Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
X-Akamai-Path-Stats
X-Dns-Prefetch-Control
Grace
X-Rq
X-Server-Powered-By
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
Accept-CH-Lifetime
X-Url
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-MS-InvokeApp
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Rack-Cache
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-Server-Name
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-ESI
Accept-Ch
X-Content-Type
Cache-Tag
X-B3-TraceId
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cnection
X-Px
X-Ac
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
X-Edge
X-Powered-By-Plesk
X-Cache-TTL
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Ser
X-Version
Service-Worker-Allowed
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-GitHub-Request-Id
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Goog-Hash
Access-Control-Request-Method
X-Ruxit-Js-Agent
X-Kinsta-Cache
SPRequestDuration
SPIisLatency
X-Webkit-Csp
X-Correlation-Id
X-TTL
X-Edge-Location-Klb
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-SID
X-Ttl
X-Upstream
X-Cached
X-NWS-LOG-UUID
X-RateLimit-Limit
X-LLID
X-Instrumentation
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Cache-Key
Edge-Cache-Tag
X-Litespeed-Cache
Nginx-Cache
TCN
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-MSEdge-Ref
Content-MD5
MRF-Tech
Mrf-Cache-Status
X-Id
X-Shield-Request-Id
X-Daa-Tunnel
X-B3-TraceId-Primal
X-T
MS-Author-Via
X-Recruiting
S
X-Content-Digest
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ua-Device
X-Mg-S
X-DataDome
X-Protected-By
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Accel-Expires
X-Ezoic-Cdn
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Ab
X-Frontend
X-Ua-Browser
X-Grace
X-Content
X-ECACHE
Server-Node
Front-End-Https
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Filters
X-Server-ID
X-DynaTrace
X-Mid
X-PressLabs-Stats
Fastcgi-Cache
TP-L2-Cache
TP-Cache
X-Geo-Country
X-ORACLE-DMS-ECID
X-Origin-Server
X-Hits
X-Distributor
X-ORACLE-DMS-RID
X-Debug-Info
X-Request-Handler-Origin-Region
X-Microsite
X-Amzn-Trace-Id
Charset
Cross-Origin-Opener-Policy
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cleartype
X-Git-Hash
X-WebKit-CSP-Report-Only
Host
X-DIS-Request-ID
X-F-Cache
X-Page-Id
Pinterest-Generated-By
Pinterest-Version
X-LB-Cache
X-Pinterest-Rid
X-B3-Sampled
X-Ratelimit-Reset
X-Www-Served-By
X-Cache-Age
X-Forwarded-Proto
Access-Control-Allow-Method
ServerID
X-Seen-By
Cache-Status
X-AppVersion
X-Activity-Id
X-Cluster-Name
Cache-Tags
X-Az
X-Aspnetmvc-Version
X-Varnish-Age
Accept-Charset
Realpath
X-Language
Filterid
X-Kong-Proxy-Latency
X-Rid
X-Kong-Upstream-Latency
X-MCACHE
X-Nginx-Upstream-Cache-Status
X-Type
Server-Name
X-Content-Options
X-App-Environment
X-Oracle-Dms-Ecid
Country
Retry-After
X-Fastly-Request-ID
X-Oracle-Dms-Rid
Node
X-Origin-Cache
Viewport
X-Varnish-Grace
X-Upgrade-Enabled
X-Tb
X-B-Cache
X-Mobile-URL
X-FB-Debug
X-User-Agent
X-Signature
X-Whom
X-NWS-UUID-VERIFY
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Wix-Request-Id
X-Goog-Stored-Content-Length
X-Is-Crawler
X-Goog-Storage-Class
X-Drupal-Cache-Tags
X-Flags
X-Route-Name
X-Providence-Cookie
Paypal-Debug-Id
DC
X-Request-Guid
X-Aspnet-Duration-Ms
X-Varnish-Backend
X-TT
X-VCache
Protected
Fastcgi-Useragent
X-XRDS-LOCATION
X-Via-JSL
X-B
X-N
X-Debug
X-Cache-NGX
X-Amz-Replication-Status
X-Fastcgi-Cache
X-Contextid
Payment
X-Logged-In
X-Mcache
WPO-Cache-Status
WPO-Cache-Message
X-Load-Cache
X-Template
Surrogate-Key
X-Fastly-Request-Id
X-Amz-Meta-S3cmd-Attrs
Amp-Access-Control-Allow-Source-Origin
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-Cache-Control
Count-Hit
X-FW-Server
X-FW-Serve
X-FW-Static
X-Node-Name
Healthy
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Hostname
Permissions-Policy
X-XRDS-Location
X-Response-Served-From
X-G
X-Original-Request-Id
SD-X-WS
X-UUID
X-Jobs
X-Proxy
X-Revision
X-Mobile
Refresh
Akamai-GRN
Content-Disposition
X-Cache-Time
X-Real-IP
X-Cache-TTL-Remaining
X-Trace-Id
X-Cacheable-TTL
X-Rendered-As
X-Akamai-Request-ID2
X-Is-Bot
X-Zen-Fury
Uber-Trace-Id
X-Framework
X-Proxy-Cache-Status
Access-Control-Request-Headers
X-Adobe-Content
X-Http-Reason
X-Adobe-Loc
X-Page-View
X-Debug-IsPreview
NGB
X-Device-Type
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Yottaa-Optimizations
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Instance
X-Yottaa-Metrics
Alternate-Protocol
Url
X-Servername
X-IPLB-Instance
X-Cache-Grace
X-ECache
Version
X-Cache-Rule
X-Source
X-B3-Traceid
X-Varnish-Server
X-Mg-Request-UUID
From-Origin
X-Restarts
X-L-Path
X-Environment-Context
X-Vgn-Hpd-Reason
X-NGENIX-Cache
X-Parallel-Accel
X-Oneagent-Js-Injection
Accept-Language
X-EdgeConnect-Cache-Status
X-Cache-Hit
X-Cache-Expired-At
Countrycode
Ms-Operation-Id
X-RTag
MS-CV
Referer-Policy
X-HTML-Minification-Powered-By
X-App-Server
Frame-Options
X-FW-Version
Backend
Liferay-Portal
X-Tumblr-Pixel-0
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-NYM-Debug-Backend
X-Tumblr-User
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-COUNTRY
X-Cache-Action
X-Nginx-Cache
Content-Secure-Policy
X-ProcessESI
X-RemovedCookies
Section-Io-Cache
X-Datadome
CF-IPCountry
Upgrade-Insecure-Requests
WP-Super-Cache
X-UPSTREAM-Address
X-Redis-Cache
X-Cache-Server
X-RN-RSRV
Meta-Geo
Cache-Tv-Group
X-Varnish-Cache-Hits
X-Section
X-Webkit-CSP
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Hosted-By
X-Content-Age
Azure-SlotName
X-UA-Device-Type
X-Ua
Azure-Version
Ec-Rule-Version
X-Web-Node
X-Generation-Time
X-Format
X-APP-VERSION
X-FB-TRIP-ID
X-Human
X-AOL-HN
X-PCL
X-OCL
X-No-Session
X-Access
X-Detected-As
X-Region
X-Say-Cacheable
X-Say-TTL
X-Cache-Type
X-SayCDN-TTL
X-Cache-Enabled
X-Request-Time
Webcakes-App-Name
Webcakes-App-Version
X-Akamai-Edgescape
Webcakes-Region
X-Nginx-Cache-Key
X-Content-Powered-By
Apigw-Requestid
X-Be
X-Generated-By
X-Storage
X-BYPASS-REASON
X-Cluster-Node
Fastly-SSL
TWC-Device-Class
TWC-Privacy
X-Uri
X-Urbn-Site-Id
TWC-GeoIP-Country
X-Sql-Count
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Server-W
X-Site-Version
S-Rt
Property-Id
X-PHP-Backend
Locale
X-Via-Fastly
X-Origin-Hint
X-ProxyCache-Key
X-Sql-Duration-Ms
X-Urbn-Context-Path
Mn-Server-Ip
X-ProxyCache-Status
X-Origin-Date
TWC-Connection-Speed
X-Mode
X-Unique-Id
X-Midtier
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Platform-Server
X-PERF
X-Forwarded-Host
CDN-Cache
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestId
CDN-RequestCountryCode
X-ShopId
X-ShardId
X-Xfnlog-Site
X-Ratelimit-Remaining
X-ApacheServer
X-Adobe-Source
X-Hyper-Cache
Eomportal-Instance
CDN-CachedAt
X-Cache-Host
X-Alternate-Cache-Key
CDN-Uid
X-Status
X-Debug-Cache
X-Cache-Tags
X-Backend-Name
X-Extlb
X-Proxied
X-ServerID
X-Tid
X-Varnishpool
X-Zipkin-Id
X-Handled-By
Webserver
X-Hl-Ver
X-SaId
X-JoinUs
X-NewRelic-App-Data
X-Routing-Service
X-PHP-Host
X-Locale
X-GG-Cache-Date
X-Labrador-Cache-Channel
X-Rule
X-Timing-Wait
X-Proxy-Build
Selected-Fe
X-TT-LOGID
X-Cache-Operation
X-VWS-Id
ServedBy
X-AWS-Id
X-LJ-Flow-ID
X-VC-Cache
X-Dc
X-Edge-Location
X-Storefront-Renderer-Rendered
X-LSADC-Cache
X-Cms-Context
X-Cache-Remote
X-Accel-Buffering
X-Soup
SID
X-Rewrite-Enabled
X-App-Version
X-Proto
X-Cached-By
Web-Mar-Node
Fastly-Drupal-Html
SRV
X-CDN-Forward
X-GEO
Onion-Location
Xserver
Load-Balancing
X-GeoCode
X-GeoCountry
Mime-Version
X-Pubstack
X-TA-CDN-Provider
X-Cdn
X-Varnish-Hostname
X-Reqid
Cache-Hits
Country-Code
X-Buckets
X-Microcachable
X-Request-Host
X-Origin-TTL
X-Origin-CC
X-Cluster
Decoy-Debug-TTL
X-Ratelimit-Limit
Decoy-Debug-Key
Decoy-Debug-Status
LB
X-Varnish-Hits
Server-Info
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Ms-Request-Id
X-Ms-Version
X-CSRF-Token
X-Envoy-Decorator-Operation
X-Magnolia-Registration
Xet-Cookie
X-Time
X-Air-Hostname
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-SpanId
X-NCache
X-Air-Source
X-Air-Trace-Id
DynaTrace
Cache
X-SRV
X-Bc-Bl
X-Tx-Id
DB-Nickname
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Ec-Custom-Error
X-Origin-Response-Time
X-Forwarded-Path
X-Gzip
X-Orig-Expires
X-Core-Mission
X-From
X-Connection-Hash
X-Conf
X-External-Request-Id
X-Esi-Check
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Ec-Fail
X-Fetched-On
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
X-ARC
Fastly-GeoIP-CountryCode
Expiry
X-NAPM-TraceId
X-Ig-Push-State
Odigeo-Trace-Id
MD5-Digest
X-Device-Os
BehaviorPad-Version
X-HS-Content-Campaign-Id
Meta-Geo-Continent
X-Hash
X-Geo-Header
A
Mobile-Detection-Method
NM-Fastcgi-Cache
Cdncip
Cdnsip
X-Destination
Cmstype
DCR-Decision-By
Rendered-Blocks
X-Developer
Cmsid
X-D
Lang
X-Ftr-Request-Id
Pramga
X-Vdms-Path
X-Node-Id
Sslversion
X-A-Ccd
X-Vtex-Remote-Cache
X-A
X-Sigma-Backend
X-Cache-NE
X-A-Dam
X-SVT-ORM-RULES
X-SRCache-Key
X-A-Dgt
X-A-Dcw
X-Cache-Info
X-Rocket-Build-Number
X-Shop-Environment
X-Session-Fingerprint
X-PAYTM-SRV-ID
X-SD-PageType
X-S-Cookie
X-Vtex-Processado-Em
X-Cache-Id
X-Rojux
X-S
X-Sigma
X-Webstats-RespID
X-SVT-ORM-VERSION
X-Aed
Host-ID
X-B-Cookie
Surrogated-Key
X-User
X-CF-Lambda-Version
X-AK-Request-ID
X-PBS-Appsvrname
X-Vdms-Version
X-Application
Xc-Version
X-CF-Lambda-Fn
T-Server
X-Cdn-Srv
X-A-Wwc
X-Tenant
X-VG-WebCache
X-TIM-N
X-Cache-Bucket
X-Processor
X-ScT
X-TrackingId
X-Varnish-Beresp-Grace
Cache-Name
Source
X-ZONE
X-R9-Blue-Green-Version
X-Varnish-Ttl
X-Core-Value
X-Cache-Backend
L
Req-Svc-Chain
TDXMobile
Thinkindot-CacheControl-Type
Release
Thinkindot-CacheControl
X-Block-Status
Is-Eu
X-Amzn-Remapped-Content-Length
Server-Host
X-Clara-WADP
X-Ckpd-Fst-Backend
Ssr
Thinkindot-Control
X-BBC-Edge-Cache-Status
State
Kp-EeAlive
Producers
We-Hiring
X-DefElseHash
Origin
Origin-CC
Web-Mar-Region
X-Cache-Date
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
Origin-EX
X-Developers
Machine
X-Dispatcher-Number
X-CacheTTL
X-DefHash
Platform
Traceparent
Memcached
User-Cache-Control
Mail-Subject
X-DPWN-IS-SECURE
X-Location
X-Wix-Viewer-Type
X-Worker
X-Pool
X-WADP-Cache
X-SB
X-Rocket-Nginx-Serving-Static
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-NodeID
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Origin
X-Origin-Time
X-Origin-Expires
X-Scheme
X-VServer
X-VG-TLSProxy
X-V-Cache
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Azure-Ref
X-TNCMS
X-Server-IP
X-Served-From
X-Skip-Cache
X-Slack-Backend
X-Thinkindot-L3
X-Loop
X-Planisys-CDN-Rules
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Gen-Mode
X-Gdpr
Apple-News-Services-Handled
X-Has-Esi
X-GeoIP
Adler-Geo
AKAMAI
X-Loc
X-Irp-Debug
X-Hnp-Log
Environment
X-Fmm-Version
X-LAGOON
X-Fastly-Cache
CloudFront-Viewer-Country
X-JWT-State
X-Is-Gdpr
X-Auto-Login
X-GeoIP-City
X-Gamma-Serve
X-VarnishDD-TTL
X-Generated-On
X-Viewer-Country
X-Via-NSCOPI
X-Branch-Name
X-SIPLIST1
X-Forwarded-Site
X-Sn-Servicetimems
X-Rebelmouse-Cache-Control
X-Via-Ucdn
X-Eu-Site
X-CGP
X-Httpd
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Minions-Version
X-Level-Front-Cache
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Platform
X-Pod-Name
X-RateLimit-Remaining-Second
X-Cdn-Origin
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-RateLimit-Limit-Second
X-Qloud-Router
X-Policy
X-HN
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Request-URI
X-Aicache-OS
Cluster
Redirect-Candidate
DSUID
PFcat
CDCHOST
CDN
Locid
Server-Hostname
Server-Ext
Fastcgi-Cache-TTL
Fastly-SIE
HA-Ipaddr
IsBot
L5d-Success-Class
Ha-Gx-Prefs
N-Cache
Fastly-SWR
Gh-Request-Id
NGX
Svr
Sever-Int
X-Xrds-Location
V-Age
Vix-Hermes-Req-Id
X-Srv
HostName
X-IPLB-Request-ID
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Arc-Country
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Optimistic-Header
X-Scale
X-Men
Ohc-File-Size
X-VC
X-Parent-Response-Time
X-Owner
X-CS
X-Response-By
X-Newrelic-Synthetics
X-EC-Lua
X-Old-Content-Length
X-Refresh
Pics-Label
X-Udemy-Cache-App-Namespace
Datacenter
Candidate-Md5Url
X-Ad-Defer-Variation
X-NC
X-Tb-Optimization-Total-Bytes-Saved
X-LB-NoCache
X-BCube-Filmed-By
Cache-Key
X-RPS
X-RSL
X-Tt-Logid
X-RPM
X-Wikidot-Backend
X-TraceId
X-Wikidot-Static-Cache
X-Ah-Environment
Servername
X-DI
X-DB
X-DSS
X-DW
Ms-Author-Via
AMP-Access-Control-Allow-Source-Origin
CPC-Age
X-Contensis-Viewer-Groups
X-Cache-ASPX
CPC-Cache
VNS-Age
XM
VNS-Cache
X-Mvc-Supplant-OutputCached
GEO-INFO
X-Edge-Pop
Memory
X-Accel-Expires-Debug
Env
X-SplitTest
X-RateLimit-Reset
Time
X-Date
X-Akamai-Transformed
X-GeoIP-Country-Code
Fastly-Backend-Name
X-WA-Info
X-GeoIP-Region-Code
X-Varnish-Authentication
X-Amz-Meta-Cb-Modifiedtime
X-Generated-In
X-Cache-Status-Check
X-TIME
X-Servedbyhost
Path
X-Via-Popn
X-Cache-Debug
X-Micro-Cache
X-Via-Popv
X-Via-Poph
X-AIR-PT
X-S-Maxage
Lb
X-CACHE-KEY
GeoIp-Country-Code
ITXSESSIONID
X-API-Version
X-HA-Backend
Fusion-Component-Id
Ohc-Cache-HIT
Geo-Info
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Cache-Host
Client
CacheControlHeader
X-VCL-Version
X-TH-Server
Geoip-Latitude
True-Client-Country-4JS
FSS-Cache
Server-ID
Ngx.Var.Host
X-Action
X-Vc
X-Cs
X-VHOST
X-Backend-TTL
X-Varnish-Beresp-TTL
X-Trace-ID
X-DC
X-Api-Version
True-Client-IP
XkeyRZ
X-Proxy-CacheRZ
X-Presslabs-Stats
Hostname
X-Clientip
X-Correlation-ID
X-FireWall-Port
X-Req
Edge-Cache
X-Fpc
Powered-By
X-Webkit-Csp-Report-Only
My-App
X-TX-ID
X-Provided-By
X-Zone
X-PX
X-Traceid
X-Pass-Why
NtCoent-Length
X-B3-Spanid
X-Origin-Upstream-Status
X-Up
X-Dmc
X-FPC
Test
X-MSEdge-Features
X-Varnish-Beresp-Ttl
X-MSEdge-Flight
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-Render-Time
X-CSRF-TOKEN
X-LB-ID
X-Cdn-Request-ID
X-HS-Status
X-INCAP-ABP
DataCenter
X-Beluga-Trace
X-Vcl-Version
X-Beluga-Response-Time
X-Beluga-Node
Rip
C-Via
User-Agent
X-Beluga-Record
X-Beluga-Status
X-Beluga-Cache-Status
Server-Id
X-Webkit-CSP-Report-Only
X-Li-Pop
Tube-Got-Results
X-Gateway-Cache-Status
X-Gateway-Request-Id
Click-Count-Error
Click-Count-Action-Start
Tube-Return
Proxy-Connection
X-LI-UUID
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-Li-Fabric
Tube-Got-Eval
Srvid
X-Service
X-UnsetCookies
Tube-Get-Contents
OT-Force-Account-Verify
X-TRACE-ID
X-M-Reqid
X-URL
Uri
GeoIP-Latitude
GeoIP-Country-Code
X-Alfa-Service
WZWS-RAY
X-Ha-Backend
X-Via-PopN
X-M-Log
X-Via-PopH
X-DynaTrace-JS-Agent
X-Qnm-Cache
X-Via-PopV
Esi-Enabled
X-ND-Cache
X-RAMCache
X-Time-Microsecs
HIT
MIME-Version
X-Dynatrace
Sid
On-Server
Resin-Trace
X-ServedByHost
X-CUA
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-ATG-Version
X-CCDN-Origin-Time
Cf-Device-Type
X-Fragments
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Epwk-X-Cache
X-Proxy-Cache-Hk
X-Geo
X-Platform-Processor
X-Platform-Cluster
Target-Params
X-Platform-Router
X-Fetch-By
Srv
Tracecode
X-LI-Proto
X-Cdn-Forward
Fastly-Drupal-HTML
Cdn
X-Var-Ttl
X-Fastly-Backend-Reqs
X-Sucuri-ID
X-Sucuri-Cache
X-Backend-Host
X-Fastly-Backend
Lfy
X-APP
X-FC-Vary-Parameters
ENV
Tcn
X-Azure-Ref-OriginShield
X-Esi
Section-Io-Origin-Status
X-Varnish-Beresp-Status
Section-Io-Id
X-Edge-POP
X-B3-Traceid-Primal
X-Lb-Nocache
X-App
XServer
Section-Io-Origin-Time-Seconds
X-Cache-Expires
Section-Origin-Responded
ServerName
X-Srcache-Fetch-Status
X-MG-S
X-LiteSpeed-Cache-Control
X-Srcache-Store-Status
PICS-Label
X-ElasticPress-Query
X-Newrelic-App-Data
X-NU-AKA-ACS-Version
X-Yottaa-OS
CF-Cached-On
X-Nc
Inserted-Into-Cache-At
Magicmarker
X-Li-Proto
X-Backend-State
X-HostName
Wpo-Cache-Status
WebServer
X-Edge-Origin-Shield-Region
X-Iplb-Request-Id
X-Vcache
X-Edge-Origin-Shield-Bytes
Wpo-Cache-Message
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Iplb-Instance
X-Acquia-Site
M-TraceId
X-Acquia-Application-UUID
Cf-Ipcountry
Server-Ttl
X-CF-Powered-By
X-Serial
X-Dw-Trace-Id
D-Url-Rewrites
Warning
Servedby
Content-Script-Type
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Content-Style-Type
X-B3-Parentspanid
X-Release
True-Client-Ip
X-Vercel-Id
X-Vercel-Cache
X-Back
X-BBC-Origin-Response-Status
X-Th-Server
X-Snapshot-Date
X-Storefront-Renderer-Verified
CountryCode
Ngx
X-Litespeed-Cache-Control
Cneonction
X-Request-Start
X-Request-Url
X-Cache-CFC
Fastcgi-Cache-Ttl
X-Request-URL
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Dist-Code