Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
X-Xss-Protection
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-FRAME-OPTIONS
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Request-ID
X-Iinfo
P3p
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Ua-Compatible
Access-Control-Max-Age
CF-Ray
X-Dns-Prefetch-Control
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
Keep-Alive
Request-Context
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Amz-Request-Id
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
X-Ws-Request-Id
Host-Header
X-Hacker
X-Server-Powered-By
X-Server
X-Rq
X-Vhost
X-LiteSpeed-Cache
X-Varnish-Cache
X-Amz-Version-Id
Grace
Cf-Edge-Cache
X-Dispatcher
EagleId
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Page-Speed
Accept-CH
X-Nginx-Cache-Status
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Node
Cf-Railgun
X-Host
X-Pingback
X-Cache-Spec
X-OneAgent-JS-Injection
X-Backend-Server
X-Akam-SW-Version
Surrogate-Control
X-Server-Id
Request-Id
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
Accept-CH-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Readtime
Content-Location
X-HW
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Application-Context
Rating
X-Trace
X-Akamai-Path-Stats
Fastly-Restarts
X-Url
X-WebKit-CSP-Report-Only
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-Ruxit-Js-Agent
X-CST
X-Country
X-Oneagent-Js-Injection
X-MS-InvokeApp
X-Edge
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-TtlSet
X-Vname
X-PC
Edge-Control
X-Mod-Pagespeed
X-Content-Type
X-ESI
X-B3-TraceId
X-Vcap-Request-Id
Accept-Ch-Lifetime
X-FastCGI-Cache
Cf-Apo-Via
X-D2id
Verso
X-Kinja
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
Xkey
X-GitHub-Request-Id
Cache-Tag
X-Ttl
Service-Worker-Allowed
X-Mcache
X-Powered-By-Plesk
X-Amz-Rid
RTSS
X-Navigation-Version
X-Server-Name
X-VARITI-CCR
X-Abt-Application-Version
X-Version
X-Varnish-TTL
X-Ac
X-Upstream
X-Client-IP
X-Cnection
X-Cached
X-ECACHE
X-Ruxit-JS-Agent
X-Element-Page-Cache
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-Server-Lifecycle-Phase
Permissions-Policy
X-Kraken-Loop-Name
X-Instrumentation
SPRequestGuid
X-SharePointHealthScore
X-RateLimit-Remaining
X-Px
SPIisLatency
SPRequestDuration
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Cache-TTL
Public-Key-Pins
X-Country-Code
X-NWS-LOG-UUID
Response
X-Middleton-Response
X-Ser
X-Midtier
X-Cache-Key
X-Edge-Location-Klb
X-Kinsta-Cache
X-Forwarded-For
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Hash
Content-MD5
X-DataDome
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-NF-Request-ID
X-Correlation-Id
X-Shield-Request-Id
X-MSEdge-Ref
Front-End-Https
X-RateLimit-Limit
Access-Control-Request-Method
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
AR-ATIME
X-Recruiting
X-B3-TraceId-Primal
X-T
AR-CACHE
AR-Request-ID
MRF-Tech
Mrf-Cache-Status
AR-SID
AR-PoweredBy
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
Nginx-Cache
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Accel-Expires
X-Mg-S
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Content-Digest
X-Powered-CMS
TCN
X-Grace
X-Hits
X-Request-Processing-Time
X-Request-Received
X-Amzn-Trace-Id
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
Server-Node
Server-Name
Filters
X-Id
MS-Author-Via
X-XRDS-Location
Fastcgi-Cache
X-Geo-Country
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Fastly-Request-Id
X-Webkit-Csp
Accept-Ch
Count-Hit
X-Frontend
X-Distributor
X-Origin-Server
X-PressLabs-Stats
X-Ezoic-Cdn
X-Ua-Browser
Filterid
Cross-Origin-Opener-Policy
X-LLID
X-Language
X-ASPNET-VERSION
X-F-Cache
Charset
S
X-Protected-By
X-FB-Debug
X-Request-Handler-Origin-Region
X-B3-Sampled
X-Forwarded-Proto
X-Microsite
X-Seen-By
X-Amz-Meta-S3cmd-Attrs
X-Git-Hash
Host
Payment
X-LB-Cache
X-Page-Id
X-Ratelimit-Reset
X-VCache
Cache-Status
X-Cluster-Name
Surrogate-Key
X-Ab
X-Rid
Cache-Tags
X-Www-Served-By
Access-Control-Allow-Method
X-Logged-In
X-Upgrade-Enabled
Realpath
X-Source
X-Cache-Age
Retry-After
X-Varnish-Backend
X-Origin-Cache
Alternate-Protocol
Accept-Charset
X-DIS-Request-ID
X-Type
X-Activity-Id
X-AppVersion
X-Template
X-Az
Cleartype
X-NGENIX-Cache
DC
X-Amz-Replication-Status
Paypal-Debug-Id
X-Varnish-Grace
X-Signature
X-Wix-Request-Id
X-Envoy-Decorator-Operation
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-App-Environment
X-Route-Name
X-Flags
X-Request-Guid
X-B-Cache
X-Tb
X-B
X-TT
X-Revision
ServerID
X-Hostname
X-Fastcgi-Cache
Frame-Options
X-Kong-Upstream-Latency
X-DynaTrace
X-Kong-Proxy-Latency
X-Contextid
X-Cache-Rule
X-COUNTRY
X-Node-Name
X-Drupal-Cache-Tags
X-Tt-Trace-Tag
X-Tt-Trace-Host
Pinterest-Version
X-Pinterest-Rid
X-Proxy
Pinterest-Generated-By
Refresh
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Amp-Access-Control-Allow-Source-Origin
X-GUploader-UploadID
Cross-Origin-Resource-Policy
X-Debug
X-Trace-Id
X-Fastly-Request-ID
X-Mobile
X-Load-Cache
X-Content-Options
X-Server-ID
X-EdgeConnect-Cache-Status
Node
Referer-Policy
X-Original-Request-Id
NGB
X-Cache-Control
X-Varnish-Server
X-Response-Served-From
X-N
Country
X-Varnish-Age
Viewport
Akamai-GRN
X-Magnolia-Registration
X-Whom
Content-Disposition
X-NYM-Debug-Backend
X-Debug-IsConnected
X-Debug-IsPreview
X-L-Path
X-Cache-Time
X-Instance
X-Environment-Context
X-Content-Powered-By
X-Status
X-Is-Bot
Url
VIX-Pulpo-Upstream-Status
X-Page-View
X-Adobe-Content
Uber-Trace-Id
X-Rendered-As
X-Servername
X-Real-IP
Access-Control-Request-Headers
X-Cacheable-TTL
X-Adobe-Loc
VIX-Pulpo-Node
X-Cache-Grace
X-Jobs
X-Akamai-Request-ID2
X-G
X-Framework
X-Mid
X-RemovedCookies
X-User-Agent
X-ProcessESI
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-TTL-Remaining
Srv
X-Cache-Expired-At
X-Via-JSL
X-XRDS-LOCATION
X-Unique-Id
X-Cache-Hit
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-CDN-Forward
Countrycode
X-Tumblr-Pixel
X-TTL
X-Drupal-Cache-Contexts
Healthy
X-Cache-Operation
Version
Accept-Language
X-Rule
X-APP-VERSION
X-Backend-Name
X-Litespeed-Cache
X-ECache
X-Mg-Request-UUID
X-Cache-Action
X-Akamai-Edgescape
X-Http-Reason
X-Debug-Info
Protected
Content-Secure-Policy
Section-Io-Cache
X-Varnish-Ttl
X-IPLB-Request-ID
X-VC-Cache
X-IPLB-Instance
X-Azure-Ref
X-Tt-Logid
X-Time
X-Hosted-By
Backend
Server-Info
X-Generation-Time
X-App-Server
X-Api-Version
X-HTML-Minification-Powered-By
Xserver
X-FW-Serve
X-FW-Server
X-FW-Static
X-Generated-By
X-Oracle-Dms-Ecid
X-FW-Dynamic
X-FW-Type
X-FW-Hash
X-Storage
X-RN-RSRV
Meta-Geo
X-UPSTREAM-Address
X-Content
X-Oracle-Dms-Rid
X-Restarts
X-Amz-Apigw-Id
X-Cache-Status-Check
X-Mobile-URL
X-Amzn-RequestId
CF-IPCountry
Onion-Location
X-Section
Webcakes-App-Name
X-Device-Type
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
X-FireWall-Port
X-Format
X-Access
TWC-GeoIP-LatLong
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Property-Id
S-Rt
Azure-InstanceId
TWC-Connection-Speed
X-R9-Blue-Green-Version
TWC-Locale-Group
Liferay-Portal
TWC-GeoIP-Country
TWC-Device-Class
X-Cache-Server
X-Cms-Context
X-Handled-By
X-SRV
X-Locale
GEO-INFO
X-Origin-Hint
X-OCL
X-PCL
X-Varnish-Cache-Hits
X-Sql-Count
X-Proto
X-Server-W
Web-Mar-Node
X-Adobe-Source
MS-CV
X-RTag
Eomportal-Instance
Locale
Load-Balancing
X-Urbn-Site-Id
X-Varnish-Beresp-Grace
X-Varnish-Hostname
X-Urbn-Context-Path
X-AWS-Id
X-Mode
X-Sql-Duration-Ms
X-Provided-By
X-VWS-Id
X-Skip-Cache
Ms-Operation-Id
X-SaId
X-Cache-Host
X-No-Session
X-PHP-Host
X-Proxy-Cache-Status
X-Redis-Cache
X-Region
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Forwarded-Host
X-Edge-Location
X-Site-Version
X-Content-Age
X-JoinUs
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
Apigw-Requestid
CDN-Cache
Cache-Name
CDN-CachedAt
X-Detected-As
X-ShopId
X-Shopify-Stage
X-ShardId
X-Routing-Service
X-Proxied
X-Request-Time
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Zipkin-Id
X-Varnishpool
X-Xfnlog-Site
X-Via-Fastly
X-UA-Device-Type
X-PHP-Backend
X-Ms-Version
DB-Nickname
Mn-Server-Ip
CDN-Uid
CDN-RequestId
CDN-PullZone
CDN-RequestCountryCode
X-Alternate-Cache-Key
X-Cache-Type
X-GeoCountry
X-Ms-Request-Id
X-GeoCode
X-FB-TRIP-ID
X-Extlb
CDN-EdgeStorageId
X-Web-Node
X-Nginx-Cache-Key
X-ProxyCache-Status
X-BYPASS-REASON
X-ProxyCache-Key
X-Hl-Ver
X-Storefront-Renderer-Rendered
X-Tid
X-DynaTrace-JS-Agent
WP-Super-Cache
X-Dc
Selected-Fe
X-Cache-Enabled
X-Proxy-Build
X-ServerID
X-Timing-Wait
X-WP-CF-Super-Cache
X-Uri
X-Cdn
X-Vgn-Hpd-Reason
X-Reqid
X-WP-CF-Super-Cache-Cache-Control
X-Loop
X-TNCMS
X-Amzn-Remapped-Content-Length
X-B3-Traceid
X-LSADC-Cache
X-Pubstack
X-TIME
Xet-Cookie
X-Ua
X-Tumblr-Pixel-2
X-Origin-Date
X-Soup
X-Tec-Api-Root
X-Correlation-ID
X-Ratelimit-Remaining
X-Tec-Api-Version
X-Tec-Api-Origin
X-Aspnetmvc-Version
X-Zen-Fury
X-Cache-NGX
X-Newrelic-Synthetics
X-Service
Fastcgi-Useragent
X-Webkit-CSP
X-UUID
From-Origin
X-Nginx-Cache
X-Cache-Debug
X-MP-GENERATED-AT
Source
ServedBy
X-Origin-TTL
X-Origin-CC
X-NewRelic-App-Data
Origin
X-URL
X-TA-CDN-Provider
X-Varnish-Hits
X-GEO
X-Human
X-App-Version
Cache
X-Cache-Tags
X-Cached-By
Cross-Origin-Window-Policy
X-Ratelimit-Limit
Fastly-Drupal-HTML
X-Varnish-Beresp-Ttl
Rip
Upgrade-Insecure-Requests
X-ScT
X-Cluster
X-RCS-CacheZone
X-Rewrite-Enabled
BehaviorPad-Version
MD5-Digest
Rendered-Blocks
WPO-Cache-Status
WPO-Cache-Message
Host-ID
T-Server
X-D
X-Rojux
SD-X-WS
Sslversion
X-Tenant
X-TIM-N
X-BCube-Filmed-By
X-A-Dam
X-B-Cookie
X-User
X-SRCache-Key
X-S-Cookie
X-S
X-Parent-Response-Time
X-PBS-Appsvrname
Surrogated-Key
X-Processor
X-ARC
X-Orig-Expires
X-Application
X-Bc-Bl
X-Cache-NE
X-A-Wwc
Xc-Version
X-Vdms-Version
Cdncip
X-Ec-GeoHdr
X-Vdms-Path
Expiry
Cdnsip
DCR-Processing-Time-Ms
X-A-Dcw
X-A-Ccd
X-VG-WebCache
X-A-Dgt
X-A
DCR-Decision-By
X-Shop-Environment
X-External-Request-Id
X-Ec-Fail
X-Destination
A
X-Developer
Ngx.Var.Host
X-NAPM-TraceId
Odigeo-Trace-Id
X-Connection-Hash
X-AK-Request-ID
Lang
Meta-Geo-Continent
X-Forwarded-Path
X-Aed
X-Ua-Device
X-FW-Version
OT-Force-Account-Verify
X-Request-Host
Mime-Version
Environment
CPC-Age
X-Origin-Time
Redirect-Candidate
X-Dispatcher-Number
X-Owner
X-Nyt-Route
X-Accel-Buffering
X-Aicache-OS
CPC-Cache
X-Served-From
X-Gdpr
VNS-Age
VNS-Cache
X-Debug-Cache
Webserver
X-Cdn-Srv
X-Core-Value
X-Generated-On
X-Auto-Login
X-Developers
Thinkindot-Control
TDXMobile
X-Geo-Header
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Fastly-Backend-Name
X-JWT-State
X-Thinkindot-L3
X-Sucuri-ID
X-Worker
X-Cluster-Node
WebServer
X-Sucuri-Cache
X-Level-Front-Cache
X-HS-Content-Campaign-Id
X-INCAP-ABP
X-Is-Gdpr
AKAMAI
X-Has-Esi
X-CMSURLCustom
LB
X-AOL-HN
X-WP-CF-Super-Cache-Active
Fastly-GeoIP-CountryCode
Fastly-SIE
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Ad-Defer-Variation
Fastly-SSL
Req-Svc-Chain
Producers
X-ATG-Version
Vix-Hermes-Req-Id
State
Fastly-SWR
X-Device-Os
We-Hiring
Wxu-Next-Region
Decoy-Debug-Key
X-Clara-WADP
Datacenter
Servername
Decoy-Debug-Status
Decoy-Debug-TTL
Web-Mar-Region
Platform
Wxu-Next-Commit
Wxu-Next-Hostname
X-Epic-Correlation-Id
X-Ckpd-Fst-Backend
X-DefElseHash
NGX
X-Cache-Info
X-Core-Mission
L
Kp-EeAlive
Tube-Get-Contents
Machine
Tube-Got-Eval
X-Cache-Id
Memcached
Mail-Subject
Tube-Got-Results
Mobile-Detection-Method
NM-Fastcgi-Cache
IsBot
V-Age
Origin-EX
X-Azure-Ref-OriginShield
X-BBC-Edge-Cache-Status
Tube-Return
Svr
Origin-CC
Traceparent
X-Cache-Bucket
X-CacheTTL
X-Cdn-Origin
X-DefHash
Is-Eu
X-NCache
X-S-Maxage
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-SB
X-Scheme
Gh-Request-Id
Release
X-GeoIP-City
X-Request-URI
X-Region-Sid
X-Platform-Server
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Pool
X-Proxy-Cache-Info
X-RateLimit-Remaining-Second
Country-Code
X-Qloud-Router
X-Wix-Viewer-Type
X-WADP-Cache
X-Varnish-CookieHashed-On
X-SplitTest
X-Varnish-CookieINHashed-On
X-Varnish-Beresp-Status
X-Variation
X-V-Cache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Slack-Backend
X-VG-TLSProxy
X-Viewer-Country
X-VServer
X-Sigma
X-Sigma-Backend
X-Varnish-Remaining-TTL
X-SIPLIST1
X-Planisys-CDN-Cache
X-RateLimit-Limit-Second
Candidate-Md5Url
Canary
Cache-Host
X-Gateway-Cache-Key
X-Esi-Check
Click-Count-Action-Start
X-Gateway-Cache-Status
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Fastly-Backend
X-Fmm-Version
X-Fetched-On
Adler-Geo
Apple-News-Services-Handled
X-Gamma-Serve
Apple-News-Services-Host
X-Gateway-Request-Id
Click-Count-Error
X-Minions-Version
X-Loc
Cluster
X-NodeID
Cmsid
Cmstype
X-Origin-Response-Time
X-Gzip
X-Hash
CloudFront-Viewer-Country
X-Gateway-Skip-Cache
X-GeoIP
Server-Host
X-Tumblr-Pixel-3
X-Optimistic-Header
X-Cache-Remote
X-Pass-Why
X-Branch-Name
X-Block-Status
X-CGP
X-Var-Ttl
X-Scale
X-Thanos
X-Policy
X-Gen-Mode
X-Hnp-Log
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Origin
X-Mvc-Supplant-Cachable
X-Irp-Debug
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
X-Bip
X-Datadog-Trace-Id
X-FC-Vary-Parameters
X-Eu-Site
X-Csrf-Jwt
X-Forwarded-Site
X-Clientip
User-Cache-Control
X-Datadome
Sever-Int
Server-Hostname
Server-Ext
CDCHOST
DSUID
X-Tx-Id
X-Udemy-Cache-App-Namespace
X-IPS-LoggedIn
X-Up
Memory
Sid
Ec-Rule-Version
X-Mvc-Supplant-OutputCached
X-LB-NoCache
Time
X-Nf-Request-Id
X-Dispatch
Pics-Label
X-CSRF-Token
HostName
X-ZONE
X-ND-Cache
Request-ID
X-Tb-Optimization-Total-Bytes-Saved
X-Presslabs-Stats
X-Edge-Pop
X-Akamai-Transformed
Ssr
X-VC
AMP-Access-Control-Allow-Source-Origin
X-Refresh
My-App
X-Cs
X-B3-SpanId
X-WA-Info
X-Via-NSCOPI
Cache-Tv-Group
X-Via-Popv
Fastcgi-Cache-TTL
Env
X-Via-Popn
X-Req
X-GG-Cache-Date
X-Servedbyhost
X-Lambda-Id
X-B3-Spanid
X-Via-Poph
X-Newrelic-App-Data
X-Wa
X-Session-Fingerprint
Server-ID
X-Generated-In
X-NGINX-Cache
X-Trace-ID
X-Vc
X-Origin-Expires
GeoIp-Country-Code
CacheControlHeader
X-Pod-Name
X-Fastly-Cache
SID
X-Release
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
True-Client-Country-4JS
Cache-Hits
X-EC-Lua
Hostname
X-PX
X-Fpc
X-CACHE-AGE
X-ID
True-Client-IP
X-CSRF-TOKEN
X-Xrds-Location
X-MCACHE
X-Op-Id-All
X-LB-ID
X-Zone
X-VCL-Version
X-TX-ID
X-NWS-UUID-VERIFY
X-Webkit-CSP-Report-Only
X-DC
X-Cache-Date
X-GeoIP-Country-Code
X-Ig-Push-State
X-GeoIP-Region-Code
X-MSEdge-Flight
X-TH-Server
X-MSEdge-Features
X-Buckets
X-CACHE-KEY
X-Date
X-Accel-Expires-Debug
CDN
X-Conf
X-HS-Status
X-Endurance-Cache-Level
X-NC
WWW-Authenticate
X-TRACE-ID
X-Microcachable
X-Srv
X-RAMCache
Fastly-Drupal-Html
X-Dmc
Resin-Trace
X-CS
X-Esi
X-Old-Content-Length
X-RateLimit-Reset
X-Varnish-Beresp-TTL
X-Vcl-Version
Tcn
Path
Magicmarker
Powered-By
X-Check-Cacheable
X-Wikidot-Backend
X-Lb-Id
X-Wikidot-Static-Cache
X-Akamai-Pragma-Client-IP
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-FPC
True-Client-Ip
X-Location
Section-Origin-Responded
X-Alfa-Service
X-Webstats-RespID
X-Varnish-Authentication
Yjs-Id
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-LiteSpeed-Cache-Control
X-API-Version
X-Cache-Ttl
X-Be
X-CLOUD-TRACE-CONTEXT
X-Director
X-Vercel-Id
X-Vercel-Cache
X-Datacenter
GeoIP-Country-Code
Proxy-Connection
X-DataCenter
Pramga
X-Mly-Id
X-WA
X-Geo
Server-Id
Lb
FSS-Cache
X-Micro-Cache
X-Via-CDN
X-Hyper-Cache
X-Server-IP
X-Test
X-Via-PopV
X-Via-PopH
X-Via-PopN
ENV
X-Response-By
X-ServedByHost
User-Agent
Cdn
X-CF-Lambda-Fn
X-M-Log
X-CF-Lambda-Version
X-M-Reqid
X-Cdn-Forward
X-Dw-Trace-Id
X-App
X-Qnm-Cache
Tracecode
M-TraceId
X-Cache-Expires
X-Akamai-ERRuleID
X-HA-Backend
X-Akamai-ERPolicy
Uri
XServer
X-Cache-Backend
X-Client-Ip
HIT
X-AIR-PT
Sm-Log-Id
X-Edge-POP
X-Cc-Via
X-Service-Response-Time
YJS-ID
X-TrackingId
X-Instance-Name
N-Cache
C-Via
Locid
X-Traceid
X-Air-Hostname
X-LI-UUID
X-LI-Proto
X-We-Are-Hiring
X-Li-Pop
X-Li-Fabric
Swift-Performance
X-From
X-UA
X-Air-Source
X-Air-Trace-Id
X-FL-EDGE
Srvid
Location
Dnion-Transfer-Encoding
X-TT-LOGID
X-LiteSpeed-Tag
Geoip-Latitude
X-PERF
X-ApacheServer
X-RPM
X-Platform-Router
X-DW
X-DSS
X-DI
CF-Cached-On
X-RPS
X-Platform
X-DB
X-Platform-Processor
X-RSL
Nginx-CQVIP
X-Fastly-Backend-Reqs
PICS-Label
X-Info
X-Platform-Cluster
X-Air-Pt
CountryCode
Ohc-File-Size
Esi-Enabled
XM
X-Frame-Option
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Conten-Type-Options
X-Cache-Proxy
X-Fastly-Cache-Hits
Timeexpire
PFcat
Vha6-Origin
X-HostName
X-VarnishDD-TTL
X-HN
Fastcgi-X-Cache-Version
Hit
X-Cdn-Request-ID
X-Lb-Nocache
Wpo-Cache-Message
Wpo-Cache-Status
On-Server
X-CF-Powered-By
X-PAYTM-SRV-ID
NtCoent-Length
X-Request-Url
X-Litespeed-Cache-Control
Warning
Wp-Super-Cache
X-Cache-Ngx
X-Ips-Loggedin
X-Matome-Cached
X-NFL-Geo
X-NS-Authorization
X-Ntj-Investigation-Id
X-MTS-Cache
X-NFL-Dma
X-Newegg-Flow
X-NXG
X-Newegg-Index
X-Nerd
X-N-OperationId
X-Origin-Ops
X-Paywall
X-PageType
X-PG-ACCESS
X-PGF-Deflate
X-Pver
X-OVcl-Cache
X-OVcl
X-Odoo-Frontend
X-Okws-Version
X-Onedio-Env
X-Matched-Rule
X-Nyt-Data-Last-Modified
X-Kebab
X-Full-Ttl
X-Fstrz
X-GG-Cache-Status
X-Git-Commit
X-Global-Transaction-ID
X-Eid
X-Ee-Request-Date
X-ETag
X-F-Status
X-Fastly-Is-Edge
X-Ee-Request-Id
X-Farm
X-GoCache-CacheStatus
X-Eventloop-Lag
X-Ittl
X-Kebabable
X-Keep
X-LbNode
X-Is-SSL
X-IBD-SID
X-Group
X-Header-Sub
X-R-Cache
X-IBD-Cache
X-Loadbalancer
X-Xms-Page-Cache-Actions
X-WP-Bypass
X-Web-Hosting
X-WSR2
X-YSpaceId
XV-Cache
X-Waitingroom
X-Wag-Acs
X-Utime
X-User-Auth
X-V2-Infrastructure
X-Vary-Devices
X-Ver
XV-H
X-B3-Parentspanid
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Request-URL
X-Oss-Hash-Crc64ecma
X-Ha-Backend
X-Fastly-Country-Code
X-Ee-Origin
X-UP
Cache-Key
X-Upstream-State
X-U-Cache
X-Server-L
X-Save-Cache
X-ServiceName
X-Sh
X-Site
X-Ruby
X-Route-Akamai
X-Render-Method
X-Redis
X-Render-Time
X-Request-Origin
X-Route
X-Slack-Shared-Secret-Outcome
X-SMP-JWT
X-Toujours-Debout-Branch
X-Timestamp
X-Toujours-Debout-Location
X-Tried-To-Kebabify
X-True-Client-Ip
X-Test-Nginx-Ingress
X-Svr-Proxy
X-Square
X-SSLProxy
X-Stack-Name
X-SVR-IIS
X-Reboot
X-77-NZT
Ns
Npm-Remaining
Ns-Ua
Ok-Cache-Status
Ok-Edge-Key
OK-Edge-Date
Npm-Cost
NLCacheNote
Is-Https
HTTPProtocol
Joe-X
NB-ESI
Nikkei-App-Version
Origin-Site
Panzer-Cache-Control
Service-Uuid
Served
SFRVia
Shieldsquare-Response
SII
Selected-Route
Scheme
RawURL
Proxy-Cache
Region
Request-Uuid
Rt-Proxy-Cache
HServer
H1
X-ElasticPress-Query
X-Mg-Cache
X-Yottaa-OS
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-B3-ParentSpanId
WZWS-RAY
Req-ID
X-CUA
Fastcgi-Cache-Ttl
SRV
DynaTrace
Cneonction
X-Serial
Cluster-Host
Cf-Wrk
CMS-200
Deeplink
Ec-Policy-Id
Cf-Locale
Cf-Device-Type
Akamai-X-Url
X-Th-Server
Cache-Stat
Cachekey
Cdn-Country-Code
Store-Cloud-Cache
Sw
X-Cache-Reason
X-Cache-NPR
X-Cache-ReqUri
X-Cache-Response
X-CacheVersion
X-Cache-Length
X-Cache-IsMobileDevice
X-Backside-Transport
X-Backend-TTL
X-BeanStalkRole
X-BeanStalkStage
X-Cache-Cookie
X-CDN-Pop
X-CDN-Pop-IP
X-Developed-By
X-Delivery
X-Doge
X-DT-Node
X-Edge-IP
X-Dehri-Date
X-Dcm-Pdtf
X-Cms-Device
X-Cf-Node-Idx
X-Coindesk-Cache
X-Colour
X-Container-Uri
X-AspNetWebPages-Version
X-ASF-Cache
Uniqueid
TWC-Unit
Userver
Vttl
X-77-NZT-Ray
TWC-Subs
TWC-PATH-LOCALE
Technodrome
T-Request-Id
Time-Cloud-Cache
Ttl
TWC-AK-Req-ID
X-Accel-Version
X-Accepted-Fulllang
X-Apache-Server
X-Amz-Meta-Cb-Modifiedtime
X-Ar-Stats
X-Arena-Request-Id
X-ARRRG1
X-Akamai-Native
X-Akamai-DeviceType
X-Accor-Asset
X-Accepted-Language
X-AEO-Platform
X-Akamai-CacheKeyMod
X-Akamai-DeviceOS
X-Ee-Generated-By