Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-Request-ID
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
Report-To
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Pingback
X-Dispatcher
NEL
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Backend-Server
Accept-CH
X-Node
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-TtlSet
X-PC
X-Vname
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
X-Aws-Lambda-Call-Status
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cnection
X-Cache-TTL
X-Px
Accept-Ch
X-Navigation-Version
RTSS
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-NF-Request-ID
X-Goog-Hash
X-Origin-Cache
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Powered-CMS
AR-CACHE
AR-ATIME
AR-SID
AR-PoweredBy
AR-Request-ID
X-Version
X-Middleton-Display
X-Sol
Display
Pagespeed
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-TTL
X-Edge-Location-Klb
X-Kinsta-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
Nginx-Cache
TCN
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Protected-By
X-RateLimit-Remaining
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-T
X-Forwarded-For
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
Content-MD5
S
Edge-Cache-Tag
Fastcgi-Cache
X-Language
SPRequestDuration
X-Mid
SPIisLatency
Front-End-Https
Realpath
X-CST
X-Recruiting
X-Request-Processing-Time
X-Request-Received
X-DynaTrace
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Filters
Server-Node
X-MCACHE
X-Frontend
Server-Name
X-Ab
X-Content
X-Ua-Browser
X-Correlation-Id
X-Ttl
X-Ser
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-NWS-LOG-UUID
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-ECACHE
SPRequestGuid
X-Ezoic-Cdn
X-SharePointHealthScore
X-Cache-Key
X-Template
X-Hits
X-Parallel-Accel
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Alternate-Protocol
Fusion-Content-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Server-ID
Cache-Tags
X-Page-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Ruxit-Js-Agent
Charset
Host
X-B3-Sampled
X-Content-Options
Cleartype
X-Git-Hash
X-Www-Served-By
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Hostname
X-Content-Digest
X-Amz-Replication-Status
X-Fastly-Request-Id
X-Varnish-Age
X-Az
X-Ratelimit-Limit
X-AppVersion
X-Activity-Id
Filterid
X-Accel-Expires
X-FB-Debug
X-VCache
X-Upgrade-Enabled
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Grace
X-N
X-Nginx-Upstream-Cache-Status
X-Origin-Server
TP-L2-Cache
TP-Cache
Access-Control-Allow-Method
X-Rid
X-F-Cache
X-Mobile-URL
X-Is-Crawler
X-Aspnet-Duration-Ms
X-LB-Cache
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Flags
ServerID
X-Whom
X-TT
X-Seen-By
X-Varnish-Grace
X-Type
X-App-Environment
X-Goog-Metageneration
X-Goog-Generation
X-Tb
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-WebKit-CSP-Report-Only
X-FW-Type
X-FW-Static
X-XRDS-LOCATION
Node
Payment
X-Distributor
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
Viewport
X-FW-Server
X-App-Server
X-User-Agent
Paypal-Debug-Id
DC
Fastcgi-Useragent
X-DataDome
X-Wix-Request-Id
Accept-Charset
Country
X-NGENIX-Cache
X-Cache-Control
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Fastcgi-Cache
X-Cache-Rule
X-Fastly-Request-ID
Version
X-Logged-In
X-Via-JSL
X-Webkit-CSP
Referer-Policy
X-Microsite
X-Request-Handler-Origin-Region
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Drupal-Cache-Tags
Amp-Access-Control-Allow-Source-Origin
X-Cache-Age
X-Buckets
X-Cluster-Name
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
Refresh
X-Erf-Bev-Bev
X-Varnish-Backend
Cache-Status
X-Signature
X-B-Cache
X-Load-Cache
X-Contextid
VIX-Pulpo-Upstream-Status
X-Node-Name
VIX-Pulpo-Node
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
X-Rendered-As
X-Vgn-Hpd-Reason
X-Is-Bot
X-Mobile
X-Page-View
X-Real-IP
X-Cache-Expired-At
Access-Control-Request-Headers
X-B
X-Proxy-Cache-Status
NGB
X-Debug
X-Cacheable-TTL
X-Jobs
X-RemovedCookies
X-Yottaa-Optimizations
X-Ratelimit-Reset
X-Revision
X-ProcessESI
X-Proxy
X-IPLB-Instance
X-Yottaa-Metrics
X-Device-Type
X-Rule
X-UUID
X-Instance
X-Tec-Api-Version
X-Cache-Action
X-Tec-Api-Origin
X-Tec-Api-Root
Akamai-GRN
Surrogate-Key
X-Drupal-Cache-Contexts
X-Framework
X-Debug-IsPreview
X-Cache-Time
X-Debug-IsConnected
X-G
X-FW-Version
X-Air-Hostname
CF-IPCountry
X-Air-Trace-Id
X-Air-Source
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
SID
DynaTrace
GEO-INFO
X-Azure-Ref
X-PressLabs-Stats
Liferay-Portal
X-Accel-Buffering
X-Oneagent-Js-Injection
X-Nginx-Cache
X-Ms-Request-Id
X-Ms-Version
X-Source
X-Presslabs-Stats
Count-Hit
Uber-Trace-Id
Frame-Options
X-XRDS-Location
X-Cache-Operation
Healthy
Ms-Operation-Id
MS-CV
X-CDN-Forward
X-RTag
X-Cache-NGX
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Zen-Fury
Xserver
X-Cache-Hit
Countrycode
X-Mode
X-Varnish-Server
X-Environment-Context
X-Backend-Name
X-L-Path
X-Tumblr-User
Cross-Origin-Window-Policy
Protected
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Ec-Rule-Version
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-RateLimit-Limit
X-Ratelimit-Remaining
X-Servername
X-Region
X-Forwarded-Host
X-Cache-TTL-Remaining
X-SaId
X-JoinUs
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Detected-As
Meta-Geo
X-RN-RSRV
X-Tid
Backend
X-Extlb
LB
X-Proxied
X-Sql-Count
X-Sql-Duration-Ms
X-Content-Age
X-Hosted-By
X-Generation-Time
X-Cache-Grace
Apigw-Requestid
X-Debug-Cache
X-Redis-Cache
Country-Code
X-Routing-Service
Eomportal-Instance
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
WPO-Cache-Message
WPO-Cache-Status
X-Adobe-Loc
X-Adobe-Content
X-Zipkin-Id
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Hyper-Cache
X-Cache-Server
X-ShardId
X-Content-Powered-By
X-ShopId
X-Shopify-Stage
X-Uri
Url
Fastly-SSL
Mn-Server-Ip
X-ApacheServer
Cache-Name
X-NCache
X-Via-Fastly
X-Varnish-Beresp-Grace
X-Site-Version
X-Format
X-No-Session
X-ServerID
X-PERF
X-Origin-Date
X-Human
X-PHP-Backend
X-Status
Section-Io-Cache
X-FB-TRIP-ID
X-Proxy-Build
Selected-Fe
TWC-Connection-Speed
Property-Id
X-PCL
X-Storage
TWC-Device-Class
X-Origin-Hint
X-NYM-Debug-Backend
X-ProxyCache-Status
X-ProxyCache-Key
X-Server-W
X-Microcachable
Cache-Tv-Group
X-Akamai-Edgescape
Webcakes-Region
X-UA-Device-Type
X-Timing-Wait
X-Cache-Type
X-BYPASS-REASON
Webcakes-App-Version
X-Section
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
X-Cluster-Node
X-Access
TWC-Privacy
X-OCL
Webcakes-App-Name
X-NewRelic-App-Data
CDN-CachedAt
X-Hl-Ver
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
X-SayCDN-TTL
CDN-RequestId
X-Say-Cacheable
X-R9-Blue-Green-Version
X-Pubstack
X-Cache-Host
X-Varnishpool
CDN-Uid
X-Web-Node
X-Say-TTL
CDN-Cache
Content-Disposition
X-Soup
Azure-Version
Azure-SlotName
Azure-SiteName
X-Be
X-Azure-Ref-OriginShield
Azure-InstanceId
Azure-RegionName
X-Generated-By
DB-Nickname
X-Webkit-Csp
X-Ua
X-TIME
X-LSADC-Cache
Content-Secure-Policy
OT-Force-Account-Verify
X-Cached-By
X-Nginx-Cache-Key
SRV
X-Trace-Id
Source
Retry-After
X-TT-LOGID
X-Bc-Bl
Cache
X-Unique-Id
X-Auto-Login
X-LAGOON
X-Dc
X-GEO
X-Platform-Server
X-SRV
X-Cache-Remote
X-Cdn
X-Xfnlog-Site
Mime-Version
X-Varnish-Hits
Xet-Cookie
X-App-Version
X-Akamai-Transformed
Cache-Hits
X-Origin-CC
X-Loop
HostName
X-Origin-TTL
X-Varnish-Hostname
X-HTML-Minification-Powered-By
X-TNCMS
X-Cache-Tags
X-S-Maxage
ServedBy
Onion-Location
X-CSRF-Token
Upgrade-Insecure-Requests
X-Amz-Meta-S3cmd-Attrs
X-Time
X-Varnish-Cache-Hits
X-Request-Time
Webserver
X-EC-Lua
X-Proto
From-Origin
X-AOL-HN
N-Cache
WP-Super-Cache
X-ECache
X-Tumblr-Pixel-2
X-Request-Host
X-Xrds-Location
Web-Mar-Node
X-Tumblr-Pixel-3
X-Endurance-Cache-Level
X-Tenant
X-VWS-Id
X-AWS-Id
X-FireWall-Port
X-Cache-Var
X-Cache-Var-Map
X-LJ-Flow-ID
X-Time-Microsecs
X-Correlation-ID
X-Cache-Enabled
Nel
X-B3-SpanId
X-GG-Cache-Date
X-Origin-Response-Time
X-Handled-By
X-NWS-UUID-VERIFY
X-Edge-Location
X-Vtex-Remote-Cache
X-VG-WebCache
X-Vtex-Processado-Em
X-A-Ccd
X-Gen-Mode
X-A-Dam
X-Ftr-Request-Id
X-A
Meta-Geo-Continent
X-Forwarded-Path
X-Connection-Hash
X-A-Wwc
X-A-Dgt
X-Cache-NE
X-CF-Lambda-Fn
X-Block-Status
X-B-Cookie
X-Aed
X-Aicache-OS
X-Application
X-ARC
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Destination
X-Developer
Expiry
X-External-Request-Id
X-A-Dcw
X-D
X-Cluster
X-Conf
X-Vdms-Version
Xc-Version
Vix-Hermes-Req-Id
Rendered-Blocks
DCR-Processing-Time-Ms
DCR-Decision-By
Redirect-Candidate
Mobile-Detection-Method
Sslversion
X-Processor
X-PBS-Appsvrname
X-Vdms-Path
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Odigeo-Trace-Id
X-Rojux
X-Shop-Environment
X-ScT
X-SD-PageType
X-Session-Fingerprint
Pramga
X-S-Cookie
X-S
X-SRCache-Key
X-Slack-Backend
X-Mg-Request-UUID
X-PAYTM-SRV-ID
X-Planisys-CDN-Cache
X-Via-NSCOPI
Surrogated-Key
BehaviorPad-Version
A
X-Ig-Push-State
X-V-Cache
X-Hnp-Log
X-TIM-N
X-NAPM-TraceId
V-Age
X-Orig-Expires
User-Cache-Control
Fastcgi-X-Cache-Version
X-ND-Cache
X-Labrador-Cache-Channel
X-MP-GENERATED-AT
X-PHP-Host
CloudFront-Viewer-Country
X-Amzn-RequestId
X-Amz-Apigw-Id
Origin
Svr
Wxu-Next-Region
True-Client-Country-4JS
Wxu-Next-Commit
State
Host-ID
Wxu-Next-Hostname
Gh-Request-Id
X-Accel-Expires-Debug
X-Nyt-Route
X-Request-URI
X-Scheme
X-Server-IP
X-RCS-CacheZone
X-Proxy-Upstream
X-Origin-Time
X-Policy
X-Sucuri-Cache
X-Sucuri-ID
X-Backend-TTL
X-Epic-Correlation-Id
X-Webstats-RespID
X-Viewer-Country
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Origin-Expires
X-Old-Content-Length
X-Gdpr
X-Geo-Header
X-Forwarded-Site
X-Fastly-Cache
X-Cache-Date
X-Date
X-Hash
X-Li-Fabric
X-Mvc-Supplant-Cachable
X-NodeID
X-Men
X-Location
X-Li-Pop
X-LI-UUID
X-Cache-Bucket
X-Cdn-Srv
Fastly-Drupal-Html
CDCHOST
CacheControlHeader
DSUID
Cmsid
Arc-Country
AKAMAI
X-Magnolia-Registration
X-Reqid
X-Adobe-Source
Cmstype
Fastcgi-Cache-TTL
Environment
Server-Info
X-Backend-State
X-TH-Server
X-RateLimit-Remaining-Second
X-TrackingId
X-Cache-Debug
X-RateLimit-Limit-Second
X-Branch-Name
X-Gamma-Serve
X-Region-Sid
X-Qnm-Cache
X-Served-From
X-M-Log
X-Request-Start
X-Skip-Cache
X-Req
X-Sn-Servicetimems
X-M-Reqid
X-Platform
X-Envoy-Decorator-Operation
X-Gzip
X-Device-Os
X-Developers
X-HN
X-Esi-Check
X-Eu-Site
X-GeoIP
X-Generated-On
X-Fetched-On
X-GeoIP-City
X-Fastly-Backend
X-HS-Content-Campaign-Id
X-Irp-Debug
X-CGP
X-Locale
X-Cdn-Origin
X-Owner
X-UnsetCookies
X-Level-Front-Cache
X-Core-Mission
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Core-Value
X-Cache-Id
X-Storefront-Renderer-Rendered
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Release
Server-Host
Apple-News-Services-Host
Ssr
L5d-Success-Class
Locid
Machine
Mail-Subject
X-GeoIP-Country-Code
Origin-CC
X-Cache-Info
X-GeoIP-Region-Code
Origin-EX
X-Origin
PFcat
Apple-News-Services-Handled
L
X-VServer
We-Hiring
Traceparent
X-VarnishDD-TTL
X-Varnish-Beresp-Status
HA-Ipaddr
Ha-Gx-Prefs
X-Rocket-Nginx-Serving-Static
X-VG-TLSProxy
X-FC-Vary-Parameters
X-JWT-State
X-Is-Gdpr
Fastly-SWR
NM-Fastcgi-Cache
X-Sigma-Backend
Fastly-SIE
X-DefElseHash
X-BBC-Edge-Cache-Status
X-Has-Esi
X-DPWN-IS-SECURE
X-Rocket-Build-Number
X-DefHash
X-Sigma
X-Tx-Id
Is-Eu
Memcached
X-NU-AKA-ACS-Version
Thinkindot-Control
X-Amzn-Remapped-Content-Length
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Response-By
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Thinkindot-L3
Web-Mar-Region
X-Variation
X-Thanos
X-Varnish-CookieHashed-On
X-Zone
X-Worker
Adler-Geo
Fastly-GeoIP-CountryCode
X-Node-Id
X-VC-Cache
S-Rt
Req-Svc-Chain
Platform
Cf-Device-Type
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-ATG-Version
X-Bip
X-Qloud-Router
X-Pod-Name
X-Ua-Device
X-Varnish-Beresp-Ttl
X-Trace-ID
X-CLOUD-TRACE-CONTEXT
X-NODE
X-Loc
X-Mvc-Supplant-OutputCached
AMP-Access-Control-Allow-Source-Origin
Magicmarker
NGX
X-CS
X-Akamai-Request-ID2
X-Up
X-LB-ID
X-Restarts
X-Http-Reason
X-API-Version
X-Cache-Config
Kp-EeAlive
X-NC
Ms-Author-Via
X-Generated-In
CDN
X-CACHE-KEY
Pics-Label
Datacenter
X-RPS
X-RSL
Time
Edge-Cache
X-TraceId
X-RPM
X-LB-NoCache
X-DB
Memory
X-Action
Env
X-DI
X-Wix-Viewer-Type
X-DSS
X-DW
X-Tb-Optimization-Total-Bytes-Saved
NtCoent-Length
X-Refresh
WebServer
X-DC
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-Optimistic-Header
X-Varnish-Ttl
X-Cache-Backend
Candidate-Md5Url
X-Edge-Pop
X-Datadome
Accept-Language
X-Cache-Ttl
X-Tt-Logid
X-CacheTTL
X-Minions-Version
X-DynaTrace-JS-Agent
GeoIp-Country-Code
X-HA-Backend
WWW-Authenticate
X-Srv
On-Server
X-Vc
X-Esi
X-Servedbyhost
Esi-Enabled
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Unique-ID
X-MSEdge-Flight
X-MSEdge-Features
Server-ID
X-ZONE
X-Cs
X-Varnish-Beresp-TTL
X-Parent-Response-Time
X-Ec-GeoHdr
X-Ec-Fail
C-Via
X-User
X-Service
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-TX-ID
X-Webkit-CSP-Report-Only
X-Cache-PHP
X-VCL-Version
X-LI-Proto
X-Fpc
X-Traceid
X-App
X-URL
X-Dynatrace
X-Li-Proto
Cdncip
X-Webkit-Csp-Report-Only
X-Cache-Status-Check
Test
X-Render-Time
X-AK-Request-ID
Cdnsip
X-LiteSpeed-Cache-Control
X-FPC
X-B3-Spanid
X-WADP-Cache
My-App
X-Clara-WADP
Cluster
X-Fmm-Version
Proxy-Connection
X-Pass-Why
X-CUA
Tracecode
Resin-Trace
X-Vcl-Version
Geoip-Latitude
X-Var-Ttl
X-Mcache
Server-Id
X-From
T-Server
Lfy
M-TraceId
Geo-Info
Cf-Int-Pingora-Origin-Digest
X-Fragments
Lang
X-Clientip
Fastly-Drupal-HTML
X-AIR-PT
X-CSRF-TOKEN
X-Info
HIT
X-LiteSpeed-Tag
Target-Params
X-Oss-Storage-Class
X-VC
X-Ha-Backend
DataCenter
X-ID
UCS
Cache-Host
GeoIP-Country-Code
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Hostname
X-WP-CF-Super-Cache
Hit
X-WP-CF-Super-Cache-Cache-Control
X-RAMCache
S-Cnection
X-ServedByHost
X-Pad
X-Geo
X-Dynatrace-Js-Agent
Ohc-File-Size
X-Via-PopN
X-Via-PopV
X-RateLimit-Reset
X-Edge-POP
Tcn
X-Cdn-Forward
MIME-Version
X-Via-PopH
X-Edge-Cache
Permissions-Policy
Load-Balancing
X-HS-Status
ENV
Fastly-Backend-Name
X-Check-Cacheable
X-Api-Version
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-ElasticPress-Query
User-Agent
X-NGINX-Cache
X-Provided-By
X-Micro-Cache
WZWS-RAY
X-Httpd
Servername
X-Fastly-Backend-Reqs
X-ServerName
X-Ucs
X-Proxy-Cache-Info
Producers
X-BBC-Origin-Response-Status
X-Release
X-Backend-Host
X-HostName
URI
X-SB
Uri
X-GoCache-CacheStatus
X-Nc
X-UP
X-Cache-CFC
X-Lb-Nocache
X-BCube-Filmed-By
X-APP
ServerName
PICS-Label
FSS-Cache
X-TRACE-ID
X-Lb-Id
X-Swift-Error
X-Acquia-Application-Trace
Cdn
Cneonction
X-Cdn-Request-ID
X-Pool
X-Udemy-Cache-App-Namespace
Ohc-Cache-HIT
X-Platform-Cluster
X-Platform-Processor
Cteonnt-Length
X-Platform-Router
X-Acquia-Application-UUID
EpKe-Alive
X-Acquia-Purge-Tags
X-Acquia-Site
X-Fastly-Cache-Hits
Server-Ttl
X-Dw-Trace-Id
X-Scale
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Ec-Custom-Error
X-Apw-Access-Token
CPC-Cache
Vha6-Origin
X-B3-ParentSpanId
Path
X-Yottaa-OS
X-WA-Info
X-Vcache
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Snapshot-Date
CF-Cached-On
Cache-Key
Shield-Pop
X-WA
X-Amz-Meta-Cb-Modifiedtime
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Hits
X-Newrelic-App-Data
Cf-Ipcountry
VNS-Age
CPC-Age
VNS-Cache
Sid
X-Cache-Ngx
Lb
X-Air-Pt
X-Akamai-Request-ID
GeoIP-Latitude
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-SIPLIST1
X-Dispatcher-Number
X-Cache-Expires
X-Shopify-Generated-Cart-Token
IsBot
X-Varnish-Authentication
X-Last-Modified
X-Http-Duration-Ms
X-Te-Count
X-Http-Count
Req-ID
X-Sentry-ID
CountryCode
X-Te-Duration-Ms
X-ES-SERVER
X-Wikidot-Static-Cache
X-CacheKey
X-UA
Ngx
X-Akamai-Pragma-Client-IP
X-Wikidot-Backend
X-Logging-Id