Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
X-Akamai-Path-Stats
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
X-WebKit-CSP
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Country
Fastly-Restarts
Accept-Ch
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
RTSS
Edge-Control
X-VARITI-CCR
X-ESI
X-Amz-Server-Side-Encryption
X-Server-Name
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-D2id
X-Edge
X-Ac
X-Ser
X-Navigation-Version
X-Element-Page-Cache
Verso
X-Sol
X-Abt-Application-Version
X-Client-IP
X-FastCGI-Cache
Display
Pagespeed
X-Middleton-Display
X-Powered-By-Plesk
X-RateLimit-Remaining
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-Middleton-Response
Response
X-Correlation-Id
X-NF-Request-ID
X-Ttl
X-Goog-Hash
Access-Control-Request-Method
X-Content-Security-Policy-Report-Only
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-Cached
AR-SID
AR-CACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Edge-Location-Klb
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
Edge-Cache-Tag
X-LLID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Upstream
X-Kraken-Loop-Name
X-NWS-LOG-UUID
X-Litespeed-Cache
X-TTL
X-Ruxit-Js-Agent
X-Forwarded-For
Nginx-Cache
X-Cache-Key
Content-MD5
X-RateLimit-Limit
X-Id
X-MSEdge-Ref
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
TCN
X-T
X-Recruiting
S
X-B3-TraceId-Primal
X-Daa-Tunnel
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Content-Digest
X-ECACHE
X-Ua-Device
X-DataDome
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Mg-S
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-Grace
X-Ezoic-Cdn
X-HS-Content-Id
MicrosoftSharePointTeamServices
MS-Author-Via
X-HS-Cache-Config
X-Protected-By
X-HS-Combine-CSS
X-HS-Hub-Id
X-Frontend
X-Content
X-Ua-Browser
X-Ab
X-DynaTrace
X-Request-Received
X-Request-Processing-Time
TP-L2-Cache
X-Yandex-Sdch-Disable
TP-Cache
Server-Node
Front-End-Https
Filters
X-Server-ID
X-PressLabs-Stats
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-Webkit-Csp
X-Microsite
X-Request-Handler-Origin-Region
X-Tt-Trace-Host
X-LB-Cache
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
Host
X-Debug-Info
Cleartype
X-F-Cache
X-B3-Sampled
X-Page-Id
Cross-Origin-Opener-Policy
X-Git-Hash
X-Ratelimit-Reset
X-Forwarded-Proto
X-DIS-Request-ID
X-ORACLE-DMS-ECID
X-Cache-Age
Cache-Status
X-ORACLE-DMS-RID
Access-Control-Allow-Method
X-Www-Served-By
X-Seen-By
Realpath
X-Activity-Id
X-AppVersion
X-Az
Pinterest-Generated-By
ServerID
X-Pinterest-Rid
Pinterest-Version
Accept-Charset
X-Aspnetmvc-Version
X-Oracle-Dms-Ecid
X-Mcache
Cache-Tags
Filterid
X-Fastly-Request-Id
X-Varnish-Age
X-Oracle-Dms-Rid
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Rid
X-Content-Options
X-Type
X-Language
Retry-After
X-App-Environment
X-Kong-Proxy-Latency
X-FB-Debug
X-Kong-Upstream-Latency
Country
Server-Name
Node
X-Upgrade-Enabled
Viewport
X-Varnish-Backend
X-User-Agent
X-Tb
X-MCACHE
Paypal-Debug-Id
X-Varnish-Grace
X-Drupal-Cache-Tags
DC
X-Whom
X-Wix-Request-Id
X-Origin-Cache
X-Signature
X-B-Cache
X-TT
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Oneagent-Js-Injection
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Mobile-URL
X-GUploader-UploadID
X-XRDS-LOCATION
X-B
X-VCache
X-Is-Crawler
X-Route-Name
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Request-Guid
X-NWS-UUID-VERIFY
Protected
Permissions-Policy
X-Debug
Fastcgi-Useragent
X-Amz-Replication-Status
X-Logged-In
X-Amz-Meta-S3cmd-Attrs
X-Cache-NGX
X-N
X-Via-JSL
WPO-Cache-Status
Payment
WPO-Cache-Message
X-Load-Cache
X-XRDS-Location
Surrogate-Key
X-Cache-Control
X-Contextid
Amp-Access-Control-Allow-Source-Origin
Count-Hit
X-Webkit-CSP
Healthy
X-Node-Name
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Template
X-FW-Dynamic
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Server
X-Fastcgi-Cache
X-Mobile
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-Proxy
Refresh
Content-Disposition
Akamai-GRN
X-Cache-Time
X-Jobs
X-G
X-Restarts
X-Revision
Url
X-Real-IP
X-NGENIX-Cache
X-Akamai-Request-ID2
Alternate-Protocol
X-UUID
Uber-Trace-Id
X-Framework
X-Cache-TTL-Remaining
X-Fastly-Request-ID
X-Zen-Fury
VIX-Pulpo-Upstream-Status
X-Proxy-Cache-Status
X-Device-Type
X-Is-Bot
X-Rendered-As
X-Drupal-Cache-Contexts
NGB
X-Adobe-Loc
X-Cacheable-TTL
X-Servername
X-Adobe-Content
VIX-Pulpo-Node
X-Debug-IsConnected
X-Debug-IsPreview
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Instance
X-Page-View
Access-Control-Request-Headers
X-Hostname
X-Cache-Grace
X-Http-Reason
X-Mg-Request-UUID
X-Varnish-Server
X-Midtier
X-Trace-Id
X-ECache
X-B3-Traceid
X-IPLB-Instance
X-Environment-Context
X-L-Path
Version
X-Source
X-EdgeConnect-Cache-Status
X-HTML-Minification-Powered-By
Accept-Language
MS-CV
Ms-Operation-Id
X-RTag
Countrycode
Frame-Options
From-Origin
X-Cache-Hit
X-Cache-Rule
X-Ratelimit-Remaining
X-Cache-Expired-At
X-Vgn-Hpd-Reason
Liferay-Portal
X-NYM-Debug-Backend
Referer-Policy
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
Backend
X-Tumblr-Pixel
X-APP-VERSION
X-COUNTRY
X-IPS-LoggedIn
X-Datadome
X-Nginx-Cache
X-FW-Version
Content-Secure-Policy
X-Hosted-By
X-UPSTREAM-Address
X-Parallel-Accel
X-Cache-Server
Upgrade-Insecure-Requests
Meta-Geo
X-Unique-Id
X-RN-RSRV
X-PCL
Section-Io-Cache
X-FB-TRIP-ID
X-Generation-Time
X-OCL
X-No-Session
X-Cache-Enabled
X-Redis-Cache
X-NewRelic-App-Data
X-Ua
X-AOL-HN
X-Akamai-Edgescape
X-Access
X-Format
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
X-Cluster-Node
Property-Id
Mn-Server-Ip
X-Origin-Date
Azure-Version
S-Rt
WP-Super-Cache
X-Be
X-Via-Fastly
X-Server-W
X-Uri
Azure-RegionName
Azure-InstanceId
TWC-GeoIP-LatLong
X-Request-Time
Azure-SlotName
X-RemovedCookies
X-UA-Device-Type
X-Region
X-ProcessESI
TWC-Device-Class
TWC-Connection-Speed
Azure-SiteName
X-Origin-Hint
X-Varnish-Cache-Hits
TWC-GeoIP-Country
X-PHP-Backend
Apigw-Requestid
X-Section
TWC-Locale-Group
TWC-Privacy
CF-IPCountry
X-Mode
X-Content-Age
X-Say-Cacheable
X-ProxyCache-Status
X-PERF
X-Sorting-Hat-ShopId
X-ProxyCache-Key
X-Sorting-Hat-PodId
X-SayCDN-TTL
X-Say-TTL
X-ShopId
X-Shopify-Stage
X-Nginx-Cache-Key
X-Locale
X-Cache-Host
X-Content-Powered-By
X-BYPASS-REASON
X-ApacheServer
Locale
X-Debug-Cache
Cache-Tv-Group
X-Alternate-Cache-Key
X-Human
X-Generated-By
X-Forwarded-Host
Eomportal-Instance
X-ShardId
X-Sql-Count
X-Sql-Duration-Ms
X-PHP-Host
X-Labrador-Cache-Channel
X-Xfnlog-Site
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Status
Fastly-SSL
X-Storage
X-Site-Version
X-Extlb
X-VC-Cache
X-Detected-As
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Cache-Action
X-Backend-Name
X-Cache-Type
X-Adobe-Source
X-Routing-Service
X-Varnishpool
X-SaId
X-Tid
Ec-Rule-Version
X-Web-Node
X-Proxied
X-Hl-Ver
X-Cms-Context
X-Cache-Tags
X-ServerID
X-Zipkin-Id
X-Platform-Server
X-JoinUs
X-Handled-By
X-GG-Cache-Date
CDN-CachedAt
CDN-Cache
X-Proxy-Build
CDN-PullZone
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
CDN-EdgeStorageId
Load-Balancing
Selected-Fe
X-Timing-Wait
ServedBy
X-Storefront-Renderer-Rendered
X-Edge-Location
X-Ratelimit-Limit
Webserver
SRV
X-Proto
X-GeoCode
X-GeoCountry
X-Hyper-Cache
Fastly-Drupal-Html
X-CDN-Forward
Mime-Version
X-LSADC-Cache
Web-Mar-Node
X-Rule
X-Dc
Onion-Location
X-Cached-By
X-Cache-Operation
X-GEO
X-Cache-Remote
X-TT-LOGID
X-Varnish-Hostname
SID
X-Rewrite-Enabled
Cache-Hits
X-Soup
X-App-Version
X-Cdn
X-SRV
X-Varnish-Ttl
X-Cluster
Xserver
X-Pubstack
X-Accel-Buffering
X-Origin-CC
X-TA-CDN-Provider
X-Reqid
X-Origin-TTL
X-Varnish-Hits
X-Magnolia-Registration
Country-Code
Xet-Cookie
X-Envoy-Decorator-Operation
X-Air-Trace-Id
X-Air-Hostname
Server-Info
LB
X-Air-Source
X-Microcachable
X-IPLB-Request-ID
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Buckets
Decoy-Debug-TTL
X-CSRF-Token
Decoy-Debug-Status
Decoy-Debug-Key
DB-Nickname
Cache
X-Request-Host
Source
X-Ms-Request-Id
X-Tt-Logid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Newrelic-Synthetics
X-Ms-Version
X-Endurance-Cache-Level
X-Time
X-Tx-Id
X-B3-SpanId
Lang
X-Via-NSCOPI
X-User
X-Origin-Response-Time
Fastcgi-X-Cache-Version
Host-ID
X-Vdms-Path
X-Vdms-Version
X-Vtex-Remote-Cache
Cmstype
Cmsid
Xc-Version
DCR-Decision-By
Expiry
Cdnsip
DCR-Processing-Time-Ms
BehaviorPad-Version
X-VG-WebCache
Cdncip
X-Vtex-Processado-Em
A
X-ScT
X-Developer
X-S
X-Ec-Fail
X-Ec-GeoHdr
X-Esi-Check
X-Epic-Correlation-Id
X-Destination
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Conf
X-S-Cookie
X-Connection-Hash
X-External-Request-Id
X-Forwarded-Path
X-Orig-Expires
X-NAPM-TraceId
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Ftr-Request-Id
X-Rojux
X-Geo-Header
X-Gzip
X-Hash
X-Cdn-Srv
X-Cache-NE
Sslversion
Rendered-Blocks
Surrogated-Key
X-Tenant
X-Shop-Environment
X-SRCache-Key
Pramga
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
NM-Fastcgi-Cache
X-TrackingId
X-TIM-N
X-Session-Fingerprint
T-Server
X-Application
X-AK-Request-ID
X-ARC
X-B-Cookie
X-Cache-Id
X-Aed
X-A-Wwc
X-SD-PageType
X-A
X-A-Ccd
X-A-Dam
X-A-Dgt
MD5-Digest
X-A-Dcw
X-RCS-CacheZone
X-NCache
X-Bc-Bl
X-CacheTTL
X-Ckpd-Fst-Backend
X-Cache-Info
X-Cache-Bucket
X-Amzn-Remapped-Content-Length
X-Cache-Backend
X-Clara-WADP
X-WADP-Cache
X-DefHash
X-Developers
X-DefElseHash
X-Core-Value
X-Core-Mission
X-Worker
Wxu-Next-Region
Mail-Subject
Memcached
Machine
Is-Eu
Fastly-GeoIP-CountryCode
Platform
Producers
Wxu-Next-Commit
Wxu-Next-Hostname
We-Hiring
State
Server-Host
X-Device-Os
X-DPWN-IS-SECURE
X-Sigma
X-Sigma-Backend
X-Server-IP
X-Scheme
X-SB
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Variation
X-V-Cache
X-Rocket-Build-Number
X-Origin-Expires
X-Fmm-Version
X-Gdpr
X-Fetched-On
X-Fastly-Cache
Environment
X-GeoIP
X-Irp-Debug
X-Nyt-Route
X-Origin
X-NodeID
X-Node-Id
X-Mvc-Supplant-Cachable
X-Via-Ucdn
X-Origin-Time
Adler-Geo
AKAMAI
X-Skip-Cache
X-Varnish-Beresp-Grace
X-Azure-Ref
Cache-Name
CDN
X-Gamma-Serve
X-Gen-Mode
X-Generated-On
X-Forwarded-Site
X-Block-Status
X-Eu-Site
X-Branch-Name
X-GeoIP-City
X-HN
X-Loc
X-Minions-Version
X-Level-Front-Cache
X-LAGOON
X-Hnp-Log
X-Httpd
X-Ec-Custom-Error
X-Dispatcher-Number
X-CGP
X-Auto-Login
X-Cdn-Origin
Apple-News-Services-Handled
X-Cache-Date
Apple-News-Services-Host
X-R9-Blue-Green-Version
X-Csrf-Jwt
X-BBC-Edge-Cache-Status
Apple-News-Services-Request-Url
DynaTrace
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Apple-News-Services-Parsed-Url
X-Planisys-CDN-Rules
X-Wikidot-Backend
X-Wikidot-Static-Cache
Kp-EeAlive
X-Viewer-Country
X-VG-TLSProxy
X-Sn-Servicetimems
X-Thinkindot-L3
X-VarnishDD-TTL
X-Has-Esi
X-Is-Gdpr
Cache-Key
Candidate-Md5Url
X-BCube-Filmed-By
X-Wix-Viewer-Type
X-TNCMS
X-JWT-State
X-Loop
X-Slack-Backend
X-SIPLIST1
X-Pool
HostName
X-Proxy-Cache-Info
X-Policy
X-Pod-Name
X-Aicache-OS
X-Planisys-CDN-TTL
X-Platform
X-Proxy-Upstream
X-Qloud-Router
X-Region-Sid
X-Request-URI
X-Served-From
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Planisys-CDN-Cache
X-Rocket-Nginx-Serving-Static
CloudFront-Viewer-Country
Ssr
Web-Mar-Region
CDCHOST
Req-Svc-Chain
Redirect-Candidate
Release
Svr
TDXMobile
Thinkindot-Control
Traceparent
V-Age
Vix-Hermes-Req-Id
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Cluster
PFcat
Ha-Gx-Prefs
HA-Ipaddr
Datacenter
Gh-Request-Id
Fastly-SWR
Fastcgi-Cache-TTL
Fastly-SIE
IsBot
L
Origin-CC
Origin-EX
Origin
N-Cache
L5d-Success-Class
Ohc-File-Size
User-Cache-Control
X-Cache-Status-Check
Server-Ext
Server-Hostname
Sever-Int
NGX
X-Scale
GEO-INFO
X-Optimistic-Header
X-Owner
X-VServer
DSUID
VNS-Cache
X-SplitTest
XM
VNS-Age
CPC-Cache
X-Ad-Defer-Variation
CPC-Age
X-From
X-Webstats-RespID
X-ZONE
X-Refresh
X-Location
X-WP-CF-Super-Cache
X-Parent-Response-Time
X-WP-CF-Super-Cache-Cache-Control
X-VC
X-WA-Info
X-CS
Pics-Label
Fastly-Backend-Name
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-KEY
X-Micro-Cache
X-NC
X-Contensis-Viewer-Groups
Locid
X-Ah-Environment
Env
X-Cache-ASPX
X-EC-Lua
Ms-Author-Via
X-Men
X-Udemy-Cache-App-Namespace
X-LB-NoCache
X-Varnish-Authentication
X-Response-By
Arc-Country
Servername
AMP-Access-Control-Allow-Source-Origin
X-AIR-PT
X-Edge-Pop
X-Mvc-Supplant-OutputCached
Time
X-Amz-Meta-Cb-Modifiedtime
X-Old-Content-Length
Memory
X-Servedbyhost
Path
X-Xrds-Location
X-TIME
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Lb
X-RPS
X-RSL
X-RPM
X-DI
X-DB
X-Generated-In
X-DSS
Ngx.Var.Host
X-DW
X-Via-Popn
X-TraceId
X-Via-Poph
Cache-Host
X-Srv
X-Via-Popv
Ohc-Cache-HIT
X-HA-Backend
X-Trace-ID
X-Varnish-Beresp-TTL
X-Accel-Expires-Debug
ITXSESSIONID
X-Date
X-Akamai-Transformed
X-Api-Version
X-Proxy-CacheRZ
XkeyRZ
X-RateLimit-Reset
X-VCL-Version
X-GeoIP-Region-Code
Client
X-S-Maxage
X-GeoIP-Country-Code
X-DC
GeoIp-Country-Code
X-Cache-Debug
X-Vc
X-Clientip
X-API-Version
FSS-Cache
True-Client-IP
X-Cs
X-VHOST
Geoip-Latitude
Server-ID
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Zone
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
X-Fpc
Hostname
CacheControlHeader
X-Presslabs-Stats
X-FireWall-Port
X-TH-Server
X-Dmc
X-Action
True-Client-Country-4JS
X-Render-Time
X-Traceid
X-Backend-TTL
X-MSEdge-Features
X-Webkit-Csp-Report-Only
Powered-By
X-MSEdge-Flight
X-TX-ID
X-PX
X-B3-Spanid
NtCoent-Length
X-INCAP-ABP
Tcn
Rip
Test
X-Req
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Service
Geo-Info
C-Via
X-DynaTrace-JS-Agent
Edge-Cache
X-Gateway-Cache-Status
X-NGINX-Cache
X-M-Reqid
Tube-Got-Eval
Click-Count-Action-Start
My-App
Tube-Return
Tube-Got-Results
Tube-Get-Contents
X-Qnm-Cache
X-Cdn-Request-ID
Click-Count-Error
X-Pass-Why
X-FPC
X-M-Log
Esi-Enabled
X-CSRF-TOKEN
X-Origin-Upstream-Status
X-Correlation-ID
Server-Id
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Status
X-Beluga-Trace
X-Webkit-CSP-Report-Only
X-Beluga-Node
X-Beluga-Cache-Status
HIT
X-HS-Status
On-Server
User-Agent
X-Provided-By
X-Up
X-Vcl-Version
Uri
X-Alfa-Service
Cf-Int-Pingora-Origin-Digest
OT-Force-Account-Verify
X-TRACE-ID
X-Via-PopN
X-Ha-Backend
X-Via-PopH
X-Proxy-Cache-Hk
Srvid
Resin-Trace
X-Via-PopV
GeoIP-Country-Code
GeoIP-Latitude
X-URL
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
X-LB-ID
Proxy-Connection
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Ttl
X-APP
Sid
X-Edge-Origin-Shield-Bytes
X-RAMCache
X-Li-Fabric
X-LI-Proto
X-ServedByHost
Srv
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Epwk-X-Cache
X-LI-UUID
X-Li-Pop
X-CCDN-CacheTTL
X-UnsetCookies
Cdn
X-Edge-Origin-Shield-Region
X-Geo
WebServer
DataCenter
X-Cdn-Forward
X-ND-Cache
X-SERVER-NAME
X-Backend-Host
X-Edge-POP
X-Time-Microsecs
M-TraceId
WZWS-RAY
X-Fetch-By
X-Esi
MIME-Version
Warning
X-Lb-Nocache
XServer
Server-Ttl
X-Fastly-Backend-Reqs
ServerName
ENV
X-B3-Traceid-Primal
X-CUA
X-App
Cf-Device-Type
X-MG-S
Fastly-Drupal-HTML
X-HostName
PICS-Label
X-Newrelic-App-Data
X-Platform-Processor
X-ATG-Version
X-Platform-Cluster
Target-Params
Section-Origin-Responded
X-Fragments
X-LiteSpeed-Cache-Control
DT-Hot-News
X-ElasticPress-Query
X-HITS
CF-Cached-On
X-Platform-Router
Section-Io-Id
X-Serial
X-Azure-Ref-OriginShield
Tracecode
Section-Io-Origin-Status
X-Dw-Trace-Id
Section-Io-Origin-Time-Seconds
X-Yottaa-OS
X-Request-Url
X-Iplb-Request-Id
X-Fastly-Backend
True-Client-Ip
Inserted-Into-Cache-At
X-Iplb-Instance
X-Thanos
X-Bip
X-Vcache
X-Akamai-Request-ID
X-FC-Vary-Parameters
Lfy
X-Nc
X-Var-Ttl
X-Sucuri-Cache
Dt-Hot-News
Cf-Ipcountry
X-Sucuri-ID
X-CF-Powered-By
D-Url-Rewrites
Cdn-Uid
Cdn-Requestid
Cdn-Requestcountrycode
Cdn-Pullzone
Cdn-Edgestorageid
Wp-Super-Cache
Servedby
X-Air-Pt
Cdn-Cachedat
Cdn-Cache
X-Dist-Code
X-Snapshot-Date
X-Vercel-Cache
X-Vercel-Id
X-BBC-Origin-Response-Status
X-IN-APIGATEWAYSSL
X-Request-Start
X-IN-APIGATEWAY
Vha6-Origin
X-Varnish-Beresp-Status
Hit
X-Release
Ngx
X-Th-Server
Fastcgi-Cache-Ttl
X-Storefront-Renderer-Verified
X-NU-AKA-ACS-Version
X-Request-URL
X-Cache-Expires
X-Back
Content-Style-Type
Content-Script-Type
CountryCode
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
Cneonction