Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-Request-ID
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-TtlSet
X-PC
X-Vname
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Server-Name
X-FastCGI-Cache
Fastly-Restarts
Cache-Tag
X-ESI
X-Aws-Lambda-Call-Status
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-GitHub-Request-Id
X-MS-InvokeApp
X-Vcap-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-Cache-TTL
X-D2id
X-Abt-Application-Version
X-Cnection
X-Px
RTSS
X-Country-Code
Accept-Ch
Arr-Disable-Session-Affinity
X-Navigation-Version
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Goog-Hash
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Origin-Cache
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-SID
X-Powered-CMS
X-Version
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
TCN
X-Protected-By
X-RateLimit-Remaining
X-HP-Webp
X-Jurisdiction
X-T
X-HP-Trace-Id
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
Content-MD5
S
Edge-Cache-Tag
X-Language
X-Mid
Fastcgi-Cache
SPIisLatency
SPRequestDuration
Front-End-Https
Realpath
X-CST
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
X-DynaTrace
Server-Node
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-MCACHE
X-Frontend
Server-Name
X-Content
X-Ua-Browser
X-Ab
X-Correlation-Id
X-Ruxit-Js-Agent
X-Ttl
X-Ser
X-NWS-LOG-UUID
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-ECACHE
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-SharePointHealthScore
SPRequestGuid
X-Ezoic-Cdn
X-Template
X-Cache-Key
X-Hits
X-Parallel-Accel
Alternate-Protocol
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Source
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cache-Tags
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content-Options
Cleartype
MicrosoftSharePointTeamServices
X-B3-Sampled
X-Page-Id
Charset
Host
X-Www-Served-By
X-Git-Hash
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Hostname
X-Amz-Replication-Status
X-Content-Digest
X-Varnish-Age
X-Fastly-Request-Id
Filterid
X-Ratelimit-Limit
X-Activity-Id
X-Az
X-AppVersion
X-VCache
X-Upgrade-Enabled
X-Accel-Expires
Cross-Origin-Opener-Policy
X-FB-Debug
X-Forwarded-Proto
X-N
X-Nginx-Upstream-Cache-Status
X-Origin-Server
X-Grace
TP-Cache
X-F-Cache
TP-L2-Cache
X-Rid
ServerID
Access-Control-Allow-Method
X-Mobile-URL
X-WebKit-CSP-Report-Only
X-Flags
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-LB-Cache
X-Server-ID
X-TT
X-App-Environment
Viewport
X-Whom
X-Seen-By
X-Type
X-Tb
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-FW-Type
X-FW-Static
X-Varnish-Grace
X-FW-Serve
X-XRDS-LOCATION
X-FW-Hash
X-FW-Server
X-FW-Dynamic
X-Distributor
DC
Node
Paypal-Debug-Id
Payment
X-App-Server
X-User-Agent
Fastcgi-Useragent
X-DataDome
Country
Accept-Charset
X-Oneagent-Js-Injection
X-Wix-Request-Id
X-NGENIX-Cache
X-Cache-Control
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Cache-Rule
X-Fastly-Request-ID
Version
X-Logged-In
X-Via-JSL
X-Webkit-CSP
X-Request-Handler-Origin-Region
Referer-Policy
X-Drupal-Cache-Tags
X-Microsite
X-Ratelimit-Reset
Amp-Access-Control-Allow-Source-Origin
X-Cache-Age
X-Browser-Type
X-Oracle-Dms-Ecid
X-Cluster-Name
X-Erf-Bev-Bev-Is-Generated
X-Signature
Refresh
X-B-Cache
X-Oracle-Dms-Rid
X-Erf-Bev-Bev
X-Buckets
Cache-Status
X-Response-Served-From
X-Contextid
X-Varnish-Backend
X-Original-Request-Id
VIX-Pulpo-Node
X-Load-Cache
SD-X-WS
X-Node-Name
VIX-Pulpo-Upstream-Status
X-Page-View
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-Rendered-As
X-Is-Bot
X-Mobile
Access-Control-Request-Headers
NGB
X-Debug
X-Fastcgi-Cache
X-B
X-Real-IP
X-Jobs
X-Proxy-Cache-Status
X-Cacheable-TTL
X-Proxy
X-RemovedCookies
X-Revision
X-Instance
X-Yottaa-Optimizations
X-ProcessESI
X-Yottaa-Metrics
X-UUID
X-Tec-Api-Root
X-IPLB-Instance
X-Tec-Api-Origin
X-Tec-Api-Version
Akamai-GRN
X-Rule
X-Drupal-Cache-Contexts
X-Cache-Action
X-Debug-IsConnected
X-Debug-IsPreview
Surrogate-Key
X-Device-Type
X-Framework
X-Air-Trace-Id
X-FW-Version
X-G
X-Air-Source
X-Cache-Time
X-Air-Hostname
X-TEC-API-ROOT
CF-IPCountry
X-TEC-API-VERSION
X-TEC-API-ORIGIN
SID
DynaTrace
X-XRDS-Location
GEO-INFO
X-Azure-Ref
X-PressLabs-Stats
X-Accel-Buffering
Liferay-Portal
X-Source
X-APP-VERSION
X-Nginx-Cache
X-Ms-Request-Id
X-Ms-Version
Count-Hit
X-Presslabs-Stats
Uber-Trace-Id
X-Cache-Operation
X-Cache-NGX
Frame-Options
X-CDN-Forward
Healthy
X-RTag
X-EdgeConnect-Cache-Status
Ms-Operation-Id
MS-CV
X-Zen-Fury
X-Cache-Hit
Xserver
X-Tumblr-User
X-L-Path
X-Environment-Context
X-Varnish-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Mode
Cross-Origin-Window-Policy
Protected
Ec-Rule-Version
X-IPS-LoggedIn
X-RateLimit-Limit
Countrycode
X-Ratelimit-Remaining
X-Backend-Name
X-Cache-TTL-Remaining
X-Region
X-Servername
X-Forwarded-Host
X-Tid
X-Detected-As
Meta-Geo
X-JoinUs
X-RN-RSRV
X-SaId
Backend
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Adobe-Content
Apigw-Requestid
X-Cache-Grace
X-Adobe-Loc
LB
X-Debug-Cache
X-Alternate-Cache-Key
X-Content-Age
X-Hyper-Cache
Eomportal-Instance
X-Extlb
X-Hosted-By
X-Generation-Time
Decoy-Debug-TTL
X-Zipkin-Id
X-Sql-Count
X-Sql-Duration-Ms
X-Redis-Cache
Country-Code
X-Proxied
X-Sorting-Hat-PodId
X-Routing-Service
X-ShardId
X-ShopId
X-Shopify-Stage
X-Uri
X-Sorting-Hat-ShopId
Decoy-Debug-Key
Decoy-Debug-Status
WPO-Cache-Message
X-Format
X-TIME
WPO-Cache-Status
X-PHP-Backend
X-Content-Powered-By
X-PERF
Url
Mn-Server-Ip
X-Human
X-Site-Version
X-Via-Fastly
X-ApacheServer
X-FB-TRIP-ID
X-Varnish-Beresp-Grace
Section-Io-Cache
X-Status
Fastly-SSL
X-NCache
Cache-Name
X-Cache-Server
TWC-Device-Class
TWC-Connection-Speed
Cache-Tv-Group
Property-Id
Selected-Fe
X-Origin-Hint
X-No-Session
X-Microcachable
X-OCL
X-PCL
X-Access
X-Proxy-Build
X-Storage
X-Timing-Wait
X-Pubstack
X-Cache-Type
X-NYM-Debug-Backend
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Origin-Date
X-Cache-Host
Webcakes-Region
X-Section
TWC-GeoIP-Country
Webcakes-App-Version
X-NewRelic-App-Data
X-Server-W
X-UA-Device-Type
X-Varnishpool
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-BYPASS-REASON
X-Cluster-Node
X-ProxyCache-Key
X-Web-Node
X-Say-Cacheable
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
X-Say-TTL
CDN-Cache
CDN-CachedAt
X-Akamai-Edgescape
X-SayCDN-TTL
Content-Disposition
Azure-SiteName
Azure-Version
DB-Nickname
Azure-RegionName
Azure-InstanceId
X-Soup
X-ServerID
Azure-SlotName
X-Generated-By
Content-Secure-Policy
X-Azure-Ref-OriginShield
X-Be
X-Ua
X-Webkit-Csp
X-Hl-Ver
X-LSADC-Cache
OT-Force-Account-Verify
X-Nginx-Cache-Key
X-Cached-By
X-Trace-Id
Source
SRV
X-SRV
X-Bc-Bl
Cache
Retry-After
X-Unique-Id
X-LAGOON
X-Auto-Login
X-Dc
X-Platform-Server
X-Cache-Remote
X-GEO
X-TT-LOGID
X-Xfnlog-Site
Mime-Version
X-Varnish-Hits
X-Cdn
Xet-Cookie
Cache-Hits
X-Akamai-Transformed
X-Origin-TTL
X-TNCMS
X-Loop
X-Origin-CC
X-HTML-Minification-Powered-By
X-S-Maxage
Onion-Location
ServedBy
X-Cache-Tags
X-Varnish-Hostname
HostName
X-Varnish-Cache-Hits
X-Request-Time
Upgrade-Insecure-Requests
X-App-Version
X-EC-Lua
Web-Mar-Node
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
From-Origin
X-CSRF-Token
X-Amz-Meta-S3cmd-Attrs
X-AOL-HN
X-ECache
N-Cache
X-Request-Host
WP-Super-Cache
Webserver
X-Proto
X-Endurance-Cache-Level
X-Tenant
X-Cache-Var
X-Cache-Var-Map
X-Time
X-FireWall-Port
Nel
X-Cache-Enabled
X-B3-SpanId
X-Origin-Response-Time
X-GG-Cache-Date
X-Time-Microsecs
X-Correlation-ID
X-AWS-Id
X-LJ-Flow-ID
X-NWS-UUID-VERIFY
X-Handled-By
X-VWS-Id
X-Edge-Location
Mobile-Detection-Method
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-CF-Lambda-Fn
X-PBS-Appsvrname
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-Planisys-CDN-TTL
X-CF-Lambda-Version
X-Cache-NE
X-ND-Cache
X-External-Request-Id
DCR-Decision-By
DCR-Processing-Time-Ms
Expiry
X-Ig-Push-State
X-Hnp-Log
X-Gen-Mode
BehaviorPad-Version
X-Ftr-Request-Id
X-Forwarded-Path
Fastcgi-X-Cache-Version
X-Developer
X-Connection-Hash
X-Orig-Expires
X-Conf
X-Cluster
X-D
X-Destination
X-NAPM-TraceId
X-Processor
X-Vdms-Path
X-Ckpd-Fst-Backend
X-Block-Status
X-SRCache-Key
X-A-Dgt
Surrogated-Key
X-A-Dcw
Sslversion
X-A-Wwc
X-Vtex-Remote-Cache
X-Aed
X-Session-Fingerprint
X-Shop-Environment
X-A-Dam
X-A-Ccd
User-Cache-Control
X-VG-WebCache
X-Vdms-Version
V-Age
X-V-Cache
X-Mg-Request-UUID
X-Vtex-Processado-Em
X-A
X-TIM-N
X-SD-PageType
X-Slack-Backend
X-Application
Pramga
Redirect-Candidate
X-Via-NSCOPI
X-ARC
X-B-Cookie
Vix-Hermes-Req-Id
Odigeo-Trace-Id
Xc-Version
X-Rojux
A
Rendered-Blocks
X-S
X-ScT
X-Aicache-OS
X-S-Cookie
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-PHP-Host
CloudFront-Viewer-Country
X-Forwarded-Site
X-Date
X-Fastly-Cache
X-Cache-Bucket
Svr
Fastcgi-Cache-TTL
X-Cdn-Srv
AKAMAI
Arc-Country
State
CDCHOST
DSUID
X-Accel-Expires-Debug
Origin
Cmsid
Cmstype
X-Cache-Date
Wxu-Next-Region
Wxu-Next-Commit
True-Client-Country-4JS
Wxu-Next-Hostname
Host-ID
X-NodeID
Fastly-Drupal-Html
X-Server-IP
X-Old-Content-Length
X-Nyt-Route
X-Webstats-RespID
X-Sucuri-ID
X-Sucuri-Cache
X-Location
X-Origin-Expires
X-Origin-Time
X-Request-URI
X-RCS-CacheZone
X-Proxy-Upstream
X-Scheme
X-Gdpr
X-Epic-Correlation-Id
X-Owner
X-Backend-TTL
X-LI-UUID
X-Men
X-Li-Fabric
X-Li-Pop
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Viewer-Country
X-Geo-Header
X-Adobe-Source
Environment
X-MP-GENERATED-AT
X-Magnolia-Registration
X-Reqid
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Backend-State
X-RateLimit-Remaining-Second
X-VarnishDD-TTL
X-Region-Sid
X-Req
X-TrackingId
X-Origin
X-Sn-Servicetimems
X-Storefront-Renderer-Rendered
X-Rocket-Nginx-Serving-Static
X-Skip-Cache
X-TH-Server
X-UnsetCookies
X-Served-From
X-VServer
Web-Mar-Region
Apple-News-Services-Request-Url
X-Level-Front-Cache
X-Fastly-Backend
X-Esi-Check
X-Envoy-Decorator-Operation
X-Developers
X-Device-Os
X-HS-Content-Campaign-Id
X-HN
X-Generated-On
X-Gamma-Serve
X-Gzip
X-Hash
X-Fetched-On
X-Locale
X-Mvc-Supplant-Cachable
X-Cache-Debug
X-Policy
Apple-News-Services-Handled
X-GeoIP-Region-Code
X-Branch-Name
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Core-Value
X-GeoIP-Country-Code
X-Core-Mission
X-Cache-Info
X-Cdn-Origin
X-RateLimit-Limit-Second
X-Cache-Id
Gh-Request-Id
X-Qnm-Cache
Origin-CC
Ssr
PFcat
CacheControlHeader
Server-Host
Machine
Locid
L
Server-Info
X-M-Log
Origin-EX
Traceparent
X-M-Reqid
Release
X-Xrds-Location
X-DefHash
Fastly-SWR
X-DefElseHash
X-Csrf-Jwt
X-VC-Cache
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Rebelmouse-Surrogate-Control
S-Rt
Adler-Geo
X-Node-Id
X-NU-AKA-ACS-Version
X-JWT-State
X-Is-Gdpr
X-GeoIP-City
X-GeoIP
X-Irp-Debug
X-Tx-Id
X-Platform
X-DPWN-IS-SECURE
X-Zone
X-Request-Start
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Pod-Name
Cf-Device-Type
X-Eu-Site
Fastly-SIE
L5d-Success-Class
Fastly-GeoIP-CountryCode
Req-Svc-Chain
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Amzn-Remapped-Content-Length
X-BBC-Edge-Cache-Status
Thinkindot-Control
We-Hiring
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Varnish-CookieHashed-On
Platform
Mail-Subject
X-Has-Esi
X-Thanos
X-ATG-Version
X-CGP
X-Variation
X-Bip
X-Thinkindot-L3
X-Ua-Device
X-Varnish-Beresp-Ttl
Memcached
Magicmarker
X-Sigma
X-Rocket-Build-Number
X-Sigma-Backend
X-FC-Vary-Parameters
NM-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-CLOUD-TRACE-CONTEXT
X-Loc
NGX
X-CS
X-Response-By
X-Trace-ID
X-Restarts
X-Mvc-Supplant-OutputCached
X-Http-Reason
X-NC
X-Up
X-Cache-Config
X-API-Version
X-Akamai-Request-ID2
X-Esi
CDN
Ms-Author-Via
Pics-Label
X-LB-ID
X-Tt-Logid
X-CACHE-KEY
Datacenter
Edge-Cache
X-RPS
X-Cache-Backend
X-DB
X-Action
X-DW
Env
Kp-EeAlive
X-LB-NoCache
X-RPM
X-Generated-In
X-Wix-Viewer-Type
X-TraceId
X-RSL
X-DI
X-DSS
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Poph
X-Varnish-Ttl
Memory
X-Refresh
Candidate-Md5Url
WebServer
X-Via-Popv
X-Optimistic-Header
Time
X-DC
X-Via-Popn
X-Vc
Accept-Language
X-Datadome
X-Edge-Pop
X-Minions-Version
X-DynaTrace-JS-Agent
WWW-Authenticate
GeoIp-Country-Code
X-HA-Backend
On-Server
X-CacheTTL
Esi-Enabled
X-Servedbyhost
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Parent-Response-Time
X-Srv
X-Unique-ID
Server-ID
X-ZONE
X-MSEdge-Features
X-MSEdge-Flight
X-Varnish-Beresp-TTL
X-Cs
X-Newrelic-Synthetics
C-Via
X-User
X-Service
X-Ec-Fail
X-Ec-GeoHdr
X-TA-CDN-Provider
X-TX-ID
X-VCL-Version
X-Cache-PHP
X-Fpc
X-Traceid
X-Cache-Ttl
X-LI-Proto
X-App
X-URL
X-Dynatrace
X-Cache-Status-Check
Cdncip
X-AK-Request-ID
Test
X-Webkit-Csp-Report-Only
Cdnsip
X-Li-Proto
X-Render-Time
X-Pass-Why
X-Clara-WADP
My-App
X-LiteSpeed-Cache-Control
X-FPC
X-WADP-Cache
Cluster
X-Fmm-Version
X-B3-Spanid
Proxy-Connection
X-Webkit-CSP-Report-Only
X-NODE
Resin-Trace
X-Var-Ttl
X-Vcl-Version
Geoip-Latitude
Tracecode
X-CUA
X-Mcache
M-TraceId
T-Server
X-CSRF-TOKEN
Server-Id
X-From
Lfy
Geo-Info
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
X-Clientip
Lang
X-Fragments
Hostname
X-AIR-PT
X-Info
Cache-Host
X-LiteSpeed-Tag
UCS
Target-Params
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
HIT
X-Ha-Backend
X-ID
DataCenter
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
GeoIP-Country-Code
Hit
X-RAMCache
S-Cnection
X-ServedByHost
X-Pad
X-Geo
X-VC
X-Dynatrace-Js-Agent
Tcn
X-Edge-POP
X-Via-PopH
MIME-Version
Ohc-File-Size
X-Cdn-Forward
X-Via-PopN
X-Via-PopV
Fastly-Backend-Name
ENV
User-Agent
X-Edge-Cache
X-Check-Cacheable
X-Api-Version
Load-Balancing
X-Httpd
X-Proxy-Cache-Info
Permissions-Policy
X-Provided-By
X-Micro-Cache
X-NGINX-Cache
X-ElasticPress-Query
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Backend-Host
X-Ucs
X-HS-Status
X-Release
Servername
WZWS-RAY
X-BBC-Origin-Response-Status
Producers
X-Fastly-Backend-Reqs
X-ServerName
X-HostName
FSS-Cache
PICS-Label
Uri
X-GoCache-CacheStatus
X-APP
X-SB
URI
X-Cache-CFC
X-UP
X-BCube-Filmed-By
ServerName
X-Lb-Nocache
X-TRACE-ID
X-Lb-Id
X-Nc
Cdn
X-Platform-Router
X-RateLimit-Reset
X-Platform-Processor
X-Swift-Error
X-Platform-Cluster
X-Pool
Server-Ttl
X-Cdn-Request-ID
X-Fastly-Cache-Hits
Ohc-Cache-HIT
EpKe-Alive
Cneonction
Cteonnt-Length
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-Scale
X-Akamai-ERRuleID
X-Acquia-Application-UUID
X-Acquia-Site
X-Akamai-Request-ID
X-Acquia-Purge-Tags
X-Ec-Custom-Error
Cache-Key
X-Akamai-ERPolicy
X-Acquia-Application-Trace
Path
VNS-Age
X-Snapshot-Date
CF-Cached-On
Vha6-Origin
X-Yottaa-OS
X-Apw-Access-Action
Cf-Ipcountry
X-WA-Info
X-Apw-Access-Object
X-WA
X-Apw-Access-Token
X-B3-ParentSpanId
X-Apw-Hits
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Amz-Meta-Cb-Modifiedtime
Shield-Pop
VNS-Cache
CPC-Cache
CPC-Age
X-Vcache
X-Newrelic-App-Data
X-Cache-Ngx
Lb
X-Air-Pt
Sid
X-Logging-Id
X-IN-APIGATEWAYSSL
X-SIPLIST1
GeoIP-Latitude
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAY
X-Wikidot-Static-Cache
X-Dispatcher-Number
X-Wikidot-Backend
X-Cache-Expires
IsBot
X-Akamai-Pragma-Client-IP
X-Http-Count
X-Http-Duration-Ms
X-ES-SERVER
X-Sentry-ID
Ngx
X-Te-Count
X-Te-Duration-Ms
X-UA
X-CacheKey
X-Last-Modified
Req-ID
CountryCode
X-Varnish-Authentication