Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
X-Rq
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
X-LiteSpeed-Cache
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
Allow
X-Cache-Spec
X-Device
X-WebKit-CSP
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
Cf-Edge-Cache
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Rating
Accept-CH-Lifetime
X-Url
X-Trace
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-MS-InvokeApp
X-PC
X-Rack-Cache
X-TtlSet
X-Vname
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-VARITI-CCR
X-Content-Type
Accept-Ch
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Amz-Rid
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Amz-Server-Side-Encryption
X-Dw-Request-Base-Id
X-Cnection
Public-Key-Pins
X-Ac
X-Px
X-RateLimit-Remaining
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-Cache-TTL
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Ser
Service-Worker-Allowed
X-Edge
X-Version
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
Access-Control-Request-Method
X-Correlation-Id
X-Ruxit-Js-Agent
X-Goog-Hash
X-Kinsta-Cache
X-Webkit-Csp
AR-ATIME
AR-CACHE
AR-SID
AR-Request-ID
AR-PoweredBy
X-TTL
SPIisLatency
X-Upstream
SPRequestDuration
X-Edge-Location-Klb
X-Ttl
X-NWS-LOG-UUID
X-RateLimit-Limit
X-LLID
X-Cached
X-Instrumentation
X-Kraken-Loop-Name
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Litespeed-Cache
Edge-Cache-Tag
Nginx-Cache
X-SharePointHealthScore
SPRequestGuid
X-Cache-Key
X-Forwarded-For
Mrf-Cache-Status
MRF-Tech
TCN
Content-MD5
X-MSEdge-Ref
X-Id
X-Content-Security-Policy-Report-Only
MS-Author-Via
X-Shield-Request-Id
X-B3-TraceId-Primal
X-Daa-Tunnel
X-T
X-Recruiting
X-DataDome
S
X-Content-Digest
X-Mg-S
X-Ua-Device
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Protected-By
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Ezoic-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Frontend
MicrosoftSharePointTeamServices
X-Accel-Expires
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
Server-Node
X-HS-Combine-CSS
X-Request-Received
X-Ab
X-Ua-Browser
Front-End-Https
X-Content
X-Request-Processing-Time
X-Yandex-Sdch-Disable
X-Grace
Filters
X-Server-ID
X-ORACLE-DMS-ECID
X-ECACHE
Fastcgi-Cache
X-Mid
X-ORACLE-DMS-RID
X-PressLabs-Stats
X-Hits
X-Origin-Server
X-DynaTrace
TP-Cache
X-Geo-Country
TP-L2-Cache
X-Distributor
X-Ratelimit-Reset
X-Debug-Info
X-Amzn-Trace-Id
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Tt-Trace-Host
Cleartype
Charset
X-Tt-Trace-Tag
X-Page-Id
Host
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Microsite
X-F-Cache
X-Git-Hash
X-B3-Sampled
X-Www-Served-By
X-LB-Cache
Cross-Origin-Opener-Policy
X-Forwarded-Proto
Access-Control-Allow-Method
ServerID
X-WebKit-CSP-Report-Only
X-Cache-Age
Cache-Tags
X-Seen-By
X-Aspnetmvc-Version
X-Az
X-Activity-Id
X-AppVersion
Accept-Charset
X-MCACHE
X-Varnish-Age
X-Cluster-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cache-Status
Realpath
Filterid
X-Language
Server-Name
X-Rid
X-Content-Options
X-Type
X-XRDS-LOCATION
X-App-Environment
X-Nginx-Upstream-Cache-Status
X-Oracle-Dms-Ecid
Viewport
X-Varnish-Grace
Node
X-Mobile-URL
X-Oracle-Dms-Rid
Country
X-User-Agent
X-Upgrade-Enabled
X-Tb
X-Origin-Cache
X-NWS-UUID-VERIFY
X-Whom
Retry-After
X-Flags
X-Aspnet-Duration-Ms
X-Wix-Request-Id
Paypal-Debug-Id
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Drupal-Cache-Tags
DC
X-Route-Name
X-B-Cache
X-Signature
X-TT
Protected
X-FB-Debug
X-Varnish-Backend
X-VCache
X-Via-JSL
Fastcgi-Useragent
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-B
X-Fastly-Request-ID
X-Cache-NGX
X-Fastly-Request-Id
X-Amz-Replication-Status
X-Fastcgi-Cache
X-Debug
Payment
X-N
X-Contextid
X-Logged-In
X-Load-Cache
WPO-Cache-Message
WPO-Cache-Status
Surrogate-Key
X-Template
X-FW-Type
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-Webkit-CSP
X-FW-Server
X-Cache-Control
X-Amz-Meta-S3cmd-Attrs
Count-Hit
X-Node-Name
X-XRDS-Location
Amp-Access-Control-Allow-Source-Origin
X-Erf-Bev-Bev
Healthy
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Trace-Id
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
Content-Disposition
X-Mcache
X-Proxy
Refresh
Akamai-GRN
X-Rendered-As
X-Real-IP
X-Zen-Fury
Uber-Trace-Id
X-Akamai-Request-ID2
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-G
X-Jobs
X-Hostname
X-Is-Bot
X-Cache-Time
X-Http-Reason
X-Cacheable-TTL
X-Revision
X-UUID
X-Page-View
X-Framework
X-Adobe-Loc
X-Adobe-Content
X-Mobile
NGB
Alternate-Protocol
X-Device-Type
X-Proxy-Cache-Status
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
Permissions-Policy
X-Instance
X-Debug-IsPreview
X-Debug-IsConnected
X-Yottaa-Metrics
X-Yottaa-Optimizations
Url
X-IPLB-Instance
Access-Control-Request-Headers
X-Servername
X-ECache
X-Source
X-Cache-Grace
From-Origin
X-B3-Traceid
X-Parallel-Accel
Version
X-Vgn-Hpd-Reason
X-Varnish-Server
X-Mg-Request-UUID
X-Oneagent-Js-Injection
X-Cache-Rule
Accept-Language
X-Cache-Hit
X-Environment-Context
X-L-Path
X-Cache-Expired-At
X-Restarts
X-NGENIX-Cache
Referer-Policy
Countrycode
X-EdgeConnect-Cache-Status
X-RTag
MS-CV
Ms-Operation-Id
X-App-Server
X-FW-Version
Cross-Origin-Window-Policy
X-HTML-Minification-Powered-By
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Liferay-Portal
X-Tumblr-Pixel-0
X-Tumblr-User
X-NYM-Debug-Backend
Frame-Options
X-COUNTRY
X-IPS-LoggedIn
Backend
X-Cache-Action
X-Nginx-Cache
Content-Secure-Policy
X-RemovedCookies
X-ProcessESI
WP-Super-Cache
Section-Io-Cache
CF-IPCountry
X-Cache-Server
X-OCL
X-UPSTREAM-Address
X-PCL
X-RN-RSRV
Meta-Geo
X-Redis-Cache
Ec-Rule-Version
Fastly-SSL
X-Content-Age
X-Cache-Enabled
X-Section
X-Hyper-Cache
X-Cluster-Node
Upgrade-Insecure-Requests
X-Format
Apigw-Requestid
X-Generation-Time
X-Ua
Cache-Tv-Group
X-Access
X-FB-TRIP-ID
X-No-Session
X-Detected-As
X-APP-VERSION
Property-Id
S-Rt
Locale
TWC-Connection-Speed
Mn-Server-Ip
X-Mode
X-TT-LOGID
X-Web-Node
X-Sql-Duration-Ms
X-UA-Device-Type
X-Sql-Count
TWC-Device-Class
X-PHP-Backend
X-Server-W
X-Site-Version
X-PERF
TWC-GeoIP-LatLong
X-Origin-Date
X-Uri
X-Ratelimit-Remaining
X-Generated-By
X-Be
X-Akamai-Edgescape
X-ApacheServer
TWC-GeoIP-Country
X-Urbn-Context-Path
X-Via-Fastly
X-Storage
X-Origin-Hint
X-Region
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-Hosted-By
Webcakes-Region
X-Urbn-Site-Id
CDN-CachedAt
X-Forwarded-Host
X-Unique-Id
Azure-SiteName
CDN-EdgeStorageId
Azure-RegionName
CDN-Cache
X-Debug-Cache
Azure-SlotName
Azure-InstanceId
Eomportal-Instance
X-Adobe-Source
X-Xfnlog-Site
CDN-Uid
CDN-RequestId
CDN-PullZone
X-Cache-Host
CDN-RequestCountryCode
X-Platform-Server
X-Cache-Tags
X-AOL-HN
X-Status
X-Say-TTL
Azure-Version
X-Nginx-Cache-Key
X-Human
X-Say-Cacheable
X-Varnish-Cache-Hits
X-SayCDN-TTL
X-Request-Time
X-Hl-Ver
X-Tid
X-Rule
X-Proxied
X-Varnishpool
X-ProxyCache-Status
X-Alternate-Cache-Key
X-JoinUs
X-ProxyCache-Key
X-Zipkin-Id
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Content-Powered-By
X-Backend-Name
X-BYPASS-REASON
X-Routing-Service
X-ShopId
X-SaId
X-Handled-By
X-ShardId
X-ServerID
X-Extlb
X-PHP-Host
X-Labrador-Cache-Channel
X-Timing-Wait
ServedBy
Selected-Fe
X-Locale
Webserver
X-NewRelic-App-Data
X-Proxy-Build
X-Cache-Type
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Dc
X-VC-Cache
X-Accel-Buffering
X-GG-Cache-Date
X-Cache-Operation
X-Datadome
X-LSADC-Cache
X-Rewrite-Enabled
Xserver
X-Midtier
X-Edge-Location
X-Cached-By
SID
X-Cache-Remote
X-CDN-Forward
X-Pubstack
SRV
X-Proto
X-Cms-Context
Web-Mar-Node
X-Storefront-Renderer-Rendered
X-Soup
Fastly-Drupal-Html
X-TA-CDN-Provider
Mime-Version
Onion-Location
X-Buckets
X-Reqid
Country-Code
X-App-Version
X-Request-Host
Decoy-Debug-TTL
LB
Load-Balancing
X-Varnish-Hostname
Decoy-Debug-Key
Decoy-Debug-Status
X-GeoCountry
X-GEO
X-GeoCode
X-Origin-CC
Cache-Hits
X-Ratelimit-Limit
X-Origin-TTL
Server-Info
X-Microcachable
X-Cluster
Xet-Cookie
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Ms-Request-Id
X-Ms-Version
X-Varnish-Hits
X-Tumblr-Pixel-3
X-CSRF-Token
X-Time
X-Envoy-Decorator-Operation
X-SRV
X-NCache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Bc-Bl
X-Air-Hostname
DynaTrace
X-Magnolia-Registration
X-Air-Source
X-Air-Trace-Id
X-B3-SpanId
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Cache-Id
X-Destination
X-Developer
X-Connection-Hash
X-D
A
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Conf
X-Ec-Fail
X-Cache-NE
X-Cdn-Srv
X-Esi-Check
X-HS-Content-Campaign-Id
X-Hash
X-Ig-Push-State
X-LAGOON
X-NAPM-TraceId
X-R9-Blue-Green-Version
Odigeo-Trace-Id
X-Geo-Header
X-Cache-Bucket
X-Epic-Correlation-Id
X-External-Request-Id
X-Forwarded-Path
X-Ftr-Request-Id
X-From
X-Ec-GeoHdr
BehaviorPad-Version
Host-ID
Lang
X-A
Fastcgi-X-Cache-Version
Expiry
X-A-Ccd
T-Server
Surrogated-Key
Pramga
NM-Fastcgi-Cache
Mobile-Detection-Method
Meta-Geo-Continent
Sslversion
Rendered-Blocks
X-A-Dam
X-A-Dcw
Cdncip
Cdnsip
X-AK-Request-ID
X-NodeID
X-ARC
X-Application
X-Aed
X-A-Wwc
DCR-Processing-Time-Ms
X-A-Dgt
DCR-Decision-By
DB-Nickname
Cmsid
Cmstype
X-B-Cookie
X-Gzip
X-Session-Fingerprint
X-Varnish-Beresp-Grace
X-Shop-Environment
X-Tenant
X-SD-PageType
X-ScT
X-Rojux
X-S
X-S-Cookie
X-TIM-N
X-TrackingId
X-Vtex-Remote-Cache
X-Webstats-RespID
Cache-Name
Xc-Version
X-Vtex-Processado-Em
X-VG-WebCache
X-User
X-Vdms-Path
X-Vdms-Version
X-Processor
X-SRCache-Key
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Orig-Expires
X-Azure-Ref
X-ZONE
Source
X-Varnish-Ttl
Wxu-Next-Hostname
X-Irp-Debug
Wxu-Next-Commit
X-VG-TLSProxy
Wxu-Next-Region
Web-Mar-Region
X-Loop
X-JWT-State
X-Viewer-Country
X-Origin
X-WADP-Cache
X-Is-Gdpr
We-Hiring
X-Wix-Viewer-Type
X-Worker
X-Node-Id
X-Fetched-On
X-Device-Os
Producers
X-SVT-ORM-RULES
Platform
X-SVT-ORM-VERSION
Server-Host
X-Core-Mission
User-Cache-Control
V-Age
X-Origin-Expires
X-Mvc-Supplant-Cachable
Svr
State
MD5-Digest
Vix-Hermes-Req-Id
X-Varnish-CookieHashed-On
X-SB
X-DefElseHash
X-DefHash
X-Core-Value
X-Scheme
X-Gen-Mode
X-Gdpr
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Fmm-Version
X-Request-URI
X-Planisys-CDN-TTL
X-Developers
X-DPWN-IS-SECURE
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Amzn-Remapped-Content-Length
X-Origin-Response-Time
X-Hnp-Log
X-V-Cache
X-Variation
X-Varnish-CookieINHashed-On
X-Fastly-Cache
X-TNCMS
X-Origin-Time
X-Slack-Backend
X-GeoIP
X-Server-IP
X-Nyt-Route
X-Has-Esi
X-Block-Status
X-Cache-Backend
X-Varnish-Remaining-TTL
X-Location
Is-Eu
Apple-News-Services-Handled
Adler-Geo
Machine
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Environment
Apple-News-Services-Request-Url
X-Tx-Id
CDN
AKAMAI
Cache
Mail-Subject
Memcached
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Platform
X-Datadog-Parent-Id
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Policy
X-Eu-Site
X-Pod-Name
X-Level-Front-Cache
X-HN
X-GeoIP-City
X-Generated-On
X-Qloud-Router
X-Gamma-Serve
X-Men
X-Forwarded-Site
X-Httpd
X-Minions-Version
X-Sn-Servicetimems
X-CacheTTL
X-Dispatcher-Number
X-Cache-Info
X-Cache-Date
Thinkindot-Control
Traceparent
X-Ec-Custom-Error
X-Rocket-Build-Number
X-Thinkindot-L3
X-VServer
X-Skip-Cache
X-Sigma-Backend
X-Sigma
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
PFcat
X-Via-NSCOPI
X-Csrf-Jwt
X-Region-Sid
X-Rebelmouse-Surrogate-Control
HostName
CloudFront-Viewer-Country
Release
TDXMobile
Origin-EX
Origin-CC
Fastly-GeoIP-CountryCode
X-Rebelmouse-Cache-Control
X-VarnishDD-TTL
Ha-Gx-Prefs
Cluster
X-Aicache-OS
CDCHOST
Gh-Request-Id
X-Branch-Name
Fastly-SWR
Fastly-SIE
X-CGP
Fastcgi-Cache-TTL
HA-Ipaddr
L5d-Success-Class
Redirect-Candidate
N-Cache
X-Auto-Login
X-Cdn-Origin
Arc-Country
Locid
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Optimistic-Header
X-Response-By
DSUID
X-Old-Content-Length
X-Scale
NGX
X-Rocket-Nginx-Serving-Static
X-Pool
X-Loc
X-Served-From
X-SIPLIST1
X-Via-Ucdn
X-Parent-Response-Time
X-BBC-Edge-Cache-Status
Ssr
L
Kp-EeAlive
Origin
Server-Ext
Sever-Int
Server-Hostname
IsBot
Req-Svc-Chain
X-TraceId
X-EC-Lua
AMP-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Cache-Control
X-RSL
X-RPM
X-Owner
X-Refresh
X-WP-CF-Super-Cache
X-DW
Pics-Label
X-VC
X-DI
X-DSS
X-CS
X-IPLB-Request-ID
X-Srv
X-DB
X-NC
X-RPS
Ohc-File-Size
X-Date
X-Ah-Environment
X-Newrelic-Synthetics
Memory
X-Accel-Expires-Debug
X-Tb-Optimization-Total-Bytes-Saved
Time
X-Udemy-Cache-App-Namespace
X-CACHE-KEY
X-Akamai-Transformed
Ms-Author-Via
Servername
Cache-Key
Candidate-Md5Url
Env
X-Ad-Defer-Variation
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-LB-NoCache
X-Wikidot-Static-Cache
X-BCube-Filmed-By
X-Edge-Pop
X-Wikidot-Backend
Datacenter
X-Generated-In
X-Mvc-Supplant-OutputCached
VNS-Cache
X-Cache-Debug
X-Amz-Meta-Cb-Modifiedtime
CPC-Age
X-SplitTest
CPC-Cache
Geo-Info
VNS-Age
X-Cache-ASPX
GEO-INFO
XM
X-Contensis-Viewer-Groups
X-Xrds-Location
X-TIME
X-Tt-Logid
X-Via-Poph
ITXSESSIONID
X-API-Version
X-Via-Popn
X-WA-Info
X-Via-Popv
Fastly-Backend-Name
X-Varnish-Authentication
GeoIp-Country-Code
Fusion-Content-Id
X-Cache-Status-Check
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-Servedbyhost
CacheControlHeader
X-Micro-Cache
X-S-Maxage
X-HA-Backend
X-RateLimit-Reset
True-Client-Country-4JS
X-AIR-PT
Geoip-Latitude
X-TH-Server
Client
X-Action
Path
X-Backend-TTL
X-VCL-Version
Lb
Ohc-Cache-HIT
X-Vc
X-Cs
X-VHOST
X-Trace-ID
X-DC
FSS-Cache
True-Client-IP
Ngx.Var.Host
Server-ID
X-Varnish-Beresp-TTL
Cache-Host
Edge-Cache
X-Req
X-CLOUD-TRACE-CONTEXT
Hostname
X-Presslabs-Stats
X-Proxy-CacheRZ
XkeyRZ
X-Api-Version
My-App
X-Provided-By
X-TX-ID
X-Clientip
Powered-By
X-Fpc
X-Webkit-Csp-Report-Only
X-FireWall-Port
X-Pass-Why
X-Zone
X-Origin-Upstream-Status
NtCoent-Length
X-FPC
X-B3-Spanid
X-PX
X-Up
X-Traceid
X-Varnish-Beresp-Ttl
X-LB-ID
Test
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
DataCenter
X-Dmc
X-Cdn-Request-ID
X-Dynatrace
X-CSRF-TOKEN
X-Correlation-ID
X-UnsetCookies
X-Vcl-Version
X-Li-Fabric
X-INCAP-ABP
X-Beluga-Status
X-Render-Time
X-MSEdge-Flight
X-MSEdge-Features
X-Li-Pop
X-Webkit-CSP-Report-Only
X-LI-UUID
X-Beluga-Node
X-Beluga-Record
X-Beluga-Response-Time
User-Agent
X-Beluga-Cache-Status
X-Beluga-Trace
Server-Id
X-ND-Cache
X-HS-Status
Proxy-Connection
C-Via
X-Geo
WZWS-RAY
OT-Force-Account-Verify
X-Time-Microsecs
Rip
Srvid
Click-Count-Error
X-Via-PopN
X-Ha-Backend
X-Alfa-Service
X-Via-PopH
X-ServedByHost
X-Via-PopV
Click-Count-Action-Start
X-CUA
Tube-Got-Results
X-Gateway-Skip-Cache
Tube-Return
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Service
Tube-Got-Eval
X-Gateway-Cache-Key
Tube-Get-Contents
X-RAMCache
X-URL
Tcn
X-Check-Cacheable
HIT
Sid
Uri
Target-Params
GeoIP-Country-Code
X-Fragments
Tracecode
GeoIP-Latitude
Esi-Enabled
X-Platform-Cluster
X-Platform-Processor
X-M-Log
X-Qnm-Cache
X-M-Reqid
Resin-Trace
Cf-Device-Type
X-Platform-Router
MIME-Version
X-DynaTrace-JS-Agent
X-Akamai-Pragma-Client-IP
X-FC-Vary-Parameters
X-Fastly-Backend
X-Azure-Ref-OriginShield
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Epwk-X-Cache
X-CCDN-CacheTTL
On-Server
X-Proxy-Cache-Hk
ENV
Srv
X-Fastly-Backend-Reqs
X-Var-Ttl
X-Fetch-By
Lfy
X-Sucuri-Cache
X-ATG-Version
X-Sucuri-ID
X-LI-Proto
X-TRACE-ID
Fastly-Drupal-HTML
X-APP
X-Backend-Host
X-LiteSpeed-Cache-Control
Cdn
X-Esi
X-Cdn-Forward
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
XServer
X-Backend-State
X-B3-Traceid-Primal
Section-Io-Origin-Time-Seconds
X-Cache-Expires
X-Li-Proto
X-NU-AKA-ACS-Version
X-Edge-POP
Magicmarker
X-Varnish-Beresp-Status
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MG-S
ServerName
X-Newrelic-App-Data
PICS-Label
CF-Cached-On
Inserted-Into-Cache-At
X-ElasticPress-Query
X-Lb-Nocache
X-HostName
X-App
X-Yottaa-OS
D-Url-Rewrites
X-Acquia-Purge-Tags
X-Cache-CFC
X-Acquia-Application-UUID
Wpo-Cache-Message
Cf-Ipcountry
X-Acquia-Site
X-Acquia-Application-Trace
X-Vcache
Wpo-Cache-Status
X-Iplb-Instance
X-Request-Start
WebServer
Server-Ttl
X-Serial
X-Nc
X-Iplb-Request-Id
Warning
Servedby
X-Edge-Origin-Shield-Region
M-TraceId
X-Edge-Origin-Shield-Bytes
X-Vercel-Cache
X-Fastly-Cache-Hits
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-B3-Parentspanid
X-Vercel-Id
X-Request-URL
X-Dw-Trace-Id
Content-Script-Type
Content-Style-Type
X-Back
X-Request-Url
X-Bip
X-Release
X-BBC-Origin-Response-Status
X-Dist-Code
CountryCode
X-Th-Server
X-Snapshot-Date
X-Litespeed-Cache-Control
X-Swift-Error
X-Thanos
X-IN-APIGATEWAYSSL
X-LiteSpeed-Tag
Cneonction
X-Storefront-Renderer-Verified
X-CF-Powered-By
X-Shopify-Generated-Cart-Token
Ngx
X-IN-APIGATEWAY