Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
X-Request-Id
Access-Control-Allow-Credentials
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Status
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
X-Hacker
Host-Header
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Dispatcher
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Cf-Apo-Via
X-Page-Speed
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Host
X-Server-Id
X-Pingback
X-Node
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
X-Dns-Prefetch-Control
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Cache-Lookup
X-Readtime
X-Ruxit-JS-Agent
X-HW
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
X-CST
Permissions-Policy
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
Accept-CH-Lifetime
X-Edge
X-Country
Content-Location
X-Content-Type
X-WebKit-CSP-Report-Only
X-Mcache
X-ECACHE
Rating
X-Url
X-Clacks-Overhead
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-Amz-Server-Side-Encryption
X-Midtier
X-VARITI-CCR
RTSS
Cache-Tag
X-Vcap-Request-Id
X-Varnish-TTL
X-Element-Page-Cache
X-Ac
Verso
Origin-Trial
X-B3-TraceId
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja
X-D2id
X-Kinja-Revision
X-Server-Name
X-Rack-Cache
X-Cnection
X-Litespeed-Cache
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-ESI
Xkey
X-Abt-Application-Version
X-Client-IP
X-Fastcgi-Cache
X-Navigation-Version
Edge-Control
X-NWS-LOG-UUID
X-GitHub-Request-Id
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Cached
X-Px
X-Ttl
X-Mg-S
X-Browser-Type
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Arr-Disable-Session-Affinity
X-Upstream
SPRequestDuration
SPIisLatency
X-Correlation-Id
X-Cache-Key
X-Sol
Display
X-Middleton-Display
Pagespeed
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-RateLimit-Remaining
Edge-Cache-Tag
X-Goog-Hash
X-XRDS-Location
X-Daa-Tunnel
Front-End-Https
X-NF-Request-ID
X-Country-Code
Public-Key-Pins
X-Version
X-Forwarded-For
AR-Request-ID
AR-CACHE
AR-ATIME
X-Powered-CMS
AR-PoweredBy
AR-SID
X-Id
X-Jurisdiction
TCN
X-HP-Webp
X-HP-Trace-Id
X-MSEdge-Ref
X-T
X-Recruiting
X-Content-Digest
X-Accel-Expires
Response
X-Middleton-Response
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Ser
X-Shield-Request-Id
TP-Cache
TP-L2-Cache
Nginx-Cache
S
X-Hits
X-Amzn-Trace-Id
X-Request-Received
X-Edge-Location-Klb
Cache-Status
X-Kinsta-Cache
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Node
X-Distributor
X-TEC-API-ORIGIN
X-Fastly-Request-ID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Grace
MicrosoftSharePointTeamServices
Cache-Tags
Alternate-Protocol
Server-Name
Fastcgi-Cache
X-Protected-By
X-DataDome
X-TTL
X-DIS-Request-ID
X-Ezoic-Cdn
X-Geo-Country
X-Ruxit-Js-Agent
X-Origin-Server
X-LB-Cache
X-Request-Handler-Origin-Region
X-Frontend
X-Microsite
X-Ua-Browser
X-Debug-Info
X-Rid
X-Ratelimit-Limit
Healthy
Cross-Origin-Opener-Policy
X-Forwarded-Proto
Filterid
X-Git-Hash
Payment
X-Www-Served-By
X-NGENIX-Cache
X-Varnish-Backend
X-FB-Debug
X-Logged-In
X-Page-Id
Cleartype
X-Ratelimit-Reset
X-Load-Cache
X-B3-Sampled
Charset
X-VCache
Content-Disposition
X-Webkit-Csp
X-ASPNET-VERSION
X-PressLabs-Stats
X-Origin-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-LLID
X-Cluster-Name
MS-Author-Via
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
DC
X-Hostname
X-Goog-Metageneration
X-GUploader-UploadID
X-Ratelimit-Remaining
X-Upgrade-Enabled
X-RateLimit-Limit
Accept-Charset
Access-Control-Allow-Method
Retry-After
Cross-Origin-Resource-Policy
X-Proxy
X-F-Cache
X-AppVersion
X-Activity-Id
X-Az
X-Contextid
X-Signature
X-Amz-Replication-Status
X-Type
X-Hosted-By
X-Flags
X-Aspnet-Duration-Ms
X-Seen-By
Accept-Ch
X-B-Cache
X-Is-Crawler
X-Revision
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Wix-Request-Id
X-B
X-Varnish-Server
X-TT
X-Whom
Referer-Policy
X-Amz-Meta-S3cmd-Attrs
X-Azure-Ref
Amp-Access-Control-Allow-Source-Origin
Surrogate-Key
Viewport
X-App-Environment
Paypal-Debug-Id
X-DynaTrace
X-Source
X-Aspnetmvc-Version
Count-Hit
X-Fb-Rlafr
X-Tt-Trace-Tag
X-Tt-Trace-Host
Realpath
X-Akamai-Edgescape
X-Mobile
X-App-Server
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-B3-Traceid
X-FastCGI-Cache
Host
X-Cache-Control
X-EdgeConnect-Cache-Status
X-Cache-Age
X-HTML-Minification-Powered-By
X-N
X-Response-Served-From
Version
X-Original-Request-Id
Refresh
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Nginx-Cache
X-Varnish-Grace
X-Cache-Rule
X-Oneagent-Js-Injection
Section-Io-Cache
X-Magnolia-Registration
X-Envoy-Decorator-Operation
Access-Control-Request-Headers
SD-X-WS
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Age
X-Page-View
X-L-Path
X-Cache-Expired-At
X-Adobe-Content
X-Adobe-Loc
Ms-Operation-Id
X-Cache-Status-Check
X-Environment-Context
MS-CV
X-Newrelic-App-Data
X-RTag
X-Cache-Time
X-UUID
X-ProcessESI
X-Framework
X-G
X-Is-Bot
X-Device-Type
X-Rule
GEO-INFO
NGB
X-Status
X-RemovedCookies
X-Cacheable-TTL
X-Jobs
Protected
X-Rendered-As
X-Cache-Grace
X-Servername
X-Content-Powered-By
X-FW-Dynamic
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-FW-Server
Url
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Version
Akamai-GRN
X-Http-Reason
X-Debug-IsConnected
X-User-Agent
X-Debug-IsPreview
X-Instance
X-Backend-Name
X-CDN-Forward
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tb
X-Drupal-Cache-Contexts
X-Cache-Hit
CDN-RequestId
X-Drupal-Cache-Tags
X-Tt-Logid
From-Origin
Pinterest-Generated-By
X-Pinterest-Rid
SRV
Pinterest-Version
WPO-Cache-Status
Country
WPO-Cache-Message
Accept-Language
X-Node-Name
X-Region
Front
X-Trace-Id
X-URL
X-Real-IP
X-VC-Cache
Fastly-Drupal-HTML
X-Time
X-Fastly-Request-Id
Uber-Trace-Id
Backend
X-Mode
X-Template
X-Content-Options
X-Amzn-RequestId
X-Language
X-Amz-Apigw-Id
Filters
X-UPSTREAM-Address
Fastly-SWR
X-RN-RSRV
X-Rewrite-Enabled
X-Generation-Time
Fastly-SIE
X-Cache-Operation
Meta-Geo
Webserver
CDN-RequestCountryCode
X-Tumblr-Pixel-2
CDN-EdgeStorageId
CDN-Cache
X-Web-Node
X-Cache-TTL-Remaining
CDN-Uid
X-DynaTrace-JS-Agent
CDN-PullZone
CDN-CachedAt
Content-Secure-Policy
X-Format
X-SayCDN-TTL
X-Say-TTL
Cross-Origin-Window-Policy
X-Say-Cacheable
X-IPS-LoggedIn
X-Sql-Count
X-Sql-Duration-Ms
X-Rocket-Nginx-Serving-Static
X-Cms-Context
Azure-SiteName
CF-IPCountry
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Cache-Server
Apigw-Requestid
X-Proxy-Cache-Info
X-Cache-Action
Azure-Version
X-Access
X-Adobe-Source
X-Section
X-Proxy-Cache-Status
Cache-Name
X-ProxyCache-Status
Node
X-PHP-Host
X-Zen-Fury
X-Unique-Id
X-PHP-Backend
X-ProxyCache-Key
X-Edge-Location
X-BYPASS-REASON
X-Content-Age
X-AWS-Id
X-UA-Device-Type
X-Sucuri-Cache
X-Varnish-Beresp-Grace
X-Via-Fastly
X-VWS-Id
X-Cluster
X-Cache-Host
X-Debug
ServerID
X-Sucuri-ID
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Ms-Request-Id
X-Ms-Version
X-Soup
X-Skip-Cache
X-Reqid
X-Forwarded-Host
X-GeoCountry
X-GeoCode
X-Extlb
X-LAGOON
X-Detected-As
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
X-R9-Blue-Green-Version
TWC-Connection-Speed
Property-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Zipkin-Id
X-Xfnlog-Site
X-Server-W
X-Origin-Hint
X-Locale
TWC-Device-Class
TWC-Privacy
X-IPLB-Instance
Onion-Location
X-Site-Version
X-SaId
X-Proxied
X-Routing-Service
S-Rt
X-Amzn-Remapped-Content-Length
TWC-Locale-Group
TWC-GeoIP-Country
X-Proto
X-IPLB-Request-ID
Web-Mar-Node
X-No-Session
X-JoinUs
Locale
X-Cluster-Node
Mime-Version
X-Handled-By
X-Timing-Wait
X-LSADC-Cache
Mn-Server-Ip
X-Proxy-Build
WP-Super-Cache
Selected-Fe
X-SRV
Fastcgi-Useragent
DB-Nickname
X-Request-Time
X-Hl-Ver
Cache-Hits
X-FB-TRIP-ID
Xserver
X-Redis-Cache
X-Cache-Debug
Liferay-Portal
X-Ua
X-TIME
X-Tumblr-Pixel-3
ServedBy
X-Loop
Upgrade-Insecure-Requests
X-TNCMS
X-Optimistic-Header
X-NWS-UUID-VERIFY
X-XRDS-LOCATION
Source
X-Generated-By
Countrycode
X-GEO
X-Mg-Request-UUID
X-Origin-Date
X-Air-Hostname
X-Varnish-Hits
X-Air-Source
X-Tid
X-Air-Trace-Id
CF-Cached-On
X-Tec-Api-Origin
X-Times
X-Storage
X-Tec-Api-Version
X-Uri
X-Tec-Api-Root
X-Director
X-CACHE-AGE
X-Varnish-Beresp-Ttl
X-Server-ID
X-Akamai-Transformed
X-Tx-Id
X-COUNTRY
X-Cdn
X-TA-CDN-Provider
X-Pass-Why
Xet-Cookie
Frame-Options
X-Trace-ID
X-Origin-CC
X-Origin-TTL
X-Presslabs-Stats
X-Newrelic-Synthetics
X-ARC
X-DC
X-B3-Spanid
X-Service
X-FireWall-Port
X-ECache
X-AIR-PT
X-App-Version
X-Esi
Environment
X-Shopify-Stage
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Storefront-Renderer-Rendered
X-Datadog-Trace-Id
X-Sorting-Hat-ShopId
X-Datadog-Sampling-Priority
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
SID
X-Varnish-Cache-Hits
X-Varnish-Hostname
X-ShardId
X-ShopId
Server-Info
X-A-Ccd
X-Request-Host
X-BCube-Filmed-By
X-Loc
X-Bc-Bl
X-B-Cookie
X-Application
X-BBC-Edge-Cache-Status
X-A-Dam
X-Mobile-URL
X-Mid
X-Gdpr
X-A-Wwc
X-Ec-Fail
X-D
X-Endurance-Cache-Level
X-Developer
X-Aed
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Destination
X-Cache-NE
X-A-Dcw
X-A-Dgt
X-External-Request-Id
X-Cache-Info
BehaviorPad-Version
X-Vdms-Version
X-VG-TLSProxy
Release
Redirect-Candidate
X-Vdms-Path
Rendered-Blocks
X-Nyt-Route
X-TIM-N
Req-Svc-Chain
Candidate-Md5Url
Origin
Odigeo-Trace-Id
Gannett-Cam-Experience-Id
DCR-Decision-By
DCR-Processing-Time-Ms
Edge-Cache
Lang
MD5-Digest
Xc-Version
Ngx.Var.Host
Meta-Geo-Continent
X-SRCache-Key
Sslversion
X-Rojux
X-S
X-Origin-Time
X-Platform-Cluster
X-Platform-Processor
A
X-Processor
X-Platform-Router
X-S-Cookie
X-S-Maxage
X-A
Surrogated-Key
X-ScT
WWW-Authenticate
T-Server
X-ServerID
Magicmarker
Fastly-GeoIP-CountryCode
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
Tube-Got-Results
X-Akamai-Device-Characteristics
Vix-Hermes-Req-Id
State
Memcached
X-Platform-Server
X-VServer
X-WA-Info
X-WADP-Cache
X-WP-CF-Super-Cache-Active
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-CookieHashed-On
Host-ID
TDXMobile
X-Frame-Option
X-INCAP-ABP
X-Thinkindot-L3
X-We-Are-Hiring
X-Core-Value
X-CMSURLCustom
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Sigma-Backend
X-Sigma
X-Ec-Custom-Error
X-Fmm-Version
X-Gamma-Serve
X-GeoIP-City
X-DefHash
X-DefElseHash
X-Cdn-Origin
X-Core-Mission
X-CUA
X-Httpd
X-Human
X-Rocket-Build-Number
X-SB
X-SD-PageType
X-Served-From
X-Req
DSUID
X-NodeID
X-Old-Content-Length
X-Origin-Response-Time
X-Cache-Bucket
X-Clara-WADP
X-Pubstack
Apple-News-Services-Request-Url
Click-Count-Error
Cluster
Decoy-Debug-TTL
Cache-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
C-Via
Country-Code
Click-Count-Action-Start
Cache-Tv-Group
Decoy-Debug-Key
Decoy-Debug-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Parent-Response-Time
Section-Io-Origin-Status
Section-Origin-Responded
X-Slack-Backend
X-Thanos
X-Fetched-On
X-Accel-Expires-Debug
X-Scale
X-Ad-Defer-Variation
X-Accel-Buffering
X-Variation
Adler-Geo
X-Esi-Check
X-DPWN-IS-SECURE
X-Fastly-Backend
X-Dispatcher-Number
We-Hiring
X-Var-Ttl
X-Request-Start
X-Varnish-Beresp-Status
X-Up
X-Planisys-CDN-TTL
X-Minions-Version
X-GeoIP-Country-Code
X-Node-Id
X-Date
X-LB-NoCache
X-Hnp-Log
X-GeoIP-Region-Code
X-Gzip
X-Hash
X-Cache-Id
X-Cache-FS-Status
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-App
X-Bip
X-Block-Status
X-Origin
X-GeoIP
X-Gen-Mode
X-Pool
User-Cache-Control
X-Cdn-Srv
X-Is-Gdpr
X-HS-Content-Campaign-Id
Platform
Producers
X-JWT-State
X-Location
Kp-EeAlive
L
Pics-Label
Mail-Subject
CloudFront-Viewer-Country
X-Geo-Header
X-Has-Esi
NM-Fastcgi-Cache
Origin-CC
Cmstype
X-Developers
Origin-EX
X-Auto-Login
CDCHOST
Cache-Key
Ssr
Cache-Provider
Sever-Int
Svr
X-Generated-On
X-Vmg-Version
X-Wix-Viewer-Type
X-Level-Front-Cache
X-Worker
Fastly-Backend-Name
Server-Host
X-Buckets
Is-Eu
Server-Ext
X-Restarts
X-CSRF-Token
X-Test
Server-Hostname
Cmsid
X-RM-Cache-TTL
Cdn
X-Forwarded-Site
Gh-Request-Id
X-Slack-Shared-Secret-Outcome
X-Nananana
X-Server-IP
X-V-Cache
AKAMAI
X-Conf
CacheControlHeader
X-FC-Vary-Parameters
X-VarnishDD-TTL
Web-Mar-Region
X-Cache-Backend
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Owner
X-Op-Id-All
X-Platform
X-Irp-Debug
X-Region-Sid
X-Refresh
X-HN
X-Qloud-Router
X-Varnishpool
X-NCache
X-Cache-Tags
X-CacheTTL
Datacenter
X-Ckpd-Fst-Backend
PFcat
X-Azure-Ref-OriginShield
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Aicache-OS
Fastly-SSL
Machine
X-Device-Os
X-Dispatcher-Server
HostName
X-Org
X-Via-Popn
X-Via-Poph
Ha-Gx-Prefs
X-Via-Popv
X-Varnish-Ttl
Canary
X-Cached-By
X-Cache-Remote
L5d-Success-Class
NGX
HA-Ipaddr
X-CGP
X-Eu-Site
X-Tb-Optimization-Total-Bytes-Saved
X-Men
On-Server
X-Csrf-Jwt
X-Webkit-CSP-Report-Only
X-API-Version
Env
X-Servedbyhost
Cdnsip
X-HA-Backend
X-VC
Cdncip
X-AK-Request-ID
GeoIP-Latitude
X-Mvc-Supplant-OutputCached
X-Cache-Date
Server-ID
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-LB-ID
X-RCS-CacheZone
X-Microcachable
X-Gateway-Request-Id
Cache
X-Wa
X-APP-VERSION
X-ZONE
X-Mly-Id
X-Fpc
X-Zone
X-DataCenter
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
Memory
X-Vgn-Hpd-Variations-Key
Time
X-Generated-In
Request-ID
X-Webkit-CSP
X-Fastly-Cache
Ngx-Var-Key
X-Via-NSCOPI
OT-Force-Account-Verify
X-Micro-Cache
X-Nc
Eomportal-Instance
Load-Balancing
X-HS-Status
X-ND-Cache
X-Instance-Name
X-Origin-Expires
X-Correlation-ID
X-Check-Cacheable
X-Request-URI
X-Release
X-SIPLIST1
X-Vc
X-Response-By
IsBot
X-Client-Ip
Srv
X-Nf-Request-Id
X-Via-JSL
X-CCDN-Origin-Time
X-VCL-Version
X-FL-QIT-DEBUG
Locid
X-FL-EDGE
X-Hcs-Proxy-Type
X-Cache-NGX
Expect-Staple
X-From
X-CCDN-CacheTTL
X-Info
Srvid
NtCoent-Length
X-Via-CDN
X-Cache-Enabled
True-Client-Ip
X-Srv
X-NewRelic-App-Data
Hostname
AMP-Access-Control-Allow-Source-Origin
X-CS
X-Via-SSL
X-MCACHE
X-Via-Edge
Edge-Copy-Time
X-Edge-Pop
X-CSRF-TOKEN
GeoIp-Country-Code
X-Provided-By
X-Proxy-CacheRZ
XkeyRZ
Location
X-Amz-Meta-Cb-Modifiedtime
Path
X-NGINX-Cache
Uri
X-Debug-Cache-Store
X-Lambda-Id
X-Cache-Expires
X-Debug-Cache-Fetch
GeoIP-Country-Code
X-Api-Version
X-EC-Lua
X-Dc
Resin-Trace
Sid
X-RateLimit-Reset
True-Client-IP
X-Vcl-Version
X-Edge-POP
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Cs
CPC-Age
X-Render-Time
VNS-Age
VNS-Cache
CPC-Cache
Servername
X-Vtex-Remote-Cache
Cross-Origin-Opener-Policy-Report-Only
X-Fastly-Country-Code
X-NODE
X-B3-SpanId
X-Moov-T
X-Air-Pt
X-Moov-Xdn-Version
Traceparent
X-Scheme
X-VCT
CDN
X-TH-Server
X-Viewer-Country
Fastly-Drupal-Html
X-Webkit-Csp-Report-Only
X-CLOUD-TRACE-CONTEXT
LB
X-ATG-Version
X-ApacheServer
X-Cdn-Request-ID
X-PERF
Rip
X-TX-ID
Timeexpire
X-Contensis-Viewer-Groups
X-Cache-ASPX
Esi-Enabled
Powered-By
X-Varnish-Authentication
X-MSEdge-Features
X-Pod-Name
FSS-Cache
X-NAPM-TraceId
X-MSEdge-Flight
X-Akamai-Pragma-Client-IP
X-Varnish-Beresp-TTL
X-FPC
X-Datadome
X-Datacenter
X-Accel-Version
M-TraceId
CountryCode
X-Cdn-Cache-Status
YJS-ID
X-CF-Lambda-Version
X-SERVER-NAME
X-Github-Request-Id
X-Upstream-Ct
X-CF-Lambda-Fn
X-Clientip
X-WA
V-Age
X-Upstream-Ht
X-Service-Response-Time
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-PAYTM-SRV-ID
Sm-Log-Id
Tracecode
True-Client-Country-4JS
XServer
X-Geo
X-Cache-Type
X-NC
HIT
X-Udemy-Cache-App-Namespace
X-CACHE-KEY
Proxy-Connection
X-Lb-Id
XM
X-VG-WebCache
X-LiteSpeed-Cache-Control
X-Srcache-Fetch-Status
Server-Id
X-Srcache-Store-Status
Ohc-File-Size
X-Wikidot-Static-Cache
X-TraceId
RNT-Time
RNT-Machine
X-B3-Parentspanid
Ngx
N-Cache
ENV
X-Wikidot-Backend
X-ServedByHost
X-Forwarded-Path
Geoip-Latitude
X-Rebelmouse-Cache-Control
X-Cdn-Forward
WZWS-RAY
Yjs-Id
X-Tenant
X-CDN-Cache-Status
X-Hyper-Cache
X-Ha-Backend
X-Orig-Expires
X-Bl-Debug
X-Rebelmouse-Surrogate-Control
X-Shop-Environment
Epwk-X-Cache
X-Via-PopV
X-Connection-Hash
Expiry
Content-Script-Type
Content-Style-Type
X-B3-Trace-ID
Pramga
Req-ID
X-MP-GENERATED-AT
X-Fastly-Backend-Reqs
X-Swift-Error
Inserted-Into-Cache-At
X-MiniProfiler-Ids
X-Cdn-Diag
User-Agent
X-Vgn-Hpd-Reason
X-Lb-Nocache
X-Via-PopN
X-Via-PopH
Ec-Rule-Version
X-Serial
X-B3-ParentSpanId
X-Dw-Trace-Id
X-UA
X-F-Status
X-Lsadc-Cache
X-TT-LOGID
X-Akamai-ERPolicy
X-LiteSpeed-Tag
X-Request-URL
X-Mid-Debug-Cache-Key
X-Cache-Ngx
Lb
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Amz-Meta-Opti
X-Mid-Debug-Cache-Disk
X-IPS-Cached-Response
Cneonction
X-Th-Server
X-UP
X-Yottaa-OS
X-Webstats-RespID
X-Snapshot-Date
X-Akamai-ERRuleID
Warning
My-App
X-Stale
MIME-Version