Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Ua-Compatible
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Nginx-Cache-Status
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Akamai-Path-Stats
X-Cache-Spec
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Page-Speed
Allow
X-Host
X-Node
X-Pingback
X-Server-Id
Accept-CH
X-Aws-Lambda-Call-Status
Surrogate-Control
X-Backend-Server
X-CST
Request-Id
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-EdgeConnect-MidMile-RTT
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-Url
Cf-Edge-Cache
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-ESI
X-Content-Type
X-Varnish-TTL
X-VARITI-CCR
X-Vcap-Request-Id
Cache-Tag
X-B3-TraceId
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Amz-Rid
X-Use-Magma
X-Px
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-Ac
Public-Key-Pins
X-Cnection
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Amz-Server-Side-Encryption
X-D2id
Verso
X-Navigation-Version
X-Cache-TTL
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-FastCGI-Cache
Service-Worker-Allowed
X-Webkit-Csp
Display
X-Middleton-Display
X-Sol
Pagespeed
X-GitHub-Request-Id
X-Country-Code
X-Ser
X-Version
Arr-Disable-Session-Affinity
X-Ruxit-Js-Agent
X-Edge
X-NF-Request-ID
Response
Access-Control-Request-Method
X-Middleton-Response
X-Goog-Hash
X-Correlation-Id
X-Upstream
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
AR-SID
X-Kinsta-Cache
X-Ttl
X-Edge-Location-Klb
X-Cached
SPIisLatency
X-TTL
SPRequestDuration
X-LLID
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-NWS-LOG-UUID
Nginx-Cache
X-Powered-CMS
MS-Author-Via
Edge-Cache-Tag
X-RateLimit-Limit
TCN
X-Cache-Key
Mrf-Cache-Status
MRF-Tech
X-Litespeed-Cache
X-Forwarded-For
X-MSEdge-Ref
SPRequestGuid
X-SharePointHealthScore
Content-MD5
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Id
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-Protected-By
X-Language
X-Content-Digest
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Ua-Device
X-DataDome
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-ORACLE-DMS-ECID
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-ORACLE-DMS-RID
X-Yandex-Sdch-Disable
X-Ua-Browser
X-Ezoic-Cdn
Server-Node
X-Content
X-Ab
X-Request-Received
Front-End-Https
X-Request-Processing-Time
X-HS-Combine-CSS
MicrosoftSharePointTeamServices
Filters
X-Accel-Expires
X-Grace
Fastcgi-Cache
X-Mid
X-Server-ID
X-Geo-Country
X-Template
X-Hits
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Ratelimit-Reset
X-Debug-Info
X-Origin-Server
TP-L2-Cache
TP-Cache
X-Distributor
X-Tt-Trace-Host
X-PressLabs-Stats
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
X-ECACHE
Cleartype
X-Page-Id
Host
X-Git-Hash
X-F-Cache
X-DIS-Request-ID
X-Www-Served-By
X-B3-Sampled
X-DynaTrace
Cross-Origin-Opener-Policy
Cache-Tags
X-Forwarded-Proto
X-LB-Cache
ServerID
Access-Control-Allow-Method
X-Seen-By
X-Cache-Age
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Server-Name
X-Cluster-Name
X-AppVersion
X-Az
X-Activity-Id
Realpath
X-WebKit-CSP-Report-Only
X-Varnish-Age
Accept-Charset
X-Request-Handler-Origin-Region
X-Microsite
X-Aspnetmvc-Version
X-Rid
Filterid
Cache-Status
X-Type
X-Content-Options
X-Origin-Cache
X-Upgrade-Enabled
X-Mobile-URL
X-MCACHE
X-App-Environment
X-Via-JSL
X-FB-Debug
X-User-Agent
Country
Viewport
Node
X-Varnish-Grace
X-Tb
X-Wix-Request-Id
DC
X-Route-Name
X-Flags
X-Aspnet-Duration-Ms
X-B-Cache
X-Request-Guid
X-Signature
X-Providence-Cookie
X-Is-Crawler
X-Drupal-Cache-Tags
X-Whom
Paypal-Debug-Id
Protected
X-TT
X-XRDS-LOCATION
X-Goog-Storage-Class
X-Oracle-Dms-Ecid
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-NWS-UUID-VERIFY
X-Goog-Metageneration
X-VCache
Fastcgi-Useragent
X-Oracle-Dms-Rid
X-Nginx-Upstream-Cache-Status
X-Fastly-Request-Id
Retry-After
X-Varnish-Backend
X-Oneagent-Js-Injection
Payment
X-Amz-Replication-Status
X-Contextid
X-Cache-NGX
X-B
X-N
X-Debug
X-Fastly-Request-ID
X-Fastcgi-Cache
X-Logged-In
X-FW-Static
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
WPO-Cache-Status
WPO-Cache-Message
X-XRDS-Location
X-Load-Cache
X-Hostname
Surrogate-Key
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Parallel-Accel
X-Node-Name
Count-Hit
X-Buckets
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Trace-Id
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
Refresh
Akamai-GRN
X-Mobile
X-Proxy
X-G
Uber-Trace-Id
X-Cache-Time
X-Jobs
X-Akamai-Request-ID2
X-Is-Bot
X-UUID
X-ECache
X-Rendered-As
X-Revision
VIX-Pulpo-Upstream-Status
X-Real-IP
X-Zen-Fury
Healthy
VIX-Pulpo-Node
X-Page-View
X-Framework
X-Mcache
X-Http-Reason
X-Debug-IsPreview
X-Proxy-Cache-Status
X-Amz-Meta-S3cmd-Attrs
X-Cacheable-TTL
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Instance
X-Yottaa-Metrics
X-Device-Type
X-Cache-Rule
NGB
Alternate-Protocol
X-Drupal-Cache-Contexts
Access-Control-Request-Headers
X-Cache-TTL-Remaining
Content-Disposition
X-Adobe-Loc
X-IPLB-Instance
X-Vgn-Hpd-Reason
X-Adobe-Content
From-Origin
Url
X-Source
Version
X-Servername
X-Cache-Grace
X-COUNTRY
X-Cache-Expired-At
X-Cache-Hit
Referer-Policy
Accept-Language
X-Varnish-Server
Permissions-Policy
X-L-Path
X-Environment-Context
X-Ratelimit-Remaining
X-EdgeConnect-Cache-Status
X-Mg-Request-UUID
X-FW-Version
X-App-Server
Countrycode
MS-CV
Ms-Operation-Id
X-RTag
X-Cache-Action
X-NGENIX-Cache
Cross-Origin-Window-Policy
X-Restarts
X-IPS-LoggedIn
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
Backend
X-ProcessESI
X-RemovedCookies
X-NYM-Debug-Backend
X-Hyper-Cache
CF-IPCountry
Liferay-Portal
Frame-Options
Content-Secure-Policy
X-Rule
Upgrade-Insecure-Requests
X-HTML-Minification-Powered-By
Ec-Rule-Version
X-Nginx-Cache
WP-Super-Cache
X-OCL
X-UPSTREAM-Address
X-PCL
X-Redis-Cache
X-RN-RSRV
X-Cache-Server
Meta-Geo
X-APP-VERSION
Section-Io-Cache
Apigw-Requestid
X-Section
Cache-Tv-Group
X-Unique-Id
X-Generation-Time
X-Access
X-Cluster-Node
X-Cache-Enabled
X-No-Session
X-Detected-As
X-FB-TRIP-ID
X-Content-Age
X-Ua
X-Format
Azure-InstanceId
Azure-RegionName
X-Server-W
Azure-SiteName
X-Sql-Duration-Ms
X-Storage
X-Urbn-Context-Path
X-Via-Fastly
Azure-SlotName
X-Varnish-Cache-Hits
X-Web-Node
X-Uri
X-Sql-Count
X-Site-Version
X-Urbn-Site-Id
X-UA-Device-Type
Locale
X-Akamai-Edgescape
Property-Id
X-AOL-HN
Mn-Server-Ip
X-Be
X-ApacheServer
Webcakes-Region
Webcakes-App-Version
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Generated-By
X-Hosted-By
X-Say-Cacheable
X-Request-Time
Fastly-SSL
X-Say-TTL
X-SayCDN-TTL
X-Region
X-PHP-Backend
X-Origin-Date
X-Human
X-Origin-Hint
X-PERF
Webcakes-App-Name
Azure-Version
TWC-Connection-Speed
X-Mode
CDN-RequestId
CDN-Uid
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-Content-Powered-By
X-Debug-Cache
X-Xfnlog-Site
X-Forwarded-Host
X-Nginx-Cache-Key
X-BYPASS-REASON
X-ProxyCache-Key
X-Platform-Server
S-Rt
CDN-PullZone
X-ProxyCache-Status
X-Cache-Type
X-Cache-Host
X-Cache-Tags
X-Status
X-Sorting-Hat-PodId
X-ShardId
Eomportal-Instance
X-Sorting-Hat-ShopId
X-Extlb
X-Hl-Ver
X-Accel-Buffering
X-SaId
X-Zipkin-Id
X-ServerID
X-JoinUs
X-Routing-Service
X-Cache-Operation
X-Alternate-Cache-Key
X-Varnishpool
X-ShopId
X-Shopify-Stage
X-Backend-Name
X-Tid
X-Proxied
X-Timing-Wait
ServedBy
X-Adobe-Source
X-NewRelic-App-Data
Webserver
Selected-Fe
X-Proxy-Build
X-Webkit-CSP
X-Handled-By
X-Cache-Remote
X-Dc
Xserver
X-Locale
X-GG-Cache-Date
X-Labrador-Cache-Channel
X-PHP-Host
X-Rewrite-Enabled
X-Ratelimit-Limit
X-TT-LOGID
X-LSADC-Cache
X-Soup
X-VWS-Id
X-AWS-Id
X-Datadome
X-LJ-Flow-ID
X-Pubstack
X-VC-Cache
SID
SRV
LB
X-Cached-By
Mime-Version
Country-Code
Fastly-Drupal-Html
X-CDN-Forward
X-Request-Host
X-GEO
X-Proto
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Web-Mar-Node
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Microcachable
X-Reqid
Xet-Cookie
Onion-Location
X-Origin-CC
X-Origin-TTL
X-App-Version
Server-Info
X-Varnish-Hostname
X-Ms-Request-Id
X-Ms-Version
X-TA-CDN-Provider
X-Cms-Context
X-NCache
Cache-Hits
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-SRV
X-Tumblr-Pixel-2
X-Cluster
DynaTrace
X-Air-Source
X-Bc-Bl
X-Air-Trace-Id
X-Air-Hostname
X-Varnish-Hits
Cache-Name
X-GeoCode
Load-Balancing
X-GeoCountry
X-R9-Blue-Green-Version
X-CSRF-Token
X-Amzn-RequestId
X-Azure-Ref
X-Endurance-Cache-Level
X-Amz-Apigw-Id
X-Tec-Api-Root
X-Tec-Api-Version
X-Envoy-Decorator-Operation
X-RCS-CacheZone
X-Midtier
X-Varnish-Beresp-Grace
X-TIME
X-Tec-Api-Origin
DB-Nickname
X-Origin-Response-Time
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-LAGOON
X-Forwarded-Path
X-CF-Lambda-Fn
Sslversion
Surrogated-Key
T-Server
X-Cdn-Srv
X-CF-Lambda-Version
X-Conf
X-D
Odigeo-Trace-Id
Pramga
X-Connection-Hash
Rendered-Blocks
X-Cache-NE
X-Cache-Id
X-B-Cookie
X-A-Wwc
X-Aed
X-AK-Request-ID
X-Application
X-A-Dgt
X-A-Dcw
X-Cache-Bucket
X-A
X-A-Ccd
X-A-Dam
NM-Fastcgi-Cache
Mobile-Detection-Method
X-Ftr-Request-Id
Cmstype
DCR-Decision-By
DCR-Processing-Time-Ms
X-From
Cmsid
Cdnsip
X-Gzip
A
BehaviorPad-Version
X-Geo-Header
Cdncip
X-Men
Expiry
Lang
Host-ID
X-Developer
X-Destination
Meta-Geo-Continent
X-Ec-Fail
X-Ec-GeoHdr
Fastcgi-X-Cache-Version
X-External-Request-Id
X-Esi-Check
X-Epic-Correlation-Id
X-Hash
X-Magnolia-Registration
X-Processor
X-Vtex-Remote-Cache
X-Tenant
X-Webstats-RespID
X-TIM-N
X-TrackingId
X-Vdms-Path
X-B3-SpanId
X-SRCache-Key
X-Vdms-Version
X-VG-WebCache
X-ScT
X-SD-PageType
X-S-Cookie
X-S
X-Shop-Environment
X-Rojux
X-Session-Fingerprint
Xc-Version
X-Vtex-Processado-Em
X-User
X-NodeID
X-ARC
X-PBS-Appsvrname
X-NAPM-TraceId
X-Orig-Expires
X-PAYTM-SRV-ID
X-Via-NSCOPI
X-Tx-Id
X-Sigma
X-VG-TLSProxy
X-Sigma-Backend
Server-Host
X-DW
Is-Eu
X-Varnish-CookieINHashed-On
X-Cache-Info
X-Fastly-Cache
X-Fmm-Version
X-Server-IP
Environment
X-Varnish-CookieHashed-On
Fastly-GeoIP-CountryCode
X-Ckpd-Fst-Backend
X-Fetched-On
X-DSS
State
X-Device-Os
X-Core-Mission
X-DB
X-V-Cache
X-Variation
X-Core-Value
Svr
Producers
Platform
X-TNCMS
X-DefElseHash
X-Cache-Backend
Mail-Subject
Machine
X-Developers
X-DI
Memcached
X-SVT-ORM-RULES
X-DefHash
X-Clara-WADP
X-SVT-ORM-VERSION
X-DPWN-IS-SECURE
X-Gen-Mode
X-Irp-Debug
X-Varnish-Ttl
X-Is-Gdpr
X-JWT-State
X-Block-Status
X-WADP-Cache
X-Viewer-Country
Wxu-Next-Commit
X-Scheme
X-Hnp-Log
Wxu-Next-Region
X-Wix-Viewer-Type
X-Worker
X-Nyt-Route
X-Node-Id
X-Mvc-Supplant-Cachable
X-Loop
X-Old-Content-Length
X-Location
X-Origin-Time
X-Amzn-Remapped-Content-Length
X-Origin-Expires
X-Origin
Web-Mar-Region
Wxu-Next-Hostname
X-Rocket-Build-Number
We-Hiring
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Varnish-Remaining-TTL
V-Age
X-GeoIP
User-Cache-Control
X-RPS
X-RPM
Apple-News-Services-Host
X-RSL
X-Has-Esi
X-Request-URI
Apple-News-Services-Handled
Vix-Hermes-Req-Id
AKAMAI
Adler-Geo
X-Gdpr
Source
X-EC-Lua
CDN
X-Branch-Name
X-VarnishDD-TTL
X-VServer
X-Cdn-Origin
X-Auto-Login
X-Cache-Date
X-SB
X-Eu-Site
X-Qloud-Router
X-Proxy-Upstream
X-Httpd
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-HN
X-Proxy-Cache-Info
X-Policy
X-Planisys-CDN-Cache
X-Level-Front-Cache
X-Loc
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Pod-Name
X-Platform
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Thinkindot-L3
X-Sn-Servicetimems
X-Slack-Backend
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Skip-Cache
X-Minions-Version
X-Rocket-Nginx-Serving-Static
X-Response-By
X-GeoIP-City
X-Generated-On
X-Served-From
X-Forwarded-Site
X-CGP
X-BBC-Edge-Cache-Status
N-Cache
Locid
CloudFront-Viewer-Country
L5d-Success-Class
Origin
Origin-EX
Release
Redirect-Candidate
PFcat
L
Kp-EeAlive
Fastly-SWR
Fastly-SIE
Fastcgi-Cache-TTL
X-TraceId
X-Akamai-Transformed
Gh-Request-Id
Cluster
HA-Ipaddr
Ha-Gx-Prefs
Req-Svc-Chain
Origin-CC
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
Traceparent
X-Aicache-OS
Arc-Country
TDXMobile
Cache
CDCHOST
GEO-INFO
HostName
X-Pool
X-Accel-Expires-Debug
X-Ec-Custom-Error
X-Optimistic-Header
Ssr
X-Gamma-Serve
DSUID
X-Date
NGX
X-Parent-Response-Time
X-Tt-Logid
AMP-Access-Control-Allow-Source-Origin
MD5-Digest
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-GeoIP-Region-Code
X-Udemy-Cache-App-Namespace
X-GeoIP-Country-Code
X-NC
X-Owner
X-Tb-Optimization-Total-Bytes-Saved
Env
Pics-Label
X-CS
X-Srv
X-API-Version
X-CacheTTL
X-Dispatcher-Number
X-ZONE
X-Time
X-Newrelic-Synthetics
X-Mvc-Supplant-OutputCached
Fusion-Content-Id
Servername
Server-Hostname
Sever-Int
X-LB-NoCache
X-Via-Ucdn
X-SIPLIST1
Server-Ext
IsBot
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
X-Scale
X-Ah-Environment
Fusion-Content-Source
X-Generated-In
X-Edge-Pop
Memory
Time
X-Cache-Debug
X-VC
Ms-Author-Via
CacheControlHeader
X-Refresh
X-Presslabs-Stats
Geo-Info
X-Action
X-Wikidot-Static-Cache
X-TH-Server
True-Client-Country-4JS
GeoIp-Country-Code
X-Wikidot-Backend
X-Xrds-Location
X-S-Maxage
X-IPLB-Request-ID
X-Via-Popv
X-Backend-TTL
X-Amz-Meta-Cb-Modifiedtime
Cache-Key
X-CACHE-KEY
Candidate-Md5Url
X-Via-Poph
X-BCube-Filmed-By
X-Via-Popn
X-Ad-Defer-Variation
X-Servedbyhost
Datacenter
Ohc-File-Size
X-Vc
CPC-Age
XM
CPC-Cache
VNS-Age
FSS-Cache
X-HA-Backend
X-Cache-ASPX
X-SplitTest
X-Contensis-Viewer-Groups
Geoip-Latitude
VNS-Cache
X-RateLimit-Reset
X-VCL-Version
X-Req
ITXSESSIONID
X-WA-Info
X-Cs
X-Varnish-Authentication
Fastly-Backend-Name
Client
Edge-Cache
X-Varnish-Beresp-TTL
X-Dynatrace
X-Micro-Cache
My-App
X-Provided-By
X-Zone
Path
X-Cache-Status-Check
Hostname
X-VHOST
X-Trace-ID
Server-ID
X-AIR-PT
X-DC
X-Origin-Upstream-Status
X-Pass-Why
DataCenter
X-Up
Cache-Host
Ohc-Cache-HIT
Ngx.Var.Host
True-Client-IP
NtCoent-Length
X-FireWall-Port
X-LB-ID
X-TX-ID
X-B3-Spanid
X-Webkit-Csp-Report-Only
X-Fpc
X-FPC
Lb
OT-Force-Account-Verify
X-NGINX-Cache
XkeyRZ
X-Clientip
X-Li-Pop
X-Proxy-CacheRZ
X-Li-Fabric
X-LI-UUID
X-CSRF-TOKEN
X-ND-Cache
X-Traceid
Test
X-Varnish-Beresp-Ttl
Powered-By
X-UnsetCookies
Cf-Int-Pingora-Origin-Digest
X-Api-Version
X-Cdn-Request-ID
Proxy-Connection
X-CUA
X-Time-Microsecs
X-Correlation-ID
Cf-Device-Type
Server-Id
Target-Params
X-Beluga-Trace
X-Beluga-Status
Resin-Trace
Tracecode
X-Beluga-Response-Time
X-Vcl-Version
X-Beluga-Cache-Status
X-RAMCache
User-Agent
X-Beluga-Record
X-Webkit-CSP-Report-Only
X-Beluga-Node
X-Fragments
X-Azure-Ref-OriginShield
X-ATG-Version
X-Fastly-Backend
WZWS-RAY
X-Sucuri-Cache
Lfy
X-Var-Ttl
X-HS-Status
X-Sucuri-ID
X-FC-Vary-Parameters
X-Via-PopH
X-MSEdge-Flight
X-Dmc
X-MSEdge-Features
X-Via-PopN
X-Via-PopV
X-Ha-Backend
X-CLOUD-TRACE-CONTEXT
Sid
X-Platform-Cluster
X-ServedByHost
X-Platform-Processor
X-Platform-Router
X-Render-Time
X-URL
X-Geo
GeoIP-Country-Code
GeoIP-Latitude
Rip
X-NU-AKA-ACS-Version
Srvid
X-DynaTrace-JS-Agent
X-Qnm-Cache
X-M-Reqid
X-Varnish-Beresp-Status
C-Via
X-Li-Proto
Uri
X-M-Log
X-INCAP-ABP
X-Cdn-Forward
X-PX
MIME-Version
X-Gateway-Cache-Status
X-Alfa-Service
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-LI-Proto
X-Service
Tube-Got-Results
X-Gateway-Skip-Cache
Tube-Return
Click-Count-Action-Start
X-CCDN-Origin-Time
Click-Count-Error
X-Hcs-Proxy-Type
Magicmarker
Tube-Get-Contents
X-Backend-State
X-CCDN-CacheTTL
X-Fetch-By
Epwk-X-Cache
X-Proxy-Cache-Hk
Tube-Got-Eval
Fastly-Drupal-HTML
X-Akamai-Pragma-Client-IP
X-TRACE-ID
X-Check-Cacheable
HIT
X-Request-Start
X-Backend-Host
Esi-Enabled
ENV
X-Fastly-Backend-Reqs
Cdn
X-Esi
X-ID
X-App
X-Edge-POP
On-Server
ServerName
X-Bip
X-Cache-Expires
X-B3-Traceid-Primal
X-Lb-Nocache
X-Thanos
Server-Ttl
PICS-Label
X-Cache-CFC
XServer
X-MG-S
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-LiteSpeed-Cache-Control
Srv
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Newrelic-App-Data
X-Yottaa-OS
Tcn
X-ElasticPress-Query
CF-Cached-On
Section-Io-Id
Section-Origin-Responded
Wpo-Cache-Message
X-Vcache
X-BBC-Origin-Response-Status
Wpo-Cache-Status
M-TraceId
X-Iplb-Request-Id
X-APP
D-Url-Rewrites
Cf-Ipcountry
X-Nc
WebServer
Inserted-Into-Cache-At
X-Acquia-Application-Trace
X-Cache-Config
X-Iplb-Instance
X-Serial
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Site
Warning
X-HostName
Servedby
Cteonnt-Length
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Th-Server
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
X-IN-APIGATEWAY
X-B3-Parentspanid
CountryCode
X-Release
Cneonction
X-Request-Url
X-Dist-Code
X-Snapshot-Date
Ngx
X-Swift-Error
X-Shopify-Generated-Cart-Token
X-Akamai-ERRuleID
X-Storefront-Renderer-Verified
X-CF-Powered-By
X-Akamai-ERPolicy
X-Akamai-Request-ID
X-Back
X-LiteSpeed-Tag
X-Dw-Trace-Id
Content-Script-Type
Content-Style-Type
X-Request-URL