Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Dns-Prefetch-Control
X-Server
X-Robots-Tag
X-AH-Environment
X-Akamai-Path-Stats
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
Allow
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
X-Server-Id
Request-Id
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Rating
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
Accept-Ch
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-Server-Name
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-ESI
Cache-Tag
X-Content-Type
X-B3-TraceId
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Use-Magma
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-Px
X-Cnection
X-Ac
X-D2id
X-RateLimit-Remaining
X-Element-Page-Cache
X-Navigation-Version
Verso
X-Edge
X-Abt-Application-Version
X-FastCGI-Cache
X-Client-IP
X-Middleton-Display
Display
X-Powered-By-Plesk
Pagespeed
X-Sol
X-Ser
X-Cache-TTL
X-Version
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
X-Correlation-Id
Access-Control-Request-Method
X-Goog-Hash
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-TTL
X-Edge-Location-Klb
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
AR-CACHE
X-Ttl
X-Cached
X-Upstream
X-Content-Security-Policy-Report-Only
X-SharePointHealthScore
SPRequestGuid
X-LLID
X-NWS-LOG-UUID
X-Powered-CMS
X-Kraken-Loop-Name
X-RateLimit-Limit
X-Instrumentation
X-Server-Lifecycle-Phase
Edge-Cache-Tag
X-Ruxit-Js-Agent
X-Litespeed-Cache
Nginx-Cache
X-Forwarded-For
X-Cache-Key
Content-MD5
TCN
X-MSEdge-Ref
X-Id
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
X-Server-ID
X-Daa-Tunnel
X-B3-TraceId-Primal
X-T
X-Webkit-Csp
X-Recruiting
S
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Digest
MS-Author-Via
X-Ua-Device
X-Mg-S
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-ECACHE
X-Accel-Expires
X-Protected-By
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DataDome
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Grace
X-Frontend
X-Ua-Browser
X-Ab
X-Content
X-Request-Received
X-Request-Processing-Time
Front-End-Https
X-Yandex-Sdch-Disable
Server-Node
Filters
X-PressLabs-Stats
X-Mid
TP-Cache
TP-L2-Cache
Fastcgi-Cache
X-Origin-Server
X-DynaTrace
X-Hits
X-Distributor
X-Geo-Country
X-WebKit-CSP-Report-Only
X-Microsite
X-Request-Handler-Origin-Region
X-Debug-Info
X-Amzn-Trace-Id
Charset
Cleartype
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-ORACLE-DMS-ECID
Host
X-Page-Id
X-LB-Cache
X-DIS-Request-ID
X-F-Cache
X-Git-Hash
X-ORACLE-DMS-RID
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Ratelimit-Reset
Pinterest-Version
Pinterest-Generated-By
X-Forwarded-Proto
X-Pinterest-Rid
X-Www-Served-By
X-Cache-Age
Access-Control-Allow-Method
X-Seen-By
ServerID
Cache-Status
X-AppVersion
X-Az
Realpath
X-Activity-Id
X-MCACHE
X-Aspnetmvc-Version
Cache-Tags
X-Oracle-Dms-Ecid
Accept-Charset
X-Cluster-Name
X-Varnish-Age
X-Oracle-Dms-Rid
Filterid
X-Rid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Language
X-Content-Options
X-Nginx-Upstream-Cache-Status
X-Type
Server-Name
X-App-Environment
Retry-After
X-Upgrade-Enabled
Viewport
X-Varnish-Grace
Node
X-Origin-Cache
Country
X-Whom
X-User-Agent
X-Tb
X-FB-Debug
DC
X-Signature
X-Flags
X-Route-Name
X-Request-Guid
X-Mobile-URL
X-Is-Crawler
X-Providence-Cookie
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-B-Cache
X-Aspnet-Duration-Ms
X-Varnish-Backend
Paypal-Debug-Id
X-NWS-UUID-VERIFY
X-TT
X-VCache
X-Goog-Storage-Class
Protected
Fastcgi-Useragent
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-XRDS-LOCATION
X-B
X-N
X-Fastly-Request-Id
X-Debug
X-Via-JSL
X-Fastly-Request-ID
WPO-Cache-Status
WPO-Cache-Message
X-Amz-Replication-Status
X-Logged-In
X-Cache-NGX
Payment
X-Mcache
X-Load-Cache
X-Contextid
X-Webkit-CSP
X-Amz-Meta-S3cmd-Attrs
Surrogate-Key
Permissions-Policy
Count-Hit
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
X-FW-Type
X-Node-Name
X-FW-Static
X-FW-Server
Healthy
X-Template
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-XRDS-Location
X-Fastcgi-Cache
X-Original-Request-Id
X-Response-Served-From
X-G
SD-X-WS
X-Proxy
X-Cache-Time
X-Jobs
Content-Disposition
Refresh
X-Mobile
X-Cacheable-TTL
X-Framework
X-Real-IP
X-Akamai-Request-ID2
X-Rendered-As
X-Revision
X-Is-Bot
Akamai-GRN
X-Trace-Id
X-UUID
X-Zen-Fury
Uber-Trace-Id
X-Proxy-Cache-Status
X-Page-View
X-Adobe-Content
X-Hostname
X-Cache-TTL-Remaining
X-Adobe-Loc
X-Http-Reason
NGB
X-Debug-IsPreview
X-Debug-IsConnected
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Access-Control-Request-Headers
Alternate-Protocol
X-Device-Type
Url
X-Instance
X-Drupal-Cache-Contexts
X-Servername
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Grace
X-IPLB-Instance
X-ECache
X-B3-Traceid
X-Mg-Request-UUID
Version
X-Restarts
X-Varnish-Server
X-NGENIX-Cache
X-Source
X-L-Path
X-Environment-Context
From-Origin
Accept-Language
X-Oneagent-Js-Injection
X-Cache-Rule
X-Vgn-Hpd-Reason
X-Cache-Hit
X-EdgeConnect-Cache-Status
Countrycode
Ms-Operation-Id
MS-CV
X-RTag
X-Cache-Expired-At
X-HTML-Minification-Powered-By
X-Parallel-Accel
X-Datadome
Frame-Options
X-App-Server
Referer-Policy
Liferay-Portal
X-NYM-Debug-Backend
X-Tumblr-Pixel
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-FW-Version
Backend
X-IPS-LoggedIn
X-COUNTRY
X-Midtier
X-Nginx-Cache
Content-Secure-Policy
X-ProcessESI
X-RemovedCookies
Meta-Geo
X-Cache-Action
X-RN-RSRV
X-Cache-Server
Upgrade-Insecure-Requests
X-Hosted-By
Section-Io-Cache
X-UPSTREAM-Address
X-Redis-Cache
Cache-Tv-Group
X-Cache-Enabled
X-Detected-As
X-Content-Age
X-Generation-Time
X-FB-TRIP-ID
X-No-Session
X-OCL
CF-IPCountry
X-Web-Node
X-UA-Device-Type
X-Ua
X-Region
X-APP-VERSION
X-PCL
X-Sql-Count
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
X-Site-Version
X-Sql-Duration-Ms
TWC-GeoIP-Country
TWC-Device-Class
X-Say-Cacheable
TWC-Connection-Speed
X-Request-Time
Apigw-Requestid
X-Server-W
X-SayCDN-TTL
X-Access
X-Be
X-AOL-HN
X-Akamai-Edgescape
X-Section
X-Unique-Id
Ec-Rule-Version
Webcakes-App-Version
X-Cluster-Node
Webcakes-Region
X-Say-TTL
WP-Super-Cache
X-Format
X-Uri
X-Varnish-Cache-Hits
Locale
X-Nginx-Cache-Key
X-Urbn-Site-Id
X-Urbn-Context-Path
TWC-Privacy
X-PHP-Backend
X-Origin-Hint
X-Origin-Date
X-Storage
Property-Id
X-Via-Fastly
Fastly-SSL
Mn-Server-Ip
X-Mode
X-Human
X-Generated-By
S-Rt
X-Sorting-Hat-PodId
CDN-Cache
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShardId
X-ShopId
Azure-Version
Azure-InstanceId
CDN-CachedAt
Azure-RegionName
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
Eomportal-Instance
Azure-SiteName
Azure-SlotName
CDN-RequestId
CDN-EdgeStorageId
X-ProxyCache-Status
X-PERF
X-Xfnlog-Site
X-Debug-Cache
X-Platform-Server
X-Adobe-Source
X-ProxyCache-Key
X-Ratelimit-Remaining
X-Content-Powered-By
X-Forwarded-Host
X-ApacheServer
X-Cache-Host
X-Alternate-Cache-Key
X-Cache-Tags
X-BYPASS-REASON
X-ServerID
X-PHP-Host
X-Varnishpool
X-Labrador-Cache-Channel
X-Status
X-NewRelic-App-Data
X-Zipkin-Id
X-Locale
X-Tid
X-Proxied
X-Extlb
X-Handled-By
X-JoinUs
X-Routing-Service
X-Cache-Type
X-SaId
X-Backend-Name
X-Hl-Ver
X-Hyper-Cache
X-Timing-Wait
X-LJ-Flow-ID
X-AWS-Id
X-Proxy-Build
X-VWS-Id
Selected-Fe
X-TT-LOGID
X-VC-Cache
ServedBy
X-Cms-Context
Webserver
X-Rule
X-GG-Cache-Date
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Cache-Operation
X-LSADC-Cache
Mime-Version
X-Proto
Fastly-Drupal-Html
X-Cached-By
SRV
X-Dc
Load-Balancing
Web-Mar-Node
X-GeoCode
X-Rewrite-Enabled
X-App-Version
X-GeoCountry
SID
X-CDN-Forward
X-Accel-Buffering
X-Soup
X-GEO
Onion-Location
X-Cache-Remote
Xserver
X-Cdn
X-TA-CDN-Provider
X-Varnish-Hostname
X-Pubstack
Cache-Hits
X-Reqid
Country-Code
X-Buckets
X-Request-Host
X-Cluster
X-Origin-TTL
X-Origin-CC
X-Ratelimit-Limit
X-Varnish-Hits
Decoy-Debug-Status
Server-Info
X-Microcachable
Decoy-Debug-Key
Decoy-Debug-TTL
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Envoy-Decorator-Operation
Xet-Cookie
X-MP-GENERATED-AT
X-SRV
X-CSRF-Token
LB
X-Ms-Request-Id
X-Ms-Version
X-Magnolia-Registration
X-Time
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Amz-Apigw-Id
DB-Nickname
Cache
X-Amzn-RequestId
X-Endurance-Cache-Level
X-B3-SpanId
X-NCache
X-RCS-CacheZone
X-Tx-Id
DynaTrace
X-Geo-Header
X-Ftr-Request-Id
X-Forwarded-Path
BehaviorPad-Version
X-Orig-Expires
A
X-Node-Id
X-Ig-Push-State
X-Hash
Cdncip
X-NAPM-TraceId
X-Gzip
Source
X-HS-Content-Campaign-Id
X-Esi-Check
X-Core-Mission
X-Connection-Hash
NM-Fastcgi-Cache
Mobile-Detection-Method
Meta-Geo-Continent
Surrogated-Key
X-D
MD5-Digest
Odigeo-Trace-Id
X-Conf
X-Cdn-Srv
X-Cache-Id
X-Cache-NE
Rendered-Blocks
X-CF-Lambda-Fn
Sslversion
Pramga
X-CF-Lambda-Version
Lang
X-Cache-Bucket
X-External-Request-Id
T-Server
X-B-Cookie
DCR-Processing-Time-Ms
DCR-Decision-By
X-Fetched-On
Cmsid
Cmstype
Expiry
X-Epic-Correlation-Id
X-Developer
Host-ID
X-Destination
X-Device-Os
X-Ec-Fail
Fastcgi-X-Cache-Version
X-Ec-GeoHdr
Cdnsip
X-Aed
X-S
X-Rojux
X-ScT
X-A-Wwc
X-Application
X-SD-PageType
X-A-Dgt
X-A-Dcw
X-ARC
X-Processor
X-A
X-A-Ccd
X-A-Dam
X-Vtex-Processado-Em
X-Session-Fingerprint
X-Tenant
X-SVT-ORM-VERSION
X-TIM-N
X-TrackingId
X-User
X-Vdms-Path
X-SVT-ORM-RULES
X-Vtex-Remote-Cache
X-Shop-Environment
X-AK-Request-ID
X-Vdms-Version
X-SRCache-Key
X-Bc-Bl
X-S-Cookie
X-IPLB-Request-ID
X-PBS-Appsvrname
X-PAYTM-SRV-ID
Xc-Version
X-VG-WebCache
X-Varnish-Ttl
X-Varnish-Beresp-Grace
X-Via-Ucdn
X-DefElseHash
Thinkindot-Control
X-R9-Blue-Green-Version
Machine
X-Cache-Date
Memcached
Mail-Subject
X-DefHash
State
X-Nyt-Route
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Amzn-Remapped-Content-Length
X-Skip-Cache
X-Developers
Is-Eu
X-NodeID
X-Slack-Backend
X-Worker
X-Wix-Viewer-Type
Release
X-WADP-Cache
X-Origin-Time
Producers
X-V-Cache
X-Variation
X-Varnish-CookieINHashed-On
X-CacheTTL
Server-Host
X-Varnish-CookieHashed-On
X-Origin-Expires
Platform
X-Origin
X-Webstats-RespID
X-Thinkindot-L3
X-Hnp-Log
Origin-CC
Origin-EX
X-TNCMS
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Core-Value
X-Sigma-Backend
Thinkindot-CacheControl
X-JWT-State
X-VServer
X-GeoIP
X-Gen-Mode
X-Rocket-Build-Number
TDXMobile
X-Gdpr
AKAMAI
Adler-Geo
Thinkindot-CacheControl-Type
Cache-Name
Wxu-Next-Commit
Web-Mar-Region
We-Hiring
X-Varnish-Remaining-TTL
X-Planisys-CDN-Rules
Wxu-Next-Hostname
X-Planisys-CDN-Cache
X-Is-Gdpr
Wxu-Next-Region
X-Has-Esi
Fastly-GeoIP-CountryCode
X-LAGOON
User-Cache-Control
X-Loop
X-Cache-Info
Traceparent
X-Server-IP
X-Mvc-Supplant-Cachable
X-Sigma
X-Planisys-CDN-TTL
X-Irp-Debug
Environment
X-Fastly-Cache
CloudFront-Viewer-Country
X-Cache-Backend
X-From
X-Block-Status
X-Fmm-Version
X-SB
X-Scheme
X-Origin-Response-Time
X-Azure-Ref
X-Auto-Login
X-Branch-Name
X-BBC-Edge-Cache-Status
X-Aicache-OS
X-HN
X-Proxy-Upstream
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Proxy-Cache-Info
X-Pool
X-Pod-Name
X-Policy
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-SIPLIST1
X-Sn-Servicetimems
X-VarnishDD-TTL
X-Served-From
X-VG-TLSProxy
X-Request-URI
X-Rocket-Nginx-Serving-Static
X-Platform
X-Viewer-Country
X-Datadog-Trace-Id
X-Eu-Site
X-Forwarded-Site
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
HostName
X-Csrf-Jwt
X-Gamma-Serve
X-Generated-On
X-Location
X-Via-NSCOPI
X-Minions-Version
X-Loc
X-Level-Front-Cache
X-GeoIP-City
X-Httpd
X-Cdn-Origin
X-CGP
HA-Ipaddr
Server-Hostname
Server-Ext
Ha-Gx-Prefs
Sever-Int
Fastly-SWR
Gh-Request-Id
Req-Svc-Chain
Redirect-Candidate
Origin
NGX
N-Cache
L
PFcat
IsBot
Kp-EeAlive
Ssr
Svr
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
CDN
Ohc-File-Size
X-ZONE
X-Xrds-Location
Vix-Hermes-Req-Id
V-Age
Fastcgi-Cache-TTL
Fastly-SIE
DSUID
Cluster
Apple-News-Services-Request-Url
CDCHOST
L5d-Success-Class
X-Newrelic-Synthetics
X-Owner
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Scale
X-WP-CF-Super-Cache-Cache-Control
X-Optimistic-Header
X-WP-CF-Super-Cache
X-Refresh
Arc-Country
X-Srv
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VC
X-CS
X-Ad-Defer-Variation
Datacenter
Candidate-Md5Url
X-Men
Pics-Label
X-BCube-Filmed-By
X-Parent-Response-Time
Locid
X-CACHE-KEY
X-Tb-Optimization-Total-Bytes-Saved
X-Response-By
X-Old-Content-Length
X-Ah-Environment
X-NC
X-EC-Lua
CPC-Cache
Env
CPC-Age
Cache-Key
X-Contensis-Viewer-Groups
X-Cache-ASPX
VNS-Age
VNS-Cache
XM
GEO-INFO
X-SplitTest
X-Tt-Logid
Ms-Author-Via
X-TraceId
X-Cache-Status-Check
X-LB-NoCache
X-Varnish-Authentication
X-Tec-Api-Origin
X-RPM
X-RSL
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Version
X-WA-Info
X-Tec-Api-Root
X-RateLimit-Reset
X-RPS
X-Edge-Pop
X-DI
X-DB
Servername
X-DSS
X-DW
X-Udemy-Cache-App-Namespace
X-Mvc-Supplant-OutputCached
X-Accel-Expires-Debug
X-Amz-Meta-Cb-Modifiedtime
Memory
Fastly-Backend-Name
X-Micro-Cache
X-Date
Time
X-Akamai-Transformed
X-TIME
Lb
X-Via-Poph
X-GeoIP-Country-Code
X-Via-Popn
X-Servedbyhost
Path
X-Via-Popv
X-AIR-PT
X-GeoIP-Region-Code
X-Generated-In
Ohc-Cache-HIT
X-HA-Backend
X-Cache-Debug
GeoIp-Country-Code
X-S-Maxage
ITXSESSIONID
Ngx.Var.Host
Cache-Host
X-API-Version
X-VCL-Version
FSS-Cache
Client
X-DC
X-Api-Version
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Geoip-Latitude
X-Vc
CacheControlHeader
X-Varnish-Beresp-TTL
True-Client-IP
X-VHOST
X-Cs
X-Proxy-CacheRZ
XkeyRZ
True-Client-Country-4JS
X-Trace-ID
Server-ID
X-Clientip
Geo-Info
X-Action
X-TH-Server
Hostname
X-Backend-TTL
X-Presslabs-Stats
X-Zone
X-Fpc
X-FireWall-Port
X-Req
X-Webkit-Csp-Report-Only
Powered-By
Edge-Cache
X-TX-ID
NtCoent-Length
X-Pass-Why
X-B3-Spanid
X-Traceid
My-App
X-PX
X-Dmc
X-MSEdge-Flight
X-Render-Time
X-Provided-By
X-MSEdge-Features
X-INCAP-ABP
Test
X-FPC
X-Origin-Upstream-Status
X-NGINX-Cache
X-Cdn-Request-ID
X-Up
X-CSRF-TOKEN
C-Via
X-Varnish-Beresp-Ttl
X-Correlation-ID
Cf-Int-Pingora-Origin-Digest
X-HS-Status
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Node
X-Beluga-Cache-Status
User-Agent
X-Gateway-Cache-Status
X-Beluga-Status
X-LB-ID
Tube-Return
Tube-Got-Results
X-Gateway-Request-Id
X-Beluga-Trace
X-Gateway-Cache-Key
Tube-Got-Eval
X-DynaTrace-JS-Agent
X-Webkit-CSP-Report-Only
X-Service
X-Gateway-Skip-Cache
Server-Id
Click-Count-Error
Click-Count-Action-Start
Tube-Get-Contents
Rip
X-Vcl-Version
Proxy-Connection
Tcn
Esi-Enabled
OT-Force-Account-Verify
HIT
DataCenter
X-TRACE-ID
X-M-Reqid
On-Server
GeoIP-Latitude
X-LI-UUID
GeoIP-Country-Code
X-M-Log
Srvid
Resin-Trace
X-Alfa-Service
X-Li-Fabric
X-Li-Pop
Uri
X-Qnm-Cache
X-UnsetCookies
X-Via-PopN
X-Via-PopH
X-Ha-Backend
X-URL
X-Via-PopV
X-CLOUD-TRACE-CONTEXT
X-Dynatrace
Sid
X-RAMCache
WZWS-RAY
X-Time-Microsecs
X-ND-Cache
X-ServedByHost
X-MG-S
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Epwk-X-Cache
X-Geo
X-CUA
X-Proxy-Cache-Hk
X-LI-Proto
X-APP
X-CCDN-Origin-Time
Cdn
X-Fetch-By
Srv
X-Cdn-Forward
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
Cf-Device-Type
X-Backend-Host
Target-Params
X-Fragments
X-Fastly-Backend-Reqs
X-ATG-Version
Tracecode
MIME-Version
X-Edge-Origin-Shield-Bytes
X-Esi
X-App
X-Lb-Nocache
ServerName
X-Var-Ttl
X-FC-Vary-Parameters
X-Sucuri-Cache
ENV
X-Sucuri-ID
Fastly-Drupal-HTML
X-B3-Traceid-Primal
WebServer
XServer
Lfy
X-Fastly-Backend
X-Edge-POP
X-HostName
X-Edge-Origin-Shield-Region
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-ElasticPress-Query
X-Varnish-Beresp-Status
CF-Cached-On
Section-Origin-Responded
X-Newrelic-App-Data
M-TraceId
Warning
Inserted-Into-Cache-At
Server-Ttl
PICS-Label
X-Cache-Expires
X-Azure-Ref-OriginShield
X-Yottaa-OS
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Nc
D-Url-Rewrites
X-Backend-State
Magicmarker
X-Li-Proto
X-NU-AKA-ACS-Version
Cf-Ipcountry
X-Serial
X-Vcache
X-Dw-Trace-Id
X-Iplb-Request-Id
X-LiteSpeed-Cache-Control
X-Iplb-Instance
X-CF-Powered-By
X-Request-Url
Servedby
DT-Hot-News
X-Snapshot-Date
X-Storefront-Renderer-Verified
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
X-Request-URL
X-Dist-Code
Dt-Hot-News
True-Client-Ip
X-BBC-Origin-Response-Status
X-Vercel-Id
X-Vercel-Cache
X-Acquia-Site
Ngx
Content-Style-Type
X-Acquia-Purge-Tags
X-Litespeed-Cache-Control
X-Acquia-Application-Trace
X-Back
Content-Script-Type
X-Release
Fastcgi-Cache-Ttl
CountryCode
Cneonction
X-Th-Server
X-Acquia-Application-UUID