Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
Report-To
X-Age
X-Proxy-Cache
X-Backend
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
NEL
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
Accept-CH
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-B3-TraceId
X-Cloud-Trace-Context
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-TtlSet
Allow
X-PC
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Server-Name
X-ESI
Fastly-Restarts
X-Aws-Lambda-Call-Status
Cache-Tag
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-Vcap-Request-Id
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Px
RTSS
X-Navigation-Version
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Origin-Cache
AR-Request-ID
AR-CACHE
AR-SID
AR-ATIME
X-Powered-CMS
AR-PoweredBy
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Version
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-Kinsta-Cache
X-Edge-Location-Klb
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Nginx-Cache
Accept-Ch
X-Edge
X-TTL
X-RateLimit-Remaining
Mrf-Cache-Status
TCN
MRF-Tech
X-B3-TraceId-Primal
X-Protected-By
X-T
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
S
Content-MD5
X-Aspnetmvc-Version
Edge-Cache-Tag
X-CST
SPRequestDuration
SPIisLatency
Fastcgi-Cache
X-Language
X-Mid
X-Ruxit-Js-Agent
Front-End-Https
Realpath
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Pinterest-Version
Pinterest-Generated-By
Filters
X-Pinterest-Rid
X-DynaTrace
X-Ttl
Server-Node
X-MCACHE
Server-Name
X-Frontend
X-Ua-Browser
X-Ab
X-Content
X-Correlation-Id
X-Ser
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-NWS-LOG-UUID
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Cache-Key
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
X-Template
X-Hits
X-ECACHE
X-Parallel-Accel
X-Tt-Trace-Host
Alternate-Protocol
X-Tt-Trace-Tag
Cache-Tags
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Page-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Content-Source
Cleartype
X-B3-Sampled
Host
Charset
X-Git-Hash
X-Www-Served-By
X-Server-ID
X-Content-Options
X-Geo-Country
X-Debug-Info
X-Daa-Tunnel
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Fastly-Request-Id
X-Ratelimit-Limit
X-Content-Digest
X-Hostname
X-Amz-Replication-Status
X-Varnish-Age
Filterid
X-Az
X-AppVersion
X-Activity-Id
X-Accel-Expires
X-FB-Debug
X-Upgrade-Enabled
X-VCache
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Grace
X-N
X-WebKit-CSP-Report-Only
X-F-Cache
ServerID
X-Origin-Server
X-Rid
Access-Control-Allow-Method
X-Nginx-Upstream-Cache-Status
TP-Cache
TP-L2-Cache
X-Mobile-URL
X-Flags
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-XRDS-LOCATION
X-Aspnet-Duration-Ms
X-LB-Cache
X-TT
X-Whom
Viewport
X-Type
X-Seen-By
X-App-Environment
X-Varnish-Grace
X-Tb
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-FW-Serve
Node
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-FW-Server
X-FW-Static
Payment
X-Distributor
Paypal-Debug-Id
DC
X-User-Agent
X-App-Server
X-DataDome
Fastcgi-Useragent
X-Wix-Request-Id
Accept-Charset
Country
X-Oneagent-Js-Injection
X-NGENIX-Cache
X-Cache-Control
X-Cache-Rule
X-Origin-Upstream-Status
X-Litespeed-Cache
X-Ratelimit-Reset
X-Fastcgi-Cache
Version
X-Request-Handler-Origin-Region
X-Microsite
X-Via-JSL
X-Logged-In
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Drupal-Cache-Tags
Referer-Policy
X-Fastly-Request-ID
X-Cluster-Name
X-Webkit-Csp
X-Cache-Age
X-Signature
X-B-Cache
X-Webkit-CSP
X-Browser-Type
Refresh
X-Contextid
X-Erf-Bev-Bev
Cache-Status
X-Buckets
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
X-Load-Cache
SD-X-WS
Amp-Access-Control-Allow-Source-Origin
X-Response-Served-From
VIX-Pulpo-Upstream-Status
X-Node-Name
VIX-Pulpo-Node
X-Original-Request-Id
X-Cache-Expired-At
X-Real-IP
X-Mobile
X-Vgn-Hpd-Reason
X-Is-Bot
X-Rendered-As
X-Page-View
X-IPLB-Instance
Access-Control-Request-Headers
NGB
X-Debug
X-Cacheable-TTL
X-Jobs
X-B
X-Proxy-Cache-Status
X-Yottaa-Metrics
X-Proxy
X-Yottaa-Optimizations
X-Device-Type
X-ProcessESI
X-Revision
X-UUID
X-Rule
X-Instance
X-RemovedCookies
Akamai-GRN
X-Cache-Action
Surrogate-Key
X-Drupal-Cache-Contexts
X-Framework
X-Debug-IsPreview
X-Cache-Time
X-Debug-IsConnected
X-FW-Version
X-G
CF-IPCountry
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
DynaTrace
X-Azure-Ref
X-XRDS-Location
SID
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Presslabs-Stats
X-Accel-Buffering
GEO-INFO
Liferay-Portal
X-Source
X-PressLabs-Stats
X-Ms-Version
X-Ms-Request-Id
Count-Hit
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Uber-Trace-Id
X-Cache-Operation
X-Nginx-Cache
X-Cache-NGX
Frame-Options
X-APP-VERSION
Healthy
Ms-Operation-Id
X-RTag
X-CDN-Forward
MS-CV
X-EdgeConnect-Cache-Status
X-Zen-Fury
X-Cache-Hit
Protected
Countrycode
Xserver
X-Backend-Name
X-Environment-Context
X-Tumblr-Pixel-1
X-Varnish-Server
X-L-Path
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Mode
Cross-Origin-Window-Policy
Ec-Rule-Version
X-IPS-LoggedIn
X-Cache-TTL-Remaining
X-Forwarded-Host
X-Region
X-Servername
X-Hyper-Cache
Backend
X-Rewrite-Enabled
X-RN-RSRV
X-SaId
Meta-Geo
X-Detected-As
X-UPSTREAM-Address
X-Tid
X-RateLimit-Limit
X-Adobe-Loc
X-JoinUs
X-Adobe-Content
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Eomportal-Instance
Apigw-Requestid
LB
X-Cache-Grace
X-Content-Age
Country-Code
Section-Io-Cache
X-Debug-Cache
X-Ratelimit-Remaining
X-Routing-Service
X-Hosted-By
X-Sql-Duration-Ms
X-Shopify-Stage
X-Zipkin-Id
X-ShardId
X-ShopId
X-Uri
X-Sorting-Hat-ShopId
X-Sql-Count
X-Sorting-Hat-PodId
X-Proxied
X-Alternate-Cache-Key
X-Cache-Server
X-Extlb
X-Content-Powered-By
X-Redis-Cache
X-Generation-Time
X-PERF
X-NCache
X-Origin-Date
X-Via-Fastly
X-No-Session
X-PHP-Backend
X-Human
X-FB-TRIP-ID
X-ApacheServer
X-Format
Mn-Server-Ip
X-Status
Fastly-SSL
X-Varnish-Beresp-Grace
Cache-Name
X-Site-Version
X-ServerID
Url
X-Cluster-Node
X-Cache-Type
X-Cache-Host
X-BYPASS-REASON
X-NewRelic-App-Data
X-NYM-Debug-Backend
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Origin-Hint
Cache-Tv-Group
X-Akamai-Edgescape
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Selected-Fe
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
Property-Id
X-Pubstack
X-Access
X-OCL
X-PCL
X-Section
X-UA-Device-Type
X-Microcachable
X-Timing-Wait
X-Storage
X-Server-W
Content-Disposition
CDN-CachedAt
CDN-Cache
CDN-Uid
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-PullZone
X-Say-Cacheable
X-Varnishpool
X-Trace-Id
X-Web-Node
X-R9-Blue-Green-Version
X-Say-TTL
X-Hl-Ver
X-SayCDN-TTL
CDN-RequestId
X-Generated-By
X-Azure-Ref-OriginShield
Azure-Version
Content-Secure-Policy
X-Be
X-Soup
X-TIME
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Ua
DB-Nickname
X-LSADC-Cache
WPO-Cache-Status
WPO-Cache-Message
OT-Force-Account-Verify
Retry-After
X-Nginx-Cache-Key
X-Dc
X-Cached-By
SRV
Source
X-Bc-Bl
Cache
X-Unique-Id
X-SRV
X-TT-LOGID
X-Auto-Login
X-LAGOON
X-Platform-Server
X-Cache-Remote
X-Xfnlog-Site
Cache-Hits
X-Varnish-Hits
X-Akamai-Transformed
X-GEO
X-Loop
X-Cache-Tags
ServedBy
X-HTML-Minification-Powered-By
X-ECache
X-Varnish-Hostname
X-Origin-CC
X-TNCMS
X-Origin-TTL
X-App-Version
X-S-Maxage
Mime-Version
X-Cdn
Onion-Location
X-Varnish-Cache-Hits
HostName
Upgrade-Insecure-Requests
X-Amz-Meta-S3cmd-Attrs
Xet-Cookie
X-Request-Time
From-Origin
X-Tumblr-Pixel-2
X-CSRF-Token
Webserver
Web-Mar-Node
X-Tumblr-Pixel-3
X-AOL-HN
X-EC-Lua
WP-Super-Cache
X-Request-Host
X-Proto
X-Time
N-Cache
X-NWS-UUID-VERIFY
X-Tenant
X-Endurance-Cache-Level
X-VWS-Id
X-LJ-Flow-ID
X-Cache-Enabled
X-FireWall-Port
X-AWS-Id
X-GG-Cache-Date
X-Handled-By
X-Time-Microsecs
X-Cache-Var-Map
X-Cache-Var
X-Edge-Location
X-B3-SpanId
X-Origin-Response-Time
X-Forwarded-Path
V-Age
Odigeo-Trace-Id
Vix-Hermes-Req-Id
X-Vtex-Remote-Cache
Meta-Geo-Continent
X-Cache-NE
X-External-Request-Id
Xc-Version
X-Destination
Mobile-Detection-Method
X-Cluster
X-Processor
X-Planisys-CDN-TTL
X-Conf
User-Cache-Control
Pramga
BehaviorPad-Version
X-ND-Cache
Surrogated-Key
A
X-D
X-NAPM-TraceId
DCR-Decision-By
Fastcgi-X-Cache-Version
X-Ftr-Request-Id
Expiry
Sslversion
DCR-Processing-Time-Ms
X-Orig-Expires
X-Block-Status
X-Gen-Mode
X-Ig-Push-State
X-B-Cookie
X-Planisys-CDN-Cache
X-Vtex-Processado-Em
Redirect-Candidate
X-PBS-Appsvrname
Rendered-Blocks
X-Hnp-Log
X-Rojux
X-PAYTM-SRV-ID
X-Planisys-CDN-Rules
X-Application
X-TIM-N
X-VG-WebCache
X-V-Cache
X-Session-Fingerprint
Nel
X-Via-NSCOPI
X-A-Wwc
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Shop-Environment
X-Slack-Backend
X-Vdms-Version
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-SRCache-Key
X-A
X-Correlation-ID
X-ScT
X-SD-PageType
X-Vdms-Path
X-S
X-ARC
X-Connection-Hash
X-Aicache-OS
X-S-Cookie
X-Mg-Request-UUID
X-Developer
X-Aed
X-Ckpd-Fst-Backend
CloudFront-Viewer-Country
X-Magnolia-Registration
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Adobe-Source
X-Labrador-Cache-Channel
X-RCS-CacheZone
X-MP-GENERATED-AT
X-Reqid
X-PHP-Host
X-Men
AKAMAI
Origin
CDCHOST
Arc-Country
X-Mvc-Supplant-Cachable
CacheControlHeader
X-Hash
X-Backend-TTL
X-Li-Fabric
Host-ID
DSUID
X-Accel-Expires-Debug
Fastcgi-Cache-TTL
X-Gdpr
X-Li-Pop
Cmsid
State
Cmstype
Gh-Request-Id
X-LI-UUID
X-Location
Svr
X-Proxy-Upstream
X-Cache-Bucket
X-Cdn-Srv
X-Webstats-RespID
X-Server-IP
X-Policy
X-Fastly-Cache
X-Scheme
X-Request-URI
True-Client-Country-4JS
X-Cache-Date
X-Date
X-Geo-Header
X-Epic-Correlation-Id
X-Forwarded-Site
X-Origin-Expires
X-Origin-Time
Wxu-Next-Commit
X-SVT-ORM-VERSION
X-Old-Content-Length
X-NodeID
X-Nyt-Route
X-Viewer-Country
X-Sucuri-ID
X-SVT-ORM-RULES
Wxu-Next-Region
X-Sucuri-Cache
Wxu-Next-Hostname
Environment
PFcat
X-Developers
Origin-EX
X-Eu-Site
Origin-CC
X-Esi-Check
We-Hiring
X-Generated-On
X-Fetched-On
Server-Host
Web-Mar-Region
Ssr
X-Envoy-Decorator-Operation
X-Datadog-Trace-Id
X-Gamma-Serve
X-Fastly-Backend
Traceparent
Release
X-Device-Os
X-Csrf-Jwt
X-Skip-Cache
X-Served-From
X-Cache-Info
X-Sn-Servicetimems
X-Storefront-Renderer-Rendered
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Cache-Id
X-Cache-Debug
X-Rocket-Nginx-Serving-Static
X-Core-Value
X-Origin
X-TH-Server
X-Cdn-Origin
X-VarnishDD-TTL
X-Core-Mission
Apple-News-Services-Host
Apple-News-Services-Handled
X-VServer
Apple-News-Services-Parsed-Url
X-Varnish-Beresp-Status
X-UnsetCookies
X-TrackingId
Apple-News-Services-Request-Url
X-CGP
AMP-Access-Control-Allow-Source-Origin
X-VG-TLSProxy
X-Request-Start
HA-Ipaddr
X-HN
Ha-Gx-Prefs
X-HS-Content-Campaign-Id
X-Irp-Debug
L
L5d-Success-Class
X-Gzip
X-GeoIP-City
Mail-Subject
Machine
Locid
X-Datadog-Sampling-Priority
X-Backend-State
X-RateLimit-Limit-Second
Fastly-Drupal-Html
X-RateLimit-Remaining-Second
X-Region-Sid
X-Req
X-Branch-Name
X-Platform
X-Level-Front-Cache
X-Locale
X-Datadog-Parent-Id
Server-Info
X-GeoIP
S-Rt
X-BBC-Edge-Cache-Status
X-Thinkindot-L3
X-Response-By
X-Rocket-Build-Number
X-Sigma
Req-Svc-Chain
Fastly-GeoIP-CountryCode
X-Varnish-Remaining-TTL
X-Worker
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
X-Sigma-Backend
X-Rebelmouse-Surrogate-Control
X-Has-Esi
X-Is-Gdpr
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
X-DefHash
X-JWT-State
X-Node-Id
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Pod-Name
X-Owner
X-NU-AKA-ACS-Version
X-DefElseHash
TDXMobile
Memcached
Is-Eu
NM-Fastcgi-Cache
Platform
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Fastly-SWR
Fastly-SIE
X-Qnm-Cache
X-VC-Cache
X-M-Reqid
X-M-Log
Adler-Geo
Thinkindot-Control
Cf-Device-Type
X-Amzn-Remapped-Content-Length
X-ATG-Version
X-Xrds-Location
NGX
X-Thanos
X-Zone
X-Mvc-Supplant-OutputCached
Magicmarker
X-Akamai-Request-ID2
X-Bip
X-Tx-Id
X-Loc
X-Http-Reason
X-Ua-Device
X-Varnish-Beresp-Ttl
X-Restarts
X-CS
X-API-Version
X-TraceId
X-NC
X-CLOUD-TRACE-CONTEXT
Kp-EeAlive
X-LB-ID
CDN
X-Cache-Config
X-Up
X-Generated-In
Pics-Label
Time
X-DSS
X-DW
X-RPM
X-RPS
X-LB-NoCache
X-Cache-Backend
X-CACHE-KEY
Edge-Cache
X-RSL
Ms-Author-Via
X-DI
Memory
X-Wix-Viewer-Type
X-Action
X-Trace-ID
X-DB
X-Tt-Logid
X-Tb-Optimization-Total-Bytes-Saved
X-Refresh
Env
Accept-Language
X-Edge-Pop
X-Optimistic-Header
X-Via-Popn
X-Via-Poph
X-Via-Popv
Candidate-Md5Url
X-Minions-Version
Datacenter
WebServer
X-CacheTTL
GeoIp-Country-Code
X-Varnish-Ttl
NtCoent-Length
X-Datadome
X-Vc
X-DynaTrace-JS-Agent
X-Srv
On-Server
Locale
X-HA-Backend
X-DC
X-Urbn-Context-Path
X-Urbn-Site-Id
WWW-Authenticate
X-ZONE
X-MSEdge-Flight
X-MSEdge-Features
X-Servedbyhost
X-Cs
X-Varnish-Beresp-TTL
X-Esi
Esi-Enabled
X-Parent-Response-Time
X-Ec-GeoHdr
X-Unique-ID
X-Ec-Fail
X-User
Server-ID
X-TX-ID
X-Service
C-Via
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Cache-PHP
X-VCL-Version
X-AK-Request-ID
Cdncip
Cdnsip
X-B3-Spanid
X-App
X-LI-Proto
X-Cache-Ttl
X-FPC
X-Li-Proto
X-Dynatrace
X-URL
Geoip-Latitude
X-Render-Time
Test
My-App
Cluster
X-WADP-Cache
X-Webkit-Csp-Report-Only
X-Clara-WADP
X-Fpc
X-Cache-Status-Check
X-Fmm-Version
X-LiteSpeed-Cache-Control
X-Traceid
X-CUA
X-Var-Ttl
Tracecode
Geo-Info
X-Vcl-Version
X-NODE
Proxy-Connection
X-Pass-Why
Cf-Int-Pingora-Origin-Digest
X-Webkit-CSP-Report-Only
Lfy
X-From
DataCenter
T-Server
Server-Id
X-Mcache
Fastly-Drupal-HTML
Lang
M-TraceId
X-Fragments
X-CSRF-TOKEN
Resin-Trace
X-LiteSpeed-Tag
X-Clientip
Hostname
X-Ha-Backend
Target-Params
X-AIR-PT
X-Info
X-Oss-Request-Id
X-Oss-Object-Type
X-ID
X-Oss-Hash-Crc64ecma
X-ServedByHost
X-VC
X-B3-Traceid
Cache-Host
X-Oss-Server-Time
X-Oss-Storage-Class
X-WP-CF-Super-Cache
X-Geo
X-WP-CF-Super-Cache-Cache-Control
UCS
HIT
MIME-Version
X-NGINX-Cache
X-Pad
X-Via-PopH
GeoIP-Country-Code
Hit
X-RAMCache
S-Cnection
X-Via-PopV
X-Via-PopN
X-Provided-By
X-Dynatrace-Js-Agent
Ohc-File-Size
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Proxy-Cache-Info
ENV
X-Cdn-Forward
Tcn
Permissions-Policy
X-Edge-POP
X-Httpd
X-Api-Version
X-ElasticPress-Query
User-Agent
Producers
X-Micro-Cache
Load-Balancing
X-HS-Status
Servername
WZWS-RAY
X-Edge-Cache
X-Check-Cacheable
Fastly-Backend-Name
X-UP
X-Cache-CFC
FSS-Cache
X-ServerName
X-Ucs
X-Backend-Host
X-Fastly-Backend-Reqs
X-SB
X-Release
X-BBC-Origin-Response-Status
X-HostName
X-BCube-Filmed-By
Uri
X-Lb-Id
X-GoCache-CacheStatus
X-Acquia-Site
X-Udemy-Cache-App-Namespace
Wpo-Cache-Status
X-Acquia-Purge-Tags
PICS-Label
Wpo-Cache-Message
X-Acquia-Application-UUID
X-Lb-Nocache
ServerName
X-Platform-Cluster
URI
X-Platform-Processor
X-Pool
X-APP
X-Platform-Router
X-Acquia-Application-Trace
Sid
X-TRACE-ID
X-Swift-Error
X-Scale
Ohc-Cache-HIT
X-Ec-Custom-Error
X-Fastly-Cache-Hits
Cdn
X-RateLimit-Reset
Cteonnt-Length
EpKe-Alive
Server-Ttl
Cneonction
X-Cdn-Request-ID
X-Nc
X-Dw-Trace-Id
X-Cache-Expires
X-SIPLIST1
X-B3-Parentspanid
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Dispatcher-Number
MD5-Digest
X-Akamai-ERRuleID
X-Akamai-ERPolicy
IsBot
Server-Ext
Server-Hostname
Sever-Int
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Amz-Meta-Cb-Modifiedtime
X-Apw-Hits
X-WA
X-Cache-ASPX
Shield-Pop
X-WA-Info
VNS-Cache
VNS-Age
X-Litespeed-Cache-Control
X-Vcache
X-Newrelic-App-Data
Cf-Ipcountry
Cache-Key
CPC-Cache
CPC-Age
X-Contensis-Viewer-Groups
Path
X-Snapshot-Date
Vha6-Origin
X-B3-ParentSpanId
CF-Cached-On
X-Yottaa-OS
X-Cache-Ngx
X-Air-Pt
Lb
X-Sentry-ID
X-Te-Count
X-Te-Duration-Ms
X-Http-Duration-Ms
CountryCode
X-Varnish-Authentication
Req-ID
X-Http-Count
X-Shopify-Generated-Cart-Token
X-ES-SERVER
X-Logging-Id
X-Last-Modified
X-Wikidot-Backend
X-Akamai-Request-ID
Ngx
X-Akamai-Pragma-Client-IP
X-UA
X-CacheKey
X-Wikidot-Static-Cache