Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Server
X-Robots-Tag
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
X-Akamai-Path-Stats
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
Accept-CH
X-Backend-Server
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
X-Cloud-Trace-Context
Rating
X-Url
X-Trace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Mod-Pagespeed
X-Rack-Cache
X-TtlSet
X-Vname
X-PC
X-Server-Name
X-Clacks-Overhead
RTSS
Edge-Control
X-Ruxit-JS-Agent
X-Varnish-TTL
X-VARITI-CCR
X-ESI
X-Content-Type
Cache-Tag
X-Vcap-Request-Id
X-B3-TraceId
X-Amz-Server-Side-Encryption
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Server
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cnection
X-Px
X-Ac
X-RateLimit-Remaining
X-D2id
Accept-Ch
X-Element-Page-Cache
X-Navigation-Version
Verso
X-Abt-Application-Version
X-Client-IP
X-Edge
X-Powered-By-Plesk
X-Sol
X-Cache-TTL
Pagespeed
X-Middleton-Display
Display
X-Ser
X-Version
X-Ruxit-Js-Agent
Service-Worker-Allowed
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-Country-Code
X-GitHub-Request-Id
X-Middleton-Response
Response
X-NF-Request-ID
X-Ttl
X-Goog-Hash
Access-Control-Request-Method
X-Correlation-Id
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-Webkit-Csp
X-Edge-Location-Klb
AR-CACHE
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
X-Upstream
X-NWS-LOG-UUID
X-RateLimit-Limit
X-LLID
SPRequestGuid
X-Powered-CMS
X-SharePointHealthScore
X-Cached
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Cache-Key
Edge-Cache-Tag
X-Litespeed-Cache
X-TTL
Nginx-Cache
TCN
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-MSEdge-Ref
Content-MD5
Mrf-Cache-Status
MRF-Tech
X-Id
X-Shield-Request-Id
X-Daa-Tunnel
X-B3-TraceId-Primal
X-T
MS-Author-Via
X-Recruiting
S
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Mg-S
X-Ua-Device
X-Protected-By
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Accel-Expires
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HS-Cache-Config
X-HS-Combine-CSS
MicrosoftSharePointTeamServices
X-HS-Content-Id
X-HS-Hub-Id
X-Grace
X-Content
X-Ab
X-Frontend
X-Ua-Browser
Server-Node
Front-End-Https
X-Request-Received
X-ECACHE
X-Request-Processing-Time
X-DataDome
X-Yandex-Sdch-Disable
Filters
X-Server-ID
X-DynaTrace
X-Mid
Fastcgi-Cache
TP-Cache
TP-L2-Cache
X-ORACLE-DMS-ECID
X-Geo-Country
X-Origin-Server
X-Hits
X-Distributor
X-ORACLE-DMS-RID
X-PressLabs-Stats
X-Debug-Info
X-Microsite
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
X-Amzn-Trace-Id
X-Tt-Trace-Host
Cross-Origin-Opener-Policy
Charset
X-Tt-Trace-Tag
X-Git-Hash
X-DIS-Request-ID
Cleartype
X-F-Cache
X-Page-Id
Host
X-WebKit-CSP-Report-Only
Pinterest-Version
Pinterest-Generated-By
X-B3-Sampled
X-LB-Cache
X-Pinterest-Rid
X-Www-Served-By
X-Cache-Age
X-Forwarded-Proto
Access-Control-Allow-Method
X-MCACHE
ServerID
X-Seen-By
Cache-Status
Cache-Tags
X-Cluster-Name
X-Activity-Id
X-Az
X-AppVersion
X-Aspnetmvc-Version
Accept-Charset
X-Varnish-Age
Realpath
X-Language
Filterid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Rid
X-Type
X-Nginx-Upstream-Cache-Status
X-Content-Options
Server-Name
X-App-Environment
X-Oracle-Dms-Ecid
Country
X-Varnish-Grace
Node
Viewport
X-Tb
X-NWS-UUID-VERIFY
Retry-After
X-Upgrade-Enabled
X-Oracle-Dms-Rid
X-B-Cache
X-Mobile-URL
X-FB-Debug
X-Signature
X-Origin-Cache
X-User-Agent
X-Whom
X-Is-Crawler
X-Wix-Request-Id
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Goog-Stored-Content-Length
X-Flags
DC
X-Drupal-Cache-Tags
X-Aspnet-Duration-Ms
Paypal-Debug-Id
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Varnish-Backend
X-Fastly-Request-ID
X-TT
X-VCache
Protected
Fastcgi-Useragent
X-XRDS-LOCATION
X-Via-JSL
X-B
X-N
X-Debug
X-Amz-Replication-Status
X-Fastcgi-Cache
X-Contextid
X-Cache-NGX
X-Logged-In
Payment
X-XRDS-Location
X-Load-Cache
WPO-Cache-Message
WPO-Cache-Status
Surrogate-Key
X-Fastly-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-B3-Traceid
X-Template
Amp-Access-Control-Allow-Source-Origin
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-FW-Server
Count-Hit
X-Cache-Control
X-FW-Static
X-Trace-Id
X-Node-Name
Healthy
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Hostname
Permissions-Policy
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-G
Akamai-GRN
X-Mcache
X-Jobs
X-Proxy
X-UUID
Content-Disposition
X-Mobile
X-Revision
X-Cache-Time
Refresh
X-Is-Bot
X-Zen-Fury
X-Cache-TTL-Remaining
X-Framework
X-Rendered-As
Uber-Trace-Id
X-Akamai-Request-ID2
X-Real-IP
X-Cacheable-TTL
X-Adobe-Loc
Access-Control-Request-Headers
X-Page-View
X-Proxy-Cache-Status
X-Http-Reason
X-Adobe-Content
X-Device-Type
X-Drupal-Cache-Contexts
X-Yottaa-Metrics
Alternate-Protocol
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Instance
X-Yottaa-Optimizations
NGB
X-Debug-IsPreview
X-Debug-IsConnected
Url
X-IPLB-Instance
X-Servername
X-Cache-Grace
X-ECache
Version
X-Source
X-Cache-Rule
From-Origin
X-Varnish-Server
X-Mg-Request-UUID
X-Environment-Context
X-L-Path
X-Restarts
X-Vgn-Hpd-Reason
X-Oneagent-Js-Injection
X-Parallel-Accel
X-Cache-Hit
X-NGENIX-Cache
X-EdgeConnect-Cache-Status
Accept-Language
X-Cache-Expired-At
X-Datadome
X-RTag
Ms-Operation-Id
MS-CV
Referer-Policy
X-HTML-Minification-Powered-By
Frame-Options
X-App-Server
Countrycode
X-Tumblr-Pixel
Cross-Origin-Window-Policy
X-FW-Version
Liferay-Portal
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-NYM-Debug-Backend
X-Tumblr-User
Backend
X-IPS-LoggedIn
X-COUNTRY
X-APP-VERSION
X-Cache-Action
X-Nginx-Cache
Content-Secure-Policy
X-ProcessESI
X-RemovedCookies
CF-IPCountry
Section-Io-Cache
WP-Super-Cache
Upgrade-Insecure-Requests
X-Cache-Server
Cache-Tv-Group
X-RN-RSRV
Meta-Geo
X-Redis-Cache
X-UPSTREAM-Address
X-Hosted-By
X-Ua
X-OCL
X-No-Session
X-UA-Device-Type
X-Web-Node
X-Varnish-Cache-Hits
X-PCL
X-Section
X-Region
X-Request-Time
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Human
X-Generation-Time
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Ec-Rule-Version
X-AOL-HN
X-FB-TRIP-ID
X-Format
X-Detected-As
X-Cache-Type
X-Cache-Enabled
X-Content-Age
X-Access
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-Be
X-Akamai-Edgescape
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Mn-Server-Ip
Locale
Fastly-SSL
Property-Id
S-Rt
TWC-Device-Class
TWC-Connection-Speed
X-BYPASS-REASON
X-Cluster-Node
X-Storage
X-Sql-Duration-Ms
X-Sql-Count
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Via-Fastly
X-Uri
X-Server-W
X-ProxyCache-Status
X-Nginx-Cache-Key
X-Generated-By
X-Content-Powered-By
X-Origin-Date
X-Origin-Hint
X-ProxyCache-Key
X-PHP-Backend
Apigw-Requestid
X-Site-Version
X-Mode
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-CachedAt
X-Adobe-Source
X-Hyper-Cache
CDN-Cache
CDN-RequestId
X-Forwarded-Host
X-Midtier
Eomportal-Instance
X-ApacheServer
X-Cache-Host
X-Cache-Tags
X-Platform-Server
X-Debug-Cache
CDN-Uid
X-PERF
X-Status
X-Xfnlog-Site
X-Ratelimit-Remaining
X-Tid
X-Alternate-Cache-Key
X-Extlb
X-Unique-Id
X-Varnishpool
X-Backend-Name
X-Sorting-Hat-ShopId
X-Zipkin-Id
X-Sorting-Hat-PodId
X-Handled-By
X-Hl-Ver
X-Routing-Service
X-SaId
X-ServerID
X-Shopify-Stage
X-ShopId
X-ShardId
X-Proxied
X-JoinUs
Webserver
X-NewRelic-App-Data
X-Locale
X-GG-Cache-Date
X-PHP-Host
X-Labrador-Cache-Channel
X-Rule
X-TT-LOGID
ServedBy
X-VWS-Id
X-Cache-Operation
X-LJ-Flow-ID
X-AWS-Id
X-VC-Cache
Selected-Fe
X-Edge-Location
X-Proxy-Build
X-Timing-Wait
X-LSADC-Cache
X-Cms-Context
X-Soup
X-Accel-Buffering
X-Cache-Remote
X-Storefront-Renderer-Rendered
X-Rewrite-Enabled
X-Proto
X-Cached-By
SID
SRV
Mime-Version
X-Dc
Fastly-Drupal-Html
Web-Mar-Node
X-GEO
Load-Balancing
X-GeoCode
Xserver
X-CDN-Forward
Onion-Location
X-GeoCountry
X-Pubstack
X-Cdn
X-TA-CDN-Provider
X-Reqid
X-Varnish-Hostname
Cache-Hits
X-App-Version
Country-Code
X-Request-Host
X-Microcachable
X-Origin-CC
X-Origin-TTL
X-Buckets
Decoy-Debug-Status
X-Ratelimit-Limit
Decoy-Debug-TTL
Decoy-Debug-Key
LB
X-Cluster
X-Varnish-Hits
Server-Info
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
Xet-Cookie
X-SRV
X-Envoy-Decorator-Operation
X-Ms-Request-Id
X-Ms-Version
X-Magnolia-Registration
X-NCache
X-Air-Source
X-Amz-Apigw-Id
X-B3-SpanId
X-Amzn-RequestId
X-Air-Trace-Id
X-CSRF-Token
X-Air-Hostname
X-RCS-CacheZone
DB-Nickname
DynaTrace
X-Tx-Id
X-Bc-Bl
X-Endurance-Cache-Level
Cache
X-Ec-Custom-Error
X-Fetched-On
Sslversion
X-Ftr-Request-Id
Rendered-Blocks
X-From
Pramga
X-Esi-Check
X-Epic-Correlation-Id
X-External-Request-Id
X-Ec-GeoHdr
X-Forwarded-Path
X-Ec-Fail
Odigeo-Trace-Id
Source
BehaviorPad-Version
X-Cache-Id
X-AK-Request-ID
Cdncip
X-Aed
X-Cache-Info
X-CF-Lambda-Fn
X-A-Wwc
X-Cdn-Srv
X-Cache-NE
Cdnsip
Fastly-GeoIP-CountryCode
X-B-Cookie
X-ARC
X-Application
Expiry
DCR-Processing-Time-Ms
DCR-Decision-By
X-Cache-Bucket
Cmsid
Cmstype
X-CF-Lambda-Version
A
MD5-Digest
Lang
X-Developer
X-Destination
Meta-Geo-Continent
Mobile-Detection-Method
Surrogated-Key
X-Device-Os
T-Server
X-A
Host-ID
X-Connection-Hash
X-Conf
X-A-Dcw
X-A-Dgt
X-Core-Mission
X-A-Dam
Fastcgi-X-Cache-Version
X-D
X-A-Ccd
NM-Fastcgi-Cache
Xc-Version
X-Rojux
X-Processor
X-S
X-S-Cookie
X-Vdms-Version
X-VG-WebCache
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Vtex-Remote-Cache
X-Node-Id
X-Orig-Expires
X-Vtex-Processado-Em
X-Origin-Response-Time
X-Vdms-Path
X-Time
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Tenant
X-TIM-N
X-User
X-TrackingId
X-SRCache-Key
X-Sigma-Backend
X-SD-PageType
X-ScT
X-Session-Fingerprint
X-Shop-Environment
X-Sigma
X-NAPM-TraceId
X-Rocket-Build-Number
X-Webstats-RespID
X-Ig-Push-State
X-Hash
X-HS-Content-Campaign-Id
X-Varnish-Beresp-Grace
X-Gzip
X-Geo-Header
X-ZONE
Cache-Name
X-Varnish-Ttl
X-R9-Blue-Green-Version
X-Variation
X-Skip-Cache
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Varnish-CookieHashed-On
Web-Mar-Region
X-Fmm-Version
X-Fastly-Cache
X-Served-From
X-Slack-Backend
X-Is-Gdpr
X-Scheme
X-Irp-Debug
Thinkindot-CacheControl-Type
X-TNCMS
Ssr
X-Thinkindot-L3
Server-Host
Req-Svc-Chain
Producers
X-GeoIP
State
X-Has-Esi
X-Amzn-Remapped-Content-Length
Thinkindot-Control
Traceparent
X-Hnp-Log
Thinkindot-CacheControl
X-Gdpr
TDXMobile
User-Cache-Control
X-Varnish-CookieINHashed-On
X-DPWN-IS-SECURE
X-Origin-Time
X-Origin-Expires
X-Loop
X-Clara-WADP
X-Planisys-CDN-Rules
X-Ckpd-Fst-Backend
X-Planisys-CDN-Cache
X-Origin
X-Dispatcher-Number
X-DefElseHash
X-DefHash
X-Developers
X-NodeID
X-Nyt-Route
X-WADP-Cache
X-Core-Value
Platform
X-Planisys-CDN-TTL
X-Pool
X-VG-TLSProxy
X-Wix-Viewer-Type
X-Block-Status
X-Worker
X-V-Cache
X-Mvc-Supplant-Cachable
X-Varnish-Remaining-TTL
X-BBC-Edge-Cache-Status
X-Cache-Backend
X-JWT-State
X-Gen-Mode
X-Location
X-CacheTTL
X-Rocket-Nginx-Serving-Static
X-Loc
X-VServer
X-LAGOON
X-Cache-Date
X-SB
We-Hiring
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Origin
AKAMAI
Mail-Subject
CloudFront-Viewer-Country
Is-Eu
Environment
X-Azure-Ref
Kp-EeAlive
Machine
L
Adler-Geo
Memcached
CDN
Origin-EX
Origin-CC
X-Policy
X-Gamma-Serve
X-Auto-Login
X-Generated-On
X-Forwarded-Site
X-Proxy-Cache-Info
X-Qloud-Router
Fastly-SWR
X-RateLimit-Limit-Second
X-Aicache-OS
Fastly-SIE
X-Pod-Name
Fastcgi-Cache-TTL
X-Proxy-Upstream
DSUID
X-Httpd
X-HN
X-Cdn-Origin
X-Csrf-Jwt
X-CGP
X-Level-Front-Cache
X-RateLimit-Remaining-Second
X-Datadog-Parent-Id
X-Branch-Name
Cluster
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
CDCHOST
X-Platform
X-Minions-Version
X-Rebelmouse-Cache-Control
Server-Ext
X-Eu-Site
X-Sn-Servicetimems
X-SIPLIST1
X-Via-Ucdn
X-Viewer-Country
X-IPLB-Request-ID
Server-Hostname
X-Via-NSCOPI
Sever-Int
NGX
N-Cache
X-VarnishDD-TTL
Svr
Locid
X-Server-IP
Redirect-Candidate
Gh-Request-Id
Ha-Gx-Prefs
X-Request-URI
X-Region-Sid
X-Rebelmouse-Surrogate-Control
PFcat
V-Age
HA-Ipaddr
Vix-Hermes-Req-Id
IsBot
Release
L5d-Success-Class
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Men
Ohc-File-Size
X-GeoIP-City
Arc-Country
X-Scale
X-Optimistic-Header
HostName
X-EC-Lua
X-Response-By
Pics-Label
X-CS
X-Owner
X-Old-Content-Length
X-Srv
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-NC
X-Parent-Response-Time
X-Refresh
X-Newrelic-Synthetics
X-Udemy-Cache-App-Namespace
X-Ah-Environment
Memory
X-BCube-Filmed-By
X-Wikidot-Backend
X-Ad-Defer-Variation
Cache-Key
X-Tb-Optimization-Total-Bytes-Saved
Candidate-Md5Url
X-Tt-Logid
Env
Time
X-LB-NoCache
X-DSS
X-DB
Datacenter
X-DI
X-DW
X-TraceId
X-RSL
X-RPS
X-RPM
Servername
X-Wikidot-Static-Cache
X-TIME
Ms-Author-Via
X-Akamai-Transformed
AMP-Access-Control-Allow-Source-Origin
X-VC
X-Mvc-Supplant-OutputCached
X-Accel-Expires-Debug
X-Date
CPC-Cache
CPC-Age
X-Contensis-Viewer-Groups
X-Cache-ASPX
VNS-Age
VNS-Cache
XM
X-SplitTest
X-Edge-Pop
Fastly-Backend-Name
GEO-INFO
X-Varnish-Authentication
X-GeoIP-Country-Code
X-Generated-In
X-WA-Info
X-GeoIP-Region-Code
X-Cache-Status-Check
X-Amz-Meta-Cb-Modifiedtime
X-Webkit-CSP
X-Xrds-Location
X-Micro-Cache
GeoIp-Country-Code
X-Servedbyhost
X-Via-Popn
X-Via-Poph
X-Cache-Debug
X-Via-Popv
Path
X-AIR-PT
X-CACHE-KEY
X-S-Maxage
ITXSESSIONID
X-API-Version
X-Presslabs-Stats
Lb
X-HA-Backend
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
X-RateLimit-Reset
Geo-Info
X-Vc
Ohc-Cache-HIT
Fusion-Content-Source
X-DC
X-VCL-Version
Cache-Host
CacheControlHeader
Client
X-TH-Server
True-Client-Country-4JS
Geoip-Latitude
True-Client-IP
Ngx.Var.Host
X-Action
Server-ID
X-VHOST
X-Cs
Hostname
X-Trace-ID
X-Api-Version
FSS-Cache
X-Backend-TTL
XkeyRZ
X-Proxy-CacheRZ
X-Clientip
X-Varnish-Beresp-TTL
X-Fpc
Edge-Cache
X-FireWall-Port
X-Req
My-App
Powered-By
X-Webkit-Csp-Report-Only
X-Provided-By
X-Zone
X-TX-ID
X-PX
X-Varnish-Beresp-Ttl
X-Pass-Why
X-Traceid
X-B3-Spanid
X-Origin-Upstream-Status
X-CSRF-TOKEN
X-Up
X-Dmc
Test
X-MSEdge-Flight
X-MSEdge-Features
X-FPC
NtCoent-Length
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-HS-Status
X-Cdn-Request-ID
X-Render-Time
X-INCAP-ABP
X-LB-ID
X-Correlation-ID
X-Beluga-Node
X-Beluga-Cache-Status
DataCenter
X-Webkit-CSP-Report-Only
X-Beluga-Trace
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Status
User-Agent
Rip
Server-Id
C-Via
Srvid
X-Li-Fabric
X-Gateway-Cache-Key
Click-Count-Action-Start
X-Gateway-Request-Id
X-LI-UUID
Tube-Get-Contents
X-Service
X-Gateway-Cache-Status
X-Vcl-Version
OT-Force-Account-Verify
Tube-Got-Results
Tube-Got-Eval
X-UnsetCookies
Click-Count-Error
Proxy-Connection
X-Li-Pop
Tube-Return
X-Gateway-Skip-Cache
X-M-Reqid
X-RAMCache
WZWS-RAY
X-Ha-Backend
X-Via-PopN
X-Via-PopH
X-Via-PopV
Esi-Enabled
X-Time-Microsecs
X-URL
X-ND-Cache
GeoIP-Latitude
X-M-Log
X-Alfa-Service
X-Qnm-Cache
X-DynaTrace-JS-Agent
X-Dynatrace
Uri
Sid
GeoIP-Country-Code
X-CUA
HIT
X-ServedByHost
On-Server
Resin-Trace
X-Check-Cacheable
MIME-Version
X-Akamai-Pragma-Client-IP
Epwk-X-Cache
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Proxy-Cache-Hk
X-Hcs-Proxy-Type
X-Fragments
X-Platform-Processor
Target-Params
X-Fetch-By
Cf-Device-Type
X-Platform-Router
X-Platform-Cluster
Tracecode
X-LI-Proto
X-Geo
Srv
X-ATG-Version
Fastly-Drupal-HTML
X-Cdn-Forward
X-TRACE-ID
X-APP
Lfy
X-FC-Vary-Parameters
X-Backend-Host
X-Fastly-Backend-Reqs
X-Sucuri-ID
X-Sucuri-Cache
X-Var-Ttl
X-Fastly-Backend
Cdn
X-Azure-Ref-OriginShield
Tcn
X-Esi
Section-Io-Origin-Time-Seconds
X-Varnish-Beresp-Status
XServer
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Id
X-Lb-Nocache
X-B3-Traceid-Primal
X-App
ServerName
ENV
X-Cache-Expires
X-Edge-POP
X-LiteSpeed-Cache-Control
X-Srcache-Store-Status
X-MG-S
X-Srcache-Fetch-Status
X-Backend-State
CF-Cached-On
X-ElasticPress-Query
X-Yottaa-OS
PICS-Label
Inserted-Into-Cache-At
X-Newrelic-App-Data
Magicmarker
X-Li-Proto
X-NU-AKA-ACS-Version
CountryCode
D-Url-Rewrites
X-Vcache
X-Iplb-Request-Id
X-HostName
X-Iplb-Instance
WebServer
Wpo-Cache-Status
Cf-Ipcountry
X-CF-Powered-By
X-Serial
X-Acquia-Application-Trace
Server-Ttl
X-Nc
X-Edge-Origin-Shield-Region
M-TraceId
Wpo-Cache-Message
X-Acquia-Application-UUID
X-Acquia-Site
X-Edge-Origin-Shield-Bytes
X-Acquia-Purge-Tags
Servedby
Warning
Hit
Fastcgi-Cache-Ttl
Vha6-Origin
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Vercel-Id
X-Vercel-Cache
X-Fastly-Cache-Hits
Ngx
X-Litespeed-Cache-Control
Cneonction
X-Snapshot-Date
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cache-CFC
X-B3-Parentspanid
X-Request-Start
X-Request-Url
X-Dist-Code
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
Content-Style-Type
Content-Script-Type
X-BBC-Origin-Response-Status
X-Release
X-Dw-Trace-Id
X-Request-URL