Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Report-To
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
P3p
NEL
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Request-ID
EagleId
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-UA-Device
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Server
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
EagleEye-TraceId
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Accept-CH
X-Device
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
Rating
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Cache-Lookup
Accept-Ch-Lifetime
X-Trace
X-Url
Allow
X-PC
X-Vname
X-Content-Type
X-TtlSet
X-Aws-Lambda-Call-Status
X-Ac
X-Clacks-Overhead
Edge-Control
X-Server-Name
Fastly-Restarts
X-ESI
X-Mod-Pagespeed
Cache-Tag
X-Varnish-TTL
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
Verso
MS-Author-Via
X-Element-Page-Cache
X-Vcap-Request-Id
X-FastCGI-Cache
X-Upstream
X-Amz-Rid
X-MS-InvokeApp
Public-Key-Pins
X-GitHub-Request-Id
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-Abt-Application-Version
X-D2id
X-Cache-TTL
RTSS
X-Cnection
X-Px
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Navigation-Version
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-Country-Code
X-Goog-Hash
X-NF-Request-ID
X-ORACLE-DMS-ECID
X-TTL
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Display
X-Middleton-Display
Pagespeed
X-Sol
AR-PoweredBy
AR-CACHE
AR-SID
AR-ATIME
AR-Request-ID
X-Version
X-CST
X-Powered-CMS
Response
X-Middleton-Response
X-Origin-Cache
X-MSEdge-Ref
X-LLID
Nginx-Cache
TCN
X-Edge-Location-Klb
X-Kinsta-Cache
X-Amz-Server-Side-Encryption
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-RateLimit-Remaining
X-Edge
X-Protected-By
X-T
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-For
X-HP-Trace-Id
X-Shield-Request-Id
X-Jurisdiction
X-HP-Webp
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Edge-Cache-Tag
S
X-Aspnetmvc-Version
X-Language
Content-MD5
SPRequestDuration
SPIisLatency
Front-End-Https
Fastcgi-Cache
X-Mid
X-Ruxit-Js-Agent
Realpath
X-Request-Received
X-Request-Processing-Time
Server-Node
Pinterest-Version
Filters
X-Frontend
Pinterest-Generated-By
X-Pinterest-Rid
X-Recruiting
X-NWS-LOG-UUID
X-Ua-Browser
X-Ab
X-Content
Server-Name
X-Ser
X-Correlation-Id
X-MCACHE
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Cache-Key
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Template
X-DynaTrace
X-Ezoic-Cdn
X-SharePointHealthScore
SPRequestGuid
X-Hits
X-Parallel-Accel
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-ECACHE
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
Charset
X-Page-Id
X-Daa-Tunnel
X-Ttl
Host
Cleartype
X-B3-Sampled
X-Www-Served-By
X-Git-Hash
X-Geo-Country
X-Debug-Info
X-DIS-Request-ID
X-Content-Options
Alternate-Protocol
X-Content-Digest
X-Amzn-Trace-Id
X-Hostname
Accept-Ch
Fusion-Content-Id
Fusion-Template-Id
X-Ratelimit-Limit
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Deployment-Id
Cross-Origin-Opener-Policy
X-ASPNET-VERSION
X-Amz-Replication-Status
X-DataDome
Filterid
X-Grace
X-Varnish-Age
X-FB-Debug
X-F-Cache
ServerID
X-Az
X-Activity-Id
X-AppVersion
X-Accel-Expires
X-Upgrade-Enabled
X-XRDS-LOCATION
X-VCache
X-WebKit-CSP-Report-Only
X-Nginx-Upstream-Cache-Status
X-N
X-Rid
X-Forwarded-Proto
X-Mobile-URL
Access-Control-Allow-Method
X-Origin-Server
X-Type
X-LB-Cache
X-Whom
X-TT
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Is-Crawler
X-Providence-Cookie
X-Goog-Storage-Class
X-Goog-Generation
Viewport
X-Seen-By
X-Distributor
X-App-Environment
X-Aspnet-Duration-Ms
X-Request-Guid
X-Flags
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Route-Name
X-Tb
X-Ratelimit-Reset
X-Fastly-Request-ID
X-Varnish-Grace
Payment
X-Fastly-Request-Id
X-FW-Hash
X-FW-Serve
X-User-Agent
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-FW-Type
Node
Paypal-Debug-Id
DC
X-Server-ID
Country
X-Wix-Request-Id
Accept-Charset
TP-Cache
TP-L2-Cache
X-Fastcgi-Cache
Fastcgi-Useragent
X-App-Server
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Cache-Rule
X-Cache-Control
X-Via-JSL
X-Cluster-Name
X-Litespeed-Cache
X-Drupal-Cache-Tags
X-NGENIX-Cache
X-Webkit-Csp
Version
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Age
X-B-Cache
X-Contextid
X-Signature
X-Buckets
Cache-Status
Referer-Policy
X-Node-Name
X-Logged-In
Refresh
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Origin-Upstream-Status
SD-X-WS
X-Original-Request-Id
X-Mobile
X-Response-Served-From
X-Load-Cache
X-Vgn-Hpd-Reason
X-Cache-Expired-At
X-Real-IP
X-Rendered-As
X-Jobs
X-Is-Bot
X-Proxy-Cache-Status
X-IPLB-Instance
X-Erf-Bev-Bev
X-Cacheable-TTL
Access-Control-Request-Headers
NGB
X-Revision
X-Erf-Bev-Bev-Is-Generated
X-Debug
X-Browser-Type
X-B
X-Varnish-Backend
X-Device-Type
X-Page-View
X-UUID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rule
X-Cache-Action
X-Proxy
X-G
X-Framework
X-RemovedCookies
Surrogate-Key
X-Instance
X-ProcessESI
Akamai-GRN
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Debug-IsPreview
X-Cache-Time
Amp-Access-Control-Allow-Source-Origin
X-FW-Version
SID
X-Accel-Buffering
CF-IPCountry
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Count-Hit
X-Presslabs-Stats
X-Cache-NGX
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
GEO-INFO
Uber-Trace-Id
X-Nginx-Cache
X-Cache-Operation
X-Azure-Ref
X-Ms-Request-Id
X-Ratelimit-Remaining
X-Source
X-Ms-Version
X-RateLimit-Limit
X-PressLabs-Stats
X-APP-VERSION
Protected
X-EdgeConnect-Cache-Status
X-Zen-Fury
X-Trace-Id
Frame-Options
DynaTrace
Liferay-Portal
X-XRDS-Location
WPO-Cache-Message
Ms-Operation-Id
MS-CV
WPO-Cache-Status
X-RTag
X-Cache-Hit
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Servername
X-Cache-TTL-Remaining
Healthy
X-Backend-Name
Ec-Rule-Version
X-Hyper-Cache
X-IPS-LoggedIn
Countrycode
Cross-Origin-Window-Policy
X-CDN-Forward
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Xserver
X-Tumblr-User
X-Mode
X-L-Path
X-Tumblr-Pixel
Content-Disposition
X-Environment-Context
Backend
X-Varnish-Server
X-Adobe-Loc
X-Adobe-Content
X-Detected-As
Meta-Geo
X-Cache-Grace
Url
X-JoinUs
X-RN-RSRV
X-Rewrite-Enabled
X-UPSTREAM-Address
LB
X-SaId
X-Tid
X-Debug-Cache
X-Region
X-Generation-Time
X-Sorting-Hat-ShopId
X-Content-Age
Eomportal-Instance
X-Format
X-Alternate-Cache-Key
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Country-Code
X-Uri
X-Sorting-Hat-PodId
X-Zipkin-Id
Apigw-Requestid
X-Cache-Server
X-Extlb
X-Proxied
X-Redis-Cache
X-ShardId
X-Routing-Service
X-ShopId
X-Shopify-Stage
CDN-EdgeStorageId
Cache-Name
CDN-PullZone
CDN-RequestId
CDN-RequestCountryCode
X-FB-TRIP-ID
CDN-Cache
Retry-After
X-Via-Fastly
X-UA-Device-Type
X-Access
X-ApacheServer
X-Section
X-Site-Version
Mn-Server-Ip
CDN-CachedAt
X-Origin-Date
X-No-Session
X-NCache
X-Microcachable
X-OCL
X-Sql-Count
X-PERF
X-PHP-Backend
X-Status
X-Sql-Duration-Ms
CDN-Uid
X-PCL
X-Human
X-ServerID
X-Hosted-By
X-Forwarded-Host
TWC-GeoIP-Country
X-ProxyCache-Key
TWC-Device-Class
TWC-GeoIP-LatLong
X-Proxy-Build
TWC-Locale-Group
Fastly-SSL
Property-Id
TWC-Connection-Speed
X-Pubstack
X-Say-Cacheable
X-NYM-Debug-Backend
X-Content-Powered-By
X-Akamai-Edgescape
X-Server-W
X-Say-TTL
X-Generated-By
X-Web-Node
X-SayCDN-TTL
X-Storage
X-Cluster-Node
X-Cache-Type
X-Timing-Wait
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Varnish-Beresp-Grace
X-ProxyCache-Status
X-Cache-Host
X-BYPASS-REASON
X-Origin-Hint
TWC-Privacy
Selected-Fe
Cache-Tv-Group
X-Varnishpool
X-Soup
X-R9-Blue-Green-Version
X-Be
X-Hl-Ver
Azure-RegionName
Azure-InstanceId
Content-Secure-Policy
Azure-SiteName
Section-Io-Cache
Azure-SlotName
X-Nginx-Cache-Key
Azure-Version
X-NewRelic-App-Data
X-Ua
X-TIME
X-LSADC-Cache
X-Unique-Id
X-Cache-Remote
DB-Nickname
X-Webkit-CSP
X-Dc
X-Cached-By
X-Bc-Bl
X-Azure-Ref-OriginShield
X-Platform-Server
X-Akamai-Transformed
X-Xfnlog-Site
X-TT-LOGID
Source
X-Auto-Login
OT-Force-Account-Verify
Cache
Upgrade-Insecure-Requests
From-Origin
ServedBy
X-Cache-Tags
X-LAGOON
Xet-Cookie
X-GEO
SRV
HostName
X-Varnish-Cache-Hits
X-Origin-TTL
X-AOL-HN
X-ECache
X-Request-Time
X-Origin-CC
X-Varnish-Ttl
X-NWS-UUID-VERIFY
X-CSRF-Token
X-Cdn
X-Varnish-Hits
Cache-Hits
X-Request-Host
Mime-Version
X-Varnish-Hostname
X-TNCMS
WP-Super-Cache
Onion-Location
X-Loop
Webserver
X-S-Maxage
X-App-Version
X-HTML-Minification-Powered-By
X-EC-Lua
X-Time
X-Cache-Enabled
X-SRV
X-FireWall-Port
Web-Mar-Node
X-Akamai-Request-ID2
X-Tumblr-Pixel-3
S-Rt
X-Handled-By
X-Tumblr-Pixel-2
X-Http-Reason
N-Cache
X-Endurance-Cache-Level
AMP-Access-Control-Allow-Source-Origin
X-RCS-CacheZone
X-Reqid
X-Adobe-Source
X-Tenant
X-Origin-Response-Time
X-B3-SpanId
X-Proto
V-Age
Surrogated-Key
User-Cache-Control
Sslversion
Rendered-Blocks
X-Vtex-Processado-Em
Expiry
DCR-Decision-By
Xc-Version
BehaviorPad-Version
A
Server-Info
X-Mg-Request-UUID
DCR-Processing-Time-Ms
Vix-Hermes-Req-Id
Odigeo-Trace-Id
Pramga
Mobile-Detection-Method
Meta-Geo-Continent
Fastcgi-X-Cache-Version
X-Vtex-Remote-Cache
Redirect-Candidate
X-Backend-TTL
X-ND-Cache
X-NAPM-TraceId
X-TIM-N
X-Orig-Expires
X-PAYTM-SRV-ID
X-V-Cache
X-Ig-Push-State
X-Gen-Mode
X-GG-Cache-Date
X-Hnp-Log
X-Vdms-Path
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-S-Cookie
X-Slack-Backend
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-S
X-Rojux
X-SRCache-Key
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Processor
X-Ftr-Request-Id
X-Forwarded-Path
X-ARC
X-Application
X-B-Cookie
X-Shop-Environment
X-Block-Status
X-Aed
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Cache-NE
X-CF-Lambda-Fn
X-Destination
X-D
X-Developer
X-Epic-Correlation-Id
X-External-Request-Id
X-Vdms-Version
X-VG-WebCache
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cluster
X-Conf
X-A
X-Connection-Hash
X-VWS-Id
X-Amz-Meta-S3cmd-Attrs
X-AWS-Id
Nel
X-Correlation-ID
X-LJ-Flow-ID
X-Magnolia-Registration
X-Locale
X-Edge-Location
X-Time-Microsecs
X-MP-GENERATED-AT
X-Aicache-OS
X-Server-IP
Origin-CC
Origin-EX
Origin
X-Men
X-SVT-ORM-VERSION
X-Cache-Bucket
X-Cache-Date
X-SVT-ORM-RULES
Gh-Request-Id
X-Mvc-Supplant-Cachable
X-Location
Host-ID
X-NodeID
X-Nyt-Route
State
Wxu-Next-Hostname
X-Proxy-Upstream
Svr
Wxu-Next-Commit
True-Client-Country-4JS
Traceparent
X-Policy
Wxu-Next-Region
X-Origin-Time
DSUID
X-Rocket-Nginx-Serving-Static
X-Scheme
X-Old-Content-Length
X-Request-URI
X-Origin-Expires
X-Origin
X-Fastly-Cache
X-Accel-Expires-Debug
Fastcgi-Cache-TTL
Apple-News-Services-Host
AKAMAI
X-Cdn-Srv
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Webstats-RespID
Arc-Country
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Device-Os
X-Forwarded-Site
X-Fetched-On
X-Gdpr
X-Date
X-Geo-Header
X-Core-Mission
CacheControlHeader
Apple-News-Services-Handled
Cmsid
X-Viewer-Country
CDCHOST
Cmstype
X-Cache-Info
X-Hash
X-VG-TLSProxy
X-Via-NSCOPI
Environment
CloudFront-Viewer-Country
X-HS-Content-Campaign-Id
X-Gamma-Serve
X-Esi-Check
X-Eu-Site
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Developers
X-Envoy-Decorator-Operation
X-Owner
Web-Mar-Region
X-Datadog-Parent-Id
X-PHP-Host
X-Cache-Debug
X-HN
We-Hiring
X-Generated-On
X-Gzip
X-Node-Id
X-Level-Front-Cache
X-BBC-Edge-Cache-Status
X-ATG-Version
X-LI-UUID
X-Li-Fabric
X-Labrador-Cache-Channel
X-Irp-Debug
X-GeoIP
X-Li-Pop
X-Core-Value
X-GeoIP-City
X-CGP
X-Cache-Id
X-Branch-Name
X-Csrf-Jwt
Req-Svc-Chain
X-Sucuri-Cache
HA-Ipaddr
Ha-Gx-Prefs
X-Sucuri-ID
L
L5d-Success-Class
X-Storefront-Renderer-Rendered
Machine
Locid
Fastly-GeoIP-CountryCode
X-Platform
X-Cdn-Origin
X-Fastly-Backend
X-Restarts
X-Sn-Servicetimems
X-VServer
X-VarnishDD-TTL
X-Thinkindot-L3
X-TrackingId
X-UnsetCookies
Mail-Subject
X-TH-Server
Ssr
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Amz-Apigw-Id
X-Region-Sid
Server-Host
X-Amzn-RequestId
X-Sigma
X-Sigma-Backend
X-Skip-Cache
X-Served-From
PFcat
X-Req
Release
X-Rocket-Build-Number
Accept-Language
X-Zone
X-Response-By
X-Qloud-Router
X-Loc
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Worker
X-JWT-State
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
Is-Eu
Fastly-SIE
Fastly-SWR
Cf-Device-Type
Adler-Geo
X-Varnish-Beresp-Status
Platform
X-DefElseHash
X-Has-Esi
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
X-DefHash
X-Is-Gdpr
X-Pod-Name
X-Varnish-Beresp-Ttl
NM-Fastcgi-Cache
Memcached
X-Amzn-Remapped-Content-Length
Fastly-Drupal-Html
X-Xrds-Location
X-DW
X-DSS
X-RPM
X-Cache-Backend
X-DI
X-RPS
X-Action
NGX
Magicmarker
X-NU-AKA-ACS-Version
X-VC-Cache
X-Cache-Var
X-Backend-State
X-Cache-Var-Map
X-DB
X-RSL
X-Ua-Device
X-TraceId
X-Srv
Edge-Cache
X-LB-ID
X-CS
Kp-EeAlive
X-Wix-Viewer-Type
X-Up
X-NC
X-CACHE-KEY
X-Tx-Id
X-Minions-Version
X-Request-Start
X-Generated-In
X-Optimistic-Header
X-API-Version
X-Mvc-Supplant-OutputCached
CDN
X-CacheTTL
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Tb-Optimization-Total-Bytes-Saved
Ms-Author-Via
X-Thanos
Pics-Label
Memory
Time
X-Trace-ID
X-LB-NoCache
X-Bip
X-Tt-Logid
X-M-Reqid
X-M-Log
X-Qnm-Cache
X-Refresh
X-Edge-Pop
Env
X-Via-Popn
X-Via-Popv
X-Via-Poph
WebServer
X-HA-Backend
X-Cache-Config
X-TA-CDN-Provider
GeoIp-Country-Code
X-User
X-Ec-GeoHdr
X-Ec-Fail
X-Parent-Response-Time
X-DC
X-TX-ID
Server-ID
Candidate-Md5Url
Datacenter
X-Cs
X-Servedbyhost
X-Esi
NtCoent-Length
X-DynaTrace-JS-Agent
X-MSEdge-Features
Cdnsip
Cdncip
X-MSEdge-Flight
X-ZONE
X-AK-Request-ID
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
X-Clara-WADP
X-Fmm-Version
X-WADP-Cache
X-Vc
On-Server
Cluster
WWW-Authenticate
My-App
X-Varnish-Beresp-TTL
X-Pass-Why
X-Datadome
DataCenter
Tracecode
X-CUA
Geoip-Latitude
Esi-Enabled
X-VC
X-Fpc
X-App
T-Server
X-Cache-Ttl
X-From
X-Traceid
X-VCL-Version
X-Li-Proto
X-Var-Ttl
Lfy
X-B3-Spanid
X-URL
X-Fragments
X-FPC
Lang
X-LI-Proto
X-Service
X-Webkit-Csp-Report-Only
X-Vcl-Version
C-Via
Geo-Info
X-Unique-ID
X-Cache-PHP
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
X-Newrelic-Synthetics
Proxy-Connection
Target-Params
X-Webkit-CSP-Report-Only
X-NODE
X-Provided-By
Test
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Mcache
X-Render-Time
Resin-Trace
M-TraceId
X-Cache-Status-Check
X-RAMCache
Server-Id
X-LiteSpeed-Cache-Control
MIME-Version
Permissions-Policy
X-CSRF-TOKEN
X-Geo
X-ID
WZWS-RAY
Servername
X-Proxy-Cache-Info
X-Ha-Backend
X-Httpd
X-ServedByHost
Hostname
X-Cdn-Forward
X-Api-Version
X-SB
FSS-Cache
X-Clientip
GeoIP-Country-Code
Producers
Hit
X-Udemy-Cache-App-Namespace
X-Dynatrace-Js-Agent
X-Pad
X-Via-PopV
X-Edge-POP
X-Platform-Router
X-Platform-Processor
ENV
X-Via-PopN
X-Platform-Cluster
X-Via-PopH
X-Pool
X-Oracle-DMS-ECID
X-Oss-Server-Time
X-Fastly-Backend-Reqs
X-Ec-Custom-Error
X-Oss-Request-Id
X-Oss-Object-Type
HIT
X-Oss-Hash-Crc64ecma
X-NGINX-Cache
X-Scale
X-LiteSpeed-Tag
Cache-Host
X-Oss-Storage-Class
UCS
X-Edge-Cache
X-Info
MD5-Digest
X-Ucs
X-ElasticPress-Query
S-Cnection
X-Lb-Nocache
X-HS-Status
X-AIR-PT
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
Cneonction
Section-Io-Id
PICS-Label
X-Dispatcher-Number
IsBot
ServerName
X-Cache-CFC
Server-Ext
Server-Hostname
X-UP
Cf-Ipcountry
X-Via-Ucdn
Uri
X-Cache-Expires
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Check-Cacheable
X-SIPLIST1
X-Acquia-Site
X-GoCache-CacheStatus
X-Acquia-Application-UUID
URI
Sever-Int
X-BBC-Origin-Response-Status
X-Cms-Context
Ohc-File-Size
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Tcn
Server-Ttl
X-Cdn-Request-ID
X-Nc
Cteonnt-Length
User-Agent
X-Release
Fastly-Backend-Name
X-RateLimit-Reset
X-Fastly-Cache-Hits
X-Snapshot-Date
X-Swift-Error
X-Micro-Cache
X-Lb-Id
X-Dw-Trace-Id
X-Wikidot-Static-Cache
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Wikidot-Backend
X-Vcache
Wpo-Cache-Status
Wpo-Cache-Message
X-Yottaa-OS
Ngx
CF-Cached-On
Vha6-Origin
X-Backend-Host
X-B3-ParentSpanId
X-Newrelic-App-Data
Sid
X-HostName
X-ServerName
Load-Balancing
X-Air-Pt
X-Cache-Ngx
Inserted-Into-Cache-At
X-Fetch-By
X-IN-APIGATEWAY
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL
X-Shopify-Generated-Cart-Token
X-B3-Parentspanid
X-APP
Shield-Pop
X-Logging-Id
X-CacheKey
X-UA
EpKe-Alive
X-Varnish-Authentication
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Akamai-Pragma-Client-IP
Req-ID
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
X-Last-Modified
X-Http-Count
X-Contensis-Viewer-Groups
CountryCode
X-BCube-Filmed-By
X-Cache-ASPX
X-Sentry-ID
X-Akamai-Request-ID