Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-FRAME-OPTIONS
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Request-ID
X-Cacheable
X-Iinfo
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
P3p
X-Ua-Compatible
Access-Control-Max-Age
CF-Ray
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-Dns-Prefetch-Control
X-UA-Device
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
Host-Header
X-Ws-Request-Id
X-Hacker
X-Server-Powered-By
X-Rq
X-Server
X-Vhost
X-Varnish-Cache
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
EagleId
X-Dispatcher
Cf-Edge-Cache
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Nginx-Cache-Status
X-WebKit-CSP
Ali-Swift-Global-Savetime
Accept-CH
X-Aws-Lambda-Call-Status
X-Host
X-Node
X-Akamai-Path-Stats
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Cache-Spec
X-Server-Id
Surrogate-Control
X-Backend-Server
X-Akam-SW-Version
Request-Id
EagleEye-TraceId
X-Response-Time
X-Cache-Lookup
Accept-CH-Lifetime
X-Readtime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-HW
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Country
X-Nginx-Upstream-Cache-Status
X-Url
X-Amz-Server-Side-Encryption
X-MS-InvokeApp
X-Rack-Cache
X-Edge
Edge-Control
Accept-Ch-Lifetime
X-Vname
X-PC
X-TtlSet
X-B3-TraceId
X-Content-Type
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-ESI
X-Vcap-Request-Id
X-CST
X-Oneagent-Js-Injection
X-Mcache
X-D2id
Verso
X-Kinja
X-Exp-Variant
X-Use-Magma
X-Exp-Id
Xkey
X-Kinja-Build
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-GitHub-Request-Id
Cache-Tag
X-Ruxit-Js-Agent
X-Amz-Rid
X-FastCGI-Cache
X-Powered-By-Plesk
Service-Worker-Allowed
RTSS
X-VARITI-CCR
X-Varnish-TTL
X-Navigation-Version
X-Upstream
X-Abt-Application-Version
X-Version
X-Client-IP
X-Cached
X-Ttl
X-Ac
X-ECACHE
X-Cnection
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Server-Name
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Arr-Disable-Session-Affinity
SPRequestGuid
X-SharePointHealthScore
Cf-Apo-Via
X-Px
Permissions-Policy
SPRequestDuration
SPIisLatency
Public-Key-Pins
X-Middleton-Display
Display
X-Sol
Pagespeed
X-Country-Code
X-NWS-LOG-UUID
X-Cache-TTL
X-Middleton-Response
Response
X-Ser
X-Midtier
X-Cache-Key
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-RateLimit-Remaining
Content-MD5
X-Forwarded-For
Access-Control-Request-Method
X-NF-Request-ID
X-MSEdge-Ref
X-Shield-Request-Id
X-DataDome
Front-End-Https
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Recruiting
X-T
TP-Cache
TP-L2-Cache
X-HP-Webp
X-HP-Trace-Id
AR-SID
X-Jurisdiction
AR-Request-ID
AR-CACHE
AR-PoweredBy
AR-ATIME
Edge-Cache-Tag
X-Correlation-Id
MicrosoftSharePointTeamServices
Nginx-Cache
Mrf-Cache-Status
MRF-Tech
X-Accel-Expires
X-B3-TraceId-Primal
X-Powered-CMS
X-Daa-Tunnel
Accept-Ch
X-Grace
TCN
X-Mg-S
X-RateLimit-Limit
X-Content-Digest
Filters
X-Amzn-Trace-Id
X-Hits
X-Request-Received
X-Request-Processing-Time
X-Id
X-TEC-API-ORIGIN
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
Server-Name
X-HS-Cache-Config
Server-Node
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
MS-Author-Via
X-PressLabs-Stats
X-Fastly-Request-Id
Fastcgi-Cache
X-Webkit-Csp
X-Geo-Country
X-Frontend
X-Distributor
X-XRDS-Location
X-Origin-Server
Count-Hit
S
X-Ezoic-Cdn
X-Ab
X-Ua-Browser
X-Language
X-Protected-By
X-Amz-Meta-S3cmd-Attrs
Filterid
Cache-Status
Cross-Origin-Opener-Policy
X-LLID
X-LB-Cache
Charset
X-ASPNET-VERSION
X-Microsite
X-F-Cache
Payment
X-Ratelimit-Reset
X-FB-Debug
X-Request-Handler-Origin-Region
X-Fastcgi-Cache
X-Seen-By
Host
X-Forwarded-Proto
X-Page-Id
X-Git-Hash
X-B3-Sampled
X-Cluster-Name
X-VCache
Surrogate-Key
X-Rid
Cache-Tags
X-Cache-Age
Realpath
X-Www-Served-By
Access-Control-Allow-Method
Accept-Charset
X-Logged-In
X-Origin-Cache
Retry-After
X-Upgrade-Enabled
X-Source
X-NGENIX-Cache
Alternate-Protocol
X-Template
X-AppVersion
X-Activity-Id
X-Az
X-DIS-Request-ID
X-Varnish-Backend
X-Litespeed-Cache
X-Type
X-Amz-Replication-Status
ServerID
Cleartype
X-Varnish-Grace
X-Wix-Request-Id
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Signature
X-TT
X-Tb
X-Envoy-Decorator-Operation
X-B-Cache
Paypal-Debug-Id
X-Aspnet-Duration-Ms
DC
X-Is-Crawler
X-Flags
X-App-Environment
X-B
X-Hostname
X-Node-Name
X-DynaTrace
X-TTL
X-Revision
Frame-Options
X-Proxy
X-Drupal-Cache-Tags
X-Contextid
X-Cache-Rule
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Debug
Pinterest-Version
Pinterest-Generated-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Pinterest-Rid
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Mobile
Refresh
X-Load-Cache
X-Content-Options
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Request-ID
X-N
X-Cache-Control
Node
X-XRDS-LOCATION
Country
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
NGB
X-Original-Request-Id
X-Response-Served-From
X-Ratelimit-Remaining
X-Varnish-Age
Akamai-GRN
X-Content-Powered-By
X-NYM-Debug-Backend
X-Status
X-Instance
X-Cache-Time
X-User-Agent
Content-Disposition
X-Varnish-Server
Access-Control-Request-Headers
X-Debug-IsConnected
X-Debug-IsPreview
X-Mid
X-Environment-Context
X-L-Path
X-Cache-Grace
X-Akamai-Request-ID2
X-Cache-TTL-Remaining
X-Yottaa-Optimizations
X-Framework
X-Servername
X-Whom
X-Real-IP
X-Yottaa-Metrics
X-Cacheable-TTL
X-COUNTRY
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-G
Viewport
Uber-Trace-Id
X-Rendered-As
X-Page-View
Referer-Policy
X-Adobe-Content
X-Jobs
X-Is-Bot
X-Adobe-Loc
X-Unique-Id
Url
X-ProcessESI
Cross-Origin-Resource-Policy
X-RemovedCookies
Countrycode
Srv
X-Trace-Id
X-Content
X-APP-VERSION
X-Drupal-Cache-Contexts
Version
X-Via-JSL
X-Api-Version
X-Time
X-Mg-Request-UUID
X-Cache-Expired-At
X-CDN-Forward
Accept-Language
X-Cache-Hit
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Http-Reason
X-Oracle-Dms-Ecid
X-Cache-Operation
X-Oracle-Dms-Rid
X-Backend-Name
X-App-Server
X-ECache
Protected
Healthy
X-IPLB-Instance
X-Restarts
X-Rule
X-IPLB-Request-ID
X-Ratelimit-Limit
X-Server-ID
X-Azure-Ref
X-Cache-Action
Content-Secure-Policy
X-Akamai-Edgescape
X-Hosted-By
Section-Io-Cache
X-Debug-Info
X-Tt-Logid
X-Generation-Time
X-Device-Type
GEO-INFO
Backend
Server-Info
X-VC-Cache
X-FW-Serve
X-Mobile-URL
X-FW-Server
X-FW-Type
X-Nginx-Cache-Key
Meta-Geo
X-FW-Static
Load-Balancing
X-RN-RSRV
X-URL
X-FW-Hash
X-UPSTREAM-Address
X-FW-Dynamic
X-Storage
CF-IPCountry
Onion-Location
X-RTag
X-HTML-Minification-Powered-By
S-Rt
Azure-SiteName
Azure-SlotName
Azure-RegionName
Eomportal-Instance
Azure-Version
Azure-InstanceId
X-SRV
MS-CV
X-Cache-Server
X-Locale
X-Amz-Apigw-Id
X-Format
X-Proto
X-Section
X-Handled-By
X-FireWall-Port
X-Cms-Context
X-Access
X-Amzn-RequestId
X-Correlation-ID
X-Generated-By
X-Content-Age
X-OCL
Ms-Operation-Id
X-PCL
Liferay-Portal
X-Varnish-Cache-Hits
Web-Mar-Node
Property-Id
X-Edge-Location
X-Urbn-Context-Path
Cache-Name
X-SayCDN-TTL
Locale
X-Site-Version
X-Say-TTL
X-Say-Cacheable
X-Region
X-Redis-Cache
X-Hl-Ver
TWC-Device-Class
Webcakes-Region
TWC-GeoIP-Country
X-Origin-Hint
X-Skip-Cache
Webcakes-App-Version
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
X-Forwarded-Host
X-Varnish-Hostname
X-PHP-Host
X-R9-Blue-Green-Version
TWC-Connection-Speed
X-No-Session
X-Varnish-Beresp-Grace
X-JoinUs
X-Labrador-Cache-Channel
TWC-GeoIP-LatLong
X-Urbn-Site-Id
X-SaId
X-Cache-Type
X-Cache-Host
X-BYPASS-REASON
X-GeoCode
X-GeoCountry
X-Ms-Request-Id
X-LJ-Flow-ID
X-AWS-Id
X-Alternate-Cache-Key
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestId
X-Adobe-Source
CDN-Uid
X-Ms-Version
X-Proxy-Cache-Status
X-Varnishpool
X-Sql-Duration-Ms
X-Sql-Count
X-Via-Fastly
X-VWS-Id
X-Xfnlog-Site
X-Web-Node
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ProxyCache-Status
X-ProxyCache-Key
X-ServerID
X-ShardId
X-Shopify-Stage
X-ShopId
CDN-Cache
X-PHP-Backend
X-Cache-Status-Check
X-Mode
X-Server-W
X-Detected-As
X-Proxy-Build
Selected-Fe
X-Cache-Enabled
X-Storefront-Renderer-Rendered
Xserver
Apigw-Requestid
X-Timing-Wait
Fastcgi-Useragent
X-UA-Device-Type
Mn-Server-Ip
WP-Super-Cache
X-Request-Time
X-DynaTrace-JS-Agent
X-Zipkin-Id
X-WP-CF-Super-Cache-Cache-Control
X-Uri
DB-Nickname
X-Routing-Service
X-Proxied
X-WP-CF-Super-Cache
X-FB-TRIP-ID
X-Extlb
X-Cache-NGX
X-Varnish-Ttl
X-Tid
X-Nginx-Cache
X-Origin-Date
X-Provided-By
X-Ua
X-Datadome
X-Amzn-Remapped-Content-Length
X-UUID
X-Loop
X-Dc
X-TNCMS
X-Pubstack
X-Reqid
X-Aspnetmvc-Version
X-LSADC-Cache
X-Zen-Fury
X-Vgn-Hpd-Reason
ServedBy
Xet-Cookie
X-Cdn
X-Webkit-CSP
X-Tumblr-Pixel-2
X-Soup
X-MP-GENERATED-AT
X-Human
X-TA-CDN-Provider
X-Service
X-Origin-TTL
Origin
Source
X-GEO
X-Origin-CC
Cache
X-RCS-CacheZone
X-Cache-Tags
From-Origin
X-App-Version
X-Newrelic-Synthetics
X-Varnish-Hits
X-Cached-By
Cross-Origin-Window-Policy
X-Debug-Cache
X-TIME
X-Tec-Api-Root
X-Tec-Api-Origin
WPO-Cache-Message
X-Tec-Api-Version
WPO-Cache-Status
X-Cache-Debug
SD-X-WS
Rip
X-B3-Traceid
X-Varnish-Beresp-Ttl
Rendered-Blocks
X-ScT
MD5-Digest
BehaviorPad-Version
LB
Host-ID
X-Request-Host
X-Ec-GeoHdr
X-PBS-Appsvrname
X-External-Request-Id
A
X-Forwarded-Path
X-Ec-Fail
X-BCube-Filmed-By
CPC-Age
X-D
X-Connection-Hash
CPC-Cache
X-Cache-NE
X-Developer
X-Destination
X-Bc-Bl
X-B-Cookie
X-Orig-Expires
X-A-Dgt
X-Parent-Response-Time
Meta-Geo-Continent
Xc-Version
X-A-Dcw
X-A-Wwc
X-NAPM-TraceId
X-Application
X-ARC
X-AK-Request-ID
Cdncip
X-Aed
Cdnsip
X-A-Dam
DCR-Decision-By
Ngx.Var.Host
X-S-Cookie
X-TIM-N
X-S
Expiry
X-Rewrite-Enabled
X-User
X-Shop-Environment
X-NewRelic-App-Data
X-SRCache-Key
Sslversion
Odigeo-Trace-Id
Surrogated-Key
T-Server
X-Tenant
Lang
X-Rojux
VNS-Cache
X-Vdms-Version
X-Processor
X-A
DCR-Processing-Time-Ms
X-VG-WebCache
X-Vdms-Path
VNS-Age
X-A-Ccd
X-IPS-LoggedIn
Webserver
X-FW-Version
X-AOL-HN
X-Served-From
X-Accel-Buffering
X-Origin-Time
Redirect-Candidate
X-Cluster
X-Aicache-OS
X-Nyt-Route
X-Owner
X-Dispatcher-Number
Upgrade-Insecure-Requests
X-Gdpr
Environment
X-Sucuri-ID
AKAMAI
X-Level-Front-Cache
X-WP-CF-Super-Cache-Active
X-INCAP-ABP
X-Is-Gdpr
X-JWT-State
X-Sucuri-Cache
X-Worker
X-Thinkindot-L3
X-Newrelic-App-Data
OT-Force-Account-Verify
X-Generated-On
X-Cdn-Srv
Fastly-Drupal-HTML
X-CSRF-Token
X-CMSURLCustom
X-Has-Esi
X-Developers
X-Geo-Header
WebServer
X-HS-Content-Campaign-Id
Thinkindot-Control
Server-Host
Gh-Request-Id
Fastly-Backend-Name
HostName
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Platform
Producers
X-Azure-Ref-OriginShield
X-Ad-Defer-Variation
V-Age
NM-Fastcgi-Cache
Tube-Return
Vix-Hermes-Req-Id
We-Hiring
Mime-Version
Mobile-Detection-Method
Web-Mar-Region
Tube-Got-Results
Tube-Got-Eval
Release
X-Cache-Bucket
X-Cache-Id
X-Bip
Svr
Tube-Get-Contents
X-ATG-Version
X-Auto-Login
X-Cache-Info
X-Planisys-CDN-Cache
X-Rocket-Build-Number
X-Request-URI
X-Region-Sid
X-Rocket-Nginx-Serving-Static
X-S-Maxage
X-Scheme
X-SB
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Memcached
X-Policy
X-Pool
X-Qloud-Router
X-Proxy-Cache-Info
X-Sigma
X-Sigma-Backend
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-Varnish-Remaining-TTL
X-Viewer-Country
X-Wix-Viewer-Type
X-VServer
X-Variation
X-Var-Ttl
X-Sn-Servicetimems
X-Slack-Backend
X-SplitTest
X-SVT-ORM-RULES
X-Thanos
X-SVT-ORM-VERSION
X-Origin-Response-Time
X-Origin
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-Ec-Custom-Error
X-Esi-Check
X-Fastly-Backend
X-Eu-Site
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Clientip
X-CGP
X-Cdn-Origin
X-Core-Mission
X-Core-Value
X-Datadog-Parent-Id
X-Csrf-Jwt
X-FC-Vary-Parameters
X-Forwarded-Site
X-Loc
X-Irp-Debug
X-Hash
X-Mvc-Supplant-Cachable
X-NCache
X-Optimistic-Header
X-NodeID
X-Gzip
X-GeoIP-City
X-Gateway-Cache-Key
X-Gamma-Serve
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-GeoIP
X-Gateway-Skip-Cache
X-CacheTTL
X-Epic-Correlation-Id
Candidate-Md5Url
Fastly-SSL
Click-Count-Action-Start
Cache-Host
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Fastly-GeoIP-CountryCode
Click-Count-Error
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
DSUID
Cmstype
Cluster
Cmsid
Ha-Gx-Prefs
Adler-Geo
HA-Ipaddr
L
L5d-Success-Class
Is-Eu
Kp-EeAlive
Machine
Mail-Subject
X-VC
X-Platform-Server
X-Cluster-Node
Country-Code
Datacenter
X-Minions-Version
X-ND-Cache
X-Fmm-Version
X-Via-NSCOPI
X-VG-TLSProxy
Wxu-Next-Region
X-V-Cache
X-SIPLIST1
X-Ckpd-Fst-Backend
X-Scale
X-B3-SpanId
X-Clara-WADP
Canary
X-Device-Os
X-BBC-Edge-Cache-Status
X-Fetched-On
X-Branch-Name
X-WADP-Cache
IsBot
Traceparent
Req-Svc-Chain
State
Servername
Wxu-Next-Hostname
Fastly-SIE
CloudFront-Viewer-Country
Wxu-Next-Commit
NGX
Origin-CC
Origin-EX
Fastly-SWR
X-Tx-Id
X-Trace-ID
X-GG-Cache-Date
Sid
Server-Hostname
Ec-Rule-Version
CDCHOST
X-Block-Status
Server-Ext
X-Mvc-Supplant-OutputCached
User-Cache-Control
Sever-Int
X-Hnp-Log
X-Gen-Mode
X-Udemy-Cache-App-Namespace
X-Nf-Request-Id
X-Cache-Remote
X-WA-Info
Cache-Tv-Group
Time
X-LB-NoCache
Fastcgi-Cache-TTL
Memory
X-ZONE
Cache-Hits
X-Tb-Optimization-Total-Bytes-Saved
Pics-Label
X-Refresh
Request-ID
X-Session-Fingerprint
X-Pass-Why
AMP-Access-Control-Allow-Source-Origin
X-Rebelmouse-Surrogate-Control
X-Fastly-Cache
X-Origin-Expires
X-Tumblr-Pixel-3
X-Pod-Name
Ssr
X-Rebelmouse-Cache-Control
X-Up
X-Cs
X-Edge-Pop
X-Via-Popv
X-Dispatch
X-Release
Env
X-Via-Poph
X-Via-Popn
X-Generated-In
My-App
Server-ID
X-Servedbyhost
SID
X-Lambda-Id
X-Akamai-Transformed
X-Wa
X-Esi
X-CLOUD-TRACE-CONTEXT
X-Presslabs-Stats
X-PX
GeoIp-Country-Code
X-Req
X-Cache-Date
X-Ig-Push-State
X-Fpc
X-ID
CDN
X-Zone
X-Buckets
X-EC-Lua
X-NWS-UUID-VERIFY
X-DC
X-Conf
X-NC
X-CACHE-AGE
True-Client-IP
X-MSEdge-Flight
X-LB-ID
X-Endurance-Cache-Level
X-Xrds-Location
X-MSEdge-Features
CacheControlHeader
X-Microcachable
X-B3-Spanid
X-TX-ID
X-Webkit-CSP-Report-Only
X-NGINX-Cache
X-VCL-Version
X-Dmc
True-Client-Country-4JS
X-TH-Server
X-CACHE-KEY
X-Vc
Fastly-Drupal-Html
X-Op-Id-All
X-HS-Status
X-CS
Hostname
X-CSRF-TOKEN
X-TRACE-ID
X-Srv
Magicmarker
X-Be
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-GeoIP-Country-Code
X-Vcl-Version
X-GeoIP-Region-Code
X-RateLimit-Reset
X-MCACHE
X-Varnish-Beresp-TTL
X-Accel-Expires-Debug
X-Date
WWW-Authenticate
Tcn
Path
Resin-Trace
X-RAMCache
X-Hyper-Cache
X-Vercel-Id
X-Check-Cacheable
X-Alfa-Service
True-Client-Ip
X-Vercel-Cache
X-SERVER-NAME
X-M-Log
X-M-Reqid
Pramga
X-CF-Lambda-Version
X-Micro-Cache
X-CF-Lambda-Fn
Section-Io-Origin-Status
GeoIP-Country-Code
X-Akamai-Pragma-Client-IP
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-FPC
Yjs-Id
X-Cache-Ttl
Tracecode
Proxy-Connection
Powered-By
X-Old-Content-Length
X-App
X-Air-Source
X-Datacenter
X-WA
X-Qnm-Cache
X-LiteSpeed-Cache-Control
X-Air-Hostname
X-Air-Trace-Id
YJS-ID
X-Air-Pt
FSS-Cache
X-Mly-Id
C-Via
X-Geo
Server-Id
Lb
X-Via-CDN
X-Location
X-Webstats-RespID
X-Edge-POP
X-ServedByHost
X-Platform-Router
X-Platform-Processor
N-Cache
X-Platform-Cluster
X-TrackingId
ENV
X-Response-By
X-Lb-Id
User-Agent
NtCoent-Length
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Cdn-Forward
X-Varnish-Authentication
X-API-Version
HIT
X-Via-PopH
X-Via-PopN
X-Director
X-Via-PopV
X-Platform
On-Server
Hit
Fastcgi-X-Cache-Version
Esi-Enabled
X-Client-Ip
X-PAYTM-SRV-ID
Sm-Log-Id
X-AIR-PT
X-Dw-Trace-Id
XServer
X-Service-Response-Time
X-DataCenter
X-Akamai-ERRuleID
Locid
X-Li-Fabric
Srvid
X-FL-EDGE
Geoip-Latitude
Dnion-Transfer-Encoding
X-Instance-Name
Location
Cdn
X-FORWARDED-FOR
X-TT-LOGID
X-Li-Pop
X-UA
X-Server-IP
X-From
X-LI-UUID
X-Akamai-ERPolicy
X-LI-Proto
X-Traceid
X-CUA
X-Test
X-DW
X-Vtex-Processado-Em
X-DSS
X-RSL
X-RPS
X-RPM
X-CF-Powered-By
Swift-Performance
X-LiteSpeed-Tag
X-Request-Url
Uri
Nginx-CQVIP
X-Node-Id
X-DB
X-DI
Ohc-File-Size
X-Vtex-Remote-Cache
GeoIP-Latitude
PICS-Label
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache
X-Cache-Expires
X-Cache-Backend
X-Fastly-Backend-Reqs
M-TraceId
X-HA-Backend
Vha6-Origin
X-LAGOON
X-Cdn-Request-ID
X-Render-Time
X-Request-Start
X-SD-PageType
X-Fastly-Cache-Hits
X-HostName
X-B3-ParentSpanId
Wpo-Cache-Message
X-Lb-Nocache
Wpo-Cache-Status
X-Cache-Ngx
X-Cc-Via
CountryCode
Warning
Wp-Super-Cache
X-Ips-Loggedin
X-Ittl
X-LbNode
X-Keep
X-Kebabable
X-Kebab
X-IBD-Cache
X-Group
X-GoCache-CacheStatus
X-Header-Sub
X-Loadbalancer
X-IBD-SID
X-Is-SSL
X-N-OperationId
X-NFL-Geo
X-NFL-Dma
X-NS-Authorization
X-Ntj-Investigation-Id
X-NXG
X-Newegg-Index
X-Newegg-Flow
X-Matome-Cached
XV-H
X-MTS-Cache
X-Global-Transaction-ID
X-Nerd
X-Matched-Rule
X-Fastly-Is-Edge
X-Edge-IP
X-DT-Node
X-Colour
X-Coindesk-Cache
X-Ee-Generated-By
X-Doge
X-Developed-By
X-Conten-Type-Options
X-Container-Uri
X-Dcm-Pdtf
X-Dehri-Date
X-Delivery
X-Ee-Origin
X-Ee-Request-Date
X-Frame-Option
X-Farm
X-Fstrz
X-Full-Ttl
X-GG-Cache-Status
X-F-Status
X-Eventloop-Lag
X-Ee-Request-Id
X-Eid
X-ETag
X-Nyt-Data-Last-Modified
X-Git-Commit
X-PGF-Deflate
XV-Cache
X-Tried-To-Kebabify
X-YSpaceId
X-True-Client-Ip
X-U-Cache
X-Toujours-Debout-Location
X-Toujours-Debout-Branch
X-SVR-IIS
X-Stack-Name
X-Svr-Proxy
X-Test-Nginx-Ingress
X-Timestamp
X-Upstream-State
X-Cms-Device
X-Ver
X-Vary-Devices
X-Wag-Acs
X-Web-Hosting
X-We-Are-Hiring
X-WP-Bypass
X-WSR2
X-User-Auth
X-Utime
X-V2-Infrastructure
X-Xms-Page-Cache-Actions
X-SSLProxy
X-Square
X-PG-ACCESS
X-Paywall
X-Waitingroom
X-Pver
X-R-Cache
X-PageType
X-OVcl-Cache
X-Okws-Version
X-Onedio-Env
X-Origin-Ops
X-OVcl
X-Reboot
X-Redis
X-ServiceName
X-Server-L
X-Sh
X-Site
X-SMP-JWT
X-Save-Cache
X-Ruby
X-Render-Method
X-Request-Origin
X-Route
X-Route-Akamai
X-Odoo-Frontend
Ttl
Joe-X
Is-Https
NB-ESI
Nikkei-App-Version
NLCacheNote
HTTPProtocol
HServer
CMS-200
Cluster-Host
Deeplink
Ec-Policy-Id
H1
Npm-Cost
Npm-Remaining
Proxy-Cache
Panzer-Cache-Control
RawURL
Region
Request-Uuid
Origin-Site
Ok-Edge-Key
Ns
Ns-Ua
Ok-Cache-Status
OK-Edge-Date
Cf-Wrk
Cf-Locale
X-ApacheServer
Cache-Key
DynaTrace
WZWS-RAY
X-Mg-Cache
SRV
Fastcgi-Cache-Ttl
X-Moov-T
X-Via-Ucdn
X-Moov-Xdn-Version
X-PERF
Req-ID
X-ElasticPress-Query
X-Yottaa-OS
Cache-Stat
Akamai-X-Url
Cachekey
Cdn-Country-Code
Cf-Device-Type
X-Th-Server
X-Serial
CF-Cached-On
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Cneonction
Rt-Proxy-Cache
Scheme
X-ASF-Cache
X-ARRRG1
X-AspNetWebPages-Version
X-Backend-TTL
X-Backside-Transport
X-Arena-Request-Id
X-Ar-Stats
X-Akamai-DeviceType
X-Akamai-DeviceOS
X-Akamai-Native
X-Amz-Meta-Cb-Modifiedtime
X-Apache-Server
X-BeanStalkRole
X-BeanStalkStage
X-Cache-Response
X-Cache-ReqUri
X-CacheVersion
X-CDN-Pop
X-CDN-Pop-IP
X-Cache-Reason
X-Cache-Proxy
X-Cache-Cookie
X-Cache-IsMobileDevice
X-Cache-Length
X-Cache-NPR
X-Akamai-CacheKeyMod
X-AEO-Platform
Sw
Store-Cloud-Cache
T-Request-Id
Technodrome
Time-Cloud-Cache
SII
Shieldsquare-Response
Selected-Route
Served
Service-Uuid
SFRVia
TWC-AK-Req-ID
TWC-PATH-LOCALE
X-Accel-Version
X-77-NZT-Ray
X-Accepted-Fulllang
X-Accepted-Language
X-Accor-Asset
X-77-NZT
Vttl
TWC-Subs
TWC-Unit
Uniqueid
Userver
X-Cf-Node-Idx