Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
CF-Ray
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-Request-ID
X-AspNetMvc-Version
Upgrade
X-Via
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-TtlSet
X-PC
X-Vname
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
Fastly-Restarts
Cache-Tag
X-Server-Name
X-ESI
X-Aws-Lambda-Call-Status
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-Px
RTSS
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Goog-Hash
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Origin-Cache
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
AR-CACHE
AR-ATIME
X-Powered-CMS
AR-SID
AR-PoweredBy
AR-Request-ID
X-Version
Display
X-Middleton-Display
X-Sol
Pagespeed
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
Accept-Ch
X-TTL
X-LLID
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-Kinsta-Cache
X-SRCache-Store-Status
X-Edge-Location-Klb
X-Edge
Nginx-Cache
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
TCN
X-Protected-By
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-T
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
Content-MD5
S
X-RateLimit-Remaining
Edge-Cache-Tag
Fastcgi-Cache
X-Language
X-Mid
SPRequestDuration
SPIisLatency
Front-End-Https
Realpath
X-CST
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Pinterest-Version
Filters
X-DynaTrace
X-Pinterest-Rid
Pinterest-Generated-By
Server-Node
X-MCACHE
X-Frontend
Server-Name
X-Ua-Browser
X-Content
X-Ab
X-Correlation-Id
X-Ttl
X-HS-Content-Id
X-HS-Hub-Id
X-Ser
X-HS-Cache-Config
X-NWS-LOG-UUID
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-ECACHE
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Template
X-Cache-Key
X-Hits
X-Parallel-Accel
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
Alternate-Protocol
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content-Options
X-Page-Id
MicrosoftSharePointTeamServices
X-Ruxit-Js-Agent
Charset
X-B3-Sampled
Host
Cleartype
X-Www-Served-By
X-Git-Hash
X-Ratelimit-Limit
X-Geo-Country
X-Debug-Info
X-DIS-Request-ID
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Hostname
X-Amz-Replication-Status
X-Content-Digest
X-Varnish-Age
X-Fastly-Request-Id
Filterid
X-AppVersion
X-Az
X-Activity-Id
X-FB-Debug
X-Upgrade-Enabled
X-Accel-Expires
X-VCache
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Grace
X-Nginx-Upstream-Cache-Status
X-N
X-Rid
X-Origin-Server
TP-L2-Cache
TP-Cache
ServerID
Access-Control-Allow-Method
X-F-Cache
X-Mobile-URL
X-LB-Cache
X-Request-Guid
X-Route-Name
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-Server-ID
X-TT
X-Whom
X-Varnish-Grace
X-Seen-By
Viewport
X-Type
X-App-Environment
X-WebKit-CSP-Report-Only
X-Tb
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Distributor
Node
X-FW-Type
X-FW-Static
X-XRDS-LOCATION
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
Payment
Paypal-Debug-Id
DC
X-App-Server
X-User-Agent
Fastcgi-Useragent
X-DataDome
Country
Accept-Charset
X-Wix-Request-Id
X-NGENIX-Cache
X-Cache-Control
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Fastcgi-Cache
X-Cache-Rule
X-Fastly-Request-ID
Version
X-Logged-In
X-Webkit-CSP
X-Via-JSL
X-Drupal-Cache-Tags
X-Microsite
X-Request-Handler-Origin-Region
Referer-Policy
X-Ratelimit-Reset
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Amp-Access-Control-Allow-Source-Origin
X-Cluster-Name
X-Cache-Age
X-B-Cache
Refresh
X-Buckets
X-Signature
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
Cache-Status
X-Contextid
X-Varnish-Backend
X-Load-Cache
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Node-Name
X-Original-Request-Id
SD-X-WS
X-Response-Served-From
X-Mobile
X-Vgn-Hpd-Reason
X-Rendered-As
X-Is-Bot
X-Page-View
X-Real-IP
X-Cache-Expired-At
X-Proxy-Cache-Status
X-Jobs
X-Cacheable-TTL
X-B
Access-Control-Request-Headers
X-Debug
NGB
X-Yottaa-Metrics
X-UUID
X-Yottaa-Optimizations
X-Revision
X-Device-Type
X-ProcessESI
X-Proxy
X-RemovedCookies
X-Instance
X-Rule
X-IPLB-Instance
X-Cache-Action
X-Drupal-Cache-Contexts
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
Surrogate-Key
Akamai-GRN
X-Debug-IsConnected
X-Cache-Time
X-Framework
X-Debug-IsPreview
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-G
X-FW-Version
X-TEC-API-ORIGIN
X-TEC-API-VERSION
CF-IPCountry
X-TEC-API-ROOT
X-XRDS-Location
SID
DynaTrace
GEO-INFO
X-PressLabs-Stats
X-Azure-Ref
X-Ratelimit-Remaining
Liferay-Portal
X-Accel-Buffering
X-Oneagent-Js-Injection
X-Nginx-Cache
X-Source
X-Ms-Request-Id
X-Ms-Version
X-APP-VERSION
Count-Hit
X-Presslabs-Stats
Uber-Trace-Id
X-Cache-Operation
Frame-Options
MS-CV
Ms-Operation-Id
X-Cache-NGX
Healthy
X-RTag
X-CDN-Forward
X-EdgeConnect-Cache-Status
X-Zen-Fury
X-Cache-Hit
Xserver
Countrycode
X-Backend-Name
X-L-Path
X-Varnish-Server
X-Mode
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Environment-Context
Ec-Rule-Version
Protected
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Cache-TTL-Remaining
X-Forwarded-Host
X-Servername
X-Region
X-RN-RSRV
X-SaId
Backend
X-Rewrite-Enabled
X-UPSTREAM-Address
Meta-Geo
X-JoinUs
X-Detected-As
X-Tid
X-Hosted-By
X-Adobe-Loc
Apigw-Requestid
X-Content-Age
X-Adobe-Content
X-Cache-Server
X-Alternate-Cache-Key
X-Cache-Grace
X-Debug-Cache
Eomportal-Instance
Decoy-Debug-Key
X-Hyper-Cache
Decoy-Debug-Status
X-Generation-Time
Decoy-Debug-TTL
X-Extlb
LB
WPO-Cache-Message
X-Routing-Service
X-Redis-Cache
X-Sorting-Hat-ShopId
X-Sql-Count
Country-Code
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Zipkin-Id
X-Shopify-Stage
X-Sql-Duration-Ms
X-Uri
X-Content-Powered-By
WPO-Cache-Status
X-Proxied
X-No-Session
Section-Io-Cache
Mn-Server-Ip
X-Origin-Date
Url
X-Site-Version
X-Via-Fastly
X-PERF
X-ApacheServer
X-Format
X-ServerID
X-PHP-Backend
X-FB-TRIP-ID
Cache-Name
X-NCache
X-Status
Fastly-SSL
TWC-GeoIP-Country
X-NYM-Debug-Backend
X-OCL
TWC-Device-Class
X-Microcachable
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
X-Server-W
Selected-Fe
X-Origin-Hint
X-Access
Webcakes-Region
X-Cluster-Node
X-Cache-Type
X-PCL
X-Storage
X-Pubstack
X-Human
X-ProxyCache-Key
X-ProxyCache-Status
X-Timing-Wait
X-UA-Device-Type
Webcakes-App-Version
X-Section
TWC-Privacy
X-Proxy-Build
X-Akamai-Edgescape
X-Cache-Host
X-BYPASS-REASON
X-Varnish-Beresp-Grace
TWC-Locale-Group
Webcakes-App-Name
Cache-Tv-Group
X-NewRelic-App-Data
X-Say-Cacheable
X-Say-TTL
X-Web-Node
X-Varnishpool
X-SayCDN-TTL
X-Hl-Ver
CDN-Cache
CDN-RequestId
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
Content-Disposition
CDN-EdgeStorageId
X-Generated-By
X-Be
Azure-Version
Content-Secure-Policy
Azure-SiteName
Azure-SlotName
Azure-InstanceId
DB-Nickname
X-Azure-Ref-OriginShield
Azure-RegionName
X-R9-Blue-Green-Version
X-Soup
X-Ua
X-Webkit-Csp
X-LSADC-Cache
X-TIME
OT-Force-Account-Verify
X-RateLimit-Limit
X-Cached-By
X-Trace-Id
SRV
X-Nginx-Cache-Key
X-TT-LOGID
X-SRV
X-Bc-Bl
Retry-After
Cache
Source
X-Unique-Id
X-Auto-Login
X-LAGOON
X-Dc
X-Platform-Server
X-GEO
X-Cache-Remote
Xet-Cookie
X-Varnish-Hits
X-Akamai-Transformed
Cache-Hits
X-Cdn
X-Xfnlog-Site
Mime-Version
X-Origin-CC
X-Origin-TTL
X-TNCMS
X-Varnish-Hostname
X-HTML-Minification-Powered-By
X-Loop
HostName
X-S-Maxage
Onion-Location
X-Cache-Tags
X-CSRF-Token
X-Varnish-Cache-Hits
X-Amz-Meta-S3cmd-Attrs
X-Time
ServedBy
X-Tumblr-Pixel-3
X-App-Version
X-Request-Time
X-Tumblr-Pixel-2
Upgrade-Insecure-Requests
Web-Mar-Node
X-EC-Lua
Webserver
X-Proto
X-AOL-HN
X-ECache
WP-Super-Cache
X-Request-Host
N-Cache
From-Origin
X-Endurance-Cache-Level
X-Tenant
X-FireWall-Port
X-LJ-Flow-ID
X-Cache-Var-Map
X-VWS-Id
X-Cache-Var
X-AWS-Id
X-Correlation-ID
X-B3-SpanId
X-Time-Microsecs
X-Cache-Enabled
Nel
X-GG-Cache-Date
X-NWS-UUID-VERIFY
X-Origin-Response-Time
X-Edge-Location
X-PAYTM-SRV-ID
X-NAPM-TraceId
X-Ig-Push-State
X-Orig-Expires
X-Handled-By
X-ND-Cache
X-Developer
Surrogated-Key
X-Block-Status
X-B-Cookie
X-ARC
Sslversion
X-Cache-NE
X-CF-Lambda-Fn
Redirect-Candidate
Rendered-Blocks
X-Application
X-Aicache-OS
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
X-A-Wwc
X-Aed
User-Cache-Control
V-Age
Vix-Hermes-Req-Id
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
DCR-Decision-By
DCR-Processing-Time-Ms
Expiry
Fastcgi-X-Cache-Version
X-Forwarded-Path
X-Ftr-Request-Id
A
BehaviorPad-Version
X-Gen-Mode
X-External-Request-Id
X-Planisys-CDN-Cache
Odigeo-Trace-Id
X-Conf
X-Cluster
X-Connection-Hash
Mobile-Detection-Method
X-Destination
X-D
Meta-Geo-Continent
X-Hnp-Log
X-PBS-Appsvrname
X-Planisys-CDN-Rules
X-Rojux
X-SRCache-Key
X-S
X-SD-PageType
X-Vtex-Processado-Em
X-Slack-Backend
X-ScT
X-Vtex-Remote-Cache
X-Via-NSCOPI
X-S-Cookie
X-Session-Fingerprint
X-VG-WebCache
X-TIM-N
X-Vdms-Path
X-Shop-Environment
X-A-Dam
X-Planisys-CDN-TTL
X-Mg-Request-UUID
X-V-Cache
X-Processor
X-Vdms-Version
Xc-Version
X-Amzn-RequestId
X-MP-GENERATED-AT
X-PHP-Host
CloudFront-Viewer-Country
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-Cache-Bucket
CacheControlHeader
X-Webstats-RespID
X-Gdpr
CDCHOST
X-Forwarded-Site
Cmsid
Cmstype
X-SVT-ORM-RULES
X-Date
Host-ID
X-SVT-ORM-VERSION
X-Viewer-Country
Pramga
Origin
X-Cdn-Srv
Gh-Request-Id
X-Cache-Date
X-Sucuri-Cache
Svr
X-Fastly-Cache
Fastcgi-Cache-TTL
X-Sucuri-ID
State
Arc-Country
DSUID
True-Client-Country-4JS
AKAMAI
X-Location
X-Men
X-Accel-Expires-Debug
X-LI-UUID
X-Magnolia-Registration
X-Li-Pop
X-Epic-Correlation-Id
X-Mvc-Supplant-Cachable
Wxu-Next-Commit
X-Nyt-Route
Wxu-Next-Hostname
X-Proxy-Upstream
X-RCS-CacheZone
X-Old-Content-Length
Fastly-Drupal-Html
X-Li-Fabric
X-Backend-TTL
X-Adobe-Source
X-Server-IP
X-Reqid
X-Owner
X-Geo-Header
X-Policy
X-NodeID
X-Hash
X-Origin-Expires
X-Request-URI
Wxu-Next-Region
X-Scheme
X-Origin-Time
Environment
X-GeoIP-Region-Code
X-Origin
X-Cache-Info
Apple-News-Services-Host
X-CGP
Apple-News-Services-Handled
X-Backend-State
Apple-News-Services-Parsed-Url
X-Branch-Name
X-Cache-Id
X-GeoIP-Country-Code
X-Cache-Debug
Apple-News-Services-Request-Url
X-VServer
X-Storefront-Renderer-Rendered
X-Served-From
X-HS-Content-Campaign-Id
X-Irp-Debug
X-HN
X-Gzip
X-Generated-On
X-GeoIP
X-GeoIP-City
X-Level-Front-Cache
X-Request-Start
X-Rocket-Nginx-Serving-Static
X-VG-TLSProxy
X-Platform
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Locale
X-Req
X-Region-Sid
X-Skip-Cache
X-Gamma-Serve
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Csrf-Jwt
X-Core-Value
X-UnsetCookies
X-Core-Mission
X-TrackingId
X-TH-Server
X-Developers
X-Fastly-Backend
X-Fetched-On
X-Sn-Servicetimems
X-Eu-Site
X-Esi-Check
X-Device-Os
X-Envoy-Decorator-Operation
X-VarnishDD-TTL
X-Cdn-Origin
X-Qnm-Cache
Server-Info
X-M-Reqid
Release
Origin-CC
Origin-EX
Server-Host
PFcat
Ssr
HA-Ipaddr
X-M-Log
Traceparent
Ha-Gx-Prefs
Locid
L5d-Success-Class
L
We-Hiring
Mail-Subject
Web-Mar-Region
X-Xrds-Location
X-Node-Id
S-Rt
X-DPWN-IS-SECURE
X-Is-Gdpr
X-FC-Vary-Parameters
Adler-Geo
Fastly-SIE
X-Has-Esi
Cf-Device-Type
Fastly-SWR
X-JWT-State
X-Rebelmouse-Cache-Control
Fastly-GeoIP-CountryCode
X-Worker
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Req-Svc-Chain
X-BBC-Edge-Cache-Status
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-Varnish-Beresp-Status
X-Variation
X-Rebelmouse-Surrogate-Control
X-Pod-Name
X-Tx-Id
X-Zone
X-VC-Cache
X-Thinkindot-L3
X-Thanos
X-Response-By
X-NU-AKA-ACS-Version
X-Varnish-Remaining-TTL
Thinkindot-Control
X-Amzn-Remapped-Content-Length
X-ATG-Version
NM-Fastcgi-Cache
X-Bip
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Memcached
Platform
X-DefElseHash
Is-Eu
X-DefHash
Machine
X-Ua-Device
X-Trace-ID
X-Qloud-Router
X-CLOUD-TRACE-CONTEXT
AMP-Access-Control-Allow-Source-Origin
X-Esi
X-Mvc-Supplant-OutputCached
X-Varnish-Beresp-Ttl
NGX
X-Loc
X-CS
Magicmarker
X-Http-Reason
X-API-Version
X-NC
X-Restarts
X-Akamai-Request-ID2
X-Cache-Config
X-LB-ID
X-Up
Pics-Label
X-Generated-In
Kp-EeAlive
X-CACHE-KEY
CDN
Ms-Author-Via
Datacenter
X-LB-NoCache
Time
X-Wix-Viewer-Type
Env
Edge-Cache
X-Cache-Backend
X-TraceId
Memory
X-Tb-Optimization-Total-Bytes-Saved
NtCoent-Length
X-Via-Popv
X-DI
X-RPS
X-DSS
X-Via-Popn
X-DW
X-RPM
WebServer
X-DC
Candidate-Md5Url
X-Varnish-Ttl
X-Refresh
X-DB
X-RSL
X-Via-Poph
X-Action
X-Optimistic-Header
X-Tt-Logid
Accept-Language
X-Datadome
X-CacheTTL
X-Minions-Version
X-Edge-Pop
X-DynaTrace-JS-Agent
GeoIp-Country-Code
X-HA-Backend
On-Server
X-Vc
WWW-Authenticate
X-Servedbyhost
Esi-Enabled
Locale
X-Srv
X-Urbn-Site-Id
X-Urbn-Context-Path
X-MSEdge-Features
Server-ID
X-ZONE
X-Unique-ID
X-MSEdge-Flight
X-Webkit-Csp-Report-Only
X-Newrelic-Synthetics
X-Parent-Response-Time
X-Varnish-Beresp-TTL
X-Cs
X-Service
X-Ec-Fail
X-Ec-GeoHdr
X-User
C-Via
X-TX-ID
X-TA-CDN-Provider
X-VCL-Version
X-Cache-PHP
X-App
X-LI-Proto
X-Cache-Ttl
X-Fpc
X-Traceid
X-Dynatrace
X-URL
X-Render-Time
Cdncip
Test
X-AK-Request-ID
X-Cache-Status-Check
Cdnsip
X-Li-Proto
X-Pass-Why
X-WADP-Cache
X-LiteSpeed-Cache-Control
X-B3-Spanid
X-Clara-WADP
X-Fmm-Version
My-App
Cluster
X-FPC
Proxy-Connection
X-Webkit-CSP-Report-Only
X-NODE
Geoip-Latitude
X-CUA
Resin-Trace
X-Var-Ttl
X-Vcl-Version
Tracecode
X-Mcache
X-From
T-Server
M-TraceId
Lfy
Server-Id
Geo-Info
X-Fragments
Lang
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
X-Clientip
X-CSRF-TOKEN
X-AIR-PT
X-Info
DataCenter
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
UCS
X-Oss-Server-Time
X-ID
X-VC
Cache-Host
Target-Params
X-Oss-Request-Id
X-LiteSpeed-Tag
X-Ha-Backend
HIT
X-Oss-Object-Type
GeoIP-Country-Code
Hostname
X-WP-CF-Super-Cache-Cache-Control
Hit
S-Cnection
X-RAMCache
X-ServedByHost
X-Pad
X-WP-CF-Super-Cache
X-Edge-POP
X-Dynatrace-Js-Agent
X-Geo
X-Via-PopV
X-Via-PopN
X-Via-PopH
Ohc-File-Size
MIME-Version
X-Cdn-Forward
Tcn
X-SERVER-NAME
X-Api-Version
X-Edge-Cache
X-HS-Status
Section-Origin-Responded
X-ElasticPress-Query
X-Micro-Cache
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Permissions-Policy
Section-Io-Id
X-Proxy-Cache-Info
Fastly-Backend-Name
X-Provided-By
X-Check-Cacheable
Load-Balancing
User-Agent
X-NGINX-Cache
ENV
X-Httpd
Producers
WZWS-RAY
X-Ucs
Servername
X-Fastly-Backend-Reqs
X-ServerName
X-Backend-Host
X-BBC-Origin-Response-Status
X-Release
X-HostName
X-APP
X-GoCache-CacheStatus
ServerName
FSS-Cache
X-UP
Uri
PICS-Label
X-Cache-CFC
X-Lb-Nocache
X-BCube-Filmed-By
URI
X-SB
X-TRACE-ID
X-Platform-Cluster
X-RateLimit-Reset
X-Platform-Router
Cteonnt-Length
X-Swift-Error
Cdn
Ohc-Cache-HIT
X-Lb-Id
Server-Ttl
X-Platform-Processor
Cneonction
X-Udemy-Cache-App-Namespace
X-Cdn-Request-ID
X-Fastly-Cache-Hits
EpKe-Alive
X-Nc
X-Dw-Trace-Id
X-Acquia-Site
X-Acquia-Application-Trace
X-Pool
X-Scale
X-Amz-Meta-Cb-Modifiedtime
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-WA
X-Newrelic-App-Data
X-WA-Info
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Path
X-Ec-Custom-Error
Cf-Ipcountry
X-Apw-Access-Object
Shield-Pop
X-Cache-ASPX
X-Apw-Hits
VNS-Cache
VNS-Age
X-Contensis-Viewer-Groups
X-Apw-Access-Action
X-B3-ParentSpanId
X-Yottaa-OS
CF-Cached-On
Vha6-Origin
X-Vcache
X-Snapshot-Date
X-Apw-Access-Token
Cache-Key
CPC-Age
CPC-Cache
X-Air-Pt
Sid
X-Cache-Ngx
Lb
X-ES-SERVER
X-Logging-Id
X-Shopify-Generated-Cart-Token
X-CacheKey
IsBot
X-IN-APIGATEWAYSSL
X-SIPLIST1
X-IN-APIGATEWAY
X-Dispatcher-Number
X-UA
X-Cache-Expires
GeoIP-Latitude
Req-ID
X-Sentry-ID
X-Last-Modified
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
Ngx
X-Varnish-Authentication
X-Te-Duration-Ms
X-Akamai-Pragma-Client-IP
X-Wikidot-Static-Cache
X-Wikidot-Backend
CountryCode
X-Akamai-Request-ID