Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
Alt-Svc
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
X-XSS-PROTECTION
Server-Timing
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Robots-Tag
X-Backend
X-Cache-Group
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
X-Rq
X-Server-Powered-By
X-Age
Allow
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
EagleId
X-Amz-Version-Id
X-Dispatcher
Grace
X-LiteSpeed-Cache
P3p
Cf-Apo-Via
Nel
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Accept-CH
X-Pingback
X-Node
X-Host
X-Server-Id
X-OneAgent-JS-Injection
Surrogate-Control
X-Backend-Server
X-CST
X-Readtime
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Cache-Lookup
Permissions-Policy
X-Content-Security-Policy-Report-Only
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
X-Response-Time
X-Edge
X-HW
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Ua-Compatible
Content-Location
X-Mod-Pagespeed
X-Clacks-Overhead
X-Url
X-Midtier
X-Oneagent-Js-Injection
X-ECACHE
Rating
X-ESI
X-Ruxit-JS-Agent
X-Amz-Server-Side-Encryption
X-Mcache
X-Country
Xkey
X-Litespeed-Cache
X-Upstream
X-PC
X-Vname
X-TtlSet
X-Vcap-Request-Id
Cache-Tag
X-D2id
X-Rack-Cache
X-MS-InvokeApp
X-Exp-Id
Verso
X-Cdn-Fetch
X-Element-Page-Cache
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Ruxit-Js-Agent
X-Cache-TTL
Edge-Control
Fastly-Restarts
RTSS
X-Powered-By-Plesk
X-VARITI-CCR
Origin-Trial
X-Ac
X-Content-Type
X-Navigation-Version
Accept-Ch
X-Abt-Application-Version
X-Cached
X-Goog-Hash
X-Ttl
Service-Worker-Allowed
X-WebKit-CSP-Report-Only
X-Country-Code
X-GitHub-Request-Id
X-Middleton-Display
X-Amz-Rid
X-Sol
Pagespeed
Display
X-Browser-Type
X-Mg-S
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Server-Name
Cross-Origin-Opener-Policy
X-Varnish-TTL
X-B3-TraceId
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Powered-CMS
AR-PoweredBy
Response
AR-SID
X-Middleton-Response
AR-Request-ID
AR-ATIME
X-Amzn-Trace-Id
SPIisLatency
SPRequestDuration
X-Cache-Key
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-Version
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Cnection
X-Times
X-Accel-Expires
X-T
Cache-Tags
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Front-End-Https
X-NF-Request-ID
Cache-Status
X-Fastcgi-Cache
Edge-Cache-Tag
X-MSEdge-Ref
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Px
X-Ser
X-Hits
Public-Key-Pins
Nginx-Cache
X-Client-IP
X-Recruiting
X-Ua-Device
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-NWS-LOG-UUID
X-B3-Traceid
X-LLID
X-Request-Received
X-Request-Processing-Time
X-Frontend
Server-Node
X-RateLimit-Remaining
X-Shield-Request-Id
X-Webkit-CSP
Payment
X-Ua-Browser
Access-Control-Request-Method
X-Kinja-CCPA
X-DIS-Request-ID
TP-Cache
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Goog-Metageneration
X-RateLimit-Limit
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
MicrosoftSharePointTeamServices
S
X-HS-Hub-Id
TP-L2-Cache
X-LB-Cache
X-Content-Digest
X-FastCGI-Cache
X-Distributor
Content-MD5
Realpath
X-Request-Handler-Origin-Region
X-Microsite
X-Geo-Country
X-Hostname
X-Webkit-CSP-Report-Only
X-Ezoic-Cdn
X-FB-Debug
X-Page-Id
Access-Control-Allow-Method
X-Forwarded-For
X-GUploader-UploadID
X-Ratelimit-Remaining
Fastcgi-Cache
Accept-Charset
X-Cluster-Name
X-Correlation-Id
X-Protected-By
X-Rid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-PressLabs-Stats
X-Envoy-Decorator-Operation
X-Seen-By
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-XRDS-Location
X-B3-Sampled
Cleartype
TCN
DC
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Newrelic-App-Data
X-Ratelimit-Limit
Referer-Policy
X-Origin-Server
X-Debug-Info
X-Mobile
X-Webkit-Csp
X-Varnish-Backend
Cross-Origin-Resource-Policy
X-Aspnet-Version
X-Git-Hash
X-Logged-In
X-Origin-Cache
X-Azure-Ref
X-Contextid
X-Varnish-Grace
X-Server-ID
X-Kinsta-Cache
X-Edge-Location-Klb
Alternate-Protocol
X-Providence-Cookie
X-Revision
X-Is-Crawler
X-Request-Guid
X-Flags
X-App-Environment
X-Amz-Replication-Status
Surrogate-Key
X-Fb-Rlafr
X-Route-Name
X-Grace
X-Aspnet-Duration-Ms
X-Content-Options
X-TT
Count-Hit
Healthy
X-Amz-Meta-S3cmd-Attrs
X-IPS-LoggedIn
X-Client-Ip
X-Wix-Request-Id
X-Forwarded-Proto
X-Whom
X-App-Server
Frame-Options
X-Hosted-By
X-TTL
Charset
X-Akamai-Edgescape
WPO-Cache-Status
WPO-Cache-Message
MS-Author-Via
Viewport
Filterid
X-Daa-Tunnel
Paypal-Debug-Id
X-Id
X-Magnolia-Registration
X-B
X-Backend-Name
Retry-After
Section-Io-Cache
Amp-Access-Control-Allow-Source-Origin
X-F-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Activity-Id
SRV
X-Cache-Control
X-Az
X-AppVersion
X-Trace-Id
X-Www-Served-By
X-Proxy-Cache-Info
X-Cache-Age
Server-Name
X-Type
Refresh
X-App-Version
X-Oracle-Dms-Ecid
X-Varnish-Server
X-Instance
X-Proxy
X-Original-Request-Id
X-Response-Served-From
X-Rule
X-Http-Reason
X-ARC
SD-X-WS
X-Cache-Rule
Host
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Oracle-Dms-Rid
Akamai-GRN
Protected
X-EdgeConnect-Cache-Status
Version
X-Status
X-Rocket-Nginx-Serving-Static
X-RateLimit-Reset
X-Edge-Location
X-User-Agent
X-Varnish-Age
X-UUID
Front
X-Cache-Grace
X-Akamai-Request-ID2
X-L-Path
X-Page-View
X-Unique-Id
X-Jobs
X-Rendered-As
X-Region
X-FW-Type
X-Environment-Context
X-Framework
X-Cacheable-TTL
From-Origin
Fastly-SIE
X-FW-Dynamic
X-FW-Hash
X-N
X-FW-Version
X-FW-Static
X-FW-Server
X-FW-Serve
X-Is-Bot
Fastly-SWR
X-COUNTRY
Access-Control-Request-Headers
X-Cache-Time
X-Adobe-Loc
X-Adobe-Content
X-G
X-ProcessESI
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-RemovedCookies
X-Tumblr-User
ServerID
X-Time
X-Source
X-Upgrade-Enabled
X-Load-Cache
X-Varnish-Ttl
Country
X-Language
Content-Disposition
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Drupal-Cache-Tags
X-CDN-Forward
X-Vcache
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-HTML-Minification-Powered-By
X-DataDome
Accept-Language
X-Datadog-Sampled
X-Tt-Trace-Tag
X-Amzn-Remapped-Content-Length
X-Mg-Request-UUID
X-Tt-Trace-Host
X-Debug-IsConnected
X-Debug-IsPreview
X-DynaTrace
X-Nf-Request-Id
X-ID
X-Generated-By
Countrycode
X-DynaTrace-JS-Agent
X-ECache
Xet-Cookie
X-B3-SpanId
Backend
Liferay-Portal
X-WP-CF-Super-Cache-Cache-Control
X-B-Cache
X-Signature
CF-IPCountry
X-WP-CF-Super-Cache
Webserver
Xserver
X-Nginx-Cache
X-Httpd
X-Tt-Logid
X-Erf-Web-Scheduler
X-Mode
X-Device-Type
X-NYM-Debug-Backend
X-Drupal-Cache-Contexts
X-Servername
X-Content-Powered-By
X-Zen-Fury
X-Content-Age
Url
X-Xrds-Location
Fastcgi-Useragent
X-Proto
X-Sucuri-ID
Locale
Azure-RegionName
X-Rewrite-Enabled
Load-Balancing
X-Sucuri-Cache
X-Tb
GEO-INFO
Filters
X-Say-Cacheable
X-Git-Commit
X-JoinUs
X-GeoCountry
X-GeoCode
Azure-InstanceId
X-Cache-Operation
X-LAGOON
X-Say-TTL
Azure-Version
X-SayCDN-TTL
Azure-SlotName
Azure-SiteName
X-SaId
Meta-Geo
Onion-Location
X-Varnish-Cache-Hits
X-Urbn-Context-Path
X-UPSTREAM-Address
S-Rt
X-Urbn-Site-Id
X-Cache-Action
X-Director
X-ServerID
X-Container-Uri
Uber-Trace-Id
X-VC-Cache
X-PHP-Host
X-Labrador-Cache-Channel
X-Varnish-Hostname
X-Forwarded-Host
X-Soup
X-RM-Cache-TTL
X-Cluster-Node
X-Ms-Request-Id
CDN-RequestId
X-Sql-Duration-Ms
X-Served-From
X-Generation-Time
Web-Mar-Node
X-Ms-Version
X-Logging-Id
X-VCT
X-Cache-Server
X-Detected-As
X-Adobe-Source
X-Storage
X-Sql-Count
X-Extlb
Webcakes-App-Name
Node
Mn-Server-Ip
Webcakes-Region
Webcakes-App-Version
X-Debug
X-FB-TRIP-ID
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Locale-Group
TWC-Connection-Speed
TWC-Privacy
DB-Nickname
Property-Id
X-Origin-Hint
X-Proxied
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Skip-Cache
X-Zipkin-Id
X-Routing-Service
X-Tumblr-Pixel-2
X-Uri
X-LSADC-Cache
Selected-Fe
X-Tumblr-Pixel-3
X-Timing-Wait
X-Fetched-On
X-Proxy-Build
X-Format
X-Lambda-Id
OT-Force-Account-Verify
Fastly-Drupal-HTML
X-MP-GENERATED-AT
Source
X-Ratelimit-Reset
X-Origin-Date
X-Template
X-XRDS-LOCATION
X-MCACHE
X-Cache-Expired-At
X-Tncms
X-Loop
X-Cache-Hit
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Varnish-Hits
X-Via-JSL
X-Pass-Why
X-Endurance-Cache-Level
Content-Secure-Policy
X-Cache-TTL-Remaining
X-Redis-Cache
X-NGENIX-Cache
X-Ua
X-UA-Device-Type
X-Srv
Upgrade-Insecure-Requests
X-Node-Name
X-Pubstack
X-Fastly-Request-Id
Cross-Origin-Window-Policy
X-AIR-PT
X-Real-IP
X-Origin-TTL
X-Origin-CC
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Hcs-Proxy-Type
X-Server-W
Section-Origin-Responded
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Section-Io-Origin-Status
X-GEO
NGB
Cache-Hits
X-PHP-Backend
X-S
X-CACHE-AGE
X-Cache-Host
Cache-Provider
X-Rn-Rsrv
MS-CV
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-PullZone
CDN-Uid
Cache-Name
CDN-Cache
CDN-EdgeStorageId
X-RTag
CDN-RequestPullSuccess
Ms-Operation-Id
CDN-CachedAt
X-Reqid
X-Hl-Ver
X-Restarts
X-TimeS
X-IPLB-Instance
Apigw-Requestid
X-Aspnetmvc-Version
X-IPLB-Request-ID
X-Xfnlog-Site
X-Cache-Type
X-Presslabs-Stats
X-Cms-Context
X-Optimistic-Header
X-Datadome
X-Akamai-Transformed
X-CSRF-Token
X-TA-CDN-Provider
X-BYPASS-REASON
X-ProxyCache-Status
X-No-Session
X-ProxyCache-Key
X-Newrelic-Synthetics
X-Parent-Response-Time
X-Vdms-Version
Vix-Hermes-Req-Id
X-VG-WebCache
VNS-Age
X-Wikidot-Static-Cache
X-Wix-Viewer-Type
X-Wikidot-Backend
X-We-Are-Hiring
X-Vtex-Remote-Cache
X-Viewer-Country
We-Hiring
X-Var-Ttl
X-A-Dgt
X-A-Wwc
X-Accel-Buffering
X-Accel-Expires-Debug
X-A-Dcw
X-A-Dam
True-Client-Country-4JS
X-Vdms-Path
Web-Mar-Region
X-A
X-A-Ccd
VNS-Cache
Surrogated-Key
Gh-Request-Id
Gannett-Cam-Experience-Id
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
L
Fastly-SSL
Fastly-GeoIP-CountryCode
CPC-Age
Candidate-Md5Url
CPC-Cache
DCR-Decision-By
Fastly-Backend-Name
DCR-Processing-Time-Ms
Lang
Magicmarker
Rendered-Blocks
Redirect-Candidate
Server-Host
Sslversion
X-Worker
X-Aed
Odigeo-Trace-Id
Ngx.Var.Host
Mail-Subject
Xc-Version
MD5-Digest
Meta-Geo-Continent
N-Cache
T-Server
X-BCube-Filmed-By
X-External-Request-Id
X-Eu-Site
X-Fastly-Backend
X-FC-Vary-Parameters
X-Forwarded-Path
X-Request-Host
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Developer
X-Destination
X-Dispatcher-Number
X-Ec-Custom-Error
X-Ec-Fail
X-Gdpr
X-GeoIP-Country-Code
X-Nyt-Route
X-Orig-Expires
X-Mvc-Supplant-Cachable
X-JWT-State
X-Is-Gdpr
X-Origin-Time
X-Policy
X-Has-Esi
X-GeoIP-Region-Code
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Irp-Debug
X-Debug-Cache-Store
X-Rojux
X-Cache-Bucket
X-Bl-Debug
X-Shop-Environment
X-Cache-Info
X-Cache-NE
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Bc-Bl
X-B-Cookie
X-TIM-N
X-Tenant
X-SRCache-Key
X-CacheTTL
X-SD-PageType
X-D
X-S-Cookie
X-Date
Canary
X-Debug-Cache-Fetch
X-Csrf-Jwt
X-Conf
X-CF-Lambda-Fn
X-Cdn-Diag
X-CF-Lambda-Version
X-CGP
X-ScT
X-Application
W
X-Via-Fastly
BehaviorPad-Version
X-LJ-Flow-ID
X-Cluster
X-AWS-Id
X-VWS-Id
X-Section
X-Access
X-TIME
X-Generated-On
X-DPWN-IS-SECURE
X-Forwarded-Site
X-Geo-Header
X-Fmm-Version
X-Hash
X-Level-Front-Cache
X-Loc
X-Mid
X-Proxy-Cache-Status
X-INCAP-ABP
X-Handled-By
X-DefHash
X-Human
X-Gzip
X-CMSURLCustom
X-App-Name
X-Auto-Login
X-BBC-Edge-Cache-Status
X-ApacheServer
X-Alternate-Cache-Key
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Bip
X-Cache-Debug
X-Mly-Id
X-Core-Mission
X-Core-Value
X-Clientip
X-Clara-WADP
X-Cache-Id
X-Cdn-Origin
X-DefElseHash
X-Old-Content-Length
X-Thinkindot-L3
X-Up
X-Variation
X-Thanos
X-Test
X-Storefront-Renderer-Rendered
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-VServer
X-WADP-Cache
X-App
X-Vmg-Version
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Varnishpool
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-PAYTM-SRV-ID
X-PERF
X-Platform
X-Owner
X-Origin-Response-Time
X-Node-Id
TDXMobile
X-Org
X-Pool
X-Qloud-Router
X-ShopId
X-Shopify-Stage
X-Sn-Servicetimems
X-ShardId
X-Server-IP
X-Request-Time
X-S-Maxage
X-Nitro-Cache
X-Esi-Check
Memcached
Adler-Geo
Cmstype
Machine
Platform
Producers
Origin
Expect-Staple
Environment
AKAMAI
Datacenter
Cmsid
Req-Svc-Chain
Is-Eu
Host-ID
Release
User-Cache-Control
Server-Hostname
X-Cdn-Srv
X-Device-Os
X-Gen-Mode
Apple-News-Services-Parsed-Url
CDCHOST
X-From
X-Hnp-Log
NM-Fastcgi-Cache
X-WA-Info
ServedBy
X-GeoIP
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Akamai-Device-Characteristics
Country-Code
Server-Ext
DSUID
X-Block-Status
Apple-News-Services-Host
Sever-Int
CloudFront-Viewer-Country
X-Nananana
X-Origin
X-Nginx-Cache-Key
X-NodeID
X-Mvc-Supplant-OutputCached
X-Scale
X-Dispatcher-Server
Esi-Enabled
X-Vcl-Version
X-Tx-Id
X-Cache-Enabled
Pics-Label
X-Op-Id-All
C-Via
Origin-CC
X-Instance-Name
Origin-EX
X-Web-Node
X-Refresh
Wxu-Next-Region
X-LB-NoCache
Server-Info
Ssr
Wxu-Next-Hostname
X-NCache
WP-Super-Cache
Wxu-Next-Commit
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
Time
X-Cs
Server-ID
X-Azure-Ref-OriginShield
Memory
X-Amz-Meta-Cb-Modifiedtime
Hostname
X-HA-Backend
X-API-Version
X-ZONE
NGX
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
Origin-Agent-Cluster
X-Origin-Expires
Cf-Device-Type
X-URL
Cache-Host
X-Microcachable
GeoIP-Latitude
X-Cache-Status-Check
AMP-Access-Control-Allow-Source-Origin
X-Correlation-ID
X-VHOST
X-Tb-Optimization-Total-Bytes-Saved
XM
X-CACHE-GROUP
X-DC
X-Site-Version
X-Locale
PFcat
X-HN
X-VarnishDD-TTL
X-Dc
X-Wp-Cf-Super-Cache-Active
X-Ad-Defer-Variation
Resin-Trace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Fpc
X-Via-Edge
A
Edge-Copy-Time
Srvid
X-Micro-Cache
X-Vgn-Hpd-Reason
X-Webkit-Csp-Report-Only
Locid
X-Via-SSL
X-FL-QIT-DEBUG
X-FL-EDGE
X-Internal-Host
X-Via-CDN
YJS-ID
Cdn-Requestid
X-Zone
X-WP-CF-Super-Cache-Active
X-Upstream-Ct
X-Pod-Name
X-ATG-Version
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-FireWall-Port
X-Github-Request-Id
X-DataCenter
X-Upstream-Ht
X-TraceId
Sid
X-Moov-T
X-Moov-Xdn-Version
Uri
User-Agent
X-AB
IsBot
Cache-Key
X-SIPLIST1
X-Varnish-Authentication
X-Cached-By
X-Buckets
Location
X-LiteSpeed-Cache-Control
X-Info
X-B3-Parentspanid
True-Client-Ip
X-Geo-Region
X-B3-Spanid
X-Backend-Instance
GeoIP-Country-Code
X-Nitro-Rev
X-HS-Content-Campaign-Id
X-Accel-Version
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
GeoIp-Country-Code
X-Nitro-Cache-From
State
X-FTR-Request-ID
X-Platform-Server
X-NGINX-Cache
X-Planisys-CDN-Cache
X-LiteSpeed-Tag
SID
X-Provided-By
X-Release
X-Fastly-Cache
X-MSEdge-Flight
X-CSRF-TOKEN
X-MSEdge-Features
X-CS
CF-Ctrl
X-VCache
True-Client-IP
X-Sigma-Backend
XServer
Cdn
X-Sigma
X-Rocket-Build-Number
X-Is-Tablet
X-Is-Mobile
X-Cache-Remote
X-VC
X-Browser-Name
X-Datacenter
X-Tcp-Rtt
X-RN-RSRV
X-Is-Desktop
NtCoent-Length
X-Is-Supported-Browser
X-NewRelic-App-Data
Cache
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
Path
Lb
X-Geo
X-Api-Version
X-GeoIP-City
X-SRV
X-HS-Status
X-Generated-In
X-Hyper-Cache
X-TRACE-ID
X-Gamma-Serve
X-Scheme
Epwk-X-Cache
CountryCode
X-FPC
Fastly-Drupal-Html
Tcn
X-HostName
Cache-Tv-Group
Ohc-File-Size
X-GoCache-CacheStatus
X-Frame-Option
X-Service
X-Webstats-RespID
Cf-Ipcountry
Serverid
X-APP-VERSION
X-UA
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Kp-EeAlive
X-Air-Pt
X-Esi
Cdncip
X-Amz-Meta-Opti
Cdnsip
X-AK-Request-ID
X-Guploader-Uploadid
Srv
X-Traceid
X-Wp-Cf-Super-Cache-Cache-Control
WebServer
X-Cache-Ttl
HostName
X-Wp-Cf-Super-Cache
X-Location
X-Branch-Name
X-Mobile-URL
LB
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-EC-Lua
Env
X-Men
X-Aicache-OS
Ohc-Cache-HIT
X-Vercel-Cache
X-Pad
On-Server
X-Vercel-Id
X-Region-Sid
CacheControlHeader
XkeyRZ
WZWS-RAY
Cdn-Host
X-Developers
X-Vc
X-Cdn-Cache-Status
X-Proxy-CacheRZ
X-Edge-Server
Cdn-Request-Time
X-Cache-Tags
Proxy-Connection
Yak-Timeinfo
X-Origin-Cache-Key
CDN
X-VCL-Version
X-CACHE-KEY
X-TX-ID
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Backend
Geoip-Latitude
X-Akamai-Pragma-Client-IP
X-FTR-Cache-Status
X-FTR-Balancer
Req-ID
M-TraceId
X-NMSegId
X-Cache-FS-Status
X-LB-ID
X-CDN-Cache-Status
X-B3-Trace-ID
X-Cdn-Request-ID
Mime-Version
X-Minions-Version
X-SB
X-Req
X-Nc
X-Acquia-Purge-Cdn-Unconfigured
Click-Count-Action-Start
Tube-Get-Contents
RNT-Time
RNT-Machine
Click-Count-Error
Tube-Got-Eval
V-Age
Tube-Return
Tube-Got-Results
X-Servedbyhost
X-Cdn-Forward
X-Wa
Ngx
X-NWS-UUID-VERIFY
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-Edge-Pop
X-V-Cache
X-Lb-Cache
X-Ha-Backend
X-Fastly-Country-Code
Server-Id
X-WP-CF-Super-Cache-Cookies-Bypass
WWW-Authenticate
CF-Cached-On
Content-Style-Type
ENV
Cluster
X-Ad-Load-Variation
Content-Script-Type
X-TT-LOGID
X-Snapshot-Date
X-MiniProfiler-Ids
PICS-Label
X-Lb-Nocache
X-Check-Cacheable
X-IN-APIGATEWAYSSL
X-M-Reqid
X-Edge-POP
X-Acquia-Application-UUID
X-M-Log
X-Via-Ucdn
X-User
X-Request-Start
X-Acquia-Application-Trace
X-Scope-Id
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-Acquia-Site
X-Acquia-Purge-Tags
Pramga
Yjs-Id
X-Request-URI
X-Shield-Cache-Expires
X-Qnm-Cache
X-Ckpd-Fst-Backend
X-TH-Server
X-Processor
Vha6-Origin
X-Fastly-Cache-Hits
Inserted-Into-Cache-At
X-Fastly-Backend-Reqs
CACHE-MISS-TO-ORIGIN
X-Cached-Since
X-ElasticPress-Query
X-RAMCache
X-Miniprofiler-Ids
X-APP
X-Iauth-Set-Uid
X-Litespeed-Cache-Control
Log-Origin
Cneonction