Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Request-ID
P3p
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Hacker
X-Backend
X-UA-Device
X-Robots-Tag
Report-To
X-Amz-Request-Id
X-LiteSpeed-Cache
Host-Header
X-Server
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
X-Amz-Version-Id
EagleEye-TraceId
X-Device
X-Dispatcher
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Server-Id
X-Host
X-Backend-Server
X-Node
Cf-Railgun
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
X-Language
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
X-Ruxit-JS-Agent
X-Template
X-Application-Context
Rating
X-Ua-Compatible
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
X-Cache-Lookup
Accept-CH-Lifetime
X-Ac
X-Buckets
Allow
X-Url
X-Content-Type
X-Trace
X-Vname
X-TtlSet
X-PC
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-Varnish-TTL
X-FastCGI-Cache
X-ESI
Cache-Tag
Fastly-Restarts
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Server-Name
X-Element-Page-Cache
Verso
X-GitHub-Request-Id
X-MS-InvokeApp
X-Upstream
X-Amz-Rid
X-Vcap-Request-Id
X-Dw-Request-Base-Id
Public-Key-Pins
MS-Author-Via
X-D2id
X-Client-IP
X-Abt-Application-Version
X-Cached
X-Origin-Cache
X-Cache-TTL
Arr-Disable-Session-Affinity
Accept-Ch
X-Country-Code
X-ORACLE-DMS-RID
X-Powered-By-Plesk
X-ORACLE-DMS-ECID
X-Px
X-Goog-Hash
X-Cnection
X-Navigation-Version
Access-Control-Request-Method
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Version
X-NF-Request-ID
X-Aws-Lambda-Call-Status
X-Amz-Server-Side-Encryption
RTSS
X-Powered-CMS
X-Sol
Pagespeed
Display
X-Middleton-Display
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Response
X-Middleton-Response
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-MSEdge-Ref
X-LLID
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-CST
Nginx-Cache
X-Shield-Request-Id
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
S
Content-MD5
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
AR-CACHE
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-T
X-TTL
X-Protected-By
X-Forwarded-For
X-Content-Security-Policy-Report-Only
TCN
X-Aspnetmvc-Version
X-Id
X-Mg-S
X-Mid
X-MCACHE
Fastcgi-Cache
Realpath
Front-End-Https
X-Parallel-Accel
SPIisLatency
SPRequestDuration
X-RateLimit-Remaining
Edge-Cache-Tag
X-Recruiting
X-Ttl
X-Request-Received
X-Request-Processing-Time
Filters
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
Server-Node
X-Content
X-Ab
X-Ua-Browser
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace
X-Ezoic-Cdn
X-Correlation-Id
Alternate-Protocol
Server-Name
X-Accel-Expires
X-NWS-LOG-UUID
X-Frontend
X-ECACHE
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Hits
X-Yandex-Sdch-Disable
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Content-Options
X-Ruxit-Js-Agent
Cache-Tags
X-Page-Id
Host
X-Git-Hash
MicrosoftSharePointTeamServices
Charset
Cleartype
X-B3-Sampled
X-Www-Served-By
X-Geo-Country
X-Cache-Key
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Fastly-Request-Id
TP-L2-Cache
X-Amz-Replication-Status
X-Content-Digest
TP-Cache
X-Forwarded-Proto
Filterid
X-Ser
X-XRDS-LOCATION
X-VCache
X-Varnish-Age
X-Amzn-Trace-Id
X-Hostname
X-AppVersion
X-Az
X-Activity-Id
X-Daa-Tunnel
X-Request-Handler-Origin-Region
X-Microsite
X-Rid
X-Debug-Info
X-Upgrade-Enabled
X-DIS-Request-ID
X-Origin-Server
Access-Control-Allow-Method
X-Grace
X-N
X-LB-Cache
X-FB-Debug
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
ServerID
X-Nginx-Upstream-Cache-Status
X-Mobile-URL
X-Whom
X-Route-Name
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-TT
X-Request-Guid
X-Providence-Cookie
X-Server-ID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Metageneration
X-NGENIX-Cache
X-Goog-Generation
X-F-Cache
X-App-Environment
X-App-Server
X-Varnish-Grace
Viewport
Cross-Origin-Opener-Policy
X-Tb
X-Distributor
Payment
X-FW-Server
X-FW-Static
DC
X-PressLabs-Stats
X-FW-Hash
X-FW-Type
X-Logged-In
X-FW-Serve
X-FW-Dynamic
Node
Paypal-Debug-Id
X-Cache-Control
X-Seen-By
Fastcgi-Useragent
X-Type
X-Cache-Age
X-User-Agent
Country
Accept-Charset
X-Webkit-CSP
X-Cache-Rule
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Node-Name
X-Erf-Bev-Bev
X-Browser-Type
Version
X-DataDome
X-Load-Cache
X-Wix-Request-Id
X-Ratelimit-Limit
X-Cache-Action
X-IPLB-Instance
Refresh
X-Via-JSL
SD-X-WS
Access-Control-Request-Headers
X-Original-Request-Id
X-Fastly-Request-ID
X-Response-Served-From
Cache-Status
X-Jobs
X-Tec-Api-Version
Referer-Policy
X-Tec-Api-Root
Liferay-Portal
X-Cacheable-TTL
X-Tec-Api-Origin
X-Real-IP
X-Vgn-Hpd-Reason
X-Drupal-Cache-Tags
X-Rendered-As
X-UUID
X-Proxy-Cache-Status
X-Page-View
X-RemovedCookies
X-Revision
X-Is-Bot
X-ProcessESI
X-Debug
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-B
X-Cluster-Name
NGB
X-Contextid
X-Fastcgi-Cache
X-Yottaa-Optimizations
X-Proxy
DynaTrace
X-Rule
X-Yottaa-Metrics
X-Drupal-Cache-Contexts
X-Cache-Expired-At
X-Device-Type
X-Framework
X-Cache-Time
Surrogate-Key
X-B-Cache
X-Mobile
X-G
Akamai-GRN
X-Signature
X-Instance
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Healthy
X-Debug-IsPreview
X-Debug-IsConnected
X-TEC-API-ROOT
X-Azure-Ref
X-FW-Version
CF-IPCountry
X-Source
SID
X-Oracle-Dms-Ecid
X-Air-Hostname
X-Oracle-Dms-Rid
Amp-Access-Control-Allow-Source-Origin
X-Air-Source
X-Air-Trace-Id
X-Ms-Request-Id
X-Ms-Version
Frame-Options
X-Nginx-Cache
X-Oneagent-Js-Injection
X-Cache-Hit
Ms-Operation-Id
X-RTag
MS-CV
Section-Io-Cache
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
Countrycode
X-APP-VERSION
Xserver
X-L-Path
X-Environment-Context
X-Varnish-Server
X-XRDS-Location
Count-Hit
X-Region
X-Cache-Operation
X-CDN-Forward
X-Servername
X-Content-Powered-By
X-Forwarded-Host
X-EdgeConnect-Cache-Status
GEO-INFO
Uber-Trace-Id
X-Backend-Name
X-Litespeed-Cache
Nel
Backend
X-IPS-LoggedIn
X-Mode
Cross-Origin-Window-Policy
X-Accel-Buffering
X-Adobe-Loc
X-Adobe-Content
X-JoinUs
X-Zen-Fury
X-SaId
X-RN-RSRV
Meta-Geo
X-UPSTREAM-Address
Ec-Rule-Version
X-Sorting-Hat-ShopId
X-Human
X-Redis-Cache
X-No-Session
X-Microcachable
X-Varnish-Beresp-Grace
X-Cache-Grace
Apigw-Requestid
X-Alternate-Cache-Key
X-ShopId
X-ShardId
Eomportal-Instance
X-Shopify-Stage
X-Debug-Cache
X-Generation-Time
X-Cache-Type
X-Cache-Server
X-Sorting-Hat-PodId
X-Hosted-By
X-Detected-As
Decoy-Debug-Key
X-FB-TRIP-ID
X-NCache
Cache-Tv-Group
X-Origin-Date
X-BYPASS-REASON
Decoy-Debug-Status
X-Sql-Count
Url
X-Cache-TTL-Remaining
Decoy-Debug-TTL
X-PHP-Backend
Cache-Name
X-Site-Version
X-RateLimit-Limit
X-Status
X-Storage
X-Sql-Duration-Ms
X-Uri
Country-Code
X-ServerID
X-ProxyCache-Status
X-ProxyCache-Key
X-Via-Fastly
Selected-Fe
X-Azure-Ref-OriginShield
Protected
TWC-Connection-Speed
Fastly-SSL
X-Web-Node
Property-Id
Webcakes-App-Version
X-Proxy-Build
X-PCL
X-Origin-Hint
X-Say-Cacheable
X-Say-TTL
X-Timing-Wait
X-SayCDN-TTL
X-OCL
X-Format
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
Mn-Server-Ip
X-Akamai-Edgescape
Webcakes-Region
TWC-Device-Class
TWC-GeoIP-Country
X-Cache-Host
X-SRV
X-UA-Device-Type
X-NYM-Debug-Backend
X-R9-Blue-Green-Version
X-Proxied
X-Pubstack
X-Hl-Ver
X-Extlb
Source
OT-Force-Account-Verify
Azure-Version
X-Access
X-ApacheServer
X-PERF
X-Varnishpool
X-Routing-Service
Azure-SlotName
X-Section
X-Server-W
DB-Nickname
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Zipkin-Id
X-Be
X-Tid
Content-Secure-Policy
X-Rewrite-Enabled
X-Cluster-Node
X-LSADC-Cache
X-Time
X-Soup
X-Cache-Var-Map
X-Webkit-Csp
X-Cache-Var
X-Ua
X-Cache-NGX
X-HTML-Minification-Powered-By
X-Ratelimit-Reset
X-Content-Age
X-Amz-Meta-S3cmd-Attrs
X-NewRelic-App-Data
X-Cached-By
Content-Disposition
SRV
X-LAGOON
X-Dc
X-App-Version
CDN-Uid
CDN-Cache
CDN-PullZone
Cache
X-Loop
X-Varnish-Hits
CDN-RequestCountryCode
CDN-CachedAt
CDN-RequestId
CDN-EdgeStorageId
X-Varnish-Hostname
X-TNCMS
X-Generated-By
X-S-Maxage
Onion-Location
X-Unique-Id
X-Bc-Bl
Webserver
X-Presslabs-Stats
Retry-After
X-CACHE-KEY
X-TT-LOGID
X-Hyper-Cache
X-Origin-CC
X-Origin-TTL
X-Auto-Login
X-ECache
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Web-Mar-Node
X-Ratelimit-Remaining
Cache-Hits
X-Proto
X-GEO
X-Nginx-Cache-Key
X-Cdn
Xet-Cookie
X-Time-Microsecs
X-Tenant
X-Endurance-Cache-Level
X-Qnm-Cache
X-M-Log
X-M-Reqid
X-Trace-Id
X-Edge-Location
X-VWS-Id
X-LJ-Flow-ID
X-GG-Cache-Date
X-Akamai-Transformed
X-CSRF-Token
X-AWS-Id
LB
CloudFront-Viewer-Country
Mime-Version
X-Platform-Server
HostName
X-Mg-Request-UUID
X-Amzn-RequestId
X-PHP-Host
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
AMP-Access-Control-Allow-Source-Origin
N-Cache
X-Xfnlog-Site
X-RCS-CacheZone
X-Storefront-Renderer-Rendered
X-Cache-Tags
X-B3-SpanId
X-Handled-By
X-Locale
X-Origin-Response-Time
X-Varnish-Cache-Hits
X-Adobe-Source
Upgrade-Insecure-Requests
ServedBy
X-Request-Time
X-VC-Cache
X-Ckpd-Fst-Backend
X-Cluster
X-CF-Lambda-Version
X-Cache-NE
X-ARC
X-AOL-HN
X-B-Cookie
X-Cache-Date
X-Conf
X-CF-Lambda-Fn
X-D
X-Reqid
X-NAPM-TraceId
X-ND-Cache
X-Orig-Expires
X-Ig-Push-State
X-Ftr-Request-Id
X-Destination
X-Developer
X-External-Request-Id
X-Forwarded-Path
X-Connection-Hash
A
DSUID
Pramga
DCR-Processing-Time-Ms
DCR-Decision-By
Redirect-Candidate
Origin
Odigeo-Trace-Id
Meta-Geo-Continent
Fastcgi-X-Cache-Version
Mobile-Detection-Method
Expiry
Rendered-Blocks
State
X-A-Dgt
X-A-Wwc
X-Aed
X-PAYTM-SRV-ID
X-A-Dcw
X-A-Dam
Surrogated-Key
X-A
X-A-Ccd
BehaviorPad-Version
X-Application
X-Correlation-ID
X-VG-WebCache
X-Processor
X-Session-Fingerprint
X-V-Cache
X-Vdms-Version
WPO-Cache-Message
X-SVT-ORM-RULES
X-Vdms-Path
X-S
X-S-Cookie
X-Rojux
X-ScT
X-Request-Host
X-SD-PageType
X-Planisys-CDN-TTL
WPO-Cache-Status
X-Slack-Backend
X-Planisys-CDN-Cache
X-SRCache-Key
X-PBS-Appsvrname
X-SVT-ORM-VERSION
X-TIM-N
X-Planisys-CDN-Rules
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-ATG-Version
X-Shop-Environment
Server-Info
Environment
X-Cache-Remote
X-Via-NSCOPI
X-TIME
X-MP-GENERATED-AT
X-Accel-Expires-Debug
X-Varnish-Beresp-Status
V-Age
X-Fastly-Cache
X-Block-Status
X-Gen-Mode
X-Hnp-Log
Host-ID
L
User-Cache-Control
Release
Wxu-Next-Commit
Wxu-Next-Hostname
Vix-Hermes-Req-Id
X-VG-TLSProxy
X-VServer
Wxu-Next-Region
X-Cache-Info
X-Li-Pop
X-LI-UUID
Gh-Request-Id
X-Hash
X-Gdpr
X-Geo-Header
X-Location
X-Men
X-Origin-Time
X-Owner
X-Origin-Expires
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Policy
X-Forwarded-Site
X-Served-From
X-Scheme
X-Server-IP
X-Cache-Bucket
X-Sucuri-Cache
X-Skip-Cache
X-Core-Mission
X-Rocket-Nginx-Serving-Static
X-Proxy-Upstream
X-Fetched-On
X-Epic-Correlation-Id
X-Device-Os
X-Date
X-Sucuri-ID
X-Li-Fabric
From-Origin
Candidate-Md5Url
X-Varnish-Ttl
Fastcgi-Cache-TTL
Cmsid
CacheControlHeader
Datacenter
AKAMAI
Cmstype
X-Esi-Check
X-Fastly-Backend
X-HS-Content-Campaign-Id
X-Gamma-Serve
X-Generated-On
X-GeoIP
X-HN
X-Gzip
X-GeoIP-City
X-Datadog-Sampling-Priority
X-Branch-Name
X-Bip
X-Aicache-OS
Apple-News-Services-Handled
X-Cache-Config
X-Cache-Id
X-Datadog-Trace-Id
X-Irp-Debug
X-Datadog-Parent-Id
X-Cdn-Origin
X-Developers
X-NU-AKA-ACS-Version
CDCHOST
Origin-CC
Arc-Country
X-Viewer-Country
X-VarnishDD-TTL
Origin-EX
Req-Svc-Chain
X-Core-Value
X-TH-Server
X-Cache-Debug
X-BBC-Edge-Cache-Status
Traceparent
X-EC-Lua
X-TrackingId
X-Magnolia-Registration
X-Region-Sid
X-Platform
Apple-News-Services-Host
X-NodeID
X-Req
X-Request-Start
X-Thanos
X-Thinkindot-L3
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-Level-Front-Cache
X-Sn-Servicetimems
Machine
Svr
Locid
Mail-Subject
Web-Mar-Region
Server-Host
Apple-News-Services-Parsed-Url
Fastly-GeoIP-CountryCode
TDXMobile
We-Hiring
True-Client-Country-4JS
PFcat
Apple-News-Services-Request-Url
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Xrds-Location
X-RateLimit-Remaining-Second
X-Origin
X-Pod-Name
X-Qloud-Router
X-RateLimit-Limit-Second
X-Is-Gdpr
X-FC-Vary-Parameters
X-Eu-Site
X-Has-Esi
X-Request-URI
X-JWT-State
X-Loc
X-Variation
HA-Ipaddr
Is-Eu
L5d-Success-Class
X-Envoy-Decorator-Operation
X-Rebelmouse-Cache-Control
X-Webstats-RespID
Ha-Gx-Prefs
X-Rebelmouse-Surrogate-Control
NGX
Fastly-SWR
X-Varnish-CookieHashed-On
X-DPWN-IS-SECURE
X-UnsetCookies
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
Fastly-SIE
X-Worker
Memcached
NM-Fastcgi-Cache
Platform
X-Amzn-Remapped-Content-Length
Adler-Geo
X-Backend-State
X-DefHash
X-DefElseHash
X-CGP
Cf-Device-Type
WWW-Authenticate
X-Csrf-Jwt
X-FireWall-Port
X-Zone
X-CS
Fastly-Drupal-Html
X-Up
X-Cdn-Srv
Sslversion
On-Server
X-Node-Id
Esi-Enabled
CDN
X-Varnish-Beresp-Ttl
X-NC
X-Mvc-Supplant-OutputCached
X-Response-By
X-LB-ID
X-API-Version
Ssr
X-Tx-Id
X-Service
Ms-Author-Via
WP-Super-Cache
X-Trace-ID
C-Via
X-Vc
Pics-Label
X-Generated-In
X-Datadome
X-Tt-Logid
X-Cache-PHP
X-Refresh
X-Via-Poph
Memory
X-Via-Popn
Time
X-Via-Popv
X-TA-CDN-Provider
X-DynaTrace-JS-Agent
X-Cache-Enabled
X-Edge-Pop
X-Backend-TTL
NtCoent-Length
X-Dynatrace
X-Cache-Status-Check
Env
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-TraceId
X-LB-NoCache
X-Tb-Optimization-Total-Bytes-Saved
GeoIp-Country-Code
X-Parent-Response-Time
Magicmarker
X-Optimistic-Header
X-Render-Time
X-DC
X-NWS-UUID-VERIFY
X-Info
X-TX-ID
X-Varnish-Beresp-TTL
X-Restarts
X-Ua-Device
X-Esi
X-AIR-PT
Kp-EeAlive
X-CacheTTL
X-ZONE
X-Unique-ID
X-Servedbyhost
X-Cs
Server-ID
X-CLOUD-TRACE-CONTEXT
X-Clientip
S-Rt
X-MSEdge-Flight
WebServer
X-DB
X-DSS
X-DI
X-Action
HIT
X-DW
X-RPM
Edge-Cache
X-RSL
Cache-Host
X-RPS
X-Cache-Backend
X-MSEdge-Features
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
UCS
X-Oss-Storage-Class
X-Wix-Viewer-Type
X-VCL-Version
X-Cache-Ttl
Proxy-Connection
X-Li-Proto
S-Cnection
X-App
X-Srv
X-Newrelic-Synthetics
Lb
X-URL
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Test
X-Minions-Version
X-Fpc
X-FPC
X-LI-Proto
X-Webkit-Csp-Report-Only
X-HA-Backend
X-LiteSpeed-Cache-Control
X-Traceid
X-Micro-Cache
User-Agent
Fastly-Backend-Name
X-Vcl-Version
X-B3-Spanid
Server-Id
X-Webkit-CSP-Report-Only
X-NODE
Geo-Info
X-Backend-Host
Tcn
X-Http-Reason
X-Akamai-Request-ID2
X-BCube-Filmed-By
X-Pass-Why
X-Pad
X-Release
X-ES-SERVER
X-APP
X-LiteSpeed-Tag
X-HostName
X-User
X-BBC-Origin-Response-Status
Resin-Trace
X-Ec-Fail
X-Ec-GeoHdr
Fastly-Drupal-HTML
Accept-Language
Cf-Int-Pingora-Origin-Digest
X-ServedByHost
X-CSRF-TOKEN
VNS-Age
Cache-Key
X-Amz-Meta-Cb-Modifiedtime
X-ID
VNS-Cache
CPC-Age
X-Cdn-Forward
Path
EpKe-Alive
CPC-Cache
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
Hostname
X-WA
X-WA-Info
Ohc-File-Size
X-Ha-Backend
Srv
X-Akamai-Pragma-Client-IP
GeoIP-Country-Code
X-Check-Cacheable
Hit
X-Geo
X-Dynatrace-Js-Agent
ENV
Cdnsip
Cdncip
X-ElasticPress-Query
X-Fmm-Version
X-WADP-Cache
X-Via-PopV
X-AK-Request-ID
MIME-Version
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Cms-Context
X-PJAX-URL
X-Clara-WADP
Pagetype
M-TraceId
X-Via-PopN
X-Edge-POP
X-Via-PopH
Shield-Pop
Geoip-Latitude
My-App
X-Edge-Cache
Cluster
X-Via-Ucdn
X-Api-Version
X-CCDN-Origin-Time
X-HS-Status
Load-Balancing
MD5-Digest
X-NGINX-Cache
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Ucs
X-ServerName
X-Var-Ttl
X-VG-WebServer
X-CUA
X-From
URI
Tracecode
Lfy
T-Server
Server-Ext
IsBot
W
PICS-Label
X-Mcache
X-Cache-Expires
X-Fastly-Backend-Reqs
Server-Hostname
X-GoCache-CacheStatus
X-SIPLIST1
X-Fastly-Cache-Hits
Sever-Int
X-TRACE-ID
X-Dw-Trace-Id
WZWS-RAY
X-Lb-Id
Cdn
Cteonnt-Length
X-Fragments
X-Provided-By
Lang
Cneonction
Ohc-Cache-HIT
X-RAMCache
X-B3-ParentSpanId
X-VC
Servername
X-UP
X-RateLimit-Reset
X-Nc
X-Cdn-Request-ID
X-Via-CDN
X-Apw-Access-Action
X-Newrelic-App-Data
X-Lb-Nocache
Vha6-Origin
X-Cc-Via
Target-Params
X-Yottaa-OS
X-Apw-Access-Object
Dnion-Transfer-Encoding
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-Trace
X-Akamai-Request-ID
X-Swift-Error
HitType
X-Apw-Access-Token
X-Cache-ASPX
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Platform-Processor
CF-Cached-On
X-Platform-Router
X-Apw-Hits
X-Platform-Cluster
Cf-Ipcountry
X-Snapshot-Date
X-Contensis-Viewer-Groups
X-Air-Pt
Sid
X-Cache-Ngx
X-Last-Modified
X-Akamai-ERRuleID
X-Http-Duration-Ms
X-Te-Duration-Ms
X-Http-Count
X-Te-Count
Uri
Server-Ttl
X-Akamai-ERPolicy
Ngx
X-UA
CountryCode
X-B3-Parentspanid
Req-ID
X-HTML-Edge-Cache
X-Varnish-Authentication
FSS-Cache
X-Sentry-ID
X-Miniprofiler-Ids
X-CacheKey
X-Logging-Id