Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Dns-Prefetch-Control
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Content-Location
Rating
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
Accept-CH-Lifetime
X-Vname
X-PC
X-TtlSet
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
MS-Author-Via
Accept-Ch
X-Amz-Rid
X-Aws-Lambda-Call-Status
Public-Key-Pins
X-Vcap-Request-Id
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cnection
X-Origin-Cache
X-Px
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
RTSS
X-Navigation-Version
X-Powered-By-Plesk
X-Goog-Hash
X-NF-Request-ID
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Powered-CMS
X-Version
X-Language
AR-SID
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Amz-Server-Side-Encryption
X-Middleton-Response
Response
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-MSEdge-Ref
X-LLID
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-RateLimit-Remaining
Nginx-Cache
X-Template
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Protected-By
X-Shield-Request-Id
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-TTL
TCN
X-T
X-Forwarded-For
S
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
Content-MD5
Edge-Cache-Tag
X-Mid
Realpath
Fastcgi-Cache
SPIisLatency
SPRequestDuration
Front-End-Https
X-MCACHE
X-Ttl
X-CST
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Server-Node
X-DynaTrace
X-Ab
X-Content
X-Ua-Browser
Server-Name
X-Frontend
X-Correlation-Id
X-ECACHE
X-NWS-LOG-UUID
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
SPRequestGuid
X-SharePointHealthScore
Fusion-Template-Id
X-HS-Combine-CSS
X-Parallel-Accel
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
X-Ezoic-Cdn
X-Yandex-Sdch-Disable
X-Cache-Key
X-Hits
Alternate-Protocol
X-Ser
X-Content-Options
X-Buckets
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Page-Id
Cache-Tags
X-Ruxit-Js-Agent
X-Git-Hash
X-B3-Sampled
Charset
X-Kong-Upstream-Latency
Host
Cleartype
X-Kong-Proxy-Latency
X-Www-Served-By
X-Geo-Country
X-DIS-Request-ID
X-Daa-Tunnel
X-Accel-Expires
X-Amzn-Trace-Id
X-Content-Digest
X-Amz-Replication-Status
X-Debug-Info
Filterid
X-Varnish-Age
X-Fastly-Request-Id
X-AppVersion
X-Hostname
X-Activity-Id
X-Az
X-Forwarded-Proto
X-FB-Debug
TP-Cache
TP-L2-Cache
X-Upgrade-Enabled
X-VCache
X-Rid
X-N
Access-Control-Allow-Method
Cross-Origin-Opener-Policy
X-Grace
X-Origin-Server
X-Nginx-Upstream-Cache-Status
X-LB-Cache
X-F-Cache
ServerID
X-Mobile-URL
X-Is-Crawler
X-Route-Name
X-Aspnet-Duration-Ms
X-Request-Guid
X-Providence-Cookie
X-Flags
X-XRDS-LOCATION
X-Server-ID
X-Whom
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-TT
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-App-Environment
X-Varnish-Grace
X-Tb
Viewport
Node
Payment
X-Seen-By
X-FW-Hash
X-FW-Static
X-FW-Type
X-WebKit-CSP-Report-Only
X-Type
X-FW-Server
X-FW-Serve
X-App-Server
X-FW-Dynamic
X-Distributor
DC
X-Origin-Upstream-Status
Paypal-Debug-Id
X-Oneagent-Js-Injection
X-Ratelimit-Limit
X-NGENIX-Cache
X-User-Agent
Fastcgi-Useragent
X-Cache-Control
Country
Accept-Charset
X-Litespeed-Cache
X-Fastcgi-Cache
X-Wix-Request-Id
X-Cache-Rule
X-Logged-In
X-Microsite
X-Request-Handler-Origin-Region
X-Fastly-Request-ID
X-Webkit-CSP
X-DataDome
Version
X-Cache-Age
X-Via-JSL
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Drupal-Cache-Tags
Referer-Policy
Amp-Access-Control-Allow-Source-Origin
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
Refresh
X-Load-Cache
X-Cluster-Name
Cache-Status
X-Node-Name
X-Contextid
X-Signature
X-B-Cache
X-Mobile
X-Response-Served-From
X-Original-Request-Id
Access-Control-Request-Headers
SD-X-WS
X-Page-View
X-Real-IP
X-Is-Bot
X-Rendered-As
X-Vgn-Hpd-Reason
X-Cacheable-TTL
X-Cache-Action
X-Jobs
X-Proxy-Cache-Status
X-Cache-Expired-At
X-IPLB-Instance
X-Debug
NGB
X-B
X-Instance
X-ProcessESI
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-UUID
X-Revision
X-RemovedCookies
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Device-Type
X-Rule
X-Proxy
Surrogate-Key
X-G
X-Drupal-Cache-Contexts
X-Cache-Time
Akamai-GRN
X-Framework
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-TEC-API-ORIGIN
X-Debug-IsConnected
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Debug-IsPreview
X-Air-Hostname
X-FW-Version
X-Air-Trace-Id
CF-IPCountry
X-Air-Source
SID
DynaTrace
X-PressLabs-Stats
Liferay-Portal
X-Azure-Ref
X-Nginx-Cache
Healthy
GEO-INFO
X-Ratelimit-Reset
X-CDN-Forward
Frame-Options
X-Ms-Request-Id
X-Source
Count-Hit
X-Ms-Version
X-Cache-Operation
X-Presslabs-Stats
X-Accel-Buffering
Ms-Operation-Id
MS-CV
X-RTag
Uber-Trace-Id
X-XRDS-Location
X-RateLimit-Limit
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-Tumblr-User
Xserver
X-Environment-Context
X-Tumblr-Pixel-1
X-L-Path
Countrycode
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Zen-Fury
X-Cache-Hit
X-Varnish-Server
X-Mode
X-Backend-Name
Ec-Rule-Version
X-Region
Cross-Origin-Window-Policy
X-Forwarded-Host
X-Cache-NGX
X-Servername
Backend
X-IPS-LoggedIn
X-Content-Powered-By
X-UPSTREAM-Address
X-RN-RSRV
X-SaId
Protected
X-Detected-As
X-Cache-Type
X-Rewrite-Enabled
X-JoinUs
Meta-Geo
X-Cache-TTL-Remaining
Country-Code
X-Sorting-Hat-ShopId
Apigw-Requestid
Decoy-Debug-TTL
X-Tid
X-Hosted-By
X-ShopId
X-Varnish-Beresp-Grace
X-Proxied
X-Debug-Cache
X-Sql-Duration-Ms
Section-Io-Cache
X-Generation-Time
Decoy-Debug-Status
X-Cache-Grace
X-NewRelic-App-Data
X-ShardId
Eomportal-Instance
X-Cache-Server
X-Routing-Service
X-Redis-Cache
X-Alternate-Cache-Key
X-Extlb
X-Shopify-Stage
Decoy-Debug-Key
X-Zipkin-Id
Fastly-SSL
X-Human
X-Uri
X-Sorting-Hat-PodId
X-Sql-Count
X-ApacheServer
X-BYPASS-REASON
Url
Mn-Server-Ip
Cache-Tv-Group
Cache-Name
X-FB-TRIP-ID
X-NYM-Debug-Backend
X-UA-Device-Type
X-Storage
X-ProxyCache-Status
X-ProxyCache-Key
X-PHP-Backend
X-PERF
X-No-Session
X-Origin-Date
X-Soup
X-NCache
X-Site-Version
X-Via-Fastly
X-Microcachable
X-ServerID
X-Format
X-Status
Property-Id
TWC-GeoIP-LatLong
TWC-Locale-Group
Selected-Fe
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Say-TTL
X-OCL
X-Web-Node
X-Section
X-Origin-Hint
X-PCL
X-Proxy-Build
X-Server-W
X-Timing-Wait
X-SayCDN-TTL
X-Say-Cacheable
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Adobe-Content
X-Adobe-Loc
X-Cluster-Node
X-Cache-Host
X-Akamai-Edgescape
TWC-Privacy
X-Access
DB-Nickname
SRV
X-Content-Age
OT-Force-Account-Verify
X-R9-Blue-Green-Version
Azure-SlotName
Azure-Version
X-Varnishpool
Azure-InstanceId
Azure-RegionName
X-Hl-Ver
Azure-SiteName
X-Hyper-Cache
X-Be
Content-Secure-Policy
X-Pubstack
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-Cache
X-LSADC-Cache
X-Webkit-Csp
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
X-Azure-Ref-OriginShield
LB
X-Generated-By
Content-Disposition
X-Ua
X-Cached-By
WPO-Cache-Message
Source
WPO-Cache-Status
Cache
X-Nginx-Cache-Key
X-TIME
X-SRV
X-App-Version
X-Unique-Id
X-TT-LOGID
X-LAGOON
X-Bc-Bl
X-Trace-Id
X-Auto-Login
Cache-Hits
X-Dc
X-Origin-CC
X-Varnish-Hits
X-Origin-TTL
X-HTML-Minification-Powered-By
Xet-Cookie
Mime-Version
Retry-After
X-GEO
X-Varnish-Hostname
X-Loop
X-TNCMS
X-S-Maxage
Onion-Location
X-Time
X-Cdn
X-Platform-Server
X-Akamai-Transformed
X-Amz-Meta-S3cmd-Attrs
HostName
X-Ratelimit-Remaining
X-Xfnlog-Site
X-Cache-Var
X-Cache-Var-Map
X-Cache-Remote
X-CSRF-Token
Web-Mar-Node
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Proto
X-Cache-Tags
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
Webserver
X-Edge-Location
X-Tenant
ServedBy
X-Request-Time
X-Time-Microsecs
X-Endurance-Cache-Level
X-AOL-HN
X-LJ-Flow-ID
X-Xrds-Location
X-VWS-Id
X-ECache
X-EC-Lua
N-Cache
X-AWS-Id
X-GG-Cache-Date
WP-Super-Cache
X-FireWall-Port
X-Request-Host
CloudFront-Viewer-Country
X-M-Reqid
X-M-Log
From-Origin
X-Mg-Request-UUID
X-Correlation-ID
Nel
X-Qnm-Cache
X-B3-SpanId
X-Origin-Response-Time
X-Via-NSCOPI
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-PHP-Host
X-Cluster
X-PAYTM-SRV-ID
X-Connection-Hash
X-Orig-Expires
X-Application
X-PBS-Appsvrname
X-Conf
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
DCR-Processing-Time-Ms
Pramga
X-Forwarded-Path
X-Planisys-CDN-TTL
DSUID
Xc-Version
X-A-Wwc
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-ND-Cache
L
X-Developer
X-Gen-Mode
X-Destination
X-Ig-Push-State
Fastcgi-X-Cache-Version
X-External-Request-Id
BehaviorPad-Version
A
X-Hnp-Log
Meta-Geo-Continent
X-ARC
X-NAPM-TraceId
X-B-Cookie
Origin
X-Aed
Odigeo-Trace-Id
X-D
Expiry
CDCHOST
Mobile-Detection-Method
X-Ftr-Request-Id
X-A-Dgt
X-ScT
DCR-Decision-By
X-SD-PageType
X-Session-Fingerprint
X-VG-WebCache
X-S-Cookie
X-TIM-N
X-Rojux
X-S
X-Shop-Environment
X-Cache-NE
X-SVT-ORM-RULES
V-Age
X-SVT-ORM-VERSION
X-Block-Status
User-Cache-Control
X-Slack-Backend
X-SRCache-Key
X-Cache-Date
X-A
Surrogated-Key
X-V-Cache
X-CF-Lambda-Fn
X-Ckpd-Fst-Backend
X-A-Dam
Rendered-Blocks
X-Vdms-Path
X-A-Dcw
X-Processor
X-Vdms-Version
Redirect-Candidate
Sslversion
X-CF-Lambda-Version
X-A-Ccd
X-MP-GENERATED-AT
X-Handled-By
X-RCS-CacheZone
X-Envoy-Decorator-Operation
X-Epic-Correlation-Id
Ha-Gx-Prefs
HA-Ipaddr
X-Eu-Site
Gh-Request-Id
X-Fetched-On
Release
Fastcgi-Cache-TTL
X-Fastly-Cache
X-Cache-Bucket
True-Client-Country-4JS
X-Device-Os
X-CGP
X-Csrf-Jwt
X-Backend-State
Wxu-Next-Hostname
State
Wxu-Next-Region
Origin-EX
Ssr
Origin-CC
PFcat
Wxu-Next-Commit
X-Core-Mission
Host-ID
X-Cache-Info
X-Accel-Expires-Debug
L5d-Success-Class
X-Date
Svr
X-Cdn-Srv
Traceparent
X-Policy
X-Forwarded-Site
X-Owner
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Scheme
X-Rocket-Nginx-Serving-Static
X-Origin-Time
X-Origin-Expires
X-Mvc-Supplant-Cachable
X-Men
X-NodeID
X-Nyt-Route
X-Old-Content-Length
X-Served-From
X-Server-IP
X-VServer
X-VarnishDD-TTL
X-Webstats-RespID
Vix-Hermes-Req-Id
X-Request-URI
X-Aicache-OS
X-Varnish-Beresp-Status
X-UnsetCookies
X-Storefront-Renderer-Rendered
X-Skip-Cache
X-Sucuri-Cache
X-Sucuri-ID
X-Locale
X-Location
X-Proxy-Upstream
X-Cache-Enabled
X-HN
X-Li-Fabric
Cmsid
CacheControlHeader
X-Geo-Header
X-Li-Pop
Cmstype
X-LI-UUID
Arc-Country
X-Hash
X-Gdpr
AKAMAI
X-NWS-UUID-VERIFY
X-Zone
Environment
Server-Info
Fastly-Drupal-Html
X-ATG-Version
X-BBC-Edge-Cache-Status
X-Thanos
X-TH-Server
X-Branch-Name
X-Bip
X-Viewer-Country
X-Fastly-Backend
X-VG-TLSProxy
X-Generated-On
X-Gamma-Serve
X-Thinkindot-L3
X-TrackingId
X-Esi-Check
X-Sigma-Backend
X-Irp-Debug
X-Developers
X-Region-Sid
X-Req
X-Level-Front-Cache
X-Platform
X-Core-Value
X-Node-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Reqid
X-Request-Start
X-Gzip
X-Sn-Servicetimems
X-Cache-Id
X-GeoIP-City
X-Datadog-Parent-Id
X-Sigma
X-Rocket-Build-Number
X-HS-Content-Campaign-Id
X-Cdn-Origin
X-GeoIP
X-Cache-Debug
Thinkindot-CacheControl
TDXMobile
Apple-News-Services-Host
Thinkindot-CacheControl-Type
Apple-News-Services-Request-Url
Locid
Server-Host
Apple-News-Services-Parsed-Url
Mail-Subject
Req-Svc-Chain
Machine
X-Magnolia-Registration
Thinkindot-Control
Web-Mar-Region
X-Adobe-Source
Apple-News-Services-Handled
We-Hiring
Fastly-GeoIP-CountryCode
X-VC-Cache
X-Is-Gdpr
X-DefElseHash
X-Backend-TTL
X-Varnish-CookieINHashed-On
Memcached
X-Loc
NGX
X-DefHash
X-FC-Vary-Parameters
Is-Eu
X-Varnish-Remaining-TTL
Cf-Device-Type
Fastly-SIE
Fastly-SWR
NM-Fastcgi-Cache
X-JWT-State
X-DPWN-IS-SECURE
Platform
X-Qloud-Router
X-Rebelmouse-Surrogate-Control
X-Tx-Id
X-Cache-Config
X-Response-By
X-Pod-Name
X-Has-Esi
X-Origin
X-Variation
X-Rebelmouse-Cache-Control
X-Amzn-Remapped-Content-Length
X-Varnish-CookieHashed-On
Adler-Geo
X-Worker
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Ttl
X-Ua-Device
X-Trace-ID
AMP-Access-Control-Allow-Source-Origin
X-GeoIP-Country-Code
X-CACHE-KEY
X-CS
X-GeoIP-Region-Code
X-Mvc-Supplant-OutputCached
X-CLOUD-TRACE-CONTEXT
Datacenter
Pics-Label
X-API-Version
X-Up
X-Generated-In
X-LB-ID
X-NC
Ms-Author-Via
X-Datadome
S-Rt
CDN
Magicmarker
Candidate-Md5Url
X-Restarts
X-LB-NoCache
Kp-EeAlive
X-Tb-Optimization-Total-Bytes-Saved
X-DynaTrace-JS-Agent
X-Varnish-Ttl
X-Vc
X-DC
X-Edge-Pop
WWW-Authenticate
On-Server
NtCoent-Length
Env
WebServer
X-TraceId
Memory
Time
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Akamai-Request-ID2
X-Cache-Ttl
X-Http-Reason
X-Tt-Logid
X-RPM
X-TA-CDN-Provider
X-Refresh
X-Wix-Viewer-Type
X-Cache-Backend
X-RSL
X-RPS
Edge-Cache
X-DSS
X-DW
Esi-Enabled
X-Action
X-Optimistic-Header
X-DI
X-DB
X-CacheTTL
GeoIp-Country-Code
X-Minions-Version
C-Via
X-Esi
X-Servedbyhost
X-Service
X-Parent-Response-Time
Accept-Language
X-Srv
X-Cache-PHP
X-Unique-ID
X-HA-Backend
X-MSEdge-Features
X-Varnish-Beresp-TTL
Server-ID
X-MSEdge-Flight
X-Newrelic-Synthetics
X-Cs
X-TX-ID
X-ZONE
X-Webkit-CSP-Report-Only
X-Cache-Status-Check
Locale
X-VCL-Version
X-Render-Time
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Dynatrace
X-Fpc
X-App
X-User
X-Traceid
X-Ec-Fail
X-LI-Proto
X-Ec-GeoHdr
X-URL
X-Webkit-Csp-Report-Only
Test
X-Li-Proto
X-LiteSpeed-Cache-Control
Proxy-Connection
X-FPC
X-B3-Spanid
X-AIR-PT
X-Pass-Why
X-NODE
X-Info
Cdncip
Server-Id
X-Clientip
X-AK-Request-ID
X-Vcl-Version
Cdnsip
Tcn
Geo-Info
Cluster
X-Fmm-Version
HIT
X-WADP-Cache
My-App
Cache-Host
X-Clara-WADP
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
M-TraceId
UCS
S-Cnection
Geoip-Latitude
Tracecode
X-Var-Ttl
X-HostName
Fastly-Drupal-HTML
X-CUA
X-LiteSpeed-Tag
Resin-Trace
Cf-Int-Pingora-Origin-Digest
X-CSRF-TOKEN
X-From
T-Server
X-Ha-Backend
X-ID
GeoIP-Country-Code
Lfy
Hostname
X-Mcache
X-ServedByHost
Ohc-File-Size
X-RAMCache
X-Pad
Hit
Fastly-Backend-Name
X-Fragments
User-Agent
X-Micro-Cache
Lang
X-Geo
X-Dynatrace-Js-Agent
ENV
X-WP-CF-Super-Cache-Cache-Control
X-Via-PopH
Target-Params
X-Edge-POP
X-WP-CF-Super-Cache
X-Backend-Host
X-Via-PopV
X-BBC-Origin-Response-Status
X-RateLimit-Reset
X-ElasticPress-Query
MIME-Version
X-Release
X-Via-PopN
X-APP
X-Api-Version
Load-Balancing
X-Edge-Cache
X-Check-Cacheable
X-NGINX-Cache
X-BCube-Filmed-By
X-Cdn-Forward
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
DataCenter
X-VC
Section-Origin-Responded
Lb
URI
X-Ucs
X-Fastly-Backend-Reqs
Servername
X-HS-Status
EpKe-Alive
X-ServerName
X-WA
X-WA-Info
X-Nc
PICS-Label
Permissions-Policy
X-Amz-Meta-Cb-Modifiedtime
Uri
FSS-Cache
VNS-Cache
VNS-Age
X-UP
CPC-Cache
Path
CPC-Age
X-Lb-Nocache
Cache-Key
X-GoCache-CacheStatus
X-TRACE-ID
Producers
X-Proxy-Cache-Info
X-Httpd
X-Lb-Id
WZWS-RAY
Server-Ttl
ServerName
Cneonction
Ohc-Cache-HIT
Cdn
X-B3-ParentSpanId
X-Wikidot-Static-Cache
X-Provided-By
X-Wikidot-Backend
Cteonnt-Length
X-ES-SERVER
X-Cdn-Request-ID
X-Fastly-Cache-Hits
X-Dw-Trace-Id
X-UA
X-PJAX-URL
X-Newrelic-App-Data
X-Vcache
X-Apw-Access-Object
X-Acquia-Application-Trace
CF-Cached-On
X-Acquia-Site
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Cf-Ipcountry
Vha6-Origin
X-Acquia-Purge-Tags
X-Apw-Access-Token
X-Acquia-Application-UUID
X-Apw-Access-Action
X-Snapshot-Date
Pagetype
X-Swift-Error
X-Apw-Hits
X-Cms-Context
X-Pool
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Yottaa-OS
X-SB
X-Cache-CFC
Shield-Pop
Sid
X-Cache-Ngx
X-Air-Pt
GeoIP-Latitude
X-Miniprofiler-Ids
X-Platform-Cluster
X-Akamai-Request-ID
X-Last-Modified
X-Udemy-Cache-App-Namespace
X-Platform-Processor
X-Platform-Router
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Varnish-Authentication
X-Logging-Id
X-CacheKey
X-Akamai-Pragma-Client-IP
CountryCode
X-Sentry-ID
MD5-Digest
X-Te-Count
X-Te-Duration-Ms
X-Http-Duration-Ms
X-Http-Count
Ngx
Req-ID
X-Via-Ucdn