Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Request-Id
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
Report-To
X-Cache-Status
NEL
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
X-Envoy-Upstream-Service-Time
Status
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Turbo-Charged-By
X-Cache-Group
X-UA-Device
Keep-Alive
P3p
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-AH-Environment
X-Server-Powered-By
X-Robots-Tag
X-Hacker
X-Server
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-WebKit-CSP
X-Nginx-Cache-Status
X-LiteSpeed-Cache
X-Page-Speed
X-Request-ID
EagleEye-TraceId
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dispatcher
X-Device
Accept-CH
X-Cache-Spec
X-Host
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
X-Dns-Prefetch-Control
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-Ruxit-JS-Agent
X-B3-TraceId
X-Cache-Lookup
Allow
X-Cloud-Trace-Context
X-Url
X-Trace
X-Aws-Lambda-Call-Status
Accept-Ch-Lifetime
X-PC
X-Vname
X-TtlSet
X-Content-Type
X-Ac
X-Server-Name
X-Clacks-Overhead
Fastly-Restarts
Edge-Control
X-Varnish-TTL
X-ESI
Cache-Tag
X-Mod-Pagespeed
X-Rack-Cache
X-VARITI-CCR
Service-Worker-Allowed
MS-Author-Via
X-Element-Page-Cache
Verso
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
Public-Key-Pins
X-Upstream
X-GitHub-Request-Id
X-Dw-Request-Base-Id
RTSS
X-CST
X-Cnection
X-Abt-Application-Version
X-Client-IP
X-FastCGI-Cache
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Cache-TTL
X-D2id
X-Px
X-Cached
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Country-Code
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-TTL
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
AR-SID
AR-PoweredBy
AR-CACHE
AR-Request-ID
AR-ATIME
X-RateLimit-Remaining
X-Version
X-Middleton-Response
Response
X-Powered-CMS
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-LLID
X-MSEdge-Ref
Nginx-Cache
X-Kinsta-Cache
X-Edge-Location-Klb
X-Amz-Server-Side-Encryption
X-Origin-Cache
TCN
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Edge
X-Protected-By
X-T
X-Language
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-HP-Webp
X-Jurisdiction
Edge-Cache-Tag
X-Shield-Request-Id
X-HP-Trace-Id
X-Aspnetmvc-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-Id
SPIisLatency
SPRequestDuration
S
Content-MD5
X-Ser
Front-End-Https
Pinterest-Version
X-Pinterest-Rid
X-Correlation-Id
Pinterest-Generated-By
Fastcgi-Cache
X-Cache-Key
X-NWS-LOG-UUID
X-Template
X-Mid
Realpath
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Server-Node
X-Frontend
Filters
X-Content
X-Ab
X-Ua-Browser
X-Yandex-Sdch-Disable
X-HS-Content-Id
Server-Name
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-MCACHE
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-Hits
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Daa-Tunnel
X-Server-ID
X-Parallel-Accel
X-Ttl
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Debug-Info
Cache-Tags
Accept-Ch
Cleartype
X-Page-Id
X-B3-Sampled
Charset
X-Litespeed-Cache
X-DataDome
Host
X-ECACHE
X-Git-Hash
X-Geo-Country
X-DIS-Request-ID
X-Www-Served-By
Cross-Origin-Opener-Policy
X-Ratelimit-Limit
X-Content-Digest
X-Content-Options
X-Amzn-Trace-Id
X-ASPNET-VERSION
X-Hostname
X-Grace
ServerID
X-F-Cache
Alternate-Protocol
X-Amz-Replication-Status
Filterid
X-Accel-Expires
X-Upgrade-Enabled
X-Fastcgi-Cache
X-FB-Debug
X-N
X-Varnish-Age
X-Az
X-AppVersion
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Activity-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
X-VCache
X-Forwarded-Proto
X-WebKit-CSP-Report-Only
X-Nginx-Upstream-Cache-Status
X-Mobile-URL
X-Distributor
X-LB-Cache
X-Fastly-Request-Id
X-XRDS-LOCATION
X-Seen-By
X-Rid
X-Origin-Server
X-Tb
X-Type
X-App-Environment
Viewport
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-GUploader-UploadID
X-Providence-Cookie
X-FW-Type
X-Goog-Stored-Content-Length
X-Is-Crawler
X-Goog-Stored-Content-Encoding
X-Wix-Request-Id
X-Whom
X-FW-Static
X-Flags
X-Request-Guid
X-TT
X-Goog-Metageneration
X-Route-Name
X-Aspnet-Duration-Ms
X-Goog-Storage-Class
X-Goog-Generation
Access-Control-Allow-Method
X-User-Agent
Payment
Accept-Charset
Country
Fastcgi-Useragent
Paypal-Debug-Id
X-Ratelimit-Reset
X-Varnish-Grace
Node
DC
TP-L2-Cache
TP-Cache
X-Fastly-Request-ID
X-Via-JSL
X-App-Server
X-Cluster-Name
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cache-Rule
X-Drupal-Cache-Tags
X-Webkit-Csp
X-Cache-Control
X-Signature
X-Buckets
X-B-Cache
X-Contextid
Cache-Status
Version
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Age
X-NGENIX-Cache
Amp-Access-Control-Allow-Source-Origin
X-Node-Name
Referer-Policy
Refresh
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Varnish-Backend
X-TEC-API-VERSION
X-Load-Cache
X-TEC-API-ORIGIN
X-Response-Served-From
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Mobile
X-Logged-In
NGB
X-Original-Request-Id
VIX-Pulpo-Node
X-TEC-API-ROOT
X-Proxy-Cache-Status
X-IPLB-Instance
X-Rendered-As
X-Revision
X-Is-Bot
X-Jobs
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Vgn-Hpd-Reason
X-Real-IP
X-Cache-Expired-At
X-Yottaa-Optimizations
X-Debug
X-Cache-Action
X-Page-View
X-Drupal-Cache-Contexts
Surrogate-Key
X-B
X-Yottaa-Metrics
X-Cacheable-TTL
Access-Control-Request-Headers
Akamai-GRN
X-Instance
X-FW-Version
X-Proxy
X-Framework
X-Device-Type
X-Rule
X-UUID
X-Debug-IsPreview
X-Debug-IsConnected
X-Accel-Buffering
X-Cache-Time
X-G
CF-IPCountry
X-RemovedCookies
X-ProcessESI
X-Cache-NGX
X-Origin-Upstream-Status
X-RateLimit-Limit
GEO-INFO
SID
X-Presslabs-Stats
Count-Hit
Uber-Trace-Id
Protected
X-Nginx-Cache
X-Oneagent-Js-Injection
X-Cache-Operation
X-APP-VERSION
X-Source
X-Zen-Fury
X-EdgeConnect-Cache-Status
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-XRDS-Location
X-Hyper-Cache
WPO-Cache-Status
WPO-Cache-Message
X-Cache-TTL-Remaining
X-Servername
X-Ms-Request-Id
X-Ms-Version
Liferay-Portal
X-Cache-Hit
X-PressLabs-Stats
DynaTrace
X-Azure-Ref
Ec-Rule-Version
X-Trace-Id
Retry-After
Content-Disposition
X-Adobe-Loc
X-IPS-LoggedIn
X-Adobe-Content
X-RTag
Backend
Ms-Operation-Id
MS-CV
Healthy
X-CDN-Forward
Frame-Options
X-Cache-Grace
X-Mode
Cross-Origin-Window-Policy
X-Backend-Name
Url
Countrycode
X-Ratelimit-Remaining
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Unique-Id
X-Tumblr-Pixel-0
X-RN-RSRV
Meta-Geo
X-Rewrite-Enabled
X-UPSTREAM-Address
X-NewRelic-App-Data
X-Tid
X-Detected-As
X-Redis-Cache
X-Uri
Xserver
X-Environment-Context
X-L-Path
Country-Code
X-Format
Decoy-Debug-Key
X-Sql-Count
X-Debug-Cache
X-Generated-By
Apigw-Requestid
X-Proxied
X-Content-Age
X-Shopify-Stage
X-FB-TRIP-ID
Eomportal-Instance
X-ShardId
X-Cache-Server
Decoy-Debug-Status
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Varnish-Server
X-Sql-Duration-Ms
X-Routing-Service
X-Zipkin-Id
X-Generation-Time
X-Extlb
X-Alternate-Cache-Key
X-Hosted-By
Decoy-Debug-TTL
X-ShopId
X-NCache
X-No-Session
X-NYM-Debug-Backend
X-Nginx-Cache-Key
X-Forwarded-Host
X-Microcachable
X-Human
CDN-RequestId
Cache-Name
CDN-RequestCountryCode
X-ApacheServer
CDN-EdgeStorageId
X-Akamai-Edgescape
Mn-Server-Ip
CDN-Uid
CDN-CachedAt
CDN-PullZone
X-Access
CDN-Cache
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Web-Node
X-OCL
X-UA-Device-Type
X-Via-Fastly
Webcakes-Region
Webcakes-App-Version
Azure-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
TWC-Connection-Speed
X-Cache-Host
X-Cluster-Node
Content-Secure-Policy
X-Server-W
X-Pubstack
X-PHP-Backend
X-PERF
X-Origin-Date
X-PCL
X-Origin-Hint
X-Region
X-ServerID
X-Site-Version
X-Status
X-Section
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
TWC-Privacy
X-Cache-Type
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Storage
X-Timing-Wait
Selected-Fe
X-Content-Powered-By
X-BYPASS-REASON
X-Be
Cache-Tv-Group
LB
X-Cache-Remote
Fastly-SSL
X-TIME
X-Varnishpool
X-Hl-Ver
X-SaId
X-Soup
X-JoinUs
X-Varnish-Beresp-Grace
X-Ua
Section-Io-Cache
X-R9-Blue-Green-Version
X-LSADC-Cache
X-Platform-Server
X-Cached-By
DB-Nickname
X-Bc-Bl
X-Cache-Tags
X-NWS-UUID-VERIFY
X-Akamai-Transformed
From-Origin
X-Xfnlog-Site
Mime-Version
Upgrade-Insecure-Requests
Xet-Cookie
ServedBy
OT-Force-Account-Verify
Cache
X-AOL-HN
X-Dc
X-TT-LOGID
X-GEO
X-Varnish-Cache-Hits
X-Akamai-Request-ID2
X-ECache
X-Auto-Login
X-Request-Time
X-Http-Reason
S-Rt
X-Origin-TTL
X-Cdn
Source
X-Origin-CC
HostName
WP-Super-Cache
X-Request-Host
SRV
X-Azure-Ref-OriginShield
X-Cache-Enabled
X-LAGOON
X-CSRF-Token
X-Handled-By
X-Varnish-Hits
Cache-Hits
X-TNCMS
X-Loop
X-Varnish-Hostname
Accept-Language
X-S-Maxage
Server-Info
X-Adobe-Source
X-Reqid
Onion-Location
X-Mg-Request-UUID
Webserver
X-SRV
X-FireWall-Port
X-HTML-Minification-Powered-By
X-RCS-CacheZone
X-Endurance-Cache-Level
Web-Mar-Node
X-Amz-Meta-S3cmd-Attrs
Nel
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-GG-Cache-Date
Fastly-Drupal-Html
X-B3-SpanId
X-Locale
X-Origin-Response-Time
X-Magnolia-Registration
X-Time
X-EC-Lua
DCR-Decision-By
X-Men
BehaviorPad-Version
X-Hnp-Log
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
A
Expiry
X-Ig-Push-State
X-Labrador-Cache-Channel
X-Orig-Expires
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-PBS-Appsvrname
N-Cache
X-ND-Cache
X-PAYTM-SRV-ID
X-Planisys-CDN-TTL
X-Ckpd-Fst-Backend
X-PHP-Host
X-Ftr-Request-Id
X-Destination
X-Application
X-ARC
X-B-Cookie
X-Aed
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Backend-TTL
X-Block-Status
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cluster
X-Conf
X-Connection-Hash
X-D
X-Cache-Bucket
X-Cache-NE
X-A-Ccd
X-A
X-Processor
X-Forwarded-Site
Pramga
Odigeo-Trace-Id
X-Gen-Mode
X-GeoIP-Country-Code
Meta-Geo-Continent
Mobile-Detection-Method
X-Forwarded-Path
Rendered-Blocks
V-Age
Vix-Hermes-Req-Id
X-Developer
User-Cache-Control
X-Epic-Correlation-Id
X-External-Request-Id
Sslversion
Surrogated-Key
X-GeoIP-Region-Code
X-NAPM-TraceId
X-Slack-Backend
X-S
X-SRCache-Key
Xc-Version
X-V-Cache
X-Vdms-Version
X-Vdms-Path
X-S-Cookie
X-ScT
X-SD-PageType
X-Webstats-RespID
X-Session-Fingerprint
X-Shop-Environment
X-Tenant
X-Rojux
X-Viewer-Country
X-VG-WebCache
X-Vtex-Remote-Cache
X-TIM-N
X-Vtex-Processado-Em
X-Proxy-Upstream
X-Geo-Header
X-Aicache-OS
Wxu-Next-Hostname
X-Policy
Machine
Wxu-Next-Region
X-Device-Os
X-Varnish-Ttl
X-Irp-Debug
X-DB
X-AWS-Id
Gh-Request-Id
X-Server-IP
X-Hash
Host-ID
X-HS-Content-Campaign-Id
X-Gzip
X-Gdpr
X-SVT-ORM-VERSION
Traceparent
True-Client-Country-4JS
X-Fastly-Cache
X-DSS
X-DW
Svr
X-App-Version
State
X-Esi-Check
X-SVT-ORM-RULES
X-Fetched-On
X-Action
Origin-EX
Origin-CC
Origin
Web-Mar-Region
X-Sn-Servicetimems
X-Accel-Expires-Debug
X-DI
Fastly-GeoIP-CountryCode
X-TH-Server
Fastcgi-Cache-TTL
X-Nyt-Route
X-NodeID
X-Old-Content-Length
X-Cache-Backend
X-Restarts
X-Node-Id
X-Rocket-Nginx-Serving-Static
X-Mvc-Supplant-Cachable
X-RSL
X-VWS-Id
X-RPM
X-Origin
X-Origin-Expires
X-Core-Mission
X-VG-TLSProxy
X-Proto
X-Cdn-Origin
X-Cdn-Srv
X-Cache-Info
X-Cache-Id
X-Origin-Time
X-Cache-Date
X-Request-URI
X-Req
AKAMAI
X-RPS
Cmsid
Apple-News-Services-Handled
CDCHOST
X-Location
Cmstype
X-Scheme
Wxu-Next-Commit
X-Date
DSUID
CacheControlHeader
X-LJ-Flow-ID
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Arc-Country
X-Via-NSCOPI
X-Tx-Id
Environment
X-Worker
X-VarnishDD-TTL
X-Time-Microsecs
X-Variation
X-Csrf-Jwt
X-DefHash
X-TrackingId
X-Varnish-Remaining-TTL
X-Core-Value
X-Varnish-CookieHashed-On
X-UnsetCookies
X-DefElseHash
X-Varnish-CookieINHashed-On
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Sigma-Backend
X-Rocket-Build-Number
X-Response-By
X-Pod-Name
X-Owner
X-VServer
X-MP-GENERATED-AT
X-Li-Pop
X-LI-UUID
X-Loc
X-Wix-Viewer-Type
X-Region-Sid
X-Qloud-Router
X-Platform
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Amz-Apigw-Id
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Li-Fabric
X-Level-Front-Cache
X-Eu-Site
X-Fastly-Backend
X-Storefront-Renderer-Rendered
X-Gamma-Serve
X-Envoy-Decorator-Operation
X-Edge-Location
Edge-Cache
X-Thinkindot-L3
X-DPWN-IS-SECURE
X-Skip-Cache
X-Generated-On
X-Is-Gdpr
X-JWT-State
X-Served-From
X-HN
X-Has-Esi
X-Sigma
X-GeoIP
X-GeoIP-City
X-Developers
X-Datadog-Trace-Id
Platform
PFcat
NM-Fastcgi-Cache
Mail-Subject
Redirect-Candidate
Release
TDXMobile
Ssr
Server-Host
Req-Svc-Chain
Locid
L5d-Success-Class
Cf-Device-Type
Adler-Geo
X-VC-Cache
X-Correlation-ID
CloudFront-Viewer-Country
Fastly-SIE
L
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
Thinkindot-CacheControl
Is-Eu
X-Cache-Debug
X-Branch-Name
X-BBC-Edge-Cache-Status
X-ATG-Version
We-Hiring
X-CGP
Thinkindot-Control
Thinkindot-CacheControl-Type
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
Memcached
X-Sucuri-Cache
Kp-EeAlive
X-Sucuri-ID
X-Xrds-Location
X-Srv
X-FC-Vary-Parameters
X-Minions-Version
X-Ua-Device
X-CLOUD-TRACE-CONTEXT
X-TraceId
X-NC
AMP-Access-Control-Allow-Source-Origin
X-Mvc-Supplant-OutputCached
NGX
X-Zone
X-Tb-Optimization-Total-Bytes-Saved
X-Generated-In
X-CS
Env
X-LB-ID
CDN
X-CacheTTL
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
X-Up
Ms-Author-Via
X-Trace-ID
X-Optimistic-Header
X-API-Version
X-Backend-State
Magicmarker
Pics-Label
X-LB-NoCache
X-Varnish-Beresp-Ttl
X-Tt-Logid
X-Ec-Fail
X-Ec-GeoHdr
X-Refresh
X-User
X-Cache-Var
X-Cache-Var-Map
X-TA-CDN-Provider
X-DC
X-Request-Start
X-Edge-Pop
WebServer
Time
X-Thanos
X-Bip
Memory
X-Via-Popn
X-Via-Popv
X-Via-Poph
X-Webkit-CSP
X-Parent-Response-Time
X-Servedbyhost
X-AK-Request-ID
X-CACHE-KEY
Cdncip
X-HA-Backend
Cdnsip
GeoIp-Country-Code
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-ZONE
DataCenter
X-WADP-Cache
X-Clara-WADP
Cluster
My-App
X-Fmm-Version
X-Esi
X-Varnish-Beresp-TTL
X-Cs
X-Cache-Config
X-Dynatrace
X-CUA
Candidate-Md5Url
X-MSEdge-Features
X-MSEdge-Flight
NtCoent-Length
Server-ID
Tracecode
T-Server
X-VCL-Version
Datacenter
X-From
X-Pass-Why
X-VC
Geoip-Latitude
X-Var-Ttl
X-Traceid
Lang
X-Vc
X-Newrelic-Synthetics
X-TX-ID
Lfy
X-Provided-By
X-Fragments
X-Cache-Ttl
X-DynaTrace-JS-Agent
X-Fpc
X-B3-Spanid
Cf-Int-Pingora-Origin-Digest
X-Webkit-Csp-Report-Only
X-Li-Proto
X-WP-CF-Super-Cache
On-Server
X-FPC
WWW-Authenticate
Target-Params
X-WP-CF-Super-Cache-Cache-Control
X-LI-Proto
X-App
Esi-Enabled
X-Webkit-CSP-Report-Only
X-NODE
Proxy-Connection
Permissions-Policy
X-Vcl-Version
Geo-Info
X-RAMCache
X-Mcache
Servername
Server-Id
X-Cache-PHP
X-RateLimit-Reset
X-Httpd
X-Proxy-Cache-Info
X-Datadome
C-Via
M-TraceId
X-Service
Fastly-Drupal-HTML
X-Ha-Backend
Test
X-SB
FSS-Cache
X-Cache-Status-Check
WZWS-RAY
Producers
X-Udemy-Cache-App-Namespace
X-Api-Version
X-CSRF-TOKEN
Resin-Trace
X-Pool
X-Render-Time
X-ID
Hostname
X-Via-PopH
X-LiteSpeed-Cache-Control
X-Via-PopN
X-Scale
X-ServedByHost
X-Unique-ID
X-Platform-Router
X-Platform-Processor
X-Via-PopV
X-Platform-Cluster
X-Ec-Custom-Error
Hit
GeoIP-Country-Code
X-Akamai-Path-Stats
X-Geo
X-Dynatrace-Js-Agent
X-URL
X-Cdn-Forward
X-Edge-POP
MD5-Digest
X-Dispatcher-Number
MIME-Version
X-Cms-Context
X-SIPLIST1
X-Edge-Cache
X-Via-Ucdn
X-NGINX-Cache
IsBot
X-Clientip
X-HS-Status
Server-Ext
Uri
X-Fastly-Backend-Reqs
Server-Hostname
Sever-Int
X-ElasticPress-Query
X-Ucs
ENV
X-UP
X-Pad
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Acquia-Application-UUID
PICS-Label
X-Cache-CFC
Section-Origin-Responded
X-Acquia-Site
X-Acquia-Purge-Tags
X-Oss-Object-Type
HIT
X-Oss-Storage-Class
ServerName
X-GoCache-CacheStatus
X-Check-Cacheable
X-Cache-Expires
X-Oss-Server-Time
X-Oss-Request-Id
X-BBC-Origin-Response-Status
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Fetch-By
X-Lb-Nocache
X-Oss-Hash-Crc64ecma
X-Acquia-Application-Trace
X-Srcache-Fetch-Status
X-MG-S
X-Srcache-Store-Status
Server-Ttl
Load-Balancing
X-Swift-Error
S-Cnection
X-GeoCode
X-GeoCountry
Cache-Host
Cneonction
X-Nc
X-LiteSpeed-Tag
UCS
URI
X-Cdn-Request-ID
X-Fastly-Cache-Hits
X-WA-Info
X-TRACE-ID
X-Lb-Id
Tcn
X-Dw-Trace-Id
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Path
X-Amz-Meta-Cb-Modifiedtime
GeoIP-Latitude
Cache-Key
Client
X-Ad-Defer-Variation
X-BCube-Filmed-By
X-Newrelic-App-Data
Cf-Ipcountry
CF-Cached-On
X-Snapshot-Date
X-B3-ParentSpanId
Wpo-Cache-Status
X-Vcache
Wpo-Cache-Message
Ngx
Vha6-Origin
Cteonnt-Length
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Air-Pt
X-HostName
Sid
X-Cache-Ngx
X-Micro-Cache
X-Request-URL
Cdn
XM
X-Midtier
X-Info
VNS-Cache
CPC-Cache
VNS-Age
CPC-Age
X-Yottaa-OS
X-Dist-Code
X-Request-Url
X-AIR-PT
X-Logging-Id
Inserted-Into-Cache-At
X-Shopify-Generated-Cart-Token
X-Sentry-ID
CountryCode
X-Http-Count
X-Http-Duration-Ms
X-Akamai-Request-ID
X-Te-Duration-Ms
X-Te-Count
Req-ID
X-B3-Parentspanid
X-UA
X-Last-Modified
X-CacheKey
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL
X-Akamai-Pragma-Client-IP
X-IN-APIGATEWAY
User-Agent