Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-ID
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-Id
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
P3p
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Ua-Compatible
X-Via
Server-Timing
X-UA-Device
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
X-Proxy-Cache
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dns-Prefetch-Control
X-Dispatcher
X-Amz-Version-Id
Allow
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Apo-Via
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Ruxit-JS-Agent
X-Server-Id
EagleEye-TraceId
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
X-Cache-Spec
X-Backend-Server
Request-Id
X-Readtime
X-Cache-Lookup
X-HW
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Application-Context
X-Response-Time
Accept-Ch-Lifetime
Fastly-Restarts
Permissions-Policy
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-WebKit-CSP-Report-Only
Accept-CH-Lifetime
X-Mcache
Content-Location
X-Content-Type
X-CST
X-Url
X-MS-InvokeApp
X-Clacks-Overhead
X-Midtier
X-Country
Rating
X-Amz-Server-Side-Encryption
X-TtlSet
X-PC
X-Vname
X-Litespeed-Cache
RTSS
Cache-Tag
X-ESI
X-ECACHE
X-Vcap-Request-Id
X-D2id
X-VARITI-CCR
Origin-Trial
X-Element-Page-Cache
Verso
X-Server-Name
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Rack-Cache
X-Ttl
X-Ac
X-GitHub-Request-Id
X-Powered-By-Plesk
X-Cnection
Service-Worker-Allowed
X-Client-IP
X-B3-TraceId
SPRequestGuid
X-Amz-Rid
X-SharePointHealthScore
Xkey
X-Navigation-Version
X-Abt-Application-Version
Edge-Control
X-NWS-LOG-UUID
X-Cache-TTL
SPRequestDuration
SPIisLatency
X-Upstream
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Instrumentation
X-Cached
X-Server-Lifecycle-Phase
X-Mg-S
X-Px
X-Dw-Request-Base-Id
X-Cache-Key
X-Correlation-Id
Display
X-Middleton-Display
Pagespeed
X-Sol
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-NF-Request-ID
Access-Control-Request-Method
Edge-Cache-Tag
Content-MD5
X-Forwarded-For
X-Country-Code
X-FastCGI-Cache
X-Goog-Hash
Front-End-Https
X-Webkit-Csp
X-Powered-CMS
TCN
X-Version
X-Id
X-XRDS-Location
Public-Key-Pins
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-MSEdge-Ref
X-T
X-Content-Digest
X-Recruiting
Accept-Ch
X-Daa-Tunnel
X-Amzn-Trace-Id
X-RateLimit-Remaining
X-Accel-Expires
X-Ser
Response
X-Middleton-Response
X-Ratelimit-Limit
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
S
Nginx-Cache
MicrosoftSharePointTeamServices
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Cache-Status
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
Server-Node
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Fastcgi-Cache
Cache-Tags
X-Distributor
X-Ratelimit-Remaining
X-Hits
X-Kinsta-Cache
X-Edge-Location-Klb
X-LB-Cache
Fastcgi-Cache
Cross-Origin-Opener-Policy
X-Ratelimit-Reset
X-Ua-Browser
X-Origin-Server
Alternate-Protocol
X-Grace
Server-Name
X-Ezoic-Cdn
X-DIS-Request-ID
X-DataDome
X-Geo-Country
Filterid
X-Request-Handler-Origin-Region
X-Microsite
X-Rid
X-Fastly-Request-ID
Healthy
X-Protected-By
X-LLID
X-Git-Hash
X-Logged-In
X-Hostname
X-Debug-Info
Payment
X-PressLabs-Stats
X-Varnish-Backend
X-Frontend
X-Forwarded-Proto
X-Page-Id
Cleartype
X-Www-Served-By
X-FB-Debug
X-Origin-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Load-Cache
X-NGENIX-Cache
X-Cluster-Name
DC
MS-Author-Via
X-ASPNET-VERSION
Charset
Content-Disposition
Realpath
Access-Control-Allow-Method
X-B3-Sampled
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Upgrade-Enabled
X-GUploader-UploadID
X-Goog-Metageneration
X-Proxy
X-Activity-Id
X-AppVersion
X-Az
X-F-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Seen-By
X-Amz-Replication-Status
Retry-After
Cross-Origin-Resource-Policy
Paypal-Debug-Id
X-Contextid
Viewport
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Request-Guid
X-Providence-Cookie
X-Revision
X-Route-Name
X-Type
X-Flags
X-ECache
X-Whom
X-Oracle-Dms-Rid
X-Amz-Meta-S3cmd-Attrs
X-VCache
X-App-Environment
X-Wix-Request-Id
X-Hosted-By
Count-Hit
Accept-Charset
X-Oracle-Dms-Ecid
Amp-Access-Control-Allow-Source-Origin
Surrogate-Key
X-Azure-Ref
X-Signature
X-B-Cache
X-Fb-Rlafr
X-Server-ID
X-TTL
X-TT
X-Varnish-Server
X-B
X-DynaTrace
X-Akamai-Edgescape
X-COUNTRY
X-Aspnetmvc-Version
X-Language
X-B3-Traceid
X-Source
Referer-Policy
X-Cache-Control
X-App-Server
X-Mobile
X-Cache-Age
X-Goog-Stored-Content-Length
X-Fastly-Request-Id
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Magnolia-Registration
X-Varnish-Grace
Host
X-Tt-Trace-Host
X-Tt-Trace-Tag
Version
X-N
X-HTML-Minification-Powered-By
X-Times
X-Envoy-Decorator-Operation
SRV
X-Tumblr-Pixel
X-Cache-Rule
X-Tumblr-Pixel-0
X-Original-Request-Id
X-Tumblr-User
X-Tumblr-Pixel-1
X-Response-Served-From
X-RateLimit-Limit
Refresh
X-UUID
X-Rule
MS-CV
Section-Io-Cache
Ms-Operation-Id
X-RTag
X-Cache-Time
SD-X-WS
X-Varnish-Age
X-Framework
Access-Control-Request-Headers
X-Backend-Name
WPO-Cache-Message
Akamai-GRN
WPO-Cache-Status
GEO-INFO
X-Content-Powered-By
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-Cache-Expired-At
X-EdgeConnect-Cache-Status
X-RemovedCookies
X-ProcessESI
X-Page-View
X-FW-Hash
X-FW-Version
X-FW-Dynamic
X-Cache-Status-Check
X-Cache-Grace
X-Rendered-As
X-User-Agent
X-Trace-Id
X-Instance
X-Is-Bot
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
X-Device-Type
X-G
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Status
X-Servername
X-Akamai-Request-ID2
Protected
X-Adobe-Content
X-NYM-Debug-Backend
X-Adobe-Loc
X-Http-Reason
Url
CDN-RequestId
NGB
X-Jobs
X-Environment-Context
From-Origin
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Template
X-L-Path
X-CDN-Forward
X-Region
Front
X-Debug-IsConnected
X-Debug-IsPreview
X-Varnish-Ttl
X-Yottaa-Metrics
Accept-Language
X-Yottaa-Optimizations
X-Cache-Hit
X-Unique-Id
X-Nginx-Cache
Fastly-SIE
Fastly-SWR
X-Content-Options
Backend
Country
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Zen-Fury
X-Tb
X-TIME
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Liferay-Portal
X-Tt-Logid
X-Mode
X-Real-IP
X-Cache-Operation
X-XRDS-LOCATION
Content-Secure-Policy
X-RN-RSRV
Filters
Uber-Trace-Id
Webserver
X-Node-Name
X-UPSTREAM-Address
X-Generation-Time
Meta-Geo
X-Tumblr-Pixel-2
X-Cache-Server
X-Proxy-Cache-Info
X-Amzn-Remapped-Content-Length
X-Rewrite-Enabled
X-IPS-LoggedIn
X-Ms-Request-Id
X-Access
Cache-Hits
X-Ms-Version
Azure-Version
CF-IPCountry
Selected-Fe
Azure-RegionName
Azure-SiteName
X-Format
Azure-SlotName
Azure-InstanceId
X-VC-Cache
X-Timing-Wait
X-Rocket-Nginx-Serving-Static
X-Proxy-Build
X-Web-Node
X-PHP-Backend
X-Section
X-Sql-Count
X-Sql-Duration-Ms
X-Sucuri-Cache
ServedBy
X-UA-Device-Type
TWC-GeoIP-Country
X-Reqid
X-Debug
TWC-Device-Class
X-Soup
Cache-Name
X-Sucuri-ID
TWC-Privacy
TWC-Locale-Group
Onion-Location
Property-Id
Webcakes-App-Name
Webcakes-App-Version
X-Proto
X-Origin-Hint
X-Content-Age
Webcakes-Region
TWC-GeoIP-LatLong
X-Cluster-Node
Node
TWC-Connection-Speed
X-Say-Cacheable
X-Server-W
X-SayCDN-TTL
X-Say-TTL
X-PHP-Host
Web-Mar-Node
DB-Nickname
X-Labrador-Cache-Channel
X-Adobe-Source
X-R9-Blue-Green-Version
X-Locale
ServerID
X-LJ-Flow-ID
X-AWS-Id
X-Proxy-Cache-Status
X-ProxyCache-Key
X-ProxyCache-Status
X-IPLB-Instance
X-BYPASS-REASON
X-Handled-By
X-Cache-TTL-Remaining
X-Cms-Context
X-Cluster
X-Ua
X-IPLB-Request-ID
X-VWS-Id
X-Via-Fastly
X-Varnish-Beresp-Grace
X-Site-Version
X-Forwarded-Host
X-Detected-As
X-FB-TRIP-ID
X-Skip-Cache
X-SaId
X-LAGOON
X-JoinUs
X-No-Session
X-Cache-Host
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Cache-Action
Mn-Server-Ip
X-Newrelic-App-Data
X-Xfnlog-Site
X-Proxied
X-Edge-Location
WP-Super-Cache
Apigw-Requestid
X-Optimistic-Header
X-Zipkin-Id
X-Origin-Date
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Routing-Service
Cross-Origin-Window-Policy
X-Extlb
X-Tumblr-Pixel-3
S-Rt
Mime-Version
Fastcgi-Useragent
Countrycode
X-Buckets
X-GeoCountry
X-Ruxit-Js-Agent
X-Uri
X-GeoCode
X-LSADC-Cache
Source
X-App-Version
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-Uid
CDN-CachedAt
CDN-Cache
Fastly-Drupal-HTML
X-Time
X-Hl-Ver
Upgrade-Insecure-Requests
X-Director
X-ARC
X-Oneagent-Js-Injection
X-Request-Time
X-Generated-By
X-Varnish-Hits
X-GEO
Cache-Tv-Group
X-Tx-Id
X-Mg-Request-UUID
X-Cache-Debug
X-Redis-Cache
CF-Cached-On
Xet-Cookie
X-SRV
X-Origin-TTL
Frame-Options
X-Origin-CC
X-Loop
X-FireWall-Port
X-Pass-Why
X-Varnish-Cache-Hits
X-TNCMS
X-Akamai-Transformed
X-URL
X-Varnish-Hostname
X-RM-Cache-TTL
X-TA-CDN-Provider
X-CACHE-AGE
X-Newrelic-Synthetics
X-ServerID
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Datadog-Sampling-Priority
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-ShopId
X-ShardId
X-Service
X-Request-Host
X-Pubstack
Xserver
X-B3-Spanid
X-Endurance-Cache-Level
X-Served-From
Load-Balancing
X-Api-Version
X-NWS-UUID-VERIFY
T-Server
Candidate-Md5Url
TDXMobile
Server-Info
WWW-Authenticate
X-A
Thinkindot-Control
Thinkindot-CacheControl-Type
BehaviorPad-Version
A
Thinkindot-CacheControl
Cache-Host
Sslversion
Ngx.Var.Host
Odigeo-Trace-Id
Origin
Lang
X-A-Ccd
MD5-Digest
Memcached
Meta-Geo-Continent
Redirect-Candidate
Release
DSUID
Surrogated-Key
DCR-Processing-Time-Ms
Req-Svc-Chain
Rendered-Blocks
Host-ID
Gannett-Cam-Experience-Id
Edge-Cache
DCR-Decision-By
X-Epic-Correlation-Id
X-Processor
X-Platform-Router
X-Rocket-Build-Number
X-Rojux
X-S
X-Platform-Processor
X-Platform-Cluster
X-Mid
X-Location
X-Mobile-URL
X-Nyt-Route
X-Origin-Time
X-S-Cookie
X-S-Maxage
X-Vdms-Path
X-TIM-N
X-Vdms-Version
X-We-Are-Hiring
Xc-Version
X-Thinkindot-L3
X-Thanos
X-Sigma
X-ScT
X-Sigma-Backend
X-SRCache-Key
X-Test
X-Loc
X-Level-Front-Cache
X-Bip
X-BCube-Filmed-By
X-Cache-Date
X-Cache-Info
X-Cache-NE
X-BBC-Edge-Cache-Status
X-B-Cookie
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Aed
X-Application
X-CMSURLCustom
X-Conf
X-Gdpr
X-External-Request-Id
X-Generated-On
X-Httpd
X-INCAP-ABP
X-Ec-GeoHdr
X-Ec-Fail
X-CUA
X-D
X-Destination
X-Developer
X-A-Dam
X-Bc-Bl
X-Presslabs-Stats
X-Varnish-Beresp-Ttl
Section-Origin-Responded
Section-Io-Origin-Status
X-Storage
Section-Io-Id
X-Restarts
Section-Io-Origin-Time-Seconds
X-Fmm-Version
X-Fetched-On
Server-Host
Fastly-Backend-Name
X-Pool
Fastly-GeoIP-CountryCode
X-Worker
X-VServer
Mail-Subject
X-WP-CF-Super-Cache-Active
X-Ec-Custom-Error
X-Has-Esi
X-SD-PageType
NM-Fastcgi-Cache
X-Frame-Option
X-Geo-Header
X-GeoIP
X-WADP-Cache
X-Node-Id
Magicmarker
X-GeoIP-City
X-Mvc-Supplant-Cachable
X-Origin-Response-Time
Gh-Request-Id
X-Origin
X-Org
We-Hiring
CloudFront-Viewer-Country
X-Akamai-Device-Characteristics
Apple-News-Services-Handled
AKAMAI
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Varnish-Beresp-Status
Apple-News-Services-Request-Url
X-HS-Content-Campaign-Id
X-Clara-WADP
X-VG-TLSProxy
X-Vmg-Version
X-Varnishpool
X-Cdn-Srv
X-WA-Info
X-Human
X-Cache-Bucket
C-Via
X-Core-Value
CacheControlHeader
X-Is-Gdpr
X-JWT-State
X-Auto-Login
Cache-Key
X-Developers
X-Var-Ttl
X-Parent-Response-Time
X-Gen-Mode
X-Gzip
X-GeoIP-Region-Code
X-Hash
Server-Hostname
X-Hnp-Log
X-GeoIP-Country-Code
Sever-Int
X-HN
Wxu-Next-Hostname
X-App
X-Azure-Ref-OriginShield
X-Device-Os
X-Dispatcher-Server
X-Ad-Defer-Variation
X-DefHash
X-DefElseHash
X-Cdn-Origin
X-Cache-Id
X-Core-Mission
X-Block-Status
X-Esi-Check
X-Accel-Buffering
User-Cache-Control
Tube-Return
Tube-Got-Results
Tube-Got-Eval
Vix-Hermes-Req-Id
Web-Mar-Region
X-FC-Vary-Parameters
X-Forwarded-Site
Wxu-Next-Region
Wxu-Next-Commit
Tube-Get-Contents
Origin-EX
Datacenter
X-Scale
Country-Code
X-Sn-Servicetimems
Click-Count-Error
X-SB
X-Request-Start
X-Platform-Server
X-Qloud-Router
Environment
Server-Ext
Click-Count-Action-Start
X-SVT-ORM-RULES
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
Adler-Geo
X-Variation
X-SVT-ORM-VERSION
CDCHOST
Canary
Cache-Provider
X-Platform
X-Req
Origin-CC
PFcat
Machine
On-Server
X-Nginx-Cache-Key
NGX
X-Wix-Viewer-Type
X-Cache-Tags
X-NodeID
Platform
Kp-EeAlive
X-Op-Id-All
Is-Eu
X-Irp-Debug
X-Mly-Id
X-LB-NoCache
X-Old-Content-Length
L
X-NCache
X-Tid
X-NewRelic-App-Data
X-Ckpd-Fst-Backend
X-Eu-Site
X-Server-IP
X-Fastly-Backend
X-CGP
X-CacheTTL
X-Refresh
X-Region-Sid
X-Minions-Version
X-Gamma-Serve
X-Fastly-Cache
X-Slack-Shared-Secret-Outcome
X-Nananana
X-Dispatcher-Number
X-Slack-Backend
X-Csrf-Jwt
X-Date
X-DPWN-IS-SECURE
X-Men
Decoy-Debug-Status
X-Accel-Expires-Debug
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
State
Pics-Label
Producers
Cluster
Ssr
Decoy-Debug-TTL
Decoy-Debug-Key
Fastly-SSL
X-Cache-Backend
X-Cache-Remote
X-Origin-Expires
X-V-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-DC
X-Zone
X-Microcachable
X-Planisys-CDN-TTL
Cmsid
X-Owner
Cmstype
X-Instance-Name
X-Air-Pt
X-Webkit-CSP-Report-Only
X-CSRF-Token
X-Release
GeoIP-Latitude
X-Cache-FS-Status
X-Mvc-Supplant-OutputCached
X-Aicache-OS
Env
X-Tb-Optimization-Total-Bytes-Saved
X-Provided-By
X-RCS-CacheZone
X-Response-By
Memory
Time
Expect-Staple
X-Servedbyhost
X-Via-CDN
SID
X-FL-QIT-DEBUG
Locid
X-Up
X-FL-EDGE
Svr
X-Generated-In
X-From
X-ND-Cache
Srvid
X-Via-SSL
X-Via-Edge
X-Trace-ID
HostName
Edge-Copy-Time
X-DataCenter
X-Cache-Enabled
X-Edge-Pop
X-Vcl-Version
X-Vc
X-Nc
Cache
X-NGINX-Cache
X-Dc
NtCoent-Length
X-Cached-By
X-AIR-PT
X-Wa
X-HS-Status
X-VC
Cdn
X-Webkit-CSP
X-Debug-Cache-Fetch
X-Via-Poph
X-Srv
X-Debug-Cache-Store
X-Via-Popv
X-Via-Popn
Sid
Hostname
X-Esi
X-Lambda-Id
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
GeoIp-Country-Code
X-HA-Backend
X-Correlation-ID
X-ZONE
VNS-Age
X-Vtex-Remote-Cache
X-Render-Time
CPC-Cache
CPC-Age
VNS-Cache
X-CCDN-CacheTTL
Cdnsip
Cdncip
Server-ID
X-Hcs-Proxy-Type
X-Client-Ip
X-CCDN-Origin-Time
X-AK-Request-ID
X-VCT
X-Cs
X-Check-Cacheable
X-Amz-Meta-Cb-Modifiedtime
X-Gateway-Request-Id
Fastly-Drupal-Html
X-Gateway-Cache-Key
True-Client-IP
X-Gateway-Cache-Status
X-CSRF-TOKEN
X-Gateway-Skip-Cache
X-Via-NSCOPI
X-Via-JSL
X-API-Version
X-TH-Server
X-LB-ID
AMP-Access-Control-Allow-Source-Origin
X-Fpc
X-CS
X-Proxy-CacheRZ
XkeyRZ
X-Upstream-Ht
X-Upstream-Ct
X-Cache-Type
X-ATG-Version
X-Cache-ASPX
Eomportal-Instance
X-Contensis-Viewer-Groups
X-B3-SpanId
Uri
X-Varnish-Authentication
X-Nf-Request-Id
X-EC-Lua
OT-Force-Account-Verify
X-Micro-Cache
Esi-Enabled
Ngx-Var-Key
M-TraceId
X-Varnish-Beresp-TTL
X-MSEdge-Flight
Resin-Trace
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-RateLimit-Remaining-Second
X-CF-Lambda-Fn
True-Client-Ip
XServer
X-APP-VERSION
X-RateLimit-Limit-Second
X-MSEdge-Features
Srv
X-Udemy-Cache-App-Namespace
X-SIPLIST1
X-FPC
IsBot
X-Lb-Id
Path
X-Request-URI
X-Cache-NGX
X-Fastly-Country-Code
Request-ID
X-MP-GENERATED-AT
CDN
N-Cache
X-Info
X-VCL-Version
X-CDN-Cache-Status
YJS-ID
X-CLOUD-TRACE-CONTEXT
X-Forwarded-Path
X-Orig-Expires
X-Wikidot-Static-Cache
RNT-Time
X-Shop-Environment
GeoIP-Country-Code
X-Tenant
X-Wikidot-Backend
RNT-Machine
X-Bl-Debug
X-Datadome
Location
X-Service-Response-Time
X-Accel-Version
Sm-Log-Id
Server-Id
LB
X-TX-ID
X-App-Name
X-MCACHE
X-B3-Trace-ID
X-Policy
X-Pod-Name
X-Ha-Backend
X-Cdn-Request-ID
X-WA
X-Datacenter
X-RateLimit-Reset
X-Cache-Expires
X-Oss-Hash-Crc64ecma
Lb
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Edge-POP
Servername
Cross-Origin-Opener-Policy-Report-Only
X-Akamai-Pragma-Client-IP
X-Via-PopN
X-Via-PopV
X-Snapshot-Date
X-Via-PopH
Hit
Ohc-File-Size
X-SERVER-NAME
X-Cdn-Cache-Status
HIT
X-Geo
X-CACHE-KEY
X-Srcache-Store-Status
X-Cache-Ttl
FSS-Cache
X-Srcache-Fetch-Status
X-NC
Timeexpire
Epwk-X-Cache
Proxy-Connection
X-Logging-Id
X-Cdn-Diag
Pramga
X-Ctl-Mach
X-TraceId
X-Scheme
X-Moov-Xdn-Version
X-Moov-T
Traceparent
Yjs-Id
X-ServedByHost
ENV
X-Vcache
X-Amz-Meta-Opti
X-Git-Commit
Geoip-Latitude
X-PERF
X-Cdn-Forward
X-Hyper-Cache
X-Container-Uri
X-ApacheServer
X-LiteSpeed-Cache-Control
X-UP
X-Viewer-Country
Req-ID
X-Serial
X-Dw-Trace-Id
WZWS-RAY
X-Rebelmouse-Surrogate-Control
X-M-Log
X-M-Reqid
X-Rebelmouse-Cache-Control
X-MiniProfiler-Ids
X-Acquia-Site
X-Mg-Cache
X-VG-WebCache
XM
X-RAMCache
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Qnm-Cache
X-Fastly-Backend-Reqs
X-Swift-Error
Cneonction
Ec-Rule-Version
X-Lb-Nocache
Content-Style-Type
Content-Script-Type
X-B3-Parentspanid
X-Lsadc-Cache
X-TT-LOGID
X-F-Status
X-Wp-Cf-Super-Cache
CountryCode
X-Wp-Cf-Super-Cache-Cache-Control
Powered-By
X-Webstats-RespID
Ohc-Cache-HIT
X-Tncms
X-Vgn-Hpd-Reason
X-Litespeed-Cache-Control
X-Mid-Debug-Cache-Disk
X-NAPM-TraceId
X-Cache-Ngx
My-App
MIME-Version
X-LiteSpeed-Tag
Ngx
X-Th-Server
Warning
X-IPS-Cached-Response
X-Fastly-Cache-Hits
X-Request-URL
Inserted-Into-Cache-At
X-B3-ParentSpanId
X-Mid-Debug-Cache-Key