Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
CF-Ray
X-Download-Options
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-AspNet-Version
X-Request-ID
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Generator
X-Cache-Status
X-Check
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-UA-Device
X-Amz-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Amz-Id-2
EagleId
X-Backend
X-AH-Environment
X-Proxy-Cache
P3p
Keep-Alive
X-Server
X-Age
X-Ws-Request-Id
Cf-Edge-Cache
Host-Header
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ua-Compatible
Cf-Apo-Via
X-Device
X-WebKit-CSP
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Server-Id
X-Host
X-Ruxit-JS-Agent
EagleEye-TraceId
Surrogate-Control
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Content-Security-Policy-Report-Only
Accept-Ch-Lifetime
X-HW
X-Cache-Lookup
X-Cloud-Trace-Context
X-Cache-Spec
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Application-Context
Permissions-Policy
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Litespeed-Cache
X-Country
Content-Location
X-Mcache
X-Content-Type
X-MS-InvokeApp
X-Url
X-Clacks-Overhead
Accept-CH-Lifetime
X-Vname
X-TtlSet
X-PC
X-Midtier
X-Amz-Server-Side-Encryption
X-CST
Rating
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Rack-Cache
X-Element-Page-Cache
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
Origin-Trial
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
Verso
X-Kinja-Server
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
X-ECACHE
X-Ac
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-Cnection
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
X-Client-IP
X-ASPNET-VERSION
Xkey
Edge-Control
SPIisLatency
X-Abt-Application-Version
SPRequestDuration
X-Upstream
X-Cache-TTL
X-Ttl
Accept-Ch
Arr-Disable-Session-Affinity
X-B3-TraceId
X-Cached
X-Mg-S
X-Dw-Request-Base-Id
X-Varnish-TTL
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-NWS-LOG-UUID
X-Webkit-Csp
X-Px
Display
X-Middleton-Display
X-Sol
Pagespeed
X-FastCGI-Cache
X-NF-Request-ID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-Correlation-Id
Edge-Cache-Tag
X-Forwarded-For
X-Country-Code
X-Goog-Hash
X-Ser
X-Cache-Key
X-Powered-CMS
X-Id
AR-PoweredBy
AR-CACHE
AR-SID
AR-Request-ID
AR-ATIME
Content-MD5
Front-End-Https
X-RateLimit-Remaining
TCN
Public-Key-Pins
X-Amzn-Trace-Id
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Version
X-Content-Digest
X-T
X-MSEdge-Ref
X-Recruiting
X-Ratelimit-Limit
Response
X-Middleton-Response
X-Accel-Expires
TP-L2-Cache
TP-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
S
Cache-Status
Nginx-Cache
X-Fastly-Request-ID
X-Aspnetmvc-Version
X-Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
Cross-Origin-Opener-Policy
Server-Node
X-HS-Hub-Id
X-XRDS-Location
Cache-Tags
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-Daa-Tunnel
X-Distributor
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-ORACLE-DMS-RID
X-Hits
X-PressLabs-Stats
X-LB-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
X-Origin-Server
X-Ua-Browser
X-TEC-API-ORIGIN
X-Ezoic-Cdn
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ratelimit-Reset
X-ORACLE-DMS-ECID
Filterid
Alternate-Protocol
Fastcgi-Cache
X-Ratelimit-Remaining
X-LLID
X-Frontend
X-Grace
X-Request-Handler-Origin-Region
X-Microsite
X-Rid
X-Hostname
Realpath
Healthy
X-Logged-In
X-Varnish-Backend
X-FB-Debug
Server-Name
X-Git-Hash
X-DIS-Request-ID
X-NGENIX-Cache
Cleartype
X-Geo-Country
X-Www-Served-By
X-Cluster-Name
X-Debug-Info
Payment
X-Page-Id
DC
X-Load-Cache
MS-Author-Via
X-TTL
X-Protected-By
X-Origin-Cache
X-Forwarded-Proto
Access-Control-Allow-Method
X-ECache
Content-Disposition
Charset
X-Upgrade-Enabled
X-B3-Sampled
X-Goog-Metageneration
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Az
X-Proxy
X-Activity-Id
X-AppVersion
X-DataDome
X-Seen-By
X-Cache-Age
Count-Hit
X-Amz-Meta-S3cmd-Attrs
X-Times
Paypal-Debug-Id
X-Amz-Replication-Status
X-Fb-Rlafr
X-F-Cache
X-Azure-Ref
X-Whom
X-Revision
Cross-Origin-Resource-Policy
X-Type
X-B
Surrogate-Key
X-Contextid
Accept-Charset
X-Akamai-Edgescape
X-App-Environment
Viewport
X-Varnish-Server
X-Request-Guid
X-B3-Traceid
X-Route-Name
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Flags
Retry-After
X-TT
X-Wix-Request-Id
X-Hosted-By
X-Envoy-Decorator-Operation
X-Language
X-DynaTrace
X-B-Cache
X-Signature
X-Cache-Control
X-XRDS-LOCATION
X-Source
X-App-Server
X-Mobile
X-Magnolia-Registration
X-Varnish-Grace
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Version
WPO-Cache-Status
Host
WPO-Cache-Message
X-VCache
Refresh
X-Amzn-RequestId
X-N
X-Amz-Apigw-Id
Referer-Policy
X-Server-ID
X-Cache-Rule
X-Varnish-Age
X-Tumblr-User
X-HTML-Minification-Powered-By
Access-Control-Request-Headers
X-Cache-Time
X-Original-Request-Id
X-Response-Served-From
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Amp-Access-Control-Allow-Source-Origin
X-EdgeConnect-Cache-Status
X-Rule
X-Jobs
X-UUID
SD-X-WS
X-Cacheable-TTL
Protected
X-Content-Powered-By
X-Trace-Id
X-G
X-User-Agent
X-Framework
X-Oracle-Dms-Ecid
X-RTag
Ms-Operation-Id
X-ProcessESI
MS-CV
X-Backend-Name
X-Cache-Grace
X-RemovedCookies
X-Oracle-Dms-Rid
Section-Io-Cache
X-L-Path
NGB
X-Status
X-Region
VIX-Pulpo-Upstream-Status
GEO-INFO
X-Environment-Context
From-Origin
X-Device-Type
Akamai-GRN
X-Tt-Trace-Host
X-Tt-Trace-Tag
VIX-Pulpo-Node
X-Akamai-Request-ID2
X-FW-Type
X-Cache-Status-Check
X-Page-View
X-FW-Version
X-FW-Dynamic
Front
X-Http-Reason
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Varnish-Ttl
X-Adobe-Content
X-Adobe-Loc
X-Cache-Expired-At
X-NYM-Debug-Backend
X-Instance
X-Drupal-Cache-Contexts
X-Is-Bot
X-Rendered-As
X-Nginx-Cache
X-Drupal-Cache-Tags
CDN-RequestId
Pinterest-Generated-By
X-Unique-Id
X-Pinterest-Rid
Pinterest-Version
Url
X-RateLimit-Limit
X-Servername
X-Time
Liferay-Portal
Accept-Language
X-Content-Options
X-Template
Fastly-SIE
Fastly-SWR
X-Newrelic-App-Data
X-Debug-IsPreview
X-Zen-Fury
X-Air-Source
X-Air-Hostname
X-Debug-IsConnected
Backend
X-Air-Trace-Id
X-Cache-Hit
X-Fastly-Request-Id
X-DynaTrace-JS-Agent
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-CDN-Forward
Country
SRV
X-Mode
X-Rocket-Nginx-Serving-Static
Content-Secure-Policy
X-Edge-Location
X-Uri
X-Cache-Operation
X-ARC
Node
X-RN-RSRV
X-Rewrite-Enabled
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-UPSTREAM-Address
X-Cache-Server
Webserver
S-Rt
X-Amzn-Remapped-Content-Length
Meta-Geo
Filters
Onion-Location
X-Generation-Time
X-IPS-LoggedIn
X-COUNTRY
X-Proxy-Cache-Info
Selected-Fe
X-Proxy-Build
Uber-Trace-Id
X-PHP-Backend
X-Locale
X-Content-Age
CF-IPCountry
Cache-Hits
Azure-InstanceId
WP-Super-Cache
Countrycode
X-Timing-Wait
Azure-RegionName
Azure-Version
Azure-SlotName
Azure-SiteName
X-Cache-Action
X-BYPASS-REASON
Cache-Name
X-Ms-Version
X-Sucuri-ID
X-Sucuri-Cache
X-Tb
X-Ua
X-Server-W
X-Web-Node
X-Soup
X-Skip-Cache
X-ProxyCache-Key
X-Ms-Request-Id
X-ProxyCache-Status
X-Reqid
X-Site-Version
X-Cms-Context
X-Via-Fastly
Property-Id
X-SayCDN-TTL
X-Say-TTL
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Say-Cacheable
X-Proto
X-IPLB-Instance
X-Cache-Host
ServerID
X-IPLB-Request-ID
X-Labrador-Cache-Channel
X-PHP-Host
X-Origin-Date
TWC-Locale-Group
TWC-Privacy
X-Routing-Service
X-Proxy-Cache-Status
X-Proxied
X-Section
X-VWS-Id
X-Cluster-Node
X-Zipkin-Id
X-Origin-Hint
X-LJ-Flow-ID
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
X-AWS-Id
X-Format
X-Extlb
Cache-Tv-Group
X-Access
Web-Mar-Node
X-Forwarded-Host
X-App-Version
DB-Nickname
X-Optimistic-Header
X-No-Session
X-JoinUs
Apigw-Requestid
X-LAGOON
X-Cluster
Cross-Origin-Window-Policy
X-UA-Device-Type
X-Sql-Count
X-VC-Cache
X-SaId
X-Sql-Duration-Ms
X-R9-Blue-Green-Version
X-Adobe-Source
Locale
X-Varnish-Beresp-Grace
X-Real-IP
X-Debug
X-Cache-TTL-Remaining
X-Urbn-Context-Path
X-Urbn-Site-Id
X-FB-TRIP-ID
X-Handled-By
Mn-Server-Ip
ServedBy
X-Director
X-Detected-As
X-LSADC-Cache
X-Xfnlog-Site
X-Node-Name
X-Ruxit-Js-Agent
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Tec-Api-Root
X-Tec-Api-Version
Fastcgi-Useragent
X-GeoCode
Frame-Options
X-Tec-Api-Origin
X-GeoCountry
Mime-Version
Upgrade-Insecure-Requests
X-Varnish-Hits
X-Tt-Logid
Source
X-Oneagent-Js-Injection
X-Hl-Ver
CDN-RequestCountryCode
CDN-CachedAt
CDN-Uid
CDN-Cache
X-Api-Version
CDN-EdgeStorageId
X-Generated-By
CDN-PullZone
Load-Balancing
X-GEO
X-Varnish-Cache-Hits
X-SRV
X-Buckets
Fastly-Drupal-HTML
Xet-Cookie
X-Request-Time
X-ServerID
X-FireWall-Port
X-Varnish-Hostname
X-Mg-Request-UUID
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-RM-Cache-TTL
X-Origin-CC
X-Origin-TTL
X-Redis-Cache
CF-Cached-On
X-TA-CDN-Provider
X-URL
X-Cache-Debug
X-Loop
X-Storage
X-Served-From
X-Akamai-Transformed
X-TIME
X-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-ShopId
X-Pubstack
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Provided-By
X-Endurance-Cache-Level
X-Restarts
X-Pass-Why
X-Newrelic-Synthetics
X-CSRF-Token
X-Request-Host
X-Tx-Id
X-Service
Xserver
X-Location
X-BCube-Filmed-By
X-Bip
X-Cache-Date
X-Bc-Bl
X-A-Dgt
X-Fetched-On
X-Destination
X-Aed
X-Application
X-B-Cookie
Surrogated-Key
X-A-Dcw
X-Cache-Info
X-Ec-GeoHdr
TDXMobile
X-Core-Mission
X-Ec-Fail
X-Cache-NE
X-Conf
Thinkindot-Control
Thinkindot-CacheControl
X-Epic-Correlation-Id
X-CMSURLCustom
X-External-Request-Id
T-Server
Thinkindot-CacheControl-Type
X-CUA
X-D
X-Developer
Rendered-Blocks
DCR-Decision-By
X-Origin-Time
DCR-Processing-Time-Ms
X-TIM-N
X-A
Host-ID
Lang
X-A-Ccd
X-A-Dam
Xc-Version
X-Sigma-Backend
X-We-Are-Hiring
X-Vdms-Path
X-Vdms-Version
X-Thinkindot-L3
X-Thanos
X-Nyt-Route
DSUID
HostName
WWW-Authenticate
Edge-Cache
X-Origin
Gannett-Cam-Experience-Id
X-SRCache-Key
X-Test
X-Mid
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Mobile-URL
MD5-Digest
Memcached
X-Rocket-Build-Number
Sslversion
Server-Host
X-Hash
X-Response-By
BehaviorPad-Version
X-Generated-On
X-Rojux
A
X-S-Maxage
X-Gdpr
X-S-Cookie
X-S
Cache-Host
X-Sigma
Ngx.Var.Host
NM-Fastcgi-Cache
X-INCAP-ABP
X-Level-Front-Cache
X-Men
Meta-Geo-Continent
Odigeo-Trace-Id
Origin
X-Processor
X-ScT
X-A-Wwc
Release
Redirect-Candidate
Candidate-Md5Url
Server-Info
Req-Svc-Chain
Gh-Request-Id
Fastly-GeoIP-CountryCode
Magicmarker
Mail-Subject
Tube-Got-Eval
Tube-Get-Contents
Tube-Return
X-Server-IP
X-Human
X-Loc
X-Auto-Login
C-Via
X-Httpd
Fastly-Backend-Name
X-Platform-Processor
X-HS-Content-Campaign-Id
X-Scale
X-Platform-Cluster
X-Varnishpool
X-Mvc-Supplant-Cachable
X-Node-Id
X-Org
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Platform
X-Origin-Response-Time
X-Var-Ttl
X-Platform-Router
X-Pool
X-CacheTTL
X-Cdn-Origin
X-Date
X-Dispatcher-Number
X-Cache-Id
X-Cache-Bucket
X-Accel-Expires-Debug
X-Akamai-Device-Characteristics
X-BBC-Edge-Cache-Status
X-Dispatcher-Server
X-Ec-Custom-Error
X-Gzip
X-SD-PageType
X-Req
X-Region-Sid
X-Geo-Header
X-Gamma-Serve
X-Esi-Check
X-Fastly-Backend
X-Fastly-Cache
We-Hiring
Tube-Got-Results
Country-Code
CacheControlHeader
Click-Count-Action-Start
Cache-Key
AKAMAI
Click-Count-Error
CloudFront-Viewer-Country
Cmstype
Cmsid
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Environment
X-Via-CDN
X-Vcl-Version
X-VC
X-WP-CF-Super-Cache-Active
X-Device-Os
X-Vmg-Version
X-VServer
X-DefElseHash
X-DefHash
X-WA-Info
On-Server
X-Cache-FS-Status
Origin-CC
Srvid
X-Azure-Ref-OriginShield
Locid
X-Worker
X-Varnish-Remaining-TTL
X-WADP-Cache
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Core-Value
X-FC-Vary-Parameters
X-JWT-State
X-Planisys-CDN-Rules
X-Is-Gdpr
X-Irp-Debug
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Owner
X-NodeID
X-Mly-Id
X-TNCMS
X-Origin-Expires
X-Has-Esi
X-GeoIP-Region-Code
X-Forwarded-Site
X-Frame-Option
X-Fmm-Version
X-Ad-Defer-Variation
X-Varnish-CookieHashed-On
X-Variation
X-V-Cache
X-GeoIP-Country-Code
X-GeoIP-City
X-GeoIP
X-SB
X-Varnish-CookieINHashed-On
Origin-EX
X-FL-QIT-DEBUG
X-FL-EDGE
X-Instance-Name
Web-Mar-Region
Vix-Hermes-Req-Id
Adler-Geo
Canary
Platform
X-Developers
Ssr
Kp-EeAlive
Is-Eu
Expect-Staple
State
Machine
Datacenter
X-Cdn-Srv
X-Varnish-Beresp-Ttl
Edge-Copy-Time
X-Air-Pt
AMP-Access-Control-Allow-Source-Origin
X-Via-Edge
X-Via-SSL
X-Zone
X-VG-TLSProxy
L
X-Qloud-Router
X-HN
X-VarnishDD-TTL
X-Old-Content-Length
X-Release
NGX
X-From
Cache-Provider
PFcat
Producers
X-DPWN-IS-SECURE
X-Cache-Tags
Wxu-Next-Hostname
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Wxu-Next-Commit
X-Op-Id-All
X-App
X-Wix-Viewer-Type
Apple-News-Services-Host
X-Aicache-OS
X-NCache
X-Accel-Buffering
Wxu-Next-Region
X-Nginx-Cache-Key
Server-Ext
X-Hnp-Log
L5d-Success-Class
X-Eu-Site
Server-Hostname
X-Platform-Server
Sever-Int
X-Csrf-Jwt
X-Request-Start
X-CGP
X-Mvc-Supplant-OutputCached
X-RCS-CacheZone
X-Varnish-Beresp-Status
User-Cache-Control
Ha-Gx-Prefs
X-Block-Status
X-Gen-Mode
X-Nananana
X-Ua-Device
X-Microcachable
HA-Ipaddr
X-Minions-Version
X-CACHE-AGE
X-Parent-Response-Time
X-Dc
X-Webkit-CSP-Report-Only
X-Lambda-Id
X-Debug-Cache-Store
CDCHOST
X-Debug-Cache-Fetch
X-Cache-Remote
X-Up
X-Cache-Enabled
X-VCT
Fastly-SSL
X-B3-SpanId
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-LB-NoCache
X-Tb-Optimization-Total-Bytes-Saved
Sid
X-Cs
X-Correlation-ID
X-B3-Spanid
VNS-Age
Pics-Label
VNS-Cache
X-Cached-By
CPC-Age
X-Vtex-Remote-Cache
X-Generated-In
X-Upstream-Ct
X-Render-Time
X-Refresh
CPC-Cache
X-Upstream-Ht
X-Cache-Backend
Env
NtCoent-Length
X-DC
Srv
X-Trace-ID
X-CCDN-Origin-Time
Decoy-Debug-Status
Cluster
Decoy-Debug-Key
Memory
X-Hcs-Proxy-Type
X-ND-Cache
X-CCDN-CacheTTL
Cache
Time
GeoIP-Latitude
Decoy-Debug-TTL
X-Cache-Type
X-LB-ID
X-AIR-PT
Fastly-Drupal-Html
X-TH-Server
X-HA-Backend
X-Tid
X-NWS-UUID-VERIFY
X-Webkit-CSP
X-Edge-Pop
SID
X-ATG-Version
X-HS-Status
X-Via-JSL
X-DataCenter
X-Presslabs-Stats
X-Esi
X-CACHE-KEY
X-Servedbyhost
X-NewRelic-App-Data
Server-ID
GeoIp-Country-Code
Uri
X-Wa
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Client-Ip
X-Cache-ASPX
X-Nc
Svr
Cdn
X-MP-GENERATED-AT
X-Srv
X-ZONE
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
Esi-Enabled
X-CF-Lambda-Version
X-Vgn-Hpd-Cached
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-Check-Cacheable
True-Client-IP
X-Datadome
X-Proxy-CacheRZ
XkeyRZ
YJS-ID
X-Fpc
X-CDN-Cache-Status
X-Amz-Meta-Cb-Modifiedtime
N-Cache
X-Wikidot-Static-Cache
XServer
X-Wikidot-Backend
X-TX-ID
Lb
X-Vc
X-Udemy-Cache-App-Namespace
X-Varnish-Beresp-TTL
Resin-Trace
X-Tenant
RNT-Time
X-Shop-Environment
M-TraceId
X-Bl-Debug
X-Nf-Request-Id
X-Orig-Expires
X-Forwarded-Path
RNT-Machine
X-CS
X-NGINX-Cache
Hostname
X-Fastly-Country-Code
X-Gateway-Cache-Status
X-MSEdge-Features
X-MSEdge-Flight
OT-Force-Account-Verify
Cdncip
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-FPC
Cdnsip
X-Gateway-Cache-Key
True-Client-Ip
X-AK-Request-ID
X-EC-Lua
X-CSRF-TOKEN
X-B3-Trace-ID
X-Via-NSCOPI
X-API-Version
X-App-Name
X-Policy
X-Service-Response-Time
Sm-Log-Id
X-Logging-Id
Server-Id
X-APP-VERSION
Eomportal-Instance
CDN
X-Cache-Ttl
X-Container-Uri
Hit
X-WA
X-Git-Commit
GeoIP-Country-Code
Path
X-Accel-Version
X-Datacenter
X-Vcache
X-Micro-Cache
X-NC
Ngx-Var-Key
X-CLOUD-TRACE-CONTEXT
X-Cdn-Diag
X-Cdn-Forward
X-SIPLIST1
X-VCL-Version
X-MCACHE
X-Cache-NGX
X-ServedByHost
IsBot
X-Lb-Id
X-Geo
X-Edge-POP
X-Request-URI
HIT
LB
X-RateLimit-Reset
X-Ha-Backend
X-Akamai-Pragma-Client-IP
X-Oracle-DMS-ECID
Pramga
X-SERVER-NAME
RATING
X-Tncms
X-VG-WebCache
X-Acquia-Purge-Cdn-Unconfigured
V-Age
XM
X-Cdn-Cache-Status
X-Info
X-Rebelmouse-Surrogate-Control
ENV
X-Rebelmouse-Cache-Control
Geoip-Latitude
X-Clientip
X-Snapshot-Date
CDN-RequestPullSuccess
FSS-Cache
X-Lb-Nocache
Cross-Origin-Opener-Policy-Report-Only
Location
X-Srcache-Fetch-Status
CDN-RequestPullCode
Timeexpire
X-Srcache-Store-Status
Tcn
X-TT-LOGID
Epwk-X-Cache
X-Ctl-Mach
Req-ID
Ohc-File-Size
X-Via-PopH
X-Via-PopN
X-Via-PopV
Yjs-Id
True-Client-Country-4JS
X-Pod-Name
X-TimeS
X-Iauth-Set-Uid
X-LiteSpeed-Cache-Control
X-HostName
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Dw-Trace-Id
X-Amz-Meta-Opti
W
X-Hyper-Cache
X-Serial
Warning
X-M-Reqid
X-LiteSpeed-Tag
X-M-Log
X-ApacheServer
Cneonction
X-RAMCache
X-Cdn-Request-ID
PICS-Label
X-PERF
X-Litespeed-Cache-Control
X-Viewer-Country
Proxy-Connection
X-UP
X-User
X-Vgn-Hpd-Reason
Servername
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Fastly-Backend-Reqs
X-Cache-Expires
Content-Script-Type
Content-Style-Type
Cdn-Requestid
X-Oss-Request-Id
WZWS-RAY
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
Ec-Rule-Version
X-Acquia-Site
X-Qnm-Cache
X-MiniProfiler-Ids
CountryCode
X-Lsadc-Cache
X-Akamai-ERRuleID
Ngx
X-Akamai-ERPolicy
X-Swift-Error
X-B3-ParentSpanId
X-Th-Server
My-App
X-Mg-Cache
X-IPS-Cached-Response
X-Webstats-RespID
X-Fastly-Cache-Hits
Ohc-Cache-HIT
MIME-Version
X-B3-Parentspanid
X-WP-CF-Super-Cache-Cookies-Bypass