Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-Ua-Compatible
X-AH-Environment
X-Backend
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Ac
X-Url
X-Content-Type
X-PC
X-Vname
X-TtlSet
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Server-Name
X-FastCGI-Cache
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Aws-Lambda-Call-Status
X-Upstream
X-MS-InvokeApp
MS-Author-Via
X-GitHub-Request-Id
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-Px
Accept-Ch
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Arr-Disable-Session-Affinity
X-Navigation-Version
RTSS
Access-Control-Request-Method
X-Country-Code
X-NF-Request-ID
X-Origin-Cache
X-Powered-By-Plesk
X-Goog-Hash
X-Exp-Id
X-Cdn-Fetch
X-Instrumentation
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kraken-Loop-Name
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Server-Lifecycle-Phase
X-Powered-CMS
AR-ATIME
AR-Request-ID
AR-SID
AR-CACHE
AR-PoweredBy
X-Version
Display
Pagespeed
X-Middleton-Display
X-Sol
Response
X-Amz-Server-Side-Encryption
X-Middleton-Response
X-MSEdge-Ref
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TTL
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
TCN
X-RateLimit-Remaining
X-Protected-By
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Shield-Request-Id
X-T
X-Content-Security-Policy-Report-Only
X-Forwarded-For
S
X-Aspnetmvc-Version
X-Id
Content-MD5
X-Mg-S
Edge-Cache-Tag
X-Mid
Fastcgi-Cache
Realpath
SPIisLatency
SPRequestDuration
Front-End-Https
X-Language
X-Recruiting
X-CST
X-Request-Processing-Time
X-Request-Received
X-MCACHE
Pinterest-Version
Filters
X-Pinterest-Rid
Pinterest-Generated-By
Server-Node
X-Ab
X-Ua-Browser
X-Content
Server-Name
X-Frontend
X-Ruxit-Js-Agent
X-DynaTrace
X-Ttl
X-ECACHE
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-SharePointHealthScore
X-Yandex-Sdch-Disable
X-NWS-LOG-UUID
X-HS-Combine-CSS
SPRequestGuid
X-Correlation-Id
X-Ser
X-Ezoic-Cdn
X-Cache-Key
X-Parallel-Accel
X-Hits
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-Template
Alternate-Protocol
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Content-Options
MicrosoftSharePointTeamServices
Cache-Tags
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Charset
Cleartype
X-B3-Sampled
X-Page-Id
Host
X-Git-Hash
X-Www-Served-By
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Amzn-Trace-Id
X-Hostname
X-Amz-Replication-Status
X-Daa-Tunnel
X-Content-Digest
X-Accel-Expires
X-Fastly-Request-Id
X-Varnish-Age
Filterid
X-Az
X-AppVersion
X-Activity-Id
X-FB-Debug
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-VCache
X-Rid
X-Upgrade-Enabled
TP-Cache
X-Grace
TP-L2-Cache
X-Nginx-Upstream-Cache-Status
X-Origin-Server
Access-Control-Allow-Method
X-N
X-F-Cache
X-LB-Cache
ServerID
X-Mobile-URL
X-Request-Guid
X-Aspnet-Duration-Ms
X-Flags
X-Server-ID
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-TT
X-Ratelimit-Limit
X-Whom
X-Varnish-Grace
Viewport
X-XRDS-LOCATION
X-Goog-Stored-Content-Length
X-Type
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-WebKit-CSP-Report-Only
X-Goog-Generation
X-Goog-Metageneration
X-Tb
X-FW-Server
Payment
Node
X-App-Environment
X-FW-Dynamic
X-FW-Static
X-FW-Hash
X-FW-Type
X-FW-Serve
DC
X-App-Server
X-Distributor
X-Seen-By
Paypal-Debug-Id
X-User-Agent
X-Oneagent-Js-Injection
X-NGENIX-Cache
Country
Fastcgi-Useragent
X-Origin-Upstream-Status
Accept-Charset
X-Litespeed-Cache
X-Cache-Control
X-Wix-Request-Id
X-Cache-Rule
X-Logged-In
Version
X-Webkit-CSP
X-Fastly-Request-ID
X-DataDome
X-Cache-Age
X-Microsite
X-Request-Handler-Origin-Region
X-Drupal-Cache-Tags
X-Via-JSL
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Referer-Policy
X-Tec-Api-Origin
X-Cluster-Name
X-Tec-Api-Version
X-Tec-Api-Root
X-B-Cache
X-Signature
X-Load-Cache
X-Varnish-Backend
X-Contextid
Refresh
Cache-Status
X-Response-Served-From
VIX-Pulpo-Node
X-Node-Name
X-Mobile
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
Access-Control-Request-Headers
SD-X-WS
X-Vgn-Hpd-Reason
X-Cacheable-TTL
X-Cache-Expired-At
X-Buckets
X-Jobs
X-Real-IP
X-Page-View
X-Is-Bot
Amp-Access-Control-Allow-Source-Origin
X-ProcessESI
X-Proxy-Cache-Status
X-Yottaa-Optimizations
X-RemovedCookies
X-B
X-Yottaa-Metrics
X-Rendered-As
X-Debug
X-Fastcgi-Cache
X-Revision
X-UUID
X-IPLB-Instance
X-Device-Type
X-Instance
X-Cache-Action
X-Proxy
X-G
X-Cache-Time
X-Drupal-Cache-Contexts
X-Rule
NGB
X-Framework
X-Debug-IsPreview
X-Debug-IsConnected
Akamai-GRN
Surrogate-Key
X-FW-Version
X-Air-Source
X-Ratelimit-Reset
X-Air-Hostname
X-Air-Trace-Id
SID
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
CF-IPCountry
DynaTrace
GEO-INFO
X-PressLabs-Stats
X-Azure-Ref
Liferay-Portal
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Nginx-Cache
Count-Hit
X-Ms-Request-Id
X-Source
X-Ms-Version
Healthy
Frame-Options
X-Cache-Operation
X-Presslabs-Stats
X-Accel-Buffering
Uber-Trace-Id
Ms-Operation-Id
X-XRDS-Location
MS-CV
X-CDN-Forward
X-RTag
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-Cache-NGX
X-Zen-Fury
X-Tumblr-User
X-Environment-Context
X-L-Path
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Xserver
Countrycode
X-Varnish-Server
X-Backend-Name
X-Cache-Hit
X-Mode
Cross-Origin-Window-Policy
Ec-Rule-Version
X-RateLimit-Limit
X-Region
X-IPS-LoggedIn
X-Forwarded-Host
Protected
X-Servername
X-Cache-TTL-Remaining
X-Content-Powered-By
Backend
X-Detected-As
X-SaId
X-Cache-Type
X-UPSTREAM-Address
X-Tid
X-RN-RSRV
Meta-Geo
X-Rewrite-Enabled
X-JoinUs
Section-Io-Cache
X-Alternate-Cache-Key
X-Cache-Grace
Eomportal-Instance
X-Varnish-Beresp-Grace
X-Cache-Server
Apigw-Requestid
X-Debug-Cache
X-Generation-Time
X-ShardId
X-Extlb
X-Proxied
X-Zipkin-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Routing-Service
Decoy-Debug-Key
Url
Cache-Tv-Group
Country-Code
Decoy-Debug-Status
Decoy-Debug-TTL
Mn-Server-Ip
X-ApacheServer
Fastly-SSL
X-BYPASS-REASON
X-ServerID
X-PERF
X-UA-Device-Type
X-Soup
X-No-Session
X-Storage
X-Origin-Date
X-Sql-Duration-Ms
X-Sql-Count
X-PHP-Backend
X-NCache
X-Format
X-ProxyCache-Key
X-ProxyCache-Status
X-Via-Fastly
X-Hosted-By
Cache-Name
X-Uri
X-Microcachable
X-FB-TRIP-ID
X-Human
TWC-Device-Class
Selected-Fe
TWC-Connection-Speed
X-NYM-Debug-Backend
X-Pubstack
X-OCL
X-Origin-Hint
X-PCL
Property-Id
X-Status
X-Akamai-Edgescape
X-Adobe-Loc
X-Adobe-Content
X-Proxy-Build
X-Cache-Host
X-Server-W
X-Cluster-Node
X-Timing-Wait
X-Site-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Section
Webcakes-App-Version
X-Access
Webcakes-Region
TWC-GeoIP-Country
Webcakes-App-Name
X-Content-Age
X-Hyper-Cache
X-SayCDN-TTL
X-Say-TTL
X-R9-Blue-Green-Version
X-Hl-Ver
X-Say-Cacheable
X-Redis-Cache
X-Web-Node
X-Varnishpool
LB
DB-Nickname
X-Be
Content-Secure-Policy
Azure-Version
WPO-Cache-Message
Azure-RegionName
WPO-Cache-Status
Azure-SiteName
Azure-SlotName
OT-Force-Account-Verify
Azure-InstanceId
X-NewRelic-App-Data
CDN-PullZone
CDN-RequestCountryCode
X-LSADC-Cache
CDN-Uid
X-Webkit-Csp
X-Ua
Content-Disposition
X-Azure-Ref-OriginShield
CDN-RequestId
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
X-TIME
X-Generated-By
X-Trace-Id
SRV
Source
Cache
X-Nginx-Cache-Key
X-Cached-By
X-Dc
X-Ratelimit-Remaining
X-Bc-Bl
X-Unique-Id
X-TT-LOGID
X-LAGOON
X-SRV
Cache-Hits
X-Auto-Login
X-App-Version
X-Origin-TTL
Retry-After
X-Origin-CC
X-Platform-Server
X-Cache-Remote
X-Varnish-Hits
X-HTML-Minification-Powered-By
X-Loop
X-TNCMS
X-Cdn
X-Akamai-Transformed
X-Varnish-Hostname
X-S-Maxage
X-Xfnlog-Site
Xet-Cookie
X-GEO
Onion-Location
HostName
Mime-Version
X-Correlation-ID
X-CSRF-Token
ServedBy
X-Cache-Tags
X-Tumblr-Pixel-2
X-Amz-Meta-S3cmd-Attrs
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Tumblr-Pixel-3
X-Proto
X-Time
X-Request-Time
X-AOL-HN
Web-Mar-Node
X-Cache-Var-Map
X-Cache-Var
Webserver
X-EC-Lua
X-Time-Microsecs
N-Cache
X-Tenant
X-FireWall-Port
X-ECache
X-Xrds-Location
X-Endurance-Cache-Level
From-Origin
X-LJ-Flow-ID
X-Edge-Location
X-VWS-Id
X-AWS-Id
X-Request-Host
X-GG-Cache-Date
CloudFront-Viewer-Country
Nel
WP-Super-Cache
X-Origin-Response-Time
X-Via-NSCOPI
X-B3-SpanId
X-Mg-Request-UUID
X-ARC
X-Cache-NE
X-CF-Lambda-Fn
X-B-Cookie
X-VG-WebCache
X-Cache-Date
X-Vdms-Version
Meta-Geo-Continent
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Ckpd-Fst-Backend
X-Destination
X-D
X-Processor
X-TIM-N
X-SVT-ORM-VERSION
Expiry
X-Connection-Hash
X-Application
X-Vdms-Path
X-Cluster
X-Conf
X-CF-Lambda-Version
DCR-Processing-Time-Ms
Odigeo-Trace-Id
V-Age
Vix-Hermes-Req-Id
A
X-A
BehaviorPad-Version
Surrogated-Key
Pramga
Redirect-Candidate
Rendered-Blocks
Sslversion
X-A-Ccd
X-A-Dam
Xc-Version
X-Aed
DCR-Decision-By
Origin
X-Aicache-OS
X-Developer
X-A-Wwc
X-A-Dcw
X-A-Dgt
Mobile-Detection-Method
X-Cache-Enabled
DSUID
X-V-Cache
X-SD-PageType
X-Ftr-Request-Id
X-SRCache-Key
X-Forwarded-Path
X-PAYTM-SRV-ID
X-Ig-Push-State
X-PBS-Appsvrname
X-Shop-Environment
X-Session-Fingerprint
X-Rojux
X-ScT
X-S-Cookie
X-SVT-ORM-RULES
X-External-Request-Id
X-Orig-Expires
X-S
X-Amz-Apigw-Id
X-Amzn-RequestId
X-NAPM-TraceId
X-ND-Cache
Fastcgi-X-Cache-Version
X-M-Log
X-M-Reqid
X-Handled-By
X-Qnm-Cache
X-MP-GENERATED-AT
X-Request-URI
L
True-Client-Country-4JS
X-RCS-CacheZone
Host-ID
User-Cache-Control
Gh-Request-Id
X-Origin-Expires
X-Origin-Time
Traceparent
X-Policy
X-Planisys-CDN-Cache
Origin-CC
Release
Origin-EX
X-Rocket-Nginx-Serving-Static
X-Planisys-CDN-Rules
X-Owner
Svr
X-Planisys-CDN-TTL
State
Wxu-Next-Commit
X-Scheme
X-Geo-Header
X-Gen-Mode
X-Cdn-Srv
X-Slack-Backend
X-Hash
X-Skip-Cache
X-Gdpr
X-Fetched-On
X-Varnish-Beresp-Status
X-Epic-Correlation-Id
X-Sucuri-ID
X-Core-Mission
X-Sucuri-Cache
X-Cache-Bucket
X-VServer
X-Device-Os
X-Location
X-NodeID
X-Nyt-Route
Wxu-Next-Region
X-Served-From
X-LI-UUID
X-Hnp-Log
X-Block-Status
X-Server-IP
X-Li-Fabric
X-Li-Pop
Wxu-Next-Hostname
Ssr
CDCHOST
X-NWS-UUID-VERIFY
X-Labrador-Cache-Channel
CacheControlHeader
X-PHP-Host
Arc-Country
AMP-Access-Control-Allow-Source-Origin
AKAMAI
Cmsid
Cmstype
Fastly-Drupal-Html
Fastcgi-Cache-TTL
Server-Info
X-Magnolia-Registration
Environment
X-Zone
X-Reqid
X-Locale
X-Envoy-Decorator-Operation
X-Mvc-Supplant-Cachable
X-Cache-Info
X-Men
X-Level-Front-Cache
X-Adobe-Source
X-Accel-Expires-Debug
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Apple-News-Services-Host
X-Csrf-Jwt
X-Core-Value
Apple-News-Services-Handled
X-Developers
X-Old-Content-Length
X-Platform
X-Cache-Debug
X-CGP
X-Gamma-Serve
X-Generated-On
X-Branch-Name
X-Backend-State
X-BBC-Edge-Cache-Status
X-Bip
X-Forwarded-Site
X-Proxy-Upstream
X-Date
X-Datadog-Trace-Id
X-GeoIP-City
X-HN
X-Cdn-Origin
X-Eu-Site
X-GeoIP
X-Fastly-Backend
X-Fastly-Cache
Apple-News-Services-Parsed-Url
X-Thanos
X-Thinkindot-L3
X-TrackingId
X-Storefront-Renderer-Rendered
X-Sn-Servicetimems
X-Rocket-Build-Number
PFcat
X-Sigma-Backend
X-UnsetCookies
Locid
Ha-Gx-Prefs
X-Webstats-RespID
X-Backend-TTL
HA-Ipaddr
X-Viewer-Country
L5d-Success-Class
X-VarnishDD-TTL
X-VG-TLSProxy
X-Request-Start
X-Sigma
Thinkindot-CacheControl-Type
Server-Host
Thinkindot-CacheControl
TDXMobile
X-Region-Sid
Thinkindot-Control
Apple-News-Services-Request-Url
Req-Svc-Chain
X-VC-Cache
X-Varnish-Remaining-TTL
X-DPWN-IS-SECURE
X-NU-AKA-ACS-Version
X-RateLimit-Remaining-Second
X-DefElseHash
X-Worker
X-Origin
X-RateLimit-Limit-Second
X-Pod-Name
X-Esi-Check
X-DefHash
X-Variation
X-Req
X-Irp-Debug
X-Qloud-Router
X-Gzip
X-Has-Esi
X-HS-Content-Campaign-Id
X-Response-By
X-Is-Gdpr
X-Loc
X-Node-Id
X-Varnish-CookieHashed-On
X-Rebelmouse-Cache-Control
X-FC-Vary-Parameters
X-TH-Server
X-Rebelmouse-Surrogate-Control
X-Varnish-CookieINHashed-On
X-JWT-State
Memcached
Mail-Subject
Machine
We-Hiring
NGX
Cf-Device-Type
X-Cache-Id
NM-Fastcgi-Cache
Platform
Is-Eu
Fastly-GeoIP-CountryCode
X-Amzn-Remapped-Content-Length
X-ATG-Version
Web-Mar-Region
Adler-Geo
Fastly-SIE
Fastly-SWR
X-Varnish-Beresp-Ttl
X-Ua-Device
X-Cache-Config
X-CLOUD-TRACE-CONTEXT
X-CS
X-GeoIP-Country-Code
X-GeoIP-Region-Code
S-Rt
X-Tx-Id
X-Up
X-API-Version
X-Mvc-Supplant-OutputCached
X-LB-ID
X-CACHE-KEY
Magicmarker
X-Datadome
Kp-EeAlive
X-Restarts
Ms-Author-Via
X-Trace-ID
Pics-Label
X-NC
CDN
X-Generated-In
X-LB-NoCache
Memory
Candidate-Md5Url
Time
Datacenter
X-Http-Reason
X-TraceId
X-Akamai-Request-ID2
X-Varnish-Ttl
WebServer
X-DW
X-Optimistic-Header
NtCoent-Length
X-Edge-Pop
X-Via-Popn
X-Via-Poph
Env
X-RPM
X-RPS
X-Action
X-DB
X-DSS
X-DI
X-Via-Popv
X-RSL
X-Cache-Backend
Edge-Cache
X-Tt-Logid
X-DynaTrace-JS-Agent
X-URL
X-Tb-Optimization-Total-Bytes-Saved
X-Wix-Viewer-Type
X-Refresh
X-Vc
WWW-Authenticate
On-Server
X-Srv
X-Parent-Response-Time
X-CacheTTL
X-Minions-Version
X-TA-CDN-Provider
GeoIp-Country-Code
X-DC
Esi-Enabled
Accept-Language
X-HA-Backend
X-Esi
X-Servedbyhost
X-MSEdge-Flight
X-Service
C-Via
X-Unique-ID
Server-ID
X-MSEdge-Features
X-Varnish-Beresp-TTL
X-Dynatrace
X-Cs
X-TX-ID
X-Cache-PHP
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Newrelic-Synthetics
X-ZONE
Locale
X-User
X-Ec-GeoHdr
X-Ec-Fail
X-Webkit-CSP-Report-Only
X-App
X-Traceid
X-Cache-Status-Check
X-LI-Proto
X-Render-Time
X-VCL-Version
X-Fpc
X-Cache-Ttl
Test
X-Webkit-Csp-Report-Only
X-Li-Proto
X-LiteSpeed-Cache-Control
Cdnsip
X-AK-Request-ID
X-B3-Spanid
X-FPC
Cdncip
X-NODE
X-Pass-Why
Proxy-Connection
X-Vcl-Version
My-App
Server-Id
X-Mcache
X-Fmm-Version
Resin-Trace
Geoip-Latitude
Cluster
X-Clientip
X-CUA
Tracecode
X-Info
X-WADP-Cache
X-Clara-WADP
X-Var-Ttl
M-TraceId
X-AIR-PT
Lfy
Geo-Info
X-Oss-Object-Type
Fastly-Drupal-HTML
X-Oss-Hash-Crc64ecma
Cf-Int-Pingora-Origin-Digest
Cache-Host
HIT
X-Oss-Storage-Class
UCS
X-Oss-Request-Id
X-From
X-LiteSpeed-Tag
T-Server
X-Oss-Server-Time
X-CSRF-TOKEN
Lang
S-Cnection
GeoIP-Country-Code
X-ID
X-Ha-Backend
X-Fragments
Hostname
DataCenter
X-Geo
X-Pad
Target-Params
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-ServedByHost
Tcn
Hit
MIME-Version
Ohc-File-Size
X-Dynatrace-Js-Agent
X-VC
User-Agent
X-Cdn-Forward
X-RAMCache
Fastly-Backend-Name
X-ElasticPress-Query
X-Via-PopN
X-Micro-Cache
X-Via-PopV
X-Via-PopH
X-Edge-POP
X-HostName
X-Release
Load-Balancing
Section-Io-Id
Section-Io-Origin-Status
X-Api-Version
X-NGINX-Cache
X-BBC-Origin-Response-Status
ENV
Section-Io-Origin-Time-Seconds
X-Edge-Cache
Section-Origin-Responded
X-Backend-Host
X-Check-Cacheable
Permissions-Policy
Servername
X-Fastly-Backend-Reqs
X-Proxy-Cache-Info
X-Httpd
X-Ucs
X-BCube-Filmed-By
X-Lb-Nocache
X-APP
X-HS-Status
X-ServerName
X-Provided-By
FSS-Cache
X-UP
PICS-Label
ServerName
X-Nc
URI
EpKe-Alive
X-GoCache-CacheStatus
Producers
Uri
Lb
Cf-Ipcountry
X-TRACE-ID
X-Swift-Error
VNS-Age
VNS-Cache
X-B3-ParentSpanId
X-SB
X-Amz-Meta-Cb-Modifiedtime
Path
CPC-Age
WZWS-RAY
Cdn
X-RateLimit-Reset
Server-Ttl
X-Udemy-Cache-App-Namespace
Cache-Key
X-Pool
CPC-Cache
X-WA-Info
Cneonction
X-Fastly-Cache-Hits
X-Lb-Id
X-WA
Cteonnt-Length
X-Cdn-Request-ID
Ohc-Cache-HIT
X-Dw-Trace-Id
X-Yottaa-OS
X-Cache-CFC
X-ES-SERVER
X-Apw-Hits
X-Platform-Router
X-Acquia-Site
CF-Cached-On
Shield-Pop
X-Contensis-Viewer-Groups
X-Newrelic-App-Data
X-Cache-ASPX
X-Vcache
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Ec-Custom-Error
X-Apw-Access-Object
X-Acquia-Application-Trace
X-Apw-Access-Action
X-Akamai-Request-ID
X-Platform-Cluster
X-Platform-Processor
X-Apw-Access-Token
X-Wikidot-Static-Cache
X-Snapshot-Date
Vha6-Origin
X-Wikidot-Backend
Sid
X-Cache-Ngx
X-Air-Pt
GeoIP-Latitude
X-Varnish-Authentication
X-Scale
X-Shopify-Generated-Cart-Token
X-Http-Count
X-Sentry-ID
X-Logging-Id
Pagetype
CountryCode
X-Cms-Context
X-PJAX-URL
Ngx
Req-ID
X-UA
X-Last-Modified
X-Akamai-Pragma-Client-IP
X-Te-Duration-Ms
X-Http-Duration-Ms
X-Te-Count
X-CacheKey