Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Request-ID
P3p
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Hacker
X-UA-Device
X-Backend
X-Robots-Tag
Report-To
X-Amz-Request-Id
X-LiteSpeed-Cache
Host-Header
X-Server
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
X-Amz-Version-Id
EagleEye-TraceId
X-Device
X-Dispatcher
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
X-Backend-Server
X-Node
Cf-Railgun
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
X-Language
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
Content-Location
X-Template
X-Application-Context
Rating
X-Ua-Compatible
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
X-Cache-Lookup
Accept-CH-Lifetime
X-Ac
X-Buckets
Allow
X-Url
X-Content-Type
X-Trace
X-TtlSet
X-PC
X-Vname
X-Mod-Pagespeed
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-ESI
Cache-Tag
Fastly-Restarts
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Server-Name
X-Element-Page-Cache
Verso
X-GitHub-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-Upstream
X-Vcap-Request-Id
X-Dw-Request-Base-Id
Public-Key-Pins
MS-Author-Via
X-D2id
X-Client-IP
X-Cached
X-Abt-Application-Version
X-Origin-Cache
X-Cache-TTL
Arr-Disable-Session-Affinity
Accept-Ch
X-Country-Code
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Goog-Hash
X-Powered-By-Plesk
X-Px
X-Cnection
X-Navigation-Version
Access-Control-Request-Method
X-NF-Request-ID
X-Version
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Aws-Lambda-Call-Status
X-Amz-Server-Side-Encryption
RTSS
X-Powered-CMS
Display
X-Sol
Pagespeed
X-Middleton-Display
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Middleton-Response
Response
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-MSEdge-Ref
X-LLID
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-CST
Nginx-Cache
X-Shield-Request-Id
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
S
AR-ATIME
AR-SID
AR-CACHE
Content-MD5
AR-PoweredBy
AR-Request-ID
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-T
X-TTL
X-Protected-By
X-Forwarded-For
X-Content-Security-Policy-Report-Only
TCN
X-Aspnetmvc-Version
X-Mg-S
X-RateLimit-Remaining
X-Id
X-Mid
X-MCACHE
Fastcgi-Cache
Realpath
Front-End-Https
X-Parallel-Accel
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
X-Recruiting
X-Ttl
X-Request-Received
X-Request-Processing-Time
Filters
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Server-Node
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Ab
X-Ua-Browser
X-Content
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace
X-Ezoic-Cdn
X-Correlation-Id
Alternate-Protocol
Server-Name
X-Accel-Expires
X-NWS-LOG-UUID
X-Frontend
X-ECACHE
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Hits
X-Yandex-Sdch-Disable
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Key
X-Content-Options
Cache-Tags
X-Ruxit-Js-Agent
X-Git-Hash
Host
X-Page-Id
MicrosoftSharePointTeamServices
Charset
Cleartype
X-Www-Served-By
X-B3-Sampled
X-Geo-Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Fastly-Request-Id
TP-Cache
X-Content-Digest
X-Amz-Replication-Status
TP-L2-Cache
Filterid
X-Forwarded-Proto
X-Ser
X-XRDS-LOCATION
X-Varnish-Age
X-VCache
X-Hostname
X-Amzn-Trace-Id
X-AppVersion
X-Az
X-Activity-Id
X-Rid
X-Request-Handler-Origin-Region
X-Daa-Tunnel
X-Microsite
X-DIS-Request-ID
X-Debug-Info
X-Origin-Server
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Grace
X-LB-Cache
X-N
X-Origin-Upstream-Status
X-FB-Debug
X-Nginx-Upstream-Cache-Status
X-WebKit-CSP-Report-Only
ServerID
X-Mobile-URL
X-Flags
X-Server-ID
X-TT
X-Providence-Cookie
X-Whom
X-Request-Guid
X-Aspnet-Duration-Ms
X-Route-Name
X-Is-Crawler
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-NGENIX-Cache
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-App-Server
X-App-Environment
X-F-Cache
X-Varnish-Grace
Viewport
Cross-Origin-Opener-Policy
X-Tb
Payment
X-Distributor
X-FW-Dynamic
X-FW-Type
Paypal-Debug-Id
X-PressLabs-Stats
Node
X-Logged-In
X-FW-Hash
DC
X-FW-Server
X-FW-Serve
X-FW-Static
X-Cache-Control
X-Seen-By
Fastcgi-Useragent
X-Type
X-User-Agent
X-Cache-Age
Country
Accept-Charset
X-Webkit-CSP
X-Varnish-Backend
X-Cache-Rule
Version
X-Node-Name
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-DataDome
X-Load-Cache
X-Wix-Request-Id
X-Cache-Action
X-Ratelimit-Limit
Refresh
X-IPLB-Instance
X-Via-JSL
SD-X-WS
Cache-Status
Access-Control-Request-Headers
X-Response-Served-From
X-Fastly-Request-ID
X-Original-Request-Id
X-Tec-Api-Version
X-Real-IP
Referer-Policy
X-Jobs
X-Tec-Api-Origin
X-Tec-Api-Root
X-Cacheable-TTL
X-RemovedCookies
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-B
X-Fastcgi-Cache
X-Contextid
X-Debug
X-ProcessESI
X-Cluster-Name
Liferay-Portal
X-Is-Bot
X-Rendered-As
X-UUID
X-Revision
X-Page-View
X-Proxy-Cache-Status
NGB
X-Vgn-Hpd-Reason
X-Drupal-Cache-Tags
X-Device-Type
X-Drupal-Cache-Contexts
X-Proxy
X-Yottaa-Optimizations
Amp-Access-Control-Allow-Source-Origin
X-Yottaa-Metrics
X-Rule
X-Cache-Expired-At
DynaTrace
X-Cache-Time
X-Instance
Akamai-GRN
X-G
X-Mobile
X-B-Cache
X-Framework
X-Signature
Surrogate-Key
Healthy
X-Debug-IsConnected
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Debug-IsPreview
X-Azure-Ref
X-FW-Version
CF-IPCountry
X-Source
SID
X-Oracle-Dms-Ecid
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Oracle-Dms-Rid
X-Ms-Version
X-Ms-Request-Id
Frame-Options
X-Oneagent-Js-Injection
X-Nginx-Cache
Ms-Operation-Id
X-Cache-Hit
X-RTag
MS-CV
Section-Io-Cache
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Countrycode
X-Tumblr-Pixel-0
X-APP-VERSION
Xserver
X-Environment-Context
X-L-Path
X-CDN-Forward
X-Varnish-Server
X-XRDS-Location
X-Region
Count-Hit
X-Cache-Operation
X-Servername
X-Content-Powered-By
X-EdgeConnect-Cache-Status
X-Forwarded-Host
GEO-INFO
Uber-Trace-Id
X-Litespeed-Cache
X-Backend-Name
X-Mode
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Backend
X-Adobe-Loc
X-Accel-Buffering
X-Adobe-Content
Ec-Rule-Version
X-Zen-Fury
X-RN-RSRV
X-JoinUs
X-SaId
X-UPSTREAM-Address
Meta-Geo
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
Eomportal-Instance
X-Shopify-Stage
X-Debug-Cache
X-Hosted-By
X-Generation-Time
X-Human
X-Microcachable
X-Alternate-Cache-Key
X-Cache-Grace
X-Varnish-Beresp-Grace
X-Detected-As
X-Redis-Cache
X-ShardId
X-Cache-Type
X-Cache-Server
Decoy-Debug-Status
X-Via-Fastly
Country-Code
Apigw-Requestid
Decoy-Debug-Key
Cache-Tv-Group
Cache-Name
Decoy-Debug-TTL
X-Cache-TTL-Remaining
Url
X-Storage
X-ProxyCache-Status
X-FB-TRIP-ID
X-Status
X-ServerID
X-Site-Version
X-ProxyCache-Key
X-Sql-Duration-Ms
X-Origin-Date
X-PHP-Backend
X-No-Session
X-Uri
X-NCache
X-BYPASS-REASON
X-RateLimit-Limit
X-Sql-Count
X-OCL
Selected-Fe
TWC-Connection-Speed
X-Web-Node
Protected
X-Proxy-Build
Property-Id
X-PCL
X-Origin-Hint
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Name
Fastly-SSL
Webcakes-App-Version
Webcakes-Region
X-Timing-Wait
TWC-Privacy
TWC-GeoIP-LatLong
X-Format
TWC-Locale-Group
X-Akamai-Edgescape
X-Cache-Host
X-SayCDN-TTL
X-Say-Cacheable
X-Azure-Ref-OriginShield
Mn-Server-Ip
X-UA-Device-Type
X-Say-TTL
X-Routing-Service
X-Pubstack
DB-Nickname
OT-Force-Account-Verify
X-R9-Blue-Green-Version
X-Server-W
X-NYM-Debug-Backend
X-ApacheServer
X-Access
X-Proxied
X-Hl-Ver
Azure-Version
Source
X-Section
X-Zipkin-Id
X-Extlb
X-Varnishpool
X-PERF
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-LSADC-Cache
X-Cluster-Node
X-Time
X-Rewrite-Enabled
X-Tid
Content-Secure-Policy
X-Be
X-Cache-Var
X-Cache-NGX
X-Cache-Var-Map
X-Webkit-Csp
X-Ua
X-Soup
X-HTML-Minification-Powered-By
X-SRV
X-Amz-Meta-S3cmd-Attrs
X-Ratelimit-Reset
X-Content-Age
X-NewRelic-App-Data
Content-Disposition
X-Cached-By
SRV
X-LAGOON
X-App-Version
X-Dc
X-Loop
X-TNCMS
Cache
CDN-EdgeStorageId
X-Varnish-Hostname
X-Varnish-Hits
CDN-CachedAt
CDN-Cache
CDN-PullZone
X-Generated-By
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
X-S-Maxage
X-Bc-Bl
Onion-Location
X-Unique-Id
X-Presslabs-Stats
X-Hyper-Cache
Webserver
Retry-After
X-TT-LOGID
X-Origin-CC
X-Origin-TTL
X-Auto-Login
X-ECache
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-GEO
Cache-Hits
X-Proto
Web-Mar-Node
X-Nginx-Cache-Key
X-Cdn
Xet-Cookie
X-Tenant
X-Time-Microsecs
X-Qnm-Cache
X-Endurance-Cache-Level
X-Trace-Id
X-M-Log
X-M-Reqid
X-Edge-Location
X-Akamai-Transformed
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-CSRF-Token
X-GG-Cache-Date
Mime-Version
X-CACHE-KEY
X-Platform-Server
CloudFront-Viewer-Country
LB
X-Mg-Request-UUID
HostName
X-PHP-Host
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-Amz-Apigw-Id
N-Cache
X-Xfnlog-Site
X-Cache-Tags
X-Locale
X-B3-SpanId
X-Storefront-Renderer-Rendered
X-RCS-CacheZone
X-Handled-By
X-Varnish-Cache-Hits
X-Origin-Response-Time
X-Adobe-Source
Nel
Upgrade-Insecure-Requests
X-Correlation-ID
ServedBy
X-VC-Cache
X-Request-Time
X-SVT-ORM-VERSION
X-Conf
X-A-Wwc
X-TIM-N
X-SVT-ORM-RULES
X-Planisys-CDN-TTL
X-Cache-NE
X-SRCache-Key
X-Aed
X-A-Dgt
X-V-Cache
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Orig-Expires
X-Cluster
X-Vdms-Version
X-Reqid
X-Vdms-Path
X-CF-Lambda-Fn
X-Slack-Backend
X-PBS-Appsvrname
X-Shop-Environment
X-ARC
X-Rojux
X-S
X-S-Cookie
Odigeo-Trace-Id
X-AOL-HN
X-NAPM-TraceId
A
X-B-Cookie
X-Application
X-ScT
Origin
X-Cache-Date
X-VG-WebCache
Mobile-Detection-Method
X-Session-Fingerprint
X-Request-Host
X-SD-PageType
BehaviorPad-Version
X-ND-Cache
X-Planisys-CDN-Cache
DCR-Decision-By
X-A-Ccd
X-Forwarded-Path
X-A
Rendered-Blocks
X-Processor
X-A-Dam
Expiry
Fastcgi-X-Cache-Version
X-Ftr-Request-Id
Meta-Geo-Continent
Surrogated-Key
X-ATG-Version
X-Ig-Push-State
State
X-Planisys-CDN-Rules
WPO-Cache-Message
WPO-Cache-Status
Redirect-Candidate
X-External-Request-Id
X-D
DCR-Processing-Time-Ms
Xc-Version
DSUID
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Cache-Remote
X-PAYTM-SRV-ID
X-A-Dcw
X-Destination
Pramga
X-Connection-Hash
X-Developer
X-Via-NSCOPI
Server-Info
Environment
X-MP-GENERATED-AT
X-TIME
AMP-Access-Control-Allow-Source-Origin
Vix-Hermes-Req-Id
AKAMAI
X-Nyt-Route
V-Age
L
Gh-Request-Id
Fastcgi-Cache-TTL
Candidate-Md5Url
X-Proxy-Upstream
Cmsid
Cmstype
CacheControlHeader
Datacenter
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Accel-Expires-Debug
X-Policy
Host-ID
X-Sucuri-ID
User-Cache-Control
X-Block-Status
X-Fetched-On
Release
X-Epic-Correlation-Id
X-Mvc-Supplant-Cachable
X-Date
X-Device-Os
X-Fastly-Cache
X-Gen-Mode
X-Geo-Header
X-Origin-Expires
From-Origin
X-Origin-Time
X-Gdpr
X-Forwarded-Site
X-Hnp-Log
X-Owner
X-Hash
X-VServer
X-Server-IP
X-Men
X-Skip-Cache
X-Cache-Bucket
X-Served-From
X-Old-Content-Length
X-Rocket-Nginx-Serving-Static
X-Scheme
X-Core-Mission
X-Cache-Info
X-Ratelimit-Remaining
X-Li-Fabric
X-Varnish-Beresp-Status
X-Sucuri-Cache
X-Li-Pop
X-Location
X-LI-UUID
X-VG-TLSProxy
Thinkindot-CacheControl-Type
True-Client-Country-4JS
Thinkindot-Control
X-Cache-Config
X-Gamma-Serve
X-Fastly-Backend
X-Esi-Check
X-Developers
X-Irp-Debug
X-Generated-On
X-HN
X-Gzip
X-GeoIP-City
X-GeoIP
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Bip
X-Aicache-OS
Web-Mar-Region
We-Hiring
X-Branch-Name
Thinkindot-CacheControl
X-Datadog-Parent-Id
X-Level-Front-Cache
X-Cdn-Origin
X-Cache-Id
X-NodeID
Fastly-GeoIP-CountryCode
X-Thanos
X-Sn-Servicetimems
TDXMobile
X-TrackingId
X-VarnishDD-TTL
X-Sigma-Backend
X-Sigma
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Rocket-Build-Number
X-Viewer-Country
X-Magnolia-Registration
X-Cache-Debug
X-BBC-Edge-Cache-Status
X-Core-Value
X-EC-Lua
X-TH-Server
Traceparent
Req-Svc-Chain
Arc-Country
CDCHOST
Origin-CC
Origin-EX
X-Request-Start
X-Thinkindot-L3
Server-Host
X-Platform
X-HS-Content-Campaign-Id
Machine
PFcat
Mail-Subject
Locid
X-Req
Svr
X-Region-Sid
X-Xrds-Location
NGX
Fastly-SWR
X-NU-AKA-ACS-Version
X-Csrf-Jwt
Fastly-SIE
X-DPWN-IS-SECURE
X-DefElseHash
X-DefHash
NM-Fastcgi-Cache
X-Rebelmouse-Cache-Control
X-Is-Gdpr
X-Rebelmouse-Surrogate-Control
X-Has-Esi
X-Webstats-RespID
X-Envoy-Decorator-Operation
X-Origin
L5d-Success-Class
Memcached
X-Eu-Site
Platform
X-FC-Vary-Parameters
X-JWT-State
X-Worker
Cf-Device-Type
X-Pod-Name
X-Loc
X-RateLimit-Limit-Second
Is-Eu
X-Qloud-Router
X-RateLimit-Remaining-Second
X-Backend-State
Adler-Geo
X-Request-URI
HA-Ipaddr
Ha-Gx-Prefs
X-UnsetCookies
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
WWW-Authenticate
X-Varnish-CookieHashed-On
X-CGP
X-Amzn-Remapped-Content-Length
X-Variation
X-Zone
X-FireWall-Port
X-Cdn-Srv
Sslversion
X-Node-Id
X-CLOUD-TRACE-CONTEXT
Esi-Enabled
X-CS
Fastly-Drupal-Html
On-Server
CDN
X-Tx-Id
X-Up
Ssr
X-NC
X-Response-By
X-Mvc-Supplant-OutputCached
X-LB-ID
X-Varnish-Beresp-Ttl
X-API-Version
C-Via
X-Trace-ID
X-Service
X-Vc
WP-Super-Cache
Ms-Author-Via
Pics-Label
X-Generated-In
X-Datadome
X-Refresh
Time
Memory
X-Tt-Logid
X-Cache-PHP
X-TA-CDN-Provider
X-DynaTrace-JS-Agent
X-Cache-Enabled
NtCoent-Length
X-Backend-TTL
X-LB-NoCache
X-Via-Popn
X-Edge-Pop
X-Via-Poph
X-Via-Popv
X-Varnish-Ttl
X-Dynatrace
X-Tb-Optimization-Total-Bytes-Saved
GeoIp-Country-Code
X-Cache-Status-Check
X-TraceId
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Env
X-Parent-Response-Time
X-Render-Time
X-DC
Magicmarker
X-Optimistic-Header
X-Varnish-Beresp-TTL
X-NWS-UUID-VERIFY
X-Info
X-Ua-Device
X-Esi
X-AIR-PT
X-ZONE
X-Servedbyhost
X-Unique-ID
X-TX-ID
Kp-EeAlive
X-CacheTTL
X-Restarts
X-Cs
X-Clientip
Server-ID
X-Srv
S-Rt
X-Cache-Backend
Edge-Cache
X-MSEdge-Features
X-Wix-Viewer-Type
X-MSEdge-Flight
X-RSL
X-RPS
X-DB
X-Action
X-DI
X-DSS
X-DW
X-RPM
WebServer
Cache-Host
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
HIT
X-Oss-Hash-Crc64ecma
UCS
X-Li-Proto
X-VCL-Version
X-Newrelic-Synthetics
S-Cnection
Proxy-Connection
X-Cache-Ttl
X-App
Section-Origin-Responded
X-URL
Lb
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Webkit-Csp-Report-Only
X-FPC
X-LI-Proto
X-Fpc
X-Minions-Version
Test
X-HA-Backend
X-LiteSpeed-Cache-Control
X-Traceid
X-B3-Spanid
Fastly-Backend-Name
Server-Id
User-Agent
X-Vcl-Version
X-Micro-Cache
X-NODE
X-Webkit-CSP-Report-Only
Geo-Info
Tcn
X-Backend-Host
X-Akamai-Request-ID2
X-Http-Reason
X-BCube-Filmed-By
X-Release
X-Pass-Why
X-Pad
X-ES-SERVER
X-Ec-GeoHdr
Fastly-Drupal-HTML
X-APP
X-Ec-Fail
X-LiteSpeed-Tag
X-User
Cf-Int-Pingora-Origin-Digest
Resin-Trace
X-HostName
Accept-Language
X-CSRF-TOKEN
VNS-Cache
CPC-Cache
CPC-Age
VNS-Age
Path
X-Amz-Meta-Cb-Modifiedtime
X-BBC-Origin-Response-Status
X-Check-Cacheable
X-ID
X-ServedByHost
EpKe-Alive
Cache-Key
Hostname
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Ha-Backend
Hit
GeoIP-Country-Code
X-WA
X-WA-Info
Srv
X-Akamai-Pragma-Client-IP
Ohc-File-Size
X-Dynatrace-Js-Agent
X-Geo
X-Wikidot-Static-Cache
X-Edge-POP
X-Clara-WADP
Cdnsip
X-Cdn-Forward
X-Via-PopV
X-Wikidot-Backend
X-Fmm-Version
MIME-Version
Cdncip
X-WADP-Cache
X-Via-PopN
Shield-Pop
X-Cms-Context
X-ElasticPress-Query
X-PJAX-URL
X-Via-PopH
ENV
X-AK-Request-ID
M-TraceId
Pagetype
X-Edge-Cache
Geoip-Latitude
X-NGINX-Cache
MD5-Digest
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Load-Balancing
Cluster
X-HS-Status
X-Via-Ucdn
X-Api-Version
X-CCDN-Origin-Time
My-App
X-From
URI
X-Var-Ttl
Tracecode
X-ServerName
X-Ucs
Lfy
X-VG-WebServer
X-CUA
X-Mcache
X-Cache-Expires
W
Sever-Int
X-Fastly-Backend-Reqs
X-GoCache-CacheStatus
X-Fastly-Cache-Hits
X-UP
Server-Hostname
X-SIPLIST1
IsBot
T-Server
Server-Ext
X-Dw-Trace-Id
X-TRACE-ID
X-VC
X-RateLimit-Reset
X-Cdn-Request-ID
Cneonction
X-RAMCache
X-B3-ParentSpanId
X-Provided-By
PICS-Label
WZWS-RAY
X-Lb-Id
Lang
Servername
Cdn
Ohc-Cache-HIT
X-Nc
X-Fragments
Cteonnt-Length
Target-Params
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Acquia-Application-Trace
X-Swift-Error
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Apw-Access-Action
X-Apw-Access-Object
X-Newrelic-App-Data
Dnion-Transfer-Encoding
X-Via-CDN
X-Apw-Hits
X-Platform-Router
X-Platform-Processor
HitType
X-Akamai-Request-ID
Cf-Ipcountry
X-Platform-Cluster
X-Cache-ASPX
X-Apw-Access-Token
X-Yottaa-OS
X-Contensis-Viewer-Groups
CF-Cached-On
X-Cc-Via
X-Snapshot-Date
Vha6-Origin
X-Air-Pt
X-Cache-Ngx
Sid
X-Http-Count
X-Last-Modified
X-Http-Duration-Ms
X-Te-Count
Uri
X-Te-Duration-Ms
Server-Ttl
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-B3-Parentspanid
X-Logging-Id
X-Varnish-Authentication
X-CacheKey
X-UA
Req-ID
X-Sentry-ID
Ngx
X-HTML-Edge-Cache
CountryCode
X-Miniprofiler-Ids
X-Lb-Nocache
FSS-Cache