Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
CF-Ray
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-ID
X-Request-Id
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
P3p
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
X-Proxy-Cache
Keep-Alive
X-Ua-Compatible
X-Server
X-Ws-Request-Id
X-Age
Host-Header
Cf-Edge-Cache
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Apo-Via
X-WebKit-CSP
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Server-Id
EagleEye-TraceId
X-Ruxit-JS-Agent
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
X-Backend-Server
Request-Id
X-Cache-Spec
X-Cache-Lookup
X-HW
X-Content-Security-Policy-Report-Only
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Trace
Accept-Ch-Lifetime
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
Accept-CH-Lifetime
X-Country
X-Litespeed-Cache
X-Mcache
X-Content-Type
Content-Location
X-MS-InvokeApp
X-CST
X-Clacks-Overhead
X-Url
X-PC
X-Vname
X-TtlSet
X-Amz-Server-Side-Encryption
Rating
X-Midtier
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-VARITI-CCR
Verso
Origin-Trial
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Rack-Cache
X-Server-Name
X-Ac
X-Powered-By-Plesk
X-GitHub-Request-Id
Service-Worker-Allowed
X-Cnection
X-ECACHE
X-Amz-Rid
X-Client-IP
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
Xkey
X-Ttl
X-Abt-Application-Version
Edge-Control
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-NWS-LOG-UUID
X-B3-TraceId
X-Upstream
Arr-Disable-Session-Affinity
X-Cached
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Mg-S
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-Varnish-TTL
X-Px
X-Cache-Key
Display
Pagespeed
X-Sol
X-Middleton-Display
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
Edge-Cache-Tag
X-Forwarded-For
X-Country-Code
X-Goog-Hash
X-Webkit-Csp
X-Correlation-Id
X-NF-Request-ID
Content-MD5
TCN
X-Powered-CMS
Front-End-Https
X-Id
AR-Request-ID
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-SID
X-Version
Public-Key-Pins
X-RateLimit-Remaining
X-HP-Trace-Id
X-Jurisdiction
Accept-Ch
X-HP-Webp
X-T
X-MSEdge-Ref
X-Content-Digest
X-Ser
X-Recruiting
X-Ratelimit-Limit
X-Amzn-Trace-Id
X-Middleton-Response
Response
X-Accel-Expires
X-Daa-Tunnel
TP-L2-Cache
TP-Cache
X-Shield-Request-Id
X-XRDS-Location
MicrosoftSharePointTeamServices
Nginx-Cache
S
Cache-Status
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Request-Received
X-HS-Hub-Id
X-Request-Processing-Time
Server-Node
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
Cache-Tags
X-Distributor
X-Hits
X-PressLabs-Stats
Cross-Origin-Opener-Policy
X-Kinsta-Cache
X-Edge-Location-Klb
X-LB-Cache
X-Origin-Server
X-Ratelimit-Remaining
Fastcgi-Cache
X-Ratelimit-Reset
X-Ua-Browser
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Alternate-Protocol
X-Grace
X-Fastcgi-Cache
Server-Name
Filterid
X-DIS-Request-ID
X-Frontend
X-Request-Handler-Origin-Region
X-Microsite
X-Rid
X-Hostname
X-Protected-By
X-Geo-Country
X-LLID
Healthy
X-FB-Debug
X-Fastly-Request-ID
X-Logged-In
Payment
Cleartype
X-Varnish-Backend
X-Debug-Info
X-Git-Hash
X-Forwarded-Proto
X-Www-Served-By
X-Load-Cache
X-Page-Id
X-NGENIX-Cache
X-Cluster-Name
X-DataDome
X-ASPNET-VERSION
DC
X-ECache
MS-Author-Via
X-Origin-Cache
Realpath
Charset
X-TTL
Content-Disposition
Access-Control-Allow-Method
X-B3-Sampled
X-GUploader-UploadID
X-Goog-Metageneration
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-F-Cache
X-Proxy
X-Az
X-AppVersion
X-Activity-Id
X-B3-Traceid
X-Seen-By
X-Amz-Replication-Status
X-Amz-Meta-S3cmd-Attrs
Retry-After
X-Azure-Ref
X-Server-ID
Paypal-Debug-Id
X-Cache-Age
X-Fb-Rlafr
Count-Hit
Cross-Origin-Resource-Policy
X-Whom
X-Type
Surrogate-Key
X-Revision
Viewport
X-Contextid
X-Signature
X-B
X-Hosted-By
X-Wix-Request-Id
X-Aspnetmvc-Version
X-Varnish-Server
X-B-Cache
X-App-Environment
X-Is-Crawler
X-Request-Guid
X-Flags
X-Akamai-Edgescape
X-Route-Name
X-Aspnet-Duration-Ms
X-Providence-Cookie
Accept-Charset
X-TT
X-DynaTrace
X-VCache
X-Language
Amp-Access-Control-Allow-Source-Origin
X-Source
X-App-Server
X-Fastly-Request-Id
X-Cache-Control
X-Mobile
Referer-Policy
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Magnolia-Registration
X-Times
X-Envoy-Decorator-Operation
Host
X-Varnish-Grace
Version
X-Varnish-Ttl
X-N
X-Cache-Rule
X-Oneagent-Js-Injection
WPO-Cache-Status
X-HTML-Minification-Powered-By
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
WPO-Cache-Message
X-Varnish-Age
X-Tumblr-Pixel
X-Tt-Trace-Host
X-EdgeConnect-Cache-Status
X-Original-Request-Id
X-Response-Served-From
X-Tumblr-Pixel-1
X-Tt-Trace-Tag
X-Tumblr-User
Refresh
X-Tumblr-Pixel-0
Access-Control-Request-Headers
X-RTag
X-Cache-Status-Check
MS-CV
Ms-Operation-Id
X-Rule
X-Cache-Time
X-UUID
SD-X-WS
X-Framework
X-User-Agent
Section-Io-Cache
GEO-INFO
X-ProcessESI
X-RemovedCookies
X-Content-Powered-By
X-FW-Hash
X-Jobs
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Type
X-Status
X-FW-Version
X-FW-Dynamic
Akamai-GRN
X-Cache-Grace
X-Backend-Name
Protected
VIX-Pulpo-Node
X-Ruxit-Js-Agent
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
X-Environment-Context
X-G
X-L-Path
X-Drupal-Cache-Tags
From-Origin
X-Device-Type
X-Cache-Expired-At
X-Instance
X-Page-View
X-Akamai-Request-ID2
X-Amz-Apigw-Id
X-RateLimit-Limit
X-Http-Reason
X-Servername
Url
X-Drupal-Cache-Contexts
X-NYM-Debug-Backend
X-Amzn-RequestId
X-Adobe-Loc
NGB
X-Is-Bot
X-Adobe-Content
X-Trace-Id
X-Rendered-As
X-Region
SRV
CDN-RequestId
X-Nginx-Cache
X-Template
Front
X-CDN-Forward
X-Unique-Id
Accept-Language
X-XRDS-LOCATION
X-Debug-IsPreview
X-Debug-IsConnected
X-Yottaa-Metrics
X-Content-Options
X-Yottaa-Optimizations
X-Cache-Hit
Backend
Fastly-SWR
Fastly-SIE
Country
X-Zen-Fury
Liferay-Portal
X-Air-Trace-Id
X-Air-Source
X-Newrelic-App-Data
X-Air-Hostname
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Pinterest-Generated-By
X-Mode
Pinterest-Version
X-Tb
X-COUNTRY
Content-Secure-Policy
X-Cache-Operation
Meta-Geo
X-Tumblr-Pixel-2
X-Cache-Server
S-Rt
Onion-Location
X-Rewrite-Enabled
X-Content-Age
X-RN-RSRV
Webserver
X-UPSTREAM-Address
X-Proxy-Cache-Info
X-Generation-Time
Filters
Uber-Trace-Id
X-Amzn-Remapped-Content-Length
X-Rocket-Nginx-Serving-Static
X-Tt-Logid
X-Real-IP
Cache-Hits
X-Proxy-Build
X-Section
X-Node-Name
X-Web-Node
CF-IPCountry
X-IPS-LoggedIn
X-Locale
Azure-SiteName
Azure-InstanceId
X-Timing-Wait
X-PHP-Backend
Azure-RegionName
X-Access
Selected-Fe
Azure-Version
X-Time
Azure-SlotName
X-Format
X-Edge-Location
X-Origin-Hint
X-Ms-Version
Webcakes-App-Name
Node
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
X-Uri
X-Debug
X-Ms-Request-Id
X-Forwarded-Host
TWC-GeoIP-Country
X-Cluster-Node
X-UA-Device-Type
ServedBy
X-Skip-Cache
X-Sql-Count
X-Sql-Duration-Ms
X-Sucuri-Cache
X-Site-Version
X-Server-W
Webcakes-Region
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Proto
X-Sucuri-ID
Property-Id
Cache-Name
X-Varnish-Beresp-Grace
X-R9-Blue-Green-Version
TWC-Connection-Speed
Webcakes-App-Version
TWC-Device-Class
X-Cache-TTL-Remaining
X-BYPASS-REASON
ServerID
DB-Nickname
Cross-Origin-Window-Policy
X-Via-Fastly
X-Origin-Date
X-URL
X-Labrador-Cache-Channel
X-Ua
X-PHP-Host
X-Tumblr-Pixel-3
X-Routing-Service
X-TIME
X-Soup
X-Webkit-CSP
X-Cache-Host
X-Reqid
X-VC-Cache
X-Proxied
Web-Mar-Node
X-Handled-By
X-Extlb
X-Proxy-Cache-Status
X-Cache-Action
X-ProxyCache-Key
X-Zipkin-Id
X-ProxyCache-Status
X-Adobe-Source
X-WP-CF-Super-Cache-Cache-Control
X-LAGOON
X-LJ-Flow-ID
X-VWS-Id
X-SaId
X-JoinUs
X-IPLB-Request-ID
X-Cluster
X-WP-CF-Super-Cache
X-FB-TRIP-ID
X-IPLB-Instance
X-AWS-Id
X-Cms-Context
Mn-Server-Ip
X-App-Version
X-Optimistic-Header
X-Xfnlog-Site
X-No-Session
Apigw-Requestid
X-Urbn-Site-Id
X-Urbn-Context-Path
Countrycode
Locale
Fastcgi-Useragent
X-ARC
X-GeoCode
X-GeoCountry
X-Tec-Api-Version
X-Tec-Api-Root
WP-Super-Cache
X-Tec-Api-Origin
X-LSADC-Cache
Mime-Version
X-Buckets
X-Detected-As
Source
Cache-Tv-Group
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestCountryCode
Upgrade-Insecure-Requests
X-Director
CDN-Cache
CDN-Uid
X-Hl-Ver
X-Varnish-Hits
X-Mg-Request-UUID
Fastly-Drupal-HTML
X-Generated-By
X-Request-Time
X-Redis-Cache
Frame-Options
X-GEO
X-FireWall-Port
X-Webkit-CSP-Report-Only
X-Loop
X-Cache-Debug
CF-Cached-On
Xet-Cookie
X-Tx-Id
X-Varnish-Cache-Hits
X-Origin-TTL
X-Origin-CC
X-Varnish-Hostname
X-Pass-Why
X-RM-Cache-TTL
X-Sorting-Hat-ShopId
X-Api-Version
X-Sorting-Hat-PodId
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-TA-CDN-Provider
X-SRV
X-ServerID
X-TNCMS
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Parent-Id
Load-Balancing
X-Akamai-Transformed
X-Newrelic-Synthetics
X-Service
X-Pubstack
X-Served-From
X-Request-Host
X-Endurance-Cache-Level
Xserver
Server-Info
X-Correlation-ID
X-Location
X-A
BehaviorPad-Version
X-Gdpr
X-A-Ccd
X-A-Dam
X-External-Request-Id
X-A-Dcw
Edge-Cache
X-Generated-On
X-Cdn-Origin
X-Cache-Date
WWW-Authenticate
Cache-Host
X-Cache-Info
X-Bip
X-Epic-Correlation-Id
X-Cache-NE
X-A-Wwc
X-Vdms-Path
X-BBC-Edge-Cache-Status
X-B-Cookie
X-Core-Mission
X-Bc-Bl
Thinkindot-Control
X-Destination
X-CUA
X-Developer
X-Conf
A
X-Ec-GeoHdr
X-Aed
X-CMSURLCustom
X-BCube-Filmed-By
X-Ec-Fail
X-A-Dgt
X-Application
X-D
X-Httpd
X-Rojux
X-Rocket-Build-Number
X-S
X-S-Cookie
X-ScT
X-S-Maxage
Release
Host-ID
Lang
Meta-Geo-Continent
X-Platform-Router
Rendered-Blocks
X-Processor
Redirect-Candidate
Xc-Version
X-SVT-ORM-RULES
X-SRCache-Key
X-SVT-ORM-VERSION
X-Test
X-Thinkindot-L3
X-Thanos
X-Sn-Servicetimems
Odigeo-Trace-Id
Origin
MD5-Digest
X-Sigma
X-Sigma-Backend
Country-Code
DCR-Decision-By
Memcached
X-Mid
X-Loc
X-Mobile-URL
X-Vdms-Version
Surrogated-Key
T-Server
X-Level-Front-Cache
TDXMobile
Thinkindot-CacheControl-Type
X-Hash
X-TIM-N
Thinkindot-CacheControl
Candidate-Md5Url
X-INCAP-ABP
X-Nyt-Route
Sslversion
DCR-Processing-Time-Ms
Ngx.Var.Host
X-Platform-Cluster
X-Platform-Processor
DSUID
Req-Svc-Chain
X-Origin-Time
X-We-Are-Hiring
Gannett-Cam-Experience-Id
X-Restarts
X-CSRF-Token
X-Storage
Mail-Subject
X-Accel-Expires-Debug
Magicmarker
We-Hiring
X-JWT-State
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Var-Ttl
X-Varnish-Beresp-Status
X-Server-IP
X-SD-PageType
X-Origin-Response-Time
X-Pool
X-Region-Sid
X-Varnishpool
X-Vmg-Version
Server-Host
X-Akamai-Device-Characteristics
X-Men
X-Origin
NM-Fastcgi-Cache
X-WP-CF-Super-Cache-Active
X-VServer
X-WADP-Cache
X-Worker
X-Org
X-Node-Id
X-Dispatcher-Number
X-Fastly-Backend
X-Fastly-Cache
X-Fetched-On
X-Developers
X-Date
X-Cache-Bucket
X-CacheTTL
X-Clara-WADP
X-Fmm-Version
X-Gamma-Serve
X-Human
X-Is-Gdpr
Gh-Request-Id
X-Mvc-Supplant-Cachable
X-HS-Content-Campaign-Id
X-Has-Esi
X-Geo-Header
X-GeoIP
X-GeoIP-City
X-Auto-Login
X-Cdn-Srv
CacheControlHeader
Fastly-Backend-Name
Apple-News-Services-Handled
C-Via
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Section-Io-Id
Fastly-GeoIP-CountryCode
AKAMAI
X-B3-Spanid
CloudFront-Viewer-Country
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Cache-Key
X-Varnish-Beresp-Ttl
X-Parent-Response-Time
X-VarnishDD-TTL
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
Tube-Return
X-Accel-Buffering
X-WA-Info
X-Varnish-CookieHashed-On
Wxu-Next-Hostname
Wxu-Next-Commit
Web-Mar-Region
User-Cache-Control
Wxu-Next-Region
X-Op-Id-All
X-Frame-Option
X-Gen-Mode
X-Cache-Tags
X-HN
X-Forwarded-Site
X-FC-Vary-Parameters
X-DefHash
X-DefElseHash
X-Ec-Custom-Error
X-Core-Value
X-Hnp-Log
X-Irp-Debug
X-Device-Os
X-Azure-Ref-OriginShield
X-Qloud-Router
X-Req
X-Nginx-Cache-Key
X-NCache
X-LB-NoCache
X-Mly-Id
X-Block-Status
X-NWS-UUID-VERIFY
Tube-Got-Results
Origin-EX
Origin-CC
Cmstype
On-Server
Tube-Got-Eval
PFcat
X-Dispatcher-Server
X-Esi-Check
X-Gzip
Datacenter
X-NodeID
L
Kp-EeAlive
X-Scale
X-Variation
X-Request-Start
Machine
X-Origin-Expires
NGX
X-Platform
Cmsid
X-Instance-Name
Is-Eu
Platform
State
Ssr
X-Wix-Viewer-Type
X-Cache-Id
Canary
Cache-Provider
Adler-Geo
CDCHOST
Click-Count-Action-Start
Click-Count-Error
Tube-Get-Contents
Server-Ext
Server-Hostname
Sever-Int
Vix-Hermes-Req-Id
X-Ad-Defer-Variation
X-Release
X-Response-By
X-DPWN-IS-SECURE
X-V-Cache
X-Eu-Site
X-GeoIP-Region-Code
X-Minions-Version
X-Old-Content-Length
X-Platform-Server
X-Cache-FS-Status
X-Owner
X-GeoIP-Country-Code
Environment
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Provided-By
X-SB
Producers
HA-Ipaddr
Ha-Gx-Prefs
X-Ckpd-Fst-Backend
X-Cache-Remote
X-CGP
X-App
X-Csrf-Jwt
L5d-Success-Class
Fastly-SSL
X-Air-Pt
HostName
X-CACHE-AGE
Decoy-Debug-TTL
Locid
X-Refresh
Expect-Staple
Srvid
X-Nananana
X-FL-EDGE
X-Mvc-Supplant-OutputCached
X-Microcachable
X-Aicache-OS
X-FL-QIT-DEBUG
Cluster
Decoy-Debug-Status
Decoy-Debug-Key
Pics-Label
X-Cache-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-Via-CDN
X-Dc
X-Tid
GeoIP-Latitude
X-Vcl-Version
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
Env
X-Cache-Enabled
X-RCS-CacheZone
X-ND-Cache
X-From
X-Zone
X-DC
Sid
X-Trace-ID
X-VC
X-Up
X-Servedbyhost
X-Generated-In
Time
Memory
NtCoent-Length
X-Srv
X-Debug-Cache-Store
X-Lambda-Id
X-Edge-Pop
X-Debug-Cache-Fetch
X-Cached-By
Svr
Cache
X-Cs
X-Via-Poph
X-Via-Popn
SID
X-AIR-PT
X-ZONE
X-Via-Popv
X-Nc
X-DataCenter
X-HS-Status
X-NewRelic-App-Data
X-Nf-Request-Id
X-Vgn-Hpd-Cached
AMP-Access-Control-Allow-Source-Origin
Fastly-Drupal-Html
X-Vgn-Hpd-Ssi
X-HA-Backend
VNS-Age
CPC-Cache
X-Vgn-Hpd-Variations-Key
X-Presslabs-Stats
X-Wa
CPC-Age
VNS-Cache
X-Vtex-Remote-Cache
X-VCT
X-Esi
X-Render-Time
X-Vc
Cdn
Server-ID
X-CCDN-CacheTTL
X-Client-Ip
X-LB-ID
X-CLOUD-TRACE-CONTEXT
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-TH-Server
X-Upstream-Ct
X-Upstream-Ht
GeoIp-Country-Code
X-Check-Cacheable
X-B3-SpanId
X-Cache-Type
Cdncip
Cdnsip
X-Amz-Meta-Cb-Modifiedtime
X-ATG-Version
X-AK-Request-ID
X-Gateway-Skip-Cache
X-Fpc
Hostname
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Via-JSL
X-Gateway-Request-Id
X-Proxy-CacheRZ
XkeyRZ
Uri
X-Via-NSCOPI
X-Contensis-Viewer-Groups
True-Client-IP
X-NGINX-Cache
X-Cache-ASPX
X-Varnish-Authentication
X-API-Version
Srv
M-TraceId
X-Varnish-Beresp-TTL
XServer
X-EC-Lua
X-Datadome
X-CS
X-CSRF-TOKEN
X-RateLimit-Limit-Second
Esi-Enabled
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-RateLimit-Remaining-Second
Eomportal-Instance
X-CF-Lambda-Version
True-Client-Ip
X-Udemy-Cache-App-Namespace
X-MP-GENERATED-AT
X-FPC
Resin-Trace
X-MSEdge-Features
X-MSEdge-Flight
OT-Force-Account-Verify
CDN
Ngx-Var-Key
X-Micro-Cache
X-Wikidot-Backend
X-CDN-Cache-Status
X-Wikidot-Static-Cache
N-Cache
YJS-ID
Request-ID
X-Shop-Environment
GeoIP-Country-Code
X-Tenant
X-Forwarded-Path
RNT-Machine
X-APP-VERSION
RNT-Time
X-Fastly-Country-Code
X-Bl-Debug
Path
X-Orig-Expires
X-TX-ID
X-SIPLIST1
X-Cache-NGX
IsBot
X-Request-URI
Server-Id
X-Cache-Ttl
Sm-Log-Id
X-Policy
X-App-Name
X-B3-Trace-ID
X-Service-Response-Time
LB
X-VCL-Version
X-Lb-Id
X-Info
X-Ha-Backend
Lb
X-Accel-Version
X-MCACHE
X-WA
X-Datacenter
Cross-Origin-Opener-Policy-Report-Only
X-Pod-Name
X-RateLimit-Reset
X-Edge-POP
HIT
X-Geo
Location
Hit
X-Via-PopV
X-Via-PopN
X-Vcache
X-Via-PopH
X-SERVER-NAME
X-Cdn-Cache-Status
X-NC
Ohc-File-Size
X-Logging-Id
X-Akamai-Pragma-Client-IP
X-Snapshot-Date
X-CACHE-KEY
X-Srcache-Store-Status
Timeexpire
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
ENV
X-Xrds-Location
X-Cache-Expires
Proxy-Connection
X-Oss-Server-Time
X-Cdn-Diag
FSS-Cache
X-Oss-Storage-Class
X-Oss-Request-Id
Servername
Pramga
X-Srcache-Fetch-Status
X-Cdn-Request-ID
X-Git-Commit
X-Container-Uri
X-Ctl-Mach
Yjs-Id
Req-ID
X-ServedByHost
Epwk-X-Cache
X-TimeS
WZWS-RAY
X-Cdn-Forward
X-UP
X-Fastly-Backend-Reqs
X-Hyper-Cache
X-LiteSpeed-Cache-Control
X-Amz-Meta-Opti
X-Tncms
X-VG-WebCache
X-Scheme
X-Serial
Geoip-Latitude
X-Dw-Trace-Id
XM
X-M-Reqid
X-M-Log
Warning
X-Rebelmouse-Cache-Control
X-MiniProfiler-Ids
X-Rebelmouse-Surrogate-Control
X-Acquia-Purge-Cdn-Unconfigured
Cdn-Requestid
Ec-Rule-Version
X-Acquia-Site
X-Lb-Nocache
X-Iauth-Set-Uid
X-Qnm-Cache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Moov-T
V-Age
X-TraceId
True-Client-Country-4JS
X-Swift-Error
Cneonction
Traceparent
Content-Script-Type
Content-Style-Type
CDN-RequestPullCode
X-RAMCache
X-Moov-Xdn-Version
X-B3-Parentspanid
CDN-RequestPullSuccess
X-F-Status
CountryCode
X-Lsadc-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-TT-LOGID
X-Litespeed-Cache-Control
Ohc-Cache-HIT
X-Clientip
X-Mg-Cache
X-Mid-Debug-Cache-Key
X-ApacheServer
MIME-Version
My-App
X-IPS-Cached-Response
Inserted-Into-Cache-At
X-Viewer-Country
X-B3-ParentSpanId
X-Request-URL
X-LiteSpeed-Tag
X-Cache-Ngx
X-Fastly-Cache-Hits
X-Mid-Debug-Cache-Disk
X-Th-Server
X-PERF
Ngx
X-Webstats-RespID