Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
X-Ua-Compatible
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
X-Cache-Group
Server-Timing
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Amz-Id-2
X-Backend
X-Proxy-Cache
X-Ws-Request-Id
P3p
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Akamai-Path-Stats
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
X-Device
X-WebKit-CSP
X-Page-Speed
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-OneAgent-JS-Injection
X-Server-Id
X-Pingback
EagleEye-TraceId
X-Cache-Spec
Request-Id
Accept-CH
Surrogate-Control
Cf-Railgun
X-Akam-SW-Version
X-Backend-Server
X-Readtime
X-Cache-Lookup
X-Response-Time
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-Country
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
Accept-Ch-Lifetime
X-Edge
X-Amz-Server-Side-Encryption
X-MS-InvokeApp
Edge-Control
X-Rack-Cache
X-PC
X-Vname
X-TtlSet
X-B3-TraceId
X-Ruxit-JS-Agent
X-Nginx-Upstream-Cache-Status
X-Content-Type
X-ESI
X-Vcap-Request-Id
X-Mod-Pagespeed
X-Varnish-TTL
Xkey
Accept-Ch
X-FastCGI-Cache
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-D2id
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Amz-Rid
Cache-Tag
Verso
X-VARITI-CCR
X-Powered-By-Plesk
X-GitHub-Request-Id
X-CST
RTSS
X-Mcache
X-Ruxit-Js-Agent
X-ECACHE
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-Upstream
X-Cached
X-Navigation-Version
X-Client-IP
X-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Px
X-Cnection
X-Ac
Public-Key-Pins
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Arr-Disable-Session-Affinity
X-Element-Page-Cache
SPRequestGuid
X-SharePointHealthScore
X-Server-Name
X-Ser
Display
Pagespeed
X-Sol
X-Middleton-Display
SPIisLatency
X-Cache-TTL
SPRequestDuration
X-NWS-LOG-UUID
X-Country-Code
X-Ttl
X-RateLimit-Remaining
Permissions-Policy
X-Midtier
X-Cache-Key
X-NF-Request-ID
X-Middleton-Response
Response
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-Forwarded-For
Content-MD5
Access-Control-Request-Method
X-DataDome
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
X-MSEdge-Ref
Front-End-Https
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Correlation-Id
TP-L2-Cache
TP-Cache
Edge-Cache-Tag
X-Recruiting
X-T
X-HP-Trace-Id
X-HP-Webp
Nginx-Cache
X-Jurisdiction
X-Powered-CMS
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-SID
X-Accel-Expires
X-RateLimit-Limit
X-Daa-Tunnel
MicrosoftSharePointTeamServices
TCN
X-Grace
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mg-S
X-Hits
X-Id
X-Content-Digest
X-Request-Received
X-Request-Processing-Time
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
Server-Node
X-HS-Cache-Config
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Filters
Server-Name
X-Frontend
X-Amzn-Trace-Id
S
X-Distributor
X-LLID
X-TTL
MS-Author-Via
X-Protected-By
Cache-Status
X-Geo-Country
X-Language
Fastcgi-Cache
Cf-Apo-Via
X-LB-Cache
X-PressLabs-Stats
X-Origin-Server
Cross-Origin-Opener-Policy
X-Ezoic-Cdn
X-Fastly-Request-Id
X-F-Cache
X-FB-Debug
X-Request-Handler-Origin-Region
X-Seen-By
Filterid
X-Forwarded-Proto
Charset
X-Page-Id
X-B3-Sampled
Host
X-Microsite
X-Ua-Browser
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
X-Git-Hash
X-Ab
Count-Hit
X-Litespeed-Cache
Payment
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
Realpath
X-Cluster-Name
X-VCache
X-Origin-Cache
Surrogate-Key
Accept-Charset
X-Template
Cache-Tags
X-Cache-Age
Alternate-Protocol
X-Rid
X-NGENIX-Cache
X-Webkit-Csp
X-DynaTrace
Retry-After
X-Activity-Id
Cleartype
X-AppVersion
X-Az
X-Fastcgi-Cache
X-Www-Served-By
Access-Control-Allow-Method
X-Varnish-Backend
X-Upgrade-Enabled
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Signature
X-Tb
X-Wix-Request-Id
X-Varnish-Grace
X-Type
X-Node-Name
X-Is-Crawler
X-App-Environment
X-Flags
X-Aspnet-Duration-Ms
X-DIS-Request-ID
X-B-Cache
ServerID
X-Amz-Replication-Status
X-B
X-TT
X-Logged-In
DC
Paypal-Debug-Id
X-Drupal-Cache-Tags
X-Debug
X-Proxy
X-Source
X-Hostname
Frame-Options
X-Envoy-Decorator-Operation
X-Content
X-Fastly-Request-ID
X-Mobile
X-Content-Options
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Revision
X-Load-Cache
X-Contextid
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Pinterest-Generated-By
Pinterest-Version
X-Goog-Stored-Content-Length
X-Pinterest-Rid
X-GUploader-UploadID
X-Goog-Metageneration
X-N
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Country
X-Cache-Rule
X-Magnolia-Registration
Referer-Policy
X-User-Agent
Viewport
X-Whom
X-EdgeConnect-Cache-Status
NGB
X-Original-Request-Id
Node
X-Response-Served-From
Refresh
Content-Disposition
X-Varnish-Age
X-Framework
X-L-Path
X-Environment-Context
X-Debug-IsPreview
X-Debug-IsConnected
X-Cacheable-TTL
X-Cache-TTL-Remaining
X-Ratelimit-Remaining
X-Unique-Id
X-Rendered-As
X-Is-Bot
X-Real-IP
X-Instance
X-Jobs
X-Mid
X-NYM-Debug-Backend
X-Mg-Request-UUID
X-Varnish-Server
X-Page-View
Access-Control-Request-Headers
Akamai-GRN
X-Akamai-Request-ID2
X-Adobe-Loc
X-Cache-Grace
X-Cache-Time
X-Servername
VIX-Pulpo-Upstream-Status
X-Adobe-Content
X-G
Uber-Trace-Id
Url
VIX-Pulpo-Node
X-Status
X-Yottaa-Optimizations
X-Restarts
X-Yottaa-Metrics
X-Content-Powered-By
X-Server-ID
X-Drupal-Cache-Contexts
X-RemovedCookies
X-ProcessESI
X-COUNTRY
Version
X-App-Server
X-APP-VERSION
Srv
Countrycode
X-Http-Reason
X-Debug-Info
X-XRDS-LOCATION
X-CDN-Forward
Protected
Accept-Language
X-IPLB-Instance
X-IPLB-Request-ID
X-Cache-Expired-At
X-Hosted-By
X-Via-JSL
X-Trace-Id
X-Time
X-Nginx-Cache-Key
Healthy
X-Cache-Hit
Liferay-Portal
X-Ratelimit-Limit
X-Device-Type
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
Fastcgi-Useragent
X-Tt-Logid
X-Azure-Ref
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
Section-Io-Cache
X-Backend-Name
X-Cache-Operation
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Content-Secure-Policy
X-RTag
MS-CV
Ms-Operation-Id
Backend
Server-Info
X-Proxy-Cache-Status
X-UUID
X-Cache-NGX
X-Mobile-URL
X-UPSTREAM-Address
Load-Balancing
Meta-Geo
X-Storage
X-RN-RSRV
X-Akamai-Edgescape
X-Mode
CF-IPCountry
X-Handled-By
CDN-Uid
X-Urbn-Site-Id
X-AWS-Id
Azure-RegionName
CDN-RequestId
X-Urbn-Context-Path
Azure-InstanceId
X-Site-Version
X-SayCDN-TTL
X-Say-TTL
X-Varnish-Cache-Hits
X-Uri
X-Sql-Count
CDN-RequestCountryCode
X-Adobe-Source
X-Origin-Date
Azure-Version
Azure-SlotName
X-Access
X-Section
Azure-SiteName
CDN-Cache
CDN-CachedAt
X-Skip-Cache
CDN-PullZone
X-Sql-Duration-Ms
CDN-EdgeStorageId
Locale
X-Server-W
X-Origin-Hint
X-Labrador-Cache-Channel
Web-Mar-Node
Property-Id
X-LJ-Flow-ID
X-VWS-Id
X-Cms-Context
X-Locale
TWC-Privacy
TWC-Locale-Group
S-Rt
X-Edge-Location
X-Forwarded-Host
X-Region
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
X-PHP-Host
X-OCL
X-Proto
X-Varnish-Hostname
X-PCL
X-Say-Cacheable
X-Format
X-Cache-Server
WP-Super-Cache
X-VC-Cache
Onion-Location
X-No-Session
Webcakes-Region
X-Cache-Host
X-Redis-Cache
X-Cache-Enabled
TWC-Connection-Speed
GEO-INFO
X-Content-Age
X-URL
X-HTML-Minification-Powered-By
X-ServerID
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxied
X-BYPASS-REASON
X-SaId
X-Routing-Service
X-PHP-Backend
X-Request-Time
Mn-Server-Ip
X-Hl-Ver
X-Zipkin-Id
X-Extlb
X-Detected-As
X-Cache-Type
X-Alternate-Cache-Key
X-FB-TRIP-ID
Cross-Origin-Resource-Policy
X-GeoCountry
X-ShardId
X-GeoCode
X-Generation-Time
X-Generated-By
X-JoinUs
X-Datadome
X-Storefront-Renderer-Rendered
Eomportal-Instance
X-Xfnlog-Site
X-Via-Fastly
X-Rule
X-Web-Node
X-Varnish-Beresp-Grace
X-Varnishpool
Apigw-Requestid
X-UA-Device-Type
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Cache-Action
X-ShopId
DB-Nickname
X-Zen-Fury
X-Correlation-ID
X-Tid
X-Cache-Status-Check
X-SRV
X-R9-Blue-Green-Version
Selected-Fe
X-Proxy-Build
X-Debug-Cache
ServedBy
X-Timing-Wait
X-ECache
X-Ms-Version
X-Ms-Request-Id
X-Ua
X-FireWall-Port
X-LSADC-Cache
X-DynaTrace-JS-Agent
Cache-Name
X-Nginx-Cache
Cache
X-Human
X-Amz-Apigw-Id
X-Amzn-RequestId
Xserver
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Dc
X-Cache-Tags
SD-X-WS
Source
Xet-Cookie
X-Cached-By
Cross-Origin-Window-Policy
X-TNCMS
X-RCS-CacheZone
X-Aspnetmvc-Version
X-Loop
X-Varnish-Hits
X-GEO
X-Api-Version
X-MP-GENERATED-AT
X-TA-CDN-Provider
X-Cdn
LB
X-Webkit-CSP
X-Reqid
Origin
X-App-Version
X-Pubstack
X-Via-NSCOPI
X-Amzn-Remapped-Content-Length
X-Soup
WPO-Cache-Status
X-Origin-TTL
X-Origin-CC
WPO-Cache-Message
X-NewRelic-App-Data
X-GG-Cache-Date
From-Origin
X-AOL-HN
X-Tumblr-Pixel-2
X-Service
X-B3-SpanId
X-IPS-LoggedIn
X-Vgn-Hpd-Reason
X-TIME
Webserver
X-FW-Version
X-Newrelic-Synthetics
Cache-Hits
X-Platform-Server
X-Provided-By
Rip
X-Cluster-Node
X-Varnish-Beresp-Ttl
X-B3-Traceid
X-Processor
X-Ec-Fail
X-Ec-GeoHdr
X-ARC
X-NAPM-TraceId
Host-ID
Lang
MD5-Digest
A
X-B-Cookie
Cdnsip
DCR-Decision-By
DCR-Processing-Time-Ms
X-Cache-NE
X-Developer
Cdncip
BehaviorPad-Version
Rendered-Blocks
X-Bc-Bl
X-BCube-Filmed-By
X-Application
X-Connection-Hash
X-PBS-Appsvrname
X-Destination
X-D
Meta-Geo-Continent
Expiry
X-Forwarded-Path
Sslversion
Surrogated-Key
T-Server
Environment
X-A
X-A-Ccd
X-Aed
Ngx.Var.Host
X-AK-Request-ID
X-Orig-Expires
X-External-Request-Id
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
Odigeo-Trace-Id
X-Owner
X-User
Xc-Version
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-VG-WebCache
X-S
X-TIM-N
X-Tenant
X-Vdms-Path
X-Vdms-Version
X-Shop-Environment
X-Served-From
X-SRCache-Key
Upgrade-Insecure-Requests
X-ScT
OT-Force-Account-Verify
X-Request-Host
X-Aicache-OS
X-Generated-On
Redirect-Candidate
X-Level-Front-Cache
X-Dispatcher-Number
Fastly-SSL
X-Qloud-Router
X-Cluster
Machine
X-Accel-Buffering
X-Pool
Mobile-Detection-Method
X-Origin-Response-Time
Cache-Tv-Group
Mime-Version
Release
Kp-EeAlive
X-V-Cache
Req-Svc-Chain
IsBot
Server-Host
X-DefElseHash
X-Variation
X-Datadog-Sampling-Priority
State
Is-Eu
X-Datadog-Trace-Id
Producers
Servername
X-DefHash
X-Developers
Mail-Subject
X-Varnish-CookieHashed-On
X-Ec-Custom-Error
X-SVT-ORM-VERSION
Memcached
X-Thinkindot-L3
X-Thanos
NM-Fastcgi-Cache
X-Epic-Correlation-Id
X-SVT-ORM-RULES
Platform
NGX
L5d-Success-Class
X-Device-Os
X-DPWN-IS-SECURE
Origin-CC
Origin-EX
L
Tube-Get-Contents
X-Clara-WADP
X-WADP-Cache
X-Wix-Viewer-Type
X-Auto-Login
X-WA-Info
X-Core-Mission
X-VG-TLSProxy
X-Ad-Defer-Variation
X-Viewer-Country
X-VServer
X-Worker
X-BBC-Edge-Cache-Status
X-Cdn-Srv
X-Cache-Id
X-Cache-Info
X-CacheTTL
X-Cache-Bucket
X-CGP
X-Bip
X-Ckpd-Fst-Backend
X-Branch-Name
HostName
Wxu-Next-Region
X-Varnish-Remaining-TTL
Traceparent
X-Csrf-Jwt
Tube-Got-Eval
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Varnish-CookieINHashed-On
TDXMobile
Thinkindot-CacheControl
Tube-Got-Results
Tube-Return
We-Hiring
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Hostname
VNS-Cache
VNS-Age
X-Core-Value
V-Age
Vix-Hermes-Req-Id
X-Datadog-Parent-Id
Fastly-SIE
X-Loc
X-JWT-State
X-Is-Gdpr
X-Irp-Debug
X-Minions-Version
X-Mvc-Supplant-Cachable
X-SB
X-Scale
X-Mvc-Supplant-OutputCached
X-INCAP-ABP
X-HS-Content-Campaign-Id
X-Geo-Header
X-Session-Fingerprint
Adler-Geo
X-Gdpr
X-Esi-Check
X-GeoIP-City
X-Hash
X-Has-Esi
X-Gzip
X-S-Maxage
X-NodeID
X-Planisys-CDN-Rules
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Policy
X-Proxy-Cache-Info
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Region-Sid
X-Request-URI
X-Origin-Time
X-Origin-Expires
X-Nyt-Route
X-Cdn-Origin
X-Parent-Response-Time
X-Rocket-Build-Number
X-Xrds-Location
X-Rocket-Nginx-Serving-Static
Apple-News-Services-Handled
X-GeoIP
Decoy-Debug-Status
Decoy-Debug-TTL
X-Gamma-Serve
X-Sn-Servicetimems
Decoy-Debug-Key
X-Slack-Backend
CPC-Cache
Datacenter
Apple-News-Services-Host
X-CSRF-Token
X-Fmm-Version
X-Eu-Site
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Fastly-SWR
Fastly-GeoIP-CountryCode
X-SplitTest
X-Fetched-On
Fastly-Backend-Name
CPC-Age
X-SIPLIST1
X-Gateway-Cache-Key
Candidate-Md5Url
Cluster
X-Gateway-Skip-Cache
Click-Count-Error
Click-Count-Action-Start
Country-Code
Cache-Host
X-Sigma
X-Gateway-Request-Id
Apple-News-Services-Parsed-Url
Cmstype
Cmsid
Apple-News-Services-Request-Url
X-Gateway-Cache-Status
X-Sigma-Backend
X-Tx-Id
X-NWS-UUID-VERIFY
X-Tec-Api-Version
X-VC
X-Tec-Api-Root
X-Tec-Api-Origin
X-Gen-Mode
X-Forwarded-Site
X-Optimistic-Header
X-NCache
X-Scheme
X-Origin
X-Clientip
X-Varnish-Beresp-Status
X-Hnp-Log
X-Fastly-Cache
User-Cache-Control
Server-Ext
DSUID
Server-Hostname
X-Cache-Remote
Sever-Int
Svr
X-Block-Status
CloudFront-Viewer-Country
CDCHOST
AKAMAI
Fastcgi-Cache-TTL
X-Presslabs-Stats
X-LB-NoCache
Ec-Rule-Version
X-CMSURLCustom
Canary
X-Varnish-Ttl
X-Pod-Name
WebServer
X-Udemy-Cache-App-Namespace
X-Sucuri-Cache
Pics-Label
X-ZONE
Ssr
SID
X-Sucuri-ID
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Debug
X-WP-CF-Super-Cache-Active
X-ND-Cache
X-Ig-Push-State
X-Cache-Date
X-ATG-Version
X-MCACHE
X-Buckets
Sid
X-Via-Popv
X-Fastly-Backend
X-Via-Poph
X-FC-Vary-Parameters
X-Var-Ttl
X-Generated-In
X-Via-Popn
X-Azure-Ref-OriginShield
Memory
Time
X-Microcachable
X-Conf
AMP-Access-Control-Allow-Source-Origin
X-Edge-Pop
X-TRACE-ID
Server-ID
X-Servedbyhost
X-Refresh
X-Newrelic-App-Data
Fastly-Drupal-HTML
Fastly-Drupal-Html
X-Dmc
X-MSEdge-Features
X-Release
X-Akamai-Transformed
Env
X-MSEdge-Flight
X-Trace-ID
X-Cs
X-Yandex-Sdch-Disable
X-CACHE-AGE
X-Be
X-Fpc
X-NC
X-CS
X-DC
X-Esi
X-Pass-Why
X-PX
X-Air-Trace-Id
Magicmarker
X-Air-Source
X-Air-Hostname
X-Endurance-Cache-Level
GeoIp-Country-Code
X-Up
X-ID
X-NGINX-Cache
CDN
X-Tumblr-Pixel-3
True-Client-IP
My-App
X-Dispatch
X-Wikidot-Backend
X-EC-Lua
X-Wa
X-Wikidot-Static-Cache
X-RateLimit-Reset
X-Zone
X-TX-ID
X-Vc
X-Lambda-Id
X-VCL-Version
X-Webkit-CSP-Report-Only
Hostname
X-Hyper-Cache
X-Srv
X-CSRF-TOKEN
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Nf-Request-Id
X-CACHE-KEY
X-M-Reqid
X-M-Log
Pramga
X-Req
X-Alfa-Service
X-Micro-Cache
X-App
X-Qnm-Cache
C-Via
X-Air-Pt
Resin-Trace
X-TrackingId
X-Vcl-Version
X-TH-Server
CacheControlHeader
X-HS-Status
X-Varnish-Beresp-TTL
N-Cache
Path
On-Server
X-LB-ID
X-Edge-Origin-Shield-Region
True-Client-Country-4JS
True-Client-Ip
Fastcgi-X-Cache-Version
X-PAYTM-SRV-ID
X-Platform
X-Vercel-Cache
X-Vercel-Id
Tcn
X-Edge-Origin-Shield-Bytes
GeoIP-Country-Code
X-Op-Id-All
X-B3-Spanid
Tracecode
Esi-Enabled
X-Check-Cacheable
X-SERVER-NAME
X-Vtex-Processado-Em
Proxy-Connection
GeoIP-Latitude
X-Akamai-Pragma-Client-IP
X-Vtex-Remote-Cache
X-AIR-PT
NtCoent-Length
X-CLOUD-TRACE-CONTEXT
Section-Io-Origin-Time-Seconds
X-Request-Start
Hit
X-FPC
X-PERF
Section-Io-Origin-Status
X-API-Version
X-LAGOON
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Section-Io-Id
X-ApacheServer
X-SD-PageType
X-Node-Id
Section-Origin-Responded
X-Webkit-Csp-Report-Only
HIT
ENV
Cache-Key
X-Platform-Router
X-Platform-Processor
X-Geo
X-Platform-Cluster
X-Via-CDN
X-Mly-Id
X-WA
X-Datacenter
Cdn
X-Accel-Expires-Debug
X-Date
DynaTrace
X-Lb-Id
Server-Id
X-Proxy-CacheRZ
X-Render-Time
XkeyRZ
YJS-ID
Lb
DT-Hot-News
X-Edge-POP
X-RAMCache
X-ServedByHost
User-Agent
WWW-Authenticate
Yjs-Id
X-Cdn-Forward
X-Dw-Trace-Id
PFcat
X-Via-PopH
X-Via-PopN
Server-Ttl
X-VarnishDD-TTL
X-Proxy-Upstream
X-HN
XM
X-Traceid
X-Via-PopV
X-Via-Ucdn
Sm-Log-Id
X-Service-Response-Time
X-LI-Proto
X-Li-Fabric
X-LI-UUID
X-CF-Powered-By
X-Old-Content-Length
X-Response-By
X-Instance-Name
X-Li-Pop
X-FORWARDED-FOR
X-Proxy-Cache-Hk
X-CUA
X-TT-LOGID
X-Cache-Ttl
Dnion-Transfer-Encoding
Geoip-Latitude
X-LiteSpeed-Cache-Control
Location
Nginx-CQVIP
XServer
Powered-By
X-Fastly-Backend-Reqs
CountryCode
X-DSS
X-DW
X-DI
X-DB
X-RSL
X-RPS
X-RPM
PICS-Label
X-Akamai-ERPolicy
FSS-Cache
X-Akamai-ERRuleID
X-LiteSpeed-Tag
SRV
X-UA
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
MIME-Version
X-Wp-Cf-Super-Cache-Cache-Control
X-Nc
X-Request-Url
Locid
Ohc-File-Size
X-Ftr-Request-Id
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-Location
X-Lb-Nocache
Srvid
Wpo-Cache-Status
X-Webstats-RespID
X-HostName
X-From
X-FL-EDGE
X-Cache-Backend
X-Cdn-Request-ID
Vha6-Origin
Wpo-Cache-Message
M-TraceId
X-Ips-Loggedin
Warning
X-Cache-Ngx
X-Mg-Cache
X-Varnish-Authentication
X-DataCenter
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Snapshot-Date
Fastcgi-Cache-Ttl
X-HA-Backend
Req-ID
X-Moov-T
X-Moov-Xdn-Version
X-Httpd
X-IN-APIGATEWAY
WZWS-RAY
X-MiniProfiler-Ids
X-Akamai-Request-ID
X-IN-APIGATEWAYSSL
X-Cc-Via