Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-Id
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-CDN
X-AspNetMvc-Version
P3p
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Server
X-Ws-Request-Id
X-Ua-Compatible
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
Allow
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
Accept-CH
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
Cf-Apo-Via
X-Device
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Dns-Prefetch-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Readtime
X-Cache-Lookup
X-Ruxit-JS-Agent
X-HW
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-CST
X-WebKit-CSP-Report-Only
Content-Location
X-Content-Type
X-Url
Accept-Ch-Lifetime
X-Mcache
X-MS-InvokeApp
X-Clacks-Overhead
X-Country
Rating
X-ECACHE
X-Midtier
X-PC
X-Vname
X-TtlSet
X-Amz-Server-Side-Encryption
X-Litespeed-Cache
RTSS
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-D2id
X-ESI
X-Element-Page-Cache
Origin-Trial
X-Server-Name
Verso
X-Ac
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Ttl
X-B3-TraceId
X-Varnish-TTL
X-Rack-Cache
X-Cnection
X-Powered-By-Plesk
Service-Worker-Allowed
X-GitHub-Request-Id
X-Cache-TTL
X-Navigation-Version
Xkey
SPRequestGuid
X-SharePointHealthScore
X-Client-IP
X-Abt-Application-Version
X-Amz-Rid
X-NWS-LOG-UUID
Edge-Control
X-Cached
SPIisLatency
Arr-Disable-Session-Affinity
SPRequestDuration
X-Px
X-Mg-S
X-Upstream
X-Instrumentation
X-Browser-Type
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Cache-Key
X-Dw-Request-Base-Id
X-Correlation-Id
Content-MD5
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Fastcgi-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-Goog-Hash
X-Country-Code
Front-End-Https
X-Forwarded-For
X-Daa-Tunnel
X-Version
X-XRDS-Location
X-Id
Public-Key-Pins
X-Powered-CMS
AR-SID
AR-ATIME
AR-Request-ID
AR-CACHE
TCN
AR-PoweredBy
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-T
X-Recruiting
X-MSEdge-Ref
X-Content-Digest
X-RateLimit-Remaining
X-Accel-Expires
Response
X-Middleton-Response
X-Ser
X-Shield-Request-Id
TP-L2-Cache
TP-Cache
X-Amzn-Trace-Id
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Nginx-Cache
S
X-Ratelimit-Limit
X-Request-Processing-Time
X-Request-Received
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Node
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-Distributor
X-Hits
Cache-Status
X-Fastly-Request-ID
Cache-Tags
X-Edge-Location-Klb
X-Kinsta-Cache
X-Grace
Fastcgi-Cache
Alternate-Protocol
Server-Name
X-Ruxit-Js-Agent
X-Ratelimit-Remaining
X-Ezoic-Cdn
X-DIS-Request-ID
X-LB-Cache
X-Origin-Server
X-Ua-Browser
X-Protected-By
X-Ratelimit-Reset
X-DataDome
X-FastCGI-Cache
X-Geo-Country
X-Request-Handler-Origin-Region
X-Microsite
X-Rid
X-Frontend
Cross-Origin-Opener-Policy
Filterid
X-Varnish-Backend
X-Debug-Info
Healthy
X-Www-Served-By
X-Git-Hash
X-Logged-In
Payment
X-FB-Debug
Cleartype
X-Page-Id
X-Forwarded-Proto
X-NGENIX-Cache
X-Load-Cache
X-Webkit-Csp
X-LLID
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-ASPNET-VERSION
X-TEC-API-ROOT
Charset
X-Hostname
X-Cluster-Name
X-B3-Sampled
X-Origin-Cache
Content-Disposition
DC
MS-Author-Via
X-VCache
X-Goog-Metageneration
X-GUploader-UploadID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-PressLabs-Stats
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Proxy
Retry-After
Realpath
X-F-Cache
X-Az
X-Activity-Id
Cross-Origin-Resource-Policy
X-AppVersion
Accept-Charset
X-Type
X-Contextid
X-TTL
Paypal-Debug-Id
X-Amz-Replication-Status
X-Revision
X-Signature
X-Amz-Meta-S3cmd-Attrs
X-B-Cache
X-Seen-By
X-Request-Guid
X-Whom
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Azure-Ref
X-Flags
X-Fb-Rlafr
X-Hosted-By
Viewport
X-App-Environment
X-Wix-Request-Id
X-Varnish-Server
X-TT
Surrogate-Key
X-DynaTrace
X-B
X-Aspnetmvc-Version
Count-Hit
X-Language
X-Oracle-Dms-Ecid
X-Akamai-Edgescape
X-Oracle-Dms-Rid
X-Source
Amp-Access-Control-Allow-Source-Origin
Referer-Policy
X-Template
X-App-Server
X-Mobile
X-B3-Traceid
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-COUNTRY
X-Cache-Control
X-RateLimit-Limit
Host
X-Oneagent-Js-Injection
Version
X-Varnish-Grace
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-HTML-Minification-Powered-By
X-Cache-Rule
X-N
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Original-Request-Id
X-Response-Served-From
Accept-Ch
X-Varnish-Age
MS-CV
X-Trace-Id
Ms-Operation-Id
X-Rule
X-RTag
X-UUID
X-Cache-Time
SD-X-WS
Access-Control-Request-Headers
X-Cache-Expired-At
X-Cache-Status-Check
Section-Io-Cache
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Powered-By
X-Framework
X-Envoy-Decorator-Operation
X-Adobe-Loc
X-Device-Type
X-FW-Type
X-FW-Dynamic
X-Backend-Name
Akamai-GRN
X-FW-Serve
X-FW-Server
Protected
X-FW-Hash
X-Adobe-Content
X-FW-Version
X-Cache-Grace
X-Jobs
X-Page-View
X-ProcessESI
X-RemovedCookies
X-Cacheable-TTL
X-User-Agent
Refresh
X-FW-Static
X-Instance
X-G
GEO-INFO
NGB
Url
X-Servername
X-Status
X-Is-Bot
X-Http-Reason
X-Rendered-As
X-Environment-Context
X-NYM-Debug-Backend
X-L-Path
X-Akamai-Request-ID2
SRV
X-Cache-Age
X-Drupal-Cache-Contexts
X-CDN-Forward
X-Debug-IsPreview
X-Debug-IsConnected
X-Drupal-Cache-Tags
From-Origin
WPO-Cache-Status
WPO-Cache-Message
X-Region
X-Yottaa-Optimizations
X-Cache-Hit
X-Yottaa-Metrics
CDN-RequestId
Front
Accept-Language
X-Newrelic-App-Data
X-Nginx-Cache
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Amzn-RequestId
X-Amz-Apigw-Id
Country
X-Tb
X-Tt-Logid
X-Node-Name
X-Fastly-Request-Id
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Backend
X-Buckets
X-Content-Options
X-Unique-Id
Fastly-Drupal-HTML
Fastly-SIE
Fastly-SWR
X-Real-IP
X-Zen-Fury
X-XRDS-LOCATION
X-VC-Cache
X-DynaTrace-JS-Agent
Uber-Trace-Id
X-Mode
X-Times
X-Cache-Operation
Content-Secure-Policy
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Generation-Time
X-RN-RSRV
Webserver
X-Proxy-Cache-Info
X-Amzn-Remapped-Content-Length
X-Cache-Server
X-Tumblr-Pixel-2
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Ms-Request-Id
X-Ms-Version
Filters
Meta-Geo
Cache-Hits
Azure-Version
Azure-SlotName
X-Format
X-Access
X-Reqid
X-Time
Azure-SiteName
X-TIME
X-IPS-LoggedIn
X-Section
Azure-RegionName
Azure-InstanceId
Onion-Location
X-Content-Age
CF-IPCountry
X-Rocket-Nginx-Serving-Static
X-Web-Node
TWC-GeoIP-Country
X-ProxyCache-Status
X-AWS-Id
TWC-Device-Class
Property-Id
TWC-Connection-Speed
X-Adobe-Source
TWC-Privacy
X-Server-W
Webcakes-App-Version
Webcakes-App-Name
X-ProxyCache-Key
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Cache-TTL-Remaining
X-Sql-Count
X-Say-Cacheable
X-Sql-Duration-Ms
X-Sucuri-Cache
X-IPLB-Instance
X-Sucuri-ID
X-Say-TTL
X-SayCDN-TTL
X-Locale
X-LJ-Flow-ID
X-Origin-Hint
X-PHP-Backend
X-Soup
X-Ua
X-UA-Device-Type
X-Cache-Host
X-IPLB-Request-ID
X-Cache-Action
X-BYPASS-REASON
X-Proxy-Cache-Status
X-Cluster
X-Cluster-Node
X-VWS-Id
X-Via-Fastly
X-Proto
X-Debug
X-Cms-Context
X-R9-Blue-Green-Version
Webcakes-Region
Node
Apigw-Requestid
S-Rt
X-No-Session
Web-Mar-Node
X-Labrador-Cache-Channel
ServerID
ServedBy
X-Forwarded-Host
X-Handled-By
Cache-Name
X-PHP-Host
X-Site-Version
X-Skip-Cache
X-Varnish-Beresp-Grace
DB-Nickname
X-FB-TRIP-ID
X-Webkit-CSP
X-Extlb
X-Edge-Location
X-Xfnlog-Site
Liferay-Portal
X-Detected-As
X-JoinUs
X-Urbn-Context-Path
X-Proxied
X-Proxy-Build
X-SaId
X-Zipkin-Id
X-LSADC-Cache
X-LAGOON
X-Timing-Wait
X-Routing-Service
X-Urbn-Site-Id
Selected-Fe
Mn-Server-Ip
Cross-Origin-Window-Policy
Locale
X-GeoCountry
X-WP-CF-Super-Cache-Cache-Control
CDN-Uid
CDN-RequestCountryCode
X-WP-CF-Super-Cache
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
CDN-PullZone
Mime-Version
X-GeoCode
WP-Super-Cache
X-Hl-Ver
Fastcgi-Useragent
X-SRV
X-ECache
X-Optimistic-Header
X-Tumblr-Pixel-3
X-Origin-Date
Source
X-Request-Time
X-CACHE-AGE
X-Cache-Debug
CF-Cached-On
X-Redis-Cache
X-Uri
X-Presslabs-Stats
Upgrade-Insecure-Requests
X-TNCMS
X-Loop
X-Mg-Request-UUID
X-Generated-By
X-Akamai-Transformed
X-Varnish-Hits
Xserver
X-Director
Countrycode
Xet-Cookie
X-ARC
X-GEO
X-App-Version
X-NWS-UUID-VERIFY
X-Pass-Why
X-Varnish-Beresp-Ttl
Frame-Options
X-URL
X-FireWall-Port
X-Tx-Id
Cache-Tv-Group
X-Newrelic-Synthetics
X-Origin-TTL
X-Varnish-Ttl
X-Origin-CC
X-Varnish-Cache-Hits
X-Storage
X-Tid
X-TA-CDN-Provider
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Service
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Varnish-Hostname
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ServerID
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-RM-Cache-TTL
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Endurance-Cache-Level
Environment
X-DC
X-BBC-Edge-Cache-Status
X-Developer
X-Thinkindot-L3
Redirect-Candidate
X-Test
WWW-Authenticate
X-Ec-Fail
X-Ec-GeoHdr
X-Mid
X-TIM-N
X-Cache-NE
X-Mobile-URL
X-Nyt-Route
X-A-Ccd
X-Bc-Bl
X-D
Sslversion
Req-Svc-Chain
Rendered-Blocks
X-Location
X-A
X-Request-Host
X-Aed
Release
X-Loc
X-Frame-Option
X-Gdpr
Candidate-Md5Url
X-Httpd
Lang
Host-ID
X-Generated-On
Edge-Cache
DCR-Processing-Time-Ms
DCR-Decision-By
Gannett-Cam-Experience-Id
Cache-Host
BehaviorPad-Version
Odigeo-Trace-Id
A
X-Epic-Correlation-Id
Origin
X-Level-Front-Cache
X-INCAP-ABP
Ngx.Var.Host
MD5-Digest
Memcached
Meta-Geo-Continent
X-External-Request-Id
X-SRCache-Key
X-Destination
X-Vdms-Path
X-S-Cookie
X-We-Are-Hiring
X-S-Maxage
X-Conf
X-Vdms-Version
X-S
X-Cache-Info
X-Core-Value
X-Rocket-Build-Number
X-Rojux
X-BCube-Filmed-By
X-Application
X-A-Dcw
X-Sigma-Backend
X-A-Dam
Xc-Version
X-Sigma
X-A-Dgt
X-A-Wwc
X-CMSURLCustom
X-ScT
X-Served-From
Thinkindot-Control
X-VG-TLSProxy
X-Platform-Cluster
Surrogated-Key
X-Platform-Processor
X-Processor
T-Server
X-Platform-Router
X-B-Cookie
TDXMobile
Thinkindot-CacheControl
X-Origin-Time
Thinkindot-CacheControl-Type
Server-Info
Server-Host
X-Fmm-Version
Kp-EeAlive
X-DefHash
DSUID
Gh-Request-Id
Tube-Got-Results
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-Cdn-Origin
X-GeoIP-City
Ssr
Tube-Get-Contents
X-Geo-Header
X-GeoIP
X-DefElseHash
X-Auto-Login
X-Cdn-Srv
Tube-Return
X-Clara-WADP
We-Hiring
Vix-Hermes-Req-Id
X-Ec-Custom-Error
X-Cache-Bucket
X-Core-Mission
X-Akamai-Device-Characteristics
X-Bip
Mail-Subject
State
Magicmarker
X-Developers
Tube-Got-Eval
NM-Fastcgi-Cache
X-CUA
X-Fetched-On
X-Org
X-VServer
X-JWT-State
X-Vmg-Version
X-Req
X-SVT-ORM-VERSION
X-Is-Gdpr
X-WA-Info
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Restarts
AKAMAI
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
Decoy-Debug-TTL
X-Pool
X-Platform-Server
X-Origin-Response-Time
X-Old-Content-Length
X-NodeID
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-Thanos
X-Pubstack
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Hash
X-Has-Esi
Cluster
CloudFront-Viewer-Country
C-Via
Country-Code
X-WP-CF-Super-Cache-Active
X-Sn-Servicetimems
X-SD-PageType
Decoy-Debug-Status
Decoy-Debug-Key
Click-Count-Error
X-Worker
CacheControlHeader
X-SB
Click-Count-Action-Start
X-WADP-Cache
X-HS-Content-Campaign-Id
X-B3-Spanid
X-SVT-ORM-RULES
X-Human
Cache-Key
X-Parent-Response-Time
Section-Io-Origin-Time-Seconds
X-AIR-PT
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Status
X-Ckpd-Fst-Backend
X-Up
X-Cache-Id
X-Block-Status
X-Cache-Backend
X-Wix-Viewer-Type
NGX
X-Cache-Date
X-Slack-Shared-Secret-Outcome
X-Varnishpool
X-CacheTTL
X-Var-Ttl
X-Cache-Tags
X-Variation
X-VarnishDD-TTL
X-V-Cache
X-Op-Id-All
X-Esi-Check
X-Fastly-Backend
X-Irp-Debug
X-LB-NoCache
X-Minions-Version
X-Men
X-FC-Vary-Parameters
X-Hnp-Log
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Gzip
X-Gen-Mode
X-HN
X-Gamma-Serve
X-Mvc-Supplant-Cachable
X-DPWN-IS-SECURE
X-Platform
X-Owner
X-Qloud-Router
X-Region-Sid
X-Scale
X-Request-Start
X-Origin
X-Date
X-Dispatcher-Number
X-Dispatcher-Server
X-Device-Os
X-NCache
X-Node-Id
X-Nginx-Cache-Key
X-Slack-Backend
X-Azure-Ref-OriginShield
PFcat
Origin-EX
Origin-CC
On-Server
Pics-Label
Platform
Server-Hostname
Server-Ext
Producers
Machine
L
Canary
Cache-Provider
Adler-Geo
SID
CDCHOST
Cmsid
X-App
Is-Eu
Cmstype
Sever-Int
Datacenter
Wxu-Next-Region
Wxu-Next-Hostname
User-Cache-Control
Wxu-Next-Commit
Web-Mar-Region
X-Accel-Buffering
X-Accel-Expires-Debug
X-Ad-Defer-Variation
HA-Ipaddr
Ha-Gx-Prefs
X-Eu-Site
Fastly-SSL
L5d-Success-Class
X-Cache-FS-Status
X-Forwarded-Site
X-Refresh
X-Nananana
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Server-ID
Svr
X-Csrf-Jwt
X-Server-IP
X-Planisys-CDN-Rules
X-CGP
X-CSRF-Token
X-Webkit-CSP-Report-Only
X-Mly-Id
X-Cache-Remote
X-Microcachable
X-Mvc-Supplant-OutputCached
Load-Balancing
X-Via-Poph
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
HostName
X-Via-Popn
X-Via-Popv
Env
X-HA-Backend
X-Zone
X-RCS-CacheZone
X-Aicache-OS
X-Cached-By
X-Fastly-Cache
GeoIP-Latitude
X-Trace-ID
X-VC
X-Api-Version
Cdn
X-ND-Cache
Server-ID
X-Instance-Name
X-Origin-Expires
X-Nc
Cache
Time
X-Response-By
Memory
X-HS-Status
Cdncip
Cdnsip
X-Release
X-AK-Request-ID
X-NGINX-Cache
X-Gateway-Request-Id
X-FL-EDGE
Srvid
X-FL-QIT-DEBUG
X-DataCenter
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Fpc
X-Wa
Expect-Staple
X-From
X-Gateway-Cache-Key
X-Generated-In
Locid
X-Vc
X-Cache-Enabled
X-Via-CDN
X-Esi
X-Edge-Pop
X-NewRelic-App-Data
X-Via-NSCOPI
X-API-Version
X-LB-ID
AMP-Access-Control-Allow-Source-Origin
X-ZONE
X-Correlation-ID
X-Provided-By
NtCoent-Length
X-CCDN-CacheTTL
GeoIp-Country-Code
Edge-Copy-Time
X-Via-SSL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Client-Ip
X-Via-Edge
X-Check-Cacheable
X-CS
Hostname
X-Vgn-Hpd-Cached
Eomportal-Instance
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Srv
X-Vcl-Version
X-Dc
X-Debug-Cache-Store
X-Lambda-Id
X-APP-VERSION
X-Micro-Cache
X-CSRF-TOKEN
X-Air-Pt
X-Debug-Cache-Fetch
Ngx-Var-Key
XkeyRZ
X-Proxy-CacheRZ
X-MCACHE
Sid
X-Amz-Meta-Cb-Modifiedtime
X-Via-JSL
True-Client-IP
X-B3-SpanId
OT-Force-Account-Verify
CPC-Age
VNS-Age
X-Nf-Request-Id
IsBot
CPC-Cache
Srv
X-Request-URI
X-SIPLIST1
X-Vtex-Remote-Cache
X-Render-Time
VNS-Cache
X-VCL-Version
X-Info
True-Client-Ip
X-Cache-NGX
X-Cs
X-EC-Lua
Uri
Path
X-VCT
X-Fastly-Country-Code
X-TH-Server
X-ATG-Version
Location
Request-ID
X-MSEdge-Features
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Datadome
X-Varnish-Authentication
Resin-Trace
Esi-Enabled
X-MSEdge-Flight
X-Upstream-Ht
X-TX-ID
X-Upstream-Ct
X-Oss-Server-Time
X-Oss-Storage-Class
Fastly-Drupal-Html
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
CDN
X-Cache-Type
GeoIP-Country-Code
X-Cache-Expires
X-CLOUD-TRACE-CONTEXT
M-TraceId
YJS-ID
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-Edge-POP
Servername
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-CF-Lambda-Fn
Cross-Origin-Opener-Policy-Report-Only
X-Cdn-Request-ID
X-Accel-Version
X-Udemy-Cache-App-Namespace
X-Lb-Id
X-FPC
X-Datacenter
X-Pod-Name
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
X-CDN-Cache-Status
X-Wikidot-Backend
Sm-Log-Id
X-Wikidot-Static-Cache
X-WA
N-Cache
X-Service-Response-Time
HIT
LB
RNT-Machine
RNT-Time
X-RateLimit-Reset
Timeexpire
XServer
X-Scheme
CountryCode
X-Geo
Traceparent
X-Moov-T
X-Moov-Xdn-Version
X-Viewer-Country
X-Orig-Expires
X-SERVER-NAME
X-Shop-Environment
X-Bl-Debug
X-ApacheServer
X-PERF
X-Cdn-Cache-Status
X-Forwarded-Path
X-Tenant
X-NC
X-MP-GENERATED-AT
X-Srcache-Store-Status
X-B3-Trace-ID
X-Srcache-Fetch-Status
X-CACHE-KEY
Proxy-Connection
ENV
Ohc-File-Size
Server-Id
FSS-Cache
X-TimeS
Geoip-Latitude
X-NAPM-TraceId
Yjs-Id
Epwk-X-Cache
Powered-By
X-App-Name
X-LiteSpeed-Cache-Control
X-TraceId
X-ServedByHost
X-Ha-Backend
X-Policy
X-Snapshot-Date
X-Cdn-Forward
WZWS-RAY
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Dw-Trace-Id
X-Rebelmouse-Surrogate-Control
X-Hyper-Cache
X-Amz-Meta-Opti
X-Rebelmouse-Cache-Control
Rip
X-M-Reqid
X-M-Log
X-Clientip
X-Qnm-Cache
Inserted-Into-Cache-At
Ngx
User-Agent
Content-Style-Type
Content-Script-Type
V-Age
Tracecode
Ec-Rule-Version
X-B3-Parentspanid
X-Acquia-Purge-Tags
X-Vgn-Hpd-Reason
X-Acquia-Application-Trace
X-Fastly-Backend-Reqs
X-Acquia-Application-UUID
X-Acquia-Site
X-RAMCache
X-MiniProfiler-Ids
X-Lb-Nocache
True-Client-Country-4JS
X-Swift-Error
X-Serial
Cdn-Requestid
X-F-Status
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-TT-LOGID
X-Wp-Cf-Super-Cache
X-Mid-Debug-Cache-Key
X-Mid-Debug-Cache-Disk
X-Cache-Ngx
X-UP
Hit
Lb
X-Webstats-RespID
X-B3-ParentSpanId
X-Request-URL
X-Fastly-Cache-Hits
XM
My-App
X-LiteSpeed-Tag
X-Th-Server
MIME-Version
Cneonction
X-IPS-Cached-Response
Warning
X-VG-WebCache
X-Stale