Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
CF-Ray
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-Request-ID
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
Accept-CH-Lifetime
X-Vname
X-PC
X-TtlSet
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
Fastly-Restarts
X-Server-Name
Cache-Tag
X-FastCGI-Cache
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
MS-Author-Via
X-Upstream
X-Amz-Rid
X-Aws-Lambda-Call-Status
X-Vcap-Request-Id
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-Abt-Application-Version
X-D2id
X-Cache-TTL
X-Cnection
X-Origin-Cache
X-Px
Arr-Disable-Session-Affinity
Accept-Ch
Access-Control-Request-Method
RTSS
X-Country-Code
X-Goog-Hash
X-Powered-By-Plesk
X-Navigation-Version
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-NF-Request-ID
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Build
X-Powered-CMS
X-Version
X-Language
AR-CACHE
AR-SID
AR-PoweredBy
AR-ATIME
AR-Request-ID
Display
Pagespeed
X-Middleton-Display
X-Sol
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-MSEdge-Ref
X-LLID
X-Edge-Location-Klb
X-Edge
X-Kinsta-Cache
Nginx-Cache
X-Template
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Protected-By
X-Shield-Request-Id
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-TTL
TCN
X-T
X-RateLimit-Remaining
S
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Id
X-Mg-S
Content-MD5
Edge-Cache-Tag
X-Mid
Fastcgi-Cache
Realpath
SPRequestDuration
SPIisLatency
Front-End-Https
X-MCACHE
X-Ttl
X-CST
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Filters
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Server-Node
X-DynaTrace
X-Ua-Browser
X-Content
X-Ab
Server-Name
X-Frontend
X-Correlation-Id
X-ECACHE
X-NWS-LOG-UUID
X-HS-Hub-Id
SPRequestGuid
X-SharePointHealthScore
X-HS-Content-Id
X-HS-Cache-Config
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-HS-Combine-CSS
Fusion-Source
Fusion-Content-Source
X-Yandex-Sdch-Disable
X-Parallel-Accel
X-Ezoic-Cdn
X-Cache-Key
X-Hits
Alternate-Protocol
X-Ser
X-Content-Options
X-Buckets
X-Tt-Trace-Tag
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
X-Ruxit-Js-Agent
X-Page-Id
Cleartype
Host
X-Kong-Upstream-Latency
Cache-Tags
X-B3-Sampled
X-Kong-Proxy-Latency
Charset
X-Git-Hash
X-Www-Served-By
X-Geo-Country
X-Daa-Tunnel
X-DIS-Request-ID
X-Accel-Expires
X-Amzn-Trace-Id
X-Content-Digest
X-Amz-Replication-Status
X-Debug-Info
Filterid
X-Varnish-Age
X-Fastly-Request-Id
X-Az
X-Hostname
X-Activity-Id
X-AppVersion
X-FB-Debug
X-Forwarded-Proto
TP-L2-Cache
TP-Cache
X-VCache
X-Upgrade-Enabled
X-Rid
X-N
Access-Control-Allow-Method
Cross-Origin-Opener-Policy
X-Grace
X-Nginx-Upstream-Cache-Status
X-Origin-Server
X-Ratelimit-Limit
X-F-Cache
X-LB-Cache
ServerID
X-Mobile-URL
X-Flags
X-Request-Guid
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Whom
X-Server-ID
X-XRDS-LOCATION
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-TT
X-Goog-Metageneration
X-App-Environment
Viewport
X-Tb
X-Varnish-Grace
Node
X-Seen-By
Payment
X-FW-Serve
X-FW-Static
X-FW-Server
X-FW-Type
X-WebKit-CSP-Report-Only
X-Type
X-App-Server
X-FW-Hash
X-FW-Dynamic
X-Distributor
X-Origin-Upstream-Status
X-NGENIX-Cache
X-User-Agent
DC
Paypal-Debug-Id
Fastcgi-Useragent
X-Cache-Control
Accept-Charset
Country
X-Litespeed-Cache
X-Wix-Request-Id
X-Fastcgi-Cache
X-Cache-Rule
X-Logged-In
X-Microsite
X-Request-Handler-Origin-Region
X-Fastly-Request-ID
X-Webkit-CSP
Version
X-Cache-Age
X-DataDome
X-Via-JSL
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Referer-Policy
X-Drupal-Cache-Tags
X-Erf-Bev-Bev
X-Browser-Type
Amp-Access-Control-Allow-Source-Origin
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
Refresh
X-Cluster-Name
Cache-Status
X-Load-Cache
X-B-Cache
X-Node-Name
X-Contextid
X-Signature
Access-Control-Request-Headers
X-Original-Request-Id
SD-X-WS
X-Response-Served-From
X-Cache-Action
X-Cache-Expired-At
X-Is-Bot
X-Page-View
X-Real-IP
X-Rendered-As
X-Vgn-Hpd-Reason
X-Jobs
X-Proxy-Cache-Status
X-RemovedCookies
X-Instance
X-Mobile
X-Debug
X-Revision
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-UUID
X-IPLB-Instance
X-Cacheable-TTL
X-B
X-ProcessESI
NGB
X-Device-Type
X-Proxy
X-Yottaa-Optimizations
X-Rule
X-Yottaa-Metrics
X-Tec-Api-Version
X-Cache-Time
Akamai-GRN
X-Drupal-Cache-Contexts
X-G
Surrogate-Key
X-Tec-Api-Origin
X-Tec-Api-Root
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Debug-IsConnected
X-TEC-API-ROOT
X-Framework
X-Debug-IsPreview
X-Air-Hostname
X-Air-Source
CF-IPCountry
X-Air-Trace-Id
X-FW-Version
X-Ratelimit-Reset
SID
X-PressLabs-Stats
X-XRDS-Location
DynaTrace
Liferay-Portal
X-Azure-Ref
X-Nginx-Cache
Healthy
X-Oneagent-Js-Injection
GEO-INFO
X-CDN-Forward
Frame-Options
X-Source
Count-Hit
X-APP-VERSION
X-Ms-Version
X-Cache-Operation
X-Ms-Request-Id
X-Presslabs-Stats
Ms-Operation-Id
MS-CV
X-Accel-Buffering
X-RTag
Uber-Trace-Id
X-EdgeConnect-Cache-Status
X-Tumblr-Pixel-0
X-L-Path
X-Tumblr-Pixel-1
X-Tumblr-User
Xserver
X-Environment-Context
X-Tumblr-Pixel
Countrycode
X-Cache-Hit
X-Varnish-Server
X-Zen-Fury
X-Backend-Name
X-Mode
Ec-Rule-Version
X-Forwarded-Host
Cross-Origin-Window-Policy
X-Region
X-Cache-NGX
X-IPS-LoggedIn
X-Servername
Backend
X-Content-Powered-By
X-Detected-As
X-UPSTREAM-Address
X-Rewrite-Enabled
X-JoinUs
X-RN-RSRV
X-Cache-Type
X-Cache-TTL-Remaining
Meta-Geo
Protected
X-SaId
X-Cache-Server
X-Alternate-Cache-Key
X-Tid
X-Redis-Cache
Decoy-Debug-Status
X-Uri
X-Proxied
X-Generation-Time
X-Extlb
Section-Io-Cache
X-Hosted-By
X-Debug-Cache
Apigw-Requestid
X-Cache-Grace
Decoy-Debug-Key
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Sql-Count
Fastly-SSL
X-Sorting-Hat-ShopId
Eomportal-Instance
Country-Code
X-NewRelic-App-Data
X-Sql-Duration-Ms
X-Zipkin-Id
Decoy-Debug-TTL
X-Routing-Service
X-ShardId
X-ApacheServer
X-ProxyCache-Key
X-BYPASS-REASON
X-UA-Device-Type
X-PERF
X-ProxyCache-Status
Cache-Tv-Group
X-No-Session
X-Varnish-Beresp-Grace
X-Origin-Date
X-Microcachable
X-NYM-Debug-Backend
X-PHP-Backend
X-Format
X-FB-TRIP-ID
X-Storage
X-ServerID
Url
X-Human
X-Status
Cache-Name
X-RateLimit-Limit
Mn-Server-Ip
X-Via-Fastly
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
Property-Id
TWC-Connection-Speed
Selected-Fe
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Server-W
X-PCL
X-Site-Version
X-Say-Cacheable
X-NCache
X-Origin-Hint
X-SayCDN-TTL
X-OCL
X-Say-TTL
X-Soup
X-Timing-Wait
X-Section
X-Adobe-Loc
X-Access
Webcakes-Region
Webcakes-App-Version
X-Akamai-Edgescape
X-Cache-Host
X-Web-Node
X-Proxy-Build
X-Cluster-Node
Webcakes-App-Name
X-Adobe-Content
X-Content-Age
SRV
DB-Nickname
Azure-InstanceId
Azure-RegionName
X-Hl-Ver
Azure-SiteName
X-Ratelimit-Remaining
X-Varnishpool
Azure-Version
Azure-SlotName
X-Be
X-Pubstack
Content-Secure-Policy
OT-Force-Account-Verify
X-Hyper-Cache
X-R9-Blue-Green-Version
X-LSADC-Cache
CDN-Uid
CDN-RequestId
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
X-Ua
X-Webkit-Csp
CDN-Cache
CDN-RequestCountryCode
X-Generated-By
X-Azure-Ref-OriginShield
Content-Disposition
WPO-Cache-Message
WPO-Cache-Status
X-Cached-By
Cache
LB
X-Unique-Id
X-SRV
X-TIME
Source
X-Nginx-Cache-Key
X-Bc-Bl
X-LAGOON
X-TT-LOGID
X-Trace-Id
X-Dc
X-Auto-Login
Cache-Hits
Xet-Cookie
X-Origin-CC
X-Origin-TTL
X-HTML-Minification-Powered-By
X-Varnish-Hits
X-TNCMS
X-Varnish-Hostname
X-Loop
Retry-After
Mime-Version
X-GEO
X-App-Version
Onion-Location
X-Time
X-Platform-Server
X-S-Maxage
X-Amz-Meta-S3cmd-Attrs
X-Cdn
X-Akamai-Transformed
HostName
X-Xfnlog-Site
Web-Mar-Node
X-Tumblr-Pixel-2
X-CSRF-Token
X-Cache-Var-Map
X-Tumblr-Pixel-3
X-Cache-Var
X-Proto
X-Cache-Remote
X-Cache-Tags
X-Edge-Location
X-Varnish-Cache-Hits
Webserver
Upgrade-Insecure-Requests
X-Tenant
X-Request-Time
X-Time-Microsecs
X-Endurance-Cache-Level
X-ECache
X-AOL-HN
N-Cache
X-VWS-Id
X-EC-Lua
X-LJ-Flow-ID
X-AWS-Id
X-GG-Cache-Date
X-Request-Host
ServedBy
WP-Super-Cache
X-FireWall-Port
X-Qnm-Cache
X-M-Log
X-M-Reqid
Nel
X-Correlation-ID
X-Mg-Request-UUID
X-B3-SpanId
X-Via-NSCOPI
X-Amz-Apigw-Id
CloudFront-Viewer-Country
X-Amzn-RequestId
X-Labrador-Cache-Channel
X-PHP-Host
From-Origin
X-D
X-Destination
X-Connection-Hash
Redirect-Candidate
X-Conf
X-Ckpd-Fst-Backend
X-CF-Lambda-Version
Sslversion
X-Cluster
Rendered-Blocks
X-Developer
Xc-Version
X-Forwarded-Path
X-Vtex-Remote-Cache
X-Gen-Mode
X-Vtex-Processado-Em
Mobile-Detection-Method
X-External-Request-Id
Pramga
L
Origin
Odigeo-Trace-Id
X-CF-Lambda-Fn
A
CDCHOST
DSUID
X-A-Wwc
X-Aed
X-Application
X-A-Dgt
DCR-Processing-Time-Ms
X-A-Ccd
X-A-Dam
X-A-Dcw
DCR-Decision-By
X-ARC
V-Age
Fastcgi-X-Cache-Version
X-Cache-Date
Surrogated-Key
X-Cache-NE
X-Block-Status
User-Cache-Control
X-VG-WebCache
BehaviorPad-Version
X-B-Cookie
Expiry
X-A
X-Ftr-Request-Id
X-Planisys-CDN-Rules
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Vdms-Version
X-TIM-N
X-Slack-Backend
X-V-Cache
X-Shop-Environment
X-NAPM-TraceId
X-SVT-ORM-VERSION
X-ND-Cache
X-Processor
X-SVT-ORM-RULES
X-Session-Fingerprint
X-SRCache-Key
X-Rojux
X-Origin-Response-Time
X-Hnp-Log
Meta-Geo-Continent
X-Orig-Expires
X-SD-PageType
X-Planisys-CDN-TTL
X-S-Cookie
X-Ig-Push-State
X-S
X-Vdms-Path
X-Planisys-CDN-Cache
X-ScT
X-RCS-CacheZone
X-MP-GENERATED-AT
X-Origin-Time
X-Accel-Expires-Debug
X-Skip-Cache
X-Proxy-Upstream
X-Rocket-Nginx-Serving-Static
X-RateLimit-Remaining-Second
Ssr
Release
PFcat
X-Scheme
Origin-CC
Origin-EX
State
X-Server-IP
X-Policy
Wxu-Next-Commit
Wxu-Next-Hostname
X-Origin-Expires
X-RateLimit-Limit-Second
Traceparent
True-Client-Country-4JS
Wxu-Next-Region
X-NodeID
X-Epic-Correlation-Id
X-Eu-Site
X-Li-Fabric
X-VarnishDD-TTL
X-Envoy-Decorator-Operation
X-Li-Pop
Vix-Hermes-Req-Id
X-Device-Os
X-Fastly-Cache
X-Fetched-On
X-Geo-Header
X-Hash
X-VServer
X-HN
X-Gdpr
X-Webstats-RespID
X-Forwarded-Site
X-UnsetCookies
X-Date
X-Sucuri-Cache
X-Cdn-Srv
X-Sucuri-ID
X-Storefront-Renderer-Rendered
X-Nyt-Route
X-Backend-State
X-Cache-Bucket
X-CGP
X-Mvc-Supplant-Cachable
X-Core-Mission
X-Csrf-Jwt
X-LI-UUID
X-Location
X-Aicache-OS
X-Request-URI
X-Men
X-Old-Content-Length
X-Cache-Info
Ha-Gx-Prefs
Cmsid
Host-ID
Cmstype
AKAMAI
Fastcgi-Cache-TTL
Gh-Request-Id
X-Cache-Enabled
CacheControlHeader
HA-Ipaddr
L5d-Success-Class
Arc-Country
Environment
X-Handled-By
Fastly-Drupal-Html
Server-Info
X-Zone
X-NWS-UUID-VERIFY
X-Core-Value
X-Datadog-Trace-Id
X-Developers
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Magnolia-Registration
Apple-News-Services-Request-Url
X-Cache-Config
X-Cache-Id
X-Cache-Debug
Apple-News-Services-Handled
Apple-News-Services-Host
X-Esi-Check
X-BBC-Edge-Cache-Status
Apple-News-Services-Parsed-Url
X-Branch-Name
X-Cdn-Origin
X-GeoIP-City
X-Locale
X-Sn-Servicetimems
X-Sigma-Backend
X-Sigma
X-Served-From
X-TH-Server
X-Thinkindot-L3
X-Viewer-Country
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-TrackingId
X-Request-Start
X-Reqid
X-Gzip
X-HS-Content-Campaign-Id
X-ATG-Version
X-GeoIP
X-Gamma-Serve
X-Irp-Debug
X-Node-Id
X-Req
X-Platform
X-Owner
X-VC-Cache
X-Fastly-Backend
X-Rocket-Build-Number
Locid
X-Adobe-Source
Server-Host
We-Hiring
Req-Svc-Chain
Web-Mar-Region
Svr
Mail-Subject
Thinkindot-CacheControl
TDXMobile
Thinkindot-CacheControl-Type
Fastly-GeoIP-CountryCode
Thinkindot-Control
X-Xrds-Location
X-Origin
X-Generated-On
X-DefHash
X-DefElseHash
X-Pod-Name
X-Has-Esi
X-NU-AKA-ACS-Version
X-JWT-State
X-Tx-Id
X-Is-Gdpr
X-FC-Vary-Parameters
X-Level-Front-Cache
X-Loc
X-DPWN-IS-SECURE
Fastly-SIE
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Backend-TTL
X-Thanos
Machine
X-Varnish-Remaining-TTL
Adler-Geo
X-Variation
X-Varnish-CookieINHashed-On
Cf-Device-Type
Is-Eu
X-Amzn-Remapped-Content-Length
Memcached
X-Response-By
X-Worker
NGX
X-Varnish-CookieHashed-On
Platform
X-Bip
NM-Fastcgi-Cache
X-Ua-Device
X-Trace-ID
AMP-Access-Control-Allow-Source-Origin
X-CS
X-CLOUD-TRACE-CONTEXT
X-CACHE-KEY
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Varnish-Beresp-Ttl
X-Mvc-Supplant-OutputCached
X-Qloud-Router
Datacenter
X-NC
Pics-Label
X-LB-ID
X-Up
X-API-Version
X-Generated-In
CDN
S-Rt
Magicmarker
Candidate-Md5Url
Ms-Author-Via
X-Datadome
X-LB-NoCache
Kp-EeAlive
X-Restarts
X-DynaTrace-JS-Agent
X-Tb-Optimization-Total-Bytes-Saved
Time
WebServer
Env
Memory
WWW-Authenticate
X-Via-Popn
X-TraceId
X-Vc
NtCoent-Length
X-Via-Poph
X-DC
X-Varnish-Ttl
On-Server
X-Via-Popv
X-Akamai-Request-ID2
X-Tt-Logid
X-Http-Reason
X-TA-CDN-Provider
Esi-Enabled
X-Wix-Viewer-Type
X-Edge-Pop
Edge-Cache
X-Optimistic-Header
X-Cache-Backend
X-RSL
X-RPM
X-RPS
X-DB
X-DW
X-CacheTTL
X-DI
X-Action
X-Refresh
GeoIp-Country-Code
X-DSS
X-Service
X-Esi
C-Via
X-Minions-Version
X-Servedbyhost
X-Srv
Accept-Language
X-Cache-PHP
X-MSEdge-Features
X-Varnish-Beresp-TTL
Server-ID
X-Unique-ID
X-HA-Backend
X-MSEdge-Flight
X-Parent-Response-Time
X-Newrelic-Synthetics
X-Webkit-Csp-Report-Only
X-Cs
X-TX-ID
X-ZONE
X-VCL-Version
X-Urbn-Site-Id
X-Cache-Status-Check
X-Urbn-Context-Path
X-Render-Time
Locale
X-Dynatrace
X-Traceid
X-Cache-Ttl
X-App
X-LI-Proto
X-Ec-GeoHdr
X-Ec-Fail
X-Fpc
X-User
X-URL
Test
X-Li-Proto
X-Pass-Why
Proxy-Connection
X-LiteSpeed-Cache-Control
X-FPC
X-B3-Spanid
X-AIR-PT
X-Webkit-CSP-Report-Only
X-Info
X-NODE
Cdncip
Cdnsip
X-Clientip
Server-Id
Tcn
X-Vcl-Version
X-AK-Request-ID
Geo-Info
X-WADP-Cache
X-Fmm-Version
Cluster
X-Oss-Server-Time
UCS
Cache-Host
My-App
X-Oss-Hash-Crc64ecma
X-Clara-WADP
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Request-Id
HIT
M-TraceId
Tracecode
Fastly-Drupal-HTML
X-CUA
Cf-Int-Pingora-Origin-Digest
X-Var-Ttl
X-LiteSpeed-Tag
X-HostName
Resin-Trace
Geoip-Latitude
S-Cnection
X-CSRF-TOKEN
X-From
X-Ha-Backend
Lfy
T-Server
GeoIP-Country-Code
X-ID
Hostname
X-Dynatrace-Js-Agent
Lang
X-Pad
X-Fragments
Fastly-Backend-Name
X-RAMCache
X-Edge-POP
X-Mcache
Hit
Ohc-File-Size
X-ServedByHost
X-Micro-Cache
User-Agent
X-Geo
X-WP-CF-Super-Cache-Cache-Control
X-Via-PopH
X-WP-CF-Super-Cache
Target-Params
X-Via-PopV
X-Backend-Host
X-Via-PopN
X-ElasticPress-Query
X-Release
ENV
MIME-Version
X-BBC-Origin-Response-Status
X-VC
DataCenter
X-Api-Version
X-Check-Cacheable
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Cdn-Forward
X-Edge-Cache
X-NGINX-Cache
X-BCube-Filmed-By
Section-Io-Origin-Status
Section-Io-Id
X-APP
Load-Balancing
Lb
Servername
X-HS-Status
X-Fastly-Backend-Reqs
X-Ucs
X-ServerName
URI
EpKe-Alive
X-GoCache-CacheStatus
Path
X-Amz-Meta-Cb-Modifiedtime
Cache-Key
CPC-Cache
CPC-Age
VNS-Age
Permissions-Policy
FSS-Cache
X-WA
PICS-Label
X-Lb-Nocache
X-UP
X-WA-Info
VNS-Cache
X-Proxy-Cache-Info
X-Httpd
Uri
X-TRACE-ID
X-ES-SERVER
Cdn
Producers
ServerName
X-RateLimit-Reset
X-Provided-By
WZWS-RAY
Server-Ttl
X-Lb-Id
X-Cdn-Request-ID
Cteonnt-Length
Cneonction
X-Wikidot-Backend
Ohc-Cache-HIT
X-B3-ParentSpanId
X-Nc
X-Wikidot-Static-Cache
X-Fastly-Cache-Hits
X-Dw-Trace-Id
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
Pagetype
X-Apw-Access-Object
X-Acquia-Application-UUID
X-Apw-Hits
X-Cache-ASPX
Shield-Pop
X-Cache-CFC
X-SB
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-Yottaa-OS
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Apw-Access-Token
X-Apw-Access-Action
X-PJAX-URL
X-Vcache
X-Swift-Error
Vha6-Origin
X-Cms-Context
X-Newrelic-App-Data
CF-Cached-On
Cf-Ipcountry
X-Air-Pt
X-Cache-Ngx
Sid
X-UA
X-Akamai-Pragma-Client-IP
Req-ID
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
GeoIP-Latitude
X-CCDN-Origin-Time
X-Udemy-Cache-App-Namespace
X-Varnish-Authentication
X-Pool
CountryCode
X-CacheKey
X-Sentry-ID
X-Logging-Id
Ngx
X-Miniprofiler-Ids
MD5-Digest
X-Http-Count
X-Http-Duration-Ms
X-Via-Ucdn
X-Last-Modified
X-Hcs-Proxy-Type
X-Te-Duration-Ms
X-Te-Count
X-CCDN-CacheTTL