Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
Report-To
X-UA-Device
X-Age
X-Proxy-Cache
X-Backend
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
NEL
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-B3-TraceId
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Country
X-Cloud-Trace-Context
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-TtlSet
Allow
X-PC
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Server-Name
X-ESI
Fastly-Restarts
X-Aws-Lambda-Call-Status
Cache-Tag
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-Vcap-Request-Id
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Px
RTSS
X-Navigation-Version
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Origin-Cache
AR-Request-ID
AR-CACHE
AR-SID
AR-ATIME
X-Powered-CMS
AR-PoweredBy
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Version
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-Edge-Location-Klb
X-Kinsta-Cache
X-SRCache-Fetch-Status
Nginx-Cache
X-SRCache-Store-Status
Accept-Ch
X-Edge
X-TTL
X-RateLimit-Remaining
Mrf-Cache-Status
TCN
MRF-Tech
X-B3-TraceId-Primal
X-Protected-By
X-T
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Content-MD5
S
X-Aspnetmvc-Version
Edge-Cache-Tag
X-CST
SPRequestDuration
SPIisLatency
Fastcgi-Cache
X-Language
X-Mid
X-Ruxit-Js-Agent
Front-End-Https
Realpath
X-Recruiting
X-Request-Received
X-Request-Processing-Time
X-Ttl
Filters
X-DynaTrace
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Server-Node
X-MCACHE
X-Frontend
Server-Name
X-Ab
X-Ua-Browser
X-Content
X-Correlation-Id
X-Ser
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-NWS-LOG-UUID
X-ECACHE
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Cache-Key
SPRequestGuid
X-Ezoic-Cdn
X-SharePointHealthScore
X-Template
X-Hits
X-Parallel-Accel
Alternate-Protocol
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cache-Tags
MicrosoftSharePointTeamServices
X-Page-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Cleartype
Host
X-B3-Sampled
Charset
X-Git-Hash
X-Www-Served-By
X-Content-Options
X-Geo-Country
X-Debug-Info
X-Daa-Tunnel
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Ratelimit-Limit
X-Fastly-Request-Id
X-Content-Digest
X-Hostname
X-Amz-Replication-Status
X-Varnish-Age
Filterid
X-Activity-Id
X-AppVersion
X-Az
X-Accel-Expires
X-VCache
X-Upgrade-Enabled
X-FB-Debug
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Grace
X-WebKit-CSP-Report-Only
X-N
X-F-Cache
X-Rid
X-Origin-Server
ServerID
Access-Control-Allow-Method
X-Nginx-Upstream-Cache-Status
TP-L2-Cache
TP-Cache
X-Mobile-URL
X-LB-Cache
X-Providence-Cookie
X-Request-Guid
X-XRDS-LOCATION
X-Route-Name
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Whom
X-TT
X-Seen-By
X-Varnish-Grace
Viewport
X-Type
X-App-Environment
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-Tb
X-FW-Server
X-FW-Static
Node
X-FW-Serve
X-FW-Dynamic
X-FW-Type
X-Distributor
X-FW-Hash
Payment
Paypal-Debug-Id
X-Server-ID
DC
X-User-Agent
X-App-Server
X-DataDome
Fastcgi-Useragent
X-Wix-Request-Id
Accept-Charset
Country
X-Oneagent-Js-Injection
X-NGENIX-Cache
X-Cache-Control
X-Cache-Rule
X-Origin-Upstream-Status
X-Litespeed-Cache
X-Ratelimit-Reset
X-Fastcgi-Cache
Version
X-Request-Handler-Origin-Region
X-Microsite
X-Via-JSL
X-Logged-In
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Drupal-Cache-Tags
Referer-Policy
X-Fastly-Request-ID
X-Cluster-Name
X-Webkit-Csp
X-Cache-Age
X-Signature
X-B-Cache
X-Webkit-CSP
X-Browser-Type
Refresh
X-Contextid
X-Erf-Bev-Bev
Cache-Status
X-Buckets
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
X-Load-Cache
SD-X-WS
Amp-Access-Control-Allow-Source-Origin
X-Response-Served-From
VIX-Pulpo-Upstream-Status
X-Node-Name
VIX-Pulpo-Node
X-Original-Request-Id
X-Cache-Expired-At
X-Real-IP
X-Mobile
X-Vgn-Hpd-Reason
X-Is-Bot
X-Rendered-As
X-Page-View
X-IPLB-Instance
Access-Control-Request-Headers
NGB
X-Debug
X-Cacheable-TTL
X-Jobs
X-B
X-Proxy-Cache-Status
X-Yottaa-Metrics
X-Proxy
X-Yottaa-Optimizations
X-Device-Type
X-ProcessESI
X-Revision
X-UUID
X-Rule
X-Instance
X-RemovedCookies
Akamai-GRN
X-Cache-Action
Surrogate-Key
X-Drupal-Cache-Contexts
X-Framework
X-Debug-IsPreview
X-Cache-Time
X-Debug-IsConnected
X-FW-Version
X-G
CF-IPCountry
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
DynaTrace
X-Azure-Ref
X-XRDS-Location
SID
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Presslabs-Stats
X-Accel-Buffering
GEO-INFO
Liferay-Portal
X-Source
X-PressLabs-Stats
X-Ms-Version
X-Ms-Request-Id
Count-Hit
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Uber-Trace-Id
X-Cache-Operation
X-Nginx-Cache
X-Cache-NGX
Frame-Options
X-APP-VERSION
Healthy
Ms-Operation-Id
X-RTag
X-CDN-Forward
MS-CV
X-EdgeConnect-Cache-Status
X-Zen-Fury
X-Cache-Hit
Protected
Xserver
Countrycode
X-Tumblr-User
X-Backend-Name
X-Tumblr-Pixel
X-L-Path
X-Environment-Context
X-Tumblr-Pixel-0
X-Mode
X-Tumblr-Pixel-1
X-Varnish-Server
Ec-Rule-Version
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Cache-TTL-Remaining
X-Forwarded-Host
X-Region
X-Servername
X-Hyper-Cache
Backend
X-Rewrite-Enabled
X-RN-RSRV
X-SaId
X-Detected-As
X-Tid
X-UPSTREAM-Address
X-RateLimit-Limit
Meta-Geo
X-Adobe-Loc
X-JoinUs
X-Adobe-Content
Eomportal-Instance
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Apigw-Requestid
LB
X-Cache-Grace
X-Content-Age
Country-Code
Section-Io-Cache
X-Debug-Cache
X-Ratelimit-Remaining
X-Routing-Service
X-Hosted-By
X-Sql-Duration-Ms
X-Shopify-Stage
X-Zipkin-Id
X-ShardId
X-ShopId
X-Uri
X-Sorting-Hat-ShopId
X-Sql-Count
X-Sorting-Hat-PodId
X-Proxied
X-Alternate-Cache-Key
X-Cache-Server
X-Extlb
X-Content-Powered-By
X-Redis-Cache
X-Generation-Time
X-PERF
X-NCache
X-Origin-Date
X-Via-Fastly
X-No-Session
X-PHP-Backend
X-Human
X-FB-TRIP-ID
X-ApacheServer
X-Format
Mn-Server-Ip
X-Status
Fastly-SSL
X-Varnish-Beresp-Grace
Cache-Name
X-Site-Version
X-ServerID
Url
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Akamai-Edgescape
X-BYPASS-REASON
X-Cluster-Node
X-Cache-Type
TWC-Privacy
TWC-Locale-Group
Selected-Fe
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Section
X-PCL
X-Pubstack
X-ProxyCache-Status
X-Server-W
X-Storage
X-UA-Device-Type
X-Timing-Wait
X-ProxyCache-Key
X-Proxy-Build
X-NewRelic-App-Data
X-OCL
X-Microcachable
X-NYM-Debug-Backend
X-Access
X-Origin-Hint
Cache-Tv-Group
X-Cache-Host
Content-Disposition
X-Trace-Id
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-Hl-Ver
X-Say-TTL
X-Varnishpool
X-Web-Node
X-R9-Blue-Green-Version
X-Say-Cacheable
CDN-PullZone
X-SayCDN-TTL
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
X-TIME
Azure-InstanceId
X-Azure-Ref-OriginShield
X-Soup
X-Generated-By
Azure-RegionName
X-Be
Azure-Version
Content-Secure-Policy
Azure-SiteName
Azure-SlotName
DB-Nickname
X-Ua
X-LSADC-Cache
WPO-Cache-Message
WPO-Cache-Status
OT-Force-Account-Verify
X-Nginx-Cache-Key
X-Dc
X-Cached-By
Retry-After
SRV
Source
X-Bc-Bl
Cache
X-Unique-Id
X-SRV
X-TT-LOGID
X-LAGOON
X-Auto-Login
X-Platform-Server
X-Cache-Remote
X-Xfnlog-Site
X-GEO
Cache-Hits
X-Akamai-Transformed
X-Varnish-Hits
X-Loop
X-TNCMS
X-HTML-Minification-Powered-By
X-Cache-Tags
X-Origin-TTL
ServedBy
X-Varnish-Hostname
X-Origin-CC
X-Cdn
X-App-Version
Mime-Version
Onion-Location
X-S-Maxage
Upgrade-Insecure-Requests
HostName
X-Varnish-Cache-Hits
X-Amz-Meta-S3cmd-Attrs
From-Origin
X-Request-Time
Xet-Cookie
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-CSRF-Token
X-AOL-HN
Webserver
Web-Mar-Node
X-Time
X-Request-Host
X-Proto
WP-Super-Cache
X-EC-Lua
X-B3-SpanId
N-Cache
X-Endurance-Cache-Level
X-Tenant
X-NWS-UUID-VERIFY
X-AWS-Id
X-Cache-Enabled
X-LJ-Flow-ID
X-FireWall-Port
X-ECache
X-VWS-Id
X-Time-Microsecs
X-Handled-By
X-GG-Cache-Date
X-Edge-Location
X-Cache-Var
X-Origin-Response-Time
X-Cache-Var-Map
Surrogated-Key
Sslversion
User-Cache-Control
DCR-Decision-By
BehaviorPad-Version
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Expiry
A
Meta-Geo-Continent
Mobile-Detection-Method
Pramga
Odigeo-Trace-Id
Redirect-Candidate
X-Developer
X-Processor
X-Planisys-CDN-TTL
X-Rojux
X-S
X-S-Cookie
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-ND-Cache
X-NAPM-TraceId
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-ScT
X-SD-PageType
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Path
X-V-Cache
X-Shop-Environment
X-Session-Fingerprint
X-Slack-Backend
X-SRCache-Key
X-TIM-N
X-Ig-Push-State
X-Hnp-Log
X-Aicache-OS
X-Aed
X-Application
X-ARC
X-B-Cookie
X-A-Wwc
X-A-Dgt
X-A
Vix-Hermes-Req-Id
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Block-Status
X-Cache-NE
X-External-Request-Id
X-Destination
X-Forwarded-Path
X-Ftr-Request-Id
X-Gen-Mode
X-D
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Ckpd-Fst-Backend
X-Cluster
X-Conf
V-Age
Rendered-Blocks
X-Mg-Request-UUID
Nel
X-Correlation-ID
X-Via-NSCOPI
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-MP-GENERATED-AT
X-Adobe-Source
X-RCS-CacheZone
X-Magnolia-Registration
X-Reqid
CloudFront-Viewer-Country
X-PHP-Host
X-Amz-Apigw-Id
True-Client-Country-4JS
Svr
X-Scheme
State
Wxu-Next-Commit
X-Nyt-Route
Wxu-Next-Region
X-Server-IP
X-Old-Content-Length
Origin
Fastcgi-Cache-TTL
X-Sucuri-ID
X-SVT-ORM-RULES
DSUID
X-Sucuri-Cache
Gh-Request-Id
X-Origin-Expires
X-Origin-Time
Host-ID
X-Request-URI
X-NodeID
X-LI-UUID
X-Fastly-Cache
X-Location
X-Forwarded-Site
X-Gdpr
X-Li-Pop
X-Hash
X-Geo-Header
X-Date
X-Men
X-Cache-Bucket
X-Accel-Expires-Debug
X-Mvc-Supplant-Cachable
X-Cache-Date
X-Cdn-Srv
X-Policy
X-Proxy-Upstream
X-SVT-ORM-VERSION
X-Li-Fabric
Wxu-Next-Hostname
CDCHOST
X-Epic-Correlation-Id
Arc-Country
X-Viewer-Country
X-Webstats-RespID
Cmsid
AKAMAI
CacheControlHeader
X-Backend-TTL
Cmstype
Environment
X-Core-Value
AMP-Access-Control-Allow-Source-Origin
X-CGP
X-Core-Mission
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Cdn-Origin
X-VarnishDD-TTL
X-Csrf-Jwt
X-Branch-Name
X-Req
X-Region-Sid
X-Request-Start
Web-Mar-Region
We-Hiring
X-Backend-State
X-Developers
X-Cache-Id
X-Cache-Debug
Server-Info
X-Varnish-Beresp-Status
X-RateLimit-Limit-Second
X-Fastly-Backend
X-Level-Front-Cache
X-VServer
X-Irp-Debug
X-Origin
X-HS-Content-Campaign-Id
Apple-News-Services-Host
X-Locale
Fastly-Drupal-Html
X-VG-TLSProxy
Apple-News-Services-Handled
X-Cache-Info
X-Rocket-Nginx-Serving-Static
X-HN
X-Gzip
X-Served-From
X-Fetched-On
X-Eu-Site
X-Esi-Check
X-Envoy-Decorator-Operation
Apple-News-Services-Parsed-Url
X-Platform
X-GeoIP-City
X-GeoIP
X-Generated-On
X-Gamma-Serve
X-Device-Os
X-RateLimit-Remaining-Second
X-Storefront-Renderer-Rendered
X-Sn-Servicetimems
Origin-CC
Server-Host
Machine
L5d-Success-Class
Locid
Origin-EX
PFcat
Release
X-GeoIP-Country-Code
Apple-News-Services-Request-Url
X-Skip-Cache
Ssr
X-UnsetCookies
X-TrackingId
L
Mail-Subject
X-TH-Server
Ha-Gx-Prefs
X-GeoIP-Region-Code
HA-Ipaddr
Traceparent
S-Rt
X-NU-AKA-ACS-Version
X-DefHash
X-DefElseHash
X-Node-Id
X-M-Reqid
X-VC-Cache
X-Varnish-Remaining-TTL
X-Sigma
X-Owner
Cf-Device-Type
Platform
X-DPWN-IS-SECURE
X-Rocket-Build-Number
Memcached
X-Has-Esi
X-JWT-State
X-Is-Gdpr
NM-Fastcgi-Cache
X-FC-Vary-Parameters
Fastly-SIE
Is-Eu
X-Pod-Name
X-Thinkindot-L3
Fastly-SWR
X-BBC-Edge-Cache-Status
X-M-Log
X-Response-By
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Qloud-Router
TDXMobile
Thinkindot-CacheControl
X-Variation
Req-Svc-Chain
X-Varnish-Beresp-Ttl
X-Rebelmouse-Cache-Control
X-Amzn-Remapped-Content-Length
Adler-Geo
X-ATG-Version
X-Varnish-CookieINHashed-On
X-Rebelmouse-Surrogate-Control
X-Worker
Fastly-GeoIP-CountryCode
X-Sigma-Backend
X-Varnish-CookieHashed-On
X-Qnm-Cache
X-Xrds-Location
NGX
X-Tx-Id
X-Loc
X-Http-Reason
X-Mvc-Supplant-OutputCached
X-Thanos
Magicmarker
X-Akamai-Request-ID2
X-Zone
X-Bip
X-Ua-Device
X-CS
X-API-Version
X-TraceId
X-Up
X-NC
X-Restarts
X-CLOUD-TRACE-CONTEXT
X-LB-ID
Kp-EeAlive
X-Cache-Config
X-Generated-In
Pics-Label
CDN
X-Cache-Backend
X-RPS
X-Wix-Viewer-Type
X-CACHE-KEY
Ms-Author-Via
X-LB-NoCache
X-DI
Memory
X-RPM
Edge-Cache
X-DB
X-Action
X-DSS
X-Trace-ID
X-DW
Time
X-RSL
X-Tb-Optimization-Total-Bytes-Saved
Datacenter
X-Tt-Logid
X-Optimistic-Header
Accept-Language
Env
X-Edge-Pop
X-Refresh
X-Via-Popv
X-Via-Poph
Candidate-Md5Url
X-Via-Popn
NtCoent-Length
GeoIp-Country-Code
WebServer
X-CacheTTL
X-Varnish-Ttl
X-Minions-Version
X-Datadome
X-Vc
X-DynaTrace-JS-Agent
X-Srv
X-Urbn-Site-Id
On-Server
X-DC
X-Urbn-Context-Path
WWW-Authenticate
X-HA-Backend
Locale
X-ZONE
X-Servedbyhost
Esi-Enabled
X-MSEdge-Features
Server-ID
X-Cs
X-MSEdge-Flight
X-Esi
X-Parent-Response-Time
X-Ec-GeoHdr
X-User
X-Ec-Fail
X-TX-ID
X-Unique-ID
X-Varnish-Beresp-TTL
C-Via
X-Service
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-VCL-Version
X-Cache-PHP
X-AK-Request-ID
X-Fpc
X-Cache-Ttl
X-App
X-LI-Proto
X-Li-Proto
Cdncip
Cdnsip
X-URL
X-Dynatrace
X-Fmm-Version
Geoip-Latitude
X-WADP-Cache
X-Webkit-Csp-Report-Only
X-Cache-Status-Check
X-Clara-WADP
Test
Cluster
X-Render-Time
X-FPC
My-App
X-Traceid
X-LiteSpeed-Cache-Control
X-B3-Spanid
Tracecode
X-Vcl-Version
Geo-Info
X-CUA
X-Var-Ttl
X-NODE
Cf-Int-Pingora-Origin-Digest
X-Webkit-CSP-Report-Only
Proxy-Connection
X-Pass-Why
T-Server
Lfy
X-From
X-Mcache
Fastly-Drupal-HTML
Server-Id
M-TraceId
X-Fragments
Lang
Resin-Trace
X-CSRF-TOKEN
DataCenter
X-Clientip
X-Ha-Backend
X-LiteSpeed-Tag
Hostname
Target-Params
X-Info
X-AIR-PT
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Geo
X-Oss-Hash-Crc64ecma
X-ServedByHost
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
UCS
X-ID
HIT
Cache-Host
X-VC
X-COUNTRY
MIME-Version
Hit
S-Cnection
X-Pad
X-Via-PopV
X-Via-PopN
X-Via-PopH
GeoIP-Country-Code
X-NGINX-Cache
X-RAMCache
X-Dynatrace-Js-Agent
X-Provided-By
X-Proxy-Cache-Info
Tcn
Section-Io-Origin-Status
ENV
Ohc-File-Size
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Httpd
X-Edge-POP
X-Cdn-Forward
Section-Io-Id
Permissions-Policy
X-HS-Status
User-Agent
Producers
X-Edge-Cache
WZWS-RAY
Fastly-Backend-Name
X-Micro-Cache
Servername
X-Check-Cacheable
X-Api-Version
X-ElasticPress-Query
Load-Balancing
X-Backend-Host
FSS-Cache
X-BBC-Origin-Response-Status
X-Release
X-Cache-CFC
X-Fastly-Backend-Reqs
X-Ucs
X-SB
X-ServerName
X-HostName
X-Acquia-Application-Trace
X-Acquia-Site
X-GoCache-CacheStatus
X-UP
X-Acquia-Purge-Tags
X-Lb-Id
X-Acquia-Application-UUID
X-Platform-Router
X-BCube-Filmed-By
X-Udemy-Cache-App-Namespace
X-Lb-Nocache
ServerName
X-Pool
X-APP
Wpo-Cache-Message
Wpo-Cache-Status
X-Platform-Processor
PICS-Label
X-Platform-Cluster
Uri
URI
X-TRACE-ID
Sid
X-Swift-Error
Cteonnt-Length
X-RateLimit-Reset
Cdn
X-Scale
Server-Ttl
Ohc-Cache-HIT
Cneonction
EpKe-Alive
X-Fastly-Cache-Hits
X-Nc
X-Ec-Custom-Error
X-Cdn-Request-ID
X-Dw-Trace-Id
X-Cache-Expires
X-Dispatcher-Number
X-B3-Parentspanid
X-SIPLIST1
MD5-Digest
X-Akamai-ERPolicy
X-Akamai-ERRuleID
IsBot
Server-Ext
Server-Hostname
Sever-Int
X-Apw-Access-Token
Shield-Pop
Path
X-Cache-ASPX
X-Contensis-Viewer-Groups
CPC-Cache
X-Snapshot-Date
VNS-Age
VNS-Cache
X-Apw-Hits
X-Apw-Access-Object
X-Amz-Meta-Cb-Modifiedtime
X-WA
X-WA-Info
X-Yottaa-OS
CPC-Age
X-Vcache
X-Apw-Access-Action
Cf-Ipcountry
CF-Cached-On
Vha6-Origin
X-Newrelic-App-Data
X-B3-ParentSpanId
Cache-Key
X-Litespeed-Cache-Control
Lb
X-Air-Pt
X-Cache-Ngx
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Wikidot-Static-Cache
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
X-Akamai-Pragma-Client-IP
Req-ID
X-Sentry-ID
CountryCode
X-Te-Duration-Ms
X-UA
Ngx
X-Wikidot-Backend
X-ES-SERVER
X-Last-Modified
X-Varnish-Authentication
X-CacheKey
X-Logging-Id
X-Akamai-Request-ID