Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Generator
X-Cache-Status
X-Check
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Status
Upgrade
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-UA-Device
X-Amz-Request-Id
X-Cache-Group
X-Amz-Id-2
EagleId
X-Backend
X-AH-Environment
X-Proxy-Cache
P3p
Keep-Alive
X-Server
X-Ua-Compatible
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Apo-Via
X-Device
Cf-Railgun
X-WebKit-CSP
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Server-Id
X-Host
X-Ruxit-JS-Agent
EagleEye-TraceId
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Content-Security-Policy-Report-Only
Accept-Ch-Lifetime
X-HW
X-Cache-Lookup
X-Cloud-Trace-Context
X-Cache-Spec
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Application-Context
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Litespeed-Cache
Content-Location
X-Mcache
X-Country
X-MS-InvokeApp
X-Content-Type
X-Url
X-Clacks-Overhead
Accept-CH-Lifetime
X-TtlSet
X-PC
X-Vname
X-Midtier
X-Amz-Server-Side-Encryption
X-CST
Rating
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-ECACHE
X-D2id
X-Rack-Cache
X-Element-Page-Cache
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
Origin-Trial
Verso
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
X-Ac
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-Cnection
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
X-Client-IP
X-Webkit-Csp
Xkey
Edge-Control
SPIisLatency
X-Abt-Application-Version
SPRequestDuration
X-Cache-TTL
X-Upstream
X-Ttl
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-B3-TraceId
X-Cached
X-Dw-Request-Base-Id
X-Mg-S
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-NWS-LOG-UUID
X-Px
X-Middleton-Display
Display
X-Sol
Pagespeed
Accept-Ch
X-NF-Request-ID
X-FastCGI-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-Correlation-Id
Edge-Cache-Tag
X-Forwarded-For
X-Cache-Key
X-Country-Code
X-Goog-Hash
X-Ser
X-Powered-CMS
X-Id
AR-SID
AR-PoweredBy
AR-ATIME
Content-MD5
AR-CACHE
AR-Request-ID
Front-End-Https
Public-Key-Pins
TCN
X-Amzn-Trace-Id
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Version
X-MSEdge-Ref
X-Ratelimit-Limit
X-T
X-Content-Digest
X-Recruiting
X-Middleton-Response
Response
X-RateLimit-Remaining
X-Accel-Expires
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
S
Cache-Status
Nginx-Cache
X-XRDS-Location
X-Fastly-Request-ID
X-Fastcgi-Cache
X-Request-Processing-Time
X-Request-Received
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
Cross-Origin-Opener-Policy
Server-Node
Cache-Tags
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Daa-Tunnel
MRF-Tech
X-Distributor
X-Hits
X-Ratelimit-Remaining
X-LB-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
X-Origin-Server
X-Ua-Browser
X-PressLabs-Stats
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Ratelimit-Reset
Filterid
Fastcgi-Cache
X-ORACLE-DMS-RID
Alternate-Protocol
X-LLID
X-Frontend
X-Grace
X-Request-Handler-Origin-Region
X-Microsite
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Rid
X-Hostname
Realpath
X-Logged-In
X-DIS-Request-ID
Healthy
Server-Name
X-FB-Debug
X-Git-Hash
X-Varnish-Backend
Cleartype
X-Www-Served-By
X-NGENIX-Cache
X-Geo-Country
X-Cluster-Name
Payment
X-Page-Id
X-Debug-Info
DC
X-Load-Cache
X-Protected-By
MS-Author-Via
X-TTL
X-Forwarded-Proto
X-Origin-Cache
Access-Control-Allow-Method
X-ASPNET-VERSION
Content-Disposition
Charset
X-Upgrade-Enabled
X-B3-Sampled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Goog-Metageneration
X-GUploader-UploadID
X-AppVersion
X-Az
X-Activity-Id
X-Proxy
X-DataDome
X-Seen-By
Count-Hit
X-Amz-Meta-S3cmd-Attrs
X-Whom
X-Azure-Ref
X-F-Cache
X-Amz-Replication-Status
X-Fb-Rlafr
Paypal-Debug-Id
X-Times
Cross-Origin-Resource-Policy
X-Revision
X-B
Accept-Charset
X-Type
X-Contextid
X-ECache
Surrogate-Key
X-Akamai-Edgescape
X-App-Environment
Viewport
X-Varnish-Server
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-Flags
X-Aspnet-Duration-Ms
X-Cache-Age
X-Request-Guid
X-B3-Traceid
X-TT
Retry-After
X-Wix-Request-Id
X-Aspnetmvc-Version
X-Hosted-By
X-Envoy-Decorator-Operation
X-Language
X-DynaTrace
X-Cache-Control
X-Signature
X-B-Cache
X-Varnish-Grace
X-Mobile
X-Magnolia-Registration
X-Source
X-App-Server
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Version
WPO-Cache-Message
WPO-Cache-Status
Host
X-VCache
Amp-Access-Control-Allow-Source-Origin
Refresh
X-Amz-Apigw-Id
X-Amzn-RequestId
X-N
X-Server-ID
X-HTML-Minification-Powered-By
Referer-Policy
X-Cache-Rule
X-Tumblr-Pixel-1
X-XRDS-LOCATION
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cache-Time
Access-Control-Request-Headers
X-Original-Request-Id
X-Tumblr-Pixel
X-Response-Served-From
X-Varnish-Age
X-Rule
X-EdgeConnect-Cache-Status
X-G
X-RTag
X-Jobs
X-UUID
X-Framework
Protected
X-Trace-Id
X-Content-Powered-By
X-Cacheable-TTL
Ms-Operation-Id
MS-CV
SD-X-WS
X-User-Agent
X-ProcessESI
X-Environment-Context
X-L-Path
X-Backend-Name
X-Cache-Grace
X-RemovedCookies
X-FW-Dynamic
X-Status
GEO-INFO
VIX-Pulpo-Node
From-Origin
NGB
Section-Io-Cache
X-FW-Hash
VIX-Pulpo-Upstream-Status
Akamai-GRN
X-FW-Version
X-Tt-Trace-Host
X-Device-Type
X-FW-Static
X-FW-Server
X-Region
X-FW-Serve
X-FW-Type
X-Tt-Trace-Tag
Front
X-Rendered-As
X-Http-Reason
X-Akamai-Request-ID2
X-Cache-Status-Check
X-Page-View
X-Is-Bot
X-Drupal-Cache-Tags
X-Adobe-Content
X-Cache-Expired-At
X-NYM-Debug-Backend
X-Instance
X-Drupal-Cache-Contexts
X-Adobe-Loc
CDN-RequestId
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Unique-Id
X-RateLimit-Limit
X-Nginx-Cache
Url
X-Servername
X-COUNTRY
Liferay-Portal
Accept-Language
X-Content-Options
X-Time
X-Template
Fastly-SWR
Fastly-SIE
X-Varnish-Ttl
X-Air-Hostname
X-CDN-Forward
X-Air-Trace-Id
X-Air-Source
Backend
X-Debug-IsPreview
X-Debug-IsConnected
X-Zen-Fury
X-Cache-Hit
SRV
X-Fastly-Request-Id
X-DynaTrace-JS-Agent
X-Yottaa-Optimizations
X-Newrelic-App-Data
X-Yottaa-Metrics
Country
X-Mode
X-Rocket-Nginx-Serving-Static
Content-Secure-Policy
X-Uri
Node
X-Cache-Operation
X-ARC
X-Edge-Location
Webserver
S-Rt
X-Cache-Server
X-Rewrite-Enabled
X-Tumblr-Pixel-2
X-RN-RSRV
X-Tumblr-Pixel-3
X-Amzn-Remapped-Content-Length
Filters
Meta-Geo
Onion-Location
X-UPSTREAM-Address
X-Proxy-Cache-Info
X-Generation-Time
X-IPS-LoggedIn
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-App-Version
X-Content-Age
X-Timing-Wait
CF-IPCountry
Cache-Hits
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-Version
Selected-Fe
Countrycode
X-Locale
X-PHP-Backend
Uber-Trace-Id
X-Proxy-Build
WP-Super-Cache
X-Ms-Request-Id
X-Web-Node
X-Sucuri-ID
X-Via-Fastly
X-Tb
X-Soup
X-BYPASS-REASON
X-Cache-Action
X-Cms-Context
X-Ms-Version
X-ProxyCache-Key
X-ProxyCache-Status
Cache-Name
X-Skip-Cache
X-Site-Version
X-Reqid
X-Sucuri-Cache
X-Ua
X-Server-W
X-Section
X-Routing-Service
TWC-Locale-Group
X-Say-TTL
Cache-Tv-Group
X-Proxy-Cache-Status
X-Format
X-LJ-Flow-ID
X-Origin-Hint
X-Proxied
X-Say-Cacheable
X-UA-Device-Type
X-Origin-Date
X-PHP-Host
X-IPLB-Instance
X-IPLB-Request-ID
X-Labrador-Cache-Channel
X-Cache-Host
X-Proto
X-VWS-Id
X-Zipkin-Id
ServerID
X-Cluster-Node
X-Extlb
X-SayCDN-TTL
TWC-GeoIP-LatLong
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Device-Class
Property-Id
X-AWS-Id
X-Access
TWC-Connection-Speed
TWC-Privacy
TWC-GeoIP-Country
X-Forwarded-Host
DB-Nickname
X-JoinUs
X-LAGOON
Cross-Origin-Window-Policy
X-Sql-Count
X-R9-Blue-Green-Version
Web-Mar-Node
X-Cluster
X-Debug
X-Sql-Duration-Ms
Apigw-Requestid
X-Optimistic-Header
X-VC-Cache
X-SaId
X-No-Session
X-Handled-By
X-Urbn-Site-Id
X-Urbn-Context-Path
X-FB-TRIP-ID
X-Real-IP
X-Adobe-Source
X-Cache-TTL-Remaining
X-Varnish-Beresp-Grace
X-Detected-As
Locale
Mn-Server-Ip
X-LSADC-Cache
ServedBy
X-Director
X-Node-Name
X-Xfnlog-Site
X-Ruxit-Js-Agent
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Fastcgi-Useragent
Frame-Options
X-GeoCountry
X-GeoCode
Mime-Version
Upgrade-Insecure-Requests
X-Tt-Logid
X-Varnish-Hits
Source
X-Oneagent-Js-Injection
Fastly-Drupal-HTML
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-Cache
X-Api-Version
CDN-Uid
CDN-CachedAt
Load-Balancing
X-Generated-By
X-Hl-Ver
X-GEO
X-Varnish-Cache-Hits
Xet-Cookie
X-Buckets
X-ServerID
X-TIME
X-FireWall-Port
X-Request-Time
X-Varnish-Hostname
X-RM-Cache-TTL
X-Mg-Request-UUID
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Origin-TTL
X-SRV
X-Origin-CC
X-Redis-Cache
CF-Cached-On
X-TA-CDN-Provider
X-URL
X-Cache-Debug
X-Loop
X-Akamai-Transformed
X-Served-From
X-Storage
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShardId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Pubstack
Xserver
X-Endurance-Cache-Level
X-Provided-By
X-Restarts
X-Tx-Id
X-Pass-Why
X-Newrelic-Synthetics
X-Request-Host
X-Location
Cache-Host
X-Hash
X-Ec-Fail
BehaviorPad-Version
Candidate-Md5Url
X-Epic-Correlation-Id
X-INCAP-ABP
DCR-Decision-By
X-External-Request-Id
X-Gdpr
X-Ec-GeoHdr
X-Fetched-On
A
Meta-Geo-Continent
WWW-Authenticate
X-A
X-A-Ccd
X-A-Dam
X-CMSURLCustom
Thinkindot-Control
T-Server
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-A-Dcw
X-A-Dgt
X-Bip
X-Cache-NE
X-Cache-Date
X-Cache-Info
X-BCube-Filmed-By
X-Bc-Bl
X-A-Wwc
X-Aed
X-Application
X-B-Cookie
X-Conf
Surrogated-Key
Lang
MD5-Digest
Memcached
Ngx.Var.Host
Host-ID
X-Destination
DSUID
Edge-Cache
X-Developer
Gannett-Cam-Experience-Id
NM-Fastcgi-Cache
Odigeo-Trace-Id
Rendered-Blocks
Server-Host
X-Core-Mission
Sslversion
Release
Redirect-Candidate
X-D
Origin
X-CUA
DCR-Processing-Time-Ms
X-Generated-On
X-SVT-ORM-VERSION
X-Origin
X-SVT-ORM-RULES
X-SRCache-Key
X-Sigma-Backend
X-Test
X-Thanos
X-Mobile-URL
X-Vdms-Path
X-Nyt-Route
X-TIM-N
X-Sigma
X-ScT
X-Rocket-Build-Number
X-Processor
X-We-Are-Hiring
X-CSRF-Token
X-Rojux
Xc-Version
X-S-Maxage
X-S-Cookie
X-S
X-Origin-Time
X-Vdms-Version
X-Thinkindot-L3
X-Mid
X-Men
X-Level-Front-Cache
Server-Info
X-Httpd
X-Service
Fastly-GeoIP-CountryCode
Gh-Request-Id
X-Dispatcher-Number
X-Org
We-Hiring
Fastly-Backend-Name
X-Ec-Custom-Error
Cmstype
Cmsid
CloudFront-Viewer-Country
Click-Count-Error
C-Via
X-Region-Sid
Tube-Return
X-Response-By
X-Req
X-Dispatcher-Server
Tube-Get-Contents
X-Loc
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Server-IP
X-HS-Content-Campaign-Id
X-Origin-Response-Time
Req-Svc-Chain
X-SD-PageType
X-Sn-Servicetimems
X-Auto-Login
Magicmarker
Click-Count-Action-Start
Tube-Got-Eval
Mail-Subject
X-Gzip
X-Date
X-Human
Tube-Got-Results
Country-Code
X-Mvc-Supplant-Cachable
X-Fastly-Backend
X-Fastly-Cache
X-Varnishpool
X-Pool
X-Akamai-Device-Characteristics
X-Esi-Check
X-Cache-Id
X-Platform-Router
X-BBC-Edge-Cache-Status
X-Gamma-Serve
X-Scale
X-Cache-Bucket
X-Platform
X-Geo-Header
X-Platform-Processor
X-Platform-Cluster
X-Node-Id
X-CacheTTL
X-Var-Ttl
AKAMAI
X-Cdn-Origin
Cache-Key
CacheControlHeader
X-Accel-Expires-Debug
X-CACHE-AGE
Section-Io-Id
X-Via-CDN
X-Vcl-Version
Section-Io-Origin-Status
X-WP-CF-Super-Cache-Active
Section-Origin-Responded
X-Varnish-Beresp-Ttl
Environment
Section-Io-Origin-Time-Seconds
HostName
X-Irp-Debug
X-JWT-State
X-Has-Esi
X-Planisys-CDN-Rules
X-Ckpd-Fst-Backend
X-Planisys-CDN-TTL
X-Is-Gdpr
X-Cache-FS-Status
X-Ad-Defer-Variation
X-Owner
Vix-Hermes-Req-Id
Web-Mar-Region
X-Planisys-CDN-Cache
Srvid
X-TNCMS
X-Azure-Ref-OriginShield
X-Clara-WADP
X-Worker
X-WA-Info
X-NodeID
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Instance-Name
X-Varnish-CookieHashed-On
Adler-Geo
X-FL-EDGE
X-FL-QIT-DEBUG
Canary
X-Variation
X-FC-Vary-Parameters
X-VServer
Origin-CC
On-Server
Locid
X-Mly-Id
Origin-EX
X-Nginx-Cache-Key
X-Fmm-Version
X-Forwarded-Site
X-Frame-Option
X-V-Cache
X-Developers
X-Vmg-Version
X-DefElseHash
X-GeoIP-Region-Code
Machine
Platform
X-Core-Value
Ssr
X-SB
X-WADP-Cache
X-DefHash
Kp-EeAlive
X-Cdn-Srv
X-GeoIP-City
X-GeoIP
Datacenter
X-Device-Os
Expect-Staple
Is-Eu
X-Origin-Expires
X-GeoIP-Country-Code
State
X-Via-SSL
X-Air-Pt
Edge-Copy-Time
X-Via-Edge
X-Op-Id-All
L
PFcat
X-From
Cache-Provider
Server-Ext
X-Hnp-Log
X-Minions-Version
X-NCache
Apple-News-Services-Request-Url
X-HN
X-Wix-Viewer-Type
Apple-News-Services-Handled
X-Qloud-Router
X-Release
X-VG-TLSProxy
Apple-News-Services-Host
X-VC
X-Gen-Mode
Sever-Int
X-VarnishDD-TTL
X-Old-Content-Length
X-Zone
Apple-News-Services-Parsed-Url
X-Block-Status
Wxu-Next-Commit
X-Accel-Buffering
Producers
Wxu-Next-Hostname
NGX
Wxu-Next-Region
X-Aicache-OS
User-Cache-Control
Server-Hostname
X-App
X-Cache-Tags
X-DPWN-IS-SECURE
X-Csrf-Jwt
X-CGP
X-Varnish-Beresp-Status
X-Eu-Site
X-Request-Start
X-Mvc-Supplant-OutputCached
X-Platform-Server
X-Nananana
L5d-Success-Class
X-Ua-Device
Ha-Gx-Prefs
X-Microcachable
X-Cache-Remote
X-RCS-CacheZone
HA-Ipaddr
CDCHOST
X-Parent-Response-Time
X-Webkit-CSP-Report-Only
X-Debug-Cache-Store
X-Lambda-Id
X-Up
Fastly-SSL
X-Debug-Cache-Fetch
X-Cache-Enabled
X-VCT
X-LB-NoCache
X-B3-SpanId
AMP-Access-Control-Allow-Source-Origin
X-Dc
X-Tb-Optimization-Total-Bytes-Saved
X-DC
X-Via-Poph
X-Via-Popv
Pics-Label
X-Via-Popn
X-B3-Spanid
X-Correlation-ID
VNS-Age
X-Render-Time
X-Presslabs-Stats
CPC-Cache
X-Vtex-Remote-Cache
X-Refresh
X-Cached-By
CPC-Age
X-Upstream-Ht
VNS-Cache
Env
X-Generated-In
X-Cache-Backend
X-Upstream-Ct
Sid
X-Trace-ID
X-CCDN-Origin-Time
X-Cs
Decoy-Debug-Status
Cluster
Cache
Decoy-Debug-TTL
Memory
X-ND-Cache
X-CCDN-CacheTTL
Time
X-Hcs-Proxy-Type
Decoy-Debug-Key
X-HA-Backend
GeoIP-Latitude
NtCoent-Length
X-Cache-Type
SID
X-TH-Server
X-AIR-PT
X-NWS-UUID-VERIFY
X-Webkit-CSP
X-NewRelic-App-Data
X-Tid
Srv
X-ATG-Version
X-Servedbyhost
X-LB-ID
X-Edge-Pop
X-HS-Status
X-Via-JSL
X-DataCenter
Server-ID
X-Esi
X-Wa
Fastly-Drupal-Html
X-Srv
X-Nc
Cdn
GeoIp-Country-Code
X-Client-Ip
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Svr
X-Check-Cacheable
X-MP-GENERATED-AT
X-RateLimit-Remaining-Second
X-CF-Lambda-Version
X-CF-Lambda-Fn
Esi-Enabled
X-Vgn-Hpd-Variations-Key
X-PAYTM-SRV-ID
X-Vgn-Hpd-Ssi
X-RateLimit-Limit-Second
X-Vgn-Hpd-Cached
Uri
X-ZONE
True-Client-IP
X-Fpc
X-Amz-Meta-Cb-Modifiedtime
X-Vc
X-Datadome
XkeyRZ
X-Proxy-CacheRZ
X-NGINX-Cache
YJS-ID
X-CS
X-Wikidot-Static-Cache
X-Wikidot-Backend
Hostname
X-Udemy-Cache-App-Namespace
X-CDN-Cache-Status
N-Cache
X-CSRF-TOKEN
X-Orig-Expires
X-Forwarded-Path
X-Bl-Debug
RNT-Machine
Lb
M-TraceId
RNT-Time
X-Tenant
X-Nf-Request-Id
X-CACHE-KEY
X-Shop-Environment
Resin-Trace
X-TX-ID
X-Varnish-Beresp-TTL
Cdncip
X-MSEdge-Flight
Cdnsip
True-Client-Ip
X-MSEdge-Features
XServer
X-AK-Request-ID
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Skip-Cache
OT-Force-Account-Verify
X-Gateway-Cache-Key
X-EC-Lua
X-Via-NSCOPI
X-FPC
X-App-Name
X-API-Version
X-Policy
X-Fastly-Country-Code
X-B3-Trace-ID
X-Logging-Id
Sm-Log-Id
X-Service-Response-Time
Eomportal-Instance
CDN
X-Cache-Ttl
Path
Server-Id
GeoIP-Country-Code
X-Git-Commit
X-Container-Uri
X-Cdn-Diag
X-Lb-Id
X-Accel-Version
Hit
X-APP-VERSION
X-Datacenter
X-Micro-Cache
Ngx-Var-Key
X-Vcache
X-WA
X-CLOUD-TRACE-CONTEXT
X-SIPLIST1
X-MCACHE
HIT
X-NC
LB
IsBot
X-Cache-NGX
X-VCL-Version
X-ServedByHost
X-RateLimit-Reset
X-Edge-POP
X-Ha-Backend
X-Geo
X-Request-URI
X-Cdn-Forward
X-Akamai-Pragma-Client-IP
X-Info
X-Acquia-Purge-Cdn-Unconfigured
X-Tncms
XM
X-VG-WebCache
X-SERVER-NAME
X-Cdn-Cache-Status
Pramga
V-Age
RATING
X-Srcache-Store-Status
X-Clientip
Cross-Origin-Opener-Policy-Report-Only
CDN-RequestPullCode
X-Rebelmouse-Surrogate-Control
CDN-RequestPullSuccess
Geoip-Latitude
X-Snapshot-Date
ENV
Timeexpire
Location
X-Rebelmouse-Cache-Control
FSS-Cache
X-Srcache-Fetch-Status
Tcn
X-TT-LOGID
True-Client-Country-4JS
X-Via-PopH
X-Ctl-Mach
X-Lb-Nocache
Req-ID
Epwk-X-Cache
X-Via-PopV
X-Via-PopN
X-Pod-Name
Ohc-File-Size
Yjs-Id
X-Iauth-Set-Uid
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-HostName
X-LiteSpeed-Cache-Control
X-TimeS
W
X-Dw-Trace-Id
X-Serial
X-Amz-Meta-Opti
X-Hyper-Cache
X-M-Log
X-M-Reqid
Warning
X-LiteSpeed-Tag
X-Vgn-Hpd-Reason
X-Cdn-Request-ID
X-Viewer-Country
X-Cache-Expires
Proxy-Connection
X-Litespeed-Cache-Control
WZWS-RAY
X-UP
X-RAMCache
Cneonction
Ec-Rule-Version
Cdn-Requestid
X-ApacheServer
X-Oss-Request-Id
X-Fastly-Backend-Reqs
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Content-Style-Type
Content-Script-Type
X-PERF
X-Oss-Server-Time
X-User
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Qnm-Cache
Servername
X-Lsadc-Cache
X-MiniProfiler-Ids
CountryCode
X-WP-CF-Super-Cache-Cookies-Bypass
X-Moov-Xdn-Version
X-Akamai-ERPolicy
X-Moov-T
X-Akamai-ERRuleID
Inserted-Into-Cache-At
X-Th-Server
My-App
X-B3-Parentspanid
MIME-Version
X-B3-ParentSpanId
X-IPS-Cached-Response
Ngx
X-Swift-Error
Ohc-Cache-HIT
X-Mg-Cache
X-Webstats-RespID
X-Fastly-Cache-Hits
PICS-Label