Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
X-Akamai-Path-Stats
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-Proxy-Cache
Host-Header
X-UA-Device
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-Dispatcher
X-LiteSpeed-Cache
X-Amz-Version-Id
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Server-Id
X-Host
X-Page-Speed
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
X-CST
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
Accept-Ch
X-Url
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-Vname
X-TtlSet
X-PC
X-FastCGI-Cache
RTSS
X-Amz-Server-Side-Encryption
X-Varnish-TTL
Edge-Control
X-VARITI-CCR
X-Server-Name
Cache-Tag
X-ASPNET-VERSION
X-Edge
X-Vcap-Request-Id
X-ESI
X-Content-Type
X-B3-TraceId
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-Kinja
X-Dw-Request-Base-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Amz-Rid
X-Px
Public-Key-Pins
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Middleton-Display
Pagespeed
X-Sol
X-Powered-By-Plesk
Display
X-Ac
X-Abt-Application-Version
Verso
X-Client-IP
X-Content-Security-Policy-Report-Only
X-Element-Page-Cache
X-Version
X-RateLimit-Remaining
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Ttl
Response
X-Middleton-Response
X-Goog-Hash
Access-Control-Request-Method
SPIisLatency
SPRequestDuration
X-Cached
X-Kinsta-Cache
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Powered-CMS
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Upstream
X-Correlation-Id
X-Litespeed-Cache
X-TTL
X-LLID
Edge-Cache-Tag
X-Forwarded-For
Content-MD5
X-NWS-LOG-UUID
X-WebKit-CSP-Report-Only
X-Ruxit-Js-Agent
Nginx-Cache
X-Id
X-Cache-Key
X-RateLimit-Limit
X-ECACHE
X-Shield-Request-Id
X-MSEdge-Ref
TCN
X-T
X-Recruiting
X-TEC-API-VERSION
MRF-Tech
Mrf-Cache-Status
X-TEC-API-ROOT
X-TEC-API-ORIGIN
S
X-Daa-Tunnel
X-Content-Digest
X-B3-TraceId-Primal
X-Ua-Device
X-Mg-S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
TP-L2-Cache
TP-Cache
X-Accel-Expires
X-Grace
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-DynaTrace
X-Frontend
X-DataDome
X-HS-Cache-Config
X-HS-Content-Id
X-Request-Received
X-HS-Hub-Id
X-HS-Combine-CSS
X-Request-Processing-Time
Front-End-Https
X-Mcache
X-Yandex-Sdch-Disable
Filters
X-Ezoic-Cdn
X-Protected-By
Server-Node
X-Ua-Browser
MicrosoftSharePointTeamServices
X-Content
X-Ab
X-PressLabs-Stats
X-Origin-Server
X-Distributor
X-Hits
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Fastcgi-Cache
X-LB-Cache
X-Geo-Country
MS-Author-Via
X-Webkit-Csp
X-Microsite
X-Request-Handler-Origin-Region
X-Amzn-Trace-Id
X-Mid
X-Tt-Trace-Host
X-Tt-Trace-Tag
Charset
Cleartype
X-F-Cache
Host
X-Page-Id
X-Forwarded-Proto
X-B3-Sampled
X-Git-Hash
X-Debug-Info
Cross-Origin-Opener-Policy
X-Cache-Age
Cache-Status
X-Ratelimit-Reset
X-Seen-By
Realpath
X-Fastly-Request-Id
X-Az
X-Webkit-CSP
X-AppVersion
X-Activity-Id
X-DIS-Request-ID
Access-Control-Allow-Method
X-Www-Served-By
Accept-Charset
X-Nginx-Upstream-Cache-Status
X-Aspnetmvc-Version
ServerID
Permissions-Policy
Filterid
X-Varnish-Age
Cache-Tags
Pinterest-Version
X-Content-Options
X-Cluster-Name
Pinterest-Generated-By
X-Rid
X-Pinterest-Rid
X-Type
Retry-After
X-FB-Debug
Country
Server-Name
Viewport
X-Varnish-Backend
X-Providence-Cookie
X-Request-Guid
X-Drupal-Cache-Tags
DC
X-Aspnet-Duration-Ms
X-B-Cache
X-Flags
X-Signature
X-Tb
X-B
X-User-Agent
X-Wix-Request-Id
X-Route-Name
Paypal-Debug-Id
X-Is-Crawler
X-TT
X-Oneagent-Js-Injection
X-Amz-Meta-S3cmd-Attrs
X-App-Environment
X-Varnish-Grace
X-Goog-Storage-Class
X-Goog-Metageneration
X-Whom
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Midtier
X-VCache
X-Debug
X-Origin-Cache
Node
Fastcgi-Useragent
X-Upgrade-Enabled
X-Language
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NWS-UUID-VERIFY
X-Mobile-URL
Protected
X-Amz-Replication-Status
X-Logged-In
X-Cache-NGX
X-N
X-Oracle-Dms-Ecid
X-Load-Cache
X-XRDS-LOCATION
Payment
X-Oracle-Dms-Rid
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-Server-ID
WPO-Cache-Status
WPO-Cache-Message
X-XRDS-Location
X-Cache-Control
Count-Hit
Alternate-Protocol
X-Contextid
X-Restarts
Healthy
X-NGENIX-Cache
X-Via-JSL
X-Node-Name
X-MCACHE
X-Mobile
X-Proxy
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
Content-Disposition
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-Response-Served-From
X-Original-Request-Id
X-FW-Type
X-FW-Dynamic
SD-X-WS
Refresh
X-Zen-Fury
X-Jobs
Url
Akamai-GRN
X-G
X-Datadome
X-Real-IP
X-Page-View
X-Is-Bot
X-Cache-Time
X-Revision
X-Rendered-As
X-Adobe-Content
X-Adobe-Loc
X-Servername
X-UUID
NGB
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Mg-Request-UUID
X-Proxy-Cache-Status
X-Debug-IsPreview
X-Cache-TTL-Remaining
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Http-Reason
Uber-Trace-Id
X-Cache-Grace
X-Akamai-Request-ID2
X-Instance
X-Varnish-Server
X-Yottaa-Metrics
X-Framework
X-Device-Type
X-Yottaa-Optimizations
Access-Control-Request-Headers
X-L-Path
X-Environment-Context
X-ECache
X-HTML-Minification-Powered-By
X-IPLB-Instance
Version
X-Hostname
X-Template
X-B3-Traceid
X-EdgeConnect-Cache-Status
Frame-Options
X-Source
X-RTag
MS-CV
Ms-Operation-Id
Liferay-Portal
Countrycode
Accept-Language
X-Fastly-Request-ID
Referer-Policy
X-NYM-Debug-Backend
X-Trace-Id
X-Ratelimit-Remaining
X-Cache-Hit
X-App-Server
X-Cache-Rule
X-Cache-Expired-At
From-Origin
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-APP-VERSION
X-Tumblr-Pixel-1
X-Vgn-Hpd-Reason
X-COUNTRY
Backend
X-IPS-LoggedIn
X-Hosted-By
X-Nginx-Cache
X-Unique-Id
Content-Secure-Policy
X-FW-Version
X-RemovedCookies
X-Status
WP-Super-Cache
Load-Balancing
X-UPSTREAM-Address
X-ProcessESI
Meta-Geo
Section-Io-Cache
X-RN-RSRV
X-SaId
X-JoinUs
X-OCL
X-Cache-Server
CF-IPCountry
X-FB-TRIP-ID
Upgrade-Insecure-Requests
X-PCL
X-Generation-Time
X-Ua
S-Rt
X-Via-Fastly
X-VC-Cache
X-VWS-Id
X-PHP-Backend
Property-Id
X-No-Session
X-Varnish-Cache-Hits
X-Sql-Duration-Ms
X-Redis-Cache
X-PHP-Host
X-Region
X-Request-Time
X-Sql-Count
X-Section
X-Origin-Hint
Webcakes-Region
TWC-Locale-Group
X-AWS-Id
TWC-GeoIP-LatLong
X-Access
Apigw-Requestid
Fastly-SSL
X-LJ-Flow-ID
TWC-Privacy
TWC-Connection-Speed
X-Format
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
X-Labrador-Cache-Channel
X-AOL-HN
X-Mode
X-Content-Age
X-Say-Cacheable
Locale
Eomportal-Instance
X-Be
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Platform-Server
X-Say-TTL
X-Origin-Date
X-Generated-By
X-Forwarded-Host
X-Content-Powered-By
X-Debug-Cache
X-Cms-Context
X-Cache-Enabled
X-SayCDN-TTL
X-Nginx-Cache-Key
X-Human
X-PERF
X-ShardId
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-Version
X-Cache-Host
X-Server-W
X-Locale
Mn-Server-Ip
X-Cluster-Node
X-Xfnlog-Site
X-Adobe-Source
X-UA-Device-Type
X-Storage
X-Alternate-Cache-Key
X-Site-Version
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Akamai-Edgescape
X-ApacheServer
X-Uri
X-BYPASS-REASON
X-Cache-Type
X-Cache-Tags
X-Detected-As
X-Routing-Service
X-Varnishpool
X-ProxyCache-Status
X-Web-Node
X-Zipkin-Id
X-Edge-Location
X-ProxyCache-Key
X-Proxied
X-GeoCode
X-NewRelic-App-Data
X-GeoCountry
X-GG-Cache-Date
X-Handled-By
X-Extlb
X-Tid
X-Storefront-Renderer-Rendered
X-Dc
X-Backend-Name
X-Hl-Ver
Cache-Tv-Group
X-Timing-Wait
X-Proxy-Build
Selected-Fe
X-Proto
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
CDN-Cache
Ec-Rule-Version
ServedBy
CDN-Uid
X-ServerID
Web-Mar-Node
X-CDN-Forward
Webserver
Fastly-Drupal-Html
X-Ratelimit-Limit
Onion-Location
X-LSADC-Cache
X-Cache-Action
X-GEO
X-IPLB-Request-ID
X-Magnolia-Registration
X-App-Version
X-Cached-By
X-Varnish-Hostname
Cache-Hits
X-Tt-Logid
SRV
SID
X-Air-Trace-Id
X-Cdn
X-Envoy-Decorator-Operation
X-Air-Source
X-Air-Hostname
X-Cache-Remote
X-Cache-Operation
X-Hyper-Cache
X-SRV
Mime-Version
X-Cluster
X-Parallel-Accel
X-Rewrite-Enabled
X-Varnish-Hits
X-Soup
X-Origin-TTL
LB
X-Origin-CC
X-Rule
Xet-Cookie
Xserver
Cache
X-Pubstack
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Accel-Buffering
X-TA-CDN-Provider
Source
X-Microcachable
DB-Nickname
Server-Info
Country-Code
X-Reqid
X-MP-GENERATED-AT
X-Buckets
X-Via-NSCOPI
X-TT-LOGID
Decoy-Debug-Status
Decoy-Debug-Key
X-CSRF-Token
X-Amzn-RequestId
X-Amz-Apigw-Id
Decoy-Debug-TTL
Datacenter
X-Skip-Cache
X-Origin-Response-Time
X-Request-Host
X-Tx-Id
X-Endurance-Cache-Level
X-Ec-Fail
X-Geo-Header
Surrogated-Key
X-Forwarded-Path
T-Server
X-External-Request-Id
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-A-Dam
X-BCube-Filmed-By
X-A
X-Cache-NE
Sslversion
X-A-Ccd
X-B-Cookie
X-AK-Request-ID
X-Application
X-Aed
X-ARC
X-Cache-Status-Check
X-Cdn-Srv
X-Connection-Hash
X-D
X-Destination
X-Developer
X-Conf
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-A-Wwc
X-A-Dgt
DynaTrace
X-PBS-Appsvrname
Cdnsip
Cdncip
Lang
X-ScT
X-SD-PageType
X-S-Cookie
X-S
X-Vdms-Version
A
X-Rojux
MD5-Digest
X-Vdms-Path
X-Session-Fingerprint
X-Shop-Environment
X-B3-SpanId
X-TIM-N
X-User
DCR-Decision-By
DCR-Processing-Time-Ms
Expiry
Fastcgi-X-Cache-Version
X-SRCache-Key
Cmsid
Cmstype
Host-ID
X-Tenant
X-VG-WebCache
X-Processor
X-Orig-Expires
BehaviorPad-Version
Xc-Version
Cache-Key
Odigeo-Trace-Id
X-NAPM-TraceId
Rendered-Blocks
X-Ig-Push-State
Pramga
Mobile-Detection-Method
XM
X-Vtex-Processado-Em
X-A-Dcw
Candidate-Md5Url
X-PAYTM-SRV-ID
X-Vtex-Remote-Cache
Meta-Geo-Continent
X-Azure-Ref
X-Fastcgi-Cache
X-Newrelic-Synthetics
We-Hiring
VNS-Cache
Mail-Subject
Server-Host
State
Producers
Wxu-Next-Region
NM-Fastcgi-Cache
Wxu-Next-Hostname
Platform
Wxu-Next-Commit
Is-Eu
X-Hash
X-Origin-Expires
X-Wix-Viewer-Type
Environment
X-SB
X-Origin
X-Worker
X-NodeID
X-Amzn-Remapped-Content-Length
Redirect-Candidate
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Variation
X-V-Cache
X-TrackingId
X-TNCMS
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Scheme
X-Varnish-CookieHashed-On
X-SplitTest
X-Loop
X-JWT-State
X-DefElseHash
X-DefHash
X-Developers
X-Device-Os
X-Core-Value
X-Core-Mission
X-Bc-Bl
X-Cache-Id
X-Ckpd-Fst-Backend
X-DPWN-IS-SECURE
X-Esi-Check
X-Has-Esi
X-Gdpr
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-Nyt-Route
X-Gzip
X-Fetched-On
X-Ftr-Request-Id
X-Origin-Time
X-Ad-Defer-Variation
VNS-Age
AKAMAI
X-Varnish-Ttl
CPC-Age
CPC-Cache
Adler-Geo
X-Xrds-Location
X-Varnish-Beresp-Grace
X-Planisys-CDN-Cache
X-Irp-Debug
X-Hnp-Log
X-HN
X-LAGOON
X-Level-Front-Cache
X-Ms-Version
X-Node-Id
X-Ms-Request-Id
Ohc-File-Size
X-Loc
X-Minions-Version
X-NCache
X-GeoIP
X-CacheTTL
X-Cdn-Origin
X-Clara-WADP
X-Cache-Info
X-Cache-Date
X-BBC-Edge-Cache-Status
X-Block-Status
X-Cache-Bucket
X-Dispatcher-Number
X-Ec-Custom-Error
X-Gen-Mode
X-Generated-On
X-Planisys-CDN-Rules
X-Gamma-Serve
X-Forwarded-Site
X-Fastly-Cache
X-Fmm-Version
X-GeoIP-City
X-Platform
Fastly-Backend-Name
Gh-Request-Id
Web-Mar-Region
Cluster
X-WADP-Cache
X-VarnishDD-TTL
X-VG-TLSProxy
X-VServer
X-Auto-Login
X-Cache-Backend
X-Viewer-Country
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Via-Ucdn
X-Proxy-Upstream
X-Pod-Name
X-Proxy-Cache-Info
X-Thinkindot-L3
X-Sn-Servicetimems
X-RCS-CacheZone
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-Qloud-Router
X-Aicache-OS
X-Policy
X-Pool
X-Region-Sid
X-Request-URI
X-Sigma-Backend
X-SIPLIST1
X-Slack-Backend
X-Sigma
X-Served-From
X-Rocket-Build-Number
X-Rocket-Nginx-Serving-Static
X-Planisys-CDN-TTL
X-RateLimit-Remaining-Second
Apple-News-Services-Host
Vix-Hermes-Req-Id
Apple-News-Services-Handled
Release
Apple-News-Services-Parsed-Url
PFcat
Origin
V-Age
X-AIR-PT
Origin-EX
Req-Svc-Chain
Server-Ext
Thinkindot-CacheControl-Type
Thinkindot-Control
Traceparent
User-Cache-Control
Thinkindot-CacheControl
TDXMobile
Server-Hostname
Sever-Int
Svr
Apple-News-Services-Request-Url
Origin-CC
NGX
L
Kp-EeAlive
Fastly-SWR
CloudFront-Viewer-Country
IsBot
Fastly-GeoIP-CountryCode
Fastly-SIE
Fastcgi-Cache-TTL
Memcached
N-Cache
Machine
CDCHOST
X-Correlation-ID
HostName
X-Time
Ha-Gx-Prefs
DSUID
HA-Ipaddr
X-Eu-Site
X-Mvc-Supplant-Cachable
Cache-Name
X-R9-Blue-Green-Version
X-Owner
L5d-Success-Class
X-WA-Info
X-Optimistic-Header
Ssr
X-Scale
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Branch-Name
CDN
X-CGP
X-Csrf-Jwt
X-ZONE
X-WP-CF-Super-Cache
Pics-Label
X-EC-Lua
X-WP-CF-Super-Cache-Cache-Control
X-Server-IP
X-Refresh
X-CS
X-Httpd
X-Micro-Cache
X-VC
X-CACHE-KEY
X-NC
GEO-INFO
Ngx.Var.Host
X-Parent-Response-Time
Path
X-Ah-Environment
Ms-Author-Via
X-TIME
X-From
X-Cache-ASPX
Cache-Host
X-Contensis-Viewer-Groups
Servername
X-LB-NoCache
X-Webstats-RespID
X-Location
X-Edge-Pop
X-Varnish-Authentication
X-Servedbyhost
Env
Lb
X-Tb-Optimization-Total-Bytes-Saved
X-Udemy-Cache-App-Namespace
X-Proxy-CacheRZ
XkeyRZ
X-Mvc-Supplant-OutputCached
X-TraceId
Locid
X-Clientip
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-Srv
X-API-Version
X-Amz-Meta-Cb-Modifiedtime
Ohc-Cache-HIT
Time
X-Generated-In
ITXSESSIONID
Memory
X-Response-By
Arc-Country
X-Men
X-Varnish-Beresp-TTL
X-Trace-ID
AMP-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
X-Old-Content-Length
X-S-Maxage
X-RateLimit-Reset
X-DI
True-Client-IP
X-HA-Backend
X-DB
X-RSL
X-Vc
X-DW
X-DSS
X-RPM
X-RPS
Client
X-Akamai-Transformed
X-Accel-Expires-Debug
X-Date
X-VHOST
X-Cs
X-Dmc
X-MSEdge-Features
X-Tec-Api-Root
Server-ID
X-MSEdge-Flight
X-Tec-Api-Origin
X-Tec-Api-Version
X-VCL-Version
X-Render-Time
Geoip-Latitude
X-Zone
X-URL
X-DynaTrace-JS-Agent
X-GeoIP-Region-Code
X-Fpc
Hostname
X-INCAP-ABP
X-GeoIP-Country-Code
X-Presslabs-Stats
FSS-Cache
Rip
X-FireWall-Port
X-DC
X-Service
C-Via
X-Cache-Debug
X-TRACE-ID
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Component-Id
X-M-Reqid
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Tube-Got-Eval
X-Gateway-Cache-Key
Click-Count-Action-Start
X-Gateway-Cache-Status
Tube-Get-Contents
Tube-Return
NtCoent-Length
X-Webkit-Csp-Report-Only
X-Gateway-Request-Id
Powered-By
X-M-Log
X-Gateway-Skip-Cache
X-Qnm-Cache
Click-Count-Error
Tube-Got-Results
X-Api-Version
X-TX-ID
HIT
CacheControlHeader
On-Server
X-B3-Spanid
X-PX
X-CSRF-TOKEN
Tcn
X-TH-Server
X-Action
X-Alfa-Service
Test
True-Client-Country-4JS
Esi-Enabled
X-NGINX-Cache
X-Backend-TTL
X-FPC
X-Check-Cacheable
X-Cdn-Request-ID
X-Traceid
X-Edge-Origin-Shield-Region
X-Vcl-Version
User-Agent
X-Beluga-Response-Time
Edge-Cache
X-Beluga-Record
X-Beluga-Node
Server-Id
X-Edge-Origin-Shield-Bytes
X-Beluga-Trace
X-Esi
Srv
X-Beluga-Cache-Status
X-Beluga-Status
X-HS-Status
Geo-Info
X-Pass-Why
Cdn
X-Akamai-Pragma-Client-IP
X-Proxy-Cache-Hk
OT-Force-Account-Verify
X-Req
GeoIP-Latitude
X-Origin-Upstream-Status
Proxy-Connection
X-Via-PopV
GeoIP-Country-Code
X-Ha-Backend
Srvid
Resin-Trace
X-Via-PopH
X-Via-PopN
Uri
My-App
DT-Hot-News
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Ttl
X-App
Cf-Int-Pingora-Origin-Digest
Sid
MIME-Version
M-TraceId
X-APP
X-Up
Server-Ttl
X-ServedByHost
Epwk-X-Cache
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Cdn-Forward
WebServer
ENV
X-Bip
X-Fastly-Backend-Reqs
X-Thanos
X-Edge-POP
X-LB-ID
X-Backend-Host
X-Provided-By
Warning
X-B3-Traceid-Primal
X-Lb-Nocache
True-Client-Ip
X-LI-Proto
X-Li-Pop
X-Geo
X-LI-UUID
ServerName
X-Li-Fabric
XServer
X-HostName
X-CF-Powered-By
X-ElasticPress-Query
X-Webkit-CSP-Report-Only
X-Akamai-Request-ID
X-Newrelic-App-Data
X-Fetch-By
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-RAMCache
X-Serial
X-Vercel-Id
X-Dw-Trace-Id
X-HITS
CF-Cached-On
PICS-Label
X-Vercel-Cache
X-Request-Start
X-UnsetCookies
X-Nc
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
X-Request-Url
X-Cc-Via
X-IN-APIGATEWAYSSL
WZWS-RAY
X-IN-APIGATEWAY
Dt-Hot-News
X-Time-Microsecs
X-ND-Cache
X-Iplb-Instance
Inserted-Into-Cache-At
X-Yottaa-OS
X-Iplb-Request-Id
D-Url-Rewrites
X-Vcache
X-Air-Pt
Servedby
Cdn-Requestid
Wp-Super-Cache
Cdn-Cache
Cdn-Edgestorageid
Cdn-Pullzone
Cdn-Requestcountrycode
Cdn-Uid
Cdn-Cachedat
X-LiteSpeed-Tag
X-Storefront-Renderer-Verified
X-Th-Server
X-Azure-Ref-OriginShield
X-Back
X-Request-URL
X-MiniProfiler-Ids
X-Varnish-Beresp-Status
Hit
X-Snapshot-Date
Magicmarker
Vha6-Origin
Content-Style-Type
Cf-Device-Type
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
DataCenter
X-Release
X-Fastly-Cache-Hits
X-Dist-Code
Fastcgi-Cache-Ttl
Content-Script-Type
X-CUA
CountryCode
X-BBC-Origin-Response-Status