Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Akamai-Path-Stats
X-Dns-Prefetch-Control
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
X-WebKit-CSP
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Cache-Spec
Cf-Railgun
X-OneAgent-JS-Injection
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Cf-Edge-Cache
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-Trace
X-Country
Fastly-Restarts
Accept-Ch
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-Amz-Server-Side-Encryption
Cache-Tag
X-Varnish-TTL
X-Content-Type
X-Vcap-Request-Id
X-B3-TraceId
X-ESI
X-Dw-Request-Base-Id
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Build
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-FastCGI-Cache
X-D2id
X-Edge
X-RateLimit-Remaining
X-Ac
X-Ser
X-Navigation-Version
X-Element-Page-Cache
Verso
X-Client-IP
X-Abt-Application-Version
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Powered-By-Plesk
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-Correlation-Id
Response
X-Middleton-Response
X-NF-Request-ID
X-Ttl
X-Goog-Hash
Access-Control-Request-Method
X-Content-Security-Policy-Report-Only
SPIisLatency
SPRequestDuration
X-Ruxit-Js-Agent
X-Kinsta-Cache
X-Edge-Location-Klb
AR-CACHE
AR-Request-ID
AR-SID
X-Cached
AR-PoweredBy
AR-ATIME
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-LLID
Edge-Cache-Tag
X-Upstream
X-NWS-LOG-UUID
X-RateLimit-Limit
X-Litespeed-Cache
X-TTL
X-Forwarded-For
Nginx-Cache
X-Cache-Key
Content-MD5
X-Id
X-MSEdge-Ref
Mrf-Cache-Status
X-Shield-Request-Id
MRF-Tech
TCN
X-T
X-Recruiting
X-B3-TraceId-Primal
X-Daa-Tunnel
S
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Digest
X-ECACHE
X-Ua-Device
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Accel-Expires
X-DataDome
X-Ezoic-Cdn
X-Protected-By
X-HS-Content-Id
X-Grace
X-Ua-Browser
X-HS-Combine-CSS
X-Ab
X-HS-Cache-Config
MicrosoftSharePointTeamServices
X-Content
X-WebKit-CSP-Report-Only
X-HS-Hub-Id
MS-Author-Via
X-Frontend
X-Request-Processing-Time
X-Request-Received
X-DynaTrace
TP-L2-Cache
TP-Cache
Front-End-Https
Filters
Server-Node
X-Yandex-Sdch-Disable
X-Server-ID
X-Origin-Server
X-PressLabs-Stats
X-Distributor
Fastcgi-Cache
X-Geo-Country
X-Mid
X-Hits
X-Webkit-Csp
X-Microsite
X-Request-Handler-Origin-Region
X-Oneagent-Js-Injection
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amzn-Trace-Id
X-LB-Cache
Cleartype
Charset
X-Debug-Info
Host
X-F-Cache
Cross-Origin-Opener-Policy
X-Git-Hash
X-B3-Sampled
X-Forwarded-Proto
X-Ratelimit-Reset
X-Page-Id
X-Cache-Age
X-DIS-Request-ID
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Www-Served-By
X-Seen-By
Cache-Status
Access-Control-Allow-Method
Realpath
X-AppVersion
X-Az
X-Activity-Id
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
ServerID
Accept-Charset
X-Aspnetmvc-Version
X-Varnish-Age
Cache-Tags
X-Fastly-Request-Id
X-Mcache
Filterid
X-Oracle-Dms-Ecid
X-Nginx-Upstream-Cache-Status
X-Cluster-Name
X-Oracle-Dms-Rid
X-Rid
X-Content-Options
X-Type
X-Language
Retry-After
X-FB-Debug
Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-MCACHE
X-Tb
X-Upgrade-Enabled
Server-Name
X-App-Environment
Viewport
X-Drupal-Cache-Tags
X-Varnish-Backend
Node
Paypal-Debug-Id
DC
X-User-Agent
X-TT
X-B-Cache
X-Signature
X-Origin-Cache
X-Wix-Request-Id
X-Whom
X-Goog-Metageneration
X-Goog-Generation
X-Varnish-Grace
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Mobile-URL
X-GUploader-UploadID
X-Flags
X-Aspnet-Duration-Ms
X-XRDS-LOCATION
X-Route-Name
X-B
X-Is-Crawler
X-Request-Guid
X-Providence-Cookie
X-VCache
X-NWS-UUID-VERIFY
Protected
Permissions-Policy
X-Debug
Fastcgi-Useragent
X-Cache-NGX
X-Amz-Replication-Status
X-N
X-Amz-Meta-S3cmd-Attrs
X-Logged-In
WPO-Cache-Message
WPO-Cache-Status
Payment
X-Via-JSL
X-Load-Cache
Surrogate-Key
X-XRDS-Location
X-Contextid
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Count-Hit
X-Webkit-CSP
Healthy
X-Node-Name
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Dynamic
X-Template
X-Mobile
X-Original-Request-Id
X-Response-Served-From
SD-X-WS
Akamai-GRN
X-Proxy
Content-Disposition
Refresh
X-Jobs
X-G
Url
X-Revision
X-Restarts
X-NGENIX-Cache
Alternate-Protocol
X-Zen-Fury
X-Cache-TTL-Remaining
X-Real-IP
X-UUID
X-Cache-Time
X-Fastly-Request-ID
X-Debug-IsPreview
X-Servername
X-Rendered-As
X-Drupal-Cache-Contexts
X-Adobe-Content
X-Proxy-Cache-Status
X-Cacheable-TTL
Uber-Trace-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Adobe-Loc
NGB
X-Is-Bot
X-Akamai-Request-ID2
X-Framework
X-Debug-IsConnected
X-Yottaa-Metrics
X-Device-Type
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-Cache-Grace
X-Instance
X-Page-View
X-Hostname
X-Http-Reason
X-Mg-Request-UUID
X-Varnish-Server
X-Trace-Id
X-ECache
X-Midtier
X-B3-Traceid
Version
X-L-Path
X-Environment-Context
X-IPLB-Instance
X-EdgeConnect-Cache-Status
X-Source
Accept-Language
X-RTag
MS-CV
Ms-Operation-Id
X-Datadome
X-HTML-Minification-Powered-By
X-Fastcgi-Cache
From-Origin
Countrycode
Frame-Options
X-Cache-Hit
X-Cache-Rule
X-Vgn-Hpd-Reason
X-Cache-Expired-At
X-NYM-Debug-Backend
Liferay-Portal
Referer-Policy
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
Backend
X-Tumblr-Pixel-1
X-APP-VERSION
X-COUNTRY
X-IPS-LoggedIn
X-FW-Version
X-Nginx-Cache
Content-Secure-Policy
X-Hosted-By
X-Parallel-Accel
Meta-Geo
X-Unique-Id
X-UPSTREAM-Address
X-RN-RSRV
X-FB-TRIP-ID
X-Redis-Cache
X-Ua
X-NewRelic-App-Data
Section-Io-Cache
Upgrade-Insecure-Requests
X-PCL
X-Cache-Server
X-OCL
X-Generation-Time
X-Content-Age
WP-Super-Cache
Azure-RegionName
Property-Id
TWC-Locale-Group
X-Section
X-Request-Time
X-Region
X-RemovedCookies
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
S-Rt
X-Via-Fastly
X-Varnish-Cache-Hits
X-Uri
TWC-Device-Class
X-ProcessESI
Webcakes-App-Name
Azure-Version
X-Format
Azure-SlotName
X-Cache-Enabled
Azure-InstanceId
Azure-SiteName
X-AOL-HN
X-Access
Webcakes-App-Version
X-PHP-Backend
X-Origin-Hint
Webcakes-Region
X-No-Session
Apigw-Requestid
TWC-Privacy
CF-IPCountry
X-Mode
Eomportal-Instance
X-Status
X-Storage
X-Site-Version
Locale
X-Server-W
X-ShopId
Cache-Tv-Group
X-UA-Device-Type
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Xfnlog-Site
X-Urbn-Site-Id
Mn-Server-Ip
X-Urbn-Context-Path
X-Shopify-Stage
X-Say-TTL
X-Cache-Host
X-Be
X-Human
X-Generated-By
X-Cluster-Node
X-Debug-Cache
X-Forwarded-Host
X-Locale
X-ApacheServer
X-Say-Cacheable
X-ShardId
X-PERF
X-Origin-Date
X-Akamai-Edgescape
X-Nginx-Cache-Key
X-SayCDN-TTL
X-Ratelimit-Remaining
X-Sql-Count
X-PHP-Host
X-Labrador-Cache-Channel
Fastly-SSL
X-Sql-Duration-Ms
X-Alternate-Cache-Key
X-Detected-As
X-ProxyCache-Status
X-JoinUs
X-Proxied
X-Platform-Server
X-VC-Cache
Ec-Rule-Version
X-Cms-Context
X-Tid
X-SaId
X-Zipkin-Id
X-ProxyCache-Key
X-Cache-Action
X-Cache-Type
X-Extlb
X-Content-Powered-By
X-BYPASS-REASON
X-Web-Node
X-Routing-Service
X-Adobe-Source
X-Varnishpool
X-LJ-Flow-ID
X-Cache-Tags
X-AWS-Id
X-Handled-By
X-GG-Cache-Date
X-VWS-Id
Load-Balancing
Selected-Fe
X-Proxy-Build
CDN-PullZone
CDN-CachedAt
CDN-Cache
X-Timing-Wait
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
X-Hl-Ver
X-Backend-Name
X-Edge-Location
X-ServerID
X-Storefront-Renderer-Rendered
ServedBy
Webserver
SRV
X-GeoCode
X-GeoCountry
Web-Mar-Node
X-Proto
X-Hyper-Cache
X-CDN-Forward
Mime-Version
X-LSADC-Cache
Fastly-Drupal-Html
Onion-Location
X-Dc
X-Cache-Operation
X-Cached-By
X-Cache-Remote
X-Rule
X-GEO
X-TT-LOGID
X-Rewrite-Enabled
SID
X-Varnish-Hostname
X-Soup
Cache-Hits
X-Cdn
X-App-Version
X-SRV
X-Varnish-Ttl
Xserver
X-Pubstack
X-Accel-Buffering
X-Cluster
X-Origin-CC
X-Varnish-Hits
X-Origin-TTL
X-TA-CDN-Provider
Country-Code
X-Ratelimit-Limit
Xet-Cookie
X-Envoy-Decorator-Operation
X-Reqid
X-Air-Source
X-Magnolia-Registration
X-Air-Hostname
X-Air-Trace-Id
LB
X-Microcachable
X-Tumblr-Pixel-3
X-IPLB-Request-ID
Server-Info
X-Buckets
X-Tumblr-Pixel-2
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Cache
X-Request-Host
X-MP-GENERATED-AT
DB-Nickname
Source
X-Tt-Logid
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Newrelic-Synthetics
X-CSRF-Token
X-B3-SpanId
X-Tx-Id
X-Endurance-Cache-Level
X-Processor
Odigeo-Trace-Id
X-Ec-GeoHdr
Xc-Version
X-Application
X-Ms-Version
X-Epic-Correlation-Id
X-Conf
Pramga
X-Ec-Fail
X-ARC
X-Esi-Check
X-B-Cookie
Lang
BehaviorPad-Version
X-Cdn-Srv
X-Via-NSCOPI
X-Cache-Id
Meta-Geo-Continent
Host-ID
X-SRCache-Key
X-Ftr-Request-Id
MD5-Digest
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ig-Push-State
X-Cache-NE
X-NAPM-TraceId
X-HS-Content-Campaign-Id
X-Origin-Response-Time
X-External-Request-Id
A
X-PAYTM-SRV-ID
X-Orig-Expires
X-Forwarded-Path
Mobile-Detection-Method
X-Geo-Header
X-Gzip
X-PBS-Appsvrname
X-Ms-Request-Id
X-Vdms-Path
DCR-Processing-Time-Ms
X-A
X-Rojux
X-Vdms-Version
DCR-Decision-By
X-A-Dcw
T-Server
X-Destination
X-A-Dam
Expiry
X-S
X-Connection-Hash
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-User
X-Shop-Environment
X-D
X-S-Cookie
X-TIM-N
Fastcgi-X-Cache-Version
Surrogated-Key
X-A-Ccd
X-Vtex-Processado-Em
X-Tenant
X-A-Wwc
Sslversion
X-Vtex-Remote-Cache
Cdnsip
X-AK-Request-ID
Rendered-Blocks
Cdncip
X-A-Dgt
X-Aed
X-VG-WebCache
Cmsid
X-Developer
Cmstype
X-RCS-CacheZone
X-Bc-Bl
X-NCache
X-Ckpd-Fst-Backend
Fastly-GeoIP-CountryCode
X-Core-Value
X-Core-Mission
X-Clara-WADP
AKAMAI
X-Skip-Cache
X-Developers
Environment
X-DefElseHash
X-DefHash
X-Fetched-On
Adler-Geo
X-Fastly-Cache
X-Device-Os
X-Fmm-Version
X-Gdpr
Is-Eu
X-DPWN-IS-SECURE
X-Cache-Bucket
X-Varnish-CookieINHashed-On
X-Hash
Platform
X-Varnish-CookieHashed-On
NM-Fastcgi-Cache
Wxu-Next-Hostname
X-Cache-Backend
Producers
X-Worker
State
X-Via-Ucdn
Wxu-Next-Commit
Server-Host
X-Varnish-Remaining-TTL
X-Amzn-Remapped-Content-Length
X-WADP-Cache
X-Origin-Time
X-Server-IP
X-Cache-Info
X-SVT-ORM-RULES
Wxu-Next-Region
Machine
X-Variation
X-TrackingId
X-V-Cache
X-Scheme
X-SVT-ORM-VERSION
X-Node-Id
X-SB
X-Origin-Expires
X-Origin
X-Nyt-Route
X-NodeID
X-Time
CDN
X-Varnish-Beresp-Grace
X-Azure-Ref
Cache-Name
X-Auto-Login
Vix-Hermes-Req-Id
X-CacheTTL
X-Cdn-Origin
We-Hiring
X-Cache-Date
X-BBC-Edge-Cache-Status
X-Block-Status
Web-Mar-Region
X-Aicache-OS
X-Mvc-Supplant-Cachable
V-Age
X-Viewer-Country
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Proxy-Upstream
X-Is-Gdpr
X-JWT-State
X-Has-Esi
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Thinkindot-L3
X-Sigma-Backend
X-SIPLIST1
X-Slack-Backend
X-Sn-Servicetimems
X-Sigma
X-Served-From
X-VG-TLSProxy
X-Request-URI
X-Rocket-Build-Number
X-Rocket-Nginx-Serving-Static
X-VarnishDD-TTL
X-Loop
X-TNCMS
X-Hnp-Log
X-HN
X-Httpd
X-Irp-Debug
X-LAGOON
X-GeoIP-City
X-GeoIP
X-Forwarded-Site
X-Ec-Custom-Error
X-Gamma-Serve
X-Gen-Mode
X-Generated-On
X-Level-Front-Cache
X-Loc
Cache-Key
X-Pod-Name
X-Pool
X-Proxy-Cache-Info
X-Wix-Viewer-Type
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Minions-Version
X-BCube-Filmed-By
Candidate-Md5Url
X-Planisys-CDN-Cache
X-Dispatcher-Number
Memcached
User-Cache-Control
Mail-Subject
DynaTrace
L
Datacenter
N-Cache
Origin-EX
Origin-CC
X-R9-Blue-Green-Version
IsBot
Apple-News-Services-Handled
Fastcgi-Cache-TTL
CDCHOST
CloudFront-Viewer-Country
Cluster
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Fastly-SWR
Fastly-SIE
PFcat
Origin
Req-Svc-Chain
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
Svr
Redirect-Candidate
Release
Thinkindot-Control
Traceparent
X-Cache-Status-Check
HostName
X-Eu-Site
X-From
XM
CPC-Cache
VNS-Cache
CPC-Age
VNS-Age
X-VServer
GEO-INFO
X-Scale
DSUID
Server-Ext
X-Webstats-RespID
NGX
Ohc-File-Size
Server-Hostname
Kp-EeAlive
X-Optimistic-Header
X-Owner
Sever-Int
X-Platform
X-Ad-Defer-Variation
X-Policy
Ha-Gx-Prefs
X-Datadog-Parent-Id
Gh-Request-Id
X-Csrf-Jwt
L5d-Success-Class
X-Datadog-Sampling-Priority
X-CGP
X-Branch-Name
HA-Ipaddr
X-Datadog-Trace-Id
Ssr
X-ZONE
Pics-Label
X-Parent-Response-Time
X-WP-CF-Super-Cache
Fastly-Backend-Name
X-Refresh
X-CS
X-WA-Info
X-WP-CF-Super-Cache-Cache-Control
X-SplitTest
X-Location
X-CACHE-KEY
X-VC
X-Tb-Optimization-Total-Bytes-Saved
Locid
X-Micro-Cache
X-Ah-Environment
X-NC
Env
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-EC-Lua
Ms-Author-Via
X-TIME
Arc-Country
X-LB-NoCache
X-Varnish-Authentication
X-Men
X-Response-By
X-Udemy-Cache-App-Namespace
Servername
X-AIR-PT
AMP-Access-Control-Allow-Source-Origin
X-Servedbyhost
X-Old-Content-Length
X-Amz-Meta-Cb-Modifiedtime
X-Edge-Pop
Path
X-Xrds-Location
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Lb
Ngx.Var.Host
X-TraceId
X-Via-Poph
X-DW
X-RSL
X-DSS
X-Srv
X-RPS
X-DI
X-Mvc-Supplant-OutputCached
X-Via-Popv
X-RPM
X-DB
Memory
Time
X-Via-Popn
X-Akamai-Transformed
Cache-Host
ITXSESSIONID
X-HA-Backend
X-Trace-ID
X-Accel-Expires-Debug
X-Generated-In
X-Date
X-Proxy-CacheRZ
X-RateLimit-Reset
X-Api-Version
XkeyRZ
Ohc-Cache-HIT
X-Varnish-Beresp-TTL
X-GeoIP-Region-Code
X-S-Maxage
X-DC
X-VCL-Version
X-GeoIP-Country-Code
GeoIp-Country-Code
Client
X-Clientip
X-API-Version
X-Vc
FSS-Cache
X-Cache-Debug
True-Client-IP
X-VHOST
X-Cs
Geoip-Latitude
Server-ID
X-Zone
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
X-Fpc
Hostname
CacheControlHeader
X-Presslabs-Stats
True-Client-Country-4JS
X-TH-Server
X-FireWall-Port
X-Action
X-Webkit-Csp-Report-Only
X-Render-Time
X-MSEdge-Flight
Powered-By
X-Traceid
X-Backend-TTL
X-Dmc
X-MSEdge-Features
X-TX-ID
X-PX
X-INCAP-ABP
X-B3-Spanid
NtCoent-Length
X-CSRF-TOKEN
Geo-Info
Rip
X-Service
Test
X-DynaTrace-JS-Agent
Edge-Cache
X-Req
Tcn
C-Via
X-NGINX-Cache
X-M-Reqid
X-FPC
Tube-Get-Contents
Click-Count-Action-Start
Click-Count-Error
X-Gateway-Request-Id
X-M-Log
Tube-Return
X-Qnm-Cache
X-Pass-Why
My-App
Tube-Got-Results
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
Tube-Got-Eval
X-Cdn-Request-ID
X-Correlation-ID
X-Origin-Upstream-Status
X-HS-Status
X-Esi
X-Beluga-Record
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Trace
X-Beluga-Cache-Status
User-Agent
On-Server
X-Beluga-Node
X-Webkit-CSP-Report-Only
Esi-Enabled
HIT
Server-Id
Uri
Cf-Int-Pingora-Origin-Digest
X-Provided-By
X-Alfa-Service
X-Vcl-Version
X-Up
OT-Force-Account-Verify
X-Varnish-Beresp-Ttl
X-TRACE-ID
X-URL
Proxy-Connection
X-Via-PopV
Srvid
X-Ha-Backend
X-LB-ID
X-Via-PopH
X-Via-PopN
Resin-Trace
X-Proxy-Cache-Hk
GeoIP-Latitude
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-APP
Sid
GeoIP-Country-Code
X-Edge-Origin-Shield-Bytes
X-Akamai-Pragma-Client-IP
X-CCDN-Origin-Time
X-LI-Proto
X-CCDN-CacheTTL
Epwk-X-Cache
X-Li-Fabric
X-LI-UUID
X-Li-Pop
Cdn
X-Edge-Origin-Shield-Region
X-UnsetCookies
X-Hcs-Proxy-Type
X-ServedByHost
Srv
X-RAMCache
X-Cdn-Forward
DataCenter
WebServer
X-Geo
X-Edge-POP
X-Backend-Host
M-TraceId
WZWS-RAY
X-Time-Microsecs
X-Fetch-By
X-ND-Cache
MIME-Version
Warning
Cf-Device-Type
ENV
X-CUA
X-Lb-Nocache
ServerName
X-Fastly-Backend-Reqs
XServer
X-B3-Traceid-Primal
X-App
Server-Ttl
Fastly-Drupal-HTML
X-HostName
X-MG-S
X-Azure-Ref-OriginShield
X-Dw-Trace-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
PICS-Label
Target-Params
Tracecode
X-HITS
X-ATG-Version
X-Fragments
Section-Io-Id
X-Yottaa-OS
X-Request-Url
CF-Cached-On
X-ElasticPress-Query
X-Newrelic-App-Data
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
DT-Hot-News
Section-Origin-Responded
X-CF-Powered-By
Inserted-Into-Cache-At
D-Url-Rewrites
X-Iplb-Instance
X-Sucuri-ID
X-Sucuri-Cache
X-Nc
X-Var-Ttl
X-Akamai-Request-ID
X-Thanos
X-Bip
X-LiteSpeed-Cache-Control
X-FC-Vary-Parameters
Cf-Ipcountry
X-Iplb-Request-Id
Lfy
X-Serial
X-Fastly-Backend
Dt-Hot-News
X-Vcache
Wp-Super-Cache
Servedby
X-Air-Pt
Cdn-Uid
Cdn-Cache
Cdn-Requestcountrycode
Cdn-Requestid
Cdn-Cachedat
Cdn-Pullzone
Cdn-Edgestorageid
X-Varnish-Beresp-Status
True-Client-Ip
X-Vercel-Id
X-Vercel-Cache
X-Dist-Code
X-Snapshot-Date
Vha6-Origin
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-NU-AKA-ACS-Version
Hit
X-BBC-Origin-Response-Status
X-Release
X-Wp-Cf-Super-Cache-Cache-Control
Ngx
Fastcgi-Cache-Ttl
X-Storefront-Renderer-Verified
Cneonction
X-Request-URL
X-Th-Server
X-Back
Content-Script-Type
X-Cache-Expires
Content-Style-Type
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
CountryCode