Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
X-Request-ID
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
Timing-Allow-Origin
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
Upgrade
X-CDN
Access-Control-Max-Age
CF-Ray
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
X-Dns-Prefetch-Control
Request-Context
Keep-Alive
X-AH-Environment
X-Turbo-Charged-By
X-Amz-Request-Id
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
X-Ws-Request-Id
Host-Header
X-Hacker
X-Server-Powered-By
X-Server
X-Rq
X-Vhost
X-LiteSpeed-Cache
X-Varnish-Cache
X-Amz-Version-Id
Grace
X-Dispatcher
EagleId
Cf-Edge-Cache
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Page-Speed
X-WebKit-CSP
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Accept-CH
Ali-Swift-Global-Savetime
X-Aws-Lambda-Call-Status
X-Host
X-Node
Cf-Railgun
X-Pingback
X-Cache-Spec
X-Server-Id
X-Backend-Server
X-Akam-SW-Version
Surrogate-Control
X-OneAgent-JS-Injection
Request-Id
EagleEye-TraceId
X-Akamai-Path-Stats
X-Response-Time
X-Cache-Lookup
X-Readtime
Accept-CH-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
X-HW
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-Country
X-Oneagent-Js-Injection
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Ruxit-Js-Agent
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Edge
X-Url
X-TtlSet
X-PC
X-Vname
Edge-Control
X-CST
X-Mod-Pagespeed
X-Content-Type
X-Vcap-Request-Id
X-B3-TraceId
X-ESI
X-FastCGI-Cache
X-D2id
Verso
Xkey
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
Cache-Tag
X-Mcache
X-GitHub-Request-Id
Service-Worker-Allowed
X-Amz-Rid
X-Powered-By-Plesk
X-Varnish-TTL
RTSS
X-Navigation-Version
X-ECACHE
X-VARITI-CCR
X-Abt-Application-Version
X-Version
Cf-Apo-Via
X-Upstream
X-Ruxit-JS-Agent
X-Client-IP
X-Server-Name
X-Cached
X-Ac
X-Cnection
X-Ttl
X-Element-Page-Cache
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-SharePointHealthScore
SPRequestGuid
Permissions-Policy
X-Px
SPRequestDuration
SPIisLatency
Public-Key-Pins
X-Middleton-Display
Pagespeed
X-Sol
Display
X-Cache-TTL
X-Country-Code
X-NWS-LOG-UUID
Response
X-Middleton-Response
X-RateLimit-Remaining
X-Cache-Key
X-Ser
X-Midtier
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-For
Content-MD5
Front-End-Https
Access-Control-Request-Method
X-MSEdge-Ref
X-Shield-Request-Id
X-ORACLE-DMS-ECID
X-NF-Request-ID
X-Recruiting
X-T
X-ORACLE-DMS-RID
X-Correlation-Id
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
AR-ATIME
AR-CACHE
AR-SID
X-Jurisdiction
AR-PoweredBy
X-HP-Trace-Id
X-HP-Webp
TP-Cache
TP-L2-Cache
Edge-Cache-Tag
AR-Request-ID
Nginx-Cache
MicrosoftSharePointTeamServices
X-DataDome
X-Accel-Expires
X-Daa-Tunnel
X-RateLimit-Limit
Accept-Ch
X-Powered-CMS
TCN
X-Grace
X-Mg-S
X-Content-Digest
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Request-Received
X-Request-Processing-Time
X-Id
X-Amzn-Trace-Id
Server-Node
X-HS-Hub-Id
X-HS-Cache-Config
Filters
X-HS-Content-Id
X-HS-Combine-CSS
X-Hits
Server-Name
X-TEC-API-ORIGIN
MS-Author-Via
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Geo-Country
Fastcgi-Cache
X-Frontend
X-XRDS-Location
X-Webkit-Csp
Count-Hit
X-PressLabs-Stats
X-Distributor
X-Origin-Server
X-Fastly-Request-Id
X-Ezoic-Cdn
X-Ua-Browser
S
Cross-Origin-Opener-Policy
X-Protected-By
X-LLID
X-F-Cache
X-B3-Sampled
X-Amz-Meta-S3cmd-Attrs
X-FB-Debug
Charset
X-Microsite
X-Forwarded-Proto
X-Request-Handler-Origin-Region
Filterid
Cache-Status
X-Language
X-LB-Cache
Host
Payment
X-Seen-By
X-Git-Hash
X-Ab
X-Page-Id
X-ASPNET-VERSION
X-Cluster-Name
X-Ratelimit-Reset
X-VCache
Surrogate-Key
X-Rid
Cache-Tags
X-Www-Served-By
Realpath
X-Logged-In
Access-Control-Allow-Method
Accept-Charset
Retry-After
X-Cdn
X-Upgrade-Enabled
X-Fastcgi-Cache
Alternate-Protocol
X-Source
X-NGENIX-Cache
X-DIS-Request-ID
X-Origin-Cache
X-Varnish-Backend
X-Activity-Id
X-AppVersion
X-Az
X-TTL
X-Type
X-Cache-Age
X-Amz-Replication-Status
X-Envoy-Decorator-Operation
X-B-Cache
X-Aspnet-Duration-Ms
X-Flags
X-TT
X-Signature
X-Route-Name
X-Is-Crawler
X-Tb
Paypal-Debug-Id
DC
X-Request-Guid
X-Providence-Cookie
X-B
Cleartype
X-Varnish-Grace
X-Wix-Request-Id
X-Template
X-Hostname
ServerID
X-App-Environment
X-Revision
X-Node-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-DynaTrace
Frame-Options
X-Contextid
X-Cache-Rule
X-Drupal-Cache-Tags
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Proxy
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Fastly-Request-ID
X-Debug
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Load-Cache
X-Mobile
Refresh
X-Content-Options
Amp-Access-Control-Allow-Source-Origin
Country
Node
X-N
Cross-Origin-Resource-Policy
Referer-Policy
X-Original-Request-Id
X-Response-Served-From
X-EdgeConnect-Cache-Status
X-Magnolia-Registration
X-Cache-Control
X-URL
X-Varnish-Server
X-Varnish-Age
NGB
X-Debug-IsConnected
X-Debug-IsPreview
X-Cache-TTL-Remaining
X-L-Path
Content-Disposition
X-NYM-Debug-Backend
Akamai-GRN
X-Content-Powered-By
X-Environment-Context
X-Instance
Access-Control-Request-Headers
X-Cache-Time
VIX-Pulpo-Node
X-Status
X-Real-IP
X-Cacheable-TTL
X-Adobe-Loc
X-G
X-Servername
X-Adobe-Content
VIX-Pulpo-Upstream-Status
X-RemovedCookies
X-ProcessESI
X-Mid
X-Is-Bot
X-Page-View
X-Jobs
X-Rendered-As
Url
X-Cache-Grace
Uber-Trace-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Akamai-Request-ID2
Viewport
X-Whom
X-Framework
Srv
X-User-Agent
X-COUNTRY
X-Unique-Id
X-Cache-Expired-At
X-CDN-Forward
X-Trace-Id
X-Via-JSL
X-Drupal-Cache-Contexts
Countrycode
X-XRDS-LOCATION
X-Tumblr-Pixel-0
Version
X-Tumblr-Pixel
X-Cache-Hit
X-Tumblr-Pixel-1
X-Tumblr-User
X-Cache-Operation
Accept-Language
X-APP-VERSION
X-Mg-Request-UUID
Healthy
X-Time
X-Ratelimit-Remaining
X-Http-Reason
X-Rule
X-Content
X-Backend-Name
Protected
X-Debug-Info
X-Litespeed-Cache
X-Api-Version
X-App-Server
X-Cache-Action
X-Akamai-Edgescape
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-IPLB-Request-ID
X-IPLB-Instance
Section-Io-Cache
X-Azure-Ref
X-B3-Traceid
X-Restarts
X-Tt-Logid
X-Server-ID
Backend
Content-Secure-Policy
X-Hosted-By
X-VC-Cache
X-Generation-Time
Server-Info
Xserver
X-RN-RSRV
X-FW-Dynamic
X-Mobile-URL
X-FW-Static
Meta-Geo
Load-Balancing
X-HTML-Minification-Powered-By
X-Storage
X-FW-Type
X-FW-Serve
X-Device-Type
X-FW-Hash
X-FW-Server
X-UPSTREAM-Address
X-SRV
Onion-Location
X-Nginx-Cache-Key
X-Generated-By
GEO-INFO
Liferay-Portal
CF-IPCountry
S-Rt
X-Amz-Apigw-Id
X-PCL
X-Mode
Ms-Operation-Id
X-Amzn-RequestId
MS-CV
X-RTag
X-Handled-By
X-Access
X-Format
X-Cms-Context
X-Locale
X-Section
X-Cache-Status-Check
X-OCL
X-Varnish-Beresp-Grace
Azure-InstanceId
X-Varnish-Cache-Hits
X-Origin-Hint
X-Adobe-Source
Azure-RegionName
X-FireWall-Port
Azure-SlotName
TWC-Device-Class
X-Edge-Location
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
Webcakes-App-Version
Azure-Version
Webcakes-App-Name
Eomportal-Instance
Property-Id
Webcakes-Region
Azure-SiteName
X-Cache-Server
X-Proxy-Cache-Status
X-Proto
X-Forwarded-Host
X-Skip-Cache
X-SaId
X-JoinUs
X-R9-Blue-Green-Version
X-Region
X-GeoCode
X-Sorting-Hat-PodId
CDN-Cache
X-GeoCountry
X-Labrador-Cache-Channel
CDN-CachedAt
X-Detected-As
X-ShopId
X-PHP-Host
X-LJ-Flow-ID
X-Site-Version
X-Routing-Service
X-AWS-Id
X-PHP-Backend
Apigw-Requestid
X-Zipkin-Id
X-Proxied
X-No-Session
X-Extlb
X-Cache-Host
X-SayCDN-TTL
X-Varnish-Hostname
X-Say-TTL
X-Server-W
X-Via-Fastly
X-ShardId
X-Content-Age
X-Urbn-Context-Path
X-Xfnlog-Site
X-Cache-Type
X-Alternate-Cache-Key
X-Say-Cacheable
CDN-RequestId
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
X-Urbn-Site-Id
X-Sorting-Hat-ShopId
X-VWS-Id
X-Sql-Duration-Ms
Locale
X-Sql-Count
X-Shopify-Stage
Mn-Server-Ip
X-Request-Time
X-BYPASS-REASON
X-Varnishpool
X-UA-Device-Type
X-Tid
X-Storefront-Renderer-Rendered
X-ProxyCache-Key
Cache-Name
X-Hl-Ver
X-ProxyCache-Status
X-Web-Node
WP-Super-Cache
Web-Mar-Node
X-Redis-Cache
X-Correlation-ID
X-Provided-By
X-Ms-Request-Id
X-Ms-Version
X-DynaTrace-JS-Agent
X-Datadome
X-ServerID
X-Uri
DB-Nickname
X-Ratelimit-Limit
X-FB-TRIP-ID
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Fastcgi-Useragent
X-Proxy-Build
X-Timing-Wait
X-ECache
Selected-Fe
X-Cache-Enabled
X-Cache-NGX
X-Amzn-Remapped-Content-Length
X-Nginx-Cache
X-Loop
X-TNCMS
X-Varnish-Ttl
X-Vgn-Hpd-Reason
X-Ua
X-LSADC-Cache
X-UUID
X-Origin-Date
X-Pubstack
X-Reqid
Xet-Cookie
X-Zen-Fury
X-Tumblr-Pixel-2
X-Dc
X-Soup
ServedBy
X-Aspnetmvc-Version
X-Service
X-Tec-Api-Root
X-Tec-Api-Origin
X-App-Version
X-TA-CDN-Provider
X-MP-GENERATED-AT
X-Tec-Api-Version
X-Origin-TTL
X-Webkit-CSP
X-Newrelic-Synthetics
Origin
X-Origin-CC
X-Varnish-Hits
From-Origin
X-TIME
Source
X-Cache-Debug
X-GEO
X-Human
X-Cache-Tags
Cache
Fastly-Drupal-HTML
X-Varnish-Beresp-Ttl
Cross-Origin-Window-Policy
X-NewRelic-App-Data
X-Cached-By
X-RCS-CacheZone
Webserver
LB
WPO-Cache-Message
WPO-Cache-Status
SD-X-WS
MD5-Digest
X-ScT
X-Debug-Cache
BehaviorPad-Version
Rendered-Blocks
Host-ID
Rip
Sslversion
Expiry
Lang
Meta-Geo-Continent
Ngx.Var.Host
X-Forwarded-Path
X-Aed
X-AK-Request-ID
Odigeo-Trace-Id
X-A-Wwc
X-Parent-Response-Time
VNS-Age
X-PBS-Appsvrname
VNS-Cache
X-A
X-Orig-Expires
X-NAPM-TraceId
CPC-Age
DCR-Decision-By
Cdnsip
Cdncip
A
X-A-Ccd
X-Processor
X-Rojux
X-Rewrite-Enabled
Surrogated-Key
X-S
X-S-Cookie
CPC-Cache
X-A-Dgt
DCR-Processing-Time-Ms
X-SRCache-Key
X-A-Dam
T-Server
X-A-Dcw
Environment
X-Shop-Environment
X-Vdms-Path
X-Developer
X-Vdms-Version
X-BCube-Filmed-By
X-Bc-Bl
Xc-Version
X-D
X-Destination
X-External-Request-Id
X-Connection-Hash
X-Cache-NE
X-VG-WebCache
X-Ec-GeoHdr
X-TIM-N
X-User
X-ARC
X-Application
X-Tenant
X-B-Cookie
X-Ec-Fail
X-Nf-Request-Id
X-Cluster
X-Request-Host
Upgrade-Insecure-Requests
X-Gdpr
X-AOL-HN
X-FW-Version
X-Origin-Time
X-Served-From
Redirect-Candidate
X-Aicache-OS
X-Owner
X-Nyt-Route
X-Auto-Login
Thinkindot-CacheControl-Type
Thinkindot-Control
X-WP-CF-Super-Cache-Active
Server-Host
TDXMobile
AKAMAI
Thinkindot-CacheControl
X-Thinkindot-L3
X-Is-Gdpr
X-JWT-State
X-Level-Front-Cache
X-Worker
X-INCAP-ABP
X-Has-Esi
X-Core-Value
X-Developers
X-Generated-On
X-Geo-Header
X-Cdn-Srv
X-CMSURLCustom
OT-Force-Account-Verify
X-VServer
X-Dispatcher-Number
Country-Code
Cmstype
X-Accel-Buffering
Svr
X-VG-TLSProxy
X-SIPLIST1
X-Minions-Version
Platform
Cmsid
Traceparent
Candidate-Md5Url
Tube-Got-Eval
X-Variation
Apple-News-Services-Request-Url
Tube-Get-Contents
X-Cache-Bucket
CloudFront-Viewer-Country
Click-Count-Error
Click-Count-Action-Start
X-Varnish-Remaining-TTL
X-Loc
State
NGX
X-SVT-ORM-VERSION
Mobile-Detection-Method
X-ATG-Version
X-Sn-Servicetimems
X-GeoIP-City
X-Ec-Custom-Error
X-Gamma-Serve
Origin-EX
Origin-CC
Producers
Release
Req-Svc-Chain
Fastly-SWR
Fastly-SSL
Fastly-SIE
X-BBC-Edge-Cache-Status
Gh-Request-Id
Servername
X-DPWN-IS-SECURE
L
IsBot
Is-Eu
Apple-News-Services-Parsed-Url
Tube-Got-Results
Vix-Hermes-Req-Id
X-Request-URI
X-Region-Sid
X-Core-Mission
Apple-News-Services-Host
X-SVT-ORM-RULES
V-Age
X-Rocket-Nginx-Serving-Static
X-NodeID
X-Qloud-Router
X-DefHash
Web-Mar-Region
X-Platform-Server
X-Pool
X-Epic-Correlation-Id
X-DefElseHash
X-Origin
X-Varnish-Beresp-Status
X-Proxy-Cache-Info
X-NCache
X-Ad-Defer-Variation
X-Scale
X-Varnish-CookieHashed-On
X-Cdn-Origin
Tube-Return
X-Scheme
Apple-News-Services-Handled
Adler-Geo
X-Varnish-CookieINHashed-On
X-S-Maxage
X-SB
Fastly-Backend-Name
X-Sucuri-Cache
Mime-Version
X-HS-Content-Campaign-Id
X-Cache-Remote
X-Sucuri-ID
X-Cache-Info
X-Datadog-Trace-Id
X-Fmm-Version
X-Eu-Site
X-CacheTTL
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Bip
X-Csrf-Jwt
X-Esi-Check
X-Fastly-Backend
Sever-Int
X-Azure-Ref-OriginShield
Server-Hostname
Server-Ext
X-Cache-Id
X-CGP
X-Clara-WADP
X-Planisys-CDN-Cache
X-Udemy-Cache-App-Namespace
X-Rocket-Build-Number
X-Slack-Backend
Wxu-Next-Hostname
X-Hash
X-Sigma
X-RateLimit-Remaining-Second
X-Planisys-CDN-TTL
X-SplitTest
X-Sigma-Backend
X-Policy
X-RateLimit-Limit-Second
X-Thanos
X-GeoIP
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Cluster-Node
X-Device-Os
X-Fetched-On
X-Ckpd-Fst-Backend
Wxu-Next-Commit
NM-Fastcgi-Cache
Wxu-Next-Region
X-Branch-Name
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Planisys-CDN-Rules
Ha-Gx-Prefs
HA-Ipaddr
Kp-EeAlive
Fastly-GeoIP-CountryCode
Memcached
L5d-Success-Class
Machine
X-Viewer-Country
X-WADP-Cache
X-Wix-Viewer-Type
X-Gzip
DSUID
Decoy-Debug-TTL
X-Origin-Response-Time
Cache-Host
X-IPS-LoggedIn
X-V-Cache
X-Optimistic-Header
CDCHOST
Decoy-Debug-Status
Decoy-Debug-Key
Cluster
X-Esi
Datacenter
X-Clientip
Canary
X-FC-Vary-Parameters
X-LB-NoCache
X-Mvc-Supplant-Cachable
X-Block-Status
X-Irp-Debug
X-Hnp-Log
X-Gen-Mode
X-Forwarded-Site
Mail-Subject
We-Hiring
User-Cache-Control
HostName
Ec-Rule-Version
X-Var-Ttl
X-CSRF-Token
X-Tx-Id
WebServer
X-Trace-ID
X-VC
X-Pass-Why
X-Tumblr-Pixel-3
Pics-Label
X-ND-Cache
X-Mvc-Supplant-OutputCached
X-Up
AMP-Access-Control-Allow-Source-Origin
X-Via-NSCOPI
X-B3-SpanId
Sid
Time
Memory
X-GG-Cache-Date
X-WA-Info
Cache-Tv-Group
X-Presslabs-Stats
X-Refresh
Ssr
Request-ID
X-Via-Popv
X-Akamai-Transformed
X-Dispatch
X-Via-Poph
X-Via-Popn
X-Newrelic-App-Data
Fastcgi-Cache-TTL
X-Tb-Optimization-Total-Bytes-Saved
X-Xrds-Location
X-CACHE-AGE
X-Session-Fingerprint
Server-ID
Cache-Hits
My-App
X-ZONE
X-Servedbyhost
X-Edge-Pop
SID
X-Zone
X-Wa
X-Lambda-Id
X-Origin-Expires
X-Rebelmouse-Surrogate-Control
X-Release
X-Rebelmouse-Cache-Control
X-Pod-Name
X-Fastly-Cache
Env
X-Cs
X-Req
X-Fpc
X-Generated-In
X-B3-Spanid
X-DC
X-PX
CacheControlHeader
X-ID
GeoIp-Country-Code
True-Client-Country-4JS
X-LB-ID
X-Vc
X-NWS-UUID-VERIFY
X-NGINX-Cache
X-EC-Lua
Hostname
X-Ig-Push-State
X-MCACHE
X-Cache-Date
True-Client-IP
X-CSRF-TOKEN
X-MSEdge-Flight
X-TX-ID
X-MSEdge-Features
X-Buckets
X-NC
X-Endurance-Cache-Level
X-Conf
X-Op-Id-All
X-VCL-Version
X-TRACE-ID
X-Webkit-CSP-Report-Only
CDN
X-Microcachable
X-TH-Server
X-CS
X-CACHE-KEY
X-Dmc
X-Srv
Resin-Trace
X-GeoIP-Region-Code
X-HS-Status
X-GeoIP-Country-Code
WWW-Authenticate
Magicmarker
X-Accel-Expires-Debug
X-Date
Path
X-RateLimit-Reset
X-RAMCache
X-Be
X-Vcl-Version
Tcn
X-Wikidot-Static-Cache
Fastly-Drupal-Html
X-Wikidot-Backend
X-Check-Cacheable
X-Vercel-Cache
X-Vercel-Id
Powered-By
X-Varnish-Beresp-TTL
True-Client-Ip
X-Old-Content-Length
Section-Io-Origin-Status
Section-Io-Id
X-Akamai-Pragma-Client-IP
X-Datacenter
Section-Origin-Responded
X-Alfa-Service
Section-Io-Origin-Time-Seconds
GeoIP-Country-Code
X-Hyper-Cache
Proxy-Connection
Pramga
Yjs-Id
X-LiteSpeed-Cache-Control
X-Cache-Ttl
X-CLOUD-TRACE-CONTEXT
X-Micro-Cache
X-Geo
X-M-Log
X-Location
X-CF-Lambda-Fn
X-M-Reqid
X-FPC
X-CF-Lambda-Version
X-API-Version
X-Cache-ASPX
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Via-CDN
X-App
Tracecode
X-Mly-Id
X-Qnm-Cache
FSS-Cache
X-Lb-Id
X-Director
X-WA
X-Webstats-RespID
X-Edge-POP
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
YJS-ID
User-Agent
ENV
X-ServedByHost
Server-Id
X-Response-By
Lb
C-Via
X-Air-Pt
X-Dw-Trace-Id
X-DataCenter
X-Cdn-Forward
N-Cache
X-HA-Backend
X-Via-PopV
X-Test
X-Server-IP
X-Client-Ip
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Via-PopH
HIT
X-TrackingId
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Cdn
X-Via-PopN
Sm-Log-Id
X-AIR-PT
X-SERVER-NAME
X-Service-Response-Time
X-Traceid
X-FL-EDGE
Locid
X-From
Swift-Performance
M-TraceId
X-Instance-Name
X-Fastly-Backend-Reqs
Fastcgi-X-Cache-Version
Hit
NtCoent-Length
On-Server
Location
Srvid
X-UA
Dnion-Transfer-Encoding
X-Li-Fabric
X-Li-Pop
X-TT-LOGID
X-PAYTM-SRV-ID
X-Platform
Esi-Enabled
X-FORWARDED-FOR
X-LI-Proto
Geoip-Latitude
X-LI-UUID
X-LiteSpeed-Tag
X-HITS
X-Cc-Via
X-RSL
CountryCode
X-CUA
Uri
X-RPS
X-DW
X-DSS
X-DI
X-DB
XServer
Ohc-File-Size
X-Cache-Backend
X-Cache-Expires
Nginx-CQVIP
PICS-Label
X-We-Are-Hiring
X-RPM
X-Litespeed-Cache-Control
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Cache-Proxy
X-Vtex-Remote-Cache
X-B3-Parentspanid
X-Node-Id
X-ApacheServer
X-Vtex-Processado-Em
X-B3-ParentSpanId
X-CF-Powered-By
X-Fastly-Cache-Hits
XM
Wpo-Cache-Status
GeoIP-Latitude
X-PERF
Vha6-Origin
X-Request-Url
X-Cdn-Request-ID
X-Lb-Nocache
Wpo-Cache-Message
X-Fastly-Country-Code
X-HostName
X-Conten-Type-Options
X-Cache-Ngx
X-Ips-Loggedin
Warning
Wp-Super-Cache
X-Newegg-Flow
X-Newegg-Index
X-Kebabable
X-MTS-Cache
X-Matched-Rule
X-Loadbalancer
X-Matome-Cached
X-Keep
X-N-OperationId
X-LbNode
X-Nerd
X-Ntj-Investigation-Id
X-Origin-Ops
X-Onedio-Env
X-OVcl
X-OVcl-Cache
X-PageType
X-Okws-Version
X-Odoo-Frontend
X-NS-Authorization
X-NFL-Geo
X-Kebab
X-NXG
X-Nyt-Data-Last-Modified
X-NFL-Dma
X-Git-Commit
X-Eventloop-Lag
X-ETag
X-F-Status
X-Farm
X-Fastly-Is-Edge
X-Eid
X-Ee-Request-Id
X-Edge-IP
X-Ee-Generated-By
X-DT-Node
X-Paywall
X-Ee-Request-Date
X-Frame-Option
X-Doge
X-Header-Sub
X-Group
X-IBD-Cache
X-IBD-SID
X-Is-SSL
X-GoCache-CacheStatus
X-Global-Transaction-ID
X-Fstrz
X-Full-Ttl
X-GG-Cache-Status
X-Ee-Origin
X-Ittl
X-True-Client-Ip
X-Wag-Acs
X-Ver
X-Waitingroom
X-Web-Hosting
X-WP-Bypass
X-Vary-Devices
X-V2-Infrastructure
X-U-Cache
X-Tried-To-Kebabify
X-Upstream-State
X-User-Auth
X-Utime
X-WSR2
X-Xms-Page-Cache-Actions
X-HN
X-Ramcache
PFcat
X-Info
MIME-Version
X-Developed-By
Timeexpire
X-YSpaceId
X-VarnishDD-TTL
XV-Cache
XV-H
X-Toujours-Debout-Location
X-Toujours-Debout-Branch
X-Route
X-Request-Origin
X-Route-Akamai
X-Ruby
X-Save-Cache
X-Render-Time
X-Render-Method
X-Pver
X-PGF-Deflate
X-R-Cache
X-Reboot
X-Redis
X-Server-L
X-ServiceName
X-SVR-IIS
X-Stack-Name
X-Svr-Proxy
X-Test-Nginx-Ingress
X-Timestamp
X-SSLProxy
X-Square
X-Sh
X-Site
X-Slack-Shared-Secret-Outcome
X-SMP-JWT
X-PG-ACCESS
Panzer-Cache-Control
Nikkei-App-Version
NB-ESI
NLCacheNote
Npm-Cost
Npm-Remaining
Joe-X
Is-Https
Ec-Policy-Id
Deeplink
H1
HServer
HTTPProtocol
Ns
Ns-Ua
Rt-Proxy-Cache
Request-Uuid
Scheme
Selected-Route
Served
Region
RawURL
OK-Edge-Date
Ok-Cache-Status
Ok-Edge-Key
Origin-Site
Proxy-Cache
CMS-200
Cluster-Host
DynaTrace
SRV
WZWS-RAY
X-Mg-Cache
X-ElasticPress-Query
X-LAGOON
Fastcgi-Cache-Ttl
X-Moov-T
X-SD-PageType
X-Moov-Xdn-Version
X-Request-Start
Req-ID
X-Yottaa-OS
CF-Cached-On
Cdn-Country-Code
Cachekey
Cf-Device-Type
Cf-Locale
Cf-Wrk
Cache-Stat
Akamai-X-Url
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Cneonction
X-Serial
X-Th-Server
Service-Uuid
SFRVia
X-BeanStalkStage
X-BeanStalkRole
X-Cache-Cookie
X-Cache-IsMobileDevice
X-Cache-Length
X-Backside-Transport
X-Backend-TTL
X-Arena-Request-Id
X-Ar-Stats
X-ARRRG1
X-ASF-Cache
X-AspNetWebPages-Version
X-Cache-NPR
X-Cache-Reason
X-Colour
X-Coindesk-Cache
X-Container-Uri
X-Dcm-Pdtf
X-Dehri-Date
X-Cms-Device
X-Cf-Node-Idx
X-Cache-Response
X-Cache-ReqUri
X-CacheVersion
X-CDN-Pop
X-CDN-Pop-IP
X-Apache-Server
X-Amz-Meta-Cb-Modifiedtime
TWC-AK-Req-ID
Ttl
TWC-PATH-LOCALE
TWC-Subs
TWC-Unit
Time-Cloud-Cache
Technodrome
SII
Shieldsquare-Response
Store-Cloud-Cache
Sw
T-Request-Id
Uniqueid
Userver
X-Akamai-CacheKeyMod
X-AEO-Platform
X-Akamai-DeviceOS
X-Akamai-DeviceType
X-Akamai-Native
X-Accor-Asset
X-Accepted-Language
X-77-NZT
Vttl
X-77-NZT-Ray
X-Accel-Version
X-Accepted-Fulllang
X-Delivery