Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Akamai-Path-Stats
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-UA-Device
Host-Header
X-Proxy-Cache
X-Hacker
X-Rq
Grace
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-LiteSpeed-Cache
X-Amz-Version-Id
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-CST
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Cache-Lookup
X-Response-Time
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Url
X-Country
Accept-Ch
Fastly-Restarts
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-PC
X-TtlSet
X-Vname
X-Amz-Server-Side-Encryption
RTSS
X-Varnish-TTL
Edge-Control
X-VARITI-CCR
X-FastCGI-Cache
X-ESI
X-Server-Name
X-Edge
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Dw-Request-Base-Id
X-Amz-Rid
X-Px
X-ASPNET-VERSION
Public-Key-Pins
X-D2id
X-B3-TraceId
X-Cnection
X-Ser
X-Navigation-Version
X-Content-Security-Policy-Report-Only
X-Powered-By-Plesk
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Ac
X-Abt-Application-Version
Verso
X-RateLimit-Remaining
X-Client-IP
X-Element-Page-Cache
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Ttl
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Middleton-Response
Response
X-Cached
X-Goog-Hash
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
X-Kinsta-Cache
SPRequestGuid
X-SharePointHealthScore
X-Edge-Location-Klb
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Powered-CMS
AR-SID
AR-Request-ID
X-Server-Lifecycle-Phase
X-Upstream
X-Instrumentation
X-Kraken-Loop-Name
X-Correlation-Id
X-LLID
Edge-Cache-Tag
X-WebKit-CSP-Report-Only
X-Forwarded-For
X-NWS-LOG-UUID
X-Litespeed-Cache
Content-MD5
X-TTL
X-Cache-Key
X-Id
X-Ruxit-Js-Agent
Nginx-Cache
X-RateLimit-Limit
X-Shield-Request-Id
TCN
X-MSEdge-Ref
X-ECACHE
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Recruiting
S
Mrf-Cache-Status
MRF-Tech
X-T
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Content-Digest
X-DataDome
X-Mg-S
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ua-Device
TP-Cache
TP-L2-Cache
X-Grace
X-Mcache
X-Accel-Expires
X-DynaTrace
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
X-Protected-By
Front-End-Https
MicrosoftSharePointTeamServices
Filters
Server-Node
X-Yandex-Sdch-Disable
X-Request-Received
X-Ezoic-Cdn
X-Request-Processing-Time
X-PressLabs-Stats
X-Content
X-Ab
X-Ua-Browser
X-Distributor
X-Origin-Server
X-ORACLE-DMS-ECID
X-Hits
X-ORACLE-DMS-RID
Fastcgi-Cache
X-LB-Cache
MS-Author-Via
X-Geo-Country
X-Request-Handler-Origin-Region
X-Microsite
X-Amzn-Trace-Id
Charset
X-Mid
X-Tt-Trace-Host
Host
X-Tt-Trace-Tag
X-Cache-Age
X-Webkit-Csp
X-B3-Sampled
Cross-Origin-Opener-Policy
Cleartype
X-Git-Hash
X-Page-Id
X-F-Cache
Cache-Status
X-Forwarded-Proto
X-Fastly-Request-Id
X-Debug-Info
Realpath
X-Seen-By
X-Activity-Id
X-AppVersion
X-Az
X-DIS-Request-ID
Access-Control-Allow-Method
X-Ratelimit-Reset
X-Nginx-Upstream-Cache-Status
X-Www-Served-By
Permissions-Policy
Accept-Charset
X-Webkit-CSP
Filterid
X-Server-ID
Cache-Tags
ServerID
X-Aspnetmvc-Version
X-Varnish-Age
X-Content-Options
X-Cluster-Name
X-FB-Debug
X-Rid
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Retry-After
X-Type
Server-Name
X-Midtier
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Grace
X-Varnish-Backend
X-App-Environment
Country
X-B
X-User-Agent
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Route-Name
X-Tb
X-Request-Guid
X-Whom
X-TT
X-B-Cache
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-Signature
X-Origin-Cache
Viewport
X-VCache
Paypal-Debug-Id
DC
Node
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Debug
Fastcgi-Useragent
X-Upgrade-Enabled
X-XRDS-LOCATION
X-Language
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NWS-UUID-VERIFY
X-Amz-Replication-Status
Protected
X-Mobile-URL
X-Logged-In
Payment
X-Cache-NGX
Amp-Access-Control-Allow-Source-Origin
Surrogate-Key
X-N
X-Load-Cache
WPO-Cache-Message
X-Cache-Control
WPO-Cache-Status
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Count-Hit
Alternate-Protocol
X-NGENIX-Cache
X-Contextid
Healthy
X-Restarts
X-Node-Name
X-Mobile
X-Via-JSL
X-ECache
X-B3-Traceid
X-Proxy
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Content-Disposition
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-MCACHE
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-G
Refresh
X-XRDS-Location
X-Jobs
Akamai-GRN
Url
X-Real-IP
X-Cache-Time
X-Zen-Fury
Uber-Trace-Id
X-Page-View
X-Adobe-Content
X-Akamai-Request-ID2
X-Servername
X-Adobe-Loc
X-Revision
X-UUID
X-Device-Type
X-Varnish-Server
X-Debug-IsPreview
X-Mg-Request-UUID
X-Debug-IsConnected
X-Is-Bot
X-Rendered-As
VIX-Pulpo-Upstream-Status
X-Framework
VIX-Pulpo-Node
X-Cache-TTL-Remaining
X-Http-Reason
X-Cacheable-TTL
Access-Control-Request-Headers
X-Proxy-Cache-Status
X-Yottaa-Optimizations
X-Cache-Grace
X-Yottaa-Metrics
X-Drupal-Cache-Contexts
X-L-Path
NGB
X-Environment-Context
X-Instance
Frame-Options
X-Hostname
X-HTML-Minification-Powered-By
X-IPLB-Instance
Version
X-EdgeConnect-Cache-Status
X-Template
Referer-Policy
X-Source
Countrycode
X-RTag
Ms-Operation-Id
MS-CV
Liferay-Portal
Accept-Language
X-Trace-Id
X-Oneagent-Js-Injection
X-NYM-Debug-Backend
X-Datadome
X-Fastly-Request-ID
X-App-Server
X-Cache-Rule
X-Ratelimit-Remaining
X-Cache-Expired-At
X-Cache-Hit
Cross-Origin-Window-Policy
From-Origin
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Backend
X-Hosted-By
X-Tumblr-Pixel-1
X-Tumblr-User
X-Nginx-Cache
X-Vgn-Hpd-Reason
X-Unique-Id
X-IPS-LoggedIn
X-APP-VERSION
X-COUNTRY
X-Status
X-ProcessESI
X-RemovedCookies
Meta-Geo
X-Ratelimit-Limit
Section-Io-Cache
X-UPSTREAM-Address
X-Cache-Server
Load-Balancing
X-FW-Version
X-RN-RSRV
Upgrade-Insecure-Requests
WP-Super-Cache
X-OCL
X-PCL
X-FB-TRIP-ID
X-No-Session
X-LJ-Flow-ID
Content-Secure-Policy
X-VWS-Id
X-AWS-Id
X-Content-Age
X-Labrador-Cache-Channel
X-Cache-Enabled
X-AOL-HN
X-Section
X-Ua
X-Be
X-Via-Fastly
X-UA-Device-Type
X-Sql-Duration-Ms
X-Sql-Count
X-Access
S-Rt
X-PHP-Host
X-PHP-Backend
X-Origin-Date
Apigw-Requestid
X-Redis-Cache
X-Region
Mn-Server-Ip
X-Request-Time
CF-IPCountry
X-Content-Powered-By
X-Akamai-Edgescape
X-Mode
X-Platform-Server
X-PERF
X-Nginx-Cache-Key
X-ProxyCache-Key
X-ProxyCache-Status
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Human
X-Generated-By
X-BYPASS-REASON
X-ApacheServer
X-Adobe-Source
Locale
X-Cache-Tags
X-Cms-Context
X-Forwarded-Host
X-Format
X-Debug-Cache
X-Site-Version
X-Storage
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
X-Cluster-Node
X-Varnish-Cache-Hits
X-Server-W
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Uri
X-Urbn-Site-Id
X-Urbn-Context-Path
X-VC-Cache
X-Xfnlog-Site
TWC-Device-Class
TWC-Connection-Speed
Property-Id
Eomportal-Instance
Webcakes-App-Name
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Storefront-Renderer-Rendered
X-Generation-Time
X-Locale
X-Edge-Location
X-ServerID
X-Proxied
X-SaId
Azure-Version
Azure-InstanceId
X-Hl-Ver
X-GG-Cache-Date
X-JoinUs
X-Varnishpool
X-Tid
X-GeoCountry
X-GeoCode
X-Detected-As
X-Routing-Service
X-Extlb
X-Zipkin-Id
X-Web-Node
X-Cache-Type
X-Cache-Host
Fastly-SSL
X-Dc
X-NewRelic-App-Data
X-Handled-By
X-Backend-Name
X-Proto
X-Timing-Wait
Selected-Fe
X-Proxy-Build
CDN-RequestId
X-CDN-Forward
CDN-Uid
CDN-RequestCountryCode
Cache-Tv-Group
CDN-CachedAt
CDN-PullZone
ServedBy
CDN-EdgeStorageId
CDN-Cache
Ec-Rule-Version
Fastly-Drupal-Html
X-App-Version
Web-Mar-Node
Webserver
X-IPLB-Request-ID
Onion-Location
X-LSADC-Cache
X-GEO
X-Magnolia-Registration
X-Cache-Action
X-Varnish-Hostname
X-Cached-By
Cache-Hits
X-Tt-Logid
X-Envoy-Decorator-Operation
X-Cache-Operation
X-Air-Hostname
X-Hyper-Cache
SRV
X-Air-Source
Mime-Version
X-Cluster
X-Cache-Remote
X-Air-Trace-Id
X-Varnish-Hits
X-Rewrite-Enabled
SID
X-Cdn
X-Fastcgi-Cache
X-Origin-CC
X-Soup
X-Origin-TTL
Xet-Cookie
X-Rule
X-Parallel-Accel
Xserver
Cache
DB-Nickname
LB
X-Microcachable
Source
Server-Info
X-CSRF-Token
X-MP-GENERATED-AT
X-Accel-Buffering
X-SRV
X-Reqid
X-Pubstack
X-Xrds-Location
Country-Code
X-Via-NSCOPI
X-Tumblr-Pixel-2
X-TA-CDN-Provider
X-Buckets
Decoy-Debug-Key
X-Tumblr-Pixel-3
X-Tx-Id
X-Skip-Cache
Decoy-Debug-Status
Decoy-Debug-TTL
X-Origin-Response-Time
X-Cache-Status-Check
X-TT-LOGID
X-Request-Host
X-Endurance-Cache-Level
X-Cache-NE
X-BCube-Filmed-By
Cmsid
X-Cdn-Srv
X-Ig-Push-State
DynaTrace
X-CF-Lambda-Fn
Rendered-Blocks
X-Processor
Cmstype
X-Application
Odigeo-Trace-Id
X-Geo-Header
X-ARC
X-B-Cookie
Mobile-Detection-Method
X-Hash
NM-Fastcgi-Cache
X-CF-Lambda-Version
X-Ec-Fail
Pramga
X-Epic-Correlation-Id
X-Orig-Expires
X-Vdms-Path
Candidate-Md5Url
BehaviorPad-Version
MD5-Digest
X-NAPM-TraceId
X-External-Request-Id
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Ec-GeoHdr
Cdnsip
A
X-Forwarded-Path
X-Session-Fingerprint
Cdncip
Cache-Key
X-User
X-S
X-VG-WebCache
X-SplitTest
X-A
X-S-Cookie
X-Rojux
Xc-Version
XM
X-A-Wwc
X-AK-Request-ID
X-SRCache-Key
X-A-Ccd
Host-ID
X-A-Dgt
X-A-Dcw
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-SD-PageType
X-Shop-Environment
X-Connection-Hash
X-A-Dam
X-Conf
X-ScT
Lang
X-D
DCR-Processing-Time-Ms
X-Vdms-Version
X-Developer
X-Destination
X-Amz-Apigw-Id
X-Amzn-RequestId
X-TrackingId
Sslversion
DCR-Decision-By
X-TIM-N
Surrogated-Key
Datacenter
X-Tenant
Fastcgi-X-Cache-Version
X-Aed
T-Server
Expiry
X-Newrelic-Synthetics
X-AIR-PT
X-Azure-Ref
X-Varnish-Beresp-Grace
X-DPWN-IS-SECURE
X-DefHash
X-Ckpd-Fst-Backend
X-Device-Os
Is-Eu
X-DefElseHash
X-Core-Value
X-Fetched-On
Memcached
AKAMAI
X-Core-Mission
X-Esi-Check
Environment
X-Developers
Adler-Geo
Mail-Subject
X-Varnish-CookieHashed-On
We-Hiring
Kp-EeAlive
Wxu-Next-Hostname
Redirect-Candidate
State
X-TNCMS
X-GeoIP
Server-Host
X-Variation
X-V-Cache
X-B3-SpanId
X-SVT-ORM-VERSION
X-Scheme
X-Sigma-Backend
X-Wix-Viewer-Type
X-Sigma
X-Worker
X-SB
Wxu-Next-Region
X-Ad-Defer-Variation
X-Rocket-Build-Number
X-SVT-ORM-RULES
Producers
X-Bc-Bl
X-Origin-Expires
Wxu-Next-Commit
X-Ms-Request-Id
X-Loop
X-HS-Content-Campaign-Id
X-JWT-State
X-Irp-Debug
X-Cache-Id
X-Is-Gdpr
X-Ms-Version
X-NodeID
X-Origin
X-Gzip
X-CacheTTL
Platform
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Has-Esi
X-Time
X-Clara-WADP
X-Cdn-Origin
X-Cache-Bucket
X-BBC-Edge-Cache-Status
X-Block-Status
X-Aicache-OS
X-Branch-Name
X-CGP
X-Cache-Date
X-Cache-Info
X-RateLimit-Limit-Second
X-Rebelmouse-Surrogate-Control
X-Origin-Time
X-Nyt-Route
X-Gdpr
X-Amzn-Remapped-Content-Length
X-Rebelmouse-Cache-Control
X-RCS-CacheZone
X-Policy
X-Platform
X-Pool
X-Qloud-Router
X-RateLimit-Remaining-Second
X-Region-Sid
Fastly-Backend-Name
X-Sn-Servicetimems
X-Slack-Backend
X-VG-TLSProxy
X-Thinkindot-L3
X-VarnishDD-TTL
X-SIPLIST1
X-VServer
X-Request-URI
X-Rocket-Nginx-Serving-Static
X-Served-From
X-WADP-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Fmm-Version
X-Fastly-Cache
X-Forwarded-Site
X-Ftr-Request-Id
X-Gamma-Serve
X-Eu-Site
X-Ec-Custom-Error
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Dispatcher-Number
X-Gen-Mode
X-Generated-On
X-Mvc-Supplant-Cachable
X-Minions-Version
X-NCache
X-Node-Id
X-Planisys-CDN-Cache
X-Loc
X-Level-Front-Cache
X-GeoIP-City
X-HN
X-Hnp-Log
X-LAGOON
X-Csrf-Jwt
Traceparent
Origin-CC
Origin
NGX
N-Cache
Origin-EX
CPC-Age
Fastly-SIE
CloudFront-Viewer-Country
PFcat
X-Varnish-Ttl
CPC-Cache
Machine
Fastcgi-Cache-TTL
Fastly-GeoIP-CountryCode
X-EC-Lua
Fastly-SWR
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
L
VNS-Cache
IsBot
Req-Svc-Chain
Release
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Thinkindot-Control
Apple-News-Services-Handled
VNS-Age
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
Server-Ext
Apple-News-Services-Request-Url
Sever-Int
TDXMobile
CDCHOST
Ssr
Server-Hostname
Svr
X-R9-Blue-Green-Version
Ohc-File-Size
Cache-Name
DSUID
X-Owner
X-Scale
HostName
Web-Mar-Region
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Cache-Backend
X-Via-Ucdn
X-Viewer-Country
X-Micro-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Auto-Login
X-Pod-Name
Cluster
X-WA-Info
X-Optimistic-Header
Gh-Request-Id
X-Correlation-ID
CDN
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Pics-Label
X-ZONE
Cache-Host
Ngx.Var.Host
X-Httpd
GEO-INFO
X-Server-IP
X-VC
X-Refresh
X-Proxy-CacheRZ
X-Srv
XkeyRZ
X-CACHE-KEY
X-CS
X-NC
Servername
X-LB-NoCache
X-Parent-Response-Time
X-Ah-Environment
Path
X-TIME
Lb
Ms-Author-Via
X-Contensis-Viewer-Groups
X-Webstats-RespID
Env
X-Cache-ASPX
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-From
X-Edge-Pop
X-Udemy-Cache-App-Namespace
X-Tb-Optimization-Total-Bytes-Saved
Memory
X-Location
X-Clientip
Time
X-Varnish-Authentication
X-Generated-In
X-RateLimit-Reset
X-Varnish-Beresp-TTL
X-Via-Poph
X-Via-Popn
X-TraceId
X-Via-Popv
Locid
X-API-Version
X-Amz-Meta-Cb-Modifiedtime
Ohc-Cache-HIT
GeoIp-Country-Code
ITXSESSIONID
X-S-Maxage
X-Men
X-Response-By
Arc-Country
AMP-Access-Control-Allow-Source-Origin
X-Vc
X-Old-Content-Length
True-Client-IP
X-Akamai-Transformed
X-Dmc
X-Cs
X-Accel-Expires-Debug
Client
X-DW
X-RPM
X-DSS
X-RSL
X-RPS
X-Date
X-HA-Backend
X-Zone
X-DI
X-DB
X-VCL-Version
Geoip-Latitude
Hostname
X-VHOST
X-Tec-Api-Version
X-Tec-Api-Origin
X-Trace-ID
X-MSEdge-Flight
X-Render-Time
X-DynaTrace-JS-Agent
Server-ID
X-Tec-Api-Root
X-MSEdge-Features
X-TRACE-ID
X-URL
X-Presslabs-Stats
X-Gateway-Cache-Status
C-Via
X-INCAP-ABP
Rip
X-Gateway-Cache-Key
X-Fpc
X-Gateway-Request-Id
X-Service
X-Gateway-Skip-Cache
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Tube-Get-Contents
X-DC
X-Cache-Debug
FSS-Cache
Tube-Return
Tube-Got-Results
X-FireWall-Port
Tube-Got-Eval
Click-Count-Action-Start
Click-Count-Error
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-M-Reqid
X-B3-Spanid
Fusion-Content-Id
Fusion-Component-Id
X-Qnm-Cache
HIT
On-Server
NtCoent-Length
X-Api-Version
X-M-Log
Powered-By
Esi-Enabled
X-Webkit-Csp-Report-Only
X-TX-ID
X-PX
CacheControlHeader
Tcn
X-Edge-Origin-Shield-Region
Srv
X-Edge-Origin-Shield-Bytes
X-FPC
Test
X-Alfa-Service
True-Client-Country-4JS
X-TH-Server
X-Action
X-NGINX-Cache
Server-Id
X-Backend-TTL
X-Proxy-Cache-Hk
OT-Force-Account-Verify
X-CSRF-TOKEN
X-Cdn-Request-ID
X-Traceid
Cdn
X-Beluga-Node
User-Agent
Geo-Info
X-Vcl-Version
X-Check-Cacheable
X-Beluga-Cache-Status
X-Beluga-Record
X-Beluga-Response-Time
X-HS-Status
Edge-Cache
X-Beluga-Status
X-Beluga-Trace
X-Akamai-Pragma-Client-IP
X-Pass-Why
X-Req
GeoIP-Country-Code
X-Via-PopV
X-Via-PopN
X-Via-PopH
Sid
GeoIP-Latitude
X-Origin-Upstream-Status
Proxy-Connection
X-Ha-Backend
Uri
Srvid
Resin-Trace
X-App
My-App
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
DT-Hot-News
WebServer
Server-Ttl
M-TraceId
X-APP
Cf-Int-Pingora-Origin-Digest
MIME-Version
X-CCDN-CacheTTL
Epwk-X-Cache
X-Up
X-ServedByHost
X-Thanos
X-Bip
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Cdn-Forward
X-Backend-Host
ENV
X-Fastly-Backend-Reqs
X-Request-Start
X-LB-ID
True-Client-Ip
X-Provided-By
X-Esi
Warning
XServer
ServerName
X-Edge-POP
X-LI-UUID
X-Geo
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Lb-Nocache
X-B3-Traceid-Primal
X-HostName
Dt-Hot-News
X-Nc
X-Vercel-Cache
Magicmarker
X-Akamai-Request-ID
PICS-Label
X-Vercel-Id
X-ElasticPress-Query
X-Newrelic-App-Data
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-UnsetCookies
CF-Cached-On
X-Fetch-By
X-CF-Powered-By
X-Webkit-CSP-Report-Only
X-RAMCache
X-HITS
X-Dw-Trace-Id
X-Serial
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
X-Time-Microsecs
Canary
X-ND-Cache
X-IN-APIGATEWAYSSL
Inserted-Into-Cache-At
X-IN-APIGATEWAY
D-Url-Rewrites
X-CMSURLCustom
X-Iplb-Request-Id
X-Request-Url
X-Varnish-Beresp-Status
WZWS-RAY
X-Vcache
X-Cc-Via
X-Iplb-Instance
X-Yottaa-OS
Cdn-Edgestorageid
Cdn-Requestcountrycode
Cdn-Uid
Cdn-Requestid
Cdn-Cachedat
Cdn-Pullzone
Servedby
Cdn-Cache
Wp-Super-Cache
X-LiteSpeed-Tag
Vha6-Origin
X-CUA
DataCenter
X-Azure-Ref-OriginShield
X-Snapshot-Date
X-Dist-Code
X-MiniProfiler-Ids
X-Fastly-Cache-Hits
Content-Style-Type
Content-Script-Type
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
X-Request-URL
CountryCode
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Fastcgi-Cache-Ttl
X-BBC-Origin-Response-Status
X-Release
Cf-Device-Type