Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Xss-Protection
X-Served-By
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
X-XSS-PROTECTION
Server-Timing
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Robots-Tag
X-Backend
X-Cache-Group
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Proxy-Cache
X-Hacker
X-Server
X-Rq
X-Age
X-UA-Device
X-Server-Powered-By
Allow
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
EagleId
X-Dispatcher
X-Amz-Version-Id
Grace
P3p
Cf-Apo-Via
Nel
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
Accept-CH
X-Pingback
X-Node
X-Host
X-WebKit-CSP
X-Server-Id
X-OneAgent-JS-Injection
Surrogate-Control
X-Backend-Server
X-CST
X-Readtime
X-Nginx-Cache-Status
X-Akam-SW-Version
X-Content-Security-Policy-Report-Only
Permissions-Policy
Request-Id
X-Application-Context
X-Cache-Lookup
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
X-Response-Time
Accept-Ch-Lifetime
X-Edge
X-HW
X-Litespeed-Cache
X-Ua-Compatible
X-Mod-Pagespeed
Content-Location
Accept-CH-Lifetime
X-Clacks-Overhead
X-Url
X-Ruxit-JS-Agent
X-Midtier
X-ECACHE
X-Oneagent-Js-Injection
X-ESI
X-Mcache
X-Amz-Server-Side-Encryption
Rating
X-Country
X-Upstream
X-TtlSet
X-PC
X-Vname
X-Vcap-Request-Id
Xkey
X-MS-InvokeApp
Cache-Tag
X-D2id
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Content-Type
Fastly-Restarts
X-Cache-TTL
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Kinja
X-Use-Magma
Edge-Control
RTSS
X-Powered-By-Plesk
X-VARITI-CCR
X-Ac
Origin-Trial
X-Cached
X-Navigation-Version
Accept-Ch
X-Abt-Application-Version
X-Ruxit-Js-Agent
X-Goog-Hash
X-WebKit-CSP-Report-Only
Service-Worker-Allowed
X-GitHub-Request-Id
X-Country-Code
X-Amz-Rid
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Mg-S
X-Dw-Request-Base-Id
X-Ttl
X-SharePointHealthScore
SPRequestGuid
X-B3-TraceId
X-Browser-Type
X-Server-Name
X-Varnish-TTL
Arr-Disable-Session-Affinity
Cross-Origin-Opener-Policy
X-Ua-Device
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
AR-PoweredBy
X-Erf-Bev-Bev
X-Powered-CMS
AR-Request-ID
AR-SID
X-Server-Lifecycle-Phase
AR-ATIME
Response
X-Middleton-Response
SPRequestDuration
SPIisLatency
X-Amzn-Trace-Id
X-Cache-Key
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-Cnection
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-ORACLE-DMS-ECID
X-Version
X-ORACLE-DMS-RID
X-Accel-Expires
Front-End-Https
X-T
Cache-Tags
Cache-Status
X-NF-Request-ID
X-Times
X-Ser
Edge-Cache-Tag
X-Px
X-Fastcgi-Cache
X-MSEdge-Ref
X-Client-IP
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Public-Key-Pins
X-Hits
Nginx-Cache
X-Recruiting
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Webkit-CSP
X-Request-Processing-Time
X-Request-Received
X-Frontend
Access-Control-Request-Method
X-LLID
Server-Node
X-RateLimit-Remaining
X-Ua-Browser
Payment
X-NWS-LOG-UUID
TP-Cache
X-DIS-Request-ID
X-B3-Traceid
X-Webkit-Csp
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
MicrosoftSharePointTeamServices
S
TP-L2-Cache
X-LB-Cache
X-Goog-Metageneration
X-Content-Digest
X-RateLimit-Limit
X-FastCGI-Cache
X-Distributor
Content-MD5
X-PressLabs-Stats
X-Webkit-CSP-Report-Only
Realpath
X-Hostname
X-Geo-Country
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Request-Handler-Origin-Region
X-Microsite
X-Forwarded-For
X-Ezoic-Cdn
Access-Control-Allow-Method
X-Page-Id
X-Envoy-Decorator-Operation
Fastcgi-Cache
Accept-Charset
X-FB-Debug
X-Ratelimit-Remaining
X-Cluster-Name
X-Rid
X-Kinja-CCPA
X-GUploader-UploadID
X-Correlation-Id
X-Protected-By
X-Seen-By
TCN
X-Amz-Apigw-Id
X-Amzn-RequestId
Cleartype
X-TTL
X-B3-Sampled
X-Origin-Server
DC
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Debug-Info
X-Origin-Cache
X-Ratelimit-Limit
X-Newrelic-App-Data
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Mobile
Referer-Policy
X-XRDS-Location
X-Varnish-Backend
X-Git-Hash
X-Logged-In
X-Aspnet-Version
X-Edge-Location-Klb
X-Kinsta-Cache
X-Azure-Ref
Cross-Origin-Resource-Policy
Alternate-Protocol
Healthy
X-Contextid
X-Varnish-Grace
X-Server-ID
X-Revision
X-Fb-Rlafr
X-App-Environment
Surrogate-Key
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Flags
X-Grace
X-Amz-Replication-Status
X-Is-Crawler
X-Amz-Meta-S3cmd-Attrs
X-TT
X-Content-Options
Count-Hit
X-Whom
X-Wix-Request-Id
X-Forwarded-Proto
X-IPS-LoggedIn
Filterid
Charset
MS-Author-Via
X-Akamai-Edgescape
Viewport
Frame-Options
WPO-Cache-Status
WPO-Cache-Message
X-App-Server
X-Id
X-Hosted-By
X-B
Paypal-Debug-Id
X-Cache-Age
X-Client-Ip
X-Kong-Upstream-Latency
X-Backend-Name
X-Kong-Proxy-Latency
X-Cache-Control
X-Magnolia-Registration
X-Trace-Id
X-AppVersion
X-Activity-Id
X-Www-Served-By
X-Az
Section-Io-Cache
X-Daa-Tunnel
Retry-After
Server-Name
X-Upgrade-Enabled
Refresh
X-Type
Version
X-F-Cache
X-Varnish-Server
X-Proxy-Cache-Info
X-Proxy
Amp-Access-Control-Allow-Source-Origin
X-Oracle-Dms-Ecid
Host
X-Original-Request-Id
SD-X-WS
Akamai-GRN
X-Cache-Rule
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Rule
X-Http-Reason
X-ARC
X-Oracle-Dms-Rid
X-Response-Served-From
X-Time
X-UUID
X-Akamai-Request-ID2
X-Status
X-User-Agent
X-Varnish-Age
Protected
X-App-Version
X-Rocket-Nginx-Serving-Static
Front
X-Instance
X-Edge-Location
X-Jobs
X-Environment-Context
X-L-Path
X-Framework
X-Cacheable-TTL
X-EdgeConnect-Cache-Status
X-Source
X-Cache-Grace
SRV
X-Is-Bot
X-Region
X-Unique-Id
X-Rendered-As
X-COUNTRY
X-FW-Server
X-FW-Serve
Access-Control-Request-Headers
X-FW-Static
X-FW-Version
X-N
X-Page-View
X-Load-Cache
X-FW-Type
X-Cache-Time
Fastly-SIE
Fastly-SWR
X-FW-Hash
From-Origin
X-FW-Dynamic
X-Adobe-Content
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-G
X-RemovedCookies
X-Adobe-Loc
X-ProcessESI
X-Tumblr-User
X-Tumblr-Pixel-1
ServerID
X-Varnish-Ttl
Content-Disposition
X-Drupal-Cache-Tags
Country
X-CDN-Forward
X-Datadog-Parent-Id
X-Vcache
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-HTML-Minification-Powered-By
X-Language
X-Tt-Trace-Tag
X-Tt-Trace-Host
Accept-Language
X-RateLimit-Reset
Countrycode
X-Yottaa-Metrics
X-Yottaa-Optimizations
Liferay-Portal
X-Datadog-Sampled
X-DynaTrace
X-Xrds-Location
X-ID
X-Amzn-Remapped-Content-Length
X-DynaTrace-JS-Agent
X-Nf-Request-Id
X-DataDome
X-Generated-By
X-Debug-IsPreview
X-Debug-IsConnected
X-Mg-Request-UUID
X-ECache
X-B3-SpanId
Xet-Cookie
Backend
X-Drupal-Cache-Contexts
X-WP-CF-Super-Cache
X-Tt-Logid
CF-IPCountry
X-WP-CF-Super-Cache-Cache-Control
X-Device-Type
X-NYM-Debug-Backend
Webserver
X-Mode
Xserver
X-Content-Powered-By
X-Erf-Web-Scheduler
X-Ratelimit-Reset
X-Nginx-Cache
X-Signature
X-B-Cache
X-Zen-Fury
X-Httpd
GEO-INFO
X-Content-Age
Load-Balancing
Meta-Geo
Locale
X-JoinUs
Onion-Location
X-Varnish-Cache-Hits
X-Director
X-Container-Uri
X-Git-Commit
X-SaId
Azure-RegionName
Azure-SiteName
X-Sucuri-Cache
X-Sucuri-ID
Azure-InstanceId
X-Servername
X-Cache-Operation
Url
S-Rt
X-UPSTREAM-Address
X-ServerID
Azure-Version
Azure-SlotName
X-Rewrite-Enabled
Filters
X-LAGOON
X-Urbn-Context-Path
X-Cache-Action
X-Urbn-Site-Id
X-Soup
X-Proto
X-Cluster-Node
X-Say-Cacheable
X-Varnish-Hostname
X-Say-TTL
X-Tb
X-SayCDN-TTL
Uber-Trace-Id
X-Storage
X-Forwarded-Host
X-Generation-Time
X-Logging-Id
X-Ms-Request-Id
X-VCT
X-RM-Cache-TTL
Web-Mar-Node
X-VC-Cache
X-Cache-Server
X-Ms-Version
X-Detected-As
X-PHP-Host
X-Served-From
X-Labrador-Cache-Channel
TWC-GeoIP-Country
TWC-Device-Class
TWC-Privacy
TWC-Connection-Speed
TWC-Locale-Group
Node
DB-Nickname
X-Sql-Count
Mn-Server-Ip
Webcakes-App-Name
Property-Id
Webcakes-Region
X-Extlb
X-RCS-CacheZone
X-Proxied
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Routing-Service
X-Origin-Hint
X-Sql-Duration-Ms
X-Uri
X-Skip-Cache
Webcakes-App-Version
TWC-GeoIP-LatLong
X-Adobe-Source
X-Zipkin-Id
X-GeoCode
X-GeoCountry
Fastcgi-Useragent
X-Debug
X-LSADC-Cache
X-Tumblr-Pixel-2
X-Timing-Wait
X-Tumblr-Pixel-3
Selected-Fe
X-Fetched-On
X-Format
X-R9-Blue-Green-Version
X-FB-TRIP-ID
X-Proxy-Build
CDN-RequestId
X-MP-GENERATED-AT
Fastly-Drupal-HTML
X-Via-JSL
X-Cache-Expired-At
X-Lambda-Id
X-Origin-Date
X-NGENIX-Cache
Source
OT-Force-Account-Verify
X-MCACHE
X-XRDS-LOCATION
X-Node-Name
X-Cache-Hit
X-Template
Content-Secure-Policy
X-Varnish-Hits
X-UA-Device-Type
X-AIR-PT
X-Cache-TTL-Remaining
X-Srv
X-Pass-Why
X-Loop
X-Tncms
X-Endurance-Cache-Level
X-Ua
X-Pubstack
X-PHP-Backend
Upgrade-Insecure-Requests
NGB
X-Fastly-Request-Id
X-Server-W
Cross-Origin-Window-Policy
X-Redis-Cache
X-Origin-CC
X-Real-IP
X-Origin-TTL
Cache-Hits
MS-CV
X-CCDN-CacheTTL
Ms-Operation-Id
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-RTag
X-Cache-Host
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
Cache-Name
Section-Io-Origin-Time-Seconds
X-Optimistic-Header
X-Restarts
Cache-Provider
Apigw-Requestid
X-Reqid
X-IPLB-Instance
X-Cms-Context
X-Xfnlog-Site
X-IPLB-Request-ID
X-Cache-Type
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-CachedAt
X-CSRF-Token
CDN-Cache
CDN-Uid
X-GEO
CDN-PullZone
CDN-RequestPullSuccess
X-S
CDN-EdgeStorageId
X-Datadome
X-Hl-Ver
X-BYPASS-REASON
X-Aspnetmvc-Version
X-No-Session
X-ProxyCache-Status
X-Akamai-Transformed
X-ProxyCache-Key
X-VWS-Id
X-Via-Fastly
X-Cluster
X-LJ-Flow-ID
X-AWS-Id
X-CACHE-AGE
X-Newrelic-Synthetics
X-Access
X-Section
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
L
L5d-Success-Class
Magicmarker
Mail-Subject
Lang
Fastly-GeoIP-CountryCode
Candidate-Md5Url
X-A-Wwc
Canary
X-Accel-Expires-Debug
CPC-Age
CPC-Cache
MD5-Digest
Fastly-Backend-Name
DCR-Processing-Time-Ms
DCR-Decision-By
Gannett-Cam-Experience-Id
Odigeo-Trace-Id
VNS-Age
Vix-Hermes-Req-Id
T-Server
VNS-Cache
W
X-A
Web-Mar-Region
We-Hiring
Surrogated-Key
X-A-Dam
X-A-Ccd
Ngx.Var.Host
N-Cache
Redirect-Candidate
Rendered-Blocks
Sslversion
X-A-Dgt
Server-Host
Meta-Geo-Continent
X-Date
X-Request-Host
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Rojux
X-S-Cookie
X-SD-PageType
X-ScT
X-Policy
X-Origin-Time
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Orig-Expires
X-Nyt-Route
X-Shop-Environment
X-Slack-Backend
X-Vtex-Remote-Cache
X-Viewer-Country
X-We-Are-Hiring
X-Wikidot-Backend
Xc-Version
X-Wikidot-Static-Cache
X-VG-WebCache
X-Vdms-Version
X-SRCache-Key
X-Slack-Shared-Secret-Outcome
X-Tenant
X-TIM-N
X-Vdms-Path
X-Var-Ttl
X-Gdpr
X-Forwarded-Path
X-Cdn-Diag
X-CacheTTL
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Conf
X-CGP
X-Cache-NE
X-Cache-Info
X-B-Cookie
X-Application
X-Bc-Bl
X-BCube-Filmed-By
X-Cache-Bucket
X-Bl-Debug
X-Csrf-Jwt
X-D
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Eu-Site
X-External-Request-Id
X-FC-Vary-Parameters
X-Fastly-Backend
X-Ec-Fail
X-Ec-Custom-Error
X-Debug-Cache-Fetch
BehaviorPad-Version
X-Debug-Cache-Store
X-Destination
X-Dispatcher-Number
X-Developer
X-Aed
X-A-Dcw
X-TimeS
X-Proxy-Cache-Status
X-Rn-Rsrv
X-Web-Node
X-Forwarded-Site
X-Fmm-Version
X-Generated-On
X-Esi-Check
X-Core-Value
X-Geo-Header
X-Handled-By
X-Level-Front-Cache
X-Mid
X-INCAP-ABP
X-Human
X-Core-Mission
X-Hash
X-Gzip
X-Clientip
X-Alternate-Cache-Key
X-ApacheServer
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-App-Name
X-Auto-Login
X-Clara-WADP
X-Mly-Id
X-Cache-Id
X-Cache-Debug
X-BBC-Edge-Cache-Status
X-Bip
X-CMSURLCustom
X-Old-Content-Length
X-Varnishpool
X-VG-TLSProxy
X-WADP-Cache
X-Up
X-Thinkindot-L3
X-Test
X-Thanos
Fastly-SSL
True-Client-Country-4JS
X-Wix-Viewer-Type
X-Worker
X-JWT-State
X-Is-Gdpr
X-Accel-Buffering
X-Has-Esi
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Platform
X-Pool
X-Request-Time
X-PERF
X-PAYTM-SRV-ID
X-Org
X-Origin-Response-Time
X-S-Maxage
X-Server-IP
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Node-Id
X-Owner
Cmstype
Req-Svc-Chain
Environment
AKAMAI
Memcached
Host-ID
Release
Datacenter
Origin
Cmsid
Machine
WP-Super-Cache
X-Vcl-Version
User-Cache-Control
X-Variation
X-Sn-Servicetimems
Country-Code
X-Hnp-Log
X-Loc
X-Varnish-CookieINHashed-On
CDCHOST
X-Cdn-Srv
X-Varnish-CookieHashed-On
X-Block-Status
ServedBy
X-DefHash
X-Qloud-Router
X-DefElseHash
X-Azure-Ref-OriginShield
X-WA-Info
CloudFront-Viewer-Country
NM-Fastcgi-Cache
Expect-Staple
X-Cdn-Origin
X-From
X-Origin
Esi-Enabled
X-Presslabs-Stats
X-Scale
X-NodeID
X-Device-Os
Apple-News-Services-Request-Url
X-Dispatcher-Server
Apple-News-Services-Handled
Server-Ext
Server-Hostname
Sever-Int
X-Cs
X-Nginx-Cache-Key
Is-Eu
X-Vmg-Version
X-VServer
X-Varnish-Remaining-TTL
Apple-News-Services-Host
X-Gen-Mode
X-DPWN-IS-SECURE
X-Parent-Response-Time
Adler-Geo
Producers
Platform
X-Nananana
Apple-News-Services-Parsed-Url
DSUID
X-Mvc-Supplant-OutputCached
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-TA-CDN-Provider
X-Akamai-Device-Characteristics
X-LB-NoCache
C-Via
Wxu-Next-Commit
Wxu-Next-Hostname
X-Nitro-Cache
X-App
Ssr
X-Op-Id-All
X-NCache
Pics-Label
Wxu-Next-Region
X-GeoIP
Origin-CC
X-Instance-Name
Origin-EX
X-TIME
AMP-Access-Control-Allow-Source-Origin
X-Platform-Cluster
X-Microcachable
Time
X-Refresh
Cache-Host
Server-Info
Server-ID
X-Cache-Enabled
X-Cache-Status-Check
X-Platform-Processor
X-Amz-Meta-Cb-Modifiedtime
Memory
X-Platform-Router
X-Locale
X-Tx-Id
X-Site-Version
X-HA-Backend
XM
X-Correlation-ID
X-Origin-Expires
X-VarnishDD-TTL
X-HN
NGX
PFcat
X-URL
X-VHOST
X-Dc
X-ZONE
GeoIP-Latitude
X-CACHE-GROUP
Resin-Trace
Hostname
X-API-Version
X-Tb-Optimization-Total-Bytes-Saved
Locid
X-Via-SSL
X-Ad-Defer-Variation
Origin-Agent-Cluster
A
X-FL-EDGE
X-Via-Edge
X-FL-QIT-DEBUG
Cf-Device-Type
X-Via-CDN
Srvid
Edge-Copy-Time
X-Wp-Cf-Super-Cache-Active
X-DC
X-Upstream-Ht
X-Upstream-Ct
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
Cdn-Requestid
X-Zone
YJS-ID
X-Vgn-Hpd-Reason
X-ATG-Version
X-FireWall-Port
X-Webkit-Csp-Report-Only
X-Fpc
Sid
Cache-Key
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Internal-Host
X-Pod-Name
X-Varnish-Authentication
Uri
X-Moov-Xdn-Version
X-Github-Request-Id
X-Moov-T
X-Micro-Cache
X-DataCenter
True-Client-Ip
X-Cached-By
User-Agent
X-WP-CF-Super-Cache-Active
X-Provided-By
X-LiteSpeed-Cache-Control
X-Info
X-Planisys-CDN-TTL
X-TraceId
X-HS-Content-Campaign-Id
X-Planisys-CDN-Rules
State
X-Planisys-CDN-Cache
X-B3-Spanid
IsBot
X-Fastly-Cache
GeoIP-Country-Code
X-SIPLIST1
X-RN-RSRV
X-B3-Parentspanid
X-Platform-Server
X-Buckets
Location
X-Sigma
X-Nitro-Rev
X-NGINX-Cache
X-Release
X-Nitro-Cache-From
X-Sigma-Backend
X-AB
X-Rocket-Build-Number
X-Cache-Remote
X-LiteSpeed-Tag
X-Api-Version
X-Backend-Instance
X-MSEdge-Features
Cdn
X-Datacenter
Cache
X-MSEdge-Flight
GeoIp-Country-Code
X-VC
X-Geo-Region
SID
X-Gamma-Serve
X-Geo
X-CS
X-Generated-In
XServer
X-Accel-Version
Srv
X-NewRelic-App-Data
X-CSRF-TOKEN
X-VCache
True-Client-IP
Lb
Cache-Tv-Group
NtCoent-Length
CF-Ctrl
X-GeoIP-City
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Rebelmouse-Cache-Control
X-TRACE-ID
X-FTR-Request-ID
X-Scheme
Path
X-Rebelmouse-Surrogate-Control
X-HS-Status
Fastly-Drupal-Html
Kp-EeAlive
X-FPC
X-Is-Tablet
X-Tcp-Rtt
X-Browser-Name
HostName
X-Is-Desktop
X-Is-Supported-Browser
X-Is-Mobile
X-HostName
Tcn
Ohc-File-Size
X-Location
X-SRV
X-Hyper-Cache
Epwk-X-Cache
X-GoCache-CacheStatus
X-Frame-Option
X-Mobile-URL
X-TX-ID
Cf-Ipcountry
X-APP-VERSION
CountryCode
X-UA
Serverid
X-Esi
X-Service
On-Server
X-Region-Sid
X-Amz-Meta-Opti
X-Aicache-OS
Cdncip
X-AK-Request-ID
X-Developers
CacheControlHeader
Cdnsip
X-Air-Pt
X-Men
X-Guploader-Uploadid
RNT-Machine
X-B3-Trace-ID
V-Age
Tube-Got-Eval
RNT-Time
Tube-Got-Results
Tube-Get-Contents
Tube-Return
X-Acquia-Purge-Cdn-Unconfigured
X-Wp-Cf-Super-Cache-Cache-Control
X-V-Cache
X-Branch-Name
Click-Count-Action-Start
X-Traceid
X-Via-Popn
Click-Count-Error
X-LB-ID
X-Webstats-RespID
X-Req
X-SB
X-Minions-Version
X-Via-Popv
X-Via-Poph
X-Cache-Ttl
WebServer
X-CDN-Cache-Status
X-EC-Lua
X-Cache-FS-Status
Mime-Version
X-Cache-Tags
X-Wp-Cf-Super-Cache
Proxy-Connection
X-Wp-Cf-Super-Cache-Cookies-Bypass
XkeyRZ
Env
X-Proxy-CacheRZ
X-Cdn-Cache-Status
X-Pad
Yak-Timeinfo
WZWS-RAY
X-Vc
X-Servedbyhost
X-Wa
WWW-Authenticate
ENV
X-Nc
Ohc-Cache-HIT
CDN
X-VCL-Version
X-CACHE-KEY
X-Akamai-Pragma-Client-IP
Ngx
X-Fastly-Country-Code
X-Cdn-Forward
Geoip-Latitude
X-Edge-Pop
LB
CF-Cached-On
X-NWS-UUID-VERIFY
X-User
X-Check-Cacheable
X-Lb-Cache
Content-Style-Type
Cdn-Host
Content-Script-Type
X-Processor
X-Ha-Backend
X-Vercel-Id
Cdn-Request-Time
X-TH-Server
X-Vercel-Cache
X-Ckpd-Fst-Backend
X-Edge-Server
Server-Id
X-TT-LOGID
HIT
X-Acquia-Application-UUID
PICS-Label
X-Render-Time
X-Lb-Nocache
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
M-TraceId
X-Via-Ucdn
X-FTR-Backend
X-FTR-Expires
X-Edge-POP
X-WP-CF-Super-Cache-Cookies-Bypass
X-NMSegId
X-Snapshot-Date
X-IN-APIGATEWAYSSL
X-MiniProfiler-Ids
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-FTR-Cache-Status
X-APP
X-Litespeed-Cache-Control
X-Country-Code-Real
X-FTR-Backend-Server
Req-ID
X-FTR-Balancer
X-CUA
Yjs-Id
X-Origin-Cache-Key
X-Ad-Load-Variation
X-Miniprofiler-Ids
Cneonction
Cluster
X-Service-Response-Time
CACHE-MISS-TO-ORIGIN
Inserted-Into-Cache-At
X-Fastly-Cache-Hits
X-Cache-Date
Sm-Log-Id
X-Fastly-Backend-Reqs
X-Udemy-Cache-App-Namespace
X-Iauth-Set-Uid
Edge-Cache
Vha6-Origin
X-Response-By
X-M-Log
X-M-Reqid
Log-Origin
X-Serial
X-Cached-Since
X-ElasticPress-Query
X-RAMCache