Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-FRAME-OPTIONS
X-Request-ID
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
Server-Timing
X-AspNetMvc-Version
X-XSS-PROTECTION
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Request-Context
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Robots-Tag
X-Backend
X-Cache-Group
Cf-Edge-Cache
Host-Header
Keep-Alive
P3p
X-UA-Device
X-Proxy-Cache
X-Hacker
X-Server
X-Rq
X-Server-Powered-By
Allow
X-Age
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
X-Amz-Version-Id
X-Dispatcher
EagleId
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
Nel
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-CacheTime
X-Swift-SaveTime
Accept-CH
Ali-Swift-Global-Savetime
X-Pingback
X-WebKit-CSP
X-Node
X-OneAgent-JS-Injection
X-Host
X-Server-Id
X-Backend-Server
Surrogate-Control
X-CST
X-Nginx-Cache-Status
X-Cache-Lookup
X-Readtime
X-Akam-SW-Version
Permissions-Policy
X-Content-Security-Policy-Report-Only
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
X-Response-Time
X-Edge
Accept-CH-Lifetime
X-HW
Accept-Ch-Lifetime
X-Ua-Compatible
Content-Location
X-Mod-Pagespeed
X-Clacks-Overhead
X-Midtier
X-Ruxit-JS-Agent
X-ECACHE
X-Url
Xkey
X-ESI
Rating
X-Mcache
X-Amz-Server-Side-Encryption
X-Upstream
X-Country
X-Litespeed-Cache
X-Oneagent-Js-Injection
X-Vcap-Request-Id
Cache-Tag
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
X-D2id
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Kinja-Build
Edge-Control
RTSS
X-Ruxit-Js-Agent
X-Powered-By-Plesk
Fastly-Restarts
X-Cache-TTL
Origin-Trial
X-VARITI-CCR
X-Ac
X-Navigation-Version
X-Abt-Application-Version
X-Cached
Service-Worker-Allowed
Accept-Ch
X-Goog-Hash
X-Country-Code
X-Content-Type
X-Ttl
X-GitHub-Request-Id
X-WebKit-CSP-Report-Only
X-Sol
X-Amz-Rid
X-Middleton-Display
Pagespeed
Display
X-Browser-Type
X-Varnish-TTL
X-Mg-S
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Server-Name
Cross-Origin-Opener-Policy
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Powered-CMS
X-Amzn-Trace-Id
X-B3-TraceId
X-Middleton-Response
Response
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
SPIisLatency
SPRequestDuration
X-Cache-Key
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Version
X-Fastly-Request-ID
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
X-Cnection
X-Times
X-T
X-Client-IP
Cache-Status
Cache-Tags
Front-End-Https
X-Webkit-CSP
Pinterest-Version
Pinterest-Generated-By
Edge-Cache-Tag
X-ORACLE-DMS-RID
X-NF-Request-ID
X-Pinterest-Rid
X-MSEdge-Ref
X-ORACLE-DMS-ECID
X-Px
Nginx-Cache
X-B3-Traceid
X-NWS-LOG-UUID
X-Hits
X-Ser
Public-Key-Pins
X-Kinja-CCPA
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Recruiting
X-Fastcgi-Cache
X-FastCGI-Cache
X-LLID
X-Request-Received
X-Request-Processing-Time
Payment
Server-Node
X-Ua-Browser
X-Frontend
X-Shield-Request-Id
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-DIS-Request-ID
Access-Control-Request-Method
X-RateLimit-Remaining
TP-Cache
S
MicrosoftSharePointTeamServices
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Goog-Metageneration
X-HS-Hub-Id
X-Webkit-CSP-Report-Only
X-LB-Cache
X-Ratelimit-Remaining
TP-L2-Cache
Content-MD5
X-Content-Digest
X-RateLimit-Limit
X-Distributor
X-Microsite
X-Request-Handler-Origin-Region
X-Forwarded-For
X-Page-Id
X-Amzn-RequestId
X-Geo-Country
X-Amz-Apigw-Id
Realpath
Access-Control-Allow-Method
X-Hostname
X-Ezoic-Cdn
Fastcgi-Cache
X-FB-Debug
X-PressLabs-Stats
Accept-Charset
X-Rid
X-GUploader-UploadID
X-Protected-By
X-Cluster-Name
X-Server-ID
X-Seen-By
X-Correlation-Id
X-Envoy-Decorator-Operation
X-B3-Sampled
X-Ratelimit-Limit
Cleartype
TCN
DC
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-XRDS-Location
X-Goog-Stored-Content-Length
X-TEC-API-ORIGIN
X-Mobile
X-TEC-API-ROOT
X-TEC-API-VERSION
Referer-Policy
X-Debug-Info
Cross-Origin-Resource-Policy
X-Origin-Cache
X-Origin-Server
X-Newrelic-App-Data
X-Varnish-Backend
X-Git-Hash
X-Logged-In
X-Webkit-Csp
X-Content-Options
X-Contextid
X-Aspnet-Version
X-Route-Name
X-Azure-Ref
Count-Hit
X-Flags
X-Aspnet-Duration-Ms
X-App-Environment
X-Grace
X-Is-Crawler
X-Request-Guid
X-Providence-Cookie
X-Varnish-Grace
X-Amz-Replication-Status
X-TTL
X-Ua-Device
Surrogate-Key
X-Edge-Location-Klb
X-Kinsta-Cache
X-Revision
X-Fb-Rlafr
X-IPS-LoggedIn
X-TT
Alternate-Protocol
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Proto
Healthy
X-App-Server
X-Hosted-By
X-Wix-Request-Id
Frame-Options
X-Daa-Tunnel
WPO-Cache-Status
Charset
WPO-Cache-Message
X-Whom
MS-Author-Via
X-Akamai-Edgescape
Viewport
Retry-After
X-F-Cache
X-Magnolia-Registration
Filterid
X-Id
X-Backend-Name
Section-Io-Cache
Paypal-Debug-Id
X-B
SRV
X-Aspnetmvc-Version
Amp-Access-Control-Allow-Source-Origin
X-Activity-Id
X-AppVersion
X-COUNTRY
X-Client-Ip
X-Az
X-Oracle-Dms-Ecid
X-Proxy-Cache-Info
X-Oracle-Dms-Rid
X-Www-Served-By
X-Cache-Age
X-Trace-Id
X-Cache-Control
X-RateLimit-Reset
X-Kong-Upstream-Latency
X-App-Version
Server-Name
X-Kong-Proxy-Latency
X-Instance
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
Akamai-GRN
X-Type
X-Rule
X-UUID
X-Http-Reason
X-Cache-Rule
Fastly-SIE
X-FW-Version
X-Is-Bot
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Server
X-Page-View
X-Rendered-As
X-User-Agent
X-Varnish-Age
X-Unique-Id
X-Status
X-Rocket-Nginx-Serving-Static
X-FW-Hash
X-FW-Dynamic
Front
Protected
Fastly-SWR
Host
X-N
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Edge-Location
X-Framework
X-Cache-Grace
X-ARC
X-Akamai-Request-ID2
X-Varnish-Server
Refresh
X-EdgeConnect-Cache-Status
X-Proxy
From-Origin
X-Cacheable-TTL
X-Region
X-Adobe-Loc
X-Adobe-Content
X-Time
X-Jobs
Access-Control-Request-Headers
X-G
X-Cache-Time
X-L-Path
X-Load-Cache
X-Environment-Context
X-Language
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-RemovedCookies
X-Tumblr-Pixel-1
X-ProcessESI
X-Tumblr-User
ServerID
Country
Version
X-Vcache
X-Nf-Request-Id
X-CDN-Forward
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Content-Disposition
X-Yottaa-Optimizations
X-DataDome
X-Yottaa-Metrics
X-Drupal-Cache-Tags
X-Source
X-Mg-Request-UUID
X-Amzn-Remapped-Content-Length
Countrycode
X-HTML-Minification-Powered-By
X-Datadog-Sampled
X-Upgrade-Enabled
X-Debug-IsPreview
Accept-Language
X-Debug-IsConnected
X-DynaTrace
X-B-Cache
X-Signature
X-Tt-Trace-Host
Xet-Cookie
X-Generated-By
X-Tt-Trace-Tag
Backend
CF-IPCountry
X-Xrds-Location
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-ID
Webserver
X-DynaTrace-JS-Agent
X-ECache
Xserver
X-Varnish-Ttl
X-Httpd
X-Mode
Liferay-Portal
X-Servername
X-Nginx-Cache
X-Device-Type
X-NYM-Debug-Backend
X-Tt-Logid
Url
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Content-Powered-By
X-B3-SpanId
GEO-INFO
X-Content-Age
X-Drupal-Cache-Contexts
X-Zen-Fury
X-Erf-Web-Scheduler
Fastcgi-Useragent
Azure-Version
X-LAGOON
Load-Balancing
Filters
Azure-InstanceId
X-Proto
X-Tb
X-Director
X-GeoCode
X-GeoCountry
X-SayCDN-TTL
X-Storage
X-Rewrite-Enabled
X-SaId
X-UPSTREAM-Address
Azure-RegionName
X-Cache-Operation
X-JoinUs
X-Say-Cacheable
X-Git-Commit
Meta-Geo
X-Say-TTL
X-Container-Uri
Azure-SlotName
Azure-SiteName
X-Varnish-Cache-Hits
X-VC-Cache
X-Soup
X-Urbn-Site-Id
Onion-Location
Locale
X-Urbn-Context-Path
X-RM-Cache-TTL
X-Cluster-Node
X-Cache-Action
Uber-Trace-Id
X-Generation-Time
X-Labrador-Cache-Channel
X-Logging-Id
X-Forwarded-Host
X-Detected-As
X-Adobe-Source
X-Cache-Server
X-Ms-Request-Id
X-Ms-Version
X-Sucuri-ID
X-Varnish-Hostname
X-VCT
X-Sucuri-Cache
X-Sql-Count
X-PHP-Host
X-Served-From
Web-Mar-Node
X-Sql-Duration-Ms
X-Origin-Hint
Webcakes-App-Name
X-R9-Blue-Green-Version
X-RCS-CacheZone
TWC-GeoIP-Country
S-Rt
TWC-Connection-Speed
DB-Nickname
Node
Property-Id
X-Debug
Mn-Server-Ip
X-FB-TRIP-ID
X-ServerID
TWC-Device-Class
TWC-Locale-Group
TWC-Privacy
Webcakes-Region
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Format
X-LSADC-Cache
X-Fetched-On
Selected-Fe
X-Extlb
X-Zipkin-Id
X-Template
X-Timing-Wait
X-Routing-Service
X-Skip-Cache
X-Proxy-Build
X-Tumblr-Pixel-2
X-Proxied
X-Tumblr-Pixel-3
X-Lambda-Id
CDN-RequestId
X-Uri
OT-Force-Account-Verify
Source
Fastly-Drupal-HTML
X-Origin-Date
X-Ratelimit-Reset
X-Loop
X-Tncms
X-URL
X-Pass-Why
X-Cache-Hit
X-XRDS-LOCATION
X-MP-GENERATED-AT
X-Cache-Expired-At
X-Varnish-Hits
X-Endurance-Cache-Level
X-MCACHE
X-Srv
X-Redis-Cache
X-Ua
Content-Secure-Policy
Upgrade-Insecure-Requests
X-Real-IP
X-Cache-TTL-Remaining
Cross-Origin-Window-Policy
X-UA-Device-Type
Section-Io-Id
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-CCDN-CacheTTL
Section-Io-Origin-Status
X-Origin-TTL
X-Origin-CC
X-Pubstack
X-AIR-PT
X-Rn-Rsrv
X-Via-JSL
X-NGENIX-Cache
X-Fastly-Request-Id
X-S
X-Server-W
X-GEO
X-Node-Name
X-Newrelic-Synthetics
X-RTag
Ms-Operation-Id
X-TimeS
NGB
Cache-Provider
Cache-Hits
MS-CV
CDN-RequestPullCode
CDN-Uid
CDN-RequestCountryCode
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-PullZone
X-Akamai-Transformed
Cache-Name
X-Hl-Ver
X-Cache-Host
X-Cache-Type
X-CSRF-Token
X-Cms-Context
X-Xfnlog-Site
X-Reqid
X-Restarts
X-Optimistic-Header
X-IPLB-Instance
X-IPLB-Request-ID
X-CACHE-AGE
X-Datadome
X-PHP-Backend
X-Presslabs-Stats
X-No-Session
X-BYPASS-REASON
X-Handled-By
X-ProxyCache-Key
X-ProxyCache-Status
Apigw-Requestid
X-Parent-Response-Time
X-Eu-Site
X-Gdpr
X-Forwarded-Path
CPC-Age
X-GeoIP-Country-Code
X-GeoIP-Region-Code
True-Client-Country-4JS
X-FC-Vary-Parameters
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-External-Request-Id
X-Ec-Custom-Error
X-Debug-Cache-Store
X-A-Dcw
X-Cache-Bucket
X-Bl-Debug
X-Cache-Info
X-Cache-NE
X-Cdn-Diag
X-A-Dam
X-A-Dgt
X-BCube-Filmed-By
X-Application
X-Accel-Buffering
X-App
X-A-Wwc
X-B-Cookie
X-Bc-Bl
BehaviorPad-Version
X-CF-Lambda-Fn
X-CF-Lambda-Version
We-Hiring
X-Viewer-Country
X-Debug-Cache-Fetch
W
X-Destination
VNS-Cache
X-Developer
Web-Mar-Region
X-D
X-A
X-A-Ccd
X-CGP
Canary
X-Conf
X-Csrf-Jwt
Candidate-Md5Url
VNS-Age
Sslversion
L
X-Wikidot-Backend
X-Tenant
L5d-Success-Class
X-We-Are-Hiring
Lang
X-Policy
Redirect-Candidate
Gh-Request-Id
X-Orig-Expires
X-Has-Esi
Ha-Gx-Prefs
HA-Ipaddr
X-Var-Ttl
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
N-Cache
X-S-Cookie
X-ScT
X-Vtex-Remote-Cache
X-Shop-Environment
X-SD-PageType
Ngx.Var.Host
MD5-Digest
Magicmarker
Odigeo-Trace-Id
X-SRCache-Key
X-Request-Host
X-Rojux
Mail-Subject
Rendered-Blocks
X-Origin-Time
X-Mvc-Supplant-Cachable
X-Is-Gdpr
X-Aed
CPC-Cache
Surrogated-Key
T-Server
X-Worker
X-Vdms-Version
Xc-Version
X-JWT-State
DCR-Processing-Time-Ms
X-Vdms-Path
Fastly-GeoIP-CountryCode
Fastly-SSL
X-Nyt-Route
Gannett-Cam-Experience-Id
Fastly-Backend-Name
Meta-Geo-Continent
X-VG-WebCache
X-Wix-Viewer-Type
X-Wikidot-Static-Cache
DCR-Decision-By
X-Cluster
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
ServedBy
X-Accel-Expires-Debug
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
Producers
Release
Server-Host
Req-Svc-Chain
Thinkindot-CacheControl
Platform
Vix-Hermes-Req-Id
X-Geo-Header
X-Org
X-Old-Content-Length
X-Origin-Response-Time
X-Variation
X-PAYTM-SRV-ID
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Vmg-Version
X-Mly-Id
X-Node-Id
X-Varnishpool
X-Varnish-Remaining-TTL
X-Thinkindot-L3
X-PERF
X-Request-Time
X-SVT-ORM-RULES
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-S-Maxage
X-SVT-ORM-VERSION
X-WADP-Cache
X-Thanos
X-Test
X-Pool
X-Qloud-Router
X-Mid
X-Loc
X-Clientip
X-Clara-WADP
X-CMSURLCustom
X-Core-Value
X-Date
X-CacheTTL
X-Cache-Debug
X-App-Name
X-Auto-Login
X-BBC-Edge-Cache-Status
X-Bip
X-DefElseHash
X-DefHash
X-INCAP-ABP
X-Human
X-Irp-Debug
X-VG-TLSProxy
X-Level-Front-Cache
X-VServer
X-Generated-On
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-Fastly-Backend
X-Fmm-Version
X-ApacheServer
Origin
Host-ID
Is-Eu
Adler-Geo
AKAMAI
Expect-Staple
X-Section
X-Access
Datacenter
Memcached
Machine
X-Tx-Id
X-Proxy-Cache-Status
User-Cache-Control
X-TIME
X-Nginx-Cache-Key
X-Cdn-Origin
CloudFront-Viewer-Country
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-NodeID
CDCHOST
X-Nananana
X-Nitro-Cache
Apple-News-Services-Request-Url
X-Owner
X-Mvc-Supplant-OutputCached
X-Cache-Id
X-Forwarded-Site
X-Esi-Check
X-Device-Os
X-Cdn-Srv
X-Core-Mission
X-From
X-Gen-Mode
X-Hnp-Log
Cmsid
X-Hash
X-Gzip
X-Block-Status
X-GeoIP
X-Alternate-Cache-Key
X-Platform
X-ShardId
X-ShopId
Server-Hostname
Sever-Int
Esi-Enabled
X-Server-IP
X-Shopify-Stage
X-Sn-Servicetimems
X-Up
X-WA-Info
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Environment
Server-Ext
DSUID
Cmstype
WP-Super-Cache
X-Via-Fastly
X-Op-Id-All
Wxu-Next-Region
X-Instance-Name
X-Vcl-Version
X-LB-NoCache
C-Via
X-Refresh
Origin-CC
X-TIM-N
Pics-Label
X-TA-CDN-Provider
X-Cache-Enabled
Country-Code
X-NCache
X-Origin
Wxu-Next-Commit
Wxu-Next-Hostname
Origin-EX
X-Scale
NM-Fastcgi-Cache
Ssr
X-Akamai-Device-Characteristics
X-Dispatcher-Server
Memory
X-Cache-Status-Check
X-Air-Source
X-Amz-Meta-Cb-Modifiedtime
X-Air-Hostname
X-Air-Trace-Id
Time
X-Correlation-ID
Server-Info
X-API-Version
X-Cs
Origin-Agent-Cluster
Server-ID
Cf-Device-Type
X-ZONE
Hostname
X-Web-Node
X-HA-Backend
NGX
X-Azure-Ref-OriginShield
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Processor
GeoIP-Latitude
X-Platform-Cluster
X-Platform-Router
AMP-Access-Control-Allow-Source-Origin
X-Dc
X-VHOST
X-Varnish-Beresp-Ttl
X-CACHE-GROUP
Cache-Host
X-Origin-Expires
X-Varnish-Beresp-Grace
X-Microcachable
X-Internal-Host
X-Vgn-Hpd-Reason
XM
X-Micro-Cache
X-DC
X-Wp-Cf-Super-Cache-Active
X-Site-Version
X-Locale
YJS-ID
X-Fpc
X-VarnishDD-TTL
X-HN
PFcat
Cdn-Requestid
X-TraceId
X-B3-Spanid
X-Webkit-Csp-Report-Only
Resin-Trace
X-Ad-Defer-Variation
X-WP-CF-Super-Cache-Active
X-AB
A
X-Via-SSL
X-Via-Edge
X-FL-QIT-DEBUG
Edge-Copy-Time
X-FL-EDGE
X-FTR-Request-ID
Srvid
Locid
X-Via-CDN
X-Zone
X-Buckets
Location
X-SIPLIST1
X-LiteSpeed-Cache-Control
Uri
X-Geo-Region
X-DataCenter
IsBot
Sid
X-Pod-Name
X-Github-Request-Id
X-ATG-Version
X-B3-Parentspanid
True-Client-Ip
X-Contensis-Viewer-Groups
X-Moov-Xdn-Version
User-Agent
X-Moov-T
X-Cache-ASPX
X-Backend-Instance
X-FireWall-Port
X-Accel-Version
X-Upstream-Ht
X-Upstream-Ct
X-Info
GeoIP-Country-Code
X-Varnish-Authentication
X-NGINX-Cache
Cache-Key
X-Cached-By
CF-Ctrl
X-Is-Desktop
X-Tcp-Rtt
X-Browser-Name
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-Nitro-Cache-From
GeoIp-Country-Code
X-Nitro-Rev
X-NewRelic-App-Data
State
X-MSEdge-Flight
X-Planisys-CDN-Cache
X-MSEdge-Features
X-Platform-Server
X-Datacenter
X-HS-Content-Campaign-Id
Cdn
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-HOST
X-LiteSpeed-Tag
X-VCache
SID
X-Release
Epwk-X-Cache
X-CS
X-Fastly-Cache
XServer
X-Provided-By
NtCoent-Length
True-Client-IP
X-VC
X-CSRF-TOKEN
X-Rocket-Build-Number
X-Hyper-Cache
X-Cache-Remote
Lb
X-Sigma-Backend
X-Sigma
Path
X-Frame-Option
X-RN-RSRV
X-Geo
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-HS-Status
X-TRACE-ID
X-Webstats-RespID
Cache
X-Vgn-Hpd-Variations-Key
X-SRV
X-Service
X-FPC
X-Gamma-Serve
X-Generated-In
X-Api-Version
Fastly-Drupal-Html
X-GeoIP-City
X-Scheme
X-HostName
Tcn
X-GoCache-CacheStatus
X-APP-VERSION
CountryCode
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-UA
Serverid
Cf-Ipcountry
Cdn-Host
Cdnsip
X-Esi
Cdn-Request-Time
Ohc-File-Size
X-Amz-Meta-Opti
X-Pad
X-Vercel-Id
X-Vercel-Cache
X-AK-Request-ID
Cdncip
X-Air-Pt
X-Edge-Server
X-Origin-Cache-Key
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-Guploader-Uploadid
Cache-Tv-Group
X-FTR-Expires
LB
WebServer
X-Traceid
X-Branch-Name
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
M-TraceId
X-EC-Lua
Kp-EeAlive
WZWS-RAY
X-Cache-Ttl
X-Cdn-Request-ID
X-Wp-Cf-Super-Cache-Cookies-Bypass
XkeyRZ
X-Mobile-URL
Proxy-Connection
Req-ID
X-Cdn-Cache-Status
Env
X-NMSegId
X-Vc
X-Location
X-Akamai-Pragma-Client-IP
X-Proxy-CacheRZ
Cluster
Yak-Timeinfo
X-Ad-Load-Variation
CDN
HostName
X-VCL-Version
X-CACHE-KEY
X-Men
X-WP-CF-Super-Cache-Cookies-Bypass
X-M-Log
X-Developers
Geoip-Latitude
Pramga
X-Cache-Tags
X-M-Reqid
X-Edge-Pop
Ngx
X-Scope-Id
X-Aicache-OS
X-Region-Sid
On-Server
Srv
X-Cdn-Forward
Ohc-Cache-HIT
CacheControlHeader
X-NWS-UUID-VERIFY
X-Lb-Cache
Content-Style-Type
X-Ha-Backend
Content-Script-Type
X-Shield-Cache-Expires
X-Varnish-Beresp-Status
X-Tim-N
X-Qnm-Cache
Server-Id
X-Request-Start
Tube-Get-Contents
X-CDN-Cache-Status
X-Cache-FS-Status
X-B3-Trace-ID
X-Acquia-Purge-Cdn-Unconfigured
X-LB-ID
X-Nc
X-Servedbyhost
X-SB
X-Req
V-Age
Tube-Return
Click-Count-Error
Click-Count-Action-Start
X-TX-ID
Mime-Version
RNT-Machine
Tube-Got-Results
Tube-Got-Eval
RNT-Time
X-V-Cache
X-Minions-Version
X-Via-Popn
X-Via-Popv
X-Wa
CF-Cached-On
X-Via-Poph
X-Check-Cacheable
X-TT-LOGID
X-Fastly-Country-Code
WWW-Authenticate
X-Via-Ucdn
X-Acquia-Site
X-Dw-Trace-Id
X-MiniProfiler-Ids
ENV
X-Edge-POP
X-Request-URI
X-Snapshot-Date
X-Cache-Date
Edge-Cache
PICS-Label
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-IN-APIGATEWAYSSL
X-Lb-Nocache
X-Acquia-Purge-Tags
X-IN-APIGATEWAY
Yjs-Id
Log-Origin
X-CF-Cache-Header-Vary
X-CF-Cache-Header-Cache-Control
Inserted-Into-Cache-At
X-CUA
X-Serial
Cneonction
X-RAMCache
X-Litespeed-Cache-Control
CACHE-MISS-TO-ORIGIN
X-User
X-ElasticPress-Query
X-Cached-Since
X-Iauth-Set-Uid
X-Fastly-Backend-Reqs
X-Miniprofiler-Ids
Vha6-Origin
X-Fastly-Cache-Hits