Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Xss-Protection
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-Id
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
P3p
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
Keep-Alive
X-Proxy-Cache
X-Server
X-Ws-Request-Id
X-Age
X-Ua-Compatible
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
Allow
X-Amz-Version-Id
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Accept-CH
X-Page-Speed
X-Device
Cf-Apo-Via
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Host
X-Pingback
X-Server-Id
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
EagleEye-TraceId
Surrogate-Control
X-Backend-Server
X-Ruxit-JS-Agent
Request-Id
X-Readtime
X-Cache-Lookup
X-HW
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Application-Context
X-Response-Time
Accept-CH-Lifetime
Fastly-Restarts
Permissions-Policy
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
X-Edge
Accept-Ch-Lifetime
X-WebKit-CSP-Report-Only
X-CST
Content-Location
X-Content-Type
X-Url
X-MS-InvokeApp
X-Clacks-Overhead
X-Mcache
Rating
X-Midtier
X-Country
X-TtlSet
X-Vname
X-PC
X-Amz-Server-Side-Encryption
X-Litespeed-Cache
X-ECACHE
RTSS
X-VARITI-CCR
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-Server-Name
Origin-Trial
Verso
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Ac
X-Ttl
X-Rack-Cache
X-Cnection
X-Powered-By-Plesk
Service-Worker-Allowed
X-Varnish-TTL
X-GitHub-Request-Id
X-Cache-TTL
Xkey
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
X-Amz-Rid
X-Abt-Application-Version
Edge-Control
X-B3-TraceId
X-Client-IP
X-NWS-LOG-UUID
SPRequestDuration
SPIisLatency
X-Cached
Arr-Disable-Session-Affinity
X-Upstream
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Browser-Type
X-Mg-S
X-Px
X-Cache-Key
X-Dw-Request-Base-Id
X-Correlation-Id
Display
Pagespeed
X-Middleton-Display
X-Sol
Content-MD5
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-Goog-Hash
X-XRDS-Location
X-Country-Code
X-Forwarded-For
Front-End-Https
X-Version
X-Fastcgi-Cache
X-Id
X-Powered-CMS
TCN
Public-Key-Pins
AR-SID
X-Daa-Tunnel
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Recruiting
X-T
X-Content-Digest
X-MSEdge-Ref
X-Accel-Expires
X-RateLimit-Remaining
X-Ser
Response
X-Middleton-Response
X-Amzn-Trace-Id
X-Shield-Request-Id
TP-Cache
TP-L2-Cache
Nginx-Cache
S
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Ratelimit-Limit
X-FastCGI-Cache
X-Request-Processing-Time
X-Request-Received
MicrosoftSharePointTeamServices
Server-Node
X-HS-Hub-Id
X-HS-Content-Id
X-Webkit-Csp
X-HS-Cache-Config
X-HS-Combine-CSS
X-Distributor
Cache-Status
Cache-Tags
X-Hits
X-Ratelimit-Remaining
X-Edge-Location-Klb
X-Kinsta-Cache
Fastcgi-Cache
X-Grace
Accept-Ch
Alternate-Protocol
X-DataDome
Server-Name
X-Origin-Server
X-LB-Cache
X-Ezoic-Cdn
X-Ratelimit-Reset
X-Ua-Browser
X-DIS-Request-ID
X-Geo-Country
X-Fastly-Request-ID
Cross-Origin-Opener-Policy
X-Protected-By
Filterid
X-Microsite
X-Request-Handler-Origin-Region
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Rid
X-Frontend
X-Debug-Info
X-Varnish-Backend
X-Logged-In
Healthy
X-Git-Hash
X-FB-Debug
X-Www-Served-By
Cleartype
Payment
X-Page-Id
X-Forwarded-Proto
X-NGENIX-Cache
X-LLID
X-Load-Cache
X-Hostname
X-Origin-Cache
X-Cluster-Name
Charset
DC
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Content-Disposition
MS-Author-Via
X-ASPNET-VERSION
X-B3-Sampled
X-GUploader-UploadID
X-Goog-Metageneration
X-PressLabs-Stats
X-Ruxit-Js-Agent
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-VCache
X-Kong-Proxy-Latency
Realpath
X-Proxy
X-F-Cache
X-B3-Traceid
Retry-After
X-Activity-Id
X-Az
X-AppVersion
X-Seen-By
Cross-Origin-Resource-Policy
X-Contextid
Accept-Charset
Paypal-Debug-Id
X-Amz-Replication-Status
X-Revision
X-Signature
X-Amz-Meta-S3cmd-Attrs
X-Type
X-B-Cache
X-Whom
X-Route-Name
X-Request-Guid
X-Hosted-By
X-Azure-Ref
X-Aspnet-Duration-Ms
X-Fb-Rlafr
X-Flags
X-Is-Crawler
X-Providence-Cookie
Viewport
X-App-Environment
X-Varnish-Server
X-Wix-Request-Id
Surrogate-Key
Count-Hit
X-B
Amp-Access-Control-Allow-Source-Origin
X-DynaTrace
X-TTL
X-TT
X-COUNTRY
X-Akamai-Edgescape
X-Aspnetmvc-Version
X-Language
X-Source
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Referer-Policy
X-App-Server
X-Cache-Control
X-Mobile
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-RateLimit-Limit
Host
X-Varnish-Grace
Version
X-Magnolia-Registration
X-Template
X-HTML-Minification-Powered-By
X-Cache-Rule
X-EdgeConnect-Cache-Status
X-N
SRV
X-Response-Served-From
X-Tumblr-User
X-Tumblr-Pixel-1
X-Original-Request-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Ms-Operation-Id
X-UUID
X-Varnish-Age
X-Cache-Time
X-RTag
MS-CV
X-Rule
X-Trace-Id
X-Cache-Expired-At
X-Framework
X-Cache-Status-Check
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
Section-Io-Cache
VIX-Pulpo-Node
X-Envoy-Decorator-Operation
SD-X-WS
X-Cacheable-TTL
X-Cache-Grace
X-Adobe-Content
X-Backend-Name
Akamai-GRN
X-Device-Type
Protected
X-Adobe-Loc
Access-Control-Request-Headers
X-FW-Server
X-Cache-Age
X-Fastly-Request-Id
X-RemovedCookies
X-FW-Version
X-Page-View
X-ProcessESI
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-User-Agent
X-Http-Reason
NGB
X-Status
X-Instance
X-Is-Bot
X-Jobs
X-NYM-Debug-Backend
Url
X-Akamai-Request-ID2
X-Rendered-As
GEO-INFO
X-G
X-Servername
X-Environment-Context
Refresh
X-L-Path
X-Drupal-Cache-Contexts
X-ECache
X-Server-ID
X-Drupal-Cache-Tags
From-Origin
X-CDN-Forward
X-Times
CDN-RequestId
X-Debug-IsPreview
X-Debug-IsConnected
WPO-Cache-Status
X-Region
WPO-Cache-Message
Front
Accept-Language
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Hit
X-Yottaa-Optimizations
X-Yottaa-Metrics
Country
Backend
X-Tb
X-Unique-Id
X-Content-Options
Fastly-SWR
Fastly-SIE
X-TIME
X-Tt-Logid
X-Node-Name
X-Nginx-Cache
Pinterest-Generated-By
Pinterest-Version
X-Zen-Fury
X-Pinterest-Rid
X-Real-IP
X-Air-Trace-Id
X-DynaTrace-JS-Agent
X-Air-Source
X-Air-Hostname
X-Mode
X-Newrelic-App-Data
Content-Secure-Policy
Uber-Trace-Id
X-VC-Cache
X-Cache-Operation
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Proxy-Cache-Info
Webserver
Liferay-Portal
X-Ms-Version
X-Ms-Request-Id
X-Amzn-Remapped-Content-Length
X-Generation-Time
Filters
Meta-Geo
X-Rewrite-Enabled
X-Cache-Server
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-RN-RSRV
Onion-Location
X-Format
CF-IPCountry
X-Reqid
X-Rocket-Nginx-Serving-Static
X-Web-Node
X-Section
Cache-Hits
Azure-Version
Azure-InstanceId
X-Content-Age
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-IPS-LoggedIn
X-Access
Fastly-Drupal-HTML
X-Cache-TTL-Remaining
X-BYPASS-REASON
X-Cluster
X-AWS-Id
X-Cluster-Node
X-IPLB-Request-ID
X-IPLB-Instance
X-Debug
X-Cms-Context
X-Adobe-Source
Webcakes-Region
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
ServedBy
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-LJ-Flow-ID
X-Origin-Hint
X-Sucuri-Cache
X-Sql-Duration-Ms
X-Soup
X-Server-W
X-Sucuri-ID
X-Ua
X-VWS-Id
X-Via-Fastly
X-UA-Device-Type
X-SayCDN-TTL
X-Say-TTL
X-Proxy-Cache-Status
X-Proto
X-PHP-Backend
Property-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-Say-Cacheable
X-Buckets
X-R9-Blue-Green-Version
X-Locale
X-Sql-Count
Node
X-No-Session
X-PHP-Host
ServerID
Apigw-Requestid
X-Forwarded-Host
X-Handled-By
X-Labrador-Cache-Channel
S-Rt
DB-Nickname
X-Cache-Action
X-Varnish-Beresp-Grace
Web-Mar-Node
X-Cache-Host
X-Skip-Cache
X-Site-Version
X-Edge-Location
X-Detected-As
X-FB-TRIP-ID
X-Extlb
X-LAGOON
X-SaId
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-GeoCountry
X-JoinUs
X-LSADC-Cache
X-GeoCode
X-Xfnlog-Site
Locale
Cross-Origin-Window-Policy
Mn-Server-Ip
Cache-Name
Mime-Version
WP-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Fastcgi-Useragent
X-WP-CF-Super-Cache
X-Proxy-Build
CDN-Uid
X-Timing-Wait
CDN-Cache
X-Origin-Date
CDN-CachedAt
CDN-EdgeStorageId
Selected-Fe
CDN-PullZone
CDN-RequestCountryCode
X-Tumblr-Pixel-3
Source
X-Hl-Ver
X-Uri
X-SRV
X-Optimistic-Header
X-XRDS-LOCATION
X-Time
X-CACHE-AGE
X-Varnish-Ttl
X-Request-Time
X-Oneagent-Js-Injection
X-App-Version
X-Director
X-Redis-Cache
X-Varnish-Hits
X-Generated-By
X-ARC
X-GEO
X-Cache-Debug
X-Presslabs-Stats
X-Mg-Request-UUID
Upgrade-Insecure-Requests
Xet-Cookie
X-TNCMS
CF-Cached-On
Countrycode
X-Tx-Id
X-Loop
X-Akamai-Transformed
Cache-Tv-Group
X-Pass-Why
Frame-Options
X-FireWall-Port
X-Origin-CC
X-Origin-TTL
Xserver
X-Varnish-Cache-Hits
X-URL
X-ShardId
X-Varnish-Hostname
X-Alternate-Cache-Key
X-Service
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-NWS-UUID-VERIFY
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Varnish-Beresp-Ttl
X-ShopId
X-RM-Cache-TTL
X-ServerID
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Storage
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Endurance-Cache-Level
X-Tid
X-B3-Spanid
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-S-Maxage
DCR-Decision-By
X-Httpd
DCR-Processing-Time-Ms
MD5-Digest
X-Generated-On
X-Ec-Fail
X-External-Request-Id
X-Frame-Option
X-Gdpr
X-Request-Host
WWW-Authenticate
A
X-Aed
X-Cache-Info
X-Cache-NE
X-A-Wwc
X-BCube-Filmed-By
X-Bc-Bl
X-Application
BehaviorPad-Version
X-B-Cookie
X-BBC-Edge-Cache-Status
X-A-Dgt
Candidate-Md5Url
X-A-Ccd
X-A
X-Destination
X-Developer
X-D
X-A-Dam
X-CMSURLCustom
X-Conf
X-A-Dcw
X-Core-Value
X-INCAP-ABP
X-Thinkindot-L3
Req-Svc-Chain
X-Sigma-Backend
Rendered-Blocks
Meta-Geo-Continent
X-Vdms-Path
Release
Xc-Version
X-ScT
Thinkindot-Control
X-Served-From
X-S-Cookie
X-Processor
Memcached
Redirect-Candidate
X-Vdms-Version
Environment
X-DC
Ngx.Var.Host
X-SRCache-Key
X-Rojux
X-S
Odigeo-Trace-Id
X-VG-TLSProxy
Origin
Host-ID
X-We-Are-Hiring
Lang
X-Rocket-Build-Number
X-Test
Gannett-Cam-Experience-Id
X-Location
X-Loc
TDXMobile
Edge-Cache
X-Nyt-Route
X-Sigma
X-Mid
X-Mobile-URL
Thinkindot-CacheControl
T-Server
X-Origin-Time
X-Platform-Router
X-Level-Front-Cache
Sslversion
Thinkindot-CacheControl-Type
Surrogated-Key
X-TIM-N
X-Platform-Cluster
Cache-Host
X-Platform-Processor
X-Pubstack
NM-Fastcgi-Cache
Tube-Got-Eval
Tube-Get-Contents
X-Akamai-Device-Characteristics
Tube-Return
Server-Host
We-Hiring
State
Vix-Hermes-Req-Id
Tube-Got-Results
Server-Info
NGX
X-Has-Esi
X-Cache-Date
Mail-Subject
X-WP-CF-Super-Cache-Active
X-Req
X-SD-PageType
X-Pool
X-Origin-Response-Time
X-SVT-ORM-VERSION
X-Varnish-Beresp-Status
X-Platform-Server
X-Worker
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-SB
X-Vmg-Version
X-Restarts
X-WADP-Cache
X-VServer
X-Org
X-Old-Content-Length
X-DefElseHash
X-DefHash
X-Developers
X-Ec-Custom-Error
X-CUA
X-Core-Mission
X-Cache-Bucket
X-Cdn-Origin
X-Cdn-Srv
X-Clara-WADP
X-Fetched-On
X-Fmm-Version
X-Human
X-Is-Gdpr
X-JWT-State
X-NodeID
X-HS-Content-Campaign-Id
X-Hash
X-Geo-Header
X-GeoIP
X-GeoIP-City
X-Auto-Login
Ssr
Country-Code
Cluster
CloudFront-Viewer-Country
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Decoy-Debug-TTL
Click-Count-Error
Click-Count-Action-Start
Apple-News-Services-Handled
AKAMAI
Magicmarker
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
CacheControlHeader
Cache-Key
Apple-News-Services-Request-Url
Gh-Request-Id
C-Via
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Slack-Backend
X-CacheTTL
X-Slack-Shared-Secret-Outcome
X-Ckpd-Fst-Backend
X-Date
X-Region-Sid
X-Request-Start
X-Scale
X-Cache-Tags
X-Cache-Id
X-App
X-Hnp-Log
Kp-EeAlive
Cache-Provider
X-Ad-Defer-Variation
L
X-Azure-Ref-OriginShield
X-Thanos
X-Cache-Backend
X-Block-Status
X-Bip
X-Qloud-Router
X-Dispatcher-Number
X-GeoIP-Country-Code
X-Minions-Version
X-Gen-Mode
X-NCache
X-GeoIP-Region-Code
X-Gzip
X-HN
X-Irp-Debug
X-LB-NoCache
X-Men
X-Nginx-Cache-Key
Machine
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Accel-Expires-Debug
X-Device-Os
X-Esi-Check
X-Fastly-Backend
X-Gamma-Serve
X-Op-Id-All
X-FC-Vary-Parameters
X-Platform
Adler-Geo
Cmstype
X-Accel-Buffering
X-Api-Version
PFcat
Cmsid
User-Cache-Control
Origin-CC
Origin-EX
X-VarnishDD-TTL
Pics-Label
Platform
X-Mvc-Supplant-Cachable
Server-Hostname
Server-Ext
X-Wix-Viewer-Type
Sever-Int
DSUID
X-WA-Info
Producers
Web-Mar-Region
Datacenter
CDCHOST
Wxu-Next-Hostname
Wxu-Next-Region
X-Var-Ttl
On-Server
X-Variation
Wxu-Next-Commit
Canary
Is-Eu
X-Parent-Response-Time
Load-Balancing
L5d-Success-Class
X-Eu-Site
X-Origin
X-Owner
X-Planisys-CDN-Rules
Ha-Gx-Prefs
X-Mly-Id
X-Node-Id
X-V-Cache
Fastly-SSL
X-Nananana
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Refresh
HA-Ipaddr
SID
X-CGP
X-Csrf-Jwt
X-Cache-FS-Status
X-Varnishpool
X-Server-IP
X-Forwarded-Site
X-Mvc-Supplant-OutputCached
X-Up
X-Microcachable
X-Webkit-CSP-Report-Only
X-NGINX-Cache
Svr
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
X-Aicache-OS
GeoIP-Latitude
X-Fastly-Cache
Env
X-Cache-Remote
X-AIR-PT
X-Instance-Name
X-NewRelic-App-Data
X-Client-Ip
X-Origin-Expires
X-RCS-CacheZone
X-CSRF-Token
Cdn
X-Release
X-Via-Poph
X-Response-By
X-Via-Popn
X-Via-Popv
Memory
X-Nc
Time
X-ND-Cache
X-Vc
X-Trace-ID
HostName
X-Air-Pt
X-Wa
X-MCACHE
X-DataCenter
X-Generated-In
X-FL-QIT-DEBUG
X-FL-EDGE
Expect-Staple
X-From
Locid
Srvid
X-HA-Backend
X-Cached-By
X-Zone
X-Provided-By
Cache
X-Edge-Pop
Server-ID
X-VC
X-Cache-Enabled
X-Via-CDN
X-HS-Status
Hostname
X-ZONE
X-Webkit-CSP
X-Via-Edge
Cdncip
Cdnsip
X-AK-Request-ID
X-Check-Cacheable
Edge-Copy-Time
X-Via-SSL
X-Vcl-Version
NtCoent-Length
X-Via-NSCOPI
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
GeoIp-Country-Code
X-Esi
X-Fpc
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-CSRF-TOKEN
X-Correlation-ID
X-Dc
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Srv
X-Hcs-Proxy-Type
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Debug-Cache-Fetch
X-Vgn-Hpd-Cached
X-Debug-Cache-Store
X-Lambda-Id
X-API-Version
X-CS
X-LB-ID
True-Client-IP
Sid
X-Render-Time
VNS-Cache
CPC-Age
X-Via-JSL
Eomportal-Instance
VNS-Age
X-Vtex-Remote-Cache
CPC-Cache
AMP-Access-Control-Allow-Source-Origin
XkeyRZ
X-Proxy-CacheRZ
Ngx-Var-Key
X-Micro-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Cs
X-B3-SpanId
X-APP-VERSION
X-Nf-Request-Id
X-TH-Server
X-Request-URI
X-VCT
X-SIPLIST1
Fastly-Drupal-Html
X-ATG-Version
OT-Force-Account-Verify
IsBot
X-Upstream-Ht
X-EC-Lua
X-Upstream-Ct
X-MSEdge-Flight
True-Client-Ip
Esi-Enabled
X-Cache-Type
X-VCL-Version
X-Varnish-Authentication
Uri
X-MSEdge-Features
X-Cache-NGX
X-Cache-ASPX
Path
X-Contensis-Viewer-Groups
X-Info
Srv
X-Fastly-Country-Code
M-TraceId
Request-ID
X-RateLimit-Limit-Second
X-CF-Lambda-Version
Location
Resin-Trace
X-PAYTM-SRV-ID
X-Lb-Id
X-CF-Lambda-Fn
X-RateLimit-Remaining-Second
YJS-ID
X-Varnish-Beresp-TTL
Servername
GeoIP-Country-Code
X-CLOUD-TRACE-CONTEXT
CDN
X-FPC
XServer
X-Cdn-Request-ID
RNT-Time
X-CDN-Cache-Status
X-Wikidot-Backend
X-Oss-Hash-Crc64ecma
X-Accel-Version
N-Cache
X-Oss-Storage-Class
RNT-Machine
X-Cache-Expires
X-Service-Response-Time
Sm-Log-Id
X-Wikidot-Static-Cache
Cross-Origin-Opener-Policy-Report-Only
LB
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Akamai-Pragma-Client-IP
X-TX-ID
X-MP-GENERATED-AT
X-Udemy-Cache-App-Namespace
X-Forwarded-Path
X-Edge-POP
X-Tenant
X-Bl-Debug
X-Shop-Environment
X-Pod-Name
X-Orig-Expires
X-B3-Trace-ID
HIT
X-Datacenter
Server-Id
X-Datadome
X-RateLimit-Reset
Timeexpire
X-Cdn-Cache-Status
Traceparent
X-App-Name
X-Moov-Xdn-Version
CountryCode
X-SERVER-NAME
X-Policy
X-Scheme
X-Moov-T
X-Ha-Backend
X-WA
X-Geo
X-Snapshot-Date
X-ApacheServer
X-CACHE-KEY
X-Viewer-Country
X-NC
X-Srcache-Store-Status
Ohc-File-Size
FSS-Cache
X-Via-PopV
X-Via-PopN
X-Srcache-Fetch-Status
X-Via-PopH
X-PERF
X-Serial
Epwk-X-Cache
X-TraceId
X-ServedByHost
ENV
Proxy-Connection
Yjs-Id
X-LiteSpeed-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
WZWS-RAY
X-Amz-Meta-Opti
Geoip-Latitude
X-Cdn-Forward
Powered-By
X-NAPM-TraceId
X-Hyper-Cache
Hit
Lb
X-Dw-Trace-Id
X-M-Reqid
X-MiniProfiler-Ids
X-M-Log
Pramga
X-Cdn-Diag
X-Qnm-Cache
X-Acquia-Application-Trace
Content-Script-Type
Content-Style-Type
X-RAMCache
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
X-Ctl-Mach
User-Agent
X-Fastly-Backend-Reqs
X-Swift-Error
X-B3-Parentspanid
X-UP
X-Vgn-Hpd-Reason
X-Lb-Nocache
Ec-Rule-Version
Cneonction
X-Wp-Cf-Super-Cache
X-TT-LOGID
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-F-Status
Tracecode
X-Litespeed-Tag
True-Client-Country-4JS
Rip
X-Fastly-Cache-Hits
Req-ID
X-Litespeed-Cache-Control
X-Webstats-RespID
V-Age
X-Mid-Debug-Cache-Key
Warning
X-IPS-Cached-Response
MIME-Version
My-App
Ngx
X-LiteSpeed-Tag
X-B3-ParentSpanId
X-Cache-Ngx
X-Mid-Debug-Cache-Disk
X-Stale
X-Th-Server
X-Request-URL
Inserted-Into-Cache-At
X-Clientip