Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Request-ID
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
Host-Header
X-Amz-Request-Id
X-Proxy-Cache
X-UA-Device
X-Amz-Id-2
X-Hacker
X-Rq
Grace
X-Dns-Prefetch-Control
X-Akamai-Path-Stats
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
Allow
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Url
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
Fastly-Restarts
X-Country
X-Mod-Pagespeed
X-MS-InvokeApp
X-PC
X-Rack-Cache
X-TtlSet
X-Vname
X-Ruxit-JS-Agent
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-VARITI-CCR
X-Content-Type
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
Accept-Ch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Amz-Rid
X-Amz-Server-Side-Encryption
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cnection
X-Px
X-Ac
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-RateLimit-Remaining
X-Abt-Application-Version
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Edge
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Ser
X-FastCGI-Cache
Service-Worker-Allowed
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
X-Ruxit-Js-Agent
Response
X-Middleton-Response
X-NF-Request-ID
Access-Control-Request-Method
X-Correlation-Id
X-Goog-Hash
X-Ttl
X-Kinsta-Cache
SPRequestDuration
SPIisLatency
AR-SID
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Edge-Location-Klb
X-Upstream
X-Webkit-Csp
X-Ua-Device
X-NWS-LOG-UUID
X-TTL
X-LLID
X-Cached
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
Edge-Cache-Tag
X-SharePointHealthScore
SPRequestGuid
Nginx-Cache
X-RateLimit-Limit
X-Content-Security-Policy-Report-Only
X-Cache-Key
X-Forwarded-For
X-Litespeed-Cache
TCN
X-MSEdge-Ref
Content-MD5
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
MS-Author-Via
X-B3-TraceId-Primal
X-Daa-Tunnel
X-Id
X-T
X-Recruiting
S
X-Content-Digest
X-Mg-S
X-DataDome
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Protected-By
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ezoic-Cdn
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Accel-Expires
X-Ua-Browser
X-ECACHE
MicrosoftSharePointTeamServices
X-Frontend
X-Content
X-Ab
X-Request-Processing-Time
Server-Node
X-Grace
X-Request-Received
X-Yandex-Sdch-Disable
Front-End-Https
Filters
X-Mid
X-Server-ID
Fastcgi-Cache
X-DynaTrace
X-Origin-Server
TP-L2-Cache
X-Geo-Country
X-Hits
TP-Cache
X-Distributor
X-ORACLE-DMS-ECID
X-PressLabs-Stats
X-ORACLE-DMS-RID
X-Ratelimit-Reset
X-Debug-Info
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-WebKit-CSP-Report-Only
Charset
Cleartype
X-Page-Id
Host
X-F-Cache
X-Git-Hash
X-Pinterest-Rid
Pinterest-Generated-By
X-DIS-Request-ID
Pinterest-Version
X-Microsite
X-Request-Handler-Origin-Region
Cross-Origin-Opener-Policy
X-B3-Sampled
X-LB-Cache
X-Www-Served-By
X-Forwarded-Proto
X-Cache-Age
Access-Control-Allow-Method
ServerID
X-Seen-By
Cache-Tags
Cache-Status
X-Az
X-AppVersion
X-Activity-Id
X-Varnish-Age
X-Cluster-Name
Accept-Charset
X-Language
Realpath
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Filterid
X-Aspnetmvc-Version
X-MCACHE
X-Oracle-Dms-Ecid
Server-Name
X-Oracle-Dms-Rid
X-Rid
X-Type
X-Content-Options
X-Nginx-Upstream-Cache-Status
X-App-Environment
Country
Viewport
X-Varnish-Grace
Node
X-Upgrade-Enabled
X-Origin-Cache
X-User-Agent
Retry-After
X-Tb
X-Mobile-URL
X-XRDS-LOCATION
X-NWS-UUID-VERIFY
X-Route-Name
X-Request-Guid
X-B-Cache
X-FB-Debug
X-Providence-Cookie
X-Flags
Paypal-Debug-Id
DC
X-Aspnet-Duration-Ms
X-Drupal-Cache-Tags
X-Signature
X-Is-Crawler
X-Wix-Request-Id
X-Whom
X-TT
X-Varnish-Backend
Protected
X-VCache
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Fastly-Request-Id
Fastcgi-Useragent
X-Via-JSL
X-B
X-Cache-NGX
X-N
X-Amz-Replication-Status
Payment
X-Debug
X-Logged-In
X-Contextid
X-Fastly-Request-ID
X-Fastcgi-Cache
X-Load-Cache
WPO-Cache-Status
WPO-Cache-Message
X-Template
X-Mcache
Surrogate-Key
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-Cache-Control
X-Amz-Meta-S3cmd-Attrs
Count-Hit
X-Node-Name
X-Trace-Id
Amp-Access-Control-Allow-Source-Origin
Healthy
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Original-Request-Id
X-Response-Served-From
Permissions-Policy
SD-X-WS
Refresh
X-Proxy
Akamai-GRN
Content-Disposition
X-Revision
X-UUID
X-XRDS-Location
X-Akamai-Request-ID2
X-Is-Bot
X-Hostname
X-Jobs
X-Real-IP
X-Rendered-As
X-Cache-Time
X-Mobile
X-G
X-Zen-Fury
X-Adobe-Loc
X-Cacheable-TTL
Uber-Trace-Id
X-Adobe-Content
Alternate-Protocol
X-Page-View
X-Framework
X-Cache-TTL-Remaining
X-Http-Reason
X-Device-Type
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Contexts
NGB
X-Debug-IsConnected
X-Debug-IsPreview
X-Instance
X-Proxy-Cache-Status
VIX-Pulpo-Node
X-Yottaa-Metrics
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-IPLB-Instance
Url
X-Servername
X-Cache-Grace
X-Source
From-Origin
Version
X-COUNTRY
X-Cache-Rule
X-ECache
X-Varnish-Server
X-Mg-Request-UUID
X-Vgn-Hpd-Reason
X-B3-Traceid
X-Parallel-Accel
X-NGENIX-Cache
X-Restarts
X-Environment-Context
X-L-Path
X-Cache-Hit
X-EdgeConnect-Cache-Status
Accept-Language
X-Cache-Expired-At
X-Oneagent-Js-Injection
Countrycode
Referer-Policy
X-RTag
MS-CV
Ms-Operation-Id
X-App-Server
X-HTML-Minification-Powered-By
X-FW-Version
X-Ratelimit-Remaining
Frame-Options
X-NYM-Debug-Backend
Liferay-Portal
Cross-Origin-Window-Policy
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-IPS-LoggedIn
Backend
X-Cache-Action
X-ProcessESI
Content-Secure-Policy
X-APP-VERSION
X-RemovedCookies
CF-IPCountry
WP-Super-Cache
X-Cache-Server
X-Nginx-Cache
Section-Io-Cache
X-Redis-Cache
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
Upgrade-Insecure-Requests
X-Hosted-By
Ec-Rule-Version
X-Content-Age
X-Access
X-Ua
Cache-Tv-Group
X-Format
X-FB-TRIP-ID
X-Detected-As
X-Cache-Enabled
X-Section
X-PCL
X-No-Session
X-Generation-Time
X-OCL
Fastly-SSL
Azure-RegionName
X-Urbn-Site-Id
X-Via-Fastly
X-Uri
Azure-InstanceId
Apigw-Requestid
X-Generated-By
X-PHP-Backend
X-Origin-Hint
X-Origin-Date
X-Server-W
X-Site-Version
X-Web-Node
X-Sql-Duration-Ms
X-Sql-Count
X-Urbn-Context-Path
Azure-SlotName
TWC-Connection-Speed
X-Varnish-Cache-Hits
X-Akamai-Edgescape
X-UA-Device-Type
X-SayCDN-TTL
Webcakes-Region
TWC-Device-Class
Webcakes-App-Name
TWC-Locale-Group
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Say-TTL
X-Say-Cacheable
Property-Id
X-AOL-HN
Mn-Server-Ip
Azure-Version
TWC-Privacy
X-Cluster-Node
S-Rt
X-Request-Time
X-Region
X-Be
X-Human
Azure-SiteName
Locale
X-Datadome
X-Mode
X-Hyper-Cache
CDN-RequestId
CDN-Uid
X-Status
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-BYPASS-REASON
X-Cache-Tags
X-ApacheServer
X-Content-Powered-By
X-Platform-Server
X-Storage
X-Debug-Cache
X-PERF
X-Adobe-Source
X-Cache-Host
Eomportal-Instance
X-ProxyCache-Status
X-ProxyCache-Key
X-Nginx-Cache-Key
X-Forwarded-Host
X-Xfnlog-Site
X-Zipkin-Id
X-Extlb
X-Routing-Service
X-ServerID
X-SaId
X-Unique-Id
X-Cache-Type
X-Handled-By
X-Alternate-Cache-Key
X-Varnishpool
X-ShardId
X-Backend-Name
X-Proxied
X-Hl-Ver
X-Sorting-Hat-PodId
X-JoinUs
X-TT-LOGID
X-Tid
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
X-Rule
X-Timing-Wait
X-Webkit-CSP
X-Proxy-Build
X-Midtier
X-Labrador-Cache-Channel
X-NewRelic-App-Data
Selected-Fe
X-GG-Cache-Date
X-PHP-Host
X-Locale
ServedBy
X-VWS-Id
X-LJ-Flow-ID
X-Dc
X-AWS-Id
X-VC-Cache
Webserver
X-Cache-Operation
X-Accel-Buffering
X-Cache-Remote
X-LSADC-Cache
X-Edge-Location
X-Rewrite-Enabled
SID
X-Cms-Context
X-Proto
X-Cached-By
X-Ratelimit-Limit
X-Storefront-Renderer-Rendered
Mime-Version
SRV
Fastly-Drupal-Html
Web-Mar-Node
X-Soup
Xserver
X-CDN-Forward
X-TA-CDN-Provider
X-Pubstack
Onion-Location
X-Buckets
X-GEO
X-Reqid
X-Varnish-Hostname
X-App-Version
X-GeoCode
X-GeoCountry
Load-Balancing
Country-Code
X-Cdn
X-Request-Host
X-Microcachable
Cache-Hits
Decoy-Debug-TTL
X-Origin-TTL
LB
Decoy-Debug-Key
Decoy-Debug-Status
X-Origin-CC
X-Cluster
Server-Info
X-Varnish-Hits
X-Ms-Request-Id
X-Tumblr-Pixel-3
Xet-Cookie
X-SRV
X-Tumblr-Pixel-2
X-Ms-Version
X-MP-GENERATED-AT
X-Magnolia-Registration
X-Envoy-Decorator-Operation
X-CSRF-Token
X-B3-SpanId
X-Air-Source
X-Air-Trace-Id
X-NCache
X-Air-Hostname
X-Tec-Api-Version
X-Tec-Api-Origin
DynaTrace
X-Tec-Api-Root
X-Amzn-RequestId
X-Bc-Bl
X-Time
X-Amz-Apigw-Id
X-RCS-CacheZone
X-Endurance-Cache-Level
DB-Nickname
X-Esi-Check
X-From
X-External-Request-Id
X-Geo-Header
X-Forwarded-Path
X-Gzip
X-Hash
X-Ftr-Request-Id
BehaviorPad-Version
X-A-Wwc
Lang
X-A-Dgt
X-A-Dcw
Host-ID
X-Aed
X-B-Cookie
X-ARC
X-Application
X-AK-Request-ID
X-A-Dam
X-A-Ccd
Pramga
Rendered-Blocks
Sslversion
Surrogated-Key
Odigeo-Trace-Id
NM-Fastcgi-Cache
Meta-Geo-Continent
Mobile-Detection-Method
X-A
Fastcgi-X-Cache-Version
Expiry
X-Connection-Hash
X-Conf
A
X-CF-Lambda-Version
X-D
Source
X-Ec-GeoHdr
X-Ec-Fail
X-Developer
X-Destination
X-CF-Lambda-Fn
Cdncip
DCR-Decision-By
DCR-Processing-Time-Ms
X-Cache-Id
X-Cache-Bucket
Cmstype
Cmsid
Cdnsip
X-Cdn-Srv
X-Cache-NE
X-Epic-Correlation-Id
X-Webstats-RespID
X-Processor
X-SRCache-Key
X-Vdms-Version
Xc-Version
X-SD-PageType
X-S
X-R9-Blue-Green-Version
X-Rojux
T-Server
X-Shop-Environment
X-Vdms-Path
Cache-Name
X-Origin-Response-Time
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-NAPM-TraceId
X-Session-Fingerprint
X-TIM-N
X-Tenant
X-HS-Content-Campaign-Id
X-S-Cookie
X-VG-WebCache
X-User
X-Orig-Expires
X-Ig-Push-State
X-TrackingId
X-Varnish-Beresp-Grace
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-ScT
Cache
X-Tx-Id
X-Azure-Ref
X-Origin-Expires
X-Amzn-Remapped-Content-Length
X-SVT-ORM-RULES
X-Slack-Backend
X-Cache-Backend
X-TNCMS
X-Block-Status
Environment
X-SVT-ORM-VERSION
X-Origin
Mail-Subject
We-Hiring
Producers
Platform
Web-Mar-Region
User-Cache-Control
Server-Host
X-Scheme
State
X-SB
Wxu-Next-Commit
Wxu-Next-Hostname
Machine
X-Origin-Time
Is-Eu
X-Planisys-CDN-Cache
Memcached
Wxu-Next-Region
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Server-IP
Apple-News-Services-Host
X-Fastly-Cache
X-Worker
X-Fmm-Version
X-Loop
X-Wix-Viewer-Type
Fastly-GeoIP-CountryCode
MD5-Digest
X-Device-Os
X-Mvc-Supplant-Cachable
X-Core-Mission
X-Cache-Info
CDN
X-Location
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-Irp-Debug
X-VG-TLSProxy
X-LAGOON
X-WADP-Cache
X-Gdpr
X-Gen-Mode
X-GeoIP
X-NodeID
X-DPWN-IS-SECURE
AKAMAI
Apple-News-Services-Handled
Adler-Geo
X-Variation
X-Clara-WADP
X-Hnp-Log
Apple-News-Services-Parsed-Url
X-Sigma
X-V-Cache
X-Ckpd-Fst-Backend
Apple-News-Services-Request-Url
X-Rocket-Build-Number
X-Node-Id
X-Varnish-Remaining-TTL
X-DefHash
X-Ec-Custom-Error
X-Developers
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Fetched-On
X-Core-Value
X-Nyt-Route
X-DefElseHash
X-Sigma-Backend
X-ZONE
X-Varnish-Ttl
CloudFront-Viewer-Country
Kp-EeAlive
L
X-Viewer-Country
X-Via-NSCOPI
X-Request-URI
X-Sn-Servicetimems
X-VarnishDD-TTL
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Release
Req-Svc-Chain
X-CGP
CDCHOST
X-Httpd
X-Csrf-Jwt
X-Datadog-Parent-Id
Origin
Origin-CC
X-Region-Sid
X-Eu-Site
X-Platform
X-Pod-Name
X-Gamma-Serve
X-Generated-On
X-GeoIP-City
X-Level-Front-Cache
X-HN
X-Minions-Version
X-Policy
X-Proxy-Cache-Info
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Svr
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Forwarded-Site
X-Qloud-Router
X-Cdn-Origin
Origin-EX
L5d-Success-Class
X-Loc
Locid
X-Pool
X-Dispatcher-Number
X-Aicache-OS
X-CacheTTL
Gh-Request-Id
Ha-Gx-Prefs
X-Rocket-Nginx-Serving-Static
X-Served-From
V-Age
X-Thinkindot-L3
X-VServer
Vix-Hermes-Req-Id
Redirect-Candidate
N-Cache
PFcat
X-Skip-Cache
X-Cache-Date
HA-Ipaddr
Thinkindot-Control
Traceparent
X-BBC-Edge-Cache-Status
Fastly-SIE
X-Branch-Name
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Fastcgi-Cache-TTL
TDXMobile
Ssr
X-Auto-Login
Cluster
Fastly-SWR
Server-Ext
X-Via-Ucdn
X-Men
Server-Hostname
Arc-Country
X-Optimistic-Header
HostName
X-SIPLIST1
X-IPLB-Request-ID
X-EC-Lua
IsBot
Sever-Int
X-Scale
X-Xrds-Location
NGX
DSUID
X-TraceId
X-CS
AMP-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Old-Content-Length
X-Response-By
X-Owner
X-NC
X-Refresh
Ohc-File-Size
Pics-Label
X-VC
X-Srv
X-RSL
X-RPS
X-DW
X-RPM
X-Tb-Optimization-Total-Bytes-Saved
X-Parent-Response-Time
Time
Memory
X-DB
X-DSS
X-DI
X-Newrelic-Synthetics
X-Udemy-Cache-App-Namespace
X-Akamai-Transformed
X-Ah-Environment
X-Tt-Logid
X-Wikidot-Backend
X-Date
Candidate-Md5Url
Servername
X-Edge-Pop
X-Wikidot-Static-Cache
Env
X-Accel-Expires-Debug
X-Ad-Defer-Variation
X-CACHE-KEY
Datacenter
X-LB-NoCache
X-BCube-Filmed-By
X-Mvc-Supplant-OutputCached
Cache-Key
X-TIME
Ms-Author-Via
VNS-Age
VNS-Cache
XM
X-SplitTest
CPC-Cache
CPC-Age
GEO-INFO
X-Generated-In
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Cache-Status-Check
Geo-Info
X-Cache-Debug
X-Varnish-Authentication
X-Via-Popn
X-Via-Popv
Fastly-Backend-Name
GeoIp-Country-Code
X-Amz-Meta-Cb-Modifiedtime
X-Via-Poph
X-WA-Info
X-Micro-Cache
X-API-Version
X-S-Maxage
Path
X-Servedbyhost
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-AIR-PT
Geoip-Latitude
X-Presslabs-Stats
ITXSESSIONID
X-HA-Backend
Lb
CacheControlHeader
Ohc-Cache-HIT
X-RateLimit-Reset
X-Vc
Cache-Host
X-Action
X-VCL-Version
True-Client-Country-4JS
X-TH-Server
Client
Server-ID
X-Backend-TTL
True-Client-IP
Ngx.Var.Host
X-VHOST
X-Cs
Hostname
FSS-Cache
XkeyRZ
X-Proxy-CacheRZ
X-Varnish-Beresp-TTL
X-Api-Version
X-Trace-ID
X-DC
X-Req
X-Clientip
Edge-Cache
Powered-By
X-Provided-By
My-App
X-TX-ID
X-FireWall-Port
X-Fpc
X-Zone
X-Webkit-Csp-Report-Only
X-Pass-Why
X-NGINX-Cache
X-Origin-Upstream-Status
X-FPC
X-B3-Spanid
X-PX
X-Varnish-Beresp-Ttl
NtCoent-Length
X-Up
X-CSRF-TOKEN
X-Dmc
X-MSEdge-Features
Test
X-Traceid
X-LB-ID
X-MSEdge-Flight
Cf-Int-Pingora-Origin-Digest
DataCenter
X-Cdn-Request-ID
X-HS-Status
X-Dynatrace
X-INCAP-ABP
X-Render-Time
X-Correlation-ID
X-Beluga-Trace
X-Webkit-CSP-Report-Only
Rip
Server-Id
C-Via
X-LI-UUID
X-Beluga-Record
X-Beluga-Response-Time
User-Agent
X-Beluga-Node
X-Beluga-Cache-Status
X-Li-Fabric
X-UnsetCookies
X-Beluga-Status
X-Li-Pop
X-Vcl-Version
X-Ha-Backend
Srvid
X-ND-Cache
Tube-Got-Eval
WZWS-RAY
X-Service
Tube-Got-Results
Tube-Return
Proxy-Connection
Click-Count-Action-Start
Click-Count-Error
X-Gateway-Cache-Status
X-Gateway-Request-Id
Tube-Get-Contents
OT-Force-Account-Verify
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-CLOUD-TRACE-CONTEXT
X-M-Reqid
X-Time-Microsecs
Resin-Trace
Esi-Enabled
HIT
X-URL
X-CUA
X-ServedByHost
X-Qnm-Cache
X-Alfa-Service
X-Via-PopV
X-DynaTrace-JS-Agent
X-Via-PopN
X-Via-PopH
X-RAMCache
X-M-Log
X-Geo
X-Check-Cacheable
Tcn
X-Fragments
On-Server
GeoIP-Country-Code
Uri
X-Platform-Cluster
Tracecode
X-Platform-Router
Cf-Device-Type
GeoIP-Latitude
X-Platform-Processor
Target-Params
Sid
X-Akamai-Pragma-Client-IP
MIME-Version
X-Proxy-Cache-Hk
Epwk-X-Cache
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Azure-Ref-OriginShield
X-Sucuri-ID
X-Sucuri-Cache
X-FC-Vary-Parameters
X-Fastly-Backend
X-Fetch-By
X-ATG-Version
X-LI-Proto
X-Var-Ttl
Srv
Lfy
X-TRACE-ID
Fastly-Drupal-HTML
X-Cdn-Forward
ENV
X-Backend-Host
X-Fastly-Backend-Reqs
X-APP
Cdn
X-ID
X-LiteSpeed-Cache-Control
X-Esi
Magicmarker
X-Lb-Nocache
ServerName
X-B3-Traceid-Primal
X-NU-AKA-ACS-Version
X-Cache-Expires
X-Li-Proto
X-App
X-Backend-State
X-Varnish-Beresp-Status
WebServer
XServer
X-Edge-POP
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-Srcache-Store-Status
X-HostName
X-MG-S
X-Srcache-Fetch-Status
X-Yottaa-OS
PICS-Label
Inserted-Into-Cache-At
CF-Cached-On
X-Newrelic-App-Data
X-ElasticPress-Query
X-Iplb-Request-Id
X-CF-Powered-By
X-Acquia-Application-Trace
X-Acquia-Application-UUID
D-Url-Rewrites
X-Iplb-Instance
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
X-Acquia-Site
X-Request-Start
X-Serial
Server-Ttl
X-Cache-CFC
Wpo-Cache-Message
X-Acquia-Purge-Tags
X-Vcache
Cf-Ipcountry
Wpo-Cache-Status
X-Nc
M-TraceId
Servedby
Warning
X-Fastly-Cache-Hits
Fastcgi-Cache-Ttl
Vha6-Origin
X-Wp-Cf-Super-Cache
X-Vercel-Id
URI
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Cache
Content-Style-Type
X-IN-APIGATEWAY
X-B3-Parentspanid
X-Dist-Code
X-BBC-Origin-Response-Status
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
X-Snapshot-Date
Ngx
Cneonction
X-Request-Url
X-Release
X-Thanos
Content-Script-Type
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
X-Dw-Trace-Id
X-Bip
X-Swift-Error
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Tag
CountryCode
X-Request-URL