Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
X-XSS-PROTECTION
Server-Timing
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
X-Via
X-Backend
X-Cache-Group
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Proxy-Cache
X-Hacker
X-Server
X-Rq
X-Age
X-UA-Device
X-Server-Powered-By
Allow
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
EagleId
X-Amz-Version-Id
X-Dispatcher
Grace
P3p
Nel
Cf-Apo-Via
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
Accept-CH
X-Pingback
X-Node
X-Host
X-WebKit-CSP
X-Server-Id
X-OneAgent-JS-Injection
Surrogate-Control
X-Backend-Server
X-CST
X-Readtime
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Content-Security-Policy-Report-Only
Permissions-Policy
Request-Id
X-Application-Context
X-Cache-Lookup
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
X-Response-Time
Accept-Ch-Lifetime
X-Edge
X-HW
X-Litespeed-Cache
X-Ua-Compatible
X-Mod-Pagespeed
Content-Location
Accept-CH-Lifetime
X-Clacks-Overhead
X-Url
X-Ruxit-JS-Agent
X-Midtier
X-ECACHE
X-Oneagent-Js-Injection
X-ESI
Rating
X-Mcache
X-Amz-Server-Side-Encryption
X-Country
X-Upstream
X-Vname
X-PC
X-TtlSet
X-Vcap-Request-Id
Xkey
X-MS-InvokeApp
X-D2id
Cache-Tag
X-Rack-Cache
X-Content-Type
Verso
X-Element-Page-Cache
Fastly-Restarts
X-Cache-TTL
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
Edge-Control
RTSS
X-Powered-By-Plesk
X-VARITI-CCR
Origin-Trial
X-Ac
X-Cached
X-Navigation-Version
Accept-Ch
X-Abt-Application-Version
X-Ruxit-Js-Agent
X-Goog-Hash
X-WebKit-CSP-Report-Only
Service-Worker-Allowed
X-GitHub-Request-Id
X-Amz-Rid
X-Country-Code
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Mg-S
X-Dw-Request-Base-Id
X-Ttl
SPRequestGuid
X-SharePointHealthScore
X-B3-TraceId
X-Browser-Type
X-Server-Name
X-Varnish-TTL
Arr-Disable-Session-Affinity
Cross-Origin-Opener-Policy
X-Ua-Device
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
AR-Request-ID
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
AR-PoweredBy
AR-ATIME
X-Powered-CMS
X-Kraken-Loop-Name
AR-SID
X-Middleton-Response
Response
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Cache-Key
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-Cnection
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-ORACLE-DMS-ECID
X-Version
X-Accel-Expires
X-ORACLE-DMS-RID
Front-End-Https
X-T
Cache-Tags
Cache-Status
X-NF-Request-ID
X-Times
X-Ser
Edge-Cache-Tag
X-Px
X-MSEdge-Ref
X-Fastcgi-Cache
X-Client-IP
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Public-Key-Pins
X-Hits
X-Recruiting
Nginx-Cache
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
X-Webkit-CSP
X-Frontend
X-Request-Received
Access-Control-Request-Method
X-Request-Processing-Time
X-LLID
Server-Node
X-Ua-Browser
Payment
X-RateLimit-Remaining
X-NWS-LOG-UUID
TP-Cache
X-DIS-Request-ID
X-B3-Traceid
X-Webkit-Csp
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
TP-L2-Cache
S
MicrosoftSharePointTeamServices
X-LB-Cache
X-Content-Digest
X-Goog-Metageneration
Content-MD5
X-FastCGI-Cache
X-RateLimit-Limit
X-Distributor
Realpath
X-Webkit-CSP-Report-Only
X-PressLabs-Stats
X-Hostname
X-Geo-Country
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Request-Handler-Origin-Region
X-Microsite
X-Forwarded-For
X-Ezoic-Cdn
X-Server-ID
Access-Control-Allow-Method
X-Envoy-Decorator-Operation
X-Page-Id
Accept-Charset
X-FB-Debug
X-Ratelimit-Remaining
X-Cluster-Name
Fastcgi-Cache
X-Kinja-CCPA
X-Rid
X-GUploader-UploadID
X-Correlation-Id
X-Protected-By
TCN
X-Seen-By
X-Amzn-RequestId
X-TTL
X-Amz-Apigw-Id
Cleartype
X-B3-Sampled
X-Origin-Server
DC
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Debug-Info
X-Ratelimit-Limit
X-Origin-Cache
X-Newrelic-App-Data
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Mobile
Referer-Policy
X-XRDS-Location
X-Varnish-Backend
X-Logged-In
X-Git-Hash
X-Aspnet-Version
X-Kinsta-Cache
X-Edge-Location-Klb
Alternate-Protocol
Cross-Origin-Resource-Policy
X-Azure-Ref
Healthy
X-Contextid
X-Varnish-Grace
X-App-Environment
X-Revision
Surrogate-Key
X-Fb-Rlafr
X-Amz-Replication-Status
X-Grace
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Aspnet-Duration-Ms
X-Flags
X-TT
X-Amz-Meta-S3cmd-Attrs
Count-Hit
X-Content-Options
X-Whom
X-Wix-Request-Id
X-Forwarded-Proto
Charset
X-IPS-LoggedIn
Filterid
Viewport
X-Akamai-Edgescape
MS-Author-Via
Frame-Options
WPO-Cache-Status
WPO-Cache-Message
X-App-Server
X-Id
X-B
Paypal-Debug-Id
X-Hosted-By
X-Cache-Age
X-Backend-Name
X-Kong-Upstream-Latency
X-Client-Ip
X-Kong-Proxy-Latency
X-Magnolia-Registration
X-Cache-Control
X-Az
X-AppVersion
X-Activity-Id
X-Www-Served-By
X-Trace-Id
Section-Io-Cache
X-Upgrade-Enabled
Retry-After
Server-Name
Refresh
X-Daa-Tunnel
Version
X-Type
X-F-Cache
X-Varnish-Server
X-Proxy-Cache-Info
Amp-Access-Control-Allow-Source-Origin
X-Proxy
X-Oracle-Dms-Ecid
Host
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
SD-X-WS
VIX-Pulpo-Node
X-Time
X-Response-Served-From
X-Cache-Rule
X-Oracle-Dms-Rid
Akamai-GRN
X-ARC
X-Rule
X-App-Version
X-Edge-Location
X-Http-Reason
X-Rocket-Nginx-Serving-Static
Front
Protected
X-Status
X-Varnish-Age
X-UUID
X-User-Agent
X-Instance
X-EdgeConnect-Cache-Status
X-Is-Bot
X-Environment-Context
X-Framework
X-Region
X-Rendered-As
X-Cache-Grace
X-L-Path
X-Source
X-Unique-Id
X-Jobs
X-Cacheable-TTL
X-COUNTRY
X-Akamai-Request-ID2
X-FW-Dynamic
X-FW-Server
X-FW-Hash
Access-Control-Request-Headers
X-Cache-Time
X-FW-Version
X-FW-Type
X-FW-Static
X-Load-Cache
X-N
X-FW-Serve
Fastly-SWR
Fastly-SIE
SRV
From-Origin
X-Adobe-Loc
X-Adobe-Content
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Page-View
X-Tumblr-Pixel-0
X-RemovedCookies
X-G
X-ProcessESI
X-Tumblr-User
X-Varnish-Ttl
ServerID
Content-Disposition
X-Drupal-Cache-Tags
Country
X-CDN-Forward
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Vcache
X-Language
X-HTML-Minification-Powered-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-DataDome
Accept-Language
Liferay-Portal
Countrycode
X-Yottaa-Metrics
X-Datadog-Sampled
X-Yottaa-Optimizations
X-ID
X-Xrds-Location
X-DynaTrace
X-DynaTrace-JS-Agent
X-Amzn-Remapped-Content-Length
X-RateLimit-Reset
X-Nf-Request-Id
X-Debug-IsConnected
X-Debug-IsPreview
X-Mg-Request-UUID
X-Generated-By
X-B3-SpanId
X-ECache
Xet-Cookie
X-Drupal-Cache-Contexts
Backend
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-NYM-Debug-Backend
CF-IPCountry
X-Device-Type
Xserver
X-Tt-Logid
X-Mode
Webserver
X-Content-Powered-By
X-Nginx-Cache
X-Erf-Web-Scheduler
X-Ratelimit-Reset
X-Signature
X-Zen-Fury
X-B-Cache
X-Httpd
GEO-INFO
Azure-Version
X-Rewrite-Enabled
Azure-SiteName
Azure-SlotName
X-UPSTREAM-Address
Onion-Location
Meta-Geo
Load-Balancing
S-Rt
X-ServerID
X-Sucuri-ID
X-SaId
Filters
X-JoinUs
X-Director
Azure-RegionName
X-Varnish-Cache-Hits
X-Servername
Url
X-Content-Age
X-Cache-Operation
X-Sucuri-Cache
X-Cache-Action
X-LAGOON
Azure-InstanceId
X-Soup
X-Urbn-Context-Path
X-Container-Uri
Locale
X-Urbn-Site-Id
X-Cluster-Node
X-Varnish-Hostname
X-Proto
X-Git-Commit
X-Tb
Uber-Trace-Id
X-Storage
X-Served-From
X-Logging-Id
X-Say-Cacheable
X-RM-Cache-TTL
X-Labrador-Cache-Channel
X-Generation-Time
X-Detected-As
X-PHP-Host
X-Ms-Request-Id
X-SayCDN-TTL
X-VCT
X-VC-Cache
X-Ms-Version
X-Cache-Server
X-Forwarded-Host
X-Say-TTL
Webcakes-App-Version
Web-Mar-Node
Webcakes-App-Name
X-GeoCountry
Node
Mn-Server-Ip
X-Adobe-Source
Property-Id
TWC-Device-Class
X-GeoCode
DB-Nickname
TWC-Locale-Group
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
Fastcgi-Useragent
X-Tec-Api-Version
X-Tec-Api-Origin
X-Skip-Cache
X-Origin-Hint
X-Extlb
X-Tec-Api-Root
X-Proxied
TWC-Connection-Speed
X-Zipkin-Id
X-RCS-CacheZone
X-Routing-Service
X-Uri
X-Timing-Wait
X-LSADC-Cache
X-Debug
Selected-Fe
X-Proxy-Build
X-FB-TRIP-ID
X-Format
X-Tumblr-Pixel-2
X-Sql-Count
X-Sql-Duration-Ms
X-R9-Blue-Green-Version
X-Tumblr-Pixel-3
X-Fetched-On
X-Via-JSL
Fastly-Drupal-HTML
CDN-RequestId
X-MP-GENERATED-AT
X-Origin-Date
X-Lambda-Id
X-Cache-Expired-At
X-NGENIX-Cache
Source
OT-Force-Account-Verify
X-MCACHE
X-XRDS-LOCATION
X-Cache-Hit
X-Node-Name
X-Template
Content-Secure-Policy
X-Varnish-Hits
X-Cache-TTL-Remaining
X-AIR-PT
X-UA-Device-Type
X-Srv
X-Loop
X-Tncms
X-Pass-Why
X-Pubstack
X-Endurance-Cache-Level
X-Ua
Upgrade-Insecure-Requests
X-PHP-Backend
Cross-Origin-Window-Policy
NGB
X-Fastly-Request-Id
X-Server-W
X-Redis-Cache
X-Real-IP
X-Origin-CC
X-Origin-TTL
Cache-Hits
MS-CV
X-RTag
Ms-Operation-Id
X-Cache-Host
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Cache-Name
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Optimistic-Header
X-Xfnlog-Site
X-Reqid
Apigw-Requestid
X-Cms-Context
X-Restarts
Cache-Provider
X-IPLB-Instance
X-IPLB-Request-ID
X-S
X-CSRF-Token
CDN-CachedAt
CDN-Cache
X-Cache-Type
X-GEO
CDN-EdgeStorageId
CDN-PullZone
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
X-Aspnetmvc-Version
X-Hl-Ver
X-No-Session
X-ProxyCache-Status
X-Akamai-Transformed
X-BYPASS-REASON
X-ProxyCache-Key
X-CACHE-AGE
X-Cluster
X-Newrelic-Synthetics
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-Via-Fastly
X-Access
X-Section
MD5-Digest
Meta-Geo-Continent
Magicmarker
X-Tenant
N-Cache
X-SRCache-Key
Mail-Subject
Rendered-Blocks
Surrogated-Key
X-ScT
T-Server
X-S-Cookie
Vix-Hermes-Req-Id
X-SD-PageType
X-Shop-Environment
Redirect-Candidate
Odigeo-Trace-Id
X-TIM-N
Server-Host
Sslversion
Ngx.Var.Host
L5d-Success-Class
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Gannett-Cam-Experience-Id
Gh-Request-Id
Xc-Version
DCR-Processing-Time-Ms
DCR-Decision-By
Canary
BehaviorPad-Version
Candidate-Md5Url
CPC-Age
CPC-Cache
Ha-Gx-Prefs
HA-Ipaddr
X-Vdms-Path
X-Vdms-Version
L
X-Var-Ttl
X-Rojux
X-VG-WebCache
X-Viewer-Country
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-We-Are-Hiring
X-Vtex-Remote-Cache
Lang
VNS-Age
X-Csrf-Jwt
X-Conf
X-Accel-Expires-Debug
X-CGP
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-Date
X-D
X-A-Dcw
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-CacheTTL
X-Cache-NE
X-Cache-Info
X-Bl-Debug
X-BCube-Filmed-By
X-Bc-Bl
X-Aed
X-Application
X-B-Cookie
X-Cdn-Diag
X-A
We-Hiring
X-Mvc-Supplant-Cachable
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Gdpr
X-Nyt-Route
VNS-Cache
X-RateLimit-Limit-Second
X-Policy
X-Origin-Time
X-Orig-Expires
X-Forwarded-Path
X-External-Request-Id
X-Destination
X-Debug-Cache-Store
X-Debug-Cache-Fetch
W
X-Developer
X-Ec-Custom-Error
X-Eu-Site
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Ec-Fail
X-RateLimit-Remaining-Second
X-A-Dam
X-Rn-Rsrv
X-Proxy-Cache-Status
X-Datadome
X-Web-Node
X-Esi-Check
X-Fastly-Backend
X-CMSURLCustom
X-Dispatcher-Number
X-Core-Value
X-FC-Vary-Parameters
X-Core-Mission
X-Fmm-Version
X-Hash
X-INCAP-ABP
X-Handled-By
X-Gzip
X-Generated-On
X-Geo-Header
X-Clientip
Req-Svc-Chain
X-Alternate-Cache-Key
X-ApacheServer
X-TimeS
Web-Mar-Region
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Auto-Login
X-BBC-Edge-Cache-Status
X-Irp-Debug
TDXMobile
X-Cache-Id
X-Cache-Debug
X-Bip
X-Cache-Bucket
X-Clara-WADP
X-Level-Front-Cache
X-Thanos
X-Thinkindot-L3
X-Up
X-Test
X-SVT-ORM-VERSION
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-SVT-ORM-RULES
X-Varnishpool
X-VG-TLSProxy
X-Is-Gdpr
X-JWT-State
X-Worker
X-Has-Esi
True-Client-Country-4JS
X-WADP-Cache
Fastly-SSL
X-Sorting-Hat-PodId
X-Slack-Shared-Secret-Outcome
X-PAYTM-SRV-ID
X-PERF
X-Platform
X-Owner
X-Node-Id
X-Mid
X-Mly-Id
X-Pool
X-Request-Host
X-ShopId
X-Shopify-Stage
X-Slack-Backend
X-ShardId
X-Server-IP
X-Request-Time
X-S-Maxage
Release
X-Org
Datacenter
Environment
Origin
AKAMAI
Cmstype
Host-ID
Machine
Cmsid
Memcached
X-Vcl-Version
WP-Super-Cache
X-Origin
Country-Code
X-Old-Content-Length
X-Scale
X-Origin-Response-Time
DSUID
X-Mvc-Supplant-OutputCached
X-Device-Os
X-Dispatcher-Server
X-Presslabs-Stats
X-Cs
X-Cdn-Srv
X-Forwarded-Site
X-From
X-Nginx-Cache-Key
X-Nananana
Esi-Enabled
X-Human
X-NodeID
CDCHOST
X-Qloud-Router
X-Sn-Servicetimems
X-Loc
X-DPWN-IS-SECURE
X-DefHash
X-Variation
X-Varnish-CookieHashed-On
X-VServer
X-Wix-Viewer-Type
X-Vmg-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Cdn-Origin
X-WA-Info
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Adler-Geo
Expect-Staple
X-Accel-Buffering
Producers
Platform
Is-Eu
X-Azure-Ref-OriginShield
CloudFront-Viewer-Country
ServedBy
Server-Hostname
X-Parent-Response-Time
X-App-Name
Server-Ext
NM-Fastcgi-Cache
Sever-Int
X-Air-Trace-Id
User-Cache-Control
X-Air-Source
X-Air-Hostname
X-GeoIP
X-Gen-Mode
X-NCache
X-Instance-Name
X-LB-NoCache
X-App
X-Hnp-Log
Wxu-Next-Region
X-Nitro-Cache
Wxu-Next-Commit
Wxu-Next-Hostname
X-Op-Id-All
Ssr
C-Via
X-Block-Status
Origin-EX
Origin-CC
X-Akamai-Device-Characteristics
X-TA-CDN-Provider
Pics-Label
X-TIME
X-Microcachable
Server-Info
Cache-Host
X-Refresh
X-Cache-Status-Check
AMP-Access-Control-Allow-Source-Origin
Server-ID
Memory
X-Platform-Processor
Time
X-Amz-Meta-Cb-Modifiedtime
X-Platform-Cluster
X-Cache-Enabled
X-Platform-Router
X-Locale
X-Site-Version
XM
X-Correlation-ID
X-HA-Backend
X-Origin-Expires
X-Tx-Id
PFcat
X-VarnishDD-TTL
NGX
X-HN
X-VHOST
X-Dc
X-URL
GeoIP-Latitude
X-ZONE
X-CACHE-GROUP
Resin-Trace
Hostname
X-Tb-Optimization-Total-Bytes-Saved
X-API-Version
Edge-Copy-Time
Cf-Device-Type
X-Ad-Defer-Variation
X-Via-Edge
Srvid
Locid
A
X-Via-SSL
X-Via-CDN
X-FL-QIT-DEBUG
X-FL-EDGE
Origin-Agent-Cluster
X-Wp-Cf-Super-Cache-Active
X-Upstream-Ht
X-Varnish-Beresp-Ttl
X-DC
X-Upstream-Ct
X-Varnish-Beresp-Grace
Cdn-Requestid
X-Fpc
X-Zone
YJS-ID
X-Webkit-Csp-Report-Only
X-Vgn-Hpd-Reason
X-ATG-Version
X-FireWall-Port
Sid
X-Internal-Host
X-Contensis-Viewer-Groups
Cache-Key
X-Cache-ASPX
X-Pod-Name
X-Varnish-Authentication
Uri
X-Github-Request-Id
X-Moov-T
X-Moov-Xdn-Version
X-Micro-Cache
User-Agent
X-DataCenter
X-WP-CF-Super-Cache-Active
True-Client-Ip
X-Provided-By
X-LiteSpeed-Cache-Control
X-Info
X-Cached-By
State
X-TraceId
X-HS-Content-Campaign-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-B3-Spanid
X-B3-Parentspanid
X-Platform-Server
X-Fastly-Cache
GeoIP-Country-Code
X-RN-RSRV
X-Buckets
Location
X-Sigma
X-Sigma-Backend
X-SIPLIST1
X-AB
X-Cache-Remote
X-Nitro-Rev
X-Nitro-Cache-From
X-NGINX-Cache
IsBot
X-Release
X-Rocket-Build-Number
X-Api-Version
X-LiteSpeed-Tag
Cache
X-MSEdge-Features
X-Backend-Instance
Cdn
X-MSEdge-Flight
GeoIp-Country-Code
X-VC
X-Datacenter
SID
X-Geo-Region
XServer
X-CS
X-Accel-Version
X-Gamma-Serve
X-Generated-In
X-CSRF-TOKEN
X-Geo
Srv
X-VCache
Lb
X-Vgn-Hpd-Variations-Key
X-NewRelic-App-Data
Cache-Tv-Group
X-Vgn-Hpd-Cached
CF-Ctrl
True-Client-IP
NtCoent-Length
X-Vgn-Hpd-Ssi
X-GeoIP-City
X-FTR-Request-ID
X-HS-Status
Path
X-Scheme
X-Rebelmouse-Cache-Control
X-TRACE-ID
X-Rebelmouse-Surrogate-Control
HostName
X-Is-Tablet
X-Is-Desktop
Fastly-Drupal-Html
X-Tcp-Rtt
X-Is-Supported-Browser
X-FPC
X-Is-Mobile
X-Browser-Name
Kp-EeAlive
X-HostName
Tcn
Epwk-X-Cache
X-Hyper-Cache
X-Mobile-URL
Ohc-File-Size
X-SRV
X-Frame-Option
X-Location
X-GoCache-CacheStatus
CountryCode
X-TX-ID
X-APP-VERSION
Serverid
X-UA
Cf-Ipcountry
X-Service
X-Region-Sid
X-Men
On-Server
X-Esi
X-AK-Request-ID
X-Amz-Meta-Opti
Cdnsip
Cdncip
X-Developers
CacheControlHeader
X-Aicache-OS
X-Air-Pt
X-Guploader-Uploadid
Tube-Got-Results
X-Wp-Cf-Super-Cache
Tube-Get-Contents
RNT-Machine
X-Via-Popn
X-B3-Trace-ID
RNT-Time
X-Wp-Cf-Super-Cache-Cache-Control
X-Cache-Ttl
X-Minions-Version
X-Acquia-Purge-Cdn-Unconfigured
X-Via-Poph
X-Cache-Tags
X-Cache-FS-Status
X-LB-ID
Tube-Got-Eval
Mime-Version
X-Req
X-CDN-Cache-Status
Click-Count-Action-Start
Proxy-Connection
X-EC-Lua
X-Via-Popv
Tube-Return
WebServer
X-Traceid
Click-Count-Error
X-SB
X-Branch-Name
XkeyRZ
X-Webstats-RespID
V-Age
X-V-Cache
X-Proxy-CacheRZ
X-Wp-Cf-Super-Cache-Cookies-Bypass
Env
X-Pad
X-Vc
X-Cdn-Cache-Status
ENV
WWW-Authenticate
Ohc-Cache-HIT
X-Servedbyhost
X-Nc
WZWS-RAY
X-Wa
Yak-Timeinfo
CDN
X-VCL-Version
X-CACHE-KEY
Geoip-Latitude
X-Fastly-Country-Code
X-User
X-NWS-UUID-VERIFY
X-Cdn-Forward
X-Edge-Pop
Ngx
X-Akamai-Pragma-Client-IP
CF-Cached-On
LB
X-Check-Cacheable
X-Lb-Cache
Cdn-Request-Time
X-Edge-Server
Content-Style-Type
Cdn-Host
X-Ha-Backend
X-Ckpd-Fst-Backend
Server-Id
Content-Script-Type
X-Vercel-Id
X-TH-Server
X-Vercel-Cache
X-Processor
X-TT-LOGID
X-CUA
PICS-Label
X-Lb-Nocache
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
M-TraceId
Req-ID
X-FTR-Cache-Status
X-FTR-Expires
X-NMSegId
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Via-Ucdn
X-Render-Time
X-Dw-Trace-Id
X-WP-CF-Super-Cache-Cookies-Bypass
X-Snapshot-Date
HIT
X-APP
X-MiniProfiler-Ids
X-Edge-POP
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Litespeed-Cache-Control
Yjs-Id
X-Origin-Cache-Key
Cneonction
CACHE-MISS-TO-ORIGIN
X-Cache-Date
X-Ad-Load-Variation
X-Iauth-Set-Uid
Cluster
Vha6-Origin
X-Serial
X-M-Log
X-M-Reqid
X-Fastly-Cache-Hits
Inserted-Into-Cache-At
Edge-Cache
X-Fastly-Backend-Reqs
X-ElasticPress-Query
X-Response-By
Log-Origin
X-Service-Response-Time
Sm-Log-Id
X-Udemy-Cache-App-Namespace
X-Cached-Since
X-RAMCache
X-Miniprofiler-Ids