Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Akamai-Path-Stats
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-UA-Device
X-Amz-Id-2
X-Proxy-Cache
Host-Header
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
X-CST
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Url
X-Country
Accept-Ch
Accept-Ch-Lifetime
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-PC
X-TtlSet
X-Vname
RTSS
X-Varnish-TTL
X-Amz-Server-Side-Encryption
Edge-Control
X-VARITI-CCR
X-FastCGI-Cache
X-Server-Name
X-ESI
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Edge
X-Dw-Request-Base-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Amz-Rid
X-Px
Public-Key-Pins
X-ASPNET-VERSION
X-B3-TraceId
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Ac
X-Powered-By-Plesk
Display
Verso
Pagespeed
X-Middleton-Display
X-Sol
X-Abt-Application-Version
X-RateLimit-Remaining
X-Element-Page-Cache
X-Client-IP
X-Content-Security-Policy-Report-Only
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Ttl
X-Litespeed-Cache
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Middleton-Response
Response
X-Goog-Hash
SPRequestDuration
Access-Control-Request-Method
SPIisLatency
X-Cached
X-Kinsta-Cache
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
AR-PoweredBy
AR-Request-ID
AR-SID
AR-CACHE
AR-ATIME
X-Powered-CMS
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Correlation-Id
X-Upstream
X-LLID
Edge-Cache-Tag
X-Forwarded-For
X-TTL
X-NWS-LOG-UUID
Content-MD5
X-Cache-Key
Nginx-Cache
X-Id
X-Ruxit-Js-Agent
X-WebKit-CSP-Report-Only
X-RateLimit-Limit
X-Shield-Request-Id
X-MSEdge-Ref
TCN
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Mrf-Cache-Status
MRF-Tech
X-T
X-Recruiting
S
X-ECACHE
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Content-Digest
X-Mg-S
X-DataDome
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ua-Device
X-Grace
TP-L2-Cache
TP-Cache
X-Accel-Expires
X-DynaTrace
X-Frontend
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Request-Received
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
Server-Node
X-Ab
X-Content
X-Ua-Browser
Front-End-Https
Filters
X-Protected-By
X-PressLabs-Stats
X-Origin-Server
X-Mcache
X-Distributor
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Hits
MS-Author-Via
Fastcgi-Cache
X-Geo-Country
X-LB-Cache
X-Microsite
X-Mid
X-Request-Handler-Origin-Region
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
Charset
Host
Cleartype
X-Webkit-Csp
X-Debug-Info
X-F-Cache
X-Forwarded-Proto
X-Page-Id
X-Fastly-Request-Id
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Git-Hash
Cache-Status
X-Cache-Age
X-Seen-By
Realpath
X-AppVersion
X-Az
X-DIS-Request-ID
X-Activity-Id
Access-Control-Allow-Method
X-Ratelimit-Reset
X-Www-Served-By
Accept-Charset
X-Webkit-CSP
X-Nginx-Upstream-Cache-Status
ServerID
Filterid
X-Server-ID
Permissions-Policy
X-Varnish-Age
Cache-Tags
Pinterest-Generated-By
X-Pinterest-Rid
X-Aspnetmvc-Version
Pinterest-Version
X-Cluster-Name
X-Rid
X-Content-Options
X-FB-Debug
X-Type
Retry-After
X-Varnish-Backend
Server-Name
Country
X-User-Agent
X-Varnish-Grace
X-App-Environment
Viewport
DC
X-Aspnet-Duration-Ms
X-B-Cache
X-Providence-Cookie
X-Drupal-Cache-Tags
X-Flags
X-Wix-Request-Id
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Tb
X-Signature
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
X-B
X-Whom
X-TT
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Language
X-Goog-Metageneration
Node
X-Goog-Generation
X-VCache
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Debug
Fastcgi-Useragent
X-Origin-Cache
X-XRDS-LOCATION
X-Midtier
X-Mobile-URL
Protected
X-NWS-UUID-VERIFY
X-Amz-Replication-Status
Payment
X-N
X-Logged-In
X-Cache-NGX
Amp-Access-Control-Allow-Source-Origin
X-Load-Cache
Surrogate-Key
X-Oracle-Dms-Ecid
WPO-Cache-Status
WPO-Cache-Message
X-Cache-Control
X-Oracle-Dms-Rid
Count-Hit
X-Contextid
X-MCACHE
X-Via-JSL
Alternate-Protocol
Healthy
X-Node-Name
X-ECache
X-Restarts
X-Mobile
X-NGENIX-Cache
X-Erf-Bev-Bev
X-Browser-Type
X-B3-Traceid
X-Erf-Bev-Bev-Is-Generated
X-Proxy
Content-Disposition
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-Original-Request-Id
SD-X-WS
X-Response-Served-From
Refresh
X-Jobs
Akamai-GRN
X-G
X-XRDS-Location
Url
X-Cache-Time
X-Zen-Fury
X-Cache-TTL-Remaining
X-UUID
X-Akamai-Request-ID2
X-Real-IP
X-Servername
X-Revision
X-Adobe-Content
X-Adobe-Loc
Uber-Trace-Id
X-Page-View
X-Framework
X-Instance
X-Cache-Grace
X-Debug-IsConnected
NGB
VIX-Pulpo-Node
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
X-Debug-IsPreview
X-Drupal-Cache-Contexts
X-Http-Reason
X-Is-Bot
X-Proxy-Cache-Status
X-Rendered-As
X-Mg-Request-UUID
X-Device-Type
X-Template
X-Varnish-Server
Access-Control-Request-Headers
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Hostname
X-L-Path
X-Environment-Context
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-EdgeConnect-Cache-Status
Version
X-Source
Frame-Options
Accept-Language
X-RTag
MS-CV
Countrycode
Ms-Operation-Id
Liferay-Portal
Referer-Policy
X-Trace-Id
X-Oneagent-Js-Injection
X-NYM-Debug-Backend
X-Datadome
X-Fastly-Request-ID
X-Cache-Hit
X-Cache-Rule
X-App-Server
X-Ratelimit-Remaining
X-Cache-Expired-At
From-Origin
Cross-Origin-Window-Policy
X-Vgn-Hpd-Reason
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Backend
X-IPS-LoggedIn
X-Nginx-Cache
X-Hosted-By
X-APP-VERSION
X-Unique-Id
X-COUNTRY
X-FW-Version
Content-Secure-Policy
X-ProcessESI
Section-Io-Cache
X-Status
Meta-Geo
X-RemovedCookies
WP-Super-Cache
X-UPSTREAM-Address
Load-Balancing
Upgrade-Insecure-Requests
X-RN-RSRV
CF-IPCountry
X-Ratelimit-Limit
X-Cache-Server
X-PCL
X-Generation-Time
X-Ua
X-OCL
X-FB-TRIP-ID
X-No-Session
Fastly-SSL
X-LJ-Flow-ID
X-UA-Device-Type
X-Content-Age
Mn-Server-Ip
Property-Id
X-Redis-Cache
X-Be
X-PHP-Host
X-Server-W
X-Origin-Hint
X-Origin-Date
X-Format
X-Labrador-Cache-Channel
X-PHP-Backend
X-Cluster-Node
X-Region
Apigw-Requestid
X-Sql-Count
X-Sql-Duration-Ms
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Section
TWC-GeoIP-Country
X-Via-Fastly
X-Request-Time
X-VWS-Id
X-Varnish-Cache-Hits
Webcakes-App-Version
Webcakes-App-Name
X-Access
TWC-Privacy
Webcakes-Region
X-Akamai-Edgescape
X-AWS-Id
X-Mode
X-Cache-Enabled
TWC-Connection-Speed
TWC-Device-Class
S-Rt
X-AOL-HN
X-Sorting-Hat-ShopId
X-Content-Powered-By
X-Locale
X-Generated-By
X-Forwarded-Host
X-Adobe-Source
X-Debug-Cache
Azure-RegionName
X-ApacheServer
X-Cache-Tags
Locale
X-Sorting-Hat-PodId
X-Cache-Host
Eomportal-Instance
X-Human
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
X-Cms-Context
X-ShardId
X-Platform-Server
X-Uri
X-Nginx-Cache-Key
X-Urbn-Site-Id
X-Storage
X-Urbn-Context-Path
X-Shopify-Stage
X-VC-Cache
X-Alternate-Cache-Key
X-PERF
X-Xfnlog-Site
X-SayCDN-TTL
X-ShopId
X-Site-Version
X-Say-TTL
X-Say-Cacheable
X-Routing-Service
X-BYPASS-REASON
X-GeoCode
X-GeoCountry
X-GG-Cache-Date
X-ProxyCache-Key
X-Varnishpool
X-Web-Node
X-Extlb
X-Zipkin-Id
X-ProxyCache-Status
X-Handled-By
X-Backend-Name
X-Hl-Ver
X-Cache-Type
X-SaId
X-JoinUs
X-Dc
X-Detected-As
X-ServerID
X-Proxied
X-Tid
X-Edge-Location
X-Storefront-Renderer-Rendered
Selected-Fe
X-Proto
X-Timing-Wait
Cache-Tv-Group
X-Proxy-Build
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestId
Ec-Rule-Version
CDN-Uid
CDN-PullZone
X-NewRelic-App-Data
CDN-Cache
CDN-EdgeStorageId
ServedBy
Fastly-Drupal-Html
X-CDN-Forward
X-Cache-Action
Web-Mar-Node
Onion-Location
X-LSADC-Cache
X-App-Version
Webserver
X-GEO
X-IPLB-Request-ID
X-Cached-By
X-Magnolia-Registration
X-Varnish-Hostname
SRV
Cache-Hits
X-Parallel-Accel
X-Hyper-Cache
X-Cache-Remote
X-Cluster
X-Cache-Operation
X-Envoy-Decorator-Operation
X-Air-Source
X-Air-Hostname
X-Tt-Logid
X-Air-Trace-Id
X-Fastcgi-Cache
Mime-Version
X-Rewrite-Enabled
X-Varnish-Hits
X-Soup
SID
X-Rule
X-Cdn
X-Origin-CC
X-Origin-TTL
Xserver
Xet-Cookie
X-Pubstack
X-Accel-Buffering
X-Reqid
Server-Info
LB
Cache
X-Microcachable
DB-Nickname
X-MP-GENERATED-AT
X-SRV
X-CSRF-Token
Source
X-TA-CDN-Provider
X-Tumblr-Pixel-2
Country-Code
X-Tumblr-Pixel-3
X-TT-LOGID
X-Xrds-Location
X-Buckets
X-Via-NSCOPI
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Request-Host
X-Tx-Id
X-Origin-Response-Time
X-Skip-Cache
X-Endurance-Cache-Level
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
Sslversion
Rendered-Blocks
Surrogated-Key
Odigeo-Trace-Id
X-A
T-Server
Pramga
MD5-Digest
Cdnsip
Cmsid
Cmstype
Cdncip
Candidate-Md5Url
A
BehaviorPad-Version
Cache-Key
DCR-Decision-By
DCR-Processing-Time-Ms
X-Aed
Meta-Geo-Continent
Mobile-Detection-Method
Lang
Host-ID
Expiry
Fastcgi-X-Cache-Version
NM-Fastcgi-Cache
X-Conf
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-Shop-Environment
X-S-Cookie
X-S
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Rojux
X-SRCache-Key
X-Tenant
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-TIM-N
X-TrackingId
X-User
X-Orig-Expires
X-NAPM-TraceId
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Status-Check
X-Cache-NE
X-BCube-Filmed-By
X-Application
X-ARC
X-B-Cookie
X-Connection-Hash
X-D
X-Forwarded-Path
X-Geo-Header
X-Hash
X-Ig-Push-State
X-External-Request-Id
X-Epic-Correlation-Id
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-AK-Request-ID
X-Destination
Datacenter
DynaTrace
X-Ms-Request-Id
X-Ms-Version
X-Azure-Ref
X-Has-Esi
X-HS-Content-Campaign-Id
X-Gzip
X-Gdpr
X-GeoIP
X-Irp-Debug
Memcached
Kp-EeAlive
X-Origin
X-Origin-Expires
X-Origin-Time
Environment
X-Nyt-Route
X-Ad-Defer-Variation
X-Is-Gdpr
Is-Eu
X-JWT-State
X-Loop
X-Ftr-Request-Id
X-Fetched-On
X-Cache-Id
X-CacheTTL
X-Newrelic-Synthetics
X-Ckpd-Fst-Backend
X-Cache-Backend
Wxu-Next-Commit
X-Amzn-Remapped-Content-Length
X-Bc-Bl
Wxu-Next-Region
Wxu-Next-Hostname
X-Core-Mission
X-Core-Value
Server-Host
X-DPWN-IS-SECURE
Producers
X-Esi-Check
X-Device-Os
X-Developers
State
X-DefElseHash
X-DefHash
Platform
X-NodeID
X-SVT-ORM-VERSION
X-TNCMS
X-Variation
X-SVT-ORM-RULES
X-Sigma-Backend
X-Sigma
AKAMAI
Adler-Geo
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
We-Hiring
X-SplitTest
XM
Mail-Subject
X-Worker
X-Varnish-Remaining-TTL
X-B3-SpanId
X-Wix-Viewer-Type
X-Scheme
X-V-Cache
X-Rocket-Build-Number
X-SB
X-Varnish-Beresp-Grace
X-RCS-CacheZone
X-Time
X-AIR-PT
X-NCache
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-CGP
X-Clara-WADP
X-RateLimit-Remaining-Second
X-Csrf-Jwt
X-Wikidot-Backend
X-VServer
X-Viewer-Country
X-Via-Ucdn
X-Qloud-Router
X-WADP-Cache
CPC-Age
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Cache-Info
X-Region-Sid
X-Block-Status
X-Rebelmouse-Surrogate-Control
X-BBC-Edge-Cache-Status
X-Auto-Login
X-Aicache-OS
Redirect-Candidate
X-Rebelmouse-Cache-Control
VNS-Cache
X-Dispatcher-Number
CPC-Cache
X-Cache-Date
X-Cache-Bucket
X-Branch-Name
VNS-Age
X-Cdn-Origin
X-VarnishDD-TTL
X-Sn-Servicetimems
X-Slack-Backend
X-SIPLIST1
X-Hnp-Log
X-HN
X-Platform
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Rocket-Nginx-Serving-Static
X-Mvc-Supplant-Cachable
X-Node-Id
X-Minions-Version
X-Planisys-CDN-Cache
X-LAGOON
X-Loc
X-GeoIP-City
X-Thinkindot-L3
X-Eu-Site
X-Fastly-Cache
X-Pool
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Ec-Custom-Error
X-Served-From
X-Fmm-Version
X-Forwarded-Site
X-Gen-Mode
X-Generated-On
X-Pod-Name
X-Request-URI
X-Policy
X-Gamma-Serve
X-VG-TLSProxy
X-Level-Front-Cache
Origin
Origin-CC
Origin-EX
NGX
N-Cache
L5d-Success-Class
Machine
PFcat
Release
Ssr
Svr
Sever-Int
Server-Hostname
Req-Svc-Chain
Server-Ext
L
IsBot
CDCHOST
CloudFront-Viewer-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Varnish-Ttl
Apple-News-Services-Handled
Cluster
Fastcgi-Cache-TTL
Ha-Gx-Prefs
HA-Ipaddr
Gh-Request-Id
Fastly-SWR
Fastly-GeoIP-CountryCode
Fastly-SIE
TDXMobile
Apple-News-Services-Host
Traceparent
Thinkindot-Control
Thinkindot-CacheControl
Web-Mar-Region
Thinkindot-CacheControl-Type
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
Cache-Name
DSUID
X-Owner
X-R9-Blue-Green-Version
X-Optimistic-Header
Ohc-File-Size
X-ZONE
Fastly-Backend-Name
HostName
X-WA-Info
X-Scale
CDN
GEO-INFO
X-Correlation-ID
X-Refresh
X-Micro-Cache
Pics-Label
X-WP-CF-Super-Cache-Cache-Control
X-Httpd
X-Server-IP
X-WP-CF-Super-Cache
X-Parent-Response-Time
Path
X-CS
X-VC
X-EC-Lua
X-Srv
X-CACHE-KEY
X-From
X-Edge-Pop
X-Ah-Environment
X-LB-NoCache
X-Webstats-RespID
Servername
X-Cache-ASPX
X-NC
Cache-Host
X-Contensis-Viewer-Groups
Ngx.Var.Host
Lb
Ms-Author-Via
X-TIME
X-Location
X-Varnish-Authentication
Env
X-Servedbyhost
X-Mvc-Supplant-OutputCached
X-RateLimit-Reset
X-Varnish-Beresp-TTL
XkeyRZ
X-Proxy-CacheRZ
X-Tb-Optimization-Total-Bytes-Saved
X-Udemy-Cache-App-Namespace
X-Generated-In
Locid
X-Via-Popv
X-TraceId
X-Via-Popn
X-Amz-Meta-Cb-Modifiedtime
X-API-Version
X-Via-Poph
X-Response-By
X-Men
Arc-Country
X-Clientip
Ohc-Cache-HIT
X-Old-Content-Length
X-S-Maxage
GeoIp-Country-Code
Memory
Time
ITXSESSIONID
X-Akamai-Transformed
AMP-Access-Control-Allow-Source-Origin
X-Vc
True-Client-IP
X-DSS
X-Date
X-RPM
X-RSL
X-DI
X-Accel-Expires-Debug
X-RPS
X-HA-Backend
Client
X-DW
X-Cs
X-DB
Geoip-Latitude
X-VCL-Version
X-Dmc
Hostname
X-TRACE-ID
X-VHOST
Server-ID
X-Tec-Api-Root
X-Render-Time
X-MSEdge-Flight
X-Tec-Api-Version
X-Tec-Api-Origin
X-GeoIP-Region-Code
X-Trace-ID
X-GeoIP-Country-Code
X-MSEdge-Features
X-URL
X-Zone
X-DynaTrace-JS-Agent
X-Presslabs-Stats
X-FireWall-Port
X-Fpc
X-Api-Version
FSS-Cache
X-INCAP-ABP
X-Cache-Debug
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
X-Service
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-DC
C-Via
X-Gateway-Cache-Status
X-Gateway-Cache-Key
Rip
X-M-Reqid
X-B3-Spanid
X-M-Log
X-Webkit-Csp-Report-Only
HIT
Click-Count-Error
CacheControlHeader
Tube-Got-Eval
Tube-Get-Contents
Powered-By
Tube-Return
Click-Count-Action-Start
NtCoent-Length
Tube-Got-Results
X-Qnm-Cache
X-TX-ID
On-Server
X-TH-Server
X-PX
Esi-Enabled
X-Action
True-Client-Country-4JS
X-FPC
X-HS-Status
Test
X-Backend-TTL
X-Alfa-Service
Tcn
X-Traceid
X-NGINX-Cache
X-Check-Cacheable
Server-Id
X-Cdn-Request-ID
X-CSRF-TOKEN
Edge-Cache
OT-Force-Account-Verify
X-Pass-Why
X-Edge-Origin-Shield-Region
Cdn
X-Req
X-Edge-Origin-Shield-Bytes
User-Agent
X-Beluga-Cache-Status
X-Beluga-Record
X-Beluga-Status
X-Beluga-Trace
Geo-Info
X-Vcl-Version
X-Beluga-Response-Time
X-Proxy-Cache-Hk
Srv
X-Beluga-Node
X-Akamai-Pragma-Client-IP
X-Origin-Upstream-Status
Uri
My-App
GeoIP-Country-Code
GeoIP-Latitude
Sid
X-Via-PopV
X-Via-PopN
Proxy-Connection
X-Via-PopH
X-Ha-Backend
Resin-Trace
Srvid
Cf-Int-Pingora-Origin-Digest
WebServer
X-CLOUD-TRACE-CONTEXT
M-TraceId
X-App
X-Up
X-APP
MIME-Version
X-Webkit-CSP-Report-Only
X-Varnish-Beresp-Ttl
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Epwk-X-Cache
X-Hcs-Proxy-Type
DT-Hot-News
Server-Ttl
X-LB-ID
X-ServedByHost
X-Provided-By
X-Cdn-Forward
X-LI-UUID
X-Fastly-Backend-Reqs
X-Bip
ENV
X-Backend-Host
X-LI-Proto
X-Thanos
X-Li-Fabric
X-Newrelic-App-Data
X-Li-Pop
X-Esi
Warning
X-Request-Start
X-RAMCache
X-B3-Traceid-Primal
X-Nc
XServer
True-Client-Ip
X-Lb-Nocache
X-Geo
X-Edge-POP
X-Fetch-By
X-UnsetCookies
ServerName
X-Vercel-Id
X-Vercel-Cache
X-HostName
Dt-Hot-News
X-ElasticPress-Query
WZWS-RAY
X-ND-Cache
CF-Cached-On
X-CF-Powered-By
X-Dw-Trace-Id
X-Time-Microsecs
X-Serial
X-Akamai-Request-ID
PICS-Label
X-HITS
X-Yottaa-OS
Section-Io-Id
X-Request-Url
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
DataCenter
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Inserted-Into-Cache-At
D-Url-Rewrites
X-Cc-Via
Magicmarker
Cf-Device-Type
X-Iplb-Instance
X-Iplb-Request-Id
X-CUA
X-Vcache
X-Snapshot-Date
Cdn-Uid
Cdn-Cachedat
Cdn-Cache
Cdn-Edgestorageid
Cdn-Requestcountrycode
Servedby
Cdn-Requestid
Wp-Super-Cache
Cdn-Pullzone
Vha6-Origin
X-ATG-Version
X-Platform-Cluster
X-Platform-Processor
X-Storefront-Renderer-Verified
X-Platform-Router
X-Fragments
X-FC-Vary-Parameters
Target-Params
X-Varnish-Beresp-Status
Tracecode
X-MiniProfiler-Ids
X-LiteSpeed-Tag
X-Fastly-Backend
X-Sucuri-Cache
X-Sucuri-ID
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
X-Azure-Ref-OriginShield
Fastcgi-Cache-Ttl
X-Dist-Code
X-Release
CountryCode
X-Var-Ttl
X-Th-Server
X-Back
X-Request-URL
Content-Script-Type
Content-Style-Type
X-BBC-Origin-Response-Status