Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
CF-RAY
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
Feature-Policy
X-Content-Security-Policy
X-Iinfo
X-Envoy-Upstream-Service-Time
Content-Encoding
P3p
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
EagleId
X-Backend
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Vhost
CONTENT-SECURITY-POLICY
X-Amz-Version-Id
X-Ua-Compatible
X-LiteSpeed-Cache
X-Dispatcher
EagleEye-TraceId
X-Nginx-Cache-Status
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
X-Host
Allow
X-Akamai-Path-Stats
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Accept-CH
X-Backend-Server
X-CST
Request-Id
X-Akam-SW-Version
X-Readtime
X-HW
X-Cache-Lookup
X-Response-Time
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Url
Cf-Edge-Cache
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-MS-InvokeApp
X-Rack-Cache
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Content-Type
X-ESI
X-Varnish-TTL
X-B3-TraceId
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-Ac
X-Cdn-Fetch
X-Amz-Rid
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Px
X-Cnection
Public-Key-Pins
X-Dw-Request-Base-Id
X-Element-Page-Cache
Accept-Ch
Verso
X-D2id
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-Navigation-Version
X-Abt-Application-Version
X-RateLimit-Remaining
X-Client-IP
X-Powered-By-Plesk
Service-Worker-Allowed
X-FastCGI-Cache
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Ser
X-Country-Code
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-Version
X-NF-Request-ID
X-Middleton-Response
Response
Access-Control-Request-Method
X-Edge
X-Goog-Hash
X-Ruxit-Js-Agent
X-Correlation-Id
X-Upstream
AR-Request-ID
AR-CACHE
AR-PoweredBy
AR-ATIME
AR-SID
X-Kinsta-Cache
X-Webkit-Csp
X-TTL
X-Edge-Location-Klb
X-Cached
X-Ttl
SPIisLatency
SPRequestDuration
X-LLID
X-Instrumentation
X-Kraken-Loop-Name
MS-Author-Via
X-Server-Lifecycle-Phase
Nginx-Cache
X-NWS-LOG-UUID
X-Litespeed-Cache
X-Powered-CMS
Edge-Cache-Tag
TCN
X-RateLimit-Limit
X-Cache-Key
Mrf-Cache-Status
MRF-Tech
X-Forwarded-For
X-MSEdge-Ref
SPRequestGuid
X-SharePointHealthScore
Content-MD5
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Id
X-Content-Security-Policy-Report-Only
X-T
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-Language
X-Ua-Device
X-Protected-By
X-Content-Digest
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Frontend
X-DataDome
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-Content
X-Ua-Browser
X-Ab
Server-Node
Front-End-Https
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Filters
MicrosoftSharePointTeamServices
X-Server-ID
X-Accel-Expires
X-Grace
Fastcgi-Cache
X-Mid
X-Template
X-Geo-Country
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Hits
X-ECACHE
X-Ratelimit-Reset
X-Origin-Server
X-Debug-Info
TP-Cache
X-Distributor
TP-L2-Cache
X-Amzn-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Charset
X-PressLabs-Stats
Host
X-Page-Id
Cleartype
X-DIS-Request-ID
X-F-Cache
X-Git-Hash
X-Www-Served-By
Cross-Origin-Opener-Policy
X-B3-Sampled
X-DynaTrace
Cache-Tags
ServerID
X-LB-Cache
X-Forwarded-Proto
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-Cache-Age
X-Seen-By
X-Aspnetmvc-Version
Server-Name
X-Cluster-Name
X-Az
X-Activity-Id
X-AppVersion
Realpath
Accept-Charset
X-WebKit-CSP-Report-Only
X-Varnish-Age
X-Microsite
X-MCACHE
X-Request-Handler-Origin-Region
X-Rid
X-Type
X-Content-Options
Filterid
X-Origin-Cache
X-Upgrade-Enabled
Cache-Status
X-Via-JSL
X-Mobile-URL
X-App-Environment
X-FB-Debug
X-XRDS-LOCATION
X-Oracle-Dms-Ecid
Node
X-Oracle-Dms-Rid
Country
X-User-Agent
X-Varnish-Grace
X-Wix-Request-Id
X-Tb
Viewport
X-Drupal-Cache-Tags
X-Flags
DC
X-Aspnet-Duration-Ms
Paypal-Debug-Id
X-Providence-Cookie
X-B-Cache
X-Is-Crawler
X-Request-Guid
X-Route-Name
X-Signature
X-Whom
X-NWS-UUID-VERIFY
Protected
X-TT
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
Fastcgi-Useragent
X-Nginx-Upstream-Cache-Status
X-VCache
Retry-After
X-Varnish-Backend
X-Contextid
X-Fastly-Request-ID
X-Fastly-Request-Id
X-Cache-NGX
X-Fastcgi-Cache
Payment
X-Amz-Replication-Status
X-B
X-N
X-Debug
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-Logged-In
WPO-Cache-Status
WPO-Cache-Message
X-Parallel-Accel
X-Load-Cache
X-Hostname
Surrogate-Key
X-Buckets
X-Node-Name
X-Cache-Control
X-XRDS-Location
X-Browser-Type
Amp-Access-Control-Allow-Source-Origin
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
SD-X-WS
X-Original-Request-Id
Count-Hit
X-Response-Served-From
X-Mobile
Akamai-GRN
X-Trace-Id
X-Proxy
Healthy
VIX-Pulpo-Node
Uber-Trace-Id
X-Is-Bot
VIX-Pulpo-Upstream-Status
X-Revision
X-Jobs
X-Akamai-Request-ID2
X-Real-IP
X-Rendered-As
X-UUID
X-Cache-Time
X-G
Refresh
X-Cacheable-TTL
X-Zen-Fury
X-Page-View
X-Framework
X-Cache-Rule
X-Http-Reason
X-Cache-TTL-Remaining
X-Yottaa-Optimizations
X-Device-Type
Alternate-Protocol
X-Yottaa-Metrics
X-Debug-IsPreview
X-Drupal-Cache-Contexts
NGB
X-Instance
X-Debug-IsConnected
X-Proxy-Cache-Status
X-Vgn-Hpd-Reason
Content-Disposition
X-Amz-Meta-S3cmd-Attrs
Access-Control-Request-Headers
X-Adobe-Content
X-Adobe-Loc
X-IPLB-Instance
From-Origin
X-Source
X-B3-Traceid
Url
X-Servername
Version
X-Cache-Expired-At
X-Cache-Grace
X-Oneagent-Js-Injection
X-Cache-Hit
Referer-Policy
X-Mcache
X-ECache
Accept-Language
X-Varnish-Server
X-Ratelimit-Remaining
X-Environment-Context
X-L-Path
X-App-Server
X-EdgeConnect-Cache-Status
X-FW-Version
X-Mg-Request-UUID
Permissions-Policy
X-Cache-Action
Countrycode
Cross-Origin-Window-Policy
Ms-Operation-Id
MS-CV
X-RTag
X-NGENIX-Cache
X-Restarts
X-Tumblr-User
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-ProcessESI
X-Hyper-Cache
X-RemovedCookies
X-COUNTRY
Backend
CF-IPCountry
X-NYM-Debug-Backend
Liferay-Portal
X-Nginx-Cache
X-Rule
Content-Secure-Policy
Ec-Rule-Version
WP-Super-Cache
X-PCL
X-UPSTREAM-Address
Upgrade-Insecure-Requests
X-RN-RSRV
X-HTML-Minification-Powered-By
X-OCL
X-Redis-Cache
X-Cache-Server
Meta-Geo
Frame-Options
X-Unique-Id
X-Content-Age
Cache-Tv-Group
Apigw-Requestid
Section-Io-Cache
X-Access
X-Cluster-Node
X-Format
X-Cache-Enabled
X-Section
X-Generation-Time
X-Detected-As
X-FB-TRIP-ID
X-No-Session
X-Ua
X-UA-Device-Type
X-Hosted-By
X-Generated-By
Azure-InstanceId
X-Server-W
X-SayCDN-TTL
X-PHP-Backend
X-Urbn-Context-Path
X-Origin-Date
X-Urbn-Site-Id
X-Uri
X-Varnish-Cache-Hits
X-Sql-Count
X-Via-Fastly
X-Origin-Hint
X-PERF
X-Human
X-Site-Version
X-Web-Node
Azure-RegionName
X-Storage
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
S-Rt
TWC-Connection-Speed
X-Sql-Duration-Ms
X-Akamai-Edgescape
X-AOL-HN
X-Say-TTL
X-Say-Cacheable
Azure-Version
Azure-SlotName
Mn-Server-Ip
X-Request-Time
Fastly-SSL
X-ApacheServer
X-Be
X-Region
Locale
Azure-SiteName
TWC-Device-Class
X-Mode
Eomportal-Instance
X-Xfnlog-Site
X-Webkit-CSP
X-Platform-Server
CDN-Uid
CDN-RequestId
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
X-Accel-Buffering
X-Cache-Host
X-Forwarded-Host
X-ProxyCache-Key
X-Status
X-Nginx-Cache-Key
X-ProxyCache-Status
X-Debug-Cache
CDN-Cache
X-Cache-Tags
X-Cache-Type
X-Content-Powered-By
X-BYPASS-REASON
X-Cache-Operation
X-Tid
X-Varnishpool
X-ShopId
X-Zipkin-Id
X-Sorting-Hat-PodId
X-Hl-Ver
X-Alternate-Cache-Key
X-APP-VERSION
X-ShardId
X-Proxied
X-SaId
X-JoinUs
X-Routing-Service
X-Backend-Name
X-Sorting-Hat-ShopId
X-ServerID
X-Shopify-Stage
X-Extlb
Webserver
X-NewRelic-App-Data
X-Proxy-Build
X-Timing-Wait
ServedBy
Selected-Fe
X-Ratelimit-Limit
X-Cache-Remote
X-Adobe-Source
X-Handled-By
X-TT-LOGID
Xserver
X-Datadome
X-Rewrite-Enabled
X-Locale
SID
X-Dc
X-GG-Cache-Date
X-Labrador-Cache-Channel
X-PHP-Host
X-Pubstack
X-Soup
X-LSADC-Cache
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
SRV
X-Cached-By
X-VC-Cache
LB
Country-Code
Fastly-Drupal-Html
Mime-Version
X-CDN-Forward
X-Request-Host
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Microcachable
X-GEO
Web-Mar-Node
X-Reqid
X-Edge-Location
X-Proto
X-Storefront-Renderer-Rendered
X-App-Version
Onion-Location
X-TA-CDN-Provider
X-Origin-CC
X-Origin-TTL
X-Ms-Request-Id
X-Ms-Version
Server-Info
Xet-Cookie
X-Varnish-Hostname
X-Cms-Context
X-NCache
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Cache-Hits
DynaTrace
X-Air-Source
X-CSRF-Token
X-Bc-Bl
X-Air-Trace-Id
X-Air-Hostname
X-R9-Blue-Green-Version
X-SRV
X-Cluster
X-Tec-Api-Version
X-Varnish-Beresp-Grace
X-Tec-Api-Origin
Cache-Name
X-Tec-Api-Root
X-B3-SpanId
X-GeoCountry
Load-Balancing
X-GeoCode
X-Amz-Apigw-Id
X-Varnish-Hits
X-Amzn-RequestId
X-Azure-Ref
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Origin-Response-Time
DB-Nickname
X-LAGOON
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-Forwarded-Path
Sslversion
X-CF-Lambda-Version
X-CF-Lambda-Fn
Surrogated-Key
T-Server
X-Conf
Rendered-Blocks
Odigeo-Trace-Id
NM-Fastcgi-Cache
X-D
Pramga
X-Connection-Hash
X-Cache-NE
X-Cache-Id
X-B-Cookie
X-A-Wwc
X-Aed
X-AK-Request-ID
X-Application
X-A-Dgt
X-A-Dcw
X-Cache-Bucket
X-A
X-A-Ccd
X-A-Dam
Mobile-Detection-Method
Meta-Geo-Continent
X-Ftr-Request-Id
Cdnsip
Cmsid
Cmstype
X-From
Cdncip
X-Geo-Header
X-Envoy-Decorator-Operation
X-Gzip
A
BehaviorPad-Version
DCR-Decision-By
DCR-Processing-Time-Ms
Host-ID
X-Ec-Fail
Lang
X-Developer
X-Destination
X-Ec-GeoHdr
X-Epic-Correlation-Id
Expiry
Fastcgi-X-Cache-Version
X-External-Request-Id
X-Esi-Check
X-Hash
X-Magnolia-Registration
X-TrackingId
X-Rojux
X-Vdms-Path
X-SRCache-Key
X-PBS-Appsvrname
X-Shop-Environment
X-PAYTM-SRV-ID
X-Varnish-Ttl
X-Vdms-Version
X-Tenant
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Processor
X-TIM-N
X-VG-WebCache
Xc-Version
X-Men
X-User
X-S
X-S-Cookie
X-ScT
X-SD-PageType
X-NodeID
X-NAPM-TraceId
X-ARC
X-Session-Fingerprint
X-Orig-Expires
X-TIME
X-Via-NSCOPI
Environment
X-DSS
X-Fastly-Cache
X-Device-Os
X-Developers
X-DI
X-DPWN-IS-SECURE
X-Server-IP
X-Sigma
X-Sigma-Backend
Fastly-GeoIP-CountryCode
X-DW
X-Slack-Backend
X-Fetched-On
Is-Eu
X-DefElseHash
X-Variation
X-Clara-WADP
X-V-Cache
X-Core-Mission
X-Core-Value
Server-Host
X-Ckpd-Fst-Backend
X-Varnish-Remaining-TTL
State
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Svr
Producers
Platform
X-DefHash
X-SVT-ORM-VERSION
Memcached
Mail-Subject
X-SVT-ORM-RULES
X-Fmm-Version
X-DB
X-TNCMS
X-Cdn-Srv
X-Cache-Info
X-VG-TLSProxy
Machine
User-Cache-Control
X-Irp-Debug
X-Worker
X-Is-Gdpr
X-JWT-State
X-Planisys-CDN-TTL
X-Wix-Viewer-Type
X-Block-Status
X-Cache-Backend
X-Hnp-Log
X-WADP-Cache
X-Webstats-RespID
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Tx-Id
X-Node-Id
X-Mvc-Supplant-Cachable
X-Location
X-Loop
X-Nyt-Route
X-Old-Content-Length
X-Origin-Time
X-Origin-Expires
X-Origin
X-Amzn-Remapped-Content-Length
Wxu-Next-Region
X-Viewer-Country
Apple-News-Services-Request-Url
X-GeoIP
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Has-Esi
Vix-Hermes-Req-Id
V-Age
X-Gdpr
X-RPS
X-RPM
X-Gen-Mode
X-RSL
Apple-News-Services-Handled
Web-Mar-Region
X-Request-URI
Wxu-Next-Commit
We-Hiring
X-Rocket-Build-Number
AKAMAI
X-Scheme
Adler-Geo
Wxu-Next-Hostname
CDN
X-SB
X-Branch-Name
X-Auto-Login
X-VServer
X-Cache-Date
X-Cdn-Origin
X-VarnishDD-TTL
X-Eu-Site
X-RateLimit-Limit-Second
X-Qloud-Router
X-Proxy-Upstream
X-RateLimit-Remaining-Second
X-HN
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Proxy-Cache-Info
X-Policy
X-Loc
X-Minions-Version
X-Level-Front-Cache
X-Platform
X-Httpd
X-Pod-Name
X-Region-Sid
X-Response-By
X-Thinkindot-L3
X-Date
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Sn-Servicetimems
X-Skip-Cache
X-Rocket-Nginx-Serving-Static
X-GeoIP-City
X-Generated-On
X-Gamma-Serve
X-Served-From
X-Forwarded-Site
X-CGP
X-BBC-Edge-Cache-Status
N-Cache
CDCHOST
Locid
L5d-Success-Class
L
Origin-CC
Origin-EX
HostName
X-Akamai-Transformed
X-EC-Lua
PFcat
Kp-EeAlive
HA-Ipaddr
Arc-Country
Source
Cache
Cluster
CloudFront-Viewer-Country
Fastcgi-Cache-TTL
Fastly-SIE
X-TraceId
Ha-Gx-Prefs
Gh-Request-Id
Fastly-SWR
Redirect-Candidate
Origin
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
Ssr
X-Accel-Expires-Debug
Req-Svc-Chain
X-Aicache-OS
Traceparent
Release
X-Midtier
GEO-INFO
DSUID
X-GeoIP-Country-Code
X-Pool
X-Optimistic-Header
X-GeoIP-Region-Code
AMP-Access-Control-Allow-Source-Origin
NGX
X-Ec-Custom-Error
X-Parent-Response-Time
X-CS
X-NC
MD5-Digest
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Time
X-Owner
X-Srv
X-Udemy-Cache-App-Namespace
Fusion-Source
X-CacheTTL
X-Dispatcher-Number
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-API-Version
X-Ah-Environment
Pics-Label
Fusion-Component-Id
X-Tb-Optimization-Total-Bytes-Saved
Fusion-Deployment-Id
X-Cache-Debug
Env
X-VC
X-ZONE
Ms-Author-Via
X-Newrelic-Synthetics
X-Tt-Logid
Server-Hostname
Server-Ext
Servername
X-SIPLIST1
X-LB-NoCache
X-Mvc-Supplant-OutputCached
X-Scale
Time
Memory
X-Refresh
X-Via-Ucdn
X-Edge-Pop
IsBot
Sever-Int
CacheControlHeader
X-Generated-In
X-Presslabs-Stats
X-Action
Geo-Info
True-Client-Country-4JS
X-TH-Server
X-Xrds-Location
Ohc-File-Size
X-Via-Popn
X-Via-Poph
X-CACHE-KEY
X-Via-Popv
X-Backend-TTL
GeoIp-Country-Code
X-Wikidot-Static-Cache
X-Wikidot-Backend
FSS-Cache
X-BCube-Filmed-By
Cache-Key
Candidate-Md5Url
Datacenter
X-Amz-Meta-Cb-Modifiedtime
X-Servedbyhost
X-HA-Backend
X-Ad-Defer-Variation
X-S-Maxage
X-RateLimit-Reset
Edge-Cache
X-SplitTest
X-Req
X-IPLB-Request-ID
VNS-Age
CPC-Age
X-Contensis-Viewer-Groups
X-Cache-ASPX
Client
CPC-Cache
X-Vc
VNS-Cache
Geoip-Latitude
X-Varnish-Beresp-TTL
X-Provided-By
X-WA-Info
X-VCL-Version
X-Dynatrace
My-App
X-Zone
ITXSESSIONID
X-Varnish-Authentication
XM
Fastly-Backend-Name
X-Cs
X-VHOST
X-Trace-ID
Path
X-Micro-Cache
Server-ID
X-DC
X-Origin-Upstream-Status
Hostname
DataCenter
X-Cache-Status-Check
X-AIR-PT
X-Up
Ohc-Cache-HIT
X-Pass-Why
X-LB-ID
X-TX-ID
Cache-Host
True-Client-IP
X-Fpc
X-FireWall-Port
Lb
NtCoent-Length
Ngx.Var.Host
X-Webkit-Csp-Report-Only
OT-Force-Account-Verify
X-B3-Spanid
X-FPC
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-Clientip
X-UnsetCookies
X-ND-Cache
Test
X-Varnish-Beresp-Ttl
X-Proxy-CacheRZ
X-Traceid
XkeyRZ
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-CUA
X-CSRF-TOKEN
X-Api-Version
Powered-By
X-Time-Microsecs
X-Correlation-ID
X-Beluga-Record
Proxy-Connection
User-Agent
X-Beluga-Node
X-Webkit-CSP-Report-Only
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Trace
X-Beluga-Cache-Status
Server-Id
Tracecode
X-Cdn-Request-ID
X-Fragments
X-RAMCache
Target-Params
Cf-Device-Type
X-Vcl-Version
X-Azure-Ref-OriginShield
X-Fastly-Backend
X-Sucuri-Cache
X-Var-Ttl
X-ATG-Version
X-Sucuri-ID
X-FC-Vary-Parameters
Resin-Trace
Lfy
X-CLOUD-TRACE-CONTEXT
X-ServedByHost
X-HS-Status
WZWS-RAY
X-URL
X-Ha-Backend
X-Platform-Processor
X-Via-PopV
X-MSEdge-Features
X-MSEdge-Flight
X-Via-PopN
X-Dmc
X-Platform-Cluster
X-Platform-Router
X-Via-PopH
X-Geo
X-M-Log
X-Varnish-Beresp-Status
Sid
X-Li-Proto
X-Qnm-Cache
X-Render-Time
X-INCAP-ABP
GeoIP-Country-Code
Uri
X-M-Reqid
X-DynaTrace-JS-Agent
GeoIP-Latitude
X-NU-AKA-ACS-Version
MIME-Version
X-Cdn-Forward
X-LI-Proto
Epwk-X-Cache
X-Fetch-By
X-Alfa-Service
Srvid
C-Via
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Magicmarker
X-PX
Rip
X-Backend-State
X-Proxy-Cache-Hk
X-CCDN-CacheTTL
X-TRACE-ID
X-Check-Cacheable
Fastly-Drupal-HTML
X-Akamai-Pragma-Client-IP
Tube-Get-Contents
X-Request-Start
Tube-Got-Eval
Click-Count-Action-Start
Tube-Got-Results
Click-Count-Error
X-Backend-Host
X-Service
ENV
Tube-Return
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Fastly-Backend-Reqs
X-Gateway-Skip-Cache
Cdn
X-Esi
X-Edge-POP
HIT
Server-Ttl
ServerName
X-Thanos
PICS-Label
X-B3-Traceid-Primal
XServer
X-Cache-CFC
X-Lb-Nocache
Esi-Enabled
X-Cache-Expires
X-Bip
X-Srcache-Store-Status
X-MG-S
X-Srcache-Fetch-Status
Srv
X-LiteSpeed-Cache-Control
Tcn
Section-Io-Origin-Time-Seconds
On-Server
CF-Cached-On
X-ElasticPress-Query
Section-Io-Id
Section-Io-Origin-Status
X-App
X-Yottaa-OS
X-Newrelic-App-Data
Section-Origin-Responded
D-Url-Rewrites
X-Acquia-Purge-Tags
X-Vcache
X-BBC-Origin-Response-Status
X-Serial
Wpo-Cache-Message
X-Cache-Config
X-Iplb-Request-Id
X-Iplb-Instance
Wpo-Cache-Status
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Inserted-Into-Cache-At
X-Nc
X-APP
Cf-Ipcountry
WebServer
X-Acquia-Site
M-TraceId
X-HostName
Servedby
Warning
X-Fastly-Cache-Hits
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Request-URL
X-Akamai-Request-ID
X-IN-APIGATEWAY
X-B3-Parentspanid
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
Cneonction
X-Swift-Error
X-Shopify-Generated-Cart-Token
Cteonnt-Length
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-LiteSpeed-Tag
Ngx
X-Snapshot-Date
Content-Style-Type
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
Content-Script-Type
X-Dw-Trace-Id
X-Request-Url
X-Dist-Code
X-Release
CountryCode
X-CF-Powered-By