Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Backend
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
Accept-CH
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
X-Ruxit-JS-Agent
X-Country
Accept-CH-Lifetime
X-B3-TraceId
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-PC
X-TtlSet
Allow
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Varnish-TTL
X-ESI
X-FastCGI-Cache
X-Server-Name
Fastly-Restarts
Cache-Tag
X-VARITI-CCR
Service-Worker-Allowed
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Aws-Lambda-Call-Status
X-Upstream
X-MS-InvokeApp
MS-Author-Via
X-GitHub-Request-Id
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cnection
X-Px
X-ORACLE-DMS-ECID
X-Cache-TTL
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
X-Country-Code
RTSS
X-Navigation-Version
Access-Control-Request-Method
X-Origin-Cache
X-Goog-Hash
X-Powered-By-Plesk
X-NF-Request-ID
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Instrumentation
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Kraken-Loop-Name
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Server-Lifecycle-Phase
AR-Request-ID
AR-CACHE
AR-PoweredBy
AR-SID
AR-ATIME
X-Powered-CMS
X-Version
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Amz-Server-Side-Encryption
X-Middleton-Response
Response
X-MSEdge-Ref
X-LLID
Accept-Ch
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TTL
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
X-RateLimit-Remaining
Nginx-Cache
MRF-Tech
Mrf-Cache-Status
TCN
X-B3-TraceId-Primal
X-Protected-By
X-Jurisdiction
X-HP-Webp
X-Shield-Request-Id
X-HP-Trace-Id
X-T
X-Forwarded-For
X-Content-Security-Policy-Report-Only
S
X-Aspnetmvc-Version
X-Id
X-Mg-S
Content-MD5
Edge-Cache-Tag
X-Mid
Fastcgi-Cache
Realpath
SPIisLatency
SPRequestDuration
X-Language
Front-End-Https
X-Recruiting
X-Request-Processing-Time
X-Request-Received
X-MCACHE
Filters
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-CST
Server-Node
X-Ruxit-Js-Agent
X-Content
X-Ua-Browser
X-Ab
Server-Name
X-Frontend
X-DynaTrace
X-Ttl
X-HS-Hub-Id
X-HS-Cache-Config
X-ECACHE
X-HS-Content-Id
X-NWS-LOG-UUID
X-HS-Combine-CSS
X-SharePointHealthScore
X-Yandex-Sdch-Disable
SPRequestGuid
X-Ser
X-Correlation-Id
X-Ezoic-Cdn
X-Cache-Key
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
X-Parallel-Accel
X-Hits
X-Template
Alternate-Protocol
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
MicrosoftSharePointTeamServices
X-Content-Options
X-Kong-Proxy-Latency
X-Page-Id
X-Kong-Upstream-Latency
Charset
Host
X-B3-Sampled
X-Git-Hash
Cleartype
X-Webkit-CSP
X-Www-Served-By
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Amz-Replication-Status
X-Hostname
X-Content-Digest
Filterid
X-Accel-Expires
X-Fastly-Request-Id
X-Varnish-Age
X-Activity-Id
X-AppVersion
X-Az
X-FB-Debug
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-Upgrade-Enabled
X-VCache
X-Rid
TP-L2-Cache
TP-Cache
X-Grace
X-Origin-Server
X-N
X-Nginx-Upstream-Cache-Status
Access-Control-Allow-Method
X-F-Cache
ServerID
X-LB-Cache
X-Mobile-URL
X-Server-ID
X-Whom
X-Request-Guid
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Ratelimit-Limit
X-Goog-Generation
X-GUploader-UploadID
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Flags
X-TT
X-Tb
X-App-Environment
X-XRDS-LOCATION
X-Type
X-WebKit-CSP-Report-Only
Viewport
X-Seen-By
X-Varnish-Grace
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
Payment
Node
X-Oneagent-Js-Injection
X-FW-Type
X-FW-Static
X-Distributor
X-App-Server
DC
Paypal-Debug-Id
X-User-Agent
X-Origin-Upstream-Status
Fastcgi-Useragent
X-NGENIX-Cache
Country
X-Cache-Control
X-Wix-Request-Id
Accept-Charset
X-Litespeed-Cache
X-Cache-Rule
X-Logged-In
Version
X-Fastly-Request-ID
X-DataDome
X-Via-JSL
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Age
X-Drupal-Cache-Tags
Referer-Policy
X-Tec-Api-Origin
X-Browser-Type
X-Tec-Api-Root
X-Erf-Bev-Bev-Is-Generated
X-Tec-Api-Version
X-Erf-Bev-Bev
X-Cluster-Name
X-Varnish-Backend
X-Load-Cache
X-Signature
Cache-Status
X-B-Cache
Refresh
X-Contextid
X-Buckets
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
X-Response-Served-From
Access-Control-Request-Headers
X-Mobile
X-Node-Name
SD-X-WS
VIX-Pulpo-Node
X-Proxy-Cache-Status
X-Rendered-As
X-Ratelimit-Reset
X-Is-Bot
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-Jobs
NGB
X-Cacheable-TTL
X-Page-View
X-UUID
X-Debug
X-B
Amp-Access-Control-Allow-Source-Origin
X-Cache-Action
X-ProcessESI
X-RemovedCookies
X-Yottaa-Metrics
X-Fastcgi-Cache
X-Real-IP
X-Yottaa-Optimizations
X-Revision
X-Rule
X-Device-Type
X-Instance
X-Proxy
X-IPLB-Instance
Akamai-GRN
X-Cache-Time
Surrogate-Key
X-G
X-Framework
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Debug-IsConnected
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-FW-Version
SID
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
DynaTrace
X-PressLabs-Stats
CF-IPCountry
X-XRDS-Location
Liferay-Portal
X-Azure-Ref
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Nginx-Cache
X-Cache-Operation
X-Ms-Version
X-Ms-Request-Id
Count-Hit
X-Source
GEO-INFO
X-Accel-Buffering
Healthy
Frame-Options
X-Presslabs-Stats
Uber-Trace-Id
Ms-Operation-Id
X-CDN-Forward
MS-CV
X-RTag
X-EdgeConnect-Cache-Status
X-RateLimit-Limit
X-APP-VERSION
X-Cache-NGX
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Environment-Context
X-L-Path
Xserver
X-Zen-Fury
X-Tumblr-User
Countrycode
X-Tumblr-Pixel-1
X-Varnish-Server
X-Mode
X-Backend-Name
X-Cache-Hit
Cross-Origin-Window-Policy
Ec-Rule-Version
X-IPS-LoggedIn
X-Region
X-Servername
X-Forwarded-Host
X-Cache-TTL-Remaining
Protected
X-Content-Powered-By
Backend
X-Detected-As
X-UPSTREAM-Address
X-SaId
X-Rewrite-Enabled
X-JoinUs
X-Cache-Type
X-RN-RSRV
X-Tid
Meta-Geo
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Human
X-Zipkin-Id
X-Proxied
Apigw-Requestid
X-Sql-Count
Eomportal-Instance
Decoy-Debug-TTL
Decoy-Debug-Status
Country-Code
X-Alternate-Cache-Key
X-ShardId
X-Generation-Time
X-Hosted-By
X-Extlb
X-Debug-Cache
X-Cache-Server
Section-Io-Cache
X-ShopId
X-Routing-Service
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Grace
X-Uri
Decoy-Debug-Key
X-Sql-Duration-Ms
X-Redis-Cache
X-Cache-Grace
X-NCache
X-BYPASS-REASON
X-Storage
X-ApacheServer
X-Via-Fastly
X-ProxyCache-Key
X-Origin-Date
Cache-Name
Cache-Tv-Group
Fastly-SSL
X-Soup
X-ProxyCache-Status
X-PERF
Mn-Server-Ip
Url
X-Status
X-PHP-Backend
X-Format
X-Site-Version
X-No-Session
X-Microcachable
X-UA-Device-Type
X-FB-TRIP-ID
X-Content-Age
X-ServerID
Property-Id
X-NYM-Debug-Backend
Selected-Fe
TWC-Connection-Speed
TWC-Device-Class
X-Pubstack
X-Cache-Host
X-Web-Node
X-Say-TTL
X-Proxy-Build
X-Timing-Wait
X-Server-W
X-Origin-Hint
X-OCL
TWC-GeoIP-Country
Webcakes-Region
Webcakes-App-Version
X-Access
X-Adobe-Content
X-Adobe-Loc
X-Cluster-Node
X-Say-Cacheable
X-PCL
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
X-SayCDN-TTL
X-Section
X-Akamai-Edgescape
Webcakes-App-Name
X-Hyper-Cache
X-Varnishpool
Azure-RegionName
Azure-InstanceId
LB
DB-Nickname
X-Hl-Ver
X-R9-Blue-Green-Version
Azure-SiteName
Azure-Version
Azure-SlotName
CDN-RequestId
CDN-Uid
X-Be
Content-Secure-Policy
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
X-NewRelic-App-Data
CDN-Cache
WPO-Cache-Message
WPO-Cache-Status
OT-Force-Account-Verify
X-Webkit-Csp
Content-Disposition
X-Ua
X-Azure-Ref-OriginShield
X-Generated-By
X-LSADC-Cache
X-Trace-Id
X-TIME
SRV
X-Cached-By
Source
Cache
X-Nginx-Cache-Key
X-Dc
X-TT-LOGID
X-Ratelimit-Remaining
X-Bc-Bl
X-Unique-Id
X-LAGOON
X-App-Version
X-SRV
Cache-Hits
Retry-After
X-Auto-Login
X-Origin-CC
X-Origin-TTL
X-Cache-Remote
Xet-Cookie
X-Varnish-Hits
X-Platform-Server
X-Loop
X-Akamai-Transformed
X-Cdn
X-TNCMS
X-Varnish-Hostname
Onion-Location
X-S-Maxage
X-Correlation-ID
HostName
X-Xfnlog-Site
X-GEO
X-HTML-Minification-Powered-By
X-Amz-Meta-S3cmd-Attrs
Mime-Version
X-CSRF-Token
ServedBy
X-Varnish-Cache-Hits
X-Time
Web-Mar-Node
Upgrade-Insecure-Requests
X-Cache-Tags
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Request-Time
X-Proto
Webserver
X-AOL-HN
X-Cache-Var-Map
X-EC-Lua
X-Cache-Var
X-ECache
X-Tenant
N-Cache
X-Endurance-Cache-Level
X-Time-Microsecs
X-FireWall-Port
WP-Super-Cache
X-LJ-Flow-ID
X-Edge-Location
X-AWS-Id
X-VWS-Id
From-Origin
X-Request-Host
X-GG-Cache-Date
Nel
CloudFront-Viewer-Country
X-B3-SpanId
X-Origin-Response-Time
X-Via-NSCOPI
X-Cache-Enabled
X-Mg-Request-UUID
X-ARC
X-ND-Cache
X-PAYTM-SRV-ID
X-Orig-Expires
X-A
X-PBS-Appsvrname
X-A-Dam
X-Planisys-CDN-Cache
X-B-Cookie
X-Aed
X-Planisys-CDN-Rules
X-A-Ccd
X-A-Dcw
X-NAPM-TraceId
Vix-Hermes-Req-Id
Origin
X-Conf
X-Cluster
X-Connection-Hash
X-Cache-Date
X-Block-Status
Mobile-Detection-Method
Odigeo-Trace-Id
Surrogated-Key
X-Ckpd-Fst-Backend
Rendered-Blocks
X-CF-Lambda-Fn
X-Cache-NE
Redirect-Candidate
Pramga
Sslversion
X-CF-Lambda-Version
X-Application
Meta-Geo-Continent
X-D
X-Forwarded-Path
DCR-Decision-By
DCR-Processing-Time-Ms
X-Ftr-Request-Id
X-Gen-Mode
A
X-Hnp-Log
BehaviorPad-Version
DSUID
Expiry
X-Developer
X-A-Dgt
X-Destination
User-Cache-Control
X-A-Wwc
Fastcgi-X-Cache-Version
X-External-Request-Id
V-Age
X-Ig-Push-State
X-Processor
X-Slack-Backend
X-PHP-Host
X-SVT-ORM-RULES
X-Labrador-Cache-Channel
X-Shop-Environment
X-Session-Fingerprint
X-S
X-S-Cookie
X-ScT
X-SD-PageType
X-SVT-ORM-VERSION
X-TIM-N
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Amz-Apigw-Id
X-Amzn-RequestId
X-V-Cache
X-Vdms-Path
X-Vdms-Version
X-Rojux
X-SRCache-Key
X-Aicache-OS
X-Planisys-CDN-TTL
X-Qnm-Cache
X-M-Reqid
X-Handled-By
AMP-Access-Control-Allow-Source-Origin
X-MP-GENERATED-AT
X-M-Log
X-Sucuri-ID
X-RCS-CacheZone
Release
X-Core-Mission
Origin-EX
Origin-CC
X-Mvc-Supplant-Cachable
X-Device-Os
Gh-Request-Id
X-Epic-Correlation-Id
Host-ID
X-Old-Content-Length
X-NWS-UUID-VERIFY
X-Date
X-Origin-Expires
X-Sucuri-Cache
Ssr
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Proxy-Upstream
X-Viewer-Country
X-VServer
X-Accel-Expires-Debug
X-Webstats-RespID
X-Policy
X-Owner
Fastly-Drupal-Html
Svr
X-Origin-Time
State
Fastcgi-Cache-TTL
X-Cache-Info
X-Varnish-Beresp-Status
True-Client-Country-4JS
Traceparent
X-Cache-Bucket
X-Cdn-Srv
L
CacheControlHeader
X-Geo-Header
X-NodeID
X-Gdpr
X-Request-URI
X-LI-UUID
X-Server-IP
Arc-Country
AKAMAI
X-Served-From
X-Scheme
X-Hash
X-Li-Pop
X-Li-Fabric
Cmsid
CDCHOST
X-Fetched-On
X-Nyt-Route
X-Skip-Cache
X-Location
X-Men
X-Forwarded-Site
Cmstype
X-Fastly-Cache
X-Rocket-Nginx-Serving-Static
Environment
X-Magnolia-Registration
Server-Info
X-Zone
X-Locale
X-Varnish-Ttl
X-Reqid
X-ATG-Version
X-Req
X-Cache-Debug
X-Cache-Id
X-HS-Content-Campaign-Id
X-Request-Start
X-Irp-Debug
X-Level-Front-Cache
X-Rocket-Build-Number
X-Platform
X-BBC-Edge-Cache-Status
X-VG-TLSProxy
X-Backend-TTL
X-VarnishDD-TTL
X-RateLimit-Limit-Second
X-Bip
X-Gzip
X-Gamma-Serve
X-Region-Sid
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Storefront-Renderer-Rendered
X-Datadog-Parent-Id
X-Developers
X-Sigma
X-Eu-Site
X-Sn-Servicetimems
X-Esi-Check
X-Envoy-Decorator-Operation
X-Sigma-Backend
X-Csrf-Jwt
X-Core-Value
X-Thinkindot-L3
X-Fastly-Backend
X-HN
X-Cdn-Origin
X-UnsetCookies
X-TrackingId
X-Thanos
X-TH-Server
X-GeoIP
X-Generated-On
X-GeoIP-City
X-CGP
X-RateLimit-Remaining-Second
X-Node-Id
X-Branch-Name
Req-Svc-Chain
PFcat
Mail-Subject
Server-Host
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Locid
L5d-Success-Class
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Fastly-GeoIP-CountryCode
HA-Ipaddr
Ha-Gx-Prefs
Thinkindot-Control
Machine
X-Adobe-Source
Web-Mar-Region
We-Hiring
X-Xrds-Location
X-VC-Cache
X-Rebelmouse-Surrogate-Control
Fastly-SIE
X-Rebelmouse-Cache-Control
X-DefHash
Is-Eu
X-Qloud-Router
Fastly-SWR
X-Response-By
X-FC-Vary-Parameters
Adler-Geo
X-Loc
X-Is-Gdpr
X-JWT-State
X-Amzn-Remapped-Content-Length
X-Has-Esi
X-Pod-Name
Cf-Device-Type
X-NU-AKA-ACS-Version
X-Worker
X-DefElseHash
X-DPWN-IS-SECURE
X-GeoIP-Region-Code
X-Origin
NM-Fastcgi-Cache
Platform
X-GeoIP-Country-Code
X-Variation
X-Varnish-CookieHashed-On
NGX
X-Varnish-CookieINHashed-On
Memcached
X-Backend-State
X-Varnish-Remaining-TTL
X-Varnish-Beresp-Ttl
X-Ua-Device
X-Cache-Config
X-CLOUD-TRACE-CONTEXT
X-Mvc-Supplant-OutputCached
X-CS
X-Tx-Id
S-Rt
X-LB-ID
X-CACHE-KEY
Magicmarker
X-API-Version
X-Up
X-Datadome
X-Trace-ID
Kp-EeAlive
X-NC
X-Restarts
Ms-Author-Via
X-Generated-In
Pics-Label
CDN
Time
Datacenter
Memory
X-Http-Reason
X-Akamai-Request-ID2
Candidate-Md5Url
X-LB-NoCache
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
NtCoent-Length
X-DB
X-DI
X-DSS
X-DW
X-Wix-Viewer-Type
X-Edge-Pop
X-Cache-Backend
Env
X-Optimistic-Header
X-Action
X-RPM
WebServer
X-Via-Popn
X-Via-Popv
X-RSL
X-RPS
X-Via-Poph
X-Tt-Logid
X-DynaTrace-JS-Agent
Edge-Cache
WWW-Authenticate
X-Vc
X-Cache-Ttl
On-Server
X-Refresh
X-Srv
Esi-Enabled
X-Minions-Version
X-TA-CDN-Provider
X-DC
GeoIp-Country-Code
X-CacheTTL
Accept-Language
X-Parent-Response-Time
X-Esi
X-Servedbyhost
X-HA-Backend
X-Dynatrace
X-Service
X-MSEdge-Features
X-Varnish-Beresp-TTL
Server-ID
X-TX-ID
X-Unique-ID
X-MSEdge-Flight
C-Via
X-Cs
X-Urbn-Site-Id
X-Cache-PHP
X-Urbn-Context-Path
Locale
X-Newrelic-Synthetics
X-ZONE
X-Ec-GeoHdr
X-Webkit-CSP-Report-Only
X-User
X-Ec-Fail
X-Cache-Status-Check
X-Traceid
X-VCL-Version
X-App
X-Render-Time
X-LI-Proto
X-Fpc
X-URL
X-Webkit-Csp-Report-Only
Test
X-Li-Proto
X-LiteSpeed-Cache-Control
X-FPC
X-AK-Request-ID
X-Vcl-Version
Cdnsip
Cdncip
X-B3-Spanid
X-Pass-Why
Proxy-Connection
X-NODE
My-App
Cluster
X-Clara-WADP
X-Fmm-Version
Geo-Info
Server-Id
X-WADP-Cache
X-Mcache
X-Clientip
M-TraceId
X-AIR-PT
X-CUA
Tracecode
Resin-Trace
Geoip-Latitude
X-Info
X-Oss-Request-Id
Fastly-Drupal-HTML
Lfy
X-Oss-Object-Type
X-Oss-Server-Time
X-Var-Ttl
HIT
Cache-Host
UCS
X-Oss-Hash-Crc64ecma
T-Server
X-From
X-LiteSpeed-Tag
X-Oss-Storage-Class
Cf-Int-Pingora-Origin-Digest
X-CSRF-TOKEN
S-Cnection
X-Fragments
X-ID
X-Geo
DataCenter
GeoIP-Country-Code
X-Ha-Backend
Lang
MIME-Version
Hostname
Ohc-File-Size
X-Pad
Hit
Target-Params
Tcn
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-ServedByHost
X-VC
X-Dynatrace-Js-Agent
X-Via-PopH
X-Via-PopN
X-ElasticPress-Query
User-Agent
X-Micro-Cache
X-Edge-POP
ENV
X-Via-PopV
X-RAMCache
X-Cdn-Forward
Fastly-Backend-Name
X-HostName
X-Edge-Cache
X-BBC-Origin-Response-Status
Section-Io-Origin-Status
X-Backend-Host
Section-Io-Id
X-Api-Version
X-Release
X-NGINX-Cache
Load-Balancing
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Check-Cacheable
X-Httpd
X-BCube-Filmed-By
X-Ucs
X-APP
X-Proxy-Cache-Info
X-Lb-Nocache
Servername
X-ServerName
X-Fastly-Backend-Reqs
X-HS-Status
Permissions-Policy
X-Provided-By
X-GoCache-CacheStatus
X-UP
FSS-Cache
ServerName
Producers
PICS-Label
EpKe-Alive
X-Nc
Cf-Ipcountry
Uri
URI
X-TRACE-ID
Lb
WZWS-RAY
Cache-Key
CPC-Age
Cteonnt-Length
CPC-Cache
X-RateLimit-Reset
Cdn
Ohc-Cache-HIT
X-WA
X-Swift-Error
X-Amz-Meta-Cb-Modifiedtime
X-Lb-Id
Server-Ttl
X-Fastly-Cache-Hits
X-Cache-CFC
X-Cdn-Request-ID
X-Pool
X-SB
X-Udemy-Cache-App-Namespace
X-B3-ParentSpanId
Path
Cneonction
VNS-Age
VNS-Cache
X-WA-Info
X-Dw-Trace-Id
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Snapshot-Date
X-Contensis-Viewer-Groups
X-Acquia-Site
X-Wikidot-Backend
X-ES-SERVER
X-Yottaa-OS
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Akamai-Request-ID
Vha6-Origin
CF-Cached-On
X-Acquia-Purge-Tags
X-Cache-ASPX
X-Apw-Hits
X-Wikidot-Static-Cache
X-Vcache
X-Acquia-Application-UUID
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Access-Object
Shield-Pop
X-Newrelic-App-Data
X-Acquia-Application-Trace
Sid
X-Air-Pt
X-Cache-Ngx
X-Shopify-Generated-Cart-Token
Req-ID
X-Scale
X-Sentry-ID
X-UA
Ngx
X-Ec-Custom-Error
GeoIP-Latitude
Pagetype
X-Te-Duration-Ms
X-Akamai-Pragma-Client-IP
X-Te-Count
X-Http-Duration-Ms
X-Http-Count
X-Varnish-Authentication
X-PJAX-URL
X-Logging-Id
CountryCode
X-Cms-Context
X-Last-Modified
X-CacheKey