Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Pragma
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
Alt-Svc
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
P3p
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Iinfo
X-FRAME-OPTIONS
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
X-CDN
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-Akamai-Path-Stats
X-XSS-PROTECTION
Access-Control-Max-Age
CF-Ray
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
X-Dns-Prefetch-Control
EagleId
X-Robots-Tag
X-Age
X-Server
X-Ua-Compatible
X-Amz-Request-Id
X-AH-Environment
X-UA-Device
X-Amz-Id-2
Host-Header
X-Proxy-Cache
X-Hacker
X-Rq
X-Server-Powered-By
Grace
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Allow
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
Cf-Edge-Cache
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-CST
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Cache-Lookup
X-Response-Time
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Url
X-Ruxit-JS-Agent
X-Country
Fastly-Restarts
Accept-Ch
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-TtlSet
X-PC
X-Vname
X-Amz-Server-Side-Encryption
RTSS
X-VARITI-CCR
Edge-Control
X-FastCGI-Cache
X-Varnish-TTL
X-ESI
X-Server-Name
X-Edge
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Dw-Request-Base-Id
X-Amz-Rid
Public-Key-Pins
X-D2id
X-Px
X-Cnection
X-ASPNET-VERSION
X-Ser
X-Content-Security-Policy-Report-Only
X-Navigation-Version
X-Middleton-Display
Pagespeed
X-Powered-By-Plesk
X-Sol
Display
X-Abt-Application-Version
Verso
X-Ac
X-Element-Page-Cache
X-Version
X-Client-IP
X-RateLimit-Remaining
Arr-Disable-Session-Affinity
X-Ttl
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Litespeed-Cache
X-Middleton-Response
Response
X-Cached
X-Goog-Hash
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
X-Kinsta-Cache
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
X-Instrumentation
AR-SID
AR-CACHE
X-Server-Lifecycle-Phase
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Kraken-Loop-Name
X-WebKit-CSP-Report-Only
X-Upstream
X-Powered-CMS
X-Correlation-Id
X-LLID
Edge-Cache-Tag
X-Forwarded-For
X-NWS-LOG-UUID
Content-MD5
Nginx-Cache
X-Id
X-TTL
X-RateLimit-Limit
X-Cache-Key
X-ECACHE
X-Shield-Request-Id
TCN
X-MSEdge-Ref
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Recruiting
S
X-T
Mrf-Cache-Status
MRF-Tech
X-Daa-Tunnel
X-Content-Digest
X-DataDome
X-B3-TraceId-Primal
X-Mg-S
X-Jurisdiction
X-HP-Trace-Id
X-Ruxit-Js-Agent
X-HP-Webp
X-Mcache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TP-L2-Cache
TP-Cache
X-Grace
X-Accel-Expires
X-Ua-Device
Front-End-Https
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-DynaTrace
X-HS-Content-Id
X-Protected-By
Server-Node
X-Frontend
MicrosoftSharePointTeamServices
Filters
X-Request-Received
X-Request-Processing-Time
X-Ezoic-Cdn
X-Yandex-Sdch-Disable
X-Ab
X-Distributor
X-Content
X-Ua-Browser
X-Origin-Server
X-PressLabs-Stats
X-Hits
X-Server-ID
Fastcgi-Cache
X-LB-Cache
X-ORACLE-DMS-ECID
X-Geo-Country
X-ORACLE-DMS-RID
MS-Author-Via
X-Request-Handler-Origin-Region
X-Microsite
Charset
X-Cache-Age
X-Amzn-Trace-Id
X-Mid
Host
X-Tt-Trace-Host
X-Git-Hash
X-Page-Id
X-Tt-Trace-Tag
X-F-Cache
Cross-Origin-Opener-Policy
X-Forwarded-Proto
Cleartype
Cache-Status
X-B3-Sampled
Realpath
X-Seen-By
X-Debug-Info
X-Webkit-Csp
X-Az
X-Fastly-Request-Id
X-Activity-Id
X-AppVersion
X-DIS-Request-ID
X-Nginx-Upstream-Cache-Status
Access-Control-Allow-Method
Permissions-Policy
Accept-Charset
X-Www-Served-By
X-Ratelimit-Reset
Filterid
X-Webkit-CSP
ServerID
X-Varnish-Age
X-FB-Debug
Cache-Tags
X-Rid
X-Cluster-Name
X-Content-Options
Retry-After
X-Aspnetmvc-Version
X-Midtier
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Type
Server-Name
X-Varnish-Backend
X-Varnish-Grace
X-App-Environment
X-Flags
X-Aspnet-Duration-Ms
X-B
X-Amz-Meta-S3cmd-Attrs
X-User-Agent
Country
X-Route-Name
X-Tb
X-Is-Crawler
X-Request-Guid
X-Providence-Cookie
X-Language
X-Whom
X-Drupal-Cache-Tags
X-TT
X-B-Cache
X-Signature
Viewport
X-Origin-Cache
X-Wix-Request-Id
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
Paypal-Debug-Id
X-Goog-Storage-Class
DC
X-Goog-Stored-Content-Encoding
Fastcgi-Useragent
X-Debug
X-VCache
X-Upgrade-Enabled
Node
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NWS-UUID-VERIFY
X-Load-Cache
X-Logged-In
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-XRDS-LOCATION
X-Amz-Replication-Status
Protected
X-Cache-NGX
Surrogate-Key
Payment
X-N
X-Mobile-URL
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Alternate-Protocol
Count-Hit
WPO-Cache-Message
WPO-Cache-Status
X-NGENIX-Cache
X-Contextid
X-Restarts
X-Node-Name
Healthy
X-Mobile
X-XRDS-Location
X-Via-JSL
X-Proxy
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Response-Served-From
Content-Disposition
X-Original-Request-Id
SD-X-WS
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Static
X-FW-Type
Refresh
X-Jobs
X-ECache
X-G
X-Revision
Uber-Trace-Id
X-Adobe-Content
X-Cache-Time
X-Adobe-Loc
X-UUID
X-Real-IP
Url
X-Page-View
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Akamai-Request-ID2
X-Debug-IsPreview
X-Mg-Request-UUID
X-Servername
X-Rendered-As
X-MCACHE
X-Is-Bot
X-Framework
X-Cacheable-TTL
X-Debug-IsConnected
X-Device-Type
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
X-Cache-Grace
Akamai-GRN
X-Zen-Fury
X-Yottaa-Metrics
X-Template
X-Yottaa-Optimizations
X-Http-Reason
X-Cache-TTL-Remaining
X-Varnish-Server
X-Environment-Context
NGB
X-L-Path
X-Instance
X-Hostname
Frame-Options
X-IPLB-Instance
Version
X-HTML-Minification-Powered-By
Referer-Policy
X-EdgeConnect-Cache-Status
X-Source
Countrycode
X-Ratelimit-Remaining
Ms-Operation-Id
X-RTag
MS-CV
Liferay-Portal
X-Fastly-Request-ID
Accept-Language
X-B3-Traceid
X-NYM-Debug-Backend
X-Trace-Id
X-Cache-Rule
X-Oneagent-Js-Injection
X-App-Server
X-Datadome
X-Cache-Hit
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-Hosted-By
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Unique-Id
X-Tumblr-User
X-Nginx-Cache
Backend
X-Tumblr-Pixel-1
From-Origin
X-IPS-LoggedIn
X-ProcessESI
X-RemovedCookies
X-Vgn-Hpd-Reason
X-Status
X-UPSTREAM-Address
Load-Balancing
X-FW-Version
Meta-Geo
Section-Io-Cache
WP-Super-Cache
X-RN-RSRV
X-AWS-Id
X-No-Session
Content-Secure-Policy
X-OCL
X-PCL
X-LJ-Flow-ID
X-Cache-Server
X-FB-TRIP-ID
X-Content-Powered-By
X-APP-VERSION
X-VWS-Id
X-COUNTRY
X-Akamai-Edgescape
X-AOL-HN
X-Cache-Enabled
X-Labrador-Cache-Channel
X-Sql-Duration-Ms
X-PHP-Host
X-PHP-Backend
Apigw-Requestid
X-UA-Device-Type
X-Sql-Count
X-Content-Age
S-Rt
X-Origin-Date
Upgrade-Insecure-Requests
X-Request-Time
X-Mode
X-Redis-Cache
CF-IPCountry
X-Via-Fastly
X-BYPASS-REASON
X-ShardId
X-Cache-Tags
X-ShopId
X-Be
X-Cms-Context
X-Server-W
X-Alternate-Cache-Key
X-Debug-Cache
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Nginx-Cache-Key
X-Human
X-Region
Eomportal-Instance
X-Uri
X-ProxyCache-Key
X-Adobe-Source
X-VC-Cache
Mn-Server-Ip
X-Say-TTL
X-SayCDN-TTL
X-Platform-Server
X-Site-Version
X-Shopify-Stage
X-Say-Cacheable
X-ProxyCache-Status
X-Varnish-Cache-Hits
X-Cache-Host
Locale
X-Extlb
TWC-Device-Class
TWC-Privacy
Webcakes-App-Name
TWC-Connection-Speed
Webcakes-App-Version
X-Tid
Property-Id
X-Access
X-Storage
X-Detected-As
X-Locale
X-Varnishpool
X-Proxied
Azure-InstanceId
X-PERF
Azure-SiteName
Azure-RegionName
X-Zipkin-Id
X-ServerID
X-Routing-Service
Webcakes-Region
X-SaId
X-Web-Node
X-Section
Azure-SlotName
X-Urbn-Site-Id
X-GeoCountry
X-GG-Cache-Date
X-GeoCode
X-Forwarded-Host
TWC-GeoIP-Country
X-Format
X-Hl-Ver
X-JoinUs
Azure-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Origin-Hint
X-Urbn-Context-Path
X-Cluster-Node
X-ApacheServer
X-Storefront-Renderer-Rendered
X-Ratelimit-Limit
X-Generation-Time
X-App-Version
X-Edge-Location
X-Backend-Name
X-Ua
X-Handled-By
X-Proto
X-Cache-Type
X-Generated-By
X-Xfnlog-Site
X-Timing-Wait
X-Proxy-Build
Selected-Fe
X-NewRelic-App-Data
X-Dc
CDN-Cache
CDN-EdgeStorageId
CDN-CachedAt
Fastly-SSL
CDN-RequestId
CDN-Uid
CDN-PullZone
CDN-RequestCountryCode
ServedBy
Fastly-Drupal-Html
Webserver
X-IPLB-Request-ID
Ec-Rule-Version
X-CDN-Forward
X-Magnolia-Registration
X-LSADC-Cache
Onion-Location
Web-Mar-Node
Cache-Tv-Group
X-GEO
X-Cache-Action
X-Varnish-Hostname
X-Cached-By
Cache-Hits
X-Tt-Logid
SID
X-Envoy-Decorator-Operation
X-Cache-Operation
X-Air-Trace-Id
Mime-Version
X-Air-Source
X-Air-Hostname
X-Cache-Remote
X-Hyper-Cache
X-SRV
X-Varnish-Hits
X-Cluster
X-Rewrite-Enabled
SRV
X-Soup
LB
X-Origin-CC
X-Origin-TTL
Xet-Cookie
X-Fastcgi-Cache
X-Cdn
Cache
DB-Nickname
X-Rule
Source
X-CSRF-Token
X-Microcachable
X-Varnish-Ttl
Server-Info
X-Parallel-Accel
X-Accel-Buffering
Xserver
X-TA-CDN-Provider
X-Reqid
X-Time
Country-Code
X-Pubstack
X-Tumblr-Pixel-2
X-Via-NSCOPI
X-MP-GENERATED-AT
X-Skip-Cache
X-Xrds-Location
X-Buckets
X-Cache-Status-Check
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Request-Host
X-Endurance-Cache-Level
X-Newrelic-Synthetics
X-Origin-Response-Time
X-Vtex-Remote-Cache
X-Orig-Expires
X-Vtex-Processado-Em
X-A-Wwc
X-A-Dgt
X-Tumblr-Pixel-3
X-NAPM-TraceId
X-PAYTM-SRV-ID
Pramga
X-Destination
X-A-Ccd
DCR-Processing-Time-Ms
Rendered-Blocks
X-Developer
X-A-Dam
A
X-PBS-Appsvrname
X-A-Dcw
DynaTrace
Lang
X-Ec-GeoHdr
X-Azure-Ref
X-ARC
X-Application
X-Hash
X-B-Cookie
Mobile-Detection-Method
X-Forwarded-Path
MD5-Digest
Host-ID
Meta-Geo-Continent
X-AK-Request-ID
X-External-Request-Id
X-Epic-Correlation-Id
X-Aed
X-A
X-Ec-Fail
Xc-Version
Odigeo-Trace-Id
X-Cache-NE
X-Ig-Push-State
NM-Fastcgi-Cache
T-Server
X-Processor
X-SD-PageType
BehaviorPad-Version
X-Session-Fingerprint
X-Shop-Environment
Cdnsip
X-ScT
DCR-Decision-By
X-TIM-N
X-Conf
Datacenter
X-D
X-SplitTest
X-CF-Lambda-Version
X-SRCache-Key
Sslversion
Cmstype
X-Tenant
X-Connection-Hash
Cmsid
X-BCube-Filmed-By
Cdncip
Surrogated-Key
X-Vdms-Version
X-Vdms-Path
X-VG-WebCache
X-User
Fastcgi-X-Cache-Version
Cache-Key
X-CF-Lambda-Fn
X-Rojux
X-S
X-Tx-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
Candidate-Md5Url
X-TrackingId
X-S-Cookie
Expiry
X-B3-SpanId
X-Varnish-Beresp-Grace
X-TT-LOGID
X-Cache-Id
X-Ckpd-Fst-Backend
X-Core-Mission
Kp-EeAlive
X-Device-Os
X-DPWN-IS-SECURE
X-Bc-Bl
X-DefElseHash
X-DefHash
Environment
X-Fetched-On
X-CacheTTL
X-Core-Value
Is-Eu
Adler-Geo
X-Esi-Check
Producers
X-Sigma-Backend
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-TNCMS
X-Sigma
We-Hiring
X-Rocket-Build-Number
X-Scheme
X-CACHE-KEY
State
X-V-Cache
X-Worker
XM
Redirect-Candidate
X-Wix-Viewer-Type
X-Varnish-Remaining-TTL
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Server-Host
X-SB
X-Ms-Request-Id
X-Ms-Version
X-Geo-Header
X-GeoIP
X-Ad-Defer-Variation
X-HS-Content-Campaign-Id
X-Loop
X-Gzip
Memcached
X-NodeID
X-Irp-Debug
Mail-Subject
HostName
Platform
X-Origin
X-Origin-Expires
X-AIR-PT
Thinkindot-Control
User-Cache-Control
Traceparent
Vix-Hermes-Req-Id
Wxu-Next-Commit
Wxu-Next-Hostname
X-Cache-Bucket
VNS-Cache
VNS-Age
X-Block-Status
X-BBC-Edge-Cache-Status
Wxu-Next-Region
X-Aicache-OS
X-Minions-Version
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Rocket-Nginx-Serving-Static
X-Pool
X-Platform
Thinkindot-CacheControl-Type
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Origin-Time
X-Served-From
X-VServer
X-WADP-Cache
Fastly-Backend-Name
X-Amzn-Remapped-Content-Length
X-VG-TLSProxy
X-Nyt-Route
X-SIPLIST1
X-Slack-Backend
X-Sn-Servicetimems
X-Thinkindot-L3
X-Node-Id
X-Mvc-Supplant-Cachable
X-Dispatcher-Number
X-Datadog-Trace-Id
X-Ec-Custom-Error
X-Fastly-Cache
X-Fmm-Version
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Cache-Info
X-Cdn-Origin
X-Cdn-Srv
X-Clara-WADP
X-Forwarded-Site
X-Gamma-Serve
X-JWT-State
X-Level-Front-Cache
X-Loc
X-Gdpr
X-Is-Gdpr
X-Hnp-Log
X-Gen-Mode
X-Generated-On
X-GeoIP-City
X-Has-Esi
X-Cache-Date
X-Branch-Name
N-Cache
Machine
NGX
Origin-EX
Thinkindot-CacheControl
IsBot
CloudFront-Viewer-Country
Fastly-SIE
Fastly-GeoIP-CountryCode
Fastly-SWR
CPC-Cache
CPC-Age
Release
Origin-CC
AKAMAI
Ssr
Req-Svc-Chain
Sever-Int
Server-Hostname
Svr
TDXMobile
Server-Ext
X-ZONE
X-Eu-Site
X-Auto-Login
X-Optimistic-Header
X-Owner
X-Csrf-Jwt
X-HN
DSUID
CDCHOST
X-Micro-Cache
X-LAGOON
Apple-News-Services-Host
X-Developers
X-Via-Ucdn
Apple-News-Services-Handled
X-Viewer-Country
X-CGP
Apple-News-Services-Parsed-Url
X-Proxy-Cache-Info
Cache-Name
X-Proxy-Upstream
Apple-News-Services-Request-Url
X-NCache
X-RateLimit-Limit-Second
Origin
Gh-Request-Id
X-Scale
X-Policy
X-Request-URI
PFcat
Cluster
X-VarnishDD-TTL
V-Age
X-WA-Info
X-VC
L5d-Success-Class
Web-Mar-Region
Ha-Gx-Prefs
X-RCS-CacheZone
X-Ftr-Request-Id
X-R9-Blue-Green-Version
HA-Ipaddr
X-RateLimit-Remaining-Second
L
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
Fastcgi-Cache-TTL
Ohc-File-Size
X-Cache-Backend
X-Pod-Name
X-Correlation-ID
X-EC-Lua
Ngx.Var.Host
CDN
X-Refresh
X-CS
Cache-Host
Pics-Label
X-RateLimit-Reset
Path
X-Parent-Response-Time
X-Proxy-CacheRZ
XkeyRZ
X-NC
GEO-INFO
X-Httpd
X-Server-IP
X-Mvc-Supplant-OutputCached
Servername
Env
X-Ah-Environment
X-LB-NoCache
X-Udemy-Cache-App-Namespace
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
Lb
X-Contensis-Viewer-Groups
X-Via-Popv
X-Webstats-RespID
X-Via-Popn
X-Edge-Pop
X-Cache-ASPX
X-From
X-Servedbyhost
Time
X-Clientip
X-Via-Poph
Memory
X-Srv
X-API-Version
X-Location
X-Varnish-Authentication
X-Generated-In
AMP-Access-Control-Allow-Source-Origin
X-TIME
X-Varnish-Beresp-TTL
X-Amz-Meta-Cb-Modifiedtime
Locid
X-TraceId
X-S-Maxage
Ohc-Cache-HIT
GeoIp-Country-Code
ITXSESSIONID
X-Trace-ID
X-Dmc
X-Response-By
X-Presslabs-Stats
Arc-Country
X-Men
X-PX
X-Akamai-Transformed
X-DynaTrace-JS-Agent
True-Client-IP
X-Old-Content-Length
X-Cs
X-Render-Time
X-Date
X-MSEdge-Flight
X-DB
Geoip-Latitude
X-RSL
X-Accel-Expires-Debug
X-Vc
X-HA-Backend
X-DW
Client
X-DSS
X-DI
X-RPS
X-RPM
Server-ID
X-MSEdge-Features
X-VCL-Version
X-VHOST
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-INCAP-ABP
X-Tec-Api-Root
X-Tec-Api-Origin
X-Gateway-Request-Id
X-DC
X-TRACE-ID
C-Via
X-Service
X-Gateway-Cache-Key
X-Fpc
Rip
X-Tec-Api-Version
X-Zone
X-URL
Tube-Got-Results
Hostname
Tube-Got-Eval
Click-Count-Error
Click-Count-Action-Start
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Tube-Return
Tube-Get-Contents
X-FireWall-Port
X-M-Reqid
X-Qnm-Cache
X-Cache-Debug
On-Server
NtCoent-Length
X-TX-ID
X-M-Log
FSS-Cache
Esi-Enabled
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-Api-Version
HIT
Powered-By
X-Webkit-Csp-Report-Only
X-B3-Spanid
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
Srv
CacheControlHeader
Test
Tcn
True-Client-Country-4JS
X-Alfa-Service
X-FPC
OT-Force-Account-Verify
X-Action
X-Proxy-Cache-Hk
X-TH-Server
Cdn
X-NGINX-Cache
X-CSRF-TOKEN
X-Cdn-Request-ID
X-Backend-TTL
X-Vcl-Version
Server-Id
X-HS-Status
X-Traceid
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Cache-Status
GeoIP-Country-Code
GeoIP-Latitude
User-Agent
Geo-Info
Edge-Cache
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
X-Pass-Why
X-Req
DT-Hot-News
Resin-Trace
X-Varnish-Beresp-Ttl
X-Origin-Upstream-Status
X-Ha-Backend
Proxy-Connection
X-App
X-Via-PopV
X-Via-PopH
X-Via-PopN
Srvid
Uri
X-APP
My-App
Server-Ttl
WebServer
X-CLOUD-TRACE-CONTEXT
X-Cdn-Forward
M-TraceId
X-Bip
Cf-Int-Pingora-Origin-Digest
X-ServedByHost
X-Thanos
MIME-Version
Sid
Epwk-X-Cache
X-CCDN-Origin-Time
X-CCDN-CacheTTL
True-Client-Ip
X-Hcs-Proxy-Type
X-Up
X-Request-Start
X-LB-ID
X-Backend-Host
X-Fastly-Backend-Reqs
X-Edge-POP
ServerName
X-Lb-Nocache
ENV
X-Esi
X-Provided-By
Warning
X-LI-UUID
X-B3-Traceid-Primal
XServer
X-Li-Pop
X-Geo
X-LI-Proto
X-Li-Fabric
X-HostName
X-Fetch-By
X-UnsetCookies
Inserted-Into-Cache-At
X-Vercel-Cache
X-Vercel-Id
X-ElasticPress-Query
X-Webkit-CSP-Report-Only
X-Nc
Magicmarker
Section-Io-Origin-Status
CF-Cached-On
X-Serial
PICS-Label
X-RAMCache
Canary
X-CF-Powered-By
X-CMSURLCustom
X-Varnish-Beresp-Status
X-Newrelic-App-Data
Section-Io-Origin-Time-Seconds
Dt-Hot-News
Section-Origin-Responded
Section-Io-Id
X-Dw-Trace-Id
X-Akamai-Request-ID
X-HITS
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
X-Cc-Via
X-Request-Url
X-Iplb-Instance
X-IN-APIGATEWAY
D-Url-Rewrites
X-ND-Cache
X-Vcache
X-Yottaa-OS
X-Time-Microsecs
WZWS-RAY
X-IN-APIGATEWAYSSL
X-Iplb-Request-Id
Cdn-Uid
Cdn-Cachedat
Cdn-Cache
Cdn-Requestid
Cdn-Edgestorageid
Cdn-Requestcountrycode
Cdn-Pullzone
X-Air-Pt
X-UA
Servedby
Wp-Super-Cache
X-WP-CF-Super-Cache-Active
X-BBC-Origin-Response-Status
Hit
X-Release
X-LiteSpeed-Tag
Vha6-Origin
X-Snapshot-Date
CountryCode
X-MiniProfiler-Ids
Content-Style-Type
DataCenter
X-CUA
X-Azure-Ref-OriginShield
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
Cf-Device-Type
X-Dist-Code
X-Back
X-Wp-Cf-Super-Cache
X-Th-Server
X-Storefront-Renderer-Verified
X-Request-URL
Content-Script-Type