Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
P3p
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Akamai-Path-Stats
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
X-HW
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
Accept-Ch-Lifetime
X-Rack-Cache
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
Accept-Ch
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-B3-TraceId
X-Amz-Server-Side-Encryption
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Varnish-TTL
X-Dw-Request-Base-Id
X-Amz-Rid
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
Public-Key-Pins
X-Cdn-Fetch
X-Kinja-Server
X-Cnection
X-D2id
X-Edge
X-Ac
X-Px
X-Navigation-Version
X-FastCGI-Cache
X-Element-Page-Cache
Verso
X-Ser
X-Sol
Pagespeed
X-Middleton-Display
Display
X-RateLimit-Remaining
X-Client-IP
X-Powered-By-Plesk
X-Abt-Application-Version
X-Cache-TTL
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Ttl
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Correlation-Id
Access-Control-Request-Method
X-Goog-Hash
X-Content-Security-Policy-Report-Only
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-Cached
X-Edge-Location-Klb
AR-PoweredBy
AR-ATIME
AR-SID
AR-CACHE
AR-Request-ID
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-Upstream
X-Powered-CMS
X-LLID
Edge-Cache-Tag
X-Server-Lifecycle-Phase
X-Instrumentation
X-NWS-LOG-UUID
X-Kraken-Loop-Name
X-Forwarded-For
Nginx-Cache
X-RateLimit-Limit
X-Litespeed-Cache
X-TTL
Content-MD5
X-Id
X-Cache-Key
X-MSEdge-Ref
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
TCN
X-T
X-B3-TraceId-Primal
X-Recruiting
S
X-Daa-Tunnel
X-Content-Digest
X-DataDome
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Webkit-Csp
X-Mg-S
X-SRCache-Store-Status
X-Jurisdiction
X-SRCache-Fetch-Status
X-HP-Trace-Id
X-Ua-Device
X-HP-Webp
MS-Author-Via
X-Accel-Expires
X-ECACHE
X-WebKit-CSP-Report-Only
X-Ezoic-Cdn
X-Protected-By
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Grace
MicrosoftSharePointTeamServices
X-Ab
X-Ua-Browser
X-Content
X-Frontend
X-Request-Received
X-Request-Processing-Time
Server-Node
Filters
Front-End-Https
TP-Cache
X-Yandex-Sdch-Disable
TP-L2-Cache
X-DynaTrace
X-PressLabs-Stats
X-Origin-Server
X-Server-ID
X-Distributor
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Mid
X-Geo-Country
X-ORACLE-DMS-RID
X-Hits
X-Request-Handler-Origin-Region
X-Microsite
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-LB-Cache
X-Amzn-Trace-Id
Charset
X-Debug-Info
Cleartype
Host
X-Ratelimit-Reset
X-F-Cache
X-Page-Id
X-Git-Hash
X-B3-Sampled
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-DIS-Request-ID
X-Cache-Age
X-Www-Served-By
Realpath
Cache-Status
Access-Control-Allow-Method
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Seen-By
X-Activity-Id
X-Az
X-AppVersion
ServerID
X-Fastly-Request-Id
Accept-Charset
Filterid
Cache-Tags
X-XRDS-LOCATION
X-Varnish-Age
X-Cluster-Name
X-Aspnetmvc-Version
X-Mcache
X-Nginx-Upstream-Cache-Status
X-Language
X-Rid
X-Content-Options
X-Type
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Retry-After
X-MCACHE
X-App-Environment
Server-Name
X-FB-Debug
Country
Viewport
X-Upgrade-Enabled
X-Varnish-Backend
X-Varnish-Grace
Paypal-Debug-Id
Node
DC
X-Tb
X-User-Agent
X-Origin-Cache
X-Drupal-Cache-Tags
X-B-Cache
X-Signature
X-Whom
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Wix-Request-Id
X-Mobile-URL
X-TT
X-Goog-Stored-Content-Length
X-Oracle-Dms-Ecid
X-GUploader-UploadID
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-VCache
X-Route-Name
X-Request-Guid
X-Flags
X-Is-Crawler
X-Oracle-Dms-Rid
X-B
X-NWS-UUID-VERIFY
Protected
X-Oneagent-Js-Injection
X-Debug
Permissions-Policy
Fastcgi-Useragent
X-Logged-In
WPO-Cache-Status
WPO-Cache-Message
X-Amz-Replication-Status
X-N
Payment
X-Via-JSL
X-Cache-NGX
X-Amz-Meta-S3cmd-Attrs
X-Load-Cache
Surrogate-Key
X-Contextid
X-Cache-Control
Count-Hit
X-Template
X-Node-Name
X-ECache
Healthy
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-FW-Type
X-Webkit-CSP
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Hash
X-Mobile
SD-X-WS
X-Response-Served-From
X-Trace-Id
X-Original-Request-Id
X-Proxy
Akamai-GRN
Content-Disposition
Refresh
X-Jobs
X-G
X-Revision
X-XRDS-Location
X-Cache-Time
X-Framework
Uber-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-Cache-TTL-Remaining
X-Akamai-Request-ID2
X-UUID
X-Real-IP
X-Zen-Fury
Alternate-Protocol
Url
X-Cacheable-TTL
X-Device-Type
NGB
VIX-Pulpo-Node
X-Hostname
X-Proxy-Cache-Status
X-Fastcgi-Cache
X-Restarts
X-Rendered-As
X-NGENIX-Cache
VIX-Pulpo-Upstream-Status
X-Is-Bot
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Adobe-Loc
X-Adobe-Content
X-Http-Reason
X-Debug-IsConnected
X-Page-View
Access-Control-Request-Headers
X-Instance
X-Servername
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Grace
X-Fastly-Request-ID
X-IPLB-Instance
X-Mg-Request-UUID
X-Varnish-Server
Version
X-EdgeConnect-Cache-Status
X-Environment-Context
X-L-Path
X-Midtier
X-Source
X-B3-Traceid
Accept-Language
X-HTML-Minification-Powered-By
Ms-Operation-Id
MS-CV
Countrycode
X-RTag
Frame-Options
X-Cache-Rule
X-Cache-Hit
X-Cache-Expired-At
From-Origin
X-Vgn-Hpd-Reason
Liferay-Portal
Referer-Policy
X-NYM-Debug-Backend
X-App-Server
X-Ratelimit-Remaining
Cross-Origin-Window-Policy
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Backend
X-Tumblr-User
X-Nginx-Cache
X-IPS-LoggedIn
X-FW-Version
X-APP-VERSION
X-Parallel-Accel
Content-Secure-Policy
X-COUNTRY
X-Hosted-By
X-Datadome
X-UPSTREAM-Address
Upgrade-Insecure-Requests
X-Unique-Id
X-RN-RSRV
X-Cache-Server
Meta-Geo
X-OCL
X-PCL
X-Redis-Cache
Section-Io-Cache
X-Ua
X-ProcessESI
X-Generation-Time
X-No-Session
X-RemovedCookies
X-Content-Age
WP-Super-Cache
X-PHP-Backend
X-Region
X-Request-Time
X-Origin-Hint
X-Format
X-Access
X-Cluster-Node
X-Section
X-Server-W
X-Cache-Enabled
X-FB-TRIP-ID
X-Via-Fastly
X-Varnish-Cache-Hits
X-UA-Device-Type
X-Uri
Webcakes-Region
Webcakes-App-Version
Azure-Version
Mn-Server-Ip
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
Property-Id
S-Rt
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
Apigw-Requestid
TWC-Connection-Speed
X-Mode
CF-IPCountry
X-ProxyCache-Status
X-ProxyCache-Key
X-Debug-Cache
X-Content-Powered-By
X-Sql-Duration-Ms
X-Sql-Count
X-Site-Version
X-Cache-Action
X-PERF
X-Nginx-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Locale
X-Human
X-Status
X-Storage
X-AOL-HN
Fastly-SSL
X-Be
Locale
X-Origin-Date
X-ApacheServer
X-Akamai-Edgescape
X-BYPASS-REASON
X-Urbn-Context-Path
Cache-Tv-Group
X-Urbn-Site-Id
X-Cache-Host
Eomportal-Instance
X-Xfnlog-Site
X-NewRelic-App-Data
X-Extlb
X-Cache-Type
X-Detected-As
X-Hl-Ver
X-Backend-Name
X-Routing-Service
X-Say-Cacheable
X-Generated-By
X-Say-TTL
X-SayCDN-TTL
X-PHP-Host
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Zipkin-Id
X-SaId
Ec-Rule-Version
X-ServerID
X-Tid
X-Varnishpool
X-Proxied
X-JoinUs
X-Cms-Context
X-AWS-Id
X-LJ-Flow-ID
X-Cache-Tags
X-Adobe-Source
X-Handled-By
X-Varnish-Ttl
X-Web-Node
X-VWS-Id
X-Platform-Server
X-GG-Cache-Date
Selected-Fe
X-Proxy-Build
X-Timing-Wait
X-Dc
X-VC-Cache
ServedBy
X-Edge-Location
X-Storefront-Renderer-Rendered
CDN-RequestCountryCode
CDN-Cache
CDN-CachedAt
Load-Balancing
CDN-PullZone
CDN-Uid
CDN-EdgeStorageId
CDN-RequestId
X-Hyper-Cache
X-Rule
X-LSADC-Cache
X-Proto
X-Cache-Operation
Web-Mar-Node
Onion-Location
X-GeoCountry
Webserver
X-GeoCode
X-Ratelimit-Limit
X-TT-LOGID
X-App-Version
SID
Mime-Version
SRV
X-Cache-Remote
X-Cached-By
Fastly-Drupal-Html
X-Rewrite-Enabled
X-CDN-Forward
X-Varnish-Hostname
X-Soup
X-GEO
Cache-Hits
X-TA-CDN-Provider
Xserver
X-Accel-Buffering
X-Cdn
X-Pubstack
X-Cluster
X-SRV
X-Reqid
X-Origin-TTL
X-Origin-CC
Country-Code
X-Varnish-Hits
X-Envoy-Decorator-Operation
Xet-Cookie
X-Microcachable
Server-Info
X-Air-Hostname
X-Buckets
X-Air-Source
X-Air-Trace-Id
X-Magnolia-Registration
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-CSRF-Token
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-IPLB-Request-ID
DB-Nickname
LB
X-Time
X-Request-Host
X-Ms-Request-Id
X-Ms-Version
X-Amzn-RequestId
Cache
X-Newrelic-Synthetics
X-Amz-Apigw-Id
X-Endurance-Cache-Level
Source
X-Vtex-Processado-Em
DCR-Decision-By
DCR-Processing-Time-Ms
Expiry
Xc-Version
X-Vtex-Remote-Cache
Cdnsip
X-Orig-Expires
X-HS-Content-Campaign-Id
X-NAPM-TraceId
Cdncip
X-Ig-Push-State
A
BehaviorPad-Version
X-Hash
X-Via-NSCOPI
Cmsid
X-Ftr-Request-Id
X-Geo-Header
X-Gzip
X-PAYTM-SRV-ID
X-Origin-Response-Time
Cmstype
Mobile-Detection-Method
X-ScT
X-AK-Request-ID
X-Application
X-ARC
X-B-Cookie
X-Aed
X-SD-PageType
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Session-Fingerprint
X-Ec-Fail
X-Cache-Id
X-S-Cookie
X-Rojux
X-CF-Lambda-Version
X-D
X-Conf
X-Connection-Hash
X-CF-Lambda-Fn
X-Cdn-Srv
X-Developer
X-Cache-NE
X-PBS-Appsvrname
X-S
X-Destination
X-A-Dam
X-A-Ccd
NM-Fastcgi-Cache
X-Processor
Odigeo-Trace-Id
X-Forwarded-Path
X-User
X-Vdms-Path
Meta-Geo-Continent
X-VG-WebCache
Host-ID
Lang
X-Vdms-Version
MD5-Digest
X-TrackingId
Pramga
X-Tenant
X-Ec-GeoHdr
T-Server
X-SRCache-Key
X-Shop-Environment
X-TIM-N
X-Epic-Correlation-Id
Sslversion
Rendered-Blocks
Surrogated-Key
X-External-Request-Id
X-Esi-Check
Fastcgi-X-Cache-Version
X-A
X-Bc-Bl
X-RCS-CacheZone
X-NCache
X-Tt-Logid
X-CACHE-KEY
X-B3-SpanId
X-SVT-ORM-RULES
X-Scheme
X-SVT-ORM-VERSION
X-Sigma-Backend
X-Amzn-Remapped-Content-Length
Wxu-Next-Region
X-Sigma
X-Server-IP
Wxu-Next-Hostname
Memcached
X-WADP-Cache
Mail-Subject
Machine
Fastly-GeoIP-CountryCode
X-Varnish-Beresp-Grace
X-Via-Ucdn
Wxu-Next-Commit
We-Hiring
State
Server-Host
X-SB
X-Rocket-Build-Number
X-Nyt-Route
X-Fetched-On
X-Fastly-Cache
X-Origin
X-Fmm-Version
X-NodeID
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Gdpr
X-Node-Id
X-Origin-Time
X-Device-Os
X-CacheTTL
X-Cache-Info
Environment
X-Cache-Bucket
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Developers
X-Core-Value
X-Core-Mission
X-Cache-Backend
X-V-Cache
AKAMAI
X-Skip-Cache
X-Azure-Ref
X-ZONE
X-R9-Blue-Green-Version
Cache-Name
CDN
DynaTrace
AMP-Access-Control-Allow-Source-Origin
HostName
X-Thinkindot-L3
Traceparent
X-TNCMS
X-Platform
User-Cache-Control
V-Age
X-Pod-Name
Web-Mar-Region
X-Request-URI
Vix-Hermes-Req-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
X-RateLimit-Remaining-Second
Ssr
X-Region-Sid
X-Planisys-CDN-Rules
X-VarnishDD-TTL
Svr
Thinkindot-CacheControl
TDXMobile
X-Dispatcher-Number
X-Planisys-CDN-TTL
X-Varnish-Remaining-TTL
X-Origin-Expires
X-Served-From
X-Varnish-CookieHashed-On
X-Csrf-Jwt
X-Proxy-Upstream
X-Auto-Login
X-RateLimit-Limit-Second
X-BBC-Edge-Cache-Status
X-Variation
X-Branch-Name
X-CGP
X-Varnish-CookieINHashed-On
X-Tx-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Pool
X-Policy
X-Ec-Custom-Error
X-Rocket-Nginx-Serving-Static
X-Slack-Backend
X-Cache-Date
X-Datadog-Parent-Id
X-Block-Status
X-VG-TLSProxy
Gh-Request-Id
Ha-Gx-Prefs
Is-Eu
X-Hnp-Log
X-Level-Front-Cache
HA-Ipaddr
X-HN
X-Has-Esi
Adler-Geo
L5d-Success-Class
L
Kp-EeAlive
CDCHOST
Fastcgi-Cache-TTL
X-DefHash
X-DefElseHash
X-DPWN-IS-SECURE
Cluster
CloudFront-Viewer-Country
X-LAGOON
X-JWT-State
Platform
X-GeoIP
Producers
X-Is-Gdpr
X-Planisys-CDN-Cache
X-Loop
X-Viewer-Country
Redirect-Candidate
PFcat
Origin-EX
Origin-CC
Release
Apple-News-Services-Host
X-Worker
Apple-News-Services-Handled
X-Eu-Site
Req-Svc-Chain
X-Minions-Version
Origin
Apple-News-Services-Parsed-Url
N-Cache
X-Gamma-Serve
X-Wix-Viewer-Type
X-Forwarded-Site
Apple-News-Services-Request-Url
X-Generated-On
X-Gen-Mode
X-BCube-Filmed-By
Candidate-Md5Url
Cache-Key
X-Optimistic-Header
X-Owner
X-From
X-Qloud-Router
Fastly-SIE
X-Webstats-RespID
Ohc-File-Size
X-Httpd
X-Loc
Datacenter
Sever-Int
X-VServer
NGX
X-Wikidot-Static-Cache
Server-Ext
Server-Hostname
X-Proxy-Cache-Info
X-GeoIP-City
X-SIPLIST1
IsBot
X-Scale
X-Sn-Servicetimems
X-Wikidot-Backend
DSUID
X-Rebelmouse-Surrogate-Control
X-Cdn-Origin
X-Rebelmouse-Cache-Control
Fastly-SWR
X-Cache-Status-Check
X-VC
X-SplitTest
CPC-Cache
VNS-Cache
X-Refresh
VNS-Age
CPC-Age
GEO-INFO
XM
X-WP-CF-Super-Cache-Cache-Control
X-Location
X-Ad-Defer-Variation
X-Parent-Response-Time
X-Aicache-OS
X-WP-CF-Super-Cache
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-NC
Fastly-Backend-Name
Pics-Label
X-WA-Info
X-CS
X-Tb-Optimization-Total-Bytes-Saved
X-AIR-PT
X-Cache-ASPX
Locid
X-Ah-Environment
Env
X-Men
X-Edge-Pop
X-Contensis-Viewer-Groups
Arc-Country
Servername
X-Micro-Cache
Ms-Author-Via
Lb
X-EC-Lua
X-Srv
X-LB-NoCache
X-Varnish-Authentication
X-Response-By
X-Old-Content-Length
X-Udemy-Cache-App-Namespace
Time
X-TraceId
Memory
X-DSS
X-DB
X-DI
X-RPM
X-RPS
X-Via-Popv
Path
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popn
X-RSL
X-DW
X-Via-Poph
X-Generated-In
X-Mvc-Supplant-OutputCached
X-Api-Version
X-Xrds-Location
X-TIME
X-Servedbyhost
X-Date
X-Akamai-Transformed
Ngx.Var.Host
X-Accel-Expires-Debug
Cache-Host
GeoIp-Country-Code
Ohc-Cache-HIT
ITXSESSIONID
X-HA-Backend
X-GeoIP-Country-Code
X-S-Maxage
X-Varnish-Beresp-TTL
X-GeoIP-Region-Code
X-Proxy-CacheRZ
X-PX
X-RateLimit-Reset
XkeyRZ
Geoip-Latitude
True-Client-IP
FSS-Cache
Client
X-Cache-Debug
X-Cs
X-VCL-Version
X-Vc
X-Clientip
X-API-Version
Fusion-Deployment-Id
Fusion-Component-Id
X-VHOST
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Trace-ID
CacheControlHeader
X-DC
Server-ID
X-TX-ID
True-Client-Country-4JS
X-Presslabs-Stats
X-TH-Server
X-Action
X-FireWall-Port
Hostname
X-Zone
X-Dmc
X-Backend-TTL
X-Fpc
Geo-Info
X-B3-Spanid
X-Render-Time
X-MSEdge-Features
X-Webkit-Csp-Report-Only
Powered-By
X-MSEdge-Flight
X-Req
X-Traceid
NtCoent-Length
X-INCAP-ABP
Edge-Cache
X-DynaTrace-JS-Agent
X-FPC
C-Via
Rip
X-Pass-Why
My-App
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Request-Id
Tcn
X-Service
X-Gateway-Cache-Key
Test
X-NGINX-Cache
X-M-Reqid
Esi-Enabled
Click-Count-Error
Click-Count-Action-Start
Tube-Get-Contents
X-Cdn-Request-ID
X-M-Log
HIT
X-CSRF-TOKEN
X-Vcl-Version
Tube-Got-Eval
X-HS-Status
X-Qnm-Cache
Tube-Got-Results
Tube-Return
Server-Id
X-Correlation-ID
X-Provided-By
X-Origin-Upstream-Status
X-Beluga-Status
User-Agent
X-Beluga-Node
X-Beluga-Response-Time
X-Up
X-Beluga-Record
X-Beluga-Cache-Status
X-Webkit-CSP-Report-Only
OT-Force-Account-Verify
On-Server
X-Beluga-Trace
Cf-Int-Pingora-Origin-Digest
X-LB-ID
X-Alfa-Service
X-Varnish-Beresp-Ttl
X-Ha-Backend
X-TRACE-ID
X-Via-PopN
Uri
X-Via-PopV
X-Via-PopH
X-Proxy-Cache-Hk
Resin-Trace
X-URL
Srvid
Proxy-Connection
X-APP
X-Cdn-Forward
X-Check-Cacheable
X-CLOUD-TRACE-CONTEXT
WebServer
Srv
Sid
X-RAMCache
X-Li-Fabric
DataCenter
X-Li-Pop
X-ServedByHost
X-UnsetCookies
X-LI-UUID
X-Geo
GeoIP-Latitude
GeoIP-Country-Code
MIME-Version
X-Akamai-Pragma-Client-IP
X-Edge-Origin-Shield-Bytes
X-Fetch-By
X-LI-Proto
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Epwk-X-Cache
X-ND-Cache
Cdn
WZWS-RAY
X-Edge-Origin-Shield-Region
X-Time-Microsecs
Fastly-Drupal-HTML
X-CUA
M-TraceId
X-Backend-Host
X-Fastly-Backend-Reqs
Server-Ttl
ENV
X-Lb-Nocache
X-Esi
Warning
X-Fragments
ServerName
X-Platform-Router
Cf-Device-Type
X-Edge-POP
X-Dynatrace
X-Request-Url
X-ATG-Version
XServer
X-B3-Traceid-Primal
X-Platform-Cluster
PICS-Label
X-Platform-Processor
Target-Params
Tracecode
Dt-Hot-News
X-HostName
X-MG-S
X-App
X-ElasticPress-Query
Cdn-Requestid
Cdn-Requestcountrycode
X-Fastly-Backend
Cdn-Pullzone
Cdn-Edgestorageid
Cdn-Cache
Cdn-Cachedat
Cdn-Uid
X-Azure-Ref-OriginShield
X-Sucuri-ID
X-Sucuri-Cache
X-Var-Ttl
Lfy
X-Newrelic-App-Data
Inserted-Into-Cache-At
CF-Cached-On
X-FC-Vary-Parameters
Section-Io-Id
Section-Io-Origin-Status
X-HITS
Section-Origin-Responded
X-Yottaa-OS
Section-Io-Origin-Time-Seconds
Cf-Ipcountry
X-Dw-Trace-Id
X-Varnish-Beresp-Status
X-Bip
X-Vcache
X-Iplb-Request-Id
X-Iplb-Instance
X-Thanos
X-Akamai-Request-ID
X-Serial
D-Url-Rewrites
X-Cache-Expires
X-LiteSpeed-Cache-Control
X-CF-Powered-By
X-Nc
Wp-Super-Cache
Servedby
DT-Hot-News
True-Client-Ip
X-Fastly-Cache-Hits
X-Li-Proto
X-Vercel-Cache
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Id
X-NU-AKA-ACS-Version
Content-Style-Type
X-Back
X-Th-Server
Content-Script-Type
CountryCode
X-Release
X-BBC-Origin-Response-Status
X-Dist-Code
X-Storefront-Renderer-Verified
Magicmarker
Fastcgi-Cache-Ttl
Cneonction
Ngx
X-Snapshot-Date
X-Request-URL
X-Backend-State