Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-FRAME-OPTIONS
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Server-Timing
X-XSS-PROTECTION
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Robots-Tag
P3p
X-Backend
X-Cache-Group
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Proxy-Cache
X-Hacker
X-Server
X-Rq
X-UA-Device
X-Server-Powered-By
X-Age
Allow
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
EagleId
X-Dispatcher
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
Nel
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Node
X-Host
Accept-CH
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-OneAgent-JS-Injection
X-Backend-Server
X-CST
X-Readtime
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Cache-Lookup
X-Content-Security-Policy-Report-Only
Permissions-Policy
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
X-Response-Time
X-Edge
Accept-Ch-Lifetime
X-HW
Accept-CH-Lifetime
X-Ua-Compatible
Content-Location
X-Mod-Pagespeed
X-Clacks-Overhead
X-Url
X-Oneagent-Js-Injection
X-Litespeed-Cache
X-Midtier
X-Ruxit-JS-Agent
X-ESI
Rating
X-Mcache
X-Amz-Server-Side-Encryption
X-ECACHE
X-Country
Xkey
X-Upstream
X-TtlSet
X-Vname
X-PC
X-Vcap-Request-Id
Cache-Tag
X-Rack-Cache
X-MS-InvokeApp
X-D2id
X-Kinja-Server
X-GoogleNews-Bot
Verso
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Element-Page-Cache
X-Exp-Id
X-Use-Magma
Accept-Ch
Fastly-Restarts
Edge-Control
RTSS
X-Powered-By-Plesk
X-Cache-TTL
X-Ruxit-Js-Agent
X-VARITI-CCR
Origin-Trial
X-Content-Type
X-Ac
X-Navigation-Version
X-Abt-Application-Version
X-Cached
X-Goog-Hash
Service-Worker-Allowed
X-Country-Code
X-Ttl
X-GitHub-Request-Id
X-Amz-Rid
Display
X-Middleton-Display
X-Sol
Pagespeed
X-WebKit-CSP-Report-Only
X-Mg-S
X-Browser-Type
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Server-Name
Cross-Origin-Opener-Policy
X-B3-TraceId
Arr-Disable-Session-Affinity
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-Powered-CMS
AR-Request-ID
AR-SID
Response
X-Middleton-Response
AR-ATIME
AR-PoweredBy
X-Amzn-Trace-Id
SPRequestDuration
SPIisLatency
X-Cache-Key
X-Ua-Device
X-Varnish-TTL
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastly-Request-ID
X-Cnection
X-Version
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Webkit-CSP
X-Accel-Expires
Cache-Tags
X-T
Front-End-Https
Cache-Status
X-Times
X-Client-IP
Edge-Cache-Tag
X-NF-Request-ID
X-MSEdge-Ref
X-Px
X-Ser
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Fastcgi-Cache
Public-Key-Pins
X-Hits
Nginx-Cache
X-Recruiting
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-NWS-LOG-UUID
X-Shield-Request-Id
X-Frontend
X-Request-Processing-Time
X-LLID
X-Request-Received
Server-Node
X-Ua-Browser
Payment
X-B3-Traceid
Access-Control-Request-Method
X-RateLimit-Remaining
X-DIS-Request-ID
TP-Cache
X-FastCGI-Cache
X-Kinja-CCPA
X-Webkit-CSP-Report-Only
X-HS-Cache-Config
X-HS-Combine-CSS
S
X-HS-Content-Id
X-Goog-Metageneration
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-HS-Hub-Id
MicrosoftSharePointTeamServices
TP-L2-Cache
X-Webkit-Csp
X-LB-Cache
X-Content-Digest
X-PressLabs-Stats
Content-MD5
X-Distributor
X-Ratelimit-Remaining
X-RateLimit-Limit
Realpath
X-Request-Handler-Origin-Region
X-Geo-Country
X-Hostname
X-Microsite
X-Ezoic-Cdn
Access-Control-Allow-Method
X-Forwarded-For
X-Page-Id
X-FB-Debug
Fastcgi-Cache
X-GUploader-UploadID
Accept-Charset
X-Cluster-Name
X-Rid
X-Protected-By
X-Amz-Apigw-Id
X-Seen-By
X-Amzn-RequestId
X-Envoy-Decorator-Operation
X-Correlation-Id
TCN
Cleartype
X-TEC-API-VERSION
X-B3-Sampled
X-TEC-API-ROOT
X-Ratelimit-Limit
X-TEC-API-ORIGIN
DC
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Origin-Server
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Newrelic-App-Data
X-Debug-Info
Referer-Policy
X-Mobile
X-Varnish-Backend
Cross-Origin-Resource-Policy
X-Git-Hash
X-Logged-In
X-Origin-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
X-XRDS-Location
X-Azure-Ref
X-TTL
X-Contextid
X-Varnish-Grace
Alternate-Protocol
X-Revision
X-Route-Name
X-Providence-Cookie
X-Request-Guid
Surrogate-Key
X-Flags
X-App-Environment
X-Amz-Replication-Status
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Aspnet-Version
X-Grace
X-Fb-Rlafr
Count-Hit
X-TT
X-Content-Options
Healthy
X-Amz-Meta-S3cmd-Attrs
X-Server-ID
X-Wix-Request-Id
X-IPS-LoggedIn
X-Forwarded-Proto
X-Whom
MS-Author-Via
Charset
Frame-Options
WPO-Cache-Message
X-App-Server
X-Akamai-Edgescape
X-Hosted-By
WPO-Cache-Status
Filterid
Viewport
X-Id
X-Varnish-Ttl
X-Daa-Tunnel
Paypal-Debug-Id
X-Magnolia-Registration
X-Cache-Age
X-Backend-Name
X-B
Section-Io-Cache
X-Kong-Upstream-Latency
Retry-After
X-Kong-Proxy-Latency
X-Trace-Id
X-Az
X-AppVersion
X-Activity-Id
X-Cache-Control
X-Client-Ip
X-F-Cache
X-Www-Served-By
X-Proxy-Cache-Info
Server-Name
Amp-Access-Control-Allow-Source-Origin
X-Type
SRV
X-Varnish-Server
Refresh
Version
X-Proxy
X-Instance
X-Http-Reason
X-ARC
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Original-Request-Id
Akamai-GRN
X-EdgeConnect-Cache-Status
X-Response-Served-From
X-Rule
Host
X-Cache-Rule
Protected
Front
X-Edge-Location
X-UUID
X-Varnish-Age
X-User-Agent
X-Status
X-Rocket-Nginx-Serving-Static
X-Cache-Grace
X-Akamai-Request-ID2
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Environment-Context
X-Cacheable-TTL
Fastly-SIE
Fastly-SWR
From-Origin
X-FW-Static
X-FW-Type
X-Region
X-Rendered-As
X-Unique-Id
X-Page-View
X-L-Path
X-FW-Version
X-Is-Bot
X-Jobs
X-N
X-Framework
Access-Control-Request-Headers
X-Oracle-Dms-Ecid
X-Cache-Time
X-Adobe-Content
X-Adobe-Loc
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Time
X-App-Version
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel-1
X-Oracle-Dms-Rid
X-RateLimit-Reset
X-Upgrade-Enabled
X-Load-Cache
X-COUNTRY
ServerID
X-G
X-Source
Content-Disposition
Country
X-ECache
X-Language
X-Datadog-Parent-Id
X-Vcache
X-Datadog-Sampling-Priority
X-Drupal-Cache-Tags
X-Datadog-Trace-Id
X-CDN-Forward
X-Nf-Request-Id
X-Yottaa-Optimizations
X-HTML-Minification-Powered-By
X-Yottaa-Metrics
X-Tt-Trace-Tag
X-Tt-Trace-Host
Countrycode
X-Datadog-Sampled
Accept-Language
X-Amzn-Remapped-Content-Length
X-DynaTrace
X-Debug-IsPreview
X-Debug-IsConnected
X-DataDome
X-Mg-Request-UUID
X-Generated-By
X-DynaTrace-JS-Agent
Liferay-Portal
Backend
X-ID
X-Xrds-Location
Xet-Cookie
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
CF-IPCountry
X-B-Cache
X-Signature
Webserver
X-Nginx-Cache
X-Tt-Logid
X-B3-SpanId
X-NYM-Debug-Backend
X-Mode
X-Drupal-Cache-Contexts
X-Httpd
X-Device-Type
X-Content-Powered-By
X-Servername
Xserver
X-Zen-Fury
X-Content-Age
Url
GEO-INFO
X-Erf-Web-Scheduler
X-Sucuri-ID
X-Proto
X-LAGOON
X-Rewrite-Enabled
X-Tb
X-Container-Uri
X-Urbn-Site-Id
X-Sucuri-Cache
X-SayCDN-TTL
X-Director
X-Cache-Operation
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
Fastcgi-Useragent
Filters
Onion-Location
X-Urbn-Context-Path
Meta-Geo
Locale
Load-Balancing
S-Rt
X-Cache-Action
X-Say-TTL
X-GeoCountry
X-Git-Commit
X-Say-Cacheable
X-ServerID
X-Varnish-Cache-Hits
X-UPSTREAM-Address
X-SaId
X-JoinUs
X-GeoCode
X-XRDS-LOCATION
X-Cluster-Node
X-Labrador-Cache-Channel
Uber-Trace-Id
X-PHP-Host
X-RM-Cache-TTL
X-Forwarded-Host
X-Soup
X-Varnish-Hostname
X-VC-Cache
X-Detected-As
X-Sql-Count
X-VCT
X-Logging-Id
X-Generation-Time
X-Served-From
X-Ms-Version
X-Ms-Request-Id
X-Adobe-Source
X-Sql-Duration-Ms
X-Cache-Server
X-Storage
Web-Mar-Node
Webcakes-App-Version
DB-Nickname
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Debug
X-FB-TRIP-ID
Webcakes-Region
X-RCS-CacheZone
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Origin-Hint
X-R9-Blue-Green-Version
X-Extlb
TWC-Device-Class
TWC-Connection-Speed
TWC-Privacy
X-Skip-Cache
Property-Id
Webcakes-App-Name
Mn-Server-Ip
TWC-Locale-Group
X-Fetched-On
X-Format
X-Proxy-Build
X-Tumblr-Pixel-3
X-Timing-Wait
X-Tumblr-Pixel-2
X-Uri
Selected-Fe
X-LSADC-Cache
CDN-RequestId
X-Ratelimit-Reset
X-Lambda-Id
Node
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
OT-Force-Account-Verify
Source
X-MP-GENERATED-AT
X-Origin-Date
X-Template
Fastly-Drupal-HTML
X-Cache-Expired-At
X-Tncms
X-Srv
X-Loop
X-Cache-Hit
X-MCACHE
X-NGENIX-Cache
X-Varnish-Hits
X-Via-JSL
X-Pass-Why
X-Endurance-Cache-Level
Content-Secure-Policy
X-Ua
X-Cache-TTL-Remaining
X-UA-Device-Type
X-Redis-Cache
X-Node-Name
Upgrade-Insecure-Requests
X-AIR-PT
X-Pubstack
Cross-Origin-Window-Policy
X-Real-IP
X-Origin-CC
X-Origin-TTL
X-Server-W
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
NGB
X-CCDN-CacheTTL
X-Fastly-Request-Id
X-PHP-Backend
Cache-Hits
X-Cache-Host
X-CSRF-Token
Cache-Name
Ms-Operation-Id
Cache-Provider
X-GEO
X-RTag
MS-CV
CDN-PullZone
X-Xfnlog-Site
CDN-RequestCountryCode
CDN-CachedAt
X-Restarts
X-Reqid
X-Datadome
CDN-Cache
CDN-EdgeStorageId
X-Optimistic-Header
X-IPLB-Request-ID
X-Cms-Context
CDN-RequestPullCode
X-IPLB-Instance
Apigw-Requestid
CDN-Uid
CDN-RequestPullSuccess
X-S
X-Cache-Type
X-Rn-Rsrv
X-Hl-Ver
X-Akamai-Transformed
X-BYPASS-REASON
X-No-Session
X-ProxyCache-Status
X-ProxyCache-Key
X-Aspnetmvc-Version
X-Newrelic-Synthetics
X-TimeS
X-Via-Fastly
X-AWS-Id
X-Cluster
X-LJ-Flow-ID
X-VWS-Id
Gannett-Cam-Experience-Id
Gh-Request-Id
X-A-Wwc
L
X-Accel-Buffering
HA-Ipaddr
Ha-Gx-Prefs
DCR-Decision-By
X-A-Dgt
CPC-Cache
CPC-Age
Candidate-Md5Url
X-Aed
X-Accel-Expires-Debug
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
DCR-Processing-Time-Ms
Fastly-SSL
Web-Mar-Region
VNS-Age
Rendered-Blocks
Redirect-Candidate
VNS-Cache
Odigeo-Trace-Id
Vix-Hermes-Req-Id
Server-Host
True-Client-Country-4JS
T-Server
Surrogated-Key
Sslversion
Ngx.Var.Host
W
Magicmarker
X-A-Ccd
X-A-Dam
Lang
L5d-Success-Class
X-A
Mail-Subject
N-Cache
We-Hiring
Meta-Geo-Continent
MD5-Digest
X-A-Dcw
X-Developer
X-Rojux
X-Request-Host
X-RateLimit-Remaining-Second
X-S-Cookie
X-ScT
X-Shop-Environment
X-SD-PageType
X-RateLimit-Limit-Second
X-Policy
X-JWT-State
X-Is-Gdpr
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Origin-Time
X-Orig-Expires
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Wikidot-Backend
X-We-Are-Hiring
X-Vtex-Remote-Cache
X-Wikidot-Static-Cache
X-Wix-Viewer-Type
Xc-Version
X-Worker
X-Viewer-Country
X-VG-WebCache
X-Tenant
X-SRCache-Key
X-TIM-N
X-Var-Ttl
X-Vdms-Version
X-Vdms-Path
X-Irp-Debug
X-Has-Esi
X-CGP
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Conf
X-Csrf-Jwt
X-Date
X-D
X-Cdn-Diag
X-CacheTTL
X-BCube-Filmed-By
X-Bc-Bl
X-Bl-Debug
X-Cache-Bucket
X-Cache-NE
X-Cache-Info
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-FC-Vary-Parameters
X-Fastly-Backend
X-External-Request-Id
X-Forwarded-Path
X-Gdpr
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Eu-Site
X-Epic-Correlation-Id
Canary
X-Destination
X-Dispatcher-Number
X-Ec-Custom-Error
X-Ec-GeoHdr
X-Ec-Fail
X-B-Cookie
X-Application
X-Access
X-Section
X-CACHE-AGE
BehaviorPad-Version
X-TA-CDN-Provider
X-Parent-Response-Time
X-Proxy-Cache-Status
X-Origin-Response-Time
X-Owner
X-PAYTM-SRV-ID
X-PERF
X-DefElseHash
X-Org
X-Mid
X-Node-Id
X-Old-Content-Length
X-Platform
X-Mly-Id
Thinkindot-CacheControl-Type
X-Request-Time
X-Qloud-Router
Req-Svc-Chain
Release
X-S-Maxage
X-Pool
X-Clientip
X-Loc
Thinkindot-CacheControl
TDXMobile
X-Core-Value
Thinkindot-Control
X-Level-Front-Cache
X-Cache-Id
X-Forwarded-Site
X-Generated-On
X-Cache-Debug
X-Geo-Header
X-Fmm-Version
X-Esi-Check
X-Clara-WADP
X-DefHash
X-Cdn-Origin
X-DPWN-IS-SECURE
X-Gzip
X-Bip
X-Human
X-ApacheServer
X-Alternate-Cache-Key
X-INCAP-ABP
X-App-Name
X-Auto-Login
X-CMSURLCustom
X-BBC-Edge-Cache-Status
X-Handled-By
X-Hash
Producers
X-Core-Mission
X-Storefront-Renderer-Rendered
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Environment
Machine
X-Sorting-Hat-ShopId
X-Vmg-Version
Memcached
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-Test
X-Thanos
X-Varnish-CookieINHashed-On
X-Thinkindot-L3
X-Varnish-CookieHashed-On
X-Up
Host-ID
X-Varnish-Remaining-TTL
Expect-Staple
AKAMAI
X-Varnishpool
X-Shopify-Stage
X-VG-TLSProxy
Cmsid
Datacenter
Cmstype
X-Server-IP
X-VServer
X-WADP-Cache
Origin
X-ShopId
X-ShardId
User-Cache-Control
X-TIME
DSUID
X-Cdn-Srv
X-Variation
Adler-Geo
X-Dispatcher-Server
X-Akamai-Device-Characteristics
X-Block-Status
X-WA-Info
X-Device-Os
CloudFront-Viewer-Country
X-Hnp-Log
X-GeoIP
Apple-News-Services-Request-Url
Country-Code
X-From
Esi-Enabled
X-Vcl-Version
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Gen-Mode
X-Nananana
X-App
Sever-Int
X-Origin
X-NodeID
Is-Eu
Server-Hostname
Server-Ext
X-Scale
Platform
NM-Fastcgi-Cache
ServedBy
X-Nginx-Cache-Key
CDCHOST
X-Mvc-Supplant-OutputCached
X-Correlation-ID
X-Cs
WP-Super-Cache
X-Web-Node
X-Air-Trace-Id
X-Instance-Name
X-Refresh
Wxu-Next-Commit
X-Air-Hostname
X-Air-Source
Pics-Label
X-Presslabs-Stats
X-LB-NoCache
Origin-CC
C-Via
Origin-EX
Wxu-Next-Region
X-Op-Id-All
X-Nitro-Cache
X-Cache-Enabled
Server-Info
X-NCache
Wxu-Next-Hostname
Ssr
X-Tx-Id
Time
X-Azure-Ref-OriginShield
Memory
X-Amz-Meta-Cb-Modifiedtime
AMP-Access-Control-Allow-Source-Origin
Server-ID
X-Platform-Cluster
X-Dc
Hostname
X-Platform-Router
X-Platform-Processor
Cache-Host
X-Origin-Expires
X-HA-Backend
X-Microcachable
X-Cache-Status-Check
GeoIP-Latitude
NGX
X-Tb-Optimization-Total-Bytes-Saved
X-ZONE
X-API-Version
Cf-Device-Type
XM
Origin-Agent-Cluster
X-URL
X-Site-Version
X-Locale
X-VHOST
X-VarnishDD-TTL
X-CACHE-GROUP
PFcat
X-HN
X-Ad-Defer-Variation
Resin-Trace
X-Varnish-Beresp-Grace
X-Wp-Cf-Super-Cache-Active
Srvid
X-Via-Edge
X-Fpc
X-Via-CDN
X-Via-SSL
A
X-FL-QIT-DEBUG
X-Vgn-Hpd-Reason
Locid
X-DC
X-Varnish-Beresp-Ttl
Edge-Copy-Time
X-FL-EDGE
YJS-ID
Cdn-Requestid
X-Internal-Host
X-Webkit-Csp-Report-Only
X-Zone
X-Micro-Cache
Sid
X-Upstream-Ct
X-WP-CF-Super-Cache-Active
X-Upstream-Ht
X-TraceId
X-ATG-Version
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-FireWall-Port
X-Cached-By
X-Pod-Name
X-DataCenter
X-Varnish-Authentication
X-Github-Request-Id
X-Moov-Xdn-Version
X-Moov-T
Cache-Key
X-B3-Spanid
X-SIPLIST1
X-AB
Uri
True-Client-Ip
User-Agent
IsBot
Location
X-Buckets
X-LiteSpeed-Cache-Control
X-B3-Parentspanid
X-Info
GeoIP-Country-Code
X-Geo-Region
X-Backend-Instance
X-HS-Content-Campaign-Id
X-Provided-By
X-Platform-Server
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
State
X-Nitro-Cache-From
X-Accel-Version
XServer
X-FTR-Request-ID
X-NGINX-Cache
X-Fastly-Cache
X-Release
X-Nitro-Rev
GeoIp-Country-Code
X-LiteSpeed-Tag
X-VC
X-RN-RSRV
X-Datacenter
X-MSEdge-Features
Cdn
X-MSEdge-Flight
X-Sigma-Backend
CF-Ctrl
X-Sigma
X-Rocket-Build-Number
Lb
X-Cache-Remote
SID
X-VCache
X-Is-Mobile
X-Browser-Name
X-Is-Supported-Browser
X-Is-Desktop
X-Tcp-Rtt
Cache
X-CS
X-Is-Tablet
X-Geo
True-Client-IP
X-Api-Version
NtCoent-Length
X-NewRelic-App-Data
X-CSRF-TOKEN
X-Cache-Ttl
X-Vgn-Hpd-Variations-Key
Path
X-GeoIP-City
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Gamma-Serve
X-Generated-In
Fastly-Drupal-Html
X-FPC
Epwk-X-Cache
X-HS-Status
X-Hyper-Cache
X-Scheme
X-TRACE-ID
X-APP-VERSION
Cache-Tv-Group
X-Frame-Option
X-Rebelmouse-Cache-Control
Srv
X-Rebelmouse-Surrogate-Control
Tcn
X-HostName
X-Webstats-RespID
X-Service
Ohc-File-Size
X-GoCache-CacheStatus
X-SRV
Kp-EeAlive
Serverid
Cf-Ipcountry
X-UA
HostName
CountryCode
Cdnsip
X-Air-Pt
X-AK-Request-ID
X-Location
X-Amz-Meta-Opti
X-Mobile-URL
X-Esi
Cdncip
X-Guploader-Uploadid
CacheControlHeader
X-Cache-Tags
On-Server
X-Wp-Cf-Super-Cache
X-Aicache-OS
Proxy-Connection
X-Branch-Name
X-Region-Sid
X-Developers
X-TX-ID
X-Traceid
X-Wp-Cf-Super-Cache-Cache-Control
X-EC-Lua
WebServer
X-Men
X-Wp-Cf-Super-Cache-Cookies-Bypass
WZWS-RAY
Env
X-Cdn-Cache-Status
X-CDN-Cache-Status
X-Proxy-CacheRZ
X-Vercel-Cache
X-Vercel-Id
Yak-Timeinfo
X-Vc
X-Akamai-Pragma-Client-IP
Mime-Version
Tube-Return
V-Age
XkeyRZ
X-Minions-Version
X-Nc
X-Servedbyhost
Tube-Got-Results
RNT-Machine
RNT-Time
X-Req
Tube-Get-Contents
X-SB
Tube-Got-Eval
X-Acquia-Purge-Cdn-Unconfigured
X-V-Cache
Click-Count-Action-Start
X-Pad
X-Wa
Click-Count-Error
X-Via-Popv
X-B3-Trace-ID
X-Cache-FS-Status
Ohc-Cache-HIT
X-LB-ID
X-Via-Popn
X-Via-Poph
X-CACHE-KEY
X-Origin-Cache-Key
CDN
X-VCL-Version
X-NMSegId
Cdn-Host
Geoip-Latitude
X-FTR-Cache-Status
X-Ha-Backend
Req-ID
M-TraceId
X-Edge-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
Server-Id
X-FTR-Balancer
X-FTR-Backend-Server
Cdn-Request-Time
X-NWS-UUID-VERIFY
ENV
LB
X-Cdn-Request-ID
WWW-Authenticate
X-Cdn-Forward
Ngx
X-Edge-Pop
X-Lb-Cache
Content-Script-Type
X-Fastly-Country-Code
Content-Style-Type
X-User
CF-Cached-On
X-WP-CF-Super-Cache-Cookies-Bypass
Cluster
X-TT-LOGID
X-Lb-Nocache
X-IN-APIGATEWAYSSL
X-Processor
PICS-Label
X-IN-APIGATEWAY
X-Scope-Id
X-Ad-Load-Variation
X-M-Log
X-APP
X-TH-Server
Pramga
X-Request-Start
X-M-Reqid
X-Dw-Trace-Id
X-MiniProfiler-Ids
X-Via-Ucdn
X-Snapshot-Date
X-Check-Cacheable
X-Ckpd-Fst-Backend
X-Edge-POP
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Yjs-Id
Vha6-Origin
X-CUA
X-Render-Time
X-Fastly-Cache-Hits
X-Varnish-Beresp-TTL
X-Shield-Cache-Expires
X-Request-URI
X-Qnm-Cache
CACHE-MISS-TO-ORIGIN
X-Litespeed-Cache-Control
Log-Origin
X-RAMCache
X-Fastly-Backend-Reqs
Inserted-Into-Cache-At
X-Miniprofiler-Ids
X-Iauth-Set-Uid
X-ElasticPress-Query
HIT
X-Udemy-Cache-App-Namespace
Cneonction
X-Cached-Since