Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
X-Request-ID
Upgrade
X-Via
CF-Ray
Report-To
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-UA-Device
Request-Context
X-Age
X-Backend
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Server
X-Amz-Request-Id
Host-Header
NEL
X-Amz-Id-2
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Nginx-Cache-Status
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Ua-Compatible
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Cache-Spec
Accept-CH
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Ruxit-JS-Agent
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
Accept-Ch-Lifetime
X-Cache-Lookup
X-Trace
X-Url
Allow
X-Ac
X-Content-Type
X-PC
X-TtlSet
X-Vname
X-Aws-Lambda-Call-Status
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-Server-Name
Fastly-Restarts
X-ESI
X-Mod-Pagespeed
Cache-Tag
X-Rack-Cache
Service-Worker-Allowed
X-FastCGI-Cache
X-VARITI-CCR
Verso
X-Element-Page-Cache
X-Vcap-Request-Id
X-Upstream
X-Amz-Rid
X-MS-InvokeApp
MS-Author-Via
X-GitHub-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-Abt-Application-Version
RTSS
X-D2id
X-Cnection
X-Px
X-Cache-TTL
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-TTL
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-Country-Code
X-Powered-By-Plesk
X-Navigation-Version
X-Goog-Hash
X-NF-Request-ID
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
AR-CACHE
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Sol
X-Powered-CMS
X-Middleton-Display
Pagespeed
Display
X-Version
X-Origin-Cache
Response
X-Middleton-Response
X-LLID
X-MSEdge-Ref
X-CST
TCN
X-Edge-Location-Klb
X-RateLimit-Remaining
Nginx-Cache
X-Kinsta-Cache
X-Amz-Server-Side-Encryption
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Edge
X-Protected-By
X-SRCache-Fetch-Status
X-T
X-SRCache-Store-Status
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Shield-Request-Id
X-Aspnetmvc-Version
X-Id
X-Language
Edge-Cache-Tag
S
Content-MD5
SPIisLatency
SPRequestDuration
Front-End-Https
Fastcgi-Cache
X-Mid
Realpath
Server-Node
X-Request-Received
X-Request-Processing-Time
Pinterest-Generated-By
Pinterest-Version
Filters
X-Pinterest-Rid
X-Frontend
X-Recruiting
Server-Name
X-Ua-Browser
X-Ab
X-Content
X-Cache-Key
X-Ser
X-NWS-LOG-UUID
Accept-Ch
X-MCACHE
X-Correlation-Id
X-Template
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Ruxit-Js-Agent
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-DynaTrace
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Hits
X-ECACHE
X-Parallel-Accel
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
X-Page-Id
Charset
Cleartype
X-B3-Sampled
Host
X-Litespeed-Cache
X-Git-Hash
X-Webkit-Csp
X-Daa-Tunnel
X-Www-Served-By
X-Debug-Info
X-Geo-Country
X-Content-Options
Alternate-Protocol
X-DIS-Request-ID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-Content-Digest
X-Amzn-Trace-Id
X-Hostname
X-Ttl
Cross-Origin-Opener-Policy
X-Amz-Replication-Status
Filterid
X-Ratelimit-Limit
X-Varnish-Age
X-Grace
X-F-Cache
X-FB-Debug
ServerID
X-DataDome
X-Upgrade-Enabled
X-AppVersion
X-Az
X-Activity-Id
X-VCache
X-N
X-Nginx-Upstream-Cache-Status
X-Accel-Expires
X-Rid
X-Fastly-Request-ID
X-Forwarded-Proto
X-Mobile-URL
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
Access-Control-Allow-Method
X-Request-Guid
X-Route-Name
X-Origin-Server
X-LB-Cache
X-Type
X-Server-ID
X-Whom
X-Seen-By
X-TT
X-Goog-Storage-Class
X-App-Environment
X-Varnish-Grace
X-Tb
X-GUploader-UploadID
X-Goog-Generation
Viewport
Payment
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-FW-Type
X-FW-Static
X-FW-Dynamic
X-WebKit-CSP-Report-Only
X-FW-Serve
X-FW-Hash
X-FW-Server
X-Distributor
X-User-Agent
Node
Fastcgi-Useragent
Paypal-Debug-Id
DC
X-Wix-Request-Id
TP-Cache
Country
TP-L2-Cache
Accept-Charset
X-XRDS-LOCATION
X-Fastly-Request-Id
X-App-Server
X-Cache-Rule
X-Ratelimit-Reset
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Cache-Control
X-Via-JSL
X-NGENIX-Cache
X-Fastcgi-Cache
X-Cluster-Name
Version
X-Drupal-Cache-Tags
X-Cache-Age
X-Signature
X-B-Cache
X-Contextid
X-Buckets
X-Request-Handler-Origin-Region
X-Microsite
Referer-Policy
Cache-Status
X-Oracle-Dms-Ecid
Amp-Access-Control-Allow-Source-Origin
X-Origin-Upstream-Status
X-Node-Name
X-Logged-In
X-Oracle-Dms-Rid
Refresh
X-Response-Served-From
SD-X-WS
VIX-Pulpo-Node
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
X-Page-View
X-Jobs
X-Vgn-Hpd-Reason
X-Mobile
X-Load-Cache
X-Is-Bot
X-IPLB-Instance
X-Rendered-As
X-Real-IP
X-Cache-Expired-At
X-B
X-Erf-Bev-Bev-Is-Generated
X-Proxy-Cache-Status
X-Revision
X-Erf-Bev-Bev
X-Debug
NGB
X-Browser-Type
Access-Control-Request-Headers
X-Cacheable-TTL
X-RemovedCookies
X-Device-Type
X-Rule
X-Proxy
X-ProcessESI
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Instance
X-Cache-Action
X-Varnish-Backend
Surrogate-Key
X-G
X-Framework
X-UUID
Akamai-GRN
X-Drupal-Cache-Contexts
X-Cache-Time
X-Debug-IsPreview
X-FW-Version
X-Debug-IsConnected
CF-IPCountry
X-Accel-Buffering
SID
GEO-INFO
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
Count-Hit
X-Oneagent-Js-Injection
X-Cache-NGX
Uber-Trace-Id
X-RateLimit-Limit
X-Nginx-Cache
X-PressLabs-Stats
X-Cache-Operation
X-Azure-Ref
X-Presslabs-Stats
X-Source
X-Ms-Version
X-Ms-Request-Id
DynaTrace
X-XRDS-Location
X-Zen-Fury
X-EdgeConnect-Cache-Status
Protected
X-TEC-API-ROOT
X-APP-VERSION
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Liferay-Portal
Frame-Options
WPO-Cache-Status
X-CDN-Forward
WPO-Cache-Message
X-RTag
X-Cache-Hit
X-Servername
Ms-Operation-Id
MS-CV
Ec-Rule-Version
X-Backend-Name
X-Hyper-Cache
Healthy
Cross-Origin-Window-Policy
Countrycode
X-IPS-LoggedIn
X-Cache-TTL-Remaining
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-L-Path
X-Mode
X-Tumblr-User
X-Tumblr-Pixel-1
X-Environment-Context
Xserver
X-Adobe-Loc
X-Trace-Id
X-Varnish-Server
X-Ratelimit-Remaining
X-Adobe-Content
Content-Disposition
Backend
X-Rewrite-Enabled
X-RN-RSRV
X-SaId
Meta-Geo
X-Tid
LB
X-Detected-As
X-UPSTREAM-Address
X-Content-Age
X-JoinUs
Decoy-Debug-Status
Decoy-Debug-Key
Eomportal-Instance
X-Generation-Time
Country-Code
Apigw-Requestid
X-Hosted-By
X-Alternate-Cache-Key
X-Cache-Server
X-Debug-Cache
X-Extlb
X-Cache-Grace
Url
X-Format
X-ShardId
X-Sql-Duration-Ms
X-Sql-Count
X-Sorting-Hat-ShopId
Decoy-Debug-TTL
X-Proxied
X-Routing-Service
X-Uri
X-Redis-Cache
X-Sorting-Hat-PodId
X-Zipkin-Id
X-ShopId
X-Region
X-Shopify-Stage
X-UA-Device-Type
X-ServerID
CDN-CachedAt
CDN-EdgeStorageId
X-No-Session
CDN-PullZone
X-OCL
CDN-Cache
Mn-Server-Ip
X-Varnish-Beresp-Grace
X-Via-Fastly
X-Access
X-Origin-Date
Cache-Name
X-ApacheServer
CDN-RequestId
CDN-RequestCountryCode
CDN-Uid
X-PCL
X-Site-Version
X-Section
X-NCache
X-Microcachable
X-PERF
X-Human
X-Forwarded-Host
X-PHP-Backend
X-FB-TRIP-ID
Fastly-SSL
X-Status
TWC-Device-Class
X-Say-Cacheable
TWC-Connection-Speed
TWC-GeoIP-Country
X-Say-TTL
X-NYM-Debug-Backend
X-Akamai-Edgescape
Property-Id
X-Generated-By
X-Cache-Host
X-ProxyCache-Key
X-ProxyCache-Status
X-Content-Powered-By
X-Cluster-Node
X-Proxy-Build
X-Timing-Wait
X-Origin-Hint
X-Server-W
X-Storage
X-Pubstack
X-Cache-Type
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
X-SayCDN-TTL
X-BYPASS-REASON
Webcakes-Region
X-Web-Node
TWC-GeoIP-LatLong
Selected-Fe
Cache-Tv-Group
X-Varnishpool
X-Be
X-Soup
X-R9-Blue-Green-Version
X-Hl-Ver
Section-Io-Cache
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-LSADC-Cache
Azure-Version
Content-Secure-Policy
X-Nginx-Cache-Key
Retry-After
Azure-SlotName
X-NewRelic-App-Data
X-Ua
X-Webkit-CSP
X-TIME
X-Unique-Id
X-Cache-Remote
DB-Nickname
X-Cached-By
X-Azure-Ref-OriginShield
X-Platform-Server
X-Bc-Bl
X-TT-LOGID
OT-Force-Account-Verify
X-Akamai-Transformed
X-Dc
X-Xfnlog-Site
Cache
Source
X-Auto-Login
X-Cache-Tags
X-GEO
ServedBy
Upgrade-Insecure-Requests
X-Cdn
SRV
X-LAGOON
From-Origin
HostName
X-Varnish-Cache-Hits
Xet-Cookie
X-Origin-TTL
X-Origin-CC
X-AOL-HN
X-Request-Time
Mime-Version
X-TNCMS
X-Loop
X-Varnish-Hits
Cache-Hits
X-CSRF-Token
X-Varnish-Hostname
X-App-Version
X-HTML-Minification-Powered-By
X-S-Maxage
X-NWS-UUID-VERIFY
X-EC-Lua
Onion-Location
X-Request-Host
X-Time
WP-Super-Cache
X-SRV
Webserver
X-Xrds-Location
X-FireWall-Port
X-ECache
Web-Mar-Node
X-Cache-Enabled
X-Tumblr-Pixel-2
X-Handled-By
X-Tumblr-Pixel-3
N-Cache
X-B3-SpanId
X-Proto
X-Http-Reason
X-Correlation-ID
Ms-Author-Via
X-Adobe-Source
Nel
X-Akamai-Request-ID2
S-Rt
X-Tenant
X-Origin-Response-Time
X-RCS-CacheZone
X-Reqid
X-Endurance-Cache-Level
BehaviorPad-Version
X-A-Dgt
X-Rojux
X-Vtex-Processado-Em
X-Epic-Correlation-Id
X-Vtex-Remote-Cache
X-A-Wwc
X-External-Request-Id
X-A-Dam
X-ScT
X-A
Vix-Hermes-Req-Id
DCR-Decision-By
X-Gen-Mode
X-A-Ccd
X-Forwarded-Path
X-Developer
X-Ftr-Request-Id
X-A-Dcw
X-D
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-LJ-Flow-ID
X-SD-PageType
A
X-Cache-NE
X-Block-Status
X-Backend-TTL
X-B-Cookie
X-ARC
X-Ckpd-Fst-Backend
X-Connection-Hash
X-S
DCR-Processing-Time-Ms
X-Aed
X-Conf
X-S-Cookie
X-Application
X-Cluster
Xc-Version
X-Destination
X-VG-WebCache
X-Orig-Expires
X-Vdms-Version
X-Amz-Meta-S3cmd-Attrs
Odigeo-Trace-Id
Surrogated-Key
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Sslversion
X-Slack-Backend
X-Shop-Environment
X-Processor
X-NAPM-TraceId
Redirect-Candidate
Rendered-Blocks
X-Session-Fingerprint
Pramga
Expiry
Mobile-Detection-Method
V-Age
X-Vdms-Path
X-V-Cache
X-Planisys-CDN-Rules
X-PBS-Appsvrname
X-Planisys-CDN-TTL
X-GG-Cache-Date
X-Planisys-CDN-Cache
X-Hnp-Log
X-AWS-Id
X-SRCache-Key
X-VWS-Id
X-PAYTM-SRV-ID
X-TIM-N
X-Ig-Push-State
User-Cache-Control
X-ND-Cache
Server-Info
X-MP-GENERATED-AT
X-Time-Microsecs
X-Edge-Location
X-Magnolia-Registration
True-Client-Country-4JS
Traceparent
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
Svr
Origin
Origin-EX
Origin-CC
X-Aicache-OS
State
X-Accel-Expires-Debug
X-Device-Os
X-Request-URI
X-SVT-ORM-VERSION
X-Proxy-Upstream
X-Location
X-LI-UUID
X-Li-Pop
X-VG-TLSProxy
X-Hash
X-Li-Fabric
X-Men
X-Mg-Request-UUID
X-Origin
X-Origin-Expires
X-Origin-Time
X-Old-Content-Length
X-Nyt-Route
X-SVT-ORM-RULES
X-Mvc-Supplant-Cachable
X-NodeID
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Fastly-Backend
X-Date
X-Webstats-RespID
X-Sucuri-ID
X-Scheme
X-Cdn-Srv
X-Cache-Date
X-Policy
X-Cache-Info
X-Sucuri-Cache
X-Server-IP
X-VServer
X-Geo-Header
X-Viewer-Country
X-Rocket-Nginx-Serving-Static
X-Gdpr
X-Fastly-Cache
X-Fetched-On
X-Forwarded-Site
X-Cache-Bucket
X-Core-Mission
CacheControlHeader
Host-ID
Arc-Country
Cmsid
Gh-Request-Id
Fastcgi-Cache-TTL
DSUID
Cmstype
Apple-News-Services-Request-Url
CDCHOST
AKAMAI
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Locale
Apple-News-Services-Host
X-Via-NSCOPI
Environment
CloudFront-Viewer-Country
X-VarnishDD-TTL
X-Varnish-Beresp-Status
X-Datadog-Parent-Id
X-TrackingId
X-Csrf-Jwt
X-Amzn-RequestId
X-UnsetCookies
X-Cache-Id
X-Datadog-Sampling-Priority
X-Cdn-Origin
X-Branch-Name
X-Cache-Debug
X-Has-Esi
X-Amz-Apigw-Id
X-CGP
X-BBC-Edge-Cache-Status
X-TH-Server
X-RateLimit-Limit-Second
X-HN
X-Gzip
X-RateLimit-Remaining-Second
X-GeoIP
X-GeoIP-City
X-Platform
X-HS-Content-Campaign-Id
X-Node-Id
X-Varnish-Beresp-Ttl
X-Owner
X-PHP-Host
X-Irp-Debug
X-Labrador-Cache-Channel
X-Region-Sid
X-Req
X-Eu-Site
X-Storefront-Renderer-Rendered
X-Esi-Check
X-Envoy-Decorator-Operation
X-Backend-State
X-Developers
X-Skip-Cache
X-Sigma-Backend
X-Gamma-Serve
X-Rocket-Build-Number
X-Served-From
X-Sigma
Fastly-Drupal-Html
X-Datadog-Trace-Id
X-FC-Vary-Parameters
Ha-Gx-Prefs
Ssr
Fastly-GeoIP-CountryCode
HA-Ipaddr
Release
Req-Svc-Chain
X-Sn-Servicetimems
X-Restarts
We-Hiring
Web-Mar-Region
PFcat
L
Mail-Subject
X-ATG-Version
X-JWT-State
Machine
Locid
L5d-Success-Class
X-Is-Gdpr
Magicmarker
X-Worker
TDXMobile
X-Cache-Var
Server-Host
X-Tx-Id
X-Level-Front-Cache
Memcached
NM-Fastcgi-Cache
X-Pod-Name
X-Thinkindot-L3
X-Zone
X-Generated-On
X-Cache-Var-Map
Platform
X-Response-By
X-Rebelmouse-Surrogate-Control
Is-Eu
Thinkindot-CacheControl
Cf-Device-Type
Fastly-SIE
X-Rebelmouse-Cache-Control
X-DefElseHash
X-Amzn-Remapped-Content-Length
X-Loc
X-NU-AKA-ACS-Version
X-Qloud-Router
X-DefHash
X-DPWN-IS-SECURE
Adler-Geo
Fastly-SWR
X-Core-Value
X-Varnish-Remaining-TTL
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Variation
Accept-Language
X-Ua-Device
X-Trace-ID
AMP-Access-Control-Allow-Source-Origin
X-DSS
X-VC-Cache
X-DW
X-RPS
X-Wix-Viewer-Type
X-NC
X-Action
X-DB
X-DI
Edge-Cache
Kp-EeAlive
X-Cache-Backend
X-RPM
X-RSL
X-CS
NGX
X-LB-ID
X-Mvc-Supplant-OutputCached
CDN
X-Up
X-Request-Start
X-TraceId
X-Srv
X-Generated-In
X-Optimistic-Header
X-Thanos
X-CacheTTL
X-Minions-Version
X-API-Version
Pics-Label
X-Bip
X-LB-NoCache
X-M-Reqid
X-M-Log
X-Qnm-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Urbn-Site-Id
Memory
Env
X-Urbn-Context-Path
Locale
Time
WebServer
X-DC
X-Via-Popn
X-Via-Popv
X-Cache-Config
X-Refresh
X-Via-Poph
X-Varnish-Ttl
X-Tt-Logid
X-HA-Backend
X-Edge-Pop
Datacenter
X-Ec-GeoHdr
X-User
X-Ec-Fail
X-CACHE-KEY
GeoIp-Country-Code
X-Cache-Ttl
X-Parent-Response-Time
X-TA-CDN-Provider
X-DynaTrace-JS-Agent
X-Esi
NtCoent-Length
Server-ID
X-Servedbyhost
Candidate-Md5Url
X-MSEdge-Flight
X-ZONE
X-Dynatrace
X-MSEdge-Features
X-Webkit-Csp-Report-Only
X-CLOUD-TRACE-CONTEXT
X-Cs
X-Vc
On-Server
Cdnsip
Cdncip
WWW-Authenticate
X-AK-Request-ID
X-TX-ID
X-Datadome
X-Varnish-Beresp-TTL
X-VCL-Version
Esi-Enabled
X-Fmm-Version
X-Clara-WADP
My-App
Cluster
X-WADP-Cache
X-Traceid
Geoip-Latitude
X-LI-Proto
X-Fpc
X-CUA
X-Var-Ttl
X-App
Tracecode
X-Pass-Why
X-URL
C-Via
Lfy
X-From
X-Cache-PHP
T-Server
X-Unique-ID
X-Service
X-Li-Proto
DataCenter
X-VC
X-Newrelic-Synthetics
Lang
X-Fragments
X-FPC
X-B3-Spanid
X-Webkit-CSP-Report-Only
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
X-NODE
Proxy-Connection
Geo-Info
Target-Params
Test
X-Vcl-Version
X-Mcache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Cache-Status-Check
Resin-Trace
X-Render-Time
M-TraceId
X-Provided-By
Server-Id
X-RAMCache
X-LiteSpeed-Cache-Control
X-CSRF-TOKEN
Permissions-Policy
GeoIP-Country-Code
MIME-Version
X-ID
X-Ha-Backend
Hostname
X-Api-Version
Servername
X-Proxy-Cache-Info
X-Httpd
X-ServedByHost
X-Edge-POP
WZWS-RAY
X-Clientip
Hit
X-Dynatrace-Js-Agent
X-Geo
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Pad
Producers
X-Cdn-Forward
X-RateLimit-Reset
X-SB
FSS-Cache
X-NGINX-Cache
X-Platform-Processor
X-Oss-Object-Type
ENV
X-Platform-Router
X-Oss-Hash-Crc64ecma
X-Edge-Cache
X-Fastly-Backend-Reqs
X-Oss-Request-Id
X-Udemy-Cache-App-Namespace
Cache-Host
X-Platform-Cluster
X-Oss-Storage-Class
HIT
X-Oss-Server-Time
X-LiteSpeed-Tag
X-Pool
UCS
X-Ucs
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-AIR-PT
Section-Origin-Responded
X-Scale
X-Ec-Custom-Error
S-Cnection
X-Info
X-ElasticPress-Query
Cneonction
PICS-Label
X-Acquia-Site
X-UP
X-Cache-CFC
X-Lb-Nocache
MD5-Digest
ServerName
X-GoCache-CacheStatus
X-Cache-Expires
X-Acquia-Purge-Tags
Server-Ext
Uri
X-Dispatcher-Number
X-BBC-Origin-Response-Status
X-HS-Status
X-Check-Cacheable
Sever-Int
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Server-Hostname
URI
Ohc-File-Size
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Via-Ucdn
Server-Ttl
X-Lb-Id
Tcn
Fastly-Backend-Name
X-Micro-Cache
X-Release
User-Agent
X-SIPLIST1
X-Cdn-Request-ID
X-Swift-Error
X-Nc
X-Fastly-Cache-Hits
Cteonnt-Length
IsBot
X-Dw-Trace-Id
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Yottaa-OS
Wpo-Cache-Status
Ngx
Wpo-Cache-Message
X-Vcache
Cf-Ipcountry
X-Newrelic-App-Data
X-Backend-Host
X-Cms-Context
Vha6-Origin
X-Snapshot-Date
X-B3-ParentSpanId
CF-Cached-On
X-Cache-Ngx
Sid
X-Air-Pt
Load-Balancing
X-HostName
X-ServerName
X-IN-APIGATEWAY
X-Litespeed-Cache-Control
GeoIP-Latitude
X-B3-Parentspanid
X-Fetch-By
X-IN-APIGATEWAYSSL
X-Shopify-Generated-Cart-Token
Inserted-Into-Cache-At
X-Via-CDN
Shield-Pop
X-Cache-ASPX
X-BCube-Filmed-By
X-APP
EpKe-Alive
X-Apw-Hits
X-Apw-Access-Token
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Apw-Access-Action
X-Apw-Access-Object
X-Logging-Id
X-CacheKey
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
X-Last-Modified
X-Http-Count
X-Sentry-ID
X-UA
X-Akamai-Pragma-Client-IP
Req-ID
CountryCode
X-Akamai-Request-ID