Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
EagleId
X-Akamai-Path-Stats
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-UA-Device
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
X-WebKit-CSP
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
Accept-CH-Lifetime
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Content-Location
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
Fastly-Restarts
X-Country
X-MS-InvokeApp
X-Rack-Cache
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Accept-Ch
X-PC
X-TtlSet
X-Vname
Accept-Ch-Lifetime
X-Clacks-Overhead
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-Amz-Server-Side-Encryption
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Revision
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-D2id
X-FastCGI-Cache
X-Edge
X-Ac
X-RateLimit-Remaining
X-Navigation-Version
X-Ser
X-Element-Page-Cache
Verso
Pagespeed
Display
X-Abt-Application-Version
X-Sol
X-Middleton-Display
X-Client-IP
X-Powered-By-Plesk
X-Ttl
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-Correlation-Id
X-Middleton-Response
Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
X-Content-Security-Policy-Report-Only
SPIisLatency
SPRequestDuration
X-Ruxit-Js-Agent
X-Kinsta-Cache
X-Cached
AR-CACHE
AR-ATIME
X-Edge-Location-Klb
AR-PoweredBy
X-Ua-Device
AR-SID
AR-Request-ID
SPRequestGuid
X-SharePointHealthScore
X-Powered-CMS
X-Upstream
Edge-Cache-Tag
X-Instrumentation
X-Server-Lifecycle-Phase
X-LLID
X-Kraken-Loop-Name
X-NWS-LOG-UUID
X-RateLimit-Limit
X-Litespeed-Cache
X-Forwarded-For
X-Cache-Key
Nginx-Cache
Content-MD5
X-MSEdge-Ref
X-Shield-Request-Id
MRF-Tech
X-TTL
Mrf-Cache-Status
X-Id
TCN
X-T
X-Recruiting
X-B3-TraceId-Primal
S
X-Daa-Tunnel
X-Content-Digest
X-ECACHE
X-TEC-API-VERSION
X-DataDome
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-SRCache-Store-Status
X-Mg-S
X-SRCache-Fetch-Status
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-Grace
X-Ezoic-Cdn
MS-Author-Via
X-HS-Cache-Config
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-HS-Combine-CSS
X-HS-Content-Id
X-Protected-By
X-DynaTrace
X-Content
X-Ua-Browser
X-Frontend
X-Ab
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
TP-L2-Cache
TP-Cache
Server-Node
Front-End-Https
Filters
X-Server-ID
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-PressLabs-Stats
X-Mid
X-Geo-Country
X-Hits
X-Webkit-Csp
X-Request-Handler-Origin-Region
X-Microsite
X-Tt-Trace-Tag
X-LB-Cache
X-Tt-Trace-Host
X-Amzn-Trace-Id
X-Debug-Info
Host
Charset
Cleartype
X-F-Cache
X-Git-Hash
X-Page-Id
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Ratelimit-Reset
X-DIS-Request-ID
X-ORACLE-DMS-ECID
X-Cache-Age
Cache-Status
X-Www-Served-By
X-Seen-By
Access-Control-Allow-Method
X-ORACLE-DMS-RID
Realpath
X-AppVersion
X-Activity-Id
X-Az
Pinterest-Generated-By
ServerID
Pinterest-Version
X-Pinterest-Rid
X-Aspnetmvc-Version
Accept-Charset
X-Oracle-Dms-Ecid
X-Mcache
X-Varnish-Age
X-Fastly-Request-Id
X-Oracle-Dms-Rid
Cache-Tags
Filterid
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Rid
X-Content-Options
X-Type
X-Language
Retry-After
X-Kong-Proxy-Latency
X-App-Environment
X-FB-Debug
X-Kong-Upstream-Latency
Server-Name
Country
Node
X-Varnish-Backend
X-MCACHE
X-Tb
X-Upgrade-Enabled
Viewport
DC
Paypal-Debug-Id
X-Drupal-Cache-Tags
X-Varnish-Grace
X-User-Agent
X-Signature
X-B-Cache
X-TT
X-Wix-Request-Id
X-Origin-Cache
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Oneagent-Js-Injection
X-Mobile-URL
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Whom
X-Route-Name
X-VCache
X-Flags
X-B
X-XRDS-LOCATION
X-Aspnet-Duration-Ms
X-Request-Guid
X-Is-Crawler
X-Providence-Cookie
X-NWS-UUID-VERIFY
Protected
Permissions-Policy
X-Debug
Fastcgi-Useragent
X-Logged-In
X-Cache-NGX
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
WPO-Cache-Status
WPO-Cache-Message
X-N
X-Via-JSL
Payment
X-Load-Cache
Surrogate-Key
X-Cache-Control
X-Contextid
Amp-Access-Control-Allow-Source-Origin
Count-Hit
X-Webkit-CSP
Healthy
X-Node-Name
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-FW-Serve
X-Template
X-FW-Hash
X-FW-Type
X-FW-Server
X-FW-Dynamic
X-FW-Static
X-XRDS-Location
X-Mobile
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
Content-Disposition
X-Proxy
Refresh
Akamai-GRN
X-Trace-Id
X-Jobs
X-G
X-Restarts
X-Revision
X-Cache-Time
Url
X-Cache-TTL-Remaining
X-NGENIX-Cache
X-Akamai-Request-ID2
Uber-Trace-Id
Alternate-Protocol
X-Real-IP
X-Framework
X-UUID
X-Zen-Fury
VIX-Pulpo-Node
X-Adobe-Loc
X-Servername
NGB
X-Cacheable-TTL
X-Fastly-Request-ID
X-Debug-IsPreview
X-Is-Bot
X-Proxy-Cache-Status
X-Adobe-Content
X-Drupal-Cache-Contexts
X-Rendered-As
X-Device-Type
X-Debug-IsConnected
VIX-Pulpo-Upstream-Status
X-Hostname
X-Page-View
X-Cache-Grace
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-COUNTRY
X-Instance
X-Yottaa-Metrics
X-Http-Reason
X-Mg-Request-UUID
X-ECache
X-Varnish-Server
X-Midtier
X-IPLB-Instance
X-B3-Traceid
X-Environment-Context
X-L-Path
X-Source
Version
X-EdgeConnect-Cache-Status
Accept-Language
X-HTML-Minification-Powered-By
Countrycode
Ms-Operation-Id
MS-CV
X-RTag
Frame-Options
X-Fastcgi-Cache
From-Origin
X-Cache-Hit
X-Cache-Rule
X-Cache-Expired-At
X-Vgn-Hpd-Reason
Liferay-Portal
X-NYM-Debug-Backend
Referer-Policy
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Backend
X-Tumblr-User
X-APP-VERSION
X-Datadome
X-IPS-LoggedIn
X-FW-Version
Content-Secure-Policy
X-Hosted-By
X-Cache-Server
X-Unique-Id
Upgrade-Insecure-Requests
Meta-Geo
X-RN-RSRV
X-UPSTREAM-Address
X-Parallel-Accel
Section-Io-Cache
X-Cache-Enabled
X-Ua
X-OCL
X-Redis-Cache
X-No-Session
X-FB-TRIP-ID
X-NewRelic-App-Data
X-Nginx-Cache
X-Generation-Time
X-PCL
X-Origin-Date
WP-Super-Cache
X-AOL-HN
S-Rt
X-Uri
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
Mn-Server-Ip
Property-Id
X-Request-Time
TWC-Connection-Speed
X-Region
X-Server-W
X-UA-Device-Type
X-Section
Webcakes-Region
TWC-Device-Class
X-RemovedCookies
X-ProcessESI
X-PHP-Backend
X-Varnish-Cache-Hits
X-Be
Azure-RegionName
X-Via-Fastly
X-Origin-Hint
Apigw-Requestid
Azure-InstanceId
Azure-SiteName
X-Cluster-Node
X-Access
X-Format
Azure-Version
Azure-SlotName
TWC-GeoIP-Country
X-Akamai-Edgescape
TWC-GeoIP-LatLong
TWC-Locale-Group
CF-IPCountry
X-Content-Age
X-Mode
X-ProxyCache-Status
X-ProxyCache-Key
X-PERF
X-Say-Cacheable
X-Sorting-Hat-PodId
X-ShardId
X-SayCDN-TTL
X-ShopId
X-Shopify-Stage
X-Nginx-Cache-Key
X-Sorting-Hat-ShopId
X-Human
X-BYPASS-REASON
X-Cache-Host
X-ApacheServer
Locale
Eomportal-Instance
X-Content-Powered-By
X-Debug-Cache
X-Alternate-Cache-Key
X-Generated-By
X-Forwarded-Host
Cache-Tv-Group
X-Locale
X-Say-TTL
X-Xfnlog-Site
X-Urbn-Site-Id
X-Sql-Count
X-Sql-Duration-Ms
X-PHP-Host
X-Labrador-Cache-Channel
X-Urbn-Context-Path
Fastly-SSL
X-Site-Version
X-Storage
X-Ratelimit-Remaining
X-Status
X-Detected-As
X-Extlb
X-VC-Cache
Ec-Rule-Version
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Backend-Name
X-Cache-Type
X-Cms-Context
X-Web-Node
X-Tid
X-Routing-Service
X-SaId
X-Varnishpool
X-Proxied
X-Zipkin-Id
X-Cache-Tags
X-JoinUs
X-Adobe-Source
X-ServerID
X-Platform-Server
X-Hl-Ver
X-Cache-Action
X-Handled-By
X-GG-Cache-Date
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-EdgeStorageId
CDN-Cache
Load-Balancing
X-Timing-Wait
X-Proxy-Build
CDN-CachedAt
CDN-PullZone
Selected-Fe
X-Storefront-Renderer-Rendered
X-Edge-Location
ServedBy
X-Dc
X-Proto
SRV
X-GeoCountry
X-GeoCode
Webserver
X-Hyper-Cache
X-LSADC-Cache
Mime-Version
X-CDN-Forward
Fastly-Drupal-Html
Web-Mar-Node
Onion-Location
X-Rule
X-Cache-Operation
X-Cached-By
X-TT-LOGID
X-Cache-Remote
X-GEO
SID
X-Rewrite-Enabled
X-Varnish-Hostname
Cache-Hits
X-Soup
X-App-Version
X-Cdn
X-Varnish-Ttl
X-SRV
Xserver
X-Cluster
X-Accel-Buffering
X-Pubstack
X-Origin-CC
X-Origin-TTL
X-TA-CDN-Provider
X-Varnish-Hits
X-Reqid
X-Ratelimit-Limit
X-Magnolia-Registration
X-Envoy-Decorator-Operation
X-Air-Trace-Id
X-IPLB-Request-ID
LB
X-Air-Hostname
Xet-Cookie
X-Microcachable
Server-Info
X-Air-Source
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Buckets
Country-Code
X-Tumblr-Pixel-2
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Request-Host
Cache
DB-Nickname
Source
X-Ms-Version
X-Newrelic-Synthetics
X-Ms-Request-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-CSRF-Token
X-Tt-Logid
X-Tx-Id
X-Endurance-Cache-Level
X-B3-SpanId
Fastcgi-X-Cache-Version
A
X-Origin-Response-Time
X-Vdms-Path
X-TrackingId
Host-ID
X-User
X-Vdms-Version
Cmsid
DCR-Decision-By
Lang
DCR-Processing-Time-Ms
Xc-Version
X-Vtex-Remote-Cache
Cmstype
X-VG-WebCache
Cdncip
Cdnsip
X-Vtex-Processado-Em
Expiry
BehaviorPad-Version
T-Server
X-Developer
X-Destination
X-Ec-Fail
X-Ec-GeoHdr
X-Esi-Check
X-Epic-Correlation-Id
X-D
X-S
X-CF-Lambda-Fn
X-Cdn-Srv
X-CF-Lambda-Version
X-Conf
X-Connection-Hash
X-Rojux
X-External-Request-Id
X-Orig-Expires
X-NAPM-TraceId
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Ftr-Request-Id
X-Forwarded-Path
X-Geo-Header
X-Gzip
X-Hash
X-Cache-NE
X-Cache-Id
X-SRCache-Key
Rendered-Blocks
X-Shop-Environment
X-Session-Fingerprint
X-SD-PageType
Pramga
X-Tenant
Mobile-Detection-Method
Meta-Geo-Continent
X-TIM-N
NM-Fastcgi-Cache
Odigeo-Trace-Id
Sslversion
Surrogated-Key
X-Application
X-AK-Request-ID
X-S-Cookie
X-ARC
X-B-Cookie
X-Aed
X-A-Wwc
X-A
X-ScT
X-A-Dam
X-A-Dcw
X-A-Dgt
MD5-Digest
X-A-Ccd
X-Bc-Bl
X-Via-NSCOPI
X-NCache
X-RCS-CacheZone
X-Core-Value
Fastly-GeoIP-CountryCode
X-DefElseHash
Is-Eu
X-Clara-WADP
Machine
X-Ckpd-Fst-Backend
X-DefHash
X-Core-Mission
Environment
X-Fastly-Cache
X-Fetched-On
X-Fmm-Version
X-Server-IP
X-Sigma
Mail-Subject
X-Device-Os
X-DPWN-IS-SECURE
X-Sigma-Backend
X-SVT-ORM-RULES
X-Varnish-Remaining-TTL
X-Amzn-Remapped-Content-Length
X-WADP-Cache
Server-Host
State
X-Via-Ucdn
We-Hiring
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Worker
X-SVT-ORM-VERSION
X-Cache-Info
X-Scheme
X-Cache-Bucket
Platform
X-Variation
X-V-Cache
Producers
Memcached
X-Developers
X-Skip-Cache
X-Rocket-Build-Number
X-GeoIP
X-Mvc-Supplant-Cachable
X-Origin-Expires
X-Irp-Debug
X-Origin-Time
Adler-Geo
X-SB
AKAMAI
X-Nyt-Route
X-Origin
X-NodeID
X-Gdpr
X-Node-Id
X-Varnish-Beresp-Grace
CDN
X-Time
Cache-Name
X-Planisys-CDN-Cache
X-Auto-Login
X-Region-Sid
X-BBC-Edge-Cache-Status
X-Block-Status
X-Branch-Name
X-Cache-Backend
X-Rebelmouse-Surrogate-Control
X-Pool
X-Xrds-Location
X-RateLimit-Limit-Second
X-Proxy-Cache-Info
X-Proxy-Upstream
Vix-Hermes-Req-Id
X-Qloud-Router
Web-Mar-Region
X-Policy
X-R9-Blue-Green-Version
X-Cache-Date
X-Platform
X-Planisys-CDN-TTL
X-Aicache-OS
X-Rebelmouse-Cache-Control
X-VarnishDD-TTL
X-Pod-Name
X-RateLimit-Remaining-Second
X-Planisys-CDN-Rules
X-Cdn-Origin
V-Age
X-GeoIP-City
X-HN
X-Hnp-Log
X-Datadog-Trace-Id
X-Httpd
X-Dispatcher-Number
X-Ec-Custom-Error
X-Served-From
X-Forwarded-Site
X-Gamma-Serve
X-Gen-Mode
X-Generated-On
X-Eu-Site
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Loc
X-CGP
X-Minions-Version
X-ZONE
X-Request-URI
X-CacheTTL
X-Level-Front-Cache
X-Rocket-Nginx-Serving-Static
X-Slack-Backend
X-SIPLIST1
X-Csrf-Jwt
X-LAGOON
X-Sn-Servicetimems
X-Thinkindot-L3
X-VG-TLSProxy
Fastly-SWR
Gh-Request-Id
Fastly-SIE
Fastcgi-Cache-TTL
Datacenter
Cache-Key
Ha-Gx-Prefs
HA-Ipaddr
N-Cache
DynaTrace
Kp-EeAlive
L
X-Wix-Viewer-Type
IsBot
X-Has-Esi
Ohc-File-Size
Apple-News-Services-Request-Url
X-TNCMS
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-BCube-Filmed-By
CDCHOST
X-Loop
User-Cache-Control
X-Is-Gdpr
Cluster
CloudFront-Viewer-Country
X-JWT-State
Candidate-Md5Url
Origin
L5d-Success-Class
Svr
X-Wikidot-Static-Cache
TDXMobile
X-Wikidot-Backend
Redirect-Candidate
Req-Svc-Chain
Ssr
Release
X-Viewer-Country
Thinkindot-CacheControl
PFcat
Origin-EX
Traceparent
Thinkindot-Control
Origin-CC
Thinkindot-CacheControl-Type
X-Azure-Ref
X-Cache-Status-Check
CPC-Cache
Sever-Int
DSUID
GEO-INFO
X-From
X-Scale
X-VServer
XM
CPC-Age
VNS-Age
NGX
Server-Ext
X-Ad-Defer-Variation
X-Owner
X-SplitTest
Server-Hostname
X-Optimistic-Header
VNS-Cache
X-Webstats-RespID
HostName
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Location
X-WP-CF-Super-Cache-Cache-Control
Fastly-Backend-Name
X-Parent-Response-Time
X-WP-CF-Super-Cache
X-WA-Info
X-Refresh
X-CS
Pics-Label
X-CACHE-KEY
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-ASPX
X-Micro-Cache
X-Ah-Environment
X-NC
X-AIR-PT
Locid
X-Contensis-Viewer-Groups
Env
X-VC
X-TIME
Ms-Author-Via
X-EC-Lua
X-Men
X-Varnish-Authentication
X-Response-By
X-LB-NoCache
X-Edge-Pop
Arc-Country
X-Udemy-Cache-App-Namespace
Servername
AMP-Access-Control-Allow-Source-Origin
X-Old-Content-Length
X-Servedbyhost
Time
Path
X-TraceId
X-Amz-Meta-Cb-Modifiedtime
Memory
Lb
X-Via-Poph
X-RPM
Ngx.Var.Host
Cache-Host
X-Via-Popn
X-Via-Popv
X-DB
X-Generated-In
X-DSS
X-DW
X-Mvc-Supplant-OutputCached
X-Srv
X-RSL
X-DI
X-RPS
Ohc-Cache-HIT
X-Akamai-Transformed
GeoIp-Country-Code
X-Accel-Expires-Debug
X-Date
ITXSESSIONID
X-Vc
XkeyRZ
X-Api-Version
X-Proxy-CacheRZ
X-Presslabs-Stats
X-RateLimit-Reset
X-Varnish-Beresp-TTL
True-Client-IP
X-S-Maxage
X-VCL-Version
Client
X-HA-Backend
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Geoip-Latitude
X-Cache-Debug
FSS-Cache
X-API-Version
X-Clientip
X-Cs
Hostname
X-VHOST
Server-ID
X-DC
X-Trace-ID
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
CacheControlHeader
X-Fpc
X-FireWall-Port
X-Zone
X-Dmc
True-Client-Country-4JS
X-Action
X-TH-Server
Powered-By
X-MSEdge-Flight
X-MSEdge-Features
X-Webkit-Csp-Report-Only
X-Render-Time
X-Backend-TTL
X-TX-ID
X-NGINX-Cache
X-INCAP-ABP
X-Traceid
X-PX
X-B3-Spanid
NtCoent-Length
X-CSRF-TOKEN
Edge-Cache
C-Via
X-DynaTrace-JS-Agent
X-Req
Rip
Geo-Info
X-Service
Tcn
Test
X-M-Reqid
X-HS-Status
Click-Count-Error
Tube-Get-Contents
X-Gateway-Request-Id
HIT
Tube-Got-Eval
Click-Count-Action-Start
My-App
Tube-Got-Results
Esi-Enabled
X-M-Log
X-Gateway-Skip-Cache
X-Qnm-Cache
X-Gateway-Cache-Status
X-FPC
X-Gateway-Cache-Key
Tube-Return
X-Cdn-Request-ID
X-Pass-Why
X-Correlation-ID
X-Origin-Upstream-Status
X-Beluga-Response-Time
X-Webkit-CSP-Report-Only
X-Beluga-Node
X-Beluga-Status
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Cache-Status
Server-Id
User-Agent
On-Server
X-Ha-Backend
OT-Force-Account-Verify
Cf-Int-Pingora-Origin-Digest
X-Vcl-Version
X-Alfa-Service
X-Provided-By
X-Up
X-Varnish-Beresp-Ttl
X-TRACE-ID
X-Via-PopV
X-Via-PopN
Uri
X-Proxy-Cache-Hk
X-Via-PopH
Resin-Trace
Srvid
Proxy-Connection
X-URL
X-LB-ID
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
GeoIP-Latitude
GeoIP-Country-Code
X-APP
Sid
X-Edge-Origin-Shield-Bytes
X-Akamai-Pragma-Client-IP
X-Li-Fabric
Epwk-X-Cache
X-CCDN-CacheTTL
X-Li-Pop
Cdn
X-Edge-Origin-Shield-Region
X-LI-UUID
Srv
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-ServedByHost
X-UnsetCookies
X-LI-Proto
X-RAMCache
DataCenter
X-Cdn-Forward
X-Geo
WebServer
X-ND-Cache
WZWS-RAY
X-Time-Microsecs
X-Backend-Host
M-TraceId
Server-Ttl
X-Fetch-By
X-ID
X-Esi
Warning
MIME-Version
X-Edge-POP
ServerName
X-Lb-Nocache
X-CUA
X-Fastly-Backend-Reqs
X-B3-Traceid-Primal
XServer
ENV
X-App
Cf-Device-Type
Dt-Hot-News
Fastly-Drupal-HTML
X-MG-S
X-HostName
X-ElasticPress-Query
X-Platform-Cluster
X-Platform-Processor
X-Newrelic-App-Data
X-Platform-Router
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-Yottaa-OS
X-Request-Url
PICS-Label
Section-Io-Origin-Time-Seconds
X-Fragments
CF-Cached-On
X-ATG-Version
Tracecode
Target-Params
X-HITS
X-Azure-Ref-OriginShield
X-Thanos
Inserted-Into-Cache-At
X-Akamai-Request-ID
X-Bip
X-Request-URL
D-Url-Rewrites
Cf-Ipcountry
X-FC-Vary-Parameters
X-LiteSpeed-Cache-Control
X-Sucuri-Cache
X-Sucuri-ID
X-Fastly-Backend
X-Iplb-Instance
Lfy
X-CF-Powered-By
X-Vcache
X-Iplb-Request-Id
X-Var-Ttl
X-Nc
X-Dw-Trace-Id
X-Serial
Cdn-Requestcountrycode
Cdn-Pullzone
Cdn-Requestid
DT-Hot-News
Cdn-Uid
Cdn-Edgestorageid
Servedby
Cdn-Cachedat
Cdn-Cache
Wp-Super-Cache
True-Client-Ip
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Vercel-Cache
X-Vercel-Id
Vha6-Origin
X-NU-AKA-ACS-Version
Content-Script-Type
CountryCode
X-Release
Content-Style-Type
X-Back
X-Storefront-Renderer-Verified
X-Th-Server
X-BBC-Origin-Response-Status
X-Dist-Code
Fastcgi-Cache-Ttl
Cneonction
Ngx
X-Cache-Expires
X-Varnish-Beresp-Status
X-Snapshot-Date
X-Fastly-Cache-Hits