Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Request-ID
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Request-Id
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
P3p
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-CDN
X-AspNetMvc-Version
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
Cf-Apo-Via
X-Device
Cf-Railgun
X-Server-Id
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
X-Akam-SW-Version
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Ruxit-JS-Agent
X-Readtime
X-Cache-Lookup
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-CST
X-Edge
X-WebKit-CSP-Report-Only
Content-Location
Accept-Ch-Lifetime
X-Content-Type
X-Country
X-Mcache
X-Url
X-ECACHE
X-MS-InvokeApp
X-Clacks-Overhead
Rating
X-Midtier
X-TtlSet
X-Vname
X-PC
X-Amz-Server-Side-Encryption
X-VARITI-CCR
RTSS
Cache-Tag
X-Vcap-Request-Id
X-B3-TraceId
X-D2id
X-Varnish-TTL
X-Litespeed-Cache
X-Element-Page-Cache
Verso
X-Server-Name
X-Ac
Origin-Trial
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-ESI
X-Rack-Cache
X-Cnection
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-GitHub-Request-Id
X-Navigation-Version
Xkey
X-Client-IP
X-Abt-Application-Version
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-NWS-LOG-UUID
X-Ttl
Edge-Control
X-Cached
X-Px
Arr-Disable-Session-Affinity
X-Mg-S
SPIisLatency
SPRequestDuration
X-Upstream
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Instrumentation
X-Correlation-Id
X-Sol
X-Middleton-Display
X-Dw-Request-Base-Id
Content-MD5
Pagespeed
Display
X-Cache-Key
X-Fastcgi-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-Goog-Hash
Front-End-Https
X-Country-Code
X-Daa-Tunnel
X-Forwarded-For
X-Version
X-XRDS-Location
X-RateLimit-Remaining
Public-Key-Pins
AR-SID
AR-Request-ID
AR-CACHE
AR-PoweredBy
X-Powered-CMS
AR-ATIME
X-Id
X-T
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Recruiting
X-Content-Digest
X-MSEdge-Ref
TCN
X-Accel-Expires
X-Middleton-Response
Response
MRF-Tech
X-Ser
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Shield-Request-Id
TP-L2-Cache
TP-Cache
X-Amzn-Trace-Id
Nginx-Cache
X-Fastly-Request-ID
S
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Hits
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Distributor
Cache-Status
MicrosoftSharePointTeamServices
X-Edge-Location-Klb
X-Kinsta-Cache
Cache-Tags
X-Ratelimit-Limit
X-Grace
Fastcgi-Cache
Alternate-Protocol
Server-Name
X-Ezoic-Cdn
X-Protected-By
X-Origin-Server
X-Ua-Browser
X-LB-Cache
X-Ratelimit-Reset
X-DIS-Request-ID
X-DataDome
X-Geo-Country
X-FastCGI-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Frontend
X-Ratelimit-Remaining
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Filterid
X-Debug-Info
X-Www-Served-By
X-Rid
X-Varnish-Backend
Cleartype
X-TTL
Payment
X-Logged-In
Healthy
X-Forwarded-Proto
X-Git-Hash
X-NGENIX-Cache
Cross-Origin-Opener-Policy
X-FB-Debug
X-Page-Id
X-Webkit-Csp
X-Load-Cache
X-ASPNET-VERSION
Charset
X-LLID
X-B3-Sampled
Content-Disposition
DC
X-VCache
X-Origin-Cache
X-Cluster-Name
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Hostname
X-Goog-Metageneration
X-GUploader-UploadID
X-PressLabs-Stats
MS-Author-Via
X-Proxy
Retry-After
X-Upgrade-Enabled
Access-Control-Allow-Method
X-F-Cache
Accept-Charset
Paypal-Debug-Id
X-Activity-Id
X-Type
X-AppVersion
X-Az
X-Oracle-Dms-Rid
X-Amz-Replication-Status
Realpath
X-Oracle-Dms-Ecid
X-Is-Crawler
X-Flags
X-B-Cache
Viewport
X-Seen-By
Cross-Origin-Resource-Policy
X-Aspnet-Duration-Ms
X-Azure-Ref
X-Request-Guid
X-Providence-Cookie
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Server
X-Signature
X-Route-Name
X-ORACLE-DMS-RID
X-Whom
X-Contextid
X-ORACLE-DMS-ECID
X-Aspnetmvc-Version
X-App-Environment
X-Wix-Request-Id
X-Revision
X-B
X-Hosted-By
X-Fb-Rlafr
X-TT
X-DynaTrace
Surrogate-Key
Accept-Ch
X-Source
Count-Hit
Referer-Policy
X-Language
X-RateLimit-Limit
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
X-App-Server
X-Template
X-Tt-Trace-Host
X-Mobile
X-Tt-Trace-Tag
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Cache-Control
Host
X-Varnish-Grace
X-N
X-HTML-Minification-Powered-By
X-Response-Served-From
X-Original-Request-Id
X-Magnolia-Registration
Version
X-Tumblr-Pixel-1
X-UUID
X-Tumblr-User
X-Tumblr-Pixel-0
X-EdgeConnect-Cache-Status
X-Tumblr-Pixel
X-Cache-Rule
X-Cache-Time
X-RTag
SD-X-WS
Refresh
Ms-Operation-Id
X-Varnish-Age
VIX-Pulpo-Node
MS-CV
X-Rule
VIX-Pulpo-Upstream-Status
Section-Io-Cache
X-Cache-Status-Check
X-Page-View
Protected
X-Envoy-Decorator-Operation
X-Status
Akamai-GRN
X-Cache-Expired-At
X-Cache-Grace
X-Cacheable-TTL
NGB
X-Framework
X-Content-Powered-By
Access-Control-Request-Headers
X-Adobe-Loc
X-Adobe-Content
X-FW-Server
X-L-Path
X-Is-Bot
X-Instance
X-Http-Reason
X-NYM-Debug-Backend
X-ProcessESI
X-B3-Traceid
X-Rendered-As
X-RemovedCookies
X-FW-Version
X-Jobs
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-Environment-Context
X-Servername
X-Backend-Name
X-Akamai-Request-ID2
X-Device-Type
GEO-INFO
Url
X-User-Agent
SRV
X-G
X-Trace-Id
X-Cache-Age
X-Debug-IsConnected
X-COUNTRY
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-CDN-Forward
X-Newrelic-App-Data
X-Drupal-Cache-Tags
From-Origin
WPO-Cache-Message
WPO-Cache-Status
X-Yottaa-Optimizations
X-Nginx-Cache
X-Yottaa-Metrics
Accept-Language
CDN-RequestId
X-Region
X-Cache-Hit
Front
Country
X-Tb
X-Node-Name
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Tt-Logid
X-Real-IP
X-Content-Options
Backend
X-Buckets
X-Tec-Api-Version
Fastly-SWR
Uber-Trace-Id
X-Tec-Api-Origin
X-XRDS-LOCATION
X-Mode
X-Tec-Api-Root
Fastly-SIE
X-Unique-Id
X-VC-Cache
Fastly-Drupal-HTML
Content-Secure-Policy
X-DynaTrace-JS-Agent
X-Times
X-Zen-Fury
X-RN-RSRV
X-Generation-Time
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Tumblr-Pixel-2
X-Cache-Operation
Meta-Geo
Filters
Onion-Location
X-Access
X-Format
X-Section
X-Amzn-Remapped-Content-Length
X-IPS-LoggedIn
X-Cache-Server
X-TIME
X-Content-Age
Azure-SiteName
Webserver
Apigw-Requestid
Azure-InstanceId
Azure-RegionName
TWC-Privacy
X-Via-Fastly
Cache-Hits
X-Rocket-Nginx-Serving-Static
X-Server-W
X-Ua
X-Varnish-Beresp-Grace
X-Cache-Host
X-Cms-Context
X-Origin-Hint
X-Locale
X-PHP-Backend
X-Reqid
X-Proxy-Cache-Info
X-Sucuri-ID
X-Sucuri-Cache
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
Property-Id
Azure-Version
CF-IPCountry
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
X-Sql-Count
X-Sql-Duration-Ms
Webcakes-App-Version
Webcakes-App-Name
Azure-SlotName
X-Cache-Action
X-Fastly-Request-Id
X-Air-Source
X-Air-Hostname
Web-Mar-Node
X-URL
S-Rt
X-Air-Trace-Id
X-Cluster-Node
X-Cluster
X-AWS-Id
X-Time
DB-Nickname
X-Adobe-Source
X-GeoCode
X-GeoCountry
X-Handled-By
X-Proxy-Cache-Status
X-Site-Version
X-Skip-Cache
X-Cache-TTL-Remaining
X-Soup
X-Debug
X-IPLB-Instance
ServerID
X-Proto
X-VWS-Id
Node
X-Ms-Request-Id
X-R9-Blue-Green-Version
Cache-Name
X-Ms-Version
X-IPLB-Request-ID
X-LJ-Flow-ID
X-Timing-Wait
X-Proxy-Build
X-Proxied
X-ProxyCache-Status
X-SaId
X-Web-Node
X-Urbn-Site-Id
X-Urbn-Context-Path
X-PHP-Host
X-Detected-As
X-Forwarded-Host
X-Labrador-Cache-Channel
X-JoinUs
X-LAGOON
X-UA-Device-Type
X-Edge-Location
X-Extlb
ServedBy
X-ProxyCache-Key
X-SRV
Cross-Origin-Window-Policy
X-No-Session
X-BYPASS-REASON
CDN-Uid
CDN-RequestCountryCode
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
Mn-Server-Ip
Locale
X-Routing-Service
X-Xfnlog-Site
Selected-Fe
X-Zipkin-Id
X-Say-TTL
X-FB-TRIP-ID
X-LSADC-Cache
Mime-Version
WP-Super-Cache
X-SayCDN-TTL
X-Say-Cacheable
Fastcgi-Useragent
Liferay-Portal
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Optimistic-Header
X-CACHE-AGE
X-Hl-Ver
X-Tumblr-Pixel-3
X-Oneagent-Js-Injection
X-Webkit-CSP
X-Request-Time
X-Redis-Cache
X-Cache-Debug
Source
Xserver
X-Presslabs-Stats
X-TNCMS
X-Loop
X-Origin-Date
X-Mg-Request-UUID
CF-Cached-On
X-Akamai-Transformed
Upgrade-Insecure-Requests
X-Uri
X-Generated-By
X-Varnish-Hits
Xet-Cookie
X-GEO
X-TA-CDN-Provider
Countrycode
X-Director
X-Varnish-Beresp-Ttl
X-NWS-UUID-VERIFY
X-ARC
X-Pass-Why
X-Newrelic-Synthetics
X-FireWall-Port
Frame-Options
X-Tid
X-App-Version
X-Origin-CC
X-Origin-TTL
X-Tx-Id
X-ECache
X-Storage
X-Service
Cache-Tv-Group
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-ShopId
X-DC
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Varnish-Hostname
Environment
X-Endurance-Cache-Level
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-RM-Cache-TTL
X-ServerID
Memcached
X-Bc-Bl
Candidate-Md5Url
X-BCube-Filmed-By
Host-ID
DCR-Processing-Time-Ms
X-Conf
X-Core-Value
X-Destination
X-Cache-NE
Edge-Cache
Lang
Meta-Geo-Continent
Gannett-Cam-Experience-Id
MD5-Digest
X-Aed
A
Rendered-Blocks
Redirect-Candidate
X-A-Ccd
Sslversion
Surrogated-Key
WWW-Authenticate
X-A
T-Server
Origin
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Application
Ngx.Var.Host
Odigeo-Trace-Id
X-A-Dcw
BehaviorPad-Version
X-Request-Host
X-B-Cookie
X-D
X-Vdms-Version
X-Vdms-Path
X-TIM-N
X-VG-TLSProxy
X-Mobile-URL
X-Generated-On
X-Processor
X-Level-Front-Cache
X-Test
X-S
DCR-Decision-By
X-S-Cookie
X-Rojux
X-ScT
X-SRCache-Key
X-Developer
X-Gdpr
X-Loc
X-Nyt-Route
X-Epic-Correlation-Id
X-Origin-Time
X-Platform-Cluster
X-Ec-Fail
X-Ec-GeoHdr
Xc-Version
X-External-Request-Id
X-Platform-Processor
X-Platform-Router
X-Frame-Option
X-AIR-PT
SID
Decoy-Debug-TTL
Decoy-Debug-Status
TDXMobile
X-Is-Gdpr
State
Decoy-Debug-Key
X-Org
Release
X-INCAP-ABP
X-Mid
Magicmarker
X-NodeID
X-Req
X-Restarts
Req-Svc-Chain
X-JWT-State
Fastly-Backend-Name
Server-Host
X-HS-Content-Campaign-Id
X-Bip
X-Cache-Bucket
X-Fmm-Version
X-Gamma-Serve
X-We-Are-Hiring
X-Worker
X-Cache-Info
X-Location
X-Developers
X-Old-Content-Length
X-CMSURLCustom
X-Clara-WADP
X-Cdn-Srv
X-WADP-Cache
X-Auto-Login
X-SB
X-SD-PageType
X-S-Maxage
Vix-Hermes-Req-Id
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Served-From
X-Has-Esi
X-Varnish-Beresp-Status
X-WA-Info
X-Thinkindot-L3
X-Thanos
X-Geo-Header
Thinkindot-CacheControl
X-BBC-Edge-Cache-Status
Apple-News-Services-Request-Url
Cache-Key
Server-Info
Apple-News-Services-Parsed-Url
AKAMAI
Apple-News-Services-Host
Cluster
Apple-News-Services-Handled
Country-Code
X-Parent-Response-Time
X-B3-Spanid
X-V-Cache
X-Var-Ttl
X-Ckpd-Fst-Backend
X-Varnish-CookieHashed-On
X-Cdn-Origin
X-Up
X-SVT-ORM-VERSION
X-Date
X-DefElseHash
X-DefHash
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Varnish-CookieINHashed-On
X-CUA
X-Core-Mission
X-Varnish-Remaining-TTL
X-NCache
X-WP-CF-Super-Cache-Active
X-Azure-Ref-OriginShield
Cache-Host
X-Akamai-Device-Characteristics
X-Accel-Expires-Debug
CacheControlHeader
X-Wix-Viewer-Type
X-VServer
X-Cache-FS-Status
X-Cache-Id
X-Varnishpool
X-Cache-Backend
X-Vmg-Version
X-Block-Status
X-Slack-Shared-Secret-Outcome
X-Dispatcher-Number
X-Gzip
X-Pool
X-Hnp-Log
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Gen-Mode
X-GeoIP-City
X-Platform-Server
X-Human
X-Men
X-Origin-Response-Time
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Region-Sid
X-Minions-Version
X-Accel-Buffering
X-Nginx-Cache-Key
X-Nananana
X-Ec-Custom-Error
X-Origin
X-Dispatcher-Server
Datacenter
X-Node-Id
X-Op-Id-All
X-Request-Start
X-Fetched-On
X-Fastly-Backend
X-Esi-Check
X-Scale
X-Slack-Backend
X-App
Machine
X-Rocket-Build-Number
X-Pubstack
CDCHOST
Click-Count-Action-Start
X-Sigma
Tube-Got-Eval
Tube-Get-Contents
NM-Fastcgi-Cache
Click-Count-Error
Cache-Provider
Svr
C-Via
On-Server
Server-Ext
Pics-Label
Server-Hostname
X-Httpd
X-Hash
Ssr
Sever-Int
Tube-Got-Results
We-Hiring
X-Sigma-Backend
Wxu-Next-Region
Web-Mar-Region
Cmsid
Wxu-Next-Hostname
Wxu-Next-Commit
DSUID
Mail-Subject
User-Cache-Control
Tube-Return
CloudFront-Viewer-Country
Fastly-GeoIP-CountryCode
Cmstype
Gh-Request-Id
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Is-Eu
L
X-Forwarded-Site
Origin-CC
Platform
Origin-EX
X-LB-NoCache
X-Varnish-Ttl
X-VarnishDD-TTL
X-Refresh
X-Qloud-Router
X-Platform
Fastly-SSL
NGX
X-Server-IP
X-FC-Vary-Parameters
X-GeoIP
X-HN
X-Variation
PFcat
Canary
X-Ad-Defer-Variation
Kp-EeAlive
X-Irp-Debug
X-CacheTTL
X-Device-Os
Producers
X-DPWN-IS-SECURE
X-Mvc-Supplant-Cachable
Adler-Geo
X-Webkit-CSP-Report-Only
X-CSRF-Token
L5d-Success-Class
X-Via-Popn
X-Esi
X-Via-Popv
Ha-Gx-Prefs
X-Aicache-OS
X-Cache-Date
HA-Ipaddr
X-Via-Poph
X-CGP
X-Csrf-Jwt
X-Eu-Site
X-Cache-Tags
X-Trace-ID
X-Cached-By
X-Cache-Remote
HostName
X-HA-Backend
X-Mvc-Supplant-OutputCached
Cdn
X-Microcachable
X-Mly-Id
X-RCS-CacheZone
X-Servedbyhost
GeoIP-Latitude
Env
Load-Balancing
X-VC
Cdncip
Server-ID
X-Fastly-Cache
X-Tb-Optimization-Total-Bytes-Saved
Cdnsip
X-AK-Request-ID
X-ZONE
X-Instance-Name
X-Nc
X-ND-Cache
X-Gateway-Request-Id
Time
X-Origin-Expires
X-Fpc
X-API-Version
X-Wa
X-Zone
Memory
X-Api-Version
X-LB-ID
X-Response-By
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-DataCenter
X-Gateway-Skip-Cache
X-Vc
X-Via-NSCOPI
X-HS-Status
X-Generated-In
X-FL-EDGE
Srvid
X-Release
Expect-Staple
X-From
Locid
X-FL-QIT-DEBUG
X-Correlation-ID
X-CS
AMP-Access-Control-Allow-Source-Origin
X-CLOUD-TRACE-CONTEXT
Cache
X-Client-Ip
X-CCDN-Origin-Time
X-Via-CDN
X-Hcs-Proxy-Type
X-APP-VERSION
X-CCDN-CacheTTL
X-Edge-Pop
X-NGINX-Cache
Eomportal-Instance
NtCoent-Length
Hostname
X-Vgn-Hpd-Cached
GeoIp-Country-Code
X-Vgn-Hpd-Ssi
X-Provided-By
X-Via-SSL
Ngx-Var-Key
Edge-Copy-Time
X-Check-Cacheable
X-Via-Edge
X-Micro-Cache
X-Cache-Enabled
X-Vgn-Hpd-Variations-Key
X-NewRelic-App-Data
OT-Force-Account-Verify
X-CSRF-TOKEN
X-Lambda-Id
X-Vcl-Version
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Fetch
X-Debug-Cache-Store
IsBot
X-SIPLIST1
X-Request-URI
X-MCACHE
X-Srv
X-B3-SpanId
X-Dc
X-Proxy-CacheRZ
XkeyRZ
X-Via-JSL
True-Client-IP
X-Cache-NGX
X-Air-Pt
X-Info
X-VCL-Version
X-Nf-Request-Id
Srv
Sid
VNS-Cache
X-Vtex-Remote-Cache
VNS-Age
X-Render-Time
Path
CPC-Cache
CPC-Age
X-EC-Lua
Uri
Resin-Trace
True-Client-Ip
X-Cs
X-VCT
X-TH-Server
Location
Request-ID
Fastly-Drupal-Html
X-Server-ID
X-ATG-Version
X-Cache-Expires
X-Oss-Storage-Class
X-Fastly-Country-Code
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-TX-ID
GeoIP-Country-Code
Cross-Origin-Opener-Policy-Report-Only
CDN
X-Edge-POP
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
Esi-Enabled
Servername
X-CACHE-KEY
YJS-ID
X-Datadome
X-Upstream-Ht
X-MSEdge-Features
M-TraceId
X-Upstream-Ct
X-MSEdge-Flight
X-Accel-Version
X-Cache-Type
X-Cdn-Request-ID
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Pod-Name
X-Datacenter
X-Moov-T
X-CF-Lambda-Version
X-Moov-Xdn-Version
Sm-Log-Id
X-Service-Response-Time
Traceparent
X-Scheme
Timeexpire
X-CF-Lambda-Fn
X-Varnish-Beresp-TTL
X-RateLimit-Reset
LB
X-PAYTM-SRV-ID
X-PERF
X-WA
X-FPC
X-Lb-Id
X-Geo
CountryCode
X-ApacheServer
X-Viewer-Country
X-Akamai-Pragma-Client-IP
X-CDN-Cache-Status
X-Wikidot-Backend
RNT-Time
RNT-Machine
HIT
X-SERVER-NAME
X-Wikidot-Static-Cache
N-Cache
X-NC
X-Udemy-Cache-App-Namespace
X-Cdn-Cache-Status
XServer
Ohc-File-Size
Powered-By
X-Srcache-Store-Status
Proxy-Connection
FSS-Cache
X-NAPM-TraceId
X-Shop-Environment
X-Forwarded-Path
X-Bl-Debug
X-Srcache-Fetch-Status
X-Tenant
ENV
X-Orig-Expires
Server-Id
Rip
X-ServedByHost
X-LiteSpeed-Cache-Control
X-B3-Trace-ID
X-MP-GENERATED-AT
Epwk-X-Cache
X-TraceId
Geoip-Latitude
X-Dw-Trace-Id
Tcn
X-Policy
X-App-Name
X-Amz-Meta-Opti
Tracecode
X-Hyper-Cache
Yjs-Id
V-Age
True-Client-Country-4JS
X-Clientip
WZWS-RAY
X-Cdn-Forward
X-Ha-Backend
X-HostName
Ms-Author-Via
X-M-Reqid
X-M-Log
X-TT-LOGID
X-Serial
Ec-Rule-Version
X-Rebelmouse-Surrogate-Control
Content-Style-Type
X-Vgn-Hpd-Reason
X-Lb-Nocache
X-Fastly-Backend-Reqs
X-Swift-Error
X-Via-PopV
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-Trace
X-Qnm-Cache
X-VG-WebCache
X-Via-PopN
X-Via-PopH
X-B3-Parentspanid
Content-Script-Type
XM
User-Agent
Inserted-Into-Cache-At
X-B3-ParentSpanId
Cdn-Requestid
X-Rebelmouse-Cache-Control
Ngx
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-Wp-Cf-Super-Cache
X-F-Status
X-Request-URL
X-Fastly-Cache-Hits
Lb
X-RAMCache
My-App
X-Mid-Debug-Cache-Key
X-LiteSpeed-Tag
X-MiniProfiler-Ids
X-Cache-Ngx
X-Th-Server
X-IPS-Cached-Response
X-Stale
Warning
X-UP
Cneonction
X-Mid-Debug-Cache-Disk
X-Snapshot-Date
MIME-Version