Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-Request-Id
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
X-Ua-Compatible
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
Grace
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Cf-Apo-Via
X-Page-Speed
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Cache-Lookup
X-Readtime
X-Ruxit-JS-Agent
X-HW
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
Accept-Ch-Lifetime
Permissions-Policy
X-CST
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
Fastly-Restarts
Accept-CH-Lifetime
X-Edge
Content-Location
X-Country
X-Content-Type
X-WebKit-CSP-Report-Only
X-Mcache
X-ECACHE
X-Clacks-Overhead
Rating
X-MS-InvokeApp
X-Url
X-TtlSet
X-Vname
X-PC
X-Midtier
X-Amz-Server-Side-Encryption
RTSS
X-VARITI-CCR
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-Varnish-TTL
X-Element-Page-Cache
X-D2id
Verso
X-Ac
Origin-Trial
X-Server-Name
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Variant
X-Rack-Cache
X-Cnection
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-ESI
Xkey
X-Navigation-Version
X-GitHub-Request-Id
X-Client-IP
X-Abt-Application-Version
X-NWS-LOG-UUID
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
Edge-Control
X-Cached
X-Ttl
X-Px
X-Mg-S
X-Server-Lifecycle-Phase
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
Arr-Disable-Session-Affinity
X-Fastcgi-Cache
X-Litespeed-Cache
X-Upstream
SPRequestDuration
SPIisLatency
X-Cache-Key
Display
X-Sol
Pagespeed
X-Middleton-Display
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Correlation-Id
Access-Control-Request-Method
Edge-Cache-Tag
X-Goog-Hash
X-Daa-Tunnel
Front-End-Https
X-NF-Request-ID
X-Country-Code
X-RateLimit-Remaining
Public-Key-Pins
X-Version
X-XRDS-Location
X-Forwarded-For
X-Powered-CMS
AR-SID
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
X-Id
TCN
X-MSEdge-Ref
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-T
X-Recruiting
X-Content-Digest
X-Accel-Expires
X-Middleton-Response
Response
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Shield-Request-Id
X-Ser
TP-Cache
TP-L2-Cache
X-Amzn-Trace-Id
Nginx-Cache
S
X-Fastly-Request-ID
X-Hits
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
Server-Node
Cache-Status
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-Distributor
X-Edge-Location-Klb
X-Kinsta-Cache
Cache-Tags
MicrosoftSharePointTeamServices
X-Grace
Fastcgi-Cache
Alternate-Protocol
Server-Name
X-DataDome
X-Protected-By
X-Ratelimit-Limit
X-TTL
X-Ezoic-Cdn
X-DIS-Request-ID
X-Origin-Server
X-Geo-Country
X-Ua-Browser
X-LB-Cache
X-Ruxit-Js-Agent
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Request-Handler-Origin-Region
X-Microsite
X-Frontend
X-Rid
X-Debug-Info
X-Varnish-Backend
X-Ratelimit-Reset
Cleartype
X-Logged-In
Healthy
Cross-Origin-Opener-Policy
X-Www-Served-By
Filterid
Payment
X-NGENIX-Cache
X-Forwarded-Proto
X-Git-Hash
X-FB-Debug
X-Page-Id
X-Load-Cache
X-Ratelimit-Remaining
Charset
X-B3-Sampled
Content-Disposition
X-Webkit-Csp
X-PressLabs-Stats
X-VCache
X-ASPNET-VERSION
X-LLID
X-Cluster-Name
X-Origin-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
DC
X-FastCGI-Cache
MS-Author-Via
X-Hostname
X-GUploader-UploadID
X-Goog-Metageneration
Retry-After
X-Upgrade-Enabled
Accept-Charset
Access-Control-Allow-Method
X-Proxy
X-F-Cache
X-Az
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-AppVersion
X-Activity-Id
Cross-Origin-Resource-Policy
X-Type
X-B-Cache
X-Contextid
X-Signature
X-Amz-Replication-Status
Viewport
X-Varnish-Server
X-Flags
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-Providence-Cookie
Accept-Ch
X-Revision
X-Amz-Meta-S3cmd-Attrs
X-Aspnet-Duration-Ms
Paypal-Debug-Id
X-Azure-Ref
X-Whom
X-Seen-By
X-Wix-Request-Id
X-TT
X-B
X-Hosted-By
X-RateLimit-Limit
Amp-Access-Control-Allow-Source-Origin
X-Fb-Rlafr
Surrogate-Key
X-DynaTrace
Realpath
X-App-Environment
X-Source
Referer-Policy
X-Aspnetmvc-Version
Count-Hit
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Akamai-Edgescape
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-App-Server
X-Mobile
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Host
X-Cache-Control
X-HTML-Minification-Powered-By
X-EdgeConnect-Cache-Status
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Response-Served-From
X-Tumblr-Pixel-0
X-Original-Request-Id
Version
X-N
X-Tumblr-User
X-Varnish-Grace
X-Cache-Rule
Refresh
X-Oneagent-Js-Injection
X-Varnish-Age
X-Magnolia-Registration
X-UUID
MS-CV
SD-X-WS
VIX-Pulpo-Upstream-Status
X-Envoy-Decorator-Operation
Access-Control-Request-Headers
Ms-Operation-Id
X-Cache-Time
VIX-Pulpo-Node
X-RTag
X-Rule
Section-Io-Cache
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Environment-Context
X-Content-Powered-By
X-Adobe-Loc
Akamai-GRN
X-FW-Server
X-Status
X-FW-Type
X-L-Path
Protected
X-Cache-Status-Check
X-FW-Static
X-Cache-Grace
X-Page-View
X-FW-Version
X-Adobe-Content
X-Cache-Expired-At
NGB
GEO-INFO
X-G
X-Servername
X-Rendered-As
X-Language
X-Cache-Age
X-Cacheable-TTL
X-RemovedCookies
X-ProcessESI
X-Jobs
X-Is-Bot
X-NYM-Debug-Backend
X-Http-Reason
X-Template
X-Device-Type
X-Instance
X-Framework
Url
X-Backend-Name
X-User-Agent
X-Akamai-Request-ID2
X-Debug-IsPreview
X-Nginx-Cache
X-Debug-IsConnected
X-CDN-Forward
X-B3-Traceid
SRV
X-Newrelic-App-Data
X-Drupal-Cache-Contexts
X-Yottaa-Optimizations
X-Drupal-Cache-Tags
X-Yottaa-Metrics
CDN-RequestId
From-Origin
WPO-Cache-Message
WPO-Cache-Status
X-Cache-Hit
X-Tb
X-Trace-Id
X-Pinterest-Rid
X-Region
Pinterest-Version
Pinterest-Generated-By
Country
X-Tt-Logid
Accept-Language
Front
X-Node-Name
X-URL
X-Real-IP
X-Amzn-RequestId
Fastly-Drupal-HTML
X-Amz-Apigw-Id
X-VC-Cache
Uber-Trace-Id
Backend
X-Content-Options
X-Mode
Content-Secure-Policy
X-DynaTrace-JS-Agent
Fastly-SIE
X-Unique-Id
Fastly-SWR
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Operation
X-Tec-Api-Origin
X-Generation-Time
X-COUNTRY
X-Rewrite-Enabled
X-Tumblr-Pixel-2
X-RN-RSRV
Filters
Meta-Geo
X-Time
X-UPSTREAM-Address
Azure-SlotName
X-Format
X-Section
Onion-Location
X-Proxy-Cache-Info
X-Access
X-Rocket-Nginx-Serving-Static
Azure-Version
Azure-SiteName
X-Zen-Fury
X-IPS-LoggedIn
X-Amzn-Remapped-Content-Length
Azure-InstanceId
X-Cache-Server
X-Web-Node
CF-IPCountry
Azure-RegionName
X-Cache-TTL-Remaining
X-Cache-Action
X-Cms-Context
X-Debug
Webserver
Apigw-Requestid
X-Cache-Host
X-Adobe-Source
X-Sql-Count
X-Sucuri-ID
X-Say-TTL
X-Ua
X-Reqid
X-Sql-Duration-Ms
X-Sucuri-Cache
X-Say-Cacheable
X-Proxy-Cache-Status
X-SayCDN-TTL
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
X-Ms-Request-Id
TWC-Connection-Speed
X-AWS-Id
Webcakes-App-Version
X-Proto
X-R9-Blue-Green-Version
X-ProxyCache-Status
Cross-Origin-Window-Policy
S-Rt
ServerID
TWC-Device-Class
X-BYPASS-REASON
Web-Mar-Node
X-Ms-Version
X-Locale
TWC-GeoIP-Country
X-LJ-Flow-ID
X-Cluster
X-Content-Age
X-Edge-Location
X-Forwarded-Host
X-GeoCode
X-ProxyCache-Key
X-UA-Device-Type
X-Via-Fastly
X-Origin-Hint
Webcakes-Region
X-VWS-Id
X-PHP-Backend
X-Server-W
X-Varnish-Beresp-Grace
X-Soup
X-Skip-Cache
Property-Id
X-GeoCountry
CDN-Uid
CDN-Cache
Node
Cache-Name
X-TIME
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
X-PHP-Host
X-Extlb
X-JoinUs
X-No-Session
X-Proxied
X-LSADC-Cache
X-Labrador-Cache-Channel
X-LAGOON
X-Urbn-Context-Path
X-Handled-By
X-Site-Version
Cache-Hits
X-Cluster-Node
X-Zipkin-Id
X-SaId
X-Detected-As
X-Xfnlog-Site
X-Routing-Service
X-Urbn-Site-Id
Locale
X-Fastly-Request-Id
Mn-Server-Ip
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Selected-Fe
X-Proxy-Build
X-Timing-Wait
WP-Super-Cache
DB-Nickname
X-SRV
Fastcgi-Useragent
X-IPLB-Request-ID
X-IPLB-Instance
Liferay-Portal
X-FB-TRIP-ID
X-Hl-Ver
Mime-Version
X-Times
ServedBy
X-Request-Time
X-Tumblr-Pixel-3
Xserver
X-Optimistic-Header
X-Cache-Debug
X-Redis-Cache
X-XRDS-LOCATION
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Buckets
X-Loop
X-CACHE-AGE
Upgrade-Insecure-Requests
X-TNCMS
Source
X-Origin-Date
X-GEO
X-NWS-UUID-VERIFY
X-Generated-By
X-Akamai-Transformed
X-Mg-Request-UUID
Countrycode
X-Varnish-Hits
CF-Cached-On
X-Uri
X-Director
X-Pass-Why
X-Tid
X-Varnish-Beresp-Ttl
X-Storage
X-Cdn
X-Tx-Id
X-TA-CDN-Provider
Xet-Cookie
X-Webkit-CSP-Report-Only
X-ARC
Frame-Options
X-Presslabs-Stats
X-Origin-TTL
X-DC
X-Origin-CC
X-FireWall-Port
X-Newrelic-Synthetics
X-Varnish-Cache-Hits
X-Service
X-ECache
X-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Esi
X-ShardId
X-App-Version
X-Storefront-Renderer-Rendered
X-Trace-ID
X-Sorting-Hat-ShopId
SID
X-Varnish-Hostname
X-Sorting-Hat-PodId
X-B3-Spanid
Environment
X-Endurance-Cache-Level
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Cache-Tv-Group
X-AIR-PT
X-Request-Host
Edge-Cache
X-Epic-Correlation-Id
X-External-Request-Id
X-Loc
X-INCAP-ABP
A
X-ServerID
X-Mid
X-Mobile-URL
BehaviorPad-Version
Candidate-Md5Url
DCR-Processing-Time-Ms
DCR-Decision-By
X-Frame-Option
X-Gdpr
X-Nyt-Route
Origin
X-A-Dcw
X-B-Cookie
X-A-Dgt
X-BBC-Edge-Cache-Status
Req-Svc-Chain
Release
Rendered-Blocks
X-Bc-Bl
X-Application
Sslversion
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Aed
X-A-Wwc
Surrogated-Key
T-Server
TDXMobile
Redirect-Candidate
X-BCube-Filmed-By
Host-ID
X-D
Lang
X-A
X-Destination
X-Ec-Fail
Gannett-Cam-Experience-Id
X-Developer
X-Core-Value
MD5-Digest
WWW-Authenticate
X-A-Dam
X-Cache-Info
X-Cache-NE
Odigeo-Trace-Id
Meta-Geo-Continent
X-CMSURLCustom
Ngx.Var.Host
X-Ec-GeoHdr
X-Processor
X-VG-TLSProxy
X-Vdms-Version
X-Rojux
X-We-Are-Hiring
X-A-Ccd
Xc-Version
X-Vdms-Path
X-S-Cookie
X-ScT
Server-Info
X-SRCache-Key
X-Thinkindot-L3
X-S-Maxage
X-TIM-N
X-Platform-Router
X-S
X-Origin-Time
X-Platform-Processor
X-Platform-Cluster
X-Test
X-DefHash
Tube-Got-Results
X-DefElseHash
X-CUA
Magicmarker
Tube-Get-Contents
X-SVT-ORM-VERSION
Tube-Got-Eval
X-SVT-ORM-RULES
Vix-Hermes-Req-Id
X-Sigma-Backend
DSUID
Decoy-Debug-TTL
Fastly-Backend-Name
X-Served-From
X-Core-Mission
X-Ec-Custom-Error
Tube-Return
X-Old-Content-Length
X-Developers
X-Varnish-CookieINHashed-On
State
X-WADP-Cache
X-Cache-Bucket
X-WA-Info
X-Worker
X-WP-CF-Super-Cache-Active
X-Auto-Login
Server-Host
Memcached
X-Pubstack
X-VServer
X-Varnish-Remaining-TTL
X-Level-Front-Cache
X-Clara-WADP
X-Cdn-Srv
X-Akamai-Device-Characteristics
X-Generated-On
Decoy-Debug-Status
X-Cdn-Origin
X-Varnish-CookieHashed-On
X-Sn-Servicetimems
X-Has-Esi
X-Httpd
X-Human
Apple-News-Services-Handled
Apple-News-Services-Host
C-Via
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Is-Gdpr
X-JWT-State
X-Platform-Server
X-NodeID
X-Origin-Response-Time
X-Req
X-Location
Decoy-Debug-Key
X-Restarts
Cache-Host
X-Rocket-Build-Number
X-Sigma
Cluster
X-Gamma-Serve
Country-Code
X-SD-PageType
X-Fmm-Version
Click-Count-Action-Start
Click-Count-Error
X-SB
X-GeoIP-City
X-Geo-Header
X-RM-Cache-TTL
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
X-Planisys-CDN-Cache
X-Fetched-On
Svr
X-Planisys-CDN-Rules
X-Node-Id
Ssr
X-Bip
X-Accel-Expires-Debug
X-Origin
X-Accel-Buffering
X-Pool
X-Thanos
X-Planisys-CDN-TTL
X-Vmg-Version
X-Ad-Defer-Variation
X-Varnish-Beresp-Status
X-Conf
AKAMAI
X-Hash
X-Dispatcher-Number
X-Hnp-Log
X-HS-Content-Campaign-Id
X-DPWN-IS-SECURE
X-Scale
X-Gen-Mode
X-GeoIP
X-Up
X-Var-Ttl
X-Variation
X-LB-NoCache
X-Cache-Backend
X-Nananana
Cache-Key
X-Fastly-Backend
CloudFront-Viewer-Country
X-Date
X-Slack-Backend
X-Block-Status
X-Wix-Viewer-Type
X-Request-Start
X-Minions-Version
X-App
X-Cache-FS-Status
CacheControlHeader
Platform
Producers
Cache-Provider
Origin-CC
Server-Ext
Pics-Label
CDCHOST
NM-Fastcgi-Cache
Cmsid
Cmstype
Origin-EX
Gh-Request-Id
Server-Hostname
Mail-Subject
Kp-EeAlive
User-Cache-Control
Is-Eu
We-Hiring
Fastly-GeoIP-CountryCode
Web-Mar-Region
L
Adler-Geo
Sever-Int
X-Parent-Response-Time
X-Esi-Check
X-Forwarded-Site
Fastly-SSL
X-Ckpd-Fst-Backend
X-Device-Os
X-FC-Vary-Parameters
X-Org
X-Owner
X-Qloud-Router
X-HN
X-Region-Sid
X-Varnishpool
X-V-Cache
Cdn
X-Gzip
X-GeoIP-Region-Code
X-Men
X-Dispatcher-Server
X-NCache
X-Nginx-Cache-Key
X-GeoIP-Country-Code
X-Op-Id-All
X-Mvc-Supplant-Cachable
X-Azure-Ref-OriginShield
X-Cache-Tags
X-Refresh
X-CacheTTL
X-Platform
Wxu-Next-Commit
On-Server
X-Cache-Id
X-Server-IP
X-Slack-Shared-Secret-Outcome
Datacenter
NGX
PFcat
Wxu-Next-Hostname
X-Cached-By
X-VarnishDD-TTL
X-Irp-Debug
Wxu-Next-Region
X-CSRF-Token
X-Varnish-Ttl
X-Via-Popv
X-Via-Popn
Machine
Canary
X-Eu-Site
HA-Ipaddr
L5d-Success-Class
X-Via-Poph
X-Csrf-Jwt
Ha-Gx-Prefs
X-CGP
X-Servedbyhost
X-Aicache-OS
GeoIP-Latitude
HostName
X-Cache-Date
X-Mvc-Supplant-OutputCached
Env
X-HA-Backend
X-RCS-CacheZone
X-Cache-Remote
X-Tb-Optimization-Total-Bytes-Saved
Cdncip
Cdnsip
Server-ID
X-AK-Request-ID
X-Microcachable
X-Correlation-ID
X-VC
X-Mly-Id
X-Gateway-Cache-Key
X-Fpc
X-ZONE
X-API-Version
X-APP-VERSION
X-Gateway-Cache-Status
X-LB-ID
X-Gateway-Request-Id
X-Wa
X-Gateway-Skip-Cache
X-Zone
Load-Balancing
X-Fastly-Cache
Time
Cache
X-Nc
X-Generated-In
X-DataCenter
Memory
X-Webkit-CSP
Request-ID
Eomportal-Instance
X-Check-Cacheable
X-ND-Cache
X-Instance-Name
X-Origin-Expires
X-Via-NSCOPI
X-Vgn-Hpd-Variations-Key
X-Vc
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Response-By
Ngx-Var-Key
X-Micro-Cache
X-HS-Status
X-Release
X-Nf-Request-Id
OT-Force-Account-Verify
X-NewRelic-App-Data
Srvid
X-FL-EDGE
X-FL-QIT-DEBUG
Locid
X-Client-Ip
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-From
Expect-Staple
Hostname
X-VCL-Version
X-Api-Version
X-Edge-Pop
X-SIPLIST1
X-Request-URI
IsBot
X-Cache-Enabled
X-Via-CDN
X-CS
X-Srv
NtCoent-Length
X-Via-Edge
Edge-Copy-Time
AMP-Access-Control-Allow-Source-Origin
X-Via-SSL
X-Cache-NGX
X-Info
X-CSRF-TOKEN
Srv
X-NGINX-Cache
X-Via-JSL
X-Provided-By
GeoIp-Country-Code
True-Client-Ip
Uri
X-MCACHE
X-Proxy-CacheRZ
XkeyRZ
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Lambda-Id
True-Client-IP
Location
X-Dc
X-EC-Lua
CPC-Cache
X-B3-SpanId
X-Air-Pt
CPC-Age
Path
X-Cache-Expires
VNS-Cache
X-Render-Time
X-Vtex-Remote-Cache
VNS-Age
GeoIP-Country-Code
Sid
X-Vcl-Version
X-Cs
X-Oss-Object-Type
X-Oss-Request-Id
X-Edge-POP
X-Oss-Hash-Crc64ecma
Servername
Resin-Trace
X-Oss-Server-Time
X-Oss-Storage-Class
X-Server-ID
X-VCT
X-TH-Server
Cross-Origin-Opener-Policy-Report-Only
X-Fastly-Country-Code
X-RateLimit-Reset
Fastly-Drupal-Html
CDN
X-CLOUD-TRACE-CONTEXT
Traceparent
X-Moov-T
X-Moov-Xdn-Version
X-Varnish-Authentication
LB
X-ATG-Version
Esi-Enabled
X-MSEdge-Flight
X-Cdn-Request-ID
X-MSEdge-Features
X-Viewer-Country
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Scheme
X-Accel-Version
X-TX-ID
X-PERF
X-ApacheServer
YJS-ID
X-Datacenter
Timeexpire
M-TraceId
X-Pod-Name
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
X-Upstream-Ct
X-Upstream-Ht
X-Udemy-Cache-App-Namespace
FSS-Cache
X-FPC
Powered-By
Rip
CountryCode
X-NAPM-TraceId
X-Cache-Type
X-RateLimit-Remaining-Second
X-CF-Lambda-Fn
X-RateLimit-Limit-Second
X-CF-Lambda-Version
X-Datadome
X-PAYTM-SRV-ID
Sm-Log-Id
X-Service-Response-Time
X-WA
X-SERVER-NAME
HIT
X-Lb-Id
X-Cdn-Cache-Status
X-Geo
XServer
X-Xrds-Location
X-NC
Tracecode
X-Srcache-Store-Status
X-Wikidot-Static-Cache
Proxy-Connection
V-Age
True-Client-Country-4JS
X-Wikidot-Backend
X-CDN-Cache-Status
RNT-Time
RNT-Machine
Ohc-File-Size
Server-Id
X-Clientip
X-CACHE-KEY
X-Srcache-Fetch-Status
N-Cache
X-Hyper-Cache
X-Forwarded-Path
Epwk-X-Cache
X-Bl-Debug
X-Orig-Expires
X-Shop-Environment
ENV
X-Tenant
XM
X-TraceId
X-LiteSpeed-Cache-Control
X-VG-WebCache
X-ServedByHost
X-MP-GENERATED-AT
WZWS-RAY
Ngx
Geoip-Latitude
X-Ha-Backend
X-Cdn-Forward
X-B3-Trace-ID
X-B3-Parentspanid
Yjs-Id
X-M-Log
X-M-Reqid
X-Amz-Meta-Opti
X-MiniProfiler-Ids
X-Rebelmouse-Cache-Control
Inserted-Into-Cache-At
X-Cdn-Diag
X-Vgn-Hpd-Reason
Content-Script-Type
X-B3-ParentSpanId
Content-Style-Type
User-Agent
X-Rebelmouse-Surrogate-Control
MIME-Version
X-Serial
X-App-Name
X-Fastly-Backend-Reqs
X-Swift-Error
X-Via-PopV
Ec-Rule-Version
X-Qnm-Cache
X-Dw-Trace-Id
X-Via-PopN
X-Policy
X-Via-PopH
X-Lb-Nocache
X-Wp-Cf-Super-Cache
X-Iplb-Instance
X-Iplb-Request-Id
X-Wp-Cf-Super-Cache-Cache-Control
X-TT-LOGID
X-Lsadc-Cache
X-F-Status
Req-ID
X-Ramcache
Lb
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Site
X-Acquia-Purge-Tags
Pramga
My-App
X-Request-URL
X-UP
X-Cache-Ngx
Warning
Cneonction
X-LiteSpeed-Tag
X-Mid-Debug-Cache-Key
X-Snapshot-Date
Expiry
X-IPS-Cached-Response
X-Th-Server
X-Mid-Debug-Cache-Disk
X-Stale
X-Connection-Hash