Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-LiteSpeed-Cache
X-Server
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
X-Amz-Version-Id
EagleEye-TraceId
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Host
X-Server-Id
X-Backend-Server
X-Node
Cf-Railgun
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
X-Language
Xkey
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Application-Context
Content-Location
X-Template
Accept-Ch-Lifetime
Rating
X-Country
X-B3-TraceId
X-Ua-Compatible
X-Cloud-Trace-Context
X-Cache-Lookup
X-Ac
X-Url
Allow
X-Content-Type
Accept-CH-Lifetime
X-Buckets
X-Trace
X-TtlSet
X-Vname
X-PC
X-Mod-Pagespeed
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-ESI
Cache-Tag
Fastly-Restarts
X-Rack-Cache
Service-Worker-Allowed
X-Server-Name
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-GitHub-Request-Id
X-MS-InvokeApp
X-Upstream
X-Amz-Rid
X-Vcap-Request-Id
X-Dw-Request-Base-Id
Public-Key-Pins
X-D2id
X-Client-IP
X-Cached
X-Abt-Application-Version
X-Origin-Cache
MS-Author-Via
X-Cache-TTL
X-Cnection
X-Px
Arr-Disable-Session-Affinity
X-Goog-Hash
X-Powered-By-Plesk
X-Country-Code
X-Navigation-Version
Access-Control-Request-Method
X-Instrumentation
X-Server-Lifecycle-Phase
X-Aws-Lambda-Call-Status
X-Kraken-Loop-Name
X-Version
X-NF-Request-ID
Accept-Ch
X-ORACLE-DMS-ECID
RTSS
X-ORACLE-DMS-RID
X-Amz-Server-Side-Encryption
X-Powered-CMS
Display
X-Sol
X-Middleton-Display
Pagespeed
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Response
X-Middleton-Response
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-MSEdge-Ref
X-LLID
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-CST
Nginx-Cache
X-Shield-Request-Id
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
S
X-TTL
AR-ATIME
AR-CACHE
AR-Request-ID
Content-MD5
AR-PoweredBy
AR-SID
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-T
X-Protected-By
X-Content-Security-Policy-Report-Only
X-Forwarded-For
TCN
X-Id
X-Mg-S
X-Aspnetmvc-Version
Fastcgi-Cache
X-Mid
X-MCACHE
X-RateLimit-Remaining
Realpath
Front-End-Https
SPIisLatency
X-Parallel-Accel
SPRequestDuration
Edge-Cache-Tag
X-Recruiting
Filters
X-Request-Received
X-Request-Processing-Time
X-Ttl
Fusion-Content-Id
Pinterest-Generated-By
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Pinterest-Version
Fusion-Component-Id
X-Pinterest-Rid
Fusion-Source
Server-Node
X-Content
X-Ab
X-Ua-Browser
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace
X-Correlation-Id
X-Ezoic-Cdn
Server-Name
Alternate-Protocol
X-NWS-LOG-UUID
X-Accel-Expires
X-Frontend
X-HS-Cache-Config
X-ECACHE
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Hits
X-Yandex-Sdch-Disable
X-Cache-Key
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Content-Options
Cache-Tags
X-Page-Id
MicrosoftSharePointTeamServices
Charset
Host
Cleartype
X-B3-Sampled
X-Git-Hash
X-Server-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Www-Served-By
X-Geo-Country
X-Ruxit-Js-Agent
X-Content-Digest
TP-L2-Cache
X-Amz-Replication-Status
X-Ser
TP-Cache
X-Forwarded-Proto
Filterid
X-Fastly-Request-Id
X-VCache
X-Varnish-Age
X-Amzn-Trace-Id
X-Hostname
X-Activity-Id
X-Az
X-AppVersion
X-XRDS-LOCATION
X-Daa-Tunnel
X-Rid
X-Debug-Info
X-DIS-Request-ID
Access-Control-Allow-Method
X-Origin-Server
X-Grace
X-Upgrade-Enabled
X-Request-Handler-Origin-Region
X-Microsite
X-N
X-Origin-Upstream-Status
X-LB-Cache
X-FB-Debug
X-Nginx-Upstream-Cache-Status
ServerID
X-Mobile-URL
X-Is-Crawler
X-TT
X-Whom
X-Flags
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Aspnet-Duration-Ms
X-Goog-Generation
X-F-Cache
X-NGENIX-Cache
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Cross-Origin-Opener-Policy
X-App-Server
X-App-Environment
X-Varnish-Grace
X-WebKit-CSP-Report-Only
X-PressLabs-Stats
Viewport
Payment
X-Distributor
X-Tb
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-FW-Serve
X-FW-Static
Node
X-FW-Server
X-Cache-Control
X-Logged-In
Paypal-Debug-Id
DC
Fastcgi-Useragent
X-Seen-By
X-Type
X-User-Agent
X-Cache-Age
Accept-Charset
Country
X-Ratelimit-Limit
X-Cache-Rule
X-Varnish-Backend
X-Webkit-CSP
X-Browser-Type
X-Fastly-Request-ID
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Wix-Request-Id
Version
X-Node-Name
X-DataDome
X-Load-Cache
X-Cache-Action
X-Via-JSL
X-IPLB-Instance
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
SD-X-WS
Cache-Status
Refresh
Referer-Policy
X-Response-Served-From
X-Original-Request-Id
Access-Control-Request-Headers
X-Drupal-Cache-Tags
X-Jobs
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
VIX-Pulpo-Upstream-Status
X-Page-View
X-Is-Bot
X-Proxy-Cache-Status
X-Rendered-As
X-Vgn-Hpd-Reason
X-UUID
X-Revision
X-Real-IP
X-Cacheable-TTL
X-B
X-Cluster-Name
X-Contextid
X-Debug
VIX-Pulpo-Node
NGB
Amp-Access-Control-Allow-Source-Origin
X-Yottaa-Metrics
X-Yottaa-Optimizations
DynaTrace
X-Rule
X-Cache-Expired-At
X-Signature
X-B-Cache
X-Device-Type
Liferay-Portal
X-Drupal-Cache-Contexts
X-RemovedCookies
Akamai-GRN
X-ProcessESI
X-Instance
X-Cache-Time
X-G
Surrogate-Key
X-Mobile
X-Framework
X-Proxy
X-Tec-Api-Root
X-Tec-Api-Origin
X-Debug-IsPreview
X-Debug-IsConnected
X-Tec-Api-Version
CF-IPCountry
X-Fastcgi-Cache
X-Azure-Ref
Healthy
X-FW-Version
SID
X-Source
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Ms-Request-Id
X-Ms-Version
Frame-Options
X-Nginx-Cache
MS-CV
X-RTag
X-Cache-Hit
Ms-Operation-Id
Section-Io-Cache
X-Tumblr-Pixel
Countrycode
X-CDN-Forward
X-Tumblr-Pixel-1
X-Tumblr-User
X-Oneagent-Js-Injection
X-Tumblr-Pixel-0
X-Environment-Context
X-L-Path
Xserver
X-Varnish-Server
Count-Hit
X-APP-VERSION
X-Cache-Operation
X-Region
GEO-INFO
X-XRDS-Location
X-Servername
X-Forwarded-Host
Uber-Trace-Id
X-EdgeConnect-Cache-Status
X-Content-Powered-By
X-Backend-Name
X-Mode
Backend
Cross-Origin-Window-Policy
X-Accel-Buffering
X-IPS-LoggedIn
X-Adobe-Content
X-Adobe-Loc
X-Litespeed-Cache
Ec-Rule-Version
X-Zen-Fury
X-JoinUs
Meta-Geo
X-SaId
X-UPSTREAM-Address
Nel
X-RN-RSRV
X-Detected-As
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
Eomportal-Instance
X-Debug-Cache
X-Hosted-By
X-Cache-Grace
X-ShardId
X-Cache-Type
X-Alternate-Cache-Key
X-Generation-Time
X-Sorting-Hat-ShopId
X-ServerID
Country-Code
X-ProxyCache-Status
X-PHP-Backend
X-Storage
Url
Decoy-Debug-Key
Apigw-Requestid
X-ProxyCache-Key
X-Sql-Duration-Ms
Cache-Tv-Group
Decoy-Debug-Status
X-Cache-TTL-Remaining
Decoy-Debug-TTL
X-Redis-Cache
X-BYPASS-REASON
X-FB-TRIP-ID
X-Origin-Date
X-Microcachable
X-Sql-Count
X-Uri
X-Cache-Server
X-Status
X-Varnish-Beresp-Grace
X-Human
X-OCL
X-Proxy-Build
Fastly-SSL
X-No-Session
X-Origin-Hint
Cache-Name
X-Say-Cacheable
X-Format
Property-Id
X-Say-TTL
X-NCache
TWC-Connection-Speed
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
X-Cache-Host
Mn-Server-Ip
X-Timing-Wait
X-Site-Version
X-SayCDN-TTL
X-Web-Node
TWC-Device-Class
Webcakes-Region
Selected-Fe
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-PCL
X-UA-Device-Type
Protected
X-Akamai-Edgescape
X-Ratelimit-Reset
X-Server-W
X-Section
Azure-Version
Azure-SlotName
X-Extlb
Azure-RegionName
X-Zipkin-Id
X-Access
X-Varnishpool
DB-Nickname
Azure-SiteName
Azure-InstanceId
X-NYM-Debug-Backend
X-Time
X-Routing-Service
X-Azure-Ref-OriginShield
X-Proxied
X-Hl-Ver
X-R9-Blue-Green-Version
X-PERF
X-ApacheServer
X-Pubstack
OT-Force-Account-Verify
X-RateLimit-Limit
X-LSADC-Cache
X-Cluster-Node
X-Be
X-Via-Fastly
X-Cache-NGX
X-Tid
Content-Secure-Policy
X-Rewrite-Enabled
X-Ua
X-SRV
Source
X-Soup
X-Content-Age
X-HTML-Minification-Powered-By
X-NewRelic-App-Data
X-Cache-Var-Map
X-Amz-Meta-S3cmd-Attrs
Content-Disposition
X-Cache-Var
X-Cached-By
X-Webkit-Csp
X-App-Version
SRV
X-Unique-Id
CDN-CachedAt
X-LAGOON
CDN-Cache
CDN-RequestCountryCode
CDN-RequestId
Cache
CDN-Uid
CDN-EdgeStorageId
CDN-PullZone
X-Generated-By
Webserver
X-Bc-Bl
X-Varnish-Hits
X-Varnish-Hostname
X-TT-LOGID
X-Loop
X-TNCMS
X-Dc
X-S-Maxage
X-Hyper-Cache
Onion-Location
Retry-After
X-Auto-Login
X-Origin-CC
X-Origin-TTL
X-Tumblr-Pixel-2
X-GEO
X-Presslabs-Stats
X-Tumblr-Pixel-3
X-ECache
Web-Mar-Node
X-Proto
X-Nginx-Cache-Key
Xet-Cookie
X-M-Reqid
Cache-Hits
X-Time-Microsecs
X-Tenant
X-Endurance-Cache-Level
X-Qnm-Cache
X-M-Log
X-CSRF-Token
X-Edge-Location
X-Cdn
X-Ratelimit-Remaining
X-VWS-Id
Mime-Version
X-Platform-Server
X-LJ-Flow-ID
X-AWS-Id
X-GG-Cache-Date
X-Akamai-Transformed
X-Trace-Id
HostName
X-Mg-Request-UUID
LB
CloudFront-Viewer-Country
X-PHP-Host
X-CACHE-KEY
X-Labrador-Cache-Channel
X-Amz-Apigw-Id
X-Amzn-RequestId
N-Cache
X-Xfnlog-Site
X-B3-SpanId
X-Cache-Tags
X-Storefront-Renderer-Rendered
X-RCS-CacheZone
X-Varnish-Cache-Hits
WPO-Cache-Message
X-Request-Time
X-Adobe-Source
X-Origin-Response-Time
Upgrade-Insecure-Requests
WPO-Cache-Status
X-VC-Cache
X-Cache-Remote
X-Locale
X-Handled-By
X-AOL-HN
X-B-Cookie
X-SRCache-Key
X-ARC
X-SVT-ORM-RULES
X-Cache-Date
X-Processor
X-ND-Cache
X-SVT-ORM-VERSION
X-Slack-Backend
A
X-Planisys-CDN-TTL
X-Reqid
X-NAPM-TraceId
X-Request-Host
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Cluster
X-Ckpd-Fst-Backend
X-CF-Lambda-Version
X-V-Cache
BehaviorPad-Version
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-CF-Lambda-Fn
X-TIM-N
X-Aed
Mobile-Detection-Method
Odigeo-Trace-Id
Meta-Geo-Continent
X-S
X-A
X-S-Cookie
Origin
X-Rojux
Rendered-Blocks
State
Redirect-Candidate
Pramga
Surrogated-Key
X-A-Ccd
X-ScT
X-A-Dgt
DCR-Decision-By
X-Session-Fingerprint
X-Shop-Environment
X-Conf
X-A-Wwc
DCR-Processing-Time-Ms
DSUID
Fastcgi-X-Cache-Version
X-SD-PageType
Expiry
X-A-Dam
X-A-Dcw
X-Application
X-Cache-NE
X-Ig-Push-State
X-Forwarded-Path
X-Developer
X-Ftr-Request-Id
X-Vdms-Path
X-ATG-Version
X-VG-WebCache
X-Via-NSCOPI
X-External-Request-Id
X-Vdms-Version
X-Destination
X-Vtex-Processado-Em
Xc-Version
X-Connection-Hash
X-Orig-Expires
X-D
X-Vtex-Remote-Cache
X-Xrds-Location
ServedBy
Server-Info
Environment
Ms-Author-Via
Datacenter
X-MP-GENERATED-AT
X-Correlation-ID
X-LI-UUID
X-Old-Content-Length
Release
X-Server-IP
X-Gdpr
X-Location
X-Accel-Expires-Debug
Cmsid
Cmstype
X-Hnp-Log
CacheControlHeader
X-Li-Fabric
Wxu-Next-Hostname
X-Li-Pop
Wxu-Next-Commit
L
V-Age
Wxu-Next-Region
X-Hash
X-Block-Status
Fastcgi-Cache-TTL
X-Core-Mission
Gh-Request-Id
X-Mvc-Supplant-Cachable
X-Date
X-Gen-Mode
X-Nyt-Route
X-VServer
X-Origin-Expires
User-Cache-Control
X-VG-TLSProxy
X-Sucuri-Cache
X-Policy
X-Cache-Info
X-Sucuri-ID
X-Epic-Correlation-Id
X-Device-Os
X-Fastly-Cache
X-Proxy-Upstream
X-Forwarded-Site
X-Origin-Time
X-Men
X-Cache-Bucket
X-Fetched-On
Vix-Hermes-Req-Id
AMP-Access-Control-Allow-Source-Origin
X-TIME
X-Irp-Debug
Thinkindot-CacheControl
TDXMobile
True-Client-Country-4JS
Thinkindot-Control
X-HN
X-HS-Content-Campaign-Id
Thinkindot-CacheControl-Type
X-Req
X-Aicache-OS
X-Platform
X-Cache-Id
X-Owner
X-Esi-Check
X-Developers
X-Cdn-Origin
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Cache-Config
X-Fastly-Backend
X-NodeID
X-Gzip
Web-Mar-Region
X-GeoIP-City
X-GeoIP
X-Branch-Name
X-Gamma-Serve
X-Geo-Header
We-Hiring
Fastly-GeoIP-CountryCode
Apple-News-Services-Handled
Apple-News-Services-Host
AKAMAI
X-Skip-Cache
X-Sn-Servicetimems
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Candidate-Md5Url
X-Sigma
X-Sigma-Backend
Origin-EX
X-Thinkindot-L3
X-TrackingId
X-Core-Value
X-Cache-Debug
X-Viewer-Country
X-TH-Server
CDCHOST
X-Magnolia-Registration
From-Origin
X-Varnish-Beresp-Status
X-VarnishDD-TTL
X-BBC-Edge-Cache-Status
X-EC-Lua
X-Served-From
Origin-CC
Host-ID
PFcat
Server-Host
X-Rocket-Nginx-Serving-Static
Locid
X-Rocket-Build-Number
X-Scheme
Mail-Subject
Traceparent
Req-Svc-Chain
X-DPWN-IS-SECURE
X-Eu-Site
X-DefHash
X-NU-AKA-ACS-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
NM-Fastcgi-Cache
X-DefElseHash
X-Webstats-RespID
X-FC-Vary-Parameters
X-Zone
Platform
Fastly-SWR
Fastly-SIE
X-Has-Esi
X-Origin
X-Envoy-Decorator-Operation
X-Is-Gdpr
NGX
Arc-Country
X-Rebelmouse-Cache-Control
X-Varnish-CookieHashed-On
X-Level-Front-Cache
X-Request-URI
X-Generated-On
X-Worker
X-Rebelmouse-Surrogate-Control
Svr
X-Csrf-Jwt
X-RateLimit-Remaining-Second
X-Bip
Adler-Geo
Machine
X-Region-Sid
X-Pod-Name
X-RateLimit-Limit-Second
X-Backend-State
Ha-Gx-Prefs
Cf-Device-Type
HA-Ipaddr
X-Amzn-Remapped-Content-Length
L5d-Success-Class
Is-Eu
X-UnsetCookies
X-Thanos
X-Request-Start
Memcached
X-CGP
X-JWT-State
X-Variation
X-Loc
X-CS
X-FireWall-Port
Fastly-Drupal-Html
X-Qloud-Router
X-Tx-Id
Sslversion
X-Node-Id
X-Cdn-Srv
WWW-Authenticate
CDN
X-Trace-ID
X-NC
Ssr
Esi-Enabled
X-API-Version
X-LB-ID
X-Varnish-Beresp-Ttl
X-Response-By
X-CLOUD-TRACE-CONTEXT
X-Up
On-Server
X-Mvc-Supplant-OutputCached
Pics-Label
WP-Super-Cache
X-Generated-In
X-Vc
C-Via
X-Service
Time
Memory
X-Refresh
X-Datadome
X-Cache-Enabled
X-Via-Popn
X-Via-Popv
X-Via-Poph
NtCoent-Length
X-Backend-TTL
X-LB-NoCache
X-Cache-PHP
X-Tt-Logid
X-DynaTrace-JS-Agent
X-TA-CDN-Provider
Env
X-DC
X-Tb-Optimization-Total-Bytes-Saved
X-GeoIP-Country-Code
X-Edge-Pop
X-GeoIP-Region-Code
X-NWS-UUID-VERIFY
X-Varnish-Ttl
X-Dynatrace
X-Cache-Status-Check
X-TraceId
GeoIp-Country-Code
Magicmarker
X-Optimistic-Header
X-Parent-Response-Time
X-Render-Time
X-Info
X-Varnish-Beresp-TTL
X-Servedbyhost
X-CacheTTL
Kp-EeAlive
X-Restarts
X-Esi
X-Ua-Device
S-Rt
X-ZONE
X-Unique-ID
Server-ID
X-TX-ID
X-AIR-PT
X-Webkit-Csp-Report-Only
X-Cs
X-Srv
X-Cache-Backend
X-MSEdge-Features
X-Clientip
X-MSEdge-Flight
Edge-Cache
X-Wix-Viewer-Type
Proxy-Connection
Cache-Host
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
WebServer
X-Oss-Request-Id
X-RPM
X-DW
X-Action
X-DI
X-DB
UCS
X-VCL-Version
X-RSL
X-Oss-Server-Time
X-Oss-Storage-Class
HIT
X-RPS
X-DSS
X-LI-Proto
X-HA-Backend
X-App
X-Fpc
X-Cache-Ttl
X-Minions-Version
X-Newrelic-Synthetics
X-Li-Proto
X-Traceid
S-Cnection
X-URL
Lb
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-FPC
Test
X-Akamai-Request-ID2
X-Http-Reason
X-LiteSpeed-Cache-Control
X-Micro-Cache
Fastly-Backend-Name
Server-Id
X-Vcl-Version
User-Agent
X-B3-Spanid
X-NODE
X-Webkit-CSP-Report-Only
Tcn
Geo-Info
Accept-Language
X-Backend-Host
X-Pass-Why
X-User
X-Pad
X-Release
X-BCube-Filmed-By
X-Ec-Fail
X-Ec-GeoHdr
X-ES-SERVER
X-APP
X-Check-Cacheable
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
X-HostName
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-LiteSpeed-Tag
Resin-Trace
X-CSRF-TOKEN
VNS-Age
X-Amz-Meta-Cb-Modifiedtime
VNS-Cache
X-ServedByHost
EpKe-Alive
X-BBC-Origin-Response-Status
CPC-Cache
GeoIP-Country-Code
Path
Cache-Key
X-ID
CPC-Age
Hostname
X-Dynatrace-Js-Agent
M-TraceId
X-Akamai-Pragma-Client-IP
Cdnsip
X-AK-Request-ID
Hit
Ohc-File-Size
X-Ha-Backend
X-Edge-POP
X-Clara-WADP
Cdncip
X-WADP-Cache
X-Fmm-Version
X-WA
Srv
X-WA-Info
X-Geo
Shield-Pop
X-Wikidot-Static-Cache
X-ElasticPress-Query
X-Wikidot-Backend
X-Cdn-Forward
MIME-Version
X-PJAX-URL
Pagetype
X-Cms-Context
X-Via-PopV
ENV
Cluster
My-App
X-Via-PopH
X-Via-PopN
Tracecode
X-Var-Ttl
X-Via-Ucdn
X-From
X-CUA
Lfy
Geoip-Latitude
Load-Balancing
X-Hcs-Proxy-Type
X-Api-Version
X-Edge-Cache
X-CCDN-Origin-Time
X-CCDN-CacheTTL
MD5-Digest
X-HS-Status
X-NGINX-Cache
X-ServerName
X-VG-WebServer
T-Server
X-Ucs
X-Fastly-Cache-Hits
URI
IsBot
X-VC
X-Fastly-Backend-Reqs
X-GoCache-CacheStatus
Server-Hostname
Lang
Servername
X-Fragments
X-UP
X-RAMCache
Sever-Int
X-SIPLIST1
Server-Ext
X-Mcache
W
X-Cache-Expires
X-TRACE-ID
X-Dw-Trace-Id
X-Provided-By
Cdn
Cteonnt-Length
X-B3-ParentSpanId
X-RateLimit-Reset
Cneonction
X-Lb-Id
X-Nc
Target-Params
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
WZWS-RAY
Ohc-Cache-HIT
PICS-Label
X-Cdn-Request-ID
Dnion-Transfer-Encoding
Cf-Ipcountry
X-Platform-Cluster
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
Uri
X-Acquia-Application-Trace
X-Contensis-Viewer-Groups
X-Platform-Router
X-Platform-Processor
X-Cache-ASPX
X-Akamai-Request-ID
X-Swift-Error
X-Cc-Via
Vha6-Origin
X-Apw-Hits
X-Newrelic-App-Data
CF-Cached-On
X-Apw-Access-Action
X-Apw-Access-Object
HitType
X-Apw-Access-Token
X-Via-CDN
X-Yottaa-OS
X-Snapshot-Date
X-Air-Pt
X-Cache-Ngx
Sid
X-Te-Count
X-Te-Duration-Ms
GeoIP-Latitude
X-Last-Modified
X-Akamai-ERPolicy
X-Http-Duration-Ms
X-Akamai-ERRuleID
Server-Ttl
X-CacheKey
X-Lb-Nocache
X-Miniprofiler-Ids
Ngx
X-Sentry-ID
CountryCode
FSS-Cache
X-Logging-Id
Req-ID
X-Varnish-Authentication
X-UA
X-HTML-Edge-Cache
X-B3-Parentspanid
X-Http-Count