Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Report-To
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Backend
X-Proxy-Cache
X-Server-Powered-By
X-Ua-Compatible
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
NEL
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Pingback
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
Accept-CH
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country
X-Cloud-Trace-Context
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-B3-TraceId
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Trace
X-Url
Allow
X-Ac
X-Content-Type
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-Aws-Lambda-Call-Status
X-Mod-Pagespeed
X-Server-Name
X-ESI
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
MS-Author-Via
X-Upstream
X-FastCGI-Cache
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-GitHub-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-Abt-Application-Version
X-D2id
X-Cache-TTL
X-Cnection
X-Px
RTSS
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Navigation-Version
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-Goog-Hash
X-NF-Request-ID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Powered-CMS
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
Display
X-Middleton-Display
X-Sol
Pagespeed
X-Version
X-Origin-Cache
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
X-TTL
TCN
X-RateLimit-Remaining
X-Edge
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Protected-By
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-T
X-CST
X-Ruxit-Js-Agent
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Forwarded-For
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Content-MD5
S
Edge-Cache-Tag
X-Aspnetmvc-Version
Accept-Ch
X-Language
SPRequestDuration
SPIisLatency
Fastcgi-Cache
Front-End-Https
X-Mid
X-Webkit-Csp
Realpath
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Recruiting
X-Pinterest-Rid
Pinterest-Generated-By
X-Ttl
X-DynaTrace
Pinterest-Version
Filters
X-Frontend
Server-Name
X-Ua-Browser
X-MCACHE
X-Content
X-Ab
X-Correlation-Id
X-Cache-Key
X-NWS-LOG-UUID
X-Ser
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Ezoic-Cdn
X-Template
X-SharePointHealthScore
SPRequestGuid
X-Hits
X-Parallel-Accel
X-ECACHE
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Tt-Trace-Host
Cache-Tags
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Charset
X-Page-Id
X-B3-Sampled
Host
Alternate-Protocol
Cleartype
X-Server-ID
X-Www-Served-By
X-Git-Hash
Fusion-Source
Fusion-Template-Id
X-Geo-Country
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
X-Content-Options
X-Daa-Tunnel
X-Debug-Info
X-DIS-Request-ID
X-Hostname
X-Amzn-Trace-Id
X-Ratelimit-Limit
X-Content-Digest
X-Amz-Replication-Status
X-Varnish-Age
Filterid
Cross-Origin-Opener-Policy
X-Activity-Id
X-Az
X-AppVersion
X-Grace
X-Upgrade-Enabled
X-Accel-Expires
X-FB-Debug
X-Fastly-Request-Id
X-VCache
X-WebKit-CSP-Report-Only
ServerID
X-F-Cache
X-Forwarded-Proto
X-N
X-Nginx-Upstream-Cache-Status
X-Origin-Server
X-Rid
Access-Control-Allow-Method
X-Mobile-URL
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Flags
X-LB-Cache
X-Type
X-TT
X-Whom
X-XRDS-LOCATION
TP-Cache
TP-L2-Cache
X-Seen-By
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Varnish-Grace
X-Goog-Generation
Viewport
X-App-Environment
X-Goog-Storage-Class
X-Tb
Payment
X-FW-Server
X-FW-Dynamic
X-Distributor
X-FW-Hash
X-FW-Serve
Node
X-FW-Static
X-FW-Type
Paypal-Debug-Id
DC
X-User-Agent
X-Fastcgi-Cache
X-DataDome
X-App-Server
Accept-Charset
Fastcgi-Useragent
X-Wix-Request-Id
Country
X-Oneagent-Js-Injection
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Fastly-Request-ID
X-Cache-Control
X-Ratelimit-Reset
X-Cache-Rule
X-NGENIX-Cache
X-Litespeed-Cache
X-Via-JSL
X-Origin-Upstream-Status
Version
Referer-Policy
X-Drupal-Cache-Tags
X-Microsite
X-Request-Handler-Origin-Region
X-Cluster-Name
X-Logged-In
X-Cache-Age
X-Contextid
X-Signature
X-Buckets
X-B-Cache
Cache-Status
Refresh
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Node-Name
VIX-Pulpo-Upstream-Status
X-Response-Served-From
X-Mobile
X-Original-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Backend
X-Load-Cache
SD-X-WS
VIX-Pulpo-Node
X-Is-Bot
X-Page-View
X-Real-IP
X-Vgn-Hpd-Reason
X-Rendered-As
X-Cache-Expired-At
X-Jobs
X-IPLB-Instance
X-B
NGB
X-Debug
X-Revision
X-Proxy-Cache-Status
X-Cacheable-TTL
Access-Control-Request-Headers
X-Cache-Action
X-Device-Type
X-ProcessESI
X-Instance
X-UUID
X-Rule
X-Yottaa-Metrics
X-RemovedCookies
X-Proxy
X-Yottaa-Optimizations
Akamai-GRN
Surrogate-Key
X-Drupal-Cache-Contexts
X-Cache-Time
X-Debug-IsConnected
X-Debug-IsPreview
X-Framework
X-FW-Version
X-G
CF-IPCountry
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Accel-Buffering
SID
DynaTrace
X-Oracle-Dms-Ecid
X-XRDS-Location
X-Oracle-Dms-Rid
X-Presslabs-Stats
GEO-INFO
Count-Hit
X-Azure-Ref
X-Cache-NGX
X-PressLabs-Stats
X-Source
Uber-Trace-Id
Liferay-Portal
X-Cache-Operation
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache
X-APP-VERSION
X-Zen-Fury
Frame-Options
X-EdgeConnect-Cache-Status
X-CDN-Forward
X-RTag
Ms-Operation-Id
MS-CV
Protected
Healthy
X-Cache-Hit
X-TEC-API-ORIGIN
X-Environment-Context
X-Mode
Countrycode
X-TEC-API-VERSION
Xserver
X-Backend-Name
X-TEC-API-ROOT
X-L-Path
X-RateLimit-Limit
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Varnish-Server
Ec-Rule-Version
X-IPS-LoggedIn
X-Tumblr-Pixel
Cross-Origin-Window-Policy
X-Cache-TTL-Remaining
X-Hyper-Cache
LB
Backend
X-Adobe-Content
X-Adobe-Loc
X-Region
X-UPSTREAM-Address
WPO-Cache-Message
X-Tid
X-Detected-As
X-RN-RSRV
Meta-Geo
X-Content-Age
X-Forwarded-Host
X-SaId
X-JoinUs
X-Rewrite-Enabled
WPO-Cache-Status
X-Servername
X-Debug-Cache
X-Trace-Id
X-Routing-Service
X-Shopify-Stage
X-Generation-Time
X-Hosted-By
Country-Code
X-ShardId
X-Format
Eomportal-Instance
X-ShopId
Decoy-Debug-Key
X-Sql-Duration-Ms
X-Cache-Server
X-Extlb
X-Cache-Grace
X-Zipkin-Id
X-Ratelimit-Remaining
X-Uri
X-Proxied
X-Alternate-Cache-Key
Content-Disposition
Decoy-Debug-TTL
X-Redis-Cache
X-Sql-Count
Apigw-Requestid
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Decoy-Debug-Status
X-ApacheServer
X-FB-TRIP-ID
Cache-Name
Mn-Server-Ip
Fastly-SSL
X-Access
Url
Section-Io-Cache
X-Content-Powered-By
X-PHP-Backend
X-PERF
X-ServerID
X-Varnish-Beresp-Grace
X-Human
X-Via-Fastly
X-PCL
X-Section
X-Status
X-Microcachable
X-NCache
X-No-Session
X-Origin-Date
X-OCL
X-Site-Version
TWC-Device-Class
TWC-GeoIP-Country
CDN-PullZone
X-Say-Cacheable
TWC-Privacy
TWC-Locale-Group
CDN-Uid
Selected-Fe
Webcakes-App-Name
X-Server-W
CDN-RequestId
X-SayCDN-TTL
X-Say-TTL
Property-Id
CDN-RequestCountryCode
TWC-Connection-Speed
CDN-Cache
X-Cache-Type
X-ProxyCache-Status
X-Pubstack
X-ProxyCache-Key
X-Cluster-Node
X-NYM-Debug-Backend
X-Origin-Hint
X-Proxy-Build
X-Cache-Host
X-BYPASS-REASON
CDN-EdgeStorageId
X-Storage
Webcakes-Region
CDN-CachedAt
X-Timing-Wait
X-UA-Device-Type
X-Akamai-Edgescape
Webcakes-App-Version
TWC-GeoIP-LatLong
Cache-Tv-Group
X-Soup
X-Hl-Ver
X-Generated-By
X-Be
X-Web-Node
X-Varnishpool
X-R9-Blue-Green-Version
Azure-SlotName
Azure-RegionName
Content-Secure-Policy
Azure-Version
Azure-InstanceId
Azure-SiteName
X-TIME
X-Ua
X-LSADC-Cache
DB-Nickname
X-NewRelic-App-Data
Retry-After
X-Nginx-Cache-Key
X-Webkit-CSP
X-Dc
OT-Force-Account-Verify
X-Azure-Ref-OriginShield
X-Cached-By
Source
X-Bc-Bl
X-Cache-Remote
X-Unique-Id
X-Platform-Server
Cache
X-Akamai-Transformed
SRV
X-TT-LOGID
X-Auto-Login
X-LAGOON
X-EC-Lua
X-Xfnlog-Site
X-Cache-Tags
X-GEO
Upgrade-Insecure-Requests
X-SRV
ServedBy
X-Varnish-Hits
X-ECache
Cache-Hits
X-Origin-CC
X-Origin-TTL
X-Varnish-Cache-Hits
X-Loop
X-TNCMS
X-HTML-Minification-Powered-By
X-Varnish-Hostname
X-Cdn
From-Origin
Onion-Location
X-Request-Time
Mime-Version
X-S-Maxage
Xet-Cookie
HostName
X-App-Version
X-AOL-HN
X-CSRF-Token
X-Request-Host
Webserver
X-NWS-UUID-VERIFY
WP-Super-Cache
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Web-Mar-Node
X-Time
X-Proto
N-Cache
X-Cache-Enabled
X-Handled-By
X-Endurance-Cache-Level
X-FireWall-Port
X-Tenant
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-GG-Cache-Date
X-Origin-Response-Time
X-Time-Microsecs
X-B3-SpanId
X-SRCache-Key
X-Slack-Backend
X-Adobe-Source
X-Conf
X-Ckpd-Fst-Backend
Vix-Hermes-Req-Id
X-Cluster
V-Age
X-Edge-Location
Nel
X-External-Request-Id
X-Reqid
X-Epic-Correlation-Id
X-Session-Fingerprint
X-D
X-Shop-Environment
X-Destination
X-Developer
X-Connection-Hash
X-CF-Lambda-Fn
X-VG-WebCache
Xc-Version
X-A-Ccd
X-Application
X-Aed
X-A-Wwc
X-Vtex-Processado-Em
X-A-Dcw
X-Vtex-Remote-Cache
X-A-Dgt
X-ARC
X-Vdms-Version
X-TIM-N
X-A
X-Cache-NE
X-A-Dam
X-V-Cache
X-Block-Status
X-Vdms-Path
X-B-Cookie
X-Backend-TTL
X-CF-Lambda-Version
X-Forwarded-Path
User-Cache-Control
X-Planisys-CDN-Rules
BehaviorPad-Version
X-Planisys-CDN-Cache
Pramga
Expiry
X-Rojux
Redirect-Candidate
Odigeo-Trace-Id
Mobile-Detection-Method
X-Orig-Expires
X-Planisys-CDN-TTL
X-Processor
Fastcgi-X-Cache-Version
Meta-Geo-Continent
X-NAPM-TraceId
X-ND-Cache
Rendered-Blocks
DCR-Decision-By
X-ScT
DCR-Processing-Time-Ms
X-Correlation-ID
X-SD-PageType
X-PAYTM-SRV-ID
X-Ftr-Request-Id
X-RCS-CacheZone
X-Gen-Mode
Surrogated-Key
A
X-Ig-Push-State
Sslversion
X-S-Cookie
X-S
X-PBS-Appsvrname
X-Hnp-Log
X-Mg-Request-UUID
X-Magnolia-Registration
X-MP-GENERATED-AT
X-Webstats-RespID
DSUID
Origin
State
Svr
True-Client-Country-4JS
Wxu-Next-Commit
Wxu-Next-Hostname
Gh-Request-Id
Host-ID
Wxu-Next-Region
Fastcgi-Cache-TTL
X-Sucuri-ID
X-Location
X-Rocket-Nginx-Serving-Static
X-Men
X-LI-UUID
X-Li-Pop
X-Hash
X-Scheme
X-Li-Fabric
X-Mvc-Supplant-Cachable
X-NodeID
X-Policy
X-Origin
X-Origin-Expires
X-Proxy-Upstream
X-Old-Content-Length
X-Nyt-Route
X-Request-URI
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Cache-Date
X-Cache-Info
X-Cdn-Srv
X-SVT-ORM-VERSION
X-VG-TLSProxy
X-Accel-Expires-Debug
X-Aicache-OS
X-SVT-ORM-RULES
X-Origin-Time
X-Gdpr
X-Server-IP
X-Geo-Header
X-Forwarded-Site
X-Fastly-Cache
X-Sucuri-Cache
X-Date
X-Viewer-Country
X-Cache-Bucket
CacheControlHeader
Apple-News-Services-Handled
X-Cache-Var
Apple-News-Services-Host
Arc-Country
Apple-News-Services-Parsed-Url
X-PHP-Host
AKAMAI
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-Cache-Var-Map
Cmstype
Apple-News-Services-Request-Url
CloudFront-Viewer-Country
S-Rt
X-Amz-Apigw-Id
Cmsid
CDCHOST
Environment
Server-Info
X-Device-Os
X-Developers
X-Generated-On
X-Esi-Check
X-Fastly-Backend
X-Eu-Site
X-Gamma-Serve
X-Fetched-On
X-Envoy-Decorator-Operation
X-Core-Mission
X-Branch-Name
X-Cache-Debug
X-BBC-Edge-Cache-Status
X-Backend-State
Web-Mar-Region
X-Cache-Id
X-Cdn-Origin
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Core-Value
X-CGP
X-Datadog-Trace-Id
X-Irp-Debug
X-Sn-Servicetimems
X-Http-Reason
X-Skip-Cache
X-Sigma-Backend
X-Akamai-Request-ID2
X-Sigma
X-Storefront-Renderer-Rendered
X-TH-Server
X-VarnishDD-TTL
X-VServer
X-Varnish-Beresp-Status
X-UnsetCookies
X-TrackingId
X-Served-From
X-Rocket-Build-Number
We-Hiring
X-Level-Front-Cache
X-HS-Content-Campaign-Id
X-HN
X-GeoIP-City
X-Gzip
X-Locale
AMP-Access-Control-Allow-Source-Origin
X-Region-Sid
X-Req
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Owner
X-GeoIP
X-Platform
PFcat
Origin-EX
Release
Req-Svc-Chain
Ssr
Server-Host
Origin-CC
Mail-Subject
HA-Ipaddr
Fastly-GeoIP-CountryCode
L
L5d-Success-Class
Machine
Locid
Traceparent
Ha-Gx-Prefs
X-Via-NSCOPI
X-Is-Gdpr
X-Has-Esi
X-JWT-State
X-Node-Id
X-NU-AKA-ACS-Version
Platform
X-Loc
X-Varnish-Beresp-Ttl
Adler-Geo
TDXMobile
Thinkindot-CacheControl
X-DefElseHash
X-DefHash
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
NM-Fastcgi-Cache
X-Qloud-Router
X-Varnish-CookieHashed-On
X-Variation
Cf-Device-Type
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
Magicmarker
X-Worker
X-Amzn-Remapped-Content-Length
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Memcached
X-Response-By
Fastly-SWR
Is-Eu
X-Pod-Name
X-Thinkindot-L3
Fastly-Drupal-Html
Thinkindot-Control
Thinkindot-CacheControl-Type
X-ATG-Version
X-VC-Cache
X-Xrds-Location
NGX
X-Request-Start
X-Tx-Id
X-Restarts
X-TraceId
X-Ua-Device
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Bip
X-API-Version
X-NC
Kp-EeAlive
X-CS
X-Thanos
X-Zone
X-DI
X-LB-ID
X-RPM
Pics-Label
X-DSS
X-Wix-Viewer-Type
X-RPS
X-DW
X-DB
X-Generated-In
X-Mvc-Supplant-OutputCached
X-Cache-Backend
CDN
X-RSL
X-Action
X-Up
X-LB-NoCache
Edge-Cache
Accept-Language
X-Trace-ID
Ms-Author-Via
X-Cache-Config
Time
Memory
X-Tt-Logid
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Pop
X-Optimistic-Header
Env
X-Minions-Version
X-Refresh
X-CacheTTL
X-Srv
X-Datadome
WebServer
X-Via-Popv
X-Via-Poph
GeoIp-Country-Code
X-Via-Popn
X-Varnish-Ttl
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
Candidate-Md5Url
Datacenter
NtCoent-Length
X-ZONE
X-HA-Backend
X-Vc
X-DC
X-CACHE-KEY
X-DynaTrace-JS-Agent
X-User
X-Ec-GeoHdr
X-Ec-Fail
X-Cs
Server-ID
X-Esi
X-Servedbyhost
On-Server
WWW-Authenticate
X-TA-CDN-Provider
X-Parent-Response-Time
X-TX-ID
X-Unique-ID
X-MSEdge-Flight
Esi-Enabled
X-MSEdge-Features
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-TTL
X-AK-Request-ID
X-Service
C-Via
X-VCL-Version
Cdnsip
X-Cache-PHP
Cdncip
X-Newrelic-Synthetics
My-App
X-Clara-WADP
X-App
X-Li-Proto
X-LI-Proto
X-Cache-Ttl
Geoip-Latitude
X-Fmm-Version
X-FPC
X-WADP-Cache
Cluster
X-URL
X-B3-Spanid
Proxy-Connection
X-Fpc
Test
Tracecode
X-Dynatrace
X-Var-Ttl
X-Webkit-Csp-Report-Only
X-CUA
Geo-Info
X-Pass-Why
X-Traceid
DataCenter
X-Cache-Status-Check
Fastly-Drupal-HTML
Lfy
X-Render-Time
T-Server
X-Vcl-Version
X-From
X-NODE
X-Webkit-CSP-Report-Only
Cf-Int-Pingora-Origin-Digest
X-LiteSpeed-Cache-Control
Lang
X-Fragments
X-Mcache
X-CSRF-TOKEN
Resin-Trace
Server-Id
Target-Params
M-TraceId
X-VC
X-WP-CF-Super-Cache
X-Ha-Backend
X-WP-CF-Super-Cache-Cache-Control
MIME-Version
Hostname
X-Geo
X-Provided-By
X-RAMCache
X-Clientip
X-ServedByHost
X-ID
X-B3-Traceid
X-LiteSpeed-Tag
Hit
Permissions-Policy
X-Oss-Hash-Crc64ecma
X-Httpd
GeoIP-Country-Code
X-Proxy-Cache-Info
X-Via-PopV
UCS
X-Oss-Object-Type
X-Info
HIT
X-NGINX-Cache
X-AIR-PT
Cache-Host
X-Via-PopN
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Via-PopH
X-Dynatrace-Js-Agent
Section-Io-Origin-Time-Seconds
X-Pad
X-Edge-POP
Producers
WZWS-RAY
X-Check-Cacheable
Servername
Section-Origin-Responded
Section-Io-Origin-Status
ENV
S-Cnection
Section-Io-Id
X-Cdn-Forward
X-Api-Version
X-Fastly-Backend-Reqs
FSS-Cache
X-Edge-Cache
Ohc-File-Size
X-SB
X-Udemy-Cache-App-Namespace
X-BBC-Origin-Response-Status
X-Pool
X-HS-Status
X-ElasticPress-Query
X-Micro-Cache
X-Ucs
Fastly-Backend-Name
X-UP
User-Agent
X-Platform-Processor
X-ServerName
X-Platform-Cluster
X-Platform-Router
Load-Balancing
X-GoCache-CacheStatus
X-Backend-Host
X-Release
PICS-Label
X-Acquia-Site
URI
ServerName
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Cache-CFC
X-Acquia-Application-UUID
X-Lb-Id
X-Scale
Uri
X-Lb-Nocache
X-Ec-Custom-Error
Sid
X-TRACE-ID
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Nc
Cteonnt-Length
X-Cache-Expires
X-Cdn-Request-ID
IsBot
MD5-Digest
Server-Hostname
X-BCube-Filmed-By
Server-Ext
Cneonction
X-APP
Tcn
Server-Ttl
X-SIPLIST1
Cdn
X-Dispatcher-Number
EpKe-Alive
X-Swift-Error
X-Fastly-Cache-Hits
X-RateLimit-Reset
Sever-Int
X-Dw-Trace-Id
X-Via-Ucdn
X-Akamai-ERPolicy
Cf-Ipcountry
X-Akamai-ERRuleID
X-Newrelic-App-Data
Vha6-Origin
X-Snapshot-Date
Wpo-Cache-Status
X-Contensis-Viewer-Groups
CF-Cached-On
Shield-Pop
X-B3-ParentSpanId
X-Cache-ASPX
X-Vcache
Wpo-Cache-Message
Ohc-Cache-HIT
Path
X-Yottaa-OS
X-HostName
X-Air-Pt
X-Cache-Ngx
X-IN-APIGATEWAYSSL
X-Apw-Hits
X-Litespeed-Cache-Control
X-IN-APIGATEWAY
X-Logging-Id
X-CacheKey
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Varnish-Authentication
X-B3-Parentspanid
X-Shopify-Generated-Cart-Token
X-Akamai-Pragma-Client-IP
X-Te-Duration-Ms
X-Sentry-ID
VNS-Age
X-Te-Count
X-Http-Duration-Ms
VNS-Cache
Ngx
X-Http-Count
CPC-Age
X-Last-Modified
Cache-Key
CPC-Cache
X-UA
Req-ID
X-WA-Info
CountryCode
X-WA
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-Request-ID