Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Request-Id
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
Report-To
X-Cache-Status
NEL
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
X-Envoy-Upstream-Service-Time
Status
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Turbo-Charged-By
X-Cache-Group
X-UA-Device
Keep-Alive
P3p
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-AH-Environment
X-Server-Powered-By
X-Robots-Tag
X-Hacker
X-Server
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-WebKit-CSP
X-Nginx-Cache-Status
X-LiteSpeed-Cache
X-Page-Speed
X-Request-ID
EagleEye-TraceId
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dispatcher
X-Device
Accept-CH
X-Cache-Spec
X-Host
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
X-Dns-Prefetch-Control
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-Ruxit-JS-Agent
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
Allow
X-Url
X-Trace
X-Aws-Lambda-Call-Status
Accept-Ch-Lifetime
X-PC
X-Vname
X-TtlSet
X-Content-Type
X-Ac
X-Server-Name
X-Clacks-Overhead
Fastly-Restarts
Edge-Control
X-Varnish-TTL
X-ESI
Cache-Tag
X-Mod-Pagespeed
X-Rack-Cache
X-VARITI-CCR
Service-Worker-Allowed
MS-Author-Via
X-Element-Page-Cache
Verso
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
Public-Key-Pins
X-Upstream
X-GitHub-Request-Id
X-Dw-Request-Base-Id
RTSS
X-CST
X-Abt-Application-Version
X-Cnection
X-Client-IP
X-FastCGI-Cache
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Cache-TTL
X-D2id
X-Px
X-Cached
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Country-Code
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-TTL
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
AR-SID
AR-PoweredBy
AR-CACHE
AR-Request-ID
AR-ATIME
X-Middleton-Response
X-Version
Response
X-RateLimit-Remaining
X-Powered-CMS
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-LLID
Nginx-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
X-Amz-Server-Side-Encryption
X-Origin-Cache
TCN
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Edge
X-Protected-By
X-T
X-Language
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-HP-Webp
X-Jurisdiction
Edge-Cache-Tag
X-HP-Trace-Id
X-Shield-Request-Id
X-Aspnetmvc-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-Id
SPIisLatency
SPRequestDuration
S
Content-MD5
X-Ser
Front-End-Https
Pinterest-Version
X-Pinterest-Rid
X-Correlation-Id
Pinterest-Generated-By
Fastcgi-Cache
X-Cache-Key
X-NWS-LOG-UUID
X-Template
X-Mid
Realpath
X-Request-Processing-Time
X-Request-Received
Server-Node
Filters
X-Frontend
X-Recruiting
X-Ua-Browser
X-Content
X-Ab
X-Yandex-Sdch-Disable
X-HS-Hub-Id
Server-Name
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-MCACHE
X-Ruxit-Js-Agent
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-Hits
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Daa-Tunnel
X-Server-ID
X-Parallel-Accel
X-Ttl
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Debug-Info
Cleartype
Cache-Tags
Accept-Ch
X-DataDome
X-Litespeed-Cache
X-Page-Id
X-B3-Sampled
Charset
Host
X-ECACHE
X-Git-Hash
X-Geo-Country
X-DIS-Request-ID
X-Www-Served-By
X-Ratelimit-Limit
Cross-Origin-Opener-Policy
X-Content-Options
X-Content-Digest
X-Amzn-Trace-Id
X-ASPNET-VERSION
X-Hostname
X-Grace
X-F-Cache
ServerID
Alternate-Protocol
Filterid
X-Amz-Replication-Status
X-Accel-Expires
X-Upgrade-Enabled
X-Fastcgi-Cache
X-FB-Debug
X-N
X-Varnish-Age
X-Activity-Id
X-Az
X-AppVersion
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-Forwarded-Proto
X-WebKit-CSP-Report-Only
X-VCache
X-Nginx-Upstream-Cache-Status
X-Distributor
X-LB-Cache
X-Mobile-URL
X-Rid
X-Fastly-Request-Id
X-Seen-By
X-XRDS-LOCATION
X-Origin-Server
X-Type
X-App-Environment
Viewport
X-Tb
X-Whom
X-FW-Serve
X-FW-Type
X-Wix-Request-Id
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-Request-Guid
X-Goog-Metageneration
X-Goog-Generation
X-Flags
X-Aspnet-Duration-Ms
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Route-Name
X-Is-Crawler
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-TT
X-Providence-Cookie
X-User-Agent
Access-Control-Allow-Method
X-Ratelimit-Reset
Payment
Node
Fastcgi-Useragent
Accept-Charset
X-Varnish-Grace
DC
Paypal-Debug-Id
Country
TP-Cache
TP-L2-Cache
X-Fastly-Request-ID
X-Via-JSL
X-App-Server
X-Cluster-Name
X-Cache-Rule
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Drupal-Cache-Tags
X-Webkit-Csp
X-Cache-Control
X-Buckets
X-B-Cache
X-Signature
Cache-Status
X-Contextid
Version
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Age
X-NGENIX-Cache
Amp-Access-Control-Allow-Source-Origin
Referer-Policy
X-Node-Name
X-Tec-Api-Root
X-Varnish-Backend
X-Tec-Api-Version
X-Tec-Api-Origin
Refresh
X-Response-Served-From
X-Original-Request-Id
X-TEC-API-ORIGIN
X-Mobile
NGB
X-Load-Cache
VIX-Pulpo-Node
SD-X-WS
VIX-Pulpo-Upstream-Status
X-TEC-API-VERSION
X-Logged-In
X-TEC-API-ROOT
X-Is-Bot
X-Jobs
X-Proxy-Cache-Status
X-Revision
X-Rendered-As
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Cache-Expired-At
X-IPLB-Instance
X-Vgn-Hpd-Reason
X-Real-IP
X-Yottaa-Metrics
X-Cacheable-TTL
X-Debug
Surrogate-Key
X-Yottaa-Optimizations
Access-Control-Request-Headers
X-Cache-Action
X-B
X-Page-View
X-Drupal-Cache-Contexts
Akamai-GRN
X-FW-Version
X-Framework
X-Instance
X-UUID
X-Proxy
X-Rule
X-Device-Type
X-Debug-IsPreview
X-Debug-IsConnected
X-G
X-Accel-Buffering
X-Cache-Time
CF-IPCountry
X-ProcessESI
X-RemovedCookies
X-Origin-Upstream-Status
X-Cache-NGX
X-RateLimit-Limit
X-Presslabs-Stats
SID
GEO-INFO
Count-Hit
Uber-Trace-Id
Protected
X-Nginx-Cache
X-Oneagent-Js-Injection
X-APP-VERSION
X-Cache-Operation
X-Zen-Fury
X-Source
X-EdgeConnect-Cache-Status
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-XRDS-Location
WPO-Cache-Message
WPO-Cache-Status
X-Hyper-Cache
X-Cache-TTL-Remaining
X-Servername
X-Ms-Request-Id
X-Ms-Version
Liferay-Portal
X-Cache-Hit
DynaTrace
X-Azure-Ref
X-PressLabs-Stats
Ec-Rule-Version
Retry-After
X-Adobe-Loc
X-CDN-Forward
X-RTag
X-IPS-LoggedIn
Content-Disposition
Healthy
X-Adobe-Content
Ms-Operation-Id
MS-CV
Backend
X-Mode
X-Cache-Grace
Url
Frame-Options
Cross-Origin-Window-Policy
X-Backend-Name
X-Ratelimit-Remaining
Countrycode
X-Unique-Id
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Rewrite-Enabled
X-Tid
Meta-Geo
X-NewRelic-App-Data
X-RN-RSRV
X-Uri
X-L-Path
X-UPSTREAM-Address
X-Detected-As
Xserver
X-Environment-Context
Country-Code
X-Redis-Cache
X-Debug-Cache
X-Alternate-Cache-Key
X-Hosted-By
X-Content-Age
Apigw-Requestid
X-Proxied
X-Varnish-Server
X-ShardId
Decoy-Debug-Status
Decoy-Debug-TTL
X-Format
Decoy-Debug-Key
X-Sorting-Hat-ShopId
X-Trace-Id
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-FB-TRIP-ID
X-Generation-Time
X-Routing-Service
X-Sql-Count
X-Zipkin-Id
X-Sql-Duration-Ms
X-Extlb
X-Cache-Server
Eomportal-Instance
X-Generated-By
X-NCache
X-Nginx-Cache-Key
X-NYM-Debug-Backend
X-Human
X-No-Session
X-Microcachable
X-Access
Mn-Server-Ip
CDN-Cache
X-Akamai-Edgescape
Cache-Name
X-Forwarded-Host
CDN-CachedAt
CDN-EdgeStorageId
CDN-Uid
X-ApacheServer
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestId
Azure-SlotName
X-Web-Node
Azure-InstanceId
Azure-RegionName
X-OCL
Webcakes-App-Version
X-UA-Device-Type
Webcakes-Region
Azure-SiteName
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Azure-Version
Property-Id
X-Cache-Host
X-Cluster-Node
Content-Secure-Policy
X-Server-W
X-Pubstack
X-PHP-Backend
X-PERF
X-Origin-Date
X-PCL
X-Origin-Hint
X-Region
X-ServerID
X-Site-Version
X-Status
X-Section
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
TWC-Locale-Group
X-Cache-Type
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Storage
X-Timing-Wait
Selected-Fe
X-Content-Powered-By
X-Via-Fastly
X-BYPASS-REASON
X-Be
Cache-Tv-Group
LB
X-Cache-Remote
Fastly-SSL
X-TIME
X-Varnishpool
X-Hl-Ver
X-SaId
X-Soup
X-JoinUs
X-Varnish-Beresp-Grace
X-Ua
Section-Io-Cache
X-R9-Blue-Green-Version
X-LSADC-Cache
X-Platform-Server
X-Cached-By
DB-Nickname
X-Bc-Bl
X-Cache-Tags
X-NWS-UUID-VERIFY
X-Akamai-Transformed
From-Origin
X-Xfnlog-Site
Mime-Version
Upgrade-Insecure-Requests
Xet-Cookie
ServedBy
OT-Force-Account-Verify
Cache
X-AOL-HN
X-Dc
X-TT-LOGID
X-GEO
X-Varnish-Cache-Hits
X-Akamai-Request-ID2
X-ECache
X-Auto-Login
X-Request-Time
X-Http-Reason
S-Rt
X-Origin-TTL
X-Cdn
Source
X-Origin-CC
HostName
WP-Super-Cache
X-Request-Host
SRV
X-Azure-Ref-OriginShield
X-Cache-Enabled
X-CSRF-Token
X-LAGOON
X-Varnish-Hits
X-Handled-By
Cache-Hits
X-Varnish-Hostname
X-TNCMS
X-Loop
Webserver
Server-Info
Onion-Location
Accept-Language
X-Reqid
X-Adobe-Source
X-Mg-Request-UUID
X-S-Maxage
X-FireWall-Port
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-RCS-CacheZone
X-SRV
Web-Mar-Node
Fastly-Drupal-Html
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Nel
X-GG-Cache-Date
X-Amz-Meta-S3cmd-Attrs
X-Magnolia-Registration
X-Time
X-B3-SpanId
X-Locale
X-Origin-Response-Time
X-EC-Lua
X-Planisys-CDN-Rules
Mobile-Detection-Method
Meta-Geo-Continent
X-Orig-Expires
X-PAYTM-SRV-ID
X-GeoIP-Country-Code
X-PHP-Host
X-Gen-Mode
Odigeo-Trace-Id
X-Ftr-Request-Id
X-PBS-Appsvrname
X-Planisys-CDN-Cache
N-Cache
X-GeoIP-Region-Code
X-Forwarded-Site
Fastcgi-X-Cache-Version
X-NAPM-TraceId
X-Processor
X-Proxy-Upstream
X-Labrador-Cache-Channel
BehaviorPad-Version
A
X-Forwarded-Path
X-Men
X-ND-Cache
X-Viewer-Country
X-Ig-Push-State
X-Planisys-CDN-TTL
Expiry
DCR-Decision-By
DCR-Processing-Time-Ms
X-Hnp-Log
X-Epic-Correlation-Id
Xc-Version
X-D
X-V-Cache
X-Block-Status
X-Cache-Bucket
X-Backend-TTL
X-B-Cookie
X-Aed
X-Application
X-ARC
X-TIM-N
X-Connection-Hash
X-Cache-NE
X-CF-Lambda-Fn
X-Ckpd-Fst-Backend
X-VG-WebCache
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-Vdms-Version
X-Vdms-Path
X-Conf
X-Webstats-RespID
X-Cluster
X-Vtex-Remote-Cache
X-Rojux
X-A-Wwc
Surrogated-Key
Sslversion
X-Developer
X-Session-Fingerprint
X-Shop-Environment
X-SD-PageType
X-ScT
Rendered-Blocks
Pramga
X-External-Request-Id
X-S
X-S-Cookie
User-Cache-Control
V-Age
X-SRCache-Key
X-A-Dgt
X-A-Ccd
X-A-Dam
X-Tenant
X-A
Vix-Hermes-Req-Id
X-Destination
X-Slack-Backend
X-A-Dcw
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Esi-Check
X-Scheme
X-RSL
X-RPS
X-Fastly-Cache
State
X-Varnish-Ttl
X-DI
X-DSS
X-DW
Svr
X-RPM
X-Fetched-On
X-Request-URI
X-Gdpr
X-Geo-Header
Machine
X-Req
X-Restarts
X-Cache-Backend
X-Old-Content-Length
Origin-EX
Origin-CC
Origin
X-Device-Os
Traceparent
X-Core-Mission
X-Cache-Date
X-Date
X-DB
X-Aicache-OS
X-Cache-Id
X-Cache-Info
X-Proto
X-Cdn-Srv
X-Cdn-Origin
X-VG-TLSProxy
X-TH-Server
X-Action
Wxu-Next-Commit
Wxu-Next-Hostname
Web-Mar-Region
X-Server-IP
True-Client-Country-4JS
Wxu-Next-Region
X-Sn-Servicetimems
X-Accel-Expires-Debug
X-App-Version
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Gzip
X-Rocket-Nginx-Serving-Static
Fastcgi-Cache-TTL
DSUID
AKAMAI
Fastly-GeoIP-CountryCode
X-Irp-Debug
X-Location
Apple-News-Services-Host
Cmstype
Cmsid
CDCHOST
CacheControlHeader
X-Mvc-Supplant-Cachable
X-Origin-Time
X-Policy
Host-ID
X-Node-Id
X-Origin
X-NodeID
X-Nyt-Route
Apple-News-Services-Handled
X-Hash
X-HS-Content-Campaign-Id
Apple-News-Services-Parsed-Url
X-Origin-Expires
Arc-Country
Gh-Request-Id
Apple-News-Services-Request-Url
Environment
X-Tx-Id
X-Via-NSCOPI
X-MP-GENERATED-AT
X-Platform
X-Amzn-RequestId
X-DefElseHash
X-Amzn-Remapped-Content-Length
X-UnsetCookies
X-Varnish-CookieINHashed-On
X-Owner
X-CGP
X-Varnish-Remaining-TTL
X-Worker
X-VServer
X-VarnishDD-TTL
X-Varnish-CookieHashed-On
X-Core-Value
X-Time-Microsecs
X-Datadog-Trace-Id
X-Thinkindot-L3
X-TrackingId
X-Datadog-Parent-Id
X-Variation
X-Csrf-Jwt
Edge-Cache
X-Sigma-Backend
X-Amz-Apigw-Id
X-Rocket-Build-Number
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Is-Gdpr
X-JWT-State
X-Fastly-Backend
X-Gamma-Serve
X-Wix-Viewer-Type
X-GeoIP
X-GeoIP-City
X-Has-Esi
X-Generated-On
X-Pod-Name
X-Response-By
X-HN
X-Eu-Site
X-RateLimit-Remaining-Second
X-Sigma
X-Developers
X-Loc
X-Region-Sid
X-Skip-Cache
X-DefHash
X-Qloud-Router
X-LI-UUID
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Served-From
X-RateLimit-Limit-Second
X-Level-Front-Cache
X-Li-Fabric
X-Li-Pop
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Datadog-Sampling-Priority
HA-Ipaddr
Ssr
Is-Eu
TDXMobile
Ha-Gx-Prefs
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
Req-Svc-Chain
PFcat
Locid
Mail-Subject
L5d-Success-Class
Platform
Release
Redirect-Candidate
L
NM-Fastcgi-Cache
Fastly-SWR
X-ATG-Version
X-Correlation-ID
Fastly-SIE
X-BBC-Edge-Cache-Status
X-Cache-Debug
X-VC-Cache
CloudFront-Viewer-Country
We-Hiring
Cf-Device-Type
Adler-Geo
X-Branch-Name
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Minions-Version
X-Sucuri-ID
Memcached
Kp-EeAlive
X-Xrds-Location
X-Sucuri-Cache
X-Srv
X-FC-Vary-Parameters
X-TraceId
X-Ua-Device
X-Trace-ID
NGX
AMP-Access-Control-Allow-Source-Origin
X-NC
X-Mvc-Supplant-OutputCached
X-Zone
X-Tb-Optimization-Total-Bytes-Saved
CDN
X-LB-ID
Env
X-CS
X-CacheTTL
X-Generated-In
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
X-Up
Magicmarker
Ms-Author-Via
X-API-Version
X-Optimistic-Header
Pics-Label
X-Backend-State
X-LB-NoCache
X-Tt-Logid
X-Varnish-Beresp-Ttl
X-User
X-Ec-Fail
X-Refresh
X-Ec-GeoHdr
X-Cache-Var
X-Cache-Var-Map
X-TA-CDN-Provider
X-DC
WebServer
X-Edge-Pop
X-Request-Start
Time
X-Via-Popv
X-Bip
X-Via-Poph
X-Via-Popn
X-Thanos
Memory
X-Parent-Response-Time
X-Webkit-CSP
X-HA-Backend
X-CACHE-KEY
X-AK-Request-ID
GeoIp-Country-Code
X-Servedbyhost
Cdnsip
Cdncip
X-M-Log
DataCenter
X-Qnm-Cache
X-ZONE
X-M-Reqid
Cluster
X-Fmm-Version
X-Esi
X-Varnish-Beresp-TTL
My-App
X-Cache-Config
X-Cs
X-WADP-Cache
X-Clara-WADP
NtCoent-Length
Server-ID
X-Dynatrace
X-MSEdge-Features
X-MSEdge-Flight
Candidate-Md5Url
X-CUA
X-CLOUD-TRACE-CONTEXT
Datacenter
X-VCL-Version
T-Server
Tracecode
X-From
X-Pass-Why
X-VC
X-Var-Ttl
Lang
X-Traceid
Geoip-Latitude
X-Vc
X-Newrelic-Synthetics
X-Fragments
X-Provided-By
X-Cache-Ttl
X-Fpc
Lfy
X-DynaTrace-JS-Agent
X-TX-ID
Cf-Int-Pingora-Origin-Digest
X-B3-Spanid
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-FPC
Target-Params
X-Li-Proto
X-Webkit-Csp-Report-Only
WWW-Authenticate
On-Server
X-LI-Proto
X-Webkit-CSP-Report-Only
Esi-Enabled
X-App
X-NODE
X-RAMCache
Geo-Info
Permissions-Policy
Proxy-Connection
X-Mcache
X-Httpd
X-Vcl-Version
C-Via
Servername
Server-Id
M-TraceId
X-Proxy-Cache-Info
X-RateLimit-Reset
X-Cache-PHP
X-Service
X-Datadome
Fastly-Drupal-HTML
X-Udemy-Cache-App-Namespace
WZWS-RAY
X-SB
X-Ha-Backend
X-Cache-Status-Check
FSS-Cache
Producers
Test
X-Api-Version
X-CSRF-TOKEN
Resin-Trace
X-Render-Time
X-Pool
X-ID
Hostname
X-Scale
X-Ec-Custom-Error
X-Via-PopN
Hit
X-Via-PopV
X-Unique-ID
X-LiteSpeed-Cache-Control
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
GeoIP-Country-Code
X-Via-PopH
X-ServedByHost
X-URL
X-Dynatrace-Js-Agent
X-Akamai-Path-Stats
X-Geo
X-Dispatcher-Number
X-Edge-POP
X-Cdn-Forward
MD5-Digest
X-Cms-Context
MIME-Version
X-Edge-Cache
X-SIPLIST1
X-Via-Ucdn
X-NGINX-Cache
X-HS-Status
X-Fastly-Backend-Reqs
Server-Ext
IsBot
Sever-Int
Server-Hostname
X-Clientip
Uri
ENV
X-Pad
X-ElasticPress-Query
X-Ucs
X-UP
X-Acquia-Purge-Tags
X-Acquia-Site
X-Wikidot-Static-Cache
X-Cache-CFC
X-Wikidot-Backend
X-Lb-Nocache
X-Acquia-Application-UUID
PICS-Label
X-Cache-Expires
ServerName
X-Acquia-Application-Trace
X-Fetch-By
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-GoCache-CacheStatus
X-Oss-Object-Type
X-Oss-Server-Time
X-BBC-Origin-Response-Status
Section-Io-Origin-Status
HIT
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Oss-Storage-Class
X-Check-Cacheable
X-Srcache-Store-Status
X-MG-S
X-Srcache-Fetch-Status
X-Nc
X-TRACE-ID
X-WA-Info
Server-Ttl
Load-Balancing
X-GeoCode
X-GeoCountry
S-Cnection
UCS
Tcn
X-Fastly-Cache-Hits
X-Swift-Error
Cneonction
X-Lb-Id
X-Cdn-Request-ID
Cache-Host
URI
X-LiteSpeed-Tag
X-Dw-Trace-Id
X-Vcache
X-Newrelic-App-Data
Wpo-Cache-Message
X-B3-ParentSpanId
Vha6-Origin
X-BCube-Filmed-By
Cteonnt-Length
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Snapshot-Date
Ngx
CF-Cached-On
Cf-Ipcountry
Wpo-Cache-Status
GeoIP-Latitude
X-Akamai-ERPolicy
X-Amz-Meta-Cb-Modifiedtime
Cache-Key
X-Ad-Defer-Variation
Path
Client
X-Akamai-ERRuleID
X-Air-Pt
X-Cache-Ngx
Sid
X-HostName
X-Akamai-Pragma-Client-IP
X-Yottaa-OS
X-UA
X-Sentry-ID
X-Request-Url
CountryCode
CPC-Age
Req-ID
VNS-Age
X-Request-URL
X-SplitTest
XM
X-Midtier
X-Dist-Code
X-Http-Count
VNS-Cache
CPC-Cache
X-Te-Count
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
X-Logging-Id
X-B3-Parentspanid
X-AIR-PT
X-Micro-Cache
Inserted-Into-Cache-At
X-Akamai-Request-ID
X-Te-Duration-Ms
X-Shopify-Generated-Cart-Token
Cdn
X-CacheKey
User-Agent
X-Info
X-Last-Modified
X-Http-Duration-Ms