Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
Report-To
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
NEL
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Request-ID
EagleId
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-UA-Device
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-Ua-Compatible
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Server
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
EagleEye-TraceId
X-Vhost
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Accept-CH
X-OneAgent-JS-Injection
X-Cache-Spec
X-Host
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
Rating
X-Country
X-Cloud-Trace-Context
X-B3-TraceId
X-Cache-Lookup
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Trace
X-Url
Allow
X-Vname
X-TtlSet
X-PC
X-Content-Type
X-Ac
X-Aws-Lambda-Call-Status
X-Clacks-Overhead
X-Varnish-TTL
Edge-Control
X-Server-Name
Fastly-Restarts
X-ESI
X-Mod-Pagespeed
Cache-Tag
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
Verso
MS-Author-Via
X-Element-Page-Cache
X-Vcap-Request-Id
X-FastCGI-Cache
X-Upstream
X-Amz-Rid
X-MS-InvokeApp
X-GitHub-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-Abt-Application-Version
X-D2id
X-Cache-TTL
RTSS
X-Cnection
X-Px
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Navigation-Version
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Country-Code
X-Powered-By-Plesk
X-Goog-Hash
X-NF-Request-ID
X-TTL
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Pagespeed
X-Sol
Display
X-Middleton-Display
AR-CACHE
AR-PoweredBy
AR-SID
AR-ATIME
AR-Request-ID
X-Version
X-CST
X-Powered-CMS
Response
X-Middleton-Response
X-Origin-Cache
X-RateLimit-Remaining
X-MSEdge-Ref
X-LLID
Nginx-Cache
TCN
X-Edge-Location-Klb
X-Kinsta-Cache
X-Amz-Server-Side-Encryption
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Edge
X-Protected-By
X-T
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-For
X-Ruxit-Js-Agent
X-Jurisdiction
X-Shield-Request-Id
X-HP-Trace-Id
X-HP-Webp
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Edge-Cache-Tag
S
X-Language
X-Aspnetmvc-Version
Content-MD5
SPIisLatency
SPRequestDuration
Front-End-Https
Fastcgi-Cache
X-Mid
Realpath
X-Request-Received
X-Request-Processing-Time
Server-Node
Filters
Pinterest-Generated-By
X-Frontend
Pinterest-Version
X-Pinterest-Rid
X-Cache-Key
X-Recruiting
X-NWS-LOG-UUID
Server-Name
X-Content
X-Ua-Browser
X-Ab
X-Ser
X-Correlation-Id
X-MCACHE
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Template
X-DynaTrace
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Hits
X-Parallel-Accel
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-ECACHE
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
X-Page-Id
Charset
X-Daa-Tunnel
Host
X-Ttl
X-B3-Sampled
Cleartype
X-Server-ID
X-Git-Hash
X-Www-Served-By
X-Geo-Country
X-Debug-Info
X-Oneagent-Js-Injection
X-DIS-Request-ID
X-Content-Options
Alternate-Protocol
X-Content-Digest
X-Amzn-Trace-Id
Accept-Ch
X-Hostname
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
X-Ratelimit-Limit
Cross-Origin-Opener-Policy
X-ASPNET-VERSION
X-Amz-Replication-Status
Filterid
X-DataDome
X-Varnish-Age
X-Grace
X-F-Cache
ServerID
X-FB-Debug
X-Az
X-Upgrade-Enabled
X-AppVersion
X-Activity-Id
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-VCache
X-N
X-Nginx-Upstream-Cache-Status
X-Rid
X-Forwarded-Proto
X-Mobile-URL
X-Origin-Server
Access-Control-Allow-Method
X-LB-Cache
X-Type
X-TT
X-Whom
X-Ratelimit-Reset
X-Goog-Storage-Class
X-App-Environment
X-Seen-By
X-Goog-Metageneration
X-Route-Name
X-Aspnet-Duration-Ms
X-Request-Guid
X-Goog-Generation
X-Flags
X-Tb
X-Goog-Stored-Content-Encoding
X-Distributor
X-GUploader-UploadID
X-Providence-Cookie
Viewport
X-Is-Crawler
X-Goog-Stored-Content-Length
X-Fastly-Request-Id
X-Fastly-Request-ID
X-Varnish-Grace
Payment
X-FW-Static
Node
X-User-Agent
X-FW-Dynamic
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
DC
X-XRDS-LOCATION
Paypal-Debug-Id
Accept-Charset
Country
X-Wix-Request-Id
TP-L2-Cache
TP-Cache
Fastcgi-Useragent
X-Fastcgi-Cache
X-App-Server
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Cache-Rule
X-Cache-Control
X-Via-JSL
X-Cluster-Name
X-Litespeed-Cache
X-Webkit-Csp
X-NGENIX-Cache
X-Drupal-Cache-Tags
Version
X-Cache-Age
X-Request-Handler-Origin-Region
X-Microsite
X-Signature
X-Contextid
X-B-Cache
X-Buckets
Cache-Status
Referer-Policy
X-Logged-In
X-Node-Name
Refresh
X-Mobile
VIX-Pulpo-Node
X-Original-Request-Id
Amp-Access-Control-Allow-Source-Origin
SD-X-WS
X-Response-Served-From
VIX-Pulpo-Upstream-Status
X-Origin-Upstream-Status
X-Real-IP
X-Rendered-As
X-Load-Cache
X-Jobs
X-Cache-Expired-At
X-Is-Bot
X-Vgn-Hpd-Reason
NGB
Access-Control-Request-Headers
X-IPLB-Instance
X-Erf-Bev-Bev
X-Proxy-Cache-Status
X-Revision
X-Varnish-Backend
X-B
X-Erf-Bev-Bev-Is-Generated
X-Cacheable-TTL
X-Browser-Type
X-Debug
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-UUID
X-Proxy
X-Device-Type
X-Page-View
X-Rule
X-Cache-Action
X-ProcessESI
X-Instance
X-G
X-Framework
X-RemovedCookies
Surrogate-Key
Akamai-GRN
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Debug-IsPreview
X-Cache-Time
X-FW-Version
X-Accel-Buffering
CF-IPCountry
SID
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-XRDS-Location
X-Presslabs-Stats
X-Cache-NGX
Count-Hit
GEO-INFO
X-Air-Trace-Id
Uber-Trace-Id
X-Air-Hostname
X-Air-Source
X-Cache-Operation
X-Azure-Ref
X-Ms-Version
X-Source
X-Ms-Request-Id
X-RateLimit-Limit
X-Nginx-Cache
X-PressLabs-Stats
X-Zen-Fury
X-APP-VERSION
Protected
X-EdgeConnect-Cache-Status
X-Trace-Id
Frame-Options
Liferay-Portal
DynaTrace
WPO-Cache-Message
X-Cache-Hit
X-CDN-Forward
WPO-Cache-Status
X-RTag
MS-CV
Ms-Operation-Id
X-TEC-API-ROOT
X-Servername
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Ec-Rule-Version
X-Hyper-Cache
X-Cache-TTL-Remaining
X-Backend-Name
Healthy
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Countrycode
X-L-Path
Content-Disposition
X-Mode
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Xserver
X-Tumblr-User
X-Environment-Context
X-Tumblr-Pixel-0
X-Adobe-Content
X-Varnish-Server
X-Adobe-Loc
Backend
Meta-Geo
X-Rewrite-Enabled
X-Detected-As
X-JoinUs
X-SaId
X-Cache-Grace
Url
X-RN-RSRV
X-Tid
X-UPSTREAM-Address
LB
X-Routing-Service
Eomportal-Instance
X-Redis-Cache
Country-Code
X-Region
Decoy-Debug-TTL
Decoy-Debug-Key
X-Uri
X-Content-Age
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Extlb
X-Generation-Time
X-Ratelimit-Remaining
Decoy-Debug-Status
X-Sorting-Hat-PodId
X-Debug-Cache
X-ShardId
X-Cache-Server
Apigw-Requestid
X-Format
X-Proxied
X-Zipkin-Id
X-Alternate-Cache-Key
X-Human
X-Hosted-By
X-Access
X-Forwarded-Host
X-ApacheServer
X-Section
X-Sql-Count
Cache-Name
X-UA-Device-Type
CDN-RequestCountryCode
X-FB-TRIP-ID
X-Microcachable
X-PERF
X-PHP-Backend
CDN-RequestId
Retry-After
X-Status
X-Sql-Duration-Ms
X-Via-Fastly
CDN-Uid
X-PCL
Mn-Server-Ip
X-No-Session
X-Origin-Date
X-Site-Version
CDN-PullZone
X-ServerID
CDN-EdgeStorageId
CDN-CachedAt
X-NCache
CDN-Cache
X-OCL
Fastly-SSL
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
TWC-Privacy
TWC-Device-Class
TWC-GeoIP-Country
X-Generated-By
X-Proxy-Build
X-Akamai-Edgescape
X-NYM-Debug-Backend
X-Say-Cacheable
X-ProxyCache-Key
X-ProxyCache-Status
X-Timing-Wait
X-Varnish-Beresp-Grace
X-Storage
X-Pubstack
X-Say-TTL
X-SayCDN-TTL
X-Cache-Host
X-BYPASS-REASON
Webcakes-Region
Webcakes-App-Version
X-Cache-Type
X-Cluster-Node
X-Server-W
X-Web-Node
X-Origin-Hint
X-Content-Powered-By
Webcakes-App-Name
Selected-Fe
Cache-Tv-Group
X-Hl-Ver
X-Soup
X-NewRelic-App-Data
X-R9-Blue-Green-Version
X-Be
X-Varnishpool
Azure-RegionName
Azure-InstanceId
Section-Io-Cache
Azure-SiteName
Content-Secure-Policy
X-Nginx-Cache-Key
Azure-Version
Azure-SlotName
X-Ua
X-TIME
X-LSADC-Cache
X-Cache-Remote
X-Unique-Id
DB-Nickname
X-Webkit-CSP
X-Dc
X-Cached-By
X-Azure-Ref-OriginShield
X-Bc-Bl
X-Platform-Server
X-Xfnlog-Site
X-TT-LOGID
X-Akamai-Transformed
Cache
OT-Force-Account-Verify
X-Auto-Login
Source
ServedBy
X-Cache-Tags
Upgrade-Insecure-Requests
From-Origin
X-GEO
SRV
Xet-Cookie
X-LAGOON
X-Varnish-Cache-Hits
X-ECache
X-Request-Time
X-AOL-HN
X-Origin-TTL
X-Origin-CC
X-Cdn
X-NWS-UUID-VERIFY
Cache-Hits
X-Varnish-Hits
HostName
X-Varnish-Hostname
X-Request-Host
Mime-Version
X-TNCMS
WP-Super-Cache
Webserver
X-S-Maxage
X-CSRF-Token
X-Loop
Onion-Location
X-App-Version
X-HTML-Minification-Powered-By
X-FireWall-Port
X-EC-Lua
X-SRV
X-Cache-Enabled
X-Time
X-Akamai-Request-ID2
X-Tumblr-Pixel-3
Web-Mar-Node
S-Rt
X-Handled-By
X-Tumblr-Pixel-2
X-Endurance-Cache-Level
N-Cache
X-Http-Reason
X-RCS-CacheZone
X-Reqid
X-Adobe-Source
X-Origin-Response-Time
X-Proto
X-Tenant
X-B3-SpanId
X-Forwarded-Path
X-Vdms-Version
DCR-Decision-By
X-Planisys-CDN-Rules
BehaviorPad-Version
Fastcgi-X-Cache-Version
X-V-Cache
Mobile-Detection-Method
Odigeo-Trace-Id
X-TIM-N
Meta-Geo-Continent
X-Vdms-Path
Expiry
A
X-External-Request-Id
DCR-Processing-Time-Ms
X-Mg-Request-UUID
X-NAPM-TraceId
X-PBS-Appsvrname
X-Ig-Push-State
X-PAYTM-SRV-ID
X-Vtex-Remote-Cache
Xc-Version
X-ND-Cache
X-Planisys-CDN-Cache
X-Hnp-Log
X-Gen-Mode
X-VG-WebCache
Pramga
Server-Info
X-GG-Cache-Date
X-Vtex-Processado-Em
X-Ftr-Request-Id
Sslversion
X-Backend-TTL
X-Block-Status
X-Cache-NE
X-SD-PageType
X-B-Cookie
X-ARC
X-Application
X-Processor
X-Session-Fingerprint
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-S
X-D
X-Connection-Hash
X-S-Cookie
X-Destination
X-ScT
X-Ckpd-Fst-Backend
X-Cluster
X-Aed
X-A-Wwc
X-Developer
User-Cache-Control
V-Age
X-Epic-Correlation-Id
X-SRCache-Key
Rendered-Blocks
X-Rojux
Surrogated-Key
Vix-Hermes-Req-Id
X-A
X-Shop-Environment
X-A-Dcw
X-A-Dgt
X-Orig-Expires
X-Planisys-CDN-TTL
X-A-Ccd
X-Slack-Backend
X-A-Dam
Redirect-Candidate
X-Conf
X-AWS-Id
Nel
X-VWS-Id
X-LJ-Flow-ID
X-Correlation-ID
X-Amz-Meta-S3cmd-Attrs
X-Time-Microsecs
X-Edge-Location
X-MP-GENERATED-AT
X-Magnolia-Registration
X-Locale
X-Cdn-Srv
X-Core-Mission
X-Viewer-Country
X-Cache-Date
X-VG-TLSProxy
X-Cache-Info
X-Webstats-RespID
X-Cache-Bucket
Wxu-Next-Hostname
Origin-EX
State
Origin-CC
Origin
Host-ID
Svr
Traceparent
Wxu-Next-Region
X-Date
Wxu-Next-Commit
True-Client-Country-4JS
X-Accel-Expires-Debug
X-Forwarded-Site
X-Origin
X-Origin-Expires
X-Old-Content-Length
X-Nyt-Route
X-NodeID
X-Origin-Time
X-Server-IP
X-Request-URI
X-Rocket-Nginx-Serving-Static
X-Scheme
X-Proxy-Upstream
X-Policy
X-Mvc-Supplant-Cachable
X-Men
X-Gdpr
X-Geo-Header
Gh-Request-Id
X-Fetched-On
X-Fastly-Cache
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Location
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Hash
X-Device-Os
X-Aicache-OS
CDCHOST
Cmsid
Cmstype
DSUID
CacheControlHeader
Arc-Country
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Fastcgi-Cache-TTL
Apple-News-Services-Host
X-Via-NSCOPI
Environment
CloudFront-Viewer-Country
X-Developers
X-TrackingId
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Envoy-Decorator-Operation
X-Esi-Check
X-TH-Server
X-Generated-On
X-Gamma-Serve
X-Eu-Site
X-UnsetCookies
X-Thinkindot-L3
X-Core-Value
X-Cache-Debug
X-Cache-Id
X-Branch-Name
X-BBC-Edge-Cache-Status
X-VServer
AMP-Access-Control-Allow-Source-Origin
HA-Ipaddr
Fastly-GeoIP-CountryCode
X-GeoIP
X-CGP
X-VarnishDD-TTL
Ha-Gx-Prefs
Mail-Subject
X-Gzip
X-Owner
X-Served-From
X-Amzn-RequestId
X-Sigma
X-Skip-Cache
X-Sigma-Backend
X-PHP-Host
X-Platform
X-Req
X-Rocket-Build-Number
X-Region-Sid
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Amz-Apigw-Id
X-Node-Id
X-Irp-Debug
X-Labrador-Cache-Channel
X-HS-Content-Campaign-Id
X-HN
X-ATG-Version
X-Level-Front-Cache
X-Li-Fabric
X-Sucuri-Cache
X-Storefront-Renderer-Rendered
X-Sucuri-ID
X-LI-UUID
X-Li-Pop
X-GeoIP-City
X-Csrf-Jwt
Release
Locid
PFcat
X-Cdn-Origin
L5d-Success-Class
X-Restarts
L
Req-Svc-Chain
X-Sn-Servicetimems
Server-Host
X-Fastly-Backend
Web-Mar-Region
TDXMobile
Machine
Thinkindot-CacheControl
We-Hiring
Thinkindot-Control
Ssr
Thinkindot-CacheControl-Type
X-Varnish-Ttl
X-Zone
Accept-Language
X-FC-Vary-Parameters
X-Variation
X-DPWN-IS-SECURE
X-Worker
Fastly-Drupal-Html
X-DefHash
X-Varnish-Beresp-Ttl
X-Has-Esi
X-Varnish-CookieHashed-On
X-DefElseHash
X-Rebelmouse-Surrogate-Control
NM-Fastcgi-Cache
X-Response-By
X-Amzn-Remapped-Content-Length
Is-Eu
X-Pod-Name
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Qloud-Router
Memcached
Fastly-SWR
X-Rebelmouse-Cache-Control
X-JWT-State
X-Is-Gdpr
Cf-Device-Type
Fastly-SIE
X-Varnish-Beresp-Status
Adler-Geo
X-Loc
Platform
X-Xrds-Location
X-Cache-Var-Map
X-DSS
X-DW
X-RSL
Magicmarker
X-RPS
X-RPM
NGX
X-Cache-Backend
X-NU-AKA-ACS-Version
X-DI
X-Tx-Id
X-Action
X-VC-Cache
X-Cache-Var
X-Backend-State
X-DB
X-Srv
X-Ua-Device
X-TraceId
Edge-Cache
Kp-EeAlive
X-CS
CDN
X-Wix-Viewer-Type
X-NC
X-Mvc-Supplant-OutputCached
X-LB-NoCache
X-CacheTTL
X-LB-ID
X-Optimistic-Header
X-Up
X-Generated-In
Pics-Label
X-Minions-Version
X-API-Version
X-Request-Start
X-Tb-Optimization-Total-Bytes-Saved
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Bip
Time
Memory
X-Thanos
X-Trace-ID
Ms-Author-Via
X-Tt-Logid
X-M-Log
X-Qnm-Cache
X-M-Reqid
Env
X-Edge-Pop
X-Refresh
X-Cache-Config
X-Via-Popv
WebServer
X-Via-Poph
X-Via-Popn
X-TA-CDN-Provider
X-HA-Backend
X-User
X-Ec-GeoHdr
GeoIp-Country-Code
X-Ec-Fail
X-Parent-Response-Time
X-DC
X-Servedbyhost
X-CACHE-KEY
Datacenter
NtCoent-Length
Server-ID
X-Esi
Candidate-Md5Url
X-Cs
X-DynaTrace-JS-Agent
X-Vc
X-MSEdge-Features
X-TX-ID
X-Dynatrace
X-ZONE
X-MSEdge-Flight
X-AK-Request-ID
Cdncip
Cdnsip
X-CLOUD-TRACE-CONTEXT
Cluster
X-WADP-Cache
On-Server
My-App
X-Fmm-Version
X-Clara-WADP
WWW-Authenticate
X-Varnish-Beresp-TTL
X-Datadome
DataCenter
X-Pass-Why
Tracecode
X-CUA
Esi-Enabled
Geoip-Latitude
X-VCL-Version
X-Traceid
X-Var-Ttl
X-App
X-From
X-LI-Proto
X-Fpc
Lfy
X-Cache-Ttl
T-Server
X-URL
X-B3-Spanid
X-Fragments
X-Service
X-Webkit-Csp-Report-Only
X-Li-Proto
C-Via
Lang
Geo-Info
X-FPC
X-Unique-ID
X-Cache-PHP
Fastly-Drupal-HTML
X-VC
Cf-Int-Pingora-Origin-Digest
Target-Params
Proxy-Connection
X-Newrelic-Synthetics
X-Vcl-Version
X-NODE
X-Webkit-CSP-Report-Only
Test
X-Provided-By
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Mcache
Resin-Trace
X-RAMCache
Server-Id
M-TraceId
X-Render-Time
X-Cache-Status-Check
X-CSRF-TOKEN
X-LiteSpeed-Cache-Control
MIME-Version
Hostname
Permissions-Policy
X-Ha-Backend
WZWS-RAY
X-Proxy-Cache-Info
X-Httpd
X-Geo
X-ID
Servername
X-B3-Traceid
X-Via-PopN
X-Api-Version
X-Via-PopH
FSS-Cache
X-SB
GeoIP-Country-Code
X-Clientip
Hit
X-ServedByHost
X-Via-PopV
Producers
X-NGINX-Cache
X-Udemy-Cache-App-Namespace
X-Dynatrace-Js-Agent
X-Edge-POP
X-Pool
ENV
X-Cdn-Forward
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Pad
X-Oss-Hash-Crc64ecma
HIT
X-Oss-Object-Type
X-Oss-Request-Id
X-Ec-Custom-Error
X-LiteSpeed-Tag
X-Oss-Server-Time
X-Edge-Cache
X-Scale
X-Oss-Storage-Class
UCS
Cache-Host
X-Fastly-Backend-Reqs
X-ElasticPress-Query
X-Ucs
Section-Io-Origin-Time-Seconds
X-UP
X-Dispatcher-Number
MD5-Digest
Cneonction
S-Cnection
Section-Io-Id
Section-Io-Origin-Status
X-Info
X-AIR-PT
Section-Origin-Responded
X-HS-Status
X-Lb-Id
Uri
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Cache-CFC
X-BBC-Origin-Response-Status
X-Cache-Expires
IsBot
Sever-Int
URI
Server-Ext
Server-Hostname
X-SIPLIST1
X-Lb-Nocache
ServerName
X-GoCache-CacheStatus
Cf-Ipcountry
PICS-Label
X-Via-Ucdn
X-Check-Cacheable
X-Srcache-Store-Status
Ohc-File-Size
X-Srcache-Fetch-Status
X-Cms-Context
X-Micro-Cache
Tcn
X-Release
Fastly-Backend-Name
X-RateLimit-Reset
User-Agent
X-Cdn-Request-ID
X-Fastly-Cache-Hits
Sid
X-Swift-Error
X-Snapshot-Date
X-Nc
Cteonnt-Length
Server-Ttl
X-Dw-Trace-Id
X-Akamai-Path-Stats
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-B3-ParentSpanId
Wpo-Cache-Message
X-Yottaa-OS
Wpo-Cache-Status
X-Backend-Host
Vha6-Origin
CF-Cached-On
X-Newrelic-App-Data
X-Vcache
Ngx
X-HostName
X-Air-Pt
Load-Balancing
X-Cache-Ngx
X-ServerName
X-WA-Info
X-Cache-ASPX
X-BCube-Filmed-By
X-B3-Parentspanid
X-Varnish-Authentication
X-Litespeed-Cache-Control
X-Contensis-Viewer-Groups
X-Fetch-By
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Inserted-Into-Cache-At
X-Apw-Hits
Req-ID
X-Last-Modified
X-Akamai-Pragma-Client-IP
CountryCode
X-Sentry-ID
X-Te-Count
X-Http-Duration-Ms
X-Http-Count
X-UA
X-CacheKey
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Te-Duration-Ms
X-Akamai-Request-ID
X-Logging-Id
EpKe-Alive
Shield-Pop
X-APP