Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
X-Cache-Group
Report-To
X-Turbo-Charged-By
Keep-Alive
X-UA-Device
Request-Context
X-Age
X-Backend
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Nginx-Cache-Status
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
NEL
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Ua-Compatible
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
Accept-CH
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Cache-Lookup
Accept-CH-Lifetime
X-Trace
X-Url
Allow
X-Ac
X-Content-Type
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-Aws-Lambda-Call-Status
Edge-Control
X-Varnish-TTL
X-Server-Name
X-Mod-Pagespeed
X-ESI
Fastly-Restarts
Cache-Tag
X-VARITI-CCR
X-Rack-Cache
Service-Worker-Allowed
Verso
X-Element-Page-Cache
MS-Author-Via
X-Upstream
X-FastCGI-Cache
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-GitHub-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-D2id
X-Abt-Application-Version
X-Client-IP
X-Cnection
X-Px
RTSS
X-Cache-TTL
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-Goog-Hash
X-NF-Request-ID
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
AR-SID
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Powered-CMS
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Version
X-Origin-Cache
X-Middleton-Response
Response
X-TTL
X-LLID
X-MSEdge-Ref
X-Amz-Server-Side-Encryption
X-Kinsta-Cache
X-Edge-Location-Klb
TCN
Nginx-Cache
X-RateLimit-Remaining
X-Edge
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Protected-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-CST
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Forwarded-For
X-T
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Aspnetmvc-Version
X-Id
X-Mg-S
Accept-Ch
Edge-Cache-Tag
S
X-Language
Content-MD5
X-Ruxit-Js-Agent
SPRequestDuration
SPIisLatency
Front-End-Https
Fastcgi-Cache
X-Mid
Realpath
Filters
X-Pinterest-Rid
Pinterest-Generated-By
Server-Node
Pinterest-Version
X-Recruiting
X-Frontend
X-DynaTrace
X-Request-Processing-Time
X-Request-Received
Server-Name
X-Ab
X-Content
X-Ua-Browser
X-Cache-Key
X-MCACHE
X-Ser
X-Correlation-Id
X-Ttl
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-NWS-LOG-UUID
X-HS-Combine-CSS
X-Template
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-ECACHE
X-Hits
X-Parallel-Accel
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Server-ID
Cache-Tags
X-Page-Id
Charset
Cleartype
X-B3-Sampled
Host
Alternate-Protocol
X-Git-Hash
X-Www-Served-By
X-Geo-Country
X-Content-Options
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-Debug-Info
Fusion-Deployment-Id
Fusion-Source
X-Daa-Tunnel
X-DIS-Request-ID
X-Hostname
X-Content-Digest
X-Amzn-Trace-Id
X-Amz-Replication-Status
Cross-Origin-Opener-Policy
Filterid
X-Ratelimit-Limit
X-Varnish-Age
X-AppVersion
X-FB-Debug
X-Activity-Id
X-Az
X-Upgrade-Enabled
X-Grace
X-F-Cache
X-VCache
ServerID
X-Nginx-Upstream-Cache-Status
X-Accel-Expires
X-N
X-Forwarded-Proto
X-Mobile-URL
X-Rid
Access-Control-Allow-Method
X-Origin-Server
X-Providence-Cookie
X-Flags
X-Request-Guid
X-Fastly-Request-ID
X-Is-Crawler
X-Route-Name
X-Aspnet-Duration-Ms
X-TT
X-LB-Cache
X-Whom
X-DataDome
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
Viewport
X-Type
X-Seen-By
X-Varnish-Grace
X-App-Environment
X-Goog-Metageneration
Payment
X-WebKit-CSP-Report-Only
X-Tb
X-User-Agent
Node
X-Distributor
X-Fastcgi-Cache
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Dynamic
X-FW-Server
TP-Cache
TP-L2-Cache
DC
Paypal-Debug-Id
X-Oneagent-Js-Injection
X-Fastly-Request-Id
X-Wix-Request-Id
X-App-Server
X-XRDS-LOCATION
Fastcgi-Useragent
Accept-Charset
Country
X-Litespeed-Cache
X-Cache-Control
X-Cache-Rule
X-NGENIX-Cache
X-Webkit-Csp
Version
X-Via-JSL
X-Ratelimit-Reset
X-Origin-Upstream-Status
X-Drupal-Cache-Tags
X-Microsite
X-Cluster-Name
X-Buckets
X-Request-Handler-Origin-Region
Referer-Policy
X-Oracle-Dms-Ecid
X-Cache-Age
X-Contextid
X-Oracle-Dms-Rid
X-Logged-In
X-B-Cache
X-Signature
X-Tec-Api-Version
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Origin
X-Tec-Api-Root
Cache-Status
X-Node-Name
Refresh
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
VIX-Pulpo-Upstream-Status
X-Response-Served-From
VIX-Pulpo-Node
X-Original-Request-Id
X-Mobile
SD-X-WS
X-Vgn-Hpd-Reason
X-Is-Bot
X-Rendered-As
X-Cache-Expired-At
X-Load-Cache
X-Real-IP
X-Page-View
X-Varnish-Backend
X-Proxy-Cache-Status
X-Cacheable-TTL
NGB
X-Revision
X-Jobs
Access-Control-Request-Headers
X-B
X-Device-Type
X-RemovedCookies
X-Yottaa-Metrics
X-Cache-Action
X-IPLB-Instance
X-Yottaa-Optimizations
X-Rule
X-Debug
X-ProcessESI
X-UUID
X-Drupal-Cache-Contexts
X-Proxy
X-Instance
Surrogate-Key
X-Framework
X-Debug-IsPreview
X-Debug-IsConnected
X-G
X-Cache-Time
Akamai-GRN
X-FW-Version
CF-IPCountry
SID
X-Accel-Buffering
GEO-INFO
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-TEC-API-ROOT
DynaTrace
X-TEC-API-VERSION
X-Cache-NGX
X-TEC-API-ORIGIN
X-PressLabs-Stats
Count-Hit
X-Nginx-Cache
Uber-Trace-Id
X-Azure-Ref
X-Cache-Operation
X-Source
X-Presslabs-Stats
Liferay-Portal
X-Ms-Version
X-Ms-Request-Id
X-RateLimit-Limit
X-XRDS-Location
X-Zen-Fury
Frame-Options
X-APP-VERSION
Ms-Operation-Id
X-RTag
X-CDN-Forward
MS-CV
X-EdgeConnect-Cache-Status
Protected
X-Cache-Hit
Healthy
X-Mode
X-IPS-LoggedIn
X-Environment-Context
Countrycode
X-Backend-Name
Ec-Rule-Version
Cross-Origin-Window-Policy
Xserver
X-L-Path
X-Cache-TTL-Remaining
WPO-Cache-Status
X-Varnish-Server
X-Servername
X-Hyper-Cache
WPO-Cache-Message
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Ratelimit-Remaining
X-Tumblr-Pixel-0
X-Adobe-Loc
Backend
X-Adobe-Content
LB
X-JoinUs
X-Rewrite-Enabled
X-SaId
X-Region
Meta-Geo
X-UPSTREAM-Address
X-Tid
X-Detected-As
X-Content-Age
X-RN-RSRV
Eomportal-Instance
Decoy-Debug-TTL
Country-Code
Apigw-Requestid
Decoy-Debug-Status
Decoy-Debug-Key
X-Alternate-Cache-Key
Content-Disposition
X-Extlb
X-Hosted-By
X-Debug-Cache
X-Forwarded-Host
X-Cache-Grace
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-Redis-Cache
X-Sql-Duration-Ms
X-Uri
X-ShardId
X-ShopId
X-Shopify-Stage
X-Sql-Count
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
CDN-Cache
CDN-CachedAt
Mn-Server-Ip
X-Varnish-Beresp-Grace
X-ServerID
X-ApacheServer
CDN-EdgeStorageId
X-Status
X-Human
X-Site-Version
CDN-RequestId
CDN-RequestCountryCode
CDN-Uid
CDN-PullZone
Fastly-SSL
X-Cache-Server
Url
X-PHP-Backend
Cache-Name
X-Origin-Date
X-Format
X-PERF
X-FB-TRIP-ID
X-No-Session
X-NCache
X-Microcachable
X-PCL
X-OCL
X-Via-Fastly
X-Storage
X-Pubstack
X-Proxy-Build
X-ProxyCache-Status
X-ProxyCache-Key
X-Web-Node
X-Say-TTL
X-Say-Cacheable
X-BYPASS-REASON
X-Cache-Host
X-Cache-Type
X-Content-Powered-By
X-Access
X-Akamai-Edgescape
X-Section
Cache-Tv-Group
X-UA-Device-Type
X-SayCDN-TTL
X-Generated-By
X-Timing-Wait
Selected-Fe
Section-Io-Cache
X-Trace-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
X-Hl-Ver
Property-Id
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
X-Cluster-Node
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Generation-Time
X-Server-W
X-R9-Blue-Green-Version
X-NYM-Debug-Backend
X-Varnishpool
X-Soup
X-Be
Content-Secure-Policy
Azure-SiteName
X-LSADC-Cache
X-Webkit-CSP
Azure-Version
Azure-SlotName
Azure-RegionName
Retry-After
Azure-InstanceId
DB-Nickname
X-TIME
X-NewRelic-App-Data
X-Nginx-Cache-Key
X-Ua
OT-Force-Account-Verify
X-Cached-By
X-Cache-Remote
X-Unique-Id
X-Azure-Ref-OriginShield
X-Bc-Bl
X-TT-LOGID
Source
X-Platform-Server
X-Dc
Cache
X-Akamai-Transformed
X-GEO
X-Xfnlog-Site
SRV
X-Auto-Login
X-LAGOON
Upgrade-Insecure-Requests
X-Cdn
ServedBy
X-Cache-Tags
Mime-Version
X-Origin-CC
X-Origin-TTL
HostName
From-Origin
X-Varnish-Hits
Cache-Hits
X-SRV
X-Varnish-Hostname
X-TNCMS
X-App-Version
X-EC-Lua
X-Loop
X-HTML-Minification-Powered-By
X-Varnish-Cache-Hits
X-Request-Time
X-CSRF-Token
X-AOL-HN
X-Time
X-S-Maxage
X-Request-Host
WP-Super-Cache
Xet-Cookie
X-NWS-UUID-VERIFY
Onion-Location
Webserver
X-ECache
X-Xrds-Location
Web-Mar-Node
X-Cache-Enabled
N-Cache
X-Proto
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Endurance-Cache-Level
X-B3-SpanId
X-Correlation-ID
Nel
X-Tenant
X-Handled-By
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-FireWall-Port
X-Origin-Response-Time
X-Vtex-Remote-Cache
Expiry
V-Age
User-Cache-Control
Xc-Version
DCR-Processing-Time-Ms
X-VG-WebCache
X-Reqid
X-Adobe-Source
Fastcgi-X-Cache-Version
DCR-Decision-By
X-RCS-CacheZone
Pramga
Odigeo-Trace-Id
BehaviorPad-Version
Meta-Geo-Continent
Redirect-Candidate
X-Vtex-Processado-Em
A
Surrogated-Key
Sslversion
Rendered-Blocks
Mobile-Detection-Method
X-Vdms-Version
X-Ig-Push-State
X-Hnp-Log
X-NAPM-TraceId
X-ND-Cache
X-Orig-Expires
X-GG-Cache-Date
X-Gen-Mode
X-Epic-Correlation-Id
X-External-Request-Id
X-Forwarded-Path
X-Ftr-Request-Id
X-Slack-Backend
X-PAYTM-SRV-ID
X-Rojux
X-Processor
X-SD-PageType
X-S
X-ScT
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Shop-Environment
X-Session-Fingerprint
X-Developer
X-SRCache-Key
X-Application
X-Aed
X-ARC
X-S-Cookie
X-B-Cookie
X-A-Wwc
X-A-Dgt
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Block-Status
X-Cache-NE
X-Connection-Hash
X-D
X-TIM-N
X-Destination
X-Conf
X-V-Cache
X-CF-Lambda-Fn
X-Ckpd-Fst-Backend
X-Vdms-Path
X-Cluster
Vix-Hermes-Req-Id
X-CF-Lambda-Version
S-Rt
X-Time-Microsecs
X-Mg-Request-UUID
X-Magnolia-Registration
X-Edge-Location
X-Date
X-Cache-Info
X-Cache-Date
X-Fastly-Cache
X-Cache-Bucket
X-Forwarded-Site
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Geo-Header
X-Backend-TTL
X-Accel-Expires-Debug
Wxu-Next-Commit
True-Client-Country-4JS
Svr
State
Wxu-Next-Hostname
Host-ID
Origin
X-Hash
Wxu-Next-Region
X-Aicache-OS
X-Li-Pop
X-Sucuri-ID
X-Sucuri-Cache
X-Http-Reason
X-Server-IP
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Origin-Expires
X-Webstats-RespID
X-Viewer-Country
X-VG-TLSProxy
X-Scheme
X-Akamai-Request-ID2
X-Mvc-Supplant-Cachable
X-Men
X-LI-UUID
X-Varnish-Ttl
X-NodeID
X-Old-Content-Length
X-Rocket-Nginx-Serving-Static
X-Proxy-Upstream
X-Policy
X-Origin
X-Li-Fabric
X-Request-URI
Apple-News-Services-Host
Apple-News-Services-Handled
Cmsid
CDCHOST
Arc-Country
Cmstype
DSUID
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-PHP-Host
X-Labrador-Cache-Channel
X-Via-NSCOPI
Environment
CloudFront-Viewer-Country
X-Cache-Var
X-MP-GENERATED-AT
X-Cache-Var-Map
Server-Info
X-Gdpr
X-Generated-On
X-Irp-Debug
X-HN
X-Gzip
X-Level-Front-Cache
X-Gamma-Serve
X-HS-Content-Campaign-Id
X-Envoy-Decorator-Operation
AKAMAI
X-Cdn-Srv
X-Cache-Id
X-Cache-Debug
X-BBC-Edge-Cache-Status
X-Branch-Name
X-CGP
X-Core-Value
X-Locale
X-Esi-Check
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Eu-Site
X-Owner
Origin-EX
Traceparent
X-Core-Mission
Origin-CC
Locid
X-Varnish-Beresp-Status
X-VarnishDD-TTL
X-Device-Os
X-Fetched-On
X-Fastly-Backend
X-Sn-Servicetimems
X-Cdn-Origin
X-VServer
X-GeoIP
X-GeoIP-City
X-UnsetCookies
X-TrackingId
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Region-Sid
X-Platform
X-Backend-State
X-Nyt-Route
X-Origin-Time
X-Req
X-Rocket-Build-Number
X-Skip-Cache
X-Storefront-Renderer-Rendered
X-Sigma-Backend
X-Sigma
Fastly-Drupal-Html
X-Served-From
X-Location
X-TH-Server
Fastly-GeoIP-CountryCode
Fastcgi-Cache-TTL
Ha-Gx-Prefs
HA-Ipaddr
L
Server-Host
Ssr
X-Varnish-Beresp-Ttl
We-Hiring
Web-Mar-Region
CacheControlHeader
Req-Svc-Chain
Gh-Request-Id
L5d-Success-Class
Machine
Magicmarker
Release
PFcat
Mail-Subject
X-Amz-Apigw-Id
X-Amzn-RequestId
NM-Fastcgi-Cache
X-DefElseHash
X-DefHash
X-Tx-Id
X-Loc
X-NU-AKA-ACS-Version
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
NGX
Memcached
Fastly-SIE
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-ATG-Version
X-Qloud-Router
Fastly-SWR
Adler-Geo
X-Thinkindot-L3
X-Node-Id
Is-Eu
Platform
X-Rebelmouse-Surrogate-Control
X-Variation
X-Rebelmouse-Cache-Control
X-Response-By
X-Worker
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Developers
X-Trace-ID
X-Ua-Device
X-Is-Gdpr
X-JWT-State
Kp-EeAlive
X-Pod-Name
X-Restarts
AMP-Access-Control-Allow-Source-Origin
X-Request-Start
X-CS
X-Amzn-Remapped-Content-Length
X-VC-Cache
Cf-Device-Type
X-Has-Esi
X-Zone
X-Action
X-DI
X-DSS
X-Bip
X-Thanos
Edge-Cache
X-Cache-Backend
X-Wix-Viewer-Type
X-RSL
X-Up
X-DW
X-RPM
X-RPS
CDN
X-DB
X-M-Log
X-LB-ID
X-Qnm-Cache
X-Mvc-Supplant-OutputCached
X-M-Reqid
Accept-Language
Pics-Label
X-TraceId
X-Generated-In
Ms-Author-Via
X-NC
X-LB-NoCache
X-API-Version
X-Tb-Optimization-Total-Bytes-Saved
X-CacheTTL
Env
X-Cache-Config
Memory
Time
X-Optimistic-Header
X-Minions-Version
X-Srv
X-Refresh
X-Via-Poph
X-DC
X-Via-Popv
X-Via-Popn
WebServer
X-Urbn-Context-Path
Datacenter
X-Urbn-Site-Id
X-Tt-Logid
Locale
X-HA-Backend
X-Edge-Pop
X-Cache-Ttl
GeoIp-Country-Code
NtCoent-Length
X-CACHE-KEY
Candidate-Md5Url
X-ZONE
X-Datadome
X-User
X-Servedbyhost
X-Esi
X-Ec-Fail
X-Ec-GeoHdr
X-TA-CDN-Provider
Server-ID
X-Parent-Response-Time
X-DynaTrace-JS-Agent
X-MSEdge-Flight
X-MSEdge-Features
X-Vc
On-Server
WWW-Authenticate
X-Cs
X-CLOUD-TRACE-CONTEXT
Esi-Enabled
X-TX-ID
X-AK-Request-ID
X-Varnish-Beresp-TTL
X-VCL-Version
Cdncip
Cdnsip
X-Unique-ID
X-Webkit-CSP-Report-Only
X-WADP-Cache
My-App
Cluster
X-Fmm-Version
X-Cache-PHP
X-App
X-Traceid
X-Fpc
X-Service
X-LI-Proto
X-Clara-WADP
C-Via
X-URL
Geoip-Latitude
X-Li-Proto
X-Var-Ttl
X-Newrelic-Synthetics
X-Webkit-Csp-Report-Only
X-CUA
Tracecode
X-Dynatrace
X-Pass-Why
T-Server
Test
X-FPC
Lfy
X-From
X-B3-Spanid
Cf-Int-Pingora-Origin-Digest
X-NODE
Proxy-Connection
Fastly-Drupal-HTML
X-Cache-Status-Check
X-Vcl-Version
X-Render-Time
DataCenter
X-Fragments
Lang
X-VC
X-Mcache
Geo-Info
X-LiteSpeed-Cache-Control
Target-Params
M-TraceId
Resin-Trace
X-WP-CF-Super-Cache-Cache-Control
Server-Id
X-WP-CF-Super-Cache
X-CSRF-TOKEN
X-ID
GeoIP-Country-Code
X-RAMCache
X-Ha-Backend
Hostname
X-Provided-By
MIME-Version
Hit
X-Httpd
X-Proxy-Cache-Info
Permissions-Policy
X-Clientip
X-ServedByHost
X-Dynatrace-Js-Agent
X-Geo
X-Api-Version
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
Servername
HIT
WZWS-RAY
X-Cdn-Forward
X-Edge-POP
X-Oss-Storage-Class
X-RateLimit-Reset
X-Via-PopN
X-Via-PopV
X-Oss-Hash-Crc64ecma
UCS
X-LiteSpeed-Tag
X-Pad
X-Via-PopH
Producers
Cache-Host
X-Info
X-AIR-PT
Section-Io-Id
X-NGINX-Cache
X-Fastly-Backend-Reqs
ENV
X-Edge-Cache
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-SB
S-Cnection
FSS-Cache
X-Udemy-Cache-App-Namespace
X-ElasticPress-Query
Ohc-File-Size
X-Platform-Cluster
X-Check-Cacheable
X-Pool
X-Platform-Processor
X-Platform-Router
X-Ucs
X-Acquia-Site
X-Lb-Nocache
X-Cache-CFC
X-Ec-Custom-Error
X-Scale
ServerName
PICS-Label
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Uri
X-UP
Fastly-Backend-Name
X-BBC-Origin-Response-Status
X-HS-Status
User-Agent
URI
X-GoCache-CacheStatus
X-Micro-Cache
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Backend-Host
Cneonction
X-Release
Load-Balancing
Server-Ttl
Tcn
Cteonnt-Length
IsBot
X-ServerName
X-Nc
X-Cache-Expires
X-Cdn-Request-ID
MD5-Digest
X-SIPLIST1
X-Lb-Id
X-Fastly-Cache-Hits
Sever-Int
X-Dispatcher-Number
X-Swift-Error
Server-Ext
Server-Hostname
X-Dw-Trace-Id
X-UA
X-Via-Ucdn
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-APP
X-Cache-ASPX
Shield-Pop
X-BCube-Filmed-By
X-Contensis-Viewer-Groups
Cf-Ipcountry
X-TRACE-ID
X-Newrelic-App-Data
Wpo-Cache-Status
Wpo-Cache-Message
CF-Cached-On
X-B3-ParentSpanId
X-Yottaa-OS
EpKe-Alive
X-Snapshot-Date
X-Vcache
Vha6-Origin
Sid
X-Air-Pt
Cdn
X-Cache-Ngx
X-HostName
GeoIP-Latitude
X-CacheKey
X-Logging-Id
X-Fetch-By
X-B3-Parentspanid
X-Cms-Context
X-Akamai-Pragma-Client-IP
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Sentry-ID
Req-ID
X-Apw-Access-Object
X-Http-Duration-Ms
X-Last-Modified
X-Te-Count
X-Te-Duration-Ms
Path
CountryCode
X-Http-Count
X-Varnish-Authentication
X-Apw-Hits
Ngx
X-Apw-Access-Token
Ohc-Cache-HIT
X-Apw-Access-Action
X-Akamai-Request-ID
X-Shopify-Generated-Cart-Token