Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
Report-To
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
NEL
P3p
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-UA-Device
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Server
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
EagleEye-TraceId
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
X-Pingback
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dispatcher
X-Device
Accept-CH
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Accept-CH-Lifetime
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-B3-TraceId
X-Cloud-Trace-Context
X-Country
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Trace
X-Url
Allow
Accept-Ch-Lifetime
X-Aws-Lambda-Call-Status
X-Vname
X-TtlSet
X-PC
X-Content-Type
X-Ac
X-Clacks-Overhead
Edge-Control
X-Server-Name
X-Varnish-TTL
Fastly-Restarts
X-ESI
X-Mod-Pagespeed
Cache-Tag
X-Rack-Cache
X-VARITI-CCR
Service-Worker-Allowed
X-FastCGI-Cache
Verso
X-Element-Page-Cache
MS-Author-Via
X-Vcap-Request-Id
X-Amz-Rid
X-Upstream
X-MS-InvokeApp
Public-Key-Pins
X-GitHub-Request-Id
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Client-IP
X-Cached
RTSS
X-Cnection
X-D2id
X-Cache-TTL
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Px
X-Navigation-Version
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Country-Code
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-TTL
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-CST
X-Middleton-Display
Display
X-Sol
Pagespeed
AR-Request-ID
AR-SID
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Version
X-Powered-CMS
X-Middleton-Response
Response
X-Origin-Cache
X-RateLimit-Remaining
X-MSEdge-Ref
X-LLID
Nginx-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
TCN
X-Amz-Server-Side-Encryption
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Edge
X-Protected-By
X-T
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-For
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Mg-S
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Id
X-Language
Edge-Cache-Tag
S
SPIisLatency
X-Ruxit-Js-Agent
Content-MD5
SPRequestDuration
Front-End-Https
Fastcgi-Cache
X-Mid
Realpath
X-Request-Processing-Time
Pinterest-Generated-By
Server-Node
Pinterest-Version
X-Pinterest-Rid
X-Request-Received
X-Frontend
Filters
X-Cache-Key
X-Recruiting
X-NWS-LOG-UUID
Server-Name
X-Ser
X-Content
X-Ua-Browser
X-Ab
X-Correlation-Id
X-Template
X-Yandex-Sdch-Disable
X-HS-Content-Id
X-HS-Hub-Id
X-MCACHE
X-HS-Cache-Config
X-HS-Combine-CSS
X-DynaTrace
X-Ezoic-Cdn
X-SharePointHealthScore
SPRequestGuid
X-Hits
X-Parallel-Accel
X-ECACHE
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ttl
MicrosoftSharePointTeamServices
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Daa-Tunnel
Cache-Tags
Charset
X-Page-Id
X-B3-Sampled
Host
Cleartype
X-Debug-Info
X-Www-Served-By
X-Git-Hash
X-Geo-Country
X-DIS-Request-ID
X-Content-Options
Accept-Ch
X-Ratelimit-Limit
X-Content-Digest
Alternate-Protocol
Cross-Origin-Opener-Policy
X-ASPNET-VERSION
X-Amzn-Trace-Id
X-Hostname
X-DataDome
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Source
X-Amz-Replication-Status
Filterid
X-Grace
X-F-Cache
X-Varnish-Age
ServerID
X-FB-Debug
X-Upgrade-Enabled
X-Az
X-Activity-Id
X-AppVersion
X-Accel-Expires
X-VCache
X-Nginx-Upstream-Cache-Status
X-N
X-WebKit-CSP-Report-Only
X-Rid
X-Fastly-Request-Id
X-Mobile-URL
X-Forwarded-Proto
X-Ratelimit-Reset
X-LB-Cache
X-Server-ID
Access-Control-Allow-Method
X-Type
X-Seen-By
X-Origin-Server
X-Distributor
X-TT
X-Tb
X-Whom
X-Request-Guid
X-Providence-Cookie
X-Route-Name
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Is-Crawler
X-Aspnet-Duration-Ms
X-FW-Dynamic
X-App-Environment
Viewport
X-FW-Hash
X-FW-Serve
Payment
X-FW-Static
X-FW-Server
X-Flags
X-FW-Type
X-User-Agent
X-Varnish-Grace
Node
Fastcgi-Useragent
X-Wix-Request-Id
Paypal-Debug-Id
DC
Country
Accept-Charset
X-Oneagent-Js-Injection
TP-L2-Cache
TP-Cache
X-Fastly-Request-ID
X-App-Server
X-XRDS-LOCATION
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Litespeed-Cache
X-Webkit-Csp
X-Cache-Rule
X-Cluster-Name
X-Via-JSL
X-Cache-Control
X-Drupal-Cache-Tags
X-NGENIX-Cache
Version
X-Cache-Age
X-Signature
X-B-Cache
X-Buckets
X-Fastcgi-Cache
X-Request-Handler-Origin-Region
X-Contextid
X-Microsite
Cache-Status
Referer-Policy
Amp-Access-Control-Allow-Source-Origin
X-Logged-In
X-Node-Name
Refresh
X-Origin-Upstream-Status
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
VIX-Pulpo-Node
X-Mobile
SD-X-WS
X-Response-Served-From
X-Vgn-Hpd-Reason
X-Is-Bot
X-IPLB-Instance
X-Cache-Expired-At
X-Load-Cache
X-Jobs
X-Real-IP
X-Rendered-As
Access-Control-Request-Headers
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Revision
X-Cacheable-TTL
X-Debug
X-Erf-Bev-Bev
X-Yottaa-Optimizations
X-B
X-Proxy-Cache-Status
X-Varnish-Backend
NGB
X-Yottaa-Metrics
X-Page-View
X-UUID
X-Device-Type
X-Proxy
X-Cache-Action
X-Drupal-Cache-Contexts
Surrogate-Key
X-Rule
Akamai-GRN
X-Framework
X-G
X-ProcessESI
X-Instance
X-RemovedCookies
X-FW-Version
X-Debug-IsPreview
X-Debug-IsConnected
X-Cache-Time
X-Accel-Buffering
X-XRDS-Location
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Presslabs-Stats
CF-IPCountry
GEO-INFO
SID
X-Cache-NGX
Count-Hit
Uber-Trace-Id
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Cache-Operation
X-Azure-Ref
X-APP-VERSION
X-Source
X-Ms-Version
X-Ms-Request-Id
X-Nginx-Cache
X-Zen-Fury
Protected
X-EdgeConnect-Cache-Status
X-TEC-API-VERSION
X-Servername
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-RateLimit-Limit
WPO-Cache-Status
X-Trace-Id
DynaTrace
WPO-Cache-Message
Frame-Options
Liferay-Portal
X-PressLabs-Stats
X-RTag
Ec-Rule-Version
X-Hyper-Cache
X-CDN-Forward
Ms-Operation-Id
MS-CV
X-Backend-Name
X-Cache-Hit
X-Cache-TTL-Remaining
Countrycode
Healthy
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Ratelimit-Remaining
X-L-Path
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-User
X-Environment-Context
Content-Disposition
Backend
X-Adobe-Content
Xserver
X-Adobe-Loc
X-Mode
Url
X-Varnish-Server
X-UPSTREAM-Address
X-Cache-Grace
X-Rewrite-Enabled
X-Tid
X-JoinUs
X-SaId
X-RN-RSRV
X-Detected-As
Meta-Geo
X-Format
X-FB-TRIP-ID
X-NewRelic-App-Data
X-Zipkin-Id
X-Redis-Cache
X-Debug-Cache
X-Cache-Server
Apigw-Requestid
Retry-After
X-Routing-Service
LB
Cache-Name
Eomportal-Instance
X-Generation-Time
Decoy-Debug-Status
X-Extlb
X-Uri
Decoy-Debug-TTL
X-Proxied
Country-Code
Decoy-Debug-Key
X-Origin-Date
X-PHP-Backend
X-PCL
X-PERF
X-OCL
CDN-Cache
X-Alternate-Cache-Key
X-ApacheServer
CDN-Uid
X-Akamai-Edgescape
X-Access
X-Human
Mn-Server-Ip
CDN-RequestId
CDN-RequestCountryCode
X-NCache
X-No-Session
X-Microcachable
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
X-NYM-Debug-Backend
X-UA-Device-Type
X-Via-Fastly
X-ShardId
X-Sorting-Hat-PodId
X-Say-Cacheable
X-Shopify-Stage
X-Section
X-SayCDN-TTL
X-Say-TTL
X-Region
X-Sql-Count
X-Status
X-Generated-By
X-Web-Node
X-ShopId
X-Sorting-Hat-ShopId
X-Content-Age
X-Sql-Duration-Ms
X-ServerID
X-Cluster-Node
X-Timing-Wait
X-Proxy-Build
X-Be
X-Varnish-Beresp-Grace
Fastly-SSL
TWC-Connection-Speed
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-Forwarded-Host
TWC-Locale-Group
TWC-GeoIP-LatLong
Selected-Fe
Property-Id
X-Storage
TWC-Device-Class
TWC-GeoIP-Country
X-Hosted-By
X-BYPASS-REASON
X-Cache-Type
X-Origin-Hint
X-Server-W
X-Pubstack
X-ProxyCache-Status
X-TIME
X-Cache-Host
X-ProxyCache-Key
X-Content-Powered-By
Cache-Tv-Group
X-Site-Version
X-R9-Blue-Green-Version
X-Nginx-Cache-Key
X-Hl-Ver
X-Soup
X-Varnishpool
X-Unique-Id
Azure-Version
Content-Secure-Policy
Section-Io-Cache
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-LSADC-Cache
X-Ua
X-Webkit-CSP
X-Cache-Remote
DB-Nickname
X-Platform-Server
X-Azure-Ref-OriginShield
X-Cached-By
X-Bc-Bl
X-Dc
Cache
X-Cache-Tags
X-Akamai-Transformed
X-Xfnlog-Site
X-Auto-Login
ServedBy
OT-Force-Account-Verify
X-GEO
Source
Upgrade-Insecure-Requests
From-Origin
X-TT-LOGID
X-AOL-HN
X-Cdn
X-Varnish-Cache-Hits
X-LAGOON
Xet-Cookie
X-Origin-TTL
X-Request-Time
X-Origin-CC
X-NWS-UUID-VERIFY
Mime-Version
SRV
WP-Super-Cache
X-Varnish-Hits
Cache-Hits
X-Request-Host
HostName
X-TNCMS
X-SRV
X-Loop
X-Varnish-Hostname
X-Akamai-Request-ID2
X-S-Maxage
X-CSRF-Token
Onion-Location
S-Rt
X-Cache-Enabled
X-Http-Reason
X-HTML-Minification-Powered-By
Webserver
X-ECache
X-FireWall-Port
X-EC-Lua
X-Handled-By
X-Tumblr-Pixel-3
X-Endurance-Cache-Level
X-Tumblr-Pixel-2
Web-Mar-Node
Nel
X-Correlation-ID
X-Time
X-Reqid
N-Cache
X-B3-SpanId
X-Adobe-Source
Server-Info
X-RCS-CacheZone
X-App-Version
X-Magnolia-Registration
X-Origin-Response-Time
X-Destination
Rendered-Blocks
Xc-Version
Sslversion
Surrogated-Key
X-Developer
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Processor
Pramga
Redirect-Candidate
X-Planisys-CDN-Rules
X-Orig-Expires
X-Mg-Request-UUID
Fastcgi-X-Cache-Version
X-GG-Cache-Date
X-Vtex-Remote-Cache
X-Gen-Mode
A
Expiry
X-Hnp-Log
BehaviorPad-Version
DCR-Decision-By
DCR-Processing-Time-Ms
X-NAPM-TraceId
X-ND-Cache
Mobile-Detection-Method
Odigeo-Trace-Id
X-Epic-Correlation-Id
X-PAYTM-SRV-ID
Meta-Geo-Continent
X-External-Request-Id
X-Block-Status
X-Ftr-Request-Id
X-Forwarded-Path
X-Ig-Push-State
X-PBS-Appsvrname
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-SRCache-Key
Vix-Hermes-Req-Id
V-Age
X-Ckpd-Fst-Backend
User-Cache-Control
X-Cache-NE
X-Application
X-Aed
X-TIM-N
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-A-Dam
X-V-Cache
X-A
X-A-Ccd
X-Shop-Environment
X-Session-Fingerprint
X-Backend-TTL
X-S-Cookie
X-VG-WebCache
X-Connection-Hash
X-S
X-Rojux
X-Vtex-Processado-Em
X-Conf
X-ScT
X-Vdms-Path
X-Proto
X-Cluster
X-Tenant
X-Vdms-Version
X-B-Cookie
X-ARC
X-SD-PageType
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
Fastcgi-Cache-TTL
Traceparent
X-Device-Os
Origin-EX
X-GeoIP-Region-Code
Origin-CC
DSUID
X-Cache-Bucket
State
Svr
CDCHOST
Cmsid
Cmstype
X-Date
X-Hash
X-Cache-Info
X-GeoIP-Country-Code
Host-ID
X-Accel-Expires-Debug
Wxu-Next-Region
X-Fastly-Backend
X-Fastly-Cache
X-Core-Mission
X-Gdpr
Wxu-Next-Hostname
X-Aicache-OS
Gh-Request-Id
True-Client-Country-4JS
Origin
Wxu-Next-Commit
X-Cdn-Srv
X-Geo-Header
X-Fetched-On
X-Location
X-Men
X-Proxy-Upstream
X-Mvc-Supplant-Cachable
X-Policy
X-Server-IP
X-SVT-ORM-RULES
X-Origin-Time
CacheControlHeader
X-Time-Microsecs
X-Webstats-RespID
X-Nyt-Route
X-Old-Content-Length
X-Forwarded-Site
X-SVT-ORM-VERSION
X-Slack-Backend
X-NodeID
X-Origin-Expires
X-Locale
Apple-News-Services-Request-Url
X-MP-GENERATED-AT
Apple-News-Services-Parsed-Url
Arc-Country
X-Viewer-Country
X-Rocket-Nginx-Serving-Static
X-Varnish-Ttl
Apple-News-Services-Host
Apple-News-Services-Handled
X-Scheme
X-Request-URI
X-Edge-Location
X-VG-TLSProxy
AKAMAI
X-Restarts
X-Origin
Accept-Language
X-Zone
X-Amz-Meta-S3cmd-Attrs
Environment
X-Sn-Servicetimems
X-Sigma
X-Served-From
X-Sigma-Backend
X-Skip-Cache
X-CGP
X-TH-Server
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Cdn-Origin
X-Cache-Id
X-Cache-Debug
X-VServer
X-Branch-Name
X-Cache-Date
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Core-Value
X-Worker
X-Sucuri-ID
X-Thinkindot-L3
X-TrackingId
X-Variation
X-UnsetCookies
X-Sucuri-Cache
X-Rebelmouse-Cache-Control
X-GeoIP
X-GeoIP-City
X-LI-UUID
X-Loc
X-Generated-On
X-Gamma-Serve
X-Irp-Debug
X-Node-Id
X-Li-Pop
X-Li-Fabric
X-JWT-State
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-HN
X-Has-Esi
X-Level-Front-Cache
X-Labrador-Cache-Channel
X-Gzip
X-FC-Vary-Parameters
X-Eu-Site
X-Req
X-DefHash
X-Rebelmouse-Surrogate-Control
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Rocket-Build-Number
X-Response-By
X-Datadog-Parent-Id
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Envoy-Decorator-Operation
X-Owner
X-Esi-Check
X-PHP-Host
X-Platform
X-Qloud-Router
X-Developers
X-DPWN-IS-SECURE
X-Csrf-Jwt
X-DefElseHash
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
Thinkindot-Control
X-Via-NSCOPI
PFcat
Mail-Subject
Ssr
Fastly-SWR
Platform
CloudFront-Viewer-Country
Release
Req-Svc-Chain
Server-Host
Cf-Device-Type
We-Hiring
Fastly-Drupal-Html
Fastly-SIE
Is-Eu
X-ATG-Version
HA-Ipaddr
X-BBC-Edge-Cache-Status
Ha-Gx-Prefs
Web-Mar-Region
Fastly-GeoIP-CountryCode
L5d-Success-Class
Locid
Adler-Geo
L
Machine
X-Xrds-Location
X-Varnish-Beresp-Ttl
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Backend
X-Pod-Name
Memcached
X-Region-Sid
X-DW
X-Varnish-Beresp-Status
X-Action
X-DB
X-Tx-Id
X-NU-AKA-ACS-Version
X-DI
X-VC-Cache
X-Storefront-Renderer-Rendered
X-RSL
X-DSS
NM-Fastcgi-Cache
X-RPM
X-RPS
X-Amzn-Remapped-Content-Length
X-Ua-Device
X-TraceId
X-NC
X-Wix-Viewer-Type
AMP-Access-Control-Allow-Source-Origin
Magicmarker
Edge-Cache
X-Backend-State
Kp-EeAlive
NGX
X-Cache-Var
X-Cache-Var-Map
X-Minions-Version
CDN
X-CacheTTL
X-API-Version
X-Urbn-Site-Id
X-Tb-Optimization-Total-Bytes-Saved
Locale
X-Urbn-Context-Path
X-CS
X-Srv
Pics-Label
Ms-Author-Via
X-Up
X-Request-Start
X-Optimistic-Header
X-LB-NoCache
X-LB-ID
X-Mvc-Supplant-OutputCached
X-Generated-In
X-Trace-ID
X-Tt-Logid
Memory
X-Thanos
X-Bip
Env
Time
X-Refresh
X-M-Log
X-Qnm-Cache
X-M-Reqid
WebServer
X-Edge-Pop
X-TA-CDN-Provider
X-Via-Popv
X-Via-Popn
X-Cache-Config
X-Via-Poph
X-Ec-GeoHdr
X-User
X-Ec-Fail
X-Parent-Response-Time
X-Servedbyhost
X-CACHE-KEY
X-HA-Backend
X-DC
GeoIp-Country-Code
X-Esi
Server-ID
X-Cs
NtCoent-Length
Datacenter
Cdncip
X-AK-Request-ID
X-Dynatrace
Candidate-Md5Url
Cdnsip
X-MSEdge-Flight
X-MSEdge-Features
X-Vc
X-CLOUD-TRACE-CONTEXT
X-WADP-Cache
Cluster
X-Fmm-Version
X-Clara-WADP
X-DynaTrace-JS-Agent
My-App
X-ZONE
X-Pass-Why
X-TX-ID
Tracecode
X-Varnish-Beresp-TTL
WWW-Authenticate
Geoip-Latitude
X-VCL-Version
X-CUA
On-Server
DataCenter
Lfy
X-Var-Ttl
X-Fpc
X-Cache-Ttl
X-Traceid
X-App
X-From
Esi-Enabled
X-LI-Proto
T-Server
X-URL
X-Fragments
X-Webkit-Csp-Report-Only
Lang
Cf-Int-Pingora-Origin-Digest
X-VC
X-Datadome
C-Via
X-Service
X-FPC
X-Li-Proto
X-Cache-PHP
Target-Params
X-B3-Spanid
Fastly-Drupal-HTML
X-NODE
X-Webkit-CSP-Report-Only
X-WP-CF-Super-Cache-Cache-Control
X-Newrelic-Synthetics
X-Unique-ID
Geo-Info
X-Provided-By
X-WP-CF-Super-Cache
Proxy-Connection
X-Vcl-Version
X-Mcache
Test
M-TraceId
X-CSRF-TOKEN
X-RAMCache
Resin-Trace
X-LiteSpeed-Cache-Control
X-Ha-Backend
X-Render-Time
Hostname
Permissions-Policy
Server-Id
X-Cache-Status-Check
X-Proxy-Cache-Info
X-Httpd
WZWS-RAY
X-COUNTRY
MIME-Version
Servername
X-ID
X-SB
Producers
Hit
X-Via-PopH
X-Via-PopV
X-ServedByHost
FSS-Cache
X-Via-PopN
X-NGINX-Cache
GeoIP-Country-Code
X-Clientip
X-Geo
X-Dynatrace-Js-Agent
X-Udemy-Cache-App-Namespace
X-Edge-POP
X-Platform-Router
X-Platform-Processor
X-Pool
X-Cdn-Forward
X-Platform-Cluster
X-Pad
X-Api-Version
ENV
X-Scale
X-Edge-Cache
X-Fastly-Backend-Reqs
X-Ec-Custom-Error
X-Oss-Object-Type
X-Oss-Server-Time
HIT
Section-Origin-Responded
UCS
X-Oss-Storage-Class
X-LiteSpeed-Tag
X-HS-Status
X-Oss-Request-Id
X-Ucs
Section-Io-Origin-Status
Section-Io-Id
X-Dispatcher-Number
Section-Io-Origin-Time-Seconds
Cache-Host
X-Oss-Hash-Crc64ecma
X-ElasticPress-Query
MD5-Digest
Cneonction
X-Acquia-Purge-Tags
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
X-Acquia-Site
X-UP
X-Acquia-Application-UUID
URI
Cf-Ipcountry
Server-Hostname
Server-Ext
IsBot
Sever-Int
X-Cache-Expires
X-Via-Ucdn
X-SIPLIST1
X-Check-Cacheable
X-GoCache-CacheStatus
X-Lb-Id
S-Cnection
PICS-Label
ServerName
X-Cache-CFC
X-Lb-Nocache
Uri
X-Cms-Context
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Info
X-AIR-PT
X-RateLimit-Reset
X-Cdn-Request-ID
X-Fastly-Cache-Hits
Tcn
X-Snapshot-Date
Server-Ttl
Sid
X-Swift-Error
X-Nc
X-Akamai-Path-Stats
X-Dw-Trace-Id
User-Agent
Cteonnt-Length
X-Newrelic-App-Data
Vha6-Origin
X-Micro-Cache
CF-Cached-On
Wpo-Cache-Status
X-Vcache
Ngx
X-B3-ParentSpanId
X-Wikidot-Backend
Fastly-Backend-Name
X-Yottaa-OS
X-Release
Wpo-Cache-Message
X-Wikidot-Static-Cache
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Ohc-File-Size
X-Cache-Ngx
X-Air-Pt
X-HostName
X-IN-APIGATEWAYSSL
X-UA
X-WA-Info
X-Fetch-By
Inserted-Into-Cache-At
X-B3-Parentspanid
X-Litespeed-Cache-Control
X-IN-APIGATEWAY
X-CacheKey
X-Apw-Access-Object
X-Te-Count
X-Te-Duration-Ms
X-Last-Modified
X-Http-Duration-Ms
X-Http-Count
X-Sentry-ID
X-Logging-Id
CountryCode
X-Apw-Access-Action
X-Akamai-Request-ID
X-Akamai-Pragma-Client-IP
X-Backend-Host
Req-ID
X-Apw-Access-Token
X-Apw-Hits
X-Shopify-Generated-Cart-Token