Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-FRAME-OPTIONS
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
X-Cacheable
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Timing-Allow-Origin
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
P3p
Content-Encoding
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
Access-Control-Max-Age
CF-Ray
X-Dns-Prefetch-Control
X-Via
X-Robots-Tag
X-Cache-Group
X-UA-Device
Server-Timing
Keep-Alive
Request-Context
X-AH-Environment
X-Turbo-Charged-By
X-Ua-Compatible
X-Amz-Request-Id
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
X-Ws-Request-Id
Host-Header
X-Hacker
X-Server-Powered-By
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
Cf-Edge-Cache
X-Dispatcher
Allow
EagleId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Page-Speed
Accept-CH
X-Nginx-Cache-Status
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Node
X-Host
X-OneAgent-JS-Injection
X-Pingback
X-Cache-Spec
X-Backend-Server
X-Akam-SW-Version
X-Server-Id
Surrogate-Control
Request-Id
Accept-CH-Lifetime
X-Cache-Lookup
X-Response-Time
EagleEye-TraceId
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Readtime
Content-Location
X-HW
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Application-Context
Rating
X-Trace
X-Url
Fastly-Restarts
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-CST
X-Ruxit-Js-Agent
X-MS-InvokeApp
X-Edge
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-ESI
X-Vname
X-TtlSet
X-PC
X-Mod-Pagespeed
X-Country
X-Content-Type
Edge-Control
X-FastCGI-Cache
X-B3-TraceId
X-Oneagent-Js-Injection
Cf-Apo-Via
X-Vcap-Request-Id
X-Akamai-Path-Stats
X-Mcache
X-D2id
Verso
X-GitHub-Request-Id
Xkey
X-Cdn-Fetch
Cache-Tag
X-Exp-Variant
X-Kinja-Build
X-Ttl
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-Navigation-Version
RTSS
X-Server-Name
X-Abt-Application-Version
X-VARITI-CCR
X-Version
X-Client-IP
X-Upstream
X-Ac
X-Cached
X-Cnection
X-Varnish-TTL
X-ECACHE
X-Element-Page-Cache
X-Ruxit-JS-Agent
Arr-Disable-Session-Affinity
X-Kraken-Loop-Name
X-SharePointHealthScore
X-Dw-Request-Base-Id
Permissions-Policy
X-Instrumentation
SPRequestGuid
X-Server-Lifecycle-Phase
X-RateLimit-Remaining
SPIisLatency
SPRequestDuration
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Cache-TTL
Public-Key-Pins
X-NWS-LOG-UUID
X-Country-Code
X-Px
Response
X-Middleton-Response
X-Midtier
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ser
X-Forwarded-For
X-DataDome
X-Goog-Hash
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Cache-Key
Content-MD5
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-NF-Request-ID
X-Shield-Request-Id
Access-Control-Request-Method
X-Correlation-Id
X-MSEdge-Ref
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
Front-End-Https
X-RateLimit-Limit
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Recruiting
X-T
MicrosoftSharePointTeamServices
AR-PoweredBy
AR-SID
AR-ATIME
AR-Request-ID
AR-CACHE
Edge-Cache-Tag
X-Daa-Tunnel
TP-Cache
TP-L2-Cache
Nginx-Cache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Accel-Expires
X-Mg-S
X-Content-Digest
TCN
X-Grace
X-Powered-CMS
X-Hits
X-Request-Processing-Time
X-Request-Received
X-Amzn-Trace-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Node
X-HS-Content-Id
Server-Name
Filters
MS-Author-Via
X-Id
Fastcgi-Cache
X-Geo-Country
X-Webkit-Csp
X-Fastly-Request-Id
Count-Hit
X-PressLabs-Stats
X-Frontend
X-Distributor
X-XRDS-Location
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ezoic-Cdn
X-Origin-Server
X-Ua-Browser
Filterid
Cross-Origin-Opener-Policy
X-LLID
X-Language
Payment
S
X-Forwarded-Proto
X-ASPNET-VERSION
Charset
X-Page-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
X-F-Cache
X-FB-Debug
X-Git-Hash
X-Seen-By
X-LB-Cache
Host
X-B3-Sampled
X-Amz-Meta-S3cmd-Attrs
X-Ratelimit-Reset
X-Cluster-Name
X-VCache
X-Rid
Cache-Status
Surrogate-Key
X-Www-Served-By
X-Ab
Cache-Tags
Access-Control-Allow-Method
X-Logged-In
X-Upgrade-Enabled
X-Litespeed-Cache
Accept-Ch
X-Origin-Cache
X-Source
X-DIS-Request-ID
X-COUNTRY
X-Varnish-Backend
Realpath
Retry-After
X-Cache-Age
Alternate-Protocol
X-AppVersion
X-Activity-Id
Accept-Charset
X-Az
X-NGENIX-Cache
X-Template
X-Amz-Replication-Status
DC
Paypal-Debug-Id
X-Type
Cleartype
X-Varnish-Grace
X-App-Environment
X-Envoy-Decorator-Operation
X-Route-Name
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Request-Guid
X-B-Cache
X-Tb
X-Signature
X-Wix-Request-Id
X-TT
X-B
X-Revision
X-Hostname
ServerID
X-DynaTrace
Frame-Options
X-Contextid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Rule
X-Drupal-Cache-Tags
X-Trace-Id
X-Node-Name
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cross-Origin-Resource-Policy
Refresh
X-Fastly-Request-ID
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Proxy
Referer-Policy
X-Debug
X-Mobile
X-Load-Cache
X-XRDS-LOCATION
Node
X-Content-Options
Amp-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
X-Response-Served-From
NGB
X-Original-Request-Id
X-Cache-Control
X-Varnish-Server
X-EdgeConnect-Cache-Status
X-Magnolia-Registration
X-Content-Powered-By
Viewport
Akamai-GRN
Country
X-Varnish-Age
X-N
X-NYM-Debug-Backend
X-Whom
X-Debug-IsPreview
X-Cache-Time
X-Instance
X-Debug-IsConnected
X-Adobe-Loc
X-Page-View
X-G
Content-Disposition
X-Adobe-Content
X-Status
X-Framework
Uber-Trace-Id
X-Real-IP
X-Is-Bot
X-Rendered-As
X-Akamai-Request-ID2
X-L-Path
X-Cache-Grace
X-Yottaa-Metrics
X-User-Agent
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-RemovedCookies
X-Cacheable-TTL
X-ProcessESI
X-Environment-Context
Srv
VIX-Pulpo-Node
Url
VIX-Pulpo-Upstream-Status
X-Mid
X-Jobs
X-Servername
X-Via-JSL
X-Cache-TTL-Remaining
X-Cache-Expired-At
Countrycode
Healthy
X-Tumblr-Pixel
X-Rule
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cache-Hit
X-Unique-Id
X-Cache-Operation
X-Backend-Name
X-TTL
X-Drupal-Cache-Contexts
Version
X-CDN-Forward
X-APP-VERSION
Accept-Language
X-Time
X-ECache
X-Debug-Info
X-Akamai-Edgescape
X-Cache-Action
X-Server-ID
Section-Io-Cache
X-Http-Reason
X-Mg-Request-UUID
Xserver
X-VC-Cache
Content-Secure-Policy
X-Varnish-Ttl
X-IPLB-Instance
X-IPLB-Request-ID
Protected
X-HTML-Minification-Powered-By
X-Hosted-By
X-Generation-Time
X-Azure-Ref
X-Oracle-Dms-Ecid
Backend
X-Tt-Logid
X-FW-Static
X-Generated-By
X-SRV
X-FW-Type
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
Server-Info
X-Oracle-Dms-Rid
X-UPSTREAM-Address
Meta-Geo
X-Api-Version
X-RN-RSRV
X-Storage
X-Cache-Status-Check
X-Amz-Apigw-Id
X-Device-Type
X-RTag
Ms-Operation-Id
X-Amzn-RequestId
MS-CV
X-Hl-Ver
X-App-Server
X-Handled-By
X-Varnish-Cache-Hits
X-Format
X-Access
X-Cms-Context
X-Mobile-URL
GEO-INFO
X-Section
CF-IPCountry
X-R9-Blue-Green-Version
Azure-SiteName
X-Cache-Server
Azure-Version
Azure-SlotName
Azure-RegionName
X-Proto
Azure-InstanceId
Liferay-Portal
Onion-Location
X-PCL
X-OCL
Webcakes-App-Version
X-JoinUs
Webcakes-App-Name
TWC-Privacy
TWC-Connection-Speed
X-Mode
Webcakes-Region
X-Server-W
X-AWS-Id
TWC-Device-Class
TWC-GeoIP-Country
X-Sql-Duration-Ms
Property-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Say-Cacheable
X-FireWall-Port
X-PHP-Host
X-VWS-Id
X-Locale
X-Say-TTL
X-Proxy-Cache-Status
Web-Mar-Node
X-Restarts
X-Provided-By
X-Varnishpool
X-Varnish-Hostname
X-Origin-Hint
X-SayCDN-TTL
X-No-Session
X-Sql-Count
X-Adobe-Source
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Dc
X-Redis-Cache
X-SaId
Mn-Server-Ip
CDN-Cache
X-BYPASS-REASON
X-Site-Version
X-Skip-Cache
Selected-Fe
X-GeoCode
X-Timing-Wait
X-Tec-Api-Version
X-Tec-Api-Root
X-Web-Node
X-Ms-Version
Cache-Name
X-Request-Time
X-Region
X-Tec-Api-Origin
X-UA-Device-Type
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Varnish-Beresp-Grace
X-Urbn-Site-Id
X-Via-Fastly
X-Urbn-Context-Path
DB-Nickname
X-PHP-Backend
X-Detected-As
X-Edge-Location
Locale
X-Content-Age
CDN-PullZone
Eomportal-Instance
CDN-EdgeStorageId
X-FB-TRIP-ID
X-Forwarded-Host
CDN-RequestId
CDN-Uid
CDN-RequestCountryCode
X-Cache-Host
CDN-CachedAt
X-GeoCountry
X-Ms-Request-Id
Apigw-Requestid
X-Proxied
X-Shopify-Stage
X-ShopId
X-Routing-Service
X-Sorting-Hat-PodId
X-ServerID
X-Sorting-Hat-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Extlb
X-Cache-Type
S-Rt
X-DynaTrace-JS-Agent
X-Zipkin-Id
X-Storefront-Renderer-Rendered
Load-Balancing
WP-Super-Cache
X-Tid
X-Content
X-Nginx-Cache-Key
X-WP-CF-Super-Cache
X-Xfnlog-Site
X-WP-CF-Super-Cache-Cache-Control
X-Reqid
X-Amzn-Remapped-Content-Length
X-Loop
X-Cache-Enabled
X-Cdn
X-Vgn-Hpd-Reason
X-LSADC-Cache
X-TNCMS
X-Pubstack
Xet-Cookie
X-B3-Traceid
X-Ua
X-Uri
X-Soup
X-Newrelic-Synthetics
X-Tumblr-Pixel-2
X-Origin-Date
X-Cache-NGX
X-Ratelimit-Remaining
X-Correlation-ID
X-Aspnetmvc-Version
X-Service
X-Origin-CC
X-TA-CDN-Provider
From-Origin
X-Zen-Fury
X-MP-GENERATED-AT
X-Origin-TTL
X-Cache-Debug
X-Webkit-CSP
Source
Fastcgi-Useragent
X-TIME
X-UUID
ServedBy
X-GEO
Origin
X-Nginx-Cache
X-Varnish-Hits
X-App-Version
X-NewRelic-App-Data
X-Human
Cache
X-Cache-Tags
X-Ratelimit-Limit
Fastly-Drupal-HTML
Rip
Upgrade-Insecure-Requests
X-Cached-By
X-Rewrite-Enabled
X-ScT
SD-X-WS
Cross-Origin-Window-Policy
X-Cluster
BehaviorPad-Version
MD5-Digest
X-Varnish-Beresp-Ttl
Rendered-Blocks
Host-ID
WPO-Cache-Status
WPO-Cache-Message
Odigeo-Trace-Id
Mime-Version
Surrogated-Key
A
Sslversion
Ngx.Var.Host
Lang
Expiry
DCR-Decision-By
Cdnsip
Meta-Geo-Continent
Cdncip
DCR-Processing-Time-Ms
X-B-Cookie
X-Processor
X-Rojux
X-S
X-PBS-Appsvrname
X-Parent-Response-Time
X-External-Request-Id
X-Forwarded-Path
X-Orig-Expires
X-S-Cookie
X-Shop-Environment
X-Vdms-Version
X-VG-WebCache
Xc-Version
X-Vdms-Path
X-User
X-SRCache-Key
X-Tenant
X-TIM-N
X-Ec-GeoHdr
X-Ec-Fail
X-A-Wwc
X-Aed
X-AK-Request-ID
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
X-A-Dam
X-Application
X-ARC
X-D
X-Destination
X-Developer
X-Connection-Hash
X-Cache-NE
X-Bc-Bl
X-BCube-Filmed-By
T-Server
X-NAPM-TraceId
X-RCS-CacheZone
OT-Force-Account-Verify
X-FW-Version
X-Request-Host
X-Served-From
X-Tumblr-Pixel-3
X-Nyt-Route
X-GeoIP-City
X-Gdpr
X-Cluster-Node
X-Origin-Time
Release
Environment
X-Aicache-OS
Webserver
X-Accel-Buffering
Gh-Request-Id
Redirect-Candidate
X-CMSURLCustom
X-Developers
X-Core-Value
Thinkindot-Control
TDXMobile
Fastly-Backend-Name
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Geo-Header
X-Auto-Login
X-INCAP-ABP
X-Sucuri-ID
X-Sucuri-Cache
X-Thinkindot-L3
X-Worker
WebServer
X-Level-Front-Cache
AKAMAI
X-HS-Content-Campaign-Id
X-Optimistic-Header
X-Is-Gdpr
X-JWT-State
X-Has-Esi
X-Generated-On
X-Cache-Remote
X-WP-CF-Super-Cache-Active
X-Ad-Defer-Variation
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-VG-TLSProxy
Web-Mar-Region
VNS-Age
VNS-Cache
We-Hiring
X-AOL-HN
X-Varnish-CookieHashed-On
X-Cache-Info
X-CGP
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Cache-Id
X-Cache-Bucket
Tube-Return
X-BBC-Edge-Cache-Status
X-Bip
X-Azure-Ref-OriginShield
Tube-Got-Eval
Memcached
Mobile-Detection-Method
NGX
NM-Fastcgi-Cache
X-Wix-Viewer-Type
Mail-Subject
L
L5d-Success-Class
Machine
Origin-CC
Origin-EX
Req-Svc-Chain
Traceparent
Tube-Get-Contents
X-Csrf-Jwt
X-Viewer-Country
X-VServer
Platform
Producers
X-WADP-Cache
Tube-Got-Results
X-DefElseHash
X-FC-Vary-Parameters
X-Proxy-Cache-Info
X-Fetched-On
X-Fmm-Version
X-Qloud-Router
X-Eu-Site
X-RateLimit-Remaining-Second
X-Esi-Check
X-RateLimit-Limit-Second
X-GeoIP
X-Pool
X-NCache
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Loc
X-Gzip
X-NodeID
X-Platform-Server
X-Owner
X-Origin-Response-Time
Kp-EeAlive
X-Request-URI
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Thanos
X-Var-Ttl
X-Variation
X-Minions-Version
X-DefHash
X-Device-Os
X-Pass-Why
X-SplitTest
X-S-Maxage
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-SB
X-Sigma
X-SIPLIST1
X-Sigma-Backend
X-Epic-Correlation-Id
X-Varnish-Beresp-Status
X-ATG-Version
Fastly-SIE
Fastly-GeoIP-CountryCode
Apple-News-Services-Request-Url
Cache-Host
IsBot
Apple-News-Services-Parsed-Url
Decoy-Debug-Key
Apple-News-Services-Handled
Adler-Geo
Apple-News-Services-Host
Decoy-Debug-TTL
Decoy-Debug-Status
Fastly-SSL
Canary
HA-Ipaddr
Click-Count-Error
CloudFront-Viewer-Country
Cluster
Is-Eu
Ha-Gx-Prefs
Click-Count-Action-Start
Datacenter
Fastly-SWR
CPC-Cache
CPC-Age
Candidate-Md5Url
X-Cdn-Srv
X-Debug-Cache
Server-Host
X-Scale
X-Mvc-Supplant-OutputCached
X-Scheme
X-Slack-Backend
X-Hash
X-Hnp-Log
X-Cdn-Origin
X-Region-Sid
CDCHOST
X-Planisys-CDN-TTL
Cmsid
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Block-Status
X-Policy
X-Branch-Name
X-Sn-Servicetimems
X-V-Cache
X-Gateway-Cache-Key
X-Datadog-Trace-Id
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Fastly-Backend
Cmstype
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Gateway-Skip-Cache
X-Gen-Mode
X-URL
X-Core-Mission
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gamma-Serve
X-CacheTTL
User-Cache-Control
Svr
State
V-Age
Vix-Hermes-Req-Id
Wxu-Next-Hostname
Wxu-Next-Commit
X-Up
Sever-Int
X-Forwarded-Site
X-Clientip
Server-Ext
X-Origin
Servername
Server-Hostname
Wxu-Next-Region
DSUID
Country-Code
X-Udemy-Cache-App-Namespace
LB
X-IPS-LoggedIn
AMP-Access-Control-Allow-Source-Origin
Sid
X-CSRF-Token
Memory
X-Dispatch
HostName
Time
Ec-Rule-Version
X-VC
X-Nf-Request-Id
X-Tx-Id
X-Edge-Pop
X-LB-NoCache
X-Akamai-Transformed
X-PX
X-ZONE
X-Tb-Optimization-Total-Bytes-Saved
Request-ID
Pics-Label
X-Newrelic-App-Data
Ssr
X-Presslabs-Stats
X-ND-Cache
My-App
X-Req
X-Cs
X-B3-Spanid
X-NGINX-Cache
X-Via-Popv
X-Via-Popn
X-Refresh
X-Lambda-Id
X-Generated-In
X-Via-Poph
Env
X-WA-Info
Cache-Tv-Group
X-Datadome
X-Servedbyhost
X-B3-SpanId
X-Via-NSCOPI
True-Client-Country-4JS
Fastcgi-Cache-TTL
CacheControlHeader
X-GG-Cache-Date
X-CACHE-KEY
X-Session-Fingerprint
GeoIp-Country-Code
Server-ID
X-Wa
X-EC-Lua
X-Release
True-Client-IP
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-ID
X-Pod-Name
X-LB-ID
X-Fastly-Cache
SID
X-Vc
Cache-Hits
X-TX-ID
X-Fpc
X-Op-Id-All
X-Xrds-Location
X-Trace-ID
Hostname
X-Zone
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-CACHE-AGE
X-Webkit-CSP-Report-Only
X-CSRF-TOKEN
X-NWS-UUID-VERIFY
X-VCL-Version
X-TH-Server
WWW-Authenticate
X-Buckets
X-Cache-Date
X-MSEdge-Flight
X-Accel-Expires-Debug
X-MSEdge-Features
X-Ig-Push-State
X-Date
X-RAMCache
X-TRACE-ID
CDN
Resin-Trace
Fastly-Drupal-Html
X-HS-Status
X-NC
X-Conf
X-Endurance-Cache-Level
X-DC
X-Old-Content-Length
X-Microcachable
X-Vcl-Version
X-Dmc
X-RateLimit-Reset
X-Varnish-Beresp-TTL
X-Srv
Tcn
Powered-By
X-MCACHE
X-CS
Path
Magicmarker
X-Location
Section-Io-Id
X-Webstats-RespID
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-API-Version
X-Akamai-Pragma-Client-IP
True-Client-Ip
X-Director
X-Lb-Id
X-FPC
Yjs-Id
X-DataCenter
X-Varnish-Authentication
X-Cache-Ttl
X-Check-Cacheable
X-Contensis-Viewer-Groups
X-LiteSpeed-Cache-Control
X-CLOUD-TRACE-CONTEXT
X-Cache-ASPX
X-Alfa-Service
X-WA
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Datacenter
GeoIP-Country-Code
X-Cdn-Forward
X-Esi
FSS-Cache
Lb
Proxy-Connection
X-ServedByHost
X-Geo
Server-Id
X-Test
X-Vercel-Id
X-Mly-Id
X-Via-CDN
X-Vercel-Cache
X-Be
X-Hyper-Cache
X-Response-By
ENV
X-Micro-Cache
Pramga
X-Server-IP
M-TraceId
User-Agent
X-Cache-Expires
X-HA-Backend
X-Cache-Backend
Cdn
X-Dw-Trace-Id
YJS-ID
X-Cc-Via
X-Via-PopN
X-Via-PopH
X-PERF
X-CF-Lambda-Version
X-Via-PopV
X-M-Log
X-We-Are-Hiring
Uri
X-ApacheServer
X-CF-Lambda-Fn
HIT
X-Client-Ip
X-M-Reqid
X-Service-Response-Time
X-AIR-PT
X-Edge-POP
Sm-Log-Id
X-Info
X-Instance-Name
Swift-Performance
X-Traceid
X-From
PICS-Label
Location
X-FL-EDGE
Srvid
Locid
X-Frame-Option
X-TrackingId
X-LI-Proto
X-Li-Pop
X-App
X-Qnm-Cache
Geoip-Latitude
Tracecode
X-LI-UUID
X-Li-Fabric
Dnion-Transfer-Encoding
X-UA
X-Akamai-ERRuleID
X-TT-LOGID
X-Akamai-ERPolicy
X-LiteSpeed-Tag
X-RSL
X-RPS
X-RPM
X-DW
X-DSS
N-Cache
X-HN
PFcat
XM
XServer
X-VarnishDD-TTL
X-DI
X-Air-Source
X-Air-Hostname
Nginx-CQVIP
X-Air-Trace-Id
CF-Cached-On
X-Platform
C-Via
CountryCode
X-Lb-Nocache
Ohc-File-Size
X-DB
X-Fastly-Backend-Reqs
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Cache-Key
X-Request-Url
X-CF-Powered-By
X-Conten-Type-Options
Esi-Enabled
X-Fastly-Cache-Hits
X-Cdn-Request-ID
Vha6-Origin
X-Platform-Router
Timeexpire
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Platform-Processor
X-Platform-Cluster
X-Cache-Proxy
X-HostName
Wpo-Cache-Message
X-Oss-Server-Time
NtCoent-Length
Cneonction
X-Oss-Object-Type
Wpo-Cache-Status
X-Oss-Request-Id
X-Litespeed-Cache-Control
X-Ips-Loggedin
X-Cache-Ngx
Wp-Super-Cache
X-Air-Pt
Warning
X-Nerd
X-Newegg-Flow
X-LbNode
X-Newegg-Index
X-Paywall
X-MTS-Cache
X-Loadbalancer
X-Matched-Rule
X-Matome-Cached
X-NFL-Dma
X-N-OperationId
X-Ntj-Investigation-Id
X-OVcl
X-Okws-Version
X-Onedio-Env
X-Origin-Ops
X-OVcl-Cache
X-Odoo-Frontend
X-NS-Authorization
X-NXG
X-Nyt-Data-Last-Modified
X-PageType
X-NFL-Geo
X-Farm
X-Fastly-Is-Edge
X-F-Status
X-Fstrz
X-Full-Ttl
X-GG-Cache-Status
X-Eventloop-Lag
X-Ee-Request-Date
X-Eid
X-Ee-Request-Id
X-ETag
X-PG-ACCESS
X-Ee-Origin
X-Git-Commit
X-Is-SSL
X-Ittl
X-Kebab
X-Kebabable
X-IBD-SID
X-IBD-Cache
X-Global-Transaction-ID
X-GoCache-CacheStatus
X-Group
X-Header-Sub
X-Keep
X-V2-Infrastructure
X-Ver
X-Vary-Devices
X-Wag-Acs
X-Waitingroom
X-Web-Hosting
X-Ee-Generated-By
X-Utime
X-True-Client-Ip
X-Tried-To-Kebabify
X-U-Cache
X-Upstream-State
X-User-Auth
X-WP-Bypass
X-WSR2
Create-Date
X-Request-URL
ServerName
X-LAGOON
X-SD-PageType
X-Fastly-Country-Code
X-B3-Parentspanid
X-Xms-Page-Cache-Actions
X-YSpaceId
XV-Cache
XV-H
X-Toujours-Debout-Location
X-Toujours-Debout-Branch
X-Route
X-Request-Origin
X-Route-Akamai
X-Ruby
X-Save-Cache
X-Render-Time
X-Render-Method
X-Pver
X-R-Cache
X-Reboot
X-Redis
X-Server-L
X-ServiceName
X-SVR-IIS
X-Stack-Name
X-Svr-Proxy
X-Test-Nginx-Ingress
X-Timestamp
X-SSLProxy
X-Square
X-Sh
X-Site
X-Slack-Shared-Secret-Outcome
X-SMP-JWT
X-PGF-Deflate
X-Backend-TTL
Npm-Cost
NLCacheNote
Npm-Remaining
Ns
Ok-Cache-Status
Ns-Ua
Nikkei-App-Version
NB-ESI
HServer
H1
HTTPProtocol
Is-Https
Joe-X
OK-Edge-Date
Ok-Edge-Key
Selected-Route
Scheme
Served
Service-Uuid
SFRVia
Rt-Proxy-Cache
Request-Uuid
Panzer-Cache-Control
Origin-Site
Proxy-Cache
RawURL
Region
Ec-Policy-Id
Deeplink
On-Server
X-B3-ParentSpanId
X-Mg-Cache
Hit
X-ElasticPress-Query
Fastcgi-X-Cache-Version
WZWS-RAY
DynaTrace
Req-ID
Fastcgi-Cache-Ttl
SRV
X-PAYTM-SRV-ID
X-CUA
X-Yottaa-OS
X-IN-APIGATEWAY
Cf-Locale
Cf-Device-Type
Cf-Wrk
Cluster-Host
CMS-200
Cdn-Country-Code
Cachekey
X-Serial
X-IN-APIGATEWAYSSL
X-Th-Server
Akamai-X-Url
Cache-Stat
Shieldsquare-Response
SII
X-Cache-Length
X-Cache-IsMobileDevice
X-Cache-NPR
X-Cache-Reason
X-Cache-Response
X-Cache-ReqUri
X-Cache-Cookie
X-BeanStalkStage
X-ASF-Cache
X-ARRRG1
X-AspNetWebPages-Version
X-Backside-Transport
X-BeanStalkRole
X-CacheVersion
X-CDN-Pop
X-Delivery
X-Dehri-Date
X-Developed-By
X-Doge
X-DT-Node
X-Dcm-Pdtf
X-Container-Uri
X-Cf-Node-Idx
X-CDN-Pop-IP
X-Cms-Device
X-Coindesk-Cache
X-Colour
X-Arena-Request-Id
X-Ar-Stats
TWC-Subs
TWC-PATH-LOCALE
TWC-Unit
Uniqueid
Userver
TWC-AK-Req-ID
Ttl
Sw
Store-Cloud-Cache
T-Request-Id
Technodrome
Time-Cloud-Cache
Vttl
X-77-NZT
X-Akamai-DeviceType
X-Akamai-DeviceOS
X-Akamai-Native
X-Amz-Meta-Cb-Modifiedtime
X-Apache-Server
X-Akamai-CacheKeyMod
X-AEO-Platform
X-Accel-Version
X-77-NZT-Ray
X-Accepted-Fulllang
X-Accepted-Language
X-Accor-Asset
X-Edge-IP