Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-Akamai-Path-Stats
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
Allow
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-Server-Name
Edge-Control
RTSS
X-Varnish-TTL
X-VARITI-CCR
X-ESI
Accept-Ch
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Dw-Request-Base-Id
X-B3-TraceId
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-Ac
X-D2id
X-RateLimit-Remaining
X-Element-Page-Cache
X-Navigation-Version
Verso
X-FastCGI-Cache
X-Edge
X-Abt-Application-Version
X-Client-IP
X-Sol
X-Middleton-Display
Display
X-Powered-By-Plesk
Pagespeed
X-Ser
X-Cache-TTL
X-Version
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
X-Ttl
X-Correlation-Id
Access-Control-Request-Method
X-Goog-Hash
X-Ruxit-Js-Agent
SPIisLatency
X-Kinsta-Cache
SPRequestDuration
X-Edge-Location-Klb
AR-PoweredBy
AR-Request-ID
AR-SID
AR-CACHE
AR-ATIME
X-Cached
X-Upstream
X-NWS-LOG-UUID
X-Content-Security-Policy-Report-Only
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-SharePointHealthScore
SPRequestGuid
X-LLID
X-Instrumentation
X-RateLimit-Limit
X-Powered-CMS
Edge-Cache-Tag
X-Litespeed-Cache
X-TTL
Nginx-Cache
X-Cache-Key
X-Forwarded-For
Content-MD5
TCN
X-MSEdge-Ref
Mrf-Cache-Status
MRF-Tech
X-Id
X-Shield-Request-Id
X-Daa-Tunnel
X-B3-TraceId-Primal
X-T
X-Webkit-Csp
X-Recruiting
S
X-Content-Digest
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
MS-Author-Via
X-Ua-Device
X-Mg-S
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Accel-Expires
MicrosoftSharePointTeamServices
X-ECACHE
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HS-Hub-Id
X-Protected-By
X-Frontend
X-Grace
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Ab
X-Ua-Browser
X-Content
X-Request-Received
Front-End-Https
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Server-Node
X-Server-ID
Filters
TP-Cache
TP-L2-Cache
X-DataDome
X-Mid
X-DynaTrace
Fastcgi-Cache
X-Origin-Server
X-Hits
X-Distributor
X-Geo-Country
X-PressLabs-Stats
X-ORACLE-DMS-ECID
X-WebKit-CSP-Report-Only
X-ORACLE-DMS-RID
X-Microsite
X-Request-Handler-Origin-Region
X-Debug-Info
X-Ratelimit-Reset
X-Amzn-Trace-Id
Cleartype
Charset
X-Page-Id
X-Tt-Trace-Tag
Host
X-Git-Hash
X-Tt-Trace-Host
X-LB-Cache
X-DIS-Request-ID
X-F-Cache
Cross-Origin-Opener-Policy
X-B3-Sampled
X-MCACHE
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Forwarded-Proto
X-Www-Served-By
Access-Control-Allow-Method
X-Cache-Age
ServerID
X-Seen-By
Cache-Status
Realpath
X-Az
X-AppVersion
X-Activity-Id
X-Aspnetmvc-Version
Accept-Charset
Cache-Tags
X-Cluster-Name
X-Varnish-Age
Filterid
X-Rid
X-Kong-Upstream-Latency
X-Language
X-Kong-Proxy-Latency
X-Nginx-Upstream-Cache-Status
X-Content-Options
X-Type
X-App-Environment
X-Oracle-Dms-Ecid
Retry-After
Server-Name
X-Upgrade-Enabled
X-Oracle-Dms-Rid
Node
X-Varnish-Grace
Country
X-Origin-Cache
Viewport
X-User-Agent
X-Whom
X-Tb
X-Request-Guid
X-FB-Debug
X-Flags
X-Mobile-URL
X-Is-Crawler
X-Providence-Cookie
X-Varnish-Backend
Paypal-Debug-Id
X-Route-Name
X-Wix-Request-Id
X-Aspnet-Duration-Ms
X-NWS-UUID-VERIFY
X-B-Cache
X-Signature
X-Drupal-Cache-Tags
DC
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-TT
X-GUploader-UploadID
X-Goog-Generation
X-VCache
X-Goog-Storage-Class
X-XRDS-LOCATION
Protected
Fastcgi-Useragent
X-N
X-B
X-Fastly-Request-Id
X-Via-JSL
X-Debug
X-Fastly-Request-ID
X-Amz-Replication-Status
X-Logged-In
X-Cache-NGX
WPO-Cache-Message
WPO-Cache-Status
Payment
X-Load-Cache
X-Contextid
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
Surrogate-Key
Permissions-Policy
X-Cache-Control
Count-Hit
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Node-Name
X-FW-Static
X-FW-Dynamic
X-FW-Type
X-FW-Server
X-Template
X-FW-Hash
X-FW-Serve
X-Trace-Id
Healthy
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Fastcgi-Cache
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
X-G
Content-Disposition
X-Cache-Time
X-Proxy
Akamai-GRN
X-Mobile
Refresh
X-Mcache
X-Jobs
X-Rendered-As
X-Zen-Fury
X-UUID
X-Revision
X-Akamai-Request-ID2
X-Cacheable-TTL
Uber-Trace-Id
X-Framework
X-Is-Bot
X-Hostname
X-Real-IP
X-Proxy-Cache-Status
X-Http-Reason
X-Adobe-Content
X-Cache-TTL-Remaining
X-Page-View
X-Adobe-Loc
X-Debug-IsConnected
VIX-Pulpo-Node
NGB
VIX-Pulpo-Upstream-Status
X-Debug-IsPreview
X-Device-Type
X-Drupal-Cache-Contexts
X-Instance
Url
Alternate-Protocol
Access-Control-Request-Headers
X-Servername
X-COUNTRY
X-Datadome
X-Yottaa-Metrics
X-IPLB-Instance
X-Yottaa-Optimizations
X-Cache-Grace
X-ECache
X-Mg-Request-UUID
Version
X-Restarts
X-NGENIX-Cache
X-Source
X-Varnish-Server
X-L-Path
X-Environment-Context
From-Origin
X-Oneagent-Js-Injection
Accept-Language
X-Cache-Rule
X-Cache-Hit
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-Cache-Expired-At
X-RTag
Ms-Operation-Id
MS-CV
X-HTML-Minification-Powered-By
X-Parallel-Accel
Countrycode
Frame-Options
Referer-Policy
X-App-Server
X-NYM-Debug-Backend
Liferay-Portal
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
Cross-Origin-Window-Policy
X-FW-Version
Backend
X-APP-VERSION
X-IPS-LoggedIn
X-Midtier
Content-Secure-Policy
X-RemovedCookies
WP-Super-Cache
X-ProcessESI
Meta-Geo
X-Hosted-By
X-UPSTREAM-Address
X-RN-RSRV
X-Redis-Cache
X-Cache-Server
Section-Io-Cache
Upgrade-Insecure-Requests
X-Cache-Action
Cache-Tv-Group
X-Region
X-Web-Node
X-Generation-Time
X-Ua
X-No-Session
X-FB-TRIP-ID
X-PCL
X-OCL
X-Cache-Enabled
CF-IPCountry
X-UA-Device-Type
X-Nginx-Cache
X-Content-Age
X-Detected-As
X-Generated-By
X-Format
X-Site-Version
X-Akamai-Edgescape
X-Human
X-Origin-Hint
X-Nginx-Cache-Key
TWC-GeoIP-Country
X-Be
X-Cluster-Node
X-Mode
X-Via-Fastly
TWC-Locale-Group
X-Sql-Duration-Ms
Fastly-SSL
X-Server-W
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Request-Time
TWC-GeoIP-LatLong
Locale
S-Rt
TWC-Connection-Speed
TWC-Device-Class
Azure-Version
Property-Id
Azure-SlotName
X-Sql-Count
Mn-Server-Ip
Ec-Rule-Version
X-Say-Cacheable
X-AOL-HN
X-Storage
Apigw-Requestid
X-Unique-Id
X-Varnish-Cache-Hits
X-Urbn-Site-Id
X-Uri
X-Access
X-Say-TTL
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Urbn-Context-Path
X-Section
Webcakes-Region
X-SayCDN-TTL
X-Cache-Host
X-BYPASS-REASON
X-ApacheServer
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Origin-Date
X-Platform-Server
X-PHP-Backend
X-Adobe-Source
X-PERF
X-Xfnlog-Site
X-Ratelimit-Remaining
X-ProxyCache-Status
X-ProxyCache-Key
X-Status
X-Cache-Tags
CDN-Uid
X-Debug-Cache
X-Content-Powered-By
CDN-Cache
CDN-CachedAt
X-Forwarded-Host
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestId
Eomportal-Instance
X-Handled-By
X-Locale
X-Zipkin-Id
X-ServerID
X-Proxied
X-SaId
X-Backend-Name
X-PHP-Host
X-Tid
X-Extlb
X-Cache-Type
X-Routing-Service
X-Webkit-CSP
X-JoinUs
X-Hl-Ver
X-Labrador-Cache-Channel
X-Hyper-Cache
X-Varnishpool
X-TT-LOGID
X-NewRelic-App-Data
X-LJ-Flow-ID
Selected-Fe
X-Timing-Wait
X-Proxy-Build
X-AWS-Id
X-VWS-Id
X-VC-Cache
X-Cms-Context
X-GG-Cache-Date
ServedBy
Webserver
X-Dc
X-Edge-Location
X-Rule
X-Storefront-Renderer-Rendered
X-Cache-Operation
X-LSADC-Cache
Fastly-Drupal-Html
Mime-Version
X-Proto
Web-Mar-Node
SRV
Load-Balancing
X-Cached-By
X-Rewrite-Enabled
SID
X-Accel-Buffering
X-GeoCountry
X-GeoCode
X-CDN-Forward
Onion-Location
X-Cache-Remote
X-Soup
X-GEO
X-TA-CDN-Provider
X-Cdn
Xserver
X-Varnish-Hostname
Cache-Hits
X-Pubstack
X-Reqid
X-App-Version
X-Cluster
X-Origin-CC
X-Origin-TTL
X-SRV
X-Buckets
X-Request-Host
X-Varnish-Hits
Country-Code
X-Ratelimit-Limit
X-Microcachable
Server-Info
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Envoy-Decorator-Operation
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
LB
X-Magnolia-Registration
X-Ms-Version
Xet-Cookie
X-Ms-Request-Id
X-Air-Trace-Id
X-Air-Hostname
Cache
X-Amzn-RequestId
X-Air-Source
X-Amz-Apigw-Id
DB-Nickname
X-CSRF-Token
X-B3-SpanId
X-NCache
X-Tx-Id
X-Endurance-Cache-Level
X-RCS-CacheZone
A
DCR-Decision-By
DCR-Processing-Time-Ms
X-Fetched-On
X-A-Wwc
X-Forwarded-Path
X-Cache-Id
X-Gzip
NM-Fastcgi-Cache
X-Geo-Header
Cmsid
X-A-Dgt
Cmstype
X-Ftr-Request-Id
X-Cache-NE
X-Device-Os
X-B-Cookie
BehaviorPad-Version
X-CF-Lambda-Version
X-Destination
X-Developer
X-Application
X-D
X-Conf
X-Connection-Hash
X-Core-Mission
X-ARC
X-CF-Lambda-Fn
X-AK-Request-ID
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Esi-Check
X-External-Request-Id
X-Cdn-Srv
DynaTrace
Cdncip
Cdnsip
X-Ec-Fail
Xc-Version
X-Aed
X-A
Sslversion
Surrogated-Key
Lang
X-SRCache-Key
Rendered-Blocks
X-Vtex-Remote-Cache
T-Server
X-Shop-Environment
Host-ID
X-S-Cookie
X-ScT
X-SD-PageType
X-Hash
X-Tenant
X-TIM-N
X-IPLB-Request-ID
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
Pramga
X-Vtex-Processado-Em
X-TrackingId
X-User
MD5-Digest
X-S
X-Session-Fingerprint
X-A-Ccd
X-A-Dam
X-Bc-Bl
X-Orig-Expires
X-Cache-Bucket
X-Rojux
X-Node-Id
X-NAPM-TraceId
Expiry
X-PAYTM-SRV-ID
X-Processor
Fastcgi-X-Cache-Version
X-A-Dcw
X-HS-Content-Campaign-Id
X-PBS-Appsvrname
X-Ig-Push-State
CDN
Source
X-Time
X-Varnish-Ttl
X-Varnish-Beresp-Grace
Wxu-Next-Region
Origin-CC
X-Cache-Backend
X-Block-Status
Origin-EX
Platform
Release
TDXMobile
X-Amzn-Remapped-Content-Length
Traceparent
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
User-Cache-Control
State
Wxu-Next-Commit
Producers
Web-Mar-Region
Server-Host
We-Hiring
Wxu-Next-Hostname
X-From
X-Wix-Viewer-Type
X-Sigma
X-Sigma-Backend
X-Skip-Cache
X-Webstats-RespID
X-SB
X-Rocket-Build-Number
X-Origin-Time
X-Origin-Response-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Slack-Backend
X-WADP-Cache
X-VServer
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Via-Ucdn
X-Variation
X-V-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-TNCMS
X-Nyt-Route
X-NodeID
X-DPWN-IS-SECURE
X-Dispatcher-Number
X-Ec-Custom-Error
X-Fastly-Cache
X-Fmm-Version
X-Developers
X-DefHash
X-Cache-Info
X-Clara-WADP
X-Core-Value
X-DefElseHash
X-Gdpr
X-Gen-Mode
X-LAGOON
X-JWT-State
X-Location
X-Loop
X-Mvc-Supplant-Cachable
X-Is-Gdpr
X-Irp-Debug
X-GeoIP
X-Has-Esi
X-Worker
X-Hnp-Log
X-Cache-Date
X-Ckpd-Fst-Backend
Adler-Geo
X-R9-Blue-Green-Version
Machine
CloudFront-Viewer-Country
Environment
Fastly-GeoIP-CountryCode
Memcached
Mail-Subject
AKAMAI
Is-Eu
Ohc-File-Size
X-Eu-Site
X-Level-Front-Cache
X-Loc
X-Gamma-Serve
X-Httpd
X-HN
X-Generated-On
X-Datadog-Trace-Id
X-GeoIP-City
X-CGP
Apple-News-Services-Host
X-Branch-Name
X-BBC-Edge-Cache-Status
Apple-News-Services-Parsed-Url
X-Auto-Login
Apple-News-Services-Handled
X-CacheTTL
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Minions-Version
X-Cdn-Origin
X-Datadog-Sampling-Priority
X-Platform
X-Server-IP
X-SIPLIST1
X-Served-From
X-Scheme
X-Rocket-Nginx-Serving-Static
X-Sn-Servicetimems
X-VarnishDD-TTL
Cache-Name
X-Via-NSCOPI
X-Viewer-Country
X-ZONE
X-VG-TLSProxy
X-Request-URI
X-Region-Sid
X-Policy
X-Pool
X-Pod-Name
Apple-News-Services-Request-Url
X-Origin-Expires
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Rebelmouse-Cache-Control
NGX
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Qloud-Router
X-Origin
X-Rebelmouse-Surrogate-Control
V-Age
Cluster
HA-Ipaddr
PFcat
Vix-Hermes-Req-Id
Redirect-Candidate
Ha-Gx-Prefs
Origin
N-Cache
Fastcgi-Cache-TTL
Fastly-SIE
Gh-Request-Id
Svr
IsBot
X-Aicache-OS
CDCHOST
Fastly-SWR
Req-Svc-Chain
Server-Ext
Server-Hostname
Kp-EeAlive
Ssr
L5d-Success-Class
Sever-Int
L
X-Newrelic-Synthetics
X-Azure-Ref
X-WP-CF-Super-Cache-Cache-Control
X-Forwarded-Site
DSUID
X-Scale
X-Owner
X-WP-CF-Super-Cache
HostName
Datacenter
X-Ad-Defer-Variation
X-CS
X-Refresh
X-BCube-Filmed-By
Candidate-Md5Url
X-Parent-Response-Time
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Optimistic-Header
Pics-Label
X-Men
X-NC
Cache-Key
Locid
X-EC-Lua
X-Tb-Optimization-Total-Bytes-Saved
Arc-Country
X-CACHE-KEY
X-SplitTest
CPC-Age
VNS-Cache
Env
X-Ah-Environment
VNS-Age
XM
X-Old-Content-Length
GEO-INFO
X-Response-By
CPC-Cache
X-Contensis-Viewer-Groups
X-Cache-ASPX
Ms-Author-Via
X-Tt-Logid
X-VC
X-TraceId
X-TIME
X-Cache-Status-Check
X-Srv
Servername
X-Tec-Api-Root
X-Tec-Api-Origin
X-Edge-Pop
X-DW
X-DI
X-DSS
Fastly-Backend-Name
X-Mvc-Supplant-OutputCached
X-Tec-Api-Version
X-DB
X-LB-NoCache
X-RPS
X-RSL
X-Varnish-Authentication
X-RPM
AMP-Access-Control-Allow-Source-Origin
X-Udemy-Cache-App-Namespace
X-WA-Info
X-Accel-Expires-Debug
Memory
X-Generated-In
X-Micro-Cache
X-Date
X-Amz-Meta-Cb-Modifiedtime
Time
X-Xrds-Location
Lb
X-Akamai-Transformed
X-Via-Popv
X-AIR-PT
X-Via-Poph
X-Via-Popn
Path
X-Servedbyhost
X-GeoIP-Region-Code
GeoIp-Country-Code
X-GeoIP-Country-Code
Ohc-Cache-HIT
X-Cache-Debug
X-Presslabs-Stats
ITXSESSIONID
X-S-Maxage
X-RateLimit-Reset
X-Vc
True-Client-IP
Ngx.Var.Host
X-VCL-Version
X-HA-Backend
Client
X-API-Version
Cache-Host
FSS-Cache
Fusion-Content-Id
Fusion-Source
X-Api-Version
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Geoip-Latitude
CacheControlHeader
X-VHOST
X-Cs
Hostname
XkeyRZ
X-Proxy-CacheRZ
True-Client-Country-4JS
X-Trace-ID
X-DC
X-Varnish-Beresp-TTL
Geo-Info
X-TH-Server
Server-ID
X-Action
X-Clientip
X-Backend-TTL
X-FireWall-Port
X-Fpc
Powered-By
Edge-Cache
X-Webkit-Csp-Report-Only
X-Req
X-TX-ID
X-NGINX-Cache
X-Zone
X-Pass-Why
My-App
X-B3-Spanid
NtCoent-Length
X-PX
X-CSRF-TOKEN
X-MSEdge-Flight
X-MSEdge-Features
X-Render-Time
X-Dmc
Test
X-INCAP-ABP
X-Provided-By
X-Traceid
X-FPC
X-Origin-Upstream-Status
X-Varnish-Beresp-Ttl
X-Cdn-Request-ID
X-Up
Cf-Int-Pingora-Origin-Digest
X-Correlation-ID
Click-Count-Error
Click-Count-Action-Start
X-Beluga-Node
Rip
Tube-Get-Contents
Tube-Got-Results
Tube-Got-Eval
Server-Id
X-LB-ID
X-Beluga-Status
X-Beluga-Record
X-HS-Status
Tube-Return
X-Beluga-Cache-Status
X-Beluga-Response-Time
User-Agent
X-Beluga-Trace
C-Via
X-Webkit-CSP-Report-Only
X-Service
X-M-Reqid
X-DynaTrace-JS-Agent
Esi-Enabled
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Qnm-Cache
X-Gateway-Skip-Cache
Proxy-Connection
X-Gateway-Cache-Key
Tcn
X-Vcl-Version
X-M-Log
DataCenter
Resin-Trace
X-Li-Fabric
X-Li-Pop
X-Via-PopN
X-LI-UUID
HIT
OT-Force-Account-Verify
Uri
X-Via-PopV
X-UnsetCookies
X-Alfa-Service
X-Ha-Backend
X-URL
X-Via-PopH
Srvid
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
On-Server
X-ServedByHost
WZWS-RAY
Sid
X-ND-Cache
X-Time-Microsecs
GeoIP-Country-Code
X-RAMCache
GeoIP-Latitude
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
X-Fetch-By
Srv
Epwk-X-Cache
X-Geo
X-CUA
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-APP
X-Proxy-Cache-Hk
X-LI-Proto
X-Cdn-Forward
X-TRACE-ID
Cf-Device-Type
X-Platform-Cluster
X-Fragments
X-Platform-Processor
X-Backend-Host
Target-Params
MIME-Version
X-Fastly-Backend-Reqs
X-ATG-Version
Tracecode
X-Platform-Router
Cdn
X-Esi
X-Edge-Origin-Shield-Bytes
X-Lb-Nocache
ServerName
X-App
ENV
X-Sucuri-ID
X-FC-Vary-Parameters
WebServer
X-Sucuri-Cache
X-Fastly-Backend
Fastly-Drupal-HTML
X-Edge-POP
X-Var-Ttl
XServer
Lfy
X-B3-Traceid-Primal
X-MG-S
X-HostName
X-Edge-Origin-Shield-Region
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Section-Io-Origin-Time-Seconds
Inserted-Into-Cache-At
Section-Io-Origin-Status
X-Varnish-Beresp-Status
M-TraceId
X-Newrelic-App-Data
Section-Origin-Responded
X-ElasticPress-Query
Section-Io-Id
PICS-Label
X-Yottaa-OS
X-Azure-Ref-OriginShield
X-Cache-Expires
CF-Cached-On
CountryCode
Dt-Hot-News
X-Vcache
D-Url-Rewrites
X-NU-AKA-ACS-Version
X-Iplb-Request-Id
X-Iplb-Instance
X-Nc
Server-Ttl
X-Backend-State
X-Dw-Trace-Id
X-Serial
X-LiteSpeed-Cache-Control
X-Li-Proto
X-CF-Powered-By
Cf-Ipcountry
Magicmarker
Servedby
Warning
X-Vercel-Id
X-Wp-Cf-Super-Cache-Cache-Control
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Vercel-Cache
X-Litespeed-Cache-Control
Content-Script-Type
Content-Style-Type
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Request-Url
X-BBC-Origin-Response-Status
X-Dist-Code
X-Back
X-Th-Server
X-Release
Ngx
X-Request-URL
X-Acquia-Site
X-Acquia-Purge-Tags
X-Snapshot-Date
X-Storefront-Renderer-Verified
Cneonction