Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Request-ID
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
Report-To
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-Pingback
X-OneAgent-JS-Injection
NEL
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Ruxit-JS-Agent
Accept-CH-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-PC
X-TtlSet
Allow
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Varnish-TTL
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
X-Aws-Lambda-Call-Status
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-Vcap-Request-Id
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cnection
X-Cache-TTL
X-Px
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
RTSS
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-Kinja-Build
X-Kinja-Server
X-NF-Request-ID
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Use-Magma
X-Goog-Hash
X-Origin-Cache
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
AR-CACHE
X-Powered-CMS
X-Version
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
Accept-Ch
X-MSEdge-Ref
X-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
X-Edge
TCN
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Protected-By
X-RateLimit-Remaining
X-T
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
Content-MD5
S
Edge-Cache-Tag
Fastcgi-Cache
X-Language
SPIisLatency
SPRequestDuration
X-Mid
Front-End-Https
Realpath
X-CST
X-Recruiting
X-Request-Received
X-Request-Processing-Time
X-Pinterest-Rid
Filters
Pinterest-Version
X-DynaTrace
Pinterest-Generated-By
Server-Node
X-MCACHE
X-Frontend
Server-Name
X-Content
X-Ab
X-Ua-Browser
X-Ruxit-Js-Agent
X-Ttl
X-HS-Content-Id
X-HS-Cache-Config
X-Ser
X-HS-Hub-Id
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-NWS-LOG-UUID
X-ECACHE
X-SharePointHealthScore
X-Correlation-Id
X-Ezoic-Cdn
SPRequestGuid
X-Template
X-Cache-Key
X-Hits
X-Parallel-Accel
Fusion-Content-Source
Fusion-Component-Id
Alternate-Protocol
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
X-Page-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Charset
Host
X-B3-Sampled
Cleartype
MicrosoftSharePointTeamServices
X-Content-Options
X-Www-Served-By
X-Git-Hash
X-Webkit-CSP
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Amzn-Trace-Id
X-Daa-Tunnel
X-Hostname
X-Amz-Replication-Status
X-Content-Digest
X-Varnish-Age
X-Fastly-Request-Id
Filterid
X-Az
X-Activity-Id
X-Ratelimit-Limit
X-AppVersion
X-Upgrade-Enabled
X-FB-Debug
X-Accel-Expires
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-VCache
X-N
X-Grace
X-Rid
X-Origin-Server
X-XRDS-LOCATION
X-Nginx-Upstream-Cache-Status
TP-Cache
X-F-Cache
ServerID
TP-L2-Cache
Access-Control-Allow-Method
X-Mobile-URL
X-Flags
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-LB-Cache
X-Aspnet-Duration-Ms
X-Server-ID
X-TT
X-Whom
Viewport
X-Type
X-Varnish-Grace
X-Seen-By
X-App-Environment
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Tb
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-WebKit-CSP-Report-Only
X-Distributor
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Type
Payment
X-FW-Server
Node
DC
Paypal-Debug-Id
X-App-Server
X-User-Agent
X-Oneagent-Js-Injection
X-DataDome
Fastcgi-Useragent
X-Wix-Request-Id
Accept-Charset
Country
X-NGENIX-Cache
X-Cache-Control
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Fastcgi-Cache
X-Cache-Rule
X-Fastly-Request-ID
Version
X-Logged-In
X-Via-JSL
Referer-Policy
X-Request-Handler-Origin-Region
X-Drupal-Cache-Tags
X-Microsite
X-Ratelimit-Reset
X-Tec-Api-Root
X-Cluster-Name
X-Tec-Api-Origin
X-Tec-Api-Version
X-Cache-Age
X-Buckets
X-Erf-Bev-Bev-Is-Generated
X-B-Cache
Refresh
X-Erf-Bev-Bev
X-Browser-Type
X-Signature
Cache-Status
X-Contextid
X-Varnish-Backend
X-Load-Cache
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
X-Node-Name
VIX-Pulpo-Node
X-Vgn-Hpd-Reason
X-Rendered-As
X-Is-Bot
X-Cache-Expired-At
X-Page-View
X-Real-IP
X-Mobile
NGB
X-Debug
Access-Control-Request-Headers
X-Proxy-Cache-Status
Amp-Access-Control-Allow-Source-Origin
X-Cacheable-TTL
X-Jobs
X-B
X-Yottaa-Optimizations
X-Proxy
X-IPLB-Instance
X-Rule
X-Yottaa-Metrics
X-ProcessESI
X-UUID
X-Revision
X-RemovedCookies
X-Device-Type
Surrogate-Key
X-Instance
X-Drupal-Cache-Contexts
Akamai-GRN
X-Cache-Action
X-Cache-Time
X-Debug-IsConnected
X-Debug-IsPreview
X-Framework
X-FW-Version
X-G
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
SID
DynaTrace
CF-IPCountry
X-Azure-Ref
X-PressLabs-Stats
X-TEC-API-VERSION
X-TEC-API-ROOT
Liferay-Portal
X-Accel-Buffering
X-TEC-API-ORIGIN
X-Nginx-Cache
X-Source
GEO-INFO
X-Ms-Request-Id
X-Ms-Version
Count-Hit
X-Presslabs-Stats
Uber-Trace-Id
X-Cache-Operation
X-XRDS-Location
Frame-Options
Ms-Operation-Id
X-Cache-NGX
MS-CV
X-CDN-Forward
X-RTag
Healthy
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Zen-Fury
Countrycode
X-Cache-Hit
Xserver
X-Backend-Name
X-Varnish-Server
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-L-Path
X-Tumblr-Pixel
X-Environment-Context
X-Mode
Ec-Rule-Version
Protected
Cross-Origin-Window-Policy
X-RateLimit-Limit
X-IPS-LoggedIn
X-Ratelimit-Remaining
X-Region
X-Cache-TTL-Remaining
X-Servername
X-Forwarded-Host
X-UPSTREAM-Address
X-JoinUs
X-Rewrite-Enabled
X-Tid
X-RN-RSRV
Meta-Geo
X-Detected-As
Backend
X-SaId
Decoy-Debug-Key
Decoy-Debug-Status
X-Sql-Count
Eomportal-Instance
Decoy-Debug-TTL
LB
Apigw-Requestid
Country-Code
X-Cache-Server
X-Extlb
X-Sorting-Hat-ShopId
X-Debug-Cache
X-Generation-Time
X-Hosted-By
X-Hyper-Cache
X-Sql-Duration-Ms
X-Alternate-Cache-Key
X-Cache-Grace
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Uri
X-Proxied
X-Content-Powered-By
X-Redis-Cache
X-Routing-Service
X-ShardId
X-Zipkin-Id
WPO-Cache-Message
WPO-Cache-Status
X-ShopId
X-Origin-Date
Mn-Server-Ip
X-Content-Age
Section-Io-Cache
X-Site-Version
X-Adobe-Content
X-Status
X-ApacheServer
X-PERF
X-Adobe-Loc
Url
Cache-Name
X-Varnish-Beresp-Grace
X-Human
X-NCache
X-No-Session
X-FB-TRIP-ID
X-Via-Fastly
X-ServerID
X-PHP-Backend
X-Format
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
Fastly-SSL
X-ProxyCache-Key
X-Origin-Hint
Property-Id
Selected-Fe
X-Proxy-Build
TWC-Connection-Speed
X-BYPASS-REASON
X-Cluster-Node
X-Cache-Type
X-Microcachable
X-Access
X-UA-Device-Type
X-NYM-Debug-Backend
X-Storage
X-Timing-Wait
X-OCL
X-Server-W
X-Section
X-ProxyCache-Status
Webcakes-App-Name
X-Pubstack
Webcakes-Region
X-PCL
X-Cache-Host
X-Akamai-Edgescape
TWC-Privacy
Webcakes-App-Version
Cache-Tv-Group
X-NewRelic-App-Data
CDN-Cache
CDN-CachedAt
X-Varnishpool
X-SayCDN-TTL
CDN-PullZone
CDN-RequestId
X-Hl-Ver
X-R9-Blue-Green-Version
CDN-Uid
Content-Disposition
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Say-Cacheable
X-Web-Node
X-Say-TTL
Azure-Version
X-Be
Azure-InstanceId
Content-Secure-Policy
DB-Nickname
X-Azure-Ref-OriginShield
X-Generated-By
Azure-SiteName
X-Soup
Azure-SlotName
Azure-RegionName
X-Trace-Id
X-Webkit-Csp
X-Ua
X-LSADC-Cache
X-TIME
OT-Force-Account-Verify
X-Cached-By
X-Nginx-Cache-Key
X-Dc
SRV
Source
Retry-After
X-Bc-Bl
X-TT-LOGID
Cache
X-Unique-Id
X-Auto-Login
X-LAGOON
X-SRV
X-Platform-Server
X-Cache-Remote
X-Cdn
X-Varnish-Hits
X-App-Version
X-Xfnlog-Site
X-Akamai-Transformed
Cache-Hits
HostName
X-Varnish-Hostname
X-GEO
X-Correlation-ID
X-Origin-CC
X-HTML-Minification-Powered-By
X-Origin-TTL
X-Cache-Tags
X-S-Maxage
ServedBy
Onion-Location
Xet-Cookie
X-Loop
Mime-Version
X-TNCMS
X-CSRF-Token
X-Varnish-Cache-Hits
X-Amz-Meta-S3cmd-Attrs
X-Time
Upgrade-Insecure-Requests
Web-Mar-Node
X-Tumblr-Pixel-3
X-Request-Time
X-Tumblr-Pixel-2
X-EC-Lua
Webserver
X-AOL-HN
From-Origin
WP-Super-Cache
N-Cache
X-Request-Host
X-ECache
X-Endurance-Cache-Level
X-Tenant
X-Proto
X-Cache-Var-Map
X-LJ-Flow-ID
X-AWS-Id
X-Cache-Var
X-VWS-Id
X-FireWall-Port
X-B3-SpanId
X-Cache-Enabled
X-GG-Cache-Date
Nel
X-Time-Microsecs
X-NWS-UUID-VERIFY
X-Origin-Response-Time
X-Edge-Location
X-Ftr-Request-Id
X-A-Dam
Vix-Hermes-Req-Id
X-Forwarded-Path
X-A-Dcw
X-A
X-ARC
V-Age
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-CF-Lambda-Fn
X-Handled-By
X-B-Cookie
X-Block-Status
X-Cache-NE
X-Cluster
X-Conf
X-A-Wwc
X-Destination
X-Developer
X-External-Request-Id
X-Aed
X-D
X-Connection-Hash
X-Application
X-Aicache-OS
X-A-Dgt
X-PAYTM-SRV-ID
X-SD-PageType
X-ScT
Meta-Geo-Continent
X-Session-Fingerprint
X-Shop-Environment
Mobile-Detection-Method
X-S-Cookie
Odigeo-Trace-Id
Pramga
X-Gen-Mode
X-S
X-Mg-Request-UUID
X-Slack-Backend
X-SRCache-Key
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
DCR-Decision-By
Xc-Version
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-VG-WebCache
X-TIM-N
X-V-Cache
X-Vdms-Path
X-Vdms-Version
X-Processor
X-Rojux
X-ND-Cache
X-NAPM-TraceId
Expiry
Redirect-Candidate
X-Orig-Expires
BehaviorPad-Version
X-Via-NSCOPI
A
User-Cache-Control
X-Hnp-Log
X-Ig-Push-State
Sslversion
Surrogated-Key
X-A-Ccd
X-PBS-Appsvrname
X-Planisys-CDN-Cache
Rendered-Blocks
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-PHP-Host
CloudFront-Viewer-Country
X-Amz-Apigw-Id
X-Varnish-Ttl
X-MP-GENERATED-AT
X-Amzn-RequestId
X-Labrador-Cache-Channel
Wxu-Next-Region
Origin
Fastcgi-Cache-TTL
Wxu-Next-Hostname
State
Wxu-Next-Commit
Svr
True-Client-Country-4JS
Host-ID
Gh-Request-Id
X-NodeID
X-Request-URI
X-Scheme
X-RCS-CacheZone
X-Proxy-Upstream
X-Origin-Time
X-Policy
X-Server-IP
X-SVT-ORM-RULES
X-Backend-TTL
X-Epic-Correlation-Id
X-Webstats-RespID
X-Viewer-Country
X-SVT-ORM-VERSION
X-Origin-Expires
X-Old-Content-Length
X-Fastly-Cache
X-Forwarded-Site
X-Date
X-Cache-Date
X-Cache-Bucket
X-Gdpr
X-Geo-Header
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Men
X-Location
X-Hash
X-Accel-Expires-Debug
X-Cdn-Srv
AMP-Access-Control-Allow-Source-Origin
Cmsid
Cmstype
AKAMAI
Arc-Country
CacheControlHeader
CDCHOST
Fastly-Drupal-Html
X-Reqid
DSUID
X-Magnolia-Registration
X-Adobe-Source
Environment
X-Fetched-On
X-Fastly-Backend
X-Eu-Site
X-Esi-Check
X-Origin
X-Branch-Name
X-GeoIP
X-GeoIP-City
X-GeoIP-Region-Code
X-Generated-On
X-Cache-Debug
X-Gamma-Serve
X-Rocket-Nginx-Serving-Static
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Core-Value
X-VG-TLSProxy
X-Core-Mission
X-Datadog-Trace-Id
X-Developers
X-Cache-Id
X-CGP
X-Cdn-Origin
X-VarnishDD-TTL
X-Gzip
X-Envoy-Decorator-Operation
X-HS-Content-Campaign-Id
X-M-Reqid
X-M-Log
X-Served-From
X-Request-Start
X-Req
X-RateLimit-Remaining-Second
X-Region-Sid
X-Skip-Cache
X-Sn-Servicetimems
X-TrackingId
X-UnsetCookies
X-Varnish-Beresp-Status
X-TH-Server
X-Sucuri-ID
X-Storefront-Renderer-Rendered
X-Sucuri-Cache
X-RateLimit-Limit-Second
X-Qnm-Cache
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Level-Front-Cache
X-Irp-Debug
X-HN
X-Backend-State
X-Cache-Info
X-Locale
Apple-News-Services-Handled
X-Platform
X-Owner
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-GeoIP-Country-Code
X-Device-Os
L5d-Success-Class
Locid
L
Release
PFcat
Origin-EX
Machine
Mail-Subject
Ssr
Traceparent
We-Hiring
Web-Mar-Region
Server-Info
Server-Host
HA-Ipaddr
Origin-CC
Ha-Gx-Prefs
X-Xrds-Location
Adler-Geo
Cf-Device-Type
X-DPWN-IS-SECURE
Fastly-GeoIP-CountryCode
NM-Fastcgi-Cache
X-DefHash
X-VC-Cache
X-Worker
X-DefElseHash
Req-Svc-Chain
X-Sigma
X-Rocket-Build-Number
X-FC-Vary-Parameters
Thinkindot-CacheControl
X-Node-Id
TDXMobile
X-BBC-Edge-Cache-Status
Thinkindot-CacheControl-Type
X-Bip
X-Amzn-Remapped-Content-Length
X-NU-AKA-ACS-Version
Thinkindot-Control
X-JWT-State
X-Varnish-Remaining-TTL
X-ATG-Version
X-VServer
X-Thanos
X-Rebelmouse-Surrogate-Control
Fastly-SIE
X-Response-By
Fastly-SWR
Platform
S-Rt
Is-Eu
X-Varnish-CookieINHashed-On
X-Rebelmouse-Cache-Control
X-Variation
X-Varnish-CookieHashed-On
X-Pod-Name
X-Has-Esi
X-Zone
X-Sigma-Backend
X-Is-Gdpr
Memcached
X-Qloud-Router
X-Thinkindot-L3
X-Ua-Device
X-Varnish-Beresp-Ttl
X-Mvc-Supplant-OutputCached
X-CLOUD-TRACE-CONTEXT
NGX
Magicmarker
X-Loc
X-CS
X-Tx-Id
X-Restarts
X-API-Version
X-Akamai-Request-ID2
X-Cache-Config
X-Up
X-Http-Reason
X-LB-ID
X-CACHE-KEY
X-NC
CDN
Ms-Author-Via
X-Trace-ID
Pics-Label
Kp-EeAlive
X-Generated-In
Edge-Cache
Time
Memory
X-RSL
X-Wix-Viewer-Type
X-TraceId
X-DW
X-RPM
X-DSS
X-DI
X-Action
X-DB
X-LB-NoCache
X-Cache-Backend
X-RPS
X-Tb-Optimization-Total-Bytes-Saved
NtCoent-Length
X-Refresh
X-Edge-Pop
Candidate-Md5Url
X-Via-Popn
X-Via-Poph
X-Via-Popv
Datacenter
Env
X-Optimistic-Header
WebServer
X-Datadome
Accept-Language
X-Tt-Logid
X-Cache-Ttl
X-CacheTTL
X-Minions-Version
X-Srv
X-DynaTrace-JS-Agent
X-Vc
WWW-Authenticate
X-HA-Backend
On-Server
X-DC
GeoIp-Country-Code
X-Servedbyhost
Esi-Enabled
X-Esi
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Unique-ID
X-MSEdge-Features
X-TX-ID
Server-ID
X-MSEdge-Flight
X-ZONE
X-Varnish-Beresp-TTL
X-Parent-Response-Time
X-Cs
X-Service
X-Ec-GeoHdr
C-Via
X-Ec-Fail
X-User
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Cache-PHP
X-Webkit-CSP-Report-Only
X-Fpc
X-App
X-Traceid
X-VCL-Version
X-Dynatrace
X-URL
Cdncip
Cdnsip
X-Li-Proto
X-LI-Proto
X-Webkit-Csp-Report-Only
X-AK-Request-ID
Test
X-Render-Time
X-Cache-Status-Check
X-LiteSpeed-Cache-Control
X-Fmm-Version
X-WADP-Cache
My-App
X-Clara-WADP
Cluster
X-Vcl-Version
Geo-Info
X-FPC
X-B3-Spanid
X-Pass-Why
X-NODE
Proxy-Connection
X-Var-Ttl
Geoip-Latitude
Resin-Trace
Tracecode
X-CUA
X-Mcache
M-TraceId
Server-Id
T-Server
X-From
Lfy
DataCenter
Cf-Int-Pingora-Origin-Digest
X-Fragments
X-Clientip
Fastly-Drupal-HTML
Lang
X-Info
X-CSRF-TOKEN
X-AIR-PT
X-Oss-Request-Id
X-LiteSpeed-Tag
UCS
X-Oss-Object-Type
X-VC
HIT
X-Geo
Target-Params
Cache-Host
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Ha-Backend
X-ID
Hostname
MIME-Version
Hit
X-ServedByHost
GeoIP-Country-Code
X-Pad
X-WP-CF-Super-Cache-Cache-Control
X-RAMCache
S-Cnection
X-WP-CF-Super-Cache
X-Dynatrace-Js-Agent
X-Via-PopH
X-Edge-POP
Tcn
X-Via-PopN
ENV
Ohc-File-Size
X-Via-PopV
X-Cdn-Forward
X-Provided-By
User-Agent
X-NGINX-Cache
X-Edge-Cache
Fastly-Backend-Name
X-Check-Cacheable
X-Httpd
X-Micro-Cache
X-HS-Status
Permissions-Policy
X-ElasticPress-Query
Load-Balancing
Section-Origin-Responded
X-Api-Version
X-Proxy-Cache-Info
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Ucs
X-BBC-Origin-Response-Status
X-ServerName
X-Release
Producers
X-Fastly-Backend-Reqs
Servername
WZWS-RAY
X-Backend-Host
X-HostName
PICS-Label
X-BCube-Filmed-By
X-Lb-Nocache
X-GoCache-CacheStatus
FSS-Cache
X-SB
Cf-Ipcountry
X-Nc
X-UP
Uri
URI
X-APP
ServerName
X-Cache-CFC
X-TRACE-ID
Cdn
Ohc-Cache-HIT
X-Acquia-Purge-Tags
X-Platform-Cluster
X-Platform-Processor
X-Udemy-Cache-App-Namespace
X-Acquia-Site
Cneonction
X-Platform-Router
X-Swift-Error
EpKe-Alive
X-Pool
Server-Ttl
X-Fastly-Cache-Hits
Cteonnt-Length
X-Acquia-Application-Trace
X-RateLimit-Reset
X-Lb-Id
X-Acquia-Application-UUID
X-Cdn-Request-ID
X-Dw-Trace-Id
X-Ec-Custom-Error
X-Akamai-ERRuleID
X-Scale
X-Akamai-ERPolicy
VNS-Cache
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-WA-Info
X-WA
X-Vcache
X-Apw-Hits
X-Yottaa-OS
Shield-Pop
Path
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-Newrelic-App-Data
X-Amz-Meta-Cb-Modifiedtime
CF-Cached-On
Vha6-Origin
CPC-Cache
CPC-Age
Cache-Key
VNS-Age
X-B3-ParentSpanId
X-Cache-Ngx
Sid
Lb
X-Air-Pt
X-IN-APIGATEWAYSSL
X-SIPLIST1
X-Akamai-Request-ID
X-Wikidot-Backend
MD5-Digest
IsBot
X-Cache-Expires
X-Dispatcher-Number
X-IN-APIGATEWAY
X-Shopify-Generated-Cart-Token
X-Wikidot-Static-Cache
X-Last-Modified
X-UA
X-CacheKey
X-Akamai-Pragma-Client-IP
Req-ID
X-Sentry-ID
CountryCode
X-Http-Count
X-Http-Duration-Ms
Ngx
X-Varnish-Authentication
X-Logging-Id
X-Te-Duration-Ms
X-Te-Count
X-ES-SERVER