Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Generator
X-Check
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Status
Upgrade
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-UA-Device
X-Amz-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Amz-Id-2
EagleId
X-AH-Environment
X-Backend
X-Proxy-Cache
P3p
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-WebKit-CSP
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ua-Compatible
X-Device
Cf-Apo-Via
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Server-Id
X-Ruxit-JS-Agent
EagleEye-TraceId
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Content-Security-Policy-Report-Only
X-Cache-Lookup
X-HW
X-Cache-Spec
Accept-Ch-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Cloud-Trace-Context
X-Response-Time
X-Application-Context
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-WebKit-CSP-Report-Only
X-Mod-Pagespeed
Content-Location
X-Mcache
Accept-CH-Lifetime
X-MS-InvokeApp
X-Content-Type
X-Country
X-Litespeed-Cache
X-Url
X-Clacks-Overhead
X-CST
X-Midtier
X-Vname
X-PC
X-TtlSet
X-Amz-Server-Side-Encryption
Rating
RTSS
Cache-Tag
X-ESI
X-D2id
X-Vcap-Request-Id
X-Rack-Cache
X-Element-Page-Cache
Origin-Trial
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
Verso
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
X-ECACHE
X-Ac
Service-Worker-Allowed
X-Powered-By-Plesk
X-Cnection
X-Amz-Rid
SPRequestGuid
X-Client-IP
X-SharePointHealthScore
X-Navigation-Version
X-Ttl
Xkey
X-Abt-Application-Version
Edge-Control
SPRequestDuration
SPIisLatency
X-Upstream
X-Cache-TTL
Arr-Disable-Session-Affinity
X-B3-TraceId
X-Cached
X-Mg-S
X-Dw-Request-Base-Id
X-Browser-Type
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-NWS-LOG-UUID
X-Varnish-TTL
X-FastCGI-Cache
X-Px
X-Sol
X-Middleton-Display
Display
Pagespeed
Accept-Ch
X-NF-Request-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-Forwarded-For
X-Cache-Key
Edge-Cache-Tag
X-Country-Code
X-Correlation-Id
X-Goog-Hash
X-Powered-CMS
Content-MD5
X-Ser
X-Id
AR-PoweredBy
AR-Request-ID
Front-End-Https
AR-CACHE
AR-ATIME
AR-SID
X-Ratelimit-Limit
X-Webkit-Csp
Public-Key-Pins
TCN
X-Version
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Amzn-Trace-Id
X-Content-Digest
X-MSEdge-Ref
X-T
X-Recruiting
X-RateLimit-Remaining
Response
X-Middleton-Response
X-Accel-Expires
TP-L2-Cache
TP-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
S
Nginx-Cache
Cache-Status
X-Daa-Tunnel
X-Request-Received
X-Request-Processing-Time
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
Server-Node
X-XRDS-Location
Cross-Origin-Opener-Policy
Cache-Tags
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Distributor
X-Hits
X-TEC-API-ROOT
X-TEC-API-VERSION
X-PressLabs-Stats
X-TEC-API-ORIGIN
X-Ratelimit-Remaining
X-Kinsta-Cache
X-Edge-Location-Klb
X-LB-Cache
X-Fastcgi-Cache
X-Fastly-Request-ID
X-Origin-Server
X-Ua-Browser
X-Ratelimit-Reset
Fastcgi-Cache
X-Ezoic-Cdn
Alternate-Protocol
Filterid
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Grace
X-LLID
X-Microsite
X-Request-Handler-Origin-Region
X-Rid
X-Frontend
X-DIS-Request-ID
Server-Name
X-Geo-Country
X-Logged-In
Healthy
X-Hostname
X-Git-Hash
Realpath
X-NGENIX-Cache
X-FB-Debug
X-Varnish-Backend
X-Www-Served-By
Cleartype
X-Debug-Info
X-Load-Cache
X-Cluster-Name
X-Page-Id
Payment
X-Protected-By
DC
X-Forwarded-Proto
MS-Author-Via
Access-Control-Allow-Method
X-ASPNET-VERSION
Content-Disposition
X-Origin-Cache
X-ECache
X-DataDome
Charset
X-B3-Sampled
X-Upgrade-Enabled
X-TTL
X-GUploader-UploadID
X-Goog-Metageneration
X-Activity-Id
X-AppVersion
X-Az
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Proxy
X-Seen-By
X-F-Cache
Count-Hit
X-Amz-Replication-Status
X-Whom
Cross-Origin-Resource-Policy
Paypal-Debug-Id
X-Revision
X-Amz-Meta-S3cmd-Attrs
X-B
X-Times
X-Azure-Ref
X-Type
X-Akamai-Edgescape
X-Fb-Rlafr
Surrogate-Key
X-Contextid
X-App-Environment
X-Providence-Cookie
Viewport
X-Is-Crawler
Accept-Charset
X-Aspnet-Duration-Ms
X-Request-Guid
X-Flags
X-Cache-Age
X-Route-Name
X-B3-Traceid
X-Wix-Request-Id
Retry-After
X-TT
X-Varnish-Server
X-Hosted-By
X-Aspnetmvc-Version
X-Signature
X-B-Cache
X-DynaTrace
X-Language
X-Cache-Control
X-Envoy-Decorator-Operation
X-App-Server
Amp-Access-Control-Allow-Source-Origin
X-Source
X-Mobile
X-Varnish-Grace
X-Magnolia-Registration
X-VCache
X-Oracle-Dms-Ecid
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Oracle-Dms-Rid
X-Goog-Storage-Class
X-Goog-Generation
Host
WPO-Cache-Status
Version
WPO-Cache-Message
Referer-Policy
X-XRDS-LOCATION
Refresh
X-N
X-Server-ID
X-HTML-Minification-Powered-By
X-Cache-Time
X-Original-Request-Id
X-Tumblr-Pixel-0
X-Cache-Rule
X-Tumblr-Pixel-1
X-Varnish-Age
X-Response-Served-From
X-Tumblr-Pixel
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Tumblr-User
Access-Control-Request-Headers
X-Fastly-Request-Id
X-EdgeConnect-Cache-Status
X-Rule
X-Content-Powered-By
X-RTag
X-Cache-Status-Check
X-G
SD-X-WS
X-UUID
X-Framework
MS-CV
X-Trace-Id
Ms-Operation-Id
X-User-Agent
Protected
X-Cacheable-TTL
X-Device-Type
X-Cache-Grace
Section-Io-Cache
X-Backend-Name
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Version
X-Jobs
X-RemovedCookies
X-FW-Serve
X-ProcessESI
X-FW-Dynamic
X-FW-Hash
X-Page-View
X-L-Path
X-Tt-Trace-Tag
X-Tt-Trace-Host
VIX-Pulpo-Upstream-Status
Akamai-GRN
From-Origin
VIX-Pulpo-Node
NGB
CDN-RequestId
X-Environment-Context
GEO-INFO
X-Status
X-Adobe-Content
X-Region
X-Akamai-Request-ID2
X-Varnish-Ttl
X-Adobe-Loc
X-Cache-Expired-At
X-Drupal-Cache-Tags
X-Is-Bot
X-Instance
X-Http-Reason
X-Drupal-Cache-Contexts
X-NYM-Debug-Backend
X-Rendered-As
Front
X-Nginx-Cache
Url
X-Servername
X-Unique-Id
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-COUNTRY
Accept-Language
Liferay-Portal
SRV
X-Content-Options
X-Debug-IsPreview
Fastly-SIE
X-Debug-IsConnected
Fastly-SWR
X-Template
Backend
X-CDN-Forward
X-Cache-Hit
X-Zen-Fury
X-RateLimit-Limit
X-Yottaa-Metrics
X-Air-Trace-Id
X-Air-Source
X-Yottaa-Optimizations
X-Air-Hostname
X-DynaTrace-JS-Agent
X-Newrelic-App-Data
X-Time
Country
X-Mode
X-Rocket-Nginx-Serving-Static
Content-Secure-Policy
Node
X-Cache-Operation
X-UPSTREAM-Address
X-RN-RSRV
X-Amzn-Remapped-Content-Length
X-Uri
X-IPS-LoggedIn
X-Generation-Time
Webserver
X-Tumblr-Pixel-2
X-Cache-Server
X-Rewrite-Enabled
Filters
Meta-Geo
X-Proxy-Cache-Info
Azure-SiteName
X-PHP-Backend
Selected-Fe
Azure-SlotName
X-Edge-Location
X-Tb
Azure-Version
Cache-Hits
X-Tumblr-Pixel-3
CF-IPCountry
Uber-Trace-Id
Azure-RegionName
Azure-InstanceId
Onion-Location
X-Web-Node
X-Timing-Wait
X-Content-Age
X-Proxy-Build
WP-Super-Cache
Countrycode
X-Cache-Action
X-Sucuri-Cache
Cache-Name
X-Sucuri-ID
X-BYPASS-REASON
X-Server-W
X-Say-Cacheable
X-PHP-Host
X-Cms-Context
X-Proto
X-ProxyCache-Key
X-Soup
X-Via-Fastly
X-ProxyCache-Status
X-Ua
X-Origin-Date
X-Locale
X-Labrador-Cache-Channel
X-SayCDN-TTL
X-Ms-Request-Id
X-Ms-Version
X-Say-TTL
X-Handled-By
S-Rt
Property-Id
X-Debug
X-Proxy-Cache-Status
X-Origin-Hint
X-Sql-Duration-Ms
X-Format
TWC-Device-Class
X-Cache-Host
Webcakes-App-Version
X-UA-Device-Type
Webcakes-Region
X-Section
X-Skip-Cache
X-Site-Version
X-Access
X-Sql-Count
X-VC-Cache
TWC-GeoIP-Country
X-Reqid
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
X-Cluster-Node
ServerID
Webcakes-App-Name
X-ARC
X-Real-IP
X-Varnish-Beresp-Grace
X-AWS-Id
X-Adobe-Source
X-App-Version
X-Routing-Service
X-SaId
ServedBy
Cache-Tv-Group
X-IPLB-Instance
X-IPLB-Request-ID
DB-Nickname
X-LJ-Flow-ID
X-VWS-Id
X-Optimistic-Header
X-JoinUs
Web-Mar-Node
X-Forwarded-Host
X-Proxied
X-R9-Blue-Green-Version
X-LAGOON
X-Zipkin-Id
X-FB-TRIP-ID
X-Extlb
X-Cache-TTL-Remaining
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
Cross-Origin-Window-Policy
X-Detected-As
Apigw-Requestid
X-Cluster
X-No-Session
Mn-Server-Ip
X-LSADC-Cache
X-GeoCountry
Fastcgi-Useragent
X-GeoCode
X-Ruxit-Js-Agent
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Xfnlog-Site
X-Director
X-Node-Name
Mime-Version
X-Tt-Logid
Source
Upgrade-Insecure-Requests
X-Varnish-Hits
Frame-Options
X-Oneagent-Js-Injection
X-TIME
X-GEO
CDN-CachedAt
X-Generated-By
CDN-EdgeStorageId
CDN-Cache
CDN-RequestCountryCode
CDN-PullZone
CDN-Uid
X-Hl-Ver
X-Buckets
X-Varnish-Cache-Hits
X-Mg-Request-UUID
X-Request-Time
Fastly-Drupal-HTML
X-FireWall-Port
X-Tec-Api-Root
Load-Balancing
X-Tec-Api-Origin
X-Tec-Api-Version
Xet-Cookie
X-ServerID
X-Varnish-Hostname
X-Redis-Cache
X-RM-Cache-TTL
X-Datadog-Parent-Id
X-Origin-TTL
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-SRV
X-Origin-CC
X-Cache-Debug
X-Api-Version
X-TA-CDN-Provider
X-Loop
X-URL
CF-Cached-On
X-Akamai-Transformed
X-Served-From
X-Tx-Id
X-Pubstack
X-Storage
X-Endurance-Cache-Level
X-Pass-Why
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Newrelic-Synthetics
X-Request-Host
Xserver
Server-Info
X-Location
X-Restarts
X-Provided-By
X-Service
Lang
MD5-Digest
Memcached
X-S
Host-ID
X-Rojux
Gannett-Cam-Experience-Id
X-Epic-Correlation-Id
X-Ec-GeoHdr
Meta-Geo-Continent
Ngx.Var.Host
X-Destination
X-We-Are-Hiring
Origin
Redirect-Candidate
X-S-Cookie
X-Developer
NM-Fastcgi-Cache
Odigeo-Trace-Id
X-Ec-Fail
Edge-Cache
DSUID
X-INCAP-ABP
A
BehaviorPad-Version
Xc-Version
X-Origin
X-Level-Front-Cache
X-Mobile-URL
X-Mid
X-Loc
Cache-Host
Candidate-Md5Url
X-Processor
DCR-Decision-By
DCR-Processing-Time-Ms
X-Rocket-Build-Number
X-External-Request-Id
X-Gdpr
X-Origin-Time
X-Httpd
X-Generated-On
X-Vdms-Version
X-D
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SRCache-Key
X-Sigma-Backend
X-A-Wwc
X-Cache-NE
X-Conf
X-A-Dgt
X-CMSURLCustom
X-Cache-Info
X-Sigma
X-Bip
X-Application
X-BCube-Filmed-By
X-B-Cookie
X-Cache-Date
X-S-Maxage
X-Aed
X-ScT
X-Akamai-Device-Characteristics
X-Test
X-Nyt-Route
X-Vdms-Path
Surrogated-Key
T-Server
X-TIM-N
X-CUA
Sslversion
Release
Rendered-Blocks
Server-Host
TDXMobile
X-Thinkindot-L3
X-A
X-A-Ccd
X-A-Dcw
WWW-Authenticate
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Thanos
X-Bc-Bl
X-A-Dam
X-CSRF-Token
X-WP-CF-Super-Cache-Active
X-TNCMS
X-Correlation-ID
X-Core-Mission
X-Cdn-Origin
X-CacheTTL
X-Cache-Id
X-DefElseHash
X-DefHash
X-Fetched-On
X-Geo-Header
X-GeoIP
X-Fastly-Cache
X-Fastly-Backend
X-Dispatcher-Server
X-Ec-Custom-Error
X-Esi-Check
X-Cache-Bucket
X-BBC-Edge-Cache-Status
Section-Io-Origin-Status
Section-Io-Id
Platform
Mail-Subject
Magicmarker
Is-Eu
Section-Io-Origin-Time-Seconds
Req-Svc-Chain
Tube-Get-Contents
X-Ad-Defer-Variation
X-Auto-Login
We-Hiring
Tube-Return
Tube-Got-Eval
Tube-Got-Results
X-GeoIP-City
X-Has-Esi
X-Sn-Servicetimems
X-Var-Ttl
X-Variation
X-Server-IP
X-SD-PageType
X-Air-Pt
X-Scale
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Worker
X-Response-By
X-VServer
X-Vmg-Version
X-Varnish-Remaining-TTL
X-Varnishpool
X-Req
X-Pool
X-JWT-State
X-Men
X-Mvc-Supplant-Cachable
X-Is-Gdpr
X-HS-Content-Campaign-Id
Section-Origin-Responded
X-Hash
X-Node-Id
X-Org
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Platform
X-Origin-Expires
X-Origin-Response-Time
X-Gzip
X-Human
Click-Count-Error
CloudFront-Viewer-Country
Country-Code
Fastly-Backend-Name
Click-Count-Action-Start
Cache-Key
Adler-Geo
AKAMAI
C-Via
Fastly-GeoIP-CountryCode
CacheControlHeader
Gh-Request-Id
HostName
Environment
Datacenter
X-GeoIP-Region-Code
Kp-EeAlive
X-GeoIP-Country-Code
X-Varnish-Beresp-Status
Cmstype
Machine
X-Cache-Tags
X-Azure-Ref-OriginShield
X-CACHE-AGE
Web-Mar-Region
Vix-Hermes-Req-Id
X-Mly-Id
X-Accel-Expires-Debug
X-Irp-Debug
X-App
X-Instance-Name
X-Slack-Backend
X-Cdn-Srv
X-Device-Os
X-Developers
X-Frame-Option
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-Forwarded-Site
Canary
X-Gamma-Serve
X-FC-Vary-Parameters
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Nginx-Cache-Key
Cmsid
X-Slack-Shared-Secret-Outcome
X-Date
X-Core-Value
X-Fmm-Version
X-Accel-Buffering
X-Qloud-Router
X-Wix-Viewer-Type
X-Vcl-Version
X-WA-Info
Ssr
State
Producers
Origin-CC
Origin-EX
X-NodeID
X-Release
X-Region-Sid
Expect-Staple
X-WADP-Cache
On-Server
X-Varnish-Beresp-Ttl
X-Via-CDN
Cache-Provider
Server-Ext
X-Owner
L
X-SB
X-Cache-FS-Status
X-Block-Status
X-Platform-Server
X-V-Cache
Locid
NGX
X-Request-Start
PFcat
Srvid
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-VarnishDD-TTL
X-Gen-Mode
Server-Hostname
X-FL-EDGE
Apple-News-Services-Handled
Apple-News-Services-Host
X-Zone
X-Minions-Version
X-Old-Content-Length
X-HN
Wxu-Next-Commit
X-Op-Id-All
User-Cache-Control
Wxu-Next-Hostname
Wxu-Next-Region
X-VG-TLSProxy
Apple-News-Services-Parsed-Url
Sever-Int
X-NCache
X-Aicache-OS
X-FL-QIT-DEBUG
Apple-News-Services-Request-Url
X-Hnp-Log
Edge-Copy-Time
X-Via-SSL
X-Via-Edge
X-Parent-Response-Time
X-Eu-Site
Fastly-SSL
X-From
L5d-Success-Class
X-Nananana
X-Mvc-Supplant-OutputCached
X-Microcachable
X-Cache-Remote
HA-Ipaddr
Ha-Gx-Prefs
X-CGP
CDCHOST
X-Csrf-Jwt
X-Ua-Device
X-Webkit-CSP-Report-Only
X-VC
X-Up
X-Refresh
X-B3-Spanid
X-Cache-Enabled
X-LB-NoCache
X-Lambda-Id
X-RCS-CacheZone
X-Debug-Cache-Store
X-Dc
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Backend
Pics-Label
X-Debug-Cache-Fetch
Env
X-DC
X-VCT
X-Generated-In
Decoy-Debug-Status
X-ND-Cache
Decoy-Debug-TTL
GeoIP-Latitude
Decoy-Debug-Key
Cluster
Sid
X-Trace-ID
CPC-Age
X-NWS-UUID-VERIFY
Cache
X-Via-Poph
X-HS-Status
X-Via-Popn
CPC-Cache
X-Edge-Pop
VNS-Cache
X-B3-SpanId
X-Vtex-Remote-Cache
VNS-Age
X-Render-Time
X-Cached-By
X-Via-Popv
X-Tid
NtCoent-Length
X-Upstream-Ct
X-Cs
AMP-Access-Control-Allow-Source-Origin
X-Upstream-Ht
X-CCDN-CacheTTL
X-CCDN-Origin-Time
SID
Fastly-Drupal-Html
X-Hcs-Proxy-Type
Time
Memory
X-Cache-Type
X-NewRelic-App-Data
X-Webkit-CSP
X-Servedbyhost
X-DataCenter
X-TH-Server
X-LB-ID
X-HA-Backend
X-Srv
Svr
X-AIR-PT
X-ATG-Version
GeoIp-Country-Code
X-Wa
X-Vgn-Hpd-Ssi
X-Presslabs-Stats
X-Esi
X-Vgn-Hpd-Cached
X-Nc
X-Vgn-Hpd-Variations-Key
X-Via-JSL
X-Client-Ip
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Cdn
Srv
X-Vc
Uri
X-ZONE
True-Client-IP
Server-ID
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-CF-Lambda-Version
Esi-Enabled
X-CF-Lambda-Fn
X-Amz-Meta-Cb-Modifiedtime
X-PAYTM-SRV-ID
X-Proxy-CacheRZ
X-NGINX-Cache
XkeyRZ
X-MP-GENERATED-AT
X-Varnish-Beresp-TTL
X-Fpc
XServer
X-CS
X-Udemy-Cache-App-Namespace
Hostname
X-Gateway-Request-Id
N-Cache
X-Nf-Request-Id
Cdnsip
Cdncip
X-CACHE-KEY
X-CDN-Cache-Status
X-API-Version
Resin-Trace
X-AK-Request-ID
X-Wikidot-Static-Cache
X-Gateway-Cache-Key
X-Wikidot-Backend
X-Gateway-Cache-Status
M-TraceId
X-Gateway-Skip-Cache
X-CSRF-TOKEN
YJS-ID
X-Datadome
X-EC-Lua
X-Orig-Expires
X-Bl-Debug
X-Forwarded-Path
RNT-Time
X-Via-NSCOPI
X-Shop-Environment
OT-Force-Account-Verify
X-Tenant
RNT-Machine
Lb
X-FPC
X-TX-ID
X-MSEdge-Features
X-Fastly-Country-Code
True-Client-Ip
X-MSEdge-Flight
X-App-Name
X-B3-Trace-ID
X-Policy
Eomportal-Instance
CDN
Request-ID
Server-Id
X-APP-VERSION
Sm-Log-Id
X-Service-Response-Time
Ngx-Var-Key
X-Logging-Id
Hit
X-Micro-Cache
GeoIP-Country-Code
X-WA
X-Cache-Ttl
Path
X-Ha-Backend
IsBot
X-Lb-Id
X-Accel-Version
X-SIPLIST1
X-NC
X-Git-Commit
X-Vcache
X-Container-Uri
X-VCL-Version
X-Cdn-Diag
X-Datacenter
X-Cache-NGX
X-Request-URI
X-MCACHE
X-RateLimit-Reset
X-ServedByHost
LB
X-Edge-POP
X-Info
X-Cdn-Forward
Pramga
X-Cdn-Cache-Status
HIT
X-LiteSpeed-Cache-Control
Location
X-SERVER-NAME
Cross-Origin-Opener-Policy-Report-Only
RATING
X-Geo
X-Akamai-Pragma-Client-IP
X-Via-PopN
Timeexpire
X-Via-PopH
X-Pod-Name
Ohc-File-Size
X-Xrds-Location
X-Srcache-Fetch-Status
X-Snapshot-Date
X-Tncms
X-Srcache-Store-Status
X-Via-PopV
Geoip-Latitude
FSS-Cache
XM
X-VG-WebCache
X-Acquia-Purge-Cdn-Unconfigured
Tcn
X-TT-LOGID
X-Clientip
ENV
Epwk-X-Cache
True-Client-Country-4JS
X-LiteSpeed-Tag
V-Age
X-Lb-Nocache
Req-ID
X-Serial
X-Ctl-Mach
CDN-RequestPullCode
Yjs-Id
CDN-RequestPullSuccess
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Rebelmouse-Surrogate-Control
X-Iauth-Set-Uid
X-Rebelmouse-Cache-Control
X-HostName
X-Cache-Expires
Servername
Proxy-Connection
X-Amz-Meta-Opti
X-Hyper-Cache
X-Cdn-Request-ID
X-Oss-Object-Type
X-Dw-Trace-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Fastly-Backend-Reqs
X-M-Reqid
X-M-Log
Warning
X-RAMCache
X-Acquia-Site
Content-Style-Type
X-Swift-Error
X-Acquia-Purge-Tags
X-UP
X-Acquia-Application-Trace
W
Cneonction
WZWS-RAY
Ec-Rule-Version
Content-Script-Type
X-B3-Parentspanid
X-Qnm-Cache
X-Acquia-Application-UUID
X-MiniProfiler-Ids
CountryCode
X-Lsadc-Cache
X-F-Status
PICS-Label
X-IPS-Cached-Response
X-Moov-Xdn-Version
X-B3-ParentSpanId
X-WP-CF-Super-Cache-Cookies-Bypass
X-Moov-T
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Ohc-Cache-HIT
X-Th-Server
X-Litespeed-Cache-Control
X-Cache-Ngx
X-Webstats-RespID
X-Mg-Cache
Ngx
X-Fastly-Cache-Hits
MIME-Version
My-App
X-Scheme