Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
CF-RAY
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Dns-Prefetch-Control
X-Request-ID
X-Drupal-Dynamic-Cache
Server-Timing
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-XSS-PROTECTION
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Request-Context
X-Turbo-Charged-By
X-Backend
X-Cache-Group
X-AH-Environment
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-Proxy-Cache
X-Vhost
X-UA-Device
X-Server
X-Rq
Allow
X-Server-Powered-By
X-Ws-Request-Id
X-Age
X-Dispatcher
EagleId
X-Varnish-Cache
X-Amz-Version-Id
X-LiteSpeed-Cache
P3p
Nel
X-Ua-Compatible
Grace
Cf-Apo-Via
Cf-Railgun
X-Page-Speed
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
EagleEye-TraceId
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Node
X-WebKit-CSP
X-Cache-Lookup
X-CST
X-Backend-Server
Accept-CH
X-Server-Id
Surrogate-Control
Permissions-Policy
X-Readtime
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Request-Id
X-Application-Context
Accept-CH-Lifetime
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-Trace
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Rating
Accept-Ch
X-Midtier
X-Amz-Server-Side-Encryption
X-ESI
X-Url
Accept-Ch-Lifetime
X-ECACHE
Cache-Tag
X-Mcache
X-Oneagent-Js-Injection
X-Country
X-MS-InvokeApp
X-Rack-Cache
X-Powered-By-Plesk
X-D2id
X-Vcap-Request-Id
X-Kinja-Revision
X-Use-Magma
X-Upstream
X-Exp-Id
X-Kinja
X-Kinja-Build
Verso
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Element-Page-Cache
Edge-Control
Service-Worker-Allowed
RTSS
X-PC
X-TtlSet
X-Vname
X-Country-Code
X-Ac
Origin-Trial
X-Goog-Hash
X-VARITI-CCR
X-Navigation-Version
X-Abt-Application-Version
X-WebKit-CSP-Report-Only
Fastly-Restarts
X-Cache-TTL
X-GitHub-Request-Id
X-Browser-Type
X-Kinja-CCPA
X-Varnish-TTL
X-Amz-Rid
X-Ruxit-Js-Agent
X-Aspnetmvc-Version
X-Cached
X-Webkit-CSP
Cross-Origin-Opener-Policy
X-NWS-LOG-UUID
X-Server-Name
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Times
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
SPRequestDuration
SPIisLatency
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Content-Type
X-Instrumentation
AR-SID
AR-PoweredBy
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Powered-CMS
AR-ATIME
X-Cache-Key
AR-Request-ID
X-Litespeed-Cache
X-Mg-S
Arr-Disable-Session-Affinity
X-Ttl
X-Middleton-Response
Response
X-B3-Traceid
X-Version
X-FastCGI-Cache
X-Fastly-Request-ID
X-Client-IP
X-Cnection
X-Ser
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
Nginx-Cache
Cache-Tags
AR-CACHE
X-Accel-Expires
X-T
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-B3-TraceId
Cache-Status
Edge-Cache-Tag
X-NF-Request-ID
X-Hits
Front-End-Https
X-MSEdge-Ref
X-Px
Public-Key-Pins
X-RateLimit-Remaining
X-Recruiting
Payment
S
X-Shield-Request-Id
X-LLID
X-Server-ID
X-Frontend
X-Request-Processing-Time
X-Ua-Browser
X-Request-Received
Server-Node
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-TTL
X-Daa-Tunnel
X-RateLimit-Limit
X-Goog-Metageneration
Content-MD5
X-GUploader-UploadID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Amz-Apigw-Id
Access-Control-Request-Method
X-Amzn-RequestId
X-Content-Digest
X-PressLabs-Stats
TP-Cache
Realpath
X-Protected-By
X-Forwarded-For
X-Request-Handler-Origin-Region
X-Microsite
X-Distributor
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
Fastcgi-Cache
Access-Control-Allow-Method
X-Ratelimit-Remaining
X-FB-Debug
X-Page-Id
X-Rid
X-LB-Cache
X-Cluster-Name
Accept-Charset
X-Webkit-CSP-Report-Only
X-Geo-Country
X-Fastcgi-Cache
X-Aspnet-Version
X-Ua-Device
X-Hostname
TP-L2-Cache
X-B3-Sampled
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Count-Hit
X-Erf-Stays-Pdp-Viaduct-Migration-Web
Cross-Origin-Resource-Policy
X-Seen-By
X-Ezoic-Cdn
X-Correlation-Id
Cleartype
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ratelimit-Limit
X-App-Server
TCN
X-Newrelic-App-Data
X-Id
X-Logged-In
Referer-Policy
X-Varnish-Backend
X-Content-Options
X-Mobile
DC
X-Hosted-By
X-Git-Hash
X-Origin-Cache
X-Contextid
X-Xrds-Location
X-Flags
X-Is-Crawler
X-Amz-Replication-Status
X-Route-Name
X-Fb-Rlafr
X-Aspnet-Duration-Ms
X-Request-Guid
X-Providence-Cookie
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Debug-Info
Retry-After
Surrogate-Key
X-Grace
X-Revision
Frame-Options
X-TT
X-App-Environment
X-Varnish-Grace
X-IPS-LoggedIn
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Proto
X-F-Cache
X-Envoy-Decorator-Operation
X-Azure-Ref
X-Magnolia-Registration
Section-Io-Cache
X-Wix-Request-Id
X-RateLimit-Reset
X-Whom
MS-Author-Via
Healthy
X-Proxy-Cache-Info
X-COUNTRY
Charset
X-Webkit-Csp
X-App-Version
Viewport
X-Akamai-Edgescape
Alternate-Protocol
X-Origin-Server
X-Www-Served-By
X-Backend-Name
X-Language
WPO-Cache-Message
WPO-Cache-Status
X-AppVersion
X-Az
X-Activity-Id
X-Varnish-Server
Filterid
Paypal-Debug-Id
X-B
Amp-Access-Control-Allow-Source-Origin
X-Client-Ip
Server-Name
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
SRV
X-Trace-Id
X-Response-Served-From
X-EdgeConnect-Cache-Status
X-Original-Request-Id
X-DataDome
SD-X-WS
X-Kong-Upstream-Latency
X-Cache-Rule
X-Kong-Proxy-Latency
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Http-Reason
Host
X-UUID
X-Akamai-Request-ID2
X-User-Agent
X-Rule
X-Edge-Location
Akamai-GRN
X-Nf-Request-Id
X-Instance
Front
X-Cache-Grace
X-Unique-Id
X-N
Country
From-Origin
X-Tumblr-User
Protected
X-Varnish-Age
X-Tumblr-Pixel-0
X-Region
X-Cacheable-TTL
X-Page-View
X-L-Path
X-Environment-Context
X-ARC
X-Jobs
X-Rocket-Nginx-Serving-Static
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Status
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Yottaa-Metrics
X-FW-Type
X-Yottaa-Optimizations
X-RemovedCookies
X-FW-Version
X-Framework
X-Adobe-Loc
X-FW-Static
X-Rendered-As
X-Adobe-Content
Fastly-SIE
X-FW-Dynamic
X-Is-Bot
X-ProcessESI
Fastly-SWR
X-Load-Cache
X-Vcache
X-Type
X-G
X-Cache-Time
Content-Disposition
ServerID
X-Proxy
X-Datadog-Sampled
X-Mg-Request-UUID
X-Signature
Access-Control-Request-Headers
X-B-Cache
X-Debug-IsPreview
X-Amzn-Remapped-Content-Length
X-Debug-IsConnected
X-URL
X-Time
X-ECache
X-CDN-Forward
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Backend
X-Cache-Control
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Erf-Web-Scheduler
Refresh
X-DynaTrace
Countrycode
Xet-Cookie
X-Nginx-Cache
X-Httpd
Accept-Language
X-Drupal-Cache-Tags
X-Servername
Url
X-XRDS-Location
X-Tt-Trace-Host
X-DynaTrace-JS-Agent
CF-IPCountry
X-Tt-Trace-Tag
X-Cache-Age
X-Generated-By
X-Template
X-HTML-Minification-Powered-By
X-Mode
X-Source
X-Device-Type
X-NYM-Debug-Backend
X-Content-Powered-By
Xserver
X-Storage
GEO-INFO
Webserver
Meta-Geo
X-Urbn-Context-Path
OT-Force-Account-Verify
X-Cache-Action
Locale
X-Content-Age
Filters
X-GeoCountry
X-Director
X-GeoCode
X-JoinUs
X-Cache-Operation
X-UPSTREAM-Address
Version
X-ServerID
X-SaId
X-Say-Cacheable
X-LAGOON
X-Say-TTL
X-Rewrite-Enabled
X-SayCDN-TTL
S-Rt
X-Urbn-Site-Id
X-Rn-Rsrv
Load-Balancing
X-XRDS-LOCATION
X-Loop
Onion-Location
X-Forwarded-Host
X-Cache-Hit
X-Container-Uri
X-Varnish-Cache-Hits
X-Git-Commit
X-Cache-Server
X-Tncms
X-Tumblr-Pixel-3
X-Cluster-Node
X-Soup
X-MCACHE
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-VC-Cache
X-Lambda-Id
Cross-Origin-Window-Policy
X-RM-Cache-TTL
X-VCT
X-Detected-As
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Ms-Request-Id
X-Ms-Version
X-Served-From
Azure-RegionName
X-Labrador-Cache-Channel
X-Adobe-Source
Azure-InstanceId
X-Sql-Count
X-CCDN-CacheTTL
X-Tb
Web-Mar-Node
X-PHP-Host
Azure-Version
Azure-SlotName
X-Sql-Duration-Ms
Azure-SiteName
X-Tt-Logid
DB-Nickname
X-Proto
X-Zipkin-Id
Mn-Server-Ip
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Skip-Cache
X-Proxied
X-Logging-Id
X-Extlb
X-FB-TRIP-ID
Node
X-Generation-Time
X-Routing-Service
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
X-Timing-Wait
X-Uri
X-Proxy-Build
X-Origin-Hint
X-Format
X-Fetched-On
Webcakes-App-Version
Webcakes-Region
X-Debug
TWC-Privacy
Webcakes-App-Name
Fastcgi-Useragent
Selected-Fe
Property-Id
TWC-Connection-Speed
X-Endurance-Cache-Level
Uber-Trace-Id
X-Redis-Cache
X-Zen-Fury
X-LSADC-Cache
X-B3-SpanId
X-Ua
Source
X-NGENIX-Cache
CDN-RequestId
X-Sucuri-ID
X-Sucuri-Cache
Section-Io-Origin-Time-Seconds
X-Oracle-Dms-Ecid
Section-Origin-Responded
X-Ratelimit-Reset
Section-Io-Id
X-Oracle-Dms-Rid
Section-Io-Origin-Status
X-S
X-TimeS
X-Drupal-Cache-Contexts
X-FTR-Request-ID
X-Srv
X-CACHE-AGE
X-Origin-CC
X-Origin-Date
X-Pass-Why
X-MP-GENERATED-AT
X-Origin-TTL
X-Varnish-Hits
X-Upgrade-Enabled
Upgrade-Insecure-Requests
Fastly-Drupal-HTML
X-Real-IP
NGB
X-Cache-Expired-At
X-Akamai-Transformed
Liferay-Portal
X-Newrelic-Synthetics
X-Handled-By
X-GEO
X-Optimistic-Header
X-Cms-Context
X-Reqid
Apigw-Requestid
X-Xfnlog-Site
X-TIME
X-UA-Device-Type
X-Restarts
X-Varnish-Ttl
ServedBy
X-Cache-TTL-Remaining
X-Hl-Ver
CDN-RequestPullCode
CDN-Uid
CDN-RequestPullSuccess
CDN-Cache
Ms-Operation-Id
MS-CV
CDN-RequestCountryCode
X-ProxyCache-Status
X-RTag
X-No-Session
X-ProxyCache-Key
X-Cache-Host
X-Tx-Id
X-BYPASS-REASON
CDN-CachedAt
X-Cache-Type
CDN-PullZone
CDN-EdgeStorageId
X-Node-Name
WP-Super-Cache
X-Pubstack
X-Via-JSL
X-Parent-Response-Time
X-AB
X-IPLB-Instance
X-Cluster
X-IPLB-Request-ID
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
Ngx.Var.Host
N-Cache
DCR-Decision-By
DCR-Processing-Time-Ms
Fastly-SSL
Gannett-Cam-Experience-Id
Odigeo-Trace-Id
Candidate-Md5Url
BehaviorPad-Version
Canary
Ha-Gx-Prefs
HA-Ipaddr
Magicmarker
MD5-Digest
Lang
L5d-Success-Class
Host-ID
L
Meta-Geo-Continent
X-Aed
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Eu-Site
X-External-Request-Id
X-FC-Vary-Parameters
X-Fastly-Backend
X-Ec-Fail
X-Ec-Custom-Error
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Destination
X-Developer
X-Dispatcher-Number
X-Request-Host
X-Rojux
X-Viewer-Country
X-Vdms-Version
X-Vtex-Remote-Cache
X-We-Are-Hiring
Xc-Version
X-Worker
X-Vdms-Path
X-SRCache-Key
X-ScT
X-S-Cookie
X-SD-PageType
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-D
X-Csrf-Jwt
W
Vix-Hermes-Req-Id
Web-Mar-Region
X-A
X-A-Dam
X-A-Ccd
True-Client-Country-4JS
T-Server
Rendered-Blocks
Redirect-Candidate
Server-Host
Sslversion
Surrogated-Key
X-A-Dcw
X-A-Dgt
X-CacheTTL
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Conf
X-CGP
X-Bl-Debug
X-BCube-Filmed-By
X-App
X-A-Wwc
X-App-Name
X-Application
X-Bc-Bl
Origin-Agent-Cluster
X-B-Cookie
X-Micro-Cache
X-Server-W
X-Proxy-Cache-Status
X-CSRF-Token
Cache-Provider
X-Generated-On
X-GeoIP-Country-Code
X-Forwarded-Path
X-DefElseHash
X-Date
X-DefHash
X-DPWN-IS-SECURE
X-GeoIP-Region-Code
X-Gdpr
X-Human
X-Nananana
X-Nitro-Cache
X-Node-Id
X-NodeID
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Irp-Debug
X-Loc
X-Mid
X-Hash
X-Core-Mission
VNS-Cache
We-Hiring
X-Accel-Buffering
X-Accel-Expires-Debug
VNS-Age
Thinkindot-Control
Req-Svc-Chain
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Alternate-Cache-Key
X-Correlation-ID
X-Cdn-Origin
X-Clientip
X-CMSURLCustom
X-Nyt-Route
X-Cdn-Diag
X-Cache-Info
X-BBC-Edge-Cache-Status
X-Bip
X-Cache-Bucket
X-Cache-Debug
X-Core-Value
X-Orig-Expires
X-Var-Ttl
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Up
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Tenant
X-Test
X-Thanos
X-Varnish-Remaining-TTL
X-Varnishpool
X-Wix-Viewer-Type
AKAMAI
X-Geo-Header
X-PAYTM-SRV-ID
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VG-TLSProxy
X-VG-WebCache
X-Vmg-Version
X-VServer
X-SVT-ORM-RULES
X-Storefront-Renderer-Rendered
X-Pool
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Policy
X-Platform
X-Org
Release
X-Origin-Time
X-Owner
X-Refresh
X-Request-Time
X-Shopify-Stage
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Shop-Environment
X-S-Maxage
X-Server-IP
X-ShardId
X-Old-Content-Length
X-Level-Front-Cache
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Expect-Staple
Gh-Request-Id
Is-Eu
Mail-Subject
X-Geo-Region
Environment
Datacenter
Cf-Device-Type
Adler-Geo
X-Cache-Status-Check
Cmsid
Cmstype
CPC-Cache
CPC-Age
Origin
Cache-Name
Producers
Platform
Content-Secure-Policy
User-Cache-Control
X-TraceId
Sever-Int
Esi-Enabled
X-Instance-Name
X-INCAP-ABP
X-Block-Status
X-Mvc-Supplant-OutputCached
X-Clara-WADP
DSUID
X-Datadome
X-Nginx-Cache-Key
X-Auto-Login
X-Hnp-Log
X-Gzip
X-From
X-Esi-Check
X-Forwarded-Site
X-Fmm-Version
X-Cdn-Srv
X-Gen-Mode
X-GeoIP
Server-Hostname
X-Device-Os
X-Cache-Id
Machine
X-Akamai-Device-Characteristics
X-WA-Info
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-WADP-Cache
CloudFront-Viewer-Country
X-PERF
X-AIR-PT
X-Dispatcher-Server
X-ApacheServer
X-ID
Apple-News-Services-Parsed-Url
X-Origin
Server-Ext
Country-Code
X-Origin-Response-Time
NM-Fastcgi-Cache
CDCHOST
X-B3-Spanid
X-Vcl-Version
X-Op-Id-All
X-Vgn-Hpd-Reason
X-Via-Fastly
X-Section
Server-Info
X-LB-NoCache
Ssr
X-NCache
C-Via
Wxu-Next-Hostname
Wxu-Next-Commit
X-Access
Wxu-Next-Region
X-Fastly-Request-Id
NGX
X-Cache-Enabled
Pics-Label
AMP-Access-Control-Allow-Source-Origin
X-Accel-Version
Server-ID
X-Dc
X-CACHE-GROUP
X-Amz-Meta-Cb-Modifiedtime
X-Is-Desktop
X-Is-Mobile
X-API-Version
X-Buckets
X-Tcp-Rtt
X-Browser-Name
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Gdpr
X-SIPLIST1
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
IsBot
X-JWT-State
Memcached
X-HA-Backend
X-Has-Esi
Memory
Hostname
Time
X-Scale
Origin-EX
Origin-CC
X-B3-Parentspanid
X-Zone
CF-Ctrl
X-Platform-Processor
Cache-Hits
YJS-ID
X-Platform-Cluster
X-Platform-Router
Cdn-Requestid
X-Wp-Cf-Super-Cache-Active
X-Presslabs-Stats
Sid
X-TIM-N
X-Cached-By
Location
X-Tb-Optimization-Total-Bytes-Saved
X-ZONE
X-Air-Trace-Id
X-Air-Hostname
X-PHP-Backend
X-Air-Source
X-WP-CF-Super-Cache-Active
X-Internal-Host
X-Backend-Instance
X-Fpc
X-TA-CDN-Provider
X-Frame-Option
X-Origin-Cache-Key
Resin-Trace
X-Hyper-Cache
X-Cs
X-DC
X-Azure-Ref-OriginShield
X-LiteSpeed-Cache-Control
X-Webstats-RespID
X-Service
X-DataCenter
Epwk-X-Cache
GeoIP-Latitude
X-VC
X-Site-Version
X-Origin-Expires
X-NGINX-Cache
Cache-Host
X-Nitro-Rev
Uri
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-Esi
X-FTR-Expires
X-FTR-Backend-Server
True-Client-Ip
X-Nitro-Cache-From
X-Microcachable
X-FTR-Backend
LB
X-Info
X-CSRF-TOKEN
X-Locale
XM
GeoIp-Country-Code
GeoIP-Country-Code
X-VCache
PFcat
Cdn
X-SRV
X-VarnishDD-TTL
X-Web-Node
WebServer
X-Cache-Ttl
X-Edge-Server
X-Pod-Name
XServer
Cdn-Request-Time
X-HN
Cdn-Host
X-NewRelic-App-Data
Req-ID
X-Datacenter
X-NMSegId
User-Agent
X-Ad-Defer-Variation
True-Client-IP
M-TraceId
NtCoent-Length
WZWS-RAY
X-Geo
X-CS
X-Via-CDN
X-Vercel-Cache
X-Via-Edge
X-Vercel-Id
Edge-Copy-Time
X-FL-QIT-DEBUG
Srvid
X-FL-EDGE
Locid
X-Via-SSL
X-Ad-Load-Variation
SID
A
X-Pad
X-MSEdge-Flight
X-Request-Start
X-FPC
Cluster
X-Scope-Id
X-M-Reqid
X-MSEdge-Features
X-M-Log
Fastly-Drupal-Html
Pramga
Tcn
X-HostName
X-Request-URI
Content-Script-Type
X-Moov-Xdn-Version
X-Cache-ASPX
Content-Style-Type
X-Moov-T
X-Contensis-Viewer-Groups
X-ATG-Version
X-FireWall-Port
X-LiteSpeed-Tag
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Qnm-Cache
X-Shield-Cache-Expires
HostName
X-Api-Version
CountryCode
X-APP-VERSION
X-Cdn-Request-ID
X-TRACE-ID
Cf-Ipcountry
Cache-Key
X-AK-Request-ID
X-Cache-Date
X-Amz-Meta-Opti
Cdnsip
Cdncip
Edge-Cache
X-NWS-UUID-VERIFY
Path
Cache-Tv-Group
X-WP-CF-Super-Cache-Cookies-Bypass
X-Branch-Name
X-TH-Server
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Cache-FS-Status
X-Nc
X-Servedbyhost
X-SB
X-Proxy-CacheRZ
XkeyRZ
Click-Count-Action-Start
X-V-Cache
X-Via-Popv
X-Via-Popn
X-Via-Poph
Yak-Timeinfo
X-Wa
Tube-Got-Results
X-Github-Request-Id
Tube-Return
X-Acquia-Purge-Cdn-Unconfigured
Click-Count-Error
X-LB-ID
X-B3-Trace-ID
Tube-Got-Eval
X-Req
X-Air-Pt
X-Aicache-OS
Tube-Get-Contents
CDN
X-CACHE-KEY
X-VCL-Version
State
X-Planisys-CDN-Rules
X-Akamai-Pragma-Client-IP
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Geoip-Latitude
X-Wp-Cf-Super-Cache
X-Tim-N
X-HS-Content-Campaign-Id
Srv
X-Vary
Wpo-Cache-Message
Wpo-Cache-Status
X-Men
X-Platform-Server
On-Server
X-Render-Time
V-Age
X-Cdn-Forward
MIME-Version
Proxy-Connection
X-Rebelmouse-Cache-Control
X-Lb-Cache
X-Rebelmouse-Surrogate-Control
X-UA
X-Upstream-Ht
X-Release
Lb
CF-Cached-On
X-Upstream-Ct
X-Dw-Trace-Id
X-Fastly-Cache
Ngx-Var-Key
X-Vgn-Hpd-Cached
X-Ha-Backend
X-User
Server-Id
X-Fastly-Backend-Reqs
X-Generated-In
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-TT-LOGID
X-CUA
X-Traceid
X-Sigma-Backend
My-App
Ohc-File-Size
X-Sigma
X-Rocket-Build-Number
X-Cache-Remote
X-HS-Status
Ohc-Cache-HIT
X-Via-Ucdn
PICS-Label
X-Lb-Nocache
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-EC-Lua
Yjs-Id
X-Iplb-Instance
Priority
X-Iplb-Request-Id
Inserted-Into-Cache-At
X-Fastly-Cache-Hits
X-Snapshot-Date
CACHE-MISS-TO-ORIGIN
X-Varnish-Director
X-Fastly-Country-Code
Cache
Warning
Vha6-Origin
X-Miniprofiler-Ids
Cneonction
X-CF-Cache-Header-Cache-Control
X-CF-Cache-Header-Vary
X-RAMCache
Log-Origin
X-Cached-Since
X-ElasticPress-Query
X-Litespeed-Cache-Control
Ngx
X-Udemy-Cache-App-Namespace