Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Request-Id
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
Report-To
X-Cache-Status
NEL
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Feature-Policy
X-Envoy-Upstream-Service-Time
Status
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Turbo-Charged-By
X-Cache-Group
X-UA-Device
Keep-Alive
P3p
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-AH-Environment
X-Server-Powered-By
X-Robots-Tag
X-Hacker
X-Server
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-WebKit-CSP
X-Nginx-Cache-Status
X-LiteSpeed-Cache
X-Page-Speed
X-Request-ID
EagleEye-TraceId
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dispatcher
X-Device
Accept-CH
X-Cache-Spec
X-Host
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
X-Dns-Prefetch-Control
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-Ruxit-JS-Agent
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
Allow
X-Url
X-Trace
X-Aws-Lambda-Call-Status
Accept-Ch-Lifetime
X-Vname
X-PC
X-TtlSet
X-Content-Type
X-Ac
X-Clacks-Overhead
X-Server-Name
Fastly-Restarts
Edge-Control
X-Varnish-TTL
X-ESI
Cache-Tag
X-Mod-Pagespeed
X-Rack-Cache
X-VARITI-CCR
Service-Worker-Allowed
MS-Author-Via
X-Element-Page-Cache
Verso
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
Public-Key-Pins
X-Upstream
X-GitHub-Request-Id
X-Dw-Request-Base-Id
RTSS
X-CST
X-Cnection
X-Abt-Application-Version
X-Client-IP
X-FastCGI-Cache
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Cache-TTL
X-D2id
X-Px
X-Cached
X-Navigation-Version
X-Powered-By-Plesk
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Goog-Hash
X-NF-Request-ID
X-TTL
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
AR-SID
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Version
Response
X-Middleton-Response
X-Powered-CMS
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-LLID
Nginx-Cache
X-RateLimit-Remaining
X-Edge-Location-Klb
X-Kinsta-Cache
TCN
X-Amz-Server-Side-Encryption
X-Origin-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Edge
X-Protected-By
X-T
X-Language
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-HP-Trace-Id
X-HP-Webp
Edge-Cache-Tag
X-Jurisdiction
X-Aspnetmvc-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-Id
SPIisLatency
SPRequestDuration
S
Content-MD5
X-Ser
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Correlation-Id
Front-End-Https
X-Cache-Key
Fastcgi-Cache
X-NWS-LOG-UUID
X-Template
Realpath
X-Mid
Server-Node
X-Request-Processing-Time
X-Recruiting
X-Request-Received
X-Frontend
Filters
X-Ua-Browser
X-Ab
X-Content
X-Yandex-Sdch-Disable
X-HS-Content-Id
Server-Name
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-MCACHE
X-Ruxit-Js-Agent
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace
X-Ezoic-Cdn
X-Hits
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Daa-Tunnel
X-Server-ID
X-Parallel-Accel
X-Ttl
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cleartype
Cache-Tags
Accept-Ch
X-Debug-Info
X-Litespeed-Cache
X-B3-Sampled
X-Page-Id
Charset
X-DataDome
X-ECACHE
Host
X-Geo-Country
X-Git-Hash
X-Www-Served-By
X-DIS-Request-ID
Cross-Origin-Opener-Policy
X-Ratelimit-Limit
X-Content-Options
X-Content-Digest
X-Amzn-Trace-Id
X-ASPNET-VERSION
X-Hostname
X-Grace
ServerID
X-F-Cache
X-Amz-Replication-Status
Alternate-Protocol
Filterid
X-Upgrade-Enabled
X-Accel-Expires
X-Fastcgi-Cache
X-FB-Debug
X-N
X-Varnish-Age
X-AppVersion
X-Activity-Id
X-Az
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-VCache
X-WebKit-CSP-Report-Only
X-Forwarded-Proto
X-Mobile-URL
X-LB-Cache
X-Nginx-Upstream-Cache-Status
X-Distributor
X-XRDS-LOCATION
X-Rid
X-Seen-By
X-Origin-Server
X-Fastly-Request-Id
X-Type
X-Tb
X-App-Environment
Viewport
X-Goog-Generation
X-Flags
X-Is-Crawler
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-TT
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Goog-Metageneration
X-Whom
X-Aspnet-Duration-Ms
X-FW-Server
X-FW-Static
X-FW-Type
X-Wix-Request-Id
X-Goog-Stored-Content-Length
X-FW-Serve
X-GUploader-UploadID
X-FW-Hash
X-FW-Dynamic
Access-Control-Allow-Method
X-User-Agent
Payment
Node
X-Ratelimit-Reset
Accept-Charset
Country
DC
Paypal-Debug-Id
Fastcgi-Useragent
X-Varnish-Grace
TP-L2-Cache
TP-Cache
X-Fastly-Request-ID
X-Via-JSL
X-Cluster-Name
X-App-Server
X-Oracle-Dms-Rid
X-Cache-Rule
X-Oracle-Dms-Ecid
X-Webkit-Csp
X-Drupal-Cache-Tags
X-Cache-Control
X-Signature
X-B-Cache
X-Buckets
X-Contextid
Cache-Status
Version
X-Cache-Age
X-Microsite
X-Request-Handler-Origin-Region
X-NGENIX-Cache
Amp-Access-Control-Allow-Source-Origin
Referer-Policy
X-Node-Name
Refresh
X-Varnish-Backend
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Load-Cache
VIX-Pulpo-Upstream-Status
X-TEC-API-VERSION
X-Logged-In
VIX-Pulpo-Node
X-Original-Request-Id
X-TEC-API-ORIGIN
NGB
X-Mobile
X-TEC-API-ROOT
X-Response-Served-From
SD-X-WS
X-Real-IP
X-Erf-Bev-Bev
X-Browser-Type
X-Rendered-As
X-Erf-Bev-Bev-Is-Generated
X-Cache-Expired-At
X-IPLB-Instance
X-Vgn-Hpd-Reason
X-Revision
X-Jobs
X-Is-Bot
X-Proxy-Cache-Status
X-Page-View
X-Cacheable-TTL
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
Surrogate-Key
X-Cache-Action
X-Debug
X-Yottaa-Metrics
X-B
X-Yottaa-Optimizations
X-Proxy
X-FW-Version
X-Framework
X-UUID
X-Device-Type
X-Rule
X-Instance
Akamai-GRN
X-Debug-IsPreview
X-Debug-IsConnected
X-Accel-Buffering
X-Cache-Time
X-G
X-RemovedCookies
X-ProcessESI
CF-IPCountry
X-Cache-NGX
X-Origin-Upstream-Status
SID
X-Presslabs-Stats
X-RateLimit-Limit
GEO-INFO
Count-Hit
Uber-Trace-Id
X-Ratelimit-Remaining
Protected
X-Nginx-Cache
X-Oneagent-Js-Injection
X-Cache-Operation
X-APP-VERSION
X-Source
X-Zen-Fury
X-Air-Source
X-Air-Hostname
X-EdgeConnect-Cache-Status
X-Air-Trace-Id
X-XRDS-Location
WPO-Cache-Status
X-Hyper-Cache
WPO-Cache-Message
X-Servername
X-Cache-TTL-Remaining
X-Ms-Version
X-Ms-Request-Id
X-Cache-Hit
Liferay-Portal
X-Azure-Ref
X-PressLabs-Stats
Ec-Rule-Version
DynaTrace
X-Trace-Id
Retry-After
Content-Disposition
Backend
X-Adobe-Content
X-CDN-Forward
X-RTag
MS-CV
Healthy
X-Adobe-Loc
Ms-Operation-Id
X-IPS-LoggedIn
Url
X-Mode
X-Cache-Grace
Cross-Origin-Window-Policy
X-Backend-Name
Frame-Options
Countrycode
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Unique-Id
X-Tumblr-User
X-Tumblr-Pixel-1
X-Detected-As
Meta-Geo
Xserver
X-Rewrite-Enabled
X-Redis-Cache
X-Environment-Context
X-RN-RSRV
X-NewRelic-App-Data
Country-Code
X-L-Path
X-UPSTREAM-Address
X-Uri
X-Tid
X-Sql-Count
X-Sql-Duration-Ms
X-Format
X-ShardId
X-Zipkin-Id
X-FB-TRIP-ID
X-Routing-Service
X-Sorting-Hat-PodId
X-Proxied
X-Sorting-Hat-ShopId
X-Debug-Cache
X-ShopId
X-Extlb
Apigw-Requestid
X-Content-Age
X-Hosted-By
X-Generation-Time
X-Varnish-Server
X-Shopify-Stage
X-Generated-By
Eomportal-Instance
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Cache-Server
X-Alternate-Cache-Key
X-OCL
X-NYM-Debug-Backend
Azure-SlotName
X-PERF
X-Akamai-Edgescape
Azure-SiteName
X-PHP-Backend
X-No-Session
X-Access
X-PCL
X-Origin-Date
X-Microcachable
CDN-RequestId
CDN-RequestCountryCode
X-ApacheServer
Mn-Server-Ip
CDN-Uid
X-Forwarded-Host
CDN-PullZone
X-Human
Azure-Version
X-NCache
Cache-Name
CDN-Cache
CDN-EdgeStorageId
CDN-CachedAt
X-Nginx-Cache-Key
TWC-Connection-Speed
X-Via-Fastly
TWC-Privacy
Webcakes-App-Name
X-ServerID
X-Web-Node
Azure-RegionName
Azure-InstanceId
Webcakes-App-Version
Webcakes-Region
X-UA-Device-Type
X-Status
X-Site-Version
X-Server-W
X-Pubstack
X-Cluster-Node
X-Origin-Hint
TWC-Locale-Group
X-Cache-Host
Content-Secure-Policy
TWC-Device-Class
X-Region
Property-Id
X-Say-Cacheable
TWC-GeoIP-Country
X-Say-TTL
X-Section
TWC-GeoIP-LatLong
X-SayCDN-TTL
X-Be
X-TIME
X-Timing-Wait
X-BYPASS-REASON
X-Storage
X-Proxy-Build
X-Content-Powered-By
Selected-Fe
X-ProxyCache-Key
X-Cache-Type
X-ProxyCache-Status
LB
Fastly-SSL
Cache-Tv-Group
X-Cache-Remote
X-JoinUs
X-Hl-Ver
X-SaId
X-Soup
X-Varnishpool
X-Ua
X-Varnish-Beresp-Grace
Section-Io-Cache
X-R9-Blue-Green-Version
X-LSADC-Cache
X-Platform-Server
X-Cached-By
DB-Nickname
X-Xfnlog-Site
X-Cache-Tags
X-Bc-Bl
X-NWS-UUID-VERIFY
From-Origin
X-Akamai-Transformed
Mime-Version
Upgrade-Insecure-Requests
Xet-Cookie
ServedBy
X-AOL-HN
X-Dc
OT-Force-Account-Verify
Cache
X-TT-LOGID
X-Varnish-Cache-Hits
X-Akamai-Request-ID2
X-ECache
X-GEO
X-Auto-Login
X-Http-Reason
X-Request-Time
S-Rt
X-Origin-CC
X-Cdn
Source
X-Origin-TTL
WP-Super-Cache
HostName
X-Azure-Ref-OriginShield
X-Request-Host
SRV
X-CSRF-Token
X-Cache-Enabled
X-LAGOON
X-SRV
X-Handled-By
Cache-Hits
X-Varnish-Hits
X-Loop
X-Varnish-Hostname
X-TNCMS
X-Reqid
X-Adobe-Source
X-Mg-Request-UUID
Webserver
Server-Info
X-S-Maxage
Accept-Language
Onion-Location
X-HTML-Minification-Powered-By
X-RCS-CacheZone
X-Endurance-Cache-Level
X-FireWall-Port
X-Tumblr-Pixel-2
Nel
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-3
Fastly-Drupal-Html
Web-Mar-Node
X-GG-Cache-Date
X-Magnolia-Registration
X-Origin-Response-Time
X-B3-SpanId
X-EC-Lua
X-Time
X-Locale
DCR-Decision-By
X-Ckpd-Fst-Backend
X-Cluster
X-Connection-Hash
X-Labrador-Cache-Channel
X-GeoIP-Region-Code
X-Conf
DCR-Processing-Time-Ms
A
X-CF-Lambda-Version
X-CF-Lambda-Fn
Odigeo-Trace-Id
X-Ig-Push-State
X-Hnp-Log
X-GeoIP-Country-Code
X-PHP-Host
X-Gen-Mode
X-Developer
X-Destination
X-External-Request-Id
X-A-Wwc
X-Epic-Correlation-Id
X-Backend-TTL
X-B-Cookie
X-Cache-Bucket
X-ARC
X-Ftr-Request-Id
X-Block-Status
BehaviorPad-Version
X-Forwarded-Site
X-Forwarded-Path
X-D
X-Application
X-Aed
X-A-Ccd
X-S
X-Men
N-Cache
X-S-Cookie
Surrogated-Key
Meta-Geo-Continent
X-VG-WebCache
V-Age
User-Cache-Control
X-Viewer-Country
X-Rojux
X-ScT
X-SD-PageType
Pramga
Rendered-Blocks
X-Tenant
X-Vdms-Path
X-V-Cache
X-SRCache-Key
Sslversion
X-Vdms-Version
X-Session-Fingerprint
X-Shop-Environment
X-Slack-Backend
Vix-Hermes-Req-Id
X-Vtex-Processado-Em
X-A-Dam
X-Orig-Expires
X-A
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-A-Dcw
X-A-Dgt
X-NAPM-TraceId
X-ND-Cache
Expiry
X-TIM-N
X-PBS-Appsvrname
X-Processor
Mobile-Detection-Method
X-Vtex-Remote-Cache
X-Proxy-Upstream
X-Webstats-RespID
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Xc-Version
X-Planisys-CDN-Rules
X-Cache-NE
X-Cache-Id
X-Cache-Info
Svr
Origin-CC
X-Aicache-OS
Wxu-Next-Hostname
X-Action
X-Accel-Expires-Debug
Wxu-Next-Region
Wxu-Next-Commit
Origin
State
X-Cache-Date
X-AWS-Id
Traceparent
True-Client-Country-4JS
Origin-EX
X-Irp-Debug
X-Restarts
X-Rocket-Nginx-Serving-Static
X-RPM
X-RPS
X-Request-URI
X-Req
X-Origin
X-Origin-Expires
X-Origin-Time
X-Policy
X-RSL
X-Scheme
X-VG-TLSProxy
X-VWS-Id
Web-Mar-Region
X-Cache-Backend
X-TH-Server
X-SVT-ORM-VERSION
X-Server-IP
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Old-Content-Length
X-Nyt-Route
X-DI
X-DW
X-Esi-Check
X-Fastly-Cache
X-Device-Os
X-DB
X-Cdn-Srv
X-Core-Mission
X-Date
X-Fetched-On
X-Gdpr
X-Location
X-Mvc-Supplant-Cachable
X-Node-Id
X-NodeID
X-LJ-Flow-ID
X-HS-Content-Campaign-Id
X-Geo-Header
X-Gzip
X-Hash
X-Cdn-Origin
X-DSS
Machine
DSUID
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Host
X-Varnish-Ttl
Fastcgi-Cache-TTL
Host-ID
Gh-Request-Id
X-Proto
Fastly-GeoIP-CountryCode
Cmsid
Cmstype
Apple-News-Services-Parsed-Url
CDCHOST
Apple-News-Services-Request-Url
X-App-Version
CacheControlHeader
Arc-Country
X-Via-NSCOPI
Environment
X-Rocket-Build-Number
X-Qloud-Router
X-Platform
X-Region-Sid
X-VC-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Adler-Geo
X-Cache-Debug
X-Response-By
X-CGP
X-Correlation-ID
X-Is-Gdpr
X-Eu-Site
X-JWT-State
X-Envoy-Decorator-Operation
X-Edge-Location
X-Level-Front-Cache
X-HN
X-Fastly-Backend
X-Generated-On
X-Gamma-Serve
X-GeoIP
X-GeoIP-City
X-Has-Esi
X-Li-Fabric
X-Li-Pop
X-Datadog-Trace-Id
X-Owner
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Csrf-Jwt
X-DefElseHash
X-DefHash
X-LI-UUID
X-DPWN-IS-SECURE
X-Loc
X-Developers
X-MP-GENERATED-AT
X-Core-Value
X-BBC-Edge-Cache-Status
TDXMobile
X-VServer
L5d-Success-Class
Locid
Ssr
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-VarnishDD-TTL
X-Branch-Name
L
Thinkindot-Control
X-Worker
Edge-Cache
Platform
X-Wix-Viewer-Type
X-Amz-Apigw-Id
PFcat
X-Amzn-Remapped-Content-Length
Redirect-Candidate
Release
Server-Host
X-Pod-Name
Req-Svc-Chain
Mail-Subject
X-Amzn-RequestId
X-Varnish-Remaining-TTL
CloudFront-Viewer-Country
X-Storefront-Renderer-Rendered
NM-Fastcgi-Cache
X-Varnish-CookieINHashed-On
X-ATG-Version
Cf-Device-Type
X-Served-From
X-Sigma
X-Sigma-Backend
X-Skip-Cache
X-Time-Microsecs
X-Thinkindot-L3
X-Varnish-CookieHashed-On
We-Hiring
HA-Ipaddr
Is-Eu
X-TrackingId
Ha-Gx-Prefs
X-UnsetCookies
X-Variation
Fastly-SIE
Fastly-SWR
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Minions-Version
X-Xrds-Location
X-Sucuri-Cache
X-Sucuri-ID
X-Tx-Id
X-FC-Vary-Parameters
Kp-EeAlive
Memcached
X-Ua-Device
X-TraceId
NGX
X-Mvc-Supplant-OutputCached
AMP-Access-Control-Allow-Source-Origin
X-NC
X-Tb-Optimization-Total-Bytes-Saved
X-Zone
X-LB-ID
X-CacheTTL
X-CS
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
CDN
X-Generated-In
X-Srv
X-Up
Env
X-Backend-State
X-API-Version
Magicmarker
X-Trace-ID
Ms-Author-Via
X-Optimistic-Header
X-LB-NoCache
X-Tt-Logid
X-Varnish-Beresp-Ttl
X-Ec-Fail
X-Refresh
X-Ec-GeoHdr
Pics-Label
X-User
X-Cache-Var-Map
X-TA-CDN-Provider
X-Cache-Var
X-Request-Start
X-Via-Popv
X-Via-Popn
X-Edge-Pop
WebServer
X-DC
X-Via-Poph
Memory
X-Thanos
X-Bip
Time
X-Webkit-CSP
X-Parent-Response-Time
X-CACHE-KEY
GeoIp-Country-Code
X-AK-Request-ID
X-HA-Backend
Cdncip
Cdnsip
DataCenter
X-ZONE
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-Cs
X-Servedbyhost
X-Cache-Config
X-WADP-Cache
X-Esi
Cluster
My-App
X-Clara-WADP
X-Varnish-Beresp-TTL
X-Fmm-Version
Server-ID
NtCoent-Length
Candidate-Md5Url
X-MSEdge-Features
X-CUA
X-VC
X-MSEdge-Flight
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
Tracecode
X-From
X-VCL-Version
Datacenter
T-Server
X-Pass-Why
X-TX-ID
Geoip-Latitude
X-Var-Ttl
X-Traceid
Lang
X-Newrelic-Synthetics
X-Fpc
X-Cache-Ttl
X-Fragments
X-Provided-By
X-DynaTrace-JS-Agent
Lfy
Cf-Int-Pingora-Origin-Digest
X-B3-Spanid
X-LI-Proto
WWW-Authenticate
X-WP-CF-Super-Cache-Cache-Control
X-Webkit-Csp-Report-Only
X-FPC
X-Li-Proto
X-Vc
X-WP-CF-Super-Cache
Target-Params
On-Server
Esi-Enabled
X-Webkit-CSP-Report-Only
X-App
X-NODE
Geo-Info
Proxy-Connection
X-Vcl-Version
X-RAMCache
Permissions-Policy
X-Mcache
Server-Id
C-Via
X-Service
X-RateLimit-Reset
X-Datadome
M-TraceId
Servername
X-Cache-Status-Check
X-Cache-PHP
X-Proxy-Cache-Info
X-Httpd
Fastly-Drupal-HTML
Test
X-Udemy-Cache-App-Namespace
Producers
FSS-Cache
X-SB
WZWS-RAY
X-Ha-Backend
X-CSRF-TOKEN
X-Akamai-Path-Stats
X-Api-Version
X-Render-Time
Resin-Trace
X-ServedByHost
X-Pool
X-ID
Hostname
X-Unique-ID
X-Scale
X-Platform-Cluster
X-Platform-Processor
GeoIP-Country-Code
X-Platform-Router
X-LiteSpeed-Cache-Control
Hit
X-Ec-Custom-Error
X-Geo
X-Dynatrace-Js-Agent
X-URL
X-Edge-POP
MD5-Digest
X-Dispatcher-Number
X-Via-PopH
X-Cdn-Forward
X-Via-PopN
X-Via-PopV
X-Cms-Context
MIME-Version
X-Edge-Cache
X-SIPLIST1
X-Via-Ucdn
Server-Hostname
IsBot
X-Clientip
Uri
Server-Ext
X-HS-Status
X-Fastly-Backend-Reqs
Sever-Int
X-NGINX-Cache
ENV
PICS-Label
X-ElasticPress-Query
X-Pad
X-Ucs
X-UP
X-BBC-Origin-Response-Status
X-Cache-CFC
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Lb-Nocache
Section-Origin-Responded
X-Acquia-Site
Section-Io-Origin-Status
ServerName
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Section-Io-Origin-Time-Seconds
X-Acquia-Application-Trace
Section-Io-Id
X-Oss-Storage-Class
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-GoCache-CacheStatus
X-Check-Cacheable
X-Fetch-By
X-Cache-Expires
HIT
X-Srcache-Fetch-Status
X-MG-S
X-Srcache-Store-Status
X-Lb-Id
Server-Ttl
UCS
X-WA-Info
Cneonction
X-GeoCountry
Cache-Host
X-TRACE-ID
X-GeoCode
Tcn
Load-Balancing
X-Nc
URI
X-Cdn-Request-ID
X-Swift-Error
X-Fastly-Cache-Hits
X-LiteSpeed-Tag
S-Cnection
X-Dw-Trace-Id
GeoIP-Latitude
X-Amz-Meta-Cb-Modifiedtime
Cache-Key
Wpo-Cache-Status
X-Snapshot-Date
CF-Cached-On
Cf-Ipcountry
Client
Path
X-Request-Url
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Ad-Defer-Variation
X-BCube-Filmed-By
X-Akamai-ERPolicy
Vha6-Origin
Wpo-Cache-Message
X-Newrelic-App-Data
X-B3-ParentSpanId
Cteonnt-Length
X-Vcache
Ngx
X-Akamai-ERRuleID
Sid
X-Cache-Ngx
X-HostName
X-Air-Pt
Cdn
User-Agent
X-Http-Duration-Ms
X-Http-Count
X-Te-Count
CPC-Age
X-Dist-Code
X-Midtier
XM
VNS-Cache
VNS-Age
X-AIR-PT
CPC-Cache
X-Yottaa-OS
Req-ID
X-Akamai-Request-ID
X-B3-Parentspanid
X-Last-Modified
X-Te-Duration-Ms
X-Akamai-Pragma-Client-IP
X-Sentry-ID
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-CacheKey
X-UA
X-Info
Inserted-Into-Cache-At
X-Logging-Id
X-Micro-Cache
X-Litespeed-Cache-Control
CountryCode