Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Last-Modified
Link
CF-Cache-Status
Cf-Request-Id
Accept-Ranges
ETag
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
CF-Ray
X-Generator
X-Cacheable
X-Request-ID
X-Iinfo
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
Feature-Policy
X-Ua-Compatible
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-CDN
X-XSS-PROTECTION
Upgrade
Access-Control-Max-Age
X-Via
X-Robots-Tag
X-Cache-Group
Server-Timing
X-UA-Device
X-Dns-Prefetch-Control
Request-Context
Keep-Alive
X-AH-Environment
X-Amz-Request-Id
X-Turbo-Charged-By
X-Proxy-Cache
X-Backend
X-Amz-Id-2
P3p
X-Ws-Request-Id
X-Age
Host-Header
X-Server-Powered-By
X-Hacker
X-Server
X-Rq
X-Vhost
EagleId
X-Varnish-Cache
Grace
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
Cf-Edge-Cache
Allow
X-Akamai-Path-Stats
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Nginx-Cache-Status
X-Aws-Lambda-Call-Status
Accept-CH
X-Host
X-Node
X-Pingback
X-OneAgent-JS-Injection
Cf-Railgun
X-Server-Id
X-Cache-Spec
Surrogate-Control
Request-Id
EagleEye-TraceId
X-Akam-SW-Version
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Readtime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-HW
Content-Location
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
X-Cloud-Trace-Context
Fastly-Restarts
X-Country
X-WebKit-CSP-Report-Only
X-Url
X-Clacks-Overhead
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Nginx-Upstream-Cache-Status
X-Edge
X-Rack-Cache
X-Amz-Server-Side-Encryption
Edge-Control
X-B3-TraceId
X-PC
X-TtlSet
X-Vname
X-Ruxit-JS-Agent
X-Content-Type
X-Mod-Pagespeed
X-ESI
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-Kinja-Build
X-Kinja-Revision
Verso
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-D2id
X-Exp-Id
Xkey
X-GoogleNews-Bot
X-Use-Magma
X-GitHub-Request-Id
X-Amz-Rid
X-CST
Cache-Tag
X-Mcache
X-Powered-By-Plesk
X-VARITI-CCR
RTSS
X-Varnish-TTL
X-Ruxit-Js-Agent
Service-Worker-Allowed
X-ECACHE
X-Upstream
X-FastCGI-Cache
X-Version
X-Navigation-Version
X-Abt-Application-Version
X-Cached
X-Client-IP
X-Cnection
X-Dw-Request-Base-Id
X-Ac
X-Ttl
X-Px
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Element-Page-Cache
X-Instrumentation
SPRequestGuid
X-SharePointHealthScore
X-Server-Name
Arr-Disable-Session-Affinity
Public-Key-Pins
SPRequestDuration
SPIisLatency
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Country-Code
Permissions-Policy
X-NWS-LOG-UUID
X-Cache-TTL
X-Ser
Response
X-Middleton-Response
X-Cache-Key
X-Midtier
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-Forwarded-For
X-RateLimit-Remaining
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Accept-Ch
Content-MD5
Access-Control-Request-Method
X-Correlation-Id
X-NF-Request-ID
Front-End-Https
X-DataDome
Cf-Apo-Via
X-Shield-Request-Id
X-MSEdge-Ref
X-Recruiting
X-T
TP-L2-Cache
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
TP-Cache
Edge-Cache-Tag
Nginx-Cache
X-Accel-Expires
AR-ATIME
AR-PoweredBy
AR-SID
AR-CACHE
AR-Request-ID
MicrosoftSharePointTeamServices
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Daa-Tunnel
X-Powered-CMS
TCN
X-Grace
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Mg-S
X-RateLimit-Limit
X-Content-Digest
X-Id
X-Hits
X-Request-Received
X-Request-Processing-Time
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
Server-Node
X-HS-Content-Id
Filters
Server-Name
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Amzn-Trace-Id
X-XRDS-Location
X-Frontend
MS-Author-Via
X-Geo-Country
X-Distributor
S
Fastcgi-Cache
X-Protected-By
X-Language
X-Erf-Bev-Bev
X-Browser-Type
X-Fastcgi-Cache
X-Erf-Bev-Bev-Is-Generated
X-LLID
Cache-Status
X-Origin-Server
X-Ezoic-Cdn
Count-Hit
X-PressLabs-Stats
Cross-Origin-Opener-Policy
X-LB-Cache
X-Forwarded-Proto
X-Fastly-Request-Id
X-F-Cache
X-Page-Id
X-B3-Sampled
X-Microsite
X-Litespeed-Cache
X-Seen-By
X-Request-Handler-Origin-Region
Charset
X-Ua-Browser
X-Amz-Meta-S3cmd-Attrs
Host
X-FB-Debug
X-Ab
Filterid
Payment
X-Git-Hash
X-ASPNET-VERSION
X-Ratelimit-Reset
X-Cluster-Name
X-VCache
Surrogate-Key
X-Cache-Age
X-Rid
Realpath
Accept-Charset
X-Template
Cache-Tags
X-Origin-Cache
X-Webkit-Csp
X-NGENIX-Cache
Access-Control-Allow-Method
Alternate-Protocol
X-Www-Served-By
X-TTL
X-Logged-In
Retry-After
Cleartype
X-Upgrade-Enabled
X-Az
X-Activity-Id
X-DIS-Request-ID
X-AppVersion
X-Varnish-Backend
X-TT
X-Wix-Request-Id
X-Tb
X-Source
X-B-Cache
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Signature
X-Providence-Cookie
X-Type
X-Amz-Replication-Status
X-B
ServerID
X-App-Environment
X-Envoy-Decorator-Operation
X-Varnish-Grace
X-DynaTrace
X-Hostname
X-Node-Name
DC
Paypal-Debug-Id
X-Fastly-Request-ID
X-Drupal-Cache-Tags
Frame-Options
X-Debug
X-Revision
X-Proxy
X-Tt-Trace-Tag
X-Contextid
X-Tt-Trace-Host
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Content-Options
X-Cache-Rule
X-Mobile
X-Kong-Upstream-Latency
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Load-Cache
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Goog-Metageneration
X-Ratelimit-Remaining
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
Country
X-N
X-Magnolia-Registration
Node
Refresh
X-Response-Served-From
X-Original-Request-Id
X-Oracle-Dms-Ecid
X-Content
NGB
X-User-Agent
X-Oracle-Dms-Rid
Viewport
X-Whom
Referer-Policy
X-EdgeConnect-Cache-Status
X-Debug-IsConnected
X-Environment-Context
X-L-Path
X-Debug-IsPreview
X-Content-Powered-By
Access-Control-Request-Headers
X-Cache-TTL-Remaining
X-Adobe-Content
X-Real-IP
X-Page-View
X-NYM-Debug-Backend
X-Is-Bot
X-Rendered-As
X-Servername
X-Yottaa-Metrics
X-Varnish-Age
X-Unique-Id
X-Yottaa-Optimizations
X-Instance
X-G
X-Cache-Grace
X-Akamai-Request-ID2
X-Cacheable-TTL
X-Framework
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Adobe-Loc
X-Varnish-Server
X-Status
Content-Disposition
X-Jobs
X-Cache-Time
Uber-Trace-Id
X-Mid
Url
Srv
Akamai-GRN
Countrycode
X-ProcessESI
X-RemovedCookies
X-COUNTRY
X-Drupal-Cache-Contexts
X-Time
X-APP-VERSION
Version
X-Mg-Request-UUID
X-Ratelimit-Limit
X-Restarts
X-CDN-Forward
X-Server-ID
X-XRDS-LOCATION
Accept-Language
X-Http-Reason
X-Cache-Expired-At
X-App-Server
X-Via-JSL
X-Cache-Hit
X-Tumblr-Pixel-0
Cross-Origin-Resource-Policy
X-Tumblr-User
X-Tumblr-Pixel-1
Protected
X-Tumblr-Pixel
X-IPLB-Request-ID
Healthy
X-Trace-Id
X-IPLB-Instance
X-Hosted-By
X-Cache-Operation
X-Debug-Info
Content-Secure-Policy
X-Azure-Ref
X-Backend-Name
Section-Io-Cache
X-Device-Type
X-Tt-Logid
X-Nginx-Cache-Key
X-Api-Version
X-Akamai-Edgescape
Liferay-Portal
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
X-SRV
Backend
X-Cache-Action
Server-Info
X-Rule
Fastcgi-Useragent
Ms-Operation-Id
MS-CV
X-RTag
X-UPSTREAM-Address
X-RN-RSRV
X-Storage
GEO-INFO
X-Proxy-Cache-Status
X-Mobile-URL
Load-Balancing
Meta-Geo
X-VC-Cache
X-Generation-Time
X-Mode
X-Cache-NGX
X-Content-Age
CF-IPCountry
X-Handled-By
CDN-Uid
Web-Mar-Node
CDN-RequestCountryCode
CDN-RequestId
X-JoinUs
Onion-Location
S-Rt
Locale
X-Forwarded-Host
X-Urbn-Site-Id
CDN-PullZone
X-Edge-Location
Azure-InstanceId
X-HTML-Minification-Powered-By
X-Adobe-Source
X-Cache-Host
X-Alternate-Cache-Key
Azure-RegionName
Azure-SiteName
CDN-EdgeStorageId
X-Cms-Context
CDN-CachedAt
CDN-Cache
Azure-SlotName
Azure-Version
X-Format
X-SayCDN-TTL
X-Shopify-Stage
X-Sorting-Hat-PodId
X-PHP-Host
X-Proto
X-URL
X-Varnish-Beresp-Grace
X-Region
X-OCL
X-Uri
X-PCL
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Say-Cacheable
X-Labrador-Cache-Channel
X-SaId
X-Redis-Cache
X-Say-TTL
X-Sql-Duration-Ms
X-Sql-Count
X-Urbn-Context-Path
X-Origin-Hint
TWC-Device-Class
Webcakes-App-Name
Webcakes-App-Version
X-Storefront-Renderer-Rendered
X-ProxyCache-Key
X-Varnish-Hostname
TWC-GeoIP-Country
X-UA-Device-Type
TWC-Locale-Group
TWC-Connection-Speed
X-Varnishpool
X-Skip-Cache
X-Proxied
X-Varnish-Cache-Hits
X-PHP-Backend
TWC-Privacy
X-AWS-Id
X-Locale
X-LJ-Flow-ID
X-Extlb
X-Detected-As
X-Section
X-Cache-Server
X-R9-Blue-Green-Version
X-Hl-Ver
X-Routing-Service
X-GeoCountry
X-GeoCode
X-ServerID
Property-Id
X-Generated-By
X-Xfnlog-Site
X-BYPASS-REASON
X-Web-Node
X-VWS-Id
X-No-Session
X-Cache-Enabled
X-ProxyCache-Status
X-Access
X-Cache-Type
X-Zipkin-Id
X-Site-Version
Webcakes-Region
TWC-GeoIP-LatLong
X-Datadome
X-UUID
Apigw-Requestid
Eomportal-Instance
X-Ms-Version
X-FireWall-Port
X-Proxy-Build
X-Via-Fastly
X-Request-Time
X-Timing-Wait
X-Ms-Request-Id
Selected-Fe
Mn-Server-Ip
X-Tid
X-Cache-Status-Check
X-Origin-Date
Xserver
X-Server-W
Cache-Name
WP-Super-Cache
X-Nginx-Cache
DB-Nickname
X-FB-TRIP-ID
X-WP-CF-Super-Cache-Cache-Control
X-Amzn-RequestId
X-Amz-Apigw-Id
X-DynaTrace-JS-Agent
X-ECache
X-WP-CF-Super-Cache
X-Varnish-Ttl
X-LSADC-Cache
ServedBy
X-Zen-Fury
X-Loop
X-Ua
X-Human
X-TNCMS
X-Pubstack
X-Correlation-ID
X-Reqid
X-Aspnetmvc-Version
X-RCS-CacheZone
Cache
Xet-Cookie
X-Amzn-Remapped-Content-Length
X-Debug-Cache
X-Cache-Tags
X-Dc
X-GEO
X-Cdn
X-Varnish-Hits
X-Newrelic-Synthetics
X-Soup
Source
Origin
X-Webkit-CSP
X-Cached-By
X-TA-CDN-Provider
X-Tumblr-Pixel-2
X-Provided-By
X-Vgn-Hpd-Reason
Cross-Origin-Window-Policy
SD-X-WS
X-MP-GENERATED-AT
X-Origin-TTL
X-Origin-CC
WPO-Cache-Status
WPO-Cache-Message
X-App-Version
X-Service
From-Origin
LB
X-Varnish-Beresp-Ttl
X-IPS-LoggedIn
Webserver
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Rip
X-AOL-HN
X-Trace-ID
X-FW-Version
X-B3-SpanId
X-Via-NSCOPI
X-Request-Host
X-B3-Traceid
Cdnsip
Cdncip
X-Processor
X-PBS-Appsvrname
DCR-Processing-Time-Ms
X-Orig-Expires
BehaviorPad-Version
DCR-Decision-By
X-Rewrite-Enabled
CPC-Cache
CPC-Age
X-S-Cookie
X-User
X-TIM-N
X-Vdms-Path
X-Vdms-Version
Xc-Version
X-VG-WebCache
X-Tenant
X-SRCache-Key
X-S
X-Rojux
Environment
X-ScT
X-Shop-Environment
A
X-External-Request-Id
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A
X-Developer
X-Destination
X-D
X-A-Wwc
X-ARC
X-BCube-Filmed-By
X-B-Cookie
X-Cache-NE
X-Application
X-Aed
X-Connection-Hash
VNS-Cache
VNS-Age
X-Ec-GeoHdr
Lang
MD5-Digest
X-Bc-Bl
Host-ID
X-Forwarded-Path
Expiry
Meta-Geo-Continent
Ngx.Var.Host
Surrogated-Key
T-Server
Sslversion
Rendered-Blocks
X-Ec-Fail
Odigeo-Trace-Id
X-NAPM-TraceId
X-AK-Request-ID
X-GG-Cache-Date
X-Platform-Server
X-TIME
X-NewRelic-App-Data
X-Dispatcher-Number
HostName
Redirect-Candidate
X-Owner
X-Cache-Debug
X-Served-From
X-Cluster-Node
X-CSRF-Token
X-Aicache-OS
X-Accel-Buffering
X-Parent-Response-Time
Mime-Version
X-VC
OT-Force-Account-Verify
Platform
X-Gateway-Skip-Cache
Servername
X-Fmm-Version
X-Gateway-Request-Id
X-Forwarded-Site
X-Gateway-Cache-Key
X-Gdpr
X-Gateway-Cache-Status
Release
Server-Host
Req-Svc-Chain
X-Gamma-Serve
Producers
NM-Fastcgi-Cache
L5d-Success-Class
X-Irp-Debug
Machine
X-INCAP-ABP
L
Kp-EeAlive
X-Level-Front-Cache
Is-Eu
IsBot
Mail-Subject
X-Hash
X-Eu-Site
X-Generated-On
Origin-CC
NGX
X-GeoIP
X-Gzip
X-GeoIP-City
Mobile-Detection-Method
Origin-EX
Thinkindot-CacheControl
X-CMSURLCustom
X-Cluster
X-Ad-Defer-Variation
X-Core-Mission
X-Core-Value
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Clientip
X-Clara-WADP
X-Cache-Info
X-Bip
X-Cache-Id
X-CacheTTL
X-BBC-Edge-Cache-Status
X-CGP
X-Auto-Login
X-Cdn-Origin
X-Datadog-Trace-Id
Web-Mar-Region
X-Loc
Thinkindot-CacheControl-Type
Thinkindot-Control
TDXMobile
X-DPWN-IS-SECURE
State
X-Epic-Correlation-Id
X-Ec-Custom-Error
Traceparent
Tube-Get-Contents
X-DefHash
X-DefElseHash
We-Hiring
Vix-Hermes-Req-Id
V-Age
Tube-Got-Eval
Tube-Got-Results
Tube-Return
X-Esi-Check
X-Minions-Version
X-Rocket-Nginx-Serving-Static
X-Request-URI
Adler-Geo
X-S-Maxage
X-SB
X-SIPLIST1
X-Scale
Apple-News-Services-Handled
Apple-News-Services-Host
X-RateLimit-Limit-Second
X-Qloud-Router
Candidate-Md5Url
Cache-Host
X-RateLimit-Remaining-Second
HA-Ipaddr
Apple-News-Services-Request-Url
X-Slack-Backend
X-Sn-Servicetimems
X-Viewer-Country
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-VServer
X-WADP-Cache
X-Worker
X-Wix-Viewer-Type
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Thanos
X-Thinkindot-L3
X-Varnish-Beresp-Status
X-Variation
X-Proxy-Cache-Info
Apple-News-Services-Parsed-Url
X-Optimistic-Header
X-Nyt-Route
X-NodeID
X-Origin
X-Origin-Response-Time
Decoy-Debug-Status
Decoy-Debug-TTL
X-Pool
X-Mvc-Supplant-OutputCached
Fastly-GeoIP-CountryCode
X-Cache-Bucket
Gh-Request-Id
Ha-Gx-Prefs
X-Mvc-Supplant-Cachable
Fastly-SWR
Fastly-SIE
Fastly-SSL
Decoy-Debug-Key
DSUID
Cmsid
Cmstype
X-Planisys-CDN-Rules
Cluster
X-Planisys-CDN-TTL
X-Policy
Click-Count-Action-Start
Click-Count-Error
X-Planisys-CDN-Cache
Country-Code
X-Origin-Time
X-WA-Info
Cache-Hits
X-Tx-Id
X-WP-CF-Super-Cache-Active
Upgrade-Insecure-Requests
X-Cdn-Srv
X-Device-Os
X-Has-Esi
X-Developers
X-Is-Gdpr
X-Sucuri-ID
X-Sucuri-Cache
X-JWT-State
X-Sigma-Backend
X-HS-Content-Campaign-Id
X-V-Cache
X-SplitTest
X-Gen-Mode
X-Region-Sid
X-Sigma
X-Fetched-On
X-Rocket-Build-Number
X-Ckpd-Fst-Backend
X-Hnp-Log
Server-Hostname
Server-Ext
Memcached
Sever-Int
User-Cache-Control
Wxu-Next-Hostname
Wxu-Next-Commit
Fastly-Backend-Name
Datacenter
X-Block-Status
X-Branch-Name
Wxu-Next-Region
Canary
CDCHOST
X-ZONE
Cache-Tv-Group
X-Cache-Remote
X-Newrelic-App-Data
X-FC-Vary-Parameters
X-ATG-Version
X-Geo-Header
X-Scheme
X-Var-Ttl
X-NCache
CloudFront-Viewer-Country
X-LB-NoCache
X-ND-Cache
Svr
X-Fastly-Backend
Fastly-Drupal-HTML
X-Presslabs-Stats
Ec-Rule-Version
WebServer
Pics-Label
X-Origin-Expires
X-Azure-Ref-OriginShield
X-Rebelmouse-Surrogate-Control
AKAMAI
X-Fastly-Cache
X-Rebelmouse-Cache-Control
Fastcgi-Cache-TTL
X-Session-Fingerprint
X-Udemy-Cache-App-Namespace
X-Nf-Request-Id
SID
X-Tb-Optimization-Total-Bytes-Saved
Ssr
Memory
X-Pod-Name
Time
Sid
X-Via-Poph
X-Generated-In
X-Via-Popn
X-Via-Popv
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
Server-ID
X-Servedbyhost
Env
X-DC
X-NWS-UUID-VERIFY
X-Up
X-Buckets
X-Release
X-Cache-Date
X-Ig-Push-State
X-Refresh
X-Cs
X-Pass-Why
X-Edge-Pop
X-NC
X-Wa
X-Fpc
X-MSEdge-Flight
X-MSEdge-Features
X-Conf
X-Tumblr-Pixel-3
X-Microcachable
My-App
X-Esi
X-Lambda-Id
X-Dispatch
X-PX
X-EC-Lua
X-MCACHE
X-Endurance-Cache-Level
X-Dmc
X-ID
CDN
X-CS
X-Req
X-CACHE-AGE
X-VCL-Version
X-Xrds-Location
GeoIp-Country-Code
Fastly-Drupal-Html
X-Zone
Magicmarker
X-TX-ID
True-Client-IP
X-Be
X-NGINX-Cache
X-Webkit-CSP-Report-Only
X-RateLimit-Reset
X-LB-ID
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Vc
X-CACHE-KEY
X-CSRF-TOKEN
True-Client-Country-4JS
CacheControlHeader
Hostname
X-TH-Server
X-TRACE-ID
X-HS-Status
X-B3-Spanid
X-Air-Trace-Id
X-Air-Hostname
X-Hyper-Cache
X-Air-Source
X-Micro-Cache
X-M-Reqid
Resin-Trace
X-Air-Pt
X-M-Log
X-Op-Id-All
X-CF-Lambda-Fn
True-Client-Ip
X-CF-Lambda-Version
X-Srv
Request-ID
Pramga
GeoIP-Country-Code
X-Qnm-Cache
Path
X-App
X-Vcl-Version
X-Alfa-Service
Tcn
X-Yandex-Sdch-Disable
X-Varnish-Beresp-TTL
X-GeoIP-Country-Code
X-GeoIP-Region-Code
C-Via
Tracecode
X-SERVER-NAME
Section-Io-Id
X-Vercel-Cache
Section-Io-Origin-Status
X-Vercel-Id
Section-Io-Origin-Time-Seconds
WWW-Authenticate
Section-Origin-Responded
X-Date
X-Accel-Expires-Debug
X-TrackingId
X-Akamai-Pragma-Client-IP
N-Cache
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
NtCoent-Length
X-Cache-Ttl
X-PAYTM-SRV-ID
Esi-Enabled
X-FPC
X-Platform
X-Edge-POP
Hit
Proxy-Connection
On-Server
X-RAMCache
Fastcgi-X-Cache-Version
X-Datacenter
YJS-ID
X-Webkit-Csp-Report-Only
X-Old-Content-Length
X-Mly-Id
X-Platform-Router
X-Via-CDN
FSS-Cache
X-Platform-Processor
X-Platform-Cluster
X-WA
X-Geo
X-Edge-Origin-Shield-Region
Yjs-Id
X-Edge-Origin-Shield-Bytes
X-LiteSpeed-Cache-Control
Lb
X-Vtex-Remote-Cache
GeoIP-Latitude
ENV
X-Response-By
X-Vtex-Processado-Em
User-Agent
X-ServedByHost
X-API-Version
Powered-By
Server-Id
X-Lb-Id
X-Node-Id
X-Cdn-Forward
X-Dw-Trace-Id
X-UA
X-Via-PopV
X-Via-PopN
X-Via-PopH
HIT
X-Request-Start
X-Client-Ip
X-LAGOON
X-SD-PageType
X-AIR-PT
X-FORWARDED-FOR
X-Traceid
X-Instance-Name
X-LI-UUID
Geoip-Latitude
Cdn
X-CUA
Srvid
X-TT-LOGID
Cache-Key
X-LI-Proto
X-Webstats-RespID
X-Render-Time
Locid
X-FL-EDGE
Dnion-Transfer-Encoding
X-Li-Pop
X-Via-Ucdn
X-Location
X-Li-Fabric
X-Akamai-ERRuleID
X-From
X-Akamai-ERPolicy
X-PERF
X-Service-Response-Time
Sm-Log-Id
X-ApacheServer
Server-Ttl
X-DW
X-DB
Ohc-File-Size
X-DI
X-DSS
XServer
X-Cache-ASPX
X-RPS
X-RPM
X-CF-Powered-By
X-RSL
DynaTrace
Nginx-CQVIP
X-LiteSpeed-Tag
X-Director
X-Request-Url
Location
PICS-Label
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Proxy-Upstream
XkeyRZ
X-Wp-Cf-Super-Cache
X-Proxy-CacheRZ
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-Server-IP
X-DataCenter
X-Fastly-Backend-Reqs
X-VarnishDD-TTL
X-Fastly-Cache-Hits
X-Proxy-Cache-Hk
X-HostName
X-B3-ParentSpanId
XM
PFcat
X-HN
Wpo-Cache-Message
X-Lb-Nocache
X-Cdn-Request-ID
Wpo-Cache-Status
Vha6-Origin
X-Cache-Ngx
X-Ips-Loggedin
Wp-Super-Cache
DT-Hot-News
Warning
CountryCode
Swift-Performance
CF-Cached-On
Uri
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Yottaa-OS
X-HA-Backend
Req-ID
X-Moov-T
X-Mg-Cache
X-Moov-Xdn-Version
WZWS-RAY
SRV
X-ElasticPress-Query
Fastcgi-Cache-Ttl