Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
X-LiteSpeed-Cache
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
Allow
X-Cache-Spec
X-Device
X-OneAgent-JS-Injection
X-WebKit-CSP
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
Accept-CH
X-Backend-Server
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Cf-Edge-Cache
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-Trace
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-MS-InvokeApp
X-Vname
X-TtlSet
X-PC
X-Rack-Cache
X-Server-Name
X-Ruxit-JS-Agent
X-Clacks-Overhead
RTSS
Edge-Control
X-ESI
X-VARITI-CCR
X-B3-TraceId
X-Content-Type
Cache-Tag
X-Vcap-Request-Id
X-Varnish-TTL
X-Amz-Rid
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cnection
X-Ac
X-Px
Accept-Ch
X-D2id
X-Element-Page-Cache
X-RateLimit-Remaining
Verso
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-Cache-TTL
X-Ser
X-Middleton-Display
X-Edge
Display
Pagespeed
X-Sol
Service-Worker-Allowed
X-Ruxit-Js-Agent
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
Access-Control-Request-Method
X-NF-Request-ID
X-Ttl
X-FastCGI-Cache
X-Correlation-Id
X-Goog-Hash
X-Webkit-Csp
AR-PoweredBy
AR-CACHE
AR-SID
AR-Request-ID
X-Kinsta-Cache
AR-ATIME
SPIisLatency
SPRequestDuration
X-Upstream
X-Edge-Location-Klb
X-NWS-LOG-UUID
X-LLID
X-Cached
X-RateLimit-Limit
X-Powered-CMS
X-Litespeed-Cache
Edge-Cache-Tag
X-Cache-Key
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
SPRequestGuid
Nginx-Cache
X-SharePointHealthScore
X-TTL
TCN
X-Forwarded-For
Mrf-Cache-Status
MRF-Tech
Content-MD5
X-MSEdge-Ref
X-Id
X-Content-Security-Policy-Report-Only
MS-Author-Via
X-Shield-Request-Id
X-Daa-Tunnel
X-T
X-B3-TraceId-Primal
X-Recruiting
S
X-DataDome
X-Content-Digest
X-Ua-Device
X-Mg-S
X-Protected-By
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-SRCache-Fetch-Status
X-Frontend
X-SRCache-Store-Status
X-Ezoic-Cdn
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-Ab
X-Content
Server-Node
X-Ua-Browser
X-Accel-Expires
X-Request-Received
X-Request-Processing-Time
X-Grace
X-Yandex-Sdch-Disable
Front-End-Https
Filters
X-Server-ID
X-ECACHE
X-ORACLE-DMS-ECID
X-Mid
Fastcgi-Cache
X-PressLabs-Stats
X-ORACLE-DMS-RID
X-Origin-Server
TP-Cache
TP-L2-Cache
X-DynaTrace
X-Distributor
X-Geo-Country
X-Hits
X-Debug-Info
Pinterest-Version
X-Pinterest-Rid
Charset
Pinterest-Generated-By
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
Host
Cleartype
X-Ratelimit-Reset
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Microsite
Cross-Origin-Opener-Policy
X-F-Cache
X-Git-Hash
X-B3-Sampled
X-Page-Id
X-Www-Served-By
X-LB-Cache
Access-Control-Allow-Method
X-Forwarded-Proto
X-Cache-Age
ServerID
Cache-Tags
X-WebKit-CSP-Report-Only
X-Aspnetmvc-Version
X-Activity-Id
X-Seen-By
X-Az
X-AppVersion
X-Cluster-Name
Cache-Status
Accept-Charset
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Age
Realpath
Filterid
X-Language
Server-Name
X-Rid
X-Content-Options
X-Type
X-XRDS-LOCATION
X-Fastcgi-Cache
X-Nginx-Upstream-Cache-Status
X-Oracle-Dms-Ecid
X-App-Environment
X-Upgrade-Enabled
Country
X-Mobile-URL
Node
X-Oracle-Dms-Rid
X-Tb
Viewport
X-NWS-UUID-VERIFY
X-MCACHE
X-User-Agent
X-FB-Debug
X-Varnish-Grace
DC
Paypal-Debug-Id
Protected
X-Whom
X-Drupal-Cache-Tags
X-B-Cache
Retry-After
X-TT
X-Signature
X-Origin-Cache
X-Oneagent-Js-Injection
X-Varnish-Backend
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Wix-Request-Id
X-Via-JSL
X-VCache
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-B
Fastcgi-Useragent
X-Fastly-Request-ID
X-Amz-Replication-Status
X-Fastly-Request-Id
X-Cache-NGX
X-Debug
Payment
X-Mcache
X-Contextid
X-N
X-Logged-In
X-Load-Cache
WPO-Cache-Message
WPO-Cache-Status
Surrogate-Key
X-Template
X-Webkit-CSP
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Serve
X-Cache-Control
X-Amz-Meta-S3cmd-Attrs
Count-Hit
X-Hostname
X-Node-Name
X-XRDS-Location
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Amp-Access-Control-Allow-Source-Origin
Healthy
X-Erf-Bev-Bev
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
Refresh
X-Proxy
Akamai-GRN
Content-Disposition
X-Jobs
X-Revision
X-G
Uber-Trace-Id
VIX-Pulpo-Node
X-Cache-Time
VIX-Pulpo-Upstream-Status
X-Zen-Fury
X-Cache-TTL-Remaining
X-Akamai-Request-ID2
X-Framework
X-Real-IP
X-UUID
X-Mobile
X-Adobe-Content
X-Adobe-Loc
NGB
Permissions-Policy
X-Trace-Id
X-Debug-IsConnected
X-Rendered-As
X-Proxy-Cache-Status
X-Device-Type
X-Debug-IsPreview
X-Cacheable-TTL
X-Is-Bot
X-Http-Reason
X-Drupal-Cache-Contexts
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Instance
Access-Control-Request-Headers
Url
Alternate-Protocol
X-Page-View
X-Source
X-IPLB-Instance
X-ECache
X-Servername
From-Origin
X-B3-Traceid
X-Parallel-Accel
Version
X-Cache-Rule
X-Cache-Grace
X-Vgn-Hpd-Reason
X-Varnish-Server
X-Mg-Request-UUID
X-L-Path
X-Environment-Context
X-Cache-Expired-At
X-Cache-Hit
Accept-Language
X-Restarts
X-NGENIX-Cache
X-EdgeConnect-Cache-Status
Referer-Policy
X-RTag
Countrycode
Ms-Operation-Id
MS-CV
X-App-Server
Cross-Origin-Window-Policy
X-FW-Version
X-IPS-LoggedIn
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-HTML-Minification-Powered-By
X-Tumblr-Pixel
Liferay-Portal
Frame-Options
X-COUNTRY
X-NYM-Debug-Backend
X-Cache-Action
Backend
X-Nginx-Cache
X-RemovedCookies
Content-Secure-Policy
X-ProcessESI
WP-Super-Cache
X-UPSTREAM-Address
Meta-Geo
X-RN-RSRV
X-PCL
Upgrade-Insecure-Requests
CF-IPCountry
X-OCL
X-Cache-Server
Cache-Tv-Group
X-Generation-Time
X-Ua
X-Access
X-Format
X-No-Session
X-FB-TRIP-ID
Ec-Rule-Version
X-Section
X-Redis-Cache
X-Cluster-Node
X-APP-VERSION
X-Cache-Enabled
Apigw-Requestid
Section-Io-Cache
X-Origin-Hint
X-Request-Time
X-Region
X-Mode
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
X-PERF
X-PHP-Backend
TWC-Privacy
X-Server-W
X-Storage
Webserver
TWC-GeoIP-Country
X-Uri
Azure-Version
S-Rt
X-ApacheServer
TWC-Locale-Group
X-Via-Fastly
Fastly-SSL
X-Akamai-Edgescape
TWC-GeoIP-LatLong
Azure-RegionName
X-AOL-HN
TWC-Device-Class
Azure-SiteName
X-Ratelimit-Remaining
Azure-SlotName
TWC-Connection-Speed
X-UA-Device-Type
Azure-InstanceId
X-Origin-Date
Mn-Server-Ip
X-Varnish-Cache-Hits
Property-Id
X-Hosted-By
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestId
Locale
X-Human
X-Content-Powered-By
X-BYPASS-REASON
X-Urbn-Context-Path
CDN-Uid
Eomportal-Instance
CDN-Cache
CDN-RequestCountryCode
CDN-CachedAt
X-Xfnlog-Site
X-Unique-Id
X-Urbn-Site-Id
X-Be
X-Cache-Host
X-Generated-By
X-Nginx-Cache-Key
X-Forwarded-Host
X-Site-Version
X-Status
X-Web-Node
X-Hyper-Cache
X-Debug-Cache
X-ProxyCache-Status
X-Say-Cacheable
X-ProxyCache-Key
X-SayCDN-TTL
X-Say-TTL
X-Extlb
X-Backend-Name
X-Hl-Ver
X-Shopify-Stage
X-Detected-As
X-Routing-Service
X-Sorting-Hat-PodId
X-ServerID
X-ShardId
X-ShopId
X-SaId
X-Tid
X-Adobe-Source
X-Rule
X-Cache-Type
X-Proxied
X-Content-Age
X-Platform-Server
X-Zipkin-Id
X-Cache-Tags
X-Varnishpool
X-Sorting-Hat-ShopId
X-JoinUs
X-Alternate-Cache-Key
X-Sql-Count
X-Sql-Duration-Ms
X-Handled-By
X-Locale
X-NewRelic-App-Data
X-TT-LOGID
X-GG-Cache-Date
X-Labrador-Cache-Channel
X-Timing-Wait
X-PHP-Host
X-Proxy-Build
ServedBy
Selected-Fe
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Accel-Buffering
X-Dc
X-VC-Cache
X-Cache-Operation
X-Cache-Remote
X-Datadome
X-LSADC-Cache
X-Midtier
X-Rewrite-Enabled
X-Edge-Location
X-CDN-Forward
Xserver
SID
X-Soup
X-Pubstack
SRV
X-Storefront-Renderer-Rendered
X-Proto
X-Cached-By
X-TA-CDN-Provider
X-Cms-Context
X-App-Version
Web-Mar-Node
X-Reqid
X-Buckets
Onion-Location
Mime-Version
Fastly-Drupal-Html
X-Varnish-Ttl
Country-Code
X-GeoCountry
X-Varnish-Hostname
LB
X-GeoCode
Load-Balancing
X-Microcachable
X-GEO
Decoy-Debug-Key
X-Request-Host
X-Ratelimit-Limit
X-Origin-TTL
Decoy-Debug-Status
Decoy-Debug-TTL
Cache-Hits
X-Origin-CC
Server-Info
X-Cluster
X-Ms-Version
X-Varnish-Hits
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Ms-Request-Id
X-CSRF-Token
X-Envoy-Decorator-Operation
Xet-Cookie
X-Time
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Magnolia-Registration
X-NCache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Bc-Bl
X-B3-SpanId
X-Air-Hostname
X-Air-Trace-Id
DynaTrace
X-Air-Source
X-RCS-CacheZone
X-Endurance-Cache-Level
Rendered-Blocks
X-Shop-Environment
X-Session-Fingerprint
X-ScT
Pramga
Odigeo-Trace-Id
X-Rojux
X-S
X-S-Cookie
X-SD-PageType
X-Tenant
X-From
X-Ftr-Request-Id
Cmsid
X-Vdms-Path
X-Vdms-Version
T-Server
Surrogated-Key
X-Geo-Header
X-SRCache-Key
X-TIM-N
X-TrackingId
X-User
Sslversion
X-Gzip
DCR-Processing-Time-Ms
DCR-Decision-By
Expiry
Fastcgi-X-Cache-Version
X-D
BehaviorPad-Version
X-NodeID
DB-Nickname
Cmstype
Cdnsip
Cdncip
X-NAPM-TraceId
A
X-Orig-Expires
X-Processor
X-Hash
X-VG-WebCache
Meta-Geo-Continent
Mobile-Detection-Method
Lang
X-PBS-Appsvrname
X-Ig-Push-State
X-HS-Content-Campaign-Id
Host-ID
X-PAYTM-SRV-ID
NM-Fastcgi-Cache
X-Forwarded-Path
X-Aed
X-Ec-GeoHdr
X-Cache-NE
X-Epic-Correlation-Id
X-Varnish-Beresp-Grace
X-A-Dgt
X-A-Wwc
X-Cdn-Srv
X-AK-Request-ID
Cache-Name
X-B-Cookie
X-Developer
X-Destination
X-Ec-Fail
X-ARC
X-Application
X-Cache-Id
X-SRV
X-A-Dcw
X-Esi-Check
X-Webstats-RespID
X-A-Dam
X-External-Request-Id
X-Conf
X-Connection-Hash
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-CF-Lambda-Version
Xc-Version
X-R9-Blue-Green-Version
X-A
X-A-Ccd
X-CF-Lambda-Fn
Source
X-Azure-Ref
X-ZONE
X-Cache-Bucket
X-Cache-Backend
X-DefHash
X-Core-Value
X-Clara-WADP
X-Location
Environment
X-Ckpd-Fst-Backend
X-DefElseHash
X-LAGOON
X-GeoIP
Wxu-Next-Commit
State
Wxu-Next-Hostname
Wxu-Next-Region
Svr
We-Hiring
X-Fmm-Version
V-Age
Vix-Hermes-Req-Id
Server-Host
X-Gdpr
Mail-Subject
Machine
X-DPWN-IS-SECURE
X-Developers
Memcached
X-Fastly-Cache
Producers
Platform
X-Amzn-Remapped-Content-Length
Is-Eu
Adler-Geo
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-VG-TLSProxy
X-Viewer-Country
X-Tx-Id
X-Variation
X-V-Cache
X-Request-URI
X-RateLimit-Remaining-Second
X-SB
X-Scheme
X-Server-IP
X-WADP-Cache
X-Wix-Viewer-Type
X-Sigma
X-Rocket-Build-Number
X-Sigma-Backend
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Node-Id
X-Fetched-On
MD5-Digest
Fastly-GeoIP-CountryCode
X-Cache-Info
X-Core-Mission
X-Device-Os
X-RateLimit-Limit-Second
X-Varnish-CookieINHashed-On
X-Origin-Response-Time
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Origin-Expires
AKAMAI
X-Mvc-Supplant-Cachable
X-Origin
Apple-News-Services-Request-Url
X-Nyt-Route
X-Origin-Time
Traceparent
Thinkindot-Control
Thinkindot-CacheControl
Release
Origin-EX
Origin-CC
Req-Svc-Chain
Ssr
X-BBC-Edge-Cache-Status
TDXMobile
Thinkindot-CacheControl-Type
X-Level-Front-Cache
X-Served-From
X-Rocket-Nginx-Serving-Static
X-Loop
X-Datadog-Parent-Id
X-Thinkindot-L3
X-Skip-Cache
X-Datadog-Sampling-Priority
X-Pool
Origin
X-CacheTTL
X-Ec-Custom-Error
X-Loc
X-Datadog-Trace-Id
X-Cache-Date
L
X-Has-Esi
X-Pod-Name
X-Region-Sid
X-Platform
X-Planisys-CDN-TTL
X-Slack-Backend
X-Gamma-Serve
X-Gen-Mode
X-Generated-On
X-GeoIP-City
X-Qloud-Router
X-Proxy-Cache-Info
X-Policy
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Sn-Servicetimems
X-TNCMS
CloudFront-Viewer-Country
X-Worker
X-Irp-Debug
X-Is-Gdpr
X-Eu-Site
X-Proxy-Upstream
Kp-EeAlive
X-Httpd
X-Via-NSCOPI
X-Planisys-CDN-Rules
X-HN
X-Hnp-Log
X-Men
X-VarnishDD-TTL
X-Planisys-CDN-Cache
X-JWT-State
X-Minions-Version
HostName
Cluster
Redirect-Candidate
User-Cache-Control
Locid
Fastly-SIE
Fastly-SWR
Gh-Request-Id
PFcat
L5d-Success-Class
CDCHOST
HA-Ipaddr
Arc-Country
N-Cache
Ha-Gx-Prefs
X-Aicache-OS
Web-Mar-Region
X-Srv
X-Auto-Login
X-Block-Status
X-Branch-Name
X-Cdn-Origin
Fastcgi-Cache-TTL
X-CGP
X-Csrf-Jwt
CDN
Cache
X-VServer
X-Parent-Response-Time
X-Via-Ucdn
X-Response-By
NGX
X-Forwarded-Site
DSUID
X-SIPLIST1
X-Scale
X-Optimistic-Header
X-Old-Content-Length
X-Dispatcher-Number
IsBot
X-EC-Lua
AMP-Access-Control-Allow-Source-Origin
X-CS
Sever-Int
X-VC
X-RPS
X-DW
X-WP-CF-Super-Cache
X-DSS
X-WP-CF-Super-Cache-Cache-Control
X-DB
X-DI
X-RSL
Server-Ext
X-Refresh
Server-Hostname
Pics-Label
X-Owner
X-RPM
Ohc-File-Size
X-TraceId
X-IPLB-Request-ID
X-Tb-Optimization-Total-Bytes-Saved
X-Ah-Environment
X-NC
X-LB-NoCache
Time
X-Accel-Expires-Debug
X-Date
Memory
X-Newrelic-Synthetics
Servername
Ms-Author-Via
X-Akamai-Transformed
X-Tt-Logid
Datacenter
Candidate-Md5Url
Env
Cache-Key
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-BCube-Filmed-By
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Edge-Pop
X-Mvc-Supplant-OutputCached
X-Generated-In
X-Ad-Defer-Variation
X-Udemy-Cache-App-Namespace
CPC-Age
X-Cache-Debug
Geo-Info
VNS-Age
VNS-Cache
X-SplitTest
GEO-INFO
XM
CPC-Cache
X-Contensis-Viewer-Groups
X-Amz-Meta-Cb-Modifiedtime
X-Cache-ASPX
X-TIME
X-Xrds-Location
X-Via-Popn
ITXSESSIONID
X-Via-Poph
X-WA-Info
X-Servedbyhost
X-Varnish-Authentication
X-Via-Popv
X-API-Version
Fastly-Backend-Name
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
X-Cache-Status-Check
Fusion-Content-Id
X-S-Maxage
Path
X-HA-Backend
X-Micro-Cache
CacheControlHeader
GeoIp-Country-Code
X-RateLimit-Reset
X-TH-Server
X-CACHE-KEY
True-Client-Country-4JS
Client
X-Action
X-AIR-PT
Lb
Cache-Host
Server-ID
X-Vc
Ohc-Cache-HIT
Geoip-Latitude
X-VCL-Version
X-Backend-TTL
X-Cs
X-VHOST
X-Trace-ID
FSS-Cache
X-DC
Ngx.Var.Host
X-Varnish-Beresp-TTL
X-Req
Edge-Cache
Hostname
X-Presslabs-Stats
True-Client-IP
X-Api-Version
X-Proxy-CacheRZ
XkeyRZ
X-Fpc
X-Provided-By
My-App
X-TX-ID
X-FireWall-Port
Powered-By
X-Webkit-Csp-Report-Only
X-Pass-Why
X-Clientip
X-Origin-Upstream-Status
X-Zone
X-B3-Spanid
X-PX
X-Traceid
NtCoent-Length
X-Up
X-Varnish-Beresp-Ttl
Test
X-FPC
X-LB-ID
DataCenter
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-Dmc
X-CSRF-TOKEN
X-MSEdge-Flight
X-Cdn-Request-ID
X-MSEdge-Features
X-Dynatrace
X-Correlation-ID
User-Agent
X-Li-Fabric
X-Li-Pop
X-HS-Status
X-Render-Time
X-Webkit-CSP-Report-Only
X-Vcl-Version
X-Beluga-Record
X-Beluga-Response-Time
X-UnsetCookies
X-Beluga-Status
X-Beluga-Node
X-Beluga-Cache-Status
X-INCAP-ABP
X-LI-UUID
X-Beluga-Trace
Rip
OT-Force-Account-Verify
Proxy-Connection
C-Via
X-ND-Cache
WZWS-RAY
Server-Id
X-Geo
X-CLOUD-TRACE-CONTEXT
X-TRACE-ID
X-Check-Cacheable
X-Time-Microsecs
X-RAMCache
Tube-Get-Contents
Click-Count-Error
Srvid
X-Gateway-Cache-Key
X-CUA
MIME-Version
X-B3-Traceid-Primal
Tube-Got-Eval
X-Gateway-Cache-Status
Tube-Return
X-URL
Tube-Got-Results
X-Via-PopV
Click-Count-Action-Start
X-Via-PopN
X-Alfa-Service
X-Gateway-Skip-Cache
X-Service
X-Gateway-Request-Id
X-Via-PopH
X-Ha-Backend
X-Fragments
Sid
GeoIP-Latitude
Tracecode
GeoIP-Country-Code
X-Platform-Router
Target-Params
HIT
Uri
X-Platform-Cluster
Esi-Enabled
Cf-Device-Type
X-Platform-Processor
X-ServedByHost
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-DynaTrace-JS-Agent
Fastly-Drupal-HTML
X-Akamai-Pragma-Client-IP
Resin-Trace
X-CCDN-CacheTTL
Lfy
X-ATG-Version
X-Fastly-Backend
Srv
X-Hcs-Proxy-Type
On-Server
X-Azure-Ref-OriginShield
X-FC-Vary-Parameters
X-Proxy-Cache-Hk
X-Fastly-Backend-Reqs
X-Fetch-By
X-Sucuri-ID
X-LI-Proto
Epwk-X-Cache
X-Var-Ttl
X-Sucuri-Cache
X-CCDN-Origin-Time
Cdn
ENV
X-Backend-Host
X-LiteSpeed-Cache-Control
X-Esi
X-Cdn-Forward
X-APP
Section-Io-Origin-Status
Section-Origin-Responded
XServer
X-Cache-Expires
Section-Io-Origin-Time-Seconds
X-NU-AKA-ACS-Version
X-Backend-State
Magicmarker
X-Li-Proto
X-Varnish-Beresp-Status
Section-Io-Id
X-Edge-POP
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-MG-S
Tcn
CF-Cached-On
X-Newrelic-App-Data
X-App
X-Lb-Nocache
ServerName
PICS-Label
X-Yottaa-OS
X-ElasticPress-Query
Inserted-Into-Cache-At
X-HITS
D-Url-Rewrites
Wpo-Cache-Status
X-Cache-CFC
X-Iplb-Instance
X-Nc
Server-Ttl
X-Request-Start
X-Vcache
X-Iplb-Request-Id
X-Serial
Wpo-Cache-Message
X-Acquia-Application-UUID
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
Cf-Ipcountry
Warning
Servedby
X-HostName
X-Vercel-Cache
X-Dist-Code
X-BBC-Origin-Response-Status
Ngx
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
X-LiteSpeed-Tag
Fastcgi-Cache-Ttl
True-Client-Ip
X-Bip
X-Fastly-Cache-Hits
X-Litespeed-Cache-Control
X-Vercel-Id
M-TraceId
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-IN-APIGATEWAYSSL
X-Th-Server
X-Storefront-Renderer-Verified
X-CF-Powered-By
X-Back
Content-Style-Type
X-B3-Parentspanid
X-Dw-Trace-Id
Content-Script-Type
X-Request-Url
CountryCode
X-IN-APIGATEWAY
X-Thanos
X-Swift-Error
X-Snapshot-Date
X-Request-URL
X-Release
Cneonction
X-Shopify-Generated-Cart-Token