Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
X-XSS-Protection
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Xss-Protection
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
P3p
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Ua-Compatible
X-Cacheable
CF-Ray
Server-Timing
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
X-Backend
Allow
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Vhost
Xkey
X-Rq
X-Age
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-CST
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-HW
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
Accept-Ch-Lifetime
X-Application-Context
X-Country-Code
X-Oneagent-Js-Injection
X-Trace
X-Cache-Lookup
Content-Location
X-Ruxit-JS-Agent
X-Url
Service-Worker-Allowed
X-Content-Type
X-Clacks-Overhead
X-ECACHE
X-Country
X-Edge
X-Litespeed-Cache
X-Mod-Pagespeed
X-Origin-Cache-Key
X-Amz-Server-Side-Encryption
X-Midtier
Cache-Tag
X-FTR-Request-ID
X-Rack-Cache
Cross-Origin-Opener-Policy
Accept-Ch
X-MS-InvokeApp
X-Mcache
X-ESI
X-Upstream
X-Vname
X-TtlSet
X-PC
Nginx-Cache
X-Powered-By-Plesk
Rating
Edge-Control
X-D2id
X-Browser-Type
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Revision
X-Element-Page-Cache
Verso
X-Times
X-Ac
X-Ruxit-Js-Agent
X-Server-Name
X-Cnection
SPIisLatency
SPRequestDuration
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
X-Vcap-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-SharePointHealthScore
SPRequestGuid
X-Dw-Request-Base-Id
X-B3-TraceId
X-RateLimit-Remaining
X-GitHub-Request-Id
X-VARITI-CCR
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Ser
AR-CACHE
X-Cache-Key
S
X-NF-Request-ID
RTSS
Origin-Trial
X-Cache-TTL
X-Mg-S
Edge-Cache-Tag
X-Server-ID
X-Amz-Rid
Pagespeed
X-Sol
X-Middleton-Display
Display
Fastly-Restarts
X-Ttl
X-Content-Security-Policy-Report-Only
X-Client-IP
X-Goog-Hash
X-Amzn-Trace-Id
X-NWS-LOG-UUID
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Version
X-Varnish-TTL
Access-Control-Request-Method
Cache-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
X-Recruiting
X-Content-Digest
X-SRCache-Fetch-Status
Arr-Disable-Session-Affinity
X-SRCache-Store-Status
X-Webkit-Csp
X-T
X-MSEdge-Ref
X-Forwarded-For
X-TraceId
Content-MD5
X-Middleton-Response
Response
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Ua-Device
TP-Cache
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Shield-Request-Id
X-Cached
X-Hits
Public-Key-Pins
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-RateLimit-Limit
X-FTR-Balancer
X-FTR-Expires
X-Id
Server-Node
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Frontend
Payment
X-Request-Received
MS-Author-Via
X-Ua-Browser
X-Request-Processing-Time
X-WebKit-CSP-Report-Only
Front-End-Https
X-FastCGI-Cache
X-DIS-Request-ID
Cross-Origin-Resource-Policy
X-LLID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Forwarded-Proto
X-GUploader-UploadID
X-Kinja-CCPA
Cache-Tags
X-LB-Cache
Realpath
TP-L2-Cache
X-Daa-Tunnel
X-Fastcgi-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Protected-By
Count-Hit
X-Origin-Server
X-ORACLE-DMS-RID
X-Microsite
X-Request-Handler-Origin-Region
X-Distributor
X-Page-Id
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-PressLabs-Stats
X-F-Cache
X-TTL
X-Cluster-Name
X-Az
X-NGENIX-Cache
X-AppVersion
X-Activity-Id
X-Correlation-Id
Accept-Charset
X-Varnish-Backend
X-Www-Served-By
X-Geo-Country
X-Hostname
Referer-Policy
X-Debug-Info
X-Envoy-Decorator-Operation
X-App-Server
X-FB-Debug
X-Kong-Upstream-Latency
Fastcgi-Cache
X-Kong-Proxy-Latency
Host
X-Goog-Metageneration
X-Varnish-Server
X-Rid
Access-Control-Allow-Method
X-ORACLE-DMS-ECID
X-Git-Hash
Retry-After
Server-Name
X-RateLimit-Reset
X-Oracle-Dms-Ecid
X-Fastly-Request-ID
X-Tt-Trace-Tag
X-Px
X-Tt-Trace-Host
X-Content-Options
X-Ratelimit-Limit
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Is-Crawler
X-Request-Guid
X-Route-Name
X-Flags
DC
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Contextid
X-B3-Sampled
X-Revision
X-Load-Cache
X-Mobile
TCN
X-Grace
X-Signature
X-Trace-Id
X-App-Environment
X-B-Cache
X-Origin-Cache
X-Type
X-TT
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Cleartype
X-Cache-Control
X-Datadog-Parent-Id
X-Fb-Rlafr
Charset
X-B
Paypal-Debug-Id
X-CSRF-Token
X-Language
Section-Io-Cache
X-Oracle-Dms-Rid
X-Amz-Meta-S3cmd-Attrs
Frame-Options
X-Seen-By
X-Logged-In
X-Amz-Replication-Status
X-ASPNET-VERSION
X-Goog-Generation
X-Webkit-CSP
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-XRDS-LOCATION
X-Goog-Stored-Content-Length
Healthy
X-Ezoic-Cdn
X-Upgrade-Enabled
X-Magnolia-Registration
X-Whom
Filterid
X-Wix-Request-Id
X-Newrelic-App-Data
X-Varnish-Ttl
X-EdgeConnect-Cache-Status
X-Node-Name
X-Azure-Ref
Content-Disposition
X-App-Version
X-Proxy
X-B3-Traceid
X-Ratelimit-Remaining
X-N
Backend
Upgrade-Insecure-Requests
X-Template
Akamai-GRN
X-Fastly-Request-Id
X-Proxy-Cache-Info
Refresh
X-Air-Pt
NGB
X-Response-Served-From
X-Original-Request-Id
X-Is-Bot
X-Servername
SD-X-WS
VIX-Pulpo-Node
X-Rendered-As
VIX-Pulpo-Upstream-Status
X-ProcessESI
X-Page-View
X-Unique-Id
X-RemovedCookies
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Grace
X-Tumblr-Pixel-1
X-Tumblr-User
Url
X-Adobe-Loc
X-Adobe-Content
X-Datadog-Sampled
X-Debug-IsConnected
X-Debug-IsPreview
X-Tumblr-Pixel-0
X-RTag
X-Tumblr-Pixel
MS-CV
Ms-Operation-Id
X-Amzn-Remapped-Content-Length
Fastly-SIE
X-Region
X-UUID
Fastly-SWR
X-G
X-Cacheable-TTL
Liferay-Portal
X-Instance
From-Origin
X-Device-Type
X-Environment-Context
X-Cache-Grace
X-Jobs
X-B3-SpanId
X-User-Agent
X-L-Path
Viewport
X-Debug
X-FW-Dynamic
X-FW-Static
X-NYM-Debug-Backend
X-Rule
X-IPS-LoggedIn
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Version
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Country
X-Cache-Hit
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-Hosted-By
X-Status
X-XRDS-Location
X-Use-Magma
X-Hl-Ver
X-Backend-Name
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Content-Powered-By
ServerID
X-Http-Reason
X-Akamai-Request-ID2
Protected
X-Origin-TTL
Alternate-Protocol
X-Cache-Status-Check
X-Cache-Age
X-Origin-CC
X-VC-Cache
X-Tec-Api-Origin
Version
X-Tec-Api-Version
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Time
X-CCDN-Origin-Time
X-Tec-Api-Root
X-HTML-Minification-Powered-By
X-Akamai-Edgescape
Countrycode
X-NODE
WPO-Cache-Status
WPO-Cache-Message
X-COUNTRY
X-CDN-Forward
X-Framework
X-Rocket-Nginx-Serving-Static
X-INCAP-ABP
X-Via-JSL
SRV
X-Edge-Location
CDN-RequestId
CF-IPCountry
Front
X-Cache-Rule
GEO-INFO
X-Nginx-Cache
X-WP-CF-Super-Cache-Active
X-Source
Access-Control-Request-Headers
X-Storage
X-Httpd
X-Accel-Version
X-Mode
X-Endurance-Cache-Level
Meta-Geo
Filters
X-UPSTREAM-Address
Accept-Language
X-Xfnlog-Site
X-Rn-Rsrv
X-Upstream-Ct
X-Rewrite-Enabled
X-Upstream-Ht
X-Cache-Operation
OT-Force-Account-Verify
X-Real-IP
Selected-Fe
X-Served-From
X-Timing-Wait
X-JoinUs
X-Detected-As
X-Cache-Debug
X-Proxy-Build
Xet-Cookie
X-SaId
Webserver
X-Soup
X-Sql-Count
ServedBy
X-Sql-Duration-Ms
X-Adobe-Source
X-Cms-Context
X-Director
X-Cache-Time
X-Say-Cacheable
X-Tumblr-Pixel-2
X-ProxyCache-Status
X-ProxyCache-Key
X-Lambda-Id
X-Say-TTL
X-SayCDN-TTL
X-Use-Mantle
X-Tumblr-Pixel-3
X-BYPASS-REASON
X-Handled-By
X-GeoCode
X-VC
X-GeoCountry
X-Vcache
X-Varnish-Beresp-Grace
DB-Nickname
X-S
X-Tncms
X-Varnish-Cache-Hits
X-No-Session
Apigw-Requestid
X-Loop
X-Skip-Cache
X-Varnish-Age
X-Worker
Xserver
X-Logging-Id
X-Redis-Cache
X-RM-Cache-TTL
Mn-Server-Ip
X-Generation-Time
X-Server-W
X-Fetched-On
X-Format
X-DynaTrace
X-Container-Uri
X-LJ-Flow-ID
X-VCT
TWC-GeoIP-LatLong
Web-Mar-Node
X-VWS-Id
TWC-Locale-Group
X-Origin-Hint
X-RCS-CacheZone
TWC-Privacy
X-PHP-Host
X-Restarts
Webcakes-App-Version
TWC-Device-Class
TWC-Connection-Speed
X-Git-Commit
TWC-GeoIP-Country
X-Labrador-Cache-Channel
Webcakes-App-Name
Property-Id
Webcakes-Region
X-AWS-Id
X-Browser-Name
X-Ms-Request-Id
X-Proxied
X-Origin
X-Ms-Version
X-Is-Tablet
X-Reqid
X-Routing-Service
X-ServerID
X-Tcp-Rtt
X-Zipkin-Id
X-Is-Supported-Browser
X-Is-Mobile
X-Extlb
X-Cluster
X-Cache-Server
X-Forwarded-Host
X-Geo-Region
X-Is-Desktop
X-IPLB-Request-ID
X-IPLB-Instance
X-Cache-Host
Node
X-AB
Azure-Version
Cache-Tv-Group
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Tb
Azure-InstanceId
X-Uri
X-Vercel-Id
X-Vercel-Cache
X-R9-Blue-Green-Version
X-Provided-By
X-Frame-Option
Section-Io-Id
X-Site-Version
X-FB-TRIP-ID
Priority
X-Platform-Router
X-Locale
X-Platform-Processor
X-Platform-Cluster
Content-Secure-Policy
Source
X-Webstats-RespID
Fastcgi-Useragent
X-Web-Node
X-MP-GENERATED-AT
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
WZWS-RAY
AMP-Access-Control-Allow-Source-Origin
CDN-Uid
CDN-RequestPullCode
CDN-RequestPullSuccess
Cross-Origin-Embedder-Policy
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-CachedAt
X-Origin-Date
CDN-Cache
Locale
Onion-Location
X-Alternate-Cache-Key
X-Vcl-Version
X-Storefront-Renderer-Rendered
X-Urbn-Site-Id
X-Shopify-Stage
X-Content-Age
X-Urbn-Context-Path
S-Rt
WP-Super-Cache
X-Generated-By
X-Ua
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-SRV
X-Varnish-Beresp-Ttl
X-Cluster-Node
X-Newrelic-Synthetics
X-Xrds-Location
X-Sucuri-Cache
X-Pass-Why
X-Cdn-Origin
X-Proxy-Cache-Status
X-Cache-Action
X-Sucuri-ID
X-Buckets
Sid
X-DataDome
X-Mg-Request-UUID
Cross-Origin-Window-Policy
Fastly-Drupal-HTML
X-Cache-Expired-At
X-TT-LOGID
Thinkindot-Control
X-GEO
X-Scope-Id
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-LSADC-Cache
TDXMobile
X-Request-URI
X-CMSURLCustom
X-Shield-Cache-Expires
X-TA-CDN-Provider
Cache
X-Thinkindot-L3
X-Viewer-Country
X-Ec-Custom-Error
X-Ec-Fail
Redirect-Candidate
X-PAYTM-SRV-ID
Ngx.Var.Host
X-Vdms-Version
Ngx-Var-Key
Origin
X-Ec-GeoHdr
Origin-Agent-Cluster
Environment
DCR-Processing-Time-Ms
HostName
DCR-Decision-By
Cross-Origin-Embedder-Policy-Report-Only
Candidate-Md5Url
CDCHOST
X-DC
Gannett-Cam-Experience-Id
MD5-Digest
Meta-Geo-Continent
X-Epic-Correlation-Id
Lang
X-External-Request-Id
X-Vtex-Remote-Cache
Rendered-Blocks
X-Scheme
X-A
X-Developer
X-B-Cookie
X-S-Cookie
X-D
X-Rojux
X-A-Ccd
X-A-Dam
X-Conf
X-Application
X-Aed
X-A-Wwc
X-A-Dgt
X-ScT
X-A-Dcw
T-Server
Type
X-Bl-Debug
X-Vdms-Path
X-SRCache-Key
X-Cache-Bucket
X-Cache-NE
X-Destination
X-TIM-N
Surrogated-Key
X-BCube-Filmed-By
X-Bc-Bl
Sslversion
X-Optimistic-Header
X-WP-CF-Super-Cache-Cookies-Bypass
X-Aspnetmvc-Version
X-GeoIP-Country-Code
X-Aicache-OS
X-Cache-Info
X-Human
X-BBC-Edge-Cache-Status
X-GeoIP-Region-Code
Apple-News-Services-Handled
X-Bip
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Fastly-SSL
Pramga
Server-Host
Server-Hostname
Server-Ext
Release
X-Dispatcher-Server
Req-Svc-Chain
X-Instance-Name
Sever-Int
Ssr
X-Fastly-Cache
X-Access
X-Acquia-Purge-Cdn-Unconfigured
Host-ID
L
Magicmarker
Vix-Hermes-Req-Id
X-Core-Value
X-Generated-On
Apple-News-Services-Host
X-Pubstack
X-Sigma
X-Op-Id-All
X-Section
X-SD-PageType
X-Varnish-Hostname
X-Req
X-Sigma-Backend
X-VG-TLSProxy
X-VServer
X-Varnish-Beresp-Status
X-Varnish-Director
X-Correlation-ID
X-Platform
X-VG-WebCache
X-VCache
X-Pool
X-Rocket-Build-Number
X-Mly-Id
X-SB
X-Men
X-Level-Front-Cache
X-Loc
X-Up
X-Request-Time
X-Thanos
User-Cache-Control
Edge-Copy-Time
X-Datadome
Atl-Traceid
X-TimeS
X-Via-SSL
X-Via-CDN
X-Via-Edge
X-Service
X-V-Cache
NM-Fastcgi-Cache
X-Core-Mission
X-Zen-Fury
X-Origin-Time
X-We-Are-Hiring
X-B3-Trace-ID
X-WA-Info
Producers
Tube-Got-Results
Tube-Return
X-Proxied-Request
Tube-Got-Eval
X-Debug-Cache-Store
Tube-Get-Contents
X-Debug-Cache-Fetch
X-Ad-Load-Variation
Wxu-Next-Commit
True-Client-Country-4JS
Platform
X-Irp-Debug
X-DPWN-IS-SECURE
X-Policy
X-Device-Os
Uber-Trace-Id
X-Clientip
X-SVT-ORM-RULES
X-Nyt-Route
Cache-Provider
C-Via
X-Cache-Date
Canary
X-Old-Content-Length
X-Block-Status
X-GeoIP
X-GeoIP-City
X-Org
X-NMSegId
Wxu-Next-Region
X-HS-Content-Campaign-Id
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Cache-TTL-Remaining
X-NCache
X-Hnp-Log
X-UA-Device-Type
X-Nginx-Cache-Key
Adler-Geo
X-Hash
Click-Count-Action-Start
Click-Count-Error
X-Fastly-Backend
X-Request-Start
Fastly-GeoIP-CountryCode
X-Server-IP
X-SVT-ORM-VERSION
V-Age
X-Forwarded-Site
X-Node-Id
Wxu-Next-Hostname
Is-Eu
X-FC-Vary-Parameters
Esi-Enabled
Country-Code
X-Gdpr
X-Gen-Mode
X-Origin-Response-Time
X-From
X-Fmm-Version
X-TH-Server
DSUID
X-Varnishpool
Req-ID
X-Tt-Logid
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Cache-Id
X-Auto-Login
X-Slack-Backend
X-ApacheServer
X-SIPLIST1
X-Nf-Request-Id
X-Var-Ttl
Pics-Label
X-Gzip
X-CacheTTL
Web-Mar-Region
X-Via-Popv
On-Server
Mail-Subject
Machine
X-Geo-Header
Gh-Request-Id
IsBot
X-Esi-Check
X-PERF
X-HA-Backend
X-Request-Host
X-Micro-Cache
W
We-Hiring
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Via-Popn
X-Proto
LB
X-Via-Poph
X-Parent-Response-Time
X-CF-Lambda-Fn
X-GoCache-CacheStatus
X-Cdn-Srv
X-Owner
X-CGP
X-Csrf-Jwt
X-Edge-Server
X-CF-Lambda-Version
X-Eu-Site
X-Test
X-App-Name
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
N-Cache
NGX
Fastly-Backend-Name
Expect-Staple
X-ZONE
X-Ratelimit-Reset
Cdn-Host
Cdn-Request-Time
Cf-Device-Type
Proxy-Firewall
AKAMAI
Expiry
X-Connection-Hash
Datacenter
Cluster
Xc-Version
X-LB-NoCache
X-Moov-Xdn-Version
A
X-Branch-Name
Content-Style-Type
Content-Script-Type
X-Wikidot-Static-Cache
X-Orig-Expires
X-Ah-Environment
X-Tx-Id
X-Shop-Environment
X-Cache-Type
X-Qloud-Router
X-Forwarded-Path
X-NGINX-Cache
X-Tenant
X-Wikidot-Backend
X-Moov-T
X-Accel-Expires-Debug
X-Date
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-Authentication
X-Gamma-Serve
X-Contensis-Viewer-Groups
X-Cache-Aspx
X-Dc
SID
Cdn
X-LB-ID
Cache-Key
RNT-Time
X-Wa
X-Varnish-Hits
Yak-Timeinfo
Server-ID
X-Refresh
X-Servedbyhost
X-AK-Request-ID
Cdnsip
RNT-Machine
X-Region-Sid
Cdncip
X-Nc
X-ND-Cache
Locid
Cmsid
Cmstype
X-Cdn-Diag
CPC-Cache
X-HN
X-Amz-Storage-Class
PFcat
CPC-Age
X-Vmg-Version
X-VarnishDD-TTL
X-Api-Version
X-VHOST
X-DynaTrace-JS-Agent
NtCoent-Length
X-TIME
X-Fpc
X-LAGOON
X-MCACHE
X-Tb-Optimization-Total-Bytes-Saved
X-Client-Ip
RATING
GeoIp-Country-Code
X-CDN-Cache-Status
X-Azure-Ref-OriginShield
Cdn-Requestid
X-Nananana
CloudFront-Viewer-Country
XM
X-Backend-Instance
X-Srv
Resin-Trace
X-B3-Parentspanid
CacheControlHeader
X-Origin-Expires
X-Via-Fastly
X-CACHE-AGE
X-Akamai-Transformed
X-API-Version
X-TX-ID
X-Cache-Backend
X-Variation
X-LiteSpeed-Tag
X-Hit
Uri
X-Zone
User-Agent
MIME-Version
X-Proxy-CacheRZ
XkeyRZ
X-Fastly-Country-Code
X-Lagoon
VNS-Age
VNS-Cache
X-URL
X-CSRF-TOKEN
X-LiteSpeed-Cache-Control
X-Vc
X-NewRelic-App-Data
Cache-Name
X-Info
X-Amz-Meta-Opti
Cross-Origin-Opener-Policy-Report-Only
True-Client-Ip
X-Dynatrace-Js-Agent
Tcn
GeoIP-Latitude
Lb
X-DataCenter
X-Datacenter
Hostname
X-UA
True-Client-IP
X-B3-Spanid
X-HostName
X-Ig-Origin-Region
DataCenter
X-Dispatcher-Number
X-Presslabs-Stats
X-Geo
Cache-Hits
Mime-Version
X-NWS-UUID-VERIFY
X-AIR-PT
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
X-Location
X-Cached-By
Fusion-Template-Id
Fusion-Content-Id
X-Mid
Powered-By
X-Cloudmap
Origin-CC
X-Jungle-Id
Origin-EX
Fastly-Drupal-Html
Cf-Ipcountry
X-CUA
X-Cdn-Forward
X-Webkit-Csp-Report-Only
X-Segment-20210421
X-IAuth-Set-Uid
BehaviorPad-Version
X-User
Srv
X-CS
Ohc-File-Size
X-Traceid
GeoIP-Country-Code
CountryCode
X-Varnish-Beresp-TTL
X-ECache
Cl-Cache
X-Cdn-Cache-Status
X-Cache-Enabled
Debug
X-Dispatch
X-Esi
Ohc-Cache-HIT
X-FPC
X-Oracle-DMS-ECID
My-App
Server-Info
X-RID
Location
Load-Balancing
X-Lb-Id
X-Powered-By-VTEX-Cache
X-Cs
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-VTEX-Cache-Server
X-Render-Time
X-VTEX-Cache-Time
X-Wormhole-Sdk
Wpo-Cache-Status
CDN
Wpo-Cache-Message
X-Snapshot-Date
X-WA
X-Auth-Group-Type
X-ServedByHost
X-NC
Edge-Cache
X-Internal-Host
CF-Ctrl
X-Litespeed-Tag
Server-Id
YJS-ID
X-VCL-Version
X-MSEdge-Flight
X-App
X-Nitro-Cache
X-MSEdge-Features
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
X-Fastly-Backend-Reqs
X-Lb-Nocache
X-ID
X-Litespeed-Cache-Control
Ms-Author-Via
X-Akamai-Pragma-Client-IP
CF-Cached-On
X-NodeID
X-Nitro-Rev
Xkey-La3
X-Ig-Push-State
X-Proxy-Cache-La3
X-Nitro-Cache-From
X-Cdn-Request-ID
X-MiniProfiler-Ids
X-Cache-FS-Status
Xkeylog
X-Dw-Trace-Id
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Time
Memory
Memcached
X-IN-APIGATEWAYSSL
Odigeo-Trace-Id
X-IN-APIGATEWAY
OriginIP
X-Acquia-Site
Srvid
FSS-Cache
X-FL-EDGE
X-APP-VERSION
Ngx
X-FL-QIT-DEBUG
X-Th-Server
X-Sorting-Hat-Podid
X-Cache-Version
X-Shopid
X-Shardid
X-Sorting-Hat-Shopid
X-Http-Count
X-Pad
X-Http-Duration-Ms
X-Mg-Cache
Yjs-Id
X-Vary
X-Varnish-CookieHashed-On
X-Vgn-Hpd-Reason
X-Varnish-CookieINHashed-On
Akamai-Cache-Status
X-Varnish-Remaining-TTL
X-Te-Count
X-Via-PopH
X-DefElseHash
Sm-Log-Id
X-Check-Cacheable
X-Lsadc-Cache
X-Sucuri-Id
X-RequestId
Geoip-Latitude
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Serial
X-Service-Response-Time
X-Via-PopN
X-Udemy-Cache-App-Namespace
X-Ha-Backend
X-Via-PopV
X-Fastly-Cache-Hits
X-Web-Server
X-DefHash
X-Te-Duration-Ms