Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
CF-Ray
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-DNS-Prefetch-Control
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Request-ID
X-Dns-Prefetch-Control
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-XSS-PROTECTION
Status
Server-Timing
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Cache-Group
X-Robots-Tag
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Hacker
X-Proxy-Cache
X-UA-Device
X-Server
X-Rq
X-Vhost
X-Server-Powered-By
Allow
X-Age
X-Varnish-Cache
X-Ws-Request-Id
X-Dispatcher
X-Amz-Version-Id
EagleId
P3p
Nel
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Host
X-Node
Accept-CH
X-OneAgent-JS-Injection
X-WebKit-CSP
X-CST
X-Backend-Server
X-Server-Id
Surrogate-Control
X-Cache-Lookup
X-Nginx-Cache-Status
X-Readtime
Permissions-Policy
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
Accept-CH-Lifetime
Request-Id
X-Application-Context
X-Content-Security-Policy-Report-Only
X-Cloud-Trace-Context
X-Ua-Compatible
X-Trace
X-Response-Time
X-HW
X-Edge
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Xkey
X-Oneagent-Js-Injection
X-Midtier
Rating
X-ESI
X-Url
X-Amz-Server-Side-Encryption
X-ECACHE
X-Ruxit-Js-Agent
X-Mcache
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Upstream
X-Vcap-Request-Id
X-Country
Cache-Tag
X-D2id
X-MS-InvokeApp
X-Cdn-Fetch
X-Use-Magma
Verso
X-Element-Page-Cache
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Vname
X-PC
X-Rack-Cache
X-TtlSet
X-Litespeed-Cache
Accept-Ch
X-Powered-By-Plesk
Edge-Control
RTSS
Fastly-Restarts
X-Cache-TTL
X-Ac
X-VARITI-CCR
Origin-Trial
X-Navigation-Version
X-Abt-Application-Version
X-Country-Code
Service-Worker-Allowed
X-WebKit-CSP-Report-Only
X-Goog-Hash
X-Cached
X-Ttl
X-Middleton-Display
Pagespeed
X-Sol
Display
X-Browser-Type
X-GitHub-Request-Id
X-Amz-Rid
Cross-Origin-Opener-Policy
X-Webkit-CSP
X-Content-Type
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Varnish-TTL
X-Server-Name
X-Mg-S
X-Amzn-Trace-Id
X-Powered-CMS
X-Middleton-Response
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
Arr-Disable-Session-Affinity
Response
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
SPRequestDuration
SPIisLatency
X-Cache-Key
X-Kinja-CCPA
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-B3-TraceId
X-B3-Traceid
X-Times
X-Version
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-NWS-LOG-UUID
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-NF-Request-ID
X-Accel-Expires
Cache-Tags
X-T
X-Fastly-Request-ID
Cache-Status
Front-End-Https
X-Cnection
Nginx-Cache
Edge-Cache-Tag
X-MSEdge-Ref
X-Client-IP
X-Aspnetmvc-Version
X-Hits
X-RateLimit-Remaining
X-Fastcgi-Cache
X-Ser
X-Px
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Public-Key-Pins
Payment
X-Recruiting
X-LLID
X-Request-Processing-Time
X-Frontend
X-Request-Received
Server-Node
X-Ua-Browser
X-RateLimit-Limit
X-FastCGI-Cache
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-Shield-Request-Id
X-DIS-Request-ID
TP-Cache
X-Server-ID
S
X-Goog-Metageneration
X-GUploader-UploadID
MicrosoftSharePointTeamServices
Access-Control-Request-Method
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-Amz-Apigw-Id
X-Amzn-RequestId
X-LB-Cache
X-Content-Digest
Content-MD5
X-Protected-By
X-Microsite
X-Request-Handler-Origin-Region
X-Distributor
TP-L2-Cache
X-Page-Id
Access-Control-Allow-Method
X-FB-Debug
Accept-Charset
X-Ezoic-Cdn
Realpath
X-Forwarded-For
X-PressLabs-Stats
X-Cluster-Name
Fastcgi-Cache
X-Rid
X-Geo-Country
X-Hostname
X-B3-Sampled
X-Seen-By
X-Webkit-Csp
X-Aspnet-Version
X-Ratelimit-Remaining
X-Ua-Device
Cleartype
X-Correlation-Id
Referer-Policy
X-Envoy-Decorator-Operation
X-Webkit-CSP-Report-Only
X-Mobile
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Newrelic-App-Data
X-Goog-Stored-Content-Encoding
DC
TCN
Cross-Origin-Resource-Policy
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Daa-Tunnel
X-Content-Options
X-Debug-Info
X-Origin-Cache
Count-Hit
X-Ratelimit-Limit
X-Varnish-Backend
X-Contextid
X-Varnish-Grace
X-Logged-In
X-Revision
X-Request-Guid
X-Aspnet-Duration-Ms
X-App-Environment
X-Is-Crawler
X-Amz-Replication-Status
X-Flags
X-Route-Name
Surrogate-Key
X-IPS-LoggedIn
X-Providence-Cookie
X-Fb-Rlafr
X-Grace
X-Git-Hash
X-App-Server
X-Azure-Ref
X-Hosted-By
X-TTL
X-TT
X-Origin-Server
X-Amz-Meta-S3cmd-Attrs
Frame-Options
X-XRDS-Location
X-Forwarded-Proto
X-Client-Ip
Alternate-Protocol
X-Kinsta-Cache
X-Edge-Location-Klb
X-Wix-Request-Id
X-Whom
WPO-Cache-Message
WPO-Cache-Status
Retry-After
Healthy
X-RateLimit-Reset
X-F-Cache
Charset
X-Akamai-Edgescape
Viewport
X-Backend-Name
Section-Io-Cache
X-Magnolia-Registration
MS-Author-Via
X-B
Paypal-Debug-Id
X-App-Version
X-COUNTRY
SRV
X-Proxy-Cache-Info
X-Activity-Id
X-AppVersion
X-Az
X-Language
X-Id
ServerID
X-Rule
X-Http-Reason
X-ARC
X-Response-Served-From
X-Original-Request-Id
X-Instance
X-N
X-EdgeConnect-Cache-Status
VIX-Pulpo-Node
SD-X-WS
X-Cache-Rule
VIX-Pulpo-Upstream-Status
Host
Filterid
Akamai-GRN
X-Kong-Upstream-Latency
X-Varnish-Age
X-Edge-Location
Front
X-User-Agent
X-Kong-Proxy-Latency
X-UUID
X-Rocket-Nginx-Serving-Static
X-Status
X-Cache-Grace
X-Akamai-Request-ID2
Protected
X-Load-Cache
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Framework
From-Origin
X-Cacheable-TTL
X-Environment-Context
X-FW-Server
Fastly-SWR
Fastly-SIE
X-L-Path
Amp-Access-Control-Allow-Source-Origin
X-Page-View
Server-Name
X-Rendered-As
X-FW-Static
X-Unique-Id
X-Jobs
X-FW-Type
X-Time
X-FW-Version
X-Region
X-Is-Bot
X-Type
X-Adobe-Loc
X-Adobe-Content
X-Varnish-Server
Access-Control-Request-Headers
Country
X-Cache-Time
X-Www-Served-By
X-Cache-Control
X-Cache-Age
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-RemovedCookies
X-Tumblr-Pixel
X-Datadog-Parent-Id
X-ProcessESI
X-G
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Trace-Id
X-Proxy
Refresh
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-CDN-Forward
X-Datadog-Sampled
X-Mg-Request-UUID
X-Amzn-Remapped-Content-Length
X-DataDome
X-Vcache
X-Debug-IsConnected
X-Debug-IsPreview
X-Source
X-ECache
X-Drupal-Cache-Tags
Version
X-Signature
X-B-Cache
Content-Disposition
X-Oracle-Dms-Ecid
X-Varnish-Ttl
Accept-Language
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Oracle-Dms-Rid
Xet-Cookie
Countrycode
Backend
X-Nf-Request-Id
X-Generated-By
X-HTML-Minification-Powered-By
CF-IPCountry
X-DynaTrace-JS-Agent
Webserver
X-DynaTrace
X-Erf-Web-Scheduler
X-XRDS-LOCATION
X-ID
X-Xrds-Location
X-Nginx-Cache
X-Mode
X-Servername
Url
X-Httpd
X-Upgrade-Enabled
X-Tt-Trace-Tag
X-Tt-Trace-Host
Xserver
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
GEO-INFO
X-Template
X-Storage
X-Content-Age
X-Device-Type
X-Cache-Operation
X-GeoCountry
X-GeoCode
X-Director
Meta-Geo
Filters
Load-Balancing
Fastcgi-Useragent
Azure-Version
X-JoinUs
X-LAGOON
Locale
X-Tb
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Onion-Location
S-Rt
X-Cache-Action
X-Urbn-Context-Path
X-SayCDN-TTL
X-ServerID
X-Rewrite-Enabled
X-Say-TTL
X-Say-Cacheable
X-SaId
X-Proto
X-UPSTREAM-Address
X-NYM-Debug-Backend
X-Varnish-Cache-Hits
X-Urbn-Site-Id
Uber-Trace-Id
X-Varnish-Hostname
X-VC-Cache
X-Container-Uri
X-Content-Powered-By
X-Soup
X-Cluster-Node
X-Forwarded-Host
X-Tt-Logid
X-Labrador-Cache-Channel
X-PHP-Host
X-Git-Commit
X-RM-Cache-TTL
OT-Force-Account-Verify
X-Detected-As
X-Ms-Version
X-Cache-Server
X-Adobe-Source
X-Ms-Request-Id
X-Logging-Id
X-Sql-Count
X-VCT
X-Sql-Duration-Ms
X-Served-From
X-Generation-Time
Web-Mar-Node
TWC-GeoIP-LatLong
X-LSADC-Cache
DB-Nickname
Webcakes-App-Name
X-Zipkin-Id
TWC-GeoIP-Country
Property-Id
TWC-Device-Class
Mn-Server-Ip
TWC-Privacy
Node
X-URL
TWC-Connection-Speed
X-Zen-Fury
Webcakes-App-Version
X-Debug
X-RCS-CacheZone
X-Routing-Service
X-FB-TRIP-ID
X-R9-Blue-Green-Version
X-Proxied
X-Lambda-Id
X-Origin-Hint
Webcakes-Region
X-Extlb
X-Skip-Cache
X-Sucuri-ID
TWC-Locale-Group
X-Sucuri-Cache
X-Tumblr-Pixel-3
X-Uri
X-Proxy-Build
X-Timing-Wait
X-Fetched-On
X-Format
X-Tumblr-Pixel-2
Selected-Fe
X-Drupal-Cache-Contexts
X-MCACHE
Liferay-Portal
X-Loop
X-Tncms
CDN-RequestId
X-Rn-Rsrv
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-B3-SpanId
X-Srv
X-Endurance-Cache-Level
Source
X-CCDN-CacheTTL
X-Cache-Hit
Cross-Origin-Window-Policy
X-MP-GENERATED-AT
X-Redis-Cache
X-Origin-Date
X-Fastly-Request-Id
Fastly-Drupal-HTML
X-Varnish-Hits
X-Ua
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-TimeS
X-Pass-Why
X-Cache-Expired-At
Upgrade-Insecure-Requests
X-S
Content-Secure-Policy
X-Ratelimit-Reset
X-Real-IP
X-Cache-TTL-Remaining
X-UA-Device-Type
X-Origin-TTL
X-Node-Name
X-Akamai-Transformed
X-Origin-CC
X-Pubstack
X-CACHE-AGE
X-Newrelic-Synthetics
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
X-Server-W
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-Cache
CDN-Uid
CDN-CachedAt
X-Via-JSL
X-Datadome
X-Hl-Ver
MS-CV
X-GEO
Cache-Provider
Ms-Operation-Id
X-RTag
X-CSRF-Token
X-Handled-By
X-AIR-PT
X-Parent-Response-Time
X-Cache-Host
X-BCube-Filmed-By
Lang
L5d-Success-Class
L
X-Bc-Bl
X-App
X-Application
X-B-Cookie
HA-Ipaddr
Magicmarker
X-Bl-Debug
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
DCR-Processing-Time-Ms
DCR-Decision-By
CPC-Cache
Fastly-SSL
Gannett-Cam-Experience-Id
X-Cache-Info
X-Cache-Bucket
Ha-Gx-Prefs
X-Cache-NE
Gh-Request-Id
X-Aed
X-A-Wwc
Ngx.Var.Host
Odigeo-Trace-Id
VNS-Age
VNS-Cache
NGB
Vix-Hermes-Req-Id
True-Client-Country-4JS
Sslversion
Server-Host
Surrogated-Key
T-Server
Redirect-Candidate
N-Cache
W
Mail-Subject
X-A-Dam
X-A-Dcw
X-A-Dgt
Rendered-Blocks
X-A-Ccd
X-A
Meta-Geo-Continent
We-Hiring
MD5-Digest
Web-Mar-Region
X-Accel-Expires-Debug
X-Conf
X-Nyt-Route
X-VG-WebCache
X-Mvc-Supplant-Cachable
X-Optimistic-Header
X-Orig-Expires
X-Policy
X-Origin-Time
X-JWT-State
X-Viewer-Country
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Has-Esi
X-IPLB-Instance
X-Is-Gdpr
X-IPLB-Request-ID
X-RateLimit-Limit-Second
X-Vdms-Version
X-SD-PageType
X-ScT
X-Shop-Environment
X-Slack-Backend
X-Tenant
X-Slack-Shared-Secret-Outcome
X-S-Cookie
X-Rojux
X-Vdms-Path
X-RateLimit-Remaining-Second
X-Reqid
X-Request-Host
X-Restarts
X-Var-Ttl
X-Gdpr
X-Forwarded-Path
X-SRCache-Key
X-Wikidot-Static-Cache
X-Csrf-Jwt
X-Wikidot-Backend
X-D
X-We-Are-Hiring
X-Worker
X-Xfnlog-Site
X-CF-Lambda-Fn
X-Cdn-Diag
X-CF-Lambda-Version
Xc-Version
X-Cms-Context
X-CGP
X-Date
X-Debug-Cache-Fetch
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Eu-Site
X-External-Request-Id
X-FC-Vary-Parameters
X-Fastly-Backend
X-Ec-Fail
X-Vtex-Remote-Cache
X-Destination
X-Debug-Cache-Store
X-Developer
X-Dispatcher-Number
X-Ec-Custom-Error
CPC-Age
X-CacheTTL
X-Cache-Type
Canary
X-Presslabs-Stats
WP-Super-Cache
Apigw-Requestid
Candidate-Md5Url
BehaviorPad-Version
Cache-Name
ServedBy
X-Alternate-Cache-Key
X-Human
X-INCAP-ABP
X-Hash
X-Geo-Header
X-Generated-On
X-Irp-Debug
X-Gzip
X-Loc
X-No-Session
X-Node-Id
X-Old-Content-Length
X-Nitro-Cache
X-NGENIX-Cache
X-Mid
X-Mly-Id
X-Fmm-Version
X-ApacheServer
X-Cache-Id
X-Cdn-Origin
X-Clara-WADP
X-Cache-Debug
X-BYPASS-REASON
X-App-Name
X-BBC-Edge-Cache-Status
X-Bip
X-Clientip
X-CMSURLCustom
X-DefHash
X-DPWN-IS-SECURE
X-Auto-Login
X-Org
X-DefElseHash
X-Core-Mission
X-Core-Value
X-Esi-Check
X-PERF
X-Up
X-Variation
X-Varnish-CookieHashed-On
X-Tx-Id
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Test
X-Thanos
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Wix-Viewer-Type
Cache-Hits
Origin-Agent-Cluster
X-WADP-Cache
X-VServer
X-Varnishpool
X-VG-TLSProxy
X-Vmg-Version
X-SVT-ORM-RULES
X-Storefront-Renderer-Rendered
X-ProxyCache-Status
X-Qloud-Router
X-Refresh
X-ProxyCache-Key
X-Pool
X-PAYTM-SRV-ID
X-Accel-Buffering
X-Platform
X-Request-Time
X-S-Maxage
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-Server-IP
X-ShardId
X-Owner
X-Level-Front-Cache
AKAMAI
Cmsid
TDXMobile
Cf-Device-Type
Origin
Is-Eu
Thinkindot-CacheControl
Cmstype
Thinkindot-CacheControl-Type
Hostname
Datacenter
Thinkindot-Control
Host-ID
Machine
Req-Svc-Chain
Release
Memcached
Expect-Staple
Platform
Adler-Geo
Environment
Producers
User-Cache-Control
X-Correlation-ID
AMP-Access-Control-Allow-Source-Origin
X-TIME
X-Dispatcher-Server
Country-Code
X-Nananana
Sever-Int
X-Origin-Response-Time
Apple-News-Services-Parsed-Url
X-Origin
Apple-News-Services-Request-Url
DSUID
X-Cluster
Esi-Enabled
X-LJ-Flow-ID
Apple-News-Services-Host
X-Cdn-Srv
X-WA-Info
X-Akamai-Device-Characteristics
X-PHP-Backend
X-GeoIP
CloudFront-Viewer-Country
Apple-News-Services-Handled
X-NodeID
CDCHOST
X-Hnp-Log
X-Mvc-Supplant-OutputCached
X-Nginx-Cache-Key
X-Vcl-Version
X-AWS-Id
Server-Ext
X-Forwarded-Site
X-VWS-Id
X-Block-Status
Server-Hostname
X-From
X-Gen-Mode
NM-Fastcgi-Cache
X-Scale
X-Device-Os
Wxu-Next-Commit
X-Section
X-Proxy-Cache-Status
C-Via
Server-Info
X-Instance-Name
X-LB-NoCache
Origin-EX
X-Cache-Status-Check
X-Cache-Enabled
X-B3-Spanid
X-Access
Origin-CC
Wxu-Next-Hostname
Wxu-Next-Region
X-NCache
Pics-Label
X-Op-Id-All
Ssr
X-API-Version
X-TIM-N
Time
X-Amz-Meta-Cb-Modifiedtime
Server-ID
Memory
X-Dc
X-Micro-Cache
NGX
X-HA-Backend
X-Via-Fastly
X-CACHE-GROUP
X-Cs
X-Internal-Host
X-FTR-Request-ID
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Tb-Optimization-Total-Bytes-Saved
X-Wp-Cf-Super-Cache-Active
X-AB
X-Azure-Ref-OriginShield
X-Varnish-Beresp-Ttl
X-Vgn-Hpd-Reason
X-Platform-Router
X-Platform-Cluster
X-Varnish-Beresp-Grace
X-Platform-Processor
Cdn-Requestid
X-Webkit-Csp-Report-Only
X-Geo-Region
X-ZONE
X-Zone
GeoIP-Latitude
Location
X-Buckets
X-Web-Node
Cache-Host
X-Fpc
IsBot
X-Origin-Expires
X-B3-Parentspanid
X-Microcachable
X-SIPLIST1
X-WP-CF-Super-Cache-Active
X-Accel-Version
X-TraceId
X-DC
X-Backend-Instance
XM
Sid
X-Github-Request-Id
X-VarnishDD-TTL
X-DataCenter
Uri
X-Pod-Name
PFcat
X-HN
X-Tcp-Rtt
X-Browser-Name
X-Is-Supported-Browser
X-Is-Desktop
X-Is-Tablet
X-Is-Mobile
CF-Ctrl
User-Agent
X-Ad-Defer-Variation
Resin-Trace
X-Cached-By
YJS-ID
X-Info
X-LiteSpeed-Cache-Control
X-TA-CDN-Provider
Edge-Copy-Time
X-VCache
X-Via-CDN
A
X-Via-Edge
X-FL-EDGE
X-FL-QIT-DEBUG
X-Locale
Srvid
Locid
True-Client-Ip
X-Via-SSL
X-Site-Version
X-Nitro-Rev
X-NGINX-Cache
X-Nitro-Cache-From
GeoIP-Country-Code
Cdn
X-Hyper-Cache
X-FireWall-Port
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-ATG-Version
GeoIp-Country-Code
Epwk-X-Cache
X-Moov-Xdn-Version
X-Moov-T
X-CS
X-Frame-Option
XServer
X-Varnish-Authentication
X-Geo
Cache-Key
X-CSRF-TOKEN
X-NewRelic-App-Data
X-MSEdge-Features
SID
X-MSEdge-Flight
X-Datacenter
X-Service
True-Client-IP
X-Webstats-RespID
X-Upstream-Ht
X-Upstream-Ct
NtCoent-Length
X-TRACE-ID
X-VC
Fastly-Drupal-Html
Path
X-Platform-Server
X-Planisys-CDN-TTL
State
X-Planisys-CDN-Rules
X-FPC
X-Planisys-CDN-Cache
X-Origin-Cache-Key
X-HS-Content-Campaign-Id
Lb
Tcn
X-HostName
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-SRV
X-FTR-Backend
X-Vercel-Id
X-Vercel-Cache
X-Vgn-Hpd-Cached
X-FTR-Balancer
Cdn-Request-Time
X-Country-Code-Real
Cdn-Host
X-Release
X-FTR-Expires
X-Fastly-Cache
X-Edge-Server
X-FTR-Backend-Server
X-FTR-Cache-Status
X-LiteSpeed-Tag
X-Api-Version
Cf-Ipcountry
CountryCode
X-APP-VERSION
X-Air-Pt
X-Pad
WZWS-RAY
X-Rocket-Build-Number
X-Generated-In
X-NMSegId
Req-ID
M-TraceId
X-Sigma
X-Amz-Meta-Opti
Cdncip
X-Cache-Remote
LB
X-Esi
Cdnsip
X-AK-Request-ID
X-Sigma-Backend
X-Cdn-Request-ID
X-HS-Status
X-Ad-Load-Variation
X-Branch-Name
Cluster
X-WP-CF-Super-Cache-Cookies-Bypass
X-Provided-By
X-Cache-Ttl
Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Traceid
X-UA
WebServer
X-Rebelmouse-Surrogate-Control
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Rebelmouse-Cache-Control
X-NWS-UUID-VERIFY
X-Scheme
X-M-Log
X-Gamma-Serve
Proxy-Connection
Yak-Timeinfo
Content-Style-Type
Content-Script-Type
X-GeoIP-City
X-M-Reqid
X-Request-Start
X-Scope-Id
XkeyRZ
Pramga
X-Proxy-CacheRZ
X-GoCache-CacheStatus
CDN
X-RN-RSRV
X-CACHE-KEY
Srv
X-Vc
X-Akamai-Pragma-Client-IP
X-Cdn-Cache-Status
X-Qnm-Cache
X-Cdn-Forward
X-Varnish-Beresp-Status
X-Shield-Cache-Expires
X-Tim-N
Geoip-Latitude
X-Lb-Cache
Ngx
Server-Id
X-Ha-Backend
X-Cache-Date
Env
Edge-Cache
Ohc-File-Size
X-Request-URI
CF-Cached-On
Serverid
X-TT-LOGID
X-CF-Cache-Header-Cache-Control
X-CUA
X-CF-Cache-Header-Vary
X-Edge-POP
X-Dw-Trace-Id
X-Render-Time
X-TH-Server
X-EC-Lua
Kp-EeAlive
X-Via-Ucdn
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Udemy-Cache-App-Namespace
X-VCL-Version
X-Lb-Nocache
X-Acquia-Application-Trace
X-User
PICS-Label
Yjs-Id
X-Mobile-URL
X-MiniProfiler-Ids
CACHE-MISS-TO-ORIGIN
Inserted-Into-Cache-At
X-Location
X-Iauth-Set-Uid
Cache-Tv-Group
X-Edge-Pop
X-Fastly-Cache-Hits
X-Snapshot-Date
Log-Origin
X-RAMCache
X-Miniprofiler-Ids
X-Litespeed-Cache-Control
X-ElasticPress-Query
Vha6-Origin
X-Cached-Since
Cneonction