Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-XSS-Protection
X-Cache
Via
X-Powered-By
Pragma
CF-RAY
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
X-Amz-Cf-Id
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Permissions-Policy
X-Drupal-Cache
Server-Timing
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
X-Generator
X-Ua-Compatible
X-Cache-Status
X-Cacheable
X-CONTENT-TYPE-OPTIONS
Accept-Ch
X-Iinfo
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
X-XSS-PROTECTION
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
Status
Content-Encoding
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
X-Age
Request-Context
X-Amz-Version-Id
X-Backend
Cf-Edge-Cache
X-Hacker
X-Robots-Tag
Keep-Alive
CONTENT-SECURITY-POLICY
Cf-Apo-Via
X-Via
X-Turbo-Charged-By
X-Vhost
X-Request-ID
X-AH-Environment
X-Server
X-Dispatcher
X-Rq
X-Proxy-Cache
X-Cache-Group
X-Ws-Request-Id
EagleId
X-Varnish-Cache
X-UA-Device
Grace
Pantheon-Trace-Id
X-Litespeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
X-Page-Speed
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
X-FTR-Request-ID
X-Node
Ali-Swift-Global-Savetime
X-Host
X-Backend-Server
EagleEye-TraceId
X-Server-Id
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-HW
Cache-Tag
Accept-Ch-Lifetime
X-Response-Time
X-Amz-Server-Side-Encryption
X-Ua-Device
X-Content-Type
X-LiteSpeed-Cache
Content-Location
Cross-Origin-Opener-Policy
X-Element-Page-Cache
X-Nginx-Cache-Status
X-D2id
X-Nginx-Upstream-Cache-Status
Request-Id
X-Oneagent-Js-Injection
X-Rack-Cache
X-Application-Context
Service-Worker-Allowed
X-Trace
X-TraceId
Fastly-Restarts
X-Nf-Request-Id
X-Navigation-Version
X-Times
X-PC
X-TtlSet
X-Vname
Rating
X-Clacks-Overhead
X-Cnection
X-Country
X-Midtier
X-Edge
X-Mcache
X-Vcap-Request-Id
Origin-Trial
X-Browser-Type
Edge-Control
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-ESI
X-Cache-TTL
X-Url
X-FastCGI-Cache
Surrogate-Key
X-NWS-LOG-UUID
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-ECACHE
X-Request-Device-Id
X-Powered-By-Plesk
X-Ac
X-Abt-Application-Version
X-Amz-Rid
X-Mod-Pagespeed
X-Upstream
Verso
X-ORACLE-DMS-RID
X-B3-TraceId
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-MS-InvokeApp
X-Language
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Akamai-GRN
Nginx-Cache
X-Amzn-Trace-Id
X-T
Display
X-GitHub-Request-Id
Pagespeed
X-Middleton-Display
X-Sol
S
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Ruxit-Js-Agent
X-Envoy-Decorator-Operation
SPRequestDuration
SPRequestGuid
SPIisLatency
X-SharePointHealthScore
AR-Request-ID
X-Middleton-Response
Response
AR-PoweredBy
AR-ATIME
Edge-Cache-Tag
X-Distributor
X-Goog-Hash
X-Ratelimit-Limit
X-Resp-Is-Stale
X-Ser
X-Request-Processing-Time
X-Request-Received
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
X-NGENIX-Cache
Access-Control-Request-Method
Front-End-Https
X-Shield-Request-Id
X-Dw-Request-Base-Id
Ar-SID
RTSS
X-Ezoic-Cdn
X-Recruiting
X-Cache-Key
X-Client-IP
X-Content-Digest
Cache-Status
X-Amz-Replication-Status
X-Varnish-TTL
X-Version
X-Mg-S
YJS-ID
X-Fastly-Request-ID
X-Newrelic-App-Data
X-Ismobilevalue
Public-Key-Pins
X-Powered-CMS
X-Correlation-Id
TP-Cache
X-Accel-Expires
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
AR-CACHE
Fastcgi-Cache
X-MSEdge-Ref
Cache-Tags
X-Cached
X-Ttl
X-Server-Name
X-Cluster-Name
Arr-Disable-Session-Affinity
X-Content-Security-Policy-Report-Only
Realpath
X-Daa-Tunnel
X-Id
Content-MD5
X-HS-Combine-CSS
X-Azure-Ref
X-TTL
X-RateLimit-Remaining
X-HP-Webp
X-Cambria-Cache-Control
X-Jurisdiction
X-Ua-Browser
X-HP-Trace-Id
Payment
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amzn-RequestId
X-Amz-Apigw-Id
X-HS-Prerendered
X-HS-CF-Cache-Status
X-Xrds-Location
X-GUploader-UploadID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-For
Content-Disposition
X-Px
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Protected-By
X-TEC-API-ROOT
Count-Hit
X-Ratelimit-Remaining
X-Ratelimit-Reset
X-Activity-Id
X-Unique-Id
X-Az
X-AppVersion
X-Page-Id
X-Rid
Cross-Origin-Resource-Policy
X-Logged-In
Cleartype
X-Origin-Server
Accept-Charset
Cross-Origin-Embedder-Policy
X-Git-Hash
X-Proxy
X-Amz-Meta-S3cmd-Attrs
X-FB-Debug
X-Microsite
X-Request-Handler-Origin-Region
X-VARITI-CCR
X-Www-Served-By
Version
X-Geo-Country
X-COUNTRY
X-Load-Cache
X-Hits
X-LLID
X-Goog-Metageneration
X-ORACLE-DMS-ECID
X-Forwarded-Proto
X-Template
X-Varnish-Backend
X-Requestid
X-WebKit-CSP-Report-Only
X-Upgrade-Enabled
X-B3-Sampled
Server-Node
X-App-Server
X-PressLabs-Stats
X-ProcessESI
X-RemovedCookies
X-Hostname
Server-Name
Healthy
X-Content-Options
Access-Control-Allow-Method
X-Frontend
X-TT
Viewport
X-Device-Type
X-Grace
Section-Io-Cache
X-B
X-Request-Guid
X-Varnish-Grace
X-Varnish-Server
X-Fb-Rlafr
Alternate-Protocol
Fastly-SIE
Fastly-SWR
X-Hl-Ver
X-Contextid
AKAMAI-GRN
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
DC
X-Status
X-Cache-Age
X-CSRF-Token
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Yandex-Req-Id
X-Amzn-Remapped-Content-Length
X-Magnolia-Registration
Xet-Cookie
X-Varnish-Ttl
Upgrade-Insecure-Requests
MS-Author-Via
Frame-Options
X-Oracle-Dms-Ecid
X-App-Version
X-EdgeConnect-Cache-Status
X-Cache-Control
TCN
Host
X-CST
Retry-After
X-Origin-CC
X-Origin-TTL
X-Type
X-SERVER-NAME
Amp-Access-Control-Allow-Source-Origin
X-Original-Request-Id
X-Response-Served-From
X-Revision
SD-X-WS
X-AB
X-Debug
X-ServerID
VIX-Pulpo-Upstream-Status
X-G
VIX-Pulpo-Node
X-Mobile
NGB
X-Cacheable-TTL
X-Instance
X-UUID
X-Seen-By
X-INCAP-ABP
X-N
X-Akamai-Edgescape
X-Adobe-Content
X-Adobe-Loc
X-Backend-Name
X-Buckets
X-Rendered-As
X-Debug-IsConnected
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-NYM-Debug-Backend
Cross-Origin-Opener-Policy-Report-Only
X-Lambda-Id
X-Is-Bot
Cache
Access-Control-Request-Headers
X-Tumblr-User
X-Debug-IsPreview
X-Akamai-Request-ID2
X-Tumblr-Pixel-1
X-Cache-Status-Check
Cross-Origin-Embedder-Policy-Report-Only
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Framework
MS-CV
Ms-Operation-Id
X-WP-CF-Super-Cache
X-Content-Powered-By
Section-Io-Id
X-WP-CF-Super-Cache-Cache-Control
X-Mg-Request-UUID
X-RTag
X-B3-SpanId
Selected-Fe
X-Server-W
X-Timing-Wait
X-Proxy-Build
X-Tt-Trace-Host
X-Trace-Id
X-Tt-Trace-Tag
X-RM-Cache-TTL
X-Storage
X-ProxyCache-Status
X-ProxyCache-Key
Charset
YJS-CacheStatus
X-BYPASS-REASON
X-Dc
Paypal-Debug-Id
Webserver
X-VC-Cache
Accept-Language
Front
X-Ms-Version
X-Ms-Request-Id
Filterid
Onion-Location
X-Vcl-Version
SRV
X-Cache-Time
X-User-Agent
X-DataDome
X-VC
X-F-Cache
Refresh
X-Server-ID
Apigw-Requestid
X-Cache-Hit
X-Time
X-Origin-Cache
Priority
X-Real-IP
X-Node-Name
X-Region
X-Mly-Id
Liferay-Portal
X-Fastcgi-Cache
GEO-INFO
X-Environment-Context
X-CLOUD-TRACE-CONTEXT
X-L-Path
X-Webkit-Csp
X-Service
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Mode
X-HTML-Minification-Powered-By
X-Tec-Api-Version
X-LB-Cache
X-Api-Version
X-Tec-Api-Root
X-Rule
X-Origin
X-Optimistic-Header
X-Request-Site
X-Tec-Api-Origin
X-Request-Platform
X-Request-Bu
X-Tb
X-Rewrite-Enabled
X-Rn-Rsrv
X-Drupal-Cache-Tags
Meta-Geo
X-Rocket-Nginx-Serving-Static
X-UPSTREAM-Address
X-VCT
X-SaId
X-HITS
CDN-RequestId
Country
X-JoinUs
X-Tt-Logid
X-Tcp-Rtt
X-IPS-LoggedIn
X-Is-Desktop
X-Is-Supported-Browser
X-Wix-Request-Id
X-Is-Mobile-Only
X-Handled-By
X-Geo-Region
X-Is-Modern-Browser
X-Is-Tablet
X-Is-Mobile
Backend
X-Adobe-Source
X-Browser-Name
Mn-Server-Ip
Expiry
X-Cache-Expired-At
X-Datadog-Parent-Id
X-Web-Node
X-Pass-Why
X-Connection-Hash
X-Datadog-Sampling-Priority
X-Datadog-Sampled
Countrycode
X-Generation-Time
X-XRDS-Location
X-Platform
X-Provided-By
X-Datadog-Trace-Id
TWC-Locale-Group
Web-Mar-Node
TWC-GeoIP-DMA
Url
TWC-Connection-Speed
X-Cache-Action
TWC-Privacy
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
Uber-Trace-Id
Fastcgi-Useragent
Webcakes-App-Version
Webcakes-App-Name
X-Cloudmap
X-WP-CF-Super-Cache-Active
Webcakes-Region
X-Alternate-Cache-Key
OT-Force-Account-Verify
X-Cms-Context
TWC-GeoIP-Region
X-Cdn-Origin
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Origin-Date
X-Loop
X-Routing-Service
X-S
X-Tncms
X-Origin-Hint
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Proxy-Cache-Info
X-Proxied
X-Detected-As
X-Whom
X-Servername
ServerID
TWC-GeoIP-City
X-FB-TRIP-ID
X-Extlb
Node
X-Zipkin-Id
X-Forwarded-Host
Cross-Origin-Window-Policy
X-Varnish-Beresp-Grace
X-Httpd
X-Vcache
X-Hit
X-RCS-CacheZone
X-Tumblr-Pixel-3
X-Cluster
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Soup
X-Tumblr-Pixel-2
X-App-Environment
X-Hosted-By
X-Cache-Host
X-Format
X-Fetched-On
X-Director
X-Cache-Debug
X-Locale
X-Redis-Cache
X-Auth-Group-Type
X-MP-GENERATED-AT
X-Logging-Id
X-Skip-Cache
Environment
DB-Nickname
Cache-Hits
Atl-Traceid
Locale
X-CDN-Forward
ServedBy
X-FW-Dynamic
X-FW-Hash
X-Scope-Id
X-Endurance-Cache-Level
X-Edge-Location
X-Debug-Info
X-Say-Cacheable
X-Cluster-Node
X-SayCDN-TTL
X-FW-Serve
X-FW-Server
X-Restarts
Protected
X-Labrador-Cache-Channel
X-PHP-Host
X-Say-TTL
X-FW-Version
X-FW-Static
X-FW-Type
X-Served-From
X-Client-Ip
X-Drupal-Cache-Contexts
X-IPLB-Request-ID
X-IPLB-Instance
Filters
Xserver
AMP-Access-Control-Allow-Source-Origin
X-NWS-UUID-VERIFY
X-Presslabs-Stats
X-R9-Blue-Green-Version
WPO-Cache-Status
X-Ua
Request-ID
X-CDN-Cache-Status
LB
X-Varnish-Beresp-Ttl
X-GEO
X-WP-CF-Super-Cache-Cookies-Bypass
X-No-Session
X-SRCache-Key
Expect-Staple
X-ShopId
X-Sorting-Hat-ShopId
X-Varnish-Age
X-ShardId
X-Clientip
X-Sorting-Hat-PodId
X-Generated-By
X-Upstream-Ct
X-Upstream-Ht
X-Signature
X-Cache-FS-Status
X-Varnish-Cache-Hits
We-Hiring
X-B-Cache
Mail-Subject
Cache-Tv-Group
X-Lagoon
CloudFront-Viewer-Country
X-B3-Traceid
X-Cs
X-FORWARDED-FOR
Referer-Policy
X-Azure-Ref-OriginShield
X-PHP-Backend
X-TA-CDN-Provider
X-Cache-Operation
X-IsAdmin
X-Cache-Rule
X-LSADC-Cache
X-Webstats-RespID
Location
X-Worker
X-SRV
X-Auto-Login
X-Bc-Bl
X-ECache
From-Origin
X-Server-IP
Fl-Custom-Application
X-Site-Version
Cache-Provider
X-UA
Load-Balancing
Candidate-Md5Url
X-Tb-Optimization-Total-Bytes-Saved
DCR-Processing-Time-Ms
Host-ID
S-Rt
Lang
DCR-Decision-By
Origin-Agent-Cluster
MD5-Digest
Source
X-A-Wwc
X-GeoCode
X-GeoCountry
X-Ig-Origin-Region
X-Ig-Push-State
X-External-Request-Id
X-Ec-GeoHdr
X-Destination
X-Developer
X-Ec-Fail
X-Loc
X-ND-Cache
X-Vdms-Version
X-Vtex-Remote-Cache
Xc-Version
X-ScT
X-S-Cookie
X-Org
X-PERF
X-Rojux
X-D
X-Content-Age
Rendered-Blocks
Sslversion
X-A
X-A-Dam
Redirect-Candidate
Pragrma
N-Cache
Ngx.Var.Host
Origin
X-A-Dcw
X-A-Dgt
X-Bl-Debug
X-Cache-NE
X-Conf
X-BCube-Filmed-By
X-B-Cookie
X-Aed
X-ApacheServer
X-Application
Meta-Geo-Continent
X-A-Ccd
WPO-Cache-Message
X-Accel-Version
X-AWS-Id
X-CACHE-AGE
X-VWS-Id
Mime-Version
X-Xfnlog-Site
X-LJ-Flow-ID
X-CGP
X-Cms-Device
X-Contensis-Viewer-Groups
X-Bug-Bounty
X-AK-Request-ID
X-Core-Value
X-Cache-Aspx
X-CacheTTL
X-DefElseHash
X-Ee-Request-Date
X-Ee-Request-Id
X-Epic-Correlation-Id
X-Fastly-Backend
X-Ee-Origin
X-Ee-Generated-By
X-CUA
X-DefHash
X-Depends
X-Dispatcher-Server
X-Csrf-Jwt
X-Access
Origin-Site
Powered-By
RNT-Machine
RNT-Time
Odigeo-Trace-Id
NM-Fastcgi-Cache
Ha-Gx-Prefs
IsBot
L5d-Success-Class
Log-Origin
Server-Host
ServerName
Wxu-Next-Hostname
Wxu-Next-Region
X-FC-Vary-Parameters
X-Action
Wxu-Next-Commit
Web-Mar-Region
Store-Cloud-Cache
Time-Cloud-Cache
Vix-Hermes-Req-Id
X-Aicache-OS
X-Gamma-Serve
X-Sn-Servicetimems
X-Up
X-V-Cache
X-Varnish-Authentication
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Section
X-Sigma
X-Sigma-Backend
X-SIPLIST1
X-Varnish-Beresp-Status
X-Varnish-CookieHashed-On
X-VG-TLSProxy
X-VG-WebCache
X-Via-Fastly
Sid
X-Vary-Devices
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-Varnish-Hostname
X-SD-PageType
X-Save-Cache
X-GoCache-CacheStatus
X-Hash
X-HS-Content-Campaign-Id
X-Internal-TTL
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Forwarded-Site
X-From
Gh-Request-Id
X-GeoIP-City
X-Men
X-Micro-Cache
X-PAYTM-SRV-ID
X-Policy
X-Req
X-Rocket-Build-Number
X-Origin-Expires
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-NMSegId
X-Node-Id
X-Fmm-Version
X-Eu-Site
Cdncip
Canary
CDN-PullZone
CDN-RequestCountryCode
Fastly-SSL
Cdnsip
CDN-CachedAt
CDN-EdgeStorageId
Apple-News-Services-Request-Url
CDN-Cache
Cluster
Apple-News-Services-Handled
Apple-News-Services-Host
X-URL
Apple-News-Services-Parsed-Url
Country-Code
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
Gannett-Cam-Experience-Id
X-Parent-Response-Time
X-Cached-By
X-NewRelic-App-Data
X-VC-TTL
X-NF-Request-ID
Azure-SiteName
Azure-SlotName
X-Cache-Id
Cache-Contol
Azure-Version
X-Cache-Date
X-Block-Status
X-Bip
Azure-InstanceId
Azure-RegionName
X-Edge-Server
X-Esi-Check
X-SB
X-Debug-Cache-Store
CDCHOST
X-Debug-Cache-Fetch
X-Content-Length
X-Date
Cdn-Host
Cdn-Request-Time
Cmsid
X-Render-Time
X-DPWN-IS-SECURE
CacheControlHeader
Cmstype
X-Ec-Custom-Error
X-Gen-Mode
X-Thinkindot-L3
X-Origin-Time
X-Path
X-Op-Id-All
X-UA-Device-Type
X-Tx-Id
X-Uri
X-Nyt-Route
X-Thinkindot-L1
X-Thanos
X-Sucuri-Cache
X-Request-URI
X-Shield-Cache-Expires
X-SVT-ORM-RULES
X-Region-Sid
X-SVT-ORM-VERSION
X-Proto
X-Pubstack
X-Mvc-Supplant-OutputCached
X-Level-Front-Cache
X-Vmg-Version
X-Viewer-Country
X-Vercel-Id
X-We-Are-Hiring
X-Wikidot-Backend
X-Frame-Option
X-Gdpr
X-Generated-On
X-Gzip
X-Vercel-Cache
X-Ion-Healthy
X-Ion-Hop
X-Jungle-Id
X-Human
X-VarnishDD-TTL
X-HN
X-Hnp-Log
X-Wikidot-Static-Cache
X-Reqid
Tube-Get-Contents
Tube-Got-Eval
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
Tube-Got-Results
Tube-Return
Content-Script-Type
Click-Count-Error
Content-Style-Type
Cookie
User-Cache-Control
Nord-Request-ID
DSUID
Release
Req-Svc-Chain
Pics-Label
Producers
Platform
PFcat
Fastly-Backend-Name
Origin-CC
Origin-EX
RewriteTestHook
RewriteTeamHook
X-Litespeed-Cache-Control
V-Age
X-B3-Trace-ID
X-Backend-Instance
Machine
L
Click-Count-Action-Start
X-Acquia-Purge-Cdn-Unconfigured
X-Amz-Storage-Class
CF-IPCountry
X-Accel-Expires-Debug
X-BBC-Edge-Cache-Status
X-App-Name
X-Akamai-Device-Characteristics
X-AB-Test
X-ZONE
X-Nginx-Cache-Key
X-Via-Popn
X-Via-Popv
X-Proxied-Request
X-Via-Poph
C-Via
X-Moov-T
X-Debug-Service
X-Origin-Response-Time
X-Location
X-Datadome
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
Fastly-GeoIP-CountryCode
X-ElasticPress-Query
X-NGINX-Cache
True-Client-Country-4JS
X-Pad
Fastly-Drupal-HTML
Server-Hostname
Sever-Int
X-Srv
X-HA-Backend
X-AIR-PT
XM
Server-Ext
X-Sucuri-ID
X-Webkit-CSP
X-Varnish-Hits
NGX
Show-Do-Not-Sell-Link
Traceparent
Debug
X-Cache-Backend
X-Refresh
X-Ez-Minify-Html
X-Air-Pt
Server-ID
X-APP
X-Unity-Cache
X-Fastly-Request-Id
GeoIP-Latitude
GeoIp-Country-Code
HostName
X-Nananana
X-TH-Server
X-Fpc
X-Servedbyhost
X-LB-ID
X-DynaTrace-JS-Agent
Cdn
WZWS-RAY
X-Zone
Product
Tcn
DataCenter
HA-Ipaddr
X-VCL-Version
Lb
AR-SID
X-B3-Parentspanid
X-Amz-Meta-Cb-Modifiedtime
X-Wa
X-AC
X-Nc
X-CDN-Provider
X-Nginx-Cache
SID
Fastly-Drupal-Html
A
X-Cache-VC
X-GeoIP
X-Newrelic-Synthetics
X-Proxy-Cache-La3
X-Proxy-CacheR9
Serverhost
Xkeylog
Xkey-La3
XkeyR9
X-Cdn-Forward
X-Datacenter
X-TX-ID
X-User
X-Vc
Edge-Cache
CountryCode
X-Litespeed-Tag
Cs
Resin-Trace
X-RateLimit-Limit
NtCoent-Length
X-Source
Cdn-Requestid
X-Request-Start
Esi-Enabled
X-LiteSpeed-Tag
X-LB-NoCache
X-TT-LOGID
X-API-Version
X-Wormhole-Sdk
X-LiteSpeed-Cache-Control
X-VC-Age
MIME-Version
X-B3-Spanid
Sm-Log-Id
X-HubSpot-Correlation-Id
X-NC
X-WA
Akamai-Mon-Iucid-Del
X-ID
X-Dynatrace-Js-Agent
X-Service-Response-Time
X-Aspnet-Version
CDN
X-TIM-N
Proxy-Firewall
X-Html-Minification-Powered-By
X-Scheme
X-HA-Bot-Classification
Content-Secure-Policy
X-Udemy-Cache-App-Namespace
Pramga
X-Styx-Origin-Id
Wsr-Cache
X-HA-Application-Name
X-HA-Device-Type
X-Styx-Info
Datacenter
Cr
RATING
Uri
Geoip-Latitude
X-Via-JSL
X-Fastly-Backend-Reqs
X-Var-Ttl
X-Lb-Id
X-Ez-Minify-Js
X-Srcache-Store-Status
X-Srcache-Fetch-Status
ServerHost
X-Lsadc-Cache
X-FPC
Yjs-Id
GeoIP-Country-Code
X-TimeS
Hostname
Cloudfront-Viewer-Country
X-NODE
X-ServedByHost
W
X-Pool
X-NodeID
From-Cache
Server-Id
X-Stale
X-Request-Host
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Oracle-DMS-ECID
X-Aspnetmvc-Version
X-CACHE-KEY
X-Lb-Nocache
X-Akamai-Pragma-Client-IP
X-Swift-Error
X-App
X-MSEdge-Features
X-MSEdge-Flight
X-RequestId
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Wp-Cf-Super-Cache-Active
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-LAGOON
X-Shardid
X-Shopid
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Vgn-Hpd-Reason
X-Correlation-ID
X-Proxy-Cache-LA2
T-Server
X-Ramcache
X-ByteArk-Cache
X-Cache-Grace
X-VServer
X-DynaTrace
X-ByteArk-ReqID
X-Ssense-Shipping-Surcharge-Enabled
Surrogated-Key
X-Ssense-Gql
X-Key
Srv
Ohc-File-Size
Ohc-Cache-HIT
X-CS
X-Elasticpress-Query
X-Varnish-Beresp-TTL
X-Geo
X-Webkit-Csp-Report-Only
Cl-Cache
Yak-Timeinfo
X-Cdn-Cache-Status
X-DataCenter
CF-Cached-On
Ngx
X-CSRF-TOKEN
X-Sucuri-Id
X-PageType
X-Web-Server
X-Th-Server
X-ATG-Version
X-Jobs
Req-ID
WebServer
Akamai-X-True-TTL
X-DC
X-Via-SSL
Edge-Copy-Time
X-Ha-Backend
X-Via-CDN
X-Via-Edge
X-Iplb-Request-Id
N1-Cache
X-Iplb-Instance
X-Via-PopV
X-Via-PopN
Warning
X-Limited
My-App
X-MiniProfiler-Ids
X-Beacon
X-Via-PopH
X-Fastly-Cache-Status
X-Env
X-Mg-Cache
Host-Name
X-Zen-Fury
X-Geolocation
User-Agent
X-Request-Url
X-Check-Cacheable
Xkey-G-Jp