Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
P3p
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-UA-Device
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Dns-Prefetch-Control
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
EagleEye-TraceId
X-Nginx-Cache-Status
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Akamai-Path-Stats
X-Cache-Spec
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Page-Speed
Allow
X-Host
X-Node
X-Pingback
X-Server-Id
Accept-CH
X-Aws-Lambda-Call-Status
Surrogate-Control
X-Backend-Server
X-CST
Request-Id
X-ASPNET-VERSION
X-Akam-SW-Version
X-Readtime
X-HW
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-Cloud-Trace-Context
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Url
Cf-Edge-Cache
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-Content-Type
X-B3-TraceId
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-Px
X-GoogleNews-Bot
X-Amz-Rid
X-Use-Magma
X-Ac
Public-Key-Pins
X-Cnection
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Amz-Server-Side-Encryption
Verso
X-D2id
X-Navigation-Version
X-Cache-TTL
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-FastCGI-Cache
Service-Worker-Allowed
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Country-Code
X-Ser
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-Version
X-Ruxit-Js-Agent
X-Edge
X-NF-Request-ID
Response
Access-Control-Request-Method
X-Middleton-Response
X-Goog-Hash
X-Correlation-Id
X-Upstream
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-Ttl
X-Kinsta-Cache
X-Edge-Location-Klb
X-Cached
X-Webkit-Csp
X-Ua-Device
SPRequestDuration
X-TTL
SPIisLatency
X-LLID
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-NWS-LOG-UUID
Nginx-Cache
X-Powered-CMS
MS-Author-Via
X-RateLimit-Limit
Edge-Cache-Tag
TCN
X-Cache-Key
MRF-Tech
Mrf-Cache-Status
X-Litespeed-Cache
X-Forwarded-For
X-MSEdge-Ref
SPRequestGuid
X-SharePointHealthScore
Content-MD5
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Id
X-Aspnetmvc-Version
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-Protected-By
X-Content-Digest
X-Language
X-Jurisdiction
X-DataDome
X-HP-Trace-Id
X-HP-Webp
X-SRCache-Store-Status
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-SRCache-Fetch-Status
X-TEC-API-ROOT
X-Frontend
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Content
Server-Node
X-Ezoic-Cdn
X-Ab
X-Ua-Browser
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Request-Processing-Time
Front-End-Https
X-Request-Received
Filters
MicrosoftSharePointTeamServices
X-Grace
X-Accel-Expires
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Mid
X-ORACLE-DMS-RID
X-Server-ID
X-ECACHE
X-Geo-Country
X-Template
X-Hits
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Ratelimit-Reset
X-Origin-Server
X-Debug-Info
TP-L2-Cache
X-Distributor
TP-Cache
X-Tt-Trace-Tag
X-PressLabs-Stats
X-Tt-Trace-Host
X-Amzn-Trace-Id
Charset
Cleartype
X-Page-Id
Host
X-F-Cache
X-DIS-Request-ID
X-Git-Hash
X-DynaTrace
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Www-Served-By
Cache-Tags
ServerID
X-LB-Cache
X-Forwarded-Proto
Access-Control-Allow-Method
X-Cache-Age
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Seen-By
Server-Name
X-Cluster-Name
X-Az
X-Activity-Id
X-AppVersion
X-WebKit-CSP-Report-Only
Realpath
Accept-Charset
X-Varnish-Age
X-Request-Handler-Origin-Region
X-Oracle-Dms-Ecid
X-Microsite
X-Oracle-Dms-Rid
Filterid
X-Rid
Cache-Status
X-Type
X-Content-Options
X-Upgrade-Enabled
X-Origin-Cache
X-MCACHE
X-Mobile-URL
X-App-Environment
X-Via-JSL
X-FB-Debug
Country
Node
X-User-Agent
Viewport
X-Varnish-Grace
X-Tb
X-Wix-Request-Id
X-Route-Name
X-Whom
X-Request-Guid
X-Signature
X-Flags
Paypal-Debug-Id
DC
X-Aspnet-Duration-Ms
X-B-Cache
X-Is-Crawler
X-Providence-Cookie
X-Drupal-Cache-Tags
X-TT
Protected
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-XRDS-LOCATION
X-VCache
X-NWS-UUID-VERIFY
Fastcgi-Useragent
X-Nginx-Upstream-Cache-Status
X-Fastly-Request-Id
Retry-After
X-Varnish-Backend
X-Oneagent-Js-Injection
X-Amz-Replication-Status
Payment
X-Contextid
X-Cache-NGX
X-B
X-N
X-Fastly-Request-ID
X-Debug
X-Fastcgi-Cache
X-Logged-In
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Type
X-FW-Hash
X-FW-Dynamic
WPO-Cache-Message
WPO-Cache-Status
X-Load-Cache
Surrogate-Key
X-Hostname
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Parallel-Accel
X-Node-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Buckets
X-Trace-Id
Count-Hit
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
X-Proxy
X-Mobile
Refresh
Akamai-GRN
X-G
X-Akamai-Request-ID2
X-Cache-Time
Uber-Trace-Id
X-Zen-Fury
Healthy
X-UUID
X-XRDS-Location
X-Rendered-As
X-Revision
X-Is-Bot
X-Real-IP
X-Jobs
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
Alternate-Protocol
X-Mcache
X-Page-View
X-Framework
X-Http-Reason
X-Cache-TTL-Remaining
X-Yottaa-Optimizations
X-Amz-Meta-S3cmd-Attrs
NGB
X-Debug-IsPreview
X-Proxy-Cache-Status
X-Instance
X-Drupal-Cache-Contexts
X-Device-Type
X-Debug-IsConnected
X-Yottaa-Metrics
X-Cache-Rule
Content-Disposition
Access-Control-Request-Headers
X-Vgn-Hpd-Reason
X-IPLB-Instance
X-Adobe-Loc
X-Adobe-Content
From-Origin
X-Source
Url
X-Servername
X-COUNTRY
Version
X-Cache-Grace
X-Cache-Expired-At
X-B3-Traceid
X-Cache-Hit
Referer-Policy
X-Varnish-Server
Accept-Language
Permissions-Policy
X-Environment-Context
X-L-Path
X-ECache
X-EdgeConnect-Cache-Status
X-Mg-Request-UUID
X-App-Server
X-Ratelimit-Remaining
X-FW-Version
Countrycode
X-Cache-Action
X-RTag
Ms-Operation-Id
MS-CV
X-NGENIX-Cache
Cross-Origin-Window-Policy
X-Restarts
X-IPS-LoggedIn
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Backend
X-Tumblr-Pixel-1
X-Tumblr-User
X-RemovedCookies
X-ProcessESI
Liferay-Portal
X-Hyper-Cache
CF-IPCountry
X-NYM-Debug-Backend
Frame-Options
Content-Secure-Policy
Ec-Rule-Version
X-Rule
X-HTML-Minification-Powered-By
X-OCL
X-Nginx-Cache
X-RN-RSRV
X-UPSTREAM-Address
WP-Super-Cache
Meta-Geo
Upgrade-Insecure-Requests
X-Cache-Server
X-Redis-Cache
X-PCL
X-Access
X-FB-TRIP-ID
X-Ua
X-No-Session
X-APP-VERSION
X-Unique-Id
X-Cluster-Node
X-Format
Cache-Tv-Group
Section-Io-Cache
X-Cache-Enabled
X-Content-Age
X-Generation-Time
X-Detected-As
X-Section
Apigw-Requestid
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-Version
Fastly-SSL
Locale
TWC-Device-Class
X-Say-TTL
X-Say-Cacheable
X-Hosted-By
X-PERF
X-Sql-Count
X-Origin-Date
X-Origin-Hint
X-Be
X-Web-Node
X-Via-Fastly
X-SayCDN-TTL
X-Storage
X-UA-Device-Type
X-Sql-Duration-Ms
X-Uri
X-Region
X-Varnish-Cache-Hits
X-Request-Time
X-Site-Version
X-Server-W
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Mn-Server-Ip
Property-Id
S-Rt
X-Urbn-Context-Path
Webcakes-App-Version
X-AOL-HN
X-PHP-Backend
X-ApacheServer
X-Akamai-Edgescape
Webcakes-Region
X-Generated-By
X-Human
X-Urbn-Site-Id
TWC-Connection-Speed
X-Mode
Eomportal-Instance
X-Forwarded-Host
CDN-PullZone
CDN-RequestId
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Debug-Cache
X-Cache-Tags
CDN-Cache
X-Cache-Type
X-Xfnlog-Site
X-Content-Powered-By
X-Nginx-Cache-Key
X-Status
CDN-CachedAt
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
X-Platform-Server
X-Cache-Host
CDN-Uid
X-Cache-Operation
X-SaId
X-Alternate-Cache-Key
X-Zipkin-Id
X-Backend-Name
X-Extlb
X-Proxied
X-ShopId
X-ShardId
X-ServerID
X-Routing-Service
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Hl-Ver
X-Tid
X-JoinUs
X-Sorting-Hat-ShopId
X-Varnishpool
X-Accel-Buffering
ServedBy
X-Webkit-CSP
X-NewRelic-App-Data
X-Timing-Wait
Selected-Fe
X-Proxy-Build
Webserver
X-Adobe-Source
X-Handled-By
X-Cache-Remote
X-Dc
X-PHP-Host
X-Locale
X-Labrador-Cache-Channel
SID
X-Rewrite-Enabled
X-Ratelimit-Limit
X-GG-Cache-Date
Xserver
X-TT-LOGID
X-LSADC-Cache
X-VWS-Id
X-Soup
X-Pubstack
X-Datadome
X-LJ-Flow-ID
X-AWS-Id
LB
SRV
X-Cached-By
X-VC-Cache
Mime-Version
Fastly-Drupal-Html
Country-Code
X-CDN-Forward
Decoy-Debug-TTL
Decoy-Debug-Status
X-GEO
Web-Mar-Node
X-Proto
X-Edge-Location
X-Request-Host
Decoy-Debug-Key
X-Reqid
X-Microcachable
X-Storefront-Renderer-Rendered
Xet-Cookie
Onion-Location
X-Origin-TTL
X-App-Version
X-Origin-CC
X-Ms-Version
X-Ms-Request-Id
Server-Info
X-Varnish-Hostname
X-TA-CDN-Provider
X-Cms-Context
X-NCache
Cache-Hits
X-SRV
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
DynaTrace
X-Bc-Bl
X-Cluster
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Varnish-Hits
X-Varnish-Beresp-Grace
X-R9-Blue-Green-Version
Cache-Name
Load-Balancing
X-B3-SpanId
X-GeoCountry
X-CSRF-Token
X-GeoCode
X-Amz-Apigw-Id
X-Azure-Ref
X-Endurance-Cache-Level
X-Amzn-RequestId
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Envoy-Decorator-Operation
X-RCS-CacheZone
X-Origin-Response-Time
X-Midtier
X-TIME
DB-Nickname
Rendered-Blocks
X-Connection-Hash
X-Men
Host-ID
X-Ec-Fail
X-Ftr-Request-Id
X-Tenant
Xc-Version
X-Conf
X-NAPM-TraceId
Sslversion
X-CF-Lambda-Version
X-Esi-Check
X-External-Request-Id
X-Epic-Correlation-Id
A
X-Ec-GeoHdr
X-SRCache-Key
X-NodeID
X-TIM-N
X-TrackingId
Meta-Geo-Continent
X-Vdms-Version
X-Vdms-Path
Mobile-Detection-Method
X-VG-WebCache
X-Developer
X-Vtex-Processado-Em
X-LAGOON
X-Vtex-Remote-Cache
X-Destination
X-HS-Content-Campaign-Id
X-Hash
X-User
Surrogated-Key
X-D
Lang
X-Webstats-RespID
NM-Fastcgi-Cache
Odigeo-Trace-Id
Pramga
X-Orig-Expires
X-A-Ccd
X-A-Dam
X-A-Dcw
X-S-Cookie
X-A
X-ScT
Cmstype
X-From
X-SD-PageType
X-S
X-A-Dgt
X-AK-Request-ID
DCR-Processing-Time-Ms
X-Application
X-ARC
X-B-Cookie
X-Aed
X-A-Wwc
DCR-Decision-By
X-Rojux
X-Processor
Cmsid
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Cache-NE
BehaviorPad-Version
X-Cdn-Srv
X-CF-Lambda-Fn
X-Ig-Push-State
X-Gzip
T-Server
X-Cache-Id
X-Shop-Environment
Cdnsip
X-Forwarded-Path
Expiry
Cdncip
X-Geo-Header
X-Session-Fingerprint
X-Cache-Bucket
Fastcgi-X-Cache-Version
X-Magnolia-Registration
X-Tx-Id
X-Via-NSCOPI
X-Cache-Info
Fastly-GeoIP-CountryCode
X-Cache-Backend
Svr
X-Fmm-Version
State
X-Fastly-Cache
X-Fetched-On
User-Cache-Control
Vix-Hermes-Req-Id
Wxu-Next-Region
X-Block-Status
X-Amzn-Remapped-Content-Length
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
Web-Mar-Region
Environment
V-Age
X-Ckpd-Fst-Backend
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-DI
Memcached
X-Developers
X-Device-Os
Mail-Subject
X-DB
X-DSS
X-Core-Mission
Server-Host
X-Clara-WADP
Is-Eu
X-Core-Value
X-DW
Platform
Producers
Machine
Apple-News-Services-Handled
X-Node-Id
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Slack-Backend
X-Origin
X-Old-Content-Length
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Location
X-Variation
X-TNCMS
X-V-Cache
X-Origin-Expires
X-Origin-Time
X-RSL
X-Scheme
X-RPS
X-RPM
X-Request-URI
X-Rocket-Build-Number
X-Varnish-Ttl
X-Server-IP
X-Sigma
X-Sigma-Backend
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Varnish-Remaining-TTL
X-Loop
AKAMAI
X-Irp-Debug
X-Is-Gdpr
Adler-Geo
X-Has-Esi
X-WADP-Cache
X-Hnp-Log
X-Worker
X-Wix-Viewer-Type
X-JWT-State
X-VG-TLSProxy
X-Gen-Mode
X-Gdpr
Apple-News-Services-Host
X-GeoIP
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Viewer-Country
X-EC-Lua
Source
CDN
X-GeoIP-City
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Qloud-Router
X-Proxy-Cache-Info
X-Datadog-Trace-Id
X-Policy
X-Served-From
X-Proxy-Upstream
X-Generated-On
X-Forwarded-Site
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Response-By
X-Level-Front-Cache
X-Branch-Name
X-Loc
X-Rocket-Nginx-Serving-Static
X-Pod-Name
X-Platform
X-Auto-Login
X-SB
X-Skip-Cache
X-VServer
X-HN
X-Httpd
X-CGP
X-Sn-Servicetimems
X-VarnishDD-TTL
X-Gamma-Serve
X-Region-Sid
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Cache-Date
X-Eu-Site
X-Cdn-Origin
X-Csrf-Jwt
X-Thinkindot-L3
X-Minions-Version
X-BBC-Edge-Cache-Status
N-Cache
CDCHOST
Locid
L5d-Success-Class
Origin
Cluster
Release
Redirect-Candidate
PFcat
Origin-EX
L
CloudFront-Viewer-Country
Fastly-SWR
Fastly-SIE
Fastcgi-Cache-TTL
X-TraceId
X-Akamai-Transformed
Gh-Request-Id
Kp-EeAlive
HA-Ipaddr
Ha-Gx-Prefs
Req-Svc-Chain
Origin-CC
Traceparent
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-Control
Arc-Country
Cache
Thinkindot-CacheControl
X-Aicache-OS
GEO-INFO
DSUID
X-Accel-Expires-Debug
HostName
Ssr
X-Optimistic-Header
X-Ec-Custom-Error
X-Xrds-Location
X-Date
NGX
X-Pool
X-Parent-Response-Time
AMP-Access-Control-Allow-Source-Origin
X-NC
X-Tt-Logid
X-GeoIP-Country-Code
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-GeoIP-Region-Code
X-Udemy-Cache-App-Namespace
MD5-Digest
X-Owner
X-Tb-Optimization-Total-Bytes-Saved
Pics-Label
Env
X-Srv
X-ZONE
X-CS
X-Time
X-API-Version
X-CacheTTL
X-Dispatcher-Number
X-Newrelic-Synthetics
X-Mvc-Supplant-OutputCached
Fusion-Content-Id
Servername
Server-Hostname
Sever-Int
X-LB-NoCache
X-Via-Ucdn
X-SIPLIST1
Server-Ext
IsBot
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
X-Scale
X-Ah-Environment
Fusion-Deployment-Id
Memory
X-Cache-Debug
X-Generated-In
Time
X-Edge-Pop
Ms-Author-Via
X-VC
CacheControlHeader
X-Refresh
X-Presslabs-Stats
Geo-Info
True-Client-Country-4JS
X-Wikidot-Backend
GeoIp-Country-Code
X-TH-Server
X-Action
X-Wikidot-Static-Cache
X-Via-Popn
Cache-Key
X-IPLB-Request-ID
X-Via-Popv
X-Amz-Meta-Cb-Modifiedtime
Ohc-File-Size
X-S-Maxage
X-BCube-Filmed-By
X-Via-Poph
X-Servedbyhost
X-Ad-Defer-Variation
Datacenter
Candidate-Md5Url
X-Backend-TTL
X-CACHE-KEY
X-Vc
Geoip-Latitude
FSS-Cache
X-HA-Backend
VNS-Age
CPC-Cache
CPC-Age
X-Contensis-Viewer-Groups
VNS-Cache
X-Cache-ASPX
XM
X-SplitTest
X-RateLimit-Reset
Edge-Cache
X-VCL-Version
X-Req
ITXSESSIONID
X-Varnish-Authentication
X-Cs
Fastly-Backend-Name
X-WA-Info
Client
X-Varnish-Beresp-TTL
X-Dynatrace
X-Provided-By
X-Micro-Cache
X-Zone
Path
My-App
Server-ID
X-Cache-Status-Check
X-VHOST
Hostname
X-Trace-ID
X-Origin-Upstream-Status
X-DC
X-AIR-PT
X-Pass-Why
DataCenter
Cache-Host
X-Up
Ohc-Cache-HIT
X-FireWall-Port
Ngx.Var.Host
X-TX-ID
X-Fpc
True-Client-IP
X-LB-ID
Lb
NtCoent-Length
X-Webkit-Csp-Report-Only
OT-Force-Account-Verify
X-NGINX-Cache
X-Proxy-CacheRZ
X-Li-Pop
X-FPC
X-LI-UUID
XkeyRZ
X-Li-Fabric
X-Varnish-Beresp-Ttl
X-Clientip
X-B3-Spanid
X-CSRF-TOKEN
Test
X-Traceid
X-ND-Cache
Powered-By
X-UnsetCookies
Cf-Int-Pingora-Origin-Digest
Proxy-Connection
X-CUA
X-Api-Version
X-Cdn-Request-ID
X-Time-Microsecs
X-Correlation-ID
X-Beluga-Cache-Status
Resin-Trace
User-Agent
X-Webkit-CSP-Report-Only
X-Beluga-Status
X-Beluga-Node
Target-Params
X-Beluga-Record
Server-Id
X-Beluga-Trace
X-Fragments
X-Beluga-Response-Time
Tracecode
X-Vcl-Version
X-RAMCache
Cf-Device-Type
X-Azure-Ref-OriginShield
X-Dmc
X-Via-PopV
X-HS-Status
X-Var-Ttl
WZWS-RAY
X-MSEdge-Features
X-FC-Vary-Parameters
Lfy
X-Via-PopN
X-Via-PopH
X-Ha-Backend
X-ATG-Version
X-Fastly-Backend
X-Sucuri-ID
X-MSEdge-Flight
X-Sucuri-Cache
X-CLOUD-TRACE-CONTEXT
X-URL
X-Platform-Cluster
X-ServedByHost
X-Render-Time
X-Platform-Processor
X-Platform-Router
X-Geo
X-NU-AKA-ACS-Version
GeoIP-Country-Code
X-M-Reqid
C-Via
X-DynaTrace-JS-Agent
Sid
X-M-Log
X-Li-Proto
GeoIP-Latitude
X-Qnm-Cache
Srvid
X-INCAP-ABP
Uri
X-Varnish-Beresp-Status
Rip
X-PX
X-Cdn-Forward
MIME-Version
X-LI-Proto
X-Fetch-By
X-Service
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Alfa-Service
Tube-Got-Results
Tube-Return
X-Backend-State
Tube-Got-Eval
Magicmarker
Click-Count-Error
Tube-Get-Contents
Click-Count-Action-Start
X-Proxy-Cache-Hk
Epwk-X-Cache
X-Gateway-Cache-Key
X-CCDN-CacheTTL
X-Gateway-Cache-Status
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-TRACE-ID
X-Check-Cacheable
Fastly-Drupal-HTML
X-Akamai-Pragma-Client-IP
HIT
X-Backend-Host
Esi-Enabled
ENV
X-Request-Start
X-Fastly-Backend-Reqs
X-ID
Cdn
X-Esi
X-Edge-POP
X-Thanos
XServer
Server-Ttl
X-Cache-CFC
PICS-Label
X-Cache-Expires
X-B3-Traceid-Primal
X-App
X-Lb-Nocache
On-Server
X-Bip
ServerName
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-LiteSpeed-Cache-Control
X-MG-S
Srv
Tcn
X-Newrelic-App-Data
X-ElasticPress-Query
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
CF-Cached-On
Section-Io-Id
Section-Io-Origin-Status
X-Yottaa-OS
Wpo-Cache-Message
Wpo-Cache-Status
Cf-Ipcountry
X-Iplb-Request-Id
X-Vcache
WebServer
X-APP
X-Iplb-Instance
D-Url-Rewrites
Inserted-Into-Cache-At
X-Acquia-Site
M-TraceId
X-Serial
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Nc
X-BBC-Origin-Response-Status
X-Acquia-Purge-Tags
X-Cache-Config
X-HostName
Servedby
Warning
X-Wp-Cf-Super-Cache-Cache-Control
X-Swift-Error
Cteonnt-Length
X-LiteSpeed-Tag
Cneonction
X-Wp-Cf-Super-Cache
X-Shopify-Generated-Cart-Token
X-Litespeed-Cache-Control
Fastcgi-Cache-Ttl
X-Request-Url
X-Snapshot-Date
Ngx
X-Fastly-Cache-Hits
X-Release
X-Storefront-Renderer-Verified
X-CF-Powered-By
X-Akamai-ERPolicy
X-Dw-Trace-Id
Content-Script-Type
Content-Style-Type
X-Th-Server
X-Akamai-ERRuleID
CountryCode
X-Dist-Code
X-IN-APIGATEWAY
X-B3-Parentspanid
X-Back
X-Akamai-Request-ID
X-Request-URL
X-IN-APIGATEWAYSSL