Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Link
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Response-Time
Request-Id
X-HW
Xkey
X-Ruxit-JS-Agent
X-Application-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-PC
X-TtlSet
Allow
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Varnish-TTL
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
X-FastCGI-Cache
X-VARITI-CCR
Service-Worker-Allowed
X-Rack-Cache
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
X-Amz-Rid
Public-Key-Pins
X-Aws-Lambda-Call-Status
X-Vcap-Request-Id
X-Cached
MS-Author-Via
X-Dw-Request-Base-Id
X-D2id
X-Abt-Application-Version
X-Client-IP
X-Cnection
X-Origin-Cache
X-Px
Arr-Disable-Session-Affinity
X-Cache-TTL
Accept-Ch
X-Country-Code
X-Navigation-Version
RTSS
X-Goog-Hash
Access-Control-Request-Method
X-Powered-By-Plesk
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-NF-Request-ID
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Version
X-Powered-CMS
X-Language
AR-CACHE
AR-SID
AR-PoweredBy
AR-ATIME
AR-Request-ID
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Amz-Server-Side-Encryption
X-Middleton-Response
Response
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
X-LLID
X-Kinsta-Cache
X-Edge
X-Edge-Location-Klb
X-RateLimit-Remaining
X-Template
Nginx-Cache
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Protected-By
X-Shield-Request-Id
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-TTL
TCN
X-Forwarded-For
X-T
S
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
Content-MD5
X-Id
Edge-Cache-Tag
X-Mid
Realpath
Fastcgi-Cache
SPRequestDuration
SPIisLatency
Front-End-Https
X-MCACHE
X-Ttl
X-CST
X-Recruiting
Pinterest-Generated-By
Filters
Pinterest-Version
X-Pinterest-Rid
X-DynaTrace
X-Request-Processing-Time
X-Request-Received
Server-Node
X-Content
X-Ab
X-Ua-Browser
Server-Name
X-Frontend
X-Correlation-Id
X-ECACHE
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
SPRequestGuid
X-SharePointHealthScore
X-NWS-LOG-UUID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
X-Parallel-Accel
X-HS-Combine-CSS
X-Ezoic-Cdn
X-Yandex-Sdch-Disable
X-Cache-Key
X-Hits
Alternate-Protocol
X-Ser
X-Content-Options
X-Buckets
X-Tt-Trace-Tag
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
X-Server-ID
X-Ruxit-Js-Agent
X-Page-Id
Cleartype
Host
X-B3-Sampled
X-Git-Hash
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Charset
Cache-Tags
X-Www-Served-By
X-Geo-Country
X-DIS-Request-ID
X-Daa-Tunnel
X-Accel-Expires
X-Content-Digest
X-Amzn-Trace-Id
X-Debug-Info
X-Amz-Replication-Status
Filterid
X-Varnish-Age
X-Fastly-Request-Id
X-AppVersion
X-Hostname
X-Az
X-Activity-Id
X-Forwarded-Proto
X-FB-Debug
X-Upgrade-Enabled
TP-Cache
X-VCache
TP-L2-Cache
Access-Control-Allow-Method
X-N
X-Rid
Cross-Origin-Opener-Policy
X-Origin-Server
X-Grace
X-Nginx-Upstream-Cache-Status
X-LB-Cache
X-F-Cache
X-Mobile-URL
X-Route-Name
X-Request-Guid
X-Aspnet-Duration-Ms
ServerID
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Whom
X-XRDS-LOCATION
X-GUploader-UploadID
X-TT
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-App-Environment
X-Tb
Viewport
X-Varnish-Grace
Node
X-FW-Dynamic
X-Distributor
Payment
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-Seen-By
X-WebKit-CSP-Report-Only
X-App-Server
X-Origin-Upstream-Status
X-Type
DC
Paypal-Debug-Id
X-Ratelimit-Limit
X-NGENIX-Cache
X-User-Agent
Fastcgi-Useragent
X-Cache-Control
Accept-Charset
Country
X-Litespeed-Cache
X-Wix-Request-Id
X-Logged-In
X-Cache-Rule
X-Microsite
X-Request-Handler-Origin-Region
X-Fastcgi-Cache
X-Webkit-CSP
X-Fastly-Request-ID
Version
X-DataDome
X-Cache-Age
X-Webkit-Csp
X-Via-JSL
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Amp-Access-Control-Allow-Source-Origin
Referer-Policy
X-Drupal-Cache-Tags
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
Refresh
X-Contextid
X-Node-Name
X-Signature
X-Load-Cache
X-Cluster-Name
X-B-Cache
Cache-Status
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-Mobile
Access-Control-Request-Headers
X-Page-View
X-Proxy-Cache-Status
X-Cacheable-TTL
X-Cache-Expired-At
X-Real-IP
X-Jobs
X-Is-Bot
X-Cache-Action
X-Vgn-Hpd-Reason
X-Rendered-As
VIX-Pulpo-Node
X-B
NGB
X-UUID
X-Revision
X-ProcessESI
VIX-Pulpo-Upstream-Status
X-RemovedCookies
X-Debug
X-Device-Type
X-Yottaa-Metrics
X-Instance
X-Yottaa-Optimizations
X-IPLB-Instance
X-Rule
X-Cache-Time
Surrogate-Key
X-G
X-Tec-Api-Origin
X-Proxy
X-Tec-Api-Root
X-Tec-Api-Version
X-Drupal-Cache-Contexts
X-Framework
X-Debug-IsPreview
X-Debug-IsConnected
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Air-Source
X-Air-Hostname
X-FW-Version
Akamai-GRN
CF-IPCountry
X-TEC-API-VERSION
X-Air-Trace-Id
SID
DynaTrace
X-Presslabs-Stats
Liferay-Portal
X-Azure-Ref
Healthy
X-Nginx-Cache
GEO-INFO
X-Oneagent-Js-Injection
X-Ratelimit-Reset
X-CDN-Forward
Frame-Options
X-PressLabs-Stats
X-Source
Count-Hit
X-Ms-Version
X-Ms-Request-Id
X-Cache-Operation
X-Accel-Buffering
Ms-Operation-Id
MS-CV
X-RTag
Uber-Trace-Id
X-XRDS-Location
X-RateLimit-Limit
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-L-Path
Xserver
X-Environment-Context
Countrycode
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Hit
X-Zen-Fury
X-Tumblr-Pixel-1
X-Tumblr-User
X-Varnish-Server
X-Mode
X-Backend-Name
Ec-Rule-Version
X-Cache-NGX
Cross-Origin-Window-Policy
X-Forwarded-Host
X-Region
X-IPS-LoggedIn
Backend
X-Servername
X-Content-Powered-By
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Detected-As
X-RN-RSRV
X-Cache-Type
X-JoinUs
Protected
X-SaId
X-Cache-TTL-Remaining
Meta-Geo
X-Routing-Service
X-ShopId
X-Debug-Cache
X-Extlb
X-Zipkin-Id
X-Sorting-Hat-ShopId
X-NewRelic-App-Data
X-Tid
Eomportal-Instance
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Fastly-SSL
Apigw-Requestid
X-Alternate-Cache-Key
X-Redis-Cache
X-Uri
X-Cache-Grace
X-Varnish-Beresp-Grace
Section-Io-Cache
X-Proxied
Country-Code
X-Sorting-Hat-PodId
X-Hosted-By
X-Sql-Duration-Ms
X-ShardId
X-Shopify-Stage
X-Human
X-Sql-Count
X-Generation-Time
Url
X-BYPASS-REASON
X-UA-Device-Type
X-PHP-Backend
X-Microcachable
X-Via-Fastly
X-PERF
Mn-Server-Ip
X-ServerID
X-ApacheServer
X-Status
X-Origin-Date
X-Storage
X-ProxyCache-Status
Cache-Name
X-ProxyCache-Key
X-FB-TRIP-ID
X-Site-Version
X-NCache
X-Cache-Server
X-No-Session
X-Soup
DB-Nickname
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
Selected-Fe
TWC-Connection-Speed
X-Server-W
X-PCL
X-Say-TTL
X-Timing-Wait
X-Cluster-Node
X-NYM-Debug-Backend
X-Say-Cacheable
X-Web-Node
X-Proxy-Build
X-OCL
X-Cache-Host
X-SayCDN-TTL
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Adobe-Content
X-Format
X-Akamai-Edgescape
X-Adobe-Loc
X-Origin-Hint
TWC-Locale-Group
Webcakes-Region
SRV
X-Content-Age
Cache-Tv-Group
X-Access
X-Section
X-Varnishpool
X-Hl-Ver
OT-Force-Account-Verify
X-Pubstack
X-R9-Blue-Green-Version
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
Azure-RegionName
Content-Secure-Policy
X-Hyper-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-Be
CDN-PullZone
CDN-Uid
X-LSADC-Cache
CDN-RequestId
CDN-Cache
CDN-RequestCountryCode
X-Generated-By
LB
X-Azure-Ref-OriginShield
WPO-Cache-Message
X-Ua
WPO-Cache-Status
Content-Disposition
Source
X-Cached-By
Cache
X-SRV
X-TIME
X-Nginx-Cache-Key
X-App-Version
X-Unique-Id
X-LAGOON
X-Bc-Bl
X-TT-LOGID
X-Trace-Id
Cache-Hits
X-Auto-Login
X-Dc
X-Origin-TTL
X-Origin-CC
X-HTML-Minification-Powered-By
X-Varnish-Hits
X-TNCMS
Xet-Cookie
X-Varnish-Hostname
X-GEO
Mime-Version
X-Loop
Retry-After
X-Amz-Meta-S3cmd-Attrs
X-S-Maxage
X-Akamai-Transformed
X-Platform-Server
X-Cdn
X-Time
X-Ratelimit-Remaining
HostName
X-Xfnlog-Site
Onion-Location
X-Cache-Var-Map
Web-Mar-Node
X-CSRF-Token
X-Cache-Remote
X-Cache-Var
X-Cache-Tags
X-Proto
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Edge-Location
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
Webserver
X-Endurance-Cache-Level
X-Time-Microsecs
X-Request-Time
X-Tenant
ServedBy
X-AOL-HN
X-ECache
X-VWS-Id
X-AWS-Id
X-Xrds-Location
X-EC-Lua
N-Cache
X-LJ-Flow-ID
X-GG-Cache-Date
WP-Super-Cache
CloudFront-Viewer-Country
X-Request-Host
Ms-Author-Via
Nel
X-Correlation-ID
X-M-Log
X-M-Reqid
X-B3-SpanId
X-Qnm-Cache
X-Mg-Request-UUID
From-Origin
X-Labrador-Cache-Channel
X-Amz-Apigw-Id
X-Via-NSCOPI
X-Origin-Response-Time
X-FireWall-Port
X-PHP-Host
X-Amzn-RequestId
DCR-Processing-Time-Ms
DCR-Decision-By
X-A-Ccd
CDCHOST
A
X-A-Dcw
BehaviorPad-Version
X-A
X-A-Dam
V-Age
Surrogated-Key
Odigeo-Trace-Id
Origin
Pramga
Rendered-Blocks
Redirect-Candidate
Mobile-Detection-Method
User-Cache-Control
Sslversion
Expiry
Fastcgi-X-Cache-Version
L
Meta-Geo-Continent
DSUID
X-Hnp-Log
X-S-Cookie
X-S
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-Rojux
X-Processor
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Shop-Environment
X-Slack-Backend
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Path
X-V-Cache
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-TIM-N
X-PAYTM-SRV-ID
X-Orig-Expires
X-CF-Lambda-Fn
X-Cache-NE
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cluster
X-Block-Status
X-B-Cookie
X-A-Wwc
X-Aed
X-Application
X-ARC
X-Conf
X-Connection-Hash
X-Gen-Mode
X-Ig-Push-State
X-NAPM-TraceId
X-ND-Cache
X-Ftr-Request-Id
X-Forwarded-Path
X-D
X-Destination
X-Developer
X-External-Request-Id
X-A-Dgt
X-Cache-Date
X-RCS-CacheZone
X-Hash
X-HN
X-Li-Fabric
Origin-CC
Origin-EX
X-Fetched-On
Release
X-Forwarded-Site
PFcat
X-Li-Pop
L5d-Success-Class
Gh-Request-Id
X-NodeID
X-Old-Content-Length
X-Origin-Expires
Ha-Gx-Prefs
HA-Ipaddr
X-Fastly-Cache
X-Mvc-Supplant-Cachable
Host-ID
X-LI-UUID
X-Eu-Site
Wxu-Next-Commit
X-Cache-Info
X-Varnish-Ttl
X-CGP
Wxu-Next-Hostname
Wxu-Next-Region
X-Backend-State
X-Accel-Expires-Debug
X-Cache-Bucket
X-Core-Mission
X-Csrf-Jwt
X-Envoy-Decorator-Operation
State
Ssr
X-Epic-Correlation-Id
Svr
X-Device-Os
True-Client-Country-4JS
Traceparent
X-Date
X-Owner
X-Men
X-Storefront-Renderer-Rendered
X-Sucuri-Cache
X-Sucuri-ID
X-Skip-Cache
X-Server-IP
X-Scheme
X-Served-From
X-UnsetCookies
X-Varnish-Beresp-Status
Vix-Hermes-Req-Id
X-Aicache-OS
X-Request-URI
X-Webstats-RespID
X-Cache-Enabled
X-VarnishDD-TTL
X-VServer
X-Rocket-Nginx-Serving-Static
Arc-Country
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Policy
Cmstype
X-RateLimit-Remaining-Second
Cmsid
X-Locale
X-Handled-By
Server-Info
X-Zone
Fastly-Drupal-Html
X-MP-GENERATED-AT
X-NWS-UUID-VERIFY
Environment
X-Datadog-Sampling-Priority
X-Node-Id
X-VG-TLSProxy
X-Datadog-Parent-Id
X-Core-Value
X-Cache-Id
X-Bip
X-BBC-Edge-Cache-Status
X-Viewer-Country
X-ATG-Version
X-Branch-Name
X-Cache-Debug
X-Cdn-Origin
X-Datadog-Trace-Id
X-Nyt-Route
X-Platform
X-Cdn-Srv
X-Thanos
X-Location
X-GeoIP-City
X-GeoIP
X-Geo-Header
X-VC-Cache
X-Gzip
X-Reqid
X-Level-Front-Cache
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Rocket-Build-Number
X-Generated-On
X-Gdpr
X-Region-Sid
X-Req
X-TH-Server
X-Request-Start
X-Thinkindot-L3
X-Esi-Check
X-Sn-Servicetimems
X-Gamma-Serve
X-Sigma
X-Sigma-Backend
X-Fastly-Backend
X-TrackingId
X-Origin-Time
Apple-News-Services-Request-Url
CacheControlHeader
Thinkindot-Control
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
We-Hiring
AKAMAI
Apple-News-Services-Handled
Thinkindot-CacheControl-Type
Mail-Subject
Fastly-GeoIP-CountryCode
Locid
Machine
Fastcgi-Cache-TTL
Req-Svc-Chain
TDXMobile
Server-Host
Web-Mar-Region
Thinkindot-CacheControl
X-Magnolia-Registration
X-Adobe-Source
X-Origin
X-Pod-Name
X-Response-By
Platform
Fastly-SWR
Fastly-SIE
X-FC-Vary-Parameters
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-DefHash
X-DefElseHash
X-DPWN-IS-SECURE
X-Developers
X-Cache-Config
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Worker
NM-Fastcgi-Cache
NGX
X-Loc
Memcached
X-Varnish-CookieHashed-On
X-Variation
X-Amzn-Remapped-Content-Length
X-NU-AKA-ACS-Version
X-Tx-Id
Is-Eu
Adler-Geo
X-Trace-ID
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Beresp-Ttl
X-Ua-Device
X-CS
X-GeoIP-Country-Code
X-CACHE-KEY
X-Backend-TTL
X-GeoIP-Region-Code
X-CLOUD-TRACE-CONTEXT
X-Has-Esi
Cf-Device-Type
X-Mvc-Supplant-OutputCached
X-JWT-State
X-Is-Gdpr
Datacenter
X-Up
Pics-Label
X-LB-ID
X-Generated-In
CDN
Candidate-Md5Url
X-API-Version
X-NC
X-Datadome
S-Rt
Magicmarker
X-LB-NoCache
Kp-EeAlive
X-DynaTrace-JS-Agent
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popn
X-Via-Popv
Env
X-Vc
Memory
X-DC
X-Restarts
WebServer
Time
X-Via-Poph
X-TraceId
On-Server
WWW-Authenticate
NtCoent-Length
X-Cache-Ttl
X-Akamai-Request-ID2
X-Http-Reason
X-Tt-Logid
X-RPS
X-RSL
X-Cache-Backend
X-Optimistic-Header
X-Edge-Pop
X-Wix-Viewer-Type
X-RPM
Edge-Cache
X-TA-CDN-Provider
X-DW
Esi-Enabled
X-Action
X-DI
X-DB
X-DSS
GeoIp-Country-Code
X-CacheTTL
X-Refresh
X-Servedbyhost
X-Service
C-Via
X-Esi
X-Minions-Version
X-Parent-Response-Time
Accept-Language
X-Srv
X-Unique-ID
X-MSEdge-Features
X-MSEdge-Flight
X-Cache-PHP
X-HA-Backend
Server-ID
X-Varnish-Beresp-TTL
X-Cs
X-Newrelic-Synthetics
X-TX-ID
X-ZONE
X-Urbn-Context-Path
X-VCL-Version
X-Cache-Status-Check
Locale
X-Urbn-Site-Id
X-Render-Time
X-Webkit-CSP-Report-Only
X-Dynatrace
X-Fpc
X-App
X-Ec-Fail
X-LI-Proto
X-Traceid
X-User
X-Ec-GeoHdr
X-URL
X-Webkit-Csp-Report-Only
Test
X-Li-Proto
Proxy-Connection
X-LiteSpeed-Cache-Control
X-B3-Spanid
X-FPC
X-AIR-PT
X-Info
X-NODE
X-Pass-Why
Tcn
X-Clientip
X-Vcl-Version
Cdnsip
Server-Id
Cdncip
Geo-Info
X-AK-Request-ID
X-WADP-Cache
X-Fmm-Version
X-Clara-WADP
M-TraceId
HIT
X-Oss-Request-Id
X-Oss-Object-Type
Cluster
X-Oss-Server-Time
Cache-Host
UCS
X-Oss-Storage-Class
My-App
X-Oss-Hash-Crc64ecma
Tracecode
Request-ID
X-Var-Ttl
Fastly-Drupal-HTML
X-CUA
Geoip-Latitude
Cf-Int-Pingora-Origin-Digest
Resin-Trace
S-Cnection
X-HostName
X-LiteSpeed-Tag
X-CSRF-TOKEN
X-From
X-ID
Lfy
T-Server
X-Ha-Backend
GeoIP-Country-Code
Hostname
Lang
X-Edge-POP
Hit
X-RAMCache
X-Fragments
X-Pad
X-Mcache
Ohc-File-Size
User-Agent
X-ServedByHost
X-Micro-Cache
Fastly-Backend-Name
X-Dynatrace-Js-Agent
X-Geo
X-Via-PopV
X-Release
X-Backend-Host
X-Via-PopH
ENV
X-WP-CF-Super-Cache
X-BBC-Origin-Response-Status
X-RateLimit-Reset
Target-Params
X-Via-PopN
X-WP-CF-Super-Cache-Cache-Control
X-ElasticPress-Query
MIME-Version
X-Edge-Cache
X-Cdn-Forward
Load-Balancing
DataCenter
X-VC
X-APP
X-Api-Version
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-NGINX-Cache
X-BCube-Filmed-By
X-Check-Cacheable
Lb
X-Fastly-Backend-Reqs
X-Ucs
X-Client-Ip
EpKe-Alive
URI
X-ServerName
X-HS-Status
Servername
X-Httpd
X-UP
Permissions-Policy
FSS-Cache
X-Proxy-Cache-Info
X-GoCache-CacheStatus
CPC-Age
Uri
PICS-Label
Path
CPC-Cache
X-Lb-Nocache
Cache-Key
VNS-Cache
X-Amz-Meta-Cb-Modifiedtime
X-WA-Info
VNS-Age
X-WA
X-TRACE-ID
Cteonnt-Length
X-Lb-Id
X-Wikidot-Backend
X-Nc
X-Wikidot-Static-Cache
Cneonction
WZWS-RAY
Producers
ServerName
X-Cdn-Request-ID
X-B3-ParentSpanId
Server-Ttl
X-Fastly-Cache-Hits
Ohc-Cache-HIT
X-ES-SERVER
Cdn
X-UA
X-Provided-By
X-Dw-Trace-Id
Shield-Pop
X-Acquia-Application-Trace
X-SB
X-Vcache
X-Apw-Access-Object
X-Apw-Access-Action
X-Akamai-ERPolicy
X-Apw-Access-Token
X-Apw-Hits
X-Acquia-Purge-Tags
X-Acquia-Site
X-Cache-ASPX
X-Acquia-Application-UUID
X-Snapshot-Date
X-Yottaa-OS
X-Akamai-ERRuleID
Pagetype
X-Cache-CFC
CF-Cached-On
Vha6-Origin
X-Cms-Context
X-Swift-Error
X-Newrelic-App-Data
X-Contensis-Viewer-Groups
X-PJAX-URL
X-Pool
Cf-Ipcountry
X-Cache-Ngx
Sid
X-Air-Pt
X-Platform-Processor
X-Akamai-Request-ID
X-Platform-Router
GeoIP-Latitude
X-Platform-Cluster
X-Udemy-Cache-App-Namespace
X-Last-Modified
Req-ID
X-Logging-Id
X-CacheKey
X-Akamai-Pragma-Client-IP
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Varnish-Authentication
X-Via-Ucdn
CountryCode
X-Sentry-ID
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
MD5-Digest
X-Miniprofiler-Ids
Ngx
X-Hcs-Proxy-Type
X-Te-Duration-Ms