Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-Request-ID
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
Report-To
X-Age
X-Backend
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
NEL
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
X-Host
Accept-CH
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
X-Cache-Lookup
Accept-CH-Lifetime
X-Trace
X-Url
X-Ac
X-Content-Type
X-TtlSet
X-PC
X-Vname
Allow
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-Mod-Pagespeed
X-Server-Name
X-ESI
Fastly-Restarts
X-Aws-Lambda-Call-Status
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-FastCGI-Cache
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-Vcap-Request-Id
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-Px
RTSS
X-Navigation-Version
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Exp-Variant
X-Kinja
Arr-Disable-Session-Affinity
X-Use-Magma
X-Country-Code
X-Kinja-Server
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Powered-CMS
AR-PoweredBy
AR-ATIME
AR-SID
AR-CACHE
AR-Request-ID
X-Origin-Cache
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Version
X-Middleton-Response
Response
X-TTL
X-LLID
X-Amz-Server-Side-Encryption
X-MSEdge-Ref
X-Kinsta-Cache
X-Edge-Location-Klb
TCN
Nginx-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Protected-By
X-T
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-RateLimit-Remaining
X-Shield-Request-Id
X-Id
X-Aspnetmvc-Version
X-Mg-S
Accept-Ch
S
Content-MD5
Edge-Cache-Tag
X-CST
X-Language
SPRequestDuration
SPIisLatency
Fastcgi-Cache
Front-End-Https
X-Mid
X-DynaTrace
Realpath
X-Recruiting
X-Request-Processing-Time
Server-Node
X-Request-Received
Filters
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Frontend
Server-Name
X-Content
X-Ua-Browser
X-Ab
X-MCACHE
X-Ruxit-Js-Agent
X-Correlation-Id
X-Ser
X-Cache-Key
X-Ttl
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-NWS-LOG-UUID
X-Template
X-Ezoic-Cdn
X-ECACHE
SPRequestGuid
X-SharePointHealthScore
X-Hits
X-Parallel-Accel
X-Server-ID
MicrosoftSharePointTeamServices
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Alternate-Protocol
Charset
X-Page-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
X-B3-Sampled
Host
Cleartype
X-Git-Hash
X-Www-Served-By
X-Content-Options
X-Geo-Country
X-Debug-Info
X-Hostname
X-Ratelimit-Limit
X-DIS-Request-ID
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Content-Digest
X-Amz-Replication-Status
X-Varnish-Age
Filterid
Cross-Origin-Opener-Policy
X-AppVersion
X-Activity-Id
X-Az
X-FB-Debug
X-Upgrade-Enabled
X-Grace
X-VCache
X-Accel-Expires
X-Nginx-Upstream-Cache-Status
ServerID
X-Forwarded-Proto
X-N
X-F-Cache
X-Origin-Server
X-Rid
Access-Control-Allow-Method
X-Mobile-URL
X-Fastly-Request-Id
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
X-Route-Name
X-Aspnet-Duration-Ms
X-Flags
X-LB-Cache
TP-Cache
X-Type
TP-L2-Cache
X-Whom
X-TT
X-Varnish-Grace
X-Goog-Generation
X-App-Environment
Viewport
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-Seen-By
X-Goog-Metageneration
X-DataDome
X-Tb
Payment
X-WebKit-CSP-Report-Only
Node
X-Distributor
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Dynamic
DC
X-User-Agent
Paypal-Debug-Id
X-XRDS-LOCATION
X-App-Server
X-Fastly-Request-ID
Country
X-Wix-Request-Id
Accept-Charset
Fastcgi-Useragent
X-Litespeed-Cache
X-NGENIX-Cache
X-Cache-Control
X-Fastcgi-Cache
X-Cache-Rule
X-Ratelimit-Reset
X-Origin-Upstream-Status
Version
X-Webkit-Csp
X-Via-JSL
Referer-Policy
X-Drupal-Cache-Tags
X-Logged-In
X-Request-Handler-Origin-Region
X-Microsite
X-Cluster-Name
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Contextid
Amp-Access-Control-Allow-Source-Origin
X-Cache-Age
X-Buckets
X-B-Cache
X-Signature
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Browser-Type
X-Erf-Bev-Bev
Refresh
X-Erf-Bev-Bev-Is-Generated
Cache-Status
X-Original-Request-Id
X-Response-Served-From
X-Mobile
VIX-Pulpo-Upstream-Status
X-Node-Name
X-Load-Cache
VIX-Pulpo-Node
SD-X-WS
X-Varnish-Backend
X-Vgn-Hpd-Reason
X-Rendered-As
X-Real-IP
X-Page-View
X-Is-Bot
X-Cache-Expired-At
X-B
X-Debug
X-IPLB-Instance
Access-Control-Request-Headers
X-Cacheable-TTL
NGB
X-Jobs
X-Revision
X-Proxy-Cache-Status
X-Cache-Action
X-Yottaa-Optimizations
X-Device-Type
X-ProcessESI
X-Rule
X-Yottaa-Metrics
X-UUID
X-RemovedCookies
X-Proxy
X-Instance
Akamai-GRN
X-Drupal-Cache-Contexts
Surrogate-Key
X-Cache-Time
X-Debug-IsPreview
X-Debug-IsConnected
X-Framework
X-G
X-FW-Version
CF-IPCountry
X-Air-Hostname
X-Air-Source
SID
X-Air-Trace-Id
GEO-INFO
X-Accel-Buffering
DynaTrace
X-PressLabs-Stats
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Azure-Ref
X-TEC-API-ROOT
X-Oneagent-Js-Injection
X-Ratelimit-Remaining
X-Nginx-Cache
Liferay-Portal
X-Cache-NGX
Count-Hit
X-Source
Uber-Trace-Id
X-Ms-Request-Id
X-Ms-Version
X-Presslabs-Stats
X-Cache-Operation
X-XRDS-Location
Frame-Options
X-RTag
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-Zen-Fury
X-CDN-Forward
Ms-Operation-Id
MS-CV
Healthy
Protected
X-Cache-Hit
X-Backend-Name
X-Environment-Context
Countrycode
X-L-Path
X-Mode
Xserver
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Cross-Origin-Window-Policy
X-Varnish-Server
X-IPS-LoggedIn
X-Tumblr-User
Ec-Rule-Version
X-Tumblr-Pixel-1
LB
X-Cache-TTL-Remaining
Backend
X-Hyper-Cache
X-JoinUs
X-RN-RSRV
X-Detected-As
X-Region
Meta-Geo
X-Tid
X-Content-Age
X-Adobe-Content
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Forwarded-Host
X-Servername
X-SaId
X-Adobe-Loc
X-ShardId
X-Alternate-Cache-Key
X-Routing-Service
Decoy-Debug-TTL
Decoy-Debug-Key
Country-Code
Eomportal-Instance
X-Zipkin-Id
X-Uri
X-Generation-Time
X-Debug-Cache
X-Hosted-By
X-Cache-Server
Section-Io-Cache
WPO-Cache-Message
X-Extlb
X-Cache-Grace
X-Format
WPO-Cache-Status
X-Redis-Cache
Apigw-Requestid
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Proxied
Decoy-Debug-Status
X-Sorting-Hat-ShopId
X-Sql-Count
X-Sql-Duration-Ms
Content-Disposition
Cache-Name
X-Section
X-Site-Version
X-OCL
X-Origin-Date
X-ApacheServer
X-No-Session
X-NCache
X-FB-TRIP-ID
X-Human
X-Microcachable
X-Via-Fastly
X-PCL
X-Access
X-ServerID
Mn-Server-Ip
X-PHP-Backend
X-Status
X-PERF
X-Varnish-Beresp-Grace
Fastly-SSL
Url
X-Content-Powered-By
X-BYPASS-REASON
X-Akamai-Edgescape
Webcakes-Region
X-Cache-Host
Webcakes-App-Version
X-Cluster-Node
X-Cache-Type
X-NYM-Debug-Backend
Webcakes-App-Name
TWC-Device-Class
TWC-Connection-Speed
Selected-Fe
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
X-Origin-Hint
X-Proxy-Build
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
X-UA-Device-Type
X-Timing-Wait
X-Pubstack
X-ProxyCache-Status
X-ProxyCache-Key
X-Say-Cacheable
X-SayCDN-TTL
X-Storage
X-Server-W
Property-Id
X-Say-TTL
Cache-Tv-Group
X-RateLimit-Limit
X-R9-Blue-Green-Version
X-NewRelic-App-Data
X-Hl-Ver
X-Soup
X-Be
X-Generated-By
X-Varnishpool
X-Web-Node
Azure-RegionName
Azure-SlotName
Azure-InstanceId
Azure-Version
Azure-SiteName
Content-Secure-Policy
X-Azure-Ref-OriginShield
X-Ua
X-Webkit-CSP
X-LSADC-Cache
DB-Nickname
X-TIME
X-Trace-Id
OT-Force-Account-Verify
X-Nginx-Cache-Key
Retry-After
X-Cached-By
Source
X-TT-LOGID
X-Bc-Bl
SRV
X-Cache-Remote
X-Unique-Id
Cache
X-Dc
X-Platform-Server
X-Akamai-Transformed
X-Auto-Login
X-GEO
X-LAGOON
X-SRV
X-Xfnlog-Site
X-Cdn
X-EC-Lua
X-Origin-CC
X-Varnish-Hits
HostName
Upgrade-Insecure-Requests
Cache-Hits
X-Origin-TTL
X-Cache-Tags
ServedBy
X-Loop
X-Varnish-Hostname
X-App-Version
X-TNCMS
X-HTML-Minification-Powered-By
Mime-Version
X-CSRF-Token
X-Varnish-Cache-Hits
X-S-Maxage
Onion-Location
From-Origin
X-Time
X-Request-Time
X-AOL-HN
Xet-Cookie
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Webserver
Web-Mar-Node
X-Request-Host
X-Amz-Meta-S3cmd-Attrs
WP-Super-Cache
N-Cache
X-Proto
X-Xrds-Location
X-ECache
X-B3-SpanId
X-NWS-UUID-VERIFY
X-Endurance-Cache-Level
X-Tenant
X-Cache-Enabled
X-FireWall-Port
X-Handled-By
Nel
X-Correlation-ID
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-GG-Cache-Date
X-Time-Microsecs
X-Origin-Response-Time
X-V-Cache
Vix-Hermes-Req-Id
V-Age
X-Edge-Location
X-TIM-N
Surrogated-Key
User-Cache-Control
X-Ftr-Request-Id
X-Gen-Mode
X-A-Ccd
X-Forwarded-Path
X-Aed
X-Aicache-OS
X-Application
X-Hnp-Log
X-Planisys-CDN-TTL
X-A-Dam
X-A-Dcw
X-A-Wwc
X-Vdms-Path
X-A
X-Cache-Var
X-Session-Fingerprint
BehaviorPad-Version
Meta-Geo-Continent
Mobile-Detection-Method
X-SRCache-Key
X-Shop-Environment
X-Slack-Backend
DCR-Processing-Time-Ms
Expiry
Fastcgi-X-Cache-Version
Odigeo-Trace-Id
X-SD-PageType
X-S
X-Rojux
Sslversion
X-Vdms-Version
X-S-Cookie
X-ScT
Pramga
A
Redirect-Candidate
Rendered-Blocks
X-Cache-Var-Map
X-A-Dgt
X-Planisys-CDN-Cache
X-Destination
X-CF-Lambda-Version
X-Developer
X-Cluster
X-Block-Status
X-Processor
Xc-Version
X-Planisys-CDN-Rules
X-Vtex-Processado-Em
X-Cache-NE
X-Conf
X-Connection-Hash
X-ND-Cache
X-ARC
X-CF-Lambda-Fn
X-D
X-Ig-Push-State
X-Vtex-Remote-Cache
X-External-Request-Id
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-NAPM-TraceId
X-Orig-Expires
X-VG-WebCache
X-Backend-TTL
X-Epic-Correlation-Id
X-Ckpd-Fst-Backend
DCR-Decision-By
X-B-Cookie
X-Reqid
X-MP-GENERATED-AT
X-Adobe-Source
X-RCS-CacheZone
X-Magnolia-Registration
X-Mg-Request-UUID
Host-ID
X-Proxy-Upstream
X-Policy
X-Men
X-Scheme
Gh-Request-Id
X-Origin
X-Server-IP
DSUID
Fastcgi-Cache-TTL
X-Cdn-Srv
Origin
X-Location
X-GeoIP-Country-Code
Wxu-Next-Region
X-Forwarded-Site
Wxu-Next-Hostname
Wxu-Next-Commit
X-Hash
X-Gdpr
X-Mvc-Supplant-Cachable
X-Origin-Time
X-Li-Fabric
X-Fastly-Cache
X-Li-Pop
X-Accel-Expires-Debug
X-Old-Content-Length
X-Cache-Bucket
X-GeoIP-Region-Code
X-Origin-Expires
X-Cache-Info
X-NodeID
X-Rocket-Nginx-Serving-Static
X-Nyt-Route
X-Geo-Header
State
X-Request-URI
X-Cache-Date
True-Client-Country-4JS
Svr
X-Date
X-LI-UUID
X-SVT-ORM-RULES
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Arc-Country
X-Viewer-Country
X-Amzn-RequestId
X-Amz-Apigw-Id
Apple-News-Services-Host
Apple-News-Services-Handled
X-Webstats-RespID
X-Labrador-Cache-Channel
X-SVT-ORM-VERSION
X-Sucuri-ID
AKAMAI
CloudFront-Viewer-Country
X-Sucuri-Cache
X-PHP-Host
CacheControlHeader
CDCHOST
X-VG-TLSProxy
Cmstype
Cmsid
S-Rt
Environment
X-Via-NSCOPI
X-Esi-Check
X-HN
We-Hiring
X-RateLimit-Remaining-Second
X-Req
X-RateLimit-Limit-Second
X-UnsetCookies
Traceparent
X-Fetched-On
X-Rocket-Build-Number
X-Irp-Debug
X-Sn-Servicetimems
X-Platform
Web-Mar-Region
X-HS-Content-Campaign-Id
X-BBC-Edge-Cache-Status
X-VarnishDD-TTL
X-Cdn-Origin
X-GeoIP
X-Cache-Debug
X-Gzip
X-GeoIP-City
X-Gamma-Serve
X-Varnish-Beresp-Ttl
X-Core-Mission
X-Varnish-Beresp-Status
X-Cache-Id
X-CGP
X-VServer
X-Generated-On
Fastly-Drupal-Html
X-Backend-State
X-Region-Sid
Server-Host
L
X-Fastly-Backend
X-Storefront-Renderer-Rendered
L5d-Success-Class
Locid
X-Datadog-Trace-Id
Mail-Subject
Machine
HA-Ipaddr
Ha-Gx-Prefs
X-Sigma
X-Sigma-Backend
X-Skip-Cache
X-Eu-Site
X-Envoy-Decorator-Operation
X-Developers
X-Device-Os
Fastly-GeoIP-CountryCode
X-Core-Value
X-Served-From
X-TH-Server
Server-Info
X-Owner
X-Branch-Name
X-Csrf-Jwt
X-TrackingId
Ssr
X-Level-Front-Cache
Release
Req-Svc-Chain
Origin-EX
Origin-CC
X-Locale
PFcat
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Pod-Name
Magicmarker
X-Worker
X-DefHash
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
X-Qloud-Router
X-DefElseHash
X-Request-Start
Adler-Geo
Platform
X-Node-Id
X-Loc
X-Thinkindot-L3
TDXMobile
X-JWT-State
NM-Fastcgi-Cache
X-NU-AKA-ACS-Version
Fastly-SIE
X-Http-Reason
Cf-Device-Type
Fastly-SWR
X-Akamai-Request-ID2
Memcached
Is-Eu
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Tx-Id
Thinkindot-Control
X-Varnish-Remaining-TTL
X-Amzn-Remapped-Content-Length
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-ATG-Version
X-Varnish-CookieINHashed-On
X-Has-Esi
X-Is-Gdpr
X-Variation
X-Response-By
X-Varnish-CookieHashed-On
X-Ua-Device
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-VC-Cache
X-Trace-ID
X-Restarts
X-CS
X-Bip
X-Thanos
AMP-Access-Control-Allow-Source-Origin
NGX
X-Zone
X-NC
X-Mvc-Supplant-OutputCached
X-LB-ID
Kp-EeAlive
X-API-Version
X-Up
X-RPM
X-DW
X-DI
X-DB
X-LB-NoCache
X-Action
X-DSS
X-Cache-Config
X-Cache-Backend
CDN
X-Wix-Viewer-Type
X-RPS
Ms-Author-Via
X-Generated-In
Edge-Cache
Pics-Label
X-RSL
X-TraceId
Memory
Accept-Language
Time
Env
X-Tb-Optimization-Total-Bytes-Saved
Datacenter
X-Via-Popv
X-Via-Popn
X-Varnish-Ttl
X-CacheTTL
X-Optimistic-Header
X-Minions-Version
X-Via-Poph
WebServer
X-DC
X-Refresh
X-Tt-Logid
X-Edge-Pop
Candidate-Md5Url
NtCoent-Length
X-HA-Backend
X-Srv
Locale
X-Urbn-Context-Path
GeoIp-Country-Code
X-CACHE-KEY
X-Urbn-Site-Id
X-DynaTrace-JS-Agent
X-ZONE
X-Servedbyhost
X-Vc
X-MSEdge-Features
X-MSEdge-Flight
WWW-Authenticate
X-Esi
On-Server
Server-ID
X-Datadome
X-User
X-Unique-ID
X-Ec-GeoHdr
X-Ec-Fail
Esi-Enabled
X-CLOUD-TRACE-CONTEXT
X-Cs
X-Parent-Response-Time
X-Webkit-Csp-Report-Only
X-TA-CDN-Provider
X-TX-ID
X-Cache-PHP
X-Varnish-Beresp-TTL
X-VCL-Version
C-Via
X-Service
X-Newrelic-Synthetics
X-Traceid
X-LI-Proto
X-App
X-Cache-Ttl
Cdncip
X-Fpc
X-AK-Request-ID
Cdnsip
X-URL
X-Fmm-Version
X-Clara-WADP
Cluster
My-App
Test
X-LiteSpeed-Cache-Control
X-WADP-Cache
X-Li-Proto
Proxy-Connection
Tracecode
X-B3-Spanid
X-Cache-Status-Check
X-Render-Time
X-FPC
Geoip-Latitude
X-CUA
X-Var-Ttl
Cf-Int-Pingora-Origin-Digest
X-Webkit-CSP-Report-Only
X-NODE
T-Server
X-From
X-Vcl-Version
Lfy
X-Pass-Why
X-Mcache
Fastly-Drupal-HTML
Resin-Trace
Geo-Info
Lang
M-TraceId
X-Fragments
X-Dynatrace
X-VC
DataCenter
Server-Id
Target-Params
X-CSRF-TOKEN
X-ID
X-LiteSpeed-Tag
GeoIP-Country-Code
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Ha-Backend
X-Clientip
Hostname
MIME-Version
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-AIR-PT
X-Info
X-Oss-Storage-Class
UCS
HIT
Hit
X-Edge-POP
X-RAMCache
Cache-Host
X-Oss-Object-Type
X-ServedByHost
X-Provided-By
X-Dynatrace-Js-Agent
X-Geo
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Pad
X-Via-PopH
S-Cnection
Section-Io-Id
X-Via-PopN
X-Proxy-Cache-Info
Permissions-Policy
X-Httpd
X-Cdn-Forward
X-Via-PopV
Section-Origin-Responded
Producers
X-Check-Cacheable
Ohc-File-Size
X-Api-Version
X-NGINX-Cache
Servername
ENV
WZWS-RAY
X-Edge-Cache
X-HS-Status
X-Cache-CFC
Fastly-Backend-Name
X-SB
X-Fastly-Backend-Reqs
X-BBC-Origin-Response-Status
X-Ucs
X-ServerName
X-Micro-Cache
User-Agent
X-ElasticPress-Query
FSS-Cache
Load-Balancing
X-Backend-Host
X-Lb-Nocache
ServerName
X-GoCache-CacheStatus
X-Release
X-Platform-Cluster
PICS-Label
X-Platform-Processor
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Site
X-Pool
Uri
X-Udemy-Cache-App-Namespace
URI
X-Acquia-Purge-Tags
X-Platform-Router
X-UP
X-TRACE-ID
X-Swift-Error
Cteonnt-Length
Server-Ttl
X-BCube-Filmed-By
X-Cdn-Request-ID
X-RateLimit-Reset
X-APP
X-Fastly-Cache-Hits
Cdn
X-Lb-Id
X-Ec-Custom-Error
X-Nc
Cneonction
X-Scale
EpKe-Alive
Tcn
X-Dw-Trace-Id
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Server-Ext
Shield-Pop
X-B3-Parentspanid
X-Cache-ASPX
X-Snapshot-Date
Sever-Int
X-Cache-Expires
X-SIPLIST1
X-Newrelic-App-Data
X-Dispatcher-Number
Path
Ohc-Cache-HIT
Server-Hostname
X-Contensis-Viewer-Groups
X-B3-ParentSpanId
X-Vcache
Wpo-Cache-Message
MD5-Digest
Cf-Ipcountry
CF-Cached-On
IsBot
Vha6-Origin
X-Yottaa-OS
Wpo-Cache-Status
Sid
X-Air-Pt
X-Cache-Ngx
X-HostName
X-Akamai-Request-ID
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
GeoIP-Latitude
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-Authentication
X-WA-Info
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-WA
VNS-Cache
Cache-Key
CPC-Age
CPC-Cache
VNS-Age
X-Apw-Hits
X-Logging-Id
X-Http-Count
Ngx
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
X-Sentry-ID
CountryCode
X-CacheKey
X-UA
X-Akamai-Pragma-Client-IP
Req-ID
X-Last-Modified