Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-FRAME-OPTIONS
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Server-Timing
X-XSS-PROTECTION
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Robots-Tag
X-Backend
X-Cache-Group
P3p
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Proxy-Cache
X-Hacker
X-Server
X-Rq
X-UA-Device
X-Server-Powered-By
X-Age
Allow
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
EagleId
X-Dispatcher
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
Nel
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Pingback
X-WebKit-CSP
X-Host
X-Node
Accept-CH
X-Server-Id
Surrogate-Control
X-OneAgent-JS-Injection
X-Backend-Server
X-CST
X-Readtime
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Cache-Lookup
X-Content-Security-Policy-Report-Only
Permissions-Policy
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
X-Response-Time
X-Edge
Accept-Ch-Lifetime
X-HW
Accept-CH-Lifetime
X-Ua-Compatible
X-Mod-Pagespeed
Content-Location
X-Clacks-Overhead
X-Url
X-Oneagent-Js-Injection
X-Litespeed-Cache
X-Midtier
X-Ruxit-JS-Agent
X-ECACHE
X-ESI
Rating
X-Amz-Server-Side-Encryption
X-Mcache
X-Country
X-Upstream
Xkey
X-TtlSet
X-PC
X-Vname
X-Vcap-Request-Id
X-Rack-Cache
Cache-Tag
X-MS-InvokeApp
X-D2id
X-Kinja-Revision
Verso
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Variant
X-Element-Page-Cache
X-Exp-Id
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
Accept-Ch
Fastly-Restarts
X-Cache-TTL
Edge-Control
RTSS
X-Powered-By-Plesk
X-Ruxit-Js-Agent
X-VARITI-CCR
X-Content-Type
Origin-Trial
X-Ac
X-Navigation-Version
X-Cached
X-Abt-Application-Version
X-Goog-Hash
Service-Worker-Allowed
X-Country-Code
X-GitHub-Request-Id
X-Amz-Rid
Pagespeed
Display
X-Middleton-Display
X-Sol
X-WebKit-CSP-Report-Only
X-B3-TraceId
X-Ttl
X-Mg-S
X-Browser-Type
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Server-Name
Cross-Origin-Opener-Policy
Arr-Disable-Session-Affinity
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Varnish-TTL
X-Powered-CMS
AR-SID
X-Middleton-Response
Response
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Amzn-Trace-Id
SPRequestDuration
SPIisLatency
X-Ua-Device
X-Cache-Key
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastly-Request-ID
X-Version
X-Cnection
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Webkit-CSP
X-Accel-Expires
X-T
Cache-Tags
Front-End-Https
Cache-Status
X-Client-IP
Edge-Cache-Tag
X-NF-Request-ID
X-Ser
X-Px
X-MSEdge-Ref
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Times
X-Fastcgi-Cache
Public-Key-Pins
X-Hits
Nginx-Cache
X-Recruiting
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-NWS-LOG-UUID
X-RateLimit-Remaining
X-Request-Processing-Time
X-Request-Received
X-LLID
Server-Node
X-Frontend
X-Shield-Request-Id
X-Ua-Browser
Payment
Access-Control-Request-Method
X-DIS-Request-ID
TP-Cache
X-RateLimit-Limit
X-Kinja-CCPA
X-Webkit-CSP-Report-Only
X-FastCGI-Cache
X-Erf-Stays-Pdp-Viaduct-Migration-Web
S
X-Goog-Metageneration
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
TP-L2-Cache
X-B3-Traceid
X-LB-Cache
X-Content-Digest
X-Distributor
Content-MD5
X-PressLabs-Stats
Realpath
X-Microsite
X-Geo-Country
X-Request-Handler-Origin-Region
X-Ezoic-Cdn
X-Page-Id
X-Forwarded-For
X-FB-Debug
X-GUploader-UploadID
Access-Control-Allow-Method
Accept-Charset
Fastcgi-Cache
X-Cluster-Name
X-Hostname
X-Rid
X-Envoy-Decorator-Operation
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Seen-By
X-Protected-By
X-Ratelimit-Remaining
X-Correlation-Id
X-B3-Sampled
Cleartype
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TTL
TCN
DC
X-Origin-Server
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Newrelic-App-Data
X-Debug-Info
X-Mobile
Referer-Policy
X-Varnish-Backend
X-Ratelimit-Limit
X-Git-Hash
X-Logged-In
X-Origin-Cache
Cross-Origin-Resource-Policy
X-Kinsta-Cache
X-Edge-Location-Klb
X-XRDS-Location
X-Webkit-Csp
X-Azure-Ref
X-Contextid
Alternate-Protocol
X-Varnish-Grace
Surrogate-Key
X-Providence-Cookie
X-Amz-Replication-Status
X-Request-Guid
X-Grace
X-Is-Crawler
X-App-Environment
X-Route-Name
X-Aspnet-Duration-Ms
X-Aspnet-Version
X-Flags
X-Revision
X-Fb-Rlafr
X-Content-Options
X-TT
Healthy
X-Amz-Meta-S3cmd-Attrs
X-Server-ID
Count-Hit
X-Wix-Request-Id
X-IPS-LoggedIn
X-Forwarded-Proto
X-Whom
X-App-Server
Charset
Frame-Options
X-Akamai-Edgescape
X-Hosted-By
WPO-Cache-Status
MS-Author-Via
WPO-Cache-Message
Filterid
Viewport
X-Id
X-Daa-Tunnel
Paypal-Debug-Id
X-B
X-Magnolia-Registration
X-Cache-Age
X-Backend-Name
X-Kong-Upstream-Latency
Retry-After
Section-Io-Cache
X-Kong-Proxy-Latency
X-F-Cache
X-Trace-Id
X-Activity-Id
X-Client-Ip
X-Www-Served-By
X-Az
X-Cache-Control
X-AppVersion
Server-Name
X-Proxy-Cache-Info
X-Type
X-Varnish-Ttl
Refresh
SRV
X-Varnish-Server
X-App-Version
X-Proxy
Version
X-Time
VIX-Pulpo-Node
SD-X-WS
VIX-Pulpo-Upstream-Status
Host
X-ARC
X-Original-Request-Id
X-EdgeConnect-Cache-Status
X-Http-Reason
X-Instance
X-Response-Served-From
Akamai-GRN
X-Rule
X-Cache-Grace
X-Edge-Location
X-Rocket-Nginx-Serving-Static
Protected
X-Varnish-Age
X-Status
X-Akamai-Request-ID2
X-UUID
X-User-Agent
Amp-Access-Control-Allow-Source-Origin
X-FW-Version
Front
X-Jobs
X-FW-Hash
X-Unique-Id
Fastly-SIE
Fastly-SWR
From-Origin
X-FW-Type
X-Page-View
X-Framework
X-Environment-Context
X-Is-Bot
X-FW-Static
X-Rendered-As
X-FW-Dynamic
X-FW-Server
X-L-Path
X-Cache-Rule
X-FW-Serve
X-Cacheable-TTL
X-Region
X-Adobe-Loc
X-Adobe-Content
X-Oracle-Dms-Ecid
X-N
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-RemovedCookies
X-G
X-Tumblr-Pixel
X-Tumblr-User
X-ProcessESI
X-Oracle-Dms-Rid
X-Cache-Time
X-RateLimit-Reset
Access-Control-Request-Headers
X-Upgrade-Enabled
X-Load-Cache
X-COUNTRY
X-Source
ServerID
Content-Disposition
X-Language
Country
X-CDN-Forward
X-Drupal-Cache-Tags
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Nf-Request-Id
X-Yottaa-Optimizations
X-HTML-Minification-Powered-By
X-Yottaa-Metrics
X-Vcache
X-Tt-Trace-Tag
Countrycode
X-Tt-Trace-Host
Accept-Language
X-Datadog-Sampled
X-DynaTrace
X-Amzn-Remapped-Content-Length
X-Debug-IsPreview
X-Mg-Request-UUID
X-Debug-IsConnected
X-Generated-By
X-B3-SpanId
X-DynaTrace-JS-Agent
Liferay-Portal
Backend
X-ID
X-Xrds-Location
X-B-Cache
Xet-Cookie
X-Signature
X-DataDome
Xserver
X-ECache
Webserver
X-Httpd
X-NYM-Debug-Backend
X-WP-CF-Super-Cache-Cache-Control
X-Mode
X-Device-Type
X-WP-CF-Super-Cache
X-Drupal-Cache-Contexts
CF-IPCountry
X-Zen-Fury
X-Servername
X-Tt-Logid
X-Content-Powered-By
Url
X-Content-Age
X-Nginx-Cache
X-Erf-Web-Scheduler
GEO-INFO
X-Cache-Action
Locale
S-Rt
Fastcgi-Useragent
X-Tb
Filters
Onion-Location
Meta-Geo
Load-Balancing
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Container-Uri
X-Rewrite-Enabled
X-Proto
X-ServerID
X-Sucuri-Cache
X-Urbn-Site-Id
X-Urbn-Context-Path
X-UPSTREAM-Address
X-Sucuri-ID
X-LAGOON
X-SaId
X-JoinUs
X-Git-Commit
Uber-Trace-Id
X-GeoCode
X-GeoCountry
X-VC-Cache
Azure-SlotName
X-Varnish-Cache-Hits
X-XRDS-LOCATION
X-Director
X-Soup
X-Forwarded-Host
X-Labrador-Cache-Channel
X-RM-Cache-TTL
X-Varnish-Hostname
Azure-Version
Azure-InstanceId
X-PHP-Host
Azure-RegionName
X-Cluster-Node
Azure-SiteName
X-Ms-Version
X-Sql-Count
X-Detected-As
X-Sql-Duration-Ms
X-Cache-Server
Web-Mar-Node
X-Ms-Request-Id
X-Adobe-Source
X-Generation-Time
Property-Id
Node
Mn-Server-Ip
X-Debug
X-VCT
DB-Nickname
X-Extlb
X-Zipkin-Id
TWC-Locale-Group
X-RCS-CacheZone
Webcakes-Region
X-Routing-Service
X-R9-Blue-Green-Version
X-Proxied
X-Logging-Id
X-Origin-Hint
Webcakes-App-Version
Webcakes-App-Name
X-FB-TRIP-ID
TWC-Device-Class
X-Storage
TWC-GeoIP-Country
TWC-Privacy
X-Served-From
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Cache-Operation
X-Tumblr-Pixel-3
X-Skip-Cache
X-Timing-Wait
X-Tumblr-Pixel-2
X-Format
X-Fetched-On
X-LSADC-Cache
X-Proxy-Build
Selected-Fe
X-Ratelimit-Reset
X-Uri
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Lambda-Id
X-Origin-Date
Source
X-MP-GENERATED-AT
OT-Force-Account-Verify
Fastly-Drupal-HTML
CDN-RequestId
X-Template
X-Cache-Expired-At
X-Loop
X-Tncms
X-Cache-Hit
X-Varnish-Hits
X-Via-JSL
X-NGENIX-Cache
X-MCACHE
X-Endurance-Cache-Level
Content-Secure-Policy
X-Pass-Why
X-UA-Device-Type
X-Ua
X-Srv
X-Cache-TTL-Remaining
X-Node-Name
X-AIR-PT
X-Redis-Cache
Cross-Origin-Window-Policy
X-Pubstack
X-TimeS
Upgrade-Insecure-Requests
X-Real-IP
X-Server-W
X-Datadome
Section-Origin-Responded
X-Origin-CC
X-Origin-TTL
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
NGB
X-Fastly-Request-Id
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Cache-Hits
X-PHP-Backend
X-Cache-Host
X-S
X-RTag
Cache-Provider
Cache-Name
MS-CV
X-CSRF-Token
Ms-Operation-Id
CDN-EdgeStorageId
Apigw-Requestid
CDN-CachedAt
X-Xfnlog-Site
X-Optimistic-Header
CDN-PullZone
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-RequestCountryCode
X-Restarts
X-Reqid
CDN-Uid
CDN-Cache
X-Cms-Context
X-IPLB-Instance
X-IPLB-Request-ID
X-Cache-Type
X-Rn-Rsrv
X-Hl-Ver
X-No-Session
X-Akamai-Transformed
X-GEO
X-Aspnetmvc-Version
X-Via-Fastly
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Newrelic-Synthetics
X-Cluster
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-Cache-Bucket
Ha-Gx-Prefs
X-CF-Lambda-Version
Meta-Geo-Continent
X-Nyt-Route
X-Wikidot-Backend
X-Wikidot-Static-Cache
Xc-Version
MD5-Digest
X-Worker
X-Csrf-Jwt
X-Wix-Viewer-Type
X-Gdpr
X-Cache-Info
VNS-Cache
Fastly-GeoIP-CountryCode
X-Orig-Expires
X-GeoIP-Country-Code
Odigeo-Trace-Id
X-GeoIP-Region-Code
Ngx.Var.Host
Fastly-Backend-Name
X-Cache-NE
X-Vtex-Remote-Cache
N-Cache
X-Ec-GeoHdr
X-Ec-Fail
True-Client-Country-4JS
X-A-Dcw
L5d-Success-Class
X-A-Dgt
Lang
X-Irp-Debug
X-A-Wwc
X-Has-Esi
Candidate-Md5Url
X-A-Ccd
X-A
X-A-Dam
Canary
X-External-Request-Id
X-Accel-Buffering
X-Is-Gdpr
X-Aed
X-Mvc-Supplant-Cachable
X-Origin-Time
X-Fastly-Backend
Mail-Subject
X-CacheTTL
BehaviorPad-Version
X-Cdn-Diag
X-Accel-Expires-Debug
X-JWT-State
X-Eu-Site
X-CF-Lambda-Fn
Magicmarker
HA-Ipaddr
VNS-Age
X-Var-Ttl
Server-Host
X-Section
X-Conf
X-SD-PageType
X-Bl-Debug
X-ScT
X-BCube-Filmed-By
DCR-Decision-By
DCR-Processing-Time-Ms
X-TA-CDN-Provider
W
We-Hiring
X-TIM-N
X-D
X-Date
X-Slack-Backend
Surrogated-Key
X-Slack-Shared-Secret-Outcome
Fastly-SSL
Sslversion
X-Tenant
X-Debug-Cache-Store
X-Shop-Environment
X-Debug-Cache-Fetch
X-CACHE-AGE
X-CGP
X-Destination
X-Vdms-Version
X-SRCache-Key
Web-Mar-Region
X-Policy
Vix-Hermes-Req-Id
X-FC-Vary-Parameters
X-VG-WebCache
Gh-Request-Id
X-Application
X-Viewer-Country
X-Forwarded-Path
X-Dispatcher-Number
X-B-Cookie
Redirect-Candidate
X-Rojux
X-Bc-Bl
CPC-Cache
X-Developer
X-S-Cookie
X-Request-Host
Rendered-Blocks
X-Vdms-Path
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
CPC-Age
X-Access
T-Server
X-Fmm-Version
Gannett-Cam-Experience-Id
Origin
X-CMSURLCustom
X-Clientip
X-DefHash
Req-Svc-Chain
X-DefElseHash
X-Core-Mission
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Clara-WADP
Producers
Memcached
Machine
L
Is-Eu
X-Esi-Check
X-Epic-Correlation-Id
Platform
X-DPWN-IS-SECURE
X-Ec-Custom-Error
Host-ID
X-Loc
X-Varnishpool
X-BBC-Edge-Cache-Status
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-S-Maxage
X-Varnish-CookieHashed-On
X-Cache-Debug
X-Qloud-Router
X-PERF
X-Vmg-Version
X-Platform
X-VG-TLSProxy
X-Auto-Login
X-Cache-Id
X-Bip
X-Variation
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-Sorting-Hat-PodId
X-SVT-ORM-RULES
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-ShopId
X-Server-IP
X-Up
X-Thinkindot-L3
X-ShardId
X-Test
X-Thanos
Expect-Staple
X-Owner
AKAMAI
X-Gzip
Adler-Geo
X-Handled-By
X-INCAP-ABP
X-Hash
X-Geo-Header
X-Generated-On
X-Forwarded-Site
Environment
Datacenter
Cmstype
Cmsid
X-App-Name
X-Level-Front-Cache
X-VServer
X-Core-Value
X-ApacheServer
X-Org
X-Parent-Response-Time
X-WADP-Cache
X-Old-Content-Length
X-Node-Id
X-Cdn-Origin
X-Alternate-Cache-Key
X-We-Are-Hiring
User-Cache-Control
X-Proxy-Cache-Status
X-App
X-Block-Status
X-Akamai-Device-Characteristics
X-Cdn-Srv
X-GeoIP
X-Mly-Id
X-Mvc-Supplant-OutputCached
X-Nananana
X-Mid
Sever-Int
X-Request-Time
AMP-Access-Control-Allow-Source-Origin
X-Nitro-Cache
X-Nginx-Cache-Key
X-NodeID
X-Vcl-Version
X-Scale
X-Pool
X-PAYTM-SRV-ID
X-Origin-Response-Time
X-WA-Info
X-Origin
X-Hnp-Log
X-Human
X-Dispatcher-Server
NM-Fastcgi-Cache
Apple-News-Services-Handled
X-Device-Os
Release
Server-Hostname
Server-Ext
ServedBy
X-From
Esi-Enabled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Gen-Mode
CDCHOST
Country-Code
CloudFront-Viewer-Country
WP-Super-Cache
X-Web-Node
X-Correlation-ID
X-Cs
X-LB-NoCache
X-Instance-Name
X-NCache
X-Op-Id-All
X-Cache-Enabled
X-Refresh
Wxu-Next-Region
X-Air-Hostname
X-Air-Source
X-Presslabs-Stats
Wxu-Next-Commit
Server-Info
DSUID
X-Air-Trace-Id
Origin-CC
Origin-EX
Pics-Label
Wxu-Next-Hostname
X-Tx-Id
Server-ID
Ssr
X-Amz-Meta-Cb-Modifiedtime
Memory
X-Azure-Ref-OriginShield
C-Via
Time
X-TIME
X-HA-Backend
X-Platform-Processor
X-Platform-Cluster
Cache-Host
X-Platform-Router
Hostname
X-Cache-Status-Check
X-Origin-Expires
X-Microcachable
X-Dc
X-Tb-Optimization-Total-Bytes-Saved
X-API-Version
GeoIP-Latitude
X-Locale
Cf-Device-Type
X-Site-Version
X-URL
NGX
XM
X-VHOST
X-CACHE-GROUP
X-ZONE
Origin-Agent-Cluster
X-HN
X-VarnishDD-TTL
PFcat
Cdn-Requestid
X-Wp-Cf-Super-Cache-Active
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Ad-Defer-Variation
Resin-Trace
X-Zone
X-Fpc
X-Via-SSL
Srvid
A
X-Internal-Host
Edge-Copy-Time
X-Vgn-Hpd-Reason
Locid
X-Via-CDN
X-DC
X-Via-Edge
X-FL-EDGE
X-FL-QIT-DEBUG
X-Micro-Cache
YJS-ID
Sid
X-Webkit-Csp-Report-Only
X-Upstream-Ct
X-Upstream-Ht
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-ATG-Version
X-TraceId
X-FireWall-Port
X-WP-CF-Super-Cache-Active
X-Github-Request-Id
X-Pod-Name
X-Moov-T
X-Cached-By
X-Varnish-Authentication
X-Moov-Xdn-Version
Cache-Key
IsBot
True-Client-Ip
Uri
X-DataCenter
X-SIPLIST1
X-AB
User-Agent
X-Buckets
Location
X-LiteSpeed-Cache-Control
GeoIP-Country-Code
X-B3-Parentspanid
X-NGINX-Cache
X-Info
X-Geo-Region
X-B3-Spanid
X-Planisys-CDN-Cache
X-HS-Content-Campaign-Id
X-VCache
State
X-Backend-Instance
X-Planisys-CDN-Rules
X-Platform-Server
X-Planisys-CDN-TTL
X-Provided-By
GeoIp-Country-Code
X-Release
X-Accel-Version
X-Datacenter
X-Nitro-Rev
X-Nitro-Cache-From
X-Fastly-Cache
X-FTR-Request-ID
X-VC
X-RN-RSRV
X-LiteSpeed-Tag
X-Geo
CF-Ctrl
X-MSEdge-Flight
Lb
X-MSEdge-Features
Cdn
X-Sigma-Backend
X-Rocket-Build-Number
X-Cache-Remote
X-Sigma
SID
XServer
NtCoent-Length
X-CS
X-Is-Mobile
X-Is-Desktop
X-Is-Supported-Browser
X-Tcp-Rtt
Cache
Path
X-Browser-Name
X-Is-Tablet
X-Api-Version
X-HostName
Tcn
X-CSRF-TOKEN
X-NewRelic-App-Data
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Gamma-Serve
X-GeoIP-City
X-Vgn-Hpd-Variations-Key
X-Generated-In
True-Client-IP
Fastly-Drupal-Html
X-Hyper-Cache
X-TRACE-ID
X-FPC
X-Scheme
X-SRV
Epwk-X-Cache
X-HS-Status
Cache-Tv-Group
Cf-Ipcountry
X-Frame-Option
X-CLOUD-TRACE-CONTEXT
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Srv
X-CACHE-KEY
Kp-EeAlive
X-Webstats-RespID
Ohc-File-Size
X-Service
X-GoCache-CacheStatus
X-UA
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
CountryCode
HostName
Serverid
X-APP-VERSION
X-Air-Pt
X-Mobile-URL
X-AK-Request-ID
Cdncip
X-Location
X-Amz-Meta-Opti
Cdnsip
X-Esi
X-Guploader-Uploadid
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Traceid
WebServer
X-Branch-Name
X-TX-ID
X-Cache-Ttl
X-EC-Lua
X-Men
X-Region-Sid
CacheControlHeader
X-Cache-Tags
X-Aicache-OS
Proxy-Connection
X-Developers
On-Server
RNT-Time
X-Proxy-CacheRZ
Click-Count-Action-Start
X-Pad
Tube-Get-Contents
X-Cdn-Cache-Status
Env
Tube-Got-Eval
XkeyRZ
X-Vc
Mime-Version
Cdn-Request-Time
X-Vercel-Cache
X-Vercel-Id
X-Edge-Server
X-Via-Popv
RNT-Machine
Cdn-Host
Geoip-Latitude
Click-Count-Error
Tube-Return
X-Servedbyhost
WZWS-RAY
X-SB
X-Req
Ohc-Cache-HIT
Yak-Timeinfo
X-Akamai-Pragma-Client-IP
X-Via-Popn
X-Via-Poph
X-Wa
X-V-Cache
X-CDN-Cache-Status
X-Acquia-Purge-Cdn-Unconfigured
X-LB-ID
V-Age
Tube-Got-Results
X-B3-Trace-ID
X-Minions-Version
X-Cache-FS-Status
X-Nc
CDN
X-VCL-Version
WWW-Authenticate
LB
ENV
X-FTR-Backend-Server
X-NWS-UUID-VERIFY
X-Origin-Cache-Key
X-Edge-Pop
X-NMSegId
X-FTR-Cache-Status
X-FTR-Expires
X-Cdn-Forward
X-FTR-Backend
X-FTR-Balancer
X-Cdn-Request-ID
M-TraceId
X-Country-Code-Real
Req-ID
Ngx
X-TT-LOGID
X-Lb-Cache
X-Ha-Backend
Content-Script-Type
Content-Style-Type
X-WP-CF-Super-Cache-Cookies-Bypass
Server-Id
CF-Cached-On
X-Fastly-Country-Code
X-Ad-Load-Variation
X-User
Cluster
X-M-Reqid
X-M-Log
X-Request-Start
X-Scope-Id
Pramga
X-Acquia-Site
X-Lb-Nocache
PICS-Label
X-APP
X-Edge-POP
X-Dw-Trace-Id
X-TH-Server
X-Acquia-Purge-Tags
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-MiniProfiler-Ids
X-Snapshot-Date
X-Check-Cacheable
X-Processor
X-Acquia-Application-Trace
X-Ckpd-Fst-Backend
X-Acquia-Application-UUID
X-Via-Ucdn
Yjs-Id
X-Udemy-Cache-App-Namespace
X-Render-Time
X-Shield-Cache-Expires
HIT
X-Qnm-Cache
X-CUA
X-Iauth-Set-Uid
X-Cached-Since
X-RAMCache
X-ElasticPress-Query
X-Litespeed-Cache-Control
Log-Origin
Vha6-Origin
X-Fastly-Cache-Hits
Cneonction
X-Miniprofiler-Ids
CACHE-MISS-TO-ORIGIN
Inserted-Into-Cache-At
X-Fastly-Backend-Reqs