Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
P3p
X-Ua-Compatible
Access-Control-Max-Age
X-Request-ID
X-Via
Server-Timing
X-Cache-Group
X-Robots-Tag
X-Dns-Prefetch-Control
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Backend
X-Amz-Id-2
X-Ws-Request-Id
X-Proxy-Cache
X-Age
Host-Header
X-Akamai-Path-Stats
X-Server-Powered-By
X-Hacker
X-Server
EagleId
X-Rq
X-Vhost
X-Varnish-Cache
Grace
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Cf-Edge-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Allow
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-OneAgent-JS-Injection
X-Node
X-Server-Id
EagleEye-TraceId
X-Pingback
X-Cache-Spec
Surrogate-Control
Cf-Railgun
Request-Id
X-Akam-SW-Version
X-Backend-Server
Accept-CH
X-Readtime
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-HW
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
Content-Location
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-WebKit-CSP-Report-Only
X-Url
X-Country
X-Clacks-Overhead
Accept-Ch-Lifetime
X-Edge
X-Amz-Server-Side-Encryption
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-B3-TraceId
Edge-Control
X-Vname
X-TtlSet
X-PC
Accept-Ch
X-Vcap-Request-Id
X-Content-Type
X-ESI
Xkey
X-Mod-Pagespeed
X-Nginx-Upstream-Cache-Status
X-CST
X-VARITI-CCR
X-Varnish-TTL
X-Amz-Rid
X-D2id
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
Verso
RTSS
Cache-Tag
X-GitHub-Request-Id
X-Mcache
X-Powered-By-Plesk
X-ECACHE
X-Cached
X-Upstream
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-Navigation-Version
X-Client-IP
X-Version
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-Abt-Application-Version
X-Px
X-Ruxit-Js-Agent
Public-Key-Pins
X-Cnection
X-Ac
X-Ser
X-Ttl
Arr-Disable-Session-Affinity
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
Display
X-Middleton-Display
Pagespeed
X-SharePointHealthScore
X-Sol
SPRequestGuid
X-Element-Page-Cache
X-Server-Name
X-NF-Request-ID
SPIisLatency
SPRequestDuration
X-Country-Code
X-Cache-TTL
X-NWS-LOG-UUID
X-Midtier
X-Goog-Hash
Response
X-Middleton-Response
Permissions-Policy
X-Edge-Location-Klb
X-Cache-Key
X-RateLimit-Remaining
X-Kinsta-Cache
Access-Control-Request-Method
X-Forwarded-For
Content-MD5
X-DataDome
X-Correlation-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
X-Powered-CMS
X-MSEdge-Ref
Front-End-Https
Edge-Cache-Tag
TP-Cache
X-T
X-Recruiting
TP-L2-Cache
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
AR-PoweredBy
Nginx-Cache
AR-Request-ID
AR-ATIME
AR-CACHE
AR-SID
X-Accel-Expires
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
TCN
X-Daa-Tunnel
X-Grace
X-RateLimit-Limit
MicrosoftSharePointTeamServices
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Id
X-Mg-S
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Filters
X-Hits
X-Request-Received
X-Request-Processing-Time
X-HS-Cache-Config
X-HS-Content-Id
X-Content-Digest
X-HS-Hub-Id
X-HS-Combine-CSS
Server-Node
S
X-Frontend
X-Distributor
X-LLID
Server-Name
X-Amzn-Trace-Id
Cache-Status
X-Protected-By
X-Geo-Country
MS-Author-Via
Fastcgi-Cache
X-Fastly-Request-Id
X-PressLabs-Stats
X-LB-Cache
X-TTL
X-Fastcgi-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Language
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-B3-Sampled
X-Ua-Browser
X-Ab
X-F-Cache
Charset
X-Ezoic-Cdn
X-Origin-Server
X-FB-Debug
X-Seen-By
Host
Filterid
X-Page-Id
X-Amz-Meta-S3cmd-Attrs
Realpath
X-XRDS-Location
X-Git-Hash
X-Ratelimit-Reset
X-Litespeed-Cache
Payment
X-ASPNET-VERSION
Count-Hit
X-Cluster-Name
X-Cache-Age
Accept-Charset
X-VCache
Cache-Tags
Surrogate-Key
X-NGENIX-Cache
Alternate-Protocol
X-Erf-Bev-Bev
X-Origin-Cache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-DynaTrace
X-Webkit-Csp
X-Rid
X-AppVersion
X-Activity-Id
Retry-After
X-Az
X-Webkit-CSP
Cleartype
X-Template
X-Content
Access-Control-Allow-Method
X-Proxy
X-Varnish-Backend
X-Www-Served-By
X-TT
X-Type
X-Node-Name
X-Tb
X-Upgrade-Enabled
X-Wix-Request-Id
X-Amz-Replication-Status
X-B
ServerID
X-B-Cache
X-Debug
X-Signature
X-Route-Name
X-Aspnet-Duration-Ms
X-App-Environment
X-Providence-Cookie
X-Request-Guid
X-DIS-Request-ID
X-Flags
X-Is-Crawler
X-Logged-In
X-Drupal-Cache-Tags
X-Varnish-Grace
X-Tt-Trace-Tag
DC
Paypal-Debug-Id
X-Tt-Trace-Host
Cf-Apo-Via
Frame-Options
X-Hostname
X-Envoy-Decorator-Operation
X-Mobile
X-Content-Options
X-Source
X-Load-Cache
X-Ratelimit-Remaining
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Revision
X-N
X-Cache-Control
Country
X-Fastly-Request-ID
Amp-Access-Control-Allow-Source-Origin
X-Contextid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Magnolia-Registration
X-User-Agent
X-Whom
Referer-Policy
Viewport
X-EdgeConnect-Cache-Status
X-Cache-Rule
X-Restarts
X-Original-Request-Id
X-Response-Served-From
Node
X-Varnish-Age
Content-Disposition
NGB
X-Debug-IsConnected
X-Debug-IsPreview
X-L-Path
Refresh
Access-Control-Request-Headers
X-Mid
X-Environment-Context
X-Cache-TTL-Remaining
X-Varnish-Server
Akamai-GRN
VIX-Pulpo-Upstream-Status
X-Mg-Request-UUID
VIX-Pulpo-Node
X-G
X-Framework
X-Unique-Id
X-Yottaa-Optimizations
X-Jobs
Uber-Trace-Id
Url
X-Adobe-Loc
X-Real-IP
X-Servername
X-XRDS-LOCATION
X-NYM-Debug-Backend
X-Page-View
X-Instance
X-Drupal-Cache-Contexts
X-Akamai-Request-ID2
X-Adobe-Content
X-Cache-Grace
X-Yottaa-Metrics
X-Cacheable-TTL
X-Cache-Time
X-App-Server
X-Status
X-Rendered-As
X-Server-ID
X-Is-Bot
Version
Countrycode
X-Debug-Info
X-Content-Powered-By
X-COUNTRY
X-Ratelimit-Limit
X-ProcessESI
X-RemovedCookies
X-APP-VERSION
X-Http-Reason
Protected
X-Oracle-Dms-Rid
X-CDN-Forward
X-Oracle-Dms-Ecid
X-Tt-Logid
X-IPLB-Request-ID
X-IPLB-Instance
Accept-Language
X-Hosted-By
Srv
Liferay-Portal
X-Time
Healthy
X-Nginx-Cache-Key
X-Device-Type
X-Cache-Expired-At
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Dynamic
X-Via-JSL
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Hit
X-Tumblr-Pixel-1
Fastcgi-Useragent
X-Tumblr-Pixel
MS-CV
X-UUID
X-RTag
Ms-Operation-Id
X-Azure-Ref
X-Trace-Id
X-Proxy-Cache-Status
X-Cache-NGX
Backend
Section-Io-Cache
X-Mobile-URL
X-Backend-Name
X-Cache-Operation
Content-Secure-Policy
Server-Info
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
X-Storage
Load-Balancing
X-HTML-Minification-Powered-By
CF-IPCountry
X-Mode
X-Datadome
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Sorting-Hat-PodId
X-Cache-Server
X-Shopify-Stage
X-ShopId
X-Edge-Location
X-Labrador-Cache-Channel
X-Content-Age
X-No-Session
X-Skip-Cache
X-Storefront-Renderer-Rendered
X-Access
Azure-InstanceId
X-OCL
X-ShardId
X-Sorting-Hat-ShopId
WP-Super-Cache
X-Forwarded-Host
Locale
X-Section
Azure-SiteName
Web-Mar-Node
Eomportal-Instance
X-PHP-Host
Azure-SlotName
X-Region
X-Alternate-Cache-Key
X-Cache-Host
Azure-Version
X-Sql-Duration-Ms
X-VC-Cache
X-Format
X-SayCDN-TTL
X-Origin-Date
X-Sql-Count
X-Uri
Onion-Location
X-Say-TTL
X-PCL
X-Say-Cacheable
S-Rt
Azure-RegionName
X-Redis-Cache
X-Extlb
X-Debug-Cache
X-Cache-Enabled
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
Webcakes-Region
TWC-Device-Class
X-Akamai-Edgescape
Property-Id
TWC-Privacy
X-BYPASS-REASON
Apigw-Requestid
X-AWS-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Cache-Type
X-Varnishpool
TWC-Connection-Speed
X-Via-Fastly
X-VWS-Id
X-Varnish-Hostname
X-Varnish-Cache-Hits
X-ServerID
X-UA-Device-Type
X-Xfnlog-Site
X-Zipkin-Id
X-Proto
X-Site-Version
X-Web-Node
X-Handled-By
X-Generated-By
X-Adobe-Source
X-Cms-Context
X-Generation-Time
X-Server-W
X-LJ-Flow-ID
X-Locale
X-Zen-Fury
GEO-INFO
X-JoinUs
X-GeoCode
X-GeoCountry
X-Hl-Ver
X-Origin-Hint
X-PHP-Backend
X-SaId
X-Routing-Service
X-ProxyCache-Key
X-ProxyCache-Status
X-Proxied
X-Tid
X-Timing-Wait
X-Request-Time
X-Proxy-Build
X-SRV
Mn-Server-Ip
Selected-Fe
CDN-RequestCountryCode
CDN-RequestId
X-Cache-Status-Check
CDN-PullZone
CDN-Uid
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-Nginx-Cache
X-Cache-Action
X-Varnish-Beresp-Grace
X-FB-TRIP-ID
X-Detected-As
ServedBy
DB-Nickname
X-LSADC-Cache
X-ECache
X-Human
X-Rule
X-Ua
X-R9-Blue-Green-Version
X-DynaTrace-JS-Agent
X-FireWall-Port
Cache
SD-X-WS
Cache-Name
X-Ms-Version
X-Ms-Request-Id
Xet-Cookie
X-Cache-Tags
LB
X-Dc
X-Cached-By
X-Amzn-RequestId
X-Amz-Apigw-Id
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Cross-Origin-Resource-Policy
Cross-Origin-Window-Policy
Source
WPO-Cache-Message
X-Varnish-Hits
X-Correlation-ID
X-Via-NSCOPI
WPO-Cache-Status
X-GG-Cache-Date
Xserver
X-Aspnetmvc-Version
X-RCS-CacheZone
X-GEO
X-Cdn
Origin
X-NewRelic-App-Data
X-App-Version
X-IPS-LoggedIn
X-MP-GENERATED-AT
X-Loop
Cache-Hits
X-TNCMS
X-Reqid
X-Origin-TTL
X-Origin-CC
X-Pubstack
X-URL
X-Amzn-Remapped-Content-Length
X-Soup
X-AOL-HN
X-B3-SpanId
X-TA-CDN-Provider
X-FW-Version
Webserver
Rip
X-Varnish-Ttl
X-Newrelic-Synthetics
X-Tumblr-Pixel-2
X-Platform-Server
X-Api-Version
From-Origin
X-Cluster-Node
X-Vgn-Hpd-Reason
X-Origin-Response-Time
X-Request-Host
X-Service
X-D
A
X-Vdms-Path
X-Cache-NE
BehaviorPad-Version
X-Connection-Hash
X-Vdms-Version
X-Ec-Fail
X-Forwarded-Path
X-Ec-GeoHdr
Xc-Version
X-Developer
Candidate-Md5Url
X-VG-WebCache
X-Destination
X-BCube-Filmed-By
Lang
Surrogated-Key
T-Server
Host-ID
Expiry
X-A
Sslversion
MD5-Digest
Redirect-Candidate
Odigeo-Trace-Id
Ngx.Var.Host
Rendered-Blocks
Meta-Geo-Continent
X-A-Ccd
Environment
X-Application
X-AK-Request-ID
X-ARC
X-B-Cookie
Cdnsip
X-Bc-Bl
X-Aed
DCR-Decision-By
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
DCR-Processing-Time-Ms
Cdncip
X-External-Request-Id
X-Tenant
X-NAPM-TraceId
X-Processor
X-Rojux
X-S
X-Cluster
X-User
X-Session-Fingerprint
X-Shop-Environment
X-Orig-Expires
X-TIM-N
X-S-Cookie
X-Rewrite-Enabled
X-ScT
X-PBS-Appsvrname
X-SRCache-Key
Fastly-SSL
Upgrade-Insecure-Requests
X-TIME
X-CSRF-Token
X-Served-From
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Forwarded-Site
X-Owner
X-Irp-Debug
HostName
X-Accel-Buffering
X-Dispatcher-Number
X-Provided-By
X-NWS-UUID-VERIFY
X-VC
OT-Force-Account-Verify
X-Parent-Response-Time
X-RateLimit-Limit-Second
X-Bip
X-Cache-Bucket
X-Sn-Servicetimems
X-Auto-Login
X-Pool
X-Policy
X-RateLimit-Remaining-Second
X-Pod-Name
X-BBC-Edge-Cache-Status
X-Ad-Defer-Variation
X-SIPLIST1
X-Proxy-Cache-Info
X-Qloud-Router
VNS-Cache
Servername
Server-Host
State
X-Rocket-Nginx-Serving-Static
Thinkindot-CacheControl
TDXMobile
Req-Svc-Chain
Release
Producers
Platform
X-S-Maxage
X-SB
X-Scale
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cache-Id
VNS-Age
We-Hiring
X-Request-URI
X-Rebelmouse-Surrogate-Control
Vix-Hermes-Req-Id
V-Age
Tube-Get-Contents
Traceparent
Tube-Got-Eval
Tube-Got-Results
Tube-Return
X-Rebelmouse-Cache-Control
X-Core-Mission
X-Aicache-OS
X-Mvc-Supplant-Cachable
X-Minions-Version
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-VG-TLSProxy
X-Nyt-Route
X-Fmm-Version
X-Gamma-Serve
Web-Mar-Region
X-NodeID
X-Gdpr
X-Generated-On
X-Varnish-CookieHashed-On
X-Clientip
X-Variation
X-INCAP-ABP
X-Level-Front-Cache
Origin-EX
X-Varnish-CookieINHashed-On
X-HS-Content-Campaign-Id
X-Varnish-Remaining-TTL
X-Geo-Header
X-GeoIP
X-GeoIP-City
X-Gzip
X-Fastly-Cache
X-Viewer-Country
X-Core-Value
X-SVT-ORM-VERSION
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Loc
X-SVT-ORM-RULES
X-Cdn-Origin
X-CacheTTL
X-Cdn-Srv
X-CGP
X-Clara-WADP
X-DefElseHash
X-DefHash
X-WA-Info
X-WADP-Cache
X-Epic-Correlation-Id
X-Esi-Check
X-Eu-Site
X-Optimistic-Header
X-Origin
X-Origin-Expires
X-Thinkindot-L3
X-Thanos
X-Origin-Time
X-Developers
X-DPWN-IS-SECURE
X-Cache-Info
Is-Eu
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
DSUID
CPC-Age
Country-Code
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Gh-Request-Id
Ha-Gx-Prefs
X-Planisys-CDN-Cache
Fastly-SWR
Fastly-SIE
Cmstype
Cmsid
Apple-News-Services-Handled
Apple-News-Services-Host
Adler-Geo
X-Slack-Backend
X-Wix-Viewer-Type
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Click-Count-Error
Cluster
Click-Count-Action-Start
Cache-Tv-Group
Cache-Host
HA-Ipaddr
CPC-Cache
L5d-Success-Class
Mail-Subject
NGX
Machine
Mobile-Detection-Method
L
Origin-CC
X-Cache-Remote
IsBot
Kp-EeAlive
X-Tx-Id
X-Varnish-Beresp-Ttl
X-Yandex-Sdch-Disable
X-Hash
X-Branch-Name
CDCHOST
X-Has-Esi
NM-Fastcgi-Cache
X-Ckpd-Fst-Backend
X-VServer
X-JWT-State
X-Region-Sid
X-Block-Status
X-Rocket-Build-Number
X-Device-Os
User-Cache-Control
Memcached
Wxu-Next-Region
Fastcgi-Cache-TTL
X-Is-Gdpr
Wxu-Next-Hostname
Wxu-Next-Commit
X-Mvc-Supplant-OutputCached
X-SplitTest
X-Gen-Mode
X-Sigma
X-Sigma-Backend
X-V-Cache
X-Hnp-Log
X-Ec-Custom-Error
X-Worker
Datacenter
X-Fetched-On
X-Udemy-Cache-App-Namespace
X-ZONE
Mime-Version
SID
X-LB-NoCache
X-Ig-Push-State
X-NCache
X-Cache-Date
Svr
X-Microcachable
Server-Ext
X-Scheme
CloudFront-Viewer-Country
Server-Hostname
AKAMAI
Sever-Int
WebServer
Pics-Label
X-Conf
X-Tb-Optimization-Total-Bytes-Saved
X-Generated-In
X-CMSURLCustom
X-Trace-ID
X-Varnish-Beresp-Status
Ssr
Ec-Rule-Version
X-MCACHE
Fastly-Drupal-Html
Time
X-ATG-Version
X-Dmc
Canary
X-Sucuri-ID
Memory
X-Via-Popn
X-Via-Popv
X-Sucuri-Cache
X-Via-Poph
AMP-Access-Control-Allow-Source-Origin
X-Be
X-Presslabs-Stats
X-B3-Traceid
X-CS
Sid
X-Air-Hostname
X-MSEdge-Flight
X-Refresh
X-ND-Cache
Server-ID
X-Var-Ttl
X-FC-Vary-Parameters
X-Fastly-Backend
X-Air-Source
X-WP-CF-Super-Cache-Active
X-Air-Trace-Id
X-MSEdge-Features
X-Servedbyhost
X-TRACE-ID
X-Xrds-Location
X-Cache-Debug
X-Tec-Api-Version
X-Edge-Pop
X-Tec-Api-Origin
X-Tec-Api-Root
Env
X-Azure-Ref-OriginShield
X-Buckets
X-Akamai-Transformed
X-Newrelic-App-Data
X-NC
X-Fpc
X-DC
Fastly-Drupal-HTML
X-Release
X-Esi
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-PX
X-Cs
X-EC-Lua
X-Endurance-Cache-Level
Magicmarker
X-ID
CDN
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-RateLimit-Reset
GeoIp-Country-Code
X-CACHE-AGE
X-Tumblr-Pixel-3
X-Zone
X-TX-ID
X-Hyper-Cache
X-Up
X-VCL-Version
Pramga
X-M-Reqid
X-Micro-Cache
X-M-Log
True-Client-IP
X-NGINX-Cache
X-Srv
X-Dispatch
X-Pass-Why
X-Wa
X-Alfa-Service
C-Via
X-Qnm-Cache
X-App
X-CACHE-KEY
X-Vc
My-App
X-TrackingId
N-Cache
Hostname
X-Edge-Origin-Shield-Region
X-CSRF-TOKEN
X-Lambda-Id
X-Varnish-Beresp-TTL
X-Edge-Origin-Shield-Bytes
X-Platform
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
Path
On-Server
X-Req
X-Vcl-Version
X-Check-Cacheable
True-Client-Ip
Esi-Enabled
Request-ID
X-Air-Pt
X-AIR-PT
X-ApacheServer
X-Vtex-Processado-Em
X-HS-Status
Resin-Trace
X-Vercel-Id
Tcn
X-Vtex-Remote-Cache
X-PERF
X-Vercel-Cache
Tracecode
GeoIP-Latitude
X-LB-ID
X-SD-PageType
CacheControlHeader
X-TH-Server
X-B3-Spanid
X-Node-Id
NtCoent-Length
X-SERVER-NAME
Proxy-Connection
X-Request-Start
X-API-Version
X-LAGOON
Cdn
True-Client-Country-4JS
DT-Hot-News
Cache-Key
X-Akamai-Pragma-Client-IP
HIT
GeoIP-Country-Code
X-CLOUD-TRACE-CONTEXT
XkeyRZ
X-FPC
X-Proxy-CacheRZ
DynaTrace
Hit
X-Webkit-CSP-Report-Only
X-Render-Time
X-Webkit-Csp-Report-Only
X-Geo
Section-Origin-Responded
X-Platform-Router
X-Platform-Processor
Section-Io-Origin-Time-Seconds
X-Edge-POP
Section-Io-Id
Section-Io-Origin-Status
X-Platform-Cluster
ENV
X-Mly-Id
X-WA
X-Proxy-Upstream
X-Via-CDN
X-Op-Id-All
X-VarnishDD-TTL
X-Traceid
X-Via-Ucdn
X-HN
XM
PFcat
X-Dw-Trace-Id
X-ServedByHost
User-Agent
X-Proxy-Cache-Hk
X-Lb-Id
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Server-Ttl
Server-Id
Lb
MIME-Version
X-Cdn-Forward
SRV
X-Datacenter
X-LiteSpeed-Cache-Control
X-Via-PopN
YJS-ID
X-Via-PopH
X-Nf-Request-Id
X-Accel-Expires-Debug
WWW-Authenticate
X-Date
X-Via-PopV
Yjs-Id
X-Cache-Ttl
X-LiteSpeed-Tag
X-CUA
M-TraceId
X-FORWARDED-FOR
Geoip-Latitude
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Ftr-Request-Id
FSS-Cache
X-LI-Proto
X-Cache-Backend
Dnion-Transfer-Encoding
X-CF-Powered-By
X-RAMCache
X-TT-LOGID
X-DI
X-RPS
X-RSL
X-Old-Content-Length
X-RPM
X-DW
PICS-Label
X-DB
X-DSS
Location
Warning
X-Request-Url
Vha6-Origin
X-Nc
X-Httpd
X-HA-Backend
X-HITS
XServer
X-Fastly-Backend-Reqs
X-Akamai-Request-ID
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Nginx-CQVIP
X-UA
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache
X-Server-IP
Wpo-Cache-Status
X-Lb-Nocache
Wpo-Cache-Message
X-Fastly-Cache-Hits
X-HostName
X-Service-Response-Time
WZWS-RAY
X-Response-By
X-B3-ParentSpanId
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Ohc-File-Size
Sm-Log-Id
X-Cdn-Request-ID
X-Cc-Via
Cdn-Requestcountrycode
Cdn-Pullzone
Cdn-Cache
Cdn-Requestid
Cdn-Cachedat
Cdn-Edgestorageid
X-Cache-Ngx
Cdn-Uid
CountryCode
X-Instance-Name
X-Serial
Powered-By
X-DataCenter
X-Moov-T
X-MiniProfiler-Ids
Uri
X-Snapshot-Date
Req-ID
Fastcgi-Cache-Ttl
Ohc-Cache-HIT
X-Moov-Xdn-Version