Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Report-To
Content-Security-Policy
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
CF-Ray
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-Id
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-XSS-PROTECTION
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
P3p
X-Proxy-Cache
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
CONTENT-SECURITY-POLICY
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Ua-Compatible
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
Cf-Apo-Via
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Server-Id
X-Host
X-Ruxit-JS-Agent
EagleEye-TraceId
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Cache-Spec
X-Cache-Lookup
X-Content-Security-Policy-Report-Only
X-HW
Accept-Ch-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
Content-Location
X-Mcache
X-Content-Type
X-MS-InvokeApp
X-Url
Accept-CH-Lifetime
X-Clacks-Overhead
X-CST
X-PC
X-TtlSet
X-Vname
X-Midtier
X-Amz-Server-Side-Encryption
Rating
X-Litespeed-Cache
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
Origin-Trial
X-Use-Magma
X-Kinja
X-Cdn-Fetch
Verso
X-Exp-Id
X-Exp-Variant
X-Rack-Cache
X-VARITI-CCR
X-Server-Name
X-Ac
X-Powered-By-Plesk
X-GitHub-Request-Id
Service-Worker-Allowed
X-Cnection
X-ECACHE
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Client-IP
X-Navigation-Version
Xkey
X-Ttl
X-Abt-Application-Version
Edge-Control
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-Upstream
X-B3-TraceId
Arr-Disable-Session-Affinity
X-NWS-LOG-UUID
X-Cached
X-Browser-Type
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Mg-S
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Varnish-TTL
X-Px
X-Cache-Key
Display
X-Sol
X-Middleton-Display
Pagespeed
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
Edge-Cache-Tag
X-Forwarded-For
X-Country-Code
X-Goog-Hash
X-NF-Request-ID
Content-MD5
TCN
X-Powered-CMS
Front-End-Https
X-Id
X-Correlation-Id
AR-Request-ID
AR-SID
AR-CACHE
AR-PoweredBy
AR-ATIME
Public-Key-Pins
X-RateLimit-Remaining
X-Ser
X-Version
X-HP-Webp
Accept-Ch
X-HP-Trace-Id
X-Jurisdiction
X-MSEdge-Ref
X-Content-Digest
X-Recruiting
X-T
X-Ratelimit-Limit
X-Amzn-Trace-Id
Response
X-Middleton-Response
X-Accel-Expires
TP-L2-Cache
TP-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
X-Daa-Tunnel
S
Nginx-Cache
Cache-Status
X-Webkit-Csp
X-XRDS-Location
X-Request-Received
Server-Node
X-Request-Processing-Time
Cache-Tags
X-B3-TraceId-Primal
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
MRF-Tech
Mrf-Cache-Status
X-Distributor
X-Hits
X-PressLabs-Stats
Cross-Origin-Opener-Policy
X-Edge-Location-Klb
X-Kinsta-Cache
X-LB-Cache
X-Origin-Server
X-Ratelimit-Remaining
X-Ua-Browser
X-ORACLE-DMS-RID
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
Fastcgi-Cache
Alternate-Protocol
X-Fastly-Request-ID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Fastcgi-Cache
X-Grace
Filterid
X-Ratelimit-Reset
Server-Name
X-Frontend
X-Hostname
X-Geo-Country
X-DIS-Request-ID
X-Microsite
X-Request-Handler-Origin-Region
X-Rid
X-LLID
Healthy
X-FB-Debug
X-Protected-By
Cleartype
X-Logged-In
X-Git-Hash
X-Varnish-Backend
Payment
X-Debug-Info
X-Www-Served-By
X-Load-Cache
X-Page-Id
X-Forwarded-Proto
X-Cluster-Name
X-NGENIX-Cache
DC
X-DataDome
Realpath
X-ECache
X-ASPNET-VERSION
MS-Author-Via
Content-Disposition
X-Origin-Cache
X-TTL
Access-Control-Allow-Method
Charset
X-B3-Sampled
X-GUploader-UploadID
X-Goog-Metageneration
X-Upgrade-Enabled
X-Proxy
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Activity-Id
X-Az
X-AppVersion
X-F-Cache
X-Seen-By
X-Cache-Age
X-B3-Traceid
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
Cross-Origin-Resource-Policy
Paypal-Debug-Id
X-Whom
X-Azure-Ref
X-Type
X-Fb-Rlafr
Count-Hit
X-Revision
X-B
Retry-After
X-Contextid
X-Akamai-Edgescape
Viewport
Surrogate-Key
X-Aspnet-Duration-Ms
X-App-Environment
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-Wix-Request-Id
X-Flags
X-Varnish-Server
X-Aspnetmvc-Version
X-Hosted-By
Accept-Charset
X-TT
X-Signature
X-B-Cache
Amp-Access-Control-Allow-Source-Origin
X-Times
X-DynaTrace
X-Language
X-VCache
X-Source
X-Cache-Control
X-App-Server
X-Envoy-Decorator-Operation
X-Mobile
X-Magnolia-Registration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Varnish-Grace
Host
Referer-Policy
Version
X-Server-ID
WPO-Cache-Status
WPO-Cache-Message
X-Fastly-Request-Id
X-N
X-Cache-Rule
Refresh
X-Oracle-Dms-Ecid
X-HTML-Minification-Powered-By
X-Oracle-Dms-Rid
X-Varnish-Ttl
X-Original-Request-Id
X-Tumblr-Pixel-1
Access-Control-Request-Headers
X-Cache-Time
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Response-Served-From
X-Varnish-Age
X-Tumblr-User
X-EdgeConnect-Cache-Status
X-Cache-Status-Check
X-Rule
X-G
X-Cacheable-TTL
SD-X-WS
X-Jobs
X-UUID
X-Cache-Grace
VIX-Pulpo-Node
Protected
Ms-Operation-Id
X-RTag
VIX-Pulpo-Upstream-Status
X-Tt-Trace-Tag
X-User-Agent
MS-CV
X-Framework
X-Tt-Trace-Host
X-Environment-Context
Akamai-GRN
X-Backend-Name
From-Origin
Section-Io-Cache
GEO-INFO
X-Status
X-L-Path
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-FW-Static
X-FW-Version
X-FW-Type
X-RemovedCookies
X-Amzn-RequestId
X-Content-Powered-By
X-Amz-Apigw-Id
X-FW-Hash
X-ProcessESI
X-Cache-Expired-At
X-Instance
X-Page-View
X-Nginx-Cache
X-XRDS-LOCATION
X-Device-Type
X-Akamai-Request-ID2
X-Http-Reason
X-RateLimit-Limit
X-Rendered-As
X-Is-Bot
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Region
X-NYM-Debug-Backend
X-Servername
X-Adobe-Loc
X-Trace-Id
Url
X-Adobe-Content
NGB
Front
SRV
CDN-RequestId
X-CDN-Forward
X-Unique-Id
X-Template
Accept-Language
X-Content-Options
X-Debug-IsPreview
X-Debug-IsConnected
Backend
X-Newrelic-App-Data
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Hit
Liferay-Portal
Fastly-SIE
Fastly-SWR
Pinterest-Version
X-Zen-Fury
X-Air-Hostname
X-Pinterest-Rid
X-Air-Trace-Id
Pinterest-Generated-By
X-Air-Source
Country
X-DynaTrace-JS-Agent
X-Time
X-Mode
Content-Secure-Policy
X-COUNTRY
X-Cache-Operation
X-Tb
X-Rocket-Nginx-Serving-Static
X-Uri
Node
X-Cache-Server
Meta-Geo
X-Amzn-Remapped-Content-Length
S-Rt
X-Content-Age
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-IPS-LoggedIn
Webserver
Filters
X-RN-RSRV
Onion-Location
X-Proxy-Cache-Info
X-Rewrite-Enabled
X-Generation-Time
Uber-Trace-Id
X-Real-IP
Azure-RegionName
Azure-SiteName
X-Locale
Azure-InstanceId
X-Edge-Location
X-Timing-Wait
X-Section
Azure-Version
Cache-Hits
X-Access
X-Format
Selected-Fe
X-PHP-Backend
X-Proxy-Build
CF-IPCountry
X-Web-Node
Azure-SlotName
X-Forwarded-Host
X-Tt-Logid
Cache-Name
Webcakes-Region
Webcakes-App-Version
TWC-Locale-Group
X-Say-Cacheable
X-Server-W
X-Site-Version
X-Cache-Action
X-SayCDN-TTL
X-Say-TTL
X-Tumblr-Pixel-3
Webcakes-App-Name
TWC-Connection-Speed
TWC-Privacy
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Origin-Hint
ServedBy
X-Proto
X-PHP-Host
Property-Id
X-Origin-Date
X-Skip-Cache
X-Labrador-Cache-Channel
X-Soup
X-Varnish-Beresp-Grace
X-Ms-Version
X-Sucuri-ID
X-Ms-Request-Id
X-Cluster-Node
X-Sucuri-Cache
X-ProxyCache-Status
X-UA-Device-Type
X-Debug
X-ProxyCache-Key
DB-Nickname
X-Via-Fastly
X-Handled-By
X-Proxied
X-R9-Blue-Green-Version
X-BYPASS-REASON
X-Ua
Web-Mar-Node
X-Zipkin-Id
Cross-Origin-Window-Policy
X-Extlb
X-Sql-Duration-Ms
X-Sql-Count
X-Cms-Context
X-Cache-Host
X-Reqid
X-Routing-Service
ServerID
X-VC-Cache
X-VWS-Id
X-FB-TRIP-ID
X-LJ-Flow-ID
Mn-Server-Ip
Locale
X-Urbn-Context-Path
X-Ruxit-Js-Agent
X-JoinUs
X-AWS-Id
X-SaId
X-Proxy-Cache-Status
Countrycode
X-LAGOON
X-Urbn-Site-Id
X-Adobe-Source
X-ARC
X-Cluster
Apigw-Requestid
X-IPLB-Instance
X-Cache-TTL-Remaining
X-IPLB-Request-ID
X-Node-Name
X-No-Session
X-Detected-As
X-Xfnlog-Site
X-App-Version
WP-Super-Cache
Cache-Tv-Group
X-Optimistic-Header
X-Tec-Api-Version
X-GeoCountry
X-Tec-Api-Origin
X-Tec-Api-Root
X-WP-CF-Super-Cache
Fastcgi-Useragent
X-LSADC-Cache
X-GeoCode
X-WP-CF-Super-Cache-Cache-Control
X-Webkit-CSP
Mime-Version
X-Director
X-Oneagent-Js-Injection
X-TIME
Upgrade-Insecure-Requests
X-Varnish-Hits
X-Buckets
X-Hl-Ver
X-GEO
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-Cache
CDN-Uid
CDN-EdgeStorageId
Source
Fastly-Drupal-HTML
X-Generated-By
X-Mg-Request-UUID
Frame-Options
X-Request-Time
X-FireWall-Port
X-Redis-Cache
X-Webkit-CSP-Report-Only
X-Varnish-Cache-Hits
CF-Cached-On
X-TA-CDN-Provider
Xet-Cookie
X-Api-Version
X-Loop
X-Correlation-ID
X-Origin-CC
X-URL
X-Cache-Debug
X-Tx-Id
X-Origin-TTL
X-ServerID
X-RM-Cache-TTL
X-Varnish-Hostname
Load-Balancing
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Akamai-Transformed
X-SRV
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShardId
X-Pass-Why
X-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-TNCMS
X-Served-From
X-Pubstack
X-Service
X-Newrelic-Synthetics
X-Request-Host
X-CSRF-Token
X-Endurance-Cache-Level
Xserver
X-Location
Server-Info
X-Storage
X-Hash
Candidate-Md5Url
DCR-Decision-By
DSUID
Edge-Cache
X-Akamai-Device-Characteristics
X-Gdpr
X-Generated-On
DCR-Processing-Time-Ms
X-INCAP-ABP
X-Men
X-Loc
X-Mid
X-Mobile-URL
X-Nyt-Route
X-Level-Front-Cache
X-Httpd
A
BehaviorPad-Version
X-WP-CF-Super-Cache-Active
X-Restarts
X-Application
Cache-Host
X-External-Request-Id
Server-Host
X-Conf
Rendered-Blocks
Release
X-CMSURLCustom
X-Cdn-Origin
T-Server
X-Cache-NE
Surrogated-Key
Sslversion
Redirect-Candidate
Meta-Geo-Continent
Origin
Odigeo-Trace-Id
NM-Fastcgi-Cache
X-Origin
X-Developer
X-Destination
X-Core-Mission
X-CUA
Ngx.Var.Host
X-D
Memcached
TDXMobile
X-A-Dam
X-Epic-Correlation-Id
X-A-Ccd
X-Ec-GeoHdr
X-A-Dcw
X-A-Dgt
Host-ID
X-Aed
X-B-Cookie
X-A-Wwc
X-Ec-Fail
X-A
X-Cache-Info
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Cache-Date
MD5-Digest
X-Bc-Bl
X-BCube-Filmed-By
Lang
X-Bip
Gannett-Cam-Experience-Id
X-ScT
X-S-Maxage
X-Sigma
X-Sigma-Backend
X-Sn-Servicetimems
X-S-Cookie
X-Rojux
X-Platform-Processor
X-Platform-Router
X-Processor
X-Rocket-Build-Number
X-SRCache-Key
X-SVT-ORM-RULES
X-Vdms-Path
X-Vdms-Version
X-We-Are-Hiring
Xc-Version
X-TIM-N
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Test
X-Thanos
X-Platform-Cluster
X-S
X-Origin-Time
Magicmarker
X-Ec-Custom-Error
X-Slack-Backend
Mail-Subject
X-Slack-Shared-Secret-Outcome
X-Dispatcher-Number
X-Dispatcher-Server
X-Mvc-Supplant-Cachable
X-Ad-Defer-Variation
X-Accel-Expires-Debug
X-Server-IP
X-Fastly-Backend
X-Fastly-Cache
X-Fetched-On
X-Scale
X-Origin-Expires
X-SD-PageType
X-Auto-Login
X-Esi-Check
Is-Eu
Section-Origin-Responded
X-Developers
X-Vmg-Version
X-Cdn-Srv
Req-Svc-Chain
X-Varnishpool
X-VServer
X-CacheTTL
X-Origin-Response-Time
X-Org
X-Cache-Id
Vix-Hermes-Req-Id
X-Varnish-Beresp-Status
X-Date
X-NodeID
X-Node-Id
Fastly-GeoIP-CountryCode
X-Cache-Bucket
X-Var-Ttl
X-Variation
Platform
We-Hiring
WWW-Authenticate
Gh-Request-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-JWT-State
C-Via
X-Has-Esi
CacheControlHeader
Cache-Key
Apple-News-Services-Handled
AKAMAI
X-Instance-Name
X-Human
X-Platform
X-HS-Content-Campaign-Id
X-Is-Gdpr
Adler-Geo
X-Varnish-Beresp-Ttl
X-Pool
X-Gzip
X-Region-Sid
Section-Io-Id
X-Request-Start
X-Geo-Header
X-GeoIP
X-Gamma-Serve
Section-Io-Origin-Status
Fastly-Backend-Name
X-BBC-Edge-Cache-Status
Section-Io-Origin-Time-Seconds
Country-Code
X-Worker
X-GeoIP-City
CloudFront-Viewer-Country
Environment
X-Parent-Response-Time
X-Air-Pt
X-Provided-By
X-Varnish-CookieHashed-On
X-Req
Cmsid
Click-Count-Error
Tube-Get-Contents
Click-Count-Action-Start
X-DefHash
Tube-Return
X-Response-By
Tube-Got-Results
Cmstype
X-DefElseHash
X-Azure-Ref-OriginShield
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
Tube-Got-Eval
X-Cache-FS-Status
X-App
X-Planisys-CDN-TTL
X-Irp-Debug
X-HN
X-Qloud-Router
X-GeoIP-Region-Code
X-Release
X-Mly-Id
X-Planisys-CDN-Rules
X-Owner
X-Op-Id-All
X-Planisys-CDN-Cache
X-Nginx-Cache-Key
X-NCache
X-GeoIP-Country-Code
X-Frame-Option
X-Clara-WADP
X-VG-TLSProxy
X-Cache-Tags
X-WA-Info
X-WADP-Cache
X-VarnishDD-TTL
X-Core-Value
X-Fmm-Version
X-Forwarded-Site
X-FC-Vary-Parameters
X-Device-Os
X-V-Cache
X-Wix-Viewer-Type
State
Origin-CC
Origin-EX
Datacenter
Ssr
On-Server
Machine
Canary
Cache-Provider
Kp-EeAlive
L
HostName
PFcat
Wxu-Next-Commit
Wxu-Next-Region
X-Accel-Buffering
Web-Mar-Region
Wxu-Next-Hostname
X-B3-Spanid
HA-Ipaddr
Ha-Gx-Prefs
X-DPWN-IS-SECURE
X-Eu-Site
L5d-Success-Class
X-SB
X-LB-NoCache
X-Platform-Server
X-FL-QIT-DEBUG
X-FL-EDGE
CDCHOST
Expect-Staple
X-Gen-Mode
X-Aicache-OS
Locid
User-Cache-Control
Srvid
X-Hnp-Log
Fastly-SSL
NGX
Server-Ext
Producers
X-Block-Status
Server-Hostname
X-CGP
X-Old-Content-Length
X-Ckpd-Fst-Backend
Sever-Int
X-Csrf-Jwt
X-CACHE-AGE
X-Via-CDN
X-Zone
X-Nananana
X-Minions-Version
X-Vcl-Version
X-Cache-Remote
X-Cache-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-NWS-UUID-VERIFY
X-Mvc-Supplant-OutputCached
X-Microcachable
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
Cluster
X-VC
X-Refresh
X-Dc
X-From
Decoy-Debug-TTL
Pics-Label
GeoIP-Latitude
Decoy-Debug-Key
Decoy-Debug-Status
X-Tid
X-ND-Cache
Env
X-Cache-Enabled
X-RCS-CacheZone
X-Up
X-Trace-ID
NtCoent-Length
X-DC
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Lambda-Id
X-Cached-By
X-Generated-In
X-Srv
SID
X-Cs
Memory
Time
X-Servedbyhost
X-Via-Popn
X-Via-Poph
X-Via-Popv
Sid
X-Edge-Pop
X-VCT
Cache
CPC-Cache
CPC-Age
Svr
VNS-Cache
VNS-Age
X-Vtex-Remote-Cache
X-Render-Time
X-HS-Status
X-DataCenter
X-Nf-Request-Id
X-AIR-PT
X-Esi
X-Vgn-Hpd-Cached
X-Wa
X-Presslabs-Stats
X-HA-Backend
X-LB-ID
Fastly-Drupal-Html
X-Vgn-Hpd-Ssi
X-Nc
X-Vgn-Hpd-Variations-Key
X-B3-SpanId
X-Upstream-Ht
X-Upstream-Ct
X-Hcs-Proxy-Type
X-Client-Ip
X-CCDN-CacheTTL
X-TH-Server
X-NewRelic-App-Data
X-CLOUD-TRACE-CONTEXT
Server-ID
X-Cache-Type
X-CCDN-Origin-Time
Cdn
X-ZONE
X-ATG-Version
X-Vc
GeoIp-Country-Code
X-Contensis-Viewer-Groups
X-Via-JSL
X-Cache-ASPX
X-Fpc
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Authentication
Uri
XkeyRZ
X-Check-Cacheable
X-Proxy-CacheRZ
X-Gateway-Request-Id
X-Gateway-Skip-Cache
Cdncip
X-Gateway-Cache-Status
Cdnsip
X-Gateway-Cache-Key
X-Amz-Meta-Cb-Modifiedtime
True-Client-IP
X-AK-Request-ID
Hostname
XServer
X-CF-Lambda-Fn
X-Via-NSCOPI
X-CF-Lambda-Version
Esi-Enabled
M-TraceId
X-RateLimit-Limit-Second
X-PAYTM-SRV-ID
X-RateLimit-Remaining-Second
Srv
X-Varnish-Beresp-TTL
X-EC-Lua
X-NGINX-Cache
X-MP-GENERATED-AT
X-CS
X-MSEdge-Features
True-Client-Ip
X-MSEdge-Flight
X-API-Version
X-Udemy-Cache-App-Namespace
X-CSRF-TOKEN
N-Cache
X-FPC
X-CDN-Cache-Status
Eomportal-Instance
OT-Force-Account-Verify
X-Wikidot-Static-Cache
Resin-Trace
X-Wikidot-Backend
X-Datadome
YJS-ID
CDN
X-Forwarded-Path
X-Shop-Environment
X-Fastly-Country-Code
RNT-Machine
RNT-Time
X-Tenant
X-Bl-Debug
X-Orig-Expires
Request-ID
X-APP-VERSION
Lb
Path
Ngx-Var-Key
X-Micro-Cache
GeoIP-Country-Code
X-RateLimit-Reset
Sm-Log-Id
X-B3-Trace-ID
X-Cache-Ttl
Server-Id
X-SIPLIST1
IsBot
X-App-Name
X-Service-Response-Time
X-Policy
X-TX-ID
X-Accel-Version
X-Ha-Backend
X-Request-URI
X-Cache-NGX
LB
X-WA
X-VCL-Version
X-Lb-Id
X-Datacenter
X-MCACHE
X-Info
X-Vcache
HIT
Cross-Origin-Opener-Policy-Report-Only
X-NC
X-Logging-Id
X-Edge-POP
Hit
X-Git-Commit
X-SERVER-NAME
Location
X-Cdn-Diag
Ohc-File-Size
X-Container-Uri
X-Cdn-Cache-Status
X-Pod-Name
Pramga
X-Geo
X-Akamai-Pragma-Client-IP
X-Xrds-Location
X-Snapshot-Date
X-CACHE-KEY
X-Via-PopH
X-Srcache-Fetch-Status
ENV
X-Via-PopV
Timeexpire
X-Via-PopN
FSS-Cache
X-ServedByHost
X-Srcache-Store-Status
X-Cache-Expires
Yjs-Id
X-Tncms
XM
X-VG-WebCache
Epwk-X-Cache
X-Ctl-Mach
Req-ID
X-Iauth-Set-Uid
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Cdn-Request-ID
Servername
Proxy-Connection
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
True-Client-Country-4JS
X-Amz-Meta-Opti
X-Cdn-Forward
V-Age
X-Acquia-Purge-Cdn-Unconfigured
X-UP
X-LiteSpeed-Cache-Control
X-Hyper-Cache
X-Serial
WZWS-RAY
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
Geoip-Latitude
Warning
X-MiniProfiler-Ids
X-M-Log
X-M-Reqid
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RAMCache
X-Acquia-Purge-Tags
X-Acquia-Site
X-Clientip
X-Acquia-Application-UUID
X-Acquia-Application-Trace
CDN-RequestPullSuccess
X-Qnm-Cache
X-WP-CF-Super-Cache-Cookies-Bypass
CDN-RequestPullCode
Cdn-Requestid
Cneonction
Content-Style-Type
X-Lb-Nocache
Ec-Rule-Version
X-Swift-Error
X-Moov-Xdn-Version
Content-Script-Type
X-Moov-T
X-Scheme
X-B3-Parentspanid
X-Lsadc-Cache
X-F-Status
X-TT-LOGID
CountryCode
Ohc-Cache-HIT
Traceparent
Inserted-Into-Cache-At
PICS-Label
X-TraceId
X-Cache-Ngx
My-App
X-LiteSpeed-Tag
Ngx
X-Th-Server
MIME-Version
X-IPS-Cached-Response
X-Litespeed-Cache-Control
X-Webstats-RespID
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-Mg-Cache