Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Request-Id
X-Request-ID
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Status
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Ws-Request-Id
X-Proxy-Cache
X-Server
X-Age
X-Ua-Compatible
X-Hacker
Host-Header
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Accept-CH
X-Device
Cf-Apo-Via
X-Page-Speed
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Pingback
X-Node
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
X-Dns-Prefetch-Control
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Readtime
X-Cache-Lookup
X-Ruxit-JS-Agent
X-HW
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Content-Security-Policy-Report-Only
X-Application-Context
X-Trace
X-Response-Time
X-CST
Permissions-Policy
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
Fastly-Restarts
X-Edge
X-Country
Content-Location
X-WebKit-CSP-Report-Only
Accept-CH-Lifetime
X-Content-Type
X-Mcache
Rating
X-ECACHE
X-Clacks-Overhead
X-MS-InvokeApp
X-Url
X-TtlSet
X-Vname
X-PC
X-Amz-Server-Side-Encryption
X-Midtier
X-VARITI-CCR
RTSS
Cache-Tag
X-Varnish-TTL
X-Vcap-Request-Id
X-Element-Page-Cache
X-Ac
Verso
X-B3-TraceId
Origin-Trial
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-D2id
X-Rack-Cache
X-Cnection
X-Server-Name
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
Xkey
X-GitHub-Request-Id
X-Abt-Application-Version
X-Fastcgi-Cache
X-Navigation-Version
X-ESI
X-SharePointHealthScore
SPRequestGuid
X-NWS-LOG-UUID
X-Amz-Rid
Edge-Control
X-Client-IP
X-Cached
X-Px
X-Mg-S
X-Server-Lifecycle-Phase
X-Browser-Type
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Arr-Disable-Session-Affinity
X-Ttl
X-Correlation-Id
SPRequestDuration
X-Upstream
SPIisLatency
X-Cache-Key
X-Litespeed-Cache
Display
Pagespeed
X-Sol
X-Middleton-Display
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-Goog-Hash
Edge-Cache-Tag
X-Daa-Tunnel
X-XRDS-Location
Front-End-Https
X-NF-Request-ID
X-Country-Code
Public-Key-Pins
X-Version
X-RateLimit-Remaining
AR-SID
X-Id
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Powered-CMS
TCN
X-MSEdge-Ref
X-Recruiting
X-Forwarded-For
X-T
X-Content-Digest
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
Response
MRF-Tech
X-Middleton-Response
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Ser
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
Nginx-Cache
X-Hits
X-Fastly-Request-ID
S
X-Request-Processing-Time
X-Request-Received
X-Edge-Location-Klb
X-Kinsta-Cache
Cache-Status
X-Amzn-Trace-Id
Server-Node
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Distributor
X-HS-Combine-CSS
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TTL
X-TEC-API-VERSION
Alternate-Protocol
Cache-Tags
X-Grace
MicrosoftSharePointTeamServices
Server-Name
Fastcgi-Cache
X-Protected-By
X-Ratelimit-Limit
X-DataDome
X-DIS-Request-ID
X-Geo-Country
X-Ezoic-Cdn
X-Ruxit-Js-Agent
Accept-Ch
X-Origin-Server
X-Request-Handler-Origin-Region
X-Microsite
X-LB-Cache
X-Ua-Browser
X-Frontend
X-Debug-Info
X-Rid
X-Ratelimit-Reset
X-Forwarded-Proto
X-NGENIX-Cache
X-Git-Hash
X-Www-Served-By
Payment
Healthy
Cross-Origin-Opener-Policy
X-Varnish-Backend
Filterid
X-FB-Debug
Cleartype
X-Logged-In
X-Page-Id
X-PressLabs-Stats
X-Ratelimit-Remaining
X-Load-Cache
Charset
X-B3-Sampled
Content-Disposition
X-VCache
X-Webkit-Csp
X-ASPNET-VERSION
X-Origin-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-LLID
X-Cluster-Name
MS-Author-Via
DC
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Hostname
X-GUploader-UploadID
X-Goog-Metageneration
Accept-Charset
X-Upgrade-Enabled
Retry-After
X-Proxy
Access-Control-Allow-Method
Cross-Origin-Resource-Policy
X-F-Cache
X-AppVersion
X-Az
X-Activity-Id
X-Contextid
X-Providence-Cookie
X-Type
X-Hosted-By
X-Signature
X-Flags
X-Seen-By
X-Is-Crawler
X-Request-Guid
X-Route-Name
X-Aspnet-Duration-Ms
X-B-Cache
X-Wix-Request-Id
X-Varnish-Server
X-B
X-Revision
X-TT
X-Amz-Replication-Status
X-Azure-Ref
Referer-Policy
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
Viewport
Amp-Access-Control-Allow-Source-Origin
X-Whom
Surrogate-Key
X-Source
X-App-Environment
X-RateLimit-Limit
X-DynaTrace
X-Aspnetmvc-Version
Count-Hit
X-Tt-Trace-Tag
X-Tt-Trace-Host
Realpath
X-Fb-Rlafr
X-Akamai-Edgescape
X-Mobile
X-App-Server
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-ORACLE-DMS-RID
X-B3-Traceid
X-ORACLE-DMS-ECID
X-FastCGI-Cache
Host
X-Cache-Control
X-EdgeConnect-Cache-Status
X-HTML-Minification-Powered-By
X-N
Version
X-Original-Request-Id
X-Response-Served-From
Refresh
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Cache-Rule
X-Oneagent-Js-Injection
X-Tumblr-Pixel-0
VIX-Pulpo-Node
X-Nginx-Cache
X-Varnish-Grace
X-Magnolia-Registration
VIX-Pulpo-Upstream-Status
X-Varnish-Age
X-Envoy-Decorator-Operation
Access-Control-Request-Headers
Section-Io-Cache
SD-X-WS
X-Adobe-Content
X-Newrelic-App-Data
X-Adobe-Loc
X-Environment-Context
X-UUID
X-Cache-Status-Check
X-Page-View
X-URL
X-L-Path
X-Rendered-As
X-Status
X-RTag
X-Cacheable-TTL
X-ProcessESI
X-Servername
X-Rule
GEO-INFO
X-RemovedCookies
NGB
X-Cache-Time
MS-CV
Protected
X-Cache-Grace
X-Is-Bot
X-Cache-Expired-At
Ms-Operation-Id
X-G
X-Content-Powered-By
X-FW-Server
Akamai-GRN
X-Device-Type
X-Http-Reason
X-FW-Serve
X-NYM-Debug-Backend
X-Framework
X-Cache-Age
X-FW-Dynamic
X-FW-Static
X-Jobs
X-FW-Hash
X-FW-Type
X-FW-Version
X-Instance
X-Debug-IsPreview
X-Akamai-Request-ID2
Url
X-Debug-IsConnected
X-Backend-Name
X-User-Agent
X-CDN-Forward
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tb
CDN-RequestId
X-Cache-Hit
X-Drupal-Cache-Contexts
X-Pinterest-Rid
Pinterest-Version
X-Tt-Logid
SRV
X-Drupal-Cache-Tags
Pinterest-Generated-By
Country
WPO-Cache-Message
From-Origin
WPO-Cache-Status
X-Node-Name
Accept-Language
X-Region
Front
X-Trace-Id
X-Real-IP
X-VC-Cache
Fastly-Drupal-HTML
X-Time
Backend
Uber-Trace-Id
X-Mode
X-Content-Options
X-Template
Meta-Geo
Filters
X-Cache-Operation
X-UPSTREAM-Address
X-RN-RSRV
X-Language
X-Rewrite-Enabled
X-Generation-Time
Content-Secure-Policy
Fastly-SWR
X-DynaTrace-JS-Agent
Cross-Origin-Window-Policy
X-Tumblr-Pixel-2
CDN-Cache
Fastly-SIE
CDN-Uid
X-Web-Node
X-Cache-TTL-Remaining
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
Webserver
Apigw-Requestid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Adobe-Source
Azure-SlotName
X-Sql-Duration-Ms
X-Rocket-Nginx-Serving-Static
X-Say-TTL
Azure-Version
CF-IPCountry
X-Sql-Count
X-SayCDN-TTL
X-Access
X-Say-Cacheable
Azure-SiteName
X-Cache-Action
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Cms-Context
Azure-InstanceId
X-Proxy-Cache-Status
X-Section
Azure-RegionName
X-Format
X-Sucuri-ID
X-Zen-Fury
X-GeoCountry
X-PHP-Host
Cache-Name
X-Skip-Cache
X-Soup
X-Cache-Host
X-Via-Fastly
X-Forwarded-Host
X-Edge-Location
X-Content-Age
X-GeoCode
X-Varnish-Beresp-Grace
X-Proxy-Cache-Info
X-Debug
X-Cache-Server
ServerID
X-Sucuri-Cache
X-Labrador-Cache-Channel
X-IPS-LoggedIn
X-UA-Device-Type
X-Detected-As
X-Extlb
X-Reqid
X-VWS-Id
X-Cluster
X-AWS-Id
X-Urbn-Site-Id
X-BYPASS-REASON
X-Urbn-Context-Path
X-Xfnlog-Site
X-JoinUs
X-LJ-Flow-ID
Web-Mar-Node
X-SaId
S-Rt
Onion-Location
X-Site-Version
X-Routing-Service
X-ProxyCache-Status
Locale
X-PHP-Backend
X-Proxied
X-ProxyCache-Key
X-LAGOON
X-Zipkin-Id
Node
X-Locale
TWC-Locale-Group
X-Proto
X-R9-Blue-Green-Version
X-Origin-Hint
X-Handled-By
X-LSADC-Cache
Webcakes-Region
WP-Super-Cache
X-Amzn-Remapped-Content-Length
X-Fastly-Request-Id
X-IPLB-Instance
X-IPLB-Request-ID
X-Server-W
X-No-Session
Webcakes-App-Version
X-Unique-Id
Webcakes-App-Name
X-Ua
Property-Id
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
Mime-Version
TWC-Privacy
TWC-GeoIP-LatLong
Selected-Fe
Mn-Server-Ip
X-Timing-Wait
X-Ms-Version
X-SRV
X-Proxy-Build
Fastcgi-Useragent
X-Ms-Request-Id
X-Cluster-Node
Xserver
Cache-Hits
Liferay-Portal
X-Redis-Cache
X-Hl-Ver
X-Cache-Debug
X-Tumblr-Pixel-3
ServedBy
DB-Nickname
X-TIME
X-Request-Time
X-Loop
X-FB-TRIP-ID
X-TNCMS
X-NWS-UUID-VERIFY
X-Optimistic-Header
X-XRDS-LOCATION
X-CACHE-AGE
Upgrade-Insecure-Requests
Source
X-GEO
X-Generated-By
X-Mg-Request-UUID
X-Tid
X-Air-Source
X-Varnish-Hits
X-Origin-Date
X-Air-Trace-Id
X-Air-Hostname
X-Esi
CF-Cached-On
Countrycode
X-Tec-Api-Version
X-Uri
X-Tec-Api-Origin
X-Storage
X-Tec-Api-Root
X-Times
X-Director
X-Varnish-Beresp-Ttl
X-Akamai-Transformed
X-Tx-Id
X-COUNTRY
X-Cdn
Xet-Cookie
X-TA-CDN-Provider
X-Pass-Why
X-Trace-ID
X-Origin-CC
X-Newrelic-Synthetics
Frame-Options
X-Origin-TTL
X-ARC
X-DC
X-Service
X-B3-Spanid
X-FireWall-Port
X-ECache
X-App-Version
X-Datadog-Trace-Id
X-Datadog-Sampled
X-ShopId
Environment
X-ShardId
X-Datadog-Parent-Id
X-Alternate-Cache-Key
X-Datadog-Sampling-Priority
SID
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Varnish-Hostname
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Presslabs-Stats
X-VG-TLSProxy
Redirect-Candidate
Origin
X-Request-Host
Release
Req-Svc-Chain
X-Vdms-Version
X-Vdms-Path
Rendered-Blocks
Xc-Version
DCR-Decision-By
DCR-Processing-Time-Ms
Candidate-Md5Url
A
X-TIM-N
Edge-Cache
Gannett-Cam-Experience-Id
Ngx.Var.Host
BehaviorPad-Version
Meta-Geo-Continent
MD5-Digest
Lang
Odigeo-Trace-Id
X-Rojux
X-Gdpr
X-External-Request-Id
X-B-Cookie
X-Application
X-Loc
X-Mid
X-A-Dgt
X-Aed
X-BBC-Edge-Cache-Status
X-Bc-Bl
X-Cache-Info
X-Cache-NE
X-D
X-Developer
X-BCube-Filmed-By
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Ec-Fail
X-Mobile-URL
X-Nyt-Route
X-Destination
X-Processor
X-Platform-Router
X-S
X-S-Cookie
Sslversion
X-ScT
X-S-Maxage
X-Platform-Processor
Surrogated-Key
X-Origin-Time
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
X-Platform-Cluster
T-Server
WWW-Authenticate
X-SRCache-Key
X-A-Wwc
X-Endurance-Cache-Level
X-AIR-PT
Server-Info
X-DefElseHash
X-DefHash
X-CUA
X-Core-Mission
X-Clara-WADP
X-Ec-Custom-Error
X-Gamma-Serve
X-Old-Content-Length
X-Human
X-GeoIP-City
X-Cdn-Origin
X-Fmm-Version
X-Origin-Response-Time
State
Tube-Get-Contents
Magicmarker
Fastly-GeoIP-CountryCode
DSUID
Tube-Got-Eval
Tube-Got-Results
X-Akamai-Device-Characteristics
Decoy-Debug-TTL
X-Pubstack
Vix-Hermes-Req-Id
Tube-Return
X-Cache-Bucket
X-Platform-Server
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
TDXMobile
Host-ID
X-WP-CF-Super-Cache-Active
Thinkindot-Control
X-CMSURLCustom
X-Thinkindot-L3
X-We-Are-Hiring
X-INCAP-ABP
X-Frame-Option
X-Core-Value
X-WADP-Cache
X-WA-Info
X-Served-From
X-Sn-Servicetimems
X-SD-PageType
X-SB
X-Req
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VServer
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Decoy-Debug-Status
X-NodeID
Apple-News-Services-Host
Click-Count-Error
Click-Count-Action-Start
Cluster
Apple-News-Services-Request-Url
Decoy-Debug-Key
C-Via
X-ServerID
Cache-Tv-Group
Apple-News-Services-Handled
Country-Code
Apple-News-Services-Parsed-Url
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Parent-Response-Time
Section-Origin-Responded
X-Planisys-CDN-Rules
X-Accel-Buffering
X-Ad-Defer-Variation
X-Accel-Expires-Debug
X-Planisys-CDN-Cache
User-Cache-Control
Cmstype
X-Rocket-Build-Number
X-Date
Cmsid
CloudFront-Viewer-Country
X-Pool
X-Request-Start
Adler-Geo
X-Planisys-CDN-TTL
X-LB-NoCache
CDCHOST
X-Gen-Mode
X-Cache-Id
X-Cache-FS-Status
X-Fastly-Backend
X-Esi-Check
Cache-Provider
Cache-Host
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Sigma
X-Minions-Version
X-App
X-Node-Id
X-Httpd
X-Hnp-Log
X-Block-Status
X-Bip
X-Gzip
X-Origin
X-Scale
Server-Host
X-Restarts
X-Auto-Login
Origin-CC
Origin-EX
Fastly-Backend-Name
Pics-Label
X-Worker
X-Cdn-Srv
Is-Eu
L
X-Is-Gdpr
X-JWT-State
X-HS-Content-Campaign-Id
X-Has-Esi
Memcached
X-Developers
X-Geo-Header
Producers
Platform
X-Thanos
Sever-Int
X-Level-Front-Cache
X-Wix-Viewer-Type
X-Var-Ttl
X-Up
Server-Hostname
Server-Ext
X-Variation
X-Sigma-Backend
Svr
X-Slack-Backend
X-Varnish-Beresp-Status
X-Generated-On
X-CSRF-Token
X-Buckets
Cdn
Cache-Key
X-Fetched-On
X-GeoIP
X-Dispatcher-Server
AKAMAI
X-Test
X-Conf
X-Forwarded-Site
X-Nananana
X-Location
X-Nginx-Cache-Key
X-Vmg-Version
X-Owner
X-Platform
X-Qloud-Router
X-Slack-Shared-Secret-Outcome
X-Refresh
Gh-Request-Id
X-Op-Id-All
Web-Mar-Region
X-Cache-Backend
X-RM-Cache-TTL
X-NCache
X-Server-IP
X-Hash
X-Region-Sid
X-Azure-Ref-OriginShield
Kp-EeAlive
We-Hiring
X-Aicache-OS
Fastly-SSL
Machine
Ssr
NM-Fastcgi-Cache
Mail-Subject
X-Via-Poph
X-Via-Popn
X-Varnishpool
PFcat
X-VarnishDD-TTL
On-Server
X-HN
X-Via-Popv
X-Mvc-Supplant-Cachable
X-Varnish-Ttl
X-V-Cache
X-Cached-By
CacheControlHeader
X-Irp-Debug
Datacenter
NGX
X-CacheTTL
X-Device-Os
X-Ckpd-Fst-Backend
X-FC-Vary-Parameters
X-Men
Wxu-Next-Commit
HostName
Wxu-Next-Region
X-Cache-Tags
X-Cache-Remote
Wxu-Next-Hostname
X-Tb-Optimization-Total-Bytes-Saved
X-Webkit-CSP-Report-Only
L5d-Success-Class
Cdnsip
X-Csrf-Jwt
X-Org
X-AK-Request-ID
Canary
X-Servedbyhost
HA-Ipaddr
X-HA-Backend
Cdncip
Env
X-Eu-Site
GeoIP-Latitude
X-CGP
Ha-Gx-Prefs
X-VC
X-Client-Ip
Server-ID
X-Mvc-Supplant-OutputCached
X-Cache-Date
X-LB-ID
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Microcachable
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-API-Version
X-Mly-Id
X-ZONE
X-APP-VERSION
X-Fpc
X-Wa
X-RCS-CacheZone
Cache
X-Zone
X-Vgn-Hpd-Variations-Key
X-Server-ID
X-Vgn-Hpd-Ssi
X-DataCenter
X-Vgn-Hpd-Cached
X-Webkit-CSP
Request-ID
Memory
X-Via-NSCOPI
X-Fastly-Cache
Time
X-Nc
Load-Balancing
Ngx-Var-Key
Eomportal-Instance
X-Micro-Cache
OT-Force-Account-Verify
X-Generated-In
X-Origin-Expires
X-ND-Cache
X-Instance-Name
X-Correlation-ID
X-SIPLIST1
IsBot
X-Vc
X-Check-Cacheable
X-Request-URI
X-Response-By
X-HS-Status
X-Nf-Request-Id
Srv
X-Via-JSL
X-Release
Locid
X-FL-EDGE
Expect-Staple
X-CS
X-FL-QIT-DEBUG
Srvid
X-VCL-Version
X-Info
X-Cache-NGX
NtCoent-Length
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
X-CCDN-CacheTTL
X-Srv
X-Cache-Enabled
Hostname
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-From
X-Via-CDN
X-Edge-Pop
X-Via-SSL
X-MCACHE
X-Via-Edge
Edge-Copy-Time
True-Client-Ip
X-CSRF-TOKEN
X-Api-Version
GeoIp-Country-Code
X-Provided-By
X-Proxy-CacheRZ
XkeyRZ
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-NGINX-Cache
X-Lambda-Id
X-Amz-Meta-Cb-Modifiedtime
Uri
X-Cache-Expires
Path
Location
X-Dc
X-EC-Lua
X-Edge-POP
Sid
GeoIP-Country-Code
True-Client-IP
X-Oss-Request-Id
X-Vcl-Version
Resin-Trace
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Air-Pt
CPC-Age
CPC-Cache
VNS-Age
X-Vtex-Remote-Cache
X-Fastly-Country-Code
Cross-Origin-Opener-Policy-Report-Only
Servername
VNS-Cache
X-NODE
X-B3-SpanId
X-SERVER-NAME
X-Cs
X-Render-Time
X-Moov-T
Traceparent
X-Moov-Xdn-Version
LB
Fastly-Drupal-Html
X-Scheme
X-CLOUD-TRACE-CONTEXT
X-Viewer-Country
CDN
X-RateLimit-Reset
X-PERF
X-VCT
X-Cdn-Request-ID
X-TH-Server
X-ApacheServer
X-ATG-Version
X-Akamai-Pragma-Client-IP
Rip
X-TX-ID
X-MSEdge-Features
X-MSEdge-Flight
X-Varnish-Authentication
Powered-By
X-Pod-Name
X-NAPM-TraceId
FSS-Cache
X-Contensis-Viewer-Groups
X-Cache-ASPX
Timeexpire
X-Varnish-Beresp-TTL
M-TraceId
X-FPC
CountryCode
X-Datacenter
X-Accel-Version
X-Datadome
Esi-Enabled
YJS-ID
X-CF-Lambda-Version
X-CF-Lambda-Fn
V-Age
X-Upstream-Ht
X-RateLimit-Remaining-Second
Tracecode
X-Upstream-Ct
X-WA
True-Client-Country-4JS
X-PAYTM-SRV-ID
X-RateLimit-Limit-Second
X-Clientip
X-Service-Response-Time
Sm-Log-Id
X-Udemy-Cache-App-Namespace
X-Cdn-Cache-Status
X-Cache-Type
XServer
X-Geo
X-CACHE-KEY
X-Lb-Id
Proxy-Connection
Ohc-File-Size
X-Srcache-Store-Status
X-Srcache-Fetch-Status
XM
HIT
X-LiteSpeed-Cache-Control
Server-Id
X-VG-WebCache
X-NC
RNT-Time
RNT-Machine
ENV
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-FORWARDED-FOR
Ngx
X-TraceId
X-B3-Parentspanid
X-ServedByHost
Yjs-Id
X-Ha-Backend
X-Orig-Expires
X-Hyper-Cache
X-Shop-Environment
X-Cdn-Forward
N-Cache
Geoip-Latitude
X-Forwarded-Path
X-CDN-Cache-Status
X-Bl-Debug
X-Rebelmouse-Cache-Control
WZWS-RAY
X-Rebelmouse-Surrogate-Control
X-Tenant
X-MiniProfiler-Ids
Content-Style-Type
X-Cdn-Diag
X-B3-Trace-ID
X-MP-GENERATED-AT
Pramga
Expiry
Content-Script-Type
Req-ID
User-Agent
X-Fastly-Backend-Reqs
Epwk-X-Cache
X-Serial
X-Swift-Error
X-Lb-Nocache
Ec-Rule-Version
X-B3-ParentSpanId
X-Via-PopV
Inserted-Into-Cache-At
X-Dw-Trace-Id
X-Via-PopN
X-Vgn-Hpd-Reason
X-Via-PopH
X-Connection-Hash
X-F-Status
X-TT-LOGID
X-Lsadc-Cache
X-Akamai-ERRuleID
X-Mid-Debug-Cache-Disk
X-Mid-Debug-Cache-Key
X-Request-URL
X-Stale
X-Yottaa-OS
X-Akamai-ERPolicy
X-Webstats-RespID
X-UP
X-Cache-Ngx
My-App
X-LiteSpeed-Tag
X-Th-Server
MIME-Version
Cneonction
X-IPS-Cached-Response
Warning
X-Snapshot-Date