Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Pragma
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
Alt-Svc
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
P3p
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Iinfo
X-FRAME-OPTIONS
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
X-CDN
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-Akamai-Path-Stats
X-XSS-PROTECTION
Access-Control-Max-Age
CF-Ray
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
X-Dns-Prefetch-Control
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-UA-Device
X-Amz-Id-2
Host-Header
X-Proxy-Cache
X-Hacker
X-Rq
Grace
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Allow
EagleEye-TraceId
X-Ua-Compatible
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
CONTENT-SECURITY-POLICY
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
Cf-Edge-Cache
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-CST
X-Backend-Server
X-Readtime
X-Akam-SW-Version
X-Cache-Lookup
Accept-CH
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
Accept-Ch
X-Trace
X-Url
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Country
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Amz-Server-Side-Encryption
RTSS
Edge-Control
X-VARITI-CCR
X-FastCGI-Cache
X-ESI
X-Server-Name
X-Edge
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Px
X-Cdn-Fetch
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-D2id
X-Cnection
X-ASPNET-VERSION
X-Ser
X-Content-Security-Policy-Report-Only
X-Navigation-Version
X-Powered-By-Plesk
X-Sol
Pagespeed
Display
X-Middleton-Display
X-Abt-Application-Version
X-Client-IP
Verso
X-Ac
X-Element-Page-Cache
X-Version
X-RateLimit-Remaining
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Ttl
X-Litespeed-Cache
X-Middleton-Response
Response
X-Cached
X-Goog-Hash
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
X-Kinsta-Cache
SPRequestGuid
X-SharePointHealthScore
X-Edge-Location-Klb
AR-Request-ID
AR-SID
X-Powered-CMS
X-Instrumentation
AR-ATIME
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
AR-CACHE
AR-PoweredBy
X-WebKit-CSP-Report-Only
X-Upstream
X-Correlation-Id
X-TTL
X-LLID
Edge-Cache-Tag
X-Forwarded-For
X-NWS-LOG-UUID
X-ECACHE
Content-MD5
X-Id
Nginx-Cache
X-RateLimit-Limit
X-Cache-Key
X-Shield-Request-Id
X-MSEdge-Ref
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Recruiting
S
X-T
Mrf-Cache-Status
MRF-Tech
X-Daa-Tunnel
TCN
X-Content-Digest
X-B3-TraceId-Primal
X-Mg-S
X-HP-Trace-Id
X-Ruxit-Js-Agent
X-HP-Webp
X-Jurisdiction
X-Mcache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DataDome
TP-Cache
TP-L2-Cache
X-Grace
X-Accel-Expires
X-Ua-Device
X-HS-Hub-Id
X-HS-Cache-Config
X-DynaTrace
X-HS-Combine-CSS
Front-End-Https
X-HS-Content-Id
X-Protected-By
X-Frontend
X-Yandex-Sdch-Disable
Server-Node
Filters
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Request-Received
X-Ezoic-Cdn
X-Ua-Browser
X-Content
X-Ab
X-Distributor
X-Origin-Server
X-PressLabs-Stats
X-Hits
X-ORACLE-DMS-ECID
X-Server-ID
Fastcgi-Cache
X-LB-Cache
X-ORACLE-DMS-RID
X-Geo-Country
MS-Author-Via
X-Microsite
X-Request-Handler-Origin-Region
Charset
X-Amzn-Trace-Id
X-Cache-Age
Host
X-Tt-Trace-Host
X-Mid
X-Tt-Trace-Tag
Cleartype
X-F-Cache
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Git-Hash
X-Page-Id
X-Forwarded-Proto
Cache-Status
Realpath
X-Seen-By
X-Debug-Info
X-Webkit-Csp
X-Az
X-AppVersion
X-Activity-Id
X-Fastly-Request-Id
Permissions-Policy
X-DIS-Request-ID
X-Nginx-Upstream-Cache-Status
Access-Control-Allow-Method
Accept-Charset
X-Www-Served-By
X-Ratelimit-Reset
Filterid
X-Webkit-CSP
Cache-Tags
ServerID
X-Varnish-Age
X-FB-Debug
X-Midtier
X-Content-Options
X-Rid
X-Cluster-Name
Retry-After
Pinterest-Generated-By
X-Aspnetmvc-Version
X-Pinterest-Rid
Pinterest-Version
X-Type
Server-Name
X-Varnish-Backend
X-App-Environment
X-Varnish-Grace
X-Route-Name
X-Request-Guid
X-B
X-User-Agent
Country
X-Is-Crawler
X-Tb
X-Providence-Cookie
X-Amz-Meta-S3cmd-Attrs
X-Aspnet-Duration-Ms
X-Flags
X-B-Cache
X-TT
Viewport
X-Whom
X-Language
X-Drupal-Cache-Tags
X-Signature
X-Wix-Request-Id
X-Origin-Cache
X-VCache
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
Paypal-Debug-Id
DC
X-Debug
Fastcgi-Useragent
X-Upgrade-Enabled
Node
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NWS-UUID-VERIFY
X-Oracle-Dms-Ecid
X-Load-Cache
X-Logged-In
X-Amz-Replication-Status
X-Oracle-Dms-Rid
X-XRDS-LOCATION
Protected
Payment
X-N
Surrogate-Key
X-Mobile-URL
X-Cache-NGX
X-Cache-Control
Alternate-Protocol
Amp-Access-Control-Allow-Source-Origin
Count-Hit
WPO-Cache-Message
WPO-Cache-Status
X-NGENIX-Cache
X-Contextid
Healthy
X-Node-Name
X-Restarts
X-Mobile
X-XRDS-Location
X-Via-JSL
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Proxy
X-Original-Request-Id
X-Response-Served-From
Content-Disposition
SD-X-WS
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
Refresh
X-Jobs
X-G
Url
X-Servername
X-Adobe-Loc
X-Real-IP
X-Revision
Uber-Trace-Id
X-UUID
X-Page-View
X-Adobe-Content
X-Cache-Time
Akamai-GRN
X-MCACHE
X-Cacheable-TTL
X-Cache-TTL-Remaining
X-Akamai-Request-ID2
X-Debug-IsPreview
VIX-Pulpo-Node
X-Is-Bot
X-Framework
X-Device-Type
X-Rendered-As
X-Zen-Fury
X-Debug-IsConnected
VIX-Pulpo-Upstream-Status
X-Mg-Request-UUID
X-Template
X-Proxy-Cache-Status
X-Yottaa-Optimizations
X-Varnish-Server
X-Cache-Grace
X-Http-Reason
X-Drupal-Cache-Contexts
Access-Control-Request-Headers
X-Yottaa-Metrics
NGB
X-Environment-Context
X-L-Path
Frame-Options
X-Instance
X-IPLB-Instance
Version
X-HTML-Minification-Powered-By
Referer-Policy
X-EdgeConnect-Cache-Status
X-Source
X-Datadome
X-Hostname
Countrycode
MS-CV
Ms-Operation-Id
X-RTag
X-Ratelimit-Remaining
Liferay-Portal
X-Fastly-Request-ID
Accept-Language
X-ECache
X-B3-Traceid
X-NYM-Debug-Backend
X-Trace-Id
X-Oneagent-Js-Injection
X-Cache-Rule
X-App-Server
X-Cache-Hit
X-Cache-Expired-At
Cross-Origin-Window-Policy
X-Hosted-By
X-Nginx-Cache
Backend
X-Tumblr-User
X-Unique-Id
X-Tumblr-Pixel
From-Origin
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-Vgn-Hpd-Reason
X-App-Version
X-RemovedCookies
X-ProcessESI
X-Status
Section-Io-Cache
WP-Super-Cache
X-FW-Version
Meta-Geo
Load-Balancing
X-UPSTREAM-Address
X-RN-RSRV
Content-Secure-Policy
X-COUNTRY
X-No-Session
X-Cache-Server
X-Content-Powered-By
X-OCL
X-PCL
X-VWS-Id
X-AWS-Id
X-FB-TRIP-ID
X-LJ-Flow-ID
X-AOL-HN
X-Region
X-Request-Time
X-Redis-Cache
X-Content-Age
S-Rt
CF-IPCountry
Apigw-Requestid
X-PHP-Backend
Upgrade-Insecure-Requests
X-Origin-Date
X-PHP-Host
Mn-Server-Ip
X-Akamai-Edgescape
X-Cache-Enabled
X-UA-Device-Type
X-Sql-Count
X-Labrador-Cache-Channel
X-Via-Fastly
X-Mode
X-Sql-Duration-Ms
X-Server-W
X-Forwarded-Host
X-Human
X-Adobe-Source
Webcakes-Region
X-Access
X-Origin-Hint
X-Shopify-Stage
X-Varnish-Cache-Hits
X-PERF
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Section
X-Format
Eomportal-Instance
X-VC-Cache
X-Site-Version
X-Uri
X-Platform-Server
TWC-Device-Class
Property-Id
X-Be
TWC-Privacy
X-BYPASS-REASON
X-SayCDN-TTL
TWC-GeoIP-Country
X-Xfnlog-Site
TWC-Locale-Group
TWC-Connection-Speed
X-Cache-Tags
X-ProxyCache-Key
X-Say-TTL
X-Nginx-Cache-Key
TWC-GeoIP-LatLong
Webcakes-App-Version
X-ProxyCache-Status
X-Say-Cacheable
X-Cms-Context
Webcakes-App-Name
X-Debug-Cache
X-ApacheServer
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-SaId
X-Routing-Service
Azure-Version
X-Storage
X-Cache-Type
X-Edge-Location
X-Proxied
X-Locale
Azure-SlotName
X-Zipkin-Id
Locale
X-Cache-Host
Azure-InstanceId
Azure-RegionName
X-Ratelimit-Limit
Azure-SiteName
X-Varnishpool
X-Detected-As
X-Tid
X-GeoCountry
X-GG-Cache-Date
X-Hl-Ver
X-Storefront-Renderer-Rendered
X-JoinUs
X-Web-Node
X-GeoCode
X-ServerID
X-Extlb
X-Cluster-Node
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Backend-Name
X-Handled-By
X-Generated-By
X-Ua
X-Generation-Time
X-Proto
X-Proxy-Build
Selected-Fe
X-Timing-Wait
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestId
X-NewRelic-App-Data
X-Dc
X-APP-VERSION
CDN-Cache
CDN-Uid
CDN-CachedAt
CDN-PullZone
Fastly-SSL
ServedBy
Fastly-Drupal-Html
X-IPLB-Request-ID
Webserver
Web-Mar-Node
Ec-Rule-Version
X-CDN-Forward
X-Magnolia-Registration
Onion-Location
Cache-Tv-Group
X-LSADC-Cache
X-GEO
X-Varnish-Hostname
X-Cache-Action
Cache-Hits
X-Cached-By
SID
X-Envoy-Decorator-Operation
X-Cache-Operation
X-Tt-Logid
X-Air-Hostname
Mime-Version
X-Air-Trace-Id
X-Air-Source
X-Cache-Remote
X-Varnish-Hits
X-Cluster
X-Hyper-Cache
X-SRV
SRV
X-Rewrite-Enabled
X-Origin-CC
X-Origin-TTL
X-Soup
Xet-Cookie
LB
X-Fastcgi-Cache
Cache
DB-Nickname
X-Cdn
X-Rule
Source
Xserver
Server-Info
X-Microcachable
X-CSRF-Token
X-Parallel-Accel
X-TA-CDN-Provider
X-Reqid
X-Accel-Buffering
X-Via-NSCOPI
Country-Code
X-Pubstack
X-Time
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Skip-Cache
X-Xrds-Location
X-TT-LOGID
X-Buckets
X-Cache-Status-Check
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-B3-SpanId
X-Origin-Response-Time
X-Newrelic-Synthetics
X-Endurance-Cache-Level
X-Request-Host
X-Vtex-Processado-Em
X-TrackingId
X-User
X-A-Dam
X-A-Dcw
X-TIM-N
X-A-Ccd
X-Azure-Ref
X-SRCache-Key
X-A
X-Vtex-Remote-Cache
X-Tenant
X-Vdms-Path
X-PBS-Appsvrname
X-Application
X-PAYTM-SRV-ID
X-VG-WebCache
X-Aed
X-Ec-Fail
X-S-Cookie
X-Vdms-Version
X-SD-PageType
X-Tumblr-Pixel-3
X-A-Wwc
X-SplitTest
X-AK-Request-ID
A
X-External-Request-Id
Rendered-Blocks
Host-ID
X-ScT
X-Ec-GeoHdr
X-Session-Fingerprint
Lang
MD5-Digest
NM-Fastcgi-Cache
Odigeo-Trace-Id
X-Epic-Correlation-Id
Pramga
Meta-Geo-Continent
Mobile-Detection-Method
Sslversion
Fastcgi-X-Cache-Version
Cdncip
Cdnsip
Candidate-Md5Url
Cache-Key
X-ARC
BehaviorPad-Version
T-Server
Cmsid
X-Shop-Environment
Expiry
DCR-Processing-Time-Ms
DCR-Decision-By
Cmstype
Surrogated-Key
X-Forwarded-Path
X-A-Dgt
X-Amz-Apigw-Id
X-Conf
X-Destination
X-Tx-Id
X-Processor
XM
X-BCube-Filmed-By
X-CF-Lambda-Version
X-NAPM-TraceId
X-Ig-Push-State
X-Amzn-RequestId
X-CF-Lambda-Fn
X-Developer
X-Cache-NE
X-S
Xc-Version
X-Connection-Hash
X-D
DynaTrace
X-Rojux
X-Orig-Expires
X-Hash
X-B-Cookie
Datacenter
X-Varnish-Beresp-Grace
Mail-Subject
X-Loop
Server-Host
X-DPWN-IS-SECURE
Wxu-Next-Commit
Wxu-Next-Hostname
We-Hiring
Producers
X-CACHE-KEY
Adler-Geo
X-Ckpd-Fst-Backend
State
X-Ms-Request-Id
Is-Eu
X-Core-Mission
X-Core-Value
X-Sigma
X-Sigma-Backend
X-DefElseHash
X-DefHash
Environment
Kp-EeAlive
X-Fetched-On
X-Irp-Debug
X-SB
Wxu-Next-Region
X-Ad-Defer-Variation
X-Rocket-Build-Number
X-Geo-Header
Platform
X-NodeID
X-Cdn-Srv
X-Device-Os
X-GeoIP
X-Origin-Expires
X-Origin
X-Wix-Viewer-Type
HostName
X-Gzip
X-Esi-Check
X-Worker
X-Bc-Bl
X-Cache-Id
X-HS-Content-Campaign-Id
X-SVT-ORM-VERSION
X-CacheTTL
X-TNCMS
X-Ms-Version
Memcached
X-SVT-ORM-RULES
X-Scheme
X-Varnish-Remaining-TTL
Redirect-Candidate
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-V-Cache
X-Variation
X-AIR-PT
X-Developers
Server-Hostname
Req-Svc-Chain
X-Rocket-Nginx-Serving-Static
Server-Ext
Release
X-Dispatcher-Number
PFcat
VNS-Age
X-Cache-Info
X-Ec-Custom-Error
X-Cdn-Origin
VNS-Cache
Vix-Hermes-Req-Id
X-Cache-Date
X-Cache-Bucket
X-Aicache-OS
X-BBC-Edge-Cache-Status
X-Block-Status
X-Branch-Name
X-Planisys-CDN-TTL
User-Cache-Control
Traceparent
Ssr
X-Request-URI
X-Datadog-Parent-Id
Sever-Int
X-Datadog-Sampling-Priority
Svr
TDXMobile
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Clara-WADP
Thinkindot-CacheControl
X-Datadog-Trace-Id
CloudFront-Viewer-Country
X-VG-TLSProxy
X-Gen-Mode
X-Gamma-Serve
Origin-EX
X-Generated-On
X-Rebelmouse-Surrogate-Control
X-GeoIP-City
X-VarnishDD-TTL
X-Thinkindot-L3
X-Platform
AKAMAI
X-Amzn-Remapped-Content-Length
X-Sn-Servicetimems
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-VServer
X-Rebelmouse-Cache-Control
X-Policy
X-Node-Id
X-NCache
X-Mvc-Supplant-Cachable
X-Is-Gdpr
X-JWT-State
X-Hnp-Log
X-HN
X-RCS-CacheZone
X-WADP-Cache
X-Has-Esi
X-Loc
X-Minions-Version
Fastly-Backend-Name
Apple-News-Services-Handled
X-Forwarded-Site
X-Origin-Time
IsBot
L
X-Fastly-Cache
X-Region-Sid
Fastly-SIE
Apple-News-Services-Host
X-Qloud-Router
X-Nyt-Route
Origin
Origin-CC
NGX
N-Cache
Machine
X-Served-From
Fastly-GeoIP-CountryCode
Fastly-SWR
X-Level-Front-Cache
Apple-News-Services-Request-Url
X-SIPLIST1
Apple-News-Services-Parsed-Url
CDCHOST
X-Slack-Backend
X-Pool
X-Gdpr
CPC-Cache
X-Fmm-Version
CPC-Age
X-ZONE
X-Via-Ucdn
X-Viewer-Country
X-Auto-Login
X-Csrf-Jwt
X-Proxy-Cache-Info
X-R9-Blue-Green-Version
X-LAGOON
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Pod-Name
X-VC
X-Owner
DSUID
X-Scale
Cache-Name
V-Age
Fastcgi-Cache-TTL
Ha-Gx-Prefs
X-Eu-Site
L5d-Success-Class
HA-Ipaddr
X-Ftr-Request-Id
X-WA-Info
X-Wikidot-Static-Cache
Web-Mar-Region
X-Wikidot-Backend
X-CGP
X-Micro-Cache
X-RateLimit-Remaining-Second
X-Optimistic-Header
Cluster
Gh-Request-Id
X-Varnish-Ttl
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-CS
Pics-Label
X-Cache-Backend
Ohc-File-Size
X-EC-Lua
X-Correlation-ID
Cache-Host
CDN
X-Refresh
Ngx.Var.Host
X-RateLimit-Reset
X-Httpd
X-Proxy-CacheRZ
X-Parent-Response-Time
GEO-INFO
XkeyRZ
Path
X-Server-IP
X-NC
X-Ah-Environment
Env
Servername
X-LB-NoCache
X-Mvc-Supplant-OutputCached
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
Lb
X-Udemy-Cache-App-Namespace
X-Clientip
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Edge-Pop
Time
X-Via-Popn
X-Via-Poph
Memory
X-Servedbyhost
X-Via-Popv
X-From
X-Webstats-RespID
AMP-Access-Control-Allow-Source-Origin
X-Srv
X-Varnish-Authentication
X-API-Version
X-Generated-In
X-Location
X-Varnish-Beresp-TTL
X-TIME
X-S-Maxage
Locid
X-Amz-Meta-Cb-Modifiedtime
X-TraceId
Ohc-Cache-HIT
X-Dmc
X-Response-By
GeoIp-Country-Code
Arc-Country
ITXSESSIONID
X-Presslabs-Stats
X-Trace-ID
X-Men
X-Old-Content-Length
X-DynaTrace-JS-Agent
True-Client-IP
X-Akamai-Transformed
X-MSEdge-Features
X-Render-Time
X-MSEdge-Flight
Geoip-Latitude
X-RSL
X-RPS
X-VCL-Version
X-RPM
X-Accel-Expires-Debug
Client
X-HA-Backend
X-DW
X-DSS
X-DI
X-Date
X-Vc
X-DB
Server-ID
X-VHOST
X-Cs
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Service
X-INCAP-ABP
Rip
C-Via
X-Fpc
X-DC
X-TRACE-ID
X-Gateway-Cache-Status
Tcn
X-Zone
X-URL
Tube-Return
Tube-Got-Results
X-FireWall-Port
X-GeoIP-Country-Code
Hostname
Click-Count-Error
Click-Count-Action-Start
Tube-Get-Contents
Tube-Got-Eval
X-GeoIP-Region-Code
X-M-Reqid
X-TX-ID
FSS-Cache
X-M-Log
Esi-Enabled
On-Server
X-Cache-Debug
X-Qnm-Cache
NtCoent-Length
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Powered-By
X-Api-Version
X-Webkit-Csp-Report-Only
HIT
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
Srv
X-PX
X-B3-Spanid
CacheControlHeader
OT-Force-Account-Verify
Test
X-Action
X-Alfa-Service
X-Proxy-Cache-Hk
X-TH-Server
True-Client-Country-4JS
X-FPC
Cdn
X-NGINX-Cache
X-Backend-TTL
Server-Id
X-Vcl-Version
X-Cdn-Request-ID
X-HS-Status
X-CSRF-TOKEN
X-Traceid
X-Beluga-Cache-Status
User-Agent
Geo-Info
X-Beluga-Node
X-Beluga-Record
X-Beluga-Status
X-Beluga-Response-Time
X-Check-Cacheable
X-Beluga-Trace
GeoIP-Country-Code
Edge-Cache
GeoIP-Latitude
X-Akamai-Pragma-Client-IP
X-Pass-Why
DT-Hot-News
X-Req
X-Varnish-Beresp-Ttl
Resin-Trace
X-Origin-Upstream-Status
Uri
X-Ha-Backend
RATING
My-App
Server-Ttl
Proxy-Connection
X-Via-PopH
X-Via-PopN
X-App
Srvid
X-Via-PopV
X-APP
WebServer
X-CLOUD-TRACE-CONTEXT
X-Cdn-Forward
MIME-Version
Sid
Cf-Int-Pingora-Origin-Digest
X-Bip
X-Thanos
X-ServedByHost
M-TraceId
X-Request-Start
True-Client-Ip
X-CCDN-CacheTTL
Epwk-X-Cache
X-HostName
X-Up
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Edge-POP
X-Lb-Nocache
ServerName
X-Backend-Host
X-Fastly-Backend-Reqs
X-LB-ID
ENV
Warning
X-Provided-By
X-Esi
Magicmarker
X-Li-Pop
X-Geo
X-LI-Proto
X-B3-Traceid-Primal
X-LI-UUID
X-Li-Fabric
XServer
Inserted-Into-Cache-At
X-CMSURLCustom
X-ElasticPress-Query
X-Varnish-Beresp-Status
Canary
X-Fetch-By
X-Nc
X-Vercel-Cache
X-Akamai-Request-ID
Dt-Hot-News
X-Vercel-Id
PICS-Label
X-UnsetCookies
X-HITS
Section-Io-Origin-Time-Seconds
X-CF-Powered-By
X-RAMCache
CF-Cached-On
X-Serial
X-Webkit-CSP-Report-Only
Section-Origin-Responded
Section-Io-Origin-Status
X-Newrelic-App-Data
X-Dw-Trace-Id
Section-Io-Id
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
X-Iplb-Instance
X-Yottaa-OS
WZWS-RAY
X-ND-Cache
X-Vcache
X-Iplb-Request-Id
X-Request-Url
X-Cc-Via
X-Time-Microsecs
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
D-Url-Rewrites
Servedby
Cdn-Uid
Cdn-Edgestorageid
Cdn-Cachedat
Cdn-Cache
Wp-Super-Cache
Cdn-Pullzone
Cdn-Requestcountrycode
X-UA
X-Air-Pt
Cdn-Requestid
Vha6-Origin
Hit
X-Snapshot-Date
X-WP-CF-Super-Cache-Active
CountryCode
X-MiniProfiler-Ids
X-Release
X-LiteSpeed-Tag
X-CUA
X-Azure-Ref-OriginShield
X-Fastly-Cache-Hits
DataCenter
Fastcgi-Cache-Ttl
X-Request-URL
Cf-Device-Type
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Back
Content-Style-Type
X-Th-Server
X-BBC-Origin-Response-Status
X-Dist-Code
X-Storefront-Renderer-Verified
Content-Script-Type