Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
X-XSS-Protection
CF-RAY
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
CF-Ray
X-Permitted-Cross-Domain-Policies
X-Request-Id
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Ua-Compatible
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Accept-CH
X-Device
X-Page-Speed
Cf-Apo-Via
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Dns-Prefetch-Control
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Cache-Lookup
X-Readtime
X-Ruxit-JS-Agent
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
X-CST
Accept-CH-Lifetime
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Mod-Pagespeed
Accept-Ch-Lifetime
X-Edge
X-WebKit-CSP-Report-Only
Content-Location
X-Country
X-Content-Type
X-Mcache
X-Clacks-Overhead
X-MS-InvokeApp
Rating
X-Url
X-ECACHE
X-Midtier
X-Amz-Server-Side-Encryption
X-PC
X-TtlSet
X-Vname
X-VARITI-CCR
RTSS
Cache-Tag
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
Origin-Trial
Verso
X-Ac
X-Server-Name
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Rack-Cache
X-B3-TraceId
X-Cnection
X-Varnish-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-Cache-TTL
X-GitHub-Request-Id
X-ESI
Xkey
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-NWS-LOG-UUID
Edge-Control
X-Ttl
X-Cached
X-Px
X-Litespeed-Cache
X-Mg-S
Arr-Disable-Session-Affinity
X-Instrumentation
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
SPRequestDuration
SPIisLatency
X-Upstream
X-Fastcgi-Cache
X-Cache-Key
X-Correlation-Id
X-Sol
Pagespeed
Display
X-Middleton-Display
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-Goog-Hash
X-RateLimit-Remaining
Front-End-Https
X-XRDS-Location
X-Daa-Tunnel
X-Country-Code
X-Forwarded-For
Public-Key-Pins
X-Version
AR-ATIME
X-Powered-CMS
AR-SID
AR-Request-ID
AR-CACHE
AR-PoweredBy
X-Id
TCN
X-MSEdge-Ref
X-HP-Webp
X-HP-Trace-Id
X-T
X-Recruiting
X-Jurisdiction
X-Content-Digest
X-Accel-Expires
X-Middleton-Response
Response
X-B3-TraceId-Primal
X-Shield-Request-Id
Mrf-Cache-Status
MRF-Tech
X-Ser
TP-L2-Cache
TP-Cache
Nginx-Cache
X-Webkit-Csp
X-Amzn-Trace-Id
S
X-Request-Received
X-Request-Processing-Time
X-Hits
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
Server-Node
X-Distributor
Cache-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Cache-Tags
X-Grace
Fastcgi-Cache
Alternate-Protocol
Server-Name
Accept-Ch
X-DataDome
X-Protected-By
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ruxit-Js-Agent
X-Ezoic-Cdn
X-Ratelimit-Limit
X-DIS-Request-ID
X-Origin-Server
X-LB-Cache
X-Ratelimit-Reset
X-Ua-Browser
X-Geo-Country
X-Microsite
X-Request-Handler-Origin-Region
X-Frontend
X-TTL
X-Rid
X-Debug-Info
X-Varnish-Backend
Cross-Origin-Opener-Policy
X-Git-Hash
X-Www-Served-By
Healthy
Filterid
Cleartype
X-Logged-In
X-FB-Debug
X-NGENIX-Cache
X-Forwarded-Proto
Payment
X-Page-Id
X-Load-Cache
X-ASPNET-VERSION
Charset
X-B3-Sampled
X-FastCGI-Cache
Content-Disposition
X-LLID
X-PressLabs-Stats
X-VCache
X-Ratelimit-Remaining
DC
X-Origin-Cache
X-Cluster-Name
MS-Author-Via
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Hostname
X-GUploader-UploadID
X-Goog-Metageneration
Retry-After
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Proxy
Accept-Charset
X-F-Cache
X-AppVersion
X-RateLimit-Limit
X-Activity-Id
X-Az
X-Amz-Replication-Status
Cross-Origin-Resource-Policy
Paypal-Debug-Id
X-Type
X-Revision
X-Signature
X-B-Cache
X-Contextid
X-Request-Guid
X-Providence-Cookie
Viewport
X-Route-Name
X-Amz-Meta-S3cmd-Attrs
X-Is-Crawler
X-Hosted-By
X-Aspnet-Duration-Ms
X-Azure-Ref
X-Varnish-Server
X-Flags
X-Seen-By
X-Oracle-Dms-Ecid
X-App-Environment
X-B
X-TT
X-Oracle-Dms-Rid
X-Whom
X-Wix-Request-Id
X-ORACLE-DMS-RID
X-Aspnetmvc-Version
X-ORACLE-DMS-ECID
X-Fb-Rlafr
X-DynaTrace
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
Realpath
Count-Hit
X-Source
Referer-Policy
X-Akamai-Edgescape
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-App-Server
X-Mobile
X-B3-Traceid
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Cache-Control
Host
X-Oneagent-Js-Injection
X-EdgeConnect-Cache-Status
X-N
X-HTML-Minification-Powered-By
X-Varnish-Grace
X-Magnolia-Registration
X-Response-Served-From
Version
X-Cache-Rule
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Original-Request-Id
X-Cache-Time
Refresh
X-Varnish-Age
X-UUID
VIX-Pulpo-Upstream-Status
X-RTag
SD-X-WS
X-Rule
MS-CV
X-Cache-Expired-At
VIX-Pulpo-Node
X-Language
Access-Control-Request-Headers
Ms-Operation-Id
X-Cache-Status-Check
X-Envoy-Decorator-Operation
Section-Io-Cache
X-Status
X-FW-Server
X-FW-Hash
X-Template
X-FW-Serve
X-Framework
X-Environment-Context
X-Cache-Grace
X-Adobe-Loc
Protected
X-FW-Dynamic
X-FW-Static
X-FW-Version
X-L-Path
X-Jobs
X-Cacheable-TTL
Akamai-GRN
X-Page-View
X-FW-Type
X-Content-Powered-By
X-ProcessESI
X-Adobe-Content
X-RemovedCookies
NGB
Url
X-Rendered-As
X-Instance
X-G
X-Is-Bot
X-NYM-Debug-Backend
X-Servername
X-Device-Type
GEO-INFO
X-Backend-Name
SRV
X-User-Agent
X-Http-Reason
X-Nginx-Cache
X-Cache-Age
X-Akamai-Request-ID2
X-Debug-IsConnected
X-Debug-IsPreview
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Newrelic-App-Data
X-Trace-Id
X-Drupal-Cache-Tags
X-Yottaa-Metrics
CDN-RequestId
X-Yottaa-Optimizations
From-Origin
WPO-Cache-Message
WPO-Cache-Status
X-Cache-Hit
X-Tb
X-Region
X-URL
Country
Accept-Language
Front
X-Node-Name
X-Tt-Logid
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Fastly-Request-Id
X-Real-IP
X-Amz-Apigw-Id
Backend
X-Amzn-RequestId
X-VC-Cache
X-Content-Options
X-TIME
Uber-Trace-Id
X-Mode
Fastly-Drupal-HTML
X-COUNTRY
Fastly-SIE
Fastly-SWR
X-Unique-Id
X-DynaTrace-JS-Agent
Content-Secure-Policy
X-Cache-Operation
X-Tumblr-Pixel-2
X-RN-RSRV
X-Zen-Fury
Filters
Meta-Geo
X-Generation-Time
X-UPSTREAM-Address
X-Rewrite-Enabled
CF-IPCountry
X-Proxy-Cache-Info
X-Amzn-Remapped-Content-Length
Onion-Location
X-Cache-Server
X-Web-Node
Azure-Version
X-Access
Azure-InstanceId
Webserver
X-IPS-LoggedIn
Azure-RegionName
Azure-SlotName
Azure-SiteName
X-Section
X-Format
X-Rocket-Nginx-Serving-Static
Webcakes-Region
Webcakes-App-Version
X-Sql-Count
X-Cms-Context
X-Sucuri-ID
X-Sucuri-Cache
X-Sql-Duration-Ms
X-Soup
X-Origin-Hint
Apigw-Requestid
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
X-Locale
X-Say-Cacheable
X-PHP-Backend
X-Server-W
X-Via-Fastly
TWC-Device-Class
X-Proxy-Cache-Status
X-Varnish-Beresp-Grace
X-Cache-TTL-Remaining
X-Debug
TWC-Connection-Speed
X-Skip-Cache
X-Adobe-Source
X-SayCDN-TTL
X-Say-TTL
TWC-GeoIP-Country
X-Cache-Action
Property-Id
X-Reqid
X-Ua
X-Cache-Host
X-Forwarded-Host
X-Edge-Location
X-GeoCode
X-GeoCountry
X-Handled-By
X-Content-Age
X-Cluster-Node
Web-Mar-Node
ServerID
X-AWS-Id
X-BYPASS-REASON
X-Cluster
X-IPLB-Instance
X-Labrador-Cache-Channel
X-Site-Version
X-R9-Blue-Green-Version
X-UA-Device-Type
X-VWS-Id
Cache-Hits
X-ProxyCache-Status
X-ProxyCache-Key
X-Ms-Request-Id
X-LJ-Flow-ID
X-Ms-Version
X-PHP-Host
X-Proto
S-Rt
X-IPLB-Request-ID
Node
CDN-Uid
Cross-Origin-Window-Policy
CDN-RequestCountryCode
CDN-EdgeStorageId
Cache-Name
CDN-Cache
CDN-CachedAt
DB-Nickname
CDN-PullZone
X-JoinUs
X-Xfnlog-Site
X-LAGOON
Selected-Fe
Mn-Server-Ip
X-Detected-As
X-Extlb
X-FB-TRIP-ID
X-No-Session
X-LSADC-Cache
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-SaId
X-Timing-Wait
X-Proxy-Build
WP-Super-Cache
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Locale
ServedBy
X-Urbn-Context-Path
X-Urbn-Site-Id
Mime-Version
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Fastcgi-Useragent
X-Times
X-Hl-Ver
X-Request-Time
X-ECache
X-Time
X-XRDS-LOCATION
Liferay-Portal
X-SRV
X-Tumblr-Pixel-3
X-Air-Source
X-Optimistic-Header
X-Air-Trace-Id
X-CACHE-AGE
X-Air-Hostname
X-Buckets
X-Cache-Debug
X-Redis-Cache
Source
X-Loop
X-TNCMS
Upgrade-Insecure-Requests
X-Origin-Date
Xserver
X-NWS-UUID-VERIFY
X-Mg-Request-UUID
X-Generated-By
X-GEO
X-Akamai-Transformed
X-Varnish-Hits
X-Uri
Countrycode
CF-Cached-On
X-Director
X-Cdn
X-Pass-Why
X-Tid
X-Presslabs-Stats
X-Tx-Id
X-ARC
X-Storage
Frame-Options
X-Varnish-Beresp-Ttl
Xet-Cookie
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-FireWall-Port
X-Origin-CC
X-Origin-TTL
X-Varnish-Ttl
X-Service
X-Esi
X-Varnish-Cache-Hits
X-B3-Spanid
X-App-Version
X-Alternate-Cache-Key
Cache-Tv-Group
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-DC
X-ShopId
X-ShardId
X-Varnish-Hostname
X-Storefront-Renderer-Rendered
X-Datadog-Sampling-Priority
X-Endurance-Cache-Level
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Request-Host
Thinkindot-CacheControl
TDXMobile
DCR-Processing-Time-Ms
Thinkindot-CacheControl-Type
Candidate-Md5Url
BehaviorPad-Version
X-A
T-Server
X-A-Ccd
Thinkindot-Control
WWW-Authenticate
DCR-Decision-By
MD5-Digest
Rendered-Blocks
Ngx.Var.Host
Meta-Geo-Continent
Release
Redirect-Candidate
A
Odigeo-Trace-Id
Memcached
Req-Svc-Chain
Gannett-Cam-Experience-Id
Edge-Cache
Host-ID
Lang
Sslversion
Origin
Surrogated-Key
X-Generated-On
X-Platform-Router
X-Processor
X-Rojux
X-S
X-Platform-Processor
X-Platform-Cluster
X-Mid
X-Mobile-URL
X-Nyt-Route
X-Origin-Time
X-S-Cookie
X-S-Maxage
X-Vdms-Version
X-VG-TLSProxy
X-We-Are-Hiring
Xc-Version
X-Vdms-Path
X-TIM-N
X-ScT
X-Served-From
X-SRCache-Key
X-Thinkindot-L3
X-Loc
X-Level-Front-Cache
X-Bc-Bl
X-BCube-Filmed-By
X-Cache-Info
X-Cache-NE
X-BBC-Edge-Cache-Status
X-B-Cookie
X-A-Dcw
X-A-Dgt
X-Aed
X-Application
X-CMSURLCustom
X-Core-Value
X-External-Request-Id
X-Frame-Option
X-Gdpr
X-INCAP-ABP
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-D
X-Destination
X-Developer
X-Ec-Fail
X-A-Dam
X-A-Wwc
Environment
Server-Info
X-RM-Cache-TTL
X-ServerID
SID
X-Is-Gdpr
X-JWT-State
X-Location
X-Human
X-HS-Content-Campaign-Id
X-Geo-Header
X-GeoIP-City
X-Has-Esi
X-NodeID
X-Httpd
X-Origin-Response-Time
X-Restarts
X-Rocket-Build-Number
X-SB
X-Req
X-Pool
Ssr
Magicmarker
X-Platform-Server
X-Old-Content-Length
Svr
X-Core-Mission
Vix-Hermes-Req-Id
X-CUA
X-DefElseHash
X-Clara-WADP
X-Cdn-Srv
X-Auto-Login
X-Bip
X-Cache-Bucket
X-Cdn-Origin
Tube-Return
Tube-Got-Results
X-Fetched-On
X-Fmm-Version
Fastly-GeoIP-CountryCode
X-Gamma-Serve
X-Ec-Custom-Error
X-Developers
Tube-Got-Eval
Tube-Get-Contents
X-DefHash
State
X-Trace-ID
C-Via
X-WA-Info
X-VServer
X-Vmg-Version
X-WADP-Cache
Apple-News-Services-Host
X-Worker
Apple-News-Services-Parsed-Url
Country-Code
X-Sn-Servicetimems
X-Varnish-CookieINHashed-On
Apple-News-Services-Request-Url
X-Varnish-Remaining-TTL
X-SVT-ORM-VERSION
AKAMAI
Click-Count-Action-Start
Click-Count-Error
X-SVT-ORM-RULES
Cluster
CloudFront-Viewer-Country
Apple-News-Services-Handled
X-Varnish-Beresp-Status
X-Test
Cache-Host
X-Sigma-Backend
DSUID
X-Thanos
Fastly-Backend-Name
X-SD-PageType
X-Sigma
Decoy-Debug-Status
Decoy-Debug-TTL
X-WP-CF-Super-Cache-Active
X-Conf
Cache-Key
X-Varnish-CookieHashed-On
Decoy-Debug-Key
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Parent-Response-Time
Section-Io-Id
Section-Io-Origin-Status
X-Pubstack
X-AIR-PT
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-Device-Os
X-Ckpd-Fst-Backend
X-Org
X-Azure-Ref-OriginShield
X-App
X-Block-Status
X-Cache-Backend
X-Varnishpool
X-Wix-Viewer-Type
X-Cache-Id
X-Date
X-Gzip
X-Op-Id-All
X-Origin
X-Slack-Backend
X-Node-Id
X-NCache
X-Nginx-Cache-Key
X-Akamai-Device-Characteristics
X-Owner
X-Region-Sid
X-Request-Start
X-Qloud-Router
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Nananana
X-Minions-Version
X-V-Cache
X-GeoIP
X-Gen-Mode
X-Var-Ttl
X-Fastly-Backend
X-Variation
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-LB-NoCache
X-Men
X-Hnp-Log
X-Hash
X-Scale
X-Esi-Check
X-Dispatcher-Server
Web-Mar-Region
CacheControlHeader
We-Hiring
Cache-Provider
NGX
Gh-Request-Id
Wxu-Next-Hostname
Wxu-Next-Commit
Mail-Subject
Machine
Cmstype
Datacenter
Is-Eu
Cmsid
Kp-EeAlive
CDCHOST
User-Cache-Control
L
NM-Fastcgi-Cache
Adler-Geo
X-Accel-Buffering
Origin-CC
Server-Ext
X-Accel-Expires-Debug
X-Ad-Defer-Variation
Platform
Producers
Pics-Label
Server-Host
Origin-EX
Server-Hostname
On-Server
Wxu-Next-Region
Sever-Int
X-Cache-Tags
X-Cached-By
PFcat
X-FC-Vary-Parameters
X-Server-IP
X-Mvc-Supplant-Cachable
Fastly-SSL
X-Refresh
X-Irp-Debug
X-CacheTTL
X-Up
X-Cache-FS-Status
X-VarnishDD-TTL
X-Platform
X-Slack-Shared-Secret-Outcome
X-Forwarded-Site
Canary
X-HN
X-Webkit-CSP-Report-Only
X-Server-ID
X-Csrf-Jwt
X-CGP
Ha-Gx-Prefs
X-Aicache-OS
X-Cache-Date
L5d-Success-Class
X-Cache-Remote
HA-Ipaddr
X-Eu-Site
Cdn
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-Microcachable
GeoIP-Latitude
X-CSRF-Token
X-Mvc-Supplant-OutputCached
X-Servedbyhost
Env
X-RCS-CacheZone
X-Mly-Id
Cdncip
Cdnsip
X-HA-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-AK-Request-ID
HostName
Server-ID
X-Zone
Load-Balancing
X-Fastly-Cache
Memory
X-Nc
X-Wa
X-API-Version
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-VC
X-Vc
X-DataCenter
X-Gateway-Skip-Cache
Time
X-ZONE
X-Webkit-CSP
X-Fpc
X-LB-ID
X-Instance-Name
X-ND-Cache
X-Origin-Expires
X-Generated-In
X-APP-VERSION
Cache
Eomportal-Instance
Hostname
X-Response-By
X-Via-NSCOPI
X-Release
X-HS-Status
X-Correlation-ID
X-Micro-Cache
X-FL-EDGE
X-Hcs-Proxy-Type
X-From
Expect-Staple
Ngx-Var-Key
Srvid
X-CCDN-CacheTTL
Locid
X-Vgn-Hpd-Variations-Key
X-Client-Ip
X-Check-Cacheable
X-CCDN-Origin-Time
X-Vgn-Hpd-Ssi
X-FL-QIT-DEBUG
X-Vgn-Hpd-Cached
X-CSRF-TOKEN
OT-Force-Account-Verify
X-Api-Version
X-Via-CDN
X-Cache-Enabled
X-Edge-Pop
X-CS
NtCoent-Length
X-Srv
X-Via-Edge
GeoIp-Country-Code
X-Via-SSL
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
Edge-Copy-Time
X-SIPLIST1
IsBot
X-Request-URI
X-NGINX-Cache
X-Provided-By
X-Cache-NGX
X-MCACHE
X-VCL-Version
X-Info
X-Dc
XkeyRZ
X-Via-JSL
X-Proxy-CacheRZ
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Store
True-Client-IP
X-Debug-Cache-Fetch
Uri
X-Nf-Request-Id
X-Lambda-Id
X-Air-Pt
X-Vcl-Version
Srv
Sid
True-Client-Ip
X-EC-Lua
CPC-Age
Resin-Trace
Path
VNS-Cache
CPC-Cache
X-Render-Time
VNS-Age
Location
X-Vtex-Remote-Cache
X-Cs
X-Oss-Hash-Crc64ecma
X-Cache-Expires
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
Fastly-Drupal-Html
X-Oss-Object-Type
X-B3-SpanId
Request-ID
CDN
X-Fastly-Country-Code
X-VCT
GeoIP-Country-Code
Servername
X-TH-Server
X-Edge-POP
Cross-Origin-Opener-Policy-Report-Only
X-CLOUD-TRACE-CONTEXT
X-ATG-Version
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Esi-Enabled
X-Cache-ASPX
X-Moov-T
X-Moov-Xdn-Version
X-Scheme
Traceparent
X-MSEdge-Flight
X-Varnish-Beresp-TTL
X-MSEdge-Features
X-Accel-Version
X-TX-ID
X-Pod-Name
YJS-ID
Timeexpire
X-Cdn-Request-ID
M-TraceId
X-FPC
X-PERF
X-Viewer-Country
X-ApacheServer
LB
X-Upstream-Ct
X-Upstream-Ht
X-Akamai-Pragma-Client-IP
X-Service-Response-Time
Sm-Log-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-PAYTM-SRV-ID
X-Datacenter
X-RateLimit-Reset
CountryCode
X-Datadome
X-Cache-Type
X-Lb-Id
XServer
FSS-Cache
X-SERVER-NAME
X-NAPM-TraceId
Server-Id
X-WA
Powered-By
X-Udemy-Cache-App-Namespace
X-Cdn-Cache-Status
X-Geo
Rip
RNT-Time
X-CACHE-KEY
X-Wikidot-Backend
Proxy-Connection
RNT-Machine
N-Cache
X-Wikidot-Static-Cache
X-Srcache-Fetch-Status
HIT
X-Srcache-Store-Status
X-CDN-Cache-Status
X-NC
Ohc-File-Size
V-Age
X-Ha-Backend
True-Client-Country-4JS
Tracecode
X-Clientip
Epwk-X-Cache
X-TraceId
X-Tenant
X-Forwarded-Path
X-Bl-Debug
X-LiteSpeed-Cache-Control
X-ServedByHost
ENV
X-Hyper-Cache
X-Orig-Expires
X-Shop-Environment
X-Via-PopN
Yjs-Id
WZWS-RAY
X-MP-GENERATED-AT
X-VG-WebCache
XM
Geoip-Latitude
X-B3-Trace-ID
X-Cdn-Forward
X-Via-PopH
X-Via-PopV
X-M-Reqid
X-M-Log
Content-Script-Type
X-Amz-Meta-Opti
Content-Style-Type
X-App-Name
X-Policy
X-Qnm-Cache
X-Dw-Trace-Id
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Lb-Nocache
Ngx
Inserted-Into-Cache-At
Ec-Rule-Version
X-Swift-Error
X-B3-Parentspanid
X-UP
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Reason
X-Serial
X-B3-ParentSpanId
User-Agent
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-TT-LOGID
X-F-Status
Hit
Lb
X-MiniProfiler-Ids
X-Request-URL
Pramga
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-RAMCache
X-Fastly-Cache-Hits
X-Acquia-Site
X-Acquia-Purge-Tags
X-Cache-Ngx
X-LiteSpeed-Tag
Cneonction
X-Stale
X-IPS-Cached-Response
X-Mid-Debug-Cache-Disk
Warning
MIME-Version
X-Th-Server
X-Mid-Debug-Cache-Key
X-Cdn-Diag
My-App
X-Snapshot-Date