Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-Request-ID
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
Cf-Railgun
X-Backend-Server
X-Node
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Application-Context
Content-Location
Rating
X-Ruxit-JS-Agent
X-Ua-Compatible
X-Country
X-B3-TraceId
X-Language
X-Cache-Lookup
X-Cloud-Trace-Context
X-Url
X-Ac
X-Content-Type
X-Template
X-Trace
Allow
X-Vname
X-TtlSet
X-PC
Accept-CH-Lifetime
X-Varnish-TTL
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
Cache-Tag
X-ESI
Fastly-Restarts
X-FastCGI-Cache
X-Server-Name
X-Rack-Cache
X-VARITI-CCR
Service-Worker-Allowed
X-Element-Page-Cache
Verso
X-Buckets
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
Accept-Ch
X-Amz-Rid
Public-Key-Pins
MS-Author-Via
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Cached
X-D2id
X-Abt-Application-Version
X-Client-IP
X-Origin-Cache
Arr-Disable-Session-Affinity
X-Px
X-Goog-Hash
X-Aws-Lambda-Call-Status
X-Country-Code
X-Cnection
Access-Control-Request-Method
X-Powered-By-Plesk
X-Navigation-Version
X-Cache-TTL
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-NF-Request-ID
RTSS
X-Version
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Powered-CMS
X-Amz-Server-Side-Encryption
Display
X-Middleton-Display
X-Sol
Pagespeed
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-SRCache-Store-Status
X-Kinja-Build
X-SRCache-Fetch-Status
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Middleton-Response
Response
X-LLID
X-MSEdge-Ref
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-SID
AR-Request-ID
X-RateLimit-Remaining
Nginx-Cache
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Jurisdiction
X-HP-Webp
S
X-HP-Trace-Id
X-Protected-By
X-TTL
Content-MD5
X-T
X-Forwarded-For
TCN
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
X-CST
Realpath
X-Mid
X-MCACHE
Fastcgi-Cache
Edge-Cache-Tag
SPIisLatency
SPRequestDuration
Front-End-Https
X-Recruiting
X-Parallel-Accel
X-Ttl
X-Request-Received
Pinterest-Generated-By
X-Request-Processing-Time
X-Pinterest-Rid
Pinterest-Version
Filters
Server-Node
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
X-Ua-Browser
X-Content
X-Ab
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace
X-Correlation-Id
Server-Name
X-Ezoic-Cdn
X-ECACHE
X-NWS-LOG-UUID
X-Frontend
Alternate-Protocol
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Cache-Key
X-Hits
X-Yandex-Sdch-Disable
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Content-Options
X-Page-Id
X-Git-Hash
Host
Cache-Tags
X-Ser
Cleartype
X-Kong-Upstream-Latency
X-B3-Sampled
X-Kong-Proxy-Latency
Charset
X-Www-Served-By
X-Content-Digest
Filterid
X-Amz-Replication-Status
X-Daa-Tunnel
X-Geo-Country
TP-Cache
TP-L2-Cache
X-Forwarded-Proto
X-VCache
X-DIS-Request-ID
X-Hostname
X-Varnish-Age
X-Amzn-Trace-Id
X-Debug-Info
X-Activity-Id
X-Fastly-Request-Id
X-AppVersion
X-Az
X-N
X-Rid
Access-Control-Allow-Method
X-Upgrade-Enabled
X-FB-Debug
X-Origin-Server
X-Grace
X-LB-Cache
X-XRDS-LOCATION
X-Nginx-Upstream-Cache-Status
X-Origin-Upstream-Status
X-Microsite
X-Request-Handler-Origin-Region
ServerID
X-Mobile-URL
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Request-Guid
Cross-Origin-Opener-Policy
X-Providence-Cookie
X-Route-Name
X-F-Cache
X-Whom
X-Server-ID
X-Goog-Metageneration
X-TT
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-NGENIX-Cache
X-Goog-Stored-Content-Length
X-Tb
X-App-Environment
X-Varnish-Grace
X-App-Server
Viewport
X-Distributor
X-WebKit-CSP-Report-Only
Payment
Node
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
Paypal-Debug-Id
DC
X-Oneagent-Js-Injection
X-Seen-By
X-Cache-Control
Fastcgi-Useragent
X-Type
X-Logged-In
X-Litespeed-Cache
X-User-Agent
Accept-Charset
X-Cache-Age
X-PressLabs-Stats
Country
X-Fastcgi-Cache
X-Webkit-CSP
X-Cache-Rule
X-Fastly-Request-ID
X-Wix-Request-Id
Version
X-Oracle-Dms-Rid
X-Varnish-Backend
X-DataDome
X-Oracle-Dms-Ecid
X-Node-Name
X-Erf-Bev-Bev
X-Browser-Type
Amp-Access-Control-Allow-Source-Origin
X-Erf-Bev-Bev-Is-Generated
X-Ratelimit-Limit
X-Load-Cache
X-Cache-Action
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Refresh
Referer-Policy
X-Via-JSL
X-Drupal-Cache-Tags
X-Original-Request-Id
X-IPLB-Instance
Access-Control-Request-Headers
Cache-Status
SD-X-WS
X-Response-Served-From
X-Page-View
X-Vgn-Hpd-Reason
X-Real-IP
X-Proxy-Cache-Status
X-Rendered-As
X-Cacheable-TTL
X-Is-Bot
X-Jobs
X-Cache-Expired-At
X-B
X-B-Cache
X-Contextid
X-Revision
VIX-Pulpo-Upstream-Status
X-Signature
NGB
VIX-Pulpo-Node
X-UUID
X-Yottaa-Optimizations
X-Mobile
X-Yottaa-Metrics
X-Cluster-Name
X-RemovedCookies
X-ProcessESI
X-Device-Type
X-Debug
X-G
Surrogate-Key
DynaTrace
X-Proxy
X-Drupal-Cache-Contexts
X-Framework
X-Debug-IsPreview
X-Cache-Time
X-Instance
X-Debug-IsConnected
X-Rule
Akamai-GRN
Liferay-Portal
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-FW-Version
CF-IPCountry
SID
X-Azure-Ref
Healthy
X-Tec-Api-Version
X-Source
X-Tec-Api-Origin
X-Tec-Api-Root
X-Ms-Version
X-Ms-Request-Id
X-Nginx-Cache
Frame-Options
X-RTag
MS-CV
Ms-Operation-Id
X-CDN-Forward
X-Cache-Hit
X-Environment-Context
X-L-Path
Count-Hit
Countrycode
X-XRDS-Location
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-RateLimit-Limit
X-Tumblr-Pixel-1
Xserver
X-Cache-Operation
GEO-INFO
X-Varnish-Server
Uber-Trace-Id
Section-Io-Cache
X-Region
X-Servername
X-APP-VERSION
X-Accel-Buffering
X-Forwarded-Host
X-EdgeConnect-Cache-Status
X-Content-Powered-By
X-Backend-Name
X-Mode
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Ec-Rule-Version
X-Zen-Fury
Backend
X-JoinUs
X-Detected-As
X-SaId
X-RN-RSRV
Meta-Geo
X-UPSTREAM-Address
X-Sql-Duration-Ms
Country-Code
X-Alternate-Cache-Key
X-ShardId
X-Sql-Count
X-ShopId
X-Tid
X-Shopify-Stage
X-Human
X-Adobe-Loc
X-Varnish-Beresp-Grace
X-Redis-Cache
X-Uri
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Hosted-By
X-Cache-Type
X-Debug-Cache
X-Cache-Grace
X-Adobe-Content
Url
Apigw-Requestid
X-Site-Version
X-Cache-NGX
X-ProxyCache-Status
Eomportal-Instance
X-ProxyCache-Key
X-ServerID
X-PHP-Backend
X-No-Session
DB-Nickname
X-Cache-Server
X-Status
X-NCache
X-BYPASS-REASON
X-Microcachable
X-Via-Fastly
X-Cache-TTL-Remaining
Mn-Server-Ip
Cache-Name
X-Origin-Date
X-UA-Device-Type
X-FB-TRIP-ID
X-Generation-Time
X-Say-TTL
X-Cache-Host
X-Timing-Wait
X-SayCDN-TTL
Selected-Fe
X-Say-Cacheable
X-Proxy-Build
Cache-Tv-Group
Decoy-Debug-Key
X-Storage
Decoy-Debug-Status
X-Akamai-Edgescape
X-Rewrite-Enabled
X-Web-Node
Decoy-Debug-TTL
X-Ratelimit-Reset
X-Pubstack
Fastly-SSL
X-PCL
X-PERF
X-Origin-Hint
TWC-GeoIP-Country
Webcakes-App-Name
X-Soup
TWC-Privacy
X-Zipkin-Id
Webcakes-App-Version
Webcakes-Region
X-Hl-Ver
X-Varnishpool
X-ApacheServer
X-Format
OT-Force-Account-Verify
TWC-Locale-Group
Property-Id
X-OCL
Protected
X-Proxied
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Routing-Service
X-Extlb
TWC-Device-Class
X-LSADC-Cache
X-NYM-Debug-Backend
X-Access
Content-Secure-Policy
X-R9-Blue-Green-Version
X-Server-W
X-Section
X-Azure-Ref-OriginShield
Azure-InstanceId
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-App-Version
X-Be
X-Cluster-Node
Source
X-Content-Age
X-Webkit-Csp
X-Time
X-Presslabs-Stats
SRV
CDN-RequestCountryCode
CDN-Cache
CDN-PullZone
X-Cached-By
X-Ua
CDN-Uid
CDN-RequestId
CDN-CachedAt
CDN-EdgeStorageId
Cache
Content-Disposition
X-TT-LOGID
X-Generated-By
X-HTML-Minification-Powered-By
X-Hyper-Cache
X-SRV
X-Cache-Var
X-Cache-Var-Map
X-LAGOON
X-Amz-Meta-S3cmd-Attrs
X-NewRelic-App-Data
X-Unique-Id
X-TNCMS
X-Bc-Bl
X-Varnish-Hits
X-Nginx-Cache-Key
X-Loop
X-Varnish-Hostname
X-Dc
X-S-Maxage
X-Origin-TTL
X-Origin-CC
Webserver
LB
Cache-Hits
Retry-After
Onion-Location
X-Auto-Login
X-GEO
Web-Mar-Node
X-Cdn
X-Proto
X-Trace-Id
Mime-Version
X-Akamai-Transformed
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Xet-Cookie
X-M-Reqid
X-Time-Microsecs
X-Qnm-Cache
X-M-Log
X-Tenant
X-Platform-Server
X-Endurance-Cache-Level
X-CSRF-Token
HostName
WPO-Cache-Status
WPO-Cache-Message
X-Edge-Location
X-LJ-Flow-ID
X-GG-Cache-Date
X-AWS-Id
X-VWS-Id
X-Xfnlog-Site
CloudFront-Viewer-Country
X-B3-SpanId
X-Cache-Remote
N-Cache
X-ECache
X-Cache-Tags
X-Mg-Request-UUID
X-Xrds-Location
Upgrade-Insecure-Requests
X-TIME
X-PHP-Host
X-Labrador-Cache-Channel
X-Request-Time
ServedBy
X-Varnish-Cache-Hits
X-RCS-CacheZone
X-AOL-HN
X-Correlation-ID
Nel
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Locale
X-Origin-Response-Time
X-Via-NSCOPI
X-Application
X-A-Ccd
X-ARC
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Dcw
X-Aed
Meta-Geo-Continent
DSUID
Expiry
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
DCR-Decision-By
A
BehaviorPad-Version
X-B-Cookie
Mobile-Detection-Method
Rendered-Blocks
Surrogated-Key
User-Cache-Control
Redirect-Candidate
Pramga
Odigeo-Trace-Id
Origin
X-A
X-Developer
X-SD-PageType
X-Session-Fingerprint
X-Shop-Environment
X-Slack-Backend
X-ScT
X-S-Cookie
X-Processor
X-Request-Host
X-Rojux
X-S
X-SRCache-Key
X-SVT-ORM-RULES
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-SVT-ORM-VERSION
X-TIM-N
X-V-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Conf
X-D
X-Destination
X-External-Request-Id
X-Cluster
X-Ckpd-Fst-Backend
X-Cache-Date
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Forwarded-Path
X-Ftr-Request-Id
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-ND-Cache
X-NAPM-TraceId
X-Gen-Mode
X-Hnp-Log
X-Ig-Push-State
X-Block-Status
X-Connection-Hash
X-Storefront-Renderer-Rendered
X-VC-Cache
X-Handled-By
X-Cache-Info
X-Cache-Bucket
X-Core-Mission
X-Accel-Expires-Debug
X-Epic-Correlation-Id
X-Forwarded-Site
X-Fetched-On
X-Fastly-Cache
Wxu-Next-Region
X-Date
Wxu-Next-Hostname
X-CACHE-KEY
Origin-EX
Origin-CC
L
Release
State
Wxu-Next-Commit
Vix-Hermes-Req-Id
V-Age
Traceparent
X-Hash
X-Li-Fabric
X-Sucuri-ID
X-Sucuri-Cache
X-Skip-Cache
X-Server-IP
Server-Info
X-Adobe-Source
X-Webstats-RespID
X-VServer
X-ATG-Version
X-Varnish-Beresp-Status
X-Served-From
X-Scheme
X-Mvc-Supplant-Cachable
X-Men
X-LI-UUID
X-Li-Pop
X-Old-Content-Length
X-Origin-Expires
X-Rocket-Nginx-Serving-Static
X-Proxy-Upstream
X-Policy
X-Owner
Host-ID
X-Device-Os
CDCHOST
Arc-Country
Cmstype
Cmsid
Datacenter
Environment
X-MP-GENERATED-AT
X-Generated-On
X-Gdpr
X-Cache-Debug
X-Branch-Name
Fastcgi-Cache-TTL
Apple-News-Services-Parsed-Url
X-Geo-Header
True-Client-Country-4JS
Svr
X-Aicache-OS
X-Cache-Id
X-Datadog-Parent-Id
X-Rocket-Build-Number
Server-Host
X-Request-Start
X-Gamma-Serve
X-Region-Sid
X-Req
X-Bip
X-GeoIP
X-Node-Id
X-NodeID
X-Gzip
Sslversion
X-Datadog-Trace-Id
X-Irp-Debug
X-HN
X-Location
CacheControlHeader
X-BBC-Edge-Cache-Status
X-Origin-Time
X-Platform
X-Datadog-Sampling-Priority
X-GeoIP-City
We-Hiring
X-Nyt-Route
Web-Mar-Region
Fastly-GeoIP-CountryCode
Req-Svc-Chain
X-Viewer-Country
X-Esi-Check
Apple-News-Services-Handled
X-Magnolia-Registration
X-Cdn-Origin
From-Origin
Mail-Subject
Machine
X-VarnishDD-TTL
X-VG-TLSProxy
Apple-News-Services-Request-Url
Gh-Request-Id
Locid
Apple-News-Services-Host
X-Core-Value
X-Fastly-Backend
PFcat
X-Sigma-Backend
X-Sigma
X-Level-Front-Cache
X-Reqid
X-TH-Server
X-Sn-Servicetimems
X-TrackingId
AKAMAI
X-Thanos
X-CS
X-FireWall-Port
X-EC-Lua
X-Backend-State
X-Csrf-Jwt
X-HS-Content-Campaign-Id
X-DefElseHash
X-Eu-Site
X-Cache-Config
X-FC-Vary-Parameters
Adler-Geo
X-Cdn-Srv
X-CGP
X-Developers
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-DefHash
X-RateLimit-Limit-Second
X-UnsetCookies
NM-Fastcgi-Cache
NGX
X-Thinkindot-L3
Platform
X-Response-By
Fastly-SWR
Ha-Gx-Prefs
X-Variation
X-Tx-Id
X-Varnish-Remaining-TTL
Is-Eu
Fastly-Drupal-Html
X-Varnish-CookieINHashed-On
L5d-Success-Class
Memcached
X-Varnish-CookieHashed-On
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-NU-AKA-ACS-Version
Candidate-Md5Url
X-Origin
X-Zone
X-Loc
Ssr
WP-Super-Cache
HA-Ipaddr
Fastly-SIE
Thinkindot-CacheControl-Type
TDXMobile
X-Qloud-Router
Thinkindot-Control
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
Thinkindot-CacheControl
X-Trace-ID
X-Varnish-Beresp-Ttl
X-Ua-Device
AMP-Access-Control-Allow-Source-Origin
X-CLOUD-TRACE-CONTEXT
X-Is-Gdpr
X-Worker
X-Mvc-Supplant-OutputCached
X-Pod-Name
X-JWT-State
X-Has-Esi
X-Amzn-Remapped-Content-Length
Cf-Device-Type
X-Up
X-LB-ID
X-Ratelimit-Remaining
WWW-Authenticate
Pics-Label
On-Server
CDN
X-NC
Ms-Author-Via
X-API-Version
X-Generated-In
X-Cache-Enabled
X-Vc
X-NWS-UUID-VERIFY
Esi-Enabled
X-Datadome
Memory
Time
X-LB-NoCache
NtCoent-Length
X-Backend-TTL
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Refresh
X-DynaTrace-JS-Agent
X-Service
Magicmarker
X-Via-Popv
X-Via-Popn
X-Tb-Optimization-Total-Bytes-Saved
C-Via
X-Via-Poph
X-DC
X-Dynatrace
X-TA-CDN-Provider
X-Cache-PHP
X-Varnish-Ttl
Env
X-Cache-Ttl
X-Edge-Pop
X-TraceId
X-Parent-Response-Time
X-Tt-Logid
Kp-EeAlive
X-Optimistic-Header
GeoIp-Country-Code
X-CacheTTL
X-Cache-Status-Check
S-Rt
X-Restarts
X-Render-Time
X-Servedbyhost
X-Esi
X-Srv
Server-ID
X-Unique-ID
X-DB
X-Wix-Viewer-Type
WebServer
X-Action
X-ZONE
X-Cache-Backend
X-RPM
X-Varnish-Beresp-TTL
X-RPS
X-RSL
Edge-Cache
X-DW
X-DSS
X-DI
X-Info
X-MSEdge-Flight
X-MSEdge-Features
X-TX-ID
X-Minions-Version
X-AIR-PT
X-VCL-Version
X-Cs
X-Akamai-Request-ID2
X-Http-Reason
Proxy-Connection
X-Traceid
X-LI-Proto
X-App
X-Newrelic-Synthetics
X-Webkit-CSP-Report-Only
X-Clientip
X-HA-Backend
X-Fpc
X-URL
X-Oss-Request-Id
X-Li-Proto
X-Oss-Storage-Class
X-Oss-Object-Type
Cache-Host
X-Oss-Hash-Crc64ecma
X-Webkit-Csp-Report-Only
HIT
X-Oss-Server-Time
Test
UCS
Accept-Language
X-FPC
S-Cnection
X-NODE
X-LiteSpeed-Cache-Control
X-Ec-Fail
X-Vcl-Version
Tcn
X-Ec-GeoHdr
Geo-Info
X-User
Server-Id
Section-Io-Origin-Status
Lb
X-Urbn-Context-Path
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Origin-Responded
X-B3-Spanid
Locale
X-Urbn-Site-Id
X-Pass-Why
Fastly-Backend-Name
X-Micro-Cache
User-Agent
X-Pad
X-HostName
X-LiteSpeed-Tag
X-Backend-Host
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
X-CSRF-TOKEN
GeoIP-Country-Code
X-Release
Resin-Trace
Cdncip
Cdnsip
X-ID
X-BBC-Origin-Response-Status
X-APP
X-Ha-Backend
X-AK-Request-ID
M-TraceId
X-BCube-Filmed-By
Hostname
X-Check-Cacheable
X-WADP-Cache
Cluster
X-Fmm-Version
My-App
Ohc-File-Size
X-Clara-WADP
X-ServedByHost
Hit
X-Geo
X-Dynatrace-Js-Agent
X-ES-SERVER
X-ElasticPress-Query
ENV
EpKe-Alive
Geoip-Latitude
Cache-Key
X-Edge-POP
X-Amz-Meta-Cb-Modifiedtime
Path
CPC-Cache
VNS-Cache
CPC-Age
MIME-Version
VNS-Age
Tracecode
X-WA
X-WA-Info
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-CUA
X-Var-Ttl
X-RateLimit-Reset
X-Edge-Cache
T-Server
X-NGINX-Cache
X-From
X-HS-Status
Lfy
Load-Balancing
X-Api-Version
X-Akamai-Pragma-Client-IP
Srv
Lang
X-Fragments
X-RAMCache
Servername
X-Ucs
X-Cdn-Forward
X-ServerName
Pagetype
Shield-Pop
X-PJAX-URL
URI
X-Wikidot-Backend
X-Cms-Context
X-Wikidot-Static-Cache
X-Fastly-Backend-Reqs
X-Via-Ucdn
X-Newrelic-App-Data
X-GoCache-CacheStatus
X-CCDN-CacheTTL
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Target-Params
X-UP
X-Mcache
MD5-Digest
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Fastly-Cache-Hits
X-TRACE-ID
X-Dw-Trace-Id
X-Nc
Cneonction
X-Lb-Id
Ohc-Cache-HIT
Server-Hostname
Cdn
Uri
WZWS-RAY
IsBot
X-B3-ParentSpanId
Server-Ext
Sever-Int
X-SIPLIST1
X-VG-WebServer
X-VC
X-Cdn-Request-ID
X-Apw-Hits
PICS-Label
X-UA
X-Contensis-Viewer-Groups
X-Swift-Error
X-Acquia-Application-UUID
X-Snapshot-Date
Cteonnt-Length
X-Acquia-Site
X-Acquia-Purge-Tags
W
X-Acquia-Application-Trace
X-Cache-ASPX
X-Apw-Access-Action
Vha6-Origin
X-Apw-Access-Token
Cf-Ipcountry
X-Yottaa-OS
CF-Cached-On
X-Cache-Expires
X-Apw-Access-Object
X-Air-Pt
DataCenter
Sid
X-Cache-Ngx
Permissions-Policy
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
GeoIP-Latitude
X-Akamai-ERRuleID
FSS-Cache
X-Last-Modified
X-Akamai-ERPolicy
Server-Ttl
X-Varnish-Authentication
X-Http-Count
Req-ID
X-Logging-Id
Ngx
X-Provided-By
X-Sentry-ID
X-Platform-Router
X-Akamai-Request-ID
X-B3-Parentspanid
X-Miniprofiler-Ids
HitType
X-Platform-Cluster
X-Lb-Nocache
CountryCode
Dnion-Transfer-Encoding
X-Platform-Processor
X-CacheKey