Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
ETag
Pragma
CF-RAY
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
CF-Ray
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
Access-Control-Max-Age
X-Akamai-Path-Stats
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-UA-Device
X-Amz-Id-2
X-Proxy-Cache
Host-Header
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-CST
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Url
X-Ruxit-JS-Agent
X-Country
Accept-Ch
Fastly-Restarts
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-TtlSet
X-PC
X-Vname
RTSS
X-Amz-Server-Side-Encryption
Edge-Control
X-VARITI-CCR
X-FastCGI-Cache
X-Server-Name
X-ESI
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Edge
X-Dw-Request-Base-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Amz-Rid
Public-Key-Pins
X-ASPNET-VERSION
X-D2id
X-Cnection
X-Ser
X-Px
X-Navigation-Version
X-Ac
X-Powered-By-Plesk
X-Middleton-Display
Verso
Pagespeed
Display
X-Sol
X-Abt-Application-Version
X-Client-IP
X-Element-Page-Cache
X-Content-Security-Policy-Report-Only
X-Version
Arr-Disable-Session-Affinity
X-RateLimit-Remaining
X-Cache-TTL
X-GitHub-Request-Id
X-Ttl
X-Litespeed-Cache
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
Response
X-Middleton-Response
X-Goog-Hash
SPRequestDuration
Access-Control-Request-Method
SPIisLatency
X-Cached
X-Kinsta-Cache
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
X-Powered-CMS
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Upstream
X-LLID
Edge-Cache-Tag
X-Forwarded-For
X-Correlation-Id
X-TTL
X-NWS-LOG-UUID
Content-MD5
Nginx-Cache
X-Id
X-WebKit-CSP-Report-Only
X-Cache-Key
X-RateLimit-Limit
X-Shield-Request-Id
X-MSEdge-Ref
TCN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Recruiting
MRF-Tech
X-T
Mrf-Cache-Status
S
X-ECACHE
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Ruxit-Js-Agent
X-Content-Digest
X-Mg-S
X-DataDome
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ua-Device
TP-Cache
TP-L2-Cache
X-Grace
X-Accel-Expires
X-DynaTrace
X-Frontend
X-HS-Cache-Config
X-HS-Combine-CSS
X-Request-Received
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Content-Id
X-Request-Processing-Time
Server-Node
Front-End-Https
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
Filters
X-Content
X-Ua-Browser
X-Ab
X-Protected-By
X-PressLabs-Stats
X-Mcache
X-Origin-Server
X-Distributor
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Hits
MS-Author-Via
Fastcgi-Cache
X-Geo-Country
X-LB-Cache
X-Microsite
X-Mid
X-Request-Handler-Origin-Region
X-Amzn-Trace-Id
X-Tt-Trace-Tag
Charset
X-Tt-Trace-Host
Host
Cleartype
X-Debug-Info
X-Webkit-Csp
X-F-Cache
X-Git-Hash
X-B3-Sampled
X-Fastly-Request-Id
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Page-Id
X-Cache-Age
Cache-Status
X-Seen-By
Realpath
X-Az
X-AppVersion
X-Activity-Id
Access-Control-Allow-Method
X-DIS-Request-ID
X-Ratelimit-Reset
X-Www-Served-By
Accept-Charset
X-Webkit-CSP
X-Nginx-Upstream-Cache-Status
ServerID
X-Server-ID
Filterid
Permissions-Policy
X-Varnish-Age
Cache-Tags
X-Pinterest-Rid
Pinterest-Generated-By
X-Aspnetmvc-Version
Pinterest-Version
X-Cluster-Name
X-Rid
X-Content-Options
X-FB-Debug
X-Type
Retry-After
Server-Name
X-Varnish-Backend
Country
X-User-Agent
Viewport
X-App-Environment
X-Varnish-Grace
X-Flags
X-Request-Guid
X-Tb
X-Route-Name
X-Signature
DC
X-Aspnet-Duration-Ms
X-Drupal-Cache-Tags
X-B-Cache
Paypal-Debug-Id
X-Wix-Request-Id
X-Providence-Cookie
X-Is-Crawler
X-TT
X-Whom
X-Amz-Meta-S3cmd-Attrs
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
Node
X-B
X-Goog-Stored-Content-Length
X-VCache
X-Language
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Upgrade-Enabled
Fastcgi-Useragent
X-XRDS-LOCATION
X-Origin-Cache
X-Debug
X-Mobile-URL
X-NWS-UUID-VERIFY
Protected
X-Midtier
X-Amz-Replication-Status
X-N
Payment
X-Logged-In
X-Cache-NGX
X-Load-Cache
Surrogate-Key
X-Oracle-Dms-Ecid
WPO-Cache-Status
WPO-Cache-Message
X-Cache-Control
X-Oracle-Dms-Rid
Count-Hit
Amp-Access-Control-Allow-Source-Origin
X-Contextid
X-Via-JSL
X-MCACHE
Alternate-Protocol
Healthy
X-Node-Name
X-Restarts
X-ECache
X-NGENIX-Cache
X-Mobile
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
Content-Disposition
X-Proxy
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
Refresh
Akamai-GRN
X-Cache-Time
X-Zen-Fury
X-XRDS-Location
X-Jobs
X-G
Url
X-Page-View
X-Cache-TTL-Remaining
X-Akamai-Request-ID2
X-Real-IP
X-Revision
X-Adobe-Content
X-Servername
X-Adobe-Loc
Uber-Trace-Id
X-UUID
X-Mg-Request-UUID
X-Rendered-As
X-Instance
X-Proxy-Cache-Status
X-Is-Bot
NGB
X-Http-Reason
X-Debug-IsConnected
X-Debug-IsPreview
X-Cacheable-TTL
X-Cache-Grace
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Contexts
X-Device-Type
X-Framework
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-Template
X-Yottaa-Metrics
X-Varnish-Server
X-Ratelimit-Remaining
X-Hostname
X-Environment-Context
X-IPLB-Instance
X-L-Path
X-HTML-Minification-Powered-By
X-Source
Version
X-EdgeConnect-Cache-Status
Frame-Options
Countrycode
X-RTag
Ms-Operation-Id
MS-CV
Accept-Language
X-B3-Traceid
Referer-Policy
Liferay-Portal
X-Trace-Id
X-Oneagent-Js-Injection
X-NYM-Debug-Backend
X-Fastly-Request-ID
X-Datadome
X-Cache-Hit
X-App-Server
X-Cache-Rule
X-Cache-Expired-At
From-Origin
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Vgn-Hpd-Reason
Backend
X-IPS-LoggedIn
X-Nginx-Cache
X-Hosted-By
X-APP-VERSION
X-Unique-Id
Content-Secure-Policy
X-FW-Version
X-COUNTRY
WP-Super-Cache
CF-IPCountry
X-RemovedCookies
X-Ratelimit-Limit
Upgrade-Insecure-Requests
Load-Balancing
X-ProcessESI
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
Section-Io-Cache
X-Cache-Server
X-Status
X-PCL
X-FB-TRIP-ID
X-No-Session
X-Ua
X-Generation-Time
X-OCL
TWC-GeoIP-LatLong
X-Be
X-Region
TWC-Connection-Speed
X-Request-Time
X-Cluster-Node
TWC-GeoIP-Country
X-Cache-Enabled
TWC-Privacy
TWC-Device-Class
TWC-Locale-Group
X-Akamai-Edgescape
X-Content-Age
X-Origin-Date
X-Redis-Cache
Fastly-SSL
X-Section
X-Origin-Hint
X-Mode
Property-Id
Mn-Server-Ip
S-Rt
Webcakes-App-Version
X-Server-W
X-VWS-Id
X-Via-Fastly
Webcakes-Region
X-PHP-Backend
X-PHP-Host
X-Varnish-Cache-Hits
X-Sql-Duration-Ms
X-AOL-HN
X-UA-Device-Type
X-Labrador-Cache-Channel
X-Format
Apigw-Requestid
X-LJ-Flow-ID
X-Access
X-Sql-Count
X-AWS-Id
Webcakes-App-Name
Locale
X-PERF
X-ApacheServer
Azure-Version
X-Shopify-Stage
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-BYPASS-REASON
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Eomportal-Instance
X-ProxyCache-Key
X-Sorting-Hat-ShopId
X-Platform-Server
Azure-RegionName
X-Content-Powered-By
X-Site-Version
X-Urbn-Site-Id
X-Storage
X-Urbn-Context-Path
X-Locale
X-Uri
X-Alternate-Cache-Key
X-Human
X-Xfnlog-Site
X-Generated-By
X-Forwarded-Host
X-SayCDN-TTL
X-Adobe-Source
X-VC-Cache
X-Cache-Tags
X-Cache-Host
X-ProxyCache-Status
X-Cms-Context
X-Say-Cacheable
X-Debug-Cache
X-Say-TTL
X-Nginx-Cache-Key
X-Web-Node
X-Tid
X-Varnishpool
X-Dc
X-Hl-Ver
X-Zipkin-Id
X-Detected-As
X-SaId
X-Backend-Name
X-Routing-Service
X-Cache-Type
X-Extlb
X-ServerID
X-GeoCountry
X-GG-Cache-Date
X-GeoCode
X-JoinUs
X-Proxied
X-Handled-By
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Proxy-Build
X-Proto
X-Timing-Wait
Selected-Fe
Cache-Tv-Group
CDN-EdgeStorageId
CDN-Uid
X-NewRelic-App-Data
Ec-Rule-Version
CDN-RequestCountryCode
CDN-RequestId
CDN-Cache
ServedBy
CDN-PullZone
CDN-CachedAt
Fastly-Drupal-Html
Web-Mar-Node
X-Cache-Action
Onion-Location
X-LSADC-Cache
Webserver
X-GEO
X-App-Version
X-CDN-Forward
X-Magnolia-Registration
X-IPLB-Request-ID
X-Varnish-Hostname
X-Cached-By
SRV
Cache-Hits
X-Parallel-Accel
X-Hyper-Cache
SID
X-Cache-Operation
X-Cluster
X-Envoy-Decorator-Operation
Mime-Version
X-Air-Trace-Id
X-Air-Source
X-Tt-Logid
X-Air-Hostname
X-Fastcgi-Cache
X-Rewrite-Enabled
X-Cache-Remote
X-Soup
X-Varnish-Hits
X-Rule
X-Varnish-Ttl
X-Cdn
X-Origin-TTL
X-SRV
X-Origin-CC
Xserver
Xet-Cookie
X-Accel-Buffering
X-Pubstack
X-Reqid
DB-Nickname
X-Microcachable
Cache
Server-Info
LB
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Country-Code
X-CSRF-Token
Source
X-TA-CDN-Provider
X-TT-LOGID
X-Xrds-Location
X-Buckets
X-Correlation-ID
Decoy-Debug-Status
Decoy-Debug-Key
X-Via-NSCOPI
Decoy-Debug-TTL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Request-Host
X-Endurance-Cache-Level
X-Time
X-Origin-Response-Time
X-Skip-Cache
DCR-Processing-Time-Ms
X-S
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Ec-GeoHdr
X-Cdn-Srv
X-External-Request-Id
Fastcgi-X-Cache-Version
X-Cache-NE
X-Vtex-Processado-Em
Expiry
X-VG-WebCache
X-Vdms-Path
X-Vdms-Version
DynaTrace
X-Epic-Correlation-Id
X-Ec-Fail
X-User
X-Connection-Hash
X-Processor
BehaviorPad-Version
X-SRCache-Key
Cache-Key
X-Shop-Environment
X-Session-Fingerprint
X-ScT
X-D
X-SD-PageType
A
X-Destination
X-Developer
X-TrackingId
X-Cache-Status-Check
X-S-Cookie
Cmsid
Cmstype
Cdnsip
Cdncip
Candidate-Md5Url
X-Tenant
X-Conf
X-TIM-N
DCR-Decision-By
Datacenter
X-Hash
X-Application
X-AK-Request-ID
X-Aed
X-ARC
Odigeo-Trace-Id
X-Rojux
Sslversion
NM-Fastcgi-Cache
X-NAPM-TraceId
Surrogated-Key
X-A-Dcw
X-A-Ccd
X-A-Dam
X-Orig-Expires
X-A-Dgt
X-A-Wwc
X-Ig-Push-State
Pramga
Rendered-Blocks
Mobile-Detection-Method
X-PAYTM-SRV-ID
X-BCube-Filmed-By
T-Server
Meta-Geo-Continent
X-Forwarded-Path
X-Vtex-Remote-Cache
Host-ID
Lang
X-PBS-Appsvrname
Xc-Version
X-A
MD5-Digest
X-Geo-Header
X-B-Cookie
X-Azure-Ref
X-Tx-Id
X-Ms-Request-Id
X-Ms-Version
X-CACHE-KEY
State
X-Core-Value
Wxu-Next-Region
AKAMAI
Wxu-Next-Hostname
Wxu-Next-Commit
Adler-Geo
X-Core-Mission
X-Amzn-Remapped-Content-Length
Environment
X-Bc-Bl
Kp-EeAlive
Is-Eu
X-Cache-Backend
X-CacheTTL
Memcached
X-Ckpd-Fst-Backend
Server-Host
X-Rocket-Build-Number
Producers
Platform
X-Cache-Id
X-Ad-Defer-Variation
X-SB
X-SVT-ORM-VERSION
X-JWT-State
X-Fetched-On
X-Is-Gdpr
X-Irp-Debug
XM
X-Origin-Expires
X-Origin
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Mail-Subject
X-Esi-Check
X-SplitTest
X-Origin-Time
X-Newrelic-Synthetics
We-Hiring
X-GeoIP
X-Has-Esi
X-Gzip
X-Gdpr
X-HS-Content-Campaign-Id
X-Scheme
X-Wix-Viewer-Type
X-Worker
X-Ftr-Request-Id
X-Loop
X-Varnish-Remaining-TTL
X-DefHash
X-SVT-ORM-RULES
X-Device-Os
X-TNCMS
X-DefElseHash
X-Sigma-Backend
X-NodeID
X-B3-SpanId
X-Sigma
X-Nyt-Route
X-Developers
X-V-Cache
X-DPWN-IS-SECURE
X-Variation
X-RCS-CacheZone
X-NCache
X-AIR-PT
X-ZONE
X-Varnish-Beresp-Grace
HostName
V-Age
Web-Mar-Region
X-HN
Vix-Hermes-Req-Id
X-Mvc-Supplant-Cachable
X-Loc
X-RateLimit-Remaining-Second
X-LAGOON
X-Rebelmouse-Surrogate-Control
X-Level-Front-Cache
X-Minions-Version
X-Rebelmouse-Cache-Control
X-Aicache-OS
X-Planisys-CDN-Cache
X-CGP
X-Dispatcher-Number
X-Clara-WADP
X-Policy
X-Ec-Custom-Error
X-Pod-Name
X-Eu-Site
X-Pool
X-Region-Sid
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Proxy-Cache-Info
X-Csrf-Jwt
X-Proxy-Upstream
X-Fastly-Cache
X-Cdn-Origin
X-BBC-Edge-Cache-Status
X-Branch-Name
X-Forwarded-Site
X-Gamma-Serve
X-Generated-On
X-Auto-Login
X-GeoIP-City
X-Fmm-Version
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Platform
X-Cache-Info
X-Qloud-Router
X-Cache-Bucket
X-Cache-Date
X-RateLimit-Limit-Second
L5d-Success-Class
Apple-News-Services-Request-Url
CDCHOST
CloudFront-Viewer-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Served-From
Apple-News-Services-Handled
Cluster
Fastcgi-Cache-TTL
Ha-Gx-Prefs
HA-Ipaddr
Gh-Request-Id
Fastly-SWR
Fastly-GeoIP-CountryCode
Fastly-SIE
X-SIPLIST1
X-Slack-Backend
CPC-Age
X-Wikidot-Static-Cache
CPC-Cache
VNS-Age
Redirect-Candidate
VNS-Cache
X-Wikidot-Backend
X-WADP-Cache
X-VarnishDD-TTL
X-Sn-Servicetimems
X-VG-TLSProxy
X-Via-Ucdn
X-VServer
X-Viewer-Country
IsBot
X-Thinkindot-L3
Release
Req-Svc-Chain
PFcat
X-Rocket-Nginx-Serving-Static
Origin-CC
Origin-EX
Ssr
TDXMobile
X-Request-URI
Traceparent
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Origin
Svr
L
Machine
X-Node-Id
N-Cache
NGX
Cache-Name
Sever-Int
User-Cache-Control
Fastly-Backend-Name
X-Hnp-Log
X-WA-Info
X-Gen-Mode
X-Optimistic-Header
X-Block-Status
X-Owner
Ohc-File-Size
Server-Hostname
X-R9-Blue-Green-Version
Server-Ext
X-Scale
DSUID
X-VC
CDN
GEO-INFO
X-WP-CF-Super-Cache-Cache-Control
X-Server-IP
X-WP-CF-Super-Cache
X-Httpd
X-Refresh
X-Micro-Cache
X-Parent-Response-Time
X-CS
Path
X-EC-Lua
Pics-Label
X-From
X-Contensis-Viewer-Groups
Servername
Cache-Host
X-Cache-ASPX
X-NC
X-Edge-Pop
X-Ah-Environment
X-Webstats-RespID
Ngx.Var.Host
Ms-Author-Via
Lb
Env
X-Location
X-LB-NoCache
X-Varnish-Authentication
X-Srv
X-Mvc-Supplant-OutputCached
X-RateLimit-Reset
X-Udemy-Cache-App-Namespace
X-Varnish-Beresp-TTL
X-Proxy-CacheRZ
X-Tb-Optimization-Total-Bytes-Saved
AMP-Access-Control-Allow-Source-Origin
XkeyRZ
X-Via-Poph
X-Servedbyhost
X-Via-Popn
X-Via-Popv
X-Generated-In
Locid
X-TIME
X-Response-By
X-Clientip
Arc-Country
X-TraceId
X-Amz-Meta-Cb-Modifiedtime
X-API-Version
X-Men
Ohc-Cache-HIT
GeoIp-Country-Code
Memory
X-S-Maxage
ITXSESSIONID
Time
X-Old-Content-Length
X-Akamai-Transformed
X-PX
X-RPS
X-RSL
X-RPM
True-Client-IP
X-DSS
X-DI
X-Accel-Expires-Debug
X-DW
X-Date
Client
X-DB
X-Cs
X-HA-Backend
Geoip-Latitude
X-Dmc
X-Vc
X-VHOST
X-TRACE-ID
X-Trace-ID
X-Tec-Api-Root
Server-ID
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-VCL-Version
X-MSEdge-Features
X-Render-Time
X-Tec-Api-Origin
X-Tec-Api-Version
X-MSEdge-Flight
X-DynaTrace-JS-Agent
X-URL
Hostname
FSS-Cache
X-Api-Version
X-Fpc
X-Presslabs-Stats
X-FireWall-Port
X-INCAP-ABP
X-Cache-Debug
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-Gateway-Skip-Cache
X-Service
X-TX-ID
X-Gateway-Request-Id
X-Zone
C-Via
Rip
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-DC
X-M-Reqid
X-B3-Spanid
NtCoent-Length
Click-Count-Action-Start
Powered-By
CacheControlHeader
X-Webkit-Csp-Report-Only
X-Qnm-Cache
Click-Count-Error
X-M-Log
Tube-Got-Results
Tube-Got-Eval
Tube-Return
Tube-Get-Contents
HIT
Esi-Enabled
True-Client-Country-4JS
X-Action
On-Server
X-TH-Server
X-Traceid
X-Alfa-Service
X-Backend-TTL
Tcn
X-HS-Status
X-FPC
Test
X-NGINX-Cache
OT-Force-Account-Verify
X-CSRF-TOKEN
Edge-Cache
X-Vcl-Version
Server-Id
X-Cdn-Request-ID
X-Pass-Why
X-Edge-Origin-Shield-Region
Cdn
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-Proxy-Cache-Hk
X-Beluga-Record
X-Beluga-Node
Srv
X-Beluga-Cache-Status
Geo-Info
User-Agent
X-Check-Cacheable
X-Req
X-Edge-Origin-Shield-Bytes
X-Origin-Upstream-Status
X-Akamai-Pragma-Client-IP
GeoIP-Latitude
My-App
Uri
Proxy-Connection
GeoIP-Country-Code
Srvid
Resin-Trace
Cf-Int-Pingora-Origin-Digest
X-APP
X-Via-PopV
X-Ha-Backend
X-Via-PopH
X-Via-PopN
WebServer
X-CLOUD-TRACE-CONTEXT
X-Cdn-Forward
MIME-Version
X-Up
Sid
X-ServedByHost
M-TraceId
X-Webkit-CSP-Report-Only
DT-Hot-News
X-LB-ID
Epwk-X-Cache
Server-Ttl
X-CCDN-CacheTTL
X-App
X-Provided-By
X-Fastly-Backend-Reqs
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Varnish-Beresp-Ttl
X-LI-UUID
X-Newrelic-App-Data
ENV
X-Bip
X-Thanos
X-Backend-Host
X-Lb-Nocache
X-Li-Pop
X-LI-Proto
X-Li-Fabric
Warning
X-Esi
X-Request-Start
True-Client-Ip
X-Nc
PICS-Label
ServerName
X-Fetch-By
X-Vercel-Cache
X-Vercel-Id
X-Geo
X-RAMCache
XServer
X-B3-Traceid-Primal
X-Edge-POP
X-UnsetCookies
Dt-Hot-News
X-HostName
X-HITS
X-CF-Powered-By
X-Yottaa-OS
Section-Origin-Responded
X-ElasticPress-Query
Section-Io-Origin-Time-Seconds
X-Serial
Section-Io-Origin-Status
Section-Io-Id
X-ND-Cache
CF-Cached-On
X-Dw-Trace-Id
X-Akamai-Request-ID
X-Time-Microsecs
WZWS-RAY
X-Request-Url
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
DataCenter
Inserted-Into-Cache-At
X-Iplb-Instance
X-Iplb-Request-Id
Magicmarker
X-Snapshot-Date
X-IN-APIGATEWAYSSL
X-Cc-Via
X-CUA
D-Url-Rewrites
X-IN-APIGATEWAY
X-Vcache
Cf-Device-Type
Cdn-Requestid
Cdn-Uid
Cdn-Requestcountrycode
Cdn-Edgestorageid
Wp-Super-Cache
Servedby
Cdn-Cache
Cdn-Cachedat
Cdn-Pullzone
Vha6-Origin
X-Fastly-Backend
Tracecode
X-Th-Server
X-Var-Ttl
X-Back
X-LiteSpeed-Tag
X-Platform-Router
CountryCode
X-Varnish-Beresp-Status
X-MiniProfiler-Ids
X-ATG-Version
Content-Script-Type
X-Storefront-Renderer-Verified
Content-Style-Type
X-FC-Vary-Parameters
X-Sucuri-Cache
X-Fastly-Cache-Hits
X-Request-URL
Fastcgi-Cache-Ttl
X-BBC-Origin-Response-Status
X-Release
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Platform-Cluster
Target-Params
X-Fragments
X-Azure-Ref-OriginShield
X-Sucuri-ID
X-Dist-Code
X-Platform-Processor