Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
EagleId
Request-Context
X-Ua-Compatible
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Rq
Grace
X-Dns-Prefetch-Control
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-Akamai-Path-Stats
X-LiteSpeed-Cache
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Cf-Railgun
Allow
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
Accept-CH
X-CST
Surrogate-Control
X-Backend-Server
Request-Id
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
X-ASPNET-VERSION
Cf-Edge-Cache
Rating
X-Trace
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
X-Rack-Cache
X-MS-InvokeApp
X-Server-Name
X-Clacks-Overhead
RTSS
Edge-Control
X-Varnish-TTL
X-ESI
X-Content-Type
X-VARITI-CCR
X-Vcap-Request-Id
Cache-Tag
X-B3-TraceId
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Amz-Rid
X-Cnection
X-Ac
Public-Key-Pins
X-Dw-Request-Base-Id
X-Px
X-Amz-Server-Side-Encryption
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Cache-TTL
X-Client-IP
X-Powered-By-Plesk
X-FastCGI-Cache
Service-Worker-Allowed
X-Middleton-Display
Display
X-Sol
Pagespeed
X-Country-Code
X-GitHub-Request-Id
X-Ser
X-Edge
Arr-Disable-Session-Affinity
X-Version
X-Middleton-Response
Response
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-Ttl
X-Upstream
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Kinsta-Cache
X-Ruxit-Js-Agent
X-Correlation-Id
X-Edge-Location-Klb
X-Webkit-Csp
SPRequestDuration
SPIisLatency
X-TTL
X-Cached
X-NWS-LOG-UUID
X-LLID
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Powered-CMS
Nginx-Cache
X-RateLimit-Limit
Edge-Cache-Tag
TCN
X-Cache-Key
X-Litespeed-Cache
MS-Author-Via
X-SharePointHealthScore
SPRequestGuid
X-Forwarded-For
X-MSEdge-Ref
MRF-Tech
Mrf-Cache-Status
X-Id
X-Shield-Request-Id
Content-MD5
X-B3-TraceId-Primal
X-Content-Security-Policy-Report-Only
X-Daa-Tunnel
X-T
X-Recruiting
X-Mg-S
S
X-TEC-API-ORIGIN
X-Content-Digest
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Protected-By
X-DataDome
X-Ua-Device
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Frontend
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-Yandex-Sdch-Disable
X-Ua-Browser
X-Content
X-Ab
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
Front-End-Https
X-ORACLE-DMS-ECID
Server-Node
X-Accel-Expires
X-HS-Combine-CSS
X-Request-Processing-Time
X-Grace
Filters
X-Request-Received
X-ORACLE-DMS-RID
X-Mid
Fastcgi-Cache
X-Server-ID
X-Geo-Country
X-Hits
X-PressLabs-Stats
X-Origin-Server
X-Ratelimit-Reset
TP-L2-Cache
TP-Cache
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Distributor
X-Debug-Info
X-Amzn-Trace-Id
X-ECACHE
Charset
X-Tt-Trace-Tag
Cleartype
X-Tt-Trace-Host
X-DynaTrace
Host
X-Git-Hash
X-Page-Id
X-Www-Served-By
Cross-Origin-Opener-Policy
X-F-Cache
X-DIS-Request-ID
X-B3-Sampled
X-LB-Cache
X-Cache-Age
Access-Control-Allow-Method
Cache-Tags
X-Forwarded-Proto
ServerID
X-Seen-By
X-Microsite
X-Request-Handler-Origin-Region
X-Language
X-Cluster-Name
Server-Name
X-Az
X-AppVersion
X-Activity-Id
X-Varnish-Age
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-WebKit-CSP-Report-Only
Accept-Charset
X-XRDS-LOCATION
X-Aspnetmvc-Version
Realpath
Cache-Status
Filterid
X-Rid
X-Content-Options
X-Type
X-App-Environment
X-Mobile-URL
X-Varnish-Grace
X-User-Agent
X-Upgrade-Enabled
Country
Viewport
X-Nginx-Upstream-Cache-Status
X-FB-Debug
Node
X-Origin-Cache
X-Wix-Request-Id
X-Via-JSL
Paypal-Debug-Id
DC
X-Tb
X-Whom
X-Signature
X-Route-Name
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Request-Guid
X-B-Cache
X-NWS-UUID-VERIFY
X-Goog-Storage-Class
X-Goog-Generation
X-Drupal-Cache-Tags
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-VCache
X-TT
X-GUploader-UploadID
X-Oracle-Dms-Ecid
X-Goog-Metageneration
Protected
X-Fastly-Request-Id
Retry-After
X-Oracle-Dms-Rid
Fastcgi-Useragent
X-MCACHE
X-Varnish-Backend
X-Cache-NGX
X-Amz-Replication-Status
X-B
Payment
X-Contextid
X-Debug
X-Fastly-Request-ID
X-Fastcgi-Cache
X-Logged-In
X-Template
X-Mcache
WPO-Cache-Message
WPO-Cache-Status
X-Load-Cache
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-N
X-FW-Dynamic
Surrogate-Key
X-Cache-Control
X-ECache
X-Hostname
X-Trace-Id
X-Node-Name
Count-Hit
Amp-Access-Control-Allow-Source-Origin
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
SD-X-WS
X-B3-Traceid
X-Original-Request-Id
X-Response-Served-From
Refresh
Akamai-GRN
X-Proxy
Healthy
Uber-Trace-Id
VIX-Pulpo-Node
X-Mobile
X-Amz-Meta-S3cmd-Attrs
X-Parallel-Accel
X-Real-IP
X-G
X-Revision
X-XRDS-Location
X-Zen-Fury
X-Cache-Time
X-Akamai-Request-ID2
VIX-Pulpo-Upstream-Status
X-Jobs
X-UUID
X-Cacheable-TTL
X-Rendered-As
X-Is-Bot
X-Http-Reason
X-Framework
Alternate-Protocol
X-Device-Type
X-Instance
X-Yottaa-Metrics
X-Page-View
NGB
X-Yottaa-Optimizations
X-Cache-TTL-Remaining
X-Proxy-Cache-Status
X-Debug-IsPreview
Content-Disposition
X-Debug-IsConnected
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Adobe-Loc
X-Adobe-Content
X-Cache-Rule
From-Origin
X-IPLB-Instance
Url
X-Source
X-Vgn-Hpd-Reason
X-Servername
Version
Permissions-Policy
X-Cache-Grace
X-Cache-Expired-At
Accept-Language
X-Varnish-Server
X-Cache-Hit
X-Environment-Context
X-Oneagent-Js-Injection
X-Mg-Request-UUID
Referer-Policy
X-L-Path
X-EdgeConnect-Cache-Status
X-Ratelimit-Remaining
Countrycode
X-Restarts
X-App-Server
X-FW-Version
MS-CV
X-NGENIX-Cache
X-RTag
Ms-Operation-Id
Cross-Origin-Window-Policy
X-Cache-Action
X-Tumblr-User
X-Tumblr-Pixel
Backend
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-NYM-Debug-Backend
Frame-Options
X-ProcessESI
X-Nginx-Cache
X-RemovedCookies
Liferay-Portal
CF-IPCountry
WP-Super-Cache
X-Hyper-Cache
Content-Secure-Policy
X-HTML-Minification-Powered-By
X-COUNTRY
Upgrade-Insecure-Requests
X-Redis-Cache
X-APP-VERSION
X-Cache-Server
X-UPSTREAM-Address
Meta-Geo
Section-Io-Cache
X-RN-RSRV
X-PCL
X-Ua
X-Cluster-Node
X-OCL
X-FB-TRIP-ID
X-Section
Cache-Tv-Group
X-Format
X-Access
X-Content-Age
X-Generation-Time
X-Cache-Enabled
Ec-Rule-Version
X-Rule
X-Generated-By
X-Detected-As
X-Be
X-Hosted-By
X-Origin-Date
X-Say-TTL
X-Say-Cacheable
X-PHP-Backend
X-AOL-HN
X-No-Session
X-Akamai-Edgescape
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
S-Rt
Locale
Fastly-SSL
X-SayCDN-TTL
X-Urbn-Context-Path
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
X-ApacheServer
X-Region
X-PERF
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Varnish-Cache-Hits
X-Urbn-Site-Id
Apigw-Requestid
X-Via-Fastly
X-Web-Node
TWC-Device-Class
TWC-Connection-Speed
Property-Id
X-Site-Version
X-Human
X-Uri
X-Request-Time
Eomportal-Instance
Mn-Server-Ip
X-UA-Device-Type
X-Server-W
X-BYPASS-REASON
X-Sql-Count
X-Sql-Duration-Ms
X-Storage
X-ProxyCache-Key
X-ProxyCache-Status
X-Forwarded-Host
X-Debug-Cache
X-Content-Powered-By
X-Cache-Type
X-Cache-Tags
X-Status
Webserver
X-Cache-Host
X-ServerID
CDN-PullZone
CDN-Uid
CDN-RequestCountryCode
CDN-RequestId
X-SaId
X-JoinUs
X-Platform-Server
CDN-CachedAt
X-Hl-Ver
X-Nginx-Cache-Key
X-Backend-Name
CDN-EdgeStorageId
X-Xfnlog-Site
X-Varnishpool
CDN-Cache
X-Mode
X-Unique-Id
X-TT-LOGID
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Cache-Operation
X-Webkit-CSP
Selected-Fe
ServedBy
X-Handled-By
X-Adobe-Source
X-Accel-Buffering
X-Timing-Wait
X-Proxy-Build
X-Routing-Service
X-Tid
X-Extlb
X-Zipkin-Id
X-Proxied
X-Labrador-Cache-Channel
X-GG-Cache-Date
X-PHP-Host
X-Locale
X-Dc
SID
X-Cache-Remote
X-Ratelimit-Limit
X-Rewrite-Enabled
Xserver
X-Datadome
X-LSADC-Cache
X-VC-Cache
X-NewRelic-App-Data
X-Soup
X-Pubstack
X-Cached-By
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-Buckets
Mime-Version
Fastly-Drupal-Html
Web-Mar-Node
X-Proto
X-Edge-Location
SRV
X-GEO
X-Storefront-Renderer-Rendered
Decoy-Debug-Status
Decoy-Debug-TTL
X-Request-Host
Decoy-Debug-Key
Country-Code
X-Microcachable
Onion-Location
X-TA-CDN-Provider
X-CDN-Forward
X-Reqid
X-Cms-Context
LB
X-App-Version
X-Varnish-Hostname
X-Origin-CC
Server-Info
X-Origin-TTL
Cache-Hits
X-Midtier
Xet-Cookie
X-GeoCountry
X-GeoCode
Load-Balancing
X-NCache
X-Ms-Request-Id
X-Tumblr-Pixel-2
X-CSRF-Token
X-Tumblr-Pixel-3
X-Ms-Version
X-MP-GENERATED-AT
X-Varnish-Hits
X-Cluster
X-Bc-Bl
DynaTrace
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
Cache-Name
X-Varnish-Beresp-Grace
X-SRV
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Response-Time
X-Azure-Ref
X-Envoy-Decorator-Operation
X-Endurance-Cache-Level
Lang
Host-ID
NM-Fastcgi-Cache
X-Gzip
X-Geo-Header
X-Hash
Meta-Geo-Continent
Xc-Version
Mobile-Detection-Method
X-Ftr-Request-Id
DCR-Processing-Time-Ms
Cdncip
Cdnsip
A
X-LAGOON
X-Men
BehaviorPad-Version
Cmsid
Cmstype
X-Ig-Push-State
Fastcgi-X-Cache-Version
Expiry
Odigeo-Trace-Id
DB-Nickname
DCR-Decision-By
X-HS-Content-Campaign-Id
X-TrackingId
X-A-Dgt
X-NAPM-TraceId
X-CF-Lambda-Version
X-PBS-Appsvrname
X-CF-Lambda-Fn
X-Aed
X-A-Dcw
X-Conf
X-Orig-Expires
X-NodeID
X-PAYTM-SRV-ID
X-Shop-Environment
X-Connection-Hash
X-Session-Fingerprint
X-AK-Request-ID
X-Cache-NE
X-Rojux
X-S
X-B-Cookie
X-Cache-Bucket
X-ARC
X-S-Cookie
X-Application
X-SD-PageType
X-ScT
X-Cdn-Srv
X-Processor
X-D
X-Destination
X-Vdms-Path
X-Vdms-Version
X-Esi-Check
Rendered-Blocks
X-Epic-Correlation-Id
X-VG-WebCache
X-Vtex-Processado-Em
X-From
Pramga
X-Forwarded-Path
X-External-Request-Id
X-Vtex-Remote-Cache
X-User
X-Cache-Id
X-Developer
T-Server
X-A
X-A-Ccd
X-A-Dam
X-SRCache-Key
X-Tenant
X-Ec-GeoHdr
Sslversion
X-TIM-N
Surrogated-Key
X-Ec-Fail
X-Webstats-RespID
X-A-Wwc
X-R9-Blue-Green-Version
X-B3-SpanId
X-Magnolia-Registration
X-Via-NSCOPI
X-RCS-CacheZone
X-Gdpr
X-Fetched-On
X-Device-Os
X-DefHash
X-GeoIP
X-DPWN-IS-SECURE
X-Has-Esi
X-Loop
X-Mvc-Supplant-Cachable
X-Location
X-JWT-State
X-Irp-Debug
X-Is-Gdpr
X-DefElseHash
X-Ckpd-Fst-Backend
V-Age
Vix-Hermes-Req-Id
Svr
Server-Host
Platform
Producers
We-Hiring
Web-Mar-Region
X-Cache-Info
X-Node-Id
X-Cache-Backend
X-Amzn-Remapped-Content-Length
X-Varnish-Ttl
X-Core-Mission
X-Old-Content-Length
X-Viewer-Country
X-Wix-Viewer-Type
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Variation
X-Varnish-CookieHashed-On
Apple-News-Services-Handled
Apple-News-Services-Host
Wxu-Next-Region
X-Developers
Wxu-Next-Hostname
Wxu-Next-Commit
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-V-Cache
X-TNCMS
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Request-URI
X-Origin-Time
X-Origin-Expires
Memcached
X-Origin
X-Rocket-Build-Number
X-Scheme
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Slack-Backend
X-Sigma-Backend
X-Server-IP
X-Sigma
X-Nyt-Route
X-Planisys-CDN-TTL
Source
Fastly-GeoIP-CountryCode
Is-Eu
AKAMAI
X-Tx-Id
Machine
Adler-Geo
Mail-Subject
CDN
HostName
X-Hnp-Log
X-Aicache-OS
X-HN
X-Generated-On
X-Httpd
X-GeoIP-City
Gh-Request-Id
Ha-Gx-Prefs
CloudFront-Viewer-Country
Cache
HA-Ipaddr
Cluster
X-Loc
X-Gen-Mode
X-Level-Front-Cache
Environment
X-Branch-Name
X-Block-Status
X-Core-Value
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Eu-Site
X-Fastly-Cache
X-Gamma-Serve
X-Cdn-Origin
X-Forwarded-Site
X-CGP
X-Clara-WADP
X-Fmm-Version
X-Cache-Date
X-Platform
X-Skip-Cache
X-Sn-Servicetimems
X-Thinkindot-L3
Redirect-Candidate
Release
X-SB
X-Served-From
PFcat
X-VarnishDD-TTL
X-Ec-Custom-Error
N-Cache
X-Pod-Name
Locid
X-WADP-Cache
X-VG-TLSProxy
X-VServer
X-Rocket-Nginx-Serving-Static
X-Response-By
X-Proxy-Cache-Info
X-Proxy-Upstream
Thinkindot-Control
X-Pool
User-Cache-Control
L
L5d-Success-Class
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Region-Sid
State
Ssr
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
TDXMobile
X-Qloud-Router
Kp-EeAlive
X-TIME
X-TraceId
X-Optimistic-Header
CDCHOST
X-Policy
Traceparent
X-Minions-Version
X-DW
X-BBC-Edge-Cache-Status
X-Auto-Login
DSUID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Origin-CC
X-Time
X-EC-Lua
MD5-Digest
Origin-EX
Req-Svc-Chain
Arc-Country
X-RPM
X-RPS
X-RSL
X-DSS
Origin
Fastcgi-Cache-TTL
Fastly-SWR
X-DB
Fastly-SIE
X-DI
X-Tec-Api-Root
X-Srv
X-Tec-Api-Origin
X-Tec-Api-Version
X-Parent-Response-Time
NGX
X-Owner
X-Dispatcher-Number
AMP-Access-Control-Allow-Source-Origin
X-Accel-Expires-Debug
X-CacheTTL
X-NC
X-Date
GEO-INFO
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-ZONE
X-Tb-Optimization-Total-Bytes-Saved
X-VC
X-CS
X-GeoIP-Region-Code
Env
X-GeoIP-Country-Code
X-Akamai-Transformed
X-Via-Ucdn
X-Refresh
X-SIPLIST1
X-Mvc-Supplant-OutputCached
Sever-Int
Server-Ext
Time
Memory
X-Ah-Environment
Pics-Label
IsBot
Server-Hostname
X-Scale
X-Edge-Pop
X-Newrelic-Synthetics
X-Tt-Logid
X-Udemy-Cache-App-Namespace
Ms-Author-Via
X-API-Version
Servername
X-Cache-Debug
Ohc-File-Size
X-Wikidot-Backend
X-LB-NoCache
X-Wikidot-Static-Cache
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
X-IPLB-Request-ID
Fusion-Content-Id
CacheControlHeader
Geo-Info
X-Amz-Meta-Cb-Modifiedtime
X-Generated-In
Datacenter
X-Ad-Defer-Variation
GeoIp-Country-Code
Candidate-Md5Url
Cache-Key
X-BCube-Filmed-By
X-CACHE-KEY
X-Xrds-Location
VNS-Age
X-Contensis-Viewer-Groups
X-Via-Popv
X-TH-Server
VNS-Cache
CPC-Age
X-Action
True-Client-Country-4JS
X-S-Maxage
X-Cache-ASPX
X-Via-Popn
XM
CPC-Cache
X-Via-Poph
Fastly-Backend-Name
X-Backend-TTL
ITXSESSIONID
X-Varnish-Authentication
X-Servedbyhost
Geoip-Latitude
X-HA-Backend
X-SplitTest
X-RateLimit-Reset
FSS-Cache
X-Varnish-Beresp-TTL
Path
X-WA-Info
X-Cache-Status-Check
Client
X-Presslabs-Stats
X-Micro-Cache
X-Cs
X-Vc
X-Zone
Edge-Cache
X-VCL-Version
X-AIR-PT
X-Req
X-Provided-By
X-Dynatrace
Lb
X-VHOST
X-DC
X-Trace-ID
Cache-Host
My-App
Server-ID
X-CLOUD-TRACE-CONTEXT
True-Client-IP
Ngx.Var.Host
Hostname
Ohc-Cache-HIT
X-Origin-Upstream-Status
X-Pass-Why
X-Correlation-ID
X-Up
X-FireWall-Port
X-TX-ID
DataCenter
X-B3-Spanid
X-Api-Version
X-Webkit-Csp-Report-Only
X-Fpc
X-Proxy-CacheRZ
XkeyRZ
X-FPC
X-Clientip
NtCoent-Length
X-LB-ID
X-PX
Powered-By
X-Varnish-Beresp-Ttl
X-Traceid
OT-Force-Account-Verify
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Cdn-Request-ID
Test
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
Server-Id
X-CSRF-TOKEN
X-UnsetCookies
X-ND-Cache
X-Vcl-Version
X-Beluga-Record
X-Time-Microsecs
WZWS-RAY
X-Beluga-Status
X-Beluga-Node
X-Beluga-Trace
X-Beluga-Cache-Status
X-Webkit-CSP-Report-Only
X-CUA
X-Dmc
X-MSEdge-Features
X-MSEdge-Flight
User-Agent
X-Beluga-Response-Time
X-INCAP-ABP
Proxy-Connection
X-Fragments
Cf-Device-Type
Target-Params
Uri
Tracecode
X-RAMCache
X-Azure-Ref-OriginShield
X-Var-Ttl
X-Via-PopV
X-Sucuri-Cache
X-Sucuri-ID
X-ATG-Version
X-Render-Time
X-Fastly-Backend
Srvid
X-Ha-Backend
Resin-Trace
Lfy
C-Via
X-Via-PopN
X-Via-PopH
X-ServedByHost
X-HS-Status
Rip
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-FC-Vary-Parameters
X-URL
X-Akamai-Pragma-Client-IP
X-Geo
X-Gateway-Skip-Cache
Tube-Get-Contents
GeoIP-Country-Code
Sid
Tube-Return
X-Gateway-Cache-Key
Tube-Got-Eval
GeoIP-Latitude
X-Service
Click-Count-Error
Tube-Got-Results
X-Gateway-Cache-Status
Click-Count-Action-Start
X-Gateway-Request-Id
X-Check-Cacheable
MIME-Version
Epwk-X-Cache
X-Alfa-Service
X-Cdn-Forward
X-DynaTrace-JS-Agent
X-M-Reqid
X-M-Log
X-CCDN-CacheTTL
X-Li-Proto
X-Qnm-Cache
X-LI-Proto
Esi-Enabled
X-Hcs-Proxy-Type
X-NU-AKA-ACS-Version
X-CCDN-Origin-Time
HIT
X-Varnish-Beresp-Status
X-Fetch-By
X-Proxy-Cache-Hk
Fastly-Drupal-HTML
X-TRACE-ID
X-Backend-State
Section-Io-Origin-Time-Seconds
Section-Io-Id
ENV
Magicmarker
X-Backend-Host
Section-Origin-Responded
Section-Io-Origin-Status
X-Fastly-Backend-Reqs
Srv
Cdn
X-Esi
X-Cache-CFC
X-Request-Start
ServerName
On-Server
XServer
X-Cache-Expires
X-Edge-POP
X-Lb-Nocache
X-B3-Traceid-Primal
PICS-Label
X-LiteSpeed-Cache-Control
X-MG-S
X-Srcache-Fetch-Status
X-Srcache-Store-Status
CF-Cached-On
Server-Ttl
X-Newrelic-App-Data
X-Bip
X-ElasticPress-Query
Tcn
X-App
X-APP
X-Yottaa-OS
X-Thanos
D-Url-Rewrites
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Wpo-Cache-Status
X-Vcache
Cf-Ipcountry
Wpo-Cache-Message
X-BBC-Origin-Response-Status
X-Acquia-Purge-Tags
X-Acquia-Site
X-Iplb-Instance
X-Nc
Inserted-Into-Cache-At
X-Serial
X-Iplb-Request-Id
X-HostName
Warning
Servedby
CountryCode
X-Akamai-ERPolicy
X-Akamai-Request-ID
X-Cache-Config
X-Request-Url
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
X-Dist-Code
Fastcgi-Cache-Ttl
M-TraceId
X-Akamai-ERRuleID
X-Snapshot-Date
X-CF-Powered-By
X-Release
X-Back
X-Storefront-Renderer-Verified
X-B3-Parentspanid
X-Th-Server
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Content-Style-Type
Content-Script-Type
X-Swift-Error
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Tag
Ngx
X-Request-URL
X-Dw-Trace-Id
Cneonction
X-Litespeed-Cache-Control