Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Link
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-Request-ID
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-LiteSpeed-Cache
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Server-Id
X-Host
X-Backend-Server
X-Node
Cf-Railgun
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
Accept-Ch-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Application-Context
Content-Location
Rating
X-Ua-Compatible
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Language
X-Cloud-Trace-Context
X-Ac
X-Url
X-Content-Type
X-Template
X-Trace
Allow
X-TtlSet
X-Vname
X-Varnish-TTL
X-PC
Accept-CH-Lifetime
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
Cache-Tag
X-ESI
Fastly-Restarts
X-Server-Name
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-Buckets
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
Accept-Ch
X-Amz-Rid
MS-Author-Via
X-Vcap-Request-Id
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Origin-Cache
X-Cache-TTL
Arr-Disable-Session-Affinity
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cnection
X-Px
X-Aws-Lambda-Call-Status
Access-Control-Request-Method
X-Country-Code
X-NF-Request-ID
X-Navigation-Version
X-Powered-By-Plesk
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Goog-Hash
X-Version
RTSS
X-Powered-CMS
X-Amz-Server-Side-Encryption
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Middleton-Response
Response
X-MSEdge-Ref
X-LLID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-SID
AR-Request-ID
X-TTL
Nginx-Cache
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Protected-By
S
X-T
X-RateLimit-Remaining
Content-MD5
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
X-CST
TCN
X-Mid
Fastcgi-Cache
Realpath
X-MCACHE
Edge-Cache-Tag
SPRequestDuration
SPIisLatency
Front-End-Https
X-Parallel-Accel
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
Pinterest-Version
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Pinterest-Generated-By
X-Pinterest-Rid
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Server-Node
X-Ab
X-Ua-Browser
X-Content
X-SharePointHealthScore
SPRequestGuid
X-Correlation-Id
X-Ezoic-Cdn
X-Ttl
X-ECACHE
Server-Name
X-NWS-LOG-UUID
X-DynaTrace
Alternate-Protocol
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Hits
X-Yandex-Sdch-Disable
X-Content-Options
X-Accel-Expires
X-Tt-Trace-Tag
X-Cache-Key
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
X-Page-Id
X-Ruxit-Js-Agent
Host
Cache-Tags
X-Git-Hash
Cleartype
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Www-Served-By
X-B3-Sampled
X-Ser
Charset
X-Fastly-Request-Id
X-Content-Digest
X-Amz-Replication-Status
X-Daa-Tunnel
X-Geo-Country
TP-L2-Cache
Filterid
TP-Cache
X-Forwarded-Proto
X-Amzn-Trace-Id
X-VCache
X-XRDS-LOCATION
X-Varnish-Age
X-DIS-Request-ID
X-Activity-Id
X-Az
X-AppVersion
X-Rid
X-Origin-Server
X-N
X-Debug-Info
X-Upgrade-Enabled
X-Hostname
X-Grace
Access-Control-Allow-Method
X-FB-Debug
X-LB-Cache
X-Nginx-Upstream-Cache-Status
X-Origin-Upstream-Status
ServerID
X-Mobile-URL
X-WebKit-CSP-Report-Only
X-Request-Handler-Origin-Region
X-Microsite
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
X-Request-Guid
X-Server-ID
X-Whom
X-TT
Cross-Origin-Opener-Policy
X-F-Cache
X-NGENIX-Cache
X-App-Server
X-Tb
X-App-Environment
X-Varnish-Grace
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
Viewport
X-Goog-Generation
X-FW-Type
X-Distributor
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-FW-Serve
Node
DC
Paypal-Debug-Id
Payment
X-Seen-By
X-Cache-Control
X-Logged-In
Fastcgi-Useragent
X-Type
X-User-Agent
X-Litespeed-Cache
X-Ratelimit-Limit
Accept-Charset
X-PressLabs-Stats
Country
X-Cache-Age
X-Webkit-CSP
X-Wix-Request-Id
X-Cache-Rule
Version
X-Varnish-Backend
X-Node-Name
X-Erf-Bev-Bev-Is-Generated
X-Load-Cache
X-Browser-Type
X-Erf-Bev-Bev
Refresh
X-Drupal-Cache-Tags
X-TEC-API-VERSION
X-TEC-API-ROOT
X-IPLB-Instance
X-TEC-API-ORIGIN
Referer-Policy
X-Via-JSL
X-Fastly-Request-ID
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
X-Cache-Action
Access-Control-Request-Headers
X-Real-IP
X-Rendered-As
Cache-Status
X-Proxy-Cache-Status
X-Jobs
X-Cacheable-TTL
X-Vgn-Hpd-Reason
X-DataDome
X-Is-Bot
X-Cluster-Name
X-Page-View
NGB
X-Cache-Expired-At
X-ProcessESI
X-Debug
X-Fastcgi-Cache
Amp-Access-Control-Allow-Source-Origin
X-B
X-RemovedCookies
X-Mobile
X-Device-Type
X-Signature
X-B-Cache
X-UUID
X-Proxy
X-Revision
X-Rule
X-G
X-Instance
X-Contextid
Surrogate-Key
Akamai-GRN
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Contexts
X-Cache-Time
X-Framework
DynaTrace
X-Debug-IsConnected
X-Yottaa-Metrics
X-Debug-IsPreview
X-Yottaa-Optimizations
CF-IPCountry
Liferay-Portal
X-FW-Version
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
SID
X-Oracle-Dms-Rid
X-Azure-Ref
Healthy
X-Oracle-Dms-Ecid
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Source
X-Ms-Request-Id
X-Ms-Version
X-CDN-Forward
X-Oneagent-Js-Injection
Frame-Options
X-RTag
MS-CV
X-Nginx-Cache
Ms-Operation-Id
X-Cache-Hit
Count-Hit
Countrycode
X-XRDS-Location
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Varnish-Server
X-Environment-Context
X-L-Path
Xserver
X-Cache-Operation
Uber-Trace-Id
X-Region
Section-Io-Cache
X-APP-VERSION
X-Servername
X-EdgeConnect-Cache-Status
X-Accel-Buffering
X-Ratelimit-Reset
X-Backend-Name
X-Forwarded-Host
X-Content-Powered-By
X-Mode
GEO-INFO
Cross-Origin-Window-Policy
X-Zen-Fury
Ec-Rule-Version
Backend
Meta-Geo
X-IPS-LoggedIn
X-UPSTREAM-Address
X-RN-RSRV
X-Detected-As
X-JoinUs
X-SaId
X-Human
Country-Code
X-Redis-Cache
X-Hosted-By
X-Generation-Time
X-ShardId
X-Debug-Cache
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Varnish-Beresp-Grace
X-Adobe-Content
X-Sql-Duration-Ms
X-Adobe-Loc
X-Tid
X-Sql-Count
X-Alternate-Cache-Key
Eomportal-Instance
X-Cache-Server
X-ShopId
X-Sorting-Hat-ShopId
X-Cache-Grace
X-Uri
Decoy-Debug-Status
Decoy-Debug-Key
Mn-Server-Ip
Cache-Name
Cache-Tv-Group
Decoy-Debug-TTL
X-ServerID
X-PHP-Backend
X-Origin-Date
X-No-Session
X-FB-TRIP-ID
X-RateLimit-Limit
X-Site-Version
X-Via-Fastly
X-UA-Device-Type
X-Status
X-Cache-TTL-Remaining
X-NCache
Url
TWC-Privacy
Webcakes-App-Name
X-ProxyCache-Status
DB-Nickname
Apigw-Requestid
X-Storage
X-Web-Node
X-Rewrite-Enabled
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Timing-Wait
X-ProxyCache-Key
X-Proxy-Build
X-BYPASS-REASON
X-Microcachable
TWC-Connection-Speed
X-Cache-Host
Protected
Property-Id
TWC-GeoIP-Country
X-Origin-Hint
Webcakes-Region
X-Akamai-Edgescape
Fastly-SSL
TWC-Device-Class
Selected-Fe
Webcakes-App-Version
X-Cache-NGX
X-PERF
X-R9-Blue-Green-Version
X-Say-Cacheable
X-PCL
X-NYM-Debug-Backend
X-Format
X-Hl-Ver
X-Cache-Type
X-OCL
X-Say-TTL
X-Server-W
X-Zipkin-Id
X-ApacheServer
X-SayCDN-TTL
X-Routing-Service
X-Varnishpool
X-Proxied
X-Extlb
X-Cluster-Node
X-Be
X-Access
X-Pubstack
Content-Secure-Policy
X-Soup
OT-Force-Account-Verify
X-LSADC-Cache
X-Azure-Ref-OriginShield
X-Section
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-Ua
X-Content-Age
Source
X-Webkit-Csp
X-Presslabs-Stats
X-Time
X-App-Version
CDN-CachedAt
CDN-Uid
X-Cached-By
Content-Disposition
SRV
CDN-EdgeStorageId
CDN-Cache
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
X-NewRelic-App-Data
Cache
X-HTML-Minification-Powered-By
X-Generated-By
X-TT-LOGID
X-Hyper-Cache
X-SRV
X-Dc
X-Cache-Var
X-Cache-Var-Map
X-LAGOON
X-Amz-Meta-S3cmd-Attrs
X-TNCMS
X-Bc-Bl
X-Unique-Id
X-Nginx-Cache-Key
X-Varnish-Hostname
X-Loop
X-Varnish-Hits
Onion-Location
X-Auto-Login
X-S-Maxage
X-Trace-Id
Cache-Hits
Xet-Cookie
Retry-After
X-Origin-CC
LB
X-Origin-TTL
X-GEO
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Web-Mar-Node
X-Cdn
X-Proto
Webserver
Mime-Version
X-Platform-Server
X-M-Reqid
X-Akamai-Transformed
X-Tenant
X-Qnm-Cache
HostName
X-Time-Microsecs
X-CSRF-Token
X-Endurance-Cache-Level
X-M-Log
X-Edge-Location
WPO-Cache-Message
WPO-Cache-Status
X-VWS-Id
X-GG-Cache-Date
X-LJ-Flow-ID
X-AWS-Id
CloudFront-Viewer-Country
X-B3-SpanId
X-Cache-Remote
X-Xfnlog-Site
N-Cache
X-Ratelimit-Remaining
X-CACHE-KEY
X-ECache
X-Mg-Request-UUID
X-Cache-Tags
X-TIME
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-PHP-Host
X-Varnish-Cache-Hits
Upgrade-Insecure-Requests
ServedBy
X-Request-Time
Nel
X-Correlation-ID
X-RCS-CacheZone
X-Via-NSCOPI
X-Handled-By
X-AOL-HN
X-Origin-Response-Time
X-Locale
X-SD-PageType
X-Destination
X-D
X-Developer
X-ScT
A
X-Vtex-Remote-Cache
X-A-Dcw
User-Cache-Control
X-S-Cookie
X-External-Request-Id
X-A-Dgt
X-A-Wwc
X-A-Ccd
X-Aed
Xc-Version
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-NE
X-Cache-Date
X-B-Cookie
X-Block-Status
X-Application
X-Ckpd-Fst-Backend
X-SVT-ORM-RULES
X-ARC
X-Shop-Environment
X-Session-Fingerprint
X-A
X-Slack-Backend
X-Connection-Hash
X-Cluster
X-SRCache-Key
X-Conf
X-SVT-ORM-VERSION
X-S
Meta-Geo-Continent
X-NAPM-TraceId
DSUID
X-ND-Cache
Mobile-Detection-Method
Odigeo-Trace-Id
X-Processor
X-Vtex-Processado-Em
X-Ig-Push-State
Origin
Fastcgi-X-Cache-Version
X-Planisys-CDN-TTL
X-Vdms-Version
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Planisys-CDN-Cache
Expiry
X-Planisys-CDN-Rules
X-Orig-Expires
DCR-Decision-By
DCR-Processing-Time-Ms
X-Vdms-Path
X-Hnp-Log
X-Storefront-Renderer-Rendered
X-Gen-Mode
Surrogated-Key
X-A-Dam
X-Forwarded-Path
Rendered-Blocks
X-Rojux
X-Ftr-Request-Id
X-Request-Host
X-VG-WebCache
Redirect-Candidate
X-V-Cache
Pramga
BehaviorPad-Version
X-TIM-N
AMP-Access-Control-Allow-Source-Origin
X-VC-Cache
X-MP-GENERATED-AT
Traceparent
State
V-Age
Gh-Request-Id
Wxu-Next-Hostname
Wxu-Next-Region
Origin-CC
Host-ID
Release
Origin-EX
Wxu-Next-Commit
Fastcgi-Cache-TTL
X-Epic-Correlation-Id
X-Li-Pop
X-LI-UUID
X-Location
X-Li-Fabric
X-Sucuri-ID
X-Proxy-Upstream
X-Varnish-Beresp-Status
X-Men
X-Mvc-Supplant-Cachable
X-Origin-Time
X-Owner
X-Origin-Expires
X-Old-Content-Length
X-Policy
X-Nyt-Route
X-Hash
X-Geo-Header
X-Core-Mission
X-Date
X-Served-From
X-Server-IP
X-Sucuri-Cache
X-Skip-Cache
X-Device-Os
X-Webstats-RespID
X-Forwarded-Site
X-Gdpr
X-Fetched-On
X-VServer
X-Scheme
X-Fastly-Cache
X-Cache-Bucket
X-Accel-Expires-Debug
CDCHOST
X-ATG-Version
Cmstype
X-Reqid
Arc-Country
Server-Info
X-Adobe-Source
AKAMAI
Cmsid
CacheControlHeader
Environment
X-FireWall-Port
From-Origin
X-Datadog-Trace-Id
X-Developers
X-Cdn-Origin
X-Cdn-Srv
X-Datadog-Sampling-Priority
X-Core-Value
X-Cache-Info
X-Datadog-Parent-Id
X-Branch-Name
Vix-Hermes-Req-Id
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
We-Hiring
Web-Mar-Region
X-Cache-Debug
X-Cache-Config
X-Bip
X-Cache-Id
X-Generated-On
X-Sn-Servicetimems
X-TH-Server
X-Rocket-Nginx-Serving-Static
X-Request-Start
X-Req
X-Thanos
X-Thinkindot-L3
Sslversion
X-Aicache-OS
X-VarnishDD-TTL
X-TrackingId
X-Region-Sid
X-Magnolia-Registration
X-GeoIP
X-GeoIP-City
Thinkindot-CacheControl
X-Gamma-Serve
X-Fastly-Backend
X-Gzip
X-HN
X-Node-Id
X-Level-Front-Cache
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Esi-Check
X-Platform
Mail-Subject
Locid
TDXMobile
Server-Host
Machine
L
PFcat
X-EC-Lua
X-CS
X-Xrds-Location
X-DPWN-IS-SECURE
X-Response-By
Ha-Gx-Prefs
X-Rocket-Build-Number
X-Envoy-Decorator-Operation
Req-Svc-Chain
Fastly-SWR
Fastly-SIE
X-Sigma-Backend
Apple-News-Services-Request-Url
X-Sigma
Fastly-Drupal-Html
Platform
X-CGP
X-Csrf-Jwt
X-DefElseHash
X-DefHash
X-Pod-Name
Is-Eu
Candidate-Md5Url
X-Datadome
X-NU-AKA-ACS-Version
X-Qloud-Router
X-Rebelmouse-Surrogate-Control
X-Eu-Site
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-NodeID
HA-Ipaddr
X-Backend-State
Ssr
Memcached
X-Has-Esi
X-Worker
Cf-Device-Type
X-Viewer-Country
WP-Super-Cache
L5d-Success-Class
Adler-Geo
Apple-News-Services-Host
Svr
X-Is-Gdpr
Apple-News-Services-Handled
X-JWT-State
Apple-News-Services-Parsed-Url
Fastly-GeoIP-CountryCode
NGX
NM-Fastcgi-Cache
X-Variation
X-Varnish-CookieHashed-On
X-UnsetCookies
Datacenter
X-BBC-Edge-Cache-Status
X-Origin
X-Zone
X-Amzn-Remapped-Content-Length
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-FC-Vary-Parameters
X-Varnish-CookieINHashed-On
X-Ua-Device
X-CLOUD-TRACE-CONTEXT
X-Mvc-Supplant-OutputCached
X-Loc
X-Request-URI
X-Dynatrace
X-Tx-Id
Pics-Label
X-API-Version
X-LB-ID
X-NC
WWW-Authenticate
X-Up
X-Varnish-Beresp-Ttl
On-Server
CDN
X-Cache-Enabled
Ms-Author-Via
X-Backend-TTL
X-Vc
X-Generated-In
Esi-Enabled
X-NWS-UUID-VERIFY
X-Trace-ID
Memory
X-DynaTrace-JS-Agent
Time
X-Refresh
NtCoent-Length
X-GeoIP-Region-Code
X-LB-NoCache
X-GeoIP-Country-Code
Magicmarker
X-Via-Poph
C-Via
X-Service
X-Edge-Pop
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-Via-Popv
X-Via-Popn
X-TA-CDN-Provider
GeoIp-Country-Code
X-Cache-PHP
X-Parent-Response-Time
X-Tt-Logid
X-CacheTTL
X-Restarts
X-DC
X-Optimistic-Header
WebServer
Env
X-Varnish-Beresp-TTL
S-Rt
X-Render-Time
X-Cache-Status-Check
Kp-EeAlive
X-Esi
X-Srv
X-RSL
X-Wix-Viewer-Type
X-DI
X-TX-ID
X-Action
X-DB
Edge-Cache
X-DSS
X-Cache-Backend
X-RPS
X-Unique-ID
X-RPM
X-Servedbyhost
X-DW
X-ZONE
X-Info
Server-ID
X-MSEdge-Flight
X-MSEdge-Features
Tcn
X-Minions-Version
X-AIR-PT
X-Cs
X-Http-Reason
X-Akamai-Request-ID2
X-HA-Backend
Proxy-Connection
X-Clientip
X-App
X-Cache-Ttl
X-VCL-Version
X-Newrelic-Synthetics
X-Li-Proto
Geo-Info
X-URL
X-Oss-Hash-Crc64ecma
UCS
X-FPC
X-Webkit-Csp-Report-Only
Test
Cache-Host
HIT
X-Fpc
X-Varnish-Ttl
X-Oss-Storage-Class
X-LI-Proto
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Traceid
Accept-Language
X-Vcl-Version
S-Cnection
X-NODE
X-HostName
X-Webkit-CSP-Report-Only
X-LiteSpeed-Cache-Control
X-Ec-Fail
X-User
Server-Id
X-Ec-GeoHdr
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
Lb
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-B3-Spanid
Section-Origin-Responded
User-Agent
X-Pass-Why
Fastly-Backend-Name
X-Micro-Cache
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
X-LiteSpeed-Tag
X-Pad
X-Backend-Host
X-CSRF-TOKEN
Resin-Trace
X-ServedByHost
Cdncip
Cdnsip
X-BCube-Filmed-By
M-TraceId
X-BBC-Origin-Response-Status
X-APP
X-AK-Request-ID
X-Release
X-ID
X-Ha-Backend
Hostname
Cluster
X-WADP-Cache
My-App
Geoip-Latitude
GeoIP-Country-Code
Ohc-File-Size
Hit
X-Fmm-Version
X-Check-Cacheable
X-Clara-WADP
X-Geo
X-Dynatrace-Js-Agent
X-ES-SERVER
X-CUA
X-Var-Ttl
X-ElasticPress-Query
X-Via-PopV
VNS-Cache
X-Edge-POP
X-Via-PopH
X-Via-PopN
VNS-Age
Tracecode
EpKe-Alive
Path
X-WA
X-WA-Info
CPC-Age
X-Amz-Meta-Cb-Modifiedtime
CPC-Cache
Cache-Key
MIME-Version
ENV
X-Api-Version
Load-Balancing
X-HS-Status
T-Server
X-NGINX-Cache
X-Edge-Cache
X-From
Lfy
Srv
X-Akamai-Pragma-Client-IP
X-ServerName
X-Fragments
X-Cdn-Forward
Lang
X-Cms-Context
Pagetype
URI
X-PJAX-URL
X-Ucs
Shield-Pop
X-Wikidot-Static-Cache
X-Wikidot-Backend
MD5-Digest
X-RAMCache
X-CCDN-CacheTTL
X-Fastly-Backend-Reqs
X-GoCache-CacheStatus
X-CCDN-Origin-Time
X-UP
X-Mcache
X-Via-Ucdn
X-WP-CF-Super-Cache
X-Hcs-Proxy-Type
Target-Params
X-WP-CF-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
Servername
X-Dw-Trace-Id
X-TRACE-ID
X-VC
Uri
X-Lb-Id
Ohc-Cache-HIT
X-B3-ParentSpanId
IsBot
Cdn
WZWS-RAY
Sever-Int
Server-Hostname
X-VG-WebServer
DataCenter
Server-Ext
X-RateLimit-Reset
X-SIPLIST1
Cneonction
X-Nc
X-Cdn-Request-ID
X-Acquia-Site
X-Snapshot-Date
X-Apw-Access-Object
X-Swift-Error
X-Apw-Hits
X-Apw-Access-Action
X-Yottaa-OS
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Cteonnt-Length
X-Acquia-Purge-Tags
Cf-Ipcountry
X-Apw-Access-Token
X-Newrelic-App-Data
X-Contensis-Viewer-Groups
X-Cache-ASPX
W
X-Cache-Expires
CF-Cached-On
PICS-Label
Vha6-Origin
X-Cache-Ngx
X-Air-Pt
Sid
X-Proxy-Cache-Info
X-Httpd
X-Http-Duration-Ms
X-Http-Count
X-Te-Duration-Ms
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Miniprofiler-Ids
X-Last-Modified
FSS-Cache
Server-Ttl
Permissions-Policy
X-Te-Count
Ngx
X-Provided-By
X-Platform-Router
X-Platform-Processor
CountryCode
X-CacheKey
Req-ID
X-UA
X-Platform-Cluster
X-B3-Parentspanid
X-Lb-Nocache
X-Akamai-Request-ID
X-Varnish-Authentication
X-Logging-Id
X-Sentry-ID
HitType
Dnion-Transfer-Encoding