Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
CF-RAY
Accept-Ranges
ETag
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-FRAME-OPTIONS
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-AspNet-Version
X-Permitted-Cross-Domain-Policies
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Request-ID
X-Cacheable
X-Iinfo
X-Envoy-Upstream-Service-Time
P3p
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
Status
X-Drupal-Dynamic-Cache
Content-Encoding
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Ua-Compatible
Access-Control-Max-Age
CF-Ray
X-Via
X-Robots-Tag
X-Cache-Group
X-UA-Device
Server-Timing
X-Dns-Prefetch-Control
Keep-Alive
Request-Context
X-AH-Environment
X-Turbo-Charged-By
X-Amz-Request-Id
X-Proxy-Cache
X-Backend
X-Amz-Id-2
X-Age
X-Ws-Request-Id
Host-Header
X-Hacker
X-Server-Powered-By
X-Server
X-Rq
X-Varnish-Cache
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
Grace
Cf-Edge-Cache
X-Dispatcher
EagleId
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Page-Speed
Accept-CH
X-Nginx-Cache-Status
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
Cf-Railgun
X-Host
X-Node
X-Pingback
X-Cache-Spec
X-OneAgent-JS-Injection
X-Server-Id
X-Backend-Server
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Cache-Lookup
Accept-CH-Lifetime
X-Response-Time
EagleEye-TraceId
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Readtime
Content-Location
X-HW
X-Cloud-Trace-Context
X-Content-Security-Policy-Report-Only
X-Application-Context
Rating
X-Trace
Fastly-Restarts
X-Url
X-Akamai-Path-Stats
X-WebKit-CSP-Report-Only
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
X-Ruxit-Js-Agent
X-CST
X-MS-InvokeApp
X-Edge
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Oneagent-Js-Injection
X-TtlSet
X-PC
X-Vname
X-Country
X-Mod-Pagespeed
Edge-Control
X-Content-Type
X-ESI
X-Vcap-Request-Id
X-B3-TraceId
Cf-Apo-Via
X-FastCGI-Cache
Accept-Ch-Lifetime
Verso
X-D2id
X-Kinja
X-Mcache
Xkey
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-GitHub-Request-Id
Cache-Tag
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-Ttl
X-Varnish-TTL
X-ECACHE
RTSS
X-Server-Name
X-VARITI-CCR
X-Abt-Application-Version
X-Navigation-Version
X-Version
X-Client-IP
X-Upstream
X-Ac
X-Cnection
X-Cached
X-Element-Page-Cache
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-RateLimit-Remaining
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-SharePointHealthScore
SPRequestGuid
Permissions-Policy
X-Px
SPRequestDuration
SPIisLatency
X-Cache-TTL
Display
X-NWS-LOG-UUID
X-Sol
Pagespeed
X-Middleton-Display
Public-Key-Pins
X-Country-Code
X-Middleton-Response
Response
X-Midtier
X-Cache-Key
X-Kinsta-Cache
X-Ser
X-Edge-Location-Klb
X-Forwarded-For
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Goog-Hash
Content-MD5
X-DataDome
X-Correlation-Id
X-Shield-Request-Id
X-RateLimit-Limit
X-HP-Webp
X-HP-Trace-Id
Front-End-Https
X-Jurisdiction
Access-Control-Request-Method
X-MSEdge-Ref
MRF-Tech
X-NF-Request-ID
X-B3-TraceId-Primal
Mrf-Cache-Status
AR-Request-ID
AR-CACHE
AR-SID
AR-PoweredBy
AR-ATIME
X-Recruiting
X-T
MicrosoftSharePointTeamServices
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
X-Daa-Tunnel
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Nginx-Cache
X-Accel-Expires
X-Mg-S
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Content-Digest
TCN
X-Powered-CMS
X-Grace
X-Hits
X-Request-Received
X-Request-Processing-Time
Server-Node
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Name
X-HS-Content-Id
X-Amzn-Trace-Id
X-XRDS-Location
X-Id
Filters
MS-Author-Via
Fastcgi-Cache
X-Geo-Country
Count-Hit
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Webkit-Csp
X-Frontend
X-Distributor
X-Origin-Server
X-Ezoic-Cdn
X-Ua-Browser
Filterid
Cross-Origin-Opener-Policy
X-LLID
X-PressLabs-Stats
X-Fastly-Request-Id
S
X-Language
X-Forwarded-Proto
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
X-Seen-By
Charset
Payment
X-Git-Hash
Host
X-LB-Cache
X-Page-Id
X-B3-Sampled
X-FB-Debug
X-F-Cache
X-ASPNET-VERSION
X-VCache
X-Amz-Meta-S3cmd-Attrs
Cache-Status
X-Ratelimit-Reset
X-Cluster-Name
Surrogate-Key
X-Rid
X-Ab
X-Www-Served-By
Cache-Tags
Access-Control-Allow-Method
X-Upgrade-Enabled
Realpath
X-Logged-In
X-DIS-Request-ID
Alternate-Protocol
X-Origin-Cache
X-Source
Retry-After
Accept-Charset
X-Varnish-Backend
Accept-Ch
X-NGENIX-Cache
X-COUNTRY
X-Cache-Age
X-Fastcgi-Cache
X-Template
X-Is-Crawler
X-Route-Name
X-Flags
X-Request-Guid
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Activity-Id
X-Varnish-Grace
X-AppVersion
X-Az
X-Amz-Replication-Status
X-App-Environment
X-Type
X-Tb
X-Wix-Request-Id
X-Litespeed-Cache
Cleartype
X-Envoy-Decorator-Operation
DC
X-TT
Paypal-Debug-Id
X-B-Cache
X-Signature
X-B
X-Fastly-Request-ID
X-Revision
X-Hostname
X-DynaTrace
X-Contextid
ServerID
X-Kong-Upstream-Latency
Frame-Options
X-Kong-Proxy-Latency
X-Cache-Rule
X-Node-Name
X-Drupal-Cache-Tags
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Amp-Access-Control-Allow-Source-Origin
Refresh
Cross-Origin-Resource-Policy
X-Proxy
X-Trace-Id
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Debug
Referer-Policy
X-Mobile
X-Load-Cache
Node
X-Content-Options
X-EdgeConnect-Cache-Status
X-Response-Served-From
X-Original-Request-Id
X-Cache-Control
NGB
X-Varnish-Server
X-N
X-Varnish-Age
X-Magnolia-Registration
Country
X-Cache-Time
X-NYM-Debug-Backend
X-TTL
X-Content-Powered-By
X-Is-Bot
Viewport
X-Debug-IsPreview
X-Whom
Uber-Trace-Id
X-G
X-Adobe-Content
X-Page-View
Akamai-GRN
X-Debug-IsConnected
X-Rendered-As
X-Adobe-Loc
X-Yottaa-Metrics
Content-Disposition
X-Cacheable-TTL
X-Instance
X-L-Path
X-Servername
X-RemovedCookies
X-Real-IP
X-Environment-Context
Url
X-ProcessESI
X-Framework
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-Akamai-Request-ID2
X-Status
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-TTL-Remaining
Srv
X-Jobs
X-Cache-Grace
X-Mid
X-User-Agent
X-Cache-Expired-At
X-Via-JSL
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Healthy
X-Cache-Hit
Countrycode
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-CDN-Forward
X-Tumblr-Pixel-0
X-XRDS-LOCATION
X-Cache-Operation
X-Unique-Id
X-Drupal-Cache-Contexts
Version
Accept-Language
X-Rule
X-Backend-Name
X-Debug-Info
X-APP-VERSION
X-Akamai-Edgescape
X-Mg-Request-UUID
X-Http-Reason
X-Cache-Action
X-Time
Section-Io-Cache
Xserver
X-VC-Cache
Protected
X-B3-Traceid
X-IPLB-Instance
X-Tt-Logid
X-Server-ID
X-IPLB-Request-ID
X-Hosted-By
X-Azure-Ref
X-HTML-Minification-Powered-By
Server-Info
X-Generation-Time
Content-Secure-Policy
Backend
X-Generated-By
X-FW-Static
X-FW-Type
Meta-Geo
X-FW-Serve
X-FW-Hash
X-Storage
X-RN-RSRV
X-FW-Dynamic
X-FW-Server
X-UPSTREAM-Address
X-App-Server
X-Api-Version
X-Cache-Status-Check
CF-IPCountry
GEO-INFO
X-Device-Type
Liferay-Portal
X-Mobile-URL
X-SRV
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
X-Access
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Connection-Speed
Azure-RegionName
Azure-InstanceId
X-Sql-Count
X-Sql-Duration-Ms
Azure-SiteName
Azure-SlotName
X-Cms-Context
Property-Id
MS-CV
Azure-Version
TWC-Device-Class
X-Handled-By
X-PHP-Host
X-Adobe-Source
X-Proxy-Cache-Status
X-R9-Blue-Green-Version
X-AWS-Id
X-No-Session
X-JoinUs
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Cache-Server
X-Redis-Cache
X-Varnish-Cache-Hits
X-Origin-Hint
X-OCL
X-SayCDN-TTL
X-Varnish-Hostname
X-Say-TTL
X-PCL
X-Section
X-SaId
X-RTag
X-Say-Cacheable
X-Format
Ms-Operation-Id
X-VWS-Id
X-Content
X-Restarts
CDN-Cache
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
Cache-Name
X-Request-Time
X-FireWall-Port
X-Proto
X-Locale
X-Varnishpool
CDN-RequestCountryCode
X-Server-W
X-Region
CDN-Uid
X-Detected-As
X-Content-Age
X-Edge-Location
X-FB-TRIP-ID
X-GeoCode
X-Forwarded-Host
X-Ms-Request-Id
X-Ms-Version
DB-Nickname
X-GeoCountry
Locale
Mn-Server-Ip
X-Cache-Type
Web-Mar-Node
CDN-RequestId
X-Provided-By
X-Web-Node
X-Skip-Cache
X-Varnish-Beresp-Grace
X-Via-Fastly
X-Mode
X-Amz-Apigw-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-UA-Device-Type
X-Amzn-RequestId
X-Site-Version
X-Xfnlog-Site
X-Routing-Service
X-Proxied
X-Alternate-Cache-Key
X-ShopId
X-Extlb
Apigw-Requestid
X-Zipkin-Id
Onion-Location
X-BYPASS-REASON
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Nginx-Cache-Key
X-PHP-Backend
X-Shopify-Stage
Eomportal-Instance
X-ProxyCache-Key
X-ProxyCache-Status
X-ShardId
X-Cache-Host
WP-Super-Cache
X-Tid
Load-Balancing
X-Storefront-Renderer-Rendered
S-Rt
X-Hl-Ver
X-Proxy-Build
X-Tec-Api-Version
X-Tec-Api-Root
X-Timing-Wait
X-Tec-Api-Origin
Selected-Fe
X-WP-CF-Super-Cache
X-Cache-Enabled
X-WP-CF-Super-Cache-Cache-Control
X-Vgn-Hpd-Reason
X-ECache
X-ServerID
X-Reqid
X-TNCMS
X-DynaTrace-JS-Agent
X-Loop
X-LSADC-Cache
X-Dc
X-Uri
X-Varnish-Ttl
X-Amzn-Remapped-Content-Length
X-Cdn
X-Pubstack
X-Soup
X-Zen-Fury
X-Origin-Date
X-Tumblr-Pixel-2
X-TIME
X-Ua
X-Newrelic-Synthetics
Xet-Cookie
X-Cache-NGX
Fastcgi-Useragent
From-Origin
X-Service
X-Cache-Debug
X-Ratelimit-Remaining
X-Aspnetmvc-Version
X-Correlation-ID
X-App-Version
Source
X-Origin-TTL
X-Origin-CC
ServedBy
X-UUID
X-GEO
X-Varnish-Hits
X-Nginx-Cache
Origin
X-Webkit-CSP
X-MP-GENERATED-AT
X-Human
X-NewRelic-App-Data
X-URL
X-TA-CDN-Provider
Cache
Fastly-Drupal-HTML
X-Varnish-Beresp-Ttl
X-Cache-Tags
X-Cached-By
Rip
Cross-Origin-Window-Policy
X-Rewrite-Enabled
Upgrade-Insecure-Requests
X-Cluster
Webserver
MD5-Digest
Rendered-Blocks
BehaviorPad-Version
X-ScT
WPO-Cache-Message
WPO-Cache-Status
X-Ratelimit-Limit
X-Ec-Fail
X-Ec-GeoHdr
X-External-Request-Id
SD-X-WS
Xc-Version
Surrogated-Key
X-NAPM-TraceId
Sslversion
DCR-Decision-By
Expiry
Meta-Geo-Continent
X-Orig-Expires
Mime-Version
DCR-Processing-Time-Ms
Ngx.Var.Host
Odigeo-Trace-Id
X-Vdms-Version
X-Vdms-Path
X-Developer
X-Destination
X-A-Wwc
X-Aed
X-AK-Request-ID
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
X-A-Dam
X-Application
X-ARC
X-Connection-Hash
X-D
T-Server
X-Cache-NE
X-BCube-Filmed-By
X-B-Cookie
X-Bc-Bl
X-Parent-Response-Time
X-VG-WebCache
X-RCS-CacheZone
X-Processor
X-SRCache-Key
Lang
X-Rojux
X-S
X-Shop-Environment
X-S-Cookie
A
X-TIM-N
X-Tenant
X-User
X-PBS-Appsvrname
Cdncip
Cdnsip
X-Forwarded-Path
Host-ID
OT-Force-Account-Verify
X-Request-Host
X-Served-From
X-Aicache-OS
X-Origin-Time
X-Nyt-Route
Environment
X-Gdpr
X-Accel-Buffering
X-Cluster-Node
Redirect-Candidate
LB
X-WP-CF-Super-Cache-Active
X-AOL-HN
X-FW-Version
VNS-Cache
Mail-Subject
Fastly-SIE
Fastly-SSL
We-Hiring
Origin-CC
Wxu-Next-Commit
Wxu-Next-Hostname
Decoy-Debug-Key
Fastly-GeoIP-CountryCode
CPC-Cache
Memcached
NM-Fastcgi-Cache
NGX
Origin-EX
Platform
Svr
IsBot
Is-Eu
Decoy-Debug-Status
Kp-EeAlive
Decoy-Debug-TTL
L
Req-Svc-Chain
Traceparent
Fastly-SWR
Tube-Return
Machine
Servername
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
Producers
VNS-Age
X-Device-Os
X-SB
X-Sigma
X-Loc
X-S-Maxage
X-Minions-Version
X-Sigma-Backend
X-Gzip
X-Fmm-Version
X-Variation
X-SplitTest
X-GeoIP
X-SIPLIST1
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-Origin-Response-Time
X-Owner
X-NodeID
X-NCache
CPC-Age
X-Platform-Server
X-Pool
X-Request-URI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Qloud-Router
X-Varnish-Beresp-Status
X-Fetched-On
X-GeoIP-City
X-Clara-WADP
X-DefElseHash
X-DefHash
Release
X-Cache-Info
X-Cache-Id
X-ATG-Version
X-Ad-Defer-Variation
X-Azure-Ref-OriginShield
X-BBC-Edge-Cache-Status
X-Cache-Bucket
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-VG-TLSProxy
X-Viewer-Country
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Esi-Check
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-Wix-Viewer-Type
X-WADP-Cache
X-VServer
Wxu-Next-Region
X-Ckpd-Fst-Backend
Click-Count-Action-Start
X-Pass-Why
Adler-Geo
Apple-News-Services-Handled
Canary
Cache-Host
X-Nf-Request-Id
Click-Count-Error
X-Debug-Cache
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CloudFront-Viewer-Country
Candidate-Md5Url
X-Tumblr-Pixel-3
X-Is-Gdpr
X-JWT-State
X-Level-Front-Cache
X-INCAP-ABP
X-HS-Content-Campaign-Id
X-Geo-Header
X-Has-Esi
X-Generated-On
X-Developers
X-Cdn-Srv
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Auto-Login
X-CMSURLCustom
Thinkindot-CacheControl
AKAMAI
Fastly-Backend-Name
X-Core-Value
TDXMobile
X-Tx-Id
X-Sucuri-ID
X-Optimistic-Header
X-Cache-Remote
X-Thinkindot-L3
X-Sucuri-Cache
X-Worker
X-Gamma-Serve
X-Forwarded-Site
X-Scheme
X-Scale
X-CacheTTL
X-Gateway-Cache-Key
X-Cdn-Origin
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Web-Mar-Region
X-Clientip
X-Fastly-Backend
X-Datadog-Trace-Id
X-Branch-Name
X-Region-Sid
X-Hash
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Hnp-Log
X-Slack-Backend
X-Origin
X-Gen-Mode
X-Gateway-Skip-Cache
X-Udemy-Cache-App-Namespace
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Proxy-Cache-Info
X-Planisys-CDN-TTL
X-Block-Status
X-SVT-ORM-VERSION
Vix-Hermes-Req-Id
X-Csrf-Jwt
X-Eu-Site
X-CGP
X-Bip
HA-Ipaddr
L5d-Success-Class
Mobile-Detection-Method
DSUID
X-Policy
X-Thanos
X-Var-Ttl
X-Mvc-Supplant-Cachable
X-Irp-Debug
Country-Code
X-FC-Vary-Parameters
Ha-Gx-Prefs
Gh-Request-Id
Cmstype
X-SVT-ORM-RULES
Cmsid
Datacenter
X-Sn-Servicetimems
V-Age
User-Cache-Control
CDCHOST
X-Core-Mission
X-V-Cache
Server-Hostname
Sever-Int
Server-Ext
State
Cluster
X-Presslabs-Stats
Server-Host
X-Up
X-LB-NoCache
Memory
Time
X-Mvc-Supplant-OutputCached
X-Datadome
X-IPS-LoggedIn
WebServer
HostName
X-ZONE
X-CSRF-Token
X-Akamai-Transformed
X-Dispatch
Pics-Label
Ec-Rule-Version
X-VC
Ssr
X-Tb-Optimization-Total-Bytes-Saved
Sid
Request-ID
X-Refresh
X-Newrelic-App-Data
X-Edge-Pop
X-ND-Cache
AMP-Access-Control-Allow-Source-Origin
X-Req
My-App
X-B3-Spanid
Env
X-Servedbyhost
X-Via-Popn
X-Via-Poph
X-Via-Popv
Cache-Tv-Group
X-B3-SpanId
X-WA-Info
X-Via-NSCOPI
X-GG-Cache-Date
X-VHOST
X-Lambda-Id
SID
X-Generated-In
Fastcgi-Cache-TTL
X-Wa
X-NGINX-Cache
Server-ID
X-Cs
X-Session-Fingerprint
True-Client-Country-4JS
X-CACHE-AGE
X-Trace-ID
GeoIp-Country-Code
X-Release
X-Origin-Expires
X-Rebelmouse-Cache-Control
CacheControlHeader
Cache-Hits
X-Pod-Name
X-Rebelmouse-Surrogate-Control
X-Vc
X-Fpc
X-Fastly-Cache
X-PX
X-EC-Lua
Hostname
X-Op-Id-All
X-ID
X-LB-ID
True-Client-IP
X-Xrds-Location
X-DC
X-MCACHE
X-VCL-Version
X-CSRF-TOKEN
X-NWS-UUID-VERIFY
X-Zone
X-TX-ID
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Webkit-CSP-Report-Only
X-MSEdge-Flight
X-Cache-Date
X-TH-Server
X-Ig-Push-State
X-MSEdge-Features
WWW-Authenticate
X-Buckets
X-CACHE-KEY
X-Conf
Resin-Trace
X-Accel-Expires-Debug
X-HS-Status
X-RateLimit-Reset
X-Endurance-Cache-Level
X-Date
X-NC
X-TRACE-ID
X-Microcachable
X-RAMCache
X-Old-Content-Length
X-Dmc
CDN
X-Srv
X-Esi
X-CS
X-NODE
Powered-By
Fastly-Drupal-Html
Tcn
X-Vcl-Version
Magicmarker
X-Varnish-Beresp-TTL
Path
True-Client-Ip
X-Check-Cacheable
X-Webstats-RespID
X-API-Version
X-Wikidot-Static-Cache
X-Akamai-Pragma-Client-IP
X-Director
Section-Io-Origin-Time-Seconds
X-Alfa-Service
X-Wikidot-Backend
Section-Io-Origin-Status
X-Location
GeoIP-Country-Code
X-Lb-Id
Section-Io-Id
Section-Origin-Responded
Yjs-Id
X-Cache-Ttl
X-CLOUD-TRACE-CONTEXT
X-LiteSpeed-Cache-Control
X-Be
Proxy-Connection
X-Vercel-Cache
X-FPC
X-Datacenter
X-Vercel-Id
X-Varnish-Authentication
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-DataCenter
Cdn
X-Micro-Cache
X-WA
X-Geo
X-Mly-Id
FSS-Cache
X-Via-CDN
X-Hyper-Cache
Pramga
Lb
ENV
X-Response-By
X-Server-IP
X-Cache-Expires
M-TraceId
X-ServedByHost
X-Test
Server-Id
User-Agent
X-CF-Lambda-Fn
X-M-Reqid
X-HA-Backend
X-CF-Lambda-Version
X-M-Log
X-Cdn-Forward
X-Cc-Via
X-Dw-Trace-Id
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-App
X-Akamai-ERPolicy
X-Cache-Backend
Uri
X-Akamai-ERRuleID
X-Qnm-Cache
X-ApacheServer
Tracecode
X-PERF
X-Client-Ip
HIT
X-Service-Response-Time
X-Edge-POP
YJS-ID
Sm-Log-Id
X-AIR-PT
X-Info
XM
X-We-Are-Hiring
X-FL-EDGE
Srvid
X-Instance-Name
X-Traceid
X-From
Swift-Performance
Location
Locid
X-Air-Hostname
X-Li-Fabric
X-LI-Proto
X-LI-UUID
C-Via
N-Cache
X-Air-Trace-Id
X-UA
Dnion-Transfer-Encoding
X-Air-Source
Geoip-Latitude
X-TT-LOGID
X-Li-Pop
X-LiteSpeed-Tag
X-TrackingId
PFcat
X-RSL
X-RPM
X-RPS
Nginx-CQVIP
X-HN
X-VarnishDD-TTL
X-Platform-Router
PICS-Label
X-Platform-Processor
X-Frame-Option
X-Platform-Cluster
X-DW
X-DSS
Esi-Enabled
X-Air-Pt
X-Platform
Ohc-File-Size
XServer
CountryCode
X-Fastly-Backend-Reqs
CF-Cached-On
X-DI
X-DB
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Timeexpire
X-Conten-Type-Options
Cneonction
X-Cache-Proxy
Vha6-Origin
X-PAYTM-SRV-ID
X-Request-Url
Wpo-Cache-Status
X-Lb-Nocache
X-CF-Powered-By
X-Cdn-Request-ID
X-Oss-Storage-Class
X-Fastly-Cache-Hits
Fastcgi-X-Cache-Version
Hit
Wpo-Cache-Message
NtCoent-Length
X-Oss-Hash-Crc64ecma
Cache-Key
X-HostName
On-Server
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Ips-Loggedin
Warning
X-Cache-Ngx
Wp-Super-Cache
X-Litespeed-Cache-Control
X-Newegg-Index
X-Newegg-Flow
X-Nerd
X-N-OperationId
X-MTS-Cache
X-Ee-Origin
X-Loadbalancer
X-LbNode
X-Matched-Rule
X-Matome-Cached
X-Onedio-Env
X-Keep
X-Okws-Version
X-Origin-Ops
X-OVcl
X-OVcl-Cache
X-Odoo-Frontend
X-Nyt-Data-Last-Modified
X-NFL-Geo
X-NS-Authorization
X-Ntj-Investigation-Id
X-NXG
X-NFL-Dma
X-Git-Commit
X-F-Status
X-Farm
X-Fastly-Is-Edge
X-Fstrz
X-Eventloop-Lag
X-ETag
X-PageType
X-Ee-Request-Date
X-Ee-Request-Id
X-Eid
X-Full-Ttl
X-GG-Cache-Status
X-IBD-SID
X-Is-SSL
X-Ittl
X-Kebab
X-IBD-Cache
X-Header-Sub
X-Global-Transaction-ID
X-GoCache-CacheStatus
X-Group
X-Kebabable
X-User-Auth
X-Ee-Generated-By
X-Upstream-State
X-Utime
X-V2-Infrastructure
X-Vary-Devices
X-U-Cache
X-True-Client-Ip
X-Timestamp
X-Toujours-Debout-Branch
X-Toujours-Debout-Location
X-Tried-To-Kebabify
X-Ver
X-Wag-Acs
XV-H
XV-Cache
X-B3-Parentspanid
X-Fastly-Country-Code
X-Request-URL
X-YSpaceId
X-Xms-Page-Cache-Actions
X-Waitingroom
X-Web-Hosting
X-WP-Bypass
X-WSR2
X-Test-Nginx-Ingress
X-Svr-Proxy
X-Render-Time
X-Render-Method
X-Request-Origin
X-Route
X-Route-Akamai
X-Redis
X-Reboot
X-PG-ACCESS
X-PGF-Deflate
X-Pver
X-R-Cache
X-Ruby
X-Save-Cache
X-Square
X-SSLProxy
X-Stack-Name
X-SVR-IIS
X-SMP-JWT
X-Slack-Shared-Secret-Outcome
X-Server-L
X-ServiceName
X-Sh
X-Site
X-Paywall
X-AspNetWebPages-Version
Ns-Ua
Ns
Ok-Cache-Status
OK-Edge-Date
Ok-Edge-Key
Npm-Remaining
Npm-Cost
Joe-X
Is-Https
NB-ESI
Nikkei-App-Version
NLCacheNote
Origin-Site
Panzer-Cache-Control
Service-Uuid
Served
SFRVia
Shieldsquare-Response
SII
Selected-Route
Scheme
RawURL
Proxy-Cache
Region
Request-Uuid
Rt-Proxy-Cache
HTTPProtocol
HServer
X-ElasticPress-Query
X-Mg-Cache
X-Yottaa-OS
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-B3-ParentSpanId
WZWS-RAY
Req-ID
Fastcgi-Cache-Ttl
SRV
X-CUA
DynaTrace
X-Serial
X-Th-Server
CMS-200
Cluster-Host
Deeplink
Ec-Policy-Id
H1
Cf-Wrk
Cf-Locale
Cache-Stat
Akamai-X-Url
Cachekey
Cdn-Country-Code
Cf-Device-Type
Store-Cloud-Cache
Sw
X-Cache-NPR
X-Cache-Length
X-Cache-Reason
X-Cache-ReqUri
X-Cache-Response
X-Cache-IsMobileDevice
X-Cache-Cookie
X-Backend-TTL
X-ASF-Cache
X-Backside-Transport
X-BeanStalkRole
X-BeanStalkStage
X-CacheVersion
X-CDN-Pop
X-Delivery
X-Dehri-Date
X-Developed-By
X-Doge
X-DT-Node
X-Dcm-Pdtf
X-Container-Uri
X-Cf-Node-Idx
X-CDN-Pop-IP
X-Cms-Device
X-Coindesk-Cache
X-Colour
X-ARRRG1
X-Arena-Request-Id
Uniqueid
TWC-Unit
Userver
Vttl
X-77-NZT
TWC-Subs
TWC-PATH-LOCALE
Technodrome
T-Request-Id
Time-Cloud-Cache
Ttl
TWC-AK-Req-ID
X-77-NZT-Ray
X-Accel-Version
X-Akamai-Native
X-Akamai-DeviceType
X-Amz-Meta-Cb-Modifiedtime
X-Apache-Server
X-Ar-Stats
X-Akamai-DeviceOS
X-Akamai-CacheKeyMod
X-Accepted-Fulllang
X-Accepted-Language
X-Accor-Asset
X-AEO-Platform
X-Edge-IP