Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
CF-RAY
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Dns-Prefetch-Control
X-Request-ID
X-Drupal-Dynamic-Cache
Feature-Policy
Server-Timing
X-Content-Security-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Request-Context
X-Turbo-Charged-By
X-Backend
X-Cache-Group
X-AH-Environment
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-UA-Device
X-Proxy-Cache
X-Vhost
X-Server
X-Rq
Allow
X-Server-Powered-By
X-Ws-Request-Id
X-Age
X-Dispatcher
X-Varnish-Cache
EagleId
X-Amz-Version-Id
X-LiteSpeed-Cache
P3p
Nel
Grace
Cf-Apo-Via
Cf-Railgun
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Node
Accept-CH
X-Cache-Lookup
X-CST
X-WebKit-CSP
X-Backend-Server
X-Server-Id
Surrogate-Control
X-Readtime
Permissions-Policy
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Request-Id
X-Application-Context
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Response-Time
X-HW
X-Ua-Compatible
X-Trace
Xkey
X-Ruxit-JS-Agent
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Rating
Accept-Ch-Lifetime
X-ESI
X-Midtier
X-Amz-Server-Side-Encryption
X-Url
X-ECACHE
X-Mcache
Cache-Tag
X-Country
X-MS-InvokeApp
X-Rack-Cache
X-Upstream
X-Powered-By-Plesk
X-D2id
X-Vcap-Request-Id
X-Exp-Id
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
Verso
X-Exp-Variant
X-Cdn-Fetch
X-Element-Page-Cache
Accept-Ch
Edge-Control
Service-Worker-Allowed
X-TtlSet
X-Vname
X-PC
RTSS
X-Oneagent-Js-Injection
X-Ac
X-Country-Code
Origin-Trial
X-Webkit-CSP
X-Goog-Hash
X-VARITI-CCR
X-Navigation-Version
Fastly-Restarts
X-Abt-Application-Version
X-Cache-TTL
X-Ruxit-Js-Agent
X-WebKit-CSP-Report-Only
X-GitHub-Request-Id
X-Varnish-TTL
X-Browser-Type
X-Amz-Rid
X-Cached
X-Kinja-CCPA
X-Litespeed-Cache
X-Aspnetmvc-Version
Cross-Origin-Opener-Policy
X-Middleton-Display
Display
X-Sol
Pagespeed
X-Server-Name
X-NWS-LOG-UUID
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-SharePointHealthScore
SPRequestGuid
X-Content-Type
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
SPRequestDuration
X-Times
SPIisLatency
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-Powered-CMS
AR-SID
AR-Request-ID
AR-PoweredBy
X-Cache-Key
AR-ATIME
X-Ttl
X-Pinterest-Rid
X-Mg-S
Pinterest-Generated-By
Pinterest-Version
X-B3-Traceid
Arr-Disable-Session-Affinity
X-Middleton-Response
Response
X-Client-IP
X-Fastly-Request-ID
X-Version
X-Cnection
X-Jurisdiction
X-Ser
X-HP-Trace-Id
X-HP-Webp
AR-CACHE
X-FastCGI-Cache
Nginx-Cache
Cache-Tags
X-Accel-Expires
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-T
Cache-Status
Edge-Cache-Tag
X-B3-TraceId
X-Hits
X-MSEdge-Ref
X-RateLimit-Remaining
Front-End-Https
X-Px
Public-Key-Pins
X-NF-Request-ID
X-Recruiting
Payment
S
X-LLID
X-Frontend
X-Ua-Browser
X-Shield-Request-Id
MRF-Tech
Server-Node
X-B3-TraceId-Primal
X-RateLimit-Limit
Mrf-Cache-Status
X-Request-Processing-Time
X-Request-Received
X-Server-ID
X-Daa-Tunnel
Content-MD5
X-Goog-Metageneration
X-GUploader-UploadID
X-TTL
X-DIS-Request-ID
Access-Control-Request-Method
MicrosoftSharePointTeamServices
X-PressLabs-Stats
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Content-Digest
TP-Cache
X-Webkit-CSP-Report-Only
Realpath
X-Protected-By
X-Forwarded-For
X-Microsite
X-Request-Handler-Origin-Region
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Distributor
Fastcgi-Cache
X-Fastcgi-Cache
Access-Control-Allow-Method
X-FB-Debug
X-Page-Id
X-LB-Cache
X-Cluster-Name
Accept-Charset
X-Rid
X-Ratelimit-Remaining
X-Geo-Country
TP-L2-Cache
X-Hostname
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-B3-Sampled
X-Goog-Storage-Class
X-Goog-Generation
X-Aspnet-Version
Count-Hit
X-Ua-Device
X-Ezoic-Cdn
X-Seen-By
Cross-Origin-Resource-Policy
Cleartype
TCN
X-Kinsta-Cache
X-Newrelic-App-Data
X-Edge-Location-Klb
X-App-Server
Referer-Policy
X-Xrds-Location
X-Varnish-Backend
X-Mobile
X-Logged-In
DC
X-Correlation-Id
X-Ratelimit-Limit
X-Content-Options
X-Id
X-Hosted-By
X-Git-Hash
X-Origin-Cache
X-Contextid
X-Fb-Rlafr
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Debug-Info
X-Aspnet-Duration-Ms
X-Route-Name
X-Amz-Replication-Status
X-Request-Guid
X-Revision
X-Grace
Surrogate-Key
X-TT
X-App-Environment
Retry-After
Frame-Options
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-IPS-LoggedIn
X-Varnish-Grace
X-Envoy-Decorator-Operation
X-F-Cache
X-Azure-Ref
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Section-Io-Cache
X-RateLimit-Reset
X-Magnolia-Registration
X-Wix-Request-Id
X-Whom
MS-Author-Via
Healthy
Alternate-Protocol
X-Origin-Server
X-Proxy-Cache-Info
Charset
X-Akamai-Edgescape
Viewport
X-App-Version
X-Nf-Request-Id
X-Www-Served-By
X-Backend-Name
X-COUNTRY
X-Language
X-Webkit-Csp
X-Az
X-Activity-Id
X-AppVersion
X-B
Filterid
Paypal-Debug-Id
X-Varnish-Server
SRV
WPO-Cache-Message
WPO-Cache-Status
Server-Name
X-Cache-Rule
X-Datadog-Trace-Id
X-Response-Served-From
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Host
X-Original-Request-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Http-Reason
SD-X-WS
Front
X-Rule
X-Edge-Location
X-Instance
X-Cache-Grace
X-Akamai-Request-ID2
Akamai-GRN
X-User-Agent
X-UUID
X-Varnish-Age
X-Page-View
X-Region
X-L-Path
X-Unique-Id
X-Status
X-Environment-Context
From-Origin
Country
X-Kong-Upstream-Latency
Protected
X-ARC
Amp-Access-Control-Allow-Source-Origin
X-Cacheable-TTL
X-Jobs
X-Kong-Proxy-Latency
X-Time
X-FW-Dynamic
X-FW-Hash
X-Framework
X-Adobe-Loc
X-Adobe-Content
X-FW-Server
Fastly-SWR
X-FW-Type
X-Rendered-As
X-Rocket-Nginx-Serving-Static
X-Is-Bot
X-EdgeConnect-Cache-Status
Fastly-SIE
X-FW-Version
X-FW-Static
X-FW-Serve
X-N
X-Vcache
X-Load-Cache
X-Tumblr-User
X-ProcessESI
X-RemovedCookies
X-Yottaa-Metrics
X-DataDome
ServerID
X-Yottaa-Optimizations
X-Cache-Time
X-Trace-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Client-Ip
X-Tumblr-Pixel-1
X-Type
X-G
Content-Disposition
X-Tec-Api-Origin
X-Tec-Api-Version
X-Proxy
X-Tec-Api-Root
Access-Control-Request-Headers
X-Datadog-Sampled
X-Mg-Request-UUID
X-Signature
X-B-Cache
X-Debug-IsConnected
X-Amzn-Remapped-Content-Length
X-Debug-IsPreview
X-CDN-Forward
X-Cache-Age
X-Cache-Control
X-URL
Backend
X-ECache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Refresh
Countrycode
X-Drupal-Cache-Tags
X-DynaTrace
X-Nginx-Cache
Accept-Language
X-Erf-Web-Scheduler
Xet-Cookie
X-Httpd
X-Servername
Url
X-Tt-Trace-Tag
CF-IPCountry
X-Tt-Trace-Host
X-Generated-By
X-DynaTrace-JS-Agent
X-HTML-Minification-Powered-By
X-Source
X-Template
X-XRDS-Location
X-Mode
X-Device-Type
Webserver
X-NYM-Debug-Backend
X-Content-Powered-By
Xserver
X-Storage
Version
GEO-INFO
X-Content-Age
X-LAGOON
X-Director
OT-Force-Account-Verify
X-JoinUs
X-Urbn-Site-Id
X-GeoCode
X-Cache-Operation
X-GeoCountry
X-Cache-Action
X-SayCDN-TTL
X-SaId
Load-Balancing
X-Say-Cacheable
S-Rt
Locale
Meta-Geo
X-UPSTREAM-Address
X-Rn-Rsrv
X-Urbn-Context-Path
X-Rewrite-Enabled
X-Say-TTL
Filters
X-ServerID
X-Varnish-Cache-Hits
X-Varnish-Hostname
X-Tt-Logid
X-Cluster-Node
X-Soup
X-Forwarded-Host
Onion-Location
X-Container-Uri
X-Git-Commit
Azure-InstanceId
X-Detected-As
X-VC-Cache
Azure-RegionName
Azure-SiteName
X-PHP-Host
X-VCT
X-Adobe-Source
X-Cache-Hit
X-Tb
Web-Mar-Node
X-Cache-Server
X-Lambda-Id
Azure-Version
X-Served-From
X-RM-Cache-TTL
Azure-SlotName
X-Sql-Count
X-Ms-Request-Id
X-Ms-Version
X-Tncms
X-Sql-Duration-Ms
X-Labrador-Cache-Channel
X-Loop
Cross-Origin-Window-Policy
Mn-Server-Ip
DB-Nickname
Node
X-R9-Blue-Green-Version
X-Generation-Time
X-Routing-Service
X-Zipkin-Id
X-Logging-Id
X-Proto
X-XRDS-LOCATION
X-RCS-CacheZone
X-FB-TRIP-ID
X-Hcs-Proxy-Type
X-Extlb
X-CCDN-Origin-Time
X-Skip-Cache
X-CCDN-CacheTTL
X-Proxied
X-Timing-Wait
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-Uri
X-Tumblr-Pixel-2
TWC-Connection-Speed
X-Proxy-Build
X-Format
X-Fetched-On
Webcakes-Region
Webcakes-App-Name
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
X-Debug
X-Tumblr-Pixel-3
Webcakes-App-Version
X-MCACHE
Fastcgi-Useragent
Property-Id
Selected-Fe
Uber-Trace-Id
X-Endurance-Cache-Level
X-LSADC-Cache
X-Zen-Fury
X-Redis-Cache
X-Ua
Source
X-Sucuri-Cache
X-Sucuri-ID
X-Srv
X-NGENIX-Cache
X-Drupal-Cache-Contexts
Section-Io-Origin-Status
CDN-RequestId
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-B3-SpanId
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-S
X-Origin-Date
X-Pass-Why
X-MP-GENERATED-AT
X-Upgrade-Enabled
X-Ratelimit-Reset
X-TimeS
Fastly-Drupal-HTML
X-FTR-Request-ID
X-Cache-Expired-At
X-Origin-TTL
X-Origin-CC
X-Varnish-Hits
Upgrade-Insecure-Requests
Liferay-Portal
X-Real-IP
NGB
X-Akamai-Transformed
X-Newrelic-Synthetics
X-Handled-By
X-CACHE-AGE
Apigw-Requestid
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Cms-Context
X-Xfnlog-Site
X-Reqid
X-Optimistic-Header
X-Restarts
ServedBy
X-Via-JSL
X-Node-Name
X-Correlation-ID
X-Hl-Ver
X-Cache-Type
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
X-CSRF-Token
CDN-RequestCountryCode
CDN-CachedAt
MS-CV
X-ProxyCache-Key
X-ProxyCache-Status
X-Cache-Host
X-No-Session
X-BYPASS-REASON
CDN-Uid
Ms-Operation-Id
X-RTag
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Pubstack
X-GEO
X-Varnish-Ttl
X-ID
WP-Super-Cache
X-IPLB-Instance
X-Parent-Response-Time
X-Cluster
X-LJ-Flow-ID
X-Server-W
X-AWS-Id
X-IPLB-Request-ID
X-VWS-Id
T-Server
X-External-Request-Id
L5d-Success-Class
X-Fastly-Backend
X-Eu-Site
Candidate-Md5Url
X-Epic-Correlation-Id
Canary
Ha-Gx-Prefs
X-Bl-Debug
X-Ec-GeoHdr
X-CacheTTL
Ngx.Var.Host
X-Cache-NE
BehaviorPad-Version
X-FC-Vary-Parameters
Redirect-Candidate
L
X-Developer
X-Tx-Id
Meta-Geo-Continent
Magicmarker
True-Client-Country-4JS
X-Debug-Cache-Store
X-Debug-Cache-Fetch
MD5-Digest
X-Csrf-Jwt
X-D
Vix-Hermes-Req-Id
Lang
X-Bc-Bl
X-Dispatcher-Number
X-CF-Lambda-Fn
X-Ec-Custom-Error
X-Destination
X-CF-Lambda-Version
X-SRCache-Key
X-CGP
N-Cache
X-Ec-Fail
X-BCube-Filmed-By
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-We-Are-Hiring
Xc-Version
Gannett-Cam-Experience-Id
X-Aed
X-Rojux
DCR-Decision-By
DCR-Processing-Time-Ms
X-A-Dam
X-A-Ccd
Odigeo-Trace-Id
X-Request-Host
Server-Host
Sslversion
Fastly-SSL
Origin-Agent-Cluster
X-A
X-Vtex-Remote-Cache
X-Conf
X-Vdms-Version
X-Vdms-Path
X-ScT
X-Application
X-App
Rendered-Blocks
X-SD-PageType
X-B-Cookie
X-Worker
W
X-Slack-Shared-Secret-Outcome
X-App-Name
X-Slack-Backend
Surrogated-Key
HA-Ipaddr
X-Viewer-Country
X-S-Cookie
Web-Mar-Region
X-Proxy-Cache-Status
X-Datadome
X-AB
TDXMobile
X-CMSURLCustom
Thinkindot-Control
X-Clientip
Thinkindot-CacheControl
We-Hiring
Req-Svc-Chain
X-Cache-Bucket
X-Cache-Debug
Release
X-Bip
VNS-Age
X-Cache-Info
X-Cdn-Diag
VNS-Cache
X-Accel-Expires-Debug
Thinkindot-CacheControl-Type
X-Alternate-Cache-Key
X-Cdn-Origin
X-Accel-Buffering
X-Mly-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Sn-Servicetimems
X-Storefront-Renderer-Rendered
X-SVT-ORM-RULES
X-Tenant
X-SVT-ORM-VERSION
X-Shopify-Stage
X-ShopId
X-Request-Time
X-Refresh
X-RateLimit-Remaining-Second
X-S-Maxage
X-Server-IP
X-Shop-Environment
X-ShardId
X-Test
X-Thanos
X-VServer
X-Vmg-Version
X-VG-WebCache
X-Wikidot-Backend
X-Wikidot-Static-Cache
Host-ID
X-Wix-Viewer-Type
X-VG-TLSProxy
X-Varnishpool
X-Var-Ttl
X-Up
X-Thinkindot-L3
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-RateLimit-Limit-Second
X-Qloud-Router
X-Hash
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Human
X-Irp-Debug
X-Loc
X-Level-Front-Cache
X-Geo-Header
X-Generated-On
X-DefElseHash
X-Date
X-Core-Value
X-DefHash
X-DPWN-IS-SECURE
X-Gdpr
X-Forwarded-Path
X-Mid
Producers
X-Owner
X-Origin-Time
X-Orig-Expires
X-PAYTM-SRV-ID
X-Platform
X-Pool
X-Policy
X-Org
X-Old-Content-Length
X-Nananana
X-Mvc-Supplant-Cachable
X-Nitro-Cache
X-Node-Id
X-Nyt-Route
X-NodeID
X-Core-Mission
X-BBC-Edge-Cache-Status
Cf-Device-Type
Fastly-GeoIP-CountryCode
X-B3-Spanid
Fastly-Backend-Name
Cache-Provider
Gh-Request-Id
CPC-Age
Mail-Subject
Is-Eu
X-Micro-Cache
Expect-Staple
Environment
Datacenter
Content-Secure-Policy
Cmstype
CPC-Cache
Cmsid
X-Cache-Status-Check
AKAMAI
Adler-Geo
Origin
Platform
User-Cache-Control
AMP-Access-Control-Allow-Source-Origin
X-TIME
X-Cdn-Srv
X-ApacheServer
X-Auto-Login
Apple-News-Services-Handled
X-INCAP-ABP
X-Clara-WADP
Country-Code
X-Esi-Check
X-Fmm-Version
Apple-News-Services-Host
X-Dispatcher-Server
X-Hnp-Log
X-Gzip
X-Block-Status
X-GeoIP
X-Gen-Mode
X-Cache-Id
Apple-News-Services-Request-Url
X-From
CloudFront-Viewer-Country
CDCHOST
X-Forwarded-Site
Apple-News-Services-Parsed-Url
X-Geo-Region
NM-Fastcgi-Cache
X-PERF
X-Origin-Response-Time
X-Origin
X-WA-Info
Sever-Int
Cache-Name
Server-Ext
Server-Hostname
X-WADP-Cache
X-Nginx-Cache-Key
Machine
X-Mvc-Supplant-OutputCached
X-Akamai-Device-Characteristics
DSUID
X-Device-Os
Esi-Enabled
X-TraceId
X-Vcl-Version
Pics-Label
Server-Info
X-Instance-Name
X-Access
Ssr
X-AIR-PT
Wxu-Next-Hostname
Wxu-Next-Commit
X-NCache
X-LB-NoCache
X-Cache-Enabled
Wxu-Next-Region
NGX
C-Via
X-Section
X-Op-Id-All
X-Dc
X-Via-Fastly
X-Fastly-Request-Id
Server-ID
X-Amz-Meta-Cb-Modifiedtime
X-Vgn-Hpd-Reason
X-API-Version
X-Accel-Version
X-Has-Esi
X-CACHE-GROUP
X-Varnish-Beresp-Grace
X-HA-Backend
Memcached
X-Varnish-Beresp-Ttl
X-Is-Gdpr
X-JWT-State
X-Is-Desktop
X-Browser-Name
X-Is-Mobile
X-Buckets
X-Is-Supported-Browser
X-Tcp-Rtt
X-Is-Tablet
Memory
Hostname
Time
Cdn-Requestid
X-SIPLIST1
IsBot
Cache-Hits
Sid
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
Origin-CC
X-Scale
Origin-EX
X-ZONE
X-Air-Hostname
X-Zone
X-Air-Source
CF-Ctrl
X-TIM-N
X-Wp-Cf-Super-Cache-Active
Location
YJS-ID
X-PHP-Backend
X-Air-Trace-Id
X-B3-Parentspanid
X-Tb-Optimization-Total-Bytes-Saved
X-Presslabs-Stats
X-Cached-By
X-WP-CF-Super-Cache-Active
X-Fpc
X-Internal-Host
X-Backend-Instance
X-Origin-Cache-Key
X-Frame-Option
Resin-Trace
X-Hyper-Cache
X-Azure-Ref-OriginShield
X-Cs
X-DC
GeoIP-Latitude
Uri
X-TA-CDN-Provider
X-VC
X-Webstats-RespID
True-Client-Ip
X-Origin-Expires
Epwk-X-Cache
X-Site-Version
X-Microcachable
Cache-Host
X-DataCenter
X-Service
X-LiteSpeed-Cache-Control
X-FTR-Backend-Server
X-Info
X-FTR-Cache-Status
X-Nitro-Cache-From
X-Nitro-Rev
X-FTR-Balancer
XM
X-FTR-Expires
X-Country-Code-Real
GeoIP-Country-Code
X-FTR-Backend
X-NGINX-Cache
X-Locale
X-Web-Node
X-VarnishDD-TTL
LB
PFcat
X-HN
X-Pod-Name
Cdn
GeoIp-Country-Code
X-VCache
X-Edge-Server
X-Cache-Ttl
X-CS
XServer
X-Ad-Defer-Variation
Cdn-Host
Cdn-Request-Time
X-Datacenter
X-Geo
User-Agent
NtCoent-Length
X-CSRF-TOKEN
X-NewRelic-App-Data
A
Req-ID
X-Via-CDN
X-NMSegId
WZWS-RAY
True-Client-IP
Srvid
X-FL-EDGE
X-FL-QIT-DEBUG
X-Via-Edge
X-Via-SSL
Locid
Edge-Copy-Time
M-TraceId
X-Vercel-Cache
X-Vercel-Id
X-SRV
WebServer
X-Ad-Load-Variation
X-TRACE-ID
SID
X-MSEdge-Flight
X-MSEdge-Features
X-Cache-ASPX
X-FireWall-Port
X-Contensis-Viewer-Groups
X-Pad
X-Moov-T
Cluster
X-Moov-Xdn-Version
Fastly-Drupal-Html
Pramga
X-M-Reqid
X-Scope-Id
X-Request-Start
X-M-Log
X-FPC
X-ATG-Version
X-Varnish-Authentication
X-HostName
Tcn
X-Request-URI
X-Qnm-Cache
X-Varnish-Beresp-Status
X-NWS-UUID-VERIFY
X-LiteSpeed-Tag
Cache-Key
X-Shield-Cache-Expires
CountryCode
HostName
X-APP-VERSION
X-Api-Version
X-Cdn-Request-ID
Cf-Ipcountry
X-Cache-Date
Content-Script-Type
X-Esi
Edge-Cache
Path
Cdnsip
Cdncip
X-Amz-Meta-Opti
X-Air-Pt
X-AK-Request-ID
Content-Style-Type
Cache-Tv-Group
X-TH-Server
X-Branch-Name
Wpo-Cache-Status
Wpo-Cache-Message
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Wa
Tube-Get-Contents
Click-Count-Error
X-B3-Trace-ID
X-LB-ID
X-Via-Popn
X-Cache-FS-Status
X-Proxy-CacheRZ
XkeyRZ
State
Yak-Timeinfo
X-Render-Time
Click-Count-Action-Start
X-Planisys-CDN-Cache
X-Acquia-Purge-Cdn-Unconfigured
X-Platform-Server
X-HS-Content-Campaign-Id
X-Req
X-Via-Poph
X-SB
X-V-Cache
X-Nc
X-Servedbyhost
X-Github-Request-Id
X-Planisys-CDN-TTL
X-Aicache-OS
Tube-Got-Eval
Tube-Got-Results
Tube-Return
X-Via-Popv
X-WP-CF-Super-Cache-Cookies-Bypass
X-Planisys-CDN-Rules
X-Upstream-Ct
CDN
X-CACHE-KEY
X-Rebelmouse-Cache-Control
X-Upstream-Ht
X-VCL-Version
Lb
X-Rebelmouse-Surrogate-Control
X-Cdn-Forward
Geoip-Latitude
X-Wp-Cf-Super-Cache-Cache-Control
X-Vgn-Hpd-Variations-Key
Srv
X-Vgn-Hpd-Cached
V-Age
X-Vgn-Hpd-Ssi
X-Wp-Cf-Super-Cache
Proxy-Connection
X-Akamai-Pragma-Client-IP
X-Men
X-Tim-N
X-Release
On-Server
X-Vary
X-Fastly-Cache
X-Lb-Cache
MIME-Version
X-User
Ngx-Var-Key
X-Rocket-Build-Number
X-UA
X-Generated-In
X-HS-Status
Ohc-File-Size
X-Dw-Trace-Id
CF-Cached-On
X-Sigma
X-Sigma-Backend
X-Traceid
X-Ha-Backend
X-Cache-Remote
Server-Id
X-TT-LOGID
X-Acquia-Site
My-App
X-Lb-Nocache
PICS-Label
X-EC-Lua
Warning
X-Fastly-Backend-Reqs
X-Acquia-Application-Trace
X-Via-Ucdn
X-Acquia-Application-UUID
Cache
X-Acquia-Purge-Tags
X-CUA
Ohc-Cache-HIT
X-Iplb-Request-Id
X-TX-ID
X-Iplb-Instance
Yjs-Id
X-GoCache-CacheStatus
Mime-Version
X-Gamma-Serve
X-GeoIP-City
X-Fastly-Cache-Hits
X-CF-Cache-Header-Vary
Ngx
X-Litespeed-Cache-Control
X-CF-Cache-Header-Cache-Control
Log-Origin
X-Miniprofiler-Ids
X-RAMCache
X-Udemy-Cache-App-Namespace
X-ElasticPress-Query
Inserted-Into-Cache-At
CACHE-MISS-TO-ORIGIN
Cneonction
X-Snapshot-Date
X-Cached-Since
Vha6-Origin
X-Scheme