Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-Request-ID
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
X-LiteSpeed-Cache
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Amz-Version-Id
X-Pingback
X-Device
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
Cf-Railgun
X-Backend-Server
X-Node
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
Content-Location
X-Ruxit-JS-Agent
Rating
X-B3-TraceId
X-Ua-Compatible
Accept-Ch-Lifetime
X-Country
X-Language
Accept-CH-Lifetime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Template
X-Trace
X-Url
X-Ac
X-Content-Type
Allow
X-Vname
X-PC
X-TtlSet
X-Varnish-TTL
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-ESI
Cache-Tag
Fastly-Restarts
X-Server-Name
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-Buckets
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
MS-Author-Via
X-Amz-Rid
Public-Key-Pins
X-Vcap-Request-Id
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Aws-Lambda-Call-Status
X-Cache-TTL
X-Origin-Cache
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Arr-Disable-Session-Affinity
X-Aspnetmvc-Version
X-Px
X-Country-Code
X-Powered-By-Plesk
X-Goog-Hash
X-Navigation-Version
Access-Control-Request-Method
X-NF-Request-ID
RTSS
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
Accept-Ch
X-Version
X-Powered-CMS
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Amz-Server-Side-Encryption
Response
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Middleton-Response
AR-PoweredBy
AR-ATIME
X-MSEdge-Ref
AR-SID
AR-Request-ID
AR-CACHE
X-LLID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-RateLimit-Remaining
X-Shield-Request-Id
X-Protected-By
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-T
S
TCN
X-Forwarded-For
X-Content-Security-Policy-Report-Only
Content-MD5
X-Mg-S
X-TTL
X-Id
X-MCACHE
Realpath
Fastcgi-Cache
X-CST
X-Mid
Edge-Cache-Tag
X-Ttl
SPIisLatency
SPRequestDuration
Front-End-Https
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Filters
Server-Node
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Parallel-Accel
X-Content
X-Ua-Browser
X-Ab
X-Correlation-Id
X-DynaTrace
SPRequestGuid
X-SharePointHealthScore
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Component-Id
Server-Name
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-Frontend
X-Ezoic-Cdn
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-ECACHE
Alternate-Protocol
X-Yandex-Sdch-Disable
X-Hits
X-Cache-Key
X-Content-Options
X-Ser
X-Page-Id
Cache-Tags
MicrosoftSharePointTeamServices
X-Tt-Trace-Host
X-Tt-Trace-Tag
Host
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Git-Hash
X-Accel-Expires
Charset
Cleartype
X-Fastly-Request-Id
X-B3-Sampled
X-Www-Served-By
X-Daa-Tunnel
X-Content-Digest
X-Geo-Country
X-Amz-Replication-Status
Filterid
X-Amzn-Trace-Id
X-DIS-Request-ID
TP-L2-Cache
TP-Cache
X-Forwarded-Proto
X-Varnish-Age
X-VCache
X-Debug-Info
X-Hostname
X-Activity-Id
X-AppVersion
X-Az
X-Upgrade-Enabled
X-Rid
X-N
X-XRDS-LOCATION
X-FB-Debug
X-Origin-Server
Access-Control-Allow-Method
X-Grace
X-LB-Cache
X-WebKit-CSP-Report-Only
X-Nginx-Upstream-Cache-Status
ServerID
Cross-Origin-Opener-Policy
X-Mobile-URL
X-F-Cache
X-Providence-Cookie
X-Request-Guid
X-Is-Crawler
X-Flags
X-Route-Name
X-Aspnet-Duration-Ms
X-Ratelimit-Limit
X-Whom
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Origin-Upstream-Status
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-TT
X-Goog-Stored-Content-Length
X-Varnish-Grace
X-App-Environment
X-Tb
Viewport
X-FW-Server
X-FW-Type
Payment
X-FW-Serve
X-Distributor
X-FW-Hash
X-App-Server
X-FW-Dynamic
X-FW-Static
DC
Node
Paypal-Debug-Id
X-NGENIX-Cache
X-Server-ID
X-Seen-By
X-Type
Fastcgi-Useragent
X-Request-Handler-Origin-Region
X-Cache-Control
X-Microsite
X-User-Agent
X-Logged-In
Accept-Charset
Country
X-Cache-Rule
X-Wix-Request-Id
X-Litespeed-Cache
X-Cache-Age
X-DataDome
Version
X-Webkit-CSP
X-Varnish-Backend
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Referer-Policy
X-Load-Cache
X-Drupal-Cache-Tags
X-Via-JSL
X-Node-Name
Refresh
X-Cluster-Name
X-Cache-Action
X-Contextid
Access-Control-Request-Headers
X-Response-Served-From
SD-X-WS
X-B-Cache
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Cache-Status
X-Signature
X-IPLB-Instance
X-Original-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Is-Bot
X-Mobile
X-Page-View
X-Rendered-As
X-Jobs
X-Proxy-Cache-Status
X-Real-IP
X-Vgn-Hpd-Reason
X-Cacheable-TTL
X-B
X-Cache-Expired-At
X-Revision
X-UUID
X-RemovedCookies
NGB
X-ProcessESI
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Yottaa-Optimizations
X-Proxy
X-Yottaa-Metrics
X-Rule
X-Device-Type
X-Debug
X-G
X-Fastly-Request-ID
X-Drupal-Cache-Contexts
Surrogate-Key
X-Framework
X-Instance
Akamai-GRN
X-Cache-Time
X-PressLabs-Stats
X-Debug-IsConnected
X-Debug-IsPreview
DynaTrace
X-FW-Version
X-Fastcgi-Cache
CF-IPCountry
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
Liferay-Portal
X-TEC-API-VERSION
SID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Azure-Ref
Healthy
X-XRDS-Location
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Source
X-Ms-Request-Id
X-Ms-Version
X-Ratelimit-Reset
Frame-Options
Ms-Operation-Id
MS-CV
X-RTag
X-CDN-Forward
X-Oneagent-Js-Injection
Count-Hit
X-Nginx-Cache
X-Cache-Operation
GEO-INFO
X-APP-VERSION
X-Cache-Hit
X-Presslabs-Stats
X-L-Path
Uber-Trace-Id
X-EdgeConnect-Cache-Status
X-Tumblr-Pixel-0
Countrycode
X-Tumblr-User
X-Tumblr-Pixel
X-Environment-Context
X-Tumblr-Pixel-1
X-Accel-Buffering
Xserver
X-Varnish-Server
X-Region
X-Servername
X-Backend-Name
Ec-Rule-Version
X-Mode
Section-Io-Cache
X-Zen-Fury
X-Content-Powered-By
X-Forwarded-Host
X-IPS-LoggedIn
Cross-Origin-Window-Policy
Backend
X-Cache-NGX
X-JoinUs
Meta-Geo
X-UPSTREAM-Address
X-SaId
X-RN-RSRV
X-Detected-As
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sql-Count
X-Tid
X-ShopId
X-ShardId
Country-Code
Eomportal-Instance
X-Redis-Cache
X-Cache-Server
Protected
X-Sql-Duration-Ms
X-Alternate-Cache-Key
X-Varnish-Beresp-Grace
X-Generation-Time
X-Human
X-Hosted-By
X-Uri
X-Cache-Type
X-Cache-Grace
X-Proxied
X-NCache
X-Debug-Cache
Cache-Name
X-Status
X-PHP-Backend
X-ProxyCache-Key
X-Origin-Date
X-Rewrite-Enabled
Cache-Tv-Group
X-FB-TRIP-ID
X-Extlb
X-Cache-TTL-Remaining
X-No-Session
X-Microcachable
X-ProxyCache-Status
X-Routing-Service
DB-Nickname
Decoy-Debug-Key
X-UA-Device-Type
X-Via-Fastly
Apigw-Requestid
X-BYPASS-REASON
X-Adobe-Loc
X-Adobe-Content
Decoy-Debug-TTL
Decoy-Debug-Status
X-Site-Version
X-Zipkin-Id
Mn-Server-Ip
X-ServerID
Url
Selected-Fe
TWC-GeoIP-Country
X-Origin-Hint
X-Cache-Host
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
Webcakes-Region
X-Akamai-Edgescape
Property-Id
X-Say-TTL
TWC-Privacy
X-Format
X-Say-Cacheable
X-Proxy-Build
X-OCL
X-PCL
X-SayCDN-TTL
TWC-Connection-Speed
X-Server-W
X-Storage
X-Web-Node
X-Timing-Wait
Fastly-SSL
X-Soup
TWC-Device-Class
X-Varnishpool
OT-Force-Account-Verify
X-Section
X-R9-Blue-Green-Version
X-Pubstack
Azure-Version
X-NYM-Debug-Backend
X-Access
X-PERF
Azure-InstanceId
X-ApacheServer
X-Hl-Ver
Azure-SiteName
Azure-SlotName
Azure-RegionName
X-Be
X-Content-Age
X-RateLimit-Limit
X-Cluster-Node
Content-Secure-Policy
X-Ua
X-LSADC-Cache
X-Azure-Ref-OriginShield
Source
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-PullZone
CDN-RequestCountryCode
SRV
X-NewRelic-App-Data
CDN-Uid
X-Hyper-Cache
CDN-RequestId
Content-Disposition
X-Generated-By
X-Cached-By
X-Webkit-Csp
X-SRV
X-Unique-Id
X-Dc
Cache
X-Trace-Id
X-HTML-Minification-Powered-By
X-Nginx-Cache-Key
LB
X-LAGOON
X-TIME
X-App-Version
Xet-Cookie
X-Bc-Bl
X-Amz-Meta-S3cmd-Attrs
X-Auto-Login
X-Origin-CC
X-Loop
X-Varnish-Hits
WPO-Cache-Status
Retry-After
WPO-Cache-Message
X-Varnish-Hostname
X-Origin-TTL
X-TNCMS
Onion-Location
X-TT-LOGID
X-S-Maxage
X-GEO
Cache-Hits
X-Cache-Var
X-Cache-Var-Map
X-Akamai-Transformed
Mime-Version
X-Time
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Platform-Server
X-ECache
Web-Mar-Node
X-Ratelimit-Remaining
X-Proto
X-Cdn
HostName
X-Xfnlog-Site
X-Tenant
X-Endurance-Cache-Level
X-Time-Microsecs
X-AWS-Id
X-Edge-Location
X-Cache-Remote
X-CSRF-Token
X-LJ-Flow-ID
X-Cache-Tags
X-VWS-Id
X-Varnish-Cache-Hits
X-M-Log
Upgrade-Insecure-Requests
X-M-Reqid
X-GG-Cache-Date
X-Qnm-Cache
CloudFront-Viewer-Country
X-Request-Time
ServedBy
Webserver
X-B3-SpanId
X-AOL-HN
X-Mg-Request-UUID
N-Cache
X-PHP-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Labrador-Cache-Channel
X-RCS-CacheZone
X-Request-Host
X-CACHE-KEY
X-EC-Lua
X-Via-NSCOPI
X-B-Cookie
X-Block-Status
X-Cache-Date
X-ARC
X-Application
X-Aed
X-Cache-NE
X-A-Dgt
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Destination
X-Conf
X-Cluster
X-A-Dcw
X-Ckpd-Fst-Backend
X-CF-Lambda-Fn
X-A-Ccd
Expiry
Fastcgi-X-Cache-Version
Meta-Geo-Continent
DSUID
DCR-Processing-Time-Ms
BehaviorPad-Version
DCR-Decision-By
Mobile-Detection-Method
Odigeo-Trace-Id
Surrogated-Key
User-Cache-Control
X-A
Rendered-Blocks
Redirect-Candidate
Origin
Pramga
X-A-Dam
X-External-Request-Id
X-Slack-Backend
X-SRCache-Key
X-SVT-ORM-RULES
X-Shop-Environment
X-Session-Fingerprint
X-S-Cookie
X-ScT
X-SD-PageType
X-SVT-ORM-VERSION
X-TIM-N
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-V-Cache
X-Vdms-Path
X-S
X-Rojux
X-Hnp-Log
X-Ig-Push-State
X-NAPM-TraceId
X-Gen-Mode
X-Ftr-Request-Id
A
X-Forwarded-Path
X-ND-Cache
X-Orig-Expires
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Processor
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-Origin-Response-Time
X-PAYTM-SRV-ID
X-Developer
X-A-Wwc
Nel
X-Handled-By
X-Locale
X-Correlation-ID
From-Origin
X-FireWall-Port
X-Storefront-Renderer-Rendered
X-MP-GENERATED-AT
X-Core-Mission
X-Device-Os
X-Epic-Correlation-Id
X-Date
X-Fetched-On
X-Geo-Header
X-Hash
X-Gdpr
X-Forwarded-Site
X-Cache-Info
X-Fastly-Cache
X-Accel-Expires-Debug
V-Age
State
Release
Origin-EX
Origin-CC
Traceparent
Host-ID
X-Aicache-OS
L
X-Li-Fabric
Vix-Hermes-Req-Id
X-Cache-Bucket
X-Men
X-Sucuri-Cache
X-Sucuri-ID
X-Skip-Cache
X-Server-IP
X-Served-From
X-Varnish-Beresp-Status
X-VServer
CDCHOST
X-VC-Cache
X-Webstats-RespID
Wxu-Next-Region
X-Scheme
X-Rocket-Nginx-Serving-Static
X-Mvc-Supplant-Cachable
X-Nyt-Route
Gh-Request-Id
X-Location
X-LI-UUID
X-Old-Content-Length
X-Origin-Expires
X-Proxy-Upstream
X-Policy
X-Owner
X-Origin-Time
X-Li-Pop
Wxu-Next-Hostname
CacheControlHeader
Cmsid
Cmstype
AKAMAI
Wxu-Next-Commit
Sslversion
WP-Super-Cache
Fastcgi-Cache-TTL
Arc-Country
X-Adobe-Source
AMP-Access-Control-Allow-Source-Origin
X-Reqid
Server-Info
Environment
X-ATG-Version
X-Region-Sid
Machine
X-Req
Ssr
Mail-Subject
X-Request-Start
X-NodeID
X-HS-Content-Campaign-Id
X-Rocket-Build-Number
We-Hiring
X-Core-Value
Web-Mar-Region
Svr
X-Platform
X-GeoIP
X-BBC-Edge-Cache-Status
X-Node-Id
X-Cdn-Origin
X-Bip
X-Branch-Name
Fastly-Drupal-Html
X-Generated-On
X-Gamma-Serve
X-Gzip
X-Esi-Check
X-VarnishDD-TTL
X-Level-Front-Cache
X-Cache-Config
X-Fastly-Backend
Locid
X-Sigma-Backend
True-Client-Country-4JS
X-Cdn-Srv
X-Developers
X-VG-TLSProxy
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Fastly-GeoIP-CountryCode
X-Viewer-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Cache-Debug
X-Irp-Debug
X-Datadog-Parent-Id
X-Cache-Id
TDXMobile
X-HN
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-GeoIP-City
Thinkindot-Control
X-Sn-Servicetimems
X-TH-Server
X-TrackingId
Req-Svc-Chain
X-Thinkindot-L3
Server-Host
X-Thanos
PFcat
X-Sigma
X-Magnolia-Registration
X-NWS-UUID-VERIFY
X-Zone
X-DefHash
HA-Ipaddr
X-DPWN-IS-SECURE
X-FC-Vary-Parameters
X-Rebelmouse-Surrogate-Control
X-Response-By
X-DefElseHash
X-Rebelmouse-Cache-Control
X-Variation
X-Varnish-CookieHashed-On
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Qloud-Router
X-Pod-Name
X-Loc
Adler-Geo
X-JWT-State
Ha-Gx-Prefs
X-NU-AKA-ACS-Version
Fastly-SWR
X-Origin
Is-Eu
X-Is-Gdpr
X-Has-Esi
Platform
X-Eu-Site
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Request-URI
X-Envoy-Decorator-Operation
Cf-Device-Type
NM-Fastcgi-Cache
L5d-Success-Class
Memcached
X-Amzn-Remapped-Content-Length
X-Backend-State
Fastly-SIE
NGX
X-CGP
X-Csrf-Jwt
X-Xrds-Location
X-Cache-Enabled
Datacenter
X-Tx-Id
X-Mvc-Supplant-OutputCached
X-UnsetCookies
X-Ua-Device
X-Varnish-Beresp-Ttl
X-NC
X-CLOUD-TRACE-CONTEXT
X-API-Version
X-Up
X-Backend-TTL
X-CS
Candidate-Md5Url
CDN
X-Vc
X-GeoIP-Country-Code
X-LB-ID
X-GeoIP-Region-Code
Pics-Label
X-Generated-In
WebServer
WWW-Authenticate
On-Server
X-Tb-Optimization-Total-Bytes-Saved
X-Trace-ID
Memory
Time
Ms-Author-Via
Magicmarker
X-TraceId
X-Datadome
X-Edge-Pop
X-LB-NoCache
Esi-Enabled
X-Tt-Logid
S-Rt
X-DynaTrace-JS-Agent
X-Refresh
X-TA-CDN-Provider
X-Restarts
Env
NtCoent-Length
X-Via-Popv
X-Via-Popn
X-Via-Poph
Kp-EeAlive
GeoIp-Country-Code
X-Optimistic-Header
X-Varnish-Ttl
X-Dynatrace
C-Via
X-Service
X-Parent-Response-Time
X-RPS
X-RSL
Edge-Cache
X-Cache-Backend
X-DC
X-DB
X-Action
X-CacheTTL
X-RPM
X-Cache-PHP
X-DW
X-DSS
X-Wix-Viewer-Type
X-DI
X-Akamai-Request-ID2
X-Varnish-Beresp-TTL
X-Http-Reason
X-Servedbyhost
X-Cs
X-Esi
X-Srv
Server-ID
X-MSEdge-Features
X-Unique-ID
X-Render-Time
X-MSEdge-Flight
X-ZONE
X-TX-ID
X-Cache-Status-Check
X-Minions-Version
X-Newrelic-Synthetics
Accept-Language
X-VCL-Version
X-HA-Backend
Proxy-Connection
X-Info
X-Cache-Ttl
X-App
X-Fpc
X-LI-Proto
X-AIR-PT
X-Li-Proto
X-URL
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Ec-GeoHdr
X-Clientip
X-FPC
X-Webkit-Csp-Report-Only
X-Ec-Fail
X-User
Test
X-Traceid
X-LiteSpeed-Cache-Control
UCS
Server-Id
X-Oss-Server-Time
X-Vcl-Version
X-Oss-Hash-Crc64ecma
Cache-Host
X-Oss-Request-Id
HIT
X-B3-Spanid
X-Oss-Object-Type
X-Oss-Storage-Class
X-NODE
X-Webkit-CSP-Report-Only
S-Cnection
Tcn
Geo-Info
Cdnsip
M-TraceId
X-AK-Request-ID
X-Pass-Why
Cdncip
X-CSRF-TOKEN
X-LiteSpeed-Tag
X-Fmm-Version
X-Clara-WADP
X-Ha-Backend
X-WADP-Cache
Cluster
Fastly-Drupal-HTML
Geoip-Latitude
My-App
User-Agent
Fastly-Backend-Name
X-HostName
Hostname
Cf-Int-Pingora-Origin-Digest
X-Micro-Cache
Resin-Trace
Section-Io-Id
Lb
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
X-Var-Ttl
X-CUA
X-ID
X-Backend-Host
Tracecode
X-Pad
X-ServedByHost
X-COUNTRY
X-Dynatrace-Js-Agent
Hit
X-Release
Lfy
X-Via-PopV
X-From
X-Via-PopN
X-APP
T-Server
GeoIP-Country-Code
X-Via-PopH
X-BCube-Filmed-By
Ohc-File-Size
X-BBC-Origin-Response-Status
X-NGINX-Cache
X-Geo
X-Edge-POP
ENV
MIME-Version
X-RAMCache
X-Fragments
Lang
X-Cdn-Forward
X-ElasticPress-Query
X-Check-Cacheable
X-WP-CF-Super-Cache
X-HS-Status
X-WP-CF-Super-Cache-Cache-Control
Load-Balancing
X-WA
X-Api-Version
Cache-Key
CPC-Age
CPC-Cache
X-WA-Info
VNS-Age
X-Amz-Meta-Cb-Modifiedtime
X-ES-SERVER
VNS-Cache
Path
Target-Params
X-Edge-Cache
EpKe-Alive
X-ServerName
Servername
X-Fastly-Backend-Reqs
X-Ucs
URI
DataCenter
X-Lb-Id
X-GoCache-CacheStatus
X-PJAX-URL
X-Wikidot-Backend
X-UP
Shield-Pop
X-Wikidot-Static-Cache
X-Cms-Context
Cteonnt-Length
Pagetype
X-Fastly-Cache-Hits
X-Mcache
X-Dw-Trace-Id
X-TRACE-ID
Srv
Server-Ttl
PICS-Label
X-Proxy-Cache-Info
Uri
WZWS-RAY
X-Httpd
Permissions-Policy
FSS-Cache
X-Swift-Error
Cdn
X-B3-ParentSpanId
X-Akamai-Pragma-Client-IP
X-RateLimit-Reset
X-Nc
Cneonction
MD5-Digest
Ohc-Cache-HIT
X-Lb-Nocache
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-VC
X-Cdn-Request-ID
X-Via-Ucdn
X-Hcs-Proxy-Type
X-Akamai-ERPolicy
Sever-Int
Producers
X-Apw-Access-Action
X-Acquia-Application-Trace
X-Apw-Access-Object
X-Udemy-Cache-App-Namespace
Vha6-Origin
X-Acquia-Application-UUID
X-VG-WebServer
X-Apw-Hits
ServerName
X-Acquia-Site
X-Acquia-Purge-Tags
X-Akamai-ERRuleID
X-SIPLIST1
X-Apw-Access-Token
X-Contensis-Viewer-Groups
X-Snapshot-Date
Cf-Ipcountry
X-Yottaa-OS
Server-Hostname
X-Cache-ASPX
Server-Ext
CF-Cached-On
X-Newrelic-App-Data
IsBot
X-Air-Pt
X-Cache-Ngx
Sid
X-Provided-By
X-Varnish-Authentication
CountryCode
X-UA
X-Sentry-ID
X-SB
Req-ID
Ngx
X-B3-Parentspanid
X-CacheKey
W
X-Http-Count
X-Te-Duration-Ms
X-Te-Count
X-Miniprofiler-Ids
X-Cache-Expires
X-Http-Duration-Ms
X-Logging-Id
X-Last-Modified