Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Request-ID
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Request-Id
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Status
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
X-Ua-Compatible
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
Grace
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-OneAgent-JS-Injection
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Apo-Via
X-Page-Speed
X-Device
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
X-Dns-Prefetch-Control
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Cache-Lookup
X-Readtime
X-HW
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
Accept-Ch-Lifetime
Permissions-Policy
X-CST
X-Mod-Pagespeed
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
Accept-CH-Lifetime
X-Edge
X-WebKit-CSP-Report-Only
Content-Location
X-Country
X-Content-Type
X-Mcache
X-ECACHE
Rating
X-Clacks-Overhead
X-MS-InvokeApp
X-Url
X-TtlSet
X-Vname
X-PC
X-Amz-Server-Side-Encryption
X-Midtier
RTSS
X-VARITI-CCR
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-Varnish-TTL
X-D2id
Verso
X-Element-Page-Cache
X-Ac
Origin-Trial
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Server-Name
X-Rack-Cache
X-Cnection
X-Cache-TTL
X-Powered-By-Plesk
X-ESI
Service-Worker-Allowed
X-GitHub-Request-Id
Xkey
X-Navigation-Version
X-Client-IP
X-Abt-Application-Version
X-NWS-LOG-UUID
X-Ttl
SPRequestGuid
X-Amz-Rid
X-SharePointHealthScore
Edge-Control
X-Cached
X-Fastcgi-Cache
X-Px
X-Mg-S
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Browser-Type
X-Server-Lifecycle-Phase
Arr-Disable-Session-Affinity
X-Instrumentation
X-Litespeed-Cache
X-Upstream
SPRequestDuration
SPIisLatency
X-Correlation-Id
Pagespeed
X-Cache-Key
X-Middleton-Display
X-Sol
Display
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-Goog-Hash
X-XRDS-Location
X-Daa-Tunnel
Front-End-Https
X-Country-Code
Public-Key-Pins
X-Version
X-Forwarded-For
AR-ATIME
X-Powered-CMS
AR-PoweredBy
AR-CACHE
AR-Request-ID
AR-SID
X-Id
TCN
X-MSEdge-Ref
X-Jurisdiction
X-HP-Webp
X-Recruiting
X-HP-Trace-Id
X-RateLimit-Remaining
X-T
X-Content-Digest
X-Accel-Expires
X-Middleton-Response
Response
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Shield-Request-Id
TP-L2-Cache
X-Ser
TP-Cache
X-Amzn-Trace-Id
Nginx-Cache
X-Fastly-Request-ID
S
X-Hits
X-Ruxit-Js-Agent
X-Request-Received
X-Request-Processing-Time
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
Cache-Status
Server-Node
X-Distributor
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ratelimit-Limit
Cache-Tags
MicrosoftSharePointTeamServices
X-Grace
Fastcgi-Cache
Alternate-Protocol
Server-Name
X-Protected-By
X-DataDome
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Ezoic-Cdn
X-DIS-Request-ID
X-Ratelimit-Remaining
X-Origin-Server
X-Ratelimit-Reset
X-Geo-Country
X-LB-Cache
X-Ua-Browser
X-Microsite
X-Frontend
X-Request-Handler-Origin-Region
X-Debug-Info
X-Rid
X-Varnish-Backend
Cross-Origin-Opener-Policy
X-Logged-In
X-Git-Hash
Filterid
X-Www-Served-By
X-Forwarded-Proto
Cleartype
Healthy
Payment
X-NGENIX-Cache
X-FB-Debug
X-Page-Id
X-TTL
X-Load-Cache
Charset
X-B3-Sampled
Content-Disposition
X-PressLabs-Stats
X-Webkit-Csp
X-VCache
X-ASPNET-VERSION
X-Origin-Cache
X-LLID
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cluster-Name
DC
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Oneagent-Js-Injection
MS-Author-Via
X-Hostname
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
Accept-Charset
Retry-After
Access-Control-Allow-Method
X-Activity-Id
X-AppVersion
X-Az
X-Proxy
X-F-Cache
Cross-Origin-Resource-Policy
X-Type
X-Signature
X-Contextid
X-B-Cache
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Amz-Meta-S3cmd-Attrs
X-Hosted-By
X-Aspnet-Duration-Ms
X-Revision
X-Flags
X-Varnish-Server
X-Amz-Replication-Status
Accept-Ch
Paypal-Debug-Id
X-Is-Crawler
X-B
X-TT
X-Azure-Ref
Viewport
X-Wix-Request-Id
X-Seen-By
X-Whom
X-Fb-Rlafr
Surrogate-Key
X-App-Environment
Amp-Access-Control-Allow-Source-Origin
Referer-Policy
Realpath
X-FastCGI-Cache
X-Source
X-DynaTrace
Count-Hit
X-Aspnetmvc-Version
X-Tt-Trace-Tag
X-Akamai-Edgescape
X-Tt-Trace-Host
X-App-Server
X-Mobile
X-RateLimit-Limit
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cache-Control
Host
X-EdgeConnect-Cache-Status
X-HTML-Minification-Powered-By
X-N
X-Original-Request-Id
Version
X-Varnish-Grace
X-Response-Served-From
X-Cache-Rule
X-UUID
X-Magnolia-Registration
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
VIX-Pulpo-Upstream-Status
SD-X-WS
VIX-Pulpo-Node
Ms-Operation-Id
MS-CV
Refresh
X-Cache-Time
X-Envoy-Decorator-Operation
X-RTag
Access-Control-Request-Headers
Section-Io-Cache
X-Varnish-Age
X-Tumblr-Pixel-0
X-Rule
Akamai-GRN
X-Page-View
X-FW-Type
X-Status
X-Adobe-Content
X-FW-Static
X-Cache-Expired-At
X-FW-Server
X-Cache-Grace
X-Content-Powered-By
X-FW-Serve
X-L-Path
Protected
X-FW-Hash
X-Environment-Context
X-FW-Version
X-FW-Dynamic
X-Adobe-Loc
X-Is-Bot
X-G
X-NYM-Debug-Backend
X-Http-Reason
X-Instance
NGB
GEO-INFO
X-Cache-Status-Check
X-Rendered-As
X-Device-Type
X-Servername
X-Jobs
X-Cache-Age
X-Cacheable-TTL
X-Framework
X-Backend-Name
Url
X-User-Agent
X-Akamai-Request-ID2
X-Debug-IsPreview
X-Debug-IsConnected
X-Template
X-ProcessESI
X-RemovedCookies
X-Nginx-Cache
X-Language
X-B3-Traceid
X-CDN-Forward
X-Newrelic-App-Data
SRV
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Yottaa-Optimizations
X-Yottaa-Metrics
CDN-RequestId
From-Origin
WPO-Cache-Status
X-Tb
WPO-Cache-Message
X-Cache-Hit
X-Trace-Id
X-Region
Pinterest-Version
Country
Pinterest-Generated-By
X-Pinterest-Rid
Accept-Language
X-Tt-Logid
Front
X-Node-Name
X-URL
X-Real-IP
X-Amz-Apigw-Id
X-Amzn-RequestId
Fastly-Drupal-HTML
X-VC-Cache
Backend
Uber-Trace-Id
X-Content-Options
X-Mode
Content-Secure-Policy
Fastly-SIE
Fastly-SWR
X-Cache-Operation
X-DynaTrace-JS-Agent
X-Unique-Id
Filters
X-Time
X-COUNTRY
X-RN-RSRV
Meta-Geo
X-Generation-Time
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Zen-Fury
X-Web-Node
Webserver
X-IPS-LoggedIn
CF-IPCountry
X-Amzn-Remapped-Content-Length
X-Cache-TTL-Remaining
X-Format
X-Proxy-Cache-Info
X-Access
X-Section
Azure-SiteName
Azure-SlotName
Azure-Version
Onion-Location
Azure-InstanceId
Azure-RegionName
X-Ua
X-Rocket-Nginx-Serving-Static
X-Cache-Action
X-Cache-Host
X-Debug
X-Cms-Context
X-Adobe-Source
X-SayCDN-TTL
X-Sucuri-Cache
X-Sql-Duration-Ms
X-SRV
Apigw-Requestid
X-Sucuri-ID
X-Sql-Count
X-Say-TTL
X-Cache-Server
X-Say-Cacheable
X-Reqid
X-Proxy-Cache-Status
TWC-GeoIP-Country
Property-Id
TWC-Device-Class
TWC-Connection-Speed
ServerID
S-Rt
X-ProxyCache-Key
Cross-Origin-Window-Policy
X-R9-Blue-Green-Version
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-Uid
TWC-Locale-Group
X-ProxyCache-Status
X-Proto
X-PHP-Host
X-IPLB-Request-ID
X-Content-Age
X-Labrador-Cache-Channel
X-Edge-Location
X-Forwarded-Host
X-GeoCode
X-Origin-Hint
X-IPLB-Instance
X-Cluster
CDN-CachedAt
X-AWS-Id
X-PHP-Backend
X-GeoCountry
X-BYPASS-REASON
X-Ms-Version
X-LJ-Flow-ID
X-Ms-Request-Id
Web-Mar-Node
TWC-GeoIP-LatLong
X-Server-W
Webcakes-App-Name
CDN-Cache
X-UA-Device-Type
X-Tumblr-Pixel-2
Webcakes-App-Version
Node
X-VWS-Id
X-Locale
X-TIME
X-Varnish-Beresp-Grace
X-Soup
TWC-Privacy
Webcakes-Region
X-Extlb
X-Urbn-Context-Path
X-Detected-As
X-LSADC-Cache
X-Skip-Cache
X-Proxied
X-Routing-Service
X-Site-Version
X-SaId
X-JoinUs
X-LAGOON
X-Cluster-Node
X-Urbn-Site-Id
X-Handled-By
X-Xfnlog-Site
X-Zipkin-Id
Locale
Cache-Name
X-No-Session
WP-Super-Cache
X-WP-CF-Super-Cache
Mime-Version
X-Proxy-Build
X-Timing-Wait
X-WP-CF-Super-Cache-Cache-Control
X-Fastly-Request-Id
Mn-Server-Ip
Selected-Fe
Cache-Hits
DB-Nickname
X-Via-Fastly
Fastcgi-Useragent
X-FB-TRIP-ID
Liferay-Portal
X-Hl-Ver
X-Tec-Api-Root
X-Tec-Api-Version
ServedBy
Xserver
X-Tec-Api-Origin
X-Request-Time
X-Times
X-Optimistic-Header
X-Cache-Debug
X-Air-Source
X-Air-Trace-Id
X-XRDS-LOCATION
X-Air-Hostname
X-Redis-Cache
Source
X-Loop
X-TNCMS
X-Tumblr-Pixel-3
Upgrade-Insecure-Requests
X-CACHE-AGE
X-Origin-Date
X-GEO
X-Buckets
X-Generated-By
X-NWS-UUID-VERIFY
Countrycode
X-Mg-Request-UUID
X-Akamai-Transformed
X-Uri
CF-Cached-On
X-Varnish-Hits
X-Director
X-Varnish-Beresp-Ttl
X-Tid
X-Tx-Id
X-Cdn
X-Storage
X-Pass-Why
Xet-Cookie
X-TA-CDN-Provider
Frame-Options
X-ARC
X-Presslabs-Stats
X-Origin-TTL
X-DC
X-FireWall-Port
X-Origin-CC
X-Newrelic-Synthetics
X-Service
X-Varnish-Cache-Hits
X-ECache
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
SID
X-ShardId
X-ShopId
X-Trace-ID
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Esi
X-App-Version
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-B3-Spanid
X-Endurance-Cache-Level
Environment
X-Varnish-Hostname
X-Request-Host
DCR-Processing-Time-Ms
Surrogated-Key
Release
DCR-Decision-By
X-Cache-NE
X-Cache-Info
Redirect-Candidate
X-Ec-Fail
Sslversion
Edge-Cache
Rendered-Blocks
X-Core-Value
X-D
X-ServerID
Req-Svc-Chain
Odigeo-Trace-Id
X-Developer
X-CMSURLCustom
X-Destination
X-Bc-Bl
X-A-Ccd
X-Ec-GeoHdr
X-A-Dam
BehaviorPad-Version
X-A-Dcw
X-A
TDXMobile
Thinkindot-Control
Gannett-Cam-Experience-Id
Thinkindot-CacheControl
Candidate-Md5Url
WWW-Authenticate
X-A-Dgt
X-A-Wwc
Lang
MD5-Digest
X-B-Cookie
X-BBC-Edge-Cache-Status
Thinkindot-CacheControl-Type
T-Server
X-Application
Ngx.Var.Host
X-Aed
Origin
A
Meta-Geo-Continent
X-BCube-Filmed-By
X-Frame-Option
X-Mobile-URL
X-SRCache-Key
X-Nyt-Route
X-Mid
X-ScT
X-TIM-N
X-Loc
X-Origin-Time
Server-Info
X-Rojux
X-S
X-S-Cookie
X-Processor
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-INCAP-ABP
X-Thinkindot-L3
X-VG-TLSProxy
Cache-Tv-Group
X-Gdpr
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-We-Are-Hiring
X-Epic-Correlation-Id
X-External-Request-Id
Tube-Got-Results
X-WP-CF-Super-Cache-Active
Tube-Return
X-Sigma
Memcached
X-SD-PageType
X-Worker
X-Sigma-Backend
Vix-Hermes-Req-Id
Magicmarker
Tube-Get-Contents
X-Varnish-CookieHashed-On
X-Test
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Served-From
X-VServer
X-SVT-ORM-VERSION
X-Sn-Servicetimems
Server-Host
X-WADP-Cache
X-WA-Info
X-SVT-ORM-RULES
Tube-Got-Eval
X-Auto-Login
X-HS-Content-Campaign-Id
X-CUA
X-DefElseHash
X-Httpd
X-Human
X-Level-Front-Cache
X-Core-Mission
X-DefHash
X-Has-Esi
Host-ID
X-Fmm-Version
X-Gamma-Serve
X-Ec-Custom-Error
X-GeoIP-City
X-Developers
X-Is-Gdpr
X-Clara-WADP
X-Pubstack
X-Origin-Response-Time
X-Platform-Server
X-Akamai-Device-Characteristics
X-Rocket-Build-Number
X-Restarts
X-Cache-Bucket
X-Old-Content-Length
X-Location
X-JWT-State
X-Generated-On
X-Cdn-Srv
X-NodeID
X-Cdn-Origin
X-S-Maxage
State
Click-Count-Error
Click-Count-Action-Start
Country-Code
Decoy-Debug-Status
Fastly-Backend-Name
X-RM-Cache-TTL
Decoy-Debug-Key
Fastly-GeoIP-CountryCode
Apple-News-Services-Handled
Decoy-Debug-TTL
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
C-Via
Cache-Host
Apple-News-Services-Host
DSUID
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-AIR-PT
Section-Io-Id
Section-Io-Origin-Status
X-Date
X-Cache-FS-Status
Adler-Geo
X-Ad-Defer-Variation
X-Accel-Expires-Debug
X-Accel-Buffering
X-App
X-Variation
X-Cache-Id
Cache-Key
X-Block-Status
CloudFront-Viewer-Country
X-SB
X-Hash
X-Hnp-Log
X-Planisys-CDN-Cache
X-Gzip
X-GeoIP-Region-Code
X-Origin
X-Node-Id
X-Minions-Version
X-Fetched-On
X-Nananana
X-Wix-Viewer-Type
X-LB-NoCache
X-GeoIP-Country-Code
X-Planisys-CDN-Rules
X-Request-Start
X-Esi-Check
AKAMAI
X-DPWN-IS-SECURE
X-Dispatcher-Number
X-Req
X-Fastly-Backend
X-Geo-Header
X-GeoIP
X-Planisys-CDN-TTL
X-Gen-Mode
X-Bip
X-Scale
X-Cache-Backend
X-Slack-Backend
Cache-Provider
Producers
Platform
Pics-Label
Server-Ext
Server-Hostname
Cmsid
Cmstype
X-Var-Ttl
Sever-Int
X-Varnish-Beresp-Status
Origin-EX
X-Up
L
Kp-EeAlive
Is-Eu
Gh-Request-Id
Mail-Subject
Origin-CC
NM-Fastcgi-Cache
X-Conf
X-Vmg-Version
Cluster
X-Thanos
CDCHOST
User-Cache-Control
X-Pool
Ssr
We-Hiring
Web-Mar-Region
Svr
CacheControlHeader
X-Parent-Response-Time
PFcat
X-Refresh
X-FC-Vary-Parameters
X-V-Cache
X-Op-Id-All
Cdn
X-Azure-Ref-OriginShield
Wxu-Next-Region
X-Slack-Shared-Secret-Outcome
X-Irp-Debug
X-Device-Os
Wxu-Next-Commit
X-Mvc-Supplant-Cachable
X-Owner
X-HN
X-Org
Fastly-SSL
X-Ckpd-Fst-Backend
X-Varnishpool
X-Platform
X-Forwarded-Site
X-Region-Sid
X-Men
X-VarnishDD-TTL
X-Nginx-Cache-Key
X-NCache
X-CacheTTL
Machine
Datacenter
X-Cache-Tags
X-Cached-By
X-Server-IP
X-Qloud-Router
Wxu-Next-Hostname
NGX
On-Server
X-CSRF-Token
X-Via-Popn
Canary
X-Via-Popv
X-Dispatcher-Server
X-Via-Poph
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
X-Csrf-Jwt
X-Varnish-Ttl
X-Eu-Site
X-CGP
X-Webkit-CSP-Report-Only
Env
X-Mvc-Supplant-OutputCached
HostName
X-Servedbyhost
X-Aicache-OS
GeoIP-Latitude
X-HA-Backend
X-Cache-Date
Cdncip
Cdnsip
X-RCS-CacheZone
X-Cache-Remote
X-Tb-Optimization-Total-Bytes-Saved
X-AK-Request-ID
Server-ID
X-Microcachable
X-Mly-Id
X-VC
X-ZONE
X-APP-VERSION
X-DataCenter
X-Gateway-Cache-Key
X-Fpc
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-API-Version
X-Gateway-Cache-Status
X-LB-ID
X-Wa
Load-Balancing
X-Zone
Memory
X-Generated-In
X-Fastly-Cache
Cache
Time
X-Nc
X-Webkit-CSP
Request-ID
X-Origin-Expires
X-ND-Cache
X-Via-NSCOPI
Eomportal-Instance
X-Check-Cacheable
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Vc
X-Instance-Name
Ngx-Var-Key
X-Micro-Cache
X-Response-By
X-HS-Status
X-Release
X-CS
X-Correlation-ID
OT-Force-Account-Verify
X-NewRelic-App-Data
Expect-Staple
X-FL-EDGE
X-FL-QIT-DEBUG
X-Client-Ip
Srvid
X-From
Locid
X-Api-Version
Hostname
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Cache-Enabled
X-SIPLIST1
IsBot
X-Request-URI
X-Hcs-Proxy-Type
X-Via-CDN
NtCoent-Length
X-Info
X-Via-Edge
Edge-Copy-Time
X-Edge-Pop
X-Via-SSL
X-Cache-NGX
X-VCL-Version
AMP-Access-Control-Allow-Source-Origin
X-CSRF-TOKEN
X-Via-JSL
X-Provided-By
Srv
X-NGINX-Cache
True-Client-Ip
GeoIp-Country-Code
X-MCACHE
Uri
X-Proxy-CacheRZ
XkeyRZ
X-Srv
X-Lambda-Id
X-Amz-Meta-Cb-Modifiedtime
X-Nf-Request-Id
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Air-Pt
X-Vcl-Version
True-Client-IP
Location
X-EC-Lua
X-B3-SpanId
X-Dc
CPC-Cache
CPC-Age
X-Vtex-Remote-Cache
VNS-Cache
X-Render-Time
VNS-Age
X-Edge-POP
GeoIP-Country-Code
X-Cache-Expires
Sid
Path
Servername
X-Oss-Storage-Class
X-Oss-Object-Type
Resin-Trace
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Server-ID
Cross-Origin-Opener-Policy-Report-Only
X-TH-Server
X-VCT
X-Fastly-Country-Code
X-Cs
X-CLOUD-TRACE-CONTEXT
X-ATG-Version
X-Moov-Xdn-Version
X-Moov-T
Traceparent
Fastly-Drupal-Html
CDN
X-Cache-ASPX
X-Varnish-Authentication
X-MSEdge-Flight
X-Contensis-Viewer-Groups
X-Viewer-Country
X-MSEdge-Features
X-Cdn-Request-ID
X-Scheme
Esi-Enabled
LB
X-TX-ID
X-Accel-Version
M-TraceId
X-PERF
Timeexpire
X-Pod-Name
X-ApacheServer
YJS-ID
X-Upstream-Ct
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
X-Upstream-Ht
X-Datacenter
X-Udemy-Cache-App-Namespace
X-CF-Lambda-Version
X-CF-Lambda-Fn
Rip
X-FPC
CountryCode
X-Datadome
FSS-Cache
X-RateLimit-Reset
X-Cdn-Cache-Status
Powered-By
X-Cache-Type
X-NAPM-TraceId
HIT
Sm-Log-Id
X-PAYTM-SRV-ID
X-RateLimit-Remaining-Second
X-Service-Response-Time
X-Lb-Id
X-RateLimit-Limit-Second
X-WA
X-SERVER-NAME
X-Geo
XServer
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-CACHE-KEY
X-NC
RNT-Machine
RNT-Time
X-Wikidot-Static-Cache
Proxy-Connection
X-Wikidot-Backend
Server-Id
N-Cache
V-Age
X-Clientip
Tracecode
True-Client-Country-4JS
Ohc-File-Size
XM
X-LiteSpeed-Cache-Control
X-Tenant
X-Bl-Debug
X-Shop-Environment
X-Orig-Expires
X-Forwarded-Path
ENV
X-ServedByHost
X-VG-WebCache
X-TraceId
X-CDN-Cache-Status
X-B3-Trace-ID
Ngx
X-B3-Parentspanid
X-MP-GENERATED-AT
WZWS-RAY
X-Cdn-Forward
Epwk-X-Cache
X-Ha-Backend
X-Hyper-Cache
Geoip-Latitude
Yjs-Id
X-M-Log
X-M-Reqid
X-Qnm-Cache
Content-Style-Type
X-Amz-Meta-Opti
X-App-Name
X-Policy
Content-Script-Type
X-Serial
X-Vgn-Hpd-Reason
X-Rebelmouse-Surrogate-Control
X-Via-PopH
X-Via-PopV
X-Fastly-Backend-Reqs
X-Rebelmouse-Cache-Control
User-Agent
X-MiniProfiler-Ids
X-Cdn-Diag
X-B3-ParentSpanId
Inserted-Into-Cache-At
X-Swift-Error
X-Via-PopN
X-Dw-Trace-Id
X-Lb-Nocache
Ec-Rule-Version
X-TT-LOGID
X-F-Status
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
X-Wp-Cf-Super-Cache
Expiry
Cneonction
My-App
Pramga
X-Connection-Hash
X-Ramcache
Req-ID
MIME-Version
X-IPS-Cached-Response
X-LiteSpeed-Tag
X-UP
X-Snapshot-Date
X-Cache-Ngx
X-Request-URL
X-Mid-Debug-Cache-Key
X-Stale
X-Th-Server
X-Mid-Debug-Cache-Disk
Warning