Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-Id
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
P3p
X-Proxy-Cache
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
X-Ua-Compatible
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Cf-Apo-Via
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Server-Id
X-Ruxit-JS-Agent
EagleEye-TraceId
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Cache-Spec
X-Cache-Lookup
X-Content-Security-Policy-Report-Only
X-HW
Accept-Ch-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
Content-Location
X-Mcache
X-Content-Type
X-MS-InvokeApp
X-Url
Accept-CH-Lifetime
X-Clacks-Overhead
X-CST
X-Vname
X-PC
X-TtlSet
X-Amz-Server-Side-Encryption
X-Midtier
Rating
X-Litespeed-Cache
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-Kinja-Revision
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
Origin-Trial
X-Use-Magma
Verso
X-Rack-Cache
X-VARITI-CCR
X-Server-Name
X-Ac
X-Powered-By-Plesk
X-GitHub-Request-Id
Service-Worker-Allowed
X-ECACHE
X-Cnection
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-Navigation-Version
Xkey
X-Abt-Application-Version
X-Ttl
Edge-Control
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-Upstream
X-B3-TraceId
Arr-Disable-Session-Affinity
X-NWS-LOG-UUID
X-Cached
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Mg-S
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Varnish-TTL
X-Px
X-Cache-Key
Display
X-Middleton-Display
Pagespeed
X-Sol
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
Edge-Cache-Tag
X-Forwarded-For
X-Country-Code
X-Goog-Hash
X-NF-Request-ID
Content-MD5
TCN
X-Powered-CMS
X-Id
Front-End-Https
X-Correlation-Id
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
AR-CACHE
Public-Key-Pins
X-RateLimit-Remaining
X-Ser
X-Version
Accept-Ch
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-MSEdge-Ref
X-T
X-Content-Digest
X-Recruiting
X-Ratelimit-Limit
X-Amzn-Trace-Id
X-Middleton-Response
Response
X-Accel-Expires
TP-L2-Cache
TP-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
X-Daa-Tunnel
S
Nginx-Cache
Cache-Status
X-Webkit-Csp
X-XRDS-Location
X-Request-Received
X-Request-Processing-Time
Server-Node
Cache-Tags
X-B3-TraceId-Primal
MRF-Tech
X-HS-Cache-Config
Mrf-Cache-Status
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Distributor
X-Hits
X-PressLabs-Stats
Cross-Origin-Opener-Policy
X-Edge-Location-Klb
X-LB-Cache
X-Kinsta-Cache
X-Origin-Server
X-Ua-Browser
X-Ratelimit-Remaining
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Ezoic-Cdn
Fastcgi-Cache
X-Fastly-Request-ID
Alternate-Protocol
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Fastcgi-Cache
X-Grace
Filterid
Server-Name
X-Ratelimit-Reset
X-Hostname
X-Frontend
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Microsite
X-Geo-Country
X-Rid
X-LLID
Healthy
X-FB-Debug
X-Varnish-Backend
X-Logged-In
Cleartype
X-Git-Hash
X-Protected-By
Payment
X-Debug-Info
X-Forwarded-Proto
X-Page-Id
X-Www-Served-By
X-Load-Cache
X-Cluster-Name
X-NGENIX-Cache
DC
X-DataDome
Realpath
X-ASPNET-VERSION
X-ECache
MS-Author-Via
X-TTL
Content-Disposition
X-Origin-Cache
Access-Control-Allow-Method
Charset
X-B3-Sampled
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
X-Proxy
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Az
X-AppVersion
X-Activity-Id
X-F-Cache
X-Seen-By
X-Cache-Age
X-Amz-Meta-S3cmd-Attrs
X-B3-Traceid
X-Amz-Replication-Status
X-Azure-Ref
Paypal-Debug-Id
Cross-Origin-Resource-Policy
X-Type
X-Fb-Rlafr
Count-Hit
X-Whom
X-Revision
X-B
Viewport
X-Contextid
Surrogate-Key
X-Akamai-Edgescape
Retry-After
X-Varnish-Server
X-Wix-Request-Id
X-Aspnetmvc-Version
X-App-Environment
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Request-Guid
X-Route-Name
X-Flags
X-Providence-Cookie
X-Hosted-By
Accept-Charset
X-TT
X-Signature
X-B-Cache
Amp-Access-Control-Allow-Source-Origin
X-Times
X-DynaTrace
X-Language
X-VCache
X-Source
X-Cache-Control
X-App-Server
X-Mobile
X-Envoy-Decorator-Operation
X-Goog-Storage-Class
X-Magnolia-Registration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Varnish-Grace
Host
Referer-Policy
X-Server-ID
Version
WPO-Cache-Status
WPO-Cache-Message
X-Cache-Rule
X-Fastly-Request-Id
X-N
Refresh
X-Varnish-Ttl
X-HTML-Minification-Powered-By
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Response-Served-From
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Varnish-Age
X-Tumblr-User
X-Tumblr-Pixel
X-Cache-Time
X-Original-Request-Id
Access-Control-Request-Headers
X-EdgeConnect-Cache-Status
X-Rule
X-Cache-Status-Check
X-User-Agent
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
Ms-Operation-Id
X-Framework
MS-CV
Protected
SD-X-WS
X-Cache-Grace
VIX-Pulpo-Node
X-RTag
X-G
X-Tt-Trace-Host
X-Jobs
X-Tt-Trace-Tag
X-UUID
From-Origin
X-FW-Dynamic
X-FW-Static
GEO-INFO
X-FW-Type
CDN-RequestId
Akamai-GRN
X-RemovedCookies
X-FW-Hash
X-FW-Server
X-Amzn-RequestId
X-Environment-Context
Section-Io-Cache
X-Content-Powered-By
X-ProcessESI
X-FW-Serve
X-Status
X-Backend-Name
X-FW-Version
X-Amz-Apigw-Id
X-L-Path
X-Page-View
X-Cache-Expired-At
X-Nginx-Cache
X-Akamai-Request-ID2
X-Instance
X-Device-Type
X-XRDS-LOCATION
X-Http-Reason
X-Is-Bot
X-Drupal-Cache-Contexts
X-Rendered-As
X-Drupal-Cache-Tags
X-NYM-Debug-Backend
X-RateLimit-Limit
X-Region
X-Adobe-Loc
X-Trace-Id
Url
NGB
X-Servername
X-Adobe-Content
SRV
Front
X-Unique-Id
X-CDN-Forward
X-Template
Accept-Language
X-Debug-IsPreview
X-Debug-IsConnected
X-Content-Options
Backend
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Hit
X-Newrelic-App-Data
Fastly-SIE
Fastly-SWR
Liferay-Portal
X-Air-Trace-Id
X-Zen-Fury
X-Air-Hostname
X-Air-Source
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Country
X-DynaTrace-JS-Agent
X-Time
X-Mode
X-COUNTRY
Content-Secure-Policy
X-Cache-Operation
X-Rocket-Nginx-Serving-Static
Node
X-Tb
X-Uri
X-Content-Age
X-RN-RSRV
X-Proxy-Cache-Info
X-Tumblr-Pixel-2
Filters
X-IPS-LoggedIn
Onion-Location
S-Rt
Webserver
Meta-Geo
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Real-IP
X-Cache-Server
X-Generation-Time
Uber-Trace-Id
X-Amzn-Remapped-Content-Length
X-PHP-Backend
Azure-RegionName
CF-IPCountry
Azure-InstanceId
X-Format
Selected-Fe
X-Section
X-Edge-Location
X-Timing-Wait
Azure-Version
X-Web-Node
Azure-SlotName
Azure-SiteName
X-Access
Cache-Hits
X-Locale
X-Proxy-Build
X-Forwarded-Host
X-Skip-Cache
Property-Id
Webcakes-Region
X-Cache-Action
X-Cluster-Node
Cache-Name
X-Site-Version
X-Server-W
TWC-Connection-Speed
X-Proto
X-Ms-Request-Id
Webcakes-App-Version
X-Labrador-Cache-Channel
X-Ms-Version
X-Varnish-Beresp-Grace
X-Origin-Hint
TWC-GeoIP-LatLong
X-PHP-Host
X-Tumblr-Pixel-3
X-Say-Cacheable
X-Sucuri-ID
X-Origin-Date
X-Say-TTL
X-SayCDN-TTL
ServedBy
TWC-Device-Class
TWC-Privacy
X-Sucuri-Cache
TWC-Locale-Group
TWC-GeoIP-Country
X-Soup
Webcakes-App-Name
X-Tt-Logid
X-Proxied
Cross-Origin-Window-Policy
X-Reqid
X-Routing-Service
X-Sql-Count
DB-Nickname
X-Sql-Duration-Ms
X-Handled-By
X-Cache-Host
Web-Mar-Node
X-Debug
X-Extlb
ServerID
X-UA-Device-Type
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Cms-Context
X-Ua
X-Zipkin-Id
X-Via-Fastly
X-VC-Cache
X-FB-TRIP-ID
X-IPLB-Instance
X-IPLB-Request-ID
X-AWS-Id
X-ARC
X-Proxy-Cache-Status
X-Cache-TTL-Remaining
Mn-Server-Ip
X-Cluster
X-Node-Name
X-JoinUs
X-Adobe-Source
X-Ruxit-Js-Agent
Apigw-Requestid
X-SaId
X-VWS-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LAGOON
Countrycode
X-LJ-Flow-ID
Locale
Cache-Tv-Group
X-Detected-As
X-Optimistic-Header
X-No-Session
WP-Super-Cache
X-Xfnlog-Site
X-App-Version
X-Tec-Api-Origin
X-WP-CF-Super-Cache-Cache-Control
X-LSADC-Cache
Fastcgi-Useragent
X-GeoCountry
X-Tec-Api-Version
X-WP-CF-Super-Cache
X-GeoCode
X-Tec-Api-Root
Mime-Version
X-Director
X-Oneagent-Js-Injection
X-TIME
X-Varnish-Hits
X-Buckets
Upgrade-Insecure-Requests
CDN-CachedAt
X-GEO
X-Hl-Ver
CDN-Cache
CDN-EdgeStorageId
Source
CDN-RequestCountryCode
CDN-Uid
CDN-PullZone
X-Generated-By
Fastly-Drupal-HTML
Frame-Options
X-Mg-Request-UUID
X-Request-Time
X-Redis-Cache
X-Webkit-CSP-Report-Only
X-FireWall-Port
CF-Cached-On
X-Api-Version
X-Varnish-Cache-Hits
Xet-Cookie
X-Loop
X-TA-CDN-Provider
X-Origin-TTL
X-Tx-Id
X-Origin-CC
X-URL
X-Correlation-ID
X-Cache-Debug
X-RM-Cache-TTL
X-ServerID
X-Varnish-Hostname
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Load-Balancing
X-Datadog-Sampled
X-Akamai-Transformed
X-SRV
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Pass-Why
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-TNCMS
X-Pubstack
X-Served-From
X-Newrelic-Synthetics
X-Service
X-Endurance-Cache-Level
X-Request-Host
X-CSRF-Token
Xserver
X-Storage
X-Location
Server-Info
Thinkindot-Control
Thinkindot-CacheControl-Type
Rendered-Blocks
X-Httpd
DSUID
Thinkindot-CacheControl
TDXMobile
Edge-Cache
X-CMSURLCustom
X-Cache-Info
X-External-Request-Id
Host-ID
X-Origin-Time
T-Server
X-Cdn-Origin
Release
Server-Host
Sslversion
A
X-Hash
X-Mobile-URL
X-WP-CF-Super-Cache-Active
X-Level-Front-Cache
X-Restarts
X-Loc
X-Men
X-Mid
X-Cache-NE
X-Gdpr
BehaviorPad-Version
Surrogated-Key
Redirect-Candidate
Cache-Host
X-Conf
X-Generated-On
X-INCAP-ABP
DCR-Processing-Time-Ms
DCR-Decision-By
Gannett-Cam-Experience-Id
X-Nyt-Route
X-Origin
X-ScT
Ngx.Var.Host
X-TIM-N
X-Thinkindot-L3
NM-Fastcgi-Cache
Odigeo-Trace-Id
Origin
X-Developer
X-Thanos
X-Test
X-A-Wwc
X-Sn-Servicetimems
X-Platform-Cluster
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-A-Dgt
X-Vdms-Path
X-Vdms-Version
X-CUA
WWW-Authenticate
X-Bc-Bl
X-We-Are-Hiring
Xc-Version
X-BCube-Filmed-By
X-Bip
X-D
X-Destination
X-A-Dcw
X-A-Dam
X-A-Ccd
X-B-Cookie
X-A
X-Sigma-Backend
X-SRCache-Key
X-Rocket-Build-Number
Lang
X-Rojux
X-S-Cookie
X-Core-Mission
X-S-Maxage
X-Cache-Date
X-Ec-Fail
X-Platform-Router
X-Platform-Processor
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Processor
Candidate-Md5Url
X-S
X-Akamai-Device-Characteristics
MD5-Digest
X-Aed
X-Sigma
Meta-Geo-Continent
Memcached
X-Application
Country-Code
Is-Eu
X-Geo-Header
X-Fetched-On
Platform
Req-Svc-Chain
X-GeoIP-City
CloudFront-Viewer-Country
X-GeoIP
X-Esi-Check
Magicmarker
X-Dispatcher-Number
X-Dispatcher-Server
X-Developers
X-Fastly-Cache
X-Fastly-Backend
X-Gamma-Serve
Gh-Request-Id
Fastly-GeoIP-CountryCode
Mail-Subject
Fastly-Backend-Name
X-Date
X-Ec-Custom-Error
X-Platform
X-Auto-Login
X-Scale
X-Ad-Defer-Variation
X-Accel-Expires-Debug
X-SD-PageType
X-Request-Start
X-Region-Sid
X-Worker
Section-Io-Id
X-Varnish-Beresp-Ttl
X-Pool
X-Cache-Id
X-Server-IP
X-Slack-Backend
We-Hiring
X-Varnishpool
X-Vmg-Version
X-VServer
X-BBC-Edge-Cache-Status
Vix-Hermes-Req-Id
X-Varnish-Beresp-Status
X-Slack-Shared-Secret-Outcome
X-Cache-Bucket
X-Var-Ttl
X-Variation
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Apple-News-Services-Handled
Apple-News-Services-Host
AKAMAI
Adler-Geo
X-Cdn-Srv
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CacheControlHeader
X-Has-Esi
Cache-Key
C-Via
X-HS-Content-Campaign-Id
X-Human
X-Org
X-NodeID
X-Origin-Expires
X-Origin-Response-Time
Section-Origin-Responded
X-Node-Id
X-Mvc-Supplant-Cachable
X-Instance-Name
X-Is-Gdpr
X-JWT-State
X-CacheTTL
X-Gzip
X-Parent-Response-Time
X-Air-Pt
Environment
X-Provided-By
Click-Count-Error
X-VarnishDD-TTL
Cmsid
Cmstype
X-VG-TLSProxy
Click-Count-Action-Start
X-WADP-Cache
X-Wix-Viewer-Type
Tube-Get-Contents
X-WA-Info
Tube-Got-Eval
X-Azure-Ref-OriginShield
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Response-By
X-Varnish-CookieHashed-On
X-Req
Tube-Got-Results
Tube-Return
X-DefElseHash
X-DefHash
X-V-Cache
X-Cache-FS-Status
X-GeoIP-Region-Code
X-Clara-WADP
X-HN
X-Irp-Debug
X-GeoIP-Country-Code
X-Frame-Option
X-Device-Os
X-FC-Vary-Parameters
X-Fmm-Version
X-Forwarded-Site
X-Mly-Id
X-NCache
X-Planisys-CDN-TTL
X-App
X-Qloud-Router
X-Core-Value
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Cache-Tags
X-Nginx-Cache-Key
X-Op-Id-All
X-Owner
X-Release
X-Accel-Buffering
Origin-CC
On-Server
Origin-EX
PFcat
Ssr
Machine
Kp-EeAlive
Cache-Provider
Canary
Datacenter
HostName
State
L
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
Web-Mar-Region
X-B3-Spanid
Producers
L5d-Success-Class
X-Ckpd-Fst-Backend
NGX
X-Eu-Site
X-LB-NoCache
Ha-Gx-Prefs
X-Aicache-OS
X-Platform-Server
X-Hnp-Log
X-Old-Content-Length
CDCHOST
X-SB
X-Block-Status
Fastly-SSL
X-Gen-Mode
X-FL-EDGE
HA-Ipaddr
Expect-Staple
Sever-Int
Server-Ext
Server-Hostname
Srvid
User-Cache-Control
X-Csrf-Jwt
X-DPWN-IS-SECURE
X-CGP
X-FL-QIT-DEBUG
Locid
X-Zone
X-Via-CDN
X-CACHE-AGE
X-NWS-UUID-VERIFY
X-Tb-Optimization-Total-Bytes-Saved
X-Vcl-Version
X-Nananana
X-Minions-Version
X-Microcachable
X-Cache-Remote
X-Mvc-Supplant-OutputCached
X-Cache-Backend
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
Cluster
X-VC
X-From
Pics-Label
X-Dc
GeoIP-Latitude
X-Refresh
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Tid
X-Up
X-Cache-Enabled
X-ND-Cache
X-RCS-CacheZone
Env
X-Trace-ID
NtCoent-Length
X-DC
X-Generated-In
X-Cached-By
X-Lambda-Id
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Srv
SID
X-Via-Poph
X-Via-Popn
X-Edge-Pop
Memory
X-Servedbyhost
Sid
X-Via-Popv
Time
X-Cs
X-VCT
X-Webkit-CSP
Cache
X-HS-Status
X-DataCenter
CPC-Age
VNS-Cache
Svr
CPC-Cache
X-Vtex-Remote-Cache
X-Render-Time
VNS-Age
X-Nf-Request-Id
X-AIR-PT
X-Presslabs-Stats
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
Fastly-Drupal-Html
X-LB-ID
X-HA-Backend
X-Nc
X-Esi
X-Wa
X-Upstream-Ht
X-Upstream-Ct
X-B3-SpanId
X-CLOUD-TRACE-CONTEXT
X-CCDN-Origin-Time
X-NewRelic-App-Data
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Server-ID
X-TH-Server
X-Cache-Type
X-Client-Ip
Cdn
X-ATG-Version
GeoIp-Country-Code
X-ZONE
X-Vc
X-Via-JSL
X-Fpc
X-Contensis-Viewer-Groups
X-Varnish-Authentication
AMP-Access-Control-Allow-Source-Origin
Uri
X-Cache-ASPX
X-Proxy-CacheRZ
X-Check-Cacheable
XkeyRZ
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Gateway-Cache-Key
True-Client-IP
X-AK-Request-ID
X-Amz-Meta-Cb-Modifiedtime
Cdnsip
Cdncip
X-Gateway-Skip-Cache
XServer
Hostname
Esi-Enabled
Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Via-NSCOPI
X-RateLimit-Limit-Second
M-TraceId
X-Varnish-Beresp-TTL
X-RateLimit-Remaining-Second
X-PAYTM-SRV-ID
X-NGINX-Cache
X-CS
X-MP-GENERATED-AT
X-EC-Lua
True-Client-Ip
X-API-Version
X-MSEdge-Flight
X-MSEdge-Features
X-CSRF-TOKEN
X-Udemy-Cache-App-Namespace
OT-Force-Account-Verify
N-Cache
Eomportal-Instance
X-CDN-Cache-Status
X-Wikidot-Static-Cache
X-FPC
X-Wikidot-Backend
Resin-Trace
YJS-ID
X-Datadome
RNT-Time
X-Forwarded-Path
X-Bl-Debug
X-Fastly-Country-Code
RNT-Machine
CDN
X-Orig-Expires
X-Shop-Environment
X-Tenant
Request-ID
X-APP-VERSION
Lb
GeoIP-Country-Code
Ngx-Var-Key
X-Micro-Cache
Path
X-RateLimit-Reset
Server-Id
X-App-Name
IsBot
X-TX-ID
X-SIPLIST1
X-Cache-Ttl
X-B3-Trace-ID
X-Policy
Sm-Log-Id
X-Service-Response-Time
LB
X-Request-URI
X-Cache-NGX
X-Ha-Backend
X-WA
X-Accel-Version
X-MCACHE
X-VCL-Version
X-Datacenter
X-Lb-Id
X-Info
X-Vcache
X-Edge-POP
Cross-Origin-Opener-Policy-Report-Only
X-NC
Hit
X-Logging-Id
HIT
X-SERVER-NAME
Location
X-Cdn-Diag
X-Pod-Name
X-Container-Uri
Pramga
X-Git-Commit
X-Cdn-Cache-Status
Ohc-File-Size
X-Geo
X-Akamai-Pragma-Client-IP
X-Xrds-Location
X-Snapshot-Date
X-Srcache-Store-Status
Timeexpire
X-ServedByHost
X-Srcache-Fetch-Status
X-CACHE-KEY
FSS-Cache
ENV
X-Via-PopV
X-Via-PopH
X-Via-PopN
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
Yjs-Id
X-Oss-Server-Time
Proxy-Connection
X-Ctl-Mach
X-Tncms
X-VG-WebCache
XM
Req-ID
X-Cache-Expires
X-Iauth-Set-Uid
X-Cdn-Request-ID
Servername
Epwk-X-Cache
X-Oss-Hash-Crc64ecma
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Acquia-Purge-Cdn-Unconfigured
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
X-Serial
X-Hyper-Cache
X-UP
V-Age
True-Client-Country-4JS
WZWS-RAY
X-Amz-Meta-Opti
Geoip-Latitude
X-LiteSpeed-Cache-Control
X-Cdn-Forward
X-Rebelmouse-Cache-Control
Warning
X-M-Reqid
X-Rebelmouse-Surrogate-Control
X-MiniProfiler-Ids
X-M-Log
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Qnm-Cache
X-Acquia-Site
X-Acquia-Application-Trace
CDN-RequestPullSuccess
Ec-Rule-Version
X-WP-CF-Super-Cache-Cookies-Bypass
CDN-RequestPullCode
X-RAMCache
X-Lb-Nocache
X-Clientip
Cneonction
X-Swift-Error
X-Moov-T
X-Moov-Xdn-Version
Content-Style-Type
Content-Script-Type
X-Scheme
X-B3-Parentspanid
CountryCode
X-Lsadc-Cache
X-TT-LOGID
X-F-Status
Ohc-Cache-HIT
X-B3-ParentSpanId
PICS-Label
X-IPS-Cached-Response
Inserted-Into-Cache-At
X-LiteSpeed-Tag
Ngx
X-Cache-Ngx
X-Th-Server
X-TraceId
My-App
MIME-Version
X-Litespeed-Cache-Control
X-Webstats-RespID
Traceparent
X-Fastly-Cache-Hits
X-Mg-Cache