Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-Id
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
P3p
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Status
Upgrade
X-CDN
X-AspNetMvc-Version
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
X-Proxy-Cache
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Host-Header
Cf-Edge-Cache
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dns-Prefetch-Control
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Apo-Via
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Ruxit-JS-Agent
X-Server-Id
EagleEye-TraceId
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Backend-Server
Request-Id
X-Cache-Spec
X-Readtime
X-Cache-Lookup
X-HW
X-Content-Security-Policy-Report-Only
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Cloud-Trace-Context
X-Application-Context
X-Response-Time
Accept-Ch-Lifetime
Fastly-Restarts
Permissions-Policy
X-Nginx-Upstream-Cache-Status
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
Accept-CH-Lifetime
X-Mcache
X-Content-Type
Content-Location
X-Url
X-MS-InvokeApp
X-CST
X-Clacks-Overhead
X-Country
X-Midtier
X-Amz-Server-Side-Encryption
Rating
X-PC
X-Vname
X-TtlSet
X-Litespeed-Cache
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-VARITI-CCR
Origin-Trial
Verso
X-Element-Page-Cache
X-Rack-Cache
X-Server-Name
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Ttl
X-Ac
X-GitHub-Request-Id
X-Powered-By-Plesk
X-ECACHE
X-Cnection
Service-Worker-Allowed
X-Amz-Rid
X-Client-IP
SPRequestGuid
X-SharePointHealthScore
Xkey
X-Navigation-Version
X-Abt-Application-Version
Edge-Control
X-B3-TraceId
X-NWS-LOG-UUID
SPIisLatency
SPRequestDuration
X-Upstream
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Browser-Type
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Cached
X-Mg-S
X-Dw-Request-Base-Id
X-Varnish-TTL
X-Px
X-Cache-Key
X-FastCGI-Cache
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Correlation-Id
X-NF-Request-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
Edge-Cache-Tag
X-Forwarded-For
Content-MD5
X-Country-Code
X-Goog-Hash
Front-End-Https
X-Webkit-Csp
X-Powered-CMS
TCN
X-Version
X-Id
Public-Key-Pins
AR-Request-ID
AR-ATIME
AR-SID
AR-CACHE
AR-PoweredBy
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-MSEdge-Ref
X-Content-Digest
X-Ratelimit-Limit
X-T
X-Recruiting
X-XRDS-Location
X-Ser
X-RateLimit-Remaining
X-Amzn-Trace-Id
Accept-Ch
X-Accel-Expires
X-Daa-Tunnel
Response
X-Middleton-Response
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
S
Nginx-Cache
Cache-Status
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Request-Received
X-Request-Processing-Time
X-HS-Cache-Config
Server-Node
Cache-Tags
X-Distributor
X-Hits
X-Ratelimit-Remaining
X-Edge-Location-Klb
X-Kinsta-Cache
Cross-Origin-Opener-Policy
X-LB-Cache
X-Fastcgi-Cache
Fastcgi-Cache
X-Origin-Server
X-Ratelimit-Reset
X-Ua-Browser
Alternate-Protocol
X-Ezoic-Cdn
X-Grace
Server-Name
X-DIS-Request-ID
Filterid
X-PressLabs-Stats
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Microsite
X-Geo-Country
X-Request-Handler-Origin-Region
X-Fastly-Request-ID
X-Rid
X-Hostname
X-LLID
Healthy
X-Frontend
X-Git-Hash
X-Protected-By
Payment
X-Logged-In
X-Debug-Info
X-Varnish-Backend
X-Page-Id
Cleartype
X-DataDome
X-Forwarded-Proto
X-Load-Cache
X-FB-Debug
X-Www-Served-By
X-NGENIX-Cache
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cluster-Name
DC
X-Origin-Cache
MS-Author-Via
Realpath
X-ASPNET-VERSION
Charset
Content-Disposition
X-ECache
Access-Control-Allow-Method
X-B3-Sampled
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
X-Proxy
X-Kong-Upstream-Latency
X-Activity-Id
X-Az
X-Kong-Proxy-Latency
X-AppVersion
X-F-Cache
X-Seen-By
X-Amz-Replication-Status
Retry-After
Paypal-Debug-Id
X-B3-Traceid
Cross-Origin-Resource-Policy
X-Request-Guid
X-Providence-Cookie
X-Revision
X-Type
X-Route-Name
Count-Hit
X-Flags
X-Aspnet-Duration-Ms
X-Contextid
X-Is-Crawler
Viewport
X-App-Environment
X-Amz-Meta-S3cmd-Attrs
X-Wix-Request-Id
X-Whom
X-Azure-Ref
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-Fb-Rlafr
X-TTL
Accept-Charset
X-Signature
X-B-Cache
X-Hosted-By
X-Server-ID
X-B
X-Akamai-Edgescape
X-TT
X-Varnish-Server
X-Aspnetmvc-Version
X-DynaTrace
X-VCache
X-Cache-Age
X-Language
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-App-Server
X-Source
X-Cache-Control
Referer-Policy
X-Mobile
X-Times
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Fastly-Request-Id
X-Magnolia-Registration
X-Varnish-Grace
Host
X-Envoy-Decorator-Operation
Version
X-HTML-Minification-Powered-By
X-COUNTRY
X-N
X-Tt-Trace-Host
X-Tt-Trace-Tag
Refresh
X-Cache-Rule
X-Original-Request-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Response-Served-From
SRV
Ms-Operation-Id
X-Rule
WPO-Cache-Status
WPO-Cache-Message
X-Varnish-Ttl
X-Cache-Time
X-RTag
MS-CV
SD-X-WS
Access-Control-Request-Headers
X-EdgeConnect-Cache-Status
X-Varnish-Age
X-Framework
X-UUID
X-FW-Version
X-Backend-Name
Section-Io-Cache
GEO-INFO
Akamai-GRN
X-FW-Type
X-Content-Powered-By
X-Page-View
X-ProcessESI
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-FW-Serve
X-RemovedCookies
X-Cache-Status-Check
X-FW-Static
X-G
X-Device-Type
X-Cache-Grace
X-Is-Bot
X-Cache-Expired-At
X-User-Agent
X-Instance
X-Drupal-Cache-Tags
VIX-Pulpo-Node
X-Cacheable-TTL
X-Rendered-As
VIX-Pulpo-Upstream-Status
X-Akamai-Request-ID2
X-Drupal-Cache-Contexts
X-Status
X-Trace-Id
X-NYM-Debug-Backend
X-Http-Reason
CDN-RequestId
Protected
X-Adobe-Content
From-Origin
X-Adobe-Loc
X-Amzn-RequestId
X-Amz-Apigw-Id
NGB
X-Jobs
X-L-Path
X-Environment-Context
X-Servername
Url
X-Region
X-Template
Front
X-CDN-Forward
X-RateLimit-Limit
X-Debug-IsPreview
Accept-Language
X-Debug-IsConnected
X-Unique-Id
X-Nginx-Cache
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Hit
X-XRDS-LOCATION
X-Content-Options
Fastly-SIE
Fastly-SWR
Backend
X-Zen-Fury
Country
X-Air-Hostname
X-Air-Source
Liferay-Portal
X-Air-Trace-Id
X-TIME
X-DynaTrace-JS-Agent
X-Tb
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Cache-Operation
X-Mode
Content-Secure-Policy
X-Real-IP
X-Tt-Logid
X-Cache-Server
Webserver
X-Proxy-Cache-Info
X-UPSTREAM-Address
X-Amzn-Remapped-Content-Length
Uber-Trace-Id
X-Generation-Time
Filters
Meta-Geo
X-Rewrite-Enabled
X-Tumblr-Pixel-2
X-Newrelic-App-Data
X-Rocket-Nginx-Serving-Static
X-RN-RSRV
X-IPS-LoggedIn
X-Proxy-Build
X-PHP-Backend
Azure-Version
CF-IPCountry
X-Access
Selected-Fe
Cache-Hits
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Format
X-Web-Node
X-Section
X-Timing-Wait
Cache-Name
X-Server-W
X-SayCDN-TTL
X-Say-TTL
X-Soup
X-Sql-Count
X-Cluster-Node
X-Sucuri-ID
X-Sucuri-Cache
X-Sql-Duration-Ms
X-Say-Cacheable
Webcakes-Region
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-Connection-Speed
ServedBy
X-Node-Name
Webcakes-App-Version
Webcakes-App-Name
Property-Id
X-Content-Age
X-Debug
X-Origin-Hint
X-R9-Blue-Green-Version
X-Ms-Request-Id
Node
X-Ms-Version
X-Tec-Api-Origin
X-Proto
X-Tec-Api-Root
Onion-Location
X-UA-Device-Type
X-Tec-Api-Version
X-Reqid
DB-Nickname
X-ProxyCache-Status
X-PHP-Host
X-BYPASS-REASON
X-Labrador-Cache-Channel
X-VC-Cache
X-Locale
X-Cache-TTL-Remaining
X-Handled-By
X-Ua
Web-Mar-Node
X-Cms-Context
ServerID
X-Proxy-Cache-Status
X-Via-Fastly
X-ProxyCache-Key
X-Site-Version
X-WP-CF-Super-Cache-Cache-Control
X-SaId
X-Forwarded-Host
X-Cache-Host
X-LAGOON
X-FB-TRIP-ID
X-Detected-As
X-IPLB-Instance
X-IPLB-Request-ID
X-JoinUs
X-Tumblr-Pixel-3
X-VWS-Id
X-LJ-Flow-ID
X-Varnish-Beresp-Grace
X-Adobe-Source
X-AWS-Id
X-Cache-Action
X-WP-CF-Super-Cache
X-Origin-Date
X-Skip-Cache
X-Cluster
Mn-Server-Ip
X-Edge-Location
X-No-Session
X-Extlb
X-Routing-Service
X-Uri
X-Zipkin-Id
X-Proxied
X-Optimistic-Header
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Xfnlog-Site
Cross-Origin-Window-Policy
X-GeoCountry
X-LSADC-Cache
S-Rt
X-GeoCode
Mime-Version
Fastcgi-Useragent
Apigw-Requestid
Countrycode
WP-Super-Cache
X-Ruxit-Js-Agent
Source
X-Buckets
X-App-Version
X-ARC
X-Director
CDN-RequestCountryCode
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-Time
Upgrade-Insecure-Requests
Cache-Tv-Group
X-Hl-Ver
X-Varnish-Hits
X-Oneagent-Js-Injection
X-GEO
X-Generated-By
X-Request-Time
Fastly-Drupal-HTML
X-Mg-Request-UUID
X-Redis-Cache
X-Cache-Debug
X-Tx-Id
Xet-Cookie
Frame-Options
CF-Cached-On
X-Varnish-Cache-Hits
X-Loop
X-FireWall-Port
X-Origin-TTL
X-Origin-CC
X-SRV
X-URL
X-Pass-Why
X-RM-Cache-TTL
X-Varnish-Hostname
X-TNCMS
X-ServerID
X-TA-CDN-Provider
X-Api-Version
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Trace-Id
X-ShopId
X-Shopify-Stage
X-Akamai-Transformed
X-ShardId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
Load-Balancing
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Served-From
X-Pubstack
X-Request-Host
X-Newrelic-Synthetics
X-Endurance-Cache-Level
X-Location
Server-Info
X-NWS-UUID-VERIFY
X-Service
Redirect-Candidate
DCR-Decision-By
X-Mid
X-Loc
DCR-Processing-Time-Ms
X-Vdms-Version
X-Level-Front-Cache
Meta-Geo-Continent
X-CUA
X-Bc-Bl
Req-Svc-Chain
X-Conf
X-Vdms-Path
X-Mobile-URL
Edge-Cache
X-D
X-BBC-Edge-Cache-Status
DSUID
Release
X-Thinkindot-L3
X-Gdpr
X-Generated-On
Cache-Host
X-Ec-GeoHdr
Origin
BehaviorPad-Version
X-Epic-Correlation-Id
A
X-External-Request-Id
Odigeo-Trace-Id
X-Application
X-We-Are-Hiring
X-INCAP-ABP
X-CMSURLCustom
X-Developer
X-A-Wwc
X-B-Cookie
Ngx.Var.Host
X-Ec-Fail
Candidate-Md5Url
X-Aed
X-Httpd
X-Destination
Rendered-Blocks
X-Cache-Date
Surrogated-Key
X-ScT
T-Server
TDXMobile
X-S-Maxage
X-S-Cookie
MD5-Digest
X-Rocket-Build-Number
X-Rojux
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-SRCache-Key
X-BCube-Filmed-By
X-Test
X-Thanos
X-TIM-N
X-Sigma-Backend
Xc-Version
X-Sigma
Lang
X-Bip
X-Cache-Info
X-S
X-Platform-Cluster
WWW-Authenticate
X-Platform-Processor
X-Nyt-Route
X-A-Dam
X-Origin-Time
Gannett-Cam-Experience-Id
Sslversion
X-Platform-Router
Host-ID
X-A-Ccd
Xserver
X-A
X-A-Dcw
X-A-Dgt
X-Processor
Memcached
X-Cache-NE
X-Restarts
X-B3-Spanid
X-CACHE-AGE
X-Storage
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Fastly-Backend-Name
Apple-News-Services-Handled
Cache-Key
X-Ec-Custom-Error
Fastly-GeoIP-CountryCode
X-Developers
CloudFront-Viewer-Country
X-Cache-Bucket
CacheControlHeader
X-Cdn-Srv
Gh-Request-Id
C-Via
Mail-Subject
X-Clara-WADP
X-Is-Gdpr
X-Mvc-Supplant-Cachable
X-Varnishpool
We-Hiring
X-Node-Id
Section-Io-Id
Section-Io-Origin-Status
Magicmarker
AKAMAI
Section-Io-Origin-Time-Seconds
Server-Host
X-Org
X-Var-Ttl
X-WP-CF-Super-Cache-Active
X-Worker
X-SD-PageType
X-Varnish-Beresp-Status
X-Origin
X-Origin-Response-Time
X-Pool
X-Vmg-Version
Section-Origin-Responded
X-HS-Content-Campaign-Id
X-WADP-Cache
X-Geo-Header
X-Akamai-Device-Characteristics
X-Has-Esi
X-GeoIP
X-Auto-Login
X-Human
NM-Fastcgi-Cache
X-VServer
X-JWT-State
X-Fetched-On
X-Fmm-Version
X-GeoIP-City
X-Varnish-Beresp-Ttl
X-Parent-Response-Time
X-Azure-Ref-OriginShield
X-Ad-Defer-Variation
X-Accel-Buffering
User-Cache-Control
Wxu-Next-Hostname
X-App
Web-Mar-Region
Wxu-Next-Region
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-Gzip
X-Request-Start
X-Hash
X-Fastly-Cache
X-Scale
X-Req
X-Qloud-Router
X-Sn-Servicetimems
X-NodeID
X-Op-Id-All
X-Platform
X-Core-Mission
X-Cdn-Origin
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-VG-TLSProxy
X-WA-Info
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Country-Code
X-Variation
X-Wix-Viewer-Type
X-Nginx-Cache-Key
X-NCache
X-Dispatcher-Server
X-Esi-Check
X-FC-Vary-Parameters
X-Forwarded-Site
X-Device-Os
X-DefHash
X-SVT-ORM-VERSION
X-Cache-Tags
X-Core-Value
X-DefElseHash
X-Frame-Option
X-Gen-Mode
X-SVT-ORM-RULES
X-LB-NoCache
X-Mly-Id
Tube-Return
X-Irp-Debug
X-Hnp-Log
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-HN
X-Block-Status
X-Cache-Id
NGX
Machine
Adler-Geo
On-Server
Origin-CC
Tube-Got-Results
Origin-EX
Kp-EeAlive
Is-Eu
Canary
Cache-Provider
CDCHOST
Click-Count-Action-Start
Datacenter
Click-Count-Error
PFcat
L
Ssr
Sever-Int
Platform
Server-Ext
Tube-Got-Eval
Tube-Get-Contents
Server-Hostname
X-Air-Pt
Environment
X-Dispatcher-Number
X-Instance-Name
X-Date
X-CGP
X-Ckpd-Fst-Backend
Fastly-SSL
X-Region-Sid
X-Slack-Shared-Secret-Outcome
X-Eu-Site
X-DPWN-IS-SECURE
X-Slack-Backend
X-Server-IP
X-Fastly-Backend
X-Gamma-Serve
X-Men
X-Csrf-Jwt
Ha-Gx-Prefs
X-CacheTTL
L5d-Success-Class
X-CSRF-Token
X-Old-Content-Length
X-SB
X-Minions-Version
Producers
X-Platform-Server
X-Cache-Remote
X-Origin-Expires
HA-Ipaddr
X-Accel-Expires-Debug
X-Presslabs-Stats
X-Microcachable
X-Mvc-Supplant-OutputCached
Cmsid
State
X-Tid
Cmstype
X-Provided-By
X-V-Cache
X-Tb-Optimization-Total-Bytes-Saved
Decoy-Debug-Key
X-Planisys-CDN-Rules
X-Release
Decoy-Debug-TTL
Pics-Label
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Decoy-Debug-Status
X-Cache-Backend
X-Nananana
Cluster
X-Webkit-CSP-Report-Only
X-Aicache-OS
Expect-Staple
X-Cache-FS-Status
X-Refresh
X-Response-By
Env
GeoIP-Latitude
X-Via-CDN
X-DC
X-Zone
X-FL-EDGE
Srvid
X-FL-QIT-DEBUG
Time
X-RCS-CacheZone
HostName
X-Correlation-ID
Locid
Memory
X-NewRelic-App-Data
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
X-Vcl-Version
X-ND-Cache
X-Generated-In
X-From
X-Servedbyhost
X-Dc
X-Cache-Enabled
X-Trace-ID
SID
X-Edge-Pop
X-DataCenter
Svr
X-Up
Cache
X-Vc
NtCoent-Length
X-Cached-By
X-VC
X-Srv
X-Debug-Cache-Store
Sid
X-Nc
X-Debug-Cache-Fetch
X-Webkit-CSP
X-Lambda-Id
X-ZONE
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Wa
X-HS-Status
X-Vgn-Hpd-Cached
Cdn
X-AIR-PT
VNS-Age
VNS-Cache
X-Via-Poph
X-Esi
CPC-Age
CPC-Cache
X-Render-Time
GeoIp-Country-Code
X-VCT
X-Via-Popn
Fastly-Drupal-Html
X-NGINX-Cache
X-Via-Popv
X-Cs
X-Vtex-Remote-Cache
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-CLOUD-TRACE-CONTEXT
Hostname
X-Client-Ip
X-Hcs-Proxy-Type
X-HA-Backend
X-Check-Cacheable
Cdnsip
X-TH-Server
X-AK-Request-ID
X-Amz-Meta-Cb-Modifiedtime
Server-ID
Cdncip
X-Upstream-Ht
True-Client-IP
X-LB-ID
X-Upstream-Ct
X-Via-JSL
X-Cache-Type
AMP-Access-Control-Allow-Source-Origin
X-Via-NSCOPI
X-Gateway-Cache-Key
X-B3-SpanId
X-Gateway-Skip-Cache
X-ATG-Version
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Proxy-CacheRZ
X-CSRF-TOKEN
XkeyRZ
Uri
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
X-Fpc
X-API-Version
X-CS
X-Nf-Request-Id
XServer
M-TraceId
X-Varnish-Beresp-TTL
X-EC-Lua
OT-Force-Account-Verify
Eomportal-Instance
Resin-Trace
X-Udemy-Cache-App-Namespace
Esi-Enabled
X-CF-Lambda-Version
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-FPC
X-MSEdge-Features
X-MSEdge-Flight
X-Micro-Cache
True-Client-Ip
Ngx-Var-Key
X-APP-VERSION
X-MP-GENERATED-AT
X-Datadome
Srv
CDN
X-CDN-Cache-Status
N-Cache
Path
Request-ID
YJS-ID
X-SIPLIST1
X-Forwarded-Path
X-Shop-Environment
X-Bl-Debug
X-Lb-Id
X-Request-URI
X-Wikidot-Static-Cache
X-Wikidot-Backend
RNT-Time
X-Fastly-Country-Code
RNT-Machine
X-Tenant
X-Cache-NGX
IsBot
X-Orig-Expires
GeoIP-Country-Code
X-VCL-Version
Server-Id
X-Cache-Ttl
X-Info
X-Policy
X-Accel-Version
Lb
X-Ha-Backend
X-Service-Response-Time
Sm-Log-Id
X-B3-Trace-ID
X-App-Name
LB
X-TX-ID
X-MCACHE
Location
X-WA
X-Pod-Name
X-Datacenter
X-RateLimit-Reset
Hit
Cross-Origin-Opener-Policy-Report-Only
X-Edge-POP
X-Akamai-Pragma-Client-IP
Servername
HIT
X-Cdn-Cache-Status
X-Via-PopH
X-Cdn-Request-ID
X-NC
X-Via-PopN
X-Via-PopV
Ohc-File-Size
X-SERVER-NAME
X-Cache-Expires
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Logging-Id
X-Geo
X-Vcache
X-Srcache-Store-Status
X-Snapshot-Date
Pramga
X-CACHE-KEY
X-Srcache-Fetch-Status
X-Cdn-Diag
Timeexpire
FSS-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Container-Uri
X-Git-Commit
X-Ctl-Mach
Yjs-Id
Proxy-Connection
X-ServedByHost
Req-ID
Epwk-X-Cache
ENV
Warning
X-Moov-Xdn-Version
X-Moov-T
X-LiteSpeed-Cache-Control
X-TraceId
X-Fastly-Backend-Reqs
X-Hyper-Cache
Geoip-Latitude
X-Serial
X-Cdn-Forward
XM
X-Amz-Meta-Opti
X-Scheme
X-Dw-Trace-Id
X-VG-WebCache
WZWS-RAY
Traceparent
X-UP
X-M-Reqid
X-MiniProfiler-Ids
X-M-Log
X-Acquia-Purge-Cdn-Unconfigured
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Tncms
CDN-RequestPullCode
X-Qnm-Cache
CDN-RequestPullSuccess
True-Client-Country-4JS
X-RAMCache
X-Acquia-Application-Trace
X-B3-Parentspanid
X-Lb-Nocache
X-ApacheServer
Ec-Rule-Version
X-Swift-Error
X-Viewer-Country
Content-Style-Type
Cneonction
X-PERF
Content-Script-Type
CountryCode
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-TT-LOGID
X-F-Status
X-Lsadc-Cache
X-Litespeed-Cache-Control
X-Mg-Cache
X-Iauth-Set-Uid
V-Age
X-Mid-Debug-Cache-Disk
Ohc-Cache-HIT
X-Mid-Debug-Cache-Key
X-LiteSpeed-Tag
Ngx
My-App
MIME-Version
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-Cache-Ngx
X-Request-URL
Inserted-Into-Cache-At
X-Webstats-RespID
X-Th-Server
X-IPS-Cached-Response