Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-Id
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
P3p
X-Proxy-Cache
Keep-Alive
X-Ua-Compatible
X-Server
X-Ws-Request-Id
X-Age
Host-Header
Cf-Edge-Cache
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Apo-Via
X-WebKit-CSP
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Server-Id
EagleEye-TraceId
X-Ruxit-JS-Agent
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Cache-Spec
X-Cache-Lookup
X-HW
X-Content-Security-Policy-Report-Only
Accept-Ch-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
X-Mcache
X-Content-Type
Content-Location
X-MS-InvokeApp
Accept-CH-Lifetime
X-CST
X-Clacks-Overhead
X-Url
X-Amz-Server-Side-Encryption
Rating
X-PC
X-Vname
X-TtlSet
X-Midtier
X-Litespeed-Cache
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-VARITI-CCR
X-GoogleNews-Bot
Origin-Trial
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Kinja
Verso
X-Use-Magma
X-Kinja-Server
X-Rack-Cache
X-Server-Name
X-Ac
X-Powered-By-Plesk
X-GitHub-Request-Id
Service-Worker-Allowed
X-Cnection
X-ECACHE
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-Navigation-Version
Xkey
X-Ttl
X-Abt-Application-Version
Edge-Control
SPIisLatency
SPRequestDuration
X-Cache-TTL
X-NWS-LOG-UUID
X-B3-TraceId
X-Upstream
Arr-Disable-Session-Affinity
X-Cached
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Mg-S
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Varnish-TTL
X-Px
X-Cache-Key
Pagespeed
Display
X-Middleton-Display
X-Sol
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
Edge-Cache-Tag
X-Forwarded-For
X-Country-Code
X-Goog-Hash
X-Webkit-Csp
X-NF-Request-ID
X-Correlation-Id
Content-MD5
TCN
X-Powered-CMS
Front-End-Https
AR-Request-ID
AR-CACHE
AR-PoweredBy
X-Id
AR-ATIME
AR-SID
X-Version
Public-Key-Pins
X-HP-Trace-Id
X-Jurisdiction
Accept-Ch
X-HP-Webp
X-RateLimit-Remaining
X-Ser
X-MSEdge-Ref
X-T
X-Content-Digest
X-Recruiting
X-Ratelimit-Limit
X-Amzn-Trace-Id
Response
X-Middleton-Response
X-Accel-Expires
X-Daa-Tunnel
TP-L2-Cache
TP-Cache
X-Shield-Request-Id
X-XRDS-Location
MicrosoftSharePointTeamServices
S
Nginx-Cache
Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-HS-Content-Id
X-Request-Processing-Time
X-Request-Received
X-HS-Hub-Id
Server-Node
X-HS-Combine-CSS
X-HS-Cache-Config
Cache-Tags
X-Hits
X-Distributor
X-PressLabs-Stats
Cross-Origin-Opener-Policy
X-Kinsta-Cache
X-Edge-Location-Klb
X-LB-Cache
X-Origin-Server
X-Ratelimit-Remaining
X-Ezoic-Cdn
Fastcgi-Cache
X-Ua-Browser
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ratelimit-Reset
Alternate-Protocol
X-Fastcgi-Cache
X-Grace
Server-Name
Filterid
X-DIS-Request-ID
X-Frontend
X-Microsite
X-Request-Handler-Origin-Region
X-Hostname
X-LLID
X-Protected-By
X-Rid
X-Geo-Country
Healthy
X-FB-Debug
X-Fastly-Request-ID
X-Logged-In
X-Varnish-Backend
X-Git-Hash
Cleartype
Payment
X-Page-Id
X-Debug-Info
X-Load-Cache
X-Www-Served-By
X-Forwarded-Proto
X-Cluster-Name
X-NGENIX-Cache
X-DataDome
X-ASPNET-VERSION
DC
X-ECache
MS-Author-Via
X-Origin-Cache
Realpath
Charset
X-TTL
Content-Disposition
Access-Control-Allow-Method
X-B3-Sampled
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-F-Cache
X-Proxy
X-Az
X-Activity-Id
X-AppVersion
X-B3-Traceid
X-Seen-By
X-Amz-Replication-Status
X-Amz-Meta-S3cmd-Attrs
X-Fb-Rlafr
X-Azure-Ref
X-Cache-Age
X-Server-ID
Paypal-Debug-Id
Retry-After
X-Whom
X-Type
Cross-Origin-Resource-Policy
Count-Hit
X-Contextid
X-Route-Name
X-Flags
X-Is-Crawler
X-Request-Guid
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Revision
Surrogate-Key
Viewport
X-Wix-Request-Id
X-Varnish-Server
X-Signature
X-Aspnetmvc-Version
X-B
X-B-Cache
X-Hosted-By
X-App-Environment
Accept-Charset
X-Akamai-Edgescape
X-TT
X-VCache
X-DynaTrace
X-Language
Amp-Access-Control-Allow-Source-Origin
X-Source
X-App-Server
X-Cache-Control
X-Fastly-Request-Id
X-Mobile
Referer-Policy
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Times
X-Magnolia-Registration
X-Envoy-Decorator-Operation
X-Varnish-Grace
Host
Version
X-Varnish-Ttl
X-HTML-Minification-Powered-By
X-Cache-Rule
X-N
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
WPO-Cache-Message
WPO-Cache-Status
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-EdgeConnect-Cache-Status
X-Tt-Trace-Tag
X-Original-Request-Id
X-Response-Served-From
X-Tumblr-User
X-Tumblr-Pixel
Refresh
X-Tt-Trace-Host
X-Varnish-Age
MS-CV
Ms-Operation-Id
X-Cache-Status-Check
X-RTag
Access-Control-Request-Headers
X-Cache-Time
X-Rule
X-UUID
X-Cache-Grace
SD-X-WS
X-User-Agent
X-Framework
X-FW-Dynamic
GEO-INFO
Akamai-GRN
X-FW-Hash
X-Backend-Name
X-Page-View
X-RemovedCookies
X-Status
X-Cacheable-TTL
X-Jobs
X-ProcessESI
Section-Io-Cache
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Version
X-FW-Serve
X-Content-Powered-By
Protected
From-Origin
VIX-Pulpo-Node
X-Environment-Context
X-G
X-Cache-Expired-At
X-Device-Type
X-Is-Bot
X-Instance
X-Rendered-As
X-Drupal-Cache-Tags
X-L-Path
VIX-Pulpo-Upstream-Status
X-Ruxit-Js-Agent
X-NYM-Debug-Backend
X-Drupal-Cache-Contexts
X-Amz-Apigw-Id
X-Servername
Url
X-Amzn-RequestId
NGB
X-Akamai-Request-ID2
X-Region
X-Http-Reason
X-Trace-Id
X-Adobe-Loc
X-Adobe-Content
SRV
CDN-RequestId
X-Nginx-Cache
X-RateLimit-Limit
X-Template
Front
X-CDN-Forward
X-Unique-Id
X-Debug-IsConnected
X-XRDS-LOCATION
X-Debug-IsPreview
Accept-Language
X-Content-Options
X-Yottaa-Optimizations
X-Cache-Hit
X-Yottaa-Metrics
Backend
Fastly-SIE
Fastly-SWR
Country
X-Zen-Fury
Liferay-Portal
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-DynaTrace-JS-Agent
X-Newrelic-App-Data
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Mode
X-COUNTRY
X-Tb
Content-Secure-Policy
X-Cache-Operation
X-Real-IP
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Proxy-Cache-Info
X-RN-RSRV
X-Cache-Server
X-Rocket-Nginx-Serving-Static
X-Tumblr-Pixel-2
X-Amzn-Remapped-Content-Length
Uber-Trace-Id
X-Generation-Time
Webserver
S-Rt
Filters
Meta-Geo
X-Content-Age
Onion-Location
X-Tt-Logid
Azure-RegionName
Azure-InstanceId
X-IPS-LoggedIn
X-Web-Node
Azure-SiteName
Azure-Version
Selected-Fe
CF-IPCountry
X-Proxy-Build
Cache-Hits
Azure-SlotName
X-PHP-Backend
X-Format
X-Locale
X-Node-Name
X-Section
X-Timing-Wait
X-Access
X-Time
X-UA-Device-Type
X-Site-Version
X-Say-TTL
X-Say-Cacheable
Property-Id
Cache-Name
X-Forwarded-Host
X-Soup
X-Sql-Count
X-Cluster-Node
X-Skip-Cache
X-SayCDN-TTL
X-R9-Blue-Green-Version
X-Origin-Hint
X-Varnish-Beresp-Grace
Webcakes-Region
X-Proto
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
X-Ms-Version
ServedBy
Webcakes-App-Name
X-Ms-Request-Id
X-Server-W
Webcakes-App-Version
TWC-Device-Class
TWC-Connection-Speed
X-Sql-Duration-Ms
X-Debug
X-URL
X-Uri
Node
X-Proxy-Cache-Status
X-Proxied
X-ProxyCache-Key
X-Routing-Service
X-ProxyCache-Status
X-TIME
ServerID
Web-Mar-Node
X-Cache-TTL-Remaining
X-BYPASS-REASON
X-Cms-Context
X-Edge-Location
X-Handled-By
X-Extlb
DB-Nickname
X-Reqid
X-Origin-Date
X-PHP-Host
Cross-Origin-Window-Policy
X-Labrador-Cache-Channel
X-Cache-Host
X-Zipkin-Id
X-Via-Fastly
X-Webkit-CSP
X-Sucuri-Cache
X-Tumblr-Pixel-3
X-Sucuri-ID
X-VC-Cache
X-Ua
X-AWS-Id
X-Cache-Action
X-Detected-As
X-Cluster
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Adobe-Source
X-SaId
X-LJ-Flow-ID
X-JoinUs
X-IPLB-Instance
X-IPLB-Request-ID
X-FB-TRIP-ID
X-VWS-Id
Mn-Server-Ip
Countrycode
X-LAGOON
X-App-Version
X-Xfnlog-Site
X-Optimistic-Header
X-No-Session
Apigw-Requestid
X-Tec-Api-Version
X-GeoCountry
Locale
X-LSADC-Cache
X-ARC
Fastcgi-Useragent
X-GeoCode
X-Urbn-Site-Id
X-Tec-Api-Root
X-Tec-Api-Origin
WP-Super-Cache
X-Urbn-Context-Path
X-Buckets
Mime-Version
Cache-Tv-Group
Source
X-Director
X-Oneagent-Js-Injection
CDN-CachedAt
CDN-Uid
Upgrade-Insecure-Requests
CDN-Cache
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Varnish-Hits
X-Hl-Ver
X-Generated-By
X-Mg-Request-UUID
Fastly-Drupal-HTML
X-Request-Time
X-Redis-Cache
Frame-Options
X-Cache-Debug
X-GEO
X-Webkit-CSP-Report-Only
X-FireWall-Port
X-Loop
CF-Cached-On
Xet-Cookie
X-Origin-CC
X-Tx-Id
X-Varnish-Cache-Hits
X-Origin-TTL
X-Pass-Why
X-RM-Cache-TTL
X-Varnish-Hostname
X-Storefront-Renderer-Rendered
X-TA-CDN-Provider
X-Alternate-Cache-Key
X-Api-Version
X-ShardId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-TNCMS
X-ServerID
X-SRV
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
Load-Balancing
X-Datadog-Parent-Id
X-Akamai-Transformed
X-Newrelic-Synthetics
X-Pubstack
X-Service
X-Served-From
X-Endurance-Cache-Level
X-Request-Host
X-Correlation-ID
X-Location
Xserver
Server-Info
Gannett-Cam-Experience-Id
X-SRCache-Key
Lang
BehaviorPad-Version
X-Bc-Bl
X-Bip
Candidate-Md5Url
X-BCube-Filmed-By
X-Hash
X-BBC-Edge-Cache-Status
Memcached
X-Cache-Date
X-Cache-Info
X-Gdpr
MD5-Digest
X-B-Cookie
X-Cache-NE
Cache-Host
Edge-Cache
DCR-Processing-Time-Ms
DCR-Decision-By
Country-Code
X-Generated-On
DSUID
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Ec-Fail
X-Developer
X-Destination
X-External-Request-Id
X-Cdn-Origin
X-Core-Mission
X-Conf
A
X-CMSURLCustom
X-We-Are-Hiring
Host-ID
X-CUA
X-Mid
Meta-Geo-Continent
X-ScT
X-A-Wwc
X-Nyt-Route
X-Platform-Router
X-A-Dgt
Thinkindot-Control
Xc-Version
X-Mobile-URL
Redirect-Candidate
Release
Rendered-Blocks
Req-Svc-Chain
X-A-Dcw
X-A-Dam
X-TIM-N
Surrogated-Key
X-Rojux
X-Thinkindot-L3
X-Platform-Processor
X-Platform-Cluster
X-S-Cookie
X-S-Maxage
X-A-Ccd
X-Origin-Time
Sslversion
X-SVT-ORM-RULES
X-A
X-S
X-D
TDXMobile
Origin
X-Test
X-SVT-ORM-VERSION
X-Sn-Servicetimems
X-Application
X-Vdms-Version
Ngx.Var.Host
Thinkindot-CacheControl-Type
X-Httpd
Odigeo-Trace-Id
X-INCAP-ABP
X-Vdms-Path
X-Level-Front-Cache
X-Rocket-Build-Number
X-Sigma-Backend
T-Server
X-Thanos
X-Sigma
X-Processor
WWW-Authenticate
X-Loc
X-Aed
Thinkindot-CacheControl
X-Restarts
X-Storage
X-CSRF-Token
CacheControlHeader
X-Akamai-Device-Characteristics
CloudFront-Viewer-Country
Fastly-GeoIP-CountryCode
X-Worker
We-Hiring
X-Cache-Bucket
Magicmarker
Mail-Subject
X-Auto-Login
Server-Host
X-Accel-Expires-Debug
Gh-Request-Id
X-CacheTTL
X-Cdn-Srv
X-WADP-Cache
Fastly-Backend-Name
NM-Fastcgi-Cache
X-WP-CF-Super-Cache-Active
X-Clara-WADP
X-HS-Content-Campaign-Id
X-Geo-Header
X-Org
X-GeoIP
Section-Origin-Responded
X-Origin-Response-Time
X-Vmg-Version
X-Var-Ttl
X-VServer
X-Varnish-Beresp-Status
X-Gamma-Serve
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Has-Esi
X-JWT-State
X-Is-Gdpr
X-Varnish-Beresp-Ttl
Cache-Key
X-Varnishpool
Section-Io-Id
X-GeoIP-City
X-Node-Id
X-Mvc-Supplant-Cachable
X-Fmm-Version
X-Fetched-On
AKAMAI
X-Date
X-Slack-Backend
X-Server-IP
Apple-News-Services-Handled
X-Slack-Shared-Secret-Outcome
C-Via
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Developers
X-SD-PageType
X-Region-Sid
X-Men
X-Pool
X-Origin
X-Fastly-Cache
X-Fastly-Backend
X-B3-Spanid
X-Dispatcher-Number
X-Ec-Custom-Error
X-Human
X-Parent-Response-Time
Wxu-Next-Hostname
X-FC-Vary-Parameters
X-Qloud-Router
X-Forwarded-Site
Wxu-Next-Region
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Frame-Option
X-Cache-Tags
X-Req
X-DefElseHash
Web-Mar-Region
X-Core-Value
X-DefHash
X-Device-Os
X-WA-Info
Wxu-Next-Commit
X-Gen-Mode
X-Block-Status
X-Azure-Ref-OriginShield
X-LB-NoCache
X-VG-TLSProxy
X-Wix-Viewer-Type
X-App
X-Hnp-Log
X-Irp-Debug
X-HN
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Accel-Buffering
X-GeoIP-Country-Code
X-Op-Id-All
X-Nginx-Cache-Key
X-NCache
X-Mly-Id
X-GeoIP-Region-Code
User-Cache-Control
Canary
Click-Count-Error
Click-Count-Action-Start
CDCHOST
Cache-Provider
Cmsid
Cmstype
L
Kp-EeAlive
X-Ad-Defer-Variation
Datacenter
X-Cache-Id
X-Dispatcher-Server
X-Request-Start
X-Scale
X-Variation
X-NWS-UUID-VERIFY
X-Platform
Tube-Return
X-Esi-Check
X-Gzip
X-NodeID
X-Origin-Expires
Vix-Hermes-Req-Id
X-Instance-Name
Tube-Get-Contents
Is-Eu
Platform
Origin-EX
Origin-CC
Server-Ext
State
Adler-Geo
Sever-Int
Ssr
Server-Hostname
Machine
Tube-Got-Eval
PFcat
On-Server
Tube-Got-Results
NGX
X-Planisys-CDN-Cache
X-Old-Content-Length
X-SB
X-Planisys-CDN-Rules
X-DPWN-IS-SECURE
Ha-Gx-Prefs
X-Owner
L5d-Success-Class
X-Eu-Site
Environment
HA-Ipaddr
X-Cache-FS-Status
X-Planisys-CDN-TTL
X-Minions-Version
X-V-Cache
X-Ckpd-Fst-Backend
X-CGP
X-Response-By
X-Cache-Remote
X-Platform-Server
X-Provided-By
X-Release
Fastly-SSL
Producers
X-Csrf-Jwt
X-CACHE-AGE
HostName
X-Air-Pt
X-Tb-Optimization-Total-Bytes-Saved
X-Nananana
Pics-Label
X-Refresh
Srvid
X-Aicache-OS
X-Mvc-Supplant-OutputCached
Cluster
Decoy-Debug-Status
Expect-Staple
X-Microcachable
Decoy-Debug-TTL
Decoy-Debug-Key
X-FL-EDGE
Locid
X-Cache-Backend
X-FL-QIT-DEBUG
X-Dc
X-Via-CDN
X-Tid
GeoIP-Latitude
X-Vcl-Version
Edge-Copy-Time
X-Via-Edge
X-Via-SSL
X-From
X-Zone
X-RCS-CacheZone
X-Cache-Enabled
Env
X-ND-Cache
X-Trace-ID
X-DC
X-VC
Sid
Memory
X-Up
Time
X-Generated-In
X-Servedbyhost
X-Srv
NtCoent-Length
Svr
X-Cached-By
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Edge-Pop
X-Lambda-Id
Cache
X-Cs
X-Via-Popn
X-Via-Poph
X-HS-Status
X-ZONE
X-Nc
X-DataCenter
X-Via-Popv
SID
X-AIR-PT
X-NewRelic-App-Data
X-Nf-Request-Id
AMP-Access-Control-Allow-Source-Origin
VNS-Age
CPC-Age
Fastly-Drupal-Html
VNS-Cache
X-Wa
CPC-Cache
X-Render-Time
X-Vgn-Hpd-Ssi
X-Presslabs-Stats
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Esi
X-Vtex-Remote-Cache
X-HA-Backend
X-VCT
X-Vc
Cdn
X-CCDN-Origin-Time
X-Client-Ip
Server-ID
X-LB-ID
X-CLOUD-TRACE-CONTEXT
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-TH-Server
X-Upstream-Ct
GeoIp-Country-Code
X-Upstream-Ht
X-Check-Cacheable
X-Cache-Type
X-B3-SpanId
X-ATG-Version
X-Fpc
X-AK-Request-ID
Cdnsip
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-Amz-Meta-Cb-Modifiedtime
Cdncip
X-Via-JSL
X-Gateway-Skip-Cache
Hostname
XkeyRZ
X-Proxy-CacheRZ
X-Cache-ASPX
X-NGINX-Cache
X-Via-NSCOPI
True-Client-IP
X-Contensis-Viewer-Groups
Uri
X-Varnish-Authentication
XServer
M-TraceId
X-API-Version
Srv
X-Varnish-Beresp-TTL
X-CSRF-TOKEN
X-CS
X-EC-Lua
X-Datadome
X-PAYTM-SRV-ID
Esi-Enabled
Eomportal-Instance
X-RateLimit-Limit-Second
X-CF-Lambda-Version
True-Client-Ip
X-RateLimit-Remaining-Second
X-CF-Lambda-Fn
X-Udemy-Cache-App-Namespace
X-MSEdge-Features
X-MSEdge-Flight
X-MP-GENERATED-AT
OT-Force-Account-Verify
Resin-Trace
X-FPC
N-Cache
X-Wikidot-Static-Cache
Ngx-Var-Key
X-Micro-Cache
X-Wikidot-Backend
X-CDN-Cache-Status
CDN
YJS-ID
Request-ID
RNT-Machine
X-APP-VERSION
GeoIP-Country-Code
X-Fastly-Country-Code
RNT-Time
Path
X-Orig-Expires
X-Tenant
X-Forwarded-Path
X-Shop-Environment
X-Bl-Debug
X-SIPLIST1
Server-Id
X-TX-ID
IsBot
X-Cache-Ttl
X-Request-URI
X-Cache-NGX
LB
X-Service-Response-Time
Lb
X-App-Name
X-Info
X-B3-Trace-ID
X-VCL-Version
X-Ha-Backend
X-Lb-Id
X-Accel-Version
Sm-Log-Id
X-Policy
X-WA
X-Datacenter
X-MCACHE
X-Geo
X-Edge-POP
X-Pod-Name
Cross-Origin-Opener-Policy-Report-Only
X-RateLimit-Reset
HIT
Location
X-SERVER-NAME
X-Via-PopH
X-Vcache
X-Via-PopV
Ohc-File-Size
X-Cdn-Cache-Status
X-Via-PopN
Hit
X-NC
X-Xrds-Location
X-Logging-Id
X-Akamai-Pragma-Client-IP
ENV
X-Srcache-Store-Status
X-Cache-Expires
Timeexpire
Pramga
X-Cdn-Request-ID
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Snapshot-Date
Servername
X-Srcache-Fetch-Status
X-Cdn-Diag
FSS-Cache
X-Oss-Storage-Class
X-Oss-Object-Type
X-CACHE-KEY
X-Oss-Request-Id
Proxy-Connection
X-Git-Commit
X-Container-Uri
Yjs-Id
Req-ID
X-Ctl-Mach
Epwk-X-Cache
X-ServedByHost
Warning
X-VG-WebCache
X-Tncms
X-Amz-Meta-Opti
X-Hyper-Cache
XM
WZWS-RAY
X-Cdn-Forward
X-Scheme
Geoip-Latitude
X-LiteSpeed-Cache-Control
X-Serial
X-UP
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
X-Rebelmouse-Surrogate-Control
X-M-Log
X-Rebelmouse-Cache-Control
X-MiniProfiler-Ids
X-TimeS
X-M-Reqid
True-Client-Country-4JS
X-Iauth-Set-Uid
CDN-RequestPullSuccess
X-B3-Parentspanid
X-Swift-Error
X-Acquia-Application-Trace
CDN-RequestPullCode
X-RAMCache
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Qnm-Cache
Ec-Rule-Version
X-Acquia-Purge-Cdn-Unconfigured
Content-Script-Type
Cneonction
X-TraceId
V-Age
X-Moov-Xdn-Version
Content-Style-Type
Traceparent
X-Lb-Nocache
Cdn-Requestid
X-Moov-T
CountryCode
X-Wp-Cf-Super-Cache
X-TT-LOGID
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-F-Status
X-Clientip
Ohc-Cache-HIT
X-Litespeed-Cache-Control
X-Mg-Cache
MIME-Version
X-IPS-Cached-Response
X-Viewer-Country
My-App
X-B3-ParentSpanId
X-ApacheServer
Inserted-Into-Cache-At
X-Cache-Ngx
X-LiteSpeed-Tag
Ngx
X-Request-URL
X-Fastly-Cache-Hits
X-PERF
X-Mid-Debug-Cache-Key
X-Mid-Debug-Cache-Disk
X-Th-Server
X-Webstats-RespID