Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Dns-Prefetch-Control
Server-Timing
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Content-Encoding
X-Ua-Compatible
X-CDN
Status
X-XSS-PROTECTION
Upgrade
X-Request-ID
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Request-Context
X-Backend
X-Cache-Group
X-Turbo-Charged-By
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-AH-Environment
X-UA-Device
X-Vhost
X-Hacker
X-Proxy-Cache
X-Server
Allow
X-Rq
X-Server-Powered-By
X-Ws-Request-Id
X-Dispatcher
X-Age
EagleId
X-Varnish-Cache
X-Amz-Version-Id
P3p
Nel
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
Cf-Railgun
X-OneAgent-JS-Injection
X-Page-Speed
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
EagleEye-TraceId
X-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
Accept-CH
X-Cache-Lookup
X-CST
X-Node
X-WebKit-CSP
X-Backend-Server
Surrogate-Control
X-Server-Id
Permissions-Policy
X-Readtime
X-Nginx-Upstream-Cache-Status
X-Akam-SW-Version
X-Nginx-Cache-Status
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Request-Id
X-Application-Context
Accept-CH-Lifetime
Xkey
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-Response-Time
X-Ruxit-JS-Agent
X-HW
X-Trace
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Rating
X-ESI
X-Midtier
X-Url
X-Amz-Server-Side-Encryption
X-ECACHE
Cache-Tag
X-Mcache
X-Country
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Rack-Cache
X-MS-InvokeApp
X-D2id
Service-Worker-Allowed
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-Vcap-Request-Id
Verso
X-Element-Page-Cache
Accept-Ch
X-Upstream
Edge-Control
X-Litespeed-Cache
X-Country-Code
Origin-Trial
X-Ac
X-TtlSet
X-Vname
X-PC
RTSS
X-Goog-Hash
X-Webkit-CSP
X-VARITI-CCR
X-Navigation-Version
X-Kinja-CCPA
X-Abt-Application-Version
X-Cache-TTL
X-Browser-Type
Fastly-Restarts
X-Amz-Rid
X-Varnish-TTL
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-GitHub-Request-Id
Cross-Origin-Opener-Policy
X-Aspnetmvc-Version
X-Ruxit-Js-Agent
X-Cached
X-Server-Name
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-Sol
Pagespeed
X-Middleton-Display
Display
SPRequestGuid
X-SharePointHealthScore
X-WebKit-CSP-Report-Only
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Content-Type
X-ORACLE-DMS-RID
SPIisLatency
X-ORACLE-DMS-ECID
SPRequestDuration
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Times
X-Cache-Key
X-Server-ID
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-Ttl
X-Powered-CMS
X-B3-Traceid
Arr-Disable-Session-Affinity
X-Mg-S
X-Client-IP
X-Version
X-Cnection
X-Middleton-Response
Response
X-Ser
Nginx-Cache
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-FastCGI-Cache
X-Accel-Expires
Cache-Tags
X-Fastly-Request-ID
X-T
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Cache-Status
Edge-Cache-Tag
X-Hits
X-B3-TraceId
X-MSEdge-Ref
Public-Key-Pins
X-NF-Request-ID
X-Px
X-RateLimit-Remaining
X-Recruiting
Front-End-Https
S
X-Shield-Request-Id
Payment
X-Daa-Tunnel
X-LLID
X-Frontend
Server-Node
X-Ua-Browser
X-Request-Processing-Time
X-Request-Received
X-RateLimit-Limit
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Content-MD5
X-Goog-Metageneration
X-GUploader-UploadID
X-Webkit-CSP-Report-Only
X-TTL
MicrosoftSharePointTeamServices
X-Content-Digest
Access-Control-Request-Method
X-Amzn-RequestId
X-Amz-Apigw-Id
X-DIS-Request-ID
X-Forwarded-For
TP-Cache
Realpath
X-Protected-By
X-Microsite
X-Request-Handler-Origin-Region
X-Fastcgi-Cache
X-Distributor
X-FB-Debug
X-PressLabs-Stats
Fastcgi-Cache
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-Xrds-Location
Access-Control-Allow-Method
X-Page-Id
X-Cluster-Name
X-LB-Cache
Accept-Charset
X-Rid
X-Ratelimit-Remaining
Count-Hit
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Hostname
X-Id
X-B3-Sampled
X-Edge-Location-Klb
X-Kinsta-Cache
X-Geo-Country
TP-L2-Cache
X-Aspnet-Version
Cross-Origin-Resource-Policy
X-Ua-Device
X-Seen-By
X-App-Server
TCN
X-Varnish-Backend
X-Logged-In
X-Ezoic-Cdn
Cleartype
X-Correlation-Id
X-Ratelimit-Limit
X-Content-Options
X-Hosted-By
X-Git-Hash
Referer-Policy
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Mobile
DC
Retry-After
X-Origin-Cache
X-Fb-Rlafr
X-Newrelic-App-Data
X-Contextid
X-Request-Guid
X-TEC-API-VERSION
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-TEC-API-ROOT
X-Providence-Cookie
X-Route-Name
X-TEC-API-ORIGIN
Surrogate-Key
X-Forwarded-Proto
X-F-Cache
X-Revision
X-Grace
X-TT
X-Debug-Info
X-Amz-Replication-Status
X-App-Environment
Frame-Options
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Grace
X-IPS-LoggedIn
X-Envoy-Decorator-Operation
X-Azure-Ref
MS-Author-Via
X-Magnolia-Registration
Section-Io-Cache
X-Wix-Request-Id
X-Proxy-Cache-Info
X-Www-Served-By
X-App-Version
X-Whom
X-RateLimit-Reset
Healthy
X-Activity-Id
Charset
X-Language
X-AppVersion
X-Az
X-Nf-Request-Id
Filterid
X-Akamai-Edgescape
X-Trace-Id
Viewport
X-COUNTRY
Alternate-Protocol
X-Webkit-Csp
WPO-Cache-Message
WPO-Cache-Status
X-Varnish-Server
X-Origin-Server
X-Kong-Proxy-Latency
Server-Name
X-Backend-Name
X-Kong-Upstream-Latency
X-EdgeConnect-Cache-Status
Paypal-Debug-Id
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-B
X-Original-Request-Id
Host
X-Response-Served-From
X-Cache-Rule
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
SRV
X-UUID
X-Rule
X-User-Agent
X-Cache-Grace
X-Http-Reason
Amp-Access-Control-Allow-Source-Origin
X-Vcache
Front
X-Instance
X-Edge-Location
X-Yottaa-Optimizations
X-Cacheable-TTL
X-Yottaa-Metrics
X-Region
SD-X-WS
X-Environment-Context
X-Akamai-Request-ID2
X-ARC
Protected
Country
X-N
X-Page-View
X-L-Path
X-Jobs
X-Unique-Id
From-Origin
Content-Disposition
X-Time
X-Status
X-Is-Bot
X-Adobe-Loc
Akamai-GRN
X-Varnish-Age
X-Adobe-Content
X-Framework
Fastly-SIE
X-Rendered-As
Fastly-SWR
X-Signature
X-B-Cache
X-FW-Dynamic
X-Load-Cache
X-FW-Type
X-FW-Static
X-FW-Hash
X-ProcessESI
X-RemovedCookies
X-Rocket-Nginx-Serving-Static
X-Client-Ip
X-FW-Version
X-FW-Server
X-FW-Serve
X-Tec-Api-Version
X-Tumblr-User
X-Tec-Api-Origin
X-Datadog-Sampled
X-Mg-Request-UUID
X-G
X-Type
X-Tec-Api-Root
X-Cache-Time
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Proxy
X-DataDome
X-Amzn-Remapped-Content-Length
X-Debug-IsConnected
X-Debug-IsPreview
ServerID
Access-Control-Request-Headers
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-CDN-Forward
Backend
X-URL
X-ECache
X-Cache-Age
Refresh
X-Nginx-Cache
X-Cache-Control
Xet-Cookie
Countrycode
X-Tt-Trace-Tag
X-Servername
X-DynaTrace
X-Tt-Trace-Host
X-Httpd
X-Erf-Web-Scheduler
Url
CF-IPCountry
X-Drupal-Cache-Tags
Accept-Language
X-Template
X-Device-Type
X-DynaTrace-JS-Agent
X-Mode
X-Generated-By
X-NYM-Debug-Backend
X-Content-Powered-By
X-HTML-Minification-Powered-By
Xserver
X-Storage
X-Cache-Hit
Webserver
X-Hcs-Proxy-Type
GEO-INFO
X-Source
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Version
S-Rt
Load-Balancing
Meta-Geo
X-ServerID
X-FTR-Request-ID
X-Director
X-Cache-Operation
X-Content-Age
Filters
X-GeoCountry
X-Rewrite-Enabled
X-UPSTREAM-Address
OT-Force-Account-Verify
X-Loop
X-JoinUs
X-GeoCode
X-Tncms
X-Rn-Rsrv
X-SaId
X-Varnish-Cache-Hits
X-Urbn-Site-Id
X-Say-TTL
X-Tt-Logid
X-LAGOON
Cross-Origin-Window-Policy
X-Container-Uri
X-Cluster-Node
X-Cache-Action
X-Soup
X-Say-Cacheable
X-SayCDN-TTL
X-Git-Commit
Onion-Location
Locale
X-Urbn-Context-Path
X-Forwarded-Host
X-Ms-Version
Azure-InstanceId
X-Tb
Azure-SiteName
Azure-RegionName
X-Adobe-Source
X-VC-Cache
X-Ms-Request-Id
Azure-SlotName
X-PHP-Host
Azure-Version
X-Varnish-Hostname
Web-Mar-Node
X-VCT
X-RM-Cache-TTL
X-Served-From
X-Sql-Count
X-Skip-Cache
X-Labrador-Cache-Channel
X-NGENIX-Cache
X-Lambda-Id
X-Detected-As
X-Sql-Duration-Ms
X-XRDS-LOCATION
X-Zipkin-Id
Mn-Server-Ip
X-R9-Blue-Green-Version
X-RCS-CacheZone
Node
X-Logging-Id
X-FB-TRIP-ID
DB-Nickname
X-Proxied
X-Routing-Service
X-Extlb
X-Cache-Server
X-Timing-Wait
Property-Id
X-Format
Selected-Fe
X-Generation-Time
X-Fetched-On
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
X-Origin-Hint
X-Debug
X-Proxy-Build
X-Tumblr-Pixel-3
X-Uri
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Privacy
X-Tumblr-Pixel-2
TWC-Connection-Speed
TWC-Locale-Group
X-MCACHE
Fastcgi-Useragent
X-Endurance-Cache-Level
X-Redis-Cache
X-Proto
X-TimeS
Uber-Trace-Id
Source
X-Zen-Fury
X-B3-SpanId
X-LSADC-Cache
X-Ua
X-Sucuri-ID
X-Sucuri-Cache
X-S
CDN-RequestId
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
X-XRDS-Location
Section-Io-Id
X-Newrelic-Synthetics
X-Origin-CC
X-Origin-TTL
NGB
X-Ratelimit-Reset
X-Drupal-Cache-Contexts
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Srv
X-Origin-Date
X-Akamai-Transformed
X-MP-GENERATED-AT
Upgrade-Insecure-Requests
Fastly-Drupal-HTML
X-Real-IP
X-Cache-Expired-At
X-Handled-By
X-Pass-Why
X-Varnish-Hits
X-Xfnlog-Site
Liferay-Portal
X-Cms-Context
Apigw-Requestid
X-Optimistic-Header
Ms-Operation-Id
MS-CV
X-RTag
X-No-Session
X-Reqid
X-Restarts
ServedBy
X-CACHE-AGE
X-BYPASS-REASON
X-Cache-Host
X-ProxyCache-Status
X-ProxyCache-Key
X-AB
X-TraceId
WP-Super-Cache
X-Correlation-ID
X-Hl-Ver
CDN-RequestPullCode
CDN-RequestPullSuccess
X-UA-Device-Type
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
X-AWS-Id
X-IPLB-Instance
X-Cluster
X-Cache-Type
X-IPLB-Request-ID
X-GEO
X-Cache-TTL-Remaining
X-VWS-Id
X-CSRF-Token
X-Node-Name
X-LJ-Flow-ID
CDN-Uid
X-Upgrade-Enabled
X-Geo-Region
X-Parent-Response-Time
X-Via-JSL
X-Varnish-Ttl
X-Proxy-Cache-Status
X-Tx-Id
Cache-Provider
X-Pubstack
X-Fastly-Request-Id
Canary
DCR-Processing-Time-Ms
DCR-Decision-By
X-Eu-Site
X-ScT
X-B-Cookie
X-Bc-Bl
BehaviorPad-Version
X-External-Request-Id
X-Fastly-Backend
X-Application
X-FC-Vary-Parameters
X-Bl-Debug
X-BCube-Filmed-By
X-Epic-Correlation-Id
X-CF-Lambda-Version
Gannett-Cam-Experience-Id
Ha-Gx-Prefs
X-Micro-Cache
X-Cache-Status-Check
X-PAYTM-SRV-ID
X-CacheTTL
X-Cache-NE
X-Rojux
X-CF-Lambda-Fn
X-S-Cookie
X-Conf
X-App
HA-Ipaddr
Fastly-SSL
X-CGP
X-Ec-Fail
X-Ec-GeoHdr
X-Vtex-Remote-Cache
X-A
X-A-Ccd
X-Viewer-Country
X-Debug-Cache-Store
Origin-Agent-Cluster
Surrogated-Key
X-Worker
X-Developer
X-A-Wwc
X-Destination
Server-Host
X-Vdms-Path
Rendered-Blocks
X-A-Dgt
X-Vdms-Version
Redirect-Candidate
Xc-Version
X-A-Dam
X-A-Dcw
True-Client-Country-4JS
Odigeo-Trace-Id
Web-Mar-Region
X-D
Vix-Hermes-Req-Id
Magicmarker
Lang
X-Ec-Custom-Error
L
L5d-Success-Class
X-Csrf-Jwt
Candidate-Md5Url
Sslversion
N-Cache
Ngx.Var.Host
X-SRCache-Key
X-Aed
Meta-Geo-Continent
X-We-Are-Hiring
X-Debug-Cache-Fetch
MD5-Digest
W
T-Server
X-Server-W
Cache-Name
X-B3-Spanid
X-Geo-Header
Thinkindot-CacheControl-Type
X-Mvc-Supplant-Cachable
Thinkindot-Control
X-Gdpr
We-Hiring
VNS-Age
CloudFront-Viewer-Country
X-Mly-Id
CPC-Cache
TDXMobile
CPC-Age
Thinkindot-CacheControl
Datacenter
Cmstype
Cmsid
X-GeoIP-Region-Code
Gh-Request-Id
Origin
X-Loc
X-Mid
X-Hash
X-Forwarded-Path
Host-ID
Is-Eu
X-Irp-Debug
X-Alternate-Cache-Key
Mail-Subject
X-Accel-Expires-Debug
X-Accel-Buffering
Req-Svc-Chain
X-ApacheServer
X-GeoIP-Country-Code
X-App-Name
Release
Expect-Staple
Platform
Fastly-GeoIP-CountryCode
Producers
Fastly-Backend-Name
Environment
X-Request-Time
X-Var-Ttl
X-Up
X-Thinkindot-L3
X-Variation
X-Varnish-CookieHashed-On
X-Varnishpool
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Datadome
X-DefElseHash
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Nananana
X-Storefront-Renderer-Rendered
X-SVT-ORM-RULES
X-Tenant
X-SVT-ORM-VERSION
X-DefHash
X-VG-TLSProxy
X-Level-Front-Cache
X-Generated-On
X-Bip
X-Owner
X-Pool
X-DPWN-IS-SECURE
X-Thanos
X-Qloud-Router
X-Dispatcher-Server
X-Dispatcher-Number
X-VServer
X-Vmg-Version
X-VG-WebCache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-AIR-PT
X-Wix-Viewer-Type
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Origin-Time
X-Cache-Info
X-Orig-Expires
X-PERF
X-Platform
X-Refresh
X-Cdn-Diag
X-Policy
X-Cache-Debug
X-Old-Content-Length
Adler-Geo
AKAMAI
X-BBC-Edge-Cache-Status
X-Nitro-Cache
X-Cache-Bucket
X-Nyt-Route
X-NodeID
X-Request-Host
X-Cdn-Origin
X-Core-Value
VNS-Cache
X-Shopify-Stage
X-Server-IP
X-ShardId
X-ShopId
X-Shop-Environment
X-Core-Mission
X-Date
X-Slack-Backend
X-Clientip
X-CMSURLCustom
X-SD-PageType
AMP-Access-Control-Allow-Source-Origin
User-Cache-Control
X-TIME
X-Forwarded-Site
X-Auto-Login
X-Block-Status
X-Cache-Id
X-Clara-WADP
X-Fmm-Version
X-Esi-Check
X-Device-Os
X-From
X-Origin-Response-Time
Apple-News-Services-Request-Url
X-Nginx-Cache-Key
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Gen-Mode
X-NCache
X-Mvc-Supplant-OutputCached
DSUID
Country-Code
Cf-Device-Type
CDCHOST
X-Node-Id
X-Op-Id-All
X-Test
X-WA-Info
X-WADP-Cache
Machine
X-Vgn-Hpd-Reason
X-S-Maxage
X-Org
X-Origin
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Esi-Enabled
Apple-News-Services-Handled
X-Human
Server-Hostname
NM-Fastcgi-Cache
X-INCAP-ABP
X-Gzip
Sever-Int
X-Hnp-Log
X-GeoIP
Server-Ext
X-Tcp-Rtt
X-Is-Desktop
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-Browser-Name
X-Accel-Version
X-Ah-Environment
Ssr
Content-Secure-Policy
Wxu-Next-Commit
X-Via-Fastly
Wxu-Next-Region
Wxu-Next-Hostname
X-Section
X-Cdn-Srv
X-LB-NoCache
X-Vcl-Version
C-Via
NGX
X-Instance-Name
Pics-Label
X-Access
Server-Info
X-Cache-Enabled
X-Dc
X-Buckets
Server-ID
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-Device-Characteristics
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-API-Version
X-Zone
IsBot
X-Presslabs-Stats
X-HA-Backend
X-SIPLIST1
X-CACHE-GROUP
X-Origin-Cache-Key
YJS-ID
X-B3-Parentspanid
Cdn-Requestid
X-WP-CF-Super-Cache-Active
CF-Ctrl
X-Platform-Cluster
X-JWT-State
X-Is-Gdpr
X-Has-Esi
Memcached
X-Platform-Processor
Sid
X-Platform-Router
X-Cached-By
X-ID
Time
X-Wp-Cf-Super-Cache-Active
Location
Memory
Hostname
X-Frame-Option
X-TA-CDN-Provider
Origin-CC
X-Internal-Host
X-Scale
X-Tb-Optimization-Total-Bytes-Saved
Cache-Hits
X-Hyper-Cache
X-Fpc
X-Air-Source
X-Air-Trace-Id
X-TIM-N
X-Air-Hostname
Origin-EX
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-Backend-Instance
X-Webstats-RespID
X-ZONE
X-PHP-Backend
X-DC
X-Cs
X-LiteSpeed-Cache-Control
Resin-Trace
X-VC
X-Service
LB
Epwk-X-Cache
X-NewRelic-App-Data
X-Azure-Ref-OriginShield
True-Client-Ip
Uri
X-DataCenter
X-Locale
GeoIP-Latitude
X-NGINX-Cache
X-SRV
X-Site-Version
GeoIP-Country-Code
X-Microcachable
X-Nitro-Rev
X-Nitro-Cache-From
Req-ID
X-NODE
GeoIp-Country-Code
X-NMSegId
Cdn-Request-Time
X-Origin-Expires
WZWS-RAY
Cache-Host
X-Edge-Server
Cdn-Host
X-VCache
X-Info
X-Datacenter
XM
WebServer
X-Ad-Load-Variation
XServer
X-Cache-Ttl
Cdn
X-Geo
X-CSRF-TOKEN
X-Request-URI
PFcat
M-TraceId
NtCoent-Length
X-VarnishDD-TTL
X-M-Log
X-Request-Start
X-Pod-Name
Pramga
X-HN
True-Client-IP
X-M-Reqid
X-Pad
X-Scope-Id
X-Vercel-Cache
X-Vercel-Id
SID
HostName
X-Web-Node
X-Github-Request-Id
Content-Script-Type
X-Ad-Defer-Variation
X-Qnm-Cache
X-Shield-Cache-Expires
X-Varnish-Beresp-Status
User-Agent
Cluster
Content-Style-Type
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Date
X-Via-Edge
X-Via-SSL
X-Via-CDN
X-FPC
X-CS
Srvid
Edge-Copy-Time
X-FL-QIT-DEBUG
X-FL-EDGE
Fastly-Drupal-Html
Cache-Tv-Group
X-MSEdge-Features
Locid
X-MSEdge-Flight
A
X-HostName
Tcn
Edge-Cache
X-TH-Server
X-Api-Version
X-APP-VERSION
Cf-Ipcountry
X-Cdn-Request-ID
CountryCode
X-Contensis-Viewer-Groups
Click-Count-Action-Start
X-AK-Request-ID
X-Moov-T
Cdncip
X-Cache-ASPX
X-ATG-Version
X-NWS-UUID-VERIFY
X-Moov-Xdn-Version
Cdnsip
X-FireWall-Port
Path
X-Amz-Meta-Opti
Tube-Got-Eval
X-V-Cache
X-Servedbyhost
X-Webkit-Csp-Report-Only
Click-Count-Error
X-Via-Poph
X-Via-Popn
X-Varnish-Authentication
X-Wa
X-Via-Popv
X-Nc
X-Esi
X-LB-ID
Tube-Return
Tube-Got-Results
Tube-Get-Contents
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
X-B3-Trace-ID
X-Cache-FS-Status
X-LiteSpeed-Tag
X-Vary
X-Men
On-Server
X-Req
X-SB
V-Age
Cache-Key
X-Branch-Name
X-Wp-Cf-Super-Cache-Cookies-Bypass
Priority
X-VCL-Version
XkeyRZ
Ngx-Var-Key
X-TRACE-ID
MIME-Version
Yak-Timeinfo
X-Proxy-CacheRZ
CDN
X-CACHE-KEY
X-UA
X-Tim-N
X-Wp-Cf-Super-Cache-Cache-Control
X-Cdn-Forward
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
Geoip-Latitude
Srv
X-Wp-Cf-Super-Cache
Proxy-Connection
X-Render-Time
X-Acquia-Site
Wpo-Cache-Status
X-Akamai-Pragma-Client-IP
X-Acquia-Application-UUID
My-App
Wpo-Cache-Message
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Lb-Cache
X-User
X-Planisys-CDN-TTL
X-Platform-Server
X-Air-Pt
X-Planisys-CDN-Rules
State
Lb
X-Fastly-Backend-Reqs
X-Ha-Backend
X-Fastly-Country-Code
X-Varnish-Director
X-Provided-By
Server-Id
X-Planisys-CDN-Cache
X-Generated-In
X-HS-Content-Campaign-Id
X-TT-LOGID
Ohc-Cache-HIT
Ohc-File-Size
CF-Cached-On
X-Dw-Trace-Id
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Lb-Nocache
X-Fastly-Cache
X-Vgn-Hpd-Variations-Key
PICS-Label
X-Via-Ucdn
Fusion-Source
Fusion-Template-Id
Type
X-Release
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
X-EC-Lua
Fusion-Content-Source
X-CUA
X-Upstream-Ht
X-TX-ID
X-Upstream-Ct
Yjs-Id
X-Iplb-Instance
X-Iplb-Request-Id
X-Udemy-Cache-App-Namespace
X-Snapshot-Date
Warning
Ngx
X-Cache-Remote
X-CF-Cache-Header-Vary
X-CF-Cache-Header-Cache-Control
X-CDN-Cache-Status
X-GoCache-CacheStatus
Mime-Version
X-Cdn-Cache-Status
X-Rocket-Build-Number
X-Litespeed-Cache-Control
X-Fastly-Cache-Hits
Vha6-Origin
X-Miniprofiler-Ids
CACHE-MISS-TO-ORIGIN
X-RAMCache
X-Sigma
X-Cached-Since
X-ElasticPress-Query
X-HS-Status
X-Traceid
Log-Origin
Cneonction
Inserted-Into-Cache-At
Cache
X-Sigma-Backend