Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-Id
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
P3p
X-AH-Environment
X-Proxy-Cache
Keep-Alive
X-Ua-Compatible
X-Server
X-Ws-Request-Id
X-Age
Host-Header
Cf-Edge-Cache
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Page-Speed
X-Device
Cf-Apo-Via
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Ruxit-JS-Agent
X-Server-Id
EagleEye-TraceId
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
X-Backend-Server
Request-Id
X-Cache-Spec
X-Cache-Lookup
X-HW
X-Content-Security-Policy-Report-Only
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
Accept-CH-Lifetime
X-Country
X-Mcache
X-Content-Type
Content-Location
X-MS-InvokeApp
X-Url
X-CST
X-Clacks-Overhead
X-Vname
X-PC
X-TtlSet
Rating
X-Amz-Server-Side-Encryption
X-Midtier
X-Litespeed-Cache
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
Origin-Trial
X-Kinja-Server
X-VARITI-CCR
X-Kinja-Build
X-Cdn-Fetch
Verso
X-Rack-Cache
X-Server-Name
X-Ac
X-Powered-By-Plesk
X-Ttl
X-GitHub-Request-Id
Service-Worker-Allowed
X-Cnection
X-Amz-Rid
X-Client-IP
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
Xkey
X-Abt-Application-Version
Edge-Control
X-ECACHE
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-NWS-LOG-UUID
X-Upstream
Arr-Disable-Session-Affinity
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Cached
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Browser-Type
X-Mg-S
X-B3-TraceId
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-Px
X-Cache-Key
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-NF-Request-ID
Access-Control-Request-Method
Edge-Cache-Tag
X-Forwarded-For
X-Country-Code
X-Goog-Hash
X-Correlation-Id
X-Webkit-Csp
Content-MD5
TCN
X-Powered-CMS
Front-End-Https
AR-ATIME
AR-PoweredBy
X-Id
AR-SID
AR-Request-ID
AR-CACHE
X-Ratelimit-Limit
X-Version
Public-Key-Pins
X-RateLimit-Remaining
X-HP-Trace-Id
Accept-Ch
X-HP-Webp
X-Jurisdiction
X-Ser
X-MSEdge-Ref
X-Recruiting
X-T
X-Content-Digest
X-Amzn-Trace-Id
X-Middleton-Response
Response
X-Accel-Expires
X-Daa-Tunnel
TP-L2-Cache
TP-Cache
X-Shield-Request-Id
X-XRDS-Location
MicrosoftSharePointTeamServices
S
Nginx-Cache
Cache-Status
X-Request-Received
X-B3-TraceId-Primal
X-Request-Processing-Time
Server-Node
Mrf-Cache-Status
MRF-Tech
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Cache-Tags
X-Distributor
X-Hits
X-PressLabs-Stats
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Cross-Origin-Opener-Policy
X-Kinsta-Cache
X-Edge-Location-Klb
X-LB-Cache
X-Origin-Server
X-Ratelimit-Remaining
X-Ezoic-Cdn
X-Ratelimit-Reset
Fastcgi-Cache
X-Ua-Browser
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Alternate-Protocol
X-ECache
X-Grace
X-Fastcgi-Cache
Server-Name
Filterid
X-DIS-Request-ID
X-Frontend
X-Geo-Country
X-Microsite
X-Request-Handler-Origin-Region
X-Rid
X-Hostname
X-Protected-By
Healthy
X-LLID
X-FB-Debug
X-Fastly-Request-ID
X-Logged-In
X-Git-Hash
X-Varnish-Backend
Cleartype
Payment
X-Debug-Info
X-Page-Id
X-Load-Cache
X-Forwarded-Proto
X-DataDome
X-Www-Served-By
X-Cluster-Name
X-NGENIX-Cache
X-ASPNET-VERSION
DC
X-Origin-Cache
MS-Author-Via
X-B3-Traceid
Realpath
Charset
Content-Disposition
Access-Control-Allow-Method
X-B3-Sampled
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Proxy
X-F-Cache
X-Activity-Id
X-Az
X-AppVersion
X-Seen-By
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
X-Server-ID
X-Azure-Ref
X-TTL
Paypal-Debug-Id
X-Fb-Rlafr
X-Cache-Age
Retry-After
Count-Hit
X-Whom
Cross-Origin-Resource-Policy
X-Type
X-Contextid
Surrogate-Key
Viewport
X-Revision
X-Request-Guid
X-Is-Crawler
X-Providence-Cookie
X-Hosted-By
X-Wix-Request-Id
X-Varnish-Server
X-Route-Name
X-Flags
X-App-Environment
X-Aspnetmvc-Version
X-Aspnet-Duration-Ms
X-Akamai-Edgescape
Accept-Charset
X-B
X-Signature
X-B-Cache
X-TT
Amp-Access-Control-Allow-Source-Origin
X-VCache
X-DynaTrace
X-Language
X-Varnish-Ttl
X-Source
X-Times
X-App-Server
X-Cache-Control
X-Fastly-Request-Id
X-Mobile
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Magnolia-Registration
Referer-Policy
X-Varnish-Grace
X-Envoy-Decorator-Operation
Host
Version
X-N
X-Cache-Rule
X-Oracle-Dms-Rid
WPO-Cache-Status
X-Oracle-Dms-Ecid
X-HTML-Minification-Powered-By
WPO-Cache-Message
Refresh
X-Original-Request-Id
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tt-Trace-Host
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Response-Served-From
X-Tt-Trace-Tag
X-Varnish-Age
X-Cache-Status-Check
Access-Control-Request-Headers
X-Cache-Time
X-EdgeConnect-Cache-Status
X-Rule
SD-X-WS
Ms-Operation-Id
X-UUID
X-Cache-Grace
MS-CV
X-User-Agent
X-RTag
X-Framework
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Content-Powered-By
X-Backend-Name
Akamai-GRN
GEO-INFO
X-FW-Server
X-FW-Static
Protected
X-Cacheable-TTL
X-Jobs
X-RemovedCookies
X-ProcessESI
X-FW-Type
X-FW-Version
Section-Io-Cache
X-Status
VIX-Pulpo-Upstream-Status
X-Environment-Context
VIX-Pulpo-Node
From-Origin
X-Instance
X-Device-Type
X-G
X-XRDS-LOCATION
X-Cache-Expired-At
X-Page-View
X-L-Path
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Servername
X-Rendered-As
X-Amz-Apigw-Id
X-NYM-Debug-Backend
Url
X-Http-Reason
X-Is-Bot
X-Amzn-RequestId
X-Akamai-Request-ID2
CDN-RequestId
NGB
X-Adobe-Loc
X-Adobe-Content
X-Trace-Id
X-Region
SRV
X-Nginx-Cache
Front
X-Template
X-CDN-Forward
X-Unique-Id
Accept-Language
X-Debug-IsConnected
X-Debug-IsPreview
X-RateLimit-Limit
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Hit
X-Content-Options
Backend
Fastly-SIE
Fastly-SWR
X-Zen-Fury
Country
Liferay-Portal
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Newrelic-App-Data
X-DynaTrace-JS-Agent
X-Mode
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Tb
X-COUNTRY
X-Cache-Operation
Content-Secure-Policy
X-Real-IP
X-Amzn-Remapped-Content-Length
X-Tumblr-Pixel-2
X-Rewrite-Enabled
X-RN-RSRV
X-Proxy-Cache-Info
Uber-Trace-Id
Meta-Geo
Onion-Location
X-UPSTREAM-Address
Webserver
S-Rt
Filters
X-Tt-Logid
X-Generation-Time
X-Cache-Server
X-Content-Age
X-Rocket-Nginx-Serving-Static
Azure-InstanceId
X-PHP-Backend
Azure-RegionName
X-Locale
X-Timing-Wait
X-Format
X-IPS-LoggedIn
X-Access
X-Node-Name
X-Time
Azure-SlotName
Selected-Fe
Azure-Version
Cache-Hits
X-Section
X-Proxy-Build
Azure-SiteName
CF-IPCountry
X-Web-Node
X-Cluster-Node
X-Edge-Location
ServedBy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Locale-Group
Property-Id
Webcakes-App-Version
Webcakes-Region
X-Soup
X-Varnish-Beresp-Grace
X-SayCDN-TTL
X-Skip-Cache
X-Forwarded-Host
X-Ms-Version
X-Say-TTL
X-Sucuri-ID
X-Origin-Hint
X-Proto
X-Server-W
TWC-Privacy
X-Ms-Request-Id
TWC-Connection-Speed
X-Sucuri-Cache
X-Site-Version
Node
Cache-Name
X-Say-Cacheable
TWC-Device-Class
ServerID
X-ProxyCache-Status
X-Proxied
X-Origin-Date
X-Labrador-Cache-Channel
X-Reqid
X-PHP-Host
X-Tumblr-Pixel-3
X-VC-Cache
X-Via-Fastly
X-Ua
X-R9-Blue-Green-Version
X-Routing-Service
X-Cache-Action
X-Sql-Duration-Ms
X-Debug
X-Cms-Context
X-BYPASS-REASON
X-Sql-Count
X-Handled-By
X-Zipkin-Id
X-UA-Device-Type
X-ProxyCache-Key
Web-Mar-Node
X-Extlb
X-TIME
DB-Nickname
Cross-Origin-Window-Policy
X-Uri
X-FB-TRIP-ID
X-Cache-TTL-Remaining
X-AWS-Id
X-Cluster
X-SaId
X-VWS-Id
Mn-Server-Ip
X-Cache-Host
X-JoinUs
X-LAGOON
X-LJ-Flow-ID
X-Ruxit-Js-Agent
X-IPLB-Request-ID
X-Adobe-Source
X-Proxy-Cache-Status
X-IPLB-Instance
Apigw-Requestid
X-Urbn-Site-Id
X-Detected-As
X-No-Session
X-Optimistic-Header
Locale
X-Urbn-Context-Path
X-Xfnlog-Site
Countrycode
X-GeoCode
X-GeoCountry
Fastcgi-Useragent
WP-Super-Cache
X-LSADC-Cache
X-ARC
X-WP-CF-Super-Cache
Mime-Version
X-Buckets
X-WP-CF-Super-Cache-Cache-Control
Cache-Tv-Group
Source
X-Oneagent-Js-Injection
X-App-Version
X-Director
Upgrade-Insecure-Requests
X-Varnish-Hits
X-Hl-Ver
CDN-CachedAt
CDN-RequestCountryCode
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
X-Generated-By
X-Mg-Request-UUID
X-GEO
X-Request-Time
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Redis-Cache
Frame-Options
Fastly-Drupal-HTML
X-Loop
X-FireWall-Port
Xet-Cookie
CF-Cached-On
X-Cache-Debug
X-TA-CDN-Provider
X-Origin-CC
X-Origin-TTL
X-Tx-Id
X-Varnish-Cache-Hits
X-URL
X-SRV
X-RM-Cache-TTL
X-Varnish-Hostname
X-Api-Version
X-TNCMS
X-Pass-Why
X-ServerID
X-ShardId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Load-Balancing
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Storefront-Renderer-Rendered
X-ShopId
X-Newrelic-Synthetics
X-Akamai-Transformed
X-Served-From
X-Pubstack
X-Service
X-Request-Host
X-Endurance-Cache-Level
X-Location
Server-Info
X-Core-Mission
X-Cdn-Origin
X-Ec-GeoHdr
X-Ec-Fail
X-Conf
X-Cache-Date
X-CUA
X-Cache-Info
X-CMSURLCustom
X-Destination
X-Cache-NE
X-D
X-Developer
WWW-Authenticate
Redirect-Candidate
Origin
Odigeo-Trace-Id
Ngx.Var.Host
Release
Rendered-Blocks
Surrogated-Key
Candidate-Md5Url
Sslversion
Meta-Geo-Continent
Memcached
Edge-Cache
Host-ID
Gannett-Cam-Experience-Id
DSUID
Lang
MD5-Digest
DCR-Decision-By
DCR-Processing-Time-Ms
T-Server
TDXMobile
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Aed
X-Application
X-BCube-Filmed-By
X-Bc-Bl
X-B-Cookie
X-A-Dam
A
Thinkindot-CacheControl-Type
Cache-Host
Thinkindot-CacheControl
BehaviorPad-Version
Thinkindot-Control
X-A-Ccd
X-A
X-Epic-Correlation-Id
X-Bip
X-Nyt-Route
X-Platform-Processor
X-Platform-Cluster
X-SVT-ORM-VERSION
X-Platform-Router
X-SVT-ORM-RULES
X-Origin-Time
X-Test
X-Mobile-URL
X-Sigma-Backend
X-Thinkindot-L3
X-Thanos
X-SRCache-Key
X-Processor
X-Correlation-ID
X-S-Maxage
X-ScT
X-Sigma
X-S-Cookie
X-S
X-Sn-Servicetimems
X-External-Request-Id
X-Rocket-Build-Number
X-Rojux
X-Mid
X-TIM-N
X-Hash
X-Vdms-Version
X-We-Are-Hiring
Xc-Version
X-Gdpr
X-Generated-On
X-INCAP-ABP
X-Httpd
X-Level-Front-Cache
X-Loc
X-Vdms-Path
X-Storage
X-Restarts
X-CSRF-Token
X-WP-CF-Super-Cache-Active
X-Men
X-Origin
X-Akamai-Device-Characteristics
X-Slack-Backend
Server-Host
Gh-Request-Id
X-Slack-Shared-Secret-Outcome
X-Worker
X-Varnishpool
Req-Svc-Chain
X-Var-Ttl
X-Vmg-Version
X-VServer
Magicmarker
Mail-Subject
X-Varnish-Beresp-Status
NM-Fastcgi-Cache
X-Accel-Expires-Debug
X-GeoIP
X-Date
X-GeoIP-City
X-Has-Esi
X-Human
X-HS-Content-Campaign-Id
X-Geo-Header
X-Developers
X-Ec-Custom-Error
X-Fastly-Backend
X-Dispatcher-Number
X-Fastly-Cache
X-Gamma-Serve
X-Fetched-On
X-Is-Gdpr
X-JWT-State
X-Auto-Login
X-BBC-Edge-Cache-Status
X-Pool
X-Region-Sid
X-Server-IP
X-SD-PageType
X-Origin-Response-Time
X-Org
X-Mvc-Supplant-Cachable
X-Cdn-Srv
X-CacheTTL
X-Node-Id
Fastly-GeoIP-CountryCode
We-Hiring
X-Cache-Bucket
Apple-News-Services-Handled
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
X-B3-Spanid
CloudFront-Viewer-Country
CacheControlHeader
Cache-Key
Apple-News-Services-Host
AKAMAI
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
C-Via
Country-Code
Section-Io-Origin-Time-Seconds
Fastly-Backend-Name
X-Parent-Response-Time
Xserver
X-Air-Pt
X-Irp-Debug
X-Op-Id-All
X-Qloud-Router
X-Gzip
X-Esi-Check
X-Cache-Id
X-Clara-WADP
X-Cache-Tags
X-Dispatcher-Server
X-Instance-Name
X-Req
X-Origin-Expires
X-Mly-Id
X-Scale
X-Nginx-Cache-Key
X-Variation
X-Accel-Buffering
X-Request-Start
X-Ad-Defer-Variation
X-Azure-Ref-OriginShield
X-App
X-Platform
X-NCache
Vix-Hermes-Req-Id
X-Forwarded-Site
X-Fmm-Version
X-GeoIP-Country-Code
X-FC-Vary-Parameters
X-WA-Info
X-Frame-Option
X-VarnishDD-TTL
X-Varnish-CookieINHashed-On
X-VG-TLSProxy
X-Varnish-CookieHashed-On
X-WADP-Cache
X-Wix-Viewer-Type
X-DefElseHash
Is-Eu
Platform
X-Varnish-Remaining-TTL
X-DefHash
Adler-Geo
X-GeoIP-Region-Code
X-NWS-UUID-VERIFY
X-HN
X-Device-Os
X-Core-Value
X-NodeID
Datacenter
Cmstype
PFcat
Machine
Kp-EeAlive
L
Origin-EX
Cache-Provider
State
Origin-CC
On-Server
Canary
Cmsid
Ssr
Tube-Get-Contents
Tube-Got-Results
Click-Count-Action-Start
Click-Count-Error
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Region
Tube-Got-Eval
Wxu-Next-Hostname
Tube-Return
X-Varnish-Beresp-Ttl
Environment
Server-Ext
X-DPWN-IS-SECURE
X-Eu-Site
X-Response-By
X-Provided-By
X-Gen-Mode
X-LB-NoCache
Ha-Gx-Prefs
X-Platform-Server
X-Old-Content-Length
HA-Ipaddr
Fastly-SSL
Server-Hostname
L5d-Success-Class
X-Hnp-Log
X-SB
NGX
Producers
X-Ckpd-Fst-Backend
CDCHOST
X-Planisys-CDN-Rules
X-CGP
User-Cache-Control
X-Release
X-Planisys-CDN-TTL
X-Cache-FS-Status
Sever-Int
X-Planisys-CDN-Cache
X-Owner
X-Block-Status
X-V-Cache
X-Csrf-Jwt
X-CACHE-AGE
X-Webkit-CSP-Report-Only
HostName
Decoy-Debug-TTL
Srvid
X-Tb-Optimization-Total-Bytes-Saved
X-Mvc-Supplant-OutputCached
X-Nananana
X-FL-QIT-DEBUG
X-Minions-Version
X-FL-EDGE
Decoy-Debug-Key
X-Microcachable
X-Refresh
Decoy-Debug-Status
X-Cache-Backend
Locid
X-Cache-Remote
Cluster
X-Aicache-OS
Expect-Staple
X-Tid
X-Via-CDN
X-Zone
X-Dc
Pics-Label
GeoIP-Latitude
Env
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
X-Vcl-Version
X-ND-Cache
X-From
X-RCS-CacheZone
X-DC
Sid
X-VC
X-Trace-ID
X-Generated-In
X-Up
Memory
Time
X-Cache-Enabled
NtCoent-Length
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Fastly-Drupal-Html
X-Servedbyhost
Svr
X-Cached-By
X-Edge-Pop
X-Lambda-Id
X-DataCenter
X-Webkit-CSP
Cache
X-Cs
X-Via-Poph
SID
X-Via-Popn
X-Srv
X-HS-Status
X-Via-Popv
X-NewRelic-App-Data
X-Vgn-Hpd-Ssi
CPC-Cache
X-Vgn-Hpd-Variations-Key
VNS-Age
VNS-Cache
X-VCT
X-Render-Time
CPC-Age
X-Vtex-Remote-Cache
X-Vgn-Hpd-Cached
X-Nc
X-Esi
X-Presslabs-Stats
X-Vc
X-ZONE
X-Client-Ip
X-AIR-PT
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Wa
X-LB-ID
X-HA-Backend
X-CLOUD-TRACE-CONTEXT
X-CCDN-CacheTTL
GeoIp-Country-Code
Cdn
X-Upstream-Ht
Server-ID
X-Upstream-Ct
X-TH-Server
X-Check-Cacheable
X-Cache-Type
X-B3-SpanId
Cdnsip
XServer
Cdncip
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Request-Id
True-Client-IP
X-Via-JSL
AMP-Access-Control-Allow-Source-Origin
X-ATG-Version
X-AK-Request-ID
Hostname
X-Proxy-CacheRZ
XkeyRZ
X-Varnish-Beresp-TTL
X-Via-NSCOPI
Uri
X-Contensis-Viewer-Groups
X-Amz-Meta-Cb-Modifiedtime
X-Cache-ASPX
X-Fpc
X-Varnish-Authentication
X-NGINX-Cache
X-API-Version
Srv
X-Nf-Request-Id
M-TraceId
X-EC-Lua
X-CSRF-TOKEN
X-CS
X-CF-Lambda-Fn
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-PAYTM-SRV-ID
Eomportal-Instance
X-FPC
X-CF-Lambda-Version
Esi-Enabled
X-Udemy-Cache-App-Namespace
X-MSEdge-Features
Resin-Trace
CDN
X-MSEdge-Flight
OT-Force-Account-Verify
True-Client-Ip
X-MP-GENERATED-AT
X-APP-VERSION
X-Datadome
Ngx-Var-Key
N-Cache
X-Micro-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-CDN-Cache-Status
Request-ID
YJS-ID
X-Bl-Debug
X-Tenant
X-Shop-Environment
X-Orig-Expires
X-Forwarded-Path
RNT-Machine
Lb
Server-Id
Path
RNT-Time
X-Fastly-Country-Code
IsBot
X-TX-ID
X-SIPLIST1
X-Ha-Backend
X-Cache-NGX
GeoIP-Country-Code
X-Request-URI
X-Cache-Ttl
X-Policy
X-WA
X-App-Name
X-Info
X-VCL-Version
X-Accel-Version
Sm-Log-Id
X-Service-Response-Time
X-Lb-Id
X-B3-Trace-ID
X-MCACHE
X-Edge-POP
Cross-Origin-Opener-Policy-Report-Only
Location
X-Datacenter
LB
X-Pod-Name
Hit
X-NC
X-RateLimit-Reset
X-Via-PopH
X-Via-PopV
X-Via-PopN
X-SERVER-NAME
X-Vcache
Ohc-File-Size
X-Cdn-Cache-Status
HIT
X-Logging-Id
X-Akamai-Pragma-Client-IP
X-Geo
X-Snapshot-Date
X-Cdn-Diag
Timeexpire
Pramga
X-CACHE-KEY
X-Cache-Expires
X-Oss-Server-Time
X-Oss-Request-Id
Proxy-Connection
Servername
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Oss-Object-Type
X-Oss-Storage-Class
FSS-Cache
X-Oss-Hash-Crc64ecma
X-ServedByHost
X-Cdn-Request-ID
X-Container-Uri
X-Git-Commit
Epwk-X-Cache
ENV
Yjs-Id
Req-ID
X-Ctl-Mach
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Amz-Meta-Opti
X-Scheme
X-Hyper-Cache
WZWS-RAY
X-Serial
X-VG-WebCache
XM
Geoip-Latitude
X-LiteSpeed-Cache-Control
X-Fastly-Backend-Reqs
X-Cdn-Forward
X-Dw-Trace-Id
X-Tncms
X-UP
X-Rebelmouse-Cache-Control
X-M-Reqid
X-M-Log
X-Iauth-Set-Uid
X-Rebelmouse-Surrogate-Control
X-MiniProfiler-Ids
Warning
X-Acquia-Purge-Tags
True-Client-Country-4JS
V-Age
X-Acquia-Purge-Cdn-Unconfigured
Traceparent
X-RAMCache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Site
X-Qnm-Cache
Content-Script-Type
X-B3-Parentspanid
X-Moov-Xdn-Version
Cneonction
X-Swift-Error
X-Lb-Nocache
Ec-Rule-Version
X-TraceId
X-Moov-T
Content-Style-Type
CountryCode
X-TT-LOGID
X-Lsadc-Cache
X-F-Status
X-Mg-Cache
X-IPS-Cached-Response
CDN-RequestPullCode
X-Cache-Ngx
Ohc-Cache-HIT
X-Clientip
X-WP-CF-Super-Cache-Cookies-Bypass
PICS-Label
X-B3-ParentSpanId
X-Litespeed-Cache-Control
CDN-RequestPullSuccess
MIME-Version
Ngx
X-Mid-Debug-Cache-Key
X-Request-URL
X-PERF
X-Th-Server
X-Viewer-Country
Inserted-Into-Cache-At
X-Mid-Debug-Cache-Disk
My-App
X-Webstats-RespID
X-LiteSpeed-Tag
X-Fastly-Cache-Hits
X-ApacheServer