Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Content-Location
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-PC
X-TtlSet
Allow
X-Varnish-TTL
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-ESI
X-FastCGI-Cache
X-Server-Name
Fastly-Restarts
Cache-Tag
X-VARITI-CCR
Service-Worker-Allowed
X-Rack-Cache
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
X-Amz-Rid
X-Vcap-Request-Id
X-Aws-Lambda-Call-Status
Public-Key-Pins
X-Cached
MS-Author-Via
X-Dw-Request-Base-Id
X-Client-IP
X-Abt-Application-Version
X-D2id
X-Cnection
X-Origin-Cache
X-Px
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Country-Code
Accept-Ch
RTSS
Access-Control-Request-Method
X-Powered-By-Plesk
X-Goog-Hash
X-NF-Request-ID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Navigation-Version
X-Kraken-Loop-Name
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Powered-CMS
X-Version
X-Language
AR-Request-ID
AR-SID
AR-ATIME
AR-CACHE
AR-PoweredBy
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Amz-Server-Side-Encryption
Response
X-Middleton-Response
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-LLID
X-MSEdge-Ref
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
X-RateLimit-Remaining
X-Template
Nginx-Cache
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Protected-By
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
TCN
X-Shield-Request-Id
X-TTL
X-T
X-Forwarded-For
S
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
Content-MD5
X-Mid
Realpath
Edge-Cache-Tag
Fastcgi-Cache
SPRequestDuration
SPIisLatency
Front-End-Https
X-MCACHE
X-Ttl
X-CST
X-Request-Processing-Time
X-Request-Received
Pinterest-Version
X-Recruiting
Pinterest-Generated-By
X-Pinterest-Rid
Filters
Server-Node
X-DynaTrace
X-Ua-Browser
X-Ab
X-Content
Server-Name
X-Frontend
X-Correlation-Id
X-ECACHE
X-SharePointHealthScore
X-NWS-LOG-UUID
SPRequestGuid
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-HS-Cache-Config
X-Parallel-Accel
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Deployment-Id
Fusion-Source
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-HS-Combine-CSS
X-Hits
X-Cache-Key
Alternate-Protocol
X-Ser
X-Content-Options
X-Buckets
X-Tt-Trace-Tag
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
Cache-Tags
X-Page-Id
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Charset
Cleartype
X-B3-Sampled
X-Git-Hash
Host
X-Litespeed-Cache
X-Www-Served-By
X-Geo-Country
X-Daa-Tunnel
X-Accel-Expires
X-DIS-Request-ID
Filterid
X-Amzn-Trace-Id
X-Debug-Info
X-Amz-Replication-Status
X-Content-Digest
X-Varnish-Age
X-Fastly-Request-Id
X-Forwarded-Proto
X-Hostname
TP-Cache
TP-L2-Cache
X-VCache
X-FB-Debug
X-Upgrade-Enabled
X-Activity-Id
X-Rid
X-N
X-Az
X-AppVersion
Access-Control-Allow-Method
Cross-Origin-Opener-Policy
X-Origin-Server
X-Grace
X-Nginx-Upstream-Cache-Status
X-LB-Cache
X-F-Cache
ServerID
X-Mobile-URL
X-Request-Guid
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Route-Name
X-XRDS-LOCATION
X-Server-ID
X-Whom
X-TT
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-App-Environment
X-Tb
Viewport
X-Varnish-Grace
Node
X-FW-Hash
X-FW-Type
X-Type
X-FW-Static
X-FW-Serve
Payment
X-FW-Dynamic
X-Seen-By
X-FW-Server
X-WebKit-CSP-Report-Only
Paypal-Debug-Id
DC
X-Origin-Upstream-Status
X-App-Server
X-Distributor
X-Ratelimit-Limit
X-NGENIX-Cache
X-User-Agent
Fastcgi-Useragent
Country
X-Cache-Control
Accept-Charset
X-Wix-Request-Id
X-Cache-Rule
X-Request-Handler-Origin-Region
X-Microsite
X-Logged-In
X-Webkit-CSP
Version
X-Fastly-Request-ID
X-Cache-Age
X-DataDome
X-Webkit-Csp
X-Via-JSL
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Drupal-Cache-Tags
X-Erf-Bev-Bev-Is-Generated
Referer-Policy
Amp-Access-Control-Allow-Source-Origin
X-Browser-Type
X-Erf-Bev-Bev
X-Cluster-Name
X-Varnish-Backend
Refresh
Cache-Status
X-B-Cache
X-Signature
X-Node-Name
X-Load-Cache
X-Contextid
Access-Control-Request-Headers
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-Is-Bot
X-Page-View
X-Mobile
X-Jobs
X-Vgn-Hpd-Reason
X-Cache-Expired-At
X-Cacheable-TTL
X-Proxy-Cache-Status
X-Real-IP
X-Rendered-As
X-Cache-Action
VIX-Pulpo-Node
X-Fastcgi-Cache
NGB
X-IPLB-Instance
X-Instance
X-Revision
VIX-Pulpo-Upstream-Status
X-Debug
X-B
X-Device-Type
X-Yottaa-Metrics
X-RemovedCookies
X-Yottaa-Optimizations
X-ProcessESI
X-UUID
X-Proxy
X-Cache-Time
Akamai-GRN
X-G
X-Drupal-Cache-Contexts
X-Tec-Api-Version
X-Tec-Api-Origin
Surrogate-Key
X-Framework
X-Tec-Api-Root
X-TEC-API-ROOT
X-Rule
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Air-Hostname
X-Debug-IsConnected
X-Air-Source
X-Debug-IsPreview
X-Air-Trace-Id
X-FW-Version
CF-IPCountry
SID
DynaTrace
X-Presslabs-Stats
Liferay-Portal
X-Azure-Ref
X-CDN-Forward
GEO-INFO
X-Oneagent-Js-Injection
X-Nginx-Cache
Healthy
Frame-Options
X-Ratelimit-Reset
X-Source
X-PressLabs-Stats
X-Ms-Request-Id
X-Ms-Version
Count-Hit
X-Cache-Operation
X-Accel-Buffering
Ms-Operation-Id
X-XRDS-Location
MS-CV
X-RTag
X-EdgeConnect-Cache-Status
Uber-Trace-Id
X-APP-VERSION
X-RateLimit-Limit
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Countrycode
Xserver
X-L-Path
X-Environment-Context
X-Cache-Hit
X-Zen-Fury
X-Varnish-Server
X-Backend-Name
Ec-Rule-Version
X-Mode
X-Cache-NGX
Cross-Origin-Window-Policy
X-Region
X-Forwarded-Host
X-IPS-LoggedIn
X-Servername
Backend
X-Content-Powered-By
X-Rewrite-Enabled
X-RN-RSRV
X-Cache-Type
X-Detected-As
X-SaId
X-JoinUs
X-Cache-TTL-Remaining
X-UPSTREAM-Address
Protected
Meta-Geo
X-Extlb
X-Hosted-By
Section-Io-Cache
X-Generation-Time
X-Debug-Cache
X-Cache-Server
X-Tid
Apigw-Requestid
X-Alternate-Cache-Key
X-Redis-Cache
X-Sorting-Hat-ShopId
X-Zipkin-Id
X-Routing-Service
X-Sql-Duration-Ms
X-Varnish-Beresp-Grace
X-Uri
X-Sql-Count
X-Human
Eomportal-Instance
X-Cache-Grace
X-NewRelic-App-Data
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
Country-Code
X-Proxied
Decoy-Debug-Key
Cache-Tv-Group
Url
X-Soup
X-ServerID
X-Site-Version
X-ApacheServer
X-BYPASS-REASON
Decoy-Debug-Status
X-Storage
Mn-Server-Ip
X-Status
X-ProxyCache-Key
X-Origin-Date
X-NYM-Debug-Backend
X-Microcachable
X-NCache
X-No-Session
X-ProxyCache-Status
X-PERF
Decoy-Debug-TTL
X-UA-Device-Type
X-FB-TRIP-ID
X-Format
Cache-Name
Fastly-SSL
X-Via-Fastly
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
Selected-Fe
TWC-Connection-Speed
Property-Id
X-PHP-Backend
X-Say-Cacheable
X-Web-Node
X-Proxy-Build
X-Timing-Wait
X-Say-TTL
X-Server-W
X-Section
X-SayCDN-TTL
X-Origin-Hint
X-Cluster-Node
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
Webcakes-Region
X-Adobe-Content
X-Cache-Host
X-Akamai-Edgescape
X-Adobe-Loc
TWC-Locale-Group
X-Access
X-Content-Age
SRV
DB-Nickname
X-OCL
X-Pubstack
X-PCL
Azure-InstanceId
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-SlotName
X-R9-Blue-Green-Version
X-Varnishpool
X-Hyper-Cache
X-Hl-Ver
OT-Force-Account-Verify
Content-Secure-Policy
X-Be
CDN-PullZone
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
X-LSADC-Cache
LB
X-Generated-By
X-Azure-Ref-OriginShield
Content-Disposition
WPO-Cache-Message
X-Cached-By
X-Ua
WPO-Cache-Status
Source
Cache
X-Unique-Id
X-SRV
X-TIME
X-Nginx-Cache-Key
X-App-Version
X-TT-LOGID
X-LAGOON
X-Bc-Bl
X-Trace-Id
X-Dc
Cache-Hits
X-Auto-Login
X-Origin-CC
X-HTML-Minification-Powered-By
X-Origin-TTL
Xet-Cookie
X-GEO
X-Loop
Mime-Version
X-TNCMS
X-Time
X-Akamai-Transformed
X-Varnish-Hits
X-Cdn
X-Platform-Server
Retry-After
X-Amz-Meta-S3cmd-Attrs
X-Ratelimit-Remaining
X-Varnish-Hostname
HostName
X-S-Maxage
X-Xfnlog-Site
Onion-Location
X-Cache-Var-Map
Web-Mar-Node
X-Cache-Var
X-Tumblr-Pixel-2
X-CSRF-Token
X-Tumblr-Pixel-3
X-Cache-Remote
X-Cache-Tags
X-Proto
Upgrade-Insecure-Requests
Webserver
X-Edge-Location
X-Varnish-Cache-Hits
ServedBy
X-Request-Time
X-Time-Microsecs
X-Tenant
X-LJ-Flow-ID
X-VWS-Id
X-Xrds-Location
N-Cache
X-AOL-HN
X-ECache
X-EC-Lua
X-AWS-Id
X-Endurance-Cache-Level
X-GG-Cache-Date
CloudFront-Viewer-Country
WP-Super-Cache
X-Request-Host
X-FireWall-Port
X-Correlation-ID
From-Origin
X-B3-SpanId
Nel
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Origin-Response-Time
X-PHP-Host
Ms-Author-Via
X-Labrador-Cache-Channel
X-Via-NSCOPI
X-Orig-Expires
BehaviorPad-Version
A
X-Ftr-Request-Id
X-NAPM-TraceId
X-Hnp-Log
X-ND-Cache
X-Gen-Mode
X-Ig-Push-State
Mobile-Detection-Method
Sslversion
Surrogated-Key
X-Block-Status
X-B-Cookie
X-Cache-Date
Rendered-Blocks
X-Cache-NE
Pramga
Redirect-Candidate
User-Cache-Control
V-Age
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A
X-ARC
X-Application
X-Aed
X-CF-Lambda-Fn
Origin
Expiry
Fastcgi-X-Cache-Version
X-Developer
DSUID
DCR-Processing-Time-Ms
CDCHOST
X-External-Request-Id
DCR-Decision-By
X-Destination
L
X-Ckpd-Fst-Backend
Odigeo-Trace-Id
X-CF-Lambda-Version
X-Cluster
Meta-Geo-Continent
X-D
X-Connection-Hash
X-Conf
X-Forwarded-Path
X-PAYTM-SRV-ID
X-Session-Fingerprint
X-Slack-Backend
X-SRCache-Key
X-SVT-ORM-RULES
X-SD-PageType
X-ScT
X-Rojux
X-S
X-S-Cookie
X-SVT-ORM-VERSION
X-Mg-Request-UUID
X-Vdms-Version
Xc-Version
X-VG-WebCache
X-Vdms-Path
X-V-Cache
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-TIM-N
X-Processor
X-Shop-Environment
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-A-Wwc
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-Amzn-RequestId
X-Handled-By
X-Amz-Apigw-Id
X-RCS-CacheZone
X-MP-GENERATED-AT
Gh-Request-Id
X-Date
Ha-Gx-Prefs
HA-Ipaddr
X-Cache-Bucket
X-Epic-Correlation-Id
X-Envoy-Decorator-Operation
X-NodeID
Traceparent
X-UnsetCookies
X-Backend-State
True-Client-Country-4JS
Fastcgi-Cache-TTL
X-Device-Os
L5d-Success-Class
Origin-CC
X-Aicache-OS
Svr
Origin-EX
X-Old-Content-Length
X-Origin-Expires
X-Cdn-Srv
X-CGP
X-Request-URI
X-Server-IP
X-Skip-Cache
Release
X-Csrf-Jwt
X-Core-Mission
X-Cache-Info
X-Storefront-Renderer-Rendered
X-Policy
X-Eu-Site
Vix-Hermes-Req-Id
X-RateLimit-Remaining-Second
X-Cache-Enabled
X-Hash
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-RateLimit-Limit-Second
X-VServer
X-LI-UUID
X-Webstats-RespID
X-Men
X-Li-Pop
X-Li-Fabric
X-Proxy-Upstream
X-Mvc-Supplant-Cachable
X-Served-From
X-Accel-Expires-Debug
X-Fastly-Cache
X-Scheme
X-Fetched-On
X-Varnish-Beresp-Status
Cmsid
X-Locale
State
Cmstype
AKAMAI
CacheControlHeader
X-Owner
Arc-Country
Ssr
X-Forwarded-Site
X-Rocket-Nginx-Serving-Static
X-Geo-Header
Fastly-Drupal-Html
Server-Info
X-Zone
Environment
X-ATG-Version
X-VarnishDD-TTL
X-Adobe-Source
X-VG-TLSProxy
X-Origin-Time
X-BBC-Edge-Cache-Status
X-TrackingId
X-Bip
X-Branch-Name
X-Datadog-Sampling-Priority
X-GeoIP-City
X-Rocket-Build-Number
X-GeoIP
X-Gdpr
X-Viewer-Country
X-Platform
X-Request-Start
X-Gzip
X-Irp-Debug
X-Location
X-Region-Sid
X-Req
X-HN
X-Fastly-Backend
X-Node-Id
X-Sucuri-Cache
X-Sn-Servicetimems
X-Sucuri-ID
X-Cdn-Origin
X-Thanos
X-TH-Server
X-Nyt-Route
X-Datadog-Parent-Id
X-Developers
X-Esi-Check
X-Sigma
X-Sigma-Backend
X-Datadog-Trace-Id
X-Cache-Debug
X-Cache-Id
X-Magnolia-Registration
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
PFcat
Apple-News-Services-Host
Apple-News-Services-Handled
Req-Svc-Chain
X-NWS-UUID-VERIFY
Fastly-GeoIP-CountryCode
Host-ID
Mail-Subject
Machine
Locid
Web-Mar-Region
We-Hiring
X-DefElseHash
X-Generated-On
X-Gamma-Serve
Fastly-SIE
Fastly-SWR
Adler-Geo
X-DPWN-IS-SECURE
X-FC-Vary-Parameters
Cf-Device-Type
X-DefHash
X-Is-Gdpr
X-VC-Cache
X-Response-By
X-Reqid
X-Rebelmouse-Surrogate-Control
X-Variation
X-Varnish-CookieHashed-On
X-Backend-TTL
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-JWT-State
Is-Eu
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-Loc
X-Pod-Name
X-Origin
X-NU-AKA-ACS-Version
X-Has-Esi
X-Thinkindot-L3
Server-Host
X-Cache-Config
Thinkindot-Control
Platform
X-Core-Value
NGX
NM-Fastcgi-Cache
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Trace-ID
AMP-Access-Control-Allow-Source-Origin
X-Tx-Id
X-Varnish-Beresp-Ttl
X-Ua-Device
X-Mvc-Supplant-OutputCached
X-CACHE-KEY
X-Amzn-Remapped-Content-Length
X-CLOUD-TRACE-CONTEXT
X-CS
X-Worker
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Memcached
Datacenter
X-NC
Pics-Label
X-Generated-In
X-Up
X-LB-ID
Candidate-Md5Url
X-Datadome
Magicmarker
X-API-Version
S-Rt
X-LB-NoCache
X-Restarts
CDN
Kp-EeAlive
X-DynaTrace-JS-Agent
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
Env
X-Varnish-Ttl
NtCoent-Length
X-Vc
X-DC
X-Via-Poph
On-Server
WWW-Authenticate
WebServer
X-Via-Popv
X-Via-Popn
X-Akamai-Request-ID2
X-Http-Reason
X-Tt-Logid
X-RSL
Esi-Enabled
X-RPS
X-Optimistic-Header
X-RPM
Memory
Edge-Cache
X-Cache-Ttl
X-TA-CDN-Provider
X-Wix-Viewer-Type
X-Cache-Backend
X-DW
Time
X-DSS
X-Action
X-Edge-Pop
X-DB
X-DI
X-CacheTTL
X-Refresh
GeoIp-Country-Code
X-Minions-Version
X-Esi
X-Parent-Response-Time
X-Service
C-Via
X-Servedbyhost
X-Srv
Accept-Language
X-HA-Backend
X-Unique-ID
X-Cache-PHP
X-MSEdge-Flight
X-Varnish-Beresp-TTL
Server-ID
X-MSEdge-Features
X-Webkit-Csp-Report-Only
X-Newrelic-Synthetics
X-Cs
X-TX-ID
X-ZONE
Locale
X-VCL-Version
X-Cache-Status-Check
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Render-Time
X-Dynatrace
X-User
X-Ec-GeoHdr
X-Ec-Fail
X-Traceid
X-App
X-LI-Proto
X-Fpc
X-URL
X-Li-Proto
Test
X-LiteSpeed-Cache-Control
X-Pass-Why
Proxy-Connection
X-FPC
X-B3-Spanid
X-Info
X-AIR-PT
X-Webkit-CSP-Report-Only
X-NODE
Cdnsip
Cdncip
Tcn
X-Vcl-Version
X-AK-Request-ID
Geo-Info
X-Clientip
Server-Id
X-Oss-Storage-Class
Cache-Host
My-App
HIT
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
UCS
X-Clara-WADP
X-WADP-Cache
M-TraceId
Cluster
X-Fmm-Version
X-LiteSpeed-Tag
S-Cnection
Tracecode
X-CUA
Cf-Int-Pingora-Origin-Digest
Geoip-Latitude
X-HostName
Resin-Trace
X-Var-Ttl
Fastly-Drupal-HTML
X-CSRF-TOKEN
X-From
T-Server
X-ID
GeoIP-Country-Code
Lfy
X-Ha-Backend
Hostname
X-Dynatrace-Js-Agent
X-Mcache
X-Pad
X-Fragments
User-Agent
X-RAMCache
X-Micro-Cache
Lang
X-ServedByHost
X-Edge-POP
Hit
Ohc-File-Size
Fastly-Backend-Name
X-Geo
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Target-Params
X-ElasticPress-Query
ENV
MIME-Version
X-Via-PopN
X-Backend-Host
X-Release
X-BBC-Origin-Response-Status
X-Via-PopV
X-Via-PopH
X-RateLimit-Reset
X-Edge-Cache
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-BCube-Filmed-By
Section-Io-Origin-Status
Load-Balancing
X-NGINX-Cache
X-Check-Cacheable
X-APP
X-Cdn-Forward
Section-Origin-Responded
DataCenter
X-Api-Version
Lb
X-VC
EpKe-Alive
X-Fastly-Backend-Reqs
X-Ucs
URI
X-ServerName
Servername
X-HS-Status
CPC-Age
X-GoCache-CacheStatus
Uri
CPC-Cache
X-Proxy-Cache-Info
Cache-Key
PICS-Label
VNS-Age
X-UP
Path
X-Httpd
Permissions-Policy
FSS-Cache
VNS-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Lb-Nocache
X-WA
X-WA-Info
X-TRACE-ID
Cdn
X-Provided-By
Ohc-Cache-HIT
Server-Ttl
Cteonnt-Length
Producers
ServerName
Cneonction
X-Lb-Id
WZWS-RAY
X-Nc
X-Cdn-Request-ID
X-ES-SERVER
X-Wikidot-Backend
X-B3-ParentSpanId
X-Fastly-Cache-Hits
X-Wikidot-Static-Cache
X-Dw-Trace-Id
X-Acquia-Site
X-Acquia-Application-Trace
X-Cms-Context
X-PJAX-URL
Shield-Pop
X-Acquia-Purge-Tags
X-Akamai-ERRuleID
X-Snapshot-Date
X-Cache-CFC
X-Pool
CF-Cached-On
X-Cache-ASPX
X-Akamai-ERPolicy
X-UA
Vha6-Origin
X-Acquia-Application-UUID
X-Newrelic-App-Data
Pagetype
X-Apw-Access-Action
X-Swift-Error
X-Vcache
X-Contensis-Viewer-Groups
X-Apw-Access-Object
Cf-Ipcountry
X-Apw-Access-Token
X-Apw-Hits
X-Yottaa-OS
Sid
X-Air-Pt
X-Cache-Ngx
X-SB
X-Akamai-Pragma-Client-IP
X-CCDN-Origin-Time
GeoIP-Latitude
X-Platform-Router
X-Logging-Id
X-Platform-Processor
X-Akamai-Request-ID
X-Platform-Cluster
X-Varnish-Authentication
X-Udemy-Cache-App-Namespace
X-Miniprofiler-Ids
X-Sentry-ID
X-Hcs-Proxy-Type
CountryCode
X-CacheKey
Ngx
MD5-Digest
X-Http-Count
X-Http-Duration-Ms
X-Via-Ucdn
X-CCDN-CacheTTL
Req-ID
X-Te-Duration-Ms
X-Te-Count
X-Last-Modified