Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
X-Request-ID
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
Report-To
X-Age
X-Backend
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
NEL
X-Vhost
EagleEye-TraceId
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
X-Host
Accept-CH
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Ruxit-JS-Agent
X-Country
X-B3-TraceId
Accept-CH-Lifetime
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-PC
X-TtlSet
X-Vname
Allow
X-Clacks-Overhead
Edge-Control
X-Mod-Pagespeed
X-Varnish-TTL
X-Server-Name
X-ESI
Fastly-Restarts
X-Aws-Lambda-Call-Status
Cache-Tag
X-FastCGI-Cache
X-VARITI-CCR
Service-Worker-Allowed
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Upstream
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-GitHub-Request-Id
Public-Key-Pins
MS-Author-Via
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cnection
X-Px
RTSS
X-Cache-TTL
X-Navigation-Version
X-Kinja-Build
X-Use-Magma
X-Country-Code
Arr-Disable-Session-Affinity
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Cdn-Fetch
Access-Control-Request-Method
X-Goog-Hash
X-Powered-By-Plesk
X-NF-Request-ID
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
AR-ATIME
AR-CACHE
AR-SID
AR-PoweredBy
AR-Request-ID
X-Powered-CMS
X-Origin-Cache
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Version
Response
X-Middleton-Response
X-LLID
X-Amz-Server-Side-Encryption
X-MSEdge-Ref
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
TCN
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
X-RateLimit-Remaining
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-TTL
X-Protected-By
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-T
X-Forwarded-For
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Id
X-Mg-S
Accept-Ch
S
Content-MD5
Edge-Cache-Tag
X-CST
X-Language
SPIisLatency
SPRequestDuration
Fastcgi-Cache
X-Mid
Front-End-Https
Realpath
X-DynaTrace
X-Ttl
X-Recruiting
Server-Node
Pinterest-Version
Filters
X-Pinterest-Rid
Pinterest-Generated-By
X-Request-Processing-Time
X-Request-Received
X-Frontend
Server-Name
X-MCACHE
X-Ab
X-Content
X-Ua-Browser
X-Ruxit-Js-Agent
X-Correlation-Id
X-Cache-Key
X-Ser
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-NWS-LOG-UUID
X-Template
X-Ezoic-Cdn
X-ECACHE
X-SharePointHealthScore
SPRequestGuid
X-Hits
X-Parallel-Accel
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Server-ID
Alternate-Protocol
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Charset
X-Page-Id
Cache-Tags
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Source
Host
Fusion-Template-Id
X-B3-Sampled
Cleartype
Fusion-Component-Id
X-Git-Hash
X-Content-Options
X-Www-Served-By
X-Geo-Country
X-Webkit-Csp
X-Debug-Info
X-Hostname
X-DIS-Request-ID
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Content-Digest
X-Amz-Replication-Status
Filterid
X-Varnish-Age
X-Ratelimit-Limit
Cross-Origin-Opener-Policy
X-Activity-Id
X-AppVersion
X-Az
X-FB-Debug
X-Upgrade-Enabled
X-Grace
X-Accel-Expires
X-VCache
X-Nginx-Upstream-Cache-Status
X-F-Cache
X-Forwarded-Proto
X-N
ServerID
X-Origin-Server
X-Rid
Access-Control-Allow-Method
X-Fastly-Request-Id
X-Mobile-URL
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-LB-Cache
TP-Cache
X-Type
X-TT
TP-L2-Cache
X-Whom
Viewport
X-Varnish-Grace
X-App-Environment
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Seen-By
X-GUploader-UploadID
Payment
X-Tb
X-WebKit-CSP-Report-Only
X-DataDome
X-FW-Dynamic
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-Distributor
Node
X-User-Agent
X-XRDS-LOCATION
DC
Paypal-Debug-Id
X-App-Server
X-Fastly-Request-ID
Accept-Charset
X-Wix-Request-Id
Fastcgi-Useragent
Country
X-Cache-Control
X-NGENIX-Cache
X-Litespeed-Cache
X-Cache-Rule
X-Fastcgi-Cache
X-Origin-Upstream-Status
Version
X-Via-JSL
X-Drupal-Cache-Tags
Referer-Policy
X-Microsite
X-Logged-In
X-Request-Handler-Origin-Region
X-Oracle-Dms-Ecid
X-Cluster-Name
X-Oracle-Dms-Rid
X-Cache-Age
X-Contextid
Amp-Access-Control-Allow-Source-Origin
X-Buckets
X-Tec-Api-Root
X-Tec-Api-Origin
X-B-Cache
X-Ratelimit-Reset
X-Signature
X-Tec-Api-Version
Refresh
Cache-Status
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Load-Cache
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
X-Response-Served-From
X-Varnish-Backend
X-Node-Name
SD-X-WS
X-Mobile
VIX-Pulpo-Node
X-Real-IP
X-Rendered-As
X-Vgn-Hpd-Reason
X-Page-View
X-Is-Bot
X-Cache-Expired-At
X-B
NGB
Access-Control-Request-Headers
X-IPLB-Instance
X-Jobs
X-Proxy-Cache-Status
X-Revision
X-Cacheable-TTL
X-Cache-Action
X-Device-Type
X-Rule
X-RemovedCookies
X-Instance
X-Debug
X-ProcessESI
X-Yottaa-Metrics
X-UUID
X-Yottaa-Optimizations
Surrogate-Key
X-Proxy
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Framework
X-Debug-IsConnected
X-Cache-Time
Akamai-GRN
X-G
X-FW-Version
CF-IPCountry
X-Air-Source
X-Air-Trace-Id
SID
X-Air-Hostname
X-Presslabs-Stats
GEO-INFO
DynaTrace
X-Accel-Buffering
X-Azure-Ref
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Oneagent-Js-Injection
X-TEC-API-VERSION
X-Nginx-Cache
Liferay-Portal
Count-Hit
X-Cache-NGX
X-Source
X-Ms-Request-Id
Uber-Trace-Id
X-Ms-Version
X-Cache-Operation
X-XRDS-Location
Frame-Options
X-PressLabs-Stats
MS-CV
X-CDN-Forward
X-APP-VERSION
Ms-Operation-Id
X-Zen-Fury
X-RTag
X-EdgeConnect-Cache-Status
Healthy
X-RateLimit-Limit
X-Cache-Hit
Protected
X-Environment-Context
X-Mode
X-L-Path
Countrycode
X-Backend-Name
Xserver
X-Varnish-Server
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Ec-Rule-Version
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Ratelimit-Remaining
LB
X-Cache-TTL-Remaining
Backend
X-Hyper-Cache
X-Adobe-Loc
X-Servername
X-Region
X-Tid
X-Adobe-Content
X-JoinUs
X-RN-RSRV
X-Detected-As
X-UPSTREAM-Address
X-SaId
X-Content-Age
X-Forwarded-Host
X-Rewrite-Enabled
Meta-Geo
X-Alternate-Cache-Key
Apigw-Requestid
X-Debug-Cache
X-Shopify-Stage
X-ShopId
X-Hosted-By
X-Extlb
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Cache-Grace
X-Zipkin-Id
X-Proxied
X-Uri
Section-Io-Cache
X-Redis-Cache
X-Routing-Service
Decoy-Debug-Status
Eomportal-Instance
WPO-Cache-Status
WPO-Cache-Message
Decoy-Debug-Key
Decoy-Debug-TTL
Country-Code
X-ShardId
X-Sql-Count
X-Sql-Duration-Ms
X-PHP-Backend
Url
X-Format
X-Content-Powered-By
Fastly-SSL
X-ApacheServer
X-Cache-Server
X-FB-TRIP-ID
Cache-Name
X-Human
X-Origin-Date
X-Status
X-PERF
X-Via-Fastly
X-ServerID
X-PCL
X-No-Session
X-OCL
X-Site-Version
Mn-Server-Ip
X-Varnish-Beresp-Grace
X-NCache
X-Microcachable
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
Selected-Fe
Property-Id
CDN-Uid
TWC-Connection-Speed
TWC-Locale-Group
Webcakes-App-Name
CDN-PullZone
X-Say-TTL
X-UA-Device-Type
X-SayCDN-TTL
X-Section
X-Server-W
X-Timing-Wait
X-Say-Cacheable
X-ProxyCache-Key
X-ProxyCache-Status
X-Pubstack
X-Storage
CDN-Cache
CDN-CachedAt
X-Cache-Type
X-Cache-Host
X-BYPASS-REASON
X-Akamai-Edgescape
X-Cluster-Node
CDN-RequestId
CDN-EdgeStorageId
X-Origin-Hint
X-Proxy-Build
CDN-RequestCountryCode
X-Access
TWC-Privacy
Content-Disposition
Cache-Tv-Group
X-NYM-Debug-Backend
X-Hl-Ver
X-Generation-Time
X-R9-Blue-Green-Version
X-Soup
X-Generated-By
X-Web-Node
X-Varnishpool
X-NewRelic-App-Data
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Content-Secure-Policy
Azure-Version
X-Be
Azure-SlotName
X-Azure-Ref-OriginShield
X-LSADC-Cache
DB-Nickname
X-Webkit-CSP
X-TIME
X-Trace-Id
X-Nginx-Cache-Key
X-Ua
OT-Force-Account-Verify
Retry-After
X-Cached-By
Source
X-TT-LOGID
X-Bc-Bl
Cache
SRV
X-Unique-Id
X-Cache-Remote
X-Akamai-Transformed
X-Dc
X-Auto-Login
X-Platform-Server
X-SRV
X-GEO
X-LAGOON
X-Xfnlog-Site
X-Cdn
X-Cache-Tags
HostName
Cache-Hits
X-Origin-TTL
Upgrade-Insecure-Requests
X-EC-Lua
ServedBy
X-Varnish-Hits
X-Origin-CC
X-TNCMS
X-App-Version
X-HTML-Minification-Powered-By
Mime-Version
X-Varnish-Hostname
X-Loop
X-Varnish-Cache-Hits
X-CSRF-Token
X-S-Maxage
From-Origin
X-Time
X-Request-Time
Onion-Location
X-AOL-HN
Xet-Cookie
WP-Super-Cache
Web-Mar-Node
X-Request-Host
X-Amz-Meta-S3cmd-Attrs
Webserver
X-Proto
N-Cache
X-Xrds-Location
X-ECache
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-NWS-UUID-VERIFY
X-B3-SpanId
X-Endurance-Cache-Level
X-FireWall-Port
X-Cache-Enabled
X-Tenant
X-VWS-Id
X-AWS-Id
Nel
Ms-Author-Via
X-LJ-Flow-ID
X-Correlation-ID
X-Origin-Response-Time
X-Time-Microsecs
X-GG-Cache-Date
X-Handled-By
BehaviorPad-Version
X-PAYTM-SRV-ID
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-Ftr-Request-Id
Pramga
Mobile-Detection-Method
A
Redirect-Candidate
X-Block-Status
X-Ig-Push-State
X-Cache-NE
Odigeo-Trace-Id
X-Gen-Mode
X-Hnp-Log
Rendered-Blocks
X-Backend-TTL
Xc-Version
X-ARC
X-Application
X-Aicache-OS
X-Orig-Expires
X-D
Meta-Geo-Continent
X-NAPM-TraceId
X-ND-Cache
X-B-Cookie
X-Aed
X-S-Cookie
X-Conf
X-Epic-Correlation-Id
X-TIM-N
X-Connection-Hash
X-Edge-Location
DCR-Processing-Time-Ms
DCR-Decision-By
X-Slack-Backend
X-A-Ccd
X-SRCache-Key
X-Ckpd-Fst-Backend
X-Cluster
Expiry
X-V-Cache
X-Destination
Fastcgi-X-Cache-Version
X-VG-WebCache
Vix-Hermes-Req-Id
X-Vtex-Processado-Em
X-Developer
X-Vdms-Version
X-Cache-Var-Map
User-Cache-Control
X-Cache-Var
V-Age
X-Vdms-Path
X-A-Dam
X-A
X-CF-Lambda-Version
X-Rojux
X-S
X-ScT
Surrogated-Key
X-CF-Lambda-Fn
X-Processor
X-Forwarded-Path
Sslversion
X-A-Wwc
X-SD-PageType
X-External-Request-Id
X-A-Dgt
X-Shop-Environment
X-A-Dcw
X-Vtex-Remote-Cache
X-Session-Fingerprint
X-Reqid
X-Adobe-Source
X-Magnolia-Registration
X-Mg-Request-UUID
X-RCS-CacheZone
Cmstype
X-Date
X-Geo-Header
DSUID
Cmsid
Arc-Country
X-Forwarded-Site
Apple-News-Services-Request-Url
CDCHOST
X-Fastly-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Host-ID
State
Wxu-Next-Region
X-Sucuri-Cache
X-Labrador-Cache-Channel
X-Sucuri-ID
X-PHP-Host
X-Server-IP
Svr
X-Rocket-Nginx-Serving-Static
X-Scheme
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VG-TLSProxy
X-Viewer-Country
X-Webstats-RespID
CloudFront-Viewer-Country
X-Amz-Apigw-Id
X-Amzn-RequestId
Wxu-Next-Hostname
True-Client-Country-4JS
Wxu-Next-Commit
X-Request-URI
Gh-Request-Id
X-Cache-Bucket
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Cache-Date
X-Hash
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Origin
X-Men
X-Mvc-Supplant-Cachable
X-Policy
X-Varnish-Ttl
X-Proxy-Upstream
X-Accel-Expires-Debug
X-Origin-Expires
X-NodeID
X-Old-Content-Length
X-Origin
X-Cache-Info
X-Via-NSCOPI
X-MP-GENERATED-AT
S-Rt
Environment
X-Platform
X-RateLimit-Remaining-Second
X-Region-Sid
X-Owner
X-RateLimit-Limit-Second
We-Hiring
X-Location
X-Backend-State
X-Nyt-Route
X-Req
X-Origin-Time
X-Rocket-Build-Number
X-UnsetCookies
X-TrackingId
Web-Mar-Region
X-Varnish-Beresp-Status
X-VServer
X-VarnishDD-TTL
X-TH-Server
X-Storefront-Renderer-Rendered
X-Sigma
X-Served-From
X-Sigma-Backend
X-Skip-Cache
X-Sn-Servicetimems
X-BBC-Edge-Cache-Status
X-Locale
X-Eu-Site
X-Esi-Check
X-CGP
X-Fastly-Backend
X-Fetched-On
X-Envoy-Decorator-Operation
X-Device-Os
X-Csrf-Jwt
X-Datadog-Sampling-Priority
X-Core-Value
X-Datadog-Trace-Id
X-Core-Mission
X-Gamma-Serve
X-Gdpr
X-HN
X-Cache-Debug
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Level-Front-Cache
X-Cache-Id
X-Gzip
X-Cdn-Origin
X-Cdn-Srv
X-Generated-On
X-GeoIP
X-GeoIP-City
X-Datadog-Parent-Id
X-Branch-Name
X-Varnish-Beresp-Ttl
Fastly-Drupal-Html
CacheControlHeader
AKAMAI
Machine
Req-Svc-Chain
Release
Origin-EX
PFcat
Fastcgi-Cache-TTL
Origin-CC
Server-Host
Mail-Subject
Traceparent
Ha-Gx-Prefs
L
Fastly-GeoIP-CountryCode
L5d-Success-Class
Server-Info
Ssr
Locid
HA-Ipaddr
X-Qloud-Router
X-Tx-Id
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
X-Request-Start
X-DefHash
Memcached
X-Pod-Name
X-DefElseHash
NM-Fastcgi-Cache
Is-Eu
X-Node-Id
Thinkindot-CacheControl
X-Varnish-Remaining-TTL
TDXMobile
X-Varnish-CookieINHashed-On
Thinkindot-CacheControl-Type
Thinkindot-Control
Magicmarker
Adler-Geo
X-Http-Reason
X-Akamai-Request-ID2
X-Varnish-CookieHashed-On
X-Variation
X-DPWN-IS-SECURE
Fastly-SIE
X-Developers
Platform
X-Loc
X-Worker
X-Amzn-Remapped-Content-Length
X-FC-Vary-Parameters
X-Thinkindot-L3
X-ATG-Version
X-Response-By
X-VC-Cache
X-Qnm-Cache
X-M-Reqid
X-Trace-ID
X-M-Log
X-Ua-Device
X-Restarts
Cf-Device-Type
X-Is-Gdpr
X-Thanos
X-Has-Esi
AMP-Access-Control-Allow-Source-Origin
NGX
X-JWT-State
X-CS
X-Bip
X-Zone
X-LB-ID
X-Up
X-Mvc-Supplant-OutputCached
Kp-EeAlive
X-DI
X-DB
X-NC
X-Action
CDN
X-LB-NoCache
X-DSS
X-Wix-Viewer-Type
X-RSL
X-Cache-Config
X-Cache-Backend
X-RPS
X-DW
Pics-Label
X-Generated-In
X-RPM
X-API-Version
Edge-Cache
X-TraceId
Accept-Language
Time
Env
Memory
Datacenter
X-Tb-Optimization-Total-Bytes-Saved
X-DC
WebServer
X-Minions-Version
X-Optimistic-Header
X-Refresh
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-CacheTTL
X-Tt-Logid
X-Edge-Pop
X-Cache-Ttl
Candidate-Md5Url
X-HA-Backend
NtCoent-Length
X-Srv
GeoIp-Country-Code
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-CACHE-KEY
X-ZONE
X-DynaTrace-JS-Agent
On-Server
WWW-Authenticate
X-MSEdge-Features
X-MSEdge-Flight
X-Vc
Server-ID
X-Esi
X-Servedbyhost
X-Datadome
Esi-Enabled
X-Ec-Fail
X-Unique-ID
X-Ec-GeoHdr
X-User
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-Cs
X-TA-CDN-Provider
X-TX-ID
X-Varnish-Beresp-TTL
C-Via
X-Service
X-VCL-Version
X-Cache-PHP
X-Webkit-CSP-Report-Only
X-Newrelic-Synthetics
X-Fpc
X-Traceid
X-AK-Request-ID
X-LI-Proto
Cdnsip
Cdncip
X-App
X-URL
X-Fmm-Version
My-App
Test
X-Clara-WADP
X-Li-Proto
X-Webkit-Csp-Report-Only
X-WADP-Cache
X-LiteSpeed-Cache-Control
Cluster
Proxy-Connection
X-FPC
Geoip-Latitude
X-Cache-Status-Check
X-B3-Spanid
Tracecode
X-Var-Ttl
X-Render-Time
X-CUA
Cf-Int-Pingora-Origin-Digest
X-NODE
X-Pass-Why
T-Server
X-From
Lfy
X-Vcl-Version
Request-ID
Fastly-Drupal-HTML
X-Mcache
X-Fragments
M-TraceId
Lang
Geo-Info
Resin-Trace
DataCenter
X-VC
X-Dynatrace
Target-Params
Server-Id
X-CSRF-TOKEN
X-Ha-Backend
X-LiteSpeed-Tag
X-Clientip
GeoIP-Country-Code
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-ID
MIME-Version
Hostname
X-Edge-POP
Hit
X-Oss-Server-Time
X-Info
Cache-Host
X-Oss-Storage-Class
X-ServedByHost
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-RAMCache
HIT
X-AIR-PT
UCS
X-Geo
X-Dynatrace-Js-Agent
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
S-Cnection
X-Via-PopV
X-Provided-By
X-Pad
X-Via-PopH
X-Via-PopN
X-Cdn-Forward
X-Proxy-Cache-Info
X-RateLimit-Reset
X-Httpd
Permissions-Policy
X-NGINX-Cache
Producers
Servername
Ohc-File-Size
ENV
X-Check-Cacheable
X-Edge-Cache
WZWS-RAY
X-Api-Version
X-BBC-Origin-Response-Status
X-Cache-CFC
X-Ucs
X-ElasticPress-Query
User-Agent
X-SB
X-Fastly-Backend-Reqs
X-ServerName
FSS-Cache
X-HS-Status
X-Micro-Cache
Fastly-Backend-Name
Load-Balancing
X-Acquia-Application-Trace
X-UP
X-Acquia-Purge-Tags
X-GoCache-CacheStatus
X-Acquia-Application-UUID
X-Acquia-Site
X-Release
X-Pool
X-Udemy-Cache-App-Namespace
X-Lb-Nocache
X-Platform-Cluster
Uri
X-Backend-Host
X-Platform-Router
ServerName
X-Platform-Processor
PICS-Label
URI
X-TRACE-ID
X-Swift-Error
Tcn
Server-Ttl
X-Scale
EpKe-Alive
X-BCube-Filmed-By
Cneonction
X-Fastly-Cache-Hits
Cdn
X-APP
X-Lb-Id
X-Nc
X-Cdn-Request-ID
Cteonnt-Length
X-Ec-Custom-Error
X-UA
X-Dw-Trace-Id
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Dispatcher-Number
X-SIPLIST1
IsBot
X-Cache-Expires
Server-Hostname
Sever-Int
MD5-Digest
X-B3-Parentspanid
Server-Ext
Cf-Ipcountry
Shield-Pop
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-Yottaa-OS
Wpo-Cache-Status
Wpo-Cache-Message
Path
Ohc-Cache-HIT
X-Newrelic-App-Data
X-Vcache
X-B3-ParentSpanId
X-Cache-ASPX
Vha6-Origin
CF-Cached-On
Sid
X-HostName
X-Cache-Ngx
X-Air-Pt
Cache-Key
VNS-Cache
CPC-Age
X-Shopify-Generated-Cart-Token
CPC-Cache
X-IN-APIGATEWAYSSL
VNS-Age
GeoIP-Latitude
X-IN-APIGATEWAY
X-Amz-Meta-Cb-Modifiedtime
CountryCode
X-Sentry-ID
Req-ID
X-Akamai-Request-ID
X-Apw-Access-Object
X-Apw-Access-Action
X-Varnish-Authentication
X-Apw-Access-Token
X-Last-Modified
X-Logging-Id
X-Apw-Hits
X-Akamai-Pragma-Client-IP
X-Te-Duration-Ms
X-Http-Duration-Ms
X-Http-Count
X-WA
X-WA-Info
Ngx
X-Te-Count
X-CacheKey