Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Request-ID
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-LiteSpeed-Cache
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Amz-Version-Id
X-Pingback
X-Device
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
Cf-Railgun
X-Backend-Server
X-Node
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Content-Location
Rating
X-Country
X-B3-TraceId
X-Ua-Compatible
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cache-Lookup
X-Language
X-Cloud-Trace-Context
X-Url
X-Ac
X-Trace
X-Content-Type
Allow
X-Template
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-ESI
Cache-Tag
Fastly-Restarts
X-Server-Name
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
X-Buckets
MS-Author-Via
X-Amz-Rid
Public-Key-Pins
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Origin-Cache
X-Cache-TTL
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
X-Px
X-Cnection
X-Aws-Lambda-Call-Status
X-Goog-Hash
Access-Control-Request-Method
X-Country-Code
X-Powered-By-Plesk
X-NF-Request-ID
X-Navigation-Version
RTSS
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Version
Accept-Ch
X-Powered-CMS
X-Amz-Server-Side-Encryption
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Response
X-Middleton-Response
X-MSEdge-Ref
X-LLID
X-Kinsta-Cache
X-Edge-Location-Klb
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-Edge
AR-CACHE
Nginx-Cache
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-RateLimit-Remaining
X-Shield-Request-Id
X-Jurisdiction
S
X-HP-Webp
X-HP-Trace-Id
X-Protected-By
X-T
TCN
Content-MD5
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-CST
X-TTL
X-Id
Realpath
X-Aspnetmvc-Version
Fastcgi-Cache
X-Mid
X-MCACHE
Edge-Cache-Tag
X-Ttl
SPIisLatency
SPRequestDuration
Front-End-Https
X-Recruiting
X-Parallel-Accel
X-Request-Processing-Time
X-Request-Received
Filters
Pinterest-Version
Server-Node
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
X-Pinterest-Rid
Pinterest-Generated-By
Fusion-Source
Fusion-Template-Id
X-Ua-Browser
X-Content
X-Ab
X-DynaTrace
X-SharePointHealthScore
SPRequestGuid
Server-Name
X-Ezoic-Cdn
X-NWS-LOG-UUID
X-Frontend
X-Correlation-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Alternate-Protocol
X-Yandex-Sdch-Disable
X-Hits
X-Cache-Key
X-Content-Options
X-Accel-Expires
X-ECACHE
MicrosoftSharePointTeamServices
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Ser
X-Page-Id
Cache-Tags
Host
X-Git-Hash
Cleartype
X-Fastly-Request-Id
Charset
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Www-Served-By
X-B3-Sampled
X-Ruxit-Js-Agent
X-Geo-Country
X-XRDS-LOCATION
X-Daa-Tunnel
X-Content-Digest
X-Amz-Replication-Status
Filterid
X-Amzn-Trace-Id
TP-L2-Cache
TP-Cache
X-DIS-Request-ID
X-Forwarded-Proto
X-VCache
X-Varnish-Age
X-Hostname
X-Az
X-AppVersion
X-Activity-Id
X-Debug-Info
X-Rid
X-N
X-Origin-Server
X-Grace
X-Upgrade-Enabled
X-FB-Debug
Access-Control-Allow-Method
X-LB-Cache
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
X-Nginx-Upstream-Cache-Status
ServerID
Cross-Origin-Opener-Policy
X-Mobile-URL
X-Is-Crawler
X-F-Cache
X-Request-Guid
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-Flags
X-Whom
X-TT
X-Goog-Stored-Content-Encoding
X-NGENIX-Cache
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-App-Environment
X-Tb
X-Varnish-Grace
X-App-Server
Viewport
X-Microsite
X-Request-Handler-Origin-Region
X-FW-Static
X-Distributor
Payment
X-FW-Server
X-FW-Type
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
Paypal-Debug-Id
DC
Node
X-Server-ID
X-Ratelimit-Limit
X-Seen-By
X-Cache-Control
X-Type
Fastcgi-Useragent
X-Logged-In
X-User-Agent
Accept-Charset
Country
X-Cache-Age
X-Cache-Rule
X-Litespeed-Cache
X-Wix-Request-Id
X-DataDome
X-Webkit-CSP
X-Varnish-Backend
Version
X-Load-Cache
X-Node-Name
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-PressLabs-Stats
X-Via-JSL
X-Cache-Action
Referer-Policy
X-Drupal-Cache-Tags
Refresh
X-IPLB-Instance
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Original-Request-Id
Cache-Status
X-Response-Served-From
SD-X-WS
Access-Control-Request-Headers
X-Cluster-Name
Amp-Access-Control-Allow-Source-Origin
X-Rendered-As
X-Mobile
X-Signature
X-Vgn-Hpd-Reason
X-Real-IP
X-Page-View
X-Cacheable-TTL
X-Is-Bot
X-Jobs
X-Contextid
X-Proxy-Cache-Status
X-B-Cache
VIX-Pulpo-Node
X-Debug
VIX-Pulpo-Upstream-Status
X-B
NGB
X-ProcessESI
X-Cache-Expired-At
X-RemovedCookies
X-Revision
X-UUID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rule
X-Proxy
X-Device-Type
Surrogate-Key
X-Drupal-Cache-Contexts
X-Instance
X-Fastly-Request-ID
X-G
Akamai-GRN
X-Framework
X-Cache-Time
X-Debug-IsPreview
DynaTrace
X-Debug-IsConnected
X-FW-Version
CF-IPCountry
X-Fastcgi-Cache
Liferay-Portal
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
SID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Healthy
X-Azure-Ref
X-Source
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Nginx-Cache
X-Ms-Request-Id
X-Ms-Version
Frame-Options
MS-CV
X-RTag
Ms-Operation-Id
X-APP-VERSION
X-Cache-Hit
X-CDN-Forward
X-Oneagent-Js-Injection
Count-Hit
X-Tumblr-Pixel
X-Environment-Context
GEO-INFO
X-Tumblr-User
Countrycode
X-Cache-Operation
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-L-Path
X-Ratelimit-Reset
X-Varnish-Server
Xserver
Uber-Trace-Id
X-EdgeConnect-Cache-Status
X-XRDS-Location
X-Region
X-Accel-Buffering
Section-Io-Cache
X-Servername
X-Forwarded-Host
X-Backend-Name
X-Mode
X-Content-Powered-By
X-Presslabs-Stats
X-IPS-LoggedIn
X-Zen-Fury
Ec-Rule-Version
Cross-Origin-Window-Policy
Backend
X-SaId
X-UPSTREAM-Address
X-Detected-As
Meta-Geo
X-RN-RSRV
X-JoinUs
X-Alternate-Cache-Key
X-Tid
X-Shopify-Stage
X-Redis-Cache
X-Cache-Server
X-Cache-Grace
Country-Code
X-Generation-Time
X-Debug-Cache
Eomportal-Instance
X-ShardId
X-Human
X-Hosted-By
X-ShopId
X-Varnish-Beresp-Grace
X-Cache-Type
X-Uri
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Sql-Count
X-Cache-NGX
X-Adobe-Loc
X-Sql-Duration-Ms
X-Adobe-Content
Url
Mn-Server-Ip
X-ProxyCache-Status
X-Cache-TTL-Remaining
X-NCache
X-Microcachable
X-PHP-Backend
X-Origin-Date
Cache-Tv-Group
X-Site-Version
X-Status
Cache-Name
Decoy-Debug-TTL
DB-Nickname
X-FB-TRIP-ID
X-ServerID
X-BYPASS-REASON
X-UA-Device-Type
Decoy-Debug-Status
X-ProxyCache-Key
X-Via-Fastly
Decoy-Debug-Key
Property-Id
Fastly-SSL
Protected
Apigw-Requestid
X-Cache-Host
X-Proxy-Build
X-Web-Node
X-Rewrite-Enabled
X-Format
X-No-Session
X-OCL
X-Timing-Wait
X-Storage
X-PCL
X-Origin-Hint
X-SayCDN-TTL
X-Say-TTL
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
X-Say-Cacheable
X-Akamai-Edgescape
Webcakes-Region
Webcakes-App-Name
Selected-Fe
Webcakes-App-Version
X-Extlb
X-Varnishpool
X-Routing-Service
OT-Force-Account-Verify
X-Zipkin-Id
X-Server-W
X-Section
X-R9-Blue-Green-Version
X-ApacheServer
X-Hl-Ver
X-Access
X-NYM-Debug-Backend
X-Pubstack
X-PERF
X-Soup
X-Proxied
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Azure-Version
X-Be
X-Cluster-Node
X-RateLimit-Limit
Content-Secure-Policy
X-Azure-Ref-OriginShield
X-Ua
X-Content-Age
X-NewRelic-App-Data
Source
X-LSADC-Cache
CDN-PullZone
X-Webkit-Csp
CDN-RequestCountryCode
CDN-CachedAt
CDN-RequestId
Content-Disposition
CDN-Cache
CDN-EdgeStorageId
CDN-Uid
X-Generated-By
Cache
SRV
X-Dc
X-Hyper-Cache
X-Cached-By
X-HTML-Minification-Powered-By
X-ECache
X-Unique-Id
X-Amz-Meta-S3cmd-Attrs
X-Trace-Id
X-LAGOON
X-Nginx-Cache-Key
X-App-Version
X-SRV
X-Bc-Bl
X-Cache-Var-Map
X-Varnish-Hostname
X-Cache-Var
X-Time
X-TNCMS
X-Loop
X-Varnish-Hits
Xet-Cookie
LB
Onion-Location
X-Auto-Login
X-S-Maxage
X-TT-LOGID
X-GEO
Retry-After
Cache-Hits
X-Origin-CC
X-Origin-TTL
X-TIME
X-Tumblr-Pixel-3
Web-Mar-Node
X-Tumblr-Pixel-2
Mime-Version
X-Proto
X-CSRF-Token
X-Platform-Server
HostName
WPO-Cache-Status
X-Cdn
WPO-Cache-Message
X-Akamai-Transformed
X-M-Log
X-Correlation-ID
X-Endurance-Cache-Level
X-Tenant
X-Qnm-Cache
X-M-Reqid
X-Time-Microsecs
X-Edge-Location
Webserver
X-AWS-Id
X-GG-Cache-Date
X-Cache-Remote
X-LJ-Flow-ID
X-VWS-Id
X-Xfnlog-Site
CloudFront-Viewer-Country
X-CLOUD-TRACE-CONTEXT
X-Cache-Tags
N-Cache
X-Varnish-Cache-Hits
X-Mg-Request-UUID
Upgrade-Insecure-Requests
X-CACHE-KEY
X-PHP-Host
ServedBy
X-Request-Time
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-AOL-HN
X-Ratelimit-Remaining
X-RCS-CacheZone
X-Via-NSCOPI
X-B3-SpanId
X-Origin-Response-Time
X-Locale
X-Handled-By
X-Processor
Origin
X-Vtex-Remote-Cache
Pramga
X-Vtex-Processado-Em
Redirect-Candidate
X-External-Request-Id
Meta-Geo-Continent
Fastcgi-X-Cache-Version
X-NAPM-TraceId
X-ND-Cache
X-Hnp-Log
X-Gen-Mode
A
Expiry
DCR-Decision-By
BehaviorPad-Version
DCR-Processing-Time-Ms
DSUID
X-Ig-Push-State
X-Orig-Expires
X-Ftr-Request-Id
X-Cache-NE
X-CF-Lambda-Fn
Xc-Version
X-CF-Lambda-Version
X-Cache-Date
X-Forwarded-Path
X-Planisys-CDN-TTL
X-PAYTM-SRV-ID
Mobile-Detection-Method
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Odigeo-Trace-Id
Nel
X-D
X-ARC
X-Slack-Backend
X-SRCache-Key
X-Application
X-Block-Status
X-B-Cookie
X-Vdms-Path
X-Conf
X-Session-Fingerprint
X-Shop-Environment
X-A
X-Connection-Hash
X-TIM-N
X-A-Wwc
X-V-Cache
X-Aed
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-A-Dam
X-SD-PageType
User-Cache-Control
X-Cluster
X-Storefront-Renderer-Rendered
X-Rojux
X-Vdms-Version
X-VG-WebCache
X-Request-Host
Rendered-Blocks
X-Ckpd-Fst-Backend
X-Destination
X-S
X-Developer
X-ScT
Surrogated-Key
X-S-Cookie
X-VC-Cache
X-MP-GENERATED-AT
X-Core-Mission
X-Epic-Correlation-Id
Fastcgi-Cache-TTL
X-Device-Os
X-Li-Fabric
X-Li-Pop
CDCHOST
Cmsid
X-Cache-Bucket
X-Accel-Expires-Debug
Cmstype
Release
Host-ID
Vix-Hermes-Req-Id
State
X-Fastly-Cache
X-Forwarded-Site
V-Age
X-LI-UUID
X-Fetched-On
Traceparent
X-Date
Wxu-Next-Commit
X-Gdpr
Wxu-Next-Region
X-Geo-Header
Gh-Request-Id
X-Cache-Info
Origin-EX
L
Wxu-Next-Hostname
Origin-CC
X-Hash
X-Policy
X-Varnish-Beresp-Status
X-Reqid
X-Nyt-Route
X-ATG-Version
X-Adobe-Source
X-Served-From
X-Server-IP
X-Old-Content-Length
X-Origin-Expires
X-Proxy-Upstream
X-Skip-Cache
X-Owner
X-Origin-Time
X-Sucuri-ID
X-Sucuri-Cache
From-Origin
Server-Info
X-Webstats-RespID
Arc-Country
CacheControlHeader
X-Rocket-Nginx-Serving-Static
X-Scheme
X-VServer
X-Men
X-Mvc-Supplant-Cachable
X-Location
AKAMAI
Environment
X-FireWall-Port
AMP-Access-Control-Allow-Source-Origin
X-Rocket-Build-Number
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Sigma-Backend
Thinkindot-CacheControl-Type
We-Hiring
True-Client-Country-4JS
Thinkindot-CacheControl
X-Sigma
Svr
Thinkindot-Control
TDXMobile
X-Datadog-Trace-Id
X-Thanos
X-Cache-Config
X-Branch-Name
X-Viewer-Country
X-Bip
X-Cache-Debug
X-Cache-Id
X-Cdn-Srv
Sslversion
X-Aicache-OS
X-VG-TLSProxy
X-BBC-Edge-Cache-Status
X-TH-Server
X-Magnolia-Registration
X-Sn-Servicetimems
X-Developers
X-Thinkindot-L3
X-VarnishDD-TTL
X-Core-Value
X-TrackingId
Web-Mar-Region
Server-Host
Mail-Subject
Machine
Locid
X-Gamma-Serve
X-Platform
X-Cdn-Origin
X-HS-Content-Campaign-Id
X-Generated-On
Fastly-GeoIP-CountryCode
X-Gzip
X-NodeID
X-GeoIP-City
X-GeoIP
X-HN
X-Node-Id
Apple-News-Services-Handled
X-Irp-Debug
X-Req
X-Region-Sid
Req-Svc-Chain
X-Request-Start
Apple-News-Services-Request-Url
X-Esi-Check
X-Level-Front-Cache
PFcat
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Fastly-Backend
Fastly-Drupal-Html
X-Zone
WP-Super-Cache
X-Varnish-Remaining-TTL
Ssr
X-Loc
X-Worker
X-Varnish-CookieINHashed-On
X-Is-Gdpr
X-JWT-State
X-Has-Esi
X-CGP
X-Origin
X-DefElseHash
X-Eu-Site
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-DefHash
X-Request-URI
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-UnsetCookies
X-Variation
X-Csrf-Jwt
X-NU-AKA-ACS-Version
X-Response-By
X-Qloud-Router
X-FC-Vary-Parameters
X-Pod-Name
X-Varnish-CookieHashed-On
X-Amzn-Remapped-Content-Length
NGX
X-Backend-State
NM-Fastcgi-Cache
Platform
Adler-Geo
Cf-Device-Type
L5d-Success-Class
Memcached
Fastly-SWR
Fastly-SIE
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
X-EC-Lua
X-Xrds-Location
Datacenter
X-Mvc-Supplant-OutputCached
Candidate-Md5Url
X-Ua-Device
X-NWS-UUID-VERIFY
X-Tx-Id
X-NC
X-API-Version
X-LB-ID
X-CS
X-Cache-Enabled
CDN
X-Up
X-Backend-TTL
WWW-Authenticate
X-Vc
Pics-Label
X-Varnish-Beresp-Ttl
On-Server
X-DynaTrace-JS-Agent
X-Refresh
Esi-Enabled
Memory
X-Trace-ID
NtCoent-Length
Ms-Author-Via
Time
X-GeoIP-Region-Code
X-Tt-Logid
X-GeoIP-Country-Code
X-Datadome
X-TraceId
X-Edge-Pop
X-LB-NoCache
X-Generated-In
X-Tb-Optimization-Total-Bytes-Saved
Magicmarker
X-Service
C-Via
WebServer
Env
GeoIp-Country-Code
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Varnish-Ttl
X-Parent-Response-Time
X-TA-CDN-Provider
X-Dynatrace
X-CacheTTL
Kp-EeAlive
S-Rt
X-Cache-PHP
X-Optimistic-Header
X-Varnish-Beresp-TTL
X-Srv
X-DC
X-Restarts
X-RSL
X-RPS
X-RPM
X-DW
Edge-Cache
X-DSS
X-Cache-Backend
X-Esi
X-MSEdge-Flight
X-DB
X-Cs
X-Cache-Status-Check
X-MSEdge-Features
X-Render-Time
X-Wix-Viewer-Type
X-Action
X-DI
X-ZONE
X-TX-ID
X-Unique-ID
X-Servedbyhost
X-Http-Reason
X-Akamai-Request-ID2
X-Info
Server-ID
X-Minions-Version
X-AIR-PT
X-Li-Proto
X-HA-Backend
X-Cache-Ttl
X-Newrelic-Synthetics
X-FPC
Accept-Language
X-Clientip
X-App
X-VCL-Version
Proxy-Connection
X-URL
X-LiteSpeed-Cache-Control
X-B3-Spanid
X-Webkit-Csp-Report-Only
X-Vcl-Version
X-LI-Proto
X-Fpc
X-Oss-Object-Type
X-Oss-Request-Id
Server-Id
Cache-Host
HIT
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
Test
UCS
X-Oss-Storage-Class
X-Traceid
Locale
X-Ec-GeoHdr
X-User
S-Cnection
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Ec-Fail
X-NODE
X-Webkit-CSP-Report-Only
Geo-Info
Tcn
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Lb
X-Micro-Cache
User-Agent
Fastly-Backend-Name
X-Pass-Why
X-LiteSpeed-Tag
X-Backend-Host
X-Pad
X-AK-Request-ID
M-TraceId
Cdncip
X-Ha-Backend
Cdnsip
X-HostName
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
X-CSRF-TOKEN
X-ServedByHost
X-APP
X-BBC-Origin-Response-Status
X-BCube-Filmed-By
X-Release
Resin-Trace
My-App
Cluster
X-WADP-Cache
X-Fmm-Version
X-Clara-WADP
Geoip-Latitude
X-ID
Hostname
Hit
X-Check-Cacheable
X-CUA
Ohc-File-Size
Tracecode
GeoIP-Country-Code
X-Var-Ttl
X-Dynatrace-Js-Agent
X-ES-SERVER
X-Geo
T-Server
X-From
X-ElasticPress-Query
X-Via-PopV
X-Edge-POP
X-Via-PopH
X-Via-PopN
Lfy
X-Cdn-Forward
X-WA
X-WA-Info
Cache-Key
X-Amz-Meta-Cb-Modifiedtime
VNS-Cache
CPC-Cache
VNS-Age
MIME-Version
Path
ENV
CPC-Age
EpKe-Alive
Load-Balancing
X-HS-Status
X-Edge-Cache
Lang
X-Api-Version
X-RAMCache
X-Fragments
X-Fastly-Backend-Reqs
X-NGINX-Cache
Srv
X-Akamai-Pragma-Client-IP
X-ServerName
Pagetype
X-PJAX-URL
URI
Shield-Pop
X-UP
Target-Params
X-Ucs
Servername
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Cms-Context
X-WP-CF-Super-Cache
DataCenter
Uri
X-Hcs-Proxy-Type
X-GoCache-CacheStatus
X-Fastly-Cache-Hits
X-CCDN-Origin-Time
X-Via-Ucdn
MD5-Digest
X-Mcache
X-CCDN-CacheTTL
X-TRACE-ID
X-Dw-Trace-Id
Server-Hostname
Sever-Int
WZWS-RAY
Server-Ext
PICS-Label
IsBot
X-Lb-Id
X-VC
Cdn
X-B3-ParentSpanId
X-SIPLIST1
X-Nc
Ohc-Cache-HIT
Cneonction
X-RateLimit-Reset
X-VG-WebServer
X-Cdn-Request-ID
Cf-Ipcountry
X-Newrelic-App-Data
X-Cache-ASPX
CF-Cached-On
W
X-Cache-Expires
X-Contensis-Viewer-Groups
X-Apw-Hits
X-Acquia-Purge-Tags
X-Acquia-Site
X-Apw-Access-Action
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Apw-Access-Token
X-Apw-Access-Object
X-Snapshot-Date
Cteonnt-Length
X-Yottaa-OS
FSS-Cache
Permissions-Policy
Vha6-Origin
X-Httpd
X-Proxy-Cache-Info
X-Swift-Error
X-Lb-Nocache
X-Air-Pt
Sid
X-Cache-Ngx
X-Akamai-ERRuleID
X-Last-Modified
X-Akamai-ERPolicy
X-Miniprofiler-Ids
X-Te-Duration-Ms
ServerName
X-Te-Count
X-Http-Duration-Ms
Server-Ttl
X-Akamai-Request-ID
CountryCode
X-Platform-Cluster
X-Platform-Processor
Dnion-Transfer-Encoding
X-CacheKey
X-UA
Req-ID
X-Platform-Router
HitType
Ngx
X-B3-Parentspanid
X-Sentry-ID
X-Varnish-Authentication
X-Logging-Id
X-Provided-By
X-Http-Count