Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-FRAME-OPTIONS
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Request-ID
X-Cacheable
X-Iinfo
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
P3p
Content-Encoding
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Ua-Compatible
Access-Control-Max-Age
CF-Ray
X-Via
X-Robots-Tag
X-Cache-Group
X-Dns-Prefetch-Control
X-UA-Device
Server-Timing
Keep-Alive
Request-Context
X-AH-Environment
X-Turbo-Charged-By
X-Proxy-Cache
X-Amz-Request-Id
X-Backend
X-Age
X-Amz-Id-2
X-Ws-Request-Id
Host-Header
X-Hacker
X-Server-Powered-By
X-Server
X-Rq
X-Vhost
X-LiteSpeed-Cache
X-Varnish-Cache
X-Amz-Version-Id
Grace
Cf-Edge-Cache
X-Dispatcher
Allow
EagleId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Page-Speed
Accept-CH
X-Nginx-Cache-Status
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Cf-Railgun
X-Host
X-Node
X-OneAgent-JS-Injection
X-Pingback
X-Cache-Spec
X-Backend-Server
X-Akam-SW-Version
X-Server-Id
Surrogate-Control
Request-Id
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
EagleEye-TraceId
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Readtime
Content-Location
X-HW
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-WebKit-CSP-Report-Only
X-Url
X-Clacks-Overhead
X-Nginx-Upstream-Cache-Status
X-Ruxit-Js-Agent
X-CST
X-MS-InvokeApp
X-Edge
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-ESI
X-TtlSet
X-PC
X-Vname
X-Country
X-Mod-Pagespeed
X-Content-Type
Edge-Control
X-B3-TraceId
X-FastCGI-Cache
X-Oneagent-Js-Injection
Accept-Ch-Lifetime
X-Vcap-Request-Id
Cf-Apo-Via
X-Akamai-Path-Stats
X-Mcache
X-D2id
Verso
X-GitHub-Request-Id
Xkey
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
Service-Worker-Allowed
Cache-Tag
X-Powered-By-Plesk
X-Amz-Rid
X-Ttl
X-Varnish-TTL
X-Navigation-Version
X-ECACHE
X-Server-Name
RTSS
X-Abt-Application-Version
X-VARITI-CCR
X-Version
X-Upstream
X-Client-IP
X-Cnection
X-Ac
X-Cached
X-Element-Page-Cache
X-Ruxit-JS-Agent
Arr-Disable-Session-Affinity
SPRequestGuid
X-SharePointHealthScore
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
Permissions-Policy
X-Dw-Request-Base-Id
SPRequestDuration
SPIisLatency
X-Px
X-RateLimit-Remaining
Display
X-Cache-TTL
Pagespeed
X-Sol
X-Middleton-Display
Public-Key-Pins
X-NWS-LOG-UUID
X-Country-Code
X-Middleton-Response
Response
X-Midtier
X-Cache-Key
X-Ser
X-Kinsta-Cache
X-Edge-Location-Klb
X-Forwarded-For
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
X-DataDome
X-Goog-Hash
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Shield-Request-Id
Access-Control-Request-Method
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-MSEdge-Ref
Front-End-Https
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-T
X-Recruiting
MicrosoftSharePointTeamServices
X-RateLimit-Limit
X-NF-Request-ID
AR-CACHE
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
Edge-Cache-Tag
X-Correlation-Id
X-Daa-Tunnel
TP-Cache
Nginx-Cache
TP-L2-Cache
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Accel-Expires
X-Content-Digest
X-Mg-S
X-Grace
X-Powered-CMS
TCN
X-Request-Processing-Time
X-Request-Received
X-Amzn-Trace-Id
Server-Node
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
Filters
Server-Name
X-Hits
MS-Author-Via
X-Id
Fastcgi-Cache
X-Geo-Country
X-Webkit-Csp
Count-Hit
X-Fastly-Request-Id
X-PressLabs-Stats
X-Origin-Server
X-Frontend
X-XRDS-Location
X-Ezoic-Cdn
X-Ua-Browser
X-Distributor
Cross-Origin-Opener-Policy
Filterid
X-LLID
X-Language
X-ASPNET-VERSION
X-TEC-API-ORIGIN
Payment
X-Microsite
X-Forwarded-Proto
X-Request-Handler-Origin-Region
X-TEC-API-VERSION
S
X-TEC-API-ROOT
Charset
X-Page-Id
X-FB-Debug
Host
X-F-Cache
X-B3-Sampled
X-Seen-By
X-Git-Hash
X-Protected-By
X-LB-Cache
X-Amz-Meta-S3cmd-Attrs
X-Cluster-Name
X-VCache
X-Rid
Cache-Status
Surrogate-Key
X-Ratelimit-Reset
X-Www-Served-By
Cache-Tags
X-Ab
X-Logged-In
Access-Control-Allow-Method
Accept-Ch
X-Upgrade-Enabled
X-Origin-Cache
X-COUNTRY
X-Cache-Age
X-Source
X-Varnish-Backend
X-DIS-Request-ID
Realpath
Retry-After
Alternate-Protocol
X-Activity-Id
X-AppVersion
X-Az
Accept-Charset
X-Amz-Replication-Status
Cleartype
X-NGENIX-Cache
X-Type
X-Template
DC
Paypal-Debug-Id
X-Envoy-Decorator-Operation
X-Varnish-Grace
X-Is-Crawler
X-Request-Guid
X-Signature
X-Route-Name
X-Providence-Cookie
X-Flags
X-B-Cache
X-Aspnet-Duration-Ms
X-Wix-Request-Id
X-TT
X-Tb
X-App-Environment
X-B
X-Hostname
X-Revision
ServerID
X-DynaTrace
Frame-Options
X-Contextid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Rule
X-Node-Name
X-Drupal-Cache-Tags
X-Tt-Trace-Host
Cross-Origin-Resource-Policy
X-Tt-Trace-Tag
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Refresh
X-Fastly-Request-ID
X-Proxy
X-Trace-Id
X-Debug
X-GUploader-UploadID
X-Goog-Metageneration
X-Mobile
X-Load-Cache
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-TTL
Node
X-Content-Options
Referer-Policy
Amp-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
X-Original-Request-Id
X-Response-Served-From
X-EdgeConnect-Cache-Status
X-Varnish-Server
Viewport
X-Content-Powered-By
Country
X-Varnish-Age
X-Magnolia-Registration
NGB
X-Instance
X-NYM-Debug-Backend
X-Cache-Time
X-Debug-IsPreview
X-Debug-IsConnected
Akamai-GRN
X-Cache-Control
X-N
Uber-Trace-Id
Content-Disposition
X-Whom
X-Adobe-Content
X-Adobe-Loc
X-G
X-Real-IP
Url
X-Environment-Context
X-Framework
X-Page-View
X-Cacheable-TTL
X-Rendered-As
X-User-Agent
X-Cache-Grace
X-RemovedCookies
Access-Control-Request-Headers
X-Is-Bot
X-Webkit-CSP
X-Status
X-ProcessESI
X-Servername
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-L-Path
Srv
VIX-Pulpo-Upstream-Status
X-Cache-TTL-Remaining
VIX-Pulpo-Node
X-Jobs
X-Akamai-Request-ID2
X-Mid
X-Cache-Expired-At
X-XRDS-LOCATION
Healthy
X-Via-JSL
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Countrycode
X-Cache-Operation
X-CDN-Forward
X-Rule
X-Cache-Hit
X-Unique-Id
X-Drupal-Cache-Contexts
X-Backend-Name
Version
X-Litespeed-Cache
Accept-Language
X-Akamai-Edgescape
X-Debug-Info
X-Time
X-Cache-Action
X-Mg-Request-UUID
X-Server-ID
Xserver
Section-Io-Cache
X-Http-Reason
X-APP-VERSION
X-Tec-Api-Version
X-Tec-Api-Origin
X-VC-Cache
Content-Secure-Policy
X-Tec-Api-Root
X-IPLB-Request-ID
Protected
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-Generation-Time
X-Oracle-Dms-Ecid
Server-Info
X-Hosted-By
X-Tt-Logid
X-FW-Static
X-Azure-Ref
X-FW-Hash
X-FW-Dynamic
X-Oracle-Dms-Rid
X-FW-Serve
X-FW-Server
X-FW-Type
Backend
Meta-Geo
X-Api-Version
X-RN-RSRV
X-UPSTREAM-Address
X-Generated-By
X-Storage
X-Cache-Status-Check
MS-CV
Ms-Operation-Id
X-Amzn-RequestId
X-Device-Type
X-Amz-Apigw-Id
X-RTag
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Hl-Ver
TWC-GeoIP-LatLong
Onion-Location
X-App-Server
CF-IPCountry
X-Cache-Server
X-Mobile-URL
Property-Id
Webcakes-Region
TWC-Locale-Group
X-Section
X-Format
X-Origin-Hint
X-OCL
X-R9-Blue-Green-Version
X-Handled-By
X-PCL
X-Varnish-Cache-Hits
Webcakes-App-Name
X-Proto
TWC-Privacy
Webcakes-App-Version
X-Access
X-Cms-Context
X-Provided-By
X-Locale
X-Mode
X-Server-W
Azure-SiteName
Liferay-Portal
X-AWS-Id
Azure-Version
Azure-SlotName
Azure-RegionName
X-Adobe-Source
Azure-InstanceId
X-JoinUs
X-No-Session
X-Restarts
GEO-INFO
X-SaId
X-Correlation-ID
X-VWS-Id
X-Varnishpool
X-LJ-Flow-ID
X-Varnish-Hostname
X-SRV
X-Proxy-Cache-Status
X-Timing-Wait
X-ProxyCache-Status
X-BYPASS-REASON
X-Sql-Duration-Ms
DB-Nickname
X-Labrador-Cache-Channel
X-Varnish-Beresp-Grace
X-FireWall-Port
X-UA-Device-Type
X-ProxyCache-Key
X-Proxy-Build
Web-Mar-Node
X-Xfnlog-Site
Selected-Fe
Mn-Server-Ip
X-PHP-Host
X-Via-Fastly
X-PHP-Backend
X-Sql-Count
X-SayCDN-TTL
X-Edge-Location
X-Detected-As
X-Ms-Version
X-FB-TRIP-ID
X-Forwarded-Host
X-GeoCountry
X-Say-TTL
X-Say-Cacheable
X-GeoCode
X-Request-Time
X-Ms-Request-Id
Eomportal-Instance
X-Cache-Host
X-Skip-Cache
X-Region
X-Cache-Type
X-Dc
CDN-Uid
CDN-CachedAt
CDN-EdgeStorageId
X-Urbn-Site-Id
CDN-RequestCountryCode
CDN-RequestId
Locale
Apigw-Requestid
CDN-Cache
X-ShopId
CDN-PullZone
X-Sorting-Hat-PodId
X-Routing-Service
X-Sorting-Hat-ShopId
X-Extlb
X-ServerID
X-Site-Version
S-Rt
X-Proxied
X-DynaTrace-JS-Agent
X-Zipkin-Id
X-Web-Node
X-Urbn-Context-Path
Cache-Name
X-ECache
X-Shopify-Stage
X-ShardId
X-Alternate-Cache-Key
X-Content-Age
Load-Balancing
X-Redis-Cache
WP-Super-Cache
X-Storefront-Renderer-Rendered
X-Tid
X-Nginx-Cache-Key
X-Content
X-Reqid
X-Vgn-Hpd-Reason
X-WP-CF-Super-Cache-Cache-Control
X-Amzn-Remapped-Content-Length
X-WP-CF-Super-Cache
X-Cdn
X-Varnish-Ttl
X-LSADC-Cache
X-Pubstack
X-Loop
X-TNCMS
X-B3-Traceid
X-Newrelic-Synthetics
X-Ua
X-Cache-Enabled
Xet-Cookie
X-Uri
X-Soup
X-Tumblr-Pixel-2
X-Cache-NGX
X-Aspnetmvc-Version
X-Origin-Date
X-Zen-Fury
X-Ratelimit-Remaining
X-App-Version
X-MP-GENERATED-AT
X-Service
From-Origin
X-Cache-Debug
X-TIME
X-Origin-CC
Source
X-Origin-TTL
X-Varnish-Hits
Fastcgi-Useragent
X-UUID
ServedBy
Origin
X-TA-CDN-Provider
X-Nginx-Cache
X-NewRelic-App-Data
X-URL
X-GEO
Fastly-Drupal-HTML
X-Human
X-Cache-Tags
X-Varnish-Beresp-Ttl
Cache
X-Cluster
X-Rewrite-Enabled
Upgrade-Insecure-Requests
X-Ratelimit-Limit
MD5-Digest
Rendered-Blocks
BehaviorPad-Version
X-ScT
SD-X-WS
Cross-Origin-Window-Policy
WPO-Cache-Status
Webserver
WPO-Cache-Message
Rip
X-Cached-By
Host-ID
X-Nf-Request-Id
Expiry
Meta-Geo-Continent
DCR-Processing-Time-Ms
X-SRCache-Key
Lang
X-TIM-N
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
Xc-Version
X-User
Ngx.Var.Host
Cdnsip
Cdncip
A
X-Tenant
DCR-Decision-By
X-A-Ccd
X-Cache-NE
X-Connection-Hash
X-D
X-BCube-Filmed-By
X-Bc-Bl
X-ARC
X-B-Cookie
X-Destination
X-Developer
X-External-Request-Id
X-Orig-Expires
X-Parent-Response-Time
X-Ec-GeoHdr
X-PBS-Appsvrname
X-Ec-Fail
X-Application
X-AK-Request-ID
X-A
X-Forwarded-Path
X-A-Dam
T-Server
Surrogated-Key
Sslversion
X-Shop-Environment
X-A-Dcw
X-A-Dgt
X-Rojux
X-Processor
X-Aed
X-S
X-S-Cookie
X-A-Wwc
Odigeo-Trace-Id
X-NAPM-TraceId
X-FW-Version
X-RCS-CacheZone
OT-Force-Account-Verify
X-Nyt-Route
X-Cluster-Node
X-Origin-Time
X-Served-From
X-Gdpr
X-Aicache-OS
X-GeoIP-City
Release
Redirect-Candidate
X-Tumblr-Pixel-3
Environment
Gh-Request-Id
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Auto-Login
TDXMobile
X-Worker
X-Is-Gdpr
AKAMAI
Mime-Version
X-Thinkindot-L3
X-Cdn-Srv
X-Geo-Header
X-Has-Esi
X-JWT-State
X-INCAP-ABP
X-Generated-On
X-Level-Front-Cache
X-CMSURLCustom
X-Core-Value
X-Developers
X-WP-CF-Super-Cache-Active
X-Optimistic-Header
X-Cache-Remote
X-Request-Host
X-Owner
X-Rocket-Build-Number
Req-Svc-Chain
X-Request-URI
Ha-Gx-Prefs
Fastly-SWR
Servername
X-S-Maxage
X-SB
X-Rocket-Nginx-Serving-Static
Fastly-SIE
Fastly-SSL
Producers
HA-Ipaddr
Origin-CC
Origin-EX
X-Pool
X-Platform-Server
NM-Fastcgi-Cache
X-Policy
X-Proxy-Cache-Info
Platform
IsBot
Is-Eu
Kp-EeAlive
L5d-Success-Class
X-Qloud-Router
Memcached
NGX
X-NCache
X-Ckpd-Fst-Backend
X-Csrf-Jwt
X-Accel-Buffering
X-CGP
X-Cache-Bucket
X-BBC-Edge-Cache-Status
X-Bip
X-DefElseHash
X-DefHash
X-Pass-Why
X-Epic-Correlation-Id
X-Eu-Site
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Fetched-On
X-Device-Os
X-GeoIP
X-ATG-Version
Tube-Got-Eval
Tube-Got-Results
Tube-Return
Tube-Get-Contents
Datacenter
X-NodeID
Traceparent
VNS-Age
VNS-Cache
X-Loc
X-Ad-Defer-Variation
X-AOL-HN
X-Minions-Version
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
Svr
L
Candidate-Md5Url
X-VG-TLSProxy
Canary
X-SplitTest
X-Thanos
X-VServer
X-SIPLIST1
X-Sigma-Backend
Cache-Host
Apple-News-Services-Handled
Adler-Geo
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Sigma
Click-Count-Error
Click-Count-Action-Start
X-Varnish-Beresp-Status
CPC-Cache
X-Varnish-CookieHashed-On
CloudFront-Viewer-Country
CPC-Age
X-Varnish-Remaining-TTL
X-Variation
X-Varnish-CookieINHashed-On
Server-Host
X-Debug-Cache
LB
Fastly-Backend-Name
X-Sucuri-ID
X-Sucuri-Cache
X-HS-Content-Campaign-Id
X-Gateway-Cache-Key
X-Clara-WADP
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
State
X-Origin-Response-Time
X-Gateway-Request-Id
X-V-Cache
X-Cache-Id
X-Cache-Info
X-Var-Ttl
X-Branch-Name
X-Irp-Debug
X-Gzip
X-Mvc-Supplant-Cachable
X-Gateway-Skip-Cache
X-Gamma-Serve
Vix-Hermes-Req-Id
V-Age
We-Hiring
Web-Mar-Region
X-CacheTTL
X-Cdn-Origin
X-Gateway-Cache-Status
X-Datadog-Sampling-Priority
Cluster
Cmsid
Cmstype
X-FC-Vary-Parameters
X-Wix-Viewer-Type
X-Up
X-Region-Sid
Fastly-GeoIP-CountryCode
Country-Code
Decoy-Debug-Status
Decoy-Debug-Key
X-Scheme
Decoy-Debug-TTL
X-Scale
DSUID
X-Esi-Check
CDCHOST
X-WADP-Cache
X-Datadog-Parent-Id
X-Hash
X-Datadog-Trace-Id
X-Azure-Ref-OriginShield
Server-Ext
Sever-Int
Server-Hostname
X-Fmm-Version
X-Origin
X-RateLimit-Limit-Second
Machine
X-RateLimit-Remaining-Second
Mail-Subject
Mobile-Detection-Method
X-Viewer-Country
X-Dispatcher-Number
X-Core-Mission
WebServer
X-Udemy-Cache-App-Namespace
X-IPS-LoggedIn
Memory
X-Gen-Mode
Ec-Rule-Version
X-Block-Status
User-Cache-Control
X-Clientip
X-Planisys-CDN-Cache
X-CSRF-Token
X-Fastly-Backend
X-Forwarded-Site
X-Slack-Backend
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Mvc-Supplant-OutputCached
Time
AMP-Access-Control-Allow-Source-Origin
X-Dispatch
X-LB-NoCache
X-Hnp-Log
HostName
X-VC
Sid
X-Tx-Id
X-Edge-Pop
Pics-Label
X-Akamai-Transformed
X-ZONE
X-Datadome
Request-ID
Ssr
X-Presslabs-Stats
X-Newrelic-App-Data
X-Xrds-Location
X-ND-Cache
X-Req
X-Tb-Optimization-Total-Bytes-Saved
My-App
X-Cs
X-B3-SpanId
X-Via-Poph
X-Lambda-Id
X-Generated-In
X-Refresh
X-Via-Popn
X-Via-Popv
X-Servedbyhost
X-NGINX-Cache
Cache-Tv-Group
X-WA-Info
X-B3-Spanid
True-Client-Country-4JS
CacheControlHeader
Fastcgi-Cache-TTL
X-Via-NSCOPI
Server-ID
X-Wa
Env
X-GG-Cache-Date
X-Session-Fingerprint
X-EC-Lua
X-PX
X-LB-ID
X-Op-Id-All
X-Origin-Expires
X-Pod-Name
X-ID
SID
X-Fpc
X-Fastly-Cache
X-Release
GeoIp-Country-Code
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Cache-Hits
X-Vc
X-TX-ID
X-Trace-ID
True-Client-IP
Hostname
X-Zone
X-TRACE-ID
X-CACHE-AGE
X-Webkit-CSP-Report-Only
X-CSRF-TOKEN
X-NWS-UUID-VERIFY
X-GeoIP-Country-Code
X-TH-Server
X-GeoIP-Region-Code
X-VCL-Version
X-CACHE-KEY
X-Buckets
X-MSEdge-Features
Resin-Trace
X-Cache-Date
X-Ig-Push-State
X-MSEdge-Flight
WWW-Authenticate
X-RAMCache
X-Srv
X-HS-Status
X-Endurance-Cache-Level
X-Accel-Expires-Debug
X-Conf
X-DC
X-Date
X-NC
X-Microcachable
CDN
X-Old-Content-Length
X-Dmc
X-RateLimit-Reset
X-MCACHE
Powered-By
Fastly-Drupal-Html
Tcn
X-CS
X-Vcl-Version
X-Varnish-Beresp-TTL
X-Location
Magicmarker
True-Client-Ip
X-API-Version
Section-Origin-Responded
Path
Section-Io-Origin-Status
Section-Io-Id
X-Lb-Id
X-Director
GeoIP-Country-Code
Section-Io-Origin-Time-Seconds
X-Datacenter
X-Akamai-Pragma-Client-IP
X-Webstats-RespID
X-Contensis-Viewer-Groups
X-LiteSpeed-Cache-Control
X-Cache-ASPX
X-Check-Cacheable
X-Cache-Ttl
Yjs-Id
X-Varnish-Authentication
X-CLOUD-TRACE-CONTEXT
X-Geo
X-Alfa-Service
X-FPC
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Esi
X-DataCenter
FSS-Cache
X-Test
X-Via-CDN
X-Mly-Id
X-Vercel-Cache
X-Vercel-Id
Proxy-Connection
X-Be
X-WA
Cdn
ENV
Server-Id
X-Micro-Cache
X-ServedByHost
X-Server-IP
X-HA-Backend
X-Response-By
User-Agent
Pramga
M-TraceId
X-Cache-Backend
Lb
X-Hyper-Cache
X-Dw-Trace-Id
X-Cc-Via
X-Cdn-Forward
X-Via-PopN
X-CF-Lambda-Version
X-Via-PopH
X-Via-PopV
X-CF-Lambda-Fn
X-ApacheServer
X-Client-Ip
X-PERF
X-M-Log
X-M-Reqid
Uri
X-We-Are-Hiring
X-Cache-Expires
HIT
X-AIR-PT
YJS-ID
Sm-Log-Id
X-Service-Response-Time
X-Edge-POP
Srvid
X-From
X-Instance-Name
X-Traceid
XM
Locid
Swift-Performance
X-Frame-Option
Location
X-FL-EDGE
X-TrackingId
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-App
Tracecode
X-TT-LOGID
X-UA
Geoip-Latitude
X-Qnm-Cache
Dnion-Transfer-Encoding
X-Akamai-ERRuleID
X-LiteSpeed-Tag
X-Akamai-ERPolicy
X-HITS
X-RPS
X-RSL
XServer
X-RPM
X-DW
X-DI
X-DSS
X-Air-Trace-Id
X-Air-Source
X-VarnishDD-TTL
CF-Cached-On
X-HN
N-Cache
Nginx-CQVIP
X-Air-Hostname
X-DB
PFcat
X-Info
C-Via
X-Fastly-Backend-Reqs
X-Platform
CountryCode
Ohc-File-Size
PICS-Label
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Wpo-Cache-Message
Wpo-Cache-Status
X-Lb-Nocache
X-Platform-Processor
Esi-Enabled
Timeexpire
X-Platform-Cluster
X-Conten-Type-Options
X-CF-Powered-By
X-Platform-Router
X-Oss-Hash-Crc64ecma
X-Cdn-Request-ID
Vha6-Origin
X-Fastly-Cache-Hits
X-HostName
X-Oss-Storage-Class
X-Oss-Server-Time
X-Cache-Proxy
Cneonction
X-Request-Url
X-Oss-Object-Type
X-Oss-Request-Id
NtCoent-Length
X-Litespeed-Cache-Control
X-Cache-Ngx
Wp-Super-Cache
Warning
X-Air-Pt
X-Ips-Loggedin
X-Nerd
X-PageType
X-Newegg-Index
X-Newegg-Flow
X-N-OperationId
X-Matched-Rule
X-Paywall
X-Loadbalancer
X-NFL-Dma
X-Matome-Cached
X-MTS-Cache
X-NS-Authorization
X-Nyt-Data-Last-Modified
X-Odoo-Frontend
X-LbNode
X-Okws-Version
X-Origin-Ops
X-OVcl
X-OVcl-Cache
X-Onedio-Env
X-Ntj-Investigation-Id
X-NXG
X-NFL-Geo
X-Fastly-Is-Edge
X-F-Status
X-Ee-Origin
X-Farm
X-Fstrz
X-Full-Ttl
X-Eventloop-Lag
X-PG-ACCESS
X-Eid
X-Ee-Request-Id
X-Ee-Request-Date
X-ETag
X-GG-Cache-Status
X-Git-Commit
X-Is-SSL
X-Ittl
X-Kebab
X-Kebabable
X-IBD-SID
X-IBD-Cache
X-Global-Transaction-ID
X-GoCache-CacheStatus
X-Group
X-Header-Sub
X-Keep
X-V2-Infrastructure
X-Ver
X-Vary-Devices
X-Wag-Acs
X-Waitingroom
X-Web-Hosting
X-Ee-Generated-By
X-Utime
X-True-Client-Ip
X-Tried-To-Kebabify
X-U-Cache
X-Upstream-State
X-User-Auth
X-WP-Bypass
X-WSR2
X-Request-URL
Cache-Key
Create-Date
MIME-Version
X-SD-PageType
X-Fastly-Country-Code
X-B3-Parentspanid
X-Xms-Page-Cache-Actions
X-YSpaceId
XV-Cache
XV-H
X-Toujours-Debout-Location
X-Toujours-Debout-Branch
X-Route
X-Request-Origin
X-Route-Akamai
X-Ruby
X-Save-Cache
X-Render-Time
X-Render-Method
X-Pver
X-R-Cache
X-Reboot
X-Redis
X-Server-L
X-ServiceName
X-SVR-IIS
X-Stack-Name
X-Svr-Proxy
X-Test-Nginx-Ingress
X-Timestamp
X-SSLProxy
X-Square
X-Sh
X-Site
X-Slack-Shared-Secret-Outcome
X-SMP-JWT
X-PGF-Deflate
X-ASF-Cache
Npm-Cost
NLCacheNote
Npm-Remaining
Ns
Ok-Cache-Status
Ns-Ua
Nikkei-App-Version
NB-ESI
HServer
H1
HTTPProtocol
Is-Https
Joe-X
OK-Edge-Date
Ok-Edge-Key
Selected-Route
Scheme
Served
Service-Uuid
SFRVia
Rt-Proxy-Cache
Request-Uuid
Panzer-Cache-Control
Origin-Site
Proxy-Cache
RawURL
Region
Ec-Policy-Id
Deeplink
On-Server
X-B3-ParentSpanId
X-Mg-Cache
Hit
X-ElasticPress-Query
Fastcgi-X-Cache-Version
WZWS-RAY
DynaTrace
Req-ID
Fastcgi-Cache-Ttl
X-PAYTM-SRV-ID
SRV
X-CUA
X-Yottaa-OS
X-IN-APIGATEWAY
Cf-Locale
Cf-Device-Type
Cf-Wrk
Cluster-Host
CMS-200
Cdn-Country-Code
Cachekey
X-Serial
X-IN-APIGATEWAYSSL
X-Th-Server
Akamai-X-Url
Cache-Stat
Shieldsquare-Response
SII
X-Cache-Length
X-Cache-IsMobileDevice
X-Cache-NPR
X-Cache-Reason
X-Cache-Response
X-Cache-ReqUri
X-Cache-Cookie
X-BeanStalkStage
X-AspNetWebPages-Version
X-ARRRG1
X-Backend-TTL
X-Backside-Transport
X-BeanStalkRole
X-CacheVersion
X-CDN-Pop
X-Delivery
X-Dehri-Date
X-Developed-By
X-Doge
X-DT-Node
X-Dcm-Pdtf
X-Container-Uri
X-Cf-Node-Idx
X-CDN-Pop-IP
X-Cms-Device
X-Coindesk-Cache
X-Colour
X-Arena-Request-Id
X-Ar-Stats
TWC-Subs
TWC-PATH-LOCALE
TWC-Unit
Uniqueid
Userver
TWC-AK-Req-ID
Ttl
Sw
Store-Cloud-Cache
T-Request-Id
Technodrome
Time-Cloud-Cache
Vttl
X-77-NZT
X-Akamai-DeviceType
X-Akamai-DeviceOS
X-Akamai-Native
X-Amz-Meta-Cb-Modifiedtime
X-Apache-Server
X-Akamai-CacheKeyMod
X-AEO-Platform
X-Accel-Version
X-77-NZT-Ray
X-Accepted-Fulllang
X-Accepted-Language
X-Accor-Asset
X-Edge-IP