Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Check
X-Request-ID
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
EagleId
X-Akamai-Path-Stats
X-Dns-Prefetch-Control
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-UA-Device
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
X-WebKit-CSP
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
Accept-CH-Lifetime
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Content-Location
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
Fastly-Restarts
X-Country
X-MS-InvokeApp
X-Rack-Cache
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Accept-Ch
Accept-Ch-Lifetime
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-Amz-Server-Side-Encryption
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Amz-Rid
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
Public-Key-Pins
X-Px
X-Cnection
X-D2id
X-Edge
X-FastCGI-Cache
X-RateLimit-Remaining
X-Ac
X-Ser
X-Navigation-Version
X-Element-Page-Cache
Verso
X-Client-IP
X-Abt-Application-Version
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Powered-By-Plesk
X-Ttl
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Country-Code
X-Correlation-Id
Response
X-Middleton-Response
X-NF-Request-ID
Access-Control-Request-Method
X-Content-Security-Policy-Report-Only
X-Goog-Hash
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
X-Kinsta-Cache
X-Cached
X-Edge-Location-Klb
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Ua-Device
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
X-Upstream
X-Kraken-Loop-Name
X-LLID
X-Server-Lifecycle-Phase
X-Instrumentation
Edge-Cache-Tag
X-NWS-LOG-UUID
X-RateLimit-Limit
X-Litespeed-Cache
X-Forwarded-For
Nginx-Cache
X-Cache-Key
Content-MD5
X-MSEdge-Ref
X-Shield-Request-Id
X-TTL
Mrf-Cache-Status
MRF-Tech
X-Id
TCN
X-T
X-B3-TraceId-Primal
S
X-Recruiting
X-Daa-Tunnel
X-Content-Digest
X-ECACHE
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-DataDome
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Mg-S
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-Protected-By
X-HS-Cache-Config
MS-Author-Via
X-Ezoic-Cdn
X-HS-Content-Id
X-HS-Hub-Id
X-Grace
MicrosoftSharePointTeamServices
X-HS-Combine-CSS
X-Ab
X-Content
X-DynaTrace
X-Ua-Browser
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Frontend
X-Yandex-Sdch-Disable
TP-L2-Cache
TP-Cache
Filters
Front-End-Https
X-Server-ID
X-PressLabs-Stats
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-Webkit-Csp
X-Request-Handler-Origin-Region
X-Microsite
X-LB-Cache
X-Tt-Trace-Host
X-Amzn-Trace-Id
X-Tt-Trace-Tag
Charset
Host
Cleartype
X-Debug-Info
X-Page-Id
X-Git-Hash
Cross-Origin-Opener-Policy
X-F-Cache
X-Ratelimit-Reset
X-Forwarded-Proto
X-B3-Sampled
X-Cache-Age
X-ORACLE-DMS-ECID
X-DIS-Request-ID
X-Fastly-Request-Id
X-Www-Served-By
Cache-Status
X-Seen-By
X-ORACLE-DMS-RID
Access-Control-Allow-Method
Realpath
X-Az
X-Activity-Id
X-AppVersion
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
ServerID
Accept-Charset
X-Aspnetmvc-Version
X-Mcache
Filterid
X-Varnish-Age
Cache-Tags
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Rid
X-Content-Options
X-Type
X-Language
Retry-After
X-App-Environment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Server-Name
X-FB-Debug
X-Upgrade-Enabled
X-Tb
Viewport
X-MCACHE
Node
X-User-Agent
Country
X-Drupal-Cache-Tags
Paypal-Debug-Id
DC
X-Varnish-Grace
X-Varnish-Backend
X-Wix-Request-Id
X-Whom
X-TT
X-Origin-Cache
X-Signature
X-Oneagent-Js-Injection
X-B-Cache
X-Mobile-URL
X-GUploader-UploadID
X-XRDS-LOCATION
X-Flags
X-Providence-Cookie
X-Request-Guid
X-B
X-Route-Name
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
Permissions-Policy
X-VCache
X-NWS-UUID-VERIFY
Protected
X-Debug
Fastcgi-Useragent
X-Logged-In
WPO-Cache-Status
WPO-Cache-Message
X-Amz-Replication-Status
X-Cache-NGX
X-N
X-Amz-Meta-S3cmd-Attrs
Payment
X-Via-JSL
X-Load-Cache
Surrogate-Key
X-Cache-Control
X-Contextid
Amp-Access-Control-Allow-Source-Origin
X-Webkit-CSP
Count-Hit
Healthy
X-Node-Name
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-FW-Hash
X-FW-Dynamic
X-XRDS-Location
X-Template
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-Mobile
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
Content-Disposition
Refresh
Akamai-GRN
X-Proxy
X-Trace-Id
X-Cache-Time
X-G
X-Revision
X-Cache-TTL-Remaining
X-Jobs
X-Zen-Fury
X-NGENIX-Cache
Uber-Trace-Id
Url
Alternate-Protocol
X-Akamai-Request-ID2
X-Framework
X-Real-IP
X-UUID
X-Device-Type
X-Drupal-Cache-Contexts
NGB
X-Debug-IsPreview
X-Proxy-Cache-Status
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Adobe-Content
X-Cacheable-TTL
X-Debug-IsConnected
X-Is-Bot
X-Adobe-Loc
X-Restarts
X-Rendered-As
X-Cache-Grace
X-Http-Reason
X-Hostname
X-Instance
X-Yottaa-Metrics
Access-Control-Request-Headers
X-COUNTRY
X-Servername
X-Page-View
X-Yottaa-Optimizations
X-Mg-Request-UUID
X-ECache
X-Varnish-Server
X-Midtier
X-B3-Traceid
X-IPLB-Instance
X-L-Path
Version
X-Environment-Context
X-EdgeConnect-Cache-Status
X-Source
Accept-Language
X-HTML-Minification-Powered-By
X-Fastly-Request-ID
Ms-Operation-Id
MS-CV
X-RTag
Countrycode
X-Fastcgi-Cache
From-Origin
Frame-Options
X-Cache-Hit
X-Cache-Rule
X-Vgn-Hpd-Reason
X-Cache-Expired-At
X-NYM-Debug-Backend
Referer-Policy
Liferay-Portal
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-APP-VERSION
Backend
X-IPS-LoggedIn
X-Datadome
X-FW-Version
Content-Secure-Policy
X-Hosted-By
Meta-Geo
X-UPSTREAM-Address
X-Unique-Id
X-Cache-Server
X-RN-RSRV
X-Parallel-Accel
Upgrade-Insecure-Requests
Section-Io-Cache
X-Ua
X-NewRelic-App-Data
X-FB-TRIP-ID
X-Redis-Cache
X-OCL
X-PCL
X-Generation-Time
X-Cache-Enabled
X-No-Session
X-Nginx-Cache
WP-Super-Cache
Azure-Version
TWC-Connection-Speed
X-Request-Time
X-Origin-Date
TWC-GeoIP-LatLong
X-Access
Azure-SlotName
Webcakes-App-Version
Property-Id
TWC-Privacy
X-RemovedCookies
Azure-RegionName
Mn-Server-Ip
Webcakes-Region
Webcakes-App-Name
X-Varnish-Cache-Hits
X-PHP-Backend
X-Origin-Hint
X-Content-Age
X-Be
TWC-GeoIP-Country
Apigw-Requestid
X-ProcessESI
X-Uri
X-UA-Device-Type
X-AOL-HN
X-Cluster-Node
Azure-InstanceId
X-Via-Fastly
X-Server-W
TWC-Device-Class
Azure-SiteName
X-Format
X-Akamai-Edgescape
X-Section
TWC-Locale-Group
CF-IPCountry
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Content-Powered-By
X-Nginx-Cache-Key
X-ApacheServer
X-Shopify-Stage
X-Sql-Duration-Ms
X-Alternate-Cache-Key
X-Ratelimit-Remaining
X-ShardId
X-ShopId
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Forwarded-Host
Locale
S-Rt
X-PHP-Host
X-Labrador-Cache-Channel
X-Generated-By
Eomportal-Instance
X-Locale
Cache-Tv-Group
X-Human
X-Sql-Count
Fastly-SSL
X-Storage
X-Site-Version
X-BYPASS-REASON
X-Region
X-ProxyCache-Key
X-Say-TTL
X-Mode
X-ProxyCache-Status
X-SayCDN-TTL
X-Status
X-PERF
X-Say-Cacheable
X-Cache-Host
X-Xfnlog-Site
X-Platform-Server
X-VWS-Id
X-Varnishpool
X-LJ-Flow-ID
X-Hl-Ver
X-Cache-Type
X-SaId
Ec-Rule-Version
X-JoinUs
X-VC-Cache
X-Cache-Action
X-Debug-Cache
X-Web-Node
X-Backend-Name
X-Tid
X-ServerID
X-AWS-Id
X-Adobe-Source
X-Cms-Context
X-Detected-As
X-Cache-Tags
X-Zipkin-Id
X-Handled-By
X-GG-Cache-Date
X-Routing-Service
X-Proxied
X-Extlb
Selected-Fe
X-Timing-Wait
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-Cache
X-Proxy-Build
Load-Balancing
CDN-PullZone
CDN-CachedAt
CDN-Uid
CDN-RequestId
X-Storefront-Renderer-Rendered
ServedBy
X-Edge-Location
X-Dc
X-Proto
X-GeoCountry
SRV
X-GeoCode
X-LSADC-Cache
Web-Mar-Node
X-Hyper-Cache
Fastly-Drupal-Html
X-CDN-Forward
Mime-Version
X-Rule
Onion-Location
X-Cache-Operation
Webserver
X-Cached-By
X-GEO
X-TT-LOGID
X-Cache-Remote
X-Varnish-Hostname
X-Rewrite-Enabled
X-Cdn
X-Soup
X-App-Version
SID
Cache-Hits
X-SRV
X-Varnish-Ttl
X-Cluster
Xserver
X-Pubstack
X-Accel-Buffering
X-Varnish-Hits
X-Origin-TTL
X-TA-CDN-Provider
X-Origin-CC
X-Reqid
Country-Code
Xet-Cookie
X-Ratelimit-Limit
X-Magnolia-Registration
X-IPLB-Request-ID
LB
X-Envoy-Decorator-Operation
X-Microcachable
Server-Info
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-MP-GENERATED-AT
X-Buckets
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
Cache
X-Request-Host
DB-Nickname
Source
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Newrelic-Synthetics
X-Ms-Version
X-CSRF-Token
X-Ms-Request-Id
X-Endurance-Cache-Level
X-Tt-Logid
X-Tx-Id
X-B3-SpanId
Meta-Geo-Continent
MD5-Digest
DCR-Decision-By
BehaviorPad-Version
Cdncip
A
X-Via-NSCOPI
X-Origin-Response-Time
Cdnsip
Mobile-Detection-Method
Host-ID
Fastcgi-X-Cache-Version
Expiry
DCR-Processing-Time-Ms
Lang
X-CF-Lambda-Fn
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Processor
X-Rojux
X-S-Cookie
X-S
X-Orig-Expires
X-NAPM-TraceId
X-Ftr-Request-Id
X-Forwarded-Path
X-Geo-Header
X-Gzip
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-ScT
X-SD-PageType
X-Vdms-Version
X-Vdms-Path
X-VG-WebCache
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
X-User
X-TrackingId
X-Shop-Environment
X-Session-Fingerprint
X-SRCache-Key
X-Tenant
X-TIM-N
X-External-Request-Id
X-Esi-Check
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-AK-Request-ID
X-Aed
X-A-Ccd
T-Server
Pramga
Odigeo-Trace-Id
Rendered-Blocks
Sslversion
Surrogated-Key
X-Application
X-ARC
X-Destination
X-D
X-Developer
X-Ec-Fail
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Connection-Hash
X-Conf
X-Cache-Id
X-B-Cookie
X-Cache-NE
X-Cdn-Srv
X-CF-Lambda-Version
NM-Fastcgi-Cache
X-A
X-Bc-Bl
X-NCache
X-RCS-CacheZone
X-GeoIP
X-NodeID
Cmstype
Cmsid
X-Cache-Backend
X-Hash
We-Hiring
X-Nyt-Route
X-SVT-ORM-RULES
X-Node-Id
X-Skip-Cache
Adler-Geo
AKAMAI
X-Sigma-Backend
X-Origin
X-Cache-Bucket
X-Server-IP
Machine
Mail-Subject
Memcached
Is-Eu
Wxu-Next-Region
X-Rocket-Build-Number
X-Mvc-Supplant-Cachable
X-Irp-Debug
Fastly-GeoIP-CountryCode
X-Scheme
X-Amzn-Remapped-Content-Length
X-V-Cache
Environment
Wxu-Next-Commit
X-SB
Wxu-Next-Hostname
X-Sigma
X-SVT-ORM-VERSION
X-Core-Value
X-Origin-Expires
X-Fetched-On
X-Fmm-Version
X-Ckpd-Fst-Backend
X-Variation
X-Fastly-Cache
X-Origin-Time
X-Developers
X-Device-Os
X-DPWN-IS-SECURE
X-DefHash
Server-Host
X-DefElseHash
Producers
X-Clara-WADP
X-Gdpr
X-WADP-Cache
X-Via-Ucdn
X-Cache-Info
X-CacheTTL
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Worker
Platform
X-Time
X-Varnish-Beresp-Grace
X-Azure-Ref
CDN
Cache-Name
Thinkindot-Control
Ssr
Svr
V-Age
Web-Mar-Region
Thinkindot-CacheControl
User-Cache-Control
TDXMobile
Vix-Hermes-Req-Id
Thinkindot-CacheControl-Type
Traceparent
State
X-Auto-Login
X-Forwarded-Site
X-CGP
X-Cdn-Origin
X-Gamma-Serve
X-Generated-On
X-Gen-Mode
X-Core-Mission
X-Csrf-Jwt
X-Datadog-Trace-Id
X-Ec-Custom-Error
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Eu-Site
X-Cache-Date
X-Branch-Name
X-LAGOON
X-Aicache-OS
X-Level-Front-Cache
X-Loc
X-R9-Blue-Green-Version
X-Httpd
X-Hnp-Log
X-BBC-Edge-Cache-Status
X-Block-Status
X-GeoIP-City
X-Planisys-CDN-Cache
X-HN
X-Minions-Version
Origin
X-Sn-Servicetimems
X-Slack-Backend
X-ZONE
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
CDCHOST
Ohc-File-Size
Fastcgi-Cache-TTL
Fastly-SIE
X-Served-From
Cluster
Datacenter
CloudFront-Viewer-Country
Apple-News-Services-Handled
X-Thinkindot-L3
DynaTrace
X-JWT-State
X-Wix-Viewer-Type
Cache-Key
X-BCube-Filmed-By
Candidate-Md5Url
X-Is-Gdpr
X-Has-Esi
X-VG-TLSProxy
X-VarnishDD-TTL
X-Viewer-Country
X-Wikidot-Backend
Kp-EeAlive
X-Wikidot-Static-Cache
Fastly-SWR
X-SIPLIST1
Gh-Request-Id
PFcat
Origin-CC
X-Pool
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Policy
X-Pod-Name
Req-Svc-Chain
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Release
X-Platform
Redirect-Candidate
X-Qloud-Router
Origin-EX
Ha-Gx-Prefs
L5d-Success-Class
X-RateLimit-Limit-Second
IsBot
HA-Ipaddr
X-Rocket-Nginx-Serving-Static
X-Request-URI
L
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Xrds-Location
X-Scale
X-SplitTest
X-Ad-Defer-Variation
VNS-Age
GEO-INFO
CPC-Cache
CPC-Age
VNS-Cache
X-Owner
NGX
X-From
X-Webstats-RespID
X-Dispatcher-Number
Server-Ext
Server-Hostname
X-TNCMS
X-Loop
Sever-Int
X-VServer
X-Optimistic-Header
N-Cache
X-Cache-Status-Check
DSUID
HostName
X-Parent-Response-Time
X-Refresh
Pics-Label
X-WP-CF-Super-Cache
X-Tec-Api-Version
X-WA-Info
XM
X-Tec-Api-Origin
X-Location
Fastly-Backend-Name
X-WP-CF-Super-Cache-Cache-Control
X-Tec-Api-Root
X-Tb-Optimization-Total-Bytes-Saved
X-CS
X-CACHE-KEY
Env
Locid
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-NC
X-AIR-PT
X-Ah-Environment
X-Micro-Cache
X-TIME
X-EC-Lua
Ms-Author-Via
X-VC
X-Udemy-Cache-App-Namespace
X-Varnish-Authentication
Arc-Country
X-Response-By
X-Men
X-LB-NoCache
Servername
X-Edge-Pop
AMP-Access-Control-Allow-Source-Origin
Path
X-Amz-Meta-Cb-Modifiedtime
Memory
X-Servedbyhost
X-TraceId
Time
X-Old-Content-Length
Lb
Cache-Host
X-DSS
Ngx.Var.Host
X-RPM
X-DI
X-DW
X-Srv
X-RPS
X-DB
X-Mvc-Supplant-OutputCached
X-RSL
X-Generated-In
Ohc-Cache-HIT
X-Date
X-Via-Popv
X-Akamai-Transformed
X-Via-Popn
X-Via-Poph
GeoIp-Country-Code
X-Accel-Expires-Debug
ITXSESSIONID
X-Vc
X-Proxy-CacheRZ
X-Api-Version
X-RateLimit-Reset
XkeyRZ
X-HA-Backend
Client
X-S-Maxage
X-Varnish-Beresp-TTL
X-VCL-Version
True-Client-IP
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Clientip
X-API-Version
FSS-Cache
X-Cache-Debug
Geoip-Latitude
X-VHOST
X-Cs
X-DC
X-Trace-ID
Hostname
Server-ID
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
X-Presslabs-Stats
X-Fpc
CacheControlHeader
X-TH-Server
X-Dmc
X-Action
X-Zone
True-Client-Country-4JS
X-Webkit-Csp-Report-Only
X-Render-Time
X-Backend-TTL
X-MSEdge-Features
Powered-By
X-MSEdge-Flight
X-FireWall-Port
X-NGINX-Cache
X-TX-ID
X-Traceid
NtCoent-Length
X-PX
X-B3-Spanid
X-INCAP-ABP
Test
X-CSRF-TOKEN
X-Gateway-Skip-Cache
Tcn
C-Via
Edge-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Req
X-DynaTrace-JS-Agent
X-Gateway-Request-Id
Geo-Info
X-Cdn-Request-ID
My-App
Click-Count-Error
Rip
X-Pass-Why
X-FPC
X-HS-Status
Tube-Get-Contents
Tube-Got-Eval
Esi-Enabled
HIT
Click-Count-Action-Start
X-Service
Tube-Got-Results
Tube-Return
X-M-Reqid
X-Correlation-ID
X-Origin-Upstream-Status
X-Beluga-Cache-Status
X-Beluga-Node
User-Agent
On-Server
X-Webkit-CSP-Report-Only
X-Beluga-Record
X-Beluga-Response-Time
X-Qnm-Cache
X-M-Log
X-Beluga-Trace
X-Beluga-Status
Server-Id
X-Alfa-Service
X-Ha-Backend
Cf-Int-Pingora-Origin-Digest
OT-Force-Account-Verify
X-Provided-By
X-Up
X-Vcl-Version
X-Varnish-Beresp-Ttl
X-TRACE-ID
Resin-Trace
X-Proxy-Cache-Hk
X-Via-PopH
X-LB-ID
Srvid
X-Via-PopV
X-Via-PopN
Uri
Proxy-Connection
X-URL
WebServer
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-APP
Sid
GeoIP-Country-Code
GeoIP-Latitude
X-Edge-Origin-Shield-Bytes
X-Akamai-Pragma-Client-IP
X-Edge-Origin-Shield-Region
X-UnsetCookies
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Epwk-X-Cache
X-LI-UUID
X-CCDN-CacheTTL
Srv
Cdn
X-RAMCache
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-ServedByHost
X-Geo
DataCenter
X-Cdn-Forward
X-ND-Cache
M-TraceId
X-Time-Microsecs
X-Fetch-By
Server-Ttl
X-Backend-Host
WZWS-RAY
MIME-Version
X-Esi
X-ID
Warning
Cf-Device-Type
X-Edge-POP
X-B3-Traceid-Primal
ENV
X-CUA
X-Fastly-Backend-Reqs
X-Lb-Nocache
XServer
ServerName
X-App
X-HostName
X-MG-S
Dt-Hot-News
Fastly-Drupal-HTML
Target-Params
PICS-Label
X-Fragments
X-Azure-Ref-OriginShield
X-ATG-Version
X-HITS
CF-Cached-On
Tracecode
X-ElasticPress-Query
X-Newrelic-App-Data
X-Platform-Cluster
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Yottaa-OS
X-Request-Url
X-Platform-Router
Section-Io-Origin-Status
X-Platform-Processor
Inserted-Into-Cache-At
X-Fastly-Backend
X-Request-URL
X-Nc
X-Var-Ttl
X-Iplb-Instance
X-Sucuri-ID
X-Dw-Trace-Id
X-LiteSpeed-Cache-Control
X-Sucuri-Cache
X-Akamai-Request-ID
X-Iplb-Request-Id
Cf-Ipcountry
X-CF-Powered-By
D-Url-Rewrites
X-Serial
X-FC-Vary-Parameters
X-Thanos
X-Vcache
Lfy
X-Bip
Cdn-Pullzone
DT-Hot-News
Servedby
Cdn-Uid
Cdn-Edgestorageid
Cdn-Cachedat
Wp-Super-Cache
Cdn-Requestcountrycode
Cdn-Cache
Cdn-Requestid
X-IN-APIGATEWAYSSL
X-Wp-Cf-Super-Cache-Cache-Control
True-Client-Ip
X-Vercel-Id
X-Vercel-Cache
X-Wp-Cf-Super-Cache
Vha6-Origin
X-IN-APIGATEWAY
X-Dist-Code
X-NU-AKA-ACS-Version
Cneonction
X-Snapshot-Date
X-Storefront-Renderer-Verified
Ngx
X-Th-Server
CountryCode
X-Release
X-BBC-Origin-Response-Status
X-Varnish-Beresp-Status
Fastcgi-Cache-Ttl
X-Back
X-Cache-Expires
Content-Style-Type
Content-Script-Type
X-Fastly-Cache-Hits