Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
Access-Control-Allow-Origin
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Dispatcher
EagleEye-TraceId
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Allow
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Aws-Lambda-Call-Status
X-CST
X-Server-Id
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Cf-Edge-Cache
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Trace
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-Rack-Cache
X-Varnish-TTL
X-Server-Name
Edge-Control
X-Clacks-Overhead
RTSS
X-ESI
X-Content-Type
X-B3-TraceId
X-VARITI-CCR
Accept-Ch
Cache-Tag
X-Vcap-Request-Id
X-Amz-Rid
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Ac
X-Cnection
X-Dw-Request-Base-Id
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Px
X-RateLimit-Remaining
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-Client-IP
X-Abt-Application-Version
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Ser
X-FastCGI-Cache
X-Version
X-Country-Code
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-Edge
Response
X-Middleton-Response
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-Correlation-Id
X-Ruxit-Js-Agent
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Webkit-Csp
AR-Request-ID
AR-SID
X-Kinsta-Cache
X-Upstream
X-Edge-Location-Klb
X-TTL
SPRequestDuration
SPIisLatency
X-Ttl
X-LLID
X-RateLimit-Limit
X-Cached
X-NWS-LOG-UUID
X-Cache-Key
X-Powered-CMS
X-Litespeed-Cache
Nginx-Cache
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
Edge-Cache-Tag
SPRequestGuid
X-SharePointHealthScore
TCN
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
X-MSEdge-Ref
MS-Author-Via
Content-MD5
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-B3-TraceId-Primal
X-T
X-Daa-Tunnel
X-Recruiting
S
X-Mg-S
X-DataDome
X-Ua-Device
X-Content-Digest
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Protected-By
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Frontend
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-Content
X-Ab
X-HS-Hub-Id
X-HS-Content-Id
X-Ua-Browser
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Accel-Expires
Server-Node
X-Grace
Front-End-Https
X-Request-Processing-Time
Filters
X-Request-Received
X-Server-ID
Fastcgi-Cache
X-Mid
X-PressLabs-Stats
X-Hits
X-ECACHE
X-ORACLE-DMS-ECID
X-Origin-Server
X-Geo-Country
TP-Cache
TP-L2-Cache
X-ORACLE-DMS-RID
X-Distributor
X-Debug-Info
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-DynaTrace
X-Tt-Trace-Tag
X-Amzn-Trace-Id
X-Tt-Trace-Host
Charset
X-Page-Id
Cleartype
X-B3-Sampled
X-F-Cache
Host
X-Ratelimit-Reset
Cross-Origin-Opener-Policy
X-Git-Hash
X-DIS-Request-ID
X-Www-Served-By
X-Forwarded-Proto
X-Microsite
X-Request-Handler-Origin-Region
X-LB-Cache
Access-Control-Allow-Method
Cache-Tags
ServerID
X-Cache-Age
X-Seen-By
X-Aspnetmvc-Version
X-Cluster-Name
X-Oracle-Dms-Ecid
X-AppVersion
X-Az
X-Activity-Id
X-Kong-Proxy-Latency
X-Oracle-Dms-Rid
X-Kong-Upstream-Latency
Accept-Charset
X-Language
Cache-Status
X-Varnish-Age
Server-Name
Filterid
Realpath
X-Type
X-Rid
X-Content-Options
X-App-Environment
X-Nginx-Upstream-Cache-Status
X-WebKit-CSP-Report-Only
X-VCache
X-Mobile-URL
Node
X-Origin-Cache
X-Wix-Request-Id
X-MCACHE
Viewport
X-FB-Debug
X-Tb
X-User-Agent
X-Varnish-Grace
X-Fastly-Request-ID
X-Upgrade-Enabled
Country
X-Signature
X-Request-Guid
X-Flags
X-Drupal-Cache-Tags
X-B-Cache
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Whom
X-Via-JSL
X-TT
Protected
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Paypal-Debug-Id
X-Goog-Generation
X-Goog-Storage-Class
DC
X-Varnish-Backend
Retry-After
Fastcgi-Useragent
X-NWS-UUID-VERIFY
X-XRDS-LOCATION
X-Cache-NGX
X-B
Payment
X-Fastcgi-Cache
X-Contextid
X-Amz-Replication-Status
X-Debug
X-Logged-In
X-XRDS-Location
WPO-Cache-Status
WPO-Cache-Message
X-Template
X-N
X-FW-Static
X-FW-Type
X-Load-Cache
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Fastly-Request-Id
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-Mcache
X-Cache-Control
X-Node-Name
Count-Hit
X-Amz-Meta-S3cmd-Attrs
X-Hostname
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Original-Request-Id
Akamai-GRN
SD-X-WS
X-Response-Served-From
Healthy
VIX-Pulpo-Node
X-Rendered-As
X-UUID
X-Zen-Fury
X-Akamai-Request-ID2
X-Jobs
Content-Disposition
X-Revision
X-Cache-TTL-Remaining
X-G
X-Cache-Time
X-Is-Bot
VIX-Pulpo-Upstream-Status
Refresh
X-Real-IP
X-Parallel-Accel
X-Proxy
Uber-Trace-Id
X-Page-View
X-Http-Reason
X-Framework
X-Device-Type
X-Proxy-Cache-Status
Alternate-Protocol
X-Yottaa-Optimizations
X-Adobe-Content
X-Instance
X-Cacheable-TTL
X-Drupal-Cache-Contexts
X-Adobe-Loc
NGB
X-Yottaa-Metrics
X-Mobile
X-Debug-IsConnected
X-Trace-Id
X-Debug-IsPreview
Access-Control-Request-Headers
X-IPLB-Instance
Url
X-ECache
X-Source
X-Cache-Rule
X-Servername
Permissions-Policy
X-B3-Traceid
From-Origin
X-Vgn-Hpd-Reason
X-Cache-Grace
Version
X-Varnish-Server
X-Cache-Expired-At
X-Oneagent-Js-Injection
Accept-Language
X-Cache-Hit
X-Mg-Request-UUID
X-L-Path
X-Environment-Context
Referer-Policy
X-EdgeConnect-Cache-Status
X-Restarts
Countrycode
X-NGENIX-Cache
MS-CV
X-RTag
Ms-Operation-Id
X-FW-Version
X-App-Server
X-Ah-Environment
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Cache-Action
X-Tumblr-Pixel-0
X-NYM-Debug-Backend
X-Tumblr-Pixel-1
X-COUNTRY
X-Tumblr-User
Backend
X-Tumblr-Pixel
Liferay-Portal
X-HTML-Minification-Powered-By
Frame-Options
X-Nginx-Cache
Content-Secure-Policy
WP-Super-Cache
CF-IPCountry
Section-Io-Cache
Meta-Geo
X-Format
X-UPSTREAM-Address
X-Section
Upgrade-Insecure-Requests
X-RemovedCookies
X-ProcessESI
X-Access
X-OCL
X-RN-RSRV
X-PCL
Apigw-Requestid
X-Redis-Cache
TWC-Privacy
Ec-Rule-Version
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-Detected-As
Property-Id
X-Generation-Time
X-Ua
X-Cache-Server
Mn-Server-Ip
X-FB-TRIP-ID
X-Hyper-Cache
X-Origin-Hint
X-Cluster-Node
X-Region
X-Content-Age
Cache-Tv-Group
TWC-GeoIP-LatLong
X-Cache-Enabled
X-Ratelimit-Remaining
TWC-Connection-Speed
TWC-Device-Class
Webcakes-Region
TWC-GeoIP-Country
Azure-RegionName
X-Sql-Count
X-Storage
X-UA-Device-Type
X-Status
Azure-InstanceId
X-No-Session
X-Say-TTL
X-ApacheServer
X-Urbn-Site-Id
X-Be
X-Urbn-Context-Path
X-AOL-HN
X-Origin-Date
X-PERF
X-Request-Time
X-Say-Cacheable
X-Sql-Duration-Ms
X-SayCDN-TTL
Locale
X-Hosted-By
S-Rt
Azure-Version
Azure-SlotName
X-Uri
X-Varnish-Cache-Hits
Fastly-SSL
X-Xfnlog-Site
X-Server-W
X-Web-Node
Azure-SiteName
X-Akamai-Edgescape
X-Mode
X-Rule
Webserver
CDN-RequestId
CDN-Uid
X-Platform-Server
CDN-PullZone
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-PHP-Backend
X-Nginx-Cache-Key
X-Cache-Tags
X-Cache-Host
X-BYPASS-REASON
X-Cache-Type
X-Debug-Cache
Eomportal-Instance
X-Human
X-Generated-By
X-ProxyCache-Key
CDN-RequestCountryCode
X-ProxyCache-Status
X-Forwarded-Host
X-Unique-Id
X-Site-Version
X-Webkit-CSP
X-Extlb
X-ServerID
X-ShopId
X-SaId
X-Zipkin-Id
X-Adobe-Source
X-Routing-Service
X-Content-Powered-By
X-JoinUs
X-Tid
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-Proxied
X-Sorting-Hat-PodId
X-Backend-Name
X-Sorting-Hat-ShopId
X-Via-Fastly
X-Hl-Ver
X-Varnishpool
X-Handled-By
X-TT-LOGID
X-Timing-Wait
X-Proxy-Build
ServedBy
Selected-Fe
X-APP-VERSION
X-GG-Cache-Date
X-PHP-Host
X-Labrador-Cache-Channel
X-Accel-Buffering
X-Cache-Operation
X-Locale
X-Cache-Remote
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
Xserver
X-Rewrite-Enabled
X-VC-Cache
X-LSADC-Cache
X-NewRelic-App-Data
SID
X-App-Version
X-Cached-By
X-Pubstack
X-CDN-Forward
X-Dc
SRV
Mime-Version
X-Soup
Fastly-Drupal-Html
X-Proto
Web-Mar-Node
X-Edge-Location
X-Buckets
X-Storefront-Renderer-Rendered
X-Datadome
X-TA-CDN-Provider
X-Reqid
Country-Code
X-GEO
Decoy-Debug-TTL
Onion-Location
X-Request-Host
LB
X-Cms-Context
Decoy-Debug-Key
Decoy-Debug-Status
X-Ratelimit-Limit
X-Origin-TTL
X-Microcachable
X-Origin-CC
X-Midtier
Server-Info
X-Varnish-Hostname
X-GeoCode
Load-Balancing
X-GeoCountry
X-Ms-Request-Id
X-Ms-Version
Cache-Hits
X-MP-GENERATED-AT
X-Cluster
Xet-Cookie
X-B3-SpanId
X-CSRF-Token
X-Tumblr-Pixel-3
X-NCache
X-Varnish-Hits
X-Tumblr-Pixel-2
X-Bc-Bl
X-RCS-CacheZone
DynaTrace
X-Envoy-Decorator-Operation
X-Amz-Apigw-Id
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Amzn-RequestId
X-Endurance-Cache-Level
X-Origin-Response-Time
X-R9-Blue-Green-Version
X-Magnolia-Registration
X-Varnish-Beresp-Grace
T-Server
Surrogated-Key
Cmstype
Rendered-Blocks
Sslversion
Odigeo-Trace-Id
Cmsid
Meta-Geo-Continent
Cdnsip
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Cdncip
Expiry
DCR-Decision-By
BehaviorPad-Version
DCR-Processing-Time-Ms
Apple-News-Services-Host
Fastcgi-X-Cache-Version
Mobile-Detection-Method
A
NM-Fastcgi-Cache
Lang
Host-ID
Wxu-Next-Hostname
Apple-News-Services-Handled
DB-Nickname
X-D
X-Processor
X-PBS-Appsvrname
X-Rojux
X-S
X-ScT
X-S-Cookie
X-PAYTM-SRV-ID
X-Orig-Expires
X-HS-Content-Campaign-Id
X-Hash
X-Ig-Push-State
X-LAGOON
X-NodeID
X-NAPM-TraceId
X-SD-PageType
X-Session-Fingerprint
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Webstats-RespID
X-Vdms-Path
X-User
X-SRCache-Key
X-Shop-Environment
X-Tenant
X-TIM-N
X-TrackingId
X-Gzip
X-Ftr-Request-Id
X-ARC
X-Application
X-B-Cookie
X-Cache-Bucket
X-Cache-NE
X-Cache-Id
X-AK-Request-ID
X-Aed
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Dgt
X-Cdn-Srv
X-CF-Lambda-Fn
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Esi-Check
X-External-Request-Id
X-From
X-Forwarded-Path
X-Ec-Fail
X-Developers
X-Conf
X-CF-Lambda-Version
X-Connection-Hash
X-Destination
X-Developer
Wxu-Next-Region
Wxu-Next-Commit
X-Tx-Id
X-SRV
X-Azure-Ref
X-Via-NSCOPI
Cache-Name
X-Time
Platform
Pramga
X-Is-Gdpr
X-Hnp-Log
Server-Host
X-Irp-Debug
X-JWT-State
Producers
X-Men
X-Amzn-Remapped-Content-Length
X-Origin-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Locid
X-Origin-Expires
X-Origin
X-Has-Esi
X-Mvc-Supplant-Cachable
X-Node-Id
X-Nyt-Route
X-Loop
X-GeoIP
Web-Mar-Region
X-Core-Value
We-Hiring
Vix-Hermes-Req-Id
V-Age
X-Core-Mission
X-Clara-WADP
X-Block-Status
X-Cache-Backend
X-Cache-Info
X-Ckpd-Fst-Backend
User-Cache-Control
X-DefElseHash
X-Gdpr
X-Fmm-Version
X-Gen-Mode
State
X-Geo-Header
X-Fetched-On
X-Fastly-Cache
X-DefHash
X-Device-Os
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Planisys-CDN-TTL
Mail-Subject
X-TNCMS
X-Variation
X-Varnish-CookieHashed-On
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sigma
X-Sigma-Backend
X-Slack-Backend
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Worker
Source
X-Request-URI
X-Wix-Viewer-Type
X-WADP-Cache
X-VG-TLSProxy
X-Viewer-Country
Adler-Geo
X-Server-IP
X-V-Cache
X-Pod-Name
Environment
X-Rocket-Build-Number
Is-Eu
Fastly-GeoIP-CountryCode
X-ZONE
X-Datadog-Parent-Id
X-Csrf-Jwt
X-CGP
X-Datadog-Sampling-Priority
CDCHOST
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
X-Eu-Site
X-RateLimit-Limit-Second
MD5-Digest
X-BBC-Edge-Cache-Status
X-Auto-Login
X-Branch-Name
L
X-RateLimit-Remaining-Second
X-Cdn-Origin
X-Cache-Date
X-Datadog-Trace-Id
X-Proxy-Upstream
X-Minions-Version
X-Thinkindot-L3
X-GeoIP-City
X-Srv
HostName
X-Httpd
X-SB
X-Loc
X-Sn-Servicetimems
X-Platform
X-Old-Content-Length
X-Qloud-Router
X-Scheme
X-Proxy-Cache-Info
X-VServer
X-Rebelmouse-Cache-Control
X-Forwarded-Site
X-Response-By
X-Rebelmouse-Surrogate-Control
X-Policy
X-Location
Memcached
Machine
Cache
AKAMAI
Thinkindot-CacheControl
Fastly-SWR
Kp-EeAlive
Thinkindot-CacheControl-Type
Traceparent
Gh-Request-Id
Fastly-SIE
Thinkindot-Control
Fastcgi-Cache-TTL
Origin
N-Cache
Redirect-Candidate
X-Aicache-OS
Release
TDXMobile
Svr
Origin-EX
Origin-CC
Req-Svc-Chain
Ssr
X-Parent-Response-Time
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
CDN
X-CS
X-Level-Front-Cache
NGX
X-Optimistic-Header
X-DI
X-Gamma-Serve
X-DSS
X-DW
X-Pool
X-Rocket-Nginx-Serving-Static
PFcat
X-Region-Sid
Arc-Country
X-Dispatcher-Number
X-HN
X-VarnishDD-TTL
X-CacheTTL
Cluster
CloudFront-Viewer-Country
X-RPS
X-RPM
X-Generated-On
X-DB
X-Skip-Cache
X-RSL
X-Served-From
DSUID
Server-Hostname
Sever-Int
Server-Ext
X-SIPLIST1
X-Via-Ucdn
X-NC
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Pics-Label
X-Scale
X-EC-Lua
IsBot
X-Refresh
X-Date
X-Accel-Expires-Debug
X-TraceId
X-VC
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
X-Owner
X-LB-NoCache
Servername
X-GeoIP-Country-Code
Env
X-GeoIP-Region-Code
Ms-Author-Via
X-Udemy-Cache-App-Namespace
X-Akamai-Transformed
AMP-Access-Control-Allow-Source-Origin
X-TIME
GEO-INFO
Ohc-File-Size
X-IPLB-Request-ID
Time
X-Cache-Debug
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Mvc-Supplant-OutputCached
Memory
X-RateLimit-Reset
X-Amz-Meta-Cb-Modifiedtime
Cache-Key
X-Newrelic-Synthetics
X-Edge-Pop
X-API-Version
Datacenter
X-Varnish-Ttl
Geo-Info
X-BCube-Filmed-By
X-Ad-Defer-Variation
Candidate-Md5Url
Fusion-Template-Id
X-Xrds-Location
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
X-Contensis-Viewer-Groups
VNS-Age
X-Servedbyhost
X-SplitTest
CPC-Cache
X-Via-Popn
X-Via-Popv
VNS-Cache
X-Generated-In
CacheControlHeader
X-Via-Poph
CPC-Age
X-Cache-ASPX
XM
X-Action
True-Client-Country-4JS
X-WA-Info
Fastly-Backend-Name
X-TH-Server
X-Varnish-Authentication
GeoIp-Country-Code
X-HA-Backend
X-Trace-ID
ITXSESSIONID
X-S-Maxage
X-Backend-TTL
X-Micro-Cache
X-DC
X-VCL-Version
Client
Path
X-Vc
FSS-Cache
Server-ID
X-AIR-PT
X-CACHE-KEY
Geoip-Latitude
X-Cache-Status-Check
X-VHOST
X-Varnish-Beresp-TTL
X-Webkit-Csp-Report-Only
Cache-Host
X-Req
Edge-Cache
X-Provided-By
X-Cs
X-Presslabs-Stats
My-App
Hostname
Lb
Ngx.Var.Host
Ohc-Cache-HIT
X-Zone
True-Client-IP
X-Fpc
X-Dynatrace
X-Origin-Upstream-Status
XkeyRZ
NtCoent-Length
X-Proxy-CacheRZ
X-Clientip
X-FireWall-Port
X-Pass-Why
X-Api-Version
X-Up
X-TX-ID
Powered-By
DataCenter
X-PX
X-LB-ID
X-Traceid
X-B3-Spanid
Test
X-Varnish-Beresp-Ttl
X-Cdn-Request-ID
X-FPC
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-Li-Fabric
X-CSRF-TOKEN
X-Li-Pop
X-LI-UUID
X-Correlation-ID
OT-Force-Account-Verify
X-Beluga-Trace
X-Webkit-CSP-Report-Only
User-Agent
X-Beluga-Record
X-UnsetCookies
X-MSEdge-Flight
X-MSEdge-Features
X-ND-Cache
X-Dmc
WZWS-RAY
X-Beluga-Node
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Cache-Status
Proxy-Connection
X-INCAP-ABP
Server-Id
X-CUA
X-Render-Time
X-Vcl-Version
X-Time-Microsecs
X-CLOUD-TRACE-CONTEXT
GeoIP-Country-Code
GeoIP-Latitude
X-Via-PopN
X-RAMCache
X-Via-PopH
X-Via-PopV
X-HS-Status
X-Fragments
X-Ha-Backend
Rip
C-Via
X-Platform-Cluster
Cf-Device-Type
X-URL
Tracecode
Srvid
Target-Params
X-B3-Traceid-Primal
X-Platform-Router
X-Platform-Processor
X-Azure-Ref-OriginShield
X-Check-Cacheable
X-Geo
X-Akamai-Pragma-Client-IP
Click-Count-Error
X-Gateway-Skip-Cache
X-FC-Vary-Parameters
Tube-Return
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Fastly-Backend
Lfy
Resin-Trace
X-Var-Ttl
Click-Count-Action-Start
Tube-Got-Eval
Uri
Tube-Get-Contents
Sid
X-Sucuri-Cache
Tube-Got-Results
X-ServedByHost
X-Gateway-Cache-Key
X-Sucuri-ID
X-ATG-Version
MIME-Version
X-Service
X-M-Log
X-CCDN-Origin-Time
X-Proxy-Cache-Hk
Esi-Enabled
X-Qnm-Cache
X-M-Reqid
X-Fetch-By
X-LI-Proto
X-CCDN-CacheTTL
Epwk-X-Cache
X-Alfa-Service
X-Hcs-Proxy-Type
Fastly-Drupal-HTML
X-TRACE-ID
X-Edge-POP
X-NU-AKA-ACS-Version
X-Backend-Host
X-Li-Proto
HIT
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-DynaTrace-JS-Agent
X-Fastly-Backend-Reqs
Section-Io-Origin-Status
Section-Io-Id
On-Server
X-Varnish-Beresp-Status
Srv
ENV
Magicmarker
Cdn
X-LiteSpeed-Cache-Control
X-Esi
X-Cache-Expires
X-App
XServer
X-Backend-State
X-Cdn-Forward
X-MG-S
X-Srcache-Store-Status
X-Srcache-Fetch-Status
PICS-Label
X-ElasticPress-Query
X-APP
X-Cache-CFC
CF-Cached-On
Server-Ttl
Tcn
X-Newrelic-App-Data
X-Request-Start
ServerName
X-Lb-Nocache
X-Yottaa-OS
X-Acquia-Site
X-Bip
X-BBC-Origin-Response-Status
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
D-Url-Rewrites
X-Thanos
X-Acquia-Application-UUID
Wpo-Cache-Message
X-Iplb-Instance
X-Nc
X-Serial
Cf-Ipcountry
X-Iplb-Request-Id
Inserted-Into-Cache-At
Wpo-Cache-Status
X-HostName
Servedby
Warning
X-Vercel-Cache
X-Vercel-Id
Fastcgi-Cache-Ttl
True-Client-Ip
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Hit
X-Akamai-Request-ID
X-Request-URL
X-Dw-Trace-Id
Cneonction
Content-Script-Type
Content-Style-Type
Ngx
X-Snapshot-Date
X-Dist-Code
CountryCode
X-Request-Url
X-Back
X-Th-Server
X-B3-Parentspanid
X-Swift-Error
X-Release
X-Shopify-Generated-Cart-Token
X-CF-Powered-By
X-Storefront-Renderer-Verified
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-LiteSpeed-Tag