Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-UA-Device
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Amz-Id-2
EagleId
X-Backend
X-AH-Environment
X-Proxy-Cache
P3p
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ua-Compatible
X-Device
Cf-Apo-Via
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Pingback
X-Node
X-Host
X-Ruxit-JS-Agent
EagleEye-TraceId
X-Server-Id
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Cache-Spec
X-Cache-Lookup
X-Content-Security-Policy-Report-Only
X-HW
Accept-Ch-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-WebKit-CSP-Report-Only
X-Mod-Pagespeed
X-Country
Content-Location
X-Mcache
Accept-CH-Lifetime
X-Content-Type
X-MS-InvokeApp
X-Url
X-Litespeed-Cache
X-Clacks-Overhead
X-CST
X-Vname
X-PC
X-TtlSet
X-Amz-Server-Side-Encryption
X-Midtier
Rating
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Rack-Cache
X-Cdn-Fetch
Origin-Trial
Verso
X-VARITI-CCR
X-Server-Name
X-Ttl
X-Ac
X-Powered-By-Plesk
X-GitHub-Request-Id
Service-Worker-Allowed
X-Cnection
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
X-Client-IP
Xkey
X-Abt-Application-Version
Edge-Control
SPIisLatency
SPRequestDuration
X-Cache-TTL
X-Upstream
X-ECACHE
Arr-Disable-Session-Affinity
X-Cached
X-Mg-S
X-B3-TraceId
X-NWS-LOG-UUID
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Server-Lifecycle-Phase
X-FastCGI-Cache
X-Kraken-Loop-Name
X-Dw-Request-Base-Id
X-Px
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Cache-Key
Accept-Ch
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-NF-Request-ID
Access-Control-Request-Method
X-Varnish-TTL
X-Forwarded-For
Edge-Cache-Tag
X-Country-Code
X-Correlation-Id
X-Goog-Hash
Content-MD5
X-Powered-CMS
TCN
X-Id
X-RateLimit-Remaining
Front-End-Https
AR-CACHE
AR-Request-ID
AR-ATIME
AR-SID
AR-PoweredBy
X-Ser
Public-Key-Pins
X-Version
X-HP-Webp
X-Jurisdiction
X-Ratelimit-Limit
X-HP-Trace-Id
X-MSEdge-Ref
X-T
X-Content-Digest
X-Recruiting
X-Amzn-Trace-Id
X-Middleton-Response
Response
X-Accel-Expires
TP-L2-Cache
TP-Cache
MicrosoftSharePointTeamServices
X-Shield-Request-Id
S
Nginx-Cache
Cache-Status
X-Daa-Tunnel
X-Request-Processing-Time
X-Webkit-Csp
Server-Node
X-Request-Received
MRF-Tech
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-B3-TraceId-Primal
Mrf-Cache-Status
Cache-Tags
X-XRDS-Location
X-Distributor
X-Hits
Cross-Origin-Opener-Policy
X-PressLabs-Stats
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-ECache
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Edge-Location-Klb
X-Kinsta-Cache
X-LB-Cache
X-Origin-Server
X-Ratelimit-Reset
X-Ua-Browser
X-Ezoic-Cdn
Fastcgi-Cache
Alternate-Protocol
Filterid
X-Ratelimit-Remaining
X-Grace
X-Fastly-Request-ID
X-Frontend
X-Hostname
Server-Name
X-DIS-Request-ID
X-Fastcgi-Cache
X-LLID
X-Microsite
X-Geo-Country
X-Request-Handler-Origin-Region
X-Rid
X-FB-Debug
Healthy
X-Logged-In
X-Git-Hash
X-Varnish-Backend
Cleartype
Payment
X-Debug-Info
X-Protected-By
X-Load-Cache
X-Www-Served-By
X-Page-Id
X-Cluster-Name
X-Forwarded-Proto
X-NGENIX-Cache
Realpath
DC
MS-Author-Via
X-DataDome
Content-Disposition
Access-Control-Allow-Method
X-ASPNET-VERSION
X-Origin-Cache
Charset
X-B3-Sampled
X-B3-Traceid
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Az
X-Proxy
X-AppVersion
X-Activity-Id
X-Seen-By
X-F-Cache
X-Cache-Age
X-Server-ID
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
X-Azure-Ref
Cross-Origin-Resource-Policy
X-Whom
Count-Hit
X-Fb-Rlafr
Paypal-Debug-Id
X-Type
X-Revision
X-B
X-Contextid
Surrogate-Key
Viewport
Accept-Charset
X-App-Environment
X-Request-Guid
X-Is-Crawler
X-Akamai-Edgescape
X-Aspnet-Duration-Ms
X-Flags
Retry-After
X-Providence-Cookie
X-Route-Name
X-Varnish-Server
X-Wix-Request-Id
X-Times
X-Hosted-By
X-TTL
X-TT
X-Varnish-Ttl
X-B-Cache
X-Signature
X-Aspnetmvc-Version
X-DynaTrace
X-Language
Amp-Access-Control-Allow-Source-Origin
X-Source
X-Cache-Control
X-App-Server
X-Envoy-Decorator-Operation
X-Mobile
X-VCache
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Magnolia-Registration
X-Varnish-Grace
X-Fastly-Request-Id
X-Goog-Stored-Content-Length
Version
Host
Referer-Policy
WPO-Cache-Message
WPO-Cache-Status
X-XRDS-LOCATION
X-Cache-Rule
X-N
Refresh
X-HTML-Minification-Powered-By
X-Tumblr-Pixel-0
Access-Control-Request-Headers
X-Varnish-Age
X-Cache-Time
X-Tumblr-Pixel
X-Original-Request-Id
X-Response-Served-From
X-Tumblr-Pixel-1
X-Tumblr-User
X-EdgeConnect-Cache-Status
X-Rule
X-Cache-Status-Check
X-User-Agent
VIX-Pulpo-Node
X-Framework
X-Cacheable-TTL
X-Tt-Trace-Host
X-UUID
X-Jobs
X-Tt-Trace-Tag
X-G
VIX-Pulpo-Upstream-Status
X-Cache-Grace
X-Amzn-RequestId
Ms-Operation-Id
SD-X-WS
MS-CV
X-Amz-Apigw-Id
X-RTag
Protected
X-FW-Version
X-FW-Type
X-Content-Powered-By
X-RemovedCookies
Section-Io-Cache
CDN-RequestId
X-ProcessESI
X-L-Path
X-Oracle-Dms-Rid
X-FW-Hash
X-FW-Dynamic
X-Environment-Context
X-Backend-Name
X-FW-Static
X-FW-Serve
X-Oracle-Dms-Ecid
GEO-INFO
From-Origin
X-FW-Server
X-Status
X-Page-View
X-Instance
Akamai-GRN
X-Nginx-Cache
X-Device-Type
X-Trace-Id
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Cache-Expired-At
X-Akamai-Request-ID2
X-Rendered-As
X-Is-Bot
X-Http-Reason
NGB
X-NYM-Debug-Backend
X-Adobe-Loc
X-Region
X-Adobe-Content
Front
Url
X-Servername
X-RateLimit-Limit
SRV
X-Unique-Id
Accept-Language
X-CDN-Forward
X-Template
X-Content-Options
X-Debug-IsPreview
X-Debug-IsConnected
Liferay-Portal
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Fastly-SWR
X-Yottaa-Metrics
Backend
X-Yottaa-Optimizations
Fastly-SIE
X-Cache-Hit
X-Air-Source
X-Zen-Fury
X-Air-Trace-Id
X-Air-Hostname
X-Newrelic-App-Data
Country
X-DynaTrace-JS-Agent
X-Mode
Content-Secure-Policy
X-Rocket-Nginx-Serving-Static
X-Cache-Operation
X-Time
Node
X-Tb
X-Tumblr-Pixel-2
Webserver
X-UPSTREAM-Address
X-RN-RSRV
X-Cache-Server
Meta-Geo
X-Content-Age
X-Real-IP
Uber-Trace-Id
S-Rt
X-IPS-LoggedIn
X-Proxy-Cache-Info
Onion-Location
Filters
X-Uri
X-Generation-Time
X-Rewrite-Enabled
X-COUNTRY
X-Amzn-Remapped-Content-Length
X-Proxy-Build
Azure-InstanceId
Azure-RegionName
X-Edge-Location
X-Timing-Wait
X-Web-Node
X-PHP-Backend
Azure-SiteName
Selected-Fe
CF-IPCountry
Azure-Version
X-Locale
Azure-SlotName
Cache-Hits
X-PHP-Host
X-Skip-Cache
X-Site-Version
X-Server-W
X-Section
X-Soup
X-Sucuri-Cache
X-Tumblr-Pixel-3
X-Varnish-Beresp-Grace
X-Sucuri-ID
X-SayCDN-TTL
X-Say-TTL
X-Labrador-Cache-Channel
X-Format
X-Cluster-Node
X-Cache-Action
X-Ms-Request-Id
X-Ms-Version
X-Say-Cacheable
X-Proto
X-Origin-Date
Cache-Name
X-Access
X-Proxied
X-Origin-Hint
TWC-Device-Class
X-R9-Blue-Green-Version
X-Reqid
TWC-GeoIP-LatLong
X-Routing-Service
TWC-GeoIP-Country
TWC-Connection-Speed
X-Cache-Host
X-Extlb
X-Forwarded-Host
Cross-Origin-Window-Policy
X-Handled-By
Property-Id
ServerID
ServedBy
X-Debug
TWC-Locale-Group
X-Sql-Count
Webcakes-App-Version
X-Cms-Context
X-BYPASS-REASON
Webcakes-Region
X-ProxyCache-Key
X-Via-Fastly
X-Ua
X-ProxyCache-Status
DB-Nickname
X-Zipkin-Id
TWC-Privacy
X-UA-Device-Type
X-Sql-Duration-Ms
Webcakes-App-Name
X-ARC
X-VC-Cache
Countrycode
X-AWS-Id
X-FB-TRIP-ID
Web-Mar-Node
X-JoinUs
Apigw-Requestid
X-LAGOON
WP-Super-Cache
X-SaId
X-Proxy-Cache-Status
X-VWS-Id
X-Adobe-Source
X-LJ-Flow-ID
X-IPLB-Request-ID
X-IPLB-Instance
X-Urbn-Site-Id
X-Tt-Logid
Locale
Cache-Tv-Group
X-Urbn-Context-Path
X-Optimistic-Header
Mn-Server-Ip
X-Cache-TTL-Remaining
X-Node-Name
X-No-Session
X-Cluster
X-Detected-As
X-LSADC-Cache
X-TIME
X-GeoCountry
X-GeoCode
Fastcgi-Useragent
X-Ruxit-Js-Agent
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-App-Version
X-Xfnlog-Site
X-Director
Mime-Version
Upgrade-Insecure-Requests
Source
X-Varnish-Hits
X-Oneagent-Js-Injection
X-GEO
CDN-PullZone
X-Hl-Ver
CDN-EdgeStorageId
CDN-RequestCountryCode
X-Buckets
CDN-CachedAt
CDN-Cache
Frame-Options
X-Generated-By
CDN-Uid
X-Mg-Request-UUID
X-Request-Time
X-Api-Version
X-Redis-Cache
Xet-Cookie
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Varnish-Cache-Hits
X-FireWall-Port
CF-Cached-On
X-Loop
Fastly-Drupal-HTML
X-RM-Cache-TTL
X-Cache-Debug
X-Origin-CC
X-Origin-TTL
X-ServerID
X-Varnish-Hostname
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Load-Balancing
X-Datadog-Trace-Id
X-TA-CDN-Provider
X-URL
X-Tx-Id
X-SRV
X-Akamai-Transformed
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Storefront-Renderer-Rendered
X-Pass-Why
X-Shopify-Stage
X-ShardId
X-Served-From
X-Pubstack
X-Storage
X-Service
X-Endurance-Cache-Level
X-TNCMS
X-Request-Host
X-Restarts
X-Air-Pt
Server-Info
X-Location
X-A-Ccd
X-A-Dcw
X-A-Dgt
Thinkindot-CacheControl-Type
X-A
Thinkindot-Control
A
WWW-Authenticate
Origin
Ngx.Var.Host
Edge-Cache
NM-Fastcgi-Cache
DSUID
Odigeo-Trace-Id
X-A-Wwc
Gannett-Cam-Experience-Id
Memcached
MD5-Digest
Lang
Host-ID
Meta-Geo-Continent
Redirect-Candidate
Release
T-Server
Candidate-Md5Url
TDXMobile
Thinkindot-CacheControl
Cache-Host
Surrogated-Key
Sslversion
Rendered-Blocks
DCR-Processing-Time-Ms
DCR-Decision-By
Server-Host
BehaviorPad-Version
X-Loc
X-Rocket-Build-Number
X-Processor
X-Rojux
X-S
X-S-Maxage
X-S-Cookie
X-Platform-Router
X-Platform-Processor
X-Nyt-Route
X-Mobile-URL
X-Origin
X-Origin-Time
X-Platform-Cluster
X-ScT
X-Sigma
X-TIM-N
X-Thinkindot-L3
X-Vdms-Path
X-Vdms-Version
Xc-Version
X-We-Are-Hiring
X-Thanos
X-Test
X-Sn-Servicetimems
X-Sigma-Backend
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Mid
X-Men
X-Cache-NE
X-Cache-Info
X-Cdn-Origin
X-CMSURLCustom
X-Core-Mission
X-Conf
X-Cache-Date
X-Bip
X-Application
X-Akamai-Device-Characteristics
X-B-Cookie
X-Bc-Bl
X-BCube-Filmed-By
X-CUA
X-D
X-Hash
X-Generated-On
X-Httpd
X-INCAP-ABP
X-Level-Front-Cache
X-Gdpr
X-External-Request-Id
X-Developer
X-Destination
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Aed
X-A-Dam
X-CSRF-Token
X-Newrelic-Synthetics
X-WP-CF-Super-Cache-Active
X-Dispatcher-Number
X-Date
X-CacheTTL
X-Dispatcher-Server
X-Cache-Id
X-Ec-Custom-Error
X-Gamma-Serve
X-Geo-Header
X-GeoIP
X-Fetched-On
X-Fastly-Cache
X-Esi-Check
X-Fastly-Backend
X-Cache-Bucket
X-Auto-Login
Req-Svc-Chain
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Mail-Subject
Platform
Section-Io-Id
X-Provided-By
X-Ad-Defer-Variation
X-GeoIP-City
X-Accel-Expires-Debug
We-Hiring
Vix-Hermes-Req-Id
X-BBC-Edge-Cache-Status
X-Has-Esi
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Server-IP
X-SD-PageType
X-Request-Start
X-Scale
X-Var-Ttl
X-Variation
X-VServer
X-Worker
X-Vmg-Version
X-Varnishpool
X-Varnish-Beresp-Status
X-Region-Sid
X-Pool
X-Human
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-Correlation-ID
Magicmarker
X-JWT-State
X-Mvc-Supplant-Cachable
X-Origin-Response-Time
X-Platform
X-Origin-Expires
X-Org
X-Node-Id
X-Gzip
X-NodeID
Fastly-GeoIP-CountryCode
Cache-Key
Adler-Geo
CloudFront-Viewer-Country
C-Via
AKAMAI
CacheControlHeader
Is-Eu
Country-Code
Gh-Request-Id
Fastly-Backend-Name
X-B3-Spanid
X-Parent-Response-Time
Environment
X-Accel-Buffering
X-Nginx-Cache-Key
X-Mly-Id
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Apple-News-Services-Request-Url
Web-Mar-Region
X-Planisys-CDN-Rules
Canary
X-Owner
X-Instance-Name
X-Device-Os
X-FC-Vary-Parameters
X-Fmm-Version
X-Cache-FS-Status
X-Developers
X-Cache-Tags
X-Clara-WADP
X-Core-Value
X-Forwarded-Site
X-Frame-Option
X-App
X-Varnish-Remaining-TTL
X-Cdn-Srv
X-GeoIP-Region-Code
X-Azure-Ref-OriginShield
Datacenter
X-GeoIP-Country-Code
X-Irp-Debug
Apple-News-Services-Parsed-Url
Cmsid
Cmstype
X-DefHash
Click-Count-Error
Click-Count-Action-Start
X-Wix-Viewer-Type
Kp-EeAlive
Tube-Get-Contents
Origin-EX
Tube-Got-Results
Tube-Return
On-Server
Tube-Got-Eval
Origin-CC
X-DefElseHash
X-WA-Info
X-WADP-Cache
X-Varnish-CookieHashed-On
Apple-News-Services-Handled
X-Varnish-CookieINHashed-On
Ssr
Machine
State
X-V-Cache
X-Qloud-Router
X-VG-TLSProxy
X-Response-By
X-Req
X-Release
Apple-News-Services-Host
Xserver
HostName
X-DPWN-IS-SECURE
Expect-Staple
X-Ckpd-Fst-Backend
X-Hnp-Log
X-Old-Content-Length
X-Op-Id-All
X-SB
X-VarnishDD-TTL
X-NCache
Producers
X-Platform-Server
Cache-Provider
X-Gen-Mode
X-HN
PFcat
Wxu-Next-Region
Wxu-Next-Hostname
L
NGX
Server-Hostname
X-Zone
Wxu-Next-Commit
Server-Ext
X-Block-Status
User-Cache-Control
X-Aicache-OS
Fastly-SSL
Sever-Int
X-Varnish-Beresp-Ttl
X-Vcl-Version
X-Via-CDN
Srvid
X-FL-EDGE
CDCHOST
Locid
HA-Ipaddr
X-Eu-Site
X-Mvc-Supplant-OutputCached
X-Csrf-Jwt
X-Cache-Remote
X-CGP
X-Microcachable
X-LB-NoCache
Ha-Gx-Prefs
X-FL-QIT-DEBUG
X-Nananana
X-Minions-Version
L5d-Success-Class
X-Via-SSL
X-Webkit-CSP-Report-Only
X-Dc
X-Via-Edge
Edge-Copy-Time
X-CACHE-AGE
Env
X-Tb-Optimization-Total-Bytes-Saved
X-From
X-NWS-UUID-VERIFY
X-Cache-Backend
Sid
X-Cache-Enabled
GeoIP-Latitude
X-VC
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Refresh
Cluster
Pics-Label
X-Tid
NtCoent-Length
X-Generated-In
X-ND-Cache
X-RCS-CacheZone
X-Cached-By
Fastly-Drupal-Html
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Up
X-Lambda-Id
Cache
X-Cs
X-DC
X-Trace-ID
X-Edge-Pop
X-VCT
X-HS-Status
X-Srv
X-Vtex-Remote-Cache
VNS-Age
VNS-Cache
X-Render-Time
CPC-Age
X-Servedbyhost
CPC-Cache
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-DataCenter
Memory
Time
X-NewRelic-App-Data
X-Webkit-CSP
X-Vgn-Hpd-Ssi
X-Upstream-Ct
X-Upstream-Ht
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Hcs-Proxy-Type
Svr
X-CCDN-CacheTTL
SID
X-CCDN-Origin-Time
X-HA-Backend
GeoIp-Country-Code
X-Esi
X-LB-ID
X-Cache-Type
X-Nc
X-Wa
X-Presslabs-Stats
X-TH-Server
X-B3-SpanId
Cdn
AMP-Access-Control-Allow-Source-Origin
X-Vc
XServer
X-ATG-Version
X-Via-JSL
X-Client-Ip
X-CLOUD-TRACE-CONTEXT
X-Contensis-Viewer-Groups
Server-ID
X-Varnish-Authentication
X-AIR-PT
True-Client-IP
X-Cache-ASPX
Uri
X-Varnish-Beresp-TTL
X-ZONE
Srv
X-Amz-Meta-Cb-Modifiedtime
Hostname
X-Proxy-CacheRZ
X-Check-Cacheable
XkeyRZ
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-RateLimit-Limit-Second
X-MP-GENERATED-AT
Cdnsip
X-RateLimit-Remaining-Second
X-PAYTM-SRV-ID
Cdncip
Esi-Enabled
X-Fpc
X-AK-Request-ID
M-TraceId
X-Via-NSCOPI
X-FPC
X-Nf-Request-Id
X-CSRF-TOKEN
Lb
X-CS
X-EC-Lua
X-NGINX-Cache
N-Cache
X-CDN-Cache-Status
Resin-Trace
OT-Force-Account-Verify
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-API-Version
X-Udemy-Cache-App-Namespace
YJS-ID
X-Shop-Environment
X-Bl-Debug
RNT-Time
X-MSEdge-Features
X-APP-VERSION
True-Client-Ip
X-Orig-Expires
X-Tenant
X-Forwarded-Path
X-MSEdge-Flight
RNT-Machine
Eomportal-Instance
X-Datadome
CDN
X-Fastly-Country-Code
Server-Id
Request-ID
X-TX-ID
Sm-Log-Id
X-Service-Response-Time
X-Policy
Path
X-B3-Trace-ID
Ngx-Var-Key
X-Micro-Cache
X-App-Name
IsBot
X-Ha-Backend
X-SIPLIST1
X-CACHE-KEY
GeoIP-Country-Code
X-Cache-Ttl
X-WA
Hit
X-Lb-Id
X-Request-URI
X-Accel-Version
X-Vcache
X-Cache-NGX
X-Logging-Id
X-Info
X-NC
X-VCL-Version
X-MCACHE
X-Container-Uri
X-Git-Commit
LB
Cross-Origin-Opener-Policy-Report-Only
X-Edge-POP
X-RateLimit-Reset
X-Datacenter
X-Cdn-Diag
Pramga
X-Cdn-Cache-Status
Ohc-File-Size
X-ServedByHost
X-Pod-Name
HIT
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-SERVER-NAME
Location
X-Akamai-Pragma-Client-IP
X-Geo
X-Xrds-Location
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Timeexpire
X-Snapshot-Date
X-VG-WebCache
FSS-Cache
X-Tncms
X-Cdn-Forward
X-Iauth-Set-Uid
X-Acquia-Purge-Cdn-Unconfigured
X-UP
Servername
Yjs-Id
True-Client-Country-4JS
X-Cdn-Request-ID
V-Age
Epwk-X-Cache
Proxy-Connection
X-Oss-Storage-Class
XM
X-Cache-Expires
Req-ID
X-Oss-Server-Time
X-Oss-Request-Id
ENV
Geoip-Latitude
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Ctl-Mach
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-TT-LOGID
WZWS-RAY
X-Fastly-Backend-Reqs
X-Amz-Meta-Opti
X-LiteSpeed-Cache-Control
X-Lb-Nocache
X-Dw-Trace-Id
X-Clientip
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Hyper-Cache
X-Serial
X-M-Reqid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-MiniProfiler-Ids
Warning
X-M-Log
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Scheme
X-Qnm-Cache
X-Acquia-Purge-Tags
X-RAMCache
X-Acquia-Site
X-Swift-Error
X-Akamai-ERPolicy
Ec-Rule-Version
X-B3-Parentspanid
Content-Script-Type
X-Moov-T
X-Moov-Xdn-Version
X-Akamai-ERRuleID
Content-Style-Type
Cneonction
X-Lsadc-Cache
X-F-Status
CountryCode
PICS-Label
Ngx
X-LiteSpeed-Tag
X-TraceId
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cached-Since
MIME-Version
My-App
X-Th-Server
X-IPS-Cached-Response
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
X-Fastly-Cache-Hits
X-Mg-Cache
Traceparent
X-Webstats-RespID
X-B3-ParentSpanId
X-Cache-Ngx
Ohc-Cache-HIT