Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
EagleId
X-Akamai-Path-Stats
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-UA-Device
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
X-WebKit-CSP
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
Accept-CH-Lifetime
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Content-Location
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
Fastly-Restarts
X-Country
X-MS-InvokeApp
X-Rack-Cache
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Accept-Ch
X-PC
X-TtlSet
X-Vname
Accept-Ch-Lifetime
X-Clacks-Overhead
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-Amz-Server-Side-Encryption
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Revision
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-D2id
X-FastCGI-Cache
X-Edge
X-Ac
X-RateLimit-Remaining
X-Navigation-Version
X-Ser
X-Element-Page-Cache
Verso
Pagespeed
Display
X-Abt-Application-Version
X-Sol
X-Middleton-Display
X-Client-IP
X-Powered-By-Plesk
X-Ttl
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-Correlation-Id
X-Middleton-Response
Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
X-Content-Security-Policy-Report-Only
SPIisLatency
SPRequestDuration
X-Ruxit-Js-Agent
X-Kinsta-Cache
X-Cached
X-Ua-Device
X-Edge-Location-Klb
X-SharePointHealthScore
AR-Request-ID
AR-PoweredBy
AR-SID
AR-CACHE
SPRequestGuid
AR-ATIME
X-Powered-CMS
X-Upstream
Edge-Cache-Tag
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-LLID
X-Instrumentation
X-NWS-LOG-UUID
X-RateLimit-Limit
X-Litespeed-Cache
X-Forwarded-For
X-Cache-Key
Nginx-Cache
Content-MD5
X-MSEdge-Ref
X-Shield-Request-Id
MRF-Tech
X-TTL
Mrf-Cache-Status
X-Id
TCN
X-T
X-Recruiting
X-B3-TraceId-Primal
S
X-Daa-Tunnel
X-Content-Digest
X-ECACHE
X-TEC-API-VERSION
X-DataDome
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-SRCache-Store-Status
X-Mg-S
X-SRCache-Fetch-Status
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-Grace
X-Ezoic-Cdn
MS-Author-Via
X-HS-Cache-Config
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-HS-Combine-CSS
X-HS-Content-Id
X-Protected-By
X-DynaTrace
X-Content
X-Ua-Browser
X-Frontend
X-Ab
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
TP-L2-Cache
TP-Cache
Server-Node
Front-End-Https
Filters
X-Server-ID
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-PressLabs-Stats
X-Mid
X-Geo-Country
X-Hits
X-Webkit-Csp
X-Request-Handler-Origin-Region
X-Microsite
X-Tt-Trace-Tag
X-LB-Cache
X-Tt-Trace-Host
X-Amzn-Trace-Id
X-Debug-Info
Host
Charset
Cleartype
X-F-Cache
X-Git-Hash
X-Page-Id
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Ratelimit-Reset
X-DIS-Request-ID
X-ORACLE-DMS-ECID
X-Cache-Age
Cache-Status
X-Www-Served-By
X-Seen-By
Access-Control-Allow-Method
X-ORACLE-DMS-RID
Realpath
X-AppVersion
X-Activity-Id
X-Az
ServerID
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Aspnetmvc-Version
Accept-Charset
X-Oracle-Dms-Ecid
X-Mcache
X-Varnish-Age
X-Fastly-Request-Id
X-Oracle-Dms-Rid
Cache-Tags
Filterid
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Rid
X-Content-Options
X-Type
X-Language
Retry-After
X-Kong-Proxy-Latency
X-App-Environment
X-FB-Debug
X-Kong-Upstream-Latency
Server-Name
Country
Node
X-Varnish-Backend
X-MCACHE
X-Tb
X-Upgrade-Enabled
Viewport
DC
Paypal-Debug-Id
X-Drupal-Cache-Tags
X-Varnish-Grace
X-User-Agent
X-Signature
X-B-Cache
X-TT
X-Wix-Request-Id
X-Origin-Cache
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Oneagent-Js-Injection
X-Mobile-URL
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Whom
X-Route-Name
X-VCache
X-Flags
X-B
X-XRDS-LOCATION
X-Aspnet-Duration-Ms
X-Request-Guid
X-Is-Crawler
X-Providence-Cookie
X-NWS-UUID-VERIFY
Protected
Permissions-Policy
X-Debug
Fastcgi-Useragent
X-Logged-In
X-Cache-NGX
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
WPO-Cache-Status
WPO-Cache-Message
X-N
X-Via-JSL
Payment
X-Load-Cache
Surrogate-Key
X-Cache-Control
X-Contextid
Amp-Access-Control-Allow-Source-Origin
Count-Hit
X-Webkit-CSP
Healthy
X-Node-Name
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-XRDS-Location
X-FW-Type
X-FW-Serve
X-Template
SD-X-WS
X-Mobile
X-Response-Served-From
X-Original-Request-Id
Refresh
X-Proxy
X-Trace-Id
Akamai-GRN
Content-Disposition
X-Cache-Time
X-G
X-Jobs
X-Revision
Url
X-Restarts
Alternate-Protocol
X-Zen-Fury
X-NGENIX-Cache
X-Cache-TTL-Remaining
X-Akamai-Request-ID2
X-Framework
X-Real-IP
X-UUID
Uber-Trace-Id
VIX-Pulpo-Node
NGB
VIX-Pulpo-Upstream-Status
X-Is-Bot
X-Cacheable-TTL
X-Servername
X-Adobe-Content
X-Adobe-Loc
X-Rendered-As
X-Proxy-Cache-Status
X-Debug-IsConnected
X-Debug-IsPreview
X-Device-Type
X-Fastly-Request-ID
X-Drupal-Cache-Contexts
X-Page-View
X-Instance
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Grace
X-Http-Reason
Access-Control-Request-Headers
X-Hostname
X-COUNTRY
X-Mg-Request-UUID
X-Midtier
X-ECache
X-Varnish-Server
X-B3-Traceid
X-IPLB-Instance
X-Environment-Context
X-L-Path
X-Source
X-EdgeConnect-Cache-Status
Version
Accept-Language
X-HTML-Minification-Powered-By
MS-CV
X-RTag
Ms-Operation-Id
Countrycode
X-Fastcgi-Cache
Frame-Options
From-Origin
X-Cache-Rule
X-Cache-Hit
X-Vgn-Hpd-Reason
X-Cache-Expired-At
Liferay-Portal
X-NYM-Debug-Backend
Referer-Policy
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-Pixel
Backend
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-APP-VERSION
X-Datadome
X-IPS-LoggedIn
X-FW-Version
Content-Secure-Policy
X-Hosted-By
X-Unique-Id
X-Cache-Server
X-UPSTREAM-Address
X-RN-RSRV
Upgrade-Insecure-Requests
Meta-Geo
X-Parallel-Accel
X-Cache-Enabled
Section-Io-Cache
X-NewRelic-App-Data
X-Generation-Time
X-OCL
X-Redis-Cache
X-Ua
X-No-Session
X-PCL
X-FB-TRIP-ID
X-Nginx-Cache
WP-Super-Cache
Mn-Server-Ip
TWC-Device-Class
Azure-Version
X-Uri
X-ProcessESI
TWC-Privacy
TWC-GeoIP-LatLong
Property-Id
X-RemovedCookies
X-Section
X-Region
TWC-Connection-Speed
S-Rt
X-UA-Device-Type
X-Request-Time
Webcakes-App-Name
X-PHP-Backend
X-Be
Azure-InstanceId
TWC-GeoIP-Country
X-Akamai-Edgescape
X-Server-W
Apigw-Requestid
X-Format
X-AOL-HN
X-Origin-Hint
X-Via-Fastly
Webcakes-Region
X-Cluster-Node
Webcakes-App-Version
Azure-SlotName
Azure-SiteName
X-Varnish-Cache-Hits
X-Access
Azure-RegionName
TWC-Locale-Group
X-Mode
CF-IPCountry
X-Content-Age
X-ProxyCache-Status
X-ProxyCache-Key
X-PERF
X-Origin-Date
X-Say-Cacheable
X-Sorting-Hat-ShopId
X-Say-TTL
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Nginx-Cache-Key
X-Human
X-BYPASS-REASON
X-Cache-Host
X-ApacheServer
Locale
Eomportal-Instance
X-Content-Powered-By
X-Debug-Cache
X-SayCDN-TTL
X-Generated-By
X-Forwarded-Host
Cache-Tv-Group
X-Locale
X-ShardId
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Sql-Duration-Ms
X-Xfnlog-Site
Fastly-SSL
X-Sql-Count
X-Ratelimit-Remaining
X-Labrador-Cache-Channel
X-PHP-Host
X-Site-Version
X-Storage
X-Status
X-Detected-As
X-Extlb
X-Platform-Server
X-Backend-Name
X-LJ-Flow-ID
X-Cache-Type
X-Cms-Context
X-AWS-Id
X-VC-Cache
X-Zipkin-Id
X-SaId
X-Routing-Service
X-Tid
X-VWS-Id
Ec-Rule-Version
X-Varnishpool
X-Proxied
X-Adobe-Source
X-JoinUs
X-ServerID
X-Web-Node
X-Cache-Tags
X-Hl-Ver
X-Cache-Action
X-Handled-By
X-GG-Cache-Date
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-EdgeStorageId
CDN-Cache
X-Proxy-Build
X-Timing-Wait
Load-Balancing
CDN-CachedAt
CDN-PullZone
Selected-Fe
X-Storefront-Renderer-Rendered
ServedBy
X-Edge-Location
X-Dc
X-GeoCountry
X-GeoCode
X-Proto
Webserver
SRV
Mime-Version
X-CDN-Forward
X-Hyper-Cache
X-LSADC-Cache
Web-Mar-Node
Fastly-Drupal-Html
X-Rule
Onion-Location
X-Cache-Operation
X-Cached-By
X-GEO
X-Cache-Remote
X-TT-LOGID
X-Rewrite-Enabled
X-Varnish-Hostname
SID
X-Soup
X-App-Version
Cache-Hits
X-Cdn
X-Varnish-Ttl
X-SRV
X-Cluster
Xserver
X-Accel-Buffering
X-Pubstack
X-Reqid
X-Varnish-Hits
X-Origin-TTL
X-TA-CDN-Provider
X-Origin-CC
X-Magnolia-Registration
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
Xet-Cookie
X-Microcachable
Server-Info
LB
X-IPLB-Request-ID
X-MP-GENERATED-AT
X-Buckets
X-Tumblr-Pixel-3
Country-Code
X-Tumblr-Pixel-2
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Request-Host
DB-Nickname
Cache
Source
X-Ms-Request-Id
X-Ms-Version
X-CSRF-Token
X-Newrelic-Synthetics
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Tt-Logid
X-B3-SpanId
X-Endurance-Cache-Level
X-Tx-Id
X-Origin-Response-Time
A
Fastcgi-X-Cache-Version
X-User
X-TrackingId
Host-ID
X-Vdms-Path
X-Vdms-Version
Cmsid
Lang
DCR-Decision-By
X-Vtex-Processado-Em
DCR-Processing-Time-Ms
Xc-Version
Cmstype
X-VG-WebCache
Cdncip
Cdnsip
X-Vtex-Remote-Cache
Expiry
BehaviorPad-Version
T-Server
X-Developer
X-Destination
X-Ec-Fail
X-Ec-GeoHdr
X-Esi-Check
X-Epic-Correlation-Id
X-D
X-Connection-Hash
X-CF-Lambda-Fn
X-Cdn-Srv
X-CF-Lambda-Version
X-Conf
X-S
X-Rojux
X-External-Request-Id
X-Orig-Expires
X-NAPM-TraceId
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Ftr-Request-Id
X-Forwarded-Path
X-Geo-Header
X-Gzip
X-Hash
X-Cache-NE
X-Cache-Id
X-SRCache-Key
X-Tenant
X-Shop-Environment
X-Session-Fingerprint
Sslversion
Rendered-Blocks
Pramga
Mobile-Detection-Method
Meta-Geo-Continent
NM-Fastcgi-Cache
Odigeo-Trace-Id
X-TIM-N
Surrogated-Key
X-SD-PageType
X-AK-Request-ID
X-Aed
X-Application
X-ARC
X-B-Cookie
X-A-Wwc
X-A-Dgt
X-S-Cookie
X-ScT
X-A-Ccd
X-A-Dam
X-A-Dcw
MD5-Digest
X-A
X-Bc-Bl
X-Via-NSCOPI
X-NCache
X-RCS-CacheZone
X-Core-Value
Fastly-GeoIP-CountryCode
X-DefElseHash
Is-Eu
X-Clara-WADP
Machine
X-Ckpd-Fst-Backend
X-DefHash
X-Core-Mission
Environment
X-Fastly-Cache
X-Fetched-On
X-Fmm-Version
X-Server-IP
X-Sigma
Mail-Subject
X-Device-Os
X-DPWN-IS-SECURE
X-Sigma-Backend
X-SVT-ORM-RULES
X-Varnish-Remaining-TTL
X-Amzn-Remapped-Content-Length
X-WADP-Cache
Server-Host
State
X-Via-Ucdn
We-Hiring
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Worker
X-SVT-ORM-VERSION
X-Cache-Info
X-Scheme
X-Cache-Bucket
Platform
X-Variation
X-V-Cache
Producers
Memcached
X-Developers
X-GeoIP
X-Origin-Time
X-Irp-Debug
X-Rocket-Build-Number
X-Mvc-Supplant-Cachable
X-Skip-Cache
AKAMAI
Adler-Geo
X-Gdpr
X-Origin
X-SB
X-Nyt-Route
X-Node-Id
X-NodeID
CDN
Cache-Name
X-Time
X-Varnish-Beresp-Grace
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Region-Sid
X-Auto-Login
X-Block-Status
X-Cache-Backend
X-Branch-Name
X-BBC-Edge-Cache-Status
X-Origin-Expires
X-Aicache-OS
X-Pool
X-VG-TLSProxy
X-RateLimit-Limit-Second
X-Proxy-Cache-Info
X-Proxy-Upstream
Vix-Hermes-Req-Id
X-Qloud-Router
Web-Mar-Region
X-Policy
X-R9-Blue-Green-Version
X-Cache-Date
X-Rebelmouse-Surrogate-Control
X-Platform
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-VarnishDD-TTL
X-Pod-Name
X-Planisys-CDN-TTL
X-Cdn-Origin
X-HN
V-Age
X-Hnp-Log
X-Httpd
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-GeoIP-City
X-Dispatcher-Number
X-Served-From
X-Forwarded-Site
X-Gen-Mode
X-Generated-On
X-Ec-Custom-Error
X-Eu-Site
X-Datadog-Parent-Id
X-SIPLIST1
X-Minions-Version
X-Loc
X-ZONE
X-Gamma-Serve
X-Request-URI
X-CacheTTL
X-Sn-Servicetimems
X-CGP
X-Csrf-Jwt
X-Slack-Backend
X-LAGOON
X-Rocket-Nginx-Serving-Static
X-Level-Front-Cache
X-Thinkindot-L3
X-Xrds-Location
Gh-Request-Id
Ha-Gx-Prefs
Fastly-SWR
Fastly-SIE
Cache-Key
Fastcgi-Cache-TTL
HA-Ipaddr
X-Wix-Viewer-Type
N-Cache
DynaTrace
Kp-EeAlive
L5d-Success-Class
IsBot
Apple-News-Services-Handled
Datacenter
X-Has-Esi
X-TNCMS
CDCHOST
X-BCube-Filmed-By
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Loop
X-JWT-State
X-Is-Gdpr
Ohc-File-Size
User-Cache-Control
Cluster
Candidate-Md5Url
CloudFront-Viewer-Country
Origin
L
Redirect-Candidate
TDXMobile
Origin-CC
X-Wikidot-Static-Cache
Release
Req-Svc-Chain
X-Viewer-Country
Ssr
Svr
Thinkindot-CacheControl
X-Wikidot-Backend
Origin-EX
Traceparent
PFcat
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cache-Status-Check
X-Azure-Ref
CPC-Cache
DSUID
Sever-Int
X-Ad-Defer-Variation
GEO-INFO
X-From
X-Scale
X-VServer
CPC-Age
VNS-Age
X-Owner
Server-Ext
X-SplitTest
XM
VNS-Cache
NGX
X-Webstats-RespID
Server-Hostname
X-Optimistic-Header
X-Tec-Api-Origin
HostName
X-Tec-Api-Root
X-Tec-Api-Version
X-WP-CF-Super-Cache-Cache-Control
Pics-Label
X-Location
X-WP-CF-Super-Cache
X-Refresh
Fastly-Backend-Name
X-WA-Info
X-CS
X-Parent-Response-Time
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-KEY
Env
X-AIR-PT
X-Ah-Environment
X-NC
X-Micro-Cache
X-Contensis-Viewer-Groups
Locid
X-Cache-ASPX
X-VC
X-TIME
Ms-Author-Via
X-EC-Lua
X-Men
X-Varnish-Authentication
X-Response-By
X-LB-NoCache
X-Edge-Pop
X-Udemy-Cache-App-Namespace
Servername
Arc-Country
AMP-Access-Control-Allow-Source-Origin
Memory
X-TraceId
X-Servedbyhost
X-Old-Content-Length
Time
Path
X-Amz-Meta-Cb-Modifiedtime
Lb
X-RPM
X-Via-Popv
Cache-Host
X-Via-Popn
Ngx.Var.Host
X-Via-Poph
X-DB
X-Generated-In
X-Srv
X-DSS
X-DW
X-Mvc-Supplant-OutputCached
X-RSL
X-DI
X-RPS
Ohc-Cache-HIT
X-Akamai-Transformed
GeoIp-Country-Code
X-Accel-Expires-Debug
ITXSESSIONID
X-Date
X-Api-Version
X-Vc
X-Proxy-CacheRZ
XkeyRZ
X-RateLimit-Reset
X-Presslabs-Stats
True-Client-IP
X-S-Maxage
X-VCL-Version
Client
X-Varnish-Beresp-TTL
X-HA-Backend
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-API-Version
FSS-Cache
X-Cache-Debug
X-Clientip
Geoip-Latitude
X-Cs
Hostname
X-VHOST
Server-ID
X-Trace-ID
X-DC
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
CacheControlHeader
X-Fpc
X-TH-Server
True-Client-Country-4JS
X-Action
X-FireWall-Port
X-Zone
X-Dmc
X-Render-Time
X-Backend-TTL
Powered-By
X-MSEdge-Flight
X-Webkit-Csp-Report-Only
X-MSEdge-Features
X-NGINX-Cache
X-TX-ID
X-Traceid
X-PX
NtCoent-Length
X-B3-Spanid
X-INCAP-ABP
X-CSRF-TOKEN
Geo-Info
C-Via
Edge-Cache
X-DynaTrace-JS-Agent
Tcn
Rip
X-Req
X-Service
Test
X-M-Reqid
My-App
Tube-Got-Eval
Click-Count-Error
Tube-Get-Contents
X-Gateway-Request-Id
X-HS-Status
HIT
Click-Count-Action-Start
Tube-Got-Results
Esi-Enabled
X-M-Log
X-Qnm-Cache
X-Gateway-Cache-Status
X-FPC
X-Gateway-Cache-Key
Tube-Return
X-Cdn-Request-ID
X-Pass-Why
X-Gateway-Skip-Cache
X-Origin-Upstream-Status
X-Correlation-ID
Server-Id
X-Beluga-Response-Time
X-Webkit-CSP-Report-Only
X-Beluga-Node
X-Beluga-Status
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Cache-Status
On-Server
User-Agent
X-Ha-Backend
OT-Force-Account-Verify
X-Vcl-Version
X-Provided-By
Cf-Int-Pingora-Origin-Digest
X-Alfa-Service
X-Up
X-Varnish-Beresp-Ttl
X-TRACE-ID
X-Via-PopV
Uri
Resin-Trace
X-Via-PopH
X-Proxy-Cache-Hk
X-Via-PopN
Srvid
X-LB-ID
Proxy-Connection
X-URL
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-APP
GeoIP-Latitude
Sid
GeoIP-Country-Code
X-Akamai-Pragma-Client-IP
X-Edge-Origin-Shield-Bytes
X-CCDN-CacheTTL
Epwk-X-Cache
X-UnsetCookies
X-CCDN-Origin-Time
X-RAMCache
X-ServedByHost
X-LI-Proto
X-LI-UUID
Srv
X-Edge-Origin-Shield-Region
X-Li-Pop
Cdn
X-Hcs-Proxy-Type
X-Li-Fabric
DataCenter
X-Cdn-Forward
X-Geo
WebServer
X-ND-Cache
WZWS-RAY
M-TraceId
X-Fetch-By
X-Backend-Host
Server-Ttl
X-Time-Microsecs
Warning
X-Esi
X-ID
MIME-Version
ServerName
X-Lb-Nocache
X-Edge-POP
X-B3-Traceid-Primal
ENV
X-App
X-CUA
X-Fastly-Backend-Reqs
XServer
Cf-Device-Type
X-HostName
Fastly-Drupal-HTML
X-MG-S
Dt-Hot-News
X-ElasticPress-Query
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-Yottaa-OS
X-Request-Url
X-Fragments
PICS-Label
Section-Io-Origin-Time-Seconds
X-Newrelic-App-Data
CF-Cached-On
X-ATG-Version
Tracecode
Target-Params
X-HITS
X-Azure-Ref-OriginShield
X-Thanos
Inserted-Into-Cache-At
X-Akamai-Request-ID
X-Bip
X-Request-URL
D-Url-Rewrites
Cf-Ipcountry
X-FC-Vary-Parameters
X-LiteSpeed-Cache-Control
X-Sucuri-Cache
X-Sucuri-ID
X-Fastly-Backend
X-Iplb-Instance
Lfy
X-CF-Powered-By
X-Vcache
X-Iplb-Request-Id
X-Var-Ttl
X-Nc
X-Dw-Trace-Id
X-Serial
Cdn-Requestcountrycode
Cdn-Pullzone
Cdn-Requestid
DT-Hot-News
Cdn-Uid
Cdn-Edgestorageid
Servedby
Cdn-Cachedat
Cdn-Cache
Wp-Super-Cache
True-Client-Ip
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Vercel-Cache
X-Vercel-Id
Vha6-Origin
X-NU-AKA-ACS-Version
Content-Script-Type
CountryCode
X-Release
Content-Style-Type
X-Back
X-Storefront-Renderer-Verified
X-Th-Server
X-BBC-Origin-Response-Status
X-Dist-Code
Fastcgi-Cache-Ttl
Cneonction
Ngx
X-Cache-Expires
X-Varnish-Beresp-Status
X-Snapshot-Date
X-Fastly-Cache-Hits