Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Report-To
Keep-Alive
X-UA-Device
Request-Context
X-Age
X-Backend
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
NEL
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Ua-Compatible
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
Accept-CH
X-Host
X-Server-Id
X-Dns-Prefetch-Control
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country
Accept-Ch-Lifetime
X-B3-TraceId
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Cache-Lookup
Accept-CH-Lifetime
X-Trace
X-Url
Allow
X-Ac
X-Content-Type
X-TtlSet
X-PC
X-Vname
X-Varnish-TTL
X-Clacks-Overhead
X-Aws-Lambda-Call-Status
Edge-Control
X-Server-Name
X-Mod-Pagespeed
X-ESI
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
Verso
X-Element-Page-Cache
MS-Author-Via
X-Upstream
X-FastCGI-Cache
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-GitHub-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-D2id
X-Client-IP
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-Px
RTSS
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Navigation-Version
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Revision
Arr-Disable-Session-Affinity
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
Access-Control-Request-Method
X-Country-Code
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-TTL
X-Powered-CMS
X-Kraken-Loop-Name
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-SID
AR-ATIME
X-Server-Lifecycle-Phase
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Instrumentation
X-Origin-Cache
X-Version
X-Middleton-Response
Response
X-LLID
X-MSEdge-Ref
X-Amz-Server-Side-Encryption
Nginx-Cache
TCN
X-Edge-Location-Klb
X-Kinsta-Cache
X-RateLimit-Remaining
X-Edge
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Protected-By
X-CST
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-T
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-Shield-Request-Id
X-Aspnetmvc-Version
X-Id
X-Mg-S
Edge-Cache-Tag
S
X-Language
Content-MD5
SPIisLatency
SPRequestDuration
X-Ruxit-Js-Agent
Fastcgi-Cache
Front-End-Https
X-Mid
Realpath
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Recruiting
Filters
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Frontend
X-Content
X-Ua-Browser
X-Ab
Server-Name
X-MCACHE
X-Ser
X-Cache-Key
X-DynaTrace
X-HS-Hub-Id
X-HS-Content-Id
X-NWS-LOG-UUID
X-Correlation-Id
X-HS-Cache-Config
Accept-Ch
X-HS-Combine-CSS
X-Template
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-ECACHE
X-SharePointHealthScore
SPRequestGuid
X-Hits
X-Parallel-Accel
X-Ttl
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Tt-Trace-Host
X-Kong-Upstream-Latency
Cache-Tags
X-Page-Id
Charset
Host
Cleartype
X-B3-Sampled
Alternate-Protocol
X-Webkit-Csp
X-Www-Served-By
X-Git-Hash
X-Content-Options
Fusion-Source
X-Daa-Tunnel
Fusion-Deployment-Id
X-Geo-Country
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-Debug-Info
X-DIS-Request-ID
X-Hostname
X-Amzn-Trace-Id
X-Content-Digest
X-Amz-Replication-Status
Filterid
Cross-Origin-Opener-Policy
X-Ratelimit-Limit
X-Varnish-Age
X-Az
X-Activity-Id
X-AppVersion
X-Upgrade-Enabled
X-Grace
X-FB-Debug
X-VCache
X-F-Cache
ServerID
X-Nginx-Upstream-Cache-Status
X-N
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-Rid
X-Forwarded-Proto
X-Origin-Server
X-Mobile-URL
X-Fastly-Request-ID
Access-Control-Allow-Method
X-XRDS-LOCATION
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Type
X-Server-ID
X-DataDome
X-Whom
X-LB-Cache
X-TT
X-Fastcgi-Cache
X-Goog-Metageneration
X-Varnish-Grace
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-App-Environment
Viewport
Payment
X-Seen-By
TP-Cache
X-Tb
TP-L2-Cache
DC
X-User-Agent
Node
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Distributor
Paypal-Debug-Id
X-Fastly-Request-Id
Country
Accept-Charset
X-App-Server
X-Wix-Request-Id
Fastcgi-Useragent
X-Ratelimit-Reset
X-Litespeed-Cache
X-Cache-Rule
X-Cache-Control
X-NGENIX-Cache
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Via-JSL
Version
X-Drupal-Cache-Tags
X-Origin-Upstream-Status
X-Cluster-Name
X-Request-Handler-Origin-Region
X-Microsite
Referer-Policy
X-Buckets
X-Contextid
X-Signature
X-B-Cache
X-Cache-Age
X-Logged-In
Cache-Status
Refresh
X-Node-Name
X-Original-Request-Id
SD-X-WS
VIX-Pulpo-Node
X-Response-Served-From
X-Browser-Type
VIX-Pulpo-Upstream-Status
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Erf-Bev-Bev
X-Load-Cache
X-Varnish-Backend
X-Rendered-As
X-Page-View
X-Is-Bot
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-Real-IP
Access-Control-Request-Headers
X-Jobs
X-Proxy-Cache-Status
X-B
X-IPLB-Instance
X-Cacheable-TTL
NGB
Amp-Access-Control-Allow-Source-Origin
X-Revision
X-Debug
X-Instance
X-UUID
X-Rule
X-RemovedCookies
X-Proxy
X-Cache-Action
X-ProcessESI
X-Device-Type
Akamai-GRN
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Drupal-Cache-Contexts
X-Cache-Time
X-Framework
Surrogate-Key
X-Debug-IsConnected
X-G
X-Debug-IsPreview
X-FW-Version
CF-IPCountry
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
SID
X-Accel-Buffering
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-PressLabs-Stats
X-Oneagent-Js-Injection
DynaTrace
Count-Hit
X-Nginx-Cache
GEO-INFO
Uber-Trace-Id
X-Azure-Ref
X-Cache-NGX
X-Source
X-Presslabs-Stats
X-Cache-Operation
X-Ms-Request-Id
X-Ms-Version
Liferay-Portal
X-XRDS-Location
X-RateLimit-Limit
X-Zen-Fury
Frame-Options
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-CDN-Forward
X-RTag
Ms-Operation-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
MS-CV
Protected
X-TEC-API-VERSION
Healthy
X-Cache-Hit
X-Mode
X-Backend-Name
X-Environment-Context
Ec-Rule-Version
Countrycode
Xserver
X-IPS-LoggedIn
X-L-Path
Cross-Origin-Window-Policy
X-Hyper-Cache
X-Cache-TTL-Remaining
WPO-Cache-Status
X-Varnish-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
WPO-Cache-Message
X-Tumblr-Pixel
X-Tumblr-User
X-Ratelimit-Remaining
X-Servername
X-Trace-Id
Backend
LB
X-JoinUs
X-UPSTREAM-Address
X-RN-RSRV
X-Adobe-Content
Meta-Geo
X-Adobe-Loc
Content-Disposition
X-Detected-As
X-Content-Age
X-Tid
X-Rewrite-Enabled
X-Region
X-SaId
Decoy-Debug-Status
Country-Code
Decoy-Debug-Key
Decoy-Debug-TTL
X-Alternate-Cache-Key
X-Extlb
X-Format
X-Debug-Cache
X-Cache-Server
Apigw-Requestid
Eomportal-Instance
X-Sql-Count
X-ShopId
X-ShardId
X-Routing-Service
X-Redis-Cache
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Zipkin-Id
X-Uri
X-Sql-Duration-Ms
X-Generation-Time
X-Proxied
X-Sorting-Hat-ShopId
X-Hosted-By
CDN-RequestId
X-Access
X-Microcachable
X-ApacheServer
X-NCache
X-Cache-Grace
Fastly-SSL
X-Via-Fastly
Mn-Server-Ip
X-Human
X-PHP-Backend
X-Forwarded-Host
X-Site-Version
X-Status
X-PERF
X-PCL
X-Section
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
CDN-Uid
X-No-Session
X-Varnish-Beresp-Grace
X-OCL
X-ServerID
TWC-Device-Class
Selected-Fe
Property-Id
X-UA-Device-Type
X-FB-TRIP-ID
Url
Cache-Name
X-Origin-Date
Webcakes-App-Name
X-Server-W
X-Origin-Hint
X-Cluster-Node
X-Content-Powered-By
X-Pubstack
X-Proxy-Build
X-ProxyCache-Key
X-ProxyCache-Status
X-Cache-Type
X-Cache-Host
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Storage
TWC-Locale-Group
TWC-Privacy
X-BYPASS-REASON
Webcakes-Region
Webcakes-App-Version
X-Timing-Wait
TWC-Connection-Speed
Cache-Tv-Group
Section-Io-Cache
X-Akamai-Edgescape
X-Varnishpool
X-Soup
X-NYM-Debug-Backend
X-Say-TTL
X-Generated-By
X-Web-Node
X-SayCDN-TTL
X-Hl-Ver
X-Say-Cacheable
X-R9-Blue-Green-Version
Azure-SiteName
Azure-Version
Content-Secure-Policy
Azure-InstanceId
X-Be
Azure-RegionName
Azure-SlotName
X-LSADC-Cache
X-Webkit-CSP
X-Ua
DB-Nickname
Retry-After
X-TIME
X-NewRelic-App-Data
X-Nginx-Cache-Key
OT-Force-Account-Verify
X-Unique-Id
X-Cache-Remote
X-Dc
X-Cached-By
X-Azure-Ref-OriginShield
X-Bc-Bl
X-TT-LOGID
X-Platform-Server
X-Akamai-Transformed
X-Auto-Login
Source
SRV
X-Xfnlog-Site
Cache
X-LAGOON
ServedBy
X-Cdn
Upgrade-Insecure-Requests
X-Cache-Tags
HostName
X-Origin-TTL
X-Origin-CC
X-GEO
X-Varnish-Cache-Hits
X-Varnish-Hits
Cache-Hits
X-Loop
X-Request-Time
X-HTML-Minification-Powered-By
X-App-Version
X-TNCMS
X-Varnish-Hostname
X-CSRF-Token
X-EC-Lua
Onion-Location
Xet-Cookie
X-S-Maxage
From-Origin
X-Time
Mime-Version
X-AOL-HN
WP-Super-Cache
X-NWS-UUID-VERIFY
X-Request-Host
Webserver
X-SRV
X-ECache
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Web-Mar-Node
X-Proto
N-Cache
X-Handled-By
X-Cache-Enabled
X-FireWall-Port
X-Endurance-Cache-Level
X-B3-SpanId
X-Amz-Meta-S3cmd-Attrs
X-Tenant
X-Correlation-ID
Nel
X-Origin-Response-Time
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
Xc-Version
User-Cache-Control
X-Reqid
Surrogated-Key
X-RCS-CacheZone
Sslversion
Mobile-Detection-Method
Expiry
Fastcgi-X-Cache-Version
V-Age
DCR-Processing-Time-Ms
A
Meta-Geo-Continent
DCR-Decision-By
Redirect-Candidate
Pramga
Odigeo-Trace-Id
BehaviorPad-Version
Rendered-Blocks
X-CF-Lambda-Fn
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Processor
X-PAYTM-SRV-ID
X-Orig-Expires
X-Hnp-Log
X-GG-Cache-Date
X-Ig-Push-State
X-NAPM-TraceId
X-ND-Cache
X-Rojux
X-S
X-V-Cache
X-TIM-N
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-SRCache-Key
X-Slack-Backend
X-ScT
X-S-Cookie
X-SD-PageType
X-Session-Fingerprint
X-Shop-Environment
X-Gen-Mode
X-Ftr-Request-Id
X-ARC
X-Application
X-B-Cookie
X-Backend-TTL
X-Block-Status
X-Aed
X-A-Wwc
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Cache-NE
X-Vtex-Processado-Em
X-Developer
X-Vtex-Remote-Cache
X-Epic-Correlation-Id
X-External-Request-Id
X-Forwarded-Path
X-Destination
X-D
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cluster
X-Connection-Hash
Vix-Hermes-Req-Id
X-Conf
S-Rt
X-Time-Microsecs
X-Adobe-Source
X-MP-GENERATED-AT
X-Edge-Location
X-Date
X-Cdn-Srv
X-Cache-Info
AMP-Access-Control-Allow-Source-Origin
X-Gdpr
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Geo-Header
X-Cache-Date
X-Forwarded-Site
X-Fastly-Cache
X-Aicache-OS
State
Svr
Origin
Host-ID
Gh-Request-Id
True-Client-Country-4JS
Wxu-Next-Commit
X-Hash
X-Accel-Expires-Debug
Wxu-Next-Region
Wxu-Next-Hostname
X-Cache-Bucket
X-Li-Pop
X-Http-Reason
X-Sucuri-Cache
X-Server-IP
X-Scheme
X-Akamai-Request-ID2
X-Sucuri-ID
X-SVT-ORM-RULES
X-Webstats-RespID
X-Viewer-Country
X-VG-TLSProxy
X-SVT-ORM-VERSION
X-Rocket-Nginx-Serving-Static
X-Proxy-Upstream
X-Mg-Request-UUID
X-Mvc-Supplant-Cachable
X-Men
X-Location
X-LI-UUID
X-NodeID
X-Nyt-Route
X-Policy
X-Origin-Time
X-Origin
X-Old-Content-Length
X-Li-Fabric
X-Request-URI
Cmsid
CDCHOST
Cmstype
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Fastcgi-Cache-TTL
CacheControlHeader
AKAMAI
Arc-Country
DSUID
X-Locale
X-Amz-Apigw-Id
Environment
X-Amzn-RequestId
CloudFront-Viewer-Country
X-Cache-Var
X-Via-NSCOPI
X-Labrador-Cache-Channel
X-Magnolia-Registration
X-PHP-Host
X-Cache-Var-Map
X-Eu-Site
X-Generated-On
X-Gamma-Serve
X-Esi-Check
X-Datadog-Trace-Id
X-Cache-Id
X-Cache-Debug
X-Branch-Name
X-BBC-Edge-Cache-Status
X-CGP
X-Core-Value
X-Developers
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Envoy-Decorator-Operation
X-Level-Front-Cache
X-VarnishDD-TTL
Origin-CC
X-Varnish-Beresp-Status
X-UnsetCookies
X-Storefront-Renderer-Rendered
X-TH-Server
Origin-EX
Traceparent
X-VServer
X-Fastly-Backend
X-Origin-Expires
X-Fetched-On
X-Core-Mission
X-Device-Os
X-Skip-Cache
X-Sigma-Backend
Server-Info
X-Owner
X-Backend-State
X-Irp-Debug
X-HN
X-HS-Content-Campaign-Id
X-Platform
X-RateLimit-Limit-Second
X-Served-From
X-Sigma
X-Rocket-Build-Number
X-Req
X-RateLimit-Remaining-Second
X-Region-Sid
X-Gzip
X-TrackingId
Mail-Subject
HA-Ipaddr
Ha-Gx-Prefs
Magicmarker
Ssr
Machine
L
L5d-Success-Class
PFcat
Web-Mar-Region
X-Varnish-Beresp-Ttl
Req-Svc-Chain
Release
Fastly-GeoIP-CountryCode
We-Hiring
Server-Host
X-Xrds-Location
NGX
NM-Fastcgi-Cache
X-Pod-Name
Memcached
TDXMobile
X-Has-Esi
X-FC-Vary-Parameters
X-Is-Gdpr
X-JWT-State
X-Sn-Servicetimems
X-Restarts
X-Cdn-Origin
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
X-ATG-Version
X-Node-Id
X-GeoIP
Locid
X-GeoIP-City
X-Amzn-Remapped-Content-Length
X-Ua-Device
Fastly-Drupal-Html
Kp-EeAlive
Is-Eu
X-DefElseHash
Platform
Fastly-SWR
X-CS
X-Request-Start
Cf-Device-Type
Fastly-SIE
X-DefHash
X-Loc
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Worker
X-Variation
X-Response-By
X-NU-AKA-ACS-Version
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-DPWN-IS-SECURE
Adler-Geo
X-Zone
X-Tx-Id
X-TraceId
X-VC-Cache
X-Action
X-Qnm-Cache
CDN
X-M-Reqid
X-Bip
X-Mvc-Supplant-OutputCached
X-M-Log
X-DI
X-DB
X-Cache-Backend
Edge-Cache
X-Up
X-Thanos
X-NC
X-LB-ID
X-DSS
X-RSL
X-DW
X-Wix-Viewer-Type
X-RPS
X-RPM
X-Srv
Accept-Language
Pics-Label
X-Trace-ID
X-Generated-In
X-LB-NoCache
Ms-Author-Via
X-API-Version
X-CacheTTL
X-Cache-Config
Time
X-Minions-Version
X-Optimistic-Header
Memory
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popn
X-Via-Poph
Env
X-Edge-Pop
X-Via-Popv
X-Refresh
X-Varnish-Ttl
WebServer
X-Tt-Logid
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
GeoIp-Country-Code
X-HA-Backend
NtCoent-Length
Datacenter
X-DC
Candidate-Md5Url
X-CACHE-KEY
X-DynaTrace-JS-Agent
X-TA-CDN-Provider
X-Datadome
X-ZONE
Server-ID
X-Ec-GeoHdr
X-User
X-Esi
X-Ec-Fail
X-Parent-Response-Time
X-Dynatrace
X-TX-ID
X-Servedbyhost
X-MSEdge-Flight
X-MSEdge-Features
X-Vc
WWW-Authenticate
On-Server
X-Cs
X-CLOUD-TRACE-CONTEXT
Esi-Enabled
Cdncip
X-Unique-ID
Cdnsip
X-Varnish-Beresp-TTL
X-AK-Request-ID
X-Service
X-Cache-PHP
C-Via
X-WADP-Cache
My-App
Geoip-Latitude
Cluster
X-App
X-Li-Proto
X-VCL-Version
X-Cache-Ttl
X-Clara-WADP
X-Fmm-Version
X-URL
Tracecode
X-Var-Ttl
Geo-Info
X-Fpc
X-Newrelic-Synthetics
X-LI-Proto
X-CUA
X-Webkit-Csp-Report-Only
X-Pass-Why
X-Traceid
DataCenter
Fastly-Drupal-HTML
X-Vcl-Version
Test
X-FPC
Lfy
T-Server
X-From
X-B3-Spanid
Proxy-Connection
X-Webkit-CSP-Report-Only
X-NODE
Cf-Int-Pingora-Origin-Digest
X-Cache-Status-Check
X-VC
X-Render-Time
X-Fragments
Lang
X-Mcache
X-LiteSpeed-Cache-Control
Resin-Trace
M-TraceId
Target-Params
MIME-Version
Server-Id
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-CSRF-TOKEN
X-Provided-By
X-Ha-Backend
X-Geo
X-RAMCache
X-ID
Hostname
X-ServedByHost
GeoIP-Country-Code
Permissions-Policy
Hit
X-Api-Version
X-Clientip
X-Dynatrace-Js-Agent
X-Edge-POP
X-Via-PopH
Servername
X-Via-PopN
X-LiteSpeed-Tag
X-Httpd
X-Cdn-Forward
X-Oss-Storage-Class
X-Oss-Server-Time
X-Proxy-Cache-Info
WZWS-RAY
Cache-Host
HIT
X-Via-PopV
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Pad
X-Oss-Object-Type
UCS
ENV
X-Info
X-AIR-PT
FSS-Cache
Producers
Section-Io-Origin-Time-Seconds
X-NGINX-Cache
Section-Io-Origin-Status
X-Fastly-Backend-Reqs
S-Cnection
X-SB
X-Edge-Cache
Section-Origin-Responded
Section-Io-Id
X-Ucs
X-Platform-Router
X-Platform-Processor
X-ElasticPress-Query
Ohc-File-Size
X-Pool
X-Platform-Cluster
X-Check-Cacheable
X-Udemy-Cache-App-Namespace
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-GoCache-CacheStatus
Uri
X-UP
Fastly-Backend-Name
X-Cache-CFC
PICS-Label
X-Lb-Nocache
ServerName
X-Scale
User-Agent
X-Ec-Custom-Error
X-Acquia-Site
X-HS-Status
X-BBC-Origin-Response-Status
URI
X-Micro-Cache
X-Acquia-Purge-Tags
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Cneonction
Server-Ttl
Server-Ext
X-Lb-Id
X-Release
Server-Hostname
Tcn
Load-Balancing
Cteonnt-Length
X-RateLimit-Reset
X-ServerName
X-Backend-Host
X-Dispatcher-Number
X-Cdn-Request-ID
X-Cache-Expires
X-Swift-Error
Sever-Int
X-Nc
MD5-Digest
X-Fastly-Cache-Hits
X-Dw-Trace-Id
X-Akamai-ERRuleID
IsBot
X-Akamai-ERPolicy
X-SIPLIST1
X-Vcache
Wpo-Cache-Message
Wpo-Cache-Status
Shield-Pop
EpKe-Alive
X-Snapshot-Date
Cf-Ipcountry
X-Contensis-Viewer-Groups
X-Newrelic-App-Data
X-Via-Ucdn
X-Cache-ASPX
X-APP
CF-Cached-On
X-Yottaa-OS
X-B3-ParentSpanId
Vha6-Origin
X-BCube-Filmed-By
X-TRACE-ID
Cdn
X-HostName
X-Air-Pt
Sid
X-Cache-Ngx
X-B3-Parentspanid
Inserted-Into-Cache-At
X-Shopify-Generated-Cart-Token
X-Litespeed-Cache-Control
X-IN-APIGATEWAY
X-Cms-Context
X-Fetch-By
X-IN-APIGATEWAYSSL
X-Apw-Access-Action
X-Apw-Hits
X-Logging-Id
X-CacheKey
X-UA
X-Apw-Access-Token
X-Apw-Access-Object
Path
Ohc-Cache-HIT
X-Varnish-Authentication
X-Akamai-Pragma-Client-IP
Req-ID
X-Te-Count
X-Te-Duration-Ms
X-Last-Modified
X-Http-Duration-Ms
X-Http-Count
CountryCode
X-Sentry-ID
Ngx
X-Akamai-Request-ID