Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
X-LiteSpeed-Cache
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Amz-Version-Id
X-Pingback
X-Device
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Content-Location
X-Ruxit-JS-Agent
Rating
X-Country
X-Ua-Compatible
Accept-Ch-Lifetime
X-B3-TraceId
Accept-CH-Lifetime
X-Language
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Template
X-Ac
X-Content-Type
Allow
X-Vname
X-TtlSet
X-PC
X-Varnish-TTL
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-ESI
Cache-Tag
X-Server-Name
Fastly-Restarts
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
X-Buckets
MS-Author-Via
X-Amz-Rid
Public-Key-Pins
X-Vcap-Request-Id
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Aws-Lambda-Call-Status
X-Cache-TTL
X-Origin-Cache
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Px
Arr-Disable-Session-Affinity
X-Goog-Hash
X-Navigation-Version
X-Powered-By-Plesk
X-Country-Code
X-NF-Request-ID
Access-Control-Request-Method
RTSS
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Accept-Ch
X-Version
X-Powered-CMS
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
Display
X-Middleton-Display
Pagespeed
X-Sol
X-Amz-Server-Side-Encryption
X-Middleton-Response
Response
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-MSEdge-Ref
AR-SID
AR-PoweredBy
AR-Request-ID
AR-CACHE
AR-ATIME
X-LLID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
Nginx-Cache
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-RateLimit-Remaining
X-Shield-Request-Id
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Protected-By
X-T
S
TCN
X-Forwarded-For
Content-MD5
X-Content-Security-Policy-Report-Only
X-Mg-S
X-TTL
X-Id
X-Aspnetmvc-Version
Realpath
Fastcgi-Cache
X-MCACHE
X-CST
X-Mid
Edge-Cache-Tag
X-Ttl
SPRequestDuration
SPIisLatency
Front-End-Https
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Filters
X-Parallel-Accel
X-Ab
X-Content
X-Ua-Browser
X-DynaTrace
X-Correlation-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Server-Name
X-Ruxit-Js-Agent
SPRequestGuid
X-SharePointHealthScore
X-NWS-LOG-UUID
X-Frontend
X-Ezoic-Cdn
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-ECACHE
Alternate-Protocol
X-Yandex-Sdch-Disable
X-Hits
X-Cache-Key
X-Ser
X-Content-Options
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cache-Tags
X-Page-Id
MicrosoftSharePointTeamServices
X-B3-Sampled
X-Git-Hash
Host
Cleartype
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Charset
X-Accel-Expires
X-Www-Served-By
X-Daa-Tunnel
X-Content-Digest
X-Geo-Country
X-Fastly-Request-Id
X-DIS-Request-ID
Filterid
X-Amz-Replication-Status
X-Amzn-Trace-Id
TP-Cache
TP-L2-Cache
X-VCache
X-Varnish-Age
X-Debug-Info
X-Forwarded-Proto
X-Activity-Id
X-AppVersion
X-Hostname
X-Az
X-Upgrade-Enabled
X-Rid
X-N
X-FB-Debug
X-XRDS-LOCATION
X-Origin-Server
X-Grace
Access-Control-Allow-Method
X-LB-Cache
X-WebKit-CSP-Report-Only
ServerID
Cross-Origin-Opener-Policy
X-Nginx-Upstream-Cache-Status
X-Mobile-URL
X-Request-Guid
X-Providence-Cookie
X-Route-Name
X-F-Cache
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Origin-Upstream-Status
X-Whom
X-GUploader-UploadID
X-Varnish-Grace
X-TT
X-App-Environment
Viewport
X-Tb
X-App-Server
X-Distributor
Payment
Node
DC
Paypal-Debug-Id
X-FW-Dynamic
X-NGENIX-Cache
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Static
X-Server-ID
X-Seen-By
X-Type
X-Microsite
X-Cache-Control
Fastcgi-Useragent
X-Request-Handler-Origin-Region
X-Ratelimit-Limit
X-User-Agent
X-Logged-In
Country
Accept-Charset
X-Cache-Rule
X-Wix-Request-Id
X-Litespeed-Cache
X-Cache-Age
X-DataDome
X-Webkit-CSP
Version
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Load-Cache
X-Drupal-Cache-Tags
Referer-Policy
X-Fastly-Request-ID
X-Node-Name
X-Via-JSL
X-Cache-Action
Refresh
X-Cluster-Name
X-Mobile
Cache-Status
X-Original-Request-Id
Amp-Access-Control-Allow-Source-Origin
SD-X-WS
X-Contextid
X-IPLB-Instance
X-Response-Served-From
Access-Control-Request-Headers
X-Proxy-Cache-Status
X-Cacheable-TTL
X-Vgn-Hpd-Reason
X-Is-Bot
X-Rendered-As
X-B-Cache
X-Signature
X-Jobs
X-Page-View
NGB
X-Debug
X-UUID
X-RemovedCookies
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Real-IP
X-Cache-Expired-At
X-ProcessESI
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Revision
X-TEC-API-ROOT
X-B
X-Proxy
X-Rule
X-Device-Type
X-Yottaa-Optimizations
Akamai-GRN
X-Yottaa-Metrics
X-Framework
X-Cache-Time
X-G
X-Drupal-Cache-Contexts
X-Instance
X-Debug-IsPreview
Surrogate-Key
X-Debug-IsConnected
X-PressLabs-Stats
X-Fastcgi-Cache
DynaTrace
CF-IPCountry
X-FW-Version
X-Air-Trace-Id
SID
X-Air-Hostname
X-Tec-Api-Version
Liferay-Portal
X-Tec-Api-Root
X-Air-Source
X-Tec-Api-Origin
Healthy
X-Azure-Ref
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-XRDS-Location
X-Ms-Version
X-Ms-Request-Id
X-Source
Frame-Options
X-Ratelimit-Reset
X-RTag
Ms-Operation-Id
MS-CV
X-CDN-Forward
X-Nginx-Cache
Count-Hit
X-Oneagent-Js-Injection
X-APP-VERSION
X-Cache-Operation
X-Presslabs-Stats
X-Cache-Hit
X-L-Path
X-Environment-Context
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-EdgeConnect-Cache-Status
GEO-INFO
Uber-Trace-Id
Xserver
X-Accel-Buffering
X-Varnish-Server
Countrycode
X-RateLimit-Limit
X-Servername
X-Backend-Name
X-Mode
X-Region
Section-Io-Cache
Ec-Rule-Version
X-Forwarded-Host
X-Zen-Fury
X-Content-Powered-By
X-IPS-LoggedIn
Backend
Cross-Origin-Window-Policy
Meta-Geo
X-JoinUs
X-UPSTREAM-Address
X-SaId
X-RN-RSRV
X-Cache-NGX
X-Detected-As
X-Hosted-By
X-Generation-Time
X-Human
X-Tid
X-Proxied
X-Sql-Duration-Ms
X-Extlb
X-Uri
X-Cache-Grace
Protected
X-Zipkin-Id
X-Cache-Type
X-Varnish-Beresp-Grace
X-Cache-Server
X-Sql-Count
X-Debug-Cache
X-Redis-Cache
X-Routing-Service
X-Alternate-Cache-Key
Apigw-Requestid
DB-Nickname
Url
X-Adobe-Content
X-ShopId
X-ShardId
X-BYPASS-REASON
X-Status
X-Cache-TTL-Remaining
X-Adobe-Loc
X-Shopify-Stage
Decoy-Debug-Status
Cache-Tv-Group
X-Site-Version
Decoy-Debug-TTL
Decoy-Debug-Key
Mn-Server-Ip
Eomportal-Instance
Country-Code
X-ServerID
X-Via-Fastly
X-FB-TRIP-ID
X-Rewrite-Enabled
X-Sorting-Hat-PodId
X-UA-Device-Type
X-No-Session
X-Microcachable
X-ProxyCache-Status
X-Sorting-Hat-ShopId
X-ProxyCache-Key
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
Cache-Name
X-Origin-Date
TWC-Privacy
Property-Id
X-OCL
X-PCL
X-PHP-Backend
Webcakes-App-Name
X-SayCDN-TTL
X-Soup
X-Origin-Hint
X-Storage
X-Server-W
X-Format
X-Cache-Host
Fastly-SSL
X-Say-Cacheable
X-NCache
Webcakes-Region
Webcakes-App-Version
X-Web-Node
X-Akamai-Edgescape
X-Say-TTL
X-Pubstack
Azure-Version
X-Hl-Ver
X-R9-Blue-Green-Version
OT-Force-Account-Verify
Azure-SlotName
X-ApacheServer
X-Access
X-PERF
X-Section
X-NYM-Debug-Backend
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Content-Age
X-Be
X-Varnishpool
X-Cluster-Node
Content-Secure-Policy
X-Ua
X-LSADC-Cache
X-Timing-Wait
X-Proxy-Build
Selected-Fe
X-Azure-Ref-OriginShield
CDN-RequestId
CDN-RequestCountryCode
CDN-Cache
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
Source
X-Hyper-Cache
CDN-Uid
SRV
Content-Disposition
X-Webkit-Csp
X-Generated-By
X-NewRelic-App-Data
X-Cached-By
X-Unique-Id
X-SRV
Cache
X-Trace-Id
LB
X-HTML-Minification-Powered-By
X-Nginx-Cache-Key
X-TIME
X-TT-LOGID
X-LAGOON
X-Dc
X-App-Version
X-Amz-Meta-S3cmd-Attrs
Xet-Cookie
Retry-After
X-Varnish-Hostname
X-Varnish-Hits
X-Auto-Login
X-Origin-TTL
X-Origin-CC
X-TNCMS
X-Loop
X-GEO
X-Bc-Bl
Onion-Location
X-S-Maxage
Cache-Hits
WPO-Cache-Message
WPO-Cache-Status
X-Cache-Var-Map
X-Cache-Var
Mime-Version
X-Akamai-Transformed
X-Time
X-Tumblr-Pixel-3
X-Platform-Server
X-ECache
Web-Mar-Node
X-Tumblr-Pixel-2
X-Cdn
X-Proto
X-Ratelimit-Remaining
HostName
X-Tenant
X-Xfnlog-Site
X-Time-Microsecs
X-M-Log
X-Endurance-Cache-Level
X-Qnm-Cache
Webserver
X-M-Reqid
X-VWS-Id
X-Edge-Location
X-LJ-Flow-ID
X-CSRF-Token
X-AWS-Id
X-Cache-Tags
X-Varnish-Cache-Hits
X-GG-Cache-Date
X-Cache-Remote
Upgrade-Insecure-Requests
N-Cache
CloudFront-Viewer-Country
X-Request-Time
ServedBy
X-AOL-HN
X-Mg-Request-UUID
X-B3-SpanId
X-Labrador-Cache-Channel
X-PHP-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
X-RCS-CacheZone
X-CACHE-KEY
X-Via-NSCOPI
X-EC-Lua
X-Request-Host
X-Planisys-CDN-Cache
Meta-Geo-Continent
X-SD-PageType
X-ScT
X-S-Cookie
X-Planisys-CDN-Rules
X-PBS-Appsvrname
X-Planisys-CDN-TTL
X-Session-Fingerprint
X-Processor
X-Rojux
X-S
X-TIM-N
X-Vdms-Version
X-Vdms-Path
X-V-Cache
X-VG-WebCache
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
X-SRCache-Key
DCR-Decision-By
DCR-Processing-Time-Ms
Expiry
BehaviorPad-Version
A
X-Slack-Backend
X-Shop-Environment
Fastcgi-X-Cache-Version
X-Gen-Mode
X-B-Cookie
Pramga
X-ARC
X-Block-Status
X-Cache-Date
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-NE
Redirect-Candidate
Rendered-Blocks
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A-Dgt
Surrogated-Key
X-Application
X-Aed
X-A-Wwc
Origin
X-Ckpd-Fst-Backend
X-Hnp-Log
X-A
X-Ftr-Request-Id
X-Ig-Push-State
Mobile-Detection-Method
X-Orig-Expires
X-ND-Cache
X-NAPM-TraceId
Odigeo-Trace-Id
X-Forwarded-Path
X-Connection-Hash
X-Conf
X-Cluster
X-D
X-Destination
X-External-Request-Id
X-Developer
X-Origin-Response-Time
User-Cache-Control
X-Locale
Nel
X-Handled-By
X-Correlation-ID
X-MP-GENERATED-AT
From-Origin
X-Storefront-Renderer-Rendered
X-FireWall-Port
X-Old-Content-Length
Host-ID
X-Li-Pop
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-LI-UUID
X-Origin-Time
X-Location
Gh-Request-Id
DSUID
X-Served-From
X-Skip-Cache
X-Rocket-Nginx-Serving-Static
Fastcgi-Cache-TTL
X-Policy
X-Proxy-Upstream
X-Li-Fabric
Origin-CC
X-Cache-Info
X-Core-Mission
X-Device-Os
Traceparent
Vix-Hermes-Req-Id
X-Aicache-OS
X-Cache-Bucket
X-Epic-Correlation-Id
X-Fastly-Cache
X-Geo-Header
Origin-EX
X-Sucuri-Cache
X-VC-Cache
Release
X-Fetched-On
X-Gdpr
X-Hash
X-Owner
X-VServer
X-Webstats-RespID
WP-Super-Cache
V-Age
Arc-Country
AKAMAI
Wxu-Next-Commit
X-Varnish-Beresp-Status
X-SVT-ORM-VERSION
CDCHOST
L
CacheControlHeader
Sslversion
X-Sucuri-ID
X-SVT-ORM-RULES
Wxu-Next-Hostname
Wxu-Next-Region
Server-Info
Environment
AMP-Access-Control-Allow-Source-Origin
X-Adobe-Source
X-ATG-Version
X-Reqid
X-Cdn-Srv
Ssr
Svr
X-Esi-Check
X-Accel-Expires-Debug
X-Forwarded-Site
X-VarnishDD-TTL
PFcat
X-NodeID
X-Date
X-Datadog-Sampling-Priority
X-Branch-Name
X-Cache-Debug
X-Gamma-Serve
X-Cache-Id
X-Cdn-Origin
True-Client-Country-4JS
X-Cache-Config
X-Datadog-Parent-Id
X-Core-Value
X-BBC-Edge-Cache-Status
X-Datadog-Trace-Id
Apple-News-Services-Parsed-Url
X-HN
X-Region-Sid
X-Developers
X-Thinkindot-L3
X-Origin-Expires
X-TrackingId
X-Req
X-TH-Server
X-Sigma
X-Sigma-Backend
X-Server-IP
X-Scheme
X-Request-Start
X-Rocket-Build-Number
X-VG-TLSProxy
X-Node-Id
X-Gzip
X-Sn-Servicetimems
X-GeoIP-City
X-GeoIP
X-Generated-On
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-HS-Content-Campaign-Id
X-Men
X-Viewer-Country
Apple-News-Services-Handled
X-Level-Front-Cache
X-Irp-Debug
Locid
X-Platform
TDXMobile
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Cmsid
Cmstype
Mail-Subject
Machine
Fastly-GeoIP-CountryCode
Req-Svc-Chain
Fastly-Drupal-Html
State
Web-Mar-Region
We-Hiring
X-NWS-UUID-VERIFY
X-Magnolia-Registration
X-Zone
X-RateLimit-Limit-Second
X-Thanos
X-DPWN-IS-SECURE
Adler-Geo
X-Variation
NM-Fastcgi-Cache
X-JWT-State
X-DefElseHash
X-DefHash
X-Is-Gdpr
X-NU-AKA-ACS-Version
X-Has-Esi
X-Qloud-Router
Fastly-SIE
Platform
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Fastly-Backend
Cf-Device-Type
X-FC-Vary-Parameters
X-Amzn-Remapped-Content-Length
X-Response-By
X-Varnish-CookieHashed-On
X-Request-URI
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
X-Eu-Site
X-CGP
X-Backend-State
X-Envoy-Decorator-Operation
X-Pod-Name
X-RateLimit-Remaining-Second
X-Varnish-Remaining-TTL
X-UnsetCookies
X-Varnish-CookieINHashed-On
X-Loc
NGX
Memcached
X-Worker
X-Bip
X-Csrf-Jwt
X-Xrds-Location
Datacenter
X-Cache-Enabled
X-Tx-Id
X-CS
X-Origin
X-Mvc-Supplant-OutputCached
X-Ua-Device
X-Varnish-Beresp-Ttl
X-NC
X-CLOUD-TRACE-CONTEXT
Candidate-Md5Url
X-Up
X-API-Version
X-Vc
CDN
Pics-Label
X-GeoIP-Country-Code
X-LB-ID
X-GeoIP-Region-Code
X-Backend-TTL
X-Generated-In
Magicmarker
X-Trace-ID
Memory
X-Tb-Optimization-Total-Bytes-Saved
WWW-Authenticate
Ms-Author-Via
On-Server
Time
X-Datadome
X-LB-NoCache
X-Edge-Pop
Esi-Enabled
X-TraceId
S-Rt
X-DynaTrace-JS-Agent
X-Via-Poph
X-Refresh
WebServer
Env
X-Via-Popn
Kp-EeAlive
GeoIp-Country-Code
X-TA-CDN-Provider
X-Restarts
NtCoent-Length
X-Via-Popv
X-Tt-Logid
X-Varnish-Ttl
X-Dynatrace
X-DC
X-Optimistic-Header
C-Via
X-Parent-Response-Time
X-Service
X-RPS
X-Wix-Viewer-Type
X-RSL
X-Cache-PHP
X-Action
X-DSS
X-DI
X-DB
Edge-Cache
X-RPM
X-DW
X-CacheTTL
X-Http-Reason
X-Varnish-Beresp-TTL
X-Akamai-Request-ID2
X-Cache-Backend
X-Servedbyhost
X-Esi
X-Srv
X-Minions-Version
Server-ID
X-Unique-ID
X-MSEdge-Features
X-Cache-Status-Check
X-MSEdge-Flight
X-Render-Time
X-TX-ID
X-Newrelic-Synthetics
X-Cs
X-ZONE
Accept-Language
X-VCL-Version
X-HA-Backend
Proxy-Connection
X-Info
X-AIR-PT
X-App
X-Fpc
X-LI-Proto
X-Cache-Ttl
X-Li-Proto
Locale
X-URL
X-Urbn-Site-Id
X-Urbn-Context-Path
X-User
Test
X-Ec-Fail
X-FPC
X-Clientip
X-Webkit-Csp-Report-Only
X-Ec-GeoHdr
X-Traceid
X-LiteSpeed-Cache-Control
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
HIT
X-Vcl-Version
UCS
X-Oss-Request-Id
Server-Id
Cache-Host
X-B3-Spanid
X-Oss-Server-Time
X-Oss-Storage-Class
X-Webkit-CSP-Report-Only
X-NODE
Tcn
Geo-Info
S-Cnection
X-CSRF-TOKEN
Cdnsip
X-AK-Request-ID
Cdncip
X-Pass-Why
M-TraceId
Hostname
Fastly-Backend-Name
My-App
Resin-Trace
Cf-Int-Pingora-Origin-Digest
X-Micro-Cache
X-LiteSpeed-Tag
User-Agent
Cluster
X-WADP-Cache
X-HostName
Fastly-Drupal-HTML
X-Clara-WADP
X-Fmm-Version
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Lb
X-Backend-Host
X-Ha-Backend
Tracecode
X-ServedByHost
Geoip-Latitude
X-ID
X-CUA
X-Pad
X-Dynatrace-Js-Agent
X-BCube-Filmed-By
GeoIP-Country-Code
T-Server
X-Var-Ttl
X-BBC-Origin-Response-Status
X-From
X-APP
Lfy
X-B3-Traceid
Hit
X-Release
X-NGINX-Cache
Ohc-File-Size
X-Geo
Lang
X-Fragments
X-Via-PopV
X-Edge-POP
X-Via-PopN
X-RAMCache
X-Via-PopH
X-Cdn-Forward
MIME-Version
X-ElasticPress-Query
X-Check-Cacheable
ENV
VNS-Age
X-Api-Version
Path
X-WA-Info
X-HS-Status
X-Edge-Cache
Load-Balancing
EpKe-Alive
CPC-Cache
CPC-Age
VNS-Cache
Cache-Key
X-WA
Target-Params
X-ES-SERVER
X-Amz-Meta-Cb-Modifiedtime
X-WP-CF-Super-Cache-Cache-Control
Servername
X-WP-CF-Super-Cache
X-ServerName
X-Fastly-Backend-Reqs
URI
X-Ucs
DataCenter
X-UP
X-GoCache-CacheStatus
X-Cms-Context
Shield-Pop
X-Lb-Id
Pagetype
X-Fastly-Cache-Hits
Cteonnt-Length
X-Mcache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-PJAX-URL
X-Dw-Trace-Id
Srv
X-TRACE-ID
X-Via-Ucdn
Cdn
X-Proxy-Cache-Info
Ohc-Cache-HIT
X-Lb-Nocache
WZWS-RAY
X-Swift-Error
X-Hcs-Proxy-Type
X-Akamai-Pragma-Client-IP
X-Cdn-Request-ID
X-RateLimit-Reset
Server-Ttl
X-VC
FSS-Cache
X-CCDN-Origin-Time
PICS-Label
X-Nc
X-CCDN-CacheTTL
MD5-Digest
Uri
X-Httpd
Cneonction
X-B3-ParentSpanId
X-Akamai-ERRuleID
Producers
X-Acquia-Application-Trace
X-Udemy-Cache-App-Namespace
X-Akamai-ERPolicy
Cf-Ipcountry
X-Acquia-Purge-Tags
ServerName
Permissions-Policy
IsBot
X-Acquia-Application-UUID
X-Acquia-Site
X-VG-WebServer
X-Yottaa-OS
CF-Cached-On
Vha6-Origin
X-Apw-Access-Action
X-Newrelic-App-Data
X-Snapshot-Date
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-SIPLIST1
Server-Hostname
Server-Ext
Sever-Int
CountryCode
X-Air-Pt
Sid
X-Provided-By
X-Cache-Ngx
X-Last-Modified
X-Cache-Expires
X-SB
X-Miniprofiler-Ids
X-Varnish-Authentication
X-Te-Count
X-CacheKey
X-UA
Req-ID
X-Sentry-ID
X-Http-Count
X-Http-Duration-Ms
X-B3-Parentspanid
W
X-Te-Duration-Ms
Ngx
X-Logging-Id