Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Server
X-Robots-Tag
X-AH-Environment
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
X-Akamai-Path-Stats
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Pingback
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Server-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-HW
X-Response-Time
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
Accept-CH-Lifetime
X-Url
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-MS-InvokeApp
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Rack-Cache
X-PC
X-TtlSet
X-Vname
X-Server-Name
X-Clacks-Overhead
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-ESI
X-Content-Type
Cache-Tag
Accept-Ch
X-B3-TraceId
X-Vcap-Request-Id
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Amz-Server-Side-Encryption
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-Px
X-Cnection
X-Ac
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
X-Navigation-Version
Verso
X-Abt-Application-Version
X-Edge
X-Client-IP
X-Powered-By-Plesk
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Ser
X-Version
Service-Worker-Allowed
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
X-Goog-Hash
X-NF-Request-ID
X-FastCGI-Cache
Access-Control-Request-Method
X-Ttl
X-Correlation-Id
X-Ruxit-Js-Agent
SPRequestDuration
X-Kinsta-Cache
SPIisLatency
X-Webkit-Csp
X-Edge-Location-Klb
AR-ATIME
AR-CACHE
AR-Request-ID
AR-SID
AR-PoweredBy
X-Upstream
X-RateLimit-Limit
X-NWS-LOG-UUID
X-Cached
X-LLID
SPRequestGuid
X-SharePointHealthScore
X-Cache-Key
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Powered-CMS
Edge-Cache-Tag
X-Litespeed-Cache
X-TTL
Nginx-Cache
TCN
X-Forwarded-For
X-Content-Security-Policy-Report-Only
Content-MD5
Mrf-Cache-Status
MRF-Tech
X-MSEdge-Ref
X-Id
X-Shield-Request-Id
X-B3-TraceId-Primal
X-Daa-Tunnel
MS-Author-Via
X-Server-ID
X-T
X-Recruiting
S
X-Content-Digest
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Mg-S
X-Ua-Device
X-DataDome
X-Protected-By
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-Frontend
X-HS-Content-Id
X-Grace
X-ECACHE
X-Ua-Browser
X-Ab
X-Content
Front-End-Https
Server-Node
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
Filters
X-DynaTrace
X-Mid
X-PressLabs-Stats
Fastcgi-Cache
X-Geo-Country
TP-Cache
TP-L2-Cache
X-Distributor
X-Origin-Server
X-Hits
X-Debug-Info
X-Request-Handler-Origin-Region
X-Microsite
X-ORACLE-DMS-ECID
X-Tt-Trace-Host
Cross-Origin-Opener-Policy
X-Tt-Trace-Tag
Charset
X-Git-Hash
X-ORACLE-DMS-RID
Cleartype
Host
X-DIS-Request-ID
X-Page-Id
X-Amzn-Trace-Id
X-F-Cache
X-LB-Cache
Pinterest-Version
Pinterest-Generated-By
X-B3-Sampled
X-Pinterest-Rid
X-Ratelimit-Reset
X-WebKit-CSP-Report-Only
X-Cache-Age
X-Www-Served-By
X-Forwarded-Proto
Access-Control-Allow-Method
ServerID
X-Seen-By
Cache-Status
X-Aspnetmvc-Version
Cache-Tags
X-Cluster-Name
Realpath
X-Language
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-AppVersion
Accept-Charset
X-Activity-Id
X-Varnish-Age
X-Az
Filterid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-MCACHE
X-Rid
Server-Name
X-Nginx-Upstream-Cache-Status
X-Content-Options
X-Type
X-App-Environment
Viewport
X-Varnish-Grace
X-Fastcgi-Cache
X-Tb
Node
Retry-After
X-Mobile-URL
X-User-Agent
X-Signature
X-Whom
X-FB-Debug
X-NWS-UUID-VERIFY
X-Upgrade-Enabled
Country
X-B-Cache
X-Fastly-Request-ID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Flags
X-Drupal-Cache-Tags
X-Aspnet-Duration-Ms
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Route-Name
X-Origin-Cache
X-Request-Guid
X-Providence-Cookie
X-Wix-Request-Id
X-Is-Crawler
Paypal-Debug-Id
DC
X-TT
X-Varnish-Backend
X-VCache
Protected
Fastcgi-Useragent
X-XRDS-LOCATION
X-Oneagent-Js-Injection
X-Via-JSL
X-B
X-N
X-Cache-NGX
X-Debug
X-Amz-Replication-Status
X-Contextid
Payment
X-Logged-In
X-XRDS-Location
X-Mcache
WPO-Cache-Message
WPO-Cache-Status
X-Load-Cache
Surrogate-Key
X-Template
X-Fastly-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
Count-Hit
X-FW-Server
X-FW-Serve
X-Amz-Meta-S3cmd-Attrs
X-FW-Type
X-FW-Dynamic
X-FW-Static
X-FW-Hash
X-Node-Name
Healthy
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Hostname
Permissions-Policy
X-Response-Served-From
X-G
SD-X-WS
X-Original-Request-Id
X-UUID
X-Jobs
Refresh
X-Revision
X-Cache-TTL-Remaining
X-Trace-Id
Content-Disposition
X-Akamai-Request-ID2
X-Mobile
X-Is-Bot
X-Proxy
X-Real-IP
X-Rendered-As
X-Cacheable-TTL
X-Framework
Uber-Trace-Id
X-Zen-Fury
X-Cache-Time
Akamai-GRN
X-Proxy-Cache-Status
X-Page-View
X-Http-Reason
Access-Control-Request-Headers
X-Adobe-Content
X-Adobe-Loc
X-Yottaa-Optimizations
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
NGB
X-Debug-IsConnected
X-Yottaa-Metrics
Alternate-Protocol
X-Device-Type
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Instance
Url
X-Servername
X-ECache
X-Cache-Grace
X-IPLB-Instance
Version
X-B3-Traceid
X-Cache-Rule
X-Source
From-Origin
X-Mg-Request-UUID
X-L-Path
X-Varnish-Server
X-Environment-Context
X-Vgn-Hpd-Reason
X-Parallel-Accel
X-NGENIX-Cache
X-Restarts
Accept-Language
X-Cache-Hit
X-EdgeConnect-Cache-Status
X-Cache-Expired-At
Countrycode
X-RTag
Ms-Operation-Id
MS-CV
Referer-Policy
X-HTML-Minification-Powered-By
Frame-Options
X-App-Server
Backend
Liferay-Portal
Cross-Origin-Window-Policy
X-Tumblr-Pixel-0
X-NYM-Debug-Backend
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-FW-Version
X-COUNTRY
X-Cache-Action
X-Nginx-Cache
X-RemovedCookies
Content-Secure-Policy
X-ProcessESI
Upgrade-Insecure-Requests
X-Datadome
Section-Io-Cache
WP-Super-Cache
X-RN-RSRV
CF-IPCountry
X-Redis-Cache
Meta-Geo
X-UPSTREAM-Address
Ec-Rule-Version
X-Say-Cacheable
X-Content-Age
X-Hosted-By
X-UA-Device-Type
Cache-Tv-Group
X-Generation-Time
X-Web-Node
X-Detected-As
X-FB-TRIP-ID
X-Cache-Server
X-Region
X-Request-Time
X-Say-TTL
X-AOL-HN
X-Cache-Enabled
X-SayCDN-TTL
X-Human
X-Cache-Type
X-APP-VERSION
X-No-Session
X-ProxyCache-Key
Mn-Server-Ip
X-Akamai-Edgescape
X-PCL
X-Varnish-Cache-Hits
S-Rt
X-PHP-Backend
X-Via-Fastly
X-ProxyCache-Status
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Apigw-Requestid
Azure-SlotName
Azure-Version
X-Mode
X-Origin-Date
X-OCL
Locale
X-Content-Powered-By
X-Storage
X-Access
X-Sql-Duration-Ms
X-Sql-Count
X-Generated-By
X-Format
X-Site-Version
X-Nginx-Cache-Key
X-Section
X-BYPASS-REASON
X-Urbn-Site-Id
X-Uri
X-Urbn-Context-Path
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
X-ApacheServer
CDN-RequestId
CDN-RequestCountryCode
CDN-Cache
X-Forwarded-Host
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
X-Sorting-Hat-ShopId
X-Server-W
X-Status
X-Sorting-Hat-PodId
CDN-Uid
Webcakes-App-Version
Webcakes-Region
X-Cache-Host
X-Origin-Hint
X-Platform-Server
X-PERF
X-Cache-Tags
X-Xfnlog-Site
X-Debug-Cache
X-Adobe-Source
TWC-Locale-Group
Webcakes-App-Name
Fastly-SSL
TWC-Privacy
Property-Id
X-Cluster-Node
X-Be
TWC-GeoIP-LatLong
X-Hyper-Cache
X-Midtier
X-Alternate-Cache-Key
X-Ratelimit-Remaining
X-ShopId
X-Shopify-Stage
X-ShardId
X-Routing-Service
X-ServerID
X-Extlb
X-SaId
X-Proxied
X-Hl-Ver
X-JoinUs
X-NewRelic-App-Data
Eomportal-Instance
X-Tid
X-Ua
X-Zipkin-Id
X-Varnishpool
Webserver
X-Unique-Id
X-PHP-Host
X-Labrador-Cache-Channel
X-Backend-Name
X-GG-Cache-Date
X-Handled-By
X-TT-LOGID
Selected-Fe
X-Timing-Wait
X-Proxy-Build
X-Locale
X-Rule
X-LJ-Flow-ID
X-Cache-Operation
X-AWS-Id
X-VWS-Id
ServedBy
X-VC-Cache
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Cms-Context
X-LSADC-Cache
X-Soup
X-Cache-Remote
X-Accel-Buffering
X-Rewrite-Enabled
X-Cached-By
X-App-Version
Mime-Version
SID
Web-Mar-Node
X-Proto
SRV
X-Dc
Fastly-Drupal-Html
X-GEO
X-GeoCode
Load-Balancing
Xserver
X-CDN-Forward
X-GeoCountry
X-Cdn
X-TA-CDN-Provider
X-Reqid
X-Varnish-Hostname
X-Pubstack
Cache-Hits
Country-Code
Onion-Location
X-Buckets
X-Microcachable
X-Request-Host
X-Origin-TTL
X-Origin-CC
LB
Decoy-Debug-Status
Decoy-Debug-TTL
X-Ratelimit-Limit
Decoy-Debug-Key
X-Cluster
Server-Info
X-Varnish-Hits
X-CSRF-Token
X-Ms-Request-Id
X-Envoy-Decorator-Operation
X-SRV
X-Ms-Version
X-Time
X-Tumblr-Pixel-2
X-Magnolia-Registration
X-Tumblr-Pixel-3
Xet-Cookie
X-MP-GENERATED-AT
X-Air-Hostname
X-Amz-Apigw-Id
X-B3-SpanId
X-Air-Source
X-Amzn-RequestId
X-NCache
X-Air-Trace-Id
X-Bc-Bl
DynaTrace
DB-Nickname
X-RCS-CacheZone
X-Tx-Id
Cache
X-Endurance-Cache-Level
BehaviorPad-Version
X-Origin-Response-Time
X-Orig-Expires
Host-ID
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Conf
X-Hash
X-Core-Mission
NM-Fastcgi-Cache
X-Connection-Hash
X-Gzip
Mobile-Detection-Method
MD5-Digest
X-From
X-D
Meta-Geo-Continent
X-Ftr-Request-Id
X-Ig-Push-State
X-NAPM-TraceId
X-Node-Id
X-Aed
Xc-Version
Pramga
X-Forwarded-Path
Odigeo-Trace-Id
X-Fetched-On
Lang
A
Rendered-Blocks
X-Processor
Expiry
X-Session-Fingerprint
X-Vdms-Path
X-Shop-Environment
X-Sigma
X-Sigma-Backend
X-VG-WebCache
X-B-Cookie
X-SD-PageType
X-PAYTM-SRV-ID
X-A-Wwc
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-ScT
X-A-Dgt
X-Ec-Fail
Fastcgi-X-Cache-Version
X-TIM-N
X-A-Ccd
X-A-Dam
X-TrackingId
X-A-Dcw
X-User
X-Tenant
X-SVT-ORM-VERSION
X-ARC
Fastly-GeoIP-CountryCode
X-A
X-SRCache-Key
X-SVT-ORM-RULES
X-Vdms-Version
X-Esi-Check
X-S-Cookie
X-Vtex-Remote-Cache
Cdncip
Sslversion
X-Vtex-Processado-Em
X-AK-Request-ID
Cdnsip
X-Cache-Id
X-Cache-Info
X-Webstats-RespID
X-PBS-Appsvrname
X-Destination
X-Cache-NE
X-Varnish-Beresp-Grace
X-External-Request-Id
Surrogated-Key
X-Application
X-Rojux
Cmstype
DCR-Processing-Time-Ms
DCR-Decision-By
Cmsid
X-Ec-Custom-Error
T-Server
X-Cache-Bucket
X-Developer
X-S
X-Device-Os
X-Rocket-Build-Number
X-Varnish-Ttl
Cache-Name
Source
X-ZONE
L
Is-Eu
Machine
X-DefHash
Kp-EeAlive
X-DefElseHash
X-Dispatcher-Number
X-Cdn-Srv
Thinkindot-Control
X-Block-Status
Traceparent
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Cache-Backend
TDXMobile
X-BBC-Edge-Cache-Status
User-Cache-Control
Wxu-Next-Region
X-Amzn-Remapped-Content-Length
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
Web-Mar-Region
State
Ssr
Origin-EX
X-Clara-WADP
X-Ckpd-Fst-Backend
Origin-CC
Origin
Memcached
X-Core-Value
Platform
Producers
Server-Host
X-Cache-Date
X-CacheTTL
X-DPWN-IS-SECURE
Release
Req-Svc-Chain
Mail-Subject
X-Irp-Debug
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-WADP-Cache
X-VServer
X-Pool
X-Origin-Time
X-Wix-Viewer-Type
X-Mvc-Supplant-Cachable
X-Loop
X-NodeID
X-Nyt-Route
Environment
X-Origin
X-Rocket-Nginx-Serving-Static
X-SB
X-V-Cache
X-TNCMS
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Thinkindot-L3
X-Slack-Backend
X-Served-From
X-Scheme
X-Server-IP
X-VG-TLSProxy
X-Skip-Cache
X-Loc
X-Origin-Expires
Apple-News-Services-Handled
Adler-Geo
X-Gen-Mode
X-Geo-Header
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
CloudFront-Viewer-Country
X-Fastly-Cache
X-Fmm-Version
Apple-News-Services-Request-Url
X-GeoIP
X-Gdpr
X-HS-Content-Campaign-Id
X-LAGOON
X-Hnp-Log
X-R9-Blue-Green-Version
X-SIPLIST1
X-Is-Gdpr
X-Worker
X-Datadog-Sampling-Priority
X-Forwarded-Site
X-CGP
X-Via-NSCOPI
X-Datadog-Trace-Id
X-JWT-State
X-Eu-Site
X-VarnishDD-TTL
X-Aicache-OS
X-Developers
X-Location
X-Via-Ucdn
X-Gamma-Serve
X-Minions-Version
X-Sn-Servicetimems
X-Datadog-Parent-Id
X-Platform
X-Policy
X-Proxy-Upstream
X-Generated-On
X-HN
X-Cdn-Origin
X-Csrf-Jwt
X-GeoIP-City
X-Qloud-Router
X-RateLimit-Limit-Second
X-Request-URI
X-Branch-Name
X-Has-Esi
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-Level-Front-Cache
X-Rebelmouse-Cache-Control
X-Viewer-Country
V-Age
Svr
L5d-Success-Class
IsBot
HA-Ipaddr
Ha-Gx-Prefs
Sever-Int
Locid
Server-Hostname
Server-Ext
PFcat
NGX
N-Cache
Fastly-SWR
Fastly-SIE
CDN
X-Azure-Ref
HostName
Redirect-Candidate
AKAMAI
CDCHOST
DSUID
Vix-Hermes-Req-Id
Cluster
X-IPLB-Request-ID
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Optimistic-Header
X-WP-CF-Super-Cache-Cache-Control
X-Scale
Arc-Country
X-Proxy-Cache-Info
Gh-Request-Id
X-Pod-Name
X-WP-CF-Super-Cache
X-Auto-Login
Ohc-File-Size
X-Men
X-Httpd
Fastcgi-Cache-TTL
X-Old-Content-Length
X-Refresh
X-Response-By
Pics-Label
X-EC-Lua
X-Owner
X-Parent-Response-Time
X-VC
X-Srv
X-CS
X-Udemy-Cache-App-Namespace
X-Newrelic-Synthetics
Datacenter
X-Tb-Optimization-Total-Bytes-Saved
X-LB-NoCache
X-NC
X-RPM
Cache-Key
Candidate-Md5Url
X-Ad-Defer-Variation
X-BCube-Filmed-By
Env
X-Wikidot-Static-Cache
X-TraceId
X-RSL
X-Tt-Logid
X-Wikidot-Backend
X-Ah-Environment
X-RPS
Servername
X-DI
X-DSS
X-DB
X-DW
AMP-Access-Control-Allow-Source-Origin
Ms-Author-Via
X-RateLimit-Reset
GEO-INFO
X-Accel-Expires-Debug
X-Mvc-Supplant-OutputCached
Memory
VNS-Age
Time
CPC-Cache
X-Date
X-SplitTest
VNS-Cache
CPC-Age
XM
X-Akamai-Transformed
X-Edge-Pop
X-GeoIP-Country-Code
X-Cache-Status-Check
X-Generated-In
X-Contensis-Viewer-Groups
X-GeoIP-Region-Code
X-Amz-Meta-Cb-Modifiedtime
X-WA-Info
X-Cache-ASPX
X-Webkit-CSP
X-Xrds-Location
X-TIME
X-Via-Popn
X-Via-Popv
X-Varnish-Authentication
X-Servedbyhost
X-Via-Poph
Path
X-Micro-Cache
Fastly-Backend-Name
X-Cache-Debug
ITXSESSIONID
X-AIR-PT
X-HA-Backend
Lb
X-API-Version
X-Trace-ID
X-S-Maxage
GeoIp-Country-Code
X-CACHE-KEY
X-DC
Geo-Info
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Ohc-Cache-HIT
CacheControlHeader
X-VCL-Version
Client
Cache-Host
Geoip-Latitude
X-Action
Server-ID
X-Vc
FSS-Cache
X-TH-Server
Ngx.Var.Host
True-Client-Country-4JS
X-Cs
X-VHOST
X-Backend-TTL
X-Varnish-Beresp-TTL
True-Client-IP
XkeyRZ
X-Proxy-CacheRZ
X-Presslabs-Stats
Hostname
X-Clientip
X-Api-Version
X-Fpc
Edge-Cache
X-Req
X-Webkit-Csp-Report-Only
Powered-By
X-FireWall-Port
My-App
X-Provided-By
X-TX-ID
X-Zone
X-Pass-Why
X-B3-Spanid
X-PX
X-Traceid
X-Origin-Upstream-Status
NtCoent-Length
X-Varnish-Beresp-Ttl
X-Up
X-FPC
Test
X-Dmc
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-MSEdge-Flight
X-MSEdge-Features
X-HS-Status
X-CSRF-TOKEN
X-Cdn-Request-ID
X-LB-ID
X-Correlation-ID
X-Beluga-Trace
Rip
DataCenter
X-Webkit-CSP-Report-Only
X-Beluga-Node
Server-Id
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Record
User-Agent
X-Beluga-Cache-Status
X-Render-Time
C-Via
X-INCAP-ABP
X-Vcl-Version
X-Gateway-Cache-Status
Proxy-Connection
OT-Force-Account-Verify
Tube-Got-Eval
X-Gateway-Cache-Key
Click-Count-Error
Tube-Got-Results
X-Li-Fabric
X-Gateway-Skip-Cache
X-Service
X-Gateway-Request-Id
X-Li-Pop
Tube-Get-Contents
X-LI-UUID
Srvid
X-UnsetCookies
Click-Count-Action-Start
Tube-Return
X-M-Reqid
X-Ha-Backend
X-Via-PopH
X-Via-PopN
GeoIP-Latitude
X-Via-PopV
X-URL
X-ND-Cache
X-Alfa-Service
X-Qnm-Cache
X-M-Log
GeoIP-Country-Code
X-RAMCache
Uri
X-Time-Microsecs
Esi-Enabled
WZWS-RAY
X-Dynatrace
X-DynaTrace-JS-Agent
On-Server
X-CUA
Resin-Trace
X-ServedByHost
Sid
HIT
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
MIME-Version
X-ATG-Version
Target-Params
Tracecode
Srv
X-Fetch-By
X-CCDN-Origin-Time
Cf-Device-Type
X-Geo
X-Proxy-Cache-Hk
X-CCDN-CacheTTL
Epwk-X-Cache
X-Fragments
X-Hcs-Proxy-Type
X-LI-Proto
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
X-Cdn-Forward
Cdn
Fastly-Drupal-HTML
X-TRACE-ID
X-Fastly-Backend
X-Sucuri-ID
X-FC-Vary-Parameters
X-Backend-Host
X-Sucuri-Cache
Lfy
X-Var-Ttl
X-APP
X-Fastly-Backend-Reqs
X-Cache-Ttl
Tcn
X-Esi
X-Azure-Ref-OriginShield
X-Varnish-Beresp-Status
X-B3-Traceid-Primal
X-App
X-Lb-Nocache
ENV
X-Edge-POP
XServer
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Cache-Expires
ServerName
Section-Io-Origin-Status
Section-Io-Id
X-LiteSpeed-Cache-Control
X-MG-S
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-ElasticPress-Query
PICS-Label
X-Backend-State
X-Li-Proto
X-NU-AKA-ACS-Version
Magicmarker
X-Newrelic-App-Data
CF-Cached-On
X-Yottaa-OS
Inserted-Into-Cache-At
X-Dw-Trace-Id
X-Edge-Origin-Shield-Bytes
D-Url-Rewrites
Wpo-Cache-Message
X-Acquia-Application-Trace
X-Iplb-Instance
X-Acquia-Site
Wpo-Cache-Status
X-Acquia-Application-UUID
Cf-Ipcountry
X-Acquia-Purge-Tags
X-Iplb-Request-Id
X-Edge-Origin-Shield-Region
Server-Ttl
X-Serial
M-TraceId
X-HostName
X-CF-Powered-By
X-Nc
X-Vcache
WebServer
Servedby
Warning
X-UA
X-Wp-Cf-Super-Cache
X-Vercel-Cache
X-Vercel-Id
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
True-Client-Ip
Hit
Fastcgi-Cache-Ttl
X-B3-Parentspanid
X-Dist-Code
X-Th-Server
X-Request-Url
X-Back
Content-Style-Type
X-Release
X-BBC-Origin-Response-Status
Content-Script-Type
X-Storefront-Renderer-Verified
X-Snapshot-Date
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Cache-CFC
X-Request-URL
X-Request-Start
Ngx
Cneonction
X-Litespeed-Cache-Control
CountryCode