Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
CF-RAY
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Dns-Prefetch-Control
Nel
X-Drupal-Dynamic-Cache
Server-Timing
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-XSS-PROTECTION
Content-Encoding
X-CDN
Status
X-Request-ID
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Request-Context
X-Backend
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
X-AH-Environment
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-Vhost
X-UA-Device
X-Proxy-Cache
X-Server
X-Rq
Allow
X-Server-Powered-By
X-Ws-Request-Id
X-Age
X-Dispatcher
EagleId
X-Varnish-Cache
X-Amz-Version-Id
P3p
X-LiteSpeed-Cache
X-Ua-Compatible
Grace
Cf-Apo-Via
Cf-Railgun
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Node
X-Cache-Lookup
X-CST
X-WebKit-CSP
X-Backend-Server
Accept-CH
Surrogate-Control
X-Server-Id
Accept-CH-Lifetime
Permissions-Policy
X-Readtime
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
Request-Id
X-Ruxit-JS-Agent
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
Xkey
X-Response-Time
X-HW
X-Trace
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
X-Url
Rating
Accept-Ch
X-ESI
X-Midtier
X-Amz-Server-Side-Encryption
X-Aspnetmvc-Version
Cache-Tag
X-Mcache
X-Country
X-Powered-By-Plesk
X-Rack-Cache
X-MS-InvokeApp
X-ECACHE
X-Aspnet-Version
X-D2id
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
Service-Worker-Allowed
X-Vcap-Request-Id
X-Element-Page-Cache
Verso
X-Upstream
Edge-Control
X-Country-Code
X-Vname
X-TtlSet
RTSS
X-PC
X-Ac
Origin-Trial
X-Goog-Hash
X-VARITI-CCR
X-Navigation-Version
X-Kinja-CCPA
X-Abt-Application-Version
X-Cache-TTL
X-Browser-Type
Fastly-Restarts
X-Oneagent-Js-Injection
Accept-Ch-Lifetime
X-Litespeed-Cache
X-Amz-Rid
X-NWS-LOG-UUID
X-WebKit-CSP-Report-Only
X-GitHub-Request-Id
X-Webkit-CSP
X-Cached
Cross-Origin-Opener-Policy
X-Varnish-TTL
X-Server-Name
Display
X-Middleton-Display
Pagespeed
X-Sol
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
SPRequestGuid
X-SharePointHealthScore
X-Times
X-Ruxit-Js-Agent
X-Ttl
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
SPIisLatency
SPRequestDuration
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Content-Type
X-Cache-Key
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-FastCGI-Cache
X-Powered-CMS
X-Client-IP
Arr-Disable-Session-Affinity
X-Mg-S
X-Middleton-Response
X-B3-Traceid
Response
X-Version
X-Cnection
X-Ser
X-Server-ID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
Nginx-Cache
X-Accel-Expires
Cache-Tags
X-T
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastly-Request-ID
X-B3-TraceId
Cache-Status
X-NF-Request-ID
Edge-Cache-Tag
X-Hits
Front-End-Https
X-MSEdge-Ref
X-Px
Public-Key-Pins
X-Recruiting
X-RateLimit-Remaining
S
X-Daa-Tunnel
Payment
X-Shield-Request-Id
X-LLID
X-Frontend
X-Request-Received
X-Ua-Browser
X-Request-Processing-Time
Server-Node
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Goog-Metageneration
X-GUploader-UploadID
X-RateLimit-Limit
Content-MD5
MicrosoftSharePointTeamServices
X-DIS-Request-ID
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Content-Digest
Access-Control-Request-Method
X-Webkit-CSP-Report-Only
X-TTL
X-Forwarded-For
TP-Cache
Realpath
X-Protected-By
X-Request-Handler-Origin-Region
X-Distributor
X-Microsite
X-Ratelimit-Remaining
X-PressLabs-Stats
X-FB-Debug
Access-Control-Allow-Method
X-HS-Cache-Config
Fastcgi-Cache
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Page-Id
X-Rid
Accept-Charset
X-Cluster-Name
X-LB-Cache
X-Goog-Stored-Content-Encoding
X-Ua-Device
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Count-Hit
X-Hostname
X-Geo-Country
X-B3-Sampled
X-Id
TP-L2-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
Cross-Origin-Resource-Policy
X-Xrds-Location
X-Seen-By
X-Correlation-Id
X-Ezoic-Cdn
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Ratelimit-Limit
X-App-Server
Cleartype
TCN
X-Logged-In
X-Fastcgi-Cache
X-Varnish-Backend
Referer-Policy
X-Hosted-By
X-Content-Options
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Git-Hash
DC
X-Mobile
X-Contextid
X-Newrelic-App-Data
Retry-After
X-Fb-Rlafr
X-Request-Guid
X-Origin-Cache
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
Surrogate-Key
X-Revision
X-Grace
X-Amz-Replication-Status
X-App-Environment
X-F-Cache
X-Forwarded-Proto
X-Debug-Info
X-TT
Frame-Options
X-IPS-LoggedIn
X-Varnish-Grace
X-Amz-Meta-S3cmd-Attrs
X-RateLimit-Reset
X-Azure-Ref
X-Envoy-Decorator-Operation
X-Magnolia-Registration
Section-Io-Cache
MS-Author-Via
X-Wix-Request-Id
X-COUNTRY
X-Whom
X-Proxy-Cache-Info
X-Www-Served-By
X-Webkit-Csp
Healthy
Charset
Viewport
X-ECache
X-Akamai-Edgescape
Alternate-Protocol
X-Language
X-Trace-Id
WPO-Cache-Status
X-Az
X-AppVersion
X-Backend-Name
X-Activity-Id
WPO-Cache-Message
Filterid
X-Origin-Server
X-App-Version
Amp-Access-Control-Allow-Source-Origin
Server-Name
X-Varnish-Server
X-Datadog-Sampling-Priority
Paypal-Debug-Id
X-Kong-Proxy-Latency
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Kong-Upstream-Latency
X-B
Host
X-Http-Reason
X-Original-Request-Id
X-Response-Served-From
VIX-Pulpo-Node
X-Cache-Rule
SD-X-WS
VIX-Pulpo-Upstream-Status
X-EdgeConnect-Cache-Status
X-UUID
X-User-Agent
X-Akamai-Request-ID2
X-DataDome
X-RemovedCookies
Front
X-Cache-Grace
X-Rule
X-ProcessESI
X-Edge-Location
X-Instance
X-Nf-Request-Id
X-Page-View
X-Environment-Context
X-ARC
Country
X-N
X-L-Path
X-Jobs
From-Origin
Protected
X-Vcache
X-Tumblr-User
X-Tumblr-Pixel
X-Rocket-Nginx-Serving-Static
X-Unique-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Region
X-Cacheable-TTL
X-Tumblr-Pixel-0
X-Varnish-Age
X-Tumblr-Pixel-1
X-FW-Static
X-FW-Type
X-FW-Version
Fastly-SIE
Akamai-GRN
Fastly-SWR
X-FW-Dynamic
X-Adobe-Content
X-Adobe-Loc
X-FW-Hash
X-FW-Serve
X-Framework
X-FW-Server
X-Status
X-Time
X-Is-Bot
X-Load-Cache
X-Rendered-As
SRV
X-G
Content-Disposition
X-Proxy
X-B-Cache
X-Cache-Time
X-Type
X-Signature
X-Mg-Request-UUID
X-Datadog-Sampled
X-Debug-IsPreview
X-Amzn-Remapped-Content-Length
X-Debug-IsConnected
ServerID
Access-Control-Request-Headers
X-Tec-Api-Root
X-Client-Ip
X-Tec-Api-Origin
X-Tec-Api-Version
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Backend
X-CDN-Forward
X-Cache-Control
X-Erf-Web-Scheduler
Refresh
X-Cache-Age
X-Servername
X-DynaTrace
Countrycode
X-XRDS-LOCATION
Xet-Cookie
X-Httpd
Url
Accept-Language
X-Drupal-Cache-Tags
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-DynaTrace-JS-Agent
X-Template
X-Mode
X-Generated-By
X-Device-Type
X-Nginx-Cache
X-HTML-Minification-Powered-By
X-Content-Powered-By
X-NYM-Debug-Backend
Webserver
CF-IPCountry
X-Storage
X-Source
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
GEO-INFO
X-Cache-Hit
X-Director
Meta-Geo
X-SaId
X-JoinUs
X-Say-TTL
X-Say-Cacheable
Locale
Load-Balancing
X-Loop
X-LAGOON
X-URL
X-Rewrite-Enabled
X-Content-Age
X-Cache-Operation
Filters
X-Rn-Rsrv
S-Rt
X-Urbn-Context-Path
X-Cache-Action
X-GeoCode
X-Tncms
X-GeoCountry
X-UPSTREAM-Address
X-Urbn-Site-Id
X-SayCDN-TTL
Version
OT-Force-Account-Verify
X-ServerID
X-MCACHE
X-Cluster-Node
Cross-Origin-Window-Policy
X-Forwarded-Host
X-Container-Uri
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Onion-Location
Xserver
X-Varnish-Hostname
X-Soup
X-Varnish-Cache-Hits
X-Git-Commit
X-Ms-Request-Id
X-Detected-As
X-Sql-Duration-Ms
X-PHP-Host
X-Sql-Count
X-VCT
Web-Mar-Node
X-Adobe-Source
X-VC-Cache
X-Skip-Cache
X-Ms-Version
X-Lambda-Id
X-Tb
X-RM-Cache-TTL
X-Labrador-Cache-Channel
X-Cache-Server
X-Served-From
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Tt-Logid
X-Logging-Id
X-Redis-Cache
DB-Nickname
Mn-Server-Ip
Node
X-Proxied
X-R9-Blue-Green-Version
X-Routing-Service
X-Zipkin-Id
X-FB-TRIP-ID
X-RCS-CacheZone
X-Extlb
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
X-Generation-Time
X-Format
TWC-GeoIP-LatLong
Property-Id
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
X-Timing-Wait
X-Uri
X-Fetched-On
TWC-Locale-Group
Selected-Fe
Fastcgi-Useragent
X-Proxy-Build
X-Debug
X-Origin-Hint
X-Proto
X-FTR-Request-ID
X-NGENIX-Cache
X-Endurance-Cache-Level
Uber-Trace-Id
X-LSADC-Cache
X-Zen-Fury
Source
CDN-RequestId
X-XRDS-Location
X-Sucuri-Cache
X-Sucuri-ID
X-Ua
X-Varnish-Ttl
X-B3-SpanId
Section-Origin-Responded
X-S
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-TimeS
X-Origin-TTL
X-Origin-CC
X-Drupal-Cache-Contexts
NGB
X-Pass-Why
X-Akamai-Transformed
X-MP-GENERATED-AT
X-Origin-Date
X-Real-IP
X-Varnish-Hits
Upgrade-Insecure-Requests
X-Srv
X-Cache-Expired-At
X-Newrelic-Synthetics
X-Ratelimit-Reset
X-CACHE-AGE
X-Handled-By
Liferay-Portal
Fastly-Drupal-HTML
X-Xfnlog-Site
Apigw-Requestid
X-Reqid
X-Optimistic-Header
X-No-Session
X-Cms-Context
X-Restarts
X-Upgrade-Enabled
X-GEO
ServedBy
X-Tx-Id
X-Hl-Ver
X-AB
X-Cache-Host
MS-CV
X-BYPASS-REASON
X-RTag
X-ProxyCache-Status
X-ProxyCache-Key
Ms-Operation-Id
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Node-Name
CDN-Cache
X-Cache-Type
X-Oracle-Dms-Rid
X-Fastly-Request-Id
WP-Super-Cache
X-UA-Device-Type
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
X-Cache-TTL-Remaining
CDN-EdgeStorageId
X-Oracle-Dms-Ecid
CDN-CachedAt
X-VWS-Id
X-IPLB-Instance
X-IPLB-Request-ID
X-CSRF-Token
X-Cluster
X-Parent-Response-Time
X-TraceId
X-AWS-Id
X-LJ-Flow-ID
X-B3-Spanid
X-Pubstack
X-Via-JSL
X-Geo-Region
N-Cache
Origin-Agent-Cluster
Redirect-Candidate
Odigeo-Trace-Id
Ngx.Var.Host
Canary
DCR-Decision-By
DCR-Processing-Time-Ms
Fastly-SSL
Candidate-Md5Url
BehaviorPad-Version
X-Proxy-Cache-Status
Cache-Provider
Gannett-Cam-Experience-Id
Ha-Gx-Prefs
Lang
Magicmarker
MD5-Digest
L5d-Success-Class
L
HA-Ipaddr
Host-ID
Meta-Geo-Continent
W
X-External-Request-Id
X-Eu-Site
X-Fastly-Backend
X-FC-Vary-Parameters
X-Request-Host
X-PAYTM-SRV-ID
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Developer
X-Destination
X-Dispatcher-Number
X-Ec-Custom-Error
X-Ec-Fail
X-Rojux
X-S-Cookie
X-Vtex-Remote-Cache
X-Viewer-Country
X-We-Are-Hiring
X-Worker
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-SD-PageType
X-ScT
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-SRCache-Key
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Dgt
Web-Mar-Region
Vix-Hermes-Req-Id
Sslversion
Server-Host
Surrogated-Key
T-Server
True-Client-Country-4JS
X-Aed
X-App
X-CGP
X-CF-Lambda-Version
X-Conf
X-Csrf-Jwt
X-D
X-CF-Lambda-Fn
X-Cache-NE
X-B-Cookie
X-Application
X-Bc-Bl
X-BCube-Filmed-By
X-Bl-Debug
Rendered-Blocks
X-CacheTTL
X-Micro-Cache
Cache-Name
X-Server-W
X-Cache-Status-Check
X-TIME
X-GeoIP-Country-Code
X-Geo-Header
X-Gdpr
X-Forwarded-Path
X-DefElseHash
X-DefHash
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-GeoIP-Region-Code
X-Hash
X-Nitro-Cache
X-Node-Id
X-NodeID
X-Nyt-Route
X-Nananana
X-Mvc-Supplant-Cachable
X-Human
X-Irp-Debug
X-Loc
X-Mly-Id
X-Date
X-Core-Mission
X-Accel-Buffering
X-Accel-Expires-Debug
X-Correlation-ID
X-Alternate-Cache-Key
We-Hiring
VNS-Cache
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
VNS-Age
X-ApacheServer
X-App-Name
X-Cdn-Origin
X-Clientip
X-CMSURLCustom
X-Old-Content-Length
X-Cdn-Diag
X-Cache-Info
X-BBC-Edge-Cache-Status
X-Cache-Bucket
X-Cache-Debug
X-Core-Value
X-Orig-Expires
X-Varnishpool
X-VG-TLSProxy
X-VG-WebCache
X-Vmg-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Up
X-Var-Ttl
X-Variation
X-Varnish-CookieHashed-On
X-VServer
X-Wikidot-Backend
X-Owner
X-Pool
X-Qloud-Router
X-Thanos
X-Level-Front-Cache
X-Generated-On
X-Wikidot-Static-Cache
X-Wix-Viewer-Type
X-AIR-PT
X-Bip
X-Thinkindot-L3
X-Tenant
X-RateLimit-Remaining-Second
X-Refresh
X-Request-Time
X-S-Maxage
X-RateLimit-Limit-Second
X-Policy
TDXMobile
X-Origin-Time
X-PERF
X-Platform
X-Server-IP
X-ShardId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Sorting-Hat-PodId
X-Sn-Servicetimems
X-Shop-Environment
X-ShopId
X-Shopify-Stage
X-Org
X-Mid
Platform
CPC-Cache
Producers
CPC-Age
Cmsid
Cmstype
Environment
Expect-Staple
Origin
Mail-Subject
Is-Eu
Gh-Request-Id
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
CloudFront-Viewer-Country
Datacenter
AKAMAI
Req-Svc-Chain
Adler-Geo
Release
User-Cache-Control
X-From
X-Gen-Mode
X-GeoIP
X-Hnp-Log
X-Gzip
X-WA-Info
X-Forwarded-Site
X-Fmm-Version
X-Clara-WADP
X-Cache-Id
X-Block-Status
Machine
X-Device-Os
X-INCAP-ABP
X-Esi-Check
X-WADP-Cache
X-Via-Fastly
X-Origin-Response-Time
X-Origin
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Country-Code
Apple-News-Services-Request-Url
NM-Fastcgi-Cache
X-Op-Id-All
X-Test
Cf-Device-Type
CDCHOST
X-Mvc-Supplant-OutputCached
X-NCache
DSUID
X-Nginx-Cache-Key
X-Instance-Name
Esi-Enabled
X-Auto-Login
Server-Hostname
X-Vgn-Hpd-Reason
Sever-Int
X-Datadome
Server-Ext
X-Akamai-Device-Characteristics
X-Dc
X-Accel-Version
X-Is-Desktop
C-Via
Ssr
X-Is-Mobile
X-Section
X-Is-Tablet
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
X-Access
X-Is-Supported-Browser
X-Tcp-Rtt
X-Browser-Name
Server-Info
Content-Secure-Policy
X-Cdn-Srv
X-Cache-Enabled
NGX
X-Buckets
AMP-Access-Control-Allow-Source-Origin
X-Vcl-Version
X-Presslabs-Stats
X-LB-NoCache
Pics-Label
X-Amz-Meta-Cb-Modifiedtime
X-CACHE-GROUP
X-Varnish-Beresp-Grace
X-API-Version
X-SIPLIST1
Server-ID
IsBot
X-Zone
Hostname
X-Is-Gdpr
X-HA-Backend
X-B3-Parentspanid
X-Has-Esi
X-JWT-State
YJS-ID
X-Varnish-Beresp-Ttl
Sid
Memcached
X-ID
CF-Ctrl
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
Time
Cdn-Requestid
Memory
X-Wp-Cf-Super-Cache-Active
X-Cached-By
X-Origin-Cache-Key
X-TA-CDN-Provider
Location
Origin-EX
Cache-Hits
X-Scale
X-Tb-Optimization-Total-Bytes-Saved
Origin-CC
X-WP-CF-Super-Cache-Active
X-Frame-Option
X-Air-Source
X-Backend-Instance
X-Internal-Host
X-Hyper-Cache
X-Air-Trace-Id
X-TIM-N
X-Air-Hostname
X-PHP-Backend
X-ZONE
X-Fpc
X-Cs
X-NGINX-Cache
X-FTR-Backend-Server
X-Service
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-Webstats-RespID
X-FTR-Expires
X-FTR-Balancer
Resin-Trace
X-VC
X-DC
X-NewRelic-App-Data
X-Azure-Ref-OriginShield
Epwk-X-Cache
X-DataCenter
GeoIP-Latitude
XServer
X-SRV
GeoIp-Country-Code
X-Microcachable
X-LiteSpeed-Cache-Control
X-Site-Version
Cache-Host
Uri
True-Client-Ip
X-Nitro-Rev
X-Locale
X-Origin-Expires
X-Nitro-Cache-From
LB
X-VCache
X-Edge-Server
X-NMSegId
Cdn-Request-Time
Cdn-Host
WZWS-RAY
GeoIP-Country-Code
Cdn
X-Info
Req-ID
XM
X-Cache-Ttl
True-Client-IP
X-CSRF-TOKEN
X-HN
M-TraceId
PFcat
X-Pod-Name
X-Pad
NtCoent-Length
X-Ad-Load-Variation
X-VarnishDD-TTL
X-Datacenter
X-Geo
X-Web-Node
Fastly-Drupal-Html
X-M-Log
X-M-Reqid
X-Vercel-Cache
X-Request-URI
Cluster
Pramga
X-Vercel-Id
X-Request-Start
X-Scope-Id
X-FPC
X-APP-VERSION
X-Github-Request-Id
User-Agent
WebServer
X-Ad-Defer-Variation
Cf-Ipcountry
Content-Script-Type
X-Via-SSL
X-Via-CDN
X-MSEdge-Features
Content-Style-Type
X-Varnish-Beresp-Status
X-Qnm-Cache
Edge-Copy-Time
X-Shield-Cache-Expires
X-CS
SID
Locid
X-MSEdge-Flight
X-Via-Edge
A
X-FL-EDGE
X-FL-QIT-DEBUG
Srvid
Tcn
X-HostName
Cache-Tv-Group
Edge-Cache
X-Cache-Date
HostName
X-WP-CF-Super-Cache-Cookies-Bypass
CountryCode
X-Api-Version
X-Cdn-Request-ID
X-NWS-UUID-VERIFY
X-Amz-Meta-Opti
X-Cache-ASPX
Cdncip
Cdnsip
X-AK-Request-ID
X-Varnish-Authentication
X-ATG-Version
X-Esi
Path
X-TH-Server
X-Contensis-Viewer-Groups
X-FireWall-Port
X-Moov-Xdn-Version
X-Moov-T
X-LiteSpeed-Tag
X-Servedbyhost
X-SB
Srv
X-Branch-Name
X-Cdn-Forward
X-V-Cache
X-Nc
X-Acquia-Purge-Cdn-Unconfigured
X-Cache-FS-Status
Click-Count-Action-Start
Tube-Got-Eval
X-Wa
X-B3-Trace-ID
X-Aicache-OS
Tube-Got-Results
Tube-Return
Click-Count-Error
Cache-Key
X-Req
Tube-Get-Contents
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-VCL-Version
XkeyRZ
X-Vary
X-TRACE-ID
X-Proxy-CacheRZ
Yak-Timeinfo
V-Age
On-Server
MIME-Version
X-Via-Popn
X-LB-ID
X-Men
X-Via-Poph
X-Via-Popv
Lb
CDN
X-UA
X-CACHE-KEY
Geoip-Latitude
X-Tim-N
X-Render-Time
Ngx-Var-Key
Wpo-Cache-Status
X-Wp-Cf-Super-Cache
Proxy-Connection
X-Ha-Backend
Server-Id
X-Wp-Cf-Super-Cache-Cache-Control
X-Akamai-Pragma-Client-IP
Wpo-Cache-Message
X-Lb-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Lb-Nocache
X-Acquia-Site
State
X-Acquia-Purge-Tags
X-HS-Content-Campaign-Id
X-Air-Pt
X-Acquia-Application-Trace
Priority
X-User
PICS-Label
My-App
X-Planisys-CDN-TTL
X-Acquia-Application-UUID
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Platform-Server
X-Fastly-Backend-Reqs
X-Generated-In
X-TT-LOGID
X-CUA
X-Vgn-Hpd-Cached
Ohc-Cache-HIT
X-Fastly-Cache
X-Dw-Trace-Id
X-Release
X-Vgn-Hpd-Ssi
X-Fastly-Country-Code
Ohc-File-Size
X-Varnish-Director
CF-Cached-On
X-Via-Ucdn
X-EC-Lua
Vha6-Origin
X-Vgn-Hpd-Variations-Key
X-Upstream-Ct
X-Upstream-Ht
X-Iplb-Request-Id
Yjs-Id
X-Iplb-Instance
X-Provided-By
X-Varnish-Beresp-TTL
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-CDN-Cache-Status
Warning
X-Lb-Id
X-Udemy-Cache-App-Namespace
Cneonction
X-Litespeed-Cache-Control
X-ElasticPress-Query
X-Cached-Since
X-Cache-Remote
Ngx
X-RAMCache
Log-Origin
X-Miniprofiler-Ids
Cache
X-Snapshot-Date
X-Traceid
X-Sigma-Backend
X-Sigma
CACHE-MISS-TO-ORIGIN
X-HS-Status
X-CF-Cache-Header-Vary
X-Fastly-Cache-Hits
Inserted-Into-Cache-At
X-CF-Cache-Header-Cache-Control
X-Rocket-Build-Number