Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
X-Runtime
Alt-Svc
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
X-Ua-Compatible
Access-Control-Max-Age
X-Request-ID
X-Dns-Prefetch-Control
X-Via
Server-Timing
X-Cache-Group
X-Robots-Tag
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
P3p
X-Backend
X-Proxy-Cache
X-Amz-Id-2
X-Ws-Request-Id
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Akamai-Path-Stats
X-Rq
EagleId
X-Vhost
X-Varnish-Cache
Grace
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Page-Speed
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-OneAgent-JS-Injection
X-Server-Id
EagleEye-TraceId
X-Pingback
X-Cache-Spec
Request-Id
Surrogate-Control
Cf-Railgun
X-Akam-SW-Version
X-Backend-Server
Accept-CH
X-Readtime
X-Cache-Lookup
X-Response-Time
X-HW
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-Content-Security-Policy-Report-Only
Content-Location
X-Application-Context
X-Trace
Rating
Fastly-Restarts
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-WebKit-CSP-Report-Only
X-Country
X-Clacks-Overhead
X-Url
X-Edge
X-Amz-Server-Side-Encryption
X-MS-InvokeApp
X-Rack-Cache
Edge-Control
X-B3-TraceId
X-Ruxit-JS-Agent
X-Vname
X-TtlSet
X-PC
Accept-Ch
X-ESI
X-Content-Type
X-Vcap-Request-Id
X-Nginx-Upstream-Cache-Status
Xkey
X-Varnish-TTL
X-Mod-Pagespeed
X-Exp-Id
X-Kinja-Server
X-D2id
X-Cdn-Fetch
X-Amz-Rid
X-Exp-Variant
X-FastCGI-Cache
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-VARITI-CCR
X-Mcache
Verso
X-CST
X-GitHub-Request-Id
Cache-Tag
RTSS
X-Powered-By-Plesk
X-ECACHE
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-Cached
X-Upstream
X-Navigation-Version
X-Version
X-Client-IP
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Px
X-Ruxit-Js-Agent
X-Cnection
X-Ac
Public-Key-Pins
X-Ser
Arr-Disable-Session-Affinity
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
SPRequestGuid
X-SharePointHealthScore
X-Element-Page-Cache
X-Middleton-Display
X-Server-Name
Pagespeed
X-Sol
Display
SPIisLatency
SPRequestDuration
X-Cache-TTL
X-Country-Code
X-NWS-LOG-UUID
X-RateLimit-Remaining
X-Midtier
X-NF-Request-ID
X-Cache-Key
Permissions-Policy
X-Middleton-Response
Response
X-Ttl
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-Forwarded-For
Access-Control-Request-Method
Content-MD5
X-DataDome
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
Front-End-Https
X-MSEdge-Ref
X-Powered-CMS
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Edge-Cache-Tag
X-Recruiting
X-T
X-HP-Trace-Id
Nginx-Cache
X-HP-Webp
X-Jurisdiction
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
TP-Cache
AR-SID
TP-L2-Cache
X-Accel-Expires
X-RateLimit-Limit
TCN
X-Daa-Tunnel
X-Correlation-Id
MicrosoftSharePointTeamServices
X-Grace
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Id
X-Hits
X-TTL
X-Mg-S
X-Request-Received
X-Request-Processing-Time
Filters
Server-Node
X-Content-Digest
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
S
Server-Name
X-LLID
X-Frontend
X-Amzn-Trace-Id
X-Distributor
Cache-Status
X-Protected-By
X-Geo-Country
MS-Author-Via
Fastcgi-Cache
X-PressLabs-Stats
X-Fastly-Request-Id
X-LB-Cache
X-Language
X-Request-Handler-Origin-Region
X-Microsite
Cross-Origin-Opener-Policy
X-Origin-Server
X-Ezoic-Cdn
Host
X-FB-Debug
X-B3-Sampled
X-Forwarded-Proto
Charset
X-Seen-By
X-F-Cache
X-Ab
X-Ua-Browser
X-Page-Id
X-Amz-Meta-S3cmd-Attrs
X-Git-Hash
Payment
Filterid
X-Litespeed-Cache
X-ASPNET-VERSION
Count-Hit
Realpath
X-Ratelimit-Reset
X-Cache-Age
X-XRDS-Location
X-Cluster-Name
X-Erf-Bev-Bev
X-VCache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Origin-Cache
Accept-Charset
Cf-Apo-Via
Surrogate-Key
Cache-Tags
Alternate-Protocol
X-DynaTrace
X-NGENIX-Cache
X-Rid
X-Webkit-Csp
Retry-After
X-Activity-Id
X-Az
X-AppVersion
X-Template
Cleartype
X-Fastcgi-Cache
X-Www-Served-By
Access-Control-Allow-Method
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Varnish-Backend
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Node-Name
X-TT
X-Wix-Request-Id
X-Amz-Replication-Status
X-Type
X-Varnish-Grace
X-B
X-B-Cache
X-Signature
X-Tb
X-Debug
X-Upgrade-Enabled
X-Content
X-DIS-Request-ID
X-Proxy
X-App-Environment
X-Logged-In
X-Drupal-Cache-Tags
DC
ServerID
Paypal-Debug-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Frame-Options
X-Hostname
X-Envoy-Decorator-Operation
X-Mobile
X-Content-Options
X-Source
X-Load-Cache
X-Revision
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Fastly-Request-ID
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
X-Contextid
Country
X-N
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Magnolia-Registration
X-Cache-Rule
X-Whom
X-User-Agent
Referer-Policy
Viewport
X-EdgeConnect-Cache-Status
X-Ratelimit-Remaining
X-Response-Served-From
X-Original-Request-Id
Node
X-Restarts
NGB
Content-Disposition
Refresh
X-Varnish-Age
X-Debug-IsPreview
X-Cacheable-TTL
Access-Control-Request-Headers
X-Environment-Context
X-Debug-IsConnected
X-Page-View
X-Cache-TTL-Remaining
X-L-Path
X-Yottaa-Optimizations
X-Real-IP
X-Varnish-Server
X-Yottaa-Metrics
Uber-Trace-Id
VIX-Pulpo-Node
X-Adobe-Content
VIX-Pulpo-Upstream-Status
Url
X-Adobe-Loc
X-Servername
X-Unique-Id
X-Cache-Time
X-Framework
X-Mid
X-Mg-Request-UUID
X-Jobs
X-G
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-Is-Bot
X-Rendered-As
Akamai-GRN
X-Cache-Grace
X-Instance
X-Status
X-Drupal-Cache-Contexts
X-Server-ID
X-Content-Powered-By
X-Webkit-CSP
Countrycode
Version
X-App-Server
X-ProcessESI
X-COUNTRY
X-RemovedCookies
X-Debug-Info
X-Http-Reason
X-CDN-Forward
X-XRDS-LOCATION
Srv
Protected
X-IPLB-Instance
X-APP-VERSION
X-IPLB-Request-ID
X-Time
Accept-Language
X-Hosted-By
X-Nginx-Cache-Key
X-Ratelimit-Limit
X-Cache-Expired-At
X-Tt-Logid
X-Trace-Id
Healthy
X-Device-Type
Liferay-Portal
X-Via-JSL
Fastcgi-Useragent
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Azure-Ref
X-FW-Static
X-FW-Server
X-FW-Serve
X-Cache-Hit
X-FW-Type
X-FW-Hash
X-FW-Dynamic
Section-Io-Cache
X-Correlation-ID
X-Cache-NGX
X-Oracle-Dms-Ecid
X-UUID
MS-CV
Ms-Operation-Id
X-Oracle-Dms-Rid
X-RTag
X-Cache-Operation
X-Proxy-Cache-Status
Backend
X-Backend-Name
X-Mobile-URL
Server-Info
X-Storage
X-UPSTREAM-Address
Content-Secure-Policy
Load-Balancing
X-RN-RSRV
Meta-Geo
CF-IPCountry
X-Handled-By
X-Mode
X-Sql-Count
X-Sql-Duration-Ms
X-Datadome
X-Content-Age
X-HTML-Minification-Powered-By
Onion-Location
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
S-Rt
Locale
Property-Id
Eomportal-Instance
X-Alternate-Cache-Key
X-Section
X-SayCDN-TTL
X-LJ-Flow-ID
X-Varnishpool
X-Skip-Cache
X-Server-W
X-Forwarded-Host
X-Shopify-Stage
X-ShopId
X-ShardId
X-VWS-Id
X-Say-TTL
X-Origin-Hint
X-Origin-Date
X-OCL
X-No-Session
X-PCL
X-PHP-Backend
X-Say-Cacheable
X-Region
X-Proto
X-Format
X-Varnish-Hostname
X-Access
X-Adobe-Source
X-Akamai-Edgescape
X-Locale
WP-Super-Cache
Webcakes-Region
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
X-AWS-Id
X-Cache-Server
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Edge-Location
X-Varnish-Cache-Hits
X-Storefront-Renderer-Rendered
X-Site-Version
X-Cms-Context
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
TWC-Locale-Group
TWC-Device-Class
X-Zen-Fury
X-URL
X-Redis-Cache
Web-Mar-Node
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxied
X-Proxy-Build
X-Request-Time
Selected-Fe
X-Zipkin-Id
X-Xfnlog-Site
Mn-Server-Ip
GEO-INFO
X-ServerID
X-PHP-Host
X-BYPASS-REASON
X-Hl-Ver
X-FB-TRIP-ID
X-Generated-By
X-Generation-Time
X-GeoCountry
X-GeoCode
X-Extlb
X-Labrador-Cache-Channel
X-Cache-Host
X-Cache-Enabled
X-Cache-Type
X-Debug-Cache
X-Detected-As
X-Web-Node
X-Routing-Service
CDN-CachedAt
CDN-Cache
Azure-RegionName
CDN-PullZone
CDN-RequestCountryCode
X-Via-Fastly
X-Timing-Wait
Azure-SlotName
Azure-SiteName
Azure-Version
Azure-InstanceId
Apigw-Requestid
CDN-RequestId
CDN-EdgeStorageId
X-UA-Device-Type
X-VC-Cache
X-Uri
CDN-Uid
DB-Nickname
X-Varnish-Beresp-Grace
X-Tid
X-Cache-Status-Check
ServedBy
X-Cache-Action
X-Nginx-Cache
X-JoinUs
X-SaId
X-Rule
X-ECache
X-R9-Blue-Green-Version
X-LSADC-Cache
Cache-Name
X-Ms-Request-Id
X-Ms-Version
X-SRV
Cross-Origin-Resource-Policy
X-Ua
X-DynaTrace-JS-Agent
X-Human
X-Dc
Cache
X-FireWall-Port
X-Cache-Tags
SD-X-WS
Xet-Cookie
X-WP-CF-Super-Cache-Cache-Control
X-Cached-By
X-WP-CF-Super-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-App-Version
Source
Xserver
Cross-Origin-Window-Policy
LB
X-RCS-CacheZone
X-Aspnetmvc-Version
X-GEO
X-Via-NSCOPI
X-Cdn
WPO-Cache-Message
X-Varnish-Hits
WPO-Cache-Status
X-TNCMS
X-MP-GENERATED-AT
X-Loop
Origin
X-GG-Cache-Date
X-Reqid
X-IPS-LoggedIn
X-Origin-CC
X-Origin-TTL
X-B3-SpanId
X-Pubstack
X-Soup
X-Amzn-Remapped-Content-Length
X-TA-CDN-Provider
X-AOL-HN
X-NewRelic-App-Data
Cache-Hits
X-Api-Version
X-Tumblr-Pixel-2
X-FW-Version
X-Xrds-Location
Rip
From-Origin
Webserver
X-Service
X-Platform-Server
X-Newrelic-Synthetics
X-Vgn-Hpd-Reason
X-Cluster-Node
Upgrade-Insecure-Requests
X-Request-Host
DCR-Decision-By
Host-ID
DCR-Processing-Time-Ms
X-Forwarded-Path
X-NAPM-TraceId
Lang
Environment
X-External-Request-Id
X-Ec-GeoHdr
X-Ec-Fail
X-D
Rendered-Blocks
Redirect-Candidate
Expiry
X-Provided-By
Cdnsip
Sslversion
Ngx.Var.Host
BehaviorPad-Version
X-Orig-Expires
X-Destination
X-Developer
Odigeo-Trace-Id
X-Connection-Hash
X-Owner
T-Server
Cdncip
MD5-Digest
X-PBS-Appsvrname
Surrogated-Key
Meta-Geo-Continent
A
X-Rojux
X-ARC
X-Vdms-Path
X-B-Cookie
X-TIM-N
X-Shop-Environment
X-Origin-Response-Time
X-S-Cookie
X-Cache-NE
X-ScT
X-A
X-VG-WebCache
X-A-Dgt
X-A-Wwc
X-Tenant
X-Aed
X-A-Dcw
X-Vdms-Version
X-A-Ccd
X-A-Dam
X-SRCache-Key
X-S
X-Served-From
X-User
X-Rewrite-Enabled
X-Application
X-AK-Request-ID
Xc-Version
X-Processor
X-Accel-Buffering
X-Bc-Bl
X-BCube-Filmed-By
HostName
X-TIME
X-CSRF-Token
X-Cluster
Fastly-SSL
X-Varnish-Beresp-Ttl
OT-Force-Account-Verify
X-VC
X-Qloud-Router
Mobile-Detection-Method
X-Level-Front-Cache
Decoy-Debug-Status
Decoy-Debug-TTL
X-Irp-Debug
X-Thanos
X-Pool
X-Dispatcher-Number
Candidate-Md5Url
X-Wix-Viewer-Type
X-Generated-On
Decoy-Debug-Key
X-Forwarded-Site
X-Bip
X-Aicache-OS
X-Session-Fingerprint
Memcached
NGX
X-Developers
L5d-Success-Class
X-DPWN-IS-SECURE
X-BBC-Edge-Cache-Status
HA-Ipaddr
Ha-Gx-Prefs
X-Ec-Custom-Error
Gh-Request-Id
Is-Eu
IsBot
Machine
X-Auto-Login
NM-Fastcgi-Cache
L
Kp-EeAlive
X-Device-Os
X-Ad-Defer-Variation
X-Clientip
V-Age
TDXMobile
X-Cdn-Srv
Fastly-SWR
X-Cdn-Origin
Vix-Hermes-Req-Id
State
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Tube-Got-Eval
Tube-Get-Contents
Traceparent
Tube-Got-Results
Tube-Return
Thinkindot-Control
X-CGP
X-Ckpd-Fst-Backend
X-CacheTTL
Wxu-Next-Commit
X-Datadog-Sampling-Priority
Platform
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-DefElseHash
X-DefHash
Origin-CC
Origin-EX
Producers
Release
Servername
X-Core-Mission
Wxu-Next-Hostname
X-Core-Value
X-Csrf-Jwt
Req-Svc-Chain
Server-Host
Wxu-Next-Region
X-Branch-Name
X-Origin
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Request-URI
X-Rocket-Build-Number
X-SB
X-S-Maxage
X-Rocket-Nginx-Serving-Static
X-Policy
X-Planisys-CDN-TTL
X-Optimistic-Header
X-Nyt-Route
X-NodeID
Fastly-SIE
X-Origin-Time
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Parent-Response-Time
X-Scale
X-Sigma
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-Worker
X-WA-Info
X-VServer
X-V-Cache
X-Thinkindot-L3
X-Slack-Backend
X-SIPLIST1
X-Sigma-Backend
X-Sn-Servicetimems
X-SplitTest
X-NWS-UUID-VERIFY
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Minions-Version
X-Origin-Expires
Cache-Host
X-Gateway-Request-Id
Cache-Tv-Group
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
Apple-News-Services-Request-Url
X-Gdpr
Apple-News-Services-Handled
Apple-News-Services-Host
Click-Count-Action-Start
Click-Count-Error
DSUID
X-Fetched-On
X-Eu-Site
X-Epic-Correlation-Id
Country-Code
Cmstype
X-Gateway-Cache-Key
X-Gamma-Serve
Cmsid
Adler-Geo
Apple-News-Services-Parsed-Url
X-JWT-State
X-GeoIP-City
X-Has-Esi
X-Hash
X-INCAP-ABP
X-Is-Gdpr
X-Loc
X-GeoIP
X-Geo-Header
X-Tx-Id
X-Cache-Remote
X-Cache-Id
X-Mvc-Supplant-OutputCached
X-Cache-Bucket
X-Fmm-Version
X-Fastly-Cache
X-NCache
X-Esi-Check
X-WADP-Cache
X-Viewer-Country
X-Hnp-Log
X-Clara-WADP
X-Scheme
X-Mvc-Supplant-Cachable
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Cache-Info
X-Proxy-Cache-Info
X-HS-Content-Campaign-Id
X-Gen-Mode
X-Gzip
X-Pod-Name
X-Block-Status
User-Cache-Control
CloudFront-Viewer-Country
Svr
Cluster
CPC-Age
Mail-Subject
Sever-Int
CDCHOST
Server-Ext
Server-Hostname
Fastcgi-Cache-TTL
CPC-Cache
Fastly-GeoIP-CountryCode
X-Tec-Api-Origin
Web-Mar-Region
Fastly-Backend-Name
X-Tec-Api-Root
X-Tec-Api-Version
We-Hiring
VNS-Cache
Datacenter
AKAMAI
VNS-Age
Mime-Version
X-Varnish-Beresp-Status
X-LB-NoCache
X-Varnish-Ttl
WebServer
Ec-Rule-Version
X-Udemy-Cache-App-Namespace
X-Cache-Date
X-ZONE
X-CMSURLCustom
Ssr
X-Ig-Push-State
Canary
Pics-Label
SID
X-Microcachable
X-Yandex-Sdch-Disable
X-Conf
Sid
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Debug
Time
X-Generated-In
X-Sucuri-ID
Memory
X-Via-Poph
X-Azure-Ref-OriginShield
Fastly-Drupal-Html
X-Via-Popv
X-Via-Popn
X-ND-Cache
X-Sucuri-Cache
X-WP-CF-Super-Cache-Active
X-FC-Vary-Parameters
X-Fastly-Backend
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Presslabs-Stats
X-Edge-Pop
X-Refresh
X-Servedbyhost
Server-ID
X-ATG-Version
X-Dmc
X-Var-Ttl
X-Newrelic-App-Data
X-TRACE-ID
X-Be
X-Akamai-Transformed
X-MSEdge-Flight
X-MSEdge-Features
X-RateLimit-Reset
X-Trace-ID
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
Fastly-Drupal-HTML
Env
X-Fpc
X-Release
X-NC
X-CS
X-Buckets
X-Cs
X-Esi
X-PX
X-MCACHE
X-Zone
X-ID
X-Wikidot-Backend
X-Endurance-Cache-Level
X-EC-Lua
X-Wikidot-Static-Cache
Magicmarker
CDN
X-DC
X-CACHE-AGE
GeoIp-Country-Code
X-Pass-Why
X-Tumblr-Pixel-3
X-Up
X-Srv
X-Hyper-Cache
X-TX-ID
X-Dispatch
My-App
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Wa
True-Client-IP
X-Webkit-CSP-Report-Only
X-NGINX-Cache
X-M-Log
X-App
X-VCL-Version
X-Micro-Cache
Pramga
X-M-Reqid
X-Nf-Request-Id
X-Lambda-Id
X-Vc
X-CACHE-KEY
X-Alfa-Service
C-Via
X-CSRF-TOKEN
X-Qnm-Cache
Hostname
X-Req
N-Cache
X-TrackingId
X-Varnish-Beresp-TTL
X-Edge-Origin-Shield-Region
X-Platform
Resin-Trace
X-Air-Pt
X-Edge-Origin-Shield-Bytes
X-PAYTM-SRV-ID
True-Client-Ip
On-Server
Path
X-Vcl-Version
Fastcgi-X-Cache-Version
CacheControlHeader
X-Vercel-Cache
GeoIP-Country-Code
Esi-Enabled
X-Check-Cacheable
X-Vercel-Id
X-TH-Server
Tcn
X-LB-ID
X-HS-Status
X-AIR-PT
X-Vtex-Processado-Em
Tracecode
X-Vtex-Remote-Cache
GeoIP-Latitude
True-Client-Country-4JS
X-Akamai-Pragma-Client-IP
X-PERF
X-SERVER-NAME
NtCoent-Length
X-ApacheServer
X-LAGOON
X-Request-Start
X-Op-Id-All
X-Node-Id
X-API-Version
X-SD-PageType
Proxy-Connection
X-B3-Spanid
Cdn
X-CLOUD-TRACE-CONTEXT
Hit
Cache-Key
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
HIT
Section-Io-Origin-Status
X-FPC
X-Webkit-Csp-Report-Only
DT-Hot-News
X-WA
X-Mly-Id
X-Datacenter
ENV
X-Platform-Processor
X-Platform-Cluster
X-Via-CDN
DynaTrace
X-Platform-Router
X-Proxy-CacheRZ
X-Render-Time
XkeyRZ
X-Geo
X-Dw-Trace-Id
X-GeoIP-Region-Code
Server-Id
X-Traceid
Lb
PFcat
WWW-Authenticate
YJS-ID
X-HN
X-VarnishDD-TTL
X-Via-Ucdn
X-Proxy-Upstream
X-Edge-POP
X-ServedByHost
X-Lb-Id
User-Agent
XM
X-GeoIP-Country-Code
X-Cdn-Forward
X-Proxy-Cache-Hk
X-Accel-Expires-Debug
Server-Ttl
X-LiteSpeed-Cache-Control
X-Date
X-Via-PopV
X-Via-PopH
X-RAMCache
X-Via-PopN
X-FORWARDED-FOR
X-LI-Proto
Geoip-Latitude
X-Li-Pop
X-LI-UUID
X-Li-Fabric
Dnion-Transfer-Encoding
MIME-Version
X-Cache-Ttl
Yjs-Id
X-TT-LOGID
SRV
X-CUA
X-LiteSpeed-Tag
X-CF-Powered-By
PICS-Label
FSS-Cache
X-Cache-Backend
X-Nc
Location
X-Akamai-ERPolicy
X-RSL
Vha6-Origin
M-TraceId
XServer
Sm-Log-Id
X-Old-Content-Length
X-Ftr-Request-Id
X-Instance-Name
X-Response-By
X-RPS
X-RPM
X-Fastly-Backend-Reqs
X-Akamai-ERRuleID
Nginx-CQVIP
X-DB
X-DI
Ohc-File-Size
X-DW
X-DSS
X-Service-Response-Time
X-UA
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache
Wpo-Cache-Status
Wpo-Cache-Message
X-Lb-Nocache
Powered-By
X-Cc-Via
X-IN-APIGATEWAYSSL
X-Fastly-Cache-Hits
X-HA-Backend
X-B3-ParentSpanId
X-Request-Url
X-IN-APIGATEWAY
X-HostName
X-Akamai-Request-ID
X-Cdn-Request-ID
X-Httpd
X-Cache-Ngx
Warning
CountryCode
Locid
X-From
X-Location
X-FL-EDGE
Srvid
X-Mg-Cache
X-Snapshot-Date
Ohc-Cache-HIT
Req-ID
Fastcgi-Cache-Ttl
X-Server-IP
X-MiniProfiler-Ids
X-Moov-Xdn-Version
X-Serial
Uri
X-Moov-T
WZWS-RAY