Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Rq
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
X-LiteSpeed-Cache
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
Allow
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
Cf-Edge-Cache
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Rating
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Url
X-Trace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-MS-InvokeApp
X-TtlSet
X-PC
X-Vname
X-Rack-Cache
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-VARITI-CCR
X-Content-Type
X-B3-TraceId
Accept-Ch
Cache-Tag
X-Vcap-Request-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Amz-Rid
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Amz-Server-Side-Encryption
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cnection
X-Ac
X-Px
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-Cache-TTL
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Ser
Service-Worker-Allowed
X-Edge
X-Version
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Response
X-Middleton-Response
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-Ruxit-Js-Agent
X-Kinsta-Cache
X-Webkit-Csp
AR-CACHE
AR-ATIME
X-TTL
AR-Request-ID
AR-SID
AR-PoweredBy
X-Correlation-Id
SPIisLatency
SPRequestDuration
X-Upstream
X-Edge-Location-Klb
X-Ttl
X-NWS-LOG-UUID
X-RateLimit-Limit
X-LLID
X-Cached
X-Cache-Key
X-Powered-CMS
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Edge-Cache-Tag
X-Litespeed-Cache
X-SharePointHealthScore
SPRequestGuid
Nginx-Cache
TCN
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
Content-MD5
X-MSEdge-Ref
X-Id
X-Content-Security-Policy-Report-Only
MS-Author-Via
X-Shield-Request-Id
X-Daa-Tunnel
X-T
X-B3-TraceId-Primal
X-Recruiting
S
X-DataDome
X-Content-Digest
X-Mg-S
X-TEC-API-VERSION
X-Ua-Device
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Protected-By
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Frontend
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-Accel-Expires
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
X-Ua-Browser
X-Content
X-Ab
X-Request-Received
Front-End-Https
X-Grace
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Filters
X-Server-ID
X-ECACHE
X-ORACLE-DMS-ECID
Fastcgi-Cache
X-Mid
X-PressLabs-Stats
X-ORACLE-DMS-RID
X-Hits
X-Origin-Server
TP-Cache
X-DynaTrace
TP-L2-Cache
X-Distributor
X-Geo-Country
X-Debug-Info
X-Amzn-Trace-Id
X-Tt-Trace-Host
Charset
X-Tt-Trace-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Cleartype
X-Page-Id
Host
X-F-Cache
X-DIS-Request-ID
X-Git-Hash
X-Ratelimit-Reset
X-Microsite
X-Request-Handler-Origin-Region
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Www-Served-By
X-LB-Cache
X-Forwarded-Proto
Access-Control-Allow-Method
ServerID
X-Cache-Age
X-Seen-By
Cache-Tags
X-AppVersion
X-Az
X-Aspnetmvc-Version
X-Activity-Id
X-Cluster-Name
Cache-Status
Accept-Charset
X-Varnish-Age
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Realpath
Filterid
X-Language
Server-Name
X-Rid
X-Content-Options
X-Type
X-Nginx-Upstream-Cache-Status
X-App-Environment
X-WebKit-CSP-Report-Only
X-Upgrade-Enabled
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Viewport
Node
Country
X-Mobile-URL
X-Fastly-Request-ID
X-Varnish-Grace
X-Tb
X-MCACHE
X-NWS-UUID-VERIFY
X-User-Agent
X-Aspnet-Duration-Ms
Retry-After
DC
Paypal-Debug-Id
X-Flags
X-Wix-Request-Id
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-B-Cache
X-FB-Debug
X-Signature
X-Origin-Cache
X-Is-Crawler
X-Drupal-Cache-Tags
X-Whom
X-TT
Protected
X-Varnish-Backend
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Storage-Class
X-VCache
Fastcgi-Useragent
X-Via-JSL
X-XRDS-LOCATION
X-B
X-Cache-NGX
X-Fastcgi-Cache
X-Amz-Replication-Status
X-Debug
Payment
X-Contextid
X-Logged-In
X-N
X-Mcache
X-Load-Cache
WPO-Cache-Status
WPO-Cache-Message
Surrogate-Key
X-FW-Server
X-FW-Dynamic
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Static
Amp-Access-Control-Allow-Source-Origin
X-Template
X-Fastly-Request-Id
X-Cache-Control
X-Amz-Meta-S3cmd-Attrs
Count-Hit
X-Node-Name
X-Hostname
X-XRDS-Location
Healthy
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-Proxy
Akamai-GRN
Content-Disposition
Refresh
X-Zen-Fury
VIX-Pulpo-Node
Uber-Trace-Id
X-Jobs
X-Is-Bot
X-G
X-Cache-Time
X-Akamai-Request-ID2
VIX-Pulpo-Upstream-Status
X-Revision
X-Real-IP
X-UUID
X-Rendered-As
X-Adobe-Content
X-Framework
X-Cache-TTL-Remaining
X-Mobile
X-Cacheable-TTL
X-Http-Reason
X-Page-View
X-Adobe-Loc
Alternate-Protocol
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Trace-Id
X-Drupal-Cache-Contexts
X-Instance
Permissions-Policy
X-Debug-IsConnected
NGB
X-Proxy-Cache-Status
X-Device-Type
X-Debug-IsPreview
Access-Control-Request-Headers
X-IPLB-Instance
Url
X-ECache
X-Servername
X-Source
X-B3-Traceid
X-Parallel-Accel
From-Origin
X-Cache-Grace
Version
X-Cache-Rule
X-Vgn-Hpd-Reason
X-Varnish-Server
X-Mg-Request-UUID
X-Oneagent-Js-Injection
X-Cache-Hit
Accept-Language
X-Environment-Context
X-L-Path
X-Cache-Expired-At
X-Restarts
X-NGENIX-Cache
X-EdgeConnect-Cache-Status
Referer-Policy
Countrycode
Ms-Operation-Id
X-RTag
MS-CV
X-App-Server
X-FW-Version
Cross-Origin-Window-Policy
X-HTML-Minification-Powered-By
X-IPS-LoggedIn
Frame-Options
X-NYM-Debug-Backend
Liferay-Portal
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-COUNTRY
X-Cache-Action
Backend
X-Nginx-Cache
X-RemovedCookies
X-ProcessESI
Content-Secure-Policy
WP-Super-Cache
CF-IPCountry
X-OCL
Meta-Geo
X-PCL
Upgrade-Insecure-Requests
X-Redis-Cache
X-RN-RSRV
X-Cache-Server
X-UPSTREAM-Address
Section-Io-Cache
X-Content-Age
Fastly-SSL
Cache-Tv-Group
Apigw-Requestid
Ec-Rule-Version
X-Access
X-APP-VERSION
X-Hyper-Cache
X-Generation-Time
X-Format
X-Cache-Enabled
X-FB-TRIP-ID
X-Detected-As
X-Cluster-Node
X-No-Session
X-Ua
X-Section
X-Server-W
Azure-Version
X-Site-Version
Azure-SlotName
X-Sql-Duration-Ms
Azure-SiteName
X-Sql-Count
X-PHP-Backend
Webserver
X-Human
X-Hosted-By
X-Origin-Hint
X-Generated-By
X-PERF
X-Origin-Date
Azure-InstanceId
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
X-Uri
X-Akamai-Edgescape
Webcakes-Region
TWC-Device-Class
X-ApacheServer
Mn-Server-Ip
X-Be
Locale
X-Via-Fastly
Property-Id
S-Rt
X-Urbn-Site-Id
TWC-Connection-Speed
X-Urbn-Context-Path
Azure-RegionName
X-AOL-HN
X-Say-TTL
X-Say-Cacheable
X-Request-Time
X-Region
X-Ratelimit-Remaining
X-SayCDN-TTL
X-UA-Device-Type
X-Varnish-Cache-Hits
X-Web-Node
X-Mode
X-Storage
X-Content-Powered-By
X-Platform-Server
CDN-Uid
CDN-RequestId
CDN-PullZone
CDN-RequestCountryCode
Eomportal-Instance
X-Cache-Host
X-Forwarded-Host
X-Nginx-Cache-Key
X-Cache-Tags
X-Adobe-Source
X-Status
X-Unique-Id
CDN-EdgeStorageId
X-Xfnlog-Site
X-ProxyCache-Status
X-Debug-Cache
X-Webkit-CSP
CDN-CachedAt
X-BYPASS-REASON
CDN-Cache
X-ProxyCache-Key
X-ShardId
X-Rule
X-ShopId
X-JoinUs
X-Hl-Ver
X-Handled-By
X-ServerID
X-Alternate-Cache-Key
X-Varnishpool
X-Tid
X-Cache-Type
X-Backend-Name
X-Routing-Service
X-Proxied
X-SaId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Zipkin-Id
X-Extlb
X-Shopify-Stage
X-GG-Cache-Date
X-Proxy-Build
ServedBy
X-Labrador-Cache-Channel
X-TT-LOGID
X-NewRelic-App-Data
X-Timing-Wait
X-Locale
X-PHP-Host
Selected-Fe
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-VC-Cache
X-Accel-Buffering
X-Dc
X-Cache-Operation
X-Datadome
X-Cache-Remote
X-Midtier
X-Rewrite-Enabled
X-LSADC-Cache
X-Edge-Location
Xserver
X-Cached-By
X-CDN-Forward
SID
X-Pubstack
X-Cms-Context
X-Soup
X-Proto
SRV
Fastly-Drupal-Html
X-Storefront-Renderer-Rendered
Web-Mar-Node
X-TA-CDN-Provider
X-App-Version
X-Reqid
X-GEO
X-Buckets
Onion-Location
Country-Code
Mime-Version
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Varnish-Hostname
X-Request-Host
Load-Balancing
LB
X-GeoCountry
X-GeoCode
X-Microcachable
Cache-Hits
X-Origin-TTL
X-Ratelimit-Limit
X-Origin-CC
Server-Info
X-Cluster
X-Ms-Request-Id
X-Ms-Version
X-MP-GENERATED-AT
Xet-Cookie
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Varnish-Hits
X-CSRF-Token
X-Envoy-Decorator-Operation
X-Time
X-NCache
X-Magnolia-Registration
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Bc-Bl
X-Air-Hostname
DynaTrace
X-B3-SpanId
X-Air-Trace-Id
X-Air-Source
X-Tx-Id
X-RCS-CacheZone
X-Endurance-Cache-Level
BehaviorPad-Version
X-Destination
X-Cache-NE
X-Ec-Fail
X-Developer
X-Cdn-Srv
X-Connection-Hash
X-Conf
A
X-CF-Lambda-Fn
X-D
X-Ec-GeoHdr
X-CF-Lambda-Version
X-Forwarded-Path
X-LAGOON
X-Ig-Push-State
X-R9-Blue-Green-Version
X-NAPM-TraceId
X-Orig-Expires
X-NodeID
Rendered-Blocks
X-Hash
X-External-Request-Id
X-Esi-Check
X-From
X-Ftr-Request-Id
X-Gzip
X-Geo-Header
X-Epic-Correlation-Id
Cdnsip
X-A-Ccd
X-A
Lang
Host-ID
X-A-Dam
X-A-Dgt
X-A-Dcw
Meta-Geo-Continent
Mobile-Detection-Method
Sslversion
Pramga
Surrogated-Key
Odigeo-Trace-Id
T-Server
NM-Fastcgi-Cache
X-A-Wwc
X-Aed
Cmstype
DB-Nickname
Cmsid
X-Cache-Bucket
Cdncip
X-Origin-Response-Time
DCR-Decision-By
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-AK-Request-ID
X-Application
Expiry
X-B-Cookie
X-ARC
X-Cache-Id
X-HS-Content-Campaign-Id
X-Shop-Environment
X-SRCache-Key
X-Tenant
X-TIM-N
X-Session-Fingerprint
X-SD-PageType
X-S
X-S-Cookie
X-ScT
X-Varnish-Beresp-Grace
X-User
X-Vtex-Remote-Cache
X-Webstats-RespID
Xc-Version
Cache-Name
X-Vtex-Processado-Em
X-VG-WebCache
X-Vdms-Path
X-Vdms-Version
X-SRV
X-Rojux
X-TrackingId
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Varnish-Ttl
Source
X-Azure-Ref
X-ZONE
X-Cache-Info
X-Core-Mission
X-Ec-Custom-Error
X-Device-Os
X-Origin
X-Origin-Time
X-Nyt-Route
X-WADP-Cache
X-Block-Status
X-Wix-Viewer-Type
X-Amzn-Remapped-Content-Length
Fastly-GeoIP-CountryCode
Wxu-Next-Region
X-Worker
MD5-Digest
Wxu-Next-Commit
X-Sigma-Backend
X-Sigma
Svr
State
X-SVT-ORM-RULES
Server-Host
X-SVT-ORM-VERSION
X-Rocket-Build-Number
X-Node-Id
We-Hiring
Web-Mar-Region
X-Viewer-Country
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
X-Fetched-On
Wxu-Next-Hostname
X-VG-TLSProxy
X-RateLimit-Limit-Second
X-DPWN-IS-SECURE
X-Server-IP
X-Developers
X-Hnp-Log
X-DefElseHash
X-DefHash
X-Slack-Backend
X-Has-Esi
X-RateLimit-Remaining-Second
X-GeoIP
X-Request-URI
X-Gen-Mode
X-Fmm-Version
X-Fastly-Cache
X-Scheme
X-SB
X-Core-Value
X-Planisys-CDN-TTL
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Planisys-CDN-Rules
X-Cache-Backend
X-Planisys-CDN-Cache
X-Gdpr
X-Location
X-Variation
X-V-Cache
X-Clara-WADP
X-TNCMS
X-Irp-Debug
X-Ckpd-Fst-Backend
X-Origin-Expires
X-JWT-State
X-Is-Gdpr
X-Mvc-Supplant-Cachable
X-Loop
Machine
Adler-Geo
Apple-News-Services-Request-Url
Cache
Memcached
Is-Eu
Mail-Subject
AKAMAI
Producers
Apple-News-Services-Parsed-Url
Platform
Environment
Apple-News-Services-Handled
Apple-News-Services-Host
X-Skip-Cache
X-Httpd
X-Xrds-Location
Traceparent
HostName
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Level-Front-Cache
X-CGP
X-Served-From
X-BBC-Edge-Cache-Status
X-Datadog-Sampling-Priority
X-HN
X-Datadog-Trace-Id
X-VarnishDD-TTL
TDXMobile
X-Forwarded-Site
X-Proxy-Cache-Info
X-Proxy-Upstream
Thinkindot-CacheControl-Type
X-Policy
X-Pod-Name
X-Gamma-Serve
X-Generated-On
X-Qloud-Router
Ssr
X-Region-Sid
X-Platform
X-VServer
Thinkindot-Control
X-Rebelmouse-Surrogate-Control
X-GeoIP-City
X-Rebelmouse-Cache-Control
X-Eu-Site
X-Thinkindot-L3
CDCHOST
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
Gh-Request-Id
X-Sn-Servicetimems
Arc-Country
X-Cache-Date
X-Men
X-Minions-Version
CloudFront-Viewer-Country
Redirect-Candidate
PFcat
X-Srv
N-Cache
X-Via-NSCOPI
Locid
X-CacheTTL
X-Dispatcher-Number
X-Aicache-OS
X-Loc
Origin-EX
Cluster
Origin-CC
X-Rocket-Nginx-Serving-Static
Release
X-Cdn-Origin
Req-Svc-Chain
Thinkindot-CacheControl
Origin
X-Branch-Name
Fastly-SIE
X-Pool
Kp-EeAlive
X-Auto-Login
Fastcgi-Cache-TTL
L
Fastly-SWR
X-Tec-Api-Version
X-Tec-Api-Root
CDN
X-Tec-Api-Origin
X-Old-Content-Length
X-Optimistic-Header
X-SIPLIST1
Server-Ext
X-Response-By
X-Scale
NGX
DSUID
Server-Hostname
Sever-Int
X-Parent-Response-Time
X-Via-Ucdn
IsBot
X-EC-Lua
X-WP-CF-Super-Cache-Cache-Control
X-CS
X-IPLB-Request-ID
X-VC
Pics-Label
X-Owner
X-RSL
X-RPS
X-DI
X-DW
X-WP-CF-Super-Cache
X-RPM
X-Refresh
X-DB
X-DSS
Ohc-File-Size
X-TraceId
X-NC
Time
Memory
X-Tt-Logid
X-Tb-Optimization-Total-Bytes-Saved
X-Ah-Environment
X-Newrelic-Synthetics
X-LB-NoCache
X-Date
X-Accel-Expires-Debug
Servername
X-Akamai-Transformed
Ms-Author-Via
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Reset
Datacenter
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Edge-Pop
X-Generated-In
X-BCube-Filmed-By
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Mvc-Supplant-OutputCached
Cache-Key
Candidate-Md5Url
X-Ad-Defer-Variation
Env
X-Udemy-Cache-App-Namespace
X-Cache-Debug
CPC-Cache
X-SplitTest
XM
GEO-INFO
VNS-Cache
Geo-Info
CPC-Age
VNS-Age
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Amz-Meta-Cb-Modifiedtime
X-TIME
X-API-Version
X-Servedbyhost
X-Varnish-Authentication
ITXSESSIONID
X-WA-Info
Fastly-Backend-Name
X-Via-Popn
X-Via-Popv
X-Via-Poph
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-Cache-Status-Check
Fusion-Content-Id
Fusion-Component-Id
X-Micro-Cache
GeoIp-Country-Code
X-HA-Backend
X-S-Maxage
CacheControlHeader
Path
X-AIR-PT
X-TH-Server
Client
True-Client-Country-4JS
X-CACHE-KEY
X-Action
X-VCL-Version
Server-ID
Cache-Host
Ohc-Cache-HIT
X-Backend-TTL
X-Vc
Lb
Geoip-Latitude
X-Cs
X-VHOST
Ngx.Var.Host
FSS-Cache
X-DC
X-Trace-ID
X-Varnish-Beresp-TTL
X-Webkit-CSP-Report-Only
X-Correlation-ID
X-Presslabs-Stats
X-Req
True-Client-IP
Hostname
Edge-Cache
X-Api-Version
XkeyRZ
X-Proxy-CacheRZ
X-Provided-By
X-Clientip
X-Fpc
My-App
Powered-By
X-Webkit-Csp-Report-Only
X-Pass-Why
X-FireWall-Port
X-Zone
X-TX-ID
X-Origin-Upstream-Status
X-B3-Spanid
X-Up
NtCoent-Length
X-PX
X-Traceid
X-Varnish-Beresp-Ttl
Test
X-LB-ID
X-FPC
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
DataCenter
X-Dmc
X-Cdn-Request-ID
X-CSRF-TOKEN
X-Dynatrace
X-MSEdge-Features
X-MSEdge-Flight
X-Beluga-Record
X-Render-Time
X-UnsetCookies
X-Beluga-Status
X-Beluga-Trace
X-HS-Status
X-LI-UUID
X-Beluga-Response-Time
X-Beluga-Node
X-Vcl-Version
X-INCAP-ABP
X-Beluga-Cache-Status
X-Li-Fabric
X-Li-Pop
User-Agent
X-ND-Cache
Rip
Proxy-Connection
C-Via
Server-Id
OT-Force-Account-Verify
WZWS-RAY
X-Check-Cacheable
X-TRACE-ID
X-CLOUD-TRACE-CONTEXT
Tube-Got-Results
GeoIP-Latitude
X-Service
MIME-Version
Tube-Got-Eval
X-CUA
X-Time-Microsecs
GeoIP-Country-Code
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
Tube-Return
X-URL
X-Gateway-Request-Id
X-Gateway-Cache-Key
Srvid
X-Alfa-Service
Click-Count-Action-Start
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Ha-Backend
Click-Count-Error
X-B3-Traceid-Primal
Tube-Get-Contents
X-RAMCache
X-Geo
X-Platform-Processor
HIT
Esi-Enabled
X-Platform-Router
X-Platform-Cluster
Uri
X-M-Reqid
X-M-Log
X-ServedByHost
Target-Params
Tracecode
X-Fragments
Cf-Device-Type
Sid
X-Qnm-Cache
X-DynaTrace-JS-Agent
X-Akamai-Pragma-Client-IP
Resin-Trace
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Epwk-X-Cache
Lfy
ENV
X-Proxy-Cache-Hk
On-Server
X-LI-Proto
X-FC-Vary-Parameters
X-Fastly-Backend
X-Sucuri-ID
X-Sucuri-Cache
X-Azure-Ref-OriginShield
Cdn
X-ATG-Version
Srv
X-Var-Ttl
X-Fastly-Backend-Reqs
X-Fetch-By
Fastly-Drupal-HTML
X-Backend-Host
X-LiteSpeed-Cache-Control
X-Esi
X-Cdn-Forward
X-Li-Proto
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Cache-Expires
Section-Io-Id
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Backend-State
X-APP
X-Edge-POP
Magicmarker
X-App
XServer
X-Srcache-Store-Status
X-MG-S
X-Srcache-Fetch-Status
X-Newrelic-App-Data
X-Lb-Nocache
X-Nc
ServerName
X-ElasticPress-Query
Tcn
Inserted-Into-Cache-At
CF-Cached-On
X-Yottaa-OS
PICS-Label
X-Request-Start
X-Iplb-Request-Id
Wpo-Cache-Message
Wpo-Cache-Status
Cf-Ipcountry
X-Iplb-Instance
D-Url-Rewrites
X-Acquia-Application-Trace
X-Vcache
X-Serial
X-Acquia-Purge-Tags
X-Cache-CFC
Server-Ttl
X-Acquia-Site
X-Acquia-Application-UUID
X-HostName
Warning
Servedby
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Snapshot-Date
X-Fastly-Cache-Hits
X-Dist-Code
Fastcgi-Cache-Ttl
Ngx
X-Storefront-Renderer-Verified
X-Bip
True-Client-Ip
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
M-TraceId
X-Vercel-Id
X-Request-Url
X-Vercel-Cache
Cneonction
X-BBC-Origin-Response-Status
X-Shopify-Generated-Cart-Token
Content-Style-Type
X-IN-APIGATEWAY
Content-Script-Type
X-B3-Parentspanid
X-Request-URL
CountryCode
X-IN-APIGATEWAYSSL
X-LiteSpeed-Tag
X-Thanos
X-CF-Powered-By
X-Release
X-Litespeed-Cache-Control
X-Th-Server
X-Swift-Error
X-Back
X-Dw-Trace-Id