Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
X-Ua-Compatible
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
X-Cache-Group
Server-Timing
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Backend
X-Amz-Id-2
X-Proxy-Cache
X-Ws-Request-Id
P3p
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Akamai-Path-Stats
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
X-Device
X-WebKit-CSP
X-Page-Speed
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-OneAgent-JS-Injection
X-Server-Id
X-Pingback
EagleEye-TraceId
X-Cache-Spec
Request-Id
Surrogate-Control
Accept-CH
Cf-Railgun
X-Akam-SW-Version
X-Backend-Server
X-Readtime
X-Cache-Lookup
X-Response-Time
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-Country
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
Accept-Ch-Lifetime
X-Edge
X-Amz-Server-Side-Encryption
X-MS-InvokeApp
X-Rack-Cache
Edge-Control
X-TtlSet
X-PC
X-Vname
X-B3-TraceId
X-Ruxit-JS-Agent
X-Nginx-Upstream-Cache-Status
X-Content-Type
X-Vcap-Request-Id
X-ESI
X-Mod-Pagespeed
X-Varnish-TTL
Xkey
Accept-Ch
X-FastCGI-Cache
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-Kinja-Build
X-D2id
X-Amz-Rid
X-VARITI-CCR
Verso
X-GitHub-Request-Id
Cache-Tag
X-Powered-By-Plesk
X-CST
RTSS
X-Mcache
X-ECACHE
X-Ruxit-Js-Agent
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Upstream
X-Cached
X-Client-IP
X-Navigation-Version
X-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Px
X-Cnection
X-Ac
Public-Key-Pins
X-Instrumentation
X-Kraken-Loop-Name
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
SPRequestGuid
X-Element-Page-Cache
X-SharePointHealthScore
X-Server-Name
X-Ser
Pagespeed
Display
X-Middleton-Display
X-Sol
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-NWS-LOG-UUID
X-Country-Code
X-Ttl
X-RateLimit-Remaining
Permissions-Policy
X-Midtier
X-Cache-Key
X-NF-Request-ID
X-Middleton-Response
Response
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-Forwarded-For
Access-Control-Request-Method
Content-MD5
X-DataDome
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
Front-End-Https
X-MSEdge-Ref
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Correlation-Id
X-Recruiting
TP-L2-Cache
X-T
Edge-Cache-Tag
TP-Cache
X-Jurisdiction
X-Powered-CMS
X-HP-Webp
Nginx-Cache
X-HP-Trace-Id
AR-SID
AR-ATIME
AR-Request-ID
X-Accel-Expires
AR-CACHE
AR-PoweredBy
X-RateLimit-Limit
X-Daa-Tunnel
MicrosoftSharePointTeamServices
TCN
MRF-Tech
X-Grace
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mg-S
X-Id
X-Hits
X-Content-Digest
Filters
X-Request-Processing-Time
X-Request-Received
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
Server-Node
Server-Name
X-Frontend
X-Amzn-Trace-Id
S
X-LLID
X-Distributor
X-TTL
MS-Author-Via
X-Geo-Country
X-Language
Cache-Status
X-Protected-By
Fastcgi-Cache
X-LB-Cache
Cf-Apo-Via
X-PressLabs-Stats
X-Origin-Server
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-F-Cache
X-Fastly-Request-Id
X-Ezoic-Cdn
X-Page-Id
X-B3-Sampled
X-Seen-By
X-Microsite
X-Request-Handler-Origin-Region
X-FB-Debug
Charset
Filterid
Host
X-Ua-Browser
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Ab
X-Git-Hash
Count-Hit
Payment
X-Litespeed-Cache
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
Realpath
X-Cluster-Name
X-VCache
X-Template
X-Origin-Cache
Accept-Charset
Surrogate-Key
Cache-Tags
X-Rid
X-Cache-Age
Alternate-Protocol
X-NGENIX-Cache
X-Webkit-Csp
X-DynaTrace
Retry-After
X-AppVersion
Cleartype
X-Az
X-Activity-Id
X-Www-Served-By
X-Fastcgi-Cache
Access-Control-Allow-Method
X-Varnish-Backend
X-Amz-Replication-Status
X-Is-Crawler
X-App-Environment
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-B-Cache
X-Route-Name
X-Node-Name
X-Request-Guid
X-Signature
X-DIS-Request-ID
X-Varnish-Grace
X-Wix-Request-Id
X-TT
X-Flags
X-Type
X-Tb
X-Upgrade-Enabled
X-B
ServerID
DC
X-Logged-In
Paypal-Debug-Id
X-Drupal-Cache-Tags
X-Debug
X-Proxy
X-Envoy-Decorator-Operation
X-Fastly-Request-ID
X-Source
X-Hostname
Frame-Options
X-Content
X-Mobile
X-Tt-Trace-Tag
X-Content-Options
X-Tt-Trace-Host
X-Revision
X-Load-Cache
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Contextid
X-Goog-Storage-Class
Amp-Access-Control-Allow-Source-Origin
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-N
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Cache-Control
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Country
X-Cache-Rule
X-Magnolia-Registration
Referer-Policy
X-User-Agent
Viewport
X-Whom
X-EdgeConnect-Cache-Status
X-Response-Served-From
NGB
Refresh
X-Original-Request-Id
Node
Content-Disposition
X-Ratelimit-Remaining
X-L-Path
X-Framework
X-Cacheable-TTL
X-Environment-Context
X-Cache-TTL-Remaining
Access-Control-Request-Headers
X-Varnish-Age
X-Debug-IsConnected
X-Debug-IsPreview
X-Cache-Time
VIX-Pulpo-Node
Url
Uber-Trace-Id
Akamai-GRN
VIX-Pulpo-Upstream-Status
X-Adobe-Content
X-Akamai-Request-ID2
X-Adobe-Loc
X-Cache-Grace
X-G
X-NYM-Debug-Backend
X-Mid
X-Page-View
X-Real-IP
X-Rendered-As
X-Status
X-Mg-Request-UUID
X-Unique-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Server
X-Instance
X-Jobs
X-Is-Bot
X-Servername
X-Restarts
X-Content-Powered-By
X-Server-ID
X-Drupal-Cache-Contexts
X-ProcessESI
X-RemovedCookies
X-COUNTRY
Version
X-APP-VERSION
X-App-Server
Srv
Countrycode
X-Http-Reason
X-Debug-Info
X-CDN-Forward
X-XRDS-LOCATION
Protected
Accept-Language
X-IPLB-Instance
X-IPLB-Request-ID
X-Via-JSL
X-Hosted-By
X-Cache-Expired-At
X-Trace-Id
X-Nginx-Cache-Key
X-Time
Healthy
X-Cache-Hit
X-Ratelimit-Limit
Liferay-Portal
X-Device-Type
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Azure-Ref
X-Tt-Logid
Fastcgi-Useragent
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-Backend-Name
Section-Io-Cache
X-Cache-Operation
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cache-NGX
MS-CV
Backend
Content-Secure-Policy
Ms-Operation-Id
X-RTag
X-UUID
Server-Info
X-Proxy-Cache-Status
X-Mobile-URL
X-RN-RSRV
X-UPSTREAM-Address
X-Storage
Load-Balancing
Meta-Geo
X-Mode
X-Akamai-Edgescape
GEO-INFO
CF-IPCountry
X-Handled-By
X-Content-Age
Web-Mar-Node
X-Forwarded-Host
TWC-Connection-Speed
Webcakes-App-Name
X-Labrador-Cache-Channel
TWC-Privacy
TWC-GeoIP-LatLong
Webcakes-Region
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Device-Class
Azure-InstanceId
CDN-RequestId
CDN-Uid
CDN-RequestCountryCode
Onion-Location
CDN-EdgeStorageId
CDN-PullZone
X-Adobe-Source
X-Cache-Host
X-Alternate-Cache-Key
Locale
X-AWS-Id
Eomportal-Instance
X-Cache-Enabled
CDN-CachedAt
Property-Id
Azure-SiteName
Azure-SlotName
Azure-RegionName
X-Cms-Context
X-Edge-Location
Azure-Version
X-Cache-Server
X-Urbn-Context-Path
S-Rt
X-Access
WP-Super-Cache
CDN-Cache
X-Format
X-Say-Cacheable
X-Skip-Cache
X-Sql-Count
X-Sorting-Hat-PodId
X-PHP-Host
X-Sql-Duration-Ms
X-Proto
X-VC-Cache
X-Origin-Date
X-Storefront-Renderer-Rendered
X-Site-Version
X-PHP-Backend
Webcakes-App-Version
X-URL
X-Varnishpool
X-VWS-Id
X-Origin-Hint
X-Sorting-Hat-ShopId
X-Varnish-Hostname
X-PCL
X-LJ-Flow-ID
X-HTML-Minification-Powered-By
X-ShopId
X-Shopify-Stage
X-Region
X-Uri
X-Say-TTL
X-Redis-Cache
X-Urbn-Site-Id
X-Locale
X-No-Session
X-Section
X-SayCDN-TTL
X-ShardId
X-Varnish-Cache-Hits
X-Server-W
X-OCL
Cross-Origin-Resource-Policy
X-UA-Device-Type
X-Timing-Wait
DB-Nickname
Mn-Server-Ip
X-BYPASS-REASON
X-Proxied
X-Datadome
Selected-Fe
X-ProxyCache-Key
X-Proxy-Build
X-ProxyCache-Status
X-Cache-Type
X-ServerID
X-Generated-By
X-Cache-Action
X-Via-Fastly
X-Request-Time
X-Generation-Time
X-Hl-Ver
X-Rule
X-GeoCountry
X-GeoCode
X-FB-TRIP-ID
X-Extlb
X-SaId
X-Zipkin-Id
X-Xfnlog-Site
X-Web-Node
X-Routing-Service
X-Varnish-Beresp-Grace
X-Detected-As
X-JoinUs
Apigw-Requestid
X-SRV
X-Correlation-ID
X-Tid
X-Zen-Fury
X-Cache-Status-Check
X-Debug-Cache
X-R9-Blue-Green-Version
ServedBy
X-Ms-Request-Id
X-ECache
X-Ms-Version
X-Ua
X-LSADC-Cache
Cache-Name
X-DynaTrace-JS-Agent
X-FireWall-Port
X-Nginx-Cache
X-WP-CF-Super-Cache
Cache
X-Human
X-WP-CF-Super-Cache-Cache-Control
Xserver
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Tags
X-Dc
SD-X-WS
Source
Xet-Cookie
X-Cached-By
X-TNCMS
Cross-Origin-Window-Policy
X-Aspnetmvc-Version
X-Loop
X-RCS-CacheZone
X-Api-Version
LB
X-TA-CDN-Provider
X-Varnish-Hits
X-GEO
X-Cdn
X-MP-GENERATED-AT
WPO-Cache-Message
X-Webkit-CSP
WPO-Cache-Status
Origin
X-Reqid
X-Pubstack
X-App-Version
X-Origin-CC
X-Origin-TTL
X-Via-NSCOPI
X-Amzn-Remapped-Content-Length
X-Soup
X-NewRelic-App-Data
X-GG-Cache-Date
X-AOL-HN
From-Origin
X-B3-SpanId
X-Tumblr-Pixel-2
X-Service
X-IPS-LoggedIn
Webserver
X-TIME
X-Vgn-Hpd-Reason
X-FW-Version
Cache-Hits
X-Newrelic-Synthetics
X-Platform-Server
X-Provided-By
Rip
X-Cluster-Node
X-B3-Traceid
X-Varnish-Beresp-Ttl
X-Request-Host
Ngx.Var.Host
A
Meta-Geo-Continent
Sslversion
Odigeo-Trace-Id
MD5-Digest
Rendered-Blocks
BehaviorPad-Version
DCR-Decision-By
DCR-Processing-Time-Ms
Environment
Cdnsip
Cdncip
Expiry
Host-ID
Lang
X-AK-Request-ID
X-Rewrite-Enabled
X-Rojux
X-S
X-S-Cookie
X-Processor
X-PBS-Appsvrname
X-NAPM-TraceId
X-Orig-Expires
X-Owner
X-ScT
X-Served-From
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
Xc-Version
X-User
X-TIM-N
X-Shop-Environment
X-SRCache-Key
X-Tenant
X-Forwarded-Path
X-External-Request-Id
X-A-Dgt
X-A-Wwc
X-Aed
X-Application
X-A-Dcw
X-A-Dam
T-Server
X-A
X-A-Ccd
X-ARC
Upgrade-Insecure-Requests
X-Destination
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-D
X-Connection-Hash
X-Bc-Bl
X-BCube-Filmed-By
X-Cache-NE
Surrogated-Key
X-B-Cookie
OT-Force-Account-Verify
X-Accel-Buffering
X-Thanos
Fastly-SSL
X-Generated-On
Redirect-Candidate
X-Pool
X-Qloud-Router
X-Cluster
X-Dispatcher-Number
X-Aicache-OS
Mobile-Detection-Method
Machine
X-Level-Front-Cache
X-Bip
X-WA-Info
Cache-Tv-Group
Mime-Version
X-Origin-Response-Time
X-Gamma-Serve
L5d-Success-Class
X-Gateway-Cache-Key
Servername
X-Gateway-Cache-Status
Server-Host
X-Gateway-Request-Id
State
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
TDXMobile
X-Fetched-On
L
X-Gateway-Skip-Cache
X-Fmm-Version
X-Forwarded-Site
Release
Origin-EX
X-Gzip
X-GeoIP-City
Origin-CC
X-Has-Esi
NGX
NM-Fastcgi-Cache
X-Hash
X-GeoIP
Platform
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Gdpr
Mail-Subject
Memcached
X-INCAP-ABP
X-Geo-Header
Producers
Req-Svc-Chain
X-Esi-Check
X-Csrf-Jwt
X-Core-Value
X-Auto-Login
X-Core-Mission
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-DefHash
X-DefElseHash
X-Datadog-Trace-Id
X-BBC-Edge-Cache-Status
X-Clientip
X-Cache-Id
X-Cache-Info
X-Cdn-Srv
X-CacheTTL
X-CGP
X-Cache-Bucket
X-Clara-WADP
X-Branch-Name
X-Ckpd-Fst-Backend
X-Ad-Defer-Variation
X-Developers
Kp-EeAlive
V-Age
Vix-Hermes-Req-Id
VNS-Age
Tube-Return
Tube-Got-Results
X-Eu-Site
Tube-Get-Contents
Tube-Got-Eval
VNS-Cache
We-Hiring
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Device-Os
X-Epic-Correlation-Id
Wxu-Next-Region
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Hostname
Traceparent
X-Is-Gdpr
X-Request-URI
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Rocket-Build-Number
X-Rocket-Nginx-Serving-Static
X-Scale
X-SB
X-S-Maxage
X-CSRF-Token
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Planisys-CDN-TTL
IsBot
Apple-News-Services-Host
Apple-News-Services-Handled
X-Proxy-Cache-Info
Adler-Geo
X-Policy
X-Session-Fingerprint
X-Sigma
X-VG-TLSProxy
HostName
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Viewer-Country
X-VServer
X-Worker
X-Wix-Viewer-Type
X-WADP-Cache
X-Varnish-CookieHashed-On
X-Variation
X-Sn-Servicetimems
X-Slack-Backend
X-SIPLIST1
X-Sigma-Backend
X-SplitTest
X-SVT-ORM-RULES
X-V-Cache
X-Thinkindot-L3
X-SVT-ORM-VERSION
Cache-Host
X-Planisys-CDN-Rules
X-NodeID
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Planisys-CDN-Cache
Decoy-Debug-TTL
X-JWT-State
Is-Eu
X-Minions-Version
Fastly-Backend-Name
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
X-Loc
Fastly-SWR
Fastly-GeoIP-CountryCode
X-Cdn-Origin
Fastly-SIE
Decoy-Debug-Status
DSUID
Click-Count-Error
X-Origin-Expires
Cluster
Cmsid
Click-Count-Action-Start
X-Origin-Time
Candidate-Md5Url
X-Parent-Response-Time
X-Xrds-Location
Decoy-Debug-Key
Cmstype
Country-Code
X-Origin
X-Optimistic-Header
CPC-Cache
Datacenter
CPC-Age
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tx-Id
X-Tec-Api-Version
X-VC
X-NWS-UUID-VERIFY
X-Varnish-Beresp-Status
X-Cache-Remote
X-Fastly-Cache
X-Scheme
X-NCache
X-Hnp-Log
X-Gen-Mode
Svr
User-Cache-Control
CloudFront-Viewer-Country
AKAMAI
Sever-Int
Server-Ext
Server-Hostname
CDCHOST
Fastcgi-Cache-TTL
X-Block-Status
X-Presslabs-Stats
X-ZONE
Ec-Rule-Version
X-Varnish-Ttl
X-LB-NoCache
Canary
X-Pod-Name
X-CMSURLCustom
X-Udemy-Cache-App-Namespace
WebServer
X-Sucuri-ID
X-Sucuri-Cache
Ssr
Pics-Label
SID
X-Cache-Debug
X-WP-CF-Super-Cache-Active
X-MCACHE
X-Tb-Optimization-Total-Bytes-Saved
X-ATG-Version
X-Var-Ttl
X-Cache-Date
X-ND-Cache
X-Buckets
X-Ig-Push-State
Sid
X-Azure-Ref-OriginShield
Memory
X-Generated-In
Time
X-Fastly-Backend
X-Conf
X-Microcachable
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-FC-Vary-Parameters
AMP-Access-Control-Allow-Source-Origin
X-Edge-Pop
X-TRACE-ID
X-Servedbyhost
X-Refresh
X-Newrelic-App-Data
Server-ID
Fastly-Drupal-HTML
Fastly-Drupal-Html
X-MSEdge-Features
Env
X-Release
X-Dmc
X-Akamai-Transformed
X-MSEdge-Flight
X-Cs
X-Yandex-Sdch-Disable
X-CACHE-AGE
X-Trace-ID
X-Be
X-Fpc
X-NC
X-CS
X-DC
X-Pass-Why
X-Esi
X-PX
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
GeoIp-Country-Code
Magicmarker
X-Up
X-Endurance-Cache-Level
X-ID
X-Tumblr-Pixel-3
CDN
X-NGINX-Cache
X-Wa
X-Wikidot-Backend
X-RateLimit-Reset
X-Dispatch
X-EC-Lua
X-Wikidot-Static-Cache
My-App
True-Client-IP
X-Zone
X-TX-ID
X-Vc
X-Lambda-Id
X-VCL-Version
X-Hyper-Cache
X-CSRF-TOKEN
Hostname
X-Srv
X-Webkit-CSP-Report-Only
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Nf-Request-Id
X-CACHE-KEY
X-Micro-Cache
X-App
X-M-Reqid
X-M-Log
X-Alfa-Service
X-Req
Pramga
X-Qnm-Cache
C-Via
X-Vcl-Version
X-TrackingId
X-Air-Pt
N-Cache
X-Varnish-Beresp-TTL
Resin-Trace
X-LB-ID
X-TH-Server
X-HS-Status
CacheControlHeader
X-Edge-Origin-Shield-Region
Tcn
X-PAYTM-SRV-ID
X-Vercel-Cache
X-Vercel-Id
On-Server
X-Platform
Path
True-Client-Country-4JS
True-Client-Ip
Fastcgi-X-Cache-Version
X-Edge-Origin-Shield-Bytes
GeoIP-Country-Code
X-B3-Spanid
X-Op-Id-All
Tracecode
Esi-Enabled
X-SERVER-NAME
X-Check-Cacheable
X-Vtex-Processado-Em
GeoIP-Latitude
X-Akamai-Pragma-Client-IP
X-Vtex-Remote-Cache
Proxy-Connection
NtCoent-Length
X-CLOUD-TRACE-CONTEXT
X-AIR-PT
X-FPC
X-LAGOON
X-GeoIP-Country-Code
X-PERF
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Status
X-Node-Id
X-API-Version
X-SD-PageType
Hit
X-ApacheServer
Section-Io-Origin-Time-Seconds
X-Request-Start
X-GeoIP-Region-Code
X-Webkit-Csp-Report-Only
ENV
WWW-Authenticate
HIT
X-Accel-Expires-Debug
X-WA
X-Via-CDN
X-Platform-Router
X-Mly-Id
X-Datacenter
X-Date
Cache-Key
X-Geo
Cdn
X-Platform-Processor
X-Platform-Cluster
X-Edge-POP
XkeyRZ
Lb
X-ServedByHost
Server-Id
X-Render-Time
DT-Hot-News
User-Agent
DynaTrace
X-Lb-Id
X-RAMCache
X-Proxy-CacheRZ
YJS-ID
X-Cdn-Forward
Yjs-Id
X-Dw-Trace-Id
X-Via-PopV
X-Via-PopN
X-Via-PopH
XM
Server-Ttl
X-Traceid
X-VarnishDD-TTL
X-Via-Ucdn
PFcat
X-Proxy-Upstream
X-HN
Sm-Log-Id
X-Service-Response-Time
X-Response-By
X-LI-UUID
X-LI-Proto
X-Instance-Name
X-CF-Powered-By
X-Li-Pop
X-FORWARDED-FOR
X-TT-LOGID
X-Old-Content-Length
X-Cache-Ttl
X-Proxy-Cache-Hk
X-Li-Fabric
Geoip-Latitude
Dnion-Transfer-Encoding
X-CUA
CountryCode
X-LiteSpeed-Cache-Control
Powered-By
Location
Ohc-File-Size
PICS-Label
X-DB
X-DW
X-RPM
X-RSL
X-DSS
X-DI
X-Akamai-ERPolicy
X-RPS
X-Fastly-Backend-Reqs
X-LiteSpeed-Tag
Nginx-CQVIP
FSS-Cache
X-Akamai-ERRuleID
XServer
X-UA
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
MIME-Version
SRV
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
Srvid
X-Location
X-Webstats-RespID
X-From
X-FL-EDGE
Locid
X-Request-Url
X-Cache-Backend
M-TraceId
X-Ftr-Request-Id
Wpo-Cache-Message
X-Cdn-Request-ID
X-HostName
X-B3-ParentSpanId
X-Lb-Nocache
Wpo-Cache-Status
Vha6-Origin
X-Nc
X-Ips-Loggedin
Warning
X-Cache-Ngx
X-Varnish-Authentication
X-Mg-Cache
X-DataCenter
X-Moov-T
X-Cache-ASPX
X-Moov-Xdn-Version
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-MiniProfiler-Ids
Fastcgi-Cache-Ttl
Req-ID
X-Akamai-Request-ID
WZWS-RAY
X-HA-Backend
X-Cc-Via
X-Httpd