Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
Host-Header
X-Amz-Request-Id
X-Proxy-Cache
X-UA-Device
X-Amz-Id-2
X-Hacker
X-Akamai-Path-Stats
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
X-WebKit-CSP
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
Accept-CH-Lifetime
X-Url
X-Trace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-MS-InvokeApp
X-Mod-Pagespeed
X-Rack-Cache
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-Server-Name
RTSS
Edge-Control
X-Ruxit-JS-Agent
X-Varnish-TTL
X-VARITI-CCR
X-ESI
X-Content-Type
X-B3-TraceId
Cache-Tag
Accept-Ch
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Dw-Request-Base-Id
Public-Key-Pins
X-Amz-Rid
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Px
X-Cnection
X-Ac
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-Webkit-Csp
X-Client-IP
X-Abt-Application-Version
X-Edge
X-Powered-By-Plesk
X-Cache-TTL
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Ser
X-Version
Service-Worker-Allowed
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-GitHub-Request-Id
X-Ruxit-Js-Agent
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Goog-Hash
Access-Control-Request-Method
X-Correlation-Id
SPRequestDuration
SPIisLatency
X-Kinsta-Cache
X-TTL
AR-SID
X-Edge-Location-Klb
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Ttl
X-Upstream
X-Cached
X-RateLimit-Limit
X-LLID
X-NWS-LOG-UUID
X-Powered-CMS
SPRequestGuid
X-Cache-Key
X-SharePointHealthScore
Edge-Cache-Tag
X-Litespeed-Cache
X-Kraken-Loop-Name
X-Instrumentation
Nginx-Cache
X-Server-Lifecycle-Phase
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-MSEdge-Ref
TCN
Mrf-Cache-Status
MRF-Tech
Content-MD5
X-Id
X-Shield-Request-Id
X-B3-TraceId-Primal
X-Daa-Tunnel
X-T
MS-Author-Via
X-Recruiting
S
X-Content-Digest
X-Ua-Device
X-Mg-S
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Protected-By
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Ab
X-Content
X-SRCache-Fetch-Status
X-Ua-Browser
X-SRCache-Store-Status
X-Frontend
X-Grace
X-Request-Received
Server-Node
X-Request-Processing-Time
Front-End-Https
X-ECACHE
X-DataDome
Filters
X-Server-ID
X-Yandex-Sdch-Disable
X-PressLabs-Stats
X-DynaTrace
X-Mid
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Origin-Server
TP-L2-Cache
TP-Cache
X-Hits
X-Geo-Country
X-ORACLE-DMS-RID
X-Distributor
X-Debug-Info
X-Microsite
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
X-Amzn-Trace-Id
Charset
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cleartype
X-WebKit-CSP-Report-Only
X-Git-Hash
Host
Cross-Origin-Opener-Policy
X-Page-Id
X-F-Cache
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-B3-Sampled
X-DIS-Request-ID
X-LB-Cache
X-Www-Served-By
X-Cache-Age
X-Forwarded-Proto
ServerID
Access-Control-Allow-Method
X-Seen-By
Cache-Status
X-Az
Cache-Tags
X-Activity-Id
X-AppVersion
X-Cluster-Name
X-Aspnetmvc-Version
Accept-Charset
X-Varnish-Age
Realpath
X-Language
Filterid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-MCACHE
X-Rid
X-XRDS-LOCATION
X-Nginx-Upstream-Cache-Status
X-Type
Server-Name
X-Content-Options
X-App-Environment
X-Oracle-Dms-Ecid
X-Upgrade-Enabled
Country
X-Varnish-Grace
X-Origin-Cache
Viewport
X-Oracle-Dms-Rid
Retry-After
X-Mobile-URL
Node
X-B-Cache
X-Signature
X-NWS-UUID-VERIFY
X-Goog-Metageneration
X-Goog-Generation
X-Drupal-Cache-Tags
Paypal-Debug-Id
X-Aspnet-Duration-Ms
X-Flags
X-FB-Debug
DC
X-Goog-Storage-Class
X-User-Agent
X-Goog-Stored-Content-Encoding
X-Providence-Cookie
X-Request-Guid
X-Tb
X-Route-Name
X-Whom
X-Goog-Stored-Content-Length
X-Is-Crawler
X-Wix-Request-Id
X-GUploader-UploadID
X-TT
X-Varnish-Backend
Protected
X-VCache
Fastcgi-Useragent
X-Via-JSL
X-B
X-N
X-Fastly-Request-Id
X-Fastly-Request-ID
X-Cache-NGX
X-Fastcgi-Cache
X-Logged-In
X-Amz-Replication-Status
X-Contextid
Payment
X-Debug
X-Mcache
WPO-Cache-Status
WPO-Cache-Message
X-Load-Cache
X-Template
Surrogate-Key
X-Amz-Meta-S3cmd-Attrs
X-Cache-Control
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
X-Node-Name
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Trace-Id
Count-Hit
X-Hostname
Permissions-Policy
X-XRDS-Location
Healthy
Amp-Access-Control-Allow-Source-Origin
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-Proxy
X-Revision
X-Mobile
Content-Disposition
Refresh
Akamai-GRN
X-UUID
X-Cache-Time
X-Is-Bot
X-Akamai-Request-ID2
X-Cache-TTL-Remaining
X-G
X-Rendered-As
X-Real-IP
X-Jobs
X-Zen-Fury
X-Page-View
X-Cacheable-TTL
Uber-Trace-Id
X-Framework
X-Http-Reason
VIX-Pulpo-Node
X-Yottaa-Optimizations
X-Yottaa-Metrics
NGB
Access-Control-Request-Headers
X-Adobe-Content
Alternate-Protocol
VIX-Pulpo-Upstream-Status
X-Device-Type
X-Proxy-Cache-Status
X-Drupal-Cache-Contexts
X-Instance
X-Adobe-Loc
X-Debug-IsPreview
X-Debug-IsConnected
Url
X-IPLB-Instance
X-Servername
X-ECache
X-Cache-Grace
X-B3-Traceid
X-Cache-Rule
X-Source
Version
X-Varnish-Server
X-L-Path
X-Environment-Context
X-Restarts
X-Vgn-Hpd-Reason
From-Origin
X-Mg-Request-UUID
X-Oneagent-Js-Injection
X-Parallel-Accel
X-NGENIX-Cache
Accept-Language
X-EdgeConnect-Cache-Status
X-Cache-Hit
X-Cache-Expired-At
Countrycode
MS-CV
Ms-Operation-Id
X-Datadome
X-RTag
Referer-Policy
X-HTML-Minification-Powered-By
Frame-Options
X-App-Server
X-NYM-Debug-Backend
Cross-Origin-Window-Policy
Liferay-Portal
Backend
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-FW-Version
X-COUNTRY
X-IPS-LoggedIn
X-Cache-Action
X-Nginx-Cache
Content-Secure-Policy
WP-Super-Cache
X-ProcessESI
X-RemovedCookies
CF-IPCountry
Upgrade-Insecure-Requests
X-Cache-Server
X-Redis-Cache
X-RN-RSRV
X-UPSTREAM-Address
Section-Io-Cache
Meta-Geo
X-Cache-Type
Azure-InstanceId
Azure-SiteName
X-Hosted-By
X-Detected-As
X-Ua
X-APP-VERSION
X-No-Session
X-Human
Azure-Version
X-OCL
X-Access
Azure-SlotName
X-Request-Time
X-Varnish-Cache-Hits
Cache-Tv-Group
X-Format
X-Content-Age
X-Section
Azure-RegionName
Ec-Rule-Version
X-Generation-Time
X-PCL
Fastly-SSL
Apigw-Requestid
Locale
X-Be
X-Urbn-Site-Id
X-FB-TRIP-ID
X-SayCDN-TTL
X-Urbn-Context-Path
X-UA-Device-Type
X-Content-Powered-By
X-Server-W
X-Say-TTL
X-Say-Cacheable
X-ProxyCache-Status
X-ProxyCache-Key
X-PHP-Backend
X-Region
X-Origin-Hint
X-Uri
X-Via-Fastly
X-Cluster-Node
X-Sql-Duration-Ms
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Connection-Speed
Property-Id
S-Rt
Webcakes-App-Name
Webcakes-App-Version
X-Sql-Count
X-Site-Version
X-Cache-Enabled
X-BYPASS-REASON
Webcakes-Region
X-AOL-HN
Mn-Server-Ip
TWC-Device-Class
X-Mode
CDN-RequestId
CDN-RequestCountryCode
CDN-Uid
Eomportal-Instance
CDN-PullZone
CDN-CachedAt
X-Sorting-Hat-ShopId
X-Unique-Id
CDN-Cache
X-Hyper-Cache
CDN-EdgeStorageId
X-Akamai-Edgescape
X-PERF
X-Status
X-Storage
X-Xfnlog-Site
X-Origin-Date
X-Nginx-Cache-Key
X-ApacheServer
X-Cache-Host
X-Debug-Cache
X-Generated-By
X-Sorting-Hat-PodId
X-Ratelimit-Remaining
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Tid
X-Extlb
X-Varnishpool
X-Cache-Tags
X-Zipkin-Id
X-Web-Node
X-Forwarded-Host
X-Handled-By
X-Midtier
X-Platform-Server
X-Proxied
X-Routing-Service
X-JoinUs
X-Backend-Name
X-Hl-Ver
X-SaId
X-ServerID
X-Adobe-Source
X-GG-Cache-Date
X-Locale
X-NewRelic-App-Data
X-Rule
Selected-Fe
X-TT-LOGID
X-Labrador-Cache-Channel
X-Timing-Wait
X-Proxy-Build
X-PHP-Host
ServedBy
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-Cache-Operation
X-Dc
Webserver
X-VC-Cache
X-Cms-Context
X-Storefront-Renderer-Rendered
X-Edge-Location
X-LSADC-Cache
X-Accel-Buffering
X-Soup
X-Cache-Remote
X-Cached-By
X-Rewrite-Enabled
X-Proto
X-App-Version
SID
SRV
Web-Mar-Node
X-CDN-Forward
Xserver
Load-Balancing
Onion-Location
X-Cdn
X-Pubstack
Mime-Version
X-TA-CDN-Provider
Fastly-Drupal-Html
X-GEO
X-Reqid
X-GeoCountry
X-Varnish-Hostname
Country-Code
X-GeoCode
X-Buckets
X-Microcachable
Cache-Hits
X-Origin-TTL
X-Origin-CC
LB
X-Ratelimit-Limit
X-Request-Host
X-Cluster
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Varnish-Hits
X-Ms-Request-Id
Server-Info
X-Envoy-Decorator-Operation
X-Ms-Version
X-CSRF-Token
Xet-Cookie
X-Time
X-SRV
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Magnolia-Registration
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-NCache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-SpanId
X-Bc-Bl
X-RCS-CacheZone
X-Endurance-Cache-Level
DB-Nickname
X-Ec-Custom-Error
Sslversion
Fastcgi-X-Cache-Version
X-Vdms-Path
Expiry
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-Ec-Fail
Fastly-GeoIP-CountryCode
X-A
X-Developer
X-Cache-Info
X-A-Dcw
X-S
X-Destination
X-A-Dam
X-A-Ccd
X-CF-Lambda-Version
X-NAPM-TraceId
X-ARC
X-Esi-Check
X-Ftr-Request-Id
Cache
Cmsid
Cmstype
X-From
A
Cdncip
Cdnsip
X-External-Request-Id
X-Forwarded-Path
DCR-Decision-By
Pramga
X-Hash
X-VG-WebCache
X-TrackingId
X-Ec-GeoHdr
X-Cdn-Srv
X-Epic-Correlation-Id
X-Gzip
X-Vdms-Version
X-B-Cookie
X-Geo-Header
DCR-Processing-Time-Ms
X-CF-Lambda-Fn
X-Vtex-Processado-Em
Xc-Version
X-Sigma
X-Processor
X-Webstats-RespID
X-Shop-Environment
X-Sigma-Backend
X-D
Rendered-Blocks
Lang
Surrogated-Key
X-Application
T-Server
X-Cache-Id
X-AK-Request-ID
X-Rocket-Build-Number
X-ScT
MD5-Digest
X-S-Cookie
X-Rojux
X-Aed
X-SD-PageType
X-Session-Fingerprint
Mobile-Detection-Method
BehaviorPad-Version
Meta-Geo-Continent
X-Varnish-Beresp-Grace
X-Cache-NE
X-Orig-Expires
X-Cache-Bucket
X-Tenant
NM-Fastcgi-Cache
Odigeo-Trace-Id
X-A-Dgt
Host-ID
X-TIM-N
X-Vtex-Remote-Cache
X-Conf
X-Origin-Response-Time
X-PAYTM-SRV-ID
X-SRCache-Key
X-Connection-Hash
X-A-Wwc
X-PBS-Appsvrname
X-R9-Blue-Green-Version
DynaTrace
X-Varnish-Ttl
X-ZONE
Cache-Name
X-Developers
X-Block-Status
Memcached
X-Device-Os
X-Ckpd-Fst-Backend
X-Fetched-On
X-Fastly-Cache
Environment
X-Core-Value
Machine
Kp-EeAlive
X-Clara-WADP
X-Core-Mission
Req-Svc-Chain
X-Dispatcher-Number
Mail-Subject
X-CacheTTL
X-Cache-Backend
Origin
L
X-Origin-Time
X-Rocket-Nginx-Serving-Static
X-Amzn-Remapped-Content-Length
X-SB
X-Scheme
X-Server-IP
X-Served-From
X-Worker
X-Pool
Wxu-Next-Hostname
Wxu-Next-Region
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Wix-Viewer-Type
X-Slack-Backend
Wxu-Next-Commit
User-Cache-Control
Web-Mar-Region
We-Hiring
X-VG-TLSProxy
X-V-Cache
X-User
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Azure-Ref
X-WADP-Cache
X-TNCMS
X-Fmm-Version
X-Origin
X-Gen-Mode
X-Gdpr
X-Has-Esi
X-Hnp-Log
X-Irp-Debug
X-BBC-Edge-Cache-Status
Server-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
X-JWT-State
X-Is-Gdpr
X-Nyt-Route
X-NodeID
X-Loop
State
X-Node-Id
X-Tx-Id
X-LAGOON
Ssr
X-Location
X-Mvc-Supplant-Cachable
Source
X-Branch-Name
X-Auto-Login
X-Aicache-OS
X-Cache-Date
X-Origin-Expires
X-Request-URI
X-Skip-Cache
X-Thinkindot-L3
X-Region-Sid
X-RateLimit-Remaining-Second
X-Policy
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Variation
X-Varnish-CookieHashed-On
X-Viewer-Country
X-VServer
X-Via-Ucdn
X-Via-NSCOPI
X-VarnishDD-TTL
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Pod-Name
X-Platform
X-DefElseHash
X-DefHash
X-DPWN-IS-SECURE
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Eu-Site
X-Forwarded-Site
X-Level-Front-Cache
X-Loc
X-Minions-Version
X-HN
X-GeoIP
X-Gamma-Serve
X-Generated-On
X-CGP
Thinkindot-Control
PFcat
Origin-EX
Origin-CC
N-Cache
Platform
Producers
Server-Ext
Release
Redirect-Candidate
L5d-Success-Class
Is-Eu
CloudFront-Viewer-Country
CDCHOST
Adler-Geo
Cluster
Fastcgi-Cache-TTL
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Server-Hostname
X-IPLB-Request-ID
Thinkindot-CacheControl
CDN
TDXMobile
Sever-Int
Svr
Thinkindot-CacheControl-Type
Traceparent
V-Age
Vix-Hermes-Req-Id
HostName
AMP-Access-Control-Allow-Source-Origin
X-Proxy-Cache-Info
X-Httpd
Locid
X-Scale
Fastly-SIE
X-Sn-Servicetimems
Arc-Country
X-Optimistic-Header
DSUID
X-GeoIP-City
X-Qloud-Router
X-SIPLIST1
Fastly-SWR
IsBot
X-Men
X-Rebelmouse-Cache-Control
X-Cdn-Origin
X-Rebelmouse-Surrogate-Control
NGX
Ohc-File-Size
X-WP-CF-Super-Cache
X-Parent-Response-Time
X-Refresh
X-NC
X-WP-CF-Super-Cache-Cache-Control
X-Response-By
X-VC
X-Srv
X-Owner
X-Newrelic-Synthetics
X-Old-Content-Length
Pics-Label
X-EC-Lua
X-CS
X-Udemy-Cache-App-Namespace
X-RPM
X-RSL
Servername
X-RPS
Candidate-Md5Url
X-BCube-Filmed-By
X-Ah-Environment
X-DW
X-DB
Cache-Key
X-Tt-Logid
Datacenter
X-Wikidot-Static-Cache
X-TraceId
X-LB-NoCache
X-Wikidot-Backend
X-DI
X-DSS
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
X-Mvc-Supplant-OutputCached
Env
CPC-Cache
X-SplitTest
VNS-Cache
XM
GEO-INFO
Time
X-Accel-Expires-Debug
VNS-Age
Memory
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Ad-Defer-Variation
X-Edge-Pop
CPC-Age
X-Date
X-Akamai-Transformed
X-Amz-Meta-Cb-Modifiedtime
X-GeoIP-Region-Code
Fastly-Backend-Name
X-WA-Info
X-GeoIP-Country-Code
X-Varnish-Authentication
X-Cache-Status-Check
X-Generated-In
X-Xrds-Location
X-Webkit-CSP
X-TIME
GeoIp-Country-Code
X-Cache-Debug
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-Micro-Cache
X-API-Version
X-AIR-PT
Path
ITXSESSIONID
X-CACHE-KEY
Lb
X-HA-Backend
X-Servedbyhost
Geo-Info
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
X-RateLimit-Reset
Fusion-Content-Source
Fusion-Content-Id
X-S-Maxage
Cache-Host
CacheControlHeader
Ohc-Cache-HIT
Geoip-Latitude
Client
Ngx.Var.Host
X-Vc
X-Action
FSS-Cache
X-TH-Server
X-VCL-Version
True-Client-Country-4JS
Server-ID
X-Cs
X-VHOST
X-DC
True-Client-IP
X-Varnish-Beresp-TTL
X-Backend-TTL
X-Api-Version
X-Trace-ID
XkeyRZ
X-Proxy-CacheRZ
X-Clientip
X-Presslabs-Stats
Hostname
Edge-Cache
X-Req
X-FireWall-Port
X-TX-ID
My-App
Powered-By
X-Fpc
X-Webkit-Csp-Report-Only
X-Provided-By
X-Zone
X-B3-Spanid
X-PX
X-Pass-Why
NtCoent-Length
X-Origin-Upstream-Status
X-Dmc
X-Varnish-Beresp-Ttl
X-FPC
X-Traceid
X-MSEdge-Features
Test
X-Up
X-MSEdge-Flight
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-HS-Status
X-LB-ID
X-Render-Time
X-CSRF-TOKEN
X-Cdn-Request-ID
X-Correlation-ID
X-Beluga-Status
X-Beluga-Trace
DataCenter
X-Vcl-Version
X-Beluga-Response-Time
X-Beluga-Node
Rip
Server-Id
User-Agent
X-Beluga-Cache-Status
X-Webkit-CSP-Report-Only
X-Beluga-Record
X-INCAP-ABP
X-UnsetCookies
X-LI-UUID
C-Via
Proxy-Connection
X-Service
OT-Force-Account-Verify
X-Gateway-Cache-Key
X-Li-Pop
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Li-Fabric
X-Gateway-Request-Id
X-M-Reqid
X-Ha-Backend
X-URL
Tube-Got-Eval
Tube-Return
X-ND-Cache
Srvid
X-Via-PopH
Tube-Get-Contents
X-Via-PopV
Esi-Enabled
Click-Count-Error
WZWS-RAY
X-DynaTrace-JS-Agent
HIT
Uri
X-Via-PopN
Click-Count-Action-Start
MIME-Version
Tube-Got-Results
X-Alfa-Service
X-Time-Microsecs
X-RAMCache
X-M-Log
X-Qnm-Cache
X-Geo
X-Dynatrace
Tcn
X-CUA
GeoIP-Country-Code
GeoIP-Latitude
Sid
Resin-Trace
On-Server
Fastly-Drupal-HTML
X-ServedByHost
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
Target-Params
X-Proxy-Cache-Hk
Cf-Device-Type
Tracecode
Epwk-X-Cache
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-ATG-Version
X-LI-Proto
X-Platform-Processor
X-Platform-Router
Srv
X-APP
X-Fetch-By
X-Platform-Cluster
X-Fragments
X-TRACE-ID
X-Cdn-Forward
Lfy
X-FC-Vary-Parameters
X-Fastly-Backend
X-Var-Ttl
X-Sucuri-Cache
X-Backend-Host
X-Fastly-Backend-Reqs
X-Sucuri-ID
ENV
Cdn
X-Esi
X-Azure-Ref-OriginShield
X-Lb-Nocache
ServerName
X-Edge-POP
X-Varnish-Beresp-Status
X-B3-Traceid-Primal
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
XServer
X-Cache-Expires
Section-Io-Id
Section-Io-Origin-Status
X-MG-S
X-Srcache-Store-Status
X-LiteSpeed-Cache-Control
X-Srcache-Fetch-Status
WebServer
Inserted-Into-Cache-At
X-NU-AKA-ACS-Version
X-Newrelic-App-Data
CF-Cached-On
X-Li-Proto
X-Backend-State
X-ElasticPress-Query
X-Yottaa-OS
PICS-Label
Magicmarker
X-App
M-TraceId
X-CF-Powered-By
D-Url-Rewrites
X-Acquia-Purge-Tags
Server-Ttl
X-Acquia-Site
X-HostName
X-Nc
Wpo-Cache-Status
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Wpo-Cache-Message
X-Vcache
Cf-Ipcountry
X-Iplb-Instance
X-Iplb-Request-Id
X-Dw-Trace-Id
X-Serial
Servedby
Warning
Fastcgi-Cache-Ttl
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
X-Fastly-Cache-Hits
X-Vercel-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Vercel-Id
X-IN-APIGATEWAY
X-Release
X-BBC-Origin-Response-Status
X-Dist-Code
CountryCode
Content-Script-Type
X-Storefront-Renderer-Verified
X-Back
Content-Style-Type
X-Request-URL
X-Request-Url
X-IN-APIGATEWAYSSL
X-Th-Server
X-Cache-CFC
X-Request-Start
X-Litespeed-Cache-Control
X-Snapshot-Date
Ngx
Cneonction
X-B3-Parentspanid