Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Request-ID
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Backend
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
X-Ruxit-JS-Agent
Content-Location
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-PC
X-Vname
X-TtlSet
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Server-Name
Fastly-Restarts
Cache-Tag
X-ESI
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Aws-Lambda-Call-Status
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Aspnetmvc-Version
X-Cnection
X-Px
Accept-Ch
RTSS
Arr-Disable-Session-Affinity
X-Country-Code
X-Navigation-Version
Access-Control-Request-Method
X-Goog-Hash
X-Origin-Cache
X-Powered-By-Plesk
X-NF-Request-ID
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Cdn-Fetch
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Powered-CMS
AR-CACHE
AR-SID
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Version
X-Middleton-Display
Display
X-Sol
Pagespeed
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-MSEdge-Ref
X-LLID
X-SRCache-Fetch-Status
X-TTL
X-SRCache-Store-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
TCN
X-Protected-By
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Shield-Request-Id
X-T
X-RateLimit-Remaining
X-Content-Security-Policy-Report-Only
S
X-Id
X-Mg-S
Content-MD5
X-Forwarded-For
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
Realpath
SPRequestDuration
X-Language
SPIisLatency
Front-End-Https
X-Recruiting
X-CST
X-Request-Received
X-Request-Processing-Time
X-MCACHE
X-Pinterest-Rid
Filters
Pinterest-Generated-By
Pinterest-Version
Server-Node
X-DynaTrace
X-Content
X-Ua-Browser
X-Ab
Server-Name
X-Frontend
X-Correlation-Id
X-Ttl
X-ECACHE
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
SPRequestGuid
X-NWS-LOG-UUID
X-SharePointHealthScore
X-Ezoic-Cdn
X-Ser
X-Cache-Key
X-Parallel-Accel
X-Hits
X-Template
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Deployment-Id
Alternate-Protocol
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cache-Tags
X-Ruxit-Js-Agent
X-Page-Id
MicrosoftSharePointTeamServices
Charset
X-Content-Options
X-Kong-Proxy-Latency
X-Git-Hash
Cleartype
X-B3-Sampled
X-Kong-Upstream-Latency
Host
X-Www-Served-By
X-DIS-Request-ID
X-Geo-Country
X-Debug-Info
X-Amzn-Trace-Id
X-Amz-Replication-Status
X-Hostname
X-Content-Digest
Filterid
X-Daa-Tunnel
X-Fastly-Request-Id
X-Accel-Expires
X-Varnish-Age
X-AppVersion
X-Activity-Id
X-Az
X-FB-Debug
X-Ratelimit-Limit
X-VCache
X-Upgrade-Enabled
X-Forwarded-Proto
Cross-Origin-Opener-Policy
TP-Cache
TP-L2-Cache
X-Rid
X-N
X-Grace
X-Origin-Server
X-Nginx-Upstream-Cache-Status
Access-Control-Allow-Method
X-F-Cache
X-Mobile-URL
X-LB-Cache
ServerID
X-Aspnet-Duration-Ms
X-Flags
X-Request-Guid
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
X-Server-ID
X-Whom
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-TT
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Viewport
X-XRDS-LOCATION
X-Varnish-Grace
X-Tb
X-Seen-By
X-WebKit-CSP-Report-Only
X-Type
X-Distributor
X-FW-Hash
X-FW-Type
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Static
Node
X-App-Environment
Payment
DC
Paypal-Debug-Id
X-App-Server
X-User-Agent
X-Origin-Upstream-Status
Fastcgi-Useragent
X-NGENIX-Cache
Country
X-Cache-Control
Accept-Charset
X-Wix-Request-Id
X-Litespeed-Cache
X-Cache-Rule
X-Fastcgi-Cache
X-Logged-In
Version
X-Webkit-CSP
X-DataDome
X-Fastly-Request-ID
X-Via-JSL
X-Cache-Age
X-Microsite
X-Request-Handler-Origin-Region
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Erf-Bev-Bev
X-Drupal-Cache-Tags
Amp-Access-Control-Allow-Source-Origin
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
Referer-Policy
X-Cluster-Name
X-Contextid
X-Load-Cache
X-Varnish-Backend
X-Signature
Refresh
X-B-Cache
Cache-Status
X-Original-Request-Id
X-Node-Name
SD-X-WS
X-Buckets
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Response-Served-From
Access-Control-Request-Headers
X-Mobile
X-Real-IP
X-Proxy-Cache-Status
X-Ratelimit-Reset
X-Is-Bot
X-Page-View
X-Vgn-Hpd-Reason
X-Cacheable-TTL
X-Rendered-As
X-Yottaa-Metrics
X-UUID
X-Yottaa-Optimizations
X-ProcessESI
NGB
X-RemovedCookies
X-B
X-Cache-Action
X-Jobs
X-Cache-Expired-At
X-Debug
X-Instance
X-Revision
X-Device-Type
X-IPLB-Instance
X-Rule
X-Drupal-Cache-Contexts
Surrogate-Key
X-Cache-Time
X-G
Akamai-GRN
X-Framework
X-Proxy
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-TEC-API-VERSION
X-Debug-IsConnected
X-TEC-API-ROOT
X-Debug-IsPreview
X-TEC-API-ORIGIN
X-FW-Version
CF-IPCountry
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
SID
X-XRDS-Location
X-PressLabs-Stats
GEO-INFO
DynaTrace
X-Azure-Ref
Liferay-Portal
X-Oneagent-Js-Injection
X-Nginx-Cache
X-Cache-Operation
X-Ms-Request-Id
X-Accel-Buffering
X-APP-VERSION
X-Ms-Version
Count-Hit
X-Presslabs-Stats
Frame-Options
X-Source
Healthy
Uber-Trace-Id
X-RTag
Ms-Operation-Id
X-CDN-Forward
MS-CV
X-EdgeConnect-Cache-Status
X-Cache-NGX
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
Xserver
X-Environment-Context
Countrycode
X-L-Path
X-Zen-Fury
X-Varnish-Server
X-Cache-Hit
X-Backend-Name
X-Mode
Cross-Origin-Window-Policy
X-Region
X-IPS-LoggedIn
X-Ratelimit-Remaining
X-Servername
Protected
X-Forwarded-Host
Ec-Rule-Version
X-Cache-TTL-Remaining
Backend
X-Content-Powered-By
X-Cache-Type
Meta-Geo
X-UPSTREAM-Address
X-JoinUs
X-SaId
X-Tid
X-RN-RSRV
X-Detected-As
X-Rewrite-Enabled
X-Debug-Cache
X-Cache-Grace
X-Alternate-Cache-Key
Country-Code
X-Zipkin-Id
Apigw-Requestid
X-Cache-Server
X-Extlb
X-Human
Section-Io-Cache
X-Hosted-By
X-Generation-Time
X-Varnish-Beresp-Grace
X-Sql-Count
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Proxied
X-Uri
Eomportal-Instance
Decoy-Debug-TTL
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
Decoy-Debug-Status
X-Routing-Service
X-Sql-Duration-Ms
X-Redis-Cache
Decoy-Debug-Key
X-Origin-Date
X-No-Session
Cache-Tv-Group
X-ApacheServer
X-PERF
Cache-Name
X-BYPASS-REASON
X-Content-Age
X-ServerID
X-Status
X-ProxyCache-Key
X-Soup
X-Storage
X-ProxyCache-Status
X-Microcachable
X-UA-Device-Type
Mn-Server-Ip
X-Via-Fastly
X-Format
X-RateLimit-Limit
Fastly-SSL
X-NCache
X-Site-Version
X-Hyper-Cache
X-Access
X-Adobe-Content
X-Pubstack
Url
X-Say-TTL
X-SayCDN-TTL
X-Cluster-Node
X-Section
X-Server-W
X-Web-Node
X-Adobe-Loc
X-NYM-Debug-Backend
X-Cache-Host
X-Say-Cacheable
X-PHP-Backend
X-Akamai-Edgescape
X-PCL
X-OCL
Property-Id
Selected-Fe
OT-Force-Account-Verify
X-Timing-Wait
X-Hl-Ver
Webcakes-Region
X-Origin-Hint
X-R9-Blue-Green-Version
X-Proxy-Build
Webcakes-App-Version
TWC-Privacy
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
Webcakes-App-Name
DB-Nickname
Azure-Version
Azure-SiteName
LB
Azure-InstanceId
Azure-RegionName
Azure-SlotName
X-Be
WPO-Cache-Status
WPO-Cache-Message
X-NewRelic-App-Data
CDN-PullZone
CDN-RequestCountryCode
Content-Secure-Policy
CDN-EdgeStorageId
X-Varnishpool
X-FB-TRIP-ID
CDN-Uid
CDN-Cache
CDN-CachedAt
CDN-RequestId
X-Generated-By
Content-Disposition
X-Webkit-Csp
X-Ua
X-LSADC-Cache
X-Azure-Ref-OriginShield
X-TIME
SRV
X-Cached-By
X-Nginx-Cache-Key
Cache
Source
X-SRV
X-Bc-Bl
X-Trace-Id
X-Unique-Id
X-LAGOON
Cache-Hits
X-Dc
X-Auto-Login
Retry-After
X-Origin-CC
Xet-Cookie
X-Origin-TTL
X-GEO
Mime-Version
X-Platform-Server
X-Cache-Remote
X-TT-LOGID
X-Varnish-Hits
X-TNCMS
X-Loop
X-HTML-Minification-Powered-By
X-Akamai-Transformed
X-Cdn
X-Varnish-Hostname
Onion-Location
X-Xfnlog-Site
X-App-Version
X-S-Maxage
X-Amz-Meta-S3cmd-Attrs
HostName
ServedBy
X-Cache-Tags
X-Tumblr-Pixel-3
Web-Mar-Node
Upgrade-Insecure-Requests
X-CSRF-Token
X-Tumblr-Pixel-2
X-Proto
X-Varnish-Cache-Hits
X-Time
Webserver
X-Cache-Var-Map
X-Request-Time
X-Cache-Var
X-EC-Lua
X-Time-Microsecs
X-AOL-HN
X-FireWall-Port
X-Tenant
X-ECache
X-Endurance-Cache-Level
X-VWS-Id
X-Edge-Location
From-Origin
X-LJ-Flow-ID
X-AWS-Id
X-Request-Host
WP-Super-Cache
X-GG-Cache-Date
N-Cache
X-Correlation-ID
Nel
X-Origin-Response-Time
CloudFront-Viewer-Country
X-B3-SpanId
X-Via-NSCOPI
X-Mg-Request-UUID
X-External-Request-Id
Mobile-Detection-Method
X-Block-Status
X-Ftr-Request-Id
Xc-Version
Meta-Geo-Continent
X-Cache-Date
X-Cluster
X-Forwarded-Path
Odigeo-Trace-Id
X-Processor
X-Amz-Apigw-Id
X-Rojux
X-A-Dgt
X-A
X-Vtex-Processado-Em
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Planisys-CDN-TTL
X-Amzn-RequestId
V-Age
Origin
X-Cache-NE
X-NAPM-TraceId
Expiry
X-D
A
DSUID
BehaviorPad-Version
X-ND-Cache
DCR-Decision-By
X-Orig-Expires
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-PHP-Host
X-A-Dam
X-Planisys-CDN-Rules
X-A-Dcw
X-Conf
X-Cache-Enabled
X-A-Ccd
X-Connection-Hash
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Gen-Mode
X-Vtex-Remote-Cache
X-B-Cookie
X-SRCache-Key
Rendered-Blocks
X-SD-PageType
X-Application
Redirect-Candidate
X-A-Wwc
Surrogated-Key
X-Session-Fingerprint
Vix-Hermes-Req-Id
Sslversion
X-Labrador-Cache-Channel
X-Slack-Backend
X-Aed
X-Ig-Push-State
X-Shop-Environment
X-TIM-N
X-Aicache-OS
X-Hnp-Log
X-Vdms-Path
X-ScT
Pramga
User-Cache-Control
X-S-Cookie
X-Destination
X-VG-WebCache
X-ARC
X-S
X-SVT-ORM-VERSION
X-Vdms-Version
X-Developer
X-SVT-ORM-RULES
X-M-Reqid
X-MP-GENERATED-AT
X-Handled-By
X-Qnm-Cache
X-M-Log
Cmstype
X-Accel-Expires-Debug
X-Men
True-Client-Country-4JS
Svr
X-Mvc-Supplant-Cachable
Fastcgi-Cache-TTL
X-Core-Mission
Traceparent
Cmsid
X-NodeID
Gh-Request-Id
X-Li-Pop
X-Ckpd-Fst-Backend
X-LI-UUID
X-Li-Fabric
X-Gdpr
Origin-EX
X-Cdn-Srv
Origin-CC
X-Cache-Bucket
L
X-Cache-Info
X-Geo-Header
X-Forwarded-Site
X-Location
Host-ID
X-Hash
Release
State
Fastly-Drupal-Html
X-Proxy-Upstream
X-Webstats-RespID
X-Policy
X-Served-From
X-Varnish-Beresp-Status
X-Epic-Correlation-Id
X-Skip-Cache
X-Request-URI
X-RCS-CacheZone
X-Date
X-Server-IP
X-Viewer-Country
X-VServer
X-Fastly-Cache
X-Origin-Time
X-Owner
X-Old-Content-Length
X-Origin-Expires
Arc-Country
CacheControlHeader
X-Sucuri-Cache
X-Sucuri-ID
CDCHOST
X-Nyt-Route
X-Scheme
X-Rocket-Nginx-Serving-Static
X-V-Cache
AKAMAI
X-Magnolia-Registration
Environment
X-Zone
X-Reqid
X-Locale
X-NWS-UUID-VERIFY
X-TrackingId
X-UnsetCookies
X-Gzip
X-Developers
X-Thinkindot-L3
X-Thanos
X-TH-Server
X-Cdn-Origin
We-Hiring
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Web-Mar-Region
X-Device-Os
X-VG-TLSProxy
X-Fastly-Backend
X-Backend-TTL
X-Branch-Name
X-Bip
X-Esi-Check
X-Cache-Debug
Server-Info
X-Eu-Site
X-Cache-Id
X-Gamma-Serve
X-BBC-Edge-Cache-Status
X-Envoy-Decorator-Operation
X-GeoIP
X-GeoIP-City
X-VarnishDD-TTL
X-HN
X-Backend-State
X-Generated-On
X-ATG-Version
X-Adobe-Source
Ssr
Machine
Locid
L5d-Success-Class
X-Datadog-Sampling-Priority
Mail-Subject
X-RateLimit-Limit-Second
X-Region-Sid
X-CGP
X-Datadog-Trace-Id
X-RateLimit-Remaining-Second
X-Fetched-On
HA-Ipaddr
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Node-Id
X-Csrf-Jwt
Apple-News-Services-Host
Apple-News-Services-Handled
Ha-Gx-Prefs
X-Datadog-Parent-Id
Fastly-GeoIP-CountryCode
X-Req
X-Request-Start
X-Sn-Servicetimems
X-Core-Value
X-Sigma-Backend
X-Sigma
TDXMobile
Thinkindot-CacheControl
X-HS-Content-Campaign-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Host
X-Irp-Debug
X-Storefront-Renderer-Rendered
X-Level-Front-Cache
PFcat
X-Rocket-Build-Number
Req-Svc-Chain
X-VC-Cache
X-Xrds-Location
X-DefElseHash
X-FC-Vary-Parameters
X-DefHash
X-DPWN-IS-SECURE
X-Platform
X-Tx-Id
X-Response-By
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Amzn-Remapped-Content-Length
X-Qloud-Router
X-Variation
X-Varnish-CookieHashed-On
X-GeoIP-Region-Code
X-Origin
X-GeoIP-Country-Code
X-Worker
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
Adler-Geo
X-Pod-Name
X-JWT-State
X-NU-AKA-ACS-Version
Is-Eu
Memcached
NGX
X-Is-Gdpr
Platform
X-Has-Esi
Cf-Device-Type
Fastly-SIE
Fastly-SWR
X-Loc
NM-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Beresp-Ttl
X-Ua-Device
X-Trace-ID
X-Mvc-Supplant-OutputCached
X-Cache-Config
X-CS
X-Esi
X-CLOUD-TRACE-CONTEXT
S-Rt
X-CACHE-KEY
X-NC
X-Up
X-LB-ID
X-API-Version
X-Datadome
Pics-Label
Kp-EeAlive
X-Tt-Logid
X-Generated-In
Magicmarker
Datacenter
X-Restarts
CDN
Ms-Author-Via
X-Akamai-Request-ID2
Candidate-Md5Url
Memory
X-Http-Reason
X-LB-NoCache
Time
Env
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-Optimistic-Header
X-Wix-Viewer-Type
X-RSL
X-RPS
X-Via-Popn
X-DSS
X-RPM
X-Varnish-Ttl
X-Via-Poph
X-Via-Popv
X-DC
X-DI
X-Cache-Backend
NtCoent-Length
X-DB
X-Action
WebServer
X-DW
X-DynaTrace-JS-Agent
On-Server
X-Vc
X-Edge-Pop
X-Refresh
Edge-Cache
WWW-Authenticate
X-TA-CDN-Provider
X-Minions-Version
Accept-Language
GeoIp-Country-Code
X-Parent-Response-Time
X-CacheTTL
Esi-Enabled
X-Servedbyhost
X-HA-Backend
X-Srv
X-Unique-ID
X-Varnish-Beresp-TTL
X-Service
C-Via
X-MSEdge-Features
X-MSEdge-Flight
Server-ID
X-Cs
X-Cache-PHP
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Webkit-Csp-Report-Only
Locale
X-ZONE
X-TX-ID
X-Newrelic-Synthetics
X-Ec-GeoHdr
X-VCL-Version
X-Ec-Fail
X-User
X-Traceid
X-Cache-Ttl
X-LI-Proto
X-Render-Time
X-App
X-Cache-Status-Check
X-Dynatrace
X-Fpc
X-URL
X-Li-Proto
Test
X-LiteSpeed-Cache-Control
X-FPC
Cdncip
X-B3-Spanid
Cdnsip
X-AK-Request-ID
X-Webkit-CSP-Report-Only
Proxy-Connection
X-NODE
Server-Id
X-Vcl-Version
Cluster
My-App
X-Fmm-Version
X-WADP-Cache
X-Clara-WADP
X-Mcache
X-Pass-Why
X-AIR-PT
Geoip-Latitude
X-Var-Ttl
X-Info
X-CUA
Resin-Trace
X-Clientip
Tracecode
M-TraceId
HIT
X-Oss-Hash-Crc64ecma
Cf-Int-Pingora-Origin-Digest
T-Server
UCS
X-From
X-LiteSpeed-Tag
Fastly-Drupal-HTML
Cache-Host
X-Oss-Storage-Class
X-Oss-Request-Id
Geo-Info
X-Oss-Object-Type
X-Oss-Server-Time
X-CSRF-TOKEN
X-Fragments
S-Cnection
X-ID
X-Ha-Backend
Lfy
Lang
GeoIP-Country-Code
Hostname
Hit
Target-Params
Ohc-File-Size
X-ServedByHost
X-Pad
Tcn
X-WP-CF-Super-Cache
X-Edge-POP
X-WP-CF-Super-Cache-Cache-Control
DataCenter
X-VC
X-Dynatrace-Js-Agent
X-Geo
X-Cdn-Forward
X-ElasticPress-Query
Fastly-Backend-Name
X-Via-PopV
MIME-Version
X-Micro-Cache
X-Via-PopN
User-Agent
X-RAMCache
X-Via-PopH
X-HostName
Load-Balancing
X-Backend-Host
X-Edge-Cache
X-Api-Version
X-Release
ENV
Section-Origin-Responded
X-NGINX-Cache
X-BBC-Origin-Response-Status
Section-Io-Id
Section-Io-Origin-Status
X-Check-Cacheable
Section-Io-Origin-Time-Seconds
X-Proxy-Cache-Info
Permissions-Policy
X-Httpd
X-Lb-Nocache
X-HS-Status
Servername
X-ServerName
X-BCube-Filmed-By
X-APP
X-Fastly-Backend-Reqs
X-Ucs
X-Provided-By
Producers
EpKe-Alive
PICS-Label
X-GoCache-CacheStatus
ServerName
URI
X-UP
FSS-Cache
Uri
X-TRACE-ID
X-FORWARDED-FOR
Lb
WZWS-RAY
X-SB
X-Lb-Id
Server-Ttl
X-Udemy-Cache-App-Namespace
X-Cache-CFC
X-Pool
Ohc-Cache-HIT
Path
VNS-Age
X-WA-Info
VNS-Cache
CPC-Cache
CPC-Age
X-WA
Cdn
X-RateLimit-Reset
Cache-Key
Cneonction
Cteonnt-Length
X-Nc
Vha6-Origin
X-Fastly-Cache-Hits
X-Cdn-Request-ID
X-B3-ParentSpanId
X-Amz-Meta-Cb-Modifiedtime
X-Dw-Trace-Id
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Cf-Ipcountry
X-Akamai-ERRuleID
X-Ec-Custom-Error
X-Akamai-Request-ID
X-Platform-Cluster
X-Platform-Processor
X-Akamai-ERPolicy
X-Platform-Router
X-Acquia-Application-Trace
X-Wikidot-Backend
X-Vcache
X-Newrelic-App-Data
Shield-Pop
X-Cache-ASPX
X-Snapshot-Date
X-Swift-Error
X-Contensis-Viewer-Groups
X-Yottaa-OS
CF-Cached-On
X-Apw-Access-Object
X-Apw-Access-Action
X-ES-SERVER
X-Wikidot-Static-Cache
X-Apw-Access-Token
X-Apw-Hits
Sid
X-Air-Pt
X-Cache-Ngx
X-Cms-Context
X-Logging-Id
CountryCode
X-Shopify-Generated-Cart-Token
X-Scale
X-UA
X-Akamai-Pragma-Client-IP
X-CacheKey
GeoIP-Latitude
X-Last-Modified
X-Te-Count
X-Http-Duration-Ms
X-Http-Count
Req-ID
X-Te-Duration-Ms
Ngx
Pagetype
X-PJAX-URL
X-Sentry-ID
X-Varnish-Authentication