Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Accept-Ranges
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
EagleId
Request-Context
X-Ua-Compatible
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-UA-Device
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Dns-Prefetch-Control
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-Akamai-Path-Stats
X-LiteSpeed-Cache
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
Allow
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
Accept-CH
X-CST
Surrogate-Control
X-Backend-Server
Request-Id
X-ASPNET-VERSION
X-Akam-SW-Version
X-Readtime
X-HW
X-Cache-Lookup
X-Response-Time
Xkey
X-Application-Context
Accept-CH-Lifetime
Content-Location
Cf-Edge-Cache
X-Cloud-Trace-Context
Rating
X-Trace
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-PC
X-TtlSet
X-MS-InvokeApp
X-Vname
X-Rack-Cache
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-ESI
X-Varnish-TTL
X-B3-TraceId
X-Content-Type
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-Amz-Rid
X-Kinja
X-Use-Magma
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
Public-Key-Pins
X-Ac
X-Cnection
X-Dw-Request-Base-Id
X-Px
X-Amz-Server-Side-Encryption
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Cache-TTL
X-Client-IP
X-Powered-By-Plesk
Service-Worker-Allowed
X-FastCGI-Cache
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Country-Code
X-GitHub-Request-Id
X-Version
X-Edge
Arr-Disable-Session-Affinity
X-Ser
X-Ruxit-Js-Agent
X-NF-Request-ID
Access-Control-Request-Method
X-Middleton-Response
Response
X-Goog-Hash
X-Correlation-Id
X-Upstream
X-Ttl
AR-SID
AR-ATIME
AR-Request-ID
AR-CACHE
AR-PoweredBy
X-Kinsta-Cache
X-Edge-Location-Klb
SPIisLatency
X-Webkit-Csp
SPRequestDuration
X-TTL
X-Cached
X-LLID
X-Ua-Device
X-NWS-LOG-UUID
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Powered-CMS
Nginx-Cache
X-RateLimit-Limit
Edge-Cache-Tag
TCN
X-Cache-Key
MS-Author-Via
X-Litespeed-Cache
X-SharePointHealthScore
X-Forwarded-For
SPRequestGuid
Mrf-Cache-Status
MRF-Tech
X-MSEdge-Ref
Content-MD5
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Id
X-Aspnetmvc-Version
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Digest
X-Protected-By
X-DataDome
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Ab
X-Yandex-Sdch-Disable
X-Content
Server-Node
X-Ua-Browser
X-Frontend
X-Ezoic-Cdn
X-HS-Combine-CSS
Front-End-Https
X-Request-Received
X-Request-Processing-Time
Filters
X-Accel-Expires
X-Grace
X-Mid
Fastcgi-Cache
X-Server-ID
X-ORACLE-DMS-ECID
X-ECACHE
X-ORACLE-DMS-RID
X-Geo-Country
X-Hits
X-PressLabs-Stats
X-Origin-Server
X-Ratelimit-Reset
TP-L2-Cache
X-Distributor
TP-Cache
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Debug-Info
X-Amzn-Trace-Id
Charset
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-DynaTrace
X-Page-Id
Cleartype
Host
X-Git-Hash
X-DIS-Request-ID
X-F-Cache
Cross-Origin-Opener-Policy
X-Www-Served-By
X-B3-Sampled
X-Forwarded-Proto
X-LB-Cache
Cache-Tags
Access-Control-Allow-Method
X-Cache-Age
ServerID
X-Seen-By
X-Microsite
X-Request-Handler-Origin-Region
X-Language
X-Cluster-Name
X-AppVersion
X-Az
X-Activity-Id
X-Kong-Proxy-Latency
Server-Name
X-Kong-Upstream-Latency
X-Varnish-Age
Accept-Charset
X-WebKit-CSP-Report-Only
Realpath
Cache-Status
Filterid
X-Rid
X-Content-Options
X-Type
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Mobile-URL
X-App-Environment
X-Upgrade-Enabled
X-User-Agent
Node
X-Varnish-Grace
Viewport
X-Nginx-Upstream-Cache-Status
X-Origin-Cache
X-Tb
Country
X-Wix-Request-Id
Paypal-Debug-Id
X-FB-Debug
X-Is-Crawler
X-Aspnet-Duration-Ms
X-B-Cache
X-Drupal-Cache-Tags
X-Via-JSL
X-Providence-Cookie
X-Request-Guid
X-Flags
X-Whom
DC
X-Signature
X-Route-Name
X-TT
X-XRDS-LOCATION
X-NWS-UUID-VERIFY
Fastcgi-Useragent
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-VCache
Protected
X-Fastly-Request-Id
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
Retry-After
X-MCACHE
X-Varnish-Backend
X-Cache-NGX
X-Amz-Replication-Status
Payment
X-B
X-Contextid
X-Fastly-Request-ID
X-Debug
X-Fastcgi-Cache
X-Logged-In
X-Template
X-Mcache
WPO-Cache-Status
WPO-Cache-Message
X-FW-Serve
X-FW-Static
X-FW-Hash
X-FW-Server
X-N
X-FW-Type
X-FW-Dynamic
X-Load-Cache
Surrogate-Key
X-Cache-Control
X-Hostname
Amp-Access-Control-Allow-Source-Origin
X-Trace-Id
Count-Hit
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Node-Name
X-Browser-Type
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
Healthy
Refresh
X-Proxy
Akamai-GRN
X-Akamai-Request-ID2
VIX-Pulpo-Upstream-Status
X-G
X-Parallel-Accel
X-XRDS-Location
X-Cache-Time
VIX-Pulpo-Node
X-Revision
X-Real-IP
X-Is-Bot
X-Rendered-As
X-Amz-Meta-S3cmd-Attrs
Uber-Trace-Id
X-UUID
X-Mobile
X-Zen-Fury
X-Http-Reason
X-Page-View
X-Framework
X-Jobs
X-Yottaa-Optimizations
X-Cache-TTL-Remaining
Alternate-Protocol
X-Yottaa-Metrics
X-Proxy-Cache-Status
NGB
X-Debug-IsPreview
X-Device-Type
X-Drupal-Cache-Contexts
X-Cacheable-TTL
X-Debug-IsConnected
X-Instance
X-Adobe-Loc
X-Adobe-Content
Content-Disposition
Access-Control-Request-Headers
X-IPLB-Instance
From-Origin
X-Cache-Rule
X-Source
X-Vgn-Hpd-Reason
Url
Version
X-Servername
Permissions-Policy
X-ECache
X-COUNTRY
X-Cache-Grace
X-Cache-Expired-At
X-B3-Traceid
Accept-Language
X-Varnish-Server
Referer-Policy
X-Cache-Hit
X-Environment-Context
X-L-Path
X-Oneagent-Js-Injection
X-Mg-Request-UUID
X-EdgeConnect-Cache-Status
X-Ratelimit-Remaining
X-NGENIX-Cache
Countrycode
MS-CV
X-FW-Version
Ms-Operation-Id
X-RTag
X-App-Server
X-Restarts
Cross-Origin-Window-Policy
X-Cache-Action
X-Tumblr-User
X-IPS-LoggedIn
Backend
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-NYM-Debug-Backend
Liferay-Portal
X-ProcessESI
X-RemovedCookies
CF-IPCountry
X-HTML-Minification-Powered-By
Frame-Options
WP-Super-Cache
X-Hyper-Cache
Content-Secure-Policy
Section-Io-Cache
Meta-Geo
X-Nginx-Cache
X-OCL
X-UPSTREAM-Address
X-APP-VERSION
Upgrade-Insecure-Requests
Ec-Rule-Version
X-PCL
X-Cache-Server
X-RN-RSRV
X-Redis-Cache
Apigw-Requestid
X-Rule
X-Format
X-Access
X-Ua
X-Section
X-Generation-Time
X-FB-TRIP-ID
X-Detected-As
X-Cluster-Node
X-No-Session
Cache-Tv-Group
X-Cache-Enabled
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-InstanceId
Fastly-SSL
Locale
Azure-SlotName
X-Generated-By
Webcakes-App-Version
X-Via-Fastly
X-Web-Node
Webcakes-App-Name
X-PHP-Backend
X-Uri
X-Varnish-Cache-Hits
Webcakes-Region
TWC-Privacy
X-SayCDN-TTL
TWC-Locale-Group
X-ApacheServer
X-Storage
X-Say-TTL
X-Request-Time
X-Say-Cacheable
X-Server-W
X-UA-Device-Type
X-Urbn-Site-Id
X-Sql-Duration-Ms
X-Origin-Date
Property-Id
Mn-Server-Ip
X-AOL-HN
X-Human
X-Urbn-Context-Path
TWC-Connection-Speed
X-PERF
X-Sql-Count
X-Origin-Hint
X-Region
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-Akamai-Edgescape
X-Be
X-Unique-Id
X-Content-Age
CDN-RequestCountryCode
CDN-RequestId
X-ProxyCache-Status
CDN-Uid
X-Cache-Host
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-ProxyCache-Key
X-Nginx-Cache-Key
X-Cache-Type
X-Cache-Tags
X-BYPASS-REASON
X-Content-Powered-By
Webserver
X-Site-Version
X-Hosted-By
X-Platform-Server
CDN-PullZone
X-Xfnlog-Site
X-Mode
X-Backend-Name
X-Debug-Cache
Eomportal-Instance
X-Forwarded-Host
X-Hl-Ver
X-JoinUs
X-Varnishpool
X-Status
X-ServerID
X-SaId
X-Tid
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
S-Rt
X-Sorting-Hat-ShopId
X-ShardId
X-Extlb
X-Adobe-Source
X-Alternate-Cache-Key
X-Zipkin-Id
X-TT-LOGID
X-Routing-Service
X-Proxied
X-Cache-Operation
X-Accel-Buffering
Selected-Fe
ServedBy
X-Handled-By
X-Webkit-CSP
X-Timing-Wait
X-Proxy-Build
X-Labrador-Cache-Channel
X-PHP-Host
X-GG-Cache-Date
X-Cache-Remote
X-Locale
X-Dc
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-LSADC-Cache
X-Ratelimit-Limit
X-Rewrite-Enabled
Xserver
SID
X-Datadome
X-VC-Cache
X-Pubstack
X-NewRelic-App-Data
X-Soup
X-Buckets
Mime-Version
SRV
Fastly-Drupal-Html
X-Cached-By
Web-Mar-Node
X-Proto
X-CDN-Forward
LB
Country-Code
X-Edge-Location
X-GEO
Decoy-Debug-Status
Decoy-Debug-Key
X-Storefront-Renderer-Rendered
X-Reqid
Decoy-Debug-TTL
X-Request-Host
X-Microcachable
X-TA-CDN-Provider
Onion-Location
X-Cms-Context
X-App-Version
X-Varnish-Hostname
Server-Info
X-Origin-TTL
X-Origin-CC
X-Ms-Request-Id
X-Ms-Version
Xet-Cookie
Cache-Hits
X-Midtier
X-Tumblr-Pixel-2
X-GeoCountry
X-GeoCode
Load-Balancing
X-Cluster
X-Tumblr-Pixel-3
X-NCache
X-MP-GENERATED-AT
X-Varnish-Hits
X-Bc-Bl
DynaTrace
X-CSRF-Token
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-SRV
X-Envoy-Decorator-Operation
X-R9-Blue-Green-Version
X-Amzn-RequestId
X-B3-SpanId
X-Amz-Apigw-Id
Cache-Name
X-Origin-Response-Time
X-Azure-Ref
X-Magnolia-Registration
X-RCS-CacheZone
X-Endurance-Cache-Level
NM-Fastcgi-Cache
BehaviorPad-Version
Mobile-Detection-Method
Meta-Geo-Continent
X-Webstats-RespID
Rendered-Blocks
Pramga
A
Odigeo-Trace-Id
Cdncip
Xc-Version
Lang
Fastcgi-X-Cache-Version
Expiry
DB-Nickname
DCR-Decision-By
Cdnsip
X-Vtex-Processado-Em
DCR-Processing-Time-Ms
X-VG-WebCache
Host-ID
X-Vtex-Remote-Cache
X-Vdms-Version
X-Cache-Bucket
X-External-Request-Id
X-Esi-Check
X-ScT
X-Forwarded-Path
X-Ftr-Request-Id
X-From
X-Epic-Correlation-Id
X-SD-PageType
X-Tenant
X-Ec-GeoHdr
X-SRCache-Key
X-Shop-Environment
X-Session-Fingerprint
X-S-Cookie
X-Geo-Header
X-NAPM-TraceId
X-Processor
X-NodeID
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Men
X-Rojux
X-HS-Content-Campaign-Id
X-Gzip
X-Ig-Push-State
X-LAGOON
X-S
X-Ec-Fail
X-TIM-N
X-Aed
X-A-Wwc
X-AK-Request-ID
X-Vdms-Path
X-Application
X-A-Dgt
X-A-Dcw
T-Server
Surrogated-Key
X-A
X-A-Ccd
X-A-Dam
X-B-Cookie
X-Orig-Expires
X-D
X-Connection-Hash
X-Destination
X-Developer
X-TrackingId
X-Conf
X-CF-Lambda-Version
X-Cache-Id
X-User
X-Cache-NE
X-Cdn-Srv
X-CF-Lambda-Fn
Sslversion
X-ARC
X-Varnish-Beresp-Grace
X-Tx-Id
X-Via-NSCOPI
X-Node-Id
X-Variation
X-DPWN-IS-SECURE
X-Varnish-CookieHashed-On
X-Fmm-Version
X-Amzn-Remapped-Content-Length
X-Request-URI
X-V-Cache
Memcached
X-Rocket-Build-Number
Mail-Subject
X-Block-Status
X-Cache-Backend
V-Age
X-Viewer-Country
Is-Eu
X-Varnish-Remaining-TTL
X-DefElseHash
Machine
X-Varnish-CookieINHashed-On
X-Device-Os
Platform
X-Scheme
X-Sigma
X-Sigma-Backend
Svr
X-Fastly-Cache
X-Server-IP
User-Cache-Control
Vix-Hermes-Req-Id
We-Hiring
Web-Mar-Region
X-SB
State
X-Origin-Time
X-SVT-ORM-VERSION
Producers
X-Fetched-On
X-SVT-ORM-RULES
Server-Host
X-Origin
X-Varnish-Ttl
X-Origin-Expires
X-Nyt-Route
Fastly-GeoIP-CountryCode
X-VG-TLSProxy
X-Ckpd-Fst-Backend
X-Hash
AKAMAI
Apple-News-Services-Request-Url
X-Hnp-Log
X-Developers
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Has-Esi
Adler-Geo
Wxu-Next-Hostname
Wxu-Next-Region
X-Core-Value
X-GeoIP
Wxu-Next-Commit
X-Clara-WADP
Source
Cmsid
Apple-News-Services-Handled
X-JWT-State
X-Wix-Viewer-Type
X-Is-Gdpr
X-Mvc-Supplant-Cachable
Environment
X-Cache-Info
X-WADP-Cache
X-DefHash
X-Worker
X-Irp-Debug
X-Location
X-Gdpr
X-Gen-Mode
Cmstype
CDN
X-Old-Content-Length
X-Csrf-Jwt
X-Planisys-CDN-Rules
X-Eu-Site
X-Datadog-Trace-Id
X-Planisys-CDN-Cache
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Response-By
X-BBC-Edge-Cache-Status
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-Proxy-Cache-Info
X-Qloud-Router
X-RateLimit-Limit-Second
X-Branch-Name
X-Pool
X-Policy
X-Planisys-CDN-TTL
X-Rocket-Nginx-Serving-Static
X-Aicache-OS
X-Platform
X-Proxy-Upstream
X-CGP
X-Auto-Login
X-Core-Mission
X-Thinkindot-L3
Fastcgi-Cache-TTL
X-VServer
Cluster
CloudFront-Viewer-Country
CDCHOST
Fastly-SIE
Fastly-SWR
X-Level-Front-Cache
Ha-Gx-Prefs
Gh-Request-Id
X-VarnishDD-TTL
Cache
Arc-Country
X-HN
X-Loop
X-Httpd
X-TIME
X-Loc
X-GeoIP-City
X-Pod-Name
Locid
X-Minions-Version
X-Generated-On
X-Ec-Custom-Error
Kp-EeAlive
HA-Ipaddr
Thinkindot-CacheControl-Type
L
Redirect-Candidate
PFcat
Release
Req-Svc-Chain
Thinkindot-CacheControl
Ssr
X-Slack-Backend
TDXMobile
Thinkindot-Control
Traceparent
X-Served-From
L5d-Success-Class
X-Forwarded-Site
X-TNCMS
Origin-EX
Origin-CC
Origin
X-Skip-Cache
X-TraceId
X-Optimistic-Header
X-DSS
X-EC-Lua
X-DI
X-Gamma-Serve
X-DW
X-Time
X-Srv
DSUID
NGX
X-RSL
X-DB
N-Cache
X-Sn-Servicetimems
X-RPM
X-RPS
HostName
MD5-Digest
X-Cache-Date
X-Cdn-Origin
X-Region-Sid
X-Xrds-Location
X-Parent-Response-Time
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-CacheTTL
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
GEO-INFO
X-NC
X-Owner
X-Date
AMP-Access-Control-Allow-Source-Origin
X-Accel-Expires-Debug
X-Tb-Optimization-Total-Bytes-Saved
X-ZONE
X-Scale
X-Akamai-Transformed
IsBot
Server-Ext
Server-Hostname
X-Dispatcher-Number
Sever-Int
X-VC
X-Via-Ucdn
X-SIPLIST1
X-GeoIP-Country-Code
Env
X-GeoIP-Region-Code
X-CS
Pics-Label
X-Refresh
X-Ah-Environment
X-LB-NoCache
X-Mvc-Supplant-OutputCached
Servername
Time
Memory
X-Edge-Pop
X-Tt-Logid
X-Udemy-Cache-App-Namespace
Ms-Author-Via
X-Newrelic-Synthetics
X-IPLB-Request-ID
X-API-Version
X-Cache-Debug
X-Wikidot-Static-Cache
X-Wikidot-Backend
Ohc-File-Size
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
X-CACHE-KEY
Candidate-Md5Url
CacheControlHeader
X-Ad-Defer-Variation
X-Generated-In
X-BCube-Filmed-By
GeoIp-Country-Code
Datacenter
Cache-Key
Geo-Info
X-Amz-Meta-Cb-Modifiedtime
X-Servedbyhost
X-Via-Popv
X-Contensis-Viewer-Groups
X-Action
X-S-Maxage
True-Client-Country-4JS
X-Cache-ASPX
CPC-Age
VNS-Cache
X-SplitTest
X-TH-Server
X-Via-Popn
VNS-Age
X-Via-Poph
CPC-Cache
X-WA-Info
Fastly-Backend-Name
XM
X-Backend-TTL
X-Varnish-Authentication
X-HA-Backend
ITXSESSIONID
Geoip-Latitude
X-Vc
X-RateLimit-Reset
FSS-Cache
Client
X-Cs
X-Presslabs-Stats
Path
X-Micro-Cache
X-VCL-Version
X-Zone
X-Cache-Status-Check
X-Provided-By
X-Req
X-Varnish-Beresp-TTL
X-AIR-PT
X-Dynatrace
Edge-Cache
X-VHOST
Server-ID
My-App
Cache-Host
Hostname
X-DC
X-Trace-ID
Ngx.Var.Host
True-Client-IP
Lb
Ohc-Cache-HIT
X-Origin-Upstream-Status
X-Pass-Why
X-Up
X-TX-ID
DataCenter
NtCoent-Length
X-LB-ID
X-Webkit-Csp-Report-Only
X-Api-Version
X-FireWall-Port
X-Clientip
X-Fpc
X-NGINX-Cache
X-Proxy-CacheRZ
X-PX
X-FPC
X-B3-Spanid
Powered-By
XkeyRZ
X-Cdn-Request-ID
X-CSRF-TOKEN
X-Varnish-Beresp-Ttl
X-Li-Fabric
X-LI-UUID
Test
X-Traceid
X-Li-Pop
OT-Force-Account-Verify
Cf-Int-Pingora-Origin-Digest
X-UnsetCookies
X-ND-Cache
X-Correlation-ID
User-Agent
WZWS-RAY
X-Beluga-Cache-Status
X-CUA
X-MSEdge-Flight
Server-Id
X-Time-Microsecs
X-Beluga-Record
X-Webkit-CSP-Report-Only
X-Beluga-Node
X-MSEdge-Features
X-Beluga-Response-Time
X-Dmc
X-Vcl-Version
X-Beluga-Status
X-Beluga-Trace
Proxy-Connection
Tracecode
Target-Params
X-RAMCache
X-Ha-Backend
X-Fragments
X-Via-PopH
X-Via-PopN
X-Render-Time
X-Via-PopV
Uri
Cf-Device-Type
X-INCAP-ABP
X-CLOUD-TRACE-CONTEXT
X-Azure-Ref-OriginShield
X-Var-Ttl
X-Platform-Processor
X-Platform-Cluster
X-Fastly-Backend
X-URL
X-HS-Status
X-ServedByHost
X-FC-Vary-Parameters
Srvid
X-Sucuri-ID
X-Platform-Router
Lfy
Resin-Trace
X-Sucuri-Cache
C-Via
X-ATG-Version
X-Check-Cacheable
X-Geo
X-Akamai-Pragma-Client-IP
X-Gateway-Request-Id
X-Gateway-Cache-Key
GeoIP-Country-Code
Tube-Got-Results
GeoIP-Latitude
Tube-Return
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
Rip
Tube-Got-Eval
Click-Count-Error
Click-Count-Action-Start
Tube-Get-Contents
Sid
MIME-Version
X-LI-Proto
X-Cdn-Forward
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
HIT
X-DynaTrace-JS-Agent
Epwk-X-Cache
X-CCDN-Origin-Time
X-Proxy-Cache-Hk
X-Fetch-By
X-M-Reqid
X-Qnm-Cache
X-Service
Esi-Enabled
X-M-Log
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
X-Alfa-Service
X-Li-Proto
X-TRACE-ID
Fastly-Drupal-HTML
Magicmarker
X-Backend-State
Srv
Section-Io-Origin-Status
Section-Io-Id
On-Server
X-Backend-Host
ENV
X-Fastly-Backend-Reqs
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Cdn
X-ID
X-Esi
ServerName
X-App
PICS-Label
X-Cache-Expires
X-Lb-Nocache
X-Cache-CFC
XServer
X-B3-Traceid-Primal
X-Edge-POP
X-Request-Start
X-LiteSpeed-Cache-Control
X-MG-S
X-Srcache-Fetch-Status
X-Srcache-Store-Status
CF-Cached-On
X-Newrelic-App-Data
X-Yottaa-OS
Server-Ttl
X-Bip
X-Thanos
X-ElasticPress-Query
X-APP
Tcn
X-Acquia-Application-Trace
Cf-Ipcountry
Wpo-Cache-Status
Wpo-Cache-Message
X-BBC-Origin-Response-Status
X-Nc
D-Url-Rewrites
X-Iplb-Instance
X-Iplb-Request-Id
X-Acquia-Application-UUID
X-Vcache
Inserted-Into-Cache-At
X-Acquia-Site
X-Acquia-Purge-Tags
X-Serial
X-HostName
Servedby
Warning
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Fastcgi-Cache-Ttl
X-Request-URL
X-Cache-Config
X-B3-Parentspanid
X-Swift-Error
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Tag
M-TraceId
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Akamai-Request-ID
Cneonction
Ngx
Content-Style-Type
Content-Script-Type
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
X-Dw-Trace-Id
CountryCode
X-Snapshot-Date
X-Request-Url
X-Dist-Code
X-Release
X-CF-Powered-By