Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
P3p
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Akamai-Path-Stats
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Cf-Edge-Cache
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
Rating
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Cloud-Trace-Context
X-Country
Accept-Ch-Lifetime
Fastly-Restarts
Accept-Ch
X-MS-InvokeApp
X-Ruxit-JS-Agent
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-Varnish-TTL
X-B3-TraceId
Cache-Tag
X-Amz-Server-Side-Encryption
X-Content-Type
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Amz-Rid
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Px
Public-Key-Pins
X-Cnection
X-D2id
X-Edge
X-Ac
X-RateLimit-Remaining
X-Navigation-Version
X-FastCGI-Cache
X-Element-Page-Cache
Verso
X-Ser
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Client-IP
X-Powered-By-Plesk
X-Abt-Application-Version
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
X-Correlation-Id
Access-Control-Request-Method
X-Goog-Hash
X-Content-Security-Policy-Report-Only
SPRequestDuration
SPIisLatency
X-Ttl
X-Kinsta-Cache
X-Cached
X-Edge-Location-Klb
AR-CACHE
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Ruxit-Js-Agent
SPRequestGuid
X-SharePointHealthScore
X-Upstream
X-TTL
X-Powered-CMS
X-LLID
Edge-Cache-Tag
X-RateLimit-Limit
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-NWS-LOG-UUID
X-Forwarded-For
Nginx-Cache
X-Litespeed-Cache
Content-MD5
X-Id
X-Cache-Key
Mrf-Cache-Status
X-MSEdge-Ref
MRF-Tech
X-Shield-Request-Id
X-T
X-B3-TraceId-Primal
X-Recruiting
X-Daa-Tunnel
S
TCN
X-Content-Digest
X-ECACHE
X-DataDome
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Webkit-Csp
X-Mg-S
X-Jurisdiction
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MS-Author-Via
X-HP-Trace-Id
X-HP-Webp
X-Ua-Device
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-Protected-By
X-Ezoic-Cdn
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-Grace
X-Frontend
X-HS-Content-Id
X-Ua-Browser
X-Request-Received
X-Content
X-Request-Processing-Time
X-Ab
Server-Node
Front-End-Https
Filters
TP-L2-Cache
X-Yandex-Sdch-Disable
TP-Cache
X-DynaTrace
X-PressLabs-Stats
X-Origin-Server
X-Server-ID
X-Distributor
Fastcgi-Cache
X-Mid
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Geo-Country
X-Hits
X-Request-Handler-Origin-Region
X-Microsite
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amzn-Trace-Id
X-LB-Cache
Charset
Host
Cleartype
X-Ratelimit-Reset
X-Debug-Info
X-Page-Id
X-F-Cache
X-Git-Hash
X-B3-Sampled
X-Forwarded-Proto
X-DIS-Request-ID
Cross-Origin-Opener-Policy
X-Cache-Age
X-Www-Served-By
Access-Control-Allow-Method
Realpath
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Cache-Status
X-Seen-By
X-Activity-Id
X-Az
X-AppVersion
ServerID
X-Fastly-Request-Id
X-MCACHE
Accept-Charset
X-Webkit-CSP
Cache-Tags
X-Varnish-Age
Filterid
X-XRDS-LOCATION
X-Cluster-Name
X-Aspnetmvc-Version
X-Rid
X-Nginx-Upstream-Cache-Status
X-Content-Options
X-Language
X-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-App-Environment
Retry-After
Server-Name
X-FB-Debug
Country
Viewport
X-Tb
X-User-Agent
Node
X-Varnish-Grace
X-Upgrade-Enabled
DC
X-Varnish-Backend
Paypal-Debug-Id
X-Origin-Cache
X-Drupal-Cache-Tags
X-Whom
X-Mobile-URL
X-Signature
X-Oracle-Dms-Ecid
X-B-Cache
X-Wix-Request-Id
X-TT
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Request-Guid
X-VCache
X-Route-Name
X-Oracle-Dms-Rid
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-B
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
Protected
X-NWS-UUID-VERIFY
X-Mcache
X-Oneagent-Js-Injection
Permissions-Policy
Fastcgi-Useragent
X-Debug
X-Logged-In
WPO-Cache-Message
WPO-Cache-Status
X-Amz-Replication-Status
X-Via-JSL
X-N
X-Amz-Meta-S3cmd-Attrs
Payment
X-Load-Cache
X-Cache-NGX
Surrogate-Key
X-Cache-Control
X-Contextid
X-Template
Count-Hit
X-Node-Name
Healthy
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-FW-Type
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Static
X-FW-Server
X-Original-Request-Id
X-Response-Served-From
X-Mobile
SD-X-WS
Content-Disposition
X-Proxy
X-Trace-Id
Refresh
Akamai-GRN
X-Cache-Time
X-G
X-XRDS-Location
X-Jobs
X-Real-IP
X-Revision
Amp-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-Framework
X-Akamai-Request-ID2
Uber-Trace-Id
X-Fastcgi-Cache
X-NGENIX-Cache
X-UUID
X-Is-Bot
Alternate-Protocol
NGB
X-Proxy-Cache-Status
X-Cache-TTL-Remaining
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
X-Device-Type
Url
X-Rendered-As
X-Restarts
X-Page-View
X-Http-Reason
X-Instance
X-Adobe-Content
X-Adobe-Loc
X-Debug-IsPreview
X-Debug-IsConnected
X-Drupal-Cache-Contexts
X-Servername
Access-Control-Request-Headers
X-Fastly-Request-ID
X-Yottaa-Metrics
X-Cache-Grace
X-Yottaa-Optimizations
X-IPLB-Instance
X-Mg-Request-UUID
X-Varnish-Server
X-Hostname
Version
X-EdgeConnect-Cache-Status
X-L-Path
X-Source
X-Environment-Context
X-ECache
X-Midtier
X-B3-Traceid
Accept-Language
X-HTML-Minification-Powered-By
X-RTag
MS-CV
Countrycode
Ms-Operation-Id
X-Cache-Hit
Frame-Options
X-Cache-Expired-At
From-Origin
X-Vgn-Hpd-Reason
X-Cache-Rule
Referer-Policy
Liferay-Portal
X-NYM-Debug-Backend
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
Backend
X-Nginx-Cache
X-IPS-LoggedIn
X-Parallel-Accel
X-FW-Version
X-COUNTRY
Content-Secure-Policy
X-Hosted-By
X-Datadome
Meta-Geo
X-RN-RSRV
X-Cache-Server
X-Unique-Id
X-UPSTREAM-Address
X-ProcessESI
X-RemovedCookies
Upgrade-Insecure-Requests
X-OCL
X-No-Session
X-Generation-Time
X-PCL
X-Redis-Cache
Section-Io-Cache
X-Ua
X-Mode
X-Origin-Hint
X-Region
X-PHP-Backend
X-Cluster-Node
Webcakes-Region
X-Server-W
X-UA-Device-Type
X-FB-TRIP-ID
X-Cache-Enabled
X-Via-Fastly
X-Uri
Webcakes-App-Version
Webcakes-App-Name
Property-Id
Mn-Server-Ip
Apigw-Requestid
WP-Super-Cache
S-Rt
TWC-Connection-Speed
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Content-Age
TWC-Device-Class
CF-IPCountry
Eomportal-Instance
Cache-Tv-Group
Fastly-SSL
Azure-Version
X-Access
X-Cache-Host
X-ApacheServer
Azure-SlotName
Locale
Azure-SiteName
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Azure-RegionName
Azure-InstanceId
X-Content-Powered-By
X-Format
X-Urbn-Context-Path
X-Storage
X-Status
X-Urbn-Site-Id
X-Varnish-Cache-Hits
X-Origin-Date
X-Be
X-Xfnlog-Site
X-Sql-Duration-Ms
X-Sql-Count
X-Nginx-Cache-Key
X-Locale
X-Alternate-Cache-Key
X-PERF
X-Request-Time
X-Site-Version
X-Section
X-Debug-Cache
X-Akamai-Edgescape
X-Tid
X-ServerID
X-SaId
X-NewRelic-App-Data
X-Varnishpool
Ec-Rule-Version
X-Detected-As
X-AOL-HN
X-Zipkin-Id
X-Routing-Service
X-APP-VERSION
X-BYPASS-REASON
X-Human
X-Hl-Ver
X-Extlb
X-JoinUs
X-Backend-Name
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxied
X-Generated-By
X-Forwarded-Host
X-PHP-Host
X-Labrador-Cache-Channel
X-Cache-Tags
X-Adobe-Source
X-Cms-Context
X-Handled-By
X-Platform-Server
X-Cache-Action
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Web-Node
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
Selected-Fe
X-Timing-Wait
X-Ratelimit-Remaining
X-Proxy-Build
ServedBy
X-Dc
X-TT-LOGID
X-Cache-Type
X-VC-Cache
X-Storefront-Renderer-Rendered
X-Edge-Location
X-App-Version
X-GG-Cache-Date
Load-Balancing
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-RequestCountryCode
CDN-CachedAt
CDN-RequestId
CDN-Uid
X-Hyper-Cache
SRV
X-Proto
X-Rule
X-LSADC-Cache
X-CDN-Forward
Web-Mar-Node
X-Cache-Operation
Onion-Location
Webserver
X-Cache-Remote
X-GeoCode
X-Cached-By
SID
X-GeoCountry
Mime-Version
X-Rewrite-Enabled
Fastly-Drupal-Html
X-Varnish-Hostname
Cache-Hits
X-TA-CDN-Provider
Xserver
X-Accel-Buffering
X-Soup
X-Pubstack
X-Cdn
X-Cluster
X-Reqid
X-SRV
X-Varnish-Ttl
X-GEO
X-Varnish-Hits
X-Origin-CC
Country-Code
X-Origin-TTL
Xet-Cookie
X-Envoy-Decorator-Operation
X-Microcachable
X-Air-Hostname
X-Buckets
Server-Info
X-Air-Trace-Id
X-Air-Source
X-CSRF-Token
X-Tumblr-Pixel-3
Decoy-Debug-Key
X-Ratelimit-Limit
X-MP-GENERATED-AT
Decoy-Debug-TTL
Decoy-Debug-Status
X-Tumblr-Pixel-2
X-Magnolia-Registration
X-IPLB-Request-ID
DB-Nickname
LB
X-Request-Host
X-Time
X-Ms-Version
X-Ms-Request-Id
X-B3-SpanId
X-Newrelic-Synthetics
Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
Source
X-Endurance-Cache-Level
X-NAPM-TraceId
MD5-Digest
X-PAYTM-SRV-ID
X-Connection-Hash
Fastcgi-X-Cache-Version
X-VG-WebCache
X-NCache
Mobile-Detection-Method
X-Orig-Expires
X-PBS-Appsvrname
Meta-Geo-Continent
X-Vtex-Processado-Em
DCR-Processing-Time-Ms
X-Ec-GeoHdr
A
X-Ec-Fail
X-Origin-Response-Time
X-Epic-Correlation-Id
X-CF-Lambda-Version
X-Esi-Check
DCR-Decision-By
X-Developer
X-Conf
Cmsid
Cdnsip
Cdncip
BehaviorPad-Version
X-Destination
X-External-Request-Id
X-Forwarded-Path
Lang
X-Vdms-Version
X-HS-Content-Campaign-Id
X-Ig-Push-State
Expiry
X-Cache-Id
X-Hash
X-Cache-NE
X-Ftr-Request-Id
X-CF-Lambda-Fn
Host-ID
X-Cdn-Srv
X-Gzip
X-Geo-Header
X-D
Xc-Version
X-A-Wwc
X-Bc-Bl
X-Tenant
X-Rojux
X-ScT
X-A-Ccd
X-S
X-Aed
Surrogated-Key
X-SRCache-Key
X-TIM-N
X-A-Dam
NM-Fastcgi-Cache
X-A
X-A-Dcw
Rendered-Blocks
X-A-Dgt
X-RCS-CacheZone
X-Shop-Environment
X-SD-PageType
X-Session-Fingerprint
Odigeo-Trace-Id
X-ARC
X-Vdms-Path
T-Server
X-Vtex-Remote-Cache
X-S-Cookie
X-Application
X-Processor
Sslversion
Cmstype
Pramga
X-AK-Request-ID
X-User
X-TrackingId
X-B-Cookie
X-Via-NSCOPI
State
X-SB
X-Fmm-Version
X-Gdpr
AKAMAI
Wxu-Next-Commit
X-SVT-ORM-RULES
X-Ckpd-Fst-Backend
X-Server-IP
X-CACHE-KEY
X-Clara-WADP
X-Developers
X-Device-Os
X-Scheme
X-Fastly-Cache
We-Hiring
X-Skip-Cache
X-SVT-ORM-VERSION
X-Fetched-On
Environment
Memcached
X-CacheTTL
Mail-Subject
X-Amzn-Remapped-Content-Length
X-Mvc-Supplant-Cachable
X-Cache-Bucket
X-Nyt-Route
X-NodeID
X-Node-Id
X-Origin-Time
X-Via-Ucdn
X-WADP-Cache
Wxu-Next-Region
X-Core-Value
X-Cache-Backend
Wxu-Next-Hostname
X-V-Cache
X-Varnish-Beresp-Grace
Machine
Server-Host
X-Irp-Debug
X-Core-Mission
X-Origin
Cache-Name
HostName
AMP-Access-Control-Allow-Source-Origin
X-R9-Blue-Green-Version
DynaTrace
X-Azure-Ref
X-ZONE
CDN
X-Block-Status
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
X-Auto-Login
X-Branch-Name
X-Cache-Info
X-Cache-Date
X-CGP
X-Minions-Version
X-RateLimit-Remaining-Second
Traceparent
X-Region-Sid
X-DefHash
X-Worker
X-RateLimit-Limit-Second
X-VarnishDD-TTL
Producers
X-Pod-Name
X-Policy
X-DefElseHash
X-Proxy-Upstream
X-Request-URI
X-Rocket-Build-Number
X-GeoIP
X-Variation
X-Slack-Backend
X-Sigma
X-Sigma-Backend
X-Served-From
X-Thinkindot-L3
X-DPWN-IS-SECURE
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-TNCMS
Platform
X-Platform
X-Generated-On
X-Gen-Mode
X-Has-Esi
X-HN
X-Hnp-Log
X-Gamma-Serve
X-Forwarded-Site
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Dispatcher-Number
X-Eu-Site
X-Is-Gdpr
X-JWT-State
X-Wix-Viewer-Type
X-Planisys-CDN-Rules
Adler-Geo
Is-Eu
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Viewer-Country
X-LAGOON
X-Level-Front-Cache
X-Loop
X-Origin-Expires
X-Csrf-Jwt
Web-Mar-Region
N-Cache
L5d-Success-Class
Origin-CC
Origin-EX
Redirect-Candidate
PFcat
HA-Ipaddr
Ha-Gx-Prefs
CDCHOST
X-Tx-Id
Cluster
Fastcgi-Cache-TTL
Gh-Request-Id
Fastly-GeoIP-CountryCode
Release
CloudFront-Viewer-Country
TDXMobile
Thinkindot-CacheControl
Svr
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Sn-Servicetimems
X-Pool
X-VServer
X-Qloud-Router
Fastly-SWR
X-Wikidot-Backend
IsBot
X-From
X-Proxy-Cache-Info
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Server-Ext
Apple-News-Services-Host
X-Ec-Custom-Error
Apple-News-Services-Handled
X-Rocket-Nginx-Serving-Static
Datacenter
Candidate-Md5Url
X-Webstats-RespID
X-Wikidot-Static-Cache
DSUID
L
X-GeoIP-City
Sever-Int
Origin
Kp-EeAlive
X-Rebelmouse-Surrogate-Control
X-Httpd
Cache-Key
X-Rebelmouse-Cache-Control
X-BCube-Filmed-By
X-VG-TLSProxy
X-Optimistic-Header
X-BBC-Edge-Cache-Status
X-Tt-Logid
X-Cdn-Origin
X-SIPLIST1
Req-Svc-Chain
X-Scale
Fastly-SIE
NGX
Ssr
X-Owner
Server-Hostname
X-Cache-Status-Check
X-VC
X-CS
XM
Ohc-File-Size
X-Parent-Response-Time
X-SplitTest
VNS-Cache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
VNS-Age
X-Tec-Api-Version
CPC-Cache
X-Ad-Defer-Variation
X-Aicache-OS
GEO-INFO
X-Loc
X-Tec-Api-Origin
Pics-Label
X-Location
X-Tec-Api-Root
CPC-Age
X-Refresh
X-NC
Fastly-Backend-Name
X-WA-Info
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-ASPX
Locid
Arc-Country
X-Micro-Cache
X-Contensis-Viewer-Groups
X-Edge-Pop
X-Ah-Environment
X-Men
X-AIR-PT
X-EC-Lua
Ms-Author-Via
X-Srv
X-TraceId
Servername
X-LB-NoCache
X-Varnish-Authentication
Env
Lb
X-Udemy-Cache-App-Namespace
Memory
X-Old-Content-Length
X-Response-By
Time
X-RPM
X-RSL
X-RPS
X-Mvc-Supplant-OutputCached
X-Amz-Meta-Cb-Modifiedtime
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-Generated-In
X-DB
X-DI
X-DW
X-DSS
X-TIME
X-Xrds-Location
X-Api-Version
X-Date
Path
Ngx.Var.Host
X-Akamai-Transformed
X-HA-Backend
GeoIp-Country-Code
X-Accel-Expires-Debug
X-Servedbyhost
X-S-Maxage
Cache-Host
ITXSESSIONID
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Varnish-Beresp-TTL
Ohc-Cache-HIT
XkeyRZ
X-Proxy-CacheRZ
X-RateLimit-Reset
Geoip-Latitude
FSS-Cache
X-Cache-Debug
True-Client-IP
Client
X-VCL-Version
X-Vc
X-Clientip
X-API-Version
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
X-VHOST
X-Cs
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Server-ID
X-DC
CacheControlHeader
X-Trace-ID
X-TX-ID
Tcn
X-Presslabs-Stats
X-TH-Server
Hostname
X-FireWall-Port
X-Action
True-Client-Country-4JS
X-Dmc
X-Zone
X-Backend-TTL
X-Fpc
X-CLOUD-TRACE-CONTEXT
Geo-Info
X-Webkit-Csp-Report-Only
Powered-By
X-Render-Time
Edge-Cache
X-B3-Spanid
X-DynaTrace-JS-Agent
X-INCAP-ABP
X-MSEdge-Flight
X-MSEdge-Features
NtCoent-Length
X-Req
X-PX
X-Traceid
X-Pass-Why
Rip
X-Gateway-Cache-Key
X-FPC
X-Gateway-Cache-Status
X-Service
X-Gateway-Skip-Cache
My-App
X-Gateway-Request-Id
Test
C-Via
X-NGINX-Cache
X-M-Reqid
Tube-Got-Results
X-Cdn-Request-ID
HIT
Tube-Got-Eval
Tube-Return
X-M-Log
X-Vcl-Version
X-CSRF-TOKEN
Tube-Get-Contents
Esi-Enabled
X-Qnm-Cache
Click-Count-Action-Start
Click-Count-Error
X-Correlation-ID
X-Origin-Upstream-Status
X-Provided-By
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Cache-Status
On-Server
X-Beluga-Trace
User-Agent
X-Webkit-CSP-Report-Only
Server-Id
X-Alfa-Service
X-Up
X-HS-Status
X-Beluga-Node
X-Beluga-Record
Cf-Int-Pingora-Origin-Digest
OT-Force-Account-Verify
X-LB-ID
X-Varnish-Beresp-Ttl
X-TRACE-ID
X-Geo
X-Via-PopV
X-Proxy-Cache-Hk
X-Via-PopH
Srvid
Resin-Trace
Uri
X-Via-PopN
X-URL
Proxy-Connection
X-APP
X-Ha-Backend
X-Check-Cacheable
WebServer
X-Li-Pop
X-RAMCache
X-LI-UUID
X-Li-Fabric
Sid
X-UnsetCookies
DataCenter
X-ServedByHost
GeoIP-Latitude
GeoIP-Country-Code
X-Akamai-Pragma-Client-IP
MIME-Version
X-Edge-Origin-Shield-Bytes
X-CCDN-Origin-Time
X-ND-Cache
WZWS-RAY
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Cdn
ENV
Srv
Epwk-X-Cache
X-LI-Proto
X-Fetch-By
X-Time-Microsecs
X-Edge-Origin-Shield-Region
X-Cdn-Forward
X-Backend-Host
X-HostName
Fastly-Drupal-HTML
X-Fastly-Backend-Reqs
X-CUA
M-TraceId
Server-Ttl
Warning
X-Esi
Target-Params
Tracecode
X-ATG-Version
Cf-Device-Type
X-Fragments
X-B3-Traceid-Primal
X-Request-Url
X-Platform-Router
X-Dynatrace
X-Edge-POP
X-Platform-Processor
XServer
ServerName
X-Platform-Cluster
X-Lb-Nocache
Dt-Hot-News
X-MG-S
X-ElasticPress-Query
Cdn-Requestid
X-Fastly-Backend
Section-Io-Origin-Time-Seconds
Cdn-Edgestorageid
Cdn-Requestcountrycode
X-FC-Vary-Parameters
X-App
PICS-Label
X-Azure-Ref-OriginShield
Lfy
CF-Cached-On
X-HITS
Inserted-Into-Cache-At
Cdn-Uid
Cdn-Pullzone
X-Yottaa-OS
X-Newrelic-App-Data
Cdn-Cache
X-Sucuri-Cache
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Status
X-Var-Ttl
X-Sucuri-ID
Cdn-Cachedat
X-Iplb-Instance
X-LiteSpeed-Cache-Control
X-CF-Powered-By
X-Serial
X-Varnish-Beresp-Status
Cf-Ipcountry
X-Cache-Expires
X-Akamai-Request-ID
X-Thanos
X-Vcache
D-Url-Rewrites
X-Dw-Trace-Id
X-Iplb-Request-Id
X-Nc
X-Bip
Servedby
DT-Hot-News
Wp-Super-Cache
X-Back
X-Snapshot-Date
X-Wp-Cf-Super-Cache-Cache-Control
True-Client-Ip
X-Th-Server
X-Wp-Cf-Super-Cache
X-Vercel-Id
X-Vercel-Cache
X-BBC-Origin-Response-Status
X-Release
Magicmarker
X-NU-AKA-ACS-Version
Cneonction
CountryCode
X-Request-URL
Content-Style-Type
X-Storefront-Renderer-Verified
X-Li-Proto
Fastcgi-Cache-Ttl
X-Dist-Code
Ngx
X-Backend-State
Content-Script-Type
X-Fastly-Cache-Hits