Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-XSS-Protection
X-Cache
Via
Age
Report-To
Content-Security-Policy
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
X-Request-Id
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-CDN
X-XSS-PROTECTION
X-AspNetMvc-Version
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
EagleId
X-Cache-Group
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Device
Cf-Apo-Via
Cf-Railgun
X-Server-Id
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Dns-Prefetch-Control
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Ruxit-JS-Agent
X-Readtime
X-Cache-Lookup
X-HW
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-CST
X-WebKit-CSP-Report-Only
Content-Location
X-Content-Type
X-Country
X-Mcache
Accept-Ch-Lifetime
X-Url
X-MS-InvokeApp
X-Clacks-Overhead
Rating
X-ECACHE
X-Midtier
X-Amz-Server-Side-Encryption
X-TtlSet
X-PC
X-Vname
RTSS
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-B3-TraceId
X-D2id
X-Element-Page-Cache
Origin-Trial
X-Litespeed-Cache
Verso
X-Server-Name
X-Ac
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Rack-Cache
X-ESI
X-Varnish-TTL
X-Cnection
X-Powered-By-Plesk
X-Cache-TTL
Service-Worker-Allowed
X-GitHub-Request-Id
X-Ttl
Xkey
X-Navigation-Version
X-Client-IP
X-Abt-Application-Version
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-NWS-LOG-UUID
Edge-Control
X-Cached
Arr-Disable-Session-Affinity
X-Px
X-Mg-S
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Browser-Type
X-Server-Lifecycle-Phase
X-Instrumentation
SPRequestDuration
SPIisLatency
X-Upstream
Content-MD5
X-Sol
Pagespeed
Display
X-Middleton-Display
X-Dw-Request-Base-Id
X-Cache-Key
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Correlation-Id
X-Fastcgi-Cache
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-Goog-Hash
Front-End-Https
X-Country-Code
X-Daa-Tunnel
X-Forwarded-For
X-Version
Public-Key-Pins
X-RateLimit-Remaining
X-XRDS-Location
AR-SID
X-Powered-CMS
AR-ATIME
X-Id
AR-CACHE
AR-PoweredBy
AR-Request-ID
TCN
X-Recruiting
X-T
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-MSEdge-Ref
X-Content-Digest
X-Accel-Expires
X-Middleton-Response
Response
X-Shield-Request-Id
X-Ser
TP-L2-Cache
TP-Cache
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Aspnetmvc-Version
X-Amzn-Trace-Id
Nginx-Cache
S
X-Fastly-Request-ID
X-Ratelimit-Limit
X-Request-Processing-Time
X-Request-Received
Server-Node
X-HS-Content-Id
X-HS-Hub-Id
X-Hits
X-HS-Cache-Config
X-HS-Combine-CSS
Cache-Status
X-Distributor
MicrosoftSharePointTeamServices
X-Kinsta-Cache
X-Edge-Location-Klb
Cache-Tags
X-Grace
Alternate-Protocol
Fastcgi-Cache
Server-Name
X-Ezoic-Cdn
X-Protected-By
X-Origin-Server
X-LB-Cache
X-DIS-Request-ID
X-Ratelimit-Reset
X-Ua-Browser
X-Geo-Country
X-DataDome
X-FastCGI-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Frontend
X-Ratelimit-Remaining
X-Rid
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Cross-Origin-Opener-Policy
X-Debug-Info
X-Varnish-Backend
X-Www-Served-By
Filterid
X-Git-Hash
Cleartype
X-Logged-In
Healthy
X-NGENIX-Cache
X-FB-Debug
Payment
X-Forwarded-Proto
X-Page-Id
X-Webkit-Csp
X-Load-Cache
X-ASPNET-VERSION
Charset
X-LLID
X-B3-Sampled
Content-Disposition
DC
X-Hostname
X-Cluster-Name
X-Origin-Cache
X-VCache
X-TTL
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-GUploader-UploadID
X-Goog-Metageneration
X-PressLabs-Stats
MS-Author-Via
X-Upgrade-Enabled
Retry-After
Access-Control-Allow-Method
X-Proxy
X-F-Cache
Accept-Charset
Cross-Origin-Resource-Policy
X-Amz-Replication-Status
Realpath
X-Az
Paypal-Debug-Id
X-Activity-Id
X-AppVersion
X-Type
X-Contextid
X-Oracle-Dms-Rid
X-Signature
X-B-Cache
X-Oracle-Dms-Ecid
X-Revision
X-Request-Guid
X-Route-Name
X-Varnish-Server
X-Providence-Cookie
X-Flags
Viewport
X-Amz-Meta-S3cmd-Attrs
X-Aspnet-Duration-Ms
X-Azure-Ref
X-Hosted-By
X-Is-Crawler
X-Seen-By
X-Wix-Request-Id
X-TT
X-App-Environment
X-ORACLE-DMS-RID
X-Fb-Rlafr
X-Whom
X-ORACLE-DMS-ECID
X-DynaTrace
X-B
Surrogate-Key
Count-Hit
X-Source
Referer-Policy
X-Akamai-Edgescape
X-Language
Amp-Access-Control-Allow-Source-Origin
X-App-Server
X-Tt-Trace-Host
X-Mobile
X-Template
X-Tt-Trace-Tag
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Cache-Control
X-RateLimit-Limit
Host
X-Varnish-Grace
X-HTML-Minification-Powered-By
X-N
Version
X-Cache-Rule
X-EdgeConnect-Cache-Status
X-Magnolia-Registration
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Original-Request-Id
X-Tumblr-Pixel
X-Tumblr-User
X-Response-Served-From
X-Varnish-Age
X-Cache-Time
X-UUID
X-Cache-Status-Check
X-Envoy-Decorator-Operation
X-Cache-Expired-At
VIX-Pulpo-Node
Access-Control-Request-Headers
SD-X-WS
VIX-Pulpo-Upstream-Status
X-Rule
Ms-Operation-Id
X-RTag
MS-CV
Section-Io-Cache
Refresh
X-Content-Powered-By
Akamai-GRN
Protected
X-Adobe-Content
X-Framework
X-RemovedCookies
X-Page-View
X-Jobs
X-Cacheable-TTL
X-ProcessESI
X-Status
X-Adobe-Loc
X-Cache-Grace
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-FW-Dynamic
NGB
Url
X-Environment-Context
X-FW-Version
X-G
X-Servername
X-B3-Traceid
X-Device-Type
X-Rendered-As
X-NYM-Debug-Backend
X-Http-Reason
X-Is-Bot
X-L-Path
GEO-INFO
X-Instance
SRV
X-Cache-Age
X-Backend-Name
X-Akamai-Request-ID2
X-User-Agent
X-Trace-Id
Accept-Ch
X-Debug-IsPreview
X-Debug-IsConnected
X-COUNTRY
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Newrelic-App-Data
From-Origin
CDN-RequestId
WPO-Cache-Message
WPO-Cache-Status
X-Nginx-Cache
X-CDN-Forward
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Hit
X-Region
Accept-Language
Front
Country
X-Tb
Pinterest-Generated-By
X-Node-Name
X-Pinterest-Rid
Pinterest-Version
X-Tt-Logid
X-Amz-Apigw-Id
X-Amzn-RequestId
Backend
X-Real-IP
X-Content-Options
X-Buckets
Fastly-SWR
Fastly-SIE
X-Unique-Id
Uber-Trace-Id
X-Tec-Api-Root
X-Tec-Api-Origin
X-XRDS-LOCATION
X-Tec-Api-Version
X-Mode
X-VC-Cache
Fastly-Drupal-HTML
X-DynaTrace-JS-Agent
X-Cache-Operation
Content-Secure-Policy
X-Zen-Fury
X-Times
X-RN-RSRV
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Tumblr-Pixel-2
Meta-Geo
X-Generation-Time
Filters
Azure-Version
CF-IPCountry
X-TIME
Azure-SlotName
X-Time
Azure-RegionName
X-IPS-LoggedIn
Azure-InstanceId
X-Amzn-Remapped-Content-Length
X-Cache-Server
Azure-SiteName
Webserver
X-Section
X-Web-Node
Onion-Location
X-Rocket-Nginx-Serving-Static
X-Proxy-Cache-Info
X-Access
X-Format
Property-Id
Apigw-Requestid
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
X-Soup
X-Ua
X-Origin-Hint
X-Cms-Context
X-Varnish-Beresp-Grace
X-Say-TTL
X-Say-Cacheable
X-Sucuri-ID
Webcakes-Region
X-Adobe-Source
X-Cache-Action
X-PHP-Backend
X-Sql-Duration-Ms
X-Cache-TTL-Remaining
X-SayCDN-TTL
X-Reqid
X-Sucuri-Cache
X-Server-W
TWC-Privacy
TWC-Locale-Group
Cache-Hits
X-Locale
X-Skip-Cache
Webcakes-App-Name
X-Sql-Count
X-Content-Age
X-Via-Fastly
X-Proxy-Cache-Status
Webcakes-App-Version
TWC-GeoIP-LatLong
X-Cache-Host
X-Fastly-Request-Id
X-Cluster
X-BYPASS-REASON
X-AWS-Id
ServerID
X-SRV
S-Rt
X-LJ-Flow-ID
X-IPLB-Request-ID
X-IPLB-Instance
X-Air-Trace-Id
X-Cluster-Node
X-Air-Source
X-Handled-By
X-Labrador-Cache-Channel
X-PHP-Host
X-Site-Version
X-Forwarded-Host
X-Edge-Location
X-Air-Hostname
X-URL
X-Debug
X-Ms-Request-Id
Web-Mar-Node
X-ProxyCache-Key
X-ProxyCache-Status
X-Proto
X-Ms-Version
Node
DB-Nickname
Cache-Name
X-R9-Blue-Green-Version
X-UA-Device-Type
X-VWS-Id
CDN-Cache
X-LSADC-Cache
X-Detected-As
X-Timing-Wait
X-FB-TRIP-ID
X-GeoCode
X-GeoCountry
X-Urbn-Context-Path
X-LAGOON
X-Xfnlog-Site
X-Urbn-Site-Id
X-Extlb
CDN-CachedAt
CDN-RequestCountryCode
X-JoinUs
X-Routing-Service
CDN-Uid
Selected-Fe
ServedBy
Cross-Origin-Window-Policy
CDN-PullZone
CDN-EdgeStorageId
X-Zipkin-Id
Locale
X-SaId
Mn-Server-Ip
X-Proxied
X-No-Session
X-Proxy-Build
Mime-Version
WP-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Liferay-Portal
Fastcgi-Useragent
X-Optimistic-Header
X-ECache
X-Hl-Ver
X-CACHE-AGE
X-Tumblr-Pixel-3
X-Request-Time
X-Oneagent-Js-Injection
Source
X-Redis-Cache
X-Cache-Debug
X-Presslabs-Stats
X-Origin-Date
X-TNCMS
Upgrade-Insecure-Requests
X-Loop
X-Mg-Request-UUID
Xserver
X-GEO
X-Generated-By
X-Varnish-Hits
X-Uri
X-Akamai-Transformed
CF-Cached-On
X-Director
Countrycode
Xet-Cookie
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Pass-Why
X-ARC
X-NWS-UUID-VERIFY
Frame-Options
X-Varnish-Beresp-Ttl
X-Tid
X-FireWall-Port
X-Varnish-Ttl
X-Storage
X-Tx-Id
X-Origin-TTL
X-Origin-CC
X-Service
Cache-Tv-Group
X-Varnish-Cache-Hits
X-App-Version
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Varnish-Hostname
X-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-DC
X-Alternate-Cache-Key
X-RM-Cache-TTL
X-Endurance-Cache-Level
Environment
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Sampled
X-ServerID
Lang
X-Level-Front-Cache
MD5-Digest
X-Bc-Bl
DCR-Decision-By
DCR-Processing-Time-Ms
X-INCAP-ABP
Edge-Cache
X-Loc
Host-ID
Gannett-Cam-Experience-Id
X-Origin-Time
X-Cache-NE
X-Cache-Info
X-Platform-Cluster
X-Request-Host
X-BCube-Filmed-By
X-BBC-Edge-Cache-Status
X-Mobile-URL
Candidate-Md5Url
BehaviorPad-Version
A
X-Mid
X-Application
T-Server
TDXMobile
Thinkindot-CacheControl
Surrogated-Key
X-D
X-Ec-Fail
Sslversion
X-Core-Value
X-A-Wwc
Thinkindot-CacheControl-Type
WWW-Authenticate
X-A
X-A-Ccd
X-A-Dcw
X-Destination
X-A-Dgt
Thinkindot-Control
X-Developer
X-Ec-GeoHdr
X-Epic-Correlation-Id
Origin
X-Generated-On
X-Gdpr
Odigeo-Trace-Id
Ngx.Var.Host
X-A-Dam
Memcached
Meta-Geo-Continent
X-CMSURLCustom
X-Frame-Option
X-Aed
Req-Svc-Chain
X-External-Request-Id
Rendered-Blocks
Release
Redirect-Candidate
X-Conf
X-B-Cookie
X-Nyt-Route
X-S-Cookie
X-Rojux
X-Test
X-Processor
X-ScT
X-We-Are-Hiring
X-S-Maxage
Xc-Version
Server-Info
X-Vdms-Path
X-Thinkindot-L3
X-Vdms-Version
X-S
X-Platform-Router
X-SRCache-Key
X-Served-From
X-TIM-N
X-VG-TLSProxy
X-Platform-Processor
SID
Server-Host
X-Ec-Custom-Error
State
Ssr
X-Thanos
X-Location
X-SVT-ORM-RULES
X-Sigma
X-Sn-Servicetimems
Magicmarker
X-Rocket-Build-Number
X-Geo-Header
X-Fetched-On
X-Fmm-Version
X-Gamma-Serve
X-SVT-ORM-VERSION
X-Httpd
Tube-Return
X-Clara-WADP
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Akamai-Device-Characteristics
X-Varnish-CookieHashed-On
X-Auto-Login
X-Cdn-Srv
X-Cache-Bucket
X-VServer
X-Cdn-Origin
X-Bip
X-WA-Info
X-Core-Mission
X-WADP-Cache
X-Developers
Cache-Host
X-Has-Esi
Tube-Got-Results
Tube-Got-Eval
Vix-Hermes-Req-Id
X-DefHash
X-Varnish-Beresp-Status
X-CUA
X-Worker
X-WP-CF-Super-Cache-Active
X-DefElseHash
Tube-Get-Contents
X-GeoIP-City
X-Org
X-Req
Apple-News-Services-Handled
C-Via
X-SB
Decoy-Debug-Key
X-Pool
Apple-News-Services-Host
Country-Code
CloudFront-Viewer-Country
Click-Count-Error
Click-Count-Action-Start
Cluster
X-Origin-Response-Time
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Decoy-Debug-Status
Decoy-Debug-TTL
X-Human
X-SD-PageType
Fastly-GeoIP-CountryCode
X-Old-Content-Length
X-Vmg-Version
X-HS-Content-Campaign-Id
X-NodeID
AKAMAI
Cache-Key
X-Platform-Server
DSUID
X-Sigma-Backend
X-JWT-State
Fastly-Backend-Name
X-Is-Gdpr
X-Restarts
X-Parent-Response-Time
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Origin-Responded
X-B3-Spanid
X-Node-Id
X-Request-Start
X-Variation
X-Qloud-Router
X-Varnishpool
X-Ckpd-Fst-Backend
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Owner
X-Var-Ttl
X-Op-Id-All
X-Cache-Id
X-Origin
X-Region-Sid
X-Wix-Viewer-Type
X-Dispatcher-Server
X-GeoIP
X-Hash
We-Hiring
X-Fastly-Backend
X-Esi-Check
NM-Fastcgi-Cache
X-Scale
X-Pubstack
X-Slack-Shared-Secret-Outcome
X-Gzip
X-GeoIP-Region-Code
X-Slack-Backend
X-GeoIP-Country-Code
Mail-Subject
X-Men
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-Device-Os
X-V-Cache
X-Nginx-Cache-Key
CacheControlHeader
X-Up
X-Nananana
X-Minions-Version
X-NCache
Kp-EeAlive
Gh-Request-Id
X-Date
X-Cache-FS-Status
Wxu-Next-Region
Wxu-Next-Hostname
Producers
X-Accel-Buffering
X-Accel-Expires-Debug
Wxu-Next-Commit
Web-Mar-Region
On-Server
Svr
NGX
Machine
L
Origin-CC
X-Ad-Defer-Variation
Datacenter
Is-Eu
Cmsid
X-Cache-Backend
Cmstype
Cache-Provider
Platform
X-Azure-Ref-OriginShield
Adler-Geo
Origin-EX
X-App
X-AIR-PT
Pics-Label
X-Forwarded-Site
X-Gen-Mode
X-Hnp-Log
X-LB-NoCache
CDCHOST
X-Refresh
Fastly-SSL
X-Server-IP
Canary
X-HN
X-FC-Vary-Parameters
X-CacheTTL
User-Cache-Control
X-Irp-Debug
X-Block-Status
X-Cache-Date
X-VarnishDD-TTL
X-Platform
X-Mvc-Supplant-Cachable
PFcat
X-Cache-Tags
Server-Hostname
Sever-Int
Server-Ext
X-Webkit-CSP-Report-Only
X-CSRF-Token
X-Trace-ID
X-Esi
X-Via-Poph
X-Microcachable
X-Eu-Site
HA-Ipaddr
X-Via-Popn
X-CGP
X-Csrf-Jwt
L5d-Success-Class
Ha-Gx-Prefs
X-Via-Popv
X-Aicache-OS
X-Cache-Remote
X-Mly-Id
X-Cached-By
HostName
GeoIP-Latitude
Env
Cdn
X-Mvc-Supplant-OutputCached
X-Correlation-ID
X-HA-Backend
X-RCS-CacheZone
X-Servedbyhost
Load-Balancing
X-Tb-Optimization-Total-Bytes-Saved
X-VC
X-Fastly-Cache
X-ZONE
Cdncip
X-AK-Request-ID
Cdnsip
Server-ID
X-DataCenter
X-Nc
X-Instance-Name
X-Origin-Expires
X-ND-Cache
X-Webkit-CSP
X-LB-ID
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-APP-VERSION
X-Zone
X-Api-Version
X-Fpc
Time
X-Response-By
X-HS-Status
X-Release
X-Wa
Memory
X-API-Version
X-Vc
Cache
Srvid
Locid
X-FL-QIT-DEBUG
AMP-Access-Control-Allow-Source-Origin
X-FL-EDGE
X-Via-NSCOPI
X-From
Expect-Staple
X-Generated-In
X-CS
X-Client-Ip
X-NGINX-Cache
X-Hcs-Proxy-Type
X-Cache-Enabled
X-Via-CDN
X-Edge-Pop
X-CCDN-Origin-Time
Eomportal-Instance
X-CCDN-CacheTTL
NtCoent-Length
Hostname
X-Provided-By
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
Edge-Copy-Time
X-Check-Cacheable
X-Micro-Cache
GeoIp-Country-Code
X-Via-Edge
X-Via-SSL
Ngx-Var-Key
X-NewRelic-App-Data
X-Air-Pt
X-CSRF-TOKEN
OT-Force-Account-Verify
XkeyRZ
X-Proxy-CacheRZ
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-MCACHE
True-Client-IP
X-SIPLIST1
IsBot
X-Vcl-Version
X-Request-URI
X-Lambda-Id
X-Via-JSL
X-Srv
X-B3-SpanId
X-Dc
X-Nf-Request-Id
X-Amz-Meta-Cb-Modifiedtime
X-Cache-NGX
X-VCL-Version
Srv
X-Info
Sid
X-Render-Time
CPC-Age
VNS-Cache
VNS-Age
CPC-Cache
X-Vtex-Remote-Cache
X-EC-Lua
True-Client-Ip
Path
Uri
X-Cs
Resin-Trace
X-VCT
X-TH-Server
Location
Fastly-Drupal-Html
Request-ID
X-Server-ID
X-Cache-Expires
X-Oss-Storage-Class
CDN
X-Oss-Server-Time
X-ATG-Version
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Fastly-Country-Code
X-Oss-Object-Type
X-Datadome
X-TX-ID
X-Contensis-Viewer-Groups
X-Cache-ASPX
Cross-Origin-Opener-Policy-Report-Only
X-MSEdge-Features
X-Varnish-Authentication
X-MSEdge-Flight
Esi-Enabled
X-CACHE-KEY
X-Edge-POP
GeoIP-Country-Code
X-CLOUD-TRACE-CONTEXT
Servername
YJS-ID
M-TraceId
X-Upstream-Ht
X-Upstream-Ct
X-Accel-Version
X-Varnish-Beresp-TTL
X-Cache-Type
X-FPC
X-Pod-Name
X-RateLimit-Remaining-Second
X-CF-Lambda-Version
X-Cdn-Request-ID
Sm-Log-Id
Traceparent
X-Service-Response-Time
Timeexpire
X-Moov-Xdn-Version
X-CF-Lambda-Fn
X-RateLimit-Limit-Second
X-Scheme
X-Moov-T
X-PAYTM-SRV-ID
LB
X-Datacenter
X-WA
X-Lb-Id
XServer
CountryCode
X-RateLimit-Reset
X-Viewer-Country
X-ApacheServer
X-PERF
X-Akamai-Pragma-Client-IP
X-SERVER-NAME
Server-Id
X-Cdn-Cache-Status
X-Wikidot-Backend
X-CDN-Cache-Status
X-Wikidot-Static-Cache
X-Udemy-Cache-App-Namespace
RNT-Machine
X-NC
HIT
N-Cache
RNT-Time
X-Geo
X-Orig-Expires
X-Forwarded-Path
Proxy-Connection
X-Shop-Environment
X-Bl-Debug
X-Tenant
FSS-Cache
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Ohc-File-Size
Powered-By
X-NAPM-TraceId
X-ServedByHost
X-Cdn-Forward
X-Dw-Trace-Id
Rip
Epwk-X-Cache
X-LiteSpeed-Cache-Control
X-Ha-Backend
ENV
X-MP-GENERATED-AT
X-B3-Trace-ID
X-TraceId
Geoip-Latitude
Tracecode
X-Lb-Nocache
X-App-Name
X-Amz-Meta-Opti
X-Policy
WZWS-RAY
True-Client-Country-4JS
X-Hyper-Cache
V-Age
Yjs-Id
Ms-Author-Via
X-Clientip
X-M-Reqid
X-M-Log
X-Snapshot-Date
Content-Style-Type
Content-Script-Type
X-Acquia-Site
X-Acquia-Application-UUID
X-RAMCache
X-Acquia-Application-Trace
X-Qnm-Cache
X-Acquia-Purge-Tags
Inserted-Into-Cache-At
X-VG-WebCache
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Vgn-Hpd-Reason
X-Rebelmouse-Surrogate-Control
User-Agent
XM
X-Rebelmouse-Cache-Control
Ngx
X-B3-Parentspanid
X-Serial
Ec-Rule-Version
X-B3-ParentSpanId
X-Fastly-Backend-Reqs
X-Swift-Error
X-F-Status
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-TT-LOGID
X-Wp-Cf-Super-Cache
X-Webstats-RespID
PICS-Label
Hit
X-Fastly-Cache-Hits
Lb
X-Mid-Debug-Cache-Key
Cneonction
Warning
MIME-Version
My-App
X-LiteSpeed-Tag
X-IPS-Cached-Response
X-Cache-Ngx
X-Th-Server
X-Mid-Debug-Cache-Disk
X-Request-URL
X-MiniProfiler-Ids
X-UP
X-Stale