Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
CF-Ray
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Request-ID
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Generator
X-Check
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
Request-Context
X-Dns-Prefetch-Control
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-UA-Device
X-Cache-Group
X-Amz-Id-2
EagleId
X-AH-Environment
X-Backend
P3p
X-Proxy-Cache
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-OneAgent-JS-Injection
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Ua-Compatible
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
Cf-Apo-Via
X-Device
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Server-Id
X-Ruxit-JS-Agent
EagleEye-TraceId
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
Request-Id
X-Readtime
X-Backend-Server
Accept-Ch-Lifetime
X-Content-Security-Policy-Report-Only
X-HW
X-Cache-Lookup
X-Cache-Spec
X-Cloud-Trace-Context
X-Trace
X-Response-Time
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
Content-Location
X-Litespeed-Cache
X-Mcache
X-MS-InvokeApp
X-Content-Type
X-Url
X-Clacks-Overhead
X-PC
X-Vname
X-TtlSet
X-Midtier
X-Amz-Server-Side-Encryption
X-CST
Accept-CH-Lifetime
Rating
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-Rack-Cache
X-D2id
X-Element-Page-Cache
Origin-Trial
X-ECACHE
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
Verso
X-VARITI-CCR
X-Server-Name
X-Ac
X-GitHub-Request-Id
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-Cnection
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-Navigation-Version
Xkey
X-Abt-Application-Version
X-Ttl
Edge-Control
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-Upstream
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Cached
X-B3-TraceId
X-Mg-S
X-Dw-Request-Base-Id
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Browser-Type
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-NWS-LOG-UUID
X-Px
Accept-Ch
X-Middleton-Display
Pagespeed
Display
X-Sol
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-NF-Request-ID
X-Correlation-Id
Access-Control-Request-Method
X-Forwarded-For
Edge-Cache-Tag
X-FastCGI-Cache
X-Cache-Key
X-Goog-Hash
X-Country-Code
X-Webkit-Csp
X-Powered-CMS
X-Ser
Content-MD5
X-Id
Front-End-Https
AR-SID
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
Public-Key-Pins
TCN
X-Ratelimit-Limit
X-HP-Webp
X-HP-Trace-Id
X-Version
X-Jurisdiction
X-Amzn-Trace-Id
X-Content-Digest
X-MSEdge-Ref
X-T
X-Recruiting
X-Middleton-Response
Response
X-Accel-Expires
TP-Cache
TP-L2-Cache
X-RateLimit-Remaining
X-Shield-Request-Id
MicrosoftSharePointTeamServices
X-XRDS-Location
S
Cache-Status
X-Fastcgi-Cache
Nginx-Cache
X-Fastly-Request-ID
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
Cross-Origin-Opener-Policy
X-HS-Cache-Config
X-Daa-Tunnel
Server-Node
Cache-Tags
X-Ratelimit-Remaining
X-Distributor
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Hits
X-PressLabs-Stats
X-LB-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Origin-Server
X-Ezoic-Cdn
X-Ua-Browser
X-Ratelimit-Reset
Fastcgi-Cache
Filterid
Alternate-Protocol
X-Grace
X-Frontend
X-ORACLE-DMS-ECID
X-LLID
X-ORACLE-DMS-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Rid
X-Hostname
X-DIS-Request-ID
Server-Name
Healthy
X-Varnish-Backend
X-Logged-In
Realpath
X-FB-Debug
Cleartype
X-NGENIX-Cache
X-Geo-Country
X-Cluster-Name
X-Git-Hash
X-Debug-Info
X-Www-Served-By
X-Page-Id
Payment
X-Load-Cache
X-Forwarded-Proto
MS-Author-Via
X-Protected-By
DC
X-ASPNET-VERSION
Access-Control-Allow-Method
Content-Disposition
X-Origin-Cache
X-TTL
Charset
X-B3-Sampled
X-Upgrade-Enabled
X-GUploader-UploadID
X-Goog-Metageneration
X-DataDome
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-AppVersion
X-Proxy
X-Az
X-Activity-Id
X-Seen-By
X-Times
X-ECache
Count-Hit
X-F-Cache
X-Cache-Age
X-B3-Traceid
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
X-Whom
Cross-Origin-Resource-Policy
X-Fb-Rlafr
X-Akamai-Edgescape
X-B
X-Revision
X-Azure-Ref
X-Contextid
X-Type
Paypal-Debug-Id
Surrogate-Key
X-Request-Guid
X-Is-Crawler
X-Flags
X-Varnish-Server
X-Providence-Cookie
X-Route-Name
Viewport
X-App-Environment
Accept-Charset
X-Aspnet-Duration-Ms
X-Aspnetmvc-Version
X-TT
X-Wix-Request-Id
Retry-After
X-Hosted-By
X-Language
X-Signature
X-B-Cache
X-Envoy-Decorator-Operation
X-DynaTrace
X-Cache-Control
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-App-Server
X-Source
X-Magnolia-Registration
X-Varnish-Grace
X-Mobile
Amp-Access-Control-Allow-Source-Origin
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Host
WPO-Cache-Status
WPO-Cache-Message
Version
X-VCache
X-Server-ID
X-Cache-Rule
X-N
Refresh
X-HTML-Minification-Powered-By
Referer-Policy
X-Tumblr-Pixel
X-Varnish-Age
X-Original-Request-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cache-Time
Access-Control-Request-Headers
X-Amz-Apigw-Id
X-Response-Served-From
X-Amzn-RequestId
X-Tumblr-Pixel-1
X-EdgeConnect-Cache-Status
X-Rule
X-RTag
Ms-Operation-Id
MS-CV
X-UUID
Protected
X-Cache-Grace
SD-X-WS
X-Cache-Status-Check
X-Content-Powered-By
X-G
X-Jobs
X-User-Agent
X-Framework
X-Environment-Context
X-Device-Type
X-Cacheable-TTL
Section-Io-Cache
X-Backend-Name
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-FW-Version
X-FW-Static
X-FW-Server
X-FW-Serve
CDN-RequestId
X-L-Path
X-Page-View
X-ProcessESI
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
NGB
X-RemovedCookies
X-Status
X-Region
GEO-INFO
X-Tt-Trace-Tag
X-Tt-Trace-Host
From-Origin
Akamai-GRN
X-Is-Bot
X-Cache-Expired-At
X-Adobe-Loc
X-Rendered-As
X-Akamai-Request-ID2
Front
X-NYM-Debug-Backend
X-Http-Reason
X-Adobe-Content
X-Instance
X-Nginx-Cache
X-XRDS-LOCATION
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Unique-Id
X-Servername
Url
X-Trace-Id
Liferay-Portal
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Time
Accept-Language
X-Varnish-Ttl
X-Content-Options
SRV
X-RateLimit-Limit
Fastly-SWR
Fastly-SIE
X-Template
X-Fastly-Request-Id
X-Debug-IsPreview
X-Debug-IsConnected
X-Newrelic-App-Data
X-Air-Source
X-Zen-Fury
X-Air-Hostname
X-Air-Trace-Id
Backend
X-CDN-Forward
X-Cache-Hit
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-DynaTrace-JS-Agent
Country
X-Mode
X-Rocket-Nginx-Serving-Static
Content-Secure-Policy
X-COUNTRY
X-Uri
X-Cache-Operation
Node
X-RN-RSRV
X-Generation-Time
Webserver
X-Amzn-Remapped-Content-Length
Filters
X-UPSTREAM-Address
X-ARC
X-Content-Age
Onion-Location
Meta-Geo
S-Rt
X-Edge-Location
X-Proxy-Cache-Info
X-IPS-LoggedIn
X-Rewrite-Enabled
X-Tumblr-Pixel-3
X-Cache-Server
X-Tumblr-Pixel-2
Uber-Trace-Id
Azure-SiteName
Azure-SlotName
Azure-RegionName
CF-IPCountry
X-Proxy-Build
Selected-Fe
X-Timing-Wait
X-App-Version
X-PHP-Backend
Azure-Version
Azure-InstanceId
X-Tb
X-Web-Node
Cache-Hits
X-Origin-Date
X-PHP-Host
WP-Super-Cache
X-Say-Cacheable
X-Sucuri-Cache
X-Reqid
X-ProxyCache-Status
X-Proto
Countrycode
X-Server-W
X-Ms-Request-Id
X-ProxyCache-Key
X-Sucuri-ID
X-SayCDN-TTL
X-Ms-Version
X-Locale
X-Labrador-Cache-Channel
X-BYPASS-REASON
X-Say-TTL
X-Ua
X-Via-Fastly
X-Cms-Context
X-Cache-Action
Cache-Name
X-Soup
X-Skip-Cache
Cache-Tv-Group
X-Proxy-Cache-Status
X-LJ-Flow-ID
X-Format
X-Extlb
X-Origin-Hint
X-Proxied
X-IPLB-Instance
Webcakes-Region
X-Debug
X-Forwarded-Host
TWC-Device-Class
X-Cluster-Node
X-IPLB-Request-ID
TWC-Connection-Speed
TWC-GeoIP-Country
X-AWS-Id
TWC-Privacy
X-Cache-Host
Property-Id
TWC-GeoIP-LatLong
X-VC-Cache
Webcakes-App-Name
X-Site-Version
X-VWS-Id
ServerID
X-UA-Device-Type
X-Section
TWC-Locale-Group
X-Sql-Duration-Ms
X-Access
X-Sql-Count
Webcakes-App-Version
X-Zipkin-Id
X-Routing-Service
X-Cluster
X-Adobe-Source
X-JoinUs
X-FB-TRIP-ID
X-LAGOON
X-SaId
X-Handled-By
X-Real-IP
Web-Mar-Node
DB-Nickname
Apigw-Requestid
X-R9-Blue-Green-Version
X-No-Session
X-Ruxit-Js-Agent
X-Varnish-Beresp-Grace
X-Optimistic-Header
X-Urbn-Site-Id
X-Cache-TTL-Remaining
Mn-Server-Ip
ServedBy
X-Detected-As
Locale
Cross-Origin-Window-Policy
X-Urbn-Context-Path
X-GeoCode
X-GeoCountry
X-LSADC-Cache
X-Director
Fastcgi-Useragent
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Xfnlog-Site
X-Oneagent-Js-Injection
Mime-Version
X-Node-Name
Upgrade-Insecure-Requests
Source
X-Varnish-Hits
X-Tt-Logid
Frame-Options
X-GEO
X-Buckets
CDN-Cache
X-Hl-Ver
CDN-EdgeStorageId
CDN-CachedAt
X-Generated-By
CDN-RequestCountryCode
CDN-Uid
CDN-PullZone
Fastly-Drupal-HTML
Load-Balancing
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Varnish-Cache-Hits
X-SRV
X-Request-Time
X-FireWall-Port
Xet-Cookie
X-ServerID
X-Api-Version
X-TA-CDN-Provider
X-RM-Cache-TTL
X-Mg-Request-UUID
X-Varnish-Hostname
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Origin-TTL
X-Redis-Cache
X-Origin-CC
X-Datadog-Trace-Id
X-URL
X-Loop
X-Cache-Debug
X-TIME
CF-Cached-On
X-Akamai-Transformed
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Tx-Id
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Served-From
X-Pubstack
X-Storage
X-Endurance-Cache-Level
Xserver
X-Provided-By
X-Pass-Why
X-Newrelic-Synthetics
X-Restarts
X-Request-Host
X-CSRF-Token
X-Location
X-Service
Server-Info
X-Application
X-BCube-Filmed-By
X-Bc-Bl
X-B-Cookie
X-Akamai-Device-Characteristics
X-Aed
X-A-Dcw
X-A-Dam
A
X-A-Dgt
X-A-Wwc
X-Cache-Date
X-Cache-Info
X-Ec-GeoHdr
X-Developer
X-Epic-Correlation-Id
X-External-Request-Id
X-Hash
X-Gdpr
X-Destination
X-D
X-Cdn-Origin
X-Cache-NE
X-CMSURLCustom
X-Conf
X-CUA
X-Core-Mission
BehaviorPad-Version
X-A-Ccd
Origin
Odigeo-Trace-Id
Redirect-Candidate
Release
Rendered-Blocks
Edge-Cache
Gannett-Cam-Experience-Id
NM-Fastcgi-Cache
Lang
MD5-Digest
Memcached
Meta-Geo-Continent
Ngx.Var.Host
Host-ID
DSUID
Server-Host
Thinkindot-Control
Thinkindot-CacheControl-Type
Candidate-Md5Url
WWW-Authenticate
X-Httpd
X-A
Thinkindot-CacheControl
TDXMobile
DCR-Processing-Time-Ms
Sslversion
DCR-Decision-By
Surrogated-Key
T-Server
Cache-Host
X-Ec-Fail
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SRCache-Key
X-Sn-Servicetimems
X-Origin
X-Test
X-Mobile-URL
X-TIM-N
X-Thinkindot-L3
X-Origin-Time
X-Processor
X-S
X-S-Cookie
X-S-Maxage
X-ScT
X-Rojux
X-Rocket-Build-Number
X-Response-By
X-Sigma-Backend
X-Sigma
X-Mid
X-Nyt-Route
X-Vdms-Version
X-INCAP-ABP
X-We-Are-Hiring
X-Vdms-Path
Xc-Version
X-Loc
X-Men
HostName
X-WP-CF-Super-Cache-Active
X-Fetched-On
X-VServer
X-Slack-Backend
C-Via
Mail-Subject
X-Scale
We-Hiring
X-Auto-Login
X-Worker
Tube-Got-Eval
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Thanos
X-Server-IP
Req-Svc-Chain
X-Variation
X-Varnish-Remaining-TTL
Platform
X-Var-Ttl
Tube-Got-Results
Tube-Get-Contents
X-Vmg-Version
X-Slack-Shared-Secret-Outcome
Tube-Return
X-Accel-Expires-Debug
X-Level-Front-Cache
X-JWT-State
X-Esi-Check
Magicmarker
X-Ec-Custom-Error
X-DefHash
X-Dispatcher-Number
X-Dispatcher-Server
X-Is-Gdpr
X-Fastly-Backend
X-GeoIP-City
X-Gzip
X-Has-Esi
X-GeoIP
X-Geo-Header
X-Gamma-Serve
X-Generated-On
X-DefElseHash
X-Date
X-BBC-Edge-Cache-Status
X-Platform-Cluster
X-Platform
X-Platform-Processor
X-Platform-Router
X-Human
X-Ad-Defer-Variation
X-Req
X-Bip
X-Cache-Bucket
X-Org
X-Node-Id
X-Mvc-Supplant-Cachable
X-CacheTTL
X-Origin-Expires
X-Origin-Response-Time
X-Cache-Id
X-SD-PageType
X-HS-Content-Campaign-Id
Country-Code
Cmstype
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Cmsid
Click-Count-Error
X-TNCMS
Adler-Geo
CacheControlHeader
Click-Count-Action-Start
Expect-Staple
Cache-Key
Section-Io-Id
Gh-Request-Id
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Is-Eu
X-Air-Pt
X-Via-CDN
X-Varnish-Beresp-Ttl
Environment
X-FL-EDGE
X-Developers
X-Cdn-Srv
X-Cache-FS-Status
X-Region-Sid
X-Instance-Name
X-GeoIP-Region-Code
X-App
X-WA-Info
X-WADP-Cache
X-FL-QIT-DEBUG
X-Wix-Viewer-Type
X-Core-Value
X-Device-Os
X-Vcl-Version
Origin-EX
Origin-CC
Locid
On-Server
Srvid
X-Clara-WADP
X-Varnishpool
X-GeoIP-Country-Code
X-Release
X-Cache-Tags
X-Ckpd-Fst-Backend
X-DPWN-IS-SECURE
X-Mly-Id
X-Fastly-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-V-Cache
X-Forwarded-Site
X-Frame-Option
Datacenter
X-SB
Producers
X-Irp-Debug
Ssr
State
X-VC
CloudFront-Viewer-Country
AKAMAI
Kp-EeAlive
X-Accel-Buffering
X-Fmm-Version
X-NodeID
Web-Mar-Region
Vix-Hermes-Req-Id
X-Pool
X-FC-Vary-Parameters
Edge-Copy-Time
X-Via-SSL
X-Via-Edge
Apple-News-Services-Parsed-Url
X-Qloud-Router
X-VG-TLSProxy
Machine
Apple-News-Services-Host
X-Varnish-Beresp-Status
X-Request-Start
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-From
X-Azure-Ref-OriginShield
X-Platform-Server
L
Cache-Provider
Canary
X-Nginx-Cache-Key
X-Owner
PFcat
NGX
X-Old-Content-Length
X-VarnishDD-TTL
X-HN
Server-Ext
X-Ua-Device
Wxu-Next-Commit
User-Cache-Control
Sever-Int
Server-Hostname
Wxu-Next-Hostname
Wxu-Next-Region
X-Aicache-OS
X-Hnp-Log
X-Gen-Mode
X-Block-Status
X-Minions-Version
X-Parent-Response-Time
X-CACHE-AGE
X-Zone
X-Webkit-CSP-Report-Only
X-CGP
X-Cache-Enabled
HA-Ipaddr
X-Csrf-Jwt
X-Eu-Site
X-Mvc-Supplant-OutputCached
X-Nananana
Ha-Gx-Prefs
L5d-Success-Class
Fastly-SSL
X-Cache-Remote
X-Microcachable
X-NCache
X-Op-Id-All
CDCHOST
X-Lambda-Id
X-DC
X-Debug-Cache-Store
X-LB-NoCache
X-Refresh
X-RCS-CacheZone
X-Debug-Cache-Fetch
X-Up
X-B3-Spanid
X-Correlation-ID
X-VCT
X-Via-Poph
Env
X-Via-Popv
X-Via-Popn
X-Cache-Backend
Pics-Label
X-Tb-Optimization-Total-Bytes-Saved
X-Trace-ID
X-Dc
X-B3-SpanId
CPC-Cache
X-Cached-By
Decoy-Debug-TTL
CPC-Age
X-ND-Cache
X-Vtex-Remote-Cache
Decoy-Debug-Status
VNS-Age
Cluster
X-Render-Time
X-Generated-In
VNS-Cache
Decoy-Debug-Key
GeoIP-Latitude
NtCoent-Length
X-Upstream-Ht
AMP-Access-Control-Allow-Source-Origin
SID
X-Upstream-Ct
X-Hcs-Proxy-Type
Sid
X-CCDN-CacheTTL
Cache
X-CCDN-Origin-Time
X-HA-Backend
X-NWS-UUID-VERIFY
X-Cs
X-Cache-Type
X-Webkit-CSP
X-Tid
Memory
Time
X-LB-ID
X-TH-Server
X-Servedbyhost
X-HS-Status
X-Edge-Pop
X-DataCenter
X-Wa
X-Presslabs-Stats
X-Esi
X-AIR-PT
X-Nc
Fastly-Drupal-Html
X-ATG-Version
X-Client-Ip
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-NewRelic-App-Data
Server-ID
X-Varnish-Authentication
Svr
X-Vgn-Hpd-Ssi
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Via-JSL
Cdn
Srv
X-Srv
GeoIp-Country-Code
Uri
X-ZONE
X-Check-Cacheable
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-CF-Lambda-Fn
Esi-Enabled
X-MP-GENERATED-AT
X-CF-Lambda-Version
X-Fpc
XkeyRZ
X-Proxy-CacheRZ
X-CS
X-Amz-Meta-Cb-Modifiedtime
True-Client-IP
X-PAYTM-SRV-ID
X-Udemy-Cache-App-Namespace
X-Vc
X-CACHE-KEY
M-TraceId
X-Nf-Request-Id
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Datadome
Hostname
X-NGINX-Cache
X-Varnish-Beresp-TTL
YJS-ID
X-Forwarded-Path
X-Bl-Debug
Lb
XServer
X-CDN-Cache-Status
X-Orig-Expires
X-AK-Request-ID
X-Tenant
Cdnsip
X-API-Version
X-Shop-Environment
RNT-Time
RNT-Machine
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Gateway-Cache-Status
Cdncip
Resin-Trace
N-Cache
True-Client-Ip
X-Gateway-Skip-Cache
X-CSRF-TOKEN
X-EC-Lua
OT-Force-Account-Verify
X-MSEdge-Flight
X-MSEdge-Features
X-Via-NSCOPI
X-TX-ID
X-Fastly-Country-Code
X-FPC
X-App-Name
X-Policy
X-B3-Trace-ID
Sm-Log-Id
GeoIP-Country-Code
X-Service-Response-Time
Eomportal-Instance
CDN
Path
Server-Id
X-Cache-Ttl
X-Logging-Id
Ngx-Var-Key
X-CLOUD-TRACE-CONTEXT
Hit
X-Accel-Version
X-Vcache
X-WA
X-Micro-Cache
X-APP-VERSION
X-Git-Commit
X-Container-Uri
X-Cdn-Diag
X-Edge-POP
X-NC
X-VCL-Version
X-Datacenter
X-SIPLIST1
IsBot
X-Cache-NGX
X-MCACHE
X-Lb-Id
LB
X-Request-URI
HIT
X-ServedByHost
X-Cdn-Cache-Status
X-Ha-Backend
X-RateLimit-Reset
X-Cdn-Forward
X-Info
RATING
X-Tncms
Pramga
X-SERVER-NAME
X-LiteSpeed-Cache-Control
X-Geo
Timeexpire
X-Acquia-Purge-Cdn-Unconfigured
X-Srcache-Fetch-Status
X-Snapshot-Date
X-Srcache-Store-Status
XM
FSS-Cache
X-VG-WebCache
Geoip-Latitude
Location
Cross-Origin-Opener-Policy-Report-Only
V-Age
X-Akamai-Pragma-Client-IP
Tcn
X-TT-LOGID
X-Via-PopV
X-Via-PopN
True-Client-Country-4JS
Yjs-Id
X-Ctl-Mach
Req-ID
X-Lb-Nocache
CDN-RequestPullSuccess
X-Via-PopH
Epwk-X-Cache
X-Pod-Name
X-LiteSpeed-Tag
X-Clientip
CDN-RequestPullCode
Ohc-File-Size
ENV
X-HostName
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Iauth-Set-Uid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Serial
X-Hyper-Cache
X-TRACE-ID
X-Dw-Trace-Id
X-Amz-Meta-Opti
X-M-Reqid
X-M-Log
Warning
X-Oss-Server-Time
X-Cdn-Request-ID
X-Cache-Expires
W
Content-Style-Type
WZWS-RAY
Cneonction
Proxy-Connection
X-UP
Ec-Rule-Version
X-Fastly-Backend-Reqs
X-Oss-Request-Id
X-RAMCache
X-Oss-Object-Type
X-Qnm-Cache
X-Oss-Hash-Crc64ecma
Servername
Content-Script-Type
X-Oss-Storage-Class
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Lsadc-Cache
X-MiniProfiler-Ids
CountryCode
X-Akamai-ERPolicy
PICS-Label
X-WP-CF-Super-Cache-Cookies-Bypass
X-Akamai-ERRuleID
Ohc-Cache-HIT
X-Th-Server
My-App
MIME-Version
X-B3-ParentSpanId
X-IPS-Cached-Response
X-B3-Parentspanid
Ngx
X-Litespeed-Cache-Control
X-Webstats-RespID
X-Fastly-Cache-Hits
X-Swift-Error
X-Mg-Cache