Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Request-ID
Feature-Policy
X-Ua-Compatible
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-CDN
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-XSS-PROTECTION
P3p
Access-Control-Max-Age
X-Via
X-Dns-Prefetch-Control
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Backend
X-Proxy-Cache
X-Amz-Id-2
X-Ws-Request-Id
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Akamai-Path-Stats
EagleId
X-Vhost
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Nel
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-OneAgent-JS-Injection
X-Node
X-Server-Id
EagleEye-TraceId
X-Pingback
X-Cache-Spec
Request-Id
Surrogate-Control
Cf-Railgun
Accept-CH
X-Backend-Server
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-Response-Time
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
Accept-CH-Lifetime
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-Country
Accept-Ch-Lifetime
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
X-Edge
X-Ruxit-JS-Agent
X-Amz-Server-Side-Encryption
X-B3-TraceId
X-MS-InvokeApp
X-Rack-Cache
Edge-Control
X-TtlSet
X-Vname
X-PC
Accept-Ch
X-Content-Type
X-ESI
X-Nginx-Upstream-Cache-Status
X-Vcap-Request-Id
X-Mod-Pagespeed
Xkey
X-FastCGI-Cache
X-Varnish-TTL
X-Mcache
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-D2id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-CST
X-Amz-Rid
X-VARITI-CCR
Verso
Cache-Tag
X-GitHub-Request-Id
RTSS
X-Powered-By-Plesk
Service-Worker-Allowed
X-Cached
X-Upstream
X-ECACHE
X-Version
X-Client-IP
X-Navigation-Version
X-Abt-Application-Version
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
X-Px
X-Cnection
X-Ac
X-Ruxit-Js-Agent
Public-Key-Pins
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Ser
X-SharePointHealthScore
X-Element-Page-Cache
SPRequestGuid
Pagespeed
X-Sol
Display
X-Server-Name
X-Middleton-Display
SPIisLatency
SPRequestDuration
X-Cache-TTL
X-Country-Code
X-NWS-LOG-UUID
X-Midtier
X-Ttl
Permissions-Policy
X-Cache-Key
X-NF-Request-ID
Response
X-Middleton-Response
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-Forwarded-For
Content-MD5
X-RateLimit-Remaining
Access-Control-Request-Method
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-DataDome
X-MSEdge-Ref
Front-End-Https
X-Powered-CMS
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
X-T
X-Recruiting
AR-SID
Nginx-Cache
AR-Request-ID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Accel-Expires
X-Daa-Tunnel
TCN
MicrosoftSharePointTeamServices
X-Grace
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Correlation-Id
X-Mg-S
X-Id
X-RateLimit-Limit
X-Hits
X-Content-Digest
X-TTL
X-Request-Received
X-Request-Processing-Time
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Filters
X-TEC-API-VERSION
X-HS-Hub-Id
X-HS-Cache-Config
Server-Node
X-HS-Combine-CSS
X-HS-Content-Id
Server-Name
X-Frontend
S
X-LLID
X-Amzn-Trace-Id
X-Distributor
X-Language
X-Fastly-Request-Id
MS-Author-Via
X-Geo-Country
Cache-Status
X-Protected-By
Fastcgi-Cache
X-PressLabs-Stats
X-LB-Cache
X-Request-Handler-Origin-Region
X-Microsite
Cf-Apo-Via
Cross-Origin-Opener-Policy
X-Ezoic-Cdn
X-Forwarded-Proto
X-Origin-Server
X-F-Cache
X-Ua-Browser
Filterid
X-Ab
Host
X-Page-Id
Charset
X-FB-Debug
X-Seen-By
X-B3-Sampled
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
Count-Hit
X-Ratelimit-Reset
Payment
Realpath
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Litespeed-Cache
X-Cache-Age
X-ASPNET-VERSION
X-Cluster-Name
X-VCache
X-Template
Accept-Charset
Surrogate-Key
X-Origin-Cache
Alternate-Protocol
Cache-Tags
X-NGENIX-Cache
X-Rid
X-XRDS-Location
X-DynaTrace
Retry-After
X-Activity-Id
X-Az
Cleartype
X-AppVersion
X-Www-Served-By
X-Webkit-Csp
Access-Control-Allow-Method
X-Varnish-Backend
X-Node-Name
X-Upgrade-Enabled
X-DIS-Request-ID
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-B-Cache
X-Signature
X-Tb
X-Wix-Request-Id
X-Varnish-Grace
X-Type
X-TT
X-Aspnet-Duration-Ms
X-Flags
X-App-Environment
X-Amz-Replication-Status
X-B
ServerID
X-Fastcgi-Cache
X-Debug
Paypal-Debug-Id
DC
X-Aspnetmvc-Version
X-Drupal-Cache-Tags
X-Logged-In
X-Proxy
X-Ratelimit-Remaining
X-Content
Frame-Options
X-Source
X-Envoy-Decorator-Operation
X-Hostname
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Content-Options
X-Mobile
X-Revision
X-Load-Cache
Amp-Access-Control-Allow-Source-Origin
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Contextid
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Cache-Control
Country
X-N
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Magnolia-Registration
X-Fastly-Request-ID
X-User-Agent
X-Cache-Rule
Referer-Policy
Viewport
X-Whom
X-EdgeConnect-Cache-Status
NGB
X-Original-Request-Id
Refresh
X-Response-Served-From
Node
Content-Disposition
X-Varnish-Age
X-Ratelimit-Limit
X-Debug-IsPreview
X-Environment-Context
Access-Control-Request-Headers
X-Debug-IsConnected
X-Cache-TTL-Remaining
X-Cacheable-TTL
X-Framework
X-L-Path
X-Page-View
X-NYM-Debug-Backend
X-Mid
X-Mg-Request-UUID
X-Real-IP
X-Rendered-As
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Server
X-Unique-Id
X-Servername
Akamai-GRN
Uber-Trace-Id
X-Cache-Time
X-Jobs
X-Is-Bot
X-Instance
X-Cache-Grace
X-Akamai-Request-ID2
Url
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Adobe-Loc
X-G
X-Adobe-Content
X-Restarts
X-Status
X-XRDS-LOCATION
X-Drupal-Cache-Contexts
X-Content-Powered-By
Countrycode
Version
X-RemovedCookies
X-ProcessESI
X-Server-ID
X-App-Server
X-Debug-Info
X-Webkit-CSP
X-COUNTRY
X-Http-Reason
X-APP-VERSION
Srv
X-Time
Protected
X-IPLB-Instance
X-IPLB-Request-ID
X-Correlation-ID
Accept-Language
X-Hosted-By
X-CDN-Forward
X-Cache-Expired-At
X-Via-JSL
Healthy
X-URL
X-Nginx-Cache-Key
Liferay-Portal
X-Tt-Logid
X-Cache-Hit
X-Device-Type
Fastcgi-Useragent
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Trace-Id
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-FW-Serve
X-FW-Type
X-FW-Static
X-Azure-Ref
Section-Io-Cache
X-Backend-Name
X-RTag
X-Datadome
Backend
X-Cache-Operation
Ms-Operation-Id
MS-CV
X-UUID
X-Proxy-Cache-Status
Content-Secure-Policy
X-ECache
X-Mobile-URL
Server-Info
X-Oracle-Dms-Ecid
X-Cache-NGX
X-Oracle-Dms-Rid
Meta-Geo
X-Storage
X-RN-RSRV
X-UPSTREAM-Address
Load-Balancing
X-Akamai-Edgescape
X-Mode
X-HTML-Minification-Powered-By
X-Handled-By
CF-IPCountry
Webcakes-App-Name
Webcakes-App-Version
Web-Mar-Node
X-ShardId
X-Sql-Duration-Ms
TWC-Device-Class
CDN-RequestId
CDN-Uid
Eomportal-Instance
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
Locale
Onion-Location
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
X-Shopify-Stage
Property-Id
S-Rt
TWC-Privacy
X-OCL
X-Section
X-Sorting-Hat-ShopId
X-Server-W
X-Uri
X-Cms-Context
X-PCL
X-Cache-Enabled
X-Cache-Host
X-Cache-Server
X-Varnish-Cache-Hits
X-Edge-Location
X-Format
X-Site-Version
X-Labrador-Cache-Channel
X-Skip-Cache
X-LJ-Flow-ID
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Sorting-Hat-PodId
X-ShopId
X-Forwarded-Host
X-AWS-Id
X-Varnish-Hostname
X-Origin-Date
X-Redis-Cache
X-Region
X-Adobe-Source
X-Proto
X-PHP-Host
X-Origin-Hint
X-Sql-Count
X-Access
X-PHP-Backend
X-VWS-Id
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Say-TTL
X-Varnishpool
X-SayCDN-TTL
X-Say-Cacheable
X-VC-Cache
X-No-Session
X-Locale
Azure-Version
WP-Super-Cache
TWC-Connection-Speed
Azure-InstanceId
X-Content-Age
Azure-SiteName
Azure-RegionName
GEO-INFO
Azure-SlotName
X-Generated-By
X-Generation-Time
X-GeoCode
X-FB-TRIP-ID
X-GeoCountry
X-Cache-Type
X-BYPASS-REASON
X-Zen-Fury
X-Hl-Ver
X-Debug-Cache
X-Detected-As
X-Extlb
X-ProxyCache-Key
X-Via-Fastly
X-UA-Device-Type
X-Web-Node
X-Xfnlog-Site
X-Zipkin-Id
X-Timing-Wait
X-ServerID
X-Proxy-Build
X-Proxied
X-ProxyCache-Status
X-Request-Time
X-Routing-Service
X-JoinUs
X-SaId
Selected-Fe
Mn-Server-Ip
DB-Nickname
Apigw-Requestid
X-Cache-Status-Check
X-Rule
X-Cache-Action
X-Varnish-Beresp-Grace
X-Nginx-Cache
X-Tid
Cross-Origin-Resource-Policy
ServedBy
X-R9-Blue-Green-Version
X-Dc
X-SRV
X-Ua
X-DynaTrace-JS-Agent
X-LSADC-Cache
X-Ms-Version
X-Ms-Request-Id
Cache-Name
X-FireWall-Port
X-Human
Cache
Xserver
Xet-Cookie
SD-X-WS
X-Amz-Apigw-Id
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Amzn-RequestId
X-Cache-Tags
Source
Cross-Origin-Window-Policy
X-App-Version
X-Cached-By
X-Loop
X-RCS-CacheZone
X-GEO
X-TNCMS
X-Varnish-Hits
WPO-Cache-Status
WPO-Cache-Message
X-MP-GENERATED-AT
X-Via-NSCOPI
LB
Origin
X-Reqid
X-TA-CDN-Provider
X-Pubstack
X-Api-Version
X-Cdn
X-Origin-TTL
X-Amzn-Remapped-Content-Length
X-Soup
X-Origin-CC
X-GG-Cache-Date
X-AOL-HN
X-B3-SpanId
X-IPS-LoggedIn
From-Origin
X-Tumblr-Pixel-2
X-Service
X-NewRelic-App-Data
X-FW-Version
X-Vgn-Hpd-Reason
Cache-Hits
X-Xrds-Location
X-Newrelic-Synthetics
X-Varnish-Ttl
X-Platform-Server
X-Cluster-Node
Webserver
Rip
Upgrade-Insecure-Requests
X-Provided-By
X-Request-Host
Environment
A
Expiry
X-Ec-GeoHdr
X-Ec-Fail
Xc-Version
X-D
Cdncip
X-PBS-Appsvrname
X-Aed
DCR-Decision-By
DCR-Processing-Time-Ms
T-Server
X-External-Request-Id
X-Connection-Hash
Surrogated-Key
X-Owner
X-Forwarded-Path
X-B-Cookie
X-NAPM-TraceId
X-BCube-Filmed-By
X-Bc-Bl
X-Destination
BehaviorPad-Version
Host-ID
X-Vdms-Path
X-AK-Request-ID
X-Developer
X-Application
X-Orig-Expires
X-ARC
X-Cache-NE
Lang
X-Processor
HostName
X-A
X-ScT
Odigeo-Trace-Id
X-S-Cookie
X-S
Cdnsip
X-Served-From
X-VG-WebCache
X-TIM-N
X-User
Rendered-Blocks
X-Vdms-Version
X-Tenant
X-CSRF-Token
X-SRCache-Key
X-Rojux
X-Shop-Environment
X-A-Dcw
Sslversion
X-A-Dgt
Meta-Geo-Continent
MD5-Digest
X-A-Dam
X-A-Ccd
X-A-Wwc
Ngx.Var.Host
X-Rewrite-Enabled
OT-Force-Account-Verify
X-Cluster
X-VC
Fastly-SSL
X-Qloud-Router
Redirect-Candidate
X-Pool
X-Generated-On
X-Thanos
X-Accel-Buffering
X-Bip
X-Dispatcher-Number
X-Aicache-OS
Machine
X-Level-Front-Cache
Mobile-Detection-Method
X-Origin-Response-Time
X-Varnish-Beresp-Ttl
Cache-Tv-Group
X-WA-Info
X-TIME
V-Age
X-Core-Mission
Vix-Hermes-Req-Id
Traceparent
X-Core-Value
X-Datadog-Trace-Id
X-DefElseHash
X-DefHash
Tube-Got-Results
X-Clientip
X-Datadog-Sampling-Priority
Tube-Return
X-Datadog-Parent-Id
X-Csrf-Jwt
Thinkindot-Control
X-Cache-Id
X-Cache-Bucket
Wxu-Next-Hostname
X-Ad-Defer-Variation
X-Cache-Info
X-Branch-Name
Wxu-Next-Region
X-Auto-Login
TDXMobile
X-BBC-Edge-Cache-Status
Thinkindot-CacheControl
Wxu-Next-Commit
X-CacheTTL
X-Cdn-Srv
VNS-Age
X-CGP
X-Ckpd-Fst-Backend
VNS-Cache
Tube-Got-Eval
We-Hiring
Thinkindot-CacheControl-Type
Tube-Get-Contents
X-Cdn-Origin
X-Clara-WADP
X-Parent-Response-Time
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-Request-URI
X-S-Maxage
X-SB
X-Sigma
X-Session-Fingerprint
X-Scale
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Policy
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Proxy-Cache-Info
X-RateLimit-Limit-Second
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Sigma-Backend
X-SIPLIST1
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Viewer-Country
X-VServer
X-Worker
X-Wix-Viewer-Type
X-WADP-Cache
X-Varnish-CookieHashed-On
X-Variation
X-SplitTest
X-Sn-Servicetimems
X-Slack-Backend
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-V-Cache
X-Thinkindot-L3
X-Planisys-CDN-Cache
X-Origin-Time
X-Gateway-Cache-Key
X-Gamma-Serve
X-Forwarded-Site
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Geo-Header
X-Gdpr
X-Gateway-Skip-Cache
X-Fmm-Version
X-Fetched-On
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Device-Os
X-Epic-Correlation-Id
X-Esi-Check
X-Fastly-Cache
X-Eu-Site
X-GeoIP
X-GeoIP-City
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Minions-Version
X-NodeID
X-Nyt-Route
X-Origin-Expires
X-Origin
X-Optimistic-Header
X-Loc
X-JWT-State
X-Hash
X-Has-Esi
X-Gzip
X-HS-Content-Campaign-Id
X-INCAP-ABP
X-Is-Gdpr
X-Irp-Debug
X-Developers
Web-Mar-Region
DSUID
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Decoy-Debug-TTL
Decoy-Debug-Status
Datacenter
Decoy-Debug-Key
Fastly-SIE
Fastly-SWR
IsBot
Kp-EeAlive
Is-Eu
HA-Ipaddr
Gh-Request-Id
Ha-Gx-Prefs
CPC-Cache
CPC-Age
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Adler-Geo
State
X-NWS-UUID-VERIFY
Apple-News-Services-Request-Url
Cache-Host
Cmstype
Country-Code
Cluster
Click-Count-Error
Candidate-Md5Url
Click-Count-Action-Start
L
Cmsid
Platform
Origin-EX
Origin-CC
Producers
Release
L5d-Success-Class
Server-Host
Req-Svc-Chain
NM-Fastcgi-Cache
Servername
Mail-Subject
Memcached
NGX
Mime-Version
X-Cache-Remote
Svr
X-Scheme
AKAMAI
Server-Hostname
User-Cache-Control
CloudFront-Viewer-Country
X-Gen-Mode
Server-Ext
X-NCache
Sever-Int
CDCHOST
X-Block-Status
X-Hnp-Log
Fastcgi-Cache-TTL
X-Tec-Api-Root
WebServer
X-Tec-Api-Origin
X-Tec-Api-Version
Ec-Rule-Version
X-Pod-Name
X-Varnish-Beresp-Status
X-CMSURLCustom
X-Tx-Id
Canary
X-LB-NoCache
Ssr
X-Udemy-Cache-App-Namespace
X-Tb-Optimization-Total-Bytes-Saved
X-ZONE
X-Buckets
X-TRACE-ID
Sid
X-Ig-Push-State
SID
X-Sucuri-ID
X-Sucuri-Cache
X-Cache-Date
Pics-Label
X-Cache-Debug
X-Microcachable
X-Newrelic-App-Data
Fastly-Drupal-Html
X-Var-Ttl
X-WP-CF-Super-Cache-Active
X-Conf
X-Yandex-Sdch-Disable
X-Via-Poph
X-Via-Popn
X-ATG-Version
X-ND-Cache
X-Via-Popv
X-Generated-In
X-Refresh
X-FC-Vary-Parameters
X-Fastly-Backend
Time
Memory
X-Azure-Ref-OriginShield
X-Edge-Pop
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Presslabs-Stats
Server-ID
X-Dmc
X-MSEdge-Flight
X-Akamai-Transformed
X-Servedbyhost
X-MSEdge-Features
X-Be
X-Cs
Env
X-Release
X-Trace-ID
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
Fastly-Drupal-HTML
X-Fpc
X-NC
X-CS
X-Zone
X-Pass-Why
X-Endurance-Cache-Level
X-Esi
X-TX-ID
CDN
X-PX
X-Tumblr-Pixel-3
Magicmarker
X-EC-Lua
X-Up
X-Wikidot-Backend
X-Wikidot-Static-Cache
GeoIp-Country-Code
X-MCACHE
X-ID
X-DC
X-Srv
My-App
X-RateLimit-Reset
True-Client-IP
X-CACHE-AGE
X-Dispatch
X-Hyper-Cache
X-Wa
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Lambda-Id
X-Webkit-CSP-Report-Only
X-NGINX-Cache
X-VCL-Version
X-Nf-Request-Id
Pramga
X-M-Reqid
X-Micro-Cache
X-M-Log
X-App
X-CACHE-KEY
X-Varnish-Beresp-TTL
X-Vc
X-Vcl-Version
C-Via
X-Alfa-Service
X-Req
X-Qnm-Cache
Hostname
X-CSRF-TOKEN
X-TrackingId
N-Cache
X-Edge-Origin-Shield-Region
CacheControlHeader
Fastcgi-X-Cache-Version
X-Air-Pt
X-TH-Server
X-LB-ID
X-PAYTM-SRV-ID
True-Client-Ip
Resin-Trace
On-Server
X-HS-Status
X-Edge-Origin-Shield-Bytes
Path
X-Platform
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
GeoIP-Country-Code
X-Vercel-Cache
True-Client-Country-4JS
Esi-Enabled
X-Vercel-Id
Tcn
X-B3-Spanid
X-Op-Id-All
Tracecode
X-Vtex-Remote-Cache
GeoIP-Latitude
X-AIR-PT
X-Vtex-Processado-Em
X-SERVER-NAME
NtCoent-Length
X-PERF
X-ApacheServer
X-SD-PageType
Proxy-Connection
X-FPC
X-LAGOON
X-Node-Id
X-API-Version
X-Request-Start
Cdn
X-CLOUD-TRACE-CONTEXT
X-GeoIP-Region-Code
ENV
HIT
Hit
X-GeoIP-Country-Code
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
Cache-Key
X-WA
Section-Io-Origin-Time-Seconds
X-Cdn-Forward
X-Webkit-Csp-Report-Only
DT-Hot-News
X-Accel-Expires-Debug
X-Platform-Router
XkeyRZ
X-Proxy-CacheRZ
X-Date
X-Platform-Cluster
X-Datacenter
YJS-ID
X-Platform-Processor
X-ServedByHost
X-Geo
Server-Id
Lb
X-Mly-Id
X-Via-CDN
X-Render-Time
DynaTrace
WWW-Authenticate
X-Dw-Trace-Id
X-RAMCache
User-Agent
X-Lb-Id
X-Proxy-Upstream
PFcat
X-VarnishDD-TTL
X-Via-Ucdn
X-Traceid
XM
X-HN
X-Edge-POP
Server-Ttl
X-Proxy-Cache-Hk
X-Via-PopN
X-Via-PopV
X-LiteSpeed-Cache-Control
X-Via-PopH
Sm-Log-Id
X-Service-Response-Time
Dnion-Transfer-Encoding
X-Li-Fabric
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-LiteSpeed-Tag
Geoip-Latitude
X-Instance-Name
SRV
X-FORWARDED-FOR
MIME-Version
X-Old-Content-Length
X-Response-By
Ohc-File-Size
PICS-Label
X-TT-LOGID
X-Cache-Ttl
Yjs-Id
X-CF-Powered-By
X-CUA
Location
X-Nc
X-Lb-Nocache
X-DW
X-RPM
X-RPS
X-RSL
X-DSS
X-DI
X-Cache-Ngx
X-Ftr-Request-Id
X-DB
XServer
Powered-By
Nginx-CQVIP
X-Cache-Backend
X-Fastly-Backend-Reqs
X-Akamai-ERRuleID
FSS-Cache
M-TraceId
X-Akamai-ERPolicy
Vha6-Origin
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-UA
Srvid
X-IN-APIGATEWAY
X-Akamai-Request-ID
X-B3-ParentSpanId
X-FL-EDGE
X-Request-Url
X-Httpd
X-From
Wpo-Cache-Status
Locid
X-IN-APIGATEWAYSSL
X-Cc-Via
X-HA-Backend
X-Fastly-Cache-Hits
X-Cdn-Request-ID
X-HostName
Wpo-Cache-Message
X-Webstats-RespID
X-Location
X-Ips-Loggedin
CountryCode
Warning
X-DataCenter
X-Mg-Cache
X-Snapshot-Date
Ohc-Cache-HIT
X-MiniProfiler-Ids
X-Server-IP
X-Serial
Uri
X-Moov-T
Fastcgi-Cache-Ttl
Req-ID
X-Moov-Xdn-Version
WZWS-RAY