Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Xss-Protection
X-Served-By
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
X-XSS-PROTECTION
Server-Timing
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
X-Via
X-Backend
X-Cache-Group
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Proxy-Cache
X-Hacker
X-Server
X-Rq
X-Age
X-UA-Device
X-Server-Powered-By
Allow
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
EagleId
X-Dispatcher
X-Amz-Version-Id
Grace
P3p
Cf-Apo-Via
Nel
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
Accept-CH
X-Pingback
X-Node
X-Host
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Server-Id
Surrogate-Control
X-Backend-Server
X-CST
X-Readtime
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Content-Security-Policy-Report-Only
Permissions-Policy
Request-Id
X-Application-Context
X-Cache-Lookup
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
X-Response-Time
X-Edge
Accept-Ch-Lifetime
X-HW
X-Litespeed-Cache
X-Ua-Compatible
X-Mod-Pagespeed
Content-Location
X-Ruxit-JS-Agent
X-Url
Accept-CH-Lifetime
X-Clacks-Overhead
X-Midtier
X-ECACHE
X-Oneagent-Js-Injection
X-ESI
X-Mcache
X-Amz-Server-Side-Encryption
Rating
X-Country
X-Upstream
X-PC
X-TtlSet
X-Vname
X-Vcap-Request-Id
Xkey
X-MS-InvokeApp
Cache-Tag
X-D2id
X-Rack-Cache
Verso
X-Content-Type
Fastly-Restarts
X-Element-Page-Cache
X-Cache-TTL
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
RTSS
Edge-Control
X-Powered-By-Plesk
X-VARITI-CCR
X-Ac
Origin-Trial
X-Cached
X-Navigation-Version
Accept-Ch
X-Abt-Application-Version
X-Goog-Hash
X-WebKit-CSP-Report-Only
Service-Worker-Allowed
X-GitHub-Request-Id
X-Amz-Rid
X-Country-Code
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Mg-S
X-Dw-Request-Base-Id
X-Ruxit-Js-Agent
X-Ttl
X-SharePointHealthScore
SPRequestGuid
X-B3-TraceId
X-Browser-Type
X-Server-Name
X-Varnish-TTL
Arr-Disable-Session-Affinity
Cross-Origin-Opener-Policy
X-Ua-Device
X-Server-Lifecycle-Phase
AR-Request-ID
X-Powered-CMS
X-Instrumentation
AR-PoweredBy
AR-SID
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
AR-ATIME
X-Erf-Bev-Bev
Response
X-Middleton-Response
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Cache-Key
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-Times
X-Cnection
X-Jurisdiction
X-ORACLE-DMS-ECID
X-HP-Webp
X-HP-Trace-Id
X-Version
X-ORACLE-DMS-RID
X-Accel-Expires
X-T
Front-End-Https
Cache-Tags
Cache-Status
X-NF-Request-ID
X-Ser
Edge-Cache-Tag
X-Px
X-MSEdge-Ref
X-Client-IP
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Public-Key-Pins
X-Hits
X-Recruiting
Nginx-Cache
X-Fastcgi-Cache
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Shield-Request-Id
X-Webkit-CSP
X-Frontend
Access-Control-Request-Method
X-Request-Processing-Time
X-Request-Received
X-LLID
Server-Node
X-Ua-Browser
Payment
X-FastCGI-Cache
X-NWS-LOG-UUID
X-DIS-Request-ID
TP-Cache
X-B3-Traceid
X-Webkit-Csp
X-RateLimit-Remaining
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
TP-L2-Cache
X-Ratelimit-Remaining
S
MicrosoftSharePointTeamServices
X-Goog-Metageneration
X-Content-Digest
X-LB-Cache
Content-MD5
X-Distributor
X-PressLabs-Stats
X-Webkit-CSP-Report-Only
Realpath
X-Hostname
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Geo-Country
X-Microsite
X-Request-Handler-Origin-Region
X-Forwarded-For
X-Ezoic-Cdn
Access-Control-Allow-Method
X-Page-Id
X-Envoy-Decorator-Operation
X-Server-ID
Accept-Charset
Fastcgi-Cache
X-FB-Debug
X-Cluster-Name
X-RateLimit-Limit
X-Rid
X-Kinja-CCPA
X-GUploader-UploadID
X-Correlation-Id
X-Protected-By
X-Seen-By
TCN
X-Ratelimit-Limit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-TTL
Cleartype
X-Newrelic-App-Data
X-B3-Sampled
DC
X-Origin-Server
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Debug-Info
X-Origin-Cache
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Mobile
Referer-Policy
X-XRDS-Location
X-Logged-In
X-Varnish-Backend
X-Git-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-Aspnet-Version
X-Azure-Ref
Cross-Origin-Resource-Policy
Alternate-Protocol
Healthy
X-Contextid
X-Varnish-Grace
X-App-Environment
X-Fb-Rlafr
Surrogate-Key
X-Revision
X-Route-Name
X-Providence-Cookie
X-Request-Guid
X-Is-Crawler
X-Grace
X-Flags
X-Aspnet-Duration-Ms
X-Amz-Replication-Status
X-Amz-Meta-S3cmd-Attrs
X-TT
X-Content-Options
Count-Hit
X-Whom
X-Wix-Request-Id
X-Forwarded-Proto
X-IPS-LoggedIn
Filterid
Charset
MS-Author-Via
Viewport
X-Akamai-Edgescape
Frame-Options
WPO-Cache-Message
WPO-Cache-Status
X-App-Server
X-Id
X-B
X-Aspnetmvc-Version
X-Hosted-By
Paypal-Debug-Id
X-Cache-Age
X-Client-Ip
X-Backend-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Control
X-Magnolia-Registration
X-Trace-Id
X-Www-Served-By
X-Az
X-Activity-Id
X-AppVersion
Amp-Access-Control-Allow-Source-Origin
Retry-After
Server-Name
X-Daa-Tunnel
Section-Io-Cache
X-Upgrade-Enabled
Refresh
Version
X-Type
X-F-Cache
X-Varnish-Server
X-Proxy-Cache-Info
X-Proxy
X-Oracle-Dms-Ecid
X-Original-Request-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Oracle-Dms-Rid
X-Time
X-Response-Served-From
X-Rule
Host
X-Cache-Rule
Akamai-GRN
X-ARC
SD-X-WS
X-Http-Reason
X-User-Agent
X-Instance
X-Rocket-Nginx-Serving-Static
Protected
X-Edge-Location
X-Varnish-Age
Front
X-UUID
X-Status
X-App-Version
X-Akamai-Request-ID2
X-COUNTRY
X-Unique-Id
SRV
X-Rendered-As
X-Region
X-Cacheable-TTL
X-EdgeConnect-Cache-Status
X-Framework
X-L-Path
X-Jobs
X-Is-Bot
X-Source
X-Cache-Grace
X-Environment-Context
X-Load-Cache
X-Page-View
X-N
From-Origin
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-Cache-Time
X-FW-Server
X-FW-Serve
X-FW-Type
X-FW-Version
Fastly-SIE
Access-Control-Request-Headers
Fastly-SWR
X-G
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Adobe-Content
X-Tumblr-Pixel-0
X-Adobe-Loc
ServerID
X-Varnish-Ttl
Content-Disposition
X-Drupal-Cache-Tags
Country
X-CDN-Forward
X-Datadog-Sampling-Priority
X-Vcache
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Language
X-HTML-Minification-Powered-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-DataDome
Accept-Language
Liferay-Portal
X-Yottaa-Optimizations
X-Yottaa-Metrics
Countrycode
X-DynaTrace
X-Datadog-Sampled
X-ID
X-Xrds-Location
X-Amzn-Remapped-Content-Length
X-DynaTrace-JS-Agent
X-Nf-Request-Id
X-Ratelimit-Reset
X-Debug-IsConnected
X-Debug-IsPreview
X-Generated-By
X-Mg-Request-UUID
X-ECache
X-B3-SpanId
Xet-Cookie
X-RateLimit-Reset
Backend
X-Drupal-Cache-Contexts
X-WP-CF-Super-Cache-Cache-Control
X-Tt-Logid
CF-IPCountry
X-WP-CF-Super-Cache
Xserver
Webserver
X-Device-Type
X-Content-Powered-By
X-Mode
X-NYM-Debug-Backend
X-Nginx-Cache
X-Erf-Web-Scheduler
X-B-Cache
X-Zen-Fury
X-Signature
X-Httpd
GEO-INFO
X-Content-Age
X-JoinUs
X-Varnish-Cache-Hits
Azure-Version
X-Git-Commit
X-Director
X-Urbn-Site-Id
Meta-Geo
Load-Balancing
X-SaId
Locale
Filters
S-Rt
X-Rewrite-Enabled
Onion-Location
X-LAGOON
X-ServerID
X-Container-Uri
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Sucuri-ID
X-UPSTREAM-Address
X-Sucuri-Cache
X-Urbn-Context-Path
X-Cache-Operation
Url
X-Cache-Action
X-Servername
X-Varnish-Hostname
X-Proto
X-Say-TTL
X-SayCDN-TTL
X-Soup
X-Say-Cacheable
X-Cluster-Node
X-Tb
Uber-Trace-Id
X-Storage
X-Detected-As
X-Generation-Time
X-Labrador-Cache-Channel
X-Logging-Id
X-Forwarded-Host
X-Ms-Request-Id
X-VCT
Web-Mar-Node
X-Cache-Server
X-Served-From
X-VC-Cache
X-PHP-Host
X-RM-Cache-TTL
X-Ms-Version
TWC-Locale-Group
TWC-Privacy
X-Routing-Service
X-Tec-Api-Root
X-Tec-Api-Origin
TWC-GeoIP-Country
Node
Mn-Server-Ip
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
Webcakes-Region
X-Extlb
X-Tec-Api-Version
X-Skip-Cache
X-Origin-Hint
X-Proxied
DB-Nickname
X-Sql-Count
X-Uri
X-RCS-CacheZone
X-Sql-Duration-Ms
Webcakes-App-Version
TWC-GeoIP-LatLong
Fastcgi-Useragent
X-GeoCountry
X-Adobe-Source
X-GeoCode
X-Zipkin-Id
X-Timing-Wait
Selected-Fe
X-Format
X-Debug
X-FB-TRIP-ID
X-Tumblr-Pixel-3
X-Fetched-On
X-LSADC-Cache
X-Tumblr-Pixel-2
X-R9-Blue-Green-Version
X-Proxy-Build
X-Via-JSL
Fastly-Drupal-HTML
X-MP-GENERATED-AT
CDN-RequestId
X-Origin-Date
X-Lambda-Id
X-Cache-Expired-At
X-NGENIX-Cache
OT-Force-Account-Verify
Source
X-XRDS-LOCATION
X-MCACHE
X-Node-Name
X-Cache-Hit
X-Template
Content-Secure-Policy
X-Varnish-Hits
X-UA-Device-Type
X-AIR-PT
X-Cache-TTL-Remaining
X-Srv
X-Tncms
X-Pass-Why
X-Loop
X-Ua
X-Pubstack
X-Endurance-Cache-Level
Upgrade-Insecure-Requests
X-PHP-Backend
Cross-Origin-Window-Policy
X-Server-W
X-Redis-Cache
X-Fastly-Request-Id
NGB
X-Origin-CC
X-Origin-TTL
X-Real-IP
Cache-Hits
X-CCDN-Origin-Time
X-GEO
X-CCDN-CacheTTL
X-RTag
Ms-Operation-Id
MS-CV
X-Hcs-Proxy-Type
X-Cache-Host
Cache-Name
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Optimistic-Header
Cache-Provider
X-Reqid
X-Xfnlog-Site
X-Restarts
X-IPLB-Instance
X-Cms-Context
Apigw-Requestid
X-IPLB-Request-ID
CDN-RequestPullCode
X-CSRF-Token
X-S
X-Cache-Type
CDN-Uid
CDN-Cache
CDN-CachedAt
CDN-PullZone
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-RequestCountryCode
X-Hl-Ver
X-No-Session
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-Akamai-Transformed
X-Via-Fastly
X-VWS-Id
X-CACHE-AGE
X-AWS-Id
X-Cluster
X-Newrelic-Synthetics
X-LJ-Flow-ID
X-Access
X-Section
Lang
L5d-Success-Class
Meta-Geo-Continent
Magicmarker
L
Mail-Subject
MD5-Digest
Ha-Gx-Prefs
CPC-Cache
DCR-Decision-By
CPC-Age
Candidate-Md5Url
Canary
DCR-Processing-Time-Ms
Fastly-Backend-Name
N-Cache
Gh-Request-Id
Gannett-Cam-Experience-Id
Fastly-GeoIP-CountryCode
HA-Ipaddr
X-Accel-Expires-Debug
VNS-Age
Vix-Hermes-Req-Id
T-Server
X-A-Ccd
VNS-Cache
W
X-A
Web-Mar-Region
We-Hiring
Surrogated-Key
Sslversion
Redirect-Candidate
X-A-Wwc
Odigeo-Trace-Id
Rendered-Blocks
Server-Host
X-A-Dam
X-Aed
X-A-Dcw
Ngx.Var.Host
X-D
X-Request-Host
X-RateLimit-Remaining-Second
X-Rojux
X-S-Cookie
X-SD-PageType
X-ScT
X-RateLimit-Limit-Second
X-Policy
X-Irp-Debug
X-GeoIP-Region-Code
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Origin-Time
X-Orig-Expires
X-Shop-Environment
X-Slack-Backend
X-Vtex-Remote-Cache
X-Viewer-Country
X-We-Are-Hiring
X-Wikidot-Backend
Xc-Version
X-Wikidot-Static-Cache
X-VG-WebCache
X-Vdms-Version
X-SRCache-Key
X-Slack-Shared-Secret-Outcome
X-Tenant
X-TIM-N
X-Vdms-Path
X-Var-Ttl
X-GeoIP-Country-Code
X-Gdpr
X-CF-Lambda-Fn
X-Cdn-Diag
X-CF-Lambda-Version
X-CGP
X-Csrf-Jwt
X-Conf
X-CacheTTL
X-Cache-NE
X-Bc-Bl
X-B-Cookie
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-Info
X-Cache-Bucket
BehaviorPad-Version
X-Date
X-Eu-Site
X-Epic-Correlation-Id
X-External-Request-Id
X-Fastly-Backend
X-Forwarded-Path
X-FC-Vary-Parameters
X-Ec-GeoHdr
X-Ec-Fail
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Destination
X-Developer
X-Ec-Custom-Error
X-Dispatcher-Number
X-Application
X-A-Dgt
X-Rn-Rsrv
X-Proxy-Cache-Status
X-Web-Node
X-Datadome
X-Forwarded-Site
X-Generated-On
X-Esi-Check
X-Geo-Header
X-Fmm-Version
X-Handled-By
X-Level-Front-Cache
X-Mid
X-INCAP-ABP
X-Human
X-Core-Value
X-Hash
X-Gzip
X-CMSURLCustom
X-Alternate-Cache-Key
X-ApacheServer
X-App-Name
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-Auto-Login
X-BBC-Edge-Cache-Status
X-Clientip
X-Mly-Id
X-Clara-WADP
X-Cache-Id
X-Bip
X-Cache-Debug
X-Core-Mission
X-Old-Content-Length
X-Varnishpool
X-VG-TLSProxy
X-WADP-Cache
X-Up
X-Thinkindot-L3
X-Test
X-Thanos
Fastly-SSL
True-Client-Country-4JS
X-Wix-Viewer-Type
X-Worker
X-JWT-State
X-Is-Gdpr
X-Accel-Buffering
X-Has-Esi
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Platform
X-Pool
X-Request-Time
X-PERF
X-PAYTM-SRV-ID
X-Org
X-Origin-Response-Time
X-S-Maxage
X-Server-IP
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Node-Id
X-Owner
Origin
AKAMAI
Req-Svc-Chain
Machine
Environment
Cmstype
Host-ID
Release
Memcached
Cmsid
Datacenter
X-Vcl-Version
User-Cache-Control
WP-Super-Cache
NM-Fastcgi-Cache
CDCHOST
X-WA-Info
X-Cdn-Srv
Apple-News-Services-Handled
X-Azure-Ref-OriginShield
X-Cdn-Origin
X-DefElseHash
Producers
X-Block-Status
CloudFront-Viewer-Country
Is-Eu
Platform
Adler-Geo
X-Cs
X-Hnp-Log
X-Origin
Apple-News-Services-Parsed-Url
X-NodeID
X-Nginx-Cache-Key
X-Mvc-Supplant-OutputCached
X-Nananana
Esi-Enabled
X-Gen-Mode
X-DefHash
X-Dispatcher-Server
X-Device-Os
Country-Code
DSUID
X-From
X-Scale
X-Presslabs-Stats
Expect-Staple
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Variation
X-Qloud-Router
X-Parent-Response-Time
X-Vmg-Version
X-VServer
Server-Ext
ServedBy
Server-Hostname
Sever-Int
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Loc
X-Sn-Servicetimems
X-DPWN-IS-SECURE
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
Wxu-Next-Commit
Wxu-Next-Hostname
Ssr
X-App
X-GeoIP
X-Nitro-Cache
Origin-CC
X-Op-Id-All
C-Via
X-LB-NoCache
Pics-Label
Origin-EX
X-Instance-Name
Wxu-Next-Region
X-Akamai-Device-Characteristics
X-NCache
X-TA-CDN-Provider
X-TIME
Memory
Cache-Host
X-Platform-Cluster
Server-ID
X-Amz-Meta-Cb-Modifiedtime
Server-Info
X-Platform-Processor
X-Platform-Router
Time
X-Cache-Enabled
X-Microcachable
X-Cache-Status-Check
X-Refresh
X-Locale
X-Site-Version
X-Tx-Id
X-Correlation-ID
X-HA-Backend
XM
X-Origin-Expires
X-TimeS
NGX
X-HN
PFcat
X-VarnishDD-TTL
X-VHOST
AMP-Access-Control-Allow-Source-Origin
X-Dc
X-ZONE
Hostname
X-CACHE-GROUP
GeoIP-Latitude
Resin-Trace
X-API-Version
X-Tb-Optimization-Total-Bytes-Saved
Origin-Agent-Cluster
Cf-Device-Type
Srvid
Locid
X-Via-SSL
A
X-Ad-Defer-Variation
X-Via-Edge
X-Via-CDN
X-FL-EDGE
Edge-Copy-Time
X-FL-QIT-DEBUG
X-Wp-Cf-Super-Cache-Active
X-Varnish-Beresp-Grace
X-DC
X-Varnish-Beresp-Ttl
X-Upstream-Ht
X-Upstream-Ct
Cdn-Requestid
X-Fpc
YJS-ID
X-Zone
X-Vgn-Hpd-Reason
X-ATG-Version
X-Webkit-Csp-Report-Only
X-FireWall-Port
Sid
X-Internal-Host
X-Contensis-Viewer-Groups
Cache-Key
X-Cache-ASPX
X-Github-Request-Id
X-Varnish-Authentication
X-Moov-T
Uri
X-Moov-Xdn-Version
X-Pod-Name
X-Micro-Cache
User-Agent
True-Client-Ip
X-WP-CF-Super-Cache-Active
X-Cached-By
X-DataCenter
X-LiteSpeed-Cache-Control
X-Provided-By
X-Info
X-TraceId
X-HS-Content-Campaign-Id
X-Planisys-CDN-TTL
State
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-URL
X-B3-Spanid
X-B3-Parentspanid
X-RN-RSRV
X-Fastly-Cache
GeoIP-Country-Code
X-SIPLIST1
IsBot
X-Platform-Server
Location
X-Buckets
X-Nitro-Cache-From
X-Cache-Remote
X-NGINX-Cache
X-Release
X-Sigma
X-AB
X-Sigma-Backend
X-Nitro-Rev
X-Rocket-Build-Number
X-Api-Version
X-LiteSpeed-Tag
X-MSEdge-Flight
Cdn
GeoIp-Country-Code
X-MSEdge-Features
X-Datacenter
X-Backend-Instance
Cache
X-VC
SID
X-Geo-Region
X-Generated-In
X-Gamma-Serve
X-CS
XServer
X-Accel-Version
X-CSRF-TOKEN
X-VCache
Srv
NtCoent-Length
X-GeoIP-City
X-Vgn-Hpd-Cached
CF-Ctrl
True-Client-IP
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
Lb
Cache-Tv-Group
X-Geo
X-FTR-Request-ID
X-Scheme
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Path
X-HS-Status
X-TRACE-ID
X-Browser-Name
X-Tcp-Rtt
X-FPC
X-Is-Mobile
Kp-EeAlive
X-Is-Desktop
X-Is-Supported-Browser
HostName
Fastly-Drupal-Html
X-Is-Tablet
X-HostName
X-NewRelic-App-Data
Tcn
Epwk-X-Cache
X-Location
X-Hyper-Cache
X-GoCache-CacheStatus
X-Mobile-URL
X-SRV
Ohc-File-Size
X-Frame-Option
Serverid
X-APP-VERSION
X-TX-ID
X-UA
CountryCode
Cf-Ipcountry
X-Amz-Meta-Opti
X-Service
X-Aicache-OS
X-Men
Cdnsip
X-Region-Sid
X-Air-Pt
X-Developers
X-Esi
X-AK-Request-ID
On-Server
Cdncip
CacheControlHeader
X-Guploader-Uploadid
X-LB-ID
X-Traceid
Tube-Return
RNT-Machine
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
V-Age
XkeyRZ
X-Wp-Cf-Super-Cache-Cache-Control
X-Cache-Ttl
X-Wp-Cf-Super-Cache
X-CDN-Cache-Status
X-Webstats-RespID
WebServer
X-SB
Mime-Version
X-Via-Poph
X-Via-Popn
X-Via-Popv
Click-Count-Error
RNT-Time
X-EC-Lua
X-Cache-Tags
X-Acquia-Purge-Cdn-Unconfigured
X-V-Cache
X-Minions-Version
Click-Count-Action-Start
X-B3-Trace-ID
X-Branch-Name
X-Cache-FS-Status
X-Proxy-CacheRZ
Proxy-Connection
X-Req
X-Wp-Cf-Super-Cache-Cookies-Bypass
Env
X-Pad
WZWS-RAY
Yak-Timeinfo
X-Vc
X-Cdn-Cache-Status
Ohc-Cache-HIT
X-Servedbyhost
X-Wa
WWW-Authenticate
X-Nc
ENV
X-CACHE-KEY
X-VCL-Version
CDN
X-Akamai-Pragma-Client-IP
CF-Cached-On
LB
X-NWS-UUID-VERIFY
Geoip-Latitude
X-Cdn-Forward
X-User
X-Fastly-Country-Code
Ngx
X-Edge-Pop
X-Lb-Cache
X-Check-Cacheable
Cdn-Request-Time
Content-Script-Type
X-Ckpd-Fst-Backend
X-Ha-Backend
X-Processor
Cdn-Host
Content-Style-Type
X-Vercel-Id
Server-Id
X-TH-Server
X-Edge-Server
X-Vercel-Cache
X-TT-LOGID
X-FTR-Balancer
PICS-Label
X-CUA
X-Lb-Nocache
X-Acquia-Site
X-Acquia-Application-UUID
X-Via-Ucdn
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Litespeed-Cache-Control
X-Snapshot-Date
X-NMSegId
X-Edge-POP
Req-ID
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
M-TraceId
X-MiniProfiler-Ids
X-WP-CF-Super-Cache-Cookies-Bypass
X-Dw-Trace-Id
X-Render-Time
X-FTR-Expires
X-FTR-Backend-Server
X-APP
X-Country-Code-Real
HIT
X-FTR-Backend
X-FTR-Cache-Status
Yjs-Id
X-Origin-Cache-Key
X-Service-Response-Time
Edge-Cache
X-Udemy-Cache-App-Namespace
X-Fastly-Backend-Reqs
X-Serial
X-Response-By
X-Ad-Load-Variation
Cluster
Sm-Log-Id
X-Cache-Date
Cneonction
X-Iauth-Set-Uid
X-ElasticPress-Query
X-RAMCache
Log-Origin
X-M-Log
X-Cached-Since
Vha6-Origin
CACHE-MISS-TO-ORIGIN
Inserted-Into-Cache-At
X-Miniprofiler-Ids
X-Fastly-Cache-Hits
X-M-Reqid