Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-Id
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-CDN
X-AspNetMvc-Version
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-WebKit-CSP
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
Cf-Apo-Via
X-Device
Cf-Railgun
X-Server-Id
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
X-Akam-SW-Version
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Ruxit-JS-Agent
X-Readtime
X-Cache-Lookup
X-HW
Accept-CH-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-CST
X-Edge
X-WebKit-CSP-Report-Only
Content-Location
X-Content-Type
X-Country
Accept-Ch-Lifetime
X-Mcache
X-Url
X-MS-InvokeApp
X-Clacks-Overhead
Rating
X-ECACHE
X-Midtier
X-TtlSet
X-PC
X-Vname
X-Amz-Server-Side-Encryption
X-Litespeed-Cache
X-VARITI-CCR
RTSS
Cache-Tag
X-Vcap-Request-Id
X-D2id
X-B3-TraceId
Origin-Trial
X-Element-Page-Cache
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Kinja-Revision
X-Server-Name
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Ac
Verso
X-Rack-Cache
X-Varnish-TTL
X-ESI
X-Cnection
X-Cache-TTL
Service-Worker-Allowed
X-GitHub-Request-Id
X-Powered-By-Plesk
X-Navigation-Version
X-Ttl
Xkey
X-Abt-Application-Version
X-Client-IP
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-NWS-LOG-UUID
Edge-Control
X-Cached
Arr-Disable-Session-Affinity
X-Mg-S
X-Px
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Browser-Type
SPRequestDuration
SPIisLatency
X-Upstream
X-Correlation-Id
Display
Pagespeed
X-Sol
X-Middleton-Display
Content-MD5
X-Dw-Request-Base-Id
X-Cache-Key
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastcgi-Cache
X-NF-Request-ID
Access-Control-Request-Method
Edge-Cache-Tag
X-Goog-Hash
Front-End-Https
X-Country-Code
X-Daa-Tunnel
X-Forwarded-For
X-Version
Public-Key-Pins
X-RateLimit-Remaining
X-XRDS-Location
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-Powered-CMS
AR-CACHE
TCN
X-Id
X-T
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-MSEdge-Ref
X-Recruiting
X-Content-Digest
X-Accel-Expires
X-Middleton-Response
Response
X-Shield-Request-Id
X-Ser
TP-Cache
TP-L2-Cache
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Amzn-Trace-Id
Nginx-Cache
S
X-Fastly-Request-ID
X-Request-Processing-Time
X-Ratelimit-Limit
X-Request-Received
X-HS-Cache-Config
X-Hits
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
Cache-Status
Server-Node
X-Distributor
MicrosoftSharePointTeamServices
X-Edge-Location-Klb
X-Kinsta-Cache
Cache-Tags
Fastcgi-Cache
X-Grace
Alternate-Protocol
Server-Name
X-Protected-By
X-DIS-Request-ID
X-Ezoic-Cdn
X-Ratelimit-Reset
X-LB-Cache
X-Origin-Server
X-DataDome
X-Geo-Country
X-FastCGI-Cache
X-Ua-Browser
X-Request-Handler-Origin-Region
X-Microsite
X-Ratelimit-Remaining
X-Frontend
X-Rid
Cross-Origin-Opener-Policy
X-Debug-Info
X-TEC-API-ORIGIN
X-Git-Hash
X-Www-Served-By
Filterid
X-Varnish-Backend
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Logged-In
X-FB-Debug
Cleartype
Healthy
X-NGENIX-Cache
X-Forwarded-Proto
X-Page-Id
Payment
X-Load-Cache
X-Webkit-Csp
X-ASPNET-VERSION
X-LLID
Charset
X-B3-Sampled
DC
Content-Disposition
X-Origin-Cache
X-Hostname
X-Cluster-Name
X-TTL
X-VCache
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-GUploader-UploadID
X-Goog-Metageneration
X-PressLabs-Stats
MS-Author-Via
Access-Control-Allow-Method
X-Upgrade-Enabled
Retry-After
X-Proxy
X-F-Cache
Accept-Charset
Cross-Origin-Resource-Policy
X-Az
X-AppVersion
Paypal-Debug-Id
X-Amz-Replication-Status
Realpath
X-Activity-Id
X-Oracle-Dms-Rid
X-Revision
X-B-Cache
X-Contextid
X-Signature
X-Oracle-Dms-Ecid
X-Amz-Meta-S3cmd-Attrs
X-Aspnet-Duration-Ms
X-Route-Name
X-Is-Crawler
X-Type
X-Providence-Cookie
X-Azure-Ref
X-Hosted-By
X-Flags
X-Request-Guid
X-Seen-By
X-Varnish-Server
X-B
X-App-Environment
X-TT
Viewport
X-Fb-Rlafr
X-Whom
X-Aspnetmvc-Version
X-ORACLE-DMS-ECID
X-Wix-Request-Id
X-ORACLE-DMS-RID
X-DynaTrace
Surrogate-Key
Count-Hit
X-Source
Referer-Policy
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
X-Language
X-App-Server
X-Mobile
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Template
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Cache-Control
X-RateLimit-Limit
Host
X-Varnish-Grace
X-Magnolia-Registration
X-HTML-Minification-Powered-By
X-EdgeConnect-Cache-Status
X-N
X-Tumblr-Pixel-0
X-Cache-Rule
X-Tumblr-Pixel-1
X-Tumblr-User
Version
X-Response-Served-From
X-Tumblr-Pixel
X-Original-Request-Id
X-Varnish-Age
X-Cache-Time
X-UUID
X-RTag
X-Rule
SD-X-WS
Ms-Operation-Id
MS-CV
X-Cache-Status-Check
Section-Io-Cache
Access-Control-Request-Headers
X-Envoy-Decorator-Operation
Refresh
X-Page-View
X-ProcessESI
X-Adobe-Loc
X-Environment-Context
Protected
X-Cacheable-TTL
X-Cache-Grace
X-RemovedCookies
X-Adobe-Content
X-Jobs
X-Cache-Expired-At
X-L-Path
X-FW-Dynamic
X-Content-Powered-By
X-FW-Hash
X-FW-Static
X-FW-Server
X-Framework
X-FW-Serve
X-FW-Version
X-FW-Type
X-B3-Traceid
VIX-Pulpo-Upstream-Status
Akamai-GRN
X-Status
VIX-Pulpo-Node
X-Device-Type
NGB
X-Rendered-As
X-G
X-Is-Bot
GEO-INFO
X-NYM-Debug-Backend
Url
X-Http-Reason
X-User-Agent
X-Cache-Age
X-Instance
SRV
X-Backend-Name
X-Servername
X-Akamai-Request-ID2
X-Trace-Id
X-Debug-IsPreview
X-Debug-IsConnected
Accept-Ch
X-COUNTRY
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Newrelic-App-Data
From-Origin
X-Nginx-Cache
WPO-Cache-Status
WPO-Cache-Message
CDN-RequestId
X-CDN-Forward
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Hit
X-Region
Accept-Language
Front
X-Tb
Country
X-Node-Name
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Tt-Logid
X-Amz-Apigw-Id
X-Amzn-RequestId
Backend
X-Real-IP
Fastly-SIE
X-Content-Options
Fastly-SWR
X-Tec-Api-Version
X-Buckets
X-XRDS-LOCATION
X-Tec-Api-Origin
X-Tec-Api-Root
X-VC-Cache
Uber-Trace-Id
Fastly-Drupal-HTML
X-Unique-Id
X-DynaTrace-JS-Agent
Content-Secure-Policy
X-Zen-Fury
X-Times
X-Cache-Operation
X-Mode
Filters
X-UPSTREAM-Address
X-Tumblr-Pixel-2
Meta-Geo
X-Generation-Time
X-RN-RSRV
X-Rewrite-Enabled
X-IPS-LoggedIn
X-TIME
X-Time
Azure-InstanceId
Azure-SlotName
X-Proxy-Cache-Info
Onion-Location
X-Web-Node
CF-IPCountry
Azure-Version
X-Amzn-Remapped-Content-Length
Azure-SiteName
Webserver
X-Rocket-Nginx-Serving-Static
Azure-RegionName
X-Cache-Server
X-Soup
X-Sql-Count
X-Sucuri-ID
X-Say-Cacheable
X-Cache-Host
X-Cache-Action
X-Reqid
X-Proxy-Cache-Status
X-Debug
X-Locale
X-PHP-Backend
X-Adobe-Source
Cache-Hits
X-SayCDN-TTL
X-Content-Age
X-Server-W
X-Say-TTL
X-Sql-Duration-Ms
X-Via-Fastly
X-Ua
X-Sucuri-Cache
X-Skip-Cache
X-Cms-Context
X-Fastly-Request-Id
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
TWC-Privacy
X-Cache-TTL-Remaining
X-Handled-By
TWC-Locale-Group
ServerID
S-Rt
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Labrador-Cache-Channel
X-PHP-Host
X-Proto
X-Ms-Version
X-ProxyCache-Key
X-ProxyCache-Status
X-UA-Device-Type
X-R9-Blue-Green-Version
X-Ms-Request-Id
X-IPLB-Request-ID
X-Site-Version
Property-Id
X-Varnish-Beresp-Grace
X-URL
X-BYPASS-REASON
X-Origin-Hint
X-IPLB-Instance
X-SRV
Node
Cache-Name
Apigw-Requestid
X-Timing-Wait
X-Access
X-JoinUs
X-Cluster
X-Section
Web-Mar-Node
X-SaId
X-Forwarded-Host
X-LAGOON
X-GeoCode
X-GeoCountry
X-Format
X-FB-TRIP-ID
X-Proxy-Build
X-Detected-As
X-Edge-Location
CDN-Cache
X-AWS-Id
DB-Nickname
X-No-Session
CDN-RequestCountryCode
X-Air-Source
X-Cluster-Node
X-VWS-Id
X-Air-Hostname
X-Air-Trace-Id
CDN-Uid
CDN-CachedAt
Selected-Fe
CDN-EdgeStorageId
CDN-PullZone
X-LJ-Flow-ID
X-LSADC-Cache
Locale
Mn-Server-Ip
Mime-Version
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Urbn-Site-Id
X-Urbn-Context-Path
WP-Super-Cache
Liferay-Portal
Cross-Origin-Window-Policy
Fastcgi-Useragent
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Xfnlog-Site
X-Optimistic-Header
ServedBy
X-Extlb
X-CACHE-AGE
X-Hl-Ver
X-Tumblr-Pixel-3
X-Request-Time
X-ECache
X-Oneagent-Js-Injection
Source
X-Cache-Debug
X-Redis-Cache
X-Presslabs-Stats
X-Origin-Date
X-TNCMS
Upgrade-Insecure-Requests
X-Loop
X-Mg-Request-UUID
Xserver
CF-Cached-On
X-Uri
X-Generated-By
X-Akamai-Transformed
X-GEO
X-Director
X-Varnish-Hits
Xet-Cookie
Countrycode
X-TA-CDN-Provider
X-Pass-Why
X-ARC
X-NWS-UUID-VERIFY
X-Newrelic-Synthetics
Frame-Options
X-Varnish-Beresp-Ttl
X-Tid
X-FireWall-Port
X-Origin-CC
X-Tx-Id
X-Origin-TTL
X-Storage
X-Varnish-Cache-Hits
X-Varnish-Ttl
X-Service
Cache-Tv-Group
X-App-Version
X-Sorting-Hat-ShopId
X-Varnish-Hostname
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-DC
X-ShardId
X-Alternate-Cache-Key
X-RM-Cache-TTL
X-Datadog-Trace-Id
Environment
X-Endurance-Cache-Level
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-ServerID
X-Request-Host
X-A-Wwc
X-Processor
X-Application
X-S
X-BBC-Edge-Cache-Status
X-Rojux
X-S-Cookie
X-Mid
X-B-Cookie
X-Frame-Option
X-Aed
BehaviorPad-Version
Memcached
Meta-Geo-Continent
Thinkindot-CacheControl-Type
MD5-Digest
Thinkindot-Control
Release
X-Loc
Lang
Thinkindot-CacheControl
Ngx.Var.Host
Redirect-Candidate
Surrogated-Key
X-Mobile-URL
T-Server
Origin
Odigeo-Trace-Id
TDXMobile
Rendered-Blocks
X-Level-Front-Cache
X-A
Candidate-Md5Url
X-Origin-Time
Sslversion
X-A-Ccd
X-A-Dcw
X-A-Dam
A
X-INCAP-ABP
WWW-Authenticate
Gannett-Cam-Experience-Id
Host-ID
Req-Svc-Chain
X-Nyt-Route
Edge-Cache
DCR-Decision-By
DCR-Processing-Time-Ms
X-A-Dgt
X-S-Maxage
X-Ec-Fail
X-Epic-Correlation-Id
X-CMSURLCustom
X-Cache-NE
X-Cache-Info
X-Thinkindot-L3
X-TIM-N
X-Developer
Server-Info
X-Destination
X-Generated-On
X-Gdpr
X-Ec-GeoHdr
X-Vdms-Version
X-Vdms-Path
X-D
X-We-Are-Hiring
X-ScT
X-SRCache-Key
X-Conf
X-Core-Value
X-BCube-Filmed-By
X-External-Request-Id
X-Test
Xc-Version
X-Served-From
X-Bc-Bl
SID
X-Old-Content-Length
Fastly-GeoIP-CountryCode
X-DefHash
X-Core-Mission
Fastly-Backend-Name
Tube-Got-Results
X-Clara-WADP
X-Varnish-Remaining-TTL
X-Is-Gdpr
Tube-Return
DSUID
Tube-Get-Contents
Tube-Got-Eval
X-Fmm-Version
X-Worker
X-Rocket-Build-Number
X-Org
X-WP-CF-Super-Cache-Active
Cache-Host
State
Ssr
X-WADP-Cache
X-WA-Info
X-VG-TLSProxy
X-CUA
X-JWT-State
X-DefElseHash
X-Vmg-Version
Magicmarker
X-VServer
X-Fetched-On
X-Origin-Response-Time
X-Cdn-Origin
X-Geo-Header
X-GeoIP-City
X-Thanos
X-Gamma-Serve
X-Pool
X-Platform-Router
X-Varnish-CookieHashed-On
X-Platform-Server
X-Has-Esi
X-Req
X-Bip
X-Restarts
X-SD-PageType
X-SB
X-Cache-Bucket
X-Sn-Servicetimems
X-Akamai-Device-Characteristics
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sigma-Backend
X-Platform-Processor
Click-Count-Action-Start
X-HS-Content-Campaign-Id
X-Location
X-Varnish-CookieINHashed-On
Click-Count-Error
CloudFront-Viewer-Country
X-Httpd
X-Human
Cluster
Cache-Key
C-Via
Server-Host
X-Sigma
X-Ec-Custom-Error
X-Platform-Cluster
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Country-Code
X-Parent-Response-Time
Section-Io-Origin-Status
Section-Io-Id
X-B3-Spanid
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-V-Cache
X-Up
X-Cache-Id
X-Cache-FS-Status
X-GeoIP-Country-Code
X-Var-Ttl
X-Cdn-Srv
X-Varnish-Beresp-Status
X-Variation
X-GeoIP-Region-Code
X-Slack-Shared-Secret-Outcome
X-Men
Server-Ext
X-Azure-Ref-OriginShield
Producers
X-Scale
X-Cache-Backend
X-Block-Status
X-Slack-Backend
X-Ckpd-Fst-Backend
X-Varnishpool
X-Dispatcher-Server
X-Dispatcher-Number
X-Device-Os
X-Developers
X-DPWN-IS-SECURE
X-GeoIP
X-Fastly-Backend
X-Esi-Check
X-Hash
We-Hiring
Server-Hostname
Gh-Request-Id
CacheControlHeader
X-Wix-Viewer-Type
Kp-EeAlive
Mail-Subject
NM-Fastcgi-Cache
X-Date
X-Gen-Mode
X-Auto-Login
X-Minions-Version
Decoy-Debug-TTL
X-NodeID
Is-Eu
Decoy-Debug-Status
Sever-Int
Web-Mar-Region
Vix-Hermes-Req-Id
Decoy-Debug-Key
X-Node-Id
X-Nginx-Cache-Key
Origin-EX
X-Nananana
Platform
Svr
Origin-CC
Machine
NGX
On-Server
Datacenter
User-Cache-Control
Cmstype
X-Accel-Expires-Debug
X-Accel-Buffering
X-Region-Sid
X-Ad-Defer-Variation
X-App
X-Request-Start
X-Hnp-Log
X-Gzip
X-Planisys-CDN-TTL
X-Qloud-Router
X-Origin
Cmsid
X-Owner
Adler-Geo
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-AIR-PT
X-Platform
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Pubstack
X-Cache-Date
X-Cache-Tags
X-LB-NoCache
X-Op-Id-All
Canary
X-Refresh
X-NCache
X-CacheTTL
X-Server-IP
X-FC-Vary-Parameters
Wxu-Next-Region
Wxu-Next-Commit
Cache-Provider
CDCHOST
L
Pics-Label
Wxu-Next-Hostname
X-Forwarded-Site
X-Webkit-CSP-Report-Only
X-CSRF-Token
X-Via-Popn
X-Via-Popv
X-Esi
X-Via-Poph
Fastly-SSL
X-Microcachable
X-Cache-Remote
X-VarnishDD-TTL
X-Trace-ID
X-Aicache-OS
X-HN
PFcat
X-Mly-Id
X-Eu-Site
Cdn
X-Csrf-Jwt
X-CGP
X-Mvc-Supplant-OutputCached
Ha-Gx-Prefs
HostName
L5d-Success-Class
HA-Ipaddr
X-Cached-By
X-HA-Backend
Env
X-Servedbyhost
Load-Balancing
GeoIP-Latitude
X-Tb-Optimization-Total-Bytes-Saved
X-VC
X-ZONE
X-AK-Request-ID
X-Fastly-Cache
X-RCS-CacheZone
Server-ID
Cdnsip
Cdncip
X-ND-Cache
X-Nc
X-Origin-Expires
X-Webkit-CSP
X-DataCenter
X-API-Version
X-Gateway-Cache-Key
X-Zone
Memory
X-Fpc
Time
X-Api-Version
X-Gateway-Cache-Status
X-Wa
X-Response-By
X-Instance-Name
X-Gateway-Skip-Cache
X-HS-Status
X-Release
X-Gateway-Request-Id
X-LB-ID
X-APP-VERSION
X-Vc
X-Via-NSCOPI
X-From
Expect-Staple
X-Generated-In
X-CS
X-Correlation-ID
Cache
AMP-Access-Control-Allow-Source-Origin
X-Cache-Enabled
X-NGINX-Cache
X-Via-CDN
X-CCDN-CacheTTL
X-Client-Ip
X-Check-Cacheable
X-Hcs-Proxy-Type
Srvid
Locid
X-Edge-Pop
X-CCDN-Origin-Time
X-FL-EDGE
Eomportal-Instance
X-FL-QIT-DEBUG
NtCoent-Length
Hostname
X-Via-SSL
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Micro-Cache
X-Vgn-Hpd-Variations-Key
GeoIp-Country-Code
X-Provided-By
Edge-Copy-Time
X-Via-Edge
Ngx-Var-Key
X-NewRelic-App-Data
OT-Force-Account-Verify
X-CSRF-TOKEN
X-Proxy-CacheRZ
XkeyRZ
IsBot
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Store
True-Client-IP
X-Debug-Cache-Fetch
X-Air-Pt
X-Vcl-Version
X-Request-URI
X-SIPLIST1
X-MCACHE
X-Dc
X-B3-SpanId
X-Srv
X-Via-JSL
X-Cache-NGX
X-Lambda-Id
X-VCL-Version
X-Nf-Request-Id
X-Info
Sid
CPC-Cache
VNS-Age
CPC-Age
X-Render-Time
VNS-Cache
X-Vtex-Remote-Cache
Srv
X-EC-Lua
Uri
Path
True-Client-Ip
X-Cs
Fastly-Drupal-Html
X-VCT
Location
Resin-Trace
X-TH-Server
X-Server-ID
Request-ID
CDN
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-ATG-Version
X-Oss-Request-Id
X-Oss-Storage-Class
X-Cache-Expires
X-Fastly-Country-Code
X-TX-ID
GeoIP-Country-Code
X-CLOUD-TRACE-CONTEXT
X-MSEdge-Features
X-Datadome
X-Edge-POP
X-Contensis-Viewer-Groups
Cross-Origin-Opener-Policy-Report-Only
Esi-Enabled
X-MSEdge-Flight
Servername
X-Varnish-Authentication
X-Cache-ASPX
X-CACHE-KEY
YJS-ID
X-Upstream-Ht
M-TraceId
X-Upstream-Ct
X-Accel-Version
X-Varnish-Beresp-TTL
X-Pod-Name
X-Moov-T
X-FPC
X-RateLimit-Remaining-Second
X-CF-Lambda-Fn
X-Service-Response-Time
X-CF-Lambda-Version
Timeexpire
X-Cdn-Request-ID
X-Moov-Xdn-Version
Sm-Log-Id
X-RateLimit-Limit-Second
X-Cache-Type
X-Scheme
X-PAYTM-SRV-ID
Traceparent
X-Datacenter
X-WA
LB
X-ApacheServer
X-RateLimit-Reset
X-Viewer-Country
X-PERF
X-Lb-Id
CountryCode
X-Akamai-Pragma-Client-IP
Server-Id
X-Cdn-Cache-Status
X-SERVER-NAME
X-Wikidot-Static-Cache
X-CDN-Cache-Status
X-NC
X-Udemy-Cache-App-Namespace
HIT
RNT-Time
X-Wikidot-Backend
RNT-Machine
N-Cache
X-Geo
XServer
X-NAPM-TraceId
Powered-By
Ohc-File-Size
X-Tenant
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Proxy-Connection
X-ServedByHost
X-Shop-Environment
X-Orig-Expires
X-Forwarded-Path
X-Bl-Debug
FSS-Cache
X-Cdn-Forward
X-Dw-Trace-Id
X-TraceId
X-B3-Trace-ID
Epwk-X-Cache
Geoip-Latitude
X-LiteSpeed-Cache-Control
Rip
ENV
Yjs-Id
Ms-Author-Via
X-Ha-Backend
X-Hyper-Cache
V-Age
X-MP-GENERATED-AT
X-App-Name
X-Clientip
True-Client-Country-4JS
X-Policy
X-Lb-Nocache
X-Amz-Meta-Opti
WZWS-RAY
Tracecode
X-M-Reqid
X-M-Log
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Content-Style-Type
X-Acquia-Site
X-Qnm-Cache
X-Acquia-Purge-Tags
Content-Script-Type
X-RAMCache
X-B3-ParentSpanId
X-Fastly-Backend-Reqs
X-Serial
X-Swift-Error
User-Agent
X-B3-Parentspanid
X-VG-WebCache
X-Via-PopN
X-Via-PopH
Ec-Rule-Version
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Vgn-Hpd-Reason
Ngx
XM
Inserted-Into-Cache-At
X-Via-PopV
X-Wp-Cf-Super-Cache
X-F-Status
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-TT-LOGID
X-Webstats-RespID
Lb
X-Fastly-Cache-Hits
Hit
X-Request-URL
Warning
X-IPS-Cached-Response
Cneonction
MIME-Version
X-LiteSpeed-Tag
My-App
X-Snapshot-Date
X-Cache-Ngx
X-Mid-Debug-Cache-Key
X-Mid-Debug-Cache-Disk
X-Th-Server
X-MiniProfiler-Ids
X-UP
X-Stale