Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
CF-Ray
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
X-Request-ID
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
Status
X-CDN
Server-Timing
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Cache-Group
X-Robots-Tag
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Hacker
X-Proxy-Cache
X-UA-Device
X-Server
X-Rq
X-Vhost
X-Server-Powered-By
Allow
X-Age
X-Varnish-Cache
X-Ws-Request-Id
X-Dispatcher
X-Amz-Version-Id
EagleId
P3p
Nel
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Host
X-Node
Accept-CH
X-WebKit-CSP
X-CST
X-Backend-Server
Surrogate-Control
X-Cache-Lookup
X-Server-Id
X-Nginx-Cache-Status
X-Readtime
Permissions-Policy
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
Accept-CH-Lifetime
Request-Id
X-Application-Context
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Ua-Compatible
X-Trace
X-Response-Time
X-HW
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Xkey
X-Midtier
Rating
X-ESI
X-Url
X-Amz-Server-Side-Encryption
X-ECACHE
X-Ruxit-Js-Agent
X-Mcache
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Upstream
X-Oneagent-Js-Injection
X-Vcap-Request-Id
X-Country
Cache-Tag
X-D2id
X-MS-InvokeApp
X-Exp-Id
X-Kinja
Verso
X-Element-Page-Cache
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Vname
X-PC
X-TtlSet
X-Litespeed-Cache
Accept-Ch
X-Rack-Cache
X-Powered-By-Plesk
Edge-Control
RTSS
Fastly-Restarts
X-Cache-TTL
X-Ac
X-VARITI-CCR
Origin-Trial
X-Navigation-Version
X-Abt-Application-Version
X-Country-Code
Service-Worker-Allowed
X-WebKit-CSP-Report-Only
X-Goog-Hash
X-Cached
Display
Pagespeed
X-Middleton-Display
X-Sol
X-GitHub-Request-Id
X-Browser-Type
X-Amz-Rid
X-Aspnetmvc-Version
X-Ttl
X-Varnish-TTL
Cross-Origin-Opener-Policy
X-Webkit-CSP
X-Content-Type
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Mg-S
X-Server-Name
X-Amzn-Trace-Id
X-Powered-CMS
Response
X-Erf-Bev-Bev
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Middleton-Response
X-Erf-Bev-Bev-Is-Generated
Arr-Disable-Session-Affinity
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
SPRequestDuration
SPIisLatency
X-Cache-Key
X-Kinja-CCPA
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-B3-TraceId
X-B3-Traceid
X-Times
X-Version
AR-CACHE
X-SRCache-Store-Status
X-NWS-LOG-UUID
X-SRCache-Fetch-Status
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-NF-Request-ID
X-Accel-Expires
Cache-Tags
X-T
X-Fastly-Request-ID
Cache-Status
X-Cnection
Front-End-Https
Nginx-Cache
Edge-Cache-Tag
X-MSEdge-Ref
X-Server-ID
X-Client-IP
X-Hits
X-FastCGI-Cache
X-Ser
X-Px
Public-Key-Pins
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Payment
X-Recruiting
X-LLID
X-Request-Received
X-Frontend
X-RateLimit-Remaining
X-Request-Processing-Time
Server-Node
X-Ua-Browser
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Fastcgi-Cache
X-Shield-Request-Id
X-DIS-Request-ID
TP-Cache
S
X-RateLimit-Limit
X-GUploader-UploadID
MicrosoftSharePointTeamServices
X-Goog-Metageneration
Access-Control-Request-Method
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-LB-Cache
X-Content-Digest
X-Request-Handler-Origin-Region
Content-MD5
X-Microsite
X-Protected-By
TP-L2-Cache
X-Distributor
X-Page-Id
Access-Control-Allow-Method
X-FB-Debug
Accept-Charset
X-Ezoic-Cdn
X-Ratelimit-Remaining
Realpath
Fastcgi-Cache
X-PressLabs-Stats
X-Forwarded-For
X-Cluster-Name
X-Rid
X-Geo-Country
X-Hostname
X-B3-Sampled
X-Seen-By
X-Webkit-Csp
X-Aspnet-Version
X-Ua-Device
X-Ratelimit-Limit
Cleartype
X-TTL
X-Correlation-Id
X-Envoy-Decorator-Operation
Referer-Policy
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Webkit-CSP-Report-Only
X-Newrelic-App-Data
X-Mobile
Cross-Origin-Resource-Policy
TCN
DC
X-Daa-Tunnel
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Content-Options
X-Debug-Info
X-Varnish-Backend
Count-Hit
X-Origin-Cache
X-Varnish-Grace
X-Contextid
X-Logged-In
X-Fb-Rlafr
X-Route-Name
X-Flags
X-Grace
X-Request-Guid
X-Amz-Replication-Status
Surrogate-Key
X-App-Server
X-Providence-Cookie
X-Is-Crawler
X-IPS-LoggedIn
X-Aspnet-Duration-Ms
X-Revision
X-App-Environment
X-Git-Hash
X-Azure-Ref
X-Hosted-By
X-TT
X-Origin-Server
X-Amz-Meta-S3cmd-Attrs
Frame-Options
X-XRDS-Location
X-Forwarded-Proto
X-Client-Ip
Alternate-Protocol
X-Edge-Location-Klb
X-Kinsta-Cache
WPO-Cache-Message
X-Whom
WPO-Cache-Status
X-Wix-Request-Id
Retry-After
Healthy
Charset
X-F-Cache
X-Akamai-Edgescape
Viewport
X-Backend-Name
Section-Io-Cache
X-Magnolia-Registration
MS-Author-Via
Paypal-Debug-Id
X-B
X-RateLimit-Reset
SRV
X-COUNTRY
X-App-Version
X-Proxy-Cache-Info
X-Activity-Id
X-Az
X-AppVersion
Amp-Access-Control-Allow-Source-Origin
X-Id
ServerID
X-Language
X-Instance
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-Rule
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Akamai-GRN
X-Http-Reason
X-N
Filterid
X-Cache-Rule
X-EdgeConnect-Cache-Status
Host
X-ARC
X-Rocket-Nginx-Serving-Static
X-Kong-Proxy-Latency
X-Edge-Location
X-Kong-Upstream-Latency
Front
Protected
X-Varnish-Age
X-UUID
X-Akamai-Request-ID2
X-User-Agent
X-Cache-Grace
X-Status
Server-Name
X-FW-Dynamic
X-Is-Bot
X-FW-Hash
X-FW-Serve
X-Time
X-Load-Cache
X-FW-Type
X-FW-Static
X-Environment-Context
X-FW-Server
X-Unique-Id
X-Jobs
X-Framework
X-Rendered-As
X-FW-Version
X-Cacheable-TTL
X-Region
From-Origin
X-Page-View
Fastly-SWR
X-L-Path
Fastly-SIE
X-Type
X-Cache-Control
X-Cache-Time
X-Adobe-Loc
X-Varnish-Server
Access-Control-Request-Headers
Country
X-Www-Served-By
X-Adobe-Content
X-Cache-Age
X-Trace-Id
X-Tumblr-Pixel-1
X-Datadog-Parent-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-ProcessESI
X-RemovedCookies
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-G
X-Tumblr-User
X-Proxy
X-DataDome
Refresh
X-Vcache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Datadog-Sampled
X-Mg-Request-UUID
X-CDN-Forward
X-Xrds-Location
X-Amzn-Remapped-Content-Length
X-Debug-IsPreview
X-Debug-IsConnected
X-Source
X-ECache
X-Drupal-Cache-Tags
Version
X-B-Cache
X-Signature
Content-Disposition
Accept-Language
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-WP-CF-Super-Cache-Cache-Control
Backend
Countrycode
X-WP-CF-Super-Cache
X-Nf-Request-Id
X-Generated-By
Xet-Cookie
X-HTML-Minification-Powered-By
Webserver
X-DynaTrace
X-DynaTrace-JS-Agent
X-Erf-Web-Scheduler
CF-IPCountry
X-ID
X-Nginx-Cache
X-Mode
X-Servername
Url
X-Httpd
Xserver
X-Upgrade-Enabled
X-Tt-Trace-Tag
X-Tec-Api-Version
X-Tt-Trace-Host
X-Tec-Api-Origin
X-Tec-Api-Root
GEO-INFO
X-Varnish-Ttl
X-Storage
X-Template
X-Device-Type
X-LAGOON
X-Cache-Operation
X-GeoCode
X-GeoCountry
X-Cache-Action
Azure-InstanceId
X-Director
Azure-SiteName
Fastcgi-Useragent
Filters
Azure-Version
X-JoinUs
Azure-SlotName
Load-Balancing
Locale
S-Rt
X-Content-Age
Onion-Location
Meta-Geo
X-Tb
Azure-RegionName
X-Urbn-Context-Path
X-Say-TTL
X-Proto
X-Say-Cacheable
X-SaId
X-NYM-Debug-Backend
X-SayCDN-TTL
X-ServerID
X-Urbn-Site-Id
X-Rewrite-Enabled
X-Varnish-Cache-Hits
X-UPSTREAM-Address
X-RM-Cache-TTL
X-Forwarded-Host
X-Soup
X-Labrador-Cache-Channel
Uber-Trace-Id
X-PHP-Host
X-Varnish-Hostname
X-Cluster-Node
X-VC-Cache
X-Content-Powered-By
X-Adobe-Source
Web-Mar-Node
X-Sql-Count
X-Cache-Server
X-VCT
X-Container-Uri
X-Sql-Duration-Ms
X-Detected-As
X-Generation-Time
X-Ms-Request-Id
X-Logging-Id
X-Tt-Logid
OT-Force-Account-Verify
X-Git-Commit
X-Served-From
X-Ms-Version
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
DB-Nickname
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Property-Id
X-Zen-Fury
X-Zipkin-Id
Mn-Server-Ip
Node
X-LSADC-Cache
X-URL
TWC-Connection-Speed
X-Sucuri-Cache
X-Routing-Service
X-FB-TRIP-ID
Webcakes-Region
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-Lambda-Id
X-Origin-Hint
X-Proxied
X-Skip-Cache
X-Extlb
X-Debug
TWC-Locale-Group
X-XRDS-LOCATION
X-Sucuri-ID
X-Proxy-Build
X-Uri
X-Tumblr-Pixel-2
X-Fetched-On
X-Format
X-Timing-Wait
X-Tumblr-Pixel-3
Selected-Fe
X-Drupal-Cache-Contexts
X-MCACHE
Liferay-Portal
X-Loop
X-Tncms
CDN-RequestId
X-Rn-Rsrv
X-CCDN-Origin-Time
X-Srv
X-B3-SpanId
X-Hcs-Proxy-Type
X-Endurance-Cache-Level
Source
X-CCDN-CacheTTL
X-Cache-Hit
X-Ratelimit-Reset
X-MP-GENERATED-AT
X-Redis-Cache
Cross-Origin-Window-Policy
X-Origin-Date
X-Fastly-Request-Id
Fastly-Drupal-HTML
X-Varnish-Hits
X-Ua
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-TimeS
X-Cache-Expired-At
X-Pass-Why
Upgrade-Insecure-Requests
X-Real-IP
Content-Secure-Policy
X-S
X-Cache-TTL-Remaining
X-UA-Device-Type
X-Akamai-Transformed
X-Origin-TTL
X-Node-Name
X-Origin-CC
X-Pubstack
X-GEO
X-CACHE-AGE
X-Newrelic-Synthetics
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-RequestPullCode
CDN-Uid
CDN-EdgeStorageId
CDN-Cache
X-Server-W
CDN-RequestPullSuccess
X-Via-JSL
X-Hl-Ver
X-RTag
X-CSRF-Token
Ms-Operation-Id
Cache-Provider
MS-CV
X-Handled-By
X-AIR-PT
X-Parent-Response-Time
X-Cache-Host
X-A-Dgt
X-A-Ccd
X-Cache-Bucket
X-A-Dcw
X-A-Dam
X-Cache-Info
X-Cache-NE
X-A-Wwc
X-Application
X-B-Cookie
X-Bc-Bl
X-App
X-Aed
X-A
X-Accel-Expires-Debug
X-BCube-Filmed-By
X-Bl-Debug
True-Client-Country-4JS
L
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
Lang
Mail-Subject
Magicmarker
Gh-Request-Id
Gannett-Cam-Experience-Id
DCR-Decision-By
CPC-Cache
CPC-Age
DCR-Processing-Time-Ms
Fastly-Backend-Name
Fastly-SSL
Fastly-GeoIP-CountryCode
MD5-Digest
Meta-Geo-Continent
Vix-Hermes-Req-Id
T-Server
Surrogated-Key
VNS-Age
VNS-Cache
We-Hiring
W
Sslversion
Server-Host
NGB
N-Cache
Ngx.Var.Host
Odigeo-Trace-Id
Rendered-Blocks
Redirect-Candidate
Web-Mar-Region
X-Wikidot-Static-Cache
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-JWT-State
X-Vdms-Version
X-Optimistic-Header
X-Origin-Time
X-Orig-Expires
X-VG-WebCache
X-Is-Gdpr
X-GeoIP-Country-Code
X-Gdpr
X-GeoIP-Region-Code
X-Has-Esi
X-IPLB-Request-ID
X-IPLB-Instance
X-Policy
X-RateLimit-Limit-Second
X-ScT
X-S-Cookie
X-SD-PageType
X-Shop-Environment
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Rojux
X-Restarts
X-Vdms-Path
X-RateLimit-Remaining-Second
X-Var-Ttl
X-Reqid
X-Tenant
X-Request-Host
X-Viewer-Country
X-Forwarded-Path
X-Conf
X-Cms-Context
X-Wikidot-Backend
X-We-Are-Hiring
X-D
X-Csrf-Jwt
X-SRCache-Key
X-Worker
X-CF-Lambda-Fn
X-Cdn-Diag
Xc-Version
X-CF-Lambda-Version
X-Xfnlog-Site
X-CGP
X-Date
X-Debug-Cache-Fetch
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Eu-Site
X-External-Request-Id
X-FC-Vary-Parameters
X-Fastly-Backend
X-Ec-Fail
X-Ec-Custom-Error
X-Destination
X-Debug-Cache-Store
X-Developer
Candidate-Md5Url
X-Vtex-Remote-Cache
X-Dispatcher-Number
X-CacheTTL
X-Cache-Type
X-Presslabs-Stats
WP-Super-Cache
Apigw-Requestid
Canary
BehaviorPad-Version
ServedBy
Cache-Name
X-Hash
X-Human
X-Gzip
X-Geo-Header
X-Fmm-Version
X-Generated-On
X-INCAP-ABP
X-Irp-Debug
X-Nitro-Cache
X-No-Session
X-Node-Id
X-NGENIX-Cache
X-Mly-Id
X-Loc
X-Mid
X-Datadome
X-Esi-Check
X-Cache-Id
X-Cdn-Origin
X-Clara-WADP
X-Cache-Debug
X-BYPASS-REASON
X-BBC-Edge-Cache-Status
X-App-Name
X-Bip
X-Clientip
X-CMSURLCustom
X-Old-Content-Length
X-DPWN-IS-SECURE
X-ApacheServer
X-DefHash
X-DefElseHash
X-Core-Mission
X-Core-Value
X-Auto-Login
X-PAYTM-SRV-ID
X-Up
X-Variation
X-Varnish-CookieHashed-On
X-Thinkindot-L3
X-Thanos
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Test
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-WADP-Cache
Cache-Hits
Origin-Agent-Cluster
X-VServer
X-Vmg-Version
X-Varnishpool
X-VG-TLSProxy
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ProxyCache-Key
X-ProxyCache-Status
X-Qloud-Router
X-Pool
X-Platform
X-Owner
X-Alternate-Cache-Key
X-PERF
X-Refresh
X-Request-Time
X-Shopify-Stage
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-S-Maxage
X-Server-IP
X-Org
X-Level-Front-Cache
Origin
Is-Eu
Platform
Producers
Cmstype
Thinkindot-CacheControl-Type
Datacenter
Machine
Memcached
Adler-Geo
Cf-Device-Type
AKAMAI
Thinkindot-Control
Thinkindot-CacheControl
Environment
Expect-Staple
Cmsid
Release
Req-Svc-Chain
Hostname
TDXMobile
Host-ID
X-Correlation-ID
User-Cache-Control
X-TIME
X-Cluster
X-Nananana
X-Mvc-Supplant-OutputCached
CDCHOST
X-Cdn-Srv
X-Nginx-Cache-Key
X-Hnp-Log
Server-Hostname
X-GeoIP
X-Gen-Mode
X-NodeID
X-Forwarded-Site
X-From
X-Vcl-Version
X-Dispatcher-Server
CloudFront-Viewer-Country
X-Wix-Viewer-Type
NM-Fastcgi-Cache
Sever-Int
X-Device-Os
X-LJ-Flow-ID
X-VWS-Id
X-Accel-Buffering
Apple-News-Services-Handled
Country-Code
X-Scale
X-AWS-Id
X-PHP-Backend
X-Tx-Id
DSUID
X-Akamai-Device-Characteristics
Esi-Enabled
Apple-News-Services-Host
X-Block-Status
Server-Ext
Apple-News-Services-Request-Url
X-WA-Info
Apple-News-Services-Parsed-Url
X-Origin
X-Section
Wxu-Next-Hostname
Wxu-Next-Region
X-Access
Wxu-Next-Commit
C-Via
Pics-Label
Origin-CC
X-Origin-Response-Time
Ssr
X-Cache-Enabled
X-B3-Spanid
X-NCache
X-Op-Id-All
X-Proxy-Cache-Status
X-LB-NoCache
Server-Info
X-Instance-Name
Origin-EX
X-Cache-Status-Check
X-API-Version
X-TIM-N
Memory
Time
Server-ID
X-Amz-Meta-Cb-Modifiedtime
AMP-Access-Control-Allow-Source-Origin
X-Dc
X-HA-Backend
X-CACHE-GROUP
NGX
X-Via-Fastly
X-Micro-Cache
X-Cs
X-FTR-Request-ID
X-Internal-Host
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Wp-Cf-Super-Cache-Active
X-AB
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Beresp-Ttl
X-Vgn-Hpd-Reason
X-Platform-Cluster
X-Azure-Ref-OriginShield
X-Varnish-Beresp-Grace
X-Platform-Router
X-Platform-Processor
Cdn-Requestid
X-ZONE
X-Zone
GeoIP-Latitude
X-Webkit-Csp-Report-Only
X-Geo-Region
Location
X-Buckets
X-Web-Node
X-B3-Parentspanid
X-Origin-Expires
X-Microcachable
Cache-Host
X-Fpc
X-TraceId
X-Accel-Version
X-WP-CF-Super-Cache-Active
X-SIPLIST1
X-Github-Request-Id
X-DC
Sid
XM
IsBot
X-Backend-Instance
X-VarnishDD-TTL
PFcat
X-HN
X-Pod-Name
X-DataCenter
Uri
X-Is-Tablet
X-Is-Supported-Browser
X-Browser-Name
X-Is-Desktop
X-Is-Mobile
X-Tcp-Rtt
CF-Ctrl
X-Info
Resin-Trace
X-Cached-By
X-Ad-Defer-Variation
YJS-ID
User-Agent
X-LiteSpeed-Cache-Control
X-TA-CDN-Provider
X-FL-EDGE
Edge-Copy-Time
A
Locid
True-Client-Ip
X-Site-Version
X-Via-CDN
X-Locale
X-FL-QIT-DEBUG
X-Via-SSL
Srvid
X-Via-Edge
GeoIP-Country-Code
X-Nitro-Cache-From
X-NGINX-Cache
X-Nitro-Rev
Epwk-X-Cache
X-Hyper-Cache
X-Moov-Xdn-Version
Cdn
X-Contensis-Viewer-Groups
X-FireWall-Port
X-Moov-T
GeoIp-Country-Code
X-ATG-Version
X-Cache-ASPX
X-VCache
Cache-Key
X-Varnish-Authentication
XServer
X-Frame-Option
X-CS
X-CSRF-TOKEN
X-NewRelic-App-Data
X-Datacenter
X-Webstats-RespID
X-Service
X-MSEdge-Features
True-Client-IP
X-MSEdge-Flight
SID
X-Upstream-Ct
X-Geo
X-Upstream-Ht
X-TRACE-ID
NtCoent-Length
Path
X-FPC
X-VC
X-Platform-Server
State
X-HS-Content-Campaign-Id
Fastly-Drupal-Html
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Origin-Cache-Key
X-Planisys-CDN-Cache
Tcn
X-HostName
LB
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
Cdn-Request-Time
X-Vgn-Hpd-Variations-Key
X-Edge-Server
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend-Server
X-LiteSpeed-Tag
X-Vercel-Id
X-Vercel-Cache
X-Fastly-Cache
X-Country-Code-Real
X-FTR-Cache-Status
X-Release
X-FTR-Backend
X-SRV
Cdn-Host
Cf-Ipcountry
X-APP-VERSION
CountryCode
X-Api-Version
X-Generated-In
X-AK-Request-ID
WZWS-RAY
X-NMSegId
Cdnsip
Cdncip
M-TraceId
X-Amz-Meta-Opti
X-Cache-Remote
X-Pad
Req-ID
X-Esi
X-Rocket-Build-Number
X-Air-Pt
X-Sigma-Backend
X-Sigma
Lb
X-Cdn-Request-ID
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Ttl
Cache
X-UA
WebServer
X-Provided-By
X-Branch-Name
Cluster
X-Ad-Load-Variation
X-Wp-Cf-Super-Cache
X-HS-Status
X-Traceid
X-Wp-Cf-Super-Cache-Cache-Control
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Wp-Cf-Super-Cache-Cookies-Bypass
Content-Script-Type
X-M-Log
X-Scope-Id
X-Scheme
X-Request-Start
XkeyRZ
X-Proxy-CacheRZ
Yak-Timeinfo
X-M-Reqid
Content-Style-Type
X-NWS-UUID-VERIFY
X-GoCache-CacheStatus
X-Gamma-Serve
X-GeoIP-City
Proxy-Connection
Pramga
X-CACHE-KEY
X-RN-RSRV
CDN
Srv
X-Cdn-Forward
X-Akamai-Pragma-Client-IP
X-Vc
Geoip-Latitude
X-Qnm-Cache
X-Tim-N
X-Varnish-Beresp-Status
X-Cdn-Cache-Status
X-Shield-Cache-Expires
X-Lb-Cache
Ohc-File-Size
X-Request-URI
Server-Id
CF-Cached-On
Edge-Cache
X-Cache-Date
X-Ha-Backend
Env
Ngx
Serverid
X-TT-LOGID
X-Edge-POP
X-TH-Server
X-EC-Lua
X-Render-Time
X-Acquia-Purge-Tags
X-CF-Cache-Header-Vary
X-Dw-Trace-Id
Kp-EeAlive
X-User
X-VCL-Version
X-CF-Cache-Header-Cache-Control
X-Via-Ucdn
X-CUA
X-Udemy-Cache-App-Namespace
PICS-Label
X-Lb-Nocache
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Yjs-Id
X-Mobile-URL
X-MiniProfiler-Ids
CACHE-MISS-TO-ORIGIN
Inserted-Into-Cache-At
X-Location
X-Iauth-Set-Uid
Cache-Tv-Group
X-Edge-Pop
X-Fastly-Cache-Hits
X-Snapshot-Date
Log-Origin
X-RAMCache
X-Miniprofiler-Ids
X-Litespeed-Cache-Control
X-ElasticPress-Query
Vha6-Origin
X-Cached-Since
Cneonction