Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
Status
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Akamai-Path-Stats
X-Dns-Prefetch-Control
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-UA-Device
Host-Header
X-Proxy-Cache
X-Hacker
X-Rq
Grace
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-LiteSpeed-Cache
X-Amz-Version-Id
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-CST
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Cache-Lookup
X-Response-Time
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Url
Accept-Ch
Fastly-Restarts
Accept-Ch-Lifetime
X-Country
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-TtlSet
X-Vname
X-PC
X-Amz-Server-Side-Encryption
RTSS
Edge-Control
X-VARITI-CCR
X-Varnish-TTL
X-FastCGI-Cache
X-ESI
X-Server-Name
X-Edge
Cache-Tag
X-Content-Type
X-B3-TraceId
X-Vcap-Request-Id
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Px
X-Amz-Rid
X-Dw-Request-Base-Id
X-ASPNET-VERSION
Public-Key-Pins
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Content-Security-Policy-Report-Only
X-Powered-By-Plesk
X-Sol
X-Middleton-Display
X-Abt-Application-Version
Pagespeed
Display
X-Ac
Verso
X-Client-IP
X-Element-Page-Cache
X-Version
Arr-Disable-Session-Affinity
X-RateLimit-Remaining
X-Cache-TTL
X-GitHub-Request-Id
X-Ttl
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
Response
X-Middleton-Response
X-Cached
X-Goog-Hash
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
X-Kinsta-Cache
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
AR-PoweredBy
AR-CACHE
AR-Request-ID
AR-ATIME
AR-SID
X-Powered-CMS
X-Instrumentation
X-Upstream
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Correlation-Id
X-LLID
Edge-Cache-Tag
X-WebKit-CSP-Report-Only
X-Forwarded-For
X-NWS-LOG-UUID
Content-MD5
X-Litespeed-Cache
X-TTL
X-Cache-Key
X-ECACHE
X-Ruxit-Js-Agent
Nginx-Cache
X-RateLimit-Limit
X-Id
X-Shield-Request-Id
X-MSEdge-Ref
TCN
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Recruiting
Mrf-Cache-Status
MRF-Tech
S
X-T
X-Daa-Tunnel
X-Content-Digest
X-B3-TraceId-Primal
X-DataDome
X-Mg-S
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ua-Device
X-Grace
TP-Cache
TP-L2-Cache
X-Mcache
X-Accel-Expires
X-DynaTrace
X-HS-Combine-CSS
X-HS-Cache-Config
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
MicrosoftSharePointTeamServices
Front-End-Https
X-Protected-By
Filters
X-Yandex-Sdch-Disable
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Ezoic-Cdn
X-Ab
X-Ua-Browser
X-Content
X-PressLabs-Stats
X-Distributor
X-ORACLE-DMS-ECID
X-Origin-Server
X-ORACLE-DMS-RID
X-Hits
Fastcgi-Cache
X-LB-Cache
MS-Author-Via
X-Geo-Country
X-Request-Handler-Origin-Region
X-Microsite
X-Mid
X-Amzn-Trace-Id
Charset
X-Tt-Trace-Tag
X-Tt-Trace-Host
Host
X-Webkit-Csp
X-Git-Hash
Cache-Status
X-Page-Id
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Fastly-Request-Id
Cleartype
X-F-Cache
X-Cache-Age
X-B3-Sampled
Realpath
X-Debug-Info
X-Seen-By
X-Activity-Id
X-AppVersion
X-Az
Access-Control-Allow-Method
X-DIS-Request-ID
X-Ratelimit-Reset
X-Nginx-Upstream-Cache-Status
X-Www-Served-By
Accept-Charset
X-Webkit-CSP
Permissions-Policy
Filterid
X-Server-ID
X-Aspnetmvc-Version
ServerID
Cache-Tags
X-Varnish-Age
X-Content-Options
X-Rid
X-Cluster-Name
Pinterest-Generated-By
X-FB-Debug
X-Pinterest-Rid
Pinterest-Version
Retry-After
X-Type
Server-Name
X-Midtier
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Backend
X-Varnish-Grace
X-App-Environment
X-Tb
X-Route-Name
X-User-Agent
X-Providence-Cookie
Country
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Request-Guid
X-Wix-Request-Id
X-Drupal-Cache-Tags
X-Signature
X-B-Cache
Viewport
X-Whom
X-Origin-Cache
X-B
X-VCache
DC
X-TT
Paypal-Debug-Id
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Node
X-Goog-Metageneration
X-Debug
Fastcgi-Useragent
X-Oneagent-Js-Injection
X-Language
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-NWS-UUID-VERIFY
X-Logged-In
X-Mobile-URL
X-Amz-Replication-Status
Protected
Payment
X-Cache-NGX
Amp-Access-Control-Allow-Source-Origin
Surrogate-Key
X-N
X-Load-Cache
X-Oracle-Dms-Ecid
WPO-Cache-Status
X-Cache-Control
WPO-Cache-Message
X-XRDS-LOCATION
X-Oracle-Dms-Rid
Count-Hit
X-XRDS-Location
Alternate-Protocol
Healthy
X-NGENIX-Cache
X-Contextid
X-Restarts
X-Mobile
X-Node-Name
X-Via-JSL
X-Proxy
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Original-Request-Id
X-MCACHE
Content-Disposition
SD-X-WS
X-Response-Served-From
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Dynamic
Url
Akamai-GRN
Refresh
X-G
X-Adobe-Loc
X-Adobe-Content
Uber-Trace-Id
X-Cache-Time
X-Akamai-Request-ID2
X-UUID
X-Page-View
X-Jobs
X-Real-IP
X-Revision
X-Servername
X-Zen-Fury
X-Framework
X-Device-Type
X-Http-Reason
X-Is-Bot
VIX-Pulpo-Node
X-Debug-IsPreview
X-Rendered-As
VIX-Pulpo-Upstream-Status
X-Debug-IsConnected
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
X-Varnish-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-TTL-Remaining
X-Cacheable-TTL
X-Mg-Request-UUID
X-Instance
X-Cache-Grace
Access-Control-Request-Headers
NGB
Frame-Options
X-HTML-Minification-Powered-By
X-Hostname
X-Environment-Context
X-L-Path
X-IPLB-Instance
X-Ratelimit-Remaining
X-EdgeConnect-Cache-Status
X-Template
Referer-Policy
Version
Countrycode
X-Source
X-ECache
X-B3-Traceid
X-RTag
X-COUNTRY
MS-CV
Ms-Operation-Id
Accept-Language
Liferay-Portal
X-Trace-Id
X-NYM-Debug-Backend
X-Datadome
X-Fastly-Request-ID
X-App-Server
X-Cache-Rule
X-Cache-Expired-At
Cross-Origin-Window-Policy
X-Cache-Hit
From-Origin
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
Backend
X-Tumblr-Pixel
X-Unique-Id
X-IPS-LoggedIn
X-Hosted-By
X-Vgn-Hpd-Reason
X-APP-VERSION
X-RemovedCookies
X-ProcessESI
Section-Io-Cache
X-Nginx-Cache
X-Cache-Server
Upgrade-Insecure-Requests
X-UPSTREAM-Address
X-Status
Meta-Geo
X-RN-RSRV
WP-Super-Cache
X-Ratelimit-Limit
X-FW-Version
Load-Balancing
X-OCL
X-PCL
X-No-Session
X-FB-TRIP-ID
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Section
CF-IPCountry
X-Ua
X-Origin-Date
X-Cache-Enabled
X-Request-Time
Content-Secure-Policy
X-Labrador-Cache-Channel
X-Region
X-AOL-HN
X-Via-Fastly
X-UA-Device-Type
X-Be
X-PHP-Backend
X-PHP-Host
X-Redis-Cache
X-Sql-Count
X-Sql-Duration-Ms
X-Access
Mn-Server-Ip
X-Content-Powered-By
X-Akamai-Edgescape
X-Mode
X-PERF
X-Nginx-Cache-Key
X-Human
X-Platform-Server
X-ProxyCache-Key
X-Say-TTL
X-Say-Cacheable
X-ProxyCache-Status
X-Generated-By
X-Format
X-Adobe-Source
S-Rt
Locale
X-ApacheServer
X-BYPASS-REASON
X-Debug-Cache
X-Cms-Context
X-Cache-Tags
X-SayCDN-TTL
X-Storage
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
Webcakes-Region
X-Cluster-Node
X-Varnish-Cache-Hits
X-Server-W
X-Origin-Hint
TWC-Locale-Group
TWC-GeoIP-LatLong
X-VC-Cache
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Xfnlog-Site
Property-Id
TWC-GeoIP-Country
TWC-Connection-Speed
Apigw-Requestid
TWC-Device-Class
X-Content-Age
Azure-SiteName
X-Alternate-Cache-Key
Azure-RegionName
Azure-InstanceId
X-Zipkin-Id
X-Cache-Type
Azure-SlotName
Azure-Version
X-Generation-Time
Fastly-SSL
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Web-Node
X-Detected-As
X-JoinUs
X-Hl-Ver
X-Site-Version
X-SaId
X-Routing-Service
X-GG-Cache-Date
X-GeoCountry
X-Varnishpool
X-Extlb
X-Uri
X-Forwarded-Host
X-GeoCode
Eomportal-Instance
X-Proxied
X-Sorting-Hat-PodId
X-Shopify-Stage
X-NewRelic-App-Data
X-Backend-Name
X-Proto
X-Dc
X-Cache-Host
X-Locale
X-Handled-By
X-Storefront-Renderer-Rendered
X-Tid
X-ServerID
X-Edge-Location
X-Proxy-Build
Selected-Fe
X-Timing-Wait
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-PullZone
Cache-Tv-Group
ServedBy
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
X-CDN-Forward
Ec-Rule-Version
Web-Mar-Node
X-App-Version
Fastly-Drupal-Html
X-LSADC-Cache
X-IPLB-Request-ID
Webserver
X-GEO
X-Magnolia-Registration
Onion-Location
X-Varnish-Hostname
Cache-Hits
X-Tt-Logid
X-Cache-Action
X-Envoy-Decorator-Operation
X-Cache-Operation
X-Cached-By
X-Cache-Remote
X-Cluster
X-Hyper-Cache
X-Air-Hostname
SRV
X-Air-Trace-Id
X-Air-Source
Mime-Version
X-Varnish-Hits
X-Rewrite-Enabled
X-Fastcgi-Cache
X-Cdn
SID
LB
X-Origin-CC
X-Soup
X-Origin-TTL
X-Parallel-Accel
X-Rule
Xet-Cookie
X-SRV
Xserver
Cache
DB-Nickname
Server-Info
X-Microcachable
Source
X-Accel-Buffering
X-MP-GENERATED-AT
X-Reqid
X-Xrds-Location
Country-Code
X-Pubstack
X-TA-CDN-Provider
X-Via-NSCOPI
X-Tumblr-Pixel-2
X-Buckets
X-CSRF-Token
Decoy-Debug-Key
X-Tumblr-Pixel-3
Decoy-Debug-TTL
X-Tx-Id
Decoy-Debug-Status
X-Origin-Response-Time
X-TT-LOGID
X-Cache-Status-Check
X-Endurance-Cache-Level
X-Skip-Cache
X-Request-Host
X-Forwarded-Path
X-CF-Lambda-Fn
X-Orig-Expires
X-Cdn-Srv
Host-ID
X-NAPM-TraceId
Xc-Version
X-ScT
X-CF-Lambda-Version
DynaTrace
Cache-Key
BehaviorPad-Version
MD5-Digest
X-Processor
X-Rojux
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-A-Ccd
X-Cache-NE
Lang
X-Conf
X-Connection-Hash
X-Session-Fingerprint
Cdnsip
DCR-Decision-By
X-Geo-Header
X-Ig-Push-State
X-Developer
X-Hash
Cmsid
Cmstype
X-A-Dam
X-Vdms-Version
Expiry
Fastcgi-X-Cache-Version
X-Vtex-Remote-Cache
Candidate-Md5Url
X-Vdms-Path
Cdncip
DCR-Processing-Time-Ms
X-D
Sslversion
X-A-Dgt
X-A-Dcw
X-AK-Request-ID
Datacenter
X-External-Request-Id
X-B3-SpanId
X-SplitTest
X-TIM-N
X-A
X-Application
X-S-Cookie
X-Tenant
Pramga
A
X-A-Wwc
X-S
X-Vtex-Processado-Em
X-Aed
X-SRCache-Key
X-Epic-Correlation-Id
X-VG-WebCache
Rendered-Blocks
Meta-Geo-Continent
X-ARC
X-Ec-Fail
NM-Fastcgi-Cache
X-User
Odigeo-Trace-Id
T-Server
Mobile-Detection-Method
X-Destination
X-SD-PageType
X-Shop-Environment
X-B-Cookie
Surrogated-Key
X-BCube-Filmed-By
X-Ec-GeoHdr
X-Amz-Apigw-Id
XM
X-Amzn-RequestId
X-TrackingId
X-AIR-PT
X-Newrelic-Synthetics
X-Azure-Ref
X-DPWN-IS-SECURE
X-Device-Os
X-Developers
X-Esi-Check
X-CacheTTL
Wxu-Next-Region
AKAMAI
Wxu-Next-Hostname
Memcached
State
X-Bc-Bl
Server-Host
X-Ad-Defer-Variation
Producers
Platform
Mail-Subject
X-Cache-Id
Environment
Wxu-Next-Commit
X-DefElseHash
X-DefHash
X-Core-Value
X-Core-Mission
Kp-EeAlive
Is-Eu
X-Ckpd-Fst-Backend
We-Hiring
X-HS-Content-Campaign-Id
X-Varnish-CookieINHashed-On
X-Origin
X-Varnish-CookieHashed-On
Adler-Geo
X-NodeID
X-Varnish-Remaining-TTL
X-Loop
X-Ms-Request-Id
X-Ms-Version
X-Origin-Expires
X-TNCMS
X-Sigma
X-SB
X-Scheme
X-Worker
X-Sigma-Backend
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Redirect-Candidate
X-Rocket-Build-Number
X-JWT-State
X-Variation
X-GeoIP
X-Wix-Viewer-Type
X-Has-Esi
X-Gzip
X-Fetched-On
X-Irp-Debug
X-Is-Gdpr
X-Varnish-Beresp-Grace
X-Time
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Amzn-Remapped-Content-Length
X-Gen-Mode
X-VServer
X-BBC-Edge-Cache-Status
X-VG-TLSProxy
X-RCS-CacheZone
X-Thinkindot-L3
User-Cache-Control
X-Ftr-Request-Id
X-Aicache-OS
X-Dispatcher-Number
X-Eu-Site
X-Fastly-Cache
X-Served-From
VNS-Cache
Vix-Hermes-Req-Id
VNS-Age
X-Ec-Custom-Error
X-SIPLIST1
X-Forwarded-Site
X-Gdpr
X-Rocket-Nginx-Serving-Static
X-WADP-Cache
Fastly-Backend-Name
X-Fmm-Version
X-Request-URI
X-Block-Status
X-Clara-WADP
X-Minions-Version
X-Hnp-Log
X-CGP
X-NCache
X-Mvc-Supplant-Cachable
X-Datadog-Trace-Id
X-Loc
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-LAGOON
X-Level-Front-Cache
X-Csrf-Jwt
X-VarnishDD-TTL
X-Node-Id
X-HN
X-Origin-Time
X-RateLimit-Limit-Second
X-Cache-Bucket
X-Branch-Name
X-RateLimit-Remaining-Second
X-V-Cache
X-Qloud-Router
X-Pool
X-Generated-On
X-GeoIP-City
X-Cache-Info
X-Platform
X-Policy
X-Nyt-Route
Thinkindot-Control
L5d-Success-Class
L
IsBot
HA-Ipaddr
X-EC-Lua
Machine
Origin-CC
Origin
NGX
N-Cache
Ha-Gx-Prefs
Fastly-SWR
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
CDCHOST
CloudFront-Viewer-Country
Fastly-SIE
Fastcgi-Cache-TTL
CPC-Cache
CPC-Age
Origin-EX
Fastly-GeoIP-CountryCode
Server-Ext
Req-Svc-Chain
Svr
TDXMobile
Server-Hostname
Thinkindot-CacheControl
Sever-Int
Traceparent
Ssr
PFcat
X-Varnish-Ttl
Thinkindot-CacheControl-Type
Release
DSUID
X-Gamma-Serve
X-Via-Ucdn
X-Viewer-Country
Cache-Name
X-Auto-Login
X-Cache-Backend
V-Age
X-Optimistic-Header
X-Planisys-CDN-Cache
X-Proxy-Upstream
X-Proxy-Cache-Info
X-WA-Info
Web-Mar-Region
X-Slack-Backend
X-Sn-Servicetimems
X-Cdn-Origin
X-Planisys-CDN-TTL
X-Scale
X-Cache-Date
HostName
Gh-Request-Id
Ohc-File-Size
X-R9-Blue-Green-Version
X-Wikidot-Backend
Cluster
X-Micro-Cache
X-Wikidot-Static-Cache
X-Planisys-CDN-Rules
X-Region-Sid
X-Pod-Name
X-Correlation-ID
X-WP-CF-Super-Cache-Cache-Control
X-Owner
X-WP-CF-Super-Cache
CDN
Pics-Label
X-ZONE
X-VC
Ngx.Var.Host
X-Server-IP
X-Refresh
Cache-Host
GEO-INFO
X-Httpd
X-CACHE-KEY
X-CS
X-Ah-Environment
XkeyRZ
X-Proxy-CacheRZ
Path
X-Parent-Response-Time
X-TIME
X-LB-NoCache
X-NC
Servername
Ms-Author-Via
X-Webstats-RespID
X-Servedbyhost
X-Mvc-Supplant-OutputCached
X-Cache-ASPX
Env
X-From
X-Edge-Pop
X-Contensis-Viewer-Groups
X-Srv
X-Tb-Optimization-Total-Bytes-Saved
X-Udemy-Cache-App-Namespace
X-RateLimit-Reset
X-Varnish-Authentication
X-Location
X-Generated-In
Time
X-Clientip
Memory
Lb
X-Via-Poph
X-API-Version
X-Amz-Meta-Cb-Modifiedtime
Locid
X-Via-Popv
X-Via-Popn
X-TraceId
Ohc-Cache-HIT
X-Men
X-Varnish-Beresp-TTL
X-S-Maxage
ITXSESSIONID
GeoIp-Country-Code
X-Response-By
Arc-Country
X-Vc
AMP-Access-Control-Allow-Source-Origin
X-Old-Content-Length
X-Akamai-Transformed
True-Client-IP
X-Dmc
X-Cs
X-RSL
X-RPS
X-RPM
X-VCL-Version
X-Accel-Expires-Debug
Geoip-Latitude
X-DSS
X-DW
X-Zone
X-HA-Backend
X-DI
Client
X-Date
X-DB
X-VHOST
Hostname
X-Tec-Api-Root
X-MSEdge-Flight
X-TRACE-ID
X-Render-Time
X-Tec-Api-Version
Server-ID
X-DynaTrace-JS-Agent
X-MSEdge-Features
X-Trace-ID
X-Tec-Api-Origin
X-URL
X-Presslabs-Stats
Rip
C-Via
X-Gateway-Skip-Cache
X-INCAP-ABP
X-GeoIP-Region-Code
X-Service
X-Fpc
X-Gateway-Request-Id
X-GeoIP-Country-Code
X-Gateway-Cache-Status
X-Gateway-Cache-Key
Tube-Got-Eval
Click-Count-Error
FSS-Cache
X-Cache-Debug
Tube-Return
X-FireWall-Port
Tube-Got-Results
Click-Count-Action-Start
Tube-Get-Contents
X-DC
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
X-M-Reqid
Fusion-Content-Id
Fusion-Component-Id
X-Qnm-Cache
X-M-Log
X-Webkit-Csp-Report-Only
X-Api-Version
On-Server
HIT
Powered-By
Esi-Enabled
NtCoent-Length
X-TX-ID
CacheControlHeader
X-NGINX-Cache
X-PX
X-B3-Spanid
X-CSRF-TOKEN
X-TH-Server
Srv
X-Action
X-Edge-Origin-Shield-Bytes
X-Alfa-Service
Tcn
True-Client-Country-4JS
X-Edge-Origin-Shield-Region
Test
OT-Force-Account-Verify
X-Backend-TTL
X-FPC
X-Cdn-Request-ID
X-Traceid
Cdn
X-Beluga-Response-Time
X-Vcl-Version
X-Beluga-Status
X-Beluga-Record
User-Agent
Edge-Cache
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Cache-Status
X-Proxy-Cache-Hk
Server-Id
X-HS-Status
Geo-Info
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
X-Pass-Why
X-Req
GeoIP-Country-Code
X-Via-PopH
Sid
X-Via-PopV
X-Via-PopN
GeoIP-Latitude
X-Varnish-Beresp-Ttl
X-Origin-Upstream-Status
X-App
Srvid
X-Ha-Backend
Resin-Trace
Uri
My-App
Proxy-Connection
X-CLOUD-TRACE-CONTEXT
DT-Hot-News
WebServer
M-TraceId
X-APP
MIME-Version
Server-Ttl
Cf-Int-Pingora-Origin-Digest
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Up
X-ServedByHost
Epwk-X-Cache
X-Bip
X-Thanos
X-Hcs-Proxy-Type
X-Cdn-Forward
X-Request-Start
True-Client-Ip
X-LB-ID
X-Fastly-Backend-Reqs
X-Backend-Host
ENV
Warning
X-Provided-By
X-Esi
ServerName
X-Lb-Nocache
X-B3-Traceid-Primal
X-ID
XServer
X-LI-UUID
X-LI-Proto
X-Geo
X-Li-Pop
X-Edge-POP
X-Li-Fabric
Dt-Hot-News
X-HostName
X-UnsetCookies
Magicmarker
CF-Cached-On
X-HITS
X-Webkit-CSP-Report-Only
X-Serial
X-Dw-Trace-Id
X-Nc
X-Newrelic-App-Data
X-Akamai-Request-ID
X-ElasticPress-Query
X-CF-Powered-By
X-Vercel-Id
Section-Origin-Responded
X-Fetch-By
PICS-Label
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-RAMCache
X-Vercel-Cache
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
X-IN-APIGATEWAY
X-Cc-Via
WZWS-RAY
X-Request-Url
Inserted-Into-Cache-At
Canary
X-Iplb-Instance
X-CMSURLCustom
X-Yottaa-OS
X-Varnish-Beresp-Status
X-IN-APIGATEWAYSSL
D-Url-Rewrites
X-ND-Cache
X-Iplb-Request-Id
X-Time-Microsecs
X-Vcache
Cdn-Requestid
Cdn-Uid
Cdn-Requestcountrycode
Cdn-Cache
Wp-Super-Cache
Cdn-Cachedat
Cdn-Pullzone
Cdn-Edgestorageid
Servedby
X-MiniProfiler-Ids
X-Azure-Ref-OriginShield
X-LiteSpeed-Tag
X-Back
X-Snapshot-Date
X-Release
X-BBC-Origin-Response-Status
X-Storefront-Renderer-Verified
Content-Style-Type
X-Request-URL
X-CUA
X-Th-Server
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Dist-Code
Cf-Device-Type
Vha6-Origin
X-Wp-Cf-Super-Cache-Cache-Control
DataCenter
CountryCode
Content-Script-Type