Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Akamai-Path-Stats
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-AH-Environment
Host-Header
X-Proxy-Cache
X-UA-Device
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
X-LiteSpeed-Cache
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
X-Pingback
Request-Id
Surrogate-Control
Cf-Edge-Cache
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
Content-Location
Rating
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
Accept-Ch
X-Url
Accept-Ch-Lifetime
X-Country
X-Ruxit-JS-Agent
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-Server-Name
X-Amz-Server-Side-Encryption
X-ESI
Cache-Tag
X-ASPNET-VERSION
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-FastCGI-Cache
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Dw-Request-Base-Id
X-Amz-Rid
Public-Key-Pins
X-Px
X-Edge
X-Cnection
X-D2id
X-Ser
X-Ac
X-Navigation-Version
X-Element-Page-Cache
Verso
X-Client-IP
Display
X-Abt-Application-Version
X-Powered-By-Plesk
Pagespeed
X-Sol
X-Middleton-Display
X-RateLimit-Remaining
X-Version
Arr-Disable-Session-Affinity
X-Litespeed-Cache
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
Response
X-NF-Request-ID
X-Middleton-Response
X-Ttl
X-Goog-Hash
Access-Control-Request-Method
SPRequestDuration
SPIisLatency
X-Cached
X-Kinsta-Cache
X-Correlation-Id
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
AR-SID
X-SharePointHealthScore
X-Edge-Location-Klb
SPRequestGuid
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-LLID
X-Upstream
Edge-Cache-Tag
X-TTL
X-NWS-LOG-UUID
X-Forwarded-For
X-Cache-Key
Content-MD5
Nginx-Cache
X-RateLimit-Limit
X-Id
X-MSEdge-Ref
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
TCN
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-T
X-Ruxit-Js-Agent
X-Recruiting
S
X-ECACHE
X-B3-TraceId-Primal
X-Daa-Tunnel
X-Content-Digest
X-Ua-Device
X-WebKit-CSP-Report-Only
X-Mg-S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-DataDome
X-Accel-Expires
X-Grace
TP-L2-Cache
TP-Cache
X-DynaTrace
MicrosoftSharePointTeamServices
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Ezoic-Cdn
X-Frontend
X-Ua-Browser
X-Request-Received
X-Request-Processing-Time
X-Ab
X-Content
X-Protected-By
Front-End-Https
X-Yandex-Sdch-Disable
Server-Node
Filters
X-Server-ID
MS-Author-Via
X-PressLabs-Stats
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-Hits
X-Geo-Country
X-Mid
X-LB-Cache
X-Webkit-Csp
X-Microsite
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amzn-Trace-Id
X-ORACLE-DMS-RID
Charset
Host
Cleartype
X-Debug-Info
X-Git-Hash
X-F-Cache
X-Mcache
X-Page-Id
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Cache-Age
X-Fastly-Request-Id
Cache-Status
X-Seen-By
X-DIS-Request-ID
Realpath
X-Webkit-CSP
Access-Control-Allow-Method
X-Az
X-AppVersion
X-Www-Served-By
X-Activity-Id
X-Ratelimit-Reset
ServerID
Accept-Charset
Pinterest-Generated-By
X-Aspnetmvc-Version
Pinterest-Version
X-Pinterest-Rid
Filterid
X-Varnish-Age
Cache-Tags
X-Nginx-Upstream-Cache-Status
X-Cluster-Name
X-Rid
X-Content-Options
X-Type
Retry-After
X-FB-Debug
X-Oracle-Dms-Ecid
X-App-Environment
X-Language
Country
X-Oracle-Dms-Rid
Server-Name
X-Varnish-Backend
X-Tb
X-User-Agent
X-Varnish-Grace
Permissions-Policy
Viewport
X-Upgrade-Enabled
DC
Node
X-Kong-Proxy-Latency
X-B-Cache
X-Kong-Upstream-Latency
X-Aspnet-Duration-Ms
X-Request-Guid
X-Wix-Request-Id
X-Route-Name
Paypal-Debug-Id
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Signature
X-Drupal-Cache-Tags
X-Whom
X-TT
X-B
X-VCache
X-Goog-Generation
X-Origin-Cache
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Mobile-URL
Fastcgi-Useragent
Protected
X-Debug
X-NWS-UUID-VERIFY
X-MCACHE
X-Amz-Meta-S3cmd-Attrs
X-N
X-Amz-Replication-Status
X-Cache-NGX
X-Logged-In
Payment
WPO-Cache-Status
X-XRDS-LOCATION
WPO-Cache-Message
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-Load-Cache
X-Via-JSL
X-Cache-Control
X-Contextid
Count-Hit
Healthy
X-Node-Name
X-Midtier
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
X-XRDS-Location
X-Mobile
X-Restarts
X-Response-Served-From
X-NGENIX-Cache
SD-X-WS
Alternate-Protocol
X-Template
X-Proxy
Content-Disposition
X-Original-Request-Id
Akamai-GRN
Refresh
X-Cache-Time
Url
X-G
X-Zen-Fury
X-Jobs
X-Revision
X-Cache-TTL-Remaining
X-Adobe-Loc
X-Akamai-Request-ID2
X-Adobe-Content
X-Servername
Uber-Trace-Id
X-UUID
X-Real-IP
X-Page-View
X-Framework
VIX-Pulpo-Node
NGB
VIX-Pulpo-Upstream-Status
X-Debug-IsPreview
X-Is-Bot
X-Device-Type
X-Instance
X-Cache-Grace
X-Drupal-Cache-Contexts
X-Http-Reason
X-Proxy-Cache-Status
X-Cacheable-TTL
X-Debug-IsConnected
X-Rendered-As
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Mg-Request-UUID
X-Varnish-Server
X-Hostname
X-IPLB-Instance
X-ECache
X-B3-Traceid
X-HTML-Minification-Powered-By
X-Environment-Context
X-L-Path
Version
X-Source
X-EdgeConnect-Cache-Status
X-Trace-Id
X-Oneagent-Js-Injection
Countrycode
Accept-Language
MS-CV
X-Fastly-Request-ID
Frame-Options
Ms-Operation-Id
X-RTag
X-Datadome
Referer-Policy
Liferay-Portal
X-Ratelimit-Remaining
From-Origin
X-Cache-Hit
X-NYM-Debug-Backend
X-Cache-Expired-At
X-Cache-Rule
X-Vgn-Hpd-Reason
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-COUNTRY
Backend
X-IPS-LoggedIn
X-Hosted-By
X-FW-Version
X-Nginx-Cache
Content-Secure-Policy
X-Unique-Id
CF-IPCountry
X-Cache-Server
Section-Io-Cache
Upgrade-Insecure-Requests
X-RN-RSRV
X-Fastcgi-Cache
X-UPSTREAM-Address
Meta-Geo
X-FB-TRIP-ID
X-Generation-Time
X-Cache-Enabled
X-No-Session
X-Redis-Cache
X-Ua
WP-Super-Cache
X-PCL
X-OCL
X-APP-VERSION
Azure-SlotName
Apigw-Requestid
X-Status
Azure-InstanceId
Azure-SiteName
Azure-Version
Azure-RegionName
X-AOL-HN
X-Region
X-Labrador-Cache-Channel
X-Via-Fastly
X-PHP-Host
X-ProcessESI
X-Origin-Hint
X-PHP-Backend
X-RemovedCookies
X-Varnish-Cache-Hits
X-Sql-Duration-Ms
X-Server-W
X-Sql-Count
X-UA-Device-Type
X-Uri
X-Request-Time
X-Section
X-Origin-Date
X-Format
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Connection-Speed
S-Rt
Mn-Server-Ip
Property-Id
TWC-Privacy
Webcakes-App-Name
X-Be
X-Cluster-Node
X-Akamai-Edgescape
X-Access
Webcakes-App-Version
Webcakes-Region
Fastly-SSL
TWC-GeoIP-LatLong
X-Mode
X-Content-Age
X-Nginx-Cache-Key
Locale
X-Locale
X-Human
X-PERF
X-Platform-Server
X-ProxyCache-Status
X-ProxyCache-Key
X-Generated-By
X-Say-Cacheable
X-NewRelic-App-Data
X-BYPASS-REASON
X-ApacheServer
Eomportal-Instance
X-Adobe-Source
X-Cache-Host
X-Cache-Tags
X-SayCDN-TTL
X-Debug-Cache
X-Content-Powered-By
X-Cms-Context
X-Forwarded-Host
X-Say-TTL
X-Urbn-Context-Path
X-Alternate-Cache-Key
Load-Balancing
X-Urbn-Site-Id
X-VC-Cache
X-Xfnlog-Site
X-AWS-Id
X-Storage
X-LJ-Flow-ID
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-VWS-Id
X-Site-Version
X-Shopify-Stage
X-ShopId
X-Cache-Type
X-GG-Cache-Date
X-Backend-Name
X-SaId
X-JoinUs
X-Varnishpool
X-Tid
X-Proxied
X-Routing-Service
X-Handled-By
X-ServerID
X-Detected-As
X-Extlb
X-Web-Node
X-Zipkin-Id
X-Hl-Ver
Cache-Tv-Group
Ec-Rule-Version
X-Parallel-Accel
CDN-PullZone
X-Timing-Wait
CDN-Cache
X-Edge-Location
CDN-Uid
CDN-CachedAt
X-Storefront-Renderer-Rendered
CDN-RequestId
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Proxy-Build
X-Cache-Action
Selected-Fe
X-Proto
X-GeoCode
X-GeoCountry
ServedBy
Webserver
Fastly-Drupal-Html
X-Dc
X-App-Version
SRV
X-Ratelimit-Limit
X-CDN-Forward
Web-Mar-Node
X-GEO
Onion-Location
X-LSADC-Cache
X-Hyper-Cache
X-Cached-By
X-Varnish-Hostname
X-Cache-Remote
X-Rule
Mime-Version
X-Cache-Operation
Cache-Hits
SID
X-Rewrite-Enabled
X-Cdn
X-Soup
X-Cluster
X-IPLB-Request-ID
X-TT-LOGID
X-Magnolia-Registration
X-Origin-CC
Xserver
X-Origin-TTL
X-Varnish-Hits
X-Accel-Buffering
X-Pubstack
X-Air-Trace-Id
X-Envoy-Decorator-Operation
X-Air-Hostname
X-Air-Source
X-SRV
Xet-Cookie
LB
X-Reqid
Country-Code
X-Microcachable
X-Xrds-Location
Server-Info
X-Tt-Logid
X-TA-CDN-Provider
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Buckets
DB-Nickname
X-CSRF-Token
Cache
Source
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Request-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Response-Time
X-B3-SpanId
X-Endurance-Cache-Level
X-Via-NSCOPI
X-Time
X-Tx-Id
Meta-Geo-Continent
X-Ig-Push-State
Xc-Version
MD5-Digest
NM-Fastcgi-Cache
X-Gzip
Odigeo-Trace-Id
X-VG-WebCache
X-Hash
X-Vtex-Processado-Em
X-HS-Content-Campaign-Id
X-Vtex-Remote-Cache
Mobile-Detection-Method
X-PAYTM-SRV-ID
Cmsid
X-NAPM-TraceId
Cmstype
Cdnsip
Cdncip
A
BehaviorPad-Version
DCR-Decision-By
DCR-Processing-Time-Ms
X-Orig-Expires
X-PBS-Appsvrname
Lang
Host-ID
Expiry
Fastcgi-X-Cache-Version
X-Rojux
X-User
X-B-Cookie
X-Cache-Id
X-Cache-NE
X-Cdn-Srv
X-ARC
X-Processor
X-S-Cookie
X-ScT
X-AK-Request-ID
X-Application
X-Epic-Correlation-Id
X-Shop-Environment
X-SD-PageType
X-Connection-Hash
X-D
X-Destination
X-Conf
X-Ec-Fail
X-Ec-GeoHdr
X-Session-Fingerprint
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-SRCache-Key
X-Aed
Sslversion
Surrogated-Key
X-TIM-N
X-Tenant
X-TrackingId
Rendered-Blocks
X-Vdms-Version
X-Vdms-Path
Pramga
X-Developer
T-Server
X-A-Ccd
X-S
X-External-Request-Id
X-Esi-Check
X-A-Wwc
X-Forwarded-Path
X-Ftr-Request-Id
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Geo-Header
X-A
X-Newrelic-Synthetics
X-Ms-Version
X-Ms-Request-Id
X-Skip-Cache
Datacenter
X-Irp-Debug
X-JWT-State
X-Has-Esi
X-Is-Gdpr
Platform
X-Gdpr
Producers
Memcached
X-GeoIP
X-Loop
X-Origin
X-Amzn-Remapped-Content-Length
X-Origin-Expires
X-Origin-Time
Fastly-GeoIP-CountryCode
X-Nyt-Route
Kp-EeAlive
Machine
Mail-Subject
X-Mvc-Supplant-Cachable
X-Node-Id
X-NodeID
X-Fmm-Version
X-Fastly-Cache
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
We-Hiring
X-Ckpd-Fst-Backend
X-CacheTTL
X-RCS-CacheZone
X-Bc-Bl
X-Cache-Backend
X-Cache-Bucket
X-Cache-Info
X-Clara-WADP
X-Core-Mission
X-DPWN-IS-SECURE
State
X-NCache
Server-Host
Environment
X-Varnish-Ttl
X-Device-Os
X-Core-Value
X-DefElseHash
X-DefHash
X-Developers
X-Fetched-On
Is-Eu
X-Worker
X-SVT-ORM-RULES
AKAMAI
X-Varnish-Remaining-TTL
X-Sigma
X-Scheme
Candidate-Md5Url
Cache-Key
Adler-Geo
X-Wix-Viewer-Type
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-V-Cache
X-Via-Ucdn
X-SVT-ORM-VERSION
X-WADP-Cache
X-TNCMS
DynaTrace
X-Sigma-Backend
X-Cache-Status-Check
X-Rocket-Build-Number
X-BCube-Filmed-By
X-SB
X-Azure-Ref
XM
X-VServer
X-SplitTest
X-Viewer-Country
X-Dispatcher-Number
X-Ec-Custom-Error
X-BBC-Edge-Cache-Status
X-Auto-Login
X-VarnishDD-TTL
X-VG-TLSProxy
X-Block-Status
X-Cache-Date
X-Branch-Name
X-Wikidot-Static-Cache
X-RateLimit-Remaining-Second
X-Csrf-Jwt
X-RateLimit-Limit-Second
X-Cdn-Origin
X-CGP
X-Ad-Defer-Variation
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
VNS-Age
VNS-Cache
CPC-Cache
CPC-Age
X-Datadog-Trace-Id
X-Wikidot-Backend
X-ZONE
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Platform
X-Planisys-CDN-Cache
X-Request-URI
X-Served-From
Cache-Name
X-Rocket-Nginx-Serving-Static
X-Pod-Name
X-Policy
X-Rebelmouse-Surrogate-Control
X-Proxy-Upstream
X-Qloud-Router
X-Proxy-Cache-Info
HostName
X-Region-Sid
X-Pool
GEO-INFO
X-Server-IP
X-Generated-On
X-Thinkindot-L3
X-GeoIP-City
X-Gen-Mode
X-Rebelmouse-Cache-Control
X-Varnish-Beresp-Grace
X-Forwarded-Site
X-Gamma-Serve
X-HN
X-Hnp-Log
X-Slack-Backend
X-SIPLIST1
X-Minions-Version
X-Level-Front-Cache
X-Sn-Servicetimems
X-Httpd
X-LAGOON
X-Eu-Site
X-Loc
NGX
N-Cache
Thinkindot-Control
Thinkindot-CacheControl-Type
Origin
Apple-News-Services-Handled
Traceparent
User-Cache-Control
Apple-News-Services-Request-Url
Server-Ext
Apple-News-Services-Host
Thinkindot-CacheControl
TDXMobile
Fastly-SIE
Sever-Int
Release
Server-Hostname
Req-Svc-Chain
Redirect-Candidate
Ssr
Origin-CC
Origin-EX
PFcat
Svr
V-Age
Apple-News-Services-Parsed-Url
Vix-Hermes-Req-Id
HA-Ipaddr
Fastcgi-Cache-TTL
Cluster
X-Aicache-OS
CloudFront-Viewer-Country
Gh-Request-Id
Fastly-SWR
IsBot
Ha-Gx-Prefs
L5d-Success-Class
L
Web-Mar-Region
CDCHOST
Ohc-File-Size
X-R9-Blue-Green-Version
DSUID
CDN
X-Owner
X-Scale
Fastly-Backend-Name
X-WA-Info
X-Optimistic-Header
X-AIR-PT
X-EC-Lua
X-WP-CF-Super-Cache-Cache-Control
X-Webstats-RespID
Pics-Label
X-Parent-Response-Time
X-Refresh
X-From
X-WP-CF-Super-Cache
X-VC
X-Micro-Cache
X-CS
X-CACHE-KEY
X-Cache-ASPX
X-Location
X-Ah-Environment
X-Contensis-Viewer-Groups
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
Locid
X-Srv
X-Edge-Pop
X-RateLimit-Reset
Path
X-LB-NoCache
X-Mvc-Supplant-OutputCached
X-NC
Servername
Env
X-Varnish-Authentication
Cache-Host
X-Servedbyhost
Ngx.Var.Host
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Cb-Modifiedtime
X-Response-By
X-Men
Arc-Country
X-TIME
X-Correlation-ID
Lb
Memory
X-Old-Content-Length
X-Via-Popn
X-Via-Popv
X-Generated-In
X-Via-Poph
X-TraceId
X-Varnish-Beresp-TTL
Time
Ohc-Cache-HIT
XkeyRZ
X-Proxy-CacheRZ
X-Akamai-Transformed
X-DI
X-DSS
X-DW
X-RPS
ITXSESSIONID
X-HA-Backend
X-DB
X-RSL
X-RPM
AMP-Access-Control-Allow-Source-Origin
X-S-Maxage
X-Clientip
GeoIp-Country-Code
X-Date
X-Accel-Expires-Debug
X-API-Version
Client
X-GeoIP-Country-Code
X-Vc
X-GeoIP-Region-Code
True-Client-IP
X-Api-Version
X-VCL-Version
X-Cs
X-VHOST
X-Trace-ID
Geoip-Latitude
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Cache-Debug
X-DC
FSS-Cache
Server-ID
X-URL
X-Dmc
Hostname
X-Fpc
X-Presslabs-Stats
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-FireWall-Port
CacheControlHeader
X-Render-Time
X-MSEdge-Features
X-Zone
X-MSEdge-Flight
X-TRACE-ID
X-INCAP-ABP
X-TH-Server
True-Client-Country-4JS
X-Action
Powered-By
NtCoent-Length
X-Webkit-Csp-Report-Only
X-DynaTrace-JS-Agent
X-TX-ID
X-Traceid
X-Service
X-B3-Spanid
X-PX
C-Via
Rip
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Backend-TTL
X-M-Reqid
Tube-Return
Tube-Got-Eval
Click-Count-Action-Start
Click-Count-Error
Tube-Got-Results
Tube-Get-Contents
Test
X-Qnm-Cache
Tcn
Edge-Cache
HIT
X-M-Log
Esi-Enabled
X-NGINX-Cache
X-CSRF-TOKEN
X-FPC
X-Req
On-Server
X-Cdn-Request-ID
X-Pass-Why
X-Beluga-Node
X-Beluga-Record
X-HS-Status
X-Beluga-Status
Server-Id
X-Alfa-Service
X-Beluga-Trace
X-Webkit-CSP-Report-Only
User-Agent
X-Beluga-Cache-Status
OT-Force-Account-Verify
My-App
Geo-Info
X-Beluga-Response-Time
X-Vcl-Version
X-Origin-Upstream-Status
X-Akamai-Pragma-Client-IP
Uri
Cdn
GeoIP-Country-Code
GeoIP-Latitude
X-Check-Cacheable
X-Up
X-Via-PopN
X-Ha-Backend
X-Via-PopH
X-Via-PopV
X-Edge-Origin-Shield-Bytes
Proxy-Connection
Srvid
Resin-Trace
Cf-Int-Pingora-Origin-Digest
X-Proxy-Cache-Hk
X-Provided-By
X-Edge-Origin-Shield-Region
X-CLOUD-TRACE-CONTEXT
Sid
X-LB-ID
X-APP
X-Hcs-Proxy-Type
X-ServedByHost
Srv
M-TraceId
X-LI-UUID
MIME-Version
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Li-Fabric
X-Varnish-Beresp-Ttl
X-LI-Proto
X-Li-Pop
Epwk-X-Cache
WebServer
X-Cdn-Forward
X-App
X-Fetch-By
X-UnsetCookies
X-RAMCache
ENV
X-Backend-Host
DT-Hot-News
X-Esi
Warning
X-Fastly-Backend-Reqs
ServerName
X-Lb-Nocache
WZWS-RAY
X-Nc
X-ND-Cache
DataCenter
X-B3-Traceid-Primal
Server-Ttl
XServer
X-Edge-POP
X-Time-Microsecs
X-Geo
X-HostName
X-LiteSpeed-Cache-Control
X-MG-S
PICS-Label
X-CF-Powered-By
X-HITS
Section-Io-Origin-Status
X-Newrelic-App-Data
X-Serial
CF-Cached-On
X-ElasticPress-Query
Cf-Device-Type
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Bip
X-Thanos
X-Dw-Trace-Id
X-Yottaa-OS
X-Request-Url
X-Akamai-Request-ID
X-CUA
True-Client-Ip
Fastly-Drupal-HTML
X-Sucuri-ID
X-Vcache
X-Sucuri-Cache
X-Request-Start
X-Platform-Cluster
X-Var-Ttl
X-Platform-Router
X-Cc-Via
Dt-Hot-News
X-Platform-Processor
X-IN-APIGATEWAY
X-Vercel-Cache
X-Vercel-Id
X-IN-APIGATEWAYSSL
Inserted-Into-Cache-At
X-ATG-Version
X-FC-Vary-Parameters
X-Fastly-Backend
Target-Params
X-Azure-Ref-OriginShield
Tracecode
D-Url-Rewrites
X-Fragments
X-Iplb-Request-Id
X-Iplb-Instance
Cdn-Requestid
Cdn-Edgestorageid
Servedby
Cdn-Requestcountrycode
Cdn-Pullzone
Cdn-Uid
Wp-Super-Cache
Cdn-Cachedat
Cdn-Cache
X-MiniProfiler-Ids
Content-Script-Type
X-BBC-Origin-Response-Status
X-LiteSpeed-Tag
CountryCode
X-Dist-Code
Content-Style-Type
Vha6-Origin
X-Storefront-Renderer-Verified
X-Fastly-Cache-Hits
Lfy
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Th-Server
X-Release
X-Request-URL
X-Back