Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-CDN
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Server
X-Robots-Tag
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
X-Akamai-Path-Stats
Grace
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Cache-Spec
X-Page-Speed
X-Host
X-Node
X-CST
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
Accept-CH-Lifetime
X-Url
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Mod-Pagespeed
X-MS-InvokeApp
X-Rack-Cache
X-Vname
X-PC
X-TtlSet
X-Server-Name
X-Clacks-Overhead
RTSS
Edge-Control
X-Ruxit-JS-Agent
X-Varnish-TTL
X-VARITI-CCR
Cache-Tag
X-Content-Type
X-B3-TraceId
Accept-Ch
X-Vcap-Request-Id
X-ESI
X-Amz-Server-Side-Encryption
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Amz-Rid
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cnection
X-Px
X-Ac
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
X-Navigation-Version
Verso
X-Abt-Application-Version
X-Client-IP
X-Edge
X-Powered-By-Plesk
X-Cache-TTL
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Ser
X-Version
Service-Worker-Allowed
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-Ruxit-Js-Agent
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
X-Goog-Hash
X-Correlation-Id
Access-Control-Request-Method
X-Kinsta-Cache
SPRequestDuration
X-Webkit-Csp
SPIisLatency
X-Edge-Location-Klb
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-TTL
AR-SID
AR-CACHE
X-Ttl
X-Upstream
X-NWS-LOG-UUID
X-RateLimit-Limit
X-LLID
X-Kraken-Loop-Name
X-Cached
X-Server-Lifecycle-Phase
X-Instrumentation
X-Powered-CMS
SPRequestGuid
X-SharePointHealthScore
X-Cache-Key
Edge-Cache-Tag
X-Litespeed-Cache
Nginx-Cache
TCN
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-MSEdge-Ref
Content-MD5
Mrf-Cache-Status
MRF-Tech
X-Id
X-Shield-Request-Id
X-Daa-Tunnel
X-B3-TraceId-Primal
X-T
MS-Author-Via
X-Recruiting
S
X-Content-Digest
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ua-Device
X-Mg-S
X-Protected-By
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Accel-Expires
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ezoic-Cdn
X-Content
X-Ab
MicrosoftSharePointTeamServices
X-Frontend
X-Ua-Browser
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-ECACHE
X-Request-Processing-Time
Front-End-Https
X-Request-Received
X-Grace
X-DataDome
Server-Node
X-Yandex-Sdch-Disable
Filters
X-Server-ID
X-DynaTrace
X-Mid
X-PressLabs-Stats
Fastcgi-Cache
TP-Cache
TP-L2-Cache
X-Geo-Country
X-Origin-Server
X-Hits
X-Distributor
X-Debug-Info
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Microsite
X-Ratelimit-Reset
X-Amzn-Trace-Id
Cross-Origin-Opener-Policy
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Git-Hash
Charset
X-ORACLE-DMS-RID
X-DIS-Request-ID
Cleartype
X-F-Cache
Host
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-B3-Sampled
X-Page-Id
X-WebKit-CSP-Report-Only
X-LB-Cache
X-Www-Served-By
X-Cache-Age
Access-Control-Allow-Method
X-Forwarded-Proto
ServerID
X-Seen-By
Cache-Status
X-Activity-Id
X-Az
X-AppVersion
Cache-Tags
X-Cluster-Name
X-Aspnetmvc-Version
Accept-Charset
Realpath
X-Varnish-Age
X-Language
Filterid
X-Oracle-Dms-Ecid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Oracle-Dms-Rid
X-MCACHE
X-Rid
X-Type
X-Nginx-Upstream-Cache-Status
Server-Name
X-Content-Options
X-App-Environment
Country
X-Varnish-Grace
X-Origin-Cache
X-Tb
X-Cdn
X-NWS-UUID-VERIFY
Viewport
X-Fastly-Request-ID
Retry-After
X-Upgrade-Enabled
X-B-Cache
X-Mobile-URL
X-Signature
Node
X-FB-Debug
X-Drupal-Cache-Tags
X-Flags
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-Route-Name
X-Wix-Request-Id
X-Whom
X-Goog-Stored-Content-Length
X-Providence-Cookie
X-Is-Crawler
DC
Paypal-Debug-Id
X-Request-Guid
X-Aspnet-Duration-Ms
X-User-Agent
X-TT
X-Varnish-Backend
X-VCache
Protected
Fastcgi-Useragent
X-Oneagent-Js-Injection
X-XRDS-LOCATION
X-Via-JSL
X-B
X-N
X-Debug
X-Cache-NGX
X-Fastcgi-Cache
X-Amz-Replication-Status
X-Contextid
Payment
X-Logged-In
X-Mcache
X-XRDS-Location
WPO-Cache-Status
WPO-Cache-Message
X-Load-Cache
X-Fastly-Request-Id
Surrogate-Key
X-Template
Amp-Access-Control-Allow-Source-Origin
X-FW-Dynamic
X-Cache-Control
X-FW-Hash
Count-Hit
X-FW-Type
X-Amz-Meta-S3cmd-Attrs
X-FW-Static
X-FW-Serve
X-FW-Server
X-Node-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Hostname
Healthy
Permissions-Policy
X-G
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
Content-Disposition
X-Mobile
Akamai-GRN
X-Jobs
X-Revision
X-UUID
X-Cache-Time
X-Proxy
Refresh
Uber-Trace-Id
X-Trace-Id
X-Cache-TTL-Remaining
X-Is-Bot
X-Akamai-Request-ID2
X-Rendered-As
X-Zen-Fury
X-Cacheable-TTL
X-Page-View
X-Http-Reason
X-Framework
X-Proxy-Cache-Status
X-Adobe-Content
X-Real-IP
Access-Control-Request-Headers
X-Adobe-Loc
X-Instance
NGB
X-Debug-IsConnected
X-Yottaa-Metrics
VIX-Pulpo-Node
X-Yottaa-Optimizations
X-Debug-IsPreview
Alternate-Protocol
X-Drupal-Cache-Contexts
VIX-Pulpo-Upstream-Status
Url
X-Servername
X-Device-Type
X-Cache-Grace
X-IPLB-Instance
X-ECache
X-Cache-Rule
X-B3-Traceid
Version
X-Source
From-Origin
X-Varnish-Server
X-Mg-Request-UUID
X-L-Path
X-Environment-Context
X-Restarts
X-Parallel-Accel
X-Vgn-Hpd-Reason
X-NGENIX-Cache
X-Cache-Hit
X-EdgeConnect-Cache-Status
Accept-Language
X-Cache-Expired-At
X-RTag
X-Datadome
Ms-Operation-Id
MS-CV
Countrycode
Referer-Policy
X-App-Server
Frame-Options
X-HTML-Minification-Powered-By
X-NYM-Debug-Backend
X-FW-Version
Backend
Liferay-Portal
X-Tumblr-Pixel
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-APP-VERSION
X-COUNTRY
X-Cache-Action
X-Nginx-Cache
Content-Secure-Policy
X-ProcessESI
X-RemovedCookies
Section-Io-Cache
Upgrade-Insecure-Requests
CF-IPCountry
WP-Super-Cache
Meta-Geo
Cache-Tv-Group
X-RN-RSRV
X-UPSTREAM-Address
X-Redis-Cache
X-Content-Age
X-Hosted-By
Ec-Rule-Version
Azure-Version
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-RegionName
X-Cache-Server
X-FB-TRIP-ID
X-Format
X-Detected-As
X-Varnish-Cache-Hits
X-Region
X-Say-TTL
X-Say-Cacheable
X-Generation-Time
X-Request-Time
X-PCL
X-OCL
X-Web-Node
X-Human
X-Cache-Enabled
X-Cache-Type
X-AOL-HN
X-SayCDN-TTL
X-Access
X-Ua
X-Section
X-UA-Device-Type
X-Storage
Apigw-Requestid
X-Sql-Duration-Ms
X-Via-Fastly
X-Server-W
X-Uri
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Site-Version
X-Sql-Count
X-Nginx-Cache-Key
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
S-Rt
TWC-Connection-Speed
TWC-Device-Class
Mn-Server-Ip
Webcakes-Region
Property-Id
X-No-Session
X-Origin-Hint
X-Generated-By
X-Cluster-Node
X-Akamai-Edgescape
Locale
Fastly-SSL
X-PHP-Backend
TWC-Locale-Group
X-Mode
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Xfnlog-Site
X-ShardId
X-Hyper-Cache
CDN-RequestCountryCode
X-Content-Powered-By
CDN-CachedAt
X-Debug-Cache
CDN-EdgeStorageId
X-Alternate-Cache-Key
CDN-PullZone
X-Forwarded-Host
CDN-RequestId
X-ApacheServer
X-Platform-Server
X-Midtier
X-ProxyCache-Key
X-ProxyCache-Status
Eomportal-Instance
X-Adobe-Source
X-PERF
X-Status
X-Cache-Host
CDN-Uid
X-Ratelimit-Remaining
X-BYPASS-REASON
X-Be
X-Origin-Date
CDN-Cache
X-NewRelic-App-Data
X-Tid
X-Cache-Tags
X-Proxied
X-SaId
X-Routing-Service
X-JoinUs
X-Unique-Id
X-Handled-By
X-Zipkin-Id
X-Extlb
X-Varnishpool
X-Labrador-Cache-Channel
X-Locale
X-GG-Cache-Date
Webserver
X-PHP-Host
Selected-Fe
X-Proxy-Build
X-Timing-Wait
X-TT-LOGID
X-Backend-Name
X-Hl-Ver
X-Cache-Operation
X-ServerID
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
ServedBy
X-VC-Cache
X-Rule
X-Edge-Location
X-Storefront-Renderer-Rendered
X-LSADC-Cache
X-Cms-Context
X-Cache-Remote
X-Soup
X-Accel-Buffering
SID
X-Cached-By
X-Rewrite-Enabled
Fastly-Drupal-Html
SRV
Web-Mar-Node
Mime-Version
X-Dc
X-Proto
X-GEO
X-GeoCountry
Onion-Location
X-CDN-Forward
Xserver
X-GeoCode
Load-Balancing
X-TA-CDN-Provider
X-Pubstack
X-Varnish-Hostname
Cache-Hits
Country-Code
X-App-Version
X-Buckets
X-Reqid
X-Microcachable
X-Request-Host
X-Origin-CC
X-Origin-TTL
Decoy-Debug-Key
Decoy-Debug-TTL
X-Ratelimit-Limit
Decoy-Debug-Status
LB
X-Cluster
Server-Info
X-Varnish-Hits
Xet-Cookie
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-SRV
X-Ms-Version
X-Envoy-Decorator-Operation
X-Ms-Request-Id
X-MP-GENERATED-AT
X-Magnolia-Registration
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-SpanId
X-CSRF-Token
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-NCache
Cache
X-Endurance-Cache-Level
X-Tx-Id
DB-Nickname
X-RCS-CacheZone
DynaTrace
X-Bc-Bl
A
X-Geo-Header
X-Origin-Response-Time
X-External-Request-Id
X-PBS-Appsvrname
X-PAYTM-SRV-ID
BehaviorPad-Version
Cdncip
DCR-Decision-By
DCR-Processing-Time-Ms
Cmstype
Cmsid
Cdnsip
X-Esi-Check
X-Epic-Correlation-Id
Xc-Version
X-Cache-Bucket
X-Rojux
X-Cache-Id
X-Cache-NE
X-Cache-Info
X-Processor
X-Forwarded-Path
X-SVT-ORM-VERSION
X-B-Cookie
X-Ec-GeoHdr
X-Ec-Fail
X-Ec-Custom-Error
X-Rocket-Build-Number
X-Orig-Expires
Odigeo-Trace-Id
X-A-Dam
X-A-Dcw
X-A-Dgt
X-NAPM-TraceId
X-A-Wwc
X-A-Ccd
X-A
Surrogated-Key
T-Server
Sslversion
Rendered-Blocks
Pramga
X-Ig-Push-State
Mobile-Detection-Method
Meta-Geo-Continent
X-ARC
X-Application
Fastly-GeoIP-CountryCode
Fastcgi-X-Cache-Version
Expiry
X-Gzip
X-AK-Request-ID
X-Aed
X-HS-Content-Campaign-Id
MD5-Digest
X-Node-Id
Lang
Host-ID
X-Hash
X-Device-Os
X-Fetched-On
X-Vdms-Path
X-Vdms-Version
X-D
X-SD-PageType
X-Varnish-Beresp-Grace
X-Ftr-Request-Id
X-S-Cookie
X-VG-WebCache
X-Time
X-From
X-CF-Lambda-Version
X-S
X-Session-Fingerprint
X-Shop-Environment
X-Core-Mission
X-TIM-N
X-SRCache-Key
X-SVT-ORM-RULES
X-Tenant
X-Connection-Hash
X-Conf
X-Sigma
X-Sigma-Backend
X-User
X-TrackingId
X-Destination
X-ScT
X-Vtex-Remote-Cache
X-Cdn-Srv
X-Webstats-RespID
X-Developer
X-Vtex-Processado-Em
X-CF-Lambda-Fn
Cache-Name
X-Varnish-Ttl
X-R9-Blue-Green-Version
X-ZONE
Source
NM-Fastcgi-Cache
X-Skip-Cache
X-TNCMS
X-JWT-State
Origin-EX
X-Core-Value
X-Is-Gdpr
Origin-CC
Origin
Traceparent
X-Hnp-Log
X-NodeID
X-Gdpr
L
Machine
X-V-Cache
X-WADP-Cache
Memcached
CDN
Platform
Producers
Thinkindot-Control
Ssr
X-Developers
Web-Mar-Region
State
X-Thinkindot-L3
Thinkindot-CacheControl
TDXMobile
X-LAGOON
X-Wix-Viewer-Type
Wxu-Next-Commit
Server-Host
X-Variation
X-Rocket-Nginx-Serving-Static
Release
Thinkindot-CacheControl-Type
Req-Svc-Chain
Wxu-Next-Region
Wxu-Next-Hostname
X-Loc
X-Location
X-Loop
X-Slack-Backend
X-Has-Esi
AKAMAI
Apple-News-Services-Handled
Adler-Geo
X-DPWN-IS-SECURE
X-Cache-Backend
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Ckpd-Fst-Backend
X-Origin
X-Origin-Expires
X-Dispatcher-Number
Apple-News-Services-Request-Url
X-Origin-Time
X-VG-TLSProxy
X-Pool
X-DefHash
X-Planisys-CDN-TTL
X-BBC-Edge-Cache-Status
X-Block-Status
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-VServer
X-Fmm-Version
X-DefElseHash
X-Azure-Ref
CloudFront-Viewer-Country
User-Cache-Control
Environment
X-Nyt-Route
X-Scheme
X-Worker
X-Varnish-CookieINHashed-On
X-Served-From
X-Server-IP
X-Amzn-Remapped-Content-Length
X-Cache-Date
X-Clara-WADP
Is-Eu
X-Gen-Mode
X-Varnish-CookieHashed-On
X-SB
X-Varnish-Remaining-TTL
X-Fastly-Cache
V-Age
X-Aicache-OS
X-HN
X-Forwarded-Site
We-Hiring
X-GeoIP
X-Gamma-Serve
X-Cdn-Origin
X-Branch-Name
X-CacheTTL
X-Auto-Login
X-Generated-On
Vix-Hermes-Req-Id
X-GeoIP-City
X-Httpd
X-Qloud-Router
X-Pod-Name
X-Proxy-Cache-Info
X-Proxy-Upstream
X-RateLimit-Limit-Second
CDCHOST
Cluster
Fastly-SIE
Fastcgi-Cache-TTL
DSUID
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-VarnishDD-TTL
X-Via-NSCOPI
X-Viewer-Country
X-Via-Ucdn
X-Sn-Servicetimems
X-SIPLIST1
X-Irp-Debug
X-Region-Sid
X-Request-URI
Fastly-SWR
X-Rebelmouse-Surrogate-Control
NGX
N-Cache
Redirect-Candidate
X-Mvc-Supplant-Cachable
X-Minions-Version
Server-Hostname
X-Level-Front-Cache
PFcat
Mail-Subject
Sever-Int
Kp-EeAlive
IsBot
Svr
Locid
Server-Ext
X-IPLB-Request-ID
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Ha-Gx-Prefs
X-Csrf-Jwt
X-Datadog-Parent-Id
X-WP-CF-Super-Cache-Cache-Control
X-Eu-Site
X-WP-CF-Super-Cache
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-CGP
X-Scale
L5d-Success-Class
X-Platform
X-Optimistic-Header
HA-Ipaddr
Gh-Request-Id
X-Policy
Arc-Country
X-Men
HostName
X-EC-Lua
Ohc-File-Size
X-Refresh
Pics-Label
X-Response-By
X-Parent-Response-Time
X-Old-Content-Length
X-Srv
X-Owner
X-CS
X-NC
X-Udemy-Cache-App-Namespace
X-Newrelic-Synthetics
Cache-Key
X-BCube-Filmed-By
Candidate-Md5Url
X-Ad-Defer-Variation
X-RSL
X-Wikidot-Static-Cache
X-RPM
X-LB-NoCache
X-RPS
X-Wikidot-Backend
Env
Time
X-DB
X-Tt-Logid
Memory
X-Tb-Optimization-Total-Bytes-Saved
X-Ah-Environment
X-DI
Datacenter
X-TraceId
Servername
X-DSS
X-DW
Ms-Author-Via
X-VC
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
X-TIME
X-Contensis-Viewer-Groups
X-Cache-ASPX
CPC-Cache
X-SplitTest
X-Date
XM
CPC-Age
VNS-Cache
VNS-Age
GEO-INFO
X-Accel-Expires-Debug
X-Amz-Meta-Cb-Modifiedtime
X-GeoIP-Country-Code
Fastly-Backend-Name
X-Edge-Pop
X-Cache-Status-Check
X-WA-Info
X-GeoIP-Region-Code
X-Varnish-Authentication
X-Mvc-Supplant-OutputCached
X-Webkit-CSP
X-Xrds-Location
GeoIp-Country-Code
X-Servedbyhost
X-Cache-Debug
Path
X-Generated-In
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Micro-Cache
X-AIR-PT
X-S-Maxage
X-HA-Backend
ITXSESSIONID
X-CACHE-KEY
X-API-Version
Lb
Fusion-Source
Fusion-Template-Id
X-Trace-ID
Fusion-Deployment-Id
X-Vc
Fusion-Content-Source
X-DC
Fusion-Component-Id
Fusion-Content-Id
Geo-Info
X-RateLimit-Reset
Ohc-Cache-HIT
X-VCL-Version
CacheControlHeader
Client
True-Client-Country-4JS
Server-ID
Cache-Host
X-TH-Server
Ngx.Var.Host
X-Action
Geoip-Latitude
Hostname
X-VHOST
X-Cs
X-Backend-TTL
True-Client-IP
X-Proxy-CacheRZ
XkeyRZ
X-Api-Version
FSS-Cache
X-Clientip
X-Varnish-Beresp-TTL
X-Presslabs-Stats
Edge-Cache
X-Req
X-Fpc
X-FireWall-Port
Powered-By
My-App
X-Webkit-Csp-Report-Only
X-Zone
X-TX-ID
X-Provided-By
X-PX
X-Varnish-Beresp-Ttl
X-Traceid
X-B3-Spanid
X-Pass-Why
X-CSRF-TOKEN
X-Origin-Upstream-Status
NtCoent-Length
X-FPC
Test
X-MSEdge-Features
X-MSEdge-Flight
X-Up
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-INCAP-ABP
X-Dmc
X-Cdn-Request-ID
X-Render-Time
X-LB-ID
X-Correlation-ID
X-Beluga-Cache-Status
User-Agent
X-Webkit-CSP-Report-Only
X-HS-Status
Rip
C-Via
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Response-Time
X-Beluga-Record
Server-Id
DataCenter
X-Beluga-Node
X-Esi
X-UnsetCookies
OT-Force-Account-Verify
Srvid
X-Li-Fabric
Tube-Got-Eval
Tube-Return
X-Service
Tube-Got-Results
Proxy-Connection
Click-Count-Action-Start
Click-Count-Error
X-LI-UUID
Tube-Get-Contents
X-Vcl-Version
X-Li-Pop
X-M-Reqid
Uri
X-M-Log
X-Ha-Backend
X-Via-PopH
GeoIP-Latitude
X-Time-Microsecs
X-Via-PopN
X-Gateway-Skip-Cache
Esi-Enabled
X-Via-PopV
X-Gateway-Cache-Status
X-Alfa-Service
X-URL
X-Gateway-Cache-Key
X-ND-Cache
X-Gateway-Request-Id
X-RAMCache
X-Qnm-Cache
WZWS-RAY
X-Dynatrace
X-DynaTrace-JS-Agent
HIT
Sid
X-ServedByHost
GeoIP-Country-Code
X-CUA
Resin-Trace
On-Server
MIME-Version
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-ATG-Version
Tracecode
Cf-Device-Type
X-Geo
Epwk-X-Cache
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Proxy-Cache-Hk
X-Fragments
Target-Params
Srv
X-LI-Proto
X-Platform-Router
X-Platform-Processor
X-Fetch-By
X-Platform-Cluster
X-Cdn-Forward
X-TRACE-ID
Fastly-Drupal-HTML
X-Sucuri-ID
X-Sucuri-Cache
X-Fastly-Backend-Reqs
X-Fastly-Backend
X-Var-Ttl
Lfy
X-Backend-Host
X-APP
X-FC-Vary-Parameters
Tcn
Cdn
X-Azure-Ref-OriginShield
X-B3-Traceid-Primal
Section-Io-Origin-Time-Seconds
ENV
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
X-Varnish-Beresp-Status
ServerName
X-Cache-Expires
X-Edge-POP
X-App
X-Lb-Nocache
XServer
X-Srcache-Fetch-Status
X-LiteSpeed-Cache-Control
X-Srcache-Store-Status
X-MG-S
X-Yottaa-OS
Inserted-Into-Cache-At
PICS-Label
X-NU-AKA-ACS-Version
Magicmarker
X-Backend-State
X-ElasticPress-Query
X-Newrelic-App-Data
X-Li-Proto
CF-Cached-On
X-Edge-Origin-Shield-Bytes
M-TraceId
X-Edge-Origin-Shield-Region
D-Url-Rewrites
X-CF-Powered-By
X-Acquia-Site
Server-Ttl
X-Acquia-Purge-Tags
X-HostName
Wpo-Cache-Status
X-Nc
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Wpo-Cache-Message
WebServer
Cf-Ipcountry
X-Iplb-Instance
X-Vcache
X-Iplb-Request-Id
X-Serial
Warning
Servedby
Fastcgi-Cache-Ttl
Hit
Vha6-Origin
X-Wp-Cf-Super-Cache
X-Vercel-Id
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Cache
X-Fastly-Cache-Hits
X-Cache-CFC
CountryCode
X-Release
X-BBC-Origin-Response-Status
X-Request-URL
X-Dw-Trace-Id
Content-Script-Type
X-Th-Server
X-Back
Content-Style-Type
X-Dist-Code
X-Request-Url
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Storefront-Renderer-Verified
X-Request-Start
X-Litespeed-Cache-Control
X-Snapshot-Date
Ngx
Cneonction
X-B3-Parentspanid