Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
X-Dns-Prefetch-Control
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-Amz-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Backend
X-Amz-Id-2
X-Proxy-Cache
X-Ws-Request-Id
P3p
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Akamai-Path-Stats
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
Cf-Edge-Cache
X-LiteSpeed-Cache
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
X-Device
X-WebKit-CSP
X-Page-Speed
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Server-Id
X-Pingback
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Cache-Spec
Request-Id
Surrogate-Control
Accept-CH
Cf-Railgun
X-Backend-Server
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-Response-Time
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
Content-Location
Accept-CH-Lifetime
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Country
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Url
X-Edge
X-Amz-Server-Side-Encryption
X-MS-InvokeApp
Edge-Control
X-Rack-Cache
X-Ruxit-JS-Agent
X-TtlSet
X-PC
X-Vname
X-B3-TraceId
X-Nginx-Upstream-Cache-Status
X-Content-Type
X-Vcap-Request-Id
X-ESI
X-Mod-Pagespeed
X-Oneagent-Js-Injection
Xkey
Accept-Ch
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-D2id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-Amz-Rid
X-Varnish-TTL
X-Mcache
Verso
X-VARITI-CCR
Cache-Tag
X-GitHub-Request-Id
X-CST
RTSS
X-Powered-By-Plesk
X-FastCGI-Cache
X-ECACHE
Service-Worker-Allowed
X-Upstream
X-Cached
X-Navigation-Version
X-Version
X-Abt-Application-Version
X-Client-IP
X-Dw-Request-Base-Id
X-Ruxit-Js-Agent
X-Px
X-Cnection
X-Ac
Public-Key-Pins
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
Arr-Disable-Session-Affinity
SPRequestGuid
X-SharePointHealthScore
X-Element-Page-Cache
X-Server-Name
X-Ser
X-Sol
Display
X-Middleton-Display
Pagespeed
SPRequestDuration
SPIisLatency
X-Cache-TTL
X-Country-Code
X-NWS-LOG-UUID
X-Ttl
X-RateLimit-Remaining
Permissions-Policy
X-Midtier
X-Cache-Key
Response
X-Middleton-Response
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-NF-Request-ID
X-Forwarded-For
Access-Control-Request-Method
Content-MD5
X-DataDome
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
Front-End-Https
X-MSEdge-Ref
X-Correlation-Id
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Recruiting
X-Powered-CMS
AR-CACHE
AR-PoweredBy
AR-ATIME
Nginx-Cache
AR-SID
AR-Request-ID
X-Accel-Expires
X-T
X-RateLimit-Limit
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Daa-Tunnel
MicrosoftSharePointTeamServices
TCN
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Grace
X-Litespeed-Cache
X-Mg-S
X-Id
X-Hits
X-Content-Digest
Filters
X-TEC-API-ROOT
X-TEC-API-VERSION
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-TEC-API-ORIGIN
X-HS-Combine-CSS
Server-Node
X-Request-Received
X-Request-Processing-Time
Server-Name
X-Frontend
X-Amzn-Trace-Id
S
X-LLID
X-Distributor
X-TTL
MS-Author-Via
X-Protected-By
X-Geo-Country
Cache-Status
X-Language
Fastcgi-Cache
X-PressLabs-Stats
X-LB-Cache
Cf-Apo-Via
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-F-Cache
X-Fastly-Request-Id
X-Seen-By
X-Microsite
X-FB-Debug
X-Ezoic-Cdn
Host
Filterid
Charset
X-Request-Handler-Origin-Region
X-B3-Sampled
X-Page-Id
X-Origin-Server
X-Ab
X-Ua-Browser
X-XRDS-Location
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
Count-Hit
Payment
X-ASPNET-VERSION
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
Realpath
X-Fastcgi-Cache
X-Cache-Age
X-Ratelimit-Reset
X-VCache
X-Cluster-Name
X-Origin-Cache
Accept-Charset
Surrogate-Key
X-Template
Cache-Tags
Alternate-Protocol
X-Rid
X-NGENIX-Cache
X-Webkit-Csp
X-DynaTrace
Retry-After
X-Az
X-Activity-Id
X-AppVersion
Cleartype
X-Www-Served-By
Access-Control-Allow-Method
X-DIS-Request-ID
X-App-Environment
X-Flags
X-B-Cache
X-Aspnet-Duration-Ms
X-Varnish-Backend
X-Varnish-Grace
X-Providence-Cookie
X-Upgrade-Enabled
X-Node-Name
X-Request-Guid
X-Signature
X-Is-Crawler
X-Route-Name
X-Tb
X-Wix-Request-Id
X-TT
X-Amz-Replication-Status
ServerID
X-B
X-Type
Paypal-Debug-Id
X-Logged-In
DC
X-Drupal-Cache-Tags
X-Proxy
X-Debug
X-Envoy-Decorator-Operation
X-Source
X-Fastly-Request-ID
X-Hostname
Frame-Options
X-Content
X-Mobile
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Revision
X-Content-Options
X-Load-Cache
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Contextid
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Amp-Access-Control-Allow-Source-Origin
X-Goog-Stored-Content-Length
X-N
X-GUploader-UploadID
X-Goog-Generation
X-Cache-Control
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Country
X-Magnolia-Registration
Referer-Policy
X-Cache-Rule
X-User-Agent
Viewport
X-Whom
X-EdgeConnect-Cache-Status
X-Response-Served-From
NGB
Node
X-Original-Request-Id
Refresh
Content-Disposition
X-Debug-IsPreview
X-Environment-Context
Access-Control-Request-Headers
X-L-Path
X-Framework
X-Ratelimit-Remaining
X-Cacheable-TTL
X-Cache-TTL-Remaining
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Varnish-Age
Akamai-GRN
X-Yottaa-Metrics
VIX-Pulpo-Node
X-Rendered-As
X-G
X-Servername
X-Is-Bot
X-Jobs
X-Page-View
X-NYM-Debug-Backend
X-Mid
X-Real-IP
X-Unique-Id
Url
Uber-Trace-Id
X-Varnish-Server
X-Status
VIX-Pulpo-Upstream-Status
X-Akamai-Request-ID2
X-Adobe-Content
X-Cache-Grace
X-Adobe-Loc
X-Mg-Request-UUID
X-Cache-Time
X-Instance
X-Content-Powered-By
X-Server-ID
X-Drupal-Cache-Contexts
Countrycode
X-Restarts
X-ProcessESI
X-RemovedCookies
Version
X-COUNTRY
Srv
X-App-Server
X-Http-Reason
X-Debug-Info
X-Time
X-CDN-Forward
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-XRDS-LOCATION
Accept-Language
X-APP-VERSION
Protected
X-IPLB-Request-ID
X-IPLB-Instance
X-Cache-Expired-At
X-Hosted-By
X-Via-JSL
Healthy
X-Nginx-Cache-Key
X-Ratelimit-Limit
X-Cache-Hit
Liferay-Portal
X-Tumblr-Pixel
X-Device-Type
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tt-Logid
Fastcgi-Useragent
X-Azure-Ref
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
Section-Io-Cache
X-FW-Type
X-Backend-Name
X-Trace-Id
X-Cache-Operation
X-Cache-NGX
Backend
MS-CV
Ms-Operation-Id
Content-Secure-Policy
X-RTag
X-UUID
X-Proxy-Cache-Status
Server-Info
X-Mobile-URL
X-RN-RSRV
X-UPSTREAM-Address
Load-Balancing
Meta-Geo
X-Storage
X-Mode
X-Akamai-Edgescape
GEO-INFO
X-Handled-By
X-Cache-Enabled
X-Say-Cacheable
Web-Mar-Node
X-Access
CDN-CachedAt
X-Alternate-Cache-Key
X-SayCDN-TTL
X-AWS-Id
X-Say-TTL
CDN-Cache
X-Cms-Context
X-Forwarded-Host
X-Edge-Location
WP-Super-Cache
X-Content-Age
X-Region
X-Cache-Host
X-Cache-Server
X-Format
X-Shopify-Stage
Eomportal-Instance
X-VWS-Id
X-VC-Cache
Onion-Location
X-Origin-Date
S-Rt
X-Sql-Duration-Ms
X-Section
X-No-Session
X-OCL
X-PCL
X-Storefront-Renderer-Rendered
X-PHP-Host
X-Proto
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Uri
X-Varnishpool
X-Varnish-Hostname
X-PHP-Backend
X-Sql-Count
X-URL
CDN-RequestCountryCode
CF-IPCountry
X-ShopId
X-Sorting-Hat-ShopId
X-HTML-Minification-Powered-By
CDN-RequestId
CDN-Uid
X-Adobe-Source
X-Site-Version
CDN-EdgeStorageId
X-Sorting-Hat-PodId
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Redis-Cache
X-ShardId
CDN-PullZone
X-Skip-Cache
TWC-Device-Class
Mn-Server-Ip
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Connection-Speed
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
TWC-GeoIP-Country
X-JoinUs
X-Locale
X-ProxyCache-Status
X-Proxy-Build
X-Xfnlog-Site
X-Varnish-Beresp-Grace
X-Zipkin-Id
X-Web-Node
X-ProxyCache-Key
X-Timing-Wait
X-Proxied
X-Varnish-Cache-Hits
X-Origin-Hint
X-Via-Fastly
X-ServerID
X-Server-W
X-FB-TRIP-ID
X-Generated-By
X-Extlb
X-Detected-As
X-Cache-Type
X-GeoCode
X-GeoCountry
X-SaId
X-UA-Device-Type
X-Routing-Service
X-Hl-Ver
X-Request-Time
X-BYPASS-REASON
Selected-Fe
Azure-RegionName
X-Datadome
Azure-Version
Cross-Origin-Resource-Policy
Azure-InstanceId
Apigw-Requestid
DB-Nickname
X-Rule
X-Cache-Action
Azure-SlotName
Azure-SiteName
X-Zen-Fury
X-Correlation-ID
X-Cache-Status-Check
X-Generation-Time
X-SRV
X-Tid
X-Nginx-Cache
X-Debug-Cache
X-R9-Blue-Green-Version
ServedBy
X-Ms-Version
X-Ms-Request-Id
X-ECache
Cache-Name
X-DynaTrace-JS-Agent
X-LSADC-Cache
X-FireWall-Port
X-Ua
X-Human
Cache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Xserver
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Tags
X-Dc
X-App-Version
Source
SD-X-WS
Xet-Cookie
X-Cached-By
X-Api-Version
Cross-Origin-Window-Policy
X-TNCMS
X-Loop
X-Aspnetmvc-Version
X-RCS-CacheZone
X-Varnish-Hits
X-MP-GENERATED-AT
X-GEO
LB
X-Cdn
WPO-Cache-Message
X-TA-CDN-Provider
X-Reqid
WPO-Cache-Status
Origin
X-Webkit-CSP
X-Pubstack
X-Via-NSCOPI
X-Soup
X-Origin-CC
X-Origin-TTL
X-NewRelic-App-Data
X-Amzn-Remapped-Content-Length
X-GG-Cache-Date
X-Service
X-Tumblr-Pixel-2
X-IPS-LoggedIn
From-Origin
X-AOL-HN
X-B3-SpanId
X-Varnish-Ttl
Webserver
X-Vgn-Hpd-Reason
Cache-Hits
X-Newrelic-Synthetics
Rip
X-Platform-Server
X-Provided-By
X-FW-Version
X-Varnish-Beresp-Ttl
X-Cluster-Node
X-B3-Traceid
X-Request-Host
Host-ID
Expiry
Lang
DCR-Decision-By
DCR-Processing-Time-Ms
Environment
X-Vdms-Version
A
X-Vdms-Path
MD5-Digest
BehaviorPad-Version
Cdncip
Cdnsip
X-VG-WebCache
X-User
Xc-Version
X-AK-Request-ID
X-External-Request-Id
X-Forwarded-Path
X-NAPM-TraceId
X-SRCache-Key
X-Ec-GeoHdr
X-Ec-Fail
X-D
X-Destination
X-Developer
X-Orig-Expires
X-Owner
X-S
X-Served-From
X-S-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-PBS-Appsvrname
X-Processor
X-Shop-Environment
X-Tenant
X-Connection-Hash
T-Server
X-A
X-A-Ccd
X-A-Dam
Surrogated-Key
Sslversion
Ngx.Var.Host
Odigeo-Trace-Id
Rendered-Blocks
X-A-Dcw
X-A-Dgt
X-Bc-Bl
X-BCube-Filmed-By
X-Cache-NE
X-B-Cookie
X-ARC
X-Aed
X-TIM-N
X-Application
Meta-Geo-Continent
X-A-Wwc
Upgrade-Insecure-Requests
X-TIME
OT-Force-Account-Verify
HostName
X-CSRF-Token
X-Thanos
X-VC
X-Dispatcher-Number
Mobile-Detection-Method
X-Level-Front-Cache
Redirect-Candidate
X-Bip
X-Accel-Buffering
X-Aicache-OS
X-Generated-On
Fastly-SSL
X-Pool
Machine
X-Qloud-Router
X-Cluster
X-WA-Info
X-Origin-Response-Time
Cache-Tv-Group
Mime-Version
X-Core-Value
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Clientip
X-Core-Mission
X-Datadog-Parent-Id
X-Csrf-Jwt
X-DefHash
X-Fetched-On
X-Eu-Site
X-Fmm-Version
X-Forwarded-Site
X-Gateway-Cache-Key
X-Gamma-Serve
X-Esi-Check
X-Epic-Correlation-Id
X-DefElseHash
X-Datadog-Trace-Id
X-Developers
X-Device-Os
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Datadog-Sampling-Priority
X-Cache-Id
Tube-Return
Tube-Got-Results
V-Age
Vix-Hermes-Req-Id
VNS-Cache
VNS-Age
Tube-Got-Eval
Tube-Get-Contents
Thinkindot-CacheControl
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-Control
Traceparent
We-Hiring
Web-Mar-Region
X-Cache-Info
X-Gateway-Cache-Status
X-CacheTTL
X-Cdn-Origin
X-Cdn-Srv
X-Cache-Bucket
X-Branch-Name
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Ad-Defer-Variation
X-BBC-Edge-Cache-Status
X-CGP
X-Hash
X-Sigma
X-Session-Fingerprint
X-Sigma-Backend
X-SIPLIST1
X-Sn-Servicetimems
X-Slack-Backend
X-Scale
X-SB
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Rocket-Build-Number
X-S-Maxage
X-Rocket-Nginx-Serving-Static
X-SplitTest
X-SVT-ORM-RULES
X-Viewer-Country
X-VG-TLSProxy
X-VServer
X-WADP-Cache
X-Worker
X-Wix-Viewer-Type
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-V-Cache
X-Variation
X-Varnish-CookieHashed-On
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-JWT-State
X-Minions-Version
X-Loc
State
X-Has-Esi
X-Geo-Header
X-Gdpr
X-GeoIP
X-GeoIP-City
X-Gzip
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Policy
X-RateLimit-Limit-Second
X-Proxy-Cache-Info
X-Parent-Response-Time
X-Origin-Time
X-Nyt-Route
X-NodeID
X-Optimistic-Header
X-Origin
X-Origin-Expires
X-Gateway-Skip-Cache
X-Gateway-Request-Id
DSUID
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Fastly-SIE
Decoy-Debug-TTL
Decoy-Debug-Status
Origin-EX
Origin-CC
Datacenter
Decoy-Debug-Key
NM-Fastcgi-Cache
Fastly-SWR
L
L5d-Success-Class
NGX
Mail-Subject
Kp-EeAlive
IsBot
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
Memcached
CPC-Cache
Servername
Apple-News-Services-Host
Apple-News-Services-Handled
Server-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Host
X-Xrds-Location
Candidate-Md5Url
CPC-Age
Click-Count-Action-Start
Producers
Cmstype
Platform
Country-Code
Click-Count-Error
Cmsid
Cluster
Req-Svc-Chain
Adler-Geo
Release
X-Tec-Api-Version
X-Tec-Api-Root
X-Tx-Id
X-Tec-Api-Origin
X-Block-Status
X-Gen-Mode
X-Hnp-Log
X-Cache-Remote
Fastcgi-Cache-TTL
X-Varnish-Beresp-Status
Gh-Request-Id
X-Scheme
User-Cache-Control
AKAMAI
Sever-Int
CDCHOST
Svr
Server-Hostname
Server-Ext
X-INCAP-ABP
CloudFront-Viewer-Country
X-NCache
X-Fastly-Cache
X-Auto-Login
X-ZONE
X-NWS-UUID-VERIFY
X-LB-NoCache
X-Pod-Name
X-CMSURLCustom
Ec-Rule-Version
Canary
X-Udemy-Cache-App-Namespace
WebServer
X-Sucuri-Cache
Ssr
X-Sucuri-ID
Pics-Label
X-WP-CF-Super-Cache-Active
X-Cache-Debug
X-Tb-Optimization-Total-Bytes-Saved
SID
X-Buckets
X-Trace-ID
X-Var-Ttl
X-Ig-Push-State
X-ND-Cache
Memory
X-Cache-Date
X-ATG-Version
Time
Sid
X-Via-Popv
X-Fastly-Backend
X-Generated-In
X-Via-Poph
X-Conf
X-Via-Popn
X-Azure-Ref-OriginShield
X-FC-Vary-Parameters
X-Microcachable
X-Presslabs-Stats
AMP-Access-Control-Allow-Source-Origin
Server-ID
X-Servedbyhost
X-Refresh
X-Newrelic-App-Data
X-TRACE-ID
Fastly-Drupal-HTML
X-Akamai-Transformed
Fastly-Drupal-Html
X-Edge-Pop
Env
X-Dmc
X-Release
X-Cs
X-Yandex-Sdch-Disable
X-Fpc
X-MSEdge-Features
X-MSEdge-Flight
X-NC
X-Be
X-RateLimit-Reset
X-CS
X-DC
X-Nf-Request-Id
X-Esi
X-PX
X-Pass-Why
X-ID
X-Up
X-EC-Lua
X-MCACHE
X-Endurance-Cache-Level
X-Air-Source
X-Air-Trace-Id
Magicmarker
X-Air-Hostname
CDN
X-Tumblr-Pixel-3
X-Wikidot-Static-Cache
GeoIp-Country-Code
X-CACHE-AGE
X-Wa
My-App
X-Wikidot-Backend
X-Dispatch
X-Zone
X-VCL-Version
True-Client-IP
X-TX-ID
X-Lambda-Id
X-NGINX-Cache
X-Webkit-CSP-Report-Only
X-Srv
X-Hyper-Cache
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-CACHE-KEY
X-Vc
Pramga
X-Req
Hostname
X-CSRF-TOKEN
X-App
X-Alfa-Service
X-M-Reqid
X-Micro-Cache
X-M-Log
C-Via
X-Qnm-Cache
X-Varnish-Beresp-TTL
X-LB-ID
X-Air-Pt
X-TrackingId
True-Client-Ip
X-Vcl-Version
X-HS-Status
CacheControlHeader
N-Cache
Resin-Trace
X-Vercel-Id
Tcn
X-Vercel-Cache
Path
On-Server
X-PAYTM-SRV-ID
X-Platform
GeoIP-Country-Code
True-Client-Country-4JS
Fastcgi-X-Cache-Version
X-Edge-Origin-Shield-Region
X-TH-Server
X-Edge-Origin-Shield-Bytes
X-Op-Id-All
X-B3-Spanid
Tracecode
Esi-Enabled
X-Check-Cacheable
X-SERVER-NAME
Proxy-Connection
X-Vtex-Remote-Cache
GeoIP-Latitude
X-Vtex-Processado-Em
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
X-AIR-PT
X-PERF
X-API-Version
X-LAGOON
Hit
Section-Io-Origin-Status
X-FPC
X-Request-Start
X-GeoIP-Country-Code
X-SD-PageType
X-ApacheServer
X-GeoIP-Region-Code
X-Akamai-Pragma-Client-IP
Section-Origin-Responded
X-Node-Id
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Webkit-Csp-Report-Only
X-Mly-Id
X-Accel-Expires-Debug
X-Date
WWW-Authenticate
X-Datacenter
X-Via-CDN
X-Platform-Router
X-Geo
X-Platform-Cluster
Cache-Key
X-WA
X-Platform-Processor
Cdn
ENV
HIT
DynaTrace
Lb
X-Lb-Id
XkeyRZ
DT-Hot-News
YJS-ID
X-Edge-POP
X-Proxy-CacheRZ
Server-Id
X-ServedByHost
X-Render-Time
User-Agent
Yjs-Id
X-Cdn-Forward
X-Dw-Trace-Id
X-RAMCache
X-Proxy-Upstream
X-Traceid
X-Via-PopV
X-Via-PopN
X-VarnishDD-TTL
X-Via-PopH
XM
Server-Ttl
X-Via-Ucdn
X-HN
PFcat
Sm-Log-Id
X-Service-Response-Time
X-Cache-Ttl
X-CF-Powered-By
X-FORWARDED-FOR
X-LI-UUID
X-CUA
X-UA
FSS-Cache
X-LI-Proto
X-Old-Content-Length
X-Li-Pop
X-Instance-Name
X-Response-By
X-TT-LOGID
Dnion-Transfer-Encoding
X-Li-Fabric
Geoip-Latitude
X-Proxy-Cache-Hk
X-LiteSpeed-Cache-Control
PICS-Label
Location
Ohc-File-Size
XServer
X-DSS
X-Akamai-ERRuleID
Nginx-CQVIP
X-Akamai-ERPolicy
X-RPS
X-RSL
Powered-By
X-RPM
X-DW
X-DB
X-Fastly-Backend-Reqs
X-DI
X-LiteSpeed-Tag
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
SRV
MIME-Version
Wpo-Cache-Status
Wpo-Cache-Message
X-Ftr-Request-Id
X-Lb-Nocache
X-Webstats-RespID
X-Request-Url
Srvid
Vha6-Origin
X-Nc
Locid
M-TraceId
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-FL-EDGE
X-Cache-Backend
X-From
X-Location
X-HostName
X-Cdn-Request-ID
CountryCode
X-Cache-Ngx
X-Ips-Loggedin
Warning
X-Mg-Cache
WZWS-RAY
Fastcgi-Cache-Ttl
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Akamai-Request-ID
X-Snapshot-Date
X-Httpd
X-Cc-Via
X-Moov-Xdn-Version
X-Moov-T
X-MiniProfiler-Ids
X-HA-Backend
Req-ID