Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Xss-Protection
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Akamai-Path-Stats
X-Ua-Compatible
X-Dns-Prefetch-Control
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
X-Proxy-Cache
Host-Header
X-UA-Device
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Country
Fastly-Restarts
Accept-Ch
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
RTSS
Edge-Control
X-Server-Name
X-VARITI-CCR
X-ESI
X-Amz-Server-Side-Encryption
Cache-Tag
X-Varnish-TTL
X-Content-Type
X-B3-TraceId
X-Vcap-Request-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Dw-Request-Base-Id
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-D2id
X-Edge
X-RateLimit-Remaining
X-Ac
X-Ser
X-Navigation-Version
X-Element-Page-Cache
X-Abt-Application-Version
X-FastCGI-Cache
Verso
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Client-IP
X-Powered-By-Plesk
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Country-Code
X-Correlation-Id
Response
X-Middleton-Response
X-Ttl
X-NF-Request-ID
X-Goog-Hash
Access-Control-Request-Method
SPRequestDuration
SPIisLatency
X-Content-Security-Policy-Report-Only
X-Kinsta-Cache
AR-PoweredBy
AR-Request-ID
AR-CACHE
AR-ATIME
AR-SID
X-Cached
X-Edge-Location-Klb
X-SharePointHealthScore
SPRequestGuid
X-LLID
X-Powered-CMS
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Edge-Cache-Tag
X-Upstream
X-RateLimit-Limit
X-NWS-LOG-UUID
X-Litespeed-Cache
X-Ruxit-Js-Agent
X-TTL
X-Forwarded-For
X-Cache-Key
Content-MD5
Nginx-Cache
X-Id
MRF-Tech
X-Shield-Request-Id
Mrf-Cache-Status
X-MSEdge-Ref
TCN
X-B3-TraceId-Primal
X-T
X-Recruiting
X-Daa-Tunnel
S
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Digest
X-ECACHE
X-Ua-Device
X-DataDome
X-Mg-S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-Grace
MS-Author-Via
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-Protected-By
X-WebKit-CSP-Report-Only
X-DynaTrace
X-HS-Content-Id
X-Frontend
X-Content
X-Ab
X-Ua-Browser
X-Yandex-Sdch-Disable
TP-L2-Cache
TP-Cache
Front-End-Https
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Server-ID
Filters
X-PressLabs-Stats
X-Distributor
X-Origin-Server
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-Webkit-Csp
X-Microsite
X-Request-Handler-Origin-Region
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-LB-Cache
Host
X-Amzn-Trace-Id
X-Debug-Info
Charset
X-Git-Hash
X-B3-Sampled
Cleartype
Cross-Origin-Opener-Policy
X-Page-Id
X-F-Cache
X-Forwarded-Proto
X-DIS-Request-ID
X-Cache-Age
X-ORACLE-DMS-ECID
Access-Control-Allow-Method
X-ORACLE-DMS-RID
X-Seen-By
Cache-Status
Realpath
X-Www-Served-By
X-Ratelimit-Reset
X-Pinterest-Rid
ServerID
Pinterest-Version
Pinterest-Generated-By
X-AppVersion
X-Activity-Id
X-Az
X-Webkit-CSP
X-Aspnetmvc-Version
Accept-Charset
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Mcache
X-Fastly-Request-Id
X-Varnish-Age
Cache-Tags
Filterid
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Rid
X-Content-Options
X-Language
Retry-After
X-Type
X-Kong-Proxy-Latency
X-FB-Debug
X-App-Environment
X-Kong-Upstream-Latency
Server-Name
X-Tb
X-Upgrade-Enabled
Node
X-MCACHE
X-Varnish-Grace
X-User-Agent
X-Varnish-Backend
Country
X-TT
X-Drupal-Cache-Tags
Viewport
X-Whom
X-Origin-Cache
X-GUploader-UploadID
X-B-Cache
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Oneagent-Js-Injection
X-Mobile-URL
X-Goog-Metageneration
X-Signature
X-Wix-Request-Id
Paypal-Debug-Id
DC
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-VCache
X-XRDS-LOCATION
X-B
X-Request-Guid
X-NWS-UUID-VERIFY
Protected
Permissions-Policy
X-Debug
Fastcgi-Useragent
X-Cache-NGX
X-Logged-In
X-N
X-Amz-Replication-Status
WPO-Cache-Status
WPO-Cache-Message
X-Amz-Meta-S3cmd-Attrs
Payment
X-Via-JSL
X-Load-Cache
Surrogate-Key
X-Contextid
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Count-Hit
Healthy
X-Node-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-XRDS-Location
X-FW-Type
X-Template
X-FW-Serve
X-FW-Static
X-FW-Dynamic
X-Mobile
X-FW-Hash
X-FW-Server
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-Fastcgi-Cache
X-Jobs
Refresh
Content-Disposition
X-Revision
X-G
Url
X-Proxy
X-UUID
X-Cache-TTL-Remaining
Uber-Trace-Id
X-Framework
X-Cache-Time
X-Akamai-Request-ID2
Akamai-GRN
X-NGENIX-Cache
X-Real-IP
X-Restarts
Alternate-Protocol
X-Zen-Fury
X-Cacheable-TTL
X-Debug-IsConnected
X-Fastly-Request-ID
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Adobe-Loc
X-Servername
X-Device-Type
X-Debug-IsPreview
X-Adobe-Content
X-Yottaa-Metrics
X-Rendered-As
X-Http-Reason
X-Hostname
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Is-Bot
X-Yottaa-Optimizations
X-Page-View
X-Proxy-Cache-Status
X-Mg-Request-UUID
NGB
X-Cache-Grace
X-Instance
X-ECache
X-Trace-Id
X-Midtier
X-Varnish-Server
X-B3-Traceid
Version
X-L-Path
X-Environment-Context
X-IPLB-Instance
X-EdgeConnect-Cache-Status
X-Source
Accept-Language
X-HTML-Minification-Powered-By
Countrycode
X-RTag
MS-CV
Frame-Options
Ms-Operation-Id
From-Origin
X-Cache-Rule
X-Vgn-Hpd-Reason
X-Cache-Expired-At
X-Cache-Hit
Referer-Policy
X-App-Server
Liferay-Portal
X-NYM-Debug-Backend
Cross-Origin-Window-Policy
Backend
X-Tumblr-Pixel
X-COUNTRY
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-IPS-LoggedIn
X-Datadome
X-Nginx-Cache
X-FW-Version
X-Hosted-By
X-UPSTREAM-Address
Meta-Geo
Upgrade-Insecure-Requests
X-Unique-Id
X-RN-RSRV
X-Parallel-Accel
Content-Secure-Policy
X-Redis-Cache
X-APP-VERSION
Section-Io-Cache
X-NewRelic-App-Data
X-Cache-Enabled
X-Generation-Time
X-FB-TRIP-ID
X-Cache-Server
X-No-Session
X-AOL-HN
X-UA-Device-Type
Mn-Server-Ip
X-Request-Time
X-RemovedCookies
X-Ua
X-Content-Age
Apigw-Requestid
X-Via-Fastly
X-Uri
WP-Super-Cache
X-Region
X-Origin-Date
X-OCL
X-Akamai-Edgescape
X-PCL
S-Rt
X-Mode
X-ProcessESI
X-PHP-Backend
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Azure-Version
Azure-InstanceId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
Azure-RegionName
Azure-SiteName
TWC-Connection-Speed
Property-Id
Locale
Azure-SlotName
TWC-Device-Class
X-Server-W
X-Site-Version
X-Status
X-Storage
X-ShopId
X-Section
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Sql-Duration-Ms
X-Labrador-Cache-Channel
X-PHP-Host
X-Sql-Count
Fastly-SSL
X-Varnish-Cache-Hits
X-Xfnlog-Site
X-ProxyCache-Status
X-ProxyCache-Key
X-Be
X-BYPASS-REASON
X-Cluster-Node
X-ApacheServer
X-Access
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Content-Powered-By
X-Debug-Cache
X-Nginx-Cache-Key
X-Origin-Hint
X-PERF
X-Human
X-Generated-By
X-Format
X-Forwarded-Host
TWC-Privacy
TWC-Locale-Group
X-ShardId
CF-IPCountry
X-Ratelimit-Remaining
X-Alternate-Cache-Key
X-Cache-Action
X-Hl-Ver
X-JoinUs
X-Extlb
X-Locale
X-AWS-Id
X-LJ-Flow-ID
X-Cache-Host
Eomportal-Instance
X-VWS-Id
X-Detected-As
X-Platform-Server
X-ServerID
X-Zipkin-Id
X-Web-Node
X-Tid
X-Varnishpool
X-SaId
X-Routing-Service
Ec-Rule-Version
X-Cms-Context
X-Cache-Tags
X-Adobe-Source
X-Proxied
X-Cache-Type
X-GG-Cache-Date
X-VC-Cache
X-Backend-Name
Cache-Tv-Group
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
X-Timing-Wait
Selected-Fe
X-Proxy-Build
X-Handled-By
Load-Balancing
CDN-Cache
CDN-CachedAt
ServedBy
X-Edge-Location
X-Storefront-Renderer-Rendered
Webserver
X-Proto
SRV
X-GeoCode
X-GeoCountry
X-App-Version
Fastly-Drupal-Html
X-CDN-Forward
X-LSADC-Cache
Mime-Version
X-Hyper-Cache
X-Rule
X-Dc
Web-Mar-Node
Onion-Location
X-Cache-Operation
X-Cached-By
X-TT-LOGID
X-GEO
X-Cache-Remote
X-Rewrite-Enabled
X-Varnish-Hostname
SID
X-Cdn
X-Soup
Cache-Hits
X-Varnish-Ttl
X-Cluster
Xserver
X-Accel-Buffering
X-Varnish-Hits
X-Origin-CC
X-Reqid
X-TA-CDN-Provider
X-Origin-TTL
X-Envoy-Decorator-Operation
Xet-Cookie
X-SRV
X-Magnolia-Registration
Country-Code
X-Ratelimit-Limit
X-Pubstack
X-Air-Source
LB
X-Air-Trace-Id
X-Air-Hostname
Server-Info
X-Microcachable
X-Buckets
X-IPLB-Request-ID
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-CSRF-Token
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
Cache
X-Request-Host
DB-Nickname
X-Tumblr-Pixel-3
Source
X-Ms-Request-Id
X-Ms-Version
X-Tt-Logid
X-Endurance-Cache-Level
X-B3-SpanId
X-Time
X-Tx-Id
X-Vtex-Processado-Em
Expiry
X-Vtex-Remote-Cache
Xc-Version
Host-ID
X-Vdms-Version
Lang
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-Via-NSCOPI
Cdncip
Cmsid
Cmstype
DCR-Decision-By
BehaviorPad-Version
X-VG-WebCache
A
X-Origin-Response-Time
X-Cache-Id
X-Forwarded-Path
X-External-Request-Id
X-Ftr-Request-Id
X-Gzip
X-Ig-Push-State
X-Hash
X-Esi-Check
X-Epic-Correlation-Id
X-Destination
X-D
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-Tenant
X-NAPM-TraceId
X-ScT
X-S-Cookie
X-SD-PageType
X-Session-Fingerprint
X-Shop-Environment
X-S
X-Rojux
X-PAYTM-SRV-ID
X-Orig-Expires
X-PBS-Appsvrname
X-SRCache-Key
X-Processor
X-TIM-N
X-Connection-Hash
Surrogated-Key
Sslversion
T-Server
X-A
X-A-Dam
X-A-Ccd
Rendered-Blocks
Pramga
Mobile-Detection-Method
Meta-Geo-Continent
X-Vdms-Path
NM-Fastcgi-Cache
Odigeo-Trace-Id
X-A-Dcw
X-A-Dgt
X-Cache-NE
X-TrackingId
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Conf
X-B-Cookie
X-User
X-Aed
X-A-Wwc
X-AK-Request-ID
X-Application
X-ARC
MD5-Digest
Cdnsip
X-Amz-Apigw-Id
X-Newrelic-Synthetics
X-Amzn-RequestId
X-NCache
X-RCS-CacheZone
X-Bc-Bl
X-Variation
X-CacheTTL
Wxu-Next-Region
X-Cache-Info
X-Cache-Bucket
X-Ckpd-Fst-Backend
X-Cdn-Srv
Wxu-Next-Hostname
Wxu-Next-Commit
Machine
Memcached
Is-Eu
Fastly-GeoIP-CountryCode
Environment
Platform
Producers
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
State
Server-Host
X-Varnish-Remaining-TTL
X-Clara-WADP
X-Core-Mission
X-SVT-ORM-RULES
X-Origin
X-NodeID
X-Node-Id
X-SVT-ORM-VERSION
X-Origin-Expires
X-Sigma-Backend
X-Server-IP
X-Scheme
X-SB
X-Rocket-Build-Number
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Device-Os
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-Core-Value
X-Fastly-Cache
X-Fetched-On
X-HS-Content-Campaign-Id
X-GeoIP
X-Geo-Header
X-Fmm-Version
X-Sigma
X-V-Cache
X-Worker
X-Skip-Cache
X-WADP-Cache
Adler-Geo
Cache-Name
X-Varnish-Beresp-Grace
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Cdn-Origin
X-CGP
X-Developers
X-Thinkindot-L3
X-Forwarded-Site
X-Gamma-Serve
X-Eu-Site
X-Ec-Custom-Error
X-Cache-Date
X-Dispatcher-Number
X-Datadog-Trace-Id
X-Cache-Backend
Ohc-File-Size
Candidate-Md5Url
We-Hiring
Vix-Hermes-Req-Id
User-Cache-Control
V-Age
X-Aicache-OS
X-Amzn-Remapped-Content-Length
X-Branch-Name
X-Gdpr
X-Block-Status
X-BBC-Edge-Cache-Status
X-R9-Blue-Green-Version
X-BCube-Filmed-By
X-Via-Ucdn
X-Generated-On
X-Pool
X-Qloud-Router
X-SIPLIST1
X-Policy
X-Slack-Backend
X-Platform
X-Sn-Servicetimems
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rocket-Nginx-Serving-Static
X-Served-From
X-Request-URI
X-Region-Sid
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Kp-EeAlive
X-LAGOON
X-Hnp-Log
X-HN
Traceparent
X-GeoIP-City
X-Level-Front-Cache
X-Loc
HostName
X-Planisys-CDN-Cache
X-Origin-Time
X-Nyt-Route
X-Minions-Version
DynaTrace
X-Gen-Mode
X-Csrf-Jwt
Origin-EX
PFcat
Origin-CC
Origin
X-VarnishDD-TTL
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Req-Svc-Chain
Release
Redirect-Candidate
Apple-News-Services-Host
Mail-Subject
L5d-Success-Class
X-TNCMS
CDCHOST
X-VG-TLSProxy
X-Loop
CloudFront-Viewer-Country
Fastly-SIE
Fastly-SWR
L
IsBot
HA-Ipaddr
Ha-Gx-Prefs
Apple-News-Services-Handled
N-Cache
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
TDXMobile
Cache-Key
Svr
AKAMAI
Ssr
Thinkindot-Control
X-Wix-Viewer-Type
X-Cache-Status-Check
X-Azure-Ref
X-Xrds-Location
VNS-Cache
X-Optimistic-Header
X-Has-Esi
DSUID
X-Proxy-Upstream
X-Ad-Defer-Variation
X-Owner
Datacenter
Server-Ext
X-SplitTest
X-From
X-JWT-State
Server-Hostname
X-VServer
NGX
X-Httpd
Cluster
VNS-Age
X-Scale
X-Viewer-Country
CPC-Age
Web-Mar-Region
X-Webstats-RespID
X-Pod-Name
Fastcgi-Cache-TTL
X-Auto-Login
XM
CDN
Sever-Int
GEO-INFO
CPC-Cache
X-Wikidot-Static-Cache
X-Proxy-Cache-Info
Gh-Request-Id
X-Wikidot-Backend
X-Is-Gdpr
X-ZONE
X-VC
X-Refresh
X-Parent-Response-Time
Pics-Label
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Location
X-WA-Info
X-CS
X-CACHE-KEY
X-Tb-Optimization-Total-Bytes-Saved
Fastly-Backend-Name
X-Micro-Cache
X-Contensis-Viewer-Groups
Locid
X-Ah-Environment
X-Cache-ASPX
Env
X-EC-Lua
Ms-Author-Via
X-Men
X-LB-NoCache
X-RateLimit-Reset
X-NC
X-Response-By
X-Varnish-Authentication
Servername
Arc-Country
X-AIR-PT
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Amz-Meta-Cb-Modifiedtime
X-Old-Content-Length
X-Servedbyhost
X-Udemy-Cache-App-Namespace
Path
X-Mvc-Supplant-OutputCached
X-Edge-Pop
X-TIME
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Lb
Time
X-DB
Cache-Host
X-TraceId
X-Via-Popn
X-Via-Poph
X-RSL
X-RPS
X-Via-Popv
X-RPM
Ngx.Var.Host
Memory
X-Generated-In
X-DW
X-DSS
X-DI
Ohc-Cache-HIT
X-HA-Backend
X-Akamai-Transformed
X-Accel-Expires-Debug
ITXSESSIONID
X-Date
X-Varnish-Beresp-TTL
XkeyRZ
X-Proxy-CacheRZ
GeoIp-Country-Code
X-S-Maxage
X-GeoIP-Country-Code
Client
X-DC
X-GeoIP-Region-Code
X-VCL-Version
X-Api-Version
X-Clientip
X-API-Version
FSS-Cache
X-Cache-Debug
True-Client-IP
X-Vc
X-Cs
X-VHOST
X-Trace-ID
Server-ID
Geoip-Latitude
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
X-Zone
Fusion-Deployment-Id
Fusion-Source
X-Presslabs-Stats
X-Fpc
CacheControlHeader
Hostname
X-Dmc
X-TH-Server
True-Client-Country-4JS
X-Action
Powered-By
X-Backend-TTL
X-FireWall-Port
X-Traceid
X-Webkit-Csp-Report-Only
X-TX-ID
X-MSEdge-Features
X-MSEdge-Flight
X-Render-Time
X-B3-Spanid
NtCoent-Length
X-PX
X-Req
Edge-Cache
Geo-Info
Test
C-Via
X-DynaTrace-JS-Agent
X-INCAP-ABP
Rip
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Gateway-Request-Id
Tcn
X-Service
X-Gateway-Cache-Status
X-M-Reqid
X-NGINX-Cache
X-CSRF-TOKEN
X-Cdn-Request-ID
X-TRACE-ID
X-Pass-Why
X-Qnm-Cache
Tube-Get-Contents
Click-Count-Error
Click-Count-Action-Start
Tube-Got-Eval
Tube-Got-Results
Esi-Enabled
Tube-Return
My-App
X-FPC
X-M-Log
X-Correlation-ID
X-Origin-Upstream-Status
X-Beluga-Record
X-Beluga-Cache-Status
X-Beluga-Node
HIT
On-Server
X-Webkit-CSP-Report-Only
X-Beluga-Response-Time
User-Agent
X-HS-Status
X-Beluga-Trace
Server-Id
X-Beluga-Status
X-Provided-By
X-Alfa-Service
Uri
Cf-Int-Pingora-Origin-Digest
OT-Force-Account-Verify
X-Vcl-Version
X-Up
X-Akamai-Pragma-Client-IP
X-Via-PopN
GeoIP-Country-Code
GeoIP-Latitude
X-LB-ID
X-Ha-Backend
X-Check-Cacheable
Srvid
X-Proxy-Cache-Hk
X-Via-PopV
Resin-Trace
X-Via-PopH
X-URL
Proxy-Connection
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
Cdn
X-APP
Sid
X-Edge-Origin-Shield-Bytes
X-RAMCache
X-LI-UUID
X-Edge-Origin-Shield-Region
X-UnsetCookies
X-Hcs-Proxy-Type
Srv
X-Li-Fabric
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Li-Pop
Epwk-X-Cache
X-LI-Proto
X-ServedByHost
DataCenter
X-Cdn-Forward
WebServer
X-Geo
X-Fetch-By
X-Time-Microsecs
X-ND-Cache
M-TraceId
X-Backend-Host
WZWS-RAY
X-Esi
Warning
MIME-Version
X-Lb-Nocache
ENV
XServer
X-App
Server-Ttl
X-CUA
ServerName
X-Fastly-Backend-Reqs
Cf-Device-Type
X-B3-Traceid-Primal
X-Edge-POP
Fastly-Drupal-HTML
X-HostName
X-MG-S
Target-Params
X-Azure-Ref-OriginShield
X-ElasticPress-Query
X-Dw-Trace-Id
X-ATG-Version
Section-Origin-Responded
X-HITS
X-Serial
X-Platform-Router
X-Yottaa-OS
CF-Cached-On
X-LiteSpeed-Cache-Control
X-Newrelic-App-Data
X-Request-Url
Section-Io-Id
PICS-Label
X-Platform-Cluster
Section-Io-Origin-Status
X-Fragments
X-Platform-Processor
DT-Hot-News
Tracecode
Section-Io-Origin-Time-Seconds
D-Url-Rewrites
X-Thanos
X-Bip
X-Akamai-Request-ID
Inserted-Into-Cache-At
Dt-Hot-News
True-Client-Ip
X-Iplb-Request-Id
X-Var-Ttl
Lfy
X-Vcache
X-FC-Vary-Parameters
Cf-Ipcountry
X-Iplb-Instance
X-Sucuri-ID
X-Fastly-Backend
X-CF-Powered-By
X-Nc
X-Sucuri-Cache
Cdn-Pullzone
Wp-Super-Cache
Servedby
Cdn-Edgestorageid
Cdn-Cache
Cdn-Cachedat
Cdn-Requestcountrycode
Cdn-Requestid
Cdn-Uid
X-Air-Pt
X-IN-APIGATEWAY
Vha6-Origin
X-Dist-Code
X-IN-APIGATEWAYSSL
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Id
X-Vercel-Cache
X-Request-Start
X-BBC-Origin-Response-Status
X-Back
Content-Style-Type
Content-Script-Type
X-Request-URL
X-Th-Server
X-Varnish-Beresp-Status
X-Storefront-Renderer-Verified
CountryCode
X-Cache-Expires
Ngx
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Snapshot-Date
X-Release
Cneonction
X-NU-AKA-ACS-Version
X-Wp-Cf-Super-Cache