Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-Request-ID
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-LiteSpeed-Cache
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Ua-Compatible
X-Amz-Version-Id
X-Pingback
X-Device
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
X-Backend-Server
Cf-Railgun
X-Node
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Application-Context
Content-Location
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Language
X-Cache-Lookup
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Url
X-Ac
X-Trace
X-Content-Type
X-Template
Allow
X-PC
X-Vname
X-TtlSet
X-Varnish-TTL
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
Cache-Tag
X-ESI
Fastly-Restarts
X-Server-Name
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-Buckets
X-GitHub-Request-Id
X-Upstream
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
MS-Author-Via
X-Dw-Request-Base-Id
X-Cached
X-D2id
X-Abt-Application-Version
X-Client-IP
X-Origin-Cache
X-Cache-TTL
Arr-Disable-Session-Affinity
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Px
X-Cnection
Accept-Ch
X-Powered-By-Plesk
X-Goog-Hash
Access-Control-Request-Method
X-Aws-Lambda-Call-Status
X-Country-Code
X-NF-Request-ID
X-Navigation-Version
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
RTSS
X-Version
X-Powered-CMS
X-Amz-Server-Side-Encryption
Display
X-Middleton-Display
Pagespeed
X-Sol
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-SRCache-Fetch-Status
X-Kinja-Build
X-SRCache-Store-Status
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Middleton-Response
Response
X-MSEdge-Ref
X-LLID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
AR-Request-ID
AR-ATIME
AR-SID
AR-CACHE
AR-PoweredBy
X-TTL
Nginx-Cache
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Jurisdiction
X-HP-Webp
S
X-HP-Trace-Id
X-T
X-Protected-By
X-RateLimit-Remaining
Content-MD5
X-Forwarded-For
TCN
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
X-CST
Realpath
Fastcgi-Cache
X-Mid
X-MCACHE
Edge-Cache-Tag
SPRequestDuration
SPIisLatency
Front-End-Https
X-Recruiting
X-Parallel-Accel
X-Request-Processing-Time
X-Request-Received
Filters
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Pinterest-Generated-By
Fusion-Content-Source
Fusion-Template-Id
Server-Node
Pinterest-Version
X-Pinterest-Rid
X-Content
X-Ua-Browser
X-Ab
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
X-Correlation-Id
Server-Name
X-Ttl
X-NWS-LOG-UUID
X-DynaTrace
Alternate-Protocol
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-ECACHE
X-Yandex-Sdch-Disable
X-Hits
X-Accel-Expires
X-Cache-Key
X-Content-Options
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Ruxit-Js-Agent
X-Page-Id
X-Git-Hash
Cache-Tags
Cleartype
Host
Charset
X-Ser
X-Www-Served-By
X-B3-Sampled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Fastly-Request-Id
X-Geo-Country
X-Amz-Replication-Status
X-Content-Digest
Filterid
X-Daa-Tunnel
TP-Cache
TP-L2-Cache
X-Amzn-Trace-Id
X-XRDS-LOCATION
X-Forwarded-Proto
X-DIS-Request-ID
X-Az
X-AppVersion
X-Activity-Id
X-Varnish-Age
X-Hostname
X-Debug-Info
X-Rid
X-VCache
X-Origin-Server
X-Upgrade-Enabled
X-Grace
X-N
X-FB-Debug
Access-Control-Allow-Method
X-LB-Cache
X-Origin-Upstream-Status
X-Nginx-Upstream-Cache-Status
X-WebKit-CSP-Report-Only
ServerID
X-Mobile-URL
X-Microsite
X-Request-Handler-Origin-Region
X-Flags
Cross-Origin-Opener-Policy
X-Aspnet-Duration-Ms
X-Request-Guid
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-Server-ID
X-Whom
X-F-Cache
X-Goog-Stored-Content-Length
X-TT
X-NGENIX-Cache
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Tb
X-Varnish-Grace
X-App-Environment
X-App-Server
Viewport
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
Payment
X-FW-Dynamic
X-Distributor
Paypal-Debug-Id
DC
Node
X-Cache-Control
X-Seen-By
X-Logged-In
X-Type
Fastcgi-Useragent
X-User-Agent
X-Litespeed-Cache
X-Ratelimit-Limit
Country
X-Cache-Age
Accept-Charset
X-Webkit-CSP
X-Cache-Rule
X-Wix-Request-Id
X-PressLabs-Stats
X-Varnish-Backend
Version
X-Load-Cache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Node-Name
X-Cache-Action
Refresh
X-Drupal-Cache-Tags
X-Via-JSL
X-IPLB-Instance
SD-X-WS
X-Fastly-Request-ID
Access-Control-Request-Headers
Referer-Policy
X-Response-Served-From
X-Original-Request-Id
X-Cluster-Name
X-DataDome
X-Jobs
X-Page-View
X-Is-Bot
Cache-Status
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
X-Cacheable-TTL
X-Real-IP
X-Rendered-As
VIX-Pulpo-Upstream-Status
X-Fastcgi-Cache
VIX-Pulpo-Node
X-Cache-Expired-At
X-B
X-Debug
X-Mobile
X-Revision
X-Contextid
X-B-Cache
Amp-Access-Control-Allow-Source-Origin
X-RemovedCookies
X-Signature
NGB
X-UUID
X-ProcessESI
X-Yottaa-Optimizations
X-Device-Type
X-Yottaa-Metrics
X-Rule
X-Proxy
Surrogate-Key
X-G
DynaTrace
X-Framework
X-Cache-Time
X-Drupal-Cache-Contexts
X-Instance
Akamai-GRN
X-Debug-IsConnected
X-Debug-IsPreview
CF-IPCountry
X-FW-Version
Liferay-Portal
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
SID
X-Oracle-Dms-Rid
X-Azure-Ref
X-Oracle-Dms-Ecid
Healthy
X-Source
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Ms-Version
X-Ms-Request-Id
X-Nginx-Cache
X-Oneagent-Js-Injection
MS-CV
Frame-Options
Ms-Operation-Id
X-RTag
X-Cache-Hit
X-CDN-Forward
Countrycode
X-XRDS-Location
X-Environment-Context
X-Tumblr-User
X-Tumblr-Pixel-0
X-L-Path
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-APP-VERSION
Count-Hit
X-Cache-Operation
X-Varnish-Server
Xserver
Uber-Trace-Id
GEO-INFO
Section-Io-Cache
X-EdgeConnect-Cache-Status
X-Servername
X-Region
X-Accel-Buffering
X-Ratelimit-Reset
X-Content-Powered-By
X-Backend-Name
X-Forwarded-Host
X-Mode
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Backend
Ec-Rule-Version
X-Zen-Fury
X-Detected-As
X-JoinUs
Meta-Geo
X-UPSTREAM-Address
X-RN-RSRV
X-SaId
X-Sql-Duration-Ms
X-Sql-Count
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Presslabs-Stats
X-Generation-Time
X-Tid
X-Sorting-Hat-PodId
X-Shopify-Stage
Country-Code
X-Varnish-Beresp-Grace
X-Human
X-Adobe-Loc
X-Cache-Server
X-Adobe-Content
Eomportal-Instance
X-Redis-Cache
X-Cache-Grace
X-Alternate-Cache-Key
X-Uri
X-Cache-Type
X-Debug-Cache
X-Hosted-By
X-Cache-TTL-Remaining
X-FB-TRIP-ID
Cache-Tv-Group
DB-Nickname
Apigw-Requestid
Decoy-Debug-TTL
Url
Decoy-Debug-Status
Decoy-Debug-Key
X-Cache-NGX
X-BYPASS-REASON
X-Microcachable
X-ProxyCache-Status
X-Site-Version
X-PHP-Backend
Cache-Name
X-ProxyCache-Key
X-RateLimit-Limit
X-UA-Device-Type
X-Via-Fastly
X-ServerID
X-No-Session
X-Origin-Date
X-Proxy-Build
X-Storage
X-Web-Node
Mn-Server-Ip
X-Timing-Wait
Protected
X-Akamai-Edgescape
X-Say-TTL
X-OCL
X-NCache
X-SayCDN-TTL
X-Rewrite-Enabled
X-PCL
Selected-Fe
X-Say-Cacheable
X-Status
X-Cache-Host
OT-Force-Account-Verify
X-Varnishpool
Fastly-SSL
Property-Id
TWC-GeoIP-LatLong
X-Routing-Service
Webcakes-Region
Webcakes-App-Name
X-Server-W
X-Zipkin-Id
X-Hl-Ver
X-Origin-Hint
X-Soup
X-Proxied
TWC-Privacy
X-Extlb
TWC-GeoIP-Country
TWC-Device-Class
X-R9-Blue-Green-Version
X-Pubstack
TWC-Locale-Group
X-Format
TWC-Connection-Speed
Webcakes-App-Version
Azure-InstanceId
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
Content-Secure-Policy
X-PERF
X-Section
X-Access
X-NYM-Debug-Backend
X-ApacheServer
X-Azure-Ref-OriginShield
X-Cluster-Node
X-Be
X-LSADC-Cache
Source
X-Content-Age
X-Ua
X-Webkit-Csp
CDN-RequestCountryCode
CDN-CachedAt
CDN-Uid
Content-Disposition
CDN-PullZone
CDN-RequestId
CDN-EdgeStorageId
CDN-Cache
X-NewRelic-App-Data
X-Cached-By
Cache
X-TT-LOGID
X-Generated-By
X-HTML-Minification-Powered-By
X-SRV
SRV
X-Dc
X-Hyper-Cache
X-App-Version
X-Cache-Var
X-LAGOON
X-Time
X-Cache-Var-Map
X-Amz-Meta-S3cmd-Attrs
X-Unique-Id
X-Nginx-Cache-Key
X-Loop
X-Bc-Bl
X-Varnish-Hits
X-TNCMS
X-Varnish-Hostname
Onion-Location
X-Trace-Id
X-S-Maxage
X-Auto-Login
LB
Xet-Cookie
Retry-After
X-GEO
X-Origin-CC
Cache-Hits
X-Origin-TTL
Web-Mar-Node
X-Tumblr-Pixel-3
X-ECache
X-Tumblr-Pixel-2
X-Cdn
X-Proto
Mime-Version
Webserver
X-M-Log
X-Qnm-Cache
X-M-Reqid
X-Tenant
X-Time-Microsecs
X-Endurance-Cache-Level
X-Platform-Server
X-CSRF-Token
X-Akamai-Transformed
HostName
X-TIME
WPO-Cache-Message
WPO-Cache-Status
X-GG-Cache-Date
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
CloudFront-Viewer-Country
X-Edge-Location
X-Cache-Remote
X-B3-SpanId
X-CACHE-KEY
N-Cache
X-Mg-Request-UUID
X-Xfnlog-Site
X-Cache-Tags
X-Ratelimit-Remaining
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Amzn-RequestId
X-Labrador-Cache-Channel
X-PHP-Host
X-Varnish-Cache-Hits
ServedBy
X-Request-Time
X-Correlation-ID
X-AOL-HN
Nel
X-Locale
X-Origin-Response-Time
X-Handled-By
X-NAPM-TraceId
BehaviorPad-Version
X-Hnp-Log
A
X-Ig-Push-State
Xc-Version
X-Application
X-ARC
X-B-Cookie
X-VG-WebCache
X-Destination
X-Developer
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Aed
X-Block-Status
X-Cache-Date
X-Ckpd-Fst-Backend
X-Cluster
X-Conf
X-Connection-Hash
X-D
X-CF-Lambda-Version
X-Vdms-Version
X-Cache-NE
X-Vdms-Path
X-CF-Lambda-Fn
X-A-Dam
X-A-Ccd
X-Forwarded-Path
Meta-Geo-Continent
Mobile-Detection-Method
Odigeo-Trace-Id
X-Ftr-Request-Id
X-Gen-Mode
DCR-Processing-Time-Ms
DSUID
Expiry
Fastcgi-X-Cache-Version
X-External-Request-Id
Origin
Surrogated-Key
User-Cache-Control
X-Vtex-Processado-Em
X-A
X-Vtex-Remote-Cache
X-Orig-Expires
Pramga
Redirect-Candidate
Rendered-Blocks
DCR-Decision-By
X-ND-Cache
X-SD-PageType
X-ScT
X-Session-Fingerprint
X-Shop-Environment
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Request-Host
X-S-Cookie
X-Rojux
X-V-Cache
X-S
X-Storefront-Renderer-Rendered
X-Planisys-CDN-TTL
X-TIM-N
X-Planisys-CDN-Rules
X-SRCache-Key
X-RCS-CacheZone
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Via-NSCOPI
X-Slack-Backend
X-PAYTM-SRV-ID
X-Processor
X-MP-GENERATED-AT
X-VC-Cache
Origin-EX
Origin-CC
Cmstype
Release
X-Webstats-RespID
X-Epic-Correlation-Id
X-Proxy-Upstream
X-Gdpr
Gh-Request-Id
Host-ID
X-Rocket-Nginx-Serving-Static
AMP-Access-Control-Allow-Source-Origin
X-Fetched-On
X-Reqid
X-Forwarded-Site
Fastcgi-Cache-TTL
X-Geo-Header
X-Scheme
X-Skip-Cache
X-Date
X-Adobe-Source
X-Cache-Bucket
X-Cache-Info
X-Sucuri-ID
X-Sucuri-Cache
Server-Info
X-ATG-Version
X-Server-IP
V-Age
X-Device-Os
Traceparent
Vix-Hermes-Req-Id
X-VServer
X-Accel-Expires-Debug
X-Served-From
Cmsid
State
X-Fastly-Cache
X-Owner
X-Mvc-Supplant-Cachable
X-Men
X-Hash
X-Varnish-Beresp-Status
X-Li-Fabric
X-Policy
Arc-Country
X-Core-Mission
X-Location
X-Origin-Time
AKAMAI
X-LI-UUID
X-Origin-Expires
X-Li-Pop
CacheControlHeader
X-Old-Content-Length
X-Nyt-Route
From-Origin
Environment
X-FireWall-Port
Wxu-Next-Commit
Wxu-Next-Hostname
Web-Mar-Region
Wxu-Next-Region
X-Platform
Thinkindot-CacheControl
Svr
X-Magnolia-Registration
X-HS-Content-Campaign-Id
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Viewer-Country
X-Level-Front-Cache
X-Irp-Debug
True-Client-Country-4JS
We-Hiring
X-Sigma
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Sn-Servicetimems
X-Cdn-Origin
X-Cdn-Srv
X-Thanos
X-TH-Server
X-Core-Value
X-Cache-Id
X-Cache-Debug
X-Node-Id
X-BBC-Edge-Cache-Status
X-Sigma-Backend
Server-Host
X-VG-TLSProxy
X-Bip
X-Cache-Config
X-Branch-Name
X-NodeID
X-TrackingId
TDXMobile
Fastly-GeoIP-CountryCode
X-Req
L
X-Generated-On
X-GeoIP
X-Fastly-Backend
X-Region-Sid
Machine
X-Rocket-Build-Number
Mail-Subject
X-Thinkindot-L3
X-Gamma-Serve
X-GeoIP-City
Sslversion
X-Gzip
X-Aicache-OS
Req-Svc-Chain
CDCHOST
X-Esi-Check
X-Request-Start
X-Xrds-Location
X-EC-Lua
X-VarnishDD-TTL
X-Rebelmouse-Surrogate-Control
Apple-News-Services-Parsed-Url
Candidate-Md5Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Is-Eu
X-Varnish-CookieHashed-On
Fastly-SWR
X-HN
X-Rebelmouse-Cache-Control
X-Varnish-Remaining-TTL
X-NU-AKA-ACS-Version
X-Qloud-Router
Datacenter
X-Has-Esi
X-Zone
Fastly-SIE
X-Varnish-CookieINHashed-On
Apple-News-Services-Handled
X-Is-Gdpr
X-DPWN-IS-SECURE
PFcat
Ssr
Adler-Geo
Platform
WP-Super-Cache
X-Worker
X-Variation
X-Response-By
Cf-Device-Type
X-Developers
X-JWT-State
NM-Fastcgi-Cache
X-Amzn-Remapped-Content-Length
X-Loc
Locid
Fastly-Drupal-Html
X-FC-Vary-Parameters
X-DefHash
X-DefElseHash
NGX
Memcached
X-Origin
X-Datadome
X-Ua-Device
X-Pod-Name
X-Csrf-Jwt
X-RateLimit-Limit-Second
X-Mvc-Supplant-OutputCached
X-UnsetCookies
X-RateLimit-Remaining-Second
X-Eu-Site
X-Envoy-Decorator-Operation
X-Request-URI
HA-Ipaddr
Ha-Gx-Prefs
X-CLOUD-TRACE-CONTEXT
X-Backend-State
L5d-Success-Class
X-CS
X-CGP
X-Tx-Id
X-Dynatrace
WWW-Authenticate
On-Server
X-LB-ID
X-Up
X-NC
X-API-Version
X-Varnish-Beresp-Ttl
CDN
X-Cache-Enabled
Pics-Label
X-Trace-ID
X-Vc
X-Backend-TTL
Esi-Enabled
Ms-Author-Via
X-NWS-UUID-VERIFY
X-Generated-In
X-Refresh
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-DynaTrace-JS-Agent
Time
Memory
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popn
X-Edge-Pop
X-Via-Popv
X-TraceId
X-Via-Poph
C-Via
X-Service
X-LB-NoCache
X-TA-CDN-Provider
Magicmarker
Env
GeoIp-Country-Code
X-Cache-PHP
X-Parent-Response-Time
X-CacheTTL
Kp-EeAlive
X-Tt-Logid
X-Optimistic-Header
X-DC
X-Restarts
WebServer
X-Varnish-Beresp-TTL
S-Rt
X-Cache-Status-Check
X-Esi
X-Render-Time
X-Srv
X-TX-ID
X-ZONE
Edge-Cache
X-Unique-ID
X-MSEdge-Flight
X-Wix-Viewer-Type
X-MSEdge-Features
X-Cache-Backend
X-RPM
X-RPS
X-RSL
X-DW
X-DI
X-Action
X-Servedbyhost
X-DSS
X-DB
Server-ID
X-Cs
X-Info
X-AIR-PT
X-Minions-Version
X-Http-Reason
X-Li-Proto
X-App
X-VCL-Version
Proxy-Connection
X-Akamai-Request-ID2
X-Newrelic-Synthetics
X-Cache-Ttl
X-Clientip
X-HA-Backend
X-URL
UCS
Cache-Host
X-FPC
HIT
X-Oss-Request-Id
Test
X-Varnish-Ttl
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Fpc
X-LI-Proto
X-Webkit-Csp-Report-Only
X-Traceid
X-Vcl-Version
Accept-Language
Server-Id
S-Cnection
X-LiteSpeed-Cache-Control
X-Webkit-CSP-Report-Only
X-NODE
X-User
X-Ec-GeoHdr
Tcn
X-Ec-Fail
Geo-Info
X-B3-Spanid
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Lb
Section-Io-Origin-Status
X-Urbn-Context-Path
X-Micro-Cache
X-Urbn-Site-Id
Fastly-Backend-Name
Locale
User-Agent
X-Pass-Why
Fastly-Drupal-HTML
X-LiteSpeed-Tag
X-Backend-Host
Cf-Int-Pingora-Origin-Digest
X-Pad
X-HostName
X-CSRF-TOKEN
M-TraceId
X-AK-Request-ID
X-APP
X-BBC-Origin-Response-Status
X-Ha-Backend
X-ID
Resin-Trace
X-BCube-Filmed-By
Cdnsip
Cdncip
X-ServedByHost
X-Release
Hostname
X-WADP-Cache
Ohc-File-Size
My-App
Hit
GeoIP-Country-Code
X-Check-Cacheable
Geoip-Latitude
X-Fmm-Version
Cluster
X-Clara-WADP
X-ES-SERVER
X-Dynatrace-Js-Agent
X-Geo
ENV
X-ElasticPress-Query
EpKe-Alive
X-Edge-POP
CPC-Cache
Cache-Key
MIME-Version
Path
X-WA
X-WA-Info
CPC-Age
Tracecode
VNS-Age
X-Amz-Meta-Cb-Modifiedtime
VNS-Cache
X-Var-Ttl
X-Via-PopV
X-Via-PopN
X-CUA
X-Via-PopH
X-Cdn-Forward
Lfy
X-NGINX-Cache
X-Edge-Cache
T-Server
X-Api-Version
X-From
Load-Balancing
X-HS-Status
X-Akamai-Pragma-Client-IP
Srv
X-Cms-Context
X-PJAX-URL
Lang
URI
X-Ucs
X-RAMCache
X-ServerName
Shield-Pop
X-Wikidot-Backend
X-Wikidot-Static-Cache
Pagetype
X-Fragments
X-Fastly-Backend-Reqs
X-Via-Ucdn
X-Hcs-Proxy-Type
X-Fastly-Cache-Hits
X-CCDN-Origin-Time
X-GoCache-CacheStatus
MD5-Digest
X-CCDN-CacheTTL
X-Mcache
Servername
X-UP
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Target-Params
X-TRACE-ID
X-Dw-Trace-Id
X-Cdn-Request-ID
X-VG-WebServer
Server-Ext
X-VC
Sever-Int
X-SIPLIST1
DataCenter
X-Lb-Id
IsBot
Server-Hostname
X-B3-ParentSpanId
Cdn
Ohc-Cache-HIT
X-Nc
Uri
WZWS-RAY
X-RateLimit-Reset
Cneonction
X-Cache-Expires
X-Swift-Error
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
W
X-Vcache
Cteonnt-Length
X-Snapshot-Date
X-Contensis-Viewer-Groups
X-Apw-Access-Token
X-Apw-Access-Object
X-Lb-Nocache
X-Apw-Access-Action
Cf-Ipcountry
CF-Cached-On
X-Newrelic-App-Data
PICS-Label
X-Yottaa-OS
Vha6-Origin
X-Cache-ASPX
X-Apw-Hits
Sid
X-Cache-Ngx
X-Air-Pt
Dnion-Transfer-Encoding
Server-Ttl
Req-ID
X-Akamai-Request-ID
X-Te-Duration-Ms
X-B3-Parentspanid
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Httpd
X-Proxy-Cache-Info
ServerName
Permissions-Policy
X-Last-Modified
FSS-Cache
X-Te-Count
X-Http-Duration-Ms
CountryCode
Ngx
X-Provided-By
X-Platform-Router
X-Platform-Cluster
HitType
X-Miniprofiler-Ids
X-Sentry-ID
X-UA
X-Http-Count
X-CacheKey
X-Logging-Id
X-Varnish-Authentication
X-Platform-Processor