Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Link
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-LiteSpeed-Cache
X-Server
X-Amz-Id-2
X-Dns-Prefetch-Control
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
X-Amz-Version-Id
EagleEye-TraceId
X-Device
X-Pingback
X-Dispatcher
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Server-Id
X-Host
X-Backend-Server
X-Node
Cf-Railgun
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
X-Language
Xkey
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
X-Template
Accept-Ch-Lifetime
Rating
X-Country
X-B3-TraceId
X-Ua-Compatible
X-Cloud-Trace-Context
X-Cache-Lookup
X-Ac
X-Url
Allow
X-Content-Type
X-Buckets
X-Trace
Accept-CH-Lifetime
X-Vname
X-TtlSet
X-PC
X-Mod-Pagespeed
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
Cache-Tag
X-FastCGI-Cache
X-ESI
Fastly-Restarts
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Element-Page-Cache
X-Server-Name
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
X-Amz-Rid
X-Vcap-Request-Id
MS-Author-Via
X-Dw-Request-Base-Id
Public-Key-Pins
X-D2id
X-Client-IP
X-Abt-Application-Version
X-Cached
X-Origin-Cache
X-Cache-TTL
X-Cnection
Arr-Disable-Session-Affinity
X-Country-Code
X-Px
X-Powered-By-Plesk
X-Goog-Hash
X-Navigation-Version
Access-Control-Request-Method
X-NF-Request-ID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Aws-Lambda-Call-Status
X-Kraken-Loop-Name
X-Version
Accept-Ch
RTSS
X-Amz-Server-Side-Encryption
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Powered-CMS
Display
Pagespeed
X-Middleton-Display
X-Sol
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Middleton-Response
Response
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Exp-Variant
X-MSEdge-Ref
X-LLID
X-Kinsta-Cache
X-Edge
X-Edge-Location-Klb
X-CST
Nginx-Cache
X-Shield-Request-Id
Mrf-Cache-Status
X-B3-TraceId-Primal
X-TTL
MRF-Tech
AR-SID
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
S
Content-MD5
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-T
X-Protected-By
TCN
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
X-Forwarded-For
X-Mid
X-MCACHE
Fastcgi-Cache
X-Aspnetmvc-Version
X-RateLimit-Remaining
Realpath
Front-End-Https
X-Parallel-Accel
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
X-Ttl
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Server-Node
X-Ua-Browser
X-Content
X-Ab
X-DynaTrace
X-SharePointHealthScore
SPRequestGuid
X-Correlation-Id
X-Ezoic-Cdn
Alternate-Protocol
Server-Name
X-Frontend
X-Accel-Expires
X-ECACHE
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-NWS-LOG-UUID
X-Yandex-Sdch-Disable
X-Hits
X-Cache-Key
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Content-Options
Cache-Tags
MicrosoftSharePointTeamServices
Host
X-Git-Hash
X-Page-Id
Cleartype
Charset
X-B3-Sampled
X-Www-Served-By
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Geo-Country
X-Ruxit-Js-Agent
X-Content-Digest
X-Amz-Replication-Status
X-Ser
TP-Cache
TP-L2-Cache
X-Forwarded-Proto
Filterid
X-Hostname
X-Amzn-Trace-Id
X-VCache
X-Fastly-Request-Id
X-Varnish-Age
X-Activity-Id
X-AppVersion
X-Az
X-XRDS-LOCATION
X-Debug-Info
X-DIS-Request-ID
X-Rid
X-Daa-Tunnel
X-Upgrade-Enabled
X-Origin-Server
X-Grace
Access-Control-Allow-Method
X-N
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Upstream-Status
X-LB-Cache
X-FB-Debug
ServerID
X-Nginx-Upstream-Cache-Status
X-Mobile-URL
X-Aspnet-Duration-Ms
X-Request-Guid
X-Flags
X-TT
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
X-Whom
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-F-Cache
X-Goog-Metageneration
X-NGENIX-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Varnish-Grace
X-App-Server
X-App-Environment
X-WebKit-CSP-Report-Only
Cross-Origin-Opener-Policy
X-PressLabs-Stats
Viewport
X-Distributor
Payment
X-Tb
X-FW-Hash
X-FW-Server
X-FW-Serve
X-FW-Static
DC
X-FW-Dynamic
Node
X-FW-Type
Paypal-Debug-Id
X-Server-ID
X-Cache-Control
X-Logged-In
Fastcgi-Useragent
X-Seen-By
X-Type
X-User-Agent
X-Cache-Age
Country
Accept-Charset
X-Fastcgi-Cache
X-Ratelimit-Limit
X-Cache-Rule
X-Varnish-Backend
X-DataDome
X-Node-Name
X-Webkit-CSP
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Wix-Request-Id
Version
X-Load-Cache
X-Fastly-Request-ID
X-Cache-Action
Refresh
X-Via-JSL
X-IPLB-Instance
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Response-Served-From
Access-Control-Request-Headers
SD-X-WS
Cache-Status
X-Original-Request-Id
X-Drupal-Cache-Tags
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Cacheable-TTL
Amp-Access-Control-Allow-Source-Origin
X-Jobs
X-Real-IP
X-Rendered-As
X-Contextid
X-Debug
X-B
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Referer-Policy
X-ProcessESI
X-RemovedCookies
NGB
X-UUID
X-Proxy-Cache-Status
X-Page-View
X-Revision
X-Is-Bot
X-Vgn-Hpd-Reason
X-Cluster-Name
X-Signature
X-B-Cache
X-Mobile
X-Cache-Expired-At
X-Rule
X-Yottaa-Metrics
Liferay-Portal
X-Drupal-Cache-Contexts
X-Device-Type
X-Yottaa-Optimizations
X-Cache-Time
X-Instance
DynaTrace
Surrogate-Key
X-Framework
Akamai-GRN
X-G
X-Proxy
X-Tec-Api-Origin
X-Debug-IsConnected
X-Debug-IsPreview
X-Tec-Api-Root
X-Tec-Api-Version
X-Azure-Ref
CF-IPCountry
X-FW-Version
Healthy
SID
X-Source
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Ms-Version
X-Ms-Request-Id
X-XRDS-Location
Frame-Options
X-Nginx-Cache
MS-CV
X-Cache-Hit
Ms-Operation-Id
X-RTag
X-APP-VERSION
Section-Io-Cache
Countrycode
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-CDN-Forward
X-Tumblr-Pixel-0
X-Tumblr-User
X-Oneagent-Js-Injection
X-Varnish-Server
Xserver
X-Environment-Context
X-L-Path
Count-Hit
GEO-INFO
X-Cache-Operation
X-Region
X-Servername
X-Content-Powered-By
X-Forwarded-Host
X-EdgeConnect-Cache-Status
Uber-Trace-Id
X-Backend-Name
X-Mode
X-IPS-LoggedIn
Cross-Origin-Window-Policy
X-Accel-Buffering
Backend
X-Adobe-Content
X-Adobe-Loc
X-Litespeed-Cache
X-Zen-Fury
X-JoinUs
X-SaId
Meta-Geo
X-RN-RSRV
X-UPSTREAM-Address
X-Detected-As
X-Redis-Cache
X-Microcachable
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Generation-Time
X-Varnish-Beresp-Grace
X-Debug-Cache
X-Cache-Server
X-Cache-Type
Eomportal-Instance
X-Cache-Grace
X-Hosted-By
Ec-Rule-Version
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Human
X-Uri
Decoy-Debug-TTL
X-Site-Version
X-ProxyCache-Key
X-Via-Fastly
X-PHP-Backend
X-BYPASS-REASON
Decoy-Debug-Status
Cache-Tv-Group
Cache-Name
X-FB-TRIP-ID
X-ProxyCache-Status
Decoy-Debug-Key
X-Cache-TTL-Remaining
X-NCache
Country-Code
Apigw-Requestid
Url
X-Origin-Date
X-ServerID
X-Status
X-Sql-Count
X-No-Session
X-Sql-Duration-Ms
X-Storage
X-Akamai-Edgescape
X-Format
X-Web-Node
X-Proxy-Build
X-UA-Device-Type
Fastly-SSL
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Protected
Property-Id
Selected-Fe
TWC-Connection-Speed
TWC-Device-Class
X-Ratelimit-Reset
Mn-Server-Ip
X-Origin-Hint
X-PCL
X-Say-Cacheable
X-Say-TTL
X-OCL
X-Timing-Wait
X-Cache-Host
X-SayCDN-TTL
X-Time
DB-Nickname
Azure-Version
Azure-SlotName
Azure-SiteName
OT-Force-Account-Verify
X-Extlb
X-Pubstack
X-Section
X-Zipkin-Id
X-Routing-Service
X-Proxied
Azure-RegionName
X-PERF
X-ApacheServer
X-Server-W
X-Access
Azure-InstanceId
X-Hl-Ver
X-R9-Blue-Green-Version
X-NYM-Debug-Backend
X-Azure-Ref-OriginShield
X-Cluster-Node
Source
X-Rewrite-Enabled
X-Be
X-Varnishpool
X-LSADC-Cache
Content-Secure-Policy
X-Cache-NGX
X-RateLimit-Limit
X-Tid
X-Ua
X-SRV
X-Soup
X-HTML-Minification-Powered-By
X-Content-Age
Content-Disposition
X-NewRelic-App-Data
X-Cache-Var
X-Webkit-Csp
X-Cached-By
X-Cache-Var-Map
X-Amz-Meta-S3cmd-Attrs
SRV
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
X-Unique-Id
Cache
X-Generated-By
X-LAGOON
CDN-RequestId
CDN-RequestCountryCode
CDN-Cache
CDN-CachedAt
X-TNCMS
X-Loop
X-Varnish-Hostname
X-Hyper-Cache
Webserver
X-TT-LOGID
X-Varnish-Hits
X-Bc-Bl
Retry-After
X-Dc
Onion-Location
X-S-Maxage
X-App-Version
X-Origin-TTL
X-Origin-CC
X-Auto-Login
X-Tumblr-Pixel-3
X-Presslabs-Stats
X-Tumblr-Pixel-2
X-GEO
X-Proto
X-Nginx-Cache-Key
Web-Mar-Node
Cache-Hits
X-ECache
Xet-Cookie
X-Tenant
X-Qnm-Cache
X-Time-Microsecs
X-M-Reqid
X-Endurance-Cache-Level
X-M-Log
X-Cdn
X-CSRF-Token
X-Akamai-Transformed
X-Ratelimit-Remaining
X-Edge-Location
X-Platform-Server
X-LJ-Flow-ID
X-GG-Cache-Date
X-VWS-Id
LB
X-AWS-Id
Mime-Version
X-Trace-Id
CloudFront-Viewer-Country
HostName
X-Mg-Request-UUID
X-PHP-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
X-CACHE-KEY
X-Labrador-Cache-Channel
X-Xfnlog-Site
X-B3-SpanId
X-Cache-Tags
X-Varnish-Cache-Hits
N-Cache
X-RCS-CacheZone
Upgrade-Insecure-Requests
X-Storefront-Renderer-Rendered
X-Locale
X-Handled-By
X-Origin-Response-Time
ServedBy
X-Adobe-Source
WPO-Cache-Status
WPO-Cache-Message
X-Request-Time
X-VC-Cache
X-Cache-Remote
X-A-Dam
X-A-Ccd
X-A
X-A-Dcw
X-Reqid
X-A-Dgt
X-Ig-Push-State
X-NAPM-TraceId
A
X-ND-Cache
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Via-NSCOPI
X-Orig-Expires
BehaviorPad-Version
X-Planisys-CDN-TTL
X-Ftr-Request-Id
X-ARC
X-Planisys-CDN-Cache
X-External-Request-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cache-NE
X-Application
X-B-Cookie
Nel
X-Cache-Date
X-Cluster
X-Conf
X-AOL-HN
Surrogated-Key
X-Forwarded-Path
X-Developer
X-Destination
X-Connection-Hash
X-Aed
X-D
X-A-Wwc
X-Planisys-CDN-Rules
DCR-Decision-By
X-Processor
DCR-Processing-Time-Ms
X-Vtex-Processado-Em
X-SRCache-Key
Origin
X-Slack-Backend
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
DSUID
Odigeo-Trace-Id
X-Vdms-Path
X-V-Cache
X-TIM-N
Mobile-Detection-Method
X-VG-WebCache
X-Shop-Environment
X-Session-Fingerprint
X-S
Fastcgi-X-Cache-Version
Expiry
X-Rojux
Rendered-Blocks
State
X-Request-Host
X-ATG-Version
X-S-Cookie
X-Vtex-Remote-Cache
Redirect-Candidate
Pramga
X-SD-PageType
X-ScT
Meta-Geo-Continent
Xc-Version
X-Vdms-Version
Datacenter
X-Correlation-ID
X-MP-GENERATED-AT
Environment
Server-Info
L
V-Age
Host-ID
Vix-Hermes-Req-Id
Release
Wxu-Next-Region
X-Accel-Expires-Debug
Wxu-Next-Hostname
Wxu-Next-Commit
X-Hash
X-Served-From
X-Server-IP
X-Skip-Cache
X-Scheme
X-Rocket-Nginx-Serving-Static
X-Owner
X-Policy
X-Proxy-Upstream
X-Sucuri-Cache
X-Sucuri-ID
X-Fastly-Cache
X-Gen-Mode
X-Hnp-Log
X-Block-Status
User-Cache-Control
X-Varnish-Beresp-Status
X-VG-TLSProxy
X-VServer
X-Origin-Time
X-Origin-Expires
X-Fetched-On
X-Forwarded-Site
X-Gdpr
X-Epic-Correlation-Id
X-Device-Os
X-Cache-Info
X-Core-Mission
X-Date
X-Geo-Header
Gh-Request-Id
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Old-Content-Length
X-Men
X-Location
X-Li-Pop
X-LI-UUID
X-Cache-Bucket
X-Li-Fabric
Cmstype
From-Origin
Fastcgi-Cache-TTL
Cmsid
CacheControlHeader
AKAMAI
X-TIME
AMP-Access-Control-Allow-Source-Origin
X-Fastly-Backend
X-Gamma-Serve
X-Esi-Check
X-Developers
X-Datadog-Trace-Id
X-Generated-On
X-GeoIP
X-HS-Content-Campaign-Id
X-HN
X-Gzip
X-GeoIP-City
X-Datadog-Sampling-Priority
X-Core-Value
X-Aicache-OS
X-TH-Server
Apple-News-Services-Handled
Apple-News-Services-Host
X-Bip
X-Branch-Name
X-Datadog-Parent-Id
X-Cdn-Origin
X-Cache-Id
X-Cache-Config
X-Irp-Debug
X-Level-Front-Cache
X-EC-Lua
X-TrackingId
X-Thinkindot-L3
X-Thanos
X-VarnishDD-TTL
X-Viewer-Country
Origin-EX
Origin-CC
CDCHOST
Arc-Country
X-Sigma-Backend
X-Sigma
Apple-News-Services-Parsed-Url
X-BBC-Edge-Cache-Status
X-Cache-Debug
X-NodeID
Traceparent
X-Magnolia-Registration
X-Rocket-Build-Number
X-Request-Start
X-Req
X-Region-Sid
Req-Svc-Chain
X-Sn-Servicetimems
Web-Mar-Region
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Fastly-GeoIP-CountryCode
We-Hiring
Locid
Thinkindot-Control
True-Client-Country-4JS
Mail-Subject
Svr
TDXMobile
Machine
Server-Host
Candidate-Md5Url
PFcat
Apple-News-Services-Request-Url
X-DPWN-IS-SECURE
X-Qloud-Router
X-Varnish-Remaining-TTL
X-Csrf-Jwt
X-Platform
X-DefHash
X-DefElseHash
X-Origin
X-Pod-Name
Memcached
X-Varnish-CookieHashed-On
X-RateLimit-Remaining-Second
NM-Fastcgi-Cache
Cf-Device-Type
X-Request-URI
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-UnsetCookies
X-FC-Vary-Parameters
X-Loc
X-Varnish-CookieINHashed-On
X-Variation
X-RateLimit-Limit-Second
X-Eu-Site
X-Worker
X-Webstats-RespID
HA-Ipaddr
Is-Eu
X-Amzn-Remapped-Content-Length
Ha-Gx-Prefs
X-Envoy-Decorator-Operation
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Backend-State
L5d-Success-Class
X-Zone
Fastly-SIE
X-NU-AKA-ACS-Version
Fastly-SWR
NGX
Adler-Geo
X-CGP
Platform
X-CS
Fastly-Drupal-Html
X-Xrds-Location
X-FireWall-Port
X-Tx-Id
Sslversion
X-Node-Id
WWW-Authenticate
X-Cdn-Srv
X-Trace-ID
CDN
X-Varnish-Beresp-Ttl
X-LB-ID
X-NC
On-Server
X-API-Version
X-Response-By
X-Mvc-Supplant-OutputCached
X-CLOUD-TRACE-CONTEXT
X-Esi
Esi-Enabled
Ssr
X-Up
WP-Super-Cache
X-Generated-In
Pics-Label
X-Refresh
X-Vc
C-Via
Time
Ms-Author-Via
Memory
X-Service
X-Datadome
X-LB-NoCache
X-Backend-TTL
X-Via-Popv
X-Via-Poph
X-Tt-Logid
NtCoent-Length
X-Cache-Enabled
X-Via-Popn
X-Cache-PHP
X-TA-CDN-Provider
X-DynaTrace-JS-Agent
X-Edge-Pop
Env
X-GeoIP-Region-Code
X-Tb-Optimization-Total-Bytes-Saved
X-DC
X-GeoIP-Country-Code
X-Dynatrace
X-Varnish-Ttl
X-Cache-Status-Check
Magicmarker
GeoIp-Country-Code
X-TraceId
X-Optimistic-Header
X-NWS-UUID-VERIFY
X-Parent-Response-Time
X-Render-Time
X-Info
X-Varnish-Beresp-TTL
X-Ua-Device
X-CacheTTL
X-Restarts
Kp-EeAlive
X-Servedbyhost
X-AIR-PT
X-ZONE
X-Unique-ID
S-Rt
Server-ID
X-TX-ID
X-Cs
X-Webkit-Csp-Report-Only
X-DI
X-RSL
X-Cache-Backend
Edge-Cache
X-Srv
X-MSEdge-Features
X-Wix-Viewer-Type
X-RPM
X-DW
X-Action
X-DB
X-DSS
X-Clientip
X-RPS
X-MSEdge-Flight
Proxy-Connection
X-Oss-Server-Time
WebServer
X-Oss-Request-Id
X-Oss-Storage-Class
X-VCL-Version
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Cache-Host
UCS
HIT
X-Minions-Version
X-Traceid
X-Cache-Ttl
X-App
S-Cnection
X-HA-Backend
X-Newrelic-Synthetics
X-Fpc
X-LI-Proto
X-Li-Proto
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
Lb
Section-Io-Origin-Time-Seconds
X-URL
X-FPC
Test
X-Akamai-Request-ID2
X-LiteSpeed-Cache-Control
X-Http-Reason
X-Micro-Cache
Server-Id
X-B3-Spanid
X-Vcl-Version
User-Agent
Fastly-Backend-Name
X-Webkit-CSP-Report-Only
X-NODE
Tcn
Accept-Language
X-Backend-Host
Geo-Info
X-Ec-Fail
X-User
X-BCube-Filmed-By
X-Pass-Why
X-Pad
X-Ec-GeoHdr
X-Release
X-ES-SERVER
X-Check-Cacheable
X-HostName
X-APP
X-LiteSpeed-Tag
X-Urbn-Site-Id
Fastly-Drupal-HTML
Resin-Trace
Cf-Int-Pingora-Origin-Digest
X-Urbn-Context-Path
Locale
X-CSRF-TOKEN
X-ServedByHost
EpKe-Alive
VNS-Cache
Cache-Key
CPC-Age
X-ID
CPC-Cache
X-BBC-Origin-Response-Status
VNS-Age
X-Amz-Meta-Cb-Modifiedtime
GeoIP-Country-Code
Path
X-Dynatrace-Js-Agent
Hostname
X-Edge-POP
X-WA-Info
Hit
X-WA
X-WADP-Cache
Cdnsip
M-TraceId
Srv
X-Fmm-Version
Cdncip
X-AK-Request-ID
X-Ha-Backend
Ohc-File-Size
X-Clara-WADP
X-Akamai-Pragma-Client-IP
X-Geo
Cluster
X-Cdn-Forward
X-Wikidot-Backend
Shield-Pop
X-ElasticPress-Query
X-Cms-Context
X-Wikidot-Static-Cache
Pagetype
X-Via-PopN
X-Via-PopH
X-PJAX-URL
X-Via-PopV
ENV
MIME-Version
Tracecode
X-Var-Ttl
X-CUA
X-Hcs-Proxy-Type
X-Api-Version
Load-Balancing
X-From
X-Via-Ucdn
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-HS-Status
X-Edge-Cache
MD5-Digest
My-App
Geoip-Latitude
X-NGINX-Cache
X-VG-WebServer
X-Fastly-Cache-Hits
T-Server
URI
Lfy
X-ServerName
X-Ucs
X-GoCache-CacheStatus
X-Fastly-Backend-Reqs
X-Fragments
X-UP
X-RAMCache
X-VC
Lang
Servername
W
Sever-Int
X-Cache-Expires
Server-Hostname
Server-Ext
X-Mcache
X-SIPLIST1
IsBot
X-TRACE-ID
X-Dw-Trace-Id
X-FORWARDED-FOR
Cteonnt-Length
PICS-Label
Cdn
X-Nc
Cneonction
X-Lb-Id
WZWS-RAY
X-RateLimit-Reset
X-Provided-By
X-Cdn-Request-ID
Ohc-Cache-HIT
Target-Params
X-WP-CF-Super-Cache
X-B3-ParentSpanId
X-WP-CF-Super-Cache-Cache-Control
X-Cache-ASPX
X-Swift-Error
HitType
Uri
X-Via-CDN
X-Acquia-Application-UUID
X-Yottaa-OS
X-Acquia-Purge-Tags
Cf-Ipcountry
X-Acquia-Site
X-Acquia-Application-Trace
X-Newrelic-App-Data
Dnion-Transfer-Encoding
CF-Cached-On
X-Apw-Access-Token
X-Platform-Router
X-Snapshot-Date
X-Contensis-Viewer-Groups
X-Apw-Hits
X-Platform-Processor
X-Cc-Via
X-Akamai-Request-ID
X-Apw-Access-Object
Vha6-Origin
X-Platform-Cluster
X-Apw-Access-Action
Sid
X-Air-Pt
X-Cache-Ngx
X-Te-Count
X-Te-Duration-Ms
X-Akamai-ERPolicy
X-Last-Modified
GeoIP-Latitude
X-Akamai-ERRuleID
X-Http-Duration-Ms
Server-Ttl
X-CacheKey
X-B3-Parentspanid
FSS-Cache
X-HTML-Edge-Cache
Ngx
X-Sentry-ID
CountryCode
X-Logging-Id
Req-ID
X-UA
X-Lb-Nocache
X-Miniprofiler-Ids
X-Varnish-Authentication
X-Http-Count