Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-FRAME-OPTIONS
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
X-Iinfo
X-Envoy-Upstream-Service-Time
Feature-Policy
Timing-Allow-Origin
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
P3p
Content-Encoding
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
Access-Control-Max-Age
CF-Ray
X-Via
X-Robots-Tag
X-Cache-Group
X-Dns-Prefetch-Control
Server-Timing
X-UA-Device
Keep-Alive
Request-Context
X-AH-Environment
X-Turbo-Charged-By
X-Ua-Compatible
X-Amz-Request-Id
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
X-Ws-Request-Id
Host-Header
X-Hacker
X-Server-Powered-By
X-Server
X-Rq
X-Vhost
X-LiteSpeed-Cache
X-Varnish-Cache
Grace
X-Amz-Version-Id
Cf-Edge-Cache
X-Dispatcher
Allow
EagleId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Page-Speed
Accept-CH
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
X-WebKit-CSP
Ali-Swift-Global-Savetime
Cf-Railgun
X-Node
X-Host
X-OneAgent-JS-Injection
X-Pingback
X-Cache-Spec
X-Backend-Server
X-Akam-SW-Version
X-Server-Id
Surrogate-Control
Request-Id
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
EagleEye-TraceId
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-Readtime
X-HW
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Application-Context
Rating
X-Trace
X-Url
Fastly-Restarts
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-CST
X-Ruxit-Js-Agent
X-MS-InvokeApp
X-Edge
X-Amz-Server-Side-Encryption
X-ESI
X-Vname
X-TtlSet
X-PC
X-Rack-Cache
X-Mod-Pagespeed
X-Country
X-Content-Type
X-B3-TraceId
Edge-Control
X-Oneagent-Js-Injection
X-Vcap-Request-Id
Accept-Ch-Lifetime
Cf-Apo-Via
X-Akamai-Path-Stats
X-FastCGI-Cache
X-Mcache
X-D2id
Verso
X-GitHub-Request-Id
Xkey
Cache-Tag
Service-Worker-Allowed
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Powered-By-Plesk
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Amz-Rid
X-Ttl
X-ECACHE
X-Navigation-Version
RTSS
X-Server-Name
X-Varnish-TTL
X-VARITI-CCR
X-Abt-Application-Version
X-Ac
X-Upstream
X-Version
X-Client-IP
X-Cnection
X-Cached
X-Element-Page-Cache
X-Ruxit-JS-Agent
Arr-Disable-Session-Affinity
Permissions-Policy
X-Dw-Request-Base-Id
X-Server-Lifecycle-Phase
SPRequestGuid
X-Instrumentation
X-Kraken-Loop-Name
X-SharePointHealthScore
X-RateLimit-Remaining
X-Px
SPRequestDuration
SPIisLatency
Display
X-Middleton-Display
X-Sol
Pagespeed
Public-Key-Pins
X-Cache-TTL
X-NWS-LOG-UUID
X-Country-Code
X-Middleton-Response
Response
X-Midtier
X-Edge-Location-Klb
X-Kinsta-Cache
X-Forwarded-For
X-Ser
X-Cache-Key
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Goog-Hash
Content-MD5
X-DataDome
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Shield-Request-Id
X-NF-Request-ID
Access-Control-Request-Method
X-HP-Trace-Id
X-Correlation-Id
X-MSEdge-Ref
X-HP-Webp
X-Jurisdiction
Front-End-Https
X-RateLimit-Limit
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-T
X-Recruiting
AR-SID
Edge-Cache-Tag
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
MicrosoftSharePointTeamServices
X-Webkit-Csp
X-Daa-Tunnel
Nginx-Cache
TP-L2-Cache
TP-Cache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Accel-Expires
X-Mg-S
X-Content-Digest
TCN
X-Grace
X-Powered-CMS
X-Hits
X-Request-Processing-Time
X-Amzn-Trace-Id
X-Request-Received
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Node
X-HS-Hub-Id
X-HS-Content-Id
Server-Name
Filters
MS-Author-Via
Fastcgi-Cache
X-Id
X-Geo-Country
X-Fastly-Request-Id
Count-Hit
X-PressLabs-Stats
X-Frontend
X-Origin-Server
X-XRDS-Location
X-Ua-Browser
X-Distributor
X-Ezoic-Cdn
Filterid
Cross-Origin-Opener-Policy
X-LLID
X-Language
S
X-ASPNET-VERSION
Payment
X-Forwarded-Proto
X-Microsite
X-Request-Handler-Origin-Region
Charset
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Protected-By
X-LB-Cache
Host
X-FB-Debug
X-F-Cache
X-Git-Hash
X-B3-Sampled
X-Page-Id
X-Seen-By
X-Amz-Meta-S3cmd-Attrs
X-Ratelimit-Reset
X-Cluster-Name
X-VCache
Cache-Status
X-Rid
Surrogate-Key
X-Www-Served-By
X-Ab
Cache-Tags
X-Logged-In
Access-Control-Allow-Method
X-Upgrade-Enabled
Accept-Ch
X-DIS-Request-ID
X-Cache-Age
X-COUNTRY
X-Source
X-Origin-Cache
Retry-After
X-Varnish-Backend
Realpath
X-Activity-Id
Alternate-Protocol
X-AppVersion
X-Az
Accept-Charset
Cleartype
X-Amz-Replication-Status
X-Template
X-NGENIX-Cache
Paypal-Debug-Id
X-Type
DC
X-Envoy-Decorator-Operation
X-App-Environment
X-Tb
X-Wix-Request-Id
X-TT
X-Varnish-Grace
X-B-Cache
X-Signature
X-Hostname
X-Revision
X-Aspnet-Duration-Ms
X-B
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-Flags
X-DynaTrace
ServerID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Frame-Options
X-Contextid
X-Fastcgi-Cache
X-Cache-Rule
X-Node-Name
X-Trace-Id
X-Drupal-Cache-Tags
X-Tt-Trace-Host
X-Tt-Trace-Tag
Refresh
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Cross-Origin-Resource-Policy
X-Fastly-Request-ID
X-Proxy
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Referer-Policy
X-Debug
X-Mobile
X-Load-Cache
X-Content-Options
Node
X-TTL
Amp-Access-Control-Allow-Source-Origin
X-XRDS-LOCATION
X-Original-Request-Id
NGB
X-Response-Served-From
X-Varnish-Server
X-EdgeConnect-Cache-Status
Viewport
X-Cache-Control
Country
X-Content-Powered-By
Akamai-GRN
X-Magnolia-Registration
X-N
X-Varnish-Age
X-Debug-IsConnected
X-Cache-Time
X-Debug-IsPreview
X-Whom
X-NYM-Debug-Backend
X-Instance
X-Framework
X-Status
Uber-Trace-Id
X-G
Content-Disposition
X-Akamai-Request-ID2
X-Adobe-Loc
X-Adobe-Content
X-ProcessESI
X-Real-IP
X-User-Agent
Access-Control-Request-Headers
X-L-Path
X-RemovedCookies
X-Environment-Context
X-Cacheable-TTL
X-Page-View
VIX-Pulpo-Upstream-Status
X-Yottaa-Optimizations
X-Cache-Grace
X-Yottaa-Metrics
X-Cache-TTL-Remaining
X-Mid
X-Rendered-As
X-Is-Bot
VIX-Pulpo-Node
Srv
Url
X-Jobs
X-Servername
X-Cache-Expired-At
X-Via-JSL
Healthy
Countrycode
X-Tumblr-Pixel
X-Rule
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-CDN-Forward
X-Cache-Hit
X-Unique-Id
X-Cache-Operation
X-Backend-Name
X-Drupal-Cache-Contexts
Version
Accept-Language
X-Litespeed-Cache
X-Time
X-Akamai-Edgescape
X-Cache-Action
X-Debug-Info
X-Server-ID
X-Http-Reason
Xserver
X-VC-Cache
X-Tec-Api-Origin
X-Tec-Api-Version
X-APP-VERSION
X-Tec-Api-Root
Section-Io-Cache
X-Mg-Request-UUID
Content-Secure-Policy
Protected
X-IPLB-Instance
X-IPLB-Request-ID
X-Tt-Logid
X-Generation-Time
X-HTML-Minification-Powered-By
Backend
X-Azure-Ref
Server-Info
X-Oracle-Dms-Ecid
X-Hosted-By
X-Oracle-Dms-Rid
X-UPSTREAM-Address
X-FW-Static
X-Api-Version
X-RN-RSRV
Meta-Geo
X-FW-Dynamic
X-FW-Serve
X-FW-Type
X-FW-Server
X-Storage
X-Generated-By
X-FW-Hash
X-Amzn-RequestId
X-Cache-Status-Check
X-Device-Type
MS-CV
X-RTag
Ms-Operation-Id
X-Amz-Apigw-Id
X-PCL
Property-Id
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
X-Varnish-Cache-Hits
X-Format
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Origin-Hint
Azure-Version
Webcakes-Region
CF-IPCountry
X-Access
X-OCL
Liferay-Portal
X-Section
GEO-INFO
X-App-Server
X-R9-Blue-Green-Version
Onion-Location
X-Mobile-URL
X-Cache-Server
X-Hl-Ver
X-No-Session
X-Provided-By
X-LJ-Flow-ID
X-Cms-Context
X-SRV
X-Restarts
X-Dc
X-Locale
X-Mode
X-VWS-Id
X-FireWall-Port
X-SaId
X-Proto
X-Server-W
X-Proxy-Cache-Status
Web-Mar-Node
X-Varnish-Hostname
X-AWS-Id
X-JoinUs
X-Redis-Cache
X-Varnishpool
X-Handled-By
X-Ms-Request-Id
X-Request-Time
Cache-Name
X-ProxyCache-Status
X-ProxyCache-Key
X-PHP-Host
X-Proxy-Build
X-PHP-Backend
X-Region
X-Ms-Version
X-Web-Node
X-Xfnlog-Site
X-Via-Fastly
X-UA-Device-Type
Locale
Mn-Server-Ip
X-Labrador-Cache-Channel
DB-Nickname
X-Sql-Count
CDN-Uid
X-Forwarded-Host
X-Edge-Location
X-BYPASS-REASON
X-Adobe-Source
X-Cache-Host
X-Cache-Type
Selected-Fe
X-Skip-Cache
CDN-RequestId
X-Sql-Duration-Ms
X-Say-TTL
X-Say-Cacheable
X-Urbn-Context-Path
X-Urbn-Site-Id
X-SayCDN-TTL
X-Site-Version
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
X-Varnish-Beresp-Grace
X-Timing-Wait
Eomportal-Instance
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ServerID
X-Shopify-Stage
X-Routing-Service
X-ShopId
X-Zipkin-Id
X-ECache
X-Alternate-Cache-Key
X-ShardId
X-Content-Age
Apigw-Requestid
X-DynaTrace-JS-Agent
S-Rt
X-FB-TRIP-ID
X-Extlb
X-Proxied
X-Nginx-Cache-Key
X-Content
Load-Balancing
X-Tid
X-Storefront-Renderer-Rendered
WP-Super-Cache
X-GeoCode
X-Amzn-Remapped-Content-Length
X-Detected-As
X-GeoCountry
X-Vgn-Hpd-Reason
X-Reqid
X-WP-CF-Super-Cache-Cache-Control
X-LSADC-Cache
X-Cdn
X-WP-CF-Super-Cache
X-Cache-Enabled
X-Varnish-Ttl
Xet-Cookie
X-B3-Traceid
X-Loop
X-TNCMS
X-Pubstack
X-Ua
X-Newrelic-Synthetics
X-Tumblr-Pixel-2
X-Uri
X-Soup
X-Ratelimit-Remaining
X-Correlation-ID
X-App-Version
X-Origin-Date
X-Cache-NGX
X-Aspnetmvc-Version
X-Service
X-MP-GENERATED-AT
From-Origin
X-Zen-Fury
X-Webkit-CSP
X-TIME
X-Origin-CC
X-Origin-TTL
X-Cache-Debug
Source
X-UUID
ServedBy
X-Varnish-Hits
X-TA-CDN-Provider
Origin
X-Nginx-Cache
Fastcgi-Useragent
X-NewRelic-App-Data
X-Human
X-GEO
Fastly-Drupal-HTML
Cache
X-Varnish-Beresp-Ttl
X-Cache-Tags
Upgrade-Insecure-Requests
X-Rewrite-Enabled
X-Cluster
X-Ratelimit-Limit
X-Cached-By
Rip
X-ScT
Cross-Origin-Window-Policy
Webserver
BehaviorPad-Version
MD5-Digest
Rendered-Blocks
Host-ID
A
Meta-Geo-Continent
X-Ec-Fail
X-Ec-GeoHdr
X-External-Request-Id
X-Vdms-Path
X-Tenant
X-SRCache-Key
Surrogated-Key
T-Server
X-A-Wwc
X-Vdms-Version
X-A-Ccd
X-User
Expiry
X-Developer
X-A-Dcw
X-B-Cookie
X-Bc-Bl
X-A-Dgt
X-ARC
X-Aed
X-Application
X-BCube-Filmed-By
X-A-Dam
X-D
X-Destination
X-Forwarded-Path
X-Connection-Hash
Mime-Version
X-Cache-NE
Xc-Version
X-VG-WebCache
X-TIM-N
Odigeo-Trace-Id
X-Shop-Environment
X-A
X-S-Cookie
Sslversion
DCR-Decision-By
X-NAPM-TraceId
X-Orig-Expires
X-Parent-Response-Time
DCR-Processing-Time-Ms
X-PBS-Appsvrname
X-Processor
Lang
X-S
X-Rojux
SD-X-WS
Ngx.Var.Host
OT-Force-Account-Verify
X-Request-Host
X-RCS-CacheZone
WPO-Cache-Message
WPO-Cache-Status
Cdnsip
X-Aicache-OS
X-Origin-Time
X-Gdpr
X-AK-Request-ID
X-Tumblr-Pixel-3
X-Served-From
X-Nyt-Route
Redirect-Candidate
Release
X-GeoIP-City
X-FW-Version
X-Cluster-Node
Cdncip
Gh-Request-Id
Environment
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
X-Core-Value
X-INCAP-ABP
X-Generated-On
Thinkindot-CacheControl
X-Level-Front-Cache
X-Developers
X-Geo-Header
X-Sucuri-Cache
AKAMAI
X-Optimistic-Header
X-CMSURLCustom
X-Cdn-Srv
X-HS-Content-Campaign-Id
X-Thinkindot-L3
X-Cache-Remote
X-Auto-Login
Fastly-Backend-Name
X-Sucuri-ID
We-Hiring
Traceparent
Origin-EX
Req-Svc-Chain
Machine
L
Origin-CC
NM-Fastcgi-Cache
Mobile-Detection-Method
NGX
Memcached
Mail-Subject
Kp-EeAlive
Servername
Tube-Got-Eval
Tube-Got-Results
Tube-Return
VNS-Age
Tube-Get-Contents
Ha-Gx-Prefs
Svr
IsBot
HA-Ipaddr
VNS-Cache
X-FC-Vary-Parameters
X-Proxy-Cache-Info
X-Pool
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Request-URI
X-Policy
X-Owner
X-Mvc-Supplant-Cachable
X-Minions-Version
X-NCache
X-NodeID
X-Origin-Response-Time
X-Rocket-Build-Number
X-Rocket-Nginx-Serving-Static
X-Varnish-Beresp-Status
X-Var-Ttl
X-VG-TLSProxy
X-Viewer-Country
X-WADP-Cache
X-Thanos
X-SplitTest
X-SB
X-S-Maxage
X-Sigma
X-Sigma-Backend
X-SIPLIST1
X-Loc
X-Irp-Debug
X-Cache-Bucket
X-Bip
X-Cache-Id
X-Cache-Info
X-CGP
X-BBC-Edge-Cache-Status
X-Azure-Ref-OriginShield
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-AOL-HN
X-ATG-Version
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Fetched-On
Fastly-GeoIP-CountryCode
X-Fmm-Version
X-GeoIP
X-Gzip
X-Eu-Site
X-Esi-Check
X-Csrf-Jwt
X-Device-Os
X-Dispatcher-Number
X-Epic-Correlation-Id
Web-Mar-Region
L5d-Success-Class
Apple-News-Services-Handled
Apple-News-Services-Host
CPC-Age
Canary
X-Pass-Why
Datacenter
Cluster
CloudFront-Viewer-Country
Cache-Host
Candidate-Md5Url
Apple-News-Services-Request-Url
Click-Count-Action-Start
Apple-News-Services-Parsed-Url
Click-Count-Error
Decoy-Debug-Key
CPC-Cache
Decoy-Debug-Status
Decoy-Debug-TTL
X-Accel-Buffering
Server-Host
X-JWT-State
X-Has-Esi
X-Debug-Cache
X-Is-Gdpr
LB
X-Worker
X-WP-CF-Super-Cache-Active
X-Qloud-Router
X-Platform-Server
X-Ad-Defer-Variation
X-Scheme
X-Planisys-CDN-TTL
X-Region-Sid
X-Slack-Backend
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Scale
X-Sn-Servicetimems
X-Mvc-Supplant-OutputCached
X-DefElseHash
X-DefHash
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Ec-Custom-Error
X-Fastly-Backend
X-DPWN-IS-SECURE
X-URL
X-Gamma-Serve
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-V-Cache
X-CacheTTL
X-Branch-Name
X-Block-Status
X-Planisys-CDN-Cache
X-Cdn-Origin
X-Hnp-Log
X-Gen-Mode
X-Core-Mission
Fastly-SIE
X-Hash
X-Planisys-CDN-Rules
X-Variation
X-Clientip
Cmsid
X-Up
Cmstype
X-VServer
Country-Code
CDCHOST
Producers
X-Forwarded-Site
Is-Eu
X-Origin
X-Wix-Viewer-Type
Fastly-SWR
State
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
User-Cache-Control
V-Age
Vix-Hermes-Req-Id
DSUID
X-Varnish-Remaining-TTL
Fastly-SSL
Adler-Geo
Platform
AMP-Access-Control-Allow-Source-Origin
WebServer
X-Udemy-Cache-App-Namespace
X-LB-NoCache
HostName
Memory
X-CSRF-Token
Server-Ext
X-Dispatch
Server-Hostname
Sever-Int
Time
Sid
Ec-Rule-Version
X-IPS-LoggedIn
X-VC
X-Tx-Id
X-Nf-Request-Id
Pics-Label
X-Edge-Pop
X-Datadome
X-Akamai-Transformed
X-ZONE
Request-ID
X-Tb-Optimization-Total-Bytes-Saved
Ssr
X-Newrelic-App-Data
X-Presslabs-Stats
X-ND-Cache
My-App
X-Req
X-B3-SpanId
X-Cs
X-NGINX-Cache
X-Via-Popv
X-Via-Popn
X-Refresh
X-Lambda-Id
X-Via-Poph
X-Generated-In
X-B3-Spanid
X-WA-Info
Cache-Tv-Group
Env
X-Via-NSCOPI
Fastcgi-Cache-TTL
CacheControlHeader
True-Client-Country-4JS
Server-ID
X-Servedbyhost
X-GG-Cache-Date
X-Session-Fingerprint
X-Wa
X-EC-Lua
X-PX
X-Op-Id-All
X-Origin-Expires
X-Pod-Name
X-ID
X-Rebelmouse-Surrogate-Control
X-LB-ID
X-Release
X-Rebelmouse-Cache-Control
GeoIp-Country-Code
SID
X-Fastly-Cache
X-TX-ID
X-Vc
Cache-Hits
X-Fpc
X-Trace-ID
True-Client-IP
X-Xrds-Location
Hostname
X-Zone
X-CACHE-AGE
X-CSRF-TOKEN
X-Webkit-CSP-Report-Only
X-NWS-UUID-VERIFY
X-TH-Server
X-GeoIP-Country-Code
WWW-Authenticate
X-VCL-Version
X-GeoIP-Region-Code
X-Buckets
X-CACHE-KEY
X-Date
Resin-Trace
X-Ig-Push-State
X-MSEdge-Flight
X-MSEdge-Features
X-Accel-Expires-Debug
X-Cache-Date
X-RAMCache
X-TRACE-ID
X-Srv
X-Endurance-Cache-Level
X-DC
X-HS-Status
X-Conf
X-NC
X-Old-Content-Length
X-Microcachable
X-Dmc
CDN
X-Vcl-Version
X-RateLimit-Reset
X-CS
Powered-By
Fastly-Drupal-Html
Tcn
X-MCACHE
X-Varnish-Beresp-TTL
True-Client-Ip
X-Location
Magicmarker
X-Webstats-RespID
X-API-Version
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Akamai-Pragma-Client-IP
Section-Io-Origin-Status
Path
X-Lb-Id
Section-Io-Id
X-Datacenter
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Check-Cacheable
X-CLOUD-TRACE-CONTEXT
Yjs-Id
X-Geo
X-Cache-Ttl
X-LiteSpeed-Cache-Control
GeoIP-Country-Code
X-Alfa-Service
X-FPC
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Director
X-Esi
X-DataCenter
X-Be
X-WA
X-Mly-Id
Proxy-Connection
X-Vercel-Cache
FSS-Cache
X-Via-CDN
X-Vercel-Id
X-Test
ENV
X-Hyper-Cache
Lb
M-TraceId
X-ServedByHost
X-HA-Backend
Server-Id
X-Response-By
X-Cache-Backend
Cdn
X-Server-IP
Pramga
User-Agent
X-Micro-Cache
X-Cache-Expires
X-Cc-Via
X-Dw-Trace-Id
X-Cdn-Forward
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-CF-Lambda-Version
X-ApacheServer
X-We-Are-Hiring
Uri
X-M-Reqid
X-M-Log
X-Client-Ip
X-CF-Lambda-Fn
X-PERF
HIT
YJS-ID
X-Edge-POP
X-AIR-PT
X-Service-Response-Time
Sm-Log-Id
X-Traceid
X-FL-EDGE
Locid
Swift-Performance
XM
X-Info
X-Frame-Option
X-Instance-Name
Location
Srvid
X-From
X-Li-Fabric
Geoip-Latitude
X-TrackingId
X-Qnm-Cache
X-Li-Pop
X-LI-UUID
X-LI-Proto
Dnion-Transfer-Encoding
X-LiteSpeed-Tag
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-TT-LOGID
X-App
Tracecode
X-UA
X-RSL
X-RPS
X-DW
X-DSS
X-Air-Trace-Id
X-RPM
N-Cache
PFcat
CountryCode
XServer
X-HN
X-DI
X-Air-Hostname
Nginx-CQVIP
X-VarnishDD-TTL
X-Air-Source
CF-Cached-On
X-Platform
C-Via
X-DB
Ohc-File-Size
PICS-Label
X-Fastly-Backend-Reqs
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Cdn-Request-ID
X-Conten-Type-Options
Esi-Enabled
X-Oss-Server-Time
X-HostName
Vha6-Origin
X-Cache-Proxy
Cneonction
X-Request-Url
Timeexpire
X-Fastly-Cache-Hits
X-CF-Powered-By
X-Platform-Processor
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Lb-Nocache
X-Platform-Cluster
X-Oss-Storage-Class
Wpo-Cache-Message
X-Platform-Router
Wpo-Cache-Status
NtCoent-Length
X-Oss-Object-Type
Cache-Key
X-Litespeed-Cache-Control
X-Cache-Ngx
Wp-Super-Cache
Warning
X-Ips-Loggedin
X-Air-Pt
X-Newegg-Index
X-Nerd
X-Newegg-Flow
X-Keep
X-LbNode
X-NFL-Dma
X-Loadbalancer
X-Matched-Rule
X-MTS-Cache
X-Matome-Cached
X-N-OperationId
X-Onedio-Env
X-PageType
X-Origin-Ops
X-OVcl
X-OVcl-Cache
X-Okws-Version
X-Odoo-Frontend
X-NS-Authorization
X-Ntj-Investigation-Id
X-NXG
X-Nyt-Data-Last-Modified
X-NFL-Geo
X-F-Status
X-Eventloop-Lag
X-ETag
X-Farm
X-Fastly-Is-Edge
X-Fstrz
X-Ee-Generated-By
X-Eid
X-Ee-Request-Date
X-Ee-Origin
X-Paywall
X-Ee-Request-Id
X-Full-Ttl
X-GG-Cache-Status
X-IBD-SID
X-Is-SSL
X-Ittl
X-Kebab
X-IBD-Cache
X-Header-Sub
X-Git-Commit
X-Global-Transaction-ID
X-GoCache-CacheStatus
X-Group
X-Kebabable
X-User-Auth
X-V2-Infrastructure
X-Utime
X-Vary-Devices
X-Ver
X-Wag-Acs
X-Edge-IP
X-Upstream-State
X-Toujours-Debout-Location
X-Tried-To-Kebabify
X-True-Client-Ip
X-U-Cache
X-Waitingroom
X-Web-Hosting
X-Fastly-Country-Code
X-B3-Parentspanid
X-Request-URL
Create-Date
X-LAGOON
XV-H
XV-Cache
X-WP-Bypass
X-WSR2
X-Xms-Page-Cache-Actions
X-YSpaceId
X-Toujours-Debout-Branch
X-Timestamp
X-Request-Origin
X-Render-Time
X-Route
X-Route-Akamai
X-Ruby
X-Render-Method
X-Redis
X-PGF-Deflate
X-Pver
X-R-Cache
X-Reboot
X-Save-Cache
X-Server-L
X-Stack-Name
X-SSLProxy
X-SVR-IIS
X-Svr-Proxy
X-Test-Nginx-Ingress
X-Square
X-SMP-JWT
X-ServiceName
X-Sh
X-Site
X-Slack-Shared-Secret-Outcome
X-PG-ACCESS
X-AspNetWebPages-Version
NLCacheNote
Nikkei-App-Version
Npm-Cost
Npm-Remaining
Ns-Ua
Ns
NB-ESI
Joe-X
H1
Ec-Policy-Id
HServer
HTTPProtocol
Is-Https
Ok-Cache-Status
OK-Edge-Date
Scheme
Rt-Proxy-Cache
Selected-Route
Served
Service-Uuid
Request-Uuid
Region
Origin-Site
Ok-Edge-Key
Panzer-Cache-Control
Proxy-Cache
RawURL
Deeplink
CMS-200
On-Server
X-B3-ParentSpanId
X-Mg-Cache
Hit
Fastcgi-X-Cache-Version
WZWS-RAY
DynaTrace
Req-ID
Fastcgi-Cache-Ttl
SRV
X-PAYTM-SRV-ID
X-CUA
X-ElasticPress-Query
X-Yottaa-OS
Cf-Device-Type
Cdn-Country-Code
Cf-Locale
Cf-Wrk
Cluster-Host
Cachekey
Cache-Stat
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Serial
X-Th-Server
Akamai-X-Url
SFRVia
Shieldsquare-Response
X-Cache-IsMobileDevice
X-Cache-Cookie
X-Cache-Length
X-Cache-NPR
X-Cache-ReqUri
X-Cache-Reason
X-BeanStalkStage
X-BeanStalkRole
X-ARRRG1
X-Arena-Request-Id
X-ASF-Cache
X-Backend-TTL
X-Backside-Transport
X-Cache-Response
X-CacheVersion
X-Dehri-Date
X-Dcm-Pdtf
X-Delivery
X-Developed-By
X-Doge
X-Container-Uri
X-Colour
X-CDN-Pop-IP
X-CDN-Pop
X-Cf-Node-Idx
X-Cms-Device
X-Coindesk-Cache
X-Ar-Stats
X-Apache-Server
TWC-PATH-LOCALE
TWC-AK-Req-ID
TWC-Subs
TWC-Unit
Uniqueid
Ttl
Time-Cloud-Cache
Store-Cloud-Cache
SII
Sw
T-Request-Id
Technodrome
Userver
Vttl
X-Akamai-DeviceOS
X-Akamai-CacheKeyMod
X-Akamai-DeviceType
X-Akamai-Native
X-Amz-Meta-Cb-Modifiedtime
X-AEO-Platform
X-Accor-Asset
X-77-NZT-Ray
X-77-NZT
X-Accel-Version
X-Accepted-Fulllang
X-Accepted-Language
X-DT-Node