Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
Report-To
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-UA-Device
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
NEL
X-Server
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
EagleEye-TraceId
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Spec
Accept-CH
X-Host
X-Dns-Prefetch-Control
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Cache-Lookup
Accept-CH-Lifetime
X-Trace
X-Url
Allow
X-Ac
X-Content-Type
X-PC
X-TtlSet
X-Vname
X-Aws-Lambda-Call-Status
X-Clacks-Overhead
Edge-Control
X-Server-Name
X-Varnish-TTL
Fastly-Restarts
X-Mod-Pagespeed
X-ESI
Cache-Tag
X-Rack-Cache
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Element-Page-Cache
MS-Author-Via
X-Vcap-Request-Id
X-Upstream
X-FastCGI-Cache
X-Amz-Rid
X-MS-InvokeApp
Public-Key-Pins
X-GitHub-Request-Id
X-Dw-Request-Base-Id
X-Cached
X-Abt-Application-Version
X-D2id
X-Client-IP
RTSS
X-Cnection
X-Px
X-Cache-TTL
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-Goog-Hash
X-NF-Request-ID
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-TTL
AR-CACHE
AR-PoweredBy
X-Sol
AR-Request-ID
AR-SID
X-Middleton-Display
Pagespeed
Display
AR-ATIME
X-Powered-CMS
X-Version
X-Origin-Cache
X-Middleton-Response
Response
X-LLID
X-CST
X-MSEdge-Ref
X-RateLimit-Remaining
X-Kinsta-Cache
TCN
Nginx-Cache
X-Edge-Location-Klb
X-Amz-Server-Side-Encryption
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Edge
X-Protected-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HP-Trace-Id
X-Forwarded-For
X-T
X-Jurisdiction
X-HP-Webp
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Aspnetmvc-Version
X-Id
X-Language
Edge-Cache-Tag
S
Content-MD5
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
Front-End-Https
X-Mid
Fastcgi-Cache
Realpath
Pinterest-Version
Filters
X-Frontend
Server-Node
X-Pinterest-Rid
Pinterest-Generated-By
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Accept-Ch
Server-Name
X-Cache-Key
X-Content
X-Ab
X-Ua-Browser
X-Ser
X-NWS-LOG-UUID
X-MCACHE
X-Correlation-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Template
X-HS-Combine-CSS
X-DynaTrace
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-SharePointHealthScore
SPRequestGuid
X-ECACHE
X-Hits
X-Parallel-Accel
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Server-ID
MicrosoftSharePointTeamServices
X-Ttl
X-Tt-Trace-Tag
X-Tt-Trace-Host
Charset
Cache-Tags
X-Page-Id
X-B3-Sampled
Cleartype
Host
X-Git-Hash
X-Daa-Tunnel
X-Geo-Country
X-Www-Served-By
X-Debug-Info
Alternate-Protocol
X-Content-Options
X-DIS-Request-ID
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
X-Content-Digest
X-Hostname
X-Amzn-Trace-Id
Cross-Origin-Opener-Policy
X-Amz-Replication-Status
Filterid
X-Ratelimit-Limit
X-Varnish-Age
X-DataDome
X-FB-Debug
X-F-Cache
X-Az
X-Activity-Id
X-AppVersion
X-Grace
ServerID
X-Upgrade-Enabled
X-VCache
X-Accel-Expires
X-N
X-Nginx-Upstream-Cache-Status
X-Rid
X-Mobile-URL
X-Forwarded-Proto
X-Is-Crawler
X-Route-Name
Access-Control-Allow-Method
X-Aspnet-Duration-Ms
X-Request-Guid
X-Fastly-Request-ID
X-Flags
X-Providence-Cookie
X-LB-Cache
X-Whom
X-Seen-By
X-TT
X-Origin-Server
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Type
X-Goog-Stored-Content-Length
Payment
X-Varnish-Grace
X-Tb
Viewport
X-App-Environment
X-GUploader-UploadID
X-WebKit-CSP-Report-Only
X-Distributor
Node
X-FW-Dynamic
Fastcgi-Useragent
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Server
X-User-Agent
X-FW-Serve
X-Fastcgi-Cache
X-Wix-Request-Id
DC
Paypal-Debug-Id
TP-L2-Cache
X-Oneagent-Js-Injection
TP-Cache
X-XRDS-LOCATION
Accept-Charset
X-Fastly-Request-Id
X-App-Server
Country
X-Ratelimit-Reset
X-Litespeed-Cache
X-Cache-Rule
X-Webkit-Csp
X-Cache-Control
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Via-JSL
X-NGENIX-Cache
Version
X-Cluster-Name
X-Drupal-Cache-Tags
X-B-Cache
X-Cache-Age
X-Request-Handler-Origin-Region
X-Buckets
X-Signature
X-Contextid
X-Microsite
Referer-Policy
Amp-Access-Control-Allow-Source-Origin
X-Origin-Upstream-Status
Cache-Status
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Logged-In
X-Node-Name
Refresh
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Mobile
X-Original-Request-Id
X-Response-Served-From
SD-X-WS
X-Jobs
X-Real-IP
X-Rendered-As
X-Cache-Expired-At
X-Page-View
X-Vgn-Hpd-Reason
X-Is-Bot
X-Load-Cache
X-Revision
X-Proxy-Cache-Status
Access-Control-Request-Headers
X-IPLB-Instance
X-Browser-Type
NGB
X-Erf-Bev-Bev
X-Cacheable-TTL
X-Erf-Bev-Bev-Is-Generated
X-B
X-UUID
X-Varnish-Backend
X-Rule
X-RemovedCookies
X-Yottaa-Metrics
X-Debug
X-Cache-Action
X-ProcessESI
X-Yottaa-Optimizations
X-Device-Type
X-Drupal-Cache-Contexts
X-Instance
X-G
X-Framework
Surrogate-Key
X-Proxy
X-Debug-IsPreview
X-Debug-IsConnected
Akamai-GRN
X-FW-Version
X-Cache-Time
CF-IPCountry
X-Accel-Buffering
SID
GEO-INFO
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
Count-Hit
X-Cache-NGX
X-Nginx-Cache
Uber-Trace-Id
X-RateLimit-Limit
X-PressLabs-Stats
X-Azure-Ref
X-Cache-Operation
X-Presslabs-Stats
X-Source
X-Ms-Request-Id
X-Ms-Version
X-XRDS-Location
X-Zen-Fury
DynaTrace
Liferay-Portal
X-APP-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Protected
X-TEC-API-VERSION
X-EdgeConnect-Cache-Status
Frame-Options
X-CDN-Forward
Ms-Operation-Id
WPO-Cache-Message
MS-CV
X-RTag
WPO-Cache-Status
X-Servername
X-Cache-Hit
X-Hyper-Cache
Healthy
Ec-Rule-Version
X-IPS-LoggedIn
Countrycode
Cross-Origin-Window-Policy
X-Backend-Name
X-Cache-TTL-Remaining
X-L-Path
X-Environment-Context
X-Mode
Xserver
X-Tumblr-User
X-Tumblr-Pixel
Content-Disposition
X-Varnish-Server
X-Ratelimit-Remaining
X-Adobe-Loc
X-Adobe-Content
X-Tumblr-Pixel-0
X-Trace-Id
X-Tumblr-Pixel-1
Backend
X-Detected-As
X-JoinUs
X-Content-Age
Meta-Geo
LB
X-Rewrite-Enabled
X-SaId
X-RN-RSRV
X-UPSTREAM-Address
X-Tid
X-Sorting-Hat-PodId
X-Debug-Cache
X-Hosted-By
Decoy-Debug-TTL
X-Zipkin-Id
Eomportal-Instance
X-Sorting-Hat-ShopId
X-Routing-Service
X-Sql-Duration-Ms
X-Shopify-Stage
X-Cache-Grace
X-Sql-Count
Decoy-Debug-Status
X-Proxied
X-ShopId
Apigw-Requestid
X-Region
X-ShardId
X-Alternate-Cache-Key
Url
X-Redis-Cache
X-Uri
X-Extlb
Decoy-Debug-Key
Country-Code
X-Cache-Server
X-Status
X-ApacheServer
X-Site-Version
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-PullZone
CDN-RequestCountryCode
Fastly-SSL
CDN-Uid
CDN-RequestId
Mn-Server-Ip
X-ServerID
X-Human
X-Forwarded-Host
X-Format
X-UA-Device-Type
X-Varnish-Beresp-Grace
X-Via-Fastly
X-FB-TRIP-ID
X-Microcachable
Cache-Name
X-NCache
X-PCL
X-No-Session
X-PHP-Backend
X-Origin-Date
X-OCL
X-PERF
X-Pubstack
X-ProxyCache-Status
X-Proxy-Build
X-ProxyCache-Key
X-Say-Cacheable
X-Storage
X-BYPASS-REASON
X-Cache-Host
X-Generated-By
X-Content-Powered-By
X-Cache-Type
X-Web-Node
X-Section
X-Say-TTL
Cache-Tv-Group
X-SayCDN-TTL
X-Access
X-Timing-Wait
X-Akamai-Edgescape
Selected-Fe
TWC-GeoIP-Country
X-Generation-Time
TWC-Locale-Group
TWC-Device-Class
TWC-Connection-Speed
X-Origin-Hint
Property-Id
TWC-Privacy
Webcakes-App-Name
X-Cluster-Node
X-Hl-Ver
X-NYM-Debug-Backend
X-Varnishpool
Section-Io-Cache
Webcakes-App-Version
Webcakes-Region
Retry-After
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
X-Soup
X-Server-W
X-LSADC-Cache
X-Nginx-Cache-Key
Content-Secure-Policy
X-Be
X-Webkit-CSP
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-InstanceId
X-NewRelic-App-Data
Azure-RegionName
X-TIME
X-Unique-Id
X-Cache-Remote
DB-Nickname
X-Ua
X-Azure-Ref-OriginShield
X-Cached-By
X-TT-LOGID
X-Platform-Server
X-Bc-Bl
OT-Force-Account-Verify
Cache
X-Xfnlog-Site
Source
X-Akamai-Transformed
X-Dc
X-Cache-Tags
X-GEO
X-Auto-Login
ServedBy
Upgrade-Insecure-Requests
X-Cdn
SRV
X-LAGOON
From-Origin
X-Origin-TTL
X-Origin-CC
HostName
Xet-Cookie
Mime-Version
X-AOL-HN
X-Varnish-Cache-Hits
X-Request-Time
Cache-Hits
X-TNCMS
X-Varnish-Hits
X-CSRF-Token
X-Loop
X-App-Version
X-HTML-Minification-Powered-By
X-NWS-UUID-VERIFY
X-Varnish-Hostname
WP-Super-Cache
X-SRV
X-EC-Lua
X-S-Maxage
X-Request-Host
X-Time
Webserver
X-ECache
Onion-Location
X-Xrds-Location
X-Cache-Enabled
Web-Mar-Node
X-B3-SpanId
X-Handled-By
X-FireWall-Port
X-Proto
S-Rt
N-Cache
X-Endurance-Cache-Level
Nel
X-Adobe-Source
X-Tumblr-Pixel-3
X-Correlation-ID
X-Tumblr-Pixel-2
X-Http-Reason
X-Akamai-Request-ID2
X-Tenant
X-RCS-CacheZone
X-Origin-Response-Time
X-Reqid
X-AWS-Id
X-A-Dam
X-TIM-N
X-V-Cache
X-Planisys-CDN-Rules
X-Destination
X-D
X-Epic-Correlation-Id
Vix-Hermes-Req-Id
X-SRCache-Key
X-Forwarded-Path
X-Slack-Backend
BehaviorPad-Version
X-A
X-A-Ccd
X-Vdms-Path
X-External-Request-Id
X-Developer
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-A-Wwc
X-Vtex-Processado-Em
X-Aed
X-Block-Status
X-Application
X-ARC
X-B-Cookie
X-A-Dgt
A
X-A-Dcw
X-Cluster
X-Shop-Environment
X-Conf
X-Ckpd-Fst-Backend
X-CF-Lambda-Version
X-Cache-NE
X-VG-WebCache
X-CF-Lambda-Fn
X-Connection-Hash
V-Age
Sslversion
X-Session-Fingerprint
Rendered-Blocks
DCR-Processing-Time-Ms
DCR-Decision-By
X-S
X-Ig-Push-State
X-Rojux
Redirect-Candidate
Pramga
Fastcgi-X-Cache-Version
X-NAPM-TraceId
X-ND-Cache
X-Processor
Odigeo-Trace-Id
Expiry
X-Orig-Expires
X-LJ-Flow-ID
X-S-Cookie
X-Gen-Mode
X-Amz-Meta-S3cmd-Attrs
X-ScT
X-SD-PageType
User-Cache-Control
X-Ftr-Request-Id
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-PBS-Appsvrname
X-VWS-Id
Mobile-Detection-Method
X-Hnp-Log
X-GG-Cache-Date
Surrogated-Key
X-PAYTM-SRV-ID
Meta-Geo-Continent
X-Mg-Request-UUID
Server-Info
X-MP-GENERATED-AT
X-Time-Microsecs
X-Magnolia-Registration
X-Edge-Location
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
True-Client-Country-4JS
X-Aicache-OS
Svr
Origin
Origin-EX
X-Accel-Expires-Debug
State
Origin-CC
Traceparent
X-Core-Mission
X-Rocket-Nginx-Serving-Static
X-Li-Pop
X-LI-UUID
X-Li-Fabric
X-Hash
X-GeoIP-Country-Code
X-Scheme
X-GeoIP-Region-Code
X-Request-URI
Host-ID
X-Old-Content-Length
X-Origin
X-Origin-Expires
X-Policy
X-NodeID
X-Proxy-Upstream
X-Men
X-Mvc-Supplant-Cachable
X-Geo-Header
X-Server-IP
X-VServer
X-Viewer-Country
X-VG-TLSProxy
X-Cache-Info
X-Cache-Date
X-Backend-TTL
X-Cache-Bucket
X-Webstats-RespID
X-Date
X-Device-Os
X-Fetched-On
X-Sucuri-Cache
X-Forwarded-Site
X-Sucuri-ID
X-SVT-ORM-RULES
X-Fastly-Cache
X-SVT-ORM-VERSION
X-Fastly-Backend
X-Cdn-Srv
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Arc-Country
CDCHOST
Cmsid
AKAMAI
Apple-News-Services-Handled
DSUID
Cmstype
X-Varnish-Ttl
X-Locale
Environment
X-Via-NSCOPI
CloudFront-Viewer-Country
X-Gdpr
X-Gamma-Serve
X-Eu-Site
X-Gzip
X-GeoIP-City
X-Esi-Check
X-GeoIP
X-Generated-On
X-Csrf-Jwt
X-Cache-Debug
X-Cache-Id
X-Branch-Name
X-BBC-Edge-Cache-Status
X-Backend-State
X-CGP
X-Core-Value
Fastly-Drupal-Html
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Envoy-Decorator-Operation
X-HN
X-Storefront-Renderer-Rendered
X-TH-Server
X-Skip-Cache
X-Sigma-Backend
X-Served-From
X-Sigma
X-Thinkindot-L3
X-TrackingId
X-FC-Vary-Parameters
X-Sn-Servicetimems
X-Cdn-Origin
X-VarnishDD-TTL
X-UnsetCookies
X-Varnish-Beresp-Status
X-Rocket-Build-Number
X-Req
X-Level-Front-Cache
X-Node-Id
X-Labrador-Cache-Channel
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Varnish-Beresp-Ttl
X-Nyt-Route
X-Origin-Time
X-RateLimit-Remaining-Second
X-Region-Sid
X-RateLimit-Limit-Second
X-Platform
X-Owner
X-PHP-Host
X-ATG-Version
X-Location
HA-Ipaddr
Thinkindot-CacheControl
TDXMobile
Locid
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-Control
L
CacheControlHeader
We-Hiring
Web-Mar-Region
L5d-Success-Class
Machine
Ssr
Ha-Gx-Prefs
Req-Svc-Chain
Release
Gh-Request-Id
Fastly-GeoIP-CountryCode
PFcat
Fastcgi-Cache-TTL
Mail-Subject
X-Tx-Id
X-Zone
X-DPWN-IS-SECURE
X-DefElseHash
X-DefHash
NM-Fastcgi-Cache
X-Cache-Var
X-Developers
X-Amzn-RequestId
Memcached
Magicmarker
Adler-Geo
Fastly-SIE
X-Amz-Apigw-Id
Is-Eu
Fastly-SWR
X-Cache-Var-Map
Platform
X-Response-By
X-Varnish-Remaining-TTL
X-Rebelmouse-Surrogate-Control
X-Varnish-CookieINHashed-On
X-Restarts
X-Varnish-CookieHashed-On
X-Variation
X-Rebelmouse-Cache-Control
X-Has-Esi
X-NU-AKA-ACS-Version
X-Loc
X-JWT-State
X-Is-Gdpr
X-Qloud-Router
X-Worker
Accept-Language
X-Ua-Device
X-Trace-ID
X-VC-Cache
X-Amzn-Remapped-Content-Length
X-Pod-Name
X-Cache-Backend
X-RPM
X-Action
X-RPS
NGX
X-DSS
AMP-Access-Control-Allow-Source-Origin
X-Wix-Viewer-Type
X-DW
Cf-Device-Type
X-DI
X-CS
X-RSL
X-DB
Edge-Cache
Kp-EeAlive
X-Mvc-Supplant-OutputCached
X-Request-Start
X-LB-ID
X-Up
CDN
X-NC
X-TraceId
X-Srv
X-Bip
X-Optimistic-Header
X-Generated-In
X-Minions-Version
X-CacheTTL
Pics-Label
X-LB-NoCache
Ms-Author-Via
X-Thanos
X-M-Log
X-Qnm-Cache
X-M-Reqid
X-Tb-Optimization-Total-Bytes-Saved
X-Urbn-Context-Path
Memory
Env
X-Urbn-Site-Id
X-API-Version
Locale
Time
X-Via-Poph
X-Via-Popv
X-Via-Popn
WebServer
X-DC
X-Refresh
X-Cache-Config
X-Tt-Logid
X-HA-Backend
X-Edge-Pop
Datacenter
X-Cache-Ttl
X-CACHE-KEY
X-Ec-GeoHdr
GeoIp-Country-Code
X-User
X-Ec-Fail
X-DynaTrace-JS-Agent
X-Parent-Response-Time
X-TA-CDN-Provider
X-Servedbyhost
Server-ID
X-Esi
NtCoent-Length
Candidate-Md5Url
X-Dynatrace
X-ZONE
X-MSEdge-Flight
X-MSEdge-Features
X-CLOUD-TRACE-CONTEXT
X-Cs
X-Vc
Cdncip
On-Server
X-AK-Request-ID
WWW-Authenticate
Cdnsip
X-TX-ID
X-Datadome
X-Clara-WADP
X-VCL-Version
X-WADP-Cache
Cluster
X-Varnish-Beresp-TTL
Esi-Enabled
My-App
X-Fmm-Version
X-Webkit-CSP-Report-Only
X-App
Geoip-Latitude
X-LI-Proto
Tracecode
X-CUA
X-Fpc
X-Traceid
X-Var-Ttl
X-Pass-Why
X-URL
Lfy
X-Webkit-Csp-Report-Only
X-Li-Proto
X-Unique-ID
C-Via
X-From
X-Service
T-Server
X-Cache-PHP
X-VC
DataCenter
Lang
X-B3-Spanid
X-Fragments
X-FPC
X-Newrelic-Synthetics
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
X-NODE
Test
X-Vcl-Version
Target-Params
Proxy-Connection
Geo-Info
X-Mcache
X-Render-Time
X-WP-CF-Super-Cache
M-TraceId
X-WP-CF-Super-Cache-Cache-Control
X-Cache-Status-Check
Resin-Trace
X-Provided-By
X-RAMCache
X-LiteSpeed-Cache-Control
Server-Id
X-CSRF-TOKEN
MIME-Version
GeoIP-Country-Code
Permissions-Policy
X-Ha-Backend
X-ID
Hostname
Hit
WZWS-RAY
X-ServedByHost
X-Proxy-Cache-Info
X-Httpd
X-Clientip
Servername
X-Api-Version
X-Dynatrace-Js-Agent
X-Geo
X-Cdn-Forward
X-Via-PopH
X-Via-PopV
X-Via-PopN
Producers
X-Pad
FSS-Cache
X-RateLimit-Reset
X-Edge-POP
X-SB
X-Platform-Processor
X-Platform-Router
X-Edge-Cache
X-Fastly-Backend-Reqs
X-Pool
X-Platform-Cluster
X-NGINX-Cache
Cache-Host
UCS
X-LiteSpeed-Tag
X-Oss-Hash-Crc64ecma
HIT
X-Oss-Storage-Class
X-Oss-Object-Type
X-Udemy-Cache-App-Namespace
X-Oss-Request-Id
X-Oss-Server-Time
ENV
X-AIR-PT
S-Cnection
X-Ec-Custom-Error
X-Scale
X-Ucs
X-Info
X-ElasticPress-Query
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Cache-CFC
X-Lb-Nocache
X-Acquia-Application-Trace
ServerName
PICS-Label
X-Dispatcher-Number
X-Acquia-Site
X-Cache-Expires
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-HS-Status
X-BBC-Origin-Response-Status
URI
Cneonction
Sever-Int
X-Check-Cacheable
MD5-Digest
X-UP
X-GoCache-CacheStatus
Uri
Server-Ext
Server-Hostname
Ohc-File-Size
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Micro-Cache
Server-Ttl
Cteonnt-Length
X-Cdn-Request-ID
IsBot
X-Nc
X-SIPLIST1
X-Via-Ucdn
X-Fastly-Cache-Hits
Fastly-Backend-Name
Tcn
X-Swift-Error
X-Release
User-Agent
X-Lb-Id
X-UA
X-Dw-Trace-Id
Cf-Ipcountry
X-Yottaa-OS
X-Newrelic-App-Data
X-Snapshot-Date
X-Akamai-ERPolicy
Vha6-Origin
X-Akamai-ERRuleID
Ngx
X-Backend-Host
Wpo-Cache-Status
CF-Cached-On
Wpo-Cache-Message
X-Vcache
X-B3-ParentSpanId
X-Cms-Context
Load-Balancing
X-ServerName
X-Air-Pt
X-Cache-Ngx
Sid
X-HostName
GeoIP-Latitude
X-Apw-Access-Token
X-Via-CDN
X-Apw-Access-Object
X-Fetch-By
X-Akamai-Pragma-Client-IP
X-Apw-Hits
X-CacheKey
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
X-IN-APIGATEWAY
X-B3-Parentspanid
Shield-Pop
X-Te-Duration-Ms
X-APP
X-Logging-Id
X-Te-Count
X-Http-Duration-Ms
X-Contensis-Viewer-Groups
X-BCube-Filmed-By
X-Http-Count
X-Last-Modified
X-Sentry-ID
EpKe-Alive
Req-ID
X-Apw-Access-Action
X-Akamai-Request-ID
X-Cache-ASPX
X-Varnish-Authentication
CountryCode
X-Shopify-Generated-Cart-Token