Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Request-ID
P3p
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
X-Drupal-Dynamic-Cache
Upgrade
X-Via
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-UA-Device
X-Hacker
X-Backend
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-LiteSpeed-Cache
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Amz-Version-Id
X-Device
X-Pingback
X-Dispatcher
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Server-Id
X-Host
X-Backend-Server
X-Node
Cf-Railgun
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
X-Language
Xkey
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Application-Context
Content-Location
X-Template
Accept-Ch-Lifetime
Rating
X-Country
X-Ua-Compatible
X-B3-TraceId
X-Cloud-Trace-Context
X-Cache-Lookup
X-Ac
Allow
X-Url
X-Content-Type
Accept-CH-Lifetime
X-Buckets
X-Trace
X-Vname
X-PC
X-TtlSet
X-Mod-Pagespeed
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
Cache-Tag
X-FastCGI-Cache
X-ESI
Fastly-Restarts
X-Rack-Cache
Service-Worker-Allowed
X-Server-Name
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-GitHub-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-Upstream
MS-Author-Via
X-Vcap-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Origin-Cache
X-Cached
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Country-Code
X-Cnection
X-Goog-Hash
X-Powered-By-Plesk
X-Px
X-Server-Lifecycle-Phase
Access-Control-Request-Method
X-Aws-Lambda-Call-Status
X-Navigation-Version
X-Kraken-Loop-Name
X-Instrumentation
X-NF-Request-ID
X-Version
RTSS
Accept-Ch
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Amz-Server-Side-Encryption
X-Powered-CMS
Display
X-Middleton-Display
Pagespeed
X-Sol
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Middleton-Response
Response
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-MSEdge-Ref
X-LLID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
X-CST
Nginx-Cache
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-TTL
X-Shield-Request-Id
AR-ATIME
AR-CACHE
AR-SID
AR-PoweredBy
AR-Request-ID
S
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
Content-MD5
X-T
X-RateLimit-Remaining
X-Protected-By
TCN
X-Forwarded-For
X-Mg-S
X-Id
X-Content-Security-Policy-Report-Only
X-Mid
X-Aspnetmvc-Version
Fastcgi-Cache
X-MCACHE
Realpath
X-Parallel-Accel
Front-End-Https
Edge-Cache-Tag
SPIisLatency
X-Recruiting
SPRequestDuration
X-Request-Processing-Time
X-Request-Received
Filters
X-Ttl
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Pinterest-Version
Fusion-Deployment-Id
X-Pinterest-Rid
Fusion-Source
Server-Node
Fusion-Template-Id
Pinterest-Generated-By
X-Ab
X-Content
X-Ua-Browser
X-DynaTrace
X-Correlation-Id
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
Alternate-Protocol
Server-Name
X-NWS-LOG-UUID
X-Accel-Expires
X-Frontend
X-ECACHE
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Hits
X-Yandex-Sdch-Disable
X-Cache-Key
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Content-Options
Cache-Tags
X-Git-Hash
Cleartype
Host
X-Page-Id
MicrosoftSharePointTeamServices
X-B3-Sampled
Charset
X-Www-Served-By
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Geo-Country
X-Ruxit-Js-Agent
X-Content-Digest
TP-L2-Cache
TP-Cache
X-Amz-Replication-Status
Filterid
X-Forwarded-Proto
X-Ser
X-VCache
X-Varnish-Age
X-Amzn-Trace-Id
X-Hostname
X-Fastly-Request-Id
X-AppVersion
X-Daa-Tunnel
X-Az
X-Activity-Id
X-XRDS-LOCATION
X-DIS-Request-ID
X-Debug-Info
X-Rid
X-Origin-Server
X-Upgrade-Enabled
Access-Control-Allow-Method
X-N
X-Grace
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Upstream-Status
X-FB-Debug
X-LB-Cache
X-Nginx-Upstream-Cache-Status
ServerID
X-Mobile-URL
X-Aspnet-Duration-Ms
X-TT
X-Flags
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Whom
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-F-Cache
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
Cross-Origin-Opener-Policy
X-WebKit-CSP-Report-Only
X-App-Server
X-NGENIX-Cache
Viewport
X-Tb
X-App-Environment
X-Distributor
X-Varnish-Grace
X-PressLabs-Stats
DC
X-FW-Type
Paypal-Debug-Id
X-FW-Dynamic
Payment
X-FW-Static
X-FW-Serve
X-Server-ID
X-FW-Server
X-FW-Hash
Node
X-Cache-Control
X-Logged-In
Fastcgi-Useragent
X-Seen-By
X-Type
X-Cache-Age
X-User-Agent
Country
Accept-Charset
X-Fastcgi-Cache
X-Cache-Rule
X-Varnish-Backend
X-Fastly-Request-ID
X-Erf-Bev-Bev-Is-Generated
X-Node-Name
X-Webkit-CSP
X-Erf-Bev-Bev
X-Browser-Type
X-DataDome
X-Wix-Request-Id
Version
X-Load-Cache
X-Cache-Action
Refresh
X-Via-JSL
X-IPLB-Instance
X-Response-Served-From
Access-Control-Request-Headers
Referer-Policy
Cache-Status
SD-X-WS
X-Original-Request-Id
X-TEC-API-ROOT
X-Cacheable-TTL
X-TEC-API-VERSION
X-Ratelimit-Limit
Amp-Access-Control-Allow-Source-Origin
X-TEC-API-ORIGIN
VIX-Pulpo-Node
X-Contextid
X-Page-View
VIX-Pulpo-Upstream-Status
X-Jobs
X-Is-Bot
X-Rendered-As
X-B
NGB
X-Drupal-Cache-Tags
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
X-Real-IP
X-ProcessESI
X-RemovedCookies
X-Debug
X-UUID
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cluster-Name
X-Drupal-Cache-Contexts
X-Revision
X-Mobile
X-Proxy
DynaTrace
X-Signature
X-B-Cache
Liferay-Portal
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-G
Akamai-GRN
X-Cache-Expired-At
X-Instance
X-Rule
X-Debug-IsPreview
X-Tec-Api-Origin
Surrogate-Key
X-Tec-Api-Version
X-Tec-Api-Root
X-Device-Type
X-Cache-Time
X-Debug-IsConnected
X-Framework
CF-IPCountry
X-FW-Version
Healthy
X-Azure-Ref
SID
X-Source
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Ms-Request-Id
X-Ms-Version
Frame-Options
X-XRDS-Location
X-Cache-Hit
X-Nginx-Cache
Ms-Operation-Id
MS-CV
X-RTag
X-APP-VERSION
Section-Io-Cache
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Oneagent-Js-Injection
X-CDN-Forward
X-Environment-Context
X-L-Path
Xserver
X-Varnish-Server
Count-Hit
Countrycode
X-Cache-Operation
GEO-INFO
X-Region
X-Servername
X-RateLimit-Limit
X-Forwarded-Host
X-EdgeConnect-Cache-Status
Uber-Trace-Id
X-Content-Powered-By
X-Mode
X-Accel-Buffering
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Backend
X-Litespeed-Cache
X-Backend-Name
X-Adobe-Loc
X-Adobe-Content
Ec-Rule-Version
X-JoinUs
X-SaId
X-RN-RSRV
X-UPSTREAM-Address
X-Zen-Fury
Meta-Geo
X-Detected-As
X-Microcachable
X-Human
X-Alternate-Cache-Key
X-Debug-Cache
X-Cache-Grace
Eomportal-Instance
X-Varnish-Beresp-Grace
X-Cache-Type
X-ShardId
X-Generation-Time
X-Hosted-By
X-Redis-Cache
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sql-Count
X-Site-Version
X-Sql-Duration-Ms
Country-Code
X-Via-Fastly
X-Status
X-Storage
X-Uri
X-Cache-Server
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-NCache
Cache-Tv-Group
Cache-Name
Apigw-Requestid
X-Cache-TTL-Remaining
X-BYPASS-REASON
X-Say-TTL
X-No-Session
X-ProxyCache-Key
Url
X-Ratelimit-Reset
Protected
X-PHP-Backend
X-OCL
X-ProxyCache-Status
X-Web-Node
X-Cache-Host
X-SayCDN-TTL
X-Say-Cacheable
Fastly-SSL
X-Origin-Date
X-Format
X-PCL
X-PERF
TWC-Device-Class
Azure-Version
TWC-Connection-Speed
Selected-Fe
X-Timing-Wait
X-Proxied
Property-Id
OT-Force-Account-Verify
X-ApacheServer
X-Zipkin-Id
X-UA-Device-Type
X-Extlb
X-Pubstack
Mn-Server-Ip
X-Origin-Hint
X-R9-Blue-Green-Version
X-NYM-Debug-Backend
X-Routing-Service
X-Section
Azure-SlotName
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
X-Varnishpool
X-Access
Webcakes-Region
X-Proxy-Build
X-Akamai-Edgescape
X-Azure-Ref-OriginShield
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Server-W
Content-Secure-Policy
X-Rewrite-Enabled
X-Cache-NGX
Source
X-FB-TRIP-ID
X-LSADC-Cache
X-ServerID
X-Tid
X-Soup
X-SRV
X-Ua
X-Be
X-Cluster-Node
DB-Nickname
X-Hl-Ver
X-Content-Age
X-Time
X-HTML-Minification-Powered-By
X-Cache-Var
X-Webkit-Csp
X-Cache-Var-Map
Content-Disposition
X-Cached-By
X-NewRelic-App-Data
SRV
X-Amz-Meta-S3cmd-Attrs
X-Unique-Id
Cache
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestId
CDN-Uid
X-Generated-By
X-LAGOON
CDN-Cache
CDN-RequestCountryCode
X-TT-LOGID
X-Bc-Bl
X-Loop
X-TNCMS
X-Varnish-Hits
X-Hyper-Cache
X-Dc
X-S-Maxage
Retry-After
X-App-Version
Onion-Location
Webserver
X-Varnish-Hostname
X-Origin-CC
X-Auto-Login
X-Origin-TTL
X-Presslabs-Stats
X-Tumblr-Pixel-2
X-GEO
X-Tumblr-Pixel-3
X-ECache
Cache-Hits
X-Nginx-Cache-Key
Web-Mar-Node
Xet-Cookie
X-Proto
X-Endurance-Cache-Level
X-M-Log
X-Tenant
X-M-Reqid
X-Time-Microsecs
X-Qnm-Cache
X-Cdn
X-Edge-Location
X-Akamai-Transformed
X-CSRF-Token
LB
X-Platform-Server
X-GG-Cache-Date
X-Trace-Id
Mime-Version
CloudFront-Viewer-Country
X-Mg-Request-UUID
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
HostName
X-PHP-Host
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-CACHE-KEY
X-Amz-Apigw-Id
X-Xfnlog-Site
N-Cache
X-B3-SpanId
X-RCS-CacheZone
X-Storefront-Renderer-Rendered
X-Locale
X-Handled-By
X-Cache-Tags
X-Request-Time
X-Adobe-Source
ServedBy
Upgrade-Insecure-Requests
X-Origin-Response-Time
X-Varnish-Cache-Hits
X-TIME
X-AOL-HN
X-VC-Cache
X-Cache-Remote
WPO-Cache-Status
WPO-Cache-Message
State
Rendered-Blocks
Expiry
Surrogated-Key
Fastcgi-X-Cache-Version
DSUID
Redirect-Candidate
A
DCR-Decision-By
Mobile-Detection-Method
X-A
Odigeo-Trace-Id
Origin
Pramga
DCR-Processing-Time-Ms
Meta-Geo-Continent
BehaviorPad-Version
X-External-Request-Id
X-S-Cookie
X-S
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-Rojux
X-Request-Host
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Processor
X-Shop-Environment
X-Slack-Backend
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-TIM-N
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-B-Cookie
X-ARC
X-Cache-Date
X-Cache-NE
X-CF-Lambda-Fn
X-Application
X-Aed
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Cluster
X-Conf
X-Ig-Push-State
X-NAPM-TraceId
X-ND-Cache
X-Orig-Expires
X-Ftr-Request-Id
X-Forwarded-Path
X-Connection-Hash
X-D
X-Destination
X-Developer
X-A-Ccd
X-CF-Lambda-Version
X-Via-NSCOPI
Nel
X-ATG-Version
Environment
X-Correlation-ID
X-Epic-Correlation-Id
X-Date
X-Core-Mission
X-Reqid
X-Forwarded-Site
X-Geo-Header
X-Gdpr
X-Fastly-Cache
Fastcgi-Cache-TTL
X-Ckpd-Fst-Backend
Vix-Hermes-Req-Id
V-Age
Host-ID
X-Accel-Expires-Debug
X-Cache-Bucket
X-Hnp-Log
X-Block-Status
X-Cache-Info
L
X-Li-Pop
X-Sucuri-Cache
X-Skip-Cache
X-Served-From
X-Scheme
X-Sucuri-ID
X-V-Cache
X-VServer
From-Origin
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Rocket-Nginx-Serving-Static
X-Proxy-Upstream
X-Nyt-Route
X-Men
X-Location
X-LI-UUID
X-Old-Content-Length
X-Origin-Expires
User-Cache-Control
X-Owner
X-Origin-Time
X-Li-Fabric
X-Gen-Mode
Datacenter
Cmstype
AKAMAI
Cmsid
X-MP-GENERATED-AT
AMP-Access-Control-Allow-Source-Origin
Server-Info
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Core-Value
Apple-News-Services-Handled
X-Fastly-Backend
Apple-News-Services-Request-Url
X-Device-Os
X-Developers
X-Cache-Id
Wxu-Next-Region
Candidate-Md5Url
Wxu-Next-Hostname
Wxu-Next-Commit
Web-Mar-Region
CacheControlHeader
X-Aicache-OS
X-Fetched-On
X-Bip
X-TH-Server
X-Ratelimit-Remaining
X-Cdn-Origin
X-Gamma-Serve
X-Server-IP
CDCHOST
X-Req
X-Region-Sid
Origin-CC
X-Sn-Servicetimems
Arc-Country
X-VarnishDD-TTL
X-Viewer-Country
X-TrackingId
X-Thinkindot-L3
X-Thanos
X-Policy
Origin-EX
X-HN
X-HS-Content-Campaign-Id
X-Hash
X-Gzip
X-Generated-On
X-BBC-Edge-Cache-Status
X-Level-Front-Cache
Req-Svc-Chain
Traceparent
X-NodeID
X-Mvc-Supplant-Cachable
X-Cache-Debug
X-Esi-Check
Svr
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Gh-Request-Id
Release
Server-Host
Locid
Fastly-GeoIP-CountryCode
Thinkindot-Control
PFcat
True-Client-Country-4JS
Machine
X-Qloud-Router
X-Is-Gdpr
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-RateLimit-Limit-Second
X-Datadog-Parent-Id
X-Envoy-Decorator-Operation
Mail-Subject
X-Request-URI
X-Zone
X-Irp-Debug
X-Has-Esi
X-RateLimit-Remaining-Second
X-DefHash
X-Origin
X-GeoIP
X-JWT-State
X-NU-AKA-ACS-Version
Adler-Geo
Is-Eu
X-GeoIP-City
X-Rocket-Build-Number
Platform
X-Loc
X-Pod-Name
X-DPWN-IS-SECURE
X-Platform
X-DefElseHash
X-Request-Start
X-UnsetCookies
X-Variation
X-Amzn-Remapped-Content-Length
X-Backend-State
X-EC-Lua
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Magnolia-Registration
X-Worker
X-Varnish-Remaining-TTL
We-Hiring
X-Branch-Name
X-Webstats-RespID
Cf-Device-Type
X-Rebelmouse-Surrogate-Control
X-Sigma
Fastly-SIE
NGX
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Sigma-Backend
X-Cache-Config
X-CS
X-FireWall-Port
X-Xrds-Location
Fastly-Drupal-Html
NM-Fastcgi-Cache
X-CGP
L5d-Success-Class
Memcached
X-FC-Vary-Parameters
HA-Ipaddr
Sslversion
X-Tx-Id
X-Csrf-Jwt
X-Cdn-Srv
WWW-Authenticate
X-Node-Id
Ha-Gx-Prefs
X-Eu-Site
CDN
X-Varnish-Beresp-Ttl
X-API-Version
Esi-Enabled
On-Server
X-Up
X-CLOUD-TRACE-CONTEXT
X-Trace-ID
X-NC
Pics-Label
X-LB-ID
WP-Super-Cache
Ssr
X-Response-By
X-Mvc-Supplant-OutputCached
X-Esi
X-Refresh
X-Service
X-Generated-In
X-Vc
C-Via
Ms-Author-Via
X-Datadome
X-LB-NoCache
X-Via-Popv
X-Cache-PHP
X-Tt-Logid
NtCoent-Length
Time
X-Backend-TTL
X-Via-Poph
Memory
X-Via-Popn
X-TA-CDN-Provider
X-DynaTrace-JS-Agent
X-Edge-Pop
X-GeoIP-Country-Code
X-Tb-Optimization-Total-Bytes-Saved
X-GeoIP-Region-Code
Env
X-Cache-Enabled
X-DC
X-NWS-UUID-VERIFY
X-Varnish-Ttl
X-Dynatrace
X-Optimistic-Header
X-TraceId
GeoIp-Country-Code
X-Cache-Status-Check
X-Parent-Response-Time
Magicmarker
X-Render-Time
X-Info
X-Varnish-Beresp-TTL
X-Ua-Device
X-Restarts
X-Servedbyhost
X-Unique-ID
X-TX-ID
Kp-EeAlive
Server-ID
X-ZONE
X-AIR-PT
X-CacheTTL
S-Rt
X-Cs
X-MSEdge-Features
X-Wix-Viewer-Type
X-DSS
X-MSEdge-Flight
X-DW
X-DI
X-Srv
X-DB
X-Action
X-RPS
X-Clientip
X-RSL
X-RPM
X-Cache-Backend
WebServer
Edge-Cache
X-Oss-Request-Id
X-VCL-Version
HIT
X-Webkit-Csp-Report-Only
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
UCS
X-Oss-Object-Type
Cache-Host
X-Cache-Ttl
S-Cnection
X-Minions-Version
X-App
X-Traceid
X-Li-Proto
X-HA-Backend
Proxy-Connection
X-Fpc
X-Newrelic-Synthetics
X-LI-Proto
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Lb
Section-Origin-Responded
Section-Io-Id
X-URL
Test
X-FPC
X-LiteSpeed-Cache-Control
X-Http-Reason
X-Micro-Cache
X-B3-Spanid
X-Vcl-Version
Fastly-Backend-Name
User-Agent
X-Akamai-Request-ID2
Server-Id
X-Webkit-CSP-Report-Only
X-NODE
X-Backend-Host
Geo-Info
Tcn
Accept-Language
X-Pad
X-Pass-Why
X-Ec-GeoHdr
X-Ec-Fail
X-Release
X-User
X-BCube-Filmed-By
X-ES-SERVER
X-Check-Cacheable
X-APP
X-Urbn-Site-Id
Fastly-Drupal-HTML
X-Urbn-Context-Path
Locale
X-LiteSpeed-Tag
X-HostName
Cf-Int-Pingora-Origin-Digest
Resin-Trace
X-CSRF-TOKEN
VNS-Cache
X-BBC-Origin-Response-Status
Path
CPC-Cache
CPC-Age
X-ID
X-ServedByHost
Cache-Key
EpKe-Alive
X-Amz-Meta-Cb-Modifiedtime
VNS-Age
X-Dynatrace-Js-Agent
Hostname
M-TraceId
Cdncip
Cdnsip
GeoIP-Country-Code
X-Ha-Backend
X-Clara-WADP
X-AK-Request-ID
X-Fmm-Version
X-WA-Info
X-WADP-Cache
Srv
X-Akamai-Pragma-Client-IP
Hit
X-WA
Ohc-File-Size
X-Geo
X-Cms-Context
X-Via-PopN
MIME-Version
X-PJAX-URL
X-Via-PopV
X-ElasticPress-Query
X-Via-PopH
Pagetype
Cluster
X-Edge-POP
ENV
X-Cdn-Forward
Shield-Pop
X-Wikidot-Static-Cache
X-Wikidot-Backend
MD5-Digest
X-Edge-Cache
Load-Balancing
Tracecode
Lfy
X-NGINX-Cache
X-CUA
X-From
X-Api-Version
X-HS-Status
My-App
X-Var-Ttl
X-Via-Ucdn
Geoip-Latitude
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Ucs
X-Fastly-Cache-Hits
X-ServerName
URI
T-Server
X-VG-WebServer
Sever-Int
Servername
Server-Hostname
IsBot
X-RAMCache
X-UP
Server-Ext
X-Fastly-Backend-Reqs
X-Fragments
W
Lang
X-GoCache-CacheStatus
X-SIPLIST1
X-Mcache
X-Cache-Expires
X-TRACE-ID
X-Dw-Trace-Id
Target-Params
X-Lb-Id
X-VC
WZWS-RAY
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Provided-By
PICS-Label
X-RateLimit-Reset
Cteonnt-Length
X-B3-ParentSpanId
Ohc-Cache-HIT
X-Nc
Cneonction
X-Cdn-Request-ID
Cdn
X-Swift-Error
X-Newrelic-App-Data
X-Via-CDN
X-Platform-Router
X-Platform-Processor
Dnion-Transfer-Encoding
X-Cc-Via
CF-Cached-On
X-Akamai-Request-ID
X-Platform-Cluster
HitType
X-Apw-Access-Object
X-Yottaa-OS
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Vha6-Origin
X-Snapshot-Date
X-Apw-Access-Action
X-Apw-Access-Token
Cf-Ipcountry
X-Apw-Hits
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Acquia-Site
Sid
X-Cache-Ngx
X-Air-Pt
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Last-Modified
GeoIP-Latitude
Server-Ttl
X-Te-Count
X-Http-Count
X-Http-Duration-Ms
Uri
X-Te-Duration-Ms
X-Sentry-ID
Req-ID
X-Varnish-Authentication
X-Logging-Id
X-CacheKey
X-UA
CountryCode
X-Lb-Nocache
X-HTML-Edge-Cache
Ngx
X-B3-Parentspanid
X-Miniprofiler-Ids
FSS-Cache