Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Report-To
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Backend
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
NEL
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
Accept-CH
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-B3-TraceId
X-Cloud-Trace-Context
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Country
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Trace
X-Url
Allow
X-Ac
X-Content-Type
X-Vname
X-TtlSet
X-PC
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-Aws-Lambda-Call-Status
X-Mod-Pagespeed
X-Server-Name
X-ESI
Fastly-Restarts
Cache-Tag
X-VARITI-CCR
Service-Worker-Allowed
X-Rack-Cache
Verso
X-Element-Page-Cache
MS-Author-Via
X-Upstream
X-FastCGI-Cache
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-GitHub-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-Px
RTSS
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Navigation-Version
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Powered-CMS
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-SID
AR-Request-ID
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Version
X-Origin-Cache
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
X-TTL
TCN
X-RateLimit-Remaining
X-Edge
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Protected-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-T
X-CST
X-Ruxit-Js-Agent
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Forwarded-For
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Content-MD5
S
Edge-Cache-Tag
X-Aspnetmvc-Version
Accept-Ch
X-Language
SPRequestDuration
SPIisLatency
Fastcgi-Cache
Front-End-Https
X-Mid
X-Webkit-Csp
Realpath
X-Request-Processing-Time
X-Request-Received
Server-Node
X-Recruiting
X-DynaTrace
Pinterest-Version
Pinterest-Generated-By
Filters
X-Pinterest-Rid
X-Ttl
X-Frontend
X-Ab
X-Ua-Browser
X-MCACHE
Server-Name
X-Content
X-Correlation-Id
X-Cache-Key
X-Ser
X-NWS-LOG-UUID
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Template
X-Ezoic-Cdn
X-ECACHE
X-SharePointHealthScore
SPRequestGuid
X-Hits
X-Parallel-Accel
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
X-Tt-Trace-Tag
Cache-Tags
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Charset
X-Page-Id
Host
Alternate-Protocol
Cleartype
X-B3-Sampled
X-Git-Hash
X-Www-Served-By
Fusion-Content-Id
Fusion-Component-Id
X-Geo-Country
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
X-Content-Options
X-Daa-Tunnel
X-Debug-Info
X-Hostname
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Content-Digest
X-Ratelimit-Limit
X-Amz-Replication-Status
Filterid
X-Varnish-Age
Cross-Origin-Opener-Policy
X-AppVersion
X-Activity-Id
X-Az
X-Grace
X-Accel-Expires
X-Upgrade-Enabled
X-VCache
X-Fastly-Request-Id
X-FB-Debug
ServerID
X-WebKit-CSP-Report-Only
X-F-Cache
X-Forwarded-Proto
X-N
X-Origin-Server
X-Rid
Access-Control-Allow-Method
X-Nginx-Upstream-Cache-Status
X-Mobile-URL
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Route-Name
X-Request-Guid
X-LB-Cache
X-Type
X-XRDS-LOCATION
X-TT
X-Whom
TP-L2-Cache
TP-Cache
X-Seen-By
X-Varnish-Grace
X-Goog-Stored-Content-Length
Viewport
X-App-Environment
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
X-Tb
Payment
X-FW-Serve
Node
X-FW-Server
X-Distributor
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-Fastcgi-Cache
DC
X-User-Agent
X-Server-ID
Paypal-Debug-Id
X-DataDome
X-Wix-Request-Id
Fastcgi-Useragent
X-App-Server
Accept-Charset
Country
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Tec-Api-Version
X-Fastly-Request-ID
X-Cache-Control
X-Ratelimit-Reset
X-NGENIX-Cache
X-Cache-Rule
X-Litespeed-Cache
X-Origin-Upstream-Status
Version
X-Request-Handler-Origin-Region
X-Drupal-Cache-Tags
X-Via-JSL
Referer-Policy
X-Microsite
X-Cluster-Name
X-Logged-In
X-Cache-Age
X-Contextid
X-Buckets
X-Signature
X-B-Cache
Cache-Status
Refresh
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Node-Name
X-Original-Request-Id
X-Response-Served-From
VIX-Pulpo-Upstream-Status
X-Load-Cache
VIX-Pulpo-Node
X-Varnish-Backend
X-Mobile
SD-X-WS
Amp-Access-Control-Allow-Source-Origin
X-Page-View
X-Real-IP
X-Vgn-Hpd-Reason
X-Rendered-As
X-Is-Bot
X-Cache-Expired-At
Access-Control-Request-Headers
NGB
X-Revision
X-B
X-Cacheable-TTL
X-Jobs
X-Debug
X-IPLB-Instance
X-Proxy-Cache-Status
X-Proxy
X-Device-Type
X-Yottaa-Metrics
X-RemovedCookies
X-UUID
X-Cache-Action
X-ProcessESI
X-Yottaa-Optimizations
X-Rule
X-Instance
Akamai-GRN
X-Drupal-Cache-Contexts
Surrogate-Key
X-Cache-Time
X-Framework
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Version
X-G
CF-IPCountry
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Accel-Buffering
SID
DynaTrace
X-Oracle-Dms-Ecid
X-XRDS-Location
X-Oracle-Dms-Rid
X-Presslabs-Stats
GEO-INFO
Count-Hit
X-Azure-Ref
X-Cache-NGX
X-Source
Liferay-Portal
Uber-Trace-Id
X-PressLabs-Stats
X-Ms-Version
X-Cache-Operation
X-Ms-Request-Id
X-Nginx-Cache
X-APP-VERSION
Frame-Options
X-Zen-Fury
Ms-Operation-Id
X-RTag
X-EdgeConnect-Cache-Status
X-CDN-Forward
MS-CV
Protected
Healthy
X-Cache-Hit
X-Environment-Context
X-L-Path
Xserver
X-TEC-API-ORIGIN
X-Backend-Name
X-Mode
X-TEC-API-ROOT
Countrycode
X-TEC-API-VERSION
X-Tumblr-Pixel-0
X-IPS-LoggedIn
Ec-Rule-Version
X-RateLimit-Limit
X-Varnish-Server
X-Tumblr-Pixel
Cross-Origin-Window-Policy
X-Tumblr-Pixel-1
X-Tumblr-User
X-Cache-TTL-Remaining
LB
X-Hyper-Cache
X-Adobe-Content
X-Adobe-Loc
Backend
X-Tid
WPO-Cache-Message
Meta-Geo
WPO-Cache-Status
X-Detected-As
X-SaId
X-Servername
X-RN-RSRV
X-JoinUs
X-Rewrite-Enabled
X-Region
X-UPSTREAM-Address
Country-Code
Apigw-Requestid
Decoy-Debug-Key
Decoy-Debug-Status
X-Format
X-Content-Age
X-Generation-Time
X-Extlb
X-Debug-Cache
X-Cache-Server
X-Forwarded-Host
Decoy-Debug-TTL
X-Sql-Duration-Ms
X-Sql-Count
X-Trace-Id
X-Routing-Service
X-Zipkin-Id
X-Ratelimit-Remaining
X-Redis-Cache
X-Uri
X-Proxied
X-Cache-Grace
X-PERF
X-ShardId
X-ShopId
X-Section
X-PHP-Backend
X-PCL
X-FB-TRIP-ID
X-ApacheServer
X-Alternate-Cache-Key
Mn-Server-Ip
Fastly-SSL
Eomportal-Instance
Cache-Name
Url
X-Access
Content-Disposition
X-Hosted-By
X-Via-Fastly
X-No-Session
X-NCache
X-Sorting-Hat-PodId
X-OCL
X-Content-Powered-By
Section-Io-Cache
X-ServerID
X-Microcachable
X-Origin-Date
X-Human
X-Shopify-Stage
X-Sorting-Hat-ShopId
TWC-Device-Class
TWC-GeoIP-Country
CDN-Uid
TWC-Locale-Group
X-ProxyCache-Status
TWC-Privacy
CDN-CachedAt
TWC-Connection-Speed
Selected-Fe
X-Storage
X-Status
X-Say-TTL
CDN-PullZone
CDN-RequestId
CDN-EdgeStorageId
Property-Id
X-ProxyCache-Key
X-Proxy-Build
Webcakes-App-Name
Webcakes-Region
X-Cache-Type
X-Site-Version
X-Say-Cacheable
X-Origin-Hint
X-Cluster-Node
X-UA-Device-Type
X-Varnish-Beresp-Grace
X-SayCDN-TTL
X-Cache-Host
X-BYPASS-REASON
X-Pubstack
X-Timing-Wait
CDN-RequestCountryCode
CDN-Cache
X-Akamai-Edgescape
X-Server-W
X-NYM-Debug-Backend
Webcakes-App-Version
TWC-GeoIP-LatLong
Cache-Tv-Group
X-Soup
X-Hl-Ver
X-Generated-By
X-Be
X-Web-Node
X-Varnishpool
X-R9-Blue-Green-Version
Azure-SlotName
Azure-SiteName
Content-Secure-Policy
Azure-Version
Azure-InstanceId
Azure-RegionName
X-TIME
X-LSADC-Cache
X-Ua
DB-Nickname
X-NewRelic-App-Data
Retry-After
X-Nginx-Cache-Key
X-Webkit-CSP
OT-Force-Account-Verify
X-Azure-Ref-OriginShield
X-Dc
X-Bc-Bl
X-Cached-By
Source
X-Unique-Id
X-Cache-Remote
Cache
X-TT-LOGID
SRV
X-Akamai-Transformed
X-Platform-Server
X-Auto-Login
X-LAGOON
X-EC-Lua
X-Xfnlog-Site
X-Cache-Tags
X-GEO
X-SRV
ServedBy
Upgrade-Insecure-Requests
X-Origin-CC
X-Varnish-Hits
X-Origin-TTL
Cache-Hits
From-Origin
X-Varnish-Cache-Hits
X-Loop
X-HTML-Minification-Powered-By
X-TNCMS
X-Cdn
X-Varnish-Hostname
X-S-Maxage
Xet-Cookie
Mime-Version
Onion-Location
HostName
X-Request-Time
X-AOL-HN
X-App-Version
Webserver
X-NWS-UUID-VERIFY
WP-Super-Cache
X-Request-Host
X-CSRF-Token
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-2
X-Time
Web-Mar-Node
X-Tumblr-Pixel-3
N-Cache
X-Proto
X-Cache-Enabled
X-Handled-By
X-ECache
X-Endurance-Cache-Level
X-FireWall-Port
X-Tenant
X-B3-SpanId
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-GG-Cache-Date
X-Time-Microsecs
X-Origin-Response-Time
X-Conf
V-Age
X-SRCache-Key
Vix-Hermes-Req-Id
X-Cluster
X-Connection-Hash
X-Adobe-Source
X-Edge-Location
Nel
X-External-Request-Id
User-Cache-Control
X-Epic-Correlation-Id
X-Session-Fingerprint
X-Ckpd-Fst-Backend
X-Shop-Environment
X-Destination
X-Developer
X-D
X-Cache-NE
X-VG-WebCache
X-Aed
Xc-Version
X-Application
X-Vtex-Remote-Cache
X-A-Wwc
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-Vdms-Version
X-Vdms-Path
X-Block-Status
X-A
X-Vtex-Processado-Em
X-CF-Lambda-Fn
X-TIM-N
X-V-Cache
X-ARC
X-B-Cookie
X-Backend-TTL
X-CF-Lambda-Version
X-Forwarded-Path
X-Reqid
X-Planisys-CDN-Rules
Odigeo-Trace-Id
Pramga
Redirect-Candidate
X-Processor
X-Rojux
X-Planisys-CDN-Cache
BehaviorPad-Version
Mobile-Detection-Method
Fastcgi-X-Cache-Version
X-Orig-Expires
Expiry
X-Planisys-CDN-TTL
Meta-Geo-Continent
X-NAPM-TraceId
X-ND-Cache
Rendered-Blocks
DCR-Decision-By
X-ScT
DCR-Processing-Time-Ms
Surrogated-Key
X-SD-PageType
X-RCS-CacheZone
X-Ftr-Request-Id
X-PAYTM-SRV-ID
X-Gen-Mode
X-Correlation-ID
A
X-S-Cookie
X-Ig-Push-State
X-PBS-Appsvrname
Sslversion
X-S
X-Hnp-Log
X-Mg-Request-UUID
X-Magnolia-Registration
X-MP-GENERATED-AT
DSUID
Wxu-Next-Hostname
Wxu-Next-Commit
State
Svr
True-Client-Country-4JS
Origin
Wxu-Next-Region
Fastcgi-Cache-TTL
Gh-Request-Id
Host-ID
X-Webstats-RespID
X-Sucuri-Cache
X-Location
X-Rocket-Nginx-Serving-Static
X-Men
X-LI-UUID
X-Li-Pop
X-Hash
X-Scheme
X-Li-Fabric
X-Mvc-Supplant-Cachable
X-NodeID
X-Policy
X-Origin
X-Origin-Expires
X-Proxy-Upstream
X-Old-Content-Length
X-Nyt-Route
X-Request-URI
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Cache-Info
X-Cdn-Srv
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Aicache-OS
X-Accel-Expires-Debug
X-VG-TLSProxy
X-Sucuri-ID
X-Origin-Time
X-Gdpr
X-Server-IP
X-Geo-Header
X-Forwarded-Site
X-Fastly-Cache
X-Slack-Backend
X-Date
X-Viewer-Country
X-Cache-Bucket
X-Cache-Var-Map
X-PHP-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
CacheControlHeader
AKAMAI
X-Labrador-Cache-Channel
Arc-Country
X-Amzn-RequestId
X-Cache-Var
Apple-News-Services-Host
Cmsid
Apple-News-Services-Parsed-Url
X-Amz-Apigw-Id
CDCHOST
CloudFront-Viewer-Country
Cmstype
Server-Info
S-Rt
Environment
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Esi-Check
X-Developers
X-Device-Os
X-Eu-Site
X-Envoy-Decorator-Operation
X-CGP
X-BBC-Edge-Cache-Status
X-Branch-Name
X-Backend-State
Web-Mar-Region
We-Hiring
X-Cache-Date
X-Cache-Debug
X-Core-Value
X-Csrf-Jwt
X-Core-Mission
X-Fastly-Backend
X-Cache-Id
X-Datadog-Parent-Id
X-HN
X-Sigma-Backend
X-Skip-Cache
X-Sigma
X-Akamai-Request-ID2
X-Served-From
X-Http-Reason
X-TH-Server
X-VarnishDD-TTL
X-VServer
X-Varnish-Beresp-Status
X-UnsetCookies
X-TrackingId
X-Rocket-Build-Number
X-Req
X-GeoIP-City
X-Gzip
X-GeoIP
X-Varnish-Beresp-Ttl
X-Generated-On
X-HS-Content-Campaign-Id
X-Irp-Debug
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Owner
AMP-Access-Control-Allow-Source-Origin
X-Level-Front-Cache
X-Fetched-On
X-Platform
Ssr
Fastly-GeoIP-CountryCode
Traceparent
Origin-CC
Machine
Ha-Gx-Prefs
L
L5d-Success-Class
HA-Ipaddr
Origin-EX
Server-Host
PFcat
Locid
Mail-Subject
Req-Svc-Chain
Release
X-Via-NSCOPI
TDXMobile
X-Node-Id
X-NU-AKA-ACS-Version
X-Locale
Memcached
X-Pod-Name
X-Cdn-Origin
X-Qloud-Router
NM-Fastcgi-Cache
X-Gamma-Serve
X-FC-Vary-Parameters
Platform
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-JWT-State
X-Is-Gdpr
Adler-Geo
X-Has-Esi
X-Loc
Thinkindot-CacheControl
X-Sn-Servicetimems
X-Storefront-Renderer-Rendered
X-Rebelmouse-Cache-Control
X-Amzn-Remapped-Content-Length
Is-Eu
Fastly-SWR
Fastly-SIE
X-Varnish-CookieHashed-On
X-Variation
Cf-Device-Type
X-Thinkindot-L3
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-ATG-Version
X-Region-Sid
X-Rebelmouse-Surrogate-Control
Magicmarker
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Response-By
X-Worker
Fastly-Drupal-Html
X-VC-Cache
X-Xrds-Location
X-Restarts
X-Tx-Id
X-Request-Start
NGX
X-TraceId
X-Ua-Device
X-Qnm-Cache
X-M-Reqid
X-M-Log
Kp-EeAlive
X-NC
X-Thanos
X-CS
X-API-Version
X-Bip
X-Zone
X-RPM
X-DW
X-DSS
X-DI
X-Up
X-LB-ID
X-RSL
X-Cache-Backend
X-Wix-Viewer-Type
X-Mvc-Supplant-OutputCached
Edge-Cache
X-DB
X-RPS
X-LB-NoCache
Pics-Label
X-Generated-In
CDN
Accept-Language
X-Action
X-Trace-ID
Time
X-Cache-Config
Memory
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
X-Optimistic-Header
X-Edge-Pop
X-Minions-Version
Env
X-Refresh
X-CacheTTL
X-Datadome
X-Srv
X-Via-Popv
X-Via-Poph
WebServer
X-Varnish-Ttl
Datacenter
X-Via-Popn
GeoIp-Country-Code
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
NtCoent-Length
X-ZONE
Candidate-Md5Url
X-HA-Backend
X-Vc
X-CACHE-KEY
X-DC
X-DynaTrace-JS-Agent
X-User
On-Server
X-Esi
X-Servedbyhost
Server-ID
X-Ec-GeoHdr
X-TA-CDN-Provider
X-Cs
WWW-Authenticate
X-Ec-Fail
X-Parent-Response-Time
Esi-Enabled
X-MSEdge-Features
X-MSEdge-Flight
X-Unique-ID
X-TX-ID
X-CLOUD-TRACE-CONTEXT
X-AK-Request-ID
X-Service
Cdnsip
X-Varnish-Beresp-TTL
C-Via
X-VCL-Version
X-Cache-PHP
Cdncip
X-Newrelic-Synthetics
My-App
Cluster
Geoip-Latitude
X-App
X-Cache-Ttl
X-WADP-Cache
X-LI-Proto
X-Li-Proto
X-Fmm-Version
X-Clara-WADP
X-URL
Proxy-Connection
X-Dynatrace
X-Var-Ttl
X-Webkit-Csp-Report-Only
Test
Tracecode
X-Fpc
X-CUA
X-FPC
X-Traceid
X-Pass-Why
Geo-Info
X-Vcl-Version
Fastly-Drupal-HTML
T-Server
X-B3-Spanid
X-Cache-Status-Check
Lfy
X-From
X-Render-Time
X-LiteSpeed-Cache-Control
Cf-Int-Pingora-Origin-Digest
X-NODE
X-Webkit-CSP-Report-Only
X-Fragments
DataCenter
Lang
X-Mcache
Resin-Trace
M-TraceId
Target-Params
X-CSRF-TOKEN
X-VC
X-WP-CF-Super-Cache-Cache-Control
MIME-Version
Hostname
X-Ha-Backend
X-WP-CF-Super-Cache
Server-Id
X-Clientip
X-ServedByHost
X-ID
X-RAMCache
X-Geo
GeoIP-Country-Code
X-Via-PopN
X-Httpd
X-Proxy-Cache-Info
Permissions-Policy
X-Via-PopV
X-Via-PopH
Hit
UCS
X-Oss-Server-Time
X-Info
X-NGINX-Cache
HIT
X-Oss-Request-Id
X-Oss-Object-Type
X-COUNTRY
X-LiteSpeed-Tag
Cache-Host
X-Oss-Hash-Crc64ecma
X-AIR-PT
X-Oss-Storage-Class
X-Dynatrace-Js-Agent
X-Provided-By
Section-Io-Origin-Status
Section-Io-Id
X-Cdn-Forward
Producers
Section-Io-Origin-Time-Seconds
X-Check-Cacheable
S-Cnection
Servername
WZWS-RAY
Section-Origin-Responded
ENV
X-Edge-POP
X-Pad
X-SB
FSS-Cache
X-Edge-Cache
X-Api-Version
X-Fastly-Backend-Reqs
Ohc-File-Size
X-Udemy-Cache-App-Namespace
X-BBC-Origin-Response-Status
X-Platform-Processor
Fastly-Backend-Name
X-Ucs
User-Agent
X-Platform-Router
X-HS-Status
X-ServerName
X-Platform-Cluster
X-Micro-Cache
X-ElasticPress-Query
X-Pool
Load-Balancing
X-Acquia-Application-UUID
X-GoCache-CacheStatus
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-UP
X-Release
X-Acquia-Site
X-Lb-Nocache
X-Backend-Host
X-Scale
PICS-Label
Uri
X-Ec-Custom-Error
X-Lb-Id
URI
ServerName
X-Cache-CFC
X-Srcache-Fetch-Status
X-TRACE-ID
Sid
X-Srcache-Store-Status
X-SIPLIST1
Server-Hostname
MD5-Digest
IsBot
Server-Ext
Server-Ttl
X-Cache-Expires
Sever-Int
X-Dispatcher-Number
Tcn
Cneonction
X-RateLimit-Reset
Cteonnt-Length
X-Fastly-Cache-Hits
X-BCube-Filmed-By
X-Nc
X-APP
X-Cdn-Request-ID
X-Swift-Error
Cdn
EpKe-Alive
X-Dw-Trace-Id
X-Akamai-ERPolicy
Path
X-Cache-ASPX
X-Vcache
Wpo-Cache-Status
X-Via-Ucdn
Wpo-Cache-Message
X-Yottaa-OS
X-Newrelic-App-Data
CF-Cached-On
X-B3-ParentSpanId
X-Akamai-ERRuleID
Ohc-Cache-HIT
X-Contensis-Viewer-Groups
Cf-Ipcountry
X-Snapshot-Date
Shield-Pop
Vha6-Origin
X-HostName
X-Cache-Ngx
X-Air-Pt
Ngx
CPC-Age
X-Shopify-Generated-Cart-Token
X-Apw-Access-Token
X-IN-APIGATEWAYSSL
X-Sentry-ID
X-Litespeed-Cache-Control
X-WA
X-IN-APIGATEWAY
X-Apw-Access-Action
VNS-Cache
X-B3-Parentspanid
X-Apw-Access-Object
X-Apw-Hits
X-Logging-Id
X-UA
Req-ID
X-Last-Modified
X-Akamai-Pragma-Client-IP
X-Http-Count
X-Te-Duration-Ms
X-Http-Duration-Ms
X-CacheKey
X-WA-Info
X-Amz-Meta-Cb-Modifiedtime
X-Te-Count
X-Akamai-Request-ID
X-Varnish-Authentication
Cache-Key
VNS-Age
CountryCode
CPC-Cache