Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-Id
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
X-Proxy-Cache
Keep-Alive
X-Ua-Compatible
X-Server
X-Ws-Request-Id
X-Age
Host-Header
Cf-Edge-Cache
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
Cf-Apo-Via
X-Device
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Ruxit-JS-Agent
X-Server-Id
EagleEye-TraceId
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Cache-Spec
X-Backend-Server
Request-Id
X-Readtime
X-Cache-Lookup
X-HW
Accept-Ch-Lifetime
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Application-Context
X-Response-Time
Fastly-Restarts
Permissions-Policy
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-WebKit-CSP-Report-Only
X-Mcache
Content-Location
X-Content-Type
X-MS-InvokeApp
X-CST
X-Country
Accept-CH-Lifetime
X-Clacks-Overhead
X-Url
Rating
X-PC
X-Midtier
X-TtlSet
X-Vname
X-Amz-Server-Side-Encryption
X-Litespeed-Cache
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-VARITI-CCR
X-Element-Page-Cache
Origin-Trial
Verso
X-Server-Name
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-ECACHE
X-Kinja-Build
X-Rack-Cache
X-Ac
X-Powered-By-Plesk
X-Cnection
X-GitHub-Request-Id
Service-Worker-Allowed
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-Client-IP
Xkey
X-Navigation-Version
X-Ttl
X-B3-TraceId
X-Abt-Application-Version
Edge-Control
X-Cache-TTL
X-NWS-LOG-UUID
SPIisLatency
SPRequestDuration
X-Upstream
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Browser-Type
X-Cached
X-Mg-S
X-Dw-Request-Base-Id
X-Px
X-Cache-Key
X-Middleton-Display
Display
Pagespeed
X-Sol
X-FastCGI-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Correlation-Id
Access-Control-Request-Method
Edge-Cache-Tag
X-Forwarded-For
Content-MD5
X-Country-Code
X-Webkit-Csp
X-Goog-Hash
X-NF-Request-ID
Front-End-Https
TCN
X-Powered-CMS
X-Id
X-Version
Public-Key-Pins
AR-ATIME
AR-CACHE
AR-SID
AR-Request-ID
AR-PoweredBy
Accept-Ch
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-MSEdge-Ref
X-T
X-Content-Digest
X-Recruiting
X-Ratelimit-Limit
X-Amzn-Trace-Id
X-XRDS-Location
X-Ser
X-Daa-Tunnel
X-Accel-Expires
Response
X-Middleton-Response
X-RateLimit-Remaining
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
S
MicrosoftSharePointTeamServices
Nginx-Cache
Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Request-Processing-Time
X-Request-Received
Server-Node
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Ratelimit-Remaining
Cache-Tags
X-Distributor
X-Fastcgi-Cache
X-Hits
X-Kinsta-Cache
X-Edge-Location-Klb
X-LB-Cache
Cross-Origin-Opener-Policy
Fastcgi-Cache
X-Origin-Server
X-PressLabs-Stats
X-Ua-Browser
X-Ratelimit-Reset
Alternate-Protocol
X-Ezoic-Cdn
X-Grace
Server-Name
X-Geo-Country
X-DIS-Request-ID
Filterid
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
X-Rid
Healthy
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Hostname
X-Frontend
X-LLID
X-DataDome
X-Varnish-Backend
X-ORACLE-DMS-ECID
X-Git-Hash
X-ORACLE-DMS-RID
X-Debug-Info
X-Logged-In
Payment
X-FB-Debug
Cleartype
X-Forwarded-Proto
X-Www-Served-By
X-Page-Id
X-Fastly-Request-ID
X-Load-Cache
X-NGENIX-Cache
X-Origin-Cache
X-ASPNET-VERSION
X-Cluster-Name
DC
MS-Author-Via
X-TTL
Content-Disposition
Charset
Realpath
X-B3-Sampled
Access-Control-Allow-Method
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
X-Proxy
X-F-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-AppVersion
X-Az
X-Activity-Id
X-ECache
X-Seen-By
Retry-After
X-Amz-Replication-Status
Paypal-Debug-Id
Cross-Origin-Resource-Policy
X-Server-ID
X-Type
X-Contextid
X-Amz-Meta-S3cmd-Attrs
Count-Hit
X-Revision
X-Hosted-By
X-Whom
X-Fb-Rlafr
Viewport
X-Wix-Request-Id
X-B-Cache
X-Signature
Surrogate-Key
X-Azure-Ref
X-Request-Guid
X-App-Environment
Accept-Charset
X-Aspnetmvc-Version
X-Route-Name
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-B
X-Varnish-Server
X-VCache
X-Akamai-Edgescape
X-TT
Amp-Access-Control-Allow-Source-Origin
X-Cache-Age
X-DynaTrace
X-B3-Traceid
X-Language
X-Source
X-Fastly-Request-Id
X-App-Server
Referer-Policy
X-Cache-Control
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Mobile
X-Magnolia-Registration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Times
Host
X-Varnish-Grace
Version
X-Envoy-Decorator-Operation
X-N
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-HTML-Minification-Powered-By
X-Cache-Rule
X-Response-Served-From
X-Tumblr-Pixel
X-Original-Request-Id
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Refresh
X-UUID
MS-CV
X-Cache-Time
Ms-Operation-Id
Section-Io-Cache
WPO-Cache-Message
X-Rule
X-RTag
X-Varnish-Age
WPO-Cache-Status
Access-Control-Request-Headers
X-Cache-Status-Check
SD-X-WS
X-Framework
X-EdgeConnect-Cache-Status
X-User-Agent
X-Content-Powered-By
X-Backend-Name
GEO-INFO
Akamai-GRN
X-FW-Dynamic
X-Cache-Expired-At
X-Cacheable-TTL
X-FW-Hash
X-FW-Serve
X-FW-Version
X-FW-Static
X-ProcessESI
X-RemovedCookies
X-FW-Server
X-Cache-Grace
X-FW-Type
VIX-Pulpo-Upstream-Status
X-Jobs
VIX-Pulpo-Node
X-Rendered-As
X-Page-View
X-Is-Bot
Url
X-G
X-Drupal-Cache-Tags
X-Device-Type
X-Instance
X-Status
Protected
X-Servername
X-Drupal-Cache-Contexts
X-Adobe-Content
X-Adobe-Loc
X-Akamai-Request-ID2
X-Http-Reason
From-Origin
X-NYM-Debug-Backend
X-Environment-Context
X-L-Path
NGB
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Template
SRV
X-Trace-Id
X-RateLimit-Limit
X-Region
CDN-RequestId
Front
X-CDN-Forward
X-COUNTRY
X-Varnish-Ttl
X-Nginx-Cache
X-Debug-IsPreview
X-Debug-IsConnected
Accept-Language
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Unique-Id
X-Cache-Hit
X-Content-Options
Fastly-SIE
Fastly-SWR
Backend
Country
X-Zen-Fury
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Liferay-Portal
X-DynaTrace-JS-Agent
X-Tb
X-XRDS-LOCATION
X-Newrelic-App-Data
X-Mode
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Cache-Operation
Content-Secure-Policy
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Node-Name
X-Tt-Logid
X-Real-IP
X-Rewrite-Enabled
Meta-Geo
Webserver
X-Generation-Time
X-Amzn-Remapped-Content-Length
Uber-Trace-Id
X-Tumblr-Pixel-2
X-RN-RSRV
Filters
X-UPSTREAM-Address
X-Cache-Server
X-Proxy-Cache-Info
X-Rocket-Nginx-Serving-Static
X-Format
X-Access
X-Content-Age
X-IPS-LoggedIn
X-Ms-Request-Id
X-PHP-Backend
X-Ms-Version
X-Section
X-Time
Cache-Hits
Onion-Location
Azure-InstanceId
CF-IPCountry
X-Timing-Wait
Selected-Fe
X-Web-Node
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Proxy-Build
Azure-Version
TWC-GeoIP-Country
Property-Id
TWC-Device-Class
ServedBy
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Debug
Webcakes-App-Name
Webcakes-App-Version
X-Cluster-Node
TWC-Privacy
Webcakes-Region
TWC-Locale-Group
X-SayCDN-TTL
X-VC-Cache
X-Locale
X-Server-W
X-Say-Cacheable
X-Reqid
X-Sucuri-Cache
X-R9-Blue-Green-Version
X-UA-Device-Type
X-Sucuri-ID
X-Proto
X-Soup
X-TIME
Node
X-Origin-Hint
X-Say-TTL
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Cache-Host
X-Via-Fastly
X-VWS-Id
X-Sql-Duration-Ms
X-PHP-Host
X-Handled-By
X-Proxy-Cache-Status
X-ProxyCache-Key
ServerID
X-ProxyCache-Status
X-IPLB-Request-ID
Web-Mar-Node
S-Rt
X-Cache-Action
X-Cms-Context
X-Adobe-Source
X-Cluster
X-AWS-Id
X-IPLB-Instance
X-Sql-Count
X-Ua
X-Forwarded-Host
X-Site-Version
X-Skip-Cache
X-Varnish-Beresp-Grace
X-BYPASS-REASON
X-Cache-TTL-Remaining
X-URL
DB-Nickname
Cache-Name
X-SaId
X-WP-CF-Super-Cache
Mn-Server-Ip
X-WP-CF-Super-Cache-Cache-Control
X-No-Session
X-LAGOON
X-FB-TRIP-ID
X-Uri
X-JoinUs
X-Detected-As
Apigw-Requestid
X-Routing-Service
X-Proxied
X-Ruxit-Js-Agent
X-Origin-Date
X-Zipkin-Id
Cross-Origin-Window-Policy
X-Extlb
X-Edge-Location
X-Tumblr-Pixel-3
X-Buckets
X-Urbn-Site-Id
X-Optimistic-Header
X-Urbn-Context-Path
X-App-Version
X-Xfnlog-Site
Locale
Fastcgi-Useragent
WP-Super-Cache
Countrycode
X-GeoCountry
X-GeoCode
X-LSADC-Cache
X-ARC
Source
CDN-PullZone
X-Oneagent-Js-Injection
CDN-Uid
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-CachedAt
Mime-Version
CDN-Cache
Cache-Tv-Group
X-Director
X-Hl-Ver
Fastly-Drupal-HTML
Upgrade-Insecure-Requests
X-Varnish-Hits
X-Mg-Request-UUID
X-Request-Time
X-GEO
X-Generated-By
CF-Cached-On
X-Redis-Cache
X-Cache-Debug
X-Webkit-CSP-Report-Only
Xet-Cookie
X-Loop
X-Origin-CC
Frame-Options
X-Origin-TTL
X-Tx-Id
X-SRV
X-FireWall-Port
X-Varnish-Cache-Hits
X-TNCMS
X-Pass-Why
X-RM-Cache-TTL
X-Varnish-Hostname
X-TA-CDN-Provider
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ServerID
X-Shopify-Stage
X-ShopId
X-Akamai-Transformed
X-Storefront-Renderer-Rendered
X-ShardId
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Api-Version
X-Service
X-Newrelic-Synthetics
Load-Balancing
X-Endurance-Cache-Level
Xserver
X-Request-Host
X-Pubstack
X-Served-From
X-NWS-UUID-VERIFY
X-B3-Spanid
Cache-Host
T-Server
BehaviorPad-Version
X-Sigma-Backend
Candidate-Md5Url
DCR-Processing-Time-Ms
DCR-Decision-By
TDXMobile
A
Thinkindot-Control
WWW-Authenticate
Thinkindot-CacheControl-Type
Server-Info
MD5-Digest
Thinkindot-CacheControl
DSUID
Edge-Cache
Gannett-Cam-Experience-Id
Odigeo-Trace-Id
X-Test
Ngx.Var.Host
X-SRCache-Key
Memcached
Host-ID
Origin
Redirect-Candidate
Lang
Surrogated-Key
Sslversion
Req-Svc-Chain
Release
Rendered-Blocks
Meta-Geo-Continent
X-A-Dgt
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-External-Request-Id
X-Gdpr
X-Vdms-Version
X-We-Are-Hiring
Xc-Version
X-Processor
X-Rocket-Build-Number
X-Developer
X-Ec-Fail
X-Platform-Router
X-Vdms-Path
X-Generated-On
X-Nyt-Route
X-Mobile-URL
X-Origin-Time
X-Platform-Cluster
X-Platform-Processor
X-Mid
X-Location
X-Httpd
X-INCAP-ABP
X-Level-Front-Cache
X-Loc
X-Destination
X-Rojux
X-BBC-Edge-Cache-Status
X-B-Cookie
X-Bc-Bl
X-Sigma
X-BCube-Filmed-By
X-Application
X-TIM-N
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Wwc
X-Aed
X-ScT
X-Cache-Date
X-S-Cookie
X-Thinkindot-L3
X-CUA
X-D
X-S
X-S-Maxage
X-Thanos
X-Cache-Info
X-Cache-NE
X-CMSURLCustom
X-Conf
X-A
X-Bip
X-Varnish-Beresp-Ttl
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Storage
Section-Origin-Responded
X-Restarts
X-Fetched-On
X-Fmm-Version
X-Ec-Custom-Error
X-Developers
X-GeoIP
X-Has-Esi
X-HS-Content-Campaign-Id
X-GeoIP-City
X-Core-Value
X-Geo-Header
X-Frame-Option
X-Cdn-Srv
Server-Host
NM-Fastcgi-Cache
Mail-Subject
Magicmarker
We-Hiring
X-Akamai-Device-Characteristics
X-Human
X-Cache-Bucket
X-Auto-Login
X-Clara-WADP
X-JWT-State
X-Worker
X-WP-CF-Super-Cache-Active
X-WADP-Cache
X-WA-Info
X-VServer
Country-Code
X-Cdn-Origin
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Sn-Servicetimems
X-Hash
X-Core-Mission
X-Vmg-Version
X-VG-TLSProxy
X-Node-Id
X-Org
X-Mvc-Supplant-Cachable
X-Mly-Id
Gh-Request-Id
X-Origin
X-Pool
X-Varnishpool
X-Varnish-Beresp-Status
X-Var-Ttl
X-SD-PageType
X-Is-Gdpr
X-Origin-Response-Time
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Apple-News-Services-Parsed-Url
C-Via
Cache-Key
CloudFront-Viewer-Country
CacheControlHeader
Apple-News-Services-Host
Apple-News-Services-Request-Url
AKAMAI
Apple-News-Services-Handled
X-Parent-Response-Time
X-CACHE-AGE
X-Device-Os
X-Men
X-App
X-DefHash
X-CacheTTL
X-Ad-Defer-Variation
Click-Count-Error
Click-Count-Action-Start
X-Esi-Check
X-Accel-Expires-Debug
X-DefElseHash
X-Dispatcher-Server
X-CSRF-Token
X-Slack-Shared-Secret-Outcome
X-Region-Sid
X-Cache-Id
X-Server-IP
X-Slack-Backend
X-Gamma-Serve
X-Cache-Tags
X-Date
X-Block-Status
X-SB
State
X-Fastly-Cache
Datacenter
X-HN
X-Varnish-CookieHashed-On
X-Variation
X-Op-Id-All
X-Old-Content-Length
X-NodeID
X-Varnish-CookieINHashed-On
Adler-Geo
X-Platform
X-Request-Start
X-Scale
X-Req
X-Qloud-Router
X-Platform-Server
X-Nginx-Cache-Key
X-NCache
X-Gzip
Canary
X-GeoIP-Region-Code
X-GeoIP-Country-Code
CDCHOST
X-Accel-Buffering
X-Hnp-Log
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Wix-Viewer-Type
X-LB-NoCache
Cache-Provider
X-Gen-Mode
X-Dispatcher-Number
User-Cache-Control
Tube-Return
PFcat
Vix-Hermes-Req-Id
Origin-EX
Wxu-Next-Commit
Origin-CC
Tube-Got-Results
Tube-Got-Eval
Server-Hostname
Sever-Int
Server-Ext
Environment
Platform
Tube-Get-Contents
Wxu-Next-Hostname
Web-Mar-Region
Is-Eu
Wxu-Next-Region
Kp-EeAlive
Machine
L
On-Server
NGX
Cmstype
Ha-Gx-Prefs
HA-Ipaddr
Ssr
X-DPWN-IS-SECURE
X-Eu-Site
X-FC-Vary-Parameters
Producers
X-Forwarded-Site
X-Planisys-CDN-TTL
X-Minions-Version
X-V-Cache
Cluster
X-Nananana
Fastly-SSL
X-Tid
X-Owner
X-Irp-Debug
Pics-Label
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
L5d-Success-Class
Cmsid
Decoy-Debug-Key
X-Cache-Backend
X-Cache-Remote
X-Fastly-Backend
X-Ckpd-Fst-Backend
X-CGP
X-Csrf-Jwt
X-Azure-Ref-OriginShield
Decoy-Debug-TTL
X-Origin-Expires
Decoy-Debug-Status
X-Instance-Name
X-Release
X-Refresh
X-Cache-FS-Status
X-Mvc-Supplant-OutputCached
X-Microcachable
X-Tb-Optimization-Total-Bytes-Saved
X-Response-By
X-Provided-By
X-Zone
Srvid
X-Correlation-ID
Locid
GeoIP-Latitude
Expect-Staple
HostName
X-Aicache-OS
X-FL-EDGE
X-FL-QIT-DEBUG
X-DC
X-Via-CDN
X-Air-Pt
X-Servedbyhost
X-From
X-Up
X-Dc
Env
Memory
X-RCS-CacheZone
Time
X-ND-Cache
X-VC
X-Trace-ID
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
X-Presslabs-Stats
X-NewRelic-App-Data
X-Generated-In
X-Vcl-Version
X-Cache-Enabled
Svr
NtCoent-Length
X-AIR-PT
X-Nc
X-Edge-Pop
X-HS-Status
SID
X-Webkit-CSP
X-Srv
Cache
Sid
X-Via-Poph
X-Wa
X-Cached-By
X-Via-Popn
X-Via-Popv
X-DataCenter
X-Lambda-Id
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Cdn
X-Nf-Request-Id
X-Esi
X-Vc
X-Cs
X-HA-Backend
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-ZONE
X-Vtex-Remote-Cache
VNS-Age
VNS-Cache
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Render-Time
CPC-Age
X-Client-Ip
CPC-Cache
Server-ID
X-VCT
X-NGINX-Cache
X-Check-Cacheable
Hostname
X-LB-ID
X-AK-Request-ID
Cdnsip
GeoIp-Country-Code
Fastly-Drupal-Html
Cdncip
X-Via-NSCOPI
X-Amz-Meta-Cb-Modifiedtime
X-Gateway-Request-Id
X-Gateway-Skip-Cache
AMP-Access-Control-Allow-Source-Origin
X-Gateway-Cache-Key
X-TH-Server
X-Gateway-Cache-Status
X-Fpc
X-Upstream-Ct
X-Via-JSL
X-Proxy-CacheRZ
XkeyRZ
X-Upstream-Ht
X-Cache-Type
True-Client-IP
X-API-Version
X-ATG-Version
X-CSRF-TOKEN
X-B3-SpanId
X-Varnish-Authentication
X-Cache-ASPX
X-Contensis-Viewer-Groups
Uri
X-EC-Lua
X-CS
Srv
M-TraceId
Esi-Enabled
True-Client-Ip
Eomportal-Instance
X-Datadome
X-Varnish-Beresp-TTL
OT-Force-Account-Verify
X-CF-Lambda-Fn
X-Micro-Cache
X-MSEdge-Features
X-MSEdge-Flight
Resin-Trace
X-CF-Lambda-Version
XServer
X-RateLimit-Limit-Second
Ngx-Var-Key
X-RateLimit-Remaining-Second
X-PAYTM-SRV-ID
X-Udemy-Cache-App-Namespace
Path
X-FPC
YJS-ID
Request-ID
X-MP-GENERATED-AT
X-APP-VERSION
X-SIPLIST1
X-Wikidot-Static-Cache
IsBot
CDN
X-Request-URI
X-Cache-NGX
X-CDN-Cache-Status
X-Fastly-Country-Code
X-Wikidot-Backend
GeoIP-Country-Code
N-Cache
RNT-Machine
RNT-Time
X-Forwarded-Path
X-Info
X-Bl-Debug
X-Lb-Id
X-CLOUD-TRACE-CONTEXT
X-Orig-Expires
X-Shop-Environment
X-VCL-Version
X-Tenant
X-TX-ID
Sm-Log-Id
LB
X-Accel-Version
Server-Id
X-Service-Response-Time
X-B3-Trace-ID
X-Pod-Name
X-Ha-Backend
X-Policy
Location
X-MCACHE
X-Datacenter
Lb
X-App-Name
X-Edge-POP
X-RateLimit-Reset
HIT
X-WA
Cross-Origin-Opener-Policy-Report-Only
X-Akamai-Pragma-Client-IP
X-Cdn-Cache-Status
X-Snapshot-Date
X-SERVER-NAME
X-Cdn-Request-ID
Servername
X-Oss-Request-Id
X-Cache-Expires
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
Ohc-File-Size
X-Via-PopV
X-Oss-Object-Type
X-Via-PopN
X-Via-PopH
X-Geo
X-Xrds-Location
Timeexpire
ENV
X-NC
Hit
X-Cache-Ttl
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-CACHE-KEY
FSS-Cache
Proxy-Connection
X-Vcache
X-ServedByHost
X-Cdn-Diag
Epwk-X-Cache
X-Rebelmouse-Surrogate-Control
Pramga
Req-ID
X-Rebelmouse-Cache-Control
Yjs-Id
X-Ctl-Mach
X-LiteSpeed-Cache-Control
X-Logging-Id
X-Moov-T
X-Moov-Xdn-Version
X-Scheme
Geoip-Latitude
WZWS-RAY
Traceparent
X-Serial
X-Amz-Meta-Opti
X-Hyper-Cache
X-TraceId
X-Git-Commit
X-Dw-Trace-Id
X-Cdn-Forward
X-Container-Uri
X-UP
X-M-Reqid
X-M-Log
X-MiniProfiler-Ids
MIME-Version
XM
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Qnm-Cache
X-Acquia-Purge-Tags
X-Acquia-Site
X-VG-WebCache
X-RAMCache
X-Tncms
X-Swift-Error
Content-Style-Type
X-Fastly-Backend-Reqs
Ec-Rule-Version
X-ApacheServer
X-Viewer-Country
X-PERF
Cdn-Requestid
X-Lb-Nocache
X-B3-Parentspanid
Cneonction
Content-Script-Type
X-F-Status
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-Wp-Cf-Super-Cache
CountryCode
X-TT-LOGID
X-Litespeed-Cache-Control
Ngx
X-Mg-Cache
Ohc-Cache-HIT
X-Iauth-Set-Uid
V-Age
X-Mid-Debug-Cache-Disk
X-Th-Server
X-Request-URL
My-App
X-Cache-Ngx
Warning
X-IPS-Cached-Response
X-LiteSpeed-Tag
X-Fastly-Cache-Hits
X-Webstats-RespID
X-B3-ParentSpanId
Inserted-Into-Cache-At
X-Mid-Debug-Cache-Key