Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
Access-Control-Allow-Origin
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
EagleId
Request-Context
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Dispatcher
EagleEye-TraceId
X-Styx-Req-Id
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Allow
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Aws-Lambda-Call-Status
X-Server-Id
X-CST
Surrogate-Control
X-Backend-Server
Request-Id
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Cf-Edge-Cache
Rating
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Trace
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
X-Rack-Cache
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
RTSS
X-Server-Name
X-VARITI-CCR
X-Content-Type
X-B3-TraceId
Accept-Ch
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-Amz-Rid
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Ac
X-Dw-Request-Base-Id
X-Cnection
Public-Key-Pins
X-Px
X-Amz-Server-Side-Encryption
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-Client-IP
X-RateLimit-Remaining
X-Abt-Application-Version
X-Powered-By-Plesk
X-Cache-TTL
Service-Worker-Allowed
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Ser
X-Version
X-Country-Code
Arr-Disable-Session-Affinity
X-Edge
X-GitHub-Request-Id
X-Middleton-Response
Response
X-NF-Request-ID
Access-Control-Request-Method
X-FastCGI-Cache
X-Correlation-Id
X-Goog-Hash
X-Ruxit-Js-Agent
X-Kinsta-Cache
X-Webkit-Csp
AR-CACHE
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Upstream
X-TTL
X-Edge-Location-Klb
X-Ttl
SPIisLatency
SPRequestDuration
X-NWS-LOG-UUID
X-Cached
X-Cache-Key
X-Powered-CMS
X-LLID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Litespeed-Cache
Edge-Cache-Tag
Nginx-Cache
TCN
X-RateLimit-Limit
SPRequestGuid
X-SharePointHealthScore
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
X-MSEdge-Ref
MS-Author-Via
Content-MD5
X-Id
X-Shield-Request-Id
X-T
X-Content-Security-Policy-Report-Only
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Recruiting
S
X-Mg-S
X-Ua-Device
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Protected-By
X-DataDome
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Frontend
X-Ezoic-Cdn
X-Content
X-Ab
X-Ua-Browser
X-HS-Content-Id
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
Server-Node
X-Request-Received
X-Request-Processing-Time
Front-End-Https
X-Grace
X-Accel-Expires
Filters
X-Server-ID
X-Mid
Fastcgi-Cache
X-PressLabs-Stats
X-Hits
X-ECACHE
X-Origin-Server
X-ORACLE-DMS-ECID
X-Geo-Country
X-Distributor
TP-L2-Cache
TP-Cache
X-ORACLE-DMS-RID
X-Debug-Info
X-Pinterest-Rid
Pinterest-Generated-By
X-Ratelimit-Reset
Pinterest-Version
X-DynaTrace
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
Cleartype
X-Page-Id
Host
X-Git-Hash
X-F-Cache
X-B3-Sampled
X-DIS-Request-ID
Cross-Origin-Opener-Policy
X-Www-Served-By
X-Forwarded-Proto
X-Microsite
X-Request-Handler-Origin-Region
ServerID
X-LB-Cache
Access-Control-Allow-Method
Cache-Tags
X-Cache-Age
X-Seen-By
X-Aspnetmvc-Version
X-Activity-Id
X-AppVersion
X-Az
X-Oracle-Dms-Ecid
X-Cluster-Name
X-Oracle-Dms-Rid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cache-Status
Accept-Charset
Server-Name
X-Language
X-Varnish-Age
Realpath
Filterid
X-Type
X-Rid
X-Content-Options
X-Fastcgi-Cache
X-Nginx-Upstream-Cache-Status
X-VCache
X-Mobile-URL
X-WebKit-CSP-Report-Only
Country
X-Upgrade-Enabled
Node
X-Varnish-Grace
X-App-Environment
Viewport
X-MCACHE
X-FB-Debug
X-Tb
X-Wix-Request-Id
X-User-Agent
X-Fastly-Request-ID
X-Route-Name
X-Signature
X-Request-Guid
X-Flags
X-Whom
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Origin-Cache
DC
Paypal-Debug-Id
X-Is-Crawler
X-B-Cache
X-TT
Protected
X-Drupal-Cache-Tags
X-Via-JSL
X-NWS-UUID-VERIFY
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
Fastcgi-Useragent
X-Varnish-Backend
Retry-After
X-XRDS-LOCATION
X-Cache-NGX
X-B
Payment
X-Amz-Replication-Status
X-Contextid
X-Debug
X-XRDS-Location
X-Logged-In
X-Load-Cache
X-N
WPO-Cache-Status
WPO-Cache-Message
X-Template
X-FW-Type
X-FW-Dynamic
X-FW-Server
X-FW-Static
X-FW-Hash
X-FW-Serve
X-Fastly-Request-Id
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-Mcache
X-Cache-Control
X-Node-Name
X-Hostname
Count-Hit
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Amz-Meta-S3cmd-Attrs
X-Original-Request-Id
X-Response-Served-From
Healthy
SD-X-WS
Akamai-GRN
Refresh
Content-Disposition
X-Akamai-Request-ID2
X-UUID
X-G
X-Cache-TTL-Remaining
X-Proxy
VIX-Pulpo-Node
X-Is-Bot
X-Real-IP
X-Rendered-As
VIX-Pulpo-Upstream-Status
X-Cache-Time
Uber-Trace-Id
X-Framework
X-Page-View
X-Zen-Fury
X-Mobile
X-Jobs
X-Cacheable-TTL
X-Revision
X-Http-Reason
X-Parallel-Accel
X-Proxy-Cache-Status
X-Debug-IsConnected
X-Debug-IsPreview
X-Device-Type
X-Drupal-Cache-Contexts
NGB
Alternate-Protocol
X-Yottaa-Optimizations
X-Adobe-Content
X-Adobe-Loc
X-Yottaa-Metrics
X-Instance
X-Trace-Id
Access-Control-Request-Headers
X-IPLB-Instance
X-Servername
X-ECache
X-Cache-Rule
X-Source
Permissions-Policy
Url
X-B3-Traceid
From-Origin
X-Vgn-Hpd-Reason
Version
X-Cache-Grace
X-Varnish-Server
X-Oneagent-Js-Injection
Accept-Language
X-Cache-Hit
X-Cache-Expired-At
X-Environment-Context
X-Mg-Request-UUID
X-L-Path
Referer-Policy
X-EdgeConnect-Cache-Status
X-Ratelimit-Remaining
X-Restarts
Countrycode
X-NGENIX-Cache
MS-CV
Ms-Operation-Id
X-RTag
X-FW-Version
X-App-Server
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Cache-Action
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
Backend
Liferay-Portal
X-COUNTRY
X-NYM-Debug-Backend
X-HTML-Minification-Powered-By
X-ProcessESI
Frame-Options
X-RemovedCookies
WP-Super-Cache
Content-Secure-Policy
CF-IPCountry
X-Nginx-Cache
Section-Io-Cache
X-Hyper-Cache
Meta-Geo
X-Cache-Server
X-APP-VERSION
X-OCL
X-PCL
X-RN-RSRV
X-UPSTREAM-Address
X-Section
X-Format
X-Redis-Cache
X-Access
Upgrade-Insecure-Requests
X-Generation-Time
X-ApacheServer
Cache-Tv-Group
X-No-Session
Mn-Server-Ip
X-Region
Apigw-Requestid
X-PERF
X-Content-Age
X-Ua
X-Detected-As
X-Cluster-Node
Fastly-SSL
X-Urbn-Context-Path
Locale
X-SayCDN-TTL
X-Urbn-Site-Id
X-Site-Version
X-Uri
X-Via-Fastly
TWC-GeoIP-LatLong
X-UA-Device-Type
X-Storage
X-Sql-Duration-Ms
X-Sql-Count
X-Web-Node
TWC-Locale-Group
X-Server-W
X-Say-TTL
X-Xfnlog-Site
Azure-SlotName
X-Generated-By
X-Hosted-By
X-Human
Webcakes-Region
S-Rt
TWC-Connection-Speed
X-Be
X-Cache-Enabled
X-Status
TWC-Device-Class
Webcakes-App-Version
X-Origin-Date
TWC-Privacy
Azure-SiteName
X-Say-Cacheable
Azure-RegionName
Azure-Version
TWC-GeoIP-Country
X-Origin-Hint
Webcakes-App-Name
Property-Id
Azure-InstanceId
X-Akamai-Edgescape
X-Rule
X-Mode
X-Unique-Id
Webserver
X-AOL-HN
X-BYPASS-REASON
Eomportal-Instance
CDN-Uid
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
X-Varnish-Cache-Hits
X-Cache-Tags
X-Webkit-CSP
X-ProxyCache-Key
X-ProxyCache-Status
X-Request-Time
X-Platform-Server
X-PHP-Backend
CDN-CachedAt
X-Cache-Type
X-Content-Powered-By
X-Debug-Cache
X-Forwarded-Host
X-Cache-Host
CDN-Cache
X-Nginx-Cache-Key
X-JoinUs
X-Routing-Service
X-Backend-Name
X-Hl-Ver
X-Tid
X-Proxied
X-Extlb
X-Alternate-Cache-Key
X-Zipkin-Id
Ec-Rule-Version
X-SaId
X-Shopify-Stage
X-FB-TRIP-ID
X-Adobe-Source
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Datadome
X-ServerID
X-Varnishpool
X-TT-LOGID
X-Handled-By
X-Accel-Buffering
X-PHP-Host
X-Locale
X-Timing-Wait
X-GG-Cache-Date
X-Labrador-Cache-Channel
X-Cache-Operation
X-Proxy-Build
Selected-Fe
X-Cache-Remote
Xserver
ServedBy
X-Ratelimit-Limit
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-LSADC-Cache
X-VC-Cache
X-Rewrite-Enabled
SID
X-NewRelic-App-Data
X-CDN-Forward
X-Pubstack
X-Soup
X-Cached-By
SRV
X-Dc
X-Edge-Location
Fastly-Drupal-Html
Mime-Version
Web-Mar-Node
X-Buckets
X-Proto
X-TA-CDN-Provider
LB
X-Storefront-Renderer-Rendered
X-Reqid
X-GEO
X-Cms-Context
Country-Code
X-Request-Host
Decoy-Debug-TTL
Onion-Location
Decoy-Debug-Status
X-App-Version
Decoy-Debug-Key
X-Microcachable
X-Varnish-Hostname
X-Origin-TTL
X-Origin-CC
X-Midtier
X-GeoCountry
X-GeoCode
Cache-Hits
Load-Balancing
X-Ms-Version
Server-Info
X-Ms-Request-Id
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Xet-Cookie
X-MP-GENERATED-AT
X-Cluster
X-NCache
X-Varnish-Hits
X-B3-SpanId
X-CSRF-Token
X-Bc-Bl
X-RCS-CacheZone
X-Envoy-Decorator-Operation
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Endurance-Cache-Level
DynaTrace
Cache-Name
X-Tx-Id
X-Magnolia-Registration
X-Origin-Response-Time
X-R9-Blue-Green-Version
Pramga
NM-Fastcgi-Cache
Mobile-Detection-Method
Sslversion
Odigeo-Trace-Id
Rendered-Blocks
Lang
Meta-Geo-Continent
Cmsid
A
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Cdncip
Cdnsip
Expiry
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
DCR-Decision-By
Cmstype
DB-Nickname
Host-ID
X-Conf
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Processor
X-Rojux
X-S-Cookie
X-S
X-Orig-Expires
X-NodeID
X-Hash
X-Gzip
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-NAPM-TraceId
X-LAGOON
X-ScT
X-SD-PageType
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Webstats-RespID
X-Vdms-Path
X-User
X-Shop-Environment
X-Session-Fingerprint
X-SRCache-Key
X-Tenant
X-TrackingId
X-TIM-N
X-Geo-Header
X-Ftr-Request-Id
X-Application
X-AK-Request-ID
X-ARC
X-B-Cookie
X-Cache-NE
X-Cache-Id
X-Aed
X-A-Wwc
X-A
T-Server
X-A-Ccd
X-A-Dam
X-A-Dgt
X-A-Dcw
X-Cdn-Srv
X-CF-Lambda-Fn
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Esi-Check
X-External-Request-Id
X-From
X-Forwarded-Path
X-Ec-Fail
X-Developers
X-Connection-Hash
X-CF-Lambda-Version
X-D
X-Destination
X-Developer
Surrogated-Key
X-Cache-Bucket
X-Air-Hostname
X-Air-Source
X-Azure-Ref
X-SRV
X-Air-Trace-Id
X-Via-NSCOPI
X-Varnish-Beresp-Grace
X-Time
X-VG-TLSProxy
X-DefElseHash
X-DefHash
X-Core-Mission
X-Clara-WADP
X-Cache-Backend
X-Cache-Info
X-Worker
X-DPWN-IS-SECURE
X-Gdpr
X-Gen-Mode
X-Wix-Viewer-Type
X-Fmm-Version
X-Ec-Custom-Error
X-Fastly-Cache
X-Block-Status
X-Amzn-Remapped-Content-Length
Svr
X-SVT-ORM-RULES
State
Server-Host
X-SVT-ORM-VERSION
Producers
User-Cache-Control
V-Age
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Web-Mar-Region
Vix-Hermes-Req-Id
We-Hiring
X-GeoIP
X-Varnish-Remaining-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Variation
X-Origin-Time
X-Origin
X-Origin-Expires
X-Pod-Name
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-Server-IP
X-Scheme
X-Viewer-Country
X-SB
X-Nyt-Route
X-Node-Id
X-Irp-Debug
X-Is-Gdpr
Platform
X-Hnp-Log
X-Has-Esi
X-TNCMS
X-JWT-State
X-Varnish-CookieINHashed-On
X-Mvc-Supplant-Cachable
X-Varnish-CookieHashed-On
X-Men
X-Loop
X-WADP-Cache
X-Location
X-Slack-Backend
X-Core-Value
Fastly-GeoIP-CountryCode
Is-Eu
AKAMAI
Adler-Geo
Environment
Locid
X-Request-URI
Memcached
Machine
Mail-Subject
CDN
Source
X-ZONE
X-Generated-On
X-RateLimit-Limit-Second
X-Httpd
X-Forwarded-Site
X-RateLimit-Remaining-Second
X-GeoIP-City
Fastcgi-Cache-TTL
X-Ckpd-Fst-Backend
X-Datadog-Parent-Id
X-Cdn-Origin
Gh-Request-Id
X-Branch-Name
X-Cache-Date
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-HN
Cluster
X-Device-Os
Fastly-SIE
Fastly-SWR
X-Fetched-On
X-Loc
X-Srv
X-Served-From
X-Rocket-Nginx-Serving-Static
X-Response-By
X-Region-Sid
L
MD5-Digest
X-V-Cache
X-Thinkindot-L3
X-Sn-Servicetimems
X-Skip-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Minions-Version
X-VServer
Arc-Country
Cache
X-Level-Front-Cache
X-Old-Content-Length
X-VarnishDD-TTL
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Pool
X-Policy
CloudFront-Viewer-Country
X-Gamma-Serve
Req-Svc-Chain
Thinkindot-CacheControl-Type
Release
X-Auto-Login
Redirect-Candidate
X-Aicache-OS
Thinkindot-CacheControl
PFcat
TDXMobile
L5d-Success-Class
X-Eu-Site
Kp-EeAlive
Thinkindot-Control
X-Csrf-Jwt
X-CGP
Traceparent
Ha-Gx-Prefs
X-BBC-Edge-Cache-Status
Origin
Origin-CC
HA-Ipaddr
CDCHOST
Origin-EX
X-Tec-Api-Root
X-Tec-Api-Origin
HostName
X-Tec-Api-Version
X-Parent-Response-Time
X-CS
DSUID
X-Qloud-Router
X-Dispatcher-Number
Ssr
X-Platform
X-Optimistic-Header
X-CacheTTL
N-Cache
X-DI
X-DB
X-DW
X-RSL
NGX
X-RPM
X-RPS
X-DSS
X-WP-CF-Super-Cache-Cache-Control
X-Refresh
X-NC
X-TraceId
Sever-Int
X-SIPLIST1
Server-Hostname
X-Via-Ucdn
Server-Ext
IsBot
X-Owner
X-Accel-Expires-Debug
X-EC-Lua
Pics-Label
X-Date
X-WP-CF-Super-Cache
X-VC
X-Scale
X-Tb-Optimization-Total-Bytes-Saved
Memory
X-Tt-Logid
Servername
Time
X-LB-NoCache
X-GeoIP-Region-Code
Env
X-GeoIP-Country-Code
X-Ah-Environment
X-TIME
X-Akamai-Transformed
Ms-Author-Via
AMP-Access-Control-Allow-Source-Origin
X-Udemy-Cache-App-Namespace
GEO-INFO
X-IPLB-Request-ID
X-Mvc-Supplant-OutputCached
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Cache-Debug
Ohc-File-Size
X-Varnish-Ttl
X-Newrelic-Synthetics
X-BCube-Filmed-By
Geo-Info
X-Ad-Defer-Variation
Cache-Key
X-Amz-Meta-Cb-Modifiedtime
Candidate-Md5Url
X-API-Version
X-Edge-Pop
X-Xrds-Location
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
X-Generated-In
X-Contensis-Viewer-Groups
X-Cache-ASPX
VNS-Age
CPC-Age
VNS-Cache
X-Via-Poph
X-SplitTest
CacheControlHeader
XM
CPC-Cache
Datacenter
X-Via-Popv
X-Servedbyhost
X-Via-Popn
X-WA-Info
X-Action
GeoIp-Country-Code
Fastly-Backend-Name
X-TH-Server
X-S-Maxage
X-HA-Backend
True-Client-Country-4JS
ITXSESSIONID
X-Varnish-Authentication
X-Trace-ID
X-RateLimit-Reset
X-Cache-Status-Check
Path
X-VCL-Version
X-DC
X-Backend-TTL
Client
X-AIR-PT
FSS-Cache
Server-ID
X-CACHE-KEY
Geoip-Latitude
X-Vc
X-Micro-Cache
X-VHOST
X-Req
Cache-Host
Edge-Cache
X-Webkit-Csp-Report-Only
X-Cs
X-Provided-By
X-Varnish-Beresp-TTL
Hostname
X-Presslabs-Stats
Ngx.Var.Host
Lb
My-App
Ohc-Cache-HIT
True-Client-IP
X-Fpc
X-Zone
X-Origin-Upstream-Status
X-Dynatrace
X-Up
X-FireWall-Port
X-Api-Version
X-Clientip
X-Pass-Why
NtCoent-Length
X-TX-ID
XkeyRZ
Powered-By
X-PX
X-Traceid
DataCenter
X-LB-ID
X-Proxy-CacheRZ
Test
X-FPC
X-Varnish-Beresp-Ttl
X-B3-Spanid
X-Cdn-Request-ID
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-Li-Pop
X-Li-Fabric
X-Esi
X-CSRF-TOKEN
X-LI-UUID
X-Correlation-ID
OT-Force-Account-Verify
X-Webkit-CSP-Report-Only
WZWS-RAY
X-Dmc
X-MSEdge-Features
X-MSEdge-Flight
X-UnsetCookies
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Cache-Status
User-Agent
X-ND-Cache
X-Beluga-Node
X-Beluga-Record
X-Beluga-Response-Time
X-Render-Time
X-Time-Microsecs
X-INCAP-ABP
Proxy-Connection
X-CUA
Server-Id
X-Vcl-Version
X-CLOUD-TRACE-CONTEXT
Srvid
GeoIP-Country-Code
Rip
C-Via
X-Ha-Backend
X-Via-PopH
X-RAMCache
X-HS-Status
X-Via-PopN
X-Via-PopV
GeoIP-Latitude
X-Platform-Processor
X-Fragments
X-Platform-Cluster
Tracecode
Target-Params
Cf-Device-Type
X-URL
X-Platform-Router
X-B3-Traceid-Primal
X-Geo
X-Akamai-Pragma-Client-IP
X-Azure-Ref-OriginShield
X-Check-Cacheable
X-Sucuri-Cache
Sid
X-Var-Ttl
Lfy
X-ServedByHost
X-FC-Vary-Parameters
X-Fastly-Backend
X-ATG-Version
Uri
Resin-Trace
Click-Count-Action-Start
X-Sucuri-ID
X-Gateway-Skip-Cache
Tube-Return
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Service
Tube-Got-Results
Click-Count-Error
Tube-Get-Contents
Tube-Got-Eval
X-Gateway-Cache-Key
MIME-Version
X-M-Reqid
X-Qnm-Cache
X-M-Log
Epwk-X-Cache
Esi-Enabled
X-LI-Proto
X-Alfa-Service
X-Hcs-Proxy-Type
X-Proxy-Cache-Hk
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Fetch-By
Fastly-Drupal-HTML
X-TRACE-ID
HIT
On-Server
Section-Io-Origin-Status
X-Edge-POP
Section-Io-Origin-Time-Seconds
X-Backend-Host
Magicmarker
Section-Io-Id
Section-Origin-Responded
X-SERVER-NAME
X-Fastly-Backend-Reqs
X-NU-AKA-ACS-Version
X-DynaTrace-JS-Agent
X-Varnish-Beresp-Status
ENV
Srv
X-Li-Proto
Cdn
X-LiteSpeed-Cache-Control
X-App
X-Cdn-Forward
X-Backend-State
XServer
X-Cache-Expires
X-MG-S
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-APP
X-Yottaa-OS
X-ElasticPress-Query
X-Newrelic-App-Data
Tcn
PICS-Label
X-Request-Start
CF-Cached-On
ServerName
Server-Ttl
X-Lb-Nocache
X-Cache-CFC
X-Iplb-Instance
X-Acquia-Site
X-Serial
D-Url-Rewrites
Inserted-Into-Cache-At
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
X-Bip
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Iplb-Request-Id
X-Nc
Wpo-Cache-Status
Wpo-Cache-Message
X-Thanos
Cf-Ipcountry
X-HostName
Servedby
Warning
X-Vercel-Id
X-Snapshot-Date
X-Swift-Error
Fastcgi-Cache-Ttl
X-LiteSpeed-Tag
X-Shopify-Generated-Cart-Token
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Storefront-Renderer-Verified
Hit
X-CF-Powered-By
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Cache
X-IN-APIGATEWAY
True-Client-Ip
X-Request-Url
Cneonction
CountryCode
X-Request-URL
Content-Style-Type
Ngx
X-Back
X-Dist-Code
Content-Script-Type
X-Th-Server
X-B3-Parentspanid
X-Akamai-Request-ID
X-Dw-Trace-Id
X-Release
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL