Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Akamai-Path-Stats
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
EagleId
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-AH-Environment
Host-Header
X-Proxy-Cache
X-UA-Device
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
X-Pingback
Request-Id
Surrogate-Control
Cf-Edge-Cache
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
Content-Location
Rating
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
Accept-Ch
X-Url
Accept-Ch-Lifetime
X-Country
X-Ruxit-JS-Agent
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-Server-Name
X-Amz-Server-Side-Encryption
X-ESI
Cache-Tag
X-ASPNET-VERSION
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-FastCGI-Cache
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Dw-Request-Base-Id
X-Amz-Rid
Public-Key-Pins
X-Px
X-Edge
X-Cnection
X-D2id
X-Ser
X-Ac
X-Navigation-Version
X-Element-Page-Cache
Verso
X-Abt-Application-Version
X-Client-IP
X-Sol
X-Powered-By-Plesk
Display
X-Middleton-Display
Pagespeed
X-RateLimit-Remaining
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
X-Content-Security-Policy-Report-Only
Service-Worker-Allowed
X-Middleton-Response
Response
X-NF-Request-ID
X-Ttl
X-Goog-Hash
Access-Control-Request-Method
SPRequestDuration
SPIisLatency
X-Cached
X-Kinsta-Cache
X-Correlation-Id
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
AR-SID
X-Edge-Location-Klb
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-LLID
Edge-Cache-Tag
X-Upstream
X-TTL
X-Litespeed-Cache
X-NWS-LOG-UUID
X-Forwarded-For
Content-MD5
X-Cache-Key
Nginx-Cache
X-RateLimit-Limit
X-Id
X-MSEdge-Ref
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
TCN
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-T
X-Ruxit-Js-Agent
X-Recruiting
S
X-ECACHE
X-B3-TraceId-Primal
X-Daa-Tunnel
X-Content-Digest
X-WebKit-CSP-Report-Only
X-Ua-Device
X-Mg-S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-DataDome
X-Accel-Expires
X-Grace
TP-Cache
TP-L2-Cache
X-HS-Content-Id
MicrosoftSharePointTeamServices
X-HS-Combine-CSS
X-DynaTrace
X-HS-Cache-Config
X-HS-Hub-Id
X-Ezoic-Cdn
X-Frontend
X-Request-Received
X-Request-Processing-Time
X-Ab
X-Content
X-Ua-Browser
Front-End-Https
X-Yandex-Sdch-Disable
X-Protected-By
Server-Node
Filters
X-Server-ID
MS-Author-Via
X-PressLabs-Stats
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-Hits
X-Geo-Country
X-Mid
X-Webkit-Csp
X-LB-Cache
X-Microsite
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-ORACLE-DMS-RID
X-Amzn-Trace-Id
Charset
Host
Cleartype
X-Debug-Info
X-Mcache
X-Git-Hash
X-F-Cache
X-Page-Id
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Cache-Age
Cache-Status
X-Seen-By
X-DIS-Request-ID
X-Fastly-Request-Id
Realpath
X-Webkit-CSP
Access-Control-Allow-Method
X-Az
X-Activity-Id
X-Www-Served-By
X-AppVersion
X-Ratelimit-Reset
Accept-Charset
ServerID
Pinterest-Generated-By
Pinterest-Version
X-Aspnetmvc-Version
X-Pinterest-Rid
Filterid
X-Varnish-Age
X-Nginx-Upstream-Cache-Status
Cache-Tags
X-Cluster-Name
X-Content-Options
X-Rid
X-Type
Retry-After
X-FB-Debug
X-Oracle-Dms-Ecid
X-Language
X-App-Environment
X-Varnish-Backend
Country
X-Oracle-Dms-Rid
Server-Name
X-Varnish-Grace
Permissions-Policy
Viewport
X-Tb
X-User-Agent
X-Upgrade-Enabled
Paypal-Debug-Id
X-Request-Guid
X-Route-Name
X-Signature
X-Wix-Request-Id
X-Providence-Cookie
X-Is-Crawler
Node
X-B-Cache
X-Drupal-Cache-Tags
X-Flags
DC
X-Aspnet-Duration-Ms
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TT
X-Whom
X-VCache
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Origin-Cache
X-B
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
Fastcgi-Useragent
X-Mobile-URL
Protected
X-NWS-UUID-VERIFY
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-MCACHE
X-N
X-Amz-Replication-Status
X-Logged-In
X-Cache-NGX
Payment
X-XRDS-LOCATION
WPO-Cache-Status
WPO-Cache-Message
X-Load-Cache
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-Via-JSL
X-Cache-Control
X-Contextid
Count-Hit
Healthy
X-Node-Name
X-Midtier
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-XRDS-Location
X-FW-Type
X-FW-Serve
X-FW-Static
X-FW-Server
X-Mobile
X-FW-Hash
X-FW-Dynamic
X-Restarts
X-Proxy
X-Template
Content-Disposition
Alternate-Protocol
X-NGENIX-Cache
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
Refresh
Akamai-GRN
X-G
X-Zen-Fury
X-Revision
X-Cache-Time
X-Jobs
Url
X-Page-View
X-Framework
X-Cache-TTL-Remaining
X-Akamai-Request-ID2
X-Servername
X-UUID
Uber-Trace-Id
X-Adobe-Content
X-Real-IP
X-Adobe-Loc
X-Is-Bot
X-Rendered-As
X-Instance
X-Proxy-Cache-Status
X-Debug-IsPreview
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
NGB
X-Cacheable-TTL
X-Cache-Grace
X-Drupal-Cache-Contexts
X-Http-Reason
X-Debug-IsConnected
X-Device-Type
X-Yottaa-Optimizations
X-Yottaa-Metrics
Access-Control-Request-Headers
X-Mg-Request-UUID
X-Varnish-Server
X-Hostname
X-ECache
X-IPLB-Instance
X-Environment-Context
X-B3-Traceid
X-L-Path
X-HTML-Minification-Powered-By
X-Source
Version
X-EdgeConnect-Cache-Status
X-Trace-Id
X-Oneagent-Js-Injection
X-RTag
Ms-Operation-Id
X-Fastly-Request-ID
Accept-Language
Countrycode
MS-CV
Frame-Options
X-Datadome
Referer-Policy
Liferay-Portal
X-Ratelimit-Remaining
X-NYM-Debug-Backend
X-Cache-Hit
From-Origin
X-Cache-Expired-At
X-Cache-Rule
X-Vgn-Hpd-Reason
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-COUNTRY
Backend
X-IPS-LoggedIn
X-FW-Version
X-Hosted-By
X-Nginx-Cache
Content-Secure-Policy
CF-IPCountry
X-Unique-Id
X-Fastcgi-Cache
X-Cache-Server
Section-Io-Cache
Meta-Geo
Upgrade-Insecure-Requests
X-RN-RSRV
X-UPSTREAM-Address
X-Ua
X-FB-TRIP-ID
X-No-Session
X-Redis-Cache
X-Cache-Enabled
X-Content-Age
X-OCL
X-PCL
X-APP-VERSION
X-Generation-Time
WP-Super-Cache
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-Status
Apigw-Requestid
Azure-RegionName
Azure-Version
X-AOL-HN
X-Region
X-Labrador-Cache-Channel
X-Via-Fastly
X-PHP-Host
X-ProcessESI
X-Origin-Hint
X-PHP-Backend
X-RemovedCookies
X-Varnish-Cache-Hits
X-Sql-Duration-Ms
X-Server-W
X-Sql-Count
X-UA-Device-Type
X-Uri
X-Request-Time
X-Section
X-Origin-Date
X-Format
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Connection-Speed
S-Rt
Mn-Server-Ip
Property-Id
TWC-Privacy
Webcakes-App-Name
X-Be
X-Cluster-Node
X-Akamai-Edgescape
X-Access
Webcakes-App-Version
Webcakes-Region
Fastly-SSL
TWC-GeoIP-LatLong
X-Mode
X-Nginx-Cache-Key
X-Locale
X-Human
X-PERF
X-Platform-Server
X-Say-TTL
Locale
X-ProxyCache-Status
X-ProxyCache-Key
X-Generated-By
X-Forwarded-Host
X-BYPASS-REASON
X-ApacheServer
Eomportal-Instance
X-Adobe-Source
X-Cache-Host
X-Cache-Tags
X-NewRelic-App-Data
X-Debug-Cache
X-Content-Powered-By
X-Cms-Context
X-SayCDN-TTL
X-Say-Cacheable
X-Urbn-Context-Path
X-Alternate-Cache-Key
Load-Balancing
X-Urbn-Site-Id
X-VC-Cache
X-Xfnlog-Site
X-AWS-Id
X-Storage
X-LJ-Flow-ID
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-VWS-Id
X-Site-Version
X-Shopify-Stage
X-ShopId
X-Cache-Type
X-GG-Cache-Date
X-Backend-Name
X-SaId
X-JoinUs
X-Varnishpool
X-Tid
X-Proxied
X-Routing-Service
X-Handled-By
X-ServerID
X-Detected-As
X-Extlb
X-Web-Node
X-Zipkin-Id
X-Hl-Ver
Cache-Tv-Group
Ec-Rule-Version
X-Parallel-Accel
CDN-PullZone
X-Timing-Wait
CDN-Cache
X-Edge-Location
CDN-Uid
CDN-CachedAt
X-Storefront-Renderer-Rendered
CDN-RequestId
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Proxy-Build
X-Cache-Action
Selected-Fe
X-Proto
X-GeoCode
X-GeoCountry
ServedBy
Webserver
Fastly-Drupal-Html
X-Dc
X-App-Version
SRV
X-Ratelimit-Limit
X-CDN-Forward
Web-Mar-Node
X-GEO
Onion-Location
X-LSADC-Cache
X-Hyper-Cache
X-Cached-By
X-Varnish-Hostname
X-Cache-Remote
X-Rule
Mime-Version
X-Cache-Operation
Cache-Hits
SID
X-Rewrite-Enabled
X-Cdn
X-Soup
X-Cluster
X-IPLB-Request-ID
X-TT-LOGID
X-Magnolia-Registration
X-Origin-CC
Xserver
X-Origin-TTL
X-Varnish-Hits
X-Accel-Buffering
X-Pubstack
X-Air-Trace-Id
X-Envoy-Decorator-Operation
X-Air-Hostname
X-Air-Source
X-SRV
Xet-Cookie
LB
X-Reqid
Country-Code
X-Microcachable
X-Xrds-Location
Server-Info
X-Tt-Logid
X-TA-CDN-Provider
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Buckets
DB-Nickname
X-CSRF-Token
Cache
Source
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Request-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Response-Time
X-B3-SpanId
X-Endurance-Cache-Level
X-Via-NSCOPI
X-Time
X-Tx-Id
Meta-Geo-Continent
Xc-Version
X-Ig-Push-State
MD5-Digest
NM-Fastcgi-Cache
X-Gzip
Odigeo-Trace-Id
X-VG-WebCache
X-Hash
X-Vtex-Processado-Em
X-HS-Content-Campaign-Id
X-Vtex-Remote-Cache
Mobile-Detection-Method
X-PAYTM-SRV-ID
Cmsid
X-NAPM-TraceId
Cmstype
Cdnsip
Cdncip
A
BehaviorPad-Version
DCR-Decision-By
DCR-Processing-Time-Ms
X-Orig-Expires
X-PBS-Appsvrname
Lang
Host-ID
Expiry
Fastcgi-X-Cache-Version
X-Rojux
X-User
X-B-Cookie
X-Cache-Id
X-Cache-NE
X-Cdn-Srv
X-ARC
X-Processor
X-S-Cookie
X-ScT
X-AK-Request-ID
X-Application
X-Epic-Correlation-Id
X-Shop-Environment
X-SD-PageType
X-Connection-Hash
X-D
X-Destination
X-Conf
X-Ec-Fail
X-Ec-GeoHdr
X-Session-Fingerprint
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-SRCache-Key
X-Aed
Sslversion
Surrogated-Key
X-TIM-N
X-Tenant
X-TrackingId
Rendered-Blocks
X-Vdms-Version
X-Vdms-Path
Pramga
X-Developer
T-Server
X-A-Ccd
X-S
X-External-Request-Id
X-Esi-Check
X-A-Wwc
X-Forwarded-Path
X-Ftr-Request-Id
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Geo-Header
X-A
X-Newrelic-Synthetics
X-Ms-Version
X-Ms-Request-Id
X-Skip-Cache
Datacenter
X-Irp-Debug
X-JWT-State
X-Has-Esi
X-Is-Gdpr
Platform
X-Gdpr
Producers
Memcached
X-GeoIP
X-Loop
X-Origin
X-Amzn-Remapped-Content-Length
X-Origin-Expires
X-Origin-Time
Fastly-GeoIP-CountryCode
X-Nyt-Route
Kp-EeAlive
Machine
Mail-Subject
X-Mvc-Supplant-Cachable
X-Node-Id
X-NodeID
X-Fmm-Version
X-Fastly-Cache
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
We-Hiring
X-Ckpd-Fst-Backend
X-CacheTTL
X-RCS-CacheZone
X-Bc-Bl
X-Cache-Backend
X-Cache-Bucket
X-Cache-Info
X-Clara-WADP
X-Core-Mission
X-DPWN-IS-SECURE
State
X-NCache
Server-Host
Environment
X-Varnish-Ttl
X-Device-Os
X-Core-Value
X-DefElseHash
X-DefHash
X-Developers
X-Fetched-On
Is-Eu
X-Worker
X-SVT-ORM-RULES
AKAMAI
X-Varnish-Remaining-TTL
X-Sigma
X-Scheme
Candidate-Md5Url
Cache-Key
Adler-Geo
X-Wix-Viewer-Type
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-V-Cache
X-Via-Ucdn
X-SVT-ORM-VERSION
X-WADP-Cache
X-TNCMS
DynaTrace
X-Sigma-Backend
X-Cache-Status-Check
X-Rocket-Build-Number
X-BCube-Filmed-By
X-SB
X-Azure-Ref
XM
X-VServer
X-SplitTest
X-Viewer-Country
X-Dispatcher-Number
X-Ec-Custom-Error
X-BBC-Edge-Cache-Status
X-Auto-Login
X-VarnishDD-TTL
X-VG-TLSProxy
X-Block-Status
X-Cache-Date
X-Branch-Name
X-Wikidot-Static-Cache
X-RateLimit-Remaining-Second
X-Csrf-Jwt
X-RateLimit-Limit-Second
X-Cdn-Origin
X-CGP
X-Ad-Defer-Variation
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
VNS-Age
VNS-Cache
CPC-Cache
CPC-Age
X-Datadog-Trace-Id
X-Wikidot-Backend
X-ZONE
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Platform
X-Planisys-CDN-Cache
X-Request-URI
X-Served-From
Cache-Name
X-Rocket-Nginx-Serving-Static
X-Pod-Name
X-Policy
X-Rebelmouse-Surrogate-Control
X-Proxy-Upstream
X-Qloud-Router
X-Proxy-Cache-Info
HostName
X-Region-Sid
X-Pool
GEO-INFO
X-Server-IP
X-Generated-On
X-Thinkindot-L3
X-GeoIP-City
X-Gen-Mode
X-Rebelmouse-Cache-Control
X-Varnish-Beresp-Grace
X-Forwarded-Site
X-Gamma-Serve
X-HN
X-Hnp-Log
X-Slack-Backend
X-SIPLIST1
X-Minions-Version
X-Level-Front-Cache
X-Sn-Servicetimems
X-Httpd
X-LAGOON
X-Eu-Site
X-Loc
NGX
N-Cache
Thinkindot-Control
Thinkindot-CacheControl-Type
Origin
Apple-News-Services-Handled
Traceparent
User-Cache-Control
Apple-News-Services-Request-Url
Server-Ext
Apple-News-Services-Host
Thinkindot-CacheControl
TDXMobile
Fastly-SIE
Sever-Int
Release
Server-Hostname
Req-Svc-Chain
Redirect-Candidate
Ssr
Origin-CC
Origin-EX
PFcat
Svr
V-Age
Apple-News-Services-Parsed-Url
Vix-Hermes-Req-Id
HA-Ipaddr
Fastcgi-Cache-TTL
Cluster
X-Aicache-OS
CloudFront-Viewer-Country
Gh-Request-Id
Fastly-SWR
IsBot
Ha-Gx-Prefs
L5d-Success-Class
L
Web-Mar-Region
CDCHOST
Ohc-File-Size
X-R9-Blue-Green-Version
DSUID
CDN
X-Owner
X-Scale
Fastly-Backend-Name
X-WA-Info
X-Optimistic-Header
X-AIR-PT
X-EC-Lua
X-WP-CF-Super-Cache-Cache-Control
X-Webstats-RespID
Pics-Label
X-Parent-Response-Time
X-Refresh
X-From
X-WP-CF-Super-Cache
X-VC
X-Micro-Cache
X-CS
X-CACHE-KEY
X-Cache-ASPX
X-Location
X-Ah-Environment
X-Contensis-Viewer-Groups
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
Locid
X-Srv
X-Edge-Pop
X-RateLimit-Reset
Path
X-LB-NoCache
X-Mvc-Supplant-OutputCached
X-NC
Servername
Env
X-Varnish-Authentication
Cache-Host
X-Servedbyhost
Ngx.Var.Host
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Cb-Modifiedtime
X-Response-By
X-Men
Arc-Country
X-TIME
X-Correlation-ID
Lb
Memory
X-Old-Content-Length
X-Via-Popn
X-Via-Popv
X-Generated-In
X-Via-Poph
X-TraceId
X-Varnish-Beresp-TTL
Time
Ohc-Cache-HIT
XkeyRZ
X-Proxy-CacheRZ
X-Akamai-Transformed
X-DI
X-DSS
X-DW
X-RPS
ITXSESSIONID
X-HA-Backend
X-DB
X-RSL
X-RPM
AMP-Access-Control-Allow-Source-Origin
X-S-Maxage
X-Clientip
GeoIp-Country-Code
X-Date
X-Accel-Expires-Debug
X-API-Version
Client
X-GeoIP-Country-Code
X-Vc
X-GeoIP-Region-Code
True-Client-IP
X-Api-Version
X-VCL-Version
X-Cs
X-VHOST
X-Trace-ID
Geoip-Latitude
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Cache-Debug
X-DC
FSS-Cache
Server-ID
X-URL
X-Dmc
Hostname
X-Fpc
X-Presslabs-Stats
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-FireWall-Port
CacheControlHeader
X-Render-Time
X-MSEdge-Features
X-Zone
X-MSEdge-Flight
X-TRACE-ID
X-INCAP-ABP
X-TH-Server
True-Client-Country-4JS
X-Action
Powered-By
NtCoent-Length
X-Webkit-Csp-Report-Only
X-DynaTrace-JS-Agent
X-TX-ID
X-Traceid
X-Service
X-B3-Spanid
X-PX
C-Via
Rip
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Backend-TTL
X-M-Reqid
Tube-Return
Tube-Got-Eval
Click-Count-Action-Start
Click-Count-Error
Tube-Got-Results
Tube-Get-Contents
Test
X-Qnm-Cache
Tcn
Edge-Cache
HIT
X-M-Log
Esi-Enabled
X-NGINX-Cache
X-CSRF-TOKEN
X-FPC
X-Req
On-Server
X-Cdn-Request-ID
X-Pass-Why
X-Beluga-Node
X-Beluga-Record
X-HS-Status
X-Beluga-Status
Server-Id
X-Alfa-Service
X-Beluga-Trace
X-Webkit-CSP-Report-Only
User-Agent
X-Beluga-Cache-Status
OT-Force-Account-Verify
My-App
Geo-Info
X-Beluga-Response-Time
X-Vcl-Version
X-Origin-Upstream-Status
X-Akamai-Pragma-Client-IP
Uri
Cdn
GeoIP-Country-Code
GeoIP-Latitude
X-Check-Cacheable
X-Up
X-Via-PopN
X-Ha-Backend
X-Via-PopH
X-Via-PopV
X-Edge-Origin-Shield-Bytes
Proxy-Connection
Srvid
Resin-Trace
Cf-Int-Pingora-Origin-Digest
X-Proxy-Cache-Hk
X-Provided-By
X-Edge-Origin-Shield-Region
X-CLOUD-TRACE-CONTEXT
Sid
X-LB-ID
X-APP
X-Hcs-Proxy-Type
X-ServedByHost
Srv
M-TraceId
X-LI-UUID
MIME-Version
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Li-Fabric
X-Varnish-Beresp-Ttl
X-LI-Proto
X-Li-Pop
Epwk-X-Cache
WebServer
X-Cdn-Forward
X-App
X-Fetch-By
X-UnsetCookies
X-RAMCache
ENV
X-Backend-Host
DT-Hot-News
X-Esi
Warning
X-Fastly-Backend-Reqs
ServerName
X-Lb-Nocache
WZWS-RAY
X-Nc
X-ND-Cache
DataCenter
X-B3-Traceid-Primal
Server-Ttl
XServer
X-Edge-POP
X-Time-Microsecs
X-Geo
X-HostName
X-LiteSpeed-Cache-Control
X-MG-S
PICS-Label
X-CF-Powered-By
X-HITS
Section-Io-Origin-Status
X-Newrelic-App-Data
X-Serial
CF-Cached-On
X-ElasticPress-Query
Cf-Device-Type
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Bip
X-Thanos
X-Dw-Trace-Id
X-Yottaa-OS
X-Request-Url
X-Akamai-Request-ID
X-CUA
True-Client-Ip
Fastly-Drupal-HTML
X-Sucuri-ID
X-Vcache
X-Sucuri-Cache
X-Request-Start
X-Platform-Cluster
X-Var-Ttl
X-Platform-Router
X-Cc-Via
Dt-Hot-News
X-Platform-Processor
X-IN-APIGATEWAY
X-Vercel-Cache
X-Vercel-Id
X-IN-APIGATEWAYSSL
Inserted-Into-Cache-At
X-ATG-Version
X-FC-Vary-Parameters
X-Fastly-Backend
Target-Params
X-Azure-Ref-OriginShield
Tracecode
D-Url-Rewrites
X-Fragments
X-Iplb-Request-Id
X-Iplb-Instance
Cdn-Requestid
Cdn-Edgestorageid
Servedby
Cdn-Requestcountrycode
Cdn-Pullzone
Cdn-Uid
Wp-Super-Cache
Cdn-Cachedat
Cdn-Cache
X-MiniProfiler-Ids
Content-Script-Type
X-BBC-Origin-Response-Status
X-LiteSpeed-Tag
CountryCode
X-Dist-Code
Content-Style-Type
Vha6-Origin
X-Storefront-Renderer-Verified
X-Fastly-Cache-Hits
Lfy
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Th-Server
X-Release
X-Request-URL
X-Back