Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
P3p
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Akamai-Path-Stats
X-Ua-Compatible
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-Proxy-Cache
X-UA-Device
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
X-HW
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
X-Url
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
Accept-Ch-Lifetime
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
Accept-Ch
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-Varnish-TTL
X-Amz-Server-Side-Encryption
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-B3-TraceId
X-Dw-Request-Base-Id
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Amz-Rid
X-Exp-Id
Public-Key-Pins
X-Px
X-Cnection
X-D2id
X-Edge
X-Ac
X-RateLimit-Remaining
X-Navigation-Version
X-FastCGI-Cache
X-Element-Page-Cache
Verso
X-Ser
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Client-IP
X-Powered-By-Plesk
X-Abt-Application-Version
X-Cache-TTL
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Ttl
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
X-Goog-Hash
X-Content-Security-Policy-Report-Only
Access-Control-Request-Method
SPIisLatency
SPRequestDuration
X-Correlation-Id
X-Kinsta-Cache
X-Cached
AR-SID
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Edge-Location-Klb
X-Ruxit-Js-Agent
X-Upstream
SPRequestGuid
X-SharePointHealthScore
X-Powered-CMS
X-LLID
X-RateLimit-Limit
Edge-Cache-Tag
X-Kraken-Loop-Name
X-Instrumentation
X-NWS-LOG-UUID
X-Server-Lifecycle-Phase
X-Forwarded-For
X-Cache-Key
Nginx-Cache
X-Litespeed-Cache
X-TTL
X-Id
Content-MD5
X-MSEdge-Ref
X-Shield-Request-Id
TCN
MRF-Tech
Mrf-Cache-Status
X-T
X-Daa-Tunnel
X-Recruiting
X-B3-TraceId-Primal
S
X-Content-Digest
X-DataDome
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Webkit-Csp
X-Mg-S
X-Jurisdiction
X-Ua-Device
X-HP-Webp
X-HP-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MS-Author-Via
X-Accel-Expires
X-ECACHE
X-WebKit-CSP-Report-Only
X-Ezoic-Cdn
X-Grace
X-Protected-By
X-Frontend
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-Ab
X-Content
X-Ua-Browser
Filters
Server-Node
X-Request-Processing-Time
X-Request-Received
Front-End-Https
X-Yandex-Sdch-Disable
TP-Cache
TP-L2-Cache
X-DynaTrace
X-PressLabs-Stats
X-Origin-Server
X-Server-ID
X-Distributor
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Mid
X-Geo-Country
X-ORACLE-DMS-RID
X-Hits
X-Microsite
X-Request-Handler-Origin-Region
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
X-LB-Cache
Charset
Cleartype
Host
X-Debug-Info
X-Git-Hash
X-Ratelimit-Reset
X-B3-Sampled
X-F-Cache
X-Page-Id
Cross-Origin-Opener-Policy
X-Cache-Age
X-Forwarded-Proto
X-DIS-Request-ID
X-Www-Served-By
Realpath
Access-Control-Allow-Method
Cache-Status
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Seen-By
ServerID
X-Az
X-Activity-Id
X-Fastly-Request-Id
X-AppVersion
Accept-Charset
Filterid
Cache-Tags
X-Varnish-Age
X-XRDS-LOCATION
X-Cluster-Name
X-Aspnetmvc-Version
X-Nginx-Upstream-Cache-Status
X-Mcache
X-Language
X-Rid
X-Content-Options
X-Type
X-App-Environment
X-MCACHE
Country
X-FB-Debug
Retry-After
X-Kong-Proxy-Latency
Server-Name
X-Kong-Upstream-Latency
X-Upgrade-Enabled
Viewport
DC
X-Varnish-Grace
Paypal-Debug-Id
Node
X-Tb
X-User-Agent
X-Varnish-Backend
X-Origin-Cache
X-Whom
X-Mobile-URL
X-GUploader-UploadID
X-Signature
X-Oracle-Dms-Ecid
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-Goog-Stored-Content-Length
X-B-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-TT
X-Oracle-Dms-Rid
X-VCache
X-Request-Guid
X-Route-Name
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-NWS-UUID-VERIFY
X-B
Protected
X-Oneagent-Js-Injection
Fastcgi-Useragent
Permissions-Policy
X-Debug
X-Logged-In
WPO-Cache-Message
WPO-Cache-Status
X-Amz-Replication-Status
X-Via-JSL
X-N
Payment
X-Cache-NGX
X-Amz-Meta-S3cmd-Attrs
X-Load-Cache
Surrogate-Key
X-Cache-Control
X-Contextid
Count-Hit
X-Template
X-Node-Name
X-ECache
Healthy
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Webkit-CSP
X-FW-Static
X-FW-Server
X-FW-Type
X-Mobile
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
Amp-Access-Control-Allow-Source-Origin
X-Original-Request-Id
SD-X-WS
X-Response-Served-From
X-B3-Traceid
X-Proxy
Refresh
Akamai-GRN
X-Jobs
X-Revision
X-G
X-XRDS-Location
X-Cache-Time
X-Zen-Fury
X-Framework
X-Real-IP
X-Akamai-Request-ID2
Content-Disposition
Uber-Trace-Id
X-Cache-TTL-Remaining
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
NGB
VIX-Pulpo-Node
Alternate-Protocol
Url
X-Device-Type
X-UUID
X-Hostname
X-NGENIX-Cache
X-Fastcgi-Cache
Access-Control-Request-Headers
X-Http-Reason
X-Rendered-As
X-Restarts
X-Is-Bot
X-Proxy-Cache-Status
X-Instance
X-Yottaa-Optimizations
X-Adobe-Content
X-Debug-IsConnected
X-Yottaa-Metrics
X-Debug-IsPreview
X-Adobe-Loc
X-Servername
X-Trace-Id
X-Drupal-Cache-Contexts
X-Page-View
X-Fastly-Request-ID
X-Cache-Grace
X-Varnish-Server
X-Mg-Request-UUID
Version
X-IPLB-Instance
X-EdgeConnect-Cache-Status
X-L-Path
X-Environment-Context
X-Source
X-Midtier
Accept-Language
X-HTML-Minification-Powered-By
Countrycode
MS-CV
X-Cache-Rule
X-RTag
Frame-Options
Ms-Operation-Id
X-Cache-Hit
X-Vgn-Hpd-Reason
From-Origin
X-Cache-Expired-At
X-NYM-Debug-Backend
Referer-Policy
X-App-Server
Liferay-Portal
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Backend
X-Nginx-Cache
X-IPS-LoggedIn
X-APP-VERSION
X-FW-Version
X-Parallel-Accel
Content-Secure-Policy
X-COUNTRY
X-Datadome
X-Hosted-By
Upgrade-Insecure-Requests
X-Cache-Server
X-UPSTREAM-Address
Meta-Geo
X-Unique-Id
X-RN-RSRV
X-Redis-Cache
X-ProcessESI
X-RemovedCookies
X-Generation-Time
X-Ua
Property-Id
X-Via-Fastly
X-Varnish-Cache-Hits
S-Rt
X-Cache-Enabled
Azure-SiteName
Azure-SlotName
Mn-Server-Ip
X-Server-W
X-Region
Azure-Version
X-Section
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Content-Age
X-FB-TRIP-ID
X-Access
TWC-Privacy
X-Cluster-Node
Webcakes-Region
Webcakes-App-Version
Azure-InstanceId
Webcakes-App-Name
X-Format
X-No-Session
WP-Super-Cache
TWC-GeoIP-Country
X-PHP-Backend
X-PCL
Azure-RegionName
X-OCL
X-Origin-Hint
X-Request-Time
TWC-Device-Class
X-Mode
Section-Io-Cache
CF-IPCountry
X-ApacheServer
X-BYPASS-REASON
X-Content-Powered-By
X-Uri
Locale
Eomportal-Instance
X-AOL-HN
X-Akamai-Edgescape
Apigw-Requestid
Cache-Tv-Group
X-Debug-Cache
X-Urbn-Site-Id
X-Nginx-Cache-Key
X-PERF
X-ProxyCache-Key
X-ProxyCache-Status
X-Status
X-UA-Device-Type
X-Urbn-Context-Path
X-Be
X-Human
X-Locale
X-Site-Version
Fastly-SSL
X-Origin-Date
X-Cache-Action
X-Zipkin-Id
X-Hl-Ver
X-Extlb
X-PHP-Host
X-Labrador-Cache-Channel
X-Cache-Type
X-Say-TTL
X-Forwarded-Host
X-JoinUs
X-Backend-Name
X-Varnishpool
X-SayCDN-TTL
X-Say-Cacheable
X-Proxied
X-NewRelic-App-Data
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
Ec-Rule-Version
X-ServerID
X-Xfnlog-Site
X-Sql-Count
X-Storage
X-Sql-Duration-Ms
X-Generated-By
X-ShardId
X-ShopId
X-Cache-Host
X-Routing-Service
X-SaId
X-Alternate-Cache-Key
X-Detected-As
X-Web-Node
X-Cache-Tags
X-Handled-By
X-Cms-Context
X-Ratelimit-Remaining
X-AWS-Id
X-Timing-Wait
X-GG-Cache-Date
X-Adobe-Source
X-LJ-Flow-ID
X-VWS-Id
Selected-Fe
X-Platform-Server
X-Proxy-Build
X-VC-Cache
ServedBy
CDN-CachedAt
CDN-EdgeStorageId
CDN-Uid
CDN-PullZone
CDN-Cache
X-Tid
CDN-RequestId
CDN-RequestCountryCode
X-Dc
X-Edge-Location
Load-Balancing
X-Storefront-Renderer-Rendered
X-Hyper-Cache
X-Rule
X-Proto
X-LSADC-Cache
X-Cache-Operation
Web-Mar-Node
SRV
X-GeoCode
X-GeoCountry
Onion-Location
Webserver
X-CDN-Forward
X-TT-LOGID
Mime-Version
X-Cached-By
Fastly-Drupal-Html
X-App-Version
SID
X-Rewrite-Enabled
X-Cache-Remote
X-Varnish-Hostname
X-Soup
X-TA-CDN-Provider
X-GEO
Cache-Hits
Xserver
X-Accel-Buffering
X-Cdn
X-Cluster
X-Pubstack
X-Varnish-Ttl
X-Origin-TTL
X-Varnish-Hits
X-Origin-CC
X-Microcachable
X-Reqid
Xet-Cookie
Server-Info
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Buckets
Country-Code
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
X-CSRF-Token
X-Tumblr-Pixel-3
X-SRV
X-Tumblr-Pixel-2
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-MP-GENERATED-AT
X-Magnolia-Registration
DB-Nickname
LB
X-IPLB-Request-ID
X-Request-Host
X-Amzn-RequestId
Cache
X-Amz-Apigw-Id
X-Ms-Request-Id
X-Ms-Version
X-Endurance-Cache-Level
Source
X-Cache-Id
X-Cache-NE
X-A-Ccd
Fastcgi-X-Cache-Version
Expiry
DCR-Processing-Time-Ms
Host-ID
Lang
Meta-Geo-Continent
MD5-Digest
DCR-Decision-By
Cmstype
X-Via-NSCOPI
BehaviorPad-Version
A
Cdncip
X-Origin-Response-Time
Cmsid
Cdnsip
Mobile-Detection-Method
NM-Fastcgi-Cache
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Aed
X-AK-Request-ID
X-ARC
X-Application
X-A-Dam
X-A
Pramga
Odigeo-Trace-Id
Rendered-Blocks
Sslversion
T-Server
Surrogated-Key
X-B-Cookie
X-Esi-Check
X-Rojux
X-Newrelic-Synthetics
X-S
X-S-Cookie
X-ScT
X-Tt-Logid
X-Processor
X-PBS-Appsvrname
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-NAPM-TraceId
X-Bc-Bl
X-PAYTM-SRV-ID
X-Time
X-SD-PageType
X-Vdms-Version
X-Vdms-Path
X-VG-WebCache
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
X-User
X-TrackingId
X-Shop-Environment
X-Session-Fingerprint
X-SRCache-Key
X-Tenant
X-TIM-N
X-Hash
X-Orig-Expires
X-Forwarded-Path
X-Ftr-Request-Id
X-D
X-Connection-Hash
X-External-Request-Id
X-RCS-CacheZone
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Developer
X-Conf
X-Destination
X-CF-Lambda-Fn
X-Cdn-Srv
X-Gzip
X-NCache
X-Geo-Header
X-CF-Lambda-Version
X-B3-SpanId
X-Cache-Info
X-Sigma-Backend
X-Core-Mission
X-Ckpd-Fst-Backend
X-Sigma
Memcached
X-Developers
Mail-Subject
X-SVT-ORM-VERSION
Fastly-GeoIP-CountryCode
X-SVT-ORM-RULES
X-V-Cache
Machine
X-Via-Ucdn
X-Cache-Bucket
X-Nyt-Route
Wxu-Next-Hostname
X-CacheTTL
X-Origin
X-NodeID
X-Node-Id
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Gdpr
X-Origin-Time
Wxu-Next-Commit
AKAMAI
X-Scheme
X-Amzn-Remapped-Content-Length
X-Server-IP
Server-Host
X-Rocket-Build-Number
We-Hiring
X-Fetched-On
X-Cache-Backend
X-Device-Os
Wxu-Next-Region
X-Varnish-Beresp-Grace
X-Tx-Id
X-Skip-Cache
HostName
X-Azure-Ref
Cache-Name
CDN
DynaTrace
X-SB
X-Auto-Login
X-Rocket-Nginx-Serving-Static
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Region-Sid
X-Request-URI
X-Served-From
Apple-News-Services-Handled
X-Slack-Backend
X-Thinkindot-L3
TDXMobile
Svr
X-TNCMS
Ssr
State
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Vix-Hermes-Req-Id
X-Pool
V-Age
X-ZONE
X-Fastly-Cache
Traceparent
Web-Mar-Region
X-Cache-Date
X-HN
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Generated-On
X-Dispatcher-Number
X-Fmm-Version
X-Eu-Site
X-Forwarded-Site
X-Gamma-Serve
X-Ec-Custom-Error
X-Datadog-Parent-Id
X-LAGOON
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Platform
X-VarnishDD-TTL
X-Branch-Name
X-Pod-Name
X-Planisys-CDN-Cache
X-CGP
X-Csrf-Jwt
X-Level-Front-Cache
X-Core-Value
X-Loop
X-Clara-WADP
X-Policy
Thinkindot-Control
Platform
Environment
Producers
Fastcgi-Cache-TTL
Is-Eu
X-Variation
Cluster
X-Varnish-CookieINHashed-On
N-Cache
X-DefElseHash
X-DefHash
X-GeoIP
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Kp-EeAlive
L
X-Origin-Expires
X-DPWN-IS-SECURE
L5d-Success-Class
Adler-Geo
X-Varnish-CookieHashed-On
X-Wix-Viewer-Type
Apple-News-Services-Request-Url
PFcat
CloudFront-Viewer-Country
Redirect-Candidate
X-Worker
Release
Apple-News-Services-Parsed-Url
X-WADP-Cache
Apple-News-Services-Host
Origin-CC
Origin
X-Varnish-Remaining-TTL
Origin-EX
X-Viewer-Country
X-R9-Blue-Green-Version
X-From
X-Loc
X-Optimistic-Header
X-Minions-Version
X-Owner
X-Qloud-Router
DSUID
X-Sn-Servicetimems
X-Httpd
X-Hnp-Log
CDCHOST
X-SIPLIST1
X-Wikidot-Static-Cache
X-Gen-Mode
X-Wikidot-Backend
X-Proxy-Cache-Info
X-BBC-Edge-Cache-Status
X-Webstats-RespID
User-Cache-Control
X-Scale
X-BCube-Filmed-By
Req-Svc-Chain
Candidate-Md5Url
X-VServer
IsBot
Cache-Key
Ohc-File-Size
X-Cdn-Origin
X-Block-Status
X-VG-TLSProxy
X-GeoIP-City
Datacenter
X-Cache-Status-Check
CPC-Age
CPC-Cache
X-Tec-Api-Version
X-Ad-Defer-Variation
X-WP-CF-Super-Cache
X-Tec-Api-Origin
X-WP-CF-Super-Cache-Cache-Control
X-Aicache-OS
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Refresh
X-Rebelmouse-Cache-Control
Fastly-SIE
VNS-Cache
X-Location
GEO-INFO
VNS-Age
X-Parent-Response-Time
XM
X-Tec-Api-Root
Server-Ext
NGX
Sever-Int
Server-Hostname
AMP-Access-Control-Allow-Source-Origin
X-NC
X-VC
X-CS
X-SplitTest
Pics-Label
Fastly-Backend-Name
X-CACHE-KEY
X-Srv
X-Tb-Optimization-Total-Bytes-Saved
X-Contensis-Viewer-Groups
Servername
Locid
X-Cache-ASPX
X-Ah-Environment
X-AIR-PT
Arc-Country
Env
X-Edge-Pop
X-WA-Info
X-Micro-Cache
X-Men
X-EC-Lua
Lb
Ms-Author-Via
X-TraceId
X-Old-Content-Length
X-TIME
Memory
Time
X-Varnish-Authentication
X-Response-By
X-LB-NoCache
X-Udemy-Cache-App-Namespace
X-RPM
X-DW
X-Generated-In
X-DI
X-Mvc-Supplant-OutputCached
X-RPS
X-RSL
X-DB
X-DSS
X-Amz-Meta-Cb-Modifiedtime
Path
X-Xrds-Location
X-Api-Version
X-Via-Popv
Ngx.Var.Host
X-Via-Popn
X-Accel-Expires-Debug
X-Via-Poph
GeoIp-Country-Code
Cache-Host
X-Servedbyhost
X-Date
Ohc-Cache-HIT
X-GeoIP-Country-Code
ITXSESSIONID
X-Varnish-Beresp-TTL
X-S-Maxage
X-HA-Backend
X-Akamai-Transformed
X-GeoIP-Region-Code
X-Trace-ID
XkeyRZ
X-Proxy-CacheRZ
X-RateLimit-Reset
True-Client-IP
X-Vc
X-Cache-Debug
Client
FSS-Cache
Geoip-Latitude
X-Cs
X-Clientip
X-VCL-Version
X-API-Version
Fusion-Source
X-VHOST
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
CacheControlHeader
Server-ID
X-DC
X-TH-Server
X-Action
True-Client-Country-4JS
X-FireWall-Port
Hostname
X-Presslabs-Stats
X-Correlation-ID
X-Backend-TTL
X-Fpc
X-TX-ID
X-Zone
X-Dmc
X-B3-Spanid
Geo-Info
X-MSEdge-Features
X-Webkit-Csp-Report-Only
Powered-By
X-MSEdge-Flight
X-Req
X-Traceid
X-INCAP-ABP
X-DynaTrace-JS-Agent
Edge-Cache
NtCoent-Length
X-PX
X-Render-Time
X-Gateway-Cache-Status
X-FPC
Tcn
Rip
My-App
C-Via
X-Gateway-Cache-Key
X-Pass-Why
X-Gateway-Request-Id
X-Service
X-Gateway-Skip-Cache
Test
X-M-Reqid
X-NGINX-Cache
Server-Id
Tube-Get-Contents
Click-Count-Action-Start
X-M-Log
Click-Count-Error
X-HS-Status
Tube-Got-Eval
X-Cdn-Request-ID
Tube-Return
X-Vcl-Version
Esi-Enabled
X-CSRF-TOKEN
HIT
Tube-Got-Results
X-Qnm-Cache
X-Provided-By
X-Origin-Upstream-Status
X-Beluga-Response-Time
User-Agent
X-Beluga-Cache-Status
OT-Force-Account-Verify
X-Webkit-CSP-Report-Only
X-Beluga-Record
X-Beluga-Node
X-Up
X-Beluga-Trace
X-Beluga-Status
X-LB-ID
X-Ha-Backend
X-Alfa-Service
X-Varnish-Beresp-Ttl
On-Server
Cf-Int-Pingora-Origin-Digest
X-TRACE-ID
Uri
X-URL
Srvid
X-Proxy-Cache-Hk
Proxy-Connection
X-Via-PopV
Resin-Trace
X-Via-PopH
X-Via-PopN
X-CLOUD-TRACE-CONTEXT
WebServer
X-APP
GeoIP-Country-Code
GeoIP-Latitude
X-RAMCache
X-Li-Fabric
X-Li-Pop
X-Geo
X-UnsetCookies
DataCenter
Sid
X-LI-UUID
X-Check-Cacheable
MIME-Version
X-Akamai-Pragma-Client-IP
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Fetch-By
X-CCDN-CacheTTL
Cdn
X-ND-Cache
Epwk-X-Cache
X-ServedByHost
X-Time-Microsecs
WZWS-RAY
Srv
X-Edge-Origin-Shield-Bytes
X-LI-Proto
X-Cdn-Forward
X-Edge-Origin-Shield-Region
X-Backend-Host
M-TraceId
ENV
Fastly-Drupal-HTML
Server-Ttl
X-CUA
X-Fastly-Backend-Reqs
Warning
X-Esi
ServerName
X-Platform-Processor
X-ATG-Version
X-Lb-Nocache
X-Platform-Cluster
Target-Params
X-Dynatrace
X-Fragments
Tracecode
X-B3-Traceid-Primal
XServer
X-Platform-Router
X-Edge-POP
Cf-Device-Type
Dt-Hot-News
X-MG-S
X-HostName
X-Sucuri-Cache
X-Sucuri-ID
X-Yottaa-OS
X-Request-Url
X-App
X-Azure-Ref-OriginShield
Lfy
X-ElasticPress-Query
X-Fastly-Backend
Inserted-Into-Cache-At
X-Var-Ttl
PICS-Label
Section-Io-Id
CF-Cached-On
Section-Io-Origin-Status
Section-Origin-Responded
X-HITS
Section-Io-Origin-Time-Seconds
X-Newrelic-App-Data
X-FC-Vary-Parameters
X-Dw-Trace-Id
D-Url-Rewrites
X-Nc
X-Thanos
X-LiteSpeed-Cache-Control
X-Bip
X-Akamai-Request-ID
Cf-Ipcountry
X-Varnish-Beresp-Status
X-Cache-Expires
X-Vcache
X-Serial
X-Iplb-Request-Id
X-CF-Powered-By
X-Iplb-Instance
Cdn-Edgestorageid
Cdn-Cachedat
Cdn-Uid
Servedby
Cdn-Cache
Wp-Super-Cache
DT-Hot-News
Cdn-Requestcountrycode
Cdn-Requestid
Cdn-Pullzone
X-Vercel-Cache
True-Client-Ip
X-Vercel-Id
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
CountryCode
X-BBC-Origin-Response-Status
X-Release
X-Li-Proto
X-Dist-Code
Cneonction
X-NU-AKA-ACS-Version
Ngx
X-Snapshot-Date
Content-Script-Type
X-Storefront-Renderer-Verified
X-Request-URL
Magicmarker
X-Backend-State
X-Th-Server
Content-Style-Type
X-Back
Fastcgi-Cache-Ttl