Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Pragma
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
Alt-Svc
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
P3p
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Iinfo
X-FRAME-OPTIONS
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
X-CDN
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
Upgrade
X-AspNetMvc-Version
X-Via
X-Akamai-Path-Stats
X-XSS-PROTECTION
Access-Control-Max-Age
CF-Ray
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
X-Dns-Prefetch-Control
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-Ua-Compatible
X-AH-Environment
X-Amz-Id-2
Host-Header
X-UA-Device
X-Proxy-Cache
X-Hacker
X-Rq
Grace
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Allow
EagleEye-TraceId
X-Nginx-Cache-Status
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
Cf-Edge-Cache
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-CST
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Cache-Lookup
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Url
Accept-Ch
X-Country
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-PC
X-Vname
X-TtlSet
X-Amz-Server-Side-Encryption
X-Varnish-TTL
X-VARITI-CCR
RTSS
Edge-Control
X-ESI
X-Server-Name
X-Edge
X-B3-TraceId
X-FastCGI-Cache
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Px
Public-Key-Pins
X-Dw-Request-Base-Id
X-Exp-Id
X-Cdn-Fetch
X-Amz-Rid
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Use-Magma
X-D2id
X-Cnection
X-ASPNET-VERSION
X-Ser
X-Content-Security-Policy-Report-Only
X-Navigation-Version
X-Powered-By-Plesk
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Ac
Verso
X-RateLimit-Remaining
X-Client-IP
X-Abt-Application-Version
X-Element-Page-Cache
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Cache-TTL
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Ttl
X-Litespeed-Cache
Response
X-Middleton-Response
X-Cached
X-Goog-Hash
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
X-Kinsta-Cache
X-Edge-Location-Klb
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Upstream
AR-CACHE
AR-SID
X-WebKit-CSP-Report-Only
X-Correlation-Id
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-TTL
X-LLID
Edge-Cache-Tag
X-Forwarded-For
X-NWS-LOG-UUID
X-ECACHE
Content-MD5
X-Cache-Key
X-RateLimit-Limit
Nginx-Cache
X-Id
X-Shield-Request-Id
TCN
X-MSEdge-Ref
X-Recruiting
S
X-T
MRF-Tech
Mrf-Cache-Status
X-Daa-Tunnel
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-B3-TraceId-Primal
X-DataDome
X-Content-Digest
X-Aspnetmvc-Version
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Ruxit-Js-Agent
X-Mg-S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
TP-Cache
X-Grace
TP-L2-Cache
X-Accel-Expires
X-Ua-Device
X-HS-Hub-Id
X-Webkit-Csp
X-HS-Content-Id
X-HS-Combine-CSS
X-DynaTrace
X-Frontend
X-HS-Cache-Config
Front-End-Https
X-Protected-By
X-Mcache
Server-Node
Filters
X-Request-Received
X-Request-Processing-Time
MicrosoftSharePointTeamServices
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-Ab
X-Content
X-Ua-Browser
X-Distributor
X-Origin-Server
X-PressLabs-Stats
X-Hits
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Server-ID
Fastcgi-Cache
X-LB-Cache
MS-Author-Via
X-Geo-Country
X-Microsite
X-Request-Handler-Origin-Region
Charset
Host
X-Tt-Trace-Host
X-Mid
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Cache-Age
X-Forwarded-Proto
Realpath
Cache-Status
X-F-Cache
X-B3-Sampled
Cleartype
X-Page-Id
X-Git-Hash
Cross-Origin-Opener-Policy
X-Seen-By
X-Debug-Info
X-Activity-Id
X-Az
X-AppVersion
X-Fastly-Request-Id
Permissions-Policy
Access-Control-Allow-Method
X-DIS-Request-ID
X-Nginx-Upstream-Cache-Status
Accept-Charset
X-Www-Served-By
Filterid
X-Webkit-CSP
X-Ratelimit-Reset
ServerID
Cache-Tags
X-Content-Options
X-Varnish-Age
X-FB-Debug
X-Rid
X-Midtier
X-Cluster-Name
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Type
Server-Name
Retry-After
X-Aspnet-Version
X-App-Environment
X-Amz-Meta-S3cmd-Attrs
Country
X-Varnish-Backend
X-B
X-User-Agent
X-Varnish-Grace
X-Language
X-TT
X-Signature
X-B-Cache
X-Tb
X-Drupal-Cache-Tags
Viewport
X-Whom
X-Flags
X-Aspnet-Duration-Ms
X-Wix-Request-Id
X-Is-Crawler
X-Request-Guid
DC
X-Route-Name
X-VCache
X-Providence-Cookie
Paypal-Debug-Id
X-Origin-Cache
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Node
X-GUploader-UploadID
X-Goog-Generation
X-Debug
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-NWS-UUID-VERIFY
X-Logged-In
Fastcgi-Useragent
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Protected
Payment
X-Load-Cache
X-Mobile-URL
X-Amz-Replication-Status
X-N
X-Cache-NGX
Surrogate-Key
X-XRDS-LOCATION
X-Cache-Control
Count-Hit
Amp-Access-Control-Allow-Source-Origin
X-NGENIX-Cache
X-MCACHE
Alternate-Protocol
Healthy
WPO-Cache-Message
WPO-Cache-Status
X-Restarts
X-Mobile
X-Node-Name
X-Contextid
X-XRDS-Location
X-Via-JSL
X-Erf-Bev-Bev-Is-Generated
X-Proxy
X-Browser-Type
X-Erf-Bev-Bev
Content-Disposition
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
Refresh
X-FW-Hash
X-FW-Dynamic
X-Cache-Time
X-FW-Serve
X-FW-Server
Uber-Trace-Id
Url
X-FW-Type
X-Jobs
X-FW-Static
X-Revision
X-Real-IP
X-Device-Type
X-Akamai-Request-ID2
VIX-Pulpo-Upstream-Status
Akamai-GRN
VIX-Pulpo-Node
X-G
X-Cache-TTL-Remaining
X-UUID
X-Adobe-Loc
Access-Control-Request-Headers
X-Cacheable-TTL
X-Servername
X-Zen-Fury
X-Template
X-Proxy-Cache-Status
X-Varnish-Server
X-Adobe-Content
X-Framework
X-Page-View
X-Debug-IsPreview
X-Debug-IsConnected
Frame-Options
X-Mg-Request-UUID
X-Yottaa-Optimizations
X-Is-Bot
X-L-Path
X-Yottaa-Metrics
X-Environment-Context
X-Drupal-Cache-Contexts
NGB
X-Rendered-As
X-Hostname
X-Http-Reason
X-Instance
X-Cache-Grace
Version
Referer-Policy
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-Source
X-RTag
X-EdgeConnect-Cache-Status
MS-CV
Ms-Operation-Id
Countrycode
Liferay-Portal
X-Fastly-Request-ID
Accept-Language
X-ECache
X-B3-Traceid
X-NYM-Debug-Backend
X-Cache-Rule
X-Trace-Id
X-Oneagent-Js-Injection
X-App-Server
X-Datadome
X-Cache-Expired-At
X-Cache-Hit
Cross-Origin-Window-Policy
X-Ratelimit-Remaining
X-Hosted-By
X-Unique-Id
X-Nginx-Cache
Backend
X-Tumblr-Pixel
X-IPS-LoggedIn
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
From-Origin
X-Vgn-Hpd-Reason
X-App-Version
X-Status
X-RemovedCookies
X-ProcessESI
Meta-Geo
WP-Super-Cache
X-UPSTREAM-Address
X-RN-RSRV
Load-Balancing
X-OCL
X-COUNTRY
X-VWS-Id
X-PCL
Content-Secure-Policy
X-Content-Powered-By
X-Cache-Server
X-No-Session
X-LJ-Flow-ID
X-AWS-Id
Mn-Server-Ip
CF-IPCountry
Upgrade-Insecure-Requests
S-Rt
X-Via-Fastly
X-Region
X-Request-Time
X-PHP-Backend
X-FB-TRIP-ID
Apigw-Requestid
X-Mode
Eomportal-Instance
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Origin-Date
Webcakes-App-Version
Webcakes-Region
X-Cluster-Node
Webcakes-App-Name
X-Xfnlog-Site
X-ProxyCache-Status
X-Redis-Cache
X-Alternate-Cache-Key
X-Origin-Hint
X-Storage
X-Sql-Duration-Ms
X-Section
X-UA-Device-Type
X-Varnish-Cache-Hits
X-Server-W
X-Uri
Property-Id
TWC-Connection-Speed
X-Debug-Cache
X-Format
X-Labrador-Cache-Channel
X-Cache-Enabled
X-BYPASS-REASON
X-Akamai-Edgescape
X-ApacheServer
X-Sql-Count
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
X-ProxyCache-Key
TWC-GeoIP-Country
X-PERF
X-PHP-Host
X-Access
X-AOL-HN
Section-Io-Cache
X-Content-Age
X-FW-Version
Locale
X-Cache-Host
X-Hl-Ver
Azure-Version
X-Routing-Service
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-NewRelic-App-Data
X-Be
X-JoinUs
X-Human
X-Forwarded-Host
X-GG-Cache-Date
X-Extlb
X-Cms-Context
X-Locale
X-Nginx-Cache-Key
X-Cache-Type
X-Urbn-Context-Path
X-Proxied
X-ServerID
Azure-InstanceId
X-Storefront-Renderer-Rendered
X-Site-Version
X-Tid
X-Zipkin-Id
X-Urbn-Site-Id
X-VC-Cache
X-SaId
X-Varnishpool
X-Ua
Webserver
X-Edge-Location
X-Generation-Time
X-Generated-By
X-Backend-Name
X-Proxy-Build
X-Platform-Server
X-Say-TTL
Selected-Fe
X-Cache-Tags
X-Adobe-Source
X-CDN-Forward
X-SayCDN-TTL
X-Handled-By
X-Say-Cacheable
X-Proto
X-Timing-Wait
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
X-Detected-As
X-GeoCountry
X-GeoCode
CDN-Cache
X-Web-Node
X-Dc
CDN-RequestCountryCode
X-APP-VERSION
ServedBy
Fastly-SSL
CDN-Uid
CDN-RequestId
X-Fastcgi-Cache
Ec-Rule-Version
Web-Mar-Node
Cache-Tv-Group
Onion-Location
X-LSADC-Cache
X-IPLB-Request-ID
Fastly-Drupal-Html
X-Magnolia-Registration
X-Tt-Logid
X-Varnish-Hostname
X-Cache-Action
X-Cached-By
Cache-Hits
X-GEO
X-Envoy-Decorator-Operation
SID
X-Ratelimit-Limit
X-Cache-Operation
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
LB
X-Cache-Remote
X-Cluster
X-Varnish-Hits
X-Rewrite-Enabled
Mime-Version
X-Hyper-Cache
X-SRV
SRV
X-Soup
Xet-Cookie
X-Origin-CC
X-Origin-TTL
X-Rule
X-Cdn
DB-Nickname
Cache
Xserver
X-Parallel-Accel
Server-Info
Source
X-CSRF-Token
X-Microcachable
X-Reqid
X-Via-NSCOPI
X-Pubstack
X-Time
Country-Code
X-Accel-Buffering
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Xrds-Location
X-Skip-Cache
X-Buckets
X-Cache-Status-Check
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-B3-SpanId
X-TA-CDN-Provider
X-Endurance-Cache-Level
X-Origin-Response-Time
X-Newrelic-Synthetics
X-Request-Host
X-Session-Fingerprint
X-SD-PageType
DCR-Decision-By
DCR-Processing-Time-Ms
Cmstype
Cdnsip
Cmsid
X-Shop-Environment
Expiry
Fastcgi-X-Cache-Version
X-ScT
NM-Fastcgi-Cache
X-S-Cookie
Mobile-Detection-Method
Meta-Geo-Continent
Host-ID
Lang
MD5-Digest
Cdncip
Candidate-Md5Url
X-Vdms-Version
X-Vdms-Path
X-User
X-VG-WebCache
X-Vtex-Processado-Em
XM
Xc-Version
X-Vtex-Remote-Cache
X-TrackingId
X-TIM-N
X-SplitTest
BehaviorPad-Version
Cache-Key
X-SRCache-Key
A
X-Tenant
X-Azure-Ref
Odigeo-Trace-Id
X-S
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Ec-Fail
X-External-Request-Id
X-ARC
X-Aed
X-AK-Request-ID
X-Application
X-Developer
X-B-Cookie
X-CF-Lambda-Fn
X-Connection-Hash
X-CF-Lambda-Version
X-D
X-Cache-NE
X-Destination
X-BCube-Filmed-By
X-A-Wwc
X-Forwarded-Path
Rendered-Blocks
Sslversion
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
Pramga
X-Rojux
X-Processor
X-NAPM-TraceId
Surrogated-Key
X-A-Dam
X-A-Dgt
X-Hash
X-A-Ccd
X-A
T-Server
X-Ig-Push-State
X-Conf
X-A-Dcw
X-Tumblr-Pixel-3
X-Amzn-RequestId
X-Tx-Id
Datacenter
X-Amz-Apigw-Id
X-Varnish-Beresp-Grace
X-TT-LOGID
X-SVT-ORM-RULES
X-Irp-Debug
X-Scheme
Memcached
HostName
State
X-Gzip
X-Cdn-Srv
X-Ckpd-Fst-Backend
DynaTrace
X-V-Cache
Environment
X-Geo-Header
X-CacheTTL
Server-Host
X-SB
X-Rocket-Build-Number
Redirect-Candidate
X-HS-Content-Campaign-Id
X-Sigma
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
We-Hiring
X-Bc-Bl
X-Ms-Version
Kp-EeAlive
X-Esi-Check
X-Sigma-Backend
X-NodeID
Mail-Subject
X-Cache-Id
X-Ms-Request-Id
X-Origin
X-Core-Value
X-SVT-ORM-VERSION
X-AIR-PT
X-Rocket-Nginx-Serving-Static
X-Variation
X-Region-Sid
Machine
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
PFcat
N-Cache
NGX
X-DPWN-IS-SECURE
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Request-URI
Origin
X-Datadog-Trace-Id
X-Csrf-Jwt
X-Served-From
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Core-Mission
V-Age
VNS-Cache
VNS-Age
Vix-Hermes-Req-Id
Svr
Ssr
X-Developers
Release
Producers
Platform
Req-Svc-Chain
X-DefHash
X-TNCMS
L5d-Success-Class
X-DefElseHash
X-Device-Os
X-Fetched-On
Adler-Geo
AKAMAI
X-Amzn-Remapped-Content-Length
X-Pool
X-HN
Apple-News-Services-Handled
Apple-News-Services-Host
X-Ad-Defer-Variation
CDCHOST
X-Aicache-OS
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Policy
X-Cache-Info
X-Mvc-Supplant-Cachable
X-Minions-Version
X-Cache-Date
X-NCache
X-Origin-Expires
X-Loop
X-BBC-Edge-Cache-Status
X-Nyt-Route
X-Gdpr
X-Origin-Time
X-Platform
X-Level-Front-Cache
L
Fastly-Backend-Name
X-RCS-CacheZone
X-Fastly-Cache
X-Clara-WADP
Fastly-GeoIP-CountryCode
X-VServer
X-CGP
X-Eu-Site
Is-Eu
X-Branch-Name
X-VG-TLSProxy
HA-Ipaddr
Ha-Gx-Prefs
X-GeoIP
X-Fmm-Version
CPC-Cache
X-Wix-Viewer-Type
CPC-Age
X-Worker
X-Generated-On
X-RateLimit-Remaining-Second
X-Gamma-Serve
X-Forwarded-Site
X-RateLimit-Limit-Second
X-WADP-Cache
X-ZONE
X-Cache-Bucket
X-Cdn-Origin
X-VC
X-Rebelmouse-Surrogate-Control
X-Planisys-CDN-TTL
X-LAGOON
X-JWT-State
X-Is-Gdpr
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Node-Id
X-Owner
X-Loc
X-Hnp-Log
X-Has-Esi
X-Rebelmouse-Cache-Control
X-Ec-Custom-Error
X-Dispatcher-Number
X-Ftr-Request-Id
X-Gen-Mode
X-Qloud-Router
X-R9-Blue-Green-Version
X-GeoIP-City
X-Scale
User-Cache-Control
Fastly-SIE
X-Block-Status
X-WA-Info
DSUID
Fastly-SWR
IsBot
Server-Hostname
Server-Ext
Origin-EX
Origin-CC
CloudFront-Viewer-Country
Cluster
X-Viewer-Country
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Micro-Cache
X-Via-Ucdn
X-Proxy-Upstream
Gh-Request-Id
Cache-Name
X-Auto-Login
X-Pod-Name
Sever-Int
Fastcgi-Cache-TTL
X-Slack-Backend
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-SIPLIST1
X-Varnish-Ttl
X-Optimistic-Header
Traceparent
TDXMobile
X-Thinkindot-L3
X-Sn-Servicetimems
X-CS
Web-Mar-Region
X-Cache-Backend
X-Proxy-Cache-Info
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Pics-Label
Ohc-File-Size
X-Correlation-ID
X-EC-Lua
X-Refresh
Ngx.Var.Host
Cache-Host
GEO-INFO
X-RateLimit-Reset
Servername
X-Httpd
X-Proxy-CacheRZ
XkeyRZ
X-LB-NoCache
X-Server-IP
CDN
X-CACHE-KEY
X-Parent-Response-Time
X-Mvc-Supplant-OutputCached
X-Ah-Environment
Path
X-NC
Ms-Author-Via
Env
X-Contensis-Viewer-Groups
X-Edge-Pop
Memory
X-Generated-In
Time
X-Webstats-RespID
X-Via-Popv
X-Servedbyhost
X-Cache-ASPX
X-Via-Popn
X-From
X-Via-Poph
X-Tb-Optimization-Total-Bytes-Saved
X-Udemy-Cache-App-Namespace
X-Srv
X-Location
X-Clientip
AMP-Access-Control-Allow-Source-Origin
X-API-Version
X-Varnish-Authentication
Lb
X-TIME
X-S-Maxage
X-Tec-Api-Origin
Locid
X-Tec-Api-Version
X-Tec-Api-Root
X-TraceId
X-Amz-Meta-Cb-Modifiedtime
Ohc-Cache-HIT
X-Dmc
X-Varnish-Beresp-TTL
X-Response-By
X-Men
X-Trace-ID
Arc-Country
ITXSESSIONID
X-Presslabs-Stats
X-Akamai-Transformed
GeoIp-Country-Code
X-DynaTrace-JS-Agent
X-Old-Content-Length
Server-ID
X-MSEdge-Flight
X-DW
X-Date
X-Render-Time
X-DSS
X-DB
X-RPM
X-RSL
X-DI
X-RPS
X-MSEdge-Features
Client
True-Client-IP
X-VCL-Version
X-Accel-Expires-Debug
X-HA-Backend
X-Vc
X-Cs
X-VHOST
X-Gateway-Cache-Key
Rip
C-Via
X-Gateway-Cache-Status
Geoip-Latitude
X-TRACE-ID
X-Service
X-Fpc
X-DC
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Zone
X-URL
Tube-Get-Contents
Tube-Got-Eval
X-GeoIP-Region-Code
Tube-Got-Results
Tube-Return
X-INCAP-ABP
X-FireWall-Port
Click-Count-Error
Click-Count-Action-Start
Hostname
X-GeoIP-Country-Code
X-M-Reqid
Esi-Enabled
X-Qnm-Cache
X-M-Log
X-Cache-Debug
X-TX-ID
On-Server
FSS-Cache
NtCoent-Length
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Srv
X-Api-Version
Powered-By
HIT
X-Webkit-Csp-Report-Only
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
X-PX
X-B3-Spanid
CacheControlHeader
OT-Force-Account-Verify
X-Action
X-TH-Server
Tcn
X-HS-Status
Test
X-Proxy-Cache-Hk
X-Alfa-Service
True-Client-Country-4JS
Cdn
X-NGINX-Cache
X-CSRF-TOKEN
X-Vcl-Version
X-Cdn-Request-ID
X-Backend-TTL
X-FPC
X-Traceid
X-Varnish-Beresp-Ttl
DT-Hot-News
X-Beluga-Node
X-Beluga-Status
X-Beluga-Record
X-Beluga-Trace
User-Agent
X-Beluga-Response-Time
X-Beluga-Cache-Status
Server-Id
GeoIP-Latitude
Edge-Cache
Geo-Info
X-Check-Cacheable
GeoIP-Country-Code
X-Pass-Why
X-Akamai-Pragma-Client-IP
X-Req
X-Origin-Upstream-Status
MIME-Version
Uri
My-App
Resin-Trace
Server-Ttl
Srvid
Proxy-Connection
X-App
X-Via-PopV
X-Via-PopN
X-Ha-Backend
X-Via-PopH
X-CLOUD-TRACE-CONTEXT
M-TraceId
Sid
X-Thanos
True-Client-Ip
Cf-Int-Pingora-Origin-Digest
X-APP
X-Bip
X-CCDN-Origin-Time
X-Up
ENV
Epwk-X-Cache
X-CCDN-CacheTTL
X-Request-Start
X-Hcs-Proxy-Type
X-ServedByHost
WebServer
X-Cdn-Forward
X-Fastly-Backend-Reqs
X-Backend-Host
X-Edge-POP
X-Geo
X-LB-ID
Warning
X-Esi
X-Provided-By
X-B3-Traceid-Primal
X-LI-UUID
X-LI-Proto
Magicmarker
X-Li-Fabric
XServer
X-Li-Pop
ServerName
X-Lb-Nocache
X-HostName
Fastly-Drupal-HTML
X-ElasticPress-Query
Section-Io-Origin-Status
X-UnsetCookies
Section-Io-Origin-Time-Seconds
Section-Io-Id
Inserted-Into-Cache-At
Canary
X-Vercel-Id
X-Serial
X-Varnish-Beresp-Status
X-CF-Powered-By
X-Nc
X-HITS
X-Vercel-Cache
X-Dw-Trace-Id
X-RAMCache
CF-Cached-On
Section-Origin-Responded
X-Fetch-By
X-Akamai-Request-ID
X-Webkit-CSP-Report-Only
X-Newrelic-App-Data
PICS-Label
X-LiteSpeed-Cache-Control
X-CMSURLCustom
Dt-Hot-News
D-Url-Rewrites
X-ND-Cache
WZWS-RAY
X-Yottaa-OS
X-Request-Url
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Iplb-Instance
X-Iplb-Request-Id
X-Vcache
X-Cc-Via
X-Time-Microsecs
Servedby
Cdn-Edgestorageid
Cdn-Cachedat
Cdn-Cache
Wp-Super-Cache
Cdn-Pullzone
Cdn-Requestcountrycode
X-Air-Pt
Cdn-Uid
Cdn-Requestid
X-UA
X-Snapshot-Date
X-MiniProfiler-Ids
X-LiteSpeed-Tag
Hit
Vha6-Origin
X-Release
Cf-Device-Type
X-BBC-Origin-Response-Status
CountryCode
DataCenter
X-Azure-Ref-OriginShield
X-Dist-Code
X-CUA
Content-Script-Type
Content-Style-Type
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Request-URL
X-Storefront-Renderer-Verified
X-Back
X-Th-Server
X-Wp-Cf-Super-Cache-Cache-Control