Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
Host-Header
X-Amz-Request-Id
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
X-Akamai-Path-Stats
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-CacheTime
X-Server-Powered-By
X-Swift-SaveTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-LiteSpeed-Cache
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
X-Cloud-Trace-Context
Rating
X-Url
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Rack-Cache
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-Server-Name
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-ESI
X-Content-Type
Accept-Ch
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cnection
X-Px
X-Ac
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-Abt-Application-Version
X-Webkit-Csp
X-Client-IP
X-Edge
X-Powered-By-Plesk
X-Cache-TTL
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Ser
X-Litespeed-Cache
X-Version
Service-Worker-Allowed
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
X-Goog-Hash
Access-Control-Request-Method
X-Correlation-Id
X-Ruxit-Js-Agent
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-TTL
X-Edge-Location-Klb
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
X-Ttl
X-Upstream
X-Cached
X-NWS-LOG-UUID
X-RateLimit-Limit
X-LLID
SPRequestGuid
X-Powered-CMS
X-SharePointHealthScore
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Cache-Key
Edge-Cache-Tag
Nginx-Cache
X-Content-Security-Policy-Report-Only
TCN
X-Forwarded-For
X-MSEdge-Ref
Content-MD5
MRF-Tech
Mrf-Cache-Status
X-Id
X-Shield-Request-Id
X-Daa-Tunnel
X-B3-TraceId-Primal
X-T
MS-Author-Via
X-Recruiting
S
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Mg-S
X-Ua-Device
X-DataDome
X-Protected-By
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Content
X-Ab
X-Frontend
X-Grace
X-Ua-Browser
X-ECACHE
Server-Node
Front-End-Https
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Filters
X-Server-ID
X-DynaTrace
X-PressLabs-Stats
X-Mid
Fastcgi-Cache
TP-L2-Cache
TP-Cache
X-Geo-Country
X-Origin-Server
X-Hits
X-Distributor
X-Debug-Info
X-Request-Handler-Origin-Region
X-Microsite
X-ORACLE-DMS-ECID
X-Amzn-Trace-Id
Cross-Origin-Opener-Policy
Charset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Git-Hash
X-ORACLE-DMS-RID
Cleartype
X-Page-Id
Host
X-DIS-Request-ID
X-F-Cache
X-LB-Cache
X-B3-Sampled
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Ratelimit-Reset
X-Www-Served-By
X-Cache-Age
X-Forwarded-Proto
Access-Control-Allow-Method
ServerID
X-Seen-By
Cache-Status
Cache-Tags
X-AppVersion
X-Activity-Id
X-Cluster-Name
X-Az
X-Aspnetmvc-Version
Realpath
Accept-Charset
X-Varnish-Age
X-Language
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Filterid
X-WebKit-CSP-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Rid
X-MCACHE
X-Nginx-Upstream-Cache-Status
X-Type
X-Content-Options
Server-Name
X-App-Environment
Country
X-Upgrade-Enabled
X-Fastly-Request-ID
X-Tb
X-Varnish-Grace
Viewport
Retry-After
Node
X-FB-Debug
X-Mobile-URL
X-User-Agent
X-Signature
X-Whom
X-B-Cache
X-Origin-Cache
X-NWS-UUID-VERIFY
X-Goog-Metageneration
X-Goog-Storage-Class
DC
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Paypal-Debug-Id
X-GUploader-UploadID
X-Flags
X-Drupal-Cache-Tags
X-Aspnet-Duration-Ms
X-Goog-Stored-Content-Length
X-Request-Guid
X-Wix-Request-Id
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-TT
X-Varnish-Backend
Protected
X-VCache
Fastcgi-Useragent
X-XRDS-LOCATION
X-Via-JSL
X-B
X-N
X-Cache-NGX
X-Fastcgi-Cache
X-Debug
X-Amz-Replication-Status
X-Logged-In
Payment
X-Contextid
X-Mcache
X-XRDS-Location
X-Load-Cache
WPO-Cache-Status
WPO-Cache-Message
X-Template
Surrogate-Key
X-Fastly-Request-Id
X-Amz-Meta-S3cmd-Attrs
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-FW-Server
X-FW-Hash
X-FW-Dynamic
Count-Hit
X-FW-Static
X-FW-Serve
X-FW-Type
X-Node-Name
X-Erf-Bev-Bev-Is-Generated
Healthy
X-Browser-Type
X-Erf-Bev-Bev
Permissions-Policy
X-Hostname
X-Response-Served-From
SD-X-WS
X-G
X-Original-Request-Id
X-Revision
X-UUID
X-Mobile
X-Proxy
Refresh
X-Cache-Time
X-Jobs
Content-Disposition
Akamai-GRN
X-Cacheable-TTL
X-Is-Bot
X-Framework
X-Real-IP
Uber-Trace-Id
X-Rendered-As
X-Zen-Fury
X-Akamai-Request-ID2
X-Cache-TTL-Remaining
X-Trace-Id
X-Adobe-Loc
X-Adobe-Content
X-Page-View
X-Http-Reason
Access-Control-Request-Headers
X-Proxy-Cache-Status
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Debug-IsPreview
X-Drupal-Cache-Contexts
X-Instance
NGB
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Alternate-Protocol
X-Device-Type
Url
X-IPLB-Instance
X-Servername
X-ECache
X-Cache-Grace
X-Cache-Rule
X-Source
X-B3-Traceid
Version
X-Varnish-Server
X-Mg-Request-UUID
From-Origin
X-Environment-Context
X-Restarts
X-L-Path
X-Oneagent-Js-Injection
X-Parallel-Accel
X-Vgn-Hpd-Reason
X-NGENIX-Cache
Accept-Language
X-EdgeConnect-Cache-Status
X-Cache-Hit
X-Cache-Expired-At
Countrycode
Ms-Operation-Id
X-RTag
MS-CV
Referer-Policy
X-HTML-Minification-Powered-By
X-App-Server
Frame-Options
X-FW-Version
X-Tumblr-Pixel-0
Cross-Origin-Window-Policy
Backend
Liferay-Portal
X-Tumblr-Pixel
X-NYM-Debug-Backend
X-Tumblr-Pixel-1
X-Tumblr-User
X-IPS-LoggedIn
X-COUNTRY
X-Cache-Action
X-Nginx-Cache
X-ProcessESI
Content-Secure-Policy
X-RemovedCookies
WP-Super-Cache
CF-IPCountry
X-Datadome
Section-Io-Cache
Upgrade-Insecure-Requests
X-Redis-Cache
Cache-Tv-Group
X-RN-RSRV
X-Cache-Server
X-UPSTREAM-Address
Meta-Geo
Azure-SiteName
Azure-InstanceId
Ec-Rule-Version
X-Content-Age
Azure-SlotName
Azure-RegionName
Azure-Version
X-Hosted-By
X-AOL-HN
X-Say-Cacheable
X-UA-Device-Type
X-Ua
X-Request-Time
X-Region
X-APP-VERSION
X-Cache-Type
X-Human
X-Generation-Time
X-SayCDN-TTL
X-Say-TTL
X-Detected-As
X-Section
X-Format
X-FB-TRIP-ID
X-Varnish-Cache-Hits
X-No-Session
X-PCL
X-OCL
X-Web-Node
X-Access
X-Cache-Enabled
X-Akamai-Edgescape
X-Generated-By
X-Sql-Duration-Ms
X-Storage
TWC-GeoIP-Country
X-BYPASS-REASON
Apigw-Requestid
X-Be
X-Content-Powered-By
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
X-Server-W
TWC-Device-Class
X-Sql-Count
Webcakes-Region
X-Origin-Date
X-Origin-Hint
X-PHP-Backend
X-ProxyCache-Key
Mn-Server-Ip
Property-Id
S-Rt
X-Via-Fastly
X-Site-Version
Locale
X-ProxyCache-Status
X-Urbn-Site-Id
TWC-Connection-Speed
X-Uri
X-Cluster-Node
Fastly-SSL
X-Nginx-Cache-Key
X-Urbn-Context-Path
TWC-GeoIP-LatLong
X-Mode
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-CachedAt
CDN-Cache
X-Midtier
X-PERF
CDN-RequestId
CDN-Uid
Eomportal-Instance
X-Adobe-Source
X-Hyper-Cache
X-ApacheServer
X-Cache-Host
X-Forwarded-Host
X-Debug-Cache
X-Cache-Tags
X-Sorting-Hat-ShopId
X-Platform-Server
X-Ratelimit-Remaining
X-ShardId
X-Alternate-Cache-Key
X-Status
X-Xfnlog-Site
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-Unique-Id
X-Tid
X-Zipkin-Id
X-Extlb
X-Backend-Name
X-Varnishpool
Webserver
X-ServerID
X-JoinUs
X-Proxied
X-Hl-Ver
X-NewRelic-App-Data
X-Handled-By
X-Routing-Service
X-SaId
X-PHP-Host
X-Locale
X-Labrador-Cache-Channel
X-GG-Cache-Date
Selected-Fe
X-Rule
X-Timing-Wait
X-TT-LOGID
X-Proxy-Build
X-Cache-Operation
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
ServedBy
X-VC-Cache
X-Edge-Location
X-Cms-Context
X-Storefront-Renderer-Rendered
X-LSADC-Cache
X-Soup
X-Cache-Remote
X-Accel-Buffering
X-App-Version
X-Proto
SID
X-Rewrite-Enabled
X-Cached-By
Web-Mar-Node
X-Dc
SRV
Fastly-Drupal-Html
Mime-Version
X-GEO
X-GeoCountry
X-GeoCode
Onion-Location
Load-Balancing
Xserver
X-CDN-Forward
X-Pubstack
X-Cdn
X-TA-CDN-Provider
X-Varnish-Hostname
X-Reqid
X-Buckets
Country-Code
Cache-Hits
X-Microcachable
X-Request-Host
X-Origin-TTL
X-Origin-CC
X-Ratelimit-Limit
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
LB
X-Cluster
Server-Info
X-Varnish-Hits
Xet-Cookie
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-CSRF-Token
X-SRV
X-Ms-Version
X-Ms-Request-Id
X-Envoy-Decorator-Operation
X-Time
X-Magnolia-Registration
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Air-Source
X-B3-SpanId
X-Air-Hostname
X-Air-Trace-Id
X-NCache
DB-Nickname
X-Bc-Bl
X-RCS-CacheZone
Cache
DynaTrace
X-Tx-Id
X-Endurance-Cache-Level
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Node-Id
X-NAPM-TraceId
X-Core-Mission
X-Ec-Fail
Xc-Version
Host-ID
X-External-Request-Id
X-Conf
X-Esi-Check
X-Orig-Expires
X-Connection-Hash
Rendered-Blocks
Fastly-GeoIP-CountryCode
X-Application
X-Hash
X-Device-Os
BehaviorPad-Version
X-Developer
MD5-Digest
X-Destination
A
Lang
X-Ftr-Request-Id
Cmsid
Cmstype
X-From
Cdnsip
Cdncip
DCR-Decision-By
Meta-Geo-Continent
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Fetched-On
X-D
Expiry
Pramga
Odigeo-Trace-Id
NM-Fastcgi-Cache
Mobile-Detection-Method
X-Geo-Header
DCR-Processing-Time-Ms
X-Gzip
X-Forwarded-Path
Fastcgi-X-Cache-Version
X-Webstats-RespID
X-Shop-Environment
X-Session-Fingerprint
X-A
X-Sigma
X-VG-WebCache
X-A-Ccd
X-Sigma-Backend
X-SD-PageType
X-ScT
X-Cache-Bucket
X-Cache-Id
X-Rocket-Build-Number
X-Rojux
X-S-Cookie
X-Origin-Response-Time
X-A-Dam
X-A-Dcw
X-User
X-Vdms-Version
X-B-Cookie
X-Vdms-Path
X-ARC
X-AK-Request-ID
X-Aed
X-TrackingId
X-TIM-N
X-A-Wwc
X-A-Dgt
X-SRCache-Key
X-SVT-ORM-RULES
X-Tenant
X-SVT-ORM-VERSION
X-Cache-Info
X-S
T-Server
X-Cdn-Srv
X-Varnish-Beresp-Grace
X-Processor
Surrogated-Key
Sslversion
X-Ec-Custom-Error
X-CF-Lambda-Fn
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
X-Cache-NE
X-CF-Lambda-Version
X-PBS-Appsvrname
X-Varnish-Ttl
X-ZONE
X-R9-Blue-Green-Version
Cache-Name
Source
X-Dispatcher-Number
X-CacheTTL
TDXMobile
L
X-BBC-Edge-Cache-Status
X-Clara-WADP
X-Ckpd-Fst-Backend
Server-Host
X-Amzn-Remapped-Content-Length
Is-Eu
X-DPWN-IS-SECURE
Ssr
X-Block-Status
Kp-EeAlive
State
Mail-Subject
X-DefElseHash
Web-Mar-Region
Platform
Thinkindot-Control
Wxu-Next-Commit
We-Hiring
Origin-EX
Traceparent
Origin
User-Cache-Control
X-Cache-Date
X-DefHash
Wxu-Next-Hostname
Memcached
Release
Req-Svc-Chain
Origin-CC
Machine
Thinkindot-CacheControl
X-Core-Value
Producers
Wxu-Next-Region
Thinkindot-CacheControl-Type
X-Cache-Backend
X-Developers
X-Loc
X-Nyt-Route
X-NodeID
X-Origin
X-Origin-Expires
X-Skip-Cache
X-Mvc-Supplant-Cachable
X-Slack-Backend
X-VServer
X-JWT-State
X-VG-TLSProxy
X-Location
X-Loop
X-Origin-Time
X-Worker
X-Scheme
X-Served-From
X-Pool
X-SB
X-Rocket-Nginx-Serving-Static
X-Server-IP
X-WADP-Cache
X-Planisys-CDN-Cache
X-Wix-Viewer-Type
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Thinkindot-L3
X-LAGOON
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Is-Gdpr
X-Gdpr
X-Varnish-CookieINHashed-On
Environment
X-Fastly-Cache
X-Fmm-Version
X-Varnish-Remaining-TTL
CloudFront-Viewer-Country
Adler-Geo
AKAMAI
X-Azure-Ref
X-Gen-Mode
X-TNCMS
X-Irp-Debug
X-V-Cache
X-Hnp-Log
X-Has-Esi
X-GeoIP
X-Varnish-CookieHashed-On
X-Variation
X-Request-URI
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Branch-Name
X-SIPLIST1
X-Via-NSCOPI
X-Sn-Servicetimems
X-Auto-Login
X-Viewer-Country
X-CGP
X-Httpd
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Level-Front-Cache
X-HN
X-Datadog-Trace-Id
X-Forwarded-Site
X-Gamma-Serve
X-Generated-On
X-GeoIP-City
X-VarnishDD-TTL
X-Minions-Version
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Policy
X-Pod-Name
X-Via-Ucdn
X-Eu-Site
X-Platform
X-Cdn-Origin
X-Rebelmouse-Cache-Control
X-Aicache-OS
N-Cache
Locid
L5d-Success-Class
IsBot
NGX
PFcat
Server-Hostname
Server-Ext
Redirect-Candidate
HA-Ipaddr
Ha-Gx-Prefs
Cluster
CDCHOST
HostName
CDN
DSUID
X-IPLB-Request-ID
Gh-Request-Id
Fastly-SIE
Fastcgi-Cache-TTL
Sever-Int
Fastly-SWR
Vix-Hermes-Req-Id
Svr
V-Age
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Ohc-File-Size
X-WP-CF-Super-Cache
X-Men
X-WP-CF-Super-Cache-Cache-Control
Arc-Country
X-Scale
X-Optimistic-Header
X-Response-By
X-NC
X-EC-Lua
Pics-Label
X-Refresh
X-Srv
X-CS
X-Parent-Response-Time
X-Newrelic-Synthetics
X-Old-Content-Length
X-VC
X-Owner
X-Udemy-Cache-App-Namespace
X-LB-NoCache
X-TraceId
X-Tt-Logid
X-RSL
X-RPS
X-Ah-Environment
X-Tb-Optimization-Total-Bytes-Saved
X-RPM
Servername
Datacenter
X-DI
X-DSS
X-BCube-Filmed-By
Cache-Key
X-Wikidot-Backend
Env
X-Wikidot-Static-Cache
X-DB
X-DW
Candidate-Md5Url
X-Ad-Defer-Variation
Ms-Author-Via
AMP-Access-Control-Allow-Source-Origin
VNS-Cache
X-Mvc-Supplant-OutputCached
Time
VNS-Age
X-Contensis-Viewer-Groups
X-RateLimit-Reset
X-Date
Memory
CPC-Age
XM
CPC-Cache
X-Webkit-Csp-Report-Only
X-Cache-ASPX
X-Accel-Expires-Debug
GEO-INFO
X-SplitTest
X-Akamai-Transformed
X-WA-Info
X-Amz-Meta-Cb-Modifiedtime
X-GeoIP-Region-Code
Fastly-Backend-Name
X-Edge-Pop
X-Cache-Status-Check
X-Generated-In
X-Varnish-Authentication
X-GeoIP-Country-Code
X-Xrds-Location
X-Webkit-CSP
X-API-Version
X-TIME
X-Via-Poph
X-Cache-Debug
X-Servedbyhost
Path
X-Via-Popn
X-Via-Popv
X-Micro-Cache
X-AIR-PT
X-S-Maxage
ITXSESSIONID
Lb
X-CACHE-KEY
X-Trace-ID
X-HA-Backend
GeoIp-Country-Code
Fusion-Template-Id
X-DC
Geo-Info
Fusion-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Ohc-Cache-HIT
Client
X-VCL-Version
Cache-Host
CacheControlHeader
Geoip-Latitude
True-Client-Country-4JS
Server-ID
FSS-Cache
X-Vc
X-TH-Server
X-Action
Ngx.Var.Host
X-VHOST
X-Cs
X-Varnish-Beresp-TTL
X-Backend-TTL
True-Client-IP
XkeyRZ
X-Proxy-CacheRZ
X-Clientip
Hostname
X-Presslabs-Stats
X-Api-Version
X-FireWall-Port
Edge-Cache
X-Fpc
X-Req
My-App
Powered-By
X-Provided-By
X-TX-ID
X-Zone
X-PX
X-B3-Spanid
X-Pass-Why
X-Traceid
X-Origin-Upstream-Status
NtCoent-Length
X-MSEdge-Flight
X-FPC
X-Varnish-Beresp-Ttl
X-MSEdge-Features
X-Up
X-Dmc
Test
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-INCAP-ABP
X-LB-ID
X-Render-Time
X-CSRF-TOKEN
X-HS-Status
X-Cdn-Request-ID
X-Correlation-ID
DataCenter
Rip
C-Via
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Record
X-Beluga-Cache-Status
Server-Id
X-Webkit-CSP-Report-Only
User-Agent
Tube-Got-Results
X-Vcl-Version
Tube-Return
X-Gateway-Cache-Key
OT-Force-Account-Verify
Srvid
X-Service
Click-Count-Error
Click-Count-Action-Start
X-Li-Fabric
X-Li-Pop
Tube-Got-Eval
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-UnsetCookies
Proxy-Connection
X-LI-UUID
Tube-Get-Contents
X-M-Reqid
WZWS-RAY
X-ND-Cache
X-Time-Microsecs
X-Via-PopV
X-Qnm-Cache
X-M-Log
Uri
X-RAMCache
Esi-Enabled
X-Alfa-Service
GeoIP-Latitude
GeoIP-Country-Code
X-Via-PopN
X-Ha-Backend
X-Via-PopH
X-URL
X-DynaTrace-JS-Agent
X-Dynatrace
On-Server
X-CUA
HIT
X-ServedByHost
Resin-Trace
Sid
X-Akamai-Pragma-Client-IP
MIME-Version
X-Check-Cacheable
Target-Params
Epwk-X-Cache
X-Hcs-Proxy-Type
X-ATG-Version
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Proxy-Cache-Hk
Tracecode
Cf-Device-Type
X-Fragments
X-Geo
Srv
X-Fetch-By
X-Platform-Router
X-LI-Proto
X-Platform-Processor
X-Platform-Cluster
Fastly-Drupal-HTML
X-Cdn-Forward
Cdn
X-TRACE-ID
X-Var-Ttl
X-APP
X-Sucuri-Cache
X-Sucuri-ID
X-Edge-POP
X-Fastly-Backend
X-Fastly-Backend-Reqs
X-FC-Vary-Parameters
Lfy
X-Backend-Host
Tcn
X-Azure-Ref-OriginShield
X-Esi
ServerName
X-B3-Traceid-Primal
Section-Io-Origin-Status
X-Cache-Expires
Section-Io-Origin-Time-Seconds
X-Lb-Nocache
X-Varnish-Beresp-Status
ENV
Section-Io-Id
X-App
Section-Origin-Responded
XServer
X-MG-S
X-LiteSpeed-Cache-Control
X-Srcache-Store-Status
X-Srcache-Fetch-Status
PICS-Label
X-ElasticPress-Query
Magicmarker
CF-Cached-On
X-Yottaa-OS
X-Newrelic-App-Data
X-Li-Proto
X-NU-AKA-ACS-Version
X-Backend-State
Inserted-Into-Cache-At
Cf-Ipcountry
Wpo-Cache-Status
X-HostName
WebServer
X-Iplb-Instance
X-Iplb-Request-Id
Wpo-Cache-Message
X-Dw-Trace-Id
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
M-TraceId
X-Serial
X-Acquia-Site
X-Nc
X-Vcache
X-CF-Powered-By
D-Url-Rewrites
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Server-Ttl
X-Acquia-Purge-Tags
Warning
Servedby
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache-Cache-Control
X-Request-Start
X-B3-Parentspanid
Hit
True-Client-Ip
X-BBC-Origin-Response-Status
X-Th-Server
X-Vercel-Cache
X-Vercel-Id
Content-Style-Type
X-Storefront-Renderer-Verified
Cneonction
CountryCode
Ngx
X-Snapshot-Date
X-Request-URL
Content-Script-Type
X-Litespeed-Cache-Control
X-Cache-CFC
X-IN-APIGATEWAY
Fastcgi-Cache-Ttl
X-Request-Url
X-Release
X-Back
X-Dist-Code
X-IN-APIGATEWAYSSL