Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
CF-Ray
X-Cacheable
X-Iinfo
Timing-Allow-Origin
X-Request-ID
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
P3p
Access-Control-Max-Age
X-Via
X-Cache-Group
X-Robots-Tag
Server-Timing
X-UA-Device
Request-Context
X-Dns-Prefetch-Control
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Ws-Request-Id
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Akamai-Path-Stats
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Nginx-Cache-Status
X-Aws-Lambda-Call-Status
Accept-CH
X-Host
X-Node
X-Pingback
X-OneAgent-JS-Injection
Cf-Railgun
X-Server-Id
X-Cache-Spec
Surrogate-Control
Request-Id
EagleEye-TraceId
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
X-Url
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Edge
X-Nginx-Upstream-Cache-Status
X-Rack-Cache
X-Amz-Server-Side-Encryption
Edge-Control
X-B3-TraceId
X-PC
X-Vname
X-TtlSet
X-Ruxit-JS-Agent
X-Content-Type
X-Mod-Pagespeed
X-ESI
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-Kinja
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-D2id
X-Exp-Id
X-Cdn-Fetch
Xkey
X-GitHub-Request-Id
Verso
X-CST
X-Amz-Rid
X-Mcache
Cache-Tag
X-Powered-By-Plesk
X-VARITI-CCR
RTSS
X-Varnish-TTL
X-Ruxit-Js-Agent
Service-Worker-Allowed
X-ECACHE
X-Upstream
X-Navigation-Version
X-FastCGI-Cache
X-Version
X-Abt-Application-Version
X-Cached
X-Client-IP
X-Cnection
X-Ac
X-Dw-Request-Base-Id
X-Ttl
X-Px
X-Element-Page-Cache
X-Server-Name
X-SharePointHealthScore
X-Kraken-Loop-Name
SPRequestGuid
X-Server-Lifecycle-Phase
X-Instrumentation
Arr-Disable-Session-Affinity
Public-Key-Pins
SPIisLatency
SPRequestDuration
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Country-Code
X-NWS-LOG-UUID
Permissions-Policy
X-Cache-TTL
X-Ser
X-Middleton-Response
Response
X-Midtier
X-Cache-Key
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-Forwarded-For
X-SRCache-Store-Status
Content-MD5
X-SRCache-Fetch-Status
X-RateLimit-Remaining
Accept-Ch
Access-Control-Request-Method
X-NF-Request-ID
X-Correlation-Id
Front-End-Https
X-Shield-Request-Id
Cf-Apo-Via
X-DataDome
X-MSEdge-Ref
X-T
X-Recruiting
X-Jurisdiction
TP-L2-Cache
X-HP-Trace-Id
X-HP-Webp
TP-Cache
AR-PoweredBy
X-Accel-Expires
AR-CACHE
Edge-Cache-Tag
AR-ATIME
AR-Request-ID
AR-SID
Nginx-Cache
MicrosoftSharePointTeamServices
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Daa-Tunnel
X-Powered-CMS
TCN
X-Grace
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Mg-S
X-RateLimit-Limit
X-Content-Digest
X-Id
X-Hits
X-Request-Received
X-Request-Processing-Time
X-TEC-API-ROOT
X-TEC-API-VERSION
Server-Node
X-TEC-API-ORIGIN
X-HS-Hub-Id
X-HS-Cache-Config
Server-Name
X-HS-Combine-CSS
X-HS-Content-Id
Filters
X-Amzn-Trace-Id
X-XRDS-Location
X-Frontend
X-Geo-Country
MS-Author-Via
X-Distributor
S
Fastcgi-Cache
X-Protected-By
X-Language
X-Fastcgi-Cache
X-LLID
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Cache-Status
X-Origin-Server
X-LB-Cache
X-PressLabs-Stats
Count-Hit
X-Ezoic-Cdn
Cross-Origin-Opener-Policy
X-Forwarded-Proto
Filterid
X-Fastly-Request-Id
X-F-Cache
X-Seen-By
X-Request-Handler-Origin-Region
X-Page-Id
X-Microsite
X-Ua-Browser
Host
X-B3-Sampled
X-FB-Debug
X-Litespeed-Cache
X-Ab
Charset
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
Payment
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Cluster-Name
X-VCache
Surrogate-Key
X-Cache-Age
Realpath
X-Rid
Accept-Charset
X-Template
X-Origin-Cache
Cache-Tags
X-Webkit-Csp
X-NGENIX-Cache
Alternate-Protocol
Access-Control-Allow-Method
X-Www-Served-By
Retry-After
X-Logged-In
X-TTL
X-Upgrade-Enabled
Cleartype
X-AppVersion
X-Activity-Id
X-Az
X-DIS-Request-ID
X-Varnish-Backend
X-Signature
X-Tb
X-TT
X-Wix-Request-Id
X-Varnish-Grace
X-App-Environment
X-Aspnet-Duration-Ms
X-Amz-Replication-Status
X-DynaTrace
X-Source
X-Route-Name
X-B-Cache
X-Request-Guid
X-Flags
X-Is-Crawler
X-Providence-Cookie
ServerID
X-Type
X-B
X-Envoy-Decorator-Operation
DC
X-Fastly-Request-ID
X-Node-Name
Paypal-Debug-Id
X-Hostname
X-Drupal-Cache-Tags
Frame-Options
X-Revision
X-Debug
X-Proxy
X-Tt-Trace-Host
X-Contextid
X-Tt-Trace-Tag
X-Mobile
Pinterest-Generated-By
X-Content-Options
Pinterest-Version
X-Pinterest-Rid
X-Cache-Rule
X-Kong-Proxy-Latency
X-Ratelimit-Remaining
X-Goog-Stored-Content-Encoding
X-Kong-Upstream-Latency
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Amp-Access-Control-Allow-Source-Origin
X-Goog-Metageneration
X-Load-Cache
X-Goog-Generation
X-GUploader-UploadID
X-Cache-Control
Country
Refresh
X-N
X-Magnolia-Registration
Node
X-User-Agent
X-Oracle-Dms-Ecid
NGB
X-Original-Request-Id
X-Content
X-Response-Served-From
X-Oracle-Dms-Rid
Viewport
X-Whom
Referer-Policy
X-EdgeConnect-Cache-Status
X-L-Path
Access-Control-Request-Headers
X-Varnish-Age
X-Cacheable-TTL
X-Cache-TTL-Remaining
X-Framework
X-Environment-Context
X-Debug-IsPreview
X-Debug-IsConnected
X-Content-Powered-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Page-View
X-Rendered-As
X-Real-IP
X-Servername
X-Unique-Id
X-NYM-Debug-Backend
X-Jobs
X-Adobe-Content
VIX-Pulpo-Upstream-Status
X-Mid
X-Adobe-Loc
X-Akamai-Request-ID2
X-Cache-Time
X-Cache-Grace
Url
VIX-Pulpo-Node
X-Is-Bot
Uber-Trace-Id
X-Instance
X-G
X-Status
X-Varnish-Server
Content-Disposition
Akamai-GRN
X-RemovedCookies
Srv
X-ProcessESI
Countrycode
X-Time
X-COUNTRY
X-Drupal-Cache-Contexts
X-Mg-Request-UUID
Version
X-Ratelimit-Limit
X-CDN-Forward
X-Server-ID
X-Restarts
X-XRDS-LOCATION
X-Via-JSL
Accept-Language
X-Cache-Expired-At
X-Http-Reason
X-App-Server
X-APP-VERSION
X-Cache-Hit
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Protected
X-Tumblr-User
X-Tumblr-Pixel
Cross-Origin-Resource-Policy
X-IPLB-Instance
X-Trace-Id
Healthy
X-IPLB-Request-ID
X-Cache-Operation
X-Hosted-By
X-Debug-Info
X-Azure-Ref
X-Backend-Name
Content-Secure-Policy
X-Nginx-Cache-Key
Section-Io-Cache
X-Tt-Logid
X-Device-Type
X-Akamai-Edgescape
X-Api-Version
Liferay-Portal
Backend
X-FW-Type
X-SRV
X-FW-Dynamic
X-FW-Server
X-FW-Serve
X-FW-Hash
Server-Info
X-FW-Static
X-Cache-Action
X-RTag
MS-CV
X-Rule
Fastcgi-Useragent
Ms-Operation-Id
X-Proxy-Cache-Status
GEO-INFO
X-Mobile-URL
X-Storage
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
X-VC-Cache
Load-Balancing
X-Generation-Time
X-Mode
CF-IPCountry
X-Varnish-Beresp-Grace
X-Handled-By
X-Content-Age
X-Cache-NGX
CDN-CachedAt
Onion-Location
S-Rt
Property-Id
CDN-Cache
X-JoinUs
Azure-SlotName
Azure-Version
CDN-EdgeStorageId
CDN-PullZone
Locale
X-ShopId
TWC-GeoIP-Country
TWC-Connection-Speed
CDN-Uid
TWC-Device-Class
CDN-RequestCountryCode
CDN-RequestId
TWC-Locale-Group
X-Varnish-Hostname
X-Skip-Cache
Azure-SiteName
X-Adobe-Source
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
Webcakes-Region
X-Edge-Location
X-PHP-Host
X-Sql-Count
X-Sorting-Hat-ShopId
X-AWS-Id
X-ShardId
X-Cms-Context
X-SaId
X-Say-Cacheable
X-Site-Version
X-Cache-Host
X-Region
X-Proto
X-Cache-Enabled
X-Redis-Cache
X-Sql-Duration-Ms
X-Format
X-PCL
X-VWS-Id
X-PHP-Backend
X-Varnishpool
X-Origin-Hint
X-OCL
X-LJ-Flow-ID
X-Locale
TWC-Privacy
X-No-Session
Web-Mar-Node
Webcakes-App-Name
X-Uri
X-Urbn-Site-Id
X-Urbn-Context-Path
Webcakes-App-Version
X-Forwarded-Host
X-Varnish-Cache-Hits
X-Say-TTL
X-Shopify-Stage
X-SayCDN-TTL
X-Labrador-Cache-Channel
TWC-GeoIP-LatLong
X-HTML-Minification-Powered-By
X-URL
Azure-RegionName
Azure-InstanceId
X-Proxied
X-Proxy-Build
X-ProxyCache-Status
X-Request-Time
X-Hl-Ver
X-ProxyCache-Key
X-FB-TRIP-ID
X-Cache-Type
X-BYPASS-REASON
X-Detected-As
X-Extlb
X-GeoCode
X-Routing-Service
X-GeoCountry
X-Datadome
X-Zipkin-Id
X-Xfnlog-Site
X-Access
X-Section
X-R9-Blue-Green-Version
X-Cache-Server
X-Web-Node
X-Via-Fastly
X-UUID
X-ServerID
X-Storefront-Renderer-Rendered
X-Timing-Wait
X-UA-Device-Type
X-Server-W
X-Generated-By
Mn-Server-Ip
Selected-Fe
Apigw-Requestid
DB-Nickname
Eomportal-Instance
X-Tid
X-Cache-Status-Check
X-FireWall-Port
X-Ms-Version
X-Ms-Request-Id
Cache-Name
X-Origin-Date
Xserver
X-Nginx-Cache
WP-Super-Cache
X-Amz-Apigw-Id
X-DynaTrace-JS-Agent
X-WP-CF-Super-Cache
X-ECache
X-Amzn-RequestId
X-WP-CF-Super-Cache-Cache-Control
ServedBy
X-Varnish-Ttl
X-Zen-Fury
X-LSADC-Cache
X-Human
X-TNCMS
X-Ua
X-Loop
X-Pubstack
X-App-Version
X-Correlation-ID
X-Aspnetmvc-Version
Xet-Cookie
X-Cache-Tags
Source
X-Amzn-Remapped-Content-Length
X-Debug-Cache
Cache
X-Reqid
X-RCS-CacheZone
X-Cdn
X-Dc
X-Varnish-Hits
X-GEO
X-Soup
X-Cached-By
X-Webkit-CSP
X-Newrelic-Synthetics
X-MP-GENERATED-AT
X-TA-CDN-Provider
Origin
Cross-Origin-Window-Policy
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-2
X-Provided-By
X-Origin-TTL
X-Origin-CC
SD-X-WS
From-Origin
WPO-Cache-Status
X-Service
WPO-Cache-Message
X-Varnish-Beresp-Ttl
LB
X-IPS-LoggedIn
Webserver
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-AOL-HN
Rip
X-Trace-ID
X-Request-Host
X-Via-NSCOPI
X-B3-Traceid
X-FW-Version
X-B3-SpanId
X-Aed
X-Cluster-Node
VNS-Age
X-Vdms-Version
X-AK-Request-ID
X-Application
X-Orig-Expires
X-NAPM-TraceId
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-GG-Cache-Date
X-PBS-Appsvrname
A
X-TIM-N
Rendered-Blocks
X-Tenant
Host-ID
X-ARC
Environment
X-Vdms-Path
Sslversion
Expiry
DCR-Decision-By
X-External-Request-Id
X-Forwarded-Path
X-Cache-NE
DCR-Processing-Time-Ms
X-BCube-Filmed-By
CPC-Cache
X-User
X-B-Cookie
CPC-Age
X-Ec-Fail
T-Server
X-Bc-Bl
X-Ec-GeoHdr
Surrogated-Key
X-A-Dam
X-Owner
X-Shop-Environment
X-D
Cdncip
X-A
BehaviorPad-Version
Cdnsip
X-Processor
X-A-Ccd
MD5-Digest
X-ScT
X-Platform-Server
Meta-Geo-Continent
X-Connection-Hash
X-Rewrite-Enabled
X-Served-From
X-VG-WebCache
VNS-Cache
X-S-Cookie
X-Rojux
Ngx.Var.Host
Xc-Version
X-S
Odigeo-Trace-Id
X-Destination
Lang
X-Developer
X-SRCache-Key
X-TIME
X-NewRelic-App-Data
OT-Force-Account-Verify
HostName
X-CSRF-Token
X-Bip
X-Accel-Buffering
X-Generated-On
X-Cache-Debug
Mime-Version
X-Qloud-Router
X-Parent-Response-Time
Redirect-Candidate
Machine
X-Thanos
X-VC
X-Aicache-OS
X-Pool
X-Varnish-Beresp-Status
X-Dispatcher-Number
X-Level-Front-Cache
Upgrade-Insecure-Requests
X-Cdn-Origin
X-CGP
X-Cluster
X-CMSURLCustom
X-Clientip
X-Ckpd-Fst-Backend
X-Core-Mission
X-Clara-WADP
X-Ad-Defer-Variation
Tube-Return
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
Wxu-Next-Region
Wxu-Next-Hostname
We-Hiring
Vix-Hermes-Req-Id
V-Age
Wxu-Next-Commit
Traceparent
Thinkindot-Control
X-Branch-Name
X-Cache-Bucket
X-Cache-Id
X-Cache-Info
State
X-BBC-Edge-Cache-Status
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Auto-Login
TDXMobile
X-CacheTTL
X-Origin
X-Request-URI
X-Region-Sid
X-RateLimit-Remaining-Second
X-WADP-Cache
X-Rocket-Build-Number
X-S-Maxage
X-VServer
X-Rocket-Nginx-Serving-Static
X-RateLimit-Limit-Second
X-Proxy-Cache-Info
Servername
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Policy
X-Wix-Viewer-Type
X-Worker
X-SB
X-Viewer-Country
X-V-Cache
X-Thinkindot-L3
X-VG-TLSProxy
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sigma-Backend
X-Sigma
X-Scale
X-SIPLIST1
X-Slack-Backend
X-SplitTest
X-Sn-Servicetimems
X-Origin-Time
X-Origin-Response-Time
X-Eu-Site
X-Esi-Check
X-Epic-Correlation-Id
X-Fetched-On
X-Fmm-Version
X-Gamma-Serve
X-Forwarded-Site
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Datadog-Trace-Id
X-DefElseHash
X-Device-Os
X-DefHash
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Mvc-Supplant-Cachable
X-Minions-Version
X-Loc
X-Mvc-Supplant-OutputCached
X-NodeID
X-Optimistic-Header
X-Nyt-Route
X-Irp-Debug
X-INCAP-ABP
X-Gdpr
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-GeoIP
X-GeoIP-City
X-Hash
X-Gzip
X-Core-Value
Web-Mar-Region
Fastly-SIE
Fastly-SSL
Fastly-GeoIP-CountryCode
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-SWR
Gh-Request-Id
IsBot
Kp-EeAlive
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
Datacenter
Country-Code
Apple-News-Services-Request-Url
Cache-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Adler-Geo
Apple-News-Services-Handled
Canary
Candidate-Md5Url
Cmsid
Cmstype
Cluster
Click-Count-Error
Click-Count-Action-Start
L
DSUID
Origin-CC
NM-Fastcgi-Cache
Origin-EX
Req-Svc-Chain
L5d-Success-Class
Platform
Producers
Release
Server-Host
NGX
Mobile-Detection-Method
Mail-Subject
Memcached
Cache-Hits
X-WP-CF-Super-Cache-Active
X-Tx-Id
X-WA-Info
CloudFront-Viewer-Country
X-NCache
CDCHOST
Svr
Server-Hostname
Server-Ext
X-Scheme
Sever-Int
X-Sucuri-ID
Fastly-Backend-Name
User-Cache-Control
X-Block-Status
X-Developers
X-Sucuri-Cache
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-Geo-Header
X-JWT-State
X-Cdn-Srv
X-Has-Esi
X-Hnp-Log
X-Gen-Mode
Cache-Tv-Group
Ec-Rule-Version
X-Newrelic-App-Data
X-ZONE
X-Cache-Remote
X-ND-Cache
X-Fastly-Backend
X-Presslabs-Stats
X-FC-Vary-Parameters
X-ATG-Version
X-LB-NoCache
AKAMAI
X-Var-Ttl
Fastly-Drupal-HTML
X-Azure-Ref-OriginShield
WebServer
Fastcgi-Cache-TTL
X-Rebelmouse-Cache-Control
X-Session-Fingerprint
X-Origin-Expires
Pics-Label
X-Fastly-Cache
X-Rebelmouse-Surrogate-Control
Ssr
X-Nf-Request-Id
X-Udemy-Cache-App-Namespace
X-Tb-Optimization-Total-Bytes-Saved
SID
Memory
X-Pod-Name
Time
Sid
X-Via-Poph
X-Generated-In
X-Via-Popv
X-Via-Popn
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
X-Servedbyhost
Env
Server-ID
X-DC
X-Cache-Date
X-Up
X-Refresh
X-Pass-Why
X-Ig-Push-State
X-Release
X-NWS-UUID-VERIFY
X-Buckets
X-Cs
X-NC
My-App
X-Fpc
X-Dispatch
X-Wa
X-Edge-Pop
X-MSEdge-Features
X-Conf
X-MSEdge-Flight
X-Tumblr-Pixel-3
X-Esi
X-Microcachable
X-Lambda-Id
X-PX
X-EC-Lua
X-Endurance-Cache-Level
X-ID
X-Dmc
X-MCACHE
X-CS
CDN
X-Xrds-Location
Fastly-Drupal-Html
GeoIp-Country-Code
X-Req
X-VCL-Version
X-CACHE-AGE
X-Zone
True-Client-IP
X-TX-ID
Magicmarker
X-Webkit-CSP-Report-Only
X-Be
X-RateLimit-Reset
X-NGINX-Cache
X-Wikidot-Backend
X-LB-ID
X-Wikidot-Static-Cache
X-CACHE-KEY
X-Vc
X-TH-Server
True-Client-Country-4JS
Hostname
CacheControlHeader
X-CSRF-TOKEN
X-TRACE-ID
X-B3-Spanid
X-HS-Status
X-Op-Id-All
X-Hyper-Cache
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Air-Pt
True-Client-Ip
X-Micro-Cache
X-M-Reqid
X-M-Log
Resin-Trace
Request-ID
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Srv
X-Vcl-Version
Pramga
X-Alfa-Service
GeoIP-Country-Code
Path
X-App
Tcn
X-Qnm-Cache
X-Yandex-Sdch-Disable
X-GeoIP-Region-Code
Tracecode
X-GeoIP-Country-Code
C-Via
X-Varnish-Beresp-TTL
X-Cache-Ttl
X-SERVER-NAME
Section-Io-Origin-Status
Section-Origin-Responded
X-Vercel-Cache
X-TrackingId
N-Cache
WWW-Authenticate
X-Akamai-Pragma-Client-IP
X-Vercel-Id
X-Accel-Expires-Debug
Section-Io-Id
X-Date
Section-Io-Origin-Time-Seconds
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
NtCoent-Length
X-RAMCache
On-Server
X-FPC
X-Datacenter
Hit
Fastcgi-X-Cache-Version
Proxy-Connection
X-Platform
X-PAYTM-SRV-ID
X-Edge-POP
Esi-Enabled
X-Webkit-Csp-Report-Only
YJS-ID
X-Geo
X-Old-Content-Length
X-Via-CDN
FSS-Cache
X-WA
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Mly-Id
X-LiteSpeed-Cache-Control
X-Edge-Origin-Shield-Region
Yjs-Id
X-Edge-Origin-Shield-Bytes
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Response-By
X-ServedByHost
ENV
X-Node-Id
X-Lb-Id
User-Agent
Server-Id
GeoIP-Latitude
X-API-Version
Powered-By
Lb
X-Cdn-Forward
X-UA
X-Dw-Trace-Id
X-Via-PopH
X-LAGOON
HIT
X-Via-PopN
X-Via-PopV
X-Request-Start
X-Client-Ip
X-SD-PageType
X-AIR-PT
X-LI-UUID
X-FORWARDED-FOR
Cache-Key
Cdn
Geoip-Latitude
X-Webstats-RespID
Locid
X-LI-Proto
X-Render-Time
Srvid
X-Location
X-FL-EDGE
X-Traceid
X-From
X-TT-LOGID
X-CUA
X-Instance-Name
X-Li-Fabric
X-Li-Pop
X-Akamai-ERRuleID
Dnion-Transfer-Encoding
X-Akamai-ERPolicy
X-Via-Ucdn
X-Service-Response-Time
X-ApacheServer
X-PERF
Sm-Log-Id
Location
PICS-Label
XServer
X-Request-Url
X-Proxy-Upstream
X-CF-Powered-By
Server-Ttl
DynaTrace
X-Cache-ASPX
X-Director
X-Varnish-Authentication
X-Contensis-Viewer-Groups
Ohc-File-Size
Nginx-CQVIP
X-DW
X-DSS
X-DI
X-RPM
X-RPS
X-RSL
X-LiteSpeed-Tag
X-DB
X-Wp-Cf-Super-Cache-Cache-Control
XkeyRZ
X-Proxy-CacheRZ
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache
X-B3-ParentSpanId
X-VarnishDD-TTL
X-HN
Wpo-Cache-Status
X-Lb-Nocache
XM
X-Proxy-Cache-Hk
PFcat
X-HostName
X-Fastly-Cache-Hits
Wpo-Cache-Message
X-Fastly-Backend-Reqs
X-Cdn-Request-ID
X-Server-IP
Vha6-Origin
X-DataCenter
X-Cache-Ngx
Warning
Wp-Super-Cache
X-Ips-Loggedin
CountryCode
DT-Hot-News
CF-Cached-On
X-HA-Backend
X-IN-APIGATEWAYSSL
X-Test
X-IN-APIGATEWAY
X-Yottaa-OS
Uri
Swift-Performance
X-Mg-Cache
Req-ID
Fastcgi-Cache-Ttl
X-Moov-Xdn-Version
WZWS-RAY
SRV
X-Moov-T
X-ElasticPress-Query