Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
CF-RAY
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Cache-Hits
X-UA-Compatible
P3P
CF-Ray
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Dns-Prefetch-Control
X-Request-ID
X-Drupal-Dynamic-Cache
Feature-Policy
Server-Timing
X-Content-Security-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
Upgrade
X-AspNetMvc-Version
P3p
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Request-Context
X-Turbo-Charged-By
X-Backend
X-Cache-Group
X-Robots-Tag
X-AH-Environment
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-UA-Device
X-Proxy-Cache
X-Vhost
X-Server
X-Rq
Allow
X-Server-Powered-By
X-Ws-Request-Id
X-Age
X-Dispatcher
X-Varnish-Cache
EagleId
X-Amz-Version-Id
X-LiteSpeed-Cache
Nel
Grace
Cf-Apo-Via
Cf-Railgun
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Node
Accept-CH
X-Cache-Lookup
X-CST
X-WebKit-CSP
X-Backend-Server
Surrogate-Control
X-Server-Id
X-Readtime
Permissions-Policy
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Request-Id
X-Application-Context
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Response-Time
X-HW
X-Ua-Compatible
Xkey
X-Trace
X-Ruxit-JS-Agent
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Rating
Accept-Ch-Lifetime
X-ESI
X-Midtier
X-Amz-Server-Side-Encryption
X-Url
X-ECACHE
X-Mcache
X-Aspnetmvc-Version
Cache-Tag
X-Country
X-MS-InvokeApp
X-Upstream
X-Rack-Cache
X-D2id
X-Powered-By-Plesk
X-Vcap-Request-Id
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
Verso
X-Element-Page-Cache
Accept-Ch
Edge-Control
Service-Worker-Allowed
X-TtlSet
X-Vname
X-PC
RTSS
X-Oneagent-Js-Injection
X-Ac
X-Country-Code
Origin-Trial
X-Webkit-CSP
X-VARITI-CCR
X-Navigation-Version
X-Goog-Hash
X-Abt-Application-Version
Fastly-Restarts
X-Cache-TTL
X-Ruxit-Js-Agent
X-WebKit-CSP-Report-Only
X-GitHub-Request-Id
X-Varnish-TTL
X-Browser-Type
X-Cached
X-Amz-Rid
X-Kinja-CCPA
Cross-Origin-Opener-Policy
Display
X-Middleton-Display
X-Sol
Pagespeed
X-Server-Name
X-NWS-LOG-UUID
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
SPRequestGuid
X-SharePointHealthScore
X-Content-Type
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Times
SPIisLatency
SPRequestDuration
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Powered-CMS
AR-PoweredBy
AR-ATIME
AR-SID
X-Cache-Key
AR-Request-ID
X-Ttl
X-Mg-S
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-B3-Traceid
Arr-Disable-Session-Affinity
X-Middleton-Response
Response
X-FastCGI-Cache
X-Litespeed-Cache
X-Client-IP
X-Fastly-Request-ID
X-Version
X-Cnection
X-Jurisdiction
X-HP-Webp
X-Ser
X-HP-Trace-Id
Nginx-Cache
AR-CACHE
X-Accel-Expires
Cache-Tags
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Server-ID
X-T
Cache-Status
Edge-Cache-Tag
X-B3-TraceId
Front-End-Https
X-MSEdge-Ref
X-Hits
X-Px
Public-Key-Pins
X-NF-Request-ID
X-Recruiting
Payment
S
X-LLID
X-Frontend
X-RateLimit-Remaining
X-Ua-Browser
X-Shield-Request-Id
Server-Node
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Request-Processing-Time
X-Request-Received
X-Daa-Tunnel
Content-MD5
X-Goog-Metageneration
X-GUploader-UploadID
X-TTL
X-DIS-Request-ID
X-RateLimit-Limit
Access-Control-Request-Method
MicrosoftSharePointTeamServices
X-PressLabs-Stats
X-Amzn-RequestId
X-Content-Digest
X-Amz-Apigw-Id
TP-Cache
X-Ratelimit-Remaining
Realpath
X-Webkit-CSP-Report-Only
X-Protected-By
X-Microsite
X-HS-Cache-Config
X-HS-Combine-CSS
X-Distributor
X-Forwarded-For
X-Request-Handler-Origin-Region
X-HS-Content-Id
X-HS-Hub-Id
X-FB-Debug
Fastcgi-Cache
Access-Control-Allow-Method
X-Page-Id
X-LB-Cache
X-Cluster-Name
Accept-Charset
X-Rid
X-Geo-Country
TP-L2-Cache
X-Hostname
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Ratelimit-Limit
X-B3-Sampled
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Aspnet-Version
Count-Hit
X-Fastcgi-Cache
X-Ua-Device
X-Ezoic-Cdn
X-Seen-By
Cross-Origin-Resource-Policy
Cleartype
TCN
X-Kinsta-Cache
X-Newrelic-App-Data
X-App-Server
X-Edge-Location-Klb
Referer-Policy
X-Xrds-Location
X-Varnish-Backend
X-Logged-In
X-Mobile
DC
X-Content-Options
X-Correlation-Id
X-Id
X-Git-Hash
X-Hosted-By
X-Origin-Cache
X-Contextid
X-Fb-Rlafr
X-Debug-Info
X-Amz-Replication-Status
X-Providence-Cookie
X-Request-Guid
X-Revision
X-Is-Crawler
X-Route-Name
X-Flags
X-Grace
X-Aspnet-Duration-Ms
Surrogate-Key
Retry-After
X-App-Environment
X-TT
X-IPS-LoggedIn
X-Varnish-Grace
Frame-Options
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-Envoy-Decorator-Operation
X-F-Cache
X-TEC-API-ORIGIN
X-Azure-Ref
X-TEC-API-VERSION
X-TEC-API-ROOT
Section-Io-Cache
X-Magnolia-Registration
X-Whom
X-Wix-Request-Id
MS-Author-Via
Healthy
Alternate-Protocol
Charset
X-Origin-Server
X-Proxy-Cache-Info
X-Akamai-Edgescape
Viewport
X-App-Version
X-Www-Served-By
X-RateLimit-Reset
X-Nf-Request-Id
X-COUNTRY
X-Backend-Name
X-Webkit-Csp
X-Language
Amp-Access-Control-Allow-Source-Origin
X-Activity-Id
X-AppVersion
X-Az
Paypal-Debug-Id
X-B
X-Varnish-Server
SRV
Filterid
WPO-Cache-Message
WPO-Cache-Status
X-Response-Served-From
X-Datadog-Parent-Id
VIX-Pulpo-Upstream-Status
X-Datadog-Sampling-Priority
X-Http-Reason
Host
X-DataDome
SD-X-WS
X-Datadog-Trace-Id
X-Original-Request-Id
X-Cache-Rule
VIX-Pulpo-Node
Akamai-GRN
Server-Name
X-Cache-Grace
Front
X-Edge-Location
X-User-Agent
X-UUID
X-Instance
X-Akamai-Request-ID2
X-Rule
X-L-Path
X-Cacheable-TTL
X-ARC
X-Environment-Context
X-Varnish-Age
From-Origin
Country
Protected
X-Unique-Id
X-Status
X-Kong-Proxy-Latency
X-Time
X-Jobs
X-Kong-Upstream-Latency
X-Region
X-FW-Version
X-Is-Bot
X-Load-Cache
X-N
X-FW-Type
X-Rendered-As
X-Vcache
X-FW-Server
X-Rocket-Nginx-Serving-Static
X-FW-Dynamic
X-FW-Hash
X-EdgeConnect-Cache-Status
Fastly-SIE
Fastly-SWR
X-Framework
X-Adobe-Content
X-Adobe-Loc
X-FW-Serve
X-FW-Static
X-Page-View
X-G
X-Client-Ip
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tumblr-User
X-Type
ServerID
X-ProcessESI
X-RemovedCookies
X-Cache-Time
X-Tec-Api-Version
X-Proxy
X-Tec-Api-Root
X-Tec-Api-Origin
X-Trace-Id
Content-Disposition
X-Mg-Request-UUID
Access-Control-Request-Headers
X-Datadog-Sampled
X-Signature
X-B-Cache
X-Debug-IsConnected
X-Debug-IsPreview
X-Amzn-Remapped-Content-Length
X-CDN-Forward
X-Cache-Age
X-Cache-Control
Backend
X-ECache
X-WP-CF-Super-Cache-Cache-Control
X-URL
X-WP-CF-Super-Cache
Countrycode
Refresh
X-Drupal-Cache-Tags
X-Nginx-Cache
X-Servername
X-DynaTrace
Accept-Language
X-Httpd
X-Erf-Web-Scheduler
Url
Xet-Cookie
X-DynaTrace-JS-Agent
X-Generated-By
X-Tt-Trace-Host
CF-IPCountry
X-Tt-Trace-Tag
X-HTML-Minification-Powered-By
X-Source
X-XRDS-Location
X-Template
Webserver
X-Mode
X-Device-Type
X-Content-Powered-By
X-NYM-Debug-Backend
Xserver
Version
X-Storage
GEO-INFO
X-JoinUs
X-ServerID
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
OT-Force-Account-Verify
X-UPSTREAM-Address
X-GeoCode
X-Urbn-Site-Id
X-Cache-Action
X-Director
X-Cache-Operation
Filters
Load-Balancing
X-GeoCountry
Locale
X-Urbn-Context-Path
Meta-Geo
X-SaId
X-LAGOON
X-Content-Age
S-Rt
X-Rewrite-Enabled
X-Rn-Rsrv
X-Varnish-Cache-Hits
X-Varnish-Hostname
X-Cluster-Node
X-Forwarded-Host
Onion-Location
X-Soup
X-Cache-Hit
X-Tncms
X-PHP-Host
X-Ms-Request-Id
X-Detected-As
X-Container-Uri
X-Ms-Version
Azure-RegionName
X-Adobe-Source
Web-Mar-Node
Azure-InstanceId
X-RM-Cache-TTL
X-Served-From
X-VCT
Azure-SlotName
X-Labrador-Cache-Channel
X-Cache-Server
X-Lambda-Id
X-Loop
X-Tt-Logid
Azure-SiteName
X-Tb
X-VC-Cache
Azure-Version
X-Git-Commit
Mn-Server-Ip
DB-Nickname
Cross-Origin-Window-Policy
Node
X-R9-Blue-Green-Version
X-Routing-Service
X-Proxied
X-Proto
X-Skip-Cache
X-Sql-Count
X-XRDS-LOCATION
X-Zipkin-Id
X-Sql-Duration-Ms
X-Logging-Id
X-RCS-CacheZone
X-Extlb
X-FB-TRIP-ID
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Generation-Time
X-Timing-Wait
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Uri
TWC-GeoIP-LatLong
X-Tumblr-Pixel-2
TWC-Locale-Group
X-Format
Webcakes-App-Name
X-Origin-Hint
X-Fetched-On
X-Proxy-Build
TWC-Privacy
Webcakes-Region
X-Debug
X-Tumblr-Pixel-3
Webcakes-App-Version
X-MCACHE
Property-Id
Fastcgi-Useragent
Selected-Fe
Uber-Trace-Id
X-LSADC-Cache
X-Endurance-Cache-Level
X-Zen-Fury
X-Ua
X-Redis-Cache
Source
X-Ratelimit-Reset
X-Sucuri-ID
X-Sucuri-Cache
X-Srv
X-NGENIX-Cache
X-B3-SpanId
Section-Io-Origin-Status
Section-Io-Id
X-Drupal-Cache-Contexts
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
CDN-RequestId
X-S
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Origin-Date
X-Pass-Why
X-MP-GENERATED-AT
X-Upgrade-Enabled
Fastly-Drupal-HTML
X-Cache-Expired-At
X-Origin-TTL
X-Varnish-Hits
X-Origin-CC
X-TimeS
X-FTR-Request-ID
Upgrade-Insecure-Requests
Liferay-Portal
NGB
X-Real-IP
X-Newrelic-Synthetics
X-Akamai-Transformed
X-Handled-By
X-CACHE-AGE
X-GEO
X-Optimistic-Header
X-Cache-TTL-Remaining
X-UA-Device-Type
X-Cms-Context
Apigw-Requestid
X-Reqid
X-Xfnlog-Site
X-Via-JSL
X-Restarts
X-Node-Name
X-Correlation-ID
X-Cache-Type
X-Hl-Ver
ServedBy
X-CSRF-Token
X-ProxyCache-Key
MS-CV
Ms-Operation-Id
X-BYPASS-REASON
CDN-Uid
CDN-CachedAt
CDN-EdgeStorageId
X-ProxyCache-Status
CDN-Cache
X-Cache-Host
CDN-RequestPullSuccess
X-Pubstack
CDN-PullZone
CDN-RequestPullCode
CDN-RequestCountryCode
X-RTag
X-No-Session
X-ID
X-Varnish-Ttl
X-Parent-Response-Time
X-AWS-Id
X-IPLB-Instance
X-IPLB-Request-ID
X-VWS-Id
X-LJ-Flow-ID
WP-Super-Cache
X-Cluster
X-Server-W
Fastly-SSL
Odigeo-Trace-Id
DCR-Processing-Time-Ms
DCR-Decision-By
Ngx.Var.Host
BehaviorPad-Version
Canary
Candidate-Md5Url
Gannett-Cam-Experience-Id
L
MD5-Digest
X-Tx-Id
Magicmarker
L5d-Success-Class
Meta-Geo-Continent
HA-Ipaddr
Lang
N-Cache
Ha-Gx-Prefs
X-A-Dcw
X-Ec-GeoHdr
X-Ec-Fail
X-Epic-Correlation-Id
X-Eu-Site
X-Request-Host
X-External-Request-Id
X-Ec-Custom-Error
X-Dispatcher-Number
X-Debug-Cache-Fetch
X-D
X-Debug-Cache-Store
X-Destination
X-Developer
X-Rojux
X-S-Cookie
X-Vtex-Remote-Cache
X-Viewer-Country
X-We-Are-Hiring
X-Worker
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-SD-PageType
X-ScT
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-SRCache-Key
X-Csrf-Jwt
X-Conf
W
Vix-Hermes-Req-Id
Web-Mar-Region
X-A
X-A-Ccd
True-Client-Country-4JS
T-Server
Rendered-Blocks
Redirect-Candidate
Server-Host
Sslversion
Surrogated-Key
X-A-Dam
X-A-Dgt
X-CacheTTL
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-CGP
X-Bl-Debug
X-BCube-Filmed-By
X-Aed
X-A-Wwc
X-App
X-Application
X-B-Cookie
Origin-Agent-Cluster
X-Bc-Bl
X-AB
X-Proxy-Cache-Status
X-Node-Id
X-NodeID
X-Nyt-Route
Release
X-Old-Content-Length
Req-Svc-Chain
X-Nitro-Cache
TDXMobile
X-Mvc-Supplant-Cachable
X-Mly-Id
VNS-Age
X-Nananana
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Producers
X-Orig-Expires
X-Qloud-Router
X-Pool
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Refresh
Is-Eu
X-Policy
Mail-Subject
Origin
VNS-Cache
X-Origin-Time
X-Owner
X-Platform
X-PAYTM-SRV-ID
X-Org
We-Hiring
X-Clientip
X-CMSURLCustom
X-Core-Mission
X-B3-Spanid
X-Gdpr
X-Cdn-Diag
X-Cdn-Origin
X-Core-Value
X-Forwarded-Path
X-DefHash
X-DPWN-IS-SECURE
X-DefElseHash
X-Fastly-Backend
X-FC-Vary-Parameters
X-Date
X-Generated-On
X-Geo-Header
X-Human
X-Alternate-Cache-Key
X-Hash
X-Accel-Expires-Debug
X-Level-Front-Cache
X-Request-Time
X-Loc
X-App-Name
X-BBC-Edge-Cache-Status
X-Cache-Debug
X-Cache-Info
X-Cache-Bucket
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Bip
X-Mid
Platform
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Tenant
X-S-Maxage
AKAMAI
X-VServer
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Wikidot-Static-Cache
Cmsid
X-Wikidot-Backend
Cf-Device-Type
X-Micro-Cache
X-Sorting-Hat-PodId
X-Vmg-Version
Adler-Geo
X-Var-Ttl
X-Up
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnishpool
X-VG-TLSProxy
X-Test
X-Cache-Status-Check
X-Thanos
X-Thinkindot-L3
X-VG-WebCache
Cmstype
Cache-Provider
Datacenter
Fastly-GeoIP-CountryCode
CPC-Cache
X-Shopify-Stage
X-ShopId
Environment
X-Sn-Servicetimems
Expect-Staple
Fastly-Backend-Name
X-ShardId
X-Shop-Environment
Content-Secure-Policy
Gh-Request-Id
CPC-Age
Host-ID
X-Server-IP
X-TIME
User-Cache-Control
X-Hnp-Log
X-PERF
X-Cdn-Srv
X-INCAP-ABP
X-Irp-Debug
X-Accel-Buffering
Machine
X-Geo-Region
X-Block-Status
X-GeoIP
X-Dispatcher-Server
X-Gzip
X-Auto-Login
X-ApacheServer
Esi-Enabled
X-Gen-Mode
X-Akamai-Device-Characteristics
X-Clara-WADP
X-WADP-Cache
CDCHOST
X-Nginx-Cache-Key
X-Cache-Id
X-Origin
Sever-Int
X-Device-Os
CloudFront-Viewer-Country
X-Wix-Viewer-Type
Server-Ext
X-Fmm-Version
Server-Hostname
Cache-Name
X-From
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
NM-Fastcgi-Cache
Country-Code
Apple-News-Services-Request-Url
X-WA-Info
X-Esi-Check
X-Mvc-Supplant-OutputCached
DSUID
X-TraceId
X-Vcl-Version
X-Instance-Name
X-Forwarded-Site
Wxu-Next-Commit
X-NCache
X-Cache-Enabled
C-Via
Wxu-Next-Hostname
X-AIR-PT
Ssr
Pics-Label
X-Op-Id-All
Server-Info
X-Origin-Response-Time
Wxu-Next-Region
X-Section
X-Datadome
X-LB-NoCache
NGX
X-Access
X-Dc
X-Fastly-Request-Id
X-Vgn-Hpd-Reason
Server-ID
X-Via-Fastly
X-Amz-Meta-Cb-Modifiedtime
X-Accel-Version
X-API-Version
AMP-Access-Control-Allow-Source-Origin
X-HA-Backend
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Varnish-Beresp-Grace
Memcached
X-CACHE-GROUP
X-Varnish-Beresp-Ttl
X-Is-Desktop
X-Buckets
X-Is-Tablet
X-Is-Supported-Browser
X-Browser-Name
X-Is-Mobile
X-Tcp-Rtt
Cdn-Requestid
Hostname
Memory
Time
X-Platform-Processor
X-Scale
IsBot
X-Platform-Router
Origin-CC
X-SIPLIST1
Origin-EX
Cache-Hits
Sid
X-Platform-Cluster
X-Air-Trace-Id
X-PHP-Backend
X-Zone
X-TIM-N
Location
X-Air-Hostname
X-B3-Parentspanid
X-ZONE
YJS-ID
X-Tb-Optimization-Total-Bytes-Saved
X-Wp-Cf-Super-Cache-Active
CF-Ctrl
X-Air-Source
X-Presslabs-Stats
X-WP-CF-Super-Cache-Active
X-Fpc
X-Cached-By
X-Backend-Instance
X-Internal-Host
X-Frame-Option
X-Origin-Cache-Key
X-Hyper-Cache
Resin-Trace
X-Azure-Ref-OriginShield
X-DC
X-Cs
X-TA-CDN-Provider
GeoIP-Latitude
Uri
X-VC
True-Client-Ip
X-Origin-Expires
X-DataCenter
X-Site-Version
Epwk-X-Cache
X-Microcachable
X-Webstats-RespID
X-Service
Cache-Host
X-LiteSpeed-Cache-Control
LB
GeoIP-Country-Code
X-FTR-Backend
X-Info
X-FTR-Cache-Status
X-FTR-Expires
X-Nitro-Cache-From
X-NGINX-Cache
X-FTR-Balancer
X-Nitro-Rev
X-FTR-Backend-Server
X-Country-Code-Real
XM
X-Locale
X-Web-Node
GeoIp-Country-Code
PFcat
X-VarnishDD-TTL
X-HN
Cdn
X-Pod-Name
X-VCache
Cdn-Host
X-Datacenter
X-Ad-Defer-Variation
Cdn-Request-Time
XServer
X-CS
X-Edge-Server
User-Agent
NtCoent-Length
X-Cache-Ttl
X-NewRelic-App-Data
X-CSRF-TOKEN
Req-ID
A
X-NMSegId
M-TraceId
True-Client-IP
X-Via-Edge
WZWS-RAY
X-Via-SSL
X-Via-CDN
X-FL-EDGE
Srvid
Locid
X-FL-QIT-DEBUG
Edge-Copy-Time
X-Geo
X-Vercel-Id
WebServer
X-Vercel-Cache
X-TRACE-ID
X-Ad-Load-Variation
X-SRV
SID
X-M-Log
X-M-Reqid
X-Request-Start
X-FPC
X-Contensis-Viewer-Groups
X-MSEdge-Flight
X-Moov-T
X-Moov-Xdn-Version
X-Cache-ASPX
X-Pad
X-MSEdge-Features
X-ATG-Version
X-Scope-Id
Cluster
Fastly-Drupal-Html
Pramga
X-Varnish-Authentication
X-FireWall-Port
Tcn
X-HostName
Cache-Key
X-LiteSpeed-Tag
X-Varnish-Beresp-Status
X-Shield-Cache-Expires
X-Qnm-Cache
X-NWS-UUID-VERIFY
X-Request-URI
X-Api-Version
CountryCode
X-APP-VERSION
Cf-Ipcountry
HostName
X-Cdn-Request-ID
Path
X-Amz-Meta-Opti
Edge-Cache
X-Air-Pt
Content-Style-Type
Content-Script-Type
Cdnsip
X-AK-Request-ID
X-Cache-Date
Cdncip
X-Esi
Cache-Tv-Group
Wpo-Cache-Message
X-Branch-Name
X-TH-Server
Wpo-Cache-Status
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Render-Time
X-Via-Poph
Yak-Timeinfo
X-Req
X-SB
X-Wa
X-Proxy-CacheRZ
X-HS-Content-Campaign-Id
X-Platform-Server
XkeyRZ
X-Via-Popn
X-Via-Popv
X-Servedbyhost
X-V-Cache
X-Nc
X-Planisys-CDN-Cache
X-Acquia-Purge-Cdn-Unconfigured
Tube-Got-Results
X-WP-CF-Super-Cache-Cookies-Bypass
X-Github-Request-Id
X-Aicache-OS
X-Cache-FS-Status
X-B3-Trace-ID
Tube-Got-Eval
Tube-Return
State
Click-Count-Action-Start
X-LB-ID
Tube-Get-Contents
Click-Count-Error
CDN
X-Rebelmouse-Cache-Control
X-Upstream-Ct
X-Upstream-Ht
X-Rebelmouse-Surrogate-Control
X-CACHE-KEY
X-VCL-Version
Geoip-Latitude
V-Age
X-Wp-Cf-Super-Cache-Cache-Control
X-Tim-N
X-Fastly-Cache
X-Release
X-Cdn-Forward
Srv
X-Vgn-Hpd-Cached
On-Server
Proxy-Connection
X-Men
X-Vary
X-Vgn-Hpd-Variations-Key
X-Wp-Cf-Super-Cache
X-Akamai-Pragma-Client-IP
X-Vgn-Hpd-Ssi
X-Lb-Cache
MIME-Version
X-HS-Status
X-Sigma-Backend
Ohc-File-Size
X-Sigma
X-User
CF-Cached-On
X-Dw-Trace-Id
Ngx-Var-Key
Lb
X-Cache-Remote
X-Rocket-Build-Number
X-Generated-In
X-Traceid
Server-Id
X-Ha-Backend
X-UA
X-TT-LOGID
X-Acquia-Application-UUID
X-Acquia-Site
X-Fastly-Backend-Reqs
X-Acquia-Purge-Tags
PICS-Label
My-App
Warning
X-Via-Ucdn
Cache
X-EC-Lua
X-Acquia-Application-Trace
Ohc-Cache-HIT
X-CUA
X-Lb-Nocache
X-Iplb-Request-Id
Yjs-Id
X-Iplb-Instance
X-TX-ID
Mime-Version
X-Litespeed-Cache-Control
X-Fastly-Cache-Hits
X-Snapshot-Date
Vha6-Origin
Inserted-Into-Cache-At
X-GeoIP-City
X-Scheme
CACHE-MISS-TO-ORIGIN
X-GoCache-CacheStatus
X-Cached-Since
X-ElasticPress-Query
Cneonction
X-CF-Cache-Header-Cache-Control
X-CF-Cache-Header-Vary
X-Miniprofiler-Ids
X-RAMCache
Ngx
Log-Origin
X-Gamma-Serve
X-Udemy-Cache-App-Namespace