Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
X-CDN
X-Ua-Compatible
Access-Control-Max-Age
X-Request-ID
X-Dns-Prefetch-Control
X-Via
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
P3p
X-Backend
X-Amz-Id-2
X-Proxy-Cache
X-Ws-Request-Id
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Akamai-Path-Stats
X-Rq
EagleId
X-Vhost
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Server-Id
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Pingback
X-Cache-Spec
Request-Id
Surrogate-Control
Cf-Railgun
X-Akam-SW-Version
X-Backend-Server
X-Readtime
Accept-CH
X-Cache-Lookup
X-Response-Time
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Country
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
Accept-Ch
X-Url
X-Edge
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-MS-InvokeApp
X-B3-TraceId
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Ruxit-JS-Agent
X-Content-Type
X-Vcap-Request-Id
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Varnish-TTL
Xkey
X-Oneagent-Js-Injection
X-ESI
X-FastCGI-Cache
X-Amz-Rid
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-VARITI-CCR
X-D2id
X-CST
X-Mcache
Cache-Tag
X-GitHub-Request-Id
Verso
RTSS
X-Powered-By-Plesk
X-Ruxit-Js-Agent
X-ECACHE
Service-Worker-Allowed
X-Cached
X-Client-IP
X-Upstream
X-Abt-Application-Version
X-Version
X-Navigation-Version
X-Dw-Request-Base-Id
X-Px
X-Cnection
X-Ac
Public-Key-Pins
X-Ser
Arr-Disable-Session-Affinity
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
SPRequestGuid
Display
X-Sol
Pagespeed
X-Element-Page-Cache
X-SharePointHealthScore
X-Middleton-Display
X-Server-Name
X-Country-Code
X-Cache-TTL
SPRequestDuration
SPIisLatency
X-NWS-LOG-UUID
X-NF-Request-ID
X-RateLimit-Remaining
X-Midtier
X-Cache-Key
Permissions-Policy
Response
X-Middleton-Response
X-Edge-Location-Klb
X-Goog-Hash
X-Kinsta-Cache
X-Ttl
X-Forwarded-For
Access-Control-Request-Method
Content-MD5
X-DataDome
X-SRCache-Fetch-Status
X-Shield-Request-Id
X-SRCache-Store-Status
Front-End-Https
X-MSEdge-Ref
X-Powered-CMS
X-Correlation-Id
Edge-Cache-Tag
TP-L2-Cache
X-T
TP-Cache
X-Recruiting
AR-SID
AR-ATIME
AR-Request-ID
AR-CACHE
AR-PoweredBy
Nginx-Cache
X-Jurisdiction
X-Accel-Expires
X-HP-Trace-Id
X-HP-Webp
X-RateLimit-Limit
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
TCN
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Grace
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Id
X-Mg-S
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Hits
X-TEC-API-VERSION
X-TTL
X-Content-Digest
X-Request-Processing-Time
X-Request-Received
Filters
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
Server-Node
X-Frontend
Server-Name
X-LLID
S
X-Distributor
X-Amzn-Trace-Id
Cache-Status
X-Protected-By
X-Geo-Country
MS-Author-Via
Fastcgi-Cache
X-Fastly-Request-Id
X-LB-Cache
X-Language
X-Microsite
X-Request-Handler-Origin-Region
X-PressLabs-Stats
Cross-Origin-Opener-Policy
X-Seen-By
X-Origin-Server
X-F-Cache
X-Ezoic-Cdn
Filterid
X-Ua-Browser
X-Ab
X-B3-Sampled
X-Forwarded-Proto
Charset
Host
X-Git-Hash
X-FB-Debug
X-Page-Id
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Litespeed-Cache
X-Ratelimit-Reset
Count-Hit
X-ASPNET-VERSION
Payment
Realpath
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-VCache
Accept-Charset
X-Cluster-Name
Cf-Apo-Via
X-Origin-Cache
Alternate-Protocol
Cache-Tags
X-DynaTrace
Surrogate-Key
X-Cache-Age
X-NGENIX-Cache
X-Rid
X-Webkit-Csp
Retry-After
Cleartype
X-Activity-Id
X-Az
X-AppVersion
X-Template
X-Fastcgi-Cache
X-Www-Served-By
X-Flags
Access-Control-Allow-Method
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-Wix-Request-Id
X-Route-Name
X-Node-Name
X-Request-Guid
X-Varnish-Grace
X-Varnish-Backend
X-Upgrade-Enabled
X-Type
X-App-Environment
X-Signature
X-B-Cache
X-Tb
X-TT
X-Amz-Replication-Status
X-DIS-Request-ID
X-B
X-Cdn
X-Debug
ServerID
X-Content
X-Proxy
DC
X-Drupal-Cache-Tags
Paypal-Debug-Id
X-Logged-In
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Envoy-Decorator-Operation
Frame-Options
X-Hostname
X-Source
X-Mobile
X-Content-Options
X-Revision
X-Load-Cache
X-Goog-Metageneration
Pinterest-Version
Pinterest-Generated-By
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Pinterest-Rid
X-N
X-Cache-Control
X-Fastly-Request-ID
Amp-Access-Control-Allow-Source-Origin
X-Contextid
Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Referer-Policy
X-Magnolia-Registration
X-Cache-Rule
Viewport
X-User-Agent
NGB
X-Whom
X-EdgeConnect-Cache-Status
X-Response-Served-From
X-Original-Request-Id
X-Ratelimit-Remaining
Refresh
Node
X-Restarts
X-Varnish-Age
Content-Disposition
X-Environment-Context
X-L-Path
X-Page-View
X-Cacheable-TTL
X-Debug-IsConnected
Access-Control-Request-Headers
X-Cache-TTL-Remaining
X-Debug-IsPreview
VIX-Pulpo-Upstream-Status
Url
Uber-Trace-Id
Akamai-GRN
VIX-Pulpo-Node
X-Adobe-Content
X-Akamai-Request-ID2
X-Adobe-Loc
X-Cache-Grace
X-Framework
X-Is-Bot
X-Servername
X-Jobs
X-Mg-Request-UUID
X-NYM-Debug-Backend
X-Rendered-As
X-Instance
X-Unique-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-G
X-Cache-Time
X-Varnish-Server
X-Status
X-Real-IP
X-Drupal-Cache-Contexts
X-Mid
X-Server-ID
X-Webkit-CSP
Version
X-RemovedCookies
X-COUNTRY
X-Content-Powered-By
X-App-Server
X-ProcessESI
Countrycode
X-Debug-Info
X-APP-VERSION
X-Http-Reason
X-XRDS-LOCATION
X-CDN-Forward
Srv
Protected
X-URL
X-Oracle-Dms-Rid
X-IPLB-Instance
X-Oracle-Dms-Ecid
X-IPLB-Request-ID
X-Hosted-By
Accept-Language
X-Tt-Logid
X-Ratelimit-Limit
X-Nginx-Cache-Key
X-Cache-Expired-At
X-Via-JSL
Liferay-Portal
Fastcgi-Useragent
Healthy
X-Time
X-Cache-Hit
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-FW-Dynamic
X-Tumblr-Pixel-1
X-FW-Hash
X-FW-Serve
X-Azure-Ref
X-FW-Type
X-FW-Static
X-FW-Server
X-Tumblr-User
X-Device-Type
Section-Io-Cache
Backend
X-Trace-Id
X-Cache-NGX
X-UUID
MS-CV
X-RTag
X-Proxy-Cache-Status
Ms-Operation-Id
X-Cache-Operation
X-Mobile-URL
X-Backend-Name
Content-Secure-Policy
Server-Info
X-UPSTREAM-Address
X-RN-RSRV
X-Storage
Meta-Geo
Load-Balancing
CF-IPCountry
X-Mode
X-Sql-Count
X-Sql-Duration-Ms
X-Content-Age
X-Datadome
X-Handled-By
Onion-Location
X-Varnishpool
TWC-Locale-Group
X-Uri
X-Urbn-Site-Id
Azure-Version
CDN-Cache
X-Varnish-Cache-Hits
CDN-PullZone
CDN-Uid
CDN-RequestId
Eomportal-Instance
Locale
TWC-Connection-Speed
TWC-Device-Class
S-Rt
CDN-EdgeStorageId
CDN-CachedAt
TWC-Privacy
Property-Id
CDN-RequestCountryCode
TWC-GeoIP-LatLong
Webcakes-App-Version
X-ShardId
X-AWS-Id
X-VWS-Id
Azure-SlotName
X-ShopId
X-Alternate-Cache-Key
X-Access
X-Adobe-Source
X-Akamai-Edgescape
X-Server-W
X-Section
X-Say-TTL
X-Say-Cacheable
X-Format
X-Cms-Context
X-Forwarded-Host
X-Cache-Host
X-SayCDN-TTL
X-Cache-Enabled
X-Varnish-Hostname
X-Shopify-Stage
X-Region
X-Storefront-Renderer-Rendered
X-Edge-Location
X-LJ-Flow-ID
X-VC-Cache
X-Sorting-Hat-ShopId
X-Locale
X-Urbn-Context-Path
X-OCL
Webcakes-App-Name
X-Labrador-Cache-Channel
X-Origin-Hint
WP-Super-Cache
X-Skip-Cache
X-Site-Version
X-Redis-Cache
X-PHP-Host
X-Sorting-Hat-PodId
Webcakes-Region
X-PCL
X-PHP-Backend
Web-Mar-Node
TWC-GeoIP-Country
Azure-InstanceId
GEO-INFO
Azure-SiteName
X-HTML-Minification-Powered-By
Azure-RegionName
X-Zen-Fury
X-Generation-Time
X-GeoCountry
X-Generated-By
X-GeoCode
X-Debug-Cache
X-Cache-Server
X-Cache-Type
X-JoinUs
X-Detected-As
X-Extlb
X-Origin-Date
X-Via-Fastly
X-Timing-Wait
X-Web-Node
X-Xfnlog-Site
X-Zipkin-Id
X-SaId
X-Routing-Service
X-Proto
X-Proxied
X-Proxy-Build
X-Request-Time
X-No-Session
X-FB-TRIP-ID
DB-Nickname
Apigw-Requestid
Selected-Fe
Mn-Server-Ip
X-Cache-Status-Check
X-BYPASS-REASON
X-Tid
X-Varnish-Beresp-Grace
X-UA-Device-Type
X-Correlation-ID
X-ProxyCache-Status
X-SRV
X-ProxyCache-Key
ServedBy
X-Cache-Action
X-Rule
X-ServerID
X-Nginx-Cache
X-Hl-Ver
X-LSADC-Cache
X-ECache
X-Ua
Cache-Name
X-DynaTrace-JS-Agent
X-R9-Blue-Green-Version
Cross-Origin-Resource-Policy
X-Human
X-FireWall-Port
X-Ms-Request-Id
X-Ms-Version
Cache
SD-X-WS
Xet-Cookie
X-WP-CF-Super-Cache
X-Dc
X-Cached-By
X-WP-CF-Super-Cache-Cache-Control
X-Cache-Tags
X-Amz-Apigw-Id
X-Amzn-RequestId
Xserver
Source
LB
Cross-Origin-Window-Policy
X-Aspnetmvc-Version
X-RCS-CacheZone
X-GEO
WPO-Cache-Message
X-Loop
X-TNCMS
WPO-Cache-Status
X-Via-NSCOPI
X-Varnish-Hits
Origin
X-GG-Cache-Date
X-MP-GENERATED-AT
X-App-Version
X-Origin-CC
X-Origin-TTL
X-IPS-LoggedIn
X-Reqid
X-Pubstack
X-Soup
X-TA-CDN-Provider
X-Amzn-Remapped-Content-Length
X-NewRelic-App-Data
X-AOL-HN
X-B3-SpanId
Cache-Hits
X-Api-Version
X-FW-Version
X-Tumblr-Pixel-2
From-Origin
Rip
X-TIME
X-Service
X-Platform-Server
Webserver
X-Vgn-Hpd-Reason
X-Cluster-Node
X-Newrelic-Synthetics
Upgrade-Insecure-Requests
X-Request-Host
X-Orig-Expires
X-Provided-By
X-Forwarded-Path
Redirect-Candidate
Sslversion
X-NAPM-TraceId
X-Connection-Hash
Environment
X-Application
Expiry
X-ARC
X-B-Cookie
X-Bc-Bl
DCR-Decision-By
DCR-Processing-Time-Ms
X-AK-Request-ID
X-Aed
X-A-Dam
X-A-Ccd
X-A
X-A-Dcw
X-A-Dgt
X-A-Wwc
Host-ID
X-BCube-Filmed-By
X-Cache-NE
A
T-Server
X-Destination
X-Developer
X-Ec-Fail
Surrogated-Key
X-Ec-GeoHdr
X-D
BehaviorPad-Version
Lang
Cdncip
Cdnsip
MD5-Digest
Meta-Geo-Continent
Odigeo-Trace-Id
Ngx.Var.Host
X-External-Request-Id
X-Owner
X-Vdms-Version
X-S-Cookie
X-Vdms-Path
X-S
X-Rojux
X-Processor
X-VG-WebCache
X-Origin-Response-Time
X-User
X-Shop-Environment
X-Tenant
X-SRCache-Key
X-TIM-N
X-Session-Fingerprint
X-ScT
X-Served-From
X-Accel-Buffering
X-Rewrite-Enabled
X-PBS-Appsvrname
Xc-Version
Rendered-Blocks
OT-Force-Account-Verify
Fastly-SSL
X-Varnish-Beresp-Ttl
X-Forwarded-Site
Decoy-Debug-Status
Decoy-Debug-Key
X-Thanos
X-Wix-Viewer-Type
X-Dispatcher-Number
Candidate-Md5Url
X-Aicache-OS
X-Level-Front-Cache
Decoy-Debug-TTL
X-Generated-On
Mobile-Detection-Method
X-Qloud-Router
X-Bip
Machine
X-Pool
X-Cluster
X-Worker
X-V-Cache
X-SplitTest
State
X-Branch-Name
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Ad-Defer-Variation
X-Auto-Login
Req-Svc-Chain
X-BBC-Edge-Cache-Status
Server-Host
Servername
X-WADP-Cache
V-Age
Tube-Return
X-Viewer-Country
Vix-Hermes-Req-Id
VNS-Age
X-VServer
Tube-Got-Results
Thinkindot-Control
X-WA-Info
Tube-Get-Contents
Tube-Got-Eval
VNS-Cache
Thinkindot-CacheControl-Type
Traceparent
TDXMobile
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Thinkindot-CacheControl
Wxu-Next-Region
X-Cache-Bucket
Wxu-Next-Commit
X-VG-TLSProxy
Wxu-Next-Hostname
X-Variation
X-Clientip
X-Gzip
X-RateLimit-Limit-Second
X-Has-Esi
X-Hash
X-INCAP-ABP
X-HS-Content-Campaign-Id
X-Geo-Header
X-RateLimit-Remaining-Second
X-Gamma-Serve
X-Region-Sid
X-Gdpr
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Proxy-Cache-Info
X-Planisys-CDN-TTL
X-NodeID
X-Parent-Response-Time
X-Nyt-Route
X-Optimistic-Header
X-Origin
X-Origin-Time
X-Minions-Version
X-Loc
X-Planisys-CDN-Rules
X-Irp-Debug
X-Planisys-CDN-Cache
X-Is-Gdpr
X-JWT-State
X-Request-URI
X-Rocket-Build-Number
X-Origin-Expires
X-Clara-WADP
X-Sigma-Backend
X-Sigma
X-Core-Value
X-Core-Mission
X-Ckpd-Fst-Backend
X-Cdn-Srv
X-Sn-Servicetimems
X-Cache-Info
X-Cdn-Origin
X-Slack-Backend
X-SIPLIST1
X-DefElseHash
X-DefHash
X-S-Maxage
X-Esi-Check
X-Fastly-Cache
X-Fetched-On
X-Rocket-Nginx-Serving-Static
X-Fmm-Version
X-SB
X-Epic-Correlation-Id
X-Device-Os
X-Developers
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Scale
X-Cache-Id
Web-Mar-Region
DSUID
HostName
Datacenter
CPC-Cache
CPC-Age
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
IsBot
Is-Eu
Fastly-SWR
Fastly-SIE
Country-Code
Cmstype
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
Apple-News-Services-Request-Url
Cache-Tv-Group
Cmsid
Cluster
Click-Count-Error
Click-Count-Action-Start
L
X-CSRF-Token
NM-Fastcgi-Cache
NGX
Origin-CC
Origin-EX
Producers
Memcached
Platform
X-Tx-Id
Mime-Version
X-Cache-Remote
X-Xrds-Location
X-VC
User-Cache-Control
Cache-Host
X-CGP
Sever-Int
X-Policy
X-NCache
X-CacheTTL
X-NWS-UUID-VERIFY
Mail-Subject
CDCHOST
Server-Hostname
AKAMAI
X-Eu-Site
Release
X-Pod-Name
Server-Ext
X-Datadog-Trace-Id
X-GeoIP-City
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Scheme
CloudFront-Viewer-Country
Ha-Gx-Prefs
Gh-Request-Id
HA-Ipaddr
X-Gen-Mode
X-Gateway-Cache-Status
X-Mvc-Supplant-OutputCached
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-Hnp-Log
X-Block-Status
X-GeoIP
We-Hiring
Kp-EeAlive
Svr
L5d-Success-Class
X-Mvc-Supplant-Cachable
Fastcgi-Cache-TTL
X-Presslabs-Stats
X-Varnish-Ttl
X-LB-NoCache
X-Varnish-Beresp-Status
Ec-Rule-Version
X-Udemy-Cache-App-Namespace
WebServer
Pics-Label
Ssr
X-Cache-Date
X-Esi
SID
X-CMSURLCustom
X-Ig-Push-State
X-ZONE
X-Tb-Optimization-Total-Bytes-Saved
X-Microcachable
X-Conf
Time
X-Sucuri-Cache
Memory
Canary
X-Sucuri-ID
X-Yandex-Sdch-Disable
X-Trace-ID
Sid
X-Via-Popv
X-Via-Popn
X-Generated-In
Fastly-Drupal-Html
X-WP-CF-Super-Cache-Active
X-Via-Poph
X-ATG-Version
X-Fastly-Backend
X-ND-Cache
X-Azure-Ref-OriginShield
X-Var-Ttl
X-Cache-Debug
X-Tec-Api-Origin
X-B3-Traceid
X-Tec-Api-Version
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Root
X-Akamai-Transformed
X-Newrelic-App-Data
X-Servedbyhost
X-TRACE-ID
X-Refresh
X-Dmc
Server-ID
X-FC-Vary-Parameters
X-Be
X-CS
X-Edge-Pop
Env
X-CACHE-AGE
X-MSEdge-Features
X-Release
Fastly-Drupal-HTML
X-MSEdge-Flight
X-Fpc
X-Air-Trace-Id
X-NC
X-Air-Source
X-Air-Hostname
X-Cs
X-Buckets
X-DC
X-PX
GeoIp-Country-Code
X-Endurance-Cache-Level
X-MCACHE
X-Zone
Magicmarker
X-EC-Lua
X-Wikidot-Backend
X-ID
X-Wikidot-Static-Cache
CDN
X-RateLimit-Reset
X-Up
X-Tumblr-Pixel-3
X-TX-ID
X-Hyper-Cache
X-CF-Lambda-Version
X-VCL-Version
X-CF-Lambda-Fn
X-Pass-Why
X-Vc
True-Client-IP
X-Wa
X-Dispatch
X-NGINX-Cache
Hostname
X-CSRF-TOKEN
X-Webkit-CSP-Report-Only
X-Srv
X-M-Reqid
X-Micro-Cache
X-M-Log
Pramga
My-App
X-Lambda-Id
X-App
X-CACHE-KEY
X-Alfa-Service
X-Qnm-Cache
C-Via
X-Req
X-Varnish-Beresp-TTL
X-TrackingId
N-Cache
X-Edge-Origin-Shield-Region
X-Air-Pt
X-Platform
X-Edge-Origin-Shield-Bytes
Resin-Trace
X-PAYTM-SRV-ID
On-Server
Fastcgi-X-Cache-Version
X-Vcl-Version
Path
X-Vercel-Cache
Esi-Enabled
X-Vercel-Id
X-Check-Cacheable
X-TH-Server
Tcn
True-Client-Ip
X-HS-Status
X-LB-ID
GeoIP-Latitude
Tracecode
CacheControlHeader
X-B3-Spanid
X-Vtex-Processado-Em
True-Client-Country-4JS
X-Nf-Request-Id
X-Vtex-Remote-Cache
X-AIR-PT
GeoIP-Country-Code
X-SERVER-NAME
X-ApacheServer
NtCoent-Length
X-PERF
X-Node-Id
X-Request-Start
X-SD-PageType
Proxy-Connection
X-Op-Id-All
X-API-Version
X-Akamai-Pragma-Client-IP
X-LAGOON
Cdn
X-CLOUD-TRACE-CONTEXT
Cache-Key
X-FPC
Section-Origin-Responded
HIT
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Hit
Section-Io-Id
X-Webkit-Csp-Report-Only
DT-Hot-News
X-Mly-Id
X-GeoIP-Country-Code
X-GeoIP-Region-Code
ENV
X-Render-Time
X-Geo
XkeyRZ
X-Via-CDN
X-Proxy-CacheRZ
DynaTrace
X-Platform-Processor
X-Platform-Router
X-WA
X-Platform-Cluster
X-Dw-Trace-Id
X-Edge-POP
X-HN
X-Lb-Id
Server-Id
YJS-ID
PFcat
X-ServedByHost
X-Via-Ucdn
X-VarnishDD-TTL
WWW-Authenticate
X-Traceid
X-Date
User-Agent
X-Proxy-Upstream
Lb
X-Accel-Expires-Debug
X-Datacenter
XM
X-Cdn-Forward
X-Via-PopN
X-Via-PopH
X-LiteSpeed-Cache-Control
X-RAMCache
X-Proxy-Cache-Hk
X-Via-PopV
Server-Ttl
Yjs-Id
X-FORWARDED-FOR
Dnion-Transfer-Encoding
X-Li-Fabric
X-Cache-Ttl
Geoip-Latitude
X-Li-Pop
X-CUA
MIME-Version
X-CF-Powered-By
SRV
X-LiteSpeed-Tag
X-TT-LOGID
X-LI-Proto
X-LI-UUID
X-Instance-Name
X-Response-By
X-Service-Response-Time
X-Old-Content-Length
Sm-Log-Id
Location
X-DSS
X-DI
X-DB
PICS-Label
X-DW
X-RPS
X-RPM
X-RSL
M-TraceId
Ohc-File-Size
X-Ftr-Request-Id
X-Cache-Backend
X-Fastly-Backend-Reqs
FSS-Cache
Vha6-Origin
X-Nc
X-Akamai-ERRuleID
XServer
X-Akamai-ERPolicy
Nginx-CQVIP
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-UA
X-Litespeed-Cache-Control
X-IN-APIGATEWAY
X-Mg-Cache
Powered-By
X-Akamai-Request-ID
X-Cc-Via
X-IN-APIGATEWAYSSL
X-HostName
X-Cdn-Request-ID
X-Request-Url
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-Httpd
X-HA-Backend
Wpo-Cache-Status
X-Lb-Nocache
Wpo-Cache-Message
CountryCode
Warning
X-Cache-Ngx
Locid
Fastcgi-Cache-Ttl
Req-ID
Srvid
X-Webstats-RespID
X-FL-EDGE
X-From
X-DataCenter
X-Moov-Xdn-Version
X-Server-IP
Ohc-Cache-HIT
Uri
X-Serial
X-Moov-T
WZWS-RAY
X-Snapshot-Date
X-MiniProfiler-Ids