Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
CF-Ray
X-Generator
X-Cacheable
X-Iinfo
Timing-Allow-Origin
X-Request-ID
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
X-Via
X-Cache-Group
X-Robots-Tag
Server-Timing
X-UA-Device
Request-Context
X-Dns-Prefetch-Control
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Ws-Request-Id
P3p
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Akamai-Path-Stats
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Nginx-Cache-Status
X-Aws-Lambda-Call-Status
Accept-CH
X-Host
X-Node
X-OneAgent-JS-Injection
X-Pingback
Cf-Railgun
X-Server-Id
X-Cache-Spec
Request-Id
Surrogate-Control
EagleEye-TraceId
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
Accept-CH-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Cloud-Trace-Context
X-Country
X-Url
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-MS-InvokeApp
X-Nginx-Upstream-Cache-Status
X-Edge
X-Rack-Cache
X-Amz-Server-Side-Encryption
Edge-Control
X-B3-TraceId
X-PC
X-Vname
X-TtlSet
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Content-Type
X-Mod-Pagespeed
X-ESI
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-D2id
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-Exp-Variant
Xkey
Verso
X-GitHub-Request-Id
X-CST
X-Mcache
X-Amz-Rid
Cache-Tag
X-Powered-By-Plesk
X-FastCGI-Cache
X-VARITI-CCR
X-Varnish-TTL
RTSS
Service-Worker-Allowed
X-Ruxit-Js-Agent
X-Upstream
X-Version
X-Navigation-Version
X-Abt-Application-Version
X-Cached
X-ECACHE
X-Client-IP
X-Cnection
X-Ac
X-Dw-Request-Base-Id
X-Ttl
X-Px
X-Element-Page-Cache
SPRequestGuid
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Server-Name
X-SharePointHealthScore
Arr-Disable-Session-Affinity
Public-Key-Pins
X-Cache-TTL
SPRequestDuration
SPIisLatency
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Country-Code
X-NWS-LOG-UUID
Permissions-Policy
X-Ser
X-Middleton-Response
Response
X-Midtier
X-Cache-Key
X-Edge-Location-Klb
X-Kinsta-Cache
X-RateLimit-Remaining
X-Goog-Hash
X-Forwarded-For
Content-MD5
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Accept-Ch
Access-Control-Request-Method
X-NF-Request-ID
Front-End-Https
X-Shield-Request-Id
Cf-Apo-Via
X-DataDome
X-MSEdge-Ref
X-Correlation-Id
X-Recruiting
X-T
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
TP-Cache
TP-L2-Cache
X-Accel-Expires
AR-ATIME
AR-Request-ID
Nginx-Cache
Edge-Cache-Tag
AR-SID
AR-PoweredBy
AR-CACHE
MicrosoftSharePointTeamServices
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Daa-Tunnel
X-Powered-CMS
X-RateLimit-Limit
TCN
X-Grace
X-Mg-S
X-Content-Digest
X-Id
X-Hits
X-Request-Processing-Time
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Request-Received
X-TEC-API-VERSION
Server-Node
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
Server-Name
Filters
X-Amzn-Trace-Id
X-Frontend
MS-Author-Via
X-Geo-Country
X-Distributor
S
Fastcgi-Cache
X-Protected-By
X-Fastly-Request-Id
X-Language
X-XRDS-Location
X-LLID
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
Cache-Status
X-Origin-Server
X-LB-Cache
Count-Hit
X-Ezoic-Cdn
X-PressLabs-Stats
Cross-Origin-Opener-Policy
X-F-Cache
X-Forwarded-Proto
X-Litespeed-Cache
X-Microsite
X-Ua-Browser
Filterid
Host
X-B3-Sampled
X-FB-Debug
X-Ab
X-Seen-By
X-Page-Id
X-Request-Handler-Origin-Region
X-Git-Hash
Payment
Charset
X-Amz-Meta-S3cmd-Attrs
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Fastcgi-Cache
X-Cluster-Name
X-VCache
Surrogate-Key
X-Cache-Age
Realpath
X-Rid
Accept-Charset
X-Template
Cache-Tags
X-Origin-Cache
X-Webkit-Csp
X-NGENIX-Cache
Alternate-Protocol
Access-Control-Allow-Method
X-Www-Served-By
Retry-After
X-Logged-In
X-TTL
X-Upgrade-Enabled
Cleartype
X-Az
X-AppVersion
X-Activity-Id
X-DIS-Request-ID
X-Varnish-Backend
X-Route-Name
X-TT
X-Tb
X-Signature
X-Varnish-Grace
X-Request-Guid
X-Is-Crawler
X-Wix-Request-Id
X-Source
X-Amz-Replication-Status
X-Aspnet-Duration-Ms
X-Flags
X-B-Cache
X-Providence-Cookie
X-App-Environment
X-DynaTrace
ServerID
X-B
X-Type
X-Envoy-Decorator-Operation
Paypal-Debug-Id
DC
X-Node-Name
X-Hostname
X-Drupal-Cache-Tags
Frame-Options
X-Debug
X-Revision
X-Proxy
X-Contextid
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Mobile
X-Fastly-Request-ID
Pinterest-Generated-By
X-Content-Options
Pinterest-Version
X-Pinterest-Rid
X-Cache-Rule
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Load-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Goog-Storage-Class
X-GUploader-UploadID
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-N
Country
Refresh
X-Magnolia-Registration
Node
NGB
X-User-Agent
X-Content
X-Original-Request-Id
X-Response-Served-From
Viewport
X-Whom
X-EdgeConnect-Cache-Status
Referer-Policy
X-XRDS-LOCATION
Access-Control-Request-Headers
X-Content-Powered-By
X-Framework
X-Cache-TTL-Remaining
X-L-Path
X-Environment-Context
X-Debug-IsPreview
X-Debug-IsConnected
X-Ratelimit-Remaining
X-Cacheable-TTL
X-Cache-Grace
X-Real-IP
X-Page-View
X-Mid
X-Jobs
X-Rendered-As
X-Servername
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Age
X-Unique-Id
X-Is-Bot
X-NYM-Debug-Backend
VIX-Pulpo-Upstream-Status
X-Instance
VIX-Pulpo-Node
Url
Uber-Trace-Id
X-Adobe-Loc
X-Adobe-Content
X-Cache-Time
X-G
X-Akamai-Request-ID2
X-Status
X-Varnish-Server
Content-Disposition
Srv
X-ProcessESI
X-RemovedCookies
Akamai-GRN
Countrycode
X-COUNTRY
X-Drupal-Cache-Contexts
X-APP-VERSION
Version
X-Mg-Request-UUID
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Trace-Id
X-Server-ID
X-CDN-Forward
X-Time
X-Restarts
X-Via-JSL
X-Http-Reason
X-Cache-Expired-At
X-App-Server
Accept-Language
X-Cache-Hit
X-Tumblr-Pixel-0
Cross-Origin-Resource-Policy
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Protected
X-Tumblr-User
X-IPLB-Instance
X-IPLB-Request-ID
Healthy
X-Hosted-By
X-Ratelimit-Limit
X-Cache-Operation
X-Debug-Info
X-Azure-Ref
X-Backend-Name
X-Nginx-Cache-Key
Content-Secure-Policy
X-ECache
Section-Io-Cache
X-Device-Type
X-Tt-Logid
X-Api-Version
Liferay-Portal
X-Akamai-Edgescape
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
Backend
X-FW-Static
X-FW-Type
Server-Info
X-Cache-Action
X-RTag
Fastcgi-Useragent
X-Rule
MS-CV
Ms-Operation-Id
X-Mobile-URL
X-UPSTREAM-Address
X-Proxy-Cache-Status
X-VC-Cache
X-RN-RSRV
Load-Balancing
Meta-Geo
X-Storage
GEO-INFO
X-SRV
X-Mode
X-Generation-Time
X-Content-Age
X-Varnish-Beresp-Grace
X-Handled-By
CF-IPCountry
X-Cache-NGX
Locale
CDN-Uid
S-Rt
Property-Id
Azure-Version
Onion-Location
CDN-RequestId
Web-Mar-Node
CDN-RequestCountryCode
TWC-Locale-Group
TWC-GeoIP-LatLong
CDN-EdgeStorageId
X-Skip-Cache
TWC-Device-Class
TWC-Connection-Speed
CDN-PullZone
TWC-Privacy
CDN-Cache
CDN-CachedAt
Webcakes-Region
X-Sorting-Hat-PodId
X-AWS-Id
X-Cache-Enabled
X-Cache-Host
X-Sorting-Hat-ShopId
X-Sql-Count
X-Forwarded-Host
Azure-SlotName
X-Sql-Duration-Ms
X-Alternate-Cache-Key
X-Labrador-Cache-Channel
X-Site-Version
X-Edge-Location
X-Format
X-ShardId
X-ShopId
X-SayCDN-TTL
X-Say-TTL
X-Cms-Context
X-SaId
X-Say-Cacheable
X-Urbn-Context-Path
X-Adobe-Source
X-PCL
X-PHP-Backend
X-PHP-Host
X-Proto
X-Origin-Hint
Webcakes-App-Name
X-Locale
X-No-Session
X-OCL
X-VWS-Id
X-Redis-Cache
X-JoinUs
X-Uri
X-Urbn-Site-Id
X-Region
X-Varnish-Cache-Hits
X-Varnish-Hostname
X-Varnishpool
Webcakes-App-Version
X-Shopify-Stage
X-LJ-Flow-ID
TWC-GeoIP-Country
X-URL
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-HTML-Minification-Powered-By
X-Proxied
X-Proxy-Build
X-Hl-Ver
X-ProxyCache-Key
X-ProxyCache-Status
X-FB-TRIP-ID
X-Cache-Type
X-BYPASS-REASON
X-Detected-As
X-Extlb
X-GeoCode
X-Request-Time
X-GeoCountry
X-ServerID
X-Zipkin-Id
X-Xfnlog-Site
X-Access
X-Section
X-R9-Blue-Green-Version
X-Cache-Server
X-Web-Node
X-Via-Fastly
X-UUID
X-Server-W
X-Datadome
X-Timing-Wait
X-UA-Device-Type
X-Routing-Service
X-Generated-By
Eomportal-Instance
Mn-Server-Ip
DB-Nickname
Selected-Fe
Apigw-Requestid
X-Storefront-Renderer-Rendered
X-Tid
X-Ms-Version
X-Cache-Status-Check
X-FireWall-Port
X-Ms-Request-Id
X-Correlation-ID
WP-Super-Cache
Cache-Name
X-Origin-Date
X-Nginx-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-DynaTrace-JS-Agent
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Xserver
ServedBy
X-Varnish-Ttl
X-LSADC-Cache
X-Zen-Fury
X-Dc
X-Loop
X-TNCMS
X-Ua
X-Human
X-Pubstack
Xet-Cookie
X-RCS-CacheZone
Source
Cache
X-Aspnetmvc-Version
X-Cache-Tags
X-Debug-Cache
X-Reqid
X-Amzn-Remapped-Content-Length
X-Varnish-Hits
X-Soup
X-GEO
X-Cdn
X-Newrelic-Synthetics
X-Cached-By
X-Webkit-CSP
X-MP-GENERATED-AT
X-TA-CDN-Provider
Origin
Cross-Origin-Window-Policy
X-Provided-By
X-Tumblr-Pixel-2
X-Vgn-Hpd-Reason
SD-X-WS
X-Origin-CC
X-Origin-TTL
WPO-Cache-Status
X-Service
From-Origin
WPO-Cache-Message
X-App-Version
X-IPS-LoggedIn
LB
X-TIME
X-Varnish-Beresp-Ttl
X-AOL-HN
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-NewRelic-App-Data
Rip
X-Via-NSCOPI
X-Request-Host
X-FW-Version
X-B3-Traceid
X-B3-SpanId
Webserver
X-NAPM-TraceId
X-Forwarded-Path
X-External-Request-Id
Environment
X-A-Dcw
Lang
X-A-Dam
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-AK-Request-ID
Host-ID
X-Aed
MD5-Digest
X-A
Rendered-Blocks
T-Server
Surrogated-Key
VNS-Age
VNS-Cache
Meta-Geo-Continent
Ngx.Var.Host
Odigeo-Trace-Id
X-Application
X-ARC
X-D
Cdncip
Cdnsip
X-Destination
BehaviorPad-Version
X-Ec-Fail
A
X-Developer
X-Connection-Hash
CPC-Age
X-BCube-Filmed-By
X-Bc-Bl
X-B-Cookie
Expiry
X-Cache-NE
CPC-Cache
DCR-Decision-By
DCR-Processing-Time-Ms
X-Ec-GeoHdr
X-Orig-Expires
X-S
X-S-Cookie
X-Cluster-Node
X-Shop-Environment
X-Vdms-Version
X-Processor
X-Rewrite-Enabled
X-SRCache-Key
X-Tenant
X-Rojux
X-GG-Cache-Date
X-Owner
X-Vdms-Path
Xc-Version
X-PBS-Appsvrname
X-VG-WebCache
X-Served-From
Sslversion
X-ScT
X-User
X-Platform-Server
X-TIM-N
X-CSRF-Token
HostName
OT-Force-Account-Verify
X-Bip
X-Accel-Buffering
Mime-Version
X-Generated-On
X-Dispatcher-Number
X-Aicache-OS
X-Thanos
X-Cache-Debug
Machine
X-Pool
Redirect-Candidate
X-Varnish-Beresp-Status
X-Qloud-Router
X-VC
X-Level-Front-Cache
X-Parent-Response-Time
Upgrade-Insecure-Requests
X-WA-Info
X-Cache-Id
Tube-Got-Eval
X-Sigma
X-Varnish-CookieHashed-On
Tube-Get-Contents
X-Branch-Name
Traceparent
X-Cache-Bucket
Thinkindot-Control
X-Cache-Info
X-CGP
X-Ckpd-Fst-Backend
X-Varnish-CookieINHashed-On
State
TDXMobile
X-Cdn-Origin
Tube-Got-Results
Thinkindot-CacheControl
X-CacheTTL
Thinkindot-CacheControl-Type
Tube-Return
X-Variation
X-Scale
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-V-Cache
We-Hiring
X-Thinkindot-L3
Wxu-Next-Region
Wxu-Next-Commit
X-Ad-Defer-Variation
Vix-Hermes-Req-Id
X-Auto-Login
Wxu-Next-Hostname
X-SIPLIST1
X-BBC-Edge-Cache-Status
X-Slack-Backend
X-Sn-Servicetimems
X-VG-TLSProxy
V-Age
X-SplitTest
X-Sigma-Backend
X-Viewer-Country
X-Proxy-Cache-Info
X-RateLimit-Limit-Second
X-INCAP-ABP
X-Irp-Debug
X-Minions-Version
X-Loc
X-RateLimit-Remaining-Second
X-Hash
X-Region-Sid
X-Gdpr
X-GeoIP
X-GeoIP-City
X-Gzip
X-WADP-Cache
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Origin-Response-Time
X-Origin
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Origin-Time
X-Planisys-CDN-Cache
X-Varnish-Remaining-TTL
X-Optimistic-Header
X-Worker
X-Wix-Viewer-Type
X-NodeID
X-Policy
X-Nyt-Route
X-Request-URI
X-Gateway-Skip-Cache
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-DefElseHash
X-Device-Os
X-DefHash
X-S-Maxage
X-SB
X-Cluster
X-Clientip
X-CMSURLCustom
X-Core-Mission
X-Csrf-Jwt
X-Core-Value
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Forwarded-Site
X-Fmm-Version
X-Gamma-Serve
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Fetched-On
X-Rocket-Build-Number
X-Rocket-Nginx-Serving-Static
X-VServer
X-Epic-Correlation-Id
X-Esi-Check
X-Eu-Site
X-Clara-WADP
Web-Mar-Region
Fastly-GeoIP-CountryCode
Fastly-SIE
DSUID
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-SSL
Fastly-SWR
IsBot
Kp-EeAlive
Is-Eu
HA-Ipaddr
Gh-Request-Id
Ha-Gx-Prefs
Datacenter
Country-Code
Apple-News-Services-Parsed-Url
Cache-Host
Apple-News-Services-Host
Apple-News-Services-Handled
X-ZONE
Adler-Geo
Canary
Candidate-Md5Url
Cmsid
Cmstype
Cluster
Click-Count-Error
Click-Count-Action-Start
L
Apple-News-Services-Request-Url
L5d-Success-Class
Mobile-Detection-Method
Platform
Servername
NM-Fastcgi-Cache
NGX
Release
Producers
Mail-Subject
Origin-EX
Memcached
Origin-CC
Req-Svc-Chain
Server-Host
Cache-Hits
X-WP-CF-Super-Cache-Active
WebServer
X-Trace-ID
X-Tx-Id
CloudFront-Viewer-Country
Svr
CDCHOST
Server-Hostname
Server-Ext
X-Cdn-Srv
X-NCache
Sever-Int
X-Scheme
X-HS-Content-Campaign-Id
X-Hnp-Log
X-Is-Gdpr
X-Developers
X-Gen-Mode
X-JWT-State
X-Has-Esi
Fastly-Backend-Name
X-Sucuri-Cache
X-Sucuri-ID
X-Geo-Header
X-Block-Status
User-Cache-Control
X-Cache-Remote
Cache-Tv-Group
Ec-Rule-Version
AKAMAI
X-Var-Ttl
X-Azure-Ref-OriginShield
X-Presslabs-Stats
X-FC-Vary-Parameters
X-ND-Cache
X-LB-NoCache
X-Fastly-Backend
X-ATG-Version
X-Newrelic-App-Data
X-Rebelmouse-Cache-Control
X-Fastly-Cache
Fastcgi-Cache-TTL
Sid
X-Session-Fingerprint
X-Origin-Expires
Memory
Pics-Label
Ssr
Time
X-Rebelmouse-Surrogate-Control
X-Tb-Optimization-Total-Bytes-Saved
X-Nf-Request-Id
Fastly-Drupal-HTML
X-Udemy-Cache-App-Namespace
X-Pod-Name
X-Generated-In
SID
AMP-Access-Control-Allow-Source-Origin
X-Servedbyhost
X-Akamai-Transformed
X-Via-Poph
X-Via-Popv
Env
X-Via-Popn
X-Cs
X-Buckets
Server-ID
X-Cache-Date
X-Refresh
X-Up
X-Release
X-Pass-Why
X-Ig-Push-State
X-NWS-UUID-VERIFY
X-Edge-Pop
My-App
X-NC
X-Conf
X-MSEdge-Flight
X-MSEdge-Features
X-Dispatch
X-Tumblr-Pixel-3
X-DC
X-Wa
X-Esi
X-Lambda-Id
X-Microcachable
X-Fpc
X-PX
Fastly-Drupal-Html
X-EC-Lua
CDN
GeoIp-Country-Code
X-CLOUD-TRACE-CONTEXT
X-ID
X-MCACHE
X-Endurance-Cache-Level
X-Dmc
True-Client-IP
X-CACHE-AGE
X-Xrds-Location
X-Req
X-CS
Magicmarker
X-VCL-Version
X-TX-ID
X-NGINX-Cache
X-RateLimit-Reset
X-Be
X-Webkit-CSP-Report-Only
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Zone
X-LB-ID
X-Vc
X-CACHE-KEY
Hostname
CacheControlHeader
X-TH-Server
X-CSRF-TOKEN
True-Client-Country-4JS
X-TRACE-ID
X-Srv
X-B3-Spanid
X-Op-Id-All
X-Air-Trace-Id
X-Air-Source
X-Hyper-Cache
X-Air-Hostname
X-Vcl-Version
X-Micro-Cache
X-Air-Pt
Resin-Trace
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-HS-Status
X-M-Log
X-M-Reqid
X-Varnish-Beresp-TTL
X-Alfa-Service
Tcn
Pramga
True-Client-Ip
Path
X-App
X-Qnm-Cache
X-Yandex-Sdch-Disable
Tracecode
C-Via
X-GeoIP-Country-Code
X-GeoIP-Region-Code
GeoIP-Country-Code
X-SERVER-NAME
X-Date
X-TrackingId
Section-Origin-Responded
X-Vercel-Id
Section-Io-Id
X-Vercel-Cache
Section-Io-Origin-Time-Seconds
N-Cache
X-FPC
Section-Io-Origin-Status
X-Accel-Expires-Debug
WWW-Authenticate
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
NtCoent-Length
Fastcgi-X-Cache-Version
Proxy-Connection
Esi-Enabled
On-Server
Yjs-Id
Hit
X-WA
X-Platform
X-RAMCache
X-Datacenter
X-PAYTM-SRV-ID
X-Webkit-Csp-Report-Only
X-Mly-Id
X-Platform-Processor
X-Via-CDN
Server-Id
X-Edge-POP
X-Platform-Cluster
X-Platform-Router
X-Old-Content-Length
FSS-Cache
Lb
X-Geo
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
X-LiteSpeed-Cache-Control
X-Node-Id
ENV
YJS-ID
X-API-Version
X-ServedByHost
X-Via-PopH
X-Via-PopN
X-Vtex-Remote-Cache
X-Via-PopV
X-Vtex-Processado-Em
GeoIP-Latitude
User-Agent
X-Response-By
X-Lb-Id
Powered-By
X-Dw-Trace-Id
X-UA
X-Cdn-Forward
X-Akamai-ERRuleID
X-Request-Start
HIT
X-Client-Ip
X-LAGOON
X-Akamai-ERPolicy
XServer
X-SD-PageType
X-AIR-PT
X-Webstats-RespID
X-Location
X-Render-Time
X-Cache-Ttl
X-Via-Ucdn
Cache-Key
Cdn
X-FL-EDGE
Srvid
X-TT-LOGID
X-Instance-Name
Locid
X-From
X-CUA
X-Li-Fabric
X-Li-Pop
X-LI-Proto
Geoip-Latitude
Dnion-Transfer-Encoding
X-Traceid
X-FORWARDED-FOR
X-LI-UUID
X-PERF
X-ApacheServer
X-Service-Response-Time
Sm-Log-Id
X-RPS
X-RSL
Ohc-File-Size
X-LiteSpeed-Tag
X-RPM
X-DW
X-Proxy-Upstream
X-Director
X-DSS
X-CF-Powered-By
X-DB
Location
Nginx-CQVIP
X-Contensis-Viewer-Groups
PICS-Label
X-Cache-ASPX
X-Varnish-Authentication
DynaTrace
Server-Ttl
X-DI
X-Wp-Cf-Super-Cache-Cache-Control
XkeyRZ
X-Wp-Cf-Super-Cache
X-Litespeed-Cache-Control
X-Proxy-CacheRZ
X-B3-ParentSpanId
XM
X-HostName
PFcat
X-Cdn-Request-ID
X-Server-IP
X-DataCenter
X-Fastly-Cache-Hits
Wpo-Cache-Message
X-Request-Url
Wpo-Cache-Status
Vha6-Origin
X-HN
X-Proxy-Cache-Hk
X-Fastly-Backend-Reqs
X-VarnishDD-TTL
X-Lb-Nocache
Warning
X-Cache-Ngx
Wp-Super-Cache
CountryCode
DT-Hot-News
X-Ips-Loggedin
CF-Cached-On
X-Test
Swift-Performance
X-ElasticPress-Query
X-Yottaa-OS
X-Moov-Xdn-Version
SRV
X-Mg-Cache
X-Moov-T
WZWS-RAY
Req-ID
Fastcgi-Cache-Ttl