Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
X-XSS-Protection
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-Id
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-CDN
X-AspNetMvc-Version
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
Cf-Apo-Via
X-Device
Cf-Railgun
X-Dns-Prefetch-Control
X-Server-Id
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Ruxit-JS-Agent
X-Readtime
X-Cache-Lookup
X-HW
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-CST
X-WebKit-CSP-Report-Only
Accept-Ch-Lifetime
Content-Location
X-Content-Type
X-Country
X-Mcache
X-Url
X-MS-InvokeApp
X-Clacks-Overhead
Rating
X-ECACHE
X-Midtier
X-Amz-Server-Side-Encryption
X-PC
X-Vname
X-TtlSet
RTSS
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
Origin-Trial
X-Litespeed-Cache
Verso
X-Server-Name
X-Exp-Variant
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Ac
X-Use-Magma
X-ESI
X-Varnish-TTL
X-B3-TraceId
X-Rack-Cache
X-Cnection
X-Powered-By-Plesk
Service-Worker-Allowed
X-Ttl
X-GitHub-Request-Id
Xkey
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
X-Cache-TTL
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
Edge-Control
X-NWS-LOG-UUID
X-Cached
X-Px
Arr-Disable-Session-Affinity
X-Mg-S
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Browser-Type
SPIisLatency
SPRequestDuration
X-Upstream
X-Cache-Key
X-Correlation-Id
X-Middleton-Display
Display
Pagespeed
X-Sol
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastcgi-Cache
X-NF-Request-ID
Access-Control-Request-Method
Edge-Cache-Tag
X-Goog-Hash
X-Country-Code
Front-End-Https
X-XRDS-Location
X-Daa-Tunnel
X-Forwarded-For
X-Version
Public-Key-Pins
X-RateLimit-Remaining
AR-CACHE
AR-ATIME
X-Powered-CMS
AR-PoweredBy
AR-Request-ID
AR-SID
TCN
X-Id
X-HP-Trace-Id
X-T
X-HP-Webp
X-Jurisdiction
X-MSEdge-Ref
X-Recruiting
X-Content-Digest
X-Accel-Expires
X-Middleton-Response
Response
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Ser
TP-L2-Cache
TP-Cache
X-Amzn-Trace-Id
Nginx-Cache
S
X-Request-Received
X-Request-Processing-Time
X-Hits
X-HS-Cache-Config
X-HS-Hub-Id
Server-Node
X-HS-Content-Id
X-HS-Combine-CSS
Cache-Status
X-Distributor
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-Edge-Location-Klb
X-Kinsta-Cache
Cache-Tags
X-Ratelimit-Limit
Fastcgi-Cache
X-Grace
Alternate-Protocol
Server-Name
X-Ezoic-Cdn
X-Protected-By
X-Origin-Server
X-DIS-Request-ID
X-LB-Cache
X-Ratelimit-Reset
X-Ua-Browser
X-DataDome
X-Geo-Country
X-Request-Handler-Origin-Region
X-FastCGI-Cache
X-Frontend
X-Microsite
X-Rid
X-Ratelimit-Remaining
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Cross-Origin-Opener-Policy
X-Debug-Info
Filterid
X-Git-Hash
Cleartype
Healthy
X-Varnish-Backend
Payment
X-FB-Debug
X-Forwarded-Proto
X-Www-Served-By
X-Logged-In
X-Page-Id
X-Load-Cache
X-Webkit-Csp
X-NGENIX-Cache
X-ASPNET-VERSION
Charset
X-LLID
X-B3-Sampled
DC
X-Hostname
X-Cluster-Name
X-Origin-Cache
X-VCache
Content-Disposition
X-TTL
X-Ruxit-Js-Agent
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MS-Author-Via
X-Goog-Metageneration
X-GUploader-UploadID
X-PressLabs-Stats
X-Upgrade-Enabled
Access-Control-Allow-Method
Retry-After
Accept-Ch
X-Proxy
X-F-Cache
Accept-Charset
Cross-Origin-Resource-Policy
X-Type
X-Activity-Id
X-AppVersion
Paypal-Debug-Id
X-Amz-Replication-Status
X-Az
X-Revision
X-Oracle-Dms-Rid
X-Contextid
X-Oracle-Dms-Ecid
X-Signature
X-B-Cache
X-Amz-Meta-S3cmd-Attrs
X-Providence-Cookie
X-Aspnet-Duration-Ms
Viewport
X-Seen-By
X-Azure-Ref
X-Hosted-By
X-Request-Guid
X-Is-Crawler
X-Route-Name
X-Flags
X-Varnish-Server
X-ORACLE-DMS-ECID
X-Wix-Request-Id
X-ORACLE-DMS-RID
X-Fb-Rlafr
X-Aspnetmvc-Version
X-App-Environment
Realpath
X-DynaTrace
X-Whom
X-TT
X-B
Amp-Access-Control-Allow-Source-Origin
Surrogate-Key
Count-Hit
X-Source
Referer-Policy
X-RateLimit-Limit
X-Akamai-Edgescape
X-Language
X-App-Server
X-Mobile
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-B3-Traceid
X-Template
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Cache-Control
Host
X-Varnish-Grace
X-EdgeConnect-Cache-Status
X-HTML-Minification-Powered-By
Version
X-N
X-Magnolia-Registration
X-Cache-Rule
SRV
X-Response-Served-From
X-Original-Request-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Varnish-Age
X-UUID
X-RTag
Access-Control-Request-Headers
X-Envoy-Decorator-Operation
X-Cache-Status-Check
X-Cache-Time
Refresh
Section-Io-Cache
SD-X-WS
Ms-Operation-Id
VIX-Pulpo-Node
X-Rule
VIX-Pulpo-Upstream-Status
MS-CV
Akamai-GRN
X-Cache-Expired-At
X-FW-Server
X-RemovedCookies
X-FW-Version
X-Page-View
X-Cache-Grace
X-Jobs
X-ProcessESI
X-L-Path
X-FW-Static
X-FW-Type
X-Status
X-FW-Serve
X-Environment-Context
X-FW-Dynamic
X-Framework
X-Cacheable-TTL
X-FW-Hash
Protected
X-Rendered-As
X-Content-Powered-By
X-Servername
GEO-INFO
X-Is-Bot
X-Adobe-Content
X-Adobe-Loc
Url
X-Http-Reason
X-Instance
X-Device-Type
X-Backend-Name
X-Cache-Age
X-User-Agent
X-Akamai-Request-ID2
X-NYM-Debug-Backend
X-G
NGB
X-Debug-IsPreview
X-Trace-Id
X-Debug-IsConnected
X-CDN-Forward
X-Drupal-Cache-Contexts
X-COUNTRY
X-Drupal-Cache-Tags
X-Newrelic-App-Data
CDN-RequestId
From-Origin
WPO-Cache-Message
WPO-Cache-Status
X-Nginx-Cache
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Region
X-Cache-Hit
Accept-Language
Front
X-Tb
Country
X-Tt-Logid
X-Node-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Fastly-Request-Id
Backend
X-Real-IP
X-Content-Options
Fastly-SIE
Fastly-SWR
X-TIME
X-Tec-Api-Root
X-Unique-Id
X-Tec-Api-Origin
X-Buckets
Uber-Trace-Id
X-Tec-Api-Version
X-Mode
Fastly-Drupal-HTML
X-VC-Cache
X-Cache-Operation
X-Zen-Fury
Content-Secure-Policy
X-Times
X-DynaTrace-JS-Agent
X-Tumblr-Pixel-2
X-Rewrite-Enabled
Filters
X-Generation-Time
X-RN-RSRV
X-UPSTREAM-Address
Meta-Geo
X-Access
Webserver
X-Section
X-Format
Azure-RegionName
Azure-InstanceId
X-Web-Node
Azure-Version
CF-IPCountry
Onion-Location
X-Rocket-Nginx-Serving-Static
X-Amzn-Remapped-Content-Length
X-Cache-Server
Azure-SlotName
Azure-SiteName
X-Proxy-Cache-Info
Webcakes-App-Name
Webcakes-App-Version
Cache-Hits
X-IPS-LoggedIn
X-Sucuri-Cache
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Locale
TWC-Locale-Group
TWC-Privacy
Webcakes-Region
X-Sucuri-ID
X-Varnish-Beresp-Grace
X-PHP-Backend
X-Sql-Duration-Ms
X-Adobe-Source
X-Content-Age
X-SayCDN-TTL
X-Skip-Cache
X-Debug
Property-Id
X-Soup
X-Sql-Count
X-Origin-Hint
TWC-Connection-Speed
X-Cache-Host
X-Cache-Action
X-Cache-TTL-Remaining
X-Say-Cacheable
X-Say-TTL
X-Server-W
S-Rt
DB-Nickname
ServerID
X-UA-Device-Type
X-Cluster-Node
X-Ms-Request-Id
X-Via-Fastly
X-Forwarded-Host
X-Handled-By
X-Proxy-Cache-Status
X-Ms-Version
X-Proto
X-Ua
X-Site-Version
X-Reqid
X-R9-Blue-Green-Version
X-Edge-Location
Web-Mar-Node
X-Cms-Context
X-URL
X-Air-Trace-Id
X-Air-Source
Apigw-Requestid
X-Air-Hostname
Cache-Name
X-LSADC-Cache
X-PHP-Host
X-Proxy-Build
X-Proxied
X-Labrador-Cache-Channel
X-FB-TRIP-ID
X-Extlb
X-GeoCode
X-GeoCountry
X-Routing-Service
X-JoinUs
X-LAGOON
X-Urbn-Context-Path
X-LJ-Flow-ID
X-IPLB-Request-ID
X-ProxyCache-Key
X-ProxyCache-Status
ServedBy
X-VWS-Id
X-IPLB-Instance
X-Cluster
X-Detected-As
X-Timing-Wait
X-Urbn-Site-Id
X-Zipkin-Id
X-BYPASS-REASON
X-AWS-Id
X-SaId
CDN-EdgeStorageId
CDN-Cache
CDN-Uid
Mn-Server-Ip
CDN-CachedAt
CDN-PullZone
Selected-Fe
Cross-Origin-Window-Policy
Locale
CDN-RequestCountryCode
X-No-Session
WP-Super-Cache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Xfnlog-Site
Node
Fastcgi-Useragent
Mime-Version
X-Time
X-ECache
Liferay-Portal
X-SRV
X-XRDS-LOCATION
X-Tumblr-Pixel-3
X-Optimistic-Header
X-Hl-Ver
X-Request-Time
X-CACHE-AGE
Source
X-Oneagent-Js-Injection
X-Redis-Cache
X-Cache-Debug
X-Origin-Date
X-Presslabs-Stats
X-Loop
X-TNCMS
Upgrade-Insecure-Requests
Xserver
X-Uri
X-GEO
X-Mg-Request-UUID
X-Generated-By
CF-Cached-On
X-Varnish-Hits
X-Akamai-Transformed
X-Director
Xet-Cookie
Countrycode
X-TA-CDN-Provider
X-Pass-Why
X-ARC
X-NWS-UUID-VERIFY
X-Tx-Id
X-Newrelic-Synthetics
Frame-Options
X-Varnish-Beresp-Ttl
X-FireWall-Port
X-Tid
X-Origin-TTL
X-Varnish-Ttl
X-Storage
X-Origin-CC
X-Varnish-Cache-Hits
X-Service
Cache-Tv-Group
X-App-Version
X-Varnish-Hostname
X-Alternate-Cache-Key
X-DC
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-RM-Cache-TTL
X-Endurance-Cache-Level
Environment
X-ServerID
Rendered-Blocks
Req-Svc-Chain
Release
Origin
Redirect-Candidate
Edge-Cache
BehaviorPad-Version
Candidate-Md5Url
X-Rojux
X-Served-From
A
X-S-Maxage
X-S-Cookie
X-S
DCR-Decision-By
DCR-Processing-Time-Ms
Meta-Geo-Continent
X-Processor
Ngx.Var.Host
Memcached
MD5-Digest
Gannett-Cam-Experience-Id
Host-ID
Lang
Odigeo-Trace-Id
X-A-Wwc
X-D
X-Nyt-Route
X-Destination
X-Developer
X-Core-Value
X-Conf
X-BCube-Filmed-By
X-Cache-Info
X-Cache-NE
X-CMSURLCustom
X-Ec-Fail
X-Ec-GeoHdr
X-Level-Front-Cache
X-Loc
X-Mobile-URL
X-Mid
X-INCAP-ABP
X-Generated-On
X-Epic-Correlation-Id
X-External-Request-Id
X-Gdpr
X-Bc-Bl
X-BBC-Edge-Cache-Status
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Platform-Cluster
TDXMobile
T-Server
X-Platform-Processor
Sslversion
Surrogated-Key
WWW-Authenticate
X-A
X-Aed
X-Origin-Time
X-Application
X-B-Cookie
X-SRCache-Key
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Platform-Router
X-ScT
X-B3-Spanid
X-VG-TLSProxy
X-Thinkindot-L3
X-Vdms-Path
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-TIM-N
X-We-Are-Hiring
X-Datadog-Parent-Id
X-Datadog-Sampled
Xc-Version
X-Vdms-Version
X-Request-Host
Server-Info
X-Test
SID
X-Core-Mission
X-CUA
X-Pool
X-Frame-Option
X-Vmg-Version
X-Httpd
X-VServer
Fastly-GeoIP-CountryCode
X-WA-Info
Magicmarker
X-Location
X-Ec-Custom-Error
X-Developers
X-Fetched-On
Fastly-Backend-Name
X-Clara-WADP
X-Bip
X-Cache-Bucket
X-Org
Cache-Host
X-Auto-Login
X-SVT-ORM-RULES
Vix-Hermes-Req-Id
X-Akamai-Device-Characteristics
X-Origin-Response-Time
X-WP-CF-Super-Cache-Active
State
Server-Host
X-Old-Content-Length
X-Platform-Server
X-Gamma-Serve
X-Cdn-Srv
Ssr
X-Worker
X-Cdn-Origin
X-WADP-Cache
X-Fmm-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Varnish-Beresp-Status
Cache-Key
X-HS-Content-Campaign-Id
X-Human
X-Rocket-Build-Number
Apple-News-Services-Handled
AKAMAI
X-Sigma-Backend
X-SVT-ORM-VERSION
X-Sn-Servicetimems
X-Sigma
X-Thanos
X-Is-Gdpr
X-JWT-State
X-SD-PageType
X-Has-Esi
C-Via
X-GeoIP-City
Cluster
X-Geo-Header
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
CloudFront-Viewer-Country
Country-Code
DSUID
Section-Io-Id
X-Parent-Response-Time
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Kp-EeAlive
X-Accel-Expires-Debug
Gh-Request-Id
X-Cache-FS-Status
X-Node-Id
X-Block-Status
Mail-Subject
X-App
We-Hiring
X-LB-NoCache
X-Azure-Ref-OriginShield
X-Accel-Buffering
X-Nananana
X-Hash
X-GeoIP
X-GeoIP-Country-Code
X-Hnp-Log
X-GeoIP-Region-Code
X-DefElseHash
X-Date
X-Nginx-Cache-Key
X-Device-Os
X-Dispatcher-Number
X-Fastly-Backend
X-DefHash
X-Op-Id-All
X-Pubstack
X-NCache
X-Gen-Mode
X-NodeID
Wxu-Next-Region
Tube-Get-Contents
X-Varnishpool
NGX
Machine
X-Varnish-Remaining-TTL
X-Qloud-Router
L
On-Server
Wxu-Next-Hostname
X-Wix-Viewer-Type
Sever-Int
Server-Hostname
Server-Ext
Origin-EX
Pics-Label
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
CDCHOST
X-V-Cache
Cache-Provider
X-SB
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Restarts
Click-Count-Action-Start
X-Req
X-Region-Sid
X-Var-Ttl
Datacenter
Click-Count-Error
Svr
Origin-CC
Tube-Got-Eval
Tube-Got-Results
X-Planisys-CDN-TTL
Tube-Return
Wxu-Next-Commit
CacheControlHeader
Web-Mar-Region
X-Owner
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
User-Cache-Control
X-AIR-PT
Is-Eu
Cmsid
X-Esi-Check
NM-Fastcgi-Cache
X-Ad-Defer-Variation
X-Gzip
X-Refresh
Cmstype
PFcat
X-VarnishDD-TTL
Adler-Geo
X-Request-Start
X-Forwarded-Site
Fastly-SSL
X-Variation
X-DPWN-IS-SECURE
Platform
X-Cache-Backend
X-HN
X-Mvc-Supplant-Cachable
Producers
Canary
X-FC-Vary-Parameters
X-Cache-Id
X-Ckpd-Fst-Backend
X-Irp-Debug
X-Men
X-Server-IP
X-Cache-Tags
X-Dispatcher-Server
X-Origin
X-CacheTTL
X-Cache-Date
X-Minions-Version
X-Scale
X-Up
X-Webkit-CSP-Report-Only
L5d-Success-Class
Ha-Gx-Prefs
HA-Ipaddr
X-Platform
X-Csrf-Jwt
X-Cache-Remote
X-Trace-ID
X-Microcachable
X-CGP
X-Aicache-OS
X-Eu-Site
X-Esi
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Mvc-Supplant-OutputCached
X-Cached-By
X-CSRF-Token
Env
Cdn
GeoIP-Latitude
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
X-Mly-Id
X-RCS-CacheZone
Load-Balancing
X-HA-Backend
HostName
Server-ID
X-AK-Request-ID
X-Fastly-Cache
Cdncip
Cdnsip
X-Zone
X-Nc
X-Origin-Expires
X-Instance-Name
X-ND-Cache
X-DataCenter
X-VC
X-Webkit-CSP
X-ZONE
X-Vc
X-Gateway-Cache-Status
X-Wa
X-HS-Status
Time
X-API-Version
X-Gateway-Cache-Key
X-APP-VERSION
X-Api-Version
X-Gateway-Skip-Cache
X-Gateway-Request-Id
Memory
X-Response-By
X-Fpc
X-Release
Cache
Locid
X-From
Srvid
X-FL-EDGE
X-LB-ID
X-Via-NSCOPI
Expect-Staple
X-FL-QIT-DEBUG
X-Generated-In
X-CS
X-Correlation-ID
Hostname
X-Cache-Enabled
X-Edge-Pop
X-Hcs-Proxy-Type
Eomportal-Instance
X-NGINX-Cache
X-Client-Ip
X-Check-Cacheable
X-CCDN-CacheTTL
X-CCDN-Origin-Time
NtCoent-Length
X-Via-CDN
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
Ngx-Var-Key
GeoIp-Country-Code
X-Micro-Cache
X-Provided-By
X-CSRF-TOKEN
X-NewRelic-App-Data
X-Srv
OT-Force-Account-Verify
X-Via-SSL
Edge-Copy-Time
X-Air-Pt
AMP-Access-Control-Allow-Source-Origin
X-Via-Edge
XkeyRZ
X-Proxy-CacheRZ
X-Amz-Meta-Cb-Modifiedtime
X-Lambda-Id
X-Debug-Cache-Store
X-MCACHE
X-Request-URI
True-Client-IP
IsBot
X-SIPLIST1
X-Debug-Cache-Fetch
X-Via-JSL
X-Dc
X-Vcl-Version
X-VCL-Version
X-Info
X-Cache-NGX
X-Nf-Request-Id
Sid
X-Vtex-Remote-Cache
X-Render-Time
VNS-Cache
CPC-Cache
VNS-Age
CPC-Age
X-EC-Lua
X-B3-SpanId
True-Client-Ip
Uri
Path
Srv
X-Cs
Location
Fastly-Drupal-Html
X-VCT
Resin-Trace
X-Server-ID
Request-ID
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Cache-Expires
CDN
X-TH-Server
X-Oss-Request-Id
X-ATG-Version
X-Fastly-Country-Code
X-Datadome
GeoIP-Country-Code
X-MSEdge-Features
Cross-Origin-Opener-Policy-Report-Only
Esi-Enabled
X-MSEdge-Flight
X-CLOUD-TRACE-CONTEXT
X-Edge-POP
X-Cache-ASPX
X-Contensis-Viewer-Groups
Servername
X-Varnish-Authentication
YJS-ID
M-TraceId
X-Accel-Version
X-Varnish-Beresp-TTL
X-Upstream-Ht
X-Upstream-Ct
X-Cache-Type
X-TX-ID
X-FPC
Traceparent
X-CF-Lambda-Fn
X-Moov-T
Timeexpire
X-Pod-Name
X-RateLimit-Limit-Second
X-Scheme
X-PAYTM-SRV-ID
X-RateLimit-Remaining-Second
X-Moov-Xdn-Version
X-CF-Lambda-Version
X-Cdn-Request-ID
X-Datacenter
X-ApacheServer
X-PERF
X-Lb-Id
X-RateLimit-Reset
Sm-Log-Id
X-Viewer-Country
CountryCode
LB
XServer
X-Service-Response-Time
X-Akamai-Pragma-Client-IP
X-Udemy-Cache-App-Namespace
N-Cache
HIT
X-SERVER-NAME
X-WA
X-Wikidot-Backend
X-CDN-Cache-Status
X-Wikidot-Static-Cache
Server-Id
X-Cdn-Cache-Status
X-Cache-Ttl
X-Geo
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-CACHE-KEY
FSS-Cache
X-Tenant
X-Orig-Expires
Proxy-Connection
Ohc-File-Size
X-Bl-Debug
X-Shop-Environment
RNT-Time
Powered-By
X-Forwarded-Path
X-NC
RNT-Machine
X-NAPM-TraceId
X-Ha-Backend
X-TraceId
ENV
X-MP-GENERATED-AT
Rip
Epwk-X-Cache
X-LiteSpeed-Cache-Control
X-ServedByHost
Yjs-Id
Geoip-Latitude
X-Clientip
X-Amz-Meta-Opti
X-Dw-Trace-Id
X-B3-Trace-ID
X-Policy
True-Client-Country-4JS
V-Age
WZWS-RAY
X-Cdn-Forward
Tracecode
X-Hyper-Cache
X-App-Name
X-M-Log
X-M-Reqid
X-Acquia-Purge-Tags
X-Acquia-Site
X-RAMCache
X-Acquia-Application-UUID
Content-Script-Type
X-Snapshot-Date
X-Qnm-Cache
Content-Style-Type
X-Acquia-Application-Trace
X-Serial
X-Via-PopV
X-VG-WebCache
X-UP
Ngx
X-Via-PopN
X-Via-PopH
User-Agent
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Vgn-Hpd-Reason
X-Fastly-Backend-Reqs
X-B3-Parentspanid
Inserted-Into-Cache-At
XM
X-Swift-Error
X-B3-ParentSpanId
X-Lb-Nocache
Ec-Rule-Version
X-Wp-Cf-Super-Cache
X-TT-LOGID
X-F-Status
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-Webstats-RespID
Hit
X-Fastly-Cache-Hits
Lb
X-Request-URL
Cneonction
Warning
MIME-Version
My-App
X-LiteSpeed-Tag
X-IPS-Cached-Response
X-Cache-Ngx
X-Mid-Debug-Cache-Disk
X-Mid-Debug-Cache-Key
X-Th-Server
X-MiniProfiler-Ids
X-Stale