Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-Request-ID
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Report-To
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Age
X-Backend
X-UA-Device
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Server
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
NEL
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Ua-Compatible
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Accept-CH
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-B3-TraceId
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Country
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Cache-Lookup
X-Trace
X-Url
Allow
X-Content-Type
X-Ac
X-PC
X-Vname
X-TtlSet
X-Aws-Lambda-Call-Status
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-Server-Name
Fastly-Restarts
X-Mod-Pagespeed
X-ESI
Cache-Tag
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-FastCGI-Cache
Verso
X-Element-Page-Cache
MS-Author-Via
X-Vcap-Request-Id
X-Upstream
X-Amz-Rid
X-MS-InvokeApp
Public-Key-Pins
X-GitHub-Request-Id
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-Cache-TTL
X-Abt-Application-Version
X-D2id
RTSS
X-Cnection
X-Px
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Navigation-Version
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Country-Code
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-TTL
Pagespeed
X-Sol
Display
X-Middleton-Display
AR-PoweredBy
AR-Request-ID
AR-CACHE
AR-ATIME
AR-SID
X-Powered-CMS
X-Version
X-Origin-Cache
X-Middleton-Response
Response
X-LLID
X-MSEdge-Ref
X-CST
Nginx-Cache
TCN
X-Kinsta-Cache
X-RateLimit-Remaining
X-Edge-Location-Klb
X-Amz-Server-Side-Encryption
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Edge
X-Protected-By
X-SRCache-Store-Status
X-T
X-SRCache-Fetch-Status
X-Forwarded-For
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Mg-S
X-Aspnetmvc-Version
X-Id
X-Language
Edge-Cache-Tag
S
Content-MD5
SPIisLatency
SPRequestDuration
X-Ruxit-Js-Agent
Front-End-Https
Fastcgi-Cache
X-Mid
Realpath
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Frontend
Filters
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Recruiting
Server-Name
X-Cache-Key
X-Ua-Browser
X-Content
X-Ab
X-Ser
X-NWS-LOG-UUID
X-Correlation-Id
X-MCACHE
X-Template
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-DynaTrace
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Ezoic-Cdn
X-SharePointHealthScore
SPRequestGuid
X-ECACHE
X-Hits
X-Parallel-Accel
X-Kong-Upstream-Latency
X-Ttl
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
X-Page-Id
Charset
X-B3-Sampled
Cleartype
Host
X-Daa-Tunnel
X-Git-Hash
X-Www-Served-By
X-Debug-Info
X-Geo-Country
Alternate-Protocol
X-Content-Options
Accept-Ch
X-DIS-Request-ID
X-Ratelimit-Limit
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-Content-Digest
X-Hostname
X-Amzn-Trace-Id
Cross-Origin-Opener-Policy
Filterid
X-Amz-Replication-Status
X-Varnish-Age
X-DataDome
X-Grace
X-FB-Debug
X-F-Cache
X-Az
ServerID
X-Activity-Id
X-AppVersion
X-Upgrade-Enabled
X-VCache
X-Nginx-Upstream-Cache-Status
X-N
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-Rid
X-Fastly-Request-Id
X-Mobile-URL
X-Forwarded-Proto
X-Route-Name
X-Request-Guid
X-Aspnet-Duration-Ms
X-Flags
Access-Control-Allow-Method
X-Is-Crawler
X-Origin-Server
X-Providence-Cookie
X-Server-ID
X-Type
X-LB-Cache
X-Seen-By
X-TT
X-Whom
X-Goog-Stored-Content-Encoding
Viewport
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
Payment
X-Tb
X-App-Environment
X-GUploader-UploadID
X-Varnish-Grace
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Distributor
X-User-Agent
Fastcgi-Useragent
Node
DC
Paypal-Debug-Id
X-Ratelimit-Reset
X-Wix-Request-Id
TP-Cache
Country
TP-L2-Cache
Accept-Charset
X-XRDS-LOCATION
X-Fastly-Request-ID
X-App-Server
X-Litespeed-Cache
X-Cache-Rule
X-Webkit-Csp
X-Tec-Api-Origin
X-Cache-Control
X-Tec-Api-Version
X-Tec-Api-Root
X-NGENIX-Cache
X-Via-JSL
X-Cluster-Name
X-Fastcgi-Cache
Version
X-Drupal-Cache-Tags
X-Cache-Age
X-Contextid
X-B-Cache
X-Signature
X-Request-Handler-Origin-Region
X-Microsite
X-Buckets
Referer-Policy
X-Oracle-Dms-Ecid
Amp-Access-Control-Allow-Source-Origin
X-Origin-Upstream-Status
Cache-Status
X-Oracle-Dms-Rid
X-Node-Name
X-Logged-In
Refresh
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Original-Request-Id
X-Erf-Bev-Bev
X-Mobile
X-Response-Served-From
VIX-Pulpo-Node
X-Real-IP
X-Rendered-As
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-Page-View
X-Jobs
X-Is-Bot
X-Load-Cache
X-IPLB-Instance
X-B
X-Varnish-Backend
NGB
X-Cacheable-TTL
Access-Control-Request-Headers
X-ProcessESI
X-Debug
X-Proxy-Cache-Status
X-RemovedCookies
X-Revision
X-Instance
X-Proxy
X-UUID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Device-Type
X-Rule
X-Cache-Action
X-Drupal-Cache-Contexts
X-Framework
Surrogate-Key
X-G
Akamai-GRN
X-FW-Version
X-Debug-IsPreview
X-Debug-IsConnected
X-Cache-Time
CF-IPCountry
SID
X-Accel-Buffering
X-Presslabs-Stats
GEO-INFO
X-Ua-Device
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Oneagent-Js-Injection
X-Cache-NGX
Count-Hit
Uber-Trace-Id
X-APP-VERSION
X-Cache-Operation
X-Source
X-Azure-Ref
X-Ms-Request-Id
X-Nginx-Cache
X-Zen-Fury
X-Ms-Version
X-XRDS-Location
DynaTrace
X-EdgeConnect-Cache-Status
Protected
Liferay-Portal
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Frame-Options
X-PressLabs-Stats
X-Trace-Id
WPO-Cache-Status
Ms-Operation-Id
WPO-Cache-Message
MS-CV
X-CDN-Forward
X-RTag
X-Servername
X-Cache-Hit
Healthy
X-Hyper-Cache
Ec-Rule-Version
X-Backend-Name
Cross-Origin-Window-Policy
X-Cache-TTL-Remaining
X-IPS-LoggedIn
Countrycode
X-RateLimit-Limit
Xserver
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-L-Path
X-Mode
X-Environment-Context
X-Varnish-Server
X-Adobe-Content
Backend
X-Adobe-Loc
X-Ratelimit-Remaining
Content-Disposition
Meta-Geo
LB
X-RN-RSRV
X-Detected-As
X-JoinUs
X-Rewrite-Enabled
X-SaId
X-Content-Age
X-Tid
X-UPSTREAM-Address
X-Debug-Cache
X-Cache-Server
X-Cache-Grace
X-Extlb
X-Generation-Time
X-Shopify-Stage
X-Hosted-By
X-Alternate-Cache-Key
X-Format
X-Zipkin-Id
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Eomportal-Instance
Country-Code
Apigw-Requestid
X-Sorting-Hat-PodId
X-Uri
Url
X-Routing-Service
X-Redis-Cache
X-ShopId
X-Sorting-Hat-ShopId
X-ShardId
X-Proxied
X-Region
X-Sql-Count
X-Sql-Duration-Ms
X-Section
CDN-PullZone
CDN-RequestCountryCode
X-TIME
CDN-RequestId
CDN-CachedAt
X-Varnish-Beresp-Grace
X-Access
X-PCL
X-Status
X-ApacheServer
CDN-Cache
Cache-Name
CDN-EdgeStorageId
CDN-Uid
X-NCache
X-Forwarded-Host
X-Site-Version
X-No-Session
X-OCL
X-UA-Device-Type
X-Origin-Date
X-PERF
X-Microcachable
Fastly-SSL
X-Via-Fastly
X-ServerID
X-FB-TRIP-ID
X-PHP-Backend
X-Human
Mn-Server-Ip
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Generated-By
Property-Id
TWC-Connection-Speed
TWC-Device-Class
X-BYPASS-REASON
X-Pubstack
X-NYM-Debug-Backend
X-Akamai-Edgescape
X-Say-Cacheable
X-Proxy-Build
X-ProxyCache-Status
X-Say-TTL
X-Server-W
X-Web-Node
X-ProxyCache-Key
X-Content-Powered-By
X-Cluster-Node
X-Storage
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Timing-Wait
X-SayCDN-TTL
X-Cache-Type
X-Origin-Hint
X-Cache-Host
TWC-Privacy
Selected-Fe
Cache-Tv-Group
X-Soup
X-Varnishpool
X-R9-Blue-Green-Version
Retry-After
Section-Io-Cache
X-Hl-Ver
X-Be
Azure-RegionName
Content-Secure-Policy
X-Nginx-Cache-Key
X-LSADC-Cache
Azure-SiteName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Ua
X-NewRelic-App-Data
X-Webkit-CSP
X-Cache-Remote
DB-Nickname
X-Unique-Id
X-Cached-By
OT-Force-Account-Verify
X-Dc
X-Platform-Server
X-Bc-Bl
X-Azure-Ref-OriginShield
Source
X-Akamai-Transformed
X-Xfnlog-Site
X-Auto-Login
Cache
X-TT-LOGID
X-GEO
X-Cache-Tags
Upgrade-Insecure-Requests
ServedBy
From-Origin
SRV
X-Cdn
X-LAGOON
X-Varnish-Cache-Hits
X-Origin-CC
X-Origin-TTL
Mime-Version
X-Request-Time
Xet-Cookie
X-AOL-HN
Cache-Hits
X-Varnish-Hits
X-TNCMS
X-Loop
X-NWS-UUID-VERIFY
X-Varnish-Hostname
HostName
X-HTML-Minification-Powered-By
X-SRV
X-Request-Host
Onion-Location
X-EC-Lua
X-S-Maxage
WP-Super-Cache
Webserver
X-CSRF-Token
X-FireWall-Port
X-Xrds-Location
X-ECache
Web-Mar-Node
X-Cache-Enabled
X-Tumblr-Pixel-3
X-Handled-By
X-Tumblr-Pixel-2
X-App-Version
X-Proto
X-Endurance-Cache-Level
S-Rt
X-Time
X-B3-SpanId
N-Cache
X-Http-Reason
X-Adobe-Source
Nel
X-Correlation-ID
X-Akamai-Request-ID2
X-Tenant
X-Reqid
X-Origin-Response-Time
X-RCS-CacheZone
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-Vdms-Path
X-Vdms-Version
X-Orig-Expires
DCR-Processing-Time-Ms
Expiry
X-V-Cache
Meta-Geo-Continent
Odigeo-Trace-Id
Pramga
X-Slack-Backend
Mobile-Detection-Method
X-Destination
X-TIM-N
X-SRCache-Key
DCR-Decision-By
BehaviorPad-Version
X-Forwarded-Path
X-ND-Cache
X-Hnp-Log
X-Ftr-Request-Id
X-Gen-Mode
X-GG-Cache-Date
X-NAPM-TraceId
X-External-Request-Id
X-Vtex-Remote-Cache
X-Shop-Environment
A
X-VG-WebCache
Xc-Version
X-Epic-Correlation-Id
X-Developer
X-Vtex-Processado-Em
X-Session-Fingerprint
X-Application
X-ARC
X-Planisys-CDN-TTL
X-Aed
X-A-Wwc
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-A-Dgt
X-B-Cookie
X-Processor
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cluster
X-CF-Lambda-Fn
X-Cache-NE
X-Backend-TTL
X-Block-Status
X-A-Dcw
X-Rojux
User-Cache-Control
V-Age
Vix-Hermes-Req-Id
Surrogated-Key
X-SD-PageType
X-Conf
Rendered-Blocks
Sslversion
X-D
X-ScT
X-Ig-Push-State
X-A-Dam
X-PBS-Appsvrname
X-A-Ccd
X-A
X-S-Cookie
X-S
Redirect-Candidate
X-Connection-Hash
X-AWS-Id
X-LJ-Flow-ID
X-Amz-Meta-S3cmd-Attrs
X-VWS-Id
X-Magnolia-Registration
X-MP-GENERATED-AT
X-Mg-Request-UUID
X-Time-Microsecs
Server-Info
X-Edge-Location
Origin
X-Li-Pop
Origin-CC
X-LI-UUID
Origin-EX
X-Proxy-Upstream
X-Li-Fabric
X-Location
X-Policy
X-Men
X-Nyt-Route
X-Old-Content-Length
X-Origin
Gh-Request-Id
X-Hash
X-Mvc-Supplant-Cachable
Host-ID
X-NodeID
X-Origin-Time
X-Geo-Header
X-Core-Mission
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Accel-Expires-Debug
X-Aicache-OS
X-Cache-Bucket
X-Cache-Date
X-Cache-Info
X-Cdn-Srv
X-Date
X-Device-Os
Svr
State
Fastcgi-Cache-TTL
X-GeoIP-Country-Code
X-Gdpr
X-Forwarded-Site
True-Client-Country-4JS
Traceparent
X-Fastly-Cache
X-Fetched-On
X-GeoIP-Region-Code
X-Origin-Expires
Apple-News-Services-Handled
AKAMAI
X-Locale
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Arc-Country
Apple-News-Services-Request-Url
X-Sucuri-ID
X-SVT-ORM-RULES
X-Webstats-RespID
X-Fastly-Backend
X-VServer
X-Viewer-Country
X-SVT-ORM-VERSION
X-VG-TLSProxy
CacheControlHeader
X-Sucuri-Cache
X-Request-URI
X-Server-IP
X-Scheme
X-Rocket-Nginx-Serving-Static
DSUID
Cmstype
Cmsid
CDCHOST
Environment
CloudFront-Viewer-Country
X-Via-NSCOPI
X-Datadog-Sampling-Priority
X-RateLimit-Limit-Second
X-Req
X-Developers
X-Envoy-Decorator-Operation
X-VarnishDD-TTL
X-Rocket-Build-Number
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Cdn-Origin
X-Cache-Id
X-JWT-State
X-Cache-Debug
X-Restarts
X-Branch-Name
X-Sn-Servicetimems
X-Is-Gdpr
X-CGP
X-Esi-Check
X-Core-Value
X-RateLimit-Remaining-Second
X-FC-Vary-Parameters
X-Has-Esi
X-Csrf-Jwt
X-TrackingId
X-Served-From
X-Irp-Debug
X-HS-Content-Campaign-Id
X-HN
X-Owner
X-Labrador-Cache-Channel
X-Level-Front-Cache
X-Sigma-Backend
X-Sigma
X-Skip-Cache
X-Amzn-RequestId
X-BBC-Edge-Cache-Status
X-Gzip
X-Amz-Apigw-Id
X-Thinkindot-L3
X-TH-Server
X-Node-Id
X-Eu-Site
X-UnsetCookies
X-Gamma-Serve
X-PHP-Host
X-GeoIP-City
X-Storefront-Renderer-Rendered
X-GeoIP
X-Region-Sid
X-Generated-On
X-Varnish-Beresp-Status
X-Platform
Machine
Locid
Magicmarker
Mail-Subject
Ha-Gx-Prefs
L5d-Success-Class
We-Hiring
Fastly-Drupal-Html
Web-Mar-Region
HA-Ipaddr
L
X-Varnish-Beresp-Ttl
Thinkindot-Control
X-Backend-State
TDXMobile
Req-Svc-Chain
Server-Host
Release
PFcat
Thinkindot-CacheControl-Type
X-ATG-Version
Fastly-GeoIP-CountryCode
Thinkindot-CacheControl
Ssr
Memcached
NM-Fastcgi-Cache
X-Zone
X-Pod-Name
X-Cache-Var-Map
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-NU-AKA-ACS-Version
X-Response-By
X-Variation
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Loc
X-DPWN-IS-SECURE
Fastly-SIE
Cf-Device-Type
Adler-Geo
X-Cache-Var
Fastly-SWR
Kp-EeAlive
X-DefHash
X-DefElseHash
Platform
X-Tx-Id
Is-Eu
X-Amzn-Remapped-Content-Length
X-TraceId
NGX
X-DW
X-RPM
X-RPS
X-DSS
Edge-Cache
X-DI
Accept-Language
X-VC-Cache
X-Action
AMP-Access-Control-Allow-Source-Origin
X-Cache-Backend
X-DB
X-Mvc-Supplant-OutputCached
X-RSL
X-NC
X-Wix-Viewer-Type
X-CS
X-Up
CDN
X-Request-Start
X-Srv
X-Generated-In
X-CacheTTL
X-Optimistic-Header
X-LB-NoCache
X-Thanos
X-Bip
X-LB-ID
Ms-Author-Via
X-Trace-ID
X-Minions-Version
Pics-Label
X-Qnm-Cache
X-M-Log
X-Tt-Logid
X-Tb-Optimization-Total-Bytes-Saved
X-M-Reqid
Locale
X-Urbn-Site-Id
Env
X-API-Version
Time
X-Urbn-Context-Path
Memory
X-Varnish-Ttl
WebServer
X-Refresh
X-Edge-Pop
X-Cache-Config
X-Via-Popn
GeoIp-Country-Code
X-Via-Popv
X-Via-Poph
X-TA-CDN-Provider
Datacenter
X-Ec-GeoHdr
X-User
X-Ec-Fail
X-HA-Backend
X-DC
X-CACHE-KEY
X-Parent-Response-Time
X-DynaTrace-JS-Agent
Server-ID
X-Servedbyhost
Candidate-Md5Url
X-Esi
NtCoent-Length
X-Vc
X-MSEdge-Features
X-MSEdge-Flight
X-Dynatrace
X-ZONE
X-CLOUD-TRACE-CONTEXT
X-Cs
X-AK-Request-ID
Cdncip
Cdnsip
WWW-Authenticate
On-Server
X-Datadome
X-TX-ID
X-Fmm-Version
X-Clara-WADP
Esi-Enabled
X-WADP-Cache
Geoip-Latitude
X-Varnish-Beresp-TTL
My-App
X-VCL-Version
Cluster
X-Cache-Ttl
X-Fpc
X-Var-Ttl
X-LI-Proto
Tracecode
X-CUA
X-App
X-Pass-Why
X-URL
Lfy
X-Li-Proto
X-Cache-PHP
X-From
C-Via
X-Unique-ID
X-Webkit-Csp-Report-Only
X-Service
T-Server
DataCenter
X-Traceid
Lang
X-FPC
X-Newrelic-Synthetics
X-B3-Spanid
X-Fragments
X-Webkit-CSP-Report-Only
Cf-Int-Pingora-Origin-Digest
X-NODE
Fastly-Drupal-HTML
Test
Geo-Info
Target-Params
X-VC
X-Vcl-Version
X-Mcache
Resin-Trace
Proxy-Connection
X-Render-Time
M-TraceId
X-Cache-Status-Check
X-CSRF-TOKEN
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Provided-By
X-RAMCache
Server-Id
X-Ha-Backend
X-Api-Version
X-LiteSpeed-Cache-Control
Hostname
X-COUNTRY
Permissions-Policy
MIME-Version
X-ID
X-Proxy-Cache-Info
Servername
WZWS-RAY
Hit
GeoIP-Country-Code
X-ServedByHost
X-Httpd
X-NGINX-Cache
X-Via-PopV
X-Clientip
X-Via-PopN
X-Via-PopH
X-Geo
X-Dynatrace-Js-Agent
FSS-Cache
X-Cdn-Forward
Producers
X-Edge-POP
X-Pad
X-SB
X-Platform-Router
X-Edge-Cache
X-Fastly-Backend-Reqs
X-Udemy-Cache-App-Namespace
HIT
Cache-Host
ENV
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
UCS
X-Oss-Server-Time
X-Pool
X-Platform-Processor
X-LiteSpeed-Tag
X-Oss-Storage-Class
X-Platform-Cluster
X-Ucs
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
S-Cnection
X-AIR-PT
X-ElasticPress-Query
X-Ec-Custom-Error
X-Info
X-Scale
Section-Origin-Responded
X-Acquia-Purge-Tags
X-Acquia-Site
Uri
X-Cache-CFC
X-Acquia-Application-UUID
ServerName
X-Lb-Id
X-Lb-Nocache
X-Acquia-Application-Trace
X-UP
PICS-Label
MD5-Digest
X-Check-Cacheable
Server-Hostname
Sever-Int
X-HS-Status
X-Cache-Expires
X-GoCache-CacheStatus
X-Dispatcher-Number
Server-Ext
URI
X-BBC-Origin-Response-Status
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Ohc-File-Size
User-Agent
X-SIPLIST1
Cteonnt-Length
X-Cdn-Request-ID
X-Nc
X-Micro-Cache
Cneonction
X-Release
Tcn
Fastly-Backend-Name
X-Swift-Error
IsBot
X-RateLimit-Reset
Server-Ttl
X-Via-Ucdn
X-Fastly-Cache-Hits
X-Dw-Trace-Id
X-Yottaa-OS
Cf-Ipcountry
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Cms-Context
CF-Cached-On
X-B3-ParentSpanId
X-Newrelic-App-Data
Wpo-Cache-Message
X-Fetch-By
Ngx
X-Backend-Host
Wpo-Cache-Status
Vha6-Origin
X-Vcache
X-Air-Pt
X-Cache-Ngx
X-ServerName
Load-Balancing
X-HostName
Sid
X-IN-APIGATEWAY
X-B3-Parentspanid
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAYSSL
X-Via-CDN
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
X-Akamai-Request-ID
X-CacheKey
X-Apw-Hits
X-APP
X-Cache-ASPX
X-BCube-Filmed-By
X-Apw-Access-Token
X-Apw-Access-Object
X-Contensis-Viewer-Groups
X-Varnish-Authentication
EpKe-Alive
X-Apw-Access-Action
X-Logging-Id
X-UA
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
X-Sentry-ID
X-Snapshot-Date
X-Akamai-Pragma-Client-IP
Req-ID
Shield-Pop
CountryCode
X-Last-Modified