Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-Id
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
P3p
X-Proxy-Cache
Keep-Alive
X-Ua-Compatible
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
Cf-Apo-Via
X-Device
X-WebKit-CSP
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Ruxit-JS-Agent
EagleEye-TraceId
X-Server-Id
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
X-Backend-Server
Request-Id
X-Cache-Spec
X-Cache-Lookup
X-HW
X-Content-Security-Policy-Report-Only
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-WebKit-CSP-Report-Only
X-Country
X-Litespeed-Cache
X-Mcache
X-Content-Type
Content-Location
X-MS-InvokeApp
X-Url
Accept-CH-Lifetime
X-CST
X-Clacks-Overhead
X-TtlSet
X-Vname
X-PC
X-Amz-Server-Side-Encryption
Rating
X-Midtier
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-VARITI-CCR
X-Kinja-Revision
Origin-Trial
X-Exp-Variant
X-Use-Magma
Verso
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Rack-Cache
X-Server-Name
X-Ac
X-Powered-By-Plesk
X-GitHub-Request-Id
Service-Worker-Allowed
X-Cnection
X-ECACHE
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Client-IP
X-Navigation-Version
Xkey
X-Ttl
X-Abt-Application-Version
Edge-Control
SPRequestDuration
SPIisLatency
X-NWS-LOG-UUID
X-Cache-TTL
X-Upstream
Arr-Disable-Session-Affinity
X-Webkit-Csp
X-Cached
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Server-Lifecycle-Phase
X-Mg-S
X-B3-TraceId
X-Dw-Request-Base-Id
X-Varnish-TTL
X-Cache-Key
X-Px
Pagespeed
Display
X-Middleton-Display
X-Sol
X-FastCGI-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Correlation-Id
Edge-Cache-Tag
Access-Control-Request-Method
X-Forwarded-For
X-Country-Code
X-Goog-Hash
Content-MD5
X-NF-Request-ID
TCN
X-Powered-CMS
Front-End-Https
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
AR-SID
X-Id
X-Version
Public-Key-Pins
X-RateLimit-Remaining
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
Accept-Ch
X-T
X-MSEdge-Ref
X-Recruiting
X-Ser
X-Content-Digest
X-Ratelimit-Limit
X-Amzn-Trace-Id
Response
X-Middleton-Response
X-Accel-Expires
X-Daa-Tunnel
TP-L2-Cache
TP-Cache
X-Shield-Request-Id
X-XRDS-Location
MicrosoftSharePointTeamServices
Nginx-Cache
S
Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-HS-Content-Id
X-HS-Hub-Id
Server-Node
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
X-HS-Cache-Config
X-Fastcgi-Cache
Cache-Tags
X-Distributor
X-Hits
X-PressLabs-Stats
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Cross-Origin-Opener-Policy
X-Edge-Location-Klb
X-Kinsta-Cache
X-Origin-Server
X-LB-Cache
X-Ratelimit-Remaining
Fastcgi-Cache
X-Ezoic-Cdn
X-Ua-Browser
Alternate-Protocol
X-Grace
Server-Name
X-Ratelimit-Reset
X-DIS-Request-ID
Filterid
X-Frontend
X-Microsite
X-Request-Handler-Origin-Region
X-Rid
X-Geo-Country
X-LLID
X-Hostname
Healthy
X-Protected-By
X-FB-Debug
X-Fastly-Request-ID
X-Git-Hash
X-Logged-In
Payment
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Varnish-Backend
X-Debug-Info
X-DataDome
Cleartype
X-Page-Id
X-Load-Cache
X-Www-Served-By
X-Forwarded-Proto
X-NGENIX-Cache
X-Cluster-Name
X-ASPNET-VERSION
X-B3-Traceid
X-ECache
MS-Author-Via
DC
X-Origin-Cache
Realpath
Content-Disposition
Charset
Access-Control-Allow-Method
X-TTL
X-B3-Sampled
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-F-Cache
X-Proxy
X-Az
X-AppVersion
X-Activity-Id
X-Seen-By
X-Amz-Replication-Status
X-Amz-Meta-S3cmd-Attrs
X-Fb-Rlafr
Retry-After
X-Server-ID
X-Cache-Age
X-Azure-Ref
X-Type
Cross-Origin-Resource-Policy
Count-Hit
X-Route-Name
X-Revision
X-Whom
X-Request-Guid
X-Providence-Cookie
X-Flags
Surrogate-Key
Paypal-Debug-Id
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Contextid
X-Hosted-By
X-B-Cache
X-Aspnetmvc-Version
X-Signature
X-B
X-App-Environment
X-Varnish-Server
Accept-Charset
X-Wix-Request-Id
X-Akamai-Edgescape
Viewport
Amp-Access-Control-Allow-Source-Origin
X-TT
X-VCache
X-DynaTrace
X-Language
X-Times
X-App-Server
X-Source
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Fastly-Request-Id
X-Cache-Control
X-Mobile
Referer-Policy
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Magnolia-Registration
X-Envoy-Decorator-Operation
X-Varnish-Grace
Host
Version
X-Varnish-Ttl
X-N
X-HTML-Minification-Powered-By
X-Cache-Rule
WPO-Cache-Message
WPO-Cache-Status
X-Varnish-Age
X-Tt-Trace-Tag
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Response-Served-From
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tt-Trace-Host
X-EdgeConnect-Cache-Status
X-Original-Request-Id
X-Rule
X-RTag
Access-Control-Request-Headers
X-Cache-Status-Check
Ms-Operation-Id
MS-CV
Refresh
X-Cache-Time
SD-X-WS
X-Framework
X-UUID
SRV
Protected
X-Backend-Name
X-ProcessESI
X-Jobs
X-RemovedCookies
Akamai-GRN
X-Cacheable-TTL
X-Content-Powered-By
X-Cache-Grace
X-Status
GEO-INFO
X-User-Agent
X-Page-View
VIX-Pulpo-Upstream-Status
X-Environment-Context
X-L-Path
X-Device-Type
CDN-RequestId
Section-Io-Cache
From-Origin
X-G
X-FW-Version
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Dynamic
VIX-Pulpo-Node
X-FW-Type
X-Cache-Expired-At
X-FW-Static
Url
X-Servername
X-Rendered-As
X-Drupal-Cache-Tags
X-Amzn-RequestId
X-Http-Reason
X-Instance
X-Akamai-Request-ID2
X-Amz-Apigw-Id
X-RateLimit-Limit
X-NYM-Debug-Backend
X-Is-Bot
X-Adobe-Loc
X-Drupal-Cache-Contexts
X-Adobe-Content
X-Region
X-Trace-Id
NGB
X-Nginx-Cache
X-Template
Front
X-CDN-Forward
X-Unique-Id
X-XRDS-LOCATION
Accept-Language
X-Debug-IsConnected
X-Debug-IsPreview
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Content-Options
Backend
X-Cache-Hit
Fastly-SIE
Fastly-SWR
Country
X-Zen-Fury
X-Air-Hostname
X-Air-Source
Liferay-Portal
X-Newrelic-App-Data
X-Air-Trace-Id
X-DynaTrace-JS-Agent
Pinterest-Generated-By
X-Mode
Pinterest-Version
X-Pinterest-Rid
X-COUNTRY
X-Tb
X-Cache-Operation
X-Real-IP
Uber-Trace-Id
X-Cache-Server
X-Tumblr-Pixel-2
X-Rocket-Nginx-Serving-Static
Webserver
X-Content-Age
X-Generation-Time
Filters
Meta-Geo
X-Tt-Logid
X-RN-RSRV
S-Rt
Onion-Location
X-Amzn-Remapped-Content-Length
X-UPSTREAM-Address
X-Rewrite-Enabled
Content-Secure-Policy
Cache-Hits
Azure-Version
CF-IPCountry
Selected-Fe
X-Access
Azure-SlotName
Azure-SiteName
X-PHP-Backend
X-Proxy-Build
X-Format
Azure-InstanceId
Azure-RegionName
X-Proxy-Cache-Info
X-Node-Name
X-Time
X-Section
X-Timing-Wait
X-Web-Node
ServedBy
Webcakes-App-Name
X-Sql-Duration-Ms
X-Varnish-Beresp-Grace
X-Sql-Count
X-Soup
Webcakes-Region
X-Sucuri-Cache
Property-Id
Cache-Name
X-Debug
X-Sucuri-ID
X-UA-Device-Type
X-Forwarded-Host
X-Uri
X-Ms-Request-Id
X-Cluster-Node
X-Locale
TWC-GeoIP-Country
X-IPS-LoggedIn
X-Say-Cacheable
Node
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
TWC-Privacy
X-R9-Blue-Green-Version
TWC-Device-Class
X-Say-TTL
X-Proto
X-Server-W
X-Origin-Hint
X-Site-Version
X-Ms-Version
TWC-Connection-Speed
X-Skip-Cache
X-SayCDN-TTL
X-Cache-Action
X-Zipkin-Id
Cross-Origin-Window-Policy
X-Via-Fastly
X-BYPASS-REASON
DB-Nickname
X-Edge-Location
X-Proxied
X-TIME
X-Handled-By
X-Routing-Service
X-Reqid
X-ProxyCache-Key
X-Proxy-Cache-Status
X-PHP-Host
X-Tumblr-Pixel-3
X-Cms-Context
X-ProxyCache-Status
X-Extlb
X-Labrador-Cache-Channel
X-Cache-TTL-Remaining
X-Origin-Date
X-SaId
X-WP-CF-Super-Cache-Cache-Control
X-VC-Cache
X-LJ-Flow-ID
X-Cluster
X-Adobe-Source
X-AWS-Id
X-Ua
X-FB-TRIP-ID
X-Cache-Host
X-VWS-Id
X-WP-CF-Super-Cache
X-IPLB-Request-ID
X-IPLB-Instance
X-JoinUs
X-Detected-As
Web-Mar-Node
X-Ruxit-Js-Agent
Mn-Server-Ip
X-Xfnlog-Site
Countrycode
X-App-Version
X-No-Session
Locale
X-Optimistic-Header
Apigw-Requestid
X-Urbn-Site-Id
X-Urbn-Context-Path
X-LSADC-Cache
Mime-Version
X-GeoCountry
WP-Super-Cache
X-ARC
ServerID
X-GeoCode
Fastcgi-Useragent
X-LAGOON
X-Buckets
Source
Cache-Tv-Group
X-Oneagent-Js-Injection
X-Director
CDN-PullZone
CDN-RequestCountryCode
CDN-Cache
CDN-CachedAt
Upgrade-Insecure-Requests
CDN-EdgeStorageId
CDN-Uid
X-Hl-Ver
X-Varnish-Hits
Fastly-Drupal-HTML
X-Generated-By
X-Mg-Request-UUID
X-GEO
X-Request-Time
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Tx-Id
Frame-Options
X-Redis-Cache
X-Cache-Debug
X-Webkit-CSP-Report-Only
X-FireWall-Port
X-Loop
Xet-Cookie
CF-Cached-On
X-Origin-CC
X-URL
X-Origin-TTL
X-Varnish-Cache-Hits
X-Pass-Why
X-RM-Cache-TTL
X-Varnish-Hostname
X-Api-Version
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-TA-CDN-Provider
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Storefront-Renderer-Rendered
X-SRV
X-TNCMS
X-ServerID
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
Load-Balancing
X-Datadog-Sampled
X-Akamai-Transformed
X-Newrelic-Synthetics
X-Served-From
X-Service
X-Pubstack
X-Location
X-Request-Host
Xserver
Server-Info
X-B3-Spanid
X-CMSURLCustom
X-Epic-Correlation-Id
X-Cache-Date
X-Cache-Info
X-Cache-NE
X-Bip
X-Ec-GeoHdr
X-Conf
X-Cdn-Origin
X-D
X-Destination
X-Core-Mission
X-Developer
X-Ec-Fail
X-CUA
X-A
Redirect-Candidate
Origin
Country-Code
Odigeo-Trace-Id
Release
Rendered-Blocks
Surrogated-Key
Sslversion
Req-Svc-Chain
DCR-Decision-By
DCR-Processing-Time-Ms
MD5-Digest
Lang
Host-ID
Edge-Cache
DSUID
Ngx.Var.Host
Meta-Geo-Continent
Memcached
T-Server
TDXMobile
A
X-A-Wwc
X-A-Dgt
X-Aed
X-Application
X-Bc-Bl
X-BBC-Edge-Cache-Status
X-B-Cookie
X-A-Dcw
X-A-Dam
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Candidate-Md5Url
Thinkindot-Control
WWW-Authenticate
X-A-Ccd
BehaviorPad-Version
Cache-Host
X-BCube-Filmed-By
X-Mid
X-S
X-Rojux
X-S-Cookie
X-S-Maxage
X-ScT
X-Rocket-Build-Number
X-External-Request-Id
X-Origin-Time
X-Nyt-Route
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Sigma
X-Sigma-Backend
X-TIM-N
X-Thinkindot-L3
X-Vdms-Path
X-Vdms-Version
Xc-Version
X-Thanos
X-Test
X-Sn-Servicetimems
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Mobile-URL
X-Processor
X-Httpd
X-Level-Front-Cache
X-INCAP-ABP
X-Hash
X-Loc
X-Endurance-Cache-Level
Gannett-Cam-Experience-Id
X-Generated-On
X-Gdpr
X-CSRF-Token
X-Storage
X-Restarts
X-Fetched-On
X-Fastly-Cache
X-Vmg-Version
X-Var-Ttl
X-Ec-Custom-Error
X-Gamma-Serve
X-Fmm-Version
X-Varnish-Beresp-Status
X-Varnishpool
X-WADP-Cache
Magicmarker
X-Akamai-Device-Characteristics
X-Men
X-Origin
Gh-Request-Id
Server-Host
NM-Fastcgi-Cache
X-We-Are-Hiring
X-Geo-Header
X-Worker
X-WP-CF-Super-Cache-Active
X-Fastly-Backend
X-VServer
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Pool
X-Auto-Login
X-Human
X-Cache-Bucket
X-Origin-Response-Time
X-Cdn-Srv
X-Mvc-Supplant-Cachable
X-Node-Id
X-Org
X-Region-Sid
X-Date
X-Clara-WADP
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-GeoIP-City
X-Server-IP
X-SD-PageType
X-Accel-Expires-Debug
X-HS-Content-Campaign-Id
X-Developers
X-Dispatcher-Number
X-GeoIP
X-CacheTTL
Fastly-Backend-Name
AKAMAI
C-Via
CacheControlHeader
X-Varnish-Beresp-Ttl
Apple-News-Services-Handled
CloudFront-Viewer-Country
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cache-Key
Apple-News-Services-Request-Url
Fastly-GeoIP-CountryCode
X-Parent-Response-Time
X-Instance-Name
Section-Io-Id
X-NodeID
X-Device-Os
X-Gzip
X-FC-Vary-Parameters
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
X-Core-Value
X-Block-Status
X-Variation
X-Azure-Ref-OriginShield
X-App
X-Accel-Buffering
X-Cache-Tags
X-Scale
X-DefHash
X-DefElseHash
X-Forwarded-Site
X-Platform
X-Origin-Expires
X-Dispatcher-Server
X-Nginx-Cache-Key
X-Op-Id-All
X-NCache
X-Mly-Id
X-LB-NoCache
X-VG-TLSProxy
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Qloud-Router
X-Req
X-NWS-UUID-VERIFY
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-WA-Info
X-Wix-Viewer-Type
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Ad-Defer-Variation
X-Gen-Mode
X-Frame-Option
X-Cache-Id
Vix-Hermes-Req-Id
X-HN
Adler-Geo
X-Irp-Debug
Is-Eu
Platform
X-Hnp-Log
X-Esi-Check
X-Request-Start
State
Machine
Mail-Subject
Tube-Got-Eval
Cache-Provider
L
Ssr
Origin-EX
Tube-Get-Contents
Wxu-Next-Region
NGX
Canary
CDCHOST
Origin-CC
Cmstype
Kp-EeAlive
PFcat
User-Cache-Control
Server-Ext
We-Hiring
Click-Count-Error
Wxu-Next-Hostname
Wxu-Next-Commit
Server-Hostname
Cmsid
Click-Count-Action-Start
Tube-Got-Results
Sever-Int
Tube-Return
X-DPWN-IS-SECURE
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Csrf-Jwt
X-Owner
X-Eu-Site
Datacenter
X-Cache-FS-Status
Producers
On-Server
X-CGP
HA-Ipaddr
X-Response-By
L5d-Success-Class
X-Planisys-CDN-TTL
Ha-Gx-Prefs
X-Platform-Server
Web-Mar-Region
Fastly-SSL
X-SB
X-Minions-Version
X-Old-Content-Length
X-Cache-Remote
X-Ckpd-Fst-Backend
X-V-Cache
X-Release
Environment
HostName
X-Air-Pt
X-CACHE-AGE
Decoy-Debug-Key
X-Cache-Backend
X-Refresh
Decoy-Debug-Status
X-Mvc-Supplant-OutputCached
X-Microcachable
Pics-Label
Decoy-Debug-TTL
X-Aicache-OS
Cluster
Srvid
Expect-Staple
X-Tb-Optimization-Total-Bytes-Saved
X-FL-EDGE
Locid
X-FL-QIT-DEBUG
X-Provided-By
X-Via-CDN
X-Tid
X-DC
GeoIP-Latitude
X-Correlation-ID
X-Nananana
Env
Edge-Copy-Time
X-Via-SSL
X-Via-Edge
X-Zone
X-From
X-ND-Cache
X-Dc
X-Cache-Enabled
X-RCS-CacheZone
X-VC
X-Trace-ID
X-Vcl-Version
Memory
X-Up
X-Generated-In
X-Servedbyhost
Time
SID
NtCoent-Length
X-Srv
X-Edge-Pop
Sid
X-Lambda-Id
Svr
X-Cached-By
Cache
X-Cs
X-Webkit-CSP
X-Via-Popn
X-AIR-PT
X-ZONE
X-Via-Popv
X-Via-Poph
X-Nc
X-Debug-Cache-Store
X-HS-Status
X-Debug-Cache-Fetch
X-DataCenter
X-Nf-Request-Id
X-NewRelic-App-Data
X-Esi
CPC-Age
VNS-Cache
X-Wa
CPC-Cache
X-Presslabs-Stats
X-Render-Time
Fastly-Drupal-Html
X-Vtex-Remote-Cache
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-VCT
X-Vgn-Hpd-Variations-Key
X-HA-Backend
VNS-Age
X-Vc
Cdn
Server-ID
X-CLOUD-TRACE-CONTEXT
X-Client-Ip
X-LB-ID
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-TH-Server
X-Upstream-Ct
X-Upstream-Ht
GeoIp-Country-Code
X-Cache-Type
X-Check-Cacheable
X-Gateway-Cache-Key
X-Fpc
X-Via-JSL
X-Gateway-Request-Id
X-Amz-Meta-Cb-Modifiedtime
X-Gateway-Skip-Cache
X-ATG-Version
X-Gateway-Cache-Status
Hostname
Cdncip
AMP-Access-Control-Allow-Source-Origin
Cdnsip
X-AK-Request-ID
X-Proxy-CacheRZ
XkeyRZ
True-Client-IP
X-Varnish-Authentication
Uri
X-Contensis-Viewer-Groups
X-Via-NSCOPI
X-Cache-ASPX
X-NGINX-Cache
X-B3-SpanId
X-API-Version
M-TraceId
XServer
X-Varnish-Beresp-TTL
X-CS
X-EC-Lua
X-CSRF-TOKEN
X-CF-Lambda-Version
Eomportal-Instance
Esi-Enabled
X-PAYTM-SRV-ID
X-RateLimit-Remaining-Second
True-Client-Ip
X-CF-Lambda-Fn
X-RateLimit-Limit-Second
X-Udemy-Cache-App-Namespace
X-MP-GENERATED-AT
X-MSEdge-Features
OT-Force-Account-Verify
Resin-Trace
X-MSEdge-Flight
X-FPC
X-Datadome
Srv
X-Wikidot-Backend
N-Cache
X-Micro-Cache
CDN
Ngx-Var-Key
X-Wikidot-Static-Cache
Request-ID
YJS-ID
X-Forwarded-Path
X-Shop-Environment
X-Tenant
X-CDN-Cache-Status
RNT-Time
X-Orig-Expires
Path
RNT-Machine
X-APP-VERSION
X-Fastly-Country-Code
GeoIP-Country-Code
X-Bl-Debug
X-RateLimit-Reset
X-VCL-Version
Server-Id
X-SIPLIST1
X-Cache-NGX
IsBot
X-Cache-Ttl
X-Request-URI
LB
X-Lb-Id
Sm-Log-Id
X-Service-Response-Time
X-Ha-Backend
X-App-Name
Lb
X-Policy
X-Info
X-Accel-Version
X-TX-ID
X-MCACHE
X-B3-Trace-ID
X-Datacenter
X-WA
X-Pod-Name
HIT
Location
Cross-Origin-Opener-Policy-Report-Only
X-Edge-POP
X-SERVER-NAME
X-Cdn-Cache-Status
X-Via-PopH
X-Via-PopV
X-Vcache
Ohc-File-Size
Hit
X-Via-PopN
X-NC
X-Geo
X-Logging-Id
X-Akamai-Pragma-Client-IP
Proxy-Connection
Servername
Timeexpire
X-Cdn-Diag
X-Snapshot-Date
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Cdn-Request-ID
Pramga
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Cache-Expires
FSS-Cache
X-CACHE-KEY
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Xrds-Location
X-Git-Commit
X-Container-Uri
Yjs-Id
X-Ctl-Mach
Epwk-X-Cache
ENV
X-ServedByHost
Req-ID
Warning
X-Serial
X-Amz-Meta-Opti
X-Hyper-Cache
X-Scheme
X-LiteSpeed-Cache-Control
Geoip-Latitude
X-UP
X-Tncms
WZWS-RAY
X-VG-WebCache
XM
X-Cdn-Forward
X-Dw-Trace-Id
X-Fastly-Backend-Reqs
X-M-Log
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-MiniProfiler-Ids
X-M-Reqid
CDN-RequestPullSuccess
True-Client-Country-4JS
V-Age
X-Iauth-Set-Uid
X-Acquia-Purge-Cdn-Unconfigured
CDN-RequestPullCode
X-RAMCache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Qnm-Cache
Ec-Rule-Version
X-Moov-Xdn-Version
Traceparent
X-Lb-Nocache
Content-Style-Type
X-Swift-Error
X-B3-Parentspanid
Cneonction
X-Moov-T
X-TraceId
Content-Script-Type
X-F-Status
CountryCode
X-TT-LOGID
X-Lsadc-Cache
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Ohc-Cache-HIT
X-Mid-Debug-Cache-Disk
X-Viewer-Country
X-LiteSpeed-Tag
X-Mid-Debug-Cache-Key
Ngx
X-Clientip
X-PERF
X-Th-Server
My-App
Inserted-Into-Cache-At
X-ApacheServer
X-Webstats-RespID
X-Request-URL
X-Cache-Ngx
X-B3-ParentSpanId
X-IPS-Cached-Response
X-Mg-Cache
X-Litespeed-Cache-Control
MIME-Version
X-Fastly-Cache-Hits