Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Link
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-CDN
X-Drupal-Dynamic-Cache
Upgrade
X-AspNetMvc-Version
X-Via
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Hacker
X-Backend
X-UA-Device
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-LiteSpeed-Cache
X-Server
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
X-Amz-Version-Id
EagleEye-TraceId
X-Device
X-Dispatcher
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Server-Id
X-Host
X-Backend-Server
X-Node
Cf-Railgun
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
X-Language
Xkey
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-Template
X-Application-Context
X-Ruxit-JS-Agent
Rating
X-B3-TraceId
X-Ua-Compatible
Accept-Ch-Lifetime
X-Country
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Cache-Lookup
X-Buckets
Allow
X-Ac
X-Url
X-Content-Type
X-Trace
X-PC
X-TtlSet
X-Vname
X-Mod-Pagespeed
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-ESI
Cache-Tag
Fastly-Restarts
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-Server-Name
X-GitHub-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-Upstream
MS-Author-Via
X-Vcap-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-D2id
X-Client-IP
X-Origin-Cache
X-Abt-Application-Version
X-Cached
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Aspnetmvc-Version
X-ORACLE-DMS-RID
X-Country-Code
X-ORACLE-DMS-ECID
X-Goog-Hash
X-Navigation-Version
X-Powered-By-Plesk
X-Cnection
X-Px
X-Version
X-NF-Request-ID
X-Instrumentation
X-Kraken-Loop-Name
Access-Control-Request-Method
X-Server-Lifecycle-Phase
X-Amz-Server-Side-Encryption
X-Aws-Lambda-Call-Status
Accept-Ch
RTSS
X-Powered-CMS
X-Sol
X-Middleton-Display
X-SRCache-Store-Status
Display
Pagespeed
X-SRCache-Fetch-Status
Response
X-Middleton-Response
X-MSEdge-Ref
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Id
X-CST
X-LLID
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
X-Shield-Request-Id
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-TTL
S
Content-MD5
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-T
AR-ATIME
AR-SID
AR-CACHE
AR-Request-ID
AR-PoweredBy
X-Forwarded-For
X-Protected-By
X-Content-Security-Policy-Report-Only
TCN
X-Mg-S
X-Id
X-RateLimit-Remaining
X-Mid
X-MCACHE
Fastcgi-Cache
X-Parallel-Accel
Realpath
Front-End-Https
SPIisLatency
SPRequestDuration
X-Recruiting
Edge-Cache-Tag
X-Ttl
X-Request-Received
X-Request-Processing-Time
Filters
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Server-Node
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
SPRequestGuid
X-SharePointHealthScore
X-Ua-Browser
X-Ab
X-Content
X-DynaTrace
X-Ezoic-Cdn
X-Correlation-Id
Alternate-Protocol
X-Accel-Expires
Server-Name
X-Ruxit-Js-Agent
X-ECACHE
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Frontend
X-HS-Combine-CSS
X-NWS-LOG-UUID
X-Cache-Key
X-Yandex-Sdch-Disable
X-Hits
X-Tt-Trace-Host
X-Content-Options
X-Tt-Trace-Tag
Cache-Tags
X-Git-Hash
X-Page-Id
Host
MicrosoftSharePointTeamServices
X-Fastly-Request-Id
Charset
Cleartype
X-Www-Served-By
X-Geo-Country
X-Kong-Proxy-Latency
X-B3-Sampled
X-Kong-Upstream-Latency
X-Amz-Replication-Status
X-Content-Digest
TP-Cache
TP-L2-Cache
X-Forwarded-Proto
Filterid
X-Ser
X-Hostname
X-VCache
X-Varnish-Age
X-Amzn-Trace-Id
X-XRDS-LOCATION
X-AppVersion
X-Activity-Id
X-Az
X-Rid
X-Request-Handler-Origin-Region
X-Microsite
X-DIS-Request-ID
X-Upgrade-Enabled
X-Debug-Info
X-Daa-Tunnel
X-Origin-Server
Access-Control-Allow-Method
X-Grace
X-LB-Cache
X-N
X-WebKit-CSP-Report-Only
ServerID
X-FB-Debug
X-Origin-Upstream-Status
X-Mobile-URL
X-Nginx-Upstream-Cache-Status
X-Is-Crawler
X-Request-Guid
X-Route-Name
X-Whom
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Flags
X-Goog-Stored-Content-Length
X-NGENIX-Cache
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
X-TT
X-Goog-Metageneration
X-Goog-Storage-Class
X-Varnish-Grace
X-App-Environment
X-PressLabs-Stats
X-F-Cache
Viewport
X-Distributor
X-Logged-In
Cross-Origin-Opener-Policy
Payment
X-App-Server
X-FW-Static
Paypal-Debug-Id
X-FW-Hash
X-FW-Dynamic
X-Cache-Control
X-Server-ID
X-FW-Serve
X-FW-Server
Node
X-FW-Type
DC
X-Tb
Fastcgi-Useragent
X-Cache-Age
X-Seen-By
X-Type
X-User-Agent
Country
Accept-Charset
X-Varnish-Backend
X-Cache-Rule
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Webkit-CSP
X-DataDome
X-Load-Cache
X-Node-Name
Version
X-Cache-Action
X-Tec-Api-Version
X-Tec-Api-Root
X-Ratelimit-Limit
X-Tec-Api-Origin
X-Wix-Request-Id
X-IPLB-Instance
Refresh
X-Via-JSL
X-Response-Served-From
Liferay-Portal
X-Original-Request-Id
SD-X-WS
Cache-Status
Access-Control-Request-Headers
X-Jobs
Amp-Access-Control-Allow-Source-Origin
X-Cacheable-TTL
X-Real-IP
X-Rendered-As
X-ProcessESI
X-RemovedCookies
X-Page-View
X-Proxy-Cache-Status
X-Revision
VIX-Pulpo-Upstream-Status
X-UUID
X-Drupal-Cache-Tags
NGB
X-B
VIX-Pulpo-Node
Referer-Policy
X-Cluster-Name
X-Vgn-Hpd-Reason
X-Is-Bot
X-Contextid
X-Device-Type
X-Debug
X-Proxy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Expired-At
X-Rule
X-G
X-Instance
X-Cache-Time
X-Framework
Akamai-GRN
Healthy
X-Mobile
X-Drupal-Cache-Contexts
DynaTrace
X-Fastly-Request-ID
X-Azure-Ref
X-Signature
X-Debug-IsConnected
X-Debug-IsPreview
Surrogate-Key
X-B-Cache
X-Source
X-Fastcgi-Cache
CF-IPCountry
X-FW-Version
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Air-Hostname
SID
X-Air-Trace-Id
X-Air-Source
X-Ms-Version
X-Ms-Request-Id
Frame-Options
X-XRDS-Location
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cache-Hit
MS-CV
Ms-Operation-Id
X-RTag
Section-Io-Cache
X-APP-VERSION
Countrycode
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Environment-Context
X-L-Path
X-Nginx-Cache
Xserver
X-Oneagent-Js-Injection
X-Varnish-Server
X-CDN-Forward
X-Region
X-Servername
Count-Hit
X-Content-Powered-By
GEO-INFO
X-EdgeConnect-Cache-Status
X-Cache-Operation
X-Forwarded-Host
Uber-Trace-Id
X-Backend-Name
Cross-Origin-Window-Policy
Backend
X-IPS-LoggedIn
X-Adobe-Content
X-Adobe-Loc
X-Litespeed-Cache
X-Mode
X-Accel-Buffering
Meta-Geo
X-JoinUs
X-UPSTREAM-Address
Ec-Rule-Version
X-SaId
X-RN-RSRV
X-Zen-Fury
X-Human
X-Redis-Cache
X-Generation-Time
X-Detected-As
X-Cache-Type
X-Cache-Server
X-PHP-Backend
X-ProxyCache-Key
X-ProxyCache-Status
X-Origin-Date
X-BYPASS-REASON
X-Hosted-By
X-Debug-Cache
X-FB-TRIP-ID
X-NCache
Url
X-Sql-Count
Country-Code
Decoy-Debug-Key
Decoy-Debug-Status
X-Via-Fastly
Cache-Tv-Group
Cache-Name
X-No-Session
X-Microcachable
Apigw-Requestid
X-Cache-Grace
Decoy-Debug-TTL
X-Varnish-Beresp-Grace
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Sql-Duration-Ms
Eomportal-Instance
X-Uri
X-Storage
X-ServerID
X-Alternate-Cache-Key
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
X-Cache-TTL-Remaining
X-Akamai-Edgescape
Webcakes-Region
TWC-GeoIP-Country
TWC-Device-Class
Mn-Server-Ip
Fastly-SSL
X-Azure-Ref-OriginShield
Property-Id
Protected
TWC-Connection-Speed
Source
Selected-Fe
X-Format
X-Cache-Host
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-UA-Device-Type
X-Status
X-Site-Version
X-Timing-Wait
X-Web-Node
X-Origin-Hint
X-Proxy-Build
Azure-Version
X-PCL
X-Time
X-OCL
OT-Force-Account-Verify
X-Varnishpool
X-Section
X-PERF
X-ApacheServer
Azure-SlotName
X-Access
X-Pubstack
X-Hl-Ver
X-R9-Blue-Green-Version
X-Server-W
X-NYM-Debug-Backend
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-RateLimit-Limit
X-LSADC-Cache
X-Proxied
X-Extlb
X-Routing-Service
Content-Secure-Policy
X-Zipkin-Id
X-Cluster-Node
X-Be
X-Cache-Var
X-Cache-Var-Map
X-Rewrite-Enabled
X-Tid
X-SRV
X-HTML-Minification-Powered-By
X-Ua
SRV
X-Amz-Meta-S3cmd-Attrs
DB-Nickname
X-Soup
X-Cache-NGX
X-Webkit-Csp
X-NewRelic-App-Data
X-Content-Age
X-Ratelimit-Reset
Content-Disposition
X-Dc
X-Cached-By
X-LAGOON
X-Unique-Id
X-Loop
X-Varnish-Hits
X-TNCMS
X-Varnish-Hostname
Retry-After
CDN-Uid
CDN-RequestId
Cache
X-S-Maxage
CDN-RequestCountryCode
CDN-Cache
X-Generated-By
Onion-Location
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
X-App-Version
X-Bc-Bl
Webserver
X-Origin-TTL
X-Origin-CC
X-Hyper-Cache
X-Auto-Login
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Proto
Web-Mar-Node
X-TT-LOGID
X-ECache
X-GEO
X-Presslabs-Stats
Cache-Hits
X-Nginx-Cache-Key
X-Tenant
X-Time-Microsecs
X-Trace-Id
X-Endurance-Cache-Level
X-GG-Cache-Date
X-Akamai-Transformed
X-Cdn
X-Qnm-Cache
X-Edge-Location
X-M-Reqid
X-M-Log
CloudFront-Viewer-Country
X-VWS-Id
X-LJ-Flow-ID
Xet-Cookie
X-AWS-Id
X-Mg-Request-UUID
Mime-Version
X-CSRF-Token
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Labrador-Cache-Channel
X-PHP-Host
X-Platform-Server
LB
X-CACHE-KEY
X-RCS-CacheZone
X-Handled-By
HostName
X-Xfnlog-Site
X-Cache-Tags
N-Cache
X-B3-SpanId
X-Varnish-Cache-Hits
Upgrade-Insecure-Requests
X-Storefront-Renderer-Rendered
X-Locale
X-Adobe-Source
X-VC-Cache
X-Origin-Response-Time
ServedBy
X-Request-Time
X-Reqid
X-Connection-Hash
X-Destination
X-Conf
X-CF-Lambda-Version
X-Cache-NE
X-D
X-ATG-Version
X-ARC
X-Ckpd-Fst-Backend
X-A-Ccd
X-Cache-Remote
X-B-Cookie
X-Aed
X-CF-Lambda-Fn
X-External-Request-Id
X-A-Dgt
X-Forwarded-Path
X-A
X-A-Wwc
X-Developer
X-A-Dam
DCR-Processing-Time-Ms
X-Cluster
X-A-Dcw
Expiry
X-TIM-N
BehaviorPad-Version
X-Request-Host
Origin
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Processor
Pramga
X-Ftr-Request-Id
X-PBS-Appsvrname
X-V-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Fastcgi-X-Cache-Version
X-SRCache-Key
X-ScT
X-SD-PageType
X-S
X-S-Cookie
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
From-Origin
X-Rojux
X-Shop-Environment
X-Session-Fingerprint
Server-Info
X-PAYTM-SRV-ID
X-Planisys-CDN-Cache
X-NAPM-TraceId
X-Application
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
A
X-Ig-Push-State
Nel
DSUID
X-AOL-HN
Xc-Version
X-VG-WebCache
Surrogated-Key
Rendered-Blocks
X-Orig-Expires
X-Vdms-Path
X-Vdms-Version
DCR-Decision-By
Redirect-Candidate
X-Via-NSCOPI
X-MP-GENERATED-AT
X-Correlation-ID
X-Accel-Expires-Debug
Gh-Request-Id
Fastcgi-Cache-TTL
Wxu-Next-Commit
Wxu-Next-Region
Release
User-Cache-Control
Vix-Hermes-Req-Id
L
Host-ID
V-Age
X-Old-Content-Length
X-Proxy-Upstream
X-Rocket-Nginx-Serving-Static
X-Scheme
X-Policy
X-Owner
X-Nyt-Route
X-Origin-Expires
X-Origin-Time
X-Served-From
X-Server-IP
X-VServer
State
X-ND-Cache
X-Varnish-Beresp-Status
X-Sucuri-ID
X-Skip-Cache
X-Slack-Backend
X-Sucuri-Cache
X-Mvc-Supplant-Cachable
X-Location
X-Device-Os
X-Epic-Correlation-Id
X-Fastly-Cache
X-Date
X-Core-Mission
X-Cache-Bucket
X-Cache-Date
X-Cache-Info
X-Fetched-On
X-Forwarded-Site
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Hnp-Log
X-Hash
X-Gdpr
X-Gen-Mode
X-Geo-Header
X-Block-Status
Wxu-Next-Hostname
X-EC-Lua
AKAMAI
CacheControlHeader
WPO-Cache-Message
Datacenter
WPO-Cache-Status
Environment
Candidate-Md5Url
Cmsid
Cmstype
AMP-Access-Control-Allow-Source-Origin
X-TIME
X-Generated-On
X-Branch-Name
X-GeoIP
X-Platform
Apple-News-Services-Host
X-GeoIP-City
Arc-Country
Server-Host
X-Fastly-Backend
X-Magnolia-Registration
Apple-News-Services-Parsed-Url
Svr
Apple-News-Services-Request-Url
Req-Svc-Chain
Thinkindot-CacheControl
X-Irp-Debug
X-Esi-Check
Apple-News-Services-Handled
X-HS-Content-Campaign-Id
X-HN
Web-Mar-Region
We-Hiring
X-Level-Front-Cache
X-NodeID
Thinkindot-CacheControl-Type
X-Gzip
Thinkindot-Control
X-Ratelimit-Remaining
True-Client-Country-4JS
X-Developers
TDXMobile
X-Aicache-OS
X-VarnishDD-TTL
X-Viewer-Country
X-Core-Value
X-TrackingId
X-Thanos
CDCHOST
X-Cache-Id
X-Men
X-Cache-Config
X-Bip
X-Cache-Debug
X-VG-TLSProxy
Fastly-GeoIP-CountryCode
X-BBC-Edge-Cache-Status
Locid
X-Thinkindot-L3
X-Datadog-Trace-Id
X-Sigma-Backend
X-Req
Machine
X-Sigma
X-Request-Start
X-Datadog-Parent-Id
Mail-Subject
PFcat
X-TH-Server
X-Datadog-Sampling-Priority
X-Rocket-Build-Number
X-DefElseHash
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-DefHash
X-Csrf-Jwt
X-CGP
X-Cdn-Origin
X-Eu-Site
X-Pod-Name
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
X-Sn-Servicetimems
X-Varnish-Remaining-TTL
X-Worker
Traceparent
Origin-EX
Origin-CC
X-NU-AKA-ACS-Version
X-Request-URI
X-Region-Sid
X-Loc
X-Is-Gdpr
X-Has-Esi
X-Zone
X-Origin
X-Qloud-Router
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Gamma-Serve
X-JWT-State
L5d-Success-Class
Memcached
HA-Ipaddr
Ha-Gx-Prefs
Cf-Device-Type
NGX
X-Amzn-Remapped-Content-Length
WWW-Authenticate
Adler-Geo
Platform
NM-Fastcgi-Cache
Fastly-SWR
Is-Eu
Fastly-SIE
X-Backend-State
X-Xrds-Location
X-Webstats-RespID
X-Tx-Id
X-UnsetCookies
On-Server
Esi-Enabled
Fastly-Drupal-Html
CDN
X-FireWall-Port
X-Mvc-Supplant-OutputCached
X-CS
Sslversion
X-NC
X-API-Version
X-Node-Id
X-Varnish-Beresp-Ttl
X-Cdn-Srv
Pics-Label
X-Vc
X-Generated-In
Ssr
X-LB-ID
X-Tt-Logid
X-Response-By
X-Up
X-Service
C-Via
X-CLOUD-TRACE-CONTEXT
Ms-Author-Via
Time
X-Cache-PHP
Memory
X-Trace-ID
WP-Super-Cache
X-Datadome
X-Edge-Pop
X-Refresh
X-TA-CDN-Provider
X-DynaTrace-JS-Agent
X-LB-NoCache
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Enabled
X-Backend-TTL
X-Via-Poph
X-Via-Popv
X-TraceId
X-Cache-Status-Check
X-Via-Popn
GeoIp-Country-Code
X-Dynatrace
X-Varnish-Ttl
X-Optimistic-Header
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Env
X-Render-Time
X-Parent-Response-Time
X-Info
X-DC
Magicmarker
X-Varnish-Beresp-TTL
X-Restarts
X-Ua-Device
X-Cs
X-AIR-PT
X-Servedbyhost
X-Esi
X-NWS-UUID-VERIFY
X-CacheTTL
Kp-EeAlive
X-Clientip
X-ZONE
X-Unique-ID
X-TX-ID
X-Oss-Storage-Class
Cache-Host
HIT
Server-ID
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
UCS
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
X-Srv
Section-Io-Id
X-RPS
X-RSL
X-VCL-Version
X-RPM
X-Wix-Viewer-Type
S-Rt
X-App
WebServer
X-MSEdge-Flight
X-DSS
X-MSEdge-Features
X-DI
Lb
Proxy-Connection
X-Cache-Backend
Edge-Cache
X-DW
X-DB
X-Newrelic-Synthetics
S-Cnection
X-LI-Proto
X-Li-Proto
X-Cache-Ttl
X-Action
X-URL
User-Agent
X-Micro-Cache
Fastly-Backend-Name
X-Minions-Version
X-FPC
X-Fpc
Test
X-Webkit-Csp-Report-Only
X-HA-Backend
X-Traceid
X-LiteSpeed-Cache-Control
X-Backend-Host
X-Vcl-Version
X-B3-Spanid
X-Pad
Server-Id
X-Webkit-CSP-Report-Only
X-NODE
X-ES-SERVER
X-BCube-Filmed-By
X-Release
Geo-Info
Tcn
X-Pass-Why
X-Akamai-Request-ID2
X-Http-Reason
X-BBC-Origin-Response-Status
Resin-Trace
X-CSRF-TOKEN
CPC-Age
Path
X-User
X-LiteSpeed-Tag
Cf-Int-Pingora-Origin-Digest
X-HostName
Fastly-Drupal-HTML
VNS-Cache
VNS-Age
X-Ec-Fail
X-Ec-GeoHdr
Accept-Language
Hostname
CPC-Cache
Cache-Key
X-Amz-Meta-Cb-Modifiedtime
X-APP
EpKe-Alive
X-WA-Info
X-ID
X-ServedByHost
X-Dynatrace-Js-Agent
X-Akamai-Pragma-Client-IP
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
Hit
X-Check-Cacheable
X-WA
Ohc-File-Size
X-NGINX-Cache
X-Cms-Context
X-COUNTRY
X-Via-PopV
Pagetype
Srv
X-Via-PopN
X-Via-PopH
X-Ha-Backend
GeoIP-Country-Code
X-Wikidot-Backend
X-PJAX-URL
X-Wikidot-Static-Cache
X-Geo
X-Fmm-Version
X-Clara-WADP
X-WADP-Cache
X-ElasticPress-Query
ENV
Shield-Pop
M-TraceId
Cdnsip
X-AK-Request-ID
X-Via-Ucdn
X-Cdn-Forward
X-Edge-POP
Cdncip
MIME-Version
MD5-Digest
X-Api-Version
URI
X-Edge-Cache
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Load-Balancing
Geoip-Latitude
X-HS-Status
Cluster
My-App
X-VG-WebServer
Lfy
X-Kraken-Routeconfig-Destination
X-Fastly-Backend-Reqs
W
X-From
IsBot
X-SIPLIST1
X-Var-Ttl
X-Ucs
X-ServerName
Sever-Int
X-Cache-Expires
Server-Hostname
Tracecode
Server-Ext
X-CUA
X-Lb-Id
T-Server
X-GoCache-CacheStatus
X-Provided-By
X-UP
X-Mcache
X-TRACE-ID
Vha6-Origin
X-Dw-Trace-Id
X-Platform-Cluster
Cdn
Cneonction
X-VC
X-Via-CDN
X-Cdn-Request-ID
X-Platform-Router
X-RateLimit-Reset
Lang
Servername
WZWS-RAY
X-Fragments
HitType
X-RAMCache
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Cteonnt-Length
X-Platform-Processor
X-B3-ParentSpanId
X-Fastly-Cache-Hits
PICS-Label
X-Nc
Ohc-Cache-HIT
X-Apw-Access-Token
X-Yottaa-OS
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Object
X-Cache-ASPX
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Uri
Target-Params
X-Contensis-Viewer-Groups
X-Snapshot-Date
FSS-Cache
X-Swift-Error
CF-Cached-On
Cf-Ipcountry
X-Newrelic-App-Data
Dnion-Transfer-Encoding
X-Cc-Via
X-Akamai-Request-ID
X-Cache-Ngx
X-Air-Pt
Sid
X-Varnish-Authentication
Req-ID
X-Http-Count
X-HTML-Edge-Cache
X-Te-Count
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-CacheKey
X-UA
X-Te-Duration-Ms
X-Http-Duration-Ms
PB-RID
X-Logging-Id
CountryCode
X-Miniprofiler-Ids
X-Lb-Nocache
X-Edge-IP
X-IN-APIGATEWAYSSL
X-Wa
X-B3-Parentspanid
Arc-Version
X-IN-APIGATEWAY
Ngx
X-77-NZT
X-Request-UUID
X-Sentry-ID
PB-PID