Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Akamai-Path-Stats
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-UA-Device
Host-Header
X-Proxy-Cache
X-Hacker
X-Rq
Grace
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-LiteSpeed-Cache
X-Amz-Version-Id
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-CST
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Cache-Lookup
X-Response-Time
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Url
Accept-Ch
Fastly-Restarts
Accept-Ch-Lifetime
X-Country
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-Vname
X-PC
X-TtlSet
X-Amz-Server-Side-Encryption
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-FastCGI-Cache
X-ESI
X-Server-Name
Cache-Tag
X-Edge
X-Vcap-Request-Id
X-Content-Type
X-B3-TraceId
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Dw-Request-Base-Id
X-Px
X-Amz-Rid
X-ASPNET-VERSION
Public-Key-Pins
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Content-Security-Policy-Report-Only
X-Powered-By-Plesk
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Ac
X-Abt-Application-Version
Verso
X-Client-IP
X-Element-Page-Cache
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Ttl
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
Response
X-Middleton-Response
X-Goog-Hash
X-Cached
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
X-Kinsta-Cache
SPRequestGuid
X-SharePointHealthScore
X-Edge-Location-Klb
AR-CACHE
X-Powered-CMS
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-Server-Lifecycle-Phase
X-Upstream
X-Kraken-Loop-Name
X-Instrumentation
X-Correlation-Id
X-LLID
Edge-Cache-Tag
X-WebKit-CSP-Report-Only
X-Forwarded-For
X-NWS-LOG-UUID
Content-MD5
X-Litespeed-Cache
X-TTL
X-Cache-Key
X-ECACHE
X-Ruxit-Js-Agent
Nginx-Cache
X-RateLimit-Limit
X-Id
X-Shield-Request-Id
TCN
X-MSEdge-Ref
X-Recruiting
MRF-Tech
Mrf-Cache-Status
S
X-T
X-Daa-Tunnel
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Digest
X-B3-TraceId-Primal
X-DataDome
X-Mg-S
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ua-Device
TP-L2-Cache
TP-Cache
X-Grace
X-Mcache
X-Accel-Expires
X-DynaTrace
X-HS-Cache-Config
X-Frontend
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Protected-By
MicrosoftSharePointTeamServices
Front-End-Https
Server-Node
Filters
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
X-Ab
X-Content
X-Distributor
X-Origin-Server
X-PressLabs-Stats
X-Hits
Fastcgi-Cache
X-LB-Cache
X-ORACLE-DMS-ECID
MS-Author-Via
X-Geo-Country
X-ORACLE-DMS-RID
X-Microsite
X-Request-Handler-Origin-Region
X-Mid
X-Amzn-Trace-Id
Charset
X-Tt-Trace-Tag
X-Tt-Trace-Host
Host
X-Webkit-Csp
Cleartype
Cross-Origin-Opener-Policy
X-F-Cache
Cache-Status
X-Forwarded-Proto
X-Page-Id
X-B3-Sampled
X-Git-Hash
Realpath
X-Debug-Info
X-Seen-By
X-Cache-Age
X-Az
X-AppVersion
X-Activity-Id
X-DIS-Request-ID
Access-Control-Allow-Method
X-Ratelimit-Reset
X-Nginx-Upstream-Cache-Status
Accept-Charset
X-Www-Served-By
X-Fastly-Request-Id
Permissions-Policy
X-Webkit-CSP
Filterid
X-Server-ID
ServerID
Cache-Tags
X-Aspnetmvc-Version
X-Varnish-Age
X-Content-Options
X-Rid
X-Cluster-Name
X-FB-Debug
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Type
Retry-After
Server-Name
X-Midtier
X-Varnish-Backend
X-Amz-Meta-S3cmd-Attrs
X-App-Environment
X-Varnish-Grace
X-Tb
X-Route-Name
X-Request-Guid
X-Flags
X-Aspnet-Duration-Ms
X-User-Agent
X-B
X-Providence-Cookie
Country
X-Is-Crawler
X-B-Cache
X-Drupal-Cache-Tags
X-Origin-Cache
X-Signature
X-Wix-Request-Id
Viewport
X-TT
X-Whom
Paypal-Debug-Id
DC
X-VCache
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Generation
Node
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Fastcgi-Useragent
X-Oracle-Dms-Ecid
X-Debug
X-Language
X-Oracle-Dms-Rid
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-NWS-UUID-VERIFY
Protected
X-Amz-Replication-Status
X-Logged-In
X-Mobile-URL
Payment
X-Cache-NGX
X-N
Amp-Access-Control-Allow-Source-Origin
X-Load-Cache
Surrogate-Key
X-Cache-Control
WPO-Cache-Status
WPO-Cache-Message
Count-Hit
X-XRDS-LOCATION
Alternate-Protocol
X-XRDS-Location
X-Contextid
X-NGENIX-Cache
Healthy
X-Restarts
X-Node-Name
X-Via-JSL
X-Mobile
X-Proxy
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Content-Disposition
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-MCACHE
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-Jobs
Refresh
Url
Akamai-GRN
X-G
X-UUID
X-Page-View
X-Servername
X-Revision
X-Real-IP
X-Akamai-Request-ID2
X-Zen-Fury
X-Cache-Time
X-Adobe-Loc
X-Adobe-Content
Uber-Trace-Id
X-Device-Type
X-Debug-IsPreview
X-Cacheable-TTL
X-Cache-TTL-Remaining
X-Rendered-As
X-Framework
X-Debug-IsConnected
X-Is-Bot
X-Http-Reason
VIX-Pulpo-Node
X-Mg-Request-UUID
VIX-Pulpo-Upstream-Status
X-Varnish-Server
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
X-Yottaa-Optimizations
X-Cache-Grace
X-Yottaa-Metrics
X-L-Path
X-Environment-Context
X-Instance
NGB
Frame-Options
X-HTML-Minification-Powered-By
X-Ratelimit-Remaining
X-Hostname
X-IPLB-Instance
Version
X-Template
X-Fastly-Request-ID
X-EdgeConnect-Cache-Status
X-COUNTRY
Referer-Policy
X-Source
Countrycode
X-ECache
X-B3-Traceid
Ms-Operation-Id
MS-CV
X-RTag
Liferay-Portal
Accept-Language
X-Trace-Id
X-Oneagent-Js-Injection
X-NYM-Debug-Backend
X-Datadome
X-Cache-Rule
X-App-Server
X-Cache-Expired-At
X-Cache-Hit
Cross-Origin-Window-Policy
From-Origin
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Hosted-By
X-Tumblr-Pixel
Backend
X-Vgn-Hpd-Reason
X-Unique-Id
X-IPS-LoggedIn
X-APP-VERSION
X-Status
X-ProcessESI
X-RemovedCookies
Upgrade-Insecure-Requests
Load-Balancing
X-Nginx-Cache
X-UPSTREAM-Address
WP-Super-Cache
Section-Io-Cache
Meta-Geo
X-Cache-Server
X-Ratelimit-Limit
X-RN-RSRV
X-FW-Version
X-OCL
X-No-Session
X-FB-TRIP-ID
X-AWS-Id
X-VWS-Id
X-PCL
Content-Secure-Policy
X-LJ-Flow-ID
CF-IPCountry
X-Labrador-Cache-Channel
X-Content-Powered-By
X-Content-Age
Apigw-Requestid
X-Origin-Date
X-Via-Fastly
X-Sql-Duration-Ms
X-AOL-HN
X-UA-Device-Type
X-Sql-Count
X-Section
X-Be
X-Request-Time
X-Access
X-PHP-Host
X-PHP-Backend
X-Cache-Enabled
Mn-Server-Ip
S-Rt
X-Region
X-Redis-Cache
X-Ua
X-Akamai-Edgescape
X-Mode
X-Platform-Server
X-PERF
X-Nginx-Cache-Key
X-ProxyCache-Key
X-ProxyCache-Status
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Human
X-Generated-By
X-BYPASS-REASON
X-ApacheServer
X-Adobe-Source
Locale
X-Cache-Tags
X-Cms-Context
X-Forwarded-Host
X-Format
X-Debug-Cache
X-Site-Version
X-Storage
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
X-Cluster-Node
X-Varnish-Cache-Hits
X-Server-W
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Uri
X-Urbn-Site-Id
X-Urbn-Context-Path
X-VC-Cache
X-Xfnlog-Site
TWC-Device-Class
TWC-Connection-Speed
Property-Id
Eomportal-Instance
Webcakes-App-Name
X-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-GeoCountry
X-Hl-Ver
X-GeoCode
X-GG-Cache-Date
X-Extlb
X-JoinUs
X-Detected-As
X-Storefront-Renderer-Rendered
X-Generation-Time
X-Varnishpool
X-Web-Node
X-Routing-Service
X-SaId
X-Tid
X-ServerID
X-Proxied
X-Zipkin-Id
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Fastly-SSL
X-Cache-Type
X-NewRelic-App-Data
X-Cache-Host
X-Locale
X-Dc
X-Edge-Location
X-Proto
X-Backend-Name
X-Handled-By
Selected-Fe
X-Proxy-Build
X-Timing-Wait
Webserver
CDN-RequestId
CDN-Uid
CDN-PullZone
ServedBy
X-CDN-Forward
CDN-EdgeStorageId
CDN-Cache
CDN-RequestCountryCode
Cache-Tv-Group
CDN-CachedAt
Ec-Rule-Version
Fastly-Drupal-Html
X-App-Version
Web-Mar-Node
Onion-Location
X-LSADC-Cache
X-IPLB-Request-ID
X-GEO
X-Cache-Action
X-Magnolia-Registration
X-Varnish-Hostname
X-Tt-Logid
Cache-Hits
X-Cached-By
X-Envoy-Decorator-Operation
SID
X-Cache-Operation
Mime-Version
X-Air-Hostname
SRV
X-Air-Source
X-Air-Trace-Id
X-Cluster
X-Hyper-Cache
X-Cache-Remote
X-Varnish-Hits
LB
X-Fastcgi-Cache
X-Cdn
X-Rewrite-Enabled
X-Origin-CC
X-Origin-TTL
X-Soup
X-SRV
X-Parallel-Accel
Xet-Cookie
X-Rule
DB-Nickname
Xserver
Cache
Source
X-Microcachable
Server-Info
X-Accel-Buffering
X-MP-GENERATED-AT
X-Reqid
Country-Code
X-Pubstack
X-Xrds-Location
X-Tumblr-Pixel-2
X-Via-NSCOPI
X-TA-CDN-Provider
X-CSRF-Token
X-Buckets
X-Tx-Id
Decoy-Debug-Status
X-Skip-Cache
X-Tumblr-Pixel-3
Decoy-Debug-Key
Decoy-Debug-TTL
X-Cache-Status-Check
X-B3-SpanId
X-Request-Host
X-Endurance-Cache-Level
X-Origin-Response-Time
X-TT-LOGID
X-Forwarded-Path
X-ARC
MD5-Digest
Cdnsip
X-Application
A
Odigeo-Trace-Id
X-Geo-Header
X-Cache-NE
Meta-Geo-Continent
X-AK-Request-ID
X-Hash
X-Vdms-Path
NM-Fastcgi-Cache
X-Ig-Push-State
X-External-Request-Id
X-Ec-Fail
X-Ec-GeoHdr
Cdncip
X-Cdn-Srv
X-PAYTM-SRV-ID
DynaTrace
Candidate-Md5Url
X-PBS-Appsvrname
Rendered-Blocks
X-B-Cookie
X-BCube-Filmed-By
X-NAPM-TraceId
X-Epic-Correlation-Id
BehaviorPad-Version
Cache-Key
X-Processor
X-Orig-Expires
Pramga
X-S
X-CF-Lambda-Fn
X-A
X-VG-WebCache
X-SplitTest
X-SRCache-Key
X-Session-Fingerprint
X-Vtex-Processado-Em
X-ScT
X-SD-PageType
X-Vtex-Remote-Cache
X-A-Ccd
Expiry
X-Vdms-Version
X-User
X-Connection-Hash
X-Conf
Host-ID
X-TrackingId
X-D
X-CF-Lambda-Version
Fastcgi-X-Cache-Version
X-Tenant
X-TIM-N
DCR-Processing-Time-Ms
X-Shop-Environment
Datacenter
Cmstype
X-A-Dam
X-A-Dgt
T-Server
Cmsid
X-A-Wwc
X-Amzn-RequestId
X-Aed
X-Amz-Apigw-Id
Lang
Sslversion
XM
Surrogated-Key
Mobile-Detection-Method
X-S-Cookie
X-Rojux
X-A-Dcw
X-Developer
Xc-Version
X-Destination
DCR-Decision-By
X-Azure-Ref
X-Newrelic-Synthetics
X-Core-Mission
X-Ckpd-Fst-Backend
X-Core-Value
Memcached
X-Device-Os
Environment
X-DefElseHash
AKAMAI
Mail-Subject
X-Developers
Adler-Geo
X-DefHash
X-Esi-Check
Kp-EeAlive
X-DPWN-IS-SECURE
X-Fetched-On
X-Varnish-Beresp-Grace
Redirect-Candidate
X-Wix-Viewer-Type
X-Scheme
X-Sigma
X-Sigma-Backend
X-Worker
X-SB
X-Ad-Defer-Variation
Is-Eu
State
X-Rocket-Build-Number
Wxu-Next-Region
Wxu-Next-Hostname
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-V-Cache
X-TNCMS
Wxu-Next-Commit
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
We-Hiring
X-CacheTTL
Server-Host
X-Has-Esi
X-Loop
X-Gzip
X-HS-Content-Campaign-Id
X-Cache-Id
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
X-Ms-Request-Id
X-Ms-Version
X-Origin-Expires
Platform
Producers
X-NodeID
X-Origin
X-Bc-Bl
X-GeoIP
X-Time
X-Cache-Info
VNS-Cache
X-CGP
X-Branch-Name
X-Block-Status
X-Aicache-OS
X-Cdn-Origin
X-BBC-Edge-Cache-Status
X-Cache-Bucket
X-Cache-Date
X-Qloud-Router
X-Nyt-Route
X-Rebelmouse-Cache-Control
X-Gdpr
VNS-Age
X-Amzn-Remapped-Content-Length
X-Origin-Time
X-RCS-CacheZone
X-Policy
X-Platform
X-Pool
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Sn-Servicetimems
X-Slack-Backend
X-VG-TLSProxy
X-Thinkindot-L3
X-VarnishDD-TTL
X-SIPLIST1
X-VServer
Fastly-Backend-Name
X-Request-URI
X-Rocket-Nginx-Serving-Static
X-WADP-Cache
X-Served-From
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Fmm-Version
X-Fastly-Cache
X-Forwarded-Site
X-Ftr-Request-Id
X-Gamma-Serve
X-Eu-Site
X-Ec-Custom-Error
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Dispatcher-Number
X-Gen-Mode
X-Generated-On
X-Mvc-Supplant-Cachable
X-Minions-Version
X-NCache
X-Node-Id
X-Planisys-CDN-Cache
X-Loc
X-Level-Front-Cache
X-GeoIP-City
X-HN
X-Hnp-Log
X-LAGOON
X-Clara-WADP
Traceparent
IsBot
L
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
L5d-Success-Class
Machine
Origin-CC
Origin
NGX
N-Cache
Fastly-SIE
Fastly-GeoIP-CountryCode
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-EC-Lua
X-AIR-PT
Apple-News-Services-Request-Url
CDCHOST
Fastcgi-Cache-TTL
CPC-Cache
CPC-Age
CloudFront-Viewer-Country
Origin-EX
X-Varnish-Ttl
Svr
TDXMobile
Vix-Hermes-Req-Id
Ssr
V-Age
Sever-Int
Thinkindot-Control
User-Cache-Control
Server-Ext
Server-Hostname
Release
Thinkindot-CacheControl-Type
PFcat
Req-Svc-Chain
Thinkindot-CacheControl
Cluster
X-WA-Info
HostName
Cache-Name
X-R9-Blue-Green-Version
X-Owner
Ohc-File-Size
DSUID
X-Proxy-Cache-Info
X-Via-Ucdn
X-Cache-Backend
X-Viewer-Country
X-Wikidot-Backend
X-Micro-Cache
X-Wikidot-Static-Cache
X-Optimistic-Header
X-Auto-Login
X-Pod-Name
Gh-Request-Id
X-Proxy-Upstream
Web-Mar-Region
X-Scale
X-Correlation-ID
X-WP-CF-Super-Cache
X-CS
CDN
X-WP-CF-Super-Cache-Cache-Control
Pics-Label
X-ZONE
Cache-Host
X-Server-IP
X-Httpd
GEO-INFO
Ngx.Var.Host
X-Refresh
X-VC
X-CACHE-KEY
XkeyRZ
X-Proxy-CacheRZ
X-LB-NoCache
Path
X-TIME
Servername
X-Ah-Environment
X-Parent-Response-Time
X-NC
Ms-Author-Via
X-Webstats-RespID
X-Contensis-Viewer-Groups
X-Mvc-Supplant-OutputCached
X-Cache-ASPX
X-Servedbyhost
X-Edge-Pop
Env
X-From
X-Udemy-Cache-App-Namespace
X-Tb-Optimization-Total-Bytes-Saved
X-Srv
X-Generated-In
Time
X-Via-Poph
X-Location
X-Via-Popn
X-Varnish-Authentication
X-Clientip
X-RateLimit-Reset
X-Via-Popv
Memory
Lb
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-TraceId
X-API-Version
Locid
X-Amz-Meta-Cb-Modifiedtime
Ohc-Cache-HIT
X-Varnish-Beresp-TTL
Arc-Country
X-Presslabs-Stats
X-Men
X-Response-By
X-S-Maxage
ITXSESSIONID
GeoIp-Country-Code
X-Vc
AMP-Access-Control-Allow-Source-Origin
X-Dmc
X-Akamai-Transformed
X-Old-Content-Length
True-Client-IP
X-Accel-Expires-Debug
X-RPM
X-RPS
X-RSL
Client
X-Date
Server-ID
X-DB
X-DI
X-DW
X-HA-Backend
Geoip-Latitude
X-Zone
X-DSS
X-VCL-Version
X-VHOST
X-Cs
Hostname
X-MSEdge-Features
X-DynaTrace-JS-Agent
X-Trace-ID
X-TRACE-ID
X-Render-Time
X-Fpc
X-MSEdge-Flight
X-URL
X-Service
Rip
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-GeoIP-Country-Code
X-INCAP-ABP
C-Via
X-GeoIP-Region-Code
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
Tube-Get-Contents
X-DC
Click-Count-Error
Click-Count-Action-Start
Tube-Got-Eval
Tube-Got-Results
X-FireWall-Port
FSS-Cache
Tube-Return
X-Cache-Debug
Fusion-Deployment-Id
Fusion-Template-Id
X-M-Reqid
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Qnm-Cache
Powered-By
X-M-Log
NtCoent-Length
X-Api-Version
On-Server
Esi-Enabled
X-Webkit-Csp-Report-Only
X-TX-ID
X-NGINX-Cache
CacheControlHeader
X-B3-Spanid
HIT
X-PX
X-CSRF-TOKEN
X-Alfa-Service
Srv
X-TH-Server
X-Action
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
Test
Tcn
True-Client-Country-4JS
X-Cdn-Request-ID
X-Backend-TTL
X-FPC
X-Proxy-Cache-Hk
OT-Force-Account-Verify
Cdn
X-Traceid
X-Vcl-Version
X-Beluga-Response-Time
X-Check-Cacheable
X-Beluga-Trace
X-HS-Status
X-Beluga-Status
Server-Id
User-Agent
X-Beluga-Cache-Status
Geo-Info
X-Beluga-Node
X-Beluga-Record
Edge-Cache
X-Pass-Why
X-Akamai-Pragma-Client-IP
X-Req
GeoIP-Latitude
GeoIP-Country-Code
X-Varnish-Beresp-Ttl
X-Origin-Upstream-Status
Uri
X-Via-PopV
X-Ha-Backend
Srvid
X-App
My-App
Proxy-Connection
Resin-Trace
X-Via-PopH
X-Via-PopN
X-CLOUD-TRACE-CONTEXT
DT-Hot-News
X-APP
M-TraceId
Server-Ttl
MIME-Version
Sid
Cf-Int-Pingora-Origin-Digest
X-ServedByHost
X-Bip
X-Up
X-Hcs-Proxy-Type
X-Thanos
Epwk-X-Cache
X-CCDN-CacheTTL
X-CCDN-Origin-Time
WebServer
X-Cdn-Forward
X-Backend-Host
X-Fastly-Backend-Reqs
True-Client-Ip
ENV
X-Request-Start
X-LB-ID
Warning
X-Provided-By
X-ID
X-Esi
X-Lb-Nocache
X-Edge-POP
X-LI-UUID
X-Li-Pop
XServer
X-B3-Traceid-Primal
X-Geo
X-Li-Fabric
ServerName
X-LI-Proto
X-HostName
X-CACHE-AGE
Dt-Hot-News
X-Fetch-By
Section-Origin-Responded
Section-Io-Origin-Status
X-ElasticPress-Query
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-UnsetCookies
PICS-Label
X-Akamai-Request-ID
X-Serial
X-Vercel-Cache
X-Vercel-Id
X-RAMCache
X-Dw-Trace-Id
X-Nc
X-Webkit-CSP-Report-Only
X-CF-Powered-By
Magicmarker
CF-Cached-On
X-HITS
X-Newrelic-App-Data
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
WZWS-RAY
X-Iplb-Instance
X-CMSURLCustom
X-Vcache
X-ND-Cache
X-Request-Url
X-Yottaa-OS
X-Iplb-Request-Id
X-Varnish-Beresp-Status
Inserted-Into-Cache-At
Canary
X-IN-APIGATEWAY
D-Url-Rewrites
X-Time-Microsecs
X-Cc-Via
X-IN-APIGATEWAYSSL
Wp-Super-Cache
Cdn-Uid
X-Air-Pt
Cdn-Cache
Cdn-Requestid
Cdn-Requestcountrycode
Servedby
Cdn-Pullzone
Cdn-Cachedat
Cdn-Edgestorageid
X-LiteSpeed-Tag
Vha6-Origin
Hit
X-Snapshot-Date
X-MiniProfiler-Ids
Content-Script-Type
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
Content-Style-Type
CountryCode
X-BBC-Origin-Response-Status
X-Release
X-Request-URL
Cf-Device-Type
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Azure-Ref-OriginShield
X-CUA
X-Dist-Code
DataCenter
X-Wp-Cf-Super-Cache-Cache-Control