Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
Report-To
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
P3p
NEL
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Request-ID
EagleId
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-UA-Device
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Server
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
EagleEye-TraceId
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Accept-CH
X-Device
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
Rating
X-Country
X-B3-TraceId
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Trace
X-Url
Allow
X-Vname
X-Content-Type
X-PC
X-TtlSet
X-Aws-Lambda-Call-Status
X-Ac
X-Clacks-Overhead
X-Varnish-TTL
Edge-Control
X-Server-Name
Fastly-Restarts
X-ESI
X-Mod-Pagespeed
Cache-Tag
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
Verso
MS-Author-Via
X-Element-Page-Cache
X-Vcap-Request-Id
X-FastCGI-Cache
X-Upstream
X-Amz-Rid
X-MS-InvokeApp
Public-Key-Pins
X-GitHub-Request-Id
X-Dw-Request-Base-Id
X-Client-IP
X-Cached
X-Abt-Application-Version
X-D2id
X-Cache-TTL
RTSS
X-Cnection
X-Px
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Navigation-Version
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-Country-Code
X-Goog-Hash
X-NF-Request-ID
X-TTL
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Sol
Pagespeed
X-Middleton-Display
Display
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
AR-SID
X-CST
X-Version
X-Powered-CMS
X-Middleton-Response
Response
X-Origin-Cache
X-RateLimit-Remaining
X-LLID
X-MSEdge-Ref
Nginx-Cache
TCN
X-Kinsta-Cache
X-Edge-Location-Klb
X-Amz-Server-Side-Encryption
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Edge
X-Protected-By
X-T
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-For
X-Jurisdiction
X-Shield-Request-Id
X-HP-Webp
X-HP-Trace-Id
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Edge-Cache-Tag
X-Language
S
X-Aspnetmvc-Version
Content-MD5
SPIisLatency
SPRequestDuration
Front-End-Https
Fastcgi-Cache
X-Mid
X-Ruxit-Js-Agent
Realpath
X-Request-Received
Server-Node
X-Request-Processing-Time
Filters
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Frontend
X-Cache-Key
X-Recruiting
X-NWS-LOG-UUID
Server-Name
X-Ab
X-Content
X-Ua-Browser
X-Ser
X-MCACHE
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Template
X-DynaTrace
X-Correlation-Id
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Hits
X-Parallel-Accel
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-ECACHE
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cache-Tags
X-Daa-Tunnel
Charset
X-Page-Id
Host
X-B3-Sampled
Cleartype
X-Ttl
X-Www-Served-By
X-Git-Hash
X-Debug-Info
X-Geo-Country
X-DIS-Request-ID
X-Content-Options
Alternate-Protocol
X-Content-Digest
X-Amzn-Trace-Id
Accept-Ch
X-Hostname
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
X-Ratelimit-Limit
Cross-Origin-Opener-Policy
X-Amz-Replication-Status
X-ASPNET-VERSION
Filterid
X-DataDome
X-Grace
X-Varnish-Age
X-FB-Debug
ServerID
X-F-Cache
X-Accel-Expires
X-Upgrade-Enabled
X-Activity-Id
X-AppVersion
X-Az
X-VCache
X-XRDS-LOCATION
X-WebKit-CSP-Report-Only
X-N
X-Nginx-Upstream-Cache-Status
X-Rid
X-Forwarded-Proto
X-Mobile-URL
X-Origin-Server
Access-Control-Allow-Method
X-LB-Cache
X-Type
X-TT
X-Whom
X-Is-Crawler
X-Seen-By
X-Goog-Stored-Content-Length
X-Route-Name
X-Tb
X-Goog-Stored-Content-Encoding
X-Request-Guid
X-Providence-Cookie
X-GUploader-UploadID
X-Aspnet-Duration-Ms
X-App-Environment
Viewport
X-Distributor
X-Flags
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Ratelimit-Reset
X-Fastly-Request-Id
Payment
X-Varnish-Grace
X-Fastly-Request-ID
X-User-Agent
X-FW-Type
Node
X-FW-Hash
X-FW-Static
X-FW-Dynamic
X-FW-Server
X-FW-Serve
DC
X-Server-ID
Paypal-Debug-Id
Accept-Charset
X-Wix-Request-Id
Country
TP-L2-Cache
TP-Cache
Fastcgi-Useragent
X-Fastcgi-Cache
X-App-Server
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Cache-Rule
X-Cache-Control
X-Via-JSL
X-Cluster-Name
X-Litespeed-Cache
X-Webkit-Csp
X-Drupal-Cache-Tags
X-NGENIX-Cache
Version
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Age
X-Signature
X-B-Cache
X-Contextid
X-Buckets
Cache-Status
Referer-Policy
X-Logged-In
X-Node-Name
Refresh
VIX-Pulpo-Upstream-Status
X-Response-Served-From
SD-X-WS
Amp-Access-Control-Allow-Source-Origin
X-Mobile
X-Origin-Upstream-Status
VIX-Pulpo-Node
X-Original-Request-Id
X-Vgn-Hpd-Reason
X-Real-IP
X-Load-Cache
X-Jobs
X-Is-Bot
X-Rendered-As
X-Cache-Expired-At
NGB
X-Varnish-Backend
X-Cacheable-TTL
X-Erf-Bev-Bev
X-Debug
X-IPLB-Instance
X-Proxy-Cache-Status
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-B
X-Revision
Access-Control-Request-Headers
X-Rule
X-Page-View
X-UUID
X-Cache-Action
X-Proxy
X-Device-Type
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Framework
X-ProcessESI
X-RemovedCookies
Akamai-GRN
Surrogate-Key
X-Drupal-Cache-Contexts
X-G
X-Instance
X-Cache-Time
X-Debug-IsPreview
X-Debug-IsConnected
X-FW-Version
SID
X-Accel-Buffering
CF-IPCountry
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Cache-NGX
Count-Hit
X-Presslabs-Stats
X-Air-Source
Uber-Trace-Id
X-Air-Trace-Id
X-Nginx-Cache
GEO-INFO
X-Air-Hostname
X-Cache-Operation
X-Azure-Ref
X-Ms-Version
X-Ms-Request-Id
X-Source
X-RateLimit-Limit
X-PressLabs-Stats
X-EdgeConnect-Cache-Status
X-Zen-Fury
X-APP-VERSION
Protected
X-Trace-Id
X-XRDS-Location
Frame-Options
Liferay-Portal
DynaTrace
X-Cache-Hit
MS-CV
WPO-Cache-Status
WPO-Cache-Message
X-RTag
Ms-Operation-Id
X-CDN-Forward
X-Servername
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Ec-Rule-Version
Healthy
X-Hyper-Cache
X-Cache-TTL-Remaining
X-Backend-Name
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Countrycode
Content-Disposition
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Mode
X-Tumblr-User
Xserver
X-L-Path
X-Environment-Context
Backend
X-Adobe-Content
X-Adobe-Loc
X-Varnish-Server
X-UPSTREAM-Address
X-Cache-Grace
Meta-Geo
X-Detected-As
X-Rewrite-Enabled
X-JoinUs
X-SaId
X-RN-RSRV
X-Tid
LB
Url
Country-Code
Decoy-Debug-Key
X-Routing-Service
X-Redis-Cache
Apigw-Requestid
X-Content-Age
X-Ratelimit-Remaining
X-Zipkin-Id
Decoy-Debug-TTL
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Debug-Cache
X-Region
X-Sorting-Hat-PodId
X-Proxied
X-Cache-Server
X-ShopId
X-Shopify-Stage
X-Uri
X-Extlb
X-ShardId
Eomportal-Instance
Decoy-Debug-Status
X-Generation-Time
X-Format
X-OCL
X-UA-Device-Type
X-Origin-Date
X-PHP-Backend
X-PCL
CDN-RequestId
X-Hosted-By
X-Human
Mn-Server-Ip
X-Forwarded-Host
X-ApacheServer
X-Access
CDN-Uid
CDN-RequestCountryCode
X-Microcachable
X-NCache
CDN-Cache
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
X-No-Session
X-PERF
X-ServerID
Cache-Name
X-Via-Fastly
X-FB-TRIP-ID
X-Sql-Duration-Ms
X-Site-Version
Retry-After
X-Sql-Count
X-Section
X-Status
Fastly-SSL
X-SayCDN-TTL
X-Say-TTL
X-Pubstack
X-Web-Node
X-Akamai-Edgescape
X-Cluster-Node
Webcakes-App-Version
X-Timing-Wait
X-ProxyCache-Key
X-Say-Cacheable
X-NYM-Debug-Backend
TWC-Locale-Group
TWC-Privacy
X-ProxyCache-Status
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
Selected-Fe
TWC-Connection-Speed
TWC-Device-Class
X-Generated-By
X-Server-W
X-Cache-Host
X-BYPASS-REASON
X-Varnish-Beresp-Grace
X-Proxy-Build
X-Origin-Hint
X-Content-Powered-By
X-Cache-Type
Webcakes-Region
X-Storage
Cache-Tv-Group
X-NewRelic-App-Data
X-Soup
X-Hl-Ver
X-Varnishpool
X-R9-Blue-Green-Version
X-Be
Section-Io-Cache
Azure-SiteName
Azure-InstanceId
Azure-Version
X-Nginx-Cache-Key
Content-Secure-Policy
Azure-SlotName
Azure-RegionName
X-LSADC-Cache
X-TIME
X-Ua
X-Unique-Id
X-Cache-Remote
DB-Nickname
X-Webkit-CSP
X-Dc
X-Cached-By
X-Azure-Ref-OriginShield
X-Bc-Bl
X-Platform-Server
X-Xfnlog-Site
X-TT-LOGID
X-Akamai-Transformed
Cache
X-Auto-Login
Source
OT-Force-Account-Verify
From-Origin
X-Cache-Tags
Upgrade-Insecure-Requests
ServedBy
X-LAGOON
Xet-Cookie
X-Varnish-Cache-Hits
HostName
SRV
X-GEO
X-AOL-HN
X-Origin-TTL
X-ECache
X-Origin-CC
X-Request-Time
X-NWS-UUID-VERIFY
X-CSRF-Token
X-Cdn
Cache-Hits
X-Correlation-ID
X-Varnish-Hits
Mime-Version
X-Varnish-Hostname
X-Request-Host
X-Loop
X-TNCMS
WP-Super-Cache
X-S-Maxage
Webserver
Onion-Location
X-App-Version
X-HTML-Minification-Powered-By
X-EC-Lua
X-FireWall-Port
X-Time
X-Cache-Enabled
X-Akamai-Request-ID2
X-Tumblr-Pixel-2
Web-Mar-Node
S-Rt
X-Handled-By
X-Tumblr-Pixel-3
X-Http-Reason
N-Cache
X-Endurance-Cache-Level
X-RCS-CacheZone
X-Adobe-Source
X-Reqid
X-Origin-Response-Time
X-Proto
X-Tenant
X-SRV
X-B3-SpanId
V-Age
Vix-Hermes-Req-Id
Server-Info
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
User-Cache-Control
Redirect-Candidate
Rendered-Blocks
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Odigeo-Trace-Id
Pramga
Sslversion
Surrogated-Key
Mobile-Detection-Method
A
BehaviorPad-Version
DCR-Decision-By
Expiry
DCR-Processing-Time-Ms
X-Mg-Request-UUID
X-Cluster
X-S
X-Rojux
X-S-Cookie
X-ScT
X-SD-PageType
X-Processor
X-Planisys-CDN-TTL
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Session-Fingerprint
X-Shop-Environment
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-Slack-Backend
X-SRCache-Key
X-TIM-N
X-V-Cache
X-Orig-Expires
X-ND-Cache
X-CF-Lambda-Fn
X-Cache-NE
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Conf
X-Block-Status
X-Backend-TTL
X-Aed
X-Application
X-ARC
X-B-Cookie
X-Connection-Hash
X-D
X-GG-Cache-Date
X-Hnp-Log
X-Ig-Push-State
X-NAPM-TraceId
X-Gen-Mode
X-Ftr-Request-Id
X-Destination
X-Developer
X-External-Request-Id
X-Forwarded-Path
X-A-Wwc
X-Epic-Correlation-Id
X-Amz-Meta-S3cmd-Attrs
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
Nel
X-Locale
X-Edge-Location
X-Time-Microsecs
X-MP-GENERATED-AT
X-Magnolia-Registration
Origin
X-Location
X-Men
Origin-EX
X-GeoIP-Region-Code
X-Hash
X-Mvc-Supplant-Cachable
Origin-CC
Fastcgi-Cache-TTL
X-Origin
X-Origin-Expires
Gh-Request-Id
X-Old-Content-Length
X-GeoIP-Country-Code
X-Origin-Time
X-NodeID
X-Nyt-Route
X-Policy
X-Fetched-On
Wxu-Next-Hostname
Wxu-Next-Commit
X-Cache-Info
X-Cdn-Srv
Wxu-Next-Region
X-Cache-Date
X-Aicache-OS
X-Accel-Expires-Debug
X-Cache-Bucket
X-Core-Mission
True-Client-Country-4JS
X-Fastly-Cache
X-Proxy-Upstream
X-Forwarded-Site
X-Gdpr
State
Svr
Traceparent
X-Date
X-Device-Os
X-Geo-Header
Host-ID
X-Scheme
CacheControlHeader
X-VG-TLSProxy
X-Rocket-Nginx-Serving-Static
X-Viewer-Country
X-Webstats-RespID
X-SVT-ORM-RULES
Apple-News-Services-Request-Url
Arc-Country
CDCHOST
Apple-News-Services-Parsed-Url
AKAMAI
X-Server-IP
DSUID
X-SVT-ORM-VERSION
X-Request-URI
Apple-News-Services-Handled
Cmsid
Cmstype
Apple-News-Services-Host
Environment
X-Via-NSCOPI
CloudFront-Viewer-Country
X-TH-Server
X-Datadog-Trace-Id
X-VarnishDD-TTL
X-Developers
X-Datadog-Sampling-Priority
X-Thinkindot-L3
X-TrackingId
X-Core-Value
X-UnsetCookies
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Amzn-RequestId
X-Branch-Name
X-Restarts
X-Sn-Servicetimems
X-BBC-Edge-Cache-Status
AMP-Access-Control-Allow-Source-Origin
X-Fastly-Backend
X-Cdn-Origin
X-Amz-Apigw-Id
X-VServer
X-Cache-Id
X-Cache-Debug
X-CGP
X-Sigma-Backend
X-LI-UUID
X-Served-From
X-Li-Pop
X-Li-Fabric
X-Labrador-Cache-Channel
X-Level-Front-Cache
X-Node-Id
X-ATG-Version
X-Region-Sid
X-RateLimit-Limit-Second
X-Req
X-PHP-Host
X-Rocket-Build-Number
X-Owner
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Storefront-Renderer-Rendered
X-Skip-Cache
X-Sucuri-Cache
X-Eu-Site
X-Sucuri-ID
X-Esi-Check
X-Gamma-Serve
X-RateLimit-Remaining-Second
X-Gzip
X-HN
X-GeoIP-City
X-GeoIP
X-Generated-On
X-Sigma
X-Envoy-Decorator-Operation
X-Platform
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
We-Hiring
Machine
Thinkindot-Control
Locid
L
L5d-Success-Class
Web-Mar-Region
Mail-Subject
TDXMobile
X-Varnish-Ttl
Release
Req-Svc-Chain
PFcat
Ssr
Ha-Gx-Prefs
Server-Host
Fastly-GeoIP-CountryCode
HA-Ipaddr
Accept-Language
X-Srv
X-Zone
NM-Fastcgi-Cache
Memcached
X-Pod-Name
Adler-Geo
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Loc
X-Response-By
X-Variation
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-JWT-State
X-Is-Gdpr
Is-Eu
Fastly-SWR
Cf-Device-Type
X-Varnish-Beresp-Status
Platform
X-DefElseHash
X-Has-Esi
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
X-DefHash
Fastly-Drupal-Html
Fastly-SIE
X-Varnish-Beresp-Ttl
X-Amzn-Remapped-Content-Length
X-Xrds-Location
X-Backend-State
X-VC-Cache
X-Cache-Var-Map
Magicmarker
X-Tx-Id
X-Action
X-DB
X-RPS
X-RSL
X-Cache-Backend
X-RPM
X-DW
X-DI
X-DSS
NGX
X-NU-AKA-ACS-Version
X-Cache-Var
X-TraceId
X-CLOUD-TRACE-CONTEXT
X-Ua-Device
X-CS
X-Wix-Viewer-Type
Kp-EeAlive
Edge-Cache
X-NC
X-LB-ID
X-Up
X-Optimistic-Header
X-CacheTTL
X-LB-NoCache
X-Minions-Version
X-Request-Start
X-API-Version
X-Generated-In
CDN
Pics-Label
X-Mvc-Supplant-OutputCached
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Trace-ID
X-Thanos
X-Bip
Time
Ms-Author-Via
Memory
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-Tt-Logid
X-Edge-Pop
X-Refresh
Env
X-Via-Popv
X-Via-Popn
X-Cache-Config
WebServer
X-Via-Poph
X-TA-CDN-Provider
X-User
GeoIp-Country-Code
X-HA-Backend
X-Ec-GeoHdr
X-Ec-Fail
X-Parent-Response-Time
X-Servedbyhost
X-CACHE-KEY
X-DC
X-Esi
NtCoent-Length
X-Cs
Datacenter
Server-ID
Candidate-Md5Url
X-DynaTrace-JS-Agent
X-Vc
X-TX-ID
Cdnsip
X-AK-Request-ID
X-ZONE
Cdncip
X-Dynatrace
X-MSEdge-Features
X-MSEdge-Flight
Cluster
WWW-Authenticate
X-Varnish-Beresp-TTL
X-WADP-Cache
My-App
X-Fmm-Version
On-Server
X-Clara-WADP
DataCenter
X-Pass-Why
X-Datadome
Tracecode
Geoip-Latitude
Esi-Enabled
X-CUA
X-Cache-Ttl
X-From
X-Var-Ttl
T-Server
X-Li-Proto
X-VCL-Version
X-Fpc
Lfy
X-Traceid
X-App
X-URL
X-B3-Spanid
X-Webkit-Csp-Report-Only
X-Cache-PHP
Lang
X-FPC
X-Fragments
X-LI-Proto
X-Service
X-Vcl-Version
X-Unique-ID
C-Via
Geo-Info
X-VC
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
Proxy-Connection
Target-Params
X-Newrelic-Synthetics
X-Webkit-CSP-Report-Only
X-NODE
X-Provided-By
Test
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Mcache
Resin-Trace
X-RAMCache
X-Cache-Status-Check
X-Render-Time
X-LiteSpeed-Cache-Control
M-TraceId
Server-Id
MIME-Version
X-Ha-Backend
Permissions-Policy
X-CSRF-TOKEN
Servername
X-Httpd
WZWS-RAY
X-Proxy-Cache-Info
X-Geo
X-ID
Hostname
X-SB
X-Api-Version
Hit
X-Clientip
X-ServedByHost
FSS-Cache
Producers
X-Via-PopH
X-Via-PopN
GeoIP-Country-Code
X-Via-PopV
X-Dynatrace-Js-Agent
X-Udemy-Cache-App-Namespace
ENV
X-Cdn-Forward
X-Platform-Router
X-Edge-POP
X-Platform-Processor
X-Pad
X-Platform-Cluster
X-Pool
X-Scale
X-Edge-Cache
X-Fastly-Backend-Reqs
X-Ec-Custom-Error
X-LiteSpeed-Tag
X-Oss-Object-Type
X-Oss-Request-Id
HIT
Cache-Host
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
UCS
X-NGINX-Cache
X-Oss-Storage-Class
X-Ucs
X-UP
MD5-Digest
X-ElasticPress-Query
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Dispatcher-Number
X-HS-Status
S-Cnection
X-Info
Cneonction
X-AIR-PT
IsBot
URI
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Uri
Cf-Ipcountry
X-Acquia-Application-Trace
X-SIPLIST1
X-BBC-Origin-Response-Status
X-GoCache-CacheStatus
X-Cache-Expires
Server-Hostname
X-Via-Ucdn
Server-Ext
X-Check-Cacheable
PICS-Label
X-Lb-Nocache
ServerName
Sever-Int
X-Cache-CFC
X-Srcache-Fetch-Status
Ohc-File-Size
X-Srcache-Store-Status
X-Cms-Context
X-Fastly-Cache-Hits
X-Nc
Tcn
X-Micro-Cache
X-RateLimit-Reset
X-Swift-Error
X-Snapshot-Date
Cteonnt-Length
X-Cdn-Request-ID
Server-Ttl
User-Agent
X-Lb-Id
Fastly-Backend-Name
X-Release
X-Akamai-Path-Stats
X-Dw-Trace-Id
X-Akamai-ERPolicy
X-Wikidot-Backend
X-Akamai-ERRuleID
X-Yottaa-OS
X-Vcache
X-B3-ParentSpanId
Vha6-Origin
Wpo-Cache-Status
CF-Cached-On
Wpo-Cache-Message
X-Newrelic-App-Data
X-Wikidot-Static-Cache
X-Backend-Host
Ngx
X-ServerName
X-Cache-Ngx
Load-Balancing
X-HostName
X-Air-Pt
Sid
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Fetch-By
X-WA-Info
Inserted-Into-Cache-At
X-B3-Parentspanid
X-Litespeed-Cache-Control
X-APP
X-Apw-Hits
X-Cache-ASPX
X-BCube-Filmed-By
Shield-Pop
X-Apw-Access-Token
X-Apw-Access-Object
X-Contensis-Viewer-Groups
EpKe-Alive
X-Varnish-Authentication
X-Apw-Access-Action
X-Logging-Id
X-CacheKey
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
X-Last-Modified
X-Http-Count
X-Sentry-ID
X-UA
X-Akamai-Pragma-Client-IP
Req-ID
CountryCode
X-Akamai-Request-ID