Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-Id
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
P3p
Access-Control-Max-Age
X-Via
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-UA-Device
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
X-Proxy-Cache
Keep-Alive
X-Ua-Compatible
X-Server
X-Ws-Request-Id
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Apo-Via
X-WebKit-CSP
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Server-Id
EagleEye-TraceId
X-Nginx-Cache-Status
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-Cache-Spec
X-Backend-Server
Request-Id
X-Readtime
X-Cache-Lookup
X-HW
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch-Lifetime
X-Trace
X-Application-Context
X-Response-Time
Fastly-Restarts
Permissions-Policy
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
Accept-CH-Lifetime
X-WebKit-CSP-Report-Only
X-Litespeed-Cache
X-Mcache
Content-Location
X-Content-Type
X-MS-InvokeApp
X-Url
X-CST
X-Country
X-Clacks-Overhead
Rating
X-Midtier
X-TtlSet
X-PC
X-Amz-Server-Side-Encryption
X-Vname
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-VARITI-CCR
X-Element-Page-Cache
Verso
Origin-Trial
X-ECACHE
X-Server-Name
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Rack-Cache
X-Ac
X-Powered-By-Plesk
X-Ttl
X-GitHub-Request-Id
X-Cnection
Service-Worker-Allowed
SPRequestGuid
X-Amz-Rid
X-SharePointHealthScore
X-Client-IP
X-Navigation-Version
Xkey
X-B3-TraceId
X-Abt-Application-Version
Edge-Control
X-Cache-TTL
X-NWS-LOG-UUID
SPRequestDuration
SPIisLatency
X-Upstream
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Instrumentation
X-Browser-Type
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Cached
X-Mg-S
X-Dw-Request-Base-Id
X-Px
X-Varnish-TTL
X-Cache-Key
X-Sol
Pagespeed
Display
X-Middleton-Display
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Correlation-Id
Access-Control-Request-Method
Edge-Cache-Tag
Content-MD5
X-Forwarded-For
X-Country-Code
X-Goog-Hash
X-Webkit-Csp
X-NF-Request-ID
X-FastCGI-Cache
Front-End-Https
TCN
X-Powered-CMS
X-Id
X-Version
AR-Request-ID
Public-Key-Pins
AR-SID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-RateLimit-Remaining
Accept-Ch
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-T
X-MSEdge-Ref
X-Content-Digest
X-Recruiting
X-Amzn-Trace-Id
X-Daa-Tunnel
X-XRDS-Location
X-Ser
X-Accel-Expires
Response
X-Middleton-Response
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
X-Ratelimit-Limit
S
X-Fastcgi-Cache
Nginx-Cache
MicrosoftSharePointTeamServices
Cache-Status
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Request-Received
X-Request-Processing-Time
X-HS-Combine-CSS
X-HS-Hub-Id
Server-Node
X-HS-Content-Id
X-HS-Cache-Config
Cache-Tags
X-Distributor
X-Hits
X-Kinsta-Cache
X-Edge-Location-Klb
X-LB-Cache
Cross-Origin-Opener-Policy
Fastcgi-Cache
X-Ratelimit-Remaining
X-Ratelimit-Reset
X-Origin-Server
X-PressLabs-Stats
X-Ua-Browser
X-Ezoic-Cdn
Alternate-Protocol
Server-Name
X-Grace
X-DIS-Request-ID
X-Geo-Country
Filterid
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
X-Rid
Healthy
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-LLID
X-Hostname
X-Frontend
Payment
X-DataDome
X-Debug-Info
X-Logged-In
X-Varnish-Backend
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Cleartype
X-FB-Debug
X-Fastly-Request-ID
X-Git-Hash
X-Www-Served-By
X-Forwarded-Proto
X-Page-Id
X-NGENIX-Cache
X-Load-Cache
X-Cluster-Name
X-ASPNET-VERSION
X-Origin-Cache
DC
MS-Author-Via
Charset
Content-Disposition
Realpath
X-B3-Sampled
Access-Control-Allow-Method
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
X-Proxy
X-F-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-AppVersion
X-Az
X-Activity-Id
X-ECache
X-Seen-By
Retry-After
X-Amz-Replication-Status
X-TTL
Cross-Origin-Resource-Policy
Paypal-Debug-Id
X-Server-ID
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-Type
X-Fb-Rlafr
X-Revision
X-Hosted-By
X-Contextid
Viewport
Count-Hit
X-Azure-Ref
X-Whom
Surrogate-Key
X-Wix-Request-Id
X-App-Environment
X-B-Cache
X-Aspnetmvc-Version
X-Signature
X-Varnish-Server
X-B
X-Providence-Cookie
X-Aspnet-Duration-Ms
Accept-Charset
X-Route-Name
X-Flags
X-Is-Crawler
X-Request-Guid
X-Akamai-Edgescape
X-TT
X-DynaTrace
X-Cache-Age
X-B3-Traceid
X-Language
Amp-Access-Control-Allow-Source-Origin
X-Source
X-App-Server
X-Fastly-Request-Id
X-Cache-Control
Referer-Policy
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Mobile
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Magnolia-Registration
X-Times
Host
X-RateLimit-Limit
X-Varnish-Grace
X-Envoy-Decorator-Operation
Version
X-N
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Oneagent-Js-Injection
X-Cache-Rule
X-Varnish-Ttl
X-HTML-Minification-Powered-By
X-Tumblr-Pixel
X-Response-Served-From
X-Original-Request-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Ms-Operation-Id
X-RTag
MS-CV
X-UUID
X-Rule
X-Cache-Time
Refresh
Access-Control-Request-Headers
Section-Io-Cache
X-Varnish-Age
X-Cache-Status-Check
X-Framework
WPO-Cache-Message
WPO-Cache-Status
X-FW-Dynamic
X-FW-Hash
X-Content-Powered-By
X-User-Agent
X-EdgeConnect-Cache-Status
X-FW-Serve
X-FW-Server
Akamai-GRN
X-Backend-Name
X-ProcessESI
X-Cache-Expired-At
X-RemovedCookies
X-FW-Static
GEO-INFO
X-FW-Type
X-FW-Version
VIX-Pulpo-Node
Protected
X-Cacheable-TTL
X-Jobs
X-Page-View
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-G
Url
X-Device-Type
X-Servername
X-Ruxit-Js-Agent
X-Cache-Grace
X-Status
X-Akamai-Request-ID2
X-Instance
X-L-Path
X-Environment-Context
X-NYM-Debug-Backend
From-Origin
X-Http-Reason
NGB
X-Is-Bot
SRV
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Template
X-Rendered-As
X-Adobe-Loc
X-Adobe-Content
X-Trace-Id
X-Region
CDN-RequestId
X-CDN-Forward
X-COUNTRY
Front
X-Nginx-Cache
X-Debug-IsPreview
X-Debug-IsConnected
Accept-Language
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Unique-Id
X-XRDS-LOCATION
X-Cache-Hit
X-Content-Options
Backend
Fastly-SIE
Fastly-SWR
Country
X-Zen-Fury
Liferay-Portal
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Tb
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Newrelic-App-Data
X-Mode
Content-Secure-Policy
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Operation
X-Tt-Logid
X-Node-Name
Uber-Trace-Id
Filters
Meta-Geo
X-Amzn-Remapped-Content-Length
X-Real-IP
Webserver
X-Generation-Time
X-Cache-Server
X-Proxy-Cache-Info
X-UPSTREAM-Address
X-Rewrite-Enabled
X-RN-RSRV
X-Tumblr-Pixel-2
X-IPS-LoggedIn
X-Web-Node
X-Proxy-Build
X-Rocket-Nginx-Serving-Static
X-PHP-Backend
Azure-SiteName
X-Ms-Version
X-Ms-Request-Id
CF-IPCountry
X-Timing-Wait
Onion-Location
X-Section
X-Format
Selected-Fe
Azure-SlotName
X-Access
Azure-InstanceId
Azure-RegionName
Azure-Version
Cache-Hits
X-Time
X-Content-Age
Webcakes-Region
X-Debug
X-Cluster-Node
TWC-Privacy
Webcakes-App-Version
Cache-Name
TWC-Locale-Group
X-TIME
X-Reqid
Webcakes-App-Name
X-Origin-Hint
X-Locale
TWC-Connection-Speed
X-Say-Cacheable
X-Sql-Count
X-Sql-Duration-Ms
X-Sucuri-Cache
Property-Id
ServedBy
X-R9-Blue-Green-Version
Node
X-Say-TTL
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-UA-Device-Type
X-VC-Cache
TWC-Device-Class
X-Sucuri-ID
X-SayCDN-TTL
X-Server-W
X-Proto
X-ProxyCache-Status
ServerID
Web-Mar-Node
X-IPLB-Request-ID
X-Soup
S-Rt
X-PHP-Host
X-VWS-Id
X-Forwarded-Host
X-ProxyCache-Key
X-Skip-Cache
X-Site-Version
X-Proxy-Cache-Status
X-Via-Fastly
X-LJ-Flow-ID
X-Cache-Host
X-Cache-Action
X-BYPASS-REASON
X-Cluster
X-Ua
X-Labrador-Cache-Channel
X-Varnish-Beresp-Grace
X-IPLB-Instance
X-AWS-Id
X-Cache-TTL-Remaining
DB-Nickname
X-No-Session
X-SaId
X-Adobe-Source
X-FB-TRIP-ID
X-LAGOON
Cross-Origin-Window-Policy
X-Uri
X-Handled-By
X-JoinUs
X-Cms-Context
Apigw-Requestid
X-Zipkin-Id
Mn-Server-Ip
X-Origin-Date
X-Tumblr-Pixel-3
X-Routing-Service
X-Proxied
X-Extlb
X-Edge-Location
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Webkit-CSP
X-Urbn-Site-Id
X-Buckets
X-App-Version
X-Optimistic-Header
X-Urbn-Context-Path
X-Xfnlog-Site
Locale
Fastcgi-Useragent
Mime-Version
WP-Super-Cache
Countrycode
X-Detected-As
X-LSADC-Cache
X-GeoCountry
X-GeoCode
Source
X-ARC
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-Uid
X-Hl-Ver
Fastly-Drupal-HTML
Upgrade-Insecure-Requests
X-Director
Cache-Tv-Group
X-Varnish-Hits
X-Request-Time
X-Mg-Request-UUID
X-Generated-By
CF-Cached-On
X-Redis-Cache
X-GEO
X-Cache-Debug
Xet-Cookie
X-Webkit-CSP-Report-Only
X-Origin-TTL
X-Origin-CC
Frame-Options
X-Tx-Id
X-URL
X-FireWall-Port
X-Loop
X-SRV
X-Varnish-Cache-Hits
X-Pass-Why
X-TNCMS
X-RM-Cache-TTL
X-TA-CDN-Provider
X-Varnish-Hostname
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Akamai-Transformed
X-Sorting-Hat-PodId
X-ServerID
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Api-Version
Load-Balancing
X-Service
X-Newrelic-Synthetics
X-Pubstack
X-Request-Host
X-Endurance-Cache-Level
X-Served-From
Xserver
X-Location
X-B3-Spanid
X-NWS-UUID-VERIFY
BehaviorPad-Version
A
MD5-Digest
X-A
WWW-Authenticate
Thinkindot-CacheControl
T-Server
Lang
Server-Info
Memcached
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-Control
Ngx.Var.Host
Rendered-Blocks
Edge-Cache
DSUID
Gannett-Cam-Experience-Id
Release
Redirect-Candidate
Host-ID
DCR-Processing-Time-Ms
Req-Svc-Chain
Candidate-Md5Url
Cache-Host
Surrogated-Key
Odigeo-Trace-Id
Sslversion
DCR-Decision-By
Origin
Meta-Geo-Continent
X-Conf
X-Origin-Time
X-Nyt-Route
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Mobile-URL
X-Mid
X-Httpd
X-Vdms-Version
X-INCAP-ABP
X-Level-Front-Cache
X-Loc
X-Processor
X-Rocket-Build-Number
X-TIM-N
X-Sigma-Backend
X-SRCache-Key
X-Test
X-Thanos
X-Sigma
X-ScT
X-Vdms-Path
X-Rojux
X-S
X-S-Cookie
X-S-Maxage
X-We-Are-Hiring
X-Generated-On
X-Bc-Bl
X-BBC-Edge-Cache-Status
X-BCube-Filmed-By
X-Thinkindot-L3
X-Cache-Date
X-B-Cookie
X-Application
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
X-Cache-Info
X-Cache-NE
X-Ec-GeoHdr
Xc-Version
X-Epic-Correlation-Id
X-External-Request-Id
X-Gdpr
X-Ec-Fail
X-Developer
X-CMSURLCustom
X-CUA
X-D
X-Destination
X-A-Ccd
X-Bip
X-Varnish-Beresp-Ttl
Section-Io-Origin-Status
Section-Io-Id
X-Storage
Section-Origin-Responded
X-Restarts
Section-Io-Origin-Time-Seconds
Server-Host
X-Node-Id
Fastly-GeoIP-CountryCode
X-Mvc-Supplant-Cachable
X-Mly-Id
Fastly-Backend-Name
X-Sn-Servicetimems
X-Pool
Gh-Request-Id
Mail-Subject
X-Origin
NM-Fastcgi-Cache
X-SVT-ORM-RULES
X-Hash
Magicmarker
X-Origin-Response-Time
X-JWT-State
X-Fetched-On
X-Cache-Bucket
X-Fmm-Version
X-Frame-Option
X-Worker
X-Cdn-Srv
X-Core-Value
X-Clara-WADP
X-Developers
X-Geo-Header
X-Auto-Login
X-Human
X-Is-Gdpr
We-Hiring
X-Core-Mission
X-HS-Content-Campaign-Id
X-Has-Esi
X-GeoIP
X-GeoIP-City
X-Akamai-Device-Characteristics
X-SVT-ORM-VERSION
X-Org
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Varnish-Beresp-Status
Cache-Key
X-Var-Ttl
CacheControlHeader
Apple-News-Services-Handled
AKAMAI
X-WA-Info
X-WADP-Cache
X-Vmg-Version
X-VG-TLSProxy
X-Varnishpool
Country-Code
CloudFront-Viewer-Country
C-Via
X-Cdn-Origin
X-CACHE-AGE
X-Parent-Response-Time
X-Accel-Buffering
X-Varnish-CookieHashed-On
User-Cache-Control
X-HN
X-Ad-Defer-Variation
X-Gzip
X-App
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Hnp-Log
Adler-Geo
Wxu-Next-Commit
X-Platform-Server
Web-Mar-Region
X-SD-PageType
Wxu-Next-Hostname
Wxu-Next-Region
X-Date
X-VarnishDD-TTL
X-Irp-Debug
Vix-Hermes-Req-Id
X-Azure-Ref-OriginShield
X-Device-Os
Environment
X-Dispatcher-Server
X-Cache-Tags
X-Req
X-WP-CF-Super-Cache-Active
X-DefHash
X-Wix-Viewer-Type
X-Ua-Device
X-Men
X-VServer
X-Ec-Custom-Error
X-CSRF-Token
X-Gen-Mode
X-Qloud-Router
Tube-Got-Results
X-Forwarded-Site
X-Block-Status
X-Esi-Check
X-Cache-Id
X-FC-Vary-Parameters
X-SB
X-Scale
Tube-Return
X-DefElseHash
Origin-EX
Origin-CC
On-Server
X-Op-Id-All
PFcat
Kp-EeAlive
CDCHOST
Tube-Got-Eval
X-Old-Content-Length
State
Click-Count-Action-Start
Datacenter
X-CacheTTL
Machine
X-Fastly-Backend
X-Fastly-Cache
X-Gamma-Serve
Click-Count-Error
L
NGX
X-Accel-Expires-Debug
X-NodeID
Platform
X-Region-Sid
X-Variation
X-Platform
X-Server-IP
Canary
X-Request-Start
Cache-Provider
X-LB-NoCache
X-Nginx-Cache-Key
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-NCache
X-Dispatcher-Number
Tube-Get-Contents
Is-Eu
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-DPWN-IS-SECURE
X-Eu-Site
Cmstype
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Nananana
X-Planisys-CDN-TTL
X-Tid
X-V-Cache
Cmsid
X-Minions-Version
X-Cache-Remote
Producers
Pics-Label
Server-Ext
Sever-Int
Ssr
L5d-Success-Class
HA-Ipaddr
Decoy-Debug-Key
Cluster
Decoy-Debug-Status
Decoy-Debug-TTL
Ha-Gx-Prefs
X-Cache-Backend
Server-Hostname
X-CGP
X-Origin-Expires
X-Csrf-Jwt
X-Ckpd-Fst-Backend
X-Instance-Name
X-Mvc-Supplant-OutputCached
X-Cache-FS-Status
X-Microcachable
X-Release
X-Tb-Optimization-Total-Bytes-Saved
X-Response-By
X-Refresh
Fastly-SSL
X-Zone
X-Provided-By
HostName
Srvid
Locid
X-FL-QIT-DEBUG
GeoIP-Latitude
Expect-Staple
X-Aicache-OS
X-Correlation-ID
X-FL-EDGE
X-DC
X-Air-Pt
X-Via-CDN
X-From
X-Up
X-Dc
X-RCS-CacheZone
Env
X-ND-Cache
Memory
Time
X-Servedbyhost
Edge-Copy-Time
X-Trace-ID
X-Via-Edge
X-VC
X-Via-SSL
X-Presslabs-Stats
X-Cache-Enabled
Svr
X-NewRelic-App-Data
X-Vcl-Version
X-Generated-In
NtCoent-Length
X-AIR-PT
X-Edge-Pop
Sid
X-HS-Status
X-Nc
SID
X-Cached-By
X-Srv
Cache
X-Lambda-Id
X-Via-Popv
X-Wa
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Via-Popn
X-Via-Poph
X-DataCenter
Cdn
X-Nf-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-HA-Backend
X-Vc
X-Vgn-Hpd-Variations-Key
X-Cs
X-Vgn-Hpd-Cached
X-Esi
X-Vgn-Hpd-Ssi
X-ZONE
VNS-Age
X-Client-Ip
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Server-ID
X-Hcs-Proxy-Type
VNS-Cache
CPC-Age
X-Render-Time
X-Vtex-Remote-Cache
CPC-Cache
X-NGINX-Cache
X-Check-Cacheable
X-VCT
Cdnsip
GeoIp-Country-Code
X-AK-Request-ID
X-LB-ID
Hostname
Cdncip
Fastly-Drupal-Html
X-TH-Server
X-Via-NSCOPI
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Amz-Meta-Cb-Modifiedtime
X-Gateway-Cache-Key
X-Fpc
X-Via-JSL
X-Proxy-CacheRZ
XkeyRZ
X-Upstream-Ct
X-Upstream-Ht
X-Cache-Type
True-Client-IP
X-API-Version
X-ATG-Version
X-B3-SpanId
X-CSRF-TOKEN
Srv
Uri
X-CS
X-EC-Lua
X-Varnish-Authentication
M-TraceId
X-Contensis-Viewer-Groups
Esi-Enabled
Eomportal-Instance
True-Client-Ip
X-Cache-ASPX
X-Datadome
X-Varnish-Beresp-TTL
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-MSEdge-Flight
X-RateLimit-Limit-Second
X-MSEdge-Features
Resin-Trace
OT-Force-Account-Verify
Ngx-Var-Key
XServer
X-Micro-Cache
X-RateLimit-Remaining-Second
X-Udemy-Cache-App-Namespace
X-FPC
Path
YJS-ID
Request-ID
X-MP-GENERATED-AT
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-CDN-Cache-Status
X-Cache-NGX
X-SIPLIST1
X-Fastly-Country-Code
X-APP-VERSION
CDN
N-Cache
GeoIP-Country-Code
X-Request-URI
IsBot
X-Tenant
X-TX-ID
X-VCL-Version
X-Info
X-CLOUD-TRACE-CONTEXT
X-Orig-Expires
RNT-Machine
RNT-Time
X-Lb-Id
X-Shop-Environment
X-Forwarded-Path
X-Bl-Debug
X-Service-Response-Time
Sm-Log-Id
Server-Id
LB
X-Accel-Version
X-Ha-Backend
Location
X-Datacenter
X-Policy
X-App-Name
X-B3-Trace-ID
X-Pod-Name
X-MCACHE
X-Edge-POP
Cross-Origin-Opener-Policy-Report-Only
HIT
X-RateLimit-Reset
X-WA
Lb
X-Geo
X-Akamai-Pragma-Client-IP
Ohc-File-Size
Servername
X-Via-PopN
X-Snapshot-Date
X-Via-PopV
X-SERVER-NAME
X-Oss-Hash-Crc64ecma
X-Via-PopH
X-Cdn-Request-ID
X-Cache-Expires
X-Oss-Storage-Class
X-Cdn-Cache-Status
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
Timeexpire
Hit
ENV
FSS-Cache
X-Cache-Ttl
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-NC
X-CACHE-KEY
Req-ID
X-Rebelmouse-Surrogate-Control
X-Cdn-Diag
X-ServedByHost
Pramga
Yjs-Id
Proxy-Connection
Epwk-X-Cache
X-Rebelmouse-Cache-Control
X-Ctl-Mach
X-Logging-Id
X-LiteSpeed-Cache-Control
X-UP
WZWS-RAY
X-Moov-Xdn-Version
X-TraceId
X-Amz-Meta-Opti
X-Hyper-Cache
X-Container-Uri
X-Scheme
X-Moov-T
X-Serial
X-Git-Commit
X-Dw-Trace-Id
X-Cdn-Forward
Geoip-Latitude
Traceparent
X-M-Reqid
X-M-Log
X-MiniProfiler-Ids
X-Vcache
X-Acquia-Application-Trace
X-Acquia-Site
XM
X-ApacheServer
Cneonction
X-PERF
X-Acquia-Purge-Tags
X-RAMCache
X-Lb-Nocache
Cdn-Requestid
X-VG-WebCache
X-B3-Parentspanid
X-Acquia-Application-UUID
X-Viewer-Country
Ec-Rule-Version
X-Qnm-Cache
X-Swift-Error
Content-Style-Type
Content-Script-Type
X-Fastly-Backend-Reqs
X-TT-LOGID
X-Wp-Cf-Super-Cache-Cache-Control
X-F-Status
X-Wp-Cf-Super-Cache
CountryCode
X-Lsadc-Cache
X-Webstats-RespID
X-Mg-Cache
X-Iauth-Set-Uid
V-Age
Ohc-Cache-HIT
X-Tncms
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
My-App
X-LiteSpeed-Tag
MIME-Version
Warning
X-B3-ParentSpanId
Ngx
X-Th-Server
X-Mid-Debug-Cache-Key
X-Mid-Debug-Cache-Disk
X-Request-URL
X-IPS-Cached-Response
X-Cache-Ngx
X-Fastly-Cache-Hits