Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
X-Request-ID
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
X-Via
X-Dns-Prefetch-Control
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
X-Ws-Request-Id
Host-Header
P3p
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
Cf-Edge-Cache
X-LiteSpeed-Cache
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Akamai-Path-Stats
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
X-Page-Speed
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
X-WebKit-CSP
X-Aws-Lambda-Call-Status
Accept-CH
X-Host
X-Node
X-Pingback
Cf-Railgun
X-OneAgent-JS-Injection
X-Cache-Spec
X-Server-Id
Surrogate-Control
Request-Id
EagleEye-TraceId
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
Accept-CH-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
X-Url
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Edge
X-Rack-Cache
X-Amz-Server-Side-Encryption
Edge-Control
X-Ruxit-JS-Agent
X-TtlSet
X-Vname
X-PC
X-Oneagent-Js-Injection
X-B3-TraceId
X-Mod-Pagespeed
X-Content-Type
X-ESI
X-Vcap-Request-Id
X-CST
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-Cdn-Fetch
Xkey
Verso
X-GitHub-Request-Id
X-Mcache
X-Amz-Rid
X-D2id
Cache-Tag
X-Powered-By-Plesk
X-VARITI-CCR
RTSS
X-ECACHE
Service-Worker-Allowed
X-FastCGI-Cache
X-Varnish-TTL
X-Upstream
X-Version
X-Ruxit-Js-Agent
X-Abt-Application-Version
X-Navigation-Version
X-Cached
X-Client-IP
X-Ttl
X-Cnection
X-Ac
X-Dw-Request-Base-Id
X-Px
X-Server-Name
X-Element-Page-Cache
Arr-Disable-Session-Affinity
X-SharePointHealthScore
SPRequestGuid
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
Public-Key-Pins
SPRequestDuration
X-Cache-TTL
SPIisLatency
X-Country-Code
Display
X-Middleton-Display
Permissions-Policy
X-Sol
Pagespeed
X-NWS-LOG-UUID
X-Ser
X-Midtier
X-Middleton-Response
Response
X-Litespeed-Cache
X-Cache-Key
X-Edge-Location-Klb
X-Kinsta-Cache
X-RateLimit-Remaining
X-Goog-Hash
X-Forwarded-For
Content-MD5
X-SRCache-Store-Status
Cf-Apo-Via
X-SRCache-Fetch-Status
X-Correlation-Id
Access-Control-Request-Method
Front-End-Https
X-Shield-Request-Id
Accept-Ch
X-DataDome
X-MSEdge-Ref
X-NF-Request-ID
X-T
TP-Cache
X-Jurisdiction
X-HP-Webp
TP-L2-Cache
X-HP-Trace-Id
AR-Request-ID
X-Recruiting
AR-CACHE
AR-PoweredBy
AR-ATIME
AR-SID
X-Accel-Expires
MicrosoftSharePointTeamServices
Edge-Cache-Tag
X-B3-TraceId-Primal
Nginx-Cache
Mrf-Cache-Status
MRF-Tech
X-Powered-CMS
X-Daa-Tunnel
TCN
X-RateLimit-Limit
X-Grace
X-Mg-S
X-ORACLE-DMS-RID
X-Content-Digest
X-ORACLE-DMS-ECID
X-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Hits
X-Request-Received
X-Request-Processing-Time
Server-Node
X-XRDS-Location
Server-Name
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
Filters
X-Amzn-Trace-Id
MS-Author-Via
X-Geo-Country
X-Frontend
X-Distributor
S
Fastcgi-Cache
X-Protected-By
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-LLID
X-Language
Cache-Status
X-Origin-Server
X-Webkit-Csp
X-PressLabs-Stats
X-Fastcgi-Cache
X-LB-Cache
X-Ezoic-Cdn
Count-Hit
Cross-Origin-Opener-Policy
Filterid
X-Forwarded-Proto
X-Ua-Browser
X-Ab
X-F-Cache
X-Seen-By
X-Request-Handler-Origin-Region
X-B3-Sampled
X-FB-Debug
X-Page-Id
X-Microsite
Charset
X-Git-Hash
Host
X-Amz-Meta-S3cmd-Attrs
Payment
X-Fastly-Request-Id
X-Cluster-Name
X-VCache
X-ASPNET-VERSION
X-Cache-Age
Surrogate-Key
X-Rid
Realpath
X-Ratelimit-Reset
Accept-Charset
Cache-Tags
X-Template
X-Origin-Cache
X-NGENIX-Cache
X-Www-Served-By
Alternate-Protocol
Access-Control-Allow-Method
Retry-After
X-Logged-In
X-DIS-Request-ID
Cleartype
X-Fastly-Request-ID
X-Upgrade-Enabled
X-Az
X-Activity-Id
X-AppVersion
X-Source
X-B-Cache
X-Aspnet-Duration-Ms
X-App-Environment
X-Wix-Request-Id
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Tb
X-TT
X-Is-Crawler
X-Varnish-Backend
X-Signature
X-Flags
X-Amz-Replication-Status
X-B
X-Type
X-Varnish-Grace
ServerID
X-DynaTrace
X-TTL
X-Envoy-Decorator-Operation
DC
Paypal-Debug-Id
X-Node-Name
X-Hostname
Frame-Options
X-Drupal-Cache-Tags
X-Revision
X-Debug
X-Proxy
X-Contextid
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Mobile
X-Pinterest-Rid
Amp-Access-Control-Allow-Source-Origin
Pinterest-Generated-By
Pinterest-Version
X-Cache-Rule
X-Goog-Stored-Content-Encoding
X-Kong-Upstream-Latency
X-Content-Options
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Oracle-Dms-Ecid
X-Load-Cache
X-Oracle-Dms-Rid
Country
Refresh
X-Cache-Control
X-Server-ID
X-Magnolia-Registration
X-N
Node
X-Original-Request-Id
NGB
X-User-Agent
X-Response-Served-From
X-Whom
Viewport
Referer-Policy
X-EdgeConnect-Cache-Status
X-Environment-Context
X-L-Path
X-Framework
X-Cacheable-TTL
X-Cache-TTL-Remaining
Access-Control-Request-Headers
X-Varnish-Age
X-Yottaa-Optimizations
X-Cache-Time
X-Content-Powered-By
X-Cache-Grace
X-Adobe-Content
Url
X-Content
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Adobe-Loc
X-Debug-IsConnected
X-Akamai-Request-ID2
X-Yottaa-Metrics
X-Mid
X-Jobs
X-Page-View
X-Real-IP
X-Servername
X-Rendered-As
X-Is-Bot
X-NYM-Debug-Backend
X-G
X-Debug-IsPreview
X-Instance
X-Status
X-Varnish-Server
Content-Disposition
Uber-Trace-Id
X-Unique-Id
X-RemovedCookies
Srv
X-Time
X-ProcessESI
Akamai-GRN
X-Ratelimit-Remaining
Countrycode
X-Drupal-Cache-Contexts
Version
X-COUNTRY
X-Mg-Request-UUID
X-CDN-Forward
X-Cache-Expired-At
Accept-Language
X-Via-JSL
X-Restarts
X-Http-Reason
X-Cache-Hit
X-XRDS-LOCATION
X-App-Server
Cross-Origin-Resource-Policy
Healthy
Protected
X-Tumblr-Pixel-0
X-Tumblr-User
X-APP-VERSION
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-IPLB-Instance
X-IPLB-Request-ID
X-Cache-Operation
X-Hosted-By
X-Azure-Ref
X-Backend-Name
X-Debug-Info
Section-Io-Cache
X-Trace-Id
X-Ratelimit-Limit
Content-Secure-Policy
X-Tt-Logid
X-Nginx-Cache-Key
X-Device-Type
X-Akamai-Edgescape
X-SRV
Liferay-Portal
X-FW-Server
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Type
Backend
Server-Info
X-FW-Static
X-Cache-Action
X-Rule
Fastcgi-Useragent
X-Api-Version
X-Varnish-Ttl
X-RTag
X-Storage
Ms-Operation-Id
MS-CV
X-Mobile-URL
X-RN-RSRV
X-Proxy-Cache-Status
X-VC-Cache
Load-Balancing
Meta-Geo
GEO-INFO
X-UPSTREAM-Address
X-Mode
X-Generation-Time
X-HTML-Minification-Powered-By
X-Handled-By
X-Varnish-Beresp-Grace
X-Content-Age
CF-IPCountry
Azure-InstanceId
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
Azure-RegionName
Azure-SiteName
CDN-PullZone
Azure-SlotName
Locale
CDN-Cache
Azure-Version
CDN-CachedAt
CDN-EdgeStorageId
X-Adobe-Source
X-Say-Cacheable
X-Say-TTL
X-Uri
X-Urbn-Site-Id
X-SaId
X-Region
X-VWS-Id
X-Varnish-Cache-Hits
X-PHP-Host
X-Redis-Cache
X-Urbn-Context-Path
X-Sql-Duration-Ms
X-ShopId
X-Skip-Cache
X-Site-Version
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-PodId
X-SayCDN-TTL
X-Sql-Count
X-Sorting-Hat-ShopId
X-Origin-Hint
X-No-Session
Web-Mar-Node
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Alternate-Cache-Key
X-AWS-Id
X-JoinUs
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Locale
X-Forwarded-Host
X-Format
X-Cache-Enabled
X-Cache-Host
X-Edge-Location
Property-Id
TWC-Privacy
X-Cache-NGX
X-Routing-Service
X-Server-W
X-Request-Time
X-ProxyCache-Status
X-ProxyCache-Key
X-ServerID
X-Proxy-Build
Onion-Location
X-Cache-Type
S-Rt
Selected-Fe
Mn-Server-Ip
X-Proxied
X-Extlb
X-FB-TRIP-ID
X-BYPASS-REASON
X-Detected-As
X-Cms-Context
X-GeoCode
X-GeoCountry
X-Proto
X-PHP-Backend
X-PCL
X-OCL
X-Timing-Wait
X-Storefront-Renderer-Rendered
X-Xfnlog-Site
X-Web-Node
X-Via-Fastly
X-Access
X-Generated-By
Apigw-Requestid
X-Cache-Server
X-Section
DB-Nickname
X-Zipkin-Id
X-UA-Device-Type
X-Varnishpool
Eomportal-Instance
X-Varnish-Hostname
X-Hl-Ver
Xserver
X-FireWall-Port
X-Ms-Version
X-Cache-Status-Check
X-Nginx-Cache
X-R9-Blue-Green-Version
X-Tid
X-Ms-Request-Id
Cache-Name
X-URL
WP-Super-Cache
X-UUID
X-Origin-Date
X-Datadome
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-ECache
ServedBy
X-DynaTrace-JS-Agent
X-Zen-Fury
X-App-Version
X-Loop
X-LSADC-Cache
X-TNCMS
X-B3-Traceid
X-Pubstack
X-Human
Xet-Cookie
X-Reqid
Source
X-Soup
X-GEO
Cache
X-Cache-Tags
X-Amzn-Remapped-Content-Length
X-RCS-CacheZone
X-Varnish-Hits
X-TA-CDN-Provider
X-Vgn-Hpd-Reason
X-Provided-By
X-Newrelic-Synthetics
X-Aspnetmvc-Version
X-Cached-By
X-MP-GENERATED-AT
Origin
X-Correlation-ID
X-Debug-Cache
Cross-Origin-Window-Policy
X-Ua
X-Origin-TTL
X-Cdn
X-Tumblr-Pixel-2
X-Dc
X-Origin-CC
X-Webkit-CSP
From-Origin
SD-X-WS
WPO-Cache-Message
X-Varnish-Beresp-Ttl
WPO-Cache-Status
X-Service
X-Trace-ID
Webserver
LB
X-IPS-LoggedIn
X-AOL-HN
Rip
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-FW-Version
X-Request-Host
BehaviorPad-Version
X-Tenant
X-Served-From
X-SRCache-Key
X-AK-Request-ID
Cdncip
A
X-Shop-Environment
X-ScT
Cdnsip
X-Bc-Bl
Xc-Version
X-VG-WebCache
X-D
X-BCube-Filmed-By
X-Connection-Hash
X-Cache-NE
X-Vdms-Version
X-Vdms-Path
X-Application
X-User
X-Developer
X-Destination
X-B-Cookie
X-ARC
X-TIM-N
DCR-Processing-Time-Ms
T-Server
X-Owner
VNS-Age
Surrogated-Key
Sslversion
Ngx.Var.Host
Odigeo-Trace-Id
Rendered-Blocks
X-Orig-Expires
X-NAPM-TraceId
X-A-Dam
X-Ec-GeoHdr
X-A-Dcw
X-A-Ccd
X-A
X-Forwarded-Path
X-External-Request-Id
X-PBS-Appsvrname
X-A-Wwc
X-A-Dgt
Environment
X-Ec-Fail
X-S
DCR-Decision-By
X-S-Cookie
CPC-Cache
X-Rojux
X-Rewrite-Enabled
MD5-Digest
Meta-Geo-Continent
X-Aed
X-Processor
Lang
Expiry
Host-ID
CPC-Age
VNS-Cache
HostName
X-Platform-Server
X-CSRF-Token
X-Cluster-Node
X-B3-SpanId
OT-Force-Account-Verify
X-Via-NSCOPI
X-Cache-Debug
X-GG-Cache-Date
X-Aicache-OS
X-Thanos
X-VC
X-Dispatcher-Number
Machine
X-Parent-Response-Time
X-Bip
X-Varnish-Beresp-Status
Mime-Version
X-Accel-Buffering
Redirect-Candidate
X-Qloud-Router
X-Pool
X-Nf-Request-Id
X-TIME
Upgrade-Insecure-Requests
X-NewRelic-App-Data
X-Cache-Id
X-Cdn-Origin
X-CacheTTL
X-Cache-Bucket
X-Cache-Info
X-CGP
X-Cluster
Release
Producers
X-Core-Mission
X-Clientip
X-Clara-WADP
X-Branch-Name
X-VG-TLSProxy
X-Ckpd-Fst-Backend
Req-Svc-Chain
X-SVT-ORM-VERSION
X-BBC-Edge-Cache-Status
X-Varnish-Remaining-TTL
We-Hiring
Web-Mar-Region
Wxu-Next-Commit
Vix-Hermes-Req-Id
V-Age
Tube-Got-Results
Tube-Return
Traceparent
Wxu-Next-Hostname
Wxu-Next-Region
X-Variation
X-V-Cache
X-Auto-Login
Tube-Got-Eval
State
X-Ad-Defer-Variation
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Csrf-Jwt
Servername
X-DefHash
X-Mvc-Supplant-Cachable
X-Minions-Version
X-Mvc-Supplant-OutputCached
X-NodeID
X-Optimistic-Header
X-Sigma
X-Loc
X-INCAP-ABP
X-SIPLIST1
X-Irp-Debug
X-Sigma-Backend
X-Level-Front-Cache
X-Scale
X-Origin
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Region-Sid
X-Rocket-Build-Number
X-Request-URI
X-Proxy-Cache-Info
X-Policy
X-Origin-Response-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Hash
X-Gzip
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-SplitTest
X-Epic-Correlation-Id
X-Esi-Check
X-Device-Os
Platform
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-DefElseHash
X-Eu-Site
X-Sn-Servicetimems
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Generated-On
X-GeoIP
X-GeoIP-City
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Fetched-On
X-Fmm-Version
X-Slack-Backend
X-Forwarded-Site
X-SVT-ORM-RULES
Tube-Get-Contents
Fastly-SSL
Fastly-SWR
X-WADP-Cache
Fastly-SIE
Fastly-GeoIP-CountryCode
DSUID
X-Wix-Viewer-Type
Gh-Request-Id
Ha-Gx-Prefs
Kp-EeAlive
L
IsBot
Is-Eu
HA-Ipaddr
X-VServer
Decoy-Debug-TTL
Decoy-Debug-Status
Apple-News-Services-Request-Url
Cache-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Adler-Geo
Apple-News-Services-Handled
Canary
Click-Count-Action-Start
Datacenter
Decoy-Debug-Key
Country-Code
Cmstype
Click-Count-Error
Cmsid
L5d-Success-Class
Candidate-Md5Url
NGX
X-Viewer-Country
Mobile-Detection-Method
Origin-CC
NM-Fastcgi-Cache
Origin-EX
Mail-Subject
X-WP-CF-Super-Cache-Active
X-Tx-Id
X-CMSURLCustom
Server-Hostname
X-HS-Content-Campaign-Id
X-Developers
X-Cdn-Srv
User-Cache-Control
X-Gamma-Serve
Server-Host
X-Hnp-Log
Cluster
X-Gdpr
X-JWT-State
X-Geo-Header
X-Newrelic-App-Data
X-Is-Gdpr
X-Gen-Mode
CloudFront-Viewer-Country
Server-Ext
X-Has-Esi
CDCHOST
X-Core-Value
Sever-Int
X-Rocket-Nginx-Serving-Static
Thinkindot-CacheControl
TDXMobile
X-Scheme
Svr
Thinkindot-CacheControl-Type
Thinkindot-Control
X-S-Maxage
Memcached
X-SB
X-Origin-Time
X-NCache
X-Nyt-Route
X-Block-Status
Fastly-Backend-Name
X-Worker
X-Thinkindot-L3
Ec-Rule-Version
Fastly-Drupal-HTML
X-Cache-Remote
X-WA-Info
Cache-Hits
X-FC-Vary-Parameters
X-Azure-Ref-OriginShield
X-Fastly-Backend
X-Sucuri-ID
X-LB-NoCache
X-Sucuri-Cache
X-ATG-Version
X-Var-Ttl
AKAMAI
Cache-Tv-Group
X-ZONE
Pics-Label
Ssr
X-ND-Cache
X-Presslabs-Stats
SID
X-Udemy-Cache-App-Namespace
WebServer
X-Origin-Expires
X-Session-Fingerprint
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Fastly-Cache
Fastcgi-Cache-TTL
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popv
X-Via-Popn
X-Generated-In
X-Pod-Name
Time
Memory
X-Via-Poph
X-DC
Sid
Env
Server-ID
X-Servedbyhost
AMP-Access-Control-Allow-Source-Origin
X-Up
X-Akamai-Transformed
X-Refresh
X-Pass-Why
X-NWS-UUID-VERIFY
X-Release
My-App
X-Wa
X-Cache-Date
X-Dispatch
X-Fpc
X-Buckets
X-RateLimit-Reset
X-Ig-Push-State
X-Edge-Pop
X-Cs
X-Tumblr-Pixel-3
X-NC
X-MSEdge-Features
X-MSEdge-Flight
X-Lambda-Id
X-Conf
X-EC-Lua
X-Esi
X-Microcachable
X-PX
X-CS
X-MCACHE
X-Zone
X-Endurance-Cache-Level
X-ID
X-Dmc
X-VCL-Version
CDN
X-Req
Fastly-Drupal-Html
X-CACHE-AGE
GeoIp-Country-Code
X-Xrds-Location
X-TX-ID
True-Client-IP
X-LB-ID
Magicmarker
X-Webkit-CSP-Report-Only
X-Be
X-NGINX-Cache
X-TH-Server
CacheControlHeader
X-Wikidot-Backend
X-Wikidot-Static-Cache
True-Client-Country-4JS
X-CACHE-KEY
X-Vc
X-B3-Spanid
X-Op-Id-All
X-HS-Status
X-CSRF-TOKEN
Hostname
X-TRACE-ID
True-Client-Ip
X-Air-Source
X-Air-Trace-Id
X-Hyper-Cache
X-Air-Hostname
X-M-Reqid
Resin-Trace
X-M-Log
X-Micro-Cache
Request-ID
X-CF-Lambda-Fn
Path
X-CF-Lambda-Version
X-Air-Pt
GeoIP-Country-Code
X-Srv
Tcn
X-Vcl-Version
X-GeoIP-Country-Code
X-App
X-Qnm-Cache
Pramga
X-GeoIP-Region-Code
X-Alfa-Service
X-Yandex-Sdch-Disable
C-Via
WWW-Authenticate
Tracecode
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Accel-Expires-Debug
X-Varnish-Beresp-TTL
X-Date
Section-Io-Origin-Status
X-SERVER-NAME
X-Check-Cacheable
N-Cache
X-Akamai-Pragma-Client-IP
X-Vercel-Cache
X-Vercel-Id
X-Datacenter
X-TrackingId
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
X-UA
Proxy-Connection
X-FPC
X-LiteSpeed-Cache-Control
X-RAMCache
Esi-Enabled
Hit
X-Old-Content-Length
On-Server
X-PAYTM-SRV-ID
X-Edge-POP
X-Platform
Fastcgi-X-Cache-Version
X-API-Version
YJS-ID
X-Webkit-Csp-Report-Only
Yjs-Id
X-Mly-Id
X-Platform-Cluster
X-Geo
X-Platform-Router
Powered-By
FSS-Cache
X-Via-CDN
X-Platform-Processor
X-WA
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
X-ServedByHost
X-Response-By
X-Vtex-Remote-Cache
ENV
Lb
User-Agent
X-Node-Id
X-Vtex-Processado-Em
GeoIP-Latitude
X-Lb-Id
Server-Id
X-Dw-Trace-Id
X-Cdn-Forward
X-SD-PageType
X-Request-Start
X-Location
X-Via-PopV
X-Via-PopN
HIT
X-Via-PopH
X-Webstats-RespID
X-Client-Ip
X-LAGOON
X-AIR-PT
X-Director
X-Traceid
Locid
X-FL-EDGE
X-From
X-Varnish-Authentication
X-Instance-Name
Srvid
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Akamai-ERRuleID
X-CUA
X-Request-Url
X-Akamai-ERPolicy
Dnion-Transfer-Encoding
X-TT-LOGID
Cdn
X-Render-Time
X-Cache-Ttl
X-FORWARDED-FOR
X-Via-Ucdn
Geoip-Latitude
Cache-Key
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-LI-Proto
Sm-Log-Id
X-PERF
X-ApacheServer
X-Service-Response-Time
Ohc-File-Size
X-DB
X-LiteSpeed-Tag
DynaTrace
Nginx-CQVIP
X-RPM
X-Proxy-Upstream
X-Server-IP
Server-Ttl
X-RSL
X-DW
X-RPS
X-DSS
X-DI
X-CF-Powered-By
Location
PICS-Label
XServer
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
X-Proxy-CacheRZ
X-Wp-Cf-Super-Cache-Cache-Control
XkeyRZ
X-IN-APIGATEWAYSSL
X-HN
X-Test
X-B3-ParentSpanId
X-VarnishDD-TTL
X-Proxy-Cache-Hk
X-IN-APIGATEWAY
Vha6-Origin
Uri
X-DataCenter
X-HA-Backend
X-Fastly-Cache-Hits
XM
X-HostName
X-Lb-Nocache
X-Cdn-Request-ID
Wpo-Cache-Message
X-Fastly-Backend-Reqs
Wpo-Cache-Status
Swift-Performance
PFcat
Wp-Super-Cache
X-Cache-Ngx
CountryCode
X-Ips-Loggedin
DT-Hot-News
Warning
M-TraceId
X-Ramcache
Cneonction
X-Mg-Cache
WZWS-RAY
Fastcgi-Cache-Ttl
SRV
Req-ID
X-Moov-T
X-Yottaa-OS
X-ElasticPress-Query
X-Moov-Xdn-Version
CF-Cached-On