Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
Report-To
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
NEL
P3p
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-UA-Device
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Server
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
EagleEye-TraceId
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Accept-CH
X-Device
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Accept-CH-Lifetime
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-B3-TraceId
X-Cloud-Trace-Context
X-Country
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Trace
X-Url
Allow
Accept-Ch-Lifetime
X-Aws-Lambda-Call-Status
X-Content-Type
X-PC
X-Vname
X-TtlSet
X-Ac
X-Clacks-Overhead
Edge-Control
X-Server-Name
X-Varnish-TTL
Fastly-Restarts
X-ESI
X-Mod-Pagespeed
Cache-Tag
X-Rack-Cache
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
Verso
MS-Author-Via
X-Element-Page-Cache
X-Vcap-Request-Id
X-Amz-Rid
X-Upstream
X-MS-InvokeApp
Public-Key-Pins
X-GitHub-Request-Id
X-Dw-Request-Base-Id
X-Abt-Application-Version
X-Client-IP
X-Cached
RTSS
X-Cnection
X-D2id
X-Cache-TTL
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Px
X-Navigation-Version
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
Access-Control-Request-Method
X-Country-Code
X-NF-Request-ID
X-Goog-Hash
X-TTL
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Pagespeed
X-Sol
X-CST
X-Middleton-Display
Display
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-SID
AR-Request-ID
X-Version
X-Powered-CMS
X-Middleton-Response
Response
X-Origin-Cache
X-RateLimit-Remaining
X-LLID
X-MSEdge-Ref
Nginx-Cache
TCN
X-Kinsta-Cache
X-Edge-Location-Klb
X-Amz-Server-Side-Encryption
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Edge
X-Protected-By
X-T
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-For
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Shield-Request-Id
X-Aspnetmvc-Version
X-Id
X-Language
Edge-Cache-Tag
S
X-Ruxit-Js-Agent
SPRequestDuration
Content-MD5
SPIisLatency
Front-End-Https
Fastcgi-Cache
X-Mid
Realpath
Pinterest-Generated-By
X-Request-Processing-Time
X-Pinterest-Rid
Pinterest-Version
X-Request-Received
Server-Node
X-Frontend
X-Cache-Key
Filters
X-Recruiting
X-NWS-LOG-UUID
Server-Name
X-Ser
X-Ua-Browser
X-Content
X-Ab
X-Correlation-Id
X-Template
X-Yandex-Sdch-Disable
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-MCACHE
X-HS-Combine-CSS
X-DynaTrace
X-Ezoic-Cdn
X-SharePointHealthScore
SPRequestGuid
X-Hits
X-ECACHE
X-Parallel-Accel
X-Kong-Proxy-Latency
X-Ttl
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cache-Tags
X-B3-Sampled
Charset
X-Page-Id
Cleartype
Host
X-Debug-Info
X-Www-Served-By
X-Git-Hash
X-Geo-Country
X-DIS-Request-ID
Accept-Ch
X-Content-Options
X-Ratelimit-Limit
Alternate-Protocol
X-Content-Digest
Cross-Origin-Opener-Policy
X-Amzn-Trace-Id
X-ASPNET-VERSION
X-Hostname
X-DataDome
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
X-Amz-Replication-Status
Filterid
X-FB-Debug
X-F-Cache
X-Grace
X-Varnish-Age
ServerID
X-Upgrade-Enabled
X-Az
X-AppVersion
X-Activity-Id
X-Accel-Expires
X-VCache
X-N
X-Nginx-Upstream-Cache-Status
X-WebKit-CSP-Report-Only
X-Rid
X-Fastly-Request-Id
X-Mobile-URL
X-Ratelimit-Reset
X-Forwarded-Proto
Access-Control-Allow-Method
X-LB-Cache
X-Type
X-Seen-By
X-Server-ID
X-Tb
X-Whom
X-Origin-Server
X-Distributor
X-TT
X-FW-Server
X-Is-Crawler
X-Goog-Stored-Content-Length
X-Providence-Cookie
Payment
X-Request-Guid
X-Goog-Metageneration
X-FW-Type
X-FW-Static
Viewport
X-FW-Dynamic
X-Aspnet-Duration-Ms
X-App-Environment
X-GUploader-UploadID
X-Flags
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Route-Name
X-Goog-Generation
X-FW-Hash
X-FW-Serve
Node
X-Varnish-Grace
X-User-Agent
X-Wix-Request-Id
Fastcgi-Useragent
DC
Paypal-Debug-Id
Country
Accept-Charset
X-Oneagent-Js-Injection
X-Fastly-Request-ID
TP-Cache
TP-L2-Cache
X-XRDS-LOCATION
X-App-Server
X-Cache-Rule
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Litespeed-Cache
X-Webkit-Csp
X-Via-JSL
X-Cluster-Name
X-Cache-Control
X-Drupal-Cache-Tags
Version
X-NGENIX-Cache
X-B-Cache
X-Signature
X-Fastcgi-Cache
X-Cache-Age
X-Buckets
X-Microsite
X-Contextid
X-Request-Handler-Origin-Region
Cache-Status
Amp-Access-Control-Allow-Source-Origin
Referer-Policy
X-Node-Name
X-Logged-In
Refresh
X-Origin-Upstream-Status
SD-X-WS
VIX-Pulpo-Node
X-Response-Served-From
X-Mobile
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Real-IP
X-Is-Bot
X-Jobs
X-Cache-Expired-At
X-IPLB-Instance
X-Load-Cache
X-Rendered-As
X-Vgn-Hpd-Reason
Access-Control-Request-Headers
X-Debug
X-Yottaa-Metrics
X-Cacheable-TTL
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
NGB
X-B
X-Browser-Type
X-Varnish-Backend
X-Yottaa-Optimizations
X-Revision
X-Proxy-Cache-Status
X-Rule
X-UUID
X-Page-View
X-Drupal-Cache-Contexts
X-Cache-Action
X-Device-Type
X-Proxy
Surrogate-Key
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Version
X-RemovedCookies
X-ProcessESI
Akamai-GRN
X-Instance
X-G
X-Framework
X-Cache-Time
X-Accel-Buffering
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-XRDS-Location
CF-IPCountry
X-Presslabs-Stats
GEO-INFO
X-Cache-NGX
SID
Count-Hit
Uber-Trace-Id
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-APP-VERSION
X-Cache-Operation
X-Azure-Ref
X-Source
X-Ms-Version
X-Ms-Request-Id
X-Nginx-Cache
Protected
X-Zen-Fury
X-EdgeConnect-Cache-Status
X-TEC-API-ROOT
X-Servername
X-RateLimit-Limit
X-TEC-API-ORIGIN
X-TEC-API-VERSION
DynaTrace
WPO-Cache-Status
WPO-Cache-Message
X-Trace-Id
Frame-Options
X-PressLabs-Stats
Liferay-Portal
Ms-Operation-Id
X-CDN-Forward
X-RTag
Ec-Rule-Version
X-Cache-Hit
MS-CV
X-Hyper-Cache
X-Backend-Name
X-Cache-TTL-Remaining
X-IPS-LoggedIn
Countrycode
Healthy
Cross-Origin-Window-Policy
Content-Disposition
X-Tumblr-Pixel-1
X-Tumblr-User
X-Ratelimit-Remaining
X-Tumblr-Pixel-0
Xserver
X-Tumblr-Pixel
X-L-Path
X-Mode
X-Adobe-Loc
Backend
X-Environment-Context
X-Adobe-Content
X-Cache-Grace
Url
X-Varnish-Server
X-Tid
X-UPSTREAM-Address
X-SaId
X-RN-RSRV
X-Rewrite-Enabled
Meta-Geo
X-JoinUs
X-Detected-As
X-Routing-Service
X-Cache-Server
Retry-After
X-Sorting-Hat-ShopId
Decoy-Debug-Status
X-Debug-Cache
Decoy-Debug-TTL
X-Shopify-Stage
X-NewRelic-App-Data
Decoy-Debug-Key
X-ShopId
Apigw-Requestid
X-Redis-Cache
X-Content-Age
X-ShardId
Eomportal-Instance
X-Sorting-Hat-PodId
X-Generation-Time
X-Zipkin-Id
X-Proxied
Country-Code
LB
Cache-Name
X-FB-TRIP-ID
X-Uri
X-Extlb
X-Format
X-Alternate-Cache-Key
X-OCL
CDN-Cache
X-Origin-Date
CDN-CachedAt
CDN-Uid
CDN-EdgeStorageId
CDN-RequestId
X-Access
X-Forwarded-Host
X-Human
X-PCL
Mn-Server-Ip
CDN-RequestCountryCode
X-Akamai-Edgescape
X-ApacheServer
X-NCache
X-No-Session
X-Hosted-By
X-Microcachable
CDN-PullZone
X-NYM-Debug-Backend
X-UA-Device-Type
X-Site-Version
X-Status
X-Section
X-SayCDN-TTL
X-Say-TTL
X-PERF
X-Via-Fastly
X-Generated-By
X-Sql-Count
X-Sql-Duration-Ms
X-Web-Node
X-Say-Cacheable
X-ServerID
X-PHP-Backend
X-Region
X-ProxyCache-Key
Property-Id
Selected-Fe
X-Content-Powered-By
X-Varnish-Beresp-Grace
X-ProxyCache-Status
X-Cluster-Node
Fastly-SSL
X-Proxy-Build
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Timing-Wait
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
X-Storage
Cache-Tv-Group
X-Pubstack
Webcakes-Region
X-Cache-Type
X-Be
X-Cache-Host
X-TIME
X-BYPASS-REASON
X-Server-W
X-R9-Blue-Green-Version
X-Soup
X-Hl-Ver
X-Varnishpool
X-Nginx-Cache-Key
Azure-InstanceId
X-Unique-Id
Azure-RegionName
Content-Secure-Policy
Azure-SlotName
Section-Io-Cache
Azure-Version
Azure-SiteName
X-Webkit-CSP
X-Ua
X-LSADC-Cache
X-Cache-Remote
DB-Nickname
X-Platform-Server
X-Dc
X-Azure-Ref-OriginShield
X-Cached-By
X-Bc-Bl
Cache
X-Akamai-Transformed
X-Xfnlog-Site
X-Cache-Tags
X-Auto-Login
ServedBy
X-GEO
OT-Force-Account-Verify
Source
Upgrade-Insecure-Requests
X-TT-LOGID
From-Origin
X-AOL-HN
X-Varnish-Cache-Hits
X-Cdn
X-Origin-TTL
X-LAGOON
X-Origin-CC
Xet-Cookie
X-Request-Time
Mime-Version
X-NWS-UUID-VERIFY
SRV
WP-Super-Cache
X-Varnish-Hits
X-Request-Host
HostName
Cache-Hits
X-Varnish-Hostname
X-TNCMS
X-SRV
X-Loop
Onion-Location
X-S-Maxage
S-Rt
X-Akamai-Request-ID2
X-CSRF-Token
X-Cache-Enabled
X-HTML-Minification-Powered-By
Webserver
X-FireWall-Port
X-Http-Reason
X-ECache
X-Handled-By
X-EC-Lua
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Endurance-Cache-Level
X-B3-SpanId
Web-Mar-Node
X-RCS-CacheZone
X-Time
Server-Info
X-Adobe-Source
X-Reqid
N-Cache
X-Correlation-ID
Nel
X-Magnolia-Registration
X-Origin-Response-Time
X-App-Version
X-Processor
X-GG-Cache-Date
X-NAPM-TraceId
Redirect-Candidate
DCR-Processing-Time-Ms
Sslversion
Surrogated-Key
X-D
X-Destination
X-Developer
Pramga
Rendered-Blocks
Fastcgi-X-Cache-Version
Expiry
X-Epic-Correlation-Id
X-Planisys-CDN-Cache
X-Orig-Expires
BehaviorPad-Version
Meta-Geo-Continent
X-Ftr-Request-Id
X-Rojux
DCR-Decision-By
X-Block-Status
X-Forwarded-Path
X-Mg-Request-UUID
Mobile-Detection-Method
X-External-Request-Id
A
Odigeo-Trace-Id
X-Planisys-CDN-Rules
X-Hnp-Log
X-PBS-Appsvrname
X-ND-Cache
X-PAYTM-SRV-ID
X-Gen-Mode
X-Planisys-CDN-TTL
X-ScT
X-V-Cache
X-A-Dgt
X-S
X-Aed
X-CF-Lambda-Version
X-A-Dcw
X-TIM-N
X-A
X-Tenant
X-A-Ccd
X-A-Dam
X-Proto
X-CF-Lambda-Fn
X-ARC
X-Vtex-Remote-Cache
X-B-Cookie
Xc-Version
X-Backend-TTL
X-Vtex-Processado-Em
X-Cache-NE
X-Vdms-Path
X-Vdms-Version
X-Application
X-VG-WebCache
X-Ckpd-Fst-Backend
X-A-Wwc
X-Shop-Environment
X-Conf
X-Session-Fingerprint
X-Connection-Hash
X-S-Cookie
X-SD-PageType
User-Cache-Control
X-Ig-Push-State
Vix-Hermes-Req-Id
X-Slack-Backend
X-SRCache-Key
X-Cluster
V-Age
X-LJ-Flow-ID
X-AWS-Id
X-Locale
X-VWS-Id
State
X-Core-Mission
Fastcgi-Cache-TTL
X-Cache-Info
X-GeoIP-Region-Code
Gh-Request-Id
X-GeoIP-Country-Code
Svr
X-Hash
X-Cache-Bucket
Cmstype
Cmsid
Wxu-Next-Hostname
X-Fastly-Backend
DSUID
X-Cache-Date
Traceparent
Origin
True-Client-Country-4JS
Wxu-Next-Region
X-Cdn-Srv
X-Device-Os
X-Accel-Expires-Debug
Origin-EX
X-Fetched-On
Wxu-Next-Commit
X-Cdn-Origin
Origin-CC
X-Geo-Header
Host-ID
X-Fastly-Cache
X-Gdpr
X-Date
X-Aicache-OS
X-Nyt-Route
X-NodeID
X-Old-Content-Length
X-Origin
X-Request-URI
X-Mvc-Supplant-Cachable
X-VG-TLSProxy
X-Server-IP
X-Men
X-Origin-Expires
X-Origin-Time
X-Proxy-Upstream
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Policy
X-Sn-Servicetimems
CDCHOST
X-Time-Microsecs
X-MP-GENERATED-AT
X-Location
Arc-Country
Apple-News-Services-Handled
AKAMAI
X-Viewer-Country
Apple-News-Services-Host
X-Scheme
Apple-News-Services-Parsed-Url
X-Edge-Location
X-Forwarded-Site
X-Rocket-Nginx-Serving-Static
X-Webstats-RespID
Apple-News-Services-Request-Url
CacheControlHeader
X-Varnish-Ttl
X-Restarts
X-Zone
Environment
X-Amz-Meta-S3cmd-Attrs
Accept-Language
X-Sucuri-Cache
X-CGP
X-Sigma
X-Served-From
X-Storefront-Renderer-Rendered
X-Skip-Cache
X-Sigma-Backend
X-Varnish-CookieHashed-On
X-Worker
X-VServer
X-VarnishDD-TTL
X-Cache-Id
X-Cache-Debug
X-Branch-Name
X-Irp-Debug
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Thinkindot-L3
X-TH-Server
X-TrackingId
X-UnsetCookies
X-Core-Value
X-Variation
X-Sucuri-ID
X-Region-Sid
X-GeoIP
X-GeoIP-City
X-LI-UUID
X-Loc
X-Generated-On
X-FC-Vary-Parameters
X-Node-Id
X-Gamma-Serve
X-Li-Pop
X-Li-Fabric
X-JWT-State
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-Labrador-Cache-Channel
X-HN
X-Level-Front-Cache
X-Gzip
X-Has-Esi
X-Owner
X-PHP-Host
X-DefHash
X-Req
X-Developers
X-Response-By
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Rocket-Build-Number
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Platform
X-Esi-Check
X-Eu-Site
X-Qloud-Router
X-Envoy-Decorator-Operation
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-DPWN-IS-SECURE
X-Csrf-Jwt
X-DefElseHash
Cf-Device-Type
Req-Svc-Chain
Release
Platform
Adler-Geo
Server-Host
Thinkindot-CacheControl
Fastly-Drupal-Html
TDXMobile
Ssr
CloudFront-Viewer-Country
Fastly-GeoIP-CountryCode
Mail-Subject
L
Machine
L5d-Success-Class
Is-Eu
HA-Ipaddr
PFcat
Fastly-SIE
Fastly-SWR
Ha-Gx-Prefs
Locid
Thinkindot-CacheControl-Type
Thinkindot-Control
We-Hiring
Web-Mar-Region
X-Via-NSCOPI
X-ATG-Version
X-BBC-Edge-Cache-Status
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Xrds-Location
X-Varnish-Beresp-Ttl
X-RPS
X-RPM
X-RSL
X-Tx-Id
X-Cache-Backend
X-DW
X-DI
X-NU-AKA-ACS-Version
X-VC-Cache
X-Pod-Name
NM-Fastcgi-Cache
X-DB
X-Action
X-DSS
X-Varnish-Beresp-Status
Memcached
X-Amzn-Remapped-Content-Length
X-Ua-Device
X-TraceId
X-Backend-State
AMP-Access-Control-Allow-Source-Origin
X-Wix-Viewer-Type
Kp-EeAlive
Edge-Cache
Magicmarker
X-NC
NGX
X-Cache-Var
X-Cache-Var-Map
X-Up
CDN
X-CacheTTL
X-API-Version
X-Minions-Version
X-Srv
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-CS
X-Tb-Optimization-Total-Bytes-Saved
X-LB-ID
Pics-Label
X-Request-Start
X-Generated-In
X-LB-NoCache
Ms-Author-Via
X-Trace-ID
X-Mvc-Supplant-OutputCached
X-Optimistic-Header
X-Tt-Logid
X-Bip
Time
Memory
X-Thanos
Env
WebServer
X-M-Log
X-Refresh
X-Qnm-Cache
X-M-Reqid
X-Edge-Pop
X-TA-CDN-Provider
X-Via-Popv
X-Ec-Fail
X-Cache-Config
X-Via-Poph
X-Ec-GeoHdr
X-User
X-Via-Popn
X-Parent-Response-Time
GeoIp-Country-Code
X-CACHE-KEY
X-HA-Backend
X-Servedbyhost
X-DC
Datacenter
X-Esi
NtCoent-Length
Server-ID
X-Cs
X-Dynatrace
X-AK-Request-ID
Cdncip
X-MSEdge-Features
Candidate-Md5Url
X-MSEdge-Flight
Cdnsip
X-Vc
X-CLOUD-TRACE-CONTEXT
Cluster
My-App
X-WADP-Cache
X-Clara-WADP
X-Fmm-Version
X-DynaTrace-JS-Agent
X-Pass-Why
X-ZONE
X-TX-ID
WWW-Authenticate
X-Varnish-Beresp-TTL
Geoip-Latitude
On-Server
Tracecode
X-CUA
X-Fpc
X-VCL-Version
X-LI-Proto
DataCenter
X-From
X-Traceid
Esi-Enabled
X-Cache-Ttl
X-App
X-Var-Ttl
Lfy
T-Server
X-URL
X-Webkit-Csp-Report-Only
X-Fragments
Lang
X-VC
Cf-Int-Pingora-Origin-Digest
X-Datadome
X-Cache-PHP
X-FPC
X-B3-Spanid
Target-Params
C-Via
X-Li-Proto
X-Service
Fastly-Drupal-HTML
X-Webkit-CSP-Report-Only
X-NODE
X-WP-CF-Super-Cache
X-Newrelic-Synthetics
X-Unique-ID
Proxy-Connection
X-Vcl-Version
X-Provided-By
X-WP-CF-Super-Cache-Cache-Control
Geo-Info
X-Mcache
Test
M-TraceId
X-CSRF-TOKEN
X-RAMCache
Server-Id
X-LiteSpeed-Cache-Control
X-Cache-Status-Check
Permissions-Policy
X-Ha-Backend
Hostname
X-Render-Time
Resin-Trace
X-Httpd
X-ID
MIME-Version
X-COUNTRY
X-Proxy-Cache-Info
WZWS-RAY
Servername
Hit
X-ServedByHost
FSS-Cache
X-SB
GeoIP-Country-Code
X-Via-PopH
X-Clientip
X-NGINX-Cache
X-Via-PopV
X-Via-PopN
Producers
X-Dynatrace-Js-Agent
X-Geo
X-Udemy-Cache-App-Namespace
X-Edge-POP
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Pad
X-Cdn-Forward
X-Pool
X-Api-Version
X-Edge-Cache
X-Scale
X-Fastly-Backend-Reqs
ENV
X-Ec-Custom-Error
X-LiteSpeed-Tag
Section-Origin-Responded
X-Oss-Request-Id
Section-Io-Id
X-Oss-Server-Time
X-Oss-Storage-Class
Section-Io-Origin-Status
X-Oss-Object-Type
Cache-Host
Section-Io-Origin-Time-Seconds
X-Oss-Hash-Crc64ecma
X-Dispatcher-Number
HIT
X-ElasticPress-Query
X-Ucs
Cneonction
X-HS-Status
MD5-Digest
UCS
Sever-Int
URI
X-GoCache-CacheStatus
Cf-Ipcountry
IsBot
Uri
X-UP
Server-Hostname
ServerName
X-Lb-Nocache
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Via-Ucdn
S-Cnection
X-Lb-Id
PICS-Label
X-Cache-Expires
X-Cache-CFC
X-SIPLIST1
X-Check-Cacheable
X-Acquia-Site
X-BBC-Origin-Response-Status
Server-Ext
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Dw-Trace-Id
X-Info
X-AIR-PT
X-Cms-Context
Sid
X-Nc
X-Fastly-Cache-Hits
X-Cdn-Request-ID
X-RateLimit-Reset
Tcn
Server-Ttl
X-Swift-Error
X-Snapshot-Date
X-Akamai-Path-Stats
X-Akamai-ERRuleID
X-Akamai-ERPolicy
CF-Cached-On
X-Micro-Cache
X-Yottaa-OS
X-Wikidot-Static-Cache
Wpo-Cache-Status
Wpo-Cache-Message
X-Newrelic-App-Data
User-Agent
X-Vcache
X-Wikidot-Backend
X-B3-ParentSpanId
Fastly-Backend-Name
Vha6-Origin
Ohc-File-Size
X-Release
Ngx
Cteonnt-Length
X-HostName
X-Cache-Ngx
X-Air-Pt
X-IN-APIGATEWAY
X-WA-Info
X-Litespeed-Cache-Control
X-B3-Parentspanid
Inserted-Into-Cache-At
X-Fetch-By
X-IN-APIGATEWAYSSL
X-UA
X-Backend-Host
X-CacheKey
X-Akamai-Pragma-Client-IP
X-Apw-Hits
X-Logging-Id
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
Req-ID
CountryCode
X-Te-Duration-Ms
X-Last-Modified
X-Akamai-Request-ID
X-Te-Count
X-Http-Duration-Ms
X-Sentry-ID
X-Http-Count
X-Shopify-Generated-Cart-Token