Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Server-Timing
X-XSS-PROTECTION
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Robots-Tag
X-Backend
X-Cache-Group
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Proxy-Cache
X-Hacker
X-Server
X-Rq
X-UA-Device
X-Server-Powered-By
X-Age
Allow
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
EagleId
X-Amz-Version-Id
X-Dispatcher
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
P3p
Nel
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
Accept-CH
X-Pingback
X-Node
X-Host
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-OneAgent-JS-Injection
X-Backend-Server
X-CST
X-Readtime
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Cache-Lookup
X-Content-Security-Policy-Report-Only
Permissions-Policy
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
X-Response-Time
X-Edge
Accept-CH-Lifetime
X-HW
Accept-Ch-Lifetime
X-Ua-Compatible
Content-Location
X-Mod-Pagespeed
X-Clacks-Overhead
X-Url
X-Oneagent-Js-Injection
X-Midtier
X-Litespeed-Cache
X-Ruxit-JS-Agent
Rating
X-ESI
X-Mcache
X-Amz-Server-Side-Encryption
X-ECACHE
X-Country
X-Upstream
Xkey
X-Vname
X-PC
X-TtlSet
X-Vcap-Request-Id
X-Rack-Cache
Cache-Tag
X-D2id
X-MS-InvokeApp
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Element-Page-Cache
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
Verso
Fastly-Restarts
Edge-Control
RTSS
X-Powered-By-Plesk
X-Cache-TTL
X-Ruxit-Js-Agent
X-VARITI-CCR
Origin-Trial
X-Content-Type
X-Ac
X-Navigation-Version
X-Abt-Application-Version
X-Cached
X-Goog-Hash
Accept-Ch
Service-Worker-Allowed
X-Ttl
X-GitHub-Request-Id
X-Country-Code
X-Amz-Rid
X-Middleton-Display
Display
Pagespeed
X-Sol
X-WebKit-CSP-Report-Only
X-Mg-S
X-Browser-Type
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Server-Name
Cross-Origin-Opener-Policy
X-B3-TraceId
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
AR-SID
Response
AR-ATIME
X-Powered-CMS
AR-PoweredBy
AR-Request-ID
X-Middleton-Response
X-Amzn-Trace-Id
SPRequestDuration
SPIisLatency
X-Cache-Key
X-Ua-Device
X-Varnish-TTL
AR-CACHE
X-Fastly-Request-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Cnection
X-ORACLE-DMS-ECID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-ORACLE-DMS-RID
X-Webkit-CSP
X-Version
X-Accel-Expires
Cache-Tags
X-Times
Cache-Status
X-T
Front-End-Https
X-Client-IP
X-MSEdge-Ref
Edge-Cache-Tag
X-Px
X-Ser
Pinterest-Generated-By
X-Pinterest-Rid
X-NF-Request-ID
Pinterest-Version
X-Fastcgi-Cache
Public-Key-Pins
X-Hits
Nginx-Cache
X-Recruiting
X-NWS-LOG-UUID
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Frontend
X-Shield-Request-Id
X-Request-Processing-Time
X-LLID
Server-Node
X-Ua-Browser
X-Request-Received
Payment
X-B3-Traceid
Access-Control-Request-Method
X-RateLimit-Remaining
X-DIS-Request-ID
TP-Cache
X-FastCGI-Cache
X-Kinja-CCPA
X-Webkit-CSP-Report-Only
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Goog-Metageneration
S
TP-L2-Cache
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
MicrosoftSharePointTeamServices
X-LB-Cache
X-Content-Digest
X-Webkit-Csp
X-Ratelimit-Remaining
X-PressLabs-Stats
X-Distributor
Content-MD5
X-RateLimit-Limit
Realpath
X-Request-Handler-Origin-Region
X-Microsite
X-Geo-Country
X-Hostname
X-Ezoic-Cdn
X-FB-Debug
Access-Control-Allow-Method
X-Page-Id
X-GUploader-UploadID
X-Forwarded-For
Fastcgi-Cache
X-Cluster-Name
Accept-Charset
X-Rid
X-Protected-By
X-Amzn-RequestId
X-Seen-By
X-Amz-Apigw-Id
X-Envoy-Decorator-Operation
TCN
X-Correlation-Id
Cleartype
X-B3-Sampled
X-Ratelimit-Limit
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
DC
X-Newrelic-App-Data
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Origin-Server
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Debug-Info
X-Mobile
Referer-Policy
X-Varnish-Backend
X-Git-Hash
X-Logged-In
Cross-Origin-Resource-Policy
X-Origin-Cache
X-XRDS-Location
X-Kinsta-Cache
X-Edge-Location-Klb
X-Azure-Ref
X-TTL
Alternate-Protocol
X-Varnish-Grace
X-Revision
X-Fb-Rlafr
X-Amz-Replication-Status
X-Contextid
X-Aspnet-Version
X-App-Environment
Surrogate-Key
X-Request-Guid
X-Aspnet-Duration-Ms
X-Flags
X-Grace
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
Healthy
Count-Hit
X-Content-Options
X-Amz-Meta-S3cmd-Attrs
X-TT
X-Server-ID
X-Wix-Request-Id
X-IPS-LoggedIn
X-Forwarded-Proto
X-Whom
Frame-Options
Charset
X-App-Server
MS-Author-Via
X-Hosted-By
WPO-Cache-Message
WPO-Cache-Status
X-Akamai-Edgescape
Filterid
Viewport
X-Id
X-Daa-Tunnel
X-Varnish-Ttl
Paypal-Debug-Id
X-Cache-Age
X-B
X-Backend-Name
X-Magnolia-Registration
Retry-After
Section-Io-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Trace-Id
X-F-Cache
X-Client-Ip
X-AppVersion
X-Activity-Id
X-Www-Served-By
X-Az
X-Cache-Control
X-Proxy-Cache-Info
Server-Name
X-Type
Refresh
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Server
X-Proxy
SRV
Version
X-EdgeConnect-Cache-Status
X-Response-Served-From
X-ARC
Host
X-Rule
VIX-Pulpo-Node
SD-X-WS
X-Instance
X-Http-Reason
X-Original-Request-Id
Akamai-GRN
X-Cache-Rule
VIX-Pulpo-Upstream-Status
X-Cache-Grace
X-Rocket-Nginx-Serving-Static
Front
X-Status
X-User-Agent
X-Akamai-Request-ID2
X-Varnish-Age
X-Edge-Location
Protected
X-Region
X-Framework
From-Origin
X-Jobs
X-Cacheable-TTL
X-UUID
X-Unique-Id
Access-Control-Request-Headers
Fastly-SWR
X-Cache-Time
Fastly-SIE
X-N
X-FW-Dynamic
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Type
X-Environment-Context
X-L-Path
X-FW-Version
X-FW-Hash
X-Rendered-As
X-Page-View
X-Oracle-Dms-Ecid
X-Is-Bot
X-RemovedCookies
X-G
X-Time
X-Tumblr-Pixel-1
X-Tumblr-User
X-Oracle-Dms-Rid
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-ProcessESI
X-App-Version
X-Upgrade-Enabled
X-Adobe-Content
X-RateLimit-Reset
X-Adobe-Loc
X-COUNTRY
X-Load-Cache
ServerID
X-Source
Content-Disposition
X-Language
Country
X-ECache
X-Vcache
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Drupal-Cache-Tags
X-Nf-Request-Id
X-CDN-Forward
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-HTML-Minification-Powered-By
X-Datadog-Sampled
Accept-Language
Countrycode
X-Amzn-Remapped-Content-Length
X-DynaTrace
X-DataDome
X-Mg-Request-UUID
X-Debug-IsPreview
X-Debug-IsConnected
X-Generated-By
X-DynaTrace-JS-Agent
Liferay-Portal
X-Xrds-Location
X-ID
X-WP-CF-Super-Cache
Backend
Xet-Cookie
X-WP-CF-Super-Cache-Cache-Control
Webserver
X-B-Cache
X-Signature
CF-IPCountry
X-Tt-Logid
X-B3-SpanId
X-Nginx-Cache
X-Httpd
X-Drupal-Cache-Contexts
X-Mode
X-Device-Type
X-NYM-Debug-Backend
X-Content-Powered-By
X-Zen-Fury
X-Servername
Xserver
Url
X-Content-Age
GEO-INFO
X-Erf-Web-Scheduler
X-Rewrite-Enabled
Azure-Version
X-Tb
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Load-Balancing
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Cache-Action
X-SaId
X-Cache-Operation
X-UPSTREAM-Address
X-Sucuri-ID
Azure-SlotName
Filters
X-Urbn-Context-Path
Fastcgi-Useragent
X-Sucuri-Cache
X-LAGOON
S-Rt
X-Container-Uri
X-JoinUs
X-Director
Onion-Location
X-Varnish-Cache-Hits
X-GeoCode
X-ServerID
Locale
X-Proto
Meta-Geo
X-Git-Commit
X-GeoCountry
X-Urbn-Site-Id
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Cluster-Node
X-Soup
X-Varnish-Hostname
X-PHP-Host
Uber-Trace-Id
X-RM-Cache-TTL
X-XRDS-LOCATION
X-Served-From
X-Generation-Time
Web-Mar-Node
X-VC-Cache
X-VCT
X-Cache-Server
X-Logging-Id
X-Routing-Service
X-Skip-Cache
X-RCS-CacheZone
X-Proxied
X-Origin-Hint
X-Sql-Count
X-Sql-Duration-Ms
TWC-Privacy
X-Zipkin-Id
Webcakes-App-Name
X-Storage
DB-Nickname
X-Ms-Version
Node
X-Extlb
X-FB-TRIP-ID
TWC-GeoIP-Country
X-Detected-As
TWC-GeoIP-LatLong
Webcakes-Region
TWC-Device-Class
X-Ms-Request-Id
Property-Id
Webcakes-App-Version
TWC-Connection-Speed
X-Adobe-Source
TWC-Locale-Group
Mn-Server-Ip
X-Proxy-Build
X-LSADC-Cache
X-Format
X-Debug
X-Fetched-On
Selected-Fe
X-R9-Blue-Green-Version
X-Tumblr-Pixel-3
X-Timing-Wait
X-Tumblr-Pixel-2
X-Ratelimit-Reset
X-Uri
X-Lambda-Id
X-Tec-Api-Origin
CDN-RequestId
X-Tec-Api-Version
X-Tec-Api-Root
Source
X-MP-GENERATED-AT
OT-Force-Account-Verify
X-Origin-Date
X-Template
Fastly-Drupal-HTML
X-Cache-Expired-At
X-Loop
X-Cache-Hit
X-Tncms
X-Via-JSL
X-NGENIX-Cache
X-Varnish-Hits
X-Srv
X-MCACHE
Content-Secure-Policy
X-Endurance-Cache-Level
X-Ua
X-Node-Name
X-Pass-Why
X-AIR-PT
X-Redis-Cache
Upgrade-Insecure-Requests
Cross-Origin-Window-Policy
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Pubstack
X-Real-IP
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Server-W
X-Origin-CC
Section-Origin-Responded
Section-Io-Origin-Status
X-Origin-TTL
NGB
X-Hcs-Proxy-Type
X-Fastly-Request-Id
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Cache-Hits
X-PHP-Backend
X-Cache-Host
X-S
X-GEO
X-CSRF-Token
Cache-Name
Cache-Provider
X-IPLB-Instance
X-IPLB-Request-ID
X-Restarts
Apigw-Requestid
X-Optimistic-Header
X-Xfnlog-Site
X-Cms-Context
X-Reqid
X-Datadome
X-Cache-Type
X-Rn-Rsrv
X-Hl-Ver
MS-CV
X-RTag
Ms-Operation-Id
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
CDN-EdgeStorageId
X-ProxyCache-Key
X-ProxyCache-Status
X-No-Session
CDN-Cache
X-BYPASS-REASON
CDN-CachedAt
X-TimeS
X-Akamai-Transformed
X-Newrelic-Synthetics
X-Aspnetmvc-Version
X-Cluster
X-AWS-Id
X-Via-Fastly
X-LJ-Flow-ID
X-VWS-Id
X-Date
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-D
X-Conf
X-CF-Lambda-Version
X-CGP
W
Server-Host
MD5-Digest
Mail-Subject
X-Csrf-Jwt
Vix-Hermes-Req-Id
X-Ec-Custom-Error
Gannett-Cam-Experience-Id
X-Ec-Fail
Fastly-SSL
X-Ec-GeoHdr
Sslversion
Magicmarker
Fastly-Backend-Name
VNS-Cache
Gh-Request-Id
True-Client-Country-4JS
VNS-Age
X-Dispatcher-Number
X-Developer
X-Destination
T-Server
Candidate-Md5Url
X-Aed
L5d-Success-Class
HA-Ipaddr
DCR-Decision-By
DCR-Processing-Time-Ms
X-Application
Ha-Gx-Prefs
Canary
X-Accel-Expires-Debug
Rendered-Blocks
X-A-Ccd
X-A-Dam
CPC-Age
Meta-Geo-Continent
L
X-A-Dcw
X-Accel-Buffering
X-A-Wwc
X-A-Dgt
X-B-Cookie
Fastly-GeoIP-CountryCode
X-CacheTTL
Web-Mar-Region
X-Cache-NE
X-Cache-Info
X-Cdn-Diag
We-Hiring
X-CF-Lambda-Fn
Odigeo-Trace-Id
CPC-Cache
Redirect-Candidate
Lang
BehaviorPad-Version
X-Bc-Bl
N-Cache
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-Bucket
Ngx.Var.Host
X-A
Surrogated-Key
X-Is-Gdpr
X-CACHE-AGE
X-Orig-Expires
X-TIM-N
X-Origin-Time
X-Access
X-Section
X-Nyt-Route
X-Vdms-Path
X-Mvc-Supplant-Cachable
X-Slack-Shared-Secret-Outcome
X-TA-CDN-Provider
X-Epic-Correlation-Id
X-Policy
X-ScT
X-SRCache-Key
X-SD-PageType
X-Shop-Environment
X-Slack-Backend
X-S-Cookie
X-Rojux
X-Tenant
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Request-Host
X-Vdms-Version
X-Var-Ttl
X-Wikidot-Static-Cache
X-Has-Esi
X-Wikidot-Backend
X-Forwarded-Path
X-JWT-State
Xc-Version
X-Wix-Viewer-Type
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Gdpr
X-We-Are-Hiring
X-Vtex-Remote-Cache
X-Irp-Debug
X-VG-WebCache
X-Viewer-Country
X-Eu-Site
X-Worker
X-External-Request-Id
X-FC-Vary-Parameters
X-Fastly-Backend
X-Parent-Response-Time
Platform
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Thanos
TDXMobile
X-VServer
X-Vmg-Version
X-Variation
X-Varnishpool
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Test
Release
X-Thinkindot-L3
Thinkindot-Control
X-SVT-ORM-VERSION
X-Platform
X-CMSURLCustom
X-Core-Mission
X-INCAP-ABP
Origin
X-Clientip
X-Loc
X-Level-Front-Cache
X-Human
X-Hash
X-Forwarded-Site
X-Esi-Check
X-Generated-On
X-Geo-Header
X-Handled-By
X-Gzip
X-Cdn-Origin
X-Mid
X-ApacheServer
X-PERF
X-Pool
X-Qloud-Router
X-S-Maxage
X-Request-Time
X-PAYTM-SRV-ID
X-Owner
X-Cache-Id
X-Node-Id
X-Org
X-Bip
X-Auto-Login
X-Origin-Response-Time
X-Server-IP
X-App-Name
Expect-Staple
Adler-Geo
AKAMAI
Memcached
Host-ID
Machine
Is-Eu
Datacenter
X-Proxy-Cache-Status
X-Cache-Debug
X-Varnish-Remaining-TTL
Apple-News-Services-Handled
X-Varnish-CookieHashed-On
X-Cdn-Srv
Apple-News-Services-Request-Url
X-WADP-Cache
CloudFront-Viewer-Country
Cmsid
Cmstype
X-Akamai-Device-Characteristics
X-Alternate-Cache-Key
Apple-News-Services-Parsed-Url
X-Up
X-BBC-Edge-Cache-Status
X-VG-TLSProxy
Apple-News-Services-Host
X-Clara-WADP
X-TIME
X-Fmm-Version
X-Scale
X-DPWN-IS-SECURE
X-GeoIP
X-Vcl-Version
X-Mvc-Supplant-OutputCached
X-Mly-Id
X-Old-Content-Length
X-Origin
X-Dispatcher-Server
X-Device-Os
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Core-Value
X-DefElseHash
X-DefHash
X-ShardId
X-ShopId
X-Shopify-Stage
DSUID
X-Varnish-CookieINHashed-On
X-App
Environment
NM-Fastcgi-Cache
Req-Svc-Chain
ServedBy
X-Nitro-Cache
Producers
X-Web-Node
X-Cs
X-Correlation-ID
User-Cache-Control
WP-Super-Cache
X-Refresh
X-Block-Status
X-From
Wxu-Next-Commit
Wxu-Next-Hostname
Server-Ext
Sever-Int
X-Air-Trace-Id
Ssr
Server-Info
Server-Hostname
X-NCache
Wxu-Next-Region
Country-Code
X-Gen-Mode
X-Op-Id-All
X-Presslabs-Stats
X-Nananana
X-Air-Hostname
X-NodeID
X-WA-Info
CDCHOST
X-Air-Source
Esi-Enabled
Origin-EX
X-Nginx-Cache-Key
X-Hnp-Log
X-Instance-Name
Origin-CC
C-Via
X-Tx-Id
Pics-Label
X-LB-NoCache
Memory
X-Cache-Enabled
X-Azure-Ref-OriginShield
Time
AMP-Access-Control-Allow-Source-Origin
Server-ID
X-Amz-Meta-Cb-Modifiedtime
X-Platform-Processor
X-Cache-Status-Check
X-Platform-Router
Hostname
X-Microcachable
GeoIP-Latitude
X-Platform-Cluster
X-Origin-Expires
X-HA-Backend
Cache-Host
X-Tb-Optimization-Total-Bytes-Saved
X-API-Version
X-Dc
XM
X-Locale
X-ZONE
X-URL
X-Site-Version
Origin-Agent-Cluster
NGX
X-VHOST
X-CACHE-GROUP
PFcat
X-VarnishDD-TTL
X-HN
Cf-Device-Type
Resin-Trace
X-Varnish-Beresp-Grace
X-Ad-Defer-Variation
X-Wp-Cf-Super-Cache-Active
X-Via-Edge
X-Via-CDN
Locid
X-DC
X-Fpc
X-FL-EDGE
X-Varnish-Beresp-Ttl
Edge-Copy-Time
A
X-Via-SSL
X-Vgn-Hpd-Reason
Srvid
X-FL-QIT-DEBUG
Cdn-Requestid
YJS-ID
X-Zone
Sid
X-Webkit-Csp-Report-Only
X-Internal-Host
X-Upstream-Ct
X-WP-CF-Super-Cache-Active
X-Upstream-Ht
X-ATG-Version
X-Contensis-Viewer-Groups
X-FireWall-Port
X-Cache-ASPX
X-Micro-Cache
X-TraceId
X-Varnish-Authentication
X-Github-Request-Id
X-Moov-T
X-DataCenter
X-Moov-Xdn-Version
X-Cached-By
X-Pod-Name
Cache-Key
X-B3-Spanid
X-SIPLIST1
Uri
True-Client-Ip
User-Agent
IsBot
X-AB
X-Buckets
X-LiteSpeed-Cache-Control
X-Info
GeoIP-Country-Code
X-B3-Parentspanid
Location
X-Planisys-CDN-Cache
X-Platform-Server
X-Planisys-CDN-TTL
X-Provided-By
X-Backend-Instance
X-Planisys-CDN-Rules
State
X-Geo-Region
X-HS-Content-Campaign-Id
X-Nitro-Cache-From
X-Release
X-Fastly-Cache
XServer
X-NGINX-Cache
X-Nitro-Rev
GeoIp-Country-Code
X-VC
X-LiteSpeed-Tag
X-RN-RSRV
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-MSEdge-Flight
X-MSEdge-Features
X-FTR-Request-ID
X-Cache-Remote
X-Accel-Version
Cdn
X-Datacenter
Lb
X-VCache
SID
X-CS
X-Geo
CF-Ctrl
True-Client-IP
NtCoent-Length
Cache
X-Api-Version
X-Browser-Name
X-Is-Desktop
X-Is-Supported-Browser
X-Tcp-Rtt
X-Is-Tablet
X-NewRelic-App-Data
X-Is-Mobile
X-CSRF-TOKEN
X-Vgn-Hpd-Cached
X-Generated-In
X-GeoIP-City
X-Vgn-Hpd-Variations-Key
X-Cache-Ttl
Path
X-Vgn-Hpd-Ssi
X-Gamma-Serve
Fastly-Drupal-Html
X-FPC
X-Scheme
X-HS-Status
Epwk-X-Cache
X-TRACE-ID
X-APP-VERSION
X-Hyper-Cache
Cache-Tv-Group
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Frame-Option
Srv
Tcn
X-HostName
Ohc-File-Size
X-Webstats-RespID
Kp-EeAlive
X-Service
X-GoCache-CacheStatus
X-SRV
CountryCode
Serverid
X-UA
Cf-Ipcountry
HostName
X-Esi
X-AK-Request-ID
Cdncip
X-Air-Pt
X-Mobile-URL
X-Amz-Meta-Opti
Cdnsip
X-Location
X-Guploader-Uploadid
X-Branch-Name
X-Aicache-OS
X-TX-ID
X-Traceid
X-Developers
On-Server
X-EC-Lua
Proxy-Connection
X-Region-Sid
CacheControlHeader
X-Wp-Cf-Super-Cache
X-Cache-Tags
X-Men
X-Wp-Cf-Super-Cache-Cache-Control
WebServer
X-Wp-Cf-Super-Cache-Cookies-Bypass
Yak-Timeinfo
X-Minions-Version
X-Vercel-Cache
RNT-Time
X-Vercel-Id
Mime-Version
RNT-Machine
X-Pad
X-Vc
Tube-Got-Results
Tube-Return
X-Cdn-Cache-Status
Tube-Got-Eval
Tube-Get-Contents
Env
X-Via-Poph
X-V-Cache
X-Proxy-CacheRZ
X-CDN-Cache-Status
X-Cache-FS-Status
V-Age
XkeyRZ
Cdn-Host
X-SB
X-Req
X-Servedbyhost
X-Edge-Server
Cdn-Request-Time
X-Via-Popn
X-B3-Trace-ID
X-Acquia-Purge-Cdn-Unconfigured
WZWS-RAY
Click-Count-Action-Start
Click-Count-Error
Ohc-Cache-HIT
X-LB-ID
X-Nc
X-Via-Popv
X-Akamai-Pragma-Client-IP
X-Wa
CDN
X-Origin-Cache-Key
X-VCL-Version
X-CACHE-KEY
M-TraceId
Server-Id
X-NMSegId
Geoip-Latitude
Req-ID
ENV
X-NWS-UUID-VERIFY
X-Edge-Pop
WWW-Authenticate
X-Cdn-Request-ID
Ngx
X-Cdn-Forward
LB
X-Lb-Cache
Content-Style-Type
X-FTR-Backend
Content-Script-Type
X-User
CF-Cached-On
X-Fastly-Country-Code
X-FTR-Backend-Server
X-Ha-Backend
X-Country-Code-Real
X-FTR-Expires
X-FTR-Balancer
X-Ad-Load-Variation
X-FTR-Cache-Status
Cluster
X-WP-CF-Super-Cache-Cookies-Bypass
X-TT-LOGID
PICS-Label
X-Request-Start
X-M-Log
X-Scope-Id
X-Lb-Nocache
Pramga
X-Ckpd-Fst-Backend
X-APP
X-Processor
X-TH-Server
X-M-Reqid
X-Check-Cacheable
X-Via-Ucdn
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Snapshot-Date
X-Edge-POP
X-IN-APIGATEWAYSSL
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Yjs-Id
X-Fastly-Backend-Reqs
X-Qnm-Cache
X-Shield-Cache-Expires
X-Varnish-Beresp-TTL
X-Request-URI
Inserted-Into-Cache-At
X-Fastly-Cache-Hits
HIT
X-Render-Time
X-Udemy-Cache-App-Namespace
X-Miniprofiler-Ids
Log-Origin
X-RAMCache
X-Iauth-Set-Uid
CACHE-MISS-TO-ORIGIN
X-CUA
X-Cached-Since
X-ElasticPress-Query
X-Litespeed-Cache-Control
Cneonction
Vha6-Origin