Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Akamai-Path-Stats
X-Dns-Prefetch-Control
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-UA-Device
Host-Header
X-Proxy-Cache
X-Hacker
X-Rq
Grace
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-LiteSpeed-Cache
X-Amz-Version-Id
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-CST
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Cache-Lookup
X-Response-Time
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Url
Accept-Ch
Fastly-Restarts
Accept-Ch-Lifetime
X-Country
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-Vname
X-PC
X-TtlSet
X-Amz-Server-Side-Encryption
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-FastCGI-Cache
X-ESI
X-Server-Name
X-Edge
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-B3-TraceId
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Amz-Rid
X-Px
X-Dw-Request-Base-Id
X-ASPNET-VERSION
Public-Key-Pins
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Content-Security-Policy-Report-Only
X-Powered-By-Plesk
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Ac
X-Abt-Application-Version
Verso
X-Client-IP
X-Element-Page-Cache
X-Version
Arr-Disable-Session-Affinity
X-RateLimit-Remaining
X-Cache-TTL
X-GitHub-Request-Id
X-Ttl
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Middleton-Response
Response
X-Goog-Hash
X-Cached
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
X-Kinsta-Cache
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
X-Powered-CMS
AR-SID
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Instrumentation
X-Upstream
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Correlation-Id
X-LLID
Edge-Cache-Tag
X-WebKit-CSP-Report-Only
X-Forwarded-For
X-NWS-LOG-UUID
Content-MD5
X-Litespeed-Cache
X-TTL
X-Cache-Key
X-ECACHE
Nginx-Cache
X-Ruxit-Js-Agent
X-Id
X-RateLimit-Limit
X-Shield-Request-Id
X-MSEdge-Ref
TCN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Recruiting
S
MRF-Tech
Mrf-Cache-Status
X-T
X-Daa-Tunnel
X-Content-Digest
X-B3-TraceId-Primal
X-DataDome
X-Mg-S
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ua-Device
TP-Cache
TP-L2-Cache
X-Grace
X-Mcache
X-Accel-Expires
X-DynaTrace
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-Frontend
MicrosoftSharePointTeamServices
X-Protected-By
Front-End-Https
Filters
X-Yandex-Sdch-Disable
Server-Node
X-Request-Processing-Time
X-Ezoic-Cdn
X-Request-Received
X-Content
X-PressLabs-Stats
X-Ua-Browser
X-Ab
X-Distributor
X-Origin-Server
X-ORACLE-DMS-ECID
X-Hits
X-ORACLE-DMS-RID
Fastcgi-Cache
X-LB-Cache
X-Geo-Country
MS-Author-Via
X-Microsite
X-Request-Handler-Origin-Region
Charset
X-Amzn-Trace-Id
X-Mid
Host
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Webkit-Csp
X-Cache-Age
Cross-Origin-Opener-Policy
Cleartype
X-Page-Id
X-Git-Hash
X-F-Cache
Cache-Status
X-Forwarded-Proto
X-B3-Sampled
X-Fastly-Request-Id
Realpath
X-Debug-Info
X-Seen-By
X-Activity-Id
X-AppVersion
X-Az
Access-Control-Allow-Method
X-DIS-Request-ID
X-Ratelimit-Reset
X-Nginx-Upstream-Cache-Status
Permissions-Policy
X-Www-Served-By
Accept-Charset
X-Webkit-CSP
Filterid
X-Server-ID
Cache-Tags
ServerID
X-Aspnetmvc-Version
X-Varnish-Age
X-Content-Options
X-Cluster-Name
X-FB-Debug
X-Rid
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Retry-After
X-Type
Server-Name
X-Midtier
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Grace
X-Varnish-Backend
X-App-Environment
Country
X-User-Agent
X-B
X-Request-Guid
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Route-Name
X-Tb
X-Providence-Cookie
X-Whom
X-TT
Viewport
X-B-Cache
X-Wix-Request-Id
X-Drupal-Cache-Tags
X-Origin-Cache
X-Signature
X-VCache
DC
Paypal-Debug-Id
Node
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-GUploader-UploadID
X-Oneagent-Js-Injection
X-Debug
Fastcgi-Useragent
X-Upgrade-Enabled
X-Language
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NWS-UUID-VERIFY
X-Amz-Replication-Status
X-Logged-In
X-Mobile-URL
Protected
X-Cache-NGX
Payment
X-N
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-Load-Cache
WPO-Cache-Message
WPO-Cache-Status
X-Cache-Control
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Count-Hit
X-XRDS-LOCATION
Alternate-Protocol
X-XRDS-Location
Healthy
X-Contextid
X-NGENIX-Cache
X-Restarts
X-Node-Name
X-Via-JSL
X-Mobile
X-Proxy
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Content-Disposition
X-MCACHE
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Dynamic
Refresh
X-Jobs
X-G
Akamai-GRN
Url
X-Adobe-Content
X-Page-View
X-Cache-Time
Uber-Trace-Id
X-Revision
X-Servername
X-Zen-Fury
X-Real-IP
X-Adobe-Loc
X-UUID
X-Akamai-Request-ID2
X-Debug-IsPreview
X-Debug-IsConnected
X-Mg-Request-UUID
X-Rendered-As
X-Varnish-Server
X-Device-Type
VIX-Pulpo-Node
X-Is-Bot
VIX-Pulpo-Upstream-Status
X-Http-Reason
X-Framework
X-Cache-TTL-Remaining
X-Cacheable-TTL
Access-Control-Request-Headers
X-Cache-Grace
X-Proxy-Cache-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Drupal-Cache-Contexts
NGB
X-Environment-Context
X-L-Path
X-Instance
Frame-Options
X-HTML-Minification-Powered-By
X-Ratelimit-Remaining
X-Hostname
Version
X-IPLB-Instance
X-EdgeConnect-Cache-Status
X-COUNTRY
X-Template
X-Source
Referer-Policy
X-ECache
Countrycode
MS-CV
X-RTag
Ms-Operation-Id
X-B3-Traceid
Liferay-Portal
Accept-Language
X-Trace-Id
X-NYM-Debug-Backend
X-Datadome
X-Fastly-Request-ID
X-App-Server
X-Cache-Rule
X-Cache-Hit
X-Cache-Expired-At
Cross-Origin-Window-Policy
From-Origin
X-Tumblr-Pixel-0
X-Tumblr-User
Backend
X-Tumblr-Pixel
X-Hosted-By
X-Tumblr-Pixel-1
X-Unique-Id
X-Vgn-Hpd-Reason
X-IPS-LoggedIn
X-APP-VERSION
X-ProcessESI
X-RemovedCookies
X-Status
Load-Balancing
X-RN-RSRV
X-Nginx-Cache
Meta-Geo
Section-Io-Cache
X-Ratelimit-Limit
WP-Super-Cache
X-FW-Version
X-Cache-Server
X-UPSTREAM-Address
Upgrade-Insecure-Requests
X-FB-TRIP-ID
X-No-Session
X-VWS-Id
X-PCL
Content-Secure-Policy
X-LJ-Flow-ID
X-OCL
X-AWS-Id
X-Be
X-Access
S-Rt
X-Cache-Enabled
X-Ua
X-Section
X-Content-Age
Mn-Server-Ip
X-Via-Fastly
X-AOL-HN
Apigw-Requestid
X-Labrador-Cache-Channel
X-UA-Device-Type
X-Sql-Duration-Ms
X-Sql-Count
X-Content-Powered-By
X-Origin-Date
X-PHP-Backend
X-Region
CF-IPCountry
X-Redis-Cache
X-PHP-Host
X-Request-Time
X-Akamai-Edgescape
X-Mode
X-Platform-Server
X-PERF
X-Nginx-Cache-Key
X-ProxyCache-Key
X-ProxyCache-Status
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Human
X-Generated-By
X-BYPASS-REASON
X-ApacheServer
X-Adobe-Source
Locale
X-Cache-Tags
X-Cms-Context
X-Forwarded-Host
X-Format
X-Debug-Cache
X-Site-Version
X-Storage
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
Webcakes-Region
X-Cluster-Node
X-Varnish-Cache-Hits
X-Server-W
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Uri
X-Urbn-Site-Id
X-Urbn-Context-Path
X-VC-Cache
X-Xfnlog-Site
TWC-Device-Class
TWC-Connection-Speed
Property-Id
Eomportal-Instance
TWC-Privacy
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Tid
X-Storefront-Renderer-Rendered
X-Web-Node
Azure-SiteName
Azure-SlotName
Azure-RegionName
X-Hl-Ver
X-ServerID
X-Zipkin-Id
X-Varnishpool
X-Routing-Service
X-JoinUs
X-GeoCode
X-GeoCountry
X-GG-Cache-Date
X-Proxied
X-Extlb
Fastly-SSL
X-Cache-Type
X-Detected-As
X-SaId
Azure-InstanceId
X-Edge-Location
X-Generation-Time
X-Dc
X-NewRelic-App-Data
X-Cache-Host
X-Locale
Azure-Version
X-Handled-By
X-Proto
X-Backend-Name
X-Timing-Wait
Selected-Fe
X-Proxy-Build
CDN-Cache
CDN-EdgeStorageId
Cache-Tv-Group
X-CDN-Forward
CDN-CachedAt
CDN-RequestId
CDN-PullZone
ServedBy
CDN-RequestCountryCode
CDN-Uid
Fastly-Drupal-Html
Ec-Rule-Version
X-App-Version
Web-Mar-Node
Webserver
Onion-Location
X-LSADC-Cache
X-IPLB-Request-ID
X-GEO
X-Cache-Action
X-Magnolia-Registration
X-Varnish-Hostname
X-Tt-Logid
Cache-Hits
X-Cached-By
X-Envoy-Decorator-Operation
X-Cache-Operation
SRV
X-Cluster
X-Hyper-Cache
X-Cache-Remote
X-Air-Trace-Id
X-Air-Source
Mime-Version
X-Air-Hostname
X-Varnish-Hits
LB
X-Rewrite-Enabled
SID
X-Fastcgi-Cache
X-Cdn
X-Origin-CC
X-Origin-TTL
X-SRV
X-Soup
X-Parallel-Accel
X-Rule
Xet-Cookie
DB-Nickname
Cache
Xserver
Server-Info
X-Microcachable
Source
X-Accel-Buffering
X-MP-GENERATED-AT
X-Reqid
Country-Code
X-Pubstack
X-Xrds-Location
X-Tumblr-Pixel-2
X-Via-NSCOPI
X-TA-CDN-Provider
X-CSRF-Token
X-Buckets
X-Tx-Id
X-Tumblr-Pixel-3
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Skip-Cache
X-Cache-Status-Check
X-B3-SpanId
X-TT-LOGID
X-Endurance-Cache-Level
X-Origin-Response-Time
X-Request-Host
X-PAYTM-SRV-ID
X-Ec-GeoHdr
X-CF-Lambda-Version
X-Orig-Expires
Pramga
DCR-Decision-By
Cmsid
X-Ec-Fail
Cmstype
DynaTrace
Fastcgi-X-Cache-Version
X-D
X-Processor
Lang
Expiry
Rendered-Blocks
Cdnsip
DCR-Processing-Time-Ms
X-Developer
X-Destination
X-PBS-Appsvrname
X-NAPM-TraceId
X-Geo-Header
Odigeo-Trace-Id
X-Hash
X-Cache-NE
NM-Fastcgi-Cache
A
X-CF-Lambda-Fn
Mobile-Detection-Method
X-Connection-Hash
X-Ig-Push-State
X-Forwarded-Path
MD5-Digest
Candidate-Md5Url
X-Cdn-Srv
X-Epic-Correlation-Id
Host-ID
Cache-Key
Meta-Geo-Continent
X-External-Request-Id
BehaviorPad-Version
Cdncip
X-BCube-Filmed-By
X-User
X-TrackingId
X-A-Dgt
X-SD-PageType
X-Vtex-Remote-Cache
X-Vdms-Path
X-Session-Fingerprint
X-Vtex-Processado-Em
Surrogated-Key
X-A-Dcw
X-ScT
X-Aed
Xc-Version
X-A-Wwc
X-Rojux
X-Tenant
XM
X-TIM-N
T-Server
X-S-Cookie
X-S
X-Shop-Environment
Datacenter
X-A
Sslversion
X-A-Ccd
X-Application
X-AK-Request-ID
X-VG-WebCache
X-SplitTest
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Vdms-Version
X-ARC
X-B-Cookie
X-SRCache-Key
X-Conf
X-A-Dam
X-Newrelic-Synthetics
X-AIR-PT
X-Azure-Ref
AKAMAI
Adler-Geo
X-SB
X-DefElseHash
X-Worker
X-Varnish-Beresp-Grace
X-DefHash
X-Scheme
X-Sigma-Backend
X-SVT-ORM-RULES
X-Sigma
Mail-Subject
X-Device-Os
X-Developers
X-Esi-Check
X-Wix-Viewer-Type
Memcached
X-SVT-ORM-VERSION
X-DPWN-IS-SECURE
Environment
X-Fetched-On
X-Has-Esi
X-NodeID
State
Wxu-Next-Commit
We-Hiring
Platform
Redirect-Candidate
Is-Eu
Kp-EeAlive
X-Origin
X-Origin-Expires
X-Ckpd-Fst-Backend
X-Bc-Bl
Server-Host
X-Varnish-CookieINHashed-On
X-Variation
Producers
X-Varnish-Remaining-TTL
Wxu-Next-Region
Wxu-Next-Hostname
X-Ms-Version
X-CacheTTL
X-HS-Content-Campaign-Id
X-TNCMS
X-Ad-Defer-Variation
X-Varnish-CookieHashed-On
X-GeoIP
X-Rocket-Build-Number
X-Gzip
X-Ms-Request-Id
X-Irp-Debug
X-Loop
X-V-Cache
X-Is-Gdpr
X-Core-Mission
X-JWT-State
X-Cache-Id
X-Core-Value
X-Time
X-Clara-WADP
X-Block-Status
X-Branch-Name
X-BBC-Edge-Cache-Status
X-Aicache-OS
X-Cache-Bucket
X-Cache-Date
X-Cdn-Origin
X-Cache-Info
X-CGP
X-RateLimit-Limit-Second
X-Nyt-Route
X-Rebelmouse-Cache-Control
X-Gdpr
X-Amzn-Remapped-Content-Length
X-Rebelmouse-Surrogate-Control
X-Origin-Time
X-RCS-CacheZone
X-Policy
X-Platform
X-Pool
X-Qloud-Router
X-RateLimit-Remaining-Second
Fastly-Backend-Name
X-Region-Sid
X-Sn-Servicetimems
X-Slack-Backend
X-VG-TLSProxy
X-Thinkindot-L3
X-VarnishDD-TTL
X-SIPLIST1
X-VServer
X-Request-URI
X-Rocket-Nginx-Serving-Static
X-WADP-Cache
X-Served-From
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Fmm-Version
X-Fastly-Cache
X-Forwarded-Site
X-Ftr-Request-Id
X-Gamma-Serve
X-Eu-Site
X-Ec-Custom-Error
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Dispatcher-Number
X-Gen-Mode
X-Generated-On
X-Mvc-Supplant-Cachable
X-Minions-Version
X-NCache
X-Node-Id
X-Planisys-CDN-Cache
X-Loc
X-Level-Front-Cache
X-GeoIP-City
X-HN
X-Hnp-Log
X-LAGOON
X-Csrf-Jwt
Traceparent
IsBot
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
X-Varnish-Ttl
Machine
N-Cache
Origin-EX
Origin-CC
Origin
NGX
Fastly-SWR
Fastly-SIE
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
CDCHOST
CloudFront-Viewer-Country
Fastly-GeoIP-CountryCode
Fastcgi-Cache-TTL
CPC-Cache
CPC-Age
PFcat
L
Thinkindot-CacheControl
TDXMobile
Svr
Ssr
Thinkindot-CacheControl-Type
Thinkindot-Control
VNS-Age
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
Sever-Int
X-EC-Lua
VNS-Cache
Server-Ext
Server-Hostname
Release
Req-Svc-Chain
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Pod-Name
X-Via-Ucdn
X-Optimistic-Header
X-Viewer-Country
X-Cache-Backend
X-Auto-Login
X-Micro-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
DSUID
Cache-Name
X-WA-Info
X-Owner
Gh-Request-Id
Web-Mar-Region
X-Scale
HostName
Cluster
Ohc-File-Size
X-R9-Blue-Green-Version
X-Correlation-ID
CDN
X-WP-CF-Super-Cache
Pics-Label
X-WP-CF-Super-Cache-Cache-Control
X-ZONE
Cache-Host
Ngx.Var.Host
X-VC
X-Httpd
X-Refresh
GEO-INFO
X-Server-IP
X-CS
X-Proxy-CacheRZ
X-CACHE-KEY
XkeyRZ
Servername
X-LB-NoCache
X-Ah-Environment
X-NC
Path
X-TIME
X-Parent-Response-Time
Ms-Author-Via
X-Webstats-RespID
X-From
X-Edge-Pop
X-Cache-ASPX
X-Mvc-Supplant-OutputCached
Env
X-Contensis-Viewer-Groups
X-Servedbyhost
X-Udemy-Cache-App-Namespace
X-Srv
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Authentication
X-Location
Time
X-RateLimit-Reset
X-Generated-In
Memory
X-Clientip
Lb
X-Via-Poph
X-TraceId
X-Via-Popn
Locid
X-API-Version
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popv
Ohc-Cache-HIT
X-Varnish-Beresp-TTL
X-Response-By
X-S-Maxage
Arc-Country
X-Men
ITXSESSIONID
GeoIp-Country-Code
X-Vc
AMP-Access-Control-Allow-Source-Origin
True-Client-IP
X-Dmc
X-Akamai-Transformed
X-Cs
X-Old-Content-Length
X-RPS
X-DB
X-RPM
X-Date
X-RSL
X-DI
Client
X-DW
X-VCL-Version
Server-ID
X-HA-Backend
Geoip-Latitude
X-DSS
X-Accel-Expires-Debug
X-Zone
Hostname
X-VHOST
X-MSEdge-Features
X-Tec-Api-Version
X-Fpc
X-Tec-Api-Origin
X-Trace-ID
X-Render-Time
X-Tec-Api-Root
X-DynaTrace-JS-Agent
X-MSEdge-Flight
X-TRACE-ID
X-URL
X-INCAP-ABP
X-Gateway-Cache-Status
X-Presslabs-Stats
X-Gateway-Request-Id
X-GeoIP-Region-Code
Rip
X-Service
X-Gateway-Cache-Key
X-GeoIP-Country-Code
C-Via
X-Gateway-Skip-Cache
X-Cache-Debug
Tube-Got-Results
Tube-Get-Contents
Click-Count-Error
Click-Count-Action-Start
Tube-Got-Eval
FSS-Cache
X-FireWall-Port
Tube-Return
X-DC
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-M-Reqid
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
X-Qnm-Cache
X-M-Log
On-Server
Powered-By
NtCoent-Length
HIT
Esi-Enabled
X-Api-Version
X-Webkit-Csp-Report-Only
X-TX-ID
X-NGINX-Cache
X-PX
X-B3-Spanid
CacheControlHeader
X-CSRF-TOKEN
Srv
X-Alfa-Service
X-TH-Server
Test
X-Action
Tcn
X-Edge-Origin-Shield-Bytes
True-Client-Country-4JS
X-Edge-Origin-Shield-Region
X-FPC
X-Proxy-Cache-Hk
X-Cdn-Request-ID
OT-Force-Account-Verify
X-Backend-TTL
Cdn
X-Traceid
X-HS-Status
X-Vcl-Version
Server-Id
X-Check-Cacheable
Edge-Cache
X-Beluga-Trace
Geo-Info
X-Beluga-Cache-Status
User-Agent
X-Beluga-Node
X-Beluga-Record
X-Beluga-Status
X-Beluga-Response-Time
X-Akamai-Pragma-Client-IP
X-Pass-Why
X-Varnish-Beresp-Ttl
GeoIP-Country-Code
GeoIP-Latitude
Sid
X-Via-PopH
X-Req
X-Via-PopN
X-Via-PopV
X-Origin-Upstream-Status
Resin-Trace
My-App
X-App
Srvid
X-Ha-Backend
Proxy-Connection
Uri
WebServer
X-CLOUD-TRACE-CONTEXT
DT-Hot-News
M-TraceId
Server-Ttl
X-APP
MIME-Version
Cf-Int-Pingora-Origin-Digest
X-ServedByHost
X-Up
X-Thanos
Epwk-X-Cache
X-Bip
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Cdn-Forward
X-Request-Start
X-LB-ID
ENV
True-Client-Ip
X-Backend-Host
X-Fastly-Backend-Reqs
X-Provided-By
Warning
X-ID
X-Esi
X-B3-Traceid-Primal
XServer
X-Edge-POP
X-LI-Proto
X-Li-Pop
X-LI-UUID
X-Lb-Nocache
X-Geo
ServerName
X-Li-Fabric
Dt-Hot-News
X-HostName
X-Serial
Section-Origin-Responded
X-ElasticPress-Query
X-RAMCache
Section-Io-Origin-Time-Seconds
X-Newrelic-App-Data
X-Vercel-Id
X-Fetch-By
X-Nc
X-Vercel-Cache
PICS-Label
X-Akamai-Request-ID
X-HITS
Magicmarker
X-Dw-Trace-Id
X-CF-Powered-By
Section-Io-Id
X-Webkit-CSP-Report-Only
CF-Cached-On
X-UnsetCookies
Section-Io-Origin-Status
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
X-IN-APIGATEWAYSSL
WZWS-RAY
X-ND-Cache
Canary
X-Iplb-Request-Id
X-CMSURLCustom
X-Iplb-Instance
X-Request-Url
X-Vcache
D-Url-Rewrites
Inserted-Into-Cache-At
X-IN-APIGATEWAY
X-Yottaa-OS
X-Cc-Via
X-Time-Microsecs
X-Varnish-Beresp-Status
Cdn-Cache
Wp-Super-Cache
Cdn-Cachedat
Cdn-Requestcountrycode
Cdn-Requestid
Cdn-Uid
Cdn-Edgestorageid
Servedby
Cdn-Pullzone
X-LiteSpeed-Tag
X-Snapshot-Date
Vha6-Origin
X-MiniProfiler-Ids
Content-Style-Type
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
Content-Script-Type
CountryCode
X-BBC-Origin-Response-Status
X-Release
X-Request-URL
Cf-Device-Type
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Azure-Ref-OriginShield
X-CUA
X-Dist-Code
DataCenter
X-Wp-Cf-Super-Cache-Cache-Control