Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
P3p
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Backend
X-Akamai-Path-Stats
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-WebKit-CSP
X-Cache-Spec
Cf-Railgun
X-OneAgent-JS-Injection
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
Accept-CH-Lifetime
X-Application-Context
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Url
X-Country
Fastly-Restarts
Accept-Ch
X-MS-InvokeApp
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
RTSS
X-VARITI-CCR
X-Server-Name
Edge-Control
X-ESI
X-Amz-Server-Side-Encryption
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-Content-Type
X-Varnish-TTL
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Dw-Request-Base-Id
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Build
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-Edge
X-D2id
X-Ac
X-Ser
X-Navigation-Version
X-FastCGI-Cache
Verso
X-Element-Page-Cache
X-Client-IP
Pagespeed
X-Powered-By-Plesk
Display
X-Sol
X-Middleton-Display
X-Abt-Application-Version
X-RateLimit-Remaining
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
X-Ttl
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
Response
X-Middleton-Response
X-NF-Request-ID
X-Goog-Hash
Access-Control-Request-Method
SPRequestDuration
SPIisLatency
X-Correlation-Id
X-Kinsta-Cache
X-Cached
AR-ATIME
X-Edge-Location-Klb
AR-CACHE
AR-SID
AR-Request-ID
AR-PoweredBy
X-SharePointHealthScore
SPRequestGuid
X-Ruxit-Js-Agent
X-Powered-CMS
X-Upstream
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Edge-Cache-Tag
X-Instrumentation
X-LLID
X-NWS-LOG-UUID
X-Forwarded-For
Content-MD5
X-Litespeed-Cache
Nginx-Cache
X-TTL
X-Cache-Key
X-RateLimit-Limit
X-Id
X-Shield-Request-Id
X-MSEdge-Ref
Mrf-Cache-Status
MRF-Tech
TCN
X-T
X-Recruiting
X-ECACHE
S
X-B3-TraceId-Primal
X-Daa-Tunnel
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-WebKit-CSP-Report-Only
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Mg-S
X-Ua-Device
X-DataDome
X-Accel-Expires
X-Grace
X-HS-Cache-Config
X-Protected-By
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Ab
X-Ua-Browser
X-Frontend
X-Content
MS-Author-Via
MicrosoftSharePointTeamServices
TP-Cache
X-DynaTrace
TP-L2-Cache
X-Request-Received
X-Request-Processing-Time
X-Ezoic-Cdn
Server-Node
X-Yandex-Sdch-Disable
Filters
X-Webkit-CSP
Front-End-Https
X-PressLabs-Stats
X-Origin-Server
X-Distributor
X-Server-ID
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Geo-Country
X-Mid
X-ORACLE-DMS-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-LB-Cache
X-Hits
X-Amzn-Trace-Id
Charset
Host
Cleartype
X-Oneagent-Js-Injection
X-Debug-Info
X-Webkit-Csp
X-Fastly-Request-Id
X-B3-Sampled
Cross-Origin-Opener-Policy
X-F-Cache
X-Forwarded-Proto
X-Git-Hash
X-Page-Id
X-Cache-Age
X-DIS-Request-ID
X-Ratelimit-Reset
Cache-Status
X-Mcache
Realpath
X-Www-Served-By
Access-Control-Allow-Method
X-Az
X-Seen-By
X-Activity-Id
X-AppVersion
ServerID
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Accept-Charset
Filterid
Cache-Tags
X-Varnish-Age
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Aspnetmvc-Version
X-Content-Options
X-Rid
X-Type
X-Language
Retry-After
X-FB-Debug
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-App-Environment
Country
Server-Name
X-Varnish-Backend
X-XRDS-LOCATION
X-Tb
X-User-Agent
Viewport
X-Upgrade-Enabled
DC
Node
Paypal-Debug-Id
X-TT
X-Drupal-Cache-Tags
X-Oracle-Dms-Ecid
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Permissions-Policy
X-Whom
X-B-Cache
X-Goog-Metageneration
X-GUploader-UploadID
X-Signature
X-Varnish-Grace
X-Goog-Generation
X-Oracle-Dms-Rid
X-Origin-Cache
X-Mobile-URL
X-B
X-Wix-Request-Id
X-VCache
X-MCACHE
Protected
X-NWS-UUID-VERIFY
X-Request-Guid
X-Route-Name
X-Debug
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Amz-Replication-Status
X-Amz-Meta-S3cmd-Attrs
X-Logged-In
X-N
Payment
X-Cache-NGX
X-Load-Cache
Fastcgi-Useragent
X-Via-JSL
Surrogate-Key
X-Cache-Control
WPO-Cache-Message
WPO-Cache-Status
X-Contextid
Count-Hit
Healthy
X-Node-Name
X-Erf-Bev-Bev
Amp-Access-Control-Allow-Source-Origin
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Template
X-Mobile
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-FW-Type
X-FW-Hash
X-FW-Serve
X-Response-Served-From
X-Original-Request-Id
X-Proxy
X-Midtier
Refresh
X-NGENIX-Cache
X-Restarts
Content-Disposition
Akamai-GRN
X-XRDS-Location
X-Revision
X-Jobs
X-Cache-Time
X-G
Url
Uber-Trace-Id
Alternate-Protocol
X-Cache-TTL-Remaining
X-Framework
X-Akamai-Request-ID2
SD-X-WS
VIX-Pulpo-Node
X-Proxy-Cache-Status
X-Device-Type
X-Debug-IsPreview
X-Debug-IsConnected
X-Real-IP
VIX-Pulpo-Upstream-Status
NGB
X-UUID
X-Zen-Fury
X-Adobe-Loc
X-Cacheable-TTL
X-Hostname
X-Servername
X-Drupal-Cache-Contexts
X-Adobe-Content
Access-Control-Request-Headers
X-Fastcgi-Cache
X-Rendered-As
X-Is-Bot
X-Yottaa-Metrics
X-Mg-Request-UUID
X-Instance
X-Yottaa-Optimizations
X-Cache-Grace
X-Http-Reason
X-Varnish-Server
X-Page-View
X-Environment-Context
X-L-Path
Version
X-IPLB-Instance
X-EdgeConnect-Cache-Status
X-Trace-Id
X-ECache
X-Source
X-B3-Traceid
X-HTML-Minification-Powered-By
Accept-Language
X-RTag
MS-CV
Ms-Operation-Id
Frame-Options
Countrycode
X-Fastly-Request-ID
From-Origin
X-Cache-Rule
X-Datadome
Referer-Policy
Liferay-Portal
X-Cache-Hit
X-Cache-Expired-At
X-NYM-Debug-Backend
X-Vgn-Hpd-Reason
X-App-Server
X-Ratelimit-Remaining
Backend
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-IPS-LoggedIn
X-Nginx-Cache
X-COUNTRY
X-FW-Version
Content-Secure-Policy
X-Unique-Id
X-Hosted-By
X-NewRelic-App-Data
X-RN-RSRV
Meta-Geo
X-UPSTREAM-Address
X-Cache-Server
Upgrade-Insecure-Requests
X-FB-TRIP-ID
X-Ua
X-Cache-Enabled
X-PCL
X-No-Session
X-OCL
X-Generation-Time
Property-Id
WP-Super-Cache
S-Rt
X-Server-W
X-Akamai-Edgescape
X-Section
X-Access
X-Request-Time
X-RemovedCookies
Mn-Server-Ip
TWC-Locale-Group
Azure-SlotName
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Region
Webcakes-App-Version
Azure-SiteName
Webcakes-Region
X-ProcessESI
Azure-RegionName
X-Origin-Hint
Azure-Version
Azure-InstanceId
Apigw-Requestid
X-Uri
TWC-Device-Class
X-Cluster-Node
X-AOL-HN
X-Varnish-Cache-Hits
TWC-Connection-Speed
X-PHP-Backend
X-Format
X-Via-Fastly
X-UA-Device-Type
X-Origin-Date
TWC-GeoIP-Country
X-Redis-Cache
TWC-Privacy
Section-Io-Cache
X-Mode
CF-IPCountry
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Labrador-Cache-Channel
X-ShardId
X-Nginx-Cache-Key
X-Locale
X-Alternate-Cache-Key
X-Forwarded-Host
X-ShopId
X-Debug-Cache
X-Parallel-Accel
Eomportal-Instance
X-PHP-Host
X-ApacheServer
X-Be
X-Content-Powered-By
X-Cache-Host
X-BYPASS-REASON
X-Xfnlog-Site
X-Shopify-Stage
X-ProxyCache-Key
X-Storage
X-Status
X-Content-Age
X-ProxyCache-Status
X-PERF
Cache-Tv-Group
X-ServerID
X-LJ-Flow-ID
X-Urbn-Context-Path
X-Cache-Type
X-APP-VERSION
X-Site-Version
X-Backend-Name
X-Sql-Count
X-AWS-Id
X-Tid
X-VWS-Id
X-VC-Cache
Locale
X-Sql-Duration-Ms
X-SayCDN-TTL
X-Varnishpool
X-Urbn-Site-Id
X-SaId
X-Human
X-JoinUs
Fastly-SSL
X-Zipkin-Id
X-Proxied
X-Hl-Ver
X-Routing-Service
X-Say-Cacheable
X-Say-TTL
X-Extlb
X-Generated-By
X-Web-Node
Ec-Rule-Version
X-Cms-Context
X-Cache-Action
X-GG-Cache-Date
X-Cache-Tags
X-Platform-Server
X-Adobe-Source
X-Timing-Wait
X-Handled-By
X-Proxy-Build
Selected-Fe
Load-Balancing
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
CDN-CachedAt
CDN-Cache
CDN-Uid
X-Edge-Location
X-App-Version
X-Storefront-Renderer-Rendered
X-Detected-As
X-Varnish-Ttl
ServedBy
X-Dc
Webserver
X-GeoCountry
SRV
X-GeoCode
X-CDN-Forward
X-Proto
X-LSADC-Cache
X-Ratelimit-Limit
Onion-Location
Web-Mar-Node
X-Rule
X-Cache-Operation
X-Cache-Remote
Fastly-Drupal-Html
X-Cached-By
X-Hyper-Cache
X-Varnish-Hostname
SID
Cache-Hits
X-Rewrite-Enabled
X-GEO
Mime-Version
X-Soup
X-TT-LOGID
X-Cluster
Xet-Cookie
Xserver
X-Cdn
X-Varnish-Hits
X-Magnolia-Registration
X-Pubstack
X-Air-Trace-Id
X-Origin-CC
X-Reqid
X-Origin-TTL
X-Air-Hostname
LB
X-Air-Source
X-Envoy-Decorator-Operation
X-IPLB-Request-ID
Country-Code
Server-Info
X-Microcachable
X-Accel-Buffering
X-TA-CDN-Provider
X-Tumblr-Pixel-2
X-CSRF-Token
X-Tt-Logid
X-Buckets
X-SRV
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
DB-Nickname
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Cache
Source
X-Time
X-Amz-Apigw-Id
X-Ms-Version
X-B3-SpanId
X-Amzn-RequestId
X-Newrelic-Synthetics
X-Ms-Request-Id
X-Request-Host
X-Origin-Response-Time
X-Endurance-Cache-Level
X-Via-NSCOPI
MD5-Digest
Lang
Host-ID
Cmstype
Expiry
Cmsid
Cdnsip
BehaviorPad-Version
Cdncip
A
X-Cache-NE
X-Orig-Expires
X-Ig-Push-State
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Rojux
X-Processor
X-HS-Content-Campaign-Id
X-Hash
X-Forwarded-Path
X-External-Request-Id
X-Ftr-Request-Id
X-Geo-Header
X-Gzip
X-S
X-S-Cookie
X-VG-WebCache
X-User
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-TrackingId
X-TIM-N
X-Session-Fingerprint
X-ScT
X-Shop-Environment
X-SRCache-Key
X-Tenant
X-Esi-Check
X-Epic-Correlation-Id
X-A
T-Server
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Dgt
Surrogated-Key
Sslversion
NM-Fastcgi-Cache
Mobile-Detection-Method
Odigeo-Trace-Id
Pramga
Rendered-Blocks
X-Aed
X-AK-Request-ID
X-Destination
X-D
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-Connection-Hash
X-Conf
X-ARC
X-Application
X-B-Cookie
X-Cache-Id
X-Cdn-Srv
Meta-Geo-Continent
X-A-Ccd
X-NCache
X-RCS-CacheZone
X-Bc-Bl
X-Skip-Cache
State
X-SVT-ORM-VERSION
Server-Host
X-Mvc-Supplant-Cachable
Wxu-Next-Commit
X-Sigma
X-Server-IP
X-Sigma-Backend
Wxu-Next-Region
X-V-Cache
Wxu-Next-Hostname
We-Hiring
Producers
Is-Eu
Machine
Mail-Subject
Fastly-GeoIP-CountryCode
Fastcgi-X-Cache-Version
Environment
X-Via-Ucdn
X-Vdms-Version
Memcached
X-Variation
Platform
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Vdms-Path
X-Varnish-Remaining-TTL
X-SD-PageType
X-Amzn-Remapped-Content-Length
X-Gdpr
X-Origin-Time
X-Fmm-Version
X-Fetched-On
X-DPWN-IS-SECURE
X-Fastly-Cache
X-Origin-Expires
X-GeoIP
X-Irp-Debug
X-NAPM-TraceId
X-Node-Id
X-NodeID
X-Origin
X-Nyt-Route
X-Device-Os
X-Developers
X-Cache-Info
X-CacheTTL
X-Cache-Backend
X-Rocket-Build-Number
DCR-Processing-Time-Ms
X-SB
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-DefElseHash
X-DefHash
X-Core-Value
X-Core-Mission
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Scheme
X-SVT-ORM-RULES
Adler-Geo
AKAMAI
X-WADP-Cache
DCR-Decision-By
Cache-Name
X-Azure-Ref
HostName
X-Varnish-Beresp-Grace
X-Region-Sid
X-Sn-Servicetimems
X-Request-URI
Datacenter
X-Cdn-Origin
X-CGP
Cache-Key
Ohc-File-Size
X-Rebelmouse-Cache-Control
X-Cache-Date
X-Rebelmouse-Surrogate-Control
X-BBC-Edge-Cache-Status
Kp-EeAlive
X-R9-Blue-Green-Version
Vix-Hermes-Req-Id
V-Age
X-SIPLIST1
X-Served-From
X-Aicache-OS
X-Branch-Name
Traceparent
Candidate-Md5Url
X-Rocket-Nginx-Serving-Static
X-Cache-Bucket
X-RateLimit-Limit-Second
X-Gamma-Serve
X-Generated-On
X-Forwarded-Site
X-Eu-Site
X-Platform
X-GeoIP-City
DynaTrace
X-Loc
X-Minions-Version
X-Level-Front-Cache
X-Httpd
X-HN
X-Pod-Name
X-Policy
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-BCube-Filmed-By
Thinkindot-Control
X-Csrf-Jwt
X-Datadog-Trace-Id
X-Qloud-Router
X-Pool
X-Proxy-Cache-Info
X-Cache-Status-Check
X-Proxy-Upstream
X-RateLimit-Remaining-Second
X-Auto-Login
Apple-News-Services-Parsed-Url
Origin
Apple-News-Services-Request-Url
N-Cache
Thinkindot-CacheControl-Type
X-Worker
Origin-CC
Origin-EX
Release
X-Thinkindot-L3
Redirect-Candidate
Apple-News-Services-Handled
PFcat
Apple-News-Services-Host
X-Wikidot-Static-Cache
CDCHOST
Fastly-SWR
Gh-Request-Id
Fastly-SIE
Cluster
X-Viewer-Country
Fastcgi-Cache-TTL
Ha-Gx-Prefs
HA-Ipaddr
X-VG-TLSProxy
X-Wikidot-Backend
L5d-Success-Class
L
CloudFront-Viewer-Country
IsBot
Req-Svc-Chain
X-VarnishDD-TTL
X-Tx-Id
Svr
TDXMobile
Ssr
Thinkindot-CacheControl
NGX
X-Planisys-CDN-Cache
VNS-Age
GEO-INFO
CPC-Cache
Web-Mar-Region
X-Planisys-CDN-Rules
X-Owner
CPC-Age
X-Planisys-CDN-TTL
X-SplitTest
X-Hnp-Log
X-LAGOON
X-Slack-Backend
DSUID
User-Cache-Control
X-Optimistic-Header
X-Gen-Mode
X-Dispatcher-Number
XM
VNS-Cache
X-Ec-Custom-Error
X-Ad-Defer-Variation
X-Xrds-Location
X-Is-Gdpr
X-Scale
X-JWT-State
X-Loop
X-Wix-Viewer-Type
X-Block-Status
X-TNCMS
X-Has-Esi
X-VC
X-CS
X-From
X-WA-Info
X-Refresh
X-Webstats-RespID
X-VServer
X-WP-CF-Super-Cache
CDN
Fastly-Backend-Name
Pics-Label
X-Parent-Response-Time
Server-Hostname
X-WP-CF-Super-Cache-Cache-Control
Server-Ext
Sever-Int
X-Tb-Optimization-Total-Bytes-Saved
X-AIR-PT
X-ZONE
X-Srv
X-Micro-Cache
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Location
AMP-Access-Control-Allow-Source-Origin
X-CACHE-KEY
X-EC-Lua
Servername
X-Ah-Environment
X-LB-NoCache
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Edge-Pop
Locid
Ms-Author-Via
X-Mvc-Supplant-OutputCached
X-Men
Path
Arc-Country
X-Response-By
Env
X-Varnish-Authentication
X-NC
X-Servedbyhost
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popn
Cache-Host
X-Via-Poph
Ngx.Var.Host
X-Via-Popv
X-Old-Content-Length
X-Generated-In
X-Udemy-Cache-App-Namespace
Ohc-Cache-HIT
Lb
X-TIME
X-DI
X-DB
X-DW
X-Varnish-Beresp-TTL
Time
X-DSS
X-RPS
X-RPM
Memory
X-HA-Backend
X-TraceId
X-RSL
X-Proxy-CacheRZ
XkeyRZ
ITXSESSIONID
X-S-Maxage
X-API-Version
X-Akamai-Transformed
X-Date
X-Accel-Expires-Debug
X-RateLimit-Reset
Client
X-GeoIP-Region-Code
GeoIp-Country-Code
X-GeoIP-Country-Code
X-VCL-Version
X-Cache-Debug
FSS-Cache
X-Vc
X-Clientip
X-Zone
X-Api-Version
True-Client-IP
Server-ID
X-VHOST
X-Cs
X-Trace-ID
X-Fpc
X-DC
Geoip-Latitude
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-TX-ID
Fusion-Source
X-URL
Fusion-Deployment-Id
CacheControlHeader
X-FireWall-Port
X-Dmc
X-Correlation-ID
Hostname
X-Presslabs-Stats
X-MSEdge-Flight
X-Render-Time
X-TH-Server
True-Client-Country-4JS
X-Traceid
NtCoent-Length
X-Action
X-MSEdge-Features
X-TRACE-ID
X-Backend-TTL
Powered-By
X-INCAP-ABP
X-Webkit-Csp-Report-Only
X-DynaTrace-JS-Agent
X-PX
X-Service
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
C-Via
Rip
X-B3-Spanid
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-M-Reqid
Edge-Cache
Geo-Info
Esi-Enabled
Tcn
Tube-Return
Tube-Got-Eval
Tube-Got-Results
HIT
Click-Count-Error
Tube-Get-Contents
X-Req
Test
X-M-Log
Click-Count-Action-Start
X-Qnm-Cache
X-NGINX-Cache
X-FPC
X-CSRF-TOKEN
X-Pass-Why
On-Server
X-Cdn-Request-ID
X-Vcl-Version
My-App
X-Origin-Upstream-Status
X-Akamai-Pragma-Client-IP
Uri
X-Beluga-Record
X-Beluga-Cache-Status
Server-Id
X-Beluga-Node
X-HS-Status
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Trace
User-Agent
X-Webkit-CSP-Report-Only
OT-Force-Account-Verify
X-Check-Cacheable
X-Alfa-Service
X-Provided-By
X-Proxy-Cache-Hk
X-Up
Cf-Int-Pingora-Origin-Digest
Cdn
Resin-Trace
X-Edge-Origin-Shield-Bytes
X-LB-ID
X-Via-PopN
GeoIP-Country-Code
Proxy-Connection
GeoIP-Latitude
Srvid
X-Ha-Backend
X-Via-PopH
X-Via-PopV
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
MIME-Version
X-Edge-Origin-Shield-Region
X-APP
Sid
X-Geo
X-Hcs-Proxy-Type
M-TraceId
X-ServedByHost
X-HITS
X-RAMCache
Epwk-X-Cache
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Li-Fabric
X-Li-Pop
X-UnsetCookies
ENV
Srv
X-LI-UUID
X-LI-Proto
DataCenter
X-Cdn-Forward
WebServer
X-Time-Microsecs
WZWS-RAY
X-LiteSpeed-Cache-Control
X-Fetch-By
X-ND-Cache
X-Backend-Host
Fastly-Drupal-HTML
DT-Hot-News
X-Esi
Warning
X-CUA
X-Fastly-Backend-Reqs
ServerName
Cf-Device-Type
X-Lb-Nocache
Server-Ttl
X-B3-Traceid-Primal
X-Edge-POP
X-Serial
XServer
X-App
X-Dw-Trace-Id
X-HostName
X-MG-S
X-Yottaa-OS
X-Request-Url
Section-Io-Id
X-Thanos
X-Fragments
X-Platform-Processor
Target-Params
Section-Origin-Responded
CF-Cached-On
X-Platform-Cluster
X-ATG-Version
X-Azure-Ref-OriginShield
True-Client-Ip
X-Akamai-Request-ID
Section-Io-Origin-Time-Seconds
X-ElasticPress-Query
X-Nc
X-Newrelic-App-Data
Tracecode
Section-Io-Origin-Status
PICS-Label
X-Bip
X-Platform-Router
Inserted-Into-Cache-At
Cf-Ipcountry
Lfy
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Vha6-Origin
Dt-Hot-News
X-LiteSpeed-Tag
X-Request-Start
X-CF-Powered-By
X-Var-Ttl
X-Fastly-Backend
X-FC-Vary-Parameters
X-Iplb-Instance
X-Iplb-Request-Id
X-Vcache
X-Sucuri-ID
D-Url-Rewrites
X-Sucuri-Cache
Cdn-Cachedat
Servedby
Cdn-Uid
Cdn-Cache
Cdn-Edgestorageid
Wp-Super-Cache
Cdn-Requestcountrycode
Cdn-Pullzone
Cdn-Requestid
X-Dist-Code
X-Vercel-Cache
X-Vercel-Id
X-Cache-Expires
X-Cc-Via
X-Release
X-BBC-Origin-Response-Status
Ngx
X-Wp-Cf-Super-Cache
X-NU-AKA-ACS-Version
X-Th-Server
Cneonction
X-Storefront-Renderer-Verified
X-Request-URL
X-Snapshot-Date
X-Back
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache-Cache-Control
Content-Script-Type
X-Fastly-Cache-Hits
X-Varnish-Beresp-Status
Content-Style-Type
CountryCode