Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
P3p
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-Cache-Group
X-Robots-Tag
X-Dns-Prefetch-Control
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Backend
X-Amz-Id-2
X-Proxy-Cache
X-Ws-Request-Id
X-Age
Host-Header
X-Akamai-Path-Stats
X-Server-Powered-By
X-Hacker
X-Server
EagleId
X-Rq
X-Vhost
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Allow
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-OneAgent-JS-Injection
X-Node
X-Server-Id
EagleEye-TraceId
X-Pingback
X-Cache-Spec
Surrogate-Control
Cf-Railgun
Request-Id
X-Akam-SW-Version
X-Backend-Server
Accept-CH
X-Readtime
X-Cache-Lookup
X-Response-Time
X-HW
Accept-CH-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
Content-Location
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-WebKit-CSP-Report-Only
X-Url
X-Country
X-Clacks-Overhead
Accept-Ch-Lifetime
X-Edge
X-Amz-Server-Side-Encryption
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-B3-TraceId
X-Rack-Cache
Edge-Control
X-TtlSet
X-Vname
X-PC
Accept-Ch
X-Vcap-Request-Id
X-ESI
Xkey
X-Content-Type
X-Mod-Pagespeed
X-Nginx-Upstream-Cache-Status
X-CST
X-Amz-Rid
X-Varnish-TTL
X-D2id
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-VARITI-CCR
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Mcache
Verso
X-GitHub-Request-Id
Cache-Tag
RTSS
X-Powered-By-Plesk
X-FastCGI-Cache
X-ECACHE
X-Cached
X-Upstream
X-Oneagent-Js-Injection
X-Navigation-Version
Service-Worker-Allowed
X-Client-IP
X-Version
X-Dw-Request-Base-Id
X-Abt-Application-Version
X-Px
X-Ruxit-Js-Agent
X-Cnection
Public-Key-Pins
X-Ac
X-Ser
X-Ttl
Arr-Disable-Session-Affinity
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
Pagespeed
Display
X-Middleton-Display
SPRequestGuid
X-Sol
X-SharePointHealthScore
X-Element-Page-Cache
X-Server-Name
SPRequestDuration
SPIisLatency
X-NF-Request-ID
X-Country-Code
X-Cache-TTL
X-NWS-LOG-UUID
X-Midtier
X-Middleton-Response
X-Goog-Hash
Response
X-Kinsta-Cache
X-Cache-Key
X-Edge-Location-Klb
X-RateLimit-Remaining
Permissions-Policy
Access-Control-Request-Method
X-Forwarded-For
Content-MD5
X-DataDome
X-Correlation-Id
X-Shield-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-CMS
X-MSEdge-Ref
Edge-Cache-Tag
Front-End-Https
TP-L2-Cache
TP-Cache
X-Recruiting
Nginx-Cache
X-Jurisdiction
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-SID
AR-Request-ID
X-HP-Webp
X-HP-Trace-Id
X-T
X-Accel-Expires
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
TCN
X-Daa-Tunnel
X-Grace
MicrosoftSharePointTeamServices
X-RateLimit-Limit
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Mg-S
Filters
X-Hits
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
X-HS-Combine-CSS
X-Content-Digest
X-Request-Processing-Time
X-Request-Received
X-LLID
S
X-Frontend
X-Distributor
X-Amzn-Trace-Id
Server-Name
Cache-Status
X-Protected-By
X-Geo-Country
MS-Author-Via
Fastcgi-Cache
X-Fastly-Request-Id
X-PressLabs-Stats
X-LB-Cache
X-TTL
X-Microsite
X-Request-Handler-Origin-Region
X-Language
Cross-Origin-Opener-Policy
X-Ezoic-Cdn
X-Origin-Server
X-Forwarded-Proto
X-Ab
X-Ua-Browser
X-FB-Debug
Charset
Filterid
X-B3-Sampled
X-F-Cache
X-Seen-By
Host
X-Page-Id
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
Realpath
X-Litespeed-Cache
X-Ratelimit-Reset
X-ASPNET-VERSION
Payment
Count-Hit
X-Fastcgi-Cache
X-Cache-Age
Accept-Charset
X-Cluster-Name
X-VCache
X-DynaTrace
Cache-Tags
Alternate-Protocol
X-NGENIX-Cache
Surrogate-Key
X-Origin-Cache
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Webkit-Csp
Retry-After
X-Az
X-AppVersion
X-Activity-Id
X-Webkit-CSP
X-Rid
Cleartype
X-Template
X-Content
X-Www-Served-By
X-Varnish-Backend
Access-Control-Allow-Method
X-Tb
X-Node-Name
X-TT
X-App-Environment
X-Type
X-B-Cache
X-Debug
X-B
ServerID
X-Amz-Replication-Status
X-Signature
X-Wix-Request-Id
X-Proxy
X-Drupal-Cache-Tags
DC
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
Paypal-Debug-Id
X-Route-Name
X-Upgrade-Enabled
X-Request-Guid
X-Logged-In
X-Varnish-Grace
X-DIS-Request-ID
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cf-Apo-Via
Frame-Options
X-Mobile
X-Content-Options
X-Envoy-Decorator-Operation
X-Hostname
X-Ratelimit-Remaining
X-Source
X-Load-Cache
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Revision
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
Pinterest-Generated-By
X-Pinterest-Rid
X-Cache-Control
Pinterest-Version
X-N
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Request-ID
Country
X-Kong-Proxy-Latency
X-Contextid
X-Kong-Upstream-Latency
X-User-Agent
X-Magnolia-Registration
Referer-Policy
X-Whom
X-EdgeConnect-Cache-Status
Viewport
X-Cache-Rule
X-Restarts
X-Response-Served-From
X-Original-Request-Id
Node
Content-Disposition
NGB
X-Varnish-Age
Refresh
Access-Control-Request-Headers
X-Cache-TTL-Remaining
X-Debug-IsConnected
X-L-Path
X-Debug-IsPreview
X-Framework
X-Environment-Context
X-Cacheable-TTL
X-Mid
X-Mg-Request-UUID
Akamai-GRN
X-Cache-Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Akamai-Request-ID2
Url
X-G
X-Jobs
X-Varnish-Server
X-Unique-Id
Uber-Trace-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-XRDS-LOCATION
X-Servername
X-Instance
X-Adobe-Loc
X-Cache-Grace
X-Adobe-Content
X-Drupal-Cache-Contexts
X-NYM-Debug-Backend
X-Page-View
X-Status
X-App-Server
X-Is-Bot
X-Real-IP
X-Rendered-As
Version
X-Server-ID
Countrycode
X-Ratelimit-Limit
X-Content-Powered-By
X-Debug-Info
X-COUNTRY
X-Http-Reason
X-RemovedCookies
X-ProcessESI
X-CDN-Forward
Protected
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-IPLB-Request-ID
X-Tt-Logid
X-APP-VERSION
X-IPLB-Instance
X-Hosted-By
Accept-Language
Srv
X-Time
Liferay-Portal
X-Nginx-Cache-Key
X-Device-Type
X-Cache-Expired-At
Healthy
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Static
X-FW-Serve
X-FW-Type
X-Via-JSL
Fastcgi-Useragent
X-Azure-Ref
X-Cache-Hit
X-UUID
X-RTag
Ms-Operation-Id
MS-CV
X-Proxy-Cache-Status
X-Tumblr-User
X-Cache-NGX
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Backend
X-Tumblr-Pixel-0
X-Trace-Id
Section-Io-Cache
X-Mobile-URL
Server-Info
X-Backend-Name
Content-Secure-Policy
X-Cache-Operation
X-RN-RSRV
X-UPSTREAM-Address
X-Storage
Load-Balancing
Meta-Geo
CF-IPCountry
X-HTML-Minification-Powered-By
X-Datadome
X-Mode
X-Zen-Fury
X-ShopId
TWC-Connection-Speed
X-Content-Age
Azure-SiteName
X-Uri
X-Forwarded-Host
Property-Id
Onion-Location
X-Format
S-Rt
X-Shopify-Stage
X-Edge-Location
Locale
Web-Mar-Node
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-Say-Cacheable
X-Say-TTL
X-Sql-Count
X-Urbn-Site-Id
Eomportal-Instance
X-VWS-Id
X-Site-Version
X-SayCDN-TTL
X-ShardId
X-Sql-Duration-Ms
X-Urbn-Context-Path
WP-Super-Cache
X-Access
X-Akamai-Edgescape
Webcakes-Region
X-PHP-Host
Webcakes-App-Name
TWC-Device-Class
X-Region
X-Alternate-Cache-Key
X-Section
X-Server-W
X-Cache-Enabled
X-Handled-By
X-AWS-Id
X-Varnish-Cache-Hits
X-Cache-Host
X-Sorting-Hat-ShopId
Webcakes-App-Version
X-Locale
TWC-GeoIP-LatLong
X-Sorting-Hat-PodId
X-LJ-Flow-ID
TWC-GeoIP-Country
X-Labrador-Cache-Channel
TWC-Locale-Group
TWC-Privacy
X-Origin-Hint
X-Storefront-Renderer-Rendered
X-PCL
X-OCL
X-Origin-Date
X-Varnish-Hostname
Selected-Fe
X-VC-Cache
X-Cache-Type
X-Cache-Server
X-Debug-Cache
Mn-Server-Ip
X-Xfnlog-Site
X-Varnishpool
X-UA-Device-Type
X-Zipkin-Id
DB-Nickname
X-Redis-Cache
X-JoinUs
X-Web-Node
X-No-Session
X-Hl-Ver
X-GeoCountry
Apigw-Requestid
X-Generated-By
X-GeoCode
X-PHP-Backend
X-Proto
X-Routing-Service
X-SaId
X-ServerID
X-Request-Time
X-ProxyCache-Status
X-Proxied
X-Proxy-Build
X-ProxyCache-Key
GEO-INFO
X-Generation-Time
X-Extlb
X-BYPASS-REASON
X-Timing-Wait
X-Adobe-Source
X-FB-TRIP-ID
X-Skip-Cache
X-Cms-Context
X-Tid
ServedBy
X-SRV
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
CDN-Uid
X-Varnish-Beresp-Grace
CDN-RequestId
X-Nginx-Cache
CDN-RequestCountryCode
X-Cache-Status-Check
CDN-PullZone
X-Cache-Action
X-Via-Fastly
X-Detected-As
X-Rule
X-ECache
X-Ua
X-Human
X-R9-Blue-Green-Version
X-LSADC-Cache
X-DynaTrace-JS-Agent
Cache
SD-X-WS
X-Ms-Version
X-FireWall-Port
X-Ms-Request-Id
Cache-Name
Xet-Cookie
X-Cache-Tags
X-Cached-By
X-App-Version
X-Dc
LB
X-Amzn-RequestId
X-Amz-Apigw-Id
Cross-Origin-Resource-Policy
Cross-Origin-Window-Policy
Source
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Correlation-ID
X-GG-Cache-Date
Xserver
WPO-Cache-Message
WPO-Cache-Status
X-RCS-CacheZone
X-Via-NSCOPI
X-Aspnetmvc-Version
X-Varnish-Hits
X-Cdn
X-GEO
Origin
X-NewRelic-App-Data
X-MP-GENERATED-AT
X-IPS-LoggedIn
X-Reqid
X-Loop
Cache-Hits
X-TNCMS
X-AOL-HN
X-URL
X-Pubstack
X-Origin-TTL
X-Origin-CC
X-Amzn-Remapped-Content-Length
X-Soup
X-B3-SpanId
X-TA-CDN-Provider
X-FW-Version
X-Newrelic-Synthetics
Rip
X-Varnish-Ttl
Webserver
X-Platform-Server
X-Cluster-Node
From-Origin
X-Api-Version
X-Tumblr-Pixel-2
Upgrade-Insecure-Requests
X-Service
X-Request-Host
X-Vgn-Hpd-Reason
X-Origin-Response-Time
X-A-Ccd
X-A-Dam
X-A
X-A-Dcw
T-Server
Surrogated-Key
X-Aed
X-Application
X-ARC
X-AK-Request-ID
Sslversion
X-A-Wwc
X-A-Dgt
Redirect-Candidate
Cdnsip
DCR-Decision-By
DCR-Processing-Time-Ms
Cdncip
Candidate-Md5Url
A
BehaviorPad-Version
Environment
Expiry
Odigeo-Trace-Id
X-B-Cookie
Ngx.Var.Host
Meta-Geo-Continent
Lang
MD5-Digest
Rendered-Blocks
X-Cache-NE
X-Session-Fingerprint
X-Shop-Environment
X-Served-From
X-ScT
X-S
X-S-Cookie
X-SRCache-Key
X-Tenant
X-VG-WebCache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-TIM-N
X-User
X-Rojux
X-Rewrite-Enabled
X-Developer
X-Ec-Fail
X-Destination
X-D
X-BCube-Filmed-By
X-Connection-Hash
X-External-Request-Id
X-Forwarded-Path
X-PBS-Appsvrname
X-Processor
X-Owner
X-Orig-Expires
X-NAPM-TraceId
X-Bc-Bl
X-Ec-GeoHdr
X-Cluster
OT-Force-Account-Verify
Fastly-SSL
X-TIME
HostName
X-CSRF-Token
Decoy-Debug-Key
Decoy-Debug-Status
Machine
Decoy-Debug-TTL
Host-ID
X-Accel-Buffering
X-Generated-On
X-Thanos
X-Dispatcher-Number
X-Qloud-Router
X-Pool
X-Forwarded-Site
X-Level-Front-Cache
X-Bip
X-Irp-Debug
X-VC
X-NWS-UUID-VERIFY
X-Provided-By
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Core-Value
X-Clara-WADP
X-Cdn-Srv
X-Cdn-Origin
X-CGP
X-Ckpd-Fst-Backend
X-DefElseHash
X-Core-Mission
X-Device-Os
X-Fmm-Version
X-Fetched-On
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Fastly-Cache
X-Eu-Site
X-Developers
X-DPWN-IS-SECURE
X-Epic-Correlation-Id
X-Esi-Check
X-DefHash
X-CacheTTL
Tube-Got-Eval
Tube-Get-Contents
Tube-Got-Results
Tube-Return
V-Age
Traceparent
Thinkindot-Control
State
Servername
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Vix-Hermes-Req-Id
VNS-Age
X-BBC-Edge-Cache-Status
X-Auto-Login
X-Branch-Name
X-Cache-Id
X-Cache-Info
X-Ad-Defer-Variation
Wxu-Next-Region
VNS-Cache
We-Hiring
Wxu-Next-Commit
Wxu-Next-Hostname
X-Gateway-Skip-Cache
X-GeoIP
X-V-Cache
X-Thinkindot-L3
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SIPLIST1
X-Sigma-Backend
X-Sn-Servicetimems
X-SplitTest
X-Cache-Remote
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Slack-Backend
X-Wix-Viewer-Type
X-Clientip
X-Cache-Bucket
X-WA-Info
X-Viewer-Country
X-WADP-Cache
Web-Mar-Region
X-Aicache-OS
X-Sigma
X-Scale
X-NodeID
X-Minions-Version
X-Nyt-Route
X-Optimistic-Header
X-Origin
X-Loc
X-INCAP-ABP
X-GeoIP-City
Server-Host
X-Gzip
X-Hash
X-HS-Content-Campaign-Id
X-Origin-Expires
X-Origin-Time
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Request-URI
X-Rocket-Build-Number
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Parent-Response-Time
X-Pod-Name
X-Policy
X-Proxy-Cache-Info
X-Gdpr
X-Mvc-Supplant-Cachable
Fastly-SIE
Fastly-SWR
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Datacenter
DSUID
Gh-Request-Id
Ha-Gx-Prefs
L
L5d-Success-Class
Kp-EeAlive
IsBot
HA-Ipaddr
Is-Eu
CPC-Cache
CPC-Age
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Varnish-Beresp-Ttl
Req-Svc-Chain
Cache-Host
Cache-Tv-Group
Cmstype
Country-Code
Cmsid
Click-Count-Error
Click-Count-Action-Start
Mail-Subject
Adler-Geo
Origin-CC
Producers
Platform
Mobile-Detection-Method
Origin-EX
NGX
NM-Fastcgi-Cache
Release
X-Yandex-Sdch-Disable
X-Gamma-Serve
X-Hnp-Log
X-JWT-State
Fastcgi-Cache-TTL
X-Mvc-Supplant-OutputCached
X-Gen-Mode
X-Ec-Custom-Error
X-Has-Esi
X-S-Maxage
X-Tx-Id
X-NCache
CDCHOST
Svr
X-Worker
X-VServer
CloudFront-Viewer-Country
AKAMAI
X-Block-Status
X-SB
X-Geo-Header
X-Rocket-Nginx-Serving-Static
Cluster
X-Scheme
X-Is-Gdpr
Memcached
User-Cache-Control
SID
Mime-Version
X-ZONE
X-Udemy-Cache-App-Namespace
X-Cache-Date
X-LB-NoCache
X-Ig-Push-State
X-Microcachable
Sever-Int
Server-Ext
Server-Hostname
WebServer
Ssr
X-Varnish-Beresp-Status
Ec-Rule-Version
Pics-Label
X-Conf
X-Tb-Optimization-Total-Bytes-Saved
X-Trace-ID
X-Generated-In
Canary
X-CMSURLCustom
X-Sucuri-Cache
Time
X-Via-Popn
X-Via-Poph
Fastly-Drupal-Html
X-Sucuri-ID
X-Via-Popv
X-ATG-Version
X-Dmc
Memory
AMP-Access-Control-Allow-Source-Origin
X-CS
Sid
X-Be
X-B3-Traceid
X-Presslabs-Stats
X-Servedbyhost
X-ND-Cache
X-Azure-Ref-OriginShield
X-Refresh
X-Air-Trace-Id
X-MSEdge-Flight
X-MSEdge-Features
X-Air-Source
X-WP-CF-Super-Cache-Active
X-Var-Ttl
X-Air-Hostname
X-FC-Vary-Parameters
Server-ID
X-Fastly-Backend
X-Xrds-Location
X-TRACE-ID
X-Cache-Debug
X-Tec-Api-Root
X-Tec-Api-Version
X-Edge-Pop
Env
X-Tec-Api-Origin
X-Akamai-Transformed
X-Buckets
X-NC
X-Newrelic-App-Data
X-Fpc
X-DC
Fastly-Drupal-HTML
X-Esi
X-Wikidot-Backend
X-Release
X-Wikidot-Static-Cache
X-Cs
X-PX
X-MCACHE
Magicmarker
X-ID
X-EC-Lua
CDN
GeoIp-Country-Code
X-CF-Lambda-Version
X-RateLimit-Reset
X-CACHE-AGE
X-CF-Lambda-Fn
X-Endurance-Cache-Level
X-TX-ID
X-Hyper-Cache
X-Zone
X-M-Log
X-VCL-Version
X-Up
Pramga
True-Client-IP
X-M-Reqid
X-Micro-Cache
X-NGINX-Cache
X-Srv
X-Qnm-Cache
X-App
X-Wa
My-App
C-Via
X-Alfa-Service
X-Tumblr-Pixel-3
X-Vc
X-CACHE-KEY
X-TrackingId
X-Dispatch
X-Varnish-Beresp-TTL
Hostname
X-Pass-Why
N-Cache
X-CSRF-TOKEN
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
On-Server
X-Lambda-Id
X-Platform
Fastcgi-X-Cache-Version
Request-ID
Path
X-PAYTM-SRV-ID
Esi-Enabled
X-Vcl-Version
X-Air-Pt
X-Check-Cacheable
True-Client-Ip
X-AIR-PT
X-Vtex-Remote-Cache
X-HS-Status
X-Vercel-Cache
X-Vercel-Id
X-Vtex-Processado-Em
Tcn
X-Req
X-ApacheServer
Resin-Trace
X-PERF
X-LB-ID
Tracecode
GeoIP-Latitude
GeoIP-Country-Code
X-TH-Server
CacheControlHeader
X-Node-Id
X-SD-PageType
X-B3-Spanid
X-SERVER-NAME
NtCoent-Length
X-Request-Start
True-Client-Country-4JS
X-LAGOON
X-API-Version
Proxy-Connection
DT-Hot-News
HIT
Cache-Key
Cdn
X-Akamai-Pragma-Client-IP
X-CLOUD-TRACE-CONTEXT
X-FPC
X-Proxy-CacheRZ
Hit
DynaTrace
X-Render-Time
X-Op-Id-All
XkeyRZ
X-Webkit-CSP-Report-Only
X-Webkit-Csp-Report-Only
ENV
PFcat
X-Edge-POP
Section-Origin-Responded
X-Proxy-Upstream
X-HN
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Traceid
X-VarnishDD-TTL
X-Via-Ucdn
X-Mly-Id
XM
X-Platform-Router
X-Platform-Processor
X-WA
X-Geo
Section-Io-Origin-Status
X-Platform-Cluster
X-Via-CDN
X-Dw-Trace-Id
Lb
Server-Id
X-ServedByHost
X-Proxy-Cache-Hk
X-Lb-Id
X-GeoIP-Country-Code
User-Agent
Server-Ttl
X-GeoIP-Region-Code
X-Cdn-Forward
MIME-Version
SRV
WWW-Authenticate
YJS-ID
X-Datacenter
X-LiteSpeed-Cache-Control
X-Via-PopH
X-Nf-Request-Id
X-Via-PopN
X-Via-PopV
X-Accel-Expires-Debug
X-Date
Dnion-Transfer-Encoding
X-LI-UUID
X-Li-Pop
X-LI-Proto
Geoip-Latitude
X-CUA
X-Li-Fabric
Yjs-Id
X-TT-LOGID
FSS-Cache
X-Cache-Ttl
X-Ftr-Request-Id
M-TraceId
X-Cache-Backend
X-CF-Powered-By
X-FORWARDED-FOR
X-LiteSpeed-Tag
X-RAMCache
X-HA-Backend
X-Httpd
X-RPM
X-RSL
X-Akamai-Request-ID
X-Old-Content-Length
X-HITS
X-DW
X-RPS
X-DB
Location
XServer
PICS-Label
Vha6-Origin
X-Nc
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Fastly-Backend-Reqs
X-DI
X-Request-Url
Warning
Nginx-CQVIP
X-DSS
X-Wp-Cf-Super-Cache-Cache-Control
X-UA
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
X-Lb-Nocache
Wpo-Cache-Message
X-Cc-Via
X-HostName
Sm-Log-Id
X-Server-IP
X-IN-APIGATEWAY
Ohc-File-Size
Wpo-Cache-Status
X-Response-By
X-IN-APIGATEWAYSSL
X-Fastly-Cache-Hits
X-Cdn-Request-ID
X-B3-ParentSpanId
WZWS-RAY
X-Service-Response-Time
Cdn-Uid
Cdn-Requestid
Cdn-Requestcountrycode
X-Cache-Ngx
Cdn-Edgestorageid
Cdn-Cache
CountryCode
Cdn-Cachedat
Cdn-Pullzone
Powered-By
X-Instance-Name
X-DataCenter
Ohc-Cache-HIT
X-Moov-T
X-Moov-Xdn-Version
Req-ID
X-Snapshot-Date
X-MiniProfiler-Ids
Uri
X-Serial
Fastcgi-Cache-Ttl