Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Backend
X-UA-Device
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
X-LiteSpeed-Cache
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
Content-Location
X-Ruxit-JS-Agent
Rating
X-B3-TraceId
Accept-Ch-Lifetime
X-Country
Accept-CH-Lifetime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
Allow
X-TtlSet
X-PC
X-Vname
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-FastCGI-Cache
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-Language
X-MS-InvokeApp
X-Upstream
X-GitHub-Request-Id
MS-Author-Via
X-Amz-Rid
Public-Key-Pins
X-Vcap-Request-Id
X-Aws-Lambda-Call-Status
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Template
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Origin-Cache
X-Px
Arr-Disable-Session-Affinity
X-Country-Code
RTSS
Access-Control-Request-Method
X-Navigation-Version
X-Goog-Hash
X-Powered-By-Plesk
X-NF-Request-ID
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Accept-Ch
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Powered-CMS
X-Version
Display
Pagespeed
X-Sol
X-Middleton-Display
AR-ATIME
AR-CACHE
AR-Request-ID
AR-SID
AR-PoweredBy
X-Amz-Server-Side-Encryption
Response
X-Middleton-Response
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-MSEdge-Ref
X-LLID
X-Edge-Location-Klb
X-Edge
X-Kinsta-Cache
Nginx-Cache
MRF-Tech
X-B3-TraceId-Primal
X-TTL
Mrf-Cache-Status
X-RateLimit-Remaining
X-Protected-By
X-Shield-Request-Id
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
TCN
X-T
X-Buckets
S
X-Forwarded-For
X-Content-Security-Policy-Report-Only
Content-MD5
X-Mg-S
X-Id
X-Aspnetmvc-Version
X-Mid
Edge-Cache-Tag
Realpath
Fastcgi-Cache
X-CST
SPIisLatency
SPRequestDuration
Front-End-Https
X-MCACHE
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Pinterest-Generated-By
X-Pinterest-Rid
Filters
X-Ttl
Pinterest-Version
Server-Node
X-Content
X-Ua-Browser
X-Ab
X-Correlation-Id
X-DynaTrace
Server-Name
X-ECACHE
X-Frontend
X-Parallel-Accel
X-NWS-LOG-UUID
X-SharePointHealthScore
X-Ruxit-Js-Agent
SPRequestGuid
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-Ezoic-Cdn
Fusion-Content-Id
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
Alternate-Protocol
X-Hits
X-Ser
X-Cache-Key
X-Content-Options
MicrosoftSharePointTeamServices
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
X-Page-Id
Cleartype
X-B3-Sampled
Host
X-Git-Hash
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Fastly-Request-Id
Charset
X-Www-Served-By
X-Accel-Expires
X-Daa-Tunnel
X-Geo-Country
X-DIS-Request-ID
X-Content-Digest
X-Amz-Replication-Status
X-Amzn-Trace-Id
Filterid
X-Debug-Info
X-Varnish-Age
TP-Cache
X-Az
X-Activity-Id
X-Hostname
TP-L2-Cache
X-Forwarded-Proto
X-AppVersion
X-FB-Debug
X-VCache
X-Upgrade-Enabled
X-Rid
X-Origin-Server
X-Grace
Access-Control-Allow-Method
X-N
X-XRDS-LOCATION
X-Ratelimit-Limit
Cross-Origin-Opener-Policy
X-Nginx-Upstream-Cache-Status
X-LB-Cache
X-WebKit-CSP-Report-Only
X-F-Cache
ServerID
X-Mobile-URL
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Route-Name
X-Request-Guid
X-GUploader-UploadID
X-Goog-Metageneration
X-Whom
X-TT
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Tb
Viewport
X-App-Environment
X-Varnish-Grace
X-App-Server
X-Distributor
X-Origin-Upstream-Status
Node
Payment
X-FW-Hash
DC
X-Seen-By
Paypal-Debug-Id
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-FW-Type
X-FW-Serve
X-Server-ID
X-Type
X-NGENIX-Cache
X-User-Agent
Fastcgi-Useragent
X-Cache-Control
Country
Accept-Charset
X-Logged-In
X-Microsite
X-Request-Handler-Origin-Region
X-Wix-Request-Id
X-Cache-Rule
X-Cache-Age
X-Litespeed-Cache
Version
X-Via-JSL
X-Webkit-CSP
X-DataDome
X-Varnish-Backend
Referer-Policy
X-Browser-Type
X-Drupal-Cache-Tags
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Load-Cache
Refresh
X-Cluster-Name
X-Node-Name
X-Signature
X-Contextid
X-B-Cache
X-Cache-Action
X-Mobile
SD-X-WS
Cache-Status
X-Tec-Api-Root
X-Response-Served-From
Access-Control-Request-Headers
X-Tec-Api-Version
X-Original-Request-Id
X-Tec-Api-Origin
Amp-Access-Control-Allow-Source-Origin
X-Is-Bot
X-Real-IP
X-Page-View
X-IPLB-Instance
X-Jobs
X-Proxy-Cache-Status
X-Rendered-As
X-Vgn-Hpd-Reason
X-Cache-Expired-At
X-Cacheable-TTL
X-ProcessESI
NGB
X-RemovedCookies
X-B
X-UUID
X-Debug
VIX-Pulpo-Node
X-Revision
VIX-Pulpo-Upstream-Status
X-Rule
X-Yottaa-Metrics
X-Proxy
X-Device-Type
X-Instance
X-Yottaa-Optimizations
X-Fastly-Request-ID
Akamai-GRN
X-Framework
X-G
Surrogate-Key
X-Drupal-Cache-Contexts
X-Cache-Time
X-Debug-IsPreview
X-Debug-IsConnected
CF-IPCountry
X-Fastcgi-Cache
X-FW-Version
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
DynaTrace
SID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ratelimit-Reset
Liferay-Portal
X-Azure-Ref
X-PressLabs-Stats
Healthy
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Presslabs-Stats
X-Ms-Request-Id
X-Ua-Device
X-Source
GEO-INFO
Frame-Options
X-Ms-Version
Count-Hit
X-CDN-Forward
Ms-Operation-Id
X-Cache-Operation
MS-CV
X-Oneagent-Js-Injection
X-RTag
X-Nginx-Cache
Uber-Trace-Id
X-Accel-Buffering
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Environment-Context
X-L-Path
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Xserver
Countrycode
X-Cache-Hit
X-XRDS-Location
X-Varnish-Server
X-Zen-Fury
X-Mode
X-Backend-Name
Ec-Rule-Version
X-Servername
X-Region
Cross-Origin-Window-Policy
X-Forwarded-Host
Backend
X-Cache-NGX
X-IPS-LoggedIn
X-Content-Powered-By
Section-Io-Cache
X-RN-RSRV
X-Detected-As
Meta-Geo
X-Cache-Type
Protected
X-SaId
X-Cache-TTL-Remaining
X-UPSTREAM-Address
X-JoinUs
X-Varnish-Beresp-Grace
X-Sorting-Hat-ShopId
X-Uri
X-ShardId
X-Cache-Server
X-ShopId
X-Sorting-Hat-PodId
X-Human
X-Rewrite-Enabled
X-Zipkin-Id
X-Alternate-Cache-Key
X-Debug-Cache
X-Tid
Decoy-Debug-Status
Decoy-Debug-TTL
X-Cache-Grace
Decoy-Debug-Key
X-Generation-Time
X-Hosted-By
Country-Code
Apigw-Requestid
Eomportal-Instance
X-Proxied
X-Shopify-Stage
X-Sql-Duration-Ms
X-Sql-Count
X-Redis-Cache
X-Routing-Service
X-Extlb
Cache-Tv-Group
X-ApacheServer
Url
Mn-Server-Ip
X-BYPASS-REASON
X-ServerID
Cache-Name
X-Soup
X-Storage
X-Via-Fastly
X-UA-Device-Type
X-PERF
X-ProxyCache-Key
X-PHP-Backend
X-Site-Version
X-FB-TRIP-ID
X-No-Session
X-NCache
X-ProxyCache-Status
Fastly-SSL
X-Origin-Date
X-Status
X-Microcachable
Selected-Fe
Property-Id
X-PCL
X-OCL
DB-Nickname
X-Origin-Hint
TWC-Connection-Speed
X-Proxy-Build
TWC-GeoIP-LatLong
X-Web-Node
X-Adobe-Content
Webcakes-Region
X-Akamai-Edgescape
X-Format
X-NYM-Debug-Backend
X-Cache-Host
X-Say-Cacheable
Webcakes-App-Version
Webcakes-App-Name
X-SayCDN-TTL
X-Say-TTL
TWC-GeoIP-Country
X-Server-W
TWC-Locale-Group
X-Timing-Wait
TWC-Privacy
TWC-Device-Class
X-Adobe-Loc
X-NewRelic-App-Data
X-R9-Blue-Green-Version
X-Pubstack
X-Hl-Ver
X-Content-Age
X-Varnishpool
Azure-SlotName
X-Cluster-Node
X-Access
OT-Force-Account-Verify
X-Section
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Azure-Version
X-RateLimit-Limit
Content-Secure-Policy
X-Be
SRV
X-LSADC-Cache
X-Hyper-Cache
X-Ua
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestId
CDN-Uid
X-Azure-Ref-OriginShield
X-Generated-By
X-Cached-By
Source
X-Webkit-Csp
Content-Disposition
X-TIME
X-Trace-Id
LB
X-SRV
X-Dc
X-Unique-Id
Cache
WPO-Cache-Status
X-Nginx-Cache-Key
WPO-Cache-Message
X-Bc-Bl
X-App-Version
X-LAGOON
X-Ratelimit-Remaining
X-HTML-Minification-Powered-By
Cache-Hits
Retry-After
X-Varnish-Hits
X-Auto-Login
X-Loop
X-Origin-CC
X-Amz-Meta-S3cmd-Attrs
X-Akamai-Transformed
X-Origin-TTL
X-GEO
X-TT-LOGID
X-Varnish-Hostname
X-TNCMS
Onion-Location
Mime-Version
Xet-Cookie
X-S-Maxage
X-Platform-Server
X-Cdn
X-Tumblr-Pixel-3
X-Xfnlog-Site
X-Tumblr-Pixel-2
X-Cache-Var-Map
X-Cache-Var
Web-Mar-Node
X-Proto
HostName
X-Time
X-Cache-Remote
X-Cache-Tags
Webserver
X-Edge-Location
X-Endurance-Cache-Level
X-Varnish-Cache-Hits
X-Tenant
X-Time-Microsecs
Upgrade-Insecure-Requests
X-CSRF-Token
X-VWS-Id
X-Request-Time
X-LJ-Flow-ID
ServedBy
X-AWS-Id
X-AOL-HN
X-EC-Lua
X-GG-Cache-Date
N-Cache
CloudFront-Viewer-Country
X-B3-SpanId
X-ECache
X-M-Log
X-Xrds-Location
X-Request-Host
X-Mg-Request-UUID
X-Qnm-Cache
X-M-Reqid
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-Amz-Apigw-Id
X-PHP-Host
From-Origin
X-Via-NSCOPI
X-FireWall-Port
WP-Super-Cache
X-S-Cookie
X-S
X-Shop-Environment
Xc-Version
L
X-Rojux
X-Ftr-Request-Id
X-ScT
Surrogated-Key
X-A-Ccd
X-A
X-Gen-Mode
X-SD-PageType
X-Session-Fingerprint
X-A-Dam
X-A-Wwc
DSUID
DCR-Processing-Time-Ms
A
X-B-Cookie
X-Planisys-CDN-Rules
X-ARC
X-Application
X-Processor
X-Aed
BehaviorPad-Version
X-Planisys-CDN-TTL
DCR-Decision-By
X-Planisys-CDN-Cache
X-NAPM-TraceId
X-A-Dcw
X-A-Dgt
X-PAYTM-SRV-ID
X-Cache-NE
X-Ig-Push-State
X-Cache-Date
Sslversion
Expiry
X-Block-Status
Fastcgi-X-Cache-Version
X-PBS-Appsvrname
Rendered-Blocks
X-Ckpd-Fst-Backend
X-Developer
V-Age
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Mobile-Detection-Method
X-VG-WebCache
X-V-Cache
X-RCS-CacheZone
Meta-Geo-Continent
X-Destination
X-Orig-Expires
X-TIM-N
X-Correlation-ID
Origin
Odigeo-Trace-Id
X-CACHE-KEY
CDCHOST
X-External-Request-Id
X-D
X-Conf
X-Connection-Hash
X-ND-Cache
X-Cluster
X-Origin-Response-Time
X-Forwarded-Path
X-Slack-Backend
Redirect-Candidate
X-CF-Lambda-Fn
X-CF-Lambda-Version
Pramga
X-Hnp-Log
X-Vtex-Remote-Cache
X-Vdms-Path
User-Cache-Control
X-SRCache-Key
X-Vdms-Version
Nel
X-Vtex-Processado-Em
X-MP-GENERATED-AT
X-Locale
X-Handled-By
PFcat
Origin-EX
Vix-Hermes-Req-Id
X-Accel-Expires-Debug
Cmsid
X-Nyt-Route
Cmstype
X-Men
X-Old-Content-Length
Traceparent
X-Origin-Time
Svr
Wxu-Next-Hostname
Release
True-Client-Country-4JS
X-Location
Ssr
Wxu-Next-Region
X-Origin-Expires
Host-ID
Wxu-Next-Commit
X-LI-UUID
Fastcgi-Cache-TTL
X-Mvc-Supplant-Cachable
Gh-Request-Id
X-Owner
X-NodeID
Origin-CC
X-Skip-Cache
X-HN
X-Device-Os
X-Scheme
X-Rocket-Nginx-Serving-Static
X-VarnishDD-TTL
X-Epic-Correlation-Id
X-Cache-Info
X-Served-From
X-Cdn-Srv
X-Sucuri-ID
X-Core-Mission
X-Varnish-Beresp-Status
X-Aicache-OS
X-Sucuri-Cache
X-Server-IP
X-Storefront-Renderer-Rendered
X-Date
X-Fastly-Cache
CacheControlHeader
Server-Info
AKAMAI
X-Li-Fabric
Arc-Country
X-Li-Pop
X-Policy
X-Fetched-On
X-Gdpr
X-Cache-Bucket
X-VServer
X-Webstats-RespID
X-Forwarded-Site
X-Hash
X-Proxy-Upstream
X-Geo-Header
X-NWS-UUID-VERIFY
AMP-Access-Control-Allow-Source-Origin
X-VC-Cache
Fastly-Drupal-Html
Environment
X-Bip
X-Branch-Name
X-Cache-Debug
X-BBC-Edge-Cache-Status
X-Cache-Config
X-Gamma-Serve
X-GeoIP
X-Adobe-Source
X-Generated-On
X-Level-Front-Cache
X-ATG-Version
X-Esi-Check
X-Cache-Id
Web-Mar-Region
X-Core-Value
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
We-Hiring
Thinkindot-Control
X-Gzip
X-Irp-Debug
X-Datadog-Parent-Id
X-HS-Content-Campaign-Id
X-Cdn-Origin
X-Developers
X-GeoIP-City
X-Req
X-Sigma
X-Rocket-Build-Number
X-Sigma-Backend
X-Request-URI
X-TH-Server
X-Sn-Servicetimems
Thinkindot-CacheControl-Type
X-Reqid
Apple-News-Services-Handled
Apple-News-Services-Host
X-Cache-Enabled
X-Region-Sid
X-Magnolia-Registration
X-Thanos
X-Thinkindot-L3
X-Csrf-Jwt
X-Envoy-Decorator-Operation
Ha-Gx-Prefs
HA-Ipaddr
X-CGP
L5d-Success-Class
X-Eu-Site
X-RateLimit-Limit-Second
X-VG-TLSProxy
X-TrackingId
X-UnsetCookies
X-RateLimit-Remaining-Second
X-Viewer-Country
Apple-News-Services-Parsed-Url
X-Request-Start
Mail-Subject
X-Backend-State
Machine
Locid
Fastly-GeoIP-CountryCode
Req-Svc-Chain
Server-Host
Apple-News-Services-Request-Url
Thinkindot-CacheControl
TDXMobile
State
X-Node-Id
X-Platform
X-Zone
Memcached
NGX
NM-Fastcgi-Cache
X-FC-Vary-Parameters
X-Amzn-Remapped-Content-Length
X-Qloud-Router
X-NU-AKA-ACS-Version
X-JWT-State
Platform
X-Fastly-Backend
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-DefHash
X-Variation
X-DefElseHash
X-DPWN-IS-SECURE
X-Worker
Fastly-SIE
X-Response-By
X-Is-Gdpr
X-Rebelmouse-Cache-Control
X-Loc
X-Rebelmouse-Surrogate-Control
Cf-Device-Type
X-Has-Esi
Adler-Geo
X-Pod-Name
X-Varnish-Remaining-TTL
Is-Eu
Fastly-SWR
X-Origin
X-CS
X-Mvc-Supplant-OutputCached
X-Datadome
X-Backend-TTL
X-Tx-Id
Datacenter
X-Varnish-Beresp-Ttl
X-API-Version
X-NC
X-Up
X-GeoIP-Region-Code
X-CLOUD-TRACE-CONTEXT
X-GeoIP-Country-Code
CDN
Candidate-Md5Url
Pics-Label
X-Generated-In
X-LB-ID
X-TraceId
X-Vc
S-Rt
Magicmarker
Ms-Author-Via
X-Trace-ID
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
X-DynaTrace-JS-Agent
NtCoent-Length
WWW-Authenticate
Kp-EeAlive
X-Restarts
X-LB-NoCache
On-Server
X-Edge-Pop
Env
X-Via-Popn
X-Via-Popv
X-Via-Poph
Esi-Enabled
X-Varnish-Ttl
GeoIp-Country-Code
X-Optimistic-Header
Memory
Time
WebServer
X-Akamai-Request-ID2
X-Http-Reason
X-DW
X-Wix-Viewer-Type
Edge-Cache
X-RPM
X-RSL
X-Cache-Backend
X-RPS
X-DSS
X-DI
X-Refresh
X-DB
X-TA-CDN-Provider
X-Action
X-CacheTTL
X-Service
X-Dynatrace
X-DC
C-Via
X-Varnish-Beresp-TTL
X-Minions-Version
X-Parent-Response-Time
X-Cache-PHP
X-Newrelic-Synthetics
X-Servedbyhost
X-Esi
X-Srv
X-MSEdge-Features
X-TX-ID
Accept-Language
Server-ID
X-Unique-ID
X-ZONE
X-MSEdge-Flight
X-Cs
X-Render-Time
X-Cache-Status-Check
X-HA-Backend
X-Urbn-Context-Path
X-Urbn-Site-Id
X-VCL-Version
Locale
X-Ec-GeoHdr
X-LI-Proto
X-User
X-Li-Proto
X-App
X-Ec-Fail
X-Fpc
X-Cache-Ttl
Proxy-Connection
X-URL
X-Info
X-Webkit-Csp-Report-Only
X-AIR-PT
X-FPC
Test
X-Pass-Why
X-Traceid
X-LiteSpeed-Cache-Control
Server-Id
X-Vcl-Version
X-B3-Spanid
X-Clientip
X-NODE
X-Webkit-CSP-Report-Only
X-Oss-Request-Id
UCS
X-Oss-Server-Time
Tcn
Cdncip
Cdnsip
Geo-Info
X-Oss-Storage-Class
X-AK-Request-ID
HIT
Cache-Host
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Fmm-Version
X-WADP-Cache
Geoip-Latitude
Cluster
My-App
S-Cnection
X-Clara-WADP
X-CSRF-TOKEN
M-TraceId
X-LiteSpeed-Tag
Resin-Trace
Hostname
X-Var-Ttl
X-CUA
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
X-Ha-Backend
Tracecode
X-HostName
User-Agent
X-ID
T-Server
Lfy
X-From
X-ServedByHost
X-Micro-Cache
Fastly-Backend-Name
X-COUNTRY
X-Dynatrace-Js-Agent
Lang
X-Fragments
X-RAMCache
GeoIP-Country-Code
Hit
X-Pad
X-BBC-Origin-Response-Status
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Mcache
X-Backend-Host
Ohc-File-Size
Section-Origin-Responded
X-Release
X-NGINX-Cache
Lb
X-Geo
X-Cdn-Forward
X-Check-Cacheable
X-Via-PopN
ENV
X-Edge-POP
X-APP
X-WP-CF-Super-Cache-Cache-Control
X-Via-PopV
X-BCube-Filmed-By
X-Via-PopH
MIME-Version
X-WP-CF-Super-Cache
Target-Params
X-ElasticPress-Query
DataCenter
X-HS-Status
X-Edge-Cache
X-Api-Version
Load-Balancing
CPC-Cache
VNS-Age
Path
CPC-Age
URI
VNS-Cache
X-ServerName
X-Fastly-Backend-Reqs
Servername
Cache-Key
X-Ucs
X-WA-Info
X-Amz-Meta-Cb-Modifiedtime
EpKe-Alive
X-WA
X-VC
X-ES-SERVER
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-GoCache-CacheStatus
X-Lb-Id
X-Lb-Nocache
X-UP
X-Fastly-Cache-Hits
PICS-Label
Uri
X-Proxy-Cache-Info
Permissions-Policy
X-Httpd
FSS-Cache
X-TRACE-ID
Cneonction
Pagetype
X-Nc
Shield-Pop
WZWS-RAY
X-Cms-Context
Cteonnt-Length
X-B3-ParentSpanId
Ohc-Cache-HIT
X-Cdn-Request-ID
ServerName
X-Provided-By
Producers
Cdn
X-PJAX-URL
X-RateLimit-Reset
X-Dw-Trace-Id
X-Pool
Cf-Ipcountry
X-SB
X-Via-Ucdn
X-Acquia-Application-UUID
Srv
Server-Ttl
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Vcache
X-Acquia-Site
X-Cache-CFC
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Newrelic-App-Data
X-Swift-Error
X-CCDN-Origin-Time
CF-Cached-On
X-Yottaa-OS
X-CCDN-CacheTTL
X-Contensis-Viewer-Groups
X-Cache-ASPX
MD5-Digest
X-Hcs-Proxy-Type
X-Apw-Hits
X-Akamai-Pragma-Client-IP
X-Snapshot-Date
Vha6-Origin
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Cache-Ngx
Sid
X-Air-Pt
IsBot
X-Platform-Processor
X-Platform-Router
X-B3-Parentspanid
X-Platform-Cluster
Sever-Int
Server-Ext
X-Logging-Id
X-Udemy-Cache-App-Namespace
X-Varnish-Authentication
Server-Hostname
X-Te-Duration-Ms
X-Miniprofiler-Ids
CountryCode
W
X-SIPLIST1
X-VG-WebServer
Ngx
Req-ID
X-Http-Count
X-UA
X-CacheKey
X-Sentry-ID
X-Te-Count
X-Http-Duration-Ms
X-Last-Modified