Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-ID
Access-Control-Allow-Credentials
X-Request-Id
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
P3p
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Envoy-Upstream-Service-Time
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Status
X-AspNetMvc-Version
X-CDN
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
X-Cache-Group
X-Amz-Request-Id
EagleId
X-Amz-Id-2
X-Backend
Keep-Alive
X-AH-Environment
X-Proxy-Cache
X-Ws-Request-Id
X-Server
X-Age
Host-Header
X-Hacker
X-Ua-Compatible
Cf-Edge-Cache
X-Vhost
X-Server-Powered-By
X-Rq
Allow
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-WebKit-CSP
Accept-CH
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Apo-Via
X-Device
X-Page-Speed
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-Nginx-Cache-Status
X-Akam-SW-Version
Surrogate-Control
X-Dns-Prefetch-Control
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Cache-Lookup
X-Readtime
X-HW
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Content-Security-Policy-Report-Only
X-Trace
X-Application-Context
X-Response-Time
Accept-CH-Lifetime
Permissions-Policy
X-CST
X-Mod-Pagespeed
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Edge
Accept-Ch-Lifetime
X-WebKit-CSP-Report-Only
Content-Location
X-Content-Type
X-Country
X-ECACHE
Rating
X-Clacks-Overhead
X-MS-InvokeApp
X-Url
X-Mcache
X-TtlSet
X-Vname
X-PC
X-Amz-Server-Side-Encryption
X-Midtier
X-VARITI-CCR
RTSS
Cache-Tag
X-Varnish-TTL
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
Verso
X-Ac
Origin-Trial
X-B3-TraceId
X-GoogleNews-Bot
X-Exp-Variant
X-Server-Name
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Rack-Cache
X-Cnection
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-ESI
Xkey
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-Ttl
X-NWS-LOG-UUID
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
Edge-Control
X-Client-IP
X-Cached
X-Px
X-Mg-S
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Instrumentation
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
Arr-Disable-Session-Affinity
X-Kraken-Loop-Name
X-Fastcgi-Cache
X-Litespeed-Cache
SPIisLatency
SPRequestDuration
X-Upstream
X-Correlation-Id
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Cache-Key
Content-MD5
X-Dw-Request-Base-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-NF-Request-ID
Edge-Cache-Tag
X-XRDS-Location
X-Goog-Hash
X-Daa-Tunnel
Front-End-Https
X-Country-Code
Public-Key-Pins
X-Version
X-Forwarded-For
X-Powered-CMS
AR-CACHE
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Id
TCN
X-MSEdge-Ref
X-Jurisdiction
X-Recruiting
X-T
X-HP-Webp
X-HP-Trace-Id
X-RateLimit-Remaining
X-Content-Digest
X-Accel-Expires
X-Middleton-Response
Response
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Ser
TP-Cache
TP-L2-Cache
X-Amzn-Trace-Id
Nginx-Cache
X-Fastly-Request-ID
S
X-Hits
X-Request-Received
X-Ruxit-Js-Agent
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
Server-Node
X-Distributor
X-Kinsta-Cache
X-Edge-Location-Klb
Cache-Status
X-Ratelimit-Limit
Cache-Tags
MicrosoftSharePointTeamServices
X-Grace
Fastcgi-Cache
Alternate-Protocol
Server-Name
X-Protected-By
X-TEC-API-VERSION
X-DataDome
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Ezoic-Cdn
X-DIS-Request-ID
X-Ratelimit-Remaining
X-Origin-Server
X-Ratelimit-Reset
X-Geo-Country
X-Ua-Browser
X-LB-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Frontend
X-Rid
X-Debug-Info
X-Varnish-Backend
Cleartype
Healthy
X-Www-Served-By
X-Logged-In
Cross-Origin-Opener-Policy
Filterid
X-Git-Hash
X-Forwarded-Proto
Payment
X-NGENIX-Cache
X-FB-Debug
X-TTL
X-Page-Id
X-Load-Cache
Charset
X-B3-Sampled
Content-Disposition
X-Webkit-Csp
X-VCache
X-ASPNET-VERSION
X-LLID
X-Cluster-Name
X-Origin-Cache
DC
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
MS-Author-Via
X-Hostname
X-FastCGI-Cache
X-PressLabs-Stats
X-GUploader-UploadID
X-Goog-Metageneration
X-Upgrade-Enabled
Retry-After
Access-Control-Allow-Method
Accept-Charset
X-Proxy
X-Activity-Id
X-F-Cache
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-AppVersion
X-Az
Cross-Origin-Resource-Policy
X-Type
X-Contextid
X-B-Cache
X-Signature
X-Amz-Replication-Status
Accept-Ch
X-Varnish-Server
Paypal-Debug-Id
X-Revision
X-Route-Name
X-Request-Guid
X-Amz-Meta-S3cmd-Attrs
X-Aspnet-Duration-Ms
Viewport
X-Is-Crawler
X-Providence-Cookie
X-Hosted-By
X-Flags
X-Wix-Request-Id
X-Azure-Ref
X-Whom
X-TT
X-B
X-Seen-By
X-Fb-Rlafr
Amp-Access-Control-Allow-Source-Origin
Surrogate-Key
X-App-Environment
Referer-Policy
X-DynaTrace
X-Source
Realpath
Count-Hit
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Aspnetmvc-Version
X-Tt-Trace-Host
X-Akamai-Edgescape
X-Tt-Trace-Tag
X-App-Server
X-Mobile
X-RateLimit-Limit
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-B3-Traceid
Host
X-Cache-Control
X-EdgeConnect-Cache-Status
X-N
X-HTML-Minification-Powered-By
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Original-Request-Id
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Cache-Rule
X-Response-Served-From
Version
X-Tumblr-User
X-UUID
X-Oneagent-Js-Injection
X-Varnish-Age
X-Magnolia-Registration
Refresh
MS-CV
X-Cache-Time
Access-Control-Request-Headers
Ms-Operation-Id
X-Rule
Section-Io-Cache
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Envoy-Decorator-Operation
X-RTag
SD-X-WS
X-FW-Server
X-FW-Dynamic
Akamai-GRN
X-Cache-Expired-At
X-Adobe-Loc
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Static
X-Content-Powered-By
X-Adobe-Content
X-Status
X-Cache-Status-Check
X-Environment-Context
X-FW-Version
Protected
X-L-Path
X-Page-View
X-Cache-Grace
X-Is-Bot
X-NYM-Debug-Backend
X-Instance
X-Http-Reason
X-Jobs
X-Rendered-As
X-ProcessESI
NGB
X-Servername
X-RemovedCookies
X-G
X-Device-Type
GEO-INFO
X-Framework
X-Cacheable-TTL
X-User-Agent
Url
X-Akamai-Request-ID2
X-Backend-Name
X-Debug-IsPreview
X-Debug-IsConnected
X-Template
X-Language
X-CDN-Forward
SRV
X-Newrelic-App-Data
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Cache-Age
X-Nginx-Cache
X-Yottaa-Optimizations
CDN-RequestId
X-COUNTRY
X-Yottaa-Metrics
WPO-Cache-Message
From-Origin
X-Cache-Hit
X-Tb
WPO-Cache-Status
X-Trace-Id
Country
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Region
X-Tt-Logid
Accept-Language
X-Node-Name
Front
X-URL
X-Real-IP
Fastly-Drupal-HTML
X-Amz-Apigw-Id
X-Amzn-RequestId
Backend
X-VC-Cache
Uber-Trace-Id
X-Content-Options
X-Mode
X-TIME
Fastly-SIE
Fastly-SWR
Content-Secure-Policy
X-DynaTrace-JS-Agent
X-Unique-Id
X-Cache-Operation
Meta-Geo
Filters
X-RN-RSRV
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Generation-Time
X-Zen-Fury
Webserver
X-IPS-LoggedIn
Azure-InstanceId
CF-IPCountry
X-Cache-Server
X-Amzn-Remapped-Content-Length
X-Cache-TTL-Remaining
X-Format
X-Proxy-Cache-Info
X-Access
X-Section
Azure-SlotName
Azure-Version
X-Web-Node
Onion-Location
Azure-SiteName
Azure-RegionName
X-Rocket-Nginx-Serving-Static
X-Sql-Duration-Ms
X-SayCDN-TTL
X-Sucuri-Cache
Apigw-Requestid
X-Sucuri-ID
X-Adobe-Source
X-SRV
X-Cache-Action
X-Say-Cacheable
X-Proxy-Cache-Status
X-Reqid
X-Say-TTL
X-Debug
X-Cache-Host
X-Cms-Context
X-Ua
X-Sql-Count
X-Server-W
X-BYPASS-REASON
X-AWS-Id
X-PHP-Backend
X-Cluster
X-Edge-Location
X-Skip-Cache
X-Content-Age
TWC-Connection-Speed
Web-Mar-Node
Cross-Origin-Window-Policy
TWC-Locale-Group
CDN-Uid
TWC-GeoIP-LatLong
TWC-GeoIP-Country
ServerID
TWC-Device-Class
X-Forwarded-Host
X-Soup
X-Proto
X-PHP-Host
X-Ms-Version
Property-Id
X-Varnish-Beresp-Grace
X-ProxyCache-Status
X-ProxyCache-Key
X-Ms-Request-Id
X-R9-Blue-Green-Version
X-GeoCountry
X-GeoCode
X-Origin-Hint
X-IPLB-Instance
X-IPLB-Request-ID
X-LJ-Flow-ID
X-Labrador-Cache-Channel
CDN-RequestCountryCode
S-Rt
X-UA-Device-Type
X-Via-Fastly
X-VWS-Id
X-Locale
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
Node
Webcakes-Region
X-Handled-By
X-Zipkin-Id
X-LAGOON
X-Extlb
X-Detected-As
X-Site-Version
X-JoinUs
X-Xfnlog-Site
X-Proxied
Cache-Name
X-Cluster-Node
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-LSADC-Cache
X-Routing-Service
Cache-Hits
X-SaId
X-CACHE-AGE
X-No-Session
X-Timing-Wait
WP-Super-Cache
X-Fastly-Request-Id
Mn-Server-Ip
Mime-Version
X-Time
X-Proxy-Build
Selected-Fe
DB-Nickname
X-Hl-Ver
Fastcgi-Useragent
X-FB-TRIP-ID
Liferay-Portal
X-Tec-Api-Origin
X-WP-CF-Super-Cache
X-Tumblr-Pixel-3
X-WP-CF-Super-Cache-Cache-Control
ServedBy
Xserver
X-Request-Time
X-Tec-Api-Root
X-Times
X-Tec-Api-Version
X-Redis-Cache
X-Cache-Debug
X-Air-Source
X-Air-Hostname
X-XRDS-LOCATION
X-Air-Trace-Id
Upgrade-Insecure-Requests
X-Loop
Source
X-TNCMS
X-Optimistic-Header
X-Origin-Date
X-GEO
X-Generated-By
X-NWS-UUID-VERIFY
X-Mg-Request-UUID
X-Presslabs-Stats
X-Buckets
X-Varnish-Hits
X-Akamai-Transformed
CF-Cached-On
X-Uri
X-Director
Countrycode
X-Pass-Why
X-Varnish-Beresp-Ttl
X-Tid
X-Cdn
X-Tx-Id
X-Storage
Xet-Cookie
X-TA-CDN-Provider
Frame-Options
X-ARC
X-Origin-TTL
X-Origin-CC
X-DC
X-FireWall-Port
X-Newrelic-Synthetics
X-Varnish-Cache-Hits
X-Service
X-ECache
X-Esi
X-App-Version
X-Storefront-Renderer-Rendered
X-ShardId
X-Trace-ID
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Varnish-Hostname
SID
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-B3-Spanid
Environment
X-Datadog-Sampled
X-Endurance-Cache-Level
X-Request-Host
Cache-Tv-Group
Rendered-Blocks
Redirect-Candidate
Release
Thinkindot-CacheControl
Thinkindot-Control
WWW-Authenticate
TDXMobile
T-Server
Sslversion
Surrogated-Key
Req-Svc-Chain
Lang
DCR-Decision-By
DCR-Processing-Time-Ms
Candidate-Md5Url
BehaviorPad-Version
X-ServerID
A
Edge-Cache
Gannett-Cam-Experience-Id
Ngx.Var.Host
Odigeo-Trace-Id
Meta-Geo-Continent
MD5-Digest
Host-ID
X-A
Origin
X-Bc-Bl
X-Mobile-URL
X-Nyt-Route
X-Origin-Time
X-Vdms-Version
X-VG-TLSProxy
X-Mid
X-Gdpr
X-We-Are-Hiring
X-INCAP-ABP
X-Loc
X-Platform-Cluster
X-Platform-Processor
X-S-Maxage
X-ScT
X-SRCache-Key
X-Thinkindot-L3
X-S-Cookie
X-S
X-Vdms-Path
X-Platform-Router
X-Processor
X-Rojux
X-Frame-Option
X-External-Request-Id
X-B-Cookie
X-BBC-Edge-Cache-Status
X-TIM-N
X-BCube-Filmed-By
X-Application
X-Aed
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Cache-Info
X-Cache-NE
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Destination
Xc-Version
X-CMSURLCustom
X-Core-Value
X-D
X-A-Ccd
Thinkindot-CacheControl-Type
Server-Info
Tube-Got-Results
Tube-Return
Tube-Got-Eval
X-Sigma
Tube-Get-Contents
X-Sigma-Backend
X-SD-PageType
X-Restarts
X-Req
X-Rocket-Build-Number
X-SB
X-Served-From
Vix-Hermes-Req-Id
X-Sn-Servicetimems
Magicmarker
X-Varnish-Remaining-TTL
X-VServer
X-WA-Info
X-WADP-Cache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Geo-Header
X-SVT-ORM-RULES
State
X-Test
Server-Host
X-Platform-Server
X-Akamai-Device-Characteristics
X-Ec-Custom-Error
X-Human
X-Developers
X-Is-Gdpr
X-JWT-State
X-Pubstack
X-Httpd
X-Has-Esi
X-GeoIP-City
X-Gamma-Serve
X-Fmm-Version
X-HS-Content-Campaign-Id
X-DefHash
X-DefElseHash
X-Old-Content-Length
X-Cdn-Origin
X-Origin-Response-Time
X-Cache-Bucket
X-Auto-Login
X-Cdn-Srv
X-NodeID
X-Location
X-CUA
X-Core-Mission
X-Clara-WADP
X-Worker
X-SVT-ORM-VERSION
Decoy-Debug-TTL
X-Level-Front-Cache
Decoy-Debug-Status
Fastly-GeoIP-CountryCode
Decoy-Debug-Key
C-Via
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
DSUID
Memcached
X-RM-Cache-TTL
Click-Count-Error
X-Generated-On
Click-Count-Action-Start
Cluster
Cache-Host
Fastly-Backend-Name
Country-Code
X-WP-CF-Super-Cache-Active
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-AIR-PT
Section-Io-Origin-Status
X-Cache-Backend
CacheControlHeader
X-Block-Status
X-App
X-Accel-Buffering
X-Request-Start
X-Ad-Defer-Variation
CDCHOST
X-Planisys-CDN-TTL
Cache-Provider
X-Planisys-CDN-Rules
X-Pool
X-Fastly-Backend
X-Bip
X-Hnp-Log
X-Esi-Check
X-DPWN-IS-SECURE
X-Hash
X-Gzip
X-GeoIP
X-Gen-Mode
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Dispatcher-Number
Svr
X-Scale
X-Origin
X-Cache-Id
X-Cache-FS-Status
X-Nananana
X-Minions-Version
Ssr
X-Date
X-LB-NoCache
Adler-Geo
X-Planisys-CDN-Cache
X-Accel-Expires-Debug
X-Conf
AKAMAI
X-Varnish-Beresp-Status
X-Variation
Server-Ext
Sever-Int
X-Var-Ttl
Server-Hostname
Mail-Subject
Cache-Key
Origin-CC
X-Vmg-Version
NM-Fastcgi-Cache
Origin-EX
Pics-Label
Producers
Cmsid
Platform
CloudFront-Viewer-Country
X-Up
User-Cache-Control
Gh-Request-Id
L
Is-Eu
Cmstype
X-Wix-Viewer-Type
Web-Mar-Region
We-Hiring
X-Thanos
Kp-EeAlive
X-Fetched-On
X-Slack-Backend
X-Parent-Response-Time
Wxu-Next-Commit
X-Irp-Debug
X-HN
X-Forwarded-Site
X-FC-Vary-Parameters
Wxu-Next-Hostname
X-Op-Id-All
X-NCache
X-Ckpd-Fst-Backend
X-Device-Os
X-Nginx-Cache-Key
Wxu-Next-Region
X-Dispatcher-Server
X-Azure-Ref-OriginShield
X-Node-Id
X-Qloud-Router
X-Platform
X-Slack-Shared-Secret-Outcome
Machine
Datacenter
X-V-Cache
X-Org
X-Region-Sid
NGX
X-Refresh
On-Server
X-Men
X-Cache-Tags
X-Cached-By
PFcat
X-VarnishDD-TTL
Cdn
X-Owner
X-Mvc-Supplant-Cachable
X-Varnishpool
X-CacheTTL
Fastly-SSL
X-Server-IP
X-Via-Poph
X-Via-Popv
Canary
X-Via-Popn
X-Varnish-Ttl
X-Csrf-Jwt
X-CGP
HA-Ipaddr
L5d-Success-Class
X-Eu-Site
Ha-Gx-Prefs
X-Webkit-CSP-Report-Only
X-Aicache-OS
GeoIP-Latitude
X-CSRF-Token
X-Servedbyhost
X-Cache-Date
Env
X-HA-Backend
X-Mvc-Supplant-OutputCached
X-RCS-CacheZone
Cdnsip
X-AK-Request-ID
X-Microcachable
Cdncip
X-Client-Ip
X-Cache-Remote
Server-ID
X-Tb-Optimization-Total-Bytes-Saved
HostName
X-Mly-Id
X-MCACHE
X-ZONE
X-VC
X-Gateway-Request-Id
X-APP-VERSION
X-Wa
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
Memory
Time
X-DataCenter
X-API-Version
X-Gateway-Cache-Status
X-Fpc
X-Zone
Load-Balancing
X-LB-ID
X-Generated-In
X-Vc
Cache
X-Fastly-Cache
X-Nc
X-Webkit-CSP
Request-ID
X-Origin-Expires
X-Via-NSCOPI
Eomportal-Instance
X-ND-Cache
X-Check-Cacheable
X-Instance-Name
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-HS-Status
X-Response-By
Ngx-Var-Key
X-Micro-Cache
X-Release
Hostname
OT-Force-Account-Verify
X-CS
X-Correlation-ID
X-CCDN-Origin-Time
Locid
X-From
Expect-Staple
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-FL-EDGE
X-NGINX-Cache
Srvid
X-FL-QIT-DEBUG
X-NewRelic-App-Data
X-Api-Version
X-CSRF-TOKEN
X-Via-CDN
X-SIPLIST1
IsBot
X-Cache-Enabled
X-Edge-Pop
X-Request-URI
X-Cache-NGX
X-VCL-Version
X-Via-SSL
GeoIp-Country-Code
X-Via-Edge
Edge-Copy-Time
X-Info
AMP-Access-Control-Allow-Source-Origin
X-Provided-By
NtCoent-Length
Srv
X-Via-JSL
Uri
XkeyRZ
X-Srv
X-Proxy-CacheRZ
X-Nf-Request-Id
X-Lambda-Id
X-Debug-Cache-Fetch
True-Client-Ip
X-Air-Pt
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Store
True-Client-IP
X-Vcl-Version
Location
X-Dc
X-EC-Lua
X-B3-SpanId
VNS-Cache
CPC-Age
Path
Servername
X-Vtex-Remote-Cache
Sid
X-Cache-Expires
CPC-Cache
X-Render-Time
VNS-Age
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Edge-POP
Resin-Trace
GeoIP-Country-Code
X-Server-ID
X-Cs
X-Fastly-Country-Code
Cross-Origin-Opener-Policy-Report-Only
X-VCT
X-TH-Server
CDN
Fastly-Drupal-Html
LB
Traceparent
X-ATG-Version
X-CLOUD-TRACE-CONTEXT
X-Moov-Xdn-Version
X-Moov-T
X-MSEdge-Flight
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
X-Scheme
Esi-Enabled
X-MSEdge-Features
X-Viewer-Country
X-Cdn-Request-ID
X-Accel-Version
CountryCode
X-TX-ID
YJS-ID
X-Pod-Name
M-TraceId
X-ApacheServer
Timeexpire
X-PERF
X-Upstream-Ht
X-Varnish-Beresp-TTL
X-Upstream-Ct
X-Akamai-Pragma-Client-IP
X-Lb-Id
X-FPC
X-RateLimit-Reset
Rip
X-Datadome
X-Cache-Type
X-CF-Lambda-Version
X-CF-Lambda-Fn
Powered-By
X-Udemy-Cache-App-Namespace
X-RateLimit-Limit-Second
X-NAPM-TraceId
X-RateLimit-Remaining-Second
FSS-Cache
X-PAYTM-SRV-ID
X-Datacenter
X-Cdn-Cache-Status
HIT
X-SERVER-NAME
Sm-Log-Id
X-WA
X-Service-Response-Time
X-Geo
XServer
X-CDN-Cache-Status
Proxy-Connection
Tracecode
X-Srcache-Store-Status
X-Wikidot-Backend
N-Cache
X-CACHE-KEY
X-NC
Server-Id
X-Wikidot-Static-Cache
V-Age
True-Client-Country-4JS
X-Clientip
RNT-Time
RNT-Machine
X-Srcache-Fetch-Status
Ohc-File-Size
ENV
Epwk-X-Cache
X-TraceId
X-Tenant
X-LiteSpeed-Cache-Control
X-VG-WebCache
XM
X-Shop-Environment
X-Orig-Expires
X-ServedByHost
X-Forwarded-Path
X-Hyper-Cache
X-Bl-Debug
Yjs-Id
X-Ha-Backend
X-B3-Trace-ID
X-Cdn-Forward
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-MP-GENERATED-AT
WZWS-RAY
Ngx
X-B3-Parentspanid
Geoip-Latitude
X-M-Reqid
X-M-Log
X-MiniProfiler-Ids
Content-Script-Type
Inserted-Into-Cache-At
X-Qnm-Cache
X-Policy
X-App-Name
X-B3-ParentSpanId
X-Amz-Meta-Opti
X-Cdn-Diag
X-Rebelmouse-Cache-Control
X-Serial
X-Fastly-Backend-Reqs
X-Swift-Error
Ec-Rule-Version
X-Lb-Nocache
Content-Style-Type
X-Via-PopV
X-Vgn-Hpd-Reason
X-Rebelmouse-Surrogate-Control
X-Dw-Trace-Id
X-Via-PopH
X-Via-PopN
User-Agent
X-Lsadc-Cache
X-F-Status
X-TT-LOGID
X-Mid-Debug-Cache-Disk
X-Mid-Debug-Cache-Key
X-Stale
Expiry
X-Ramcache
Pramga
X-Connection-Hash
Req-ID
X-Request-URL
X-Cache-Ngx
My-App
X-LiteSpeed-Tag
X-Th-Server
MIME-Version
Cneonction
X-Snapshot-Date
X-IPS-Cached-Response
Warning
X-UP