Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
X-Request-ID
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
Host-Header
X-UA-Device
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Rq
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Dispatcher
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
Allow
X-Cache-Spec
X-Device
X-WebKit-CSP
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-Response-Time
X-HW
Cf-Edge-Cache
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Trace
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Mod-Pagespeed
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
X-Rack-Cache
X-Server-Name
X-Ruxit-JS-Agent
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-VARITI-CCR
X-B3-TraceId
X-Content-Type
Cache-Tag
X-Vcap-Request-Id
Accept-Ch
X-Amz-Server-Side-Encryption
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Cnection
X-Ac
X-Px
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-Webkit-Csp
X-Client-IP
X-Powered-By-Plesk
X-Abt-Application-Version
X-Cache-TTL
X-Middleton-Display
Display
Pagespeed
X-Sol
X-Ser
Service-Worker-Allowed
X-Edge
X-Ruxit-Js-Agent
X-Version
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
X-Correlation-Id
X-Kinsta-Cache
AR-PoweredBy
AR-SID
AR-ATIME
AR-Request-ID
AR-CACHE
X-TTL
SPRequestDuration
X-Upstream
SPIisLatency
X-Edge-Location-Klb
X-Ttl
X-NWS-LOG-UUID
X-RateLimit-Limit
X-LLID
X-Cached
X-Cache-Key
X-Powered-CMS
X-Litespeed-Cache
Edge-Cache-Tag
Nginx-Cache
X-SharePointHealthScore
SPRequestGuid
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
TCN
X-MSEdge-Ref
X-Content-Security-Policy-Report-Only
Content-MD5
X-Id
MS-Author-Via
X-Shield-Request-Id
X-Daa-Tunnel
X-T
X-B3-TraceId-Primal
X-Recruiting
S
X-DataDome
X-Content-Digest
X-Mg-S
X-Ua-Device
X-Protected-By
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Ezoic-Cdn
X-Frontend
X-Accel-Expires
X-HS-Cache-Config
X-SRCache-Fetch-Status
X-HS-Content-Id
X-HS-Hub-Id
X-SRCache-Store-Status
X-HS-Combine-CSS
MicrosoftSharePointTeamServices
X-Ua-Browser
X-Ab
Server-Node
X-Content
X-Request-Processing-Time
X-Request-Received
X-Grace
Front-End-Https
Filters
X-Server-ID
X-Yandex-Sdch-Disable
X-ORACLE-DMS-ECID
X-ECACHE
Fastcgi-Cache
X-PressLabs-Stats
X-Mid
X-ORACLE-DMS-RID
X-Origin-Server
X-Hits
X-DynaTrace
X-Distributor
TP-L2-Cache
X-Geo-Country
TP-Cache
X-Debug-Info
X-Ratelimit-Reset
X-Amzn-Trace-Id
X-Pinterest-Rid
Pinterest-Generated-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
Charset
Pinterest-Version
Cleartype
X-Page-Id
Host
X-F-Cache
X-Request-Handler-Origin-Region
X-Git-Hash
X-Microsite
X-DIS-Request-ID
X-B3-Sampled
X-Www-Served-By
Cross-Origin-Opener-Policy
X-LB-Cache
X-Forwarded-Proto
Access-Control-Allow-Method
ServerID
X-Cache-Age
X-WebKit-CSP-Report-Only
Cache-Tags
X-Seen-By
X-Activity-Id
X-Az
X-Aspnetmvc-Version
X-AppVersion
Accept-Charset
X-Kong-Proxy-Latency
X-Cluster-Name
X-Kong-Upstream-Latency
Cache-Status
X-Varnish-Age
Realpath
X-Language
Filterid
Server-Name
X-Type
X-Content-Options
X-Rid
X-XRDS-LOCATION
X-App-Environment
X-Nginx-Upstream-Cache-Status
X-Oracle-Dms-Ecid
X-Upgrade-Enabled
X-Mobile-URL
X-Oracle-Dms-Rid
Country
Viewport
X-Varnish-Grace
Node
X-NWS-UUID-VERIFY
X-MCACHE
X-Origin-Cache
X-User-Agent
DC
X-B-Cache
X-Signature
X-Route-Name
Paypal-Debug-Id
X-Wix-Request-Id
X-Aspnet-Duration-Ms
X-Request-Guid
X-Drupal-Cache-Tags
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Whom
X-Tb
X-FB-Debug
Protected
Retry-After
X-Goog-Stored-Content-Encoding
X-VCache
X-TT
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Varnish-Backend
X-Via-JSL
Fastcgi-Useragent
X-B
X-Cache-NGX
X-Fastly-Request-Id
X-Fastly-Request-ID
X-Fastcgi-Cache
Payment
X-Amz-Replication-Status
X-Contextid
X-Debug
X-N
X-Logged-In
X-Mcache
WPO-Cache-Status
WPO-Cache-Message
X-Load-Cache
X-Template
Surrogate-Key
X-FW-Type
X-FW-Dynamic
X-FW-Static
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Cache-Control
X-Amz-Meta-S3cmd-Attrs
Count-Hit
X-Node-Name
X-Hostname
X-XRDS-Location
X-Erf-Bev-Bev-Is-Generated
X-Trace-Id
X-Browser-Type
X-Erf-Bev-Bev
Amp-Access-Control-Allow-Source-Origin
X-Original-Request-Id
X-Response-Served-From
SD-X-WS
Healthy
X-Proxy
Akamai-GRN
Content-Disposition
Refresh
X-Rendered-As
X-Is-Bot
VIX-Pulpo-Node
X-Zen-Fury
VIX-Pulpo-Upstream-Status
X-Akamai-Request-ID2
X-Real-IP
X-UUID
X-Revision
X-Http-Reason
X-Mobile
X-Jobs
Uber-Trace-Id
X-Page-View
X-Cache-Time
X-Cache-TTL-Remaining
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Adobe-Content
X-Drupal-Cache-Contexts
X-Framework
X-Cacheable-TTL
X-G
X-Instance
X-Device-Type
X-Adobe-Loc
NGB
Alternate-Protocol
Permissions-Policy
X-Proxy-Cache-Status
X-Debug-IsConnected
X-Debug-IsPreview
Access-Control-Request-Headers
X-IPLB-Instance
X-ECache
X-Source
Url
X-B3-Traceid
X-Servername
X-Parallel-Accel
X-Cache-Grace
X-Cache-Rule
From-Origin
Version
X-Vgn-Hpd-Reason
X-Varnish-Server
X-Oneagent-Js-Injection
X-Cache-Hit
Accept-Language
X-L-Path
X-Environment-Context
X-Mg-Request-UUID
X-Restarts
X-Cache-Expired-At
X-NGENIX-Cache
X-EdgeConnect-Cache-Status
Referer-Policy
Countrycode
X-RTag
Ms-Operation-Id
MS-CV
X-App-Server
Cross-Origin-Window-Policy
X-FW-Version
X-HTML-Minification-Powered-By
Frame-Options
Liferay-Portal
X-NYM-Debug-Backend
X-IPS-LoggedIn
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-COUNTRY
X-Cache-Action
Backend
X-Nginx-Cache
Content-Secure-Policy
X-ProcessESI
WP-Super-Cache
CF-IPCountry
X-RemovedCookies
X-Redis-Cache
X-Cache-Server
X-RN-RSRV
Meta-Geo
X-UPSTREAM-Address
X-PCL
Upgrade-Insecure-Requests
X-OCL
X-Detected-As
X-Ua
X-Content-Age
X-Cluster-Node
X-Format
X-Section
X-APP-VERSION
Cache-Tv-Group
Ec-Rule-Version
X-No-Session
Apigw-Requestid
X-Generation-Time
X-Hyper-Cache
Section-Io-Cache
X-Access
Fastly-SSL
Webserver
X-Mode
TWC-Privacy
X-FB-TRIP-ID
Property-Id
X-ApacheServer
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Mn-Server-Ip
Locale
X-Hosted-By
X-Cache-Enabled
Webcakes-Region
Webcakes-App-Version
S-Rt
Webcakes-App-Name
X-Be
Azure-SlotName
X-Human
X-Via-Fastly
X-Request-Time
X-Server-W
Azure-Version
X-Site-Version
X-Sql-Duration-Ms
X-Sql-Count
Azure-SiteName
TWC-Device-Class
Azure-RegionName
X-Urbn-Context-Path
Azure-InstanceId
X-PERF
X-Varnish-Cache-Hits
X-Uri
X-Urbn-Site-Id
X-Origin-Hint
X-Ratelimit-Remaining
X-PHP-Backend
X-Origin-Date
X-Cache-Host
X-Xfnlog-Site
X-BYPASS-REASON
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
CDN-EdgeStorageId
CDN-CachedAt
X-Akamai-Edgescape
CDN-Cache
X-AOL-HN
X-Unique-Id
X-Generated-By
X-Say-Cacheable
X-Region
X-Say-TTL
X-SayCDN-TTL
X-Webkit-CSP
X-UA-Device-Type
X-Storage
X-ProxyCache-Status
Eomportal-Instance
X-Content-Powered-By
X-Debug-Cache
CDN-Uid
X-Status
X-ProxyCache-Key
X-Adobe-Source
X-Nginx-Cache-Key
X-Cache-Type
X-Zipkin-Id
X-Routing-Service
X-SaId
X-Forwarded-Host
X-Proxied
X-Handled-By
X-JoinUs
X-Platform-Server
X-Hl-Ver
X-ServerID
X-ShardId
X-Extlb
X-Varnishpool
X-Cache-Tags
X-Tid
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Backend-Name
X-Rule
X-Web-Node
X-GG-Cache-Date
X-TT-LOGID
X-Timing-Wait
X-Proxy-Build
X-Locale
Selected-Fe
ServedBy
X-PHP-Host
X-Labrador-Cache-Channel
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Dc
X-Accel-Buffering
X-NewRelic-App-Data
X-Cache-Operation
X-Datadome
X-Cache-Remote
X-VC-Cache
X-Rewrite-Enabled
X-Midtier
X-CDN-Forward
X-Cached-By
SID
Xserver
X-Edge-Location
X-Soup
X-Pubstack
X-LSADC-Cache
SRV
X-Proto
X-Cms-Context
X-TA-CDN-Provider
Web-Mar-Node
X-Storefront-Renderer-Rendered
X-App-Version
X-Reqid
Onion-Location
X-Buckets
Fastly-Drupal-Html
Mime-Version
Country-Code
LB
Decoy-Debug-TTL
Load-Balancing
Decoy-Debug-Status
Decoy-Debug-Key
X-Microcachable
X-Varnish-Hostname
X-GEO
X-Request-Host
X-Ratelimit-Limit
X-Origin-CC
X-Origin-TTL
X-GeoCountry
X-GeoCode
Cache-Hits
X-Cluster
Xet-Cookie
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Ms-Version
X-Tumblr-Pixel-3
X-Ms-Request-Id
Server-Info
X-Varnish-Hits
X-CSRF-Token
X-Tec-Api-Root
X-Envoy-Decorator-Operation
X-Tec-Api-Version
X-Time
X-Tec-Api-Origin
X-SRV
X-NCache
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Magnolia-Registration
X-Bc-Bl
X-B3-SpanId
X-RCS-CacheZone
X-Endurance-Cache-Level
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Origin-Response-Time
X-Cache-Id
X-Orig-Expires
X-NodeID
Cmsid
X-Epic-Correlation-Id
Meta-Geo-Continent
Mobile-Detection-Method
X-Esi-Check
X-External-Request-Id
X-Forwarded-Path
Host-ID
Lang
X-Ec-GeoHdr
X-Ec-Fail
Pramga
Surrogated-Key
Rendered-Blocks
X-Destination
X-Developer
NM-Fastcgi-Cache
T-Server
Odigeo-Trace-Id
X-From
X-Ftr-Request-Id
X-Hash
Cdncip
Cdnsip
BehaviorPad-Version
A
X-LAGOON
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Gzip
Cmstype
Expiry
Fastcgi-X-Cache-Version
X-D
X-Geo-Header
DCR-Processing-Time-Ms
DB-Nickname
DCR-Decision-By
X-NAPM-TraceId
X-Processor
X-TrackingId
DynaTrace
X-B-Cookie
X-A-Ccd
X-Aed
X-Conf
X-Tenant
X-CF-Lambda-Fn
X-TIM-N
X-CF-Lambda-Version
X-A-Dam
X-A-Dcw
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-AK-Request-ID
X-Application
X-ARC
X-Connection-Hash
X-Cache-NE
X-A-Dgt
X-A-Wwc
X-R9-Blue-Green-Version
X-SRCache-Key
X-Rojux
X-Varnish-Beresp-Grace
X-Vtex-Remote-Cache
X-S
Cache-Name
X-A
X-Webstats-RespID
Sslversion
X-Cache-Bucket
X-S-Cookie
X-Vtex-Processado-Em
Xc-Version
X-Cdn-Srv
X-Shop-Environment
X-SD-PageType
X-Session-Fingerprint
X-ScT
X-Azure-Ref
X-Varnish-Ttl
X-ZONE
X-Clara-WADP
X-Gdpr
User-Cache-Control
MD5-Digest
Environment
X-Worker
X-Wix-Viewer-Type
X-Gen-Mode
Fastly-GeoIP-CountryCode
Machine
X-Sigma
X-Developers
X-Cache-Backend
X-Sigma-Backend
Svr
Server-Host
State
X-Rocket-Build-Number
X-Block-Status
X-Fastly-Cache
X-Cache-Info
X-Fmm-Version
X-Ckpd-Fst-Backend
Mail-Subject
X-Ec-Custom-Error
Memcached
X-Amzn-Remapped-Content-Length
X-Viewer-Country
Wxu-Next-Commit
X-Origin-Time
X-Slack-Backend
X-Planisys-CDN-Cache
X-Origin
X-TNCMS
X-WADP-Cache
X-V-Cache
X-User
X-Nyt-Route
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Request-URI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Tx-Id
Wxu-Next-Region
X-SB
X-Server-IP
X-Scheme
Wxu-Next-Hostname
Web-Mar-Region
X-Mvc-Supplant-Cachable
AKAMAI
X-Hnp-Log
X-Core-Value
X-Irp-Debug
Apple-News-Services-Handled
Apple-News-Services-Host
X-Has-Esi
V-Age
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
We-Hiring
X-Is-Gdpr
X-Location
X-Loop
Vix-Hermes-Req-Id
X-VG-TLSProxy
X-JWT-State
Source
CDN
Cache
X-Datadog-Sampling-Priority
X-CGP
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Platform
Req-Svc-Chain
Ssr
X-BBC-Edge-Cache-Status
X-CacheTTL
Origin
L
X-VarnishDD-TTL
X-Via-NSCOPI
Kp-EeAlive
X-Core-Mission
X-Device-Os
X-Served-From
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Rocket-Nginx-Serving-Static
X-Pool
X-Dispatcher-Number
X-Fetched-On
X-Node-Id
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Gamma-Serve
X-Generated-On
X-GeoIP
X-HN
X-Forwarded-Site
X-Eu-Site
X-DefElseHash
X-DefHash
X-DPWN-IS-SECURE
X-Level-Front-Cache
X-Men
X-Region-Sid
X-Variation
X-Varnish-CookieHashed-On
X-Proxy-Upstream
X-Policy
X-Minions-Version
X-Origin-Expires
X-Pod-Name
X-Datadog-Trace-Id
X-Auto-Login
Arc-Country
CDCHOST
Adler-Geo
PFcat
Redirect-Candidate
Platform
N-Cache
Cluster
Ha-Gx-Prefs
Gh-Request-Id
HA-Ipaddr
Is-Eu
Fastcgi-Cache-TTL
L5d-Success-Class
HostName
Producers
X-Branch-Name
X-Aicache-OS
Traceparent
Fastly-SIE
X-Rebelmouse-Cache-Control
TDXMobile
X-GeoIP-City
Thinkindot-Control
Thinkindot-CacheControl-Type
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Old-Content-Length
Thinkindot-CacheControl
Origin-EX
X-Qloud-Router
X-VServer
Release
Origin-CC
X-Optimistic-Header
X-Loc
X-Httpd
Server-Ext
Server-Hostname
X-Skip-Cache
Sever-Int
X-Proxy-Cache-Info
X-Cache-Date
X-Thinkindot-L3
X-Parent-Response-Time
X-Scale
CloudFront-Viewer-Country
X-Response-By
X-Via-Ucdn
AMP-Access-Control-Allow-Source-Origin
X-Sn-Servicetimems
X-Cdn-Origin
Locid
X-EC-Lua
X-RPM
X-SIPLIST1
X-IPLB-Request-ID
X-Owner
X-VC
X-NC
X-DB
X-CS
X-RSL
X-RPS
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Srv
DSUID
IsBot
NGX
X-DI
Pics-Label
X-Refresh
X-DSS
X-DW
X-TraceId
X-Accel-Expires-Debug
X-Newrelic-Synthetics
Servername
Ohc-File-Size
X-LB-NoCache
Time
Memory
X-Tt-Logid
X-Ah-Environment
X-Date
X-Akamai-Transformed
Ms-Author-Via
Datacenter
X-Tb-Optimization-Total-Bytes-Saved
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Wikidot-Static-Cache
Env
X-Generated-In
X-BCube-Filmed-By
X-Wikidot-Backend
X-Mvc-Supplant-OutputCached
Candidate-Md5Url
X-Edge-Pop
Cache-Key
X-Udemy-Cache-App-Namespace
GEO-INFO
CPC-Cache
X-Contensis-Viewer-Groups
CPC-Age
X-Amz-Meta-Cb-Modifiedtime
Geo-Info
VNS-Age
XM
X-Cache-Debug
X-Ad-Defer-Variation
X-SplitTest
X-Cache-ASPX
VNS-Cache
X-TIME
X-Xrds-Location
X-Via-Poph
X-WA-Info
X-Via-Popv
X-Via-Popn
ITXSESSIONID
X-API-Version
GeoIp-Country-Code
Fastly-Backend-Name
X-Varnish-Authentication
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
X-Cache-Status-Check
X-HA-Backend
X-Micro-Cache
X-Servedbyhost
CacheControlHeader
X-RateLimit-Reset
Path
Client
X-AIR-PT
X-TH-Server
X-CACHE-KEY
X-S-Maxage
True-Client-Country-4JS
Geoip-Latitude
X-Action
Server-ID
Cache-Host
Lb
X-VCL-Version
X-Backend-TTL
X-Vc
X-VHOST
X-Cs
Ohc-Cache-HIT
X-DC
X-Trace-ID
Ngx.Var.Host
FSS-Cache
X-Varnish-Beresp-TTL
Hostname
X-Req
Edge-Cache
True-Client-IP
X-Presslabs-Stats
XkeyRZ
X-Api-Version
X-Proxy-CacheRZ
My-App
X-Provided-By
X-Clientip
X-TX-ID
X-Webkit-Csp-Report-Only
X-Pass-Why
X-Fpc
X-FireWall-Port
Powered-By
X-Zone
X-Origin-Upstream-Status
X-PX
X-Up
NtCoent-Length
X-B3-Spanid
X-FPC
Test
X-Varnish-Beresp-Ttl
X-Traceid
X-LB-ID
DataCenter
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-Dmc
X-CSRF-TOKEN
X-MSEdge-Flight
X-Cdn-Request-ID
X-MSEdge-Features
X-Dynatrace
X-Correlation-ID
X-Beluga-Status
X-Webkit-CSP-Report-Only
X-UnsetCookies
X-Beluga-Cache-Status
X-Li-Pop
X-Vcl-Version
X-Beluga-Response-Time
X-Li-Fabric
X-Beluga-Trace
User-Agent
X-Render-Time
X-Beluga-Node
X-LI-UUID
X-Beluga-Record
X-HS-Status
Server-Id
X-Geo
Proxy-Connection
Rip
OT-Force-Account-Verify
WZWS-RAY
X-ND-Cache
X-INCAP-ABP
X-CLOUD-TRACE-CONTEXT
X-Service
X-CUA
X-Ha-Backend
X-Via-PopN
X-Time-Microsecs
X-Via-PopV
Click-Count-Error
X-Via-PopH
X-Gateway-Request-Id
Click-Count-Action-Start
X-B3-Traceid-Primal
Tube-Return
Tube-Get-Contents
MIME-Version
X-RAMCache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
C-Via
X-URL
X-Gateway-Skip-Cache
Tube-Got-Eval
Tube-Got-Results
X-Alfa-Service
X-Check-Cacheable
X-Qnm-Cache
X-Platform-Router
GeoIP-Latitude
Target-Params
Tracecode
X-ServedByHost
GeoIP-Country-Code
X-M-Log
Srvid
Sid
HIT
Esi-Enabled
X-Platform-Processor
Cf-Device-Type
X-Fragments
X-Platform-Cluster
Fastly-Drupal-HTML
X-M-Reqid
Uri
X-DynaTrace-JS-Agent
X-Akamai-Pragma-Client-IP
X-Proxy-Cache-Hk
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Epwk-X-Cache
On-Server
X-FC-Vary-Parameters
X-Sucuri-Cache
ENV
Lfy
X-Sucuri-ID
X-Azure-Ref-OriginShield
X-ATG-Version
X-Var-Ttl
X-Fastly-Backend-Reqs
X-Fastly-Backend
X-LI-Proto
Tcn
Resin-Trace
X-Fetch-By
Srv
X-TRACE-ID
X-Backend-Host
X-APP
Cdn
X-Cdn-Forward
X-Esi
X-LiteSpeed-Cache-Control
X-NU-AKA-ACS-Version
X-Edge-POP
X-Cache-Expires
X-Li-Proto
Magicmarker
X-Backend-State
XServer
Section-Io-Id
X-Varnish-Beresp-Status
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Srcache-Store-Status
X-MG-S
X-Srcache-Fetch-Status
X-Yottaa-OS
X-App
X-Lb-Nocache
Inserted-Into-Cache-At
X-ElasticPress-Query
ServerName
PICS-Label
CF-Cached-On
X-Newrelic-App-Data
Wpo-Cache-Message
D-Url-Rewrites
Wpo-Cache-Status
X-Iplb-Request-Id
X-Acquia-Application-Trace
X-Vcache
X-Acquia-Site
Cf-Ipcountry
X-Acquia-Application-UUID
X-Request-Start
X-Iplb-Instance
X-Nc
Server-Ttl
X-Cache-CFC
X-Serial
X-Acquia-Purge-Tags
Servedby
X-HostName
Warning
X-Vercel-Cache
X-Vercel-Id
M-TraceId
X-Wp-Cf-Super-Cache-Cache-Control
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
Content-Script-Type
X-IN-APIGATEWAY
X-Dist-Code
X-B3-Parentspanid
X-BBC-Origin-Response-Status
X-Release
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
X-Snapshot-Date
Ngx
X-Request-Url
Cneonction
X-Thanos
X-Swift-Error
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
X-CF-Powered-By
Content-Style-Type
X-Dw-Trace-Id
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Tag
CountryCode
X-Bip
X-Request-URL