Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
P3p
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-Akamai-Path-Stats
X-Dns-Prefetch-Control
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Readtime
Cf-Edge-Cache
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Accept-Ch-Lifetime
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-Server-Name
Accept-Ch
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-ESI
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-B3-TraceId
X-Dw-Request-Base-Id
X-Amz-Rid
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Use-Magma
Public-Key-Pins
X-Px
X-Cnection
X-RateLimit-Remaining
X-D2id
X-Ac
X-Element-Page-Cache
X-Navigation-Version
X-Edge
Verso
X-FastCGI-Cache
X-Client-IP
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Abt-Application-Version
X-Powered-By-Plesk
X-Ser
X-Cache-TTL
X-Version
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
X-Ttl
SPIisLatency
SPRequestDuration
X-Correlation-Id
X-Kinsta-Cache
X-Content-Security-Policy-Report-Only
X-Edge-Location-Klb
AR-Request-ID
X-Cached
AR-ATIME
AR-SID
AR-PoweredBy
AR-CACHE
X-Ruxit-Js-Agent
X-Upstream
X-SharePointHealthScore
SPRequestGuid
X-TTL
X-RateLimit-Limit
X-Powered-CMS
X-LLID
X-Webkit-Csp
Edge-Cache-Tag
X-NWS-LOG-UUID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Nginx-Cache
X-Cache-Key
X-Forwarded-For
X-Litespeed-Cache
Content-MD5
X-Id
X-MSEdge-Ref
MRF-Tech
Mrf-Cache-Status
X-Shield-Request-Id
TCN
X-B3-TraceId-Primal
X-T
X-Daa-Tunnel
X-Recruiting
S
X-Content-Digest
MS-Author-Via
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Mg-S
X-Ua-Device
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-DataDome
X-Accel-Expires
X-Protected-By
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Ua-Browser
X-Ab
X-Frontend
X-Content
X-Grace
X-Request-Processing-Time
X-Request-Received
Front-End-Https
Server-Node
X-ECACHE
Filters
X-Yandex-Sdch-Disable
X-WebKit-CSP-Report-Only
X-PressLabs-Stats
TP-L2-Cache
TP-Cache
X-Origin-Server
X-Server-ID
X-Mid
X-ORACLE-DMS-ECID
X-DynaTrace
Fastcgi-Cache
X-Hits
X-Distributor
X-ORACLE-DMS-RID
X-Geo-Country
X-Request-Handler-Origin-Region
X-Microsite
X-Ratelimit-Reset
X-Amzn-Trace-Id
X-Debug-Info
Cleartype
X-Tt-Trace-Tag
X-Tt-Trace-Host
Charset
X-LB-Cache
Host
X-Page-Id
X-Git-Hash
X-F-Cache
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-DIS-Request-ID
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Www-Served-By
X-Cache-Age
Access-Control-Allow-Method
X-Seen-By
ServerID
Cache-Status
Realpath
X-Az
X-AppVersion
X-Activity-Id
Accept-Charset
Cache-Tags
X-XRDS-LOCATION
X-Cluster-Name
X-Varnish-Age
Filterid
X-MCACHE
X-Aspnetmvc-Version
X-Language
X-Rid
X-Fastly-Request-Id
X-Nginx-Upstream-Cache-Status
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Options
X-Type
X-App-Environment
Server-Name
Retry-After
Country
X-Varnish-Grace
X-Upgrade-Enabled
Viewport
Node
X-FB-Debug
X-Tb
X-Wix-Request-Id
X-Signature
X-Whom
X-Route-Name
X-User-Agent
X-Flags
X-Drupal-Cache-Tags
X-Aspnet-Duration-Ms
Paypal-Debug-Id
DC
X-Providence-Cookie
X-B-Cache
X-Request-Guid
X-Is-Crawler
X-Origin-Cache
X-Mobile-URL
X-Varnish-Backend
X-Goog-Stored-Content-Encoding
X-Oracle-Dms-Ecid
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-TT
X-VCache
Fastcgi-Useragent
X-NWS-UUID-VERIFY
X-Oracle-Dms-Rid
Protected
X-B
X-Mcache
X-Via-JSL
WPO-Cache-Status
X-N
WPO-Cache-Message
X-Debug
X-Logged-In
X-Amz-Replication-Status
Payment
X-Cache-NGX
X-Contextid
Permissions-Policy
X-Load-Cache
X-Amz-Meta-S3cmd-Attrs
Surrogate-Key
X-Cache-Control
X-Template
X-Node-Name
Count-Hit
X-Trace-Id
X-FW-Serve
X-FW-Dynamic
X-FW-Server
X-FW-Static
X-FW-Type
X-ECache
X-FW-Hash
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
Amp-Access-Control-Allow-Source-Origin
X-Erf-Bev-Bev
X-Fastly-Request-ID
Healthy
X-B3-Traceid
X-Response-Served-From
X-Original-Request-Id
X-Mobile
SD-X-WS
Content-Disposition
Akamai-GRN
Refresh
X-Proxy
X-XRDS-Location
X-Jobs
X-Is-Bot
X-Real-IP
X-Akamai-Request-ID2
X-Cache-Time
X-Revision
X-Rendered-As
X-Zen-Fury
X-UUID
X-G
X-Hostname
X-Framework
X-Fastcgi-Cache
X-Cacheable-TTL
X-Http-Reason
X-Cache-TTL-Remaining
Alternate-Protocol
X-Page-View
Uber-Trace-Id
VIX-Pulpo-Node
X-Adobe-Loc
X-Drupal-Cache-Contexts
X-Device-Type
VIX-Pulpo-Upstream-Status
NGB
X-Adobe-Content
X-Instance
X-Proxy-Cache-Status
Url
X-Debug-IsPreview
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Debug-IsConnected
Access-Control-Request-Headers
X-IPLB-Instance
X-Servername
X-Cache-Grace
X-Restarts
X-NGENIX-Cache
X-Varnish-Server
Version
X-Mg-Request-UUID
X-Source
X-Environment-Context
X-L-Path
Accept-Language
X-EdgeConnect-Cache-Status
X-Cache-Rule
X-Cache-Hit
Countrycode
X-HTML-Minification-Powered-By
From-Origin
MS-CV
Ms-Operation-Id
X-Vgn-Hpd-Reason
X-Oneagent-Js-Injection
X-RTag
X-Cache-Expired-At
Frame-Options
Referer-Policy
Liferay-Portal
X-Datadome
X-App-Server
X-Parallel-Accel
X-NYM-Debug-Backend
X-Midtier
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-FW-Version
Backend
X-Nginx-Cache
X-IPS-LoggedIn
X-APP-VERSION
Content-Secure-Policy
X-COUNTRY
X-Hosted-By
Meta-Geo
Upgrade-Insecure-Requests
X-ProcessESI
X-UPSTREAM-Address
X-Redis-Cache
X-Cache-Server
X-RN-RSRV
X-RemovedCookies
Section-Io-Cache
X-Detected-As
X-Content-Age
X-OCL
X-Ua
X-Cache-Action
CF-IPCountry
X-Generation-Time
X-Unique-Id
X-No-Session
X-PCL
Azure-SlotName
Azure-RegionName
Azure-SiteName
Apigw-Requestid
Azure-InstanceId
Mn-Server-Ip
TWC-GeoIP-Country
X-Format
X-FB-TRIP-ID
X-Varnish-Cache-Hits
X-Sql-Count
X-PHP-Backend
X-Sql-Duration-Ms
X-Be
X-Uri
X-Cluster-Node
TWC-Locale-Group
X-Server-W
X-Cache-Enabled
X-Access
X-Urbn-Site-Id
TWC-GeoIP-LatLong
X-Site-Version
X-Via-Fastly
X-Origin-Hint
Property-Id
S-Rt
Webcakes-Region
Webcakes-App-Version
Locale
Cache-Tv-Group
Fastly-SSL
X-Section
X-Request-Time
X-Human
X-UA-Device-Type
TWC-Device-Class
X-Urbn-Context-Path
X-Region
Webcakes-App-Name
TWC-Privacy
Azure-Version
TWC-Connection-Speed
X-Mode
X-Debug-Cache
X-Content-Powered-By
X-Cache-Host
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Ec-Rule-Version
X-ShardId
X-ShopId
X-Shopify-Stage
X-BYPASS-REASON
X-ApacheServer
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
Eomportal-Instance
CDN-PullZone
CDN-EdgeStorageId
X-AOL-HN
X-Akamai-Edgescape
CDN-Cache
CDN-CachedAt
X-Alternate-Cache-Key
X-Generated-By
X-Storage
X-ProxyCache-Status
X-Say-Cacheable
X-Status
X-SayCDN-TTL
X-Say-TTL
X-ProxyCache-Key
X-Xfnlog-Site
X-Origin-Date
X-PERF
X-Nginx-Cache-Key
X-Locale
X-NewRelic-App-Data
X-Tid
X-ServerID
X-Adobe-Source
X-Web-Node
X-Varnishpool
X-Zipkin-Id
X-SaId
X-Proxied
X-Platform-Server
X-Forwarded-Host
X-JoinUs
X-Extlb
X-Routing-Service
X-Hl-Ver
X-Cache-Tags
X-Cache-Type
X-Backend-Name
X-Handled-By
WP-Super-Cache
X-Labrador-Cache-Channel
X-PHP-Host
X-LJ-Flow-ID
X-Hyper-Cache
X-AWS-Id
X-VWS-Id
Selected-Fe
X-Ratelimit-Remaining
X-Timing-Wait
X-Proxy-Build
X-Dc
X-GG-Cache-Date
ServedBy
X-Cms-Context
X-Webkit-CSP
X-VC-Cache
X-Storefront-Renderer-Rendered
X-Edge-Location
X-Rule
X-TT-LOGID
X-Cache-Operation
X-LSADC-Cache
X-Proto
SRV
X-CDN-Forward
Load-Balancing
Web-Mar-Node
X-Cached-By
SID
Mime-Version
X-Accel-Buffering
X-Rewrite-Enabled
Fastly-Drupal-Html
Webserver
Onion-Location
X-TA-CDN-Provider
X-Soup
X-Cache-Remote
X-GeoCountry
X-App-Version
X-GeoCode
X-Varnish-Hostname
X-GEO
Xserver
X-Pubstack
Cache-Hits
X-Reqid
X-Cdn
Country-Code
X-Cluster
X-Origin-TTL
X-Origin-CC
X-Buckets
X-Microcachable
X-Varnish-Hits
Decoy-Debug-TTL
X-Envoy-Decorator-Operation
X-Request-Host
Decoy-Debug-Status
Decoy-Debug-Key
X-SRV
X-Ratelimit-Limit
X-MP-GENERATED-AT
Server-Info
X-CSRF-Token
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Xet-Cookie
X-Magnolia-Registration
X-Air-Hostname
X-Air-Trace-Id
X-Ms-Request-Id
X-Air-Source
X-Ms-Version
DB-Nickname
LB
X-Amzn-RequestId
X-Amz-Apigw-Id
X-IPLB-Request-ID
Cache
X-Endurance-Cache-Level
X-Time
X-NCache
X-RCS-CacheZone
X-Rojux
X-Orig-Expires
Cdnsip
X-Ec-GeoHdr
X-S
X-Ec-Fail
DCR-Decision-By
X-PAYTM-SRV-ID
X-S-Cookie
Expiry
DCR-Processing-Time-Ms
X-Processor
Cmsid
Cmstype
X-Developer
X-Esi-Check
X-ScT
BehaviorPad-Version
X-Gzip
A
X-HS-Content-Campaign-Id
Source
X-Hash
X-Geo-Header
X-Ftr-Request-Id
X-Epic-Correlation-Id
X-Ig-Push-State
X-PBS-Appsvrname
X-External-Request-Id
Cdncip
X-Forwarded-Path
X-NAPM-TraceId
Lang
X-A-Wwc
X-Aed
X-AK-Request-ID
X-Session-Fingerprint
X-CF-Lambda-Fn
X-A-Dgt
X-CF-Lambda-Version
X-Vdms-Version
X-Vdms-Path
X-A-Dam
X-User
X-Cdn-Srv
X-Cache-Bucket
X-Cache-Id
X-Cache-NE
X-SRCache-Key
X-B-Cookie
X-Tenant
X-TrackingId
X-Application
X-TIM-N
X-ARC
X-VG-WebCache
X-A-Ccd
X-D
Meta-Geo-Continent
Mobile-Detection-Method
NM-Fastcgi-Cache
MD5-Digest
X-Shop-Environment
X-SD-PageType
Fastcgi-X-Cache-Version
Xc-Version
Host-ID
Odigeo-Trace-Id
Pramga
T-Server
X-Conf
X-Vtex-Processado-Em
X-A
Surrogated-Key
X-Vtex-Remote-Cache
Rendered-Blocks
Sslversion
X-Connection-Hash
X-Destination
X-A-Dcw
X-Bc-Bl
CDN
X-B3-SpanId
X-Tx-Id
X-Newrelic-Synthetics
X-Varnish-Beresp-Grace
X-Amzn-Remapped-Content-Length
X-SB
X-R9-Blue-Green-Version
X-Server-IP
X-Scheme
Mail-Subject
X-Block-Status
X-CacheTTL
X-Ckpd-Fst-Backend
X-Cache-Info
X-Rocket-Build-Number
X-Cache-Backend
X-Sigma
X-Sigma-Backend
X-V-Cache
User-Cache-Control
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Server-Host
State
Web-Mar-Region
Memcached
Wxu-Next-Region
X-Slack-Backend
X-Clara-WADP
Wxu-Next-Hostname
Wxu-Next-Commit
X-TNCMS
X-Core-Value
X-Irp-Debug
X-Is-Gdpr
X-Hnp-Log
X-Has-Esi
X-Origin-Time
X-Origin-Response-Time
X-JWT-State
X-LAGOON
X-Loop
X-Mvc-Supplant-Cachable
X-Node-Id
X-NodeID
X-Origin
X-Nyt-Route
X-Gen-Mode
X-Gdpr
X-Ec-Custom-Error
Cache-Name
X-Dispatcher-Number
X-Device-Os
Machine
X-Developers
X-Fastly-Cache
X-Fetched-On
X-Planisys-CDN-Cache
DynaTrace
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Fmm-Version
X-Core-Mission
We-Hiring
X-Wix-Viewer-Type
X-Worker
AKAMAI
X-WADP-Cache
Fastly-GeoIP-CountryCode
Environment
X-Via-Ucdn
X-Azure-Ref
X-Varnish-Ttl
HostName
X-ZONE
X-Via-NSCOPI
X-Cache-Date
HA-Ipaddr
X-Branch-Name
X-Request-URI
X-Viewer-Country
Apple-News-Services-Parsed-Url
X-Region-Sid
Apple-News-Services-Request-Url
X-Skip-Cache
X-VServer
X-CGP
X-Served-From
X-Webstats-RespID
Vix-Hermes-Req-Id
Cluster
X-BBC-Edge-Cache-Status
X-Auto-Login
CDCHOST
CloudFront-Viewer-Country
X-RateLimit-Remaining-Second
X-Forwarded-Site
X-From
X-Platform
X-Pod-Name
X-Policy
X-Gamma-Serve
X-Generated-On
X-Level-Front-Cache
X-Minions-Version
X-HN
X-Origin-Expires
X-GeoIP
X-Pool
X-Eu-Site
Adler-Geo
X-Csrf-Jwt
X-RateLimit-Limit-Second
V-Age
Apple-News-Services-Handled
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Proxy-Upstream
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-Datadog-Trace-Id
Apple-News-Services-Host
X-Rocket-Nginx-Serving-Static
Origin
X-Thinkindot-L3
Server-Hostname
Origin-CC
N-Cache
X-Varnish-CookieINHashed-On
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
Sever-Int
Server-Ext
Origin-EX
Platform
X-Variation
Producers
Redirect-Candidate
Release
X-Varnish-CookieHashed-On
Req-Svc-Chain
PFcat
Svr
Ssr
Gh-Request-Id
Thinkindot-CacheControl-Type
L
Fastcgi-Cache-TTL
Thinkindot-Control
Kp-EeAlive
Thinkindot-CacheControl
Traceparent
X-VG-TLSProxy
L5d-Success-Class
Is-Eu
Ha-Gx-Prefs
TDXMobile
X-Optimistic-Header
X-Location
X-Loc
IsBot
X-Owner
X-Sn-Servicetimems
X-Rebelmouse-Cache-Control
NGX
X-GeoIP-City
X-Qloud-Router
X-Httpd
X-Proxy-Cache-Info
X-SIPLIST1
X-Tec-Api-Root
X-Aicache-OS
X-Tec-Api-Version
X-Tec-Api-Origin
X-Scale
Fastly-SIE
DSUID
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Cdn-Origin
X-Tt-Logid
AMP-Access-Control-Allow-Source-Origin
Ohc-File-Size
X-WP-CF-Super-Cache
X-Refresh
Cache-Key
Pics-Label
Datacenter
X-NC
X-WP-CF-Super-Cache-Cache-Control
X-BCube-Filmed-By
X-Wikidot-Static-Cache
X-Wikidot-Backend
Candidate-Md5Url
X-Contensis-Viewer-Groups
X-VC
X-Ad-Defer-Variation
X-Parent-Response-Time
X-Cache-ASPX
Locid
XM
X-SplitTest
X-Men
X-CS
Arc-Country
X-Srv
VNS-Cache
GEO-INFO
X-Cache-Status-Check
CPC-Cache
VNS-Age
CPC-Age
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-KEY
X-TraceId
X-LB-NoCache
X-Old-Content-Length
X-Varnish-Authentication
X-EC-Lua
X-WA-Info
X-Edge-Pop
Fastly-Backend-Name
X-Response-By
X-Ah-Environment
Env
Servername
X-TIME
Ms-Author-Via
Lb
X-RSL
X-RPS
X-RPM
X-Micro-Cache
X-DB
X-DSS
X-DI
X-DW
X-Udemy-Cache-App-Namespace
X-Date
X-Amz-Meta-Cb-Modifiedtime
X-AIR-PT
X-Accel-Expires-Debug
GeoIp-Country-Code
X-Mvc-Supplant-OutputCached
Time
Memory
X-Akamai-Transformed
X-Xrds-Location
Path
X-Via-Popn
X-Via-Popv
X-Via-Poph
X-Servedbyhost
X-GeoIP-Region-Code
X-Generated-In
X-GeoIP-Country-Code
ITXSESSIONID
X-HA-Backend
Ngx.Var.Host
FSS-Cache
Geoip-Latitude
X-S-Maxage
X-Cache-Debug
X-Api-Version
Cache-Host
Ohc-Cache-HIT
X-RateLimit-Reset
X-Vc
X-Cs
True-Client-IP
Client
X-VCL-Version
X-API-Version
X-Varnish-Beresp-TTL
Fusion-Component-Id
Fusion-Content-Id
X-Proxy-CacheRZ
XkeyRZ
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
CacheControlHeader
X-Clientip
X-VHOST
X-TH-Server
X-DC
Geo-Info
True-Client-Country-4JS
X-Action
X-Trace-ID
Server-ID
X-Correlation-ID
X-Backend-TTL
X-FireWall-Port
Hostname
X-Presslabs-Stats
X-Zone
X-TX-ID
X-B3-Spanid
NtCoent-Length
Powered-By
X-Webkit-Csp-Report-Only
Edge-Cache
X-Fpc
X-Dmc
X-Req
X-Pass-Why
X-FPC
My-App
X-PX
X-MSEdge-Features
X-MSEdge-Flight
X-Render-Time
Tcn
X-INCAP-ABP
X-Traceid
X-Provided-By
X-DynaTrace-JS-Agent
Test
X-Origin-Upstream-Status
X-NGINX-Cache
X-Up
X-Cdn-Request-ID
X-CSRF-TOKEN
X-Gateway-Request-Id
X-Gateway-Cache-Key
Rip
X-Service
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
C-Via
Server-Id
X-M-Reqid
X-Varnish-Beresp-Ttl
Cf-Int-Pingora-Origin-Digest
X-Webkit-CSP-Report-Only
Click-Count-Error
X-Qnm-Cache
X-M-Log
X-Beluga-Record
User-Agent
X-LB-ID
HIT
Esi-Enabled
Tube-Return
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-HS-Status
X-Beluga-Node
Click-Count-Action-Start
X-Beluga-Status
X-Vcl-Version
Tube-Got-Eval
X-Beluga-Trace
Tube-Got-Results
OT-Force-Account-Verify
Tube-Get-Contents
X-Via-PopV
X-Ha-Backend
Proxy-Connection
X-Via-PopN
X-Alfa-Service
On-Server
X-Via-PopH
DataCenter
X-UnsetCookies
X-LI-UUID
X-Li-Pop
Srvid
Uri
X-Li-Fabric
X-URL
Resin-Trace
X-CLOUD-TRACE-CONTEXT
X-Dynatrace
WebServer
X-Geo
GeoIP-Country-Code
X-Time-Microsecs
X-APP
Sid
X-ServedByHost
X-ND-Cache
WZWS-RAY
X-RAMCache
GeoIP-Latitude
MIME-Version
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Proxy-Cache-Hk
Epwk-X-Cache
X-CUA
X-Fetch-By
X-LI-Proto
X-Hcs-Proxy-Type
Srv
X-TRACE-ID
Fastly-Drupal-HTML
X-Cdn-Forward
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Fragments
X-Backend-Host
ENV
Target-Params
X-ATG-Version
X-Edge-Origin-Shield-Bytes
Cf-Device-Type
Tracecode
X-Fastly-Backend-Reqs
Cdn
Warning
X-Edge-Origin-Shield-Region
X-Esi
XServer
X-Sucuri-ID
X-Edge-POP
X-Lb-Nocache
X-Sucuri-Cache
ServerName
X-FC-Vary-Parameters
X-Fastly-Backend
X-B3-Traceid-Primal
Lfy
X-Var-Ttl
X-App
Server-Ttl
M-TraceId
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MG-S
X-HostName
Dt-Hot-News
X-Azure-Ref-OriginShield
Section-Io-Origin-Status
Inserted-Into-Cache-At
Section-Io-Origin-Time-Seconds
X-Newrelic-App-Data
X-Yottaa-OS
X-Cache-Expires
Section-Io-Id
X-Varnish-Beresp-Status
CF-Cached-On
Wp-Super-Cache
PICS-Label
X-ElasticPress-Query
Section-Origin-Responded
D-Url-Rewrites
X-Request-URL
X-Li-Proto
X-Iplb-Request-Id
X-CF-Powered-By
X-LiteSpeed-Cache-Control
X-Nc
X-Vcache
Cf-Ipcountry
Magicmarker
X-Backend-State
X-NU-AKA-ACS-Version
X-Request-Url
X-Iplb-Instance
X-Dw-Trace-Id
X-Serial
Servedby
X-Acquia-Purge-Tags
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
X-Acquia-Site
X-Wp-Cf-Super-Cache
X-Acquia-Application-Trace
X-Vercel-Id
X-Vercel-Cache
X-Storefront-Renderer-Verified
X-Th-Server
X-Acquia-Application-UUID
X-Litespeed-Cache-Control
Ngx
X-Snapshot-Date
X-Release
X-BBC-Origin-Response-Status
Cneonction
CountryCode
X-Dist-Code
X-Back
Content-Style-Type
Content-Script-Type
Fastcgi-Cache-Ttl