Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
X-Served-By
CF-Ray
X-Request-Id
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
X-Dns-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
Server-Timing
X-Drupal-Dynamic-Cache
X-DNS-Prefetch-Control
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-XSS-PROTECTION
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Ua-Compatible
X-Amz-Id-2
Request-Context
X-Backend
X-Cache-Group
X-Robots-Tag
X-Turbo-Charged-By
Cf-Edge-Cache
Keep-Alive
Host-Header
X-AH-Environment
X-Vhost
X-UA-Device
X-Hacker
X-Proxy-Cache
Allow
X-Server
X-Rq
X-Server-Powered-By
X-Ws-Request-Id
EagleId
X-Dispatcher
X-Age
X-Request-ID
X-Varnish-Cache
X-Amz-Version-Id
P3p
Nel
X-LiteSpeed-Cache
Grace
Cf-Apo-Via
Cf-Railgun
X-OneAgent-JS-Injection
X-Page-Speed
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-CST
X-Cache-Lookup
Accept-CH
X-Node
X-WebKit-CSP
X-Backend-Server
Surrogate-Control
Permissions-Policy
X-Server-Id
X-Nginx-Upstream-Cache-Status
X-Readtime
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
X-Nginx-Cache-Status
Xkey
X-Application-Context
Request-Id
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-Response-Time
X-Content-Security-Policy-Report-Only
X-HW
X-Trace
Content-Location
X-Edge
X-Clacks-Overhead
X-Mod-Pagespeed
Rating
X-Url
X-Midtier
X-ESI
X-Amz-Server-Side-Encryption
Cache-Tag
X-ECACHE
X-Powered-By-Plesk
X-Rack-Cache
Service-Worker-Allowed
X-Mcache
X-Country
X-MS-InvokeApp
Accept-Ch
X-D2id
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Vcap-Request-Id
Edge-Control
X-Kinja-CCPA
X-Element-Page-Cache
X-Upstream
Verso
X-Country-Code
Origin-Trial
Accept-Ch-Lifetime
RTSS
X-Ac
X-Vname
X-TtlSet
X-PC
X-Goog-Hash
X-Abt-Application-Version
X-Navigation-Version
X-Browser-Type
X-VARITI-CCR
X-Cache-TTL
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
Fastly-Restarts
X-Amz-Rid
X-Aspnetmvc-Version
Cross-Origin-Opener-Policy
X-Varnish-TTL
X-Litespeed-Cache
X-Webkit-CSP
X-GitHub-Request-Id
X-Server-Name
X-Cached
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-Times
X-Server-ID
Pagespeed
Pinterest-Generated-By
Pinterest-Version
X-Middleton-Display
X-Pinterest-Rid
X-Sol
Display
X-Ruxit-Js-Agent
SPRequestGuid
X-SharePointHealthScore
X-Ttl
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cache-Key
SPIisLatency
SPRequestDuration
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-Content-Type
X-Client-IP
X-WebKit-CSP-Report-Only
X-Powered-CMS
Arr-Disable-Session-Affinity
X-Version
X-Cnection
X-B3-Traceid
X-Ser
X-FastCGI-Cache
Nginx-Cache
X-Mg-S
X-Middleton-Response
Response
X-Accel-Expires
Cache-Tags
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-T
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-CACHE
X-RateLimit-Remaining
Cache-Status
X-NF-Request-ID
X-Fastly-Request-ID
X-Hits
X-B3-TraceId
Edge-Cache-Tag
Public-Key-Pins
X-Daa-Tunnel
X-Px
S
X-MSEdge-Ref
X-Recruiting
X-Shield-Request-Id
Front-End-Https
X-RateLimit-Limit
X-LLID
X-Frontend
Payment
Content-MD5
Server-Node
X-Ua-Browser
X-Request-Received
X-Request-Processing-Time
X-Goog-Metageneration
Mrf-Cache-Status
X-GUploader-UploadID
X-Content-Digest
X-B3-TraceId-Primal
MRF-Tech
X-Amz-Apigw-Id
X-Amzn-RequestId
MicrosoftSharePointTeamServices
Access-Control-Request-Method
X-Webkit-CSP-Report-Only
X-DIS-Request-ID
X-Protected-By
X-TTL
X-Forwarded-For
Realpath
TP-Cache
X-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Distributor
X-FB-Debug
X-PressLabs-Stats
Fastcgi-Cache
Count-Hit
Accept-Charset
Access-Control-Allow-Method
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-Cluster-Name
X-Page-Id
X-Rid
X-LB-Cache
X-Fastcgi-Cache
X-Kinsta-Cache
X-Xrds-Location
X-Edge-Location-Klb
X-Aspnet-Version
X-Ua-Device
Cross-Origin-Resource-Policy
X-Ratelimit-Remaining
X-B3-Sampled
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Geo-Country
X-Hostname
X-App-Server
TP-L2-Cache
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Correlation-Id
X-Varnish-Backend
X-Seen-By
X-Logged-In
X-Git-Hash
X-Hosted-By
Cleartype
TCN
X-Ezoic-Cdn
X-Content-Options
Retry-After
Referer-Policy
X-Mobile
X-F-Cache
DC
X-Newrelic-App-Data
X-Forwarded-Proto
X-Fb-Rlafr
X-Aspnet-Duration-Ms
X-App-Environment
X-Flags
X-Is-Crawler
X-Revision
X-Request-Guid
X-Providence-Cookie
X-Route-Name
X-Contextid
X-Origin-Cache
X-Grace
X-Ratelimit-Limit
X-TT
X-Amz-Replication-Status
X-Erf-Stays-Pdp-Viaduct-Migration-Web
Surrogate-Key
X-Debug-Info
X-IPS-LoggedIn
X-Varnish-Grace
Frame-Options
X-Amz-Meta-S3cmd-Attrs
X-RateLimit-Reset
MS-Author-Via
X-Azure-Ref
Section-Io-Cache
X-Envoy-Decorator-Operation
X-Trace-Id
X-Magnolia-Registration
X-Www-Served-By
X-Proxy-Cache-Info
Filterid
X-App-Version
X-COUNTRY
X-AppVersion
X-Az
X-Activity-Id
X-Webkit-Csp
X-Wix-Request-Id
X-Language
X-Whom
Healthy
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Akamai-Edgescape
Charset
Server-Name
X-Varnish-Server
X-Origin-Server
Viewport
WPO-Cache-Status
WPO-Cache-Message
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Amp-Access-Control-Allow-Source-Origin
X-Datadog-Trace-Id
Alternate-Protocol
X-EdgeConnect-Cache-Status
VIX-Pulpo-Upstream-Status
X-Unique-Id
X-Signature
VIX-Pulpo-Node
X-Response-Served-From
X-Original-Request-Id
X-N
X-Akamai-Request-ID2
X-Cache-Rule
Paypal-Debug-Id
X-B-Cache
Host
Content-Disposition
X-Instance
X-Jobs
X-Mg-Request-UUID
X-Http-Reason
Country
X-Edge-Location
X-Cacheable-TTL
X-Nf-Request-Id
X-Cache-Grace
X-Region
X-B
X-User-Agent
X-UUID
From-Origin
X-Yottaa-Metrics
Front
X-Yottaa-Optimizations
X-ARC
X-Vcache
X-Environment-Context
X-DataDome
Fastly-SIE
Fastly-SWR
X-L-Path
SRV
X-Page-View
SD-X-WS
Protected
X-Backend-Name
X-Rule
X-Adobe-Loc
X-Adobe-Content
X-Cache-Time
X-Datadog-Sampled
X-FW-Version
X-RemovedCookies
X-ProcessESI
X-Rendered-As
X-Rocket-Nginx-Serving-Static
X-Status
X-Amzn-Remapped-Content-Length
X-Is-Bot
X-FW-Type
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Static
X-Framework
Akamai-GRN
X-Load-Cache
X-G
X-Debug-IsConnected
X-Debug-IsPreview
X-Time
X-WP-CF-Super-Cache-Cache-Control
X-Tumblr-Pixel
X-Proxy
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Type
X-WP-CF-Super-Cache
X-Varnish-Age
Access-Control-Request-Headers
X-ECache
X-CDN-Forward
X-Client-Ip
X-Tec-Api-Version
ServerID
Backend
X-Tec-Api-Root
X-Tec-Api-Origin
X-FTR-Request-ID
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Servername
Url
X-Httpd
Xet-Cookie
X-Nginx-Cache
X-Cache-Age
Refresh
X-Cache-Control
X-DynaTrace
Countrycode
X-Template
CF-IPCountry
Accept-Language
X-Drupal-Cache-Tags
X-NYM-Debug-Backend
X-DynaTrace-JS-Agent
X-Device-Type
X-Content-Powered-By
Webserver
X-Mode
X-Generated-By
X-Erf-Web-Scheduler
X-URL
X-Cache-Hit
Xserver
X-NGENIX-Cache
X-HTML-Minification-Powered-By
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Storage
X-CCDN-Origin-Time
X-Tt-Logid
Version
Cross-Origin-Window-Policy
Meta-Geo
Filters
X-SayCDN-TTL
X-Urbn-Context-Path
X-Say-TTL
S-Rt
OT-Force-Account-Verify
Load-Balancing
X-Rn-Rsrv
X-Loop
Locale
X-Content-Age
X-LAGOON
X-Rewrite-Enabled
X-Urbn-Site-Id
X-Cache-Operation
GEO-INFO
X-UPSTREAM-Address
X-Tncms
X-FB-TRIP-ID
X-Soup
X-GeoCountry
DB-Nickname
X-JoinUs
X-XRDS-LOCATION
X-Say-Cacheable
X-SaId
X-Director
X-GeoCode
X-Cluster-Node
Onion-Location
X-Cache-Action
X-Fetched-On
X-Container-Uri
X-ServerID
X-MCACHE
X-RM-Cache-TTL
X-Varnish-Cache-Hits
X-Forwarded-Host
X-Git-Commit
X-Skip-Cache
Azure-InstanceId
X-VC-Cache
X-PHP-Host
X-Redis-Cache
Mn-Server-Ip
X-RCS-CacheZone
X-VCT
Web-Mar-Node
X-Sql-Count
X-Tb
X-Served-From
X-Adobe-Source
X-Lambda-Id
X-Labrador-Cache-Channel
X-Detected-As
Azure-RegionName
Azure-Version
X-Sql-Duration-Ms
Azure-SiteName
X-Ms-Version
Azure-SlotName
X-Ms-Request-Id
Property-Id
X-Routing-Service
X-Zipkin-Id
Node
X-Proxy-Build
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Origin-Hint
Webcakes-Region
X-Extlb
X-Logging-Id
X-Proxied
TWC-Locale-Group
X-Varnish-Hostname
TWC-Connection-Speed
TWC-Device-Class
X-R9-Blue-Green-Version
TWC-GeoIP-LatLong
X-Timing-Wait
Selected-Fe
TWC-GeoIP-Country
X-Source
X-Cache-Server
X-Tumblr-Pixel-2
X-Endurance-Cache-Level
X-Format
X-Tumblr-Pixel-3
X-Uri
X-B3-SpanId
Fastcgi-Useragent
X-Generation-Time
X-Debug
Uber-Trace-Id
Source
X-Proto
X-LSADC-Cache
X-Zen-Fury
CDN-RequestId
X-Ua
X-S
NGB
X-XRDS-Location
X-Sucuri-ID
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Sucuri-Cache
X-TraceId
X-TimeS
X-Origin-CC
X-Origin-TTL
X-Newrelic-Synthetics
Upgrade-Insecure-Requests
X-Real-IP
X-AB
X-Pass-Why
X-Handled-By
X-Ratelimit-Reset
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-MP-GENERATED-AT
X-Varnish-Hits
X-Akamai-Transformed
MS-CV
Ms-Operation-Id
X-Drupal-Cache-Contexts
X-RTag
X-Optimistic-Header
X-Cache-Expired-At
X-Xfnlog-Site
X-Cms-Context
Fastly-Drupal-HTML
Apigw-Requestid
X-Restarts
X-Geo-Region
X-Origin-Date
X-Reqid
X-No-Session
X-LJ-Flow-ID
X-VWS-Id
X-Cache-Host
X-AWS-Id
ServedBy
X-GEO
X-ProxyCache-Status
X-ProxyCache-Key
Liferay-Portal
X-Tx-Id
X-BYPASS-REASON
WP-Super-Cache
X-Cluster
X-CACHE-AGE
X-Varnish-Ttl
X-Srv
CDN-Uid
CDN-PullZone
X-Cache-Type
CDN-RequestPullSuccess
X-IPLB-Request-ID
CDN-RequestPullCode
X-IPLB-Instance
CDN-RequestCountryCode
X-Fastly-Request-Id
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
Cache-Provider
X-Proxy-Cache-Status
X-Hl-Ver
X-Cache-TTL-Remaining
X-UA-Device-Type
X-Parent-Response-Time
W
X-Fastly-Backend
Lang
X-Debug-Cache-Store
X-A-Dgt
X-Debug-Cache-Fetch
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-Browser-Name
X-Is-Tablet
X-Tcp-Rtt
X-A-Wwc
Xc-Version
X-Micro-Cache
BehaviorPad-Version
X-App
X-Ec-GeoHdr
X-Epic-Correlation-Id
Cache-Name
DCR-Decision-By
Candidate-Md5Url
DCR-Processing-Time-Ms
X-Hash
X-Level-Front-Cache
X-Bc-Bl
X-Dispatcher-Number
X-BCube-Filmed-By
X-A-Ccd
X-Destination
X-Developer
X-A
Datacenter
Fastly-SSL
X-A-Dam
X-A-Dcw
X-Ec-Custom-Error
Web-Mar-Region
X-External-Request-Id
X-Ec-Fail
Gannett-Cam-Experience-Id
X-Generated-On
L
Magicmarker
Vix-Hermes-Req-Id
X-Application
X-S-Cookie
X-Vtex-Remote-Cache
X-Viewer-Country
X-Rojux
Ngx.Var.Host
X-Bl-Debug
Rendered-Blocks
X-Slack-Shared-Secret-Outcome
X-Request-Host
X-ScT
X-CSRF-Token
X-Vdms-Version
Redirect-Candidate
T-Server
X-Slack-Backend
X-Vdms-Path
Surrogated-Key
Odigeo-Trace-Id
Origin
Origin-Agent-Cluster
X-Conf
X-Aed
X-Vgn-Hpd-Reason
X-Owner
X-We-Are-Hiring
X-D
X-B-Cookie
MD5-Digest
Server-Host
X-Worker
X-CF-Lambda-Fn
X-CF-Lambda-Version
Sslversion
Meta-Geo-Continent
X-PAYTM-SRV-ID
N-Cache
True-Client-Country-4JS
X-Qloud-Router
X-SRCache-Key
X-Pool
X-Cache-NE
X-Node-Name
X-Via-JSL
X-TIME
X-Accel-Version
Fastly-GeoIP-CountryCode
CPC-Age
X-Cache-Info
CPC-Cache
Expect-Staple
X-Clientip
VNS-Age
X-Device-Os
Req-Svc-Chain
X-CGP
Esi-Enabled
Environment
Fastly-Backend-Name
NM-Fastcgi-Cache
L5d-Success-Class
X-Cache-Debug
X-Dispatcher-Server
X-DefElseHash
Is-Eu
X-Date
Machine
X-Cdn-Origin
Mail-Subject
X-CacheTTL
X-Cache-Bucket
X-Csrf-Jwt
Thinkindot-Control
HA-Ipaddr
X-CMSURLCustom
Platform
Producers
Ha-Gx-Prefs
X-Core-Mission
Host-ID
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Core-Value
X-DefHash
X-Old-Content-Length
X-Sorting-Hat-PodId
X-Sn-Servicetimems
X-Origin-Cache-Key
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Tenant
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Shopify-Stage
X-ShopId
X-Server-IP
X-SD-PageType
X-Request-Time
X-ShardId
X-Shop-Environment
X-Correlation-ID
X-Server-W
X-Test
X-Thanos
X-Alternate-Cache-Key
X-VServer
X-Vmg-Version
X-App-Name
X-Wikidot-Backend
X-ApacheServer
X-Wikidot-Static-Cache
X-VG-WebCache
X-VG-TLSProxy
X-Variation
X-Up
X-Thinkindot-L3
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnishpool
X-Varnish-Remaining-TTL
Cmstype
X-Refresh
X-From
We-Hiring
X-Forwarded-Path
X-Gdpr
X-Geo-Header
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GeoIP
Adler-Geo
AKAMAI
X-DPWN-IS-SECURE
CloudFront-Viewer-Country
Cmsid
Canary
VNS-Cache
X-FC-Vary-Parameters
X-Eu-Site
X-Bip
X-Human
X-Orig-Expires
X-Org
X-BBC-Edge-Cache-Status
X-Accel-Expires-Debug
X-PERF
X-Origin-Time
X-Pubstack
X-Nyt-Route
X-Mly-Id
X-Loc
X-Nananana
X-Nitro-Cache
X-Cache-Status-Check
X-NodeID
X-Upgrade-Enabled
X-Auto-Login
X-Block-Status
X-Mvc-Supplant-Cachable
X-Origin-Response-Time
X-Platform
X-Origin
X-Op-Id-All
X-Node-Id
X-Policy
X-RateLimit-Limit-Second
X-WADP-Cache
X-Wix-Viewer-Type
X-WA-Info
X-Var-Ttl
X-RateLimit-Remaining-Second
X-Nginx-Cache-Key
X-NCache
X-Fmm-Version
X-Forwarded-Site
X-Esi-Check
X-Clara-WADP
X-Cdn-Diag
X-Gen-Mode
X-Gzip
X-Mid
X-Irp-Debug
X-INCAP-ABP
X-Hnp-Log
X-Cache-Id
Server-Hostname
X-Datadome
Gh-Request-Id
Release
Server-Ext
Sever-Int
Server-Info
DSUID
Country-Code
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cf-Device-Type
CDCHOST
Ssr
X-Ah-Environment
Wxu-Next-Region
User-Cache-Control
Wxu-Next-Hostname
X-Accel-Buffering
Wxu-Next-Commit
X-Vcl-Version
X-B3-Spanid
X-Buckets
X-AIR-PT
C-Via
X-Section
NGX
X-Via-Fastly
X-Access
X-Instance-Name
Pics-Label
X-S-Maxage
X-Cache-Enabled
X-LB-NoCache
X-Cdn-Srv
X-Mvc-Supplant-OutputCached
AMP-Access-Control-Allow-Source-Origin
Server-ID
X-Amz-Meta-Cb-Modifiedtime
X-Dc
X-SIPLIST1
X-Presslabs-Stats
X-Zone
X-Varnish-Beresp-Grace
X-CACHE-GROUP
X-Varnish-Beresp-Ttl
Content-Secure-Policy
IsBot
X-API-Version
CF-Ctrl
X-WP-CF-Super-Cache-Active
X-HA-Backend
X-Akamai-Device-Characteristics
X-Frame-Option
X-FTR-Cache-Status
YJS-ID
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend
X-Country-Code-Real
Hostname
X-Platform-Cluster
Cache-Hits
X-Cached-By
Cdn-Requestid
X-Platform-Router
X-Platform-Processor
X-B3-Parentspanid
Memcached
Sid
X-Has-Esi
Memory
X-Is-Gdpr
Location
X-JWT-State
Time
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-SRV
X-TIM-N
X-Internal-Host
X-Hyper-Cache
X-Fpc
X-Scale
Origin-EX
X-Service
X-Wp-Cf-Super-Cache-Active
X-Tb-Optimization-Total-Bytes-Saved
X-Webstats-RespID
X-LiteSpeed-Cache-Control
Origin-CC
X-DC
X-Cs
X-VC
X-Backend-Instance
X-ZONE
X-TA-CDN-Provider
X-NewRelic-App-Data
Epwk-X-Cache
X-DataCenter
LB
X-PHP-Backend
GeoIp-Country-Code
True-Client-Ip
Cdn-Host
X-NGINX-Cache
WZWS-RAY
X-Site-Version
Resin-Trace
X-Edge-Server
X-Webkit-Csp-Report-Only
Cdn-Request-Time
X-NMSegId
Req-ID
X-Request-URI
X-Locale
Uri
X-NODE
X-CSRF-TOKEN
X-Azure-Ref-OriginShield
X-Ad-Load-Variation
GeoIP-Country-Code
X-VCache
X-Esi
X-ID
XServer
X-Nitro-Cache-From
GeoIP-Latitude
X-Nitro-Rev
X-Microcachable
Pramga
X-Scope-Id
True-Client-IP
X-Cache-Ttl
X-Request-Start
SID
X-M-Reqid
X-M-Log
NtCoent-Length
X-Datacenter
Cluster
Content-Script-Type
X-Shield-Cache-Expires
X-Vercel-Cache
X-Vercel-Id
Cache-Host
Content-Style-Type
Cdn
X-Origin-Expires
M-TraceId
Cache-Tv-Group
X-Geo
HostName
X-Info
X-Varnish-Beresp-Status
XM
X-WP-CF-Super-Cache-Cookies-Bypass
X-Github-Request-Id
X-Qnm-Cache
X-Cache-Date
X-Pad
X-VarnishDD-TTL
Fastly-Drupal-Html
X-Pod-Name
X-FPC
PFcat
X-TH-Server
X-HN
X-HostName
Tcn
WebServer
X-V-Cache
X-B3-Trace-ID
Click-Count-Error
X-Via-Poph
Tube-Return
X-Servedbyhost
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
Click-Count-Action-Start
Tube-Got-Results
Tube-Got-Eval
X-Cache-FS-Status
Tube-Get-Contents
X-Wa
X-Ad-Defer-Variation
X-Via-Popv
User-Agent
X-Nc
X-Via-Popn
CountryCode
X-Cdn-Request-ID
X-APP-VERSION
X-Api-Version
X-Web-Node
Cf-Ipcountry
V-Age
Locid
Srvid
X-Amz-Meta-Opti
X-LB-ID
Edge-Copy-Time
X-FL-QIT-DEBUG
X-FL-EDGE
A
Cdnsip
X-SB
MIME-Version
Priority
X-Men
On-Server
X-Via-CDN
X-Via-SSL
X-Via-Edge
X-Req
X-MSEdge-Flight
Edge-Cache
Cdncip
X-NWS-UUID-VERIFY
X-MSEdge-Features
X-AK-Request-ID
X-LiteSpeed-Tag
X-Branch-Name
X-CS
X-Vary
Ngx-Var-Key
X-VCL-Version
X-Wp-Cf-Super-Cache-Cookies-Bypass
XkeyRZ
X-Proxy-CacheRZ
X-ATG-Version
X-Moov-Xdn-Version
X-Varnish-Authentication
Path
X-Moov-T
X-FireWall-Port
Cache-Key
X-Contensis-Viewer-Groups
Yak-Timeinfo
X-Cache-ASPX
X-Akamai-Pragma-Client-IP
CDN
X-Air-Pt
X-UA
X-Provided-By
X-CACHE-KEY
Wpo-Cache-Status
X-Acquia-Site
Proxy-Connection
Wpo-Cache-Message
X-Render-Time
X-Fastly-Country-Code
Srv
X-Tim-N
X-Cdn-Forward
My-App
Geoip-Latitude
X-Fastly-Backend-Reqs
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Varnish-Director
X-Lb-Cache
Cache
X-User
Server-Id
X-Ha-Backend
X-Generated-In
Lb
X-Rebelmouse-Cache-Control
X-TT-LOGID
X-Rebelmouse-Surrogate-Control
PICS-Label
X-Dw-Trace-Id
Ohc-File-Size
X-Gamma-Serve
CF-Cached-On
X-Via-Ucdn
X-GeoIP-City
X-GoCache-CacheStatus
Cross-Origin-Embedder-Policy-Report-Only
X-Cdn-Cache-Status
Ohc-Cache-HIT
X-Lb-Nocache
X-CUA
X-EC-Lua
Type
Yjs-Id
X-Iplb-Instance
X-Upstream-Ct
X-Upstream-Ht
X-Iplb-Request-Id
X-Litespeed-Tag
X-Litespeed-Cache-Control
X-Cache-Remote
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Cneonction
Fusion-Source
Ngx
X-CDN-Cache-Status
X-Mg-Cache
X-Scheme
X-Serial
Log-Origin
Fusion-Content-Id
X-Miniprofiler-Ids
X-Check-Cacheable
X-Cached-Since
X-CF-Cache-Header-Vary
X-CF-Cache-Header-Cache-Control
X-Planisys-CDN-Cache
X-HS-Content-Campaign-Id
X-Udemy-Cache-App-Namespace
State
X-HS-Status
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Warning
X-ElasticPress-Query
Vha6-Origin
X-RAMCache
X-Platform-Server
X-Release
Fusion-Component-Id