Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
P3p
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Dispatcher
X-Akamai-Path-Stats
EagleEye-TraceId
X-WebKit-CSP
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
Allow
X-Host
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
Surrogate-Control
Accept-CH
X-Backend-Server
Request-Id
X-Akam-SW-Version
X-Readtime
X-HW
X-Cache-Lookup
X-Response-Time
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-Trace
Cf-Edge-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-MS-InvokeApp
X-Rack-Cache
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Content-Type
X-ESI
X-Varnish-TTL
X-B3-TraceId
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-Px
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Amz-Rid
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Ac
X-Cnection
Public-Key-Pins
X-Dw-Request-Base-Id
X-Amz-Server-Side-Encryption
X-Element-Page-Cache
Accept-Ch
X-D2id
Verso
X-Navigation-Version
X-Cache-TTL
X-Abt-Application-Version
X-RateLimit-Remaining
X-Client-IP
X-Powered-By-Plesk
Service-Worker-Allowed
X-FastCGI-Cache
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Ser
X-Country-Code
X-Version
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-Edge
X-TTL
X-Middleton-Response
Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
X-Ruxit-Js-Agent
X-Correlation-Id
X-Upstream
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
AR-CACHE
X-Kinsta-Cache
X-Webkit-Csp
X-Edge-Location-Klb
SPIisLatency
SPRequestDuration
X-Cached
X-LLID
X-NWS-LOG-UUID
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
Nginx-Cache
X-Powered-CMS
X-Litespeed-Cache
Edge-Cache-Tag
TCN
X-RateLimit-Limit
MS-Author-Via
X-Cache-Key
X-Ttl
Mrf-Cache-Status
X-Forwarded-For
SPRequestGuid
MRF-Tech
X-SharePointHealthScore
X-MSEdge-Ref
Content-MD5
X-B3-TraceId-Primal
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-Ua-Device
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Content-Digest
X-Protected-By
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Frontend
X-HS-Hub-Id
X-HS-Cache-Config
X-Ezoic-Cdn
X-HS-Content-Id
X-Ua-Browser
X-Ab
X-Yandex-Sdch-Disable
X-Content
Server-Node
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-HS-Combine-CSS
X-Request-Received
Front-End-Https
X-Accel-Expires
X-Grace
Filters
X-ORACLE-DMS-ECID
X-Server-ID
X-DataDome
X-ECACHE
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
Pinterest-Version
X-Origin-Server
X-PressLabs-Stats
X-Pinterest-Rid
Pinterest-Generated-By
TP-Cache
TP-L2-Cache
X-Debug-Info
X-Distributor
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
Cleartype
X-Page-Id
Host
X-F-Cache
X-Git-Hash
X-DIS-Request-ID
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Www-Served-By
X-DynaTrace
X-LB-Cache
X-Forwarded-Proto
Cache-Tags
Access-Control-Allow-Method
ServerID
X-Cache-Age
X-Seen-By
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Language
X-Microsite
X-Request-Handler-Origin-Region
X-Aspnetmvc-Version
X-Cluster-Name
Server-Name
X-Activity-Id
X-AppVersion
X-Az
X-Varnish-Age
Accept-Charset
X-WebKit-CSP-Report-Only
Realpath
Filterid
Cache-Status
X-Rid
X-Type
X-Content-Options
X-Mobile-URL
X-XRDS-LOCATION
X-App-Environment
X-Upgrade-Enabled
X-Oracle-Dms-Ecid
X-Origin-Cache
X-Via-JSL
Viewport
X-FB-Debug
X-User-Agent
Node
X-Varnish-Grace
X-Oracle-Dms-Rid
Country
X-Wix-Request-Id
X-MCACHE
X-Tb
X-B-Cache
X-Aspnet-Duration-Ms
X-Drupal-Cache-Tags
DC
Paypal-Debug-Id
X-Nginx-Upstream-Cache-Status
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Route-Name
X-Signature
X-Whom
X-Request-Guid
Protected
X-TT
X-NWS-UUID-VERIFY
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
Retry-After
Fastcgi-Useragent
X-Varnish-Backend
X-VCache
X-Fastly-Request-Id
X-Fastly-Request-ID
X-Cache-NGX
X-Amz-Replication-Status
X-B
X-Fastcgi-Cache
Payment
X-Contextid
X-Debug
X-Template
X-Logged-In
X-N
WPO-Cache-Message
X-FW-Static
X-FW-Type
X-FW-Serve
WPO-Cache-Status
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-Load-Cache
Surrogate-Key
X-Hostname
X-Cache-Control
X-XRDS-Location
X-Parallel-Accel
X-Node-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Mcache
Amp-Access-Control-Allow-Source-Origin
X-Browser-Type
Count-Hit
X-Trace-Id
X-Original-Request-Id
SD-X-WS
X-Response-Served-From
X-Proxy
Refresh
Healthy
Akamai-GRN
X-Jobs
VIX-Pulpo-Upstream-Status
X-Akamai-Request-ID2
X-G
X-UUID
X-Amz-Meta-S3cmd-Attrs
X-Rendered-As
Uber-Trace-Id
X-Is-Bot
X-Mobile
VIX-Pulpo-Node
X-Cache-Time
X-Revision
X-Real-IP
X-Zen-Fury
X-Cache-TTL-Remaining
X-Http-Reason
X-Cacheable-TTL
X-Page-View
X-Framework
X-Yottaa-Optimizations
NGB
X-Proxy-Cache-Status
Alternate-Protocol
X-Device-Type
X-Debug-IsPreview
X-Drupal-Cache-Contexts
X-Debug-IsConnected
Content-Disposition
X-Instance
X-Yottaa-Metrics
X-Cache-Rule
X-Adobe-Loc
X-Adobe-Content
Access-Control-Request-Headers
X-IPLB-Instance
X-Vgn-Hpd-Reason
From-Origin
Url
X-Source
X-Servername
X-B3-Traceid
Version
X-Cache-Grace
X-Cache-Expired-At
X-Oneagent-Js-Injection
Accept-Language
X-Varnish-Server
Permissions-Policy
X-Cache-Hit
X-Ratelimit-Remaining
Referer-Policy
X-L-Path
X-Environment-Context
X-Mg-Request-UUID
X-EdgeConnect-Cache-Status
X-App-Server
X-FW-Version
Countrycode
Ms-Operation-Id
X-Restarts
MS-CV
X-RTag
X-NGENIX-Cache
Cross-Origin-Window-Policy
X-Cache-Action
X-ECache
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-IPS-LoggedIn
Backend
X-COUNTRY
X-ProcessESI
X-NYM-Debug-Backend
X-RemovedCookies
Liferay-Portal
X-Datadome
CF-IPCountry
X-Hyper-Cache
X-Nginx-Cache
Content-Secure-Policy
X-HTML-Minification-Powered-By
Frame-Options
WP-Super-Cache
X-Rule
X-Cache-Server
Ec-Rule-Version
X-PCL
X-UPSTREAM-Address
Meta-Geo
X-Redis-Cache
X-RN-RSRV
X-OCL
Upgrade-Insecure-Requests
Section-Io-Cache
X-Ua
X-No-Session
X-Content-Age
X-Detected-As
Cache-Tv-Group
Apigw-Requestid
X-Generation-Time
X-Cluster-Node
X-FB-TRIP-ID
X-Format
X-Section
X-Access
X-Cache-Enabled
X-Urbn-Context-Path
X-Urbn-Site-Id
X-UA-Device-Type
X-Storage
X-Sql-Count
X-Sql-Duration-Ms
X-Human
X-Uri
Mn-Server-Ip
Property-Id
X-Akamai-Edgescape
X-Web-Node
X-Hosted-By
X-Via-Fastly
S-Rt
X-Site-Version
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-Request-Time
Azure-Version
X-PHP-Backend
X-Say-Cacheable
Locale
X-Origin-Date
Fastly-SSL
X-Server-W
X-Say-TTL
X-SayCDN-TTL
TWC-Connection-Speed
X-Varnish-Cache-Hits
X-Be
X-Unique-Id
X-ApacheServer
TWC-Device-Class
X-Origin-Hint
X-PERF
X-AOL-HN
X-Generated-By
X-Region
Webcakes-App-Version
Webcakes-Region
X-Mode
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-GeoIP-Country
X-TT-LOGID
TWC-Privacy
X-Cache-Tags
CDN-Cache
X-Platform-Server
X-Cache-Type
Eomportal-Instance
CDN-RequestId
CDN-Uid
X-ProxyCache-Status
X-ProxyCache-Key
X-Debug-Cache
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
X-Content-Powered-By
X-Nginx-Cache-Key
X-Cache-Host
X-Webkit-CSP
Webserver
X-APP-VERSION
X-Xfnlog-Site
X-Status
X-Forwarded-Host
X-BYPASS-REASON
X-Proxied
X-Hl-Ver
X-JoinUs
X-Extlb
X-Alternate-Cache-Key
X-Backend-Name
X-ShopId
X-Zipkin-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Tid
X-Varnishpool
X-ShardId
X-Shopify-Stage
X-Routing-Service
X-ServerID
X-SaId
X-Adobe-Source
X-Accel-Buffering
X-Cache-Operation
X-Handled-By
X-Proxy-Build
ServedBy
Selected-Fe
X-Timing-Wait
X-Ratelimit-Limit
X-Cache-Remote
X-Labrador-Cache-Channel
X-GG-Cache-Date
X-Locale
X-PHP-Host
X-Dc
X-NewRelic-App-Data
X-Rewrite-Enabled
Xserver
X-LJ-Flow-ID
X-LSADC-Cache
X-AWS-Id
X-VWS-Id
SID
X-Pubstack
X-Soup
X-VC-Cache
X-Cached-By
X-Buckets
Mime-Version
Fastly-Drupal-Html
SRV
X-CDN-Forward
Web-Mar-Node
Country-Code
X-Edge-Location
X-Proto
Decoy-Debug-TTL
LB
Decoy-Debug-Key
X-Request-Host
X-GEO
X-Reqid
Decoy-Debug-Status
X-Storefront-Renderer-Rendered
X-App-Version
X-Microcachable
Onion-Location
X-TA-CDN-Provider
X-Cms-Context
Server-Info
X-Varnish-Hostname
X-Origin-CC
X-Origin-TTL
X-Ms-Request-Id
X-Ms-Version
Xet-Cookie
Cache-Hits
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-NCache
X-Cluster
X-GeoCode
X-CSRF-Token
X-GeoCountry
Load-Balancing
DynaTrace
X-SRV
X-Varnish-Hits
X-Bc-Bl
X-Midtier
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Cache-Name
X-B3-SpanId
X-Varnish-Beresp-Grace
X-Amz-Apigw-Id
X-R9-Blue-Green-Version
X-Amzn-RequestId
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Azure-Ref
X-Origin-Response-Time
X-Envoy-Decorator-Operation
X-TrackingId
Fastcgi-X-Cache-Version
X-User
Host-ID
X-SRCache-Key
Lang
X-PBS-Appsvrname
Cmsid
X-Vdms-Path
Meta-Geo-Continent
A
X-Tenant
X-TIM-N
BehaviorPad-Version
Cdncip
DCR-Processing-Time-Ms
DCR-Decision-By
DB-Nickname
Cdnsip
Expiry
X-ScT
X-Destination
X-D
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-Connection-Hash
X-Conf
X-Cache-NE
X-Cache-Id
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Epic-Correlation-Id
X-Esi-Check
X-HS-Content-Campaign-Id
X-Hash
X-Ig-Push-State
X-LAGOON
X-Processor
X-Gzip
X-Geo-Header
X-External-Request-Id
X-Forwarded-Path
X-From
X-Ftr-Request-Id
X-Cache-Bucket
X-Rojux
Sslversion
X-SD-PageType
Surrogated-Key
T-Server
X-Men
Rendered-Blocks
Pramga
NM-Fastcgi-Cache
X-Shop-Environment
Odigeo-Trace-Id
X-Session-Fingerprint
X-S-Cookie
X-A
X-S
X-AK-Request-ID
X-Application
X-ARC
X-B-Cookie
X-Aed
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
Mobile-Detection-Method
Cmstype
X-Magnolia-Registration
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
X-Orig-Expires
X-VG-WebCache
X-Webstats-RespID
X-NodeID
X-Varnish-Ttl
Xc-Version
X-Vdms-Version
X-Vtex-Processado-Em
X-NAPM-TraceId
X-Via-NSCOPI
Svr
X-Has-Esi
X-Scheme
X-SB
User-Cache-Control
Vix-Hermes-Req-Id
Apple-News-Services-Host
V-Age
We-Hiring
Web-Mar-Region
Platform
Memcached
X-Sigma
Mail-Subject
Machine
X-Sigma-Backend
Apple-News-Services-Parsed-Url
X-Nyt-Route
X-WADP-Cache
X-Server-IP
X-Hnp-Log
Producers
State
Apple-News-Services-Request-Url
Wxu-Next-Commit
X-DefElseHash
X-Request-URI
X-Core-Value
Wxu-Next-Hostname
X-Core-Mission
X-DefHash
X-Device-Os
X-Fetched-On
X-Fmm-Version
X-Fastly-Cache
Apple-News-Services-Handled
X-DPWN-IS-SECURE
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Planisys-CDN-TTL
X-Block-Status
Is-Eu
X-Amzn-Remapped-Content-Length
X-Worker
X-GeoIP
X-Cache-Backend
X-Gen-Mode
X-Gdpr
Wxu-Next-Region
X-Developers
X-Cache-Info
X-Rocket-Build-Number
X-Wix-Viewer-Type
Server-Host
X-Old-Content-Length
X-Origin-Time
X-Tx-Id
X-Origin-Expires
X-SVT-ORM-RULES
X-Is-Gdpr
X-Variation
X-VG-TLSProxy
Environment
X-TNCMS
X-JWT-State
X-Origin
X-Viewer-Country
AKAMAI
Adler-Geo
X-Node-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Location
X-SVT-ORM-VERSION
X-Varnish-CookieHashed-On
X-V-Cache
X-Slack-Backend
X-Irp-Debug
X-Varnish-Remaining-TTL
X-Mvc-Supplant-Cachable
X-Loop
X-Varnish-CookieINHashed-On
Fastly-GeoIP-CountryCode
Source
CDN
X-Cache-Date
X-Proxy-Cache-Info
X-Cdn-Origin
X-Policy
X-Ec-Custom-Error
X-Response-By
X-Pod-Name
X-Branch-Name
X-RPM
X-Generated-On
Locid
X-VServer
X-BBC-Edge-Cache-Status
X-RateLimit-Remaining-Second
X-Rocket-Nginx-Serving-Static
X-Rebelmouse-Cache-Control
X-CGP
X-Region-Sid
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-DB
X-DW
X-Gamma-Serve
X-DSS
X-Platform
X-Auto-Login
X-Qloud-Router
X-Eu-Site
X-Level-Front-Cache
X-DI
X-Thinkindot-L3
HostName
X-VarnishDD-TTL
X-Pool
X-Csrf-Jwt
X-RateLimit-Limit-Second
X-Rebelmouse-Surrogate-Control
Arc-Country
Fastcgi-Cache-TTL
Redirect-Candidate
X-Httpd
PFcat
Origin-EX
Release
Req-Svc-Chain
X-RPS
X-HN
X-Served-From
X-Forwarded-Site
Origin-CC
Origin
HA-Ipaddr
Ha-Gx-Prefs
X-Skip-Cache
L5d-Success-Class
L
Gh-Request-Id
X-Sn-Servicetimems
Fastly-SIE
N-Cache
Fastly-SWR
X-Time
X-Proxy-Upstream
Ssr
X-Minions-Version
Cache
X-GeoIP-City
Cluster
X-Loc
CloudFront-Viewer-Country
CDCHOST
Traceparent
X-Aicache-OS
Kp-EeAlive
X-RSL
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-TraceId
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Date
DSUID
X-Optimistic-Header
MD5-Digest
X-Accel-Expires-Debug
AMP-Access-Control-Allow-Source-Origin
X-TIME
NGX
X-EC-Lua
X-ZONE
X-Parent-Response-Time
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Akamai-Transformed
X-CacheTTL
GEO-INFO
X-Dispatcher-Number
X-CS
X-Srv
X-Owner
X-NC
X-WP-CF-Super-Cache
X-VC
X-WP-CF-Super-Cache-Cache-Control
X-SIPLIST1
X-Scale
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Ucdn
X-Ah-Environment
Env
X-Refresh
Server-Hostname
Pics-Label
IsBot
Sever-Int
Server-Ext
Ms-Author-Via
X-Newrelic-Synthetics
X-Udemy-Cache-App-Namespace
X-Mvc-Supplant-OutputCached
Memory
X-Cache-Debug
Servername
X-Edge-Pop
X-LB-NoCache
X-API-Version
Time
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
X-CACHE-KEY
Geo-Info
X-Wikidot-Backend
X-Generated-In
X-Wikidot-Static-Cache
Ohc-File-Size
CacheControlHeader
X-Tt-Logid
X-Xrds-Location
Cache-Key
X-BCube-Filmed-By
Candidate-Md5Url
X-Ad-Defer-Variation
X-Via-Popv
X-TH-Server
X-Via-Poph
X-Via-Popn
X-Amz-Meta-Cb-Modifiedtime
X-Action
True-Client-Country-4JS
X-IPLB-Request-ID
GeoIp-Country-Code
Datacenter
XM
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-S-Maxage
X-SplitTest
VNS-Cache
X-Backend-TTL
CPC-Age
VNS-Age
CPC-Cache
X-HA-Backend
X-Servedbyhost
X-RateLimit-Reset
X-Presslabs-Stats
X-Varnish-Authentication
FSS-Cache
Fastly-Backend-Name
ITXSESSIONID
Geoip-Latitude
X-WA-Info
Client
Edge-Cache
X-VCL-Version
X-Provided-By
X-Varnish-Beresp-TTL
X-Req
X-Vc
Path
X-Dynatrace
X-Micro-Cache
X-Cache-Status-Check
X-VHOST
X-Cs
Server-ID
X-Trace-ID
X-DC
X-AIR-PT
My-App
X-Zone
Hostname
Cache-Host
Lb
X-Origin-Upstream-Status
Ohc-Cache-HIT
X-Pass-Why
X-TX-ID
Ngx.Var.Host
X-Up
True-Client-IP
DataCenter
NtCoent-Length
X-Webkit-Csp-Report-Only
X-LB-ID
X-Fpc
X-FireWall-Port
X-FPC
X-Proxy-CacheRZ
XkeyRZ
X-Clientip
X-B3-Spanid
X-Api-Version
OT-Force-Account-Verify
Test
Powered-By
X-Traceid
X-Varnish-Beresp-Ttl
X-Li-Pop
X-Li-Fabric
X-LI-UUID
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-Cdn-Request-ID
X-UnsetCookies
X-CSRF-TOKEN
X-ND-Cache
X-Correlation-ID
User-Agent
X-Vcl-Version
X-Beluga-Cache-Status
X-Beluga-Record
X-CUA
X-Beluga-Trace
Server-Id
X-Webkit-CSP-Report-Only
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Node
X-Time-Microsecs
X-MSEdge-Flight
Cf-Device-Type
X-Fragments
X-RAMCache
WZWS-RAY
Tracecode
X-MSEdge-Features
Target-Params
Proxy-Connection
X-Dmc
X-CLOUD-TRACE-CONTEXT
X-Azure-Ref-OriginShield
X-Ha-Backend
X-Via-PopH
X-Sucuri-Cache
X-Via-PopN
X-FC-Vary-Parameters
X-Render-Time
X-INCAP-ABP
X-URL
X-HS-Status
X-Var-Ttl
X-Via-PopV
X-Fastly-Backend
Uri
X-ATG-Version
X-Platform-Cluster
X-Sucuri-ID
X-ServedByHost
Lfy
Resin-Trace
X-Platform-Processor
X-Platform-Router
X-Geo
Rip
Sid
GeoIP-Country-Code
Srvid
GeoIP-Latitude
C-Via
X-PX
X-Check-Cacheable
MIME-Version
X-Akamai-Pragma-Client-IP
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-M-Log
Epwk-X-Cache
X-M-Reqid
X-CCDN-CacheTTL
X-Proxy-Cache-Hk
X-LI-Proto
X-Alfa-Service
X-Cdn-Forward
Tube-Got-Results
Tube-Get-Contents
X-Varnish-Beresp-Status
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
Tube-Got-Eval
Tube-Return
X-Fetch-By
X-Qnm-Cache
X-Service
X-NU-AKA-ACS-Version
X-DynaTrace-JS-Agent
Click-Count-Error
X-Li-Proto
Click-Count-Action-Start
Fastly-Drupal-HTML
X-TRACE-ID
HIT
X-Backend-State
Magicmarker
Esi-Enabled
X-Backend-Host
ENV
X-Fastly-Backend-Reqs
Srv
X-Vcache
Cdn
X-Esi
Section-Origin-Responded
ServerName
Section-Io-Origin-Time-Seconds
On-Server
X-Cache-Expires
X-Lb-Nocache
PICS-Label
X-Request-Start
X-Cache-CFC
Section-Io-Id
Section-Io-Origin-Status
XServer
X-Edge-POP
X-B3-Traceid-Primal
X-Srcache-Store-Status
X-MG-S
X-Srcache-Fetch-Status
X-LiteSpeed-Cache-Control
X-App
X-APP
X-ElasticPress-Query
X-Newrelic-App-Data
CF-Cached-On
Tcn
X-Yottaa-OS
Server-Ttl
X-Bip
X-Thanos
X-Acquia-Purge-Tags
D-Url-Rewrites
X-Acquia-Application-UUID
X-Iplb-Instance
X-Iplb-Request-Id
Inserted-Into-Cache-At
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
X-Acquia-Site
Wpo-Cache-Status
Cf-Ipcountry
X-Nc
X-Serial
Wpo-Cache-Message
X-HostName
Warning
Servedby
CountryCode
X-Akamai-Request-ID
X-Request-Url
M-TraceId
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Cache-Config
X-Fastly-Cache-Hits
X-Dist-Code
Fastcgi-Cache-Ttl
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Shopify-Generated-Cart-Token
X-CF-Powered-By
Content-Style-Type
X-IN-APIGATEWAYSSL
X-Storefront-Renderer-Verified
X-Litespeed-Cache-Control
X-Th-Server
Cneonction
X-Back
X-IN-APIGATEWAY
X-B3-Parentspanid
X-Dw-Trace-Id
X-Swift-Error
Ngx
X-Request-URL
X-Snapshot-Date
X-Release
Content-Script-Type
X-LiteSpeed-Tag