Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
X-Rq
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
X-LiteSpeed-Cache
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
Allow
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-Response-Time
X-HW
Cf-Edge-Cache
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Rating
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Url
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
X-Rack-Cache
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-VARITI-CCR
X-Content-Type
Accept-Ch
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Amz-Rid
X-Dw-Request-Base-Id
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-Cnection
X-Ac
X-Px
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-Abt-Application-Version
X-RateLimit-Remaining
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Ser
Service-Worker-Allowed
X-Edge
X-Version
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
Access-Control-Request-Method
X-Correlation-Id
X-Goog-Hash
X-Ruxit-Js-Agent
X-Kinsta-Cache
X-Webkit-Csp
AR-SID
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-Request-ID
X-TTL
SPIisLatency
SPRequestDuration
X-Edge-Location-Klb
X-Upstream
X-Ttl
X-NWS-LOG-UUID
X-LLID
X-Cached
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Litespeed-Cache
Edge-Cache-Tag
SPRequestGuid
X-SharePointHealthScore
Nginx-Cache
X-RateLimit-Limit
X-Cache-Key
X-Forwarded-For
Content-MD5
TCN
Mrf-Cache-Status
MRF-Tech
X-MSEdge-Ref
X-Content-Security-Policy-Report-Only
X-Id
X-Shield-Request-Id
MS-Author-Via
X-B3-TraceId-Primal
X-Daa-Tunnel
X-T
X-Recruiting
S
X-Content-Digest
X-Mg-S
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ua-Device
X-TEC-API-ROOT
X-DataDome
X-Protected-By
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ezoic-Cdn
X-HS-Content-Id
X-HS-Hub-Id
X-Accel-Expires
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-HS-Combine-CSS
X-Ua-Browser
X-Content
X-Frontend
X-Ab
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Grace
X-Yandex-Sdch-Disable
Front-End-Https
Filters
X-Server-ID
X-ECACHE
Fastcgi-Cache
X-Mid
X-ORACLE-DMS-ECID
X-PressLabs-Stats
X-ORACLE-DMS-RID
X-DynaTrace
X-Origin-Server
X-Hits
X-Geo-Country
TP-Cache
TP-L2-Cache
X-Distributor
X-Debug-Info
X-Ratelimit-Reset
X-Amzn-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Pinterest-Rid
Cleartype
Pinterest-Version
Pinterest-Generated-By
Charset
Host
X-Page-Id
X-DIS-Request-ID
X-F-Cache
X-Git-Hash
Cross-Origin-Opener-Policy
X-Request-Handler-Origin-Region
X-Microsite
X-B3-Sampled
X-Www-Served-By
X-LB-Cache
X-Forwarded-Proto
X-Cache-Age
ServerID
Access-Control-Allow-Method
X-Seen-By
X-WebKit-CSP-Report-Only
Cache-Tags
X-Az
X-MCACHE
X-AppVersion
X-Aspnetmvc-Version
X-Activity-Id
Cache-Status
X-Cluster-Name
X-Kong-Proxy-Latency
Accept-Charset
X-Varnish-Age
X-Kong-Upstream-Latency
X-Language
Realpath
Filterid
Server-Name
X-Rid
X-Type
X-Content-Options
X-XRDS-LOCATION
X-Nginx-Upstream-Cache-Status
X-App-Environment
X-Oracle-Dms-Ecid
X-Varnish-Grace
X-Oracle-Dms-Rid
Country
X-Upgrade-Enabled
Node
X-Mobile-URL
Viewport
X-User-Agent
X-Origin-Cache
X-Tb
X-NWS-UUID-VERIFY
X-Route-Name
X-FB-Debug
X-Whom
X-B-Cache
Paypal-Debug-Id
DC
X-Drupal-Cache-Tags
Retry-After
X-Wix-Request-Id
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Request-Guid
X-Signature
X-Flags
X-Is-Crawler
X-TT
Protected
X-Goog-Generation
X-Varnish-Backend
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-VCache
Fastcgi-Useragent
X-Via-JSL
X-B
X-Cache-NGX
X-Fastly-Request-ID
X-Fastly-Request-Id
X-Fastcgi-Cache
X-Amz-Replication-Status
X-Debug
Payment
X-N
X-Contextid
X-Logged-In
X-Load-Cache
WPO-Cache-Message
WPO-Cache-Status
X-Template
Surrogate-Key
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Dynamic
X-Cache-Control
X-Amz-Meta-S3cmd-Attrs
Count-Hit
X-Node-Name
X-Trace-Id
X-XRDS-Location
Healthy
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Amp-Access-Control-Allow-Source-Origin
X-Browser-Type
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
Content-Disposition
Refresh
X-Mcache
Akamai-GRN
X-Proxy
X-Akamai-Request-ID2
X-Hostname
X-Is-Bot
X-Real-IP
X-Rendered-As
X-Zen-Fury
X-Revision
X-Cache-Time
X-UUID
X-G
X-Jobs
X-Http-Reason
X-Mobile
X-Page-View
X-Cacheable-TTL
X-Framework
X-Adobe-Loc
Uber-Trace-Id
X-Cache-TTL-Remaining
X-Adobe-Content
NGB
X-Debug-IsConnected
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
X-Instance
VIX-Pulpo-Upstream-Status
X-Device-Type
X-Debug-IsPreview
Alternate-Protocol
VIX-Pulpo-Node
Permissions-Policy
X-Yottaa-Optimizations
X-Yottaa-Metrics
Access-Control-Request-Headers
X-IPLB-Instance
Url
X-Servername
X-Source
X-ECache
X-Parallel-Accel
From-Origin
X-B3-Traceid
X-Cache-Grace
Version
X-Cache-Rule
X-Vgn-Hpd-Reason
X-Varnish-Server
X-Mg-Request-UUID
X-Oneagent-Js-Injection
Accept-Language
X-Cache-Hit
X-Environment-Context
X-L-Path
X-Restarts
X-Cache-Expired-At
X-NGENIX-Cache
X-EdgeConnect-Cache-Status
Referer-Policy
Countrycode
X-RTag
X-Ratelimit-Remaining
MS-CV
Ms-Operation-Id
X-App-Server
X-FW-Version
X-HTML-Minification-Powered-By
Cross-Origin-Window-Policy
X-Tumblr-User
X-NYM-Debug-Backend
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Frame-Options
X-IPS-LoggedIn
Liferay-Portal
X-Tumblr-Pixel-1
Backend
X-COUNTRY
X-Cache-Action
X-Nginx-Cache
X-ProcessESI
X-RemovedCookies
Content-Secure-Policy
CF-IPCountry
X-Datadome
WP-Super-Cache
Section-Io-Cache
Meta-Geo
Upgrade-Insecure-Requests
X-UPSTREAM-Address
X-RN-RSRV
X-Cache-Server
X-Redis-Cache
X-PCL
X-Generation-Time
X-Cache-Enabled
X-APP-VERSION
X-Format
X-FB-TRIP-ID
X-Content-Age
X-Access
X-No-Session
X-Ua
X-Detected-As
Ec-Rule-Version
X-OCL
Cache-Tv-Group
X-TT-LOGID
X-Section
X-Hyper-Cache
X-Say-Cacheable
X-Say-TTL
X-Request-Time
X-Uri
X-Region
X-Site-Version
X-Generated-By
Locale
Mn-Server-Ip
TWC-Privacy
X-Server-W
X-AOL-HN
Azure-SiteName
X-Urbn-Site-Id
X-Be
Webcakes-App-Version
Apigw-Requestid
Webcakes-Region
X-Akamai-Edgescape
Webcakes-App-Name
X-Cluster-Node
Azure-InstanceId
X-Urbn-Context-Path
Fastly-SSL
X-Human
X-SayCDN-TTL
X-UA-Device-Type
TWC-GeoIP-LatLong
X-Hosted-By
X-PHP-Backend
TWC-Locale-Group
Azure-Version
X-Varnish-Cache-Hits
TWC-GeoIP-Country
Azure-SlotName
TWC-Device-Class
X-Sql-Duration-Ms
TWC-Connection-Speed
X-Origin-Hint
X-Web-Node
X-Sql-Count
Azure-RegionName
X-Mode
S-Rt
X-Via-Fastly
Property-Id
X-Origin-Date
X-ApacheServer
X-ProxyCache-Key
X-Storage
X-Adobe-Source
CDN-Uid
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestId
CDN-PullZone
X-Webkit-CSP
CDN-EdgeStorageId
CDN-Cache
X-Cache-Tags
X-ProxyCache-Status
X-Content-Powered-By
X-Platform-Server
X-PERF
X-Status
X-Xfnlog-Site
X-BYPASS-REASON
Eomportal-Instance
X-Debug-Cache
X-Cache-Host
X-Forwarded-Host
X-Nginx-Cache-Key
X-ShopId
X-Shopify-Stage
X-Cache-Type
X-Tid
X-JoinUs
X-Varnishpool
X-SaId
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Hl-Ver
X-Handled-By
X-ShardId
X-Sorting-Hat-PodId
X-ServerID
X-Sorting-Hat-ShopId
X-Unique-Id
X-Extlb
X-Alternate-Cache-Key
X-Backend-Name
X-Rule
X-Labrador-Cache-Channel
X-Locale
X-NewRelic-App-Data
Webserver
X-GG-Cache-Date
X-Timing-Wait
Selected-Fe
X-Proxy-Build
X-PHP-Host
ServedBy
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Dc
X-Accel-Buffering
X-Cache-Operation
X-VC-Cache
X-Cache-Remote
X-Ratelimit-Limit
X-LSADC-Cache
X-Rewrite-Enabled
X-Midtier
SID
X-Edge-Location
X-Cached-By
X-Cms-Context
X-Soup
X-Proto
Xserver
Mime-Version
Web-Mar-Node
Fastly-Drupal-Html
X-Storefront-Renderer-Rendered
SRV
X-Pubstack
X-TA-CDN-Provider
X-CDN-Forward
X-App-Version
X-Buckets
X-Cdn
X-Reqid
Onion-Location
Country-Code
X-GEO
Load-Balancing
X-Request-Host
X-Varnish-Hostname
X-GeoCode
X-GeoCountry
X-Microcachable
Decoy-Debug-TTL
X-Origin-TTL
X-Origin-CC
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Hits
Server-Info
X-Cluster
LB
X-Tumblr-Pixel-3
X-Ms-Version
X-Tumblr-Pixel-2
Xet-Cookie
X-Ms-Request-Id
X-Varnish-Hits
X-MP-GENERATED-AT
X-CSRF-Token
X-Envoy-Decorator-Operation
X-Time
X-SRV
X-Magnolia-Registration
X-NCache
X-Air-Hostname
X-Air-Source
X-Bc-Bl
X-Air-Trace-Id
X-Amz-Apigw-Id
X-B3-SpanId
DynaTrace
X-Amzn-RequestId
X-Endurance-Cache-Level
X-RCS-CacheZone
X-Conf
X-Varnish-Beresp-Grace
X-HS-Content-Campaign-Id
X-Application
Odigeo-Trace-Id
BehaviorPad-Version
X-Connection-Hash
X-ARC
X-Ig-Push-State
X-B-Cookie
X-Gzip
X-Forwarded-Path
X-Ec-Fail
Cdncip
X-From
X-Ec-GeoHdr
X-Cache-NE
X-Epic-Correlation-Id
X-Esi-Check
X-External-Request-Id
X-Ftr-Request-Id
X-Cdn-Srv
X-Destination
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-D
X-Developer
A
X-Cache-Id
X-Cache-Bucket
X-Geo-Header
X-Hash
X-Rojux
X-R9-Blue-Green-Version
X-A
X-Vdms-Path
X-Vdms-Version
X-Vtex-Processado-Em
X-VG-WebCache
X-A-Ccd
Cdnsip
X-Tenant
X-SRCache-Key
X-TIM-N
X-A-Dam
X-TrackingId
X-Vtex-Remote-Cache
Host-ID
Mobile-Detection-Method
Meta-Geo-Continent
Pramga
Cache-Name
NM-Fastcgi-Cache
Rendered-Blocks
Sslversion
Xc-Version
X-Webstats-RespID
Lang
T-Server
Surrogated-Key
Fastcgi-X-Cache-Version
X-User
X-PAYTM-SRV-ID
DCR-Decision-By
X-Shop-Environment
DCR-Processing-Time-Ms
X-A-Wwc
X-Aed
X-Origin-Response-Time
DB-Nickname
X-AK-Request-ID
X-NAPM-TraceId
Cmsid
X-Orig-Expires
Cmstype
X-Processor
X-PBS-Appsvrname
Expiry
X-ScT
X-A-Dcw
X-Session-Fingerprint
X-A-Dgt
X-SD-PageType
X-S-Cookie
X-S
X-Azure-Ref
X-Varnish-Ttl
Source
X-ZONE
X-Cache-Backend
Wxu-Next-Hostname
Wxu-Next-Region
User-Cache-Control
X-Amzn-Remapped-Content-Length
Platform
X-Ckpd-Fst-Backend
X-Clara-WADP
Server-Host
Web-Mar-Region
Wxu-Next-Commit
We-Hiring
X-Block-Status
Producers
State
X-JWT-State
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-WADP-Cache
X-Wix-Viewer-Type
X-Worker
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Slack-Backend
X-Server-IP
X-TNCMS
X-V-Cache
X-Variation
Fastly-GeoIP-CountryCode
MD5-Digest
X-Sigma
X-Rocket-Build-Number
X-Sigma-Backend
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Node-Id
X-Fetched-On
X-Cache-Info
X-Core-Mission
X-Device-Os
X-Ec-Custom-Error
X-Scheme
X-SB
X-GeoIP
X-Gen-Mode
X-Has-Esi
X-Hnp-Log
X-Irp-Debug
X-Gdpr
X-Fastly-Cache
X-DefElseHash
X-DefHash
X-Developers
X-DPWN-IS-SECURE
X-Is-Gdpr
X-LAGOON
X-Origin-Time
X-Origin-Expires
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Origin
X-Nyt-Route
X-Location
X-Loop
X-Mvc-Supplant-Cachable
X-NodeID
X-Core-Value
X-Fmm-Version
Apple-News-Services-Handled
Adler-Geo
X-Tx-Id
Apple-News-Services-Host
Is-Eu
Environment
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Machine
AKAMAI
Memcached
Cache
CDN
Mail-Subject
X-Skip-Cache
HostName
X-Minions-Version
X-Served-From
X-Men
X-Datadog-Sampling-Priority
X-Dispatcher-Number
X-Loc
X-Pool
X-Datadog-Trace-Id
X-Rocket-Nginx-Serving-Static
X-Thinkindot-L3
X-Gamma-Serve
X-Platform
X-Httpd
CloudFront-Viewer-Country
X-Level-Front-Cache
X-VServer
X-Eu-Site
X-Generated-On
X-Forwarded-Site
X-GeoIP-City
X-Proxy-Cache-Info
Req-Svc-Chain
Release
X-Sn-Servicetimems
Ssr
Thinkindot-CacheControl
TDXMobile
Origin-EX
Origin-CC
X-Via-NSCOPI
X-Viewer-Country
Kp-EeAlive
X-VarnishDD-TTL
Origin
L
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Qloud-Router
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Datadog-Parent-Id
X-Pod-Name
X-Policy
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-BBC-Edge-Cache-Status
Traceparent
X-Request-URI
X-Cache-Date
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-CacheTTL
X-HN
Fastcgi-Cache-TTL
CDCHOST
Fastly-SWR
Fastly-SIE
X-Aicache-OS
X-Csrf-Jwt
Vix-Hermes-Req-Id
V-Age
L5d-Success-Class
Cluster
Svr
HA-Ipaddr
Arc-Country
X-Branch-Name
PFcat
Gh-Request-Id
X-Cdn-Origin
N-Cache
Locid
Redirect-Candidate
X-Auto-Login
Ha-Gx-Prefs
X-CGP
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Via-Ucdn
X-SIPLIST1
X-Optimistic-Header
X-Old-Content-Length
X-Response-By
Sever-Int
AMP-Access-Control-Allow-Source-Origin
Server-Ext
NGX
DSUID
IsBot
X-Scale
Server-Hostname
X-TraceId
X-EC-Lua
X-RPM
Pics-Label
X-WP-CF-Super-Cache
X-Parent-Response-Time
X-WP-CF-Super-Cache-Cache-Control
X-NC
X-CS
X-RPS
X-RSL
X-Refresh
X-IPLB-Request-ID
X-VC
X-Srv
X-Owner
X-DW
X-DI
X-DSS
X-DB
Ohc-File-Size
X-Accel-Expires-Debug
X-CACHE-KEY
X-Date
Time
X-Tb-Optimization-Total-Bytes-Saved
Memory
X-Ah-Environment
Ms-Author-Via
X-Akamai-Transformed
X-Udemy-Cache-App-Namespace
Servername
X-GeoIP-Region-Code
Cache-Key
Candidate-Md5Url
X-GeoIP-Country-Code
X-Edge-Pop
X-LB-NoCache
Env
X-Wikidot-Static-Cache
X-Wikidot-Backend
Datacenter
X-Newrelic-Synthetics
X-Mvc-Supplant-OutputCached
X-BCube-Filmed-By
X-Ad-Defer-Variation
X-Contensis-Viewer-Groups
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Debug
X-Cache-ASPX
GEO-INFO
X-Generated-In
Geo-Info
CPC-Age
CPC-Cache
X-SplitTest
VNS-Age
XM
VNS-Cache
X-Xrds-Location
X-TIME
X-Tt-Logid
X-Via-Popn
X-WA-Info
X-Via-Popv
X-Via-Poph
X-API-Version
GeoIp-Country-Code
Fastly-Backend-Name
X-Varnish-Authentication
X-Cache-Status-Check
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
X-Servedbyhost
ITXSESSIONID
Path
X-Micro-Cache
CacheControlHeader
X-S-Maxage
Lb
X-HA-Backend
X-RateLimit-Reset
X-TH-Server
Client
X-AIR-PT
Geoip-Latitude
X-Action
True-Client-Country-4JS
X-Backend-TTL
Ohc-Cache-HIT
X-Vc
Cache-Host
X-VCL-Version
X-VHOST
X-Cs
X-DC
Ngx.Var.Host
Server-ID
FSS-Cache
True-Client-IP
X-Trace-ID
X-Varnish-Beresp-TTL
X-Req
Hostname
Edge-Cache
X-Presslabs-Stats
X-Proxy-CacheRZ
X-Api-Version
XkeyRZ
My-App
X-TX-ID
X-Clientip
X-Provided-By
X-FireWall-Port
Powered-By
X-Fpc
X-Webkit-Csp-Report-Only
X-Pass-Why
X-Zone
X-Origin-Upstream-Status
X-B3-Spanid
NtCoent-Length
X-Up
X-FPC
X-PX
Test
X-Traceid
X-Varnish-Beresp-Ttl
X-LB-ID
DataCenter
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-MSEdge-Flight
X-Cdn-Request-ID
X-Dynatrace
X-CSRF-TOKEN
X-MSEdge-Features
X-Dmc
X-Correlation-ID
X-Beluga-Response-Time
X-Beluga-Record
X-Li-Fabric
X-Li-Pop
X-Beluga-Status
X-HS-Status
X-Beluga-Trace
X-LI-UUID
Server-Id
X-Render-Time
User-Agent
X-INCAP-ABP
X-Vcl-Version
X-UnsetCookies
X-Beluga-Cache-Status
X-Beluga-Node
X-Webkit-CSP-Report-Only
Rip
X-ND-Cache
WZWS-RAY
C-Via
Proxy-Connection
OT-Force-Account-Verify
X-CLOUD-TRACE-CONTEXT
X-Alfa-Service
X-Via-PopV
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-URL
Tube-Return
X-Gateway-Cache-Status
X-Time-Microsecs
X-Via-PopN
X-Gateway-Cache-Key
Click-Count-Action-Start
Srvid
X-CUA
Tube-Get-Contents
Tube-Got-Eval
X-Service
X-Ha-Backend
X-RAMCache
X-ServedByHost
Click-Count-Error
X-Via-PopH
Tube-Got-Results
X-Check-Cacheable
X-Geo
Tcn
X-Fragments
GeoIP-Latitude
Cf-Device-Type
X-Platform-Router
GeoIP-Country-Code
Esi-Enabled
Uri
Sid
X-Platform-Processor
X-Platform-Cluster
X-M-Log
Resin-Trace
Tracecode
X-Qnm-Cache
X-M-Reqid
Target-Params
HIT
MIME-Version
X-DynaTrace-JS-Agent
X-Akamai-Pragma-Client-IP
X-Proxy-Cache-Hk
Epwk-X-Cache
X-Sucuri-ID
X-CCDN-CacheTTL
X-Var-Ttl
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Lfy
X-FC-Vary-Parameters
X-Azure-Ref-OriginShield
X-LI-Proto
Srv
On-Server
X-Fetch-By
X-ATG-Version
X-Fastly-Backend
X-Sucuri-Cache
Fastly-Drupal-HTML
X-Cdn-Forward
X-TRACE-ID
ENV
X-Fastly-Backend-Reqs
X-Backend-Host
X-APP
Cdn
X-LiteSpeed-Cache-Control
X-Esi
Section-Io-Origin-Time-Seconds
X-Cache-Expires
X-B3-Traceid-Primal
X-Varnish-Beresp-Status
Section-Origin-Responded
X-Li-Proto
XServer
Section-Io-Origin-Status
X-Lb-Nocache
X-Edge-POP
Magicmarker
X-NU-AKA-ACS-Version
ServerName
X-Backend-State
Section-Io-Id
X-HostName
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MG-S
PICS-Label
X-Newrelic-App-Data
CF-Cached-On
X-App
X-ElasticPress-Query
Inserted-Into-Cache-At
X-Yottaa-OS
X-CF-Powered-By
D-Url-Rewrites
Wpo-Cache-Status
X-Acquia-Site
X-Acquia-Purge-Tags
X-Iplb-Request-Id
X-Vcache
WebServer
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Cache-CFC
X-Request-Start
Wpo-Cache-Message
Cf-Ipcountry
X-Nc
X-Iplb-Instance
Server-Ttl
X-Serial
Servedby
Warning
X-LiteSpeed-Tag
X-Fastly-Cache-Hits
X-Edge-Origin-Shield-Region
Content-Script-Type
X-Shopify-Generated-Cart-Token
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
M-TraceId
X-Vercel-Cache
X-Bip
X-Back
X-Edge-Origin-Shield-Bytes
X-Swift-Error
X-Vercel-Id
X-Th-Server
X-Litespeed-Cache-Control
X-Dist-Code
X-IN-APIGATEWAYSSL
X-Request-URL
Cneonction
X-Snapshot-Date
Ngx
X-IN-APIGATEWAY
X-BBC-Origin-Response-Status
CountryCode
X-Dw-Trace-Id
X-Request-Url
X-Storefront-Renderer-Verified
X-Release
Content-Style-Type
X-B3-Parentspanid
X-Thanos