Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Check
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
X-Akamai-Path-Stats
EagleId
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
X-Proxy-Cache
X-UA-Device
Host-Header
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
Allow
X-WebKit-CSP
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Cache-Spec
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
Accept-CH-Lifetime
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Content-Location
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
Accept-Ch
X-Vname
X-PC
X-TtlSet
Accept-Ch-Lifetime
X-Clacks-Overhead
RTSS
Edge-Control
X-Server-Name
X-VARITI-CCR
X-ESI
X-Amz-Server-Side-Encryption
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Vcap-Request-Id
X-Content-Type
X-Dw-Request-Base-Id
X-Amz-Rid
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
Public-Key-Pins
X-Px
X-Cnection
X-FastCGI-Cache
X-Edge
X-D2id
X-Ac
X-RateLimit-Remaining
X-Ser
X-Element-Page-Cache
Verso
X-Client-IP
X-Navigation-Version
X-Abt-Application-Version
Display
X-Powered-By-Plesk
Pagespeed
X-Middleton-Display
X-Sol
X-Version
X-Ttl
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Litespeed-Cache
X-Country-Code
X-Cache-TTL
Service-Worker-Allowed
X-Correlation-Id
Response
X-Middleton-Response
X-NF-Request-ID
X-Goog-Hash
Access-Control-Request-Method
SPIisLatency
SPRequestDuration
X-Content-Security-Policy-Report-Only
X-Kinsta-Cache
X-Cached
AR-SID
AR-CACHE
X-Edge-Location-Klb
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
X-LLID
Edge-Cache-Tag
X-Upstream
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-RateLimit-Limit
X-NWS-LOG-UUID
X-Ruxit-Js-Agent
X-Forwarded-For
Content-MD5
X-Cache-Key
Nginx-Cache
X-Id
X-MSEdge-Ref
X-TTL
MRF-Tech
Mrf-Cache-Status
X-Shield-Request-Id
TCN
X-T
X-B3-TraceId-Primal
S
X-Recruiting
X-Daa-Tunnel
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Content-Digest
X-Ua-Device
X-ECACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Accel-Expires
X-DataDome
X-Grace
X-Ezoic-Cdn
MS-Author-Via
X-Protected-By
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-Frontend
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Ua-Browser
X-Ab
X-Content
X-DynaTrace
TP-L2-Cache
TP-Cache
X-Yandex-Sdch-Disable
X-Request-Received
Server-Node
X-Request-Processing-Time
Filters
X-Server-ID
Front-End-Https
X-PressLabs-Stats
X-Origin-Server
X-Distributor
X-WebKit-CSP-Report-Only
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-Webkit-Csp
X-Request-Handler-Origin-Region
X-Microsite
X-Tt-Trace-Tag
X-Tt-Trace-Host
Charset
X-LB-Cache
X-Amzn-Trace-Id
X-Debug-Info
Cleartype
X-Page-Id
Host
Cross-Origin-Opener-Policy
X-F-Cache
X-B3-Sampled
X-Git-Hash
X-Forwarded-Proto
X-Cache-Age
X-ORACLE-DMS-ECID
X-DIS-Request-ID
Cache-Status
Access-Control-Allow-Method
X-Seen-By
X-ORACLE-DMS-RID
X-Www-Served-By
X-Ratelimit-Reset
Realpath
Pinterest-Version
X-Activity-Id
X-Pinterest-Rid
ServerID
X-AppVersion
Pinterest-Generated-By
X-Az
Accept-Charset
X-Aspnetmvc-Version
X-Oracle-Dms-Ecid
Cache-Tags
Filterid
X-Fastly-Request-Id
X-Oracle-Dms-Rid
X-Varnish-Age
X-Mcache
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Rid
X-Content-Options
X-Type
X-Language
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-App-Environment
Retry-After
X-FB-Debug
X-Tb
X-MCACHE
Country
X-User-Agent
Server-Name
Node
X-Varnish-Backend
X-Drupal-Cache-Tags
Viewport
X-Whom
X-Varnish-Grace
X-Wix-Request-Id
X-Signature
X-Upgrade-Enabled
X-TT
X-B-Cache
DC
X-Oneagent-Js-Injection
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Origin-Cache
Paypal-Debug-Id
X-Goog-Stored-Content-Length
X-Mobile-URL
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-VCache
X-B
X-Route-Name
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Request-Guid
X-Flags
X-XRDS-LOCATION
Protected
X-NWS-UUID-VERIFY
X-Debug
Permissions-Policy
Fastcgi-Useragent
X-Amz-Meta-S3cmd-Attrs
X-Cache-NGX
X-Amz-Replication-Status
X-N
WPO-Cache-Message
WPO-Cache-Status
Payment
X-Logged-In
X-Via-JSL
X-Load-Cache
Surrogate-Key
X-XRDS-Location
X-Contextid
X-Cache-Control
Count-Hit
X-Webkit-CSP
Amp-Access-Control-Allow-Source-Origin
Healthy
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-Template
X-FW-Server
X-Node-Name
X-FW-Serve
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
X-Mobile
Content-Disposition
Akamai-GRN
X-G
X-Jobs
X-Cache-Time
X-Restarts
Url
X-Revision
X-Zen-Fury
X-Framework
X-Akamai-Request-ID2
X-Cache-TTL-Remaining
X-Proxy
Refresh
X-NGENIX-Cache
Alternate-Protocol
X-Device-Type
X-Drupal-Cache-Contexts
VIX-Pulpo-Upstream-Status
NGB
Uber-Trace-Id
X-Cacheable-TTL
X-Proxy-Cache-Status
X-Adobe-Loc
X-Servername
X-Adobe-Content
X-UUID
X-Real-IP
X-Rendered-As
X-Is-Bot
VIX-Pulpo-Node
X-Fastly-Request-ID
X-Cache-Grace
X-Page-View
X-Http-Reason
X-Debug-IsConnected
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Debug-IsPreview
Access-Control-Request-Headers
X-Instance
X-Mg-Request-UUID
X-Varnish-Server
X-ECache
X-Hostname
X-Trace-Id
X-B3-Traceid
X-IPLB-Instance
Version
X-Midtier
X-Environment-Context
X-L-Path
X-EdgeConnect-Cache-Status
X-Source
Accept-Language
X-HTML-Minification-Powered-By
Countrycode
X-Fastcgi-Cache
MS-CV
Ms-Operation-Id
X-RTag
Frame-Options
X-Datadome
From-Origin
X-Cache-Hit
X-Cache-Rule
X-Cache-Expired-At
X-Vgn-Hpd-Reason
Referer-Policy
Liferay-Portal
X-NYM-Debug-Backend
X-App-Server
Cross-Origin-Window-Policy
Backend
X-COUNTRY
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-IPS-LoggedIn
X-Nginx-Cache
X-FW-Version
Content-Secure-Policy
X-Hosted-By
Upgrade-Insecure-Requests
X-UPSTREAM-Address
Meta-Geo
X-RN-RSRV
X-Parallel-Accel
Section-Io-Cache
X-Generation-Time
X-Cache-Server
X-Unique-Id
X-FB-TRIP-ID
X-NewRelic-App-Data
X-PCL
X-Cache-Enabled
X-APP-VERSION
X-OCL
X-Format
Mn-Server-Ip
WP-Super-Cache
X-Content-Age
Webcakes-App-Version
X-Server-W
X-Origin-Hint
Azure-Version
Azure-SlotName
Azure-SiteName
X-Redis-Cache
TWC-Privacy
TWC-Locale-Group
X-AOL-HN
X-Be
X-Akamai-Edgescape
X-Section
X-UA-Device-Type
TWC-GeoIP-LatLong
Property-Id
Azure-RegionName
X-No-Session
X-Cluster-Node
X-Varnish-Cache-Hits
TWC-GeoIP-Country
TWC-Device-Class
X-Uri
X-Request-Time
X-Region
X-Access
Azure-InstanceId
TWC-Connection-Speed
Apigw-Requestid
X-Origin-Date
Webcakes-Region
Webcakes-App-Name
CF-IPCountry
X-Mode
X-BYPASS-REASON
X-Sql-Duration-Ms
X-PHP-Backend
Eomportal-Instance
X-ProxyCache-Key
X-Debug-Cache
X-Cache-Host
X-Human
X-Xfnlog-Site
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-Alternate-Cache-Key
Cache-Tv-Group
X-Nginx-Cache-Key
X-Sorting-Hat-ShopId
X-ProxyCache-Status
Locale
X-Urbn-Context-Path
X-ShopId
X-Sql-Count
S-Rt
X-Storage
X-Status
X-Ratelimit-Remaining
X-SayCDN-TTL
X-PHP-Host
X-Urbn-Site-Id
X-Labrador-Cache-Channel
X-Say-Cacheable
X-Say-TTL
X-Forwarded-Host
X-Content-Powered-By
X-Detected-As
X-Extlb
Ec-Rule-Version
X-AWS-Id
X-Backend-Name
X-ApacheServer
X-Platform-Server
Fastly-SSL
X-Cache-Tags
X-VWS-Id
X-Cache-Type
X-LJ-Flow-ID
X-Adobe-Source
X-Cache-Action
X-Routing-Service
X-Proxied
X-Generated-By
X-Web-Node
X-SaId
X-ServerID
X-Ua
X-Tid
X-Site-Version
X-Zipkin-Id
X-PERF
X-JoinUs
X-Locale
X-RemovedCookies
X-Handled-By
X-GG-Cache-Date
X-VC-Cache
X-Hl-Ver
X-ProcessESI
X-Cms-Context
X-Varnishpool
X-Via-Fastly
CDN-PullZone
X-Timing-Wait
CDN-Uid
CDN-RequestId
Load-Balancing
CDN-EdgeStorageId
Selected-Fe
X-Proxy-Build
CDN-CachedAt
CDN-Cache
CDN-RequestCountryCode
ServedBy
X-Storefront-Renderer-Rendered
X-Edge-Location
Webserver
X-GeoCode
X-GeoCountry
SRV
Mime-Version
X-App-Version
X-Proto
Web-Mar-Node
Fastly-Drupal-Html
X-LSADC-Cache
X-CDN-Forward
X-Rule
X-Dc
X-Cache-Operation
X-Cached-By
Onion-Location
X-Hyper-Cache
X-TT-LOGID
X-GEO
X-Cache-Remote
X-Rewrite-Enabled
SID
X-Cdn
X-Soup
X-Varnish-Hostname
X-Varnish-Ttl
Cache-Hits
X-SRV
X-Cluster
Xserver
X-Accel-Buffering
X-Pubstack
X-Origin-TTL
X-Reqid
X-TA-CDN-Provider
X-Origin-CC
X-Ratelimit-Limit
X-Envoy-Decorator-Operation
X-Magnolia-Registration
X-Varnish-Hits
Country-Code
Xet-Cookie
Server-Info
X-IPLB-Request-ID
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Buckets
X-MP-GENERATED-AT
X-Microcachable
X-CSRF-Token
Decoy-Debug-Key
Decoy-Debug-TTL
LB
Decoy-Debug-Status
Cache
DB-Nickname
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Request-Host
Source
X-Newrelic-Synthetics
X-Tt-Logid
X-Ms-Request-Id
X-Ms-Version
X-B3-SpanId
MD5-Digest
Meta-Geo-Continent
X-Origin-Response-Time
Cdnsip
Cdncip
DCR-Decision-By
Cmsid
Cmstype
Mobile-Detection-Method
BehaviorPad-Version
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Host-ID
Expiry
X-Via-NSCOPI
A
Lang
X-Cache-Id
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Processor
X-Rojux
X-S-Cookie
X-S
X-Orig-Expires
X-NAPM-TraceId
X-Gzip
X-Ftr-Request-Id
X-Hash
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-ScT
X-SD-PageType
X-Vdms-Version
X-Vdms-Path
X-VG-WebCache
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
X-User
X-TrackingId
X-Shop-Environment
X-Session-Fingerprint
X-SRCache-Key
X-Tenant
X-TIM-N
X-Forwarded-Path
X-External-Request-Id
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Aed
X-Application
X-AK-Request-ID
X-A-Dam
X-A-Ccd
Rendered-Blocks
Odigeo-Trace-Id
Sslversion
Surrogated-Key
T-Server
X-ARC
X-B-Cookie
X-Developer
X-Destination
X-Ec-Fail
X-Ec-GeoHdr
X-Esi-Check
X-Epic-Correlation-Id
X-D
X-Connection-Hash
X-Cdn-Srv
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Conf
NM-Fastcgi-Cache
X-A
X-Amz-Apigw-Id
X-Time
X-Amzn-RequestId
X-Tx-Id
X-Bc-Bl
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Fetched-On
X-Core-Mission
X-Fastly-Cache
X-DefElseHash
X-Origin-Expires
X-DefHash
Adler-Geo
Is-Eu
X-Fmm-Version
Producers
Platform
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Origin
X-NodeID
X-Irp-Debug
Environment
X-GeoIP
Machine
X-DPWN-IS-SECURE
Mail-Subject
X-Device-Os
X-Geo-Header
X-Node-Id
X-Rocket-Build-Number
X-Developers
X-Mvc-Supplant-Cachable
Fastly-GeoIP-CountryCode
Pramga
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Variation
X-V-Cache
X-SVT-ORM-VERSION
X-Via-Ucdn
X-WADP-Cache
Wxu-Next-Commit
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Region
State
X-SVT-ORM-RULES
X-Varnish-CookieHashed-On
X-Sigma-Backend
X-Cache-Bucket
X-Sigma
X-Cache-Info
X-CacheTTL
X-Cache-Backend
X-Server-IP
X-Varnish-Beresp-Grace
X-Skip-Cache
X-NCache
X-Azure-Ref
X-Eu-Site
X-Branch-Name
X-Datadog-Sampling-Priority
X-Cache-Date
X-CGP
V-Age
Vix-Hermes-Req-Id
X-Aicache-OS
Web-Mar-Region
X-Amzn-Remapped-Content-Length
X-BBC-Edge-Cache-Status
X-Datadog-Trace-Id
X-Block-Status
X-Datadog-Parent-Id
X-Dispatcher-Number
X-Cdn-Origin
X-Auto-Login
X-Core-Value
X-Csrf-Jwt
X-Minions-Version
X-Sn-Servicetimems
X-Slack-Backend
X-VG-TLSProxy
X-Viewer-Country
X-Wikidot-Backend
X-SIPLIST1
X-Served-From
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-SB
X-Scheme
X-Wikidot-Static-Cache
X-Worker
X-Wix-Viewer-Type
Cache-Key
Candidate-Md5Url
X-BCube-Filmed-By
X-TNCMS
X-Loop
Kp-EeAlive
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Loc
User-Cache-Control
HostName
X-Nyt-Route
X-LAGOON
X-Httpd
X-Gdpr
X-Gen-Mode
X-GeoIP-City
X-Hnp-Log
X-Origin-Time
X-Planisys-CDN-Cache
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Qloud-Router
X-RateLimit-Limit-Second
X-Pool
X-Policy
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Platform
X-Pod-Name
X-Forwarded-Site
X-Ec-Custom-Error
Memcached
N-Cache
L5d-Success-Class
L
IsBot
Origin
Origin-CC
Req-Svc-Chain
Server-Host
Release
Redirect-Candidate
Origin-EX
HA-Ipaddr
Ha-Gx-Prefs
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
AKAMAI
DynaTrace
CDCHOST
Ohc-File-Size
Fastly-SWR
Gh-Request-Id
Fastly-SIE
Fastcgi-Cache-TTL
Datacenter
Ssr
Apple-News-Services-Request-Url
Traceparent
Cache-Name
GEO-INFO
X-From
X-VarnishDD-TTL
X-Webstats-RespID
X-Gamma-Serve
Server-Ext
CDN
X-Thinkindot-L3
Cluster
CloudFront-Viewer-Country
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-Owner
Thinkindot-Control
X-Region-Sid
X-Scale
X-Rocket-Nginx-Serving-Static
X-Optimistic-Header
Server-Hostname
NGX
X-VServer
X-SplitTest
XM
Svr
X-Ad-Defer-Variation
X-Level-Front-Cache
X-Generated-On
VNS-Cache
X-R9-Blue-Green-Version
DSUID
Sever-Int
VNS-Age
X-HN
PFcat
CPC-Age
CPC-Cache
X-ZONE
X-Parent-Response-Time
X-Refresh
X-CS
X-WP-CF-Super-Cache-Cache-Control
X-Location
Fastly-Backend-Name
X-WP-CF-Super-Cache
X-Cache-Status-Check
X-WA-Info
Pics-Label
X-VC
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-KEY
X-Ah-Environment
Env
X-NC
X-Micro-Cache
Locid
X-Contensis-Viewer-Groups
X-Cache-ASPX
Ms-Author-Via
X-EC-Lua
X-LB-NoCache
Servername
X-Varnish-Authentication
X-Men
Arc-Country
X-Response-By
X-Udemy-Cache-App-Namespace
X-AIR-PT
X-RateLimit-Reset
AMP-Access-Control-Allow-Source-Origin
X-Edge-Pop
X-Old-Content-Length
Path
X-Servedbyhost
X-Mvc-Supplant-OutputCached
X-Amz-Meta-Cb-Modifiedtime
X-Webkit-Csp-Report-Only
Lb
X-Xrds-Location
X-TIME
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Via-Popn
X-Via-Popv
X-RSL
X-Srv
Cache-Host
X-Via-Poph
X-RPM
X-Generated-In
X-TraceId
X-DI
X-RPS
X-DSS
X-DB
Ngx.Var.Host
Memory
X-DW
Time
Ohc-Cache-HIT
ITXSESSIONID
X-Varnish-Beresp-TTL
X-Date
X-HA-Backend
X-Accel-Expires-Debug
X-Akamai-Transformed
X-Trace-ID
XkeyRZ
X-Proxy-CacheRZ
X-VCL-Version
X-DC
Client
GeoIp-Country-Code
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Api-Version
FSS-Cache
X-Clientip
True-Client-IP
X-S-Maxage
X-Vc
X-API-Version
X-Cache-Debug
X-Cs
X-VHOST
Server-ID
Geoip-Latitude
Fusion-Source
X-Zone
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Deployment-Id
X-Presslabs-Stats
CacheControlHeader
Hostname
X-Fpc
X-FireWall-Port
True-Client-Country-4JS
X-Dmc
X-TH-Server
X-Action
Powered-By
X-MSEdge-Features
X-Render-Time
X-MSEdge-Flight
X-Traceid
X-Backend-TTL
X-TX-ID
NtCoent-Length
X-PX
X-B3-Spanid
X-INCAP-ABP
C-Via
Edge-Cache
Geo-Info
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Req
Test
X-Gateway-Request-Id
Tcn
X-Gateway-Skip-Cache
Rip
X-NGINX-Cache
X-M-Reqid
Click-Count-Action-Start
X-FPC
Click-Count-Error
My-App
X-Cdn-Request-ID
X-Pass-Why
X-Qnm-Cache
Tube-Got-Eval
X-M-Log
X-Service
Tube-Return
Tube-Got-Results
Esi-Enabled
Tube-Get-Contents
X-CSRF-TOKEN
X-DynaTrace-JS-Agent
X-Origin-Upstream-Status
X-Correlation-ID
X-HS-Status
HIT
X-Beluga-Node
X-Beluga-Cache-Status
User-Agent
X-Beluga-Record
X-Beluga-Status
Server-Id
X-Webkit-CSP-Report-Only
X-Beluga-Trace
On-Server
X-Beluga-Response-Time
Cf-Int-Pingora-Origin-Digest
X-Alfa-Service
X-Vcl-Version
OT-Force-Account-Verify
X-Provided-By
Uri
X-Up
X-TRACE-ID
X-Proxy-Cache-Hk
Proxy-Connection
X-LB-ID
X-Via-PopN
Srvid
X-Check-Cacheable
GeoIP-Latitude
X-Ha-Backend
X-Akamai-Pragma-Client-IP
Resin-Trace
GeoIP-Country-Code
X-Via-PopV
X-Via-PopH
X-URL
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
Sid
Cdn
X-APP
X-Edge-Origin-Shield-Bytes
Srv
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-UnsetCookies
X-Edge-Origin-Shield-Region
X-RAMCache
X-CCDN-CacheTTL
X-Li-Fabric
Epwk-X-Cache
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-ServedByHost
DataCenter
X-Geo
X-Cdn-Forward
WebServer
WZWS-RAY
X-Fetch-By
X-ND-Cache
X-Time-Microsecs
X-Edge-POP
X-Backend-Host
X-Cache-Ttl
M-TraceId
MIME-Version
Warning
X-Esi
XServer
Server-Ttl
ENV
X-Lb-Nocache
ServerName
X-App
X-CUA
X-Fastly-Backend-Reqs
Cf-Device-Type
X-B3-Traceid-Primal
X-MG-S
X-HostName
Fastly-Drupal-HTML
Section-Origin-Responded
X-Yottaa-OS
PICS-Label
Section-Io-Origin-Time-Seconds
DT-Hot-News
X-Newrelic-App-Data
X-ATG-Version
X-Azure-Ref-OriginShield
X-Request-Url
Section-Io-Id
Section-Io-Origin-Status
X-Dw-Trace-Id
X-Fragments
X-Platform-Cluster
X-Serial
X-Platform-Processor
X-Platform-Router
X-ElasticPress-Query
Target-Params
Tracecode
X-HITS
X-LiteSpeed-Cache-Control
CF-Cached-On
Lfy
D-Url-Rewrites
Inserted-Into-Cache-At
X-Akamai-Request-ID
X-Iplb-Instance
X-Sucuri-Cache
X-Var-Ttl
X-Fastly-Backend
X-FC-Vary-Parameters
X-Nc
X-CF-Powered-By
X-Iplb-Request-Id
X-Sucuri-ID
X-Vcache
True-Client-Ip
Dt-Hot-News
X-Thanos
X-Bip
Cf-Ipcountry
Cdn-Requestcountrycode
Cdn-Pullzone
Cdn-Edgestorageid
Cdn-Cache
Servedby
Wp-Super-Cache
Cdn-Cachedat
X-Air-Pt
Cdn-Requestid
Cdn-Uid
X-Vercel-Id
Hit
X-UA
X-Vercel-Cache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Request-Start
Vha6-Origin
X-Cache-Expires
X-NU-AKA-ACS-Version
CountryCode
Content-Script-Type
X-Snapshot-Date
X-Varnish-Beresp-Status
X-Dist-Code
X-BBC-Origin-Response-Status
X-Release
Content-Style-Type
X-Back
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
Cneonction
Ngx
X-Th-Server
X-Storefront-Renderer-Verified
X-Request-URL
X-Wp-Cf-Super-Cache-Cache-Control