Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Generator
X-Cache-Status
X-Check
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Status
Upgrade
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-UA-Device
X-Amz-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Amz-Id-2
EagleId
X-Backend
X-AH-Environment
X-Proxy-Cache
P3p
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-OneAgent-JS-Injection
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Styx-Req-Id
X-Ua-Compatible
X-Pantheon-Styx-Hostname
Cf-Apo-Via
X-Device
Cf-Railgun
X-WebKit-CSP
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Server-Id
X-Host
X-Ruxit-JS-Agent
EagleEye-TraceId
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
Accept-Ch-Lifetime
X-Content-Security-Policy-Report-Only
X-HW
X-Cache-Lookup
X-Cache-Spec
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
X-Response-Time
X-Application-Context
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Litespeed-Cache
X-Country
Content-Location
X-Mcache
X-MS-InvokeApp
X-Content-Type
X-Url
X-Clacks-Overhead
X-TtlSet
X-Vname
X-PC
X-Midtier
X-Amz-Server-Side-Encryption
X-CST
Rating
Accept-CH-Lifetime
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-ECACHE
X-Rack-Cache
X-Element-Page-Cache
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
Verso
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
Origin-Trial
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Service-Worker-Allowed
X-Ac
X-Powered-By-Plesk
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Cnection
X-Navigation-Version
X-Client-IP
Xkey
Edge-Control
SPIisLatency
SPRequestDuration
X-Abt-Application-Version
X-Upstream
X-Cache-TTL
Accept-Ch
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-B3-TraceId
X-Cached
X-Dw-Request-Base-Id
X-Mg-S
X-Ttl
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Browser-Type
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-NWS-LOG-UUID
X-Webkit-Csp
X-Px
X-Middleton-Display
X-Sol
Display
Pagespeed
X-NF-Request-ID
X-FastCGI-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-Correlation-Id
X-Forwarded-For
Edge-Cache-Tag
X-Country-Code
X-Cache-Key
X-Ser
X-Goog-Hash
X-Powered-CMS
X-Id
AR-SID
AR-CACHE
AR-Request-ID
Content-MD5
AR-PoweredBy
AR-ATIME
Front-End-Https
X-RateLimit-Remaining
Public-Key-Pins
X-Amzn-Trace-Id
X-HP-Trace-Id
X-HP-Webp
X-Version
X-Jurisdiction
X-Recruiting
X-Content-Digest
X-T
TCN
Response
X-Middleton-Response
X-MSEdge-Ref
X-Accel-Expires
TP-L2-Cache
TP-Cache
X-Ratelimit-Limit
X-Shield-Request-Id
MicrosoftSharePointTeamServices
S
Cache-Status
Nginx-Cache
X-Fastly-Request-ID
X-Fastcgi-Cache
X-Request-Processing-Time
X-Request-Received
Server-Node
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
Cache-Tags
Cross-Origin-Opener-Policy
X-XRDS-Location
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Daa-Tunnel
X-ORACLE-DMS-ECID
X-Distributor
X-Hits
X-ORACLE-DMS-RID
X-PressLabs-Stats
X-LB-Cache
X-Kinsta-Cache
X-Edge-Location-Klb
X-Origin-Server
X-Ua-Browser
X-Ezoic-Cdn
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ratelimit-Reset
X-TEC-API-ROOT
Fastcgi-Cache
Filterid
Alternate-Protocol
X-Ratelimit-Remaining
X-TTL
X-LLID
X-Frontend
X-Grace
X-Microsite
X-Request-Handler-Origin-Region
X-Rid
X-DIS-Request-ID
Realpath
Healthy
X-Varnish-Backend
X-Logged-In
Server-Name
Cleartype
X-FB-Debug
X-Git-Hash
X-Www-Served-By
X-Geo-Country
X-NGENIX-Cache
Payment
X-Debug-Info
X-Page-Id
X-Cluster-Name
X-Hostname
DC
MS-Author-Via
X-Protected-By
X-Forwarded-Proto
X-Load-Cache
X-Origin-Cache
Access-Control-Allow-Method
Content-Disposition
X-ASPNET-VERSION
Charset
X-Upgrade-Enabled
X-B3-Sampled
X-Goog-Metageneration
X-Activity-Id
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Az
X-AppVersion
X-Kong-Upstream-Latency
X-Proxy
X-Seen-By
X-DataDome
X-Cache-Age
Count-Hit
X-Amz-Meta-S3cmd-Attrs
X-Azure-Ref
Paypal-Debug-Id
X-Amz-Replication-Status
X-Whom
X-F-Cache
X-Fb-Rlafr
X-B
Surrogate-Key
X-Type
X-ECache
X-Akamai-Edgescape
Accept-Charset
X-Revision
Viewport
Cross-Origin-Resource-Policy
X-App-Environment
X-Varnish-Server
X-Flags
X-Contextid
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-B3-Traceid
X-Route-Name
X-Request-Guid
Retry-After
X-TT
X-Wix-Request-Id
X-Times
X-Aspnetmvc-Version
X-Hosted-By
X-Language
X-Envoy-Decorator-Operation
X-DynaTrace
X-Cache-Control
X-Signature
X-B-Cache
X-Source
X-Varnish-Grace
X-App-Server
X-XRDS-LOCATION
X-Mobile
X-Magnolia-Registration
X-VCache
Version
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
WPO-Cache-Message
WPO-Cache-Status
Host
Refresh
X-N
X-Amzn-RequestId
X-Amz-Apigw-Id
Referer-Policy
X-HTML-Minification-Powered-By
X-Server-ID
X-RateLimit-Limit
X-Original-Request-Id
X-Response-Served-From
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Varnish-Age
X-Tumblr-Pixel
X-Cache-Time
X-Tumblr-User
X-Cache-Rule
X-Rule
Amp-Access-Control-Allow-Source-Origin
Protected
X-UUID
X-Jobs
SD-X-WS
Ms-Operation-Id
X-RTag
Access-Control-Request-Headers
MS-CV
X-G
X-User-Agent
X-Framework
X-Cacheable-TTL
X-EdgeConnect-Cache-Status
X-Oracle-Dms-Ecid
X-Backend-Name
X-Trace-Id
X-Cache-Grace
X-ProcessESI
X-Oracle-Dms-Rid
X-RemovedCookies
X-Content-Powered-By
X-Region
X-Device-Type
X-FW-Dynamic
X-FW-Server
X-FW-Static
X-FW-Type
NGB
X-FW-Version
X-FW-Serve
X-Status
X-L-Path
X-FW-Hash
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Environment-Context
Akamai-GRN
From-Origin
Front
X-Is-Bot
X-Tt-Trace-Host
X-Http-Reason
X-Akamai-Request-ID2
X-Rendered-As
Section-Io-Cache
GEO-INFO
X-Page-View
X-Tt-Trace-Tag
X-Drupal-Cache-Tags
X-Cache-Expired-At
X-Instance
X-Adobe-Loc
X-Drupal-Cache-Contexts
X-NYM-Debug-Backend
X-Adobe-Content
X-Nginx-Cache
X-Cache-Status-Check
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Unique-Id
Url
X-Time
X-Servername
CDN-RequestId
Liferay-Portal
Accept-Language
X-Content-Options
X-Template
Fastly-SWR
Fastly-SIE
X-Newrelic-App-Data
X-Varnish-Ttl
X-Zen-Fury
X-Air-Source
X-CDN-Forward
X-Debug-IsPreview
X-Air-Trace-Id
X-Air-Hostname
X-Debug-IsConnected
Backend
X-Fastly-Request-Id
X-Cache-Hit
X-DynaTrace-JS-Agent
X-Yottaa-Metrics
X-Yottaa-Optimizations
SRV
Country
X-Mode
X-Rocket-Nginx-Serving-Static
Content-Secure-Policy
X-Uri
Node
X-ARC
X-Edge-Location
X-RN-RSRV
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-UPSTREAM-Address
X-Rewrite-Enabled
Meta-Geo
X-Amzn-Remapped-Content-Length
X-Cache-Server
Filters
Onion-Location
S-Rt
X-Generation-Time
X-App-Version
X-IPS-LoggedIn
X-COUNTRY
X-Timing-Wait
WP-Super-Cache
Countrycode
X-Content-Age
X-Proxy-Cache-Info
Selected-Fe
X-Locale
X-Proxy-Build
Webserver
Uber-Trace-Id
X-PHP-Backend
Cache-Hits
Azure-SlotName
Azure-Version
Cache-Name
Azure-SiteName
Azure-RegionName
X-Cache-Operation
X-Skip-Cache
X-Site-Version
X-Reqid
CF-IPCountry
X-Ua
X-Ms-Request-Id
X-Ms-Version
X-Cms-Context
X-Cache-Action
X-Web-Node
X-Via-Fastly
X-Server-W
Azure-InstanceId
X-Tb
X-Sucuri-ID
X-Sucuri-Cache
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Proto
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
X-PHP-Host
TWC-Privacy
TWC-Device-Class
X-ProxyCache-Key
X-BYPASS-REASON
ServerID
Cache-Tv-Group
Property-Id
X-Zipkin-Id
X-Cache-Host
X-Cluster-Node
X-ProxyCache-Status
X-Origin-Date
TWC-Connection-Speed
X-IPLB-Instance
X-Origin-Hint
X-VWS-Id
X-LJ-Flow-ID
X-Proxied
X-Proxy-Cache-Status
X-UA-Device-Type
X-Section
X-Routing-Service
X-Format
X-Soup
Webcakes-Region
X-IPLB-Request-ID
X-AWS-Id
X-Labrador-Cache-Channel
X-Access
X-Extlb
DB-Nickname
X-Forwarded-Host
Cross-Origin-Window-Policy
X-No-Session
X-LAGOON
X-VC-Cache
X-JoinUs
X-Optimistic-Header
X-Say-TTL
X-SayCDN-TTL
X-Debug
Apigw-Requestid
X-Sql-Duration-Ms
Web-Mar-Node
X-Sql-Count
X-Cluster
X-SaId
X-Say-Cacheable
X-Urbn-Context-Path
X-Adobe-Source
X-Urbn-Site-Id
X-FB-TRIP-ID
X-Real-IP
X-Varnish-Beresp-Grace
X-R9-Blue-Green-Version
X-Handled-By
X-Detected-As
Mn-Server-Ip
Locale
ServedBy
X-LSADC-Cache
X-Cache-TTL-Remaining
X-Ruxit-Js-Agent
X-Director
X-Node-Name
X-Xfnlog-Site
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Fastcgi-Useragent
X-GeoCountry
Mime-Version
X-GeoCode
Frame-Options
Source
Upgrade-Insecure-Requests
X-Varnish-Hits
X-Webkit-CSP
X-Oneagent-Js-Injection
X-Tt-Logid
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-Uid
CDN-CachedAt
CDN-Cache
Load-Balancing
X-Api-Version
CDN-PullZone
X-Hl-Ver
X-Generated-By
X-Buckets
Xet-Cookie
X-SRV
Fastly-Drupal-HTML
X-Varnish-Cache-Hits
X-FireWall-Port
X-ServerID
X-Varnish-Hostname
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-GEO
X-Datadog-Parent-Id
X-Mg-Request-UUID
X-RM-Cache-TTL
X-Datadog-Trace-Id
X-Request-Time
X-Redis-Cache
X-Origin-TTL
X-Origin-CC
CF-Cached-On
X-TA-CDN-Provider
X-Cache-Debug
X-URL
X-Loop
X-Storage
X-TIME
X-Akamai-Transformed
X-Served-From
X-Shopify-Stage
X-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Pubstack
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Xserver
X-Provided-By
X-Restarts
X-Endurance-Cache-Level
X-CSRF-Token
X-Pass-Why
X-Newrelic-Synthetics
X-Request-Host
X-Tx-Id
X-Location
X-Service
X-Vdms-Path
X-A-Dgt
Thinkindot-CacheControl
X-Vdms-Version
X-A-Wwc
X-Developer
DCR-Decision-By
X-A-Dcw
X-A-Dam
X-A
X-TIM-N
TDXMobile
X-Ec-GeoHdr
X-A-Ccd
X-Ec-Fail
X-Destination
Thinkindot-CacheControl-Type
X-Bc-Bl
X-B-Cookie
Xc-Version
X-BCube-Filmed-By
X-Bip
X-Cache-Date
X-Cache-NE
X-Application
X-CMSURLCustom
X-Aed
X-D
Thinkindot-Control
DSUID
X-Conf
X-Core-Mission
Edge-Cache
X-Test
Redirect-Candidate
Origin
X-Origin-Time
X-Origin
A
BehaviorPad-Version
Odigeo-Trace-Id
X-Response-By
Meta-Geo-Continent
Ngx.Var.Host
NM-Fastcgi-Cache
X-Processor
X-Nyt-Route
HostName
Rendered-Blocks
X-Hash
DCR-Processing-Time-Ms
X-INCAP-ABP
WWW-Authenticate
X-Men
X-Mid
Server-Host
Release
X-Fetched-On
X-Mobile-URL
X-Thinkindot-L3
Sslversion
Host-ID
Lang
T-Server
Memcached
X-SRCache-Key
X-SVT-ORM-RULES
X-Thanos
X-Level-Front-Cache
X-External-Request-Id
X-SVT-ORM-VERSION
Candidate-Md5Url
MD5-Digest
X-Gdpr
X-S
X-Rojux
X-Generated-On
X-S-Cookie
Surrogated-Key
X-ScT
X-S-Maxage
Server-Info
Tube-Got-Results
Mail-Subject
Tube-Get-Contents
We-Hiring
Gh-Request-Id
Gannett-Cam-Experience-Id
Fastly-Backend-Name
Magicmarker
Tube-Return
X-Httpd
X-Req
X-Rocket-Build-Number
X-SD-PageType
X-Server-IP
X-Region-Sid
X-Platform-Router
X-Platform
X-Platform-Cluster
X-Platform-Processor
X-Sigma
X-Sigma-Backend
X-We-Are-Hiring
C-Via
X-Auto-Login
X-Scale
X-Varnishpool
X-Var-Ttl
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Org
X-Node-Id
X-Cdn-Origin
X-CUA
X-Date
X-Dispatcher-Number
X-CacheTTL
X-Cache-Info
X-Akamai-Device-Characteristics
X-Cache-Bucket
X-Cache-Id
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Gzip
X-HS-Content-Campaign-Id
X-Mvc-Supplant-Cachable
X-Geo-Header
X-Gamma-Serve
X-Esi-Check
X-Fastly-Backend
X-Fastly-Cache
X-Accel-Expires-Debug
Tube-Got-Eval
CloudFront-Viewer-Country
Cmsid
Cmstype
Click-Count-Action-Start
CacheControlHeader
AKAMAI
Cache-Host
Cache-Key
Country-Code
Click-Count-Error
X-Via-CDN
X-Vcl-Version
Environment
X-Varnish-Beresp-Ttl
X-VC
X-BBC-Edge-Cache-Status
X-Frame-Option
X-Cache-FS-Status
X-FL-QIT-DEBUG
X-FL-EDGE
X-Developers
X-Has-Esi
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GeoIP
X-GeoIP-City
Section-Origin-Responded
X-Fmm-Version
X-DefHash
X-Device-Os
X-DefElseHash
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Core-Value
X-Clara-WADP
X-Nginx-Cache-Key
Section-Io-Id
X-Forwarded-Site
X-FC-Vary-Parameters
X-Ckpd-Fst-Backend
X-Varnish-CookieINHashed-On
X-Instance-Name
X-JWT-State
X-Worker
X-SB
X-Pool
Locid
X-Planisys-CDN-TTL
On-Server
X-WADP-Cache
X-WA-Info
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-V-Cache
X-VServer
X-Vmg-Version
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-TNCMS
X-Loc
X-Azure-Ref-OriginShield
X-Is-Gdpr
X-Human
X-Irp-Debug
X-NodeID
Srvid
Origin-CC
X-Owner
Origin-EX
X-Origin-Response-Time
X-Origin-Expires
X-Cdn-Srv
X-Ec-Custom-Error
Platform
Req-Svc-Chain
State
Vix-Hermes-Req-Id
Canary
Machine
Datacenter
Expect-Staple
Fastly-GeoIP-CountryCode
Is-Eu
Web-Mar-Region
Adler-Geo
X-Ad-Defer-Variation
X-WP-CF-Super-Cache-Active
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-VG-TLSProxy
X-Minions-Version
Apple-News-Services-Host
X-Gen-Mode
X-From
NGX
X-Aicache-OS
X-Qloud-Router
AMP-Access-Control-Allow-Source-Origin
Ssr
Server-Ext
Wxu-Next-Commit
X-Old-Content-Length
User-Cache-Control
Sever-Int
Server-Hostname
Wxu-Next-Hostname
Wxu-Next-Region
PFcat
Kp-EeAlive
X-Block-Status
Producers
X-Mly-Id
X-NCache
X-Hnp-Log
X-VarnishDD-TTL
X-Cache-Tags
X-HN
X-Release
X-App
X-Op-Id-All
X-DPWN-IS-SECURE
Cache-Provider
X-Zone
X-Accel-Buffering
X-Wix-Viewer-Type
Apple-News-Services-Handled
X-CGP
X-RCS-CacheZone
X-Eu-Site
L5d-Success-Class
X-Mvc-Supplant-OutputCached
Ha-Gx-Prefs
X-Nananana
X-Ua-Device
HA-Ipaddr
X-Request-Start
CDCHOST
X-Csrf-Jwt
L
X-Varnish-Beresp-Status
X-Platform-Server
X-Parent-Response-Time
X-Webkit-CSP-Report-Only
X-Air-Pt
X-Dc
X-CACHE-AGE
X-Debug-Cache-Store
X-Up
X-Microcachable
X-Cache-Remote
X-Debug-Cache-Fetch
X-Lambda-Id
X-VCT
Fastly-SSL
X-Cache-Enabled
X-B3-SpanId
X-LB-NoCache
X-Via-Popn
X-Via-Poph
X-Tb-Optimization-Total-Bytes-Saved
Sid
X-Via-Popv
Pics-Label
X-B3-Spanid
X-Correlation-ID
X-Cs
X-Refresh
X-AIR-PT
X-Vtex-Remote-Cache
CPC-Cache
X-Upstream-Ct
CPC-Age
X-Upstream-Ht
X-Cache-Backend
X-Generated-In
VNS-Age
X-Render-Time
X-Cached-By
VNS-Cache
Srv
X-DC
X-Trace-ID
NtCoent-Length
Time
Cache
Decoy-Debug-TTL
X-HA-Backend
Decoy-Debug-Status
X-CCDN-Origin-Time
Decoy-Debug-Key
Memory
X-ND-Cache
X-CCDN-CacheTTL
X-Cache-Type
X-Hcs-Proxy-Type
Env
Cluster
X-TH-Server
X-LB-ID
GeoIP-Latitude
Fastly-Drupal-Html
X-NWS-UUID-VERIFY
X-Tid
X-Edge-Pop
X-ATG-Version
X-HS-Status
SID
X-Via-JSL
X-Servedbyhost
X-Esi
X-Presslabs-Stats
X-CACHE-KEY
Server-ID
X-Check-Cacheable
X-Varnish-Authentication
Uri
X-Wa
X-Contensis-Viewer-Groups
X-DataCenter
X-Cache-ASPX
X-Client-Ip
Svr
X-Nc
GeoIp-Country-Code
X-NewRelic-App-Data
X-Srv
X-MP-GENERATED-AT
Cdn
X-Datadome
X-CF-Lambda-Fn
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
Esi-Enabled
X-CF-Lambda-Version
X-Vgn-Hpd-Ssi
X-RateLimit-Limit-Second
X-ZONE
X-CLOUD-TRACE-CONTEXT
X-RateLimit-Remaining-Second
True-Client-IP
X-Amz-Meta-Cb-Modifiedtime
X-PAYTM-SRV-ID
YJS-ID
X-Proxy-CacheRZ
XkeyRZ
X-TX-ID
X-Fpc
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-CDN-Cache-Status
Lb
N-Cache
X-Udemy-Cache-App-Namespace
X-Vc
RNT-Time
RNT-Machine
M-TraceId
X-Nf-Request-Id
X-Tenant
X-Orig-Expires
Resin-Trace
X-Shop-Environment
X-Forwarded-Path
X-Varnish-Beresp-TTL
Hostname
X-CS
X-NGINX-Cache
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
Cdncip
X-FPC
X-Fastly-Country-Code
XServer
Cdnsip
X-AK-Request-ID
True-Client-Ip
X-Bl-Debug
X-EC-Lua
X-CSRF-TOKEN
X-Via-NSCOPI
X-API-Version
X-App-Name
X-B3-Trace-ID
OT-Force-Account-Verify
X-MSEdge-Flight
X-Policy
X-MSEdge-Features
X-Service-Response-Time
Sm-Log-Id
X-Logging-Id
Eomportal-Instance
CDN
X-Container-Uri
GeoIP-Country-Code
X-Cache-Ttl
X-Git-Commit
X-WA
X-Datacenter
Server-Id
Path
Hit
Ngx-Var-Key
X-APP-VERSION
X-Cdn-Diag
Tcn
X-Accel-Version
X-NC
X-Micro-Cache
X-Geo
X-ServedByHost
X-VCL-Version
X-SIPLIST1
X-MCACHE
IsBot
X-Cache-NGX
X-Lb-Id
X-Edge-POP
X-TimeS
X-RateLimit-Reset
X-HostName
HIT
X-Vcache
X-Request-URI
X-Ha-Backend
LB
X-Akamai-Pragma-Client-IP
X-Cdn-Forward
X-Info
RATING
X-Cdn-Cache-Status
X-SERVER-NAME
V-Age
Pramga
X-VG-WebCache
X-Tncms
ENV
Geoip-Latitude
X-TT-LOGID
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
CDN-RequestPullCode
X-Snapshot-Date
X-Clientip
Cross-Origin-Opener-Policy-Report-Only
X-Srcache-Store-Status
X-Srcache-Fetch-Status
XM
X-Acquia-Purge-Cdn-Unconfigured
Location
Timeexpire
CDN-RequestPullSuccess
FSS-Cache
X-Via-PopV
Yjs-Id
Req-ID
X-Lb-Nocache
X-Ctl-Mach
X-Via-PopN
Epwk-X-Cache
Ohc-File-Size
X-Pod-Name
Cdn-Requestid
X-Serial
X-Via-PopH
True-Client-Country-4JS
X-Iauth-Set-Uid
X-LiteSpeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Amz-Meta-Opti
X-Hyper-Cache
X-Dw-Trace-Id
W
X-M-Reqid
X-LiteSpeed-Tag
X-M-Log
Warning
X-Cache-Expires
X-Cdn-Request-ID
X-UP
X-Fastly-Backend-Reqs
WZWS-RAY
X-Litespeed-Cache-Control
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Proxy-Connection
Cneonction
X-User
X-PERF
X-ApacheServer
X-Vgn-Hpd-Reason
X-Viewer-Country
Content-Style-Type
Content-Script-Type
Ec-Rule-Version
X-Qnm-Cache
Servername
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Site
X-RAMCache
X-Lsadc-Cache
CountryCode
X-MiniProfiler-Ids
PICS-Label
X-Akamai-ERRuleID
X-Swift-Error
X-Akamai-ERPolicy
X-WP-CF-Super-Cache-Cookies-Bypass
X-Webstats-RespID
My-App
X-B3-Parentspanid
Ngx
X-Th-Server
MIME-Version
X-Fastly-Cache-Hits
X-B3-ParentSpanId
X-Mg-Cache
X-IPS-Cached-Response
Ohc-Cache-HIT