Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-Request-ID
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Report-To
X-Turbo-Charged-By
Keep-Alive
X-UA-Device
Request-Context
X-Age
X-Backend
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Nginx-Cache-Status
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
NEL
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Ua-Compatible
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Cache-Spec
Accept-CH
X-Host
X-Dns-Prefetch-Control
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Ruxit-JS-Agent
X-Country
X-B3-TraceId
Accept-CH-Lifetime
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Cache-Lookup
X-Trace
X-Url
Allow
X-Content-Type
X-Ac
X-Vname
X-PC
X-TtlSet
X-Aws-Lambda-Call-Status
X-Clacks-Overhead
Edge-Control
X-Server-Name
X-Varnish-TTL
X-Mod-Pagespeed
X-ESI
Fastly-Restarts
Cache-Tag
X-VARITI-CCR
X-Rack-Cache
Service-Worker-Allowed
X-Element-Page-Cache
Verso
X-Upstream
X-FastCGI-Cache
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-GitHub-Request-Id
Public-Key-Pins
MS-Author-Via
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-Abt-Application-Version
X-D2id
X-Cnection
X-Px
RTSS
X-Cache-TTL
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-Goog-Hash
X-NF-Request-ID
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
Display
X-Powered-CMS
X-Middleton-Display
X-Sol
Pagespeed
X-Version
X-Origin-Cache
X-Middleton-Response
Response
X-TTL
X-LLID
X-MSEdge-Ref
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
TCN
X-RateLimit-Remaining
X-Edge
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Protected-By
X-CST
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-T
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Aspnetmvc-Version
X-Id
X-Mg-S
S
Edge-Cache-Tag
X-Language
Content-MD5
SPIisLatency
SPRequestDuration
Front-End-Https
Fastcgi-Cache
X-Mid
Realpath
X-Request-Processing-Time
X-Request-Received
Server-Node
Pinterest-Generated-By
X-Pinterest-Rid
X-Recruiting
Pinterest-Version
Filters
X-Frontend
X-DynaTrace
Server-Name
X-Ab
X-Content
X-Ua-Browser
X-Cache-Key
X-MCACHE
X-Ser
X-Correlation-Id
X-Ttl
X-Ruxit-Js-Agent
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Accept-Ch
X-NWS-LOG-UUID
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Template
X-Ezoic-Cdn
X-ECACHE
SPRequestGuid
X-SharePointHealthScore
X-Hits
X-Parallel-Accel
X-Tt-Trace-Host
X-Server-ID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Tt-Trace-Tag
X-Page-Id
Charset
Cache-Tags
X-B3-Sampled
Cleartype
Host
Alternate-Protocol
X-Git-Hash
X-Www-Served-By
X-Geo-Country
X-Content-Options
X-Debug-Info
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-Daa-Tunnel
X-DIS-Request-ID
X-Hostname
X-Amzn-Trace-Id
X-Content-Digest
X-Amz-Replication-Status
Cross-Origin-Opener-Policy
Filterid
X-Varnish-Age
X-Ratelimit-Limit
X-Az
X-AppVersion
X-Activity-Id
X-FB-Debug
X-Grace
X-Upgrade-Enabled
ServerID
X-VCache
X-F-Cache
X-Accel-Expires
X-Nginx-Upstream-Cache-Status
X-N
X-Origin-Server
X-Forwarded-Proto
X-Rid
Access-Control-Allow-Method
X-Mobile-URL
X-Fastly-Request-ID
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Whom
X-Type
X-TT
X-DataDome
X-LB-Cache
X-Goog-Generation
X-Fastcgi-Cache
X-Seen-By
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
X-Varnish-Grace
X-Goog-Metageneration
Viewport
X-Goog-Stored-Content-Encoding
X-App-Environment
X-WebKit-CSP-Report-Only
X-Tb
Payment
X-FW-Type
X-FW-Serve
X-FW-Server
X-User-Agent
Node
X-FW-Static
X-FW-Dynamic
X-Distributor
X-FW-Hash
TP-L2-Cache
TP-Cache
Paypal-Debug-Id
DC
X-Wix-Request-Id
X-App-Server
X-Fastly-Request-Id
X-XRDS-LOCATION
Accept-Charset
Fastcgi-Useragent
Country
X-Litespeed-Cache
X-Cache-Rule
X-Cache-Control
X-NGENIX-Cache
X-Webkit-Csp
X-Via-JSL
X-Origin-Upstream-Status
X-Ratelimit-Reset
Version
X-Drupal-Cache-Tags
X-Cluster-Name
Referer-Policy
X-Microsite
X-Buckets
X-Request-Handler-Origin-Region
X-Oracle-Dms-Rid
X-Cache-Age
X-Oracle-Dms-Ecid
X-Contextid
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Logged-In
X-B-Cache
X-Signature
Amp-Access-Control-Allow-Source-Origin
Cache-Status
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Refresh
X-Node-Name
X-Browser-Type
VIX-Pulpo-Upstream-Status
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-Mobile
VIX-Pulpo-Node
X-Rendered-As
X-Is-Bot
X-Varnish-Backend
X-Cache-Expired-At
X-Load-Cache
X-Real-IP
X-Vgn-Hpd-Reason
X-Page-View
X-Proxy-Cache-Status
X-IPLB-Instance
X-Revision
Access-Control-Request-Headers
NGB
X-Debug
X-B
X-Cacheable-TTL
X-Jobs
X-UUID
X-Cache-Action
X-Rule
X-Instance
X-Device-Type
X-ProcessESI
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-RemovedCookies
X-Drupal-Cache-Contexts
Surrogate-Key
X-Proxy
X-Framework
X-Debug-IsPreview
X-Debug-IsConnected
X-Cache-Time
X-G
X-FW-Version
Akamai-GRN
CF-IPCountry
SID
X-Accel-Buffering
X-Presslabs-Stats
X-Air-Hostname
X-Air-Trace-Id
GEO-INFO
X-Air-Source
DynaTrace
X-Cache-NGX
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Oneagent-Js-Injection
X-TEC-API-ORIGIN
Count-Hit
X-Nginx-Cache
Uber-Trace-Id
X-Azure-Ref
X-Cache-Operation
X-Source
X-Ms-Version
X-Ms-Request-Id
Liferay-Portal
X-RateLimit-Limit
X-XRDS-Location
X-Zen-Fury
Frame-Options
X-APP-VERSION
X-PressLabs-Stats
X-CDN-Forward
Protected
X-EdgeConnect-Cache-Status
Ms-Operation-Id
X-RTag
MS-CV
X-Cache-Hit
Healthy
X-Mode
X-Backend-Name
X-IPS-LoggedIn
X-L-Path
X-Environment-Context
Ec-Rule-Version
Xserver
Countrycode
Cross-Origin-Window-Policy
X-Cache-TTL-Remaining
WPO-Cache-Message
X-Hyper-Cache
WPO-Cache-Status
X-Servername
X-Varnish-Server
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Ratelimit-Remaining
X-Adobe-Loc
LB
Backend
X-Adobe-Content
X-Detected-As
X-JoinUs
X-SaId
X-Tid
Meta-Geo
X-RN-RSRV
X-Content-Age
X-Region
X-Rewrite-Enabled
X-UPSTREAM-Address
Content-Disposition
X-ShardId
X-Routing-Service
X-Alternate-Cache-Key
X-Cache-Grace
X-Forwarded-Host
X-Hosted-By
Decoy-Debug-Status
X-Extlb
X-Proxied
X-ShopId
X-Debug-Cache
X-Redis-Cache
X-Sorting-Hat-PodId
Country-Code
X-Zipkin-Id
Eomportal-Instance
X-Shopify-Stage
Decoy-Debug-TTL
X-Uri
X-Sql-Count
X-Sorting-Hat-ShopId
Apigw-Requestid
X-Sql-Duration-Ms
Decoy-Debug-Key
X-Generation-Time
CDN-RequestId
X-Human
CDN-RequestCountryCode
CDN-Uid
CDN-Cache
Fastly-SSL
Mn-Server-Ip
X-ApacheServer
X-Cache-Server
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
X-Format
X-NCache
X-Varnish-Beresp-Grace
X-Microcachable
X-Site-Version
X-Via-Fastly
X-Origin-Date
X-FB-TRIP-ID
Url
Cache-Name
X-ServerID
X-Status
X-PCL
X-PHP-Backend
X-OCL
X-PERF
X-No-Session
Property-Id
TWC-Device-Class
TWC-Connection-Speed
Selected-Fe
X-Timing-Wait
X-Origin-Hint
X-Say-TTL
X-Web-Node
X-Generated-By
X-Say-Cacheable
X-NYM-Debug-Backend
X-Storage
X-Akamai-Edgescape
X-UA-Device-Type
TWC-GeoIP-Country
X-Section
X-Server-W
X-Access
X-BYPASS-REASON
X-Cache-Host
X-ProxyCache-Status
X-Cache-Type
X-Pubstack
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Proxy-Build
X-Content-Powered-By
X-ProxyCache-Key
X-Cluster-Node
X-SayCDN-TTL
Section-Io-Cache
X-Trace-Id
Cache-Tv-Group
X-R9-Blue-Green-Version
X-Hl-Ver
X-Varnishpool
X-Soup
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
X-Be
Content-Secure-Policy
Azure-Version
X-LSADC-Cache
Retry-After
X-Webkit-CSP
DB-Nickname
X-TIME
X-NewRelic-App-Data
X-Nginx-Cache-Key
X-Ua
OT-Force-Account-Verify
X-Cached-By
X-Cache-Remote
X-Unique-Id
X-Azure-Ref-OriginShield
X-Bc-Bl
X-TT-LOGID
Source
X-Platform-Server
X-Akamai-Transformed
Cache
X-Auto-Login
X-Dc
X-Xfnlog-Site
X-GEO
SRV
X-LAGOON
X-Cdn
X-Cache-Tags
Upgrade-Insecure-Requests
ServedBy
Mime-Version
X-Origin-TTL
X-Origin-CC
HostName
X-SRV
X-Varnish-Hits
From-Origin
Cache-Hits
X-Varnish-Cache-Hits
X-App-Version
X-TNCMS
X-CSRF-Token
X-EC-Lua
X-Loop
X-Request-Time
X-HTML-Minification-Powered-By
X-Varnish-Hostname
X-AOL-HN
X-Time
Onion-Location
X-S-Maxage
WP-Super-Cache
X-Request-Host
Webserver
Xet-Cookie
X-NWS-UUID-VERIFY
X-ECache
Web-Mar-Node
X-Xrds-Location
N-Cache
X-Proto
X-Cache-Enabled
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-B3-SpanId
X-Endurance-Cache-Level
X-Amz-Meta-S3cmd-Attrs
X-FireWall-Port
Nel
X-Handled-By
Ms-Author-Via
X-Tenant
X-Correlation-ID
X-Origin-Response-Time
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
BehaviorPad-Version
X-S-Cookie
X-Session-Fingerprint
X-Slack-Backend
X-SD-PageType
X-Reqid
S-Rt
X-Adobe-Source
A
X-ScT
X-Shop-Environment
Vix-Hermes-Req-Id
X-D
X-Connection-Hash
X-Destination
X-Developer
X-Epic-Correlation-Id
X-Conf
X-Cluster
X-Cache-NE
X-Processor
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-External-Request-Id
X-Forwarded-Path
X-NAPM-TraceId
X-Planisys-CDN-Cache
X-ND-Cache
X-Orig-Expires
X-PAYTM-SRV-ID
X-Planisys-CDN-Rules
X-Ig-Push-State
X-Gen-Mode
X-Ftr-Request-Id
X-GG-Cache-Date
X-Planisys-CDN-TTL
X-Hnp-Log
X-Block-Status
X-Backend-TTL
Pramga
Odigeo-Trace-Id
Redirect-Candidate
Rendered-Blocks
Sslversion
Mobile-Detection-Method
Meta-Geo-Continent
X-S
DCR-Processing-Time-Ms
X-Rojux
Expiry
Fastcgi-X-Cache-Version
Surrogated-Key
User-Cache-Control
X-Aed
X-A-Wwc
X-Application
X-ARC
X-B-Cookie
X-A-Dgt
X-A-Dcw
V-Age
X-A
X-A-Ccd
X-A-Dam
DCR-Decision-By
X-RCS-CacheZone
X-VG-WebCache
X-Vdms-Path
X-PBS-Appsvrname
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Time-Microsecs
Xc-Version
X-V-Cache
X-Vdms-Version
X-TIM-N
X-SRCache-Key
X-Magnolia-Registration
X-Mg-Request-UUID
X-Edge-Location
Wxu-Next-Region
X-Webstats-RespID
X-Origin
X-Varnish-Ttl
X-Aicache-OS
X-Viewer-Country
X-Accel-Expires-Debug
Wxu-Next-Hostname
Wxu-Next-Commit
X-Request-URI
Host-ID
Gh-Request-Id
X-Rocket-Nginx-Serving-Static
Origin
State
X-Origin-Time
X-Proxy-Upstream
True-Client-Country-4JS
Svr
X-Old-Content-Length
X-SVT-ORM-VERSION
X-NodeID
X-GeoIP-Country-Code
X-Geo-Header
X-Gdpr
X-GeoIP-Region-Code
X-Mvc-Supplant-Cachable
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Hash
X-Forwarded-Site
X-Fastly-Cache
X-VG-TLSProxy
X-Cache-Info
X-Cache-Date
X-Men
X-Policy
DSUID
X-Date
X-Http-Reason
X-Akamai-Request-ID2
X-Nyt-Route
X-Cache-Bucket
X-Origin-Expires
Apple-News-Services-Host
X-Sucuri-ID
X-Scheme
X-Sucuri-Cache
Cmstype
Arc-Country
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CDCHOST
X-Server-IP
X-SVT-ORM-RULES
Cmsid
Environment
X-PHP-Host
X-Cache-Var
X-Labrador-Cache-Channel
CloudFront-Viewer-Country
X-Via-NSCOPI
X-Cache-Var-Map
X-Amzn-RequestId
X-MP-GENERATED-AT
Server-Info
X-Amz-Apigw-Id
X-Varnish-Beresp-Ttl
X-Esi-Check
X-Eu-Site
We-Hiring
Web-Mar-Region
AKAMAI
X-GeoIP-City
X-Varnish-Beresp-Status
X-Fastly-Backend
X-Cdn-Srv
X-Storefront-Renderer-Rendered
X-Cache-Id
X-Cache-Debug
X-Csrf-Jwt
X-TH-Server
X-Core-Value
X-Served-From
X-Cdn-Origin
X-CGP
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Backend-State
X-RateLimit-Limit-Second
X-VarnishDD-TTL
X-Platform
X-BBC-Edge-Cache-Status
X-GeoIP
X-Branch-Name
X-Sn-Servicetimems
X-Datadog-Trace-Id
X-Envoy-Decorator-Operation
X-RateLimit-Remaining-Second
X-Core-Mission
X-VServer
X-Rocket-Build-Number
Fastly-Drupal-Html
X-Location
X-Locale
X-Skip-Cache
X-UnsetCookies
X-Gamma-Serve
Mail-Subject
Magicmarker
Ha-Gx-Prefs
X-Device-Os
Traceparent
Fastly-GeoIP-CountryCode
HA-Ipaddr
X-TrackingId
Machine
L5d-Success-Class
L
X-Owner
X-Level-Front-Cache
Origin-CC
X-Generated-On
Server-Host
X-Req
Ssr
X-Fetched-On
X-Region-Sid
CacheControlHeader
Locid
X-Gzip
X-Sigma
X-HS-Content-Campaign-Id
X-Irp-Debug
PFcat
X-HN
Release
X-Sigma-Backend
Req-Svc-Chain
Origin-EX
Fastcgi-Cache-TTL
X-Pod-Name
X-Tx-Id
X-Developers
Platform
Is-Eu
Fastly-SWR
Fastly-SIE
X-Varnish-Remaining-TTL
Thinkindot-CacheControl
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
TDXMobile
X-Thinkindot-L3
Adler-Geo
X-Loc
X-NU-AKA-ACS-Version
NM-Fastcgi-Cache
NGX
X-Restarts
Thinkindot-Control
X-ATG-Version
X-Response-By
Memcached
X-Node-Id
Thinkindot-CacheControl-Type
X-Variation
X-Qloud-Router
X-Varnish-CookieINHashed-On
X-FC-Vary-Parameters
X-DefHash
X-DPWN-IS-SECURE
X-Varnish-CookieHashed-On
X-Amzn-Remapped-Content-Length
X-Worker
X-DefElseHash
X-Ua-Device
X-Trace-ID
Cf-Device-Type
AMP-Access-Control-Allow-Source-Origin
X-Has-Esi
X-Request-Start
X-API-Version
X-CS
X-JWT-State
Kp-EeAlive
X-Is-Gdpr
X-VC-Cache
X-Zone
X-Wix-Viewer-Type
X-RPS
X-DSS
X-RSL
X-DI
X-RPM
X-Bip
X-Thanos
X-DB
X-Up
X-Cache-Backend
X-NC
X-Mvc-Supplant-OutputCached
CDN
X-LB-ID
X-DW
X-M-Log
X-Action
X-Qnm-Cache
X-M-Reqid
Edge-Cache
Accept-Language
Pics-Label
X-TraceId
X-LB-NoCache
X-Generated-In
X-Tb-Optimization-Total-Bytes-Saved
X-Optimistic-Header
Time
Memory
X-CacheTTL
X-Cache-Config
X-Minions-Version
Env
X-Srv
WebServer
X-Via-Poph
X-Via-Popn
X-DC
X-Via-Popv
X-Refresh
X-Urbn-Context-Path
Datacenter
X-Urbn-Site-Id
X-Tt-Logid
Locale
X-HA-Backend
X-Edge-Pop
X-Cache-Ttl
NtCoent-Length
GeoIp-Country-Code
Candidate-Md5Url
X-CACHE-KEY
X-Datadome
X-ZONE
X-Ec-Fail
X-Ec-GeoHdr
X-User
X-Servedbyhost
Server-ID
X-TA-CDN-Provider
X-Esi
X-DynaTrace-JS-Agent
X-Parent-Response-Time
X-MSEdge-Features
X-Vc
X-MSEdge-Flight
On-Server
WWW-Authenticate
X-CLOUD-TRACE-CONTEXT
X-Cs
Esi-Enabled
X-TX-ID
Cdncip
X-VCL-Version
X-Webkit-CSP-Report-Only
X-Varnish-Beresp-TTL
X-AK-Request-ID
X-Unique-ID
Cdnsip
X-App
X-Fpc
My-App
X-WADP-Cache
Cluster
X-Cache-PHP
X-LI-Proto
X-Traceid
X-Clara-WADP
X-Service
X-Fmm-Version
C-Via
X-URL
X-CUA
Tracecode
X-Li-Proto
Geoip-Latitude
X-Webkit-Csp-Report-Only
X-Dynatrace
X-Newrelic-Synthetics
X-Var-Ttl
X-Pass-Why
Test
X-B3-Spanid
X-FPC
T-Server
X-From
Lfy
Proxy-Connection
X-NODE
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
X-VC
Lang
X-Cache-Status-Check
X-Fragments
DataCenter
X-Render-Time
X-Vcl-Version
X-Mcache
Geo-Info
X-LiteSpeed-Cache-Control
Resin-Trace
M-TraceId
Target-Params
Server-Id
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-CSRF-TOKEN
X-Ha-Backend
GeoIP-Country-Code
X-RAMCache
X-ID
X-Provided-By
MIME-Version
Hostname
X-ServedByHost
Permissions-Policy
X-Clientip
Hit
X-Edge-POP
X-Proxy-Cache-Info
X-Httpd
X-Dynatrace-Js-Agent
X-Geo
Servername
X-Oss-Object-Type
WZWS-RAY
X-Oss-Hash-Crc64ecma
X-Via-PopH
X-Oss-Storage-Class
X-LiteSpeed-Tag
X-Via-PopN
X-Via-PopV
X-Cdn-Forward
Producers
UCS
X-Oss-Request-Id
X-Oss-Server-Time
HIT
X-Pad
X-RateLimit-Reset
Cache-Host
X-AIR-PT
X-Info
Section-Origin-Responded
X-Api-Version
X-NGINX-Cache
X-SB
X-Fastly-Backend-Reqs
Section-Io-Origin-Time-Seconds
X-Edge-Cache
ENV
Section-Io-Id
FSS-Cache
S-Cnection
Section-Io-Origin-Status
X-Udemy-Cache-App-Namespace
Ohc-File-Size
X-ElasticPress-Query
X-Platform-Cluster
X-Pool
X-Ucs
X-Platform-Processor
X-Platform-Router
X-Check-Cacheable
X-Acquia-Application-Trace
X-UP
X-Micro-Cache
X-GoCache-CacheStatus
Uri
Fastly-Backend-Name
ServerName
PICS-Label
X-HS-Status
X-BBC-Origin-Response-Status
X-Acquia-Application-UUID
X-Ec-Custom-Error
URI
X-Acquia-Purge-Tags
X-Scale
X-Acquia-Site
User-Agent
X-Cache-CFC
X-Lb-Nocache
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-SIPLIST1
Server-Hostname
Server-Ttl
X-Cache-Expires
IsBot
MD5-Digest
X-Dispatcher-Number
Tcn
Server-Ext
Sever-Int
Load-Balancing
X-ServerName
X-Release
X-Fastly-Cache-Hits
Cneonction
X-Backend-Host
X-Cdn-Request-ID
X-Lb-Id
Cteonnt-Length
X-Nc
X-Swift-Error
X-Dw-Trace-Id
X-UA
X-APP
EpKe-Alive
X-BCube-Filmed-By
X-B3-ParentSpanId
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Shield-Pop
CF-Cached-On
X-Newrelic-App-Data
X-Vcache
Cf-Ipcountry
X-TRACE-ID
X-Via-Ucdn
X-Cache-ASPX
Wpo-Cache-Message
X-Contensis-Viewer-Groups
X-Yottaa-OS
Vha6-Origin
Wpo-Cache-Status
X-Snapshot-Date
X-HostName
Sid
X-Air-Pt
X-Cache-Ngx
Cdn
X-IN-APIGATEWAY
X-Varnish-Authentication
X-B3-Parentspanid
X-Akamai-Pragma-Client-IP
Req-ID
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
X-Cms-Context
X-Fetch-By
GeoIP-Latitude
X-Sentry-ID
X-Apw-Access-Action
CountryCode
X-Apw-Access-Token
X-CacheKey
X-Akamai-Request-ID
X-Last-Modified
Path
X-Logging-Id
Ohc-Cache-HIT
X-Te-Duration-Ms
X-Te-Count
X-Shopify-Generated-Cart-Token
Ngx
X-Apw-Hits
X-Http-Count
X-Http-Duration-Ms
X-Apw-Access-Object