Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
CF-Ray
X-Generator
X-Cacheable
X-Iinfo
Timing-Allow-Origin
X-Request-ID
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
Upgrade
X-XSS-PROTECTION
Access-Control-Max-Age
X-Via
X-Cache-Group
X-Robots-Tag
Server-Timing
X-UA-Device
Request-Context
X-Dns-Prefetch-Control
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Ws-Request-Id
P3p
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Akamai-Path-Stats
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Nginx-Cache-Status
X-Aws-Lambda-Call-Status
X-Host
X-Node
Accept-CH
X-Pingback
Cf-Railgun
X-Server-Id
X-Cache-Spec
Request-Id
X-OneAgent-JS-Injection
Surrogate-Control
EagleEye-TraceId
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
X-Clacks-Overhead
X-WebKit-CSP-Report-Only
Accept-Ch-Lifetime
X-Url
X-MS-InvokeApp
X-Nginx-Upstream-Cache-Status
X-Edge
X-Rack-Cache
X-Amz-Server-Side-Encryption
Edge-Control
X-Oneagent-Js-Injection
X-B3-TraceId
X-PC
X-Vname
X-TtlSet
X-Content-Type
X-Mod-Pagespeed
X-Vcap-Request-Id
X-Ruxit-JS-Agent
X-ESI
X-Ruxit-Js-Agent
X-D2id
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
Xkey
Verso
X-GitHub-Request-Id
X-CST
X-Mcache
Cache-Tag
X-Amz-Rid
X-FastCGI-Cache
X-Powered-By-Plesk
X-VARITI-CCR
X-Varnish-TTL
RTSS
Service-Worker-Allowed
X-ECACHE
X-Upstream
X-Version
X-Navigation-Version
X-Abt-Application-Version
X-Cached
X-Client-IP
X-Cnection
X-Dw-Request-Base-Id
X-Ac
X-Px
X-Server-Name
X-Element-Page-Cache
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-SharePointHealthScore
SPRequestGuid
X-Instrumentation
Arr-Disable-Session-Affinity
X-Ttl
Public-Key-Pins
X-Cache-TTL
SPIisLatency
SPRequestDuration
Accept-Ch
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Country-Code
X-NWS-LOG-UUID
Permissions-Policy
X-Ser
X-Middleton-Response
Response
X-Midtier
X-Cache-Key
X-Edge-Location-Klb
X-Kinsta-Cache
X-RateLimit-Remaining
X-Goog-Hash
X-Forwarded-For
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
Access-Control-Request-Method
X-NF-Request-ID
X-Correlation-Id
Front-End-Https
X-Shield-Request-Id
X-DataDome
Cf-Apo-Via
X-MSEdge-Ref
X-T
X-Recruiting
X-Jurisdiction
TP-L2-Cache
X-HP-Trace-Id
X-HP-Webp
TP-Cache
Nginx-Cache
Edge-Cache-Tag
AR-PoweredBy
AR-Request-ID
AR-CACHE
AR-SID
AR-ATIME
X-Accel-Expires
MicrosoftSharePointTeamServices
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Daa-Tunnel
X-Powered-CMS
X-RateLimit-Limit
TCN
X-Grace
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Mg-S
X-Content-Digest
X-Id
X-Hits
X-Request-Processing-Time
X-Request-Received
X-TEC-API-VERSION
X-TEC-API-ROOT
Server-Node
X-TEC-API-ORIGIN
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
Server-Name
Filters
X-Amzn-Trace-Id
X-XRDS-Location
MS-Author-Via
X-Geo-Country
X-Frontend
X-Distributor
Fastcgi-Cache
S
X-Protected-By
X-Language
X-LLID
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Cache-Status
X-Origin-Server
X-LB-Cache
Count-Hit
X-Ezoic-Cdn
X-PressLabs-Stats
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Fastly-Request-Id
X-F-Cache
X-Litespeed-Cache
X-Ua-Browser
X-Ab
X-B3-Sampled
Host
X-FB-Debug
X-Microsite
X-Seen-By
X-Page-Id
X-Request-Handler-Origin-Region
X-Git-Hash
Payment
X-Amz-Meta-S3cmd-Attrs
Filterid
Charset
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Fastcgi-Cache
X-Cluster-Name
X-TTL
X-VCache
Surrogate-Key
Realpath
X-Rid
Accept-Charset
X-Template
X-Cache-Age
Cache-Tags
X-Origin-Cache
X-Webkit-Csp
X-NGENIX-Cache
Alternate-Protocol
X-Www-Served-By
Access-Control-Allow-Method
Retry-After
X-Logged-In
Cleartype
X-Upgrade-Enabled
X-DIS-Request-ID
X-AppVersion
X-Az
X-Activity-Id
X-Varnish-Backend
X-Request-Guid
X-Wix-Request-Id
X-Providence-Cookie
X-Source
X-Signature
X-Amz-Replication-Status
X-TT
X-DynaTrace
X-Is-Crawler
X-B-Cache
X-Tb
X-Aspnet-Duration-Ms
X-Route-Name
X-Flags
X-Type
ServerID
X-B
X-App-Environment
X-Varnish-Grace
X-Envoy-Decorator-Operation
X-Node-Name
X-Fastly-Request-ID
DC
Paypal-Debug-Id
X-Hostname
X-Drupal-Cache-Tags
Frame-Options
X-Debug
X-Revision
X-Proxy
X-Contextid
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Mobile
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Content-Options
X-Cache-Rule
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Kong-Proxy-Latency
Amp-Access-Control-Allow-Source-Origin
X-Kong-Upstream-Latency
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Load-Cache
X-N
Country
X-Cache-Control
Refresh
Node
X-Magnolia-Registration
NGB
X-Oracle-Dms-Ecid
X-User-Agent
X-Content
X-Response-Served-From
X-Original-Request-Id
X-Whom
Viewport
X-Oracle-Dms-Rid
Referer-Policy
X-EdgeConnect-Cache-Status
Access-Control-Request-Headers
X-Varnish-Age
X-Cache-TTL-Remaining
X-Ratelimit-Remaining
X-Content-Powered-By
X-Debug-IsPreview
X-L-Path
X-Framework
X-Environment-Context
X-Debug-IsConnected
X-Cacheable-TTL
X-Instance
X-G
X-Is-Bot
X-Jobs
X-Mid
X-Cache-Grace
X-Akamai-Request-ID2
VIX-Pulpo-Node
Url
VIX-Pulpo-Upstream-Status
X-Adobe-Content
X-Adobe-Loc
X-Page-View
X-NYM-Debug-Backend
X-Servername
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rendered-As
X-Unique-Id
X-Real-IP
X-Status
Uber-Trace-Id
X-Cache-Time
Content-Disposition
X-Varnish-Server
X-ProcessESI
Srv
X-RemovedCookies
Akamai-GRN
Countrycode
X-COUNTRY
X-Drupal-Cache-Contexts
X-APP-VERSION
X-Mg-Request-UUID
Version
X-Time
X-Server-ID
X-Restarts
X-XRDS-LOCATION
X-CDN-Forward
X-URL
X-Cache-Expired-At
Accept-Language
X-Http-Reason
X-App-Server
X-Via-JSL
X-Cache-Hit
Protected
Cross-Origin-Resource-Policy
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-IPLB-Instance
Healthy
X-IPLB-Request-ID
X-Trace-Id
X-Hosted-By
X-Cache-Operation
X-Ratelimit-Limit
X-Azure-Ref
X-Debug-Info
X-Nginx-Cache-Key
Content-Secure-Policy
X-Backend-Name
Section-Io-Cache
X-Device-Type
X-Tt-Logid
X-Api-Version
X-Akamai-Edgescape
Liferay-Portal
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Type
Backend
X-FW-Dynamic
X-SRV
Server-Info
X-Cache-Action
X-Rule
X-RTag
Fastcgi-Useragent
Ms-Operation-Id
MS-CV
Load-Balancing
X-Storage
X-VC-Cache
X-Proxy-Cache-Status
GEO-INFO
X-RN-RSRV
X-UPSTREAM-Address
Meta-Geo
X-Mobile-URL
X-Generation-Time
X-Mode
X-Cache-NGX
X-Handled-By
X-Content-Age
X-Varnish-Beresp-Grace
CF-IPCountry
CDN-CachedAt
CDN-Cache
Azure-Version
TWC-Device-Class
CDN-Uid
S-Rt
Onion-Location
CDN-RequestCountryCode
X-No-Session
CDN-RequestId
Azure-SlotName
Property-Id
Azure-SiteName
CDN-PullZone
TWC-Connection-Speed
Locale
Azure-RegionName
CDN-EdgeStorageId
X-Format
X-Redis-Cache
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Skip-Cache
X-Sorting-Hat-PodId
Azure-InstanceId
Web-Mar-Node
X-Sorting-Hat-ShopId
X-Region
X-ShopId
X-Cache-Host
X-Say-TTL
X-Say-Cacheable
X-SaId
X-Alternate-Cache-Key
X-SayCDN-TTL
X-Adobe-Source
X-JoinUs
X-Site-Version
X-Sql-Count
X-Sql-Duration-Ms
X-Varnishpool
X-PHP-Host
X-Varnish-Cache-Hits
X-ShardId
X-Shopify-Stage
TWC-GeoIP-Country
X-Origin-Hint
X-PCL
X-PHP-Backend
X-Edge-Location
TWC-Locale-Group
TWC-Privacy
X-Cms-Context
X-Proto
X-Labrador-Cache-Channel
X-Locale
X-Forwarded-Host
X-Uri
X-Urbn-Site-Id
X-Urbn-Context-Path
X-OCL
TWC-GeoIP-LatLong
X-HTML-Minification-Powered-By
X-Extlb
X-Zipkin-Id
Selected-Fe
Apigw-Requestid
X-GeoCode
X-Cache-Server
X-GeoCountry
X-Detected-As
X-FB-TRIP-ID
X-Cache-Enabled
X-Web-Node
X-Varnish-Hostname
X-VWS-Id
X-AWS-Id
X-Xfnlog-Site
X-Hl-Ver
X-BYPASS-REASON
X-UUID
X-Cache-Type
X-Access
X-Proxy-Build
X-Proxied
X-Datadome
X-ProxyCache-Key
X-ProxyCache-Status
X-ServerID
X-Routing-Service
X-Request-Time
X-Section
X-Storefront-Renderer-Rendered
X-Generated-By
Eomportal-Instance
X-R9-Blue-Green-Version
X-UA-Device-Type
X-LJ-Flow-ID
X-Via-Fastly
X-Timing-Wait
X-Tid
X-Cache-Status-Check
X-Ms-Version
X-Ms-Request-Id
DB-Nickname
Mn-Server-Ip
X-FireWall-Port
Xserver
X-Nginx-Cache
X-Origin-Date
WP-Super-Cache
X-Server-W
Cache-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
X-DynaTrace-JS-Agent
X-ECache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
ServedBy
X-Zen-Fury
X-Varnish-Ttl
X-LSADC-Cache
X-Loop
X-TNCMS
X-Human
X-Ua
X-Pubstack
Xet-Cookie
X-Cache-Tags
Source
X-Debug-Cache
X-Amzn-Remapped-Content-Length
X-Correlation-ID
Cache
X-Reqid
X-RCS-CacheZone
X-Aspnetmvc-Version
X-Cdn
X-Dc
X-Varnish-Hits
X-Soup
X-GEO
X-MP-GENERATED-AT
Origin
X-TA-CDN-Provider
X-Webkit-CSP
X-Newrelic-Synthetics
X-Cached-By
Cross-Origin-Window-Policy
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-2
X-Provided-By
X-Origin-CC
SD-X-WS
X-Origin-TTL
X-Service
From-Origin
WPO-Cache-Status
WPO-Cache-Message
X-App-Version
X-Varnish-Beresp-Ttl
LB
X-IPS-LoggedIn
Webserver
X-TIME
X-Tec-Api-Version
X-Tec-Api-Origin
X-AOL-HN
X-Tec-Api-Root
Rip
X-Trace-ID
X-B3-Traceid
X-B3-SpanId
X-FW-Version
X-Request-Host
X-Via-NSCOPI
X-NAPM-TraceId
DCR-Decision-By
X-A-Dam
X-A-Ccd
X-A
Host-ID
X-A-Dcw
X-A-Dgt
X-AK-Request-ID
X-Aed
X-A-Wwc
Lang
VNS-Cache
T-Server
Surrogated-Key
Sslversion
Rendered-Blocks
Odigeo-Trace-Id
Ngx.Var.Host
VNS-Age
MD5-Digest
Meta-Geo-Continent
X-Application
X-ARC
A
X-D
BehaviorPad-Version
X-Connection-Hash
X-Destination
X-Developer
X-External-Request-Id
X-Ec-GeoHdr
X-Ec-Fail
Cdncip
Cdnsip
X-Bc-Bl
X-B-Cookie
Environment
Expiry
X-BCube-Filmed-By
DCR-Processing-Time-Ms
X-Cache-NE
CPC-Age
CPC-Cache
X-Forwarded-Path
X-PBS-Appsvrname
X-ScT
X-Orig-Expires
X-Shop-Environment
X-S-Cookie
X-Platform-Server
X-Rewrite-Enabled
X-Rojux
X-S
X-GG-Cache-Date
X-SRCache-Key
X-Vdms-Version
X-VG-WebCache
Xc-Version
X-Vdms-Path
X-User
X-Tenant
X-TIM-N
X-Processor
X-Served-From
X-Owner
OT-Force-Account-Verify
X-NewRelic-App-Data
X-Dispatcher-Number
Machine
X-Cache-Debug
X-Level-Front-Cache
HostName
X-Varnish-Beresp-Status
X-Bip
X-Thanos
X-Cluster-Node
X-Aicache-OS
X-Accel-Buffering
Mime-Version
X-Generated-On
Redirect-Candidate
X-Qloud-Router
X-Pool
X-Parent-Response-Time
X-VC
X-Ad-Defer-Variation
X-V-Cache
X-NodeID
Server-Host
Servername
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
State
X-Variation
X-Planisys-CDN-Cache
X-Origin
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Nyt-Route
X-BBC-Edge-Cache-Status
X-Optimistic-Header
X-Thinkindot-L3
X-Auto-Login
X-Varnish-Remaining-TTL
X-Cache-Bucket
X-Origin-Time
Tube-Return
X-VServer
Thinkindot-CacheControl
V-Age
Tube-Got-Results
Tube-Got-Eval
Traceparent
Thinkindot-CacheControl-Type
Tube-Get-Contents
X-WADP-Cache
Vix-Hermes-Req-Id
X-Viewer-Country
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
Thinkindot-Control
Web-Mar-Region
X-VG-TLSProxy
TDXMobile
X-Origin-Response-Time
X-Wix-Viewer-Type
X-Cache-Id
X-Worker
X-Cdn-Origin
X-Rocket-Nginx-Serving-Static
X-Fmm-Version
X-Forwarded-Site
X-Gamma-Serve
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Fetched-On
X-Loc
X-Minions-Version
X-Planisys-CDN-TTL
X-Epic-Correlation-Id
X-Esi-Check
X-Eu-Site
X-Request-URI
X-Gateway-Request-Id
X-Gzip
X-GeoIP-City
X-Hash
X-INCAP-ABP
X-Irp-Debug
X-Proxy-Cache-Info
X-RateLimit-Limit-Second
X-Gdpr
X-Gateway-Skip-Cache
X-Region-Sid
X-GeoIP
X-RateLimit-Remaining-Second
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Clientip
X-SIPLIST1
X-Cluster
X-CMSURLCustom
X-Mvc-Supplant-OutputCached
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Slack-Backend
X-Cache-Info
X-CacheTTL
X-Policy
X-CGP
X-Core-Mission
X-Core-Value
X-DefHash
X-SB
X-S-Maxage
X-Mvc-Supplant-Cachable
X-Device-Os
X-DefElseHash
X-Datadog-Trace-Id
X-Planisys-CDN-Rules
X-Csrf-Jwt
X-Scale
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Sn-Servicetimems
We-Hiring
Fastly-GeoIP-CountryCode
Fastly-SIE
DSUID
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-SSL
Fastly-SWR
Is-Eu
IsBot
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Datacenter
Country-Code
Apple-News-Services-Request-Url
Cache-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Adler-Geo
Apple-News-Services-Handled
Canary
Candidate-Md5Url
Cmsid
Cmstype
Cluster
Click-Count-Error
Click-Count-Action-Start
Kp-EeAlive
X-CSRF-Token
Release
Producers
Mobile-Detection-Method
L
NGX
Req-Svc-Chain
NM-Fastcgi-Cache
Origin-EX
L5d-Success-Class
Origin-CC
Mail-Subject
Platform
X-Tx-Id
Upgrade-Insecure-Requests
Cache-Hits
X-WP-CF-Super-Cache-Active
X-WA-Info
X-HS-Content-Campaign-Id
X-Scheme
X-Gen-Mode
X-Sucuri-ID
CloudFront-Viewer-Country
X-Hnp-Log
X-Rocket-Build-Number
Sever-Int
X-NCache
CDCHOST
Server-Hostname
Svr
X-Sucuri-Cache
Memcached
X-Is-Gdpr
X-SplitTest
X-Has-Esi
Server-Ext
X-Developers
X-Cdn-Srv
Fastly-Backend-Name
X-Sigma-Backend
X-Sigma
X-Block-Status
User-Cache-Control
X-JWT-State
X-Geo-Header
X-Branch-Name
X-Cache-Remote
Cache-Tv-Group
Ec-Rule-Version
X-ZONE
X-Newrelic-App-Data
X-Esi
X-Var-Ttl
X-FC-Vary-Parameters
X-Presslabs-Stats
X-Fastly-Backend
AKAMAI
X-Azure-Ref-OriginShield
X-ND-Cache
X-ATG-Version
X-LB-NoCache
Fastly-Drupal-HTML
WebServer
Fastcgi-Cache-TTL
X-Session-Fingerprint
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Fastly-Cache
Pics-Label
X-Rebelmouse-Surrogate-Control
X-Nf-Request-Id
SID
X-Tb-Optimization-Total-Bytes-Saved
X-Udemy-Cache-App-Namespace
Ssr
Time
Memory
X-Pod-Name
Sid
X-Via-Popv
X-Via-Popn
X-Generated-In
X-Via-Poph
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
Server-ID
Env
X-Servedbyhost
X-DC
X-NWS-UUID-VERIFY
X-Release
X-Pass-Why
X-Refresh
X-Up
X-Ig-Push-State
X-Buckets
X-Cache-Date
X-Cs
X-Fpc
X-CACHE-AGE
X-Conf
X-NC
X-MSEdge-Flight
X-MSEdge-Features
X-Edge-Pop
X-Dispatch
My-App
X-Wa
X-Tumblr-Pixel-3
X-Microcachable
X-Lambda-Id
X-PX
X-EC-Lua
X-MCACHE
X-Endurance-Cache-Level
X-ID
X-Dmc
X-CS
CDN
Fastly-Drupal-Html
GeoIp-Country-Code
X-Xrds-Location
X-Req
X-VCL-Version
X-Zone
Magicmarker
True-Client-IP
X-TX-ID
X-NGINX-Cache
X-CSRF-TOKEN
X-Webkit-CSP-Report-Only
X-RateLimit-Reset
X-Be
X-Wikidot-Backend
X-LB-ID
X-Wikidot-Static-Cache
X-Vc
X-CACHE-KEY
CacheControlHeader
Hostname
True-Client-Country-4JS
X-TH-Server
X-TRACE-ID
X-HS-Status
X-B3-Spanid
X-Op-Id-All
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Hyper-Cache
X-Micro-Cache
X-CF-Lambda-Fn
X-M-Reqid
Resin-Trace
X-CF-Lambda-Version
X-Air-Pt
X-M-Log
True-Client-Ip
X-Srv
Path
X-App
Tcn
X-Qnm-Cache
X-Vcl-Version
Pramga
GeoIP-Country-Code
X-Alfa-Service
X-Yandex-Sdch-Disable
X-Varnish-Beresp-TTL
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Tracecode
C-Via
X-SERVER-NAME
X-Akamai-Pragma-Client-IP
WWW-Authenticate
X-Accel-Expires-Debug
Section-Origin-Responded
N-Cache
Section-Io-Origin-Time-Seconds
X-Date
Section-Io-Id
X-TrackingId
X-Vercel-Id
X-Vercel-Cache
Section-Io-Origin-Status
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
X-Check-Cacheable
X-FPC
On-Server
Hit
Proxy-Connection
Fastcgi-X-Cache-Version
X-RAMCache
X-Platform
Esi-Enabled
X-PAYTM-SRV-ID
X-Edge-POP
X-Datacenter
X-Webkit-Csp-Report-Only
YJS-ID
FSS-Cache
X-WA
X-Platform-Cluster
X-Platform-Processor
X-Via-CDN
X-Platform-Router
X-Old-Content-Length
X-Mly-Id
X-Geo
Yjs-Id
X-Edge-Origin-Shield-Bytes
X-LiteSpeed-Cache-Control
X-Edge-Origin-Shield-Region
Server-Id
X-Lb-Id
Lb
ENV
X-ServedByHost
X-Vtex-Processado-Em
X-Node-Id
X-Response-By
User-Agent
X-Vtex-Remote-Cache
Powered-By
X-API-Version
GeoIP-Latitude
X-Cdn-Forward
X-UA
X-Dw-Trace-Id
X-Request-Start
X-Client-Ip
X-LAGOON
X-SD-PageType
HIT
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-AIR-PT
X-Traceid
X-Webstats-RespID
X-Instance-Name
X-From
X-Location
X-FL-EDGE
Srvid
Locid
X-Cache-Ttl
X-Akamai-ERRuleID
Dnion-Transfer-Encoding
X-Via-Ucdn
X-Akamai-ERPolicy
Cdn
X-LI-UUID
Cache-Key
X-TT-LOGID
Geoip-Latitude
X-LI-Proto
X-FORWARDED-FOR
X-Render-Time
X-Li-Pop
X-Li-Fabric
X-CUA
X-ApacheServer
X-PERF
X-Service-Response-Time
Sm-Log-Id
X-Cache-ASPX
Server-Ttl
X-Contensis-Viewer-Groups
X-Varnish-Authentication
XServer
X-Director
X-DB
DynaTrace
X-RPS
X-RSL
X-RPM
X-DW
X-DSS
X-DI
Ohc-File-Size
X-Request-Url
PICS-Label
X-CF-Powered-By
X-Proxy-Upstream
X-LiteSpeed-Tag
Nginx-CQVIP
Location
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
XkeyRZ
X-Wp-Cf-Super-Cache
X-Proxy-CacheRZ
Wpo-Cache-Message
XM
X-B3-ParentSpanId
X-DataCenter
X-Fastly-Cache-Hits
PFcat
Vha6-Origin
X-Server-IP
X-HostName
X-HN
Wpo-Cache-Status
X-Lb-Nocache
X-Proxy-Cache-Hk
X-VarnishDD-TTL
X-Cdn-Request-ID
X-Fastly-Backend-Reqs
DT-Hot-News
CountryCode
X-Ips-Loggedin
X-Cache-Ngx
Warning
Wp-Super-Cache
X-Yottaa-OS
X-HA-Backend
X-IN-APIGATEWAY
Uri
X-IN-APIGATEWAYSSL
Swift-Performance
CF-Cached-On
WZWS-RAY
X-Mg-Cache
SRV
X-Moov-T
X-Moov-Xdn-Version
Req-ID
Fastcgi-Cache-Ttl
X-ElasticPress-Query