Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
P3p
Timing-Allow-Origin
X-Request-ID
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
EagleId
X-Akamai-Path-Stats
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Cache-Spec
Cf-Railgun
X-OneAgent-JS-Injection
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
X-HW
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Fastly-Restarts
X-MS-InvokeApp
Accept-Ch-Lifetime
X-Rack-Cache
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-Ruxit-JS-Agent
Accept-Ch
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-B3-TraceId
Cache-Tag
X-Amz-Server-Side-Encryption
X-Varnish-TTL
X-Content-Type
X-Vcap-Request-Id
X-Amz-Rid
X-Dw-Request-Base-Id
X-Exp-Id
Public-Key-Pins
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Px
X-Cnection
X-D2id
X-Edge
X-Ac
X-RateLimit-Remaining
X-Navigation-Version
X-FastCGI-Cache
X-Element-Page-Cache
Verso
X-Ser
X-Middleton-Display
X-Client-IP
Pagespeed
Display
X-Sol
X-Powered-By-Plesk
X-Abt-Application-Version
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Ttl
X-Country-Code
X-Litespeed-Cache
Response
X-Middleton-Response
X-NF-Request-ID
X-Correlation-Id
X-Ruxit-Js-Agent
X-Goog-Hash
Access-Control-Request-Method
X-Content-Security-Policy-Report-Only
SPRequestDuration
SPIisLatency
X-Kinsta-Cache
X-Cached
X-Edge-Location-Klb
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-SharePointHealthScore
SPRequestGuid
X-Upstream
X-Powered-CMS
X-LLID
Edge-Cache-Tag
X-RateLimit-Limit
X-Instrumentation
X-NWS-LOG-UUID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Forwarded-For
Nginx-Cache
X-Cache-Key
X-TTL
Content-MD5
X-MSEdge-Ref
MRF-Tech
Mrf-Cache-Status
X-Shield-Request-Id
X-Id
TCN
X-T
X-B3-TraceId-Primal
X-Recruiting
X-Daa-Tunnel
S
X-Content-Digest
X-ECACHE
X-DataDome
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Webkit-Csp
X-Mg-S
X-Ua-Device
X-SRCache-Store-Status
X-Jurisdiction
X-HP-Trace-Id
X-SRCache-Fetch-Status
MS-Author-Via
X-HP-Webp
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-Protected-By
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-Ezoic-Cdn
X-Grace
X-Ua-Browser
MicrosoftSharePointTeamServices
X-Ab
X-Content
X-Frontend
X-Request-Processing-Time
X-Request-Received
Server-Node
Front-End-Https
Filters
TP-L2-Cache
X-Yandex-Sdch-Disable
TP-Cache
X-DynaTrace
X-PressLabs-Stats
X-Server-ID
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Mid
X-Geo-Country
X-ORACLE-DMS-RID
X-Hits
X-Microsite
X-Request-Handler-Origin-Region
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-LB-Cache
X-Amzn-Trace-Id
Charset
Host
X-Oneagent-Js-Injection
X-Debug-Info
Cleartype
X-Ratelimit-Reset
X-F-Cache
X-Page-Id
X-Git-Hash
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-B3-Sampled
X-Cache-Age
X-DIS-Request-ID
X-Www-Served-By
Cache-Status
Access-Control-Allow-Method
Realpath
Pinterest-Generated-By
X-Pinterest-Rid
X-Seen-By
Pinterest-Version
ServerID
X-Activity-Id
X-AppVersion
X-Az
X-Fastly-Request-Id
Accept-Charset
Cache-Tags
Filterid
X-Varnish-Age
X-Cluster-Name
X-Aspnetmvc-Version
X-Mcache
X-Nginx-Upstream-Cache-Status
X-Language
X-Rid
X-Content-Options
X-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-App-Environment
Retry-After
X-MCACHE
X-XRDS-LOCATION
Server-Name
Country
X-Upgrade-Enabled
X-FB-Debug
Viewport
Paypal-Debug-Id
DC
X-Varnish-Backend
X-Origin-Cache
Node
X-Varnish-Grace
X-Tb
X-User-Agent
X-Signature
X-Drupal-Cache-Tags
X-B-Cache
X-Whom
X-Oracle-Dms-Ecid
X-TT
X-GUploader-UploadID
X-Goog-Generation
X-Wix-Request-Id
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Mobile-URL
X-Request-Guid
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Route-Name
X-VCache
X-Providence-Cookie
X-Oracle-Dms-Rid
X-B
X-NWS-UUID-VERIFY
Protected
Permissions-Policy
X-Debug
Fastcgi-Useragent
X-Logged-In
WPO-Cache-Message
WPO-Cache-Status
X-Amz-Replication-Status
X-N
X-Via-JSL
Payment
X-Amz-Meta-S3cmd-Attrs
X-Cache-NGX
X-Load-Cache
Surrogate-Key
X-Contextid
X-Cache-Control
X-XRDS-Location
Count-Hit
X-Template
Healthy
X-Node-Name
X-Browser-Type
X-Erf-Bev-Bev
Amp-Access-Control-Allow-Source-Origin
X-Erf-Bev-Bev-Is-Generated
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-Webkit-CSP
X-FW-Static
X-FW-Type
X-Mobile
X-Response-Served-From
X-Trace-Id
SD-X-WS
X-Original-Request-Id
Refresh
Akamai-GRN
X-Proxy
X-G
Content-Disposition
X-Revision
X-Cache-Time
X-Jobs
Uber-Trace-Id
X-Akamai-Request-ID2
X-Framework
X-Real-IP
X-Zen-Fury
Alternate-Protocol
X-UUID
X-Rendered-As
NGB
X-Proxy-Cache-Status
X-Is-Bot
X-Cache-TTL-Remaining
X-Fastcgi-Cache
X-NGENIX-Cache
X-Restarts
X-Cacheable-TTL
Url
X-Hostname
X-Device-Type
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Http-Reason
X-Debug-IsPreview
X-Debug-IsConnected
Access-Control-Request-Headers
X-Adobe-Content
X-Adobe-Loc
X-Page-View
X-Drupal-Cache-Contexts
X-Instance
X-Servername
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Fastly-Request-ID
X-Cache-Grace
X-IPLB-Instance
X-Varnish-Server
X-Mg-Request-UUID
Version
X-L-Path
X-Environment-Context
X-COUNTRY
X-Source
X-Midtier
X-ECache
X-EdgeConnect-Cache-Status
X-B3-Traceid
Accept-Language
X-HTML-Minification-Powered-By
Ms-Operation-Id
MS-CV
Countrycode
X-RTag
Frame-Options
X-Cache-Rule
X-Vgn-Hpd-Reason
X-Cache-Hit
From-Origin
X-Cache-Expired-At
Referer-Policy
Liferay-Portal
X-NYM-Debug-Backend
X-App-Server
Cross-Origin-Window-Policy
Backend
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-Parallel-Accel
X-FW-Version
Content-Secure-Policy
X-APP-VERSION
X-Datadome
X-RN-RSRV
X-Nginx-Cache
X-Cache-Server
X-Unique-Id
Meta-Geo
X-UPSTREAM-Address
Upgrade-Insecure-Requests
X-Hosted-By
X-Ua
X-RemovedCookies
X-Redis-Cache
X-OCL
X-ProcessESI
X-No-Session
X-Generation-Time
X-PCL
Section-Io-Cache
X-Varnish-Cache-Hits
TWC-GeoIP-LatLong
X-Uri
X-Via-Fastly
Property-Id
TWC-Device-Class
X-UA-Device-Type
TWC-GeoIP-Country
X-Cache-Enabled
Azure-Version
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
X-PHP-Backend
Azure-SiteName
X-Format
Apigw-Requestid
Azure-RegionName
X-Access
X-Cluster-Node
Webcakes-App-Name
X-Region
Azure-InstanceId
X-Section
X-Server-W
Mn-Server-Ip
TWC-Locale-Group
Azure-SlotName
X-Request-Time
WP-Super-Cache
TWC-Privacy
X-FB-TRIP-ID
TWC-Connection-Speed
X-Mode
CF-IPCountry
X-Origin-Date
X-Sql-Duration-Ms
X-Sql-Count
Fastly-SSL
X-ProxyCache-Key
X-ProxyCache-Status
X-Cache-Action
X-Be
X-AOL-HN
X-Urbn-Site-Id
X-Content-Powered-By
X-Xfnlog-Site
X-Urbn-Context-Path
X-Akamai-Edgescape
Cache-Tv-Group
X-Storage
S-Rt
Locale
X-Content-Age
X-ApacheServer
X-Human
X-Cache-Host
X-BYPASS-REASON
X-Nginx-Cache-Key
X-PERF
X-Debug-Cache
X-Cache-Type
X-Extlb
X-Backend-Name
X-Status
X-Tid
X-Detected-As
X-JoinUs
X-Routing-Service
X-Locale
X-NewRelic-App-Data
X-Zipkin-Id
Eomportal-Instance
Ec-Rule-Version
X-Proxied
X-Site-Version
X-ServerID
X-SaId
X-Hl-Ver
X-Varnishpool
X-Generated-By
X-ShopId
X-ShardId
X-Labrador-Cache-Channel
X-Alternate-Cache-Key
X-PHP-Host
X-Shopify-Stage
X-Say-Cacheable
X-Say-TTL
X-Sorting-Hat-ShopId
X-SayCDN-TTL
X-Sorting-Hat-PodId
X-Web-Node
X-Cache-Tags
X-Handled-By
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Platform-Server
X-Cms-Context
X-Adobe-Source
X-Forwarded-Host
X-Ratelimit-Remaining
X-GG-Cache-Date
X-Proxy-Build
Selected-Fe
X-Timing-Wait
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
CDN-RequestId
CDN-Uid
CDN-PullZone
CDN-RequestCountryCode
ServedBy
X-VC-Cache
X-Dc
X-Edge-Location
X-Storefront-Renderer-Rendered
Load-Balancing
X-Hyper-Cache
X-CDN-Forward
X-Proto
X-Rule
X-LSADC-Cache
SRV
X-Cache-Operation
Web-Mar-Node
X-GeoCountry
Webserver
X-TT-LOGID
X-GeoCode
X-Cache-Remote
X-App-Version
Mime-Version
Onion-Location
Fastly-Drupal-Html
X-Rewrite-Enabled
X-Soup
X-Cached-By
X-Varnish-Hostname
SID
X-TA-CDN-Provider
Cache-Hits
X-GEO
Xserver
X-Accel-Buffering
X-Cdn
X-Pubstack
X-Cluster
X-Varnish-Ttl
X-SRV
X-Reqid
X-Origin-TTL
Country-Code
X-Varnish-Hits
X-Origin-CC
X-Microcachable
Xet-Cookie
LB
X-Envoy-Decorator-Operation
Server-Info
X-Buckets
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-MP-GENERATED-AT
X-Ratelimit-Limit
X-Magnolia-Registration
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-IPLB-Request-ID
DB-Nickname
X-Request-Host
X-Ms-Version
X-Ms-Request-Id
X-CSRF-Token
X-Amz-Apigw-Id
X-Amzn-RequestId
Cache
Source
X-B3-SpanId
X-Endurance-Cache-Level
X-CF-Lambda-Version
X-Orig-Expires
X-Application
X-AK-Request-ID
X-CF-Lambda-Fn
X-Vtex-Processado-Em
X-Cdn-Srv
X-Cache-NE
X-Cache-Id
X-ARC
X-Vtex-Remote-Cache
Xc-Version
X-B-Cookie
X-A-Dam
Fastcgi-X-Cache-Version
X-Via-NSCOPI
X-Origin-Response-Time
Host-ID
MD5-Digest
Lang
Expiry
A
Cdnsip
BehaviorPad-Version
Cmsid
Cmstype
DCR-Processing-Time-Ms
DCR-Decision-By
Meta-Geo-Continent
Mobile-Detection-Method
X-A-Ccd
X-A
X-VG-WebCache
X-A-Dcw
X-A-Wwc
X-A-Dgt
T-Server
Surrogated-Key
Odigeo-Trace-Id
NM-Fastcgi-Cache
Pramga
Rendered-Blocks
Sslversion
X-Aed
X-Bc-Bl
X-Destination
X-Developer
X-Geo-Header
X-S
X-RCS-CacheZone
X-SRCache-Key
X-D
X-Rojux
X-Gzip
X-Ec-Fail
X-Ec-GeoHdr
X-Time
X-Newrelic-Synthetics
X-Tt-Logid
X-S-Cookie
X-External-Request-Id
X-Esi-Check
X-Shop-Environment
X-Session-Fingerprint
X-Epic-Correlation-Id
X-SD-PageType
X-NAPM-TraceId
X-User
X-Processor
X-Conf
X-NCache
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Vdms-Version
Cdncip
X-Vdms-Path
X-Forwarded-Path
X-Hash
X-Connection-Hash
X-Ftr-Request-Id
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-ScT
X-Tenant
X-TIM-N
X-TrackingId
X-Tx-Id
X-Gdpr
Server-Host
X-SB
Machine
Environment
X-Origin-Time
X-Origin
X-Rocket-Build-Number
X-Irp-Debug
Mail-Subject
X-Fmm-Version
Fastly-GeoIP-CountryCode
Memcached
X-Server-IP
X-Node-Id
X-SVT-ORM-VERSION
X-Core-Value
X-CacheTTL
X-Cache-Info
X-SVT-ORM-RULES
X-Core-Mission
X-WADP-Cache
X-Ckpd-Fst-Backend
X-Via-Ucdn
X-V-Cache
X-Nyt-Route
X-Clara-WADP
X-Cache-Bucket
X-Cache-Backend
Wxu-Next-Commit
Wxu-Next-Hostname
We-Hiring
X-Fastly-Cache
X-Fetched-On
X-Scheme
X-NodeID
X-Mvc-Supplant-Cachable
X-Sigma
X-Sigma-Backend
X-Amzn-Remapped-Content-Length
X-Developers
X-Device-Os
State
Wxu-Next-Region
AKAMAI
X-Azure-Ref
DynaTrace
X-Skip-Cache
X-ZONE
CDN
Cache-Name
X-R9-Blue-Green-Version
X-Thinkindot-L3
X-Served-From
X-Auto-Login
X-Branch-Name
CDCHOST
X-RateLimit-Remaining-Second
X-Block-Status
X-BBC-Edge-Cache-Status
X-Rocket-Nginx-Serving-Static
X-Request-URI
X-TNCMS
X-VG-TLSProxy
Is-Eu
Traceparent
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
V-Age
Vix-Hermes-Req-Id
X-Viewer-Country
X-RateLimit-Limit-Second
X-Wix-Viewer-Type
Web-Mar-Region
Adler-Geo
X-VarnishDD-TTL
X-Pod-Name
X-Hnp-Log
X-HN
X-Dispatcher-Number
X-Is-Gdpr
X-LAGOON
X-JWT-State
X-Ec-Custom-Error
X-Has-Esi
X-Eu-Site
X-Forwarded-Site
X-Gen-Mode
X-Generated-On
X-Varnish-Beresp-Grace
X-Level-Front-Cache
X-Loop
X-CGP
X-Planisys-CDN-TTL
X-Platform
Platform
X-Pool
X-Policy
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Minions-Version
X-Csrf-Jwt
X-Proxy-Upstream
User-Cache-Control
X-Worker
Kp-EeAlive
Origin-EX
PFcat
HA-Ipaddr
X-GeoIP
X-Variation
Redirect-Candidate
Origin-CC
Origin
Svr
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
N-Cache
L
X-Origin-Expires
L5d-Success-Class
Ha-Gx-Prefs
Release
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-DefHash
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Gh-Request-Id
X-DPWN-IS-SECURE
Cluster
CloudFront-Viewer-Country
Req-Svc-Chain
Producers
Fastcgi-Cache-TTL
Ssr
X-DefElseHash
Datacenter
X-From
X-Gamma-Serve
Ohc-File-Size
X-Wikidot-Backend
X-Owner
X-BCube-Filmed-By
Candidate-Md5Url
Cache-Key
DSUID
X-Optimistic-Header
X-Wikidot-Static-Cache
X-Rebelmouse-Surrogate-Control
X-Webstats-RespID
X-VServer
X-GeoIP-City
X-Slack-Backend
X-Aicache-OS
Sever-Int
Server-Hostname
Server-Ext
Fastly-SIE
Fastly-SWR
IsBot
X-Httpd
X-Rebelmouse-Cache-Control
NGX
X-Loc
X-Qloud-Router
X-Region-Sid
X-Proxy-Cache-Info
X-Scale
HostName
X-SIPLIST1
X-Cache-Date
X-Cache-Status-Check
X-Tec-Api-Version
X-SplitTest
X-Tec-Api-Origin
XM
X-Tec-Api-Root
X-Cdn-Origin
X-Location
X-Sn-Servicetimems
X-WP-CF-Super-Cache
GEO-INFO
X-Parent-Response-Time
X-Ad-Defer-Variation
X-WP-CF-Super-Cache-Cache-Control
VNS-Age
CPC-Cache
CPC-Age
VNS-Cache
X-Refresh
Pics-Label
AMP-Access-Control-Allow-Source-Origin
X-NC
X-VC
X-WA-Info
X-CS
Fastly-Backend-Name
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-KEY
Locid
X-LB-NoCache
X-AIR-PT
Servername
X-Micro-Cache
X-Edge-Pop
X-Men
X-Contensis-Viewer-Groups
Env
X-Cache-ASPX
Arc-Country
X-Ah-Environment
X-EC-Lua
Ms-Author-Via
X-TIME
X-Srv
Time
Memory
X-Udemy-Cache-App-Namespace
X-Response-By
X-Old-Content-Length
X-Varnish-Authentication
X-TraceId
X-RPM
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-DI
X-DB
X-Generated-In
X-RSL
X-RPS
X-DSS
X-DW
Path
X-Amz-Meta-Cb-Modifiedtime
X-Xrds-Location
X-Api-Version
Lb
X-Via-Popn
X-Akamai-Transformed
X-Accel-Expires-Debug
X-Via-Popv
X-Via-Poph
X-Date
Cache-Host
GeoIp-Country-Code
Ngx.Var.Host
Ohc-Cache-HIT
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-S-Maxage
ITXSESSIONID
X-HA-Backend
X-Vc
X-RateLimit-Reset
True-Client-IP
X-Cache-Debug
X-Varnish-Beresp-TTL
X-VCL-Version
Client
Geoip-Latitude
FSS-Cache
X-Cs
XkeyRZ
X-Proxy-CacheRZ
X-API-Version
X-Clientip
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-VHOST
Fusion-Template-Id
Fusion-Source
Hostname
Server-ID
X-DC
CacheControlHeader
X-Trace-ID
X-FireWall-Port
X-TH-Server
True-Client-Country-4JS
X-Action
X-Presslabs-Stats
X-TX-ID
X-Backend-TTL
X-Zone
X-Fpc
X-Dmc
Geo-Info
X-Render-Time
X-Webkit-Csp-Report-Only
X-MSEdge-Features
X-MSEdge-Flight
Powered-By
X-NGINX-Cache
X-Req
X-INCAP-ABP
NtCoent-Length
X-DynaTrace-JS-Agent
X-B3-Spanid
Edge-Cache
X-PX
X-Traceid
X-CSRF-TOKEN
Tcn
X-Pass-Why
My-App
X-Service
X-Gateway-Cache-Key
C-Via
X-Gateway-Skip-Cache
Test
Rip
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-M-Reqid
X-M-Log
Tube-Return
X-HS-Status
Tube-Got-Eval
Tube-Get-Contents
Tube-Got-Results
X-Qnm-Cache
Click-Count-Error
HIT
Esi-Enabled
X-Cdn-Request-ID
X-FPC
Click-Count-Action-Start
X-Provided-By
X-Correlation-ID
X-Origin-Upstream-Status
User-Agent
X-Beluga-Cache-Status
X-Beluga-Node
OT-Force-Account-Verify
X-Vcl-Version
X-Up
Server-Id
On-Server
X-Beluga-Record
X-Webkit-CSP-Report-Only
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-LB-ID
X-Varnish-Beresp-Ttl
X-Ha-Backend
X-Via-PopN
X-Via-PopV
Cf-Int-Pingora-Origin-Digest
X-Via-PopH
X-Alfa-Service
Sid
X-TRACE-ID
Srvid
Uri
Resin-Trace
X-URL
Proxy-Connection
WebServer
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-APP
X-Li-Fabric
X-LI-UUID
X-Geo
X-Proxy-Cache-Hk
X-UnsetCookies
X-RAMCache
GeoIP-Latitude
GeoIP-Country-Code
X-Li-Pop
DataCenter
MIME-Version
X-Edge-Origin-Shield-Bytes
X-Akamai-Pragma-Client-IP
X-ND-Cache
Epwk-X-Cache
X-CCDN-CacheTTL
X-Edge-Origin-Shield-Region
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-ServedByHost
X-LI-Proto
X-Time-Microsecs
Srv
Cdn
WZWS-RAY
X-Fetch-By
X-Cdn-Forward
Fastly-Drupal-HTML
X-Backend-Host
X-CUA
X-Fastly-Backend-Reqs
Server-Ttl
M-TraceId
ENV
X-ID
Warning
X-Esi
Tracecode
Target-Params
X-App
X-B3-Traceid-Primal
X-Platform-Router
XServer
ServerName
X-Platform-Processor
Cf-Device-Type
X-Platform-Cluster
X-Lb-Nocache
X-Fragments
X-Edge-POP
X-Dynatrace
X-ATG-Version
X-HostName
X-MG-S
Dt-Hot-News
PICS-Label
Section-Io-Id
Section-Io-Origin-Status
X-Var-Ttl
Lfy
X-ElasticPress-Query
CF-Cached-On
X-Fastly-Backend
X-FC-Vary-Parameters
Section-Io-Origin-Time-Seconds
X-Request-Url
X-Sucuri-Cache
X-Newrelic-App-Data
X-Azure-Ref-OriginShield
X-Sucuri-ID
X-Yottaa-OS
X-HITS
Section-Origin-Responded
Inserted-Into-Cache-At
D-Url-Rewrites
X-Iplb-Instance
X-Bip
X-Iplb-Request-Id
X-Vcache
X-LiteSpeed-Cache-Control
X-Request-URL
X-Serial
X-Dw-Trace-Id
Cf-Ipcountry
X-Thanos
X-Cache-Expires
X-Nc
X-Akamai-Request-ID
X-Varnish-Beresp-Status
X-CF-Powered-By
DT-Hot-News
Servedby
Cdn-Uid
Cdn-Pullzone
Cdn-Cache
Wp-Super-Cache
Cdn-Edgestorageid
Cdn-Cachedat
Cdn-Requestid
Cdn-Requestcountrycode
True-Client-Ip
X-Fastly-Cache-Hits
X-Vercel-Id
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Vercel-Cache
Cneonction
X-Dist-Code
X-BBC-Origin-Response-Status
X-Release
X-NU-AKA-ACS-Version
X-Snapshot-Date
Magicmarker
X-Li-Proto
Ngx
CountryCode
X-Storefront-Renderer-Verified
Fastcgi-Cache-Ttl
X-Th-Server
X-Back
Content-Script-Type
Content-Style-Type
X-Backend-State