Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-FRAME-OPTIONS
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
P3p
Access-Control-Max-Age
X-Request-ID
X-Via
X-Dns-Prefetch-Control
Server-Timing
X-Cache-Group
X-Robots-Tag
Request-Context
X-UA-Device
Keep-Alive
X-Turbo-Charged-By
X-Amz-Request-Id
X-AH-Environment
X-Ws-Request-Id
X-Backend
X-Amz-Id-2
X-Proxy-Cache
X-Akamai-Path-Stats
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
EagleId
X-Rq
X-Vhost
X-Varnish-Cache
Grace
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Cf-Edge-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Allow
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-OneAgent-JS-Injection
X-Server-Id
X-Node
EagleEye-TraceId
X-Pingback
X-Cache-Spec
Surrogate-Control
Request-Id
Cf-Railgun
X-Akam-SW-Version
X-Backend-Server
X-Readtime
X-Cache-Lookup
X-Response-Time
Accept-CH
X-HW
Accept-CH-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
Content-Location
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-WebKit-CSP-Report-Only
X-Url
X-Country
Accept-Ch
Accept-Ch-Lifetime
X-Clacks-Overhead
X-Edge
X-Amz-Server-Side-Encryption
X-B3-TraceId
X-MS-InvokeApp
X-Rack-Cache
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Ruxit-JS-Agent
X-Vcap-Request-Id
X-ESI
X-Content-Type
Xkey
X-Mod-Pagespeed
X-CST
X-Varnish-TTL
X-VARITI-CCR
X-Mcache
X-D2id
X-Nginx-Upstream-Cache-Status
X-Amz-Rid
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-GitHub-Request-Id
X-Exp-Id
Cache-Tag
Verso
RTSS
X-ECACHE
X-FastCGI-Cache
X-Powered-By-Plesk
X-Cached
X-Navigation-Version
X-Upstream
Service-Worker-Allowed
X-Client-IP
X-Version
X-Dw-Request-Base-Id
X-Px
X-Ruxit-Js-Agent
X-Abt-Application-Version
X-Oneagent-Js-Injection
X-Cnection
X-Ac
Public-Key-Pins
X-Ser
Arr-Disable-Session-Affinity
X-Sol
X-Middleton-Display
Display
Pagespeed
SPRequestGuid
X-SharePointHealthScore
X-Server-Name
X-Element-Page-Cache
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-NF-Request-ID
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-Country-Code
X-RateLimit-Remaining
X-NWS-LOG-UUID
X-Ttl
X-Midtier
X-Middleton-Response
Response
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
Permissions-Policy
X-Forwarded-For
X-Cache-Key
Access-Control-Request-Method
Content-MD5
X-Correlation-Id
X-DataDome
X-Shield-Request-Id
X-Powered-CMS
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Edge-Cache-Tag
X-MSEdge-Ref
Front-End-Https
X-T
X-RateLimit-Limit
X-HP-Trace-Id
Nginx-Cache
X-Jurisdiction
X-HP-Webp
TP-Cache
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
X-Recruiting
TP-L2-Cache
AR-CACHE
X-Accel-Expires
X-Daa-Tunnel
X-Grace
MicrosoftSharePointTeamServices
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Id
TCN
X-Mg-S
X-TTL
X-Request-Processing-Time
X-Request-Received
Filters
X-HS-Cache-Config
X-Content-Digest
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-TEC-API-VERSION
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-LLID
Server-Node
S
X-Fastly-Request-Id
X-Frontend
X-Distributor
X-Amzn-Trace-Id
X-Protected-By
Cache-Status
Server-Name
X-Webkit-Csp
X-PressLabs-Stats
X-Geo-Country
MS-Author-Via
Fastcgi-Cache
X-LB-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Language
X-Origin-Server
X-Ab
X-Ua-Browser
X-Forwarded-Proto
X-Ezoic-Cdn
Host
X-FB-Debug
X-B3-Sampled
Filterid
X-Seen-By
X-F-Cache
Cross-Origin-Opener-Policy
Realpath
X-Page-Id
X-Ratelimit-Reset
Charset
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
Payment
X-Litespeed-Cache
X-ASPNET-VERSION
Count-Hit
Accept-Charset
X-Cache-Age
X-VCache
X-Cluster-Name
X-DynaTrace
X-NGENIX-Cache
X-Fastcgi-Cache
Alternate-Protocol
Surrogate-Key
Cache-Tags
X-XRDS-Location
X-Origin-Cache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Activity-Id
X-Az
Retry-After
X-Erf-Bev-Bev
X-AppVersion
Cleartype
X-Content
X-Rid
X-Template
X-Webkit-CSP
X-Www-Served-By
X-Varnish-Backend
X-Node-Name
X-App-Environment
X-Proxy
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Amz-Replication-Status
ServerID
X-Type
X-B
X-Wix-Request-Id
X-TT
X-B-Cache
X-Signature
X-Route-Name
X-Varnish-Grace
X-Debug
X-Tb
X-Request-Guid
X-Is-Crawler
Paypal-Debug-Id
X-Aspnet-Duration-Ms
X-Drupal-Cache-Tags
X-Flags
DC
X-Providence-Cookie
X-Tt-Trace-Tag
X-Logged-In
X-Tt-Trace-Host
X-DIS-Request-ID
Frame-Options
Cf-Apo-Via
X-Content-Options
X-Mobile
X-XRDS-LOCATION
X-Envoy-Decorator-Operation
X-Load-Cache
X-Goog-Stored-Content-Encoding
X-Hostname
X-Goog-Storage-Class
X-GUploader-UploadID
X-Source
X-Goog-Stored-Content-Length
X-Cache-Control
X-Goog-Generation
X-Goog-Metageneration
X-N
X-Revision
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-User-Agent
Viewport
X-Whom
Referer-Policy
X-Contextid
X-Magnolia-Registration
X-Restarts
X-EdgeConnect-Cache-Status
X-Response-Served-From
X-Original-Request-Id
X-Cache-Rule
Node
X-Varnish-Age
Amp-Access-Control-Allow-Source-Origin
Refresh
NGB
X-Cache-TTL-Remaining
Content-Disposition
X-Mid
X-Environment-Context
X-Varnish-Server
Access-Control-Request-Headers
X-L-Path
X-Debug-IsConnected
Akamai-GRN
X-Ratelimit-Remaining
X-Debug-IsPreview
X-Akamai-Request-ID2
X-Framework
X-Unique-Id
X-Drupal-Cache-Contexts
X-Cache-Time
X-Real-IP
X-NYM-Debug-Backend
Url
X-Page-View
X-Instance
X-Jobs
X-Cacheable-TTL
X-G
X-Cache-Grace
X-Servername
X-Fastly-Request-ID
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Rendered-As
X-Is-Bot
X-Adobe-Content
X-Mg-Request-UUID
Uber-Trace-Id
X-Adobe-Loc
Countrycode
Version
X-Yottaa-Metrics
X-App-Server
X-Status
X-Yottaa-Optimizations
X-Debug-Info
X-Content-Powered-By
X-Server-ID
X-Http-Reason
X-RemovedCookies
X-ProcessESI
X-COUNTRY
Protected
X-CDN-Forward
X-IPLB-Request-ID
X-IPLB-Instance
X-Hosted-By
Accept-Language
X-Time
X-Tt-Logid
Liferay-Portal
X-Trace-Id
X-APP-VERSION
X-Device-Type
X-Nginx-Cache-Key
Healthy
X-Cache-Expired-At
Fastcgi-Useragent
X-Ratelimit-Limit
X-FW-Server
X-Via-JSL
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-UUID
Ms-Operation-Id
MS-CV
X-RTag
X-Tumblr-Pixel
X-Datadome
X-Azure-Ref
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Srv
X-Cache-Hit
X-Tumblr-User
X-Proxy-Cache-Status
X-Cache-NGX
X-Mobile-URL
Backend
X-Backend-Name
X-HTML-Minification-Powered-By
Section-Io-Cache
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Content-Secure-Policy
Load-Balancing
X-RN-RSRV
X-UPSTREAM-Address
Meta-Geo
X-Zen-Fury
CF-IPCountry
Server-Info
X-Cache-Operation
X-Mode
X-Storage
X-Content-Age
Onion-Location
TWC-GeoIP-Country
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-ShopId
TWC-Device-Class
Webcakes-App-Name
TWC-Connection-Speed
X-ShardId
TWC-GeoIP-LatLong
X-Server-W
TWC-Locale-Group
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Site-Version
X-Redis-Cache
X-Sql-Duration-Ms
TWC-Privacy
X-Sql-Count
X-Urbn-Context-Path
X-Urbn-Site-Id
X-VWS-Id
X-Varnishpool
X-Locale
X-LJ-Flow-ID
X-Handled-By
Locale
X-Cache-Host
X-Cache-Server
X-No-Session
X-Alternate-Cache-Key
S-Rt
X-PHP-Backend
X-Uri
Property-Id
Webcakes-App-Version
X-AWS-Id
X-Origin-Hint
Webcakes-Region
Eomportal-Instance
Web-Mar-Node
X-Extlb
X-Debug-Cache
X-Forwarded-Host
X-Format
X-Generation-Time
X-Edge-Location
X-JoinUs
X-Hl-Ver
X-Cms-Context
X-BYPASS-REASON
X-Varnish-Hostname
X-VC-Cache
Selected-Fe
X-Region
X-PHP-Host
X-Labrador-Cache-Channel
X-Origin-Date
X-OCL
X-PCL
X-ServerID
X-Section
X-SaId
X-Timing-Wait
X-Varnish-Cache-Hits
X-Zipkin-Id
X-Xfnlog-Site
X-Via-Fastly
X-Routing-Service
X-Request-Time
X-Proxied
X-Proto
X-Cache-Enabled
X-Proxy-Build
X-ProxyCache-Key
X-Akamai-Edgescape
X-ProxyCache-Status
Mn-Server-Ip
X-Access
Azure-Version
Azure-SiteName
Azure-InstanceId
Azure-RegionName
Azure-SlotName
X-Nginx-Cache
X-Say-Cacheable
Apigw-Requestid
X-Generated-By
X-Say-TTL
X-UA-Device-Type
X-FB-TRIP-ID
X-Cache-Status-Check
X-SRV
DB-Nickname
X-Adobe-Source
X-Tid
GEO-INFO
X-SayCDN-TTL
X-Skip-Cache
CDN-Cache
CDN-RequestId
CDN-Uid
CDN-CachedAt
CDN-PullZone
WP-Super-Cache
CDN-EdgeStorageId
CDN-RequestCountryCode
X-Detected-As
X-Web-Node
ServedBy
X-Cache-Type
X-GeoCountry
X-DynaTrace-JS-Agent
X-Ua
X-Varnish-Beresp-Grace
X-GeoCode
X-Dc
X-Human
X-Rule
X-Cache-Action
SD-X-WS
X-LSADC-Cache
X-R9-Blue-Green-Version
X-FireWall-Port
Cache
X-Ms-Version
X-Ms-Request-Id
Cache-Name
X-ECache
X-App-Version
X-Cached-By
X-Cache-Tags
Xet-Cookie
WPO-Cache-Status
LB
WPO-Cache-Message
X-Amz-Apigw-Id
Source
X-Amzn-RequestId
Cross-Origin-Window-Policy
X-GG-Cache-Date
Cross-Origin-Resource-Policy
X-RCS-CacheZone
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Via-NSCOPI
X-Varnish-Hits
Xserver
X-Aspnetmvc-Version
X-Correlation-ID
Origin
X-B3-SpanId
X-Cdn
X-MP-GENERATED-AT
X-GEO
X-Loop
X-IPS-LoggedIn
X-NewRelic-App-Data
X-TNCMS
X-Reqid
Cache-Hits
X-Origin-CC
X-Origin-TTL
X-Amzn-Remapped-Content-Length
X-Pubstack
X-Soup
X-URL
X-AOL-HN
X-FW-Version
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Cluster-Node
Rip
X-Tumblr-Pixel-2
X-Platform-Server
X-Varnish-Ttl
X-Service
X-Api-Version
X-Cluster
X-Origin-Response-Time
A
BehaviorPad-Version
From-Origin
Candidate-Md5Url
X-A
X-Orig-Expires
X-NAPM-TraceId
X-Owner
X-PBS-Appsvrname
X-Rewrite-Enabled
X-Processor
X-Forwarded-Path
X-External-Request-Id
X-Destination
X-D
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-Rojux
X-S
X-User
X-TIM-N
X-Vdms-Path
X-Vdms-Version
Xc-Version
X-VG-WebCache
X-Tenant
X-SRCache-Key
X-ScT
X-S-Cookie
X-Served-From
X-Session-Fingerprint
X-Shop-Environment
X-Connection-Hash
X-Cache-NE
Meta-Geo-Continent
MD5-Digest
Ngx.Var.Host
Odigeo-Trace-Id
Rendered-Blocks
Redirect-Candidate
Lang
Host-ID
DCR-Decision-By
Cdnsip
DCR-Processing-Time-Ms
Environment
Expiry
Sslversion
Surrogated-Key
X-ARC
X-Application
X-B-Cookie
X-Bc-Bl
X-BCube-Filmed-By
X-AK-Request-ID
X-Aed
X-A-Ccd
T-Server
X-A-Dam
X-A-Dcw
X-A-Wwc
Cdncip
X-A-Dgt
HostName
Upgrade-Insecure-Requests
X-CSRF-Token
Fastly-SSL
Webserver
X-Request-Host
X-VC
X-Accel-Buffering
X-NWS-UUID-VERIFY
X-Irp-Debug
X-Dispatcher-Number
X-Level-Front-Cache
Machine
X-Forwarded-Site
X-Generated-On
X-Yandex-Sdch-Disable
X-TIME
OT-Force-Account-Verify
X-Vgn-Hpd-Reason
Mobile-Detection-Method
X-Core-Value
X-Csrf-Jwt
X-Clientip
X-Datadog-Parent-Id
X-Ckpd-Fst-Backend
X-Clara-WADP
NM-Fastcgi-Cache
X-Datadog-Sampling-Priority
X-Developers
HA-Ipaddr
L5d-Success-Class
Mail-Subject
X-Datadog-Trace-Id
Memcached
Server-Host
X-CGP
X-Auto-Login
X-Esi-Check
We-Hiring
X-Aicache-OS
Wxu-Next-Region
Wxu-Next-Hostname
Web-Mar-Region
VNS-Cache
VNS-Age
X-Cdn-Srv
Wxu-Next-Commit
X-CacheTTL
X-Cache-Id
X-Branch-Name
X-Cache-Bucket
State
X-Gateway-Cache-Status
X-Region-Sid
X-SB
X-Scale
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Pod-Name
X-Policy
X-Pool
X-Slack-Backend
X-SplitTest
X-Bip
X-Qloud-Router
X-Thanos
X-Wix-Viewer-Type
X-WADP-Cache
X-V-Cache
WebServer
X-WA-Info
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Gdpr
Ha-Gx-Prefs
X-Gateway-Cache-Key
X-Fastly-Cache
X-Fmm-Version
X-Gamma-Serve
X-Geo-Header
X-Gzip
X-Optimistic-Header
X-Origin
X-Origin-Time
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Hash
X-HS-Content-Campaign-Id
X-Minions-Version
X-Eu-Site
X-Planisys-CDN-Rules
Cmstype
Decoy-Debug-TTL
Decoy-Debug-Status
Fastly-Backend-Name
Datacenter
Country-Code
CPC-Cache
CPC-Age
Gh-Request-Id
Decoy-Debug-Key
Cmsid
Cluster
Cache-Tv-Group
X-Cache-Remote
AMP-Access-Control-Allow-Source-Origin
X-Provided-By
Click-Count-Error
X-Cache-Info
Fastly-SIE
DSUID
X-Block-Status
Origin-CC
Origin-EX
Platform
Producers
NGX
X-BBC-Edge-Cache-Status
Is-Eu
CDCHOST
IsBot
Fastly-SWR
X-Viewer-Country
X-Rocket-Build-Number
X-Request-URI
X-Rocket-Nginx-Serving-Static
AKAMAI
X-Epic-Correlation-Id
X-NodeID
X-NCache
X-Has-Esi
X-Hnp-Log
X-Is-Gdpr
X-JWT-State
X-Scheme
X-Sigma
X-VG-TLSProxy
X-Gen-Mode
X-Worker
Adler-Geo
Cache-Host
Apple-News-Services-Request-Url
X-Sigma-Backend
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Click-Count-Action-Start
Release
X-Proxy-Cache-Info
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-S-Maxage
X-Parent-Response-Time
X-Origin-Expires
X-GeoIP-City
Fastcgi-Cache-TTL
TDXMobile
Req-Svc-Chain
X-SIPLIST1
X-Sn-Servicetimems
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
L
Kp-EeAlive
X-Varnish-CookieHashed-On
X-Variation
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Fastly-GeoIP-CountryCode
X-Thinkindot-L3
X-GeoIP
X-INCAP-ABP
X-Ad-Defer-Variation
Tube-Return
X-Cdn-Origin
X-Core-Mission
V-Age
Servername
Tube-Got-Results
Tube-Got-Eval
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
Traceparent
Tube-Get-Contents
User-Cache-Control
Vix-Hermes-Req-Id
X-Fetched-On
X-DPWN-IS-SECURE
X-Device-Os
X-DefHash
X-DefElseHash
X-VServer
Server-Ext
Server-Hostname
Sever-Int
CloudFront-Viewer-Country
X-Mvc-Supplant-OutputCached
X-Ig-Push-State
X-Loc
X-Microcachable
Svr
X-Ec-Custom-Error
X-Udemy-Cache-App-Namespace
Mime-Version
X-Varnish-Beresp-Ttl
X-ZONE
SID
Ec-Rule-Version
X-Cache-Date
X-LB-NoCache
Pics-Label
X-Tx-Id
X-Conf
Ssr
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Fastly-Drupal-Html
X-Via-Poph
X-Be
X-Via-Popn
X-Via-Popv
Time
Sid
X-Tb-Optimization-Total-Bytes-Saved
X-CMSURLCustom
X-Varnish-Beresp-Status
Memory
Canary
X-Dmc
X-Generated-In
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Sucuri-ID
X-Sucuri-Cache
X-CS
X-Refresh
X-ATG-Version
X-Edge-Pop
X-Presslabs-Stats
X-B3-Traceid
X-Azure-Ref-OriginShield
X-ND-Cache
X-Var-Ttl
X-Fastly-Backend
X-MSEdge-Features
X-MSEdge-Flight
Server-ID
X-FC-Vary-Parameters
X-WP-CF-Super-Cache-Active
X-Xrds-Location
X-TRACE-ID
X-Buckets
X-Cache-Debug
X-NC
X-Servedbyhost
X-Trace-ID
X-Wikidot-Backend
X-Newrelic-App-Data
Env
X-Wikidot-Static-Cache
X-Cs
X-Akamai-Transformed
X-TX-ID
Fastly-Drupal-HTML
CDN
X-CACHE-KEY
X-Esi
GeoIp-Country-Code
X-Release
X-Fpc
X-Endurance-Cache-Level
X-PX
Magicmarker
X-EC-Lua
X-CF-Lambda-Version
X-MCACHE
X-Zone
Tcn
X-ID
X-CF-Lambda-Fn
X-Tumblr-Pixel-3
X-DC
X-Hyper-Cache
X-M-Log
Pramga
X-RateLimit-Reset
X-CACHE-AGE
X-Micro-Cache
X-M-Reqid
True-Client-IP
X-Varnish-Beresp-TTL
X-Up
X-Qnm-Cache
X-Srv
X-NGINX-Cache
X-App
X-Dispatch
X-Edge-Origin-Shield-Region
X-Alfa-Service
My-App
X-TrackingId
C-Via
N-Cache
X-Pass-Why
X-VCL-Version
X-Vc
X-Edge-Origin-Shield-Bytes
X-Vcl-Version
X-PAYTM-SRV-ID
On-Server
X-Platform
X-Wa
Hostname
Fastcgi-X-Cache-Version
X-CSRF-TOKEN
X-Lambda-Id
Path
Esi-Enabled
X-ApacheServer
X-PERF
X-AIR-PT
X-Req
X-HS-Status
X-Air-Pt
Resin-Trace
X-Vtex-Remote-Cache
X-Check-Cacheable
X-Vtex-Processado-Em
X-Vercel-Cache
X-Vercel-Id
True-Client-Ip
X-SD-PageType
NtCoent-Length
Cache-Key
X-LB-ID
GeoIP-Latitude
CacheControlHeader
Tracecode
X-LAGOON
X-Node-Id
Proxy-Connection
HIT
X-TH-Server
X-SERVER-NAME
X-Render-Time
XkeyRZ
DT-Hot-News
GeoIP-Country-Code
X-API-Version
X-Akamai-Pragma-Client-IP
X-FPC
X-Proxy-CacheRZ
Cdn
X-Request-Start
X-CLOUD-TRACE-CONTEXT
X-Geo
X-B3-Spanid
X-VarnishDD-TTL
X-Proxy-Upstream
X-Via-Ucdn
ENV
X-Op-Id-All
True-Client-Country-4JS
X-WA
DynaTrace
X-Webkit-CSP-Report-Only
X-HN
Hit
PFcat
XM
SRV
X-Webkit-Csp-Report-Only
X-ServedByHost
X-Mly-Id
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
MIME-Version
X-Via-CDN
Server-Ttl
X-Traceid
X-Dw-Trace-Id
Server-Id
Section-Io-Id
X-Datacenter
X-GeoIP-Region-Code
Section-Io-Origin-Status
User-Agent
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Edge-POP
X-GeoIP-Country-Code
X-Lb-Id
X-Proxy-Cache-Hk
Lb
X-Cdn-Forward
Yjs-Id
X-TT-LOGID
X-Via-PopH
X-Nf-Request-Id
X-Via-PopN
X-Date
X-Ftr-Request-Id
YJS-ID
X-LiteSpeed-Cache-Control
X-Via-PopV
X-Accel-Expires-Debug
FSS-Cache
Geoip-Latitude
M-TraceId
X-Cache-Backend
WWW-Authenticate
Warning
X-LI-Proto
X-LI-UUID
X-HostName
X-LiteSpeed-Tag
X-FORWARDED-FOR
X-CUA
X-Cache-Ttl
X-Li-Fabric
X-Li-Pop
X-RAMCache
X-Request-Url
Dnion-Transfer-Encoding
X-HA-Backend
PICS-Label
X-RSL
X-RPM
X-RPS
X-DI
X-DW
X-DSS
X-DB
Location
X-Old-Content-Length
Vha6-Origin
X-Nc
X-CF-Powered-By
X-Fastly-Backend-Reqs
Nginx-CQVIP
X-Httpd
X-HITS
X-Akamai-Request-ID
XServer
X-Server-IP
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-B3-ParentSpanId
X-Wp-Cf-Super-Cache-Cache-Control
X-UA
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
Wpo-Cache-Message
X-Lb-Nocache
Sm-Log-Id
X-Service-Response-Time
X-Response-By
X-Instance-Name
WZWS-RAY
Ohc-File-Size
X-Fastly-Cache-Hits
Wpo-Cache-Status
X-IN-APIGATEWAYSSL
X-Cdn-Request-ID
X-IN-APIGATEWAY
X-Cc-Via
Cdn-Cache
Cdn-Edgestorageid
Wp-Super-Cache
CountryCode
Cdn-Cachedat
Cdn-Requestcountrycode
Cdn-Uid
Cdn-Pullzone
X-Cache-Ngx
Cdn-Requestid
X-Varnish-Authentication
Req-ID
X-Snapshot-Date
X-MiniProfiler-Ids
X-APP
Fastcgi-Cache-Ttl
Ohc-Cache-HIT
Uri
X-Moov-T
Dt-Hot-News
X-Serial
X-Cache-ASPX
X-Moov-Xdn-Version
X-Contensis-Viewer-Groups