Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Akamai-Path-Stats
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
Allow
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Content-Location
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-Server-Name
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
Accept-Ch
X-ESI
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Dw-Request-Base-Id
X-Amz-Rid
X-B3-TraceId
X-Px
Public-Key-Pins
X-Cnection
X-Ac
X-D2id
X-RateLimit-Remaining
X-Element-Page-Cache
X-Navigation-Version
X-Edge
Verso
X-FastCGI-Cache
X-Abt-Application-Version
X-Client-IP
X-Middleton-Display
Pagespeed
X-Powered-By-Plesk
Display
X-Sol
X-Ser
X-Cache-TTL
X-Version
Service-Worker-Allowed
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Ttl
X-Correlation-Id
Access-Control-Request-Method
X-Goog-Hash
X-Ruxit-Js-Agent
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-Edge-Location-Klb
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-SID
X-Cached
X-Upstream
X-SharePointHealthScore
SPRequestGuid
X-NWS-LOG-UUID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Content-Security-Policy-Report-Only
X-Instrumentation
X-LLID
X-Powered-CMS
X-RateLimit-Limit
Edge-Cache-Tag
X-Litespeed-Cache
X-TTL
Nginx-Cache
X-Forwarded-For
X-Cache-Key
Content-MD5
X-MSEdge-Ref
TCN
X-Id
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
X-Daa-Tunnel
X-B3-TraceId-Primal
X-T
X-Webkit-Csp
X-Recruiting
S
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Digest
MS-Author-Via
X-Ua-Device
X-Mg-S
X-Accel-Expires
X-ECACHE
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
MicrosoftSharePointTeamServices
X-Protected-By
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ezoic-Cdn
X-HS-Combine-CSS
X-HS-Cache-Config
X-Grace
X-HS-Content-Id
X-Frontend
X-HS-Hub-Id
X-Ab
X-Ua-Browser
X-Content
X-Request-Received
Front-End-Https
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Server-Node
Filters
X-Server-ID
TP-Cache
TP-L2-Cache
X-DataDome
X-Origin-Server
X-Mid
X-DynaTrace
Fastcgi-Cache
X-Hits
X-Distributor
X-Geo-Country
X-ORACLE-DMS-ECID
X-PressLabs-Stats
X-WebKit-CSP-Report-Only
X-ORACLE-DMS-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Amzn-Trace-Id
X-Debug-Info
X-Ratelimit-Reset
Charset
Cleartype
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-LB-Cache
X-Page-Id
Host
X-Git-Hash
X-MCACHE
X-F-Cache
X-DIS-Request-ID
X-B3-Sampled
Cross-Origin-Opener-Policy
Pinterest-Version
Pinterest-Generated-By
X-Forwarded-Proto
X-Pinterest-Rid
X-Www-Served-By
X-Cache-Age
Access-Control-Allow-Method
ServerID
X-Seen-By
Cache-Status
Realpath
X-Az
X-AppVersion
X-Activity-Id
X-Aspnetmvc-Version
Accept-Charset
Cache-Tags
X-Varnish-Age
X-Cluster-Name
Filterid
X-Rid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Options
X-Language
X-Nginx-Upstream-Cache-Status
X-Type
X-App-Environment
Server-Name
X-Oracle-Dms-Ecid
Retry-After
Country
Viewport
X-Upgrade-Enabled
X-Varnish-Grace
X-Tb
X-Oracle-Dms-Rid
Node
X-Origin-Cache
X-User-Agent
X-Whom
X-Signature
X-NWS-UUID-VERIFY
X-Is-Crawler
X-Mobile-URL
X-Drupal-Cache-Tags
X-B-Cache
X-Aspnet-Duration-Ms
DC
Paypal-Debug-Id
X-Providence-Cookie
X-Flags
X-Wix-Request-Id
X-Request-Guid
X-FB-Debug
X-Route-Name
X-Varnish-Backend
X-TT
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
X-VCache
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Fastcgi-Useragent
Protected
X-XRDS-LOCATION
X-B
X-N
X-Via-JSL
X-Fastly-Request-Id
X-Debug
X-Amz-Replication-Status
WPO-Cache-Status
X-Logged-In
WPO-Cache-Message
X-Fastly-Request-ID
X-Cache-NGX
X-XRDS-Location
Payment
X-Load-Cache
X-Contextid
X-Amz-Meta-S3cmd-Attrs
Surrogate-Key
Count-Hit
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Cache-Control
Permissions-Policy
X-FW-Serve
X-FW-Server
X-Node-Name
X-FW-Hash
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-Template
X-Trace-Id
Healthy
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Fastcgi-Cache
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
X-G
X-Cache-Time
X-Mobile
Content-Disposition
X-Mcache
Akamai-GRN
X-Jobs
X-Proxy
X-Rendered-As
Refresh
X-UUID
Uber-Trace-Id
X-Zen-Fury
X-Framework
X-Is-Bot
X-Akamai-Request-ID2
X-Cacheable-TTL
X-Revision
X-Real-IP
X-Http-Reason
X-Proxy-Cache-Status
X-Hostname
X-Page-View
X-Cache-TTL-Remaining
X-Adobe-Loc
X-Adobe-Content
Url
NGB
X-Device-Type
X-Drupal-Cache-Contexts
X-Instance
X-Debug-IsPreview
X-Debug-IsConnected
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Access-Control-Request-Headers
Alternate-Protocol
X-Yottaa-Metrics
X-Servername
X-Datadome
X-Yottaa-Optimizations
X-IPLB-Instance
X-Cache-Grace
X-ECache
X-Restarts
Version
X-Mg-Request-UUID
X-Varnish-Server
X-Source
X-NGENIX-Cache
X-L-Path
X-Environment-Context
From-Origin
Accept-Language
X-Oneagent-Js-Injection
X-Cache-Rule
X-Cache-Hit
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
X-HTML-Minification-Powered-By
X-Cache-Expired-At
MS-CV
X-RTag
Ms-Operation-Id
X-Parallel-Accel
Countrycode
Referer-Policy
Frame-Options
X-App-Server
X-NYM-Debug-Backend
Liferay-Portal
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Cross-Origin-Window-Policy
X-FW-Version
Backend
X-IPS-LoggedIn
X-APP-VERSION
X-COUNTRY
X-Midtier
X-Nginx-Cache
Content-Secure-Policy
X-RemovedCookies
WP-Super-Cache
X-ProcessESI
Upgrade-Insecure-Requests
X-Hosted-By
Section-Io-Cache
Cache-Tv-Group
X-Cache-Action
X-UPSTREAM-Address
Meta-Geo
X-Redis-Cache
X-RN-RSRV
X-Cache-Server
X-Detected-As
X-FB-TRIP-ID
X-No-Session
X-Generation-Time
X-Cache-Enabled
X-Region
X-PCL
CF-IPCountry
X-Content-Age
X-UA-Device-Type
X-OCL
X-Ua
X-Web-Node
Apigw-Requestid
X-Unique-Id
Locale
Mn-Server-Ip
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
Ec-Rule-Version
Fastly-SSL
Azure-InstanceId
X-Origin-Hint
X-Say-Cacheable
X-Urbn-Context-Path
Webcakes-Region
Webcakes-App-Version
X-Be
Webcakes-App-Name
X-Request-Time
X-Urbn-Site-Id
X-Access
X-Storage
X-Akamai-Edgescape
X-Section
X-Server-W
X-SayCDN-TTL
X-AOL-HN
X-Sql-Duration-Ms
X-Say-TTL
TWC-Privacy
X-Uri
X-Generated-By
X-Format
X-Nginx-Cache-Key
TWC-Device-Class
TWC-Connection-Speed
X-Site-Version
X-Human
X-Cluster-Node
X-Origin-Date
X-PHP-Backend
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Varnish-Cache-Hits
X-Via-Fastly
X-Sql-Count
TWC-GeoIP-Country
Property-Id
S-Rt
X-Mode
X-Cache-Tags
X-Cache-Host
X-Content-Powered-By
X-BYPASS-REASON
X-Debug-Cache
X-Sorting-Hat-ShopId
X-Xfnlog-Site
CDN-Cache
CDN-CachedAt
X-ApacheServer
X-Adobe-Source
Eomportal-Instance
CDN-Uid
CDN-RequestId
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
X-Sorting-Hat-PodId
X-Forwarded-Host
X-ProxyCache-Key
X-PERF
X-Alternate-Cache-Key
X-Shopify-Stage
X-Status
X-Platform-Server
X-Ratelimit-Remaining
X-ProxyCache-Status
X-ShopId
X-ShardId
X-PHP-Host
X-ServerID
X-Routing-Service
X-Labrador-Cache-Channel
X-Backend-Name
X-SaId
X-Proxied
X-Hl-Ver
X-Extlb
X-Varnishpool
X-NewRelic-App-Data
X-Webkit-CSP
X-Zipkin-Id
X-Handled-By
X-JoinUs
X-Cache-Type
X-Locale
X-Tid
X-Hyper-Cache
X-VWS-Id
X-AWS-Id
X-TT-LOGID
X-LJ-Flow-ID
Webserver
X-Cms-Context
X-VC-Cache
ServedBy
X-GG-Cache-Date
X-Rule
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Proxy-Build
X-Cache-Operation
X-Timing-Wait
Selected-Fe
X-LSADC-Cache
X-Proto
Mime-Version
Fastly-Drupal-Html
SRV
X-Cached-By
Load-Balancing
X-Dc
Web-Mar-Node
X-CDN-Forward
X-Rewrite-Enabled
X-GeoCountry
X-Accel-Buffering
X-GeoCode
SID
X-Soup
X-GEO
Onion-Location
X-Cache-Remote
Xserver
X-TA-CDN-Provider
X-Cdn
X-Varnish-Hostname
Cache-Hits
X-Pubstack
X-Reqid
Country-Code
X-App-Version
X-Origin-TTL
X-Request-Host
X-Origin-CC
X-SRV
X-Cluster
X-Varnish-Hits
X-Ratelimit-Limit
Decoy-Debug-Status
Server-Info
X-Microcachable
Decoy-Debug-TTL
X-Buckets
Decoy-Debug-Key
X-Envoy-Decorator-Operation
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
LB
X-Magnolia-Registration
X-Ms-Request-Id
Xet-Cookie
X-Ms-Version
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Amz-Apigw-Id
DB-Nickname
X-Amzn-RequestId
X-CSRF-Token
Cache
X-Tx-Id
X-Endurance-Cache-Level
X-NCache
X-RCS-CacheZone
X-B3-SpanId
X-Processor
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Rojux
DCR-Decision-By
Cmsid
X-S-Cookie
X-S
X-Orig-Expires
Cmstype
X-NAPM-TraceId
X-Geo-Header
X-Ftr-Request-Id
X-Forwarded-Path
X-Gzip
X-Hash
X-ScT
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Node-Id
X-SD-PageType
X-Vdms-Path
X-User
X-TrackingId
X-TIM-N
X-Vdms-Version
X-VG-WebCache
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Tenant
X-SVT-ORM-VERSION
BehaviorPad-Version
Cdncip
Cdnsip
A
X-Session-Fingerprint
X-SVT-ORM-RULES
X-SRCache-Key
X-Shop-Environment
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-Core-Mission
X-Connection-Hash
X-A-Dcw
X-Conf
X-A-Dam
X-D
X-A
X-A-Ccd
X-Destination
X-A-Dgt
X-CF-Lambda-Version
X-Cdn-Srv
X-B-Cookie
X-Cache-NE
X-Cache-Bucket
X-ARC
X-Application
X-A-Wwc
X-CF-Lambda-Fn
X-AK-Request-ID
T-Server
Surrogated-Key
X-Esi-Check
X-Epic-Correlation-Id
X-Ec-GeoHdr
MD5-Digest
Lang
X-External-Request-Id
X-Cache-Id
Host-ID
X-Fetched-On
Meta-Geo-Continent
X-Ec-Fail
X-Developer
Rendered-Blocks
Sslversion
Pramga
Odigeo-Trace-Id
X-Device-Os
Mobile-Detection-Method
NM-Fastcgi-Cache
Expiry
X-Aed
DynaTrace
X-IPLB-Request-ID
X-Bc-Bl
X-Varnish-Ttl
X-Time
Source
X-Varnish-Beresp-Grace
CDN
X-Core-Value
X-DefElseHash
X-Clara-WADP
X-R9-Blue-Green-Version
X-Cache-Info
X-CacheTTL
X-Ckpd-Fst-Backend
X-Developers
X-Fmm-Version
X-From
X-Gdpr
X-Gen-Mode
X-Fastly-Cache
X-Ec-Custom-Error
X-Cache-Date
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-DefHash
X-Block-Status
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
TDXMobile
Producers
Server-Host
State
Traceparent
User-Cache-Control
Wxu-Next-Region
X-Amzn-Remapped-Content-Length
Platform
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
Web-Mar-Region
X-Cache-Backend
X-Hnp-Log
X-Thinkindot-L3
X-TNCMS
X-V-Cache
X-Slack-Backend
X-Skip-Cache
X-Scheme
X-Sigma
X-Sigma-Backend
X-Variation
X-Varnish-CookieHashed-On
X-Webstats-RespID
X-Wix-Viewer-Type
X-Worker
X-WADP-Cache
X-VServer
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Via-Ucdn
X-SB
Cache-Name
X-LAGOON
X-Location
X-Mvc-Supplant-Cachable
X-JWT-State
X-Is-Gdpr
X-Has-Esi
Origin-EX
X-Irp-Debug
X-NodeID
X-Nyt-Route
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Rocket-Build-Number
X-Planisys-CDN-Cache
X-Origin-Time
X-Origin
X-Origin-Expires
X-Origin-Response-Time
X-GeoIP
X-Loop
AKAMAI
Memcached
Fastly-GeoIP-CountryCode
Environment
Adler-Geo
Is-Eu
CloudFront-Viewer-Country
Machine
Origin-CC
Mail-Subject
X-Azure-Ref
X-Forwarded-Site
X-Generated-On
X-Gamma-Serve
X-Httpd
Cluster
Ohc-File-Size
Fastcgi-Cache-TTL
X-HN
DSUID
Fastly-SWR
HA-Ipaddr
X-CGP
X-Cdn-Origin
IsBot
Kp-EeAlive
Ha-Gx-Prefs
Gh-Request-Id
X-Datadog-Trace-Id
Fastly-SIE
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Eu-Site
X-Minions-Version
X-Rocket-Nginx-Serving-Static
X-Served-From
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Server-IP
X-SIPLIST1
X-Viewer-Country
X-Via-NSCOPI
X-VG-TLSProxy
X-VarnishDD-TTL
X-Sn-Servicetimems
X-ZONE
X-RateLimit-Limit-Second
X-Qloud-Router
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
CDCHOST
X-Loc
X-Branch-Name
Apple-News-Services-Handled
X-Platform
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Pool
X-Policy
X-Pod-Name
X-Level-Front-Cache
X-Request-URI
PFcat
Req-Svc-Chain
X-Aicache-OS
Release
V-Age
L
Redirect-Candidate
L5d-Success-Class
X-Auto-Login
Vix-Hermes-Req-Id
NGX
Server-Hostname
X-BBC-Edge-Cache-Status
Sever-Int
Ssr
Svr
Server-Ext
N-Cache
Origin
X-Newrelic-Synthetics
X-Owner
X-Scale
X-Optimistic-Header
X-GeoIP-City
HostName
X-Tb-Optimization-Total-Bytes-Saved
Locid
X-CS
Pics-Label
X-WP-CF-Super-Cache
Candidate-Md5Url
X-Wikidot-Static-Cache
X-WP-CF-Super-Cache-Cache-Control
X-EC-Lua
Datacenter
X-Wikidot-Backend
X-Men
Cache-Key
X-Parent-Response-Time
X-BCube-Filmed-By
Arc-Country
X-Refresh
X-NC
X-Ad-Defer-Variation
X-CACHE-KEY
CPC-Cache
XM
X-Response-By
Env
X-Tt-Logid
X-Contensis-Viewer-Groups
X-Ah-Environment
VNS-Cache
X-SplitTest
VNS-Age
X-Old-Content-Length
CPC-Age
X-Cache-ASPX
Ms-Author-Via
X-TIME
X-TraceId
X-VC
X-Cache-Status-Check
X-Edge-Pop
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-RSL
X-WA-Info
X-Varnish-Authentication
X-DB
X-LB-NoCache
Fastly-Backend-Name
X-Tec-Api-Origin
X-Tec-Api-Version
Servername
X-Mvc-Supplant-OutputCached
X-Tec-Api-Root
X-DSS
X-DI
GEO-INFO
X-RPS
X-RPM
X-DW
X-Udemy-Cache-App-Namespace
X-Micro-Cache
Time
X-Amz-Meta-Cb-Modifiedtime
X-Accel-Expires-Debug
X-Date
X-Generated-In
Memory
X-Akamai-Transformed
X-Xrds-Location
Lb
GeoIp-Country-Code
X-AIR-PT
Path
X-Via-Popv
X-Servedbyhost
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Via-Poph
X-Via-Popn
Ohc-Cache-HIT
ITXSESSIONID
X-Presslabs-Stats
X-Cache-Debug
X-S-Maxage
X-HA-Backend
X-Vc
X-RateLimit-Reset
Cache-Host
X-API-Version
X-DC
X-VCL-Version
True-Client-IP
FSS-Cache
Client
Ngx.Var.Host
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Source
X-Api-Version
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Geoip-Latitude
CacheControlHeader
X-Cs
X-Proxy-CacheRZ
X-VHOST
Hostname
XkeyRZ
X-Clientip
X-Varnish-Beresp-TTL
X-TH-Server
X-Action
Geo-Info
True-Client-Country-4JS
X-Trace-ID
Server-ID
X-Backend-TTL
X-Zone
X-Fpc
X-FireWall-Port
X-Req
X-Webkit-Csp-Report-Only
Powered-By
Edge-Cache
X-TX-ID
NtCoent-Length
X-B3-Spanid
X-Traceid
X-Dmc
X-PX
My-App
X-Pass-Why
X-CSRF-TOKEN
X-MSEdge-Features
X-Render-Time
X-FPC
X-Provided-By
X-INCAP-ABP
Test
X-MSEdge-Flight
X-Varnish-Beresp-Ttl
X-NGINX-Cache
X-Origin-Upstream-Status
X-Up
X-Cdn-Request-ID
C-Via
X-Correlation-ID
Cf-Int-Pingora-Origin-Digest
X-LB-ID
X-Beluga-Status
X-Beluga-Node
X-Beluga-Record
X-Beluga-Cache-Status
X-Beluga-Response-Time
X-Beluga-Trace
X-Gateway-Cache-Key
X-DynaTrace-JS-Agent
X-HS-Status
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Webkit-CSP-Report-Only
X-Service
X-Gateway-Skip-Cache
Tube-Got-Results
Tube-Return
Tube-Got-Eval
Server-Id
User-Agent
Click-Count-Error
Click-Count-Action-Start
Tube-Get-Contents
Rip
X-M-Reqid
X-Qnm-Cache
X-M-Log
Tcn
Esi-Enabled
X-Vcl-Version
Proxy-Connection
DataCenter
Resin-Trace
OT-Force-Account-Verify
Uri
GeoIP-Latitude
X-Via-PopV
X-Li-Pop
X-Li-Fabric
X-URL
X-LI-UUID
Srvid
On-Server
HIT
X-Via-PopN
X-UnsetCookies
X-Alfa-Service
X-Via-PopH
X-Ha-Backend
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
X-ND-Cache
X-ServedByHost
X-RAMCache
GeoIP-Country-Code
WZWS-RAY
Sid
X-Time-Microsecs
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
X-Hcs-Proxy-Type
X-APP
X-CCDN-Origin-Time
X-CUA
Epwk-X-Cache
X-CCDN-CacheTTL
X-Proxy-Cache-Hk
X-Geo
Srv
X-Fetch-By
X-LI-Proto
X-TRACE-ID
X-Cdn-Forward
Target-Params
Cf-Device-Type
X-Fastly-Backend-Reqs
X-ATG-Version
X-Fragments
X-Platform-Router
MIME-Version
X-Backend-Host
Tracecode
X-Platform-Cluster
X-Platform-Processor
X-Esi
X-Edge-Origin-Shield-Bytes
Cdn
X-App
Fastly-Drupal-HTML
Lfy
X-Sucuri-ID
ServerName
X-Var-Ttl
X-Sucuri-Cache
XServer
WebServer
ENV
X-B3-Traceid-Primal
X-Lb-Nocache
X-Fastly-Backend
X-Edge-POP
X-FC-Vary-Parameters
X-Edge-Origin-Shield-Region
X-HostName
X-MG-S
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Section-Io-Origin-Time-Seconds
X-Varnish-Beresp-Status
X-Yottaa-OS
Section-Io-Origin-Status
X-ElasticPress-Query
CountryCode
Section-Io-Id
M-TraceId
Section-Origin-Responded
Inserted-Into-Cache-At
CF-Cached-On
PICS-Label
X-Azure-Ref-OriginShield
X-Newrelic-App-Data
X-Cache-Expires
X-Backend-State
X-Serial
X-Vcache
X-Nc
Cf-Ipcountry
X-NU-AKA-ACS-Version
X-LiteSpeed-Cache-Control
Server-Ttl
X-Request-Url
Magicmarker
X-CF-Powered-By
X-Li-Proto
X-Iplb-Instance
X-Dw-Trace-Id
D-Url-Rewrites
X-Iplb-Request-Id
Warning
Servedby
X-Fastly-Cache-Hits
DT-Hot-News
Hit
X-Vercel-Id
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Vercel-Cache
Fastcgi-Cache-Ttl
Dt-Hot-News
X-Back
X-BBC-Origin-Response-Status
X-Release
X-Acquia-Application-Trace
X-Dist-Code
X-Acquia-Application-UUID
X-Acquia-Site
X-Acquia-Purge-Tags
X-Snapshot-Date
Ngx
X-Storefront-Renderer-Verified
X-Request-URL
X-Th-Server
Content-Style-Type
Cneonction
Content-Script-Type
X-Litespeed-Cache-Control