Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Link
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-Request-ID
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Backend
X-Hacker
X-UA-Device
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
X-LiteSpeed-Cache
Grace
X-Dns-Prefetch-Control
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Amz-Version-Id
X-Pingback
X-Device
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
Cf-Railgun
X-Backend-Server
X-Node
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Content-Location
X-Ruxit-JS-Agent
Rating
X-B3-TraceId
X-Ua-Compatible
Accept-Ch-Lifetime
X-Country
X-Language
X-Cache-Lookup
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Url
X-Trace
X-Template
X-Ac
X-Content-Type
Allow
X-Vname
X-TtlSet
X-PC
X-Varnish-TTL
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-ESI
Cache-Tag
Fastly-Restarts
X-Server-Name
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
X-Buckets
X-Upstream
MS-Author-Via
X-Amz-Rid
Public-Key-Pins
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Aws-Lambda-Call-Status
X-Cache-TTL
X-Origin-Cache
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Arr-Disable-Session-Affinity
X-Aspnetmvc-Version
X-Px
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-Navigation-Version
X-Goog-Hash
X-NF-Request-ID
RTSS
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Accept-Ch
X-Version
X-Powered-CMS
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Server
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Kinja-Build
X-Use-Magma
X-Amz-Server-Side-Encryption
X-SRCache-Fetch-Status
X-Middleton-Response
Response
X-SRCache-Store-Status
X-MSEdge-Ref
AR-ATIME
AR-PoweredBy
AR-SID
AR-Request-ID
AR-CACHE
X-LLID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-RateLimit-Remaining
X-Shield-Request-Id
X-Protected-By
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-T
S
TCN
X-Forwarded-For
X-Content-Security-Policy-Report-Only
Content-MD5
X-Mg-S
X-TTL
X-Id
X-MCACHE
Realpath
Fastcgi-Cache
X-Mid
X-CST
Edge-Cache-Tag
X-Ttl
SPRequestDuration
SPIisLatency
Front-End-Https
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
Server-Node
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Parallel-Accel
X-Ab
X-Ua-Browser
X-Content
X-DynaTrace
X-Correlation-Id
Fusion-Template-Id
SPRequestGuid
Fusion-Source
Fusion-Component-Id
X-SharePointHealthScore
Server-Name
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-Ezoic-Cdn
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-ECACHE
Alternate-Protocol
X-Yandex-Sdch-Disable
X-Hits
X-Content-Options
X-Cache-Key
X-Ser
X-Page-Id
X-Tt-Trace-Host
Cache-Tags
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Git-Hash
Host
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cleartype
X-Accel-Expires
Charset
X-B3-Sampled
X-Fastly-Request-Id
X-Www-Served-By
X-Daa-Tunnel
X-Content-Digest
X-Amz-Replication-Status
X-Geo-Country
X-DIS-Request-ID
X-Amzn-Trace-Id
Filterid
TP-L2-Cache
X-ASPNET-VERSION
TP-Cache
X-Forwarded-Proto
X-Varnish-Age
X-VCache
X-Activity-Id
X-Az
X-Hostname
X-AppVersion
X-Debug-Info
X-Upgrade-Enabled
X-Rid
X-N
X-XRDS-LOCATION
X-Origin-Server
X-FB-Debug
Access-Control-Allow-Method
X-Grace
X-LB-Cache
X-WebKit-CSP-Report-Only
X-Nginx-Upstream-Cache-Status
ServerID
Cross-Origin-Opener-Policy
X-Mobile-URL
X-F-Cache
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Flags
X-Route-Name
X-Request-Guid
X-Ratelimit-Limit
X-Whom
X-TT
X-Origin-Upstream-Status
X-Goog-Generation
X-App-Environment
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Tb
X-GUploader-UploadID
X-Varnish-Grace
Viewport
Payment
X-App-Server
X-Distributor
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Static
X-FW-Type
DC
Node
Paypal-Debug-Id
X-Server-ID
X-NGENIX-Cache
X-Seen-By
X-Type
X-Cache-Control
X-Microsite
X-Request-Handler-Origin-Region
Fastcgi-Useragent
X-User-Agent
X-Logged-In
Accept-Charset
Country
X-Cache-Rule
X-Wix-Request-Id
X-Cache-Age
X-Litespeed-Cache
X-DataDome
Version
X-Webkit-CSP
X-Webkit-Csp
X-Browser-Type
X-Varnish-Backend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Drupal-Cache-Tags
X-Load-Cache
Referer-Policy
X-Via-JSL
X-Node-Name
X-Cache-Action
Refresh
X-Cluster-Name
SD-X-WS
X-Contextid
X-Tec-Api-Origin
Amp-Access-Control-Allow-Source-Origin
X-Response-Served-From
X-IPLB-Instance
X-Original-Request-Id
X-B-Cache
X-Tec-Api-Version
Access-Control-Request-Headers
Cache-Status
X-Signature
X-Tec-Api-Root
X-Rendered-As
X-Vgn-Hpd-Reason
X-Mobile
X-Page-View
X-Cacheable-TTL
X-Is-Bot
X-Real-IP
X-Proxy-Cache-Status
X-Cache-Expired-At
X-ProcessESI
X-Revision
X-Jobs
NGB
X-RemovedCookies
VIX-Pulpo-Node
X-UUID
X-B
VIX-Pulpo-Upstream-Status
X-Yottaa-Optimizations
X-Device-Type
X-Debug
X-Proxy
X-Rule
X-Yottaa-Metrics
X-Fastly-Request-ID
X-Drupal-Cache-Contexts
Surrogate-Key
X-Cache-Time
Akamai-GRN
X-Framework
X-Instance
X-G
X-Debug-IsConnected
X-PressLabs-Stats
X-Debug-IsPreview
CF-IPCountry
X-FW-Version
X-Fastcgi-Cache
DynaTrace
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
Liferay-Portal
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
SID
X-Azure-Ref
Healthy
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Source
X-Ms-Request-Id
X-Ms-Version
X-Ratelimit-Reset
Frame-Options
MS-CV
Ms-Operation-Id
X-RTag
X-CDN-Forward
X-Oneagent-Js-Injection
X-Nginx-Cache
Count-Hit
X-Ua-Device
GEO-INFO
X-Cache-Operation
X-APP-VERSION
X-Cache-Hit
X-Presslabs-Stats
X-Environment-Context
Uber-Trace-Id
X-L-Path
X-EdgeConnect-Cache-Status
Countrycode
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Accel-Buffering
Xserver
X-Varnish-Server
X-XRDS-Location
X-Region
X-Backend-Name
Section-Io-Cache
X-Servername
X-Zen-Fury
Ec-Rule-Version
X-Content-Powered-By
X-Forwarded-Host
X-Mode
Backend
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Cache-NGX
X-SaId
X-UPSTREAM-Address
Meta-Geo
X-RN-RSRV
X-JoinUs
X-Detected-As
X-Shopify-Stage
X-Cache-Grace
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Sql-Duration-Ms
X-Sql-Count
X-Redis-Cache
X-Human
Eomportal-Instance
Country-Code
X-Alternate-Cache-Key
X-Cache-Server
X-Hosted-By
X-Generation-Time
X-Tid
X-ShopId
X-Cache-Type
X-Varnish-Beresp-Grace
X-Uri
X-Extlb
X-Debug-Cache
X-FB-TRIP-ID
Mn-Server-Ip
Decoy-Debug-TTL
X-Cache-TTL-Remaining
X-NCache
Cache-Name
Protected
Cache-Tv-Group
X-Rewrite-Enabled
X-No-Session
X-Status
X-BYPASS-REASON
X-PHP-Backend
DB-Nickname
Decoy-Debug-Key
Apigw-Requestid
X-Site-Version
X-Via-Fastly
X-Zipkin-Id
X-ServerID
X-Routing-Service
X-Proxied
X-UA-Device-Type
X-ProxyCache-Key
X-ProxyCache-Status
Decoy-Debug-Status
X-Origin-Date
X-Microcachable
X-Adobe-Content
X-Adobe-Loc
X-Say-TTL
X-Storage
X-SayCDN-TTL
X-Server-W
Fastly-SSL
X-Soup
X-Proxy-Build
Url
X-Akamai-Edgescape
X-Cache-Host
X-OCL
Selected-Fe
X-Format
X-PCL
X-Origin-Hint
X-Say-Cacheable
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
TWC-Device-Class
X-Timing-Wait
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
Webcakes-Region
X-Web-Node
Webcakes-App-Version
Property-Id
X-ApacheServer
X-Hl-Ver
OT-Force-Account-Verify
X-NYM-Debug-Backend
X-Section
X-R9-Blue-Green-Version
Azure-RegionName
Azure-InstanceId
X-Varnishpool
X-PERF
Azure-SlotName
Azure-SiteName
X-Access
X-Pubstack
Azure-Version
Content-Secure-Policy
X-Be
X-RateLimit-Limit
X-Content-Age
X-Cluster-Node
X-Ua
X-LSADC-Cache
X-Azure-Ref-OriginShield
CDN-EdgeStorageId
CDN-PullZone
CDN-Cache
CDN-CachedAt
Source
SRV
X-NewRelic-App-Data
CDN-Uid
CDN-RequestCountryCode
CDN-RequestId
X-Hyper-Cache
X-Generated-By
Content-Disposition
X-Cached-By
X-Dc
X-Unique-Id
X-SRV
Cache
X-Trace-Id
LB
X-HTML-Minification-Powered-By
X-Nginx-Cache-Key
X-App-Version
X-LAGOON
X-Bc-Bl
X-TIME
Xet-Cookie
X-Amz-Meta-S3cmd-Attrs
X-Auto-Login
X-Origin-TTL
X-Origin-CC
X-Varnish-Hits
Retry-After
X-Varnish-Hostname
WPO-Cache-Message
WPO-Cache-Status
X-S-Maxage
X-GEO
Onion-Location
X-TT-LOGID
X-Cache-Var
X-Cache-Var-Map
X-Loop
X-TNCMS
Cache-Hits
X-Akamai-Transformed
X-Time
Mime-Version
Web-Mar-Node
X-ECache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Platform-Server
X-Cdn
X-Ratelimit-Remaining
X-Proto
HostName
X-Endurance-Cache-Level
X-Tenant
X-Time-Microsecs
X-Xfnlog-Site
X-AWS-Id
X-Cache-Remote
X-Cache-Tags
X-VWS-Id
X-LJ-Flow-ID
X-CSRF-Token
X-Edge-Location
X-M-Reqid
X-M-Log
X-Varnish-Cache-Hits
X-Qnm-Cache
Upgrade-Insecure-Requests
X-GG-Cache-Date
X-Request-Time
Webserver
CloudFront-Viewer-Country
ServedBy
X-AOL-HN
X-B3-SpanId
X-Mg-Request-UUID
X-Amz-Apigw-Id
X-PHP-Host
N-Cache
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-Xrds-Location
X-Request-Host
X-RCS-CacheZone
X-CACHE-KEY
X-EC-Lua
X-Via-NSCOPI
Fastcgi-X-Cache-Version
Expiry
A
Redirect-Candidate
DSUID
BehaviorPad-Version
DCR-Processing-Time-Ms
DCR-Decision-By
Pramga
Mobile-Detection-Method
Xc-Version
Odigeo-Trace-Id
Origin
Meta-Geo-Continent
X-V-Cache
X-Cluster
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-Conf
X-Processor
X-Ckpd-Fst-Backend
X-S
X-S-Cookie
X-CF-Lambda-Fn
X-Rojux
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-NAPM-TraceId
X-Ig-Push-State
X-ND-Cache
X-Orig-Expires
X-Origin-Response-Time
X-Hnp-Log
X-Gen-Mode
X-Developer
X-Destination
X-External-Request-Id
X-Forwarded-Path
X-Ftr-Request-Id
X-Cache-NE
X-Cache-Date
X-Vdms-Version
X-VG-WebCache
X-Vdms-Path
X-PAYTM-SRV-ID
X-TIM-N
X-A-Dgt
X-A-Dcw
X-A-Dam
X-Vtex-Remote-Cache
Surrogated-Key
X-Vtex-Processado-Em
X-A
X-A-Ccd
X-A-Wwc
X-Aed
X-Session-Fingerprint
X-B-Cookie
X-Block-Status
X-SD-PageType
X-ScT
X-ARC
X-Application
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-SRCache-Key
X-Slack-Backend
X-Shop-Environment
Rendered-Blocks
User-Cache-Control
X-Correlation-ID
X-Handled-By
Nel
X-Locale
X-MP-GENERATED-AT
From-Origin
X-FireWall-Port
X-Storefront-Renderer-Rendered
X-Epic-Correlation-Id
X-VServer
X-Device-Os
X-Date
Origin-EX
Origin-CC
X-Fastly-Cache
X-Fetched-On
Fastcgi-Cache-TTL
X-LI-UUID
X-Li-Fabric
X-Geo-Header
Gh-Request-Id
X-Forwarded-Site
X-Webstats-RespID
Host-ID
X-Li-Pop
X-Cache-Info
X-VC-Cache
V-Age
Wxu-Next-Region
X-Aicache-OS
Wxu-Next-Hostname
X-Accel-Expires-Debug
Wxu-Next-Commit
Vix-Hermes-Req-Id
Sslversion
L
X-Location
CDCHOST
X-Cache-Bucket
State
X-Server-IP
Traceparent
Release
X-Gdpr
AKAMAI
X-Origin-Time
CacheControlHeader
X-Varnish-Beresp-Status
WP-Super-Cache
X-Owner
X-Men
X-Origin-Expires
X-Old-Content-Length
X-Nyt-Route
X-Policy
X-Sucuri-ID
X-Scheme
X-Served-From
Cmsid
Cmstype
X-Skip-Cache
X-Mvc-Supplant-Cachable
X-Proxy-Upstream
X-Sucuri-Cache
X-Rocket-Nginx-Serving-Static
Arc-Country
Server-Info
Environment
AMP-Access-Control-Allow-Source-Origin
X-ATG-Version
X-Adobe-Source
X-Reqid
X-Region-Sid
Ssr
X-Gzip
X-Req
X-GeoIP-City
X-GeoIP
X-VG-TLSProxy
X-Bip
Locid
PFcat
X-Request-Start
Svr
X-Irp-Debug
X-Sigma-Backend
X-Sigma
X-Level-Front-Cache
X-HS-Content-Campaign-Id
X-Sn-Servicetimems
True-Client-Country-4JS
X-Rocket-Build-Number
X-Hash
X-Branch-Name
X-Generated-On
Apple-News-Services-Handled
X-Fastly-Backend
X-Viewer-Country
X-Thanos
X-Thinkindot-L3
X-Core-Mission
X-Datadog-Parent-Id
X-Core-Value
X-Esi-Check
X-TrackingId
X-Cdn-Origin
Apple-News-Services-Host
X-Node-Id
X-Cache-Config
X-Platform
X-Datadog-Trace-Id
X-Cache-Id
X-Gamma-Serve
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-TH-Server
X-Datadog-Sampling-Priority
X-BBC-Edge-Cache-Status
X-NodeID
X-HN
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-VarnishDD-TTL
Server-Host
Fastly-GeoIP-CountryCode
Req-Svc-Chain
Machine
Mail-Subject
Thinkindot-Control
TDXMobile
Web-Mar-Region
Fastly-Drupal-Html
X-Cache-Debug
We-Hiring
X-Cdn-Srv
X-Developers
X-Magnolia-Registration
X-NWS-UUID-VERIFY
X-Zone
Fastly-SIE
X-Request-URI
Fastly-SWR
X-DPWN-IS-SECURE
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-FC-Vary-Parameters
X-Is-Gdpr
Memcached
Is-Eu
X-Varnish-CookieHashed-On
X-Variation
NGX
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Response-By
X-Rebelmouse-Surrogate-Control
X-Varnish-CookieINHashed-On
Adler-Geo
Cf-Device-Type
X-Loc
X-Varnish-Remaining-TTL
X-NU-AKA-ACS-Version
X-Origin
X-JWT-State
X-Has-Esi
X-Amzn-Remapped-Content-Length
HA-Ipaddr
X-Backend-State
X-Envoy-Decorator-Operation
X-Pod-Name
X-CGP
X-Csrf-Jwt
X-Eu-Site
X-Worker
Platform
L5d-Success-Class
Ha-Gx-Prefs
X-DefElseHash
X-DefHash
NM-Fastcgi-Cache
X-Cache-Enabled
Datacenter
X-Mvc-Supplant-OutputCached
X-Tx-Id
X-UnsetCookies
X-Varnish-Beresp-Ttl
X-Backend-TTL
Candidate-Md5Url
X-NC
X-CS
X-API-Version
X-Up
X-CLOUD-TRACE-CONTEXT
X-Vc
CDN
X-GeoIP-Region-Code
Pics-Label
X-GeoIP-Country-Code
X-LB-ID
Magicmarker
X-Tb-Optimization-Total-Bytes-Saved
Ms-Author-Via
WWW-Authenticate
X-TraceId
Memory
X-Generated-In
X-Trace-ID
On-Server
Time
WebServer
X-Datadome
X-LB-NoCache
Esi-Enabled
X-Edge-Pop
X-Tt-Logid
X-DynaTrace-JS-Agent
S-Rt
Env
X-Refresh
X-TA-CDN-Provider
X-Restarts
X-Via-Poph
GeoIp-Country-Code
X-Via-Popv
NtCoent-Length
Kp-EeAlive
X-Via-Popn
X-Optimistic-Header
X-Dynatrace
X-Varnish-Ttl
X-Parent-Response-Time
X-Service
C-Via
X-RPS
X-Cache-Backend
X-Wix-Viewer-Type
X-RSL
Edge-Cache
X-DC
X-Cache-PHP
X-DB
X-Action
X-CacheTTL
X-DSS
X-DI
X-RPM
X-DW
X-Akamai-Request-ID2
X-Http-Reason
X-Varnish-Beresp-TTL
X-Cs
X-Servedbyhost
X-Esi
X-Srv
X-Minions-Version
Server-ID
X-MSEdge-Features
X-MSEdge-Flight
X-Unique-ID
X-TX-ID
X-Cache-Status-Check
X-Render-Time
X-ZONE
X-Newrelic-Synthetics
Accept-Language
X-HA-Backend
X-VCL-Version
Proxy-Connection
X-Info
X-AIR-PT
X-Cache-Ttl
X-LI-Proto
X-Fpc
X-Li-Proto
X-App
X-Urbn-Context-Path
X-URL
Locale
X-Urbn-Site-Id
X-Clientip
X-Ec-GeoHdr
X-FPC
Test
X-Webkit-Csp-Report-Only
X-Ec-Fail
X-User
X-Traceid
X-LiteSpeed-Cache-Control
UCS
Server-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Cache-Host
HIT
X-B3-Spanid
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Vcl-Version
X-NODE
X-Webkit-CSP-Report-Only
S-Cnection
Tcn
Geo-Info
Cdnsip
X-Pass-Why
X-AK-Request-ID
M-TraceId
Cdncip
X-CSRF-TOKEN
User-Agent
X-Ha-Backend
X-Micro-Cache
Cf-Int-Pingora-Origin-Digest
Resin-Trace
X-LiteSpeed-Tag
My-App
Fastly-Drupal-HTML
Fastly-Backend-Name
X-Fmm-Version
X-Clara-WADP
Geoip-Latitude
X-HostName
Cluster
X-WADP-Cache
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
Hostname
Lb
X-ID
X-Pad
X-CUA
X-ServedByHost
X-Backend-Host
Tracecode
X-Var-Ttl
X-Dynatrace-Js-Agent
X-COUNTRY
Lfy
GeoIP-Country-Code
Ohc-File-Size
X-APP
X-BCube-Filmed-By
T-Server
X-BBC-Origin-Response-Status
X-Via-PopH
X-Via-PopV
X-Via-PopN
X-Release
X-From
Hit
X-NGINX-Cache
X-Geo
ENV
X-Cdn-Forward
X-RAMCache
MIME-Version
Lang
X-ElasticPress-Query
X-Edge-POP
X-Fragments
X-Check-Cacheable
X-WP-CF-Super-Cache
X-Edge-Cache
Target-Params
CPC-Cache
CPC-Age
Cache-Key
X-WP-CF-Super-Cache-Cache-Control
EpKe-Alive
X-Amz-Meta-Cb-Modifiedtime
X-ES-SERVER
VNS-Age
X-HS-Status
Load-Balancing
Path
X-WA-Info
VNS-Cache
X-WA
X-Api-Version
X-Fastly-Backend-Reqs
X-Ucs
URI
X-ServerName
Servername
DataCenter
X-Wikidot-Static-Cache
X-UP
X-Cms-Context
Pagetype
X-Mcache
X-PJAX-URL
X-Lb-Id
X-Wikidot-Backend
X-GoCache-CacheStatus
Shield-Pop
X-Fastly-Cache-Hits
Cteonnt-Length
X-Dw-Trace-Id
X-TRACE-ID
Srv
X-Akamai-Pragma-Client-IP
Uri
FSS-Cache
X-Nc
PICS-Label
Permissions-Policy
X-Lb-Nocache
X-CCDN-Origin-Time
Cneonction
WZWS-RAY
Server-Ttl
X-Hcs-Proxy-Type
X-Via-Ucdn
X-CCDN-CacheTTL
X-B3-ParentSpanId
X-Swift-Error
Ohc-Cache-HIT
MD5-Digest
X-Cdn-Request-ID
Cdn
X-VC
X-Httpd
X-RateLimit-Reset
X-Proxy-Cache-Info
X-VG-WebServer
Producers
X-Akamai-ERRuleID
Server-Ext
Cf-Ipcountry
X-Acquia-Application-Trace
X-Snapshot-Date
X-Contensis-Viewer-Groups
X-Akamai-ERPolicy
X-Udemy-Cache-App-Namespace
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
X-Apw-Hits
IsBot
Vha6-Origin
Server-Hostname
Sever-Int
X-Yottaa-OS
X-Cache-ASPX
X-Newrelic-App-Data
X-Apw-Access-Action
CF-Cached-On
ServerName
X-Apw-Access-Token
X-Apw-Access-Object
X-SIPLIST1
X-Cache-Ngx
X-Provided-By
Sid
X-Air-Pt
X-Last-Modified
X-SB
X-Sentry-ID
Req-ID
CountryCode
X-Logging-Id
X-UA
X-Miniprofiler-Ids
X-CacheKey
X-B3-Parentspanid
W
X-Http-Duration-Ms
X-Te-Count
X-Http-Count
X-Varnish-Authentication
X-Cache-Expires
Ngx
X-Te-Duration-Ms