Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
CF-Ray
X-Generator
X-Cacheable
X-Request-ID
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
X-XSS-PROTECTION
Upgrade
P3p
Access-Control-Max-Age
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
X-Dns-Prefetch-Control
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Proxy-Cache
X-Amz-Id-2
X-Backend
X-Age
X-Ws-Request-Id
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
EagleId
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Akamai-Path-Stats
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Aws-Lambda-Call-Status
Accept-CH
X-Host
X-Node
X-OneAgent-JS-Injection
X-Pingback
Cf-Railgun
X-Server-Id
X-Cache-Spec
Surrogate-Control
X-Akam-SW-Version
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Response-Time
X-Cache-Lookup
X-Readtime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
X-WebKit-CSP-Report-Only
X-Url
X-Clacks-Overhead
Accept-Ch-Lifetime
X-Nginx-Upstream-Cache-Status
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Rack-Cache
Edge-Control
X-Edge
X-B3-TraceId
X-PC
X-TtlSet
X-Vname
X-Ruxit-JS-Agent
X-ESI
X-Mod-Pagespeed
X-Content-Type
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-CST
Verso
Xkey
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja
X-GitHub-Request-Id
X-Amz-Rid
X-D2id
Cache-Tag
X-Mcache
X-Powered-By-Plesk
X-Varnish-TTL
X-Ruxit-Js-Agent
Service-Worker-Allowed
RTSS
X-VARITI-CCR
X-ECACHE
X-Upstream
X-FastCGI-Cache
X-Version
X-Abt-Application-Version
X-Cached
X-Navigation-Version
X-Client-IP
X-Ac
X-Cnection
X-Dw-Request-Base-Id
X-Ttl
SPRequestGuid
X-SharePointHealthScore
X-Px
X-Element-Page-Cache
X-Server-Name
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
SPRequestDuration
SPIisLatency
Public-Key-Pins
Permissions-Policy
X-Middleton-Display
X-Sol
Display
X-Country-Code
Pagespeed
X-NWS-LOG-UUID
X-Cache-TTL
X-Ser
X-Middleton-Response
Response
X-Midtier
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-Cache-Key
Cf-Apo-Via
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-For
Content-MD5
Accept-Ch
Access-Control-Request-Method
X-Correlation-Id
X-RateLimit-Remaining
X-NF-Request-ID
Front-End-Https
X-Shield-Request-Id
X-MSEdge-Ref
X-DataDome
TP-Cache
TP-L2-Cache
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
MicrosoftSharePointTeamServices
X-T
X-Recruiting
Edge-Cache-Tag
AR-ATIME
AR-CACHE
X-Accel-Expires
AR-PoweredBy
AR-SID
AR-Request-ID
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Nginx-Cache
X-Powered-CMS
X-Daa-Tunnel
TCN
X-Grace
X-Mg-S
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Content-Digest
X-RateLimit-Limit
X-Id
X-Hits
X-Request-Processing-Time
X-TEC-API-VERSION
Server-Node
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Request-Received
Filters
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
Server-Name
X-HS-Cache-Config
X-Amzn-Trace-Id
X-XRDS-Location
MS-Author-Via
X-Frontend
X-Geo-Country
X-Distributor
Fastcgi-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
S
X-Webkit-Csp
X-Protected-By
X-PressLabs-Stats
X-Fastcgi-Cache
X-Language
Cache-Status
X-LLID
X-Origin-Server
X-Litespeed-Cache
Count-Hit
X-Ezoic-Cdn
Filterid
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-LB-Cache
X-F-Cache
X-Amz-Meta-S3cmd-Attrs
X-Ab
X-Ua-Browser
X-Fastly-Request-Id
X-B3-Sampled
X-Seen-By
X-Page-Id
X-Microsite
X-Request-Handler-Origin-Region
Payment
X-FB-Debug
Charset
Host
X-Git-Hash
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Cluster-Name
X-VCache
Surrogate-Key
X-Cache-Age
X-Rid
Cache-Tags
Realpath
Accept-Charset
X-Template
Access-Control-Allow-Method
X-NGENIX-Cache
X-Www-Served-By
X-Origin-Cache
Alternate-Protocol
X-TTL
X-Logged-In
Retry-After
X-Upgrade-Enabled
X-Source
X-DIS-Request-ID
Cleartype
X-Is-Crawler
X-Tb
X-Varnish-Backend
ServerID
X-Providence-Cookie
X-Activity-Id
X-Type
X-AppVersion
X-Az
X-Signature
X-Flags
X-TT
X-Aspnet-Duration-Ms
X-Wix-Request-Id
X-B-Cache
X-Route-Name
X-Request-Guid
X-Amz-Replication-Status
X-Varnish-Grace
X-Envoy-Decorator-Operation
X-B
X-App-Environment
Paypal-Debug-Id
DC
X-DynaTrace
X-Fastly-Request-ID
X-Node-Name
X-Hostname
X-Drupal-Cache-Tags
Frame-Options
X-Revision
X-Debug
X-Proxy
X-Contextid
X-Tt-Trace-Host
X-Tt-Trace-Tag
Pinterest-Version
X-Pinterest-Rid
X-Cache-Rule
Pinterest-Generated-By
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Ratelimit-Remaining
X-Content-Options
X-Mobile
Amp-Access-Control-Allow-Source-Origin
X-Load-Cache
X-Cache-Control
X-N
X-Magnolia-Registration
Country
Refresh
Node
X-EdgeConnect-Cache-Status
X-Oracle-Dms-Ecid
X-Response-Served-From
X-Oracle-Dms-Rid
X-Original-Request-Id
NGB
X-User-Agent
X-Whom
X-L-Path
X-Environment-Context
Access-Control-Request-Headers
Viewport
X-Cache-TTL-Remaining
Content-Disposition
Akamai-GRN
X-Akamai-Request-ID2
X-NYM-Debug-Backend
X-Page-View
X-Is-Bot
X-Instance
X-Content-Powered-By
X-Debug-IsPreview
X-Rendered-As
X-Servername
X-Yottaa-Optimizations
X-Debug-IsConnected
X-Yottaa-Metrics
X-Varnish-Server
X-Status
X-Framework
X-G
X-Adobe-Content
VIX-Pulpo-Node
X-Varnish-Age
Referer-Policy
X-Adobe-Loc
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Cacheable-TTL
X-Cache-Grace
Url
Uber-Trace-Id
X-Mid
X-Content
X-Unique-Id
X-Jobs
X-Real-IP
Srv
Countrycode
X-COUNTRY
X-Time
X-RemovedCookies
X-Drupal-Cache-Contexts
X-ProcessESI
Version
X-Mg-Request-UUID
X-Ratelimit-Limit
X-XRDS-LOCATION
Cross-Origin-Resource-Policy
X-Cache-Expired-At
Accept-Language
X-Via-JSL
X-CDN-Forward
X-Http-Reason
X-APP-VERSION
X-Cache-Hit
X-Restarts
X-App-Server
X-Tumblr-Pixel-0
X-Tumblr-User
Protected
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Cache-Operation
X-Trace-Id
Healthy
X-IPLB-Instance
X-IPLB-Request-ID
X-Backend-Name
X-Hosted-By
X-Azure-Ref
X-Debug-Info
Section-Io-Cache
Content-Secure-Policy
X-Akamai-Edgescape
X-Tt-Logid
X-Device-Type
X-Server-ID
X-Nginx-Cache-Key
Backend
X-Cache-Action
X-SRV
Liferay-Portal
X-Rule
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-FW-Dynamic
Server-Info
X-Api-Version
GEO-INFO
X-VC-Cache
Meta-Geo
X-RN-RSRV
X-Storage
X-Generation-Time
Load-Balancing
X-UPSTREAM-Address
X-Mobile-URL
Ms-Operation-Id
X-Mode
X-RTag
MS-CV
X-Proxy-Cache-Status
Fastcgi-Useragent
X-Content-Age
CF-IPCountry
X-HTML-Minification-Powered-By
X-Sorting-Hat-ShopId
X-Access
X-Adobe-Source
X-Sql-Count
CDN-RequestCountryCode
X-SaId
CDN-PullZone
X-ShopId
CDN-EdgeStorageId
X-Sorting-Hat-PodId
X-ShardId
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-PHP-Host
X-Shopify-Stage
Azure-Version
X-Sql-Duration-Ms
CDN-CachedAt
CDN-Cache
X-Generated-By
X-Region
CDN-Uid
Web-Mar-Node
X-Alternate-Cache-Key
X-Varnish-Beresp-Grace
X-JoinUs
X-Urbn-Site-Id
X-Labrador-Cache-Channel
X-Cache-Host
X-URL
X-LJ-Flow-ID
X-Say-TTL
X-VWS-Id
X-Say-Cacheable
X-SayCDN-TTL
X-Forwarded-Host
X-Section
X-AWS-Id
Azure-InstanceId
X-Format
X-Edge-Location
X-Urbn-Context-Path
X-Handled-By
Locale
CDN-RequestId
Apigw-Requestid
X-Cache-Type
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-BYPASS-REASON
X-Locale
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
X-Detected-As
X-Cache-Enabled
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
X-Extlb
X-Routing-Service
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Redis-Cache
X-Zipkin-Id
Eomportal-Instance
X-Proto
S-Rt
X-GeoCode
X-Site-Version
X-Skip-Cache
X-UA-Device-Type
X-Storefront-Renderer-Rendered
X-ServerID
X-Cache-NGX
X-Uri
X-Web-Node
X-Varnish-Hostname
X-Varnish-Cache-Hits
X-Cache-Server
Onion-Location
X-FireWall-Port
X-ProxyCache-Key
X-Ms-Request-Id
X-Proxied
Xserver
X-GeoCountry
X-Origin-Hint
X-Cms-Context
X-ProxyCache-Status
X-PCL
X-No-Session
X-OCL
X-Ms-Version
X-Datadome
X-Timing-Wait
X-Tid
Selected-Fe
X-Server-W
X-Request-Time
Mn-Server-Ip
X-Varnishpool
X-PHP-Backend
X-Hl-Ver
X-Proxy-Build
Cache-Name
WP-Super-Cache
X-WP-CF-Super-Cache
X-Origin-Date
X-Nginx-Cache
X-WP-CF-Super-Cache-Cache-Control
X-FB-TRIP-ID
DB-Nickname
X-Via-Fastly
X-Amzn-RequestId
X-Cache-Status-Check
X-Amz-Apigw-Id
X-UUID
X-ECache
X-Varnish-Ttl
X-DynaTrace-JS-Agent
X-LSADC-Cache
X-Loop
X-TNCMS
ServedBy
X-Ua
X-Zen-Fury
X-Pubstack
X-Reqid
Xet-Cookie
X-Human
X-Aspnetmvc-Version
X-Amzn-Remapped-Content-Length
X-TA-CDN-Provider
X-Provided-By
X-Correlation-ID
X-RCS-CacheZone
X-Dc
X-Cdn
X-App-Version
Source
X-Cache-Tags
X-Vgn-Hpd-Reason
Cache
X-GEO
X-Soup
X-MP-GENERATED-AT
Origin
X-Webkit-CSP
X-Cached-By
X-Origin-TTL
X-Origin-CC
X-Varnish-Hits
X-Debug-Cache
Cross-Origin-Window-Policy
X-Tumblr-Pixel-2
From-Origin
X-Newrelic-Synthetics
X-Service
WPO-Cache-Status
SD-X-WS
WPO-Cache-Message
X-Varnish-Beresp-Ttl
LB
Webserver
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-IPS-LoggedIn
X-Trace-ID
Rip
X-Cache-Debug
X-Request-Host
X-NewRelic-App-Data
X-B3-Traceid
X-AOL-HN
X-A-Dcw
X-Orig-Expires
X-A-Wwc
X-A-Dam
X-PBS-Appsvrname
Expiry
X-A-Dgt
X-Parent-Response-Time
DCR-Processing-Time-Ms
X-Ec-GeoHdr
X-Ec-Fail
Cdncip
Cdnsip
X-External-Request-Id
X-Cache-NE
X-Developer
A
X-D
X-Connection-Hash
BehaviorPad-Version
X-Destination
X-Forwarded-Path
X-BCube-Filmed-By
X-Application
X-ARC
X-AK-Request-ID
Environment
X-Aed
X-B-Cookie
X-A-Ccd
X-Bc-Bl
CPC-Age
CPC-Cache
DCR-Decision-By
X-NAPM-TraceId
Host-ID
X-Tenant
Meta-Geo-Continent
X-TIM-N
MD5-Digest
Surrogated-Key
Lang
T-Server
X-SRCache-Key
X-A
Sslversion
X-VG-WebCache
Rendered-Blocks
Xc-Version
Odigeo-Trace-Id
X-Vdms-Version
Ngx.Var.Host
X-FW-Version
X-Vdms-Path
X-Shop-Environment
X-User
X-Rojux
X-S
X-S-Cookie
X-Rewrite-Enabled
X-Processor
VNS-Cache
VNS-Age
X-ScT
X-Platform-Server
X-TIME
X-Accel-Buffering
X-Served-From
Redirect-Candidate
X-Aicache-OS
X-Owner
X-Dispatcher-Number
X-CSRF-Token
HostName
X-Via-NSCOPI
X-B3-SpanId
X-Cluster-Node
Upgrade-Insecure-Requests
Mime-Version
X-GG-Cache-Date
OT-Force-Account-Verify
X-WP-CF-Super-Cache-Active
X-Cluster
Web-Mar-Region
We-Hiring
Producers
Release
X-Clientip
X-Clara-WADP
X-Cdn-Srv
X-Cdn-Origin
X-CacheTTL
Req-Svc-Chain
X-Auto-Login
Tube-Return
V-Age
X-Ad-Defer-Variation
Traceparent
Tube-Got-Eval
Tube-Get-Contents
X-BBC-Edge-Cache-Status
State
X-Cache-Bucket
Vix-Hermes-Req-Id
X-Cache-Id
Tube-Got-Results
X-Bip
Servername
X-Core-Mission
X-Cache-Info
X-NodeID
X-Rocket-Build-Number
X-Request-URI
X-RateLimit-Remaining-Second
X-Scale
X-Sigma
X-SIPLIST1
X-Sigma-Backend
X-RateLimit-Limit-Second
X-Qloud-Router
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Policy
X-Proxy-Cache-Info
X-Pool
X-Slack-Backend
X-Sn-Servicetimems
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Viewer-Country
X-VServer
X-Wix-Viewer-Type
X-WADP-Cache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-SVT-ORM-RULES
X-SplitTest
X-SVT-ORM-VERSION
X-Thanos
X-Varnish-Beresp-Status
X-Variation
X-Origin-Response-Time
X-Origin
X-Eu-Site
X-Esi-Check
X-Epic-Correlation-Id
X-Fmm-Version
X-Forwarded-Site
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-DefElseHash
X-Developers
X-DefHash
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Loc
X-JWT-State
X-Minions-Version
X-Mvc-Supplant-Cachable
X-Optimistic-Header
Platform
X-Is-Gdpr
X-Irp-Debug
X-GeoIP-City
X-GeoIP
X-Gzip
X-Has-Esi
X-INCAP-ABP
X-Hash
X-Csrf-Jwt
X-CGP
DSUID
Fastly-GeoIP-CountryCode
Decoy-Debug-TTL
Decoy-Debug-Key
Country-Code
Fastly-SIE
Fastly-SSL
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Fastly-SWR
Cmstype
Cmsid
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
X-VC
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Click-Count-Error
Click-Count-Action-Start
Candidate-Md5Url
Cache-Host
Is-Eu
Decoy-Debug-Status
Mail-Subject
NM-Fastcgi-Cache
Machine
NGX
Origin-EX
Mobile-Detection-Method
Kp-EeAlive
Origin-CC
IsBot
L5d-Success-Class
L
Fastly-Drupal-HTML
X-S-Maxage
Server-Host
Thinkindot-CacheControl-Type
X-Region-Sid
X-Nyt-Route
Canary
Server-Ext
X-Origin-Time
X-Ckpd-Fst-Backend
X-Rocket-Nginx-Serving-Static
X-Sucuri-ID
X-Mvc-Supplant-OutputCached
TDXMobile
X-Hnp-Log
Thinkindot-CacheControl
X-Fetched-On
X-Tx-Id
X-Device-Os
User-Cache-Control
X-Sucuri-Cache
X-Thinkindot-L3
X-Var-Ttl
X-Worker
X-SB
Server-Hostname
X-Gamma-Serve
CDCHOST
X-Gdpr
Wxu-Next-Commit
X-Generated-On
X-V-Cache
Thinkindot-Control
Wxu-Next-Region
X-FC-Vary-Parameters
X-CMSURLCustom
X-ATG-Version
X-Geo-Header
X-HS-Content-Campaign-Id
X-Core-Value
X-Branch-Name
Fastly-Backend-Name
X-Level-Front-Cache
Memcached
Wxu-Next-Hostname
X-Block-Status
X-Fastly-Backend
X-Gen-Mode
Datacenter
Cluster
Sever-Int
X-Cache-Remote
X-WA-Info
X-Newrelic-App-Data
Cache-Tv-Group
X-ND-Cache
Cache-Hits
X-Scheme
CloudFront-Viewer-Country
X-LB-NoCache
X-Azure-Ref-OriginShield
AKAMAI
Svr
X-NCache
Ec-Rule-Version
WebServer
Pics-Label
Fastcgi-Cache-TTL
X-Udemy-Cache-App-Namespace
X-ZONE
X-Nf-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Rebelmouse-Surrogate-Control
Ssr
SID
Time
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Session-Fingerprint
Memory
X-Fastly-Cache
Sid
X-Via-Popv
X-Via-Popn
X-Generated-In
X-Pod-Name
X-Via-Poph
Request-ID
AMP-Access-Control-Allow-Source-Origin
Server-ID
X-Servedbyhost
X-Refresh
X-Presslabs-Stats
X-Up
Env
X-Pass-Why
X-DC
X-Release
X-Akamai-Transformed
X-Wa
X-Cs
My-App
X-Cache-Date
X-Edge-Pop
X-Buckets
X-Tumblr-Pixel-3
X-Fpc
X-Dispatch
X-Ig-Push-State
X-Conf
X-Lambda-Id
X-NC
X-MSEdge-Flight
X-MSEdge-Features
X-Esi
X-NWS-UUID-VERIFY
X-EC-Lua
X-PX
X-ID
X-MCACHE
X-Zone
CDN
X-Microcachable
X-CS
X-Req
GeoIp-Country-Code
X-Xrds-Location
X-Dmc
X-VCL-Version
X-CACHE-AGE
X-Endurance-Cache-Level
X-TX-ID
X-LB-ID
True-Client-IP
Fastly-Drupal-Html
X-NGINX-Cache
X-Webkit-CSP-Report-Only
Magicmarker
True-Client-Country-4JS
CacheControlHeader
X-CACHE-KEY
X-Vc
X-RateLimit-Reset
X-Be
X-B3-Spanid
X-TH-Server
X-CSRF-TOKEN
X-Wikidot-Static-Cache
X-Wikidot-Backend
Hostname
X-TRACE-ID
X-Op-Id-All
X-HS-Status
Path
True-Client-Ip
Resin-Trace
X-Hyper-Cache
X-Srv
X-Air-Trace-Id
X-M-Log
X-CF-Lambda-Version
X-Alfa-Service
X-Air-Hostname
X-CF-Lambda-Fn
X-Vcl-Version
X-M-Reqid
X-Micro-Cache
GeoIP-Country-Code
X-GeoIP-Region-Code
Tcn
X-GeoIP-Country-Code
X-Air-Source
X-Air-Pt
WWW-Authenticate
X-Accel-Expires-Debug
X-App
Tracecode
X-Varnish-Beresp-TTL
X-Check-Cacheable
X-Qnm-Cache
Pramga
X-Date
X-SERVER-NAME
X-Vercel-Cache
X-RAMCache
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Vercel-Id
X-Akamai-Pragma-Client-IP
C-Via
NtCoent-Length
X-CLOUD-TRACE-CONTEXT
X-Cache-Ttl
X-LiteSpeed-Cache-Control
X-TrackingId
X-Edge-POP
X-FPC
Proxy-Connection
X-Old-Content-Length
N-Cache
X-Datacenter
YJS-ID
X-Webkit-Csp-Report-Only
Yjs-Id
X-Geo
X-PAYTM-SRV-ID
X-WA
Hit
On-Server
Powered-By
X-Mly-Id
Fastcgi-X-Cache-Version
X-Platform
Esi-Enabled
X-Via-CDN
FSS-Cache
X-Platform-Router
X-Yandex-Sdch-Disable
X-Platform-Cluster
X-Platform-Processor
X-API-Version
Server-Id
User-Agent
X-ServedByHost
X-Response-By
X-Lb-Id
ENV
Lb
X-Dw-Trace-Id
X-Cdn-Forward
X-Via-PopH
X-Vtex-Remote-Cache
HIT
X-Via-PopN
X-Via-PopV
X-Vtex-Processado-Em
X-Client-Ip
X-Edge-Origin-Shield-Bytes
X-Node-Id
X-UA
X-Webstats-RespID
GeoIP-Latitude
X-Location
X-Edge-Origin-Shield-Region
X-AIR-PT
X-Traceid
X-FORWARDED-FOR
X-SD-PageType
X-LI-UUID
X-FL-EDGE
X-From
Srvid
Locid
Cdn
X-Instance-Name
X-Request-Start
X-CUA
X-Varnish-Authentication
X-Director
X-LAGOON
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-LI-Proto
X-Akamai-ERPolicy
Dnion-Transfer-Encoding
Geoip-Latitude
X-Li-Fabric
X-Li-Pop
X-Akamai-ERRuleID
X-TT-LOGID
Sm-Log-Id
X-Service-Response-Time
X-Via-Ucdn
X-DB
X-Server-IP
X-RSL
X-DataCenter
Ohc-File-Size
X-RPM
X-DSS
X-DI
X-RPS
X-DW
Cache-Key
X-LiteSpeed-Tag
X-CF-Powered-By
X-Request-Url
Location
Nginx-CQVIP
XServer
X-Render-Time
PICS-Label
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
DynaTrace
X-Test
X-Fastly-Cache-Hits
X-PERF
Swift-Performance
X-HA-Backend
X-Proxy-Upstream
Uri
X-B3-ParentSpanId
X-ApacheServer
X-HostName
X-Cdn-Request-ID
Server-Ttl
X-Fastly-Backend-Reqs
X-Lb-Nocache
Wpo-Cache-Message
Wpo-Cache-Status
Vha6-Origin
X-Proxy-CacheRZ
Warning
X-Cache-Ngx
Wp-Super-Cache
CountryCode
XkeyRZ
X-Ips-Loggedin
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Fastcgi-Cache-Ttl
Req-ID
Cneonction
X-Serial
X-Th-Server
X-Cache-Expires
X-Cache-Backend
M-TraceId
X-Moov-Xdn-Version
CF-Cached-On
XM
SRV
X-Mg-Cache
X-HN
PFcat
X-Moov-T
WZWS-RAY
X-Proxy-Cache-Hk
X-ElasticPress-Query
X-VarnishDD-TTL
X-Yottaa-OS