Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
X-Request-ID
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
P3p
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Proxy-Cache
X-Amz-Id-2
X-Backend
X-Age
Host-Header
X-Ws-Request-Id
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
X-Amz-Version-Id
EagleId
Grace
X-Dispatcher
Cf-Edge-Cache
X-LiteSpeed-Cache
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Aws-Lambda-Call-Status
Accept-CH
X-Host
X-Node
X-OneAgent-JS-Injection
Cf-Railgun
X-Pingback
X-Server-Id
X-Cache-Spec
Surrogate-Control
X-Backend-Server
X-Akam-SW-Version
Request-Id
EagleEye-TraceId
X-Response-Time
X-Cache-Lookup
X-Readtime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
X-HW
Accept-CH-Lifetime
X-Content-Security-Policy-Report-Only
X-Application-Context
X-Cloud-Trace-Context
X-Trace
Rating
Fastly-Restarts
Accept-Ch-Lifetime
X-Country
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
X-Nginx-Upstream-Cache-Status
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Rack-Cache
Edge-Control
X-Edge
X-B3-TraceId
X-Ruxit-JS-Agent
X-TtlSet
X-Vname
X-PC
X-ESI
X-Content-Type
X-Vcap-Request-Id
X-Mod-Pagespeed
X-CST
Verso
Xkey
X-Oneagent-Js-Injection
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-D2id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-GitHub-Request-Id
X-Amz-Rid
Cache-Tag
X-Mcache
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
X-FastCGI-Cache
RTSS
X-VARITI-CCR
X-ECACHE
X-Upstream
X-Ruxit-Js-Agent
X-Version
X-Navigation-Version
X-Abt-Application-Version
X-Cached
X-Client-IP
X-Cnection
X-Ac
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Server-Name
X-SharePointHealthScore
Arr-Disable-Session-Affinity
X-Px
SPRequestGuid
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Ttl
SPIisLatency
SPRequestDuration
Public-Key-Pins
Display
X-Sol
X-Middleton-Display
Permissions-Policy
Pagespeed
X-Cache-TTL
X-Country-Code
X-NWS-LOG-UUID
Cf-Apo-Via
X-Ser
X-Middleton-Response
Response
X-Cache-Key
X-Midtier
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-For
Content-MD5
Access-Control-Request-Method
X-MSEdge-Ref
Front-End-Https
Accept-Ch
X-Shield-Request-Id
X-RateLimit-Remaining
X-Correlation-Id
X-DataDome
X-T
X-Recruiting
X-NF-Request-ID
MicrosoftSharePointTeamServices
TP-L2-Cache
X-HP-Trace-Id
TP-Cache
X-Jurisdiction
X-HP-Webp
Edge-Cache-Tag
Nginx-Cache
AR-PoweredBy
Mrf-Cache-Status
AR-Request-ID
AR-SID
AR-ATIME
X-B3-TraceId-Primal
MRF-Tech
AR-CACHE
X-Accel-Expires
X-Powered-CMS
X-Litespeed-Cache
TCN
X-Grace
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Daa-Tunnel
X-Mg-S
X-Content-Digest
X-Id
X-Hits
X-Request-Received
X-Request-Processing-Time
Filters
Server-Node
X-Amzn-Trace-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Server-Name
X-RateLimit-Limit
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
MS-Author-Via
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Geo-Country
X-Frontend
Fastcgi-Cache
X-XRDS-Location
X-PressLabs-Stats
X-Distributor
S
X-Protected-By
X-Origin-Server
X-Ezoic-Cdn
Count-Hit
X-LLID
X-Webkit-Csp
X-Language
Cache-Status
X-Fastcgi-Cache
X-Amz-Meta-S3cmd-Attrs
X-Ua-Browser
Cross-Origin-Opener-Policy
X-Ab
Charset
Payment
X-Request-Handler-Origin-Region
X-F-Cache
X-B3-Sampled
X-Forwarded-Proto
X-LB-Cache
X-Microsite
Filterid
X-FB-Debug
X-Page-Id
X-Seen-By
Host
X-Git-Hash
X-Fastly-Request-Id
X-Ratelimit-Reset
X-Cluster-Name
X-VCache
X-ASPNET-VERSION
Surrogate-Key
X-Cache-Age
X-TTL
X-Rid
Cache-Tags
Realpath
Accept-Charset
X-Www-Served-By
Access-Control-Allow-Method
Alternate-Protocol
X-NGENIX-Cache
X-Logged-In
Retry-After
X-Origin-Cache
X-Upgrade-Enabled
X-Source
X-Az
X-Activity-Id
X-Template
X-AppVersion
X-Varnish-Backend
X-Type
X-DIS-Request-ID
X-Fastly-Request-ID
X-Flags
X-Aspnet-Duration-Ms
X-Route-Name
X-TT
X-Is-Crawler
X-Amz-Replication-Status
X-Providence-Cookie
X-Request-Guid
X-Signature
X-Varnish-Grace
X-Envoy-Decorator-Operation
X-Tb
Cleartype
X-B
X-B-Cache
X-Wix-Request-Id
ServerID
X-App-Environment
X-Hostname
Paypal-Debug-Id
DC
X-DynaTrace
X-Node-Name
Frame-Options
X-Drupal-Cache-Tags
X-Ratelimit-Remaining
X-Revision
X-Contextid
X-Debug
X-Proxy
X-Tt-Trace-Host
X-Cache-Rule
X-Tt-Trace-Tag
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Amp-Access-Control-Allow-Source-Origin
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Mobile
X-Load-Cache
X-Content-Options
X-Cache-Control
Country
Node
X-N
X-Magnolia-Registration
Refresh
X-EdgeConnect-Cache-Status
X-Response-Served-From
X-Original-Request-Id
X-Whom
X-User-Agent
NGB
Content-Disposition
X-Cache-Time
X-Varnish-Age
X-Content-Powered-By
X-Varnish-Server
X-Debug-IsConnected
X-Debug-IsPreview
X-NYM-Debug-Backend
X-Cache-TTL-Remaining
Akamai-GRN
Access-Control-Request-Headers
X-Oracle-Dms-Ecid
X-Environment-Context
X-L-Path
X-Servername
X-Oracle-Dms-Rid
X-Status
X-Unique-Id
X-Adobe-Content
X-Page-View
VIX-Pulpo-Node
X-Adobe-Loc
X-Akamai-Request-ID2
X-Cacheable-TTL
X-G
X-Instance
VIX-Pulpo-Upstream-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Grace
X-Real-IP
Viewport
X-Rendered-As
Uber-Trace-Id
X-Framework
X-Jobs
X-Is-Bot
X-Mid
Url
Referer-Policy
Srv
Countrycode
X-Ratelimit-Limit
X-Time
X-Content
X-ProcessESI
X-RemovedCookies
X-Drupal-Cache-Contexts
X-COUNTRY
Cross-Origin-Resource-Policy
Version
X-CDN-Forward
X-Mg-Request-UUID
Accept-Language
X-Cache-Expired-At
X-Via-JSL
X-Http-Reason
X-Cache-Hit
X-Restarts
X-Trace-Id
X-XRDS-LOCATION
X-Tumblr-Pixel
X-Cache-Operation
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-APP-VERSION
Protected
X-App-Server
X-IPLB-Instance
X-IPLB-Request-ID
X-Api-Version
Healthy
X-Backend-Name
X-Debug-Info
X-Hosted-By
X-Azure-Ref
Section-Io-Cache
X-Akamai-Edgescape
X-Tt-Logid
X-Cache-Action
X-Rule
X-Device-Type
X-FW-Server
Content-Secure-Policy
X-Nginx-Cache-Key
X-FW-Type
X-FW-Static
X-FW-Dynamic
X-Generation-Time
X-FW-Hash
X-FW-Serve
Backend
Liferay-Portal
Server-Info
X-Server-ID
GEO-INFO
MS-CV
X-RTag
Meta-Geo
Load-Balancing
X-Mobile-URL
X-Storage
X-VC-Cache
Ms-Operation-Id
X-RN-RSRV
X-UPSTREAM-Address
X-SRV
X-HTML-Minification-Powered-By
X-Proxy-Cache-Status
X-Mode
Fastcgi-Useragent
X-Section
CF-IPCountry
Onion-Location
X-Handled-By
X-Access
X-Format
TWC-Device-Class
TWC-GeoIP-Country
Eomportal-Instance
TWC-Connection-Speed
TWC-Locale-Group
TWC-GeoIP-LatLong
S-Rt
Property-Id
X-Alternate-Cache-Key
X-Region
X-SaId
X-Say-Cacheable
X-Say-TTL
X-LJ-Flow-ID
X-JoinUs
X-Edge-Location
X-Forwarded-Host
X-Generated-By
X-SayCDN-TTL
X-ShardId
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Varnish-Beresp-Grace
X-VWS-Id
X-Sql-Duration-Ms
X-Sql-Count
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-AWS-Id
X-Adobe-Source
X-FireWall-Port
X-Locale
X-OCL
X-Origin-Hint
X-Cms-Context
X-Cache-Server
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-PCL
X-Proto
Azure-SlotName
Azure-Version
Locale
Azure-SiteName
Azure-RegionName
X-R9-Blue-Green-Version
X-Varnish-Cache-Hits
Azure-InstanceId
TWC-Privacy
X-Sorting-Hat-PodId
X-Content-Age
Xserver
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestId
CDN-Uid
X-Zipkin-Id
CDN-EdgeStorageId
X-Xfnlog-Site
X-Ms-Request-Id
X-Server-W
X-Site-Version
X-Skip-Cache
X-No-Session
X-Ms-Version
X-Web-Node
Apigw-Requestid
CDN-CachedAt
X-UA-Device-Type
X-GeoCode
X-ProxyCache-Key
X-ProxyCache-Status
X-GeoCountry
X-Proxied
X-Labrador-Cache-Channel
X-PHP-Host
X-Extlb
X-Detected-As
X-BYPASS-REASON
X-Storefront-Renderer-Rendered
X-Hl-Ver
X-Cache-Host
X-Cache-Type
X-Routing-Service
X-ServerID
Web-Mar-Node
CDN-Cache
X-Varnish-Hostname
X-Tid
X-Uri
X-PHP-Backend
Mn-Server-Ip
Selected-Fe
X-Redis-Cache
X-Timing-Wait
X-Request-Time
X-Proxy-Build
X-Varnishpool
X-Cache-NGX
WP-Super-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
Cache-Name
X-URL
X-Nginx-Cache
X-Via-Fastly
X-Cache-Enabled
X-WP-CF-Super-Cache
X-FB-TRIP-ID
DB-Nickname
X-WP-CF-Super-Cache-Cache-Control
X-Datadome
X-Origin-Date
X-UUID
X-Correlation-ID
X-Cache-Status-Check
X-DynaTrace-JS-Agent
X-ECache
X-LSADC-Cache
X-TNCMS
X-Varnish-Ttl
X-Loop
ServedBy
X-Ua
X-Amzn-Remapped-Content-Length
X-Reqid
X-App-Version
Xet-Cookie
X-Provided-By
X-Pubstack
X-Zen-Fury
X-Human
X-Vgn-Hpd-Reason
X-Soup
X-GEO
X-RCS-CacheZone
X-Dc
Source
X-MP-GENERATED-AT
X-Cache-Tags
X-Tec-Api-Root
X-Origin-TTL
X-TA-CDN-Provider
X-Tumblr-Pixel-2
X-Tec-Api-Version
Origin
X-Tec-Api-Origin
X-Aspnetmvc-Version
X-Origin-CC
X-Cached-By
X-Cdn
Cache
X-Varnish-Hits
X-Webkit-CSP
Cross-Origin-Window-Policy
From-Origin
X-Service
X-Debug-Cache
WPO-Cache-Status
X-Varnish-Beresp-Ttl
WPO-Cache-Message
X-Newrelic-Synthetics
SD-X-WS
Webserver
LB
X-NewRelic-App-Data
X-ScT
X-Cache-Debug
Rendered-Blocks
BehaviorPad-Version
MD5-Digest
Rip
Host-ID
X-Request-Host
X-IPS-LoggedIn
X-FW-Version
X-AOL-HN
X-Trace-ID
X-Developer
DCR-Processing-Time-Ms
T-Server
Surrogated-Key
X-Vdms-Path
X-D
X-Vdms-Version
DCR-Decision-By
X-Destination
X-Ec-GeoHdr
CPC-Age
X-Tenant
X-SRCache-Key
X-User
CPC-Cache
Expiry
X-External-Request-Id
X-Forwarded-Path
X-Ec-Fail
X-Connection-Hash
Xc-Version
X-Aed
X-AK-Request-ID
X-Application
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
X-ARC
X-B-Cookie
Environment
VNS-Age
X-VG-WebCache
X-Cache-NE
VNS-Cache
X-A
X-Bc-Bl
X-BCube-Filmed-By
Cdnsip
X-TIM-N
X-Rojux
X-Orig-Expires
X-NAPM-TraceId
X-S-Cookie
Ngx.Var.Host
X-Rewrite-Enabled
Lang
A
X-Processor
Meta-Geo-Continent
X-Nf-Request-Id
X-Shop-Environment
X-S
X-Parent-Response-Time
Cdncip
X-PBS-Appsvrname
Sslversion
Odigeo-Trace-Id
X-Platform-Server
X-CSRF-Token
HostName
X-B3-Traceid
X-B3-SpanId
X-Owner
X-Dispatcher-Number
Redirect-Candidate
X-Cluster
X-Served-From
X-Aicache-OS
Gh-Request-Id
X-INCAP-ABP
X-Has-Esi
X-Cdn-Srv
X-Auto-Login
Upgrade-Insecure-Requests
X-Is-Gdpr
X-VC
X-TIME
OT-Force-Account-Verify
X-Cluster-Node
Fastly-Drupal-HTML
X-JWT-State
X-Developers
X-WP-CF-Super-Cache-Active
Mobile-Detection-Method
Origin-CC
NGX
NM-Fastcgi-Cache
Origin-EX
Tube-Get-Contents
Kp-EeAlive
Fastly-SSL
L
State
Servername
Fastly-SWR
IsBot
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
Req-Svc-Chain
L5d-Success-Class
Tube-Return
Producers
Platform
V-Age
Tube-Got-Results
Tube-Got-Eval
Release
Traceparent
Fastly-SIE
Vix-Hermes-Req-Id
X-Irp-Debug
X-Request-URI
X-Qloud-Router
X-Rocket-Build-Number
X-Scale
X-Sigma-Backend
X-Sigma
X-Pool
X-Policy
X-Origin
X-Optimistic-Header
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-SIPLIST1
X-Slack-Backend
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-VServer
X-Varnish-Beresp-Status
X-Variation
X-SplitTest
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thanos
X-NodeID
X-Minions-Version
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-DefElseHash
X-Core-Mission
X-Clientip
X-Bip
X-BBC-Edge-Cache-Status
X-CacheTTL
X-Cdn-Origin
X-CGP
X-DefHash
X-DPWN-IS-SECURE
X-GeoIP-City
X-GeoIP
X-Hash
DSUID
X-Loc
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-Eu-Site
X-Forwarded-Site
X-Gateway-Cache-Key
X-Ad-Defer-Variation
X-Gateway-Skip-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Cache-Host
Candidate-Md5Url
Click-Count-Error
Click-Count-Action-Start
Apple-News-Services-Host
Apple-News-Services-Handled
X-Nyt-Route
X-Gdpr
X-Origin-Time
X-Via-NSCOPI
Adler-Geo
Cmsid
X-Accel-Buffering
Country-Code
Cmstype
Mime-Version
X-CMSURLCustom
X-Generated-On
X-Worker
X-Thinkindot-L3
X-Level-Front-Cache
X-GG-Cache-Date
X-Geo-Header
X-Core-Value
Thinkindot-CacheControl
TDXMobile
Server-Host
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Branch-Name
X-Esi-Check
Wxu-Next-Region
X-Fetched-On
X-Gen-Mode
X-Fmm-Version
X-Block-Status
X-Cache-Id
X-Device-Os
X-Clara-WADP
X-Cache-Info
X-Cache-Bucket
Decoy-Debug-Status
X-Ckpd-Fst-Backend
X-Origin-Response-Time
X-HS-Content-Campaign-Id
X-Gamma-Serve
X-FC-Vary-Parameters
X-Fastly-Backend
X-Region-Sid
X-Rocket-Nginx-Serving-Static
X-Sucuri-ID
X-Sucuri-Cache
X-SB
X-S-Maxage
Memcached
Fastly-Backend-Name
X-Proxy-Cache-Info
Wxu-Next-Hostname
X-Mvc-Supplant-Cachable
X-Hnp-Log
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-WADP-Cache
X-Viewer-Country
X-V-Cache
Decoy-Debug-TTL
X-Gzip
X-Wix-Viewer-Type
Mail-Subject
Machine
User-Cache-Control
Decoy-Debug-Key
Fastly-GeoIP-CountryCode
We-Hiring
Canary
CDCHOST
Web-Mar-Region
Sever-Int
Server-Hostname
Server-Ext
Wxu-Next-Commit
AKAMAI
X-Cache-Remote
X-Mvc-Supplant-OutputCached
X-LB-NoCache
X-Tx-Id
X-ATG-Version
X-NCache
X-Scheme
X-Azure-Ref-OriginShield
Svr
Cluster
Datacenter
CloudFront-Viewer-Country
X-Var-Ttl
Ec-Rule-Version
X-WA-Info
X-Newrelic-App-Data
Cache-Tv-Group
X-ND-Cache
Cache-Hits
X-Udemy-Cache-App-Namespace
Pics-Label
SID
Fastcgi-Cache-TTL
WebServer
Ssr
Time
X-ZONE
Memory
X-Session-Fingerprint
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popn
X-Refresh
X-Pod-Name
X-Via-Popv
X-Rebelmouse-Cache-Control
X-Fastly-Cache
X-Via-Poph
X-Rebelmouse-Surrogate-Control
X-Generated-In
X-Origin-Expires
Sid
X-Pass-Why
X-Up
X-Servedbyhost
Server-ID
Request-ID
AMP-Access-Control-Allow-Source-Origin
Env
X-Tumblr-Pixel-3
X-Xrds-Location
X-Presslabs-Stats
X-Wa
X-Edge-Pop
X-DC
X-Release
X-Dispatch
X-Akamai-Transformed
X-Fpc
My-App
X-Cs
X-Lambda-Id
X-Buckets
X-Ig-Push-State
X-Cache-Date
X-Zone
X-MSEdge-Features
X-NC
X-Esi
X-MSEdge-Flight
X-Conf
X-NWS-UUID-VERIFY
X-EC-Lua
X-PX
X-Endurance-Cache-Level
X-MCACHE
X-Req
X-ID
X-Microcachable
CDN
X-TX-ID
X-Dmc
X-CACHE-AGE
X-LB-ID
X-VCL-Version
X-CS
GeoIp-Country-Code
CacheControlHeader
True-Client-Country-4JS
True-Client-IP
X-Webkit-CSP-Report-Only
X-NGINX-Cache
Fastly-Drupal-Html
X-Be
X-TH-Server
Magicmarker
X-B3-Spanid
X-Vc
X-RateLimit-Reset
X-CACHE-KEY
Hostname
X-HS-Status
X-Wikidot-Backend
X-Op-Id-All
X-Wikidot-Static-Cache
X-CSRF-TOKEN
X-TRACE-ID
Path
X-Srv
True-Client-Ip
GeoIP-Country-Code
Resin-Trace
X-Hyper-Cache
X-GeoIP-Country-Code
X-CF-Lambda-Fn
Tcn
X-GeoIP-Region-Code
X-CF-Lambda-Version
X-Air-Trace-Id
X-Vcl-Version
X-M-Log
X-M-Reqid
X-Micro-Cache
X-Alfa-Service
X-Check-Cacheable
X-Air-Hostname
X-Air-Source
X-Air-Pt
X-Date
X-Accel-Expires-Debug
X-Vercel-Cache
Pramga
X-App
WWW-Authenticate
X-Vercel-Id
X-Varnish-Beresp-TTL
X-Qnm-Cache
Tracecode
X-SERVER-NAME
X-LiteSpeed-Cache-Control
X-Datacenter
Section-Io-Origin-Status
Section-Io-Id
X-Old-Content-Length
C-Via
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Akamai-Pragma-Client-IP
X-RAMCache
X-Cache-Ttl
Yjs-Id
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
Powered-By
N-Cache
X-FPC
Proxy-Connection
X-Edge-POP
X-TrackingId
YJS-ID
X-Webkit-Csp-Report-Only
FSS-Cache
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Geo
On-Server
X-Yandex-Sdch-Disable
X-WA
X-Mly-Id
X-Via-CDN
Fastcgi-X-Cache-Version
Hit
X-Platform
X-PAYTM-SRV-ID
Esi-Enabled
X-Location
X-API-Version
User-Agent
X-Response-By
Server-Id
ENV
X-ServedByHost
Lb
X-Lb-Id
X-Cdn-Forward
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
X-Dw-Trace-Id
X-Via-PopV
X-Via-PopH
HIT
X-Vtex-Processado-Em
Cdn
X-Via-PopN
X-Client-Ip
X-Node-Id
X-Director
X-Webstats-RespID
X-Edge-Origin-Shield-Region
GeoIP-Latitude
X-Vtex-Remote-Cache
X-Edge-Origin-Shield-Bytes
X-UA
X-AIR-PT
X-Service-Response-Time
Sm-Log-Id
Location
X-SD-PageType
X-Render-Time
X-LI-UUID
X-Request-Start
X-LAGOON
X-FORWARDED-FOR
X-TT-LOGID
X-LI-Proto
X-CUA
Locid
X-FL-EDGE
Srvid
X-Server-IP
X-Traceid
Geoip-Latitude
X-Li-Fabric
X-Li-Pop
Dnion-Transfer-Encoding
X-Akamai-ERRuleID
X-Instance-Name
X-Akamai-ERPolicy
X-From
X-Test
PICS-Label
Ohc-File-Size
XServer
X-RSL
Cache-Key
X-CF-Powered-By
X-Request-Url
X-DataCenter
Swift-Performance
X-HA-Backend
Uri
X-RPS
X-Via-Ucdn
X-DW
X-DSS
X-DI
X-DB
X-LiteSpeed-Tag
X-RPM
Nginx-CQVIP
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
X-Cache-Expires
M-TraceId
X-Fastly-Backend-Reqs
X-B3-ParentSpanId
DynaTrace
X-Proxy-Upstream
X-ApacheServer
X-HostName
X-PERF
X-Fastly-Cache-Hits
Server-Ttl
Wpo-Cache-Message
X-Cdn-Request-ID
X-Lb-Nocache
Wpo-Cache-Status
Vha6-Origin
X-Proxy-CacheRZ
X-Ramcache
X-Cache-Ngx
Wp-Super-Cache
X-Ips-Loggedin
XkeyRZ
Warning
CountryCode
X-Ittl
X-Global-Transaction-ID
X-Kebab
X-Kebabable
X-Keep
X-Is-SSL
X-IBD-Cache
X-Group
X-IBD-SID
X-GoCache-CacheStatus
X-Header-Sub
X-Git-Commit
X-Nerd
X-NFL-Dma
X-Newegg-Index
X-NFL-Geo
X-NS-Authorization
X-Ntj-Investigation-Id
X-Newegg-Flow
X-GG-Cache-Status
X-Matched-Rule
X-Loadbalancer
X-Matome-Cached
X-MTS-Cache
X-N-OperationId
X-LbNode
X-Ee-Request-Date
X-Delivery
X-Dehri-Date
X-Developed-By
X-Doge
X-DT-Node
X-Dcm-Pdtf
X-Conten-Type-Options
X-Cms-Device
X-Cf-Node-Idx
X-Coindesk-Cache
X-Colour
X-Container-Uri
X-Edge-IP
X-Ee-Generated-By
X-Farm
X-F-Status
X-Fastly-Is-Edge
X-Frame-Option
X-Fstrz
X-Eventloop-Lag
X-ETag
X-Ee-Origin
X-NXG
X-Ee-Request-Id
X-Eid
X-Full-Ttl
X-Pver
X-CDN-Pop-IP
X-Tried-To-Kebabify
X-True-Client-Ip
X-U-Cache
X-Upstream-State
X-Toujours-Debout-Location
X-Toujours-Debout-Branch
X-SVR-IIS
X-Stack-Name
X-Svr-Proxy
X-Test-Nginx-Ingress
X-Timestamp
XV-H
XV-Cache
X-Ver
X-WSR2
X-WP-Bypass
X-Web-Hosting
X-Waitingroom
X-Vary-Devices
X-Xms-Page-Cache-Actions
X-User-Auth
X-Utime
X-YSpaceId
X-V2-Infrastructure
X-SSLProxy
X-Square
X-PG-ACCESS
X-Paywall
X-PGF-Deflate
X-Wag-Acs
X-R-Cache
X-PageType
X-OVcl-Cache
X-Okws-Version
X-Odoo-Frontend
X-Onedio-Env
X-Origin-Ops
X-OVcl
X-Reboot
X-Redis
X-ServiceName
X-Server-L
X-Sh
X-Site
X-SMP-JWT
X-Save-Cache
X-Ruby
X-Render-Method
X-Request-Origin
X-Route
X-Route-Akamai
X-Nyt-Data-Last-Modified
X-Moov-Xdn-Version
Joe-X
Is-Https
NB-ESI
Nikkei-App-Version
NLCacheNote
HTTPProtocol
HServer
CMS-200
Cluster-Host
Deeplink
Ec-Policy-Id
H1
Npm-Cost
Npm-Remaining
Proxy-Cache
Panzer-Cache-Control
RawURL
Region
Request-Uuid
Origin-Site
Ok-Edge-Key
Ns
Ns-Ua
Ok-Cache-Status
OK-Edge-Date
Cf-Wrk
Cf-Locale
SRV
Fastcgi-Cache-Ttl
WZWS-RAY
X-Mg-Cache
X-ElasticPress-Query
Req-ID
X-Moov-T
XM
X-Proxy-Cache-Hk
PFcat
X-HN
X-VarnishDD-TTL
X-Yottaa-OS
CF-Cached-On
Cache-Stat
Akamai-X-Url
Cachekey
Cdn-Country-Code
Cf-Device-Type
X-Th-Server
X-Serial
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Cneonction
X-Cache-Backend
Rt-Proxy-Cache
Scheme
X-ARRRG1
X-Arena-Request-Id
X-ASF-Cache
X-AspNetWebPages-Version
X-Backend-TTL
X-Ar-Stats
X-Apache-Server
X-Akamai-DeviceOS
X-Akamai-CacheKeyMod
X-Akamai-DeviceType
X-Akamai-Native
X-Amz-Meta-Cb-Modifiedtime
X-Backside-Transport
X-BeanStalkRole
X-Cache-ReqUri
X-Cache-Reason
X-Cache-Response
X-CacheVersion
X-Cc-Via
X-Cache-Proxy
X-Cache-NPR
X-BeanStalkStage
X-Cache-Cookie
X-Cache-IsMobileDevice
X-Cache-Length
X-AEO-Platform
X-Accor-Asset
Sw
Store-Cloud-Cache
T-Request-Id
Technodrome
Time-Cloud-Cache
SII
Shieldsquare-Response
Selected-Route
Served
Service-Uuid
SFRVia
Ttl
TWC-AK-Req-ID
X-77-NZT-Ray
X-77-NZT
X-Accel-Version
X-Accepted-Fulllang
X-Accepted-Language
Vttl
Userver
TWC-PATH-LOCALE
TWC-Subs
TWC-Unit
Uniqueid
X-CDN-Pop