Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-Id
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-UA-Device
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
P3p
X-Proxy-Cache
Keep-Alive
X-Dns-Prefetch-Control
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Ua-Compatible
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Apo-Via
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Server-Id
X-Host
EagleEye-TraceId
X-Ruxit-JS-Agent
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Cache-Spec
X-Cache-Lookup
X-Content-Security-Policy-Report-Only
X-HW
Accept-Ch-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Application-Context
X-Trace
X-Response-Time
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
Content-Location
X-Mcache
X-Content-Type
X-MS-InvokeApp
Accept-CH-Lifetime
X-Clacks-Overhead
X-Url
X-CST
X-PC
X-Vname
X-TtlSet
Rating
X-Amz-Server-Side-Encryption
X-Midtier
X-Litespeed-Cache
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
Origin-Trial
X-Exp-Id
Verso
X-Rack-Cache
X-VARITI-CCR
X-Server-Name
X-Ac
X-Powered-By-Plesk
Service-Worker-Allowed
X-GitHub-Request-Id
X-Cnection
X-ECACHE
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Client-IP
X-Navigation-Version
Xkey
X-Ttl
X-Abt-Application-Version
Edge-Control
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-Upstream
X-B3-TraceId
Arr-Disable-Session-Affinity
X-NWS-LOG-UUID
X-Cached
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Instrumentation
X-Browser-Type
X-Mg-S
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-Varnish-TTL
X-Px
X-Cache-Key
Display
X-Sol
X-Middleton-Display
Pagespeed
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
Edge-Cache-Tag
X-Forwarded-For
X-Country-Code
X-NF-Request-ID
X-Goog-Hash
Content-MD5
TCN
X-Powered-CMS
X-Id
Front-End-Https
X-Correlation-Id
AR-PoweredBy
AR-SID
AR-CACHE
AR-Request-ID
AR-ATIME
X-Ratelimit-Limit
Public-Key-Pins
X-Ser
X-Version
Accept-Ch
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-MSEdge-Ref
X-Content-Digest
X-Recruiting
X-T
X-Amzn-Trace-Id
Response
X-Middleton-Response
X-Accel-Expires
X-RateLimit-Remaining
TP-L2-Cache
TP-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
X-Daa-Tunnel
S
Nginx-Cache
Cache-Status
X-Webkit-Csp
X-XRDS-Location
Server-Node
X-Request-Processing-Time
X-Request-Received
Mrf-Cache-Status
X-B3-TraceId-Primal
X-HS-Cache-Config
X-HS-Combine-CSS
MRF-Tech
X-HS-Hub-Id
X-HS-Content-Id
Cache-Tags
X-Ratelimit-Remaining
X-Distributor
X-Hits
Cross-Origin-Opener-Policy
X-PressLabs-Stats
X-LB-Cache
X-Origin-Server
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ua-Browser
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Ratelimit-Reset
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Alternate-Protocol
X-Fastly-Request-ID
X-Fastcgi-Cache
X-Grace
Filterid
Server-Name
X-Hostname
X-Frontend
X-Request-Handler-Origin-Region
X-DIS-Request-ID
X-Geo-Country
X-Microsite
X-LLID
X-Rid
Healthy
X-FB-Debug
X-Varnish-Backend
Cleartype
X-Logged-In
X-Protected-By
X-Git-Hash
X-Debug-Info
Payment
X-Page-Id
X-Load-Cache
X-Forwarded-Proto
X-Www-Served-By
X-Cluster-Name
X-NGENIX-Cache
DC
Realpath
X-ASPNET-VERSION
X-ECache
MS-Author-Via
X-DataDome
X-TTL
Content-Disposition
Access-Control-Allow-Method
X-Origin-Cache
Charset
X-B3-Sampled
X-GUploader-UploadID
X-Goog-Metageneration
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Proxy
X-AppVersion
X-Az
X-Activity-Id
X-F-Cache
X-Seen-By
X-Cache-Age
X-Amz-Meta-S3cmd-Attrs
X-B3-Traceid
X-Amz-Replication-Status
Cross-Origin-Resource-Policy
X-Type
Count-Hit
X-Fb-Rlafr
Paypal-Debug-Id
X-Whom
X-Revision
X-B
X-Azure-Ref
Surrogate-Key
X-Akamai-Edgescape
X-Contextid
Viewport
Retry-After
X-App-Environment
X-Varnish-Server
X-Aspnetmvc-Version
X-Wix-Request-Id
X-Route-Name
X-Hosted-By
X-Aspnet-Duration-Ms
X-Flags
Accept-Charset
X-Is-Crawler
X-Request-Guid
X-Providence-Cookie
X-TT
X-Signature
X-B-Cache
X-Times
X-Language
X-DynaTrace
Amp-Access-Control-Allow-Source-Origin
X-VCache
X-Source
X-App-Server
X-Cache-Control
X-Mobile
X-Envoy-Decorator-Operation
X-Magnolia-Registration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Varnish-Grace
Host
Referer-Policy
X-Server-ID
Version
WPO-Cache-Message
WPO-Cache-Status
X-N
X-Cache-Rule
X-Fastly-Request-Id
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-HTML-Minification-Powered-By
X-Varnish-Ttl
Refresh
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Time
X-Tumblr-Pixel-1
X-Tumblr-User
Access-Control-Request-Headers
X-Varnish-Age
X-Response-Served-From
X-Original-Request-Id
X-Cache-Status-Check
X-Rule
X-EdgeConnect-Cache-Status
X-Jobs
X-Cache-Grace
X-Cacheable-TTL
MS-CV
VIX-Pulpo-Upstream-Status
X-User-Agent
Protected
X-UUID
SD-X-WS
VIX-Pulpo-Node
X-RTag
Ms-Operation-Id
X-G
X-Framework
X-L-Path
X-Content-Powered-By
X-Backend-Name
X-Amzn-RequestId
X-RemovedCookies
X-FW-Hash
X-ProcessESI
X-FW-Version
X-FW-Server
X-FW-Serve
X-Tt-Trace-Tag
X-FW-Type
Section-Io-Cache
X-Amz-Apigw-Id
X-Status
X-FW-Static
X-Environment-Context
GEO-INFO
Akamai-GRN
X-Tt-Trace-Host
From-Origin
X-FW-Dynamic
X-XRDS-LOCATION
X-Instance
X-Device-Type
X-Nginx-Cache
X-Http-Reason
X-Cache-Expired-At
X-Akamai-Request-ID2
X-NYM-Debug-Backend
X-Rendered-As
X-Is-Bot
X-Region
X-Drupal-Cache-Tags
X-Page-View
X-Drupal-Cache-Contexts
X-Servername
Url
NGB
X-Adobe-Content
X-Adobe-Loc
Front
X-Ruxit-Js-Agent
CDN-RequestId
X-Trace-Id
X-CDN-Forward
X-Unique-Id
SRV
X-Template
Accept-Language
X-Debug-IsPreview
X-Debug-IsConnected
X-Content-Options
Backend
X-RateLimit-Limit
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Hit
X-Newrelic-App-Data
Liferay-Portal
Fastly-SIE
Fastly-SWR
Pinterest-Generated-By
Pinterest-Version
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Zen-Fury
X-Pinterest-Rid
Country
X-DynaTrace-JS-Agent
X-Time
X-Mode
Content-Secure-Policy
X-COUNTRY
X-Cache-Operation
X-Tb
X-Uri
Node
X-Rocket-Nginx-Serving-Static
X-RN-RSRV
X-UPSTREAM-Address
Onion-Location
X-Amzn-Remapped-Content-Length
X-Tumblr-Pixel-2
X-IPS-LoggedIn
Uber-Trace-Id
Filters
X-Cache-Server
S-Rt
Webserver
X-Generation-Time
Meta-Geo
X-Rewrite-Enabled
X-Real-IP
X-Proxy-Cache-Info
X-Content-Age
X-Access
X-PHP-Backend
Selected-Fe
X-Format
X-Edge-Location
Azure-InstanceId
X-Proxy-Build
Azure-SlotName
Azure-Version
Cache-Hits
X-Locale
Azure-RegionName
Azure-SiteName
X-Section
X-Timing-Wait
X-Labrador-Cache-Channel
X-Forwarded-Host
TWC-Device-Class
X-Cache-Action
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
X-Ms-Request-Id
X-Cluster-Node
TWC-GeoIP-Country
TWC-GeoIP-LatLong
CF-IPCountry
ServedBy
X-Sucuri-ID
Property-Id
X-PHP-Host
X-Web-Node
X-Origin-Hint
X-Server-W
X-Tumblr-Pixel-3
X-Varnish-Beresp-Grace
X-Sucuri-Cache
X-Skip-Cache
X-Soup
X-Proto
TWC-Connection-Speed
X-Ms-Version
X-ProxyCache-Key
X-Cache-Host
X-Via-Fastly
X-Reqid
Cache-Name
X-VC-Cache
X-SayCDN-TTL
X-Site-Version
X-UA-Device-Type
X-Tt-Logid
X-Zipkin-Id
X-Proxied
X-BYPASS-REASON
DB-Nickname
X-Say-Cacheable
X-Say-TTL
X-URL
X-Routing-Service
Cross-Origin-Window-Policy
X-Origin-Date
X-Debug
X-Cms-Context
X-R9-Blue-Green-Version
X-Extlb
ServerID
X-Handled-By
X-Ua
X-ProxyCache-Status
X-LJ-Flow-ID
X-Urbn-Context-Path
X-Urbn-Site-Id
X-SaId
X-VWS-Id
X-Sql-Count
X-Proxy-Cache-Status
X-Sql-Duration-Ms
X-LAGOON
X-JoinUs
X-Cache-TTL-Remaining
X-AWS-Id
X-Cluster
X-FB-TRIP-ID
X-IPLB-Request-ID
X-IPLB-Instance
X-Adobe-Source
Web-Mar-Node
X-ARC
Apigw-Requestid
Mn-Server-Ip
Countrycode
X-Node-Name
Locale
Cache-Tv-Group
WP-Super-Cache
X-Optimistic-Header
X-No-Session
X-Xfnlog-Site
X-Detected-As
X-App-Version
X-GeoCode
X-GeoCountry
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-LSADC-Cache
X-WP-CF-Super-Cache-Cache-Control
Fastcgi-Useragent
X-WP-CF-Super-Cache
X-Webkit-CSP
X-Director
Mime-Version
X-TIME
X-Oneagent-Js-Injection
X-Varnish-Hits
Upgrade-Insecure-Requests
X-Buckets
CDN-Uid
Source
CDN-RequestCountryCode
CDN-CachedAt
CDN-PullZone
X-Hl-Ver
CDN-Cache
CDN-EdgeStorageId
Fastly-Drupal-HTML
Frame-Options
X-Mg-Request-UUID
X-Generated-By
X-GEO
X-Request-Time
X-FireWall-Port
X-Webkit-CSP-Report-Only
X-TA-CDN-Provider
X-Varnish-Cache-Hits
X-Api-Version
CF-Cached-On
X-Loop
X-Cache-Debug
X-Origin-TTL
X-Correlation-ID
X-Redis-Cache
X-Origin-CC
Xet-Cookie
X-RM-Cache-TTL
X-ServerID
X-Varnish-Hostname
X-Datadog-Sampled
Load-Balancing
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Tx-Id
X-Akamai-Transformed
X-SRV
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Pass-Why
X-Storefront-Renderer-Rendered
X-Pubstack
X-TNCMS
X-Served-From
X-Service
X-Newrelic-Synthetics
X-Endurance-Cache-Level
X-CSRF-Token
X-Location
Server-Info
Xserver
X-Storage
T-Server
TDXMobile
X-A-Dcw
X-A
Thinkindot-Control
X-A-Dam
X-A-Ccd
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
MD5-Digest
DSUID
DCR-Processing-Time-Ms
Edge-Cache
Gannett-Cam-Experience-Id
Host-ID
DCR-Decision-By
Candidate-Md5Url
X-WP-CF-Super-Cache-Active
X-Restarts
A
BehaviorPad-Version
Cache-Host
Lang
X-A-Dgt
Release
Redirect-Candidate
Rendered-Blocks
Server-Host
Sslversion
Origin
Odigeo-Trace-Id
Memcached
Meta-Geo-Continent
Ngx.Var.Host
NM-Fastcgi-Cache
Surrogated-Key
X-Gdpr
X-Rocket-Build-Number
X-Processor
X-Rojux
X-S
X-S-Maxage
X-S-Cookie
X-Platform-Router
X-Platform-Processor
X-Nyt-Route
X-Mobile-URL
X-Origin
X-Origin-Time
X-Platform-Cluster
X-ScT
X-Sigma
X-TIM-N
X-Thinkindot-L3
X-Vdms-Path
X-Vdms-Version
Xc-Version
X-We-Are-Hiring
X-Thanos
X-Test
X-Sn-Servicetimems
X-Sigma-Backend
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Mid
X-Men
X-Cache-NE
X-Cache-Info
X-Cdn-Origin
X-CMSURLCustom
X-Core-Mission
X-Conf
X-Bip
X-BCube-Filmed-By
X-Akamai-Device-Characteristics
X-Aed
X-Application
X-B-Cookie
X-Bc-Bl
X-CUA
X-D
X-Httpd
X-Hash
X-INCAP-ABP
X-Level-Front-Cache
X-Loc
X-Generated-On
X-External-Request-Id
X-Developer
X-Destination
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-A-Wwc
X-Cache-Date
X-Request-Host
X-CacheTTL
X-Cdn-Srv
X-Cache-Id
X-Date
X-BBC-Edge-Cache-Status
X-Auto-Login
X-Dispatcher-Server
X-Fastly-Cache
X-Fetched-On
X-Esi-Check
X-Ec-Custom-Error
X-Ad-Defer-Variation
X-Developers
X-Accel-Expires-Debug
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Req-Svc-Chain
Platform
Mail-Subject
Section-Io-Origin-Status
Section-Io-Id
X-Varnish-Beresp-Ttl
WWW-Authenticate
We-Hiring
Vix-Hermes-Req-Id
X-Gamma-Serve
X-Geo-Header
X-SD-PageType
X-Server-IP
X-Scale
X-Request-Start
X-Region-Sid
X-Var-Ttl
X-Variation
X-VServer
X-Worker
X-Vmg-Version
X-Varnishpool
X-Varnish-Beresp-Status
X-Pool
X-Platform
X-Has-Esi
X-HS-Content-Campaign-Id
X-Gzip
X-GeoIP-City
X-GeoIP
X-Instance-Name
X-Is-Gdpr
X-Org
X-NodeID
X-Mvc-Supplant-Cachable
X-JWT-State
Magicmarker
X-Node-Id
CloudFront-Viewer-Country
AKAMAI
Country-Code
Fastly-Backend-Name
Adler-Geo
CacheControlHeader
Apple-News-Services-Request-Url
Fastly-GeoIP-CountryCode
Cache-Key
Apple-News-Services-Handled
C-Via
Apple-News-Services-Parsed-Url
Is-Eu
Apple-News-Services-Host
Gh-Request-Id
Environment
X-Provided-By
X-Parent-Response-Time
X-Air-Pt
X-Mly-Id
Cache-Provider
X-Human
X-HN
X-Frame-Option
X-Core-Value
HostName
X-Clara-WADP
X-Cache-Tags
X-Cache-Bucket
X-Cache-FS-Status
Datacenter
X-Device-Os
Canary
X-GeoIP-Country-Code
X-Fmm-Version
X-Fastly-Backend
X-Dispatcher-Number
X-GeoIP-Region-Code
X-Origin-Expires
Tube-Got-Results
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
Cmsid
Cmstype
X-DefElseHash
X-DefHash
X-Varnish-Remaining-TTL
X-Response-By
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Req
Click-Count-Error
Click-Count-Action-Start
X-Owner
X-Release
X-Origin-Response-Time
X-App
X-Nginx-Cache-Key
X-Op-Id-All
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-WA-Info
X-WADP-Cache
X-VG-TLSProxy
X-VarnishDD-TTL
X-V-Cache
X-NCache
X-Qloud-Router
L
Origin-CC
On-Server
Machine
Wxu-Next-Region
Kp-EeAlive
Wxu-Next-Commit
Wxu-Next-Hostname
State
PFcat
Origin-EX
Ssr
X-B3-Spanid
L5d-Success-Class
X-Irp-Debug
X-FL-QIT-DEBUG
X-Csrf-Jwt
X-LB-NoCache
X-DPWN-IS-SECURE
CDCHOST
X-FC-Vary-Parameters
Locid
Web-Mar-Region
Fastly-SSL
X-Eu-Site
Expect-Staple
X-CGP
Srvid
X-FL-EDGE
Sever-Int
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Ha-Gx-Prefs
Producers
HA-Ipaddr
X-Platform-Server
X-Aicache-OS
X-Azure-Ref-OriginShield
X-SB
X-Wix-Viewer-Type
X-Forwarded-Site
NGX
X-Accel-Buffering
Server-Hostname
Server-Ext
X-Ckpd-Fst-Backend
X-Via-CDN
X-CACHE-AGE
X-Zone
X-Nananana
X-Old-Content-Length
X-Tb-Optimization-Total-Bytes-Saved
X-Mvc-Supplant-OutputCached
X-Minions-Version
X-Microcachable
X-NWS-UUID-VERIFY
X-Gen-Mode
X-Vcl-Version
User-Cache-Control
X-Hnp-Log
X-Cache-Remote
X-Block-Status
X-Cache-Backend
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
X-VC
GeoIP-Latitude
X-Dc
X-Refresh
Pics-Label
Decoy-Debug-Status
Decoy-Debug-TTL
X-From
Cluster
Decoy-Debug-Key
X-Tid
X-Cache-Enabled
X-RCS-CacheZone
X-ND-Cache
Env
X-Up
X-DC
NtCoent-Length
X-Trace-ID
X-Generated-In
X-Lambda-Id
Sid
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Srv
X-Via-Poph
Time
X-Via-Popn
X-Cached-By
X-Edge-Pop
X-Servedbyhost
X-Via-Popv
X-Cs
Memory
X-VCT
Cache
VNS-Age
X-DataCenter
CPC-Cache
X-Render-Time
Svr
VNS-Cache
CPC-Age
X-Vtex-Remote-Cache
X-HS-Status
SID
X-Nf-Request-Id
X-HA-Backend
X-Wa
X-Esi
X-AIR-PT
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Nc
X-Vgn-Hpd-Ssi
Fastly-Drupal-Html
X-Presslabs-Stats
X-LB-ID
AMP-Access-Control-Allow-Source-Origin
X-Upstream-Ht
X-Upstream-Ct
X-B3-SpanId
X-Cache-Type
Server-ID
X-CCDN-CacheTTL
X-CLOUD-TRACE-CONTEXT
X-NewRelic-App-Data
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-TH-Server
X-Client-Ip
Cdn
X-ZONE
GeoIp-Country-Code
X-ATG-Version
X-Vc
Uri
X-Fpc
X-Via-JSL
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
Srv
XkeyRZ
X-Check-Cacheable
X-Proxy-CacheRZ
X-Amz-Meta-Cb-Modifiedtime
X-AK-Request-ID
True-Client-IP
X-Gateway-Skip-Cache
Cdnsip
Cdncip
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Gateway-Cache-Key
XServer
Hostname
X-Via-NSCOPI
Esi-Enabled
M-TraceId
X-CF-Lambda-Fn
X-Varnish-Beresp-TTL
X-CF-Lambda-Version
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-PAYTM-SRV-ID
X-EC-Lua
X-NGINX-Cache
X-CS
X-MP-GENERATED-AT
X-MSEdge-Features
X-API-Version
True-Client-Ip
X-MSEdge-Flight
X-Datadome
X-CSRF-TOKEN
X-Udemy-Cache-App-Namespace
X-Wikidot-Backend
X-CDN-Cache-Status
N-Cache
Resin-Trace
X-Wikidot-Static-Cache
Eomportal-Instance
OT-Force-Account-Verify
X-FPC
YJS-ID
RNT-Time
X-Bl-Debug
X-Forwarded-Path
X-Shop-Environment
X-Tenant
X-Fastly-Country-Code
CDN
RNT-Machine
X-Orig-Expires
Request-ID
X-APP-VERSION
Lb
Path
GeoIP-Country-Code
X-TX-ID
X-Micro-Cache
Ngx-Var-Key
X-B3-Trace-ID
X-Cache-Ttl
Server-Id
X-SIPLIST1
X-Policy
X-Service-Response-Time
IsBot
Sm-Log-Id
X-Ha-Backend
X-WA
X-App-Name
X-Cache-NGX
X-Accel-Version
X-Request-URI
LB
X-Info
X-Datacenter
X-Vcache
X-Lb-Id
X-MCACHE
X-VCL-Version
X-Edge-POP
HIT
X-Logging-Id
Cross-Origin-Opener-Policy-Report-Only
Hit
X-RateLimit-Reset
X-NC
X-Geo
Pramga
X-SERVER-NAME
Ohc-File-Size
X-Cdn-Cache-Status
X-Pod-Name
X-Cdn-Diag
Location
X-Container-Uri
X-Xrds-Location
X-Git-Commit
X-Akamai-Pragma-Client-IP
X-Snapshot-Date
X-Srcache-Fetch-Status
X-Via-PopH
Timeexpire
X-Via-PopV
X-Via-PopN
X-CACHE-KEY
X-Srcache-Store-Status
FSS-Cache
X-ServedByHost
ENV
XM
Epwk-X-Cache
X-VG-WebCache
X-Ctl-Mach
X-Tncms
Req-ID
X-Iauth-Set-Uid
X-Oss-Object-Type
Yjs-Id
X-Oss-Hash-Crc64ecma
Servername
X-Cdn-Request-ID
X-Cache-Expires
X-Oss-Request-Id
Proxy-Connection
X-Oss-Storage-Class
X-Oss-Server-Time
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Cdn-Forward
X-UP
X-LiteSpeed-Cache-Control
True-Client-Country-4JS
V-Age
X-Acquia-Purge-Cdn-Unconfigured
X-Dw-Trace-Id
X-Fastly-Backend-Reqs
Geoip-Latitude
X-Amz-Meta-Opti
WZWS-RAY
X-Serial
X-Hyper-Cache
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-MiniProfiler-Ids
Warning
X-M-Log
X-M-Reqid
CDN-RequestPullCode
X-Clientip
X-WP-CF-Super-Cache-Cookies-Bypass
CDN-RequestPullSuccess
X-RAMCache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Qnm-Cache
X-Moov-Xdn-Version
Cdn-Requestid
X-Lb-Nocache
X-B3-Parentspanid
Cneonction
Ec-Rule-Version
Content-Script-Type
X-Moov-T
Content-Style-Type
X-Swift-Error
X-Scheme
CountryCode
X-TT-LOGID
X-F-Status
X-Lsadc-Cache
Ohc-Cache-HIT
PICS-Label
MIME-Version
X-LiteSpeed-Tag
X-IPS-Cached-Response
X-B3-ParentSpanId
Inserted-Into-Cache-At
X-Cache-Ngx
X-Fastly-Cache-Hits
X-TraceId
My-App
X-Webstats-RespID
X-Th-Server
X-Litespeed-Cache-Control
Ngx
Traceparent
X-Mg-Cache