Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
P3p
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Akamai-Path-Stats
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-UA-Device
X-Amz-Id-2
X-Proxy-Cache
Host-Header
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
X-CST
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Url
X-Ruxit-JS-Agent
X-Country
Accept-Ch
Fastly-Restarts
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-TtlSet
X-PC
X-Vname
RTSS
X-Amz-Server-Side-Encryption
Edge-Control
X-VARITI-CCR
X-FastCGI-Cache
X-Server-Name
X-ESI
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Edge
X-Dw-Request-Base-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Amz-Rid
Public-Key-Pins
X-ASPNET-VERSION
X-D2id
X-Cnection
X-Ser
X-Px
X-Navigation-Version
X-Ac
X-Powered-By-Plesk
X-Middleton-Display
Verso
Pagespeed
Display
X-Sol
X-Abt-Application-Version
X-Client-IP
X-Element-Page-Cache
X-Content-Security-Policy-Report-Only
X-Version
Arr-Disable-Session-Affinity
X-RateLimit-Remaining
X-Cache-TTL
X-GitHub-Request-Id
X-Ttl
X-Litespeed-Cache
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
Response
X-Middleton-Response
X-Goog-Hash
SPRequestDuration
Access-Control-Request-Method
SPIisLatency
X-Cached
X-Kinsta-Cache
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Correlation-Id
X-Upstream
X-LLID
Edge-Cache-Tag
X-Forwarded-For
X-TTL
X-NWS-LOG-UUID
Content-MD5
Nginx-Cache
X-Id
X-WebKit-CSP-Report-Only
X-Cache-Key
X-RateLimit-Limit
X-Shield-Request-Id
X-MSEdge-Ref
TCN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Recruiting
MRF-Tech
X-T
Mrf-Cache-Status
S
X-ECACHE
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Ruxit-Js-Agent
X-Content-Digest
X-Mg-S
X-DataDome
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ua-Device
X-Grace
TP-L2-Cache
TP-Cache
X-Accel-Expires
X-DynaTrace
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Request-Received
MicrosoftSharePointTeamServices
X-Request-Processing-Time
Server-Node
Front-End-Https
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
Filters
X-Content
X-Ua-Browser
X-Ab
X-Protected-By
X-PressLabs-Stats
X-Mcache
X-Origin-Server
X-Distributor
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Hits
MS-Author-Via
Fastcgi-Cache
X-Geo-Country
X-LB-Cache
X-Microsite
X-Mid
X-Request-Handler-Origin-Region
X-Amzn-Trace-Id
X-Tt-Trace-Tag
Charset
X-Tt-Trace-Host
Host
Cleartype
X-Debug-Info
X-Webkit-Csp
X-F-Cache
X-Git-Hash
X-B3-Sampled
X-Fastly-Request-Id
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Page-Id
X-Cache-Age
Cache-Status
X-Seen-By
Realpath
X-AppVersion
X-Az
X-DIS-Request-ID
X-Activity-Id
Access-Control-Allow-Method
X-Ratelimit-Reset
X-Www-Served-By
Accept-Charset
X-Webkit-CSP
ServerID
X-Nginx-Upstream-Cache-Status
Filterid
X-Server-ID
Permissions-Policy
X-Varnish-Age
Cache-Tags
X-Pinterest-Rid
Pinterest-Generated-By
X-Aspnetmvc-Version
Pinterest-Version
X-Cluster-Name
X-Rid
X-Content-Options
X-FB-Debug
X-Type
Retry-After
Server-Name
X-Varnish-Backend
Country
X-User-Agent
Viewport
X-App-Environment
X-Varnish-Grace
X-Flags
X-Request-Guid
X-Tb
X-Route-Name
X-Signature
DC
X-Aspnet-Duration-Ms
X-Drupal-Cache-Tags
X-B-Cache
Paypal-Debug-Id
X-Providence-Cookie
X-Wix-Request-Id
X-Is-Crawler
X-TT
X-B
X-Amz-Meta-S3cmd-Attrs
X-Whom
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
Node
X-Language
X-VCache
X-Goog-Stored-Content-Length
X-Kong-Proxy-Latency
X-Upgrade-Enabled
X-Kong-Upstream-Latency
Fastcgi-Useragent
X-Debug
X-XRDS-LOCATION
X-Origin-Cache
X-Mobile-URL
X-NWS-UUID-VERIFY
Protected
X-Midtier
X-Amz-Replication-Status
X-N
Payment
X-Logged-In
X-Cache-NGX
X-Load-Cache
Surrogate-Key
X-Oracle-Dms-Ecid
WPO-Cache-Status
WPO-Cache-Message
X-Cache-Control
X-Oracle-Dms-Rid
Count-Hit
Amp-Access-Control-Allow-Source-Origin
X-Contextid
X-Via-JSL
X-MCACHE
Alternate-Protocol
Healthy
X-Node-Name
X-Restarts
X-ECache
X-NGENIX-Cache
X-Mobile
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
Content-Disposition
X-Proxy
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
Refresh
Akamai-GRN
X-Cache-Time
X-Zen-Fury
X-XRDS-Location
X-Jobs
X-G
Url
X-Page-View
X-Cache-TTL-Remaining
X-Akamai-Request-ID2
X-Real-IP
X-Revision
X-Adobe-Content
X-Servername
X-Adobe-Loc
Uber-Trace-Id
X-UUID
X-Mg-Request-UUID
X-Rendered-As
X-Instance
X-Proxy-Cache-Status
X-Is-Bot
NGB
X-Http-Reason
X-Debug-IsConnected
X-Debug-IsPreview
X-Cacheable-TTL
X-Cache-Grace
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Contexts
X-Device-Type
X-Framework
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-Template
X-Yottaa-Metrics
X-Varnish-Server
X-Ratelimit-Remaining
X-Hostname
X-Environment-Context
X-IPLB-Instance
X-L-Path
X-HTML-Minification-Powered-By
X-Source
Version
X-EdgeConnect-Cache-Status
Frame-Options
Countrycode
X-RTag
Ms-Operation-Id
MS-CV
Accept-Language
X-B3-Traceid
Referer-Policy
Liferay-Portal
X-Trace-Id
X-Oneagent-Js-Injection
X-NYM-Debug-Backend
X-Fastly-Request-ID
X-Datadome
X-Cache-Hit
X-App-Server
X-Cache-Rule
X-Cache-Expired-At
From-Origin
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Vgn-Hpd-Reason
Backend
X-IPS-LoggedIn
X-Nginx-Cache
X-Hosted-By
X-APP-VERSION
X-Unique-Id
Content-Secure-Policy
X-FW-Version
X-COUNTRY
WP-Super-Cache
CF-IPCountry
X-RemovedCookies
X-Ratelimit-Limit
Upgrade-Insecure-Requests
Load-Balancing
X-ProcessESI
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
Section-Io-Cache
X-Cache-Server
X-Status
X-PCL
X-FB-TRIP-ID
X-No-Session
X-Ua
X-Generation-Time
X-OCL
TWC-GeoIP-LatLong
X-Be
X-Region
TWC-Connection-Speed
X-Request-Time
X-Cluster-Node
TWC-GeoIP-Country
X-Cache-Enabled
TWC-Privacy
TWC-Device-Class
TWC-Locale-Group
X-Akamai-Edgescape
X-Content-Age
X-Origin-Date
X-Redis-Cache
Fastly-SSL
X-Section
X-Origin-Hint
X-Mode
Property-Id
Mn-Server-Ip
S-Rt
Webcakes-App-Version
X-Server-W
X-VWS-Id
X-Via-Fastly
Webcakes-Region
X-PHP-Backend
X-PHP-Host
X-Varnish-Cache-Hits
X-Sql-Duration-Ms
X-AOL-HN
X-UA-Device-Type
X-Labrador-Cache-Channel
X-Format
Apigw-Requestid
X-LJ-Flow-ID
X-Access
X-Sql-Count
X-AWS-Id
Webcakes-App-Name
Locale
X-PERF
X-ApacheServer
Azure-Version
X-Shopify-Stage
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-BYPASS-REASON
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Eomportal-Instance
X-ProxyCache-Key
X-Sorting-Hat-ShopId
X-Platform-Server
Azure-RegionName
X-Content-Powered-By
X-Site-Version
X-Urbn-Site-Id
X-Storage
X-Urbn-Context-Path
X-Locale
X-Uri
X-Alternate-Cache-Key
X-Human
X-Xfnlog-Site
X-Generated-By
X-Forwarded-Host
X-SayCDN-TTL
X-Adobe-Source
X-VC-Cache
X-Cache-Tags
X-Cache-Host
X-ProxyCache-Status
X-Cms-Context
X-Say-Cacheable
X-Debug-Cache
X-Say-TTL
X-Nginx-Cache-Key
X-Web-Node
X-Tid
X-Varnishpool
X-Dc
X-Hl-Ver
X-Zipkin-Id
X-Detected-As
X-SaId
X-Backend-Name
X-Routing-Service
X-Cache-Type
X-Extlb
X-ServerID
X-GeoCountry
X-GG-Cache-Date
X-GeoCode
X-JoinUs
X-Proxied
X-Handled-By
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Proxy-Build
X-Proto
X-Timing-Wait
Selected-Fe
Cache-Tv-Group
CDN-EdgeStorageId
CDN-Uid
X-NewRelic-App-Data
Ec-Rule-Version
CDN-RequestCountryCode
CDN-RequestId
CDN-Cache
ServedBy
CDN-PullZone
CDN-CachedAt
Fastly-Drupal-Html
Web-Mar-Node
X-Cache-Action
Onion-Location
X-LSADC-Cache
Webserver
X-GEO
X-App-Version
X-CDN-Forward
X-Magnolia-Registration
X-Cached-By
X-Varnish-Hostname
X-IPLB-Request-ID
SRV
Cache-Hits
SID
X-Hyper-Cache
X-Parallel-Accel
X-Cluster
X-Cache-Remote
X-Cache-Operation
Mime-Version
X-Envoy-Decorator-Operation
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Tt-Logid
X-Fastcgi-Cache
X-Rewrite-Enabled
X-Rule
X-Soup
X-Varnish-Hits
X-Cdn
X-Varnish-Ttl
X-Origin-TTL
X-SRV
X-Origin-CC
Xserver
Xet-Cookie
X-Accel-Buffering
X-Pubstack
X-Reqid
DB-Nickname
X-Microcachable
Cache
Server-Info
LB
X-Tumblr-Pixel-2
X-CSRF-Token
X-TA-CDN-Provider
Source
X-Tumblr-Pixel-3
Country-Code
X-MP-GENERATED-AT
X-TT-LOGID
X-Xrds-Location
X-Buckets
Decoy-Debug-TTL
Decoy-Debug-Key
X-Via-NSCOPI
Decoy-Debug-Status
X-Request-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Endurance-Cache-Level
X-Origin-Response-Time
X-Skip-Cache
X-Time
X-Ec-GeoHdr
X-S
DCR-Processing-Time-Ms
DCR-Decision-By
X-CF-Lambda-Version
Fastcgi-X-Cache-Version
X-CF-Lambda-Fn
X-Cdn-Srv
X-Cache-NE
X-Vtex-Processado-Em
Expiry
X-External-Request-Id
X-Epic-Correlation-Id
X-Vdms-Version
DynaTrace
X-Ec-Fail
X-VG-WebCache
X-Vdms-Path
X-Conf
X-Destination
X-D
X-SRCache-Key
BehaviorPad-Version
Cache-Key
X-Shop-Environment
X-Session-Fingerprint
X-ScT
X-SD-PageType
A
X-Processor
X-Developer
Candidate-Md5Url
X-TrackingId
X-User
X-S-Cookie
Cmsid
X-Cache-Status-Check
Cdnsip
X-Tenant
X-Connection-Hash
X-TIM-N
Cdncip
Cmstype
Datacenter
Pramga
X-Ig-Push-State
X-Aed
Rendered-Blocks
X-Application
X-ARC
X-B-Cookie
NM-Fastcgi-Cache
Odigeo-Trace-Id
X-Hash
X-A-Wwc
X-A-Dgt
T-Server
X-NAPM-TraceId
X-A-Ccd
X-A
X-A-Dam
Surrogated-Key
Sslversion
X-A-Dcw
X-Orig-Expires
X-PAYTM-SRV-ID
X-AK-Request-ID
X-PBS-Appsvrname
MD5-Digest
Host-ID
X-Forwarded-Path
X-Vtex-Remote-Cache
X-BCube-Filmed-By
X-Rojux
Lang
Meta-Geo-Continent
Mobile-Detection-Method
X-Geo-Header
Xc-Version
X-Tx-Id
X-Ms-Version
X-Azure-Ref
X-Ms-Request-Id
X-CACHE-KEY
X-Core-Value
X-Core-Mission
AKAMAI
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-CacheTTL
X-Scheme
Adler-Geo
Kp-EeAlive
Platform
Producers
X-Cache-Id
X-Amzn-Remapped-Content-Length
Memcached
X-Ckpd-Fst-Backend
X-Bc-Bl
Environment
X-Cache-Backend
Is-Eu
X-SB
X-Rocket-Build-Number
X-Ad-Defer-Variation
Server-Host
State
X-SVT-ORM-RULES
X-Is-Gdpr
X-JWT-State
X-Irp-Debug
XM
X-SplitTest
X-Fetched-On
X-Origin-Expires
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Esi-Check
X-Origin-Time
X-Ftr-Request-Id
X-Newrelic-Synthetics
X-Gzip
Mail-Subject
X-Has-Esi
X-GeoIP
We-Hiring
X-HS-Content-Campaign-Id
X-Wix-Viewer-Type
X-Worker
X-Gdpr
X-Loop
X-Origin
X-DefHash
X-SVT-ORM-VERSION
X-Device-Os
X-Nyt-Route
X-DefElseHash
X-B3-SpanId
X-Sigma
X-Sigma-Backend
X-NodeID
X-TNCMS
X-Developers
X-V-Cache
X-Variation
X-DPWN-IS-SECURE
X-NCache
HostName
X-AIR-PT
X-RCS-CacheZone
X-Varnish-Beresp-Grace
X-ZONE
V-Age
X-Hnp-Log
X-HN
Vix-Hermes-Req-Id
X-RateLimit-Limit-Second
Web-Mar-Region
X-Auto-Login
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-LAGOON
X-Minions-Version
X-Rebelmouse-Surrogate-Control
X-Mvc-Supplant-Cachable
X-Aicache-OS
X-Level-Front-Cache
X-Loc
X-Branch-Name
X-Policy
X-Clara-WADP
X-Dispatcher-Number
X-Ec-Custom-Error
X-CGP
X-Pod-Name
X-Eu-Site
X-Pool
User-Cache-Control
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Proxy-Cache-Info
X-Csrf-Jwt
X-Proxy-Upstream
X-Fastly-Cache
X-Platform
X-Gamma-Serve
X-Planisys-CDN-Cache
X-Forwarded-Site
X-Block-Status
X-Gen-Mode
X-GeoIP-City
X-Generated-On
X-Cache-Bucket
X-Cache-Date
X-Cdn-Origin
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Cache-Info
X-Qloud-Router
X-Fmm-Version
X-BBC-Edge-Cache-Status
L5d-Success-Class
Apple-News-Services-Request-Url
CDCHOST
CloudFront-Viewer-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Served-From
Apple-News-Services-Handled
Cluster
Fastcgi-Cache-TTL
Ha-Gx-Prefs
HA-Ipaddr
Gh-Request-Id
Fastly-SWR
Fastly-GeoIP-CountryCode
Fastly-SIE
X-SIPLIST1
X-Slack-Backend
CPC-Age
X-Wikidot-Static-Cache
CPC-Cache
VNS-Age
Redirect-Candidate
VNS-Cache
X-Wikidot-Backend
X-WADP-Cache
X-VarnishDD-TTL
X-Sn-Servicetimems
X-VG-TLSProxy
X-Via-Ucdn
X-VServer
X-Viewer-Country
IsBot
X-Thinkindot-L3
Server-Ext
Server-Hostname
Sever-Int
Req-Svc-Chain
Release
X-Rocket-Nginx-Serving-Static
PFcat
Svr
TDXMobile
Traceparent
X-Region-Sid
X-Request-URI
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Origin-EX
Ssr
NGX
N-Cache
X-Node-Id
L
Origin
Machine
Origin-CC
Cache-Name
X-WA-Info
X-R9-Blue-Green-Version
X-Scale
Ohc-File-Size
DSUID
X-Optimistic-Header
Fastly-Backend-Name
X-Owner
CDN
X-Correlation-ID
GEO-INFO
X-VC
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Refresh
X-Httpd
X-Server-IP
X-Micro-Cache
X-CS
Pics-Label
Path
X-EC-Lua
X-Parent-Response-Time
X-Contensis-Viewer-Groups
X-NC
X-Edge-Pop
Servername
X-Ah-Environment
X-Webstats-RespID
X-From
X-Cache-ASPX
Cache-Host
Ngx.Var.Host
Ms-Author-Via
Lb
X-Srv
Env
X-LB-NoCache
X-Varnish-Authentication
X-Location
X-Mvc-Supplant-OutputCached
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Beresp-TTL
XkeyRZ
X-Proxy-CacheRZ
X-RateLimit-Reset
X-Udemy-Cache-App-Namespace
AMP-Access-Control-Allow-Source-Origin
X-Via-Popn
X-Via-Poph
X-Servedbyhost
Locid
X-Generated-In
X-Via-Popv
X-TIME
Arc-Country
X-Clientip
X-Response-By
X-TraceId
X-Men
X-Amz-Meta-Cb-Modifiedtime
X-API-Version
Ohc-Cache-HIT
GeoIp-Country-Code
Time
X-Old-Content-Length
X-S-Maxage
Memory
ITXSESSIONID
X-Akamai-Transformed
X-PX
True-Client-IP
X-RSL
X-RPS
X-RPM
X-DSS
X-DI
X-Accel-Expires-Debug
X-DW
X-Date
Client
X-DB
X-Cs
X-HA-Backend
Geoip-Latitude
X-Dmc
X-Vc
X-VHOST
X-TRACE-ID
X-Trace-ID
X-Tec-Api-Root
Server-ID
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-VCL-Version
X-MSEdge-Features
X-Render-Time
X-Tec-Api-Origin
X-Tec-Api-Version
X-MSEdge-Flight
X-DynaTrace-JS-Agent
X-URL
Hostname
FSS-Cache
X-Api-Version
X-Fpc
X-Presslabs-Stats
X-FireWall-Port
X-INCAP-ABP
X-Cache-Debug
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-Gateway-Skip-Cache
X-Service
X-TX-ID
X-Gateway-Request-Id
X-Zone
C-Via
Rip
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-DC
X-M-Reqid
X-B3-Spanid
NtCoent-Length
Click-Count-Action-Start
Powered-By
CacheControlHeader
X-Webkit-Csp-Report-Only
X-Qnm-Cache
Click-Count-Error
X-M-Log
HIT
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
Tube-Got-Results
True-Client-Country-4JS
Esi-Enabled
On-Server
X-Action
X-TH-Server
X-Alfa-Service
X-Backend-TTL
Test
X-FPC
X-Traceid
X-HS-Status
Tcn
X-NGINX-Cache
Server-Id
X-CSRF-TOKEN
X-Check-Cacheable
Edge-Cache
X-Vcl-Version
X-Cdn-Request-ID
OT-Force-Account-Verify
Cdn
X-Pass-Why
X-Edge-Origin-Shield-Region
X-Beluga-Record
X-Beluga-Status
X-Beluga-Trace
X-Proxy-Cache-Hk
X-Beluga-Response-Time
X-Beluga-Node
Srv
X-Beluga-Cache-Status
Geo-Info
User-Agent
X-Edge-Origin-Shield-Bytes
X-Req
X-Akamai-Pragma-Client-IP
X-Origin-Upstream-Status
GeoIP-Latitude
Proxy-Connection
My-App
GeoIP-Country-Code
Uri
X-Via-PopN
Cf-Int-Pingora-Origin-Digest
X-Via-PopV
Resin-Trace
X-Ha-Backend
X-APP
Srvid
X-Via-PopH
WebServer
X-CLOUD-TRACE-CONTEXT
X-Cdn-Forward
MIME-Version
X-ServedByHost
M-TraceId
Sid
X-Up
X-Webkit-CSP-Report-Only
X-Fastly-Backend-Reqs
X-LB-ID
X-CCDN-CacheTTL
X-Varnish-Beresp-Ttl
X-CCDN-Origin-Time
Server-Ttl
DT-Hot-News
X-Hcs-Proxy-Type
X-Provided-By
Epwk-X-Cache
X-App
X-Li-Pop
X-Newrelic-App-Data
ENV
X-Bip
X-Thanos
X-Backend-Host
X-Lb-Nocache
X-Li-Fabric
X-LI-Proto
X-LI-UUID
Warning
X-Esi
ServerName
PICS-Label
X-Request-Start
True-Client-Ip
X-Fetch-By
X-Vercel-Cache
X-Vercel-Id
X-Nc
X-Geo
X-Edge-POP
X-B3-Traceid-Primal
XServer
X-UnsetCookies
X-RAMCache
X-HostName
Dt-Hot-News
X-HITS
Section-Io-Origin-Time-Seconds
X-Request-Url
X-ElasticPress-Query
Section-Io-Origin-Status
Section-Origin-Responded
X-Serial
Section-Io-Id
X-CF-Powered-By
X-ND-Cache
CF-Cached-On
X-Yottaa-OS
WZWS-RAY
X-Dw-Trace-Id
X-Time-Microsecs
X-Akamai-Request-ID
DataCenter
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
X-Vcache
X-Iplb-Request-Id
X-Iplb-Instance
Inserted-Into-Cache-At
X-Snapshot-Date
X-Cc-Via
Cf-Device-Type
X-CUA
D-Url-Rewrites
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Magicmarker
Cdn-Requestcountrycode
Cdn-Uid
Cdn-Requestid
Cdn-Edgestorageid
Cdn-Pullzone
Wp-Super-Cache
Servedby
Cdn-Cachedat
Cdn-Cache
X-ATG-Version
Vha6-Origin
X-Th-Server
Tracecode
X-Back
X-Var-Ttl
X-LiteSpeed-Tag
X-Platform-Router
CountryCode
X-Varnish-Beresp-Status
X-MiniProfiler-Ids
Content-Script-Type
Content-Style-Type
X-Storefront-Renderer-Verified
X-Fastly-Backend
X-FC-Vary-Parameters
X-Release
X-Fastly-Cache-Hits
X-Sucuri-Cache
Fastcgi-Cache-Ttl
X-BBC-Origin-Response-Status
X-Request-URL
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Target-Params
X-Platform-Cluster
X-Fragments
X-Sucuri-ID
X-Dist-Code
X-Azure-Ref-OriginShield
X-Platform-Processor