Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Report-To
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
P3p
Upgrade
NEL
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Request-ID
EagleId
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-UA-Device
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Server
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
EagleEye-TraceId
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Accept-CH
X-Device
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
Rating
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Cache-Lookup
Accept-Ch-Lifetime
X-Trace
X-Url
Allow
X-Content-Type
X-PC
X-TtlSet
X-Vname
X-Ac
X-Aws-Lambda-Call-Status
X-Clacks-Overhead
Edge-Control
X-Server-Name
X-Varnish-TTL
Fastly-Restarts
X-ESI
X-Mod-Pagespeed
Cache-Tag
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
Verso
MS-Author-Via
X-Element-Page-Cache
X-Vcap-Request-Id
X-FastCGI-Cache
X-Amz-Rid
X-Upstream
X-MS-InvokeApp
X-GitHub-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Client-IP
X-Abt-Application-Version
X-Cached
X-D2id
X-Cache-TTL
X-Cnection
RTSS
X-Px
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-ORACLE-DMS-ECID
X-Navigation-Version
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-Goog-Hash
X-NF-Request-ID
X-TTL
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Display
X-Sol
X-Middleton-Display
Pagespeed
AR-PoweredBy
AR-SID
AR-Request-ID
AR-CACHE
AR-ATIME
X-Powered-CMS
X-CST
X-Version
Response
X-Middleton-Response
X-Origin-Cache
X-MSEdge-Ref
X-LLID
TCN
Nginx-Cache
X-Kinsta-Cache
X-Edge-Location-Klb
X-Amz-Server-Side-Encryption
X-RateLimit-Remaining
X-Edge
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Protected-By
X-T
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
X-HP-Trace-Id
X-Forwarded-For
X-HP-Webp
X-Jurisdiction
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Edge-Cache-Tag
X-Aspnetmvc-Version
S
X-Language
Content-MD5
SPIisLatency
SPRequestDuration
Front-End-Https
X-Mid
Fastcgi-Cache
X-Ruxit-Js-Agent
Realpath
Filters
X-Request-Received
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Frontend
X-Request-Processing-Time
X-Cache-Key
X-Recruiting
Server-Node
X-NWS-LOG-UUID
X-Content
X-Ua-Browser
X-Ab
Server-Name
X-Ser
X-MCACHE
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-HS-Cache-Config
X-HS-Hub-Id
X-Template
X-DynaTrace
X-HS-Combine-CSS
X-Correlation-Id
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Hits
X-Parallel-Accel
X-ECACHE
MicrosoftSharePointTeamServices
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cache-Tags
Charset
X-Daa-Tunnel
X-Page-Id
Host
Cleartype
X-B3-Sampled
X-Ttl
X-Git-Hash
X-Www-Served-By
X-Geo-Country
X-Debug-Info
X-Content-Options
X-DIS-Request-ID
Alternate-Protocol
X-Content-Digest
X-Amzn-Trace-Id
Accept-Ch
X-Hostname
Fusion-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
X-Ratelimit-Limit
Fusion-Content-Id
Cross-Origin-Opener-Policy
X-ASPNET-VERSION
X-Amz-Replication-Status
Filterid
X-DataDome
X-Grace
X-Varnish-Age
ServerID
X-FB-Debug
X-F-Cache
X-Upgrade-Enabled
X-Accel-Expires
X-AppVersion
X-Az
X-Activity-Id
X-VCache
X-WebKit-CSP-Report-Only
X-XRDS-LOCATION
X-Nginx-Upstream-Cache-Status
X-N
X-Rid
X-Mobile-URL
X-Origin-Server
Access-Control-Allow-Method
X-Forwarded-Proto
X-Type
X-LB-Cache
X-Whom
X-TT
X-Seen-By
X-Distributor
X-Goog-Stored-Content-Encoding
Viewport
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Ratelimit-Reset
X-Goog-Metageneration
X-App-Environment
X-GUploader-UploadID
X-Varnish-Grace
X-Tb
X-Request-Guid
X-Fastly-Request-ID
X-Flags
X-Providence-Cookie
X-Fastly-Request-Id
X-Aspnet-Duration-Ms
X-Route-Name
X-Is-Crawler
X-User-Agent
Node
Payment
X-FW-Static
DC
X-FW-Hash
X-FW-Type
Paypal-Debug-Id
X-FW-Server
X-Server-ID
X-FW-Serve
X-FW-Dynamic
Country
X-Wix-Request-Id
Accept-Charset
X-Fastcgi-Cache
Fastcgi-Useragent
TP-L2-Cache
TP-Cache
X-App-Server
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Oneagent-Js-Injection
X-Cache-Rule
X-Cache-Control
X-Via-JSL
X-Cluster-Name
X-Litespeed-Cache
X-NGENIX-Cache
X-Webkit-Csp
X-Drupal-Cache-Tags
Version
X-Cache-Age
X-Microsite
X-Request-Handler-Origin-Region
X-Contextid
X-Buckets
X-Signature
X-B-Cache
Cache-Status
X-Node-Name
Referer-Policy
X-Logged-In
Refresh
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Origin-Upstream-Status
SD-X-WS
X-Response-Served-From
X-Mobile
X-Load-Cache
X-Real-IP
X-Jobs
X-Cache-Expired-At
X-Cacheable-TTL
X-Debug
X-Browser-Type
Amp-Access-Control-Allow-Source-Origin
X-IPLB-Instance
NGB
X-B
Access-Control-Request-Headers
X-Erf-Bev-Bev
X-Rendered-As
X-Erf-Bev-Bev-Is-Generated
X-Is-Bot
X-Revision
X-Varnish-Backend
X-UUID
X-Rule
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
X-Proxy
X-Device-Type
X-Cache-Action
X-G
X-Framework
X-ProcessESI
X-Drupal-Cache-Contexts
Surrogate-Key
X-Instance
Akamai-GRN
X-Page-View
X-RemovedCookies
X-Cache-Time
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Version
SID
X-Accel-Buffering
CF-IPCountry
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Count-Hit
X-Presslabs-Stats
X-Cache-NGX
GEO-INFO
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Uber-Trace-Id
X-Nginx-Cache
X-Cache-Operation
X-Azure-Ref
X-Ms-Version
X-Source
X-Ratelimit-Remaining
X-Ms-Request-Id
X-RateLimit-Limit
X-PressLabs-Stats
X-Zen-Fury
X-EdgeConnect-Cache-Status
X-APP-VERSION
Protected
X-Trace-Id
Frame-Options
DynaTrace
X-XRDS-Location
WPO-Cache-Message
WPO-Cache-Status
X-Cache-Hit
X-TEC-API-ORIGIN
X-RTag
X-TEC-API-VERSION
X-CDN-Forward
X-TEC-API-ROOT
X-Servername
Liferay-Portal
MS-CV
Ms-Operation-Id
X-Backend-Name
Ec-Rule-Version
Healthy
Countrycode
X-Cache-TTL-Remaining
Cross-Origin-Window-Policy
X-Hyper-Cache
X-IPS-LoggedIn
X-Tumblr-Pixel
Content-Disposition
X-Tumblr-Pixel-0
X-Tumblr-User
X-Mode
Xserver
X-Tumblr-Pixel-1
X-Adobe-Loc
X-L-Path
Backend
X-Adobe-Content
X-Environment-Context
X-Varnish-Server
Meta-Geo
X-SaId
X-RN-RSRV
LB
X-Cache-Grace
X-Rewrite-Enabled
Url
X-JoinUs
X-UPSTREAM-Address
X-Extlb
X-Generation-Time
Decoy-Debug-Status
X-Redis-Cache
Decoy-Debug-TTL
X-Cache-Server
X-Content-Age
X-Region
Decoy-Debug-Key
X-Routing-Service
X-Format
X-Debug-Cache
Apigw-Requestid
Eomportal-Instance
X-Detected-As
X-Zipkin-Id
X-Proxied
X-Microcachable
X-Access
X-PERF
X-Sorting-Hat-ShopId
X-PHP-Backend
X-NCache
X-Site-Version
X-PCL
X-OCL
X-Shopify-Stage
X-Origin-Date
X-Uri
X-No-Session
X-Section
X-Status
X-Human
X-Via-Fastly
X-Alternate-Cache-Key
X-ShardId
X-ShopId
Cache-Name
X-FB-TRIP-ID
X-ServerID
Country-Code
X-ApacheServer
X-Forwarded-Host
Retry-After
X-Sorting-Hat-PodId
X-Hosted-By
Property-Id
Fastly-SSL
Cache-Tv-Group
CDN-RequestCountryCode
Mn-Server-Ip
CDN-Uid
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-Cache
CDN-RequestId
X-Timing-Wait
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Varnish-Beresp-Grace
X-UA-Device-Type
TWC-Locale-Group
TWC-Privacy
X-Content-Powered-By
X-Generated-By
X-BYPASS-REASON
X-Akamai-Edgescape
X-SayCDN-TTL
X-Say-TTL
X-Cluster-Node
X-Web-Node
X-Origin-Hint
X-Tid
X-Pubstack
Selected-Fe
X-ProxyCache-Status
X-ProxyCache-Key
X-NYM-Debug-Backend
X-Proxy-Build
X-Say-Cacheable
X-Sql-Count
TWC-GeoIP-Country
X-Cache-Type
TWC-GeoIP-LatLong
X-Sql-Duration-Ms
TWC-Device-Class
TWC-Connection-Speed
X-Hl-Ver
X-Cache-Host
X-Server-W
X-Be
X-Soup
X-Varnishpool
X-Storage
Azure-SlotName
Azure-SiteName
X-NewRelic-App-Data
Content-Secure-Policy
X-R9-Blue-Green-Version
Azure-RegionName
Azure-InstanceId
Azure-Version
X-Ua
X-LSADC-Cache
Section-Io-Cache
X-TIME
X-Nginx-Cache-Key
X-Webkit-CSP
DB-Nickname
X-Cache-Remote
X-Cached-By
X-Dc
X-Unique-Id
X-Azure-Ref-OriginShield
X-Platform-Server
X-Bc-Bl
X-TT-LOGID
X-Xfnlog-Site
X-Akamai-Transformed
Cache
X-Auto-Login
Source
OT-Force-Account-Verify
X-Cache-Tags
Upgrade-Insecure-Requests
ServedBy
From-Origin
X-Varnish-Cache-Hits
Xet-Cookie
X-LAGOON
SRV
HostName
X-GEO
X-AOL-HN
X-Origin-CC
X-ECache
X-Request-Time
X-Origin-TTL
X-CSRF-Token
X-Cdn
X-NWS-UUID-VERIFY
Cache-Hits
X-Varnish-Hits
Mime-Version
X-Varnish-Hostname
X-Request-Host
X-Correlation-ID
Webserver
Onion-Location
X-Loop
X-S-Maxage
X-TNCMS
WP-Super-Cache
X-App-Version
X-EC-Lua
X-SRV
X-Cache-Enabled
X-FireWall-Port
X-Time
X-Akamai-Request-ID2
X-Tumblr-Pixel-3
Web-Mar-Node
X-Handled-By
X-Tumblr-Pixel-2
X-HTML-Minification-Powered-By
S-Rt
X-Endurance-Cache-Level
X-Http-Reason
N-Cache
X-Adobe-Source
X-Reqid
X-Tenant
X-Origin-Response-Time
X-Proto
X-B3-SpanId
X-ND-Cache
X-Orig-Expires
Nel
X-Cluster
X-Destination
X-Epic-Correlation-Id
X-Ckpd-Fst-Backend
X-NAPM-TraceId
X-Developer
X-PAYTM-SRV-ID
X-Connection-Hash
Meta-Geo-Continent
Mobile-Detection-Method
X-Planisys-CDN-Rules
Odigeo-Trace-Id
X-D
X-CF-Lambda-Version
Surrogated-Key
X-Planisys-CDN-Cache
X-Conf
Expiry
Redirect-Candidate
A
BehaviorPad-Version
X-CF-Lambda-Fn
X-Mg-Request-UUID
X-GG-Cache-Date
Rendered-Blocks
Server-Info
X-Planisys-CDN-TTL
Pramga
X-Ig-Push-State
X-External-Request-Id
X-A-Ccd
X-Cache-NE
DCR-Processing-Time-Ms
DCR-Decision-By
X-Ftr-Request-Id
X-Forwarded-Path
Sslversion
Fastcgi-X-Cache-Version
X-PBS-Appsvrname
X-Amz-Meta-S3cmd-Attrs
X-Vdms-Version
X-Session-Fingerprint
X-Shop-Environment
X-SD-PageType
X-ScT
X-Rojux
X-S
X-S-Cookie
X-LJ-Flow-ID
X-Aed
X-Vdms-Path
X-A-Dgt
V-Age
X-TIM-N
Vix-Hermes-Req-Id
X-V-Cache
X-A-Wwc
X-A-Dcw
X-Slack-Backend
X-SRCache-Key
X-A-Dam
X-VG-WebCache
X-Vtex-Remote-Cache
X-Processor
X-AWS-Id
X-Backend-TTL
X-B-Cookie
X-Vtex-Processado-Em
Xc-Version
X-Application
X-VWS-Id
X-ARC
X-A
X-Edge-Location
X-MP-GENERATED-AT
X-RCS-CacheZone
X-Locale
X-Time-Microsecs
X-Magnolia-Registration
Apple-News-Services-Parsed-Url
Wxu-Next-Hostname
Apple-News-Services-Request-Url
X-Gdpr
CacheControlHeader
Wxu-Next-Commit
Wxu-Next-Region
X-Gen-Mode
X-Geo-Header
X-Webstats-RespID
X-Fastly-Cache
X-Fetched-On
Apple-News-Services-Host
Fastcgi-Cache-TTL
X-Viewer-Country
X-Device-Os
DSUID
Host-ID
Origin
Cmstype
Gh-Request-Id
X-Forwarded-Site
X-VG-TLSProxy
X-Date
Cmsid
X-SVT-ORM-RULES
X-Request-URI
X-Block-Status
X-NodeID
X-Rocket-Nginx-Serving-Static
X-Mvc-Supplant-Cachable
Apple-News-Services-Handled
X-Location
X-Men
X-Nyt-Route
X-Old-Content-Length
X-Core-Mission
X-Proxy-Upstream
X-Policy
State
X-Origin-Time
X-Origin
X-Origin-Expires
X-Cache-Bucket
X-Scheme
Svr
User-Cache-Control
X-Hash
X-GeoIP-Region-Code
X-SVT-ORM-VERSION
AKAMAI
X-Cdn-Srv
X-GeoIP-Country-Code
X-Accel-Expires-Debug
X-Hnp-Log
X-Server-IP
X-Aicache-OS
X-Cache-Info
True-Client-Country-4JS
X-Cache-Date
Environment
CloudFront-Viewer-Country
X-Via-NSCOPI
X-Cache-Id
X-CGP
X-Branch-Name
X-ATG-Version
X-LI-UUID
X-Served-From
X-Sigma
X-Sigma-Backend
X-Skip-Cache
X-Rocket-Build-Number
X-Req
X-Platform
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Region-Sid
X-Sucuri-Cache
X-Sucuri-ID
X-Cdn-Origin
X-Fastly-Backend
X-Restarts
X-Sn-Servicetimems
X-VServer
X-VarnishDD-TTL
X-Thinkindot-L3
X-TrackingId
X-UnsetCookies
X-PHP-Host
X-Owner
X-Envoy-Decorator-Operation
X-Eu-Site
X-Gamma-Serve
X-Generated-On
X-Developers
X-Datadog-Trace-Id
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-GeoIP
X-GeoIP-City
X-Level-Front-Cache
X-Li-Fabric
X-Li-Pop
X-Node-Id
X-Labrador-Cache-Channel
X-Irp-Debug
X-Gzip
X-HN
X-HS-Content-Campaign-Id
X-Core-Value
X-Esi-Check
Mail-Subject
Machine
Locid
Origin-CC
Origin-EX
Server-Host
Release
PFcat
L5d-Success-Class
L
X-Varnish-Ttl
CDCHOST
Arc-Country
Fastly-GeoIP-CountryCode
X-Amzn-RequestId
HA-Ipaddr
Ha-Gx-Prefs
Ssr
AMP-Access-Control-Allow-Source-Origin
Thinkindot-CacheControl
X-Amz-Apigw-Id
Thinkindot-Control
Traceparent
Web-Mar-Region
We-Hiring
TDXMobile
Thinkindot-CacheControl-Type
Accept-Language
X-Variation
Cf-Device-Type
X-Pod-Name
X-Has-Esi
X-FC-Vary-Parameters
Is-Eu
X-Varnish-Beresp-Ttl
X-Zone
X-Varnish-CookieHashed-On
Fastly-Drupal-Html
X-DPWN-IS-SECURE
Adler-Geo
X-Worker
X-TH-Server
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-DefHash
X-Amzn-Remapped-Content-Length
X-Storefront-Renderer-Rendered
X-DefElseHash
X-Varnish-Beresp-Status
X-Loc
X-BBC-Edge-Cache-Status
Req-Svc-Chain
X-Is-Gdpr
X-JWT-State
NM-Fastcgi-Cache
X-Cache-Debug
Memcached
Platform
X-Response-By
X-Qloud-Router
X-Xrds-Location
X-DB
X-DW
X-RPS
X-DSS
X-DI
X-Rebelmouse-Surrogate-Control
X-Cache-Var
Fastly-SIE
X-RSL
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
X-VC-Cache
Fastly-SWR
X-Action
X-RPM
X-Cache-Var-Map
X-Cache-Backend
Magicmarker
X-Backend-State
X-TraceId
X-Ua-Device
X-Srv
X-Wix-Viewer-Type
X-CS
Kp-EeAlive
Edge-Cache
X-Up
X-NC
NGX
X-LB-ID
X-Tx-Id
X-Generated-In
CDN
X-Optimistic-Header
X-API-Version
X-Mvc-Supplant-OutputCached
X-CacheTTL
X-Request-Start
Locale
X-Tb-Optimization-Total-Bytes-Saved
X-Urbn-Site-Id
X-Urbn-Context-Path
X-LB-NoCache
Ms-Author-Via
X-Minions-Version
X-Trace-ID
Memory
X-Bip
Pics-Label
Time
X-Thanos
X-Qnm-Cache
X-M-Reqid
X-Tt-Logid
X-M-Log
Env
X-Via-Popv
X-Via-Popn
X-Edge-Pop
X-Via-Poph
X-Refresh
X-Cache-Config
WebServer
X-TA-CDN-Provider
X-HA-Backend
GeoIp-Country-Code
X-Ec-Fail
X-Ec-GeoHdr
X-User
X-Parent-Response-Time
X-DC
X-CACHE-KEY
X-TX-ID
Server-ID
X-Servedbyhost
Datacenter
Candidate-Md5Url
X-Cs
X-Esi
NtCoent-Length
X-DynaTrace-JS-Agent
X-MSEdge-Flight
X-Dynatrace
Cdncip
Cdnsip
X-AK-Request-ID
X-ZONE
X-MSEdge-Features
X-CLOUD-TRACE-CONTEXT
X-Vc
My-App
On-Server
X-Varnish-Beresp-TTL
Cluster
WWW-Authenticate
X-Datadome
DataCenter
X-CUA
Esi-Enabled
Tracecode
X-WADP-Cache
X-Fmm-Version
X-Clara-WADP
X-Pass-Why
Geoip-Latitude
X-Li-Proto
X-VC
X-Fpc
T-Server
X-VCL-Version
X-Var-Ttl
X-Traceid
X-From
X-App
X-Cache-Ttl
X-B3-Spanid
X-URL
X-FPC
Lfy
Lang
X-LI-Proto
X-Service
X-Fragments
X-Vcl-Version
X-Cache-PHP
X-Unique-ID
C-Via
X-Webkit-Csp-Report-Only
Geo-Info
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
Proxy-Connection
Target-Params
X-Newrelic-Synthetics
X-NODE
X-Webkit-CSP-Report-Only
X-WP-CF-Super-Cache-Cache-Control
Test
X-WP-CF-Super-Cache
X-Provided-By
X-Mcache
X-Render-Time
M-TraceId
X-LiteSpeed-Cache-Control
X-RAMCache
X-Cache-Status-Check
Resin-Trace
Server-Id
MIME-Version
Permissions-Policy
X-CSRF-TOKEN
X-Httpd
X-Proxy-Cache-Info
X-ID
X-ServedByHost
X-Ha-Backend
X-Geo
Servername
WZWS-RAY
Hostname
X-Clientip
X-Api-Version
GeoIP-Country-Code
FSS-Cache
Hit
X-SB
Producers
X-Udemy-Cache-App-Namespace
X-Dynatrace-Js-Agent
X-Cdn-Forward
X-Pad
ENV
X-Pool
X-Edge-POP
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Ec-Custom-Error
Cache-Host
X-Platform-Cluster
HIT
UCS
X-Edge-Cache
X-Fastly-Backend-Reqs
X-Platform-Router
X-NGINX-Cache
X-Platform-Processor
X-LiteSpeed-Tag
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Dispatcher-Number
Section-Io-Id
X-Ucs
X-AIR-PT
Section-Origin-Responded
S-Cnection
Section-Io-Origin-Status
MD5-Digest
X-Scale
X-ElasticPress-Query
Cneonction
Section-Io-Origin-Time-Seconds
PICS-Label
X-Info
X-HS-Status
X-Via-Ucdn
X-SIPLIST1
X-Cache-Expires
X-Acquia-Site
URI
X-Lb-Nocache
Uri
X-Check-Cacheable
X-Cache-CFC
Cf-Ipcountry
X-UP
X-BBC-Origin-Response-Status
ServerName
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-GoCache-CacheStatus
X-Acquia-Application-Trace
IsBot
Ohc-File-Size
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Cms-Context
Sever-Int
Tcn
X-Swift-Error
Server-Ttl
Server-Ext
X-Release
Fastly-Backend-Name
Cteonnt-Length
X-Micro-Cache
X-RateLimit-Reset
X-Nc
Server-Hostname
X-Fastly-Cache-Hits
X-Cdn-Request-ID
User-Agent
X-Snapshot-Date
X-Lb-Id
X-Dw-Trace-Id
X-Akamai-ERRuleID
CF-Cached-On
X-Newrelic-App-Data
Ngx
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Vcache
Vha6-Origin
X-Akamai-ERPolicy
Wpo-Cache-Message
Wpo-Cache-Status
X-B3-ParentSpanId
X-Yottaa-OS
X-Backend-Host
Sid
X-HostName
Load-Balancing
X-Cache-Ngx
X-Air-Pt
X-ServerName
X-IN-APIGATEWAYSSL
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Shopify-Generated-Cart-Token
Shield-Pop
X-APP
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
X-Fetch-By
X-IN-APIGATEWAY
X-B3-Parentspanid
X-BCube-Filmed-By
X-Last-Modified
X-CacheKey
X-Logging-Id
X-Apw-Hits
X-UA
X-Akamai-Pragma-Client-IP
CountryCode
X-Sentry-ID
Req-ID
X-Apw-Access-Token
X-Apw-Access-Object
X-Te-Duration-Ms
X-Varnish-Authentication
X-Akamai-Request-ID
X-Te-Count
X-Http-Duration-Ms
X-Apw-Access-Action
X-Http-Count
EpKe-Alive