Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
Alt-Svc
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
X-XSS-PROTECTION
Server-Timing
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Robots-Tag
X-Backend
X-Cache-Group
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
X-Rq
X-Server-Powered-By
X-Age
Allow
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
EagleId
X-Dispatcher
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
P3p
Cf-Apo-Via
Nel
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Accept-CH
X-Pingback
X-Node
X-Host
X-OneAgent-JS-Injection
X-Server-Id
Surrogate-Control
X-Backend-Server
X-CST
X-Readtime
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Cache-Lookup
Permissions-Policy
X-Content-Security-Policy-Report-Only
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
Accept-Ch-Lifetime
X-Response-Time
X-Edge
X-HW
X-Ua-Compatible
Content-Location
X-Mod-Pagespeed
X-Clacks-Overhead
Accept-CH-Lifetime
X-Url
X-Ruxit-JS-Agent
X-Midtier
X-Oneagent-Js-Injection
X-ECACHE
Rating
X-ESI
X-Amz-Server-Side-Encryption
X-Mcache
X-Country
Xkey
X-Litespeed-Cache
X-Upstream
X-PC
X-TtlSet
X-Vname
X-Vcap-Request-Id
Cache-Tag
X-MS-InvokeApp
X-D2id
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Cache-TTL
RTSS
Edge-Control
Fastly-Restarts
X-Powered-By-Plesk
X-VARITI-CCR
Origin-Trial
X-Ac
X-Content-Type
Accept-Ch
X-Navigation-Version
X-Abt-Application-Version
X-Cached
X-Ruxit-Js-Agent
X-Goog-Hash
Service-Worker-Allowed
X-WebKit-CSP-Report-Only
X-Country-Code
X-GitHub-Request-Id
X-Ttl
X-Amz-Rid
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Browser-Type
X-Mg-S
X-Dw-Request-Base-Id
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Server-Name
Cross-Origin-Opener-Policy
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Powered-CMS
AR-ATIME
X-Middleton-Response
Response
AR-SID
AR-PoweredBy
AR-Request-ID
X-Amzn-Trace-Id
SPRequestDuration
SPIisLatency
X-Cache-Key
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-Version
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Cnection
X-Accel-Expires
X-Times
Cache-Tags
X-T
Cache-Status
X-NF-Request-ID
Front-End-Https
X-Fastcgi-Cache
Edge-Cache-Tag
X-MSEdge-Ref
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Px
X-Ser
X-Hits
Public-Key-Pins
Nginx-Cache
X-Client-IP
X-NWS-LOG-UUID
X-Recruiting
X-Ua-Device
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Request-Received
X-Request-Processing-Time
X-Frontend
X-LLID
Server-Node
X-Shield-Request-Id
X-Webkit-CSP
Payment
X-Ua-Browser
Access-Control-Request-Method
X-Kinja-CCPA
X-DIS-Request-ID
TP-Cache
X-B3-Traceid
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-RateLimit-Remaining
X-Goog-Metageneration
X-HS-Cache-Config
X-HS-Combine-CSS
S
X-HS-Content-Id
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-Ratelimit-Remaining
TP-L2-Cache
X-Content-Digest
X-LB-Cache
X-FastCGI-Cache
X-Distributor
Content-MD5
X-PressLabs-Stats
X-Microsite
X-Request-Handler-Origin-Region
Realpath
X-Ezoic-Cdn
X-Webkit-CSP-Report-Only
X-Hostname
X-Geo-Country
X-Forwarded-For
X-Server-ID
Access-Control-Allow-Method
X-Page-Id
Accept-Charset
X-RateLimit-Limit
Fastcgi-Cache
X-FB-Debug
X-GUploader-UploadID
X-Cluster-Name
X-Rid
X-Correlation-Id
X-Protected-By
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Envoy-Decorator-Operation
X-Seen-By
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Ratelimit-Limit
Cleartype
X-XRDS-Location
X-B3-Sampled
TCN
DC
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Newrelic-App-Data
Referer-Policy
X-Origin-Server
X-Debug-Info
X-Mobile
X-Webkit-Csp
Cross-Origin-Resource-Policy
X-TTL
X-Varnish-Backend
X-Origin-Cache
X-Logged-In
X-Aspnet-Version
X-Git-Hash
X-Azure-Ref
X-Contextid
X-Varnish-Grace
X-Kinsta-Cache
X-Edge-Location-Klb
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-Revision
Surrogate-Key
X-Amz-Replication-Status
X-App-Environment
X-Aspnet-Duration-Ms
X-Flags
X-Grace
X-Fb-Rlafr
Alternate-Protocol
Count-Hit
X-TT
X-Content-Options
X-Amz-Meta-S3cmd-Attrs
Healthy
X-IPS-LoggedIn
X-Wix-Request-Id
X-Forwarded-Proto
X-Client-Ip
X-Whom
X-App-Server
Frame-Options
Charset
X-Hosted-By
WPO-Cache-Message
WPO-Cache-Status
X-Akamai-Edgescape
Viewport
MS-Author-Via
Filterid
X-Daa-Tunnel
X-Id
X-Oracle-Dms-Ecid
X-Magnolia-Registration
X-B
X-Backend-Name
Paypal-Debug-Id
X-Oracle-Dms-Rid
Retry-After
Section-Io-Cache
X-Cache-Age
X-F-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Az
SRV
X-Trace-Id
X-AppVersion
X-Activity-Id
X-Proxy-Cache-Info
X-Www-Served-By
Server-Name
X-Type
X-Varnish-Server
X-App-Version
Refresh
X-Cache-Rule
X-Proxy
Akamai-GRN
Host
VIX-Pulpo-Node
X-Response-Served-From
X-Rule
X-ARC
X-Time
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
X-Http-Reason
X-Instance
SD-X-WS
Version
X-Rocket-Nginx-Serving-Static
X-Edge-Location
X-Status
X-EdgeConnect-Cache-Status
Front
Protected
X-UUID
X-User-Agent
X-Akamai-Request-ID2
X-Varnish-Age
X-Cache-Grace
X-L-Path
X-Jobs
X-Rendered-As
X-Is-Bot
X-N
X-Unique-Id
X-Region
X-Page-View
X-FW-Static
X-FW-Hash
X-COUNTRY
X-Environment-Context
Fastly-SWR
X-FW-Serve
X-FW-Dynamic
X-FW-Server
X-FW-Type
X-FW-Version
Fastly-SIE
X-Adobe-Content
Access-Control-Request-Headers
X-Cacheable-TTL
X-Framework
X-Cache-Time
X-Adobe-Loc
From-Origin
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-G
X-RemovedCookies
X-Load-Cache
X-ProcessESI
ServerID
X-Upgrade-Enabled
X-Source
X-Language
X-Varnish-Ttl
X-RateLimit-Reset
Country
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Content-Disposition
X-Datadog-Parent-Id
X-CDN-Forward
X-Vcache
X-Drupal-Cache-Tags
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-HTML-Minification-Powered-By
X-Datadog-Sampled
Accept-Language
X-Amzn-Remapped-Content-Length
Countrycode
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-DataDome
X-DynaTrace
X-Mg-Request-UUID
X-Debug-IsPreview
X-Nf-Request-Id
X-Debug-IsConnected
X-ID
X-Generated-By
X-DynaTrace-JS-Agent
Backend
X-ECache
X-B3-SpanId
Xet-Cookie
X-B-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Signature
X-WP-CF-Super-Cache
CF-IPCountry
Liferay-Portal
Xserver
X-Nginx-Cache
X-Tt-Logid
X-Httpd
X-Mode
X-NYM-Debug-Backend
X-Erf-Web-Scheduler
X-Drupal-Cache-Contexts
X-Device-Type
X-Content-Powered-By
Webserver
X-Servername
X-Content-Age
Url
X-Zen-Fury
X-Xrds-Location
X-Rewrite-Enabled
Azure-SiteName
Azure-InstanceId
X-Sucuri-Cache
Azure-RegionName
X-Sucuri-ID
Fastcgi-Useragent
X-UPSTREAM-Address
Azure-SlotName
X-GeoCode
X-GeoCountry
X-LAGOON
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-SaId
X-Cache-Operation
X-Tb
X-Git-Commit
X-JoinUs
X-Proto
Filters
Azure-Version
X-Director
Meta-Geo
X-ServerID
X-Urbn-Site-Id
Onion-Location
X-Urbn-Context-Path
S-Rt
Locale
X-Container-Uri
X-Varnish-Cache-Hits
Load-Balancing
GEO-INFO
X-Cache-Action
Uber-Trace-Id
X-PHP-Host
X-Cluster-Node
X-Varnish-Hostname
X-RM-Cache-TTL
X-VC-Cache
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Soup
X-Cache-Server
X-Ms-Version
X-Logging-Id
X-Detected-As
CDN-RequestId
X-Generation-Time
Web-Mar-Node
X-Adobe-Source
X-Ms-Request-Id
X-Sql-Duration-Ms
X-Storage
X-Ratelimit-Reset
X-VCT
X-Sql-Count
X-Extlb
TWC-Privacy
Mn-Server-Ip
Webcakes-App-Name
Webcakes-App-Version
X-FB-TRIP-ID
Webcakes-Region
X-Zipkin-Id
Node
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-RCS-CacheZone
Property-Id
X-Debug
TWC-Locale-Group
DB-Nickname
X-Skip-Cache
X-Routing-Service
X-Origin-Hint
X-R9-Blue-Green-Version
X-Served-From
X-Proxied
X-LSADC-Cache
X-Uri
X-Tumblr-Pixel-2
Selected-Fe
X-Proxy-Build
X-Timing-Wait
X-Tumblr-Pixel-3
X-Format
X-Fetched-On
X-Lambda-Id
OT-Force-Account-Verify
X-Template
X-Origin-Date
Fastly-Drupal-HTML
X-MP-GENERATED-AT
X-XRDS-LOCATION
Source
X-MCACHE
X-Cache-Expired-At
X-Loop
X-Tncms
X-Cache-Hit
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Varnish-Hits
X-Pass-Why
X-Via-JSL
X-Endurance-Cache-Level
Content-Secure-Policy
X-Cache-TTL-Remaining
X-Redis-Cache
X-Srv
X-UA-Device-Type
X-Ua
X-NGENIX-Cache
Upgrade-Insecure-Requests
X-Node-Name
X-Real-IP
X-Fastly-Request-Id
Cross-Origin-Window-Policy
X-AIR-PT
X-Pubstack
X-Origin-TTL
X-Origin-CC
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Server-W
Section-Io-Origin-Status
Section-Origin-Responded
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-GEO
NGB
Cache-Hits
X-PHP-Backend
X-S
X-Rn-Rsrv
Cache-Provider
X-Cache-Host
CDN-CachedAt
MS-CV
CDN-Cache
X-RTag
X-CSRF-Token
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-RequestPullCode
Cache-Name
CDN-Uid
Ms-Operation-Id
CDN-PullZone
CDN-RequestCountryCode
X-Cache-Type
X-Restarts
X-TimeS
X-Cms-Context
X-Hl-Ver
X-Reqid
X-Aspnetmvc-Version
X-Xfnlog-Site
Apigw-Requestid
X-IPLB-Instance
X-IPLB-Request-ID
X-Optimistic-Header
X-Akamai-Transformed
X-Datadome
X-TA-CDN-Provider
X-BYPASS-REASON
X-ProxyCache-Status
X-No-Session
X-CACHE-AGE
X-ProxyCache-Key
X-Newrelic-Synthetics
X-Parent-Response-Time
Meta-Geo-Continent
X-Origin-Time
Sslversion
Ngx.Var.Host
MD5-Digest
X-Orig-Expires
Redirect-Candidate
Odigeo-Trace-Id
Rendered-Blocks
N-Cache
Server-Host
Gh-Request-Id
Candidate-Md5Url
X-GeoIP-Country-Code
CPC-Cache
DCR-Decision-By
X-Policy
BehaviorPad-Version
X-Rojux
X-Request-Host
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
DCR-Processing-Time-Ms
Fastly-Backend-Name
L
L5d-Success-Class
Lang
Magicmarker
HA-Ipaddr
Ha-Gx-Prefs
Fastly-GeoIP-CountryCode
Fastly-SSL
Gannett-Cam-Experience-Id
Surrogated-Key
Mail-Subject
X-A-Dgt
X-D
X-Csrf-Jwt
X-Date
X-Debug-Cache-Fetch
X-Destination
X-Debug-Cache-Store
X-Conf
X-CGP
X-Irp-Debug
X-CacheTTL
X-Cdn-Diag
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Developer
X-Dispatcher-Number
X-FC-Vary-Parameters
X-Has-Esi
X-Forwarded-Path
X-Gdpr
X-GeoIP-Region-Code
X-Fastly-Backend
X-External-Request-Id
X-Ec-Fail
X-Ec-Custom-Error
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Eu-Site
X-Is-Gdpr
X-JWT-State
X-A
Web-Mar-Region
X-A-Ccd
X-A-Dam
X-A-Dcw
We-Hiring
W
X-Nyt-Route
True-Client-Country-4JS
Vix-Hermes-Req-Id
VNS-Age
VNS-Cache
X-S-Cookie
X-A-Wwc
X-Bl-Debug
X-BCube-Filmed-By
X-Cache-Bucket
X-Cache-Info
X-Cache-NE
X-Bc-Bl
X-B-Cookie
X-Accel-Expires-Debug
X-Accel-Buffering
X-Mvc-Supplant-Cachable
X-Aed
X-Application
T-Server
CPC-Age
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Path
X-Vdms-Version
X-Wikidot-Static-Cache
X-TIM-N
X-LJ-Flow-ID
X-Slack-Shared-Secret-Outcome
X-SRCache-Key
X-Wikidot-Backend
X-Viewer-Country
X-Tenant
X-Worker
X-SD-PageType
X-VG-WebCache
X-ScT
X-AWS-Id
X-Var-Ttl
X-VWS-Id
X-We-Are-Hiring
X-Wix-Viewer-Type
X-Via-Fastly
X-Shop-Environment
X-Cluster
X-Slack-Backend
X-Handled-By
X-Access
X-Section
X-Variation
X-Varnishpool
X-Mly-Id
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Thinkindot-Control
X-Org
X-Old-Content-Length
Req-Svc-Chain
Release
Platform
Producers
X-Thinkindot-L3
TDXMobile
X-S-Maxage
X-Node-Id
X-Alternate-Cache-Key
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Nitro-Cache
X-Cache-Debug
X-App
X-DefElseHash
X-Human
X-Core-Value
X-INCAP-ABP
X-Core-Mission
X-DefHash
X-DPWN-IS-SECURE
X-Gzip
X-Geo-Header
X-Forwarded-Site
X-Fmm-Version
X-Esi-Check
X-Hash
X-CMSURLCustom
X-Clientip
X-BBC-Edge-Cache-Status
X-Vmg-Version
X-Loc
X-Auto-Login
X-Mid
X-App-Name
Origin
X-Cache-Id
X-Cdn-Origin
X-Clara-WADP
X-WADP-Cache
X-VServer
X-Proxy-Cache-Status
X-ApacheServer
X-Up
Datacenter
X-ShopId
X-Sn-Servicetimems
AKAMAI
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
Memcached
Cmsid
Cmstype
X-Platform
X-SVT-ORM-RULES
Canary
X-SVT-ORM-VERSION
Is-Eu
Adler-Geo
X-Server-IP
X-Origin-Response-Time
Host-ID
X-Test
X-ShardId
Environment
X-PAYTM-SRV-ID
X-PERF
X-Sorting-Hat-ShopId
Expect-Staple
X-Request-Time
User-Cache-Control
ServedBy
X-Bip
Country-Code
X-Akamai-Device-Characteristics
X-Block-Status
X-Level-Front-Cache
Esi-Enabled
X-Cdn-Srv
X-From
X-Qloud-Router
X-Pool
X-Gen-Mode
X-Generated-On
X-GeoIP
X-Scale
X-Dispatcher-Server
X-Device-Os
Apple-News-Services-Request-Url
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Hnp-Log
Apple-News-Services-Handled
X-WA-Info
DSUID
NM-Fastcgi-Cache
X-Nananana
X-Owner
Machine
X-NodeID
X-Mvc-Supplant-OutputCached
X-Thanos
Server-Hostname
X-Presslabs-Stats
Sever-Int
X-Origin
Server-Ext
X-Vcl-Version
X-Tx-Id
Ssr
Server-Info
X-Refresh
C-Via
X-Cache-Enabled
CloudFront-Viewer-Country
X-Instance-Name
X-LB-NoCache
X-Nginx-Cache-Key
Wxu-Next-Commit
Origin-EX
Wxu-Next-Region
WP-Super-Cache
Origin-CC
Wxu-Next-Hostname
X-Web-Node
Pics-Label
X-TIME
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Cs
X-Op-Id-All
Server-ID
Time
Memory
X-Azure-Ref-OriginShield
X-Amz-Meta-Cb-Modifiedtime
X-NCache
X-Cache-Status-Check
X-HA-Backend
Hostname
X-API-Version
X-ZONE
Origin-Agent-Cluster
NGX
Cf-Device-Type
GeoIP-Latitude
X-URL
Cache-Host
X-Platform-Cluster
X-Origin-Expires
X-Platform-Router
X-Microcachable
X-Platform-Processor
X-Tb-Optimization-Total-Bytes-Saved
X-VHOST
AMP-Access-Control-Allow-Source-Origin
X-Correlation-ID
X-CACHE-GROUP
XM
X-DC
X-Locale
X-Site-Version
X-HN
X-Dc
PFcat
X-VarnishDD-TTL
X-Wp-Cf-Super-Cache-Active
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Ad-Defer-Variation
X-Fpc
Resin-Trace
X-Micro-Cache
X-Via-CDN
Edge-Copy-Time
X-Via-Edge
X-Webkit-Csp-Report-Only
X-Vgn-Hpd-Reason
X-Internal-Host
Locid
Srvid
X-FL-QIT-DEBUG
X-Via-SSL
A
X-FL-EDGE
YJS-ID
X-WP-CF-Super-Cache-Active
X-Zone
Cdn-Requestid
X-DataCenter
X-Pod-Name
X-Cache-ASPX
X-Upstream-Ht
X-Upstream-Ct
X-Contensis-Viewer-Groups
X-ATG-Version
X-Github-Request-Id
X-FireWall-Port
X-TraceId
Sid
X-Moov-T
X-Moov-Xdn-Version
User-Agent
True-Client-Ip
Cache-Key
X-AB
X-Varnish-Authentication
Uri
X-SIPLIST1
IsBot
X-Cached-By
Location
X-Buckets
X-LiteSpeed-Cache-Control
GeoIP-Country-Code
X-Info
X-B3-Parentspanid
X-Geo-Region
X-B3-Spanid
X-Backend-Instance
State
X-Planisys-CDN-Rules
X-FTR-Request-ID
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-HS-Content-Campaign-Id
X-Accel-Version
X-NGINX-Cache
X-Platform-Server
X-Nitro-Rev
X-Nitro-Cache-From
X-LiteSpeed-Tag
SID
X-Provided-By
CF-Ctrl
GeoIp-Country-Code
X-Fastly-Cache
X-Release
X-MSEdge-Flight
X-MSEdge-Features
X-CS
X-VCache
X-Tcp-Rtt
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Tablet
X-Rocket-Build-Number
X-VC
XServer
Cdn
X-Sigma-Backend
X-Sigma
X-Browser-Name
X-Is-Desktop
X-RN-RSRV
X-Datacenter
NtCoent-Length
X-Cache-Remote
X-NewRelic-App-Data
X-CSRF-TOKEN
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
True-Client-IP
X-Vgn-Hpd-Ssi
Cache
Path
X-Geo
Lb
X-Api-Version
X-Generated-In
X-Gamma-Serve
X-GeoIP-City
X-HS-Status
X-TRACE-ID
X-SRV
Epwk-X-Cache
X-Scheme
X-Hyper-Cache
X-FPC
Fastly-Drupal-Html
Tcn
X-HostName
X-Frame-Option
WebServer
X-Webstats-RespID
X-Service
X-GoCache-CacheStatus
Ohc-File-Size
Cache-Tv-Group
X-UA
X-Rebelmouse-Surrogate-Control
Serverid
X-APP-VERSION
Cf-Ipcountry
CountryCode
X-Rebelmouse-Cache-Control
Kp-EeAlive
X-Amz-Meta-Opti
Cdnsip
X-Esi
X-AK-Request-ID
X-Air-Pt
Cdncip
X-Guploader-Uploadid
Srv
X-EC-Lua
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
HostName
X-Location
X-Mobile-URL
X-Traceid
X-Branch-Name
X-Cache-Ttl
LB
X-Wp-Cf-Super-Cache-Cookies-Bypass
XkeyRZ
X-Men
Proxy-Connection
WZWS-RAY
Yak-Timeinfo
X-Proxy-CacheRZ
On-Server
Ohc-Cache-HIT
X-Cdn-Cache-Status
X-Region-Sid
X-Vc
Env
X-Aicache-OS
Cdn-Host
X-Cache-Tags
X-Pad
CacheControlHeader
X-Vercel-Cache
X-Developers
X-Edge-Server
Cdn-Request-Time
X-Vercel-Id
X-VCL-Version
X-Origin-Cache-Key
X-CACHE-KEY
X-TX-ID
CDN
X-FTR-Backend
X-LB-ID
Geoip-Latitude
Req-ID
X-Country-Code-Real
M-TraceId
X-CDN-Cache-Status
X-Cdn-Forward
X-Cache-FS-Status
Tube-Get-Contents
RNT-Time
Tube-Got-Results
X-Via-Poph
Tube-Return
X-Via-Popv
X-Via-Popn
X-V-Cache
RNT-Machine
X-SB
X-Cdn-Request-ID
X-Req
X-Servedbyhost
Click-Count-Action-Start
Mime-Version
Click-Count-Error
X-Nc
Tube-Got-Eval
X-Wa
X-Minions-Version
X-FTR-Expires
X-NWS-UUID-VERIFY
X-FTR-Balancer
X-B3-Trace-ID
X-FTR-Backend-Server
Ngx
X-NMSegId
X-FTR-Cache-Status
V-Age
X-Acquia-Purge-Cdn-Unconfigured
X-Akamai-Pragma-Client-IP
X-Edge-Pop
X-Lb-Cache
X-Ha-Backend
WWW-Authenticate
Server-Id
Content-Style-Type
CF-Cached-On
X-WP-CF-Super-Cache-Cookies-Bypass
X-Fastly-Country-Code
ENV
X-Ad-Load-Variation
Cluster
Content-Script-Type
X-TT-LOGID
X-Lb-Nocache
X-Request-Start
X-Scope-Id
X-M-Log
X-M-Reqid
PICS-Label
X-MiniProfiler-Ids
X-Snapshot-Date
X-Edge-POP
X-Check-Cacheable
X-IN-APIGATEWAYSSL
X-User
X-IN-APIGATEWAY
X-Acquia-Site
X-Dw-Trace-Id
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Via-Ucdn
Yjs-Id
X-APP
X-TH-Server
X-Processor
X-Shield-Cache-Expires
X-Varnish-Beresp-Status
X-Request-URI
X-Qnm-Cache
Log-Origin
Pramga
X-Fastly-Backend-Reqs
X-Miniprofiler-Ids
Inserted-Into-Cache-At
X-Fastly-Cache-Hits
Vha6-Origin
X-Cached-Since
CACHE-MISS-TO-ORIGIN
X-Ckpd-Fst-Backend
X-Iauth-Set-Uid
X-Litespeed-Cache-Control
X-RAMCache
Cneonction
X-ElasticPress-Query