Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
Report-To
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
NEL
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Ruxit-JS-Agent
X-Country
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-TtlSet
X-PC
Allow
X-Clacks-Overhead
X-Mod-Pagespeed
X-Varnish-TTL
Edge-Control
X-ESI
X-Server-Name
Fastly-Restarts
X-Aws-Lambda-Call-Status
Cache-Tag
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-Vcap-Request-Id
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Px
RTSS
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Origin-Cache
AR-SID
X-Powered-CMS
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-CACHE
X-Version
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Accept-Ch
X-Edge
X-TTL
TCN
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Protected-By
X-T
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Forwarded-For
X-Shield-Request-Id
X-RateLimit-Remaining
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Content-MD5
S
Edge-Cache-Tag
X-Aspnetmvc-Version
X-CST
SPRequestDuration
Fastcgi-Cache
X-Language
SPIisLatency
X-Mid
Front-End-Https
Realpath
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Pinterest-Version
X-Pinterest-Rid
Filters
X-Ttl
Pinterest-Generated-By
X-DynaTrace
Server-Node
X-MCACHE
X-Frontend
Server-Name
X-Ua-Browser
X-Ab
X-Content
X-Correlation-Id
X-Ser
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
X-Template
X-Hits
X-ECACHE
X-Parallel-Accel
X-Cache-Key
Alternate-Protocol
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
Cache-Tags
X-Kong-Upstream-Latency
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
X-Page-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-B3-Sampled
Charset
Host
Cleartype
X-Git-Hash
X-Www-Served-By
X-Content-Options
X-Geo-Country
X-Debug-Info
X-DIS-Request-ID
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Fastly-Request-Id
X-Ratelimit-Limit
X-Hostname
X-Content-Digest
X-Amz-Replication-Status
X-Varnish-Age
Filterid
X-XRDS-LOCATION
X-Az
X-AppVersion
X-Activity-Id
Cross-Origin-Opener-Policy
X-Accel-Expires
X-VCache
X-FB-Debug
X-Upgrade-Enabled
X-Grace
X-Forwarded-Proto
X-WebKit-CSP-Report-Only
X-N
X-Origin-Server
X-F-Cache
X-Rid
ServerID
X-Nginx-Upstream-Cache-Status
Access-Control-Allow-Method
TP-Cache
TP-L2-Cache
X-Mobile-URL
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-Flags
X-Aspnet-Duration-Ms
X-Request-Guid
X-LB-Cache
X-TT
X-Whom
X-Type
X-Varnish-Grace
Viewport
X-App-Environment
X-Seen-By
X-Goog-Storage-Class
X-Tb
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-FW-Type
X-FW-Server
Node
X-Distributor
Payment
X-FW-Serve
DC
X-Server-ID
Paypal-Debug-Id
X-User-Agent
X-App-Server
X-DataDome
Fastcgi-Useragent
Country
X-Wix-Request-Id
Accept-Charset
X-NGENIX-Cache
X-Cache-Control
X-Cache-Rule
X-Origin-Upstream-Status
X-Litespeed-Cache
X-Fastcgi-Cache
Version
X-Ratelimit-Reset
X-Logged-In
X-Request-Handler-Origin-Region
X-Via-JSL
X-Microsite
X-Drupal-Cache-Tags
Referer-Policy
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Fastly-Request-ID
X-Webkit-Csp
X-Cluster-Name
X-Cache-Age
X-Webkit-CSP
X-Signature
X-B-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Cache-Status
X-Buckets
X-Contextid
Refresh
X-Browser-Type
X-Load-Cache
X-Varnish-Backend
VIX-Pulpo-Node
X-Original-Request-Id
X-Response-Served-From
X-Node-Name
SD-X-WS
VIX-Pulpo-Upstream-Status
X-Real-IP
X-Rendered-As
X-Is-Bot
X-Mobile
X-Page-View
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-Cacheable-TTL
NGB
X-Debug
X-Proxy-Cache-Status
X-Jobs
Access-Control-Request-Headers
X-B
X-Yottaa-Metrics
X-Revision
X-RemovedCookies
X-Instance
X-Yottaa-Optimizations
X-UUID
X-Proxy
X-Rule
X-IPLB-Instance
X-ProcessESI
X-Device-Type
X-Drupal-Cache-Contexts
Surrogate-Key
X-Cache-Action
Akamai-GRN
X-Framework
X-Debug-IsConnected
X-Cache-Time
X-Debug-IsPreview
Amp-Access-Control-Allow-Source-Origin
X-FW-Version
X-G
CF-IPCountry
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
SID
DynaTrace
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Azure-Ref
X-Accel-Buffering
X-Presslabs-Stats
Liferay-Portal
X-Nginx-Cache
GEO-INFO
X-Source
X-PressLabs-Stats
X-Ratelimit-Remaining
Count-Hit
X-Ms-Version
X-Ms-Request-Id
X-TEC-API-VERSION
Uber-Trace-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Oneagent-Js-Injection
X-Cache-Operation
X-APP-VERSION
Frame-Options
X-Cache-NGX
Healthy
Ms-Operation-Id
MS-CV
X-RTag
X-Zen-Fury
X-EdgeConnect-Cache-Status
X-XRDS-Location
X-Cache-Hit
X-CDN-Forward
Countrycode
Protected
Xserver
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-L-Path
X-Tumblr-Pixel-1
X-Mode
X-Backend-Name
X-Tumblr-User
X-Varnish-Server
X-Environment-Context
Cross-Origin-Window-Policy
Ec-Rule-Version
X-IPS-LoggedIn
X-Cache-TTL-Remaining
X-Region
X-Forwarded-Host
X-Servername
Backend
X-RateLimit-Limit
X-JoinUs
X-Detected-As
X-SaId
X-Rewrite-Enabled
X-Adobe-Content
Meta-Geo
X-Adobe-Loc
X-Hyper-Cache
X-UPSTREAM-Address
X-Tid
X-RN-RSRV
X-Extlb
LB
Section-Io-Cache
X-Routing-Service
Decoy-Debug-TTL
Eomportal-Instance
Decoy-Debug-Status
Decoy-Debug-Key
X-Sql-Count
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Uri
X-Content-Age
X-Cache-Grace
X-Sql-Duration-Ms
Apigw-Requestid
X-Zipkin-Id
X-Alternate-Cache-Key
X-ShardId
X-Hosted-By
X-ShopId
X-Content-Powered-By
X-Redis-Cache
X-Cache-Server
X-Debug-Cache
X-Shopify-Stage
Country-Code
X-Proxied
X-Generation-Time
Url
Mn-Server-Ip
X-Status
X-Varnish-Beresp-Grace
X-No-Session
X-ServerID
X-NCache
X-PERF
X-Origin-Date
X-PHP-Backend
X-Human
X-Site-Version
Cache-Name
X-Format
X-Via-Fastly
X-ApacheServer
Fastly-SSL
X-FB-TRIP-ID
Property-Id
Cache-Tv-Group
Content-Disposition
X-Cache-Type
X-Timing-Wait
X-Cache-Host
X-PCL
X-BYPASS-REASON
X-Storage
X-OCL
Selected-Fe
X-Origin-Hint
X-UA-Device-Type
Webcakes-App-Version
Webcakes-App-Name
X-NewRelic-App-Data
X-Pubstack
Webcakes-Region
X-Section
X-Microcachable
X-Akamai-Edgescape
X-Access
X-Server-W
X-ProxyCache-Status
X-NYM-Debug-Backend
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Cluster-Node
X-ProxyCache-Key
TWC-Privacy
X-Proxy-Build
X-Hl-Ver
X-R9-Blue-Green-Version
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-CachedAt
CDN-Cache
X-Say-TTL
X-Web-Node
X-SayCDN-TTL
X-Trace-Id
X-Varnishpool
CDN-Uid
X-Say-Cacheable
CDN-RequestId
X-Be
Content-Secure-Policy
X-Azure-Ref-OriginShield
X-Soup
Azure-Version
X-Generated-By
X-TIME
Azure-SlotName
Azure-InstanceId
Azure-SiteName
Azure-RegionName
DB-Nickname
X-Ua
X-LSADC-Cache
WPO-Cache-Status
WPO-Cache-Message
OT-Force-Account-Verify
X-Nginx-Cache-Key
Retry-After
X-Dc
X-Cached-By
Source
X-Bc-Bl
SRV
X-Unique-Id
Cache
X-SRV
X-TT-LOGID
X-Auto-Login
X-LAGOON
X-Platform-Server
X-Cache-Remote
X-Xfnlog-Site
X-Akamai-Transformed
X-Varnish-Hits
Cache-Hits
HostName
X-GEO
X-ECache
X-TNCMS
X-HTML-Minification-Powered-By
X-Varnish-Hostname
ServedBy
X-Origin-TTL
X-Loop
X-Cache-Tags
X-Origin-CC
Mime-Version
X-Cdn
Onion-Location
X-App-Version
X-CSRF-Token
X-S-Maxage
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Request-Time
Xet-Cookie
X-Amz-Meta-S3cmd-Attrs
From-Origin
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-AOL-HN
Web-Mar-Node
Webserver
X-Request-Host
WP-Super-Cache
X-EC-Lua
X-Time
X-Proto
N-Cache
X-Endurance-Cache-Level
X-Tenant
X-NWS-UUID-VERIFY
X-AWS-Id
X-VWS-Id
X-FireWall-Port
X-LJ-Flow-ID
X-Cache-Enabled
X-GG-Cache-Date
AMP-Access-Control-Allow-Source-Origin
X-Handled-By
X-Time-Microsecs
X-B3-SpanId
X-Cache-Var
X-Origin-Response-Time
X-Edge-Location
X-Cache-Var-Map
X-Planisys-CDN-TTL
X-Connection-Hash
X-Correlation-ID
Meta-Geo-Continent
X-Processor
Mobile-Detection-Method
X-Conf
X-Rojux
X-S-Cookie
X-ScT
X-SD-PageType
X-S
X-CF-Lambda-Fn
Odigeo-Trace-Id
X-Ckpd-Fst-Backend
X-CF-Lambda-Version
X-Cluster
X-Destination
Nel
DCR-Decision-By
DCR-Processing-Time-Ms
X-A
X-Forwarded-Path
X-Ig-Push-State
X-Gen-Mode
A
X-Ftr-Request-Id
X-Hnp-Log
X-External-Request-Id
Expiry
X-D
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Orig-Expires
BehaviorPad-Version
Fastcgi-X-Cache-Version
X-NAPM-TraceId
X-ND-Cache
X-Developer
X-Planisys-CDN-Rules
X-Cache-NE
X-Aicache-OS
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Pramga
X-VG-WebCache
X-Vdms-Version
X-ARC
X-Application
X-Vdms-Path
Xc-Version
User-Cache-Control
X-A-Dam
X-A-Ccd
X-Mg-Request-UUID
X-A-Dcw
X-A-Dgt
V-Age
Vix-Hermes-Req-Id
X-A-Wwc
X-V-Cache
X-Aed
Rendered-Blocks
X-B-Cookie
X-Slack-Backend
Redirect-Candidate
X-Session-Fingerprint
X-Shop-Environment
Sslversion
X-SRCache-Key
X-Via-NSCOPI
Surrogated-Key
X-Block-Status
X-TIM-N
CloudFront-Viewer-Country
X-Amzn-RequestId
X-Adobe-Source
X-PHP-Host
X-Reqid
X-Magnolia-Registration
X-Labrador-Cache-Channel
X-Amz-Apigw-Id
X-MP-GENERATED-AT
CDCHOST
Wxu-Next-Hostname
X-Forwarded-Site
X-Cache-Bucket
Wxu-Next-Commit
Wxu-Next-Region
X-Gdpr
CacheControlHeader
State
Cmsid
Gh-Request-Id
X-Accel-Expires-Debug
X-Fastly-Cache
X-Date
Svr
Host-ID
True-Client-Country-4JS
Origin
Cmstype
X-Cdn-Srv
Fastcgi-Cache-TTL
X-Cache-Date
DSUID
X-Li-Pop
X-Origin-Expires
X-Origin-Time
X-SVT-ORM-VERSION
X-Old-Content-Length
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Webstats-RespID
X-NodeID
X-Policy
X-Proxy-Upstream
X-Request-URI
X-Scheme
X-Server-IP
X-Sucuri-Cache
X-Sucuri-ID
X-SVT-ORM-RULES
X-RCS-CacheZone
X-Men
X-Viewer-Country
X-Backend-TTL
X-Location
X-Hash
X-Epic-Correlation-Id
X-LI-UUID
X-Li-Fabric
X-Geo-Header
AKAMAI
Arc-Country
X-Varnish-Ttl
Environment
X-Sn-Servicetimems
X-Branch-Name
X-Cache-Id
X-Origin
X-Storefront-Renderer-Rendered
X-Cache-Debug
X-GeoIP-Region-Code
X-VG-TLSProxy
X-Rocket-Nginx-Serving-Static
X-Backend-State
Apple-News-Services-Request-Url
X-VServer
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Skip-Cache
X-VarnishDD-TTL
X-TrackingId
X-TH-Server
X-Cache-Info
X-UnsetCookies
X-Varnish-Beresp-Status
X-GeoIP-Country-Code
X-RateLimit-Limit-Second
X-Locale
X-Fastly-Backend
X-Eu-Site
X-Esi-Check
X-Device-Os
X-Envoy-Decorator-Operation
X-Level-Front-Cache
X-Fetched-On
X-GeoIP-City
X-GeoIP
X-Gzip
X-HN
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Developers
X-Datadog-Trace-Id
X-Region-Sid
X-RateLimit-Remaining-Second
X-CGP
X-Req
X-Cdn-Origin
X-Request-Start
X-Generated-On
X-Platform
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Core-Value
X-Core-Mission
X-Served-From
X-Gamma-Serve
Fastly-Drupal-Html
Server-Host
Origin-EX
Release
Ssr
Origin-CC
PFcat
Server-Info
Machine
Mail-Subject
Ha-Gx-Prefs
HA-Ipaddr
Web-Mar-Region
We-Hiring
Locid
L
Traceparent
L5d-Success-Class
S-Rt
X-CACHE-KEY
X-Node-Id
X-JWT-State
X-FC-Vary-Parameters
Fastly-SWR
X-DPWN-IS-SECURE
Fastly-SIE
Cf-Device-Type
X-Has-Esi
Adler-Geo
X-Is-Gdpr
X-Owner
X-BBC-Edge-Cache-Status
Req-Svc-Chain
Fastly-GeoIP-CountryCode
X-Worker
X-Qnm-Cache
X-Rocket-Build-Number
X-M-Reqid
X-Sigma-Backend
X-Sigma
X-M-Log
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Pod-Name
X-DefHash
X-Rebelmouse-Surrogate-Control
X-Response-By
X-Variation
X-VC-Cache
X-Thinkindot-L3
X-NU-AKA-ACS-Version
X-Varnish-Remaining-TTL
TDXMobile
NM-Fastcgi-Cache
X-Amzn-Remapped-Content-Length
Platform
Thinkindot-CacheControl
X-ATG-Version
X-DefElseHash
Is-Eu
Thinkindot-Control
Memcached
Thinkindot-CacheControl-Type
X-Xrds-Location
X-Bip
X-Loc
Magicmarker
X-Http-Reason
X-Mvc-Supplant-OutputCached
NGX
X-Zone
X-Akamai-Request-ID2
X-Thanos
X-Ua-Device
X-Varnish-Beresp-Ttl
X-LB-ID
X-CS
X-TraceId
X-Up
X-NC
X-Restarts
X-CLOUD-TRACE-CONTEXT
X-API-Version
X-Tx-Id
CDN
X-Generated-In
X-Cache-Config
Kp-EeAlive
X-RSL
X-Wix-Viewer-Type
X-DSS
X-DW
X-Trace-ID
X-RPS
X-DI
Time
Memory
X-Cache-Backend
X-Action
X-RPM
Ms-Author-Via
Edge-Cache
Pics-Label
X-DB
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
X-Via-Popv
X-Refresh
X-LB-NoCache
X-Via-Popn
Env
X-Via-Poph
Accept-Language
X-Optimistic-Header
X-Edge-Pop
Candidate-Md5Url
X-CacheTTL
X-Minions-Version
NtCoent-Length
Datacenter
GeoIp-Country-Code
WebServer
X-Datadome
X-HA-Backend
X-Srv
X-DynaTrace-JS-Agent
X-Vc
Locale
WWW-Authenticate
On-Server
X-DC
X-Urbn-Site-Id
X-Urbn-Context-Path
X-ZONE
X-TX-ID
Esi-Enabled
X-MSEdge-Features
X-Cs
X-Esi
X-MSEdge-Flight
X-Varnish-Beresp-TTL
X-Parent-Response-Time
X-Unique-ID
X-Ec-GeoHdr
X-Ec-Fail
X-Servedbyhost
X-User
Server-ID
C-Via
X-Service
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Cache-PHP
X-Li-Proto
Cdnsip
X-VCL-Version
X-AK-Request-ID
Cdncip
X-App
X-Cache-Ttl
X-FPC
X-B3-Spanid
X-Dynatrace
X-URL
X-Fpc
X-LI-Proto
My-App
Test
X-Clara-WADP
X-WADP-Cache
Cluster
X-Fmm-Version
Geoip-Latitude
X-Vcl-Version
X-Cache-Status-Check
X-Render-Time
X-Webkit-Csp-Report-Only
X-LiteSpeed-Cache-Control
X-Traceid
Geo-Info
X-CUA
X-Var-Ttl
Tracecode
X-Webkit-CSP-Report-Only
Proxy-Connection
X-Pass-Why
X-NODE
DataCenter
T-Server
X-From
Lfy
Cf-Int-Pingora-Origin-Digest
Server-Id
X-Mcache
Fastly-Drupal-HTML
X-Fragments
M-TraceId
Lang
Resin-Trace
X-VC
X-Clientip
Target-Params
X-ServedByHost
X-LiteSpeed-Tag
X-Info
X-AIR-PT
X-CSRF-TOKEN
Cache-Host
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Geo
X-ID
X-Oss-Storage-Class
UCS
X-Oss-Hash-Crc64ecma
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Ha-Backend
HIT
X-Cdn-Forward
MIME-Version
Hostname
S-Cnection
Hit
X-Pad
GeoIP-Country-Code
X-RAMCache
X-Dynatrace-Js-Agent
X-Provided-By
X-Via-PopN
Tcn
Ohc-File-Size
X-Via-PopH
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-Edge-POP
Section-Origin-Responded
X-Via-PopV
X-Httpd
X-Proxy-Cache-Info
ENV
Permissions-Policy
X-Edge-Cache
WZWS-RAY
X-ElasticPress-Query
X-Check-Cacheable
User-Agent
Servername
X-NGINX-Cache
X-HS-Status
Load-Balancing
X-Micro-Cache
X-Api-Version
Producers
Fastly-Backend-Name
X-Lb-Nocache
X-BBC-Origin-Response-Status
X-Cache-CFC
X-Ucs
PICS-Label
X-Backend-Host
X-SB
X-Release
X-ServerName
X-Fastly-Backend-Reqs
X-HostName
X-GoCache-CacheStatus
X-Acquia-Site
X-Acquia-Application-UUID
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
X-Acquia-Purge-Tags
X-UP
X-Acquia-Application-Trace
Wpo-Cache-Status
X-BCube-Filmed-By
X-Pool
FSS-Cache
ServerName
X-Udemy-Cache-App-Namespace
X-APP
URI
Wpo-Cache-Message
Uri
X-TRACE-ID
EpKe-Alive
X-Cdn-Request-ID
X-Swift-Error
Cteonnt-Length
Cdn
Server-Ttl
X-Fastly-Cache-Hits
Cneonction
X-Scale
Ohc-Cache-HIT
X-Ec-Custom-Error
X-Nc
X-Lb-Id
X-RateLimit-Reset
X-Dw-Trace-Id
Server-Ext
MD5-Digest
IsBot
Server-Hostname
X-Dispatcher-Number
X-Akamai-ERPolicy
X-B3-Parentspanid
X-Cache-Expires
X-Akamai-ERRuleID
X-IN-APIGATEWAY
X-SIPLIST1
X-IN-APIGATEWAYSSL
Sever-Int
Path
X-Apw-Access-Action
X-Vcache
X-WA-Info
X-Litespeed-Cache-Control
X-Amz-Meta-Cb-Modifiedtime
X-Cache-ASPX
Shield-Pop
VNS-Cache
X-WA
X-Newrelic-App-Data
Cache-Key
CPC-Age
CPC-Cache
Cf-Ipcountry
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Token
X-Contensis-Viewer-Groups
VNS-Age
X-Snapshot-Date
Vha6-Origin
X-B3-ParentSpanId
CF-Cached-On
X-Yottaa-OS
Sid
X-Cache-Ngx
Lb
X-Air-Pt
X-Http-Count
X-Http-Duration-Ms
X-Varnish-Authentication
Req-ID
X-ES-SERVER
X-Sentry-ID
CountryCode
X-Te-Count
X-Te-Duration-Ms
X-Akamai-Request-ID
X-Wikidot-Static-Cache
X-CacheKey
X-Logging-Id
X-Wikidot-Backend
X-UA
Ngx
X-Akamai-Pragma-Client-IP
X-Last-Modified
X-Shopify-Generated-Cart-Token