Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Request-ID
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Status
Upgrade
X-CDN
X-AspNetMvc-Version
P3p
Access-Control-Max-Age
X-Via
X-UA-Device
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
X-Proxy-Cache
X-Dns-Prefetch-Control
Keep-Alive
X-Server
X-Ua-Compatible
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Cf-Apo-Via
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Server-Id
X-Ruxit-JS-Agent
EagleEye-TraceId
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Cache-Spec
X-Content-Security-Policy-Report-Only
X-Cache-Lookup
X-HW
Accept-Ch-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
X-Litespeed-Cache
Content-Location
X-Mcache
X-MS-InvokeApp
X-Content-Type
X-Url
Accept-CH-Lifetime
X-Clacks-Overhead
X-TtlSet
X-CST
X-Vname
X-PC
X-Amz-Server-Side-Encryption
X-Midtier
Rating
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-Rack-Cache
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
Verso
Origin-Trial
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
X-Ac
Service-Worker-Allowed
X-Powered-By-Plesk
X-Cnection
X-ECACHE
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
X-Client-IP
Xkey
X-Abt-Application-Version
X-Ttl
Edge-Control
SPIisLatency
SPRequestDuration
X-Cache-TTL
X-Upstream
Arr-Disable-Session-Affinity
X-B3-TraceId
X-Cached
X-Dw-Request-Base-Id
X-NWS-LOG-UUID
X-Instrumentation
X-Browser-Type
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-FastCGI-Cache
X-Mg-S
X-Varnish-TTL
X-Px
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Cache-Key
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-Forwarded-For
Edge-Cache-Tag
X-Country-Code
X-NF-Request-ID
X-Goog-Hash
TCN
Content-MD5
X-Powered-CMS
X-Id
Front-End-Https
X-Ser
AR-Request-ID
X-Correlation-Id
AR-SID
AR-PoweredBy
AR-CACHE
AR-ATIME
Public-Key-Pins
X-RateLimit-Remaining
X-HP-Trace-Id
X-HP-Webp
X-Version
X-Jurisdiction
Accept-Ch
X-Amzn-Trace-Id
X-MSEdge-Ref
X-Recruiting
X-T
X-Ratelimit-Limit
X-Content-Digest
Response
X-Middleton-Response
X-Accel-Expires
TP-Cache
TP-L2-Cache
MicrosoftSharePointTeamServices
X-Shield-Request-Id
S
Nginx-Cache
Cache-Status
X-Webkit-Csp
X-Daa-Tunnel
X-XRDS-Location
X-Request-Processing-Time
Server-Node
X-Request-Received
X-B3-TraceId-Primal
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
Mrf-Cache-Status
MRF-Tech
Cache-Tags
Cross-Origin-Opener-Policy
X-Hits
X-Fastly-Request-ID
X-Distributor
X-PressLabs-Stats
X-LB-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
X-Origin-Server
X-Ratelimit-Remaining
X-Ezoic-Cdn
X-Ua-Browser
Fastcgi-Cache
X-ORACLE-DMS-ECID
Alternate-Protocol
X-ORACLE-DMS-RID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Fastcgi-Cache
X-Grace
X-Ratelimit-Reset
X-Hostname
X-Frontend
Filterid
Server-Name
X-Geo-Country
X-Microsite
X-Request-Handler-Origin-Region
X-LLID
X-Rid
X-DIS-Request-ID
X-FB-Debug
Healthy
X-Logged-In
X-Varnish-Backend
X-Debug-Info
X-NGENIX-Cache
Payment
X-Git-Hash
X-Www-Served-By
Realpath
X-Protected-By
X-Cluster-Name
X-Load-Cache
Cleartype
X-Page-Id
X-Forwarded-Proto
DC
X-ASPNET-VERSION
X-ECache
MS-Author-Via
X-DataDome
Content-Disposition
Access-Control-Allow-Method
X-Origin-Cache
X-TTL
Charset
X-B3-Sampled
X-GUploader-UploadID
X-Goog-Metageneration
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Upgrade-Enabled
X-Proxy
X-Az
X-Activity-Id
X-AppVersion
X-Seen-By
X-F-Cache
Count-Hit
X-Cache-Age
X-Amz-Replication-Status
X-Amz-Meta-S3cmd-Attrs
X-B3-Traceid
X-Fb-Rlafr
Cross-Origin-Resource-Policy
X-Times
X-Type
X-Whom
X-Azure-Ref
X-B
X-Contextid
X-Akamai-Edgescape
X-Revision
Paypal-Debug-Id
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
Retry-After
X-Route-Name
X-Flags
Surrogate-Key
X-Aspnetmvc-Version
X-Aspnet-Duration-Ms
X-TT
Accept-Charset
X-Varnish-Server
X-Wix-Request-Id
X-App-Environment
Viewport
X-Hosted-By
X-B-Cache
X-Signature
X-Language
X-DynaTrace
Amp-Access-Control-Allow-Source-Origin
X-Envoy-Decorator-Operation
X-Cache-Control
X-App-Server
X-Source
X-Mobile
X-Magnolia-Registration
X-Varnish-Grace
X-VCache
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Host
X-Server-ID
WPO-Cache-Message
WPO-Cache-Status
Version
X-Cache-Rule
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-HTML-Minification-Powered-By
X-N
Referer-Policy
X-Tumblr-User
X-Cache-Time
X-Varnish-Age
Access-Control-Request-Headers
X-Tumblr-Pixel-1
X-Response-Served-From
X-Original-Request-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Refresh
X-Cache-Status-Check
X-Varnish-Ttl
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Rule
X-EdgeConnect-Cache-Status
Protected
Ms-Operation-Id
CDN-RequestId
X-RTag
SD-X-WS
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
MS-CV
X-Jobs
X-G
X-Content-Powered-By
X-UUID
X-Cacheable-TTL
From-Origin
X-Framework
X-ProcessESI
X-User-Agent
X-Environment-Context
X-Device-Type
X-RemovedCookies
X-Cache-Grace
X-L-Path
GEO-INFO
X-Tt-Trace-Host
X-Tt-Trace-Tag
Section-Io-Cache
X-FW-Serve
X-FW-Version
X-FW-Dynamic
X-FW-Type
X-FW-Static
X-Page-View
X-Backend-Name
X-FW-Server
X-FW-Hash
X-Adobe-Content
X-Region
Akamai-GRN
X-Adobe-Loc
X-NYM-Debug-Backend
X-Status
X-Instance
X-Http-Reason
X-Akamai-Request-ID2
X-Cache-Expired-At
X-XRDS-LOCATION
X-Trace-Id
X-RateLimit-Limit
X-Nginx-Cache
X-Rendered-As
Front
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
NGB
X-Is-Bot
X-Fastly-Request-Id
Url
X-Servername
X-Unique-Id
SRV
Accept-Language
X-Template
X-Content-Options
Pinterest-Generated-By
X-Pinterest-Rid
X-CDN-Forward
Pinterest-Version
X-Debug-IsConnected
X-Debug-IsPreview
Liferay-Portal
X-Air-Trace-Id
X-Air-Hostname
X-Newrelic-App-Data
Backend
Fastly-SWR
X-Yottaa-Optimizations
X-Air-Source
Fastly-SIE
X-Yottaa-Metrics
X-Time
X-Cache-Hit
X-Zen-Fury
Country
X-DynaTrace-JS-Agent
X-Mode
X-COUNTRY
X-Rocket-Nginx-Serving-Static
X-Cache-Operation
X-Uri
Node
X-Rewrite-Enabled
Meta-Geo
Uber-Trace-Id
S-Rt
Onion-Location
X-Amzn-Remapped-Content-Length
X-Content-Age
X-Generation-Time
Filters
X-Cache-Server
Content-Secure-Policy
X-RN-RSRV
X-Tumblr-Pixel-2
X-UPSTREAM-Address
CF-IPCountry
X-Proxy-Build
Selected-Fe
X-Proxy-Cache-Info
X-IPS-LoggedIn
Webserver
X-Timing-Wait
X-Web-Node
X-Edge-Location
X-PHP-Backend
X-Tumblr-Pixel-3
Cache-Hits
X-Cluster-Node
X-Skip-Cache
Cache-Name
X-Say-TTL
X-ARC
X-Server-W
X-Cache-Action
X-Site-Version
Azure-Version
Azure-RegionName
Azure-InstanceId
X-Proto
X-Tb
Azure-SiteName
X-Soup
Azure-SlotName
X-Access
X-BYPASS-REASON
X-Cms-Context
X-Via-Fastly
X-Ms-Request-Id
X-Locale
X-ProxyCache-Status
X-ProxyCache-Key
X-Varnish-Beresp-Grace
X-Ms-Version
X-Say-Cacheable
X-Format
X-Origin-Date
X-Section
X-Real-IP
X-SayCDN-TTL
X-Proxied
TWC-Connection-Speed
ServedBy
Property-Id
X-Routing-Service
DB-Nickname
Cross-Origin-Window-Policy
X-Proxy-Cache-Status
X-Reqid
X-PHP-Host
X-Zipkin-Id
TWC-Locale-Group
X-Origin-Hint
X-Labrador-Cache-Channel
X-Ua
X-Handled-By
X-R9-Blue-Green-Version
X-Sucuri-Cache
X-Debug
X-Forwarded-Host
X-UA-Device-Type
X-Sql-Count
X-Extlb
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
Webcakes-App-Name
X-Sql-Duration-Ms
Webcakes-Region
X-Sucuri-ID
TWC-Device-Class
Webcakes-App-Version
Countrycode
X-AWS-Id
X-SaId
X-Cache-Host
X-Adobe-Source
X-FB-TRIP-ID
X-JoinUs
X-Optimistic-Header
X-IPLB-Request-ID
X-LJ-Flow-ID
X-VC-Cache
X-VWS-Id
X-Ruxit-Js-Agent
Apigw-Requestid
X-IPLB-Instance
Cache-Tv-Group
X-Detected-As
X-Cache-TTL-Remaining
Mn-Server-Ip
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-No-Session
X-Cluster
Web-Mar-Node
X-App-Version
X-Node-Name
X-LSADC-Cache
X-GeoCountry
X-GeoCode
ServerID
X-Tec-Api-Root
X-Tec-Api-Version
X-LAGOON
X-Tec-Api-Origin
X-Tt-Logid
Fastcgi-Useragent
X-WP-CF-Super-Cache
WP-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Xfnlog-Site
X-Director
X-Oneagent-Js-Injection
Source
Upgrade-Insecure-Requests
Mime-Version
X-Varnish-Hits
X-GEO
X-Buckets
Frame-Options
CDN-RequestCountryCode
X-Hl-Ver
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
CDN-Uid
CDN-PullZone
X-Generated-By
Fastly-Drupal-HTML
X-TIME
X-Request-Time
X-Mg-Request-UUID
X-FireWall-Port
X-Varnish-Cache-Hits
X-Api-Version
Load-Balancing
X-Webkit-CSP-Report-Only
X-Redis-Cache
Xet-Cookie
X-TA-CDN-Provider
X-Varnish-Hostname
X-ServerID
X-Origin-CC
X-Origin-TTL
X-Loop
X-URL
X-RM-Cache-TTL
X-Datadog-Sampling-Priority
X-Cache-Debug
X-Datadog-Sampled
CF-Cached-On
X-Datadog-Parent-Id
X-Correlation-ID
X-SRV
X-Datadog-Trace-Id
X-Tx-Id
X-Akamai-Transformed
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-ShardId
X-Pubstack
X-Served-From
X-Newrelic-Synthetics
X-Pass-Why
X-CSRF-Token
X-Endurance-Cache-Level
X-Request-Host
X-Restarts
X-Storage
Server-Info
X-Location
X-Service
X-TNCMS
Xserver
Thinkindot-CacheControl-Type
X-A-Dam
Thinkindot-Control
WWW-Authenticate
X-A
X-A-Ccd
Ngx.Var.Host
Gannett-Cam-Experience-Id
Edge-Cache
Host-ID
Lang
MD5-Digest
DSUID
DCR-Processing-Time-Ms
BehaviorPad-Version
A
Cache-Host
Candidate-Md5Url
DCR-Decision-By
Memcached
Meta-Geo-Continent
Sslversion
Server-Host
Surrogated-Key
T-Server
TDXMobile
Rendered-Blocks
Release
NM-Fastcgi-Cache
X-A-Dcw
Odigeo-Trace-Id
Origin
Redirect-Candidate
Thinkindot-CacheControl
X-Ec-GeoHdr
X-Rocket-Build-Number
X-Processor
X-Rojux
X-S
X-S-Maxage
X-S-Cookie
X-Platform-Router
X-Platform-Processor
X-Nyt-Route
X-Mobile-URL
X-Origin
X-Origin-Time
X-Platform-Cluster
X-ScT
X-Sigma
X-TIM-N
X-Thinkindot-L3
X-Vdms-Path
X-Vdms-Version
Xc-Version
X-Thanos
X-Test
X-Sn-Servicetimems
X-Sigma-Backend
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Mid
X-Men
X-Cache-NE
X-Cache-Date
X-Cdn-Origin
X-CMSURLCustom
X-Core-Mission
X-Conf
X-Bip
X-BCube-Filmed-By
X-Akamai-Device-Characteristics
X-A-Wwc
X-Application
X-B-Cookie
X-Bc-Bl
X-CUA
X-D
X-Httpd
X-Hash
X-INCAP-ABP
X-Level-Front-Cache
X-Loc
X-Generated-On
X-Gdpr
X-Developer
X-Destination
X-Ec-Fail
X-Epic-Correlation-Id
X-External-Request-Id
X-A-Dgt
X-Aed
X-WP-CF-Super-Cache-Active
HostName
X-Server-IP
Gh-Request-Id
X-SD-PageType
Tube-Return
X-Scale
Tube-Got-Eval
Tube-Got-Results
Is-Eu
X-Slack-Backend
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Fastly-Backend
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-Slack-Shared-Secret-Outcome
Vix-Hermes-Req-Id
X-GeoIP
Tube-Get-Contents
X-Geo-Header
X-Node-Id
Platform
X-Origin-Response-Time
X-Origin-Expires
X-Org
X-NodeID
Req-Svc-Chain
X-Gamma-Serve
X-Cache-Info
X-Platform
X-Auto-Login
Magicmarker
X-Req
X-Region-Sid
X-Fetched-On
X-CacheTTL
X-Pool
X-Varnishpool
X-Variation
X-GeoIP-City
X-Human
AKAMAI
C-Via
X-Worker
X-Varnish-Beresp-Ttl
CacheControlHeader
Adler-Geo
X-Ec-Custom-Error
X-Dispatcher-Number
X-Has-Esi
X-DefHash
X-DefElseHash
X-Response-By
X-Dispatcher-Server
X-We-Are-Hiring
X-Ad-Defer-Variation
Cmsid
X-Is-Gdpr
X-VServer
CloudFront-Viewer-Country
Cmstype
Country-Code
Click-Count-Action-Start
X-BBC-Edge-Cache-Status
X-Vmg-Version
Click-Count-Error
X-JWT-State
Environment
X-Provided-By
X-Parent-Response-Time
X-Azure-Ref-OriginShield
X-Cache-FS-Status
X-Frame-Option
X-Nginx-Cache-Key
X-App
X-Accel-Expires-Debug
X-Irp-Debug
X-Instance-Name
Section-Origin-Responded
X-Accel-Buffering
X-Gzip
Section-Io-Origin-Time-Seconds
X-Cache-Bucket
X-Mly-Id
X-Mvc-Supplant-Cachable
We-Hiring
Section-Io-Id
X-Cache-Id
Ssr
State
Section-Io-Origin-Status
X-HS-Content-Campaign-Id
X-FC-Vary-Parameters
X-Date
X-VG-TLSProxy
X-DPWN-IS-SECURE
X-Var-Ttl
Fastly-Backend-Name
X-V-Cache
X-Forwarded-Site
Fastly-GeoIP-CountryCode
X-Core-Value
X-WA-Info
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Expect-Staple
Cache-Key
X-Esi-Check
X-Wix-Viewer-Type
Canary
X-Ckpd-Fst-Backend
Kp-EeAlive
Origin-CC
X-Planisys-CDN-Cache
X-Device-Os
Origin-EX
X-Owner
X-Developers
Producers
X-Cache-Tags
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Request-Start
X-Air-Pt
X-Fastly-Cache
Apple-News-Services-Handled
X-Cdn-Srv
X-Qloud-Router
X-Release
Mail-Subject
X-Via-CDN
X-Clara-WADP
X-Fmm-Version
X-Gen-Mode
X-Block-Status
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Op-Id-All
X-Vcl-Version
Machine
L
NGX
X-Platform-Server
PFcat
X-HN
Fastly-SSL
X-VarnishDD-TTL
Srvid
X-FL-EDGE
X-FL-QIT-DEBUG
Locid
X-SB
Datacenter
X-WADP-Cache
X-Old-Content-Length
On-Server
Wxu-Next-Commit
Server-Ext
Wxu-Next-Hostname
Wxu-Next-Region
X-Hnp-Log
X-Aicache-OS
User-Cache-Control
Web-Mar-Region
X-Minions-Version
X-NCache
Sever-Int
Server-Hostname
X-CACHE-AGE
X-Zone
Edge-Copy-Time
X-Via-Edge
X-VC
X-Via-SSL
X-From
X-Eu-Site
X-Microcachable
X-B3-Spanid
X-LB-NoCache
X-Cache-Remote
X-CGP
Cache-Provider
Ha-Gx-Prefs
L5d-Success-Class
HA-Ipaddr
X-Csrf-Jwt
CDCHOST
X-Cache-Enabled
X-Mvc-Supplant-OutputCached
X-Cache-Backend
X-Up
X-Tb-Optimization-Total-Bytes-Saved
X-Refresh
X-Nananana
X-Dc
X-RCS-CacheZone
Decoy-Debug-Key
Cluster
Decoy-Debug-Status
Decoy-Debug-TTL
GeoIP-Latitude
X-Lambda-Id
X-Generated-In
Pics-Label
X-ND-Cache
Env
X-DC
X-Trace-ID
X-Debug-Cache-Fetch
X-VCT
X-Cached-By
X-Via-Popv
X-Debug-Cache-Store
X-NWS-UUID-VERIFY
X-Tid
X-Via-Poph
X-Via-Popn
SID
X-Cs
Cache
NtCoent-Length
Time
X-Edge-Pop
Memory
X-Vtex-Remote-Cache
X-Render-Time
Sid
X-HS-Status
X-Webkit-CSP
X-Hcs-Proxy-Type
CPC-Age
X-Upstream-Ht
X-CCDN-Origin-Time
X-CCDN-CacheTTL
CPC-Cache
X-Upstream-Ct
X-LB-ID
X-Servedbyhost
X-HA-Backend
VNS-Age
VNS-Cache
X-Srv
X-B3-SpanId
X-Nf-Request-Id
Fastly-Drupal-Html
X-Vgn-Hpd-Variations-Key
X-Wa
X-TH-Server
X-Nc
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Cache-Type
X-AIR-PT
Svr
X-Presslabs-Stats
X-DataCenter
X-Esi
Cdn
AMP-Access-Control-Allow-Source-Origin
X-Client-Ip
X-CLOUD-TRACE-CONTEXT
Server-ID
X-NewRelic-App-Data
X-Varnish-Authentication
GeoIp-Country-Code
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Via-JSL
X-ATG-Version
X-ZONE
Srv
X-Check-Cacheable
Uri
X-Fpc
X-Vc
X-Proxy-CacheRZ
XkeyRZ
True-Client-IP
Esi-Enabled
X-MP-GENERATED-AT
X-Amz-Meta-Cb-Modifiedtime
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
XServer
Cdnsip
X-Gateway-Skip-Cache
Cdncip
X-Gateway-Request-Id
X-AK-Request-ID
M-TraceId
X-RateLimit-Limit-Second
X-Varnish-Beresp-TTL
X-Gateway-Cache-Key
X-RateLimit-Remaining-Second
X-Gateway-Cache-Status
Hostname
X-EC-Lua
X-Udemy-Cache-App-Namespace
X-CS
X-NGINX-Cache
Resin-Trace
N-Cache
X-API-Version
True-Client-Ip
X-Via-NSCOPI
YJS-ID
X-CSRF-TOKEN
OT-Force-Account-Verify
X-Tenant
X-FPC
X-Orig-Expires
X-Shop-Environment
X-Wikidot-Backend
X-CDN-Cache-Status
X-Wikidot-Static-Cache
X-Bl-Debug
X-Forwarded-Path
Lb
X-MSEdge-Flight
RNT-Time
X-MSEdge-Features
RNT-Machine
X-Datadome
X-Fastly-Country-Code
Eomportal-Instance
Request-ID
X-TX-ID
X-APP-VERSION
GeoIP-Country-Code
X-App-Name
CDN
X-RateLimit-Reset
X-Micro-Cache
Path
Sm-Log-Id
Server-Id
X-CACHE-KEY
X-Policy
Ngx-Var-Key
X-Service-Response-Time
X-B3-Trace-ID
X-Cache-Ttl
X-WA
LB
X-SIPLIST1
IsBot
X-Vcache
X-Accel-Version
X-Datacenter
X-Lb-Id
Hit
X-NC
X-Cache-NGX
X-Logging-Id
X-MCACHE
X-Ha-Backend
X-VCL-Version
X-Request-URI
X-Container-Uri
X-Git-Commit
HIT
X-Edge-POP
X-Info
Pramga
Location
X-Cdn-Cache-Status
Cross-Origin-Opener-Policy-Report-Only
X-Cdn-Diag
X-ServedByHost
X-SERVER-NAME
X-Geo
X-Akamai-Pragma-Client-IP
Ohc-File-Size
FSS-Cache
Timeexpire
X-Cdn-Forward
X-Xrds-Location
X-Tncms
X-Snapshot-Date
X-Srcache-Fetch-Status
X-Pod-Name
X-Srcache-Store-Status
X-Via-PopN
X-Ctl-Mach
X-Via-PopV
X-Via-PopH
Req-ID
Epwk-X-Cache
X-VG-WebCache
Yjs-Id
XM
Geoip-Latitude
X-Acquia-Purge-Cdn-Unconfigured
ENV
True-Client-Country-4JS
X-Iauth-Set-Uid
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Cdn-Request-ID
X-Cache-Expires
CDN-RequestPullSuccess
Servername
Proxy-Connection
X-Hyper-Cache
X-Oss-Hash-Crc64ecma
X-Lb-Nocache
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Amz-Meta-Opti
X-Oss-Object-Type
X-Fastly-Backend-Reqs
X-Clientip
X-LiteSpeed-Cache-Control
V-Age
CDN-RequestPullCode
X-TT-LOGID
X-Serial
X-Dw-Trace-Id
X-M-Log
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-M-Reqid
Warning
X-Acquia-Site
X-RAMCache
X-UP
Content-Style-Type
X-Akamai-ERRuleID
WZWS-RAY
X-Acquia-Purge-Tags
X-Qnm-Cache
X-Swift-Error
Cneonction
Ec-Rule-Version
X-B3-Parentspanid
Content-Script-Type
X-Acquia-Application-Trace
X-Akamai-ERPolicy
X-Acquia-Application-UUID
X-F-Status
X-MiniProfiler-Ids
CountryCode
X-Lsadc-Cache
MIME-Version
PICS-Label
My-App
X-LiteSpeed-Tag
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Ngx
X-Cached-Since
W
X-B3-ParentSpanId
X-Fastly-Cache-Hits
Ohc-Cache-HIT
X-Mg-Cache
X-Litespeed-Cache-Control
X-Moov-Xdn-Version
X-IPS-Cached-Response
X-Scheme
X-Webstats-RespID
Ngx
X-Th-Server
X-Moov-T