Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
CF-RAY
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
X-Rq
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Dispatcher
X-Akamai-Path-Stats
EagleEye-TraceId
X-WebKit-CSP
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
Allow
X-Host
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
Surrogate-Control
Accept-CH
X-Backend-Server
Request-Id
X-Akam-SW-Version
X-Readtime
X-HW
X-Cache-Lookup
X-Response-Time
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-Trace
Cf-Edge-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Vname
X-PC
X-TtlSet
X-MS-InvokeApp
X-Rack-Cache
X-Server-Name
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
RTSS
X-Content-Type
X-ESI
X-B3-TraceId
X-VARITI-CCR
X-Vcap-Request-Id
Cache-Tag
X-Px
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Amz-Rid
Public-Key-Pins
X-Ac
X-Cnection
X-Dw-Request-Base-Id
X-Amz-Server-Side-Encryption
X-Element-Page-Cache
Accept-Ch
X-D2id
Verso
X-Navigation-Version
X-Cache-TTL
X-Abt-Application-Version
X-RateLimit-Remaining
X-Powered-By-Plesk
X-Client-IP
Service-Worker-Allowed
X-FastCGI-Cache
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Ser
X-Country-Code
X-GitHub-Request-Id
X-Version
Arr-Disable-Session-Affinity
X-Edge
X-TTL
X-Middleton-Response
Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
X-Ruxit-Js-Agent
X-Correlation-Id
AR-SID
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Upstream
X-Webkit-Csp
X-Kinsta-Cache
X-Edge-Location-Klb
SPRequestDuration
SPIisLatency
X-Cached
X-NWS-LOG-UUID
X-LLID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
Nginx-Cache
X-Litespeed-Cache
X-Powered-CMS
Edge-Cache-Tag
MS-Author-Via
TCN
X-RateLimit-Limit
X-Ttl
X-Cache-Key
Mrf-Cache-Status
X-SharePointHealthScore
SPRequestGuid
MRF-Tech
X-Forwarded-For
X-MSEdge-Ref
Content-MD5
X-B3-TraceId-Primal
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-Ua-Device
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Protected-By
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HS-Content-Id
X-Frontend
X-HS-Hub-Id
X-HS-Cache-Config
X-Ezoic-Cdn
X-Ab
X-Yandex-Sdch-Disable
MicrosoftSharePointTeamServices
X-Content
Server-Node
X-Ua-Browser
X-Request-Processing-Time
X-HS-Combine-CSS
Front-End-Https
X-Request-Received
X-Grace
X-Accel-Expires
Filters
X-Server-ID
X-DataDome
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-ECACHE
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-Origin-Server
X-PressLabs-Stats
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
TP-Cache
X-Distributor
X-Debug-Info
X-Ratelimit-Reset
TP-L2-Cache
X-Amzn-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Charset
Cleartype
X-Page-Id
X-Git-Hash
X-DIS-Request-ID
X-F-Cache
Host
X-Www-Served-By
X-DynaTrace
X-B3-Sampled
Cross-Origin-Opener-Policy
X-LB-Cache
Cache-Tags
X-Cache-Age
X-Forwarded-Proto
Access-Control-Allow-Method
ServerID
X-Seen-By
X-Microsite
X-Request-Handler-Origin-Region
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Aspnetmvc-Version
X-Language
X-Cluster-Name
X-Activity-Id
X-Az
X-AppVersion
Server-Name
Accept-Charset
X-Varnish-Age
X-WebKit-CSP-Report-Only
Realpath
X-Rid
Filterid
Cache-Status
X-Type
X-Content-Options
X-XRDS-LOCATION
X-App-Environment
X-Mobile-URL
X-Upgrade-Enabled
X-Origin-Cache
X-Oracle-Dms-Ecid
X-FB-Debug
X-User-Agent
Country
X-Via-JSL
Viewport
X-Varnish-Grace
X-Oracle-Dms-Rid
Node
X-Tb
X-Wix-Request-Id
X-MCACHE
X-Signature
X-Route-Name
Paypal-Debug-Id
X-Aspnet-Duration-Ms
X-B-Cache
X-Is-Crawler
X-Drupal-Cache-Tags
X-Request-Guid
X-Flags
DC
X-Whom
X-Providence-Cookie
X-Nginx-Upstream-Cache-Status
X-TT
X-NWS-UUID-VERIFY
Protected
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Retry-After
Fastcgi-Useragent
X-Varnish-Backend
X-VCache
X-Cache-NGX
X-Fastly-Request-ID
X-Fastly-Request-Id
X-Amz-Replication-Status
X-Contextid
X-B
X-Fastcgi-Cache
Payment
X-Debug
X-Template
X-Logged-In
X-N
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Dynamic
WPO-Cache-Message
WPO-Cache-Status
X-FW-Type
X-FW-Hash
X-Load-Cache
Surrogate-Key
X-Hostname
X-Cache-Control
X-Parallel-Accel
X-XRDS-Location
Amp-Access-Control-Allow-Source-Origin
X-Node-Name
Count-Hit
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Mcache
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
X-Trace-Id
Refresh
X-Proxy
Uber-Trace-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Is-Bot
X-G
X-Jobs
X-Amz-Meta-S3cmd-Attrs
Healthy
Akamai-GRN
X-Mobile
X-Real-IP
X-UUID
X-Rendered-As
X-Cache-Time
X-Revision
X-Page-View
X-Zen-Fury
X-Framework
X-Akamai-Request-ID2
X-Cacheable-TTL
X-Cache-TTL-Remaining
X-Device-Type
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Debug-IsConnected
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Proxy-Cache-Status
X-Http-Reason
Content-Disposition
Alternate-Protocol
NGB
X-Instance
X-Adobe-Content
Access-Control-Request-Headers
X-Adobe-Loc
X-Cache-Rule
X-IPLB-Instance
From-Origin
X-Vgn-Hpd-Reason
X-Source
Url
X-Servername
X-B3-Traceid
Version
X-Cache-Grace
X-Cache-Expired-At
X-Oneagent-Js-Injection
X-Cache-Hit
Accept-Language
X-Varnish-Server
X-L-Path
X-Environment-Context
X-Ratelimit-Remaining
X-Mg-Request-UUID
Referer-Policy
Permissions-Policy
X-EdgeConnect-Cache-Status
X-App-Server
X-FW-Version
Countrycode
X-Restarts
MS-CV
Ms-Operation-Id
X-RTag
Cross-Origin-Window-Policy
X-Cache-Action
X-NGENIX-Cache
X-ECache
X-Tumblr-Pixel
X-IPS-LoggedIn
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Backend
X-COUNTRY
X-RemovedCookies
Liferay-Portal
X-ProcessESI
X-NYM-Debug-Backend
CF-IPCountry
X-Datadome
X-Nginx-Cache
X-Hyper-Cache
X-HTML-Minification-Powered-By
Content-Secure-Policy
Frame-Options
WP-Super-Cache
X-Rule
X-RN-RSRV
X-OCL
Upgrade-Insecure-Requests
Ec-Rule-Version
Meta-Geo
X-Cache-Server
X-PCL
Section-Io-Cache
X-Redis-Cache
X-UPSTREAM-Address
X-Content-Age
Cache-Tv-Group
Apigw-Requestid
X-Generation-Time
X-Ua
X-No-Session
X-FB-TRIP-ID
X-Detected-As
X-Cluster-Node
X-Cache-Enabled
X-Say-TTL
S-Rt
X-Say-Cacheable
X-Request-Time
X-PHP-Backend
X-Server-W
X-Site-Version
X-UA-Device-Type
X-Mode
X-Storage
X-Sql-Duration-Ms
X-Sql-Count
X-Origin-Date
X-Human
X-Be
Azure-Version
X-AOL-HN
Fastly-SSL
X-Akamai-Edgescape
Azure-SlotName
Azure-SiteName
X-Hosted-By
X-Generated-By
Azure-InstanceId
Azure-RegionName
X-Uri
X-SayCDN-TTL
X-Web-Node
X-TT-LOGID
X-Format
X-Varnish-Cache-Hits
X-Section
X-Access
X-Via-Fastly
X-Unique-Id
Webcakes-App-Version
X-Content-Powered-By
X-Cache-Type
X-PERF
CDN-Cache
Webcakes-Region
CDN-CachedAt
X-ApacheServer
X-Debug-Cache
X-Origin-Hint
CDN-RequestId
X-Region
Eomportal-Instance
Locale
Webserver
X-BYPASS-REASON
X-Cache-Host
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
X-Cache-Tags
CDN-EdgeStorageId
Webcakes-App-Name
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Property-Id
Mn-Server-Ip
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Webkit-CSP
X-ProxyCache-Status
TWC-Connection-Speed
X-ProxyCache-Key
X-Platform-Server
TWC-Privacy
TWC-Locale-Group
X-Nginx-Cache-Key
X-Backend-Name
X-Zipkin-Id
X-Tid
X-Alternate-Cache-Key
X-Varnishpool
X-Xfnlog-Site
X-Sorting-Hat-ShopId
X-Hl-Ver
X-Shopify-Stage
X-Extlb
X-SaId
X-Routing-Service
X-Proxied
X-JoinUs
X-Forwarded-Host
X-ShopId
X-ShardId
X-ServerID
X-Sorting-Hat-PodId
X-Status
X-APP-VERSION
X-Adobe-Source
X-Accel-Buffering
X-Cache-Operation
X-Handled-By
X-Timing-Wait
ServedBy
Selected-Fe
X-Proxy-Build
X-Cache-Remote
X-Ratelimit-Limit
X-GG-Cache-Date
X-Labrador-Cache-Channel
X-PHP-Host
X-Locale
X-NewRelic-App-Data
X-Rewrite-Enabled
X-Dc
X-LSADC-Cache
SID
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-VC-Cache
X-Pubstack
X-Soup
Xserver
X-Cached-By
X-Buckets
Mime-Version
Fastly-Drupal-Html
SRV
Country-Code
X-Proto
X-CDN-Forward
X-GEO
Decoy-Debug-TTL
X-Request-Host
Decoy-Debug-Key
Decoy-Debug-Status
X-Storefront-Renderer-Rendered
X-Edge-Location
Web-Mar-Node
X-Reqid
LB
X-App-Version
X-Microcachable
Onion-Location
X-TA-CDN-Provider
X-Cms-Context
X-Origin-TTL
X-Varnish-Hostname
X-Origin-CC
Server-Info
X-Ms-Version
X-Ms-Request-Id
Cache-Hits
Xet-Cookie
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Load-Balancing
X-B3-SpanId
X-Cluster
X-GeoCountry
X-GeoCode
X-CSRF-Token
X-SRV
X-NCache
X-Bc-Bl
DynaTrace
X-Varnish-Hits
X-Air-Source
X-Air-Trace-Id
X-Midtier
X-Air-Hostname
X-Varnish-Beresp-Grace
X-Amzn-RequestId
X-R9-Blue-Green-Version
Cache-Name
X-Amz-Apigw-Id
X-Endurance-Cache-Level
X-Azure-Ref
X-Origin-Response-Time
T-Server
X-NAPM-TraceId
X-Developer
X-Gzip
X-Magnolia-Registration
Mobile-Detection-Method
X-From
Meta-Geo-Continent
X-Forwarded-Path
X-Geo-Header
Pramga
X-Hash
X-Ftr-Request-Id
X-Processor
Host-ID
X-Men
Rendered-Blocks
Sslversion
Lang
X-PBS-Appsvrname
X-Orig-Expires
NM-Fastcgi-Cache
Surrogated-Key
X-Envoy-Decorator-Operation
Odigeo-Trace-Id
X-PAYTM-SRV-ID
X-AK-Request-ID
X-Cdn-Srv
X-User
X-Cache-NE
X-ScT
X-SD-PageType
X-TrackingId
X-CF-Lambda-Fn
Expiry
X-Cache-Id
Cdnsip
A
X-S
X-Cache-Bucket
X-Ec-Fail
X-S-Cookie
X-CF-Lambda-Version
X-TIM-N
X-D
DB-Nickname
DCR-Decision-By
DCR-Processing-Time-Ms
X-Destination
X-LAGOON
Cmstype
X-Shop-Environment
X-Conf
X-Tenant
X-Connection-Hash
X-SRCache-Key
Cmsid
X-Session-Fingerprint
X-Vdms-Path
Cdncip
X-A-Wwc
X-A-Dgt
X-Aed
X-Rojux
X-Vdms-Version
X-A-Dcw
X-A-Dam
X-Ig-Push-State
X-HS-Content-Campaign-Id
BehaviorPad-Version
X-A
X-A-Ccd
X-NodeID
Xc-Version
X-Esi-Check
X-Application
X-Vtex-Processado-Em
X-ARC
X-Vtex-Remote-Cache
X-Webstats-RespID
X-Epic-Correlation-Id
X-External-Request-Id
Fastcgi-X-Cache-Version
X-Ec-GeoHdr
X-VG-WebCache
X-B-Cookie
X-RCS-CacheZone
Environment
X-Hnp-Log
Is-Eu
X-Is-Gdpr
Fastly-GeoIP-CountryCode
X-Irp-Debug
X-Has-Esi
We-Hiring
X-Cache-Backend
X-Cache-Info
X-Block-Status
X-Amzn-Remapped-Content-Length
X-Fetched-On
X-Fastly-Cache
X-Ckpd-Fst-Backend
X-Clara-WADP
X-DefElseHash
X-DefHash
X-Device-Os
X-DPWN-IS-SECURE
X-Core-Mission
X-Core-Value
Web-Mar-Region
X-JWT-State
Platform
Producers
X-Gen-Mode
X-GeoIP
Mail-Subject
Memcached
X-Gdpr
Server-Host
V-Age
Vix-Hermes-Req-Id
User-Cache-Control
X-Fmm-Version
State
Svr
Machine
X-Origin-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Scheme
X-TNCMS
X-Worker
X-Old-Content-Length
X-Origin-Expires
X-Sigma-Backend
X-Wix-Viewer-Type
X-V-Cache
X-Varnish-Remaining-TTL
X-WADP-Cache
X-VG-TLSProxy
X-Viewer-Country
X-Tx-Id
X-Varnish-CookieINHashed-On
X-SB
X-Variation
X-Varnish-CookieHashed-On
X-Nyt-Route
X-Origin
AKAMAI
X-Sigma
X-Node-Id
X-Slack-Backend
X-Location
X-Rocket-Build-Number
Adler-Geo
X-Loop
X-SVT-ORM-RULES
X-Mvc-Supplant-Cachable
X-Server-IP
X-SVT-ORM-VERSION
CDN
Source
X-Via-NSCOPI
Wxu-Next-Hostname
Wxu-Next-Commit
Apple-News-Services-Request-Url
X-RSL
Apple-News-Services-Handled
X-Auto-Login
X-Aicache-OS
X-RPM
X-Rocket-Nginx-Serving-Static
X-RPS
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Served-From
X-Datadog-Parent-Id
X-Skip-Cache
X-DI
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
HostName
X-DB
X-Sn-Servicetimems
X-Thinkindot-L3
X-DW
X-Branch-Name
X-BBC-Edge-Cache-Status
X-Cache-Date
X-Cdn-Origin
X-DSS
Wxu-Next-Region
X-VServer
Traceparent
Origin-EX
X-Generated-On
Origin-CC
Origin
N-Cache
X-Platform
X-Policy
X-Time
Redirect-Candidate
X-Proxy-Cache-Info
X-Pool
X-GeoIP-City
X-Minions-Version
X-Loc
Fastly-SIE
Fastcgi-Cache-TTL
X-Level-Front-Cache
CloudFront-Viewer-Country
Fastly-SWR
Cache
Kp-EeAlive
Gh-Request-Id
X-Httpd
Arc-Country
Req-Svc-Chain
Release
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Proxy-Upstream
X-Forwarded-Site
Cluster
X-Developers
X-Ec-Custom-Error
X-Response-By
X-Request-URI
X-Region-Sid
TDXMobile
Ssr
X-Gamma-Serve
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Qloud-Router
X-Tec-Api-Version
X-Tec-Api-Root
X-TraceId
X-Tec-Api-Origin
X-VarnishDD-TTL
X-Optimistic-Header
X-HN
X-Eu-Site
X-Pod-Name
MD5-Digest
Locid
X-Accel-Expires-Debug
HA-Ipaddr
L
L5d-Success-Class
NGX
Ha-Gx-Prefs
DSUID
X-EC-Lua
X-Date
CDCHOST
PFcat
X-TIME
X-CGP
X-Csrf-Jwt
X-ZONE
X-Parent-Response-Time
AMP-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Cache-Control
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Akamai-Transformed
X-NC
X-Owner
X-CS
X-VC
X-Srv
X-WP-CF-Super-Cache
X-Dispatcher-Number
X-CacheTTL
X-Via-Ucdn
Server-Hostname
Sever-Int
X-Ah-Environment
Env
X-SIPLIST1
Server-Ext
X-Refresh
X-Scale
GEO-INFO
X-Tb-Optimization-Total-Bytes-Saved
IsBot
Pics-Label
Ms-Author-Via
X-Newrelic-Synthetics
X-Udemy-Cache-App-Namespace
X-Mvc-Supplant-OutputCached
Servername
X-Cache-Debug
X-API-Version
Time
X-LB-NoCache
Memory
X-Edge-Pop
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Source
X-Generated-In
X-CACHE-KEY
Ohc-File-Size
Geo-Info
CacheControlHeader
X-Varnish-Ttl
X-Xrds-Location
X-Tt-Logid
X-BCube-Filmed-By
X-TH-Server
X-Ad-Defer-Variation
Candidate-Md5Url
Cache-Key
Datacenter
X-Action
X-Wikidot-Static-Cache
X-Via-Popn
X-IPLB-Request-ID
X-Via-Popv
X-Wikidot-Backend
X-Amz-Meta-Cb-Modifiedtime
X-Via-Poph
GeoIp-Country-Code
True-Client-Country-4JS
VNS-Age
X-SplitTest
X-S-Maxage
CPC-Cache
XM
CPC-Age
X-HA-Backend
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Servedbyhost
VNS-Cache
X-Backend-TTL
X-RateLimit-Reset
X-Varnish-Authentication
FSS-Cache
Fastly-Backend-Name
X-WA-Info
Geoip-Latitude
X-Presslabs-Stats
ITXSESSIONID
Client
X-Dynatrace
Path
Edge-Cache
X-Provided-By
X-VCL-Version
X-Vc
X-Varnish-Beresp-TTL
X-Req
X-Micro-Cache
X-VHOST
X-Cache-Status-Check
X-AIR-PT
My-App
Server-ID
X-DC
X-Trace-ID
X-Cs
X-Zone
Cache-Host
Lb
Hostname
X-Pass-Why
X-Origin-Upstream-Status
Ohc-Cache-HIT
True-Client-IP
X-TX-ID
X-Up
Ngx.Var.Host
DataCenter
X-Webkit-Csp-Report-Only
NtCoent-Length
X-Fpc
X-FireWall-Port
X-LB-ID
X-FPC
XkeyRZ
X-Proxy-CacheRZ
X-Clientip
X-Api-Version
X-Li-Fabric
Test
X-Traceid
Powered-By
X-Varnish-Beresp-Ttl
OT-Force-Account-Verify
X-LI-UUID
X-Li-Pop
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-B3-Spanid
X-UnsetCookies
X-CSRF-TOKEN
X-Cdn-Request-ID
X-ND-Cache
X-Correlation-ID
X-CUA
X-Beluga-Trace
X-Beluga-Status
X-Webkit-CSP-Report-Only
X-Time-Microsecs
Server-Id
User-Agent
X-Beluga-Cache-Status
X-Vcl-Version
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Node
Target-Params
X-MSEdge-Flight
X-Dmc
Proxy-Connection
Tracecode
X-MSEdge-Features
WZWS-RAY
X-Fragments
X-RAMCache
Cf-Device-Type
X-CLOUD-TRACE-CONTEXT
X-Azure-Ref-OriginShield
X-FC-Vary-Parameters
X-ATG-Version
X-URL
X-Sucuri-Cache
X-Sucuri-ID
Lfy
Uri
X-ServedByHost
X-Ha-Backend
X-Via-PopH
X-INCAP-ABP
X-Render-Time
X-Platform-Router
X-Platform-Processor
X-Var-Ttl
X-Fastly-Backend
X-Via-PopN
X-Via-PopV
X-HS-Status
Resin-Trace
X-Platform-Cluster
X-Geo
GeoIP-Country-Code
GeoIP-Latitude
Sid
Rip
C-Via
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-PX
MIME-Version
Click-Count-Error
Click-Count-Action-Start
Srvid
Tube-Get-Contents
X-NU-AKA-ACS-Version
X-LI-Proto
X-Li-Proto
X-Proxy-Cache-Hk
X-M-Log
X-Varnish-Beresp-Status
X-Qnm-Cache
Tube-Got-Eval
X-Cdn-Forward
Tube-Got-Results
X-Service
X-Gateway-Skip-Cache
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-DynaTrace-JS-Agent
X-Hcs-Proxy-Type
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Alfa-Service
Tube-Return
X-Gateway-Cache-Key
X-Fetch-By
Epwk-X-Cache
X-M-Reqid
X-TRACE-ID
Fastly-Drupal-HTML
Magicmarker
X-Backend-State
ENV
Esi-Enabled
HIT
X-Fastly-Backend-Reqs
X-Backend-Host
Cdn
Srv
X-Esi
X-Cache-Expires
On-Server
X-Request-Start
Section-Origin-Responded
X-Edge-POP
ServerName
X-B3-Traceid-Primal
X-Lb-Nocache
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Vcache
XServer
X-Cache-CFC
X-LiteSpeed-Cache-Control
X-MG-S
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Server-Ttl
X-Thanos
X-ElasticPress-Query
X-Yottaa-OS
Tcn
PICS-Label
X-APP
X-Newrelic-App-Data
X-App
CF-Cached-On
X-Bip
X-Acquia-Purge-Tags
X-Acquia-Site
X-Nc
D-Url-Rewrites
Wpo-Cache-Message
Inserted-Into-Cache-At
Wpo-Cache-Status
X-Serial
X-Iplb-Request-Id
X-BBC-Origin-Response-Status
X-Acquia-Application-UUID
Cf-Ipcountry
X-Acquia-Application-Trace
X-Iplb-Instance
Servedby
X-HostName
Warning
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
Ngx
X-Release
X-Wp-Cf-Super-Cache-Cache-Control
Cneonction
X-Dist-Code
M-TraceId
X-Akamai-ERPolicy
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Akamai-ERRuleID
X-Litespeed-Cache-Control
Fastcgi-Cache-Ttl
X-Akamai-Request-ID
Content-Script-Type
X-LiteSpeed-Tag
X-Storefront-Renderer-Verified
X-Shopify-Generated-Cart-Token
X-Th-Server
X-Back
X-Swift-Error
X-CF-Powered-By
X-Dw-Trace-Id
Content-Style-Type
X-B3-Parentspanid
X-Request-URL
CountryCode
X-Cache-Config
X-Request-Url
X-Snapshot-Date