Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
EagleId
X-Akamai-Path-Stats
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
X-WebKit-CSP
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-Cache-Spec
Cf-Railgun
X-OneAgent-JS-Injection
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Country
Fastly-Restarts
Accept-Ch
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-Amz-Server-Side-Encryption
Cache-Tag
X-Varnish-TTL
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-ESI
X-Dw-Request-Base-Id
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-D2id
X-Edge
X-FastCGI-Cache
X-Ac
X-RateLimit-Remaining
X-Ser
X-Navigation-Version
X-Element-Page-Cache
Verso
X-Middleton-Display
Display
X-Abt-Application-Version
X-Sol
X-Client-IP
Pagespeed
X-Powered-By-Plesk
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Country-Code
X-Middleton-Response
X-Correlation-Id
Response
X-NF-Request-ID
X-Ttl
Access-Control-Request-Method
X-Goog-Hash
X-Content-Security-Policy-Report-Only
SPIisLatency
SPRequestDuration
X-Ruxit-Js-Agent
X-Kinsta-Cache
X-Cached
X-Edge-Location-Klb
AR-PoweredBy
AR-SID
AR-CACHE
AR-Request-ID
AR-ATIME
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
X-LLID
Edge-Cache-Tag
X-Upstream
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-NWS-LOG-UUID
X-RateLimit-Limit
X-Litespeed-Cache
X-TTL
X-Forwarded-For
Nginx-Cache
X-Cache-Key
Content-MD5
X-Id
X-MSEdge-Ref
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
TCN
X-T
X-Recruiting
X-B3-TraceId-Primal
S
X-Daa-Tunnel
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Digest
X-ECACHE
X-Ua-Device
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
X-DataDome
X-WebKit-CSP-Report-Only
X-Grace
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-HS-Combine-CSS
X-Protected-By
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
MS-Author-Via
X-Frontend
X-DynaTrace
X-Ua-Browser
X-Ab
X-Content
X-Request-Processing-Time
X-Request-Received
X-Yandex-Sdch-Disable
TP-L2-Cache
Server-Node
TP-Cache
Front-End-Https
Filters
X-Server-ID
X-PressLabs-Stats
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-Oneagent-Js-Injection
X-Webkit-Csp
X-Request-Handler-Origin-Region
X-Microsite
X-LB-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
X-Debug-Info
Host
Cleartype
X-B3-Sampled
X-Git-Hash
X-F-Cache
X-Page-Id
Cross-Origin-Opener-Policy
X-Ratelimit-Reset
X-Forwarded-Proto
X-ORACLE-DMS-ECID
X-Cache-Age
X-DIS-Request-ID
Access-Control-Allow-Method
X-Seen-By
X-ORACLE-DMS-RID
Cache-Status
X-Www-Served-By
Realpath
X-Az
X-Activity-Id
X-AppVersion
Pinterest-Generated-By
ServerID
Pinterest-Version
X-Pinterest-Rid
Accept-Charset
X-Aspnetmvc-Version
X-Oracle-Dms-Ecid
X-Mcache
X-Varnish-Age
Filterid
X-Fastly-Request-Id
Cache-Tags
X-Oracle-Dms-Rid
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Rid
X-Content-Options
X-Type
X-Language
Retry-After
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-App-Environment
X-FB-Debug
Country
Server-Name
Node
X-MCACHE
X-Upgrade-Enabled
X-Varnish-Backend
Viewport
X-Tb
X-User-Agent
DC
Paypal-Debug-Id
X-Drupal-Cache-Tags
X-Varnish-Grace
X-B-Cache
X-TT
X-Wix-Request-Id
X-Signature
X-Origin-Cache
X-Whom
X-Goog-Generation
X-Mobile-URL
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Route-Name
X-Request-Guid
X-XRDS-LOCATION
X-B
X-VCache
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-NWS-UUID-VERIFY
Protected
Permissions-Policy
X-Debug
Fastcgi-Useragent
X-Cache-NGX
X-Amz-Replication-Status
X-Logged-In
X-Amz-Meta-S3cmd-Attrs
X-N
Payment
X-Via-JSL
WPO-Cache-Status
WPO-Cache-Message
X-Load-Cache
X-XRDS-Location
Surrogate-Key
X-Cache-Control
X-Contextid
Amp-Access-Control-Allow-Source-Origin
X-Webkit-CSP
Count-Hit
Healthy
X-Node-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-FW-Dynamic
X-FW-Static
X-FW-Serve
X-FW-Hash
X-Template
X-FW-Type
X-FW-Server
X-Mobile
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
Akamai-GRN
X-Proxy
Refresh
Content-Disposition
Url
X-Restarts
X-Revision
X-Jobs
X-Cache-Time
X-G
X-Framework
Uber-Trace-Id
X-Akamai-Request-ID2
X-NGENIX-Cache
X-Fastly-Request-ID
X-Cache-TTL-Remaining
X-Real-IP
X-UUID
Alternate-Protocol
X-Zen-Fury
X-Device-Type
X-Drupal-Cache-Contexts
X-Rendered-As
X-Proxy-Cache-Status
X-Debug-IsPreview
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
NGB
X-Debug-IsConnected
X-Is-Bot
X-Adobe-Loc
X-Adobe-Content
X-Servername
X-Yottaa-Optimizations
X-Instance
X-Http-Reason
X-Page-View
X-Hostname
Access-Control-Request-Headers
X-Yottaa-Metrics
X-Cache-Grace
X-Mg-Request-UUID
X-Midtier
X-Varnish-Server
X-ECache
X-Trace-Id
X-B3-Traceid
X-IPLB-Instance
X-L-Path
Version
X-Environment-Context
X-Source
X-EdgeConnect-Cache-Status
Accept-Language
X-HTML-Minification-Powered-By
X-Datadome
Countrycode
X-RTag
MS-CV
Ms-Operation-Id
Frame-Options
X-Fastcgi-Cache
From-Origin
X-Cache-Rule
X-Cache-Hit
X-Cache-Expired-At
X-Vgn-Hpd-Reason
Liferay-Portal
X-NYM-Debug-Backend
Referer-Policy
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Backend
X-Tumblr-Pixel
X-APP-VERSION
X-COUNTRY
X-IPS-LoggedIn
X-Nginx-Cache
X-FW-Version
Content-Secure-Policy
X-Hosted-By
X-UPSTREAM-Address
X-Parallel-Accel
X-Cache-Server
Upgrade-Insecure-Requests
Meta-Geo
X-Unique-Id
X-RN-RSRV
X-PCL
X-OCL
Section-Io-Cache
X-FB-TRIP-ID
X-No-Session
X-Generation-Time
X-NewRelic-App-Data
X-Cache-Enabled
X-Redis-Cache
X-Ua
X-Cluster-Node
TWC-Connection-Speed
Webcakes-App-Name
X-Format
Webcakes-App-Version
Mn-Server-Ip
S-Rt
Property-Id
Azure-Version
X-Akamai-Edgescape
X-Access
WP-Super-Cache
X-AOL-HN
Webcakes-Region
X-Be
X-Via-Fastly
X-Region
Azure-RegionName
Azure-InstanceId
X-Uri
X-Section
TWC-GeoIP-LatLong
Azure-SlotName
X-Server-W
X-UA-Device-Type
X-ProcessESI
X-PHP-Backend
TWC-Device-Class
X-RemovedCookies
Azure-SiteName
X-Origin-Date
X-Varnish-Cache-Hits
TWC-GeoIP-Country
Apigw-Requestid
X-Origin-Hint
X-Request-Time
TWC-Locale-Group
TWC-Privacy
CF-IPCountry
X-Mode
X-Content-Age
X-Say-TTL
X-Say-Cacheable
X-ProxyCache-Key
X-Sorting-Hat-ShopId
X-ProxyCache-Status
X-Sorting-Hat-PodId
X-SayCDN-TTL
Eomportal-Instance
X-ShopId
X-Shopify-Stage
X-PERF
X-Nginx-Cache-Key
X-Content-Powered-By
X-Debug-Cache
X-Cache-Host
X-BYPASS-REASON
X-ApacheServer
X-Forwarded-Host
Cache-Tv-Group
X-Alternate-Cache-Key
X-Locale
X-Human
X-Generated-By
Locale
X-ShardId
X-Sql-Count
Fastly-SSL
X-Xfnlog-Site
X-PHP-Host
X-Labrador-Cache-Channel
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Status
X-Site-Version
X-Storage
X-Sql-Duration-Ms
X-Ratelimit-Remaining
X-Extlb
X-Detected-As
X-VC-Cache
X-Backend-Name
X-VWS-Id
X-Cache-Action
X-LJ-Flow-ID
X-AWS-Id
X-Cache-Type
X-Adobe-Source
X-Routing-Service
X-Web-Node
X-SaId
X-Varnishpool
X-Tid
X-Proxied
X-Zipkin-Id
X-Hl-Ver
X-Cms-Context
X-Cache-Tags
X-ServerID
X-Platform-Server
X-JoinUs
Ec-Rule-Version
X-GG-Cache-Date
X-Handled-By
CDN-CachedAt
CDN-Cache
CDN-RequestId
CDN-EdgeStorageId
X-Proxy-Build
CDN-PullZone
CDN-RequestCountryCode
Selected-Fe
X-Timing-Wait
CDN-Uid
Load-Balancing
X-Edge-Location
X-Storefront-Renderer-Rendered
ServedBy
Webserver
X-Proto
SRV
X-GeoCode
X-GeoCountry
Mime-Version
Fastly-Drupal-Html
X-LSADC-Cache
X-CDN-Forward
X-Hyper-Cache
Web-Mar-Node
X-Dc
X-Rule
Onion-Location
X-Cache-Operation
X-Cached-By
X-GEO
X-Cache-Remote
X-TT-LOGID
X-Varnish-Hostname
SID
X-Rewrite-Enabled
X-Cdn
Cache-Hits
X-Soup
X-App-Version
X-Varnish-Ttl
X-SRV
Xserver
X-Cluster
X-Accel-Buffering
X-Pubstack
X-Origin-CC
X-Origin-TTL
X-Reqid
X-Varnish-Hits
X-TA-CDN-Provider
Country-Code
X-Ratelimit-Limit
X-Envoy-Decorator-Operation
Xet-Cookie
X-Magnolia-Registration
X-Air-Trace-Id
X-Air-Hostname
LB
X-IPLB-Request-ID
X-Air-Source
Server-Info
X-Microcachable
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-Buckets
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Cache
X-Request-Host
DB-Nickname
Source
X-Ms-Version
X-Ms-Request-Id
X-CSRF-Token
X-Amz-Apigw-Id
X-Tt-Logid
X-Newrelic-Synthetics
X-Amzn-RequestId
X-Tx-Id
X-B3-SpanId
X-Endurance-Cache-Level
X-Esi-Check
X-Vdms-Version
Fastcgi-X-Cache-Version
X-Gzip
X-Rojux
X-Vtex-Processado-Em
X-PBS-Appsvrname
X-VG-WebCache
X-Vtex-Remote-Cache
DCR-Decision-By
A
BehaviorPad-Version
Cdncip
X-Via-NSCOPI
X-Forwarded-Path
X-Ftr-Request-Id
X-Origin-Response-Time
Cdnsip
Cmsid
X-Geo-Header
Expiry
Xc-Version
DCR-Processing-Time-Ms
X-Epic-Correlation-Id
Cmstype
X-Processor
X-External-Request-Id
X-TrackingId
X-ARC
X-Application
X-S-Cookie
X-B-Cookie
X-Cache-Id
X-AK-Request-ID
X-Aed
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Cache-NE
X-Cdn-Srv
X-D
X-Connection-Hash
X-S
X-Ig-Push-State
X-Destination
X-Developer
X-HS-Content-Campaign-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ec-Fail
X-Conf
X-A
X-Orig-Expires
X-NAPM-TraceId
NM-Fastcgi-Cache
X-TIM-N
Odigeo-Trace-Id
Pramga
Mobile-Detection-Method
Meta-Geo-Continent
X-Vdms-Path
X-User
Lang
MD5-Digest
X-Tenant
Rendered-Blocks
T-Server
Surrogated-Key
X-SD-PageType
X-PAYTM-SRV-ID
X-ScT
X-Ec-GeoHdr
X-Session-Fingerprint
Sslversion
X-Hash
X-SRCache-Key
X-Shop-Environment
Host-ID
X-A-Dam
X-RCS-CacheZone
X-NCache
X-Bc-Bl
X-CacheTTL
X-Ckpd-Fst-Backend
X-Cache-Info
X-Cache-Bucket
X-Amzn-Remapped-Content-Length
X-Cache-Backend
X-Clara-WADP
X-WADP-Cache
X-DefHash
X-Developers
X-DefElseHash
X-Core-Value
X-Core-Mission
X-Worker
Wxu-Next-Region
Mail-Subject
Memcached
Machine
Is-Eu
Fastly-GeoIP-CountryCode
Platform
Producers
Wxu-Next-Commit
Wxu-Next-Hostname
We-Hiring
State
Server-Host
X-Device-Os
X-DPWN-IS-SECURE
X-Sigma
X-Sigma-Backend
X-Server-IP
X-Scheme
X-SB
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Variation
X-V-Cache
X-Rocket-Build-Number
X-Origin-Time
X-Fmm-Version
X-Gdpr
X-Fetched-On
X-Fastly-Cache
Environment
X-GeoIP
X-Irp-Debug
X-Nyt-Route
X-Origin
X-NodeID
X-Node-Id
X-Mvc-Supplant-Cachable
X-Via-Ucdn
X-Origin-Expires
X-Skip-Cache
Adler-Geo
AKAMAI
X-Varnish-Beresp-Grace
X-Time
CDN
Cache-Name
X-Azure-Ref
X-Eu-Site
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Csrf-Jwt
X-Has-Esi
X-Dispatcher-Number
X-VarnishDD-TTL
X-VG-TLSProxy
X-Viewer-Country
X-Thinkindot-L3
X-Ec-Custom-Error
X-R9-Blue-Green-Version
X-Branch-Name
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Block-Status
X-BBC-Edge-Cache-Status
X-Auto-Login
Kp-EeAlive
X-Cache-Date
X-Pod-Name
X-CGP
X-Sn-Servicetimems
X-Wikidot-Backend
X-Wikidot-Static-Cache
Apple-News-Services-Handled
X-Cdn-Origin
X-Aicache-OS
X-SIPLIST1
X-Qloud-Router
DynaTrace
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Proxy-Cache-Info
HostName
X-Pool
X-Policy
X-Platform
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Region-Sid
X-Minions-Version
X-Gen-Mode
X-Generated-On
X-GeoIP-City
X-Gamma-Serve
X-Served-From
X-Is-Gdpr
X-Forwarded-Site
X-Rocket-Nginx-Serving-Static
X-HN
X-Level-Front-Cache
X-Loc
X-Request-URI
X-LAGOON
X-Hnp-Log
X-Httpd
X-Slack-Backend
Apple-News-Services-Host
HA-Ipaddr
Svr
Datacenter
IsBot
Ssr
Candidate-Md5Url
Cache-Key
Thinkindot-Control
Ha-Gx-Prefs
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
L
L5d-Success-Class
Origin-CC
Origin-EX
Origin
Ohc-File-Size
N-Cache
PFcat
Cluster
CloudFront-Viewer-Country
Req-Svc-Chain
Release
Redirect-Candidate
X-Wix-Viewer-Type
X-BCube-Filmed-By
X-TNCMS
X-Loop
Web-Mar-Region
Fastly-SIE
Fastly-SWR
Gh-Request-Id
CDCHOST
Vix-Hermes-Req-Id
Fastcgi-Cache-TTL
Traceparent
V-Age
User-Cache-Control
X-JWT-State
X-Cache-Status-Check
Sever-Int
X-SplitTest
GEO-INFO
VNS-Cache
CPC-Age
X-Scale
VNS-Age
CPC-Cache
XM
DSUID
X-From
Server-Hostname
X-Owner
NGX
X-Optimistic-Header
X-VServer
X-Webstats-RespID
X-Ad-Defer-Variation
Server-Ext
X-ZONE
X-WP-CF-Super-Cache
Pics-Label
X-Location
X-Refresh
X-WP-CF-Super-Cache-Cache-Control
X-WA-Info
Fastly-Backend-Name
X-Parent-Response-Time
X-VC
X-CS
X-CACHE-KEY
X-Tb-Optimization-Total-Bytes-Saved
X-Micro-Cache
X-Cache-ASPX
Env
X-Contensis-Viewer-Groups
X-Ah-Environment
Locid
X-NC
X-TIME
X-EC-Lua
Ms-Author-Via
X-Varnish-Authentication
X-Udemy-Cache-App-Namespace
Servername
X-Men
X-Response-By
Arc-Country
X-LB-NoCache
AMP-Access-Control-Allow-Source-Origin
X-AIR-PT
Memory
X-Old-Content-Length
X-Edge-Pop
X-Servedbyhost
X-Mvc-Supplant-OutputCached
X-Amz-Meta-Cb-Modifiedtime
Path
Time
X-Tec-Api-Version
Lb
X-Tec-Api-Root
X-Tec-Api-Origin
X-Xrds-Location
Ngx.Var.Host
X-Via-Popn
X-TraceId
Cache-Host
X-Via-Popv
X-Via-Poph
X-Generated-In
X-RSL
X-RPS
X-RPM
X-DW
X-Srv
X-DSS
X-DI
X-DB
Ohc-Cache-HIT
X-Akamai-Transformed
X-Date
ITXSESSIONID
X-HA-Backend
X-Trace-ID
X-Accel-Expires-Debug
X-Api-Version
X-Proxy-CacheRZ
XkeyRZ
X-RateLimit-Reset
X-GeoIP-Country-Code
X-VCL-Version
X-DC
X-Varnish-Beresp-TTL
X-S-Maxage
GeoIp-Country-Code
X-GeoIP-Region-Code
Client
True-Client-IP
X-Cache-Debug
FSS-Cache
X-Clientip
X-Vc
X-API-Version
X-Cs
X-VHOST
Geoip-Latitude
Server-ID
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
X-Zone
Fusion-Content-Source
Fusion-Template-Id
Hostname
X-Presslabs-Stats
X-Fpc
CacheControlHeader
X-FireWall-Port
X-TH-Server
X-Dmc
True-Client-Country-4JS
X-Action
X-Backend-TTL
X-Webkit-Csp-Report-Only
Powered-By
X-Render-Time
X-MSEdge-Flight
X-Traceid
X-MSEdge-Features
X-TX-ID
NtCoent-Length
X-PX
X-B3-Spanid
X-INCAP-ABP
X-CSRF-TOKEN
X-Gateway-Cache-Status
X-Gateway-Cache-Key
Tcn
X-Gateway-Skip-Cache
X-Gateway-Request-Id
Rip
X-Service
X-Req
X-DynaTrace-JS-Agent
Geo-Info
C-Via
Edge-Cache
Test
X-M-Reqid
X-NGINX-Cache
Tube-Got-Results
Tube-Return
Esi-Enabled
X-Pass-Why
Tube-Got-Eval
Tube-Get-Contents
Click-Count-Error
Click-Count-Action-Start
X-FPC
X-Cdn-Request-ID
X-Esi
My-App
X-M-Log
X-Qnm-Cache
X-Correlation-ID
X-Origin-Upstream-Status
X-HS-Status
X-Webkit-CSP-Report-Only
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Cache-Status
User-Agent
HIT
Server-Id
On-Server
X-Alfa-Service
Uri
Cf-Int-Pingora-Origin-Digest
X-Vcl-Version
X-Up
X-Provided-By
OT-Force-Account-Verify
X-TRACE-ID
X-Varnish-Beresp-Ttl
Resin-Trace
X-Check-Cacheable
X-LB-ID
GeoIP-Country-Code
GeoIP-Latitude
Srvid
X-Via-PopV
X-URL
X-Proxy-Cache-Hk
X-Ha-Backend
Proxy-Connection
X-Via-PopN
X-Via-PopH
X-Akamai-Pragma-Client-IP
X-CLOUD-TRACE-CONTEXT
Sid
X-APP
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
X-Li-Pop
X-LI-Proto
X-Li-Fabric
Srv
X-ServedByHost
X-UnsetCookies
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-LI-UUID
X-RAMCache
Epwk-X-Cache
X-CCDN-CacheTTL
Cdn
X-Cdn-Forward
DataCenter
WebServer
X-Geo
X-Edge-POP
X-Fetch-By
X-Backend-Host
X-ND-Cache
M-TraceId
X-Time-Microsecs
WZWS-RAY
Warning
MIME-Version
XServer
ENV
X-Lb-Nocache
X-CUA
X-App
ServerName
X-Fastly-Backend-Reqs
X-B3-Traceid-Primal
Server-Ttl
Cf-Device-Type
X-HostName
Fastly-Drupal-HTML
X-MG-S
Target-Params
X-Azure-Ref-OriginShield
X-LiteSpeed-Cache-Control
X-Yottaa-OS
X-Platform-Processor
X-Request-Url
X-Fragments
X-HITS
Tracecode
X-Platform-Router
CF-Cached-On
X-ElasticPress-Query
X-Newrelic-App-Data
PICS-Label
X-Platform-Cluster
DT-Hot-News
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-ATG-Version
Section-Io-Id
X-Serial
X-Dw-Trace-Id
X-Var-Ttl
X-Sucuri-ID
X-Bip
True-Client-Ip
Inserted-Into-Cache-At
X-Iplb-Request-Id
Dt-Hot-News
Lfy
Cf-Ipcountry
X-Sucuri-Cache
X-FC-Vary-Parameters
X-Vcache
X-CF-Powered-By
D-Url-Rewrites
X-Nc
X-Iplb-Instance
X-Thanos
X-Fastly-Backend
X-Akamai-Request-ID
Wp-Super-Cache
Cdn-Cache
Cdn-Uid
Cdn-Cachedat
Cdn-Requestcountrycode
Cdn-Pullzone
Servedby
Cdn-Requestid
X-Air-Pt
Cdn-Edgestorageid
X-Release
X-Vercel-Id
X-Vercel-Cache
X-BBC-Origin-Response-Status
X-Cache-Expires
Ngx
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Vha6-Origin
Hit
X-Dist-Code
Cneonction
Content-Style-Type
X-Snapshot-Date
X-Th-Server
X-Storefront-Renderer-Verified
X-NU-AKA-ACS-Version
X-Request-URL
Fastcgi-Cache-Ttl
X-Back
Content-Script-Type
CountryCode
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
X-Varnish-Beresp-Status