Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
X-Cacheable
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Timing-Allow-Origin
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
P3p
Upgrade
X-Ua-Compatible
X-Dns-Prefetch-Control
Access-Control-Max-Age
CF-Ray
X-Via
X-Robots-Tag
Server-Timing
X-Cache-Group
Keep-Alive
X-UA-Device
Request-Context
X-AH-Environment
X-Turbo-Charged-By
X-Amz-Request-Id
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
X-Ws-Request-Id
Host-Header
X-Hacker
X-Server-Powered-By
X-Rq
X-Server
X-LiteSpeed-Cache
X-Vhost
X-Varnish-Cache
X-Amz-Version-Id
Grace
Cf-Edge-Cache
X-Dispatcher
Allow
EagleId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Page-Speed
X-Nginx-Cache-Status
Accept-CH
X-Aws-Lambda-Call-Status
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Node
X-Host
X-OneAgent-JS-Injection
X-Pingback
X-Cache-Spec
X-Backend-Server
X-Akam-SW-Version
X-Server-Id
Surrogate-Control
Request-Id
X-Cache-Lookup
X-Response-Time
EagleEye-TraceId
Accept-CH-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Readtime
Content-Location
X-HW
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
Rating
X-Application-Context
X-Trace
X-Url
Fastly-Restarts
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-CST
X-Ruxit-Js-Agent
X-MS-InvokeApp
X-Edge
X-Amz-Server-Side-Encryption
X-ESI
X-Rack-Cache
X-Country
X-Mod-Pagespeed
X-Vname
X-PC
X-TtlSet
Accept-Ch-Lifetime
X-Content-Type
X-B3-TraceId
Cf-Apo-Via
X-FastCGI-Cache
Edge-Control
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-Akamai-Path-Stats
X-Mcache
X-D2id
Verso
X-GitHub-Request-Id
X-Ttl
Xkey
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
Cache-Tag
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-Navigation-Version
X-Server-Name
RTSS
X-VARITI-CCR
X-Abt-Application-Version
X-Ruxit-JS-Agent
X-Client-IP
X-Ac
X-Version
X-Cnection
X-Upstream
X-Cached
X-Element-Page-Cache
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-ECACHE
Permissions-Policy
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
X-RateLimit-Remaining
X-Px
SPIisLatency
SPRequestDuration
X-Sol
X-Cache-TTL
Display
X-Middleton-Display
Pagespeed
X-NWS-LOG-UUID
Public-Key-Pins
X-Country-Code
Response
X-Middleton-Response
X-Midtier
X-Webkit-Csp
X-Cache-Key
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ser
X-Forwarded-For
X-DataDome
X-Goog-Hash
X-SRCache-Store-Status
Content-MD5
X-SRCache-Fetch-Status
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-NF-Request-ID
X-Correlation-Id
X-Shield-Request-Id
Access-Control-Request-Method
X-MSEdge-Ref
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
Front-End-Https
X-RateLimit-Limit
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-T
X-Recruiting
X-Daa-Tunnel
MicrosoftSharePointTeamServices
Edge-Cache-Tag
TP-Cache
Nginx-Cache
TP-L2-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
Accept-Ch
X-Mg-S
X-Accel-Expires
X-Content-Digest
TCN
X-Grace
X-Powered-CMS
X-Hits
X-Amzn-Trace-Id
X-Request-Processing-Time
X-Request-Received
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Node
Server-Name
Filters
MS-Author-Via
X-Id
Fastcgi-Cache
X-Fastly-Request-Id
X-Geo-Country
Count-Hit
X-XRDS-Location
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-PressLabs-Stats
X-Origin-Server
X-Ezoic-Cdn
X-Frontend
X-Distributor
X-Ua-Browser
Filterid
Cross-Origin-Opener-Policy
X-LLID
Payment
X-Forwarded-Proto
S
X-Page-Id
X-Language
X-Microsite
X-Request-Handler-Origin-Region
Charset
X-Seen-By
X-Git-Hash
X-Protected-By
Host
X-F-Cache
X-FB-Debug
X-LB-Cache
X-B3-Sampled
X-Ratelimit-Reset
X-Amz-Meta-S3cmd-Attrs
X-VCache
X-ASPNET-VERSION
X-Cluster-Name
X-Rid
Surrogate-Key
Cache-Status
X-Www-Served-By
Cache-Tags
X-Logged-In
Access-Control-Allow-Method
X-Upgrade-Enabled
X-DIS-Request-ID
X-Ab
X-Origin-Cache
X-Varnish-Backend
X-Source
Realpath
Retry-After
Alternate-Protocol
X-Cache-Age
X-Az
X-Activity-Id
X-AppVersion
Accept-Charset
Cleartype
X-COUNTRY
X-NGENIX-Cache
X-Amz-Replication-Status
X-Type
Paypal-Debug-Id
DC
X-Varnish-Grace
X-Template
X-Wix-Request-Id
X-App-Environment
X-Route-Name
X-Envoy-Decorator-Operation
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Tb
X-B-Cache
X-Signature
X-TT
X-Hostname
X-B
X-Revision
X-DynaTrace
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Contextid
ServerID
Frame-Options
X-Cache-Rule
X-Trace-Id
X-Drupal-Cache-Tags
X-Node-Name
X-Tt-Trace-Host
X-Tt-Trace-Tag
Refresh
Cross-Origin-Resource-Policy
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Amp-Access-Control-Allow-Source-Origin
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
Referer-Policy
X-Proxy
X-Mobile
X-Fastly-Request-ID
X-Debug
X-Load-Cache
Node
X-Content-Options
Viewport
X-Varnish-Server
X-Response-Served-From
NGB
X-EdgeConnect-Cache-Status
X-Original-Request-Id
X-Cache-Control
X-XRDS-LOCATION
X-N
X-Content-Powered-By
X-Varnish-Age
Akamai-GRN
Country
X-Magnolia-Registration
X-Whom
X-Debug-IsConnected
X-Cache-Time
X-Instance
X-NYM-Debug-Backend
X-Debug-IsPreview
X-Fastcgi-Cache
X-Page-View
X-G
X-Framework
X-Is-Bot
Content-Disposition
X-Status
X-Adobe-Loc
X-Adobe-Content
X-Real-IP
Uber-Trace-Id
X-Rendered-As
X-Cache-Grace
X-Akamai-Request-ID2
X-Cacheable-TTL
X-RemovedCookies
Url
X-Servername
X-Yottaa-Optimizations
X-Environment-Context
X-ProcessESI
Access-Control-Request-Headers
X-L-Path
X-User-Agent
X-Yottaa-Metrics
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Jobs
Srv
X-Cache-Expired-At
X-Mid
X-ECache
Healthy
X-Cache-TTL-Remaining
X-Via-JSL
Countrycode
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Rule
X-Tumblr-User
X-Tumblr-Pixel
X-Cache-Hit
X-Varnish-Ttl
X-Cache-Operation
X-CDN-Forward
X-Backend-Name
X-Unique-Id
X-APP-VERSION
X-Drupal-Cache-Contexts
Version
X-TTL
Accept-Language
X-Debug-Info
X-Akamai-Edgescape
X-Cache-Action
Section-Io-Cache
X-Litespeed-Cache
X-VC-Cache
X-Http-Reason
X-Mg-Request-UUID
Content-Secure-Policy
Protected
X-HTML-Minification-Powered-By
X-IPLB-Request-ID
X-Server-ID
X-Hosted-By
X-IPLB-Instance
X-Tt-Logid
X-Generation-Time
X-Generated-By
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-Azure-Ref
Server-Info
X-FW-Serve
X-FW-Hash
X-FW-Server
Backend
X-Time
X-Cache-Status-Check
X-Storage
Meta-Geo
X-RTag
MS-CV
X-RN-RSRV
Ms-Operation-Id
X-UPSTREAM-Address
X-Device-Type
X-Amzn-RequestId
X-Oracle-Dms-Ecid
Xserver
X-Amz-Apigw-Id
Azure-RegionName
Azure-InstanceId
X-Mode
TWC-GeoIP-Country
TWC-Locale-Group
X-Dc
TWC-GeoIP-LatLong
Azure-SlotName
TWC-Device-Class
TWC-Privacy
TWC-Connection-Speed
Property-Id
Azure-Version
Azure-SiteName
X-Hl-Ver
X-Section
X-Proto
X-PCL
X-R9-Blue-Green-Version
X-Varnish-Cache-Hits
X-Cache-Server
Webcakes-App-Name
Liferay-Portal
X-Origin-Hint
X-OCL
X-Cms-Context
X-Access
Webcakes-Region
Webcakes-App-Version
X-Oracle-Dms-Rid
GEO-INFO
X-Format
Onion-Location
X-Handled-By
X-SaId
CF-IPCountry
X-Proxy-Cache-Status
X-Redis-Cache
X-Varnish-Hostname
X-Varnishpool
X-VWS-Id
X-Sql-Count
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-AWS-Id
X-Server-W
Web-Mar-Node
X-Provided-By
X-Locale
X-FireWall-Port
X-Adobe-Source
X-JoinUs
X-No-Session
X-Mobile-URL
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-PHP-Host
X-Sql-Duration-Ms
X-Api-Version
X-App-Server
X-Edge-Location
X-Detected-As
X-FB-TRIP-ID
X-GeoCode
X-GeoCountry
X-Content-Age
X-Forwarded-Host
X-Cache-Type
Locale
DB-Nickname
Mn-Server-Ip
Selected-Fe
X-Cache-Host
X-BYPASS-REASON
X-Ms-Version
X-ProxyCache-Key
X-Via-Fastly
X-Varnish-Beresp-Grace
X-Urbn-Site-Id
X-Web-Node
X-Xfnlog-Site
X-PHP-Backend
Cache-Name
X-Urbn-Context-Path
X-UA-Device-Type
X-Region
X-ProxyCache-Status
X-Request-Time
X-Site-Version
X-Timing-Wait
X-Skip-Cache
X-Proxy-Build
X-Ms-Request-Id
Eomportal-Instance
X-Restarts
CDN-RequestId
CDN-Uid
X-DynaTrace-JS-Agent
X-Extlb
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
S-Rt
X-Routing-Service
X-ShardId
X-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Zipkin-Id
Apigw-Requestid
X-ServerID
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Proxied
X-Storefront-Renderer-Rendered
WP-Super-Cache
X-Vgn-Hpd-Reason
X-SRV
X-Tid
X-TIME
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Tec-Api-Version
X-Tec-Api-Origin
X-Reqid
X-Tec-Api-Root
X-Amzn-Remapped-Content-Length
X-Nginx-Cache-Key
X-Newrelic-Synthetics
X-TNCMS
X-Loop
X-LSADC-Cache
X-Pubstack
Load-Balancing
X-Content
X-Cache-Enabled
Xet-Cookie
X-Ua
X-Cdn
X-Tumblr-Pixel-2
X-Soup
X-Uri
X-B3-Traceid
X-Origin-TTL
X-Origin-CC
X-TA-CDN-Provider
X-Zen-Fury
X-Origin-Date
X-Cache-NGX
From-Origin
X-Service
X-MP-GENERATED-AT
X-Cache-Debug
X-Aspnetmvc-Version
X-Ratelimit-Remaining
Fastcgi-Useragent
X-Correlation-ID
X-Nginx-Cache
Source
X-Varnish-Hits
X-UUID
ServedBy
X-Webkit-CSP
Origin
X-GEO
X-Human
X-App-Version
X-NewRelic-App-Data
Cache
X-Cache-Tags
Upgrade-Insecure-Requests
X-Rewrite-Enabled
X-Cluster
SD-X-WS
X-Cached-By
Rip
Cross-Origin-Window-Policy
MD5-Digest
Rendered-Blocks
X-ScT
BehaviorPad-Version
Mime-Version
Host-ID
WPO-Cache-Message
Fastly-Drupal-HTML
WPO-Cache-Status
X-Ratelimit-Limit
X-Aed
Meta-Geo-Continent
X-S-Cookie
X-D
Cdnsip
Xc-Version
X-Bc-Bl
X-TIM-N
Cdncip
Odigeo-Trace-Id
X-A
X-Ec-Fail
X-Ec-GeoHdr
X-A-Dcw
X-A-Dgt
X-FW-Version
X-Destination
A
X-A-Wwc
Expiry
X-A-Dam
X-Shop-Environment
X-Tenant
X-Forwarded-Path
X-SRCache-Key
X-AK-Request-ID
X-A-Ccd
X-External-Request-Id
X-B-Cookie
X-Varnish-Beresp-Ttl
X-Developer
T-Server
X-BCube-Filmed-By
X-PBS-Appsvrname
X-Application
Lang
X-Parent-Response-Time
X-ARC
DCR-Processing-Time-Ms
Sslversion
DCR-Decision-By
X-User
X-Processor
X-VG-WebCache
Surrogated-Key
X-Connection-Hash
X-Cache-NE
Ngx.Var.Host
X-Rojux
X-Orig-Expires
X-Vdms-Path
X-S
X-Vdms-Version
X-NAPM-TraceId
X-Tumblr-Pixel-3
OT-Force-Account-Verify
X-Request-Host
WebServer
X-Cluster-Node
Gh-Request-Id
X-Accel-Buffering
Redirect-Candidate
X-Nyt-Route
Release
X-GeoIP-City
X-Served-From
X-Gdpr
X-Aicache-OS
Environment
X-Origin-Time
X-Optimistic-Header
X-Cache-Remote
X-Sucuri-Cache
X-WP-CF-Super-Cache-Active
X-Thinkindot-L3
X-Sucuri-ID
X-Worker
X-Geo-Header
X-Cdn-Srv
X-RCS-CacheZone
X-JWT-State
X-Level-Front-Cache
X-CMSURLCustom
X-INCAP-ABP
X-Is-Gdpr
X-Developers
X-Core-Value
X-Generated-On
X-Auto-Login
X-Pass-Why
X-Has-Esi
X-HS-Content-Campaign-Id
Fastly-Backend-Name
TDXMobile
X-Ua-Device
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
AKAMAI
Tube-Got-Eval
Producers
Memcached
Req-Svc-Chain
Servername
Platform
Origin-EX
Mobile-Detection-Method
NGX
NM-Fastcgi-Cache
Origin-CC
Mail-Subject
Traceparent
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
L5d-Success-Class
We-Hiring
Machine
Tube-Get-Contents
Tube-Got-Results
Tube-Return
X-Ad-Defer-Variation
X-Mvc-Supplant-Cachable
X-Rocket-Build-Number
X-Request-URI
X-Rocket-Nginx-Serving-Static
X-S-Maxage
X-Sigma
X-SB
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Platform-Server
X-Owner
X-Policy
X-Pool
X-Qloud-Router
X-Proxy-Cache-Info
X-Sigma-Backend
X-SIPLIST1
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Viewer-Country
X-VServer
X-Wix-Viewer-Type
X-WADP-Cache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Thanos
X-SplitTest
X-Var-Ttl
X-Variation
X-Varnish-Beresp-Status
X-Origin-Response-Time
X-NodeID
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Csrf-Jwt
X-DefElseHash
X-Device-Os
X-DefHash
X-CGP
X-Cache-Info
X-Azure-Ref-OriginShield
X-ATG-Version
X-BBC-Edge-Cache-Status
X-Bip
X-Cache-Id
X-Cache-Bucket
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-Irp-Debug
X-Gzip
X-Loc
X-Minions-Version
X-NCache
L
X-GeoIP
X-Fetched-On
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-Esi-Check
X-Eu-Site
X-FC-Vary-Parameters
X-AOL-HN
X-Fmm-Version
Apple-News-Services-Handled
Adler-Geo
Click-Count-Action-Start
Fastly-GeoIP-CountryCode
Apple-News-Services-Host
CloudFront-Viewer-Country
Cluster
Decoy-Debug-Key
Datacenter
Apple-News-Services-Parsed-Url
Decoy-Debug-Status
Decoy-Debug-TTL
Fastly-SIE
Click-Count-Error
HA-Ipaddr
Fastly-SSL
Apple-News-Services-Request-Url
Kp-EeAlive
IsBot
Is-Eu
Cache-Host
Ha-Gx-Prefs
Fastly-SWR
Webserver
Canary
Candidate-Md5Url
Server-Host
X-Tx-Id
X-Gamma-Serve
X-Fastly-Backend
X-IPS-LoggedIn
X-Gateway-Cache-Key
X-Block-Status
X-CacheTTL
X-Cdn-Origin
X-Core-Mission
X-Mvc-Supplant-OutputCached
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Slack-Backend
X-V-Cache
DSUID
X-Origin
X-Forwarded-Site
X-Clientip
X-Scheme
X-Region-Sid
X-Gen-Mode
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Hash
X-Hnp-Log
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Gateway-Cache-Status
X-CACHE-GROUP
Server-Hostname
CPC-Age
CPC-Cache
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
CDCHOST
Country-Code
Cmstype
Cmsid
State
Server-Ext
VNS-Age
Sever-Int
VNS-Cache
X-Debug-Cache
Sid
X-Udemy-Cache-App-Namespace
X-LB-NoCache
Memory
X-Akamai-Transformed
Ec-Rule-Version
X-URL
X-Datadog-Parent-Id
X-Scale
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Svr
Time
X-Branch-Name
X-Dispatch
LB
X-Newrelic-App-Data
X-Edge-Pop
X-Up
X-CSRF-Token
Pics-Label
X-Nf-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
Ssr
X-B3-Spanid
HostName
Request-ID
X-Req
X-VC
X-Presslabs-Stats
X-Cs
AMP-Access-Control-Allow-Source-Origin
X-Generated-In
X-ZONE
X-ND-Cache
Env
X-Servedbyhost
My-App
X-Wa
X-Lambda-Id
CacheControlHeader
True-Client-Country-4JS
X-Refresh
X-NGINX-Cache
X-Vc
X-WA-Info
Cache-Tv-Group
X-Via-Popv
X-B3-SpanId
GeoIp-Country-Code
X-Datadome
X-Via-Poph
X-Via-Popn
Fastcgi-Cache-TTL
X-Via-NSCOPI
X-GG-Cache-Date
Hostname
X-Zone
X-Op-Id-All
X-Session-Fingerprint
True-Client-IP
Server-ID
X-PX
X-EC-Lua
SID
X-Pod-Name
X-Origin-Expires
X-ID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Release
X-Fastly-Cache
Cache-Hits
X-VCL-Version
X-Fpc
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-LB-ID
X-Xrds-Location
X-Trace-ID
X-CSRF-TOKEN
X-NWS-UUID-VERIFY
X-CACHE-AGE
X-TX-ID
WWW-Authenticate
X-Webkit-CSP-Report-Only
X-Srv
X-Accel-Expires-Debug
X-TH-Server
Fastly-Drupal-Html
X-Date
X-CACHE-KEY
X-Buckets
X-Old-Content-Length
X-MSEdge-Features
X-Cache-Date
X-MSEdge-Flight
X-Ig-Push-State
CDN
X-RAMCache
X-TRACE-ID
X-HS-Status
X-Endurance-Cache-Level
X-DC
X-Conf
X-Varnish-Beresp-TTL
Resin-Trace
X-NC
X-Microcachable
X-Dmc
X-RateLimit-Reset
X-Location
Path
Section-Io-Id
X-MCACHE
Tcn
X-Vcl-Version
X-Lb-Id
Section-Io-Origin-Status
Powered-By
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-CS
X-Webstats-RespID
X-API-Version
X-Director
X-FPC
Magicmarker
X-DataCenter
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Akamai-Pragma-Client-IP
True-Client-Ip
X-Check-Cacheable
Yjs-Id
X-LiteSpeed-Cache-Control
X-CLOUD-TRACE-CONTEXT
X-Cache-Ttl
X-Test
Server-Id
X-Alfa-Service
X-Datacenter
X-Wikidot-Backend
GeoIP-Country-Code
Lb
X-Wikidot-Static-Cache
X-Esi
M-TraceId
X-Via-PopV
FSS-Cache
X-Via-CDN
X-Server-IP
XServer
X-Geo
X-Cache-Expires
X-Mly-Id
X-WA
Proxy-Connection
X-Via-PopN
X-Be
X-Vercel-Cache
X-Cache-Backend
X-Vercel-Id
X-Via-PopH
X-ApacheServer
YJS-ID
X-Cc-Via
X-PERF
X-We-Are-Hiring
X-ServedByHost
User-Agent
X-Response-By
ENV
X-Hyper-Cache
Pramga
X-Micro-Cache
Cdn
X-Cdn-Forward
X-Dw-Trace-Id
XM
X-Info
X-Frame-Option
X-CF-Lambda-Version
HIT
X-CF-Lambda-Fn
X-M-Reqid
X-HA-Backend
X-M-Log
X-Client-Ip
Uri
Sm-Log-Id
X-Service-Response-Time
X-AIR-PT
X-Edge-POP
X-Li-Fabric
X-LI-Proto
X-Li-Pop
Tracecode
X-Instance-Name
Location
X-LI-UUID
X-Traceid
X-App
X-From
X-FL-EDGE
X-TT-LOGID
X-UA
X-HN
X-TrackingId
X-Qnm-Cache
Dnion-Transfer-Encoding
Geoip-Latitude
Srvid
X-Akamai-ERRuleID
PFcat
X-Akamai-ERPolicy
Locid
X-VarnishDD-TTL
Swift-Performance
X-LiteSpeed-Tag
CF-Cached-On
Cneonction
X-DW
X-RPM
Cache-Key
X-Oss-Request-Id
X-DSS
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-RSL
X-Oss-Hash-Crc64ecma
X-RPS
PICS-Label
X-DI
Nginx-CQVIP
CountryCode
X-Air-Trace-Id
C-Via
N-Cache
X-Air-Hostname
X-DB
X-Fastly-Backend-Reqs
X-Air-Source
Ohc-File-Size
X-Platform
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Platform-Router
X-Conten-Type-Options
Timeexpire
Esi-Enabled
X-Request-Url
NtCoent-Length
X-Platform-Cluster
X-Platform-Processor
X-HostName
Wpo-Cache-Message
X-SD-PageType
Wpo-Cache-Status
X-Lb-Nocache
X-UP
X-CF-Powered-By
X-LAGOON
Create-Date
X-Cache-Proxy
X-Fastly-Cache-Hits
Vha6-Origin
X-Cdn-Request-ID
X-Ha-Backend
X-Cache-Ngx
Wp-Super-Cache
X-Ips-Loggedin
Warning
X-Litespeed-Cache-Control
X-Air-Pt
X-Newegg-Index
X-NFL-Dma
X-NFL-Geo
X-Newegg-Flow
X-Nerd
X-Matome-Cached
X-Matched-Rule
X-MTS-Cache
X-N-OperationId
X-PG-ACCESS
X-NS-Authorization
X-Paywall
X-Onedio-Env
X-Loadbalancer
X-Origin-Ops
X-OVcl
X-OVcl-Cache
X-Okws-Version
X-NXG
X-Nyt-Data-Last-Modified
X-Odoo-Frontend
X-PageType
X-Ntj-Investigation-Id
X-Fastly-Is-Edge
X-PGF-Deflate
X-Fstrz
X-Full-Ttl
X-GG-Cache-Status
X-Farm
X-F-Status
X-Ee-Request-Id
X-Eid
X-ETag
X-Eventloop-Lag
X-Git-Commit
X-Global-Transaction-ID
X-Ittl
X-Kebab
X-Kebabable
X-Keep
X-Is-SSL
X-IBD-SID
X-GoCache-CacheStatus
X-Group
X-Header-Sub
X-IBD-Cache
X-LbNode
X-Stack-Name
X-Vary-Devices
X-V2-Infrastructure
X-Ver
X-Wag-Acs
X-Waitingroom
X-Utime
X-User-Auth
X-Tried-To-Kebabify
X-True-Client-Ip
X-U-Cache
X-Upstream-State
X-Web-Hosting
X-WP-Bypass
Fastcgi-X-Cache-Version
X-Fastly-Country-Code
On-Server
Hit
X-Request-URL
X-B3-Parentspanid
XV-H
X-WSR2
X-Xms-Page-Cache-Actions
X-YSpaceId
XV-Cache
X-Toujours-Debout-Location
X-Toujours-Debout-Branch
X-Route-Akamai
X-Route
X-Ruby
X-Save-Cache
X-Server-L
X-Request-Origin
X-Render-Time
X-R-Cache
X-Reboot
X-Redis
X-Render-Method
X-ServiceName
X-Sh
X-SVR-IIS
X-Svr-Proxy
X-Test-Nginx-Ingress
X-Timestamp
X-Ee-Request-Date
X-SSLProxy
X-Site
X-Slack-Shared-Secret-Outcome
X-SMP-JWT
X-Square
X-Pver
X-Cms-Device
Ns
Npm-Remaining
Ns-Ua
Ok-Cache-Status
Ok-Edge-Key
OK-Edge-Date
Npm-Cost
NLCacheNote
Is-Https
HTTPProtocol
Joe-X
NB-ESI
Nikkei-App-Version
Origin-Site
Panzer-Cache-Control
Service-Uuid
Served
SFRVia
Shieldsquare-Response
SII
Selected-Route
Scheme
RawURL
Proxy-Cache
Region
Request-Uuid
Rt-Proxy-Cache
HServer
H1
X-Yottaa-OS
X-ElasticPress-Query
X-PAYTM-SRV-ID
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Req-ID
X-Mg-Cache
DynaTrace
SRV
WZWS-RAY
X-B3-ParentSpanId
Fastcgi-Cache-Ttl
X-CUA
X-Serial
Cluster-Host
Cf-Wrk
CMS-200
Deeplink
Ec-Policy-Id
Cf-Locale
Cf-Device-Type
Akamai-X-Url
X-Th-Server
Cache-Stat
Cachekey
Cdn-Country-Code
Store-Cloud-Cache
Sw
X-Cache-NPR
X-Cache-Length
X-Cache-Reason
X-Cache-ReqUri
X-CacheVersion
X-Cache-Response
X-Cache-IsMobileDevice
X-Cache-Cookie
X-Backend-TTL
X-AspNetWebPages-Version
X-Backside-Transport
X-BeanStalkRole
X-BeanStalkStage
X-CDN-Pop
X-CDN-Pop-IP
X-Doge
X-Developed-By
X-DT-Node
X-Edge-IP
X-Ee-Generated-By
X-Delivery
X-Dehri-Date
X-Coindesk-Cache
X-Cf-Node-Idx
X-Colour
X-Container-Uri
X-Dcm-Pdtf
X-ASF-Cache
X-ARRRG1
Uniqueid
TWC-Unit
Userver
Vttl
X-77-NZT
TWC-Subs
TWC-PATH-LOCALE
Technodrome
T-Request-Id
Time-Cloud-Cache
Ttl
TWC-AK-Req-ID
X-77-NZT-Ray
X-Accel-Version
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-Native
X-Apache-Server
X-Ar-Stats
X-Arena-Request-Id
X-Akamai-DeviceType
X-Akamai-DeviceOS
X-Accepted-Language
X-Accepted-Fulllang
X-Accor-Asset
X-AEO-Platform
X-Akamai-CacheKeyMod
X-Ee-Origin