Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Report-To
NEL
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Content-Security-Policy
Feature-Policy
X-Iinfo
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-XSS-PROTECTION
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
P3p
X-Cache-Group
X-Turbo-Charged-By
EagleId
X-Backend
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Dns-Prefetch-Control
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-WebKit-CSP
EagleEye-TraceId
X-Dispatcher
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
X-Host
Allow
X-Node
X-Akamai-Path-Stats
X-Pingback
X-Server-Id
Accept-CH
Surrogate-Control
X-Backend-Server
X-Aws-Lambda-Call-Status
Request-Id
X-CST
X-Akam-SW-Version
X-Readtime
X-HW
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-Ua-Compatible
X-Trace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-Country
Cf-Edge-Cache
Fastly-Restarts
Accept-Ch-Lifetime
X-Vname
X-PC
X-TtlSet
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Server-Name
X-MS-InvokeApp
X-Rack-Cache
X-Clacks-Overhead
Edge-Control
X-Content-Type
RTSS
X-Varnish-TTL
X-ESI
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-Px
X-B3-TraceId
X-Ac
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Cdn-Fetch
X-Amz-Rid
Public-Key-Pins
X-Cnection
X-Dw-Request-Base-Id
X-Element-Page-Cache
Verso
X-D2id
X-Cache-TTL
X-Amz-Server-Side-Encryption
X-Navigation-Version
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
Service-Worker-Allowed
X-FastCGI-Cache
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Country-Code
X-Ser
X-Version
Arr-Disable-Session-Affinity
X-Ruxit-Js-Agent
X-GitHub-Request-Id
X-NF-Request-ID
Response
X-Middleton-Response
Access-Control-Request-Method
X-Goog-Hash
X-Edge
X-Upstream
X-Correlation-Id
AR-PoweredBy
AR-ATIME
AR-SID
AR-CACHE
AR-Request-ID
X-Kinsta-Cache
X-Ttl
X-Edge-Location-Klb
X-Cached
X-Webkit-Csp
MS-Author-Via
X-TTL
X-LLID
X-Kraken-Loop-Name
X-Instrumentation
SPRequestDuration
SPIisLatency
X-Server-Lifecycle-Phase
Nginx-Cache
X-NWS-LOG-UUID
X-Powered-CMS
X-RateLimit-Limit
Edge-Cache-Tag
TCN
X-Cache-Key
Mrf-Cache-Status
MRF-Tech
X-Litespeed-Cache
X-MSEdge-Ref
X-Forwarded-For
X-SharePointHealthScore
SPRequestGuid
Content-MD5
X-Shield-Request-Id
X-Id
X-Content-Security-Policy-Report-Only
X-B3-TraceId-Primal
X-T
X-Daa-Tunnel
X-Recruiting
S
X-Mg-S
X-Language
X-Protected-By
X-Jurisdiction
X-Content-Digest
X-HP-Trace-Id
X-HP-Webp
X-Ua-Device
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Frontend
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Ab
X-Content
X-Yandex-Sdch-Disable
Server-Node
X-Ua-Browser
Front-End-Https
X-Request-Processing-Time
X-Ezoic-Cdn
X-HS-Combine-CSS
X-Request-Received
Filters
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
MicrosoftSharePointTeamServices
X-Grace
Fastcgi-Cache
X-Accel-Expires
X-Mid
X-DataDome
X-Server-ID
X-Template
X-ECACHE
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Geo-Country
X-Hits
X-Ratelimit-Reset
X-Debug-Info
X-Origin-Server
TP-L2-Cache
X-Distributor
TP-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
Cleartype
X-Page-Id
Host
X-F-Cache
X-Git-Hash
X-DIS-Request-ID
X-B3-Sampled
X-Www-Served-By
Cross-Origin-Opener-Policy
X-DynaTrace
X-MCACHE
Cache-Tags
ServerID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-LB-Cache
X-Forwarded-Proto
X-PressLabs-Stats
Server-Name
Access-Control-Allow-Method
X-Cache-Age
X-Seen-By
Realpath
X-Cluster-Name
X-Activity-Id
X-AppVersion
X-Origin-Cache
X-WebKit-CSP-Report-Only
X-Az
X-Aspnetmvc-Version
X-Varnish-Age
Accept-Charset
X-Rid
X-Content-Options
Filterid
X-Type
X-Request-Handler-Origin-Region
X-FB-Debug
X-Upgrade-Enabled
X-Microsite
X-Mobile-URL
X-App-Environment
Cache-Status
X-Via-JSL
X-Varnish-Grace
Country
X-User-Agent
Node
Viewport
X-Tb
X-Wix-Request-Id
X-Signature
X-Whom
X-Route-Name
X-Drupal-Cache-Tags
Paypal-Debug-Id
DC
X-B-Cache
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
X-Aspnet-Duration-Ms
X-TT
X-NWS-UUID-VERIFY
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-Oracle-Dms-Ecid
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-VCache
X-GUploader-UploadID
X-Oracle-Dms-Rid
X-XRDS-LOCATION
Fastcgi-Useragent
Protected
X-Nginx-Upstream-Cache-Status
X-Varnish-Backend
X-Fastly-Request-ID
Retry-After
X-Contextid
X-Amz-Replication-Status
Payment
X-B
X-Cache-NGX
X-Fastly-Request-Id
X-Debug
X-Fastcgi-Cache
X-N
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Parallel-Accel
X-Logged-In
X-XRDS-Location
X-Hostname
X-Load-Cache
WPO-Cache-Status
WPO-Cache-Message
Surrogate-Key
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
X-Node-Name
X-Cache-Control
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Buckets
X-Mobile
Count-Hit
X-Trace-Id
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
Akamai-GRN
X-Proxy
X-Cache-Rule
Uber-Trace-Id
X-Rendered-As
X-Real-IP
X-Akamai-Request-ID2
X-Revision
X-Cache-Time
X-UUID
X-Zen-Fury
X-G
VIX-Pulpo-Node
X-Is-Bot
X-Jobs
X-IPLB-Instance
VIX-Pulpo-Upstream-Status
X-Framework
Refresh
Alternate-Protocol
Healthy
X-Cacheable-TTL
X-Page-View
X-Http-Reason
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Drupal-Cache-Contexts
X-Instance
X-Proxy-Cache-Status
NGB
X-Debug-IsPreview
X-Device-Type
X-Debug-IsConnected
X-Vgn-Hpd-Reason
X-Cache-TTL-Remaining
Access-Control-Request-Headers
Content-Disposition
From-Origin
X-Amz-Meta-S3cmd-Attrs
X-Adobe-Content
X-Adobe-Loc
X-Source
Url
X-Cache-Expired-At
Version
X-Servername
X-Cache-Grace
Referer-Policy
Accept-Language
X-Cache-Hit
X-Varnish-Server
X-Oneagent-Js-Injection
X-App-Server
X-Ratelimit-Remaining
X-Environment-Context
X-L-Path
X-FW-Version
X-EdgeConnect-Cache-Status
X-Cache-Action
X-Mg-Request-UUID
X-NGENIX-Cache
MS-CV
Cross-Origin-Window-Policy
Ms-Operation-Id
X-RTag
Permissions-Policy
X-Hyper-Cache
X-RemovedCookies
X-ProcessESI
X-IPS-LoggedIn
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-ECache
Countrycode
X-Restarts
CF-IPCountry
Backend
Content-Secure-Policy
X-NYM-Debug-Backend
X-Rule
Liferay-Portal
Ec-Rule-Version
X-COUNTRY
X-Datadome
WP-Super-Cache
X-OCL
X-Cache-Server
X-Nginx-Cache
X-PCL
X-Redis-Cache
X-RN-RSRV
X-UPSTREAM-Address
Meta-Geo
Upgrade-Insecure-Requests
X-Unique-Id
X-Format
X-Access
Apigw-Requestid
X-Content-Age
X-Generation-Time
X-HTML-Minification-Powered-By
X-Mcache
X-No-Session
Cache-Tv-Group
X-Mode
X-Cache-Enabled
X-Section
X-Detected-As
X-FB-TRIP-ID
Frame-Options
X-Ua
X-Cluster-Node
Azure-InstanceId
Azure-SlotName
Azure-RegionName
Azure-SiteName
TWC-Locale-Group
X-Request-Time
X-Urbn-Context-Path
X-Region
X-PHP-Backend
X-Be
X-Say-Cacheable
X-Akamai-Edgescape
X-AOL-HN
X-ApacheServer
X-PERF
X-Origin-Hint
X-Origin-Date
X-Human
X-Hosted-By
X-Web-Node
X-Via-Fastly
X-Urbn-Site-Id
X-Uri
X-Varnish-Cache-Hits
X-Say-TTL
X-SayCDN-TTL
X-Site-Version
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
S-Rt
Property-Id
Fastly-SSL
Locale
Mn-Server-Ip
X-Generated-By
TWC-Privacy
X-Storage
X-Server-W
X-UA-Device-Type
X-Sql-Duration-Ms
X-Sql-Count
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
Azure-Version
TWC-Connection-Speed
Section-Io-Cache
X-Accel-Buffering
X-APP-VERSION
X-Cache-Operation
X-Platform-Server
X-BYPASS-REASON
X-ProxyCache-Key
X-Nginx-Cache-Key
Eomportal-Instance
X-Forwarded-Host
X-ProxyCache-Status
X-Debug-Cache
X-Cache-Host
CDN-Cache
CDN-Uid
X-Status
X-Cache-Type
X-Xfnlog-Site
CDN-RequestId
CDN-RequestCountryCode
X-Content-Powered-By
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
X-Cache-Tags
X-Backend-Name
X-Alternate-Cache-Key
X-Hl-Ver
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Tid
X-Varnishpool
X-Zipkin-Id
X-Shopify-Stage
X-ShopId
X-Routing-Service
X-Proxied
X-SaId
X-ServerID
X-ShardId
X-JoinUs
X-Extlb
X-Webkit-CSP
ServedBy
X-Cache-Remote
X-Adobe-Source
X-Rewrite-Enabled
SID
Xserver
X-NewRelic-App-Data
X-Ratelimit-Limit
X-Handled-By
LB
X-Timing-Wait
Selected-Fe
X-Proxy-Build
Webserver
X-TT-LOGID
X-GG-Cache-Date
X-Pubstack
X-Soup
SRV
X-PHP-Host
X-Labrador-Cache-Channel
X-Locale
X-LSADC-Cache
X-AWS-Id
X-Dc
X-VWS-Id
X-LJ-Flow-ID
X-Cached-By
X-VC-Cache
Mime-Version
Fastly-Drupal-Html
Country-Code
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-CDN-Forward
X-Microcachable
X-Request-Host
X-GEO
X-Edge-Location
X-Reqid
X-Proto
Web-Mar-Node
X-Storefront-Renderer-Rendered
Xet-Cookie
X-App-Version
X-Ms-Request-Id
Onion-Location
X-Ms-Version
X-Origin-TTL
X-Origin-CC
X-Tec-Api-Root
Server-Info
X-Tec-Api-Version
X-Tec-Api-Origin
X-NCache
X-Varnish-Hostname
X-TA-CDN-Provider
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Tumblr-Pixel-3
X-TIME
X-R9-Blue-Green-Version
DynaTrace
Cache-Hits
X-SRV
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Bc-Bl
X-Cms-Context
X-Cluster
Cache-Name
X-Varnish-Beresp-Grace
X-B3-SpanId
X-CSRF-Token
X-Varnish-Hits
X-Azure-Ref
X-Amz-Apigw-Id
DB-Nickname
X-Amzn-RequestId
X-Endurance-Cache-Level
X-RCS-CacheZone
X-Origin-Response-Time
Pramga
X-GeoCode
X-Cache-Id
X-Cache-NE
X-AK-Request-ID
X-Aed
X-Cache-Bucket
Cdnsip
X-GeoCountry
Cdncip
Cmstype
X-External-Request-Id
X-Esi-Check
X-ARC
Expiry
X-Application
Fastcgi-X-Cache-Version
X-B-Cookie
X-A-Wwc
Load-Balancing
DCR-Decision-By
DCR-Processing-Time-Ms
X-Epic-Correlation-Id
Cmsid
X-Cdn-Srv
Mobile-Detection-Method
X-A
Sslversion
X-Envoy-Decorator-Operation
X-A-Ccd
A
Host-ID
X-D
X-Destination
Lang
Surrogated-Key
Meta-Geo-Continent
X-Developer
NM-Fastcgi-Cache
X-A-Dam
X-CF-Lambda-Fn
X-Ec-Fail
T-Server
X-A-Dgt
X-Ec-GeoHdr
X-CF-Lambda-Version
Odigeo-Trace-Id
X-A-Dcw
X-Connection-Hash
X-Conf
Rendered-Blocks
X-Forwarded-Path
BehaviorPad-Version
X-LAGOON
X-NodeID
X-From
X-Session-Fingerprint
X-Rojux
X-NAPM-TraceId
X-User
X-SRCache-Key
X-Men
X-Tenant
X-Vdms-Version
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-TrackingId
X-Processor
X-TIM-N
X-Presslabs-Stats
X-Vdms-Path
X-Orig-Expires
X-S
X-VG-WebCache
X-Ftr-Request-Id
X-S-Cookie
X-Hash
X-Magnolia-Registration
X-Gzip
X-Shop-Environment
X-Webstats-RespID
X-Vtex-Remote-Cache
X-Via-NSCOPI
X-Vtex-Processado-Em
Xc-Version
X-Ig-Push-State
X-SD-PageType
X-ScT
X-HS-Content-Campaign-Id
X-Geo-Header
Environment
X-Tx-Id
X-SVT-ORM-RULES
X-Block-Status
X-Slack-Backend
X-Amzn-Remapped-Content-Length
X-TNCMS
X-Sigma-Backend
X-SVT-ORM-VERSION
X-Sigma
Wxu-Next-Hostname
State
X-Viewer-Country
Svr
User-Cache-Control
Ssr
X-WADP-Cache
X-Worker
X-Wix-Viewer-Type
Server-Host
V-Age
Vix-Hermes-Req-Id
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
Wxu-Next-Region
Wxu-Next-Commit
We-Hiring
X-VG-TLSProxy
Web-Mar-Region
X-V-Cache
X-Rocket-Build-Number
X-Loop
X-DW
X-Location
Platform
X-Mvc-Supplant-Cachable
X-Node-Id
X-DPWN-IS-SECURE
X-Nyt-Route
X-DSS
X-JWT-State
X-Is-Gdpr
X-Gdpr
X-Fastly-Cache
X-Fetched-On
X-Fmm-Version
X-Gen-Mode
X-GeoIP
X-Irp-Debug
X-Hnp-Log
X-Has-Esi
X-DI
X-Device-Os
X-Clara-WADP
X-Request-URI
X-Core-Mission
X-Core-Value
X-Ckpd-Fst-Backend
X-RPM
X-Cache-Info
X-RSL
X-RPS
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Origin-Expires
X-Origin
X-Old-Content-Length
X-Developers
X-Origin-Time
X-DefHash
X-Planisys-CDN-Cache
X-DB
X-DefElseHash
X-Scheme
X-Cache-Backend
Adler-Geo
AKAMAI
Apple-News-Services-Handled
Fastly-GeoIP-CountryCode
X-Varnish-Ttl
Machine
Is-Eu
Mail-Subject
Apple-News-Services-Host
Memcached
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Cache
CDN
X-Eu-Site
X-Generated-On
X-Gamma-Serve
X-Cache-Date
X-Httpd
X-HN
X-GeoIP-City
X-Datadog-Trace-Id
X-Cdn-Origin
Source
Arc-Country
CDCHOST
X-Csrf-Jwt
X-CGP
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Date
X-Minions-Version
X-VarnishDD-TTL
Origin-EX
X-Rocket-Nginx-Serving-Static
X-Response-By
X-Region-Sid
X-Served-From
X-Akamai-Transformed
X-Sn-Servicetimems
X-Thinkindot-L3
X-Skip-Cache
GEO-INFO
X-Server-IP
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Platform
X-Pod-Name
Producers
CloudFront-Viewer-Country
X-Loc
X-Policy
X-Proxy-Cache-Info
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-VServer
X-Qloud-Router
X-Proxy-Upstream
X-Level-Front-Cache
X-Forwarded-Site
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
N-Cache
X-Accel-Expires-Debug
X-Aicache-OS
Req-Svc-Chain
Fastly-SWR
Thinkindot-Control
Gh-Request-Id
Kp-EeAlive
L5d-Success-Class
L
Cluster
Locid
Ha-Gx-Prefs
HA-Ipaddr
Fastly-SIE
Traceparent
Redirect-Candidate
PFcat
Origin
X-BBC-Edge-Cache-Status
X-Auto-Login
Release
Origin-CC
X-Branch-Name
Fastcgi-Cache-TTL
Fusion-Source
X-TraceId
Fusion-Deployment-Id
Fusion-Template-Id
X-EC-Lua
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
DSUID
HostName
X-SB
X-GeoIP-Country-Code
X-Optimistic-Header
NGX
X-GeoIP-Region-Code
X-Parent-Response-Time
X-CS
X-Midtier
X-NC
X-Ec-Custom-Error
X-Pool
AMP-Access-Control-Allow-Source-Origin
X-Owner
X-Tt-Logid
X-WP-CF-Super-Cache-Cache-Control
X-CacheTTL
Pics-Label
MD5-Digest
X-API-Version
X-Srv
X-Cache-Debug
Env
X-Tb-Optimization-Total-Bytes-Saved
X-WP-CF-Super-Cache
X-Refresh
X-Ah-Environment
X-LB-NoCache
Time
X-Udemy-Cache-App-Namespace
X-Edge-Pop
Memory
X-Mvc-Supplant-OutputCached
X-Dispatcher-Number
Servername
CacheControlHeader
X-Newrelic-Synthetics
Ms-Author-Via
X-ZONE
Sever-Int
X-Scale
IsBot
X-SIPLIST1
X-Via-Ucdn
X-Action
X-Generated-In
X-TH-Server
X-Time
True-Client-Country-4JS
Server-Ext
Server-Hostname
X-VC
GeoIp-Country-Code
X-Via-Popn
Geo-Info
X-Backend-TTL
X-Via-Poph
X-Via-Popv
X-Xrds-Location
X-Vc
X-Servedbyhost
X-Wikidot-Backend
X-IPLB-Request-ID
Ohc-File-Size
X-HA-Backend
X-Wikidot-Static-Cache
FSS-Cache
X-S-Maxage
Datacenter
X-Ad-Defer-Variation
Candidate-Md5Url
X-BCube-Filmed-By
Cache-Key
X-Amz-Meta-Cb-Modifiedtime
Client
Edge-Cache
X-Req
X-CACHE-KEY
X-RateLimit-Reset
X-Zone
VNS-Age
X-Contensis-Viewer-Groups
My-App
CPC-Cache
X-DC
CPC-Age
X-Varnish-Beresp-TTL
X-VCL-Version
XM
Geoip-Latitude
X-Cache-ASPX
VNS-Cache
X-Origin-Upstream-Status
X-SplitTest
X-WA-Info
X-Dynatrace
Server-ID
X-Provided-By
Fastly-Backend-Name
X-Varnish-Authentication
ITXSESSIONID
X-Cs
X-VHOST
Hostname
DataCenter
Path
X-Up
X-Micro-Cache
X-Trace-ID
X-LB-ID
X-AIR-PT
X-Cache-Status-Check
Ohc-Cache-HIT
X-TX-ID
X-FireWall-Port
X-Fpc
NtCoent-Length
OT-Force-Account-Verify
Cache-Host
X-Pass-Why
True-Client-IP
X-Li-Fabric
Ngx.Var.Host
X-Webkit-Csp-Report-Only
X-Li-Pop
X-LI-UUID
X-NGINX-Cache
Test
X-UnsetCookies
X-B3-Spanid
X-ND-Cache
X-Traceid
X-FPC
X-Varnish-Beresp-Ttl
X-CSRF-TOKEN
XkeyRZ
X-Proxy-CacheRZ
X-Clientip
X-CUA
Lb
X-Time-Microsecs
Cf-Int-Pingora-Origin-Digest
X-Api-Version
X-RAMCache
X-Fragments
Cf-Device-Type
Tracecode
Target-Params
Powered-By
X-Azure-Ref-OriginShield
X-Correlation-ID
X-Beluga-Status
X-ATG-Version
X-Cdn-Request-ID
Proxy-Connection
X-Sucuri-Cache
X-FC-Vary-Parameters
X-Sucuri-ID
X-Fastly-Backend
X-Var-Ttl
Lfy
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Cache-Status
Server-Id
User-Agent
X-Webkit-CSP-Report-Only
X-Vcl-Version
X-MSEdge-Features
X-MSEdge-Flight
X-CLOUD-TRACE-CONTEXT
X-DynaTrace-JS-Agent
X-Li-Proto
X-M-Log
X-URL
X-Via-PopH
Uri
X-M-Reqid
X-Ha-Backend
X-Via-PopN
X-Dmc
X-Via-PopV
X-INCAP-ABP
GeoIP-Latitude
X-Platform-Router
X-B3-Traceid-Primal
X-Platform-Processor
X-Varnish-Beresp-Status
X-Qnm-Cache
WZWS-RAY
Resin-Trace
X-ServedByHost
X-NU-AKA-ACS-Version
X-Platform-Cluster
X-Geo
X-Backend-State
X-Fastly-Backend-Reqs
GeoIP-Country-Code
X-HS-Status
X-Render-Time
X-Cdn-Forward
Sid
Magicmarker
X-Check-Cacheable
MIME-Version
X-Akamai-Pragma-Client-IP
X-Alfa-Service
Epwk-X-Cache
X-CCDN-CacheTTL
X-Backend-Host
X-LI-Proto
X-Fetch-By
Srvid
X-Request-Start
Rip
X-Hcs-Proxy-Type
X-Proxy-Cache-Hk
C-Via
X-CCDN-Origin-Time
X-TRACE-ID
Fastly-Drupal-HTML
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Bip
Tube-Return
ENV
Click-Count-Error
X-Thanos
Click-Count-Action-Start
Tube-Get-Contents
Tube-Got-Eval
X-Gateway-Cache-Key
X-Service
X-Newrelic-App-Data
Tube-Got-Results
X-Gateway-Skip-Cache
X-Esi
Cdn
X-LiteSpeed-Cache-Control
X-Edge-POP
Server-Ttl
Esi-Enabled
WebServer
X-Lb-Nocache
X-App
PICS-Label
ServerName
X-Cache-CFC
XServer
X-Cache-Expires
X-ElasticPress-Query
X-MG-S
X-Srcache-Fetch-Status
X-Srcache-Store-Status
CF-Cached-On
Tcn
CountryCode
X-Yottaa-OS
Section-Io-Origin-Time-Seconds
HIT
On-Server
Section-Io-Origin-Status
Section-Origin-Responded
X-Cache-Config
M-TraceId
Section-Io-Id
X-Acquia-Site
X-Acquia-Purge-Tags
X-Vcache
X-Acquia-Application-UUID
D-Url-Rewrites
Cf-Ipcountry
X-Acquia-Application-Trace
X-BBC-Origin-Response-Status
Wpo-Cache-Status
X-Serial
Srv
Inserted-Into-Cache-At
X-Nc
Wpo-Cache-Message
Servedby
Warning
X-HostName
Hit
X-APP
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Release
Ngx
Cneonction
X-Akamai-Request-ID
X-Snapshot-Date
X-Akamai-ERRuleID
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Tag
X-B3-Parentspanid
X-IN-APIGATEWAY
X-Akamai-ERPolicy
X-Request-Url
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
X-CF-Powered-By
Content-Style-Type
Content-Script-Type
Cteonnt-Length
X-Dist-Code
X-Swift-Error
X-Dw-Trace-Id
X-Request-URL