Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
Report-To
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
NEL
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Request-ID
EagleId
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-UA-Device
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Ua-Compatible
X-Robots-Tag
X-Hacker
X-Server
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
EagleEye-TraceId
X-Vhost
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Accept-CH
X-OneAgent-JS-Injection
X-Cache-Spec
X-Host
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
Rating
X-Country
X-Cloud-Trace-Context
X-B3-TraceId
X-Cache-Lookup
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Trace
X-Url
Allow
X-Vname
X-Content-Type
X-Ac
X-TtlSet
X-PC
X-Aws-Lambda-Call-Status
X-Clacks-Overhead
X-Varnish-TTL
Edge-Control
X-Server-Name
Fastly-Restarts
X-Mod-Pagespeed
X-ESI
Cache-Tag
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
Verso
X-Element-Page-Cache
MS-Author-Via
X-Vcap-Request-Id
X-FastCGI-Cache
X-Upstream
X-MS-InvokeApp
X-Amz-Rid
X-GitHub-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Abt-Application-Version
X-Client-IP
X-D2id
X-Cache-TTL
RTSS
X-Cnection
X-Px
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
X-Powered-By-Plesk
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-TTL
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Sol
Display
Pagespeed
X-Middleton-Display
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-SID
AR-Request-ID
X-Version
X-Powered-CMS
X-CST
X-Middleton-Response
Response
X-Origin-Cache
X-RateLimit-Remaining
X-MSEdge-Ref
X-LLID
TCN
X-Kinsta-Cache
X-Amz-Server-Side-Encryption
X-Edge-Location-Klb
Nginx-Cache
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Edge
X-Protected-By
X-T
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-For
X-Shield-Request-Id
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
Edge-Cache-Tag
X-Language
X-Aspnetmvc-Version
S
Content-MD5
SPRequestDuration
SPIisLatency
Fastcgi-Cache
Front-End-Https
X-Mid
Realpath
X-Request-Processing-Time
X-Request-Received
Server-Node
Filters
X-Frontend
X-Cache-Key
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Recruiting
X-NWS-LOG-UUID
X-Ab
Server-Name
X-Ua-Browser
X-Content
X-Ser
X-MCACHE
X-Correlation-Id
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Template
X-DynaTrace
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Hits
X-Parallel-Accel
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-ECACHE
X-Kong-Upstream-Latency
X-Tt-Trace-Host
X-Tt-Trace-Tag
Charset
X-Page-Id
X-Daa-Tunnel
Cache-Tags
X-B3-Sampled
Cleartype
X-Ttl
Host
X-Git-Hash
X-Debug-Info
X-Geo-Country
X-Server-ID
X-Www-Served-By
X-Content-Options
X-DIS-Request-ID
X-Oneagent-Js-Injection
Alternate-Protocol
X-Content-Digest
Accept-Ch
X-Amzn-Trace-Id
X-Hostname
X-Ratelimit-Limit
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Cross-Origin-Opener-Policy
X-Amz-Replication-Status
X-ASPNET-VERSION
Filterid
X-DataDome
X-Varnish-Age
ServerID
X-FB-Debug
X-Grace
X-Az
X-Activity-Id
X-F-Cache
X-AppVersion
X-Upgrade-Enabled
X-Accel-Expires
X-VCache
X-WebKit-CSP-Report-Only
X-Nginx-Upstream-Cache-Status
X-Rid
X-Forwarded-Proto
X-Mobile-URL
X-N
X-Origin-Server
Access-Control-Allow-Method
X-Type
X-LB-Cache
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Is-Crawler
X-Route-Name
X-Whom
X-Goog-Stored-Content-Encoding
X-Request-Guid
X-Providence-Cookie
X-Goog-Storage-Class
X-Aspnet-Duration-Ms
X-Seen-By
X-App-Environment
Viewport
X-Goog-Metageneration
X-Flags
X-Ratelimit-Reset
X-Goog-Generation
X-Tb
X-Distributor
X-Fastly-Request-Id
X-Fastly-Request-ID
X-TT
Payment
X-Varnish-Grace
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Type
X-User-Agent
X-FW-Server
X-FW-Static
Paypal-Debug-Id
DC
X-XRDS-LOCATION
Node
X-Wix-Request-Id
Country
Accept-Charset
Fastcgi-Useragent
TP-Cache
TP-L2-Cache
X-Fastcgi-Cache
X-App-Server
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Cache-Rule
X-Cache-Control
X-Cluster-Name
X-Via-JSL
X-Litespeed-Cache
X-Webkit-Csp
X-Drupal-Cache-Tags
Version
X-Microsite
X-Request-Handler-Origin-Region
X-NGENIX-Cache
X-Cache-Age
X-Signature
X-Contextid
X-B-Cache
Cache-Status
X-Buckets
Referer-Policy
X-Logged-In
X-Node-Name
Refresh
Amp-Access-Control-Allow-Source-Origin
X-Origin-Upstream-Status
X-Response-Served-From
X-Mobile
X-Original-Request-Id
SD-X-WS
X-Is-Bot
X-Real-IP
X-Load-Cache
X-Cache-Expired-At
X-Rendered-As
VIX-Pulpo-Upstream-Status
X-IPLB-Instance
X-Browser-Type
X-Vgn-Hpd-Reason
VIX-Pulpo-Node
X-Erf-Bev-Bev-Is-Generated
X-Jobs
X-Erf-Bev-Bev
X-Varnish-Backend
X-Yottaa-Optimizations
Access-Control-Request-Headers
X-Rule
X-Yottaa-Metrics
X-UUID
X-Proxy
X-Revision
X-Cacheable-TTL
X-Debug
X-Proxy-Cache-Status
X-Page-View
X-Instance
X-Cache-Action
NGB
Akamai-GRN
X-RemovedCookies
X-ProcessESI
X-Framework
X-Drupal-Cache-Contexts
Surrogate-Key
X-Device-Type
X-G
X-B
X-Cache-Time
X-FW-Version
X-Debug-IsConnected
X-Debug-IsPreview
X-Accel-Buffering
CF-IPCountry
SID
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cache-NGX
X-XRDS-Location
X-Presslabs-Stats
GEO-INFO
Uber-Trace-Id
X-Air-Source
X-Air-Hostname
Count-Hit
X-Air-Trace-Id
X-Azure-Ref
X-Cache-Operation
X-Ms-Version
X-Ms-Request-Id
X-Nginx-Cache
X-RateLimit-Limit
X-Source
X-PressLabs-Stats
X-APP-VERSION
X-Zen-Fury
X-EdgeConnect-Cache-Status
Protected
DynaTrace
Frame-Options
Liferay-Portal
X-RTag
X-Cache-Hit
X-CDN-Forward
X-Trace-Id
WPO-Cache-Status
WPO-Cache-Message
MS-CV
Ms-Operation-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Servername
X-Cache-TTL-Remaining
Ec-Rule-Version
X-Backend-Name
X-Hyper-Cache
Healthy
Countrycode
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Mode
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Backend
X-L-Path
X-Environment-Context
Content-Disposition
Xserver
X-Varnish-Server
X-Adobe-Loc
X-Adobe-Content
Url
X-JoinUs
Meta-Geo
X-Cache-Grace
X-RN-RSRV
X-UPSTREAM-Address
X-SaId
X-Rewrite-Enabled
LB
X-Detected-As
X-Sorting-Hat-PodId
X-Extlb
X-Generation-Time
Country-Code
X-Redis-Cache
X-Proxied
Decoy-Debug-Key
X-Sorting-Hat-ShopId
Decoy-Debug-TTL
Eomportal-Instance
Decoy-Debug-Status
X-Routing-Service
X-Content-Age
X-Tid
X-ShardId
X-Alternate-Cache-Key
X-Zipkin-Id
X-Region
X-Ratelimit-Remaining
X-Format
X-ShopId
X-Shopify-Stage
X-Cache-Server
X-Access
X-Forwarded-Host
Mn-Server-Ip
Apigw-Requestid
X-Hosted-By
X-ApacheServer
X-PHP-Backend
X-Human
Cache-Name
X-Uri
X-UA-Device-Type
X-Status
X-Site-Version
X-Sql-Count
X-Sql-Duration-Ms
X-Section
X-FB-TRIP-ID
Retry-After
X-No-Session
X-PERF
X-Microcachable
X-NCache
X-Origin-Date
X-SayCDN-TTL
X-Web-Node
Property-Id
X-Timing-Wait
TWC-Device-Class
TWC-Connection-Speed
X-Generated-By
X-Storage
CDN-RequestId
CDN-RequestCountryCode
CDN-Uid
X-OCL
Fastly-SSL
X-Say-TTL
CDN-PullZone
X-NYM-Debug-Backend
X-ServerID
X-Varnish-Beresp-Grace
X-Via-Fastly
X-Server-W
X-Cache-Type
X-Pubstack
X-Content-Powered-By
X-Cluster-Node
X-PCL
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Proxy-Build
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
X-Origin-Hint
X-Say-Cacheable
Selected-Fe
CDN-Cache
CDN-EdgeStorageId
CDN-CachedAt
X-NewRelic-App-Data
X-Soup
X-BYPASS-REASON
X-R9-Blue-Green-Version
X-Hl-Ver
X-Cache-Host
X-Debug-Cache
X-ProxyCache-Key
X-ProxyCache-Status
X-Varnishpool
X-Be
Cache-Tv-Group
X-Akamai-Edgescape
Section-Io-Cache
X-Nginx-Cache-Key
Azure-InstanceId
Azure-Version
Azure-RegionName
Azure-SlotName
Azure-SiteName
Content-Secure-Policy
X-LSADC-Cache
X-TIME
X-Ua
X-Cache-Remote
X-Unique-Id
X-Webkit-CSP
DB-Nickname
X-Dc
X-Cached-By
X-Azure-Ref-OriginShield
X-Platform-Server
X-Bc-Bl
X-TT-LOGID
X-Akamai-Transformed
X-Auto-Login
Cache
Source
OT-Force-Account-Verify
X-Xfnlog-Site
From-Origin
ServedBy
Upgrade-Insecure-Requests
X-Cache-Tags
X-Varnish-Cache-Hits
X-LAGOON
Xet-Cookie
SRV
X-Origin-CC
X-ECache
X-Request-Time
X-GEO
X-Origin-TTL
X-AOL-HN
X-NWS-UUID-VERIFY
X-Cdn
X-Varnish-Hits
Cache-Hits
HostName
X-Varnish-Hostname
X-Request-Host
Mime-Version
Webserver
WP-Super-Cache
X-TNCMS
X-CSRF-Token
Onion-Location
X-Loop
X-App-Version
X-HTML-Minification-Powered-By
X-S-Maxage
X-FireWall-Port
X-Cache-Enabled
X-EC-Lua
X-Time
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Web-Mar-Node
S-Rt
X-Handled-By
X-SRV
N-Cache
X-Akamai-Request-ID2
X-RCS-CacheZone
X-Http-Reason
X-Adobe-Source
X-Reqid
X-B3-SpanId
X-Origin-Response-Time
X-Proto
X-Tenant
X-Endurance-Cache-Level
X-Vdms-Path
X-Vtex-Remote-Cache
X-Mg-Request-UUID
X-Conf
X-PAYTM-SRV-ID
Nel
X-Epic-Correlation-Id
X-Gen-Mode
X-TIM-N
X-A
X-A-Dam
X-A-Ccd
X-CF-Lambda-Version
X-Orig-Expires
X-NAPM-TraceId
DCR-Processing-Time-Ms
X-Hnp-Log
X-VG-WebCache
X-GG-Cache-Date
DCR-Decision-By
User-Cache-Control
X-Developer
X-Destination
A
X-Ig-Push-State
X-ND-Cache
X-Connection-Hash
X-Vdms-Version
X-PBS-Appsvrname
Fastcgi-X-Cache-Version
X-D
Expiry
X-AWS-Id
X-Vtex-Processado-Em
X-External-Request-Id
X-SD-PageType
Rendered-Blocks
X-Amz-Meta-S3cmd-Attrs
X-A-Dcw
X-ARC
X-ScT
X-CF-Lambda-Fn
X-S-Cookie
Redirect-Candidate
X-Application
Sslversion
X-Aed
X-SRCache-Key
X-Slack-Backend
X-Forwarded-Path
X-Shop-Environment
X-A-Dgt
X-Session-Fingerprint
Xc-Version
X-LJ-Flow-ID
X-Rojux
X-S
Mobile-Detection-Method
Pramga
X-Correlation-ID
Meta-Geo-Continent
Server-Info
X-VWS-Id
X-Cache-NE
X-A-Wwc
X-Block-Status
X-Processor
BehaviorPad-Version
X-Backend-TTL
Odigeo-Trace-Id
Surrogated-Key
X-B-Cookie
X-Ftr-Request-Id
X-Locale
X-Magnolia-Registration
X-Edge-Location
X-MP-GENERATED-AT
CacheControlHeader
X-Device-Os
Apple-News-Services-Request-Url
CDCHOST
Arc-Country
Apple-News-Services-Parsed-Url
X-Cache-Bucket
X-Accel-Expires-Debug
State
X-Aicache-OS
Origin-EX
Origin-CC
Svr
Wxu-Next-Region
Vix-Hermes-Req-Id
Traceparent
Wxu-Next-Commit
Wxu-Next-Hostname
Origin
Apple-News-Services-Host
Gh-Request-Id
X-Core-Mission
Fastcgi-Cache-TTL
X-Date
X-Cluster
X-Ckpd-Fst-Backend
X-Cache-Date
X-Cache-Info
X-Cdn-Srv
Host-ID
DSUID
X-Men
X-Nyt-Route
V-Age
X-Origin-Expires
X-Rocket-Nginx-Serving-Static
X-Webstats-RespID
X-Location
X-Mvc-Supplant-Cachable
X-Origin-Time
X-Planisys-CDN-Cache
X-Server-IP
X-Scheme
X-Request-URI
X-Policy
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Apple-News-Services-Handled
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Gdpr
X-Forwarded-Site
X-VG-TLSProxy
X-Fetched-On
X-Geo-Header
X-GeoIP-Country-Code
X-V-Cache
AKAMAI
X-Viewer-Country
X-Hash
X-Fastly-Cache
X-GeoIP-Region-Code
CloudFront-Viewer-Country
X-Via-NSCOPI
X-Time-Microsecs
X-Sigma
X-Served-From
X-ATG-Version
X-Fastly-Backend
X-Sigma-Backend
X-Cdn-Origin
We-Hiring
X-Sucuri-ID
X-UnsetCookies
X-TH-Server
X-Thinkindot-L3
X-VarnishDD-TTL
X-Sucuri-Cache
X-Skip-Cache
X-TrackingId
Web-Mar-Region
X-Storefront-Renderer-Rendered
X-VServer
X-Cache-Debug
X-HS-Content-Campaign-Id
X-HN
X-Irp-Debug
X-Csrf-Jwt
X-Level-Front-Cache
X-GeoIP-City
X-Developers
X-Eu-Site
X-Gamma-Serve
X-Generated-On
X-Envoy-Decorator-Operation
X-GeoIP
X-Core-Value
X-Node-Id
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-BBC-Edge-Cache-Status
X-RateLimit-Remaining-Second
X-Region-Sid
X-Restarts
X-Platform
X-NodeID
X-Old-Content-Length
X-Origin
X-Sn-Servicetimems
X-Rocket-Build-Number
X-CGP
Machine
Locid
L5d-Success-Class
Mail-Subject
X-Amzn-RequestId
Release
PFcat
L
HA-Ipaddr
Cmstype
Cmsid
X-Varnish-Ttl
Fastly-GeoIP-CountryCode
Ha-Gx-Prefs
AMP-Access-Control-Allow-Source-Origin
Req-Svc-Chain
X-Amz-Apigw-Id
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
Ssr
TDXMobile
X-Zone
Environment
X-JWT-State
X-Is-Gdpr
X-Worker
X-Qloud-Router
X-Req
X-Loc
X-Gzip
X-PHP-Host
X-Owner
X-Varnish-Beresp-Ttl
X-Pod-Name
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Li-Fabric
X-Has-Esi
Fastly-SIE
Cf-Device-Type
X-Varnish-Beresp-Status
Fastly-SWR
X-Labrador-Cache-Channel
X-Li-Pop
X-LI-UUID
X-Rebelmouse-Surrogate-Control
X-Amzn-Remapped-Content-Length
X-Branch-Name
X-Cache-Id
X-FC-Vary-Parameters
Fastly-Drupal-Html
Memcached
Accept-Language
X-Response-By
X-Esi-Check
Server-Host
X-Rebelmouse-Cache-Control
X-Xrds-Location
X-VC-Cache
X-Action
X-DB
X-Cache-Var-Map
X-DefElseHash
Platform
X-DefHash
X-DPWN-IS-SECURE
X-NU-AKA-ACS-Version
Is-Eu
Adler-Geo
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
X-Cache-Var
X-Varnish-Remaining-TTL
X-Tx-Id
X-RPS
X-DI
NM-Fastcgi-Cache
X-Cache-Backend
NGX
X-RPM
X-DW
Magicmarker
X-DSS
X-Backend-State
X-RSL
X-Ua-Device
X-TraceId
X-Srv
X-Wix-Viewer-Type
X-NC
X-CS
Edge-Cache
Kp-EeAlive
X-Mvc-Supplant-OutputCached
X-Up
Pics-Label
X-API-Version
X-Generated-In
CDN
X-CacheTTL
X-Request-Start
X-LB-NoCache
X-LB-ID
X-Tb-Optimization-Total-Bytes-Saved
Ms-Author-Via
X-Thanos
X-Optimistic-Header
Time
Locale
X-Bip
X-Minions-Version
X-Urbn-Site-Id
X-Trace-ID
Memory
X-Urbn-Context-Path
X-Qnm-Cache
X-Tt-Logid
X-M-Reqid
X-M-Log
X-Edge-Pop
Env
X-Refresh
X-Via-Poph
X-Via-Popv
X-Cache-Config
X-Via-Popn
WebServer
X-TA-CDN-Provider
X-Ec-Fail
X-Ec-GeoHdr
GeoIp-Country-Code
X-HA-Backend
X-User
X-Parent-Response-Time
X-DC
X-Servedbyhost
X-CACHE-KEY
Candidate-Md5Url
Server-ID
X-Cs
Datacenter
NtCoent-Length
X-Esi
X-DynaTrace-JS-Agent
X-Vc
X-MSEdge-Flight
X-ZONE
X-MSEdge-Features
Cdncip
X-Dynatrace
X-TX-ID
Cdnsip
X-AK-Request-ID
X-CLOUD-TRACE-CONTEXT
On-Server
Cluster
My-App
X-Fmm-Version
WWW-Authenticate
X-Clara-WADP
X-WADP-Cache
X-Varnish-Beresp-TTL
X-Datadome
DataCenter
X-Pass-Why
X-CUA
Tracecode
Esi-Enabled
Geoip-Latitude
X-Traceid
X-Fpc
X-App
Lfy
X-From
X-VCL-Version
X-Var-Ttl
X-Cache-Ttl
T-Server
X-URL
X-B3-Spanid
X-Fragments
C-Via
X-Webkit-Csp-Report-Only
X-Service
Geo-Info
X-LI-Proto
X-Unique-ID
Lang
X-Cache-PHP
X-FPC
X-Li-Proto
X-VC
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
Target-Params
X-Vcl-Version
X-Newrelic-Synthetics
Proxy-Connection
X-Webkit-CSP-Report-Only
X-NODE
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Test
X-Provided-By
X-Mcache
X-Render-Time
X-Cache-Status-Check
Server-Id
M-TraceId
X-LiteSpeed-Cache-Control
X-RAMCache
Resin-Trace
X-CSRF-TOKEN
MIME-Version
X-Ha-Backend
Hostname
X-ID
WZWS-RAY
X-Proxy-Cache-Info
X-Httpd
Permissions-Policy
X-Geo
Servername
X-ServedByHost
FSS-Cache
X-B3-Traceid
X-Via-PopH
X-Via-PopV
X-Clientip
GeoIP-Country-Code
X-Via-PopN
Hit
X-Api-Version
X-SB
X-Udemy-Cache-App-Namespace
X-Dynatrace-Js-Agent
X-NGINX-Cache
X-Cdn-Forward
X-Pool
X-Edge-POP
Producers
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Pad
ENV
X-Fastly-Backend-Reqs
X-Ec-Custom-Error
UCS
HIT
X-LiteSpeed-Tag
X-Edge-Cache
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
Cache-Host
X-Oss-Hash-Crc64ecma
X-UP
X-Ucs
MD5-Digest
X-Scale
X-Dispatcher-Number
X-AIR-PT
S-Cnection
Section-Origin-Responded
Cneonction
X-HS-Status
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Info
X-ElasticPress-Query
Section-Io-Id
Cf-Ipcountry
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Uri
X-Acquia-Application-Trace
ServerName
Sever-Int
X-Cache-Expires
X-SIPLIST1
X-Via-Ucdn
Server-Hostname
Server-Ext
X-Lb-Nocache
X-Cache-CFC
IsBot
PICS-Label
X-Acquia-Site
X-Check-Cacheable
X-BBC-Origin-Response-Status
URI
X-GoCache-CacheStatus
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Ohc-File-Size
X-Cdn-Request-ID
X-Release
X-Fastly-Cache-Hits
Server-Ttl
X-RateLimit-Reset
Cteonnt-Length
X-Micro-Cache
Fastly-Backend-Name
X-Snapshot-Date
Tcn
X-Lb-Id
User-Agent
X-Nc
X-Cms-Context
X-Swift-Error
Sid
X-Akamai-Path-Stats
X-Dw-Trace-Id
X-Akamai-ERPolicy
Ngx
X-Akamai-ERRuleID
X-Backend-Host
X-Wikidot-Backend
X-Wikidot-Static-Cache
Vha6-Origin
CF-Cached-On
X-B3-ParentSpanId
X-Yottaa-OS
Wpo-Cache-Status
X-Newrelic-App-Data
Wpo-Cache-Message
X-Vcache
X-HostName
X-Cache-Ngx
X-Air-Pt
X-ServerName
Load-Balancing
Req-ID
X-UA
X-B3-Parentspanid
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
X-Fetch-By
X-WA-Info
X-Akamai-Pragma-Client-IP
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Shield-Pop
X-Last-Modified
X-Varnish-Authentication
X-Http-Count
X-Http-Duration-Ms
X-Sentry-ID
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Te-Count
X-Te-Duration-Ms
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-BCube-Filmed-By
X-Akamai-Request-ID
EpKe-Alive
CountryCode
X-Logging-Id
X-CacheKey
X-APP