Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Request-ID
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
Report-To
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
NEL
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
X-Ruxit-JS-Agent
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Ac
X-Content-Type
X-Url
X-Vname
X-PC
X-TtlSet
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Server-Name
Fastly-Restarts
X-FastCGI-Cache
Cache-Tag
X-Aws-Lambda-Call-Status
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-Vcap-Request-Id
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-D2id
X-Client-IP
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-Px
Accept-Ch
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Navigation-Version
RTSS
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Country-Code
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Powered-By-Plesk
X-NF-Request-ID
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Kraken-Loop-Name
X-Instrumentation
X-Goog-Hash
X-Server-Lifecycle-Phase
X-Origin-Cache
X-Powered-CMS
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-SID
AR-CACHE
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Version
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-TTL
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Kinsta-Cache
X-Edge-Location-Klb
Nginx-Cache
X-Edge
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
TCN
X-Protected-By
X-HP-Trace-Id
X-T
X-HP-Webp
X-Jurisdiction
X-RateLimit-Remaining
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Id
S
Content-MD5
X-Mg-S
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
SPRequestDuration
X-Language
SPIisLatency
Front-End-Https
Realpath
X-CST
X-Recruiting
X-Request-Processing-Time
X-Request-Received
X-Pinterest-Rid
Filters
Pinterest-Generated-By
Pinterest-Version
Server-Node
X-DynaTrace
X-MCACHE
Server-Name
X-Frontend
X-Ab
X-Ua-Browser
X-Content
X-Ruxit-Js-Agent
X-Ttl
X-HS-Hub-Id
X-HS-Content-Id
X-Ser
X-HS-Cache-Config
X-Yandex-Sdch-Disable
X-NWS-LOG-UUID
X-HS-Combine-CSS
X-ECACHE
X-SharePointHealthScore
SPRequestGuid
X-Correlation-Id
X-Cache-Key
X-Ezoic-Cdn
X-Template
X-Hits
X-Parallel-Accel
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Alternate-Protocol
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cache-Tags
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
Charset
X-B3-Sampled
Host
Cleartype
X-Content-Options
X-Www-Served-By
X-Page-Id
X-Git-Hash
X-Webkit-CSP
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Hostname
X-Amz-Replication-Status
X-Content-Digest
X-Fastly-Request-Id
X-Varnish-Age
X-Activity-Id
X-Az
X-Ratelimit-Limit
X-AppVersion
Filterid
X-Accel-Expires
X-FB-Debug
X-VCache
X-Upgrade-Enabled
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Grace
X-Rid
X-Nginx-Upstream-Cache-Status
X-Origin-Server
X-N
ServerID
X-F-Cache
Access-Control-Allow-Method
TP-L2-Cache
TP-Cache
X-Mobile-URL
X-LB-Cache
X-Route-Name
X-Server-ID
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Request-Guid
X-Is-Crawler
X-Flags
X-TT
X-Varnish-Grace
X-Type
X-Whom
Viewport
X-WebKit-CSP-Report-Only
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-XRDS-LOCATION
X-Seen-By
Node
Payment
X-Tb
X-FW-Type
X-FW-Static
X-FW-Server
X-Goog-Stored-Content-Encoding
DC
Paypal-Debug-Id
X-App-Environment
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Distributor
X-App-Server
X-User-Agent
Fastcgi-Useragent
X-Oneagent-Js-Injection
X-DataDome
Country
X-NGENIX-Cache
Accept-Charset
X-Wix-Request-Id
X-Litespeed-Cache
X-Cache-Control
X-Origin-Upstream-Status
X-Cache-Rule
Version
X-Logged-In
X-Fastly-Request-ID
X-Request-Handler-Origin-Region
X-Microsite
X-Drupal-Cache-Tags
Referer-Policy
X-Via-JSL
X-Cluster-Name
X-Cache-Age
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Browser-Type
X-Signature
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Refresh
X-B-Cache
X-Load-Cache
X-Buckets
X-Varnish-Backend
X-Contextid
X-Node-Name
X-Original-Request-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Response-Served-From
SD-X-WS
Cache-Status
X-Ratelimit-Reset
X-Vgn-Hpd-Reason
X-Mobile
X-Cache-Expired-At
X-Real-IP
X-Cacheable-TTL
X-Debug
X-Jobs
X-Page-View
X-Fastcgi-Cache
X-B
Amp-Access-Control-Allow-Source-Origin
Access-Control-Request-Headers
X-RemovedCookies
X-Proxy-Cache-Status
X-Instance
X-IPLB-Instance
X-ProcessESI
X-Proxy
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Device-Type
NGB
X-Drupal-Cache-Contexts
X-UUID
X-Revision
X-Rule
X-Cache-Time
X-Debug-IsPreview
Surrogate-Key
Akamai-GRN
X-Is-Bot
X-Cache-Action
X-Debug-IsConnected
X-Rendered-As
X-Framework
X-FW-Version
X-G
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Oracle-Dms-Ecid
SID
X-Oracle-Dms-Rid
DynaTrace
CF-IPCountry
GEO-INFO
X-Azure-Ref
X-PressLabs-Stats
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Liferay-Portal
X-Nginx-Cache
X-Ms-Version
X-Source
X-Ms-Request-Id
X-Accel-Buffering
Count-Hit
X-Presslabs-Stats
Uber-Trace-Id
X-XRDS-Location
Frame-Options
Healthy
X-CDN-Forward
X-Cache-Operation
Ms-Operation-Id
MS-CV
X-RTag
X-Cache-NGX
X-APP-VERSION
X-Zen-Fury
X-EdgeConnect-Cache-Status
Countrycode
Xserver
X-Cache-Hit
X-Backend-Name
X-Tumblr-Pixel-1
X-Varnish-Server
X-Environment-Context
X-L-Path
X-Mode
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Protected
Ec-Rule-Version
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Ratelimit-Remaining
X-Cache-TTL-Remaining
X-Servername
X-Region
X-Forwarded-Host
X-UPSTREAM-Address
X-Rewrite-Enabled
Meta-Geo
X-Tid
X-SaId
X-JoinUs
X-RN-RSRV
X-Debug-Cache
X-Routing-Service
Eomportal-Instance
X-Adobe-Content
X-Adobe-Loc
Apigw-Requestid
LB
X-Hyper-Cache
X-Extlb
X-Generation-Time
X-Zipkin-Id
X-Proxied
X-Sorting-Hat-ShopId
Backend
WPO-Cache-Message
WPO-Cache-Status
X-ShardId
X-Content-Powered-By
X-Alternate-Cache-Key
X-Cache-Server
X-Cache-Grace
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
Url
X-Hosted-By
X-FB-TRIP-ID
X-Content-Age
X-Sql-Duration-Ms
X-Sql-Count
X-ApacheServer
Section-Io-Cache
X-PHP-Backend
Decoy-Debug-TTL
X-NCache
X-PERF
Decoy-Debug-Status
Cache-Name
Decoy-Debug-Key
X-Origin-Date
X-No-Session
X-ServerID
Country-Code
Mn-Server-Ip
X-Varnish-Beresp-Grace
X-Via-Fastly
X-Uri
Fastly-SSL
X-Format
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Device-Class
Selected-Fe
TWC-GeoIP-Country
Property-Id
TWC-Connection-Speed
TWC-Locale-Group
X-Microcachable
X-ProxyCache-Status
X-UA-Device-Type
X-Pubstack
X-Access
X-Human
X-ProxyCache-Key
X-Proxy-Build
X-NYM-Debug-Backend
X-Server-W
X-Origin-Hint
X-Site-Version
X-Detected-As
X-Timing-Wait
X-BYPASS-REASON
X-Akamai-Edgescape
X-PCL
Webcakes-Region
X-Storage
X-Cache-Host
X-Cluster-Node
X-Cache-Type
X-Section
X-OCL
X-Status
Webcakes-App-Version
X-RateLimit-Limit
X-NewRelic-App-Data
Cache-Tv-Group
X-Hl-Ver
Content-Disposition
X-Varnishpool
X-Redis-Cache
X-R9-Blue-Green-Version
CDN-EdgeStorageId
CDN-Cache
X-Soup
CDN-RequestId
Content-Secure-Policy
X-Azure-Ref-OriginShield
CDN-Uid
X-SayCDN-TTL
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
X-Say-Cacheable
X-Say-TTL
X-Web-Node
X-Be
DB-Nickname
Azure-SiteName
X-Generated-By
Azure-SlotName
Azure-Version
X-Webkit-Csp
Azure-InstanceId
X-Ua
Azure-RegionName
X-LSADC-Cache
X-Trace-Id
X-TIME
OT-Force-Account-Verify
X-Nginx-Cache-Key
Source
SRV
X-Cached-By
X-Bc-Bl
X-Dc
X-TT-LOGID
Cache
Retry-After
X-Unique-Id
X-Auto-Login
X-SRV
X-Platform-Server
X-LAGOON
X-Cache-Remote
X-Xfnlog-Site
Cache-Hits
X-Cdn
X-Akamai-Transformed
X-Varnish-Hits
X-Varnish-Hostname
X-Origin-TTL
X-GEO
X-Loop
HostName
X-HTML-Minification-Powered-By
X-TNCMS
X-Origin-CC
X-App-Version
Xet-Cookie
X-Cache-Tags
X-Correlation-ID
X-S-Maxage
ServedBy
Onion-Location
Mime-Version
X-CSRF-Token
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Tumblr-Pixel-2
X-Request-Time
X-Time
X-Tumblr-Pixel-3
X-AOL-HN
From-Origin
X-Proto
X-EC-Lua
X-Amz-Meta-S3cmd-Attrs
X-Xrds-Location
N-Cache
Web-Mar-Node
X-ECache
Webserver
X-Endurance-Cache-Level
X-Request-Host
X-Tenant
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Cache-Var-Map
X-FireWall-Port
X-Cache-Var
Nel
WP-Super-Cache
X-Time-Microsecs
X-GG-Cache-Date
X-Edge-Location
X-NWS-UUID-VERIFY
X-B3-SpanId
X-Handled-By
X-Cache-Enabled
X-Ckpd-Fst-Backend
A
X-Cluster
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-Developer
X-Destination
DCR-Decision-By
Fastcgi-X-Cache-Version
X-ND-Cache
Expiry
DCR-Processing-Time-Ms
X-NAPM-TraceId
X-Orig-Expires
X-External-Request-Id
X-Ftr-Request-Id
BehaviorPad-Version
X-Connection-Hash
X-PBS-Appsvrname
X-Forwarded-Path
X-D
X-Ig-Push-State
X-Conf
X-Session-Fingerprint
Surrogated-Key
X-Processor
X-V-Cache
V-Age
X-Aed
X-Aicache-OS
X-TIM-N
X-ARC
X-Application
Sslversion
X-Mg-Request-UUID
X-Vdms-Path
X-Vdms-Version
X-A-Dcw
X-A-Ccd
Xc-Version
X-A-Dam
X-A
X-Vtex-Remote-Cache
X-VG-WebCache
X-A-Wwc
X-A-Dgt
X-Vtex-Processado-Em
Vix-Hermes-Req-Id
X-B-Cookie
X-S
X-S-Cookie
X-ScT
X-SD-PageType
X-Rojux
Odigeo-Trace-Id
Mobile-Detection-Method
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Via-NSCOPI
Rendered-Blocks
X-Cache-NE
X-Shop-Environment
Redirect-Candidate
Pramga
X-SRCache-Key
X-Amz-Apigw-Id
CloudFront-Viewer-Country
X-MP-GENERATED-AT
X-Amzn-RequestId
X-Origin-Response-Time
Wxu-Next-Region
True-Client-Country-4JS
AKAMAI
X-Reqid
Arc-Country
User-Cache-Control
Wxu-Next-Hostname
X-Adobe-Source
X-Gdpr
State
X-Block-Status
Host-ID
X-Cache-Bucket
X-Cache-Date
X-Cdn-Srv
Origin
Gh-Request-Id
Fastcgi-Cache-TTL
Cmsid
CDCHOST
Cmstype
DSUID
Svr
CacheControlHeader
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Gen-Mode
X-Planisys-CDN-TTL
X-Policy
X-Origin-Time
X-Origin-Expires
Fastly-Drupal-Html
X-NodeID
X-Nyt-Route
X-RCS-CacheZone
X-Request-URI
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Backend-TTL
X-Epic-Correlation-Id
X-Sucuri-ID
X-Sucuri-Cache
X-Scheme
X-Server-IP
X-Slack-Backend
X-Location
Wxu-Next-Commit
X-LI-UUID
X-Magnolia-Registration
X-Li-Pop
X-Li-Fabric
X-Hnp-Log
X-Hash
X-Geo-Header
Environment
X-PHP-Host
AMP-Access-Control-Allow-Source-Origin
X-Labrador-Cache-Channel
X-TrackingId
X-GeoIP
X-Gamma-Serve
X-GeoIP-City
X-Storefront-Renderer-Rendered
X-Backend-State
X-Sn-Servicetimems
X-Branch-Name
X-Accel-Expires-Debug
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Generated-On
X-Origin
X-VG-TLSProxy
X-Rocket-Nginx-Serving-Static
Apple-News-Services-Host
Apple-News-Services-Handled
X-VarnishDD-TTL
X-Varnish-Beresp-Status
X-Viewer-Country
X-VServer
X-Webstats-RespID
X-UnsetCookies
X-Served-From
X-Datadog-Trace-Id
X-Date
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Owner
X-Old-Content-Length
X-Eu-Site
X-Device-Os
X-Men
X-Developers
X-Mvc-Supplant-Cachable
X-Envoy-Decorator-Operation
X-Core-Value
X-Core-Mission
X-Request-Start
X-Region-Sid
X-Forwarded-Site
X-Locale
X-Cache-Debug
X-HN
X-Proxy-Upstream
X-Fetched-On
X-Fastly-Cache
X-Fastly-Backend
X-Level-Front-Cache
X-Platform
X-CGP
X-Skip-Cache
X-Cdn-Origin
X-Qnm-Cache
X-M-Reqid
Server-Info
Ssr
Server-Host
Release
PFcat
Origin-EX
Origin-CC
Locid
X-M-Log
Traceparent
HA-Ipaddr
L
Ha-Gx-Prefs
L5d-Success-Class
S-Rt
X-JWT-State
X-DefHash
X-Pod-Name
X-Is-Gdpr
Fastly-SIE
X-NU-AKA-ACS-Version
X-Esi-Check
X-Qloud-Router
Adler-Geo
X-FC-Vary-Parameters
X-Gzip
X-Has-Esi
X-Irp-Debug
Cf-Device-Type
X-HS-Content-Campaign-Id
X-DPWN-IS-SECURE
X-Rebelmouse-Cache-Control
Req-Svc-Chain
X-BBC-Edge-Cache-Status
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Cache-Info
X-GeoIP-Country-Code
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-GeoIP-Region-Code
X-Varnish-CookieHashed-On
Web-Mar-Region
X-Rebelmouse-Surrogate-Control
X-DefElseHash
X-Zone
X-RateLimit-Remaining-Second
X-Req
X-VC-Cache
X-Thinkindot-L3
X-Thanos
X-TH-Server
X-Response-By
X-RateLimit-Limit-Second
X-Variation
X-Amzn-Remapped-Content-Length
Machine
TDXMobile
Thinkindot-CacheControl
X-Bip
Platform
NM-Fastcgi-Cache
Memcached
X-Cache-Id
Is-Eu
Mail-Subject
Thinkindot-Control
We-Hiring
Fastly-SWR
Thinkindot-CacheControl-Type
X-Ua-Device
X-Varnish-Beresp-Ttl
X-Node-Id
X-CLOUD-TRACE-CONTEXT
Magicmarker
X-Loc
NGX
X-CS
X-ATG-Version
Fastly-GeoIP-CountryCode
X-Tx-Id
X-Restarts
X-LB-ID
X-Cache-Config
X-Up
X-Mvc-Supplant-OutputCached
X-API-Version
X-Akamai-Request-ID2
X-Http-Reason
X-Generated-In
Kp-EeAlive
X-NC
CDN
Pics-Label
Ms-Author-Via
X-CACHE-KEY
X-Trace-ID
X-Action
Time
X-LB-NoCache
Memory
Edge-Cache
X-Cache-Backend
X-TraceId
X-Wix-Viewer-Type
X-Via-Poph
Candidate-Md5Url
X-RSL
X-Via-Popv
X-Refresh
X-Varnish-Ttl
WebServer
X-DSS
X-DI
Env
X-Edge-Pop
X-DW
X-RPS
Datacenter
X-RPM
X-DB
X-Via-Popn
X-Optimistic-Header
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-Datadome
X-URL
X-Tt-Logid
X-Minions-Version
X-CacheTTL
Accept-Language
X-DynaTrace-JS-Agent
X-Srv
X-HA-Backend
GeoIp-Country-Code
On-Server
WWW-Authenticate
X-DC
X-Vc
X-Servedbyhost
X-Esi
Esi-Enabled
Locale
Server-ID
X-Urbn-Site-Id
X-ZONE
X-Unique-ID
X-MSEdge-Features
X-Urbn-Context-Path
X-MSEdge-Flight
X-Varnish-Beresp-TTL
X-TX-ID
X-Cs
X-Parent-Response-Time
C-Via
X-Ec-GeoHdr
X-Ec-Fail
X-Service
X-User
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Cache-PHP
X-Webkit-CSP-Report-Only
X-VCL-Version
X-Fpc
X-Cache-Ttl
X-LI-Proto
X-Traceid
X-App
X-Dynatrace
Cdncip
X-Cache-Status-Check
Test
X-Li-Proto
X-Render-Time
Cdnsip
X-AK-Request-ID
X-Webkit-Csp-Report-Only
X-LiteSpeed-Cache-Control
X-B3-Spanid
My-App
X-FPC
X-NODE
Proxy-Connection
X-Pass-Why
Resin-Trace
X-Var-Ttl
X-CUA
Tracecode
Geoip-Latitude
X-Fmm-Version
X-WADP-Cache
X-Clara-WADP
Cluster
X-Vcl-Version
X-Mcache
T-Server
Lfy
X-From
M-TraceId
Server-Id
Geo-Info
Lang
Fastly-Drupal-HTML
X-Fragments
X-Clientip
Cf-Int-Pingora-Origin-Digest
DataCenter
X-CSRF-TOKEN
X-Info
X-AIR-PT
X-Ha-Backend
Cache-Host
X-VC
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
UCS
X-ID
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
GeoIP-Country-Code
HIT
Target-Params
X-LiteSpeed-Tag
X-Geo
Hostname
MIME-Version
X-Pad
X-ServedByHost
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
S-Cnection
Hit
X-Dynatrace-Js-Agent
X-Edge-POP
X-RAMCache
Ohc-File-Size
Tcn
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Cdn-Forward
X-Edge-Cache
X-HS-Status
X-Check-Cacheable
X-ElasticPress-Query
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Api-Version
X-Micro-Cache
X-NGINX-Cache
X-Proxy-Cache-Info
Permissions-Policy
X-Provided-By
User-Agent
Section-Io-Origin-Status
Load-Balancing
X-Httpd
Fastly-Backend-Name
ENV
Producers
Servername
X-Backend-Host
X-Ucs
X-Release
X-Fastly-Backend-Reqs
X-ServerName
X-BBC-Origin-Response-Status
X-HostName
X-UP
X-GoCache-CacheStatus
FSS-Cache
PICS-Label
X-APP
WZWS-RAY
X-SB
X-BCube-Filmed-By
URI
X-Lb-Nocache
X-Nc
ServerName
Uri
Cf-Ipcountry
X-TRACE-ID
X-Platform-Router
X-Cache-CFC
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Site
X-Pool
Server-Ttl
X-Platform-Cluster
X-Platform-Processor
X-Udemy-Cache-App-Namespace
X-Swift-Error
EpKe-Alive
Cneonction
X-Lb-Id
Cteonnt-Length
Ohc-Cache-HIT
X-Cdn-Request-ID
Cdn
X-RateLimit-Reset
X-Fastly-Cache-Hits
X-Dw-Trace-Id
X-WA-Info
X-Ec-Custom-Error
CPC-Cache
X-Newrelic-App-Data
Path
CPC-Age
X-Akamai-ERPolicy
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
Cache-Key
X-Amz-Meta-Cb-Modifiedtime
VNS-Age
X-Akamai-ERRuleID
X-WA
X-Vcache
VNS-Cache
X-Yottaa-OS
X-B3-ParentSpanId
Vha6-Origin
CF-Cached-On
X-Snapshot-Date
X-Scale
Shield-Pop
X-Contensis-Viewer-Groups
X-Cache-ASPX
Sid
Lb
X-Cache-Ngx
X-Air-Pt
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-SIPLIST1
GeoIP-Latitude
X-Akamai-Request-ID
X-ES-SERVER
X-Shopify-Generated-Cart-Token
IsBot
MD5-Digest
X-Cache-Expires
X-Wikidot-Static-Cache
X-CacheKey
X-Sentry-ID
X-UA
X-Akamai-Pragma-Client-IP
CountryCode
Req-ID
Ngx
X-Logging-Id
X-Te-Duration-Ms
X-Wikidot-Backend
X-Te-Count
X-Http-Duration-Ms
X-Varnish-Authentication
X-Http-Count
X-Last-Modified