Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
P3p
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Dns-Prefetch-Control
X-Backend
Keep-Alive
Expect-Ct
Request-Context
EagleId
X-Akamai-Path-Stats
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Cf-Edge-Cache
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
Accept-Ch
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Ruxit-JS-Agent
X-Clacks-Overhead
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-B3-TraceId
X-Varnish-TTL
Cache-Tag
X-Amz-Server-Side-Encryption
X-Content-Type
X-Vcap-Request-Id
X-Dw-Request-Base-Id
Public-Key-Pins
X-Px
X-Amz-Rid
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Cnection
X-D2id
X-Ac
X-RateLimit-Remaining
X-Edge
X-Navigation-Version
Verso
X-Element-Page-Cache
Pagespeed
X-Ser
Display
X-Middleton-Display
X-Sol
X-Client-IP
X-Powered-By-Plesk
X-Abt-Application-Version
X-Cache-TTL
X-FastCGI-Cache
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Correlation-Id
X-Goog-Hash
Access-Control-Request-Method
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
SPIisLatency
SPRequestDuration
X-Ttl
X-Kinsta-Cache
X-Cached
X-Edge-Location-Klb
AR-CACHE
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-SharePointHealthScore
SPRequestGuid
X-Upstream
X-Powered-CMS
X-TTL
X-LLID
Edge-Cache-Tag
X-RateLimit-Limit
X-NWS-LOG-UUID
X-Webkit-Csp
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Forwarded-For
X-Cache-Key
Nginx-Cache
X-Litespeed-Cache
Content-MD5
X-Id
X-MSEdge-Ref
MRF-Tech
Mrf-Cache-Status
X-Shield-Request-Id
TCN
X-T
X-B3-TraceId-Primal
X-Recruiting
X-Daa-Tunnel
S
X-Content-Digest
X-ECACHE
X-DataDome
X-Mg-S
X-Ua-Device
MS-Author-Via
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-Protected-By
X-Ezoic-Cdn
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-Ab
X-Grace
X-Ua-Browser
X-Content
X-Frontend
X-Request-Processing-Time
X-Request-Received
Server-Node
Filters
Front-End-Https
TP-L2-Cache
TP-Cache
X-PressLabs-Stats
X-Yandex-Sdch-Disable
X-DynaTrace
X-Origin-Server
X-Server-ID
X-Distributor
X-ORACLE-DMS-ECID
Fastcgi-Cache
X-Mid
X-ORACLE-DMS-RID
X-Geo-Country
X-Hits
X-Microsite
X-Request-Handler-Origin-Region
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
X-LB-Cache
Charset
Host
Cleartype
X-Ratelimit-Reset
X-Debug-Info
X-F-Cache
X-Page-Id
X-Git-Hash
X-B3-Sampled
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-Cache-Age
X-DIS-Request-ID
X-Www-Served-By
Realpath
Access-Control-Allow-Method
X-Seen-By
X-Pinterest-Rid
Cache-Status
Pinterest-Version
Pinterest-Generated-By
X-AppVersion
ServerID
X-Az
X-Activity-Id
X-Fastly-Request-Id
Accept-Charset
Filterid
Cache-Tags
X-XRDS-LOCATION
X-Varnish-Age
X-Cluster-Name
X-Aspnetmvc-Version
X-Nginx-Upstream-Cache-Status
X-Language
X-Content-Options
X-Mcache
X-Rid
X-Type
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-MCACHE
X-App-Environment
Country
Server-Name
Retry-After
X-FB-Debug
Viewport
X-Upgrade-Enabled
X-Varnish-Grace
Paypal-Debug-Id
DC
Node
X-Origin-Cache
X-Varnish-Backend
X-B-Cache
X-User-Agent
X-Drupal-Cache-Tags
X-Signature
X-Goog-Metageneration
X-Mobile-URL
X-Tb
X-Wix-Request-Id
X-Whom
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Oracle-Dms-Ecid
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-TT
X-VCache
X-Request-Guid
X-Oracle-Dms-Rid
X-Route-Name
X-B
Protected
X-NWS-UUID-VERIFY
X-Oneagent-Js-Injection
Fastcgi-Useragent
Permissions-Policy
X-Logged-In
X-Debug
X-N
WPO-Cache-Message
WPO-Cache-Status
X-Amz-Replication-Status
Payment
X-Via-JSL
X-Amz-Meta-S3cmd-Attrs
X-Cache-NGX
X-Load-Cache
X-Fastcgi-Cache
Surrogate-Key
X-Contextid
X-Cache-Control
Count-Hit
X-Template
X-Node-Name
Healthy
X-Webkit-CSP
X-Mobile
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Dynamic
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
X-Erf-Bev-Bev
Akamai-GRN
Content-Disposition
X-Proxy
Refresh
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Trace-Id
X-Revision
X-XRDS-Location
X-Jobs
X-UUID
Amp-Access-Control-Allow-Source-Origin
X-Cache-TTL-Remaining
X-Akamai-Request-ID2
X-Cache-Time
X-Real-IP
X-Zen-Fury
VIX-Pulpo-Upstream-Status
Uber-Trace-Id
VIX-Pulpo-Node
Alternate-Protocol
NGB
X-Framework
X-Cacheable-TTL
X-G
X-Rendered-As
X-NGENIX-Cache
X-Hostname
X-Restarts
X-Device-Type
X-Is-Bot
X-Http-Reason
X-Proxy-Cache-Status
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Instance
Url
X-Page-View
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Debug-IsConnected
X-Adobe-Loc
X-Adobe-Content
X-Debug-IsPreview
X-Servername
X-Fastly-Request-ID
X-IPLB-Instance
X-Cache-Grace
X-Varnish-Server
X-EdgeConnect-Cache-Status
X-Environment-Context
Version
X-Mg-Request-UUID
X-L-Path
X-ECache
X-Source
X-B3-Traceid
Accept-Language
X-Midtier
X-HTML-Minification-Powered-By
MS-CV
Countrycode
Ms-Operation-Id
X-RTag
Frame-Options
X-Cache-Rule
X-Cache-Hit
X-Cache-Expired-At
X-Vgn-Hpd-Reason
Referer-Policy
Liferay-Portal
From-Origin
X-NYM-Debug-Backend
X-App-Server
Cross-Origin-Window-Policy
Backend
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Nginx-Cache
X-IPS-LoggedIn
X-Parallel-Accel
X-FW-Version
X-COUNTRY
Content-Secure-Policy
X-Hosted-By
X-Datadome
Upgrade-Insecure-Requests
X-Unique-Id
X-Cache-Server
X-RN-RSRV
X-UPSTREAM-Address
Meta-Geo
X-No-Session
X-PCL
X-OCL
X-Generation-Time
X-Ua
X-Redis-Cache
X-Content-Age
Section-Io-Cache
X-Via-Fastly
X-Format
X-Cluster-Node
X-Varnish-Cache-Hits
X-Origin-Hint
X-Request-Time
X-Section
X-Access
X-PHP-Backend
X-Uri
X-Server-W
Webcakes-Region
Azure-SlotName
Azure-Version
Mn-Server-Ip
Azure-SiteName
Azure-RegionName
Apigw-Requestid
Azure-InstanceId
Property-Id
S-Rt
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
WP-Super-Cache
TWC-Connection-Speed
X-RemovedCookies
X-ProcessESI
CF-IPCountry
X-Mode
X-ShardId
X-ShopId
X-Shopify-Stage
X-Cache-Host
X-FB-TRIP-ID
X-Content-Powered-By
X-Cache-Enabled
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-BYPASS-REASON
X-Be
Cache-Tv-Group
X-Region
Eomportal-Instance
Fastly-SSL
Locale
X-Xfnlog-Site
X-Debug-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
X-ApacheServer
X-Sorting-Hat-ShopId
X-UA-Device-Type
X-Sql-Duration-Ms
X-PERF
X-Cache-Action
X-Site-Version
X-Status
X-Storage
X-Human
X-ProxyCache-Key
X-ProxyCache-Status
X-Sql-Count
X-Locale
X-Detected-As
X-ServerID
X-SaId
X-AOL-HN
X-Origin-Date
Ec-Rule-Version
X-APP-VERSION
X-Akamai-Edgescape
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Varnishpool
X-Backend-Name
X-Cache-Type
X-Extlb
X-Hl-Ver
X-Tid
X-Nginx-Cache-Key
X-JoinUs
X-SayCDN-TTL
X-VWS-Id
X-Say-TTL
X-Forwarded-Host
X-AWS-Id
X-Generated-By
X-Say-Cacheable
X-LJ-Flow-ID
X-Handled-By
X-Cms-Context
X-Labrador-Cache-Channel
X-PHP-Host
X-Adobe-Source
X-Cache-Tags
X-Timing-Wait
X-GG-Cache-Date
X-Ratelimit-Remaining
Selected-Fe
X-Proxy-Build
X-NewRelic-App-Data
X-Platform-Server
X-App-Version
X-Dc
ServedBy
X-VC-Cache
X-Storefront-Renderer-Rendered
X-Web-Node
CDN-Uid
Webserver
CDN-Cache
X-Edge-Location
Load-Balancing
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
X-Hyper-Cache
X-CDN-Forward
X-Proto
X-Rule
SRV
X-LSADC-Cache
X-Cache-Operation
Web-Mar-Node
Onion-Location
X-TT-LOGID
SID
X-Cache-Remote
X-Cached-By
X-Rewrite-Enabled
X-Soup
X-GeoCountry
X-GeoCode
X-Varnish-Hostname
Fastly-Drupal-Html
X-TA-CDN-Provider
Mime-Version
Cache-Hits
X-Accel-Buffering
Xserver
X-Cdn
X-Cluster
X-Pubstack
X-GEO
X-Reqid
X-Varnish-Ttl
Country-Code
X-SRV
X-Envoy-Decorator-Operation
X-Varnish-Hits
Xet-Cookie
LB
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Buckets
X-Origin-TTL
X-Origin-CC
X-Microcachable
X-MP-GENERATED-AT
Server-Info
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Ratelimit-Limit
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-CSRF-Token
X-IPLB-Request-ID
X-Magnolia-Registration
DB-Nickname
X-Time
X-Ms-Version
X-Ms-Request-Id
X-Newrelic-Synthetics
X-B3-SpanId
X-Request-Host
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Endurance-Cache-Level
Cache
X-A-Wwc
X-A-Dgt
X-Aed
X-Vdms-Path
X-Application
X-A-Dcw
X-A-Dam
X-User
X-Cache-Id
X-TIM-N
X-Tenant
X-TrackingId
X-A-Ccd
X-B-Cookie
X-Shop-Environment
BehaviorPad-Version
X-ARC
X-Vtex-Processado-Em
Fastcgi-X-Cache-Version
Expiry
Host-ID
Lang
MD5-Digest
X-Origin-Response-Time
DCR-Processing-Time-Ms
Cmstype
Cmsid
DCR-Decision-By
A
X-Via-NSCOPI
Meta-Geo-Continent
Mobile-Detection-Method
X-Vtex-Remote-Cache
T-Server
X-Session-Fingerprint
X-A
X-VG-WebCache
Surrogated-Key
Sslversion
NM-Fastcgi-Cache
Pramga
Rendered-Blocks
Source
X-Vdms-Version
X-Cache-NE
X-Conf
X-Orig-Expires
X-NCache
X-Connection-Hash
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Bc-Bl
X-Tec-Api-Version
X-NAPM-TraceId
X-Geo-Header
X-Destination
X-Ig-Push-State
X-Ec-Fail
X-HS-Content-Campaign-Id
X-D
X-Gzip
X-Hash
X-Ec-GeoHdr
X-Tec-Api-Origin
X-Tec-Api-Root
X-RCS-CacheZone
X-Rojux
X-CF-Lambda-Fn
X-Esi-Check
X-Tt-Logid
X-External-Request-Id
X-Cdn-Srv
X-S-Cookie
X-ScT
X-S
X-Epic-Correlation-Id
X-SD-PageType
X-Forwarded-Path
X-CF-Lambda-Version
Xc-Version
Cdncip
Server-Host
Odigeo-Trace-Id
Cdnsip
Memcached
Environment
Fastly-GeoIP-CountryCode
X-Ftr-Request-Id
Machine
Mail-Subject
X-Gdpr
X-Fmm-Version
X-Fastly-Cache
X-Core-Value
X-Cache-Bucket
X-Clara-WADP
X-Cache-Backend
X-Rocket-Build-Number
X-AK-Request-ID
X-Amzn-Remapped-Content-Length
X-Ckpd-Fst-Backend
X-Cache-Info
X-Scheme
X-Server-IP
X-Sigma
X-Sigma-Backend
X-SB
X-SRCache-Key
X-V-Cache
X-Origin-Time
X-Irp-Debug
Wxu-Next-Commit
We-Hiring
X-Developer
X-Developers
State
X-CacheTTL
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Origin
X-NodeID
X-Via-Ucdn
Wxu-Next-Region
X-WADP-Cache
Wxu-Next-Hostname
X-Varnish-Beresp-Grace
X-Skip-Cache
AKAMAI
X-R9-Blue-Green-Version
X-ZONE
AMP-Access-Control-Allow-Source-Origin
X-Azure-Ref
Cache-Name
HostName
X-RateLimit-Remaining-Second
X-Policy
X-Auto-Login
X-Region-Sid
X-RateLimit-Limit-Second
X-Block-Status
X-Proxy-Upstream
X-Branch-Name
X-Request-URI
X-Pool
X-BBC-Edge-Cache-Status
X-Served-From
Web-Mar-Region
X-Viewer-Country
X-Wix-Viewer-Type
Vix-Hermes-Req-Id
X-Fetched-On
V-Age
X-VG-TLSProxy
X-VarnishDD-TTL
X-Pod-Name
CDN
X-Slack-Backend
X-SVT-ORM-RULES
X-TNCMS
X-SVT-ORM-VERSION
X-Rocket-Nginx-Serving-Static
X-Planisys-CDN-Cache
X-Is-Gdpr
X-Hnp-Log
X-Ec-Custom-Error
X-JWT-State
X-Dispatcher-Number
X-LAGOON
X-HN
X-Has-Esi
X-Gamma-Serve
X-Forwarded-Site
X-Gen-Mode
X-Generated-On
X-Eu-Site
X-Level-Front-Cache
X-Device-Os
X-CGP
X-Core-Mission
Svr
X-Planisys-CDN-Rules
X-Tx-Id
X-Planisys-CDN-TTL
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Minions-Version
X-Loop
X-Node-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Platform
User-Cache-Control
Origin
Kp-EeAlive
Ha-Gx-Prefs
Gh-Request-Id
X-Worker
L
Req-Svc-Chain
N-Cache
PFcat
Redirect-Candidate
L5d-Success-Class
Ssr
HA-Ipaddr
Cluster
Apple-News-Services-Request-Url
CDCHOST
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Fastcgi-Cache-TTL
DynaTrace
Datacenter
X-Variation
X-Wikidot-Static-Cache
X-Cache-Date
X-GeoIP
X-Varnish-CookieHashed-On
X-From
Candidate-Md5Url
X-Varnish-Remaining-TTL
X-Optimistic-Header
CloudFront-Viewer-Country
Cache-Key
X-Wikidot-Backend
X-Varnish-CookieINHashed-On
X-Owner
X-Origin-Expires
Origin-CC
Platform
X-Webstats-RespID
Server-Hostname
X-Thinkindot-L3
Release
Server-Ext
Sever-Int
Is-Eu
Thinkindot-CacheControl
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-Control
Traceparent
Adler-Geo
X-DefElseHash
Producers
X-Scale
X-DefHash
X-DPWN-IS-SECURE
Origin-EX
X-CS
X-Cache-Status-Check
X-VC
X-WP-CF-Super-Cache-Cache-Control
Fastly-SWR
X-SplitTest
VNS-Age
VNS-Cache
X-Cdn-Origin
X-Loc
Fastly-SIE
XM
X-GeoIP-City
X-Httpd
GEO-INFO
CPC-Cache
CPC-Age
X-VServer
X-Sn-Servicetimems
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
X-Qloud-Router
IsBot
X-BCube-Filmed-By
X-WP-CF-Super-Cache
X-Parent-Response-Time
X-Location
X-Proxy-Cache-Info
X-Aicache-OS
X-Refresh
DSUID
NGX
Pics-Label
Ohc-File-Size
X-NC
X-Ad-Defer-Variation
X-WA-Info
Fastly-Backend-Name
X-CACHE-KEY
X-Contensis-Viewer-Groups
Locid
X-Cache-ASPX
X-Edge-Pop
X-Micro-Cache
X-LB-NoCache
X-AIR-PT
Servername
X-Men
Arc-Country
X-Ah-Environment
X-Tb-Optimization-Total-Bytes-Saved
Ms-Author-Via
X-EC-Lua
Memory
X-Old-Content-Length
Time
X-Srv
X-Response-By
Env
X-Varnish-Authentication
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-TraceId
X-RPS
X-RSL
X-Udemy-Cache-App-Namespace
X-Mvc-Supplant-OutputCached
X-Generated-In
X-Amz-Meta-Cb-Modifiedtime
X-DW
X-DSS
X-DI
X-DB
X-RPM
Lb
X-Api-Version
X-TIME
X-Xrds-Location
GeoIp-Country-Code
X-Accel-Expires-Debug
X-Akamai-Transformed
Cache-Host
Ngx.Var.Host
X-HA-Backend
X-Servedbyhost
X-Date
Path
X-GeoIP-Country-Code
ITXSESSIONID
X-Varnish-Beresp-TTL
X-GeoIP-Region-Code
Ohc-Cache-HIT
XkeyRZ
X-Proxy-CacheRZ
X-RateLimit-Reset
X-S-Maxage
Client
X-Cache-Debug
FSS-Cache
Geoip-Latitude
X-VCL-Version
X-API-Version
Server-ID
True-Client-IP
X-Vc
X-Clientip
Fusion-Content-Source
X-Cs
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Source
X-VHOST
Fusion-Component-Id
X-Trace-ID
X-DC
CacheControlHeader
X-TX-ID
X-Presslabs-Stats
X-TH-Server
X-FireWall-Port
X-Action
Hostname
True-Client-Country-4JS
X-Fpc
X-Backend-TTL
X-Zone
X-Dmc
Geo-Info
Powered-By
X-MSEdge-Flight
X-Render-Time
X-Webkit-Csp-Report-Only
X-MSEdge-Features
X-Traceid
X-B3-Spanid
X-PX
NtCoent-Length
Edge-Cache
X-DynaTrace-JS-Agent
X-Req
X-Gateway-Cache-Key
X-Service
X-Gateway-Request-Id
X-Gateway-Cache-Status
Tcn
X-Gateway-Skip-Cache
C-Via
X-INCAP-ABP
My-App
X-Pass-Why
Test
Rip
X-M-Reqid
X-NGINX-Cache
X-Qnm-Cache
Tube-Got-Results
Esi-Enabled
Click-Count-Error
HIT
X-M-Log
X-Vcl-Version
Tube-Get-Contents
Tube-Got-Eval
X-CSRF-TOKEN
Click-Count-Action-Start
X-Cdn-Request-ID
X-FPC
Tube-Return
X-Origin-Upstream-Status
X-Correlation-ID
X-Provided-By
On-Server
X-Beluga-Status
X-Beluga-Trace
OT-Force-Account-Verify
User-Agent
X-Beluga-Cache-Status
X-Alfa-Service
X-HS-Status
X-Beluga-Response-Time
X-Beluga-Node
X-Up
Server-Id
X-Beluga-Record
X-Webkit-CSP-Report-Only
X-LB-ID
X-Varnish-Beresp-Ttl
Cf-Int-Pingora-Origin-Digest
X-Geo
X-TRACE-ID
Srvid
Resin-Trace
Uri
X-URL
X-Proxy-Cache-Hk
X-Via-PopN
X-Ha-Backend
X-Via-PopV
MIME-Version
X-APP
Proxy-Connection
X-Via-PopH
X-Check-Cacheable
X-CLOUD-TRACE-CONTEXT
X-Li-Pop
Sid
X-UnsetCookies
X-Li-Fabric
DataCenter
GeoIP-Latitude
X-RAMCache
GeoIP-Country-Code
X-LI-UUID
X-Akamai-Pragma-Client-IP
Fastly-Drupal-HTML
X-Edge-Origin-Shield-Bytes
X-Time-Microsecs
ENV
Srv
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Epwk-X-Cache
X-Fetch-By
Cdn
X-Edge-Origin-Shield-Region
WZWS-RAY
X-ServedByHost
X-ND-Cache
X-LI-Proto
WebServer
X-Cdn-Forward
X-Backend-Host
X-Fastly-Backend-Reqs
Server-Ttl
X-CUA
M-TraceId
Warning
X-Esi
X-ATG-Version
X-B3-Traceid-Primal
X-Fragments
X-Platform-Router
X-Dynatrace
X-Platform-Processor
X-Edge-POP
Target-Params
Tracecode
ServerName
X-Platform-Cluster
X-Lb-Nocache
Cf-Device-Type
XServer
X-Request-Url
X-MG-S
X-HostName
X-ElasticPress-Query
Cdn-Cachedat
X-Azure-Ref-OriginShield
X-Newrelic-App-Data
PICS-Label
Cdn-Cache
X-App
X-Var-Ttl
X-Sucuri-ID
CF-Cached-On
X-HITS
Dt-Hot-News
X-Sucuri-Cache
Cdn-Pullzone
Cdn-Edgestorageid
Section-Io-Id
Lfy
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Yottaa-OS
X-FC-Vary-Parameters
X-Fastly-Backend
Cdn-Requestcountrycode
Cdn-Requestid
Cdn-Uid
Inserted-Into-Cache-At
X-Thanos
X-Bip
X-Akamai-Request-ID
True-Client-Ip
X-Nc
X-Dw-Trace-Id
X-Iplb-Instance
X-Varnish-Beresp-Status
X-LiteSpeed-Cache-Control
Cf-Ipcountry
X-Iplb-Request-Id
X-Serial
D-Url-Rewrites
X-Vcache
X-Cache-Expires
X-CF-Powered-By
Wp-Super-Cache
DT-Hot-News
Servedby
X-NU-AKA-ACS-Version
X-Wp-Cf-Super-Cache-Cache-Control
Ngx
Cneonction
X-Vercel-Cache
X-Vercel-Id
X-Wp-Cf-Super-Cache
X-Backend-State
Fastcgi-Cache-Ttl
Content-Script-Type
CountryCode
Content-Style-Type
X-Back
X-Storefront-Renderer-Verified
X-Th-Server
X-Release
X-BBC-Origin-Response-Status
X-Request-URL
X-Li-Proto
Magicmarker
X-Snapshot-Date
X-Dist-Code
X-Fastly-Cache-Hits