Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-Id
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
P3p
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
X-Proxy-Cache
Keep-Alive
X-Ua-Compatible
X-Server
X-Ws-Request-Id
X-Age
Host-Header
Cf-Edge-Cache
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
Cf-Apo-Via
X-Device
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Ruxit-JS-Agent
X-Server-Id
EagleEye-TraceId
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Cache-Spec
X-Backend-Server
Request-Id
X-Readtime
X-Cache-Lookup
X-HW
Accept-Ch-Lifetime
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Application-Context
X-Response-Time
Fastly-Restarts
Permissions-Policy
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-WebKit-CSP-Report-Only
X-Mcache
X-Content-Type
Content-Location
X-Url
X-MS-InvokeApp
X-CST
X-Country
Accept-CH-Lifetime
X-Clacks-Overhead
Rating
X-Midtier
X-PC
X-Amz-Server-Side-Encryption
X-TtlSet
X-Vname
X-Litespeed-Cache
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-VARITI-CCR
X-Element-Page-Cache
Verso
Origin-Trial
X-Server-Name
X-ECACHE
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Rack-Cache
X-Ac
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Cnection
Service-Worker-Allowed
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-Client-IP
Xkey
X-Navigation-Version
X-Ttl
X-B3-TraceId
X-Abt-Application-Version
Edge-Control
X-Cache-TTL
X-NWS-LOG-UUID
SPIisLatency
SPRequestDuration
X-Upstream
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Instrumentation
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Cached
X-Mg-S
X-Dw-Request-Base-Id
X-Px
X-Cache-Key
X-Sol
Pagespeed
X-Middleton-Display
Display
X-FastCGI-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Correlation-Id
Access-Control-Request-Method
Edge-Cache-Tag
Content-MD5
X-Forwarded-For
X-Country-Code
X-Goog-Hash
X-Webkit-Csp
X-NF-Request-ID
Front-End-Https
TCN
X-Powered-CMS
X-Id
X-Version
Public-Key-Pins
AR-ATIME
AR-PoweredBy
AR-SID
AR-Request-ID
AR-CACHE
Accept-Ch
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-RateLimit-Remaining
X-MSEdge-Ref
X-T
X-Content-Digest
X-Recruiting
X-Amzn-Trace-Id
X-Ser
X-XRDS-Location
X-Daa-Tunnel
X-Accel-Expires
Response
X-Middleton-Response
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
X-Ratelimit-Limit
S
MicrosoftSharePointTeamServices
Nginx-Cache
Cache-Status
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Request-Processing-Time
X-Request-Received
X-HS-Hub-Id
Server-Node
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
Cache-Tags
X-Distributor
X-Hits
X-Fastcgi-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
X-LB-Cache
Cross-Origin-Opener-Policy
X-Ratelimit-Remaining
Fastcgi-Cache
X-Origin-Server
X-Ua-Browser
X-PressLabs-Stats
Alternate-Protocol
X-Ezoic-Cdn
X-Grace
Server-Name
X-DIS-Request-ID
X-DataDome
X-Geo-Country
Filterid
X-Ratelimit-Reset
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
X-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Healthy
X-Hostname
X-Frontend
X-LLID
X-Git-Hash
X-Logged-In
X-Debug-Info
X-ORACLE-DMS-ECID
X-Varnish-Backend
Payment
X-ORACLE-DMS-RID
X-Fastly-Request-ID
Cleartype
X-FB-Debug
X-Forwarded-Proto
X-Www-Served-By
X-Page-Id
X-Load-Cache
X-NGENIX-Cache
X-ASPNET-VERSION
X-Origin-Cache
X-Cluster-Name
DC
MS-Author-Via
X-TTL
Content-Disposition
Charset
Realpath
X-B3-Sampled
Access-Control-Allow-Method
X-GUploader-UploadID
X-Goog-Metageneration
X-Upgrade-Enabled
X-Proxy
X-Kong-Upstream-Latency
X-F-Cache
X-Kong-Proxy-Latency
X-Az
X-AppVersion
X-Activity-Id
X-ECache
X-Seen-By
X-Amz-Replication-Status
Retry-After
X-Server-ID
Paypal-Debug-Id
Cross-Origin-Resource-Policy
X-Contextid
X-Amz-Meta-S3cmd-Attrs
X-Type
X-Flags
Viewport
X-Route-Name
X-Revision
X-Providence-Cookie
X-Request-Guid
X-Azure-Ref
X-Aspnet-Duration-Ms
X-Whom
Count-Hit
X-Hosted-By
X-Is-Crawler
X-Fb-Rlafr
X-App-Environment
Surrogate-Key
X-Signature
X-B-Cache
X-Wix-Request-Id
Accept-Charset
X-Aspnetmvc-Version
X-Varnish-Server
X-B
X-VCache
X-TT
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
X-Cache-Age
X-DynaTrace
X-B3-Traceid
X-Language
X-Source
X-Cache-Control
X-Fastly-Request-Id
X-App-Server
Referer-Policy
X-Mobile
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Magnolia-Registration
X-Times
X-Varnish-Grace
Host
X-RateLimit-Limit
Version
X-Envoy-Decorator-Operation
X-N
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-HTML-Minification-Powered-By
X-Cache-Rule
X-Response-Served-From
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Original-Request-Id
X-Tumblr-Pixel
X-UUID
X-Cache-Time
X-RTag
X-Rule
Section-Io-Cache
X-Varnish-Age
Access-Control-Request-Headers
Refresh
WPO-Cache-Status
WPO-Cache-Message
Ms-Operation-Id
MS-CV
SRV
SD-X-WS
X-Framework
X-Cache-Status-Check
Akamai-GRN
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Version
GEO-INFO
X-Cache-Grace
X-User-Agent
X-FW-Serve
X-FW-Hash
X-Backend-Name
X-Content-Powered-By
X-Cache-Expired-At
X-ProcessESI
X-Page-View
X-EdgeConnect-Cache-Status
X-FW-Dynamic
X-Cacheable-TTL
X-RemovedCookies
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Status
X-G
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Instance
X-Is-Bot
Url
X-Rendered-As
X-Device-Type
X-Servername
Protected
X-Jobs
X-L-Path
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-Adobe-Loc
X-Http-Reason
From-Origin
CDN-RequestId
X-Environment-Context
X-Adobe-Content
NGB
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Template
X-Trace-Id
X-Region
Front
X-COUNTRY
X-CDN-Forward
X-Varnish-Ttl
X-Nginx-Cache
X-Debug-IsConnected
X-Debug-IsPreview
Accept-Language
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Unique-Id
X-Cache-Hit
X-Content-Options
Backend
Fastly-SWR
Fastly-SIE
Country
X-Zen-Fury
X-Air-Source
X-Air-Trace-Id
Liferay-Portal
X-Air-Hostname
X-DynaTrace-JS-Agent
X-Tb
X-XRDS-LOCATION
X-Newrelic-App-Data
X-Mode
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Tec-Api-Origin
X-Cache-Operation
X-Tec-Api-Version
X-Tec-Api-Root
Content-Secure-Policy
X-Node-Name
X-Tt-Logid
X-Real-IP
Filters
X-Amzn-Remapped-Content-Length
X-Tumblr-Pixel-2
Meta-Geo
X-Cache-Server
X-Rewrite-Enabled
Webserver
Uber-Trace-Id
X-Proxy-Cache-Info
X-Generation-Time
X-RN-RSRV
X-UPSTREAM-Address
Azure-InstanceId
Azure-RegionName
X-Time
X-Rocket-Nginx-Serving-Static
X-IPS-LoggedIn
X-PHP-Backend
Azure-SiteName
CF-IPCountry
X-Section
Azure-SlotName
X-Timing-Wait
X-Proxy-Build
X-Web-Node
X-Ms-Version
X-Content-Age
Onion-Location
X-Access
X-Format
Azure-Version
Selected-Fe
Cache-Hits
X-Ms-Request-Id
ServedBy
TWC-Device-Class
Cache-Name
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
Webcakes-Region
X-Cluster-Node
TWC-GeoIP-Country
Property-Id
TWC-GeoIP-LatLong
X-Debug
X-Sql-Count
X-Server-W
X-Say-Cacheable
X-VC-Cache
X-Proto
X-Sql-Duration-Ms
X-Soup
X-Locale
X-TIME
X-Say-TTL
X-Sucuri-ID
X-Sucuri-Cache
X-UA-Device-Type
Node
X-SayCDN-TTL
X-Origin-Hint
X-R9-Blue-Green-Version
X-Reqid
ServerID
X-ProxyCache-Key
S-Rt
X-VWS-Id
X-Proxy-Cache-Status
X-Via-Fastly
X-ProxyCache-Status
Web-Mar-Node
X-Site-Version
X-Cms-Context
X-PHP-Host
X-Cluster
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Handled-By
X-IPLB-Request-ID
X-Ua
X-Cache-Host
X-Varnish-Beresp-Grace
X-Skip-Cache
X-IPLB-Instance
X-Adobe-Source
X-AWS-Id
X-Cache-Action
X-BYPASS-REASON
X-Forwarded-Host
X-Cache-TTL-Remaining
DB-Nickname
X-No-Session
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-LAGOON
X-Detected-As
X-FB-TRIP-ID
X-JoinUs
Cross-Origin-Window-Policy
X-Extlb
X-Zipkin-Id
X-Origin-Date
X-Tumblr-Pixel-3
X-Ruxit-Js-Agent
X-Routing-Service
X-Uri
X-Proxied
X-Edge-Location
X-SaId
Apigw-Requestid
Mn-Server-Ip
Locale
X-Optimistic-Header
X-App-Version
X-Xfnlog-Site
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Buckets
Countrycode
Fastcgi-Useragent
WP-Super-Cache
X-GeoCode
X-GeoCountry
X-LSADC-Cache
X-ARC
Source
CDN-Uid
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-Cache
X-Oneagent-Js-Injection
Mime-Version
X-Director
Cache-Tv-Group
X-Hl-Ver
Fastly-Drupal-HTML
Upgrade-Insecure-Requests
X-Varnish-Hits
X-Request-Time
X-Generated-By
X-GEO
X-Mg-Request-UUID
X-Cache-Debug
X-Tx-Id
X-Redis-Cache
CF-Cached-On
Xet-Cookie
X-Webkit-CSP-Report-Only
X-Loop
X-Origin-TTL
X-Origin-CC
Frame-Options
X-URL
X-SRV
X-FireWall-Port
X-Varnish-Cache-Hits
X-Pass-Why
X-TNCMS
X-Varnish-Hostname
X-RM-Cache-TTL
X-TA-CDN-Provider
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-ServerID
X-Sorting-Hat-PodId
X-Akamai-Transformed
X-Shopify-Stage
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Api-Version
X-Service
Load-Balancing
X-Newrelic-Synthetics
X-Endurance-Cache-Level
X-Served-From
X-Pubstack
X-Request-Host
Xserver
X-B3-Spanid
X-NWS-UUID-VERIFY
X-Httpd
X-Epic-Correlation-Id
Host-ID
X-Developer
X-Location
X-Mid
X-Processor
X-Ec-Fail
X-Ec-GeoHdr
X-Level-Front-Cache
X-Loc
X-Varnish-Beresp-Ttl
X-Mobile-URL
DSUID
X-Nyt-Route
BehaviorPad-Version
Edge-Cache
Cache-Host
Candidate-Md5Url
X-Origin-Time
X-Generated-On
X-A
A
X-External-Request-Id
Server-Info
X-Platform-Processor
X-Platform-Router
DCR-Processing-Time-Ms
X-INCAP-ABP
X-Platform-Cluster
DCR-Decision-By
X-Gdpr
Gannett-Cam-Experience-Id
Odigeo-Trace-Id
X-Bc-Bl
X-BCube-Filmed-By
Sslversion
X-BBC-Edge-Cache-Status
Surrogated-Key
X-Bip
Xc-Version
X-We-Are-Hiring
Redirect-Candidate
Release
Rendered-Blocks
Req-Svc-Chain
X-B-Cookie
T-Server
WWW-Authenticate
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A-Wwc
X-Aed
Thinkindot-CacheControl
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Application
X-Rocket-Build-Number
X-Cache-Date
X-Sigma
MD5-Digest
X-Sigma-Backend
X-SRCache-Key
X-Test
X-ScT
Lang
X-S
X-Rojux
X-S-Cookie
X-S-Maxage
X-Destination
X-Cache-Info
X-Thanos
Origin
X-Conf
X-Vdms-Path
X-Vdms-Version
X-Cache-NE
X-CMSURLCustom
Ngx.Var.Host
X-CUA
Memcached
X-TIM-N
X-Thinkindot-L3
X-D
Meta-Geo-Continent
X-Restarts
X-Storage
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Developers
X-Core-Mission
X-Ec-Custom-Error
X-Is-Gdpr
X-Cdn-Origin
Mail-Subject
Magicmarker
Gh-Request-Id
X-Pool
X-WADP-Cache
X-Fetched-On
X-Fmm-Version
X-JWT-State
X-Human
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-SD-PageType
X-Var-Ttl
X-Cdn-Srv
X-Clara-WADP
X-VG-TLSProxy
X-Worker
X-Vmg-Version
X-WA-Info
X-VServer
X-Varnishpool
X-WP-CF-Super-Cache-Active
Server-Host
X-Varnish-Beresp-Status
X-Core-Value
Country-Code
X-Cache-Bucket
NM-Fastcgi-Cache
X-Auto-Login
X-Hash
CacheControlHeader
Cache-Key
X-Akamai-Device-Characteristics
X-Has-Esi
Apple-News-Services-Host
X-Mvc-Supplant-Cachable
We-Hiring
X-Node-Id
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
AKAMAI
C-Via
X-SVT-ORM-RULES
X-Sn-Servicetimems
CloudFront-Viewer-Country
X-SVT-ORM-VERSION
X-Origin
X-Frame-Option
X-Origin-Response-Time
X-GeoIP-City
X-Org
X-Mly-Id
X-Geo-Header
X-GeoIP
X-HS-Content-Campaign-Id
X-CACHE-AGE
X-Parent-Response-Time
X-Slack-Shared-Secret-Outcome
X-Wix-Viewer-Type
X-Slack-Backend
X-CacheTTL
X-Fastly-Backend
X-App
X-Fastly-Cache
X-Gamma-Serve
X-Region-Sid
X-Men
X-Dispatcher-Number
X-Date
X-Ad-Defer-Variation
X-Accel-Buffering
X-Accel-Expires-Debug
X-Azure-Ref-OriginShield
X-Server-IP
State
X-Request-Start
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Old-Content-Length
X-Op-Id-All
X-Gen-Mode
X-Forwarded-Site
X-Platform
X-NodeID
X-Gzip
X-LB-NoCache
X-Irp-Debug
X-Hnp-Log
X-HN
X-Nginx-Cache-Key
X-NCache
X-FC-Vary-Parameters
X-Esi-Check
X-Varnish-CookieHashed-On
X-Variation
X-DefElseHash
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Cache-Tags
X-VarnishDD-TTL
X-DefHash
X-Scale
X-Qloud-Router
X-Platform-Server
X-Req
X-Dispatcher-Server
X-SB
X-Device-Os
X-Cache-Id
X-Block-Status
NGX
Platform
Adler-Geo
Environment
Server-Ext
Machine
Server-Hostname
PFcat
Cache-Provider
On-Server
Datacenter
Origin-EX
Click-Count-Error
Click-Count-Action-Start
Canary
CDCHOST
Origin-CC
Sever-Int
Wxu-Next-Region
Kp-EeAlive
Tube-Got-Eval
Is-Eu
Tube-Return
Tube-Got-Results
Vix-Hermes-Req-Id
Tube-Get-Contents
Wxu-Next-Commit
Wxu-Next-Hostname
X-CSRF-Token
Web-Mar-Region
L
User-Cache-Control
HA-Ipaddr
Fastly-SSL
Ha-Gx-Prefs
X-Eu-Site
Decoy-Debug-TTL
Decoy-Debug-Status
X-Instance-Name
X-Owner
X-V-Cache
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Nananana
X-Tid
X-DPWN-IS-SECURE
X-Origin-Expires
Cmstype
Cmsid
X-Minions-Version
Cluster
Decoy-Debug-Key
X-Ckpd-Fst-Backend
X-CGP
Producers
X-Cache-Remote
X-Cache-Backend
X-Csrf-Jwt
L5d-Success-Class
Pics-Label
Ssr
X-Microcachable
X-Refresh
X-Release
X-Cache-FS-Status
X-Response-By
X-Tb-Optimization-Total-Bytes-Saved
X-Mvc-Supplant-OutputCached
X-Provided-By
X-Zone
X-Aicache-OS
X-FL-EDGE
X-Correlation-ID
X-FL-QIT-DEBUG
Expect-Staple
Srvid
GeoIP-Latitude
HostName
Locid
X-DC
X-Air-Pt
X-Via-CDN
Env
Memory
X-RCS-CacheZone
X-Servedbyhost
Time
X-Dc
X-ND-Cache
X-From
X-Up
SID
X-Trace-ID
X-Via-Edge
X-Via-SSL
X-Presslabs-Stats
X-VC
Edge-Copy-Time
X-Vcl-Version
X-Cache-Enabled
Svr
X-NewRelic-App-Data
X-Generated-In
X-AIR-PT
NtCoent-Length
X-Cached-By
X-Nc
X-HS-Status
X-Edge-Pop
X-Srv
X-Webkit-CSP
Cache
X-Via-Poph
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Via-Popn
X-DataCenter
X-Via-Popv
X-Lambda-Id
X-Wa
Sid
X-Nf-Request-Id
Cdn
X-HA-Backend
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Vc
X-Esi
X-Vgn-Hpd-Variations-Key
X-Cs
X-ZONE
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
VNS-Cache
X-CCDN-CacheTTL
X-Render-Time
CPC-Cache
X-Vtex-Remote-Cache
VNS-Age
X-Client-Ip
CPC-Age
Server-ID
X-NGINX-Cache
X-Check-Cacheable
X-VCT
Cdncip
Hostname
Fastly-Drupal-Html
GeoIp-Country-Code
X-AK-Request-ID
X-LB-ID
Cdnsip
X-Fpc
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Via-NSCOPI
X-Gateway-Cache-Status
AMP-Access-Control-Allow-Source-Origin
X-TH-Server
X-Gateway-Cache-Key
X-Amz-Meta-Cb-Modifiedtime
X-Upstream-Ht
X-Proxy-CacheRZ
XkeyRZ
X-Via-JSL
X-Upstream-Ct
X-ATG-Version
True-Client-IP
X-Cache-Type
X-API-Version
X-CSRF-TOKEN
X-B3-SpanId
X-Cache-ASPX
X-Varnish-Authentication
Uri
X-Contensis-Viewer-Groups
X-EC-Lua
X-CS
Esi-Enabled
Eomportal-Instance
M-TraceId
True-Client-Ip
X-Varnish-Beresp-TTL
X-CF-Lambda-Fn
X-MSEdge-Features
Ngx-Var-Key
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-CF-Lambda-Version
X-PAYTM-SRV-ID
OT-Force-Account-Verify
X-MSEdge-Flight
X-Micro-Cache
Resin-Trace
XServer
X-Udemy-Cache-App-Namespace
Srv
Path
X-FPC
YJS-ID
Request-ID
X-MP-GENERATED-AT
GeoIP-Country-Code
CDN
X-Fastly-Country-Code
X-CDN-Cache-Status
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-SIPLIST1
N-Cache
IsBot
X-APP-VERSION
X-Request-URI
X-Cache-NGX
X-RateLimit-Reset
X-Info
X-Datadome
X-VCL-Version
X-Forwarded-Path
X-Bl-Debug
X-Lb-Id
X-Orig-Expires
X-Shop-Environment
X-CLOUD-TRACE-CONTEXT
RNT-Time
X-Tenant
RNT-Machine
LB
X-Accel-Version
X-Service-Response-Time
Server-Id
Sm-Log-Id
X-TX-ID
X-Pod-Name
Location
X-B3-Trace-ID
X-App-Name
X-Policy
X-MCACHE
X-Ha-Backend
X-Datacenter
X-Edge-POP
HIT
Cross-Origin-Opener-Policy-Report-Only
X-WA
Lb
X-Akamai-Pragma-Client-IP
X-Cache-Expires
Servername
X-Cdn-Request-ID
X-Snapshot-Date
X-Oss-Object-Type
X-Via-PopH
X-Oss-Hash-Crc64ecma
X-Cdn-Cache-Status
X-SERVER-NAME
X-Via-PopN
X-Via-PopV
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
Ohc-File-Size
X-Xrds-Location
X-Geo
Hit
ENV
Timeexpire
X-CACHE-KEY
X-NC
X-Cache-Ttl
FSS-Cache
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Ctl-Mach
Pramga
X-Cdn-Diag
Epwk-X-Cache
Req-ID
X-Logging-Id
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Vcache
X-LiteSpeed-Cache-Control
X-ServedByHost
Proxy-Connection
Yjs-Id
WZWS-RAY
X-Amz-Meta-Opti
X-Container-Uri
X-Git-Commit
X-Cdn-Forward
X-Moov-T
X-UP
X-Hyper-Cache
X-TraceId
X-Moov-Xdn-Version
X-Scheme
Geoip-Latitude
Traceparent
X-Serial
X-Dw-Trace-Id
MIME-Version
X-M-Reqid
X-MiniProfiler-Ids
X-M-Log
X-PERF
X-Viewer-Country
X-Acquia-Site
X-B3-Parentspanid
X-Tncms
X-RAMCache
X-Acquia-Application-Trace
X-Qnm-Cache
X-ApacheServer
X-Fastly-Backend-Reqs
X-VG-WebCache
Content-Script-Type
Ec-Rule-Version
Cneonction
X-Acquia-Purge-Tags
XM
Content-Style-Type
X-Acquia-Application-UUID
X-Swift-Error
X-Lb-Nocache
X-TT-LOGID
X-Lsadc-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-F-Status
X-Wp-Cf-Super-Cache
CountryCode
X-Iauth-Set-Uid
X-Litespeed-Cache-Control
X-Mg-Cache
X-Webstats-RespID
Ohc-Cache-HIT
V-Age
X-Cache-Ngx
Inserted-Into-Cache-At
X-B3-ParentSpanId
X-Request-URL
X-Mid-Debug-Cache-Key
X-Mid-Debug-Cache-Disk
X-IPS-Cached-Response
Warning
X-Th-Server
Ngx
X-LiteSpeed-Tag
My-App
X-Fastly-Cache-Hits