Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
X-Ua-Compatible
Access-Control-Max-Age
X-Request-ID
X-Dns-Prefetch-Control
X-Via
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
P3p
X-Backend
X-Amz-Id-2
X-Proxy-Cache
X-Ws-Request-Id
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Akamai-Path-Stats
X-Rq
EagleId
X-Vhost
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
Cf-Edge-Cache
X-LiteSpeed-Cache
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Pingback
X-Server-Id
X-Cache-Spec
Request-Id
Surrogate-Control
Cf-Railgun
X-Akam-SW-Version
X-Backend-Server
Accept-CH
X-Readtime
X-Cache-Lookup
X-Response-Time
X-HW
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-Content-Security-Policy-Report-Only
Content-Location
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Country
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
X-Edge
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-MS-InvokeApp
Edge-Control
X-Ruxit-JS-Agent
X-Vname
X-TtlSet
X-PC
X-B3-TraceId
Accept-Ch
X-Content-Type
X-ESI
X-Vcap-Request-Id
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
Xkey
X-Varnish-TTL
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-Amz-Rid
X-Cdn-Fetch
X-Kinja
X-D2id
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-VARITI-CCR
X-CST
X-Mcache
Verso
X-GitHub-Request-Id
Cache-Tag
RTSS
X-Powered-By-Plesk
X-FastCGI-Cache
X-ECACHE
X-Oneagent-Js-Injection
X-Cached
Service-Worker-Allowed
X-Upstream
X-Client-IP
X-Navigation-Version
X-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Ruxit-Js-Agent
X-Px
X-Cnection
X-Ac
Public-Key-Pins
X-Ser
Arr-Disable-Session-Affinity
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
SPRequestGuid
X-SharePointHealthScore
X-Element-Page-Cache
X-Middleton-Display
Display
X-Sol
Pagespeed
X-Server-Name
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-Country-Code
X-NWS-LOG-UUID
X-RateLimit-Remaining
X-Midtier
X-Cache-Key
X-NF-Request-ID
Response
Permissions-Policy
X-Middleton-Response
X-Edge-Location-Klb
X-Goog-Hash
X-Kinsta-Cache
X-Ttl
X-Forwarded-For
Content-MD5
Access-Control-Request-Method
X-DataDome
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
Front-End-Https
X-MSEdge-Ref
X-Powered-CMS
X-Correlation-Id
Edge-Cache-Tag
X-Recruiting
X-T
AR-Request-ID
AR-CACHE
AR-SID
AR-ATIME
AR-PoweredBy
Nginx-Cache
X-HP-Trace-Id
TP-L2-Cache
X-HP-Webp
X-Jurisdiction
TP-Cache
X-RateLimit-Limit
X-Accel-Expires
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
TCN
X-Daa-Tunnel
MicrosoftSharePointTeamServices
X-Grace
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Litespeed-Cache
X-Id
X-Mg-S
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Hits
X-TEC-API-ROOT
X-TTL
X-Content-Digest
Filters
X-Request-Processing-Time
X-Request-Received
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
Server-Node
X-LLID
X-Frontend
S
Server-Name
X-Amzn-Trace-Id
X-Distributor
Cache-Status
X-Protected-By
MS-Author-Via
X-Geo-Country
Fastcgi-Cache
X-PressLabs-Stats
X-Fastly-Request-Id
X-Language
X-LB-Cache
X-Request-Handler-Origin-Region
X-Microsite
Cross-Origin-Opener-Policy
X-Origin-Server
X-Ezoic-Cdn
X-B3-Sampled
Host
X-Seen-By
Charset
X-F-Cache
X-FB-Debug
X-Forwarded-Proto
X-Page-Id
X-Ua-Browser
X-Git-Hash
X-Ab
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
Filterid
Payment
Count-Hit
X-ASPNET-VERSION
Realpath
X-Fastcgi-Cache
X-Ratelimit-Reset
X-Cache-Age
X-VCache
X-Cluster-Name
Cf-Apo-Via
X-Erf-Bev-Bev-Is-Generated
Accept-Charset
X-Erf-Bev-Bev
X-Browser-Type
X-Origin-Cache
Surrogate-Key
Cache-Tags
Alternate-Protocol
X-DynaTrace
X-NGENIX-Cache
X-Rid
X-Webkit-Csp
Retry-After
X-Activity-Id
X-Az
X-AppVersion
X-Template
Cleartype
X-Www-Served-By
Access-Control-Allow-Method
X-Is-Crawler
X-Flags
X-Route-Name
X-Node-Name
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Request-Guid
X-Varnish-Backend
X-App-Environment
X-Amz-Replication-Status
X-Upgrade-Enabled
X-Wix-Request-Id
X-Varnish-Grace
X-Type
X-Tb
X-TT
X-DIS-Request-ID
X-B-Cache
X-Debug
X-B
X-Content
X-Signature
X-Proxy
X-Logged-In
X-Drupal-Cache-Tags
Paypal-Debug-Id
DC
ServerID
Frame-Options
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Envoy-Decorator-Operation
X-Hostname
X-Server-ID
X-Source
X-Content-Options
X-Mobile
X-Load-Cache
X-Revision
Pinterest-Generated-By
X-Goog-Stored-Content-Length
Pinterest-Version
X-Goog-Generation
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Pinterest-Rid
X-Goog-Metageneration
X-Fastly-Request-ID
Amp-Access-Control-Allow-Source-Origin
X-N
X-Cache-Control
X-Contextid
Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Magnolia-Registration
Referer-Policy
X-Cache-Rule
X-Whom
X-User-Agent
X-EdgeConnect-Cache-Status
Viewport
X-Ratelimit-Remaining
X-Response-Served-From
X-Original-Request-Id
Node
Refresh
X-Restarts
Content-Disposition
NGB
X-Varnish-Age
X-Debug-IsConnected
X-Page-View
X-Framework
X-Cacheable-TTL
X-L-Path
Access-Control-Request-Headers
X-Environment-Context
X-Cache-TTL-Remaining
X-Debug-IsPreview
X-Adobe-Content
Url
Uber-Trace-Id
Akamai-GRN
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Akamai-Request-ID2
X-Adobe-Loc
X-Cache-Time
X-G
X-Servername
X-NYM-Debug-Backend
X-Mid
X-Unique-Id
X-Varnish-Server
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Mg-Request-UUID
X-Real-IP
X-Jobs
X-Instance
X-Status
X-Is-Bot
X-Rendered-As
X-Cache-Grace
X-Drupal-Cache-Contexts
Version
X-Content-Powered-By
Countrycode
X-Webkit-CSP
X-COUNTRY
X-RemovedCookies
X-ProcessESI
X-App-Server
X-Debug-Info
X-Http-Reason
X-XRDS-LOCATION
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-CDN-Forward
Srv
Protected
X-Time
X-APP-VERSION
X-IPLB-Request-ID
X-IPLB-Instance
X-Hosted-By
Accept-Language
X-Ratelimit-Limit
X-Tt-Logid
X-Cache-Expired-At
X-Nginx-Cache-Key
Healthy
X-Trace-Id
X-Via-JSL
Fastcgi-Useragent
Liferay-Portal
X-Device-Type
X-FW-Static
X-Tumblr-Pixel
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-Tumblr-Pixel-0
X-Cache-Hit
X-FW-Serve
X-Tumblr-User
X-Tumblr-Pixel-1
X-FW-Type
X-Azure-Ref
Section-Io-Cache
Ms-Operation-Id
X-UUID
MS-CV
X-RTag
X-Backend-Name
Backend
X-Cache-NGX
X-Cache-Operation
X-Proxy-Cache-Status
Server-Info
X-Mobile-URL
Load-Balancing
X-RN-RSRV
Content-Secure-Policy
Meta-Geo
X-UPSTREAM-Address
X-Storage
CF-IPCountry
X-Mode
X-Handled-By
X-Datadome
X-Sql-Count
X-Sql-Duration-Ms
X-HTML-Minification-Powered-By
X-Content-Age
TWC-Locale-Group
X-Storefront-Renderer-Rendered
TWC-GeoIP-LatLong
X-Skip-Cache
X-Urbn-Context-Path
S-Rt
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-CachedAt
CDN-Cache
Azure-SlotName
Azure-Version
CDN-RequestId
CDN-Uid
TWC-Privacy
TWC-Connection-Speed
Property-Id
Onion-Location
Eomportal-Instance
Locale
TWC-Device-Class
Webcakes-Region
X-SayCDN-TTL
X-VWS-Id
X-AWS-Id
Azure-SiteName
X-Alternate-Cache-Key
X-Akamai-Edgescape
X-Server-W
X-Section
X-Access
X-Adobe-Source
X-Say-TTL
X-Say-Cacheable
X-Region
X-Redis-Cache
X-Format
X-Cms-Context
X-Proto
X-Forwarded-Host
X-Cache-Enabled
X-Urbn-Site-Id
X-Cache-Server
X-ShardId
X-PHP-Host
X-Varnish-Cache-Hits
X-Sorting-Hat-PodId
X-Edge-Location
X-LJ-Flow-ID
X-Site-Version
X-Uri
X-Sorting-Hat-ShopId
X-No-Session
Webcakes-App-Version
X-Locale
X-Varnish-Hostname
X-Labrador-Cache-Channel
X-ShopId
X-PCL
WP-Super-Cache
X-PHP-Backend
X-Shopify-Stage
X-Origin-Hint
X-OCL
X-Origin-Date
X-Varnishpool
Webcakes-App-Name
TWC-GeoIP-Country
X-URL
GEO-INFO
X-Zen-Fury
Azure-RegionName
Azure-InstanceId
X-Generated-By
X-FB-TRIP-ID
X-Generation-Time
X-Extlb
X-GeoCode
X-Cache-Type
X-BYPASS-REASON
Web-Mar-Node
X-Cache-Host
X-GeoCountry
X-Debug-Cache
X-Detected-As
X-Proxy-Build
X-VC-Cache
X-UA-Device-Type
X-Via-Fastly
X-Xfnlog-Site
X-Zipkin-Id
X-Timing-Wait
X-ServerID
X-ProxyCache-Key
X-Proxied
X-ProxyCache-Status
X-Request-Time
X-Routing-Service
X-Hl-Ver
X-Web-Node
DB-Nickname
Selected-Fe
Mn-Server-Ip
Apigw-Requestid
X-Correlation-ID
X-Cache-Status-Check
X-Varnish-Beresp-Grace
X-Tid
X-Cache-Action
X-Rule
X-Nginx-Cache
ServedBy
X-JoinUs
X-SaId
X-R9-Blue-Green-Version
X-ECache
X-LSADC-Cache
X-DynaTrace-JS-Agent
X-Ms-Version
Cache-Name
X-Ms-Request-Id
X-SRV
Cross-Origin-Resource-Policy
X-Ua
Cache
X-Human
X-FireWall-Port
X-Cache-Tags
Xet-Cookie
SD-X-WS
X-WP-CF-Super-Cache-Cache-Control
X-Cached-By
X-Amzn-RequestId
X-App-Version
X-WP-CF-Super-Cache
X-Dc
X-Amz-Apigw-Id
Source
Xserver
LB
Cross-Origin-Window-Policy
X-RCS-CacheZone
X-Aspnetmvc-Version
X-TNCMS
WPO-Cache-Message
X-Loop
X-Varnish-Hits
X-Cdn
X-Via-NSCOPI
X-GEO
WPO-Cache-Status
X-MP-GENERATED-AT
Origin
X-Reqid
X-GG-Cache-Date
X-Origin-TTL
X-Origin-CC
X-IPS-LoggedIn
X-Amzn-Remapped-Content-Length
X-Soup
X-Pubstack
X-NewRelic-App-Data
X-TA-CDN-Provider
X-AOL-HN
X-B3-SpanId
Cache-Hits
X-Api-Version
X-Tumblr-Pixel-2
X-FW-Version
From-Origin
Rip
Webserver
X-Platform-Server
X-Service
X-Newrelic-Synthetics
X-Vgn-Hpd-Reason
X-Cluster-Node
X-Request-Host
Upgrade-Insecure-Requests
X-B3-Traceid
X-PBS-Appsvrname
X-AK-Request-ID
X-Connection-Hash
Meta-Geo-Continent
MD5-Digest
X-NAPM-TraceId
X-Bc-Bl
X-B-Cookie
Host-ID
X-BCube-Filmed-By
X-Cache-NE
X-Provided-By
Expiry
X-Orig-Expires
Xc-Version
Surrogated-Key
X-Owner
X-Application
X-ARC
Lang
Environment
X-A
Rendered-Blocks
BehaviorPad-Version
X-D
X-SRCache-Key
X-Ec-Fail
Redirect-Candidate
X-Shop-Environment
DCR-Processing-Time-Ms
X-Ec-GeoHdr
X-VG-WebCache
X-Vdms-Version
X-Tenant
X-Destination
Sslversion
T-Server
X-Vdms-Path
X-Developer
X-User
Cdncip
Cdnsip
X-TIM-N
X-External-Request-Id
DCR-Decision-By
X-A-Dcw
X-Rewrite-Enabled
X-A-Dam
X-Served-From
X-Rojux
X-A-Dgt
Odigeo-Trace-Id
X-Processor
X-Forwarded-Path
X-Aed
Ngx.Var.Host
X-A-Wwc
X-Accel-Buffering
X-A-Ccd
X-ScT
X-Origin-Response-Time
X-S
X-S-Cookie
A
Fastly-SSL
X-TIME
OT-Force-Account-Verify
HostName
X-Varnish-Beresp-Ttl
X-Cluster
X-CSRF-Token
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
Candidate-Md5Url
X-Generated-On
X-Forwarded-Site
X-Dispatcher-Number
Mobile-Detection-Method
X-Wix-Viewer-Type
X-VC
Machine
X-Aicache-OS
X-Qloud-Router
X-Thanos
X-Session-Fingerprint
X-Bip
X-Pool
X-Irp-Debug
X-Level-Front-Cache
X-Csrf-Jwt
Tube-Get-Contents
Tube-Got-Eval
Tube-Return
V-Age
X-Core-Value
Traceparent
Tube-Got-Results
Thinkindot-Control
Thinkindot-CacheControl
TDXMobile
X-Datadog-Trace-Id
Thinkindot-CacheControl-Type
X-CacheTTL
Vix-Hermes-Req-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Wxu-Next-Hostname
X-Clara-WADP
X-Cache-Bucket
X-Clientip
X-Branch-Name
X-Auto-Login
X-Ckpd-Fst-Backend
X-BBC-Edge-Cache-Status
X-Cache-Id
X-Core-Mission
Wxu-Next-Region
X-CGP
X-Ad-Defer-Variation
X-Cdn-Srv
X-DefElseHash
X-Cache-Info
X-Cdn-Origin
X-Mvc-Supplant-Cachable
X-Request-URI
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Rocket-Build-Number
X-Rocket-Nginx-Serving-Static
X-WA-Info
X-WADP-Cache
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Planisys-CDN-Cache
X-Parent-Response-Time
X-Worker
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-RateLimit-Limit-Second
X-Policy
X-S-Maxage
X-SB
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-V-Cache
X-Variation
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-SplitTest
X-Sn-Servicetimems
X-Sigma-Backend
X-Sigma
X-Scale
X-VServer
X-SIPLIST1
X-Slack-Backend
X-VG-TLSProxy
X-Origin-Time
X-Origin-Expires
X-Gateway-Cache-Key
X-Gamma-Serve
X-Fmm-Version
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gdpr
X-Gateway-Skip-Cache
X-Fetched-On
X-Fastly-Cache
X-DPWN-IS-SECURE
X-Device-Os
X-Developers
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-Eu-Site
X-Esi-Check
X-Geo-Header
X-GeoIP
X-Mvc-Supplant-OutputCached
X-Varnish-Remaining-TTL
X-Minions-Version
X-NodeID
X-Nyt-Route
X-Origin
X-Optimistic-Header
X-Loc
X-JWT-State
X-Has-Esi
X-Gzip
X-GeoIP-City
X-Hash
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-INCAP-ABP
X-DefHash
Wxu-Next-Commit
Ha-Gx-Prefs
HA-Ipaddr
Gh-Request-Id
Fastly-SWR
Fastly-GeoIP-CountryCode
Fastly-SIE
Is-Eu
IsBot
Memcached
NGX
L5d-Success-Class
L
Kp-EeAlive
Fastly-Backend-Name
DSUID
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
State
X-NWS-UUID-VERIFY
Adler-Geo
Cache-Host
Cache-Tv-Group
Cmstype
Country-Code
Cmsid
Click-Count-Error
Click-Count-Action-Start
NM-Fastcgi-Cache
Apple-News-Services-Handled
Server-Host
Release
Origin-CC
Origin-EX
Servername
Producers
Req-Svc-Chain
Platform
X-Cache-Remote
Mime-Version
X-Tx-Id
X-Xrds-Location
X-Hnp-Log
User-Cache-Control
CPC-Age
Datacenter
CPC-Cache
CDCHOST
X-Viewer-Country
Sever-Int
AKAMAI
Server-Hostname
X-Gen-Mode
CloudFront-Viewer-Country
Server-Ext
Cluster
Fastcgi-Cache-TTL
Svr
We-Hiring
VNS-Cache
Web-Mar-Region
X-Pod-Name
X-Proxy-Cache-Info
Mail-Subject
X-Scheme
X-NCache
X-Block-Status
VNS-Age
X-Varnish-Beresp-Status
X-Varnish-Ttl
X-LB-NoCache
X-Udemy-Cache-App-Namespace
WebServer
Ec-Rule-Version
X-Ig-Push-State
Ssr
X-CMSURLCustom
X-ZONE
SID
Canary
Pics-Label
X-Cache-Date
X-Microcachable
X-Tb-Optimization-Total-Bytes-Saved
X-Yandex-Sdch-Disable
X-Conf
X-Sucuri-Cache
Sid
X-Cache-Debug
X-Via-Popn
X-Via-Poph
X-Generated-In
Fastly-Drupal-Html
X-Via-Popv
X-ATG-Version
X-Fastly-Backend
X-WP-CF-Super-Cache-Active
X-Azure-Ref-OriginShield
X-ND-Cache
X-Var-Ttl
X-FC-Vary-Parameters
Memory
X-Sucuri-ID
Time
X-Presslabs-Stats
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
AMP-Access-Control-Allow-Source-Origin
X-Newrelic-App-Data
X-Edge-Pop
X-Servedbyhost
X-TRACE-ID
Server-ID
X-Refresh
X-Dmc
X-Be
X-Akamai-Transformed
X-MSEdge-Features
X-MSEdge-Flight
Env
X-RateLimit-Reset
X-Trace-ID
X-Air-Trace-Id
X-Release
X-CS
X-Air-Hostname
X-Fpc
X-NC
Fastly-Drupal-HTML
X-Air-Source
X-Buckets
X-Cs
X-DC
X-Esi
X-PX
X-Wikidot-Static-Cache
X-ID
Magicmarker
X-Wikidot-Backend
X-MCACHE
X-Endurance-Cache-Level
X-Zone
X-EC-Lua
CDN
X-Up
X-Pass-Why
GeoIp-Country-Code
X-Tumblr-Pixel-3
X-Srv
X-CACHE-AGE
X-TX-ID
X-Hyper-Cache
X-CF-Lambda-Fn
X-Wa
True-Client-IP
X-CF-Lambda-Version
X-Dispatch
X-VCL-Version
My-App
X-NGINX-Cache
X-Webkit-CSP-Report-Only
Pramga
X-Lambda-Id
X-Nf-Request-Id
X-App
X-M-Reqid
X-M-Log
X-Micro-Cache
X-CACHE-KEY
X-Vc
Hostname
X-Alfa-Service
X-Qnm-Cache
C-Via
X-CSRF-TOKEN
X-TrackingId
X-Req
X-Varnish-Beresp-TTL
N-Cache
X-Edge-Origin-Shield-Region
Resin-Trace
X-PAYTM-SRV-ID
X-Air-Pt
X-Vcl-Version
Fastcgi-X-Cache-Version
True-Client-Ip
X-Edge-Origin-Shield-Bytes
X-Platform
On-Server
Path
X-TH-Server
X-Vercel-Cache
GeoIP-Country-Code
X-HS-Status
Esi-Enabled
X-Vercel-Id
X-Check-Cacheable
Tcn
CacheControlHeader
X-LB-ID
Tracecode
X-Akamai-Pragma-Client-IP
True-Client-Country-4JS
X-Vtex-Processado-Em
GeoIP-Latitude
X-AIR-PT
X-Vtex-Remote-Cache
X-B3-Spanid
X-ApacheServer
X-PERF
X-SERVER-NAME
NtCoent-Length
Proxy-Connection
X-Op-Id-All
X-LAGOON
X-API-Version
X-Node-Id
X-SD-PageType
X-Request-Start
Cdn
X-CLOUD-TRACE-CONTEXT
HIT
Hit
Cache-Key
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-FPC
DT-Hot-News
X-Webkit-Csp-Report-Only
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
ENV
X-Proxy-CacheRZ
X-GeoIP-Region-Code
XkeyRZ
X-Mly-Id
X-GeoIP-Country-Code
X-Datacenter
X-Via-CDN
X-Render-Time
DynaTrace
X-Geo
X-WA
X-Dw-Trace-Id
X-Date
X-Accel-Expires-Debug
YJS-ID
WWW-Authenticate
X-Proxy-Upstream
PFcat
X-Edge-POP
Lb
X-Via-Ucdn
X-VarnishDD-TTL
X-ServedByHost
X-Lb-Id
Server-Id
User-Agent
X-Traceid
X-HN
XM
X-Cdn-Forward
X-Via-PopH
X-Proxy-Cache-Hk
X-Via-PopN
X-Via-PopV
X-RAMCache
Server-Ttl
X-LiteSpeed-Cache-Control
Dnion-Transfer-Encoding
Geoip-Latitude
X-LI-Proto
X-Li-Pop
X-LI-UUID
X-Li-Fabric
X-FORWARDED-FOR
MIME-Version
X-CUA
X-Cache-Ttl
X-LiteSpeed-Tag
X-CF-Powered-By
Yjs-Id
X-TT-LOGID
SRV
X-Nc
FSS-Cache
X-DB
Vha6-Origin
M-TraceId
PICS-Label
X-Ftr-Request-Id
Location
XServer
X-Cache-Backend
Ohc-File-Size
X-DW
Nginx-CQVIP
X-Service-Response-Time
X-Instance-Name
X-Response-By
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Old-Content-Length
X-Fastly-Backend-Reqs
X-RPM
X-DSS
X-DI
X-RPS
X-RSL
Sm-Log-Id
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-UA
X-Litespeed-Cache-Control
X-Cdn-Request-ID
X-Akamai-Request-ID
X-IN-APIGATEWAYSSL
X-HostName
X-Fastly-Cache-Hits
X-B3-ParentSpanId
Powered-By
X-Request-Url
X-Httpd
X-IN-APIGATEWAY
Wpo-Cache-Status
Wpo-Cache-Message
X-HA-Backend
X-Lb-Nocache
X-Cc-Via
CountryCode
Warning
X-Cache-Ngx
X-Webstats-RespID
Locid
X-Mg-Cache
X-FL-EDGE
X-Sucuri-Id
X-Moov-T
X-Location
X-From
Srvid
X-Serial
Uri
Ohc-Cache-HIT
X-Moov-Xdn-Version
Fastcgi-Cache-Ttl
Req-ID
X-Snapshot-Date
X-MiniProfiler-Ids
X-Server-IP
WZWS-RAY