Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-Request-ID
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Accept-CH
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
Accept-Ch-Lifetime
X-Application-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
X-Ruxit-JS-Agent
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
Accept-CH-Lifetime
X-Content-Type
X-Vname
X-PC
X-TtlSet
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-FastCGI-Cache
X-Server-Name
Cache-Tag
Fastly-Restarts
X-ESI
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-GitHub-Request-Id
X-MS-InvokeApp
MS-Author-Via
X-Upstream
X-Amz-Rid
X-Aws-Lambda-Call-Status
Accept-Ch
Public-Key-Pins
X-Vcap-Request-Id
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-Abt-Application-Version
X-D2id
X-Cache-TTL
X-Cnection
X-Origin-Cache
X-Px
Arr-Disable-Session-Affinity
X-Country-Code
RTSS
Access-Control-Request-Method
X-Goog-Hash
X-Navigation-Version
X-Powered-By-Plesk
X-Server-Lifecycle-Phase
X-NF-Request-ID
X-Kraken-Loop-Name
X-Instrumentation
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-Cdn-Fetch
X-Powered-CMS
X-Version
X-Language
AR-Request-ID
AR-ATIME
AR-SID
AR-PoweredBy
AR-CACHE
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Amz-Server-Side-Encryption
Response
X-Middleton-Response
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
X-LLID
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-TTL
X-RateLimit-Remaining
Nginx-Cache
X-Template
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Protected-By
X-HP-Trace-Id
X-HP-Webp
X-Shield-Request-Id
X-Jurisdiction
TCN
X-T
X-Forwarded-For
S
X-Aspnetmvc-Version
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Content-MD5
X-Mid
Edge-Cache-Tag
Realpath
Fastcgi-Cache
SPIisLatency
SPRequestDuration
X-MCACHE
Front-End-Https
X-CST
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Filters
X-DynaTrace
Pinterest-Generated-By
Server-Node
Pinterest-Version
X-Pinterest-Rid
X-Ua-Browser
X-Ab
X-Content
X-Frontend
X-Correlation-Id
Server-Name
X-Ruxit-Js-Agent
X-Ttl
X-ECACHE
X-NWS-LOG-UUID
X-SharePointHealthScore
X-HS-Hub-Id
SPRequestGuid
X-HS-Cache-Config
X-HS-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
X-Parallel-Accel
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-Hits
X-Cache-Key
Alternate-Protocol
X-Ser
X-Buckets
X-Content-Options
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
Cache-Tags
Cleartype
X-B3-Sampled
X-Git-Hash
Charset
Host
X-Kong-Upstream-Latency
X-Page-Id
X-Kong-Proxy-Latency
X-Www-Served-By
X-Geo-Country
X-Daa-Tunnel
X-DIS-Request-ID
X-Accel-Expires
X-Amzn-Trace-Id
X-Content-Digest
X-Amz-Replication-Status
X-Debug-Info
Filterid
X-Varnish-Age
X-Fastly-Request-Id
X-Hostname
X-Activity-Id
TP-L2-Cache
TP-Cache
X-AppVersion
X-Az
X-Forwarded-Proto
X-Upgrade-Enabled
X-VCache
X-FB-Debug
X-N
X-Rid
Access-Control-Allow-Method
Cross-Origin-Opener-Policy
X-Origin-Server
X-Nginx-Upstream-Cache-Status
X-Grace
X-F-Cache
X-LB-Cache
ServerID
X-Mobile-URL
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-WebKit-CSP-Report-Only
X-XRDS-LOCATION
X-Server-ID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-TT
X-GUploader-UploadID
X-Whom
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Tb
Viewport
X-App-Environment
X-Varnish-Grace
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Type
X-FW-Type
Node
X-FW-Static
X-App-Server
X-FW-Server
X-Distributor
X-Seen-By
Payment
X-Origin-Upstream-Status
Paypal-Debug-Id
DC
X-Ratelimit-Limit
X-NGENIX-Cache
Fastcgi-Useragent
X-User-Agent
X-Oneagent-Js-Injection
X-Cache-Control
Accept-Charset
Country
X-Litespeed-Cache
X-Wix-Request-Id
X-Cache-Rule
X-Microsite
X-Request-Handler-Origin-Region
X-Logged-In
X-Fastly-Request-ID
X-Webkit-CSP
Version
X-Cache-Age
X-DataDome
X-Via-JSL
Referer-Policy
X-Drupal-Cache-Tags
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Backend
X-Oracle-Dms-Rid
Refresh
X-Oracle-Dms-Ecid
X-Cluster-Name
Cache-Status
X-B-Cache
X-Signature
X-Node-Name
X-Original-Request-Id
X-Contextid
SD-X-WS
Access-Control-Request-Headers
X-Mobile
X-Load-Cache
X-Response-Served-From
X-Vgn-Hpd-Reason
X-Is-Bot
X-Cacheable-TTL
X-Cache-Expired-At
X-Jobs
X-Page-View
X-Proxy-Cache-Status
X-Rendered-As
X-Cache-Action
X-ProcessESI
X-Debug
X-B
X-Fastcgi-Cache
X-Real-IP
X-RemovedCookies
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-UUID
X-Revision
NGB
X-Instance
X-Proxy
X-IPLB-Instance
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Drupal-Cache-Contexts
Akamai-GRN
X-Tec-Api-Origin
X-Tec-Api-Version
X-Rule
X-Tec-Api-Root
X-G
Surrogate-Key
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Framework
X-TEC-API-VERSION
X-Device-Type
X-Debug-IsPreview
X-Debug-IsConnected
X-Cache-Time
X-FW-Version
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
CF-IPCountry
X-Ratelimit-Reset
SID
DynaTrace
X-PressLabs-Stats
Liferay-Portal
X-XRDS-Location
X-Azure-Ref
GEO-INFO
Healthy
X-CDN-Forward
X-Nginx-Cache
X-APP-VERSION
Count-Hit
X-Source
Frame-Options
X-Presslabs-Stats
X-Cache-Operation
X-Ms-Version
X-Ms-Request-Id
X-Accel-Buffering
Ms-Operation-Id
X-RTag
MS-CV
X-EdgeConnect-Cache-Status
X-RateLimit-Limit
Uber-Trace-Id
X-Tumblr-User
X-Tumblr-Pixel
X-L-Path
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Xserver
X-Environment-Context
X-Zen-Fury
X-Varnish-Server
X-Cache-Hit
Ec-Rule-Version
Countrycode
X-Mode
X-Forwarded-Host
X-Region
Cross-Origin-Window-Policy
X-Cache-NGX
X-Servername
Backend
X-IPS-LoggedIn
X-Backend-Name
X-Content-Powered-By
X-Cache-Type
X-Rewrite-Enabled
Protected
Meta-Geo
X-UPSTREAM-Address
X-SaId
X-RN-RSRV
X-JoinUs
X-Detected-As
X-Cache-TTL-Remaining
Section-Io-Cache
X-Generation-Time
Country-Code
Apigw-Requestid
X-Tid
X-Shopify-Stage
Decoy-Debug-Key
X-Debug-Cache
X-Zipkin-Id
X-ShopId
X-NewRelic-App-Data
X-ShardId
X-Extlb
X-Sql-Duration-Ms
Eomportal-Instance
X-Redis-Cache
X-Hosted-By
X-Routing-Service
X-Proxied
Decoy-Debug-TTL
Decoy-Debug-Status
X-Uri
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Human
X-Cache-Grace
X-Sql-Count
Fastly-SSL
X-Varnish-Beresp-Grace
X-Cache-Server
X-ApacheServer
Cache-Tv-Group
Url
Cache-Name
X-Status
X-Site-Version
X-NCache
X-PHP-Backend
X-PERF
X-Via-Fastly
X-FB-TRIP-ID
X-Microcachable
X-NYM-Debug-Backend
X-Soup
X-Format
X-Storage
X-Say-Cacheable
Property-Id
Selected-Fe
TWC-Connection-Speed
Mn-Server-Ip
X-Web-Node
X-Say-TTL
X-SayCDN-TTL
DB-Nickname
X-ProxyCache-Status
X-ProxyCache-Key
X-Section
X-Proxy-Build
X-PCL
TWC-Locale-Group
X-UA-Device-Type
X-No-Session
X-Access
X-Adobe-Loc
X-Timing-Wait
X-Cache-Host
X-BYPASS-REASON
X-OCL
Webcakes-Region
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Origin-Hint
X-Origin-Date
Webcakes-App-Version
Webcakes-App-Name
TWC-Device-Class
X-Adobe-Content
X-Content-Age
SRV
X-Server-W
OT-Force-Account-Verify
X-R9-Blue-Green-Version
X-Varnishpool
X-Pubstack
X-Cluster-Node
X-Akamai-Edgescape
Azure-SlotName
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Content-Secure-Policy
X-Hyper-Cache
X-ServerID
CDN-RequestCountryCode
X-TIME
CDN-Uid
X-LSADC-Cache
X-Webkit-Csp
X-Be
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-Ua
CDN-PullZone
CDN-RequestId
X-Generated-By
X-Azure-Ref-OriginShield
LB
X-Hl-Ver
Content-Disposition
X-Cached-By
Source
WPO-Cache-Status
WPO-Cache-Message
Cache
X-SRV
X-Nginx-Cache-Key
X-Unique-Id
X-LAGOON
X-Bc-Bl
X-TT-LOGID
X-Trace-Id
Cache-Hits
X-Auto-Login
X-Dc
X-Varnish-Hits
X-Origin-TTL
X-Origin-CC
Xet-Cookie
X-HTML-Minification-Powered-By
Mime-Version
X-Akamai-Transformed
Retry-After
X-Loop
X-App-Version
X-GEO
X-TNCMS
X-Cdn
X-Platform-Server
Onion-Location
X-S-Maxage
X-Varnish-Hostname
X-Ratelimit-Remaining
X-Xfnlog-Site
X-Amz-Meta-S3cmd-Attrs
Web-Mar-Node
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Cache-Var
X-Cache-Var-Map
X-Cache-Remote
HostName
X-Cache-Tags
X-Time
X-Varnish-Cache-Hits
X-Edge-Location
X-EC-Lua
Upgrade-Insecure-Requests
ServedBy
X-Request-Time
X-Time-Microsecs
Webserver
X-CSRF-Token
X-Endurance-Cache-Level
X-Tenant
X-Proto
X-ECache
X-AOL-HN
N-Cache
X-GG-Cache-Date
X-Request-Host
WP-Super-Cache
X-FireWall-Port
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
CloudFront-Viewer-Country
X-Qnm-Cache
Nel
X-M-Log
X-M-Reqid
From-Origin
X-Correlation-ID
X-Mg-Request-UUID
X-B3-SpanId
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-Via-NSCOPI
X-PHP-Host
X-Hnp-Log
X-Ckpd-Fst-Backend
X-Ig-Push-State
Surrogated-Key
Sslversion
Mobile-Detection-Method
X-B-Cookie
X-ARC
Meta-Geo-Continent
X-Application
X-NAPM-TraceId
Odigeo-Trace-Id
X-Vtex-Remote-Cache
X-CF-Lambda-Fn
X-Vtex-Processado-Em
X-VG-WebCache
X-Orig-Expires
X-CF-Lambda-Version
Rendered-Blocks
X-Aed
X-Cache-Date
Xc-Version
L
X-Gen-Mode
X-Block-Status
DCR-Decision-By
CDCHOST
Pramga
X-D
DCR-Processing-Time-Ms
X-Destination
X-Developer
DSUID
Fastcgi-X-Cache-Version
X-External-Request-Id
Redirect-Candidate
X-Forwarded-Path
X-Ftr-Request-Id
A
X-Cache-NE
Origin
X-Cluster
X-A-Wwc
X-Connection-Hash
BehaviorPad-Version
X-Conf
Expiry
X-ND-Cache
X-SVT-ORM-VERSION
X-S-Cookie
X-V-Cache
X-A-Dgt
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-SD-PageType
X-ScT
V-Age
X-Processor
X-A
X-Origin-Response-Time
X-A-Dam
User-Cache-Control
X-Rojux
X-S
X-A-Dcw
X-TIM-N
X-A-Ccd
X-Session-Fingerprint
X-Planisys-CDN-Cache
X-Shop-Environment
X-Vdms-Version
X-PBS-Appsvrname
X-Slack-Backend
X-SRCache-Key
X-PAYTM-SRV-ID
X-Vdms-Path
X-SVT-ORM-RULES
X-RCS-CacheZone
X-Handled-By
X-Epic-Correlation-Id
X-Backend-State
X-Rocket-Nginx-Serving-Static
X-Sucuri-Cache
Cmsid
Cmstype
X-Envoy-Decorator-Operation
X-Cache-Bucket
X-Device-Os
X-Storefront-Renderer-Rendered
X-Cache-Info
X-Cdn-Srv
Origin-EX
Origin-CC
X-Core-Mission
Host-ID
X-Served-From
X-Scheme
X-Date
X-Server-IP
PFcat
Wxu-Next-Region
Fastcgi-Cache-TTL
X-Skip-Cache
Wxu-Next-Hostname
X-RateLimit-Limit-Second
X-Men
Svr
X-VarnishDD-TTL
Vix-Hermes-Req-Id
X-Location
X-Li-Pop
X-Aicache-OS
X-LI-UUID
Traceparent
X-Accel-Expires-Debug
X-Origin-Expires
X-Origin-Time
X-VServer
X-Owner
X-Old-Content-Length
X-NodeID
X-Webstats-RespID
X-Nyt-Route
X-Request-URI
X-Li-Fabric
Release
AKAMAI
X-Gdpr
X-Forwarded-Site
Arc-Country
X-Fastly-Cache
X-Fetched-On
X-RateLimit-Remaining-Second
X-Proxy-Upstream
X-Geo-Header
Ssr
State
Wxu-Next-Commit
X-Sucuri-ID
True-Client-Country-4JS
X-UnsetCookies
X-Varnish-Beresp-Status
X-HN
X-Locale
Environment
Fastly-Drupal-Html
X-MP-GENERATED-AT
X-Zone
X-NWS-UUID-VERIFY
X-Cache-Enabled
Server-Info
X-CGP
X-Policy
X-VG-TLSProxy
X-Core-Value
X-Adobe-Source
X-Csrf-Jwt
X-TrackingId
X-Thinkindot-L3
X-Cdn-Origin
X-Sn-Servicetimems
X-TH-Server
X-Thanos
X-Region-Sid
X-Req
X-Node-Id
X-Mvc-Supplant-Cachable
X-Gamma-Serve
X-Generated-On
X-Fastly-Backend
X-Eu-Site
X-BBC-Edge-Cache-Status
X-Esi-Check
X-Gzip
X-ATG-Version
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-Cache-Id
X-Viewer-Country
X-Hash
X-Bip
X-Developers
X-Cache-Debug
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Server-Host
Gh-Request-Id
Fastly-GeoIP-CountryCode
X-VC-Cache
CacheControlHeader
Req-Svc-Chain
TDXMobile
Machine
Thinkindot-CacheControl
HA-Ipaddr
Web-Mar-Region
L5d-Success-Class
Ha-Gx-Prefs
Thinkindot-CacheControl-Type
Locid
Thinkindot-Control
X-Magnolia-Registration
X-Xrds-Location
X-Datadog-Sampling-Priority
X-DefElseHash
X-Datadog-Trace-Id
X-Rebelmouse-Cache-Control
Fastly-SWR
Fastly-SIE
X-Datadog-Parent-Id
Cf-Device-Type
Adler-Geo
X-JWT-State
X-Loc
X-Is-Gdpr
X-Irp-Debug
X-GeoIP-City
X-GeoIP
X-NU-AKA-ACS-Version
X-Rebelmouse-Surrogate-Control
X-Pod-Name
X-Qloud-Router
X-Platform
X-DPWN-IS-SECURE
X-Origin
X-Tx-Id
X-DefHash
X-Request-Start
X-Sigma
X-Branch-Name
X-Varnish-CookieINHashed-On
X-Cache-Config
X-Sigma-Backend
X-Reqid
X-Varnish-CookieHashed-On
Platform
X-Amzn-Remapped-Content-Length
X-Variation
X-Varnish-Remaining-TTL
Mail-Subject
Is-Eu
X-Has-Esi
We-Hiring
X-Rocket-Build-Number
X-Worker
NGX
X-Backend-TTL
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Beresp-Ttl
X-Ua-Device
X-CS
X-FC-Vary-Parameters
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Trace-ID
Memcached
X-CLOUD-TRACE-CONTEXT
X-Response-By
NM-Fastcgi-Cache
X-CACHE-KEY
Datacenter
Pics-Label
X-Up
X-API-Version
X-Mvc-Supplant-OutputCached
X-NC
X-Esi
S-Rt
X-LB-ID
Ms-Author-Via
X-Datadome
X-Generated-In
Candidate-Md5Url
CDN
X-Restarts
X-LB-NoCache
Magicmarker
X-Tb-Optimization-Total-Bytes-Saved
X-DynaTrace-JS-Agent
WWW-Authenticate
NtCoent-Length
X-Varnish-Ttl
X-Vc
X-Via-Popv
Env
Kp-EeAlive
WebServer
X-Via-Popn
X-Via-Poph
X-DC
On-Server
X-TraceId
X-Http-Reason
X-Tt-Logid
X-RPS
X-RPM
X-DSS
X-DW
X-Optimistic-Header
Memory
Edge-Cache
X-Cache-Backend
X-RSL
X-Akamai-Request-ID2
Esi-Enabled
Time
X-DI
X-DB
X-TA-CDN-Provider
X-Action
X-Edge-Pop
X-Wix-Viewer-Type
X-CacheTTL
GeoIp-Country-Code
X-Refresh
X-Minions-Version
X-Servedbyhost
C-Via
X-Service
X-Srv
X-Unique-ID
X-MSEdge-Flight
X-Varnish-Beresp-TTL
X-MSEdge-Features
X-Cache-PHP
Accept-Language
Server-ID
X-HA-Backend
X-Parent-Response-Time
X-Cs
X-Newrelic-Synthetics
X-ZONE
X-TX-ID
Locale
X-Cache-Status-Check
X-Urbn-Site-Id
X-VCL-Version
X-Render-Time
X-Urbn-Context-Path
X-Dynatrace
X-Ec-Fail
X-Ec-GeoHdr
X-User
X-Cache-Ttl
X-App
X-Traceid
X-LI-Proto
X-Fpc
X-URL
X-Li-Proto
X-Pass-Why
X-Webkit-Csp-Report-Only
Test
X-LiteSpeed-Cache-Control
Proxy-Connection
X-FPC
X-B3-Spanid
X-Info
X-AIR-PT
X-Webkit-CSP-Report-Only
X-NODE
X-Clientip
X-AK-Request-ID
Cdnsip
Server-Id
Tcn
X-Vcl-Version
Geo-Info
Cdncip
X-Clara-WADP
M-TraceId
HIT
Cluster
X-Oss-Hash-Crc64ecma
Cache-Host
My-App
X-Oss-Object-Type
X-Oss-Request-Id
X-WADP-Cache
X-Oss-Storage-Class
X-Oss-Server-Time
X-Fmm-Version
X-CSRF-TOKEN
UCS
Resin-Trace
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
X-Var-Ttl
X-HostName
Geoip-Latitude
X-CUA
S-Cnection
Tracecode
X-LiteSpeed-Tag
Hostname
X-Ha-Backend
Lfy
X-ID
X-From
T-Server
X-Dynatrace-Js-Agent
X-Mcache
Lang
X-Micro-Cache
X-Pad
Fastly-Backend-Name
X-ServedByHost
User-Agent
X-Fragments
Ohc-File-Size
Hit
X-RAMCache
GeoIP-Country-Code
X-Geo
X-Via-PopH
X-Backend-Host
X-BBC-Origin-Response-Status
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Via-PopN
X-Via-PopV
ENV
MIME-Version
Target-Params
X-Edge-POP
X-Release
X-ElasticPress-Query
X-Edge-Cache
X-Cdn-Forward
X-NGINX-Cache
Section-Io-Id
Section-Io-Origin-Status
X-Api-Version
X-BCube-Filmed-By
X-Check-Cacheable
Load-Balancing
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-APP
DataCenter
Lb
X-VC
X-Fastly-Backend-Reqs
EpKe-Alive
URI
X-Ucs
X-HS-Status
Servername
X-ServerName
Path
X-Amz-Meta-Cb-Modifiedtime
X-Httpd
FSS-Cache
PICS-Label
Uri
Permissions-Policy
X-UP
CPC-Cache
CPC-Age
Cache-Key
X-Proxy-Cache-Info
X-GoCache-CacheStatus
X-WA-Info
VNS-Cache
X-Lb-Nocache
VNS-Age
X-WA
X-TRACE-ID
ServerName
WZWS-RAY
Cneonction
Producers
X-ES-SERVER
X-Nc
X-Lb-Id
X-RateLimit-Reset
Ohc-Cache-HIT
Cdn
X-B3-ParentSpanId
X-Wikidot-Backend
Cteonnt-Length
X-Provided-By
X-Cdn-Request-ID
Server-Ttl
X-Fastly-Cache-Hits
X-Wikidot-Static-Cache
X-Dw-Trace-Id
X-Akamai-ERPolicy
X-Snapshot-Date
X-Contensis-Viewer-Groups
X-Acquia-Purge-Tags
X-Akamai-ERRuleID
Shield-Pop
X-Apw-Hits
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Application-UUID
X-Swift-Error
X-Cache-CFC
X-Newrelic-App-Data
X-Cache-ASPX
Vha6-Origin
X-Pool
Cf-Ipcountry
X-SB
CF-Cached-On
X-Vcache
Pagetype
X-PJAX-URL
X-Apw-Access-Object
X-Apw-Access-Token
X-Yottaa-OS
X-Cms-Context
X-Apw-Access-Action
X-Air-Pt
X-Cache-Ngx
Sid
X-Platform-Cluster
X-Platform-Processor
X-Udemy-Cache-App-Namespace
GeoIP-Latitude
X-Last-Modified
X-Platform-Router
X-CCDN-CacheTTL
X-Akamai-Pragma-Client-IP
Req-ID
CountryCode
X-UA
X-Via-Ucdn
X-Varnish-Authentication
X-Logging-Id
X-CacheKey
MD5-Digest
X-CCDN-Origin-Time
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
X-Http-Count
X-Miniprofiler-Ids
X-Sentry-ID
Ngx
X-Hcs-Proxy-Type