Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Akamai-Path-Stats
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
Host-Header
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
X-CST
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Url
X-Ruxit-JS-Agent
X-Country
Accept-Ch
Accept-Ch-Lifetime
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-PC
X-TtlSet
X-Vname
RTSS
X-Varnish-TTL
X-Amz-Server-Side-Encryption
Edge-Control
X-VARITI-CCR
X-FastCGI-Cache
X-Server-Name
X-ESI
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Edge
X-Dw-Request-Base-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Amz-Rid
X-Px
Public-Key-Pins
X-ASPNET-VERSION
X-B3-TraceId
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Ac
X-Powered-By-Plesk
Pagespeed
Verso
X-Middleton-Display
Display
X-Sol
X-Abt-Application-Version
X-RateLimit-Remaining
X-Element-Page-Cache
X-Client-IP
X-Content-Security-Policy-Report-Only
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Ttl
X-Litespeed-Cache
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Middleton-Response
Response
X-Goog-Hash
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
X-Cached
X-Kinsta-Cache
SPRequestGuid
X-SharePointHealthScore
X-Edge-Location-Klb
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Upstream
X-LLID
Edge-Cache-Tag
X-Forwarded-For
X-Correlation-Id
X-TTL
X-NWS-LOG-UUID
Content-MD5
X-Cache-Key
Nginx-Cache
X-Id
X-WebKit-CSP-Report-Only
X-RateLimit-Limit
X-Shield-Request-Id
X-MSEdge-Ref
TCN
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
MRF-Tech
Mrf-Cache-Status
X-T
X-Recruiting
S
X-ECACHE
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Ruxit-Js-Agent
X-Content-Digest
X-Mg-S
X-DataDome
X-Jurisdiction
X-HP-Trace-Id
X-SRCache-Fetch-Status
X-HP-Webp
X-SRCache-Store-Status
X-Ua-Device
TP-L2-Cache
TP-Cache
X-Grace
X-Accel-Expires
X-DynaTrace
X-HS-Combine-CSS
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Request-Received
X-Request-Processing-Time
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
Server-Node
Front-End-Https
X-Yandex-Sdch-Disable
X-Content
X-Ab
X-Ua-Browser
Filters
X-Protected-By
X-PressLabs-Stats
X-Origin-Server
X-Mcache
X-Distributor
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Hits
MS-Author-Via
Fastcgi-Cache
X-Geo-Country
X-LB-Cache
X-Microsite
X-Mid
X-Request-Handler-Origin-Region
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
Charset
Host
Cleartype
X-Webkit-Csp
X-Debug-Info
X-F-Cache
X-Forwarded-Proto
X-Page-Id
X-Fastly-Request-Id
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Git-Hash
Cache-Status
X-Cache-Age
X-Seen-By
Realpath
X-AppVersion
X-Az
X-DIS-Request-ID
X-Activity-Id
Access-Control-Allow-Method
X-Ratelimit-Reset
X-Www-Served-By
Accept-Charset
X-Webkit-CSP
X-Nginx-Upstream-Cache-Status
ServerID
Filterid
X-Server-ID
Permissions-Policy
X-Varnish-Age
Cache-Tags
Pinterest-Generated-By
X-Pinterest-Rid
X-Aspnetmvc-Version
Pinterest-Version
X-Cluster-Name
X-Rid
X-Content-Options
X-FB-Debug
X-Type
Retry-After
X-Varnish-Backend
Server-Name
Country
X-User-Agent
X-Varnish-Grace
X-App-Environment
Viewport
DC
X-Aspnet-Duration-Ms
X-B-Cache
X-Providence-Cookie
X-Drupal-Cache-Tags
X-Flags
X-Wix-Request-Id
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Tb
X-Signature
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
X-B
X-Whom
X-TT
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Language
X-Goog-Metageneration
Node
X-Goog-Generation
X-VCache
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Debug
Fastcgi-Useragent
X-Origin-Cache
X-XRDS-LOCATION
X-Midtier
X-Mobile-URL
Protected
X-NWS-UUID-VERIFY
X-N
X-Amz-Replication-Status
Payment
X-Logged-In
X-Cache-NGX
Amp-Access-Control-Allow-Source-Origin
X-Load-Cache
Surrogate-Key
X-Oracle-Dms-Ecid
WPO-Cache-Status
WPO-Cache-Message
X-Cache-Control
X-Oracle-Dms-Rid
Count-Hit
X-Contextid
X-MCACHE
X-Via-JSL
Alternate-Protocol
Healthy
X-Node-Name
X-ECache
X-Restarts
X-Mobile
X-NGENIX-Cache
X-Erf-Bev-Bev
X-Browser-Type
X-B3-Traceid
X-Erf-Bev-Bev-Is-Generated
X-Proxy
Content-Disposition
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-Original-Request-Id
SD-X-WS
X-Response-Served-From
Refresh
X-Cache-Time
Url
Akamai-GRN
X-Jobs
X-G
X-XRDS-Location
X-Zen-Fury
X-Servername
X-Real-IP
X-UUID
Uber-Trace-Id
X-Akamai-Request-ID2
X-Cache-TTL-Remaining
X-Revision
X-Adobe-Loc
X-Page-View
X-Adobe-Content
X-Drupal-Cache-Contexts
X-Instance
X-Framework
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
X-Cache-Grace
VIX-Pulpo-Node
NGB
X-Debug-IsPreview
X-Debug-IsConnected
X-Device-Type
X-Http-Reason
X-Proxy-Cache-Status
X-Rendered-As
X-Mg-Request-UUID
X-Is-Bot
Access-Control-Request-Headers
X-Varnish-Server
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Template
X-IPLB-Instance
X-Environment-Context
X-L-Path
X-Hostname
X-HTML-Minification-Powered-By
X-EdgeConnect-Cache-Status
Version
X-Source
Frame-Options
MS-CV
X-RTag
Accept-Language
Countrycode
Ms-Operation-Id
Liferay-Portal
Referer-Policy
X-Trace-Id
X-Oneagent-Js-Injection
X-NYM-Debug-Backend
X-Fastly-Request-ID
X-Datadome
X-App-Server
X-Cache-Rule
X-Cache-Hit
X-Cache-Expired-At
X-Ratelimit-Remaining
From-Origin
Cross-Origin-Window-Policy
X-Vgn-Hpd-Reason
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Backend
X-IPS-LoggedIn
X-Nginx-Cache
X-Hosted-By
X-APP-VERSION
X-Unique-Id
X-COUNTRY
X-FW-Version
Content-Secure-Policy
X-ProcessESI
X-RN-RSRV
X-Status
Meta-Geo
X-RemovedCookies
WP-Super-Cache
X-UPSTREAM-Address
Load-Balancing
Upgrade-Insecure-Requests
Section-Io-Cache
CF-IPCountry
X-Ratelimit-Limit
X-Cache-Server
X-OCL
X-PCL
X-Generation-Time
X-No-Session
X-FB-TRIP-ID
X-Ua
Fastly-SSL
X-UA-Device-Type
X-Content-Age
X-LJ-Flow-ID
Property-Id
S-Rt
X-Redis-Cache
X-Sql-Count
Mn-Server-Ip
X-PHP-Backend
X-Origin-Hint
X-Origin-Date
X-Format
X-Be
X-Labrador-Cache-Channel
X-Server-W
X-PHP-Host
X-Region
Apigw-Requestid
X-Cluster-Node
X-Sql-Duration-Ms
Webcakes-App-Name
Webcakes-App-Version
X-VWS-Id
X-Request-Time
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Varnish-Cache-Hits
Webcakes-Region
X-Akamai-Edgescape
X-AOL-HN
X-Via-Fastly
X-Section
X-Access
TWC-GeoIP-Country
TWC-Privacy
TWC-Connection-Speed
X-AWS-Id
X-Cache-Enabled
TWC-Device-Class
X-Mode
X-Generated-By
X-Content-Powered-By
X-Sorting-Hat-PodId
Azure-SlotName
X-Cache-Host
X-ApacheServer
X-Sorting-Hat-ShopId
X-Debug-Cache
X-Locale
X-Human
X-Adobe-Source
X-Cms-Context
Azure-InstanceId
Azure-RegionName
Eomportal-Instance
X-Cache-Tags
Locale
X-BYPASS-REASON
X-Forwarded-Host
Azure-Version
Azure-SiteName
X-ShardId
X-ProxyCache-Status
X-Urbn-Site-Id
X-Shopify-Stage
X-Urbn-Context-Path
X-Platform-Server
X-Storage
X-Uri
X-Say-Cacheable
X-VC-Cache
X-Site-Version
X-Xfnlog-Site
X-SayCDN-TTL
X-Say-TTL
X-PERF
X-ProxyCache-Key
X-Nginx-Cache-Key
X-Alternate-Cache-Key
X-ShopId
X-GeoCode
X-GeoCountry
X-GG-Cache-Date
X-Handled-By
X-Extlb
X-Zipkin-Id
X-SaId
X-ServerID
X-Backend-Name
X-Web-Node
X-Detected-As
X-Hl-Ver
X-Proxied
X-Tid
X-Dc
X-Routing-Service
X-JoinUs
X-Varnishpool
X-Cache-Type
X-Storefront-Renderer-Rendered
X-Edge-Location
X-Proto
X-Timing-Wait
Selected-Fe
Cache-Tv-Group
X-Proxy-Build
ServedBy
Ec-Rule-Version
CDN-CachedAt
CDN-Cache
X-NewRelic-App-Data
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestId
CDN-RequestCountryCode
CDN-Uid
X-CDN-Forward
Fastly-Drupal-Html
Web-Mar-Node
X-Cache-Action
Onion-Location
X-LSADC-Cache
X-GEO
X-App-Version
Webserver
X-IPLB-Request-ID
X-Magnolia-Registration
X-Cached-By
X-Varnish-Hostname
Cache-Hits
SRV
X-Hyper-Cache
X-Parallel-Accel
X-Cluster
X-Cache-Operation
X-Cache-Remote
X-Air-Trace-Id
Mime-Version
X-Envoy-Decorator-Operation
X-Tt-Logid
X-Air-Hostname
X-Air-Source
X-Rewrite-Enabled
X-Fastcgi-Cache
X-Varnish-Hits
X-Soup
SID
X-Rule
X-Cdn
X-Origin-CC
X-Origin-TTL
Xet-Cookie
Xserver
X-Pubstack
X-Accel-Buffering
X-Microcachable
LB
Server-Info
Cache
X-Reqid
DB-Nickname
X-CSRF-Token
X-TA-CDN-Provider
X-SRV
X-MP-GENERATED-AT
Country-Code
Source
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Xrds-Location
X-TT-LOGID
X-Correlation-ID
X-Buckets
Decoy-Debug-Key
Decoy-Debug-TTL
X-Via-NSCOPI
Decoy-Debug-Status
X-Amzn-RequestId
X-Request-Host
X-Tx-Id
X-Amz-Apigw-Id
X-Skip-Cache
X-Origin-Response-Time
X-Endurance-Cache-Level
X-A-Dcw
X-A-Dgt
Odigeo-Trace-Id
X-A-Dam
X-A-Ccd
Sslversion
Rendered-Blocks
Surrogated-Key
T-Server
X-A
Pramga
MD5-Digest
Cdnsip
Cmsid
Cmstype
Cdncip
Candidate-Md5Url
A
BehaviorPad-Version
Cache-Key
DCR-Decision-By
DCR-Processing-Time-Ms
X-A-Wwc
Meta-Geo-Continent
Mobile-Detection-Method
Lang
Host-ID
Expiry
Fastcgi-X-Cache-Version
NM-Fastcgi-Cache
X-CF-Lambda-Version
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-Shop-Environment
X-S-Cookie
X-S
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Rojux
X-SRCache-Key
X-Tenant
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-TIM-N
X-TrackingId
X-User
X-Orig-Expires
X-NAPM-TraceId
X-Cdn-Srv
X-CF-Lambda-Fn
X-Cache-Status-Check
X-Conf
X-Cache-NE
X-BCube-Filmed-By
X-AK-Request-ID
X-Application
X-ARC
X-B-Cookie
X-Connection-Hash
X-D
X-Forwarded-Path
X-Geo-Header
X-Hash
X-Ig-Push-State
X-External-Request-Id
X-Epic-Correlation-Id
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-Aed
X-Destination
DynaTrace
Datacenter
X-Azure-Ref
X-Ms-Request-Id
X-Ms-Version
X-HS-Content-Campaign-Id
Memcached
X-Gzip
X-Gdpr
X-GeoIP
X-Irp-Debug
X-Has-Esi
X-Is-Gdpr
X-Origin
X-Origin-Expires
X-Origin-Time
Environment
X-Nyt-Route
X-Ad-Defer-Variation
X-JWT-State
Kp-EeAlive
Is-Eu
X-Loop
X-Ftr-Request-Id
Platform
X-Cache-Id
X-CacheTTL
X-Newrelic-Synthetics
X-Ckpd-Fst-Backend
X-Cache-Backend
Wxu-Next-Commit
X-Amzn-Remapped-Content-Length
X-Bc-Bl
Wxu-Next-Region
Wxu-Next-Hostname
X-Core-Mission
X-Core-Value
Server-Host
X-DPWN-IS-SECURE
X-Esi-Check
Producers
X-Device-Os
X-Developers
State
X-DefElseHash
X-DefHash
X-Fetched-On
X-NodeID
X-SVT-ORM-VERSION
X-V-Cache
X-Variation
X-SVT-ORM-RULES
Adler-Geo
X-Sigma
X-Sigma-Backend
AKAMAI
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
We-Hiring
X-SplitTest
XM
Mail-Subject
X-Worker
X-Varnish-Remaining-TTL
X-B3-SpanId
X-Wix-Viewer-Type
X-Scheme
X-TNCMS
X-Rocket-Build-Number
X-SB
X-AIR-PT
X-Time
X-Varnish-Beresp-Grace
X-RCS-CacheZone
X-NCache
X-Wikidot-Static-Cache
X-Csrf-Jwt
X-Qloud-Router
X-Datadog-Parent-Id
X-Clara-WADP
X-CGP
X-RateLimit-Limit-Second
X-Datadog-Sampling-Priority
X-Wikidot-Backend
X-VServer
X-Viewer-Country
X-Proxy-Upstream
X-Aicache-OS
X-Datadog-Trace-Id
X-WADP-Cache
Redirect-Candidate
CPC-Age
X-Rebelmouse-Cache-Control
VNS-Cache
VNS-Age
X-Rebelmouse-Surrogate-Control
X-Branch-Name
X-Region-Sid
X-Block-Status
X-Auto-Login
X-Cache-Bucket
CPC-Cache
X-Cdn-Origin
X-Dispatcher-Number
X-Cache-Info
X-Cache-Date
X-RateLimit-Remaining-Second
X-BBC-Edge-Cache-Status
X-Eu-Site
X-Slack-Backend
X-SIPLIST1
X-Rocket-Nginx-Serving-Static
X-Sn-Servicetimems
X-Hnp-Log
X-Planisys-CDN-TTL
X-HN
X-LAGOON
X-Planisys-CDN-Rules
X-Mvc-Supplant-Cachable
X-Node-Id
X-Minions-Version
X-Planisys-CDN-Cache
X-Level-Front-Cache
X-Loc
X-Platform
X-Thinkindot-L3
X-Pool
X-Fastly-Cache
X-Policy
X-Proxy-Cache-Info
X-Served-From
X-VG-TLSProxy
X-VarnishDD-TTL
X-Fmm-Version
X-Forwarded-Site
X-Generated-On
X-GeoIP-City
X-Gen-Mode
X-Request-URI
X-Pod-Name
X-Gamma-Serve
X-Via-Ucdn
X-Ec-Custom-Error
Ha-Gx-Prefs
Gh-Request-Id
Svr
HA-Ipaddr
Ssr
Fastly-SWR
TDXMobile
Release
Thinkindot-Control
Thinkindot-CacheControl
Fastly-GeoIP-CountryCode
Fastly-SIE
IsBot
L
Origin-CC
Origin
Origin-EX
PFcat
Req-Svc-Chain
Server-Ext
Server-Hostname
Sever-Int
L5d-Success-Class
Machine
N-Cache
NGX
Fastcgi-Cache-TTL
Thinkindot-CacheControl-Type
CDCHOST
Web-Mar-Region
Vix-Hermes-Req-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Varnish-Ttl
Apple-News-Services-Handled
V-Age
Apple-News-Services-Request-Url
Cluster
CloudFront-Viewer-Country
Traceparent
User-Cache-Control
Cache-Name
X-Owner
HostName
X-R9-Blue-Green-Version
X-Scale
Fastly-Backend-Name
X-Optimistic-Header
X-WA-Info
X-ZONE
Ohc-File-Size
DSUID
CDN
GEO-INFO
X-WP-CF-Super-Cache-Cache-Control
Pics-Label
X-Httpd
X-Micro-Cache
X-WP-CF-Super-Cache
X-Server-IP
X-Refresh
X-CS
Path
X-Parent-Response-Time
X-EC-Lua
X-VC
X-Srv
X-CACHE-KEY
X-Webstats-RespID
Servername
Ngx.Var.Host
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-LB-NoCache
X-From
Cache-Host
X-Ah-Environment
X-NC
X-Edge-Pop
Ms-Author-Via
X-TIME
Lb
X-Varnish-Authentication
X-Servedbyhost
X-Location
X-Mvc-Supplant-OutputCached
Env
X-RateLimit-Reset
XkeyRZ
X-Tb-Optimization-Total-Bytes-Saved
X-Udemy-Cache-App-Namespace
X-Varnish-Beresp-TTL
X-Proxy-CacheRZ
X-Generated-In
Locid
Arc-Country
X-Clientip
X-Men
X-Response-By
X-TraceId
X-Via-Popv
X-API-Version
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popn
X-Via-Poph
Ohc-Cache-HIT
Time
ITXSESSIONID
X-S-Maxage
Memory
X-Old-Content-Length
GeoIp-Country-Code
X-Vc
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
X-RPS
X-Accel-Expires-Debug
X-RSL
Client
X-Cs
True-Client-IP
X-RPM
X-DI
X-DB
X-Date
X-DSS
X-HA-Backend
X-DW
X-VCL-Version
X-Dmc
Geoip-Latitude
X-VHOST
X-TRACE-ID
Hostname
X-MSEdge-Flight
X-Tec-Api-Root
X-Trace-ID
X-Render-Time
X-MSEdge-Features
X-Tec-Api-Origin
Server-ID
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Tec-Api-Version
X-Zone
X-URL
X-DynaTrace-JS-Agent
X-Fpc
X-INCAP-ABP
X-Api-Version
X-Cache-Debug
X-Presslabs-Stats
X-FireWall-Port
FSS-Cache
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
C-Via
X-Gateway-Cache-Key
X-DC
Rip
X-Gateway-Cache-Status
X-Service
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-M-Reqid
X-B3-Spanid
Tube-Get-Contents
X-Webkit-Csp-Report-Only
Powered-By
HIT
Tube-Return
X-M-Log
Tube-Got-Results
CacheControlHeader
Click-Count-Error
Click-Count-Action-Start
X-Qnm-Cache
Tube-Got-Eval
NtCoent-Length
X-TX-ID
X-TH-Server
Esi-Enabled
X-Action
On-Server
X-PX
True-Client-Country-4JS
Tcn
X-Backend-TTL
X-Traceid
X-Alfa-Service
Test
X-FPC
X-HS-Status
X-NGINX-Cache
X-Check-Cacheable
Server-Id
X-Cdn-Request-ID
OT-Force-Account-Verify
X-CSRF-TOKEN
Edge-Cache
X-Pass-Why
Cdn
X-Edge-Origin-Shield-Region
X-Beluga-Response-Time
X-Beluga-Node
X-Beluga-Record
X-Beluga-Cache-Status
X-Edge-Origin-Shield-Bytes
X-Proxy-Cache-Hk
X-Beluga-Trace
X-Req
Geo-Info
X-Vcl-Version
Srv
User-Agent
X-Beluga-Status
X-Origin-Upstream-Status
X-Akamai-Pragma-Client-IP
GeoIP-Country-Code
GeoIP-Latitude
X-Via-PopV
X-Via-PopN
My-App
Sid
X-Via-PopH
Uri
Proxy-Connection
Resin-Trace
Cf-Int-Pingora-Origin-Digest
X-Ha-Backend
Srvid
WebServer
X-CLOUD-TRACE-CONTEXT
MIME-Version
X-APP
X-App
X-Up
M-TraceId
X-Webkit-CSP-Report-Only
X-LB-ID
X-Varnish-Beresp-Ttl
Epwk-X-Cache
DT-Hot-News
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Server-Ttl
X-Provided-By
X-ServedByHost
X-Cdn-Forward
X-Thanos
X-Fastly-Backend-Reqs
ENV
X-Bip
X-Backend-Host
X-Li-Fabric
X-LI-Proto
X-Li-Pop
X-LI-UUID
X-Newrelic-App-Data
X-Esi
Warning
X-B3-Traceid-Primal
XServer
ServerName
True-Client-Ip
X-Geo
X-Vercel-Id
X-Vercel-Cache
X-Lb-Nocache
X-RAMCache
X-Request-Start
X-Nc
X-Fetch-By
X-Edge-POP
X-UnsetCookies
Dt-Hot-News
X-HostName
PICS-Label
Section-Origin-Responded
X-Akamai-Request-ID
X-CF-Powered-By
X-ND-Cache
X-Dw-Trace-Id
WZWS-RAY
X-Yottaa-OS
Section-Io-Id
Section-Io-Origin-Status
X-Serial
X-Time-Microsecs
X-HITS
Section-Io-Origin-Time-Seconds
CF-Cached-On
X-ElasticPress-Query
X-Request-Url
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
DataCenter
X-Vcache
X-Iplb-Request-Id
Cf-Device-Type
X-Snapshot-Date
Magicmarker
Inserted-Into-Cache-At
X-IN-APIGATEWAYSSL
D-Url-Rewrites
X-Iplb-Instance
X-IN-APIGATEWAY
X-CUA
X-Cc-Via
Servedby
Cdn-Uid
Cdn-Requestid
Cdn-Pullzone
Cdn-Cache
Cdn-Edgestorageid
Cdn-Requestcountrycode
Wp-Super-Cache
Cdn-Cachedat
X-Varnish-Beresp-Status
X-MiniProfiler-Ids
X-Wp-Cf-Super-Cache-Cache-Control
Vha6-Origin
X-LiteSpeed-Tag
X-Fastly-Backend
Content-Script-Type
CountryCode
Content-Style-Type
X-Back
X-Th-Server
X-Sucuri-Cache
X-Sucuri-ID
X-BBC-Origin-Response-Status
X-Dist-Code
X-Azure-Ref-OriginShield
X-Var-Ttl
X-Platform-Router
X-Platform-Processor
Tracecode
X-ATG-Version
Target-Params
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Release
X-Request-URL
X-Platform-Cluster
X-Storefront-Renderer-Verified
X-Fragments
X-FC-Vary-Parameters
X-Wp-Cf-Super-Cache