Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
Expect-CT
Pragma
CF-RAY
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
CF-Ray
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
X-Cacheable
X-Request-ID
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
X-XSS-PROTECTION
Upgrade
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Amz-Id-2
X-Backend
P3p
X-Age
X-Ws-Request-Id
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
EagleId
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
X-Akamai-Path-Stats
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
X-WebKit-CSP
X-Aws-Lambda-Call-Status
Accept-CH
X-Host
X-Node
X-Pingback
X-OneAgent-JS-Injection
Cf-Railgun
X-Server-Id
X-Cache-Spec
Surrogate-Control
X-Akam-SW-Version
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Response-Time
X-Cache-Lookup
X-Readtime
Accept-CH-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
X-WebKit-CSP-Report-Only
X-Url
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Edge
Edge-Control
X-Rack-Cache
X-B3-TraceId
X-PC
X-Vname
X-TtlSet
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-ESI
X-Content-Type
X-Mod-Pagespeed
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-CST
Verso
Xkey
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Use-Magma
X-GitHub-Request-Id
X-Amz-Rid
X-Mcache
X-D2id
Cache-Tag
X-Powered-By-Plesk
X-VARITI-CCR
Service-Worker-Allowed
RTSS
X-Ruxit-Js-Agent
X-Varnish-TTL
X-ECACHE
X-Upstream
X-FastCGI-Cache
X-Version
X-Abt-Application-Version
X-Cached
X-Navigation-Version
X-Client-IP
X-Ac
X-Cnection
X-Dw-Request-Base-Id
X-Px
X-SharePointHealthScore
SPRequestGuid
X-Element-Page-Cache
X-Kraken-Loop-Name
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Instrumentation
X-Ttl
SPIisLatency
SPRequestDuration
Public-Key-Pins
Permissions-Policy
X-Server-Name
X-Country-Code
X-Middleton-Display
Pagespeed
Display
X-Sol
X-NWS-LOG-UUID
X-Cache-TTL
X-Ser
Response
X-Middleton-Response
X-Midtier
X-Edge-Location-Klb
X-Kinsta-Cache
X-Cache-Key
X-Goog-Hash
Cf-Apo-Via
X-Forwarded-For
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
Accept-Ch
Access-Control-Request-Method
X-Correlation-Id
X-RateLimit-Remaining
X-NF-Request-ID
Front-End-Https
X-Shield-Request-Id
X-MSEdge-Ref
X-DataDome
TP-Cache
TP-L2-Cache
X-T
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Recruiting
MicrosoftSharePointTeamServices
Edge-Cache-Tag
AR-Request-ID
AR-PoweredBy
AR-SID
AR-ATIME
AR-CACHE
X-Accel-Expires
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Nginx-Cache
X-Powered-CMS
X-Daa-Tunnel
TCN
X-Grace
X-ORACLE-DMS-RID
X-Mg-S
X-ORACLE-DMS-ECID
X-Content-Digest
X-RateLimit-Limit
X-Id
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Request-Received
X-Request-Processing-Time
Server-Node
Server-Name
Filters
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Amzn-Trace-Id
X-XRDS-Location
MS-Author-Via
X-Frontend
X-Geo-Country
X-Distributor
Fastcgi-Cache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
S
X-Webkit-Csp
X-PressLabs-Stats
X-Protected-By
X-Fastcgi-Cache
X-Language
Cache-Status
X-LLID
X-Litespeed-Cache
X-Origin-Server
Count-Hit
X-Ezoic-Cdn
X-Ab
X-Ua-Browser
Cross-Origin-Opener-Policy
Filterid
X-LB-Cache
X-Amz-Meta-S3cmd-Attrs
X-F-Cache
X-Forwarded-Proto
X-Fastly-Request-Id
X-Request-Handler-Origin-Region
X-Seen-By
Payment
X-Page-Id
X-Microsite
X-B3-Sampled
X-FB-Debug
Charset
X-Git-Hash
Host
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Cluster-Name
X-VCache
X-TTL
Surrogate-Key
X-Cache-Age
X-Rid
Realpath
Cache-Tags
Accept-Charset
X-Www-Served-By
X-Template
X-NGENIX-Cache
X-Origin-Cache
Access-Control-Allow-Method
Alternate-Protocol
X-Upgrade-Enabled
Retry-After
X-DIS-Request-ID
X-Logged-In
Cleartype
X-Source
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Az
X-Route-Name
X-AppVersion
X-Activity-Id
X-TT
X-Tb
X-Signature
ServerID
X-Type
X-B-Cache
X-Flags
X-Wix-Request-Id
X-Varnish-Backend
X-Aspnet-Duration-Ms
X-Envoy-Decorator-Operation
X-Varnish-Grace
X-Amz-Replication-Status
X-B
DC
Paypal-Debug-Id
X-App-Environment
X-DynaTrace
X-Node-Name
X-Fastly-Request-ID
X-Hostname
X-Drupal-Cache-Tags
Frame-Options
X-Revision
X-Proxy
X-Debug
X-Contextid
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Rule
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Kong-Upstream-Latency
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Kong-Proxy-Latency
X-GUploader-UploadID
X-Ratelimit-Remaining
Amp-Access-Control-Allow-Source-Origin
X-Mobile
X-Content-Options
X-Load-Cache
Refresh
Country
X-Cache-Control
X-N
X-Magnolia-Registration
Node
X-EdgeConnect-Cache-Status
X-Oracle-Dms-Ecid
X-Response-Served-From
X-Original-Request-Id
NGB
X-Oracle-Dms-Rid
X-User-Agent
X-Whom
Viewport
X-L-Path
Access-Control-Request-Headers
X-Cache-TTL-Remaining
X-Environment-Context
X-Adobe-Loc
X-Adobe-Content
X-Cache-Grace
X-Akamai-Request-ID2
Referer-Policy
Akamai-GRN
Content-Disposition
X-Cache-Time
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Instance
X-Debug-IsConnected
X-Content-Powered-By
X-Yottaa-Optimizations
X-Debug-IsPreview
X-Mid
X-Varnish-Age
X-Real-IP
X-Yottaa-Metrics
X-Varnish-Server
X-Is-Bot
X-G
X-Framework
X-Page-View
X-Rendered-As
X-Status
X-Servername
X-Cacheable-TTL
X-NYM-Debug-Backend
X-Jobs
Url
X-Content
Uber-Trace-Id
X-Unique-Id
Srv
X-ProcessESI
X-RemovedCookies
Countrycode
X-COUNTRY
X-Time
X-APP-VERSION
X-Drupal-Cache-Contexts
Version
X-Mg-Request-UUID
X-Ratelimit-Limit
Cross-Origin-Resource-Policy
X-XRDS-LOCATION
X-Via-JSL
Accept-Language
X-Cache-Expired-At
X-CDN-Forward
X-Http-Reason
X-Cache-Hit
X-Restarts
X-App-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
Protected
X-Trace-Id
Healthy
X-Cache-Operation
X-IPLB-Request-ID
X-IPLB-Instance
X-Backend-Name
X-Hosted-By
X-Debug-Info
X-Azure-Ref
Section-Io-Cache
Content-Secure-Policy
X-Tt-Logid
X-Akamai-Edgescape
X-Device-Type
X-Nginx-Cache-Key
X-Server-ID
Liferay-Portal
X-Cache-Action
X-Rule
X-SRV
Backend
X-FW-Server
X-FW-Static
X-FW-Serve
X-Api-Version
X-FW-Type
Server-Info
X-FW-Hash
X-FW-Dynamic
GEO-INFO
X-UPSTREAM-Address
X-VC-Cache
X-Generation-Time
Meta-Geo
Load-Balancing
X-Mobile-URL
X-RN-RSRV
X-Storage
MS-CV
Ms-Operation-Id
X-Mode
X-Proxy-Cache-Status
X-RTag
Fastcgi-Useragent
CF-IPCountry
X-HTML-Minification-Powered-By
X-Content-Age
X-Handled-By
Azure-SlotName
X-Sorting-Hat-PodId
Azure-SiteName
X-JoinUs
Azure-RegionName
Azure-InstanceId
X-LJ-Flow-ID
X-ShopId
X-ShardId
X-Region
X-Redis-Cache
X-Shopify-Stage
Azure-Version
X-Cache-Server
X-Labrador-Cache-Channel
CDN-Cache
X-Edge-Location
Locale
X-Format
Web-Mar-Node
X-Cache-Host
X-AWS-Id
X-Adobe-Source
X-Access
X-Forwarded-Host
X-Generated-By
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestId
X-Sorting-Hat-ShopId
CDN-Uid
X-Site-Version
X-PHP-Host
X-Skip-Cache
X-Sql-Count
X-Locale
X-Say-TTL
X-Alternate-Cache-Key
X-Say-Cacheable
X-No-Session
X-SayCDN-TTL
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Section
X-Varnish-Beresp-Grace
X-VWS-Id
X-URL
X-Sql-Duration-Ms
X-SaId
Property-Id
X-Extlb
X-Detected-As
X-Cache-Type
TWC-Connection-Speed
Eomportal-Instance
Onion-Location
X-Routing-Service
X-Proto
X-Varnish-Cache-Hits
X-UA-Device-Type
TWC-Device-Class
TWC-GeoIP-Country
X-ProxyCache-Status
X-Cache-Enabled
X-Xfnlog-Site
X-BYPASS-REASON
X-Uri
X-Via-Fastly
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
X-Web-Node
X-FireWall-Port
X-GeoCountry
X-OCL
Xserver
X-Storefront-Renderer-Rendered
X-Ms-Request-Id
Apigw-Requestid
X-Proxied
X-Zipkin-Id
X-Origin-Hint
X-R9-Blue-Green-Version
X-PCL
X-ServerID
S-Rt
X-Cache-NGX
X-Datadome
X-Varnish-Hostname
X-ProxyCache-Key
X-Ms-Version
X-GeoCode
X-Cms-Context
X-Request-Time
X-Varnishpool
Selected-Fe
X-PHP-Backend
X-Server-W
X-Timing-Wait
X-Cache-Status-Check
X-Hl-Ver
X-Tid
X-Proxy-Build
Cache-Name
Mn-Server-Ip
WP-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-FB-TRIP-ID
DB-Nickname
X-Origin-Date
X-Nginx-Cache
X-ECache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-UUID
X-Varnish-Ttl
X-DynaTrace-JS-Agent
ServedBy
X-Loop
X-LSADC-Cache
X-TNCMS
X-Pubstack
X-Zen-Fury
X-Ua
Xet-Cookie
X-Human
X-Reqid
X-MP-GENERATED-AT
X-Provided-By
X-Amzn-Remapped-Content-Length
X-RCS-CacheZone
X-Correlation-ID
X-TA-CDN-Provider
X-Aspnetmvc-Version
X-GEO
X-Vgn-Hpd-Reason
X-Cache-Tags
Source
Cache
X-Soup
X-Cdn
X-Dc
Origin
X-Webkit-CSP
X-Tumblr-Pixel-2
X-Cached-By
X-Varnish-Hits
X-Origin-CC
X-Debug-Cache
X-Origin-TTL
Cross-Origin-Window-Policy
From-Origin
X-App-Version
X-Newrelic-Synthetics
SD-X-WS
X-Service
WPO-Cache-Status
WPO-Cache-Message
X-Varnish-Beresp-Ttl
Webserver
LB
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Rip
X-Trace-ID
X-IPS-LoggedIn
X-NewRelic-App-Data
X-Request-Host
X-Cache-Debug
X-B3-Traceid
X-AOL-HN
Cdnsip
Meta-Geo-Continent
Cdncip
X-SRCache-Key
Ngx.Var.Host
X-Connection-Hash
X-Shop-Environment
Odigeo-Trace-Id
MD5-Digest
CPC-Age
DCR-Decision-By
X-User
DCR-Processing-Time-Ms
X-FW-Version
CPC-Cache
VNS-Age
VNS-Cache
X-TIM-N
X-ScT
X-S-Cookie
X-Forwarded-Path
X-Processor
Sslversion
X-PBS-Appsvrname
X-Parent-Response-Time
Rendered-Blocks
X-Orig-Expires
A
X-External-Request-Id
BehaviorPad-Version
X-NAPM-TraceId
X-Rojux
X-S
X-D
X-Rewrite-Enabled
Surrogated-Key
T-Server
X-Ec-GeoHdr
X-Tenant
X-Application
X-VG-WebCache
Host-ID
X-ARC
X-Aed
Xc-Version
X-A-Dcw
X-A-Dgt
X-Developer
X-AK-Request-ID
Environment
X-Cache-NE
X-A-Wwc
X-B-Cookie
X-A-Dam
X-Bc-Bl
X-BCube-Filmed-By
X-A-Ccd
X-Ec-Fail
X-Vdms-Path
X-Vdms-Version
X-A
X-Destination
Expiry
Lang
X-TIME
X-Platform-Server
X-Aicache-OS
X-CSRF-Token
X-Served-From
X-Accel-Buffering
HostName
Redirect-Candidate
X-Via-NSCOPI
X-B3-SpanId
X-Owner
X-Dispatcher-Number
Upgrade-Insecure-Requests
X-Cluster
X-WP-CF-Super-Cache-Active
X-Cluster-Node
Mime-Version
X-GG-Cache-Date
OT-Force-Account-Verify
L
X-GeoIP-City
Producers
Kp-EeAlive
Ha-Gx-Prefs
L5d-Success-Class
Release
Gh-Request-Id
HA-Ipaddr
Mail-Subject
X-Gateway-Request-Id
Is-Eu
NM-Fastcgi-Cache
Machine
IsBot
Origin-CC
NGX
X-GeoIP
Origin-EX
Mobile-Detection-Method
X-Gzip
X-Gateway-Skip-Cache
Platform
X-Core-Mission
X-DefHash
X-Ec-Custom-Error
X-Cdn-Srv
X-Cdn-Origin
X-Has-Esi
Web-Mar-Region
We-Hiring
X-DefElseHash
X-CGP
X-CacheTTL
X-Cache-Info
X-Auto-Login
X-Bip
X-BBC-Edge-Cache-Status
X-Developers
X-Cache-Bucket
X-Cache-Id
X-Ad-Defer-Variation
X-DPWN-IS-SECURE
Vix-Hermes-Req-Id
V-Age
X-Datadog-Parent-Id
State
X-Eu-Site
Traceparent
Servername
X-Fmm-Version
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Forwarded-Site
X-Csrf-Jwt
X-Esi-Check
Tube-Return
X-Epic-Correlation-Id
X-Clara-WADP
Tube-Got-Results
X-Clientip
Tube-Get-Contents
X-Datadog-Trace-Id
Tube-Got-Eval
Req-Svc-Chain
X-Policy
X-Sigma
X-Scale
X-Rocket-Build-Number
X-Sigma-Backend
X-SIPLIST1
X-Hash
X-Slack-Backend
X-Request-URI
X-RateLimit-Remaining-Second
X-Datadog-Sampling-Priority
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Pool
X-Proxy-Cache-Info
X-RateLimit-Limit-Second
X-Qloud-Router
X-SplitTest
X-SVT-ORM-RULES
X-VServer
X-Viewer-Country
X-VG-TLSProxy
X-WADP-Cache
X-Wix-Viewer-Type
X-Region-Sid
X-Geo-Header
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Thanos
X-SVT-ORM-VERSION
X-VC
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-Planisys-CDN-Cache
X-Sn-Servicetimems
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Loc
Country-Code
Cmsid
Cmstype
DSUID
X-JWT-State
X-Origin-Response-Time
Fastly-SSL
Fastly-SWR
Fastly-GeoIP-CountryCode
X-INCAP-ABP
X-Is-Gdpr
X-Irp-Debug
Click-Count-Error
Fastly-SIE
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-NodeID
X-Origin
X-Optimistic-Header
Click-Count-Action-Start
Apple-News-Services-Request-Url
Adler-Geo
Candidate-Md5Url
X-Mvc-Supplant-Cachable
X-Minions-Version
Cache-Host
Fastly-Drupal-HTML
X-Rocket-Nginx-Serving-Static
X-Nyt-Route
X-Generated-On
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-S-Maxage
X-Origin-Time
X-Sucuri-Cache
AKAMAI
X-Scheme
X-NCache
Svr
X-Worker
X-Gdpr
X-Sucuri-ID
X-Thinkindot-L3
X-Var-Ttl
X-SB
X-ATG-Version
Cluster
Fastly-Backend-Name
Memcached
X-Hnp-Log
X-Fetched-On
X-Gen-Mode
X-V-Cache
X-Mvc-Supplant-OutputCached
Server-Host
TDXMobile
X-Fastly-Backend
X-FC-Vary-Parameters
X-Device-Os
X-Core-Value
X-CMSURLCustom
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Gamma-Serve
X-Ckpd-Fst-Backend
Sever-Int
User-Cache-Control
Wxu-Next-Commit
Wxu-Next-Hostname
Server-Hostname
Server-Ext
Datacenter
CDCHOST
Canary
Wxu-Next-Region
X-Tx-Id
X-Block-Status
X-Branch-Name
X-WA-Info
X-Cache-Remote
Cache-Tv-Group
X-Newrelic-App-Data
X-ND-Cache
X-Azure-Ref-OriginShield
Cache-Hits
CloudFront-Viewer-Country
X-LB-NoCache
WebServer
Ec-Rule-Version
Pics-Label
X-Udemy-Cache-App-Namespace
Fastcgi-Cache-TTL
X-ZONE
X-Tb-Optimization-Total-Bytes-Saved
X-Nf-Request-Id
X-Origin-Expires
X-Rebelmouse-Surrogate-Control
SID
X-Session-Fingerprint
Memory
X-Rebelmouse-Cache-Control
Time
X-Fastly-Cache
Ssr
Sid
X-Via-Popv
X-Pod-Name
X-Via-Popn
X-Generated-In
X-Via-Poph
Request-ID
AMP-Access-Control-Allow-Source-Origin
X-Refresh
X-Presslabs-Stats
Server-ID
X-Servedbyhost
X-Up
X-Pass-Why
Env
X-DC
X-Dispatch
X-Release
X-Wa
X-Akamai-Transformed
X-Tumblr-Pixel-3
X-Cs
X-Buckets
X-Lambda-Id
My-App
X-Fpc
X-Edge-Pop
X-Cache-Date
X-Ig-Push-State
X-MSEdge-Features
X-MSEdge-Flight
X-NWS-UUID-VERIFY
X-NC
X-Esi
X-Conf
X-EC-Lua
X-PX
X-Zone
X-MCACHE
X-ID
CDN
X-Microcachable
X-CS
X-Xrds-Location
X-Dmc
X-VCL-Version
X-CACHE-AGE
GeoIp-Country-Code
X-Req
X-Endurance-Cache-Level
True-Client-IP
X-LB-ID
X-TX-ID
X-NGINX-Cache
X-Webkit-CSP-Report-Only
Fastly-Drupal-Html
X-SERVER-NAME
True-Client-Country-4JS
Magicmarker
CacheControlHeader
X-CACHE-KEY
X-Vc
X-B3-Spanid
X-Be
X-RateLimit-Reset
X-TH-Server
X-Op-Id-All
X-Wikidot-Static-Cache
X-Wikidot-Backend
Hostname
X-CSRF-TOKEN
X-TRACE-ID
X-HS-Status
True-Client-Ip
Path
Resin-Trace
X-Srv
X-Hyper-Cache
X-Vcl-Version
X-GeoIP-Country-Code
X-Air-Hostname
X-GeoIP-Region-Code
X-Air-Source
Tcn
X-CF-Lambda-Version
X-Air-Trace-Id
GeoIP-Country-Code
X-M-Log
X-M-Reqid
X-Alfa-Service
X-CF-Lambda-Fn
X-Micro-Cache
X-Air-Pt
WWW-Authenticate
X-Varnish-Beresp-TTL
X-Qnm-Cache
X-App
Tracecode
X-Check-Cacheable
Pramga
X-Date
X-Accel-Expires-Debug
X-Akamai-Pragma-Client-IP
X-Vercel-Cache
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
C-Via
X-RAMCache
X-Vercel-Id
Section-Io-Origin-Time-Seconds
X-Cache-Ttl
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
N-Cache
Proxy-Connection
X-Old-Content-Length
X-Datacenter
X-FPC
X-TrackingId
X-LiteSpeed-Cache-Control
X-Edge-POP
X-Webkit-Csp-Report-Only
Yjs-Id
YJS-ID
X-Platform-Router
Powered-By
X-Via-CDN
FSS-Cache
X-WA
X-Mly-Id
X-Platform-Processor
Fastcgi-X-Cache-Version
X-Platform-Cluster
X-Platform
X-Geo
Esi-Enabled
Hit
X-Yandex-Sdch-Disable
On-Server
X-PAYTM-SRV-ID
X-API-Version
X-ServedByHost
X-Lb-Id
Lb
X-Response-By
ENV
Server-Id
User-Agent
X-Dw-Trace-Id
X-Cdn-Forward
X-Via-PopN
X-Via-PopV
HIT
X-Via-PopH
GeoIP-Latitude
X-Vtex-Remote-Cache
X-Location
X-Edge-Origin-Shield-Bytes
X-Webstats-RespID
X-Node-Id
X-Client-Ip
X-Edge-Origin-Shield-Region
X-Vtex-Processado-Em
X-UA
X-AIR-PT
X-LAGOON
X-TT-LOGID
X-Traceid
X-Request-Start
X-Li-Fabric
Srvid
X-FL-EDGE
Locid
X-LI-UUID
Cdn
X-From
X-CUA
X-Varnish-Authentication
X-Director
X-FORWARDED-FOR
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Akamai-ERPolicy
X-Instance-Name
X-Li-Pop
X-Akamai-ERRuleID
X-LI-Proto
Geoip-Latitude
X-SD-PageType
Dnion-Transfer-Encoding
Sm-Log-Id
X-Service-Response-Time
X-Server-IP
X-DW
X-DataCenter
X-RPM
Cache-Key
X-DB
Ohc-File-Size
X-DI
X-RSL
X-RPS
X-DSS
PICS-Label
X-LiteSpeed-Tag
X-CF-Powered-By
X-Via-Ucdn
X-Render-Time
XServer
Nginx-CQVIP
Location
X-Request-Url
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Test
X-Fastly-Cache-Hits
X-HostName
X-HA-Backend
DynaTrace
Swift-Performance
X-ApacheServer
Uri
Server-Ttl
X-B3-ParentSpanId
Wpo-Cache-Message
Wpo-Cache-Status
X-Lb-Nocache
X-PERF
X-Cdn-Request-ID
X-Proxy-Upstream
Vha6-Origin
X-Fastly-Backend-Reqs
X-Cache-Ngx
XkeyRZ
Wp-Super-Cache
Warning
X-Ips-Loggedin
CountryCode
X-Proxy-CacheRZ
X-IN-APIGATEWAY
X-Th-Server
X-IN-APIGATEWAYSSL
M-TraceId
X-Cache-Backend
CF-Cached-On
Cneonction
X-Cache-Expires
X-Serial
PFcat
X-Moov-T
X-Mg-Cache
WZWS-RAY
X-Moov-Xdn-Version
Fastcgi-Cache-Ttl
SRV
X-Proxy-Cache-Hk
X-HN
X-ElasticPress-Query
X-VarnishDD-TTL
Req-ID
XM
X-Yottaa-OS