Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
CF-Ray
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-Request-ID
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
Report-To
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Pingback
X-OneAgent-JS-Injection
NEL
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Ruxit-JS-Agent
Accept-CH-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-TtlSet
X-Vname
X-PC
Allow
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Varnish-TTL
X-ESI
X-Server-Name
X-FastCGI-Cache
Fastly-Restarts
Cache-Tag
X-Aws-Lambda-Call-Status
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cnection
X-Px
X-Cache-TTL
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Navigation-Version
RTSS
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Goog-Hash
X-Origin-Cache
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
AR-SID
AR-CACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Powered-CMS
X-Version
X-Sol
X-Middleton-Display
Pagespeed
Display
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
Accept-Ch
X-LLID
X-MSEdge-Ref
X-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
TCN
MRF-Tech
X-Protected-By
X-RateLimit-Remaining
X-HP-Trace-Id
X-T
X-HP-Webp
X-Jurisdiction
X-Forwarded-For
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
S
Content-MD5
Edge-Cache-Tag
X-Language
Fastcgi-Cache
X-Mid
SPIisLatency
SPRequestDuration
Front-End-Https
Realpath
X-CST
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
X-Pinterest-Rid
X-DynaTrace
Pinterest-Version
Pinterest-Generated-By
Server-Node
X-MCACHE
Server-Name
X-Frontend
X-Ua-Browser
X-Content
X-Ab
X-Ruxit-Js-Agent
X-Ttl
X-HS-Cache-Config
X-Ser
X-HS-Hub-Id
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-NWS-LOG-UUID
X-HS-Combine-CSS
X-ECACHE
X-SharePointHealthScore
SPRequestGuid
X-Correlation-Id
X-Ezoic-Cdn
X-Cache-Key
X-Template
X-Hits
X-Parallel-Accel
Fusion-Source
Alternate-Protocol
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cache-Tags
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Page-Id
X-Kong-Upstream-Latency
X-B3-Sampled
Host
Charset
X-Content-Options
Cleartype
X-Www-Served-By
X-Git-Hash
X-Webkit-CSP
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Amzn-Trace-Id
X-Daa-Tunnel
X-Hostname
X-Amz-Replication-Status
X-Content-Digest
X-Varnish-Age
X-Fastly-Request-Id
Filterid
X-Activity-Id
X-Ratelimit-Limit
X-Az
X-AppVersion
X-FB-Debug
X-Upgrade-Enabled
X-VCache
X-Accel-Expires
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Grace
X-N
X-Origin-Server
X-Nginx-Upstream-Cache-Status
X-Rid
Access-Control-Allow-Method
TP-Cache
TP-L2-Cache
ServerID
X-F-Cache
X-Mobile-URL
X-LB-Cache
X-Server-ID
X-TT
X-Whom
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Type
X-Seen-By
X-App-Environment
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Tb
Viewport
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-WebKit-CSP-Report-Only
X-Goog-Generation
X-FW-Static
X-FW-Type
X-FW-Server
Node
X-FW-Hash
X-FW-Serve
X-Distributor
Payment
X-Varnish-Grace
X-FW-Dynamic
X-XRDS-LOCATION
Paypal-Debug-Id
DC
X-App-Server
X-User-Agent
X-Oneagent-Js-Injection
X-DataDome
Fastcgi-Useragent
Country
X-Wix-Request-Id
X-NGENIX-Cache
Accept-Charset
X-Cache-Control
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Cache-Rule
X-Fastly-Request-ID
Version
X-Logged-In
X-Via-JSL
X-Drupal-Cache-Tags
Referer-Policy
X-Request-Handler-Origin-Region
X-Microsite
X-Ratelimit-Reset
X-Tec-Api-Root
X-Cache-Age
X-Cluster-Name
X-Tec-Api-Origin
X-Tec-Api-Version
X-B-Cache
X-Signature
Refresh
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Buckets
X-Browser-Type
X-Load-Cache
X-Varnish-Backend
Cache-Status
X-Original-Request-Id
X-Node-Name
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Contextid
SD-X-WS
X-Response-Served-From
X-Cache-Expired-At
X-Rendered-As
X-Mobile
X-Is-Bot
X-Vgn-Hpd-Reason
X-B
NGB
Access-Control-Request-Headers
X-Debug
X-Fastcgi-Cache
X-Real-IP
Amp-Access-Control-Allow-Source-Origin
X-Jobs
X-Proxy-Cache-Status
X-Page-View
X-UUID
X-Rule
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Revision
X-Device-Type
X-RemovedCookies
X-Cacheable-TTL
X-ProcessESI
X-Proxy
X-Instance
X-IPLB-Instance
Surrogate-Key
X-Cache-Action
X-Drupal-Cache-Contexts
Akamai-GRN
X-Debug-IsConnected
X-Framework
X-Debug-IsPreview
X-Cache-Time
X-G
X-FW-Version
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
SID
X-XRDS-Location
CF-IPCountry
DynaTrace
X-Azure-Ref
X-PressLabs-Stats
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Accel-Buffering
Liferay-Portal
X-Nginx-Cache
X-Source
GEO-INFO
X-Ms-Version
X-Ms-Request-Id
Count-Hit
X-Presslabs-Stats
Uber-Trace-Id
Frame-Options
X-Cache-Operation
Ms-Operation-Id
X-CDN-Forward
MS-CV
X-RTag
Healthy
X-Cache-NGX
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-Zen-Fury
Xserver
Countrycode
X-Cache-Hit
X-Varnish-Server
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Backend-Name
X-Mode
X-Environment-Context
X-L-Path
X-Tumblr-Pixel-1
Ec-Rule-Version
Cross-Origin-Window-Policy
Protected
X-RateLimit-Limit
X-IPS-LoggedIn
X-Ratelimit-Remaining
X-Cache-TTL-Remaining
X-Region
X-Servername
X-Forwarded-Host
Meta-Geo
X-RN-RSRV
Backend
X-SaId
X-JoinUs
X-Tid
X-Detected-As
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Generation-Time
X-Debug-Cache
X-Hosted-By
X-Extlb
Decoy-Debug-Key
Decoy-Debug-Status
LB
X-Content-Age
X-Routing-Service
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Proxied
WPO-Cache-Message
WPO-Cache-Status
Country-Code
X-Sql-Count
X-Hyper-Cache
X-Shopify-Stage
X-Sql-Duration-Ms
X-Sorting-Hat-PodId
X-ShopId
X-Cache-Server
Apigw-Requestid
X-Adobe-Content
X-Zipkin-Id
Eomportal-Instance
Decoy-Debug-TTL
X-Content-Powered-By
X-Uri
X-Redis-Cache
X-Adobe-Loc
X-ShardId
X-Cache-Grace
Url
Cache-Name
Fastly-SSL
Mn-Server-Ip
X-ApacheServer
X-Origin-Date
X-Site-Version
X-ServerID
X-Format
X-Via-Fastly
X-Status
X-FB-TRIP-ID
X-Varnish-Beresp-Grace
X-PERF
X-PHP-Backend
X-No-Session
X-NCache
X-Human
Section-Io-Cache
X-PCL
X-UA-Device-Type
X-Timing-Wait
TWC-Device-Class
X-Storage
TWC-Connection-Speed
X-Server-W
X-Access
X-OCL
TWC-GeoIP-Country
Property-Id
X-Microcachable
Selected-Fe
X-ProxyCache-Status
X-Cache-Host
X-BYPASS-REASON
X-Proxy-Build
X-Origin-Hint
X-NYM-Debug-Backend
X-Cluster-Node
X-Cache-Type
X-Akamai-Edgescape
Webcakes-Region
X-Pubstack
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
X-Section
X-ProxyCache-Key
TWC-GeoIP-LatLong
Webcakes-App-Version
Cache-Tv-Group
X-NewRelic-App-Data
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
X-R9-Blue-Green-Version
CDN-Uid
CDN-Cache
X-SayCDN-TTL
X-Web-Node
X-Varnishpool
X-Hl-Ver
X-Say-Cacheable
X-Say-TTL
Content-Disposition
CDN-RequestId
Azure-SiteName
Azure-RegionName
Azure-SlotName
Content-Secure-Policy
X-Be
Azure-Version
DB-Nickname
X-Soup
Azure-InstanceId
X-Generated-By
X-Azure-Ref-OriginShield
X-Trace-Id
X-Ua
X-Webkit-Csp
X-LSADC-Cache
X-TIME
OT-Force-Account-Verify
X-Nginx-Cache-Key
X-Cached-By
Source
SRV
X-Dc
X-Bc-Bl
Retry-After
X-TT-LOGID
Cache
X-Unique-Id
X-Auto-Login
X-LAGOON
X-SRV
X-Platform-Server
X-Cache-Remote
X-App-Version
X-Cdn
X-Xfnlog-Site
X-Akamai-Transformed
Cache-Hits
X-Varnish-Hits
X-Loop
HostName
X-Origin-TTL
X-Origin-CC
X-Varnish-Hostname
X-TNCMS
X-GEO
X-Correlation-ID
ServedBy
Xet-Cookie
X-S-Maxage
Onion-Location
X-Cache-Tags
Mime-Version
X-CSRF-Token
X-HTML-Minification-Powered-By
X-Time
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-2
Web-Mar-Node
X-Tumblr-Pixel-3
X-Request-Time
X-EC-Lua
X-AOL-HN
From-Origin
Webserver
X-Proto
X-ECache
X-Request-Host
N-Cache
WP-Super-Cache
X-Tenant
X-Endurance-Cache-Level
X-AWS-Id
X-Cache-Var
X-VWS-Id
X-LJ-Flow-ID
X-FireWall-Port
X-Cache-Var-Map
X-Time-Microsecs
X-B3-SpanId
Nel
X-GG-Cache-Date
X-Cache-Enabled
X-Origin-Response-Time
X-NWS-UUID-VERIFY
X-Edge-Location
X-Handled-By
Odigeo-Trace-Id
Pramga
X-Session-Fingerprint
X-ScT
Redirect-Candidate
X-S-Cookie
X-Shop-Environment
X-SD-PageType
Fastcgi-X-Cache-Version
BehaviorPad-Version
X-Vdms-Version
DCR-Decision-By
X-VG-WebCache
A
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
DCR-Processing-Time-Ms
Expiry
X-V-Cache
X-TIM-N
X-SRCache-Key
X-Vdms-Path
Mobile-Detection-Method
Rendered-Blocks
Meta-Geo-Continent
X-Slack-Backend
X-A-Ccd
X-Planisys-CDN-Cache
X-D
Xc-Version
X-Destination
X-Connection-Hash
X-Conf
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cluster
X-PBS-Appsvrname
X-Developer
X-NAPM-TraceId
X-Ftr-Request-Id
X-Gen-Mode
X-Hnp-Log
X-ND-Cache
X-Forwarded-Path
X-PAYTM-SRV-ID
X-External-Request-Id
X-Orig-Expires
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Ig-Push-State
X-A-Dam
X-S
X-Rojux
X-A
Vix-Hermes-Req-Id
Surrogated-Key
User-Cache-Control
V-Age
X-A-Dcw
X-A-Dgt
X-ARC
X-B-Cookie
X-Block-Status
X-Cache-NE
X-Processor
X-Application
X-A-Wwc
X-Aed
X-Aicache-OS
Sslversion
X-CF-Lambda-Fn
X-Via-NSCOPI
X-Mg-Request-UUID
X-Labrador-Cache-Channel
CloudFront-Viewer-Country
X-PHP-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
X-MP-GENERATED-AT
X-Men
X-Location
X-Nyt-Route
X-NodeID
X-Mvc-Supplant-Cachable
X-Old-Content-Length
X-Origin-Time
Fastcgi-Cache-TTL
DSUID
X-Request-URI
X-RCS-CacheZone
X-Proxy-Upstream
X-LI-UUID
Gh-Request-Id
X-Policy
X-Origin-Expires
Origin
X-Cdn-Srv
AMP-Access-Control-Allow-Source-Origin
X-Date
Wxu-Next-Commit
Wxu-Next-Hostname
X-Cache-Date
X-Cache-Bucket
Wxu-Next-Region
True-Client-Country-4JS
Svr
X-Hash
X-Accel-Expires-Debug
X-Li-Fabric
X-Geo-Header
X-Gdpr
State
X-Fastly-Cache
X-Forwarded-Site
X-Li-Pop
Host-ID
AKAMAI
X-SVT-ORM-RULES
Arc-Country
X-Sucuri-ID
X-Magnolia-Registration
X-Sucuri-Cache
X-Reqid
X-Adobe-Source
X-Webstats-RespID
Fastly-Drupal-Html
X-Viewer-Country
X-Scheme
X-Backend-TTL
X-Epic-Correlation-Id
X-SVT-ORM-VERSION
X-Server-IP
Cmstype
CDCHOST
Cmsid
CacheControlHeader
X-Varnish-Ttl
Environment
X-Origin
X-Device-Os
X-Qnm-Cache
Apple-News-Services-Parsed-Url
X-Rocket-Nginx-Serving-Static
X-Developers
Apple-News-Services-Host
X-VG-TLSProxy
X-Eu-Site
Apple-News-Services-Request-Url
X-Esi-Check
X-Envoy-Decorator-Operation
X-Datadog-Parent-Id
X-Cache-Id
Apple-News-Services-Handled
X-Cache-Info
X-Cdn-Origin
X-GeoIP-Region-Code
X-CGP
X-Cache-Debug
X-GeoIP-Country-Code
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Core-Value
X-Core-Mission
X-Datadog-Trace-Id
X-GeoIP
X-Storefront-Renderer-Rendered
X-Sn-Servicetimems
X-Branch-Name
X-M-Log
X-TH-Server
X-Locale
X-Platform
X-Skip-Cache
X-Request-Start
X-Served-From
X-Req
X-Region-Sid
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-TrackingId
X-Level-Front-Cache
X-GeoIP-City
X-Gzip
X-Generated-On
X-VServer
X-Fetched-On
X-Gamma-Serve
X-VarnishDD-TTL
X-HN
X-M-Reqid
X-Irp-Debug
X-HS-Content-Campaign-Id
X-UnsetCookies
X-Varnish-Beresp-Status
X-Fastly-Backend
X-Owner
Machine
Mail-Subject
Web-Mar-Region
Origin-EX
Locid
We-Hiring
HA-Ipaddr
L
L5d-Success-Class
Ha-Gx-Prefs
PFcat
Origin-CC
Server-Host
Server-Info
Ssr
Traceparent
Release
X-Xrds-Location
Platform
X-NU-AKA-ACS-Version
Thinkindot-CacheControl
X-Node-Id
TDXMobile
X-FC-Vary-Parameters
X-Has-Esi
X-JWT-State
X-Is-Gdpr
Memcached
X-Sigma-Backend
X-Worker
Adler-Geo
Cf-Device-Type
Fastly-GeoIP-CountryCode
Req-Svc-Chain
X-Thanos
X-Thinkindot-L3
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
X-Response-By
X-BBC-Edge-Cache-Status
S-Rt
X-Rocket-Build-Number
X-Sigma
Thinkindot-CacheControl-Type
X-Pod-Name
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Qloud-Router
Is-Eu
NM-Fastcgi-Cache
X-Zone
X-DefElseHash
X-Bip
X-Backend-State
X-Amzn-Remapped-Content-Length
X-ATG-Version
Thinkindot-Control
X-DPWN-IS-SECURE
X-VC-Cache
X-DefHash
X-Varnish-Beresp-Ttl
X-Ua-Device
NGX
X-CS
X-Mvc-Supplant-OutputCached
X-Loc
Magicmarker
X-CLOUD-TRACE-CONTEXT
X-Tx-Id
X-Up
X-Http-Reason
X-API-Version
X-Cache-Config
X-LB-ID
X-Restarts
X-Akamai-Request-ID2
Ms-Author-Via
X-NC
X-CACHE-KEY
X-Trace-ID
X-Generated-In
CDN
Pics-Label
Kp-EeAlive
X-Wix-Viewer-Type
X-TraceId
X-DSS
X-DW
X-RPS
Time
X-RPM
X-RSL
X-LB-NoCache
X-DI
X-Cache-Backend
X-DB
X-Action
Memory
X-Tb-Optimization-Total-Bytes-Saved
Datacenter
X-Via-Popn
X-Via-Popv
WebServer
X-Via-Poph
Candidate-Md5Url
X-Refresh
X-Optimistic-Header
Edge-Cache
Env
X-Edge-Pop
NtCoent-Length
X-Tt-Logid
X-Datadome
Accept-Language
X-Minions-Version
X-CacheTTL
X-Cache-Ttl
X-Srv
X-DynaTrace-JS-Agent
WWW-Authenticate
X-Vc
On-Server
X-DC
X-HA-Backend
GeoIp-Country-Code
Esi-Enabled
X-Servedbyhost
X-Esi
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-ZONE
X-TX-ID
X-MSEdge-Features
Server-ID
X-MSEdge-Flight
X-Unique-ID
X-Cs
X-Parent-Response-Time
X-Varnish-Beresp-TTL
X-Service
X-Ec-GeoHdr
C-Via
X-Ec-Fail
X-User
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Webkit-CSP-Report-Only
X-Cache-PHP
X-LI-Proto
X-Traceid
X-Fpc
X-App
X-VCL-Version
X-URL
X-Dynatrace
X-Cache-Status-Check
Test
X-Render-Time
Cdncip
Cdnsip
X-Li-Proto
X-Webkit-Csp-Report-Only
X-AK-Request-ID
X-LiteSpeed-Cache-Control
My-App
X-B3-Spanid
Cluster
X-Fmm-Version
X-WADP-Cache
X-Clara-WADP
X-Vcl-Version
X-FPC
Geo-Info
Proxy-Connection
X-NODE
X-Pass-Why
Resin-Trace
Tracecode
X-CUA
Geoip-Latitude
X-Mcache
T-Server
M-TraceId
Lfy
X-From
X-Var-Ttl
Server-Id
DataCenter
Fastly-Drupal-HTML
X-Clientip
Cf-Int-Pingora-Origin-Digest
X-Fragments
Lang
X-Info
X-AIR-PT
X-CSRF-TOKEN
X-ID
X-Oss-Storage-Class
HIT
UCS
Target-Params
GeoIP-Country-Code
X-VC
X-Ha-Backend
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Cache-Host
X-Geo
X-Oss-Request-Id
X-LiteSpeed-Tag
X-Oss-Server-Time
MIME-Version
Hostname
X-RAMCache
X-Pad
Hit
X-WP-CF-Super-Cache-Cache-Control
X-ServedByHost
S-Cnection
X-WP-CF-Super-Cache
X-Dynatrace-Js-Agent
Ohc-File-Size
X-Cdn-Forward
X-Edge-POP
Tcn
X-Via-PopV
X-Via-PopN
X-Via-PopH
ENV
X-Provided-By
X-Edge-Cache
X-Check-Cacheable
User-Agent
X-ElasticPress-Query
X-HS-Status
X-Micro-Cache
Permissions-Policy
Section-Io-Origin-Time-Seconds
X-Httpd
Fastly-Backend-Name
X-Api-Version
Section-Origin-Responded
Section-Io-Origin-Status
X-NGINX-Cache
X-Proxy-Cache-Info
Section-Io-Id
Load-Balancing
X-Fastly-Backend-Reqs
Servername
X-Ucs
X-Release
X-BBC-Origin-Response-Status
Producers
X-ServerName
X-Backend-Host
X-HostName
X-Lb-Nocache
X-APP
X-UP
X-Cache-CFC
X-BCube-Filmed-By
X-GoCache-CacheStatus
X-SB
WZWS-RAY
ServerName
Cf-Ipcountry
FSS-Cache
Uri
URI
PICS-Label
X-Nc
X-TRACE-ID
X-Pool
Server-Ttl
Cteonnt-Length
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Swift-Error
Ohc-Cache-HIT
X-Udemy-Cache-App-Namespace
X-Lb-Id
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Cdn-Request-ID
Cneonction
X-Fastly-Cache-Hits
X-Acquia-Site
X-Acquia-Application-Trace
EpKe-Alive
Cdn
X-RateLimit-Reset
X-Dw-Trace-Id
X-Scale
X-Akamai-ERPolicy
X-Akamai-ERRuleID
VNS-Cache
X-Snapshot-Date
X-Contensis-Viewer-Groups
X-Yottaa-OS
X-Vcache
X-WA
X-Newrelic-App-Data
X-Cache-ASPX
Shield-Pop
Cache-Key
X-WA-Info
CPC-Age
Path
CPC-Cache
X-B3-ParentSpanId
X-Amz-Meta-Cb-Modifiedtime
X-Apw-Access-Object
Vha6-Origin
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
CF-Cached-On
VNS-Age
Lb
X-Cache-Ngx
Sid
X-Air-Pt
X-Akamai-Request-ID
X-SIPLIST1
X-IN-APIGATEWAY
MD5-Digest
X-Shopify-Generated-Cart-Token
GeoIP-Latitude
X-Cache-Expires
X-Dispatcher-Number
X-Ec-Custom-Error
IsBot
X-IN-APIGATEWAYSSL
X-Last-Modified
X-UA
X-CacheKey
X-Http-Count
X-Akamai-Pragma-Client-IP
Req-ID
X-Sentry-ID
CountryCode
X-Http-Duration-Ms
X-Te-Count
Ngx
X-Wikidot-Static-Cache
X-Varnish-Authentication
X-Logging-Id
X-Te-Duration-Ms
X-ES-SERVER
X-Wikidot-Backend