Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
CF-RAY
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Dns-Prefetch-Control
X-Request-ID
X-Drupal-Dynamic-Cache
Feature-Policy
Server-Timing
X-Content-Security-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Request-Context
X-Turbo-Charged-By
X-Backend
X-Cache-Group
X-AH-Environment
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-UA-Device
X-Proxy-Cache
X-Vhost
X-Server
X-Rq
X-Server-Powered-By
Allow
X-Ws-Request-Id
X-Age
X-Dispatcher
X-Varnish-Cache
EagleId
X-Amz-Version-Id
X-LiteSpeed-Cache
P3p
Nel
Grace
Cf-Apo-Via
Cf-Railgun
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-Host
X-Node
Accept-CH
X-Cache-Lookup
X-CST
X-WebKit-CSP
X-Backend-Server
X-Server-Id
Surrogate-Control
X-Readtime
Permissions-Policy
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Request-Id
X-Application-Context
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Response-Time
X-HW
X-Ua-Compatible
X-Trace
Xkey
X-Ruxit-JS-Agent
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Rating
Accept-Ch-Lifetime
X-ESI
X-Midtier
X-Amz-Server-Side-Encryption
X-Url
X-ECACHE
X-Mcache
Cache-Tag
X-Country
X-MS-InvokeApp
X-Rack-Cache
X-Upstream
X-Powered-By-Plesk
X-D2id
X-Vcap-Request-Id
X-Exp-Id
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
Verso
X-Exp-Variant
X-Cdn-Fetch
X-Element-Page-Cache
Accept-Ch
Edge-Control
Service-Worker-Allowed
X-TtlSet
X-Vname
X-PC
X-Oneagent-Js-Injection
RTSS
X-Ac
X-Country-Code
Origin-Trial
X-Webkit-CSP
X-Goog-Hash
X-VARITI-CCR
X-Navigation-Version
X-Abt-Application-Version
Fastly-Restarts
X-Cache-TTL
X-Ruxit-Js-Agent
X-WebKit-CSP-Report-Only
X-GitHub-Request-Id
X-Varnish-TTL
X-Browser-Type
X-Cached
X-Amz-Rid
X-Kinja-CCPA
X-Litespeed-Cache
X-Aspnetmvc-Version
Cross-Origin-Opener-Policy
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Server-Name
X-NWS-LOG-UUID
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
SPRequestGuid
X-SharePointHealthScore
X-Content-Type
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
SPRequestDuration
SPIisLatency
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Instrumentation
X-Times
X-Powered-CMS
AR-SID
AR-Request-ID
AR-PoweredBy
X-Cache-Key
AR-ATIME
X-Ttl
X-Pinterest-Rid
X-Mg-S
Pinterest-Generated-By
Pinterest-Version
X-B3-Traceid
Arr-Disable-Session-Affinity
X-Middleton-Response
Response
X-Client-IP
X-Fastly-Request-ID
X-Version
X-Cnection
X-Jurisdiction
X-Ser
X-HP-Trace-Id
X-HP-Webp
AR-CACHE
X-FastCGI-Cache
Nginx-Cache
Cache-Tags
X-Accel-Expires
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-T
Cache-Status
Edge-Cache-Tag
X-B3-TraceId
X-Hits
X-MSEdge-Ref
X-RateLimit-Remaining
Front-End-Https
X-Px
Public-Key-Pins
X-NF-Request-ID
X-Recruiting
Payment
S
X-LLID
X-Frontend
X-Ua-Browser
X-Shield-Request-Id
MRF-Tech
Server-Node
X-B3-TraceId-Primal
X-RateLimit-Limit
Mrf-Cache-Status
X-Request-Processing-Time
X-Request-Received
X-Server-ID
X-Daa-Tunnel
Content-MD5
X-Goog-Metageneration
X-GUploader-UploadID
X-TTL
X-DIS-Request-ID
Access-Control-Request-Method
MicrosoftSharePointTeamServices
X-PressLabs-Stats
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Content-Digest
TP-Cache
X-Webkit-CSP-Report-Only
Realpath
X-Protected-By
X-Forwarded-For
X-Microsite
X-Request-Handler-Origin-Region
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Distributor
Fastcgi-Cache
X-Fastcgi-Cache
Access-Control-Allow-Method
X-FB-Debug
X-Page-Id
X-LB-Cache
X-Cluster-Name
Accept-Charset
X-Rid
X-Ratelimit-Remaining
X-Geo-Country
TP-L2-Cache
X-Hostname
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-B3-Sampled
X-Goog-Storage-Class
X-Goog-Generation
X-Aspnet-Version
Count-Hit
X-Ua-Device
X-Ezoic-Cdn
X-Seen-By
Cross-Origin-Resource-Policy
Cleartype
TCN
X-Kinsta-Cache
X-Edge-Location-Klb
X-Newrelic-App-Data
X-App-Server
X-Xrds-Location
Referer-Policy
X-Varnish-Backend
X-Mobile
X-Logged-In
DC
X-Correlation-Id
X-Content-Options
X-Ratelimit-Limit
X-Id
X-Git-Hash
X-Hosted-By
X-Origin-Cache
X-Contextid
X-Request-Guid
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Fb-Rlafr
X-Route-Name
X-Amz-Replication-Status
X-Aspnet-Duration-Ms
Surrogate-Key
X-Revision
X-Grace
Retry-After
X-Debug-Info
X-TT
Frame-Options
X-App-Environment
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-IPS-LoggedIn
X-Varnish-Grace
X-Envoy-Decorator-Operation
X-F-Cache
X-Azure-Ref
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Section-Io-Cache
X-RateLimit-Reset
X-Wix-Request-Id
X-Magnolia-Registration
X-Whom
Healthy
MS-Author-Via
Alternate-Protocol
Charset
X-Proxy-Cache-Info
X-Origin-Server
X-Akamai-Edgescape
X-App-Version
Viewport
X-Www-Served-By
X-Nf-Request-Id
X-COUNTRY
X-Backend-Name
X-Language
X-Webkit-Csp
X-Az
X-AppVersion
X-Activity-Id
Paypal-Debug-Id
X-Varnish-Server
Filterid
X-B
SRV
WPO-Cache-Status
WPO-Cache-Message
VIX-Pulpo-Node
X-Datadog-Trace-Id
VIX-Pulpo-Upstream-Status
Host
X-Cache-Rule
SD-X-WS
Server-Name
X-Datadog-Sampling-Priority
X-Original-Request-Id
X-Datadog-Parent-Id
X-Response-Served-From
X-Edge-Location
X-UUID
Akamai-GRN
X-User-Agent
Front
X-Http-Reason
X-Cache-Grace
X-Rule
X-Instance
From-Origin
X-Page-View
X-L-Path
X-Region
X-Status
X-Varnish-Age
X-Unique-Id
X-Jobs
X-Environment-Context
Country
X-Kong-Upstream-Latency
X-Akamai-Request-ID2
X-ARC
X-Cacheable-TTL
Amp-Access-Control-Allow-Source-Origin
X-Kong-Proxy-Latency
X-Time
X-Framework
X-FW-Dynamic
X-FW-Hash
X-Adobe-Loc
X-Adobe-Content
Fastly-SWR
Protected
X-FW-Server
X-FW-Static
X-Rendered-As
X-Rocket-Nginx-Serving-Static
X-Is-Bot
X-EdgeConnect-Cache-Status
X-FW-Type
X-FW-Version
Fastly-SIE
X-FW-Serve
X-Load-Cache
X-Vcache
X-N
X-Tumblr-Pixel
X-RemovedCookies
X-Tumblr-User
X-Yottaa-Metrics
X-Type
X-Client-Ip
X-Cache-Time
X-ProcessESI
X-Trace-Id
ServerID
X-Yottaa-Optimizations
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-DataDome
X-G
X-Tec-Api-Root
Content-Disposition
X-Tec-Api-Origin
X-Tec-Api-Version
X-Proxy
X-Mg-Request-UUID
Access-Control-Request-Headers
X-Datadog-Sampled
X-Signature
X-B-Cache
X-Amzn-Remapped-Content-Length
X-Debug-IsPreview
X-Debug-IsConnected
X-CDN-Forward
X-Cache-Control
X-Cache-Age
Backend
X-URL
X-ECache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Refresh
Countrycode
X-Drupal-Cache-Tags
X-Nginx-Cache
X-DynaTrace
X-Httpd
X-Erf-Web-Scheduler
Xet-Cookie
X-Servername
Accept-Language
X-Tt-Trace-Host
X-Tt-Trace-Tag
CF-IPCountry
X-Generated-By
Url
X-DynaTrace-JS-Agent
X-HTML-Minification-Powered-By
X-Source
X-XRDS-Location
X-Template
Webserver
X-Device-Type
X-Mode
Xserver
X-Content-Powered-By
X-NYM-Debug-Backend
Version
X-Storage
GEO-INFO
X-Content-Age
X-GeoCountry
X-Director
X-Cache-Operation
X-GeoCode
X-JoinUs
OT-Force-Account-Verify
X-Cache-Action
X-SayCDN-TTL
Meta-Geo
X-Rn-Rsrv
Filters
X-ServerID
S-Rt
X-Say-TTL
X-UPSTREAM-Address
X-Say-Cacheable
X-SaId
X-Rewrite-Enabled
Load-Balancing
X-Urbn-Site-Id
X-Git-Commit
Locale
X-Urbn-Context-Path
X-Container-Uri
X-Soup
Onion-Location
X-Cluster-Node
X-LAGOON
X-Varnish-Cache-Hits
X-Tt-Logid
X-Forwarded-Host
X-Varnish-Hostname
X-Cache-Hit
Azure-RegionName
X-VC-Cache
Azure-SiteName
X-VCT
X-Detected-As
X-PHP-Host
X-Cache-Server
X-Adobe-Source
Azure-SlotName
X-Lambda-Id
Azure-InstanceId
Azure-Version
X-Served-From
X-Labrador-Cache-Channel
X-RM-Cache-TTL
X-Sql-Duration-Ms
Web-Mar-Node
X-Ms-Request-Id
X-Ms-Version
X-Tncms
X-Sql-Count
X-Tb
X-Loop
Cross-Origin-Window-Policy
Mn-Server-Ip
DB-Nickname
Node
X-R9-Blue-Green-Version
X-Generation-Time
X-Routing-Service
X-Zipkin-Id
X-Logging-Id
X-Proto
X-XRDS-LOCATION
X-RCS-CacheZone
X-FB-TRIP-ID
X-Hcs-Proxy-Type
X-Extlb
X-CCDN-Origin-Time
X-Skip-Cache
X-CCDN-CacheTTL
X-Proxied
X-Timing-Wait
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-Uri
X-Tumblr-Pixel-2
TWC-Connection-Speed
X-Proxy-Build
X-Format
X-Fetched-On
Webcakes-Region
Webcakes-App-Name
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
X-Debug
X-Tumblr-Pixel-3
Webcakes-App-Version
X-MCACHE
Fastcgi-Useragent
Property-Id
Selected-Fe
Uber-Trace-Id
X-Endurance-Cache-Level
X-LSADC-Cache
X-Zen-Fury
X-Redis-Cache
X-Ua
Source
X-Srv
X-NGENIX-Cache
X-Sucuri-Cache
X-Sucuri-ID
X-Drupal-Cache-Contexts
Section-Io-Origin-Status
CDN-RequestId
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-B3-SpanId
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-S
X-Origin-Date
X-Pass-Why
X-MP-GENERATED-AT
X-Upgrade-Enabled
X-Ratelimit-Reset
X-TimeS
Fastly-Drupal-HTML
X-FTR-Request-ID
X-Cache-Expired-At
X-Origin-TTL
X-Origin-CC
X-Varnish-Hits
Upgrade-Insecure-Requests
Liferay-Portal
X-Real-IP
NGB
X-Akamai-Transformed
X-Newrelic-Synthetics
X-Handled-By
X-CACHE-AGE
Apigw-Requestid
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Cms-Context
X-Xfnlog-Site
X-Reqid
X-Optimistic-Header
X-Restarts
ServedBy
X-Via-JSL
X-Node-Name
X-Correlation-ID
X-Hl-Ver
X-Cache-Type
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
X-CSRF-Token
CDN-RequestCountryCode
CDN-CachedAt
MS-CV
X-ProxyCache-Key
X-ProxyCache-Status
X-Cache-Host
X-No-Session
X-BYPASS-REASON
CDN-Uid
Ms-Operation-Id
X-RTag
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Pubstack
X-GEO
X-Varnish-Ttl
X-ID
X-AWS-Id
X-IPLB-Request-ID
X-IPLB-Instance
X-Parent-Response-Time
WP-Super-Cache
X-Cluster
X-Server-W
X-LJ-Flow-ID
X-VWS-Id
X-Eu-Site
X-External-Request-Id
Surrogated-Key
L5d-Success-Class
X-Ec-GeoHdr
Candidate-Md5Url
X-Epic-Correlation-Id
X-Fastly-Backend
X-Bc-Bl
X-CacheTTL
L
Ngx.Var.Host
X-Cache-NE
BehaviorPad-Version
X-FC-Vary-Parameters
X-Bl-Debug
Canary
X-CF-Lambda-Fn
X-Tx-Id
T-Server
Meta-Geo-Continent
Magicmarker
X-Debug-Cache-Fetch
X-CGP
MD5-Digest
X-Csrf-Jwt
X-D
True-Client-Country-4JS
Lang
X-Destination
X-Developer
X-Dispatcher-Number
X-Ec-Custom-Error
Xc-Version
X-CF-Lambda-Version
X-SRCache-Key
X-Debug-Cache-Store
N-Cache
X-Ec-Fail
X-BCube-Filmed-By
X-A
X-A-Ccd
X-Vtex-Remote-Cache
X-Conf
Origin-Agent-Cluster
X-A-Dam
X-We-Are-Hiring
X-B-Cookie
DCR-Processing-Time-Ms
X-A-Wwc
X-A-Dgt
X-A-Dcw
Web-Mar-Region
Odigeo-Trace-Id
X-S-Cookie
X-Viewer-Country
X-ScT
X-SD-PageType
W
X-Rojux
Gannett-Cam-Experience-Id
Ha-Gx-Prefs
Fastly-SSL
Server-Host
X-Request-Host
DCR-Decision-By
Rendered-Blocks
X-Slack-Backend
Vix-Hermes-Req-Id
X-Slack-Shared-Secret-Outcome
X-App
X-Application
X-App-Name
Sslversion
Redirect-Candidate
X-Aed
X-Vdms-Version
X-Worker
HA-Ipaddr
X-Vdms-Path
X-AB
X-Proxy-Cache-Status
X-Bip
X-Cache-Bucket
VNS-Cache
Release
TDXMobile
We-Hiring
X-Clientip
X-Cache-Debug
X-CMSURLCustom
X-Cache-Info
Thinkindot-CacheControl
VNS-Age
X-Cdn-Origin
X-Accel-Expires-Debug
X-Alternate-Cache-Key
X-Cdn-Diag
Thinkindot-CacheControl-Type
Thinkindot-Control
Req-Svc-Chain
X-Accel-Buffering
Producers
X-Mid
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Sn-Servicetimems
X-Storefront-Renderer-Rendered
X-SVT-ORM-RULES
X-Tenant
X-SVT-ORM-VERSION
X-Shopify-Stage
X-ShopId
X-Request-Time
X-Refresh
X-RateLimit-Remaining-Second
X-S-Maxage
X-Server-IP
X-Shop-Environment
X-ShardId
X-Test
X-Thanos
X-VServer
X-Vmg-Version
X-VG-WebCache
X-Wikidot-Backend
X-Wikidot-Static-Cache
Host-ID
X-Wix-Viewer-Type
X-VG-TLSProxy
X-Varnishpool
X-Var-Ttl
X-Up
X-Thinkindot-L3
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-RateLimit-Limit-Second
X-Qloud-Router
X-Hash
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Human
X-Irp-Debug
X-Loc
X-Level-Front-Cache
X-Geo-Header
X-Generated-On
X-DefElseHash
X-Date
X-Core-Value
X-DefHash
X-DPWN-IS-SECURE
X-Gdpr
X-Forwarded-Path
Platform
X-Mly-Id
X-Owner
X-Origin-Time
X-Orig-Expires
X-PAYTM-SRV-ID
X-Platform
X-Pool
X-Policy
X-Org
X-Old-Content-Length
X-Nananana
X-Mvc-Supplant-Cachable
X-Nitro-Cache
X-Node-Id
X-Nyt-Route
X-NodeID
X-Core-Mission
X-BBC-Edge-Cache-Status
AKAMAI
Fastly-Backend-Name
Expect-Staple
Fastly-GeoIP-CountryCode
Adler-Geo
X-Datadome
Is-Eu
Gh-Request-Id
Environment
Content-Secure-Policy
Cf-Device-Type
Cmstype
Cmsid
Cache-Provider
CPC-Age
Datacenter
CPC-Cache
Mail-Subject
X-B3-Spanid
X-Micro-Cache
X-Cache-Status-Check
Origin
AMP-Access-Control-Allow-Source-Origin
X-TIME
User-Cache-Control
X-Nginx-Cache-Key
X-Cache-Id
X-Gzip
Apple-News-Services-Request-Url
X-WADP-Cache
X-GeoIP
X-Block-Status
X-Mvc-Supplant-OutputCached
X-INCAP-ABP
CDCHOST
Apple-News-Services-Parsed-Url
X-Geo-Region
X-Hnp-Log
X-WA-Info
X-Clara-WADP
X-PERF
X-Fmm-Version
X-Auto-Login
X-Dispatcher-Server
X-Device-Os
X-Forwarded-Site
X-Cdn-Srv
X-Esi-Check
X-Gen-Mode
Apple-News-Services-Handled
X-Origin-Response-Time
X-From
X-Origin
Apple-News-Services-Host
NM-Fastcgi-Cache
Cache-Name
Sever-Int
DSUID
Esi-Enabled
Machine
Server-Hostname
X-Akamai-Device-Characteristics
Server-Ext
CloudFront-Viewer-Country
X-ApacheServer
Country-Code
X-Vcl-Version
X-TraceId
X-NCache
X-Instance-Name
NGX
X-Section
Ssr
X-Op-Id-All
Pics-Label
Wxu-Next-Commit
X-Cache-Enabled
C-Via
X-LB-NoCache
Server-Info
Wxu-Next-Region
X-Access
Wxu-Next-Hostname
X-AIR-PT
X-Dc
X-Via-Fastly
X-Amz-Meta-Cb-Modifiedtime
Server-ID
X-Fastly-Request-Id
X-Vgn-Hpd-Reason
X-Accel-Version
X-API-Version
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Memcached
X-Is-Gdpr
X-CACHE-GROUP
X-JWT-State
X-Has-Esi
X-HA-Backend
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-Is-Tablet
X-Buckets
X-Tcp-Rtt
X-Browser-Name
Memory
Cdn-Requestid
Time
X-SIPLIST1
Hostname
IsBot
Origin-CC
Origin-EX
X-Scale
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
Cache-Hits
Sid
CF-Ctrl
X-ZONE
X-Wp-Cf-Super-Cache-Active
X-TIM-N
YJS-ID
X-Zone
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Tb-Optimization-Total-Bytes-Saved
X-PHP-Backend
X-B3-Parentspanid
Location
X-Presslabs-Stats
X-WP-CF-Super-Cache-Active
X-Fpc
X-Cached-By
X-Internal-Host
X-Backend-Instance
X-Origin-Cache-Key
X-Frame-Option
Resin-Trace
X-Azure-Ref-OriginShield
X-Hyper-Cache
X-DC
X-Cs
GeoIP-Latitude
X-TA-CDN-Provider
Uri
X-VC
X-Site-Version
X-Origin-Expires
X-DataCenter
X-Webstats-RespID
Epwk-X-Cache
True-Client-Ip
Cache-Host
X-Service
X-Microcachable
X-LiteSpeed-Cache-Control
X-FTR-Balancer
X-FTR-Cache-Status
X-Nitro-Rev
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
XM
X-FTR-Expires
GeoIP-Country-Code
X-NGINX-Cache
X-Nitro-Cache-From
X-Locale
X-Info
X-Web-Node
Cdn
X-VarnishDD-TTL
GeoIp-Country-Code
X-HN
LB
PFcat
X-Pod-Name
X-VCache
X-Cache-Ttl
X-Ad-Defer-Variation
X-Edge-Server
X-Geo
X-CS
Cdn-Request-Time
NtCoent-Length
XServer
User-Agent
X-Datacenter
Cdn-Host
X-NewRelic-App-Data
X-CSRF-TOKEN
X-Via-Edge
X-Via-SSL
X-FL-QIT-DEBUG
X-Via-CDN
Req-ID
M-TraceId
Srvid
X-FL-EDGE
A
X-NMSegId
True-Client-IP
WZWS-RAY
Locid
Edge-Copy-Time
X-SRV
WebServer
X-Vercel-Id
X-Vercel-Cache
X-Ad-Load-Variation
X-TRACE-ID
SID
X-FireWall-Port
X-Scope-Id
X-Pad
X-Request-Start
X-MSEdge-Flight
X-MSEdge-Features
X-Cache-ASPX
X-Varnish-Authentication
X-M-Log
X-Moov-Xdn-Version
X-ATG-Version
X-FPC
X-Contensis-Viewer-Groups
X-Moov-T
Fastly-Drupal-Html
X-M-Reqid
Cluster
X-HostName
Tcn
X-Request-URI
X-Varnish-Beresp-Status
X-LiteSpeed-Tag
X-NWS-UUID-VERIFY
X-Shield-Cache-Expires
Cache-Key
X-Qnm-Cache
Pramga
Cf-Ipcountry
HostName
X-Cdn-Request-ID
X-Api-Version
X-APP-VERSION
CountryCode
X-Esi
X-Cache-Date
Edge-Cache
X-Amz-Meta-Opti
X-Air-Pt
Cdncip
Path
Cdnsip
Content-Script-Type
X-AK-Request-ID
Content-Style-Type
Cache-Tv-Group
X-TH-Server
Wpo-Cache-Message
Wpo-Cache-Status
X-Branch-Name
X-Wp-Cf-Super-Cache-Cookies-Bypass
Click-Count-Action-Start
X-Render-Time
Yak-Timeinfo
State
Tube-Get-Contents
Tube-Got-Results
Tube-Got-Eval
Click-Count-Error
X-Proxy-CacheRZ
X-LB-ID
X-Via-Poph
Tube-Return
X-V-Cache
X-Github-Request-Id
X-Platform-Server
X-Via-Popn
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-FS-Status
XkeyRZ
X-Req
X-SB
X-HS-Content-Campaign-Id
X-Acquia-Purge-Cdn-Unconfigured
X-Aicache-OS
X-B3-Trace-ID
X-Via-Popv
X-Wa
X-Servedbyhost
X-Nc
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Upstream-Ht
X-VCL-Version
X-Upstream-Ct
CDN
X-CACHE-KEY
Geoip-Latitude
X-Akamai-Pragma-Client-IP
X-Vgn-Hpd-Cached
Srv
X-Cdn-Forward
X-Vgn-Hpd-Ssi
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache
X-Release
X-Tim-N
X-Vgn-Hpd-Variations-Key
Proxy-Connection
On-Server
V-Age
X-Men
X-Vary
X-Lb-Cache
X-User
Ngx-Var-Key
MIME-Version
X-Rocket-Build-Number
Lb
X-Dw-Trace-Id
X-UA
X-Ha-Backend
X-Generated-In
Ohc-File-Size
X-Cache-Remote
CF-Cached-On
X-Sigma
X-HS-Status
X-Traceid
X-Sigma-Backend
Server-Id
X-TT-LOGID
X-Fastly-Backend-Reqs
Ohc-Cache-HIT
X-CUA
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
PICS-Label
X-Lb-Nocache
Warning
Cache
X-Via-Ucdn
My-App
X-EC-Lua
Yjs-Id
X-TX-ID
X-Iplb-Instance
X-Iplb-Request-Id
Mime-Version
X-GeoIP-City
X-Gamma-Serve
X-GoCache-CacheStatus
Inserted-Into-Cache-At
X-CF-Cache-Header-Cache-Control
X-CF-Cache-Header-Vary
X-Litespeed-Cache-Control
Ngx
Log-Origin
X-Miniprofiler-Ids
X-RAMCache
X-Udemy-Cache-App-Namespace
X-ElasticPress-Query
Cneonction
CACHE-MISS-TO-ORIGIN
X-Fastly-Cache-Hits
X-Snapshot-Date
X-Cached-Since
Vha6-Origin
X-Scheme