Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
CF-Ray
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Request-ID
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Generator
X-Cache-Status
X-Check
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-UA-Device
X-Cache-Group
X-Amz-Id-2
EagleId
X-Backend
X-AH-Environment
X-Proxy-Cache
X-Server
Keep-Alive
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
P3p
X-LiteSpeed-Cache
X-Ua-Compatible
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Apo-Via
X-Device
Cf-Railgun
X-WebKit-CSP
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
EagleEye-TraceId
X-Host
X-Server-Id
X-Ruxit-JS-Agent
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
Accept-Ch-Lifetime
X-Content-Security-Policy-Report-Only
X-Cache-Lookup
X-HW
X-Cloud-Trace-Context
X-Cache-Spec
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Application-Context
X-Trace
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Litespeed-Cache
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
Content-Location
X-Mcache
X-MS-InvokeApp
X-Content-Type
X-Url
X-Clacks-Overhead
X-TtlSet
X-PC
X-Midtier
X-Vname
X-Amz-Server-Side-Encryption
X-CST
Rating
RTSS
Accept-CH-Lifetime
X-ECACHE
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Cdn-Fetch
X-Exp-Id
Origin-Trial
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Service-Worker-Allowed
X-Ac
X-Powered-By-Plesk
X-Amz-Rid
X-Cnection
SPRequestGuid
X-SharePointHealthScore
X-Client-IP
X-Navigation-Version
Xkey
Edge-Control
SPRequestDuration
SPIisLatency
X-Upstream
X-Varnish-TTL
X-Abt-Application-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Cached
X-B3-TraceId
X-Dw-Request-Base-Id
X-Mg-S
X-Webkit-Csp
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-Browser-Type
X-Server-Lifecycle-Phase
X-Ttl
X-NWS-LOG-UUID
X-Px
Accept-Ch
Display
X-Sol
X-Middleton-Display
Pagespeed
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Edge-Cache-Tag
Access-Control-Request-Method
X-Forwarded-For
X-FastCGI-Cache
X-Correlation-Id
X-Cache-Key
X-NF-Request-ID
X-Country-Code
X-Goog-Hash
X-Ser
X-Powered-CMS
X-Id
AR-SID
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
Content-MD5
TCN
Public-Key-Pins
Front-End-Https
X-Amzn-Trace-Id
X-Version
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-MSEdge-Ref
X-T
X-Recruiting
X-Content-Digest
Response
X-Middleton-Response
X-Ratelimit-Limit
X-Accel-Expires
TP-Cache
TP-L2-Cache
X-RateLimit-Remaining
X-Shield-Request-Id
MicrosoftSharePointTeamServices
X-Fastly-Request-ID
S
Cache-Status
Nginx-Cache
X-Fastcgi-Cache
X-XRDS-Location
X-HS-Content-Id
Cross-Origin-Opener-Policy
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Request-Received
X-Request-Processing-Time
Cache-Tags
Server-Node
X-Ratelimit-Remaining
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Daa-Tunnel
X-Distributor
X-Hits
X-ORACLE-DMS-ECID
X-PressLabs-Stats
X-Kinsta-Cache
X-ORACLE-DMS-RID
X-LB-Cache
X-Edge-Location-Klb
X-Origin-Server
X-Ua-Browser
X-TTL
X-Ezoic-Cdn
X-Ratelimit-Reset
Fastcgi-Cache
Filterid
Alternate-Protocol
X-Frontend
X-LLID
X-Hostname
X-Request-Handler-Origin-Region
X-Microsite
Realpath
X-Rid
X-Grace
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Healthy
X-Logged-In
X-DIS-Request-ID
X-Varnish-Backend
X-Git-Hash
Cleartype
X-FB-Debug
Server-Name
X-Www-Served-By
X-NGENIX-Cache
X-Geo-Country
X-Cluster-Name
X-Page-Id
Payment
X-Debug-Info
X-Forwarded-Proto
DC
MS-Author-Via
X-Load-Cache
X-Protected-By
X-Origin-Cache
Access-Control-Allow-Method
Content-Disposition
X-B3-Sampled
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Goog-Metageneration
Charset
X-Proxy
X-AppVersion
X-Activity-Id
X-Az
X-Seen-By
X-Times
Count-Hit
X-DataDome
X-Amz-Meta-S3cmd-Attrs
X-B3-Traceid
X-Cache-Age
X-Amz-Replication-Status
X-F-Cache
Paypal-Debug-Id
X-Azure-Ref
X-B
X-Whom
X-Fb-Rlafr
Accept-Charset
Cross-Origin-Resource-Policy
X-Akamai-Edgescape
X-Revision
X-Type
Surrogate-Key
X-Contextid
Viewport
X-Varnish-Server
X-App-Environment
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-Request-Guid
X-Aspnet-Duration-Ms
X-Flags
X-Wix-Request-Id
Retry-After
X-TT
X-Hosted-By
X-Language
X-Envoy-Decorator-Operation
X-Cache-Control
X-ECache
X-DynaTrace
X-B-Cache
X-Signature
X-Magnolia-Registration
X-Varnish-Grace
X-Source
X-Mobile
X-App-Server
X-Goog-Storage-Class
X-Goog-Generation
Version
X-Goog-Stored-Content-Encoding
Amp-Access-Control-Allow-Source-Origin
X-Goog-Stored-Content-Length
WPO-Cache-Message
WPO-Cache-Status
Host
X-VCache
X-Server-ID
Refresh
X-Amz-Apigw-Id
X-Amzn-RequestId
X-N
X-HTML-Minification-Powered-By
X-Cache-Rule
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Request-Headers
X-Varnish-Age
X-EdgeConnect-Cache-Status
X-Original-Request-Id
X-Cache-Time
Referer-Policy
X-Response-Served-From
X-Rule
X-Content-Powered-By
X-UUID
X-Region
X-Tt-Trace-Tag
X-Cacheable-TTL
Protected
X-Jobs
X-Environment-Context
X-L-Path
MS-CV
Ms-Operation-Id
X-G
X-Framework
X-Tt-Trace-Host
SD-X-WS
X-RTag
X-User-Agent
X-FW-Dynamic
X-FW-Hash
X-FW-Version
GEO-INFO
X-FW-Static
X-ProcessESI
X-RemovedCookies
Akamai-GRN
X-Status
X-FW-Server
X-FW-Type
X-FW-Serve
X-Backend-Name
X-Cache-Grace
X-Rendered-As
NGB
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Http-Reason
X-Trace-Id
Section-Io-Cache
From-Origin
X-Device-Type
X-Is-Bot
X-Akamai-Request-ID2
Front
X-Cache-Expired-At
X-Cache-Status-Check
X-NYM-Debug-Backend
X-Instance
X-Drupal-Cache-Tags
X-Page-View
X-Drupal-Cache-Contexts
X-Adobe-Content
X-RateLimit-Limit
X-Adobe-Loc
X-Unique-Id
X-Nginx-Cache
X-XRDS-LOCATION
Url
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
CDN-RequestId
X-Servername
Liferay-Portal
X-Time
Accept-Language
X-Content-Options
X-Template
X-CDN-Forward
Fastly-SWR
Fastly-SIE
SRV
X-Air-Source
X-Newrelic-App-Data
X-Air-Trace-Id
X-Air-Hostname
X-Zen-Fury
X-Debug-IsPreview
X-Debug-IsConnected
Backend
X-Cache-Hit
X-Mode
X-DynaTrace-JS-Agent
X-Yottaa-Optimizations
X-Yottaa-Metrics
Country
X-Uri
X-Rocket-Nginx-Serving-Static
X-Varnish-Ttl
Content-Secure-Policy
X-COUNTRY
X-Tec-Api-Root
X-Tec-Api-Version
X-App-Version
X-Tec-Api-Origin
X-Fastly-Request-Id
X-ARC
X-Edge-Location
X-Cache-Operation
Node
X-Amzn-Remapped-Content-Length
X-Proxy-Cache-Info
X-RN-RSRV
X-Tumblr-Pixel-2
X-Rewrite-Enabled
Webserver
X-Zipkin-Id
S-Rt
X-Generation-Time
X-Extlb
X-Cache-Server
X-Proxied
Onion-Location
Filters
Meta-Geo
X-Routing-Service
X-UPSTREAM-Address
X-Tumblr-Pixel-3
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-PHP-Backend
X-Proxy-Build
X-Timing-Wait
X-IPS-LoggedIn
CF-IPCountry
X-Locale
Selected-Fe
Uber-Trace-Id
Countrycode
X-Content-Age
Azure-Version
X-Server-W
Cache-Hits
Azure-SlotName
TWC-Device-Class
TWC-Connection-Speed
TWC-Privacy
TWC-Locale-Group
Cache-Name
TWC-GeoIP-LatLong
Mn-Server-Ip
Property-Id
TWC-GeoIP-Country
X-Cms-Context
X-Sucuri-Cache
X-Soup
X-Sucuri-ID
X-Tb
X-UA-Device-Type
X-Ua
X-Skip-Cache
X-Site-Version
X-ProxyCache-Status
X-ProxyCache-Key
X-Reqid
X-Origin-Hint
X-Section
X-Ms-Version
X-Ms-Request-Id
X-AWS-Id
X-BYPASS-REASON
X-Access
Webcakes-Region
Webcakes-App-Version
X-Cache-Action
X-Proxy-Cache-Status
X-VWS-Id
X-Via-Fastly
X-Web-Node
X-LJ-Flow-ID
X-Format
X-Cluster-Node
Webcakes-App-Name
WP-Super-Cache
X-Cluster
X-Origin-Date
X-Forwarded-Host
X-Debug
ServerID
X-Labrador-Cache-Channel
X-IPLB-Request-ID
X-IPLB-Instance
X-PHP-Host
Cache-Tv-Group
X-SayCDN-TTL
X-Proto
X-Say-TTL
Web-Mar-Node
X-Say-Cacheable
X-Cache-Host
X-Urbn-Context-Path
X-Xfnlog-Site
Locale
X-JoinUs
X-Cache-TTL-Remaining
X-Urbn-Site-Id
X-SaId
X-Detected-As
X-LAGOON
X-Optimistic-Header
X-No-Session
X-VC-Cache
X-Sql-Duration-Ms
X-R9-Blue-Green-Version
Apigw-Requestid
X-Sql-Count
X-Webkit-CSP
X-Ruxit-Js-Agent
Cross-Origin-Window-Policy
DB-Nickname
X-Handled-By
X-Real-IP
X-LSADC-Cache
X-Director
X-Adobe-Source
X-Varnish-Beresp-Grace
ServedBy
X-FB-TRIP-ID
Fastcgi-Useragent
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Node-Name
Frame-Options
X-GeoCode
X-Oneagent-Js-Injection
X-GeoCountry
X-Tt-Logid
Upgrade-Insecure-Requests
Mime-Version
X-Varnish-Hits
Fastly-Drupal-HTML
Source
Load-Balancing
X-Api-Version
X-Aspnetmvc-Version
CDN-Uid
CDN-EdgeStorageId
X-Varnish-Cache-Hits
CDN-Cache
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
X-Hl-Ver
X-Generated-By
X-GEO
X-Buckets
Xet-Cookie
X-Request-Time
X-FireWall-Port
X-Varnish-Hostname
X-ServerID
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Webkit-CSP-Report-Only
X-Datadog-Sampled
X-RM-Cache-TTL
X-URL
X-Origin-CC
X-Origin-TTL
X-Redis-Cache
X-Mg-Request-UUID
X-TA-CDN-Provider
X-SRV
X-Akamai-Transformed
X-Cache-Debug
X-TIME
CF-Cached-On
X-Loop
Xserver
X-Served-From
X-Pubstack
X-Shopify-Stage
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Provided-By
X-Storage
X-Endurance-Cache-Level
X-Restarts
X-Pass-Why
X-Newrelic-Synthetics
X-Tx-Id
X-CSRF-Token
X-Request-Host
X-Location
X-INCAP-ABP
X-Hash
X-Cache-Info
Release
X-Generated-On
Redirect-Candidate
Rendered-Blocks
Server-Host
X-Cache-NE
X-Level-Front-Cache
X-We-Are-Hiring
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Mobile-URL
Thinkindot-Control
X-Mid
TDXMobile
Meta-Geo-Continent
X-Men
T-Server
Xc-Version
Sslversion
X-ScT
Gannett-Cam-Experience-Id
X-Destination
X-Developer
Ngx.Var.Host
X-Ec-Fail
DSUID
X-Conf
Host-ID
MD5-Digest
Memcached
X-CUA
Lang
X-Core-Mission
X-D
X-Ec-GeoHdr
DCR-Processing-Time-Ms
X-CMSURLCustom
Odigeo-Trace-Id
A
X-Fetched-On
Origin
X-Gdpr
NM-Fastcgi-Cache
BehaviorPad-Version
X-Epic-Correlation-Id
DCR-Decision-By
X-External-Request-Id
Candidate-Md5Url
C-Via
Cache-Host
X-Bip
Surrogated-Key
X-A-Wwc
X-A-Dgt
X-TIM-N
X-Thinkindot-L3
X-Test
X-A-Dcw
X-A-Dam
X-Application
X-A
X-Origin-Time
X-A-Ccd
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-S
X-S-Cookie
X-S-Maxage
X-Scale
X-Sigma
X-Sigma-Backend
X-SRCache-Key
X-Processor
X-Rocket-Build-Number
X-Rojux
X-Auto-Login
X-Thanos
WWW-Authenticate
X-Origin
X-Aed
X-Vdms-Version
X-BCube-Filmed-By
X-Bc-Bl
X-B-Cookie
X-Nyt-Route
X-Vdms-Path
X-Via-CDN
HostName
X-Httpd
X-Service
X-Varnish-Beresp-Ttl
Server-Info
X-Ec-Custom-Error
X-Dispatcher-Server
X-Req
X-Region-Sid
X-Platform-Router
CloudFront-Viewer-Country
Click-Count-Error
Click-Count-Action-Start
X-Esi-Check
Cmsid
X-Platform-Processor
Country-Code
Cmstype
X-Pool
X-Response-By
X-Accel-Expires-Debug
Tube-Get-Contents
X-Date
Locid
Tube-Got-Eval
X-SD-PageType
X-Server-IP
Mail-Subject
Tube-Return
Gh-Request-Id
X-Developers
X-Platform-Cluster
X-Dispatcher-Number
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
X-Nginx-Cache-Key
X-Node-Id
X-Mvc-Supplant-Cachable
Edge-Cache
X-Sn-Servicetimems
Req-Svc-Chain
X-CacheTTL
Magicmarker
X-Loc
X-Var-Ttl
X-Geo-Header
X-Cdn-Srv
X-Cdn-Origin
X-Gzip
X-Origin-Response-Time
X-Instance-Name
X-Cache-Id
Srvid
X-Varnishpool
X-Cache-Date
X-HS-Content-Campaign-Id
X-Human
Origin-EX
X-Cache-Bucket
X-Platform
X-FL-EDGE
X-FL-QIT-DEBUG
X-Slack-Shared-Secret-Outcome
Cache-Key
X-Slack-Backend
X-Fastly-Cache
CacheControlHeader
X-BBC-Edge-Cache-Status
AKAMAI
Tube-Got-Results
Origin-CC
X-Org
X-Gamma-Serve
On-Server
X-Akamai-Device-Characteristics
We-Hiring
X-Fastly-Backend
X-WP-CF-Super-Cache-Active
Edge-Copy-Time
X-Via-Edge
X-Via-SSL
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
Environment
X-Vcl-Version
X-WA-Info
X-NodeID
X-VServer
X-Vmg-Version
X-Op-Id-All
X-NCache
X-DefElseHash
X-Block-Status
X-FC-Vary-Parameters
X-Device-Os
X-DefHash
X-Origin-Expires
X-Azure-Ref-OriginShield
X-Planisys-CDN-Rules
X-V-Cache
X-Planisys-CDN-TTL
X-SB
X-Planisys-CDN-Cache
X-Owner
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
X-WADP-Cache
X-Mly-Id
X-GeoIP-Country-Code
X-Forwarded-Site
X-Fmm-Version
X-HN
X-GeoIP-Region-Code
X-Frame-Option
X-GeoIP-City
X-VarnishDD-TTL
X-Clara-WADP
X-Ckpd-Fst-Backend
X-GeoIP
X-Has-Esi
X-Hnp-Log
L
Cache-Provider
X-Worker
X-Minions-Version
X-Core-Value
X-JWT-State
PFcat
X-Irp-Debug
X-Is-Gdpr
X-Cache-FS-Status
X-Gen-Mode
X-Ad-Defer-Variation
Machine
Kp-EeAlive
Is-Eu
Platform
Server-Ext
Ssr
Sever-Int
Server-Hostname
Expect-Staple
Datacenter
Adler-Geo
X-Zone
X-VC
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Canary
Apple-News-Services-Request-Url
State
Apple-News-Services-Host
Wxu-Next-Region
Wxu-Next-Hostname
Vix-Hermes-Req-Id
User-Cache-Control
Wxu-Next-Commit
Web-Mar-Region
X-TNCMS
X-Ua-Device
X-App
X-CGP
X-Eu-Site
X-DPWN-IS-SECURE
X-Csrf-Jwt
X-Accel-Buffering
X-From
X-Release
X-Old-Content-Length
X-Qloud-Router
X-Aicache-OS
X-Microcachable
X-VG-TLSProxy
L5d-Success-Class
HA-Ipaddr
CDCHOST
X-Wix-Viewer-Type
X-RCS-CacheZone
Ha-Gx-Prefs
NGX
X-Cache-Remote
X-Cache-Tags
Producers
X-CACHE-AGE
X-Air-Pt
X-Mvc-Supplant-OutputCached
Fastly-SSL
X-Lambda-Id
X-Varnish-Beresp-Status
X-VCT
X-Cache-Enabled
X-LB-NoCache
X-Request-Start
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Correlation-ID
X-Platform-Server
X-Nananana
X-B3-SpanId
X-Parent-Response-Time
X-Up
X-Dc
Pics-Label
X-Generated-In
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Tb-Optimization-Total-Bytes-Saved
X-Refresh
CPC-Age
X-AIR-PT
VNS-Age
X-Vtex-Remote-Cache
X-Upstream-Ct
X-Upstream-Ht
VNS-Cache
CPC-Cache
X-Render-Time
X-Trace-ID
X-DC
X-B3-Spanid
X-Cs
GeoIP-Latitude
AMP-Access-Control-Allow-Source-Origin
X-HA-Backend
X-Cache-Backend
X-Cached-By
SID
X-Cache-Type
X-ND-Cache
Cluster
X-TH-Server
Memory
Cache
Sid
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Decoy-Debug-TTL
Decoy-Debug-Key
Time
Decoy-Debug-Status
X-Hcs-Proxy-Type
Env
NtCoent-Length
X-ATG-Version
X-LB-ID
X-Servedbyhost
X-Tid
X-Nf-Request-Id
X-Presslabs-Stats
X-Nc
X-Srv
Server-ID
X-HS-Status
X-Wa
X-Edge-Pop
X-Esi
X-NWS-UUID-VERIFY
Srv
Cdn
X-Client-Ip
X-Cache-ASPX
X-Varnish-Authentication
X-DataCenter
X-Contensis-Viewer-Groups
X-NewRelic-App-Data
X-Via-JSL
X-MP-GENERATED-AT
X-Datadome
X-CF-Lambda-Version
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-PAYTM-SRV-ID
X-Vgn-Hpd-Cached
Svr
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
Fastly-Drupal-Html
X-CF-Lambda-Fn
Esi-Enabled
X-Fpc
X-Amz-Meta-Cb-Modifiedtime
Uri
GeoIp-Country-Code
XkeyRZ
X-ZONE
YJS-ID
X-Proxy-CacheRZ
X-Check-Cacheable
X-CDN-Cache-Status
X-Wikidot-Backend
N-Cache
X-Wikidot-Static-Cache
Lb
X-Vc
X-Udemy-Cache-App-Namespace
RNT-Machine
True-Client-IP
RNT-Time
Resin-Trace
True-Client-Ip
X-Tenant
X-CACHE-KEY
X-Shop-Environment
X-Orig-Expires
X-Bl-Debug
X-Forwarded-Path
M-TraceId
X-CS
Hostname
X-TX-ID
X-NGINX-Cache
X-EC-Lua
X-CSRF-TOKEN
X-MSEdge-Flight
OT-Force-Account-Verify
Cdnsip
Cdncip
X-AK-Request-ID
XServer
X-Fastly-Country-Code
X-Policy
X-App-Name
X-Via-NSCOPI
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-Varnish-Beresp-TTL
X-Gateway-Skip-Cache
X-MSEdge-Features
X-B3-Trace-ID
X-FPC
X-API-Version
X-Logging-Id
Sm-Log-Id
X-Service-Response-Time
GeoIP-Country-Code
X-Datacenter
Eomportal-Instance
X-Git-Commit
X-Container-Uri
X-Cache-Ttl
Path
X-Accel-Version
X-Cdn-Diag
X-CLOUD-TRACE-CONTEXT
CDN
Server-Id
Hit
X-Vcache
X-VCL-Version
X-Micro-Cache
X-SIPLIST1
Ngx-Var-Key
HIT
X-MCACHE
X-Lb-Id
IsBot
X-WA
X-APP-VERSION
X-Ha-Backend
X-NC
X-RateLimit-Reset
LB
X-Edge-POP
X-Cache-NGX
X-Request-URI
X-Geo
X-Akamai-Pragma-Client-IP
Pramga
X-Info
X-Cdn-Cache-Status
X-ServedByHost
ENV
X-Tncms
RATING
X-SERVER-NAME
X-Acquia-Purge-Cdn-Unconfigured
XM
X-VG-WebCache
V-Age
X-Xrds-Location
X-Clientip
CDN-RequestPullCode
X-Srcache-Fetch-Status
X-Srcache-Store-Status
CDN-RequestPullSuccess
X-Snapshot-Date
X-Cdn-Forward
Timeexpire
Geoip-Latitude
FSS-Cache
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-TT-LOGID
Tcn
True-Client-Country-4JS
Cdn-Requestid
Cross-Origin-Opener-Policy-Report-Only
Epwk-X-Cache
X-Via-PopH
Location
Yjs-Id
X-Ctl-Mach
Req-ID
X-Via-PopV
X-Via-PopN
X-Iauth-Set-Uid
X-TimeS
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-HostName
X-Serial
Proxy-Connection
X-Hyper-Cache
X-Amz-Meta-Opti
X-Pod-Name
Ohc-File-Size
W
X-Dw-Trace-Id
X-Lb-Nocache
Warning
X-M-Log
X-LiteSpeed-Tag
X-LiteSpeed-Cache-Control
X-M-Reqid
X-Viewer-Country
X-User
X-Vgn-Hpd-Reason
X-PERF
X-ApacheServer
WZWS-RAY
X-UP
X-Litespeed-Cache-Control
X-Cdn-Request-ID
X-Acquia-Application-UUID
Cneonction
Servername
X-Fastly-Backend-Reqs
X-RAMCache
Content-Script-Type
X-Qnm-Cache
Content-Style-Type
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Purge-Tags
X-Lsadc-Cache
CountryCode
X-MiniProfiler-Ids
X-WP-CF-Super-Cache-Cookies-Bypass
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-B3-Parentspanid
X-Th-Server
Ngx
X-Moov-Xdn-Version
X-TraceId
X-Moov-T
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-IPS-Cached-Response
X-B3-ParentSpanId
MIME-Version
X-Oss-Hash-Crc64ecma
X-Mg-Cache
X-Oss-Object-Type
X-Webstats-RespID
X-Oss-Storage-Class
Ec-Rule-Version
X-Oss-Request-Id
X-Oss-Server-Time
My-App
X-Fastly-Cache-Hits
Ohc-Cache-HIT
X-Cache-Expires
PICS-Label