Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-FRAME-OPTIONS
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
X-Ua-Compatible
Access-Control-Max-Age
X-Request-ID
X-Dns-Prefetch-Control
X-Via
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Backend
P3p
X-Amz-Id-2
X-Proxy-Cache
X-Ws-Request-Id
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Akamai-Path-Stats
X-Rq
EagleId
X-Vhost
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-OneAgent-JS-Injection
X-Node
X-Server-Id
EagleEye-TraceId
X-Pingback
X-Cache-Spec
Request-Id
Surrogate-Control
Cf-Railgun
X-Akam-SW-Version
X-Backend-Server
Accept-CH
X-Readtime
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
Content-Location
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-Country
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
Accept-Ch-Lifetime
X-Edge
X-Amz-Server-Side-Encryption
X-MS-InvokeApp
X-Rack-Cache
Edge-Control
X-TtlSet
X-PC
X-Vname
X-B3-TraceId
Accept-Ch
X-Ruxit-JS-Agent
X-Content-Type
X-ESI
X-Vcap-Request-Id
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Varnish-TTL
Xkey
X-FastCGI-Cache
X-Exp-Variant
X-Kinja-Revision
X-Amz-Rid
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-D2id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-VARITI-CCR
X-CST
Cache-Tag
X-GitHub-Request-Id
Verso
RTSS
X-Powered-By-Plesk
X-Ruxit-Js-Agent
X-Mcache
X-ECACHE
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-Upstream
X-Cached
X-Client-IP
X-Navigation-Version
X-Abt-Application-Version
X-Version
X-Dw-Request-Base-Id
X-Px
X-Cnection
X-Ac
Public-Key-Pins
Arr-Disable-Session-Affinity
X-Ser
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-SharePointHealthScore
SPRequestGuid
X-Element-Page-Cache
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Server-Name
X-Country-Code
SPIisLatency
SPRequestDuration
X-Cache-TTL
X-Ttl
X-NWS-LOG-UUID
X-NF-Request-ID
X-RateLimit-Remaining
X-Midtier
X-Cache-Key
Permissions-Policy
Response
X-Middleton-Response
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-Forwarded-For
Access-Control-Request-Method
Content-MD5
X-DataDome
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Front-End-Https
X-MSEdge-Ref
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Powered-CMS
X-Correlation-Id
Edge-Cache-Tag
X-T
TP-L2-Cache
X-Recruiting
TP-Cache
AR-SID
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
Nginx-Cache
X-HP-Webp
X-Accel-Expires
X-Jurisdiction
X-HP-Trace-Id
X-RateLimit-Limit
TCN
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Grace
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mg-S
X-Id
X-Hits
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Request-Received
X-Content-Digest
X-Request-Processing-Time
Filters
X-HS-Cache-Config
Server-Node
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
S
X-Frontend
X-LLID
Server-Name
X-TTL
X-Amzn-Trace-Id
X-Distributor
Cache-Status
X-Protected-By
X-Geo-Country
MS-Author-Via
Fastcgi-Cache
X-Fastly-Request-Id
X-LB-Cache
X-Request-Handler-Origin-Region
X-Language
X-Microsite
X-PressLabs-Stats
Cross-Origin-Opener-Policy
X-Ezoic-Cdn
X-Origin-Server
X-F-Cache
X-Seen-By
X-Page-Id
X-Forwarded-Proto
Host
Filterid
X-Ab
X-Ua-Browser
X-B3-Sampled
Charset
X-FB-Debug
X-XRDS-Location
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
Payment
X-Litespeed-Cache
X-Ratelimit-Reset
X-ASPNET-VERSION
Count-Hit
Realpath
X-Cluster-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-VCache
Accept-Charset
Cf-Apo-Via
X-Origin-Cache
Surrogate-Key
X-DynaTrace
Alternate-Protocol
Cache-Tags
X-NGENIX-Cache
X-Rid
X-Cache-Age
X-Webkit-Csp
Retry-After
Cleartype
X-Az
X-AppVersion
X-Template
X-Activity-Id
X-Fastcgi-Cache
X-Www-Served-By
Access-Control-Allow-Method
X-Request-Guid
X-Flags
X-Varnish-Backend
X-Aspnet-Duration-Ms
X-Node-Name
X-Wix-Request-Id
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-Tb
X-Varnish-Grace
X-B-Cache
X-Amz-Replication-Status
X-TT
X-Signature
X-Type
X-Upgrade-Enabled
X-App-Environment
ServerID
X-Debug
X-Content
X-B
X-DIS-Request-ID
DC
X-Proxy
Paypal-Debug-Id
X-Drupal-Cache-Tags
X-Logged-In
X-Tt-Trace-Tag
X-Tt-Trace-Host
Frame-Options
X-Hostname
X-Envoy-Decorator-Operation
X-Source
X-Mobile
X-Content-Options
X-Revision
X-Load-Cache
Pinterest-Generated-By
Pinterest-Version
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Pinterest-Rid
X-Cache-Control
X-N
X-Fastly-Request-ID
Amp-Access-Control-Allow-Source-Origin
X-Contextid
Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Magnolia-Registration
Referer-Policy
X-User-Agent
Viewport
X-Whom
X-Cache-Rule
X-EdgeConnect-Cache-Status
NGB
X-Response-Served-From
X-Original-Request-Id
X-Ratelimit-Remaining
Refresh
Node
X-Restarts
X-Varnish-Age
Content-Disposition
X-Cacheable-TTL
X-Cache-TTL-Remaining
Access-Control-Request-Headers
X-L-Path
X-Environment-Context
X-Framework
X-Debug-IsConnected
X-Debug-IsPreview
X-Page-View
X-Instance
X-Adobe-Content
X-NYM-Debug-Backend
X-Yottaa-Optimizations
X-Rendered-As
X-Akamai-Request-ID2
Uber-Trace-Id
X-Adobe-Loc
X-Mg-Request-UUID
X-Jobs
X-Yottaa-Metrics
X-Varnish-Server
VIX-Pulpo-Node
Akamai-GRN
X-Servername
X-G
X-Unique-Id
X-Cache-Time
X-Is-Bot
VIX-Pulpo-Upstream-Status
X-Cache-Grace
Url
X-Drupal-Cache-Contexts
X-Real-IP
X-Mid
X-Status
X-Server-ID
Version
X-Webkit-CSP
X-Content-Powered-By
X-App-Server
X-ProcessESI
X-COUNTRY
X-RemovedCookies
X-APP-VERSION
X-Debug-Info
X-Http-Reason
Countrycode
Srv
X-CDN-Forward
X-XRDS-LOCATION
Protected
X-IPLB-Request-ID
X-IPLB-Instance
X-Hosted-By
Accept-Language
X-Ratelimit-Limit
X-Cache-Expired-At
X-Nginx-Cache-Key
X-Tt-Logid
Healthy
X-Via-JSL
Liferay-Portal
Fastcgi-Useragent
X-Device-Type
X-Cache-Hit
X-Time
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-FW-Dynamic
X-FW-Type
X-Azure-Ref
X-FW-Static
X-FW-Server
X-FW-Hash
X-Tumblr-User
X-FW-Serve
Section-Io-Cache
X-Trace-Id
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Backend
X-Cache-NGX
X-Backend-Name
X-UUID
X-RTag
MS-CV
X-Proxy-Cache-Status
Ms-Operation-Id
X-Cache-Operation
X-Mobile-URL
Server-Info
Content-Secure-Policy
X-UPSTREAM-Address
X-Storage
X-RN-RSRV
Meta-Geo
Load-Balancing
CF-IPCountry
X-Mode
X-Content-Age
X-Handled-By
X-Sql-Duration-Ms
X-HTML-Minification-Powered-By
X-Sql-Count
X-Datadome
TWC-Privacy
Eomportal-Instance
Locale
X-Shopify-Stage
X-Site-Version
Webcakes-App-Name
Web-Mar-Node
X-Sorting-Hat-ShopId
CDN-Cache
CDN-RequestCountryCode
TWC-Connection-Speed
S-Rt
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
Property-Id
TWC-GeoIP-Country
X-ShopId
TWC-Locale-Group
CDN-Uid
CDN-RequestId
Onion-Location
TWC-GeoIP-LatLong
X-Sorting-Hat-PodId
X-Urbn-Context-Path
X-No-Session
X-Akamai-Edgescape
X-Alternate-Cache-Key
X-AWS-Id
X-OCL
X-Origin-Date
X-PHP-Backend
X-PCL
X-Origin-Hint
X-Adobe-Source
X-Cache-Enabled
X-Locale
X-Format
X-Cache-Server
X-Edge-Location
X-Cms-Context
X-Forwarded-Host
X-Skip-Cache
X-LJ-Flow-ID
X-Cache-Host
X-Labrador-Cache-Channel
X-PHP-Host
X-Proto
X-Storefront-Renderer-Rendered
X-Urbn-Site-Id
X-Uri
X-Varnish-Cache-Hits
WP-Super-Cache
X-Section
Webcakes-App-Version
Webcakes-Region
X-Server-W
X-Varnish-Hostname
X-Access
X-Say-TTL
X-Say-Cacheable
X-Region
X-Redis-Cache
X-VWS-Id
X-VC-Cache
X-Varnishpool
Azure-Version
X-SayCDN-TTL
X-ShardId
TWC-Device-Class
Azure-InstanceId
X-URL
GEO-INFO
Azure-SiteName
Azure-RegionName
Azure-SlotName
X-Zen-Fury
X-Generation-Time
X-Hl-Ver
X-GeoCode
X-Generated-By
X-GeoCountry
X-Debug-Cache
X-Cache-Type
X-BYPASS-REASON
X-JoinUs
X-Detected-As
X-Extlb
X-FB-TRIP-ID
X-ProxyCache-Status
X-UA-Device-Type
X-Timing-Wait
X-Via-Fastly
X-Web-Node
X-Xfnlog-Site
X-ServerID
X-SaId
X-Proxy-Build
X-ProxyCache-Key
X-Request-Time
X-Routing-Service
X-Proxied
X-Zipkin-Id
Apigw-Requestid
Mn-Server-Ip
DB-Nickname
Selected-Fe
X-Varnish-Beresp-Grace
X-Tid
X-Cache-Status-Check
X-SRV
X-Correlation-ID
X-Cache-Action
ServedBy
X-Rule
X-Nginx-Cache
X-LSADC-Cache
X-Ua
X-ECache
X-R9-Blue-Green-Version
X-Ms-Version
X-DynaTrace-JS-Agent
Cross-Origin-Resource-Policy
X-Ms-Request-Id
Cache-Name
Cache
X-Human
X-FireWall-Port
X-Cache-Tags
SD-X-WS
Xet-Cookie
X-Cached-By
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Dc
X-Amz-Apigw-Id
X-Amzn-RequestId
Xserver
Source
LB
Cross-Origin-Window-Policy
X-RCS-CacheZone
X-Aspnetmvc-Version
X-TNCMS
X-Cdn
X-Via-NSCOPI
X-Varnish-Hits
WPO-Cache-Status
X-Loop
X-GEO
WPO-Cache-Message
X-MP-GENERATED-AT
Origin
X-GG-Cache-Date
X-Reqid
X-App-Version
X-Origin-TTL
X-Origin-CC
X-IPS-LoggedIn
X-Pubstack
X-Amzn-Remapped-Content-Length
X-TA-CDN-Provider
X-Soup
X-AOL-HN
X-NewRelic-App-Data
Cache-Hits
X-Api-Version
X-B3-SpanId
X-Tumblr-Pixel-2
X-FW-Version
Webserver
From-Origin
Rip
X-TIME
X-Platform-Server
X-Service
X-Newrelic-Synthetics
X-Vgn-Hpd-Reason
X-Cluster-Node
Upgrade-Insecure-Requests
X-B3-Traceid
X-Request-Host
Cdnsip
X-Application
X-AK-Request-ID
X-Session-Fingerprint
X-ARC
X-SRCache-Key
X-Provided-By
Host-ID
X-B-Cookie
X-D
X-Vdms-Path
X-Orig-Expires
X-A-Dgt
Ngx.Var.Host
X-A-Dcw
X-A-Wwc
Meta-Geo-Continent
X-Aed
MD5-Digest
X-NAPM-TraceId
X-Bc-Bl
X-Shop-Environment
X-Ec-Fail
X-Ec-GeoHdr
DCR-Processing-Time-Ms
A
DCR-Decision-By
X-Connection-Hash
X-Destination
X-Developer
BehaviorPad-Version
X-External-Request-Id
X-Forwarded-Path
X-VG-WebCache
X-BCube-Filmed-By
Odigeo-Trace-Id
X-Cache-NE
X-Tenant
X-Accel-Buffering
Environment
Expiry
Cdncip
Lang
X-TIM-N
X-Processor
Sslversion
X-User
X-Rojux
X-S
X-Vdms-Version
Rendered-Blocks
X-S-Cookie
X-Rewrite-Enabled
Redirect-Candidate
T-Server
X-PBS-Appsvrname
X-Origin-Response-Time
Surrogated-Key
X-A-Ccd
X-A
X-Owner
X-A-Dam
X-ScT
Xc-Version
X-Served-From
OT-Force-Account-Verify
X-Cluster
X-Varnish-Beresp-Ttl
Fastly-SSL
Mobile-Detection-Method
Decoy-Debug-Status
X-Bip
X-Level-Front-Cache
Machine
X-Qloud-Router
X-Thanos
X-Forwarded-Site
X-Irp-Debug
X-Aicache-OS
Decoy-Debug-Key
Decoy-Debug-TTL
X-Dispatcher-Number
X-Wix-Viewer-Type
X-Pool
Candidate-Md5Url
X-Generated-On
Tube-Get-Contents
X-Clientip
Tube-Got-Eval
X-Datadog-Parent-Id
Thinkindot-CacheControl
TDXMobile
X-Csrf-Jwt
X-Core-Value
X-Clara-WADP
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Core-Mission
Traceparent
X-Cache-Id
We-Hiring
X-Auto-Login
VNS-Cache
X-BBC-Edge-Cache-Status
Web-Mar-Region
X-Varnish-Remaining-TTL
X-Ad-Defer-Variation
Wxu-Next-Region
Wxu-Next-Hostname
X-Datadog-Sampling-Priority
VNS-Age
Vix-Hermes-Req-Id
X-Cdn-Srv
X-CGP
Tube-Return
Tube-Got-Results
X-Cdn-Origin
X-CacheTTL
X-Branch-Name
X-Cache-Bucket
X-Cache-Info
V-Age
X-Ckpd-Fst-Backend
X-Gamma-Serve
X-Scale
X-SVT-ORM-VERSION
X-Origin-Time
X-Worker
X-Parent-Response-Time
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-VG-TLSProxy
X-SIPLIST1
X-Origin-Expires
X-Slack-Backend
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-NodeID
X-Nyt-Route
X-Origin
X-Optimistic-Header
X-V-Cache
X-Planisys-CDN-TTL
X-Thinkindot-L3
X-Rocket-Build-Number
X-Request-URI
X-WADP-Cache
X-Rocket-Nginx-Serving-Static
X-WA-Info
X-VServer
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-SB
X-Proxy-Cache-Info
X-Policy
X-S-Maxage
X-RateLimit-Limit-Second
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Minions-Version
X-Loc
X-Fmm-Version
X-Fetched-On
X-Fastly-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Sigma-Backend
X-Eu-Site
X-Esi-Check
X-Developers
X-DefHash
X-DefElseHash
X-Device-Os
X-DPWN-IS-SECURE
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-Viewer-Country
X-Gdpr
X-JWT-State
X-Is-Gdpr
X-INCAP-ABP
X-SVT-ORM-RULES
X-Varnish-CookieINHashed-On
X-Variation
X-Varnish-CookieHashed-On
X-HS-Content-Campaign-Id
X-Hash
X-SplitTest
X-Sigma
X-Geo-Header
X-Sn-Servicetimems
X-GeoIP
X-Has-Esi
X-Gzip
X-Datadog-Trace-Id
Wxu-Next-Commit
Fastly-SIE
Fastly-SWR
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Datacenter
DSUID
Gh-Request-Id
Ha-Gx-Prefs
L
L5d-Success-Class
Kp-EeAlive
IsBot
HA-Ipaddr
Is-Eu
CPC-Cache
CPC-Age
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
HostName
Adler-Geo
Cache-Host
Click-Count-Action-Start
Cmstype
Country-Code
Cmsid
Cluster
Click-Count-Error
Mail-Subject
Cache-Tv-Group
State
NM-Fastcgi-Cache
Req-Svc-Chain
Producers
X-CSRF-Token
NGX
Platform
Memcached
Server-Host
Servername
Origin-EX
Origin-CC
X-Cache-Remote
X-Tx-Id
Mime-Version
X-VC
X-Xrds-Location
Server-Ext
CloudFront-Viewer-Country
CDCHOST
Release
User-Cache-Control
X-Gen-Mode
X-Hnp-Log
X-Pod-Name
X-NCache
X-GeoIP-City
AKAMAI
X-NWS-UUID-VERIFY
Sever-Int
Server-Hostname
Svr
X-Block-Status
X-Scheme
Fastcgi-Cache-TTL
X-Presslabs-Stats
X-LB-NoCache
X-Varnish-Ttl
X-Varnish-Beresp-Status
Ec-Rule-Version
WebServer
X-Udemy-Cache-App-Namespace
Canary
Pics-Label
X-ZONE
Ssr
X-CMSURLCustom
X-Cache-Date
SID
X-Ig-Push-State
X-Microcachable
X-Tb-Optimization-Total-Bytes-Saved
X-MCACHE
X-Sucuri-ID
X-Sucuri-Cache
Time
X-Conf
X-Yandex-Sdch-Disable
Memory
Sid
X-Trace-ID
X-ND-Cache
X-Via-Popv
X-Generated-In
X-WP-CF-Super-Cache-Active
X-FC-Vary-Parameters
X-Var-Ttl
Fastly-Drupal-Html
X-Fastly-Backend
X-Azure-Ref-OriginShield
X-Via-Popn
X-Via-Poph
X-ATG-Version
X-Cache-Debug
X-Tec-Api-Origin
X-Tec-Api-Version
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Root
X-Akamai-Transformed
X-Newrelic-App-Data
X-Servedbyhost
X-TRACE-ID
Server-ID
X-Dmc
X-Refresh
X-Be
Env
X-Edge-Pop
X-CS
X-CACHE-AGE
X-MSEdge-Flight
X-Air-Source
X-MSEdge-Features
X-Fpc
X-Air-Trace-Id
X-Air-Hostname
Fastly-Drupal-HTML
X-Release
X-NC
X-Buckets
X-Cs
X-DC
X-Esi
X-PX
X-EC-Lua
X-Zone
Magicmarker
X-Endurance-Cache-Level
GeoIp-Country-Code
X-ID
X-Wikidot-Backend
X-Wikidot-Static-Cache
CDN
X-Up
X-RateLimit-Reset
X-Tumblr-Pixel-3
True-Client-IP
X-TX-ID
X-Hyper-Cache
X-VCL-Version
X-Dispatch
X-Wa
X-Vc
X-Pass-Why
X-CF-Lambda-Version
X-CF-Lambda-Fn
My-App
X-Srv
Hostname
X-CSRF-TOKEN
X-NGINX-Cache
X-Webkit-CSP-Report-Only
X-App
Pramga
X-Lambda-Id
X-Micro-Cache
X-M-Log
X-M-Reqid
X-CACHE-KEY
C-Via
X-Alfa-Service
X-Qnm-Cache
X-Req
N-Cache
X-Varnish-Beresp-TTL
X-TrackingId
X-Edge-Origin-Shield-Region
Path
On-Server
X-Platform
X-PAYTM-SRV-ID
Resin-Trace
X-Air-Pt
X-Edge-Origin-Shield-Bytes
X-Vcl-Version
Fastcgi-X-Cache-Version
X-TH-Server
X-Check-Cacheable
X-LB-ID
CacheControlHeader
X-Vercel-Cache
X-Vercel-Id
X-HS-Status
Tcn
True-Client-Ip
Esi-Enabled
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Nf-Request-Id
X-B3-Spanid
Tracecode
GeoIP-Country-Code
X-AIR-PT
True-Client-Country-4JS
GeoIP-Latitude
X-SERVER-NAME
X-ApacheServer
X-PERF
NtCoent-Length
X-Node-Id
Proxy-Connection
X-API-Version
X-Op-Id-All
X-LAGOON
X-Request-Start
X-SD-PageType
X-Akamai-Pragma-Client-IP
X-CLOUD-TRACE-CONTEXT
Cdn
Section-Io-Id
Hit
X-Mly-Id
Section-Io-Origin-Status
Section-Origin-Responded
X-FPC
Cache-Key
HIT
Section-Io-Origin-Time-Seconds
DT-Hot-News
X-Webkit-Csp-Report-Only
X-Platform-Processor
X-GeoIP-Region-Code
X-Platform-Router
X-Render-Time
ENV
X-Platform-Cluster
X-Via-CDN
XkeyRZ
X-Geo
X-WA
X-Proxy-CacheRZ
DynaTrace
X-GeoIP-Country-Code
X-Dw-Trace-Id
YJS-ID
X-Edge-POP
X-Lb-Id
PFcat
User-Agent
X-Via-Ucdn
X-Date
X-Datacenter
WWW-Authenticate
X-Accel-Expires-Debug
XM
X-ServedByHost
Lb
X-Traceid
X-VarnishDD-TTL
Server-Id
X-Proxy-Upstream
X-HN
X-Cdn-Forward
X-RAMCache
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-LiteSpeed-Cache-Control
Server-Ttl
X-Proxy-Cache-Hk
X-DW
X-TT-LOGID
X-LI-UUID
X-Li-Pop
X-LI-Proto
X-RSL
X-FORWARDED-FOR
X-DSS
X-RPM
X-RPS
X-CF-Powered-By
X-CUA
X-Li-Fabric
MIME-Version
Yjs-Id
SRV
X-DB
X-DI
X-LiteSpeed-Tag
X-Cache-Ttl
Geoip-Latitude
Dnion-Transfer-Encoding
CountryCode
X-Response-By
PICS-Label
X-Nc
XServer
Location
X-Fastly-Backend-Reqs
Vha6-Origin
FSS-Cache
X-Instance-Name
X-Old-Content-Length
X-Service-Response-Time
Nginx-CQVIP
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Ftr-Request-Id
Ohc-File-Size
Sm-Log-Id
M-TraceId
X-Cache-Backend
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-UA
X-Wp-Cf-Super-Cache
X-HostName
X-Cc-Via
X-Request-Url
X-Lb-Nocache
X-B3-ParentSpanId
X-Httpd
X-Mg-Cache
X-Akamai-Request-ID
X-Fastly-Cache-Hits
X-HA-Backend
X-Cdn-Request-ID
Powered-By
Wpo-Cache-Message
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Wpo-Cache-Status
Warning
X-Cache-Ngx
X-FL-EDGE
X-DataCenter
Srvid
X-From
Locid
X-Webstats-RespID
X-Moov-Xdn-Version
Req-ID
X-Moov-T
X-Snapshot-Date
X-MiniProfiler-Ids
Ohc-Cache-HIT
Fastcgi-Cache-Ttl
X-Server-IP
Uri
X-Serial
WZWS-RAY