Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Akamai-Path-Stats
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
Allow
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Content-Location
Rating
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
Accept-Ch
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-Server-Name
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-ESI
Cache-Tag
X-Content-Type
X-B3-TraceId
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-Px
X-Cnection
X-Ac
X-D2id
X-RateLimit-Remaining
X-Element-Page-Cache
X-Navigation-Version
Verso
X-Edge
X-FastCGI-Cache
X-Abt-Application-Version
X-Client-IP
X-Sol
X-Powered-By-Plesk
Display
Pagespeed
X-Middleton-Display
X-Ser
X-Cache-TTL
X-Version
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-GitHub-Request-Id
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-Correlation-Id
X-TTL
X-Edge-Location-Klb
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
AR-SID
X-Ttl
X-Cached
X-Upstream
X-Content-Security-Policy-Report-Only
SPRequestGuid
X-SharePointHealthScore
X-Instrumentation
X-NWS-LOG-UUID
X-Kraken-Loop-Name
X-LLID
X-Server-Lifecycle-Phase
X-RateLimit-Limit
X-Powered-CMS
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-Litespeed-Cache
Nginx-Cache
X-Forwarded-For
X-Cache-Key
Content-MD5
TCN
X-MSEdge-Ref
X-Id
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
X-B3-TraceId-Primal
X-Daa-Tunnel
X-T
X-Webkit-Csp
X-Recruiting
S
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Digest
MS-Author-Via
X-Ua-Device
X-Mg-S
X-Jurisdiction
X-HP-Trace-Id
X-ECACHE
X-HP-Webp
X-Accel-Expires
X-Protected-By
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-DataDome
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Frontend
X-Grace
X-HS-Combine-CSS
X-Ua-Browser
X-Ab
X-Content
Front-End-Https
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Yandex-Sdch-Disable
Filters
X-Server-ID
TP-Cache
TP-L2-Cache
X-PressLabs-Stats
X-Mid
X-Origin-Server
X-DynaTrace
Fastcgi-Cache
X-Hits
X-Distributor
X-Geo-Country
X-ORACLE-DMS-ECID
X-WebKit-CSP-Report-Only
X-ORACLE-DMS-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Amzn-Trace-Id
X-Debug-Info
Charset
X-Tt-Trace-Tag
Cleartype
X-Tt-Trace-Host
X-Page-Id
Host
X-LB-Cache
X-Git-Hash
X-F-Cache
X-DIS-Request-ID
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Ratelimit-Reset
X-Pinterest-Rid
X-Forwarded-Proto
Pinterest-Generated-By
Pinterest-Version
X-Www-Served-By
X-Cache-Age
Access-Control-Allow-Method
ServerID
X-Seen-By
Cache-Status
X-AppVersion
X-Activity-Id
X-Az
Realpath
X-MCACHE
Accept-Charset
Cache-Tags
X-Aspnetmvc-Version
X-Cluster-Name
X-Varnish-Age
Filterid
X-Rid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Nginx-Upstream-Cache-Status
X-Content-Options
X-Language
X-Type
Server-Name
X-App-Environment
X-Oracle-Dms-Ecid
Retry-After
X-Origin-Cache
X-Upgrade-Enabled
X-Tb
Node
Country
X-Oracle-Dms-Rid
Viewport
X-Varnish-Grace
X-FB-Debug
X-Whom
X-User-Agent
X-Signature
X-Route-Name
X-Is-Crawler
X-Varnish-Backend
X-Request-Guid
X-Providence-Cookie
X-Mobile-URL
DC
X-Drupal-Cache-Tags
X-Flags
X-B-Cache
Paypal-Debug-Id
X-Wix-Request-Id
X-Aspnet-Duration-Ms
X-TT
X-NWS-UUID-VERIFY
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-GUploader-UploadID
X-VCache
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-XRDS-LOCATION
Protected
Fastcgi-Useragent
X-B
X-Fastly-Request-Id
X-N
X-Via-JSL
X-Fastly-Request-ID
X-Debug
X-Amz-Replication-Status
WPO-Cache-Message
WPO-Cache-Status
X-Cache-NGX
X-Logged-In
Payment
X-Mcache
X-Contextid
X-Load-Cache
Surrogate-Key
X-Amz-Meta-S3cmd-Attrs
X-Webkit-CSP
Permissions-Policy
Amp-Access-Control-Allow-Source-Origin
Count-Hit
X-Cache-Control
X-FW-Type
X-FW-Static
X-Node-Name
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Hash
Healthy
X-Template
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-XRDS-Location
X-Fastcgi-Cache
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-G
Content-Disposition
X-Proxy
X-Cache-Time
Akamai-GRN
X-Mobile
Refresh
X-Jobs
X-Is-Bot
X-Framework
X-Cacheable-TTL
X-Akamai-Request-ID2
X-Trace-Id
X-Real-IP
X-Zen-Fury
X-Revision
X-Rendered-As
Uber-Trace-Id
X-UUID
X-Adobe-Loc
X-Adobe-Content
X-Proxy-Cache-Status
X-Http-Reason
X-Cache-TTL-Remaining
X-Hostname
X-Page-View
Url
X-Debug-IsConnected
VIX-Pulpo-Node
NGB
X-Debug-IsPreview
X-Device-Type
X-Instance
Access-Control-Request-Headers
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Contexts
Alternate-Protocol
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Servername
X-IPLB-Instance
X-Cache-Grace
X-ECache
X-Mg-Request-UUID
Version
X-B3-Traceid
X-Restarts
X-Source
X-Varnish-Server
X-NGENIX-Cache
X-L-Path
X-Environment-Context
From-Origin
Accept-Language
X-Oneagent-Js-Injection
X-Cache-Rule
X-Cache-Hit
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
Countrycode
X-RTag
X-HTML-Minification-Powered-By
X-Cache-Expired-At
MS-CV
Ms-Operation-Id
X-Parallel-Accel
X-Datadome
Referer-Policy
Frame-Options
X-App-Server
X-NYM-Debug-Backend
Liferay-Portal
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
Cross-Origin-Window-Policy
X-FW-Version
X-IPS-LoggedIn
Backend
X-COUNTRY
X-Midtier
X-Nginx-Cache
Content-Secure-Policy
X-ProcessESI
X-RemovedCookies
Meta-Geo
Upgrade-Insecure-Requests
X-Cache-Server
X-Cache-Action
Section-Io-Cache
X-UPSTREAM-Address
Cache-Tv-Group
X-Hosted-By
X-Redis-Cache
X-RN-RSRV
X-FB-TRIP-ID
X-Generation-Time
X-No-Session
X-Content-Age
X-OCL
X-Ua
X-Detected-As
X-Cache-Enabled
X-PCL
X-APP-VERSION
X-Web-Node
X-Region
X-UA-Device-Type
CF-IPCountry
X-Sql-Count
X-Request-Time
X-Format
X-Unique-Id
X-Be
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Generated-By
X-Via-Fastly
X-Uri
X-Say-TTL
Azure-InstanceId
Apigw-Requestid
X-AOL-HN
X-Cluster-Node
X-Sql-Duration-Ms
Azure-RegionName
Azure-Version
X-Access
WP-Super-Cache
Azure-SlotName
Azure-SiteName
X-Akamai-Edgescape
X-Human
X-Section
X-Storage
Locale
TWC-Device-Class
Fastly-SSL
X-Urbn-Context-Path
X-Say-Cacheable
X-Urbn-Site-Id
TWC-Connection-Speed
X-SayCDN-TTL
S-Rt
Property-Id
X-PHP-Backend
Mn-Server-Ip
TWC-GeoIP-Country
X-Origin-Hint
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Mode
X-Nginx-Cache-Key
X-Site-Version
TWC-Privacy
X-Server-W
X-Varnish-Cache-Hits
X-Origin-Date
Ec-Rule-Version
X-Shopify-Stage
X-ApacheServer
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
CDN-Uid
CDN-RequestId
X-ShopId
Eomportal-Instance
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-Adobe-Source
X-Debug-Cache
X-ShardId
X-Ratelimit-Remaining
X-Xfnlog-Site
X-ProxyCache-Status
X-ProxyCache-Key
X-Platform-Server
X-PERF
X-Content-Powered-By
X-Forwarded-Host
X-Alternate-Cache-Key
X-Cache-Tags
X-BYPASS-REASON
X-Status
X-Cache-Host
X-ServerID
X-JoinUs
X-Hl-Ver
X-Varnishpool
X-Backend-Name
X-Tid
X-Routing-Service
X-Proxied
X-Handled-By
X-NewRelic-App-Data
X-SaId
X-Cache-Type
X-Zipkin-Id
X-Labrador-Cache-Channel
X-PHP-Host
X-Extlb
X-Locale
X-Hyper-Cache
X-Timing-Wait
Selected-Fe
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-Proxy-Build
X-TT-LOGID
X-Cms-Context
X-GG-Cache-Date
X-VC-Cache
ServedBy
Webserver
X-Dc
X-Rule
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Cache-Operation
X-LSADC-Cache
Fastly-Drupal-Html
X-Proto
Web-Mar-Node
SRV
Load-Balancing
X-Cached-By
X-Rewrite-Enabled
X-GeoCountry
X-App-Version
SID
X-Accel-Buffering
X-GeoCode
X-CDN-Forward
X-GEO
X-Cache-Remote
Mime-Version
X-Soup
Onion-Location
Xserver
X-Cdn
X-TA-CDN-Provider
X-Varnish-Hostname
Cache-Hits
X-Pubstack
X-Reqid
Country-Code
X-Cluster
X-Origin-CC
X-Buckets
X-Origin-TTL
X-Request-Host
X-Varnish-Hits
X-Ratelimit-Limit
X-Microcachable
Server-Info
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Tumblr-Pixel-3
X-Envoy-Decorator-Operation
Xet-Cookie
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-SRV
LB
X-CSRF-Token
X-Ms-Request-Id
X-Magnolia-Registration
X-Ms-Version
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Time
X-Amzn-RequestId
Cache
X-Amz-Apigw-Id
DB-Nickname
X-Endurance-Cache-Level
X-Tx-Id
X-NCache
X-B3-SpanId
X-RCS-CacheZone
Source
X-Core-Mission
X-Connection-Hash
X-Developer
X-Ec-Fail
X-Esi-Check
X-Ec-GeoHdr
Xc-Version
DynaTrace
X-External-Request-Id
X-Device-Os
X-Destination
X-Forwarded-Path
X-Fetched-On
X-Epic-Correlation-Id
X-D
BehaviorPad-Version
X-A
Host-ID
T-Server
X-A-Ccd
Fastcgi-X-Cache-Version
X-A-Dcw
Expiry
X-A-Dam
Lang
Surrogated-Key
Pramga
NM-Fastcgi-Cache
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
Sslversion
Rendered-Blocks
MD5-Digest
X-A-Dgt
X-A-Wwc
X-Cache-Id
X-Cache-Bucket
X-B-Cookie
X-Cache-NE
A
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cdn-Srv
X-ARC
Cdncip
DCR-Decision-By
DCR-Processing-Time-Ms
X-Aed
Cmstype
Cmsid
Cdnsip
X-Application
X-AK-Request-ID
X-Conf
X-Ftr-Request-Id
X-S-Cookie
X-NAPM-TraceId
X-Node-Id
X-Tenant
X-SVT-ORM-VERSION
X-PBS-Appsvrname
X-Bc-Bl
X-SVT-ORM-RULES
X-S
X-Rojux
X-Processor
X-TrackingId
X-PAYTM-SRV-ID
X-Orig-Expires
X-TIM-N
X-User
X-Vtex-Processado-Em
X-SRCache-Key
X-ScT
X-Vdms-Path
X-SD-PageType
X-IPLB-Request-ID
X-Gzip
X-Vdms-Version
X-VG-WebCache
X-Geo-Header
X-Hash
X-Shop-Environment
X-Session-Fingerprint
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-Vtex-Remote-Cache
X-Varnish-Beresp-Grace
X-Varnish-Ttl
Wxu-Next-Region
X-Slack-Backend
X-Thinkindot-L3
X-TNCMS
X-Skip-Cache
X-WADP-Cache
X-Webstats-RespID
Traceparent
X-Varnish-CookieINHashed-On
Server-Host
X-Varnish-CookieHashed-On
State
X-Varnish-Remaining-TTL
Release
Origin-EX
Platform
X-Via-Ucdn
Producers
X-VServer
X-Variation
User-Cache-Control
We-Hiring
Web-Mar-Region
Wxu-Next-Commit
X-Amzn-Remapped-Content-Length
Thinkindot-Control
X-V-Cache
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Wxu-Next-Hostname
X-Cache-Info
X-JWT-State
X-Dispatcher-Number
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-LAGOON
X-Loop
X-Nyt-Route
X-NodeID
X-Developers
X-Mvc-Supplant-Cachable
X-Is-Gdpr
X-Irp-Debug
X-Has-Esi
X-From
X-GeoIP
X-Gen-Mode
X-Fmm-Version
Origin-CC
X-Worker
X-Hnp-Log
X-Fastly-Cache
X-DefHash
X-DefElseHash
X-Cache-Date
X-Gdpr
X-Scheme
X-SB
X-Cache-Backend
X-Block-Status
X-Sigma
X-Wix-Viewer-Type
X-Server-IP
X-CacheTTL
X-Rocket-Build-Number
X-Origin-Response-Time
X-Origin-Expires
X-Origin
X-Core-Value
X-Origin-Time
X-Planisys-CDN-Cache
X-Ckpd-Fst-Backend
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Sigma-Backend
X-Clara-WADP
Machine
Environment
Mail-Subject
AKAMAI
Adler-Geo
Is-Eu
X-R9-Blue-Green-Version
Memcached
Fastly-GeoIP-CountryCode
CloudFront-Viewer-Country
Cache-Name
X-Azure-Ref
X-Cdn-Origin
X-Pool
Cluster
X-CGP
X-Aicache-OS
HostName
X-Platform
Apple-News-Services-Handled
X-Pod-Name
X-Csrf-Jwt
X-BBC-Edge-Cache-Status
CDCHOST
X-Branch-Name
X-Viewer-Country
X-Policy
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Auto-Login
X-Datadog-Trace-Id
X-Gamma-Serve
Ohc-File-Size
X-Forwarded-Site
X-Level-Front-Cache
X-ZONE
X-Generated-On
X-HN
X-Httpd
X-GeoIP-City
X-Xrds-Location
X-VG-TLSProxy
X-VarnishDD-TTL
X-Sn-Servicetimems
DSUID
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Minions-Version
CDN
X-Loc
X-Location
X-Via-NSCOPI
X-Eu-Site
X-SIPLIST1
Apple-News-Services-Request-Url
Ha-Gx-Prefs
HA-Ipaddr
Svr
N-Cache
Ssr
Vix-Hermes-Req-Id
X-Served-From
Sever-Int
NGX
X-Region-Sid
X-Proxy-Cache-Info
PFcat
L5d-Success-Class
X-Request-URI
L
Origin
IsBot
Kp-EeAlive
Gh-Request-Id
V-Age
Server-Ext
X-Rebelmouse-Surrogate-Control
Fastcgi-Cache-TTL
X-Qloud-Router
Req-Svc-Chain
Redirect-Candidate
X-Proxy-Upstream
X-Rocket-Nginx-Serving-Static
Server-Hostname
Fastly-SWR
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Fastly-SIE
X-Newrelic-Synthetics
X-WP-CF-Super-Cache
X-Optimistic-Header
X-Owner
X-WP-CF-Super-Cache-Cache-Control
X-Scale
X-Men
X-Wikidot-Static-Cache
X-CS
X-VC
Locid
X-Wikidot-Backend
Pics-Label
X-Tb-Optimization-Total-Bytes-Saved
X-Refresh
Cache-Key
X-Ad-Defer-Variation
X-BCube-Filmed-By
Arc-Country
Datacenter
Candidate-Md5Url
X-Srv
X-Parent-Response-Time
X-CACHE-KEY
CPC-Cache
X-Contensis-Viewer-Groups
X-SplitTest
VNS-Cache
XM
X-Ah-Environment
CPC-Age
VNS-Age
GEO-INFO
X-Response-By
X-NC
X-Cache-ASPX
X-Tt-Logid
X-Old-Content-Length
X-EC-Lua
Ms-Author-Via
X-Cache-Status-Check
X-TraceId
X-Tec-Api-Version
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Reset
X-Tec-Api-Root
X-Tec-Api-Origin
X-RPS
X-RSL
X-RPM
X-LB-NoCache
X-DSS
Env
X-DB
X-DI
X-DW
X-Edge-Pop
X-WA-Info
X-Varnish-Authentication
Servername
Fastly-Backend-Name
X-Udemy-Cache-App-Namespace
X-Accel-Expires-Debug
Memory
Time
X-Micro-Cache
X-Mvc-Supplant-OutputCached
X-Date
X-Amz-Meta-Cb-Modifiedtime
Lb
X-TIME
X-Akamai-Transformed
X-GeoIP-Region-Code
X-Via-Popv
X-AIR-PT
X-Generated-In
Path
X-GeoIP-Country-Code
X-Via-Poph
X-Via-Popn
X-Servedbyhost
Ohc-Cache-HIT
X-S-Maxage
GeoIp-Country-Code
X-Cache-Debug
ITXSESSIONID
X-HA-Backend
Cache-Host
FSS-Cache
Client
X-API-Version
Ngx.Var.Host
Fusion-Component-Id
X-Api-Version
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
CacheControlHeader
Geoip-Latitude
X-Vc
X-Varnish-Beresp-TTL
X-VCL-Version
True-Client-IP
X-Proxy-CacheRZ
X-VHOST
XkeyRZ
X-Cs
X-DC
Geo-Info
Server-ID
X-Trace-ID
X-Clientip
X-Action
X-TH-Server
True-Client-Country-4JS
Hostname
X-Backend-TTL
X-Correlation-ID
X-Presslabs-Stats
X-Fpc
X-FireWall-Port
X-Zone
Powered-By
X-Req
Edge-Cache
X-Webkit-Csp-Report-Only
X-TX-ID
X-Pass-Why
X-Dmc
X-PX
NtCoent-Length
X-Traceid
X-B3-Spanid
My-App
X-MSEdge-Features
X-FPC
Test
X-Provided-By
X-MSEdge-Flight
X-Render-Time
X-INCAP-ABP
X-NGINX-Cache
X-Origin-Upstream-Status
X-Cdn-Request-ID
X-Up
X-CSRF-TOKEN
C-Via
X-Varnish-Beresp-Ttl
Cf-Int-Pingora-Origin-Digest
X-Vcl-Version
X-Gateway-Cache-Key
X-LB-ID
X-Service
User-Agent
X-Gateway-Request-Id
Tube-Return
Tube-Got-Results
X-Beluga-Cache-Status
X-Gateway-Skip-Cache
X-DynaTrace-JS-Agent
Tube-Got-Eval
X-Beluga-Response-Time
Click-Count-Action-Start
X-Beluga-Status
X-HS-Status
X-Beluga-Trace
X-Webkit-CSP-Report-Only
Server-Id
Rip
Click-Count-Error
X-Beluga-Record
Tube-Get-Contents
X-Gateway-Cache-Status
X-Beluga-Node
X-M-Reqid
X-Qnm-Cache
Esi-Enabled
Proxy-Connection
Tcn
OT-Force-Account-Verify
X-M-Log
HIT
X-TRACE-ID
DataCenter
GeoIP-Country-Code
Uri
Srvid
GeoIP-Latitude
X-Via-PopV
X-UnsetCookies
X-LI-UUID
X-Li-Pop
X-Via-PopN
X-Via-PopH
X-Alfa-Service
X-Ha-Backend
X-Li-Fabric
On-Server
X-URL
Resin-Trace
X-CLOUD-TRACE-CONTEXT
X-Dynatrace
X-ND-Cache
X-RAMCache
X-ServedByHost
WZWS-RAY
X-Time-Microsecs
Sid
X-Akamai-Pragma-Client-IP
MIME-Version
X-Check-Cacheable
X-CCDN-CacheTTL
Srv
X-CCDN-Origin-Time
X-LI-Proto
X-Proxy-Cache-Hk
Cdn
X-Fetch-By
Epwk-X-Cache
X-Hcs-Proxy-Type
X-APP
X-CUA
X-Geo
X-Cdn-Forward
ENV
X-Fragments
Target-Params
X-Platform-Router
X-Platform-Processor
Cf-Device-Type
X-Fastly-Backend-Reqs
X-ATG-Version
X-Backend-Host
Tracecode
X-Platform-Cluster
X-Edge-Origin-Shield-Bytes
X-Esi
Lfy
X-App
ServerName
XServer
X-Sucuri-ID
X-Sucuri-Cache
X-Lb-Nocache
X-B3-Traceid-Primal
X-Edge-POP
X-Var-Ttl
X-FC-Vary-Parameters
Fastly-Drupal-HTML
X-Fastly-Backend
WebServer
X-Srcache-Store-Status
X-MG-S
X-HostName
X-Srcache-Fetch-Status
X-Edge-Origin-Shield-Region
M-TraceId
PICS-Label
X-ElasticPress-Query
X-Yottaa-OS
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Azure-Ref-OriginShield
Section-Io-Origin-Status
X-Nc
Server-Ttl
Section-Io-Id
Inserted-Into-Cache-At
X-Varnish-Beresp-Status
X-Cache-Expires
Warning
X-Newrelic-App-Data
CF-Cached-On
X-LiteSpeed-Cache-Control
X-Request-Url
D-Url-Rewrites
X-Backend-State
X-Iplb-Instance
Cf-Ipcountry
X-Serial
X-Dw-Trace-Id
X-NU-AKA-ACS-Version
X-Vcache
X-Iplb-Request-Id
X-CF-Powered-By
X-Li-Proto
Magicmarker
Servedby
Wp-Super-Cache
DT-Hot-News
X-Litespeed-Cache-Control
X-Back
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
X-Release
Content-Style-Type
Dt-Hot-News
True-Client-Ip
Content-Script-Type
X-Vercel-Id
X-Vercel-Cache
X-BBC-Origin-Response-Status
X-Th-Server
X-Snapshot-Date
X-Acquia-Purge-Tags
X-Acquia-Site
X-Request-URL
CountryCode
Ngx
Cneonction
X-Storefront-Renderer-Verified
X-Dist-Code
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Fastcgi-Cache-Ttl