Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Report-To
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
P3p
NEL
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Request-ID
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-UA-Device
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Server
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Accept-CH
X-Device
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country
X-B3-TraceId
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Trace
Allow
X-Url
X-Content-Type
X-PC
X-TtlSet
X-Vname
X-Aws-Lambda-Call-Status
X-Ac
X-Clacks-Overhead
X-Varnish-TTL
Edge-Control
X-Server-Name
Fastly-Restarts
X-ESI
X-Mod-Pagespeed
Cache-Tag
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
Verso
MS-Author-Via
X-Element-Page-Cache
X-Vcap-Request-Id
X-FastCGI-Cache
X-Upstream
X-Amz-Rid
X-MS-InvokeApp
Public-Key-Pins
X-GitHub-Request-Id
X-Dw-Request-Base-Id
X-Client-IP
X-Cached
X-D2id
X-Abt-Application-Version
X-Cache-TTL
RTSS
X-Cnection
X-Px
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-ORACLE-DMS-ECID
X-Navigation-Version
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Country-Code
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-TTL
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Sol
Display
Pagespeed
X-Middleton-Display
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Version
X-CST
X-Powered-CMS
Response
X-Middleton-Response
X-Origin-Cache
X-LLID
X-MSEdge-Ref
X-RateLimit-Remaining
Nginx-Cache
TCN
X-Kinsta-Cache
X-Edge-Location-Klb
X-Amz-Server-Side-Encryption
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Edge
X-Protected-By
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-T
X-Forwarded-For
X-HP-Webp
X-HP-Trace-Id
X-Shield-Request-Id
X-Jurisdiction
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
Edge-Cache-Tag
X-Aspnetmvc-Version
S
X-Language
SPRequestDuration
Content-MD5
SPIisLatency
Front-End-Https
Fastcgi-Cache
X-Mid
X-Ruxit-Js-Agent
Realpath
Server-Node
X-Frontend
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Filters
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
X-Recruiting
X-NWS-LOG-UUID
Server-Name
X-Ua-Browser
X-Ab
X-Content
X-Ser
X-MCACHE
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Template
X-DynaTrace
X-Correlation-Id
X-Ezoic-Cdn
X-SharePointHealthScore
SPRequestGuid
X-Hits
X-Parallel-Accel
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-ECACHE
X-Tt-Trace-Host
Cache-Tags
X-Tt-Trace-Tag
X-Daa-Tunnel
Charset
X-Page-Id
X-Ttl
Cleartype
Host
X-B3-Sampled
X-Www-Served-By
X-Git-Hash
X-Geo-Country
X-Debug-Info
X-DIS-Request-ID
X-Content-Options
Alternate-Protocol
X-Content-Digest
X-Amzn-Trace-Id
X-Hostname
Accept-Ch
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Cross-Origin-Opener-Policy
X-Ratelimit-Limit
X-Amz-Replication-Status
X-ASPNET-VERSION
Filterid
X-DataDome
X-Grace
X-Varnish-Age
ServerID
X-F-Cache
X-FB-Debug
X-Upgrade-Enabled
X-Accel-Expires
X-AppVersion
X-Az
X-Activity-Id
X-VCache
X-WebKit-CSP-Report-Only
X-XRDS-LOCATION
X-N
X-Nginx-Upstream-Cache-Status
X-Rid
X-Mobile-URL
X-Forwarded-Proto
X-Origin-Server
Access-Control-Allow-Method
X-Type
X-LB-Cache
X-Whom
X-TT
X-Goog-Stored-Content-Length
X-Seen-By
X-Goog-Storage-Class
Viewport
X-App-Environment
X-Aspnet-Duration-Ms
X-Route-Name
X-GUploader-UploadID
X-Goog-Generation
X-Is-Crawler
X-Goog-Stored-Content-Encoding
X-Providence-Cookie
X-Flags
X-Request-Guid
X-Tb
X-Goog-Metageneration
Payment
X-Fastly-Request-Id
X-Ratelimit-Reset
X-Fastly-Request-ID
X-Varnish-Grace
X-Distributor
X-FW-Server
X-FW-Static
X-User-Agent
X-FW-Type
Node
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
Paypal-Debug-Id
X-Server-ID
DC
X-Wix-Request-Id
Country
Accept-Charset
TP-Cache
TP-L2-Cache
Fastcgi-Useragent
X-Fastcgi-Cache
X-App-Server
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Oneagent-Js-Injection
X-Cache-Rule
X-Cache-Control
X-Via-JSL
X-Cluster-Name
X-Litespeed-Cache
X-NGENIX-Cache
X-Drupal-Cache-Tags
X-Webkit-Csp
Version
X-Cache-Age
X-Microsite
X-Request-Handler-Origin-Region
X-Signature
X-B-Cache
Cache-Status
X-Contextid
X-Buckets
Referer-Policy
X-Node-Name
X-Logged-In
Refresh
X-Mobile
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
SD-X-WS
Amp-Access-Control-Allow-Source-Origin
X-Origin-Upstream-Status
X-Original-Request-Id
X-Response-Served-From
X-Jobs
X-Is-Bot
X-Vgn-Hpd-Reason
X-Rendered-As
X-Real-IP
X-Cache-Expired-At
X-Browser-Type
X-B
Access-Control-Request-Headers
X-Varnish-Backend
X-IPLB-Instance
X-Cacheable-TTL
NGB
X-Erf-Bev-Bev
X-Revision
X-Debug
X-Load-Cache
X-Erf-Bev-Bev-Is-Generated
X-Proxy-Cache-Status
X-Proxy
X-Page-View
X-Yottaa-Metrics
X-Device-Type
X-Cache-Action
X-Yottaa-Optimizations
X-Rule
Surrogate-Key
Akamai-GRN
X-UUID
X-Framework
X-G
X-Instance
X-ProcessESI
X-RemovedCookies
X-Debug-IsConnected
X-Cache-Time
X-Debug-IsPreview
X-Drupal-Cache-Contexts
X-FW-Version
SID
X-Accel-Buffering
CF-IPCountry
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Count-Hit
X-Cache-NGX
X-Presslabs-Stats
X-Air-Source
X-Nginx-Cache
X-Air-Hostname
GEO-INFO
X-Air-Trace-Id
Uber-Trace-Id
X-Cache-Operation
X-Azure-Ref
X-Source
X-RateLimit-Limit
X-Ms-Version
X-PressLabs-Stats
X-Ms-Request-Id
X-Zen-Fury
X-APP-VERSION
X-EdgeConnect-Cache-Status
Protected
X-Trace-Id
X-XRDS-Location
Frame-Options
DynaTrace
X-RTag
X-Cache-Hit
MS-CV
WPO-Cache-Message
Ms-Operation-Id
WPO-Cache-Status
X-Servername
Liferay-Portal
X-CDN-Forward
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Backend-Name
X-Cache-TTL-Remaining
X-Hyper-Cache
Ec-Rule-Version
Healthy
Cross-Origin-Window-Policy
Countrycode
X-IPS-LoggedIn
X-Tumblr-Pixel
X-Mode
Xserver
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-L-Path
X-Environment-Context
Content-Disposition
X-Varnish-Server
Backend
X-Adobe-Loc
X-Adobe-Content
X-JoinUs
Meta-Geo
X-Tid
X-Detected-As
X-RN-RSRV
X-Rewrite-Enabled
LB
X-SaId
Url
X-Cache-Grace
X-UPSTREAM-Address
X-Cache-Server
X-Ratelimit-Remaining
Country-Code
X-Sorting-Hat-ShopId
Decoy-Debug-Key
Decoy-Debug-Status
X-Sorting-Hat-PodId
X-Content-Age
X-Uri
X-Routing-Service
X-Zipkin-Id
X-Redis-Cache
Eomportal-Instance
Decoy-Debug-TTL
X-Proxied
X-Extlb
X-Debug-Cache
X-Alternate-Cache-Key
X-ShopId
X-Format
X-ShardId
X-Region
X-Shopify-Stage
X-Generation-Time
Apigw-Requestid
X-NCache
X-PERF
X-Via-Fastly
X-PCL
X-PHP-Backend
X-ApacheServer
X-Origin-Date
X-OCL
CDN-Uid
Mn-Server-Ip
X-Hosted-By
X-Forwarded-Host
Cache-Name
X-Access
X-Human
CDN-RequestId
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-Cache
X-Site-Version
X-Sql-Count
X-Section
Retry-After
X-ServerID
X-Status
X-UA-Device-Type
X-FB-TRIP-ID
X-Sql-Duration-Ms
Selected-Fe
Property-Id
X-SayCDN-TTL
TWC-Connection-Speed
TWC-Device-Class
X-ProxyCache-Status
X-Pubstack
X-Timing-Wait
X-Generated-By
X-Say-Cacheable
Fastly-SSL
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Storage
X-Web-Node
X-Content-Powered-By
X-Cluster-Node
Webcakes-Region
Webcakes-App-Version
TWC-Locale-Group
TWC-Privacy
X-ProxyCache-Key
Webcakes-App-Name
X-Proxy-Build
X-NYM-Debug-Backend
X-Microcachable
X-Varnish-Beresp-Grace
Cache-Tv-Group
X-Akamai-Edgescape
X-Say-TTL
X-BYPASS-REASON
X-No-Session
X-Cache-Host
X-Server-W
X-Cache-Type
X-Origin-Hint
X-Varnishpool
X-Be
X-Hl-Ver
X-Soup
X-R9-Blue-Green-Version
Azure-RegionName
Azure-InstanceId
X-Nginx-Cache-Key
Azure-SiteName
X-NewRelic-App-Data
Content-Secure-Policy
Azure-SlotName
Section-Io-Cache
Azure-Version
X-TIME
X-LSADC-Cache
X-Ua
X-Cache-Remote
X-Unique-Id
X-Webkit-CSP
DB-Nickname
X-Dc
X-Cached-By
X-Azure-Ref-OriginShield
X-Bc-Bl
X-Platform-Server
X-TT-LOGID
X-Xfnlog-Site
X-Auto-Login
Cache
Source
OT-Force-Account-Verify
X-Akamai-Transformed
From-Origin
X-Cache-Tags
ServedBy
Upgrade-Insecure-Requests
SRV
Xet-Cookie
X-LAGOON
HostName
X-GEO
X-Varnish-Cache-Hits
X-Origin-TTL
X-Origin-CC
X-AOL-HN
X-ECache
X-Request-Time
X-NWS-UUID-VERIFY
X-Cdn
X-CSRF-Token
X-Correlation-ID
Cache-Hits
X-Varnish-Hits
Mime-Version
X-Varnish-Hostname
X-Request-Host
WP-Super-Cache
X-S-Maxage
Webserver
X-TNCMS
Onion-Location
X-Loop
X-HTML-Minification-Powered-By
X-App-Version
X-Time
X-FireWall-Port
X-EC-Lua
X-Cache-Enabled
X-Tumblr-Pixel-3
S-Rt
X-Akamai-Request-ID2
X-Tumblr-Pixel-2
X-Handled-By
Web-Mar-Node
X-Http-Reason
X-Endurance-Cache-Level
N-Cache
X-Reqid
X-RCS-CacheZone
X-Adobe-Source
X-Origin-Response-Time
X-B3-SpanId
X-Proto
X-SRV
X-Tenant
DCR-Processing-Time-Ms
DCR-Decision-By
X-Ftr-Request-Id
BehaviorPad-Version
X-Forwarded-Path
X-Gen-Mode
Server-Info
X-A-Wwc
Xc-Version
X-NAPM-TraceId
X-ND-Cache
X-Ig-Push-State
X-Hnp-Log
X-Mg-Request-UUID
X-GG-Cache-Date
Expiry
A
X-Destination
X-B-Cookie
X-ARC
X-Application
X-Backend-TTL
X-Block-Status
Sslversion
Surrogated-Key
User-Cache-Control
V-Age
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A
Vix-Hermes-Req-Id
X-Aed
X-Cache-NE
X-CF-Lambda-Fn
X-D
Meta-Geo-Continent
Mobile-Detection-Method
X-Orig-Expires
X-Developer
X-External-Request-Id
X-Epic-Correlation-Id
X-Connection-Hash
Odigeo-Trace-Id
Redirect-Candidate
X-CF-Lambda-Version
Rendered-Blocks
Pramga
X-Ckpd-Fst-Backend
X-Conf
X-Cluster
Fastcgi-X-Cache-Version
X-AWS-Id
X-Planisys-CDN-TTL
X-SRCache-Key
X-SD-PageType
X-ScT
X-Planisys-CDN-Rules
X-Vtex-Processado-Em
X-Processor
X-Slack-Backend
X-Session-Fingerprint
X-Vtex-Remote-Cache
X-Shop-Environment
X-VWS-Id
X-Amz-Meta-S3cmd-Attrs
X-V-Cache
X-TIM-N
X-Vdms-Path
X-Rojux
X-PBS-Appsvrname
X-PAYTM-SRV-ID
Nel
X-S
X-Vdms-Version
X-S-Cookie
X-Planisys-CDN-Cache
X-VG-WebCache
X-LJ-Flow-ID
X-Locale
X-Edge-Location
X-Time-Microsecs
X-MP-GENERATED-AT
X-Magnolia-Registration
X-Server-IP
Cmstype
Gh-Request-Id
X-Fetched-On
X-Origin
X-Forwarded-Site
X-Date
DSUID
X-Device-Os
Fastcgi-Cache-TTL
Host-ID
X-SVT-ORM-RULES
X-Viewer-Country
True-Client-Country-4JS
Traceparent
X-Aicache-OS
X-Accel-Expires-Debug
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Svr
X-Cache-Bucket
Origin-EX
Origin-CC
Origin
Cmsid
X-Cdn-Srv
X-Cache-Date
X-Cache-Info
X-SVT-ORM-VERSION
X-Core-Mission
X-Scheme
X-Gdpr
X-Policy
X-Hash
X-Webstats-RespID
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Location
X-Men
X-Old-Content-Length
X-Origin-Expires
X-Nyt-Route
X-NodeID
X-Mvc-Supplant-Cachable
X-Origin-Time
X-Request-URI
X-Proxy-Upstream
CacheControlHeader
Apple-News-Services-Request-Url
X-Geo-Header
Apple-News-Services-Handled
Arc-Country
AKAMAI
Apple-News-Services-Parsed-Url
CDCHOST
X-Rocket-Nginx-Serving-Static
Apple-News-Services-Host
X-Via-NSCOPI
CloudFront-Viewer-Country
X-ATG-Version
X-Li-Fabric
X-Branch-Name
X-Thinkindot-L3
X-Irp-Debug
X-Labrador-Cache-Channel
X-Li-Pop
X-BBC-Edge-Cache-Status
X-Level-Front-Cache
X-VServer
X-UnsetCookies
X-Generated-On
X-Owner
X-Node-Id
X-VG-TLSProxy
X-Gamma-Serve
X-VarnishDD-TTL
X-PHP-Host
X-LI-UUID
X-TrackingId
X-Fastly-Backend
X-Rocket-Build-Number
X-Cdn-Origin
X-Sn-Servicetimems
X-Fastly-Cache
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Region-Sid
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-GeoIP
X-Served-From
X-Developers
X-GeoIP-City
X-Req
X-Sigma
X-Sigma-Backend
X-HS-Content-Campaign-Id
X-Platform
X-Eu-Site
X-Cache-Id
X-Cache-Debug
X-Sucuri-ID
X-Sucuri-Cache
X-HN
X-Gzip
X-Skip-Cache
X-CGP
X-Storefront-Renderer-Rendered
X-TH-Server
X-Esi-Check
PFcat
Mail-Subject
Locid
Release
Req-Svc-Chain
Ssr
Server-Host
L5d-Success-Class
L
X-Amz-Apigw-Id
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Ttl
X-Amzn-RequestId
Fastly-GeoIP-CountryCode
HA-Ipaddr
Ha-Gx-Prefs
State
Machine
Thinkindot-CacheControl
We-Hiring
Web-Mar-Region
Thinkindot-CacheControl-Type
Thinkindot-Control
TDXMobile
X-Zone
Accept-Language
Environment
Fastly-SWR
Is-Eu
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Qloud-Router
Fastly-SIE
X-Envoy-Decorator-Operation
X-Amzn-Remapped-Content-Length
X-FC-Vary-Parameters
X-DefElseHash
X-DPWN-IS-SECURE
X-Has-Esi
X-Is-Gdpr
Cf-Device-Type
X-Loc
X-JWT-State
Platform
Memcached
X-Varnish-CookieINHashed-On
X-Varnish-Beresp-Ttl
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Worker
Fastly-Drupal-Html
X-Pod-Name
Adler-Geo
X-Variation
X-DefHash
X-Varnish-Beresp-Status
X-Response-By
X-Core-Value
X-Restarts
X-Srv
NM-Fastcgi-Cache
X-Xrds-Location
X-Cache-Var
X-RPM
X-RPS
X-Cache-Var-Map
X-VC-Cache
X-DW
X-DI
X-DB
X-Action
NGX
Magicmarker
X-DSS
X-NU-AKA-ACS-Version
X-RSL
X-Cache-Backend
X-Backend-State
X-TraceId
X-Ua-Device
X-Tx-Id
Kp-EeAlive
X-Wix-Viewer-Type
Edge-Cache
X-NC
X-CS
X-LB-ID
X-CLOUD-TRACE-CONTEXT
X-LB-NoCache
X-Optimistic-Header
CDN
X-Generated-In
X-CacheTTL
X-Minions-Version
X-API-Version
X-Up
X-Request-Start
X-Mvc-Supplant-OutputCached
X-Tb-Optimization-Total-Bytes-Saved
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
Ms-Author-Via
X-Bip
Time
X-Trace-ID
X-Thanos
Pics-Label
Memory
X-Tt-Logid
X-M-Log
X-M-Reqid
X-Qnm-Cache
Env
X-Edge-Pop
X-Refresh
X-Cache-Config
WebServer
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-TA-CDN-Provider
X-Ec-GeoHdr
X-User
X-Ec-Fail
X-HA-Backend
GeoIp-Country-Code
X-Parent-Response-Time
X-CACHE-KEY
X-DC
Datacenter
X-Cs
NtCoent-Length
Candidate-Md5Url
X-Esi
X-Servedbyhost
Server-ID
X-DynaTrace-JS-Agent
X-Vc
X-MSEdge-Flight
X-Dynatrace
Cdncip
Cdnsip
X-MSEdge-Features
X-TX-ID
X-AK-Request-ID
X-ZONE
X-Clara-WADP
X-Fmm-Version
X-WADP-Cache
WWW-Authenticate
My-App
On-Server
Cluster
X-Varnish-Beresp-TTL
X-Datadome
DataCenter
X-Pass-Why
Geoip-Latitude
X-CUA
Tracecode
Esi-Enabled
X-Li-Proto
X-Var-Ttl
T-Server
X-Cache-Ttl
X-App
X-Traceid
X-Fpc
X-VCL-Version
Lfy
X-URL
X-B3-Spanid
X-Fragments
Lang
X-FPC
X-LI-Proto
X-From
C-Via
X-Cache-PHP
X-Unique-ID
X-Webkit-Csp-Report-Only
X-Service
Geo-Info
X-Vcl-Version
Cf-Int-Pingora-Origin-Digest
X-VC
Fastly-Drupal-HTML
Proxy-Connection
X-Newrelic-Synthetics
Target-Params
X-Webkit-CSP-Report-Only
X-NODE
Test
X-Provided-By
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Mcache
Resin-Trace
X-RAMCache
X-Cache-Status-Check
X-LiteSpeed-Cache-Control
Server-Id
M-TraceId
X-Render-Time
MIME-Version
X-Ha-Backend
Permissions-Policy
X-CSRF-TOKEN
X-Httpd
X-Geo
X-ID
Servername
X-Proxy-Cache-Info
WZWS-RAY
Hostname
FSS-Cache
GeoIP-Country-Code
X-ServedByHost
X-Api-Version
Hit
X-Clientip
Producers
X-Udemy-Cache-App-Namespace
X-Dynatrace-Js-Agent
X-Via-PopH
X-Via-PopN
X-Platform-Router
X-Pool
X-Edge-POP
X-Cdn-Forward
X-Via-PopV
X-Pad
X-Platform-Processor
X-Platform-Cluster
ENV
X-SB
X-Scale
X-Ec-Custom-Error
X-Oss-Server-Time
UCS
X-Fastly-Backend-Reqs
X-Oss-Object-Type
X-Oss-Request-Id
X-Edge-Cache
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-LiteSpeed-Tag
X-NGINX-Cache
HIT
Cache-Host
X-AIR-PT
X-Info
Section-Origin-Responded
X-HS-Status
S-Cnection
X-Dispatcher-Number
MD5-Digest
Cneonction
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Ucs
X-ElasticPress-Query
X-SIPLIST1
X-Acquia-Application-Trace
X-Via-Ucdn
Server-Hostname
X-Check-Cacheable
Sever-Int
Cf-Ipcountry
X-BBC-Origin-Response-Status
X-UP
URI
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
ServerName
X-GoCache-CacheStatus
X-Lb-Nocache
X-Cache-CFC
PICS-Label
Uri
X-Acquia-Site
X-Cache-Expires
IsBot
Server-Ext
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Cms-Context
Ohc-File-Size
X-Release
X-Lb-Id
Tcn
X-Cdn-Request-ID
X-Micro-Cache
Cteonnt-Length
Fastly-Backend-Name
X-Nc
Server-Ttl
X-Fastly-Cache-Hits
User-Agent
X-Swift-Error
X-Snapshot-Date
X-RateLimit-Reset
X-Dw-Trace-Id
X-Vcache
X-Wikidot-Backend
X-Yottaa-OS
X-Akamai-ERPolicy
X-Wikidot-Static-Cache
X-Akamai-ERRuleID
Wpo-Cache-Message
X-B3-ParentSpanId
Wpo-Cache-Status
CF-Cached-On
X-Newrelic-App-Data
X-Backend-Host
Vha6-Origin
Ngx
X-Air-Pt
X-ServerName
X-Cache-Ngx
Load-Balancing
X-HostName
Sid
X-Fetch-By
X-IN-APIGATEWAY
X-B3-Parentspanid
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
X-Shopify-Generated-Cart-Token
X-Http-Count
X-Apw-Access-Token
X-Apw-Access-Object
X-Varnish-Authentication
Shield-Pop
X-Cache-ASPX
X-Apw-Hits
Req-ID
X-BCube-Filmed-By
CountryCode
X-Logging-Id
X-Sentry-ID
X-Apw-Access-Action
X-APP
X-UA
EpKe-Alive
X-Contensis-Viewer-Groups
X-Last-Modified
X-Te-Duration-Ms
X-Akamai-Pragma-Client-IP
X-CacheKey
X-Http-Duration-Ms
X-Te-Count
X-Akamai-Request-ID