Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-FRAME-OPTIONS
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Request-ID
X-Cacheable
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Timing-Allow-Origin
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
P3p
Content-Encoding
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
Access-Control-Max-Age
CF-Ray
X-Via
X-Robots-Tag
X-Cache-Group
X-Dns-Prefetch-Control
Server-Timing
X-UA-Device
Keep-Alive
Request-Context
X-AH-Environment
X-Turbo-Charged-By
X-Ua-Compatible
X-Amz-Request-Id
X-Proxy-Cache
X-Backend
X-Age
X-Amz-Id-2
X-Ws-Request-Id
Host-Header
X-Hacker
X-Server-Powered-By
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
Cf-Edge-Cache
X-Dispatcher
Allow
EagleId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Page-Speed
Accept-CH
X-Nginx-Cache-Status
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Host
X-Node
X-OneAgent-JS-Injection
X-Pingback
X-Cache-Spec
X-Backend-Server
X-Akam-SW-Version
X-Server-Id
Surrogate-Control
Request-Id
Accept-CH-Lifetime
X-Cache-Lookup
X-Response-Time
EagleEye-TraceId
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Readtime
Content-Location
X-HW
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
Rating
X-Application-Context
X-Trace
X-Url
Fastly-Restarts
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-CST
X-Ruxit-Js-Agent
X-MS-InvokeApp
X-Edge
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-ESI
X-PC
X-TtlSet
X-Vname
X-Mod-Pagespeed
X-Country
X-Content-Type
Edge-Control
X-FastCGI-Cache
X-B3-TraceId
X-Oneagent-Js-Injection
Cf-Apo-Via
X-Vcap-Request-Id
X-Akamai-Path-Stats
X-Mcache
X-D2id
Verso
X-GitHub-Request-Id
Xkey
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
Cache-Tag
X-Ttl
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-Navigation-Version
X-Server-Name
RTSS
X-Abt-Application-Version
X-VARITI-CCR
X-Version
X-Client-IP
X-Upstream
X-Ac
X-Cnection
X-Cached
X-Varnish-TTL
X-ECACHE
X-Element-Page-Cache
X-Ruxit-JS-Agent
Arr-Disable-Session-Affinity
Permissions-Policy
X-Kraken-Loop-Name
X-Dw-Request-Base-Id
X-Instrumentation
X-Server-Lifecycle-Phase
SPRequestGuid
X-SharePointHealthScore
X-RateLimit-Remaining
SPRequestDuration
SPIisLatency
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Cache-TTL
Public-Key-Pins
X-NWS-LOG-UUID
X-Country-Code
X-Px
X-Middleton-Response
Response
X-Midtier
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Forwarded-For
X-DataDome
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Hash
X-Cache-Key
Content-MD5
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-NF-Request-ID
X-Shield-Request-Id
Access-Control-Request-Method
X-HP-Webp
X-MSEdge-Ref
X-HP-Trace-Id
X-Jurisdiction
Front-End-Https
X-RateLimit-Limit
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-T
X-Recruiting
AR-ATIME
AR-SID
AR-PoweredBy
AR-CACHE
AR-Request-ID
MicrosoftSharePointTeamServices
X-Daa-Tunnel
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
X-Correlation-Id
Nginx-Cache
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Accel-Expires
X-Mg-S
X-Content-Digest
TCN
X-Grace
X-Powered-CMS
X-Hits
X-Amzn-Trace-Id
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Node
X-HS-Content-Id
Filters
Server-Name
MS-Author-Via
X-Id
Fastcgi-Cache
X-Geo-Country
X-Fastly-Request-Id
X-Webkit-Csp
Count-Hit
X-PressLabs-Stats
X-TEC-API-VERSION
X-XRDS-Location
X-TEC-API-ROOT
X-Distributor
X-Frontend
X-Origin-Server
X-TEC-API-ORIGIN
X-Ua-Browser
X-Ezoic-Cdn
Filterid
Cross-Origin-Opener-Policy
X-LLID
X-Language
S
X-ASPNET-VERSION
Payment
X-Page-Id
X-Microsite
X-Forwarded-Proto
X-Request-Handler-Origin-Region
Charset
X-Seen-By
X-F-Cache
X-Protected-By
X-FB-Debug
Host
X-LB-Cache
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
X-B3-Sampled
X-Ratelimit-Reset
X-VCache
X-Cluster-Name
X-Rid
Cache-Status
Surrogate-Key
X-Www-Served-By
Cache-Tags
X-Ab
X-Logged-In
Access-Control-Allow-Method
X-Litespeed-Cache
X-Upgrade-Enabled
Accept-Ch
X-Origin-Cache
X-COUNTRY
X-DIS-Request-ID
X-Source
X-Cache-Age
Realpath
X-Varnish-Backend
Retry-After
Alternate-Protocol
X-AppVersion
X-Az
X-Activity-Id
Accept-Charset
X-Template
Cleartype
X-NGENIX-Cache
X-Amz-Replication-Status
Paypal-Debug-Id
X-Type
DC
X-Request-Guid
X-Route-Name
X-App-Environment
X-Wix-Request-Id
X-Is-Crawler
X-Envoy-Decorator-Operation
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Varnish-Grace
X-B-Cache
X-Signature
X-TT
X-Tb
X-Revision
X-Hostname
X-B
X-DynaTrace
ServerID
Frame-Options
X-Kong-Upstream-Latency
X-Contextid
X-Kong-Proxy-Latency
X-Cache-Rule
X-Node-Name
X-Trace-Id
X-Drupal-Cache-Tags
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Refresh
Cross-Origin-Resource-Policy
Pinterest-Version
X-Fastly-Request-ID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Proxy
X-GUploader-UploadID
X-Goog-Stored-Content-Length
Referer-Policy
X-Load-Cache
X-Debug
X-Mobile
X-XRDS-LOCATION
X-Content-Options
Node
Amp-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
NGB
X-Original-Request-Id
X-Response-Served-From
X-Varnish-Server
X-Cache-Control
X-EdgeConnect-Cache-Status
Viewport
X-Varnish-Age
X-N
Country
X-Content-Powered-By
Akamai-GRN
X-Magnolia-Registration
X-Whom
X-NYM-Debug-Backend
X-Cache-Time
X-Instance
X-Debug-IsPreview
X-Debug-IsConnected
X-G
X-Page-View
X-Real-IP
X-Status
X-Rendered-As
X-Is-Bot
X-Framework
Uber-Trace-Id
X-Adobe-Content
X-Adobe-Loc
Content-Disposition
X-Cacheable-TTL
X-User-Agent
Access-Control-Request-Headers
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Servername
X-RemovedCookies
X-Akamai-Request-ID2
X-Cache-Grace
X-ProcessESI
Url
Srv
VIX-Pulpo-Upstream-Status
X-Jobs
X-L-Path
X-Mid
VIX-Pulpo-Node
X-Environment-Context
X-Cache-TTL-Remaining
X-Cache-Expired-At
X-Via-JSL
Healthy
Countrycode
X-Tumblr-Pixel
X-Cache-Hit
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Rule
X-Cache-Operation
X-Unique-Id
X-TTL
X-Backend-Name
X-Drupal-Cache-Contexts
X-CDN-Forward
Version
X-APP-VERSION
Accept-Language
X-ECache
X-Time
X-Akamai-Edgescape
X-Debug-Info
X-Cache-Action
X-Server-ID
X-Mg-Request-UUID
X-Http-Reason
Section-Io-Cache
Xserver
X-VC-Cache
X-Varnish-Ttl
Content-Secure-Policy
Protected
X-IPLB-Instance
X-IPLB-Request-ID
X-Tt-Logid
X-Generation-Time
X-Hosted-By
X-HTML-Minification-Powered-By
Backend
X-Azure-Ref
X-Oracle-Dms-Ecid
Server-Info
X-Oracle-Dms-Rid
X-Generated-By
X-SRV
X-Storage
X-UPSTREAM-Address
X-RN-RSRV
X-FW-Dynamic
Meta-Geo
X-Api-Version
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
MS-CV
X-Amz-Apigw-Id
X-RTag
X-Device-Type
X-Amzn-RequestId
Ms-Operation-Id
X-Cache-Status-Check
Azure-Version
CF-IPCountry
Onion-Location
Azure-SlotName
Azure-InstanceId
X-Mobile-URL
X-Cache-Server
Azure-RegionName
Azure-SiteName
Webcakes-App-Version
X-Handled-By
X-Format
X-Cms-Context
X-OCL
X-Origin-Hint
Liferay-Portal
X-Section
X-PCL
X-Access
Webcakes-Region
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Varnish-Cache-Hits
Webcakes-App-Name
TWC-Privacy
Property-Id
X-Hl-Ver
X-R9-Blue-Green-Version
GEO-INFO
X-Proto
X-App-Server
X-Varnish-Hostname
X-Restarts
X-Varnishpool
X-No-Session
X-Adobe-Source
Web-Mar-Node
X-PHP-Host
X-FireWall-Port
X-Proxy-Cache-Status
X-Provided-By
X-Locale
X-Say-TTL
X-Say-Cacheable
X-Redis-Cache
X-Correlation-ID
X-SaId
X-Sql-Duration-Ms
X-Labrador-Cache-Channel
X-JoinUs
X-SayCDN-TTL
X-Sql-Count
X-Dc
CDN-PullZone
X-Tec-Api-Version
Selected-Fe
X-Tec-Api-Root
X-Tec-Api-Origin
CDN-EdgeStorageId
X-UA-Device-Type
CDN-CachedAt
X-Content-Age
X-Varnish-Beresp-Grace
X-Region
X-Proxy-Build
CDN-RequestCountryCode
X-Urbn-Site-Id
X-Server-W
DB-Nickname
CDN-Uid
X-Via-Fastly
X-VWS-Id
X-Urbn-Context-Path
X-LJ-Flow-ID
X-Site-Version
X-GeoCountry
Locale
CDN-RequestId
X-Web-Node
X-PHP-Backend
X-ProxyCache-Key
X-Detected-As
X-Ms-Version
X-Xfnlog-Site
X-FB-TRIP-ID
X-BYPASS-REASON
CDN-Cache
Eomportal-Instance
X-AWS-Id
X-Edge-Location
X-Cache-Host
X-GeoCode
Cache-Name
X-Timing-Wait
X-Forwarded-Host
X-Cache-Type
X-Ms-Request-Id
X-Skip-Cache
X-ProxyCache-Status
X-Sorting-Hat-PodId
Apigw-Requestid
X-Sorting-Hat-ShopId
X-Mode
X-ShardId
S-Rt
X-DynaTrace-JS-Agent
X-Alternate-Cache-Key
X-Shopify-Stage
X-ServerID
X-Request-Time
X-ShopId
Mn-Server-Ip
X-Storefront-Renderer-Rendered
WP-Super-Cache
Load-Balancing
X-Tid
X-Content
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Vgn-Hpd-Reason
X-Amzn-Remapped-Content-Length
X-Reqid
X-Loop
X-Nginx-Cache-Key
X-Extlb
X-TNCMS
X-Cache-Enabled
X-Cdn
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-B3-Traceid
X-Pubstack
X-LSADC-Cache
Xet-Cookie
X-Ua
X-Uri
X-Soup
X-Tumblr-Pixel-2
X-Origin-Date
X-Zen-Fury
X-Aspnetmvc-Version
X-Cache-NGX
X-Ratelimit-Remaining
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Origin-CC
X-Origin-TTL
From-Origin
X-MP-GENERATED-AT
X-Service
X-Cache-Debug
X-Webkit-CSP
Source
X-TIME
Fastcgi-Useragent
ServedBy
X-Varnish-Hits
X-UUID
Origin
X-GEO
X-Nginx-Cache
X-App-Version
X-NewRelic-App-Data
X-Human
Cache
X-Cache-Tags
X-Cluster
X-Cached-By
X-Ratelimit-Limit
Upgrade-Insecure-Requests
Rip
X-Rewrite-Enabled
Fastly-Drupal-HTML
MD5-Digest
X-ScT
SD-X-WS
BehaviorPad-Version
X-Varnish-Beresp-Ttl
Rendered-Blocks
Cross-Origin-Window-Policy
Host-ID
WPO-Cache-Status
WPO-Cache-Message
X-External-Request-Id
X-Ec-GeoHdr
X-ARC
X-S-Cookie
X-Forwarded-Path
X-Parent-Response-Time
X-Shop-Environment
X-A-Ccd
X-Aed
X-Orig-Expires
X-Processor
X-NAPM-TraceId
X-AK-Request-ID
X-A-Wwc
X-Rojux
X-A-Dgt
X-A-Dam
X-A-Dcw
X-Application
T-Server
X-S
X-Tenant
X-Connection-Hash
Lang
Meta-Geo-Continent
Sslversion
X-D
X-BCube-Filmed-By
Expiry
X-Vdms-Path
X-Vdms-Version
X-Cache-NE
X-Bc-Bl
Odigeo-Trace-Id
X-VG-WebCache
X-B-Cookie
Ngx.Var.Host
DCR-Processing-Time-Ms
Surrogated-Key
X-A
Cdnsip
X-PBS-Appsvrname
Cdncip
X-SRCache-Key
X-Ec-Fail
Mime-Version
A
Xc-Version
X-Developer
X-TIM-N
X-User
DCR-Decision-By
X-Destination
X-FW-Version
X-Request-Host
X-RCS-CacheZone
OT-Force-Account-Verify
Release
Redirect-Candidate
Environment
X-Cluster-Node
Gh-Request-Id
X-GeoIP-City
X-Gdpr
X-Origin-Time
X-Nyt-Route
X-Tumblr-Pixel-3
Webserver
X-Aicache-OS
X-Served-From
X-Accel-Buffering
AKAMAI
Fastly-Backend-Name
X-JWT-State
X-Sucuri-Cache
X-Level-Front-Cache
X-INCAP-ABP
X-Is-Gdpr
Thinkindot-CacheControl
X-Generated-On
X-Cdn-Srv
X-CMSURLCustom
X-Core-Value
X-Geo-Header
X-Has-Esi
TDXMobile
X-WP-CF-Super-Cache-Active
Thinkindot-CacheControl-Type
Thinkindot-Control
X-HS-Content-Campaign-Id
X-Thinkindot-L3
X-Cache-Remote
X-Optimistic-Header
WebServer
X-Sucuri-ID
X-Worker
X-Developers
Datacenter
CPC-Cache
CPC-Age
X-DefHash
Cluster
X-Thanos
Fastly-SIE
Wxu-Next-Region
Decoy-Debug-TTL
X-Azure-Ref-OriginShield
X-Variation
Fastly-GeoIP-CountryCode
X-ATG-Version
X-DefElseHash
Decoy-Debug-Key
Decoy-Debug-Status
X-Var-Ttl
X-Varnish-CookieHashed-On
X-BBC-Edge-Cache-Status
X-Pass-Why
X-Cache-Info
NM-Fastcgi-Cache
X-VG-TLSProxy
X-CGP
NGX
X-Cache-Id
X-Cache-Bucket
X-WADP-Cache
X-Wix-Viewer-Type
Req-Svc-Chain
X-VServer
Producers
Platform
X-Viewer-Country
Mobile-Detection-Method
X-Varnish-Remaining-TTL
Ha-Gx-Prefs
HA-Ipaddr
X-Varnish-CookieINHashed-On
CloudFront-Viewer-Country
X-Varnish-Beresp-Status
Fastly-SWR
X-Csrf-Jwt
Is-Eu
X-Clara-WADP
X-Ckpd-Fst-Backend
Mail-Subject
Memcached
Machine
L5d-Success-Class
Kp-EeAlive
L
Fastly-SSL
X-Dispatcher-Number
Tube-Get-Contents
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-GeoIP
X-Gzip
X-Qloud-Router
X-Ad-Defer-Variation
X-AOL-HN
X-Fmm-Version
X-Fetched-On
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-Request-URI
Tube-Got-Eval
Tube-Got-Results
X-NodeID
X-NCache
X-Policy
X-Origin-Response-Time
X-Platform-Server
X-Owner
X-Bip
X-Pool
X-Irp-Debug
X-Proxy-Cache-Info
X-Loc
X-Minions-Version
X-Mvc-Supplant-Cachable
X-FC-Vary-Parameters
X-S-Maxage
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Adler-Geo
Tube-Return
X-SplitTest
Apple-News-Services-Request-Url
Cache-Host
Wxu-Next-Hostname
Click-Count-Action-Start
Wxu-Next-Commit
X-Device-Os
Canary
Candidate-Md5Url
Web-Mar-Region
X-DPWN-IS-SECURE
X-Esi-Check
X-Epic-Correlation-Id
X-Eu-Site
VNS-Age
X-SB
Click-Count-Error
X-Sigma
X-Sigma-Backend
VNS-Cache
We-Hiring
X-Ec-Custom-Error
X-Debug-Cache
X-Auto-Login
Server-Host
X-Gateway-Request-Id
X-SIPLIST1
X-Slack-Backend
X-Sn-Servicetimems
X-Scheme
X-Region-Sid
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Origin
X-Up
X-Forwarded-Site
X-Clientip
X-V-Cache
DSUID
X-Planisys-CDN-Cache
X-Hnp-Log
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Core-Mission
X-Cdn-Origin
X-Branch-Name
X-CacheTTL
X-Datadog-Trace-Id
X-Fastly-Backend
X-Gen-Mode
X-Hash
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gamma-Serve
X-Gateway-Cache-Key
X-Block-Status
X-Mvc-Supplant-OutputCached
Vix-Hermes-Req-Id
Servername
Origin-CC
Country-Code
Cmstype
Origin-EX
Cmsid
CDCHOST
Svr
State
User-Cache-Control
V-Age
Traceparent
IsBot
X-URL
AMP-Access-Control-Allow-Source-Origin
LB
X-IPS-LoggedIn
X-Udemy-Cache-App-Namespace
Time
HostName
Memory
X-CSRF-Token
Server-Ext
X-Scale
X-Dispatch
Ec-Rule-Version
Sever-Int
Server-Hostname
Sid
X-Nf-Request-Id
X-VC
X-Tx-Id
X-LB-NoCache
X-Edge-Pop
X-Akamai-Transformed
X-PX
X-ZONE
Ssr
Request-ID
X-Newrelic-App-Data
Pics-Label
X-Tb-Optimization-Total-Bytes-Saved
X-Presslabs-Stats
X-Req
X-ND-Cache
X-B3-Spanid
My-App
X-Cs
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Lambda-Id
X-Refresh
Env
X-NGINX-Cache
X-Generated-In
X-WA-Info
Cache-Tv-Group
X-Servedbyhost
X-Via-NSCOPI
CacheControlHeader
X-Datadome
True-Client-Country-4JS
Fastcgi-Cache-TTL
X-B3-SpanId
X-CACHE-KEY
X-GG-Cache-Date
Server-ID
GeoIp-Country-Code
X-Wa
X-Session-Fingerprint
X-EC-Lua
X-Release
X-ID
True-Client-IP
X-Origin-Expires
X-Op-Id-All
X-Pod-Name
X-LB-ID
X-Rebelmouse-Surrogate-Control
X-Fastly-Cache
SID
X-Rebelmouse-Cache-Control
X-Vc
Cache-Hits
X-TX-ID
X-Trace-ID
X-Xrds-Location
X-Fpc
Hostname
X-Zone
X-CACHE-AGE
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Webkit-CSP-Report-Only
X-NWS-UUID-VERIFY
X-CSRF-TOKEN
X-TH-Server
X-VCL-Version
WWW-Authenticate
X-Buckets
X-Date
X-Cache-Date
X-Accel-Expires-Debug
X-MSEdge-Flight
X-Ig-Push-State
X-MSEdge-Features
X-TRACE-ID
X-RAMCache
X-DC
Resin-Trace
X-Endurance-Cache-Level
X-HS-Status
X-Old-Content-Length
X-Conf
X-NC
CDN
Fastly-Drupal-Html
X-Microcachable
X-Vcl-Version
X-Dmc
X-RateLimit-Reset
X-Varnish-Beresp-TTL
X-Srv
Tcn
Powered-By
X-CS
X-MCACHE
Section-Origin-Responded
Path
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Location
X-Webstats-RespID
Magicmarker
X-API-Version
True-Client-Ip
X-Akamai-Pragma-Client-IP
X-FPC
X-Lb-Id
X-Director
X-DataCenter
X-Varnish-Authentication
Yjs-Id
X-Cache-ASPX
X-Check-Cacheable
X-Contensis-Viewer-Groups
X-Cache-Ttl
X-LiteSpeed-Cache-Control
X-CLOUD-TRACE-CONTEXT
X-WA
X-Wikidot-Backend
X-Alfa-Service
X-Datacenter
X-Wikidot-Static-Cache
GeoIP-Country-Code
X-Esi
X-Cdn-Forward
X-ServedByHost
X-Via-CDN
X-Mly-Id
Server-Id
X-Vercel-Cache
FSS-Cache
Lb
X-Vercel-Id
X-Be
Proxy-Connection
X-Test
X-Geo
X-Cache-Backend
M-TraceId
X-Cache-Expires
X-Micro-Cache
X-Hyper-Cache
ENV
Pramga
User-Agent
X-Server-IP
X-Response-By
Cdn
X-Dw-Trace-Id
X-Cc-Via
YJS-ID
X-Via-PopV
X-Via-PopH
X-Via-PopN
X-M-Log
Uri
X-HA-Backend
X-PERF
X-We-Are-Hiring
X-M-Reqid
HIT
X-ApacheServer
X-Client-Ip
X-CF-Lambda-Fn
X-CF-Lambda-Version
Sm-Log-Id
X-AIR-PT
X-Service-Response-Time
X-Edge-POP
Location
X-Traceid
PICS-Label
X-Qnm-Cache
X-TT-LOGID
Swift-Performance
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-UA
Dnion-Transfer-Encoding
XM
Tracecode
Geoip-Latitude
X-App
X-Frame-Option
X-LI-UUID
X-From
X-LiteSpeed-Tag
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-TrackingId
X-Instance-Name
X-FL-EDGE
Locid
Srvid
X-Info
X-VarnishDD-TTL
PFcat
X-HN
CF-Cached-On
X-RSL
X-RPS
X-RPM
X-DSS
X-DB
X-DI
X-Fastly-Backend-Reqs
X-DW
X-Air-Source
X-Air-Trace-Id
X-Platform
CountryCode
C-Via
X-Air-Hostname
XServer
Ohc-File-Size
X-Lb-Nocache
Nginx-CQVIP
N-Cache
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
Cneonction
X-Cache-Proxy
X-Conten-Type-Options
NtCoent-Length
Esi-Enabled
Cache-Key
Timeexpire
X-Platform-Cluster
X-Oss-Storage-Class
X-Cdn-Request-ID
X-CF-Powered-By
X-Fastly-Cache-Hits
X-HostName
X-Request-Url
Wpo-Cache-Status
X-Platform-Processor
X-Oss-Server-Time
Vha6-Origin
X-Platform-Router
Wpo-Cache-Message
X-Ips-Loggedin
X-Litespeed-Cache-Control
Warning
X-Cache-Ngx
Wp-Super-Cache
X-Air-Pt
X-NFL-Geo
X-NFL-Dma
X-Newegg-Index
X-Matched-Rule
X-Matome-Cached
X-Loadbalancer
X-MTS-Cache
X-N-OperationId
X-Nerd
X-Newegg-Flow
X-Onedio-Env
X-OVcl-Cache
X-OVcl
X-PageType
X-Paywall
X-PG-ACCESS
X-Origin-Ops
X-LbNode
X-NXG
X-Ntj-Investigation-Id
X-Nyt-Data-Last-Modified
X-Odoo-Frontend
X-Okws-Version
X-NS-Authorization
X-GoCache-CacheStatus
X-PGF-Deflate
X-F-Status
X-Farm
X-Fastly-Is-Edge
X-Fstrz
X-Eventloop-Lag
X-ETag
X-Eid
X-Ee-Request-Id
X-Ee-Request-Date
X-Ee-Origin
X-Full-Ttl
X-GG-Cache-Status
X-Is-SSL
X-Ittl
X-Kebab
X-Kebabable
X-IBD-SID
X-IBD-Cache
X-Git-Commit
X-Global-Transaction-ID
X-Group
X-Header-Sub
X-Keep
X-Stack-Name
X-Ver
X-Vary-Devices
X-Wag-Acs
X-Waitingroom
X-Web-Hosting
X-V2-Infrastructure
X-Utime
X-True-Client-Ip
X-U-Cache
X-Upstream-State
X-User-Auth
X-WP-Bypass
X-WSR2
X-Request-URL
On-Server
Create-Date
X-LAGOON
X-SD-PageType
X-Fastly-Country-Code
X-B3-Parentspanid
X-Xms-Page-Cache-Actions
X-YSpaceId
XV-Cache
XV-H
X-Tried-To-Kebabify
X-Toujours-Debout-Location
X-Route-Akamai
X-Route
X-Ruby
X-Save-Cache
X-Server-L
X-Request-Origin
X-Render-Time
X-R-Cache
X-Reboot
X-Redis
X-Render-Method
X-ServiceName
X-Sh
X-Svr-Proxy
X-SVR-IIS
X-Test-Nginx-Ingress
X-Timestamp
X-Toujours-Debout-Branch
X-Ee-Generated-By
X-SSLProxy
X-Site
X-Slack-Shared-Secret-Outcome
X-SMP-JWT
X-Square
X-Pver
X-CDN-Pop
Npm-Remaining
Npm-Cost
Ns
Ns-Ua
OK-Edge-Date
Ok-Cache-Status
NLCacheNote
Nikkei-App-Version
HTTPProtocol
HServer
Is-Https
Joe-X
NB-ESI
Ok-Edge-Key
Origin-Site
Served
Selected-Route
Service-Uuid
SFRVia
Shieldsquare-Response
Scheme
Rt-Proxy-Cache
Proxy-Cache
Panzer-Cache-Control
RawURL
Region
Request-Uuid
H1
Ec-Policy-Id
X-Yottaa-OS
X-ElasticPress-Query
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Fastcgi-X-Cache-Version
X-PAYTM-SRV-ID
X-Mg-Cache
Req-ID
Fastcgi-Cache-Ttl
DynaTrace
WZWS-RAY
X-B3-ParentSpanId
X-CUA
Hit
Cf-Wrk
Cf-Locale
Cluster-Host
CMS-200
Deeplink
Cf-Device-Type
Cdn-Country-Code
X-Th-Server
X-Serial
Akamai-X-Url
Cache-Stat
Cachekey
SII
Store-Cloud-Cache
X-Cache-Length
X-Cache-IsMobileDevice
X-Cache-NPR
X-Cache-Reason
X-Cache-Response
X-Cache-ReqUri
X-Cache-Cookie
X-BeanStalkStage
X-AspNetWebPages-Version
X-ASF-Cache
X-Backend-TTL
X-Backside-Transport
X-BeanStalkRole
X-CacheVersion
SRV
X-Delivery
X-Dehri-Date
X-Developed-By
X-Doge
X-DT-Node
X-Dcm-Pdtf
X-Container-Uri
X-Cf-Node-Idx
X-CDN-Pop-IP
X-Cms-Device
X-Coindesk-Cache
X-Colour
X-ARRRG1
X-Arena-Request-Id
TWC-Unit
TWC-Subs
Uniqueid
Userver
Vttl
TWC-PATH-LOCALE
TWC-AK-Req-ID
T-Request-Id
Sw
Technodrome
Time-Cloud-Cache
Ttl
X-77-NZT
X-77-NZT-Ray
X-Akamai-Native
X-Akamai-DeviceType
X-Amz-Meta-Cb-Modifiedtime
X-Apache-Server
X-Ar-Stats
X-Akamai-DeviceOS
X-Akamai-CacheKeyMod
X-Accepted-Fulllang
X-Accel-Version
X-Accepted-Language
X-Accor-Asset
X-AEO-Platform
X-Edge-IP