Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-ID
X-Request-Id
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
P3p
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
Keep-Alive
X-Proxy-Cache
X-Server
X-Ua-Compatible
X-Ws-Request-Id
X-Age
Host-Header
X-Hacker
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Allow
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
Accept-CH
Cf-Apo-Via
X-Device
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Host
X-Pingback
X-Server-Id
X-Cache-Spec
X-Nginx-Cache-Status
X-Ruxit-JS-Agent
EagleEye-TraceId
X-Akam-SW-Version
Surrogate-Control
X-Backend-Server
Request-Id
X-Readtime
X-Cache-Lookup
X-HW
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Application-Context
X-Response-Time
Fastly-Restarts
Permissions-Policy
X-Nginx-Upstream-Cache-Status
X-Mod-Pagespeed
Accept-CH-Lifetime
Accept-Ch-Lifetime
X-Edge
X-WebKit-CSP-Report-Only
X-CST
X-Litespeed-Cache
Content-Location
X-Content-Type
X-Url
X-MS-InvokeApp
X-Mcache
X-Clacks-Overhead
X-Country
Rating
X-Midtier
X-TtlSet
X-PC
X-Vname
X-Amz-Server-Side-Encryption
RTSS
X-ECACHE
X-VARITI-CCR
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
Origin-Trial
X-Server-Name
Verso
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Ac
X-Rack-Cache
X-B3-TraceId
X-Ttl
X-Cnection
X-Powered-By-Plesk
Service-Worker-Allowed
X-GitHub-Request-Id
X-SharePointHealthScore
SPRequestGuid
X-Cache-TTL
Xkey
X-Navigation-Version
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Edge-Control
X-Varnish-TTL
X-NWS-LOG-UUID
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
X-Cached
X-Upstream
X-Browser-Type
X-Erf-Bev-Bev
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Mg-S
X-Px
X-Dw-Request-Base-Id
X-Correlation-Id
X-Middleton-Display
Display
Pagespeed
X-Sol
X-Cache-Key
Content-MD5
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-Goog-Hash
X-Forwarded-For
X-Country-Code
Front-End-Https
X-Version
X-Id
TCN
X-Powered-CMS
X-XRDS-Location
Public-Key-Pins
AR-ATIME
AR-Request-ID
AR-CACHE
AR-PoweredBy
AR-SID
X-Daa-Tunnel
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-T
X-Recruiting
X-MSEdge-Ref
X-Content-Digest
X-RateLimit-Remaining
X-FastCGI-Cache
X-Accel-Expires
X-Ser
X-Middleton-Response
Response
X-Fastcgi-Cache
X-Amzn-Trace-Id
TP-L2-Cache
TP-Cache
X-Ratelimit-Limit
X-Shield-Request-Id
S
Nginx-Cache
X-B3-TraceId-Primal
X-Webkit-Csp
Mrf-Cache-Status
MRF-Tech
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Request-Received
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
Server-Node
Cache-Status
X-Distributor
Cache-Tags
Accept-Ch
X-Hits
X-Edge-Location-Klb
X-Kinsta-Cache
Fastcgi-Cache
X-Grace
X-Ratelimit-Remaining
Alternate-Protocol
Server-Name
X-LB-Cache
X-Ezoic-Cdn
X-Origin-Server
X-Ratelimit-Reset
X-Ua-Browser
X-DIS-Request-ID
Cross-Origin-Opener-Policy
X-DataDome
X-Geo-Country
X-Fastly-Request-ID
X-Protected-By
Filterid
X-Microsite
X-Request-Handler-Origin-Region
X-Rid
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Varnish-Backend
X-Frontend
Healthy
X-Debug-Info
X-Git-Hash
X-Logged-In
X-Www-Served-By
Payment
Cleartype
X-FB-Debug
X-NGENIX-Cache
X-LLID
X-Forwarded-Proto
X-Page-Id
X-PressLabs-Stats
X-Load-Cache
X-Hostname
X-ASPNET-VERSION
X-Origin-Cache
X-Cluster-Name
DC
Charset
MS-Author-Via
Content-Disposition
X-B3-Sampled
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Goog-Metageneration
X-GUploader-UploadID
Realpath
Access-Control-Allow-Method
X-VCache
X-Upgrade-Enabled
X-Proxy
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-F-Cache
X-Activity-Id
Retry-After
X-AppVersion
X-Az
X-Seen-By
Cross-Origin-Resource-Policy
X-TTL
X-Contextid
Paypal-Debug-Id
X-Amz-Replication-Status
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
X-Revision
X-Signature
X-Type
X-B-Cache
X-Route-Name
X-Providence-Cookie
X-Request-Guid
X-Azure-Ref
X-Aspnet-Duration-Ms
X-Whom
X-Is-Crawler
Viewport
X-Hosted-By
X-Fb-Rlafr
X-Flags
X-Wix-Request-Id
X-Varnish-Server
X-Aspnetmvc-Version
X-App-Environment
Surrogate-Key
Count-Hit
X-TT
X-B
X-DynaTrace
X-Akamai-Edgescape
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Language
Amp-Access-Control-Allow-Source-Origin
X-Source
X-ECache
Referer-Policy
X-App-Server
X-Cache-Control
X-Mobile
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-COUNTRY
X-Cache-Age
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Magnolia-Registration
Host
X-B3-Traceid
X-Varnish-Grace
Version
X-Template
X-HTML-Minification-Powered-By
X-N
X-RateLimit-Limit
X-Cache-Rule
X-Fastly-Request-Id
X-Tumblr-Pixel-0
X-Original-Request-Id
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Response-Served-From
X-RTag
X-UUID
MS-CV
X-EdgeConnect-Cache-Status
Ms-Operation-Id
X-Cache-Time
X-Rule
X-Varnish-Age
X-Cache-Status-Check
X-Envoy-Decorator-Operation
Access-Control-Request-Headers
Section-Io-Cache
X-Framework
X-Cache-Expired-At
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Content-Powered-By
X-Cacheable-TTL
X-Trace-Id
X-Cache-Grace
X-Backend-Name
Akamai-GRN
X-FW-Version
X-FW-Server
X-FW-Static
X-FW-Type
X-Device-Type
X-Adobe-Loc
X-User-Agent
Protected
X-FW-Dynamic
X-Server-ID
X-FW-Hash
X-Adobe-Content
X-Page-View
X-ProcessESI
X-RemovedCookies
X-FW-Serve
X-Akamai-Request-ID2
NGB
Url
X-G
X-Servername
GEO-INFO
Refresh
X-Rendered-As
X-NYM-Debug-Backend
X-Instance
X-Is-Bot
X-Jobs
X-Http-Reason
X-Status
X-Times
X-Environment-Context
SRV
X-L-Path
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
From-Origin
CDN-RequestId
WPO-Cache-Status
WPO-Cache-Message
X-Ruxit-Js-Agent
X-Region
X-Debug-IsConnected
X-Debug-IsPreview
Front
X-CDN-Forward
Accept-Language
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Yottaa-Metrics
X-Cache-Hit
X-Yottaa-Optimizations
Country
X-Unique-Id
Backend
X-Content-Options
X-Nginx-Cache
X-Tb
Fastly-SWR
Fastly-SIE
X-Zen-Fury
X-Varnish-Ttl
X-Tt-Logid
X-Node-Name
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-DynaTrace-JS-Agent
X-Tec-Api-Root
X-XRDS-LOCATION
X-Tec-Api-Version
X-Tec-Api-Origin
X-Real-IP
X-Mode
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Newrelic-App-Data
X-Cache-Operation
Content-Secure-Policy
Uber-Trace-Id
X-VC-Cache
Liferay-Portal
Webserver
X-Generation-Time
X-Tumblr-Pixel-2
X-Amzn-Remapped-Content-Length
X-Rewrite-Enabled
X-UPSTREAM-Address
Filters
X-Ms-Version
X-RN-RSRV
X-Proxy-Cache-Info
Meta-Geo
X-Cache-Server
X-Ms-Request-Id
Azure-SlotName
Azure-Version
Cache-Hits
X-IPS-LoggedIn
X-Reqid
X-Format
X-Time
X-Rocket-Nginx-Serving-Static
X-Access
CF-IPCountry
X-TIME
X-Section
X-Content-Age
X-Buckets
Onion-Location
Azure-SiteName
X-Web-Node
Azure-RegionName
Azure-InstanceId
X-IPLB-Request-ID
Webcakes-App-Version
Webcakes-Region
X-IPLB-Instance
Webcakes-App-Name
TWC-Device-Class
ServedBy
X-Cluster
X-Cluster-Node
X-LJ-Flow-ID
Property-Id
X-BYPASS-REASON
X-Cache-TTL-Remaining
X-Cms-Context
X-Debug
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-AWS-Id
TWC-Connection-Speed
X-Adobe-Source
X-R9-Blue-Green-Version
X-PHP-Backend
X-VWS-Id
X-UA-Device-Type
X-SayCDN-TTL
X-Locale
X-Say-TTL
X-Via-Fastly
X-Soup
X-Sucuri-ID
X-Ua
X-Sucuri-Cache
X-Sql-Duration-Ms
X-Sql-Count
X-ProxyCache-Status
X-Say-Cacheable
X-Proxy-Cache-Status
Node
X-Origin-Hint
X-ProxyCache-Key
X-Proto
Apigw-Requestid
X-Site-Version
X-PHP-Host
ServerID
S-Rt
X-Skip-Cache
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
Web-Mar-Node
X-No-Session
X-Handled-By
X-Forwarded-Host
Cache-Name
X-Cache-Action
DB-Nickname
X-Server-W
X-Cache-Host
X-Timing-Wait
X-LAGOON
X-Urbn-Context-Path
X-SaId
X-Urbn-Site-Id
X-JoinUs
X-Routing-Service
X-Extlb
X-Detected-As
Selected-Fe
X-FB-TRIP-ID
X-Xfnlog-Site
X-Proxied
X-Proxy-Build
X-Edge-Location
X-Zipkin-Id
Locale
Cross-Origin-Window-Policy
X-WP-CF-Super-Cache-Cache-Control
X-LSADC-Cache
X-GeoCode
X-GeoCountry
X-WP-CF-Super-Cache
WP-Super-Cache
Mn-Server-Ip
Mime-Version
X-Tumblr-Pixel-3
X-Origin-Date
Fastly-Drupal-HTML
Fastcgi-Useragent
CDN-Cache
CDN-CachedAt
X-Optimistic-Header
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
X-SRV
CDN-Uid
Source
X-Uri
X-Hl-Ver
X-Oneagent-Js-Injection
Countrycode
X-Request-Time
X-ARC
X-Director
Upgrade-Insecure-Requests
X-Varnish-Hits
X-App-Version
X-Mg-Request-UUID
X-Generated-By
X-Redis-Cache
X-GEO
X-Cache-Debug
CF-Cached-On
Cache-Tv-Group
X-Loop
X-TNCMS
X-Akamai-Transformed
Xet-Cookie
X-Pass-Why
X-Tx-Id
X-URL
X-Origin-TTL
Frame-Options
X-Origin-CC
X-FireWall-Port
X-Varnish-Cache-Hits
X-CACHE-AGE
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Varnish-Hostname
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ShardId
X-Alternate-Cache-Key
X-NWS-UUID-VERIFY
X-RM-Cache-TTL
Xserver
X-Service
X-ServerID
X-TA-CDN-Provider
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-Presslabs-Stats
X-Storage
X-Endurance-Cache-Level
X-Loc
X-ScT
X-Request-Host
X-Rocket-Build-Number
X-S
X-Served-From
X-A-Ccd
X-Rojux
X-S-Maxage
X-A
X-S-Cookie
WWW-Authenticate
X-Mid
Ngx.Var.Host
X-Origin-Time
Meta-Geo-Continent
Candidate-Md5Url
Odigeo-Trace-Id
BehaviorPad-Version
Cache-Host
Origin
Memcached
MD5-Digest
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
Edge-Cache
DCR-Decision-By
Host-ID
Lang
X-Nyt-Route
Redirect-Candidate
Release
X-Processor
T-Server
Surrogated-Key
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Platform-Router
X-Platform-Processor
X-Mobile-URL
Req-Svc-Chain
Rendered-Blocks
A
Sslversion
X-Platform-Cluster
X-Pubstack
X-Location
X-Thinkindot-L3
X-Httpd
X-Frame-Option
X-Cache-NE
X-VG-TLSProxy
X-Cache-Info
X-Vdms-Version
X-BCube-Filmed-By
X-Generated-On
X-Cache-Date
X-Gdpr
X-CMSURLCustom
X-INCAP-ABP
X-A-Dam
X-Developer
X-Destination
X-D
X-Tid
X-Conf
X-B3-Spanid
X-Core-Value
X-Bc-Bl
X-BBC-Edge-Cache-Status
X-External-Request-Id
X-SRCache-Key
X-Epic-Correlation-Id
X-Level-Front-Cache
Xc-Version
X-Aed
X-Sigma-Backend
X-A-Dgt
X-A-Wwc
X-We-Are-Hiring
X-A-Dcw
X-Ec-Fail
X-TIM-N
X-B-Cookie
X-Sigma
X-Application
X-Vdms-Path
X-Test
X-Ec-GeoHdr
Environment
X-Fmm-Version
NM-Fastcgi-Cache
X-NodeID
X-Old-Content-Length
Gh-Request-Id
X-GeoIP
X-GeoIP-City
Fastly-GeoIP-CountryCode
X-Geo-Header
X-Fetched-On
NGX
X-Hash
Mail-Subject
Magicmarker
X-HS-Content-Campaign-Id
X-DefElseHash
Fastly-Backend-Name
X-Auto-Login
X-Cache-Bucket
X-Is-Gdpr
Tube-Got-Eval
Tube-Got-Results
X-JWT-State
We-Hiring
Vix-Hermes-Req-Id
Tube-Return
X-Akamai-Device-Characteristics
Tube-Get-Contents
X-Cdn-Origin
Server-Info
X-Developers
X-Ec-Custom-Error
Server-Host
X-Human
Ssr
State
X-Cdn-Srv
X-Clara-WADP
X-Core-Mission
X-DefHash
X-Mvc-Supplant-Cachable
Cache-Key
X-SVT-ORM-VERSION
CacheControlHeader
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Varnish-Beresp-Status
X-Varnish-CookieHashed-On
Click-Count-Error
X-Platform-Server
X-Origin-Response-Time
X-SD-PageType
X-SB
Apple-News-Services-Handled
AKAMAI
X-Pool
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Restarts
X-Req
Apple-News-Services-Request-Url
CloudFront-Viewer-Country
Click-Count-Action-Start
Decoy-Debug-TTL
X-Vmg-Version
Cluster
Decoy-Debug-Status
X-WP-CF-Super-Cache-Active
Decoy-Debug-Key
X-WADP-Cache
X-Worker
DSUID
X-Varnish-Remaining-TTL
X-Thanos
X-Varnish-CookieINHashed-On
X-CUA
Country-Code
X-WA-Info
X-Org
X-Has-Esi
X-Bip
X-VServer
Section-Io-Id
Load-Balancing
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Parent-Response-Time
X-Ckpd-Fst-Backend
Machine
X-Node-Id
X-CacheTTL
X-Origin
X-Api-Version
X-Varnishpool
X-Var-Ttl
Cmstype
X-Irp-Debug
X-Cache-Tags
X-Variation
X-Azure-Ref-OriginShield
X-App
CDCHOST
X-Block-Status
X-Cache-Id
Cmsid
Server-Hostname
X-Date
L
X-Gamma-Serve
X-Wix-Viewer-Type
Datacenter
X-FC-Vary-Parameters
X-Hnp-Log
X-HN
X-VarnishDD-TTL
X-Gen-Mode
X-Gzip
X-Fastly-Backend
Is-Eu
X-Device-Os
Kp-EeAlive
X-Mly-Id
X-Dispatcher-Number
X-Dispatcher-Server
X-Esi-Check
X-GeoIP-Country-Code
X-DPWN-IS-SECURE
Canary
X-Cache-Backend
PFcat
Platform
C-Via
X-Request-Start
X-NCache
Web-Mar-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Scale
Producers
X-Men
X-Platform
Sever-Int
X-Minions-Version
Adler-Geo
Server-Ext
X-Region-Sid
X-GeoIP-Region-Code
X-Qloud-Router
Wxu-Next-Region
User-Cache-Control
X-Accel-Expires-Debug
X-Slack-Backend
X-Op-Id-All
X-Accel-Buffering
X-Slack-Shared-Secret-Outcome
Cache-Provider
X-Ad-Defer-Variation
X-DC
X-Planisys-CDN-Cache
X-V-Cache
X-Planisys-CDN-Rules
HA-Ipaddr
X-Eu-Site
X-Refresh
X-Planisys-CDN-TTL
Ha-Gx-Prefs
X-LB-NoCache
L5d-Success-Class
X-CGP
X-Cache-FS-Status
Origin-CC
X-Nananana
Origin-EX
X-Owner
Pics-Label
Fastly-SSL
On-Server
X-Nginx-Cache-Key
X-Csrf-Jwt
X-Mvc-Supplant-OutputCached
X-Forwarded-Site
X-Server-IP
X-Webkit-CSP-Report-Only
X-CSRF-Token
X-Microcachable
X-Cache-Remote
X-Fastly-Cache
X-Up
HostName
Env
X-Aicache-OS
X-NewRelic-App-Data
SID
X-Origin-Expires
X-Instance-Name
Svr
X-Tb-Optimization-Total-Bytes-Saved
X-Response-By
X-Servedbyhost
GeoIP-Latitude
X-RCS-CacheZone
X-Release
X-ND-Cache
X-AIR-PT
X-NGINX-Cache
X-Trace-ID
X-VC
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-From
Srvid
X-Air-Pt
X-FL-QIT-DEBUG
Memory
Expect-Staple
Time
Locid
X-FL-EDGE
X-Zone
X-Provided-By
X-Via-CDN
X-Generated-In
X-Nc
Cdn
X-Cache-Enabled
X-Cached-By
X-DataCenter
X-Edge-Pop
Edge-Copy-Time
NtCoent-Length
X-Via-Edge
X-Dc
Cache
X-Via-SSL
X-Webkit-CSP
X-Wa
X-ZONE
X-HS-Status
X-HA-Backend
X-Vcl-Version
X-Vc
AMP-Access-Control-Allow-Source-Origin
Cdncip
X-Esi
Server-ID
Cdnsip
X-AK-Request-ID
X-Check-Cacheable
X-Correlation-ID
X-Lambda-Id
X-Via-NSCOPI
X-Gateway-Skip-Cache
X-Client-Ip
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Hcs-Proxy-Type
X-Gateway-Cache-Status
Sid
X-Gateway-Cache-Key
X-Gateway-Request-Id
GeoIp-Country-Code
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Hostname
X-API-Version
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-LB-ID
X-Fpc
X-Vgn-Hpd-Variations-Key
X-Vtex-Remote-Cache
CPC-Age
VNS-Age
X-Render-Time
VNS-Cache
X-CSRF-TOKEN
X-Cs
CPC-Cache
X-Amz-Meta-Cb-Modifiedtime
True-Client-IP
X-Srv
X-Proxy-CacheRZ
X-CS
XkeyRZ
X-Via-JSL
Fastly-Drupal-Html
X-MCACHE
Eomportal-Instance
X-VCT
X-B3-SpanId
X-Micro-Cache
Ngx-Var-Key
X-APP-VERSION
Srv
X-Nf-Request-Id
X-TH-Server
X-EC-Lua
X-ATG-Version
X-Upstream-Ht
X-Upstream-Ct
X-Varnish-Authentication
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Request-URI
X-MSEdge-Features
X-MSEdge-Flight
X-SIPLIST1
IsBot
Uri
True-Client-Ip
Esi-Enabled
OT-Force-Account-Verify
X-Cache-Type
Path
X-Fastly-Country-Code
X-Cache-NGX
X-Varnish-Beresp-TTL
X-VCL-Version
X-Info
M-TraceId
Resin-Trace
XServer
Request-ID
X-RateLimit-Remaining-Second
X-FPC
X-PAYTM-SRV-ID
X-RateLimit-Limit-Second
CDN
X-CF-Lambda-Version
X-CF-Lambda-Fn
YJS-ID
X-TX-ID
X-Datadome
X-Lb-Id
X-CACHE-KEY
X-CLOUD-TRACE-CONTEXT
Location
GeoIP-Country-Code
X-Udemy-Cache-App-Namespace
X-CDN-Cache-Status
X-Wikidot-Static-Cache
RNT-Time
X-Wikidot-Backend
X-Cdn-Request-ID
RNT-Machine
X-Accel-Version
N-Cache
X-MP-GENERATED-AT
Cross-Origin-Opener-Policy-Report-Only
X-Oss-Hash-Crc64ecma
X-Forwarded-Path
X-Tenant
X-Cache-Expires
Servername
X-Oss-Object-Type
X-Shop-Environment
X-Orig-Expires
Sm-Log-Id
X-Oss-Request-Id
Server-Id
X-Service-Response-Time
X-Pod-Name
X-Oss-Server-Time
X-Bl-Debug
X-Oss-Storage-Class
X-Edge-POP
LB
X-Datacenter
X-RateLimit-Reset
X-B3-Trace-ID
X-WA
X-Akamai-Pragma-Client-IP
X-App-Name
X-Policy
X-NC
HIT
X-SERVER-NAME
X-Cdn-Cache-Status
X-Ha-Backend
Timeexpire
X-Geo
X-Srcache-Store-Status
X-Via-PopH
X-Via-PopN
X-Via-PopV
Traceparent
X-Scheme
X-Srcache-Fetch-Status
X-Moov-T
X-Cdn-Forward
Lb
X-Moov-Xdn-Version
Ohc-File-Size
FSS-Cache
X-ServedByHost
Proxy-Connection
ENV
X-Snapshot-Date
Yjs-Id
X-TraceId
X-Viewer-Country
Epwk-X-Cache
X-ApacheServer
X-PERF
Hit
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Dw-Trace-Id
Geoip-Latitude
CountryCode
X-Serial
WZWS-RAY
X-LiteSpeed-Cache-Control
X-Lb-Nocache
X-Amz-Meta-Opti
X-Hyper-Cache
X-MiniProfiler-Ids
X-M-Log
X-M-Reqid
Content-Style-Type
Content-Script-Type
X-NAPM-TraceId
Powered-By
X-Acquia-Application-UUID
Cneonction
X-Fastly-Backend-Reqs
Req-ID
X-Swift-Error
X-Cdn-Diag
X-Ctl-Mach
Ec-Rule-Version
X-B3-Parentspanid
Pramga
X-Acquia-Application-Trace
X-Qnm-Cache
X-Acquia-Purge-Tags
X-Acquia-Site
X-UP
X-RAMCache
X-Vgn-Hpd-Reason
X-F-Status
X-Wp-Cf-Super-Cache-Cache-Control
X-TT-LOGID
X-Lsadc-Cache
X-Wp-Cf-Super-Cache
X-Cache-Ngx
MIME-Version
Warning
X-Webstats-RespID
PICS-Label
X-Logging-Id
X-Litespeed-Cache-Control
My-App
X-IPS-Cached-Response
X-LiteSpeed-Tag
X-Th-Server
User-Agent
X-B3-ParentSpanId
Ngx
X-Mid-Debug-Cache-Disk
X-Fastly-Cache-Hits
X-Request-URL
X-Mid-Debug-Cache-Key
Inserted-Into-Cache-At