Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Request-Id
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
Report-To
NEL
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
X-Envoy-Upstream-Service-Time
Status
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Turbo-Charged-By
X-Cache-Group
P3p
X-UA-Device
Keep-Alive
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-AH-Environment
X-Server-Powered-By
X-Robots-Tag
X-Server
X-Hacker
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-WebKit-CSP
X-Nginx-Cache-Status
X-LiteSpeed-Cache
X-Request-ID
X-Page-Speed
X-Ua-Compatible
EagleEye-TraceId
X-Vhost
X-Amz-Version-Id
X-OneAgent-JS-Injection
Accept-CH
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Dispatcher
X-Device
X-Cache-Spec
X-Host
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Accept-CH-Lifetime
X-Application-Context
X-Dns-Prefetch-Control
Xkey
Content-Location
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-B3-TraceId
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Cloud-Trace-Context
Allow
X-Url
X-Aws-Lambda-Call-Status
X-Trace
Accept-Ch-Lifetime
X-PC
X-TtlSet
X-Vname
X-Content-Type
X-Ac
X-Server-Name
X-Clacks-Overhead
Fastly-Restarts
Edge-Control
X-Varnish-TTL
X-ESI
Cache-Tag
X-Mod-Pagespeed
X-Rack-Cache
X-VARITI-CCR
MS-Author-Via
Service-Worker-Allowed
X-Element-Page-Cache
X-Vcap-Request-Id
Verso
X-MS-InvokeApp
X-Amz-Rid
Public-Key-Pins
X-Upstream
X-FastCGI-Cache
X-GitHub-Request-Id
X-Cache-TTL
X-CST
X-Dw-Request-Base-Id
RTSS
X-Cnection
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Abt-Application-Version
X-Client-IP
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-D2id
X-Px
X-Cached
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Country-Code
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-TTL
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
Response
X-Middleton-Response
X-RateLimit-Remaining
X-Version
X-Powered-CMS
X-MSEdge-Ref
X-LLID
Nginx-Cache
X-Kinsta-Cache
X-Edge-Location-Klb
TCN
X-Amz-Server-Side-Encryption
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Origin-Cache
X-Edge
X-Protected-By
X-Language
X-Aspnetmvc-Version
X-T
X-Forwarded-For
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
X-Shield-Request-Id
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Mg-S
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Id
SPRequestDuration
SPIisLatency
S
Content-MD5
X-Ser
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Template
Front-End-Https
X-NWS-LOG-UUID
X-Cache-Key
Fastcgi-Cache
X-Correlation-Id
Realpath
X-Request-Received
Server-Node
X-Request-Processing-Time
X-Mid
Filters
X-Recruiting
X-Frontend
X-Content
X-Ab
X-Ruxit-Js-Agent
X-Yandex-Sdch-Disable
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Server-Name
X-HS-Combine-CSS
X-SharePointHealthScore
SPRequestGuid
X-MCACHE
X-DynaTrace
X-Ezoic-Cdn
X-Ttl
MicrosoftSharePointTeamServices
X-Hits
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Daa-Tunnel
X-Parallel-Accel
X-Litespeed-Cache
Cleartype
X-Tt-Trace-Host
X-Debug-Info
X-Tt-Trace-Tag
Cache-Tags
X-DataDome
X-Page-Id
Charset
X-B3-Sampled
Host
X-Ratelimit-Limit
X-Geo-Country
X-DIS-Request-ID
X-Git-Hash
X-ECACHE
Cross-Origin-Opener-Policy
X-Www-Served-By
X-ASPNET-VERSION
X-Content-Digest
X-Amzn-Trace-Id
X-Content-Options
ServerID
X-Hostname
X-Grace
X-F-Cache
X-Server-ID
Filterid
X-Upgrade-Enabled
X-Accel-Expires
X-Amz-Replication-Status
Alternate-Protocol
X-FB-Debug
X-WebKit-CSP-Report-Only
X-N
X-XRDS-LOCATION
X-Fastly-Request-Id
X-Varnish-Age
X-AppVersion
X-Az
X-Origin-Server
X-Forwarded-Proto
X-Activity-Id
X-Distributor
Accept-Ch
X-Nginx-Upstream-Cache-Status
Fusion-Component-Id
X-LB-Cache
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Viewport
X-VCache
X-Mobile-URL
X-Rid
X-Seen-By
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-App-Environment
X-Ratelimit-Reset
X-Tb
X-Wix-Request-Id
X-FW-Dynamic
X-Type
X-FW-Hash
X-TT
X-Goog-Generation
X-Is-Crawler
X-Flags
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Aspnet-Duration-Ms
X-User-Agent
Country
DC
X-Whom
X-Goog-Stored-Content-Length
X-Providence-Cookie
X-Request-Guid
Paypal-Debug-Id
X-Route-Name
Access-Control-Allow-Method
Accept-Charset
X-Varnish-Grace
X-Fastcgi-Cache
Fastcgi-Useragent
Payment
Node
TP-Cache
TP-L2-Cache
X-Webkit-Csp
X-Fastly-Request-ID
X-Via-JSL
X-Cluster-Name
X-Cache-Rule
X-App-Server
X-Drupal-Cache-Tags
X-Buckets
X-Cache-Control
X-Signature
X-B-Cache
Cache-Status
X-Contextid
Version
X-Cache-Age
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-NGENIX-Cache
X-Request-Handler-Origin-Region
X-Microsite
Referer-Policy
X-Node-Name
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Backend
Refresh
X-Load-Cache
X-Original-Request-Id
X-Response-Served-From
VIX-Pulpo-Node
SD-X-WS
NGB
X-Mobile
VIX-Pulpo-Upstream-Status
X-Erf-Bev-Bev-Is-Generated
X-Cache-Expired-At
X-Erf-Bev-Bev
X-Browser-Type
X-IPLB-Instance
X-Is-Bot
X-Proxy-Cache-Status
X-Vgn-Hpd-Reason
X-Revision
X-Rendered-As
X-Real-IP
X-Logged-In
X-Jobs
X-Cache-Action
X-Cacheable-TTL
X-B
X-Accel-Buffering
Access-Control-Request-Headers
Surrogate-Key
X-Debug
X-FW-Version
X-Yottaa-Optimizations
X-TEC-API-ORIGIN
X-Yottaa-Metrics
X-Page-View
X-Instance
X-TEC-API-ROOT
X-Drupal-Cache-Contexts
X-TEC-API-VERSION
Akamai-GRN
X-Rule
X-UUID
X-Proxy
X-Cache-Time
X-Framework
X-Device-Type
X-Debug-IsConnected
X-G
X-Debug-IsPreview
X-Presslabs-Stats
CF-IPCountry
X-Cache-NGX
X-RemovedCookies
X-ProcessESI
SID
Count-Hit
GEO-INFO
X-Origin-Upstream-Status
X-Oneagent-Js-Injection
Uber-Trace-Id
Protected
X-RateLimit-Limit
X-APP-VERSION
X-Cache-Operation
X-XRDS-Location
X-Nginx-Cache
X-Zen-Fury
X-Source
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-EdgeConnect-Cache-Status
X-Hyper-Cache
WPO-Cache-Message
WPO-Cache-Status
X-Cache-TTL-Remaining
X-Servername
X-Ms-Request-Id
Liferay-Portal
X-Ms-Version
DynaTrace
Ec-Rule-Version
X-Cache-Hit
Retry-After
X-Ratelimit-Remaining
X-IPS-LoggedIn
X-Unique-Id
Backend
X-Azure-Ref
X-Adobe-Content
Content-Disposition
X-Adobe-Loc
Healthy
MS-CV
X-RTag
X-Cache-Grace
X-NewRelic-App-Data
X-Mode
Url
Ms-Operation-Id
X-CDN-Forward
X-Trace-Id
Cross-Origin-Window-Policy
Frame-Options
X-PressLabs-Stats
X-Tumblr-Pixel-0
X-Tumblr-User
Content-Secure-Policy
Countrycode
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Detected-As
Country-Code
X-Rewrite-Enabled
X-UPSTREAM-Address
X-TIME
X-RN-RSRV
X-Uri
X-Tid
X-Backend-Name
X-Redis-Cache
Meta-Geo
Webcakes-Region
X-Generated-By
Azure-RegionName
X-Routing-Service
Apigw-Requestid
Decoy-Debug-TTL
X-Zipkin-Id
X-L-Path
X-Hosted-By
X-Format
X-Cache-Server
X-Cluster-Node
X-Cache-Host
Azure-InstanceId
X-ShopId
X-Debug-Cache
X-Server-W
X-FB-TRIP-ID
Property-Id
X-Proxied
X-Extlb
X-Environment-Context
X-Alternate-Cache-Key
X-Sql-Count
X-Sql-Duration-Ms
Xserver
Eomportal-Instance
X-Shopify-Stage
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
X-Generation-Time
X-Pubstack
Azure-SiteName
TWC-Locale-Group
X-Sorting-Hat-ShopId
X-Origin-Hint
X-Content-Age
TWC-Connection-Speed
Decoy-Debug-Status
Webcakes-App-Version
Azure-Version
X-Sorting-Hat-PodId
TWC-Device-Class
X-ShardId
Webcakes-App-Name
Azure-SlotName
Decoy-Debug-Key
CDN-Uid
X-ApacheServer
Mn-Server-Ip
X-Access
X-Region
X-ServerID
X-UA-Device-Type
X-Say-TTL
X-Section
X-PHP-Backend
X-Varnish-Server
X-Web-Node
X-Say-Cacheable
X-SayCDN-TTL
X-Status
X-Site-Version
X-PERF
X-Nginx-Cache-Key
X-NCache
X-Microcachable
X-Human
X-No-Session
X-NYM-Debug-Backend
CDN-RequestId
X-PCL
X-Origin-Date
X-OCL
X-Forwarded-Host
X-Akamai-Edgescape
CDN-Cache
CDN-RequestCountryCode
Cache-Name
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
X-Cache-Remote
Cache-Tv-Group
X-Content-Powered-By
X-Via-Fastly
Fastly-SSL
X-Cache-Type
X-Be
X-BYPASS-REASON
X-Storage
X-Timing-Wait
LB
X-ProxyCache-Key
X-ProxyCache-Status
Selected-Fe
X-Proxy-Build
X-Varnishpool
X-Ua
X-SaId
X-Soup
X-Hl-Ver
X-JoinUs
X-Varnish-Beresp-Grace
X-R9-Blue-Green-Version
Section-Io-Cache
X-Platform-Server
X-LSADC-Cache
X-NWS-UUID-VERIFY
X-Cached-By
X-Cache-Tags
From-Origin
DB-Nickname
X-Xfnlog-Site
X-Dc
X-Akamai-Transformed
X-Bc-Bl
Xet-Cookie
X-ECache
X-Akamai-Request-ID2
ServedBy
Upgrade-Insecure-Requests
X-AOL-HN
Mime-Version
X-Http-Reason
X-Cdn
X-Varnish-Cache-Hits
Cache
S-Rt
OT-Force-Account-Verify
X-Request-Time
X-Auto-Login
X-GEO
X-TT-LOGID
Source
WP-Super-Cache
X-Origin-TTL
X-Origin-CC
HostName
X-Request-Host
X-Cache-Enabled
SRV
X-CSRF-Token
X-Azure-Ref-OriginShield
X-LAGOON
Accept-Language
X-Handled-By
X-Varnish-Hits
X-SRV
Cache-Hits
X-Reqid
X-Loop
X-Varnish-Hostname
X-Adobe-Source
Fastly-Drupal-Html
X-Mg-Request-UUID
Nel
X-TNCMS
Server-Info
X-FireWall-Port
Onion-Location
X-RCS-CacheZone
X-S-Maxage
X-Endurance-Cache-Level
X-Amz-Meta-S3cmd-Attrs
Webserver
X-GG-Cache-Date
X-HTML-Minification-Powered-By
Web-Mar-Node
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Magnolia-Registration
X-Locale
X-Origin-Response-Time
X-EC-Lua
DCR-Decision-By
X-Developer
X-B3-SpanId
Expiry
Fastcgi-X-Cache-Version
X-D
X-Gen-Mode
X-Slack-Backend
X-Processor
DCR-Processing-Time-Ms
X-B-Cookie
X-SRCache-Key
X-A-Ccd
X-ScT
X-A-Dcw
X-SD-PageType
A
X-S-Cookie
X-S
X-A-Wwc
X-Rojux
X-Labrador-Cache-Channel
X-PHP-Host
X-A-Dam
BehaviorPad-Version
X-A
X-Application
X-Destination
X-ARC
X-Forwarded-Path
X-Shop-Environment
X-Session-Fingerprint
X-Aed
X-Tenant
X-Proxy-Upstream
X-Planisys-CDN-Rules
X-Webstats-RespID
X-Vtex-Remote-Cache
Pramga
Xc-Version
X-Ftr-Request-Id
Web-Mar-Region
X-Vtex-Processado-Em
X-Planisys-CDN-TTL
X-Viewer-Country
X-Men
X-CF-Lambda-Version
X-Epic-Correlation-Id
Vix-Hermes-Req-Id
X-GeoIP-Country-Code
Sslversion
Surrogated-Key
X-CF-Lambda-Fn
User-Cache-Control
X-GeoIP-Region-Code
X-Hnp-Log
Rendered-Blocks
V-Age
X-Ig-Push-State
X-Cache-NE
Odigeo-Trace-Id
X-Ckpd-Fst-Backend
X-Conf
X-Backend-TTL
X-External-Request-Id
X-V-Cache
X-Cluster
X-Forwarded-Site
X-PAYTM-SRV-ID
X-Planisys-CDN-Cache
X-A-Dgt
X-PBS-Appsvrname
X-TIM-N
X-Connection-Hash
X-VG-WebCache
X-Varnish-Ttl
X-Vdms-Version
Mobile-Detection-Method
X-ND-Cache
X-Cache-Bucket
X-Cache-Backend
Meta-Geo-Continent
X-Orig-Expires
X-Block-Status
X-NAPM-TraceId
X-Vdms-Path
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
N-Cache
X-VG-TLSProxy
X-DI
X-Node-Id
X-Correlation-ID
X-Gdpr
X-Mvc-Supplant-Cachable
Origin-EX
Origin-CC
Origin
X-Esi-Check
X-NodeID
X-HS-Content-Campaign-Id
X-Fastly-Cache
X-TH-Server
X-Origin-Expires
X-Origin
X-Old-Content-Length
Machine
X-Geo-Header
X-Cache-Date
X-Cdn-Srv
State
X-Amzn-RequestId
X-Time
X-DSS
X-Cdn-Origin
Svr
True-Client-Country-4JS
Traceparent
X-Amz-Apigw-Id
X-Gzip
X-Hash
Fastcgi-Cache-TTL
AKAMAI
X-Wix-Viewer-Type
Host-ID
X-Cache-Id
X-DW
X-Cache-Info
X-Irp-Debug
X-Core-Mission
X-Device-Os
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Action
Apple-News-Services-Request-Url
Arc-Country
X-Date
X-Aicache-OS
X-Server-IP
X-Accel-Expires-Debug
X-DB
X-Rocket-Nginx-Serving-Static
X-Req
X-Request-URI
X-RPM
X-RPS
X-Amzn-Remapped-Content-Length
X-Scheme
X-RSL
CacheControlHeader
Wxu-Next-Region
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Policy
Fastly-GeoIP-CountryCode
X-Pod-Name
Gh-Request-Id
X-Location
Wxu-Next-Commit
X-Nyt-Route
Edge-Cache
Cmsid
Wxu-Next-Hostname
CDCHOST
Cmstype
X-Fetched-On
DSUID
X-Origin-Time
X-Sn-Servicetimems
X-Restarts
Environment
X-Proto
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
Thinkindot-Control
Thinkindot-CacheControl
X-Edge-Location
Thinkindot-CacheControl-Type
X-Envoy-Decorator-Operation
X-VServer
X-Varnish-Remaining-TTL
Cf-Device-Type
PFcat
Server-Host
TDXMobile
X-Core-Value
X-Thinkindot-L3
X-MP-GENERATED-AT
X-VarnishDD-TTL
X-Worker
X-Minions-Version
X-Gamma-Serve
X-Level-Front-Cache
X-JWT-State
X-Developers
X-DPWN-IS-SECURE
X-Generated-On
X-Has-Esi
X-Is-Gdpr
X-HN
X-Varnish-CookieINHashed-On
X-Eu-Site
X-RateLimit-Limit-Second
X-Qloud-Router
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Platform
X-Owner
X-Li-Fabric
X-GeoIP-City
X-Li-Pop
X-LI-UUID
X-Loc
X-Response-By
X-Rocket-Build-Number
X-TrackingId
X-Fastly-Backend
X-UnsetCookies
X-GeoIP
X-Variation
X-Time-Microsecs
X-Storefront-Renderer-Rendered
X-DefHash
X-Served-From
X-Sigma
X-Sigma-Backend
X-Skip-Cache
X-Varnish-CookieHashed-On
X-Datadog-Sampling-Priority
Mail-Subject
Locid
L5d-Success-Class
L
Platform
Redirect-Candidate
Ssr
Req-Svc-Chain
Release
X-DefElseHash
Is-Eu
Adler-Geo
X-Via-NSCOPI
X-VC-Cache
X-Tx-Id
CloudFront-Viewer-Country
Fastly-SIE
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
We-Hiring
NM-Fastcgi-Cache
X-Branch-Name
X-ATG-Version
X-CGP
X-BBC-Edge-Cache-Status
X-Cache-Debug
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Datadog-Trace-Id
X-TraceId
X-Ua-Device
X-FC-Vary-Parameters
X-NC
AMP-Access-Control-Allow-Source-Origin
Kp-EeAlive
Memcached
X-Sucuri-Cache
X-Sucuri-ID
X-Srv
X-App-Version
X-Mvc-Supplant-OutputCached
CDN
NGX
X-Tb-Optimization-Total-Bytes-Saved
Ms-Author-Via
X-NU-AKA-ACS-Version
X-Optimistic-Header
X-Generated-In
X-LB-ID
X-CacheTTL
X-Zone
Env
X-CS
X-Varnish-Beresp-Status
X-Trace-ID
X-Tt-Logid
X-User
X-Up
X-Ec-GeoHdr
X-Ec-Fail
X-API-Version
X-LB-NoCache
Pics-Label
X-Backend-State
X-Refresh
Magicmarker
X-TA-CDN-Provider
WebServer
X-Varnish-Beresp-Ttl
X-Xrds-Location
X-Edge-Pop
X-Request-Start
X-Cache-Var
X-Cache-Var-Map
X-Webkit-CSP
Cdncip
GeoIp-Country-Code
Time
X-Thanos
X-Bip
X-CACHE-KEY
Memory
X-Via-Popn
X-Via-Popv
Cdnsip
X-Via-Poph
X-AK-Request-ID
X-DC
X-ZONE
X-Parent-Response-Time
DataCenter
X-Fmm-Version
Cluster
X-WADP-Cache
X-Clara-WADP
X-Esi
X-Varnish-Beresp-TTL
My-App
X-Cs
X-Servedbyhost
X-HA-Backend
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Cache-Config
X-MSEdge-Flight
X-Dynatrace
X-CUA
X-MSEdge-Features
X-CLOUD-TRACE-CONTEXT
X-From
Candidate-Md5Url
T-Server
NtCoent-Length
Server-ID
Tracecode
X-VC
Datacenter
X-VCL-Version
Lang
X-Var-Ttl
Geoip-Latitude
X-Pass-Why
X-Traceid
X-Provided-By
X-Fragments
X-TX-ID
Lfy
X-B3-Spanid
X-Vc
Cf-Int-Pingora-Origin-Digest
X-FPC
X-Li-Proto
X-Fpc
X-Webkit-Csp-Report-Only
X-WP-CF-Super-Cache
Target-Params
X-WP-CF-Super-Cache-Cache-Control
X-Newrelic-Synthetics
X-DynaTrace-JS-Agent
WWW-Authenticate
On-Server
X-LI-Proto
Geo-Info
Proxy-Connection
X-RAMCache
X-App
Permissions-Policy
Esi-Enabled
X-Mcache
M-TraceId
Server-Id
X-Vcl-Version
X-Httpd
X-Proxy-Cache-Info
Servername
X-RateLimit-Reset
X-Datadome
X-Service
X-Cache-PHP
X-SB
FSS-Cache
X-Ha-Backend
C-Via
X-Udemy-Cache-App-Namespace
Producers
WZWS-RAY
X-Webkit-CSP-Report-Only
Fastly-Drupal-HTML
X-CSRF-TOKEN
X-Api-Version
X-Cache-Ttl
X-Pool
Test
X-Cache-Status-Check
Resin-Trace
X-ID
X-Render-Time
Hostname
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Ec-Custom-Error
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Scale
Hit
X-ServedByHost
X-LiteSpeed-Cache-Control
X-Dynatrace-Js-Agent
X-URL
X-Akamai-Path-Stats
X-Geo
X-Dispatcher-Number
X-Edge-POP
GeoIP-Country-Code
MD5-Digest
X-Cdn-Forward
X-Cms-Context
MIME-Version
Server-Ext
X-Via-Ucdn
X-SIPLIST1
Server-Hostname
Uri
Sever-Int
IsBot
X-NGINX-Cache
X-Edge-Cache
X-Fastly-Backend-Reqs
X-Unique-ID
X-Ucs
X-UP
X-HS-Status
X-Pad
ENV
X-ElasticPress-Query
X-Clientip
X-Cache-CFC
X-Acquia-Purge-Tags
X-Oss-Storage-Class
X-Lb-Nocache
X-Acquia-Site
X-Acquia-Application-UUID
ServerName
PICS-Label
X-Acquia-Application-Trace
X-Oss-Server-Time
X-Oss-Request-Id
X-Fetch-By
X-Cache-Expires
X-GoCache-CacheStatus
X-Wikidot-Backend
HIT
X-Wikidot-Static-Cache
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Check-Cacheable
X-Oss-Object-Type
Section-Io-Id
Section-Io-Origin-Status
X-Oss-Hash-Crc64ecma
X-Srcache-Fetch-Status
X-MG-S
X-Srcache-Store-Status
X-WA-Info
Server-Ttl
X-GeoCountry
X-GeoCode
Load-Balancing
X-LiteSpeed-Tag
X-Swift-Error
X-BBC-Origin-Response-Status
X-Lb-Id
X-TRACE-ID
X-Cdn-Request-ID
X-Fastly-Cache-Hits
Tcn
X-Dw-Trace-Id
S-Cnection
Path
CF-Cached-On
X-Contensis-Viewer-Groups
X-BCube-Filmed-By
Cneonction
X-Ad-Defer-Variation
Vha6-Origin
UCS
Ngx
X-Snapshot-Date
X-Varnish-Authentication
X-B3-ParentSpanId
Cf-Ipcountry
Cache-Host
Cteonnt-Length
Client
GeoIP-Latitude
X-Akamai-ERRuleID
X-Nc
X-Akamai-ERPolicy
Cache-Key
URI
X-Cache-ASPX
Wpo-Cache-Status
Wpo-Cache-Message
X-Vcache
X-Newrelic-App-Data
X-Amz-Meta-Cb-Modifiedtime
Sid
X-HostName
X-Air-Pt
X-Cache-Ngx
VNS-Age
X-Midtier
X-Request-URL
X-SplitTest
XM
X-Dist-Code
VNS-Cache
X-Yottaa-OS
CPC-Age
CPC-Cache
Cdn
X-Request-Url
User-Agent
X-Akamai-Request-ID
X-Sentry-ID
X-Akamai-Pragma-Client-IP
X-Last-Modified
X-UA
X-Te-Count
X-Te-Duration-Ms
X-Http-Count
X-Shopify-Generated-Cart-Token
X-Http-Duration-Ms
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
Req-ID
X-CacheKey
X-IN-APIGATEWAYSSL
X-B3-Parentspanid
X-IN-APIGATEWAY
CountryCode