Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
X-Xss-Protection
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-FRAME-OPTIONS
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Request-ID
X-Iinfo
P3p
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Ua-Compatible
Access-Control-Max-Age
CF-Ray
X-Dns-Prefetch-Control
X-Via
X-Robots-Tag
X-Cache-Group
X-UA-Device
Server-Timing
Request-Context
Keep-Alive
X-AH-Environment
X-Turbo-Charged-By
X-Amz-Request-Id
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
X-Ws-Request-Id
Host-Header
X-Hacker
X-Server-Powered-By
X-Server
X-Rq
X-Vhost
X-Varnish-Cache
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
Cf-Edge-Cache
X-Dispatcher
EagleId
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Page-Speed
Accept-CH
X-Nginx-Cache-Status
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Node
Cf-Railgun
X-Host
X-Pingback
X-Cache-Spec
X-OneAgent-JS-Injection
X-Server-Id
X-Backend-Server
X-Akam-SW-Version
Surrogate-Control
Request-Id
Accept-CH-Lifetime
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Readtime
Content-Location
X-HW
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Application-Context
Rating
X-Trace
X-Akamai-Path-Stats
Fastly-Restarts
X-Url
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-Ruxit-Js-Agent
X-CST
X-Country
X-MS-InvokeApp
X-Oneagent-Js-Injection
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Edge
X-TtlSet
X-Vname
X-PC
Edge-Control
X-Mod-Pagespeed
X-Content-Type
X-ESI
X-B3-TraceId
X-Vcap-Request-Id
X-FastCGI-Cache
Cf-Apo-Via
X-D2id
Verso
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Exp-Id
Xkey
X-GitHub-Request-Id
X-Ttl
Cache-Tag
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Mcache
X-Powered-By-Plesk
X-Amz-Rid
RTSS
X-Navigation-Version
X-Server-Name
X-VARITI-CCR
X-Abt-Application-Version
X-Version
X-Upstream
X-Varnish-TTL
X-Ac
X-Client-IP
X-Cached
X-Cnection
X-Ruxit-JS-Agent
X-ECACHE
X-Element-Page-Cache
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-Instrumentation
Permissions-Policy
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
SPRequestGuid
X-SharePointHealthScore
X-RateLimit-Remaining
SPRequestDuration
SPIisLatency
X-Sol
Pagespeed
Display
X-Middleton-Display
X-Cache-TTL
Public-Key-Pins
X-Country-Code
X-NWS-LOG-UUID
X-Px
X-Middleton-Response
Response
X-Ser
X-Midtier
X-Kinsta-Cache
X-Edge-Location-Klb
X-Forwarded-For
X-Goog-Hash
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Cache-Key
X-DataDome
Content-MD5
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-NF-Request-ID
X-Correlation-Id
X-Shield-Request-Id
X-MSEdge-Ref
X-RateLimit-Limit
Access-Control-Request-Method
Front-End-Https
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-T
X-Recruiting
AR-Request-ID
AR-SID
AR-CACHE
MRF-Tech
AR-ATIME
AR-PoweredBy
Mrf-Cache-Status
X-B3-TraceId-Primal
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
Nginx-Cache
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Accel-Expires
X-Mg-S
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Content-Digest
TCN
X-Grace
X-Powered-CMS
X-Hits
X-Request-Received
X-Request-Processing-Time
X-Amzn-Trace-Id
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Node
Filters
Server-Name
X-Id
MS-Author-Via
Fastcgi-Cache
X-Geo-Country
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Webkit-Csp
X-Fastly-Request-Id
Count-Hit
X-Frontend
X-Distributor
X-XRDS-Location
X-Origin-Server
X-PressLabs-Stats
X-Ezoic-Cdn
X-Ua-Browser
Filterid
Cross-Origin-Opener-Policy
X-LLID
X-Language
X-Protected-By
Charset
X-ASPNET-VERSION
S
X-F-Cache
X-Request-Handler-Origin-Region
X-Seen-By
X-Microsite
X-FB-Debug
X-B3-Sampled
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-Git-Hash
Host
Payment
X-Page-Id
X-LB-Cache
X-Ratelimit-Reset
X-VCache
Cache-Status
X-Cluster-Name
Surrogate-Key
X-Ab
X-Rid
Cache-Tags
X-Www-Served-By
X-Litespeed-Cache
Access-Control-Allow-Method
X-Logged-In
X-Upgrade-Enabled
X-Source
Realpath
Accept-Ch
Retry-After
X-Cache-Age
Accept-Charset
X-DIS-Request-ID
X-Varnish-Backend
Alternate-Protocol
X-Origin-Cache
X-Type
Cleartype
X-Az
X-Template
X-AppVersion
X-Activity-Id
X-NGENIX-Cache
DC
X-Amz-Replication-Status
Paypal-Debug-Id
X-Aspnet-Duration-Ms
X-B-Cache
X-Providence-Cookie
X-Varnish-Grace
X-Wix-Request-Id
X-Envoy-Decorator-Operation
X-Signature
X-Route-Name
X-Is-Crawler
X-Request-Guid
X-Flags
X-App-Environment
X-B
X-TT
X-Tb
ServerID
X-Hostname
X-Revision
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Frame-Options
X-Fastcgi-Cache
X-DynaTrace
X-Contextid
X-Cache-Rule
X-COUNTRY
X-Node-Name
X-Drupal-Cache-Tags
X-Tt-Trace-Tag
X-Pinterest-Rid
Pinterest-Version
X-Tt-Trace-Host
Pinterest-Generated-By
X-Proxy
Refresh
Cross-Origin-Resource-Policy
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Storage-Class
X-Debug
X-Fastly-Request-ID
X-Trace-Id
X-Content-Options
X-Mobile
X-Load-Cache
X-EdgeConnect-Cache-Status
X-XRDS-LOCATION
Referer-Policy
Node
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Server
X-N
X-Cache-Control
X-Original-Request-Id
NGB
X-Response-Served-From
Country
X-Varnish-Age
X-Magnolia-Registration
Viewport
Akamai-GRN
X-Debug-IsPreview
X-Whom
X-Debug-IsConnected
Content-Disposition
X-NYM-Debug-Backend
X-Environment-Context
X-L-Path
X-Content-Powered-By
X-Instance
X-Cache-Time
X-Status
Access-Control-Request-Headers
Uber-Trace-Id
X-G
X-Rendered-As
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Adobe-Content
X-Adobe-Loc
X-Servername
X-Akamai-Request-ID2
Url
X-Cache-Grace
X-Real-IP
X-Page-View
X-Is-Bot
X-Jobs
X-Cacheable-TTL
X-User-Agent
X-Mid
X-ProcessESI
X-Framework
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-RemovedCookies
X-Cache-TTL-Remaining
Srv
X-Cache-Expired-At
X-Via-JSL
X-Unique-Id
X-Cache-Hit
X-Tumblr-Pixel
Countrycode
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-TTL
X-Cache-Operation
X-Drupal-Cache-Contexts
Healthy
Accept-Language
X-Rule
Version
X-APP-VERSION
X-CDN-Forward
X-Backend-Name
X-ECache
X-Time
X-Http-Reason
X-Mg-Request-UUID
X-Cache-Action
X-Akamai-Edgescape
X-Debug-Info
X-Server-ID
Section-Io-Cache
Protected
Content-Secure-Policy
X-Varnish-Ttl
X-VC-Cache
X-IPLB-Request-ID
X-IPLB-Instance
Xserver
X-Azure-Ref
X-Hosted-By
X-Tt-Logid
Server-Info
Backend
X-App-Server
X-Generation-Time
X-Api-Version
X-HTML-Minification-Powered-By
X-SRV
X-Generated-By
X-Oracle-Dms-Ecid
X-FW-Dynamic
X-FW-Type
X-FW-Hash
X-FW-Static
X-FW-Serve
X-FW-Server
Meta-Geo
X-RN-RSRV
X-Storage
X-UPSTREAM-Address
X-Content
X-Restarts
X-Oracle-Dms-Rid
X-Mobile-URL
Onion-Location
X-Amzn-RequestId
CF-IPCountry
X-Cache-Status-Check
X-Amz-Apigw-Id
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Azure-Version
Azure-InstanceId
X-R9-Blue-Green-Version
Azure-RegionName
Azure-SlotName
Property-Id
TWC-Privacy
S-Rt
X-Access
X-PCL
X-Origin-Hint
X-Section
X-Varnish-Cache-Hits
X-Cache-Server
Liferay-Portal
X-OCL
X-Locale
Webcakes-Region
Webcakes-App-Version
X-Cms-Context
X-FireWall-Port
X-Handled-By
X-Format
Webcakes-App-Name
Azure-SiteName
GEO-INFO
X-Device-Type
X-Urbn-Site-Id
CDN-CachedAt
CDN-RequestId
Eomportal-Instance
X-Edge-Location
X-Urbn-Context-Path
CDN-Uid
X-PHP-Host
CDN-RequestCountryCode
X-Content-Age
X-No-Session
CDN-PullZone
CDN-Cache
X-Adobe-Source
X-Sql-Duration-Ms
CDN-EdgeStorageId
X-Proto
X-VWS-Id
MS-CV
Ms-Operation-Id
X-Varnish-Beresp-Grace
X-Varnish-Hostname
X-Proxy-Cache-Status
X-Mode
X-Provided-By
X-LJ-Flow-ID
X-SayCDN-TTL
X-Say-TTL
X-JoinUs
Locale
X-RTag
X-Forwarded-Host
X-Site-Version
X-Cache-Host
X-Say-Cacheable
X-Server-W
Load-Balancing
X-Sql-Count
X-Redis-Cache
X-Skip-Cache
X-Region
X-SaId
Web-Mar-Node
X-Labrador-Cache-Channel
X-AWS-Id
X-Nginx-Cache-Key
X-FB-TRIP-ID
Apigw-Requestid
X-Extlb
X-Varnishpool
X-Detected-As
Cache-Name
X-Ms-Request-Id
X-GeoCountry
X-PHP-Backend
X-ShopId
X-ShardId
X-Routing-Service
X-Shopify-Stage
X-UA-Device-Type
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Mn-Server-Ip
X-Request-Time
X-Cache-Type
X-Via-Fastly
X-Web-Node
X-Xfnlog-Site
X-Ms-Version
X-GeoCode
DB-Nickname
X-Proxied
X-Alternate-Cache-Key
X-Zipkin-Id
X-BYPASS-REASON
X-Tid
X-Hl-Ver
X-ProxyCache-Status
X-ProxyCache-Key
X-Storefront-Renderer-Rendered
X-DynaTrace-JS-Agent
WP-Super-Cache
X-Dc
X-Cache-Enabled
X-Proxy-Build
Selected-Fe
X-Timing-Wait
X-ServerID
X-Amzn-Remapped-Content-Length
X-Loop
X-TNCMS
X-Reqid
X-Cdn
X-Vgn-Hpd-Reason
X-Uri
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-B3-Traceid
X-LSADC-Cache
X-Ua
X-Pubstack
Xet-Cookie
X-Soup
X-Origin-Date
X-Tumblr-Pixel-2
X-Cache-NGX
X-Aspnetmvc-Version
X-Zen-Fury
X-Ratelimit-Remaining
X-Newrelic-Synthetics
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Correlation-ID
Fastcgi-Useragent
X-Service
X-Nginx-Cache
X-Webkit-CSP
X-UUID
From-Origin
ServedBy
Source
X-TIME
X-Cache-Debug
X-MP-GENERATED-AT
X-GEO
X-NewRelic-App-Data
X-Origin-CC
X-Origin-TTL
Origin
X-TA-CDN-Provider
X-URL
X-Varnish-Hits
X-Human
X-App-Version
Cache
X-Cached-By
X-Cache-Tags
Cross-Origin-Window-Policy
X-Varnish-Beresp-Ttl
Rip
Fastly-Drupal-HTML
X-Ratelimit-Limit
X-RCS-CacheZone
BehaviorPad-Version
X-Rewrite-Enabled
Upgrade-Insecure-Requests
X-Cluster
Rendered-Blocks
X-ScT
MD5-Digest
WPO-Cache-Message
WPO-Cache-Status
Host-ID
Expiry
X-Ec-GeoHdr
X-Orig-Expires
X-B-Cookie
X-Ec-Fail
Lang
Environment
X-NAPM-TraceId
A
X-PBS-Appsvrname
DCR-Processing-Time-Ms
DCR-Decision-By
X-S
X-S-Cookie
X-Rojux
Cdncip
Cdnsip
X-Processor
X-Forwarded-Path
X-External-Request-Id
X-Parent-Response-Time
Meta-Geo-Continent
X-A-Dcw
X-A-Dgt
X-Aed
X-A-Dam
X-A-Ccd
X-Vdms-Version
X-Vdms-Path
X-A
X-User
X-TIM-N
X-Application
X-SRCache-Key
X-ARC
X-Bc-Bl
X-BCube-Filmed-By
X-Tenant
X-AK-Request-ID
X-Cache-NE
X-A-Wwc
X-Destination
Xc-Version
X-D
X-Developer
X-VG-WebCache
Ngx.Var.Host
X-Shop-Environment
Odigeo-Trace-Id
X-Connection-Hash
SD-X-WS
T-Server
Surrogated-Key
Sslversion
X-FW-Version
Mime-Version
OT-Force-Account-Verify
X-Request-Host
X-Owner
X-Nyt-Route
X-Accel-Buffering
X-Debug-Cache
X-Gdpr
CPC-Age
X-Aicache-OS
CPC-Cache
X-Served-From
VNS-Cache
X-Origin-Time
VNS-Age
Webserver
X-Dispatcher-Number
Redirect-Candidate
X-CMSURLCustom
X-Cdn-Srv
Server-Host
TDXMobile
Fastly-Backend-Name
Thinkindot-CacheControl
X-AOL-HN
X-Auto-Login
Thinkindot-Control
AKAMAI
X-Level-Front-Cache
X-Sucuri-Cache
X-JWT-State
X-Sucuri-ID
X-Thinkindot-L3
X-Cluster-Node
X-Worker
X-Is-Gdpr
X-INCAP-ABP
X-Generated-On
X-Developers
X-Geo-Header
X-Has-Esi
X-HS-Content-Campaign-Id
X-Core-Value
Thinkindot-CacheControl-Type
LB
WebServer
X-WP-CF-Super-Cache-Active
X-Sigma
Mobile-Detection-Method
NM-Fastcgi-Cache
X-Ad-Defer-Variation
Origin-CC
Release
NGX
X-DefHash
Producers
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Platform
X-Scheme
X-DefElseHash
Origin-EX
Memcached
Fastly-SSL
Fastly-SWR
X-DPWN-IS-SECURE
Fastly-SIE
Fastly-GeoIP-CountryCode
X-Cache-Id
X-Ec-Custom-Error
X-SIPLIST1
Is-Eu
Machine
Mail-Subject
X-Sigma-Backend
X-V-Cache
L
IsBot
Kp-EeAlive
X-Device-Os
Gh-Request-Id
V-Age
Vix-Hermes-Req-Id
X-Varnish-Remaining-TTL
X-Cache-Info
Tube-Return
Tube-Got-Eval
Tube-Got-Results
X-Varnish-CookieINHashed-On
We-Hiring
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
Wxu-Next-Region
Wxu-Next-Hostname
Web-Mar-Region
Wxu-Next-Commit
Tube-Get-Contents
X-VG-TLSProxy
X-Clara-WADP
X-WADP-Cache
X-Wix-Viewer-Type
X-Core-Mission
X-Cache-Bucket
X-Datadog-Parent-Id
X-Ckpd-Fst-Backend
State
X-CacheTTL
Traceparent
X-Cdn-Origin
X-Viewer-Country
X-VServer
Svr
Req-Svc-Chain
X-Scale
X-Pool
X-Proxy-Cache-Info
X-SplitTest
X-SVT-ORM-RULES
X-Platform-Server
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Qloud-Router
X-RateLimit-Limit-Second
X-Fmm-Version
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-Request-URI
X-RateLimit-Remaining-Second
X-Region-Sid
X-Planisys-CDN-Cache
X-Gamma-Serve
X-Loc
X-Minions-Version
X-Azure-Ref-OriginShield
X-Hash
X-GeoIP
X-Gzip
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-Origin-Response-Time
X-ATG-Version
X-Gateway-Cache-Status
X-NCache
X-NodeID
X-Variation
X-Fetched-On
X-Slack-Backend
X-S-Maxage
Datacenter
Country-Code
Cmstype
Cluster
Cmsid
X-GeoIP-City
X-Branch-Name
X-Epic-Correlation-Id
X-SB
X-Esi-Check
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-BBC-Edge-Cache-Status
CloudFront-Viewer-Country
Apple-News-Services-Request-Url
X-Fastly-Backend
Cache-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Adler-Geo
Apple-News-Services-Handled
Click-Count-Error
Canary
Click-Count-Action-Start
X-SVT-ORM-VERSION
X-Sn-Servicetimems
Candidate-Md5Url
X-Cache-Remote
X-Pass-Why
X-Optimistic-Header
X-Tumblr-Pixel-3
X-Block-Status
X-CGP
X-Var-Ttl
X-Thanos
X-Policy
X-Forwarded-Site
X-Up
X-Hnp-Log
X-Origin
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Bip
L5d-Success-Class
HA-Ipaddr
X-Gen-Mode
X-Csrf-Jwt
X-FC-Vary-Parameters
X-Eu-Site
Ha-Gx-Prefs
X-Clientip
Server-Ext
Servername
Sever-Int
X-Datadome
X-Udemy-Cache-App-Namespace
CDCHOST
DSUID
User-Cache-Control
Server-Hostname
X-IPS-LoggedIn
AMP-Access-Control-Allow-Source-Origin
X-Mvc-Supplant-OutputCached
X-CSRF-Token
Sid
Memory
Ec-Rule-Version
HostName
Time
X-VC
X-Nf-Request-Id
X-Tx-Id
X-Dispatch
X-LB-NoCache
X-PX
X-ZONE
Request-ID
Pics-Label
X-Presslabs-Stats
X-Tb-Optimization-Total-Bytes-Saved
Ssr
X-Edge-Pop
X-Akamai-Transformed
X-ND-Cache
X-Refresh
X-Via-Poph
My-App
X-Via-Popn
X-Via-Popv
X-B3-SpanId
X-Cs
Cache-Tv-Group
X-Via-NSCOPI
X-WA-Info
X-Req
X-Lambda-Id
Fastcgi-Cache-TTL
Env
X-B3-Spanid
X-GG-Cache-Date
X-Newrelic-App-Data
X-Session-Fingerprint
X-Servedbyhost
Server-ID
X-Generated-In
X-Trace-ID
X-NGINX-Cache
X-CACHE-KEY
GeoIp-Country-Code
X-Fastly-Cache
X-Origin-Expires
X-Wa
CacheControlHeader
True-Client-Country-4JS
SID
X-Rebelmouse-Cache-Control
Cache-Hits
X-Pod-Name
X-Rebelmouse-Surrogate-Control
X-Release
X-EC-Lua
X-Fpc
X-LB-ID
X-CACHE-AGE
X-ID
True-Client-IP
X-TX-ID
X-Vc
X-Op-Id-All
Hostname
X-CSRF-TOKEN
X-Xrds-Location
X-MCACHE
X-Zone
X-NWS-UUID-VERIFY
X-Webkit-CSP-Report-Only
X-Cache-Date
X-Ig-Push-State
X-VCL-Version
X-TH-Server
X-DC
X-GeoIP-Region-Code
X-MSEdge-Flight
X-MSEdge-Features
X-GeoIP-Country-Code
X-Buckets
X-Date
CDN
WWW-Authenticate
X-Accel-Expires-Debug
X-Conf
X-Endurance-Cache-Level
X-HS-Status
X-NC
X-Microcachable
X-RAMCache
X-TRACE-ID
X-Dmc
Fastly-Drupal-Html
Resin-Trace
X-Esi
X-CS
X-Vcl-Version
X-Old-Content-Length
X-Srv
X-RateLimit-Reset
X-Varnish-Beresp-TTL
Tcn
Powered-By
Path
Magicmarker
X-Check-Cacheable
X-Alfa-Service
X-Wikidot-Backend
X-Location
Section-Io-Id
True-Client-Ip
X-Wikidot-Static-Cache
X-Webstats-RespID
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Akamai-Pragma-Client-IP
X-FPC
Yjs-Id
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Be
X-Cache-Ttl
X-API-Version
X-CLOUD-TRACE-CONTEXT
X-Varnish-Authentication
X-LiteSpeed-Cache-Control
Proxy-Connection
X-Director
X-Lb-Id
X-Datacenter
GeoIP-Country-Code
X-Vercel-Id
X-Vercel-Cache
X-WA
X-Cdn-Forward
X-DataCenter
X-Via-CDN
Pramga
X-ServedByHost
Server-Id
Lb
X-Geo
X-Hyper-Cache
X-Mly-Id
X-Micro-Cache
FSS-Cache
X-M-Reqid
X-CF-Lambda-Version
X-Server-IP
X-HA-Backend
X-Test
Cdn
X-Response-By
X-M-Log
User-Agent
X-CF-Lambda-Fn
ENV
X-Dw-Trace-Id
X-Via-PopN
X-Via-PopV
X-Akamai-ERPolicy
X-Cache-Backend
X-Cache-Expires
M-TraceId
Uri
X-Via-PopH
X-Akamai-ERRuleID
Tracecode
X-App
HIT
X-Qnm-Cache
X-Client-Ip
X-Service-Response-Time
X-Edge-POP
YJS-ID
X-Cc-Via
Sm-Log-Id
X-AIR-PT
X-Air-Hostname
X-Air-Source
X-UA
Swift-Performance
X-We-Are-Hiring
X-Air-Trace-Id
Geoip-Latitude
X-TT-LOGID
X-Instance-Name
X-FL-EDGE
X-From
X-Traceid
Dnion-Transfer-Encoding
Srvid
Locid
PICS-Label
X-LI-Proto
N-Cache
C-Via
X-TrackingId
X-Li-Pop
X-LI-UUID
Location
X-Li-Fabric
X-LiteSpeed-Tag
X-ApacheServer
X-PERF
X-RPM
X-DW
X-RSL
CountryCode
X-Platform-Cluster
X-RPS
CF-Cached-On
X-Info
X-Frame-Option
Esi-Enabled
XM
XServer
X-Air-Pt
X-DSS
X-Platform-Processor
X-Platform-Router
Ohc-File-Size
Nginx-CQVIP
X-Platform
X-Request-Url
X-DI
X-Fastly-Backend-Reqs
X-DB
X-Lb-Nocache
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Hit
PFcat
X-HN
X-CF-Powered-By
X-Cache-Proxy
X-Cdn-Request-ID
NtCoent-Length
Timeexpire
Wpo-Cache-Message
Fastcgi-X-Cache-Version
Wpo-Cache-Status
X-Fastly-Cache-Hits
Vha6-Origin
X-Conten-Type-Options
X-HostName
On-Server
X-VarnishDD-TTL
X-PAYTM-SRV-ID
X-Ips-Loggedin
Warning
Wp-Super-Cache
X-Cache-Ngx
X-Litespeed-Cache-Control
X-NFL-Geo
X-NFL-Dma
X-Newegg-Flow
X-Newegg-Index
X-N-OperationId
X-Matched-Rule
X-Matome-Cached
X-MTS-Cache
X-NS-Authorization
X-Nerd
X-Okws-Version
X-PageType
X-OVcl-Cache
X-Paywall
X-PG-ACCESS
X-PGF-Deflate
X-OVcl
X-Origin-Ops
X-Nyt-Data-Last-Modified
X-NXG
X-Odoo-Frontend
X-Loadbalancer
X-Onedio-Env
X-Ntj-Investigation-Id
X-Is-SSL
X-Eventloop-Lag
X-Fastly-Is-Edge
X-Fstrz
X-Full-Ttl
X-ETag
X-Farm
X-F-Status
X-Eid
X-Ee-Origin
X-Ee-Request-Date
X-Pver
X-GG-Cache-Status
X-Git-Commit
X-Ittl
X-IBD-SID
X-Kebab
X-Kebabable
X-Keep
X-IBD-Cache
X-Header-Sub
X-Global-Transaction-ID
X-Ee-Request-Id
X-GoCache-CacheStatus
X-Group
X-LbNode
X-Xms-Page-Cache-Actions
X-Waitingroom
X-Wag-Acs
X-Web-Hosting
X-WP-Bypass
X-WSR2
X-Ver
X-Vary-Devices
X-Upstream-State
X-U-Cache
X-User-Auth
X-Utime
X-V2-Infrastructure
X-YSpaceId
XV-Cache
X-Oss-Object-Type
X-Ee-Generated-By
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
ServerName
XV-H
X-B3-Parentspanid
X-Fastly-Country-Code
Cache-Key
X-True-Client-Ip
X-Tried-To-Kebabify
X-Ruby
X-Route-Akamai
X-Save-Cache
X-Server-L
X-ServiceName
X-Route
X-Request-Origin
X-Reboot
X-Redis
X-Render-Method
X-Render-Time
X-Sh
X-Site
X-Test-Nginx-Ingress
X-Svr-Proxy
X-Timestamp
X-Toujours-Debout-Branch
X-Toujours-Debout-Location
X-SVR-IIS
X-Stack-Name
X-Slack-Shared-Secret-Outcome
X-SMP-JWT
X-Square
X-SSLProxy
X-R-Cache
Ok-Cache-Status
Ns
Npm-Remaining
Ns-Ua
OK-Edge-Date
Ok-Edge-Key
Npm-Cost
NLCacheNote
Is-Https
HTTPProtocol
Joe-X
NB-ESI
Nikkei-App-Version
Origin-Site
Panzer-Cache-Control
Service-Uuid
Served
SFRVia
Shieldsquare-Response
SII
Selected-Route
Scheme
RawURL
Proxy-Cache
Region
Request-Uuid
Rt-Proxy-Cache
HServer
H1
X-ElasticPress-Query
X-Mg-Cache
X-Yottaa-OS
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-B3-ParentSpanId
WZWS-RAY
Req-ID
X-CUA
Fastcgi-Cache-Ttl
SRV
DynaTrace
Cneonction
X-Serial
Cluster-Host
Cf-Wrk
CMS-200
Deeplink
Ec-Policy-Id
Cf-Locale
Cf-Device-Type
Akamai-X-Url
X-Th-Server
Cache-Stat
Cachekey
Cdn-Country-Code
Store-Cloud-Cache
Sw
X-Cache-NPR
X-Cache-Length
X-Cache-Reason
X-Cache-ReqUri
X-Cache-Response
X-Cache-IsMobileDevice
X-Cache-Cookie
X-Backend-TTL
X-AspNetWebPages-Version
X-Backside-Transport
X-BeanStalkRole
X-BeanStalkStage
X-CacheVersion
X-CDN-Pop
X-Delivery
X-Dehri-Date
X-Developed-By
X-Doge
X-DT-Node
X-Dcm-Pdtf
X-Container-Uri
X-Cf-Node-Idx
X-CDN-Pop-IP
X-Cms-Device
X-Coindesk-Cache
X-Colour
X-ASF-Cache
X-ARRRG1
Uniqueid
TWC-Unit
Userver
Vttl
X-77-NZT
TWC-Subs
TWC-PATH-LOCALE
Technodrome
T-Request-Id
Time-Cloud-Cache
Ttl
TWC-AK-Req-ID
X-77-NZT-Ray
X-Accel-Version
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-Native
X-Apache-Server
X-Ar-Stats
X-Arena-Request-Id
X-Akamai-DeviceType
X-Akamai-DeviceOS
X-Accepted-Language
X-Accepted-Fulllang
X-Accor-Asset
X-AEO-Platform
X-Akamai-CacheKeyMod
X-Edge-IP