Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
X-Akamai-Path-Stats
EagleId
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Fastly-Restarts
Accept-Ch
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-Amz-Server-Side-Encryption
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Vcap-Request-Id
X-Content-Type
X-Dw-Request-Base-Id
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-D2id
X-Edge
X-FastCGI-Cache
X-Ac
X-RateLimit-Remaining
X-Navigation-Version
X-Ser
X-Element-Page-Cache
Verso
X-Abt-Application-Version
X-Client-IP
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Powered-By-Plesk
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
X-Ttl
Access-Control-Request-Method
X-Content-Security-Policy-Report-Only
SPIisLatency
X-Goog-Hash
SPRequestDuration
X-Correlation-Id
X-Kinsta-Cache
X-Cached
AR-SID
AR-ATIME
X-Edge-Location-Klb
AR-Request-ID
AR-PoweredBy
AR-CACHE
SPRequestGuid
X-SharePointHealthScore
X-Powered-CMS
X-Kraken-Loop-Name
Edge-Cache-Tag
X-Instrumentation
X-LLID
X-Server-Lifecycle-Phase
X-Upstream
X-Litespeed-Cache
X-NWS-LOG-UUID
X-RateLimit-Limit
X-TTL
X-Ruxit-Js-Agent
X-Forwarded-For
X-Cache-Key
Nginx-Cache
Content-MD5
X-Id
X-MSEdge-Ref
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
TCN
X-T
X-Recruiting
S
X-B3-TraceId-Primal
X-Daa-Tunnel
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Content-Digest
X-ECACHE
X-Ua-Device
X-DataDome
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
X-Mg-S
X-WebKit-CSP-Report-Only
X-Ezoic-Cdn
X-Grace
MicrosoftSharePointTeamServices
X-Protected-By
X-DynaTrace
X-Ab
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
X-HS-Combine-CSS
X-HS-Cache-Config
MS-Author-Via
X-Frontend
X-Content
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Yandex-Sdch-Disable
Front-End-Https
Filters
X-Server-ID
TP-Cache
TP-L2-Cache
X-PressLabs-Stats
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-Webkit-Csp
X-ORACLE-DMS-ECID
X-Microsite
X-Request-Handler-Origin-Region
X-Tt-Trace-Tag
X-LB-Cache
X-Tt-Trace-Host
X-Amzn-Trace-Id
Charset
X-ORACLE-DMS-RID
X-Debug-Info
Cleartype
Host
X-Page-Id
X-F-Cache
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Git-Hash
X-Forwarded-Proto
X-DIS-Request-ID
X-Cache-Age
X-Webkit-CSP
X-Seen-By
Access-Control-Allow-Method
X-Www-Served-By
Cache-Status
Realpath
X-Ratelimit-Reset
X-Activity-Id
X-Az
X-AppVersion
Pinterest-Version
ServerID
Pinterest-Generated-By
X-Pinterest-Rid
X-Aspnetmvc-Version
Accept-Charset
X-Mcache
Cache-Tags
X-Varnish-Age
X-Fastly-Request-Id
Filterid
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Rid
X-Content-Options
X-Type
X-Language
Retry-After
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-FB-Debug
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Country
Server-Name
X-App-Environment
X-Varnish-Backend
X-User-Agent
Viewport
X-MCACHE
Node
X-Drupal-Cache-Tags
X-Upgrade-Enabled
X-Varnish-Grace
DC
Paypal-Debug-Id
X-Tb
X-Whom
X-Wix-Request-Id
X-B-Cache
X-Signature
X-TT
X-Mobile-URL
X-Origin-Cache
X-Oneagent-Js-Injection
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-GUploader-UploadID
X-Request-Guid
X-Route-Name
X-VCache
X-XRDS-LOCATION
X-B
X-Goog-Stored-Content-Length
X-Providence-Cookie
X-NWS-UUID-VERIFY
Permissions-Policy
Protected
X-Debug
X-Logged-In
X-Amz-Replication-Status
Fastcgi-Useragent
X-Amz-Meta-S3cmd-Attrs
X-Cache-NGX
X-N
WPO-Cache-Status
Payment
WPO-Cache-Message
X-Load-Cache
Surrogate-Key
X-Via-JSL
X-Contextid
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Count-Hit
Healthy
X-Node-Name
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-FW-Type
X-FW-Serve
X-FW-Server
X-Template
X-XRDS-Location
X-FW-Hash
X-FW-Static
X-FW-Dynamic
X-Mobile
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
Content-Disposition
Refresh
X-Proxy
X-Cache-Time
X-G
Akamai-GRN
X-Jobs
Url
X-Cache-TTL-Remaining
Uber-Trace-Id
X-Real-IP
X-Akamai-Request-ID2
X-Revision
Alternate-Protocol
X-Zen-Fury
X-UUID
X-Restarts
X-Debug-IsPreview
X-Device-Type
X-Framework
X-Adobe-Loc
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Cacheable-TTL
VIX-Pulpo-Node
NGB
X-Fastly-Request-ID
VIX-Pulpo-Upstream-Status
X-Adobe-Content
X-Is-Bot
X-Servername
X-Proxy-Cache-Status
X-Rendered-As
X-NGENIX-Cache
X-Http-Reason
X-Cache-Grace
X-Yottaa-Metrics
Access-Control-Request-Headers
X-Hostname
X-Instance
X-Page-View
X-Yottaa-Optimizations
X-Mg-Request-UUID
X-ECache
X-Midtier
X-Varnish-Server
X-Trace-Id
X-IPLB-Instance
X-B3-Traceid
X-Environment-Context
Version
X-L-Path
X-EdgeConnect-Cache-Status
X-Source
Accept-Language
X-HTML-Minification-Powered-By
Ms-Operation-Id
MS-CV
Countrycode
X-RTag
X-Fastcgi-Cache
Frame-Options
From-Origin
X-Cache-Hit
X-Cache-Rule
X-Vgn-Hpd-Reason
X-Cache-Expired-At
Liferay-Portal
X-NYM-Debug-Backend
X-App-Server
Referer-Policy
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-COUNTRY
Backend
X-Datadome
X-IPS-LoggedIn
X-Nginx-Cache
X-FW-Version
Content-Secure-Policy
X-Parallel-Accel
Upgrade-Insecure-Requests
X-Hosted-By
X-RN-RSRV
X-Cache-Server
Meta-Geo
X-UPSTREAM-Address
X-Unique-Id
X-FB-TRIP-ID
X-Generation-Time
X-No-Session
X-APP-VERSION
X-PCL
Section-Io-Cache
X-OCL
X-Ua
X-NewRelic-App-Data
X-Content-Age
WP-Super-Cache
X-Origin-Hint
X-ProcessESI
X-Redis-Cache
X-PHP-Backend
X-Origin-Date
X-Cluster-Node
X-Format
X-Region
X-RemovedCookies
X-Varnish-Cache-Hits
X-Via-Fastly
X-UA-Device-Type
X-Server-W
X-Request-Time
X-Section
X-Cache-Enabled
X-Be
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
S-Rt
Mn-Server-Ip
Property-Id
TWC-GeoIP-LatLong
TWC-Privacy
X-Akamai-Edgescape
X-AOL-HN
X-Access
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
Apigw-Requestid
TWC-Locale-Group
X-Mode
CF-IPCountry
X-Cache-Host
X-BYPASS-REASON
X-ApacheServer
X-Content-Powered-By
X-Debug-Cache
X-Human
X-Generated-By
Locale
Eomportal-Instance
Azure-RegionName
Azure-InstanceId
X-Sorting-Hat-ShopId
Azure-SiteName
Azure-SlotName
Cache-Tv-Group
Azure-Version
X-Locale
X-Nginx-Cache-Key
X-Urbn-Context-Path
X-Ratelimit-Remaining
X-Sql-Duration-Ms
X-Urbn-Site-Id
X-Uri
Fastly-SSL
X-Xfnlog-Site
X-Storage
X-Site-Version
X-ProxyCache-Key
X-PERF
X-Sorting-Hat-PodId
X-ProxyCache-Status
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Sql-Count
X-Forwarded-Host
X-Shopify-Stage
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Extlb
X-VC-Cache
X-Hl-Ver
X-JoinUs
X-Detected-As
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-VWS-Id
X-Backend-Name
X-AWS-Id
X-PHP-Host
X-Platform-Server
X-Cache-Tags
X-Routing-Service
X-Web-Node
X-SaId
X-Varnishpool
X-ServerID
X-Zipkin-Id
X-Proxied
X-Status
Ec-Rule-Version
X-Adobe-Source
X-Tid
X-Cms-Context
X-Cache-Type
X-Cache-Action
X-Handled-By
Load-Balancing
Selected-Fe
X-GG-Cache-Date
X-Timing-Wait
X-Proxy-Build
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
CDN-EdgeStorageId
X-Storefront-Renderer-Rendered
CDN-Cache
X-Edge-Location
CDN-PullZone
CDN-CachedAt
ServedBy
X-Dc
SRV
Webserver
X-Proto
X-GeoCountry
X-GeoCode
X-App-Version
X-LSADC-Cache
X-CDN-Forward
Fastly-Drupal-Html
X-Hyper-Cache
Web-Mar-Node
Onion-Location
X-Cache-Operation
X-Cached-By
X-Rule
Mime-Version
X-GEO
X-TT-LOGID
X-Cache-Remote
X-Varnish-Hostname
SID
X-Rewrite-Enabled
Cache-Hits
X-Cdn
X-Soup
X-Varnish-Ttl
X-Cluster
Xserver
X-Pubstack
X-Accel-Buffering
X-Origin-CC
X-Reqid
X-Varnish-Hits
Xet-Cookie
X-TA-CDN-Provider
X-Origin-TTL
X-SRV
Country-Code
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
X-Magnolia-Registration
X-Microcachable
X-IPLB-Request-ID
LB
Server-Info
X-Buckets
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Decoy-Debug-Status
X-CSRF-Token
Decoy-Debug-Key
Decoy-Debug-TTL
Cache
DB-Nickname
X-Request-Host
Source
X-Newrelic-Synthetics
X-Ms-Request-Id
X-Amzn-RequestId
X-Ms-Version
X-Tt-Logid
X-Amz-Apigw-Id
X-Tx-Id
X-Endurance-Cache-Level
X-Via-NSCOPI
X-Vtex-Processado-Em
Xc-Version
A
Fastcgi-X-Cache-Version
BehaviorPad-Version
Cdnsip
Cdncip
Cmsid
X-Vtex-Remote-Cache
DCR-Processing-Time-Ms
DCR-Decision-By
X-Origin-Response-Time
Cmstype
Expiry
X-A-Ccd
X-Developer
X-Session-Fingerprint
X-Ec-Fail
X-Ec-GeoHdr
X-External-Request-Id
X-Epic-Correlation-Id
X-Destination
X-D
X-SRCache-Key
X-CF-Lambda-Version
X-Conf
X-Shop-Environment
X-Connection-Hash
X-Forwarded-Path
X-Ftr-Request-Id
X-ScT
X-PBS-Appsvrname
X-Processor
X-S-Cookie
X-S
X-Rojux
X-SD-PageType
X-PAYTM-SRV-ID
X-Hash
X-Geo-Header
X-Ig-Push-State
X-NAPM-TraceId
X-Orig-Expires
X-CF-Lambda-Fn
X-Cdn-Srv
Odigeo-Trace-Id
NM-Fastcgi-Cache
Pramga
Rendered-Blocks
Surrogated-Key
Sslversion
X-Vdms-Path
X-Vdms-Version
MD5-Digest
Lang
Meta-Geo-Continent
Mobile-Detection-Method
X-VG-WebCache
X-User
T-Server
X-TIM-N
X-Application
X-ARC
X-B-Cookie
X-Cache-NE
X-Tenant
X-TrackingId
X-AK-Request-ID
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
Host-ID
X-A
X-Time
X-B3-SpanId
X-RCS-CacheZone
X-Bc-Bl
X-NCache
AKAMAI
Memcached
Adler-Geo
X-DefElseHash
X-Esi-Check
X-Skip-Cache
X-Developers
X-DefHash
X-Device-Os
X-DPWN-IS-SECURE
X-Fetched-On
X-Rocket-Build-Number
X-Gdpr
X-Origin-Expires
X-Origin-Time
X-Origin
X-Nyt-Route
X-NodeID
Wxu-Next-Commit
X-Irp-Debug
Is-Eu
X-SB
X-GeoIP
X-Gzip
X-HS-Content-Campaign-Id
Mail-Subject
Platform
State
X-CacheTTL
X-Ckpd-Fst-Backend
Server-Host
X-Varnish-Remaining-TTL
X-Cache-Id
X-Cache-Backend
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Region
X-Amzn-Remapped-Content-Length
X-Worker
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Sigma-Backend
Producers
X-Sigma
X-Server-IP
Environment
X-Scheme
X-Core-Value
X-Variation
X-V-Cache
X-Core-Mission
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Azure-Ref
X-Varnish-Beresp-Grace
Cache-Name
X-Thinkindot-L3
X-Wix-Viewer-Type
X-VarnishDD-TTL
X-Clara-WADP
X-CGP
X-Via-Ucdn
X-VG-TLSProxy
X-Sn-Servicetimems
X-Csrf-Jwt
X-Datadog-Sampling-Priority
X-Loop
X-Rocket-Nginx-Serving-Static
X-Served-From
X-Datadog-Parent-Id
X-Slack-Backend
X-SIPLIST1
X-Viewer-Country
X-Cdn-Origin
X-Has-Esi
Kp-EeAlive
X-Auto-Login
X-Aicache-OS
X-Is-Gdpr
X-TNCMS
X-JWT-State
X-BBC-Edge-Cache-Status
X-Block-Status
X-Wikidot-Backend
X-Cache-Info
X-WADP-Cache
X-Cache-Date
X-Cache-Bucket
X-Branch-Name
X-Wikidot-Static-Cache
X-Request-URI
X-Region-Sid
X-HN
X-Hnp-Log
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-GeoIP-City
X-Pod-Name
X-Platform
X-Httpd
X-Planisys-CDN-Cache
X-Level-Front-Cache
X-Loc
X-Minions-Version
X-Node-Id
HostName
X-LAGOON
Candidate-Md5Url
X-Policy
X-Generated-On
X-Ec-Custom-Error
X-Qloud-Router
X-Eu-Site
Cache-Key
X-Dispatcher-Number
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Fastly-Cache
X-Proxy-Upstream
X-Pool
X-Gen-Mode
X-Gamma-Serve
X-Forwarded-Site
X-Proxy-Cache-Info
X-Fmm-Version
X-Mvc-Supplant-Cachable
X-Datadog-Trace-Id
Origin
Origin-CC
Origin-EX
Ohc-File-Size
N-Cache
Apple-News-Services-Host
Apple-News-Services-Handled
Fastcgi-Cache-TTL
X-Xrds-Location
Ssr
X-R9-Blue-Green-Version
Req-Svc-Chain
Release
X-BCube-Filmed-By
Redirect-Candidate
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Ha-Gx-Prefs
HA-Ipaddr
IsBot
Gh-Request-Id
Fastly-SWR
Fastly-GeoIP-CountryCode
Fastly-SIE
L
L5d-Success-Class
CDCHOST
Datacenter
Machine
CloudFront-Viewer-Country
Web-Mar-Region
Cluster
Svr
PFcat
Thinkindot-CacheControl-Type
V-Age
User-Cache-Control
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
DynaTrace
Traceparent
Vix-Hermes-Req-Id
X-Cache-Status-Check
X-RateLimit-Limit-Second
VNS-Age
X-VServer
X-Ad-Defer-Variation
X-Owner
Server-Hostname
Sever-Int
XM
Server-Ext
GEO-INFO
NGX
X-Optimistic-Header
X-From
X-RateLimit-Remaining-Second
X-Webstats-RespID
VNS-Cache
X-SplitTest
CDN
CPC-Age
CPC-Cache
DSUID
X-Scale
X-ZONE
X-Parent-Response-Time
X-WA-Info
X-Location
X-VC
Pics-Label
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Refresh
X-CS
X-CACHE-KEY
X-Ah-Environment
X-Contensis-Viewer-Groups
Fastly-Backend-Name
Locid
X-Cache-ASPX
X-Tb-Optimization-Total-Bytes-Saved
X-AIR-PT
X-EC-Lua
Ms-Author-Via
X-Men
X-NC
X-Micro-Cache
X-LB-NoCache
X-Edge-Pop
Servername
X-Srv
X-Response-By
Env
X-RateLimit-Reset
X-Varnish-Authentication
Arc-Country
AMP-Access-Control-Allow-Source-Origin
X-Amz-Meta-Cb-Modifiedtime
X-Servedbyhost
X-Old-Content-Length
X-Udemy-Cache-App-Namespace
Path
X-Tec-Api-Root
X-Tec-Api-Origin
Lb
X-TIME
X-Tec-Api-Version
X-RSL
Memory
Ngx.Var.Host
X-DW
X-RPM
X-DI
X-DSS
X-RPS
Cache-Host
Time
X-DB
X-TraceId
X-Via-Popn
X-Generated-In
X-Via-Popv
X-Via-Poph
X-Mvc-Supplant-OutputCached
Ohc-Cache-HIT
ITXSESSIONID
X-Date
X-Accel-Expires-Debug
X-Varnish-Beresp-TTL
X-Akamai-Transformed
X-HA-Backend
XkeyRZ
X-Proxy-CacheRZ
X-API-Version
X-S-Maxage
Client
X-GeoIP-Country-Code
GeoIp-Country-Code
X-GeoIP-Region-Code
X-Cache-Debug
X-Vc
X-Clientip
True-Client-IP
X-Api-Version
FSS-Cache
X-VCL-Version
X-Cs
X-VHOST
X-DC
X-Trace-ID
Geoip-Latitude
Server-ID
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
X-Zone
CacheControlHeader
X-Fpc
X-Presslabs-Stats
Hostname
X-Correlation-ID
X-TH-Server
X-FireWall-Port
X-Action
True-Client-Country-4JS
X-Dmc
X-Webkit-Csp-Report-Only
Powered-By
X-MSEdge-Features
X-Render-Time
X-MSEdge-Flight
X-Backend-TTL
X-Traceid
X-TX-ID
X-PX
NtCoent-Length
X-B3-Spanid
X-INCAP-ABP
Edge-Cache
Test
X-DynaTrace-JS-Agent
X-Gateway-Cache-Status
C-Via
X-Req
Rip
Geo-Info
X-Gateway-Request-Id
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
Tcn
X-Service
X-NGINX-Cache
X-TRACE-ID
My-App
Click-Count-Action-Start
Click-Count-Error
X-Pass-Why
Tube-Got-Eval
Tube-Get-Contents
X-FPC
HIT
X-CSRF-TOKEN
Tube-Return
X-Cdn-Request-ID
Tube-Got-Results
X-M-Reqid
X-Origin-Upstream-Status
Server-Id
X-Webkit-CSP-Report-Only
X-Beluga-Status
Esi-Enabled
X-Beluga-Response-Time
X-Beluga-Trace
X-M-Log
X-HS-Status
X-Qnm-Cache
On-Server
X-Beluga-Record
X-Beluga-Cache-Status
User-Agent
X-Beluga-Node
X-Vcl-Version
X-Alfa-Service
X-Up
OT-Force-Account-Verify
Cf-Int-Pingora-Origin-Digest
X-Provided-By
Uri
X-Akamai-Pragma-Client-IP
X-Ha-Backend
X-Via-PopN
X-Via-PopH
X-LB-ID
X-Via-PopV
Proxy-Connection
X-Check-Cacheable
Srvid
X-URL
GeoIP-Country-Code
X-Proxy-Cache-Hk
Resin-Trace
GeoIP-Latitude
Cdn
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
Sid
X-APP
X-Edge-Origin-Shield-Bytes
X-UnsetCookies
X-Edge-Origin-Shield-Region
X-LI-UUID
X-ServedByHost
X-LI-Proto
Srv
X-Li-Fabric
X-Hcs-Proxy-Type
X-Li-Pop
Epwk-X-Cache
X-CCDN-CacheTTL
X-RAMCache
X-CCDN-Origin-Time
MIME-Version
DataCenter
X-Geo
X-Cdn-Forward
WebServer
X-Time-Microsecs
X-Backend-Host
X-Fetch-By
X-ND-Cache
M-TraceId
WZWS-RAY
X-Esi
Warning
XServer
X-Lb-Nocache
X-Fastly-Backend-Reqs
ServerName
ENV
Cf-Device-Type
X-CUA
Server-Ttl
X-App
X-Edge-POP
X-B3-Traceid-Primal
X-MG-S
Fastly-Drupal-HTML
X-HostName
X-Fragments
X-Azure-Ref-OriginShield
X-Dw-Trace-Id
CF-Cached-On
X-Newrelic-App-Data
PICS-Label
X-ElasticPress-Query
X-HITS
X-Platform-Router
Section-Io-Origin-Status
Section-Io-Id
DT-Hot-News
X-LiteSpeed-Cache-Control
Section-Origin-Responded
X-Nc
Tracecode
Target-Params
X-Platform-Cluster
X-Yottaa-OS
X-Serial
X-Platform-Processor
X-ATG-Version
X-Request-Url
Section-Io-Origin-Time-Seconds
Lfy
Inserted-Into-Cache-At
D-Url-Rewrites
Dt-Hot-News
X-CF-Powered-By
X-Iplb-Instance
X-Thanos
X-FC-Vary-Parameters
X-Sucuri-Cache
X-Var-Ttl
X-Sucuri-ID
X-Iplb-Request-Id
X-Fastly-Backend
X-Vcache
True-Client-Ip
Cf-Ipcountry
X-Bip
X-Akamai-Request-ID
Cdn-Pullzone
Cdn-Cache
Cdn-Edgestorageid
Cdn-Cachedat
Wp-Super-Cache
Cdn-Requestcountrycode
Cdn-Requestid
Servedby
Cdn-Uid
X-Request-Start
X-IN-APIGATEWAYSSL
X-Vercel-Cache
X-IN-APIGATEWAY
Vha6-Origin
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Id
X-Cache-Expires
X-NU-AKA-ACS-Version
CountryCode
Content-Script-Type
X-Snapshot-Date
X-Varnish-Beresp-Status
X-Dist-Code
X-BBC-Origin-Response-Status
X-Release
Content-Style-Type
X-Back
Cneonction
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
Ngx
X-Request-URL
X-Th-Server
X-Storefront-Renderer-Verified
X-Wp-Cf-Super-Cache