Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
X-Akamai-Path-Stats
X-Dns-Prefetch-Control
Grace
X-Rq
X-Server-Powered-By
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Pingback
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Server-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
Accept-CH-Lifetime
X-Url
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-MS-InvokeApp
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Rack-Cache
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-Server-Name
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-ESI
X-Content-Type
Accept-Ch
Cache-Tag
X-B3-TraceId
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cnection
X-Px
X-Ac
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
X-Edge
X-Powered-By-Plesk
Display
X-Cache-TTL
X-Sol
Pagespeed
X-Middleton-Display
X-Ser
X-Version
Service-Worker-Allowed
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Goog-Hash
X-FastCGI-Cache
Access-Control-Request-Method
X-Correlation-Id
X-Ruxit-Js-Agent
SPRequestDuration
SPIisLatency
X-Kinsta-Cache
X-Webkit-Csp
X-TTL
X-Edge-Location-Klb
AR-PoweredBy
AR-CACHE
AR-Request-ID
AR-ATIME
AR-SID
X-Ttl
X-Upstream
X-Cached
X-NWS-LOG-UUID
X-RateLimit-Limit
X-LLID
X-Powered-CMS
SPRequestGuid
X-SharePointHealthScore
X-Instrumentation
X-Kraken-Loop-Name
X-Cache-Key
X-Server-Lifecycle-Phase
Edge-Cache-Tag
X-Litespeed-Cache
Nginx-Cache
TCN
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-MSEdge-Ref
Content-MD5
MRF-Tech
Mrf-Cache-Status
X-Id
X-Shield-Request-Id
X-Server-ID
X-B3-TraceId-Primal
X-Daa-Tunnel
X-T
MS-Author-Via
X-Recruiting
S
X-Content-Digest
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ua-Device
X-Mg-S
X-DataDome
X-Protected-By
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-Ab
X-Grace
X-Content
X-Frontend
X-Ua-Browser
X-ECACHE
Server-Node
Front-End-Https
X-Request-Processing-Time
X-Request-Received
X-Yandex-Sdch-Disable
Filters
X-DynaTrace
X-PressLabs-Stats
X-Mid
Fastcgi-Cache
TP-Cache
TP-L2-Cache
X-Origin-Server
X-Geo-Country
X-Hits
X-Distributor
X-Debug-Info
X-ORACLE-DMS-ECID
X-Microsite
X-Request-Handler-Origin-Region
X-Amzn-Trace-Id
X-Tt-Trace-Tag
Cross-Origin-Opener-Policy
Charset
X-Tt-Trace-Host
Cleartype
X-Git-Hash
X-ORACLE-DMS-RID
X-F-Cache
Host
X-WebKit-CSP-Report-Only
X-Page-Id
X-DIS-Request-ID
X-B3-Sampled
X-Pinterest-Rid
Pinterest-Generated-By
X-LB-Cache
Pinterest-Version
X-Ratelimit-Reset
X-Www-Served-By
X-Cache-Age
X-Forwarded-Proto
Access-Control-Allow-Method
ServerID
X-Seen-By
Cache-Status
X-AppVersion
X-Az
X-Activity-Id
X-Cluster-Name
Cache-Tags
X-Aspnetmvc-Version
X-Varnish-Age
Accept-Charset
X-Language
X-Oracle-Dms-Ecid
Realpath
X-Oracle-Dms-Rid
Filterid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Rid
X-MCACHE
X-Nginx-Upstream-Cache-Status
X-Type
X-Content-Options
Server-Name
X-Fastcgi-Cache
X-App-Environment
Country
X-Tb
Node
Retry-After
X-Fastly-Request-ID
Viewport
X-Upgrade-Enabled
X-Varnish-Grace
X-Whom
X-User-Agent
X-FB-Debug
X-B-Cache
X-Mobile-URL
X-Signature
X-NWS-UUID-VERIFY
X-Origin-Cache
X-Request-Guid
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
DC
X-Aspnet-Duration-Ms
X-Goog-Metageneration
X-Goog-Generation
X-Flags
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-Goog-Stored-Content-Length
Paypal-Debug-Id
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-GUploader-UploadID
X-TT
X-Varnish-Backend
X-VCache
Protected
Fastcgi-Useragent
X-XRDS-LOCATION
X-Via-JSL
X-B
X-N
X-Debug
X-Amz-Replication-Status
X-Cache-NGX
X-Logged-In
X-Contextid
Payment
X-Mcache
WPO-Cache-Status
WPO-Cache-Message
X-Load-Cache
X-Template
Surrogate-Key
X-Fastly-Request-Id
X-Amz-Meta-S3cmd-Attrs
Amp-Access-Control-Allow-Source-Origin
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-Cache-Control
Count-Hit
X-FW-Server
X-FW-Serve
X-FW-Static
X-Node-Name
Healthy
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Hostname
Permissions-Policy
X-XRDS-Location
X-Response-Served-From
X-G
X-Original-Request-Id
SD-X-WS
X-UUID
X-Jobs
X-Proxy
X-Revision
X-Mobile
Refresh
Akamai-GRN
Content-Disposition
X-Cache-Time
X-Real-IP
X-Cache-TTL-Remaining
X-Trace-Id
X-Cacheable-TTL
X-Rendered-As
X-Akamai-Request-ID2
X-Is-Bot
X-Zen-Fury
Uber-Trace-Id
X-Framework
X-Proxy-Cache-Status
Access-Control-Request-Headers
X-Adobe-Content
X-Http-Reason
X-Adobe-Loc
X-Page-View
X-Debug-IsPreview
NGB
X-Device-Type
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Yottaa-Optimizations
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Instance
X-Yottaa-Metrics
Alternate-Protocol
Url
X-Servername
X-IPLB-Instance
X-Cache-Grace
X-ECache
Version
X-Cache-Rule
X-Source
X-B3-Traceid
X-Varnish-Server
X-Mg-Request-UUID
From-Origin
X-Restarts
X-L-Path
X-Environment-Context
X-Vgn-Hpd-Reason
X-NGENIX-Cache
X-Oneagent-Js-Injection
X-Parallel-Accel
X-Cache-Hit
X-EdgeConnect-Cache-Status
Accept-Language
X-Cache-Expired-At
Countrycode
MS-CV
X-RTag
Ms-Operation-Id
Referer-Policy
X-HTML-Minification-Powered-By
X-App-Server
Frame-Options
Backend
X-FW-Version
X-Tumblr-Pixel-1
X-Tumblr-User
X-NYM-Debug-Backend
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Cross-Origin-Window-Policy
Liferay-Portal
X-IPS-LoggedIn
X-COUNTRY
X-Cache-Action
X-Nginx-Cache
Content-Secure-Policy
X-RemovedCookies
X-ProcessESI
WP-Super-Cache
CF-IPCountry
X-Datadome
Upgrade-Insecure-Requests
Section-Io-Cache
X-Cache-Server
X-Redis-Cache
Cache-Tv-Group
X-RN-RSRV
X-UPSTREAM-Address
Meta-Geo
X-Varnish-Cache-Hits
X-Webkit-CSP
X-Generation-Time
X-Section
X-FB-TRIP-ID
X-Access
X-Ua
Ec-Rule-Version
X-UA-Device-Type
Azure-Version
Azure-SlotName
X-Content-Age
X-Format
Azure-SiteName
Azure-RegionName
X-SayCDN-TTL
X-Web-Node
Azure-InstanceId
X-Human
X-PCL
X-Hosted-By
X-APP-VERSION
X-Cache-Type
X-AOL-HN
X-Region
X-OCL
X-No-Session
X-Say-TTL
X-Detected-As
X-Request-Time
X-Say-Cacheable
X-Cache-Enabled
Fastly-SSL
X-Content-Powered-By
Locale
X-Storage
X-BYPASS-REASON
X-Cluster-Node
Apigw-Requestid
X-Sql-Count
X-PHP-Backend
X-Origin-Hint
X-ProxyCache-Key
X-ProxyCache-Status
TWC-Locale-Group
TWC-Privacy
X-Origin-Date
Webcakes-Region
X-Akamai-Edgescape
Webcakes-App-Version
X-Nginx-Cache-Key
Webcakes-App-Name
X-Via-Fastly
TWC-GeoIP-LatLong
X-Urbn-Site-Id
S-Rt
Property-Id
Mn-Server-Ip
X-Urbn-Context-Path
X-Be
X-Generated-By
X-Server-W
TWC-GeoIP-Country
X-Site-Version
TWC-Device-Class
X-Uri
X-Sql-Duration-Ms
TWC-Connection-Speed
X-Mode
X-Unique-Id
X-Midtier
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Platform-Server
X-PERF
X-Forwarded-Host
CDN-Cache
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestId
CDN-RequestCountryCode
X-ShopId
X-ShardId
X-Xfnlog-Site
X-Ratelimit-Remaining
X-ApacheServer
X-Adobe-Source
X-Hyper-Cache
Eomportal-Instance
CDN-CachedAt
X-Cache-Host
X-Alternate-Cache-Key
CDN-Uid
X-Status
X-Debug-Cache
X-Cache-Tags
X-Backend-Name
X-Extlb
X-Proxied
X-ServerID
X-Tid
X-Varnishpool
X-Zipkin-Id
X-Handled-By
Webserver
X-Hl-Ver
X-SaId
X-JoinUs
X-NewRelic-App-Data
X-Routing-Service
X-PHP-Host
X-Locale
X-GG-Cache-Date
X-Labrador-Cache-Channel
X-Rule
X-Timing-Wait
X-Proxy-Build
Selected-Fe
X-TT-LOGID
X-AWS-Id
X-LJ-Flow-ID
ServedBy
X-VWS-Id
X-Cache-Operation
X-VC-Cache
X-Edge-Location
X-Cms-Context
X-Storefront-Renderer-Rendered
X-LSADC-Cache
X-Cache-Remote
X-Accel-Buffering
X-Soup
X-App-Version
X-Cached-By
X-Rewrite-Enabled
SID
X-Proto
Web-Mar-Node
SRV
Mime-Version
X-Dc
Fastly-Drupal-Html
X-CDN-Forward
X-GEO
Load-Balancing
Xserver
Onion-Location
X-GeoCountry
X-GeoCode
X-TA-CDN-Provider
X-Pubstack
X-Cdn
X-Varnish-Hostname
X-Reqid
Country-Code
X-Buckets
Cache-Hits
X-Microcachable
X-Request-Host
X-Origin-CC
X-Origin-TTL
Decoy-Debug-Status
X-Cluster
LB
Decoy-Debug-Key
Decoy-Debug-TTL
X-Ratelimit-Limit
Server-Info
X-Varnish-Hits
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-Ms-Version
X-CSRF-Token
X-Ms-Request-Id
X-Envoy-Decorator-Operation
X-Magnolia-Registration
Xet-Cookie
X-Time
X-Air-Hostname
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-SpanId
X-NCache
X-Air-Source
X-Air-Trace-Id
Cache
X-SRV
X-Bc-Bl
X-Tx-Id
DynaTrace
DB-Nickname
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Forwarded-Path
X-Origin-Response-Time
X-Connection-Hash
X-Gzip
X-Orig-Expires
X-Core-Mission
X-From
X-Ec-Custom-Error
Expiry
X-Conf
X-External-Request-Id
X-Esi-Check
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Ec-Fail
X-Fetched-On
DCR-Processing-Time-Ms
Fastly-GeoIP-CountryCode
X-ARC
Fastcgi-X-Cache-Version
X-NAPM-TraceId
X-Ig-Push-State
Odigeo-Trace-Id
MD5-Digest
X-Device-Os
BehaviorPad-Version
X-HS-Content-Campaign-Id
Meta-Geo-Continent
X-Hash
X-Geo-Header
A
Mobile-Detection-Method
NM-Fastcgi-Cache
Cdncip
Cdnsip
X-Destination
Cmstype
DCR-Decision-By
Rendered-Blocks
X-Developer
Cmsid
X-D
Lang
X-Ftr-Request-Id
Pramga
X-Vdms-Path
X-Node-Id
Sslversion
X-A-Ccd
X-Vtex-Remote-Cache
X-A
X-Sigma-Backend
X-Cache-NE
X-A-Dam
X-SVT-ORM-RULES
X-SRCache-Key
X-A-Dgt
X-A-Dcw
X-Cache-Info
X-Rocket-Build-Number
X-Shop-Environment
X-Session-Fingerprint
X-PAYTM-SRV-ID
X-SD-PageType
X-S-Cookie
X-Vtex-Processado-Em
X-Cache-Id
X-Rojux
X-S
X-Sigma
X-Webstats-RespID
X-SVT-ORM-VERSION
X-Aed
Host-ID
X-B-Cookie
Surrogated-Key
X-User
X-CF-Lambda-Version
X-AK-Request-ID
X-PBS-Appsvrname
X-Vdms-Version
X-Application
Xc-Version
X-CF-Lambda-Fn
T-Server
X-Cdn-Srv
X-A-Wwc
X-Tenant
X-VG-WebCache
X-TIM-N
X-Cache-Bucket
X-Processor
X-ScT
X-TrackingId
X-Varnish-Beresp-Grace
Cache-Name
Source
X-ZONE
X-Varnish-Ttl
X-R9-Blue-Green-Version
Req-Svc-Chain
X-Core-Value
L
TDXMobile
Thinkindot-CacheControl-Type
Release
Thinkindot-CacheControl
X-Cache-Backend
X-Block-Status
Is-Eu
X-Amzn-Remapped-Content-Length
Server-Host
X-Clara-WADP
X-Ckpd-Fst-Backend
Ssr
Thinkindot-Control
X-BBC-Edge-Cache-Status
State
Kp-EeAlive
Producers
We-Hiring
X-DefElseHash
Origin
Origin-CC
Web-Mar-Region
X-Cache-Date
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
Origin-EX
X-Developers
Machine
X-Dispatcher-Number
X-CacheTTL
X-DefHash
Platform
Traceparent
Memcached
User-Cache-Control
Mail-Subject
X-DPWN-IS-SECURE
X-Location
X-Wix-Viewer-Type
X-Worker
X-Pool
X-WADP-Cache
X-SB
X-Rocket-Nginx-Serving-Static
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-NodeID
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Origin
X-Origin-Time
X-Origin-Expires
X-Scheme
X-VServer
X-Variation
X-V-Cache
X-VG-TLSProxy
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Azure-Ref
X-TNCMS
X-Server-IP
X-Served-From
X-Skip-Cache
X-Slack-Backend
X-Thinkindot-L3
X-Loop
X-Planisys-CDN-Rules
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Gen-Mode
X-Gdpr
Apple-News-Services-Handled
X-Has-Esi
X-GeoIP
Adler-Geo
AKAMAI
X-Loc
X-Irp-Debug
X-Hnp-Log
Environment
X-Fmm-Version
X-LAGOON
X-Fastly-Cache
CloudFront-Viewer-Country
X-JWT-State
X-Is-Gdpr
X-Auto-Login
X-GeoIP-City
X-Gamma-Serve
X-VarnishDD-TTL
X-Generated-On
X-Viewer-Country
X-Via-NSCOPI
X-Branch-Name
X-SIPLIST1
X-Forwarded-Site
X-Sn-Servicetimems
X-Rebelmouse-Cache-Control
X-Via-Ucdn
X-Eu-Site
X-CGP
X-Httpd
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Minions-Version
X-Level-Front-Cache
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Platform
X-Pod-Name
X-RateLimit-Remaining-Second
X-Cdn-Origin
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-RateLimit-Limit-Second
X-Qloud-Router
X-Policy
X-HN
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Request-URI
X-Aicache-OS
Cluster
Redirect-Candidate
DSUID
PFcat
CDCHOST
CDN
Locid
Server-Hostname
Server-Ext
Fastcgi-Cache-TTL
Fastly-SIE
HA-Ipaddr
IsBot
L5d-Success-Class
Ha-Gx-Prefs
N-Cache
Fastly-SWR
Gh-Request-Id
NGX
Svr
Sever-Int
X-Xrds-Location
V-Age
Vix-Hermes-Req-Id
X-Srv
HostName
X-IPLB-Request-ID
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Arc-Country
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Optimistic-Header
X-Scale
X-Men
Ohc-File-Size
X-VC
X-Parent-Response-Time
X-Owner
X-CS
X-Response-By
X-Newrelic-Synthetics
X-EC-Lua
X-Old-Content-Length
X-Refresh
Pics-Label
X-Udemy-Cache-App-Namespace
Datacenter
Candidate-Md5Url
X-Ad-Defer-Variation
X-NC
X-Tb-Optimization-Total-Bytes-Saved
X-LB-NoCache
X-BCube-Filmed-By
X-Ah-Environment
Cache-Key
X-RPS
X-RSL
X-Tt-Logid
X-RPM
X-Wikidot-Backend
Env
X-Wikidot-Static-Cache
X-TraceId
Servername
X-DI
X-DB
X-DSS
X-DW
Ms-Author-Via
AMP-Access-Control-Allow-Source-Origin
CPC-Age
X-Contensis-Viewer-Groups
X-Cache-ASPX
CPC-Cache
VNS-Age
XM
VNS-Cache
X-Mvc-Supplant-OutputCached
X-Date
Memory
X-Accel-Expires-Debug
X-Edge-Pop
X-SplitTest
GEO-INFO
Time
X-RateLimit-Reset
X-Akamai-Transformed
X-Amz-Meta-Cb-Modifiedtime
Fastly-Backend-Name
X-Varnish-Authentication
X-Cache-Status-Check
X-Generated-In
X-WA-Info
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-TIME
Path
X-Micro-Cache
X-Via-Popn
X-Via-Popv
X-Via-Poph
X-Cache-Debug
X-Servedbyhost
X-CACHE-KEY
X-AIR-PT
X-HA-Backend
Lb
ITXSESSIONID
X-API-Version
GeoIp-Country-Code
X-S-Maxage
Fusion-Content-Id
Fusion-Component-Id
Ohc-Cache-HIT
Fusion-Source
Geo-Info
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-DC
CacheControlHeader
X-VCL-Version
Cache-Host
Client
X-Vc
Server-ID
True-Client-Country-4JS
X-Action
Geoip-Latitude
Ngx.Var.Host
FSS-Cache
X-TH-Server
X-Cs
X-VHOST
X-Trace-ID
True-Client-IP
X-Varnish-Beresp-TTL
X-Backend-TTL
X-Api-Version
X-Proxy-CacheRZ
XkeyRZ
X-Presslabs-Stats
Hostname
X-Clientip
X-FireWall-Port
X-Fpc
Edge-Cache
X-Req
My-App
X-Webkit-Csp-Report-Only
Powered-By
X-Provided-By
X-TX-ID
X-Zone
X-B3-Spanid
X-PX
X-Traceid
X-Pass-Why
X-Origin-Upstream-Status
X-Varnish-Beresp-Ttl
X-MSEdge-Flight
NtCoent-Length
X-Up
X-Dmc
X-MSEdge-Features
X-FPC
Test
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-CSRF-TOKEN
X-LB-ID
X-Render-Time
X-Cdn-Request-ID
X-INCAP-ABP
X-HS-Status
X-Correlation-ID
X-Beluga-Record
X-Beluga-Status
DataCenter
C-Via
Server-Id
User-Agent
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-Beluga-Trace
Rip
X-Beluga-Node
X-Webkit-CSP-Report-Only
X-Li-Pop
X-Gateway-Cache-Key
X-Li-Fabric
X-Gateway-Cache-Status
X-Gateway-Request-Id
Click-Count-Error
Click-Count-Action-Start
Tube-Return
Tube-Got-Eval
Proxy-Connection
X-LI-UUID
X-Gateway-Skip-Cache
Tube-Got-Results
Srvid
OT-Force-Account-Verify
Tube-Get-Contents
X-Service
X-Vcl-Version
X-UnsetCookies
X-TRACE-ID
X-M-Reqid
X-Alfa-Service
X-URL
WZWS-RAY
GeoIP-Latitude
Uri
GeoIP-Country-Code
X-Qnm-Cache
X-Via-PopH
Esi-Enabled
X-DynaTrace-JS-Agent
X-M-Log
X-Ha-Backend
X-Via-PopV
X-Via-PopN
X-ND-Cache
X-RAMCache
X-Time-Microsecs
HIT
X-Dynatrace
On-Server
Sid
Resin-Trace
X-ServedByHost
X-CUA
X-Akamai-Pragma-Client-IP
MIME-Version
X-Check-Cacheable
X-Geo
X-CCDN-CacheTTL
Cf-Device-Type
X-Fragments
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Epwk-X-Cache
X-Proxy-Cache-Hk
X-ATG-Version
Target-Params
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-LI-Proto
X-Fetch-By
Tracecode
Srv
Fastly-Drupal-HTML
X-Cdn-Forward
Cdn
Lfy
X-Fastly-Backend-Reqs
X-Sucuri-ID
X-Backend-Host
X-Fastly-Backend
X-Var-Ttl
X-APP
X-FC-Vary-Parameters
X-Sucuri-Cache
X-Azure-Ref-OriginShield
Tcn
X-Esi
Section-Io-Origin-Status
X-Varnish-Beresp-Status
ENV
Section-Io-Id
X-Edge-POP
X-App
X-Lb-Nocache
ServerName
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-B3-Traceid-Primal
X-Cache-Expires
XServer
X-LiteSpeed-Cache-Control
X-Srcache-Store-Status
X-MG-S
X-Srcache-Fetch-Status
X-ElasticPress-Query
PICS-Label
X-Newrelic-App-Data
X-NU-AKA-ACS-Version
X-Yottaa-OS
CF-Cached-On
X-Nc
Inserted-Into-Cache-At
Magicmarker
X-Li-Proto
X-Backend-State
X-HostName
Wpo-Cache-Status
WebServer
X-Edge-Origin-Shield-Region
X-Iplb-Request-Id
X-Vcache
X-Edge-Origin-Shield-Bytes
Wpo-Cache-Message
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Iplb-Instance
X-Acquia-Site
M-TraceId
X-Acquia-Application-UUID
Cf-Ipcountry
Server-Ttl
X-CF-Powered-By
X-Serial
X-Dw-Trace-Id
D-Url-Rewrites
Warning
Servedby
Content-Script-Type
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Content-Style-Type
X-B3-Parentspanid
X-Release
True-Client-Ip
X-Vercel-Id
X-Vercel-Cache
X-Back
X-BBC-Origin-Response-Status
X-Th-Server
X-Snapshot-Date
X-Storefront-Renderer-Verified
CountryCode
Ngx
X-Litespeed-Cache-Control
Cneonction
X-Request-Start
X-Request-Url
X-Cache-CFC
Fastcgi-Cache-Ttl
X-Request-URL
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Dist-Code