Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-Id
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-CDN
X-AspNetMvc-Version
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
Cf-Apo-Via
X-Device
Cf-Railgun
X-Server-Id
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Dns-Prefetch-Control
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Ruxit-JS-Agent
X-Readtime
X-Cache-Lookup
X-HW
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-CST
X-WebKit-CSP-Report-Only
Accept-Ch-Lifetime
Content-Location
X-Content-Type
X-Country
X-Mcache
X-Url
X-MS-InvokeApp
X-Clacks-Overhead
Rating
X-ECACHE
X-Midtier
X-Amz-Server-Side-Encryption
X-PC
X-Vname
X-TtlSet
RTSS
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
Origin-Trial
X-Litespeed-Cache
Verso
X-Server-Name
X-Exp-Variant
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Ac
X-Use-Magma
X-ESI
X-Varnish-TTL
X-Rack-Cache
X-B3-TraceId
X-Cnection
X-Powered-By-Plesk
Service-Worker-Allowed
X-GitHub-Request-Id
X-Ttl
Xkey
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
X-Cache-TTL
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
Edge-Control
X-NWS-LOG-UUID
X-Cached
X-Px
Arr-Disable-Session-Affinity
X-Mg-S
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Browser-Type
SPIisLatency
SPRequestDuration
X-Upstream
X-Cache-Key
X-Correlation-Id
X-Middleton-Display
Display
Pagespeed
X-Sol
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastcgi-Cache
X-NF-Request-ID
Access-Control-Request-Method
Edge-Cache-Tag
X-Goog-Hash
X-Country-Code
Front-End-Https
X-Daa-Tunnel
X-Forwarded-For
X-Version
Public-Key-Pins
X-XRDS-Location
AR-ATIME
AR-CACHE
X-Powered-CMS
AR-SID
AR-PoweredBy
AR-Request-ID
TCN
X-Id
X-HP-Webp
X-HP-Trace-Id
X-T
X-Jurisdiction
X-MSEdge-Ref
X-Recruiting
X-Content-Digest
X-RateLimit-Remaining
X-Accel-Expires
X-Middleton-Response
Response
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Ser
TP-L2-Cache
TP-Cache
X-Amzn-Trace-Id
Nginx-Cache
X-Fastly-Request-ID
S
X-Ratelimit-Limit
X-Request-Received
X-Request-Processing-Time
X-HS-Cache-Config
X-HS-Hub-Id
X-Hits
Server-Node
X-HS-Content-Id
X-HS-Combine-CSS
Cache-Status
X-Distributor
MicrosoftSharePointTeamServices
Cache-Tags
X-Edge-Location-Klb
X-Kinsta-Cache
Fastcgi-Cache
X-Grace
Alternate-Protocol
Server-Name
X-Ratelimit-Remaining
X-Protected-By
X-Ezoic-Cdn
X-DIS-Request-ID
X-Origin-Server
X-LB-Cache
X-Ratelimit-Reset
X-Ua-Browser
X-DataDome
X-Geo-Country
X-FastCGI-Cache
X-Microsite
X-Frontend
X-Request-Handler-Origin-Region
X-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Debug-Info
Cross-Origin-Opener-Policy
X-Git-Hash
Filterid
X-Varnish-Backend
Healthy
Cleartype
X-Logged-In
Payment
X-Www-Served-By
X-Forwarded-Proto
X-FB-Debug
X-Page-Id
X-Webkit-Csp
X-Load-Cache
X-NGENIX-Cache
X-ASPNET-VERSION
Charset
X-LLID
X-B3-Sampled
DC
X-Hostname
X-Cluster-Name
X-Origin-Cache
X-VCache
Content-Disposition
X-TTL
X-Ruxit-Js-Agent
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MS-Author-Via
X-Goog-Metageneration
X-GUploader-UploadID
X-PressLabs-Stats
X-Upgrade-Enabled
Access-Control-Allow-Method
Retry-After
Accept-Ch
X-Proxy
X-F-Cache
Accept-Charset
Cross-Origin-Resource-Policy
X-Type
X-Activity-Id
X-AppVersion
Paypal-Debug-Id
X-Amz-Replication-Status
X-Az
X-Revision
X-Oracle-Dms-Rid
X-Contextid
X-Oracle-Dms-Ecid
X-Signature
X-B-Cache
X-Amz-Meta-S3cmd-Attrs
X-Providence-Cookie
X-Aspnet-Duration-Ms
Viewport
X-Seen-By
X-Azure-Ref
X-Flags
X-Request-Guid
X-Is-Crawler
X-Route-Name
X-Hosted-By
X-Varnish-Server
X-ORACLE-DMS-ECID
X-Wix-Request-Id
X-ORACLE-DMS-RID
X-Whom
X-Fb-Rlafr
X-Aspnetmvc-Version
X-App-Environment
Realpath
X-TT
X-DynaTrace
X-B
Amp-Access-Control-Allow-Source-Origin
Surrogate-Key
Count-Hit
X-Source
Referer-Policy
X-Akamai-Edgescape
X-Language
X-App-Server
X-Mobile
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Template
X-B3-Traceid
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Cache-Control
X-RateLimit-Limit
Host
X-Varnish-Grace
X-EdgeConnect-Cache-Status
X-N
Version
X-Magnolia-Registration
X-Cache-Rule
X-HTML-Minification-Powered-By
SRV
X-Tumblr-Pixel-1
X-Tumblr-User
X-Original-Request-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Response-Served-From
X-UUID
X-Varnish-Age
X-Cache-Time
X-RTag
X-Envoy-Decorator-Operation
X-Cache-Status-Check
SD-X-WS
MS-CV
Ms-Operation-Id
Access-Control-Request-Headers
VIX-Pulpo-Upstream-Status
Section-Io-Cache
VIX-Pulpo-Node
X-Rule
Refresh
X-Cache-Expired-At
X-Framework
Akamai-GRN
X-FW-Server
X-RemovedCookies
X-FW-Version
X-FW-Type
X-ProcessESI
X-Cache-Grace
X-L-Path
X-Jobs
X-Page-View
X-FW-Static
X-FW-Dynamic
X-Environment-Context
X-Cacheable-TTL
X-FW-Hash
X-FW-Serve
X-Status
X-Servername
GEO-INFO
Protected
X-Rendered-As
X-Instance
X-Adobe-Content
X-Adobe-Loc
X-Content-Powered-By
X-Http-Reason
Url
X-Is-Bot
X-Akamai-Request-ID2
X-Cache-Age
X-Backend-Name
X-User-Agent
X-Device-Type
X-NYM-Debug-Backend
X-G
NGB
X-Trace-Id
X-Debug-IsPreview
X-Debug-IsConnected
X-COUNTRY
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Newrelic-App-Data
X-Drupal-Cache-Tags
From-Origin
CDN-RequestId
WPO-Cache-Message
WPO-Cache-Status
X-Nginx-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Hit
X-Region
Accept-Language
Front
X-Tb
Country
X-Node-Name
X-Tt-Logid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Backend
X-Real-IP
X-Content-Options
Fastly-SIE
Fastly-SWR
X-TIME
Uber-Trace-Id
X-Mode
X-Unique-Id
X-XRDS-LOCATION
X-Tec-Api-Version
X-Tec-Api-Root
X-Buckets
X-Tec-Api-Origin
Fastly-Drupal-HTML
X-VC-Cache
X-Zen-Fury
X-Cache-Operation
Content-Secure-Policy
X-Times
X-DynaTrace-JS-Agent
X-Generation-Time
Filters
Meta-Geo
X-RN-RSRV
X-Tumblr-Pixel-2
X-Rewrite-Enabled
X-UPSTREAM-Address
Onion-Location
X-Access
Azure-Version
X-Section
CF-IPCountry
Azure-SlotName
X-Rocket-Nginx-Serving-Static
X-Cache-Server
X-Amzn-Remapped-Content-Length
X-Web-Node
Azure-InstanceId
X-Format
Webserver
X-Proxy-Cache-Info
Azure-RegionName
Azure-SiteName
Property-Id
X-Content-Age
TWC-Connection-Speed
X-Adobe-Source
TWC-Device-Class
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Version
X-IPS-LoggedIn
Webcakes-Region
X-Sql-Count
X-Cache-Action
X-Say-TTL
X-SayCDN-TTL
X-Varnish-Beresp-Grace
X-Say-Cacheable
X-Fastly-Request-Id
X-Sucuri-Cache
Cache-Hits
X-Sucuri-ID
X-Locale
X-Sql-Duration-Ms
X-Skip-Cache
X-Server-W
X-Cache-TTL-Remaining
X-Cache-Host
X-Soup
X-Debug
X-PHP-Backend
X-Origin-Hint
X-Proxy-Cache-Status
S-Rt
DB-Nickname
X-Via-Fastly
X-Handled-By
X-Ua
X-Proto
X-Reqid
X-UA-Device-Type
X-Edge-Location
X-Site-Version
X-R9-Blue-Green-Version
X-Forwarded-Host
X-Cluster-Node
X-Ms-Request-Id
X-Ms-Version
Web-Mar-Node
ServerID
X-Cms-Context
Cache-Name
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-URL
Apigw-Requestid
X-LAGOON
X-Labrador-Cache-Channel
X-Urbn-Site-Id
X-LSADC-Cache
X-Urbn-Context-Path
X-JoinUs
X-GeoCountry
X-Extlb
X-Detected-As
X-FB-TRIP-ID
X-VWS-Id
X-Zipkin-Id
X-AWS-Id
X-PHP-Host
X-Cluster
X-SaId
X-LJ-Flow-ID
X-IPLB-Request-ID
X-IPLB-Instance
X-Routing-Service
X-ProxyCache-Key
X-Proxy-Build
X-Proxied
ServedBy
X-ProxyCache-Status
X-BYPASS-REASON
X-Timing-Wait
X-GeoCode
CDN-CachedAt
Cross-Origin-Window-Policy
CDN-PullZone
Mn-Server-Ip
Locale
CDN-Cache
CDN-EdgeStorageId
Selected-Fe
CDN-Uid
CDN-RequestCountryCode
X-No-Session
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Xfnlog-Site
WP-Super-Cache
Mime-Version
Fastcgi-Useragent
Node
X-Time
X-ECache
Liferay-Portal
X-SRV
X-Tumblr-Pixel-3
X-Optimistic-Header
X-Hl-Ver
X-CACHE-AGE
X-Request-Time
X-Oneagent-Js-Injection
Source
X-Redis-Cache
X-Cache-Debug
X-Origin-Date
X-Presslabs-Stats
X-Loop
Upgrade-Insecure-Requests
X-TNCMS
X-Generated-By
X-Mg-Request-UUID
X-Uri
CF-Cached-On
Xserver
X-GEO
X-Varnish-Hits
X-Akamai-Transformed
X-Director
Xet-Cookie
Countrycode
X-TA-CDN-Provider
X-Pass-Why
X-ARC
X-NWS-UUID-VERIFY
X-Tx-Id
X-Newrelic-Synthetics
X-Varnish-Beresp-Ttl
Frame-Options
X-Tid
X-FireWall-Port
X-Origin-TTL
X-Origin-CC
X-Storage
X-Varnish-Ttl
X-Varnish-Cache-Hits
X-App-Version
Cache-Tv-Group
X-Service
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShardId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Varnish-Hostname
X-DC
X-RM-Cache-TTL
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Endurance-Cache-Level
Environment
X-Datadog-Trace-Id
X-ServerID
Origin
X-Processor
Odigeo-Trace-Id
Ngx.Var.Host
X-Served-From
Memcached
Redirect-Candidate
Release
Surrogated-Key
T-Server
Sslversion
X-Platform-Router
Rendered-Blocks
Req-Svc-Chain
MD5-Digest
Lang
DCR-Processing-Time-Ms
Edge-Cache
DCR-Decision-By
X-Rojux
Candidate-Md5Url
X-S
Gannett-Cam-Experience-Id
Host-ID
X-Mobile-URL
A
X-ScT
X-S-Maxage
X-S-Cookie
TDXMobile
BehaviorPad-Version
Thinkindot-CacheControl
X-Destination
X-Developer
X-Ec-Fail
X-D
X-Core-Value
X-Cache-NE
X-CMSURLCustom
X-Conf
X-Ec-GeoHdr
X-Nyt-Route
X-Level-Front-Cache
X-Loc
X-Mid
X-INCAP-ABP
X-Generated-On
X-Epic-Correlation-Id
X-External-Request-Id
X-Gdpr
X-Cache-Info
X-BCube-Filmed-By
X-A
X-A-Ccd
X-A-Dam
WWW-Authenticate
X-Platform-Cluster
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Platform-Processor
X-A-Dcw
X-A-Dgt
X-B-Cookie
X-BBC-Edge-Cache-Status
X-Bc-Bl
X-Application
X-Origin-Time
X-A-Wwc
X-Aed
Server-Info
Meta-Geo-Continent
X-B3-Spanid
X-Test
X-Vdms-Path
X-SRCache-Key
X-TIM-N
X-VG-TLSProxy
X-Thinkindot-L3
Xc-Version
X-We-Are-Hiring
X-Request-Host
X-Vdms-Version
SID
X-Org
Cache-Host
X-Core-Mission
X-Clara-WADP
X-CUA
X-Cdn-Origin
X-Cdn-Srv
X-Ec-Custom-Error
X-Frame-Option
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-Fetched-On
Magicmarker
X-Old-Content-Length
X-Developers
X-Varnish-Beresp-Status
X-Platform-Server
X-Rocket-Build-Number
X-Worker
X-Auto-Login
X-VServer
X-Akamai-Device-Characteristics
Vix-Hermes-Req-Id
X-WADP-Cache
X-Httpd
X-WA-Info
X-Vmg-Version
X-Location
X-Gamma-Serve
X-Cache-Bucket
Server-Host
Ssr
State
X-WP-CF-Super-Cache-Active
X-Origin-Response-Time
X-Bip
X-Pool
X-Fmm-Version
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CloudFront-Viewer-Country
X-Has-Esi
C-Via
X-HS-Content-Campaign-Id
X-Human
X-Sn-Servicetimems
X-Sigma-Backend
X-Sigma
X-SD-PageType
X-JWT-State
X-SVT-ORM-VERSION
X-Is-Gdpr
X-SVT-ORM-RULES
Cluster
Cache-Key
Decoy-Debug-Status
X-Geo-Header
X-GeoIP-City
Decoy-Debug-Key
X-Thanos
DSUID
Decoy-Debug-TTL
Country-Code
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Parent-Response-Time
Section-Io-Origin-Status
Section-Origin-Responded
X-NodeID
X-Azure-Ref-OriginShield
X-App
X-NCache
X-Owner
X-Accel-Expires-Debug
X-Accel-Buffering
Gh-Request-Id
X-Nananana
X-Wix-Viewer-Type
X-LB-NoCache
X-Men
X-Hash
Mail-Subject
CacheControlHeader
X-DefHash
X-Hnp-Log
X-Node-Id
X-Op-Id-All
X-Date
X-DefElseHash
X-GeoIP-Region-Code
X-Gen-Mode
X-Cache-FS-Status
X-Fastly-Backend
X-GeoIP
Kp-EeAlive
X-GeoIP-Country-Code
We-Hiring
X-Device-Os
X-Dispatcher-Number
X-Block-Status
X-Nginx-Cache-Key
Tube-Got-Results
NGX
X-Var-Ttl
X-V-Cache
Machine
L
On-Server
Origin-CC
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
Pics-Label
Origin-EX
X-Region-Sid
X-Req
X-Scale
X-SB
X-Pubstack
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
Cache-Provider
CDCHOST
Datacenter
X-Request-Start
X-Restarts
Click-Count-Error
Click-Count-Action-Start
X-Varnishpool
X-Qloud-Router
Svr
Tube-Get-Contents
Sever-Int
X-Planisys-CDN-Cache
User-Cache-Control
X-Planisys-CDN-TTL
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Hostname
Server-Ext
Wxu-Next-Region
Tube-Got-Eval
Tube-Return
X-Planisys-CDN-Rules
Server-Hostname
X-AIR-PT
Is-Eu
X-Esi-Check
X-Refresh
X-Forwarded-Site
Fastly-SSL
X-Gzip
X-HN
X-Server-IP
X-Cache-Date
Adler-Geo
X-Ad-Defer-Variation
Cmsid
NM-Fastcgi-Cache
Cmstype
Canary
X-Mvc-Supplant-Cachable
PFcat
X-Variation
X-Irp-Debug
X-Cache-Backend
Platform
X-Cache-Id
X-Origin
Producers
X-Ckpd-Fst-Backend
X-CacheTTL
X-FC-Vary-Parameters
X-VarnishDD-TTL
X-Up
X-Cache-Tags
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Minions-Version
X-Webkit-CSP-Report-Only
X-CSRF-Token
X-Cache-Remote
X-Microcachable
Ha-Gx-Prefs
HA-Ipaddr
X-Eu-Site
X-Trace-ID
X-Esi
L5d-Success-Class
X-CGP
X-Aicache-OS
X-Csrf-Jwt
X-Platform
X-Mvc-Supplant-OutputCached
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-Cached-By
Env
GeoIP-Latitude
Cdn
X-HA-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-Mly-Id
Load-Balancing
X-RCS-CacheZone
X-Servedbyhost
HostName
X-Fastly-Cache
X-AK-Request-ID
Server-ID
Cdncip
Cdnsip
X-Zone
X-ND-Cache
X-Nc
X-Origin-Expires
X-VC
X-DataCenter
X-Instance-Name
X-ZONE
X-Webkit-CSP
X-Vc
X-HS-Status
X-API-Version
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Wa
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-APP-VERSION
X-Api-Version
Memory
Time
X-Release
X-Response-By
X-Fpc
Cache
X-From
Expect-Staple
X-FL-EDGE
X-LB-ID
Srvid
Locid
X-FL-QIT-DEBUG
X-Via-NSCOPI
X-Generated-In
Hostname
X-CS
X-Correlation-ID
X-NGINX-Cache
X-Cache-Enabled
Eomportal-Instance
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Check-Cacheable
X-Edge-Pop
X-Client-Ip
NtCoent-Length
X-Vgn-Hpd-Cached
X-Via-CDN
X-Provided-By
X-Micro-Cache
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
Ngx-Var-Key
GeoIp-Country-Code
X-NewRelic-App-Data
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Via-Edge
X-Air-Pt
OT-Force-Account-Verify
Edge-Copy-Time
X-CSRF-TOKEN
X-Via-SSL
X-Proxy-CacheRZ
XkeyRZ
X-Debug-Cache-Store
X-Lambda-Id
X-SIPLIST1
X-MCACHE
X-Debug-Cache-Fetch
X-Amz-Meta-Cb-Modifiedtime
IsBot
True-Client-IP
X-Request-URI
X-Via-JSL
X-Dc
X-Vcl-Version
X-VCL-Version
X-Info
X-Cache-NGX
X-Nf-Request-Id
Sid
CPC-Age
X-Vtex-Remote-Cache
CPC-Cache
X-Render-Time
VNS-Age
VNS-Cache
X-EC-Lua
X-B3-SpanId
Uri
True-Client-Ip
Path
X-Cs
Srv
X-TH-Server
X-VCT
Fastly-Drupal-Html
Resin-Trace
Location
X-Server-ID
Request-ID
X-Oss-Request-Id
CDN
X-Oss-Storage-Class
X-Oss-Server-Time
X-Cache-Expires
X-Oss-Object-Type
X-ATG-Version
X-Oss-Hash-Crc64ecma
X-Fastly-Country-Code
X-Datadome
Cross-Origin-Opener-Policy-Report-Only
X-Varnish-Authentication
X-Contensis-Viewer-Groups
GeoIP-Country-Code
X-Edge-POP
X-MSEdge-Flight
X-CLOUD-TRACE-CONTEXT
Servername
X-MSEdge-Features
Esi-Enabled
X-Cache-ASPX
YJS-ID
X-Upstream-Ht
X-Accel-Version
X-Varnish-Beresp-TTL
X-Upstream-Ct
M-TraceId
X-TX-ID
X-Cache-Type
X-FPC
Timeexpire
X-CF-Lambda-Fn
X-Moov-T
X-Pod-Name
X-RateLimit-Remaining-Second
X-CF-Lambda-Version
Traceparent
X-Scheme
X-Cdn-Request-ID
X-RateLimit-Limit-Second
X-PAYTM-SRV-ID
X-Moov-Xdn-Version
CountryCode
X-PERF
X-Lb-Id
Sm-Log-Id
XServer
X-Service-Response-Time
X-RateLimit-Reset
LB
X-ApacheServer
X-Datacenter
X-Viewer-Country
X-Akamai-Pragma-Client-IP
HIT
X-Cdn-Cache-Status
N-Cache
X-Udemy-Cache-App-Namespace
X-Wikidot-Static-Cache
X-Wikidot-Backend
Server-Id
X-CDN-Cache-Status
X-WA
X-SERVER-NAME
X-Geo
X-Cache-Ttl
X-Tenant
X-Orig-Expires
X-Shop-Environment
Powered-By
X-Srcache-Fetch-Status
X-CACHE-KEY
X-Forwarded-Path
Ohc-File-Size
X-NC
RNT-Time
X-NAPM-TraceId
X-Bl-Debug
X-Srcache-Store-Status
RNT-Machine
Proxy-Connection
FSS-Cache
X-Ha-Backend
X-TraceId
ENV
X-MP-GENERATED-AT
Rip
Epwk-X-Cache
X-LiteSpeed-Cache-Control
X-ServedByHost
X-App-Name
X-Amz-Meta-Opti
V-Age
Geoip-Latitude
Yjs-Id
X-Cdn-Forward
X-Policy
X-Clientip
X-Dw-Trace-Id
Tracecode
True-Client-Country-4JS
X-Hyper-Cache
WZWS-RAY
X-B3-Trace-ID
X-M-Log
X-M-Reqid
X-RAMCache
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
X-Qnm-Cache
Content-Script-Type
Content-Style-Type
X-Snapshot-Date
X-Acquia-Application-Trace
X-Serial
X-Via-PopN
X-Via-PopV
X-UP
Ngx
X-Via-PopH
X-VG-WebCache
User-Agent
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Vgn-Hpd-Reason
X-Fastly-Backend-Reqs
X-B3-Parentspanid
X-B3-ParentSpanId
X-Swift-Error
XM
X-Lb-Nocache
Inserted-Into-Cache-At
Ec-Rule-Version
X-Wp-Cf-Super-Cache-Cache-Control
X-TT-LOGID
X-Lsadc-Cache
X-Wp-Cf-Super-Cache
X-F-Status
X-Webstats-RespID
X-Fastly-Cache-Hits
Hit
Lb
X-Request-URL
Cneonction
Warning
MIME-Version
My-App
X-LiteSpeed-Tag
X-IPS-Cached-Response
X-Cache-Ngx
X-Mid-Debug-Cache-Disk
X-Mid-Debug-Cache-Key
X-Th-Server
X-MiniProfiler-Ids
X-Stale