Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
X-Ua-Compatible
Request-Context
EagleId
X-Age
X-Server
X-Robots-Tag
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-Proxy-Cache
X-UA-Device
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
X-Akamai-Path-Stats
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-LiteSpeed-Cache
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
X-Device
Cf-Railgun
X-Cache-Spec
X-Page-Speed
X-Host
X-Node
X-CST
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
Accept-CH
X-Backend-Server
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
X-Cloud-Trace-Context
Rating
X-Url
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Mod-Pagespeed
X-Rack-Cache
X-PC
X-TtlSet
X-Vname
X-Server-Name
X-Clacks-Overhead
RTSS
Edge-Control
X-Ruxit-JS-Agent
X-Varnish-TTL
X-VARITI-CCR
X-ESI
X-Content-Type
Cache-Tag
X-Vcap-Request-Id
X-B3-TraceId
X-Amz-Server-Side-Encryption
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cnection
X-Px
X-Ac
X-RateLimit-Remaining
X-D2id
Accept-Ch
X-Element-Page-Cache
X-Navigation-Version
Verso
X-Abt-Application-Version
X-Client-IP
X-Edge
X-Powered-By-Plesk
Display
X-Cache-TTL
X-Sol
X-Middleton-Display
Pagespeed
X-Ser
Service-Worker-Allowed
X-Version
X-Ruxit-Js-Agent
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
X-Ttl
X-Goog-Hash
Access-Control-Request-Method
X-Correlation-Id
SPRequestDuration
X-Kinsta-Cache
SPIisLatency
X-Webkit-Csp
X-Edge-Location-Klb
AR-ATIME
AR-PoweredBy
AR-SID
AR-Request-ID
AR-CACHE
X-Upstream
X-NWS-LOG-UUID
X-RateLimit-Limit
X-LLID
X-Powered-CMS
X-Cached
X-SharePointHealthScore
SPRequestGuid
X-Cache-Key
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Edge-Cache-Tag
X-Litespeed-Cache
X-TTL
Nginx-Cache
X-Content-Security-Policy-Report-Only
TCN
X-Forwarded-For
X-MSEdge-Ref
Content-MD5
MRF-Tech
Mrf-Cache-Status
X-Id
X-Shield-Request-Id
X-Daa-Tunnel
X-B3-TraceId-Primal
X-T
MS-Author-Via
X-Recruiting
S
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Mg-S
X-Ua-Device
X-Protected-By
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Accel-Expires
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ezoic-Cdn
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
MicrosoftSharePointTeamServices
X-Content
X-Ab
X-Frontend
X-Ua-Browser
X-Grace
X-ECACHE
X-Request-Received
Server-Node
Front-End-Https
X-Request-Processing-Time
X-Yandex-Sdch-Disable
X-DataDome
Filters
X-Server-ID
X-DynaTrace
X-Mid
Fastcgi-Cache
TP-Cache
TP-L2-Cache
X-Geo-Country
X-ORACLE-DMS-ECID
X-Origin-Server
X-Hits
X-Distributor
X-ORACLE-DMS-RID
X-PressLabs-Stats
X-Debug-Info
X-Microsite
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
X-Amzn-Trace-Id
Cross-Origin-Opener-Policy
X-Tt-Trace-Tag
Charset
X-Tt-Trace-Host
X-DIS-Request-ID
X-Git-Hash
Cleartype
X-Page-Id
X-WebKit-CSP-Report-Only
X-F-Cache
Host
X-B3-Sampled
Pinterest-Generated-By
X-LB-Cache
Pinterest-Version
X-Pinterest-Rid
X-Cache-Age
X-Www-Served-By
X-MCACHE
Access-Control-Allow-Method
X-Forwarded-Proto
ServerID
X-Seen-By
Cache-Status
X-AppVersion
X-Cluster-Name
Cache-Tags
X-Activity-Id
X-Az
X-Aspnetmvc-Version
X-Varnish-Age
Realpath
Accept-Charset
X-Language
Filterid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Rid
X-Nginx-Upstream-Cache-Status
X-Type
X-Content-Options
Server-Name
X-App-Environment
Country
X-Oracle-Dms-Ecid
X-Fastly-Request-ID
Viewport
Retry-After
X-Oracle-Dms-Rid
X-NWS-UUID-VERIFY
X-Upgrade-Enabled
Node
X-Origin-Cache
X-Varnish-Grace
X-Tb
X-B-Cache
X-Mobile-URL
X-Whom
X-Signature
X-User-Agent
X-FB-Debug
X-Providence-Cookie
X-Route-Name
DC
X-Request-Guid
Paypal-Debug-Id
X-Goog-Stored-Content-Encoding
X-Flags
X-Goog-Generation
X-Goog-Storage-Class
X-Drupal-Cache-Tags
X-Aspnet-Duration-Ms
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Is-Crawler
X-Wix-Request-Id
X-Varnish-Backend
X-TT
Protected
X-VCache
Fastcgi-Useragent
X-XRDS-LOCATION
X-Via-JSL
X-B
X-N
X-Fastcgi-Cache
X-Amz-Replication-Status
X-Cache-NGX
X-Debug
Payment
X-Logged-In
X-Contextid
X-XRDS-Location
WPO-Cache-Message
WPO-Cache-Status
X-Load-Cache
Surrogate-Key
X-Fastly-Request-Id
X-Template
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Amz-Meta-S3cmd-Attrs
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-FW-Type
Count-Hit
X-FW-Dynamic
X-Cache-Control
X-Node-Name
Healthy
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Hostname
Permissions-Policy
X-G
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
X-Jobs
X-Cache-Time
X-Proxy
X-Mobile
X-Revision
Content-Disposition
X-UUID
Akamai-GRN
Refresh
X-Mcache
X-Rendered-As
X-Framework
X-Is-Bot
X-Cacheable-TTL
X-Zen-Fury
X-Cache-TTL-Remaining
X-Trace-Id
X-Akamai-Request-ID2
Uber-Trace-Id
X-Adobe-Loc
X-Real-IP
X-Proxy-Cache-Status
X-Page-View
Access-Control-Request-Headers
X-Adobe-Content
X-Http-Reason
X-Debug-IsPreview
Alternate-Protocol
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
NGB
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Yottaa-Metrics
X-Instance
X-Yottaa-Optimizations
X-Device-Type
Url
X-Servername
X-IPLB-Instance
X-ECache
X-Cache-Grace
Version
X-Cache-Rule
X-Source
From-Origin
X-Varnish-Server
X-Mg-Request-UUID
X-Restarts
X-L-Path
X-Environment-Context
X-Oneagent-Js-Injection
X-Parallel-Accel
X-NGENIX-Cache
X-Vgn-Hpd-Reason
X-Cache-Hit
X-EdgeConnect-Cache-Status
Accept-Language
X-Cache-Expired-At
Ms-Operation-Id
X-RTag
MS-CV
X-Datadome
Referer-Policy
X-HTML-Minification-Powered-By
Frame-Options
Countrycode
X-App-Server
Liferay-Portal
Backend
Cross-Origin-Window-Policy
X-FW-Version
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-NYM-Debug-Backend
X-IPS-LoggedIn
X-APP-VERSION
X-COUNTRY
X-Cache-Action
X-Nginx-Cache
X-ProcessESI
Content-Secure-Policy
X-RemovedCookies
CF-IPCountry
Section-Io-Cache
WP-Super-Cache
Upgrade-Insecure-Requests
X-Redis-Cache
X-RN-RSRV
Cache-Tv-Group
Meta-Geo
X-Cache-Server
X-UPSTREAM-Address
Ec-Rule-Version
Azure-Version
X-Say-Cacheable
X-Access
X-No-Session
X-Say-TTL
X-Varnish-Cache-Hits
X-Web-Node
Azure-RegionName
X-AOL-HN
X-Format
X-FB-TRIP-ID
X-Hosted-By
Azure-InstanceId
X-Content-Age
Azure-SiteName
X-Section
X-Cache-Enabled
Azure-SlotName
X-OCL
X-Detected-As
X-UA-Device-Type
X-Cache-Type
X-PCL
X-Ua
X-Request-Time
X-Generation-Time
X-Region
X-Human
X-SayCDN-TTL
X-BYPASS-REASON
X-Generated-By
X-Uri
TWC-GeoIP-LatLong
X-Content-Powered-By
X-ProxyCache-Key
Apigw-Requestid
X-Site-Version
TWC-Privacy
X-Be
X-Urbn-Site-Id
X-Sql-Duration-Ms
X-Server-W
Webcakes-App-Version
TWC-Locale-Group
X-ProxyCache-Status
X-Via-Fastly
S-Rt
Webcakes-App-Name
Property-Id
TWC-Connection-Speed
TWC-Device-Class
X-Origin-Hint
X-Nginx-Cache-Key
X-Origin-Date
Mn-Server-Ip
X-PHP-Backend
X-Urbn-Context-Path
X-Cluster-Node
Webcakes-Region
Fastly-SSL
Locale
X-Sql-Count
X-Akamai-Edgescape
X-Storage
TWC-GeoIP-Country
X-Mode
CDN-Uid
Eomportal-Instance
CDN-RequestId
X-Hyper-Cache
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
X-Adobe-Source
X-ApacheServer
X-Midtier
X-Status
X-Ratelimit-Remaining
X-Xfnlog-Site
X-Platform-Server
X-Forwarded-Host
X-Cache-Host
X-Cache-Tags
X-Debug-Cache
CDN-Cache
X-PERF
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Hl-Ver
X-NewRelic-App-Data
Webserver
X-Varnishpool
X-Handled-By
X-Extlb
X-Backend-Name
X-Zipkin-Id
X-Tid
X-Unique-Id
X-JoinUs
X-ServerID
X-SaId
X-Routing-Service
X-Proxied
X-Labrador-Cache-Channel
X-Locale
X-PHP-Host
X-GG-Cache-Date
X-Timing-Wait
Selected-Fe
X-Rule
X-TT-LOGID
X-Proxy-Build
X-Cache-Operation
ServedBy
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-VC-Cache
X-Edge-Location
X-LSADC-Cache
X-Storefront-Renderer-Rendered
X-Cms-Context
X-Soup
X-Cache-Remote
X-Accel-Buffering
X-Rewrite-Enabled
X-Cached-By
X-Proto
SID
SRV
Web-Mar-Node
Mime-Version
Fastly-Drupal-Html
X-Dc
X-GEO
X-CDN-Forward
X-GeoCountry
Load-Balancing
Onion-Location
X-GeoCode
Xserver
X-Pubstack
X-TA-CDN-Provider
X-Cdn
X-Reqid
X-Varnish-Hostname
X-App-Version
Cache-Hits
X-Buckets
Country-Code
X-Request-Host
X-Microcachable
X-Origin-TTL
X-Origin-CC
Decoy-Debug-TTL
X-Cluster
Decoy-Debug-Key
Decoy-Debug-Status
LB
X-Ratelimit-Limit
X-Varnish-Hits
Server-Info
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
Xet-Cookie
X-Tumblr-Pixel-2
X-SRV
X-Envoy-Decorator-Operation
X-Ms-Version
X-Ms-Request-Id
X-Magnolia-Registration
X-B3-SpanId
X-CSRF-Token
X-Air-Source
X-Air-Trace-Id
X-NCache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Air-Hostname
X-RCS-CacheZone
X-Bc-Bl
DynaTrace
Cache
DB-Nickname
X-Endurance-Cache-Level
X-Tx-Id
Surrogated-Key
Xc-Version
Rendered-Blocks
Sslversion
Pramga
T-Server
Host-ID
Cmsid
Cmstype
DCR-Decision-By
Cdnsip
Cdncip
Source
A
BehaviorPad-Version
DCR-Processing-Time-Ms
Expiry
Meta-Geo-Continent
Mobile-Detection-Method
NM-Fastcgi-Cache
MD5-Digest
Lang
Fastcgi-X-Cache-Version
Fastly-GeoIP-CountryCode
X-A
Odigeo-Trace-Id
X-Core-Mission
X-User
X-Node-Id
X-NAPM-TraceId
X-Orig-Expires
X-Origin-Response-Time
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Ftr-Request-Id
X-Vdms-Version
X-Geo-Header
X-Gzip
X-Hash
X-Vdms-Path
X-TrackingId
X-Processor
X-Sigma
X-Shop-Environment
X-Session-Fingerprint
X-SVT-ORM-VERSION
X-Sigma-Backend
X-SVT-ORM-RULES
X-SRCache-Key
X-SD-PageType
X-ScT
X-Rocket-Build-Number
X-TIM-N
X-Tenant
X-Rojux
X-S-Cookie
X-S
X-From
X-Forwarded-Path
X-Cache-Bucket
X-B-Cookie
X-Vtex-Remote-Cache
X-Cache-Id
X-Cache-Info
X-Cdn-Srv
X-Cache-NE
X-ARC
X-Application
X-A-Dcw
X-A-Dam
X-A-Dgt
X-Webstats-RespID
X-AK-Request-ID
X-A-Wwc
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ec-GeoHdr
X-Ec-Fail
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-Esi-Check
X-Fetched-On
X-External-Request-Id
X-Device-Os
X-VG-WebCache
X-Connection-Hash
X-Conf
X-D
X-Destination
X-Developer
X-Vtex-Processado-Em
X-A-Ccd
X-Aed
X-Varnish-Beresp-Grace
X-Time
X-R9-Blue-Green-Version
Cache-Name
X-Varnish-Ttl
X-ZONE
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Cache-Date
X-Block-Status
X-Cache-Backend
X-Core-Value
X-CacheTTL
X-DefHash
X-Fmm-Version
X-Gdpr
X-Gen-Mode
X-Fastly-Cache
X-DPWN-IS-SECURE
X-BBC-Edge-Cache-Status
X-Developers
X-Dispatcher-Number
X-DefElseHash
X-Worker
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
State
Ssr
Release
Req-Svc-Chain
Server-Host
Thinkindot-Control
Traceparent
Wxu-Next-Hostname
Wxu-Next-Region
X-GeoIP
Wxu-Next-Commit
Web-Mar-Region
User-Cache-Control
We-Hiring
X-Amzn-Remapped-Content-Length
X-Hnp-Log
X-Skip-Cache
X-Slack-Backend
X-Thinkindot-L3
X-Server-IP
X-Served-From
X-Rocket-Nginx-Serving-Static
X-SB
X-Scheme
X-TNCMS
X-V-Cache
X-VG-TLSProxy
X-VServer
X-WADP-Cache
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Variation
X-Varnish-CookieHashed-On
X-Pool
X-Planisys-CDN-TTL
X-LAGOON
X-Loc
X-Location
X-JWT-State
X-Is-Gdpr
X-Wix-Viewer-Type
Producers
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-NodeID
X-Azure-Ref
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Origin-Time
X-Origin-Expires
X-Nyt-Route
X-Origin
X-Has-Esi
X-Loop
Machine
CDN
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
CloudFront-Viewer-Country
Kp-EeAlive
Origin
Origin-CC
Origin-EX
Is-Eu
Apple-News-Services-Handled
Apple-News-Services-Host
Memcached
Mail-Subject
Platform
Environment
L
Adler-Geo
AKAMAI
X-Forwarded-Site
X-GeoIP-City
X-Gamma-Serve
Fastly-SIE
X-Generated-On
Gh-Request-Id
Fastly-SWR
IsBot
L5d-Success-Class
X-Csrf-Jwt
X-CGP
X-Cdn-Origin
Locid
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Ha-Gx-Prefs
HA-Ipaddr
X-HN
X-Datadog-Trace-Id
X-Eu-Site
Cluster
X-Request-URI
X-SIPLIST1
Redirect-Candidate
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Sn-Servicetimems
X-VarnishDD-TTL
X-Via-Ucdn
X-IPLB-Request-ID
X-Viewer-Country
X-Via-NSCOPI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Minions-Version
CDCHOST
DSUID
X-Level-Front-Cache
Fastcgi-Cache-TTL
X-Platform
X-Pod-Name
X-Qloud-Router
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Policy
X-Httpd
X-Region-Sid
Vix-Hermes-Req-Id
V-Age
PFcat
NGX
Server-Hostname
X-Auto-Login
N-Cache
Server-Ext
Svr
Sever-Int
X-Branch-Name
X-Aicache-OS
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-WP-CF-Super-Cache-Cache-Control
X-Scale
Ohc-File-Size
X-Optimistic-Header
X-Men
Arc-Country
X-WP-CF-Super-Cache
X-EC-Lua
HostName
X-Srv
X-Parent-Response-Time
X-Owner
X-CS
X-Refresh
Pics-Label
X-NC
X-Old-Content-Length
X-Response-By
X-Newrelic-Synthetics
X-Udemy-Cache-App-Namespace
X-BCube-Filmed-By
X-Ad-Defer-Variation
X-Wikidot-Backend
X-RSL
Memory
X-Wikidot-Static-Cache
Env
X-LB-NoCache
Datacenter
X-RPM
Cache-Key
X-RPS
X-Ah-Environment
Candidate-Md5Url
X-DW
X-DB
X-DI
X-DSS
Servername
X-Tt-Logid
Time
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-Akamai-Transformed
X-VC
X-TIME
AMP-Access-Control-Allow-Source-Origin
Ms-Author-Via
X-Date
XM
X-Accel-Expires-Debug
X-Cache-ASPX
CPC-Age
X-Mvc-Supplant-OutputCached
X-SplitTest
CPC-Cache
X-Contensis-Viewer-Groups
GEO-INFO
VNS-Cache
VNS-Age
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Status-Check
X-Generated-In
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-WA-Info
X-Varnish-Authentication
Fastly-Backend-Name
X-Edge-Pop
X-Webkit-CSP
X-Xrds-Location
X-Via-Poph
X-Micro-Cache
Path
GeoIp-Country-Code
X-Servedbyhost
X-Via-Popv
X-Cache-Debug
X-Via-Popn
X-Presslabs-Stats
X-AIR-PT
ITXSESSIONID
X-API-Version
X-S-Maxage
Lb
X-CACHE-KEY
X-HA-Backend
X-Vc
X-DC
X-RateLimit-Reset
Fusion-Component-Id
Ohc-Cache-HIT
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-Trace-ID
Geo-Info
Fusion-Source
CacheControlHeader
X-VCL-Version
Client
Cache-Host
Geoip-Latitude
X-Action
X-TH-Server
True-Client-Country-4JS
True-Client-IP
Ngx.Var.Host
Server-ID
X-Cs
X-VHOST
Hostname
X-Backend-TTL
X-Api-Version
FSS-Cache
X-Proxy-CacheRZ
XkeyRZ
X-Varnish-Beresp-TTL
X-Clientip
X-FireWall-Port
Edge-Cache
X-Req
X-Fpc
My-App
Powered-By
X-Webkit-Csp-Report-Only
X-TX-ID
X-Zone
X-Provided-By
X-PX
X-Varnish-Beresp-Ttl
X-B3-Spanid
X-Pass-Why
X-Traceid
X-Origin-Upstream-Status
X-CSRF-TOKEN
X-Dmc
X-MSEdge-Flight
X-MSEdge-Features
X-Up
Test
X-FPC
NtCoent-Length
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-Render-Time
X-HS-Status
X-Cdn-Request-ID
X-LB-ID
X-INCAP-ABP
X-Correlation-ID
X-Beluga-Node
X-Beluga-Record
Rip
X-Beluga-Cache-Status
User-Agent
X-Beluga-Response-Time
DataCenter
C-Via
X-Webkit-CSP-Report-Only
X-Beluga-Status
Server-Id
X-Beluga-Trace
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-LI-UUID
X-Gateway-Skip-Cache
Tube-Got-Results
Tube-Got-Eval
X-Li-Pop
X-Gateway-Cache-Key
X-Li-Fabric
X-Service
Tube-Return
Tube-Get-Contents
Click-Count-Action-Start
OT-Force-Account-Verify
Srvid
Proxy-Connection
X-UnsetCookies
Click-Count-Error
X-Vcl-Version
X-M-Reqid
X-Ha-Backend
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Alfa-Service
X-Qnm-Cache
Uri
X-M-Log
X-URL
WZWS-RAY
GeoIP-Latitude
X-Time-Microsecs
X-RAMCache
X-ND-Cache
Esi-Enabled
X-DynaTrace-JS-Agent
X-Dynatrace
GeoIP-Country-Code
On-Server
HIT
X-CUA
Resin-Trace
X-ServedByHost
Sid
MIME-Version
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
X-Platform-Router
X-Fragments
Tracecode
X-Proxy-Cache-Hk
X-Geo
X-CCDN-CacheTTL
Srv
X-Hcs-Proxy-Type
Cf-Device-Type
X-Fetch-By
X-Platform-Cluster
X-CCDN-Origin-Time
X-ATG-Version
X-LI-Proto
Epwk-X-Cache
X-Platform-Processor
Target-Params
X-TRACE-ID
Fastly-Drupal-HTML
X-Cdn-Forward
X-Sucuri-ID
X-APP
X-Fastly-Backend-Reqs
X-Sucuri-Cache
X-Var-Ttl
X-Fastly-Backend
X-Backend-Host
Lfy
X-FC-Vary-Parameters
X-Azure-Ref-OriginShield
Tcn
X-Esi
Cdn
Section-Origin-Responded
ServerName
XServer
X-Lb-Nocache
X-Edge-POP
X-Cache-Expires
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-B3-Traceid-Primal
X-App
X-Varnish-Beresp-Status
ENV
X-MG-S
X-LiteSpeed-Cache-Control
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Yottaa-OS
X-NU-AKA-ACS-Version
X-Newrelic-App-Data
CF-Cached-On
Inserted-Into-Cache-At
X-Li-Proto
Magicmarker
X-ElasticPress-Query
X-Backend-State
PICS-Label
CountryCode
X-CF-Powered-By
D-Url-Rewrites
M-TraceId
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
Server-Ttl
X-Vcache
Wpo-Cache-Status
WebServer
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Nc
X-Iplb-Request-Id
Cf-Ipcountry
Wpo-Cache-Message
X-Serial
X-HostName
X-Iplb-Instance
Servedby
Warning
X-Fastly-Cache-Hits
Fastcgi-Cache-Ttl
X-Request-Start
Hit
Vha6-Origin
X-Vercel-Id
X-Vercel-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Snapshot-Date
X-Dw-Trace-Id
X-B3-Parentspanid
X-Request-URL
Content-Script-Type
X-Cache-CFC
X-Th-Server
X-Back
Content-Style-Type
X-Release
X-BBC-Origin-Response-Status
X-Storefront-Renderer-Verified
Ngx
Cneonction
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Dist-Code
X-Request-Url
X-Litespeed-Cache-Control