Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-FRAME-OPTIONS
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
P3p
Access-Control-Max-Age
X-Ua-Compatible
X-Request-ID
X-Via
X-Dns-Prefetch-Control
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-Turbo-Charged-By
X-AH-Environment
X-Amz-Request-Id
X-Backend
X-Ws-Request-Id
X-Amz-Id-2
X-Proxy-Cache
X-Akamai-Path-Stats
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
EagleId
X-Rq
X-Vhost
X-Varnish-Cache
Grace
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Cf-Edge-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Allow
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-OneAgent-JS-Injection
X-Server-Id
X-Node
EagleEye-TraceId
X-Pingback
X-Cache-Spec
Surrogate-Control
Request-Id
Cf-Railgun
X-Akam-SW-Version
X-Backend-Server
X-Readtime
Accept-CH
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-HW
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
Content-Location
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-WebKit-CSP-Report-Only
X-Url
X-Country
X-Clacks-Overhead
X-Edge
X-Amz-Server-Side-Encryption
X-B3-TraceId
X-MS-InvokeApp
X-Rack-Cache
Accept-Ch
Accept-Ch-Lifetime
Edge-Control
X-Ruxit-JS-Agent
X-PC
X-Vname
X-TtlSet
X-ESI
X-Vcap-Request-Id
X-Content-Type
Xkey
X-CST
X-Mod-Pagespeed
X-VARITI-CCR
X-D2id
X-Mcache
X-Nginx-Upstream-Cache-Status
X-Amz-Rid
X-GitHub-Request-Id
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
Verso
Cache-Tag
RTSS
X-Varnish-TTL
X-FastCGI-Cache
X-Powered-By-Plesk
X-Cached
X-Navigation-Version
X-Upstream
X-ECACHE
Service-Worker-Allowed
X-Version
X-Dw-Request-Base-Id
X-Client-IP
X-Abt-Application-Version
X-Ruxit-Js-Agent
X-Oneagent-Js-Injection
X-Px
Public-Key-Pins
X-Cnection
X-Ac
X-Ser
Arr-Disable-Session-Affinity
X-Middleton-Display
Pagespeed
X-Sol
Display
X-SharePointHealthScore
SPRequestGuid
X-Server-Name
X-Element-Page-Cache
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Ttl
X-NF-Request-ID
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-Country-Code
X-NWS-LOG-UUID
X-Midtier
X-RateLimit-Remaining
X-Goog-Hash
Response
X-Middleton-Response
X-Kinsta-Cache
X-Edge-Location-Klb
Permissions-Policy
Access-Control-Request-Method
X-Cache-Key
X-Forwarded-For
X-DataDome
Content-MD5
X-Powered-CMS
X-Shield-Request-Id
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Edge-Cache-Tag
Front-End-Https
X-Correlation-Id
X-T
X-Jurisdiction
Nginx-Cache
X-HP-Webp
X-HP-Trace-Id
X-Recruiting
TP-Cache
TP-L2-Cache
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
AR-CACHE
X-Accel-Expires
X-RateLimit-Limit
X-Daa-Tunnel
X-Grace
MicrosoftSharePointTeamServices
TCN
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Id
X-Mg-S
X-Litespeed-Cache
X-Request-Received
X-Request-Processing-Time
Filters
X-Content-Digest
X-TEC-API-ORIGIN
X-HS-Hub-Id
X-TEC-API-ROOT
X-HS-Cache-Config
X-TEC-API-VERSION
X-Hits
X-HS-Combine-CSS
X-LLID
X-HS-Content-Id
Server-Node
S
X-Fastly-Request-Id
X-Frontend
X-Distributor
Server-Name
X-Amzn-Trace-Id
X-Protected-By
Cache-Status
X-TTL
X-Webkit-Csp
MS-Author-Via
X-Geo-Country
X-PressLabs-Stats
Fastcgi-Cache
X-LB-Cache
X-Language
X-Microsite
X-Request-Handler-Origin-Region
X-Ezoic-Cdn
Cross-Origin-Opener-Policy
Filterid
X-Ua-Browser
X-Forwarded-Proto
Charset
X-Ab
X-Origin-Server
X-F-Cache
X-FB-Debug
Host
X-Seen-By
Realpath
X-Page-Id
X-Ratelimit-Reset
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
X-B3-Sampled
Payment
Count-Hit
X-ASPNET-VERSION
Accept-Charset
X-Cache-Age
X-Cluster-Name
X-Fastcgi-Cache
X-DynaTrace
X-NGENIX-Cache
X-VCache
Alternate-Protocol
X-Origin-Cache
X-XRDS-Location
Surrogate-Key
Cache-Tags
X-Erf-Bev-Bev
X-Browser-Type
X-AppVersion
Retry-After
X-Erf-Bev-Bev-Is-Generated
X-Activity-Id
X-Az
X-Content
Cleartype
X-Rid
X-Template
X-Webkit-CSP
X-Www-Served-By
X-Varnish-Backend
X-Node-Name
X-App-Environment
X-Type
X-Proxy
X-Signature
X-TT
Access-Control-Allow-Method
ServerID
X-Amz-Replication-Status
X-B-Cache
X-Wix-Request-Id
X-Varnish-Grace
X-Aspnet-Duration-Ms
X-B
Paypal-Debug-Id
X-Upgrade-Enabled
X-Flags
X-Is-Crawler
X-Request-Guid
X-Providence-Cookie
X-Route-Name
DC
X-Logged-In
X-Drupal-Cache-Tags
X-Tb
X-Debug
X-Tt-Trace-Host
X-Tt-Trace-Tag
Frame-Options
X-DIS-Request-ID
Cf-Apo-Via
X-Mobile
X-Hostname
X-Content-Options
X-Envoy-Decorator-Operation
X-XRDS-LOCATION
X-Load-Cache
X-Source
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Revision
X-Cache-Control
X-Pinterest-Rid
Pinterest-Generated-By
X-N
Pinterest-Version
Country
X-Ratelimit-Remaining
X-Kong-Proxy-Latency
X-Contextid
X-Kong-Upstream-Latency
X-User-Agent
X-Whom
X-Magnolia-Registration
Referer-Policy
Viewport
X-EdgeConnect-Cache-Status
X-Restarts
X-Response-Served-From
X-Original-Request-Id
X-Cache-Rule
X-Varnish-Age
Node
Refresh
X-Mid
Content-Disposition
Amp-Access-Control-Allow-Source-Origin
NGB
X-Cache-TTL-Remaining
Akamai-GRN
X-Environment-Context
X-Akamai-Request-ID2
Access-Control-Request-Headers
VIX-Pulpo-Upstream-Status
X-Debug-IsPreview
X-L-Path
X-Debug-IsConnected
X-Framework
VIX-Pulpo-Node
X-Instance
X-Page-View
X-NYM-Debug-Backend
X-Varnish-Server
X-Real-IP
X-Yottaa-Optimizations
X-Jobs
X-Yottaa-Metrics
X-Cache-Time
X-Cacheable-TTL
Uber-Trace-Id
X-Mg-Request-UUID
X-Fastly-Request-ID
X-Adobe-Loc
X-Cache-Grace
Url
X-Rendered-As
X-Is-Bot
X-Adobe-Content
X-Unique-Id
X-G
X-Drupal-Cache-Contexts
Countrycode
X-Debug-Info
X-Servername
X-App-Server
Version
X-Status
X-Content-Powered-By
X-Server-ID
X-ProcessESI
X-RemovedCookies
X-Http-Reason
X-Ratelimit-Limit
X-COUNTRY
Protected
X-APP-VERSION
X-IPLB-Request-ID
X-IPLB-Instance
X-Tt-Logid
Accept-Language
X-Hosted-By
X-Trace-Id
X-CDN-Forward
X-Time
Liferay-Portal
X-Device-Type
Healthy
X-Nginx-Cache-Key
X-Cache-Expired-At
Srv
Fastcgi-Useragent
X-Via-JSL
X-Cache-Hit
X-FW-Server
X-RTag
X-UUID
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-FW-Serve
X-FW-Type
MS-CV
Ms-Operation-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Azure-Ref
X-Tumblr-User
X-Tumblr-Pixel-1
X-Cache-NGX
X-Proxy-Cache-Status
Backend
X-Mobile-URL
X-Backend-Name
X-ECache
Section-Io-Cache
Content-Secure-Policy
X-Oracle-Dms-Ecid
X-HTML-Minification-Powered-By
X-Oracle-Dms-Rid
X-RN-RSRV
X-UPSTREAM-Address
Load-Balancing
X-Cache-Operation
Meta-Geo
CF-IPCountry
X-Storage
Server-Info
X-Sql-Count
X-Cache-Host
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Redis-Cache
Azure-RegionName
Azure-SiteName
X-Sql-Duration-Ms
X-Site-Version
Azure-SlotName
X-ShopId
Azure-Version
Eomportal-Instance
Onion-Location
S-Rt
X-Content-Age
Azure-InstanceId
Locale
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Varnish-Cache-Hits
X-Uri
X-OCL
X-PCL
X-Varnishpool
X-Zen-Fury
X-Handled-By
X-Urbn-Site-Id
X-PHP-Backend
X-Urbn-Context-Path
X-Cache-Server
X-No-Session
X-Locale
X-Edge-Location
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Origin-Date
DB-Nickname
X-PHP-Host
X-Section
TWC-GeoIP-Country
TWC-Device-Class
Selected-Fe
X-JoinUs
X-Origin-Hint
X-SaId
X-Hl-Ver
X-Server-W
X-Cache-Enabled
X-Akamai-Edgescape
Property-Id
TWC-Connection-Speed
TWC-Locale-Group
X-BYPASS-REASON
X-Say-Cacheable
X-AWS-Id
X-Debug-Cache
X-Format
X-Via-Fastly
X-ProxyCache-Key
X-Timing-Wait
X-SayCDN-TTL
X-LJ-Flow-ID
X-Say-TTL
X-Cms-Context
X-Access
X-Generation-Time
TWC-Privacy
X-VWS-Id
X-ProxyCache-Status
X-ServerID
TWC-GeoIP-LatLong
X-Proto
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
X-VC-Cache
X-Proxy-Build
X-Varnish-Hostname
Web-Mar-Node
Apigw-Requestid
X-Generated-By
X-Cache-Status-Check
X-SRV
GEO-INFO
X-Mode
X-Cache-Type
X-UA-Device-Type
X-Tid
X-Request-Time
X-Nginx-Cache
X-Datadome
X-Region
X-FB-TRIP-ID
ServedBy
X-Adobe-Source
CDN-EdgeStorageId
CDN-RequestId
CDN-CachedAt
CDN-PullZone
WP-Super-Cache
CDN-Uid
CDN-RequestCountryCode
CDN-Cache
X-Skip-Cache
X-GeoCode
X-Extlb
X-GeoCountry
X-Zipkin-Id
X-Xfnlog-Site
X-Routing-Service
X-Proxied
Mn-Server-Ip
X-Detected-As
X-Web-Node
X-Varnish-Beresp-Grace
X-Ua
X-Cache-Action
X-Human
X-DynaTrace-JS-Agent
X-Dc
SD-X-WS
X-Rule
X-R9-Blue-Green-Version
X-LSADC-Cache
X-Correlation-ID
Cache-Name
X-Ms-Request-Id
X-Ms-Version
Cache
X-FireWall-Port
X-Cached-By
X-Cache-Tags
Xet-Cookie
Cross-Origin-Window-Policy
LB
WPO-Cache-Message
WPO-Cache-Status
X-App-Version
X-Amzn-RequestId
X-Varnish-Ttl
X-Amz-Apigw-Id
Source
X-GG-Cache-Date
X-WP-CF-Super-Cache
X-RCS-CacheZone
X-WP-CF-Super-Cache-Cache-Control
Cross-Origin-Resource-Policy
X-Varnish-Hits
Xserver
X-NewRelic-App-Data
X-Via-NSCOPI
Origin
X-Aspnetmvc-Version
X-GEO
X-MP-GENERATED-AT
X-Cdn
X-IPS-LoggedIn
X-Reqid
Cache-Hits
X-Loop
X-TNCMS
X-Pubstack
X-Origin-TTL
X-Origin-CC
X-AOL-HN
X-Amzn-Remapped-Content-Length
X-Soup
X-B3-SpanId
X-URL
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-FW-Version
X-Tumblr-Pixel-2
X-Cluster-Node
Rip
X-Platform-Server
X-Api-Version
X-Service
Upgrade-Insecure-Requests
X-Origin-Response-Time
X-User
X-B-Cookie
X-ARC
X-Tenant
From-Origin
X-Application
X-TIM-N
X-CSRF-Token
X-AK-Request-ID
X-Bc-Bl
A
X-Forwarded-Path
X-Destination
X-Developer
X-Ec-Fail
HostName
X-Connection-Hash
Xc-Version
X-D
X-Ec-GeoHdr
Fastly-SSL
X-Vdms-Version
X-Vdms-Path
X-Aed
X-VG-WebCache
X-External-Request-Id
X-Cache-NE
X-BCube-Filmed-By
X-A-Dgt
Expiry
Rendered-Blocks
X-Processor
Redirect-Candidate
Environment
Sslversion
X-S-Cookie
X-SRCache-Key
X-Shop-Environment
Odigeo-Trace-Id
Ngx.Var.Host
Host-ID
X-Rojux
X-Served-From
X-S
X-Rewrite-Enabled
Meta-Geo-Continent
X-Session-Fingerprint
MD5-Digest
Lang
X-PBS-Appsvrname
Candidate-Md5Url
X-Owner
Cdncip
X-Vgn-Hpd-Reason
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
Cdnsip
X-NAPM-TraceId
X-Orig-Expires
DCR-Processing-Time-Ms
X-ScT
DCR-Decision-By
X-A-Wwc
T-Server
Surrogated-Key
BehaviorPad-Version
X-Cluster
X-VC
Webserver
X-Request-Host
OT-Force-Account-Verify
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Machine
X-Dispatcher-Number
X-Forwarded-Site
X-Pool
X-Generated-On
X-Level-Front-Cache
X-Irp-Debug
X-Accel-Buffering
X-NWS-UUID-VERIFY
X-TIME
X-Yandex-Sdch-Disable
VNS-Age
VNS-Cache
We-Hiring
Vix-Hermes-Req-Id
Mail-Subject
V-Age
X-Mvc-Supplant-Cachable
X-NodeID
Web-Mar-Region
X-Hash
X-Gzip
X-HS-Content-Campaign-Id
X-Rocket-Nginx-Serving-Static
X-Nyt-Route
X-Rocket-Build-Number
X-Minions-Version
X-Origin
X-RateLimit-Limit-Second
X-Request-URI
X-Planisys-CDN-TTL
NM-Fastcgi-Cache
X-RateLimit-Remaining-Second
X-Region-Sid
Mobile-Detection-Method
Req-Svc-Chain
X-Planisys-CDN-Rules
X-Sigma
X-Origin-Time
Memcached
X-Sigma-Backend
State
Server-Host
X-Planisys-CDN-Cache
X-Optimistic-Header
X-SplitTest
X-Ckpd-Fst-Backend
X-WADP-Cache
X-Epic-Correlation-Id
X-CGP
X-CacheTTL
X-Fastly-Cache
X-Eu-Site
X-Esi-Check
X-SB
X-Clara-WADP
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Qloud-Router
X-Datadog-Trace-Id
X-Csrf-Jwt
X-Wix-Viewer-Type
X-Clientip
X-Core-Value
X-Fmm-Version
X-WA-Info
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Gdpr
X-Geo-Header
X-Bip
L5d-Success-Class
X-Aicache-OS
X-BBC-Edge-Cache-Status
X-Gateway-Cache-Key
X-VG-TLSProxy
X-Thanos
X-Viewer-Country
X-Cache-Id
X-Cache-Bucket
X-V-Cache
X-Gamma-Serve
X-Branch-Name
X-Slack-Backend
X-Cache-Info
Cache-Tv-Group
Cache-Host
WebServer
CPC-Age
Cluster
Cmsid
Country-Code
CPC-Cache
Cmstype
Datacenter
Fastly-Backend-Name
L
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Kp-EeAlive
Fastly-GeoIP-CountryCode
X-Provided-By
Tube-Return
Tube-Got-Results
Release
X-Ad-Defer-Variation
X-DPWN-IS-SECURE
X-Cdn-Srv
X-Fetched-On
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
Tube-Get-Contents
X-Core-Mission
X-DefElseHash
X-Cdn-Origin
Thinkindot-CacheControl-Type
X-Device-Os
Tube-Got-Eval
NGX
X-Hnp-Log
X-Scheme
AMP-Access-Control-Allow-Source-Origin
X-Has-Esi
X-Gen-Mode
X-Scale
X-Cache-Remote
X-Pod-Name
X-Policy
X-JWT-State
X-Is-Gdpr
X-Worker
Adler-Geo
X-Ec-Custom-Error
X-Block-Status
X-Developers
Platform
Is-Eu
Fastly-SWR
Click-Count-Action-Start
Click-Count-Error
DSUID
Fastly-SIE
Producers
X-DefHash
Svr
X-Rebelmouse-Surrogate-Control
X-Varnish-Remaining-TTL
User-Cache-Control
CDCHOST
X-Rebelmouse-Cache-Control
Wxu-Next-Region
Wxu-Next-Hostname
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-SVT-ORM-VERSION
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Thinkindot-L3
X-S-Maxage
X-Variation
Servername
Apple-News-Services-Request-Url
Wxu-Next-Commit
X-Proxy-Cache-Info
X-Auto-Login
X-Parent-Response-Time
X-Origin-Expires
X-Loc
Apple-News-Services-Handled
AKAMAI
X-GeoIP-City
X-GeoIP
Apple-News-Services-Parsed-Url
X-INCAP-ABP
Apple-News-Services-Host
X-NCache
X-SIPLIST1
X-Microcachable
Fastcgi-Cache-TTL
CloudFront-Viewer-Country
X-VServer
Traceparent
X-Mvc-Supplant-OutputCached
Origin-EX
Origin-CC
IsBot
X-Ig-Push-State
X-ZONE
SID
X-Varnish-Beresp-Ttl
Mime-Version
X-Udemy-Cache-App-Namespace
Ssr
Sever-Int
Ec-Rule-Version
X-LB-NoCache
X-Cache-Date
X-Conf
X-Tx-Id
Server-Ext
Server-Hostname
X-Tec-Api-Origin
X-Varnish-Beresp-Status
Pics-Label
X-Tec-Api-Version
X-Tec-Api-Root
Fastly-Drupal-Html
X-CMSURLCustom
Memory
X-Via-Poph
X-Via-Popv
X-Generated-In
X-Be
Time
Canary
X-Via-Popn
Sid
X-Tb-Optimization-Total-Bytes-Saved
X-Dmc
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-ATG-Version
X-Sucuri-Cache
X-Refresh
X-Sucuri-ID
X-CS
X-PX
X-Edge-Pop
X-MSEdge-Flight
X-MSEdge-Features
X-B3-Traceid
X-Presslabs-Stats
X-Azure-Ref-OriginShield
X-FC-Vary-Parameters
X-Var-Ttl
X-ND-Cache
Server-ID
X-WP-CF-Super-Cache-Active
X-Fastly-Backend
X-Buckets
X-Cache-Debug
X-TRACE-ID
X-Xrds-Location
Env
X-Servedbyhost
X-NC
X-Trace-ID
X-Wikidot-Static-Cache
X-Newrelic-App-Data
X-Wikidot-Backend
X-Akamai-Transformed
X-TX-ID
X-CACHE-KEY
CDN
Fastly-Drupal-HTML
X-Cs
X-Esi
GeoIp-Country-Code
X-Endurance-Cache-Level
X-Fpc
X-Release
X-EC-Lua
X-MCACHE
X-CF-Lambda-Fn
X-Zone
X-CF-Lambda-Version
X-ID
Magicmarker
X-Hyper-Cache
X-Tumblr-Pixel-3
X-DC
X-M-Reqid
X-M-Log
X-Micro-Cache
True-Client-IP
X-RateLimit-Reset
X-CACHE-AGE
Pramga
X-Varnish-Beresp-TTL
X-Up
X-Qnm-Cache
X-NGINX-Cache
X-Srv
C-Via
X-Pass-Why
X-Alfa-Service
X-Edge-Origin-Shield-Region
X-TrackingId
X-App
X-Dispatch
X-VCL-Version
N-Cache
My-App
X-Vc
X-Edge-Origin-Shield-Bytes
Hostname
X-CSRF-TOKEN
X-Vcl-Version
On-Server
X-Lambda-Id
X-Wa
X-Platform
Tcn
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
Path
Esi-Enabled
X-PERF
X-AIR-PT
X-ApacheServer
X-HS-Status
X-Vtex-Remote-Cache
Resin-Trace
X-Check-Cacheable
X-Air-Pt
X-Req
X-Vtex-Processado-Em
X-Vercel-Cache
X-Vercel-Id
X-SD-PageType
True-Client-Ip
NtCoent-Length
X-LB-ID
X-TH-Server
CacheControlHeader
GeoIP-Latitude
X-Node-Id
HIT
X-LAGOON
Proxy-Connection
Cache-Key
Tracecode
X-SERVER-NAME
X-B3-Spanid
GeoIP-Country-Code
X-Request-Start
X-FPC
X-API-Version
X-Proxy-CacheRZ
X-Render-Time
X-Akamai-Pragma-Client-IP
XkeyRZ
Cdn
True-Client-Country-4JS
DT-Hot-News
X-CLOUD-TRACE-CONTEXT
X-Geo
ENV
X-WA
XM
PFcat
DynaTrace
X-Via-Ucdn
X-Webkit-CSP-Report-Only
Hit
X-Proxy-Upstream
X-VarnishDD-TTL
X-HN
X-Webkit-Csp-Report-Only
X-Cdn-Forward
Section-Origin-Responded
X-Traceid
Section-Io-Origin-Time-Seconds
X-Platform-Router
X-ServedByHost
X-Op-Id-All
Section-Io-Origin-Status
Section-Io-Id
X-Platform-Processor
Server-Id
X-Platform-Cluster
X-Mly-Id
SRV
Lb
Server-Ttl
MIME-Version
X-Via-CDN
X-Dw-Trace-Id
User-Agent
X-Proxy-Cache-Hk
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Lb-Id
X-Edge-POP
Yjs-Id
Geoip-Latitude
YJS-ID
M-TraceId
X-Via-PopV
X-Via-PopH
X-Date
FSS-Cache
X-Via-PopN
X-LiteSpeed-Cache-Control
X-Nf-Request-Id
X-Ftr-Request-Id
X-Accel-Expires-Debug
X-Cache-Backend
WWW-Authenticate
X-Datacenter
Warning
X-Cache-Ttl
X-HA-Backend
X-FORWARDED-FOR
X-Request-Url
Dnion-Transfer-Encoding
X-RAMCache
X-CUA
X-Li-Fabric
X-LiteSpeed-Tag
PICS-Label
X-TT-LOGID
X-LI-UUID
X-Li-Pop
X-LI-Proto
X-Akamai-ERRuleID
Nginx-CQVIP
X-Lb-Nocache
X-Akamai-Request-ID
X-RPM
X-DW
X-DSS
X-RPS
X-Server-IP
X-Old-Content-Length
X-RSL
X-HITS
XServer
X-DI
X-Nc
X-CF-Powered-By
X-Fastly-Backend-Reqs
Vha6-Origin
X-DB
Location
X-Httpd
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
X-UA
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Sm-Log-Id
X-Fastly-Cache-Hits
X-Service-Response-Time
WZWS-RAY
X-Response-By
X-Instance-Name
X-Cdn-Request-ID
X-HostName
X-Cc-Via
X-IN-APIGATEWAY
Ohc-File-Size
X-B3-ParentSpanId
Wpo-Cache-Message
Wpo-Cache-Status
X-IN-APIGATEWAYSSL
X-Cache-Ngx
Cdn-Cachedat
Cdn-Cache
Wp-Super-Cache
CountryCode
Cdn-Edgestorageid
Cdn-Uid
Cdn-Pullzone
Cdn-Requestid
Cdn-Requestcountrycode
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
X-Snapshot-Date
X-Moov-T
X-Moov-Xdn-Version
Req-ID
X-MiniProfiler-Ids
X-Serial
X-APP
Dt-Hot-News
Ohc-Cache-HIT
Uri
Fastcgi-Cache-Ttl