Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
P3p
X-Ua-Compatible
Access-Control-Max-Age
X-Request-ID
X-Via
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
X-Dns-Prefetch-Control
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Backend
X-Amz-Id-2
X-Ws-Request-Id
X-Proxy-Cache
X-Age
Host-Header
X-Akamai-Path-Stats
X-Server-Powered-By
X-Hacker
X-Server
EagleId
X-Rq
X-Vhost
X-Varnish-Cache
Grace
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Cf-Edge-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Allow
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-OneAgent-JS-Injection
X-Node
X-Server-Id
EagleEye-TraceId
X-Pingback
X-Cache-Spec
Surrogate-Control
Request-Id
Cf-Railgun
X-Akam-SW-Version
X-Backend-Server
Accept-CH
X-Readtime
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
Content-Location
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-WebKit-CSP-Report-Only
X-Url
X-Clacks-Overhead
X-Country
X-Edge
X-Amz-Server-Side-Encryption
X-B3-TraceId
X-Rack-Cache
X-MS-InvokeApp
Edge-Control
X-TtlSet
X-Vname
X-PC
Accept-Ch
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Vcap-Request-Id
X-Content-Type
X-ESI
Xkey
X-Mod-Pagespeed
X-Nginx-Upstream-Cache-Status
X-CST
X-VARITI-CCR
X-Varnish-TTL
X-Mcache
X-Amz-Rid
X-D2id
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
Verso
X-GitHub-Request-Id
Cache-Tag
RTSS
X-Powered-By-Plesk
X-FastCGI-Cache
X-ECACHE
X-Ruxit-Js-Agent
X-Cached
X-Upstream
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-Navigation-Version
X-Client-IP
X-Version
X-Dw-Request-Base-Id
X-Abt-Application-Version
X-Px
X-Cnection
Public-Key-Pins
X-Ac
X-Ser
X-Ttl
Arr-Disable-Session-Affinity
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
SPRequestGuid
X-SharePointHealthScore
X-Middleton-Display
Pagespeed
X-Sol
Display
X-Element-Page-Cache
X-Server-Name
X-NF-Request-ID
SPRequestDuration
SPIisLatency
X-Country-Code
X-Cache-TTL
X-NWS-LOG-UUID
X-RateLimit-Remaining
X-Midtier
Response
X-Middleton-Response
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-Cache-Key
Permissions-Policy
X-Forwarded-For
Access-Control-Request-Method
Content-MD5
X-DataDome
X-Correlation-Id
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-CMS
X-MSEdge-Ref
Front-End-Https
Edge-Cache-Tag
X-T
AR-ATIME
AR-CACHE
AR-Request-ID
AR-SID
X-Recruiting
AR-PoweredBy
TP-L2-Cache
TP-Cache
X-HP-Trace-Id
Nginx-Cache
X-HP-Webp
X-Jurisdiction
X-RateLimit-Limit
X-Accel-Expires
TCN
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Daa-Tunnel
X-Grace
MicrosoftSharePointTeamServices
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Id
X-Mg-S
Filters
X-Request-Processing-Time
X-Hits
X-Request-Received
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Content-Digest
Server-Node
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-LLID
S
X-Frontend
X-Distributor
Server-Name
X-Amzn-Trace-Id
Cache-Status
X-Protected-By
X-Geo-Country
MS-Author-Via
Fastcgi-Cache
X-Fastly-Request-Id
X-LB-Cache
X-TTL
X-Language
X-Request-Handler-Origin-Region
X-Microsite
X-PressLabs-Stats
Cross-Origin-Opener-Policy
X-Ezoic-Cdn
X-Origin-Server
X-Ab
X-Ua-Browser
X-Forwarded-Proto
X-FB-Debug
Charset
Host
X-F-Cache
X-B3-Sampled
Filterid
X-Seen-By
X-Page-Id
X-Git-Hash
Realpath
X-Amz-Meta-S3cmd-Attrs
X-Ratelimit-Reset
X-Litespeed-Cache
X-ASPNET-VERSION
Payment
Count-Hit
X-Fastcgi-Cache
X-Cache-Age
X-XRDS-Location
Accept-Charset
X-Cluster-Name
X-VCache
X-DynaTrace
Cache-Tags
X-Origin-Cache
Surrogate-Key
Alternate-Protocol
X-NGENIX-Cache
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Retry-After
X-Webkit-Csp
X-Rid
X-Activity-Id
X-AppVersion
X-Az
X-Template
Cleartype
X-Webkit-CSP
X-Content
X-Www-Served-By
X-Proxy
X-Varnish-Backend
X-Node-Name
X-Type
Access-Control-Allow-Method
X-App-Environment
X-Amz-Replication-Status
X-Tb
X-TT
X-B
X-Signature
X-Upgrade-Enabled
X-Wix-Request-Id
X-Debug
ServerID
X-B-Cache
X-Route-Name
X-Drupal-Cache-Tags
X-Varnish-Grace
X-Request-Guid
X-Providence-Cookie
X-Aspnet-Duration-Ms
Paypal-Debug-Id
X-Flags
DC
X-Is-Crawler
X-Logged-In
X-DIS-Request-ID
Cf-Apo-Via
X-Tt-Trace-Host
X-Tt-Trace-Tag
Frame-Options
X-Hostname
X-Mobile
X-Content-Options
X-Envoy-Decorator-Operation
X-Source
X-Load-Cache
X-Goog-Generation
X-COUNTRY
X-Goog-Stored-Content-Length
X-Revision
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-N
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Cache-Control
X-Fastly-Request-ID
Amp-Access-Control-Allow-Source-Origin
Country
X-Kong-Upstream-Latency
X-Contextid
X-Kong-Proxy-Latency
X-User-Agent
X-Magnolia-Registration
X-Whom
Referer-Policy
Viewport
X-EdgeConnect-Cache-Status
X-Restarts
X-Cache-Rule
X-Original-Request-Id
X-Ratelimit-Remaining
X-Response-Served-From
Node
X-Varnish-Age
NGB
Refresh
Content-Disposition
X-Debug-IsConnected
X-Mid
X-Debug-IsPreview
X-Environment-Context
Access-Control-Request-Headers
X-L-Path
X-Cache-TTL-Remaining
X-Framework
Url
X-Jobs
Uber-Trace-Id
X-Cache-Time
VIX-Pulpo-Node
X-Mg-Request-UUID
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
X-Unique-Id
X-G
X-Akamai-Request-ID2
X-Varnish-Server
Akamai-GRN
X-Yottaa-Optimizations
X-Page-View
X-Adobe-Content
X-Instance
X-Drupal-Cache-Contexts
X-Yottaa-Metrics
X-Servername
X-XRDS-LOCATION
X-Adobe-Loc
X-Cache-Grace
X-Real-IP
X-NYM-Debug-Backend
X-Server-ID
X-Is-Bot
Version
X-Rendered-As
X-App-Server
X-Status
Countrycode
X-Debug-Info
X-Content-Powered-By
X-ProcessESI
X-RemovedCookies
X-APP-VERSION
X-Http-Reason
X-Oracle-Dms-Rid
Protected
X-CDN-Forward
X-Oracle-Dms-Ecid
X-IPLB-Request-ID
X-IPLB-Instance
X-Tt-Logid
Accept-Language
X-Hosted-By
Srv
X-Trace-Id
X-Nginx-Cache-Key
X-Ratelimit-Limit
Liferay-Portal
X-Device-Type
Healthy
X-Cache-Expired-At
X-Via-JSL
X-FW-Static
X-FW-Hash
X-FW-Type
X-FW-Server
X-FW-Dynamic
X-FW-Serve
Fastcgi-Useragent
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Cache-Hit
X-Azure-Ref
X-Time
X-RTag
MS-CV
Ms-Operation-Id
X-UUID
Backend
X-Cache-NGX
X-Proxy-Cache-Status
X-Mobile-URL
Section-Io-Cache
Server-Info
X-Backend-Name
Content-Secure-Policy
X-Cache-Operation
Meta-Geo
Load-Balancing
X-UPSTREAM-Address
X-RN-RSRV
X-Storage
X-HTML-Minification-Powered-By
CF-IPCountry
X-Zen-Fury
X-Mode
X-Datadome
X-Alternate-Cache-Key
X-AWS-Id
X-Akamai-Edgescape
X-Access
Webcakes-Region
WP-Super-Cache
X-Cache-Enabled
X-Cache-Server
X-LJ-Flow-ID
X-Locale
X-No-Session
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Edge-Location
X-Format
Webcakes-App-Version
Webcakes-App-Name
Eomportal-Instance
Onion-Location
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
Property-Id
S-Rt
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
X-OCL
X-Origin-Date
Web-Mar-Node
X-Handled-By
X-Redis-Cache
Locale
X-VWS-Id
X-Varnishpool
X-VC-Cache
X-Say-Cacheable
X-Say-TTL
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Sql-Duration-Ms
X-Sql-Count
X-SayCDN-TTL
X-Site-Version
X-Varnish-Hostname
X-Varnish-Cache-Hits
X-Region
X-Section
X-Server-W
X-PHP-Host
X-PHP-Backend
X-Origin-Hint
X-PCL
X-ShardId
X-ShopId
X-Storefront-Renderer-Rendered
X-Uri
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Skip-Cache
Azure-InstanceId
X-Cache-Host
X-Content-Age
X-Routing-Service
Selected-Fe
X-UA-Device-Type
GEO-INFO
X-Proto
X-Adobe-Source
X-Generation-Time
Mn-Server-Ip
X-Generated-By
X-JoinUs
X-GeoCode
X-Via-Fastly
X-Cms-Context
X-GeoCountry
X-ProxyCache-Key
X-ServerID
X-Hl-Ver
X-SaId
X-FB-TRIP-ID
X-BYPASS-REASON
Apigw-Requestid
X-Request-Time
X-Timing-Wait
X-Debug-Cache
X-Zipkin-Id
X-ProxyCache-Status
X-Cache-Type
X-Web-Node
X-Proxied
DB-Nickname
X-Proxy-Build
X-Xfnlog-Site
X-Extlb
X-SRV
X-Cache-Status-Check
X-Tid
ServedBy
CDN-RequestId
CDN-Uid
CDN-CachedAt
CDN-PullZone
X-Varnish-Beresp-Grace
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-Cache
X-Cache-Action
X-Detected-As
X-Human
X-LSADC-Cache
X-Rule
X-Ua
X-ECache
X-R9-Blue-Green-Version
X-DynaTrace-JS-Agent
X-Dc
Cache
X-Ms-Version
Cache-Name
X-FireWall-Port
SD-X-WS
X-Nginx-Cache
X-Ms-Request-Id
Xet-Cookie
X-Cache-Tags
LB
X-Cached-By
X-Amzn-RequestId
X-WP-CF-Super-Cache-Cache-Control
X-Amz-Apigw-Id
X-WP-CF-Super-Cache
Cross-Origin-Window-Policy
Source
Cross-Origin-Resource-Policy
Xserver
X-Varnish-Hits
X-Aspnetmvc-Version
X-RCS-CacheZone
X-GG-Cache-Date
WPO-Cache-Message
X-Correlation-ID
X-Via-NSCOPI
WPO-Cache-Status
X-Cdn
X-NewRelic-App-Data
X-GEO
Origin
X-App-Version
X-MP-GENERATED-AT
X-IPS-LoggedIn
X-TNCMS
X-Reqid
Cache-Hits
X-Loop
X-Origin-CC
X-URL
X-Origin-TTL
X-AOL-HN
X-Pubstack
X-Soup
X-Amzn-Remapped-Content-Length
X-B3-SpanId
X-FW-Version
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Tumblr-Pixel-2
X-Varnish-Ttl
Rip
X-TIME
Webserver
X-Platform-Server
X-Cluster-Node
X-Service
X-Api-Version
From-Origin
X-Request-Host
X-Origin-Response-Time
Upgrade-Insecure-Requests
X-Vgn-Hpd-Reason
MD5-Digest
X-Application
Meta-Geo-Continent
X-Vdms-Path
X-Vdms-Version
X-ARC
Ngx.Var.Host
X-B-Cookie
X-Cache-NE
X-Connection-Hash
X-BCube-Filmed-By
X-Bc-Bl
X-VG-WebCache
Lang
X-AK-Request-ID
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Aed
X-A
T-Server
Xc-Version
Host-ID
Redirect-Candidate
Rendered-Blocks
Surrogated-Key
Sslversion
Odigeo-Trace-Id
X-D
X-Rewrite-Enabled
X-TIM-N
X-Processor
X-User
X-Owner
X-PBS-Appsvrname
X-Rojux
X-Tenant
X-ScT
X-Served-From
X-Shop-Environment
X-SRCache-Key
X-S
X-S-Cookie
X-Orig-Expires
X-NAPM-TraceId
X-Ec-Fail
DCR-Processing-Time-Ms
Environment
X-Developer
Expiry
X-Destination
DCR-Decision-By
Cdnsip
X-Forwarded-Path
BehaviorPad-Version
X-External-Request-Id
X-Ec-GeoHdr
Cdncip
Candidate-Md5Url
X-Session-Fingerprint
A
X-Cluster
OT-Force-Account-Verify
Fastly-SSL
X-Bip
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Machine
X-Forwarded-Site
X-Thanos
X-Generated-On
X-Qloud-Router
X-Accel-Buffering
X-Dispatcher-Number
X-Level-Front-Cache
X-Pool
X-Irp-Debug
X-Provided-By
X-NWS-UUID-VERIFY
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
TDXMobile
NGX
X-GeoIP
X-Geo-Header
X-Sigma-Backend
X-SB
X-HS-Content-Campaign-Id
Tube-Return
V-Age
Tube-Got-Results
Tube-Got-Eval
X-Clientip
Tube-Get-Contents
Mobile-Detection-Method
Traceparent
NM-Fastcgi-Cache
Req-Svc-Chain
Server-Host
X-Gzip
Release
Producers
Platform
Memcached
X-Hash
Servername
X-Scale
X-Sigma
HostName
Origin-EX
Origin-CC
State
Vix-Hermes-Req-Id
X-SIPLIST1
X-Policy
X-GeoIP-City
Wxu-Next-Hostname
X-Core-Value
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Core-Mission
X-Request-URI
X-CGP
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Fetched-On
X-Datadog-Trace-Id
X-DefElseHash
X-Rebelmouse-Surrogate-Control
X-Eu-Site
X-Rebelmouse-Cache-Control
X-Epic-Correlation-Id
X-DPWN-IS-SECURE
X-Fastly-Cache
X-DefHash
X-Region-Sid
X-Developers
X-Device-Os
X-Rocket-Build-Number
X-Rocket-Nginx-Serving-Static
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gdpr
Wxu-Next-Region
VNS-Cache
We-Hiring
Wxu-Next-Commit
X-Esi-Check
X-Ad-Defer-Variation
X-S-Maxage
X-Cache-Info
X-CacheTTL
X-Cdn-Origin
X-Cdn-Srv
X-Cache-Id
X-Branch-Name
X-Gamma-Serve
X-Auto-Login
X-BBC-Edge-Cache-Status
X-Fmm-Version
VNS-Age
X-Sn-Servicetimems
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Viewer-Country
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
Mail-Subject
Cache-Host
X-RateLimit-Remaining-Second
Click-Count-Action-Start
Click-Count-Error
Cluster
X-CSRF-Token
X-Origin-Expires
Cache-Tv-Group
X-Thinkindot-L3
X-RateLimit-Limit-Second
X-Slack-Backend
X-Aicache-OS
X-NodeID
X-Varnish-Remaining-TTL
X-Minions-Version
X-Cache-Bucket
X-VG-TLSProxy
X-Mvc-Supplant-Cachable
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-V-Cache
X-Wix-Viewer-Type
Web-Mar-Region
X-Origin
X-Optimistic-Header
X-Nyt-Route
X-Variation
Cmstype
Cmsid
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
X-Planisys-CDN-Cache
Fastly-SWR
Fastly-GeoIP-CountryCode
Fastly-SIE
X-Varnish-Beresp-Ttl
Is-Eu
X-INCAP-ABP
X-Pod-Name
X-SplitTest
L5d-Success-Class
L
IsBot
Kp-EeAlive
Country-Code
Fastly-Backend-Name
X-Loc
DSUID
X-Planisys-CDN-TTL
X-WA-Info
Datacenter
CPC-Age
CPC-Cache
X-Cache-Remote
X-Planisys-CDN-Rules
X-WADP-Cache
X-Parent-Response-Time
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Proxy-Cache-Info
X-Origin-Time
X-Xrds-Location
X-Yandex-Sdch-Disable
X-Tx-Id
X-VC
X-Block-Status
X-NCache
User-Cache-Control
AKAMAI
X-Is-Gdpr
CloudFront-Viewer-Country
CDCHOST
Fastcgi-Cache-TTL
X-Scheme
X-Mvc-Supplant-OutputCached
X-JWT-State
X-Ec-Custom-Error
X-VServer
Svr
X-Gen-Mode
X-Worker
X-Has-Esi
X-Hnp-Log
Mime-Version
X-Presslabs-Stats
X-Udemy-Cache-App-Namespace
SID
X-ZONE
X-Microcachable
X-Ig-Push-State
X-LB-NoCache
Server-Ext
X-Cache-Date
Server-Hostname
Sever-Int
X-Tec-Api-Root
WebServer
X-Tec-Api-Origin
X-Tec-Api-Version
Ssr
Ec-Rule-Version
Pics-Label
X-Varnish-Beresp-Status
X-Conf
X-Tb-Optimization-Total-Bytes-Saved
Time
Memory
X-Generated-In
Canary
X-CMSURLCustom
X-Via-Poph
X-ATG-Version
X-Via-Popn
X-Dmc
X-Via-Popv
Fastly-Drupal-Html
X-Sucuri-ID
X-Sucuri-Cache
Sid
AMP-Access-Control-Allow-Source-Origin
X-CS
X-Be
X-B3-Traceid
X-MSEdge-Flight
X-Air-Trace-Id
X-Air-Source
X-MSEdge-Features
X-Air-Hostname
X-ND-Cache
X-Servedbyhost
X-FC-Vary-Parameters
X-Var-Ttl
X-Azure-Ref-OriginShield
X-Refresh
X-WP-CF-Super-Cache-Active
X-Fastly-Backend
X-Edge-Pop
Server-ID
X-TRACE-ID
X-Cache-Debug
Env
X-Buckets
X-Trace-ID
X-NC
X-Newrelic-App-Data
X-Fpc
X-Akamai-Transformed
Fastly-Drupal-HTML
X-Release
X-Wikidot-Backend
X-Esi
X-Wikidot-Static-Cache
X-Cs
X-PX
GeoIp-Country-Code
X-MCACHE
X-ID
Magicmarker
X-Endurance-Cache-Level
X-EC-Lua
X-NGINX-Cache
X-DC
CDN
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-CACHE-AGE
X-RateLimit-Reset
True-Client-IP
X-Hyper-Cache
X-TX-ID
X-Zone
X-Tumblr-Pixel-3
X-Up
Pramga
X-VCL-Version
X-M-Reqid
X-Vc
X-Micro-Cache
X-M-Log
Hostname
X-CSRF-TOKEN
X-Srv
X-Pass-Why
X-App
C-Via
My-App
X-Wa
X-Dispatch
X-Alfa-Service
X-Qnm-Cache
X-CACHE-KEY
X-Varnish-Beresp-TTL
X-Edge-Origin-Shield-Region
X-Lambda-Id
X-TrackingId
N-Cache
X-Edge-Origin-Shield-Bytes
X-Platform
Path
Fastcgi-X-Cache-Version
On-Server
X-PAYTM-SRV-ID
X-Air-Pt
X-Vcl-Version
Esi-Enabled
X-Check-Cacheable
X-Req
X-AIR-PT
Tcn
X-Vtex-Remote-Cache
X-HS-Status
X-Vercel-Cache
X-Vtex-Processado-Em
X-ApacheServer
X-Vercel-Id
X-PERF
Resin-Trace
True-Client-Ip
X-Node-Id
CacheControlHeader
Proxy-Connection
X-SD-PageType
GeoIP-Latitude
Tracecode
X-TH-Server
X-B3-Spanid
X-SERVER-NAME
NtCoent-Length
X-LAGOON
X-Request-Start
X-API-Version
Cdn
Cache-Key
True-Client-Country-4JS
DT-Hot-News
HIT
X-Akamai-Pragma-Client-IP
X-LB-ID
GeoIP-Country-Code
X-CLOUD-TRACE-CONTEXT
X-Proxy-CacheRZ
XkeyRZ
X-FPC
DynaTrace
X-Op-Id-All
Hit
X-Webkit-CSP-Report-Only
X-Render-Time
X-Webkit-Csp-Report-Only
Section-Origin-Responded
X-Geo
X-Lb-Id
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
Section-Io-Id
Section-Io-Origin-Status
X-Mly-Id
ENV
Section-Io-Origin-Time-Seconds
X-VarnishDD-TTL
X-WA
X-Via-CDN
X-Traceid
X-Proxy-Upstream
PFcat
X-Via-Ucdn
X-HN
XM
X-Dw-Trace-Id
X-Edge-POP
X-Proxy-Cache-Hk
User-Agent
Server-Ttl
X-GeoIP-Country-Code
X-ServedByHost
Server-Id
X-GeoIP-Region-Code
Lb
MIME-Version
X-Cdn-Forward
SRV
X-Datacenter
X-LiteSpeed-Cache-Control
X-Via-PopN
YJS-ID
X-Via-PopH
X-Nf-Request-Id
X-Accel-Expires-Debug
WWW-Authenticate
X-Date
X-Via-PopV
Yjs-Id
X-Cache-Ttl
X-LiteSpeed-Tag
X-CUA
M-TraceId
X-FORWARDED-FOR
Geoip-Latitude
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Ftr-Request-Id
FSS-Cache
X-LI-Proto
X-Cache-Backend
Dnion-Transfer-Encoding
X-CF-Powered-By
X-RAMCache
X-TT-LOGID
X-DI
X-RPS
X-RSL
X-Old-Content-Length
X-RPM
X-DW
PICS-Label
X-DB
X-DSS
Location
Warning
X-Request-Url
Vha6-Origin
X-Nc
X-Httpd
X-HA-Backend
X-HITS
XServer
X-Fastly-Backend-Reqs
X-Akamai-Request-ID
Nginx-CQVIP
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-UA
X-Fastly-Cache-Hits
Wpo-Cache-Message
X-Lb-Nocache
Wpo-Cache-Status
X-Server-IP
X-HostName
WZWS-RAY
X-IN-APIGATEWAYSSL
X-Instance-Name
X-Response-By
X-B3-ParentSpanId
Sm-Log-Id
X-IN-APIGATEWAY
X-Cc-Via
X-Cdn-Request-ID
Ohc-File-Size
X-Service-Response-Time
Cdn-Pullzone
Cdn-Requestcountrycode
Cdn-Cache
Cdn-Cachedat
Cdn-Edgestorageid
X-Cache-Ngx
Cdn-Requestid
CountryCode
Cdn-Uid
X-Serial
X-MiniProfiler-Ids
X-DataCenter
X-Moov-T
Powered-By
Ohc-Cache-HIT
X-Snapshot-Date
Req-ID
Fastcgi-Cache-Ttl
Uri
X-Moov-Xdn-Version