Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
P3p
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Akamai-Path-Stats
X-Cache-Spec
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Page-Speed
Allow
X-Host
X-Node
X-Pingback
X-Server-Id
Accept-CH
X-Aws-Lambda-Call-Status
Surrogate-Control
X-Backend-Server
X-CST
Request-Id
X-Akam-SW-Version
X-Readtime
X-HW
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Url
Cf-Edge-Cache
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-Content-Type
X-ESI
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-B3-TraceId
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Amz-Rid
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Px
X-Ac
X-Cnection
Public-Key-Pins
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Amz-Server-Side-Encryption
X-D2id
Verso
X-Navigation-Version
X-Cache-TTL
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-FastCGI-Cache
Service-Worker-Allowed
X-Middleton-Display
Pagespeed
X-Sol
Display
X-GitHub-Request-Id
X-Country-Code
X-Ser
Arr-Disable-Session-Affinity
X-Version
X-Ruxit-Js-Agent
X-Edge
Access-Control-Request-Method
X-Middleton-Response
X-NF-Request-ID
Response
X-Goog-Hash
X-Correlation-Id
X-Upstream
AR-ATIME
AR-SID
AR-PoweredBy
AR-Request-ID
AR-CACHE
X-Kinsta-Cache
X-Ttl
X-Edge-Location-Klb
X-Cached
X-Webkit-Csp
SPRequestDuration
X-TTL
SPIisLatency
X-LLID
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-NWS-LOG-UUID
Nginx-Cache
MS-Author-Via
X-Powered-CMS
Edge-Cache-Tag
X-RateLimit-Limit
TCN
X-Cache-Key
MRF-Tech
Mrf-Cache-Status
X-Litespeed-Cache
X-Forwarded-For
X-MSEdge-Ref
SPRequestGuid
X-SharePointHealthScore
X-B3-TraceId-Primal
Content-MD5
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-Protected-By
X-Language
X-Content-Digest
X-HP-Trace-Id
X-Ua-Device
X-Jurisdiction
X-HP-Webp
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-ORACLE-DMS-ECID
X-Frontend
X-ORACLE-DMS-RID
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
Server-Node
X-Ezoic-Cdn
X-Ab
X-Content
X-Yandex-Sdch-Disable
X-Ua-Browser
X-Request-Processing-Time
Front-End-Https
X-HS-Combine-CSS
X-Request-Received
Filters
MicrosoftSharePointTeamServices
X-DataDome
X-Accel-Expires
X-Grace
Fastcgi-Cache
X-Mid
X-Server-ID
X-ECACHE
X-Geo-Country
X-Hits
X-Template
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Ratelimit-Reset
X-Origin-Server
X-Debug-Info
X-Distributor
TP-L2-Cache
TP-Cache
X-Tt-Trace-Host
X-Amzn-Trace-Id
X-Tt-Trace-Tag
Charset
Cleartype
X-Page-Id
Host
X-DIS-Request-ID
X-F-Cache
X-Git-Hash
X-Www-Served-By
X-DynaTrace
X-B3-Sampled
Cross-Origin-Opener-Policy
X-PressLabs-Stats
Cache-Tags
ServerID
X-LB-Cache
X-Forwarded-Proto
Access-Control-Allow-Method
X-Cache-Age
X-MCACHE
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Seen-By
Server-Name
X-Cluster-Name
X-AppVersion
X-Az
X-Activity-Id
Realpath
X-WebKit-CSP-Report-Only
X-Varnish-Age
Accept-Charset
X-Request-Handler-Origin-Region
X-Microsite
X-Aspnetmvc-Version
X-Rid
Filterid
Cache-Status
X-Type
X-Content-Options
X-Origin-Cache
X-Upgrade-Enabled
X-Mobile-URL
X-App-Environment
X-Via-JSL
X-FB-Debug
Node
Country
Viewport
X-Varnish-Grace
X-User-Agent
X-Tb
X-Wix-Request-Id
X-B-Cache
X-Drupal-Cache-Tags
X-Flags
X-Aspnet-Duration-Ms
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
DC
Paypal-Debug-Id
X-Route-Name
X-Signature
X-Whom
X-TT
Protected
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-XRDS-LOCATION
X-Oracle-Dms-Ecid
X-VCache
X-NWS-UUID-VERIFY
X-Goog-Generation
X-Goog-Metageneration
X-Fastly-Request-ID
X-Nginx-Upstream-Cache-Status
X-Oracle-Dms-Rid
Fastcgi-Useragent
Retry-After
X-Varnish-Backend
X-Oneagent-Js-Injection
Payment
X-Amz-Replication-Status
X-Cache-NGX
X-Contextid
X-B
X-N
X-Fastly-Request-Id
X-Debug
X-Fastcgi-Cache
X-Logged-In
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-FW-Type
X-XRDS-Location
WPO-Cache-Message
WPO-Cache-Status
X-Load-Cache
Surrogate-Key
X-Hostname
X-B3-Traceid
X-Cache-Control
X-Parallel-Accel
Amp-Access-Control-Allow-Source-Origin
X-Node-Name
X-Trace-Id
X-Buckets
X-Erf-Bev-Bev
X-Browser-Type
Count-Hit
X-Erf-Bev-Bev-Is-Generated
X-Original-Request-Id
SD-X-WS
X-Response-Served-From
Akamai-GRN
Refresh
X-Mobile
X-Proxy
X-Is-Bot
X-Jobs
VIX-Pulpo-Node
X-Real-IP
X-Rendered-As
Uber-Trace-Id
X-Akamai-Request-ID2
X-G
X-Cache-Time
Healthy
X-Zen-Fury
X-UUID
VIX-Pulpo-Upstream-Status
X-Revision
X-Framework
X-Http-Reason
X-Page-View
X-Cacheable-TTL
Alternate-Protocol
X-Proxy-Cache-Status
X-Amz-Meta-S3cmd-Attrs
X-Yottaa-Metrics
X-Cache-Rule
NGB
X-Cache-TTL-Remaining
X-Yottaa-Optimizations
X-Debug-IsPreview
X-Instance
X-Device-Type
X-Debug-IsConnected
X-Drupal-Cache-Contexts
Content-Disposition
Access-Control-Request-Headers
X-Vgn-Hpd-Reason
X-IPLB-Instance
X-Adobe-Loc
X-Adobe-Content
From-Origin
Url
X-Source
Version
X-Servername
X-COUNTRY
X-Cache-Grace
X-Cache-Expired-At
Referer-Policy
X-Cache-Hit
X-Varnish-Server
Accept-Language
Permissions-Policy
X-L-Path
X-Environment-Context
X-ECache
X-Mcache
X-Mg-Request-UUID
X-EdgeConnect-Cache-Status
X-App-Server
X-Ratelimit-Remaining
X-FW-Version
Ms-Operation-Id
X-Cache-Action
MS-CV
X-RTag
X-NGENIX-Cache
Cross-Origin-Window-Policy
X-Restarts
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Countrycode
X-Tumblr-User
X-Tumblr-Pixel
Backend
X-ProcessESI
X-RemovedCookies
CF-IPCountry
X-Hyper-Cache
X-NYM-Debug-Backend
Liferay-Portal
Content-Secure-Policy
Frame-Options
Ec-Rule-Version
X-HTML-Minification-Powered-By
X-Datadome
X-Rule
X-OCL
X-Cache-Server
X-Redis-Cache
Upgrade-Insecure-Requests
X-PCL
X-UPSTREAM-Address
WP-Super-Cache
X-Nginx-Cache
X-RN-RSRV
Meta-Geo
X-Unique-Id
X-Ua
Cache-Tv-Group
Apigw-Requestid
Section-Io-Cache
X-No-Session
X-Content-Age
X-Format
X-FB-TRIP-ID
X-Cluster-Node
X-Detected-As
X-Section
X-APP-VERSION
X-Access
X-Cache-Enabled
X-Generation-Time
Azure-Version
X-Server-W
Fastly-SSL
Azure-RegionName
X-Sql-Count
Locale
X-SayCDN-TTL
Azure-InstanceId
X-Site-Version
Azure-SiteName
X-Sql-Duration-Ms
X-Storage
Azure-SlotName
X-Uri
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
S-Rt
X-Hosted-By
X-Generated-By
TWC-Privacy
Webcakes-App-Name
X-AOL-HN
X-Akamai-Edgescape
X-ApacheServer
X-Be
Webcakes-App-Version
Webcakes-Region
X-Human
X-Origin-Date
X-Region
X-Urbn-Context-Path
X-Request-Time
X-Say-Cacheable
X-Say-TTL
Mn-Server-Ip
Property-Id
X-Urbn-Site-Id
X-PERF
X-Origin-Hint
X-PHP-Backend
X-Web-Node
X-Varnish-Cache-Hits
X-Via-Fastly
X-UA-Device-Type
TWC-Device-Class
X-Mode
CDN-Uid
Eomportal-Instance
X-BYPASS-REASON
X-Cache-Host
CDN-RequestId
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
X-Cache-Tags
CDN-Cache
X-Platform-Server
X-ProxyCache-Key
X-Status
X-Nginx-Cache-Key
X-Forwarded-Host
X-Cache-Type
X-Content-Powered-By
X-Debug-Cache
X-Xfnlog-Site
X-ProxyCache-Status
X-Proxied
X-Routing-Service
X-SaId
X-JoinUs
X-Hl-Ver
X-Accel-Buffering
X-Alternate-Cache-Key
X-Backend-Name
X-ServerID
X-ShardId
X-Tid
X-Zipkin-Id
X-Varnishpool
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-Cache-Operation
X-Extlb
X-TT-LOGID
X-Webkit-CSP
ServedBy
Selected-Fe
X-Proxy-Build
X-Adobe-Source
Webserver
X-NewRelic-App-Data
X-Timing-Wait
X-Cache-Remote
X-Handled-By
X-GG-Cache-Date
X-Locale
X-Rewrite-Enabled
X-Labrador-Cache-Channel
X-Ratelimit-Limit
X-PHP-Host
Xserver
SID
X-LSADC-Cache
X-LJ-Flow-ID
X-Soup
X-VWS-Id
X-Pubstack
X-AWS-Id
X-Dc
X-Cached-By
SRV
LB
X-VC-Cache
Fastly-Drupal-Html
Mime-Version
X-CDN-Forward
Country-Code
X-Request-Host
Decoy-Debug-Status
X-GEO
Decoy-Debug-Key
Decoy-Debug-TTL
X-Edge-Location
Web-Mar-Node
X-Proto
X-Storefront-Renderer-Rendered
X-Microcachable
X-Reqid
Xet-Cookie
Onion-Location
X-Origin-TTL
X-App-Version
X-Origin-CC
X-Ms-Request-Id
X-Varnish-Hostname
X-Ms-Version
Server-Info
X-TA-CDN-Provider
X-Cms-Context
Cache-Hits
X-NCache
X-SRV
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Bc-Bl
X-Air-Trace-Id
X-Cluster
X-Air-Source
X-Air-Hostname
DynaTrace
X-Varnish-Hits
Cache-Name
X-B3-SpanId
X-Varnish-Beresp-Grace
X-R9-Blue-Green-Version
X-CSRF-Token
X-GeoCountry
X-GeoCode
Load-Balancing
X-Azure-Ref
X-Endurance-Cache-Level
X-Amzn-RequestId
X-Amz-Apigw-Id
DB-Nickname
X-Midtier
X-Tec-Api-Root
X-Tec-Api-Version
X-TIME
X-Origin-Response-Time
X-Tec-Api-Origin
X-RCS-CacheZone
X-Envoy-Decorator-Operation
Cmsid
X-Magnolia-Registration
X-Geo-Header
X-Hash
X-Ec-GeoHdr
DCR-Decision-By
X-Destination
X-Gzip
X-Developer
X-Epic-Correlation-Id
Cmstype
A
Cdncip
X-Ec-Fail
X-Forwarded-Path
X-External-Request-Id
X-Cache-NE
X-Cache-Bucket
X-Cache-Id
Cdnsip
X-Esi-Check
X-Cdn-Srv
X-CF-Lambda-Version
X-D
X-Ftr-Request-Id
X-CF-Lambda-Fn
X-From
BehaviorPad-Version
X-Conf
X-Orig-Expires
X-HS-Content-Campaign-Id
X-VG-WebCache
Host-ID
X-TIM-N
X-Webstats-RespID
X-Rojux
Mobile-Detection-Method
X-Processor
X-A-Ccd
X-TrackingId
X-A
NM-Fastcgi-Cache
X-S
X-S-Cookie
X-Shop-Environment
X-Session-Fingerprint
X-User
Sslversion
Lang
T-Server
X-SD-PageType
X-Vtex-Remote-Cache
Pramga
X-Vtex-Processado-Em
X-Tenant
X-ScT
X-A-Dam
X-A-Dcw
X-Men
X-Vdms-Path
Odigeo-Trace-Id
X-NAPM-TraceId
Expiry
X-Application
X-LAGOON
DCR-Processing-Time-Ms
X-Ig-Push-State
X-B-Cookie
X-ARC
Meta-Geo-Continent
X-Vdms-Version
Surrogated-Key
X-Connection-Hash
X-A-Dgt
Xc-Version
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-A-Wwc
X-Aed
X-NodeID
X-AK-Request-ID
Fastcgi-X-Cache-Version
Rendered-Blocks
X-SRCache-Key
X-Tx-Id
X-Via-NSCOPI
Server-Host
X-Clara-WADP
X-Ckpd-Fst-Backend
Producers
State
Platform
Wxu-Next-Region
Wxu-Next-Hostname
X-Cache-Backend
X-Amzn-Remapped-Content-Length
X-Block-Status
Wxu-Next-Commit
Web-Mar-Region
V-Age
X-Cache-Info
Vix-Hermes-Req-Id
We-Hiring
User-Cache-Control
X-Mvc-Supplant-Cachable
X-RSL
X-RPS
X-Scheme
X-Server-IP
X-Sigma-Backend
X-Sigma
X-RPM
X-Rocket-Build-Number
X-Planisys-CDN-Cache
X-Origin-Time
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Request-URI
X-Slack-Backend
X-SVT-ORM-RULES
X-Viewer-Country
X-VG-TLSProxy
X-WADP-Cache
X-Wix-Viewer-Type
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-TNCMS
X-SVT-ORM-VERSION
X-V-Cache
X-Variation
X-Varnish-CookieHashed-On
X-Origin-Expires
X-Origin
X-DSS
X-DPWN-IS-SECURE
X-DW
X-Fastly-Cache
X-Fetched-On
X-DI
X-Device-Os
X-DB
X-Core-Value
X-DefElseHash
X-DefHash
X-Developers
X-Fmm-Version
X-Gdpr
X-Loop
X-Location
X-Node-Id
X-Nyt-Route
X-Old-Content-Length
X-JWT-State
X-Is-Gdpr
X-GeoIP
X-Gen-Mode
X-Has-Esi
X-Hnp-Log
X-Irp-Debug
X-Core-Mission
Svr
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Machine
Is-Eu
Mail-Subject
Adler-Geo
Memcached
Environment
Fastly-GeoIP-CountryCode
X-Varnish-Ttl
X-EC-Lua
CDN
Source
X-GeoIP-City
X-BBC-Edge-Cache-Status
X-Generated-On
X-Branch-Name
Cluster
X-Thinkindot-L3
X-HN
X-Aicache-OS
Fastcgi-Cache-TTL
X-Sn-Servicetimems
X-Httpd
CloudFront-Viewer-Country
X-Auto-Login
X-VServer
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Eu-Site
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-SB
X-Pod-Name
X-CGP
Arc-Country
X-Forwarded-Site
X-VarnishDD-TTL
X-Cache-Date
CDCHOST
X-Skip-Cache
Cache
X-Cdn-Origin
X-Gamma-Serve
Fastly-SWR
Origin
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Req-Svc-Chain
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Rocket-Nginx-Serving-Static
X-Response-By
X-Region-Sid
X-Qloud-Router
Release
X-Platform
PFcat
Origin-EX
Origin-CC
X-Policy
N-Cache
Redirect-Candidate
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Akamai-Transformed
TDXMobile
HA-Ipaddr
Kp-EeAlive
L
Ha-Gx-Prefs
Gh-Request-Id
Fastly-SIE
X-Level-Front-Cache
X-Served-From
Thinkindot-CacheControl
L5d-Success-Class
X-Loc
Thinkindot-Control
Thinkindot-CacheControl-Type
Traceparent
X-Minions-Version
Locid
GEO-INFO
X-Ec-Custom-Error
HostName
X-Pool
X-Optimistic-Header
X-TraceId
X-Date
Ssr
X-Accel-Expires-Debug
DSUID
NGX
X-Presslabs-Stats
X-CS
X-Parent-Response-Time
X-WP-CF-Super-Cache
X-GeoIP-Region-Code
X-Udemy-Cache-App-Namespace
X-WP-CF-Super-Cache-Cache-Control
MD5-Digest
AMP-Access-Control-Allow-Source-Origin
X-Owner
X-GeoIP-Country-Code
X-NC
X-ZONE
X-CacheTTL
X-Srv
X-Dispatcher-Number
Pics-Label
X-API-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Time
Env
X-Newrelic-Synthetics
Fusion-Deployment-Id
X-Mvc-Supplant-OutputCached
Memory
Fusion-Source
Time
X-Via-Ucdn
Fusion-Template-Id
X-SIPLIST1
IsBot
X-Ah-Environment
Server-Hostname
Server-Ext
Servername
X-Edge-Pop
Sever-Int
Fusion-Component-Id
X-Cache-Debug
X-LB-NoCache
Fusion-Content-Id
X-Scale
Fusion-Content-Source
X-Generated-In
X-Tt-Logid
Ms-Author-Via
X-VC
X-Refresh
CacheControlHeader
Geo-Info
X-Wikidot-Backend
X-Wikidot-Static-Cache
True-Client-Country-4JS
X-TH-Server
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-Action
GeoIp-Country-Code
X-Xrds-Location
X-Ad-Defer-Variation
Candidate-Md5Url
X-BCube-Filmed-By
X-HA-Backend
X-Backend-TTL
Cache-Key
X-CACHE-KEY
X-Servedbyhost
X-IPLB-Request-ID
X-S-Maxage
Ohc-File-Size
Datacenter
X-Amz-Meta-Cb-Modifiedtime
X-Vc
CPC-Cache
FSS-Cache
CPC-Age
VNS-Age
X-Cache-ASPX
VNS-Cache
XM
X-SplitTest
X-Contensis-Viewer-Groups
X-RateLimit-Reset
X-VCL-Version
X-WA-Info
Geoip-Latitude
Edge-Cache
X-Req
Fastly-Backend-Name
ITXSESSIONID
X-DC
Client
X-Varnish-Authentication
X-Varnish-Beresp-TTL
Server-ID
X-Micro-Cache
X-Provided-By
X-Dynatrace
X-Zone
My-App
Path
Hostname
X-VHOST
X-Cs
X-Cache-Status-Check
X-AIR-PT
X-Origin-Upstream-Status
X-Trace-ID
X-Pass-Why
DataCenter
Cache-Host
X-Up
Ohc-Cache-HIT
X-FireWall-Port
X-Fpc
X-LB-ID
X-TX-ID
Ngx.Var.Host
True-Client-IP
NtCoent-Length
Lb
X-Webkit-Csp-Report-Only
OT-Force-Account-Verify
X-NGINX-Cache
X-FPC
X-Varnish-Beresp-Ttl
X-Clientip
XkeyRZ
X-Proxy-CacheRZ
X-Traceid
X-B3-Spanid
X-Li-Pop
X-LI-UUID
X-Li-Fabric
X-CSRF-TOKEN
Test
Powered-By
X-ND-Cache
X-UnsetCookies
Cf-Int-Pingora-Origin-Digest
X-Api-Version
X-CUA
X-Cdn-Request-ID
Proxy-Connection
X-Time-Microsecs
X-Correlation-ID
X-Beluga-Record
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Status
Cf-Device-Type
Target-Params
X-Beluga-Trace
User-Agent
X-Beluga-Response-Time
Tracecode
X-Fragments
Resin-Trace
X-Vcl-Version
Server-Id
X-Webkit-CSP-Report-Only
X-RAMCache
X-Azure-Ref-OriginShield
X-Sucuri-Cache
X-MSEdge-Features
X-MSEdge-Flight
Lfy
WZWS-RAY
X-ATG-Version
X-Var-Ttl
X-FC-Vary-Parameters
X-Sucuri-ID
X-HS-Status
X-Dmc
X-Fastly-Backend
X-CLOUD-TRACE-CONTEXT
X-Via-PopH
X-Platform-Cluster
X-Render-Time
X-ServedByHost
X-Ha-Backend
GeoIP-Latitude
X-Via-PopN
X-Platform-Router
X-Platform-Processor
X-URL
X-Via-PopV
X-Geo
GeoIP-Country-Code
X-Qnm-Cache
X-INCAP-ABP
Srvid
X-NU-AKA-ACS-Version
Rip
X-M-Reqid
X-Li-Proto
X-DynaTrace-JS-Agent
C-Via
X-Varnish-Beresp-Status
X-M-Log
Uri
Sid
X-Cdn-Forward
X-PX
MIME-Version
Tube-Got-Results
X-Service
Tube-Get-Contents
Tube-Return
X-Gateway-Request-Id
X-LI-Proto
X-Gateway-Skip-Cache
Tube-Got-Eval
X-Hcs-Proxy-Type
X-Fetch-By
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Gateway-Cache-Key
X-Alfa-Service
X-Proxy-Cache-Hk
Magicmarker
X-Gateway-Cache-Status
Click-Count-Action-Start
X-Backend-State
Epwk-X-Cache
Click-Count-Error
Fastly-Drupal-HTML
X-Check-Cacheable
X-TRACE-ID
X-Akamai-Pragma-Client-IP
X-Backend-Host
X-Request-Start
X-Fastly-Backend-Reqs
ENV
Esi-Enabled
X-Esi
Cdn
HIT
X-Edge-POP
On-Server
X-App
X-Bip
X-Cache-CFC
X-B3-Traceid-Primal
X-Lb-Nocache
X-Cache-Expires
PICS-Label
X-Thanos
Server-Ttl
XServer
ServerName
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-LiteSpeed-Cache-Control
X-MG-S
Srv
Section-Io-Id
Section-Io-Origin-Status
CF-Cached-On
X-ElasticPress-Query
CountryCode
Section-Io-Origin-Time-Seconds
X-Newrelic-App-Data
Section-Origin-Responded
Tcn
X-Yottaa-OS
X-Iplb-Request-Id
X-Iplb-Instance
X-APP
Wpo-Cache-Status
X-Vcache
WebServer
Wpo-Cache-Message
Cf-Ipcountry
D-Url-Rewrites
M-TraceId
X-Cache-Config
X-Acquia-Application-UUID
X-Serial
X-Acquia-Purge-Tags
X-Acquia-Site
X-Nc
Inserted-Into-Cache-At
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
X-HostName
Warning
Servedby
Fastcgi-Cache-Ttl
X-Release
X-Snapshot-Date
Ngx
X-Dist-Code
Cneonction
X-Th-Server
X-Fastly-Cache-Hits
Hit
URI
X-Request-Url
X-Wp-Cf-Super-Cache-Cache-Control
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache
Content-Style-Type
X-B3-Parentspanid
X-Request-URL
X-Storefront-Renderer-Verified
X-LiteSpeed-Tag
X-CF-Powered-By
X-Akamai-Request-ID
Cteonnt-Length
X-Shopify-Generated-Cart-Token
X-Swift-Error
X-Akamai-ERRuleID
X-IN-APIGATEWAY
Content-Script-Type
X-Dw-Trace-Id
X-Back
X-Akamai-ERPolicy
X-IN-APIGATEWAYSSL