Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
CF-Ray
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-DNS-Prefetch-Control
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
X-Dns-Prefetch-Control
Content-Encoding
X-XSS-PROTECTION
Access-Control-Expose-Headers
Server-Timing
Upgrade
X-CDN
Status
X-Request-ID
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Cache-Group
X-Robots-Tag
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Hacker
X-Proxy-Cache
X-UA-Device
X-Server
X-Rq
X-Vhost
X-Server-Powered-By
Allow
X-Age
X-Varnish-Cache
X-Ws-Request-Id
X-Dispatcher
X-Amz-Version-Id
EagleId
P3p
Nel
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
Cf-Railgun
X-Device
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Pingback
Ali-Swift-Global-Savetime
X-Host
X-Node
Accept-CH
X-WebKit-CSP
X-CST
X-Backend-Server
Surrogate-Control
X-Cache-Lookup
X-Server-Id
X-Nginx-Cache-Status
X-Readtime
Permissions-Policy
X-Akam-SW-Version
X-Nginx-Upstream-Cache-Status
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
X-Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Ua-Compatible
X-Trace
X-Response-Time
X-HW
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Xkey
Rating
X-Midtier
X-Ruxit-JS-Agent
X-ESI
X-Url
X-Amz-Server-Side-Encryption
X-ECACHE
Accept-Ch-Lifetime
X-Mcache
X-Upstream
X-Ruxit-Js-Agent
X-Litespeed-Cache
X-Vcap-Request-Id
Accept-Ch
X-Country
X-D2id
Cache-Tag
X-MS-InvokeApp
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Element-Page-Cache
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
Verso
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Rack-Cache
X-TtlSet
X-Powered-By-Plesk
X-PC
X-Vname
Edge-Control
X-WebKit-CSP-Report-Only
RTSS
X-Cache-TTL
X-Oneagent-Js-Injection
Fastly-Restarts
X-Ac
X-VARITI-CCR
Origin-Trial
X-Navigation-Version
X-Abt-Application-Version
X-Country-Code
Service-Worker-Allowed
X-Goog-Hash
X-Cached
X-Varnish-TTL
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Browser-Type
X-Amz-Rid
X-GitHub-Request-Id
X-Ttl
Cross-Origin-Opener-Policy
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Server-Name
X-Content-Type
X-Mg-S
X-B3-TraceId
X-Amzn-Trace-Id
X-Powered-CMS
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Middleton-Response
Arr-Disable-Session-Affinity
Response
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-Kinja-CCPA
X-NF-Request-ID
SPRequestDuration
SPIisLatency
X-Cache-Key
X-Webkit-CSP
X-Times
X-NWS-LOG-UUID
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Version
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
AR-CACHE
X-SRCache-Fetch-Status
X-HP-Webp
X-Jurisdiction
X-SRCache-Store-Status
X-HP-Trace-Id
X-Accel-Expires
X-T
Cache-Tags
X-Server-ID
X-Cnection
Cache-Status
Front-End-Https
X-Aspnetmvc-Version
X-Fastly-Request-ID
Nginx-Cache
Edge-Cache-Tag
X-MSEdge-Ref
X-Hits
X-Ser
X-B3-Traceid
X-Client-IP
X-Px
X-RateLimit-Remaining
Public-Key-Pins
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Fastcgi-Cache
X-FastCGI-Cache
X-Recruiting
Payment
X-LLID
X-Frontend
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Ua-Browser
X-RateLimit-Limit
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Shield-Request-Id
X-DIS-Request-ID
S
TP-Cache
X-Goog-Metageneration
X-GUploader-UploadID
MicrosoftSharePointTeamServices
Access-Control-Request-Method
X-Amzn-RequestId
Content-MD5
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-Amz-Apigw-Id
X-HS-Content-Id
X-Content-Digest
X-Request-Handler-Origin-Region
X-Distributor
X-Microsite
X-Protected-By
X-LB-Cache
TP-L2-Cache
Access-Control-Allow-Method
X-Page-Id
Realpath
X-FB-Debug
Fastcgi-Cache
Accept-Charset
X-Geo-Country
X-Cluster-Name
X-Ezoic-Cdn
X-Rid
X-Forwarded-For
X-PressLabs-Stats
X-Hostname
X-Webkit-Csp
X-Ratelimit-Remaining
X-Aspnet-Version
X-B3-Sampled
X-Ua-Device
X-Seen-By
X-Correlation-Id
X-TTL
Cleartype
Referer-Policy
X-TEC-API-ORIGIN
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Daa-Tunnel
X-TEC-API-ROOT
X-Goog-Storage-Class
X-TEC-API-VERSION
X-Envoy-Decorator-Operation
X-Newrelic-App-Data
Cross-Origin-Resource-Policy
TCN
X-Ratelimit-Limit
DC
X-Mobile
X-Content-Options
Count-Hit
X-Varnish-Backend
X-Debug-Info
X-Logged-In
X-Origin-Cache
X-Varnish-Grace
X-App-Server
X-XRDS-Location
X-Contextid
X-Amz-Replication-Status
X-Is-Crawler
X-IPS-LoggedIn
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Revision
X-Hosted-By
X-Grace
X-App-Environment
X-Flags
Surrogate-Key
X-Aspnet-Duration-Ms
X-Fb-Rlafr
X-Git-Hash
X-Azure-Ref
Frame-Options
X-TT
X-Client-Ip
X-Amz-Meta-S3cmd-Attrs
X-Origin-Server
X-Kinsta-Cache
X-Forwarded-Proto
X-Edge-Location-Klb
Retry-After
X-Wix-Request-Id
Alternate-Protocol
WPO-Cache-Message
X-Whom
WPO-Cache-Status
X-F-Cache
Healthy
Charset
X-Magnolia-Registration
X-Akamai-Edgescape
Viewport
X-Backend-Name
X-RateLimit-Reset
Section-Io-Cache
X-COUNTRY
MS-Author-Via
X-Id
X-B
X-Proxy-Cache-Info
Paypal-Debug-Id
X-Webkit-CSP-Report-Only
X-App-Version
ServerID
SRV
X-Az
X-AppVersion
X-Activity-Id
Amp-Access-Control-Allow-Source-Origin
X-Language
X-N
X-Cache-Rule
Akamai-GRN
X-Rule
X-Response-Served-From
VIX-Pulpo-Node
SD-X-WS
VIX-Pulpo-Upstream-Status
X-Http-Reason
X-ARC
Host
X-Instance
X-Original-Request-Id
X-UUID
X-Cache-Grace
X-Varnish-Age
X-Rocket-Nginx-Serving-Static
X-Edge-Location
X-Status
Filterid
X-Www-Served-By
X-User-Agent
X-Akamai-Request-ID2
Protected
Front
Country
X-Load-Cache
From-Origin
Fastly-SWR
Fastly-SIE
X-FW-Dynamic
X-FW-Version
X-FW-Type
X-Is-Bot
X-Jobs
X-Page-View
X-L-Path
X-FW-Static
X-Unique-Id
X-Region
X-Environment-Context
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Rendered-As
X-Varnish-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Type
X-DataDome
Server-Name
X-Adobe-Content
X-Framework
X-Cacheable-TTL
X-Cache-Time
X-Adobe-Loc
X-EdgeConnect-Cache-Status
Access-Control-Request-Headers
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cache-Control
X-G
X-Time
X-Trace-Id
X-RemovedCookies
X-ProcessESI
X-Proxy
X-Yottaa-Optimizations
X-Vcache
X-Yottaa-Metrics
X-Cache-Age
Refresh
X-Datadog-Sampled
X-ECache
X-Amzn-Remapped-Content-Length
X-CDN-Forward
X-Mg-Request-UUID
X-Source
X-Debug-IsPreview
X-Debug-IsConnected
X-Oracle-Dms-Ecid
Content-Disposition
X-Signature
X-Drupal-Cache-Tags
X-Oracle-Dms-Rid
X-B-Cache
X-Erf-Web-Scheduler
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Backend
Accept-Language
Xet-Cookie
Version
X-Generated-By
Countrycode
X-Xrds-Location
X-HTML-Minification-Powered-By
X-DynaTrace
CF-IPCountry
X-DynaTrace-JS-Agent
X-Httpd
Webserver
X-Servername
X-Nginx-Cache
X-Mode
Url
X-Upgrade-Enabled
X-Tt-Trace-Host
X-Tt-Trace-Tag
Xserver
GEO-INFO
X-ID
X-Device-Type
X-NYM-Debug-Backend
X-Content-Age
X-Template
X-Storage
X-ServerID
X-Cache-Action
S-Rt
X-Tb
Locale
X-Proto
X-LAGOON
X-GeoCode
Fastcgi-Useragent
X-Director
Azure-SiteName
Load-Balancing
X-Cache-Operation
Filters
Azure-RegionName
X-GeoCountry
X-Content-Powered-By
X-Varnish-Cache-Hits
X-JoinUs
X-Urbn-Context-Path
X-URL
Onion-Location
Azure-SlotName
X-Urbn-Site-Id
X-XRDS-LOCATION
Azure-InstanceId
Azure-Version
X-Rewrite-Enabled
Meta-Geo
X-UPSTREAM-Address
X-Say-TTL
X-SayCDN-TTL
X-SaId
X-Say-Cacheable
X-Cluster-Node
X-VC-Cache
X-Container-Uri
X-PHP-Host
X-MCACHE
X-Git-Commit
X-Forwarded-Host
X-RM-Cache-TTL
OT-Force-Account-Verify
X-Labrador-Cache-Channel
X-Varnish-Hostname
Uber-Trace-Id
X-Generation-Time
X-Adobe-Source
Web-Mar-Node
X-LSADC-Cache
X-Logging-Id
X-Ms-Request-Id
X-Cache-Server
X-Ms-Version
X-Tt-Logid
X-VCT
X-Sql-Count
X-Sql-Duration-Ms
X-Soup
X-Detected-As
X-RCS-CacheZone
Node
X-R9-Blue-Green-Version
X-Routing-Service
X-Zipkin-Id
X-Served-From
X-Sucuri-ID
X-Proxied
X-Zen-Fury
X-Sucuri-Cache
Mn-Server-Ip
TWC-Connection-Speed
X-Extlb
X-FB-TRIP-ID
Webcakes-App-Name
Webcakes-App-Version
X-Debug
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
X-Origin-Hint
TWC-GeoIP-Country
X-Skip-Cache
X-Lambda-Id
Property-Id
TWC-GeoIP-LatLong
DB-Nickname
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Proxy-Build
Selected-Fe
X-Timing-Wait
X-Format
X-Fetched-On
X-Uri
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-B3-SpanId
X-Drupal-Cache-Contexts
CDN-RequestId
X-Tncms
X-Loop
X-Rn-Rsrv
Liferay-Portal
X-CCDN-CacheTTL
X-Cache-Hit
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Source
X-Endurance-Cache-Level
X-Fastly-Request-Id
X-Nf-Request-Id
X-Ua
X-Redis-Cache
Cross-Origin-Window-Policy
X-Varnish-Ttl
X-MP-GENERATED-AT
X-Origin-Date
X-Srv
Fastly-Drupal-HTML
X-TimeS
X-Varnish-Hits
X-Ratelimit-Reset
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Cache-Expired-At
X-Pass-Why
X-S
Upgrade-Insecure-Requests
X-Real-IP
Content-Secure-Policy
X-Cache-TTL-Remaining
X-UA-Device-Type
X-CACHE-AGE
X-Akamai-Transformed
X-Origin-CC
X-Origin-TTL
X-Newrelic-Synthetics
X-Node-Name
X-Pubstack
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
X-GEO
CDN-PullZone
CDN-RequestCountryCode
X-Server-W
X-Hl-Ver
X-Via-JSL
X-Presslabs-Stats
X-NGENIX-Cache
X-CSRF-Token
NGB
Cache-Provider
Ms-Operation-Id
X-Handled-By
MS-CV
X-RTag
X-IPLB-Request-ID
X-Restarts
X-Reqid
X-Cache-Type
X-Optimistic-Header
X-Xfnlog-Site
Apigw-Requestid
X-Cms-Context
WP-Super-Cache
X-IPLB-Instance
T-Server
W
VNS-Cache
VNS-Age
Vix-Hermes-Req-Id
True-Client-Country-4JS
Meta-Geo-Continent
Fastly-SSL
Fastly-GeoIP-CountryCode
Gannett-Cam-Experience-Id
Gh-Request-Id
HA-Ipaddr
Ha-Gx-Prefs
Fastly-Backend-Name
DCR-Decision-By
X-Tenant
BehaviorPad-Version
Canary
Candidate-Md5Url
CPC-Cache
CPC-Age
X-SRCache-Key
L
Origin-Agent-Cluster
Odigeo-Trace-Id
Redirect-Candidate
Rendered-Blocks
Sslversion
Server-Host
Ngx.Var.Host
N-Cache
Lang
L5d-Success-Class
Magicmarker
Mail-Subject
We-Hiring
MD5-Digest
Surrogated-Key
X-Application
X-Developer
X-Destination
X-Rojux
X-S-Cookie
X-Ec-Custom-Error
X-Dispatcher-Number
X-Debug-Cache-Store
X-Request-Host
X-Conf
X-CGP
X-Csrf-Jwt
X-D
X-Debug-Cache-Fetch
X-Date
X-Ec-Fail
X-Ec-GeoHdr
X-Gdpr
X-Forwarded-Path
X-SD-PageType
X-GeoIP-Country-Code
X-ScT
X-GeoIP-Region-Code
X-FC-Vary-Parameters
X-Shop-Environment
X-JWT-State
X-Epic-Correlation-Id
X-Eu-Site
X-External-Request-Id
X-Fastly-Backend
X-Is-Gdpr
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-RateLimit-Limit-Second
X-Aed
X-App
X-Has-Esi
X-Origin-Time
X-RateLimit-Remaining-Second
X-Accel-Expires-Debug
X-Policy
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Dgt
X-B-Cookie
X-Bc-Bl
X-Nyt-Route
X-Cache-NE
X-Mvc-Supplant-Cachable
X-Slack-Backend
X-Cdn-Diag
X-CacheTTL
X-Cache-Info
X-Cache-Host
X-Bl-Debug
X-BCube-Filmed-By
X-Slack-Shared-Secret-Outcome
X-Orig-Expires
X-Cache-Bucket
Web-Mar-Region
DCR-Processing-Time-Ms
X-Wikidot-Backend
X-We-Are-Hiring
X-Wikidot-Static-Cache
X-Worker
Xc-Version
X-Var-Ttl
X-Vtex-Remote-Cache
X-Vdms-Version
X-VG-WebCache
X-Vdms-Path
ServedBy
X-Viewer-Country
X-AIR-PT
X-Parent-Response-Time
X-No-Session
X-Vcl-Version
Cache-Name
X-TIME
X-ProxyCache-Status
X-BYPASS-REASON
X-Tx-Id
X-ProxyCache-Key
TDXMobile
X-Irp-Debug
Thinkindot-CacheControl
X-INCAP-ABP
X-Vmg-Version
X-S-Maxage
X-Human
X-Sn-Servicetimems
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Mid
X-Mvc-Supplant-OutputCached
Release
Producers
Platform
Origin
X-Request-Time
X-DefHash
X-VServer
X-DPWN-IS-SECURE
X-Mly-Id
X-DefElseHash
X-Loc
X-WADP-Cache
X-Shopify-Stage
X-Fmm-Version
X-Cache-Id
X-Wix-Viewer-Type
X-Cache-Debug
X-ShardId
X-Cdn-Origin
X-Clientip
X-Clara-WADP
X-ShopId
X-Esi-Check
X-Core-Mission
X-Server-IP
X-Geo-Header
X-Alternate-Cache-Key
X-Gzip
X-Accel-Buffering
X-CMSURLCustom
X-ApacheServer
X-App-Name
X-BBC-Edge-Cache-Status
X-Auto-Login
X-Core-Value
X-Sorting-Hat-PodId
X-Hash
Req-Svc-Chain
X-Refresh
Environment
X-Pool
X-Varnish-CookieHashed-On
Datacenter
Expect-Staple
X-Varnish-CookieINHashed-On
X-Org
X-PAYTM-SRV-ID
X-PERF
X-Varnish-Remaining-TTL
X-Variation
Cmstype
AKAMAI
X-Thinkindot-L3
Adler-Geo
X-Qloud-Router
X-Test
X-Platform
X-SVT-ORM-VERSION
Cmsid
Cf-Device-Type
X-SVT-ORM-RULES
X-Up
Host-ID
X-Storefront-Renderer-Rendered
X-Node-Id
X-NodeID
X-Sorting-Hat-ShopId
X-Old-Content-Length
Memcached
X-Varnishpool
Is-Eu
Machine
X-Nitro-Cache
X-VG-TLSProxy
X-LJ-Flow-ID
User-Cache-Control
X-VWS-Id
Cache-Hits
X-Cluster
X-AWS-Id
Country-Code
X-Nananana
X-Forwarded-Site
X-Generated-On
X-Thanos
Server-Ext
Hostname
X-Block-Status
X-Bip
X-Cdn-Srv
Apple-News-Services-Request-Url
X-Gen-Mode
CDCHOST
X-From
Apple-News-Services-Parsed-Url
X-Level-Front-Cache
X-Hnp-Log
X-Akamai-Device-Characteristics
X-Owner
X-Origin-Response-Time
X-Origin
X-Device-Os
X-Dispatcher-Server
Apple-News-Services-Handled
X-Nginx-Cache-Key
Sever-Int
X-Datadome
X-GeoIP
DSUID
NM-Fastcgi-Cache
Server-Hostname
Apple-News-Services-Host
Esi-Enabled
X-WA-Info
X-Proxy-Cache-Status
X-PHP-Backend
C-Via
Origin-CC
X-Section
X-Cache-Status-Check
X-Scale
Wxu-Next-Commit
Ssr
X-Instance-Name
X-LB-NoCache
Time
Origin-EX
Wxu-Next-Hostname
X-Cache-Enabled
Memory
X-Access
Server-Info
Wxu-Next-Region
Pics-Label
CloudFront-Viewer-Country
AMP-Access-Control-Allow-Source-Origin
X-API-Version
X-Op-Id-All
X-NCache
X-CACHE-GROUP
X-Via-Fastly
X-Micro-Cache
X-TIM-N
X-Amz-Meta-Cb-Modifiedtime
NGX
Server-ID
X-B3-Spanid
X-Correlation-ID
X-HA-Backend
X-Dc
X-FTR-Request-ID
X-AB
X-Wp-Cf-Super-Cache-Active
X-Vgn-Hpd-Reason
X-Internal-Host
X-Air-Trace-Id
X-Air-Hostname
X-Tb-Optimization-Total-Bytes-Saved
X-Air-Source
X-ZONE
X-Geo-Region
X-Webkit-Csp-Report-Only
X-Varnish-Beresp-Grace
X-Cs
X-Azure-Ref-OriginShield
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Varnish-Beresp-Ttl
Location
X-Buckets
GeoIP-Latitude
X-SIPLIST1
IsBot
X-Zone
Cdn-Requestid
X-Accel-Version
X-DataCenter
X-Github-Request-Id
X-B3-Parentspanid
X-Fpc
X-Web-Node
X-Origin-Expires
Cache-Host
X-Microcachable
X-Backend-Instance
X-DC
X-TraceId
X-WP-CF-Super-Cache-Active
XM
X-Browser-Name
X-Is-Desktop
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Mobile
X-Tcp-Rtt
CF-Ctrl
X-VarnishDD-TTL
PFcat
YJS-ID
X-HN
Uri
X-Pod-Name
Resin-Trace
X-Info
X-TA-CDN-Provider
X-LiteSpeed-Cache-Control
Sid
User-Agent
X-Ad-Defer-Variation
X-Cached-By
Edge-Copy-Time
A
True-Client-Ip
X-Site-Version
X-NGINX-Cache
Locid
X-FL-QIT-DEBUG
X-FL-EDGE
X-Nitro-Cache-From
X-Nitro-Rev
Srvid
X-Via-SSL
X-Via-CDN
X-Locale
X-Via-Edge
X-Hyper-Cache
Epwk-X-Cache
X-CS
GeoIp-Country-Code
GeoIP-Country-Code
SID
X-VCache
X-ATG-Version
X-Moov-T
X-Moov-Xdn-Version
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-FireWall-Port
Cdn
XServer
X-Frame-Option
X-NewRelic-App-Data
X-CSRF-TOKEN
X-Service
True-Client-IP
X-Varnish-Authentication
X-Webstats-RespID
Cache-Key
X-MSEdge-Features
X-MSEdge-Flight
X-Geo
X-TRACE-ID
X-SRV
X-VC
X-Datacenter
X-Origin-Cache-Key
Path
NtCoent-Length
X-Upstream-Ct
X-Upstream-Ht
X-FPC
Fastly-Drupal-Html
LB
X-HostName
Tcn
X-Country-Code-Real
X-Planisys-CDN-TTL
X-FTR-Backend
X-FTR-Backend-Server
X-Vercel-Id
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Vercel-Cache
X-FTR-Cache-Status
Cdn-Request-Time
X-FTR-Balancer
State
X-HS-Content-Campaign-Id
X-Edge-Server
X-LiteSpeed-Tag
WebServer
X-FTR-Expires
X-Platform-Server
Cdn-Host
X-Api-Version
CountryCode
X-APP-VERSION
Cf-Ipcountry
WZWS-RAY
X-Esi
X-Amz-Meta-Opti
X-NMSegId
Req-ID
X-Air-Pt
M-TraceId
Cdncip
Cdnsip
X-AK-Request-ID
X-Pad
X-Release
X-Vgn-Hpd-Variations-Key
X-Fastly-Cache
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Cdn-Request-ID
X-Branch-Name
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Sigma-Backend
X-Cache-Remote
X-WP-CF-Super-Cache-Cookies-Bypass
X-Traceid
X-Sigma
X-Generated-In
Lb
X-Rocket-Build-Number
Cluster
X-Cache-Ttl
X-Ad-Load-Variation
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-NWS-UUID-VERIFY
Yak-Timeinfo
Content-Style-Type
Content-Script-Type
Pramga
X-Proxy-CacheRZ
XkeyRZ
X-M-Reqid
X-HS-Status
X-Request-Start
X-Scope-Id
X-M-Log
Cache
Proxy-Connection
X-UA
X-CACHE-KEY
CDN
X-Provided-By
X-GoCache-CacheStatus
X-Scheme
Geoip-Latitude
X-Qnm-Cache
X-Cdn-Forward
X-Gamma-Serve
X-Akamai-Pragma-Client-IP
Srv
X-Varnish-Beresp-Status
X-Shield-Cache-Expires
X-Tim-N
X-GeoIP-City
X-Lb-Cache
Edge-Cache
X-Cache-Date
X-Request-URI
X-Vc
CF-Cached-On
X-RN-RSRV
Ohc-File-Size
X-Ha-Backend
Server-Id
X-Cdn-Cache-Status
X-TT-LOGID
X-EC-Lua
X-Dw-Trace-Id
Env
X-Via-Ucdn
Ngx
X-Edge-POP
X-User
X-TH-Server
X-Render-Time
X-CUA
Inserted-Into-Cache-At
PICS-Label
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Lb-Nocache
X-Acquia-Application-Trace
HostName
Yjs-Id
X-B3-Trace-ID
X-Aicache-OS
Tube-Got-Eval
Tube-Got-Results
X-Wa
X-Acquia-Purge-Cdn-Unconfigured
V-Age
Tube-Return
X-Fastly-Backend-Reqs
X-Via-Popv
X-Servedbyhost
X-Via-Popn
X-Via-Poph
Tube-Get-Contents
X-SB
X-V-Cache
X-LB-ID
X-Nc
X-Req
X-Cache-FS-Status
X-CF-Cache-Header-Cache-Control
Kp-EeAlive
X-Fastly-Cache-Hits
X-Snapshot-Date
Cneonction
Log-Origin
X-RAMCache
X-Miniprofiler-Ids
CACHE-MISS-TO-ORIGIN
X-Litespeed-Cache-Control
X-ElasticPress-Query
Cache-Tv-Group
Click-Count-Action-Start
Click-Count-Error
X-Udemy-Cache-App-Namespace
X-CF-Cache-Header-Vary
X-Cached-Since
Vha6-Origin
X-VCL-Version
MIME-Version