Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Request-ID
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-LiteSpeed-Cache
X-Server
X-Dns-Prefetch-Control
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
X-Backend-Server
X-Node
Cf-Railgun
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
X-Language
Xkey
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Template
X-Application-Context
Content-Location
Rating
X-Ua-Compatible
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
X-Cache-Lookup
X-Buckets
X-Ac
X-Url
X-Content-Type
Allow
X-Trace
X-Vname
X-TtlSet
X-PC
Accept-CH-Lifetime
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-Varnish-TTL
Cache-Tag
X-ESI
X-FastCGI-Cache
Fastly-Restarts
X-Rack-Cache
X-Server-Name
Service-Worker-Allowed
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
Accept-Ch
X-Amz-Rid
MS-Author-Via
Public-Key-Pins
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Cached
X-D2id
X-Client-IP
X-Abt-Application-Version
X-Origin-Cache
Arr-Disable-Session-Affinity
X-Country-Code
X-Cnection
X-Px
X-Powered-By-Plesk
X-Goog-Hash
Access-Control-Request-Method
X-Aws-Lambda-Call-Status
X-NF-Request-ID
X-Navigation-Version
X-Cache-TTL
X-Instrumentation
X-Kraken-Loop-Name
X-Version
X-Server-Lifecycle-Phase
RTSS
X-Amz-Server-Side-Encryption
X-Powered-CMS
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Pagespeed
X-Sol
X-Middleton-Display
Display
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Response
X-Middleton-Response
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-MSEdge-Ref
X-LLID
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
AR-SID
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Shield-Request-Id
S
X-CST
Content-MD5
X-HP-Trace-Id
X-T
X-Jurisdiction
X-HP-Webp
X-RateLimit-Remaining
X-Protected-By
X-TTL
X-Forwarded-For
X-Content-Security-Policy-Report-Only
TCN
X-Aspnetmvc-Version
X-Id
X-Mg-S
X-Mid
Fastcgi-Cache
X-MCACHE
Realpath
Edge-Cache-Tag
SPIisLatency
SPRequestDuration
Front-End-Https
X-Parallel-Accel
X-Recruiting
X-Ttl
X-Request-Received
X-Request-Processing-Time
Filters
X-Correlation-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Pinterest-Version
Pinterest-Generated-By
Server-Node
Fusion-Component-Id
X-Pinterest-Rid
X-DynaTrace
X-Ua-Browser
X-Ab
X-Content
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
Server-Name
X-ECACHE
Alternate-Protocol
X-NWS-LOG-UUID
X-HS-Hub-Id
X-Frontend
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Accel-Expires
X-Hits
X-Yandex-Sdch-Disable
X-Tt-Trace-Host
X-Content-Options
X-Tt-Trace-Tag
X-Cache-Key
MicrosoftSharePointTeamServices
Cache-Tags
X-Ruxit-Js-Agent
X-Page-Id
X-Git-Hash
Host
Charset
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cleartype
X-Www-Served-By
X-B3-Sampled
X-Geo-Country
X-Ser
TP-Cache
X-Content-Digest
TP-L2-Cache
X-Amz-Replication-Status
Filterid
X-Forwarded-Proto
X-VCache
X-Amzn-Trace-Id
X-Varnish-Age
X-Daa-Tunnel
X-AppVersion
X-Activity-Id
X-Az
X-Hostname
X-DIS-Request-ID
X-Debug-Info
X-Rid
X-Fastly-Request-Id
X-Upgrade-Enabled
X-Origin-Server
X-Grace
Access-Control-Allow-Method
X-XRDS-LOCATION
X-Microsite
X-Origin-Upstream-Status
X-N
X-Request-Handler-Origin-Region
X-LB-Cache
X-FB-Debug
X-Nginx-Upstream-Cache-Status
ServerID
X-Mobile-URL
X-Providence-Cookie
X-Flags
X-Request-Guid
X-Is-Crawler
X-Route-Name
X-Aspnet-Duration-Ms
X-F-Cache
X-Whom
X-Server-ID
X-TT
X-Goog-Generation
Cross-Origin-Opener-Policy
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-NGENIX-Cache
X-App-Environment
X-App-Server
X-Tb
X-Varnish-Grace
Payment
X-Distributor
Viewport
X-WebKit-CSP-Report-Only
X-FW-Static
X-FW-Dynamic
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Serve
Paypal-Debug-Id
DC
Node
X-PressLabs-Stats
X-Cache-Control
X-Logged-In
X-Oneagent-Js-Injection
X-Seen-By
X-Type
Fastcgi-Useragent
X-User-Agent
X-Cache-Age
X-Fastcgi-Cache
Country
Accept-Charset
X-Webkit-CSP
X-Fastly-Request-ID
X-Cache-Rule
X-Varnish-Backend
X-Erf-Bev-Bev
Version
X-Browser-Type
X-Wix-Request-Id
X-Erf-Bev-Bev-Is-Generated
X-Load-Cache
X-Node-Name
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-DataDome
X-TEC-API-ROOT
X-Cache-Action
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-IPLB-Instance
Refresh
X-Via-JSL
Referer-Policy
X-Original-Request-Id
X-Drupal-Cache-Tags
Access-Control-Request-Headers
X-Response-Served-From
X-Vgn-Hpd-Reason
SD-X-WS
Cache-Status
X-Rendered-As
Amp-Access-Control-Allow-Source-Origin
X-Real-IP
X-Proxy-Cache-Status
X-Is-Bot
X-Page-View
X-Jobs
X-Cacheable-TTL
X-UUID
X-B
X-B-Cache
X-Cache-Expired-At
X-Contextid
X-Debug
X-Ratelimit-Limit
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
DynaTrace
X-Signature
NGB
X-Revision
X-RemovedCookies
X-ProcessESI
X-Cluster-Name
X-Mobile
X-Drupal-Cache-Contexts
X-Yottaa-Metrics
X-Yottaa-Optimizations
Liferay-Portal
X-Rule
X-Proxy
X-Device-Type
X-Debug-IsPreview
X-Cache-Time
Akamai-GRN
X-Framework
X-Debug-IsConnected
Surrogate-Key
X-Instance
X-G
CF-IPCountry
X-FW-Version
X-Azure-Ref
Healthy
X-Air-Source
SID
X-Air-Trace-Id
X-Air-Hostname
X-Source
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Ms-Version
X-Ms-Request-Id
Frame-Options
X-RTag
MS-CV
Ms-Operation-Id
X-Cache-Hit
X-Nginx-Cache
X-CDN-Forward
Section-Io-Cache
X-Tumblr-Pixel-1
X-Tumblr-User
Countrycode
X-Environment-Context
X-Tumblr-Pixel
X-L-Path
X-Tumblr-Pixel-0
X-XRDS-Location
Xserver
X-Varnish-Server
X-RateLimit-Limit
Count-Hit
X-Cache-Operation
GEO-INFO
X-Region
X-APP-VERSION
Uber-Trace-Id
X-EdgeConnect-Cache-Status
X-Servername
X-Content-Powered-By
X-Forwarded-Host
X-Litespeed-Cache
X-Backend-Name
X-Mode
X-Accel-Buffering
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Backend
Ec-Rule-Version
X-Adobe-Content
X-Adobe-Loc
X-Zen-Fury
X-UPSTREAM-Address
X-ShardId
X-Shopify-Stage
X-SaId
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-RN-RSRV
X-Alternate-Cache-Key
X-JoinUs
Meta-Geo
X-Detected-As
X-Sql-Duration-Ms
X-Sql-Count
X-Varnish-Beresp-Grace
X-Microcachable
Eomportal-Instance
X-Cache-Grace
X-Uri
Country-Code
X-Generation-Time
X-Debug-Cache
X-Human
X-Hosted-By
X-Cache-Server
X-Redis-Cache
X-Cache-TTL-Remaining
X-Cache-Type
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Mn-Server-Ip
X-ProxyCache-Status
X-ProxyCache-Key
X-ServerID
X-PHP-Backend
Apigw-Requestid
Cache-Tv-Group
Cache-Name
X-Origin-Date
X-UA-Device-Type
X-Storage
X-NCache
X-No-Session
X-BYPASS-REASON
X-Site-Version
X-Status
X-Cache-Host
X-FB-TRIP-ID
X-Via-Fastly
Url
X-Tid
X-Timing-Wait
TWC-Connection-Speed
X-R9-Blue-Green-Version
TWC-Device-Class
DB-Nickname
X-PCL
X-Origin-Hint
X-Format
X-OCL
X-Proxy-Build
Webcakes-Region
X-Web-Node
TWC-GeoIP-Country
Property-Id
X-Time
X-SayCDN-TTL
Protected
Selected-Fe
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
X-Say-TTL
X-Say-Cacheable
TWC-GeoIP-LatLong
Fastly-SSL
Webcakes-App-Version
X-Akamai-Edgescape
X-Azure-Ref-OriginShield
Azure-SlotName
Azure-Version
X-Rewrite-Enabled
Azure-SiteName
OT-Force-Account-Verify
X-NYM-Debug-Backend
X-Access
X-Cache-NGX
X-Routing-Service
X-Varnishpool
X-Hl-Ver
X-Section
X-Zipkin-Id
X-Extlb
X-Server-W
X-Pubstack
Azure-RegionName
X-Proxied
X-ApacheServer
X-PERF
Azure-InstanceId
Source
X-LSADC-Cache
X-Be
X-Soup
X-Cluster-Node
Content-Secure-Policy
X-Webkit-Csp
X-App-Version
X-SRV
X-Content-Age
X-HTML-Minification-Powered-By
X-Ratelimit-Reset
X-Cache-Var-Map
CDN-PullZone
X-Cached-By
CDN-EdgeStorageId
X-Ua
CDN-CachedAt
X-Cache-Var
CDN-RequestCountryCode
X-NewRelic-App-Data
Content-Disposition
CDN-Cache
CDN-Uid
CDN-RequestId
X-TT-LOGID
X-Amz-Meta-S3cmd-Attrs
X-Generated-By
X-LAGOON
SRV
Cache
X-Hyper-Cache
X-Bc-Bl
X-Unique-Id
X-TNCMS
X-Varnish-Hits
X-Varnish-Hostname
Webserver
X-Loop
X-Presslabs-Stats
X-S-Maxage
X-Dc
Onion-Location
X-Auto-Login
X-Nginx-Cache-Key
Retry-After
X-Tumblr-Pixel-3
Cache-Hits
X-Tumblr-Pixel-2
X-GEO
Web-Mar-Node
X-Origin-TTL
X-Origin-CC
Xet-Cookie
X-Proto
X-Cdn
LB
X-M-Reqid
X-Time-Microsecs
X-Qnm-Cache
X-Akamai-Transformed
X-M-Log
X-Tenant
X-Endurance-Cache-Level
X-Edge-Location
Mime-Version
X-Platform-Server
X-CSRF-Token
HostName
X-Trace-Id
X-VWS-Id
X-GG-Cache-Date
X-AWS-Id
X-CACHE-KEY
X-LJ-Flow-ID
CloudFront-Viewer-Country
X-Mg-Request-UUID
X-ECache
X-B3-SpanId
N-Cache
X-Xrds-Location
X-Labrador-Cache-Channel
X-PHP-Host
X-Xfnlog-Site
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Tags
WPO-Cache-Message
WPO-Cache-Status
X-Storefront-Renderer-Rendered
X-RCS-CacheZone
X-Varnish-Cache-Hits
X-Cache-Remote
Upgrade-Insecure-Requests
X-Request-Time
Nel
X-Locale
X-Handled-By
X-Origin-Response-Time
ServedBy
X-AOL-HN
X-Adobe-Source
X-B-Cookie
X-Application
X-ARC
X-Block-Status
X-Cache-Date
X-Aed
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
Mobile-Detection-Method
DSUID
Expiry
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
DCR-Decision-By
A
BehaviorPad-Version
Meta-Geo-Continent
Odigeo-Trace-Id
State
Surrogated-Key
User-Cache-Control
Rendered-Blocks
Redirect-Candidate
Origin
Pramga
X-A
X-Forwarded-Path
X-ScT
X-SD-PageType
X-Vtex-Remote-Cache
X-Session-Fingerprint
X-S-Cookie
X-S
X-Planisys-CDN-TTL
X-Processor
X-Request-Host
X-Rojux
X-Vtex-Processado-Em
X-Shop-Environment
X-V-Cache
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-TIM-N
X-SVT-ORM-VERSION
X-Slack-Backend
X-SRCache-Key
X-SVT-ORM-RULES
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-D
X-Destination
X-Developer
X-External-Request-Id
X-Conf
X-Cluster
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Fastly-Cache
X-Ftr-Request-Id
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
Xc-Version
X-ND-Cache
X-NAPM-TraceId
X-Gen-Mode
X-Hnp-Log
X-Ig-Push-State
X-Cache-NE
X-Connection-Hash
X-VC-Cache
X-Via-NSCOPI
Environment
X-ATG-Version
Datacenter
X-TIME
X-MP-GENERATED-AT
AMP-Access-Control-Allow-Source-Origin
Server-Info
X-Reqid
X-Cache-Info
X-Sucuri-ID
X-Li-Fabric
X-BBC-Edge-Cache-Status
Gh-Request-Id
X-Cache-Bucket
L
Host-ID
X-Origin-Time
X-Owner
X-Li-Pop
Fastcgi-Cache-TTL
X-Origin-Expires
X-Cache-Debug
X-VG-TLSProxy
X-Old-Content-Length
Wxu-Next-Hostname
Wxu-Next-Region
Req-Svc-Chain
X-Men
Wxu-Next-Commit
Vix-Hermes-Req-Id
Traceparent
X-Mvc-Supplant-Cachable
V-Age
Release
X-Ratelimit-Remaining
X-Skip-Cache
X-VServer
X-TH-Server
Origin-CC
Origin-EX
X-Location
X-Accel-Expires-Debug
X-Nyt-Route
X-LI-UUID
X-Sucuri-Cache
X-Proxy-Upstream
AKAMAI
CacheControlHeader
CDCHOST
X-Core-Value
X-Device-Os
X-Forwarded-Site
Arc-Country
X-Date
X-Geo-Header
X-Rocket-Nginx-Serving-Static
X-Served-From
X-Gdpr
Cmsid
Cmstype
X-Hash
X-Scheme
X-Epic-Correlation-Id
X-Varnish-Beresp-Status
X-Varnish-Ttl
X-Server-IP
X-Core-Mission
X-Policy
X-Fetched-On
From-Origin
X-Gamma-Serve
X-Magnolia-Registration
X-Thinkindot-L3
True-Client-Country-4JS
X-Gzip
Thinkindot-Control
X-GeoIP-City
X-GeoIP
Web-Mar-Region
We-Hiring
X-Aicache-OS
X-Generated-On
X-Developers
X-Cache-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Cache-Config
Thinkindot-CacheControl-Type
X-VarnishDD-TTL
X-HS-Content-Campaign-Id
X-Cdn-Origin
X-TrackingId
X-Datadog-Trace-Id
X-Branch-Name
X-HN
X-Envoy-Decorator-Operation
X-Esi-Check
X-Viewer-Country
X-Irp-Debug
X-Level-Front-Cache
X-Bip
X-EC-Lua
X-Fastly-Backend
Thinkindot-CacheControl
Apple-News-Services-Request-Url
Candidate-Md5Url
NGX
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-NodeID
Fastly-GeoIP-CountryCode
Apple-News-Services-Handled
X-Sigma
X-Sigma-Backend
Fastly-SWR
Fastly-SIE
X-Sn-Servicetimems
Locid
Machine
X-Platform
Mail-Subject
X-Rebelmouse-Cache-Control
PFcat
X-Rocket-Build-Number
X-Webstats-RespID
X-Region-Sid
X-Request-Start
X-Req
X-Rebelmouse-Surrogate-Control
Server-Host
TDXMobile
X-Thanos
Svr
X-FireWall-Port
X-CS
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Request-URI
X-CGP
X-Is-Gdpr
X-Varnish-CookieINHashed-On
X-Tx-Id
X-Variation
X-UnsetCookies
X-DPWN-IS-SECURE
Adler-Geo
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-DefHash
X-DefElseHash
X-Eu-Site
Cf-Device-Type
X-Csrf-Jwt
X-Qloud-Router
X-FC-Vary-Parameters
X-Pod-Name
X-JWT-State
X-Has-Esi
X-Loc
X-Amzn-Remapped-Content-Length
NM-Fastcgi-Cache
X-NU-AKA-ACS-Version
Platform
X-Node-Id
X-Cdn-Srv
Sslversion
X-Zone
X-Backend-State
X-Worker
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
X-Origin
Memcached
X-Trace-ID
X-Correlation-ID
Fastly-Drupal-Html
X-Varnish-Beresp-Ttl
X-Response-By
Ssr
WWW-Authenticate
X-Mvc-Supplant-OutputCached
X-CLOUD-TRACE-CONTEXT
X-Up
On-Server
Pics-Label
CDN
WP-Super-Cache
X-LB-ID
Esi-Enabled
X-API-Version
X-NC
X-Generated-In
X-Vc
Ms-Author-Via
X-Datadome
Memory
Time
X-LB-NoCache
X-Service
C-Via
NtCoent-Length
X-Backend-TTL
X-Refresh
X-Cache-Enabled
X-DynaTrace-JS-Agent
X-TA-CDN-Provider
X-DC
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-GeoIP-Region-Code
X-Cache-PHP
X-GeoIP-Country-Code
X-Edge-Pop
X-NWS-UUID-VERIFY
X-Cache-Ttl
X-Dynatrace
X-Tb-Optimization-Total-Bytes-Saved
Magicmarker
Env
X-Tt-Logid
X-Optimistic-Header
GeoIp-Country-Code
X-Render-Time
X-TraceId
X-Cache-Status-Check
X-Parent-Response-Time
X-CacheTTL
X-Esi
X-Servedbyhost
Kp-EeAlive
X-Restarts
X-Info
X-Varnish-Beresp-TTL
X-Unique-ID
S-Rt
X-ZONE
Server-ID
X-RPM
X-RPS
X-MSEdge-Flight
X-DW
X-DSS
X-DI
X-RSL
X-DB
X-Action
X-Cache-Backend
X-Wix-Viewer-Type
Edge-Cache
X-AIR-PT
X-MSEdge-Features
X-Srv
X-TX-ID
X-Clientip
X-VCL-Version
X-Cs
Proxy-Connection
WebServer
X-Webkit-CSP-Report-Only
X-Minions-Version
Cache-Host
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-App
X-HA-Backend
UCS
X-Traceid
X-Oss-Storage-Class
X-Oss-Object-Type
X-Newrelic-Synthetics
X-LI-Proto
X-Fpc
HIT
X-URL
X-Li-Proto
X-Webkit-Csp-Report-Only
Test
S-Cnection
X-Http-Reason
X-Akamai-Request-ID2
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
Lb
X-FPC
X-LiteSpeed-Cache-Control
X-NODE
X-Vcl-Version
X-Micro-Cache
Server-Id
Tcn
User-Agent
Geo-Info
Fastly-Backend-Name
Accept-Language
X-B3-Spanid
X-Pass-Why
X-Ec-GeoHdr
X-Ec-Fail
X-Backend-Host
X-User
X-Pad
X-BCube-Filmed-By
X-APP
X-Urbn-Context-Path
Fastly-Drupal-HTML
Resin-Trace
Cf-Int-Pingora-Origin-Digest
X-Urbn-Site-Id
Locale
X-LiteSpeed-Tag
X-HostName
X-Check-Cacheable
X-Release
X-CSRF-TOKEN
X-ES-SERVER
GeoIP-Country-Code
X-BBC-Origin-Response-Status
X-ID
Hostname
Hit
Path
VNS-Cache
X-Clara-WADP
X-AK-Request-ID
Ohc-File-Size
CPC-Cache
EpKe-Alive
CPC-Age
X-WADP-Cache
Cache-Key
X-Fmm-Version
VNS-Age
Srv
Cdncip
X-Ha-Backend
Cdnsip
X-ServedByHost
X-WA-Info
X-Amz-Meta-Cb-Modifiedtime
M-TraceId
X-WA
X-Dynatrace-Js-Agent
X-Geo
X-Via-PopN
Cluster
X-ElasticPress-Query
MIME-Version
My-App
X-RateLimit-Reset
X-Cdn-Forward
X-Via-PopH
ENV
X-Via-PopV
X-Edge-POP
X-CUA
Load-Balancing
Tracecode
X-Api-Version
X-Edge-Cache
Geoip-Latitude
X-NGINX-Cache
Lfy
Pagetype
Shield-Pop
X-Var-Ttl
X-From
X-HS-Status
X-PJAX-URL
X-Wikidot-Static-Cache
X-Cms-Context
X-Wikidot-Backend
X-Akamai-Pragma-Client-IP
URI
X-CCDN-CacheTTL
X-Via-Ucdn
X-Hcs-Proxy-Type
X-Ucs
X-Fastly-Cache-Hits
X-ServerName
MD5-Digest
T-Server
X-CCDN-Origin-Time
X-UP
X-SIPLIST1
X-RAMCache
X-Fragments
X-Mcache
X-VG-WebServer
X-GoCache-CacheStatus
X-Fastly-Backend-Reqs
Server-Hostname
Sever-Int
IsBot
Server-Ext
X-Nc
Lang
Servername
X-TRACE-ID
X-Dw-Trace-Id
Cdn
X-B3-ParentSpanId
X-WP-CF-Super-Cache-Cache-Control
X-VC
X-Lb-Id
Ohc-Cache-HIT
Target-Params
X-WP-CF-Super-Cache
WZWS-RAY
Cneonction
X-Cache-Expires
X-Cdn-Request-ID
W
X-UA
X-Acquia-Purge-Tags
X-Swift-Error
X-Acquia-Site
Uri
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Snapshot-Date
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Hits
PICS-Label
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Akamai-Request-ID
X-Newrelic-App-Data
X-Provided-By
Cf-Ipcountry
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
Cteonnt-Length
X-Apw-Access-Object
X-Yottaa-OS
Dnion-Transfer-Encoding
HitType
Vha6-Origin
CF-Cached-On
X-Cache-Ngx
Sid
X-Air-Pt
Req-ID
X-Sentry-ID
X-Varnish-Authentication
CountryCode
Server-Ttl
X-Akamai-ERPolicy
GeoIP-Latitude
X-Last-Modified
X-Akamai-ERRuleID
X-Te-Duration-Ms
X-Te-Count
X-Via-CDN
X-Logging-Id
X-B3-Parentspanid
X-Miniprofiler-Ids
X-Cc-Via
Ngx
X-Http-Duration-Ms
X-Http-Count
X-CacheKey
X-Lb-Nocache