Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-FRAME-OPTIONS
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Dns-Prefetch-Control
X-Request-ID
X-Drupal-Dynamic-Cache
Server-Timing
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-XSS-PROTECTION
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Request-Context
X-Backend
X-Turbo-Charged-By
X-Cache-Group
X-AH-Environment
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-Vhost
X-UA-Device
X-Proxy-Cache
X-Server
X-Rq
Allow
X-Server-Powered-By
X-Ws-Request-Id
X-Age
X-Dispatcher
EagleId
X-Varnish-Cache
X-Amz-Version-Id
P3p
Nel
X-LiteSpeed-Cache
X-Ua-Compatible
Grace
Cf-Apo-Via
Cf-Railgun
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Node
X-Cache-Lookup
X-CST
X-WebKit-CSP
X-Backend-Server
Accept-CH
Surrogate-Control
X-Server-Id
Accept-CH-Lifetime
Permissions-Policy
X-Readtime
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Request-Id
X-Application-Context
X-Ruxit-JS-Agent
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
Xkey
X-Response-Time
X-HW
X-Trace
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Rating
X-Url
Accept-Ch
X-ESI
X-Midtier
X-Amz-Server-Side-Encryption
Cache-Tag
X-Mcache
X-Country
X-MS-InvokeApp
X-Powered-By-Plesk
X-Rack-Cache
X-ECACHE
X-D2id
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Element-Page-Cache
X-Vcap-Request-Id
Service-Worker-Allowed
Verso
X-Upstream
Edge-Control
X-Country-Code
X-Ac
RTSS
X-Vname
X-PC
X-TtlSet
Origin-Trial
X-Goog-Hash
X-VARITI-CCR
X-Navigation-Version
X-Kinja-CCPA
X-Abt-Application-Version
X-Cache-TTL
X-Browser-Type
Fastly-Restarts
X-Oneagent-Js-Injection
Accept-Ch-Lifetime
X-Litespeed-Cache
X-Amz-Rid
X-Aspnetmvc-Version
X-NWS-LOG-UUID
X-WebKit-CSP-Report-Only
X-GitHub-Request-Id
X-Webkit-CSP
X-Cached
Cross-Origin-Opener-Policy
X-Varnish-TTL
X-Server-Name
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
SPRequestGuid
X-SharePointHealthScore
X-Times
X-Ruxit-Js-Agent
X-Ttl
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
SPIisLatency
SPRequestDuration
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Content-Type
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
X-FastCGI-Cache
X-Powered-CMS
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-Key
X-Mg-S
Response
X-Middleton-Response
X-B3-Traceid
X-Version
X-Ser
X-Cnection
X-Server-ID
X-HP-Trace-Id
Nginx-Cache
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
Cache-Tags
AR-CACHE
X-T
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-SRCache-Store-Status
X-RateLimit-Remaining
X-B3-TraceId
Cache-Status
X-NF-Request-ID
Edge-Cache-Tag
X-Hits
X-MSEdge-Ref
Front-End-Https
X-Px
Public-Key-Pins
X-Recruiting
S
X-Daa-Tunnel
Payment
X-Shield-Request-Id
X-LLID
X-Frontend
X-Ua-Browser
X-Request-Received
X-Request-Processing-Time
Server-Node
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-RateLimit-Limit
X-GUploader-UploadID
X-Goog-Metageneration
Content-MD5
MicrosoftSharePointTeamServices
X-Amzn-RequestId
X-Amz-Apigw-Id
X-DIS-Request-ID
X-Content-Digest
Access-Control-Request-Method
X-Webkit-CSP-Report-Only
X-TTL
TP-Cache
Realpath
X-Protected-By
X-Forwarded-For
X-Request-Handler-Origin-Region
X-Microsite
X-PressLabs-Stats
X-Distributor
X-FB-Debug
Access-Control-Allow-Method
X-Rid
Fastcgi-Cache
X-Page-Id
X-LB-Cache
Accept-Charset
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Cluster-Name
X-ASPNET-VERSION
X-Aspnet-Version
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Ua-Device
Count-Hit
X-Hostname
X-Geo-Country
X-B3-Sampled
X-Id
TP-L2-Cache
X-Kinsta-Cache
X-Ratelimit-Remaining
X-Edge-Location-Klb
Cross-Origin-Resource-Policy
X-Xrds-Location
X-Seen-By
X-Ezoic-Cdn
X-Ratelimit-Limit
X-Erf-Stays-Pdp-Viaduct-Migration-Web
Cleartype
TCN
X-Correlation-Id
X-App-Server
X-Fastcgi-Cache
X-Varnish-Backend
X-Logged-In
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Referer-Policy
X-Hosted-By
X-Content-Options
X-Git-Hash
X-Mobile
DC
Retry-After
X-Contextid
X-Newrelic-App-Data
X-Fb-Rlafr
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Route-Name
X-Flags
X-Is-Crawler
X-Request-Guid
X-Origin-Cache
X-Amz-Replication-Status
X-Revision
X-Grace
Surrogate-Key
X-TT
X-App-Environment
X-Debug-Info
X-F-Cache
X-Forwarded-Proto
Frame-Options
X-IPS-LoggedIn
X-Varnish-Grace
X-Amz-Meta-S3cmd-Attrs
X-RateLimit-Reset
X-Envoy-Decorator-Operation
X-Azure-Ref
X-Magnolia-Registration
Section-Io-Cache
MS-Author-Via
X-Wix-Request-Id
X-Proxy-Cache-Info
X-COUNTRY
X-Whom
Healthy
X-Webkit-Csp
Charset
X-Www-Served-By
X-ECache
Viewport
X-Akamai-Edgescape
Alternate-Protocol
X-Language
WPO-Cache-Status
WPO-Cache-Message
Filterid
X-Backend-Name
X-App-Version
X-Origin-Server
X-AppVersion
X-Trace-Id
X-Activity-Id
X-Az
Server-Name
X-Datadog-Parent-Id
Paypal-Debug-Id
X-Datadog-Sampling-Priority
X-Varnish-Server
X-Datadog-Trace-Id
X-Kong-Proxy-Latency
Host
X-Kong-Upstream-Latency
X-B
X-Cache-Rule
X-EdgeConnect-Cache-Status
X-Original-Request-Id
X-Response-Served-From
VIX-Pulpo-Upstream-Status
X-Http-Reason
SD-X-WS
VIX-Pulpo-Node
X-Rule
X-Nf-Request-Id
X-User-Agent
X-DataDome
X-UUID
X-ProcessESI
X-Cache-Grace
X-Edge-Location
X-Instance
X-Akamai-Request-ID2
X-RemovedCookies
Front
X-Jobs
X-Page-View
X-Region
X-ARC
X-Yottaa-Optimizations
Country
From-Origin
X-Rocket-Nginx-Serving-Static
X-Tumblr-Pixel
X-Varnish-Age
X-Cacheable-TTL
X-Yottaa-Metrics
X-Unique-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-N
Protected
X-Vcache
X-Adobe-Content
X-Adobe-Loc
Fastly-SIE
X-Is-Bot
X-Status
X-Time
Fastly-SWR
X-Rendered-As
Akamai-GRN
X-Environment-Context
Amp-Access-Control-Allow-Source-Origin
X-L-Path
X-Framework
X-Load-Cache
X-FW-Server
X-FW-Dynamic
X-FW-Static
X-G
X-FW-Type
X-FW-Serve
X-FW-Version
SRV
X-Cache-Time
X-Mg-Request-UUID
X-Datadog-Sampled
X-FW-Hash
X-Type
X-Signature
X-B-Cache
X-Proxy
X-Amzn-Remapped-Content-Length
X-Debug-IsConnected
X-Debug-IsPreview
Content-Disposition
Access-Control-Request-Headers
ServerID
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Client-Ip
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Backend
X-CDN-Forward
Refresh
X-Erf-Web-Scheduler
X-Cache-Control
X-Cache-Age
X-XRDS-LOCATION
X-DynaTrace
Xet-Cookie
Countrycode
X-Servername
Accept-Language
Url
X-Httpd
X-Drupal-Cache-Tags
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-DynaTrace-JS-Agent
X-Template
X-Nginx-Cache
X-Generated-By
X-Device-Type
Webserver
X-NYM-Debug-Backend
X-Mode
CF-IPCountry
X-HTML-Minification-Powered-By
X-Content-Powered-By
X-Storage
X-Source
X-CCDN-Origin-Time
X-Cache-Hit
GEO-INFO
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-GeoCode
X-Say-Cacheable
X-Urbn-Site-Id
Meta-Geo
Locale
S-Rt
X-JoinUs
X-GeoCountry
X-Cache-Action
X-SaId
X-Say-TTL
X-URL
X-Rewrite-Enabled
Load-Balancing
X-Tncms
X-Urbn-Context-Path
Filters
X-Rn-Rsrv
X-Content-Age
X-LAGOON
X-UPSTREAM-Address
X-Cache-Operation
X-ServerID
OT-Force-Account-Verify
X-SayCDN-TTL
X-Director
X-Loop
Cross-Origin-Window-Policy
X-Forwarded-Host
X-Cluster-Node
X-Container-Uri
Onion-Location
X-Tumblr-Pixel-2
X-MCACHE
X-Varnish-Hostname
Version
Xserver
X-Soup
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Git-Commit
X-VC-Cache
X-Served-From
Azure-SlotName
X-Cache-Server
X-VCT
X-Tt-Logid
Azure-Version
Azure-SiteName
Azure-InstanceId
Web-Mar-Node
X-RM-Cache-TTL
X-PHP-Host
X-Adobe-Source
Azure-RegionName
X-Sql-Duration-Ms
X-Ms-Version
X-Tb
X-Sql-Count
X-Labrador-Cache-Channel
X-Skip-Cache
X-Lambda-Id
X-Detected-As
X-Ms-Request-Id
X-Proxied
X-Redis-Cache
X-Zipkin-Id
DB-Nickname
X-Routing-Service
Node
X-RCS-CacheZone
X-Logging-Id
X-Extlb
X-FB-TRIP-ID
X-R9-Blue-Green-Version
Mn-Server-Ip
TWC-Connection-Speed
TWC-Device-Class
Property-Id
TWC-Locale-Group
Selected-Fe
Fastcgi-Useragent
TWC-GeoIP-LatLong
X-Proxy-Build
TWC-Privacy
X-Fetched-On
X-Format
TWC-GeoIP-Country
X-Origin-Hint
X-Proto
Webcakes-App-Version
Webcakes-Region
X-Generation-Time
X-Timing-Wait
Webcakes-App-Name
X-FTR-Request-ID
X-Debug
X-Uri
X-Endurance-Cache-Level
Uber-Trace-Id
Source
X-Zen-Fury
X-LSADC-Cache
X-NGENIX-Cache
CDN-RequestId
X-Ua
X-Sucuri-ID
X-Sucuri-Cache
X-XRDS-Location
X-B3-SpanId
X-Varnish-Ttl
Section-Io-Origin-Status
X-S
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-TimeS
X-Origin-TTL
X-Origin-CC
X-Drupal-Cache-Contexts
X-Pass-Why
X-Akamai-Transformed
X-MP-GENERATED-AT
X-Origin-Date
X-Real-IP
X-Srv
Upgrade-Insecure-Requests
NGB
X-Varnish-Hits
X-Cache-Expired-At
X-Handled-By
X-Ratelimit-Reset
X-CACHE-AGE
Liferay-Portal
X-Newrelic-Synthetics
Fastly-Drupal-HTML
X-Cms-Context
X-No-Session
X-Xfnlog-Site
X-Reqid
X-Optimistic-Header
Apigw-Requestid
X-Upgrade-Enabled
X-GEO
ServedBy
X-Hl-Ver
X-AB
X-ProxyCache-Status
X-BYPASS-REASON
X-ProxyCache-Key
X-Restarts
X-Cache-Host
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestPullCode
CDN-EdgeStorageId
CDN-Uid
X-RTag
WP-Super-Cache
MS-CV
CDN-RequestPullSuccess
CDN-CachedAt
X-Node-Name
X-Tx-Id
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Ms-Operation-Id
CDN-Cache
X-Fastly-Request-Id
X-Cache-TTL-Remaining
X-Cache-Type
X-CSRF-Token
X-TraceId
X-Parent-Response-Time
X-IPLB-Instance
X-IPLB-Request-ID
X-Cluster
X-Pubstack
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Geo-Region
X-UA-Device-Type
X-Via-JSL
X-A-Dgt
Web-Mar-Region
X-Csrf-Jwt
X-SD-PageType
X-A
X-A-Wwc
X-A-Dam
X-ScT
X-A-Ccd
X-Aed
X-A-Dcw
X-Request-Host
L
Rendered-Blocks
L5d-Success-Class
Lang
Server-Host
X-Application
X-PAYTM-SRV-ID
Ha-Gx-Prefs
HA-Ipaddr
Host-ID
Magicmarker
MD5-Digest
N-Cache
Origin-Agent-Cluster
X-Bc-Bl
Ngx.Var.Host
X-B-Cookie
Meta-Geo-Continent
X-Bl-Debug
X-BCube-Filmed-By
Redirect-Candidate
Gannett-Cam-Experience-Id
Fastly-SSL
X-Conf
BehaviorPad-Version
X-CGP
X-CF-Lambda-Version
True-Client-Country-4JS
Odigeo-Trace-Id
X-Rojux
W
Cache-Provider
Vix-Hermes-Req-Id
X-CF-Lambda-Fn
Canary
Surrogated-Key
Sslversion
X-App
DCR-Processing-Time-Ms
DCR-Decision-By
X-Cache-NE
Candidate-Md5Url
T-Server
X-CacheTTL
X-S-Cookie
X-D
X-Viewer-Country
X-Dispatcher-Number
X-SRCache-Key
X-Eu-Site
X-Developer
Xc-Version
X-We-Are-Hiring
X-Fastly-Backend
X-Ec-GeoHdr
X-External-Request-Id
X-Ec-Fail
X-Epic-Correlation-Id
X-Vtex-Remote-Cache
X-Ec-Custom-Error
X-FC-Vary-Parameters
X-Destination
X-Slack-Shared-Secret-Outcome
X-Debug-Cache-Store
X-Slack-Backend
X-Debug-Cache-Fetch
X-Vdms-Path
X-Vdms-Version
X-Worker
X-Micro-Cache
X-B3-Spanid
X-TIME
AMP-Access-Control-Allow-Source-Origin
Cache-Name
X-Cache-Status-Check
X-Proxy-Cache-Status
X-Gdpr
X-Orig-Expires
X-BBC-Edge-Cache-Status
Platform
X-Wikidot-Backend
X-Wikidot-Static-Cache
Origin
Mail-Subject
X-Cache-Bucket
X-VG-WebCache
Is-Eu
X-Cache-Debug
X-VG-TLSProxy
X-Origin-Time
X-Mvc-Supplant-Cachable
X-VServer
X-Vmg-Version
Producers
X-Forwarded-Path
X-Irp-Debug
X-App-Name
VNS-Cache
X-Owner
We-Hiring
VNS-Age
X-AIR-PT
X-Nyt-Route
X-NodeID
X-Pool
X-Nitro-Cache
X-Hash
X-Accel-Buffering
X-GeoIP-Region-Code
X-Thanos
X-Qloud-Router
X-Node-Id
X-Level-Front-Cache
Thinkindot-Control
X-Geo-Header
Gh-Request-Id
X-Bip
X-Nananana
X-Org
Release
Req-Svc-Chain
X-ApacheServer
X-Alternate-Cache-Key
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
TDXMobile
X-GeoIP-Country-Code
X-Generated-On
X-Old-Content-Length
X-Wix-Viewer-Type
Expect-Staple
X-Tenant
X-Mly-Id
X-S-Maxage
X-Core-Mission
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Request-Time
Adler-Geo
AKAMAI
X-RateLimit-Limit-Second
X-Refresh
X-Up
X-Var-Ttl
X-SVT-ORM-RULES
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Accel-Expires-Debug
X-Shop-Environment
X-Mid
X-ShopId
X-Date
X-Core-Value
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-DefHash
X-DefElseHash
X-Sn-Servicetimems
X-Server-IP
X-Variation
X-RateLimit-Remaining-Second
Environment
Cmsid
X-CMSURLCustom
CloudFront-Viewer-Country
X-Cdn-Origin
X-Cdn-Diag
Cmstype
X-Loc
Datacenter
X-Cache-Info
CPC-Cache
CPC-Age
X-Platform
X-Correlation-ID
Fastly-Backend-Name
X-Varnish-CookieHashed-On
X-Human
X-PERF
X-Clientip
X-Policy
Fastly-GeoIP-CountryCode
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnishpool
X-Server-W
X-Gzip
X-INCAP-ABP
X-Instance-Name
X-Cache-Id
X-Forwarded-Site
X-Esi-Check
X-Clara-WADP
X-Mvc-Supplant-OutputCached
X-Auto-Login
X-Akamai-Device-Characteristics
X-GeoIP
X-Device-Os
X-NCache
X-From
X-Fmm-Version
Apple-News-Services-Request-Url
Country-Code
Cf-Device-Type
DSUID
Esi-Enabled
NM-Fastcgi-Cache
X-Origin-Response-Time
Apple-News-Services-Host
Apple-News-Services-Handled
X-WADP-Cache
Machine
X-WA-Info
X-Datadome
X-Vgn-Hpd-Reason
X-Test
X-Origin
Apple-News-Services-Parsed-Url
X-Op-Id-All
X-Accel-Version
User-Cache-Control
X-Dc
X-Is-Desktop
Ssr
X-Browser-Name
X-Cdn-Srv
CDCHOST
Content-Secure-Policy
X-Is-Mobile
X-Section
X-Access
X-Nginx-Cache-Key
X-Gen-Mode
X-Is-Supported-Browser
NGX
Sever-Int
Server-Ext
Wxu-Next-Region
X-Block-Status
Wxu-Next-Commit
Wxu-Next-Hostname
X-Via-Fastly
X-Cache-Enabled
X-Tcp-Rtt
Server-Info
X-Hnp-Log
Server-Hostname
X-Is-Tablet
X-Buckets
X-CACHE-GROUP
C-Via
X-LB-NoCache
Pics-Label
X-Presslabs-Stats
X-Vcl-Version
X-Varnish-Beresp-Grace
X-API-Version
IsBot
X-Amz-Meta-Cb-Modifiedtime
X-SIPLIST1
Server-ID
X-Zone
X-JWT-State
X-ID
X-Is-Gdpr
X-Varnish-Beresp-Ttl
X-HA-Backend
Memcached
Sid
YJS-ID
X-Has-Esi
X-B3-Parentspanid
Memory
X-Wp-Cf-Super-Cache-Active
Cdn-Requestid
X-Cached-By
X-Platform-Processor
X-Platform-Router
Hostname
X-Platform-Cluster
Time
X-TA-CDN-Provider
X-Origin-Cache-Key
X-Scale
Origin-EX
Origin-CC
Cache-Hits
CF-Ctrl
X-Tb-Optimization-Total-Bytes-Saved
X-Frame-Option
X-WP-CF-Super-Cache-Active
X-TIM-N
X-Hyper-Cache
X-Backend-Instance
Location
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-PHP-Backend
X-ZONE
X-Internal-Host
X-Fpc
X-Cs
X-NGINX-Cache
X-Service
X-Webstats-RespID
Resin-Trace
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend-Server
X-NewRelic-App-Data
Epwk-X-Cache
X-DC
X-DataCenter
X-Azure-Ref-OriginShield
X-VC
X-Microcachable
GeoIP-Latitude
GeoIp-Country-Code
XServer
X-Site-Version
X-LiteSpeed-Cache-Control
X-SRV
Cache-Host
X-Nitro-Cache-From
X-Locale
X-Nitro-Rev
X-Origin-Expires
True-Client-Ip
Uri
X-VCache
LB
X-Edge-Server
XM
WZWS-RAY
Cdn-Host
True-Client-IP
X-Cache-Ttl
Cdn-Request-Time
GeoIP-Country-Code
Cdn
X-Info
Req-ID
X-NMSegId
X-CSRF-TOKEN
X-Datacenter
X-VarnishDD-TTL
NtCoent-Length
M-TraceId
X-Pod-Name
X-Pad
X-HN
PFcat
X-Ad-Load-Variation
X-Geo
Fastly-Drupal-Html
X-Web-Node
X-Request-Start
X-Ad-Defer-Variation
Cluster
X-Github-Request-Id
X-M-Log
WebServer
User-Agent
X-APP-VERSION
X-Vercel-Id
Pramga
X-Vercel-Cache
X-M-Reqid
X-Scope-Id
X-FPC
X-Request-URI
Cf-Ipcountry
X-MSEdge-Flight
X-Via-SSL
X-Shield-Cache-Expires
X-Via-Edge
X-FL-EDGE
A
X-CS
X-Via-CDN
X-Varnish-Beresp-Status
Edge-Copy-Time
X-Qnm-Cache
Srvid
X-MSEdge-Features
Content-Script-Type
HostName
X-FL-QIT-DEBUG
SID
X-CACHE-KEY
Content-Style-Type
Locid
X-HostName
Tcn
X-Cache-Date
Edge-Cache
CountryCode
Cache-Tv-Group
X-Api-Version
X-Cdn-Request-ID
X-WP-CF-Super-Cache-Cookies-Bypass
Cdncip
X-FireWall-Port
X-Amz-Meta-Opti
X-NWS-UUID-VERIFY
X-AK-Request-ID
Cdnsip
X-Moov-Xdn-Version
X-Esi
X-TH-Server
Path
X-ATG-Version
X-Varnish-Authentication
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Moov-T
X-LiteSpeed-Tag
X-Branch-Name
Srv
Cache-Key
X-Cdn-Forward
X-Req
X-Cache-FS-Status
X-Acquia-Purge-Cdn-Unconfigured
X-Aicache-OS
X-V-Cache
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-VCL-Version
On-Server
X-Men
X-Vary
Tube-Got-Eval
Tube-Got-Results
Tube-Return
V-Age
Yak-Timeinfo
Click-Count-Action-Start
X-Proxy-CacheRZ
XkeyRZ
X-Via-Popn
X-Via-Poph
Tube-Get-Contents
X-Servedbyhost
X-TRACE-ID
X-SB
X-LB-ID
X-Wa
Click-Count-Error
X-Via-Popv
X-B3-Trace-ID
X-Nc
Lb
CDN
X-UA
Geoip-Latitude
X-Render-Time
X-Tim-N
X-Wp-Cf-Super-Cache-Cache-Control
Wpo-Cache-Status
X-Akamai-Pragma-Client-IP
X-Wp-Cf-Super-Cache
Proxy-Connection
MIME-Version
Server-Id
Ngx-Var-Key
Wpo-Cache-Message
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Lb-Cache
My-App
X-Acquia-Site
Priority
X-Platform-Server
X-Planisys-CDN-TTL
State
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Fastly-Backend-Reqs
X-Acquia-Purge-Tags
X-User
X-HS-Content-Campaign-Id
X-Ha-Backend
X-Generated-In
X-Lb-Nocache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Air-Pt
PICS-Label
X-TT-LOGID
Ohc-Cache-HIT
X-Varnish-Director
X-CUA
Ohc-File-Size
X-Fastly-Cache
X-Release
Vha6-Origin
X-Dw-Trace-Id
X-Via-Ucdn
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
CF-Cached-On
X-Vgn-Hpd-Cached
X-EC-Lua
X-Iplb-Request-Id
X-Upstream-Ct
X-Iplb-Instance
Yjs-Id
X-Provided-By
X-Varnish-Beresp-TTL
X-Upstream-Ht
CACHE-MISS-TO-ORIGIN
Mime-Version
X-WA
X-Traceid
X-CDN-Cache-Status
X-Sigma-Backend
Warning
X-Sigma
X-Rocket-Build-Number
X-Fastly-Country-Code
Inserted-Into-Cache-At
X-RAMCache
X-HS-Status
Log-Origin
X-Miniprofiler-Ids
X-Udemy-Cache-App-Namespace
X-CF-Cache-Header-Vary
Cneonction
Ngx
X-Cache-Remote
X-Snapshot-Date
X-Fastly-Cache-Hits
Cache
X-Cached-Since
X-Litespeed-Cache-Control
X-ElasticPress-Query
X-CF-Cache-Header-Cache-Control