Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
CF-Ray
X-Cacheable
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-Request-ID
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
X-Cache-Group
X-Robots-Tag
Server-Timing
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Ws-Request-Id
X-Age
Host-Header
P3p
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
X-Akamai-Path-Stats
Cf-Edge-Cache
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
X-Nginx-Cache-Status
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-OneAgent-JS-Injection
X-Pingback
X-Server-Id
Accept-CH
Cf-Railgun
X-Cache-Spec
EagleEye-TraceId
Request-Id
Surrogate-Control
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Accept-CH-Lifetime
X-Trace
Rating
X-Cloud-Trace-Context
Fastly-Restarts
Accept-Ch-Lifetime
X-Country
X-WebKit-CSP-Report-Only
X-Url
X-Clacks-Overhead
X-Edge
X-Amz-Server-Side-Encryption
X-MS-InvokeApp
X-Rack-Cache
Edge-Control
X-B3-TraceId
X-TtlSet
X-PC
X-Vname
X-Nginx-Upstream-Cache-Status
X-Content-Type
X-ESI
X-Vcap-Request-Id
X-Mod-Pagespeed
X-Ruxit-JS-Agent
Xkey
X-Oneagent-Js-Injection
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-D2id
X-Varnish-TTL
Verso
X-Amz-Rid
X-GitHub-Request-Id
X-Ruxit-Js-Agent
Cache-Tag
Accept-Ch
X-VARITI-CCR
X-Powered-By-Plesk
RTSS
X-Mcache
X-CST
X-ECACHE
Service-Worker-Allowed
X-FastCGI-Cache
X-Upstream
X-Navigation-Version
X-Abt-Application-Version
X-Cached
X-Version
X-Client-IP
X-Dw-Request-Base-Id
X-Cnection
X-Px
X-Ac
Public-Key-Pins
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Server-Name
X-Element-Page-Cache
X-SharePointHealthScore
SPRequestGuid
Arr-Disable-Session-Affinity
X-Cache-TTL
Pagespeed
X-Middleton-Display
SPRequestDuration
X-Sol
SPIisLatency
Display
X-Country-Code
X-NWS-LOG-UUID
X-Ser
Permissions-Policy
X-RateLimit-Remaining
X-Ttl
X-Midtier
X-Cache-Key
Response
X-Middleton-Response
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-Forwarded-For
Content-MD5
Access-Control-Request-Method
X-NF-Request-ID
X-DataDome
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
Front-End-Https
X-Correlation-Id
X-MSEdge-Ref
X-T
Nginx-Cache
X-HP-Trace-Id
X-Recruiting
X-Jurisdiction
X-HP-Webp
TP-L2-Cache
TP-Cache
Edge-Cache-Tag
AR-PoweredBy
AR-Request-ID
AR-SID
X-ORACLE-DMS-ECID
AR-CACHE
X-ORACLE-DMS-RID
X-Accel-Expires
AR-ATIME
X-RateLimit-Limit
X-Powered-CMS
MicrosoftSharePointTeamServices
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Daa-Tunnel
TCN
X-Grace
Cf-Apo-Via
X-Id
X-Mg-S
X-Hits
X-Content-Digest
Filters
X-Request-Received
X-Request-Processing-Time
Server-Node
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
Server-Name
X-Amzn-Trace-Id
X-TTL
X-Frontend
S
MS-Author-Via
X-Distributor
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Geo-Country
Fastcgi-Cache
X-Protected-By
X-LLID
X-PressLabs-Stats
X-Webkit-Csp
Cache-Status
X-Language
X-Fastly-Request-Id
X-LB-Cache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Cross-Origin-Opener-Policy
X-Origin-Server
X-Fastcgi-Cache
X-Erf-Bev-Bev
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Request-Handler-Origin-Region
X-Microsite
Charset
Count-Hit
X-B3-Sampled
X-FB-Debug
X-Forwarded-Proto
Host
X-F-Cache
X-Page-Id
X-Seen-By
X-Ua-Browser
X-Ab
X-Git-Hash
Payment
Filterid
X-Litespeed-Cache
X-XRDS-Location
X-Cache-Age
X-ASPNET-VERSION
X-VCache
X-Cluster-Name
X-Ratelimit-Reset
Realpath
Surrogate-Key
X-Rid
Cache-Tags
X-Origin-Cache
Accept-Charset
Alternate-Protocol
X-NGENIX-Cache
X-Template
X-Www-Served-By
Retry-After
X-Activity-Id
X-Az
Access-Control-Allow-Method
X-DynaTrace
X-AppVersion
Cleartype
X-Logged-In
X-DIS-Request-ID
X-Amz-Replication-Status
X-Upgrade-Enabled
X-TT
X-Varnish-Grace
X-Route-Name
X-Varnish-Backend
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Wix-Request-Id
X-Type
X-B-Cache
X-B
X-Tb
X-Signature
X-Node-Name
X-App-Environment
X-Aspnetmvc-Version
X-Envoy-Decorator-Operation
ServerID
DC
Paypal-Debug-Id
X-Source
X-Hostname
X-Drupal-Cache-Tags
Frame-Options
X-Debug
X-Proxy
X-Revision
X-Fastly-Request-ID
X-Content-Options
X-Mobile
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Load-Cache
X-Contextid
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Content
X-Cache-Rule
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-N
Country
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
X-Magnolia-Registration
Node
X-User-Agent
X-Whom
Refresh
Referer-Policy
X-Original-Request-Id
X-Response-Served-From
X-EdgeConnect-Cache-Status
Viewport
NGB
X-Cache-TTL-Remaining
X-Environment-Context
X-Debug-IsPreview
X-Debug-IsConnected
X-Cacheable-TTL
X-L-Path
Content-Disposition
Access-Control-Request-Headers
X-Adobe-Content
X-Servername
X-Adobe-Loc
Url
X-Unique-Id
X-Varnish-Server
X-Yottaa-Optimizations
X-G
VIX-Pulpo-Upstream-Status
X-Yottaa-Metrics
Uber-Trace-Id
VIX-Pulpo-Node
X-Akamai-Request-ID2
X-NYM-Debug-Backend
X-Page-View
X-Framework
X-Mid
X-Jobs
X-Real-IP
X-Status
Akamai-GRN
X-Cache-Time
X-Cache-Grace
X-Is-Bot
X-Rendered-As
X-Varnish-Age
X-Content-Powered-By
X-ProcessESI
Srv
X-RemovedCookies
X-XRDS-LOCATION
X-Instance
Countrycode
X-Ratelimit-Remaining
X-Drupal-Cache-Contexts
X-Mg-Request-UUID
X-Server-ID
Version
X-Time
X-Restarts
X-COUNTRY
X-Http-Reason
X-CDN-Forward
X-App-Server
Accept-Language
X-Cache-Expired-At
X-Debug-Info
X-Trace-Id
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Protected
X-IPLB-Instance
Healthy
X-IPLB-Request-ID
X-APP-VERSION
X-Via-JSL
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Hosted-By
X-Cache-Hit
X-Nginx-Cache-Key
X-Cache-Operation
X-Device-Type
X-Azure-Ref
Liferay-Portal
X-Ratelimit-Limit
X-Backend-Name
Section-Io-Cache
X-Tt-Logid
X-FW-Type
Fastcgi-Useragent
X-FW-Dynamic
X-FW-Static
X-FW-Hash
X-FW-Server
X-FW-Serve
Cross-Origin-Resource-Policy
Content-Secure-Policy
X-Akamai-Edgescape
Ms-Operation-Id
MS-CV
Backend
X-RTag
Server-Info
X-Cache-NGX
X-Proxy-Cache-Status
Load-Balancing
X-Storage
X-UPSTREAM-Address
X-Mobile-URL
Meta-Geo
X-RN-RSRV
X-Mode
X-Cache-Action
X-UUID
X-VC-Cache
X-Handled-By
X-Content-Age
GEO-INFO
X-Rule
X-No-Session
X-PCL
X-OCL
X-LJ-Flow-ID
Locale
X-Access
X-Cms-Context
X-Adobe-Source
X-Region
X-Alternate-Cache-Key
X-Cache-Server
X-Edge-Location
S-Rt
X-Forwarded-Host
CF-IPCountry
Eomportal-Instance
X-Format
Onion-Location
X-Proto
X-PHP-Backend
X-SayCDN-TTL
X-Varnish-Beresp-Grace
X-Varnish-Hostname
X-Varnishpool
X-Site-Version
X-Sorting-Hat-ShopId
X-VWS-Id
X-Sorting-Hat-PodId
X-Skip-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Shopify-Stage
X-AWS-Id
X-Sql-Duration-Ms
X-Section
X-Say-TTL
X-Say-Cacheable
X-Sql-Count
X-Storefront-Renderer-Rendered
X-ShardId
X-ShopId
X-Generated-By
Property-Id
Mn-Server-Ip
X-Generation-Time
X-UA-Device-Type
X-Varnish-Cache-Hits
DB-Nickname
X-FB-TRIP-ID
X-Extlb
TWC-Device-Class
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
CDN-PullZone
X-Cache-Type
X-BYPASS-REASON
X-Cache-Host
Web-Mar-Node
TWC-Privacy
TWC-Connection-Speed
X-Detected-As
X-Timing-Wait
X-GeoCode
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Selected-Fe
X-Hl-Ver
CDN-CachedAt
X-Proxied
CDN-RequestId
CDN-Cache
X-Zipkin-Id
X-GeoCountry
X-Cache-Enabled
CDN-Uid
X-Proxy-Build
X-ProxyCache-Key
X-SRV
X-Server-W
X-Request-Time
X-ServerID
X-ProxyCache-Status
CDN-EdgeStorageId
CDN-RequestCountryCode
X-PHP-Host
X-Labrador-Cache-Channel
X-Routing-Service
X-Via-Fastly
X-HTML-Minification-Powered-By
X-Locale
X-Web-Node
X-Uri
Apigw-Requestid
X-Redis-Cache
X-Xfnlog-Site
X-Origin-Hint
X-Nginx-Cache
Azure-SlotName
Azure-Version
X-Api-Version
Azure-SiteName
Azure-InstanceId
X-Origin-Date
X-Tid
Azure-RegionName
X-Cache-Status-Check
X-R9-Blue-Green-Version
WP-Super-Cache
X-URL
X-JoinUs
X-SaId
X-Ms-Request-Id
X-Datadome
X-Ms-Version
Cache-Name
X-Zen-Fury
X-Correlation-ID
ServedBy
X-DynaTrace-JS-Agent
Xserver
X-LSADC-Cache
X-FireWall-Port
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-App-Version
X-ECache
X-Amzn-RequestId
X-Ua
X-Amz-Apigw-Id
X-Human
X-Dc
X-Debug-Cache
Xet-Cookie
Cache
X-Cache-Tags
X-MP-GENERATED-AT
X-TNCMS
X-Loop
Source
X-RCS-CacheZone
SD-X-WS
X-TA-CDN-Provider
X-Reqid
X-Tec-Api-Version
X-Varnish-Hits
X-Cached-By
X-Tec-Api-Origin
X-Tec-Api-Root
Cross-Origin-Window-Policy
Origin
X-Soup
X-Pubstack
X-Amzn-Remapped-Content-Length
X-GEO
WPO-Cache-Status
LB
X-Cdn
WPO-Cache-Message
X-Webkit-CSP
X-Origin-CC
X-Tumblr-Pixel-2
X-Vgn-Hpd-Reason
X-Origin-TTL
From-Origin
X-IPS-LoggedIn
X-Newrelic-Synthetics
X-Service
X-Provided-By
X-B3-SpanId
X-AOL-HN
Webserver
X-Varnish-Beresp-Ttl
X-Via-NSCOPI
X-NewRelic-App-Data
X-Varnish-Ttl
Rip
X-GG-Cache-Date
X-Platform-Server
X-FW-Version
X-Cluster-Node
X-Request-Host
X-A-Dgt
X-Aed
X-PBS-Appsvrname
X-Forwarded-Path
X-A-Dcw
DCR-Decision-By
Host-ID
X-Destination
X-Processor
X-A-Wwc
X-ARC
A
Expiry
DCR-Processing-Time-Ms
X-BCube-Filmed-By
X-Ec-Fail
X-Ec-GeoHdr
Environment
X-D
X-External-Request-Id
Cdnsip
X-NAPM-TraceId
X-Bc-Bl
X-Developer
X-Application
X-AK-Request-ID
BehaviorPad-Version
X-Cache-NE
Cdncip
X-Connection-Hash
X-B-Cookie
X-Orig-Expires
X-Owner
X-Rojux
HostName
X-Tenant
Odigeo-Trace-Id
Xc-Version
Ngx.Var.Host
Meta-Geo-Continent
X-CSRF-Token
X-SRCache-Key
X-TIM-N
X-User
X-VG-WebCache
T-Server
Surrogated-Key
X-Vdms-Version
X-Vdms-Path
X-A-Dam
Sslversion
X-Shop-Environment
Rendered-Blocks
X-ScT
MD5-Digest
Lang
X-A
X-Served-From
X-S-Cookie
X-A-Ccd
X-Rewrite-Enabled
X-S
OT-Force-Account-Verify
Upgrade-Insecure-Requests
Cache-Hits
X-VC
X-B3-Traceid
X-Qloud-Router
X-Pool
X-Generated-On
X-Accel-Buffering
Redirect-Candidate
X-Level-Front-Cache
X-Bip
X-Thanos
X-Dispatcher-Number
X-Aicache-OS
X-Cluster
Fastly-SSL
X-TIME
X-WA-Info
Mime-Version
Cache-Tv-Group
X-Datadog-Trace-Id
X-Core-Mission
X-Core-Value
X-DefElseHash
X-Datadog-Sampling-Priority
State
Servername
X-Datadog-Parent-Id
X-Csrf-Jwt
Tube-Get-Contents
V-Age
Tube-Return
Tube-Got-Results
X-BBC-Edge-Cache-Status
Vix-Hermes-Req-Id
Wxu-Next-Commit
X-DefHash
X-Ad-Defer-Variation
Wxu-Next-Region
Wxu-Next-Hostname
Tube-Got-Eval
Traceparent
X-Cdn-Srv
X-CGP
TDXMobile
X-Ckpd-Fst-Backend
X-Cdn-Origin
X-CacheTTL
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Clientip
X-Origin-Time
X-Sigma-Backend
X-Sigma
X-Scale
X-SIPLIST1
X-Slack-Backend
X-SplitTest
X-Sn-Servicetimems
X-SB
X-S-Maxage
X-Policy
X-Planisys-CDN-TTL
X-Region-Sid
X-Request-URI
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Machine
X-Worker
X-Wix-Viewer-Type
X-Parent-Response-Time
X-Varnish-Beresp-Status
CPC-Cache
CPC-Age
X-VServer
X-VG-TLSProxy
X-V-Cache
X-Thinkindot-L3
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Planisys-CDN-Rules
VNS-Age
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-Gdpr
X-GeoIP
X-Geo-Header
X-Gamma-Serve
X-Forwarded-Site
X-DPWN-IS-SECURE
X-Device-Os
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-Fetched-On
X-Eu-Site
X-GeoIP-City
X-Has-Esi
X-Origin
X-Optimistic-Header
X-Origin-Response-Time
Server-Host
X-Planisys-CDN-Cache
VNS-Cache
X-Nyt-Route
X-NodeID
X-Irp-Debug
X-Hash
X-Is-Gdpr
X-JWT-State
X-Minions-Version
X-Loc
X-Developers
X-Branch-Name
Fastly-SWR
Ha-Gx-Prefs
Fastly-SIE
DSUID
Decoy-Debug-TTL
HA-Ipaddr
Is-Eu
L5d-Success-Class
L
Kp-EeAlive
IsBot
Decoy-Debug-Status
Decoy-Debug-Key
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
Cache-Host
Candidate-Md5Url
Country-Code
Cmstype
Cmsid
Click-Count-Error
Memcached
Click-Count-Action-Start
Origin-CC
Release
Req-Svc-Chain
Platform
Origin-EX
NM-Fastcgi-Cache
NGX
Mobile-Detection-Method
Producers
Svr
Datacenter
AKAMAI
Sever-Int
X-Cache-Info
X-Clara-WADP
Server-Hostname
CloudFront-Viewer-Country
CDCHOST
Cluster
Fastly-Backend-Name
Server-Ext
X-INCAP-ABP
X-Scheme
X-NCache
X-Proxy-Cache-Info
X-ZONE
X-Hnp-Log
X-Gen-Mode
Fastly-GeoIP-CountryCode
X-Cache-Bucket
Ec-Rule-Version
Canary
X-Viewer-Country
Web-Mar-Region
X-Cache-Id
X-Auto-Login
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
Fastcgi-Cache-TTL
X-Block-Status
X-WADP-Cache
Gh-Request-Id
Mail-Subject
We-Hiring
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Gzip
X-HS-Content-Campaign-Id
X-Esi-Check
User-Cache-Control
X-CMSURLCustom
X-Fmm-Version
X-Xrds-Location
X-Cache-Remote
X-Cache-Debug
X-Tx-Id
X-Rebelmouse-Surrogate-Control
X-Session-Fingerprint
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-LB-NoCache
X-WP-CF-Super-Cache-Active
X-Udemy-Cache-App-Namespace
Ssr
X-ND-Cache
X-Sucuri-Cache
X-Sucuri-ID
Pics-Label
X-Fastly-Cache
WebServer
AMP-Access-Control-Allow-Source-Origin
X-Newrelic-App-Data
X-NWS-UUID-VERIFY
Sid
Time
X-Azure-Ref-OriginShield
X-Var-Ttl
X-FC-Vary-Parameters
Memory
X-Fastly-Backend
X-ATG-Version
X-Pod-Name
SID
X-Tb-Optimization-Total-Bytes-Saved
X-MCACHE
Fastly-Drupal-HTML
X-Nf-Request-Id
X-Trace-ID
X-Via-Popv
X-Generated-In
X-Via-Poph
X-Via-Popn
X-Akamai-Transformed
Server-ID
X-Cache-Date
X-Ig-Push-State
X-Refresh
X-Buckets
X-Presslabs-Stats
X-Conf
X-Edge-Pop
X-Servedbyhost
X-Microcachable
X-Cs
X-Release
Env
X-Pass-Why
X-Up
X-Fpc
X-MSEdge-Features
X-NC
X-Dmc
X-MSEdge-Flight
Fastly-Drupal-Html
X-DC
X-EC-Lua
X-RateLimit-Reset
X-Tumblr-Pixel-3
X-Dispatch
X-Endurance-Cache-Level
My-App
X-TRACE-ID
X-Esi
X-Be
X-PX
X-Lambda-Id
X-Wa
GeoIp-Country-Code
X-CS
X-ID
Magicmarker
CDN
X-TX-ID
X-Yandex-Sdch-Disable
X-CACHE-AGE
X-Zone
X-Air-Hostname
X-VCL-Version
X-Air-Source
X-Wikidot-Backend
True-Client-IP
X-Req
X-Wikidot-Static-Cache
X-Air-Trace-Id
X-NGINX-Cache
X-Webkit-CSP-Report-Only
X-Srv
X-Hyper-Cache
X-Vc
X-CACHE-KEY
X-CF-Lambda-Fn
X-HS-Status
X-CF-Lambda-Version
Hostname
CacheControlHeader
X-LB-ID
X-CSRF-TOKEN
True-Client-Country-4JS
X-TH-Server
X-M-Log
X-Micro-Cache
X-Alfa-Service
True-Client-Ip
Pramga
X-M-Reqid
X-App
X-Air-Pt
Resin-Trace
X-Qnm-Cache
Path
X-Vcl-Version
X-Op-Id-All
C-Via
Tcn
X-Varnish-Beresp-TTL
N-Cache
X-TrackingId
GeoIP-Country-Code
X-Check-Cacheable
Proxy-Connection
Fastcgi-X-Cache-Version
Tracecode
X-Vercel-Id
X-Platform
X-Vercel-Cache
On-Server
X-PAYTM-SRV-ID
X-B3-Spanid
X-Edge-Origin-Shield-Region
X-SERVER-NAME
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Esi-Enabled
X-Datacenter
X-Akamai-Pragma-Client-IP
X-Edge-Origin-Shield-Bytes
X-FPC
X-CLOUD-TRACE-CONTEXT
X-Geo
NtCoent-Length
WWW-Authenticate
GeoIP-Latitude
Hit
X-Accel-Expires-Debug
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Vtex-Remote-Cache
X-WA
X-Vtex-Processado-Em
X-Date
X-Webkit-Csp-Report-Only
X-Platform-Router
X-AIR-PT
X-Request-Start
X-Platform-Cluster
X-Platform-Processor
X-SD-PageType
X-Mly-Id
X-ServedByHost
X-Via-CDN
X-LAGOON
X-Node-Id
X-API-Version
ENV
X-ApacheServer
X-PERF
FSS-Cache
Server-Id
X-Response-By
Lb
User-Agent
X-RAMCache
YJS-ID
X-Lb-Id
X-Old-Content-Length
HIT
X-Edge-POP
Cache-Key
X-Dw-Trace-Id
Cdn
Yjs-Id
X-Cdn-Forward
X-Proxy-CacheRZ
X-Via-PopH
X-Render-Time
X-Via-PopV
X-Via-PopN
Server-Ttl
Powered-By
DynaTrace
XkeyRZ
DT-Hot-News
X-Proxy-Upstream
Srvid
X-From
X-Location
X-Via-Ucdn
X-VarnishDD-TTL
X-FL-EDGE
X-TT-LOGID
XM
X-HN
X-CUA
X-UA
Locid
X-Traceid
X-Proxy-Cache-Hk
X-Instance-Name
Geoip-Latitude
Dnion-Transfer-Encoding
X-Li-Fabric
X-Cache-Ttl
X-FORWARDED-FOR
PFcat
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-LiteSpeed-Cache-Control
Sm-Log-Id
X-Service-Response-Time
X-DB
PICS-Label
XServer
X-RPS
Nginx-CQVIP
X-LiteSpeed-Tag
X-RSL
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-CF-Powered-By
X-Webstats-RespID
Ohc-File-Size
X-RPM
X-DI
Location
X-DSS
X-DW
X-Fastly-Backend-Reqs
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Director
X-Fastly-Cache-Hits
Vha6-Origin
X-Cache-ASPX
X-B3-ParentSpanId
X-Request-Url
X-Varnish-Authentication
X-HostName
X-Contensis-Viewer-Groups
X-ElasticPress-Query
Wpo-Cache-Message
Wpo-Cache-Status
X-Lb-Nocache
X-Cdn-Request-ID
Wp-Super-Cache
CountryCode
X-Ips-Loggedin
X-Cache-Ngx
Warning
X-Yottaa-OS
M-TraceId
X-Cache-Backend
MIME-Version
X-Ftr-Request-Id
X-Snapshot-Date
X-Nc
X-Moov-T
X-Moov-Xdn-Version
WZWS-RAY
SRV
Fastcgi-Cache-Ttl
Req-ID
X-Mg-Cache