Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-CDN
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Hacker
X-Backend
X-UA-Device
X-Robots-Tag
Report-To
X-Amz-Request-Id
X-LiteSpeed-Cache
Host-Header
X-Server
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
X-Amz-Version-Id
EagleEye-TraceId
X-Device
X-Dispatcher
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Server-Id
X-Host
X-Backend-Server
X-Node
Cf-Railgun
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-Language
X-HW
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
X-Template
X-Application-Context
X-Ruxit-JS-Agent
Rating
X-Ua-Compatible
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Cache-Lookup
X-Buckets
Allow
X-Ac
X-Url
X-Content-Type
X-Trace
X-Vname
X-TtlSet
X-PC
X-Mod-Pagespeed
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-ESI
Cache-Tag
Fastly-Restarts
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Element-Page-Cache
X-Server-Name
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
X-Vcap-Request-Id
X-Upstream
X-Dw-Request-Base-Id
MS-Author-Via
X-D2id
Public-Key-Pins
X-Origin-Cache
X-Client-IP
X-Abt-Application-Version
X-Cached
X-Cache-TTL
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
X-ORACLE-DMS-ECID
X-Px
X-Country-Code
X-Powered-By-Plesk
X-Navigation-Version
X-Cnection
X-NF-Request-ID
X-Goog-Hash
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Version
Access-Control-Request-Method
X-Aws-Lambda-Call-Status
X-Amz-Server-Side-Encryption
Accept-Ch
RTSS
X-Powered-CMS
X-Middleton-Display
X-Sol
Display
Pagespeed
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Middleton-Response
Response
X-MSEdge-Ref
X-CST
X-Use-Magma
X-Kinja-Revision
X-LLID
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Edge
X-Kinsta-Cache
X-Edge-Location-Klb
Nginx-Cache
X-Shield-Request-Id
X-TTL
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
S
X-Jurisdiction
Content-MD5
X-HP-Trace-Id
X-HP-Webp
X-T
X-Forwarded-For
AR-PoweredBy
AR-CACHE
AR-Request-ID
AR-SID
AR-ATIME
X-Content-Security-Policy-Report-Only
TCN
X-Protected-By
X-Mg-S
X-Id
X-RateLimit-Remaining
Fastcgi-Cache
X-Mid
X-Aspnetmvc-Version
X-MCACHE
X-Parallel-Accel
Front-End-Https
Realpath
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
X-Recruiting
X-Ttl
X-Request-Processing-Time
X-Request-Received
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Server-Node
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Filters
X-Content
SPRequestGuid
X-Ab
X-Ua-Browser
X-SharePointHealthScore
X-DynaTrace
X-Ezoic-Cdn
X-Correlation-Id
Alternate-Protocol
X-Ruxit-Js-Agent
X-Accel-Expires
Server-Name
X-ECACHE
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Frontend
X-NWS-LOG-UUID
X-Cache-Key
X-Hits
X-Yandex-Sdch-Disable
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Content-Options
Cache-Tags
Host
X-Page-Id
X-Git-Hash
Cleartype
X-B3-Sampled
Charset
MicrosoftSharePointTeamServices
X-Geo-Country
X-Www-Served-By
TP-L2-Cache
X-Content-Digest
TP-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Amz-Replication-Status
Filterid
X-Forwarded-Proto
X-Hostname
X-Ser
X-Varnish-Age
X-Fastly-Request-Id
X-VCache
X-Activity-Id
X-Az
X-AppVersion
X-Amzn-Trace-Id
X-XRDS-LOCATION
X-Request-Handler-Origin-Region
X-Rid
X-Microsite
X-Debug-Info
X-Upgrade-Enabled
X-DIS-Request-ID
X-Origin-Server
X-Daa-Tunnel
Access-Control-Allow-Method
X-Grace
X-N
X-LB-Cache
X-FB-Debug
X-WebKit-CSP-Report-Only
ServerID
X-Origin-Upstream-Status
X-Mobile-URL
X-Nginx-Upstream-Cache-Status
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Flags
X-Whom
X-NGENIX-Cache
X-Varnish-Grace
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-App-Server
X-Goog-Generation
X-TT
X-Goog-Stored-Content-Encoding
X-PressLabs-Stats
X-App-Environment
X-Goog-Storage-Class
X-GUploader-UploadID
Viewport
X-F-Cache
X-Distributor
Cross-Origin-Opener-Policy
X-Logged-In
Node
DC
Paypal-Debug-Id
X-Server-ID
Payment
X-Cache-Control
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Dynamic
X-Tb
Fastcgi-Useragent
X-Seen-By
X-Cache-Age
X-Type
X-User-Agent
Country
Accept-Charset
X-Varnish-Backend
X-Cache-Rule
X-DataDome
X-Node-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Load-Cache
X-Webkit-CSP
X-Cache-Action
X-IPLB-Instance
Version
X-Wix-Request-Id
X-Fastly-Request-ID
Refresh
X-Via-JSL
SD-X-WS
Cache-Status
X-Original-Request-Id
X-Response-Served-From
Liferay-Portal
Access-Control-Request-Headers
Amp-Access-Control-Allow-Source-Origin
X-Cacheable-TTL
X-UUID
X-Vgn-Hpd-Reason
Referer-Policy
X-Drupal-Cache-Tags
X-Proxy-Cache-Status
X-Jobs
VIX-Pulpo-Upstream-Status
X-Is-Bot
X-Debug
X-Cluster-Name
X-Contextid
VIX-Pulpo-Node
X-Page-View
X-RemovedCookies
X-Rendered-As
NGB
X-Real-IP
X-ProcessESI
X-Revision
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-B
X-Cache-Expired-At
X-Rule
X-Device-Type
X-Proxy
X-Cache-Time
X-Framework
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
DynaTrace
X-G
X-Yottaa-Metrics
X-Drupal-Cache-Contexts
X-Mobile
X-Instance
Akamai-GRN
Healthy
X-Yottaa-Optimizations
X-Debug-IsConnected
X-Debug-IsPreview
X-Azure-Ref
X-Fastcgi-Cache
Surrogate-Key
X-B-Cache
X-Signature
CF-IPCountry
X-Ratelimit-Limit
X-Source
X-FW-Version
SID
X-Ms-Request-Id
X-Ms-Version
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
Frame-Options
X-Oracle-Dms-Rid
X-Cache-Hit
X-Oracle-Dms-Ecid
Ms-Operation-Id
MS-CV
X-RTag
X-APP-VERSION
Section-Io-Cache
X-XRDS-Location
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Environment-Context
X-Nginx-Cache
X-CDN-Forward
X-L-Path
Xserver
X-Oneagent-Js-Injection
X-Varnish-Server
Countrycode
X-Region
Count-Hit
X-Content-Powered-By
X-EdgeConnect-Cache-Status
X-Forwarded-Host
X-Cache-Operation
X-Servername
GEO-INFO
Uber-Trace-Id
X-Backend-Name
X-RateLimit-Limit
X-IPS-LoggedIn
X-Mode
Backend
X-Litespeed-Cache
X-Adobe-Content
X-Adobe-Loc
Cross-Origin-Window-Policy
X-Accel-Buffering
X-UPSTREAM-Address
Ec-Rule-Version
X-JoinUs
X-SaId
Meta-Geo
X-Zen-Fury
X-RN-RSRV
X-Varnish-Beresp-Grace
X-Human
X-Hosted-By
X-Generation-Time
X-Cache-Server
X-Cache-Type
X-Debug-Cache
X-Redis-Cache
X-Cache-Grace
X-Detected-As
Apigw-Requestid
X-Microcachable
X-No-Session
Decoy-Debug-Status
X-ShardId
X-ServerID
X-ShopId
X-Shopify-Stage
X-Site-Version
X-Alternate-Cache-Key
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-FB-TRIP-ID
X-Cache-TTL-Remaining
X-Sorting-Hat-PodId
Cache-Tv-Group
X-Storage
Decoy-Debug-TTL
Eomportal-Instance
X-Uri
X-Via-Fastly
X-Sql-Duration-Ms
X-Status
Decoy-Debug-Key
X-Sorting-Hat-ShopId
X-Sql-Count
Country-Code
Mn-Server-Ip
Property-Id
Fastly-SSL
Cache-Name
TWC-Privacy
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Cache-Host
X-Format
X-PHP-Backend
X-NCache
X-Origin-Date
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Web-Node
X-UA-Device-Type
Webcakes-App-Name
Url
TWC-Locale-Group
Source
X-Akamai-Edgescape
X-Azure-Ref-OriginShield
X-Time
X-Extlb
X-Hl-Ver
X-ApacheServer
X-Access
Azure-Version
OT-Force-Account-Verify
Protected
X-NYM-Debug-Backend
X-PERF
X-Zipkin-Id
X-OCL
X-PCL
X-Server-W
X-Section
X-Proxied
X-R9-Blue-Green-Version
X-Routing-Service
Azure-SlotName
X-Pubstack
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-LSADC-Cache
X-Cluster-Node
Content-Secure-Policy
X-Be
X-Varnishpool
X-Rewrite-Enabled
X-Timing-Wait
X-Cache-Var
Selected-Fe
X-SRV
X-Ua
X-Tid
X-Proxy-Build
X-HTML-Minification-Powered-By
X-Cache-Var-Map
X-Amz-Meta-S3cmd-Attrs
X-Cache-NGX
X-Soup
DB-Nickname
SRV
X-Content-Age
Content-Disposition
X-Webkit-Csp
X-Cached-By
X-NewRelic-App-Data
X-LAGOON
X-Ratelimit-Reset
Webserver
X-Varnish-Hostname
Retry-After
X-Varnish-Hits
X-Unique-Id
Cache
CDN-CachedAt
CDN-RequestCountryCode
X-S-Maxage
CDN-Uid
CDN-EdgeStorageId
CDN-PullZone
Onion-Location
X-Generated-By
CDN-RequestId
CDN-Cache
X-Dc
X-TNCMS
X-TT-LOGID
X-Loop
X-App-Version
X-Origin-TTL
X-Auto-Login
X-Origin-CC
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Hyper-Cache
X-Presslabs-Stats
X-Bc-Bl
X-ECache
X-Proto
X-GEO
Web-Mar-Node
Cache-Hits
X-Nginx-Cache-Key
X-M-Reqid
X-Qnm-Cache
X-Tenant
X-M-Log
X-Time-Microsecs
X-Trace-Id
X-Endurance-Cache-Level
X-Cdn
X-Akamai-Transformed
X-GG-Cache-Date
X-Edge-Location
CloudFront-Viewer-Country
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
Mime-Version
X-Mg-Request-UUID
Xet-Cookie
X-Labrador-Cache-Channel
X-PHP-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
X-CSRF-Token
X-CACHE-KEY
LB
X-Platform-Server
N-Cache
X-RCS-CacheZone
X-Handled-By
X-Storefront-Renderer-Rendered
X-Xfnlog-Site
HostName
X-B3-SpanId
X-Locale
X-Cache-Tags
X-Adobe-Source
X-VC-Cache
Upgrade-Insecure-Requests
X-Origin-Response-Time
X-Varnish-Cache-Hits
X-Request-Time
X-Reqid
ServedBy
X-A-Dgt
X-A-Dcw
X-Cache-NE
X-ATG-Version
X-CF-Lambda-Fn
X-Conf
X-A
X-A-Ccd
X-A-Dam
X-A-Wwc
Xc-Version
X-Vtex-Processado-Em
X-ARC
X-Application
X-Cluster
X-B-Cookie
X-Aed
X-Cache-Date
X-Vtex-Remote-Cache
X-Connection-Hash
X-Ckpd-Fst-Backend
X-CF-Lambda-Version
X-VG-WebCache
X-Orig-Expires
X-SRCache-Key
Mobile-Detection-Method
Meta-Geo-Continent
X-PAYTM-SRV-ID
A
X-NAPM-TraceId
X-S
BehaviorPad-Version
X-Rojux
X-V-Cache
X-PBS-Appsvrname
X-Vdms-Version
X-Planisys-CDN-TTL
X-Vdms-Path
Server-Info
X-Processor
X-Shop-Environment
From-Origin
X-Slack-Backend
X-Planisys-CDN-Cache
Expiry
X-Planisys-CDN-Rules
X-S-Cookie
Odigeo-Trace-Id
X-External-Request-Id
Surrogated-Key
Rendered-Blocks
X-Forwarded-Path
X-Ftr-Request-Id
Fastcgi-X-Cache-Version
X-Developer
Nel
X-Session-Fingerprint
X-D
X-Destination
X-SD-PageType
X-ScT
DCR-Decision-By
X-AOL-HN
DCR-Processing-Time-Ms
Pramga
Origin
Redirect-Candidate
X-Ig-Push-State
X-TIM-N
X-MP-GENERATED-AT
X-Via-NSCOPI
X-Correlation-ID
X-Cache-Remote
Gh-Request-Id
Wxu-Next-Hostname
Release
Datacenter
User-Cache-Control
V-Age
Vix-Hermes-Req-Id
DSUID
L
X-ND-Cache
Wxu-Next-Commit
Host-ID
X-Hnp-Log
X-Policy
X-Proxy-Upstream
X-Request-Host
X-Owner
X-Origin-Time
X-Nyt-Route
X-Old-Content-Length
X-Rocket-Nginx-Serving-Static
X-Served-From
X-SVT-ORM-VERSION
X-Varnish-Beresp-Status
X-SVT-ORM-RULES
X-Sucuri-ID
X-Skip-Cache
X-Sucuri-Cache
X-Mvc-Supplant-Cachable
X-Location
X-Device-Os
X-Epic-Correlation-Id
X-Fastly-Cache
X-VServer
X-Cache-Info
X-Block-Status
X-Cache-Bucket
X-Fetched-On
X-Gdpr
X-Li-Pop
X-LI-UUID
X-Li-Fabric
Candidate-Md5Url
X-Gen-Mode
X-Geo-Header
Wxu-Next-Region
Fastcgi-Cache-TTL
X-EC-Lua
AKAMAI
Environment
CacheControlHeader
WPO-Cache-Status
WPO-Cache-Message
AMP-Access-Control-Allow-Source-Origin
X-TIME
X-Datadog-Parent-Id
Req-Svc-Chain
X-Ratelimit-Remaining
X-HN
Server-Host
X-Hash
X-HS-Content-Campaign-Id
X-Level-Front-Cache
PFcat
X-NodeID
X-Origin-Expires
X-Accel-Expires-Debug
X-Gzip
CDCHOST
X-Core-Value
X-Irp-Debug
TDXMobile
X-Date
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
State
X-Esi-Check
X-Viewer-Country
Web-Mar-Region
We-Hiring
X-Forwarded-Site
X-Gamma-Serve
Thinkindot-CacheControl
X-Platform
Svr
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Generated-On
True-Client-Country-4JS
X-GeoIP
X-GeoIP-City
X-VarnishDD-TTL
Fastly-GeoIP-CountryCode
Arc-Country
X-Sn-Servicetimems
X-Sigma-Backend
X-Sigma
X-Core-Mission
Apple-News-Services-Request-Url
X-Server-IP
X-TH-Server
X-Cache-Config
Cmstype
Cmsid
X-BBC-Edge-Cache-Status
X-VG-TLSProxy
X-Branch-Name
X-Thinkindot-L3
X-TrackingId
X-Rocket-Build-Number
X-Scheme
Apple-News-Services-Handled
X-Cache-Debug
X-Aicache-OS
X-Magnolia-Registration
X-Developers
X-Cdn-Origin
Machine
Mail-Subject
Apple-News-Services-Parsed-Url
X-Cache-Id
Locid
X-Request-Start
X-Region-Sid
Apple-News-Services-Host
X-Req
X-DefHash
X-Zone
X-Bip
X-DefElseHash
X-CGP
X-JWT-State
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Varnish-Remaining-TTL
X-Thanos
X-Variation
X-Varnish-CookieINHashed-On
X-UnsetCookies
X-RateLimit-Limit-Second
X-Qloud-Router
X-FC-Vary-Parameters
X-Fastly-Backend
X-Eu-Site
X-Envoy-Decorator-Operation
X-Has-Esi
X-Is-Gdpr
X-Pod-Name
X-Loc
X-Backend-State
X-DPWN-IS-SECURE
X-Csrf-Jwt
NM-Fastcgi-Cache
NGX
Adler-Geo
X-Men
Origin-CC
Traceparent
WWW-Authenticate
Origin-EX
Memcached
L5d-Success-Class
X-Varnish-CookieHashed-On
X-NU-AKA-ACS-Version
Cf-Device-Type
Fastly-SIE
Fastly-SWR
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
X-Worker
Platform
X-Amzn-Remapped-Content-Length
X-Xrds-Location
X-Tx-Id
X-Origin
On-Server
X-CS
X-Webstats-RespID
Fastly-Drupal-Html
Esi-Enabled
CDN
X-Varnish-Beresp-Ttl
X-FireWall-Port
X-Mvc-Supplant-OutputCached
X-Up
Sslversion
X-NC
X-Cdn-Srv
X-Node-Id
X-API-Version
X-Generated-In
Ssr
X-LB-ID
C-Via
X-Vc
X-Service
X-Response-By
Pics-Label
X-CLOUD-TRACE-CONTEXT
Time
Ms-Author-Via
WP-Super-Cache
X-Cache-PHP
Memory
X-Trace-ID
X-Edge-Pop
X-Datadome
X-Tt-Logid
X-Refresh
X-DynaTrace-JS-Agent
X-TA-CDN-Provider
GeoIp-Country-Code
X-Tb-Optimization-Total-Bytes-Saved
X-LB-NoCache
NtCoent-Length
X-Cache-Enabled
X-Via-Popv
X-Cache-Status-Check
X-Via-Popn
X-Via-Poph
X-Varnish-Ttl
X-Dynatrace
X-DC
X-Render-Time
Env
X-Backend-TTL
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Parent-Response-Time
X-Info
X-TraceId
X-Optimistic-Header
Magicmarker
X-Varnish-Beresp-TTL
X-Esi
X-Ua-Device
X-Restarts
X-Servedbyhost
X-AIR-PT
X-NWS-UUID-VERIFY
X-Clientip
X-Unique-ID
Kp-EeAlive
Server-ID
X-TX-ID
X-Cs
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
HIT
UCS
X-Oss-Hash-Crc64ecma
Cache-Host
X-CacheTTL
X-Srv
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-ZONE
X-App
X-MSEdge-Flight
X-Wix-Viewer-Type
X-VCL-Version
Edge-Cache
Lb
X-DB
S-Rt
X-DI
X-RPS
X-Newrelic-Synthetics
X-DW
Proxy-Connection
X-RSL
X-RPM
S-Cnection
X-Action
X-MSEdge-Features
X-DSS
X-Fpc
X-Cache-Ttl
X-Cache-Backend
X-Li-Proto
X-LI-Proto
X-URL
X-FPC
WebServer
Test
X-HA-Backend
User-Agent
Fastly-Backend-Name
X-Webkit-Csp-Report-Only
X-Minions-Version
X-Micro-Cache
X-LiteSpeed-Cache-Control
X-Traceid
X-Backend-Host
Server-Id
X-Vcl-Version
X-B3-Spanid
X-Pad
X-NODE
X-Webkit-CSP-Report-Only
X-Pass-Why
Tcn
X-Release
X-ES-SERVER
X-BCube-Filmed-By
Geo-Info
X-Akamai-Request-ID2
X-Http-Reason
Resin-Trace
X-BBC-Origin-Response-Status
X-CSRF-TOKEN
X-Ec-GeoHdr
X-User
X-Ec-Fail
X-APP
X-LiteSpeed-Tag
Path
X-HostName
VNS-Cache
EpKe-Alive
X-Amz-Meta-Cb-Modifiedtime
VNS-Age
CPC-Age
CPC-Cache
Cache-Key
Accept-Language
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
Hostname
X-Dynatrace-Js-Agent
X-WA-Info
X-ID
X-Akamai-Pragma-Client-IP
X-ServedByHost
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-COUNTRY
Hit
Pagetype
X-Cms-Context
Srv
X-NGINX-Cache
X-PJAX-URL
X-Wikidot-Backend
X-B3-Traceid
X-Wikidot-Static-Cache
Ohc-File-Size
X-WA
X-Check-Cacheable
GeoIP-Country-Code
X-Geo
X-ElasticPress-Query
ENV
MIME-Version
X-Edge-POP
X-Cdn-Forward
MD5-Digest
M-TraceId
X-Via-Ucdn
X-AK-Request-ID
X-Clara-WADP
Cdnsip
Cdncip
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Ha-Backend
X-Fmm-Version
X-WADP-Cache
Shield-Pop
X-Api-Version
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
URI
X-VG-WebServer
Cluster
X-Edge-Cache
X-HS-Status
My-App
Load-Balancing
Sever-Int
IsBot
Geoip-Latitude
Server-Ext
Server-Hostname
Tracecode
X-From
X-ServerName
X-Kraken-Routeconfig-Destination
X-Var-Ttl
W
Lfy
X-Cache-Expires
X-Ucs
X-SIPLIST1
X-Fastly-Backend-Reqs
T-Server
X-Mcache
X-Lb-Id
X-GoCache-CacheStatus
X-Provided-By
X-UP
X-CUA
Vha6-Origin
X-Dw-Trace-Id
X-TRACE-ID
X-Fragments
Servername
X-VC
Lang
X-RAMCache
X-Cdn-Request-ID
X-Acquia-Purge-Tags
X-Via-CDN
X-Platform-Router
Cteonnt-Length
PICS-Label
X-Fastly-Cache-Hits
X-Platform-Cluster
X-Acquia-Site
X-RateLimit-Reset
Cdn
HitType
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-B3-ParentSpanId
X-Platform-Processor
Cneonction
Ohc-Cache-HIT
X-Nc
FSS-Cache
X-Snapshot-Date
X-Cache-ASPX
X-Apw-Hits
X-Yottaa-OS
X-Contensis-Viewer-Groups
Cf-Ipcountry
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Target-Params
X-Newrelic-App-Data
WZWS-RAY
X-Apw-Access-Token
X-Swift-Error
X-Cc-Via
X-Apw-Access-Action
CF-Cached-On
X-Apw-Access-Object
Dnion-Transfer-Encoding
CountryCode
X-Akamai-Request-ID
X-Air-Pt
X-Cache-Ngx
Sid
X-B3-Parentspanid
Req-ID
X-Http-Count
X-Te-Duration-Ms
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-UA
X-Miniprofiler-Ids
X-Te-Count
Uri
X-Http-Duration-Ms
Arc-Version
X-CacheKey
X-Lb-Nocache
X-Edge-IP
X-IN-APIGATEWAY
X-Wa
X-IN-APIGATEWAYSSL
X-Varnish-Authentication
X-77-NZT
Ngx
X-HTML-Edge-Cache
X-Logging-Id
X-Sentry-ID
PB-RID
PB-PID
X-Request-UUID