Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
P3p
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Akamai-Path-Stats
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-UA-Device
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
X-HW
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
Fastly-Restarts
X-Country
X-MS-InvokeApp
Accept-Ch-Lifetime
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Ruxit-JS-Agent
X-Clacks-Overhead
Accept-Ch
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-B3-TraceId
X-Varnish-TTL
Cache-Tag
X-Amz-Server-Side-Encryption
X-Content-Type
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Amz-Rid
Public-Key-Pins
X-Px
X-Use-Magma
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Cnection
X-D2id
X-Edge
X-RateLimit-Remaining
X-Ac
X-Navigation-Version
X-FastCGI-Cache
X-Element-Page-Cache
Verso
X-Ser
X-Client-IP
X-Sol
Pagespeed
Display
X-Middleton-Display
X-Powered-By-Plesk
X-Abt-Application-Version
X-Cache-TTL
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Ttl
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
X-Correlation-Id
X-Ruxit-Js-Agent
Access-Control-Request-Method
X-Goog-Hash
X-Content-Security-Policy-Report-Only
SPRequestDuration
SPIisLatency
X-Kinsta-Cache
X-Cached
X-Edge-Location-Klb
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-SID
X-SharePointHealthScore
SPRequestGuid
X-Upstream
X-Powered-CMS
X-Ua-Device
X-LLID
X-RateLimit-Limit
Edge-Cache-Tag
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-NWS-LOG-UUID
X-Forwarded-For
Nginx-Cache
X-Cache-Key
X-Litespeed-Cache
X-TTL
Content-MD5
X-MSEdge-Ref
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
TCN
X-Id
X-T
X-B3-TraceId-Primal
S
X-Recruiting
X-Daa-Tunnel
X-Content-Digest
X-ECACHE
X-DataDome
X-Webkit-Csp
X-Mg-S
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-Protected-By
X-HS-Content-Id
X-HS-Combine-CSS
X-Ezoic-Cdn
X-HS-Cache-Config
X-HS-Hub-Id
X-Ab
X-Grace
X-Content
X-Ua-Browser
MicrosoftSharePointTeamServices
X-Request-Received
X-Request-Processing-Time
X-Frontend
Server-Node
Filters
Front-End-Https
TP-Cache
X-Yandex-Sdch-Disable
TP-L2-Cache
X-DynaTrace
X-PressLabs-Stats
X-Origin-Server
X-Server-ID
X-Distributor
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-Microsite
X-Request-Handler-Origin-Region
X-ORACLE-DMS-ECID
X-Tt-Trace-Host
X-LB-Cache
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
Host
X-ORACLE-DMS-RID
Cleartype
X-Debug-Info
X-Ratelimit-Reset
X-Page-Id
X-Git-Hash
X-F-Cache
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-B3-Sampled
X-Cache-Age
X-DIS-Request-ID
X-Www-Served-By
Realpath
Cache-Status
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Seen-By
Access-Control-Allow-Method
ServerID
X-AppVersion
X-Activity-Id
X-Az
X-Fastly-Request-Id
Accept-Charset
Filterid
Cache-Tags
X-Varnish-Age
X-Cluster-Name
X-Aspnetmvc-Version
X-Mcache
X-Rid
X-Nginx-Upstream-Cache-Status
X-Language
X-Oracle-Dms-Ecid
X-Content-Options
X-Type
X-Oracle-Dms-Rid
X-App-Environment
X-Kong-Upstream-Latency
Retry-After
X-MCACHE
X-Kong-Proxy-Latency
Server-Name
X-XRDS-LOCATION
X-FB-Debug
Country
Viewport
X-Upgrade-Enabled
Paypal-Debug-Id
X-Varnish-Grace
X-Tb
Node
DC
X-Origin-Cache
X-User-Agent
X-Drupal-Cache-Tags
X-Whom
X-Varnish-Backend
X-Wix-Request-Id
X-TT
X-B-Cache
X-Signature
X-Mobile-URL
X-Goog-Metageneration
X-Goog-Storage-Class
X-Aspnet-Duration-Ms
X-Goog-Generation
X-Flags
X-Goog-Stored-Content-Length
X-Request-Guid
X-Route-Name
X-Goog-Stored-Content-Encoding
X-Is-Crawler
X-Providence-Cookie
X-GUploader-UploadID
X-B
X-VCache
X-NWS-UUID-VERIFY
Protected
X-Oneagent-Js-Injection
Permissions-Policy
Fastcgi-Useragent
X-Debug
X-Logged-In
WPO-Cache-Message
X-Amz-Replication-Status
WPO-Cache-Status
Payment
X-Via-JSL
X-N
X-Cache-NGX
X-Amz-Meta-S3cmd-Attrs
X-Load-Cache
Surrogate-Key
X-Contextid
X-Cache-Control
Count-Hit
X-Node-Name
X-Template
Healthy
X-Erf-Bev-Bev
Amp-Access-Control-Allow-Source-Origin
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-FW-Serve
X-FW-Static
X-FW-Server
X-Webkit-CSP
X-Mobile
X-Trace-Id
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
Akamai-GRN
X-Proxy
Content-Disposition
Refresh
X-XRDS-Location
X-G
X-Cache-Time
X-Revision
X-Cache-TTL-Remaining
Alternate-Protocol
X-Akamai-Request-ID2
X-Jobs
X-Zen-Fury
X-UUID
X-Real-IP
X-Framework
Uber-Trace-Id
X-Is-Bot
X-Proxy-Cache-Status
X-Rendered-As
X-Device-Type
X-Cacheable-TTL
VIX-Pulpo-Node
X-NGENIX-Cache
NGB
VIX-Pulpo-Upstream-Status
X-Fastcgi-Cache
X-Hostname
X-Instance
X-Page-View
Url
X-Debug-IsConnected
X-Adobe-Content
X-Http-Reason
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Adobe-Loc
X-Restarts
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Servername
X-Cache-Grace
X-Fastly-Request-ID
X-IPLB-Instance
X-Mg-Request-UUID
X-Varnish-Server
X-COUNTRY
Version
X-Environment-Context
X-L-Path
X-Midtier
X-EdgeConnect-Cache-Status
X-ECache
X-Source
X-B3-Traceid
Accept-Language
X-HTML-Minification-Powered-By
Ms-Operation-Id
MS-CV
Countrycode
X-RTag
X-Cache-Rule
Frame-Options
X-Cache-Hit
X-Vgn-Hpd-Reason
From-Origin
X-Cache-Expired-At
Referer-Policy
Liferay-Portal
X-App-Server
X-NYM-Debug-Backend
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
Cross-Origin-Window-Policy
X-Tumblr-Pixel
Backend
X-IPS-LoggedIn
X-FW-Version
X-Parallel-Accel
Content-Secure-Policy
X-APP-VERSION
X-Hosted-By
X-Datadome
X-Cache-Server
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
X-Nginx-Cache
Upgrade-Insecure-Requests
X-Unique-Id
X-No-Session
Section-Io-Cache
X-PCL
X-Generation-Time
X-Redis-Cache
X-OCL
X-ProcessESI
X-RemovedCookies
X-Ua
Azure-RegionName
Azure-SlotName
TWC-Privacy
Webcakes-Region
X-PHP-Backend
Azure-Version
X-Cache-Enabled
X-UA-Device-Type
X-Varnish-Cache-Hits
TWC-GeoIP-LatLong
WP-Super-Cache
X-Content-Age
Webcakes-App-Name
TWC-Locale-Group
X-Request-Time
Apigw-Requestid
X-Section
X-Origin-Hint
Property-Id
Mn-Server-Ip
X-Cluster-Node
X-Server-W
X-Uri
X-FB-TRIP-ID
TWC-Connection-Speed
Webcakes-App-Version
X-Format
Azure-InstanceId
X-Via-Fastly
Azure-SiteName
TWC-Device-Class
X-Access
TWC-GeoIP-Country
CF-IPCountry
X-ShopId
X-ShardId
X-Shopify-Stage
X-ProxyCache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ProxyCache-Status
X-Sql-Duration-Ms
X-Status
X-Sql-Count
X-Region
X-Alternate-Cache-Key
X-PERF
X-Nginx-Cache-Key
S-Rt
X-ApacheServer
Locale
Fastly-SSL
Eomportal-Instance
X-BYPASS-REASON
Cache-Tv-Group
X-Locale
X-Human
X-Content-Powered-By
X-Cache-Host
X-Storage
X-Site-Version
X-Mode
X-Akamai-Edgescape
X-Cache-Action
X-AOL-HN
X-Be
X-Origin-Date
X-Urbn-Site-Id
X-Xfnlog-Site
X-Urbn-Context-Path
X-JoinUs
X-Debug-Cache
X-Detected-As
X-Hl-Ver
X-Cache-Type
X-PHP-Host
X-NewRelic-App-Data
X-Labrador-Cache-Channel
X-Backend-Name
X-SayCDN-TTL
X-Say-TTL
Ec-Rule-Version
X-Forwarded-Host
X-Tid
X-ServerID
X-SaId
X-Generated-By
X-Varnishpool
X-Say-Cacheable
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Platform-Server
X-Zipkin-Id
X-Proxied
X-Web-Node
X-Adobe-Source
X-Extlb
X-Cms-Context
X-Cache-Tags
X-Routing-Service
X-Handled-By
CDN-PullZone
CDN-RequestId
X-GG-Cache-Date
CDN-RequestCountryCode
Selected-Fe
X-Proxy-Build
CDN-Uid
CDN-EdgeStorageId
X-Ratelimit-Remaining
X-Timing-Wait
CDN-CachedAt
CDN-Cache
X-Dc
ServedBy
X-VC-Cache
X-Storefront-Renderer-Rendered
X-Edge-Location
Load-Balancing
X-Hyper-Cache
X-Rule
X-CDN-Forward
SRV
X-LSADC-Cache
X-Proto
Web-Mar-Node
X-Cache-Operation
X-TT-LOGID
Webserver
Onion-Location
X-GeoCountry
X-GeoCode
Mime-Version
Fastly-Drupal-Html
X-App-Version
X-Cached-By
X-Cache-Remote
SID
X-Rewrite-Enabled
X-Varnish-Hostname
X-Soup
X-GEO
Cache-Hits
X-TA-CDN-Provider
Xserver
X-Accel-Buffering
X-Cluster
X-Cdn
X-Pubstack
X-SRV
X-Reqid
X-Varnish-Ttl
Country-Code
X-Varnish-Hits
X-Origin-TTL
X-Origin-CC
Xet-Cookie
LB
X-Microcachable
X-Air-Source
X-Air-Hostname
Server-Info
X-Air-Trace-Id
X-Buckets
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
Decoy-Debug-Key
X-Tumblr-Pixel-3
Decoy-Debug-TTL
X-Magnolia-Registration
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
Decoy-Debug-Status
X-IPLB-Request-ID
DB-Nickname
X-Request-Host
X-Ms-Request-Id
X-Ms-Version
X-CSRF-Token
X-Amz-Apigw-Id
Cache
X-B3-SpanId
X-Amzn-RequestId
X-Endurance-Cache-Level
Source
X-User
X-Vdms-Path
Expiry
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Cdncip
X-Vtex-Remote-Cache
Xc-Version
X-Via-NSCOPI
X-Origin-Response-Time
A
X-Vtex-Processado-Em
DCR-Decision-By
X-VG-WebCache
Cdnsip
BehaviorPad-Version
X-Vdms-Version
X-SD-PageType
X-Orig-Expires
X-Cdn-Srv
X-CF-Lambda-Fn
X-NAPM-TraceId
X-Ig-Push-State
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-ARC
X-Processor
X-B-Cookie
X-Cache-Id
X-Cache-NE
X-Conf
X-Connection-Hash
X-Forwarded-Path
X-External-Request-Id
X-Ftr-Request-Id
X-Geo-Header
X-Gzip
X-HS-Content-Campaign-Id
X-Esi-Check
X-Epic-Correlation-Id
X-Destination
X-D
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-Application
X-AK-Request-ID
Pramga
Odigeo-Trace-Id
X-Tenant
X-SRCache-Key
X-Session-Fingerprint
X-Shop-Environment
NM-Fastcgi-Cache
X-TIM-N
Lang
Host-ID
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
X-ScT
X-A-Dgt
X-A-Dcw
X-Rojux
X-A-Wwc
X-Aed
X-A-Dam
X-A-Ccd
Sslversion
X-S-Cookie
Surrogated-Key
X-S
T-Server
X-TrackingId
X-A
X-Time
X-Bc-Bl
X-RCS-CacheZone
X-Newrelic-Synthetics
X-NCache
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tx-Id
X-Tt-Logid
X-Tec-Api-Root
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Amzn-Remapped-Content-Length
X-Cache-Backend
X-Cache-Info
X-Cache-Bucket
X-CacheTTL
Wxu-Next-Hostname
Machine
Fastly-GeoIP-CountryCode
Environment
Cmstype
Mail-Subject
Memcached
Wxu-Next-Commit
We-Hiring
Server-Host
X-Varnish-Beresp-Grace
Wxu-Next-Region
X-Developers
X-Server-IP
X-Sigma
X-Scheme
X-SB
X-Rocket-Build-Number
X-Sigma-Backend
X-SVT-ORM-RULES
X-WADP-Cache
X-Via-Ucdn
X-V-Cache
X-SVT-ORM-VERSION
X-Origin-Time
X-Origin
X-Fetched-On
X-Fmm-Version
X-Fastly-Cache
X-Device-Os
Cmsid
X-Gdpr
X-Hash
X-NodeID
X-Node-Id
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Core-Value
X-Nyt-Route
AKAMAI
X-Skip-Cache
Cache-Name
X-Azure-Ref
DynaTrace
X-R9-Blue-Green-Version
X-ZONE
CDN
X-Generated-On
X-Eu-Site
X-Gen-Mode
X-Gamma-Serve
X-Forwarded-Site
X-Has-Esi
X-LAGOON
X-Level-Front-Cache
X-JWT-State
X-Is-Gdpr
X-HN
X-Hnp-Log
X-Ec-Custom-Error
X-Datadog-Parent-Id
X-Auto-Login
X-BBC-Edge-Cache-Status
Web-Mar-Region
Vix-Hermes-Req-Id
User-Cache-Control
V-Age
X-Block-Status
X-Branch-Name
X-Minions-Version
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Core-Mission
X-Cache-Date
X-CGP
X-Datadog-Trace-Id
X-Planisys-CDN-TTL
Producers
X-DefElseHash
X-DefHash
Platform
Is-Eu
X-Wix-Viewer-Type
Adler-Geo
X-DPWN-IS-SECURE
X-GeoIP
X-Varnish-Remaining-TTL
X-Worker
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Origin-Expires
X-Variation
X-Viewer-Country
X-VG-TLSProxy
X-Policy
X-Pool
X-Proxy-Upstream
X-Pod-Name
X-Platform
X-Planisys-CDN-Rules
Traceparent
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Thinkindot-L3
X-VarnishDD-TTL
X-Slack-Backend
X-Served-From
X-Region-Sid
X-Rocket-Nginx-Serving-Static
X-Planisys-CDN-Cache
X-Request-URI
CloudFront-Viewer-Country
Svr
Ha-Gx-Prefs
Release
Redirect-Candidate
Kp-EeAlive
Gh-Request-Id
State
Fastcgi-Cache-TTL
Apple-News-Services-Handled
Req-Svc-Chain
CDCHOST
Cluster
Ssr
L
HA-Ipaddr
Thinkindot-CacheControl
Origin
Origin-CC
L5d-Success-Class
Thinkindot-CacheControl-Type
Apple-News-Services-Host
Thinkindot-Control
Apple-News-Services-Parsed-Url
Origin-EX
Apple-News-Services-Request-Url
PFcat
TDXMobile
IsBot
X-Dispatcher-Number
X-Owner
Datacenter
NGX
DSUID
X-Cdn-Origin
Server-Hostname
N-Cache
Server-Ext
Fastly-SIE
X-From
X-TNCMS
X-GeoIP-City
Ohc-File-Size
X-VServer
HostName
X-Loop
X-Scale
X-Webstats-RespID
Fastly-SWR
X-Aicache-OS
X-Rebelmouse-Cache-Control
X-Sn-Servicetimems
X-Wikidot-Static-Cache
X-Rebelmouse-Surrogate-Control
X-BCube-Filmed-By
X-SIPLIST1
X-Optimistic-Header
X-Qloud-Router
X-Loc
Sever-Int
X-Httpd
Candidate-Md5Url
X-Wikidot-Backend
Cache-Key
X-Proxy-Cache-Info
X-Xrds-Location
X-Cache-Status-Check
X-Ad-Defer-Variation
X-Location
VNS-Cache
X-SplitTest
X-Refresh
VNS-Age
CPC-Age
CPC-Cache
Pics-Label
X-Parent-Response-Time
GEO-INFO
X-CS
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
AMP-Access-Control-Allow-Source-Origin
X-WA-Info
Fastly-Backend-Name
X-NC
X-VC
XM
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-KEY
X-Micro-Cache
Locid
X-Ah-Environment
X-LB-NoCache
Arc-Country
X-Men
X-AIR-PT
X-Edge-Pop
Servername
X-Contensis-Viewer-Groups
X-Cache-ASPX
Env
Ms-Author-Via
X-TIME
X-EC-Lua
Memory
Time
X-Srv
X-Response-By
X-Udemy-Cache-App-Namespace
X-Old-Content-Length
X-Varnish-Authentication
X-TraceId
X-Mvc-Supplant-OutputCached
X-DI
X-DB
X-Servedbyhost
X-Amz-Meta-Cb-Modifiedtime
Path
X-DSS
X-DW
X-RPS
X-RSL
X-Generated-In
X-RPM
X-Api-Version
Lb
X-Via-Poph
X-Accel-Expires-Debug
X-Akamai-Transformed
X-Via-Popn
X-Via-Popv
GeoIp-Country-Code
X-Date
Cache-Host
Ngx.Var.Host
Ohc-Cache-HIT
ITXSESSIONID
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-HA-Backend
X-S-Maxage
X-RateLimit-Reset
X-Proxy-CacheRZ
X-Vc
XkeyRZ
True-Client-IP
FSS-Cache
Client
X-Varnish-Beresp-TTL
X-VCL-Version
Geoip-Latitude
X-Cache-Debug
Server-ID
X-API-Version
X-Clientip
X-VHOST
X-Cs
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
CacheControlHeader
X-DC
Hostname
X-Trace-ID
True-Client-Country-4JS
X-TH-Server
X-Action
X-Fpc
X-Presslabs-Stats
X-Zone
X-FireWall-Port
X-Backend-TTL
X-Dmc
X-TX-ID
Geo-Info
X-Render-Time
Powered-By
X-Webkit-Csp-Report-Only
X-MSEdge-Flight
X-MSEdge-Features
X-NGINX-Cache
NtCoent-Length
X-B3-Spanid
X-Req
Edge-Cache
X-Traceid
X-DynaTrace-JS-Agent
X-INCAP-ABP
X-PX
X-Gateway-Request-Id
X-CSRF-TOKEN
X-Gateway-Cache-Status
Tcn
X-Gateway-Skip-Cache
My-App
X-Pass-Why
Test
X-Gateway-Cache-Key
C-Via
HIT
Click-Count-Action-Start
X-HS-Status
Tube-Got-Results
Click-Count-Error
Tube-Get-Contents
Tube-Got-Eval
X-Service
X-Cdn-Request-ID
Tube-Return
X-FPC
Esi-Enabled
Rip
X-Provided-By
X-M-Reqid
X-Correlation-ID
X-Origin-Upstream-Status
X-Beluga-Trace
X-Beluga-Status
X-M-Log
X-Beluga-Response-Time
X-Qnm-Cache
X-Vcl-Version
OT-Force-Account-Verify
X-Beluga-Record
Server-Id
X-Up
X-Webkit-CSP-Report-Only
On-Server
X-Varnish-Beresp-Ttl
User-Agent
X-Beluga-Cache-Status
X-Beluga-Node
X-Ha-Backend
Cf-Int-Pingora-Origin-Digest
X-LB-ID
X-Alfa-Service
X-TRACE-ID
Resin-Trace
X-Via-PopH
Uri
X-Proxy-Cache-Hk
X-URL
Srvid
Proxy-Connection
X-Via-PopN
X-Via-PopV
X-CLOUD-TRACE-CONTEXT
WebServer
X-Check-Cacheable
X-LI-UUID
Sid
X-UnsetCookies
X-APP
X-Geo
X-Li-Pop
GeoIP-Latitude
DataCenter
X-RAMCache
X-Li-Fabric
GeoIP-Country-Code
X-Akamai-Pragma-Client-IP
MIME-Version
X-Edge-Origin-Shield-Bytes
WZWS-RAY
X-Edge-Origin-Shield-Region
Cdn
X-ServedByHost
X-CCDN-CacheTTL
X-ND-Cache
X-CCDN-Origin-Time
Epwk-X-Cache
X-Hcs-Proxy-Type
Srv
X-Fetch-By
X-Time-Microsecs
X-LI-Proto
X-Cdn-Forward
ENV
X-CUA
Fastly-Drupal-HTML
X-Backend-Host
X-Fastly-Backend-Reqs
M-TraceId
Server-Ttl
X-ID
Warning
X-Esi
ServerName
X-Lb-Nocache
XServer
X-B3-Traceid-Primal
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-App
Cf-Device-Type
X-Dynatrace
Tracecode
X-Edge-POP
X-ATG-Version
X-Fragments
Target-Params
X-MG-S
X-HostName
Dt-Hot-News
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-HITS
X-ElasticPress-Query
Section-Origin-Responded
Section-Io-Id
X-FC-Vary-Parameters
X-Sucuri-Cache
X-Request-Url
Inserted-Into-Cache-At
X-Yottaa-OS
X-Newrelic-App-Data
PICS-Label
X-Azure-Ref-OriginShield
CF-Cached-On
X-Sucuri-ID
X-Fastly-Backend
Lfy
X-Var-Ttl
X-Serial
X-Varnish-Beresp-Status
X-Iplb-Request-Id
Cf-Ipcountry
X-Dw-Trace-Id
X-Cache-Expires
X-Request-URL
X-Bip
X-Akamai-Request-ID
X-Nc
X-LiteSpeed-Cache-Control
X-Thanos
X-Iplb-Instance
D-Url-Rewrites
X-CF-Powered-By
X-Vcache
Wp-Super-Cache
DT-Hot-News
Cdn-Edgestorageid
Cdn-Requestcountrycode
Cdn-Cachedat
Servedby
Cdn-Cache
Cdn-Pullzone
Cdn-Requestid
Cdn-Uid
X-Vercel-Id
Content-Script-Type
X-Release
X-Backend-State
True-Client-Ip
X-Vercel-Cache
X-Th-Server
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Vha6-Origin
Magicmarker
X-Storefront-Renderer-Verified
X-NU-AKA-ACS-Version
CountryCode
X-Snapshot-Date
X-Li-Proto
X-BBC-Origin-Response-Status
X-Back
Fastcgi-Cache-Ttl
Content-Style-Type
X-Wp-Cf-Super-Cache-Cache-Control
X-Dist-Code
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
Ngx
Cneonction