Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
P3p
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
Status
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Akamai-Path-Stats
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Ua-Compatible
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-UA-Device
Host-Header
X-Proxy-Cache
X-Hacker
X-Rq
Grace
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-LiteSpeed-Cache
X-Amz-Version-Id
Allow
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
Cf-Edge-Cache
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-CST
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Cache-Lookup
X-Response-Time
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-Trace
X-Url
X-Country
Accept-Ch
Fastly-Restarts
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-Vname
X-PC
X-TtlSet
X-Amz-Server-Side-Encryption
RTSS
X-Varnish-TTL
Edge-Control
X-VARITI-CCR
X-FastCGI-Cache
X-ESI
X-Server-Name
X-Edge
Cache-Tag
X-Vcap-Request-Id
X-Content-Type
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Amz-Rid
X-Dw-Request-Base-Id
X-Px
X-ASPNET-VERSION
Public-Key-Pins
X-B3-TraceId
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Content-Security-Policy-Report-Only
X-Powered-By-Plesk
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Ac
X-Abt-Application-Version
Verso
X-RateLimit-Remaining
X-Client-IP
X-Element-Page-Cache
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Ttl
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
Response
X-Middleton-Response
X-Goog-Hash
X-Cached
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
X-Kinsta-Cache
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
AR-ATIME
AR-PoweredBy
AR-SID
AR-CACHE
AR-Request-ID
X-Powered-CMS
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Upstream
X-Correlation-Id
X-LLID
Edge-Cache-Tag
X-WebKit-CSP-Report-Only
X-Forwarded-For
X-NWS-LOG-UUID
X-Litespeed-Cache
Content-MD5
X-TTL
X-Cache-Key
X-Ruxit-Js-Agent
Nginx-Cache
X-RateLimit-Limit
X-Id
X-Shield-Request-Id
X-MSEdge-Ref
TCN
X-ECACHE
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Recruiting
Mrf-Cache-Status
MRF-Tech
S
X-T
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Content-Digest
X-DataDome
X-Mg-S
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ua-Device
X-Grace
TP-Cache
TP-L2-Cache
X-Mcache
X-Accel-Expires
X-DynaTrace
X-Frontend
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
MicrosoftSharePointTeamServices
X-Protected-By
Front-End-Https
Server-Node
Filters
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-Request-Processing-Time
X-Request-Received
X-PressLabs-Stats
X-Content
X-Ua-Browser
X-Ab
X-Distributor
X-Origin-Server
X-ORACLE-DMS-ECID
X-Server-ID
X-Hits
X-ORACLE-DMS-RID
Fastcgi-Cache
X-LB-Cache
X-Geo-Country
MS-Author-Via
X-Request-Handler-Origin-Region
X-Microsite
Charset
X-Mid
X-Amzn-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Host
X-Webkit-Csp
X-Cache-Age
X-Forwarded-Proto
X-Git-Hash
X-Page-Id
Cache-Status
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Fastly-Request-Id
Cleartype
X-F-Cache
X-Debug-Info
Realpath
X-Seen-By
X-Activity-Id
X-Az
X-AppVersion
Access-Control-Allow-Method
X-DIS-Request-ID
X-Ratelimit-Reset
X-Nginx-Upstream-Cache-Status
Accept-Charset
X-Www-Served-By
Permissions-Policy
X-Webkit-CSP
Filterid
ServerID
X-Aspnetmvc-Version
X-Varnish-Age
Cache-Tags
X-Content-Options
X-FB-Debug
X-Rid
X-Cluster-Name
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Retry-After
X-Type
Server-Name
X-Midtier
X-Varnish-Backend
X-App-Environment
X-Varnish-Grace
X-Amz-Meta-S3cmd-Attrs
X-Route-Name
X-User-Agent
X-Request-Guid
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
Country
X-Providence-Cookie
X-Tb
X-Wix-Request-Id
X-Drupal-Cache-Tags
X-Origin-Cache
X-Signature
X-B
X-B-Cache
Viewport
X-Whom
Paypal-Debug-Id
DC
X-VCache
X-TT
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
Node
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
Fastcgi-Useragent
X-Debug
X-Upgrade-Enabled
X-Language
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-NWS-UUID-VERIFY
X-Amz-Replication-Status
X-Mobile-URL
X-Logged-In
Protected
X-Cache-NGX
Payment
X-N
X-Load-Cache
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
WPO-Cache-Message
X-Cache-Control
WPO-Cache-Status
X-Oracle-Dms-Ecid
X-XRDS-LOCATION
X-Oracle-Dms-Rid
Count-Hit
X-XRDS-Location
Alternate-Protocol
Healthy
X-NGENIX-Cache
X-Contextid
X-Restarts
X-Node-Name
X-Via-JSL
X-Mobile
X-ECache
X-B3-Traceid
X-Proxy
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Content-Disposition
X-MCACHE
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-FW-Static
X-FW-Type
Refresh
Url
X-G
Akamai-GRN
X-Akamai-Request-ID2
X-Adobe-Content
X-Page-View
X-Adobe-Loc
Uber-Trace-Id
X-Jobs
X-Servername
X-Zen-Fury
X-Cache-Time
X-UUID
X-Revision
X-Real-IP
X-Cache-TTL-Remaining
X-Http-Reason
X-Framework
X-Debug-IsPreview
X-Debug-IsConnected
VIX-Pulpo-Upstream-Status
X-Mg-Request-UUID
X-Rendered-As
X-Is-Bot
X-Varnish-Server
VIX-Pulpo-Node
X-Device-Type
X-Cacheable-TTL
X-Drupal-Cache-Contexts
X-Cache-Grace
X-Yottaa-Optimizations
X-Proxy-Cache-Status
X-Yottaa-Metrics
Access-Control-Request-Headers
X-Instance
NGB
X-Hostname
X-Environment-Context
Frame-Options
X-HTML-Minification-Powered-By
X-L-Path
X-IPLB-Instance
X-EdgeConnect-Cache-Status
X-Template
Referer-Policy
Version
X-Source
Countrycode
Ms-Operation-Id
MS-CV
X-RTag
Liferay-Portal
Accept-Language
X-Trace-Id
X-Oneagent-Js-Injection
X-NYM-Debug-Backend
X-Datadome
X-Fastly-Request-ID
X-App-Server
X-Cache-Rule
X-Ratelimit-Remaining
X-Cache-Hit
X-Cache-Expired-At
Cross-Origin-Window-Policy
From-Origin
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Backend
X-Hosted-By
X-Tumblr-Pixel-1
X-Tumblr-User
X-Unique-Id
X-IPS-LoggedIn
X-COUNTRY
X-Vgn-Hpd-Reason
X-ProcessESI
X-RemovedCookies
X-Status
WP-Super-Cache
X-UPSTREAM-Address
X-Nginx-Cache
X-Cache-Server
Section-Io-Cache
X-FW-Version
Upgrade-Insecure-Requests
Meta-Geo
X-RN-RSRV
Load-Balancing
X-Ratelimit-Limit
X-PCL
X-VWS-Id
X-FB-TRIP-ID
X-No-Session
X-LJ-Flow-ID
X-AWS-Id
X-OCL
X-Labrador-Cache-Channel
CF-IPCountry
Mn-Server-Ip
X-Sql-Count
S-Rt
X-Cache-Enabled
X-Sql-Duration-Ms
X-Content-Powered-By
X-Content-Age
X-Section
Content-Secure-Policy
X-UA-Device-Type
X-Origin-Date
X-Ua
X-Redis-Cache
X-PHP-Host
X-Via-Fastly
X-AOL-HN
X-Request-Time
X-Access
X-Region
X-Be
X-PHP-Backend
X-Akamai-Edgescape
X-Mode
X-App-Version
X-Human
X-Generated-By
X-Say-Cacheable
X-Nginx-Cache-Key
X-PERF
X-ProxyCache-Key
X-Platform-Server
X-Forwarded-Host
X-ProxyCache-Status
X-Format
X-Adobe-Source
Locale
Eomportal-Instance
X-ApacheServer
X-BYPASS-REASON
X-Debug-Cache
X-Cms-Context
X-Cache-Tags
X-Say-TTL
X-Site-Version
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
Webcakes-Region
X-Cluster-Node
X-Varnish-Cache-Hits
X-Server-W
X-Origin-Hint
TWC-GeoIP-Country
TWC-Device-Class
X-Urbn-Context-Path
X-Storage
Apigw-Requestid
X-Urbn-Site-Id
X-VC-Cache
TWC-Connection-Speed
Property-Id
X-Xfnlog-Site
X-SayCDN-TTL
TWC-Locale-Group
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-ShopId
X-Web-Node
X-APP-VERSION
X-Zipkin-Id
Azure-InstanceId
X-Edge-Location
Azure-Version
Azure-SiteName
Azure-RegionName
X-Dc
X-Cache-Type
X-JoinUs
X-Hl-Ver
X-SaId
X-Routing-Service
X-Proxied
X-GG-Cache-Date
X-GeoCountry
X-Detected-As
X-Varnishpool
X-Extlb
X-Uri
X-GeoCode
Fastly-SSL
Azure-SlotName
X-Locale
X-Generation-Time
X-NewRelic-App-Data
X-Storefront-Renderer-Rendered
X-Handled-By
X-Proto
X-Cache-Host
X-Tid
X-Backend-Name
X-ServerID
Selected-Fe
X-Proxy-Build
X-Timing-Wait
Cache-Tv-Group
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
X-CDN-Forward
CDN-RequestId
ServedBy
CDN-PullZone
CDN-Uid
CDN-RequestCountryCode
Fastly-Drupal-Html
Ec-Rule-Version
Web-Mar-Node
X-LSADC-Cache
Onion-Location
X-IPLB-Request-ID
Webserver
X-Magnolia-Registration
X-GEO
X-Varnish-Hostname
X-Cache-Action
X-Tt-Logid
Cache-Hits
X-Cached-By
X-Envoy-Decorator-Operation
X-Cache-Operation
X-Air-Hostname
Mime-Version
X-Cache-Remote
X-Air-Source
X-Hyper-Cache
X-Cluster
SRV
X-Air-Trace-Id
X-Varnish-Hits
X-Fastcgi-Cache
X-Rewrite-Enabled
X-Cdn
SID
X-Soup
X-Origin-CC
X-Origin-TTL
X-SRV
X-Parallel-Accel
X-Rule
Xet-Cookie
DB-Nickname
Xserver
Cache
LB
X-Microcachable
Server-Info
Source
X-MP-GENERATED-AT
X-Accel-Buffering
X-Reqid
X-Pubstack
Country-Code
X-Xrds-Location
X-TA-CDN-Provider
X-Via-NSCOPI
X-Tumblr-Pixel-2
X-CSRF-Token
X-Buckets
Decoy-Debug-TTL
X-Tx-Id
Decoy-Debug-Key
X-Tumblr-Pixel-3
X-Skip-Cache
Decoy-Debug-Status
X-Origin-Response-Time
X-Request-Host
X-TT-LOGID
X-Cache-Status-Check
X-Endurance-Cache-Level
Lang
X-Cdn-Srv
X-NAPM-TraceId
X-CF-Lambda-Fn
Fastcgi-X-Cache-Version
Expiry
X-BCube-Filmed-By
X-PAYTM-SRV-ID
Pramga
Host-ID
X-B-Cookie
X-Processor
X-PBS-Appsvrname
X-CF-Lambda-Version
DynaTrace
X-D
X-Connection-Hash
X-Conf
X-Vdms-Path
DCR-Decision-By
Cdncip
MD5-Digest
X-Forwarded-Path
Cdnsip
Cmsid
A
X-External-Request-Id
Cache-Key
X-Ec-Fail
BehaviorPad-Version
X-Ec-GeoHdr
X-Epic-Correlation-Id
Cmstype
Rendered-Blocks
X-Hash
X-Destination
Odigeo-Trace-Id
X-Ig-Push-State
Candidate-Md5Url
NM-Fastcgi-Cache
X-Developer
Meta-Geo-Continent
Mobile-Detection-Method
X-Cache-NE
X-Geo-Header
DCR-Processing-Time-Ms
X-Orig-Expires
X-SRCache-Key
X-A-Dgt
Datacenter
X-TIM-N
Xc-Version
Sslversion
X-ScT
X-A-Wwc
X-Vtex-Processado-Em
X-S-Cookie
X-S
Surrogated-Key
X-A-Dcw
X-Vdms-Version
T-Server
X-Rojux
X-ARC
XM
X-VG-WebCache
X-Tenant
X-SD-PageType
X-SplitTest
X-AK-Request-ID
X-Aed
X-Shop-Environment
X-TrackingId
X-A
X-User
X-A-Ccd
X-Vtex-Remote-Cache
X-Application
X-A-Dam
X-Amz-Apigw-Id
X-Session-Fingerprint
X-Amzn-RequestId
X-Newrelic-Synthetics
X-AIR-PT
X-Azure-Ref
X-Esi-Check
Wxu-Next-Commit
AKAMAI
Is-Eu
Adler-Geo
X-Sigma-Backend
X-Ckpd-Fst-Backend
Mail-Subject
X-CacheTTL
X-Fetched-On
X-Wix-Viewer-Type
X-Worker
X-DefHash
X-Scheme
Wxu-Next-Region
X-DefElseHash
X-Developers
X-Device-Os
Kp-EeAlive
X-Core-Value
Environment
Wxu-Next-Hostname
X-SB
X-DPWN-IS-SECURE
X-Core-Mission
X-SVT-ORM-VERSION
X-Ms-Request-Id
X-Varnish-CookieHashed-On
X-Ms-Version
X-Ad-Defer-Variation
X-Varnish-CookieINHashed-On
Memcached
X-Varnish-Remaining-TTL
X-Loop
X-Bc-Bl
Platform
X-Variation
Server-Host
Producers
X-Origin-Expires
X-Origin
X-NodeID
X-Sigma
X-JWT-State
X-TNCMS
X-Cache-Id
X-GeoIP
We-Hiring
X-B3-SpanId
X-SVT-ORM-RULES
X-Varnish-Beresp-Grace
X-Rocket-Build-Number
State
X-Has-Esi
X-Gzip
Redirect-Candidate
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-Time
X-Aicache-OS
X-Cdn-Origin
X-Cache-Bucket
VNS-Cache
X-Cache-Info
X-CGP
X-BBC-Edge-Cache-Status
X-Block-Status
X-Cache-Date
X-Branch-Name
X-RateLimit-Remaining-Second
X-Gdpr
X-Nyt-Route
X-Amzn-Remapped-Content-Length
VNS-Age
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Origin-Time
X-Qloud-Router
X-Pool
X-RateLimit-Limit-Second
X-VarnishDD-TTL
X-RCS-CacheZone
X-Region-Sid
X-Request-URI
X-VServer
X-Sn-Servicetimems
X-VG-TLSProxy
X-Thinkindot-L3
X-V-Cache
X-Slack-Backend
X-SIPLIST1
Fastly-Backend-Name
X-Rocket-Nginx-Serving-Static
X-WADP-Cache
X-Served-From
X-Policy
X-Platform
X-Fastly-Cache
X-Eu-Site
X-Fmm-Version
X-Forwarded-Site
X-Ftr-Request-Id
X-Ec-Custom-Error
X-Dispatcher-Number
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Gamma-Serve
X-Gen-Mode
X-Minions-Version
X-Loc
X-Mvc-Supplant-Cachable
X-NCache
X-Node-Id
X-Level-Front-Cache
X-LAGOON
X-Generated-On
X-GeoIP-City
X-HN
X-Hnp-Log
X-Clara-WADP
Thinkindot-CacheControl-Type
L5d-Success-Class
Apple-News-Services-Host
L
IsBot
HA-Ipaddr
Machine
N-Cache
Origin-EX
Origin-CC
Origin
NGX
Ha-Gx-Prefs
Fastly-SWR
Apple-News-Services-Handled
CDCHOST
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
CloudFront-Viewer-Country
CPC-Age
Fastly-SIE
Fastly-GeoIP-CountryCode
Fastcgi-Cache-TTL
CPC-Cache
PFcat
X-Varnish-Ttl
Thinkindot-CacheControl
Thinkindot-Control
Traceparent
Sever-Int
Ssr
TDXMobile
Svr
Server-Hostname
Vix-Hermes-Req-Id
Req-Svc-Chain
Release
User-Cache-Control
X-EC-Lua
Server-Ext
X-Viewer-Country
HostName
DSUID
V-Age
X-Optimistic-Header
X-Proxy-Upstream
Cache-Name
X-Cache-Backend
X-Proxy-Cache-Info
X-Wikidot-Backend
X-Pod-Name
X-Via-Ucdn
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-WA-Info
X-Scale
X-Auto-Login
Cluster
X-Micro-Cache
X-Wikidot-Static-Cache
Ohc-File-Size
X-Planisys-CDN-Rules
Gh-Request-Id
Web-Mar-Region
X-R9-Blue-Green-Version
X-Correlation-ID
Pics-Label
X-WP-CF-Super-Cache
CDN
X-Owner
X-WP-CF-Super-Cache-Cache-Control
X-ZONE
X-VC
X-Server-IP
Ngx.Var.Host
X-Refresh
X-Httpd
GEO-INFO
Cache-Host
XkeyRZ
X-CS
X-Proxy-CacheRZ
X-CACHE-KEY
X-Ah-Environment
X-NC
Servername
X-Parent-Response-Time
X-TIME
X-LB-NoCache
Path
Ms-Author-Via
Lb
X-Webstats-RespID
X-Edge-Pop
Env
X-Mvc-Supplant-OutputCached
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Servedbyhost
X-From
X-Tb-Optimization-Total-Bytes-Saved
X-Udemy-Cache-App-Namespace
X-Srv
X-Varnish-Authentication
X-Location
X-RateLimit-Reset
X-Generated-In
Time
Memory
X-Clientip
X-Varnish-Beresp-TTL
X-Via-Poph
X-TraceId
Locid
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popn
X-API-Version
X-Via-Popv
Ohc-Cache-HIT
X-S-Maxage
X-Response-By
ITXSESSIONID
GeoIp-Country-Code
X-Men
Arc-Country
AMP-Access-Control-Allow-Source-Origin
X-Vc
X-Cs
X-Old-Content-Length
X-Dmc
X-Akamai-Transformed
True-Client-IP
X-RPS
X-RPM
X-RSL
X-DI
Client
Geoip-Latitude
X-DSS
X-DW
X-Accel-Expires-Debug
X-VCL-Version
X-DB
X-Date
X-HA-Backend
X-Zone
X-VHOST
Hostname
X-MSEdge-Flight
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Render-Time
X-DynaTrace-JS-Agent
X-TRACE-ID
Server-ID
X-Trace-ID
X-MSEdge-Features
X-URL
X-INCAP-ABP
X-Service
X-Fpc
X-Presslabs-Stats
X-Gateway-Skip-Cache
Rip
X-Gateway-Cache-Key
C-Via
X-GeoIP-Region-Code
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-GeoIP-Country-Code
X-DC
Tube-Return
X-Cache-Debug
Tube-Get-Contents
Click-Count-Error
Click-Count-Action-Start
Tube-Got-Results
Tube-Got-Eval
FSS-Cache
X-FireWall-Port
X-M-Reqid
Fusion-Deployment-Id
X-B3-Spanid
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Powered-By
NtCoent-Length
X-Qnm-Cache
X-M-Log
HIT
On-Server
X-Api-Version
Esi-Enabled
X-Webkit-Csp-Report-Only
X-TX-ID
CacheControlHeader
X-NGINX-Cache
X-PX
X-CSRF-TOKEN
X-Alfa-Service
X-Edge-Origin-Shield-Region
Tcn
Srv
X-Edge-Origin-Shield-Bytes
X-TH-Server
X-Action
Test
True-Client-Country-4JS
X-FPC
X-Cdn-Request-ID
OT-Force-Account-Verify
X-Proxy-Cache-Hk
Server-Id
X-Backend-TTL
Cdn
X-Traceid
X-HS-Status
X-Check-Cacheable
Edge-Cache
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Node
X-Beluga-Cache-Status
User-Agent
X-Vcl-Version
X-Beluga-Record
X-Beluga-Response-Time
Geo-Info
X-Akamai-Pragma-Client-IP
X-Pass-Why
X-Via-PopH
GeoIP-Country-Code
X-Req
X-Via-PopN
GeoIP-Latitude
Sid
X-Via-PopV
X-Origin-Upstream-Status
Proxy-Connection
X-Ha-Backend
My-App
X-App
Uri
Srvid
Resin-Trace
X-Varnish-Beresp-Ttl
WebServer
DT-Hot-News
X-CLOUD-TRACE-CONTEXT
Cf-Int-Pingora-Origin-Digest
X-APP
MIME-Version
M-TraceId
Server-Ttl
X-Bip
X-Thanos
X-Hcs-Proxy-Type
Epwk-X-Cache
X-ServedByHost
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Up
X-Cdn-Forward
X-Request-Start
ENV
X-Fastly-Backend-Reqs
X-LB-ID
X-Backend-Host
True-Client-Ip
X-Esi
X-Provided-By
Warning
XServer
X-Li-Fabric
X-B3-Traceid-Primal
X-Li-Pop
X-LI-Proto
X-Edge-POP
X-LI-UUID
X-Geo
X-ID
ServerName
X-Lb-Nocache
X-HostName
Dt-Hot-News
X-Fetch-By
X-Vercel-Id
X-Vercel-Cache
X-HITS
X-UnsetCookies
CF-Cached-On
X-ElasticPress-Query
X-Dw-Trace-Id
Section-Io-Origin-Status
X-Newrelic-App-Data
Section-Io-Id
X-Nc
Magicmarker
Section-Io-Origin-Time-Seconds
PICS-Label
X-RAMCache
X-CF-Powered-By
X-Webkit-CSP-Report-Only
X-Akamai-Request-ID
Section-Origin-Responded
X-Serial
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
X-Yottaa-OS
X-CMSURLCustom
X-ND-Cache
X-Vcache
Canary
WZWS-RAY
X-Time-Microsecs
X-Cc-Via
X-Request-Url
D-Url-Rewrites
X-Varnish-Beresp-Status
X-IN-APIGATEWAY
Inserted-Into-Cache-At
X-Iplb-Instance
X-IN-APIGATEWAYSSL
X-Iplb-Request-Id
Cdn-Pullzone
Cdn-Edgestorageid
Cdn-Cachedat
Cdn-Cache
Wp-Super-Cache
Cdn-Requestid
Servedby
Cdn-Uid
Cdn-Requestcountrycode
Content-Script-Type
CountryCode
X-Release
X-BBC-Origin-Response-Status
X-Snapshot-Date
X-MiniProfiler-Ids
Vha6-Origin
X-LiteSpeed-Tag
X-Back
X-Azure-Ref-OriginShield
X-CUA
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
DataCenter
Cf-Device-Type
X-Th-Server
X-Wp-Cf-Super-Cache-Cache-Control
X-Storefront-Renderer-Verified
X-Request-URL
X-Dist-Code
Content-Style-Type