Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
X-Xss-Protection
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Request-ID
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-CDN
X-Ua-Compatible
Access-Control-Max-Age
CF-Ray
X-Dns-Prefetch-Control
X-Via
X-Robots-Tag
X-Cache-Group
X-UA-Device
Server-Timing
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
X-Ws-Request-Id
Host-Header
X-Hacker
X-Server-Powered-By
X-Server
X-Rq
X-Vhost
X-LiteSpeed-Cache
X-Varnish-Cache
X-Amz-Version-Id
Grace
X-Dispatcher
Cf-Edge-Cache
EagleId
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Page-Speed
Accept-CH
X-WebKit-CSP
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Node
X-Host
Cf-Railgun
X-Pingback
X-Cache-Spec
X-OneAgent-JS-Injection
X-Server-Id
X-Backend-Server
X-Akam-SW-Version
Surrogate-Control
Request-Id
EagleEye-TraceId
Accept-CH-Lifetime
X-Response-Time
X-Cache-Lookup
X-Readtime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
X-Akamai-Path-Stats
X-HW
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-Ruxit-Js-Agent
X-Url
X-CST
X-MS-InvokeApp
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-Edge
X-TtlSet
X-PC
X-Vname
X-Country
X-Oneagent-Js-Injection
Edge-Control
X-Content-Type
X-Mod-Pagespeed
X-B3-TraceId
X-FastCGI-Cache
X-ESI
X-Vcap-Request-Id
Accept-Ch-Lifetime
X-D2id
Verso
Xkey
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-GitHub-Request-Id
Cache-Tag
Cf-Apo-Via
X-Mcache
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-Ttl
X-Varnish-TTL
RTSS
X-ECACHE
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
X-Abt-Application-Version
X-Version
X-Upstream
X-Client-IP
X-Cnection
X-Ac
X-Cached
X-Element-Page-Cache
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
SPRequestGuid
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-SharePointHealthScore
Permissions-Policy
X-Px
SPIisLatency
SPRequestDuration
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Cache-TTL
X-RateLimit-Remaining
Public-Key-Pins
X-NWS-LOG-UUID
X-Country-Code
Response
X-Middleton-Response
X-Ser
X-Midtier
X-Cache-Key
X-Kinsta-Cache
X-Edge-Location-Klb
X-Forwarded-For
X-Goog-Hash
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
X-Correlation-Id
X-NF-Request-ID
X-Shield-Request-Id
X-DataDome
X-MSEdge-Ref
Access-Control-Request-Method
Front-End-Https
AR-PoweredBy
AR-Request-ID
AR-SID
AR-ATIME
X-T
AR-CACHE
X-Recruiting
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
TP-L2-Cache
TP-Cache
Edge-Cache-Tag
X-RateLimit-Limit
Nginx-Cache
X-HP-Trace-Id
MicrosoftSharePointTeamServices
X-Jurisdiction
X-HP-Webp
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Accel-Expires
X-Daa-Tunnel
X-Mg-S
X-Erf-Bev-Bev
TCN
X-Erf-Bev-Bev-Is-Generated
X-Content-Digest
X-Browser-Type
X-Grace
X-Powered-CMS
X-Hits
X-Request-Processing-Time
X-Request-Received
X-Amzn-Trace-Id
X-HS-Cache-Config
Server-Node
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
Filters
X-Id
X-XRDS-Location
Server-Name
MS-Author-Via
X-Geo-Country
Fastcgi-Cache
X-Frontend
X-Distributor
Count-Hit
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Webkit-Csp
X-TEC-API-VERSION
X-Origin-Server
X-Ezoic-Cdn
X-Ua-Browser
Accept-Ch
Filterid
X-LLID
X-Protected-By
X-Language
S
Cross-Origin-Opener-Policy
X-Fastly-Request-Id
X-F-Cache
X-FB-Debug
X-Forwarded-Proto
X-Request-Handler-Origin-Region
X-Seen-By
X-B3-Sampled
X-Microsite
Charset
Host
X-Git-Hash
Payment
X-LB-Cache
X-Amz-Meta-S3cmd-Attrs
X-Ratelimit-Reset
X-Page-Id
X-PressLabs-Stats
Cache-Status
X-VCache
X-ASPNET-VERSION
X-Cluster-Name
X-Ab
Surrogate-Key
X-Rid
Cache-Tags
X-Www-Served-By
Realpath
X-Upgrade-Enabled
X-Logged-In
Access-Control-Allow-Method
X-Origin-Cache
Retry-After
X-Source
Accept-Charset
Alternate-Protocol
X-Cdn
X-DIS-Request-ID
X-Varnish-Backend
X-COUNTRY
X-NGENIX-Cache
X-Template
X-Type
Cleartype
X-Activity-Id
X-AppVersion
X-Az
Paypal-Debug-Id
X-Amz-Replication-Status
DC
X-Varnish-Grace
X-Flags
X-Envoy-Decorator-Operation
X-Route-Name
X-Is-Crawler
X-Request-Guid
X-Wix-Request-Id
X-Signature
X-B-Cache
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-App-Environment
X-B
X-TT
X-Tb
ServerID
X-Fastly-Request-ID
X-Hostname
X-Cache-Age
X-Revision
X-Kong-Upstream-Latency
X-DynaTrace
X-Kong-Proxy-Latency
Frame-Options
X-Contextid
X-Node-Name
X-Cache-Rule
X-Fastcgi-Cache
X-Drupal-Cache-Tags
X-Tt-Trace-Host
X-Tt-Trace-Tag
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Proxy
Amp-Access-Control-Allow-Source-Origin
X-Goog-Generation
Refresh
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Debug
Cross-Origin-Resource-Policy
X-Content-Options
X-Mobile
X-Load-Cache
X-EdgeConnect-Cache-Status
Referer-Policy
X-Cache-Control
Node
X-Trace-Id
X-Magnolia-Registration
NGB
X-Varnish-Server
Country
X-Original-Request-Id
X-N
X-Response-Served-From
X-Varnish-Age
Akamai-GRN
X-Debug-IsPreview
X-Debug-IsConnected
Viewport
X-TTL
X-NYM-Debug-Backend
X-Environment-Context
X-L-Path
X-Cache-Time
X-Whom
X-Instance
X-Status
Content-Disposition
X-Content-Powered-By
X-Adobe-Loc
X-Akamai-Request-ID2
X-Cache-Grace
X-Cacheable-TTL
X-Adobe-Content
VIX-Pulpo-Upstream-Status
Access-Control-Request-Headers
Uber-Trace-Id
Url
VIX-Pulpo-Node
X-G
X-Is-Bot
X-Rendered-As
X-Real-IP
X-Page-View
X-Servername
X-Jobs
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Mid
X-User-Agent
X-RemovedCookies
X-Framework
X-ProcessESI
X-Cache-TTL-Remaining
Srv
X-Via-JSL
X-Oracle-Dms-Ecid
X-Cache-Expired-At
X-Oracle-Dms-Rid
X-Unique-Id
X-APP-VERSION
X-Cache-Hit
X-CDN-Forward
Countrycode
X-Tumblr-User
X-Drupal-Cache-Contexts
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-XRDS-LOCATION
X-Cache-Operation
Version
Healthy
Accept-Language
X-Rule
X-Backend-Name
X-Mg-Request-UUID
X-Http-Reason
X-Debug-Info
X-Akamai-Edgescape
X-Cache-Action
X-Litespeed-Cache
Protected
Section-Io-Cache
Content-Secure-Policy
X-Hosted-By
X-IPLB-Request-ID
X-Azure-Ref
X-Tt-Logid
X-App-Server
X-IPLB-Instance
X-VC-Cache
X-Server-ID
Xserver
X-Api-Version
X-Generation-Time
Server-Info
X-Content
X-SRV
Backend
X-Restarts
X-Time
X-Generated-By
X-HTML-Minification-Powered-By
X-FW-Type
X-FW-Static
X-FW-Serve
Meta-Geo
X-Storage
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-RN-RSRV
X-UPSTREAM-Address
X-Mobile-URL
X-Amz-Apigw-Id
GEO-INFO
X-Amzn-RequestId
CF-IPCountry
Onion-Location
X-Device-Type
X-Cache-Status-Check
Liferay-Portal
Webcakes-App-Name
X-Section
X-OCL
TWC-Device-Class
TWC-Locale-Group
TWC-Privacy
X-Varnish-Cache-Hits
TWC-GeoIP-LatLong
TWC-GeoIP-Country
S-Rt
TWC-Connection-Speed
Property-Id
Webcakes-Region
X-Ratelimit-Remaining
X-PCL
Azure-SlotName
X-Cms-Context
X-FireWall-Port
X-Format
Azure-Version
X-Origin-Hint
Webcakes-App-Version
X-Locale
X-Access
X-Handled-By
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Mode
X-Cache-Host
Web-Mar-Node
CDN-Uid
X-Adobe-Source
X-AWS-Id
X-Server-W
X-Provided-By
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
Eomportal-Instance
X-RTag
CDN-CachedAt
MS-CV
CDN-Cache
CDN-RequestId
Load-Balancing
Locale
Ms-Operation-Id
X-SaId
X-Site-Version
X-Varnish-Beresp-Grace
X-Proxy-Cache-Status
X-Content-Age
X-Proto
X-PHP-Host
X-SayCDN-TTL
X-Region
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Sql-Count
X-Cache-Server
X-URL
X-Sql-Duration-Ms
X-R9-Blue-Green-Version
X-Varnish-Hostname
X-VWS-Id
X-LJ-Flow-ID
X-Redis-Cache
X-Nginx-Cache-Key
X-Skip-Cache
X-Edge-Location
X-JoinUs
X-Forwarded-Host
X-Say-TTL
X-Say-Cacheable
X-Labrador-Cache-Channel
X-Extlb
X-Xfnlog-Site
X-Zipkin-Id
X-Web-Node
X-Request-Time
X-FB-TRIP-ID
X-Sorting-Hat-PodId
Apigw-Requestid
X-Cache-Type
Cache-Name
X-No-Session
X-Varnishpool
X-Detected-As
X-Sorting-Hat-ShopId
X-Via-Fastly
X-Shopify-Stage
X-Alternate-Cache-Key
X-PHP-Backend
X-ShopId
DB-Nickname
X-ShardId
X-GeoCountry
X-Proxied
X-GeoCode
Mn-Server-Ip
X-Routing-Service
X-Ms-Version
X-UA-Device-Type
X-BYPASS-REASON
X-ProxyCache-Status
X-Storefront-Renderer-Rendered
X-Hl-Ver
X-ProxyCache-Key
X-Ms-Request-Id
X-Tid
X-DynaTrace-JS-Agent
X-Tec-Api-Version
X-Tec-Api-Origin
WP-Super-Cache
X-Tec-Api-Root
X-Cache-Enabled
X-Proxy-Build
X-TIME
X-Timing-Wait
Selected-Fe
X-ServerID
X-WP-CF-Super-Cache
X-Uri
X-WP-CF-Super-Cache-Cache-Control
X-ECache
X-Loop
X-Dc
X-Amzn-Remapped-Content-Length
X-TNCMS
X-Vgn-Hpd-Reason
X-Ua
X-Reqid
Xet-Cookie
X-Varnish-Ttl
X-Pubstack
X-B3-Traceid
X-LSADC-Cache
X-Cache-NGX
X-Tumblr-Pixel-2
X-Zen-Fury
X-Origin-Date
X-Soup
X-UUID
Fastcgi-Useragent
X-Service
ServedBy
From-Origin
X-Aspnetmvc-Version
X-Correlation-ID
X-Newrelic-Synthetics
X-MP-GENERATED-AT
X-GEO
X-Cache-Debug
X-Ratelimit-Limit
X-Origin-CC
X-Origin-TTL
Origin
X-Webkit-CSP
X-Nginx-Cache
X-Human
Source
X-Varnish-Hits
X-TA-CDN-Provider
Cache
X-NewRelic-App-Data
Fastly-Drupal-HTML
X-App-Version
X-Cache-Tags
X-Cached-By
X-Varnish-Beresp-Ttl
Cross-Origin-Window-Policy
X-Datadome
Webserver
X-RCS-CacheZone
Rip
Upgrade-Insecure-Requests
X-ScT
X-Presslabs-Stats
X-Rewrite-Enabled
WPO-Cache-Message
WPO-Cache-Status
BehaviorPad-Version
MD5-Digest
Rendered-Blocks
Host-ID
LB
X-Parent-Response-Time
Meta-Geo-Continent
X-VG-WebCache
X-A
X-Orig-Expires
X-A-Ccd
X-A-Dam
X-Vdms-Version
DCR-Decision-By
X-Connection-Hash
X-PBS-Appsvrname
CPC-Cache
X-Vdms-Path
DCR-Processing-Time-Ms
CPC-Age
Cdnsip
X-AK-Request-ID
Cdncip
X-Forwarded-Path
X-ARC
X-Application
X-Aed
X-A-Wwc
X-Processor
Odigeo-Trace-Id
X-A-Dcw
X-A-Dgt
Ngx.Var.Host
X-NAPM-TraceId
X-B-Cookie
X-S
X-S-Cookie
Surrogated-Key
X-SRCache-Key
X-Bc-Bl
X-Tenant
X-Rojux
Sslversion
A
X-External-Request-Id
X-Developer
X-Destination
Xc-Version
X-Shop-Environment
X-Cluster
X-BCube-Filmed-By
T-Server
X-Cache-NE
VNS-Age
X-D
X-Ec-GeoHdr
SD-X-WS
Lang
Environment
X-Ec-Fail
X-User
Expiry
VNS-Cache
X-TIM-N
X-Request-Host
Mime-Version
X-Debug-Cache
OT-Force-Account-Verify
X-Served-From
X-Nyt-Route
X-Origin-Time
X-Aicache-OS
Redirect-Candidate
X-AOL-HN
X-Gdpr
X-Owner
X-Dispatcher-Number
X-FW-Version
X-Accel-Buffering
X-Worker
Server-Host
X-WP-CF-Super-Cache-Active
Fastly-Backend-Name
X-Thinkindot-L3
X-Geo-Header
X-Generated-On
X-Developers
X-Sucuri-Cache
X-Has-Esi
X-HS-Content-Campaign-Id
X-JWT-State
X-Is-Gdpr
X-INCAP-ABP
TDXMobile
X-Core-Value
X-Auto-Login
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Level-Front-Cache
AKAMAI
X-Cdn-Srv
X-Sucuri-ID
X-CMSURLCustom
X-Cache-Bucket
Web-Mar-Region
State
Servername
Svr
Traceparent
Tube-Get-Contents
Req-Svc-Chain
Release
Origin-CC
Origin-EX
Platform
Producers
Tube-Got-Eval
Tube-Got-Results
X-Ad-Defer-Variation
X-ATG-Version
X-Azure-Ref-OriginShield
X-BBC-Edge-Cache-Status
Wxu-Next-Region
Wxu-Next-Hostname
Tube-Return
V-Age
Vix-Hermes-Req-Id
Wxu-Next-Commit
X-Branch-Name
X-Minions-Version
X-Scale
X-SB
X-S-Maxage
X-Scheme
X-Sigma
X-SIPLIST1
X-Sigma-Backend
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-Qloud-Router
X-Proxy-Cache-Info
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Request-URI
X-Region-Sid
X-Slack-Backend
X-Sn-Servicetimems
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Viewer-Country
X-VServer
X-Wix-Viewer-Type
X-WADP-Cache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-SVT-ORM-RULES
X-SplitTest
X-SVT-ORM-VERSION
X-V-Cache
X-Varnish-Beresp-Status
X-Variation
X-Pool
X-Platform-Server
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Device-Os
X-Epic-Correlation-Id
X-Esi-Check
X-Fetched-On
X-Fastly-Backend
X-DefHash
X-DefElseHash
X-Cdn-Origin
X-Cache-Info
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Core-Mission
X-Cluster-Node
X-Fmm-Version
X-Gamma-Serve
X-NCache
X-Loc
X-Origin-Response-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Hash
X-Gzip
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-GeoIP-City
X-GeoIP
X-Cache-Id
X-NodeID
Candidate-Md5Url
Fastly-SWR
Fastly-SSL
Click-Count-Action-Start
Gh-Request-Id
Apple-News-Services-Request-Url
Country-Code
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Fastly-SIE
Fastly-GeoIP-CountryCode
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Datacenter
Cmstype
Cmsid
Click-Count-Error
CloudFront-Viewer-Country
Cluster
Apple-News-Services-Handled
Is-Eu
Memcached
L
Mobile-Detection-Method
IsBot
Machine
NGX
NM-Fastcgi-Cache
Adler-Geo
Kp-EeAlive
X-Tx-Id
X-Cache-Remote
X-Eu-Site
X-Csrf-Jwt
X-Clientip
X-Forwarded-Site
X-Block-Status
X-Bip
X-Datadog-Trace-Id
X-Irp-Debug
X-Hnp-Log
X-Gen-Mode
CDCHOST
X-FC-Vary-Parameters
We-Hiring
Canary
Server-Hostname
Sever-Int
Mail-Subject
DSUID
Server-Ext
Cache-Host
X-Thanos
X-Var-Ttl
X-Policy
L5d-Success-Class
HA-Ipaddr
X-Udemy-Cache-App-Namespace
X-CGP
X-CacheTTL
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Ha-Gx-Prefs
User-Cache-Control
X-Origin
X-Mvc-Supplant-Cachable
X-Optimistic-Header
X-Tumblr-Pixel-3
X-Pass-Why
X-Mvc-Supplant-OutputCached
X-LB-NoCache
Ec-Rule-Version
X-Up
WebServer
X-IPS-LoggedIn
Time
Pics-Label
Memory
X-Tb-Optimization-Total-Bytes-Saved
X-Nf-Request-Id
X-CACHE-AGE
X-Dispatch
Ssr
X-ND-Cache
Sid
X-CSRF-Token
X-ZONE
HostName
X-Edge-Pop
My-App
X-Via-Popn
X-VC
X-Via-NSCOPI
X-B3-SpanId
X-Via-Poph
X-Via-Popv
Request-ID
X-Refresh
X-Trace-ID
Cache-Tv-Group
X-GG-Cache-Date
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
SID
X-WA-Info
Server-ID
Env
Fastcgi-Cache-TTL
X-Servedbyhost
X-NGINX-Cache
X-B3-Spanid
X-Generated-In
X-Lambda-Id
X-Session-Fingerprint
X-Wa
X-Req
X-Vc
Cache-Hits
X-Cs
X-Newrelic-App-Data
X-Pod-Name
X-CSRF-TOKEN
X-Origin-Expires
X-Rebelmouse-Cache-Control
Hostname
GeoIp-Country-Code
X-Release
X-Fastly-Cache
X-Rebelmouse-Surrogate-Control
X-Fpc
X-Esi
True-Client-IP
True-Client-Country-4JS
CacheControlHeader
X-PX
X-EC-Lua
X-ID
X-Zone
X-LB-ID
X-MCACHE
X-VCL-Version
X-Op-Id-All
X-DC
X-Xrds-Location
X-NWS-UUID-VERIFY
X-Cache-Date
X-MSEdge-Features
X-MSEdge-Flight
X-TX-ID
X-Ig-Push-State
X-Webkit-CSP-Report-Only
X-Buckets
X-NC
X-GeoIP-Country-Code
X-CS
X-Endurance-Cache-Level
X-GeoIP-Region-Code
X-Conf
X-TH-Server
X-Microcachable
X-CACHE-KEY
X-Date
WWW-Authenticate
CDN
Resin-Trace
X-Accel-Expires-Debug
X-TRACE-ID
X-RAMCache
X-HS-Status
X-Dmc
X-Old-Content-Length
X-RateLimit-Reset
X-Srv
Magicmarker
X-Vcl-Version
Powered-By
Tcn
Fastly-Drupal-Html
Path
X-Check-Cacheable
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Varnish-Beresp-TTL
X-Be
X-Vercel-Cache
X-Webstats-RespID
Section-Origin-Responded
X-Akamai-Pragma-Client-IP
X-Lb-Id
X-Vercel-Id
Proxy-Connection
True-Client-Ip
X-Alfa-Service
X-Location
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-LiteSpeed-Cache-Control
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-Ttl
X-Cache-ASPX
X-API-Version
X-CLOUD-TRACE-CONTEXT
Yjs-Id
X-Director
X-Datacenter
GeoIP-Country-Code
X-FPC
X-Hyper-Cache
Pramga
X-Micro-Cache
X-DataCenter
X-Mly-Id
X-Geo
X-Via-CDN
Cdn
FSS-Cache
X-M-Log
X-M-Reqid
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-WA
Lb
Server-Id
ENV
X-ServedByHost
User-Agent
X-App
Tracecode
X-Response-By
X-Server-IP
X-HA-Backend
X-Test
X-Qnm-Cache
X-Dw-Trace-Id
X-Edge-POP
X-Air-Hostname
X-Cdn-Forward
X-Air-Source
YJS-ID
X-Air-Trace-Id
M-TraceId
HIT
X-Cache-Backend
X-Cache-Expires
X-Akamai-ERPolicy
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Client-Ip
Uri
N-Cache
C-Via
X-Akamai-ERRuleID
X-Cc-Via
X-Air-Pt
X-Service-Response-Time
Sm-Log-Id
X-AIR-PT
Locid
Esi-Enabled
X-We-Are-Hiring
X-Traceid
Srvid
Location
X-From
X-UA
Swift-Performance
X-Instance-Name
X-FL-EDGE
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-TrackingId
X-Li-Fabric
Dnion-Transfer-Encoding
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Platform
X-LiteSpeed-Tag
Geoip-Latitude
X-TT-LOGID
Fastcgi-X-Cache-Version
Nginx-CQVIP
X-RSL
X-RPS
X-DSS
X-DW
X-RPM
PICS-Label
Hit
CF-Cached-On
NtCoent-Length
X-Frame-Option
On-Server
X-PAYTM-SRV-ID
X-PERF
XM
CountryCode
X-DI
X-Info
X-Request-Url
Ohc-File-Size
X-ApacheServer
X-DB
X-Fastly-Backend-Reqs
XServer
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Wpo-Cache-Status
X-Lb-Nocache
X-CUA
Wpo-Cache-Message
PFcat
Vha6-Origin
X-CF-Powered-By
X-Cdn-Request-ID
X-Conten-Type-Options
X-Cache-Proxy
X-Fastly-Cache-Hits
X-B3-ParentSpanId
X-VarnishDD-TTL
X-HostName
X-HN
X-Ips-Loggedin
X-Edge-Origin-Shield-Bytes
Wp-Super-Cache
X-Edge-Origin-Shield-Region
X-Cache-Ngx
Warning
X-Litespeed-Cache-Control
X-Kebabable
X-MTS-Cache
X-N-OperationId
X-Ittl
X-Kebab
X-Keep
X-Nerd
X-Matched-Rule
X-Matome-Cached
X-LbNode
X-Loadbalancer
X-NS-Authorization
X-Origin-Ops
X-Nyt-Data-Last-Modified
X-Odoo-Frontend
X-Is-SSL
X-Okws-Version
X-NXG
X-Ntj-Investigation-Id
X-Newegg-Index
X-NFL-Dma
X-NFL-Geo
X-Onedio-Env
X-Newegg-Flow
X-Ee-Request-Date
X-Ee-Request-Id
X-OVcl
X-Eid
X-ETag
X-Eventloop-Lag
X-Ee-Origin
X-Ee-Generated-By
X-Developed-By
X-Doge
X-DT-Node
X-Edge-IP
X-F-Status
X-Farm
X-GoCache-CacheStatus
X-Group
X-Header-Sub
X-IBD-Cache
X-Global-Transaction-ID
X-Git-Commit
X-Fastly-Is-Edge
X-Fstrz
X-Full-Ttl
X-GG-Cache-Status
X-IBD-SID
X-Toujours-Debout-Branch
X-Utime
X-User-Auth
X-V2-Infrastructure
X-Vary-Devices
X-Ver
X-Upstream-State
X-U-Cache
X-Timestamp
X-Test-Nginx-Ingress
X-Toujours-Debout-Location
X-Tried-To-Kebabify
X-True-Client-Ip
X-Wag-Acs
X-Waitingroom
XV-H
XV-Cache
Timeexpire
X-Fastly-Country-Code
X-B3-Parentspanid
X-YSpaceId
X-Delivery
X-Web-Hosting
X-WP-Bypass
X-WSR2
X-Xms-Page-Cache-Actions
X-Svr-Proxy
X-SVR-IIS
X-Redis
X-Reboot
X-Render-Method
X-Render-Time
X-Request-Origin
X-R-Cache
X-Pver
X-PageType
X-Paywall
X-PG-ACCESS
X-PGF-Deflate
X-Route
X-Route-Akamai
X-SMP-JWT
X-Slack-Shared-Secret-Outcome
X-Square
X-SSLProxy
X-Stack-Name
X-Site
X-Sh
X-Ruby
X-Save-Cache
X-Server-L
X-ServiceName
X-OVcl-Cache
Served
NB-ESI
Joe-X
Nikkei-App-Version
NLCacheNote
Npm-Cost
Is-Https
HTTPProtocol
Deeplink
CMS-200
Ec-Policy-Id
H1
HServer
Npm-Remaining
Ns
Region
RawURL
Request-Uuid
Rt-Proxy-Cache
Scheme
Proxy-Cache
Panzer-Cache-Control
Ok-Cache-Status
Ns-Ua
OK-Edge-Date
Ok-Edge-Key
Origin-Site
Cluster-Host
Cf-Wrk
SRV
Fastcgi-Cache-Ttl
GeoIP-Latitude
DynaTrace
WZWS-RAY
Req-ID
X-Moov-T
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Request-Start
X-Node-Id
X-Moov-Xdn-Version
X-Mg-Cache
X-ElasticPress-Query
Cachekey
Cache-Stat
Cdn-Country-Code
Cf-Device-Type
Cf-Locale
Akamai-X-Url
X-Th-Server
X-IN-APIGATEWAY
X-Yottaa-OS
X-IN-APIGATEWAYSSL
Cneonction
X-Serial
Selected-Route
Service-Uuid
X-BeanStalkRole
X-Backside-Transport
X-BeanStalkStage
X-Cache-Cookie
X-Cache-IsMobileDevice
X-Backend-TTL
X-AspNetWebPages-Version
X-Ar-Stats
X-Apache-Server
X-Arena-Request-Id
X-ARRRG1
X-ASF-Cache
X-Cache-Length
X-Cache-NPR
X-Coindesk-Cache
X-Cms-Device
X-Colour
X-Container-Uri
X-Dcm-Pdtf
X-Cf-Node-Idx
X-CDN-Pop-IP
X-Cache-ReqUri
X-Cache-Reason
X-Cache-Response
X-CacheVersion
X-CDN-Pop
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-Native
Ttl
Time-Cloud-Cache
TWC-AK-Req-ID
TWC-PATH-LOCALE
TWC-Subs
Technodrome
T-Request-Id
Shieldsquare-Response
SFRVia
SII
Store-Cloud-Cache
Sw
TWC-Unit
Uniqueid
X-AEO-Platform
X-Accor-Asset
X-Akamai-CacheKeyMod
X-Akamai-DeviceOS
X-Akamai-DeviceType
X-Accepted-Language
X-Accepted-Fulllang
Vttl
Userver
X-77-NZT
X-77-NZT-Ray
X-Accel-Version
X-Dehri-Date