Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
X-Akamai-Path-Stats
EagleId
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Url
X-Country
Fastly-Restarts
Accept-Ch
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
RTSS
Edge-Control
X-Server-Name
X-VARITI-CCR
X-ESI
X-Amz-Server-Side-Encryption
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Kinja-Revision
X-Use-Magma
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-D2id
X-FastCGI-Cache
X-Edge
X-Ac
X-Navigation-Version
X-Ser
X-Element-Page-Cache
Verso
X-Abt-Application-Version
X-Client-IP
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Powered-By-Plesk
X-RateLimit-Remaining
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Ttl
Access-Control-Request-Method
X-Goog-Hash
X-Content-Security-Policy-Report-Only
SPRequestDuration
SPIisLatency
X-Correlation-Id
X-Kinsta-Cache
X-Cached
AR-SID
AR-CACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Edge-Location-Klb
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
X-Upstream
Edge-Cache-Tag
X-LLID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-NWS-LOG-UUID
X-Litespeed-Cache
X-TTL
X-Ruxit-Js-Agent
X-Forwarded-For
X-Cache-Key
Nginx-Cache
Content-MD5
X-RateLimit-Limit
X-Id
X-MSEdge-Ref
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
TCN
X-T
X-Recruiting
S
X-B3-TraceId-Primal
X-Daa-Tunnel
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Digest
X-ECACHE
X-Ua-Device
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Mg-S
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-DataDome
X-Grace
X-Protected-By
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-Ezoic-Cdn
X-HS-Content-Id
MS-Author-Via
X-DynaTrace
X-Frontend
X-Content
X-Ab
X-Ua-Browser
X-Request-Received
X-Request-Processing-Time
TP-Cache
X-Yandex-Sdch-Disable
Server-Node
TP-L2-Cache
Filters
Front-End-Https
X-Server-ID
X-PressLabs-Stats
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-ORACLE-DMS-ECID
X-Webkit-Csp
X-Microsite
X-Request-Handler-Origin-Region
X-Tt-Trace-Host
X-ORACLE-DMS-RID
X-LB-Cache
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
Cleartype
X-Debug-Info
Host
X-B3-Sampled
X-Page-Id
X-F-Cache
X-Git-Hash
Cross-Origin-Opener-Policy
X-Ratelimit-Reset
X-Forwarded-Proto
X-DIS-Request-ID
X-Cache-Age
X-Fastly-Request-Id
X-Webkit-CSP
Access-Control-Allow-Method
X-Seen-By
Cache-Status
X-Www-Served-By
Realpath
X-Az
X-AppVersion
X-Activity-Id
X-Pinterest-Rid
ServerID
Pinterest-Generated-By
Pinterest-Version
Accept-Charset
X-Aspnetmvc-Version
X-Mcache
Filterid
X-Varnish-Age
Cache-Tags
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Content-Options
X-Rid
X-Type
X-Language
Retry-After
X-Oracle-Dms-Ecid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-FB-Debug
X-App-Environment
X-Oracle-Dms-Rid
Server-Name
Country
X-User-Agent
Viewport
Node
X-Upgrade-Enabled
X-MCACHE
X-Tb
X-Varnish-Backend
X-Varnish-Grace
X-Drupal-Cache-Tags
Paypal-Debug-Id
DC
X-Whom
X-B-Cache
X-TT
X-Origin-Cache
X-Wix-Request-Id
X-Signature
X-Goog-Metageneration
X-Oneagent-Js-Injection
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-Mobile-URL
X-Route-Name
X-VCache
X-XRDS-LOCATION
X-B
X-Request-Guid
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-NWS-UUID-VERIFY
Permissions-Policy
Protected
X-Debug
Fastcgi-Useragent
X-Amz-Replication-Status
X-N
X-Logged-In
X-Amz-Meta-S3cmd-Attrs
X-Cache-NGX
WPO-Cache-Message
Payment
WPO-Cache-Status
X-Via-JSL
X-Load-Cache
Surrogate-Key
X-Contextid
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Count-Hit
Healthy
X-Node-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-FW-Dynamic
X-FW-Hash
X-Template
X-XRDS-Location
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Serve
X-Mobile
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-Proxy
Akamai-GRN
Refresh
Content-Disposition
X-Revision
X-G
X-Restarts
Url
X-Cache-Time
X-Jobs
X-Real-IP
X-Akamai-Request-ID2
Uber-Trace-Id
X-Cache-TTL-Remaining
X-Framework
X-UUID
X-Zen-Fury
X-NGENIX-Cache
Alternate-Protocol
X-Device-Type
X-Rendered-As
X-Drupal-Cache-Contexts
NGB
X-Is-Bot
X-Debug-IsConnected
X-Debug-IsPreview
X-Proxy-Cache-Status
X-Cacheable-TTL
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Servername
X-Adobe-Content
X-Adobe-Loc
Access-Control-Request-Headers
X-Http-Reason
X-Instance
X-Page-View
X-Yottaa-Metrics
X-Hostname
X-Yottaa-Optimizations
X-Cache-Grace
X-Mg-Request-UUID
X-Midtier
X-Trace-Id
X-ECache
X-Varnish-Server
X-B3-Traceid
X-IPLB-Instance
X-L-Path
Version
X-Environment-Context
X-EdgeConnect-Cache-Status
X-Source
Accept-Language
X-HTML-Minification-Powered-By
X-Fastly-Request-ID
Ms-Operation-Id
X-Datadome
X-RTag
Countrycode
MS-CV
Frame-Options
X-Fastcgi-Cache
From-Origin
X-Ratelimit-Remaining
X-Cache-Hit
X-Cache-Rule
X-Cache-Expired-At
X-Vgn-Hpd-Reason
Referer-Policy
Liferay-Portal
X-NYM-Debug-Backend
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Backend
X-Tumblr-Pixel-0
X-COUNTRY
X-IPS-LoggedIn
X-Nginx-Cache
X-FW-Version
Content-Secure-Policy
X-Hosted-By
Upgrade-Insecure-Requests
X-Unique-Id
X-Cache-Server
Meta-Geo
X-UPSTREAM-Address
X-Parallel-Accel
X-RN-RSRV
X-No-Session
X-Generation-Time
X-Redis-Cache
X-OCL
X-PCL
X-NewRelic-App-Data
X-Cache-Enabled
X-FB-TRIP-ID
X-APP-VERSION
Section-Io-Cache
X-Ua
WP-Super-Cache
X-Akamai-Edgescape
X-Be
X-Access
Webcakes-App-Version
X-Origin-Hint
X-Cluster-Node
X-Format
Webcakes-App-Name
X-Origin-Date
X-AOL-HN
X-PHP-Backend
X-Section
TWC-GeoIP-LatLong
X-Server-W
Azure-Version
Azure-SlotName
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
S-Rt
TWC-Connection-Speed
Webcakes-Region
X-Request-Time
X-RemovedCookies
Azure-InstanceId
X-ProcessESI
Apigw-Requestid
Mn-Server-Ip
X-Varnish-Cache-Hits
X-Region
X-Uri
X-UA-Device-Type
TWC-Locale-Group
Azure-SiteName
Azure-RegionName
X-Via-Fastly
TWC-Privacy
X-Mode
CF-IPCountry
X-Content-Age
X-Generated-By
X-Forwarded-Host
X-Nginx-Cache-Key
X-PERF
X-Debug-Cache
X-Locale
X-Cache-Host
Eomportal-Instance
Cache-Tv-Group
Locale
X-ApacheServer
X-ProxyCache-Key
X-BYPASS-REASON
X-Content-Powered-By
X-Say-Cacheable
Fastly-SSL
X-Xfnlog-Site
X-Sql-Count
X-Sql-Duration-Ms
X-PHP-Host
X-Labrador-Cache-Channel
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Say-TTL
X-Sorting-Hat-ShopId
X-SayCDN-TTL
X-Site-Version
X-Storage
X-Status
X-ProxyCache-Status
X-Human
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Hl-Ver
X-JoinUs
X-Routing-Service
X-SaId
X-Cache-Type
X-Cache-Action
X-Backend-Name
X-Detected-As
X-Extlb
X-Tid
X-VC-Cache
X-Platform-Server
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Cms-Context
X-Cache-Tags
X-Varnishpool
Ec-Rule-Version
X-Web-Node
X-Zipkin-Id
X-Adobe-Source
X-ServerID
X-Proxied
X-Handled-By
X-GG-Cache-Date
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestId
CDN-EdgeStorageId
CDN-Cache
Load-Balancing
X-Timing-Wait
CDN-Uid
X-Proxy-Build
CDN-CachedAt
Selected-Fe
X-Storefront-Renderer-Rendered
ServedBy
X-Edge-Location
X-Dc
Webserver
X-Ratelimit-Limit
X-GeoCountry
X-Proto
X-App-Version
X-GeoCode
SRV
X-Hyper-Cache
Fastly-Drupal-Html
X-CDN-Forward
X-LSADC-Cache
Web-Mar-Node
X-Rule
Onion-Location
X-Cache-Operation
X-Cached-By
X-GEO
X-TT-LOGID
Mime-Version
X-Cache-Remote
X-Varnish-Hostname
SID
X-Rewrite-Enabled
Cache-Hits
X-Cdn
X-Soup
X-Varnish-Ttl
X-Cluster
Xserver
X-Pubstack
X-Accel-Buffering
X-TA-CDN-Provider
X-Origin-TTL
X-Origin-CC
X-Reqid
X-Varnish-Hits
Xet-Cookie
X-Magnolia-Registration
X-SRV
X-Envoy-Decorator-Operation
Country-Code
X-Microcachable
Server-Info
X-Air-Hostname
X-IPLB-Request-ID
X-Air-Source
LB
X-Air-Trace-Id
X-Buckets
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
Decoy-Debug-Status
Decoy-Debug-Key
X-CSRF-Token
Decoy-Debug-TTL
DB-Nickname
Cache
X-Request-Host
Source
X-Newrelic-Synthetics
X-Ms-Request-Id
X-Tt-Logid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Ms-Version
X-B3-SpanId
X-Time
X-Endurance-Cache-Level
Host-ID
X-S
Xc-Version
Lang
Fastcgi-X-Cache-Version
X-ScT
Cdncip
Cdnsip
BehaviorPad-Version
A
X-Origin-Response-Time
X-Via-NSCOPI
Cmsid
Cmstype
X-PBS-Appsvrname
Expiry
DCR-Processing-Time-Ms
MD5-Digest
DCR-Decision-By
X-SD-PageType
X-S-Cookie
T-Server
X-Destination
X-Tenant
X-Developer
X-SRCache-Key
X-Shop-Environment
X-Ec-Fail
X-D
X-Orig-Expires
X-Conf
X-CF-Lambda-Version
X-TrackingId
X-Connection-Hash
X-TIM-N
X-Ec-GeoHdr
X-NAPM-TraceId
X-Gzip
X-Geo-Header
X-Hash
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-Ftr-Request-Id
X-Session-Fingerprint
X-Esi-Check
X-Epic-Correlation-Id
X-External-Request-Id
X-Processor
X-Forwarded-Path
X-CF-Lambda-Fn
X-Cdn-Srv
Surrogated-Key
Sslversion
X-PAYTM-SRV-ID
X-VG-WebCache
X-A
X-Rojux
Rendered-Blocks
Pramga
NM-Fastcgi-Cache
Mobile-Detection-Method
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Odigeo-Trace-Id
X-Vdms-Version
X-Vdms-Path
X-B-Cookie
X-ARC
X-User
X-Cache-Id
X-Cache-NE
X-Application
X-AK-Request-ID
X-A-Dam
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-Aed
Meta-Geo-Continent
X-A-Dcw
X-RCS-CacheZone
X-NCache
X-Bc-Bl
X-Cache-Info
X-CacheTTL
X-Cache-Bucket
X-Cache-Backend
X-Worker
X-Amzn-Remapped-Content-Length
X-Ckpd-Fst-Backend
X-Clara-WADP
X-DefElseHash
X-DefHash
X-Core-Value
X-Core-Mission
X-WADP-Cache
Wxu-Next-Region
Wxu-Next-Hostname
Machine
Mail-Subject
Is-Eu
Fastly-GeoIP-CountryCode
X-Tx-Id
Memcached
Platform
We-Hiring
Wxu-Next-Commit
State
Server-Host
Producers
X-Developers
X-Device-Os
X-Sigma
X-Sigma-Backend
X-Server-IP
X-Scheme
X-Rocket-Build-Number
X-SB
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Variation
X-V-Cache
X-Origin-Expires
X-Origin
X-Fetched-On
X-Fmm-Version
X-Fastly-Cache
Environment
X-DPWN-IS-SECURE
X-Gdpr
X-GeoIP
X-NodeID
X-Nyt-Route
X-Node-Id
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Via-Ucdn
X-Origin-Time
Adler-Geo
AKAMAI
X-Skip-Cache
X-Varnish-Beresp-Grace
X-Azure-Ref
Cache-Name
X-Gen-Mode
X-Generated-On
X-Gamma-Serve
X-Forwarded-Site
X-GeoIP-City
X-Eu-Site
X-HN
X-Loc
X-Minions-Version
HostName
X-Level-Front-Cache
X-LAGOON
X-Hnp-Log
X-Httpd
X-Ec-Custom-Error
X-Dispatcher-Number
X-Cache-Date
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Block-Status
X-Branch-Name
X-Cdn-Origin
X-CGP
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Planisys-CDN-Cache
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Auto-Login
X-R9-Blue-Green-Version
X-BBC-Edge-Cache-Status
X-Planisys-CDN-TTL
X-Wikidot-Backend
X-Wikidot-Static-Cache
Kp-EeAlive
X-Viewer-Country
X-VG-TLSProxy
X-Sn-Servicetimems
X-Thinkindot-L3
X-VarnishDD-TTL
X-Has-Esi
X-Is-Gdpr
Cache-Key
Candidate-Md5Url
X-BCube-Filmed-By
X-Wix-Viewer-Type
X-TNCMS
X-JWT-State
X-Loop
X-Slack-Backend
X-SIPLIST1
X-Pool
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Policy
X-Pod-Name
X-Aicache-OS
X-Platform
X-Qloud-Router
X-RateLimit-Limit-Second
X-Request-URI
DynaTrace
X-Served-From
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Planisys-CDN-Rules
X-Rocket-Nginx-Serving-Static
TDXMobile
Ohc-File-Size
Vix-Hermes-Req-Id
N-Cache
Origin
CDCHOST
Origin-CC
Web-Mar-Region
V-Age
Thinkindot-CacheControl
L5d-Success-Class
Traceparent
Thinkindot-Control
L
Datacenter
IsBot
Thinkindot-CacheControl-Type
User-Cache-Control
HA-Ipaddr
Origin-EX
CloudFront-Viewer-Country
Release
Fastly-SIE
Req-Svc-Chain
Fastly-SWR
Fastcgi-Cache-TTL
Redirect-Candidate
Cluster
Gh-Request-Id
Ha-Gx-Prefs
Ssr
PFcat
Svr
X-Xrds-Location
X-Cache-Status-Check
GEO-INFO
X-Owner
X-From
X-SplitTest
X-Scale
CDN
X-Optimistic-Header
XM
Sever-Int
Server-Hostname
NGX
X-Webstats-RespID
CPC-Cache
CPC-Age
DSUID
X-VServer
X-Ad-Defer-Variation
VNS-Age
Server-Ext
VNS-Cache
X-ZONE
X-CS
X-Refresh
Pics-Label
Fastly-Backend-Name
X-Parent-Response-Time
X-Location
X-VC
X-WP-CF-Super-Cache-Cache-Control
X-WA-Info
X-WP-CF-Super-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-KEY
X-Ah-Environment
X-Contensis-Viewer-Groups
X-Cache-ASPX
Locid
X-AIR-PT
X-Micro-Cache
X-EC-Lua
Ms-Author-Via
Servername
X-LB-NoCache
Arc-Country
X-Men
X-NC
Env
X-Edge-Pop
X-Srv
X-Response-By
X-Varnish-Authentication
AMP-Access-Control-Allow-Source-Origin
X-Servedbyhost
X-Old-Content-Length
X-Mvc-Supplant-OutputCached
Path
X-Amz-Meta-Cb-Modifiedtime
X-Udemy-Cache-App-Namespace
Lb
X-Tec-Api-Root
X-Tec-Api-Origin
X-TIME
X-Tec-Api-Version
X-RPM
X-RPS
Ngx.Var.Host
X-TraceId
X-RSL
Cache-Host
X-DI
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-DB
Time
X-DSS
X-Generated-In
X-DW
Memory
Ohc-Cache-HIT
ITXSESSIONID
X-Date
X-Accel-Expires-Debug
X-Akamai-Transformed
X-HA-Backend
X-Varnish-Beresp-TTL
X-Proxy-CacheRZ
XkeyRZ
X-RateLimit-Reset
X-GeoIP-Region-Code
X-API-Version
X-S-Maxage
Client
GeoIp-Country-Code
X-GeoIP-Country-Code
X-VCL-Version
X-Clientip
True-Client-IP
X-Api-Version
X-Cache-Debug
X-Vc
FSS-Cache
X-VHOST
X-Cs
X-DC
Server-ID
Geoip-Latitude
X-Trace-ID
Fusion-Content-Source
X-URL
Fusion-Content-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
X-Zone
Fusion-Source
Hostname
X-Presslabs-Stats
CacheControlHeader
X-Correlation-ID
X-Fpc
X-Action
X-TH-Server
X-TX-ID
X-Dmc
True-Client-Country-4JS
X-FireWall-Port
X-MSEdge-Flight
NtCoent-Length
X-MSEdge-Features
X-Backend-TTL
X-Render-Time
Powered-By
X-Traceid
X-Webkit-Csp-Report-Only
X-PX
X-B3-Spanid
X-INCAP-ABP
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-DynaTrace-JS-Agent
Test
X-Gateway-Request-Id
X-Service
Rip
Geo-Info
Tcn
X-Gateway-Skip-Cache
Edge-Cache
C-Via
X-Req
X-NGINX-Cache
X-TRACE-ID
X-M-Reqid
X-Pass-Why
Esi-Enabled
HIT
X-CSRF-TOKEN
Click-Count-Action-Start
Tube-Get-Contents
My-App
X-M-Log
Tube-Return
Click-Count-Error
X-Qnm-Cache
Tube-Got-Eval
X-Cdn-Request-ID
Tube-Got-Results
X-FPC
X-Origin-Upstream-Status
X-Beluga-Status
X-Beluga-Response-Time
Server-Id
X-HS-Status
On-Server
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Node
X-Vcl-Version
User-Agent
X-Webkit-CSP-Report-Only
X-Beluga-Cache-Status
OT-Force-Account-Verify
X-Alfa-Service
Uri
X-Provided-By
Cf-Int-Pingora-Origin-Digest
X-Up
X-Akamai-Pragma-Client-IP
Srvid
X-Proxy-Cache-Hk
X-Ha-Backend
X-Via-PopH
X-Via-PopV
X-Via-PopN
Proxy-Connection
Resin-Trace
X-LB-ID
X-Check-Cacheable
GeoIP-Country-Code
GeoIP-Latitude
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
Cdn
X-APP
Sid
X-Edge-Origin-Shield-Bytes
Srv
X-RAMCache
Epwk-X-Cache
X-UnsetCookies
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Edge-Origin-Shield-Region
MIME-Version
X-Li-Fabric
X-LI-Proto
X-LI-UUID
X-Li-Pop
X-ServedByHost
WebServer
X-Cdn-Forward
DataCenter
X-Geo
WZWS-RAY
ENV
X-Backend-Host
M-TraceId
X-Time-Microsecs
X-ND-Cache
X-Fetch-By
Warning
X-Esi
X-CUA
X-Fastly-Backend-Reqs
XServer
X-App
X-B3-Traceid-Primal
X-Edge-POP
X-Lb-Nocache
ServerName
Cf-Device-Type
Server-Ttl
X-MG-S
X-HostName
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
PICS-Label
X-Azure-Ref-OriginShield
X-ATG-Version
CF-Cached-On
X-HITS
X-Nc
X-ElasticPress-Query
DT-Hot-News
X-Request-Url
Target-Params
X-Fragments
Tracecode
X-Yottaa-OS
X-Newrelic-App-Data
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Dw-Trace-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Serial
Section-Origin-Responded
Section-Io-Id
X-Iplb-Instance
D-Url-Rewrites
Inserted-Into-Cache-At
Lfy
X-Vcache
X-Sucuri-Cache
X-Akamai-Request-ID
Cf-Ipcountry
X-Var-Ttl
X-Bip
X-Thanos
True-Client-Ip
Dt-Hot-News
X-FC-Vary-Parameters
X-Iplb-Request-Id
X-CF-Powered-By
X-Sucuri-ID
X-Fastly-Backend
Servedby
Cdn-Pullzone
Cdn-Requestcountrycode
Cdn-Cachedat
Cdn-Cache
Wp-Super-Cache
Cdn-Requestid
Cdn-Edgestorageid
Cdn-Uid
X-Dist-Code
X-Th-Server
X-Varnish-Beresp-Status
X-Storefront-Renderer-Verified
X-Vercel-Id
X-Back
Content-Script-Type
X-LiteSpeed-Tag
X-Request-Start
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Vha6-Origin
X-Cc-Via
X-Vercel-Cache
X-NU-AKA-ACS-Version
Fastcgi-Cache-Ttl
X-Request-URL
X-Cache-Expires
Cneonction
X-Snapshot-Date
CountryCode
X-Fastly-Cache-Hits
X-BBC-Origin-Response-Status
Content-Style-Type
Ngx
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Release