Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Server-Timing
X-XSS-PROTECTION
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Robots-Tag
X-Backend
X-Cache-Group
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Proxy-Cache
X-Hacker
X-Server
X-Rq
X-Age
X-UA-Device
X-Server-Powered-By
Allow
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
EagleId
X-Dispatcher
X-Amz-Version-Id
Grace
Cf-Apo-Via
P3p
Nel
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
Cf-Railgun
X-Device
EagleEye-TraceId
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
Accept-CH
X-Pingback
X-WebKit-CSP
X-Node
X-Host
X-Server-Id
Surrogate-Control
X-OneAgent-JS-Injection
X-Backend-Server
X-CST
X-Readtime
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Content-Security-Policy-Report-Only
Permissions-Policy
Request-Id
X-Cache-Lookup
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
X-Response-Time
X-Litespeed-Cache
X-Edge
Accept-Ch-Lifetime
X-HW
Accept-CH-Lifetime
X-Ua-Compatible
X-Mod-Pagespeed
Content-Location
X-Url
X-Clacks-Overhead
X-Ruxit-JS-Agent
X-Oneagent-Js-Injection
X-Midtier
X-Mcache
X-ESI
X-ECACHE
Rating
X-Amz-Server-Side-Encryption
X-Country
X-Upstream
X-Vname
X-TtlSet
X-PC
Xkey
X-Vcap-Request-Id
X-MS-InvokeApp
Cache-Tag
X-D2id
X-Rack-Cache
X-Element-Page-Cache
X-Cache-TTL
X-Cdn-Fetch
Verso
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
Fastly-Restarts
Edge-Control
RTSS
X-Content-Type
X-Powered-By-Plesk
X-VARITI-CCR
Origin-Trial
X-Navigation-Version
X-Ac
X-Cached
X-Abt-Application-Version
X-WebKit-CSP-Report-Only
Accept-Ch
X-Goog-Hash
X-GitHub-Request-Id
X-Ruxit-Js-Agent
Service-Worker-Allowed
X-Country-Code
X-Ttl
X-Amz-Rid
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Mg-S
X-Dw-Request-Base-Id
X-B3-TraceId
SPRequestGuid
X-SharePointHealthScore
X-Browser-Type
X-Server-Name
Arr-Disable-Session-Affinity
Cross-Origin-Opener-Policy
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Powered-CMS
X-Middleton-Response
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
Response
X-Amzn-Trace-Id
SPRequestDuration
SPIisLatency
X-Ua-Device
X-Varnish-TTL
X-Cache-Key
AR-CACHE
X-Fastly-Request-ID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Version
X-Accel-Expires
X-T
X-NF-Request-ID
Front-End-Https
X-Times
Cache-Status
Cache-Tags
Edge-Cache-Tag
X-Ser
X-Px
X-Client-IP
X-MSEdge-Ref
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Fastcgi-Cache
Public-Key-Pins
X-Hits
Nginx-Cache
X-Recruiting
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Shield-Request-Id
X-Request-Received
X-Request-Processing-Time
X-LLID
Access-Control-Request-Method
X-Frontend
X-NWS-LOG-UUID
Server-Node
X-Ua-Browser
X-Webkit-CSP
Payment
X-RateLimit-Remaining
X-DIS-Request-ID
TP-Cache
X-FastCGI-Cache
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
S
TP-L2-Cache
X-Goog-Metageneration
X-B3-Traceid
X-Content-Digest
X-Webkit-Csp
X-LB-Cache
Content-MD5
X-Distributor
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Ratelimit-Remaining
X-PressLabs-Stats
Realpath
X-Kinja-CCPA
X-RateLimit-Limit
X-Hostname
X-Microsite
X-Request-Handler-Origin-Region
X-Geo-Country
X-Page-Id
X-Ezoic-Cdn
Access-Control-Allow-Method
X-Forwarded-For
Fastcgi-Cache
X-FB-Debug
Accept-Charset
X-Webkit-CSP-Report-Only
X-Envoy-Decorator-Operation
X-Rid
X-Cluster-Name
X-GUploader-UploadID
X-Correlation-Id
X-Protected-By
X-Seen-By
X-Amz-Apigw-Id
TCN
X-Amzn-RequestId
Cleartype
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ratelimit-Limit
X-TEC-API-ORIGIN
X-B3-Sampled
DC
X-Origin-Cache
X-Origin-Server
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Newrelic-App-Data
X-Debug-Info
X-Mobile
Referer-Policy
X-Git-Hash
X-Logged-In
X-Varnish-Backend
Cross-Origin-Resource-Policy
X-Kinsta-Cache
X-Edge-Location-Klb
X-XRDS-Location
X-Azure-Ref
Alternate-Protocol
X-TTL
X-Varnish-Grace
X-App-Environment
X-Fb-Rlafr
X-Aspnet-Version
X-Contextid
X-Amz-Replication-Status
X-Revision
Healthy
Surrogate-Key
X-Grace
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Aspnet-Duration-Ms
X-Route-Name
X-Amz-Meta-S3cmd-Attrs
X-TT
Count-Hit
X-Server-ID
X-Content-Options
X-Whom
X-Wix-Request-Id
X-IPS-LoggedIn
X-Forwarded-Proto
MS-Author-Via
Filterid
X-Akamai-Edgescape
Frame-Options
X-App-Server
Viewport
WPO-Cache-Status
WPO-Cache-Message
Charset
X-Id
X-Hosted-By
Paypal-Debug-Id
X-B
X-Varnish-Ttl
X-Cache-Age
X-Backend-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Magnolia-Registration
X-AppVersion
X-Activity-Id
X-Daa-Tunnel
X-Cache-Control
X-Az
X-Trace-Id
X-Www-Served-By
Retry-After
X-Client-Ip
Section-Io-Cache
Server-Name
Refresh
X-F-Cache
X-Proxy-Cache-Info
X-Upgrade-Enabled
Version
X-Time
X-Varnish-Server
X-Type
X-Proxy
X-Rule
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
X-ARC
X-Varnish-Age
X-UUID
X-Cache-Rule
Protected
X-Http-Reason
Front
Akamai-GRN
Host
X-User-Agent
VIX-Pulpo-Node
X-Rocket-Nginx-Serving-Static
X-Status
X-Cache-Grace
X-Instance
X-Rendered-As
X-Jobs
X-Cacheable-TTL
X-Edge-Location
X-Framework
X-Is-Bot
VIX-Pulpo-Upstream-Status
X-Akamai-Request-ID2
Amp-Access-Control-Allow-Source-Origin
X-Cache-Time
Fastly-SIE
Fastly-SWR
X-Unique-Id
X-Environment-Context
X-Region
X-L-Path
X-N
X-Page-View
From-Origin
X-FW-Type
X-FW-Version
X-Oracle-Dms-Ecid
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
Access-Control-Request-Headers
X-Source
X-G
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel-1
X-Oracle-Dms-Rid
X-Adobe-Content
X-Adobe-Loc
X-EdgeConnect-Cache-Status
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Load-Cache
X-App-Version
X-COUNTRY
ServerID
SRV
Content-Disposition
X-Drupal-Cache-Tags
X-ECache
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Country
X-Datadog-Trace-Id
X-RateLimit-Reset
X-Language
X-HTML-Minification-Powered-By
X-CDN-Forward
X-Tt-Trace-Host
X-Tt-Trace-Tag
Countrycode
Accept-Language
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Vcache
X-DynaTrace
X-Datadog-Sampled
Liferay-Portal
X-Amzn-Remapped-Content-Length
X-DataDome
X-Mg-Request-UUID
X-DynaTrace-JS-Agent
X-Debug-IsConnected
X-Debug-IsPreview
X-B3-SpanId
Xet-Cookie
X-XRDS-LOCATION
X-Generated-By
X-ID
X-Nf-Request-Id
Backend
X-WP-CF-Super-Cache-Cache-Control
X-Drupal-Cache-Contexts
X-WP-CF-Super-Cache
Webserver
X-Tt-Logid
X-Content-Powered-By
X-Device-Type
X-Mode
X-B-Cache
X-Signature
X-NYM-Debug-Backend
CF-IPCountry
X-Zen-Fury
Xserver
X-Httpd
X-Ratelimit-Reset
GEO-INFO
X-Nginx-Cache
X-Erf-Web-Scheduler
X-Content-Age
Load-Balancing
X-Sucuri-ID
X-Servername
X-Rewrite-Enabled
Meta-Geo
Filters
Azure-RegionName
X-Varnish-Cache-Hits
X-ServerID
Azure-SiteName
X-Director
Azure-Version
Azure-SlotName
Url
Azure-InstanceId
X-LAGOON
S-Rt
Onion-Location
X-Cache-Action
X-SaId
X-JoinUs
X-Sucuri-Cache
X-UPSTREAM-Address
X-Tb
X-Cache-Operation
Locale
X-Git-Commit
X-Storage
X-Proto
X-Varnish-Hostname
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Container-Uri
X-Ms-Request-Id
X-Ms-Version
X-Served-From
Uber-Trace-Id
X-VCT
X-Detected-As
X-Say-Cacheable
X-Generation-Time
X-Soup
X-Say-TTL
X-Labrador-Cache-Channel
X-PHP-Host
X-Xrds-Location
X-SayCDN-TTL
X-VC-Cache
X-RM-Cache-TTL
X-Cluster-Node
X-Logging-Id
X-GeoCountry
X-Cache-Server
Node
X-Uri
Fastcgi-Useragent
Web-Mar-Node
X-Sql-Duration-Ms
X-Sql-Count
X-Forwarded-Host
X-GeoCode
X-Skip-Cache
X-Adobe-Source
DB-Nickname
Property-Id
Selected-Fe
X-Origin-Hint
X-Fetched-On
X-Tumblr-Pixel-2
X-R9-Blue-Green-Version
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-Debug
X-FB-TRIP-ID
Webcakes-Region
TWC-GeoIP-LatLong
X-Tumblr-Pixel-3
TWC-Connection-Speed
TWC-GeoIP-Country
X-Proxy-Build
X-RCS-CacheZone
X-Timing-Wait
Mn-Server-Ip
TWC-Device-Class
X-LSADC-Cache
X-Extlb
X-Tec-Api-Root
X-Routing-Service
X-Proxied
X-Zipkin-Id
X-Tec-Api-Version
X-Tec-Api-Origin
X-Format
CDN-RequestId
X-Origin-Date
X-Lambda-Id
Fastly-Drupal-HTML
X-NGENIX-Cache
Source
X-Via-JSL
X-MP-GENERATED-AT
OT-Force-Account-Verify
X-Cache-Expired-At
X-Cache-Hit
X-Template
X-MCACHE
Content-Secure-Policy
X-Node-Name
X-Varnish-Hits
X-UA-Device-Type
X-AIR-PT
X-Pass-Why
X-Loop
X-Tncms
X-Endurance-Cache-Level
X-Ua
X-Srv
X-Cache-TTL-Remaining
X-Redis-Cache
Upgrade-Insecure-Requests
Cross-Origin-Window-Policy
X-Pubstack
NGB
X-Origin-CC
X-Origin-TTL
X-PHP-Backend
X-Fastly-Request-Id
X-Real-IP
X-Server-W
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Cache-Hits
X-Hcs-Proxy-Type
X-Cache-Host
Ms-Operation-Id
MS-CV
X-RTag
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Cache-Name
Section-Origin-Responded
X-Optimistic-Header
X-Xfnlog-Site
X-Cms-Context
X-S
X-CSRF-Token
X-IPLB-Request-ID
X-IPLB-Instance
X-Reqid
X-GEO
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-Uid
CDN-PullZone
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Cache-Type
X-BYPASS-REASON
Cache-Provider
X-Restarts
X-ProxyCache-Status
X-Hl-Ver
X-ProxyCache-Key
X-No-Session
Apigw-Requestid
X-Datadome
X-Via-Fastly
X-Aspnetmvc-Version
X-Rn-Rsrv
X-D
X-FC-Vary-Parameters
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-External-Request-Id
X-Conf
X-GeoIP-Country-Code
X-Date
X-Destination
X-Debug-Cache-Store
X-Developer
X-Dispatcher-Number
X-Fastly-Backend
X-Ec-Fail
X-Gdpr
X-Debug-Cache-Fetch
X-Cdn-Diag
X-Forwarded-Path
X-Ec-GeoHdr
X-Ec-Custom-Error
X-Bc-Bl
VNS-Age
Lang
Magicmarker
Mail-Subject
VNS-Cache
We-Hiring
X-A
Gh-Request-Id
Web-Mar-Region
MD5-Digest
T-Server
Ngx.Var.Host
Rendered-Blocks
Odigeo-Trace-Id
Redirect-Candidate
Server-Host
N-Cache
Surrogated-Key
Meta-Geo-Continent
Sslversion
X-A-Ccd
Fastly-Backend-Name
X-Bl-Debug
X-BCube-Filmed-By
X-GeoIP-Region-Code
X-B-Cookie
Candidate-Md5Url
Canary
BehaviorPad-Version
X-Cache-NE
X-Cache-Bucket
X-Application
CPC-Age
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-A-Dam
X-Accel-Expires-Debug
X-Aed
CPC-Cache
DCR-Decision-By
DCR-Processing-Time-Ms
X-CacheTTL
X-Irp-Debug
X-Policy
X-SD-PageType
X-Newrelic-Synthetics
X-RateLimit-Limit-Second
X-TIM-N
X-LJ-Flow-ID
X-Shop-Environment
X-Vtex-Remote-Cache
X-CACHE-AGE
X-RateLimit-Remaining-Second
X-Request-Host
X-Vdms-Path
X-S-Cookie
X-Var-Ttl
X-Vdms-Version
X-Rojux
X-ScT
X-VWS-Id
X-Akamai-Transformed
X-Proxy-Cache-Status
X-Origin-Time
X-Mvc-Supplant-Cachable
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Slack-Backend
Xc-Version
X-We-Are-Hiring
X-Nyt-Route
X-Orig-Expires
X-AWS-Id
X-SRCache-Key
X-Cluster
X-Slack-Shared-Secret-Outcome
X-Tenant
X-Access
X-Section
X-Thinkindot-L3
X-Up
X-App-Name
X-Thanos
X-ApacheServer
X-Alternate-Cache-Key
X-SVT-ORM-VERSION
X-Test
X-Viewer-Country
X-Is-Gdpr
X-Has-Esi
X-Accel-Buffering
X-JWT-State
X-Wix-Viewer-Type
X-Worker
Release
TDXMobile
Thinkindot-CacheControl
W
X-SVT-ORM-RULES
X-VG-WebCache
Vix-Hermes-Req-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
X-WADP-Cache
X-Varnishpool
X-Cache-Info
X-Old-Content-Length
X-Eu-Site
X-Node-Id
X-Mly-Id
X-Org
X-Origin-Response-Time
X-Esi-Check
X-PAYTM-SRV-ID
X-Owner
X-Mid
X-Fmm-Version
X-Geo-Header
X-Human
X-Hash
X-Gzip
X-Generated-On
X-INCAP-ABP
X-Level-Front-Cache
X-Forwarded-Site
Origin
X-Epic-Correlation-Id
X-PERF
X-Cache-Id
X-Handled-By
X-ShopId
X-ShardId
X-Cache-Debug
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Bip
X-Sorting-Hat-PodId
X-Server-IP
X-CGP
X-Csrf-Jwt
X-Request-Time
X-Pool
X-Platform
X-Core-Value
X-Core-Mission
X-Clara-WADP
X-S-Maxage
X-CMSURLCustom
X-Storefront-Renderer-Rendered
X-Clientip
Cmsid
Cmstype
L5d-Success-Class
Machine
AKAMAI
Environment
Datacenter
L
Gannett-Cam-Experience-Id
Fastly-GeoIP-CountryCode
Ha-Gx-Prefs
HA-Ipaddr
Host-ID
X-TimeS
Memcached
WP-Super-Cache
X-Vcl-Version
User-Cache-Control
X-Web-Node
X-DPWN-IS-SECURE
X-Varnish-CookieHashed-On
Country-Code
X-Sn-Servicetimems
X-Hnp-Log
X-Variation
X-Cdn-Origin
X-Gen-Mode
X-DefElseHash
DSUID
X-Varnish-CookieINHashed-On
X-Parent-Response-Time
X-DefHash
X-Varnish-Remaining-TTL
X-Qloud-Router
X-TA-CDN-Provider
X-Nginx-Cache-Key
X-VServer
X-Mvc-Supplant-OutputCached
X-Nananana
X-Origin
X-Vmg-Version
X-BBC-Edge-Cache-Status
CloudFront-Viewer-Country
X-Dispatcher-Server
X-Block-Status
X-Device-Os
AMP-Access-Control-Allow-Source-Origin
X-From
X-Auto-Login
Producers
X-VG-TLSProxy
True-Client-Country-4JS
Platform
Esi-Enabled
Fastly-SSL
Is-Eu
Sever-Int
Expect-Staple
Adler-Geo
X-Cs
Req-Svc-Chain
X-WA-Info
NM-Fastcgi-Cache
Server-Ext
Server-Hostname
X-Cdn-Srv
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Loc
X-Presslabs-Stats
X-Nitro-Cache
ServedBy
X-NodeID
Ssr
Apple-News-Services-Handled
CDCHOST
X-Akamai-Device-Characteristics
X-GeoIP
X-Azure-Ref-OriginShield
X-App
X-Scale
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-LB-NoCache
Origin-CC
Wxu-Next-Commit
X-Amz-Meta-Cb-Modifiedtime
Server-Info
X-Refresh
X-NCache
X-Op-Id-All
Wxu-Next-Region
C-Via
Pics-Label
Origin-EX
Memory
X-Cache-Enabled
Wxu-Next-Hostname
X-Instance-Name
Time
X-Tx-Id
X-TIME
X-HA-Backend
Server-ID
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Cache-Status-Check
X-Microcachable
Cache-Host
X-Locale
X-Site-Version
NGX
X-Correlation-ID
X-Origin-Expires
XM
X-Dc
X-HN
PFcat
X-VarnishDD-TTL
Hostname
X-VHOST
X-API-Version
X-Tb-Optimization-Total-Bytes-Saved
X-ZONE
GeoIP-Latitude
X-CACHE-GROUP
Resin-Trace
Cf-Device-Type
Origin-Agent-Cluster
X-Via-CDN
Locid
A
Edge-Copy-Time
X-Ad-Defer-Variation
X-Via-Edge
Srvid
X-Via-SSL
X-FL-QIT-DEBUG
X-FL-EDGE
X-Zone
X-Wp-Cf-Super-Cache-Active
X-Upstream-Ht
X-Upstream-Ct
X-Varnish-Beresp-Grace
X-DC
X-Vgn-Hpd-Reason
X-Varnish-Beresp-Ttl
Cdn-Requestid
Sid
YJS-ID
X-ATG-Version
X-Internal-Host
X-Webkit-Csp-Report-Only
X-Fpc
X-FireWall-Port
X-Contensis-Viewer-Groups
Uri
Cache-Key
X-Cache-ASPX
X-Micro-Cache
X-Pod-Name
X-Varnish-Authentication
X-Github-Request-Id
X-Moov-T
X-Moov-Xdn-Version
X-Cached-By
X-WP-CF-Super-Cache-Active
X-TraceId
X-LiteSpeed-Cache-Control
X-DataCenter
True-Client-Ip
User-Agent
X-Provided-By
X-NGINX-Cache
X-HS-Content-Campaign-Id
X-Info
State
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Buckets
Location
X-B3-Spanid
X-AB
X-URL
X-Fastly-Cache
X-Platform-Server
X-SIPLIST1
X-B3-Parentspanid
GeoIP-Country-Code
X-RN-RSRV
IsBot
X-VCache
X-Sigma
X-Release
GeoIp-Country-Code
X-Backend-Instance
X-Nitro-Rev
X-Geo-Region
X-Nitro-Cache-From
X-Sigma-Backend
X-VC
X-Cache-Remote
X-Rocket-Build-Number
X-Api-Version
X-LiteSpeed-Tag
XServer
X-MSEdge-Flight
X-Datacenter
X-Accel-Version
Cdn
Cache
X-MSEdge-Features
Srv
SID
X-CS
True-Client-IP
CF-Ctrl
X-FTR-Request-ID
X-Gamma-Serve
X-Generated-In
X-Geo
X-CSRF-TOKEN
X-NewRelic-App-Data
X-GeoIP-City
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
Cache-Tv-Group
Lb
NtCoent-Length
X-Vgn-Hpd-Ssi
X-Is-Desktop
X-Is-Mobile
X-Is-Tablet
Fastly-Drupal-Html
X-Browser-Name
X-Tcp-Rtt
X-Is-Supported-Browser
X-FPC
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Scheme
Path
X-SRV
X-TRACE-ID
X-HS-Status
X-APP-VERSION
Cf-Ipcountry
Kp-EeAlive
X-Frame-Option
Epwk-X-Cache
X-Hyper-Cache
X-CACHE-KEY
HostName
X-HostName
Tcn
X-Amz-Meta-Opti
X-GoCache-CacheStatus
X-Location
Ohc-File-Size
X-Mobile-URL
X-Service
Serverid
CountryCode
X-UA
X-TX-ID
X-Men
On-Server
Cdncip
X-Aicache-OS
CacheControlHeader
X-Developers
Cdnsip
X-AK-Request-ID
X-Esi
X-Air-Pt
X-Region-Sid
X-Webstats-RespID
X-Guploader-Uploadid
X-Via-Popn
Tube-Got-Eval
Tube-Got-Results
WebServer
X-EC-Lua
Tube-Return
Tube-Get-Contents
V-Age
X-Cache-FS-Status
X-Via-Poph
X-Acquia-Purge-Cdn-Unconfigured
X-CDN-Cache-Status
X-Traceid
Mime-Version
X-V-Cache
Click-Count-Action-Start
Proxy-Connection
X-Req
X-B3-Trace-ID
X-Cache-Ttl
RNT-Machine
X-Via-Popv
Click-Count-Error
RNT-Time
X-Minions-Version
X-Wp-Cf-Super-Cache-Cache-Control
X-Branch-Name
X-LB-ID
X-Wp-Cf-Super-Cache
X-SB
X-Cache-Tags
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Cdn-Forward
X-Vc
X-Pad
WZWS-RAY
Yak-Timeinfo
X-Proxy-CacheRZ
XkeyRZ
WWW-Authenticate
ENV
X-Cdn-Cache-Status
X-Wa
CF-Cached-On
X-Nc
X-Servedbyhost
Ohc-Cache-HIT
Env
X-VCL-Version
CDN
X-Vercel-Id
LB
Ngx
X-User
Geoip-Latitude
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Vercel-Cache
X-Fastly-Country-Code
X-Edge-Pop
X-NWS-UUID-VERIFY
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-Lb-Cache
X-FTR-Backend
Content-Script-Type
X-Country-Code-Real
X-Processor
Server-Id
M-TraceId
X-Ha-Backend
X-FTR-Backend-Server
Content-Style-Type
Req-ID
X-NMSegId
X-FTR-Expires
X-TH-Server
X-FTR-Cache-Status
X-Ckpd-Fst-Backend
X-FTR-Balancer
X-Origin-Cache-Key
X-TT-LOGID
X-APP
X-Acquia-Site
X-Acquia-Purge-Tags
X-Cdn-Request-ID
PICS-Label
X-Lb-Nocache
X-Acquia-Application-UUID
X-IN-APIGATEWAYSSL
X-MiniProfiler-Ids
X-WP-CF-Super-Cache-Cookies-Bypass
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-CUA
X-Litespeed-Cache-Control
X-Ad-Load-Variation
Cluster
HIT
X-Snapshot-Date
X-Acquia-Application-Trace
X-Via-Ucdn
X-Edge-POP
X-Render-Time
Yjs-Id
Cneonction
X-Miniprofiler-Ids
X-ElasticPress-Query
Inserted-Into-Cache-At
X-Fastly-Cache-Hits
Sm-Log-Id
CACHE-MISS-TO-ORIGIN
X-Cache-Date
X-Fastly-Backend-Reqs
Edge-Cache
X-Iauth-Set-Uid
X-Udemy-Cache-App-Namespace
Vha6-Origin
X-M-Reqid
X-Serial
X-RAMCache
X-M-Log
X-Response-By
X-Cached-Since
Log-Origin
X-Service-Response-Time