Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
CF-Ray
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-DNS-Prefetch-Control
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Request-ID
X-Dns-Prefetch-Control
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
Status
Server-Timing
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Cache-Group
X-Robots-Tag
Cf-Edge-Cache
Host-Header
Keep-Alive
X-Hacker
X-Proxy-Cache
X-UA-Device
X-Server
X-Rq
X-Vhost
X-Server-Powered-By
Allow
X-Age
X-Varnish-Cache
X-Ws-Request-Id
X-Dispatcher
X-Amz-Version-Id
EagleId
P3p
Nel
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Host
X-Node
Accept-CH
X-OneAgent-JS-Injection
X-WebKit-CSP
X-CST
X-Backend-Server
X-Server-Id
Surrogate-Control
X-Cache-Lookup
X-Nginx-Cache-Status
X-Readtime
Permissions-Policy
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
X-Nginx-Upstream-Cache-Status
Request-Id
X-Application-Context
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Ua-Compatible
X-Trace
X-Response-Time
X-HW
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Xkey
X-Oneagent-Js-Injection
X-Midtier
Rating
X-ESI
X-Url
X-Amz-Server-Side-Encryption
X-ECACHE
X-Ruxit-Js-Agent
X-Mcache
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Upstream
X-Country
X-Vcap-Request-Id
X-D2id
Cache-Tag
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-PC
X-TtlSet
X-Rack-Cache
X-Litespeed-Cache
X-Vname
Accept-Ch
X-Powered-By-Plesk
Edge-Control
RTSS
Fastly-Restarts
X-Cache-TTL
X-Ac
X-VARITI-CCR
Origin-Trial
X-Navigation-Version
X-Abt-Application-Version
X-Country-Code
Service-Worker-Allowed
X-WebKit-CSP-Report-Only
X-Goog-Hash
X-Cached
X-Ttl
X-Middleton-Display
Pagespeed
X-Sol
Display
X-GitHub-Request-Id
X-Browser-Type
X-Amz-Rid
Cross-Origin-Opener-Policy
X-Webkit-CSP
X-Content-Type
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Varnish-TTL
X-Server-Name
X-Mg-S
X-Amzn-Trace-Id
X-Powered-CMS
X-Erf-Bev-Bev-Is-Generated
X-Middleton-Response
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
Arr-Disable-Session-Affinity
Response
X-Server-Lifecycle-Phase
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
SPRequestDuration
SPIisLatency
X-Cache-Key
X-Kinja-CCPA
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-B3-TraceId
X-B3-Traceid
X-Times
X-Version
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-NWS-LOG-UUID
X-NF-Request-ID
X-Accel-Expires
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Cache-Tags
X-T
X-Fastly-Request-ID
Cache-Status
X-Cnection
Front-End-Https
Nginx-Cache
Edge-Cache-Tag
X-MSEdge-Ref
X-Client-IP
X-Aspnetmvc-Version
X-Hits
X-RateLimit-Remaining
X-Fastcgi-Cache
X-Ser
X-Px
MRF-Tech
Public-Key-Pins
Mrf-Cache-Status
X-B3-TraceId-Primal
Payment
X-Recruiting
X-LLID
X-Request-Received
X-Request-Processing-Time
X-Frontend
Server-Node
X-RateLimit-Limit
X-Ua-Browser
X-FastCGI-Cache
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Shield-Request-Id
X-DIS-Request-ID
TP-Cache
X-Server-ID
S
X-GUploader-UploadID
X-Goog-Metageneration
Access-Control-Request-Method
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Content-Digest
X-LB-Cache
Content-MD5
X-Request-Handler-Origin-Region
X-Microsite
X-Protected-By
X-Distributor
TP-L2-Cache
X-FB-Debug
Access-Control-Allow-Method
X-Ezoic-Cdn
Realpath
Accept-Charset
X-Forwarded-For
X-PressLabs-Stats
Fastcgi-Cache
X-Page-Id
X-Cluster-Name
X-Rid
X-Hostname
X-Geo-Country
X-B3-Sampled
X-Seen-By
X-Webkit-Csp
X-Aspnet-Version
Cleartype
X-Ua-Device
X-Ratelimit-Remaining
X-Correlation-Id
Referer-Policy
X-Envoy-Decorator-Operation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Mobile
X-Newrelic-App-Data
X-Webkit-CSP-Report-Only
DC
Cross-Origin-Resource-Policy
TCN
X-Daa-Tunnel
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Content-Options
X-Debug-Info
Count-Hit
X-Origin-Cache
X-Varnish-Backend
X-Ratelimit-Limit
X-Logged-In
X-Fb-Rlafr
X-Revision
X-Amz-Replication-Status
X-IPS-LoggedIn
X-Grace
Surrogate-Key
X-App-Server
X-Contextid
X-App-Environment
X-Git-Hash
X-Azure-Ref
X-Varnish-Grace
X-Flags
X-TTL
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-TT
X-Hosted-By
X-Origin-Server
X-Is-Crawler
X-Route-Name
X-Request-Guid
Frame-Options
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
X-Forwarded-Proto
X-Client-Ip
X-Edge-Location-Klb
X-Kinsta-Cache
X-Wix-Request-Id
Alternate-Protocol
WPO-Cache-Message
Retry-After
X-Whom
WPO-Cache-Status
Healthy
X-RateLimit-Reset
X-F-Cache
Charset
X-Akamai-Edgescape
Viewport
X-Backend-Name
Section-Io-Cache
X-Magnolia-Registration
MS-Author-Via
X-B
Paypal-Debug-Id
X-COUNTRY
X-App-Version
SRV
X-Proxy-Cache-Info
X-Az
X-AppVersion
X-Activity-Id
X-Language
X-Id
ServerID
X-Original-Request-Id
Host
VIX-Pulpo-Upstream-Status
X-Cache-Rule
Akamai-GRN
X-ARC
X-EdgeConnect-Cache-Status
Filterid
X-Http-Reason
X-Response-Served-From
VIX-Pulpo-Node
X-Rule
X-N
X-Edge-Location
Protected
X-Kong-Upstream-Latency
X-Status
X-Kong-Proxy-Latency
X-Rocket-Nginx-Serving-Static
X-Varnish-Age
X-User-Agent
X-Akamai-Request-ID2
X-Instance
X-UUID
X-FW-Dynamic
X-FW-Hash
X-Load-Cache
X-FW-Static
Amp-Access-Control-Allow-Source-Origin
X-Environment-Context
X-Framework
X-Region
X-L-Path
X-FW-Version
X-FW-Server
Server-Name
From-Origin
Fastly-SIE
Fastly-SWR
Front
X-Cache-Grace
X-FW-Type
X-FW-Serve
X-Time
X-Unique-Id
X-Jobs
SD-X-WS
Access-Control-Request-Headers
X-Cache-Time
X-Cacheable-TTL
X-Cache-Age
Country
X-Varnish-Server
X-Page-View
X-Cache-Control
X-Type
X-Www-Served-By
X-Adobe-Content
X-Adobe-Loc
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-G
X-Trace-Id
X-ProcessESI
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Tumblr-User
X-Is-Bot
X-RemovedCookies
X-Rendered-As
X-Proxy
Refresh
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-CDN-Forward
X-Datadog-Sampled
X-Mg-Request-UUID
X-Amzn-Remapped-Content-Length
X-DataDome
X-Debug-IsPreview
X-Vcache
X-Debug-IsConnected
X-Source
X-Drupal-Cache-Tags
X-ECache
Version
X-Signature
X-B-Cache
Content-Disposition
X-Oracle-Dms-Ecid
Accept-Language
X-Oracle-Dms-Rid
Xet-Cookie
Backend
Countrycode
X-Nf-Request-Id
X-WP-CF-Super-Cache-Cache-Control
X-Varnish-Ttl
X-HTML-Minification-Powered-By
X-Generated-By
X-WP-CF-Super-Cache
X-DynaTrace-JS-Agent
CF-IPCountry
X-DynaTrace
X-Erf-Web-Scheduler
Webserver
X-ID
X-Nginx-Cache
X-Xrds-Location
X-XRDS-LOCATION
X-Servername
X-Mode
Url
X-Httpd
X-Upgrade-Enabled
Xserver
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
GEO-INFO
X-Template
X-Storage
X-Proto
X-LAGOON
X-Rewrite-Enabled
X-Content-Age
X-Urbn-Context-Path
Azure-SlotName
Locale
X-NYM-Debug-Backend
Meta-Geo
X-Cache-Operation
X-GeoCountry
X-GeoCode
X-Device-Type
S-Rt
X-UPSTREAM-Address
Onion-Location
X-JoinUs
Load-Balancing
X-Tb
X-SaId
X-SayCDN-TTL
X-Say-TTL
Filters
X-ServerID
Azure-Version
Fastcgi-Useragent
X-Varnish-Cache-Hits
Azure-SiteName
X-Urbn-Site-Id
Azure-RegionName
X-Say-Cacheable
Azure-InstanceId
X-Cache-Action
X-VC-Cache
X-Git-Commit
X-Director
X-Varnish-Hostname
X-Tt-Logid
X-Content-Powered-By
X-Forwarded-Host
X-RM-Cache-TTL
X-Container-Uri
X-PHP-Host
X-Cluster-Node
X-Labrador-Cache-Channel
Uber-Trace-Id
X-Cache-Server
Web-Mar-Node
OT-Force-Account-Verify
X-Ms-Version
X-Ms-Request-Id
X-VCT
X-Sql-Count
X-Served-From
X-Soup
X-Logging-Id
X-Sql-Duration-Ms
X-Generation-Time
X-RCS-CacheZone
Mn-Server-Ip
X-R9-Blue-Green-Version
X-Routing-Service
X-FB-TRIP-ID
DB-Nickname
X-Skip-Cache
X-Origin-Hint
TWC-Privacy
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
X-Proxied
Node
Property-Id
X-Debug
Webcakes-App-Name
Webcakes-App-Version
X-Zipkin-Id
X-Sucuri-ID
X-Lambda-Id
X-LSADC-Cache
X-Sucuri-Cache
X-Adobe-Source
TWC-GeoIP-LatLong
Webcakes-Region
X-Zen-Fury
X-URL
X-Extlb
X-Tumblr-Pixel-3
X-Fetched-On
X-Format
X-Tumblr-Pixel-2
X-Proxy-Build
X-Timing-Wait
X-Uri
Selected-Fe
X-Drupal-Cache-Contexts
X-MCACHE
Liferay-Portal
X-Detected-As
X-Loop
X-Tncms
CDN-RequestId
X-Srv
X-B3-SpanId
X-Hcs-Proxy-Type
X-Rn-Rsrv
Source
X-CCDN-CacheTTL
X-Endurance-Cache-Level
X-CCDN-Origin-Time
X-Origin-Date
X-MP-GENERATED-AT
X-Redis-Cache
X-Cache-Hit
Cross-Origin-Window-Policy
X-Fastly-Request-Id
Fastly-Drupal-HTML
X-Ua
X-Varnish-Hits
X-TimeS
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
Upgrade-Insecure-Requests
X-Cache-Expired-At
X-Pass-Why
X-Ratelimit-Reset
Content-Secure-Policy
X-S
X-Real-IP
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Node-Name
X-Origin-TTL
X-Origin-CC
X-Akamai-Transformed
X-Pubstack
X-Newrelic-Synthetics
X-CACHE-AGE
CDN-Uid
CDN-RequestPullSuccess
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
X-Server-W
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullCode
X-Datadome
X-Hl-Ver
X-Via-JSL
X-RTag
Ms-Operation-Id
X-CSRF-Token
X-GEO
Cache-Provider
MS-CV
X-AIR-PT
X-Cache-Host
X-Parent-Response-Time
X-Handled-By
CPC-Age
Fastly-GeoIP-CountryCode
X-Csrf-Jwt
X-Date
X-D
CPC-Cache
Fastly-Backend-Name
WP-Super-Cache
DCR-Decision-By
X-CGP
X-Has-Esi
X-CF-Lambda-Version
X-Conf
DCR-Processing-Time-Ms
X-FC-Vary-Parameters
X-Debug-Cache-Store
BehaviorPad-Version
X-Ec-Fail
Candidate-Md5Url
X-CF-Lambda-Fn
X-Developer
X-Destination
Canary
X-Ec-GeoHdr
Apigw-Requestid
X-Dispatcher-Number
X-Forwarded-Path
X-Gdpr
X-Fastly-Backend
X-External-Request-Id
X-Epic-Correlation-Id
X-Eu-Site
X-Debug-Cache-Fetch
L
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dgt
Sslversion
X-A-Dcw
X-Aed
Server-Host
X-Application
Redirect-Candidate
X-App
Rendered-Blocks
X-A-Dam
Surrogated-Key
We-Hiring
W
Vix-Hermes-Req-Id
VNS-Age
True-Client-Country-4JS
Web-Mar-Region
T-Server
X-A-Ccd
X-Xfnlog-Site
X-A
X-B-Cookie
X-Bc-Bl
X-Cache-NE
ServedBy
L5d-Success-Class
Lang
X-Cache-Type
X-CacheTTL
X-Cdn-Diag
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
X-Cache-Info
Magicmarker
Ngx.Var.Host
X-Bl-Debug
Odigeo-Trace-Id
X-BCube-Filmed-By
NGB
N-Cache
Mail-Subject
MD5-Digest
X-Cache-Bucket
Meta-Geo-Continent
Gannett-Cam-Experience-Id
X-Is-Gdpr
X-Worker
Cache-Name
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Wikidot-Static-Cache
X-Vtex-Remote-Cache
X-Policy
VNS-Cache
X-Optimistic-Header
X-Orig-Expires
X-SRCache-Key
X-Wikidot-Backend
X-RateLimit-Limit-Second
X-Rojux
X-S-Cookie
X-Presslabs-Stats
X-ScT
X-Restarts
X-Request-Host
X-Shop-Environment
X-We-Are-Hiring
X-RateLimit-Remaining-Second
X-Reqid
X-Nyt-Route
X-Origin-Time
X-Var-Ttl
X-Vdms-Path
X-JWT-State
X-Mvc-Supplant-Cachable
X-Viewer-Country
Xc-Version
X-IPLB-Instance
X-Tenant
X-Vdms-Version
X-IPLB-Request-ID
X-VG-WebCache
X-Shopify-Stage
X-BYPASS-REASON
X-Up
X-ShopId
X-ShardId
X-Varnish-Remaining-TTL
X-SD-PageType
X-Varnishpool
X-Server-IP
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Origin-Agent-Cluster
X-Variation
X-Tx-Id
X-Vmg-Version
X-Test
X-Cache-Id
X-Storefront-Renderer-Rendered
X-ApacheServer
X-SVT-ORM-VERSION
X-Alternate-Cache-Key
X-Accel-Buffering
X-Thanos
X-App-Name
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Bip
X-Thinkindot-L3
X-BBC-Edge-Cache-Status
X-Sorting-Hat-ShopId
X-Auto-Login
X-Sorting-Hat-PodId
X-VG-TLSProxy
X-Cdn-Origin
X-NGENIX-Cache
X-Esi-Check
X-Mly-Id
X-Mid
X-Nitro-Cache
X-No-Session
X-Old-Content-Length
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Node-Id
X-Loc
X-Fmm-Version
X-Gzip
X-Irp-Debug
X-Hash
X-Human
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Level-Front-Cache
X-Generated-On
X-Geo-Header
X-DefHash
X-DefElseHash
X-ProxyCache-Status
X-ProxyCache-Key
X-Clara-WADP
X-Clientip
X-Qloud-Router
X-INCAP-ABP
X-Request-Time
X-WADP-Cache
X-Refresh
X-Cms-Context
X-CMSURLCustom
X-PERF
X-PAYTM-SRV-ID
X-Owner
X-Org
X-Platform
X-Core-Value
X-Wix-Viewer-Type
X-Pool
X-Core-Mission
X-S-Maxage
Thinkindot-CacheControl
Producers
Platform
Release
Req-Svc-Chain
Cmsid
Hostname
Is-Eu
Cf-Device-Type
AKAMAI
Memcached
Origin
Adler-Geo
Machine
Cmstype
Host-ID
Cache-Hits
Thinkindot-CacheControl-Type
Environment
Thinkindot-Control
Expect-Staple
TDXMobile
Datacenter
Fastly-SSL
User-Cache-Control
X-Correlation-ID
AMP-Access-Control-Allow-Source-Origin
X-TIME
Apple-News-Services-Request-Url
X-Dispatcher-Server
Apple-News-Services-Parsed-Url
Country-Code
CloudFront-Viewer-Country
CDCHOST
DSUID
X-Device-Os
X-VServer
X-Nananana
X-Mvc-Supplant-OutputCached
X-LJ-Flow-ID
X-Nginx-Cache-Key
X-Origin
X-Scale
X-PHP-Backend
X-Origin-Response-Time
X-NodeID
X-Hnp-Log
X-VWS-Id
X-WA-Info
Apple-News-Services-Handled
X-Cluster
X-Forwarded-Site
X-GeoIP
X-Gen-Mode
X-From
Apple-News-Services-Host
X-Vcl-Version
X-Cache-Debug
X-Block-Status
NM-Fastcgi-Cache
X-Cdn-Srv
X-AWS-Id
Esi-Enabled
X-Akamai-Device-Characteristics
C-Via
X-Cache-Status-Check
X-Instance-Name
Origin-CC
Origin-EX
Pics-Label
Ssr
X-Proxy-Cache-Status
X-Cache-Enabled
Server-Ext
Server-Hostname
X-Op-Id-All
Server-Info
Wxu-Next-Hostname
X-Section
Wxu-Next-Commit
Wxu-Next-Region
X-NCache
X-B3-Spanid
X-Access
Sever-Int
X-LB-NoCache
X-API-Version
Server-ID
X-TIM-N
X-Amz-Meta-Cb-Modifiedtime
Time
Memory
X-Dc
X-Micro-Cache
NGX
X-Via-Fastly
X-CACHE-GROUP
X-HA-Backend
X-Cs
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Internal-Host
X-Wp-Cf-Super-Cache-Active
X-AB
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Varnish-Beresp-Grace
X-Azure-Ref-OriginShield
X-FTR-Request-ID
X-Varnish-Beresp-Ttl
Cdn-Requestid
X-Geo-Region
X-Webkit-Csp-Report-Only
X-Vgn-Hpd-Reason
GeoIP-Latitude
X-ZONE
X-Zone
Location
X-Buckets
X-Web-Node
X-Origin-Expires
X-Microcachable
Cache-Host
X-Fpc
X-SIPLIST1
IsBot
X-B3-Parentspanid
X-Accel-Version
XM
X-Backend-Instance
X-TraceId
X-WP-CF-Super-Cache-Active
X-Github-Request-Id
Sid
X-DC
X-Pod-Name
X-DataCenter
X-HN
X-VarnishDD-TTL
Uri
PFcat
X-Browser-Name
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Desktop
X-Is-Mobile
X-Tcp-Rtt
CF-Ctrl
User-Agent
X-Cached-By
Resin-Trace
X-Info
X-Ad-Defer-Variation
YJS-ID
X-LiteSpeed-Cache-Control
X-TA-CDN-Provider
True-Client-Ip
X-Via-SSL
X-Site-Version
X-FL-QIT-DEBUG
A
X-FL-EDGE
Edge-Copy-Time
Locid
X-Via-Edge
X-Via-CDN
X-Locale
Srvid
X-VCache
GeoIP-Country-Code
X-Nitro-Rev
X-Nitro-Cache-From
X-NGINX-Cache
X-Contensis-Viewer-Groups
Cdn
X-Cache-ASPX
Epwk-X-Cache
X-ATG-Version
X-Hyper-Cache
X-Moov-T
X-Moov-Xdn-Version
X-FireWall-Port
GeoIp-Country-Code
X-Geo
XServer
X-Frame-Option
Cache-Key
X-CS
X-Varnish-Authentication
X-CSRF-TOKEN
X-NewRelic-App-Data
X-Webstats-RespID
X-Service
True-Client-IP
X-Datacenter
X-MSEdge-Flight
X-MSEdge-Features
SID
X-Upstream-Ct
X-Upstream-Ht
NtCoent-Length
X-TRACE-ID
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Origin-Cache-Key
Fastly-Drupal-Html
X-Planisys-CDN-TTL
X-Platform-Server
X-FPC
State
Path
X-HS-Content-Campaign-Id
X-VC
X-HostName
Lb
Tcn
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-SRV
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-Vercel-Id
X-LiteSpeed-Tag
X-Release
X-Fastly-Cache
X-Vercel-Cache
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Api-Version
X-APP-VERSION
Cf-Ipcountry
CountryCode
Req-ID
X-Amz-Meta-Opti
X-AK-Request-ID
Cdnsip
Cdncip
WZWS-RAY
X-NMSegId
M-TraceId
X-Pad
X-Cache-Remote
X-Rocket-Build-Number
X-Generated-In
X-Esi
X-Sigma
LB
X-Sigma-Backend
X-Air-Pt
X-Cdn-Request-ID
X-Cache-Ttl
X-Wp-Cf-Super-Cache
Cache
X-Provided-By
X-UA
X-HS-Status
X-Wp-Cf-Super-Cache-Cache-Control
X-Ad-Load-Variation
WebServer
X-Traceid
Cluster
X-Branch-Name
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-WP-CF-Super-Cache-Cookies-Bypass
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-NWS-UUID-VERIFY
X-Proxy-CacheRZ
Pramga
X-Request-Start
X-Scope-Id
XkeyRZ
X-M-Reqid
Content-Style-Type
X-M-Log
Content-Script-Type
Yak-Timeinfo
X-GeoIP-City
X-Gamma-Serve
Proxy-Connection
X-GoCache-CacheStatus
X-Scheme
X-CACHE-KEY
X-RN-RSRV
CDN
X-Cdn-Forward
Srv
X-Vc
X-Cdn-Cache-Status
X-Qnm-Cache
X-Varnish-Beresp-Status
X-Tim-N
X-Shield-Cache-Expires
X-Akamai-Pragma-Client-IP
Geoip-Latitude
X-Lb-Cache
X-Ha-Backend
Server-Id
CF-Cached-On
Env
X-Cache-Date
Edge-Cache
X-Request-URI
Ohc-File-Size
Ngx
Serverid
X-TT-LOGID
X-Dw-Trace-Id
X-Acquia-Purge-Tags
X-Via-Ucdn
Kp-EeAlive
X-Acquia-Site
X-Acquia-Application-Trace
X-Edge-POP
X-EC-Lua
X-Acquia-Application-UUID
X-CF-Cache-Header-Cache-Control
PICS-Label
X-Udemy-Cache-App-Namespace
X-VCL-Version
X-User
X-CF-Cache-Header-Vary
X-TH-Server
X-Lb-Nocache
X-CUA
X-Render-Time
Yjs-Id
X-Cached-Since
Log-Origin
Vha6-Origin
X-Litespeed-Cache-Control
Cache-Tv-Group
Inserted-Into-Cache-At
X-RAMCache
X-Snapshot-Date
CACHE-MISS-TO-ORIGIN
X-Edge-Pop
X-Fastly-Cache-Hits
X-Miniprofiler-Ids
X-MiniProfiler-Ids
X-Mobile-URL
X-Location
Cneonction
X-Iauth-Set-Uid
X-ElasticPress-Query