Cloud-Trace-Context
Fastly-Restarts
X-Clacks-Overhead
X-Url
X-WebKit-CSP-Report-Only
Accept-Ch-Lifetime
X-Country
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Edge
Edge-Control
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-PC
X-TtlSet
X-Vname
X-B3-TraceId
X-Content-Type
X-ESI
X-Vcap-Request-Id
X-Mod-Pagespeed
X-Oneagent-Js-Injection
X-Ruxit-JS-Agent
X-Ruxit-Js-Agent
X-Kinja-Build
X-D2id
X-Kinja
Xkey
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-GoogleNews-Bot
Verso
X-Amz-Rid
X-Varnish-TTL
Cache-Tag
X-GitHub-Request-Id
X-Powered-By-Plesk
X-FastCGI-Cache
X-VARITI-CCR
RTSS
X-CST
X-Mcache
Service-Worker-Allowed
X-ECACHE
X-Upstream
X-Navigation-Version
X-Abt-Application-Version
X-Version
X-Client-IP
X-Cached
X-Cnection
X-Dw-Request-Base-Id
X-Ac
X-Px
X-Server-Lifecycle-Phase
X-Server-Name
X-Ttl
X-Instrumentation
X-Element-Page-Cache
X-Kraken-Loop-Name
Public-Key-Pins
Arr-Disable-Session-Affinity
SPRequestGuid
X-SharePointHealthScore
X-Cache-TTL
SPIisLatency
SPRequestDuration
Accept-Ch
Display
X-Sol
X-Middleton-Display
Pagespeed
X-NWS-LOG-UUID
X-Country-Code
X-Ser
Permissions-Policy
X-Cache-Key
X-Middleton-Response
Response
X-RateLimit-Remaining
X-Midtier
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-Forwarded-For
Access-Control-Request-Method
Content-MD5
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Correlation-Id
X-NF-Request-ID
X-DataDome
X-Shield-Request-Id
Front-End-Https
X-MSEdge-Ref
X-T
TP-L2-Cache
X-Jurisdiction
X-Recruiting
TP-Cache
X-HP-Webp
Edge-Cache-Tag
X-HP-Trace-Id
Nginx-Cache
AR-ATIME
AR-CACHE
AR-SID
AR-Request-ID
AR-PoweredBy
X-Accel-Expires
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Powered-CMS
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-RateLimit-Limit
TCN
Cf-Apo-Via
X-Grace
X-Mg-S
X-Id
X-Hits
X-Content-Digest
X-Request-Received
X-Request-Processing-Time
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
Server-Node
Filters
Server-Name
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Amzn-Trace-Id
X-Frontend
MS-Author-Via
X-Distributor
X-Geo-Country
S
Fastcgi-Cache
X-Protected-By
X-LLID
X-Language
Cache-Status
X-XRDS-Location
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-LB-Cache
Cross-Origin-Opener-Policy
X-Origin-Server
X-PressLabs-Stats
X-Amz-Meta-S3cmd-Attrs
Count-Hit
X-Fastly-Request-Id
X-Ezoic-Cdn
X-FB-Debug
X-F-Cache
X-B3-Sampled
X-Request-Handler-Origin-Region
Host
X-Microsite
Charset
X-Litespeed-Cache
X-Seen-By
X-Ab
X-Git-Hash
X-Page-Id
X-Forwarded-Proto
X-Ua-Browser
Payment
Filterid
X-ASPNET-VERSION
X-Ratelimit-Reset
X-TTL
X-Fastcgi-Cache
X-VCache
X-Cluster-Name
Surrogate-Key
Realpath
X-Origin-Cache
X-Rid
X-Cache-Age
Cache-Tags
Accept-Charset
X-Template
X-NGENIX-Cache
X-Webkit-Csp
Alternate-Protocol
Retry-After
Access-Control-Allow-Method
X-Www-Served-By
X-Activity-Id
X-AppVersion
X-Az
X-DynaTrace
X-Upgrade-Enabled
Cleartype
X-DIS-Request-ID
X-Logged-In
X-Providence-Cookie
X-Varnish-Grace
X-App-Environment
X-Request-Guid
X-Route-Name
X-Amz-Replication-Status
X-Is-Crawler
X-Flags
X-Varnish-Backend
X-Aspnet-Duration-Ms
X-Signature
X-B-Cache
X-TT
X-Wix-Request-Id
X-B
X-Type
X-Tb
X-Node-Name
X-Envoy-Decorator-Operation
X-Source
Paypal-Debug-Id
ServerID
DC
X-Hostname
X-Fastly-Request-ID
X-Drupal-Cache-Tags
X-Debug
Frame-Options
X-Proxy
X-Revision
X-Mobile
X-Tt-Trace-Host
X-Content-Options
X-Tt-Trace-Tag
X-Contextid
X-COUNTRY
X-Load-Cache
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
Amp-Access-Control-Allow-Source-Origin
X-Cache-Rule
X-N
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Control
X-Content
Country
X-Magnolia-Registration
Node
X-Response-Served-From
X-Whom
X-EdgeConnect-Cache-Status
X-User-Agent
Refresh
Referer-Policy
X-Original-Request-Id
NGB
Viewport
X-Ratelimit-Remaining
X-Debug-IsConnected
X-Cacheable-TTL
X-Cache-TTL-Remaining
X-Debug-IsPreview
X-Environment-Context
X-Framework
X-L-Path
X-Page-View
X-Servername
X-Real-IP
Access-Control-Request-Headers
X-Jobs
X-Status
X-Unique-Id
X-NYM-Debug-Backend
X-Content-Powered-By
X-Varnish-Server
X-G
X-Mid
Uber-Trace-Id
X-Akamai-Request-ID2
Content-Disposition
Akamai-GRN
Url
X-Adobe-Loc
VIX-Pulpo-Node
X-Adobe-Content
VIX-Pulpo-Upstream-Status
X-Rendered-As
X-Varnish-Age
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Time
X-Is-Bot
X-Cache-Grace
X-Instance
X-RemovedCookies
Srv
X-Server-ID
X-ProcessESI
X-Drupal-Cache-Contexts
X-Mg-Request-UUID
Version
X-APP-VERSION
Countrycode
X-Restarts
X-Trace-Id
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Http-Reason
X-CDN-Forward
X-App-Server
X-XRDS-LOCATION
Accept-Language
X-Cache-Expired-At
X-Time
X-Via-JSL
X-Debug-Info
Protected
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-IPLB-Instance
X-Tumblr-Pixel
X-Cache-Hit
X-IPLB-Request-ID
Healthy
X-Hosted-By
X-Ratelimit-Limit
X-Cache-Operation
X-Nginx-Cache-Key
X-Azure-Ref
Cross-Origin-Resource-Policy
X-Device-Type
Liferay-Portal
X-Backend-Name
X-Tt-Logid
Section-Io-Cache
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
Backend
Fastcgi-Useragent
Content-Secure-Policy
X-Akamai-Edgescape
X-FW-Type
X-FW-Static
X-FW-Server
Server-Info
X-RTag
X-Rule
Ms-Operation-Id
MS-CV
X-Mobile-URL
Meta-Geo
Load-Balancing
X-RN-RSRV
X-Cache-Action
X-Storage
X-UPSTREAM-Address
X-Proxy-Cache-Status
GEO-INFO
X-SRV
X-Mode
X-Cache-NGX
X-Content-Age
X-Handled-By
X-Api-Version
X-UUID
X-VC-Cache
X-Varnish-Beresp-Grace
CDN-Cache
X-Format
Locale
Onion-Location
X-OCL
X-Skip-Cache
X-Varnish-Hostname
CDN-CachedAt
X-PCL
CDN-Uid
CDN-RequestId
X-Section
X-SayCDN-TTL
X-PHP-Host
X-Cache-Enabled
X-VWS-Id
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
X-Site-Version
X-Say-Cacheable
X-Forwarded-Host
X-Region
X-Adobe-Source
X-Sql-Duration-Ms
X-Edge-Location
X-AWS-Id
X-Uri
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Redis-Cache
X-Access
X-Cms-Context
X-No-Session
CF-IPCountry
X-URL
S-Rt
X-Say-TTL
X-Proto
X-LJ-Flow-ID
X-Sql-Count
X-Labrador-Cache-Channel
X-Cache-Server
Apigw-Requestid
X-Proxied
X-BYPASS-REASON
X-GeoCountry
X-Hl-Ver
X-GeoCode
X-Generated-By
X-Extlb
X-Alternate-Cache-Key
X-HTML-Minification-Powered-By
X-Detected-As
Eomportal-Instance
X-PHP-Backend
X-FB-TRIP-ID
Mn-Server-Ip
X-ProxyCache-Key
DB-Nickname
Web-Mar-Node
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-UA-Device-Type
Azure-SlotName
Webcakes-App-Name
X-ProxyCache-Status
X-Cache-Type
Azure-Version
X-Origin-Hint
X-Locale
X-Web-Node
X-Cache-Host
Webcakes-Region
X-Xfnlog-Site
X-Via-Fastly
X-Zipkin-Id
X-Varnishpool
X-Datadome
X-Sorting-Hat-ShopId
X-Server-W
X-Generation-Time
Webcakes-App-Version
X-Varnish-Cache-Hits
TWC-GeoIP-LatLong
TWC-Privacy
X-Request-Time
TWC-Locale-Group
X-Routing-Service
Property-Id
TWC-GeoIP-Country
X-ShopId
TWC-Connection-Speed
TWC-Device-Class
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-PodId
X-ServerID
X-Origin-Date
X-Cache-Status-Check
X-R9-Blue-Green-Version
X-Tid
X-SaId
X-Ms-Request-Id
X-Storefront-Renderer-Rendered
X-JoinUs
X-Ms-Version
WP-Super-Cache
X-Timing-Wait
Selected-Fe
X-Proxy-Build
Cache-Name
Xserver
X-FireWall-Port
X-ECache
X-WP-CF-Super-Cache
ServedBy
X-WP-CF-Super-Cache-Cache-Control
X-Zen-Fury
X-DynaTrace-JS-Agent
X-LSADC-Cache
X-Nginx-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Ua
X-Human
X-B3-Traceid
X-Debug-Cache
X-TA-CDN-Provider
Xet-Cookie
X-Cache-Tags
X-TNCMS
X-Loop
X-MP-GENERATED-AT
Cache
X-Reqid
X-Correlation-ID
X-RCS-CacheZone
Source
X-Aspnetmvc-Version
X-GEO
X-Cdn
X-Dc
X-Varnish-Hits
X-Cached-By
X-Webkit-CSP
X-Pubstack
SD-X-WS
Cross-Origin-Window-Policy
Origin
X-Soup
X-Amzn-Remapped-Content-Length
X-Newrelic-Synthetics
WPO-Cache-Message
X-App-Version
WPO-Cache-Status
LB
X-Vgn-Hpd-Reason
X-Origin-TTL
X-Origin-CC
X-Tumblr-Pixel-2
X-Provided-By
From-Origin
X-Varnish-Beresp-Ttl
X-Service
X-IPS-LoggedIn
X-Varnish-Ttl
X-TIME
Webserver
X-AOL-HN
X-Tec-Api-Root
X-Tec-Api-Origin
X-Via-NSCOPI
X-Tec-Api-Version
X-B3-SpanId
X-GG-Cache-Date
Rip
X-NewRelic-App-Data
X-Platform-Server
X-FW-Version
X-A-Dcw
X-Served-From
Rendered-Blocks
X-A-Dam
X-A-Dgt
X-User
Expiry
X-Forwarded-Path
X-A-Ccd
X-A
X-BCube-Filmed-By
Host-ID
X-Vdms-Path
X-VG-WebCache
X-ScT
X-A-Wwc
X-D
X-S-Cookie
X-External-Request-Id
X-ARC
X-B-Cookie
X-AK-Request-ID
DCR-Processing-Time-Ms
X-Developer
Sslversion
DCR-Decision-By
X-Destination
X-Rojux
X-Shop-Environment
X-S
Odigeo-Trace-Id
Environment
X-Ec-GeoHdr
X-Ec-Fail
X-SRCache-Key
X-Aed
X-TIM-N
X-Bc-Bl
MD5-Digest
X-NAPM-TraceId
X-Orig-Expires
Ngx.Var.Host
X-Tenant
X-Application
BehaviorPad-Version
Meta-Geo-Continent
X-Owner
X-Vdms-Version
X-PBS-Appsvrname
X-Processor
X-Rewrite-Enabled
X-Cache-NE
A
Lang
T-Server
X-Connection-Hash
Surrogated-Key
X-Cluster-Node
Cdnsip
Cdncip
Xc-Version
Mime-Version
X-Request-Host
OT-Force-Account-Verify
X-Dispatcher-Number
Upgrade-Insecure-Requests
VNS-Cache
VNS-Age
X-Accel-Buffering
CPC-Cache
X-Aicache-OS
X-Parent-Response-Time
Cache-Hits
X-Bip
Redirect-Candidate
Machine
X-Thanos
X-Qloud-Router
X-Varnish-Beresp-Status
CPC-Age
X-Level-Front-Cache
X-Pool
X-Generated-On
X-Cache-Info
X-Cache-Id
X-BBC-Edge-Cache-Status
X-Cache-Bucket
X-Branch-Name
Tube-Return
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Traceparent
TDXMobile
State
Req-Svc-Chain
Server-Host
X-Varnish-CookieHashed-On
Servername
Tube-Get-Contents
Tube-Got-Eval
Wxu-Next-Hostname
Wxu-Next-Region
X-Ad-Defer-Variation
X-Variation
Wxu-Next-Commit
Vix-Hermes-Req-Id
Tube-Got-Results
X-CacheTTL
V-Age
X-V-Cache
X-Epic-Correlation-Id
X-Mvc-Supplant-Cachable
X-Minions-Version
X-Loc
X-Mvc-Supplant-OutputCached
X-SVT-ORM-VERSION
X-Origin-Response-Time
X-NodeID
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-Gzip
X-Hash
X-Thinkindot-L3
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Scale
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Region-Sid
X-Request-URI
X-Rocket-Build-Number
X-Rocket-Nginx-Serving-Static
X-S-Maxage
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-SB
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-SplitTest
X-Policy
X-GeoIP-City
X-GeoIP
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Datadog-Trace-Id
X-DefElseHash
X-Developers
X-DefHash
X-Core-Value
X-Core-Mission
X-CGP
X-Cdn-Srv
X-Ckpd-Fst-Backend
X-Clara-WADP
X-CMSURLCustom
X-Cluster
X-Device-Os
X-DPWN-IS-SECURE
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Geo-Header
X-Slack-Backend
X-Gamma-Serve
X-Fmm-Version
X-Sigma
X-Sigma-Backend
X-Ec-Custom-Error
X-Esi-Check
X-Fetched-On
X-Eu-Site
X-Cdn-Origin
Fastly-SIE
Cmsid
Cmstype
Click-Count-Error
Click-Count-Action-Start
Candidate-Md5Url
X-VServer
Country-Code
Decoy-Debug-Key
Fastly-SSL
Fastly-SWR
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Decoy-Debug-TTL
Canary
X-WADP-Cache
HostName
X-Worker
X-Origin-Time
X-Nyt-Route
X-Gdpr
Release
Adler-Geo
Apple-News-Services-Handled
X-Wix-Viewer-Type
Cache-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-VG-TLSProxy
Decoy-Debug-Status
X-SIPLIST1
L5d-Success-Class
L
X-CSRF-Token
Memcached
Origin-EX
NM-Fastcgi-Cache
Mobile-Detection-Method
Origin-CC
Ha-Gx-Prefs
Kp-EeAlive
X-Varnish-CookieINHashed-On
IsBot
Is-Eu
HA-Ipaddr
Producers
Platform
X-Varnish-Remaining-TTL
NGX
X-VC
X-WA-Info
Cache-Tv-Group
X-Tx-Id
X-Cache-Debug
Web-Mar-Region
Cluster
X-Optimistic-Header
X-Auto-Login
X-INCAP-ABP
Server-Ext
We-Hiring
Mail-Subject
Gh-Request-Id
X-Origin
Server-Hostname
Datacenter
Ec-Rule-Version
Svr
X-Proxy-Cache-Info
X-Gen-Mode
DSUID
X-Viewer-Country
Fastcgi-Cache-TTL
User-Cache-Control
X-Hnp-Log
X-Scheme
CloudFront-Viewer-Country
Sever-Int
AKAMAI
X-NCache
X-Forwarded-Site
CDCHOST
X-Clientip
X-Block-Status
X-Presslabs-Stats
X-WP-CF-Super-Cache-Active
X-Cache-Remote
X-Origin-Expires
X-ND-Cache
X-Rebelmouse-Surrogate-Control
X-Fastly-Cache
X-Sucuri-Cache
X-LB-NoCache
X-Rebelmouse-Cache-Control
X-Sucuri-ID
X-Session-Fingerprint
X-Udemy-Cache-App-Namespace
WebServer
Memory
Time
X-ZONE
Pics-Label
X-FC-Vary-Parameters
X-Fastly-Backend
X-Var-Ttl
Ssr
X-ATG-Version
X-Azure-Ref-OriginShield
Fastly-Drupal-HTML
SID
X-Tb-Optimization-Total-Bytes-Saved
X-Nf-Request-Id
X-Trace-ID
X-Pod-Name
Sid
X-MCACHE
X-NWS-UUID-VERIFY
X-Newrelic-App-Data
X-Via-Popv
X-Via-Popn
X-Generated-In
X-Via-Poph
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
X-Buckets
Server-ID
X-Xrds-Location
Env
X-Servedbyhost
X-Cache-Date
X-Refresh
X-Ig-Push-State
X-Conf
X-DC
X-Release
X-Edge-Pop
X-Cs
X-Microcachable
X-Up
X-Fpc
X-CACHE-AGE
X-MSEdge-Flight
X-NC
X-MSEdge-Features
X-Pass-Why
X-EC-Lua
X-Dispatch
X-Wa
X-Dmc
X-Esi
My-App
X-Tumblr-Pixel-3
X-PX
Fastly-Drupal-Html
X-Endurance-Cache-Level
X-Lambda-Id
GeoIp-Country-Code
X-ID
X-NGINX-Cache
X-CS
CDN
Magicmarker
X-Be
X-VCL-Version
True-Client-IP
X-Zone
X-TX-ID
X-TRACE-ID
X-Req
X-Vc
X-RateLimit-Reset
X-Webkit-CSP-Report-Only
X-CSRF-TOKEN
Hostname
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-CACHE-KEY
CacheControlHeader
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Hyper-Cache
X-Yandex-Sdch-Disable
X-CF-Lambda-Fn
X-TH-Server
X-LB-ID
True-Client-Country-4JS
X-CF-Lambda-Version
X-Srv
X-Micro-Cache
X-HS-Status
X-M-Log
X-Air-Pt
X-Op-Id-All
X-M-Reqid
Pramga
X-App
X-Alfa-Service
Resin-Trace
X-B3-Spanid
X-Vcl-Version
C-Via
Path
X-Qnm-Cache
True-Client-Ip
Tcn
X-Varnish-Beresp-TTL
X-TrackingId
Tracecode
N-Cache
GeoIP-Country-Code
X-SERVER-NAME
X-Vercel-Id
On-Server
X-GeoIP-Region-Code
Proxy-Connection
X-GeoIP-Country-Code
X-Platform
Esi-Enabled
Fastcgi-X-Cache-Version
X-Vercel-Cache
X-PAYTM-SRV-ID
NtCoent-Length
X-Check-Cacheable
X-CLOUD-TRACE-CONTEXT
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
X-FPC
X-Datacenter
X-Accel-Expires-Debug
Hit
X-Date
Section-Io-Origin-Status
Section-Io-Id
WWW-Authenticate
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Akamai-Pragma-Client-IP
X-Webkit-Csp-Report-Only
X-Vtex-Remote-Cache
X-Via-CDN
GeoIP-Latitude
X-Platform-Processor
X-Vtex-Processado-Em
X-Platform-Router
X-WA
X-Geo
X-Lb-Id
X-Platform-Cluster
X-Mly-Id
X-RAMCache
X-Node-Id
Yjs-Id
Lb
Server-Id
YJS-ID
X-ServedByHost
X-SD-PageType
FSS-Cache
X-LAGOON
X-API-Version
ENV
X-Response-By
X-Edge-POP
X-Old-Content-Length
X-Request-Start
User-Agent
X-Dw-Trace-Id
X-Cdn-Forward
X-AIR-PT
Cdn
Cache-Key
HIT
X-Via-PopN
X-Via-PopV
Powered-By
X-PERF
X-ApacheServer
X-LiteSpeed-Cache-Control
X-Via-PopH
X-Location
X-Traceid
X-From
X-FL-EDGE
X-Instance-Name
Locid
Srvid
X-FORWARDED-FOR
X-Akamai-ERRuleID
X-Proxy-CacheRZ
X-CUA
X-Akamai-ERPolicy
Dnion-Transfer-Encoding
XkeyRZ
X-UA
DynaTrace
Server-Ttl
X-TT-LOGID
X-Via-Ucdn
Geoip-Latitude
X-Render-Time
X-Li-Pop
X-LI-Proto
X-Cache-Ttl
X-LI-UUID
X-Li-Fabric
Sm-Log-Id
X-Service-Response-Time
X-DB
X-DI
Ohc-File-Size
X-DSS
XServer
Nginx-CQVIP
X-RPS
XM
X-HN
PFcat
X-Webstats-RespID
X-RSL
X-RPM
CountryCode
X-DW
X-LiteSpeed-Tag
Location
X-Proxy-Upstream
DT-Hot-News
X-Proxy-Cache-Hk
PICS-Label
X-CF-Powered-By
X-VarnishDD-TTL
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-Cache-Ngx
X-Wp-Cf-Super-Cache
X-Varnish-Authentication
X-Fastly-Cache-Hits
X-Contensis-Viewer-Groups
X-HostName
X-Request-Url
X-B3-ParentSpanId
X-Director
Wpo-Cache-Message
Wpo-Cache-Status
X-Lb-Nocache
X-Cache-ASPX
X-ElasticPress-Query
Vha6-Origin
X-Fastly-Backend-Reqs
X-Cdn-Request-ID
Warning
Wp-Super-Cache
X-Ips-Loggedin
Req-ID
X-DataCenter
X-Yottaa-OS
Fastcgi-Cache-Ttl
X-Moov-T
WZWS-RAY
SRV
X-Mg-Cache
X-Moov-Xdn-Version