Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-Id
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-CDN
X-AspNetMvc-Version
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
EagleId
X-Cache-Group
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
Accept-CH
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Device
Cf-Apo-Via
Cf-Railgun
X-Server-Id
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Dns-Prefetch-Control
Surrogate-Control
EagleEye-TraceId
X-Backend-Server
Request-Id
X-Readtime
X-Cache-Lookup
X-Ruxit-JS-Agent
X-HW
Accept-CH-Lifetime
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
X-CST
X-WebKit-CSP-Report-Only
Content-Location
X-Content-Type
X-Country
X-Mcache
Accept-Ch-Lifetime
X-Url
X-ECACHE
X-MS-InvokeApp
X-Clacks-Overhead
Rating
X-Midtier
X-Amz-Server-Side-Encryption
X-PC
X-TtlSet
X-Vname
X-Litespeed-Cache
X-VARITI-CCR
RTSS
Cache-Tag
X-Vcap-Request-Id
X-B3-TraceId
X-D2id
X-Element-Page-Cache
Origin-Trial
Verso
X-Server-Name
X-Ac
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Rack-Cache
X-ESI
X-Varnish-TTL
X-Cnection
Service-Worker-Allowed
X-Powered-By-Plesk
X-Cache-TTL
X-GitHub-Request-Id
X-Ttl
Xkey
X-Navigation-Version
X-Client-IP
X-Abt-Application-Version
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-NWS-LOG-UUID
Edge-Control
X-Cached
Arr-Disable-Session-Affinity
X-Px
X-Mg-S
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
SPRequestDuration
SPIisLatency
X-Upstream
X-Fastcgi-Cache
X-Cache-Key
X-Correlation-Id
Content-MD5
X-Middleton-Display
Pagespeed
Display
X-Sol
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-Goog-Hash
Front-End-Https
X-Country-Code
X-Daa-Tunnel
X-Forwarded-For
X-Version
Public-Key-Pins
X-RateLimit-Remaining
X-XRDS-Location
AR-ATIME
AR-Request-ID
AR-SID
AR-CACHE
AR-PoweredBy
X-Powered-CMS
TCN
X-Id
X-HP-Trace-Id
X-Jurisdiction
X-T
X-Recruiting
X-HP-Webp
X-MSEdge-Ref
X-Content-Digest
X-Accel-Expires
Response
X-Middleton-Response
X-Shield-Request-Id
X-Ser
TP-Cache
X-B3-TraceId-Primal
TP-L2-Cache
MRF-Tech
Mrf-Cache-Status
X-Amzn-Trace-Id
Nginx-Cache
X-Fastly-Request-ID
S
X-Request-Received
X-Request-Processing-Time
Server-Node
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Hits
X-Distributor
Cache-Status
MicrosoftSharePointTeamServices
X-Kinsta-Cache
X-Edge-Location-Klb
Cache-Tags
X-Ratelimit-Limit
Fastcgi-Cache
X-Grace
Alternate-Protocol
Server-Name
X-Ruxit-Js-Agent
X-Protected-By
X-Ezoic-Cdn
X-Origin-Server
X-DIS-Request-ID
X-LB-Cache
X-Ua-Browser
X-Ratelimit-Reset
X-Geo-Country
X-DataDome
X-Request-Handler-Origin-Region
X-Microsite
X-Frontend
X-Rid
X-Ratelimit-Remaining
Cross-Origin-Opener-Policy
X-Debug-Info
X-Varnish-Backend
X-Www-Served-By
Filterid
X-Git-Hash
Cleartype
X-Logged-In
Healthy
Payment
X-FB-Debug
X-NGENIX-Cache
X-Forwarded-Proto
X-Page-Id
X-Webkit-Csp
X-Load-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-ASPNET-VERSION
X-TEC-API-ORIGIN
Charset
X-LLID
X-B3-Sampled
X-FastCGI-Cache
Content-Disposition
X-Hostname
DC
X-Cluster-Name
X-Origin-Cache
X-VCache
X-TTL
MS-Author-Via
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Goog-Metageneration
X-GUploader-UploadID
X-PressLabs-Stats
X-Upgrade-Enabled
X-Proxy
Access-Control-Allow-Method
Retry-After
X-F-Cache
Accept-Charset
Cross-Origin-Resource-Policy
Paypal-Debug-Id
X-Az
X-Activity-Id
Realpath
X-AppVersion
X-Type
X-Amz-Replication-Status
X-Revision
X-Signature
X-B-Cache
X-Contextid
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Varnish-Server
X-Flags
X-Azure-Ref
X-Aspnet-Duration-Ms
Viewport
X-Seen-By
X-Hosted-By
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Amz-Meta-S3cmd-Attrs
X-Request-Guid
X-Fb-Rlafr
X-Whom
X-Wix-Request-Id
X-TT
X-ORACLE-DMS-ECID
X-B
X-App-Environment
X-ORACLE-DMS-RID
X-Aspnetmvc-Version
X-DynaTrace
Surrogate-Key
Count-Hit
X-Source
X-RateLimit-Limit
Referer-Policy
X-Language
X-Akamai-Edgescape
Amp-Access-Control-Allow-Source-Origin
X-App-Server
X-Template
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Mobile
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Cache-Control
Host
X-Oneagent-Js-Injection
X-Varnish-Grace
X-HTML-Minification-Powered-By
X-Cache-Rule
X-Magnolia-Registration
X-N
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Version
X-Original-Request-Id
X-Tumblr-User
X-Tumblr-Pixel
X-EdgeConnect-Cache-Status
X-Response-Served-From
X-Cache-Time
X-Varnish-Age
X-UUID
VIX-Pulpo-Upstream-Status
X-Cache-Expired-At
VIX-Pulpo-Node
X-Rule
X-RTag
Refresh
X-Envoy-Decorator-Operation
SD-X-WS
Ms-Operation-Id
Access-Control-Request-Headers
X-Cache-Status-Check
Section-Io-Cache
MS-CV
Protected
Akamai-GRN
X-Cacheable-TTL
X-Content-Powered-By
X-FW-Version
X-FW-Type
X-Adobe-Content
X-Status
X-L-Path
X-Jobs
X-ProcessESI
X-RemovedCookies
X-Framework
X-Environment-Context
X-Cache-Grace
X-Adobe-Loc
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Serve
X-Page-View
X-Device-Type
X-Servername
X-Rendered-As
X-Http-Reason
GEO-INFO
NGB
X-G
X-Instance
X-Is-Bot
X-NYM-Debug-Backend
Url
X-B3-Traceid
X-Backend-Name
SRV
X-User-Agent
X-Akamai-Request-ID2
X-Cache-Age
X-Trace-Id
X-Debug-IsPreview
Accept-Ch
X-Debug-IsConnected
X-COUNTRY
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Newrelic-App-Data
From-Origin
X-Nginx-Cache
WPO-Cache-Message
WPO-Cache-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Region
X-Cache-Hit
CDN-RequestId
Accept-Language
Front
X-Tb
Country
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Node-Name
X-Tt-Logid
X-Amzn-RequestId
X-Amz-Apigw-Id
Backend
Fastly-Drupal-HTML
X-Buckets
X-Content-Options
X-Real-IP
Fastly-SWR
Fastly-SIE
X-Unique-Id
X-Mode
Uber-Trace-Id
X-XRDS-LOCATION
X-VC-Cache
X-Zen-Fury
Content-Secure-Policy
X-Cache-Operation
X-DynaTrace-JS-Agent
X-Times
X-RN-RSRV
X-Rewrite-Enabled
X-Generation-Time
Filters
X-UPSTREAM-Address
X-Tumblr-Pixel-2
Meta-Geo
X-Web-Node
X-Cache-Server
X-Time
Webserver
Azure-RegionName
X-IPS-LoggedIn
Azure-SiteName
X-Rocket-Nginx-Serving-Static
Onion-Location
Azure-InstanceId
X-Proxy-Cache-Info
X-Amzn-Remapped-Content-Length
Azure-SlotName
CF-IPCountry
X-TIME
X-Format
Azure-Version
X-Section
X-Access
Webcakes-Region
X-PHP-Backend
X-Cms-Context
Apigw-Requestid
X-Locale
X-Cache-Host
X-Sql-Count
X-Adobe-Source
X-Debug
X-Cache-Action
X-Origin-Hint
X-Content-Age
X-Sucuri-Cache
Webcakes-App-Name
X-Skip-Cache
X-Server-W
Cache-Hits
Webcakes-App-Version
X-Reqid
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
X-Ua
Property-Id
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Varnish-Beresp-Grace
X-Say-TTL
X-Sql-Duration-Ms
X-Say-Cacheable
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Via-Fastly
X-Soup
X-Proxy-Cache-Status
X-Sucuri-ID
X-Fastly-Request-Id
X-SayCDN-TTL
S-Rt
Web-Mar-Node
ServerID
X-VWS-Id
X-Ms-Request-Id
X-Ms-Version
X-Proto
X-AWS-Id
X-LJ-Flow-ID
X-IPLB-Request-ID
X-BYPASS-REASON
X-Cluster
X-Cluster-Node
X-IPLB-Instance
X-ProxyCache-Key
X-ProxyCache-Status
X-Handled-By
X-GeoCountry
X-GeoCode
X-Forwarded-Host
X-Labrador-Cache-Channel
X-PHP-Host
X-R9-Blue-Green-Version
X-Site-Version
X-UA-Device-Type
X-Edge-Location
X-Cache-TTL-Remaining
Cache-Name
DB-Nickname
X-URL
Node
X-Proxied
X-Extlb
X-Detected-As
X-LSADC-Cache
X-LAGOON
X-Proxy-Build
X-JoinUs
X-FB-TRIP-ID
X-Routing-Service
X-No-Session
X-Webkit-CSP
ServedBy
X-Zipkin-Id
X-Urbn-Site-Id
X-Timing-Wait
X-Urbn-Context-Path
X-SaId
X-Xfnlog-Site
CDN-Uid
CDN-PullZone
Locale
CDN-RequestCountryCode
CDN-Cache
Cross-Origin-Window-Policy
Selected-Fe
Mn-Server-Ip
CDN-EdgeStorageId
CDN-CachedAt
WP-Super-Cache
Mime-Version
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Fastcgi-Useragent
Liferay-Portal
X-Optimistic-Header
X-SRV
X-Hl-Ver
X-CACHE-AGE
X-Request-Time
X-Tumblr-Pixel-3
Source
X-Cache-Debug
X-Redis-Cache
Xserver
X-Presslabs-Stats
X-Origin-Date
X-TNCMS
X-Loop
Upgrade-Insecure-Requests
CF-Cached-On
X-Generated-By
X-Mg-Request-UUID
X-Varnish-Hits
X-Uri
X-Akamai-Transformed
X-Director
X-TA-CDN-Provider
Countrycode
Xet-Cookie
X-GEO
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-ARC
X-Pass-Why
X-NWS-UUID-VERIFY
Frame-Options
X-Origin-CC
X-Tid
X-Origin-TTL
X-App-Version
X-FireWall-Port
X-Varnish-Ttl
X-Storage
X-Tx-Id
Cache-Tv-Group
X-Varnish-Cache-Hits
X-ECache
X-Service
X-DC
X-ShardId
X-Shopify-Stage
X-Varnish-Hostname
X-Storefront-Renderer-Rendered
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-RM-Cache-TTL
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Environment
X-Endurance-Cache-Level
X-Datadog-Sampled
X-ServerID
Sslversion
Req-Svc-Chain
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-Control
WWW-Authenticate
Rendered-Blocks
Thinkindot-CacheControl
T-Server
X-A
Surrogated-Key
Meta-Geo-Continent
Host-ID
X-A-Ccd
Lang
Gannett-Cam-Experience-Id
Edge-Cache
DCR-Decision-By
DCR-Processing-Time-Ms
Candidate-Md5Url
MD5-Digest
Origin
Redirect-Candidate
A
Odigeo-Trace-Id
Ngx.Var.Host
Memcached
BehaviorPad-Version
Release
X-Ec-GeoHdr
X-Nyt-Route
X-Mobile-URL
X-Origin-Time
X-Platform-Cluster
X-Platform-Processor
X-Vdms-Version
X-Mid
X-Generated-On
X-INCAP-ABP
X-Level-Front-Cache
X-Loc
X-Platform-Router
X-Processor
X-Served-From
X-SRCache-Key
X-Test
X-Thinkindot-L3
X-Vdms-Path
X-ScT
X-Rojux
X-S
X-S-Cookie
X-S-Maxage
X-VG-TLSProxy
X-Gdpr
X-BBC-Edge-Cache-Status
Xc-Version
X-Bc-Bl
X-BCube-Filmed-By
X-Cache-Info
X-B-Cookie
X-Application
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Aed
X-Cache-NE
X-We-Are-Hiring
X-TIM-N
X-Epic-Correlation-Id
X-External-Request-Id
X-Frame-Option
X-Ec-Fail
X-Developer
X-CMSURLCustom
X-Conf
X-D
X-Destination
X-A-Dam
X-Core-Value
Server-Info
X-Request-Host
X-AIR-PT
SID
X-Req
X-Akamai-Device-Characteristics
X-Ec-Custom-Error
X-SD-PageType
X-Cdn-Origin
X-Sn-Servicetimems
X-SB
X-Restarts
X-SVT-ORM-VERSION
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Human
Magicmarker
Server-Host
X-Thanos
X-Auto-Login
X-SVT-ORM-RULES
X-Pool
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
X-GeoIP-City
Tube-Return
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-HS-Content-Campaign-Id
Vix-Hermes-Req-Id
X-NodeID
X-Old-Content-Length
Ssr
X-Fmm-Version
X-Fetched-On
X-Platform-Server
State
X-Gamma-Serve
X-Geo-Header
X-Org
X-Origin-Response-Time
X-Developers
X-Varnish-Beresp-Status
Cache-Key
C-Via
X-Cache-Bucket
Apple-News-Services-Request-Url
X-CUA
X-Bip
CloudFront-Viewer-Country
Click-Count-Error
Cache-Host
X-DefElseHash
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Cdn-Srv
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-Location
X-Httpd
Apple-News-Services-Handled
AKAMAI
X-Core-Mission
X-Clara-WADP
Cluster
Click-Count-Action-Start
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-WP-CF-Super-Cache-Active
X-VServer
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-Vmg-Version
X-WA-Info
DSUID
X-Worker
X-DefHash
Country-Code
X-WADP-Cache
Section-Origin-Responded
Section-Io-Origin-Status
X-B3-Spanid
Section-Io-Origin-Time-Seconds
X-Parent-Response-Time
Section-Io-Id
X-Esi-Check
X-Ckpd-Fst-Backend
X-Hnp-Log
X-GeoIP-Region-Code
X-Gen-Mode
X-Fastly-Backend
X-Date
X-Dispatcher-Server
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-GeoIP-Country-Code
X-Device-Os
X-Gzip
X-Scale
X-Varnishpool
X-Wix-Viewer-Type
CacheControlHeader
X-Variation
X-Var-Ttl
X-Up
X-V-Cache
Gh-Request-Id
Kp-EeAlive
X-Hash
X-Pubstack
X-GeoIP
We-Hiring
Mail-Subject
NM-Fastcgi-Cache
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Nginx-Cache-Key
X-Node-Id
X-NCache
X-Nananana
X-Men
X-Minions-Version
X-Op-Id-All
X-Origin
X-Qloud-Router
X-Request-Start
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Owner
X-Planisys-CDN-Cache
X-LB-NoCache
X-Region-Sid
Svr
X-Ad-Defer-Variation
X-Accel-Expires-Debug
Adler-Geo
Is-Eu
Machine
Sever-Int
X-App
NGX
X-Accel-Buffering
Datacenter
Wxu-Next-Hostname
Wxu-Next-Commit
CDCHOST
Web-Mar-Region
Wxu-Next-Region
Cache-Provider
Cmstype
Cmsid
User-Cache-Control
X-Azure-Ref-OriginShield
L
X-Block-Status
Pics-Label
Origin-EX
Origin-CC
Server-Hostname
X-Cache-Backend
Server-Ext
X-Cache-FS-Status
X-Cache-Id
Platform
On-Server
Producers
X-Refresh
Canary
X-VarnishDD-TTL
X-Server-IP
PFcat
X-Cache-Tags
X-FC-Vary-Parameters
X-Platform
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Cache-Date
X-HN
Fastly-SSL
X-Forwarded-Site
X-CacheTTL
X-Webkit-CSP-Report-Only
X-CSRF-Token
Cdn
X-Via-Popv
X-Trace-ID
X-Via-Poph
X-Via-Popn
Ha-Gx-Prefs
X-Microcachable
HA-Ipaddr
X-Aicache-OS
X-Csrf-Jwt
X-Esi
X-Cache-Remote
X-CGP
X-Eu-Site
L5d-Success-Class
X-Mly-Id
X-Cached-By
HostName
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-HA-Backend
GeoIP-Latitude
Server-ID
X-Tb-Optimization-Total-Bytes-Saved
Load-Balancing
Env
X-RCS-CacheZone
X-VC
X-ZONE
Cdncip
X-AK-Request-ID
X-Fastly-Cache
Cdnsip
X-Nc
X-Origin-Expires
X-ND-Cache
X-Instance-Name
X-Fpc
Memory
X-DataCenter
X-LB-ID
X-HS-Status
Time
X-Response-By
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-Api-Version
X-Wa
X-Release
X-API-Version
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Zone
X-Vc
Srvid
X-FL-EDGE
Locid
Expect-Staple
X-From
X-Via-NSCOPI
X-Generated-In
X-FL-QIT-DEBUG
AMP-Access-Control-Allow-Source-Origin
Cache
X-Correlation-ID
X-CS
X-NGINX-Cache
X-Via-CDN
Eomportal-Instance
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-APP-VERSION
X-Cache-Enabled
X-Edge-Pop
X-Client-Ip
NtCoent-Length
Hostname
X-Via-SSL
X-Vgn-Hpd-Ssi
Edge-Copy-Time
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Via-Edge
Ngx-Var-Key
GeoIp-Country-Code
X-Check-Cacheable
X-Provided-By
X-Micro-Cache
X-Srv
X-NewRelic-App-Data
OT-Force-Account-Verify
X-CSRF-TOKEN
XkeyRZ
X-Proxy-CacheRZ
X-MCACHE
X-Debug-Cache-Store
X-Vcl-Version
X-Debug-Cache-Fetch
X-Amz-Meta-Cb-Modifiedtime
X-Lambda-Id
X-SIPLIST1
X-Request-URI
IsBot
X-Via-JSL
X-Dc
X-B3-SpanId
X-Nf-Request-Id
X-VCL-Version
X-Info
X-Air-Pt
Srv
X-Cache-NGX
True-Client-IP
Sid
Path
VNS-Cache
X-Render-Time
X-Vtex-Remote-Cache
True-Client-Ip
VNS-Age
CPC-Cache
CPC-Age
X-EC-Lua
Resin-Trace
Uri
X-Cs
X-TH-Server
X-VCT
Location
X-Server-ID
Request-ID
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Cache-Expires
X-Oss-Server-Time
X-Fastly-Country-Code
X-ATG-Version
X-Datadome
X-TX-ID
X-Varnish-Authentication
Servername
X-CLOUD-TRACE-CONTEXT
Fastly-Drupal-Html
YJS-ID
CDN
Cross-Origin-Opener-Policy-Report-Only
X-Edge-POP
Esi-Enabled
X-Contensis-Viewer-Groups
X-MSEdge-Features
X-MSEdge-Flight
X-Cache-ASPX
GeoIP-Country-Code
M-TraceId
X-Upstream-Ct
X-Upstream-Ht
X-Accel-Version
X-Cache-Type
Sm-Log-Id
X-Pod-Name
X-Moov-T
X-Moov-Xdn-Version
X-Scheme
Timeexpire
Traceparent
X-Service-Response-Time
X-Datacenter
X-PAYTM-SRV-ID
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cdn-Request-ID
X-Varnish-Beresp-TTL
X-WA
X-Geo
X-Viewer-Country
X-RateLimit-Reset
HIT
LB
X-ApacheServer
CountryCode
X-PERF
X-Lb-Id
X-FPC
X-Akamai-Pragma-Client-IP
RNT-Time
X-CDN-Cache-Status
RNT-Machine
N-Cache
X-SERVER-NAME
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Cdn-Cache-Status
X-Udemy-Cache-App-Namespace
X-NC
XServer
ENV
Proxy-Connection
X-NAPM-TraceId
X-CACHE-KEY
Server-Id
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Powered-By
Ohc-File-Size
X-Orig-Expires
X-Shop-Environment
X-Tenant
X-Forwarded-Path
X-Bl-Debug
FSS-Cache
Rip
X-TraceId
X-Dw-Trace-Id
X-ServedByHost
Geoip-Latitude
X-MP-GENERATED-AT
Epwk-X-Cache
X-LiteSpeed-Cache-Control
X-B3-Trace-ID
X-Cdn-Forward
X-Hyper-Cache
X-Amz-Meta-Opti
X-App-Name
X-Clientip
X-Policy
X-Ha-Backend
Tracecode
True-Client-Country-4JS
Yjs-Id
WZWS-RAY
V-Age
X-M-Reqid
X-M-Log
X-Lb-Nocache
Content-Style-Type
X-VG-WebCache
Content-Script-Type
Ec-Rule-Version
Cdn-Requestid
X-Fastly-Backend-Reqs
X-Acquia-Site
XM
X-B3-Parentspanid
X-Acquia-Purge-Tags
X-Serial
X-Via-PopV
X-Swift-Error
X-Via-PopN
X-B3-ParentSpanId
X-Vgn-Hpd-Reason
X-Rebelmouse-Cache-Control
Inserted-Into-Cache-At
X-Acquia-Application-Trace
User-Agent
X-Acquia-Application-UUID
X-Qnm-Cache
X-Rebelmouse-Surrogate-Control
X-Via-PopH
Ngx
X-F-Status
X-TT-LOGID
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
X-Webstats-RespID
Lb
X-Ramcache
X-RAMCache
Cneonction
X-MiniProfiler-Ids
X-UP
X-Request-URL
X-Mid-Debug-Cache-Key
X-Stale
X-Mid-Debug-Cache-Disk
X-Cache-Ngx
X-IPS-Cached-Response
X-LiteSpeed-Tag
X-Th-Server
My-App
MIME-Version
Warning
X-Snapshot-Date