Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
CF-Ray
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-XSS-PROTECTION
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
Server-Timing
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Backend
X-Cache-Group
X-Robots-Tag
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Hacker
X-Proxy-Cache
X-UA-Device
X-Server
X-Rq
X-Vhost
X-Server-Powered-By
Allow
X-Age
X-Varnish-Cache
X-Ws-Request-Id
X-Dispatcher
X-Amz-Version-Id
EagleId
P3p
Nel
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Host
X-Node
X-OneAgent-JS-Injection
Accept-CH
X-WebKit-CSP
X-CST
X-Backend-Server
Surrogate-Control
X-Server-Id
X-Cache-Lookup
X-Nginx-Cache-Status
X-Readtime
Permissions-Policy
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-Application-Context
X-Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Ua-Compatible
X-Trace
X-Response-Time
X-Edge
X-HW
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Xkey
X-Midtier
Rating
X-ESI
X-Amz-Server-Side-Encryption
X-Url
X-Ruxit-JS-Agent
X-ECACHE
Accept-Ch-Lifetime
X-Mcache
X-Oneagent-Js-Injection
X-Upstream
X-Ruxit-Js-Agent
X-Litespeed-Cache
X-Vcap-Request-Id
Accept-Ch
X-Country
X-D2id
Cache-Tag
X-MS-InvokeApp
X-PC
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-TtlSet
X-Exp-Variant
X-Vname
Verso
X-Kinja
X-GoogleNews-Bot
X-Element-Page-Cache
X-Cdn-Fetch
X-Kinja-Build
X-Rack-Cache
Edge-Control
X-Powered-By-Plesk
RTSS
Fastly-Restarts
X-Cache-TTL
X-Ac
X-VARITI-CCR
Origin-Trial
X-WebKit-CSP-Report-Only
X-Navigation-Version
X-Abt-Application-Version
X-Country-Code
Service-Worker-Allowed
X-Goog-Hash
X-Cached
X-Ttl
Display
Pagespeed
X-Middleton-Display
X-Sol
X-GitHub-Request-Id
X-Amz-Rid
X-Browser-Type
X-Content-Type
X-Varnish-TTL
Cross-Origin-Opener-Policy
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Mg-S
X-Server-Name
X-Amzn-Trace-Id
X-Powered-CMS
X-Middleton-Response
Response
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Arr-Disable-Session-Affinity
X-Instrumentation
X-Erf-Bev-Bev
AR-PoweredBy
AR-SID
AR-Request-ID
AR-ATIME
SPIisLatency
SPRequestDuration
X-Cache-Key
X-Webkit-CSP
X-B3-TraceId
X-NF-Request-ID
X-Kinja-CCPA
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Version
X-Times
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-B3-Traceid
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Accel-Expires
X-T
Cache-Tags
X-NWS-LOG-UUID
Cache-Status
Front-End-Https
X-Fastly-Request-ID
X-Cnection
X-Aspnetmvc-Version
Nginx-Cache
Edge-Cache-Tag
X-MSEdge-Ref
X-Hits
X-Px
X-Client-IP
X-Ser
X-RateLimit-Remaining
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Public-Key-Pins
X-FastCGI-Cache
Payment
X-Fastcgi-Cache
X-Recruiting
X-LLID
X-Frontend
X-Request-Processing-Time
X-Request-Received
Server-Node
X-Ua-Browser
X-Server-ID
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Shield-Request-Id
X-DIS-Request-ID
X-RateLimit-Limit
TP-Cache
S
X-GUploader-UploadID
X-Goog-Metageneration
Access-Control-Request-Method
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Amzn-RequestId
X-Amz-Apigw-Id
X-LB-Cache
X-Request-Handler-Origin-Region
X-Protected-By
X-Content-Digest
TP-L2-Cache
X-Microsite
Content-MD5
X-Distributor
X-FB-Debug
Access-Control-Allow-Method
X-Page-Id
X-Ezoic-Cdn
Realpath
Accept-Charset
Fastcgi-Cache
X-Cluster-Name
X-Forwarded-For
X-Geo-Country
X-PressLabs-Stats
X-Rid
X-Hostname
X-Webkit-Csp
X-B3-Sampled
X-Aspnet-Version
X-Seen-By
X-Ratelimit-Remaining
X-Ua-Device
X-Correlation-Id
Cleartype
X-Envoy-Decorator-Operation
Referer-Policy
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Goog-Storage-Class
X-Mobile
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Newrelic-App-Data
DC
Cross-Origin-Resource-Policy
TCN
X-Ratelimit-Limit
X-Content-Options
X-Debug-Info
X-TTL
X-Origin-Cache
X-Varnish-Backend
X-Logged-In
Count-Hit
X-Varnish-Grace
X-Contextid
X-XRDS-Location
X-Daa-Tunnel
X-IPS-LoggedIn
X-Flags
X-App-Environment
X-Amz-Replication-Status
Surrogate-Key
X-Git-Hash
X-Grace
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Fb-Rlafr
X-Azure-Ref
X-Route-Name
X-Request-Guid
X-Revision
X-Providence-Cookie
X-App-Server
X-Origin-Server
X-Webkit-CSP-Report-Only
X-Hosted-By
X-Client-Ip
X-TT
X-Amz-Meta-S3cmd-Attrs
Frame-Options
X-Forwarded-Proto
Alternate-Protocol
X-Wix-Request-Id
X-Kinsta-Cache
X-Edge-Location-Klb
X-Whom
WPO-Cache-Status
WPO-Cache-Message
Healthy
Retry-After
Charset
X-Akamai-Edgescape
Viewport
X-F-Cache
X-Backend-Name
X-RateLimit-Reset
X-Magnolia-Registration
Section-Io-Cache
MS-Author-Via
X-COUNTRY
X-B
Paypal-Debug-Id
SRV
X-Proxy-Cache-Info
X-App-Version
X-AppVersion
X-Az
X-Activity-Id
ServerID
Amp-Access-Control-Allow-Source-Origin
X-EdgeConnect-Cache-Status
X-Cache-Rule
X-N
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
SD-X-WS
Akamai-GRN
Host
X-Language
X-Response-Served-From
X-Instance
X-Http-Reason
Filterid
X-Rule
X-Original-Request-Id
X-ARC
X-Akamai-Request-ID2
X-Kong-Upstream-Latency
X-User-Agent
X-UUID
X-Id
Front
X-Varnish-Age
X-Status
Protected
X-Rocket-Nginx-Serving-Static
X-Kong-Proxy-Latency
X-Cache-Grace
X-Edge-Location
X-Is-Bot
X-Framework
X-Cacheable-TTL
X-Rendered-As
X-Environment-Context
X-Region
X-Page-View
Server-Name
Fastly-SWR
From-Origin
X-FW-Hash
Fastly-SIE
X-FW-Dynamic
X-L-Path
X-Unique-Id
X-Cache-Control
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Type
X-Jobs
X-FW-Version
X-Www-Served-By
X-Varnish-Server
X-Adobe-Loc
Country
X-Load-Cache
X-Type
X-Adobe-Content
X-Cache-Time
Access-Control-Request-Headers
X-Tumblr-User
X-G
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-RemovedCookies
X-ProcessESI
X-Trace-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Cache-Age
X-Time
X-Proxy
Refresh
X-DataDome
X-Yottaa-Metrics
X-Vcache
X-Yottaa-Optimizations
X-ECache
X-Source
X-Mg-Request-UUID
X-CDN-Forward
X-Datadog-Sampled
X-Amzn-Remapped-Content-Length
X-Oracle-Dms-Ecid
X-Debug-IsPreview
X-Oracle-Dms-Rid
X-Debug-IsConnected
X-Drupal-Cache-Tags
Version
Accept-Language
X-Erf-Web-Scheduler
Content-Disposition
X-B-Cache
X-Signature
X-ID
Backend
Xet-Cookie
X-HTML-Minification-Powered-By
X-Generated-By
Countrycode
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Xrds-Location
CF-IPCountry
Webserver
X-DynaTrace
X-DynaTrace-JS-Agent
X-Upgrade-Enabled
X-Servername
X-Httpd
X-Mode
X-Nginx-Cache
Url
X-Varnish-Ttl
X-Tt-Trace-Tag
X-Tt-Trace-Host
Xserver
X-Nf-Request-Id
X-Content-Age
GEO-INFO
Locale
X-XRDS-LOCATION
X-LAGOON
X-Say-TTL
X-Template
X-Tb
X-NYM-Debug-Backend
X-Cache-Operation
Fastcgi-Useragent
X-Rewrite-Enabled
Filters
X-Director
X-Cache-Action
X-Proto
X-Device-Type
X-SayCDN-TTL
Load-Balancing
X-ServerID
Onion-Location
X-GeoCountry
X-Urbn-Site-Id
Azure-SiteName
X-Varnish-Cache-Hits
X-Urbn-Context-Path
X-UPSTREAM-Address
X-GeoCode
Azure-Version
Azure-SlotName
Azure-RegionName
X-Say-Cacheable
X-SaId
Meta-Geo
S-Rt
X-JoinUs
X-Storage
X-URL
Azure-InstanceId
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Soup
X-Git-Commit
X-Varnish-Hostname
X-Content-Powered-By
X-Container-Uri
X-Cluster-Node
X-RM-Cache-TTL
X-VC-Cache
X-PHP-Host
Uber-Trace-Id
X-MCACHE
X-Cache-Server
X-Adobe-Source
X-Detected-As
X-Generation-Time
X-Logging-Id
X-Ms-Version
Web-Mar-Node
X-Sql-Count
X-Sucuri-ID
X-Tt-Logid
X-VCT
X-Served-From
X-Ms-Request-Id
X-Sql-Duration-Ms
OT-Force-Account-Verify
X-Sucuri-Cache
TWC-Connection-Speed
TWC-Locale-Group
TWC-Device-Class
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
DB-Nickname
Mn-Server-Ip
Webcakes-Region
Webcakes-App-Version
Node
Property-Id
X-R9-Blue-Green-Version
X-Zen-Fury
X-Routing-Service
X-Debug
X-Tec-Api-Origin
X-Tec-Api-Root
X-LSADC-Cache
X-Zipkin-Id
X-Tec-Api-Version
X-RCS-CacheZone
X-Proxied
X-Skip-Cache
X-FB-TRIP-ID
X-Extlb
X-Lambda-Id
X-Drupal-Cache-Contexts
X-Origin-Hint
X-Timing-Wait
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Fetched-On
X-Proxy-Build
X-Uri
X-Format
Selected-Fe
Liferay-Portal
CDN-RequestId
X-Tncms
X-B3-SpanId
X-Loop
Source
X-Endurance-Cache-Level
X-Rn-Rsrv
X-Fastly-Request-Id
X-Origin-Date
X-Srv
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-MP-GENERATED-AT
X-Cache-Hit
X-Hcs-Proxy-Type
X-Redis-Cache
Fastly-Drupal-HTML
Cross-Origin-Window-Policy
X-TimeS
X-Varnish-Hits
X-Ua
X-Ratelimit-Reset
Section-Io-Origin-Time-Seconds
X-Cache-Expired-At
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
X-Pass-Why
Content-Secure-Policy
Upgrade-Insecure-Requests
X-Real-IP
X-S
X-Cache-TTL-Remaining
X-UA-Device-Type
X-Node-Name
X-CACHE-AGE
X-Origin-TTL
X-Akamai-Transformed
X-Origin-CC
X-Pubstack
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-Cache
CDN-RequestCountryCode
CDN-Uid
CDN-RequestPullCode
X-Server-W
CDN-RequestPullSuccess
X-Newrelic-Synthetics
X-GEO
X-Via-JSL
X-Hl-Ver
Cache-Provider
X-CSRF-Token
MS-CV
Ms-Operation-Id
X-RTag
X-Presslabs-Stats
X-AIR-PT
X-Parent-Response-Time
X-Cache-Host
X-Handled-By
True-Client-Country-4JS
Apigw-Requestid
Vix-Hermes-Req-Id
X-Cache-NE
X-Cache-Type
X-Restarts
X-Cache-Info
X-Cache-Bucket
X-Rojux
X-SD-PageType
Odigeo-Trace-Id
W
Redirect-Candidate
BehaviorPad-Version
VNS-Cache
VNS-Age
X-CacheTTL
X-Cms-Context
X-CGP
X-CF-Lambda-Version
X-Conf
X-Request-Host
X-D
X-Csrf-Jwt
X-Var-Ttl
X-CF-Lambda-Fn
Sslversion
Surrogated-Key
T-Server
Server-Host
We-Hiring
X-SRCache-Key
X-Tenant
X-Cdn-Diag
Rendered-Blocks
Ngx.Var.Host
Gannett-Cam-Experience-Id
X-Shop-Environment
X-Accel-Expires-Debug
Magicmarker
Mail-Subject
Fastly-SSL
MD5-Digest
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Gh-Request-Id
Ha-Gx-Prefs
X-A-Dcw
L
Lang
X-A-Dgt
X-A-Dam
HA-Ipaddr
X-A-Ccd
X-A-Wwc
X-A
X-Aed
X-BCube-Filmed-By
X-Bc-Bl
Web-Mar-Region
X-B-Cookie
X-Bl-Debug
Candidate-Md5Url
X-Slack-Backend
L5d-Success-Class
Canary
CPC-Age
NGB
X-Application
Meta-Geo-Continent
X-App
DCR-Processing-Time-Ms
DCR-Decision-By
N-Cache
CPC-Cache
X-S-Cookie
X-Slack-Shared-Secret-Outcome
X-Ec-Custom-Error
X-Wikidot-Backend
X-We-Are-Hiring
X-Reqid
X-Wikidot-Static-Cache
X-GeoIP-Country-Code
X-Worker
X-Gdpr
X-Forwarded-Path
X-Fastly-Backend
X-External-Request-Id
X-Vtex-Remote-Cache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-FC-Vary-Parameters
X-Xfnlog-Site
Xc-Version
X-Nyt-Route
X-Mvc-Supplant-Cachable
Cache-Hits
Cache-Name
X-Orig-Expires
X-Optimistic-Header
X-Origin-Time
X-JWT-State
X-Policy
X-GeoIP-Region-Code
X-Has-Esi
X-IPLB-Instance
X-Is-Gdpr
X-IPLB-Request-ID
X-Eu-Site
X-Datadome
X-ScT
X-Ec-Fail
X-Destination
X-VG-WebCache
X-Developer
X-Dispatcher-Number
X-Debug-Cache-Store
X-Ec-GeoHdr
X-Vdms-Path
X-Vdms-Version
X-Date
X-Viewer-Country
X-Epic-Correlation-Id
X-Debug-Cache-Fetch
X-TIME
WP-Super-Cache
ServedBy
X-Owner
X-PAYTM-SRV-ID
X-Mid
X-Platform
X-PERF
X-Mly-Id
X-Level-Front-Cache
X-Loc
X-Nitro-Cache
X-Core-Mission
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Org
X-Core-Value
X-Old-Content-Length
Thinkindot-Control
X-NGENIX-Cache
X-Mvc-Supplant-OutputCached
X-CMSURLCustom
X-No-Session
X-S-Maxage
X-Node-Id
X-DefElseHash
X-Clara-WADP
X-BBC-Edge-Cache-Status
X-Fmm-Version
X-Auto-Login
X-ProxyCache-Key
X-DPWN-IS-SECURE
X-Generated-On
X-ProxyCache-Status
X-Bip
X-BYPASS-REASON
X-Cache-Id
X-Esi-Check
X-Refresh
X-Qloud-Router
X-Request-Time
X-App-Name
X-Cache-Debug
X-Accel-Buffering
X-Hash
X-Human
X-Clientip
X-INCAP-ABP
X-Gzip
X-DefHash
X-Alternate-Cache-Key
X-ApacheServer
X-Geo-Header
X-Pool
X-Cdn-Origin
X-Irp-Debug
Host-ID
X-Sorting-Hat-PodId
Adler-Geo
AKAMAI
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
Cf-Device-Type
X-ShopId
Environment
X-Shopify-Stage
Datacenter
Cmsid
Cmstype
X-Test
X-Thanos
X-VServer
X-Vmg-Version
X-WADP-Cache
X-Wix-Viewer-Type
X-PHP-Backend
Origin-Agent-Cluster
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Tx-Id
X-Thinkindot-L3
X-Up
X-Variation
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Expect-Staple
X-Varnishpool
Machine
Req-Svc-Chain
Hostname
Is-Eu
X-ShardId
Memcached
X-Server-IP
Origin
Release
Platform
Producers
User-Cache-Control
Server-Ext
Sever-Int
X-Cluster
X-Akamai-Device-Characteristics
X-Device-Os
X-Dispatcher-Server
X-Forwarded-Site
X-LJ-Flow-ID
X-NodeID
X-Vcl-Version
X-Nananana
X-Origin
X-Nginx-Cache-Key
X-Hnp-Log
X-Scale
X-From
X-Cdn-Srv
X-WA-Info
X-Gen-Mode
X-GeoIP
X-VWS-Id
Server-Hostname
X-Block-Status
CDCHOST
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
CloudFront-Viewer-Country
NM-Fastcgi-Cache
Esi-Enabled
DSUID
X-Origin-Response-Time
Country-Code
Apple-News-Services-Handled
X-AWS-Id
Origin-EX
Wxu-Next-Commit
X-Section
X-Proxy-Cache-Status
C-Via
X-Instance-Name
Server-Info
X-Op-Id-All
Origin-CC
X-NCache
X-Access
X-LB-NoCache
X-TIM-N
Ssr
Pics-Label
X-Cache-Enabled
Wxu-Next-Hostname
Wxu-Next-Region
X-Cache-Status-Check
X-API-Version
AMP-Access-Control-Allow-Source-Origin
Server-ID
X-CACHE-GROUP
X-Via-Fastly
Time
Memory
X-Amz-Meta-Cb-Modifiedtime
X-B3-Spanid
X-Correlation-ID
X-Dc
NGX
X-Micro-Cache
X-HA-Backend
X-Wp-Cf-Super-Cache-Active
X-Cs
X-Tb-Optimization-Total-Bytes-Saved
X-Air-Source
X-Air-Trace-Id
X-Internal-Host
X-Azure-Ref-OriginShield
X-Air-Hostname
X-Platform-Cluster
GeoIP-Latitude
X-Platform-Router
X-Platform-Processor
X-Webkit-Csp-Report-Only
X-ZONE
X-AB
X-Vgn-Hpd-Reason
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Web-Node
Cache-Host
X-Origin-Expires
X-Microcachable
X-FTR-Request-ID
X-Buckets
X-Zone
X-Geo-Region
Cdn-Requestid
Location
X-Github-Request-Id
IsBot
X-SIPLIST1
X-B3-Parentspanid
X-Fpc
X-DC
XM
X-DataCenter
PFcat
X-Backend-Instance
X-Accel-Version
X-HN
X-Pod-Name
X-VarnishDD-TTL
X-WP-CF-Super-Cache-Active
X-TraceId
Sid
Resin-Trace
X-Ad-Defer-Variation
User-Agent
Uri
X-Info
X-LiteSpeed-Cache-Control
X-TA-CDN-Provider
X-Via-SSL
YJS-ID
X-Site-Version
X-Via-CDN
X-Via-Edge
CF-Ctrl
X-Cached-By
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-Browser-Name
X-Is-Tablet
X-Tcp-Rtt
Edge-Copy-Time
Locid
Srvid
A
X-FL-QIT-DEBUG
X-FL-EDGE
X-Locale
X-NGINX-Cache
True-Client-Ip
X-Nitro-Cache-From
X-Nitro-Rev
X-Cache-ASPX
X-Moov-T
X-ATG-Version
GeoIp-Country-Code
X-Contensis-Viewer-Groups
X-Moov-Xdn-Version
GeoIP-Country-Code
X-FireWall-Port
X-VCache
X-Varnish-Authentication
Cache-Key
Cdn
X-Hyper-Cache
XServer
Epwk-X-Cache
X-CS
X-NewRelic-App-Data
X-CSRF-TOKEN
X-MSEdge-Features
X-MSEdge-Flight
True-Client-IP
SID
X-Geo
X-Upstream-Ht
X-Upstream-Ct
X-Frame-Option
X-Datacenter
X-Webstats-RespID
X-TRACE-ID
X-Service
Fastly-Drupal-Html
X-HS-Content-Campaign-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-FPC
X-Planisys-CDN-TTL
NtCoent-Length
X-Platform-Server
Path
State
X-HostName
Tcn
X-Vgn-Hpd-Cached
X-Release
X-Vgn-Hpd-Variations-Key
X-Fastly-Cache
X-LiteSpeed-Tag
X-SRV
X-Vgn-Hpd-Ssi
X-VC
X-Origin-Cache-Key
CountryCode
X-Api-Version
X-APP-VERSION
Cf-Ipcountry
X-Edge-Server
X-Amz-Meta-Opti
Cdn-Request-Time
Cdn-Host
X-Generated-In
X-Pad
X-Sigma-Backend
X-Esi
X-Air-Pt
X-Vercel-Id
X-AK-Request-ID
X-Rocket-Build-Number
X-Sigma
LB
Cdnsip
Cdncip
X-Vercel-Cache
Lb
X-Cache-Remote
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
Cache
X-NMSegId
X-Wp-Cf-Super-Cache
M-TraceId
WebServer
Req-ID
WZWS-RAY
X-Wp-Cf-Super-Cache-Cache-Control
X-Traceid
X-Cache-Ttl
X-Provided-By
X-Branch-Name
X-UA
X-HS-Status
X-Cdn-Request-ID
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
XkeyRZ
Yak-Timeinfo
X-Proxy-CacheRZ
X-Scheme
X-GeoIP-City
X-Ad-Load-Variation
Proxy-Connection
X-GoCache-CacheStatus
X-Gamma-Serve
Cluster
X-WP-CF-Super-Cache-Cookies-Bypass
CDN
X-CACHE-KEY
X-RN-RSRV
X-Cdn-Cache-Status
X-Scope-Id
X-M-Log
X-Akamai-Pragma-Client-IP
Content-Style-Type
Content-Script-Type
X-Vc
X-M-Reqid
X-Request-Start
X-NWS-UUID-VERIFY
Srv
X-Cdn-Forward
Geoip-Latitude
Pramga
X-Lb-Cache
Server-Id
X-Shield-Cache-Expires
X-Qnm-Cache
X-Tim-N
X-Varnish-Beresp-Status
CF-Cached-On
Env
Ngx
X-Ha-Backend
Ohc-File-Size
X-TT-LOGID
Serverid
Edge-Cache
X-Cache-Date
X-Dw-Trace-Id
Kp-EeAlive
X-Acquia-Application-Trace
X-EC-Lua
X-VCL-Version
X-Request-URI
X-Acquia-Application-UUID
X-Edge-POP
X-Acquia-Purge-Tags
X-Lb-Nocache
PICS-Label
X-Acquia-Site
X-Via-Ucdn
Yjs-Id
X-CF-Cache-Header-Vary
X-Udemy-Cache-App-Namespace
X-User
X-TH-Server
X-Render-Time
X-CF-Cache-Header-Cache-Control
X-CUA
Cache-Tv-Group
Cneonction
X-Cached-Since
X-RAMCache
Vha6-Origin
X-ElasticPress-Query
X-Litespeed-Cache-Control
X-MiniProfiler-Ids
X-Mobile-URL
X-Snapshot-Date
X-Fastly-Cache-Hits
X-Iauth-Set-Uid
Log-Origin
X-Location
CACHE-MISS-TO-ORIGIN
Inserted-Into-Cache-At
X-Miniprofiler-Ids
X-Edge-Pop