Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-Request-ID
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-LiteSpeed-Cache
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Host
X-Server-Id
X-Backend-Server
Cf-Railgun
X-Node
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
Accept-Ch-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Application-Context
Content-Location
Rating
X-Ua-Compatible
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Language
X-Cloud-Trace-Context
X-Url
X-Ac
X-Content-Type
X-Trace
X-Template
Allow
X-Vname
X-PC
X-TtlSet
X-Varnish-TTL
Accept-CH-Lifetime
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-ESI
Cache-Tag
Fastly-Restarts
X-Server-Name
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-Buckets
X-GitHub-Request-Id
X-Upstream
Accept-Ch
X-Amz-Rid
X-Vcap-Request-Id
MS-Author-Via
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Origin-Cache
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Cnection
X-Px
X-Powered-By-Plesk
X-Aws-Lambda-Call-Status
Access-Control-Request-Method
X-Country-Code
X-NF-Request-ID
X-Navigation-Version
X-Goog-Hash
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
RTSS
X-Version
X-ORACLE-DMS-ECID
X-Powered-CMS
X-ORACLE-DMS-RID
X-Amz-Server-Side-Encryption
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Kinja-Server
X-Use-Magma
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Middleton-Response
Response
X-MSEdge-Ref
X-LLID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
AR-Request-ID
AR-SID
AR-CACHE
AR-ATIME
AR-PoweredBy
X-RateLimit-Remaining
X-TTL
Nginx-Cache
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Shield-Request-Id
X-HP-Trace-Id
X-HP-Webp
S
X-Jurisdiction
X-Protected-By
X-T
X-Forwarded-For
Content-MD5
TCN
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Id
X-CST
Realpath
X-Mid
Fastcgi-Cache
X-Mg-S
X-MCACHE
Edge-Cache-Tag
SPRequestDuration
SPIisLatency
Front-End-Https
X-Recruiting
X-Parallel-Accel
X-Request-Received
X-Request-Processing-Time
Filters
X-Pinterest-Rid
Pinterest-Generated-By
Server-Node
Pinterest-Version
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
X-Ua-Browser
X-Content
X-Ab
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace
X-Correlation-Id
X-Ezoic-Cdn
Server-Name
X-ECACHE
X-Ttl
X-NWS-LOG-UUID
X-Frontend
Alternate-Protocol
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Cache-Key
X-Yandex-Sdch-Disable
X-Hits
X-Server-ID
X-Accel-Expires
X-Content-Options
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Tt-Trace-Host
X-Ruxit-Js-Agent
Cache-Tags
X-Page-Id
Host
Charset
X-Git-Hash
X-Ser
X-Kong-Upstream-Latency
X-Www-Served-By
X-Kong-Proxy-Latency
X-B3-Sampled
Cleartype
X-Amz-Replication-Status
X-Content-Digest
X-Daa-Tunnel
X-Geo-Country
TP-Cache
X-Amzn-Trace-Id
TP-L2-Cache
X-Forwarded-Proto
X-VCache
X-DIS-Request-ID
X-Varnish-Age
Filterid
X-Az
X-Hostname
X-Activity-Id
X-AppVersion
X-Fastly-Request-Id
X-Debug-Info
X-N
X-Rid
X-Upgrade-Enabled
X-Origin-Server
Access-Control-Allow-Method
X-FB-Debug
X-Grace
X-LB-Cache
X-Nginx-Upstream-Cache-Status
X-XRDS-LOCATION
X-Origin-Upstream-Status
X-Microsite
X-Request-Handler-Origin-Region
X-Mobile-URL
X-Route-Name
X-Aspnet-Duration-Ms
X-Request-Guid
X-Is-Crawler
X-Providence-Cookie
Cross-Origin-Opener-Policy
X-Flags
ServerID
X-Whom
X-NGENIX-Cache
X-TT
X-F-Cache
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Varnish-Grace
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-App-Server
X-App-Environment
X-Tb
X-FW-Dynamic
X-WebKit-CSP-Report-Only
X-FW-Serve
X-FW-Type
X-FW-Hash
X-FW-Static
Payment
X-FW-Server
Viewport
X-Distributor
Node
Paypal-Debug-Id
DC
X-Cache-Control
X-Seen-By
X-Type
X-Logged-In
Fastcgi-Useragent
X-User-Agent
X-Litespeed-Cache
Country
X-PressLabs-Stats
X-Cache-Age
Accept-Charset
X-Webkit-CSP
X-Fastly-Request-ID
X-Cache-Rule
X-Wix-Request-Id
X-Varnish-Backend
Version
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-DataDome
X-Browser-Type
X-Load-Cache
Amp-Access-Control-Allow-Source-Origin
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Node-Name
X-Ratelimit-Limit
Refresh
X-Cache-Action
X-IPLB-Instance
Referer-Policy
X-Via-JSL
X-Original-Request-Id
Cache-Status
X-Response-Served-From
X-Drupal-Cache-Tags
SD-X-WS
Access-Control-Request-Headers
X-Jobs
X-Real-IP
X-Page-View
X-Cacheable-TTL
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
X-Revision
X-UUID
X-Rendered-As
X-RemovedCookies
VIX-Pulpo-Node
X-B
VIX-Pulpo-Upstream-Status
X-Mobile
X-Cache-Expired-At
X-Cluster-Name
X-Is-Bot
X-Debug
X-ProcessESI
X-Contextid
X-Fastcgi-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rule
X-B-Cache
X-Proxy
X-Device-Type
X-Signature
DynaTrace
X-Framework
X-G
X-Cache-Time
NGB
X-Tec-Api-Root
X-Tec-Api-Origin
X-Debug-IsConnected
Akamai-GRN
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Surrogate-Key
X-Debug-IsPreview
X-TEC-API-ROOT
X-Instance
X-Tec-Api-Version
X-Drupal-Cache-Contexts
X-FW-Version
Liferay-Portal
CF-IPCountry
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
SID
X-Azure-Ref
Healthy
X-Source
X-Ms-Version
X-Ms-Request-Id
X-Nginx-Cache
Frame-Options
X-Oneagent-Js-Injection
X-CDN-Forward
X-RTag
MS-CV
Ms-Operation-Id
X-Cache-Hit
Countrycode
Count-Hit
X-Environment-Context
X-L-Path
X-XRDS-Location
X-Varnish-Server
X-RateLimit-Limit
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Cache-Operation
X-Tumblr-Pixel-0
Xserver
GEO-INFO
Uber-Trace-Id
X-Region
Section-Io-Cache
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-Accel-Buffering
X-Servername
X-Forwarded-Host
X-Content-Powered-By
X-Backend-Name
X-Mode
X-IPS-LoggedIn
Cross-Origin-Window-Policy
Backend
Ec-Rule-Version
X-Zen-Fury
X-JoinUs
X-RN-RSRV
X-SaId
X-Detected-As
Meta-Geo
X-UPSTREAM-Address
X-Redis-Cache
X-Sorting-Hat-ShopId
X-Sql-Count
X-Sql-Duration-Ms
X-Hosted-By
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-ShardId
X-Debug-Cache
X-Adobe-Loc
X-Alternate-Cache-Key
X-Varnish-Beresp-Grace
X-Generation-Time
X-Cache-Type
X-Human
Eomportal-Instance
X-Cache-Server
X-Tid
X-Cache-Grace
X-Uri
X-Adobe-Content
Cache-Tv-Group
Cache-Name
X-ProxyCache-Key
Apigw-Requestid
X-Cache-NGX
X-Origin-Date
X-UA-Device-Type
Mn-Server-Ip
X-FB-TRIP-ID
Decoy-Debug-TTL
X-No-Session
X-NCache
Country-Code
X-Via-Fastly
DB-Nickname
Url
X-ProxyCache-Status
Decoy-Debug-Key
X-ServerID
X-Cache-TTL-Remaining
X-BYPASS-REASON
X-Microcachable
Decoy-Debug-Status
X-PHP-Backend
X-Site-Version
Protected
TWC-Device-Class
TWC-Connection-Speed
X-Akamai-Edgescape
X-Rewrite-Enabled
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
Property-Id
X-Format
X-Proxy-Build
X-PCL
TWC-Privacy
X-Ratelimit-Reset
X-Web-Node
X-Origin-Hint
X-OCL
X-Status
X-Storage
X-Timing-Wait
TWC-GeoIP-Country
Webcakes-Region
Fastly-SSL
Selected-Fe
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
TWC-Locale-Group
OT-Force-Account-Verify
X-Server-W
X-Varnishpool
X-Cache-Host
X-Routing-Service
X-Proxied
X-R9-Blue-Green-Version
X-NYM-Debug-Backend
X-Zipkin-Id
X-Hl-Ver
X-PERF
X-Access
X-Soup
X-Extlb
X-ApacheServer
X-Section
X-LSADC-Cache
X-Azure-Ref-OriginShield
X-Cluster-Node
X-Pubstack
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Be
Azure-SiteName
Source
X-Webkit-Csp
X-App-Version
X-Content-Age
X-Time
X-Ua
X-Presslabs-Stats
Content-Secure-Policy
SRV
CDN-RequestId
CDN-EdgeStorageId
X-Cached-By
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
Content-Disposition
CDN-Cache
Cache
X-Generated-By
X-HTML-Minification-Powered-By
X-TT-LOGID
X-Hyper-Cache
X-LAGOON
X-Amz-Meta-S3cmd-Attrs
X-Cache-Var-Map
X-Cache-Var
X-NewRelic-App-Data
X-Unique-Id
X-Varnish-Hits
X-TNCMS
X-Loop
X-Bc-Bl
X-Varnish-Hostname
X-Nginx-Cache-Key
X-S-Maxage
X-SRV
Onion-Location
X-Auto-Login
X-Dc
X-Trace-Id
X-Origin-CC
LB
Webserver
X-Origin-TTL
X-GEO
Cache-Hits
Retry-After
Xet-Cookie
X-Cdn
X-Proto
Mime-Version
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Web-Mar-Node
X-Akamai-Transformed
X-Time-Microsecs
X-Endurance-Cache-Level
X-Tenant
X-CSRF-Token
X-Platform-Server
HostName
WPO-Cache-Message
WPO-Cache-Status
X-Edge-Location
X-GG-Cache-Date
X-LJ-Flow-ID
X-Qnm-Cache
X-M-Log
X-VWS-Id
X-AWS-Id
X-M-Reqid
CloudFront-Viewer-Country
X-B3-SpanId
X-Xfnlog-Site
X-Cache-Remote
X-Mg-Request-UUID
X-ECache
X-Xrds-Location
N-Cache
X-Cache-Tags
Upgrade-Insecure-Requests
X-TIME
X-Varnish-Cache-Hits
X-Amzn-RequestId
X-Amz-Apigw-Id
X-PHP-Host
X-Labrador-Cache-Channel
ServedBy
X-Request-Time
X-Correlation-ID
X-AOL-HN
X-RCS-CacheZone
Nel
X-Origin-Response-Time
X-Via-NSCOPI
X-Handled-By
X-Locale
X-CF-Lambda-Fn
X-Rojux
X-Ftr-Request-Id
X-Processor
X-A-Dam
X-External-Request-Id
X-Application
X-A-Ccd
X-Request-Host
X-Cache-NE
X-ARC
X-Forwarded-Path
X-A-Dcw
DCR-Decision-By
DCR-Processing-Time-Ms
X-NAPM-TraceId
X-ND-Cache
X-Hnp-Log
X-Ig-Push-State
BehaviorPad-Version
X-A-Wwc
X-A-Dgt
A
DSUID
X-S
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Gen-Mode
X-Aed
Expiry
X-CF-Lambda-Version
Fastcgi-X-Cache-Version
X-Orig-Expires
X-Planisys-CDN-TTL
Mobile-Detection-Method
Rendered-Blocks
Redirect-Candidate
X-Cache-Date
X-Vdms-Path
X-D
X-S-Cookie
Pramga
X-Developer
X-Storefront-Renderer-Rendered
X-TIM-N
X-Destination
X-Vdms-Version
X-VG-WebCache
X-Connection-Hash
X-Conf
X-Cluster
X-Ckpd-Fst-Backend
Xc-Version
X-Block-Status
Surrogated-Key
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
User-Cache-Control
X-B-Cookie
X-V-Cache
X-SRCache-Key
X-Shop-Environment
X-Slack-Backend
X-Session-Fingerprint
Origin
X-A
Odigeo-Trace-Id
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Meta-Geo-Continent
X-ScT
X-SD-PageType
X-MP-GENERATED-AT
X-VC-Cache
X-Core-Mission
V-Age
X-Epic-Correlation-Id
CDCHOST
CacheControlHeader
Arc-Country
X-Hash
Cmstype
Cmsid
Vix-Hermes-Req-Id
X-Fastly-Cache
Origin-CC
Gh-Request-Id
X-Geo-Header
Host-ID
Origin-EX
X-Gdpr
X-Forwarded-Site
Release
X-Fetched-On
X-Device-Os
State
Wxu-Next-Region
Fastcgi-Cache-TTL
Wxu-Next-Commit
L
Wxu-Next-Hostname
Traceparent
X-Nyt-Route
X-CACHE-KEY
X-Rocket-Nginx-Serving-Static
X-Served-From
X-Server-IP
X-Cache-Info
X-Policy
X-Origin-Expires
X-Origin-Time
X-Owner
X-Skip-Cache
X-Sucuri-Cache
X-Adobe-Source
X-Webstats-RespID
X-ATG-Version
Server-Info
X-VServer
X-Sucuri-ID
X-Varnish-Beresp-Status
X-Reqid
X-Old-Content-Length
X-Scheme
X-Men
AKAMAI
X-Mvc-Supplant-Cachable
X-Cache-Bucket
X-Location
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-FireWall-Port
Environment
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Server-Host
X-VarnishDD-TTL
X-BBC-Edge-Cache-Status
X-Cache-Debug
Req-Svc-Chain
X-Cache-Config
X-VG-TLSProxy
X-Date
TDXMobile
Apple-News-Services-Parsed-Url
X-Level-Front-Cache
Apple-News-Services-Host
X-Aicache-OS
X-Magnolia-Registration
X-Branch-Name
Sslversion
Apple-News-Services-Handled
X-Core-Value
Thinkindot-CacheControl
X-Cache-Id
Svr
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
X-Irp-Debug
X-Bip
X-Thanos
X-Gamma-Serve
X-Platform
X-Node-Id
X-Proxy-Upstream
X-Cdn-Srv
X-Region-Sid
X-Cdn-Origin
X-NodeID
From-Origin
X-GeoIP-City
X-Accel-Expires-Debug
X-GeoIP
Fastly-GeoIP-CountryCode
X-Generated-On
X-Gzip
Locid
Machine
X-Sigma-Backend
X-Sigma
X-Sn-Servicetimems
X-Developers
X-Thinkindot-L3
PFcat
X-HS-Content-Campaign-Id
X-Esi-Check
X-Fastly-Backend
X-Request-Start
X-TrackingId
X-Rocket-Build-Number
Apple-News-Services-Request-Url
X-HN
X-EC-Lua
X-Loc
X-TH-Server
X-UnsetCookies
X-Response-By
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Req
X-Variation
X-Varnish-CookieHashed-On
X-Worker
Ssr
X-Viewer-Country
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Envoy-Decorator-Operation
X-Eu-Site
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-FC-Vary-Parameters
X-Has-Esi
X-Origin
X-Pod-Name
X-NU-AKA-ACS-Version
X-JWT-State
X-Is-Gdpr
X-CGP
X-Csrf-Jwt
Fastly-SWR
Ha-Gx-Prefs
We-Hiring
Fastly-SIE
Web-Mar-Region
HA-Ipaddr
Is-Eu
NGX
NM-Fastcgi-Cache
Memcached
Mail-Subject
L5d-Success-Class
Platform
Datacenter
Fastly-Drupal-Html
Cf-Device-Type
X-Backend-State
X-Zone
X-CS
Candidate-Md5Url
X-Amzn-Remapped-Content-Length
Adler-Geo
X-Tx-Id
AMP-Access-Control-Allow-Source-Origin
X-Ua-Device
X-Varnish-Beresp-Ttl
WP-Super-Cache
X-RateLimit-Remaining-Second
X-CLOUD-TRACE-CONTEXT
X-Mvc-Supplant-OutputCached
X-RateLimit-Limit-Second
On-Server
Pics-Label
X-Up
WWW-Authenticate
X-API-Version
X-LB-ID
X-Ratelimit-Remaining
CDN
X-Trace-ID
X-NC
Esi-Enabled
X-Vc
X-NWS-UUID-VERIFY
Ms-Author-Via
X-Cache-Enabled
X-Generated-In
X-Backend-TTL
X-Datadome
X-GeoIP-Region-Code
NtCoent-Length
X-Refresh
X-GeoIP-Country-Code
X-LB-NoCache
Memory
X-DynaTrace-JS-Agent
Time
Magicmarker
X-Service
C-Via
X-Via-Poph
X-DC
X-Via-Popn
X-Edge-Pop
X-Via-Popv
X-TA-CDN-Provider
X-Dynatrace
X-Tb-Optimization-Total-Bytes-Saved
Env
X-Cache-PHP
X-Parent-Response-Time
X-TraceId
X-Restarts
X-CacheTTL
X-Tt-Logid
GeoIp-Country-Code
X-Optimistic-Header
Kp-EeAlive
X-Srv
S-Rt
X-Esi
X-Servedbyhost
X-Cache-Status-Check
X-Render-Time
X-Wix-Viewer-Type
X-MSEdge-Features
X-RSL
Edge-Cache
X-MSEdge-Flight
X-Varnish-Beresp-TTL
X-DW
X-DI
X-RPS
X-RPM
WebServer
X-DSS
X-DB
X-Action
X-ZONE
X-Unique-ID
Server-ID
X-Cache-Backend
X-Info
X-TX-ID
X-Cs
X-AIR-PT
X-Minions-Version
X-Webkit-CSP-Report-Only
X-VCL-Version
X-Akamai-Request-ID2
X-Http-Reason
Proxy-Connection
X-Clientip
X-LI-Proto
X-Fpc
X-App
X-HA-Backend
X-Newrelic-Synthetics
X-Cache-Ttl
X-Traceid
X-URL
Test
X-Webkit-Csp-Report-Only
UCS
X-Oss-Server-Time
X-Li-Proto
X-Varnish-Ttl
Cache-Host
HIT
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Accept-Language
X-FPC
S-Cnection
X-NODE
X-LiteSpeed-Cache-Control
Geo-Info
X-Vcl-Version
X-Ec-Fail
Server-Id
X-User
Tcn
X-Ec-GeoHdr
Section-Io-Origin-Status
X-Urbn-Site-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Locale
X-B3-Spanid
Lb
Section-Io-Id
X-Urbn-Context-Path
Fastly-Backend-Name
X-Pass-Why
X-Micro-Cache
User-Agent
X-HostName
X-Backend-Host
Cf-Int-Pingora-Origin-Digest
X-Pad
X-LiteSpeed-Tag
Fastly-Drupal-HTML
X-CSRF-TOKEN
Cdnsip
Resin-Trace
X-BBC-Origin-Response-Status
X-APP
GeoIP-Country-Code
X-AK-Request-ID
M-TraceId
Cdncip
X-Ha-Backend
X-BCube-Filmed-By
X-ID
X-Release
Hostname
X-Fmm-Version
My-App
Hit
X-Check-Cacheable
X-Clara-WADP
X-WADP-Cache
Ohc-File-Size
X-ServedByHost
X-Dynatrace-Js-Agent
X-Geo
X-ES-SERVER
Cache-Key
Tracecode
VNS-Cache
CPC-Age
X-ElasticPress-Query
X-Amz-Meta-Cb-Modifiedtime
X-Edge-POP
X-RateLimit-Reset
X-Via-PopN
X-Var-Ttl
MIME-Version
X-CUA
VNS-Age
EpKe-Alive
X-Via-PopV
Path
X-WA-Info
X-WA
X-Via-PopH
Cluster
Geoip-Latitude
ENV
CPC-Cache
Load-Balancing
X-HS-Status
T-Server
Lfy
X-Edge-Cache
X-Api-Version
X-From
X-NGINX-Cache
Srv
X-Akamai-Pragma-Client-IP
Shield-Pop
X-Cms-Context
Pagetype
X-PJAX-URL
X-Wikidot-Static-Cache
X-Wikidot-Backend
URI
X-RAMCache
X-Ucs
X-Cdn-Forward
Servername
X-Fragments
Lang
X-ServerName
X-Newrelic-App-Data
X-Mcache
X-Fastly-Backend-Reqs
X-GoCache-CacheStatus
X-Via-Ucdn
X-Nc
X-CCDN-CacheTTL
Target-Params
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-UP
X-CCDN-Origin-Time
X-Fastly-Cache-Hits
X-Hcs-Proxy-Type
MD5-Digest
X-MG-S
X-Dw-Trace-Id
X-TRACE-ID
Server-Ext
IsBot
Server-Hostname
X-Lb-Id
X-B3-ParentSpanId
Uri
WZWS-RAY
Cneonction
Ohc-Cache-HIT
X-VG-WebServer
Sever-Int
X-VC
Cdn
X-SIPLIST1
X-Cdn-Request-ID
DataCenter
CF-Cached-On
Cf-Ipcountry
W
X-Apw-Access-Action
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Snapshot-Date
Cteonnt-Length
X-Acquia-Site
X-Cache-Expires
X-Acquia-Purge-Tags
X-Swift-Error
X-Apw-Hits
Vha6-Origin
PICS-Label
X-Yottaa-OS
X-Apw-Access-Token
X-Apw-Access-Object
X-Cache-Ngx
X-Air-Pt
Sid
X-Te-Duration-Ms
FSS-Cache
GeoIP-Latitude
Permissions-Policy
X-Te-Count
X-Http-Duration-Ms
X-Http-Count
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Last-Modified
Server-Ttl
X-Akamai-Request-ID
Dnion-Transfer-Encoding
HitType
X-Platform-Processor
CountryCode
X-Platform-Cluster
Req-ID
X-Logging-Id
X-B3-Parentspanid
X-Miniprofiler-Ids
Ngx
X-UA
X-Provided-By
X-Lb-Nocache
X-Sentry-ID
X-CacheKey
X-Platform-Router
X-Varnish-Authentication