Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
P3p
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Akamai-Path-Stats
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
X-HW
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Country
Fastly-Restarts
X-MS-InvokeApp
Accept-Ch-Lifetime
X-Rack-Cache
X-Mod-Pagespeed
X-PC
X-TtlSet
X-Vname
X-Ruxit-JS-Agent
X-Clacks-Overhead
Accept-Ch
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-Varnish-TTL
Cache-Tag
X-Amz-Server-Side-Encryption
X-Content-Type
X-Vcap-Request-Id
X-B3-TraceId
X-Dw-Request-Base-Id
X-Amz-Rid
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Variant
Public-Key-Pins
X-Exp-Id
X-Px
X-Cnection
X-D2id
X-Edge
X-Ac
X-RateLimit-Remaining
X-Navigation-Version
X-Element-Page-Cache
X-FastCGI-Cache
Verso
X-Ser
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Client-IP
X-Powered-By-Plesk
X-Abt-Application-Version
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Ttl
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Ruxit-Js-Agent
X-Correlation-Id
Access-Control-Request-Method
X-Goog-Hash
X-Content-Security-Policy-Report-Only
SPRequestDuration
SPIisLatency
X-Kinsta-Cache
X-Cached
X-Edge-Location-Klb
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-SID
SPRequestGuid
X-SharePointHealthScore
X-Upstream
X-Powered-CMS
X-LLID
Edge-Cache-Tag
X-RateLimit-Limit
X-NWS-LOG-UUID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Forwarded-For
X-Cache-Key
Nginx-Cache
X-Litespeed-Cache
X-TTL
Content-MD5
X-Id
X-MSEdge-Ref
MRF-Tech
X-Shield-Request-Id
Mrf-Cache-Status
TCN
X-T
X-B3-TraceId-Primal
X-Recruiting
X-Daa-Tunnel
S
X-Content-Digest
X-DataDome
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Webkit-Csp
X-Mg-S
X-HP-Webp
MS-Author-Via
X-Ua-Device
X-HP-Trace-Id
X-Jurisdiction
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Accel-Expires
X-ECACHE
X-WebKit-CSP-Report-Only
X-Protected-By
X-Ezoic-Cdn
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Grace
X-HS-Cache-Config
X-Ab
X-Ua-Browser
X-Content
X-Frontend
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Request-Received
Server-Node
Filters
Front-End-Https
X-Yandex-Sdch-Disable
TP-L2-Cache
TP-Cache
X-DynaTrace
X-PressLabs-Stats
X-Server-ID
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Mid
X-Geo-Country
X-ORACLE-DMS-RID
X-Hits
X-Request-Handler-Origin-Region
X-Microsite
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
X-LB-Cache
Charset
Cleartype
Host
X-Debug-Info
X-Ratelimit-Reset
X-Page-Id
X-F-Cache
X-Git-Hash
X-B3-Sampled
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-DIS-Request-ID
X-Cache-Age
X-Www-Served-By
Access-Control-Allow-Method
Cache-Status
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Realpath
X-Seen-By
X-AppVersion
X-Activity-Id
X-Az
ServerID
X-Fastly-Request-Id
Accept-Charset
Cache-Tags
Filterid
X-Varnish-Age
X-XRDS-LOCATION
X-Cluster-Name
X-Aspnetmvc-Version
X-Nginx-Upstream-Cache-Status
X-Mcache
X-Rid
X-Language
X-Content-Options
X-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Retry-After
X-MCACHE
X-App-Environment
Country
Server-Name
X-FB-Debug
X-Upgrade-Enabled
Viewport
X-Varnish-Grace
DC
Paypal-Debug-Id
Node
X-User-Agent
X-Varnish-Backend
X-Tb
X-Origin-Cache
X-Whom
X-Drupal-Cache-Tags
X-B-Cache
X-Signature
X-GUploader-UploadID
X-TT
X-Wix-Request-Id
X-Mobile-URL
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Oracle-Dms-Ecid
X-Route-Name
X-VCache
X-Flags
X-Aspnet-Duration-Ms
X-Oracle-Dms-Rid
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-B
X-NWS-UUID-VERIFY
Protected
X-Oneagent-Js-Injection
Fastcgi-Useragent
Permissions-Policy
X-Debug
X-Logged-In
WPO-Cache-Message
X-Amz-Replication-Status
WPO-Cache-Status
Payment
X-Via-JSL
X-Amz-Meta-S3cmd-Attrs
X-N
X-Cache-NGX
X-Load-Cache
Surrogate-Key
X-Contextid
X-Cache-Control
Count-Hit
X-Template
X-Node-Name
X-ECache
Healthy
Amp-Access-Control-Allow-Source-Origin
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-B3-Traceid
X-FW-Hash
X-FW-Dynamic
X-Webkit-CSP
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
X-Mobile
X-Trace-Id
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-Proxy
Content-Disposition
Akamai-GRN
Refresh
X-G
X-Jobs
X-Revision
X-Cache-Time
X-XRDS-Location
X-Real-IP
X-Framework
Uber-Trace-Id
X-Akamai-Request-ID2
X-Cache-TTL-Remaining
X-UUID
X-Zen-Fury
X-Rendered-As
X-Fastcgi-Cache
X-Restarts
X-Proxy-Cache-Status
NGB
Url
X-Is-Bot
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Alternate-Protocol
X-Hostname
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Debug-IsConnected
X-Adobe-Loc
X-Http-Reason
X-Page-View
X-Instance
X-Adobe-Content
X-Device-Type
Access-Control-Request-Headers
X-Servername
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-NGENIX-Cache
X-Cache-Grace
X-Fastly-Request-ID
X-IPLB-Instance
X-Mg-Request-UUID
X-Varnish-Server
Version
X-EdgeConnect-Cache-Status
X-Environment-Context
X-L-Path
X-Source
X-Midtier
Accept-Language
X-HTML-Minification-Powered-By
Countrycode
Ms-Operation-Id
MS-CV
X-RTag
X-Cache-Rule
Frame-Options
X-Cache-Hit
X-Vgn-Hpd-Reason
X-Cache-Expired-At
From-Origin
Referer-Policy
Liferay-Portal
X-App-Server
X-NYM-Debug-Backend
Cross-Origin-Window-Policy
Backend
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Nginx-Cache
X-IPS-LoggedIn
X-FW-Version
X-Parallel-Accel
X-APP-VERSION
Content-Secure-Policy
X-COUNTRY
X-Datadome
X-Hosted-By
X-UPSTREAM-Address
X-Unique-Id
X-RN-RSRV
Meta-Geo
Upgrade-Insecure-Requests
X-Cache-Server
X-RemovedCookies
Section-Io-Cache
X-PCL
X-Redis-Cache
X-Ua
X-No-Session
X-OCL
X-Generation-Time
X-ProcessESI
X-Region
X-PHP-Backend
X-Origin-Hint
X-Request-Time
X-Server-W
X-Via-Fastly
X-Cache-Enabled
X-FB-TRIP-ID
X-Content-Age
X-Varnish-Cache-Hits
X-Format
X-UA-Device-Type
X-Uri
X-Section
X-Access
WP-Super-Cache
Azure-Version
Mn-Server-Ip
Azure-SlotName
Azure-SiteName
Apigw-Requestid
Azure-InstanceId
Azure-RegionName
Property-Id
S-Rt
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Cluster-Node
TWC-Device-Class
CF-IPCountry
X-Mode
Locale
Fastly-SSL
X-ApacheServer
X-Cache-Host
X-Debug-Cache
X-Content-Powered-By
Eomportal-Instance
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
Cache-Tv-Group
X-Sorting-Hat-ShopId
X-Locale
X-PERF
X-Xfnlog-Site
X-Urbn-Site-Id
X-Akamai-Edgescape
X-AOL-HN
X-Origin-Date
X-Be
X-Urbn-Context-Path
X-Storage
X-Site-Version
X-Alternate-Cache-Key
X-Sql-Count
X-Sql-Duration-Ms
X-Status
X-Nginx-Cache-Key
X-Human
X-Cache-Action
X-Hl-Ver
X-JoinUs
X-ProxyCache-Status
X-Extlb
X-Proxied
X-Cache-Type
X-NewRelic-App-Data
X-Backend-Name
X-BYPASS-REASON
X-Routing-Service
X-Detected-As
X-SaId
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Labrador-Cache-Channel
X-PHP-Host
X-Generated-By
X-Forwarded-Host
X-ServerID
X-Tid
X-Varnishpool
X-Zipkin-Id
Ec-Rule-Version
X-ProxyCache-Key
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Platform-Server
X-Handled-By
X-Web-Node
X-Adobe-Source
X-Cache-Tags
X-Cms-Context
X-Ratelimit-Remaining
X-GG-Cache-Date
X-Timing-Wait
Selected-Fe
CDN-RequestCountryCode
CDN-CachedAt
CDN-RequestId
X-Proxy-Build
CDN-PullZone
CDN-Cache
CDN-Uid
CDN-EdgeStorageId
ServedBy
X-VC-Cache
X-Dc
X-Edge-Location
X-Storefront-Renderer-Rendered
Load-Balancing
X-Hyper-Cache
SRV
X-CDN-Forward
X-LSADC-Cache
X-Proto
X-Rule
X-Cache-Operation
Web-Mar-Node
X-GeoCode
X-GeoCountry
X-TT-LOGID
Webserver
Onion-Location
X-App-Version
Fastly-Drupal-Html
X-Cached-By
X-Cache-Remote
X-Rewrite-Enabled
Mime-Version
X-Varnish-Hostname
X-Soup
X-GEO
Cache-Hits
SID
X-TA-CDN-Provider
X-Accel-Buffering
Xserver
X-Cluster
X-Cdn
X-Pubstack
X-Varnish-Ttl
X-Reqid
X-Origin-TTL
Country-Code
X-Varnish-Hits
X-Origin-CC
Xet-Cookie
X-Envoy-Decorator-Operation
X-Microcachable
X-Air-Hostname
Server-Info
X-Air-Trace-Id
X-Buckets
X-Air-Source
X-Magnolia-Registration
X-SRV
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Ratelimit-Limit
X-CSRF-Token
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-IPLB-Request-ID
DB-Nickname
LB
X-Request-Host
X-Ms-Request-Id
X-Ms-Version
X-Amzn-RequestId
X-Amz-Apigw-Id
Cache
Source
X-Ec-Fail
X-Ec-GeoHdr
X-Orig-Expires
X-Epic-Correlation-Id
X-S-Cookie
X-S
X-Esi-Check
Cdncip
X-Developer
X-Conf
X-PBS-Appsvrname
Cmsid
X-PAYTM-SRV-ID
Cdnsip
X-Destination
X-D
X-Connection-Hash
BehaviorPad-Version
A
X-Tenant
X-HS-Content-Campaign-Id
X-TIM-N
X-Ig-Push-State
X-A-Dcw
X-NAPM-TraceId
X-A-Dam
T-Server
X-Hash
Surrogated-Key
X-CF-Lambda-Version
X-Ftr-Request-Id
X-Forwarded-Path
X-Via-NSCOPI
X-Geo-Header
X-Origin-Response-Time
X-Gzip
X-External-Request-Id
DCR-Decision-By
X-Vdms-Path
X-Vtex-Processado-Em
X-A-Dgt
X-ARC
NM-Fastcgi-Cache
Mobile-Detection-Method
MD5-Digest
X-ScT
Meta-Geo-Continent
Odigeo-Trace-Id
Pramga
X-Aed
X-Vdms-Version
X-A-Wwc
X-VG-WebCache
X-AK-Request-ID
Rendered-Blocks
X-Application
X-SRCache-Key
Lang
X-Vtex-Remote-Cache
DCR-Processing-Time-Ms
X-Processor
X-SD-PageType
X-Session-Fingerprint
X-A-Ccd
X-Rojux
Sslversion
X-TrackingId
X-CF-Lambda-Fn
X-Cdn-Srv
X-Cache-NE
X-B-Cookie
Host-ID
X-Shop-Environment
X-User
X-Cache-Id
Expiry
Xc-Version
Fastcgi-X-Cache-Version
Cmstype
X-A
X-NCache
X-Tt-Logid
X-Newrelic-Synthetics
X-Bc-Bl
X-RCS-CacheZone
X-Time
X-B3-SpanId
X-Tx-Id
X-Endurance-Cache-Level
X-CacheTTL
Fastly-GeoIP-CountryCode
X-Cache-Info
Machine
X-Ckpd-Fst-Backend
X-Clara-WADP
Server-Host
Environment
State
X-Cache-Bucket
X-Cache-Backend
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Memcached
X-Core-Mission
X-Varnish-Beresp-Grace
Mail-Subject
X-Amzn-Remapped-Content-Length
We-Hiring
X-Device-Os
X-Sigma
X-Server-IP
X-Scheme
X-SB
X-Sigma-Backend
X-SVT-ORM-RULES
X-WADP-Cache
X-Via-Ucdn
X-V-Cache
X-SVT-ORM-VERSION
X-Rocket-Build-Number
X-Origin-Time
X-Fmm-Version
X-Fetched-On
X-Fastly-Cache
X-Developers
X-Gdpr
X-Irp-Debug
X-Origin
X-Nyt-Route
X-Node-Id
X-Mvc-Supplant-Cachable
X-Core-Value
X-NodeID
AKAMAI
X-Skip-Cache
X-Azure-Ref
CDN
X-ZONE
Cache-Name
DynaTrace
X-R9-Blue-Green-Version
X-Minions-Version
X-Loop
X-Gen-Mode
X-Generated-On
X-Gamma-Serve
X-Forwarded-Site
X-Level-Front-Cache
X-Is-Gdpr
X-JWT-State
X-Hnp-Log
X-HN
X-LAGOON
X-Has-Esi
X-Dispatcher-Number
X-BBC-Edge-Cache-Status
X-Block-Status
X-Branch-Name
X-Auto-Login
Web-Mar-Region
V-Age
Vix-Hermes-Req-Id
X-Cache-Date
X-CGP
X-Planisys-CDN-Cache
X-Ec-Custom-Error
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Eu-Site
X-Platform
Producers
X-DefElseHash
X-DefHash
Platform
Is-Eu
X-Wix-Viewer-Type
Adler-Geo
X-DPWN-IS-SECURE
X-GeoIP
X-Varnish-Remaining-TTL
X-Worker
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Origin-Expires
X-Variation
X-Viewer-Country
X-VG-TLSProxy
X-Pool
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Policy
X-Pod-Name
X-Planisys-CDN-TTL
User-Cache-Control
X-RateLimit-Remaining-Second
X-Request-URI
X-TNCMS
X-VarnishDD-TTL
X-Thinkindot-L3
X-Slack-Backend
X-Rocket-Nginx-Serving-Static
X-Served-From
X-Planisys-CDN-Rules
X-Region-Sid
L
L5d-Success-Class
Apple-News-Services-Handled
Apple-News-Services-Request-Url
CloudFront-Viewer-Country
Cluster
Gh-Request-Id
Ha-Gx-Prefs
Svr
HA-Ipaddr
Ssr
N-Cache
Apple-News-Services-Host
Redirect-Candidate
Release
Req-Svc-Chain
PFcat
Origin-EX
Apple-News-Services-Parsed-Url
Origin
Origin-CC
TDXMobile
Kp-EeAlive
Thinkindot-CacheControl
Thinkindot-Control
CDCHOST
Traceparent
Fastcgi-Cache-TTL
Thinkindot-CacheControl-Type
NGX
X-Qloud-Router
Sever-Int
X-Httpd
X-Webstats-RespID
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Owner
HostName
Ohc-File-Size
X-GeoIP-City
X-Cdn-Origin
Datacenter
X-Optimistic-Header
X-Aicache-OS
Server-Hostname
X-BCube-Filmed-By
X-Wikidot-Backend
X-Wikidot-Static-Cache
Fastly-SWR
Fastly-SIE
X-Proxy-Cache-Info
X-SIPLIST1
X-Sn-Servicetimems
DSUID
Server-Ext
X-From
Candidate-Md5Url
X-VServer
Cache-Key
X-Scale
IsBot
X-Loc
X-Cache-Status-Check
X-WP-CF-Super-Cache
Pics-Label
GEO-INFO
CPC-Age
X-Ad-Defer-Variation
X-Refresh
X-WP-CF-Super-Cache-Cache-Control
X-Parent-Response-Time
CPC-Cache
X-SplitTest
VNS-Cache
X-Location
XM
VNS-Age
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
AMP-Access-Control-Allow-Source-Origin
X-CS
X-Srv
X-VC
X-NC
Fastly-Backend-Name
X-WA-Info
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-KEY
X-Micro-Cache
X-Men
X-Edge-Pop
X-LB-NoCache
Locid
Env
X-AIR-PT
Arc-Country
X-Contensis-Viewer-Groups
X-Ah-Environment
Servername
X-Cache-ASPX
Lb
X-TIME
X-EC-Lua
Ms-Author-Via
X-Udemy-Cache-App-Namespace
X-Varnish-Authentication
X-Response-By
X-Old-Content-Length
Time
Memory
X-TraceId
X-Generated-In
X-DI
X-DW
X-Servedbyhost
X-Amz-Meta-Cb-Modifiedtime
X-RPM
X-DSS
Path
X-Mvc-Supplant-OutputCached
X-RPS
X-RSL
X-DB
X-Api-Version
X-Xrds-Location
X-Accel-Expires-Debug
X-Akamai-Transformed
GeoIp-Country-Code
X-Date
X-Via-Popn
Cache-Host
Ngx.Var.Host
X-Via-Poph
X-Via-Popv
Ohc-Cache-HIT
X-Varnish-Beresp-TTL
X-HA-Backend
X-GeoIP-Region-Code
X-S-Maxage
X-GeoIP-Country-Code
ITXSESSIONID
X-Proxy-CacheRZ
XkeyRZ
X-RateLimit-Reset
X-Vc
X-Cs
Client
True-Client-IP
Geoip-Latitude
X-Cache-Debug
X-VCL-Version
FSS-Cache
X-Clientip
X-API-Version
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-VHOST
Fusion-Deployment-Id
X-DC
Hostname
CacheControlHeader
Server-ID
X-Trace-ID
X-TH-Server
True-Client-Country-4JS
X-Action
X-Presslabs-Stats
X-FireWall-Port
X-TX-ID
X-Dmc
X-Zone
X-Backend-TTL
X-Fpc
X-B3-Spanid
Geo-Info
X-MSEdge-Features
X-Render-Time
Powered-By
X-MSEdge-Flight
X-Webkit-Csp-Report-Only
X-PX
NtCoent-Length
X-INCAP-ABP
X-DynaTrace-JS-Agent
X-Req
Edge-Cache
X-Traceid
X-FPC
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Pass-Why
C-Via
Rip
X-Gateway-Request-Id
My-App
Tcn
X-Service
Test
X-Gateway-Skip-Cache
X-M-Reqid
X-NGINX-Cache
HIT
Esi-Enabled
X-Cdn-Request-ID
X-CSRF-TOKEN
Click-Count-Action-Start
X-HS-Status
X-Qnm-Cache
X-M-Log
Click-Count-Error
Server-Id
Tube-Got-Eval
Tube-Return
Tube-Got-Results
Tube-Get-Contents
X-Origin-Upstream-Status
X-Provided-By
X-Correlation-ID
X-Beluga-Response-Time
X-Beluga-Status
On-Server
X-Beluga-Cache-Status
X-Beluga-Trace
User-Agent
X-Beluga-Node
X-Beluga-Record
X-Up
X-Vcl-Version
X-Webkit-CSP-Report-Only
OT-Force-Account-Verify
X-Ha-Backend
X-Varnish-Beresp-Ttl
X-LB-ID
X-Via-PopH
X-Alfa-Service
Cf-Int-Pingora-Origin-Digest
X-Via-PopV
X-Via-PopN
X-TRACE-ID
Resin-Trace
Sid
X-URL
Proxy-Connection
Uri
Srvid
X-Proxy-Cache-Hk
X-Check-Cacheable
X-CLOUD-TRACE-CONTEXT
WebServer
DataCenter
X-APP
X-RAMCache
X-Li-Fabric
X-Geo
X-UnsetCookies
X-LI-UUID
X-Li-Pop
GeoIP-Country-Code
GeoIP-Latitude
X-Edge-Origin-Shield-Bytes
MIME-Version
X-Akamai-Pragma-Client-IP
X-CCDN-CacheTTL
Epwk-X-Cache
X-Edge-Origin-Shield-Region
X-LI-Proto
X-CCDN-Origin-Time
Srv
X-ServedByHost
X-Time-Microsecs
X-Fetch-By
X-ND-Cache
X-Hcs-Proxy-Type
WZWS-RAY
Cdn
X-Cdn-Forward
Fastly-Drupal-HTML
X-Fastly-Backend-Reqs
M-TraceId
X-Backend-Host
X-CUA
ENV
Server-Ttl
Warning
X-Esi
X-Platform-Cluster
X-App
X-Lb-Nocache
X-Fragments
X-B3-Traceid-Primal
X-ATG-Version
XServer
Tracecode
Target-Params
X-Dynatrace
Cf-Device-Type
ServerName
X-Edge-POP
X-Platform-Processor
X-Platform-Router
X-HostName
Dt-Hot-News
X-MG-S
X-Yottaa-OS
PICS-Label
X-Var-Ttl
X-ElasticPress-Query
X-Newrelic-App-Data
X-Azure-Ref-OriginShield
X-FC-Vary-Parameters
X-Sucuri-Cache
X-Request-Url
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
CF-Cached-On
Inserted-Into-Cache-At
X-Fastly-Backend
Lfy
X-HITS
X-Sucuri-ID
X-Cache-Expires
D-Url-Rewrites
X-Request-URL
X-Serial
X-Thanos
X-Varnish-Beresp-Status
X-Bip
X-Akamai-Request-ID
X-Dw-Trace-Id
X-CF-Powered-By
X-Iplb-Instance
X-Vcache
X-Iplb-Request-Id
X-Nc
Cf-Ipcountry
X-LiteSpeed-Cache-Control
DT-Hot-News
Cdn-Uid
Cdn-Requestcountrycode
Cdn-Cachedat
Cdn-Edgestorageid
Cdn-Cache
Cdn-Requestid
Servedby
Wp-Super-Cache
Cdn-Pullzone
X-Vercel-Cache
X-Wp-Cf-Super-Cache
X-Vercel-Id
True-Client-Ip
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
Content-Style-Type
CountryCode
X-Snapshot-Date
Content-Script-Type
X-Release
X-BBC-Origin-Response-Status
X-Dist-Code
X-Li-Proto
Magicmarker
X-Back
Ngx
X-Backend-State
X-NU-AKA-ACS-Version
X-Storefront-Renderer-Verified
X-Th-Server
Cneonction
Fastcgi-Cache-Ttl