Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Akamai-Path-Stats
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
Host-Header
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
X-CST
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Url
X-Country
Accept-Ch
Accept-Ch-Lifetime
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-PC
X-TtlSet
X-Vname
RTSS
X-Varnish-TTL
X-Amz-Server-Side-Encryption
Edge-Control
X-VARITI-CCR
X-FastCGI-Cache
X-Server-Name
X-ESI
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Edge
X-Dw-Request-Base-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Amz-Rid
X-Px
Public-Key-Pins
X-ASPNET-VERSION
X-B3-TraceId
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Ac
X-Powered-By-Plesk
Display
Verso
Pagespeed
X-Middleton-Display
X-Sol
X-RateLimit-Remaining
X-Abt-Application-Version
X-Element-Page-Cache
X-Client-IP
X-Content-Security-Policy-Report-Only
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Ttl
X-Litespeed-Cache
Service-Worker-Allowed
X-Country-Code
X-NF-Request-ID
Response
X-Middleton-Response
X-Goog-Hash
SPIisLatency
Access-Control-Request-Method
SPRequestDuration
X-Cached
X-Kinsta-Cache
SPRequestGuid
X-SharePointHealthScore
X-Edge-Location-Klb
AR-CACHE
AR-PoweredBy
AR-SID
AR-Request-ID
AR-ATIME
X-Powered-CMS
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Correlation-Id
X-Upstream
X-LLID
Edge-Cache-Tag
X-Forwarded-For
X-TTL
X-NWS-LOG-UUID
Content-MD5
X-Cache-Key
Nginx-Cache
X-Id
X-Ruxit-Js-Agent
X-WebKit-CSP-Report-Only
X-RateLimit-Limit
X-Shield-Request-Id
X-MSEdge-Ref
TCN
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Mrf-Cache-Status
MRF-Tech
X-T
X-Recruiting
S
X-ECACHE
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Content-Digest
X-Mg-S
X-DataDome
X-HP-Webp
X-Jurisdiction
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HP-Trace-Id
X-Ua-Device
X-Grace
TP-L2-Cache
TP-Cache
X-Accel-Expires
X-DynaTrace
X-Frontend
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-Request-Received
X-Request-Processing-Time
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
Server-Node
Front-End-Https
X-Yandex-Sdch-Disable
X-Content
X-Ab
X-Ua-Browser
Filters
X-Protected-By
X-PressLabs-Stats
X-Origin-Server
X-Mcache
X-Distributor
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Hits
MS-Author-Via
Fastcgi-Cache
X-Geo-Country
X-LB-Cache
X-Microsite
X-Mid
X-Request-Handler-Origin-Region
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
Charset
Host
Cleartype
X-Webkit-Csp
X-Debug-Info
X-F-Cache
X-Forwarded-Proto
X-Page-Id
X-Fastly-Request-Id
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Git-Hash
Cache-Status
X-Cache-Age
X-Seen-By
Realpath
X-AppVersion
X-Az
X-DIS-Request-ID
X-Activity-Id
Access-Control-Allow-Method
X-Ratelimit-Reset
X-Www-Served-By
Accept-Charset
X-Webkit-CSP
X-Nginx-Upstream-Cache-Status
ServerID
Filterid
X-Server-ID
Permissions-Policy
X-Varnish-Age
Cache-Tags
Pinterest-Generated-By
X-Pinterest-Rid
X-Aspnetmvc-Version
Pinterest-Version
X-Cluster-Name
X-Rid
X-Content-Options
X-FB-Debug
X-Type
Retry-After
X-Varnish-Backend
Server-Name
Country
X-User-Agent
X-Varnish-Grace
X-App-Environment
Viewport
DC
X-Aspnet-Duration-Ms
X-B-Cache
X-Providence-Cookie
X-Drupal-Cache-Tags
X-Flags
X-Wix-Request-Id
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Tb
X-Signature
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
X-B
X-Whom
X-TT
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Language
X-Goog-Metageneration
Node
X-Goog-Generation
X-VCache
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Debug
Fastcgi-Useragent
X-Origin-Cache
X-XRDS-LOCATION
X-Midtier
X-Mobile-URL
Protected
X-NWS-UUID-VERIFY
X-N
X-Amz-Replication-Status
Payment
X-Logged-In
X-Cache-NGX
Amp-Access-Control-Allow-Source-Origin
X-Load-Cache
Surrogate-Key
X-Oracle-Dms-Ecid
WPO-Cache-Status
WPO-Cache-Message
X-Cache-Control
X-Oracle-Dms-Rid
Count-Hit
X-Contextid
X-MCACHE
X-Via-JSL
Alternate-Protocol
Healthy
X-Node-Name
X-ECache
X-Restarts
X-Mobile
X-NGENIX-Cache
X-Erf-Bev-Bev
X-Browser-Type
X-B3-Traceid
X-Erf-Bev-Bev-Is-Generated
X-Proxy
Content-Disposition
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-Original-Request-Id
SD-X-WS
X-Response-Served-From
Refresh
X-Cache-Time
Url
Akamai-GRN
X-Jobs
X-G
X-XRDS-Location
X-Zen-Fury
X-Servername
X-Real-IP
X-UUID
Uber-Trace-Id
X-Akamai-Request-ID2
X-Cache-TTL-Remaining
X-Revision
X-Adobe-Loc
X-Page-View
X-Adobe-Content
X-Drupal-Cache-Contexts
X-Instance
X-Framework
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
X-Cache-Grace
VIX-Pulpo-Node
NGB
X-Debug-IsPreview
X-Debug-IsConnected
X-Device-Type
X-Http-Reason
X-Proxy-Cache-Status
X-Rendered-As
X-Mg-Request-UUID
X-Is-Bot
Access-Control-Request-Headers
X-Varnish-Server
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Template
X-IPLB-Instance
X-Environment-Context
X-L-Path
X-Hostname
X-HTML-Minification-Powered-By
X-EdgeConnect-Cache-Status
Version
X-Source
Frame-Options
MS-CV
X-RTag
Accept-Language
Countrycode
Ms-Operation-Id
Liferay-Portal
Referer-Policy
X-Trace-Id
X-Oneagent-Js-Injection
X-NYM-Debug-Backend
X-Fastly-Request-ID
X-Datadome
X-App-Server
X-Cache-Rule
X-Cache-Hit
X-Cache-Expired-At
X-Ratelimit-Remaining
From-Origin
Cross-Origin-Window-Policy
X-Vgn-Hpd-Reason
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Backend
X-IPS-LoggedIn
X-Nginx-Cache
X-Hosted-By
X-APP-VERSION
X-Unique-Id
X-COUNTRY
X-FW-Version
Content-Secure-Policy
X-ProcessESI
X-RN-RSRV
X-Status
Meta-Geo
X-RemovedCookies
WP-Super-Cache
X-UPSTREAM-Address
Load-Balancing
Upgrade-Insecure-Requests
Section-Io-Cache
CF-IPCountry
X-Ratelimit-Limit
X-Cache-Server
X-OCL
X-PCL
X-Generation-Time
X-No-Session
X-FB-TRIP-ID
X-Ua
Fastly-SSL
X-UA-Device-Type
X-Content-Age
X-LJ-Flow-ID
Property-Id
S-Rt
X-Redis-Cache
X-Sql-Count
Mn-Server-Ip
X-PHP-Backend
X-Origin-Hint
X-Origin-Date
X-Format
X-Be
X-Labrador-Cache-Channel
X-Server-W
X-PHP-Host
X-Region
Apigw-Requestid
X-Cluster-Node
X-Sql-Duration-Ms
Webcakes-App-Name
Webcakes-App-Version
X-VWS-Id
X-Request-Time
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Varnish-Cache-Hits
Webcakes-Region
X-Akamai-Edgescape
X-AOL-HN
X-Via-Fastly
X-Section
X-Access
TWC-GeoIP-Country
TWC-Privacy
TWC-Connection-Speed
X-AWS-Id
X-Cache-Enabled
TWC-Device-Class
X-Mode
X-Generated-By
X-Content-Powered-By
X-Sorting-Hat-PodId
Azure-SlotName
X-Cache-Host
X-ApacheServer
X-Sorting-Hat-ShopId
X-Debug-Cache
X-Locale
X-Human
X-Adobe-Source
X-Cms-Context
Azure-InstanceId
Azure-RegionName
Eomportal-Instance
X-Cache-Tags
Locale
X-BYPASS-REASON
X-Forwarded-Host
Azure-Version
Azure-SiteName
X-ShardId
X-ProxyCache-Status
X-Urbn-Site-Id
X-Shopify-Stage
X-Urbn-Context-Path
X-Platform-Server
X-Storage
X-Uri
X-Say-Cacheable
X-VC-Cache
X-Site-Version
X-Xfnlog-Site
X-SayCDN-TTL
X-Say-TTL
X-PERF
X-ProxyCache-Key
X-Nginx-Cache-Key
X-Alternate-Cache-Key
X-ShopId
X-GeoCode
X-GeoCountry
X-GG-Cache-Date
X-Handled-By
X-Extlb
X-Zipkin-Id
X-SaId
X-ServerID
X-Backend-Name
X-Web-Node
X-Detected-As
X-Hl-Ver
X-Proxied
X-Tid
X-Dc
X-Routing-Service
X-JoinUs
X-Varnishpool
X-Cache-Type
X-Storefront-Renderer-Rendered
X-Edge-Location
X-Proto
X-Timing-Wait
Selected-Fe
Cache-Tv-Group
X-Proxy-Build
ServedBy
Ec-Rule-Version
CDN-CachedAt
CDN-Cache
X-NewRelic-App-Data
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestId
CDN-RequestCountryCode
CDN-Uid
X-CDN-Forward
Fastly-Drupal-Html
Web-Mar-Node
X-Cache-Action
Onion-Location
X-LSADC-Cache
X-GEO
X-App-Version
Webserver
X-IPLB-Request-ID
X-Magnolia-Registration
X-Cached-By
X-Varnish-Hostname
Cache-Hits
SRV
X-Hyper-Cache
X-Parallel-Accel
X-Cluster
X-Cache-Operation
X-Cache-Remote
X-Air-Trace-Id
Mime-Version
X-Envoy-Decorator-Operation
X-Tt-Logid
X-Air-Hostname
X-Air-Source
X-Rewrite-Enabled
X-Fastcgi-Cache
X-Varnish-Hits
X-Soup
SID
X-Rule
X-Cdn
X-Origin-CC
X-Origin-TTL
Xserver
Xet-Cookie
X-Pubstack
X-Accel-Buffering
X-Reqid
Server-Info
LB
Cache
X-Microcachable
DB-Nickname
X-MP-GENERATED-AT
X-SRV
X-CSRF-Token
Source
X-TA-CDN-Provider
X-Tumblr-Pixel-2
Country-Code
X-Tumblr-Pixel-3
X-TT-LOGID
X-Xrds-Location
X-Buckets
X-Via-NSCOPI
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Request-Host
X-Tx-Id
X-Origin-Response-Time
X-Skip-Cache
X-Endurance-Cache-Level
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
Sslversion
Rendered-Blocks
Surrogated-Key
Odigeo-Trace-Id
X-A
T-Server
Pramga
MD5-Digest
Cdnsip
Cmsid
Cmstype
Cdncip
Candidate-Md5Url
A
BehaviorPad-Version
Cache-Key
DCR-Decision-By
DCR-Processing-Time-Ms
X-Aed
Meta-Geo-Continent
Mobile-Detection-Method
Lang
Host-ID
Expiry
Fastcgi-X-Cache-Version
NM-Fastcgi-Cache
X-Conf
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-Shop-Environment
X-S-Cookie
X-S
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Rojux
X-SRCache-Key
X-Tenant
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-TIM-N
X-TrackingId
X-User
X-Orig-Expires
X-NAPM-TraceId
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Status-Check
X-Cache-NE
X-BCube-Filmed-By
X-Application
X-ARC
X-B-Cookie
X-Connection-Hash
X-D
X-Forwarded-Path
X-Geo-Header
X-Hash
X-Ig-Push-State
X-External-Request-Id
X-Epic-Correlation-Id
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-AK-Request-ID
X-Destination
Datacenter
DynaTrace
X-Ms-Request-Id
X-Ms-Version
X-Azure-Ref
X-Has-Esi
X-HS-Content-Campaign-Id
X-Gzip
X-Gdpr
X-GeoIP
X-Irp-Debug
Memcached
Kp-EeAlive
X-Origin
X-Origin-Expires
X-Origin-Time
Environment
X-Nyt-Route
X-Ad-Defer-Variation
X-Is-Gdpr
Is-Eu
X-JWT-State
X-Loop
X-Ftr-Request-Id
X-Fetched-On
X-Cache-Id
X-CacheTTL
X-Newrelic-Synthetics
X-Ckpd-Fst-Backend
X-Cache-Backend
Wxu-Next-Commit
X-Amzn-Remapped-Content-Length
X-Bc-Bl
Wxu-Next-Region
Wxu-Next-Hostname
X-Core-Mission
X-Core-Value
Server-Host
X-DPWN-IS-SECURE
Producers
X-Esi-Check
X-Device-Os
X-Developers
State
X-DefElseHash
X-DefHash
Platform
X-NodeID
X-SVT-ORM-VERSION
X-TNCMS
X-Variation
X-SVT-ORM-RULES
X-Sigma-Backend
X-Sigma
AKAMAI
Adler-Geo
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
We-Hiring
X-SplitTest
XM
Mail-Subject
X-Worker
X-Varnish-Remaining-TTL
X-B3-SpanId
X-Wix-Viewer-Type
X-Scheme
X-V-Cache
X-Rocket-Build-Number
X-SB
X-Varnish-Beresp-Grace
X-RCS-CacheZone
X-Time
X-AIR-PT
X-NCache
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-CGP
X-Clara-WADP
X-RateLimit-Remaining-Second
X-Csrf-Jwt
X-Wikidot-Backend
X-VServer
X-Viewer-Country
X-Via-Ucdn
X-Qloud-Router
X-WADP-Cache
CPC-Age
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Cache-Info
X-Region-Sid
X-Block-Status
X-Rebelmouse-Surrogate-Control
X-BBC-Edge-Cache-Status
X-Auto-Login
X-Aicache-OS
Redirect-Candidate
X-Rebelmouse-Cache-Control
VNS-Cache
X-Dispatcher-Number
CPC-Cache
X-Cache-Date
X-Cache-Bucket
X-Branch-Name
VNS-Age
X-Cdn-Origin
X-VarnishDD-TTL
X-Sn-Servicetimems
X-Slack-Backend
X-SIPLIST1
X-Hnp-Log
X-HN
X-Platform
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Rocket-Nginx-Serving-Static
X-Mvc-Supplant-Cachable
X-Node-Id
X-Minions-Version
X-Planisys-CDN-Cache
X-LAGOON
X-Loc
X-GeoIP-City
X-Thinkindot-L3
X-Eu-Site
X-Fastly-Cache
X-Pool
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Ec-Custom-Error
X-Served-From
X-Fmm-Version
X-Forwarded-Site
X-Gen-Mode
X-Generated-On
X-Pod-Name
X-Request-URI
X-Policy
X-Gamma-Serve
X-VG-TLSProxy
X-Level-Front-Cache
Origin
Origin-CC
Origin-EX
NGX
N-Cache
L5d-Success-Class
Machine
PFcat
Release
Ssr
Svr
Sever-Int
Server-Hostname
Req-Svc-Chain
Server-Ext
L
IsBot
CDCHOST
CloudFront-Viewer-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Varnish-Ttl
Apple-News-Services-Handled
Cluster
Fastcgi-Cache-TTL
Ha-Gx-Prefs
HA-Ipaddr
Gh-Request-Id
Fastly-SWR
Fastly-GeoIP-CountryCode
Fastly-SIE
TDXMobile
Apple-News-Services-Host
Traceparent
Thinkindot-Control
Thinkindot-CacheControl
Web-Mar-Region
Thinkindot-CacheControl-Type
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
Cache-Name
DSUID
X-Owner
X-R9-Blue-Green-Version
X-Optimistic-Header
Ohc-File-Size
X-ZONE
Fastly-Backend-Name
HostName
X-WA-Info
X-Scale
CDN
GEO-INFO
X-Correlation-ID
X-Refresh
X-Micro-Cache
Pics-Label
X-WP-CF-Super-Cache-Cache-Control
X-Httpd
X-Server-IP
X-WP-CF-Super-Cache
X-Parent-Response-Time
Path
X-CS
X-VC
X-EC-Lua
X-Srv
X-CACHE-KEY
X-From
X-Edge-Pop
X-Ah-Environment
X-LB-NoCache
X-Webstats-RespID
Servername
X-Cache-ASPX
X-NC
Cache-Host
X-Contensis-Viewer-Groups
Ngx.Var.Host
Lb
Ms-Author-Via
X-TIME
X-Location
X-Varnish-Authentication
Env
X-Servedbyhost
X-Mvc-Supplant-OutputCached
X-RateLimit-Reset
X-Varnish-Beresp-TTL
XkeyRZ
X-Proxy-CacheRZ
X-Tb-Optimization-Total-Bytes-Saved
X-Udemy-Cache-App-Namespace
X-Generated-In
Locid
X-Via-Popv
X-TraceId
X-Via-Popn
X-Amz-Meta-Cb-Modifiedtime
X-API-Version
X-Via-Poph
X-Response-By
X-Men
Arc-Country
X-Clientip
Ohc-Cache-HIT
X-Old-Content-Length
X-S-Maxage
GeoIp-Country-Code
Memory
Time
ITXSESSIONID
X-Akamai-Transformed
AMP-Access-Control-Allow-Source-Origin
X-Vc
True-Client-IP
X-DSS
X-Date
X-RPM
X-RSL
X-DI
X-Accel-Expires-Debug
X-RPS
X-HA-Backend
Client
X-DW
X-Cs
X-DB
Geoip-Latitude
X-VCL-Version
X-Dmc
Hostname
X-TRACE-ID
X-VHOST
Server-ID
X-Tec-Api-Root
X-Render-Time
X-MSEdge-Flight
X-Tec-Api-Version
X-Tec-Api-Origin
X-GeoIP-Region-Code
X-Trace-ID
X-GeoIP-Country-Code
X-MSEdge-Features
X-URL
X-Zone
X-DynaTrace-JS-Agent
X-Presslabs-Stats
X-FireWall-Port
X-Fpc
X-Api-Version
FSS-Cache
X-INCAP-ABP
X-Cache-Debug
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
X-Service
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-DC
C-Via
X-Gateway-Cache-Status
X-Gateway-Cache-Key
Rip
X-M-Reqid
X-B3-Spanid
X-M-Log
X-Webkit-Csp-Report-Only
HIT
Click-Count-Error
CacheControlHeader
Tube-Got-Eval
Tube-Get-Contents
Powered-By
Tube-Return
Click-Count-Action-Start
NtCoent-Length
Tube-Got-Results
X-Qnm-Cache
X-TX-ID
On-Server
X-TH-Server
X-PX
Esi-Enabled
X-Action
True-Client-Country-4JS
X-FPC
X-HS-Status
Test
X-Backend-TTL
X-Alfa-Service
Tcn
X-Traceid
X-NGINX-Cache
X-Check-Cacheable
Server-Id
X-Cdn-Request-ID
X-CSRF-TOKEN
Edge-Cache
OT-Force-Account-Verify
X-Pass-Why
X-Edge-Origin-Shield-Region
Cdn
X-Req
X-Edge-Origin-Shield-Bytes
User-Agent
X-Beluga-Cache-Status
X-Beluga-Record
X-Beluga-Status
X-Beluga-Trace
Geo-Info
X-Vcl-Version
X-Beluga-Response-Time
X-Proxy-Cache-Hk
Srv
X-Beluga-Node
X-Akamai-Pragma-Client-IP
X-Origin-Upstream-Status
Uri
My-App
GeoIP-Country-Code
GeoIP-Latitude
Sid
X-Via-PopV
X-Via-PopN
Proxy-Connection
X-Via-PopH
X-Ha-Backend
Resin-Trace
Srvid
Cf-Int-Pingora-Origin-Digest
WebServer
X-CLOUD-TRACE-CONTEXT
M-TraceId
X-App
X-Up
X-APP
MIME-Version
X-Webkit-CSP-Report-Only
X-Varnish-Beresp-Ttl
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Epwk-X-Cache
X-Hcs-Proxy-Type
DT-Hot-News
Server-Ttl
X-LB-ID
X-ServedByHost
X-Provided-By
X-Cdn-Forward
X-LI-UUID
X-Fastly-Backend-Reqs
X-Bip
ENV
X-Backend-Host
X-LI-Proto
X-Thanos
X-Li-Fabric
X-Newrelic-App-Data
X-Li-Pop
X-Esi
Warning
X-Request-Start
X-RAMCache
X-B3-Traceid-Primal
X-Nc
XServer
True-Client-Ip
X-Lb-Nocache
X-Geo
X-Edge-POP
X-Fetch-By
X-UnsetCookies
ServerName
X-Vercel-Id
X-Vercel-Cache
X-HostName
Dt-Hot-News
X-ElasticPress-Query
WZWS-RAY
X-ND-Cache
CF-Cached-On
X-CF-Powered-By
X-Dw-Trace-Id
X-Time-Microsecs
X-Serial
X-Akamai-Request-ID
PICS-Label
X-HITS
X-Yottaa-OS
Section-Io-Id
X-Request-Url
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
DataCenter
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Inserted-Into-Cache-At
D-Url-Rewrites
X-Cc-Via
Magicmarker
Cf-Device-Type
X-Iplb-Instance
X-Iplb-Request-Id
X-CUA
X-Vcache
X-Snapshot-Date
Cdn-Uid
Cdn-Cachedat
Cdn-Cache
Cdn-Edgestorageid
Cdn-Requestcountrycode
Servedby
Cdn-Requestid
Wp-Super-Cache
Cdn-Pullzone
Vha6-Origin
X-ATG-Version
X-Platform-Cluster
X-Platform-Processor
X-Storefront-Renderer-Verified
X-Platform-Router
X-Fragments
X-FC-Vary-Parameters
Target-Params
X-Varnish-Beresp-Status
Tracecode
X-MiniProfiler-Ids
X-LiteSpeed-Tag
X-Fastly-Backend
X-Sucuri-Cache
X-Sucuri-ID
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
X-Azure-Ref-OriginShield
Fastcgi-Cache-Ttl
X-Dist-Code
X-Release
CountryCode
X-Var-Ttl
X-Th-Server
X-Back
X-Request-URL
Content-Script-Type
Content-Style-Type
X-BBC-Origin-Response-Status