Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
CF-Ray
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Request-ID
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Generator
X-Check
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Status
Upgrade
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
Request-Context
X-Dns-Prefetch-Control
X-Robots-Tag
X-Turbo-Charged-By
X-UA-Device
X-Amz-Request-Id
X-Cache-Group
X-Amz-Id-2
EagleId
X-Backend
X-AH-Environment
P3p
X-Proxy-Cache
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Ua-Compatible
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
Cf-Apo-Via
X-Device
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Server-Id
X-Host
EagleEye-TraceId
X-Ruxit-JS-Agent
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
Accept-Ch-Lifetime
X-Content-Security-Policy-Report-Only
X-HW
X-Cache-Lookup
X-Cache-Spec
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Response-Time
X-Application-Context
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Litespeed-Cache
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
Content-Location
X-Mcache
X-MS-InvokeApp
X-Content-Type
X-Clacks-Overhead
X-Url
X-TtlSet
X-Vname
X-PC
X-Midtier
X-Amz-Server-Side-Encryption
X-CST
Accept-CH-Lifetime
Rating
RTSS
Cache-Tag
X-Vcap-Request-Id
X-D2id
X-Rack-Cache
X-Element-Page-Cache
X-Exp-Id
Origin-Trial
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-ECACHE
Verso
X-VARITI-CCR
X-ESI
X-Server-Name
X-GitHub-Request-Id
X-Ac
Service-Worker-Allowed
X-Powered-By-Plesk
X-Cnection
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
Xkey
X-Abt-Application-Version
Accept-Ch
X-Client-IP
SPIisLatency
SPRequestDuration
Edge-Control
X-Cache-TTL
X-Upstream
Arr-Disable-Session-Affinity
X-Ttl
X-Varnish-TTL
X-B3-TraceId
X-Cached
X-Mg-S
X-Dw-Request-Base-Id
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-NWS-LOG-UUID
X-Px
Display
X-Middleton-Display
Pagespeed
X-Sol
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-NF-Request-ID
X-Forwarded-For
X-Correlation-Id
Access-Control-Request-Method
Edge-Cache-Tag
X-FastCGI-Cache
X-Cache-Key
X-Country-Code
X-Goog-Hash
X-Webkit-Csp
X-Ser
X-Powered-CMS
X-Id
Content-MD5
AR-PoweredBy
AR-SID
AR-ATIME
AR-Request-ID
AR-CACHE
Front-End-Https
X-Ratelimit-Limit
Public-Key-Pins
TCN
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Version
X-Amzn-Trace-Id
X-MSEdge-Ref
X-T
X-Content-Digest
X-Recruiting
Response
X-Middleton-Response
X-Accel-Expires
TP-L2-Cache
TP-Cache
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
X-Shield-Request-Id
X-XRDS-Location
S
Cache-Status
Nginx-Cache
X-Fastcgi-Cache
X-Fastly-Request-ID
X-Request-Received
X-Request-Processing-Time
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-HS-Content-Id
X-Ratelimit-Remaining
Server-Node
Cache-Tags
X-Distributor
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Hits
X-PressLabs-Stats
X-LB-Cache
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Edge-Location-Klb
X-Kinsta-Cache
X-Origin-Server
X-Ua-Browser
X-Ezoic-Cdn
X-Ratelimit-Reset
Alternate-Protocol
Fastcgi-Cache
Filterid
X-LLID
X-ORACLE-DMS-RID
X-Grace
X-Frontend
X-ORACLE-DMS-ECID
X-Microsite
X-Request-Handler-Origin-Region
X-Rid
X-Hostname
X-Logged-In
X-TTL
Realpath
X-DIS-Request-ID
Server-Name
Healthy
X-FB-Debug
X-Varnish-Backend
X-Git-Hash
X-Geo-Country
X-Www-Served-By
X-NGENIX-Cache
Cleartype
X-Cluster-Name
X-Debug-Info
X-Page-Id
X-Load-Cache
Payment
DC
MS-Author-Via
X-Protected-By
X-Forwarded-Proto
X-ASPNET-VERSION
Access-Control-Allow-Method
Content-Disposition
X-Origin-Cache
X-DataDome
X-B3-Sampled
Charset
X-Upgrade-Enabled
X-Goog-Metageneration
X-GUploader-UploadID
X-AppVersion
X-Az
X-Kong-Upstream-Latency
X-Proxy
X-Kong-Proxy-Latency
X-Activity-Id
X-Times
X-Seen-By
Count-Hit
X-ECache
X-F-Cache
X-Amz-Meta-S3cmd-Attrs
X-B3-Traceid
X-Amz-Replication-Status
Cross-Origin-Resource-Policy
Paypal-Debug-Id
X-Fb-Rlafr
X-Whom
X-Azure-Ref
X-B
X-Revision
X-Contextid
X-Type
X-Akamai-Edgescape
Surrogate-Key
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-App-Environment
X-Providence-Cookie
X-Request-Guid
X-Aspnetmvc-Version
Viewport
X-Route-Name
Accept-Charset
X-Varnish-Server
Retry-After
X-TT
X-Wix-Request-Id
X-Cache-Age
X-Hosted-By
X-Language
X-B-Cache
X-Signature
X-DynaTrace
X-Envoy-Decorator-Operation
X-Cache-Control
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-App-Server
X-Source
X-Magnolia-Registration
X-Varnish-Grace
X-Mobile
Amp-Access-Control-Allow-Source-Origin
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Version
WPO-Cache-Message
WPO-Cache-Status
Host
X-VCache
X-Server-ID
X-N
Refresh
X-Cache-Rule
X-HTML-Minification-Powered-By
Referer-Policy
X-Varnish-Age
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
Access-Control-Request-Headers
X-Response-Served-From
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Time
X-Original-Request-Id
X-Cache-Status-Check
X-Rule
X-EdgeConnect-Cache-Status
X-Framework
X-Jobs
X-RTag
Protected
X-G
X-UUID
MS-CV
SD-X-WS
X-Cacheable-TTL
Ms-Operation-Id
X-Cache-Grace
X-Content-Powered-By
X-Backend-Name
X-FW-Version
X-Device-Type
X-FW-Hash
X-FW-Dynamic
X-Environment-Context
X-L-Path
X-FW-Static
Section-Io-Cache
X-ProcessESI
CDN-RequestId
X-FW-Serve
X-User-Agent
X-RemovedCookies
X-FW-Server
X-FW-Type
X-Status
X-Page-View
From-Origin
VIX-Pulpo-Upstream-Status
Akamai-GRN
X-Tt-Trace-Host
GEO-INFO
X-Tt-Trace-Tag
VIX-Pulpo-Node
NGB
X-Drupal-Cache-Contexts
X-Adobe-Content
X-Adobe-Loc
X-Rendered-As
Front
X-Instance
X-Http-Reason
X-NYM-Debug-Backend
X-Is-Bot
X-Region
X-Drupal-Cache-Tags
X-Cache-Expired-At
X-Akamai-Request-ID2
X-Nginx-Cache
X-XRDS-LOCATION
Url
X-Unique-Id
X-Servername
X-Trace-Id
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Liferay-Portal
Accept-Language
X-Varnish-Ttl
X-Content-Options
X-RateLimit-Limit
X-Template
SRV
X-Debug-IsConnected
X-Debug-IsPreview
X-Fastly-Request-Id
Fastly-SWR
Fastly-SIE
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Time
X-Newrelic-App-Data
Backend
X-Zen-Fury
X-CDN-Forward
X-Cache-Hit
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-DynaTrace-JS-Agent
Country
X-Mode
Content-Secure-Policy
X-Rocket-Nginx-Serving-Static
X-COUNTRY
X-Uri
Node
X-Cache-Operation
X-Rewrite-Enabled
X-Content-Age
X-UPSTREAM-Address
X-RN-RSRV
X-Tumblr-Pixel-3
X-ARC
X-IPS-LoggedIn
S-Rt
X-Cache-Server
Onion-Location
X-Generation-Time
Meta-Geo
X-Edge-Location
Filters
X-Tumblr-Pixel-2
Webserver
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-Version
Azure-RegionName
X-Proxy-Cache-Info
X-Timing-Wait
X-PHP-Backend
X-Proxy-Build
X-Tb
X-App-Version
X-Web-Node
X-Locale
Uber-Trace-Id
Cache-Hits
CF-IPCountry
X-Amzn-Remapped-Content-Length
Selected-Fe
X-Sucuri-ID
X-Sucuri-Cache
X-Skip-Cache
X-Soup
WP-Super-Cache
X-Via-Fastly
X-Site-Version
X-Ua
Countrycode
X-Server-W
X-ProxyCache-Status
X-Labrador-Cache-Channel
X-Origin-Date
X-Cache-Action
X-BYPASS-REASON
Cache-Name
X-PHP-Host
X-Proto
X-Say-TTL
X-Say-Cacheable
X-Reqid
X-ProxyCache-Key
X-SayCDN-TTL
X-Cms-Context
ServerID
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
X-Access
Cache-Tv-Group
Webcakes-Region
Webcakes-App-Version
Property-Id
X-Cache-Host
X-Ms-Version
X-URL
X-Sql-Duration-Ms
X-Sql-Count
X-Ms-Request-Id
X-Varnish-Beresp-Grace
X-Handled-By
X-IPLB-Instance
X-IPLB-Request-ID
X-VC-Cache
X-Debug
Webcakes-App-Name
X-Section
X-Routing-Service
X-Proxied
X-UA-Device-Type
X-Forwarded-Host
X-Cluster-Node
X-Zipkin-Id
X-Origin-Hint
X-Proxy-Cache-Status
X-Extlb
X-Format
X-SaId
X-R9-Blue-Green-Version
X-AWS-Id
X-JoinUs
X-Adobe-Source
X-VWS-Id
Apigw-Requestid
X-LAGOON
X-Cluster
X-FB-TRIP-ID
ServedBy
X-No-Session
Cross-Origin-Window-Policy
X-Optimistic-Header
X-Ruxit-Js-Agent
DB-Nickname
Web-Mar-Node
X-Real-IP
X-LJ-Flow-ID
X-Cache-TTL-Remaining
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
Mn-Server-Ip
X-Detected-As
X-GeoCountry
Fastcgi-Useragent
X-LSADC-Cache
X-Director
X-GeoCode
X-Xfnlog-Site
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Node-Name
X-Oneagent-Js-Injection
Mime-Version
Frame-Options
Source
Upgrade-Insecure-Requests
X-Tt-Logid
X-Varnish-Hits
Fastly-Drupal-HTML
X-GEO
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-Buckets
CDN-RequestCountryCode
X-Hl-Ver
CDN-PullZone
X-Generated-By
CDN-Uid
X-Tec-Api-Root
X-Tec-Api-Origin
Load-Balancing
X-Tec-Api-Version
X-TIME
X-Varnish-Cache-Hits
X-Cdn
X-SRV
X-FireWall-Port
Xet-Cookie
X-Request-Time
X-TA-CDN-Provider
X-ServerID
X-Varnish-Hostname
X-Mg-Request-UUID
X-Api-Version
X-Origin-CC
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Redis-Cache
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Origin-TTL
X-RM-Cache-TTL
X-Loop
X-Cache-Debug
CF-Cached-On
X-Akamai-Transformed
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Served-From
X-ShardId
X-ShopId
X-Storefront-Renderer-Rendered
X-Tx-Id
X-Alternate-Cache-Key
X-Storage
X-Pubstack
X-Endurance-Cache-Level
Xserver
X-Pass-Why
X-Provided-By
X-Restarts
X-Request-Host
X-Newrelic-Synthetics
X-Service
Server-Info
X-Nyt-Route
X-Origin
DSUID
Edge-Cache
X-Gdpr
DCR-Processing-Time-Ms
DCR-Decision-By
Candidate-Md5Url
BehaviorPad-Version
A
X-INCAP-ABP
X-External-Request-Id
X-Loc
Cache-Host
X-Mid
X-Generated-On
X-Men
X-Mobile-URL
X-Ec-Fail
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A
WWW-Authenticate
X-CUA
X-Core-Mission
X-Conf
X-CMSURLCustom
X-A-Wwc
X-Aed
X-Bip
X-Cache-NE
X-Cache-Date
X-Cache-Info
X-BCube-Filmed-By
X-Bc-Bl
X-Cdn-Origin
X-Akamai-Device-Characteristics
X-Application
X-B-Cookie
Thinkindot-Control
Thinkindot-CacheControl-Type
Meta-Geo-Continent
Ngx.Var.Host
Odigeo-Trace-Id
Origin
Memcached
MD5-Digest
X-Epic-Correlation-Id
Host-ID
X-Ec-GeoHdr
Lang
X-Developer
X-Destination
X-D
T-Server
TDXMobile
Thinkindot-CacheControl
Surrogated-Key
Sslversion
Redirect-Candidate
Release
Rendered-Blocks
Server-Host
Gannett-Cam-Experience-Id
X-Level-Front-Cache
X-S-Cookie
X-Vdms-Path
X-ScT
X-CACHE-AGE
X-Processor
X-Vdms-Version
X-We-Are-Hiring
X-Response-By
X-Rojux
X-S
Xc-Version
X-Sn-Servicetimems
X-S-Maxage
X-Test
X-Origin-Time
X-SVT-ORM-RULES
X-Thanos
X-SVT-ORM-VERSION
X-SRCache-Key
X-Thinkindot-L3
X-TIM-N
X-CSRF-Token
X-Location
X-WP-CF-Super-Cache-Active
X-Esi-Check
Expect-Staple
X-Worker
Platform
X-VServer
X-Vmg-Version
NM-Fastcgi-Cache
Req-Svc-Chain
X-Cache-Bucket
Magicmarker
X-Ec-Custom-Error
C-Via
X-Rocket-Build-Number
Mail-Subject
Gh-Request-Id
Is-Eu
X-Dispatcher-Number
X-Dispatcher-Server
X-Origin-Expires
Fastly-Backend-Name
X-DefElseHash
X-Sigma
X-TNCMS
X-Varnish-CookieHashed-On
X-Server-IP
We-Hiring
X-Sigma-Backend
X-Slack-Backend
X-Variation
X-Ad-Defer-Variation
X-Accel-Expires-Debug
X-Slack-Shared-Secret-Outcome
X-CacheTTL
X-SD-PageType
X-BBC-Edge-Cache-Status
X-Varnish-Remaining-TTL
X-Varnishpool
X-Date
X-Var-Ttl
X-Fastly-Backend
X-Varnish-CookieINHashed-On
Tube-Return
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
X-DefHash
Fastly-GeoIP-CountryCode
X-HS-Content-Campaign-Id
X-Hash
X-Httpd
X-Varnish-Beresp-Ttl
X-Is-Gdpr
X-Human
X-Has-Esi
X-Scale
X-Region-Sid
Adler-Geo
X-Geo-Header
X-Req
X-Gzip
X-JWT-State
X-Pool
Section-Io-Id
X-Org
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Origin-Response-Time
Section-Origin-Responded
X-Node-Id
X-Mvc-Supplant-Cachable
X-Platform-Router
X-Cache-Id
X-Platform-Processor
X-Platform-Cluster
X-Platform
AKAMAI
X-GeoIP-City
X-Fetched-On
Click-Count-Action-Start
X-Auto-Login
CloudFront-Viewer-Country
X-Gamma-Serve
Click-Count-Error
CacheControlHeader
Cmsid
Cache-Key
Cmstype
Country-Code
X-Fastly-Cache
X-Via-CDN
X-Air-Pt
Environment
X-Fmm-Version
X-Mly-Id
X-Planisys-CDN-TTL
X-Clara-WADP
Origin-CC
X-V-Cache
X-FC-Vary-Parameters
Origin-EX
X-Owner
Srvid
X-Release
X-Planisys-CDN-Cache
X-Forwarded-Site
On-Server
X-NodeID
X-Planisys-CDN-Rules
X-Cache-Tags
X-Ckpd-Fst-Backend
X-Irp-Debug
X-Qloud-Router
X-GeoIP
X-FL-EDGE
X-Nginx-Cache-Key
X-Device-Os
X-Wix-Viewer-Type
X-WADP-Cache
X-WA-Info
X-Instance-Name
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-FL-QIT-DEBUG
X-Frame-Option
X-Varnish-Beresp-Status
X-DPWN-IS-SECURE
X-Core-Value
X-Developers
X-SB
X-Cdn-Srv
Locid
X-Azure-Ref-OriginShield
Web-Mar-Region
X-Accel-Buffering
Vix-Hermes-Req-Id
Machine
Ssr
Producers
Datacenter
Canary
X-Vcl-Version
State
HostName
X-App
X-Cache-FS-Status
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
PFcat
Sever-Int
User-Cache-Control
Wxu-Next-Commit
Server-Hostname
X-Gen-Mode
X-From
X-VarnishDD-TTL
X-HN
L
Wxu-Next-Hostname
X-Block-Status
X-Hnp-Log
X-Old-Content-Length
X-Minions-Version
X-NCache
Cache-Provider
Wxu-Next-Region
X-Op-Id-All
X-Aicache-OS
Server-Ext
Apple-News-Services-Handled
X-VG-TLSProxy
Apple-News-Services-Host
NGX
X-Esi
X-Request-Start
X-Ua-Device
X-Platform-Server
Kp-EeAlive
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Parent-Response-Time
X-Webkit-CSP-Report-Only
X-VC
X-Zone
X-Eu-Site
X-Cache-Remote
Ha-Gx-Prefs
CDCHOST
X-Nananana
X-Microcachable
X-Mvc-Supplant-OutputCached
HA-Ipaddr
Fastly-SSL
X-CGP
X-Csrf-Jwt
X-Cache-Enabled
L5d-Success-Class
X-Client-Ip
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DC
X-Lambda-Id
X-Up
X-RCS-CacheZone
X-Refresh
X-LB-NoCache
X-B3-Spanid
X-Correlation-ID
X-VCT
X-Cache-Backend
X-Via-Popv
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Poph
Env
X-Via-Popn
Pics-Label
X-Dc
X-B3-SpanId
X-Trace-ID
Decoy-Debug-Status
Decoy-Debug-TTL
GeoIP-Latitude
VNS-Age
X-Render-Time
CPC-Cache
CPC-Age
Cluster
Decoy-Debug-Key
VNS-Cache
X-Cached-By
X-Vtex-Remote-Cache
X-Generated-In
X-ND-Cache
NtCoent-Length
X-Upstream-Ct
X-Upstream-Ht
AMP-Access-Control-Allow-Source-Origin
SID
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Sid
Cache
X-HA-Backend
X-Webkit-CSP
X-Cs
X-Cache-Type
X-NWS-UUID-VERIFY
X-Tid
X-LB-ID
Time
X-TH-Server
X-Edge-Pop
Memory
X-HS-Status
X-Servedbyhost
X-DataCenter
X-ATG-Version
X-Presslabs-Stats
Fastly-Drupal-Html
X-Nc
X-Wa
X-AIR-PT
X-Cache-ASPX
Server-ID
X-Vgn-Hpd-Variations-Key
X-NewRelic-App-Data
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Svr
Cdn
X-Via-JSL
Srv
X-Srv
Uri
X-ZONE
GeoIp-Country-Code
X-Check-Cacheable
X-MP-GENERATED-AT
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-CF-Lambda-Version
X-Fpc
X-Vc
Esi-Enabled
X-Proxy-CacheRZ
XkeyRZ
X-Amz-Meta-Cb-Modifiedtime
True-Client-IP
X-CS
Hostname
X-Udemy-Cache-App-Namespace
X-Wikidot-Static-Cache
X-Nf-Request-Id
N-Cache
M-TraceId
X-CACHE-KEY
X-Wikidot-Backend
X-CSRF-TOKEN
YJS-ID
X-Varnish-Beresp-TTL
X-Datadome
X-NGINX-Cache
XServer
Resin-Trace
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Skip-Cache
Cdncip
Cdnsip
RNT-Machine
X-Gateway-Cache-Key
Lb
RNT-Time
X-Bl-Debug
X-Orig-Expires
X-API-Version
X-Tenant
X-Forwarded-Path
X-Shop-Environment
X-AK-Request-ID
X-CDN-Cache-Status
X-EC-Lua
X-TX-ID
X-MSEdge-Flight
X-Via-NSCOPI
X-Fastly-Country-Code
OT-Force-Account-Verify
True-Client-Ip
X-FPC
X-MSEdge-Features
X-App-Name
X-B3-Trace-ID
X-Policy
Sm-Log-Id
X-Service-Response-Time
Eomportal-Instance
CDN
Path
Server-Id
X-Cache-Ttl
X-Logging-Id
GeoIP-Country-Code
X-WA
X-Vcache
Ngx-Var-Key
X-APP-VERSION
X-Micro-Cache
X-CLOUD-TRACE-CONTEXT
X-Accel-Version
Hit
X-Container-Uri
X-Git-Commit
X-Edge-POP
X-Cache-NGX
X-NC
X-Datacenter
X-Lb-Id
IsBot
X-VCL-Version
X-Cdn-Diag
LB
X-SIPLIST1
X-MCACHE
X-ServedByHost
X-RateLimit-Reset
X-Request-URI
X-Ha-Backend
HIT
X-Cdn-Forward
X-Tncms
RATING
X-Cdn-Cache-Status
X-SERVER-NAME
X-Info
Pramga
X-LiteSpeed-Cache-Control
X-Geo
X-Acquia-Purge-Cdn-Unconfigured
V-Age
X-VG-WebCache
X-Snapshot-Date
XM
Cross-Origin-Opener-Policy-Report-Only
Timeexpire
FSS-Cache
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Location
Geoip-Latitude
X-TT-LOGID
Tcn
X-Akamai-Pragma-Client-IP
X-Ctl-Mach
X-Via-PopH
X-Via-PopN
X-Via-PopV
Epwk-X-Cache
X-Pod-Name
Yjs-Id
Ohc-File-Size
X-Clientip
X-Lb-Nocache
Req-ID
X-LiteSpeed-Tag
True-Client-Country-4JS
CDN-RequestPullCode
ENV
CDN-RequestPullSuccess
X-HostName
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Iauth-Set-Uid
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Serial
X-Hyper-Cache
X-Amz-Meta-Opti
X-Dw-Trace-Id
X-TRACE-ID
X-M-Reqid
X-M-Log
Warning
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
X-UP
X-Cdn-Request-ID
X-RAMCache
Proxy-Connection
X-Oss-Storage-Class
Ec-Rule-Version
Cneonction
WZWS-RAY
X-Acquia-Application-Trace
Content-Style-Type
X-Fastly-Backend-Reqs
Content-Script-Type
X-Oss-Hash-Crc64ecma
X-Cache-Expires
Servername
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Qnm-Cache
X-MiniProfiler-Ids
X-Lsadc-Cache
CountryCode
X-WP-CF-Super-Cache-Cookies-Bypass
W
Ohc-Cache-HIT
X-Akamai-ERRuleID
PICS-Label
X-B3-Parentspanid
My-App
X-Akamai-ERPolicy
MIME-Version
X-IPS-Cached-Response
X-Th-Server
Ngx
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-Mg-Cache
X-Litespeed-Cache-Control
X-Webstats-RespID
X-Swift-Error