Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
X-Dns-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Request-ID
X-Drupal-Dynamic-Cache
Server-Timing
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-XSS-PROTECTION
Content-Encoding
Status
X-CDN
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Request-Context
X-Backend
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
X-AH-Environment
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-UA-Device
X-Vhost
X-Proxy-Cache
X-Server
X-Rq
Allow
X-Server-Powered-By
X-Ws-Request-Id
X-Age
X-Dispatcher
EagleId
X-Varnish-Cache
X-Amz-Version-Id
P3p
Nel
X-LiteSpeed-Cache
X-Ua-Compatible
Grace
Cf-Apo-Via
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
X-OneAgent-JS-Injection
X-Device
EagleEye-TraceId
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Node
X-Cache-Lookup
X-CST
Accept-CH
X-Backend-Server
X-WebKit-CSP
Surrogate-Control
X-Server-Id
Permissions-Policy
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Readtime
Accept-CH-Lifetime
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Request-Id
X-Ruxit-JS-Agent
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
Xkey
X-Response-Time
X-HW
X-Trace
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
X-Url
Rating
Accept-Ch
X-Midtier
X-ESI
X-Amz-Server-Side-Encryption
Cache-Tag
X-Mcache
X-Powered-By-Plesk
X-Rack-Cache
X-ECACHE
X-MS-InvokeApp
X-D2id
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Element-Page-Cache
X-Vcap-Request-Id
Service-Worker-Allowed
Verso
X-Upstream
Edge-Control
X-Country
Accept-Ch-Lifetime
X-Country-Code
X-PC
X-TtlSet
X-Vname
RTSS
Origin-Trial
X-Goog-Hash
X-Ac
X-VARITI-CCR
X-Navigation-Version
X-Abt-Application-Version
X-Kinja-CCPA
Fastly-Restarts
X-Cache-TTL
X-Oneagent-Js-Injection
X-Browser-Type
X-Litespeed-Cache
X-Amz-Rid
X-Aspnetmvc-Version
X-Varnish-TTL
X-WebKit-CSP-Report-Only
X-NWS-LOG-UUID
X-GitHub-Request-Id
X-Webkit-CSP
X-Cached
Cross-Origin-Opener-Policy
X-Server-Name
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Amzn-Trace-Id
X-ORACLE-DMS-ECID
X-Dw-Request-Base-Id
X-ORACLE-DMS-RID
SPRequestGuid
X-Times
X-SharePointHealthScore
X-Ruxit-Js-Agent
X-Ttl
X-B3-Traceid
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Cache-Key
X-Content-Type
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
SPIisLatency
SPRequestDuration
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-FastCGI-Cache
X-Powered-CMS
X-Client-IP
Arr-Disable-Session-Affinity
X-Mg-S
Response
X-Middleton-Response
X-Version
X-Cnection
X-Ser
X-Server-ID
Nginx-Cache
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
AR-CACHE
X-Accel-Expires
X-SRCache-Store-Status
X-T
X-SRCache-Fetch-Status
Cache-Tags
Cache-Status
Edge-Cache-Tag
X-RateLimit-Remaining
X-NF-Request-ID
X-Fastly-Request-ID
X-Hits
X-MSEdge-Ref
X-Px
Front-End-Https
Public-Key-Pins
X-B3-TraceId
X-Recruiting
X-RateLimit-Limit
S
X-Shield-Request-Id
X-Daa-Tunnel
Payment
X-Frontend
X-Ua-Browser
Server-Node
X-LLID
X-Request-Received
X-Request-Processing-Time
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Goog-Metageneration
X-GUploader-UploadID
Content-MD5
X-DIS-Request-ID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Content-Digest
Access-Control-Request-Method
MicrosoftSharePointTeamServices
X-Webkit-CSP-Report-Only
X-TTL
X-Forwarded-For
TP-Cache
X-Protected-By
Realpath
X-Request-Handler-Origin-Region
X-Microsite
X-PressLabs-Stats
X-HS-Cache-Config
X-FB-Debug
Fastcgi-Cache
X-Distributor
X-HS-Combine-CSS
X-HS-Content-Id
Access-Control-Allow-Method
X-HS-Hub-Id
X-Rid
X-Page-Id
X-Cluster-Name
X-LB-Cache
X-Webkit-Csp
Accept-Charset
X-Xrds-Location
X-Aspnet-Version
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Ua-Device
X-Goog-Generation
Count-Hit
X-Hostname
X-B3-Sampled
X-Geo-Country
X-Kinsta-Cache
X-Edge-Location-Klb
TP-L2-Cache
X-Ratelimit-Remaining
X-Id
Cross-Origin-Resource-Policy
X-Seen-By
X-Ezoic-Cdn
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Correlation-Id
TCN
Cleartype
X-Fastcgi-Cache
X-Varnish-Backend
X-Logged-In
X-App-Server
X-TEC-API-ORIGIN
X-Content-Options
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Mobile
X-Hosted-By
X-Git-Hash
DC
Referer-Policy
Retry-After
X-Contextid
X-Flags
X-Fb-Rlafr
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Aspnet-Duration-Ms
X-Origin-Cache
X-Amz-Replication-Status
Surrogate-Key
X-COUNTRY
X-Ratelimit-Limit
X-Grace
X-Revision
X-Debug-Info
X-App-Environment
Frame-Options
X-Forwarded-Proto
X-F-Cache
X-Newrelic-App-Data
X-Amz-Meta-S3cmd-Attrs
X-TT
X-IPS-LoggedIn
X-Varnish-Grace
X-RateLimit-Reset
X-Envoy-Decorator-Operation
X-Azure-Ref
X-Magnolia-Registration
Section-Io-Cache
MS-Author-Via
X-Wix-Request-Id
X-Proxy-Cache-Info
X-Whom
Healthy
Charset
X-App-Version
X-Www-Served-By
X-ECache
Viewport
X-Akamai-Edgescape
X-Language
X-AppVersion
X-Activity-Id
Filterid
X-Backend-Name
X-Az
Alternate-Protocol
X-Trace-Id
WPO-Cache-Status
WPO-Cache-Message
X-Origin-Server
Server-Name
X-Kong-Proxy-Latency
Paypal-Debug-Id
Amp-Access-Control-Allow-Source-Origin
X-Kong-Upstream-Latency
X-Varnish-Server
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-EdgeConnect-Cache-Status
X-Cache-Rule
X-Original-Request-Id
X-Response-Served-From
SD-X-WS
Host
X-DataDome
X-B
X-Rule
X-Nf-Request-Id
X-Http-Reason
X-RemovedCookies
X-Cache-Grace
X-User-Agent
X-Instance
X-ProcessESI
SRV
X-Edge-Location
X-Vcache
X-Yottaa-Optimizations
X-Akamai-Request-ID2
X-UUID
Front
X-Tumblr-Pixel-0
X-Tumblr-User
X-Page-View
X-Region
X-Unique-Id
VIX-Pulpo-Node
X-Yottaa-Metrics
VIX-Pulpo-Upstream-Status
X-Varnish-Age
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Country
Protected
X-Load-Cache
X-N
From-Origin
X-FW-Static
X-Cacheable-TTL
X-FW-Version
X-FW-Type
Akamai-GRN
X-Is-Bot
X-Rocket-Nginx-Serving-Static
X-Rendered-As
X-Jobs
X-FW-Server
X-Framework
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
Fastly-SWR
Content-Disposition
Fastly-SIE
X-Status
X-Mg-Request-UUID
X-L-Path
X-Environment-Context
X-ARC
X-Datadog-Sampled
X-Adobe-Loc
X-Cache-Time
X-Proxy
X-Type
X-Adobe-Content
X-G
X-Amzn-Remapped-Content-Length
X-B-Cache
X-Signature
ServerID
X-Debug-IsConnected
Access-Control-Request-Headers
X-Debug-IsPreview
X-Time
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Client-Ip
X-CDN-Forward
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Backend
Refresh
X-Erf-Web-Scheduler
X-Cache-Control
X-Servername
Xet-Cookie
X-DynaTrace
Countrycode
Url
X-Httpd
X-Drupal-Cache-Tags
X-Tt-Trace-Host
X-Tt-Trace-Tag
Accept-Language
X-Template
X-Cache-Age
CF-IPCountry
X-Generated-By
X-DynaTrace-JS-Agent
X-Nginx-Cache
X-Mode
X-Device-Type
X-NYM-Debug-Backend
X-Content-Powered-By
X-HTML-Minification-Powered-By
Webserver
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Storage
GEO-INFO
X-Hcs-Proxy-Type
X-SayCDN-TTL
X-SaId
X-Say-Cacheable
X-Say-TTL
X-URL
Load-Balancing
X-Content-Age
Meta-Geo
X-Cache-Operation
X-Tncms
X-Director
X-UPSTREAM-Address
Filters
X-Source
X-GeoCode
X-Loop
X-GeoCountry
X-JoinUs
OT-Force-Account-Verify
X-LAGOON
X-Cache-Hit
X-XRDS-LOCATION
X-Rn-Rsrv
X-Rewrite-Enabled
S-Rt
Version
X-Tumblr-Pixel-3
X-Forwarded-Host
X-Cluster-Node
X-MCACHE
X-Cache-Action
X-Container-Uri
Onion-Location
Xserver
X-Urbn-Context-Path
X-Soup
Cross-Origin-Window-Policy
X-Tumblr-Pixel-2
Locale
X-Git-Commit
X-Urbn-Site-Id
Azure-InstanceId
X-Served-From
X-Lambda-Id
Web-Mar-Node
X-RM-Cache-TTL
Azure-RegionName
X-Varnish-Hostname
X-Tb
Azure-Version
Azure-SlotName
X-VCT
X-Sql-Duration-Ms
X-Varnish-Cache-Hits
Azure-SiteName
X-Detected-As
X-Sql-Count
X-Cache-Server
X-Tt-Logid
DB-Nickname
X-Labrador-Cache-Channel
X-Zipkin-Id
X-RCS-CacheZone
X-Routing-Service
X-Redis-Cache
X-ServerID
X-Skip-Cache
X-Proxied
X-PHP-Host
X-FB-TRIP-ID
X-Extlb
X-Logging-Id
X-Ms-Request-Id
X-VC-Cache
X-Ms-Version
Mn-Server-Ip
X-Adobe-Source
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-Region
X-Debug
X-Proxy-Build
X-Timing-Wait
X-R9-Blue-Green-Version
X-Origin-Hint
X-Generation-Time
X-Fetched-On
X-Format
TWC-Connection-Speed
X-Proto
Property-Id
Fastcgi-Useragent
Selected-Fe
X-Endurance-Cache-Level
X-Uri
X-NGENIX-Cache
Node
Uber-Trace-Id
Source
X-LSADC-Cache
X-FTR-Request-ID
X-Zen-Fury
CDN-RequestId
X-Sucuri-ID
X-Sucuri-Cache
X-XRDS-Location
X-Ua
X-B3-SpanId
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-TimeS
X-Origin-TTL
X-Origin-CC
X-Drupal-Cache-Contexts
X-S
NGB
X-Fastly-Request-Id
X-Origin-Date
X-Srv
X-Real-IP
X-Akamai-Transformed
Upgrade-Insecure-Requests
X-Varnish-Hits
X-CACHE-AGE
X-Pass-Why
X-Cache-Expired-At
X-MP-GENERATED-AT
X-Handled-By
X-Ratelimit-Reset
X-Newrelic-Synthetics
Fastly-Drupal-HTML
Liferay-Portal
X-Reqid
X-Cms-Context
X-Optimistic-Header
X-Xfnlog-Site
X-No-Session
X-Restarts
Apigw-Requestid
X-Upgrade-Enabled
ServedBy
X-ProxyCache-Key
X-TIME
X-ProxyCache-Status
X-Varnish-Ttl
Ms-Operation-Id
X-RTag
X-Tx-Id
X-Hl-Ver
MS-CV
X-GEO
X-BYPASS-REASON
WP-Super-Cache
X-UA-Device-Type
X-Oracle-Dms-Rid
X-Cache-Host
X-Oracle-Dms-Ecid
X-Node-Name
X-Cache-Type
X-VWS-Id
X-IPLB-Request-ID
X-IPLB-Instance
X-Cluster
X-AWS-Id
X-LJ-Flow-ID
X-Parent-Response-Time
X-Via-JSL
CDN-RequestCountryCode
X-Pubstack
CDN-PullZone
X-Cache-TTL-Remaining
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-TraceId
CDN-RequestPullCode
CDN-Uid
X-B3-Spanid
X-AB
CDN-RequestPullSuccess
Cache-Provider
X-Rojux
X-Request-Host
Fastly-SSL
X-S-Cookie
X-Fastly-Backend
X-A-Dgt
X-A-Dcw
X-A-Dam
Gannett-Cam-Experience-Id
DCR-Decision-By
BehaviorPad-Version
True-Client-Country-4JS
X-A
X-Proxy-Cache-Status
X-CF-Lambda-Fn
X-Aed
X-CF-Lambda-Version
X-CGP
Canary
Web-Mar-Region
X-PAYTM-SRV-ID
X-Csrf-Jwt
X-A-Ccd
DCR-Processing-Time-Ms
W
X-A-Wwc
Candidate-Md5Url
X-Conf
X-FC-Vary-Parameters
X-SRCache-Key
X-Bc-Bl
Odigeo-Trace-Id
X-Viewer-Country
Origin-Agent-Cluster
X-Vtex-Remote-Cache
T-Server
X-Vdms-Version
X-Vdms-Path
N-Cache
X-CacheTTL
X-ScT
X-Cache-NE
Ngx.Var.Host
X-B-Cookie
X-BCube-Filmed-By
X-Bl-Debug
Redirect-Candidate
X-D
Rendered-Blocks
Sslversion
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Xc-Version
X-Destination
X-Dispatcher-Number
X-We-Are-Hiring
Surrogated-Key
X-Developer
X-Worker
Meta-Geo-Continent
X-Ec-Custom-Error
X-Ec-Fail
X-Eu-Site
L5d-Success-Class
Lang
X-Epic-Correlation-Id
Host-ID
HA-Ipaddr
X-SD-PageType
X-App
X-External-Request-Id
Ha-Gx-Prefs
Magicmarker
L
X-Ec-GeoHdr
MD5-Digest
X-Application
X-Server-W
X-CSRF-Token
X-Cache-Status-Check
Cache-Name
X-Forwarded-Path
X-Geo-Header
X-Date
Fastly-GeoIP-CountryCode
Vix-Hermes-Req-Id
Release
We-Hiring
Server-Host
Datacenter
X-Core-Mission
CloudFront-Viewer-Country
Gh-Request-Id
Fastly-Backend-Name
VNS-Cache
Mail-Subject
VNS-Age
Thinkindot-CacheControl
X-CMSURLCustom
Origin
CPC-Cache
Thinkindot-Control
Expect-Staple
CPC-Age
TDXMobile
Environment
Thinkindot-CacheControl-Type
X-Gdpr
X-Request-Time
X-SVT-ORM-RULES
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-SVT-ORM-VERSION
X-Tenant
X-Up
X-Thinkindot-L3
X-Sorting-Hat-PodId
X-Sn-Servicetimems
X-Clientip
X-Shop-Environment
X-Shopify-Stage
X-Slack-Backend
X-App-Name
X-Slack-Shared-Secret-Outcome
X-Var-Ttl
X-Correlation-ID
X-Generated-On
X-Bip
X-AIR-PT
X-Level-Front-Cache
X-Pool
X-Thanos
X-Qloud-Router
X-Wix-Viewer-Type
X-Wikidot-Static-Cache
X-Varnishpool
X-Cache-Info
X-VG-WebCache
X-Vmg-Version
X-Wikidot-Backend
X-VServer
X-ShardId
X-ShopId
X-Accel-Expires-Debug
X-Accel-Buffering
X-Mvc-Supplant-Cachable
X-Nitro-Cache
X-Node-Id
X-Server-IP
X-Cache-Bucket
X-Mid
X-Loc
X-GeoIP-Country-Code
AKAMAI
X-GeoIP-Region-Code
X-Hash
X-Irp-Debug
X-Human
X-Cdn-Origin
X-Nyt-Route
X-RateLimit-Limit-Second
X-Policy
X-ApacheServer
X-RateLimit-Remaining-Second
X-Refresh
X-S-Maxage
X-Geo-Region
X-PERF
X-Micro-Cache
X-Origin-Time
X-Org
X-Cdn-Diag
X-Orig-Expires
X-Alternate-Cache-Key
User-Cache-Control
Sever-Int
X-Core-Value
X-DefElseHash
X-BBC-Edge-Cache-Status
X-Auto-Login
X-Block-Status
X-Cache-Debug
X-NodeID
X-Nginx-Cache-Key
X-NCache
X-Old-Content-Length
X-Op-Id-All
X-Origin-Response-Time
X-Nananana
X-Mvc-Supplant-OutputCached
X-Hnp-Log
Server-Hostname
X-Instance-Name
X-Mly-Id
X-Platform
X-Vgn-Hpd-Reason
X-VG-TLSProxy
X-Via-Fastly
Machine
X-Owner
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Test
X-Variation
X-Datadome
X-Varnish-CookieHashed-On
Adler-Geo
X-INCAP-ABP
X-DPWN-IS-SECURE
X-Dispatcher-Server
Is-Eu
DSUID
Apple-News-Services-Handled
X-Device-Os
Platform
Server-Ext
X-DefHash
Req-Svc-Chain
Producers
Cmstype
Country-Code
X-Gen-Mode
CDCHOST
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Forwarded-Site
X-GeoIP
Cmsid
Apple-News-Services-Parsed-Url
X-Accel-Version
X-WADP-Cache
X-Gzip
X-Cache-Id
X-WA-Info
X-Clara-WADP
X-Section
X-Origin
X-Fmm-Version
X-Esi-Check
X-Cdn-Srv
X-From
X-Akamai-Device-Characteristics
Ssr
Server-Info
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
NM-Fastcgi-Cache
Esi-Enabled
Content-Secure-Policy
X-Access
C-Via
Cf-Device-Type
X-Buckets
X-Vcl-Version
AMP-Access-Control-Allow-Source-Origin
Pics-Label
NGX
X-LB-NoCache
X-Dc
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Enabled
X-Presslabs-Stats
X-CACHE-GROUP
X-Tcp-Rtt
X-Browser-Name
X-API-Version
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Desktop
Server-ID
IsBot
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-SIPLIST1
X-Zone
Hostname
X-HA-Backend
X-B3-Parentspanid
X-Is-Gdpr
Sid
X-ID
X-JWT-State
YJS-ID
X-Has-Esi
Memcached
X-Platform-Cluster
Time
X-Wp-Cf-Super-Cache-Active
X-Platform-Router
Memory
CF-Ctrl
Cdn-Requestid
X-Platform-Processor
X-TA-CDN-Provider
X-Origin-Cache-Key
Origin-CC
Origin-EX
X-Cached-By
X-Tb-Optimization-Total-Bytes-Saved
Location
Cache-Hits
X-Scale
X-WP-CF-Super-Cache-Active
X-Frame-Option
X-Backend-Instance
X-Air-Source
X-TIM-N
X-Internal-Host
X-Air-Trace-Id
X-Air-Hostname
X-NewRelic-App-Data
X-Hyper-Cache
X-PHP-Backend
X-Fpc
X-ZONE
X-Cs
X-Webstats-RespID
Resin-Trace
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend
X-NGINX-Cache
X-FTR-Cache-Status
X-Country-Code-Real
Epwk-X-Cache
X-DC
X-DataCenter
X-Azure-Ref-OriginShield
X-VC
X-Service
X-Site-Version
GeoIp-Country-Code
X-Microcachable
XServer
X-LiteSpeed-Cache-Control
GeoIP-Latitude
LB
X-Nitro-Rev
True-Client-Ip
X-SRV
Uri
X-Nitro-Cache-From
X-Origin-Expires
Cache-Host
X-Locale
X-CSRF-TOKEN
X-VCache
GeoIP-Country-Code
WZWS-RAY
XM
X-Cache-Ttl
X-Info
True-Client-IP
Cdn
PFcat
X-VarnishDD-TTL
M-TraceId
X-NMSegId
Cdn-Request-Time
Req-ID
X-Edge-Server
X-Pod-Name
X-Pad
NtCoent-Length
X-Datacenter
X-HN
Cdn-Host
X-Geo
X-Web-Node
X-Ad-Load-Variation
X-Vercel-Id
Pramga
X-Github-Request-Id
X-FPC
X-Scope-Id
X-M-Log
User-Agent
X-M-Reqid
Cluster
WebServer
X-Vercel-Cache
X-Request-URI
X-Ad-Defer-Variation
Content-Script-Type
Fastly-Drupal-Html
X-Via-CDN
X-Via-SSL
SID
X-CS
X-Via-Edge
Content-Style-Type
X-Request-Start
X-Qnm-Cache
X-MSEdge-Features
A
X-FL-QIT-DEBUG
X-FL-EDGE
Srvid
Locid
X-Varnish-Beresp-Status
Edge-Copy-Time
X-MSEdge-Flight
X-Shield-Cache-Expires
X-HostName
Tcn
Edge-Cache
Cache-Tv-Group
X-Cache-Date
X-APP-VERSION
CountryCode
HostName
X-WP-CF-Super-Cache-Cookies-Bypass
Cf-Ipcountry
X-Api-Version
X-Cdn-Request-ID
X-ATG-Version
X-FireWall-Port
Path
X-Moov-T
X-Contensis-Viewer-Groups
Cdnsip
Cdncip
X-TH-Server
X-Amz-Meta-Opti
X-AK-Request-ID
X-Moov-Xdn-Version
X-Cache-ASPX
X-Esi
X-Varnish-Authentication
X-NWS-UUID-VERIFY
X-LiteSpeed-Tag
X-Branch-Name
Tube-Get-Contents
X-Req
Click-Count-Action-Start
X-B3-Trace-ID
X-SB
X-Servedbyhost
X-Wa
Cache-Key
X-V-Cache
X-Aicache-OS
X-Nc
Tube-Return
Tube-Got-Eval
X-Acquia-Purge-Cdn-Unconfigured
Click-Count-Error
Tube-Got-Results
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-VCL-Version
X-Via-Popn
X-LB-ID
X-Via-Popv
X-Cache-FS-Status
X-Via-Poph
V-Age
XkeyRZ
MIME-Version
On-Server
X-Proxy-CacheRZ
X-TRACE-ID
Yak-Timeinfo
CDN
X-UA
X-CACHE-KEY
Wpo-Cache-Status
Wpo-Cache-Message
Proxy-Connection
X-Tim-N
X-Cdn-Forward
X-Ha-Backend
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Srv
X-Render-Time
Geoip-Latitude
X-Men
Ngx-Var-Key
X-Akamai-Pragma-Client-IP
X-Vary
X-Lb-Cache
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Acquia-Application-UUID
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
Lb
X-Platform-Server
X-HS-Content-Campaign-Id
My-App
Server-Id
X-User
X-Planisys-CDN-Cache
State
X-Air-Pt
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Priority
X-Generated-In
X-Fastly-Backend-Reqs
X-TT-LOGID
X-Release
X-CUA
CF-Cached-On
X-Lb-Nocache
Ohc-File-Size
Ohc-Cache-HIT
PICS-Label
X-Dw-Trace-Id
X-Via-Ucdn
X-Varnish-Director
Vha6-Origin
X-Fastly-Cache
X-EC-Lua
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Iplb-Request-Id
X-Provided-By
X-Iplb-Instance
Yjs-Id
X-Upstream-Ht
X-Upstream-Ct
Ngx
Warning
X-HS-Status
X-Cache-Remote
X-ElasticPress-Query
X-Litespeed-Cache-Control
X-Fastly-Country-Code
Log-Origin
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Lb-Id
X-CDN-Cache-Status
X-RAMCache
Cache
X-CF-Cache-Header-Cache-Control
X-Traceid
X-CF-Cache-Header-Vary
X-Sigma-Backend
X-Sigma
X-Udemy-Cache-App-Namespace
Inserted-Into-Cache-At
Cneonction
X-Miniprofiler-Ids
X-Rocket-Build-Number
CACHE-MISS-TO-ORIGIN
X-Snapshot-Date
X-Fastly-Cache-Hits
X-Cached-Since