Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
Access-Control-Allow-Origin
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
EagleId
Request-Context
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-Dispatcher
X-LiteSpeed-Cache
EagleEye-TraceId
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Allow
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Aws-Lambda-Call-Status
X-CST
X-Server-Id
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Cf-Edge-Cache
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Trace
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Vname
X-MS-InvokeApp
X-TtlSet
X-PC
X-Rack-Cache
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
RTSS
X-Server-Name
X-ESI
X-Content-Type
X-VARITI-CCR
X-B3-TraceId
Accept-Ch
X-Vcap-Request-Id
Cache-Tag
X-Amz-Rid
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Ac
X-Cnection
X-Dw-Request-Base-Id
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Px
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-Client-IP
X-Abt-Application-Version
X-RateLimit-Remaining
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Ser
X-Version
X-Litespeed-Cache
X-Edge
X-GitHub-Request-Id
X-Country-Code
Arr-Disable-Session-Affinity
X-Middleton-Response
Response
Access-Control-Request-Method
X-NF-Request-ID
X-FastCGI-Cache
X-Goog-Hash
X-Correlation-Id
X-Ruxit-Js-Agent
AR-CACHE
X-Kinsta-Cache
AR-ATIME
AR-PoweredBy
AR-SID
AR-Request-ID
X-Webkit-Csp
X-TTL
X-Upstream
X-Edge-Location-Klb
SPRequestDuration
SPIisLatency
X-Ttl
X-NWS-LOG-UUID
X-Cached
X-LLID
X-Cache-Key
X-Powered-CMS
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Nginx-Cache
Edge-Cache-Tag
TCN
X-SharePointHealthScore
SPRequestGuid
X-RateLimit-Limit
X-Forwarded-For
Mrf-Cache-Status
MRF-Tech
X-MSEdge-Ref
MS-Author-Via
Content-MD5
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Recruiting
S
X-Mg-S
X-DataDome
X-Ua-Device
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Protected-By
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Frontend
X-Ab
X-Content
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-Ua-Browser
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
Server-Node
X-Request-Received
X-Accel-Expires
Front-End-Https
X-Request-Processing-Time
X-Grace
Filters
X-Server-ID
Fastcgi-Cache
X-Mid
X-PressLabs-Stats
X-ECACHE
X-Hits
X-Geo-Country
X-ORACLE-DMS-ECID
X-Origin-Server
TP-L2-Cache
X-Distributor
TP-Cache
X-ORACLE-DMS-RID
X-Debug-Info
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Ratelimit-Reset
X-DynaTrace
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amzn-Trace-Id
Charset
Cleartype
Host
X-Page-Id
X-F-Cache
X-DIS-Request-ID
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Www-Served-By
X-Git-Hash
X-Forwarded-Proto
X-Microsite
X-Request-Handler-Origin-Region
X-LB-Cache
Cache-Tags
X-Cache-Age
Access-Control-Allow-Method
ServerID
X-Seen-By
X-Aspnetmvc-Version
X-Cluster-Name
X-Oracle-Dms-Ecid
X-Az
X-Activity-Id
X-AppVersion
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Oracle-Dms-Rid
X-Varnish-Age
Cache-Status
X-Language
Accept-Charset
Server-Name
Realpath
Filterid
X-Type
X-Rid
X-Content-Options
X-Fastcgi-Cache
X-App-Environment
X-Nginx-Upstream-Cache-Status
X-VCache
X-WebKit-CSP-Report-Only
X-Mobile-URL
X-Fastly-Request-ID
Country
X-Upgrade-Enabled
X-Origin-Cache
X-Varnish-Grace
Node
Viewport
X-MCACHE
X-Wix-Request-Id
X-Tb
X-FB-Debug
X-User-Agent
X-Drupal-Cache-Tags
X-Request-Guid
X-Is-Crawler
X-Whom
X-Route-Name
X-Flags
X-NWS-UUID-VERIFY
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-B-Cache
X-Signature
Protected
X-TT
X-Via-JSL
Retry-After
X-GUploader-UploadID
X-Goog-Generation
DC
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Paypal-Debug-Id
X-Goog-Stored-Content-Length
X-Varnish-Backend
Fastcgi-Useragent
X-XRDS-LOCATION
X-Cache-NGX
X-B
X-Amz-Replication-Status
Payment
X-Contextid
X-Debug
X-XRDS-Location
X-Logged-In
WPO-Cache-Status
X-Template
WPO-Cache-Message
X-Load-Cache
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-N
X-FW-Server
X-FW-Static
X-Mcache
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Request-Id
X-Cache-Control
X-Node-Name
X-Hostname
Count-Hit
X-Erf-Bev-Bev-Is-Generated
X-Amz-Meta-S3cmd-Attrs
X-Browser-Type
X-Erf-Bev-Bev
Akamai-GRN
X-Original-Request-Id
X-Response-Served-From
SD-X-WS
Healthy
Refresh
X-Proxy
Uber-Trace-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Content-Disposition
X-Cache-Time
X-Revision
X-Jobs
X-Is-Bot
X-G
X-Rendered-As
X-Cache-TTL-Remaining
X-UUID
X-Real-IP
X-Zen-Fury
X-Akamai-Request-ID2
X-Page-View
X-Parallel-Accel
X-Http-Reason
X-Debug-IsConnected
X-Drupal-Cache-Contexts
X-Cacheable-TTL
X-Proxy-Cache-Status
X-Yottaa-Metrics
X-Device-Type
X-Debug-IsPreview
X-Instance
Alternate-Protocol
NGB
X-Framework
X-Adobe-Loc
X-Yottaa-Optimizations
X-Adobe-Content
X-Trace-Id
Access-Control-Request-Headers
X-Mobile
X-IPLB-Instance
Url
X-Cache-Rule
X-ECache
Permissions-Policy
X-Source
X-Servername
X-B3-Traceid
X-Vgn-Hpd-Reason
From-Origin
Version
X-Cache-Grace
X-Varnish-Server
X-Cache-Expired-At
X-Oneagent-Js-Injection
Accept-Language
X-Cache-Hit
X-Mg-Request-UUID
X-Environment-Context
X-L-Path
Referer-Policy
X-Ratelimit-Remaining
X-EdgeConnect-Cache-Status
X-Restarts
Countrycode
X-NGENIX-Cache
Ms-Operation-Id
MS-CV
X-RTag
X-FW-Version
X-App-Server
Cross-Origin-Window-Policy
X-Cache-Action
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-NYM-Debug-Backend
Backend
Liferay-Portal
X-HTML-Minification-Powered-By
X-COUNTRY
Frame-Options
X-Nginx-Cache
X-ProcessESI
X-RemovedCookies
WP-Super-Cache
Content-Secure-Policy
CF-IPCountry
X-Hyper-Cache
Section-Io-Cache
Upgrade-Insecure-Requests
Meta-Geo
X-Format
X-PCL
X-Cache-Server
X-Redis-Cache
X-OCL
X-APP-VERSION
X-Section
X-RN-RSRV
X-UPSTREAM-Address
X-Access
X-Region
TWC-GeoIP-Country
X-PERF
X-Ua
TWC-Device-Class
TWC-Connection-Speed
Ec-Rule-Version
Apigw-Requestid
X-Content-Age
Mn-Server-Ip
Webcakes-App-Name
Cache-Tv-Group
Property-Id
X-FB-TRIP-ID
TWC-Privacy
X-Cluster-Node
X-Cache-Enabled
X-ApacheServer
X-Origin-Hint
TWC-Locale-Group
X-Detected-As
Webcakes-Region
X-No-Session
X-Generation-Time
TWC-GeoIP-LatLong
Webcakes-App-Version
X-AOL-HN
X-Sql-Duration-Ms
X-Sql-Count
X-Site-Version
Fastly-SSL
X-Status
X-UA-Device-Type
X-Uri
X-Storage
X-Varnish-Cache-Hits
Locale
X-Web-Node
X-Via-Fastly
X-Xfnlog-Site
X-Urbn-Site-Id
S-Rt
X-Generated-By
X-Say-Cacheable
X-Request-Time
X-Hosted-By
X-Origin-Date
X-PHP-Backend
X-Say-TTL
X-SayCDN-TTL
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
X-Server-W
Azure-Version
X-Be
X-Urbn-Context-Path
X-Akamai-Edgescape
X-Mode
X-Rule
CDN-CachedAt
CDN-PullZone
CDN-Cache
X-ProxyCache-Status
CDN-RequestCountryCode
X-Webkit-CSP
CDN-RequestId
Webserver
X-Unique-Id
Eomportal-Instance
X-Forwarded-Host
CDN-Uid
X-BYPASS-REASON
CDN-EdgeStorageId
X-Platform-Server
X-Debug-Cache
X-Nginx-Cache-Key
X-ProxyCache-Key
X-Human
X-Content-Powered-By
X-Cache-Host
X-Cache-Type
X-Cache-Tags
X-ServerID
X-Extlb
X-Varnishpool
X-JoinUs
X-ShardId
X-Zipkin-Id
X-ShopId
X-Tid
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Backend-Name
X-Proxied
X-Alternate-Cache-Key
X-SaId
X-Hl-Ver
X-Routing-Service
X-Adobe-Source
X-Handled-By
X-TT-LOGID
X-Proxy-Build
Selected-Fe
ServedBy
X-Timing-Wait
X-Accel-Buffering
X-PHP-Host
X-Cache-Operation
X-Labrador-Cache-Channel
X-Locale
X-GG-Cache-Date
X-Ratelimit-Limit
X-Cache-Remote
X-AWS-Id
X-VWS-Id
Xserver
X-LJ-Flow-ID
X-VC-Cache
X-LSADC-Cache
X-Rewrite-Enabled
SID
X-NewRelic-App-Data
X-Pubstack
X-Cached-By
X-CDN-Forward
X-Dc
SRV
Web-Mar-Node
X-Proto
X-Edge-Location
Mime-Version
X-Soup
X-Buckets
Fastly-Drupal-Html
X-Datadome
LB
X-Storefront-Renderer-Rendered
X-TA-CDN-Provider
X-GEO
X-Reqid
Country-Code
X-Cms-Context
X-Request-Host
Onion-Location
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-App-Version
X-Microcachable
X-Varnish-Hostname
X-Midtier
X-Origin-CC
Server-Info
X-Origin-TTL
X-GeoCountry
X-GeoCode
Load-Balancing
Cache-Hits
X-Ms-Version
X-Ms-Request-Id
X-Tumblr-Pixel-3
Xet-Cookie
X-Cluster
X-NCache
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-CSRF-Token
X-B3-SpanId
X-Varnish-Hits
DynaTrace
X-Bc-Bl
X-RCS-CacheZone
X-Amz-Apigw-Id
X-Envoy-Decorator-Operation
X-Amzn-RequestId
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Endurance-Cache-Level
X-Varnish-Beresp-Grace
Cache-Name
X-Tx-Id
X-R9-Blue-Green-Version
X-Magnolia-Registration
X-Origin-Response-Time
X-S
X-SD-PageType
X-A-Dcw
X-A-Dgt
X-Session-Fingerprint
X-ScT
X-A-Dam
X-S-Cookie
X-A
X-A-Ccd
X-A-Wwc
X-LAGOON
X-PBS-Appsvrname
X-B-Cookie
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Hash
X-Tenant
X-ARC
X-Webstats-RespID
X-Aed
X-Shop-Environment
X-AK-Request-ID
X-PAYTM-SRV-ID
X-Application
Wxu-Next-Region
Wxu-Next-Hostname
Rendered-Blocks
Fastcgi-X-Cache-Version
Expiry
Sslversion
DCR-Decision-By
DCR-Processing-Time-Ms
Odigeo-Trace-Id
X-Processor
Meta-Geo-Continent
Lang
Host-ID
Mobile-Detection-Method
NM-Fastcgi-Cache
DB-Nickname
Cmstype
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
A
Wxu-Next-Commit
X-Rojux
Apple-News-Services-Request-Url
BehaviorPad-Version
Surrogated-Key
Cmsid
T-Server
Cdnsip
Cdncip
X-Cache-Bucket
X-SRCache-Key
Xc-Version
X-Azure-Ref
X-Vtex-Remote-Cache
X-Epic-Correlation-Id
X-Connection-Hash
X-Esi-Check
X-NodeID
X-Geo-Header
X-External-Request-Id
X-From
X-D
X-Ftr-Request-Id
X-Developers
X-Destination
X-Developer
X-VG-WebCache
X-Ec-Fail
X-Vtex-Processado-Em
X-Vdms-Path
X-Vdms-Version
X-Ec-GeoHdr
X-User
X-Conf
X-Cache-Id
X-NAPM-TraceId
X-Forwarded-Path
X-Orig-Expires
X-Time
X-SRV
X-TIM-N
X-Gzip
X-Cdn-Srv
X-CF-Lambda-Fn
X-TrackingId
X-CF-Lambda-Version
X-Cache-NE
X-Via-NSCOPI
X-DPWN-IS-SECURE
Svr
X-Device-Os
X-Planisys-CDN-TTL
Mail-Subject
X-Ec-Custom-Error
X-Planisys-CDN-Rules
Memcached
X-Fetched-On
Pramga
State
Server-Host
X-Pod-Name
Producers
X-Fastly-Cache
Platform
X-Node-Id
X-Nyt-Route
X-Fmm-Version
X-Loop
X-Amzn-Remapped-Content-Length
X-Cache-Info
X-GeoIP
X-Irp-Debug
X-Clara-WADP
X-Ckpd-Fst-Backend
Locid
X-Hnp-Log
X-Block-Status
X-Cache-Backend
X-Origin
X-Mvc-Supplant-Cachable
X-Origin-Time
X-Origin-Expires
X-Gen-Mode
X-Is-Gdpr
Vix-Hermes-Req-Id
We-Hiring
X-DefElseHash
V-Age
X-DefHash
User-Cache-Control
X-Location
X-Has-Esi
X-Gdpr
X-JWT-State
X-Core-Mission
X-Core-Value
X-Men
Web-Mar-Region
X-Planisys-CDN-Cache
Environment
X-Sigma-Backend
X-Slack-Backend
X-Request-URI
X-SVT-ORM-RULES
X-Sigma
X-Server-IP
AKAMAI
Adler-Geo
Source
X-SB
X-SVT-ORM-VERSION
X-Worker
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Viewer-Country
X-VG-TLSProxy
X-Varnish-CookieHashed-On
X-Variation
X-Wix-Viewer-Type
X-WADP-Cache
X-TNCMS
X-V-Cache
X-Rocket-Build-Number
X-Scheme
Fastly-GeoIP-CountryCode
Is-Eu
X-ZONE
CDN
X-Forwarded-Site
Machine
X-HN
X-Rebelmouse-Cache-Control
X-Cache-Date
X-Branch-Name
X-Gamma-Serve
X-Auto-Login
CDCHOST
X-Csrf-Jwt
Origin-CC
Origin
X-Thinkindot-L3
X-BBC-Edge-Cache-Status
X-Rebelmouse-Surrogate-Control
X-Cdn-Origin
X-VServer
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Qloud-Router
X-Proxy-Upstream
MD5-Digest
L
HostName
X-Datadog-Parent-Id
Kp-EeAlive
X-Srv
N-Cache
Origin-EX
X-Proxy-Cache-Info
Gh-Request-Id
X-Old-Content-Length
X-Eu-Site
X-VarnishDD-TTL
X-Sn-Servicetimems
Ssr
Traceparent
X-CGP
X-Skip-Cache
Arc-Country
Fastcgi-Cache-TTL
Req-Svc-Chain
Cache
PFcat
X-RateLimit-Limit-Second
X-Response-By
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Rocket-Nginx-Serving-Static
Release
Ha-Gx-Prefs
X-GeoIP-City
X-RateLimit-Remaining-Second
Fastly-SIE
X-Policy
Fastly-SWR
X-Aicache-OS
X-Minions-Version
X-Loc
L5d-Success-Class
X-Httpd
X-Region-Sid
HA-Ipaddr
X-Platform
Redirect-Candidate
Cluster
X-Tec-Api-Version
X-Parent-Response-Time
X-CS
X-Tec-Api-Root
X-Tec-Api-Origin
X-Generated-On
X-Level-Front-Cache
X-DW
X-DI
X-DSS
X-CacheTTL
X-Pool
NGX
X-RPS
DSUID
X-Optimistic-Header
X-Dispatcher-Number
X-Served-From
X-RPM
X-DB
X-RSL
CloudFront-Viewer-Country
X-Accel-Expires-Debug
X-Via-Ucdn
Pics-Label
X-SIPLIST1
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-NC
X-TraceId
X-Date
X-VC
Server-Ext
X-EC-Lua
IsBot
X-Scale
Server-Hostname
Sever-Int
X-Refresh
X-Tb-Optimization-Total-Bytes-Saved
Env
Memory
Time
X-Tt-Logid
X-LB-NoCache
X-Owner
Servername
X-Ah-Environment
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-TIME
X-Akamai-Transformed
X-Udemy-Cache-App-Namespace
AMP-Access-Control-Allow-Source-Origin
GEO-INFO
Ms-Author-Via
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Mvc-Supplant-OutputCached
X-Cache-Debug
Ohc-File-Size
X-IPLB-Request-ID
X-Edge-Pop
X-Amz-Meta-Cb-Modifiedtime
Geo-Info
X-Newrelic-Synthetics
Datacenter
X-Varnish-Ttl
Cache-Key
X-API-Version
X-BCube-Filmed-By
X-Ad-Defer-Variation
Candidate-Md5Url
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-Xrds-Location
CacheControlHeader
CPC-Age
XM
X-Servedbyhost
X-SplitTest
X-Cache-ASPX
CPC-Cache
X-Via-Popv
VNS-Cache
X-Via-Poph
X-Contensis-Viewer-Groups
VNS-Age
X-Generated-In
X-Via-Popn
X-WA-Info
X-S-Maxage
X-HA-Backend
Fastly-Backend-Name
True-Client-Country-4JS
X-Trace-ID
ITXSESSIONID
X-Action
X-Varnish-Authentication
X-TH-Server
GeoIp-Country-Code
X-RateLimit-Reset
X-VCL-Version
X-Backend-TTL
X-DC
Client
X-Micro-Cache
X-Cache-Status-Check
Path
Geoip-Latitude
FSS-Cache
X-Vc
X-AIR-PT
X-CACHE-KEY
Server-ID
X-Webkit-Csp-Report-Only
X-VHOST
X-Varnish-Beresp-TTL
Edge-Cache
Cache-Host
X-Req
X-Cs
X-Provided-By
X-Presslabs-Stats
Lb
Ngx.Var.Host
My-App
Hostname
Ohc-Cache-HIT
True-Client-IP
X-Fpc
X-Zone
X-Origin-Upstream-Status
X-Dynatrace
X-Up
X-Api-Version
X-Proxy-CacheRZ
NtCoent-Length
XkeyRZ
X-Clientip
X-Pass-Why
X-FireWall-Port
X-TX-ID
X-LB-ID
X-PX
X-Traceid
DataCenter
Powered-By
Test
X-Varnish-Beresp-Ttl
X-Cdn-Request-ID
X-FPC
X-B3-Spanid
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-CSRF-TOKEN
X-Li-Fabric
X-Li-Pop
X-LI-UUID
OT-Force-Account-Verify
X-Correlation-ID
X-ND-Cache
User-Agent
WZWS-RAY
X-UnsetCookies
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Node
X-Beluga-Record
X-Beluga-Cache-Status
X-Webkit-CSP-Report-Only
X-MSEdge-Features
X-Dmc
X-MSEdge-Flight
X-Render-Time
X-Time-Microsecs
X-Vcl-Version
X-INCAP-ABP
Proxy-Connection
Server-Id
X-CUA
X-CLOUD-TRACE-CONTEXT
C-Via
X-HS-Status
X-Platform-Cluster
Target-Params
Tracecode
Rip
GeoIP-Latitude
Srvid
X-Via-PopH
Cf-Device-Type
X-Platform-Processor
X-Via-PopV
X-Via-PopN
X-B3-Traceid-Primal
X-Ha-Backend
X-URL
X-Fragments
X-RAMCache
X-Platform-Router
GeoIP-Country-Code
X-Geo
X-Azure-Ref-OriginShield
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
Resin-Trace
Tube-Got-Eval
Tube-Got-Results
Tube-Get-Contents
X-Fastly-Backend
Uri
X-ServedByHost
Lfy
Sid
X-FC-Vary-Parameters
Tube-Return
X-Sucuri-Cache
X-Sucuri-ID
X-Var-Ttl
Click-Count-Error
Click-Count-Action-Start
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Service
X-Gateway-Request-Id
X-ATG-Version
X-Gateway-Cache-Status
MIME-Version
X-Proxy-Cache-Hk
X-M-Reqid
X-Alfa-Service
X-SERVER-NAME
X-Qnm-Cache
X-M-Log
X-CCDN-CacheTTL
Epwk-X-Cache
X-Fetch-By
Esi-Enabled
X-CCDN-Origin-Time
X-LI-Proto
X-Hcs-Proxy-Type
X-TRACE-ID
Fastly-Drupal-HTML
On-Server
X-Backend-Host
X-Edge-POP
HIT
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Li-Proto
Srv
Section-Io-Origin-Status
Magicmarker
X-Varnish-Beresp-Status
ENV
X-NU-AKA-ACS-Version
X-DynaTrace-JS-Agent
Section-Io-Id
X-Fastly-Backend-Reqs
X-LiteSpeed-Cache-Control
Cdn
X-Esi
XServer
X-App
X-Backend-State
X-Cdn-Forward
X-Cache-Expires
X-MG-S
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Newrelic-App-Data
Server-Ttl
X-Yottaa-OS
ServerName
X-Request-Start
PICS-Label
CF-Cached-On
Tcn
X-Cache-CFC
X-APP
X-Lb-Nocache
X-ElasticPress-Query
X-Acquia-Application-Trace
Cf-Ipcountry
X-Iplb-Instance
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
D-Url-Rewrites
X-Acquia-Site
X-Nc
Wpo-Cache-Message
X-Bip
Wpo-Cache-Status
X-Iplb-Request-Id
X-BBC-Origin-Response-Status
X-Serial
X-Thanos
Inserted-Into-Cache-At
Servedby
X-HostName
Warning
Fastcgi-Cache-Ttl
True-Client-Ip
X-Vercel-Cache
X-Vercel-Id
Hit
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Akamai-Request-ID
X-Th-Server
X-Release
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Cneonction
Ngx
X-Request-Url
X-Dist-Code
X-Snapshot-Date
X-B3-Parentspanid
X-Swift-Error
Content-Style-Type
X-Back
X-Storefront-Renderer-Verified
X-CF-Powered-By
Content-Script-Type
X-Dw-Trace-Id
CountryCode
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Tag
X-Request-URL