Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
P3p
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Akamai-Path-Stats
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
X-HW
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Fastly-Restarts
X-MS-InvokeApp
Accept-Ch-Lifetime
X-Rack-Cache
X-Mod-Pagespeed
X-PC
X-Vname
X-TtlSet
X-Ruxit-JS-Agent
X-Clacks-Overhead
Accept-Ch
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-Varnish-TTL
Cache-Tag
X-Amz-Server-Side-Encryption
X-Content-Type
X-Vcap-Request-Id
X-B3-TraceId
X-Dw-Request-Base-Id
X-Amz-Rid
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
Public-Key-Pins
X-Use-Magma
X-Px
X-Cnection
X-D2id
X-Edge
X-RateLimit-Remaining
X-Ac
X-Navigation-Version
X-FastCGI-Cache
X-Element-Page-Cache
Verso
X-Ser
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Client-IP
X-Powered-By-Plesk
X-Abt-Application-Version
X-Cache-TTL
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Ttl
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Ruxit-Js-Agent
Access-Control-Request-Method
X-Goog-Hash
X-Content-Security-Policy-Report-Only
SPRequestDuration
SPIisLatency
X-Correlation-Id
X-Kinsta-Cache
X-Cached
X-Edge-Location-Klb
AR-SID
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-CACHE
X-SharePointHealthScore
SPRequestGuid
X-Upstream
X-Powered-CMS
X-LLID
Edge-Cache-Tag
X-RateLimit-Limit
X-Instrumentation
X-Server-Lifecycle-Phase
X-NWS-LOG-UUID
X-Kraken-Loop-Name
X-Forwarded-For
X-Cache-Key
Nginx-Cache
X-Litespeed-Cache
X-TTL
Content-MD5
X-Id
X-MSEdge-Ref
X-Shield-Request-Id
Mrf-Cache-Status
MRF-Tech
TCN
X-T
X-B3-TraceId-Primal
X-Recruiting
X-Daa-Tunnel
S
X-Content-Digest
X-DataDome
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Webkit-Csp
X-Mg-S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HP-Webp
X-HP-Trace-Id
X-Ua-Device
MS-Author-Via
X-Jurisdiction
X-Accel-Expires
X-ECACHE
X-WebKit-CSP-Report-Only
X-Protected-By
X-Ezoic-Cdn
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Grace
X-Content
X-Ab
X-Frontend
MicrosoftSharePointTeamServices
X-Ua-Browser
X-Request-Received
X-Request-Processing-Time
Server-Node
Front-End-Https
Filters
X-Yandex-Sdch-Disable
TP-Cache
TP-L2-Cache
X-DynaTrace
X-PressLabs-Stats
X-Server-ID
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Mid
X-Geo-Country
X-ORACLE-DMS-RID
X-Hits
X-Request-Handler-Origin-Region
X-Microsite
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
X-LB-Cache
Charset
Cleartype
Host
X-Debug-Info
X-Ratelimit-Reset
X-Page-Id
X-F-Cache
X-Git-Hash
X-B3-Sampled
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-DIS-Request-ID
X-Cache-Age
X-Www-Served-By
Access-Control-Allow-Method
Cache-Status
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Realpath
X-Seen-By
X-AppVersion
X-Activity-Id
X-Az
ServerID
X-Fastly-Request-Id
Accept-Charset
Cache-Tags
Filterid
X-Varnish-Age
X-XRDS-LOCATION
X-Cluster-Name
X-Aspnetmvc-Version
X-Nginx-Upstream-Cache-Status
X-Mcache
X-Rid
X-Language
X-Content-Options
X-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Retry-After
X-MCACHE
X-App-Environment
Country
Server-Name
X-FB-Debug
X-Upgrade-Enabled
Viewport
X-Varnish-Grace
DC
Paypal-Debug-Id
Node
X-User-Agent
X-Varnish-Backend
X-Tb
X-Origin-Cache
X-Whom
X-Drupal-Cache-Tags
X-B-Cache
X-Signature
X-GUploader-UploadID
X-TT
X-Wix-Request-Id
X-Mobile-URL
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Oracle-Dms-Ecid
X-Route-Name
X-VCache
X-Aspnet-Duration-Ms
X-Oracle-Dms-Rid
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-B
Protected
X-NWS-UUID-VERIFY
X-Oneagent-Js-Injection
Fastcgi-Useragent
Permissions-Policy
X-Debug
X-Logged-In
WPO-Cache-Message
X-Amz-Replication-Status
WPO-Cache-Status
Payment
X-N
X-Via-JSL
X-Amz-Meta-S3cmd-Attrs
X-Cache-NGX
X-Load-Cache
Surrogate-Key
X-Contextid
X-Cache-Control
Count-Hit
X-Node-Name
X-Template
X-ECache
Healthy
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
X-FW-Serve
X-FW-Dynamic
X-FW-Server
X-Webkit-CSP
X-FW-Hash
X-FW-Type
X-FW-Static
X-Mobile
X-Original-Request-Id
X-Response-Served-From
X-Trace-Id
SD-X-WS
Refresh
X-Proxy
Akamai-GRN
Content-Disposition
X-G
X-Jobs
X-XRDS-Location
X-Revision
X-Cache-Time
X-Real-IP
X-Akamai-Request-ID2
X-Cache-TTL-Remaining
Uber-Trace-Id
X-Framework
X-UUID
X-Zen-Fury
X-Rendered-As
X-Fastcgi-Cache
X-Restarts
X-Proxy-Cache-Status
NGB
VIX-Pulpo-Node
X-Is-Bot
X-Device-Type
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
Url
Alternate-Protocol
X-Hostname
X-Drupal-Cache-Contexts
X-Adobe-Loc
X-Debug-IsConnected
X-Instance
X-Page-View
X-Adobe-Content
X-Http-Reason
Access-Control-Request-Headers
X-Debug-IsPreview
X-Servername
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-NGENIX-Cache
X-Cache-Grace
X-Fastly-Request-ID
X-Mg-Request-UUID
X-Varnish-Server
X-IPLB-Instance
Version
X-L-Path
X-Environment-Context
X-EdgeConnect-Cache-Status
X-Midtier
X-Source
Accept-Language
X-HTML-Minification-Powered-By
X-RTag
Ms-Operation-Id
MS-CV
Countrycode
X-Cache-Rule
Frame-Options
X-Cache-Hit
X-Cache-Expired-At
From-Origin
X-Vgn-Hpd-Reason
Referer-Policy
Liferay-Portal
X-NYM-Debug-Backend
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Backend
X-Tumblr-Pixel-1
X-Nginx-Cache
X-IPS-LoggedIn
X-FW-Version
X-Parallel-Accel
X-APP-VERSION
X-COUNTRY
Content-Secure-Policy
X-Datadome
X-Hosted-By
X-Unique-Id
X-UPSTREAM-Address
Meta-Geo
X-RN-RSRV
X-Cache-Server
Upgrade-Insecure-Requests
Section-Io-Cache
X-RemovedCookies
X-PCL
X-Redis-Cache
X-Ua
X-No-Session
X-OCL
X-Generation-Time
X-ProcessESI
X-Region
X-PHP-Backend
X-Origin-Hint
X-Request-Time
X-Server-W
X-Via-Fastly
X-Cache-Enabled
X-FB-TRIP-ID
X-Content-Age
X-Varnish-Cache-Hits
X-Format
X-UA-Device-Type
X-Uri
X-Section
X-Access
WP-Super-Cache
Azure-Version
Mn-Server-Ip
Azure-SlotName
Azure-SiteName
Apigw-Requestid
Azure-InstanceId
Azure-RegionName
Property-Id
S-Rt
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Cluster-Node
TWC-Device-Class
CF-IPCountry
X-Mode
X-Debug-Cache
X-ProxyCache-Status
X-Content-Powered-By
X-Site-Version
X-Sql-Duration-Ms
X-Sql-Count
X-Cache-Action
X-ProxyCache-Key
X-Nginx-Cache-Key
X-ShardId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Human
X-Status
X-Locale
X-Alternate-Cache-Key
X-PERF
X-Storage
X-Origin-Date
X-ApacheServer
X-Be
Locale
Fastly-SSL
Cache-Tv-Group
Eomportal-Instance
X-Sorting-Hat-PodId
X-AOL-HN
X-Cache-Host
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Akamai-Edgescape
X-Xfnlog-Site
X-BYPASS-REASON
X-Cache-Type
X-Extlb
X-Backend-Name
X-NewRelic-App-Data
X-Detected-As
X-Routing-Service
X-Say-Cacheable
X-Generated-By
X-Say-TTL
X-SayCDN-TTL
X-PHP-Host
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Zipkin-Id
Ec-Rule-Version
X-Proxied
X-SaId
X-ServerID
X-Varnishpool
X-Tid
X-Hl-Ver
X-JoinUs
X-AWS-Id
X-Platform-Server
X-LJ-Flow-ID
X-VWS-Id
X-Web-Node
X-Cms-Context
X-Cache-Tags
X-Handled-By
X-Adobe-Source
Selected-Fe
CDN-CachedAt
X-GG-Cache-Date
X-Proxy-Build
CDN-Cache
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
X-Timing-Wait
CDN-Uid
CDN-EdgeStorageId
X-Ratelimit-Remaining
ServedBy
X-VC-Cache
X-Dc
X-Edge-Location
X-Storefront-Renderer-Rendered
Load-Balancing
X-Hyper-Cache
SRV
X-CDN-Forward
X-Proto
X-Rule
X-LSADC-Cache
X-Cache-Operation
Web-Mar-Node
X-GeoCountry
X-TT-LOGID
Onion-Location
Webserver
X-GeoCode
Fastly-Drupal-Html
X-App-Version
X-Cached-By
X-Cache-Remote
Mime-Version
X-Rewrite-Enabled
X-Varnish-Hostname
X-Soup
Cache-Hits
SID
X-TA-CDN-Provider
X-GEO
Xserver
X-Accel-Buffering
X-Cluster
X-Pubstack
X-Cdn
X-Reqid
X-Varnish-Ttl
X-Origin-CC
Country-Code
X-Origin-TTL
X-Varnish-Hits
Xet-Cookie
X-Envoy-Decorator-Operation
X-Microcachable
X-Air-Source
Server-Info
X-Air-Hostname
X-Air-Trace-Id
X-Buckets
X-Tumblr-Pixel-2
X-SRV
X-Ratelimit-Limit
X-Tumblr-Pixel-3
Decoy-Debug-Key
X-Magnolia-Registration
Decoy-Debug-TTL
X-MP-GENERATED-AT
X-CSRF-Token
Decoy-Debug-Status
X-IPLB-Request-ID
LB
X-Request-Host
DB-Nickname
X-Ms-Request-Id
X-Ms-Version
X-Amzn-RequestId
Cache
X-Amz-Apigw-Id
X-Endurance-Cache-Level
Source
Host-ID
Fastcgi-X-Cache-Version
BehaviorPad-Version
Expiry
X-VG-WebCache
Xc-Version
X-Vtex-Remote-Cache
Cmsid
A
X-Origin-Response-Time
Cdnsip
Cmstype
Cdncip
DCR-Processing-Time-Ms
X-Via-NSCOPI
DCR-Decision-By
X-Vtex-Processado-Em
Sslversion
X-Connection-Hash
X-Processor
X-D
X-Destination
X-Ec-Fail
X-Developer
X-Conf
X-CF-Lambda-Version
X-Cache-Id
X-S
X-Cache-NE
X-Cdn-Srv
X-CF-Lambda-Fn
X-Rojux
X-PBS-Appsvrname
X-Ec-GeoHdr
X-PAYTM-SRV-ID
X-Hash
X-HS-Content-Campaign-Id
X-Orig-Expires
X-NAPM-TraceId
X-Ig-Push-State
X-Gzip
X-Geo-Header
X-Esi-Check
X-Epic-Correlation-Id
X-External-Request-Id
X-Forwarded-Path
X-Ftr-Request-Id
X-B-Cookie
X-S-Cookie
Rendered-Blocks
Pramga
X-TrackingId
X-TIM-N
X-SRCache-Key
X-Tenant
Odigeo-Trace-Id
X-User
MD5-Digest
Lang
X-Vdms-Path
Meta-Geo-Continent
NM-Fastcgi-Cache
Mobile-Detection-Method
X-Shop-Environment
Surrogated-Key
X-ScT
X-A-Wwc
X-Aed
X-AK-Request-ID
X-ARC
X-Application
X-A-Dgt
X-SD-PageType
X-A-Ccd
T-Server
X-A-Dam
X-A-Dcw
X-Session-Fingerprint
X-Vdms-Version
X-A
X-NCache
X-Tt-Logid
X-Newrelic-Synthetics
X-Bc-Bl
X-Time
X-RCS-CacheZone
X-Tx-Id
X-B3-SpanId
Machine
X-Cache-Info
X-Cache-Bucket
Fastly-GeoIP-CountryCode
X-Ckpd-Fst-Backend
Environment
X-Clara-WADP
X-Cache-Backend
X-CacheTTL
Mail-Subject
Wxu-Next-Commit
We-Hiring
State
Server-Host
Wxu-Next-Hostname
Wxu-Next-Region
X-Amzn-Remapped-Content-Length
Memcached
X-Core-Mission
X-Varnish-Beresp-Grace
X-Device-Os
X-Sigma
X-Server-IP
X-Scheme
X-SB
X-Sigma-Backend
X-SVT-ORM-RULES
X-WADP-Cache
X-Via-Ucdn
X-V-Cache
X-SVT-ORM-VERSION
X-Rocket-Build-Number
X-Origin-Time
X-Fmm-Version
X-Fetched-On
X-Fastly-Cache
X-Developers
X-Gdpr
X-Irp-Debug
X-Origin
X-NodeID
X-Node-Id
X-Mvc-Supplant-Cachable
X-Core-Value
X-Nyt-Route
X-Skip-Cache
AKAMAI
DynaTrace
X-Azure-Ref
Cache-Name
CDN
HostName
X-R9-Blue-Green-Version
X-ZONE
X-Forwarded-Site
X-Gamma-Serve
X-Gen-Mode
X-Has-Esi
X-Generated-On
X-Hnp-Log
X-Level-Front-Cache
X-Loop
X-LAGOON
X-JWT-State
X-Is-Gdpr
X-HN
X-Dispatcher-Number
X-BBC-Edge-Cache-Status
X-Block-Status
X-Branch-Name
X-Auto-Login
Web-Mar-Region
V-Age
Vix-Hermes-Req-Id
X-Cache-Date
X-CGP
X-Minions-Version
X-Ec-Custom-Error
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Eu-Site
X-Planisys-CDN-TTL
Platform
Producers
X-DefElseHash
Is-Eu
Adler-Geo
X-Viewer-Country
X-Wix-Viewer-Type
X-DefHash
X-DPWN-IS-SECURE
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Worker
X-Varnish-CookieHashed-On
X-Variation
X-GeoIP
X-Origin-Expires
X-VG-TLSProxy
X-VarnishDD-TTL
X-Policy
X-Pool
X-Proxy-Upstream
X-Pod-Name
X-Platform
X-Planisys-CDN-Rules
User-Cache-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Thinkindot-L3
X-TNCMS
X-Slack-Backend
X-Served-From
X-Request-URI
X-Rocket-Nginx-Serving-Static
X-Planisys-CDN-Cache
X-Region-Sid
Kp-EeAlive
Redirect-Candidate
Apple-News-Services-Handled
L5d-Success-Class
CloudFront-Viewer-Country
Cluster
Svr
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Ssr
Apple-News-Services-Request-Url
Origin-CC
Origin-EX
PFcat
Release
Origin
Req-Svc-Chain
N-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
TDXMobile
L
Fastcgi-Cache-TTL
Thinkindot-Control
CDCHOST
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Traceparent
Candidate-Md5Url
Fastly-SIE
X-Aicache-OS
Cache-Key
X-Scale
NGX
Sever-Int
X-Optimistic-Header
Ohc-File-Size
X-Cdn-Origin
Datacenter
DSUID
Server-Ext
X-From
X-Owner
X-Httpd
X-GeoIP-City
Server-Hostname
X-BCube-Filmed-By
X-Rebelmouse-Cache-Control
X-VServer
X-Sn-Servicetimems
IsBot
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
X-Webstats-RespID
Fastly-SWR
X-Qloud-Router
X-Wikidot-Static-Cache
X-Proxy-Cache-Info
X-Wikidot-Backend
X-Loc
X-Cache-Status-Check
VNS-Age
X-Tec-Api-Origin
X-Location
Pics-Label
X-SplitTest
XM
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
VNS-Cache
X-Parent-Response-Time
GEO-INFO
X-Tec-Api-Root
X-Refresh
CPC-Age
X-Tec-Api-Version
X-Ad-Defer-Variation
CPC-Cache
AMP-Access-Control-Allow-Source-Origin
X-CS
Fastly-Backend-Name
X-WA-Info
X-NC
X-VC
X-Srv
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-KEY
Env
X-Ah-Environment
X-Cache-ASPX
Locid
X-Contensis-Viewer-Groups
Arc-Country
X-LB-NoCache
X-Micro-Cache
X-Men
X-Edge-Pop
Servername
X-AIR-PT
Lb
X-TIME
Ms-Author-Via
X-EC-Lua
X-Udemy-Cache-App-Namespace
Time
Memory
X-Response-By
X-Varnish-Authentication
X-TraceId
X-Old-Content-Length
X-Mvc-Supplant-OutputCached
X-DW
X-DI
X-DSS
Path
X-Servedbyhost
X-Generated-In
X-Amz-Meta-Cb-Modifiedtime
X-RPS
X-RSL
X-RPM
X-DB
X-Api-Version
X-Xrds-Location
Ngx.Var.Host
X-Date
Cache-Host
X-Akamai-Transformed
X-Via-Poph
GeoIp-Country-Code
X-Accel-Expires-Debug
X-Via-Popn
X-Via-Popv
Ohc-Cache-HIT
ITXSESSIONID
X-S-Maxage
X-GeoIP-Region-Code
X-HA-Backend
X-GeoIP-Country-Code
X-Varnish-Beresp-TTL
X-RateLimit-Reset
XkeyRZ
X-Proxy-CacheRZ
X-Vc
True-Client-IP
X-Cs
X-Cache-Debug
X-VCL-Version
FSS-Cache
Client
Geoip-Latitude
X-API-Version
X-Clientip
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
X-VHOST
X-Trace-ID
CacheControlHeader
X-DC
Server-ID
X-TH-Server
True-Client-Country-4JS
X-Correlation-ID
Hostname
X-Action
X-FireWall-Port
X-Presslabs-Stats
X-Backend-TTL
X-Zone
X-Dmc
X-Fpc
X-TX-ID
X-B3-Spanid
Geo-Info
X-Webkit-Csp-Report-Only
Powered-By
X-MSEdge-Features
X-MSEdge-Flight
X-Render-Time
Edge-Cache
NtCoent-Length
X-Req
X-DynaTrace-JS-Agent
X-INCAP-ABP
X-PX
X-Traceid
Test
Tcn
X-FPC
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Pass-Why
My-App
Rip
C-Via
X-Service
X-NGINX-Cache
X-M-Reqid
X-HS-Status
Click-Count-Error
X-Cdn-Request-ID
Server-Id
Click-Count-Action-Start
Tube-Return
X-CSRF-TOKEN
Tube-Got-Results
X-Qnm-Cache
Tube-Got-Eval
Tube-Get-Contents
Esi-Enabled
X-M-Log
HIT
X-Provided-By
X-Origin-Upstream-Status
X-Beluga-Cache-Status
On-Server
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Node
X-Beluga-Record
User-Agent
X-Up
X-Vcl-Version
X-Webkit-CSP-Report-Only
OT-Force-Account-Verify
X-Ha-Backend
X-Varnish-Beresp-Ttl
X-LB-ID
X-Via-PopH
X-Alfa-Service
Cf-Int-Pingora-Origin-Digest
X-Via-PopV
X-Via-PopN
X-TRACE-ID
Proxy-Connection
X-URL
Resin-Trace
Sid
Srvid
Uri
X-Proxy-Cache-Hk
WebServer
X-Check-Cacheable
X-CLOUD-TRACE-CONTEXT
DataCenter
X-APP
X-RAMCache
X-Li-Fabric
X-Geo
X-UnsetCookies
GeoIP-Latitude
X-Li-Pop
GeoIP-Country-Code
X-LI-UUID
X-Edge-Origin-Shield-Bytes
MIME-Version
X-Akamai-Pragma-Client-IP
X-CCDN-CacheTTL
Epwk-X-Cache
X-Edge-Origin-Shield-Region
X-LI-Proto
X-CCDN-Origin-Time
Srv
X-ServedByHost
Cdn
X-Time-Microsecs
X-Fetch-By
X-ND-Cache
X-Hcs-Proxy-Type
WZWS-RAY
X-Cdn-Forward
ENV
Fastly-Drupal-HTML
M-TraceId
Server-Ttl
X-CUA
X-Fastly-Backend-Reqs
X-Backend-Host
Warning
X-Esi
X-Lb-Nocache
X-B3-Traceid-Primal
X-Dynatrace
X-Fragments
X-Platform-Cluster
XServer
X-Platform-Router
X-ATG-Version
ServerName
Cf-Device-Type
X-App
Target-Params
X-Edge-POP
Tracecode
X-Platform-Processor
X-HostName
Dt-Hot-News
X-MG-S
PICS-Label
Lfy
X-ElasticPress-Query
X-Newrelic-App-Data
X-Azure-Ref-OriginShield
X-Var-Ttl
X-HITS
Section-Io-Id
Section-Io-Origin-Status
X-Sucuri-ID
X-Sucuri-Cache
X-Yottaa-OS
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Fastly-Backend
CF-Cached-On
X-FC-Vary-Parameters
Inserted-Into-Cache-At
X-Request-Url
D-Url-Rewrites
X-Request-URL
X-Cache-Expires
X-Serial
X-Iplb-Instance
X-Varnish-Beresp-Status
X-Dw-Trace-Id
X-Bip
X-Akamai-Request-ID
X-CF-Powered-By
X-Iplb-Request-Id
X-Thanos
X-Vcache
X-Nc
Cf-Ipcountry
X-LiteSpeed-Cache-Control
DT-Hot-News
Cdn-Uid
Cdn-Cachedat
Cdn-Edgestorageid
Cdn-Cache
Wp-Super-Cache
Servedby
Cdn-Pullzone
Cdn-Requestcountrycode
Cdn-Requestid
X-Vercel-Id
X-Wp-Cf-Super-Cache
True-Client-Ip
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Cache
X-Fastly-Cache-Hits
Content-Style-Type
X-Release
CountryCode
X-Snapshot-Date
X-BBC-Origin-Response-Status
X-Li-Proto
Magicmarker
X-Dist-Code
Content-Script-Type
X-Back
Ngx
X-Backend-State
X-NU-AKA-ACS-Version
X-Storefront-Renderer-Verified
X-Th-Server
Cneonction
Fastcgi-Cache-Ttl