Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
P3p
X-Request-ID
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Report-To
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Backend
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
NEL
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
Accept-CH
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
Allow
X-Ac
X-Content-Type
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
Edge-Control
X-Varnish-TTL
X-Mod-Pagespeed
X-Aws-Lambda-Call-Status
X-Server-Name
X-ESI
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
MS-Author-Via
X-Upstream
X-FastCGI-Cache
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-GitHub-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-Px
RTSS
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Aspnetmvc-Version
X-Navigation-Version
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-Goog-Hash
X-NF-Request-ID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Powered-CMS
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
AR-CACHE
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Version
X-Origin-Cache
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
X-TTL
TCN
X-Edge
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Protected-By
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-RateLimit-Remaining
X-T
X-CST
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Forwarded-For
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Content-MD5
S
Edge-Cache-Tag
Accept-Ch
SPIisLatency
SPRequestDuration
X-Language
X-Ruxit-Js-Agent
Fastcgi-Cache
Front-End-Https
X-Mid
Realpath
X-Request-Processing-Time
X-Request-Received
Server-Node
X-Recruiting
X-Ttl
Filters
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-DynaTrace
X-Frontend
X-MCACHE
X-Content
Server-Name
X-Ua-Browser
X-Ab
X-Cache-Key
X-NWS-LOG-UUID
X-Ser
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Correlation-Id
X-Ezoic-Cdn
X-Template
X-SharePointHealthScore
SPRequestGuid
X-Hits
X-Parallel-Accel
X-ECACHE
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
X-Tt-Trace-Tag
Cache-Tags
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Charset
X-Page-Id
Alternate-Protocol
X-B3-Sampled
Cleartype
Host
X-Www-Served-By
X-Git-Hash
Fusion-Template-Id
Fusion-Source
Nel
Fusion-Deployment-Id
Fusion-Content-Source
X-Geo-Country
Fusion-Content-Id
X-Content-Options
Fusion-Component-Id
X-Daa-Tunnel
X-Debug-Info
X-Webkit-Csp
X-Hostname
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Content-Digest
X-Ratelimit-Limit
X-ASPNET-VERSION
X-Amz-Replication-Status
X-Varnish-Age
Filterid
Cross-Origin-Opener-Policy
X-XRDS-LOCATION
X-Upgrade-Enabled
X-Grace
X-Az
X-Accel-Expires
X-Activity-Id
X-AppVersion
X-FB-Debug
X-VCache
X-Fastly-Request-Id
ServerID
X-N
X-WebKit-CSP-Report-Only
X-F-Cache
X-Forwarded-Proto
X-Origin-Server
X-Rid
X-Nginx-Upstream-Cache-Status
Access-Control-Allow-Method
X-Mobile-URL
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Flags
X-LB-Cache
X-Type
X-TT
TP-Cache
X-Whom
TP-L2-Cache
X-App-Environment
X-Seen-By
Viewport
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Varnish-Grace
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Tb
Payment
X-FW-Server
X-Distributor
Node
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Type
X-Fastcgi-Cache
X-Server-ID
DC
X-User-Agent
Paypal-Debug-Id
X-DataDome
X-App-Server
X-Wix-Request-Id
Fastcgi-Useragent
Country
Accept-Charset
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Fastly-Request-ID
X-Ratelimit-Reset
X-Cache-Control
X-Cache-Rule
X-NGENIX-Cache
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Via-JSL
Version
X-Request-Handler-Origin-Region
X-Microsite
Referer-Policy
X-Cluster-Name
X-Drupal-Cache-Tags
X-Logged-In
X-Contextid
X-Cache-Age
X-Signature
X-B-Cache
X-Buckets
Cache-Status
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Node-Name
X-Erf-Bev-Bev
Refresh
X-Load-Cache
X-Original-Request-Id
X-Mobile
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
SD-X-WS
X-Response-Served-From
X-Varnish-Backend
X-Cache-Expired-At
X-Page-View
X-Real-IP
X-Vgn-Hpd-Reason
Access-Control-Request-Headers
X-B
X-IPLB-Instance
NGB
X-Jobs
X-Is-Bot
X-Cacheable-TTL
X-Rendered-As
X-Debug
X-Revision
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Proxy
X-ProcessESI
X-Cache-Action
X-UUID
X-Proxy-Cache-Status
X-Device-Type
X-Instance
X-Rule
X-RemovedCookies
Akamai-GRN
X-Drupal-Cache-Contexts
Surrogate-Key
X-Framework
X-Debug-IsConnected
X-Debug-IsPreview
X-Cache-Time
X-FW-Version
X-G
Amp-Access-Control-Allow-Source-Origin
CF-IPCountry
SID
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Accel-Buffering
X-Oracle-Dms-Rid
DynaTrace
X-Oracle-Dms-Ecid
X-Presslabs-Stats
X-Nginx-Cache
GEO-INFO
X-Cache-NGX
X-Azure-Ref
Count-Hit
X-Source
X-PressLabs-Stats
Uber-Trace-Id
Liferay-Portal
X-Ms-Request-Id
X-Ms-Version
X-Cache-Operation
X-Oneagent-Js-Injection
X-Ratelimit-Remaining
X-APP-VERSION
Frame-Options
X-Zen-Fury
X-EdgeConnect-Cache-Status
Ms-Operation-Id
X-XRDS-Location
Healthy
MS-CV
X-RTag
Protected
X-Cache-Hit
X-CDN-Forward
X-Mode
Countrycode
Xserver
X-TEC-API-ROOT
X-TEC-API-VERSION
X-L-Path
X-TEC-API-ORIGIN
X-Environment-Context
X-Backend-Name
X-Tumblr-Pixel-1
X-Tumblr-User
Ec-Rule-Version
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Varnish-Server
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-RateLimit-Limit
X-Cache-TTL-Remaining
X-Hyper-Cache
LB
Backend
X-Adobe-Loc
X-Adobe-Content
X-Content-Age
X-JoinUs
X-Servername
X-Region
WPO-Cache-Message
X-RN-RSRV
X-Rewrite-Enabled
Meta-Geo
X-UPSTREAM-Address
X-Forwarded-Host
X-SaId
WPO-Cache-Status
Apigw-Requestid
X-Detected-As
X-Hosted-By
X-Proxied
X-Alternate-Cache-Key
Country-Code
X-ShardId
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-ShopId
X-Cache-Server
X-Shopify-Stage
Content-Disposition
X-Cache-Grace
X-Zipkin-Id
Eomportal-Instance
X-Extlb
X-Trace-Id
X-Debug-Cache
X-Format
X-Sql-Duration-Ms
X-Sorting-Hat-PodId
X-Generation-Time
X-Redis-Cache
X-Routing-Service
X-Sorting-Hat-ShopId
X-Sql-Count
X-Human
X-Access
X-FB-TRIP-ID
X-ApacheServer
X-Uri
X-Varnish-Beresp-Grace
X-Via-Fastly
X-Microcachable
Fastly-SSL
Url
X-Section
X-Content-Powered-By
Section-Io-Cache
Mn-Server-Ip
Cache-Name
X-Status
X-ServerID
X-OCL
X-No-Session
X-PHP-Backend
X-NCache
X-Origin-Date
X-PERF
X-Site-Version
X-PCL
Webcakes-App-Name
Property-Id
Selected-Fe
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
TWC-Device-Class
TWC-Connection-Speed
X-Origin-Hint
X-ProxyCache-Status
CDN-PullZone
X-Tid
X-Say-TTL
CDN-RequestCountryCode
X-Timing-Wait
X-ProxyCache-Key
CDN-EdgeStorageId
X-Proxy-Build
CDN-CachedAt
CDN-Cache
X-Pubstack
X-SayCDN-TTL
X-Cluster-Node
X-Cache-Type
X-Cache-Host
X-BYPASS-REASON
X-NYM-Debug-Backend
X-Say-Cacheable
CDN-RequestId
CDN-Uid
X-Server-W
X-Storage
X-Akamai-Edgescape
TWC-Locale-Group
Cache-Tv-Group
X-R9-Blue-Green-Version
X-Soup
X-Hl-Ver
X-Varnishpool
X-Be
X-Web-Node
X-Generated-By
X-UA-Device-Type
Azure-RegionName
Azure-InstanceId
X-TIME
Azure-SiteName
Azure-SlotName
Content-Secure-Policy
Azure-Version
X-Ua
X-LSADC-Cache
Retry-After
DB-Nickname
X-NewRelic-App-Data
X-Nginx-Cache-Key
X-Webkit-CSP
X-Cached-By
OT-Force-Account-Verify
X-Dc
X-Azure-Ref-OriginShield
Source
X-Bc-Bl
X-Unique-Id
X-Cache-Remote
X-Akamai-Transformed
SRV
X-TT-LOGID
X-Platform-Server
Cache
X-Auto-Login
X-LAGOON
X-EC-Lua
X-Xfnlog-Site
HostName
X-SRV
X-GEO
Upgrade-Insecure-Requests
X-Cache-Tags
ServedBy
X-ECache
Cache-Hits
X-Varnish-Hits
X-Origin-TTL
X-Origin-CC
X-TNCMS
X-Loop
X-CSRF-Token
X-Cdn
From-Origin
X-Varnish-Hostname
X-Varnish-Cache-Hits
X-Correlation-ID
X-Request-Time
Onion-Location
X-S-Maxage
Mime-Version
Xet-Cookie
X-HTML-Minification-Powered-By
X-App-Version
X-AOL-HN
Webserver
X-NWS-UUID-VERIFY
X-Request-Host
WP-Super-Cache
Web-Mar-Node
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-2
X-Time
X-Tumblr-Pixel-3
X-Proto
N-Cache
X-Cache-Enabled
X-Endurance-Cache-Level
X-Handled-By
X-Tenant
X-FireWall-Port
X-LJ-Flow-ID
AMP-Access-Control-Allow-Source-Origin
X-AWS-Id
X-VWS-Id
X-B3-SpanId
X-GG-Cache-Date
X-Origin-Response-Time
X-Time-Microsecs
X-Connection-Hash
X-Session-Fingerprint
X-Shop-Environment
Odigeo-Trace-Id
X-CF-Lambda-Version
Mobile-Detection-Method
X-SD-PageType
Meta-Geo-Continent
A
X-Orig-Expires
X-Slack-Backend
X-NAPM-TraceId
X-SRCache-Key
Sslversion
Surrogated-Key
Rendered-Blocks
Redirect-Candidate
BehaviorPad-Version
X-CF-Lambda-Fn
Pramga
X-PAYTM-SRV-ID
X-ScT
X-D
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
DCR-Processing-Time-Ms
X-Conf
X-Reqid
X-Cluster
DCR-Decision-By
X-RCS-CacheZone
Expiry
X-Edge-Location
X-Ig-Push-State
X-Processor
X-Ckpd-Fst-Backend
X-S-Cookie
X-S
Fastcgi-X-Cache-Version
X-PBS-Appsvrname
X-Rojux
X-Adobe-Source
X-ND-Cache
X-A-Wwc
X-Aed
X-Aicache-OS
X-Epic-Correlation-Id
X-V-Cache
X-A-Dgt
X-Forwarded-Path
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Vdms-Path
Xc-Version
X-ARC
X-VG-WebCache
X-B-Cookie
X-Backend-TTL
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Vdms-Version
X-External-Request-Id
X-Application
Vix-Hermes-Req-Id
X-A
V-Age
X-Developer
X-TIM-N
X-Cache-NE
X-Ftr-Request-Id
X-Destination
X-Magnolia-Registration
X-Mg-Request-UUID
X-MP-GENERATED-AT
X-Li-Fabric
Cmsid
Cmstype
X-Men
X-Cdn-Srv
X-Policy
X-NodeID
Apple-News-Services-Request-Url
True-Client-Country-4JS
State
X-Cache-Date
Arc-Country
X-Proxy-Upstream
CacheControlHeader
X-Mvc-Supplant-Cachable
X-Cache-Info
X-Location
DSUID
X-Origin
Wxu-Next-Commit
Origin
Wxu-Next-Hostname
Svr
X-Origin-Time
Gh-Request-Id
Wxu-Next-Region
X-Old-Content-Length
X-LI-UUID
User-Cache-Control
X-Li-Pop
Host-ID
X-Origin-Expires
X-Nyt-Route
X-Accel-Expires-Debug
Fastcgi-Cache-TTL
X-Cache-Bucket
Apple-News-Services-Handled
X-Amzn-RequestId
S-Rt
X-Server-IP
X-Block-Status
X-Hnp-Log
X-Forwarded-Site
X-Rocket-Nginx-Serving-Static
X-Scheme
X-Fastly-Cache
X-Labrador-Cache-Channel
X-Geo-Header
X-SVT-ORM-VERSION
X-Sucuri-ID
X-Date
X-Sucuri-Cache
X-Gen-Mode
Apple-News-Services-Parsed-Url
X-Cache-Var-Map
X-SVT-ORM-RULES
X-Cache-Var
X-Gdpr
X-GeoIP-Country-Code
X-Amz-Apigw-Id
X-Hash
X-Webstats-RespID
X-GeoIP-Region-Code
X-PHP-Host
AKAMAI
Apple-News-Services-Host
X-Viewer-Country
X-Request-URI
X-VG-TLSProxy
CloudFront-Viewer-Country
Environment
Server-Info
X-Varnish-Ttl
X-Fastly-Backend
X-Level-Front-Cache
X-Cache-Debug
X-Cache-Id
X-Backend-State
X-Branch-Name
X-HS-Content-Campaign-Id
Ssr
X-Storefront-Renderer-Rendered
X-Akamai-Request-ID2
X-Varnish-Beresp-Status
X-Envoy-Decorator-Operation
X-BBC-Edge-Cache-Status
X-Sn-Servicetimems
X-VServer
X-Developers
X-Locale
We-Hiring
Web-Mar-Region
X-TrackingId
X-Device-Os
X-Esi-Check
X-Gamma-Serve
X-TH-Server
Server-Host
X-Fetched-On
X-UnsetCookies
X-VarnishDD-TTL
Traceparent
X-Generated-On
X-GeoIP-City
Fastly-GeoIP-CountryCode
X-Rocket-Build-Number
X-Gzip
X-GeoIP
X-Datadog-Parent-Id
X-Irp-Debug
X-Owner
HA-Ipaddr
Ha-Gx-Prefs
X-HN
X-Csrf-Jwt
X-RateLimit-Remaining-Second
X-Core-Mission
X-Eu-Site
X-RateLimit-Limit-Second
CDCHOST
X-Core-Value
X-Platform
X-Req
X-Region-Sid
L5d-Success-Class
L
PFcat
X-Skip-Cache
Origin-EX
X-Sigma-Backend
X-Datadog-Trace-Id
Release
X-Cdn-Origin
X-Http-Reason
Req-Svc-Chain
X-Sigma
Origin-CC
X-CGP
Mail-Subject
Machine
Locid
X-Datadog-Sampling-Priority
X-Served-From
X-Via-NSCOPI
X-DefHash
X-Is-Gdpr
X-Has-Esi
X-FC-Vary-Parameters
X-DefElseHash
X-JWT-State
X-DPWN-IS-SECURE
X-Rebelmouse-Surrogate-Control
Cf-Device-Type
X-Qloud-Router
Adler-Geo
X-Pod-Name
Fastly-SIE
X-Variation
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Response-By
X-Varnish-CookieHashed-On
X-Thinkindot-L3
X-Varnish-Beresp-Ttl
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Worker
Fastly-Drupal-Html
Memcached
Is-Eu
Thinkindot-Control
NM-Fastcgi-Cache
X-Loc
X-Amzn-Remapped-Content-Length
X-ATG-Version
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Node-Id
Platform
Magicmarker
X-NU-AKA-ACS-Version
TDXMobile
X-Xrds-Location
X-VC-Cache
X-Restarts
NGX
X-Request-Start
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Ua-Device
X-TraceId
X-CS
Kp-EeAlive
X-Bip
X-Up
X-API-Version
X-NC
X-LB-ID
X-Thanos
X-Zone
X-Tx-Id
X-RPS
X-RPM
X-DW
X-Cache-Backend
X-Wix-Viewer-Type
X-DSS
Edge-Cache
X-RSL
X-Action
CDN
X-Mvc-Supplant-OutputCached
X-DI
X-DB
X-Generated-In
Accept-Language
X-LB-NoCache
X-Cache-Config
X-Trace-ID
Ms-Author-Via
Time
Pics-Label
Memory
X-Tt-Logid
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popn
X-Refresh
X-Via-Popv
X-Via-Poph
Env
X-CacheTTL
X-Edge-Pop
X-Optimistic-Header
X-Srv
X-Datadome
GeoIp-Country-Code
X-Minions-Version
WebServer
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
NtCoent-Length
Datacenter
X-ZONE
X-HA-Backend
Candidate-Md5Url
X-CACHE-KEY
X-DC
X-TX-ID
X-DynaTrace-JS-Agent
X-Vc
X-Ec-GeoHdr
X-Ec-Fail
X-TA-CDN-Provider
X-User
X-Cs
X-Esi
WWW-Authenticate
Server-ID
On-Server
X-Parent-Response-Time
X-Unique-ID
X-Servedbyhost
X-MSEdge-Features
Esi-Enabled
X-MSEdge-Flight
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-TTL
X-Service
Cdncip
Cdnsip
X-Cache-PHP
X-AK-Request-ID
X-Li-Proto
C-Via
X-Newrelic-Synthetics
X-WADP-Cache
X-Fmm-Version
X-Clara-WADP
X-VCL-Version
Cluster
X-Cache-Ttl
X-FPC
X-App
My-App
Geoip-Latitude
Proxy-Connection
X-URL
X-B3-Spanid
Tracecode
Test
X-Fpc
X-Var-Ttl
X-Vcl-Version
X-Dynatrace
X-Webkit-Csp-Report-Only
X-CUA
X-LI-Proto
DataCenter
Cf-Int-Pingora-Origin-Digest
X-Pass-Why
Geo-Info
X-Traceid
X-Cache-Status-Check
X-Render-Time
X-From
T-Server
Fastly-Drupal-HTML
Lfy
X-Webkit-CSP-Report-Only
X-LiteSpeed-Cache-Control
X-NODE
X-VC
Lang
X-Fragments
X-Mcache
Resin-Trace
Target-Params
M-TraceId
Server-Id
MIME-Version
X-Ha-Backend
X-WP-CF-Super-Cache
X-ServedByHost
X-WP-CF-Super-Cache-Cache-Control
X-CSRF-TOKEN
X-Geo
X-RAMCache
X-ID
X-Clientip
X-Provided-By
Hostname
X-Cdn-Forward
X-Info
Hit
GeoIP-Country-Code
X-Oss-Request-Id
HIT
X-AIR-PT
X-Httpd
X-Oss-Server-Time
Permissions-Policy
X-Oss-Object-Type
X-LiteSpeed-Tag
UCS
X-Oss-Storage-Class
X-Proxy-Cache-Info
Cache-Host
X-Oss-Hash-Crc64ecma
X-Dynatrace-Js-Agent
X-Pad
ENV
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
Producers
X-Via-PopV
X-Via-PopH
Servername
X-Edge-POP
X-Via-PopN
WZWS-RAY
X-Check-Cacheable
S-Cnection
X-Edge-Cache
X-Fastly-Backend-Reqs
X-Api-Version
X-SB
Ohc-File-Size
FSS-Cache
X-NGINX-Cache
X-Udemy-Cache-App-Namespace
X-ServerName
X-ElasticPress-Query
X-Pool
X-Platform-Router
X-Ucs
X-HS-Status
X-Platform-Processor
X-Platform-Cluster
X-Lb-Nocache
X-BBC-Origin-Response-Status
User-Agent
PICS-Label
Fastly-Backend-Name
X-Micro-Cache
Load-Balancing
URI
X-UP
ServerName
X-Cache-CFC
X-Acquia-Purge-Tags
X-GoCache-CacheStatus
X-Acquia-Site
X-Scale
X-Ec-Custom-Error
X-Backend-Host
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Uri
X-Release
X-TRACE-ID
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Server-Ext
MD5-Digest
X-Nc
Server-Hostname
EpKe-Alive
X-Dispatcher-Number
X-RateLimit-Reset
Cteonnt-Length
Cneonction
Sever-Int
Tcn
X-Swift-Error
X-Cdn-Request-ID
X-APP
X-Lb-Id
X-BCube-Filmed-By
X-Cache-Expires
X-SIPLIST1
X-Fastly-Cache-Hits
Server-Ttl
IsBot
Cdn
X-Dw-Trace-Id
Ohc-Cache-HIT
X-Via-Ucdn
Path
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Shield-Pop
X-Newrelic-App-Data
X-Yottaa-OS
CF-Cached-On
X-Vcache
Wpo-Cache-Message
X-B3-ParentSpanId
Wpo-Cache-Status
Vha6-Origin
X-Snapshot-Date
X-Cache-ASPX
Cf-Ipcountry
X-Contensis-Viewer-Groups
X-Air-Pt
X-Cache-Ngx
X-HostName
Sid
X-Litespeed-Cache-Control
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-B3-Parentspanid
X-Akamai-Request-ID
X-Varnish-Authentication
X-WA-Info
X-WA
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
Cache-Key
CPC-Age
X-Amz-Meta-Cb-Modifiedtime
VNS-Cache
VNS-Age
CPC-Cache
X-Apw-Hits
X-Logging-Id
X-Http-Count
Ngx
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
X-Sentry-ID
CountryCode
X-CacheKey
X-UA
X-Akamai-Pragma-Client-IP
Req-ID
X-Last-Modified