Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Request-ID
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-UA-Device
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
X-Ruxit-JS-Agent
Accept-CH-Lifetime
X-B3-TraceId
X-Country
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-TtlSet
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Server-Name
X-ESI
X-FastCGI-Cache
Fastly-Restarts
Cache-Tag
X-Aws-Lambda-Call-Status
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
RTSS
X-Navigation-Version
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-NF-Request-ID
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Px
X-Goog-Hash
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Origin-Cache
AR-SID
X-Powered-CMS
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
X-Version
Display
X-Middleton-Display
Pagespeed
X-Sol
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
Accept-Ch
X-LLID
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
Nginx-Cache
TCN
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Protected-By
X-TTL
X-RateLimit-Remaining
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-T
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
Content-MD5
S
Edge-Cache-Tag
X-Language
Fastcgi-Cache
X-Mid
SPRequestDuration
SPIisLatency
Front-End-Https
Realpath
X-Ttl
X-CST
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Filters
X-DynaTrace
Server-Node
X-MCACHE
X-Frontend
Server-Name
X-Content
X-Ab
X-Ua-Browser
X-Ruxit-Js-Agent
X-Correlation-Id
X-Ser
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-NWS-LOG-UUID
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-ECACHE
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Template
X-Cache-Key
X-Hits
X-Parallel-Accel
Alternate-Protocol
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Kong-Proxy-Latency
Cache-Tags
X-Kong-Upstream-Latency
X-Page-Id
MicrosoftSharePointTeamServices
X-Content-Options
Charset
X-B3-Sampled
Host
Cleartype
X-Www-Served-By
X-Git-Hash
X-Fastly-Request-Id
X-Ratelimit-Limit
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Amzn-Trace-Id
X-Daa-Tunnel
X-Hostname
X-Amz-Replication-Status
X-Content-Digest
X-Varnish-Age
Filterid
X-AppVersion
X-Az
X-Activity-Id
X-Upgrade-Enabled
X-FB-Debug
X-VCache
X-Accel-Expires
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-Grace
X-Origin-Server
X-Nginx-Upstream-Cache-Status
X-Rid
X-N
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
TP-L2-Cache
X-F-Cache
TP-Cache
ServerID
X-Mobile-URL
X-Route-Name
X-Is-Crawler
X-LB-Cache
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Request-Guid
X-Server-ID
X-Whom
X-TT
X-Seen-By
X-App-Environment
X-Varnish-Grace
Viewport
X-Type
X-Tb
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-FW-Static
Payment
X-XRDS-LOCATION
X-FW-Type
X-FW-Serve
X-FW-Dynamic
X-Distributor
Node
X-FW-Server
X-FW-Hash
DC
Paypal-Debug-Id
X-User-Agent
X-App-Server
X-DataDome
Fastcgi-Useragent
X-Wix-Request-Id
Country
Accept-Charset
X-NGENIX-Cache
X-Cache-Control
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Cache-Rule
Version
X-Logged-In
X-Webkit-CSP
X-Via-JSL
Referer-Policy
X-Request-Handler-Origin-Region
X-Microsite
X-Drupal-Cache-Tags
X-Ratelimit-Reset
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Version
X-Cache-Age
X-Tec-Api-Root
X-Tec-Api-Origin
Refresh
X-B-Cache
X-Signature
X-Cluster-Name
X-Buckets
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Varnish-Backend
Cache-Status
X-Load-Cache
X-Contextid
X-Original-Request-Id
X-Response-Served-From
X-Node-Name
VIX-Pulpo-Upstream-Status
SD-X-WS
VIX-Pulpo-Node
X-Fastly-Request-ID
X-Real-IP
X-Page-View
X-Cache-Expired-At
X-Mobile
X-Rendered-As
X-Is-Bot
X-Vgn-Hpd-Reason
X-B
Access-Control-Request-Headers
X-Jobs
X-Fastcgi-Cache
X-Proxy-Cache-Status
NGB
X-Cacheable-TTL
X-Debug
X-UUID
X-Rule
X-RemovedCookies
X-Yottaa-Optimizations
X-Device-Type
X-Revision
X-Instance
X-IPLB-Instance
X-Proxy
X-ProcessESI
X-Yottaa-Metrics
X-Drupal-Cache-Contexts
X-Cache-Action
Akamai-GRN
Surrogate-Key
X-Cache-Time
X-Framework
X-Debug-IsConnected
X-Debug-IsPreview
X-Air-Trace-Id
X-Air-Source
X-FW-Version
X-G
X-Air-Hostname
CF-IPCountry
SID
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Presslabs-Stats
DynaTrace
GEO-INFO
X-Azure-Ref
X-Ua-Device
X-TEC-API-ORIGIN
Liferay-Portal
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Accel-Buffering
X-Oneagent-Js-Injection
X-Ms-Version
X-Ms-Request-Id
X-Source
X-APP-VERSION
Count-Hit
Uber-Trace-Id
X-PressLabs-Stats
X-XRDS-Location
Frame-Options
X-Nginx-Cache
X-Cache-Operation
Ms-Operation-Id
X-RTag
X-CDN-Forward
MS-CV
X-Cache-NGX
Healthy
X-EdgeConnect-Cache-Status
X-Zen-Fury
Xserver
X-Cache-Hit
Countrycode
X-Environment-Context
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Mode
X-Varnish-Server
X-L-Path
X-Tumblr-Pixel
X-Backend-Name
Ec-Rule-Version
Protected
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Ratelimit-Remaining
X-Servername
X-Region
X-Forwarded-Host
X-Cache-TTL-Remaining
X-SaId
X-Detected-As
X-JoinUs
X-UPSTREAM-Address
X-Tid
Backend
X-Rewrite-Enabled
X-RN-RSRV
Meta-Geo
X-Debug-Cache
X-Sql-Duration-Ms
X-Zipkin-Id
X-Sorting-Hat-PodId
X-Hyper-Cache
X-Extlb
LB
X-Cache-Server
X-Adobe-Content
X-Uri
X-Adobe-Loc
X-Content-Powered-By
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShopId
Decoy-Debug-Key
Country-Code
Apigw-Requestid
X-Sql-Count
WPO-Cache-Status
WPO-Cache-Message
Decoy-Debug-Status
Decoy-Debug-TTL
X-Proxied
X-Sorting-Hat-ShopId
X-Cache-Grace
X-Hosted-By
X-Generation-Time
X-ShardId
Eomportal-Instance
X-Content-Age
X-Routing-Service
X-Redis-Cache
Mn-Server-Ip
X-FB-TRIP-ID
X-Origin-Date
X-No-Session
X-ApacheServer
X-Site-Version
Cache-Name
Fastly-SSL
X-NCache
Url
X-ServerID
X-Human
X-PHP-Backend
X-Status
X-Format
X-TIME
X-Via-Fastly
X-Varnish-Beresp-Grace
X-PERF
Section-Io-Cache
X-NewRelic-App-Data
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
X-OCL
X-Microcachable
Property-Id
Selected-Fe
TWC-Connection-Speed
TWC-GeoIP-Country
X-PCL
X-ProxyCache-Status
X-Pubstack
X-ProxyCache-Key
X-Proxy-Build
X-Origin-Hint
X-NYM-Debug-Backend
X-Cluster-Node
X-Server-W
X-Akamai-Edgescape
Cache-Tv-Group
X-Section
X-BYPASS-REASON
X-Cache-Type
X-Cache-Host
Webcakes-Region
TWC-Device-Class
X-Access
X-Timing-Wait
X-UA-Device-Type
X-Storage
CDN-Cache
X-Varnishpool
X-Say-Cacheable
Content-Disposition
X-Say-TTL
X-Hl-Ver
X-SayCDN-TTL
X-Web-Node
X-R9-Blue-Green-Version
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
CDN-Uid
CDN-CachedAt
CDN-RequestId
X-Be
X-Azure-Ref-OriginShield
DB-Nickname
Azure-InstanceId
Azure-SlotName
X-Generated-By
Azure-SiteName
Azure-RegionName
Azure-Version
X-Soup
Content-Secure-Policy
X-Ua
X-Webkit-Csp
X-Trace-Id
X-LSADC-Cache
OT-Force-Account-Verify
X-RateLimit-Limit
X-Cached-By
X-Nginx-Cache-Key
SRV
X-Dc
Source
X-SRV
X-Bc-Bl
Retry-After
Cache
X-Unique-Id
X-LAGOON
X-Auto-Login
X-Cache-Remote
X-Platform-Server
X-GEO
X-TT-LOGID
X-Cdn
Cache-Hits
Mime-Version
X-Varnish-Hits
X-Akamai-Transformed
Xet-Cookie
X-Xfnlog-Site
X-Loop
X-Origin-TTL
X-HTML-Minification-Powered-By
X-TNCMS
X-Varnish-Hostname
X-Origin-CC
X-Cache-Tags
X-S-Maxage
ServedBy
Onion-Location
X-Varnish-Cache-Hits
X-Amz-Meta-S3cmd-Attrs
Upgrade-Insecure-Requests
HostName
X-Tumblr-Pixel-2
X-Request-Time
X-Tumblr-Pixel-3
Web-Mar-Node
X-EC-Lua
X-App-Version
X-Proto
X-AOL-HN
From-Origin
X-CSRF-Token
Webserver
X-Request-Host
WP-Super-Cache
N-Cache
X-Xrds-Location
X-ECache
X-Tenant
X-Endurance-Cache-Level
X-AWS-Id
X-Cache-Var
X-VWS-Id
X-Time
X-LJ-Flow-ID
X-FireWall-Port
X-Cache-Var-Map
X-Correlation-ID
X-Time-Microsecs
X-GG-Cache-Date
X-Cache-Enabled
Nel
X-Origin-Response-Time
X-B3-SpanId
X-NWS-UUID-VERIFY
X-Handled-By
X-Edge-Location
X-Aed
X-Aicache-OS
Expiry
X-A-Wwc
X-A-Dgt
Odigeo-Trace-Id
X-Cache-NE
Mobile-Detection-Method
Meta-Geo-Continent
X-Block-Status
X-B-Cookie
Pramga
X-Application
X-ARC
X-A-Dcw
X-A-Dam
User-Cache-Control
BehaviorPad-Version
Surrogated-Key
Sslversion
DCR-Decision-By
Rendered-Blocks
V-Age
Vix-Hermes-Req-Id
A
DCR-Processing-Time-Ms
X-A-Ccd
Fastcgi-X-Cache-Version
X-A
Redirect-Candidate
X-Destination
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-Shop-Environment
X-S-Cookie
X-S
X-Planisys-CDN-TTL
X-Processor
X-Rojux
X-Slack-Backend
X-SRCache-Key
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-TIM-N
X-V-Cache
X-Vdms-Path
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-D
X-Developer
X-External-Request-Id
X-Connection-Hash
X-Conf
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cluster
X-Mg-Request-UUID
X-Ftr-Request-Id
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-ND-Cache
X-NAPM-TraceId
X-Gen-Mode
X-Hnp-Log
X-Ig-Push-State
X-CF-Lambda-Fn
X-Forwarded-Path
X-Via-NSCOPI
X-PHP-Host
X-Amzn-RequestId
CloudFront-Viewer-Country
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-MP-GENERATED-AT
X-Origin-Expires
X-Nyt-Route
X-Men
X-Mvc-Supplant-Cachable
X-NodeID
X-Origin-Time
X-Old-Content-Length
X-Owner
X-Request-URI
DSUID
X-Scheme
Fastly-Drupal-Html
Fastcgi-Cache-TTL
X-RCS-CacheZone
X-Policy
X-Proxy-Upstream
Gh-Request-Id
X-Location
X-Li-Fabric
Wxu-Next-Hostname
Wxu-Next-Commit
X-Date
Wxu-Next-Region
X-Cdn-Srv
X-Accel-Expires-Debug
X-Cache-Bucket
X-Cache-Date
True-Client-Country-4JS
X-Fastly-Cache
X-Hash
Origin
X-Li-Pop
X-Geo-Header
X-Gdpr
Svr
State
X-Forwarded-Site
X-LI-UUID
Host-ID
X-Webstats-RespID
Arc-Country
X-Backend-TTL
X-Magnolia-Registration
X-Epic-Correlation-Id
X-Viewer-Country
X-Sucuri-Cache
X-Adobe-Source
X-SVT-ORM-VERSION
X-Reqid
X-SVT-ORM-RULES
X-Sucuri-ID
CacheControlHeader
AKAMAI
X-Server-IP
Cmstype
CDCHOST
Cmsid
X-Zone
Environment
X-M-Reqid
X-Device-Os
X-Cache-Info
X-Developers
X-Envoy-Decorator-Operation
X-Eu-Site
X-VServer
X-Fetched-On
X-M-Log
X-Fastly-Backend
X-Datadog-Trace-Id
X-Esi-Check
X-Datadog-Parent-Id
Apple-News-Services-Host
X-Csrf-Jwt
X-Cache-Debug
X-Core-Mission
X-CGP
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Cache-Id
X-Cdn-Origin
X-Bip
X-Branch-Name
X-Datadog-Sampling-Priority
X-GeoIP-City
X-Rocket-Nginx-Serving-Static
X-Backend-State
X-Platform
X-Skip-Cache
X-VG-TLSProxy
X-Storefront-Renderer-Rendered
X-Sn-Servicetimems
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Request-Start
X-Served-From
X-Req
X-GeoIP-Country-Code
X-Region-Sid
X-Origin
X-Locale
X-TH-Server
X-UnsetCookies
X-GeoIP
X-Generated-On
X-Varnish-Beresp-Status
X-VarnishDD-TTL
X-Gamma-Serve
X-GeoIP-Region-Code
X-Gzip
X-Level-Front-Cache
X-Thanos
X-Irp-Debug
X-HS-Content-Campaign-Id
X-TrackingId
X-HN
X-Qnm-Cache
X-Core-Value
Server-Host
Origin-EX
Release
HA-Ipaddr
We-Hiring
Web-Mar-Region
Ssr
Ha-Gx-Prefs
Origin-CC
Server-Info
PFcat
Traceparent
L
Mail-Subject
L5d-Success-Class
Locid
Machine
Cf-Device-Type
X-Response-By
X-Tx-Id
X-FC-Vary-Parameters
Thinkindot-Control
Adler-Geo
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Has-Esi
X-Rocket-Build-Number
X-VC-Cache
X-Is-Gdpr
X-NU-AKA-ACS-Version
X-Node-Id
X-Amzn-Remapped-Content-Length
Memcached
X-Sigma-Backend
Is-Eu
X-Sigma
X-Pod-Name
NM-Fastcgi-Cache
X-DPWN-IS-SECURE
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-JWT-State
Fastly-SIE
X-Qloud-Router
Fastly-SWR
Platform
TDXMobile
X-Worker
X-Varnish-CookieHashed-On
Req-Svc-Chain
X-Varnish-CookieINHashed-On
X-ATG-Version
X-BBC-Edge-Cache-Status
S-Rt
X-Varnish-Remaining-TTL
X-Thinkindot-L3
X-Variation
Fastly-GeoIP-CountryCode
X-DefHash
X-DefElseHash
X-Varnish-Beresp-Ttl
X-Mvc-Supplant-OutputCached
X-Loc
X-CS
X-CLOUD-TRACE-CONTEXT
AMP-Access-Control-Allow-Source-Origin
NGX
Magicmarker
X-NC
X-Restarts
X-Akamai-Request-ID2
X-API-Version
X-Http-Reason
X-Up
X-Cache-Config
X-TraceId
X-LB-ID
X-CACHE-KEY
X-Trace-ID
Kp-EeAlive
X-Generated-In
X-Tt-Logid
Ms-Author-Via
Pics-Label
CDN
Datacenter
X-RSL
X-RPM
X-RPS
X-DI
X-DSS
Edge-Cache
Memory
X-DW
X-DB
Env
X-Wix-Viewer-Type
Time
X-Action
X-LB-NoCache
X-Cache-Backend
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Ttl
X-Edge-Pop
WebServer
Accept-Language
Candidate-Md5Url
X-Optimistic-Header
X-Refresh
X-Datadome
X-Vc
X-Via-Popv
GeoIp-Country-Code
X-Via-Popn
X-Minions-Version
X-Via-Poph
X-DynaTrace-JS-Agent
X-DC
WWW-Authenticate
On-Server
X-CacheTTL
X-Servedbyhost
Esi-Enabled
X-Esi
X-HA-Backend
X-Parent-Response-Time
Locale
X-Urbn-Site-Id
X-Srv
X-Urbn-Context-Path
X-MSEdge-Flight
Server-ID
X-MSEdge-Features
X-Unique-ID
X-Newrelic-Synthetics
X-Varnish-Beresp-TTL
X-Cs
X-User
X-Service
X-Ec-Fail
X-Ec-GeoHdr
C-Via
X-TX-ID
X-TA-CDN-Provider
X-ZONE
X-VCL-Version
X-Cache-PHP
X-LI-Proto
X-Cache-Ttl
X-App
X-Fpc
X-URL
X-Dynatrace
X-Render-Time
Cdnsip
X-AK-Request-ID
X-Webkit-Csp-Report-Only
Test
X-Cache-Status-Check
X-Li-Proto
Cdncip
X-Traceid
X-LiteSpeed-Cache-Control
X-Pass-Why
Geoip-Latitude
X-Clara-WADP
X-B3-Spanid
X-WADP-Cache
X-Fmm-Version
X-FPC
Cluster
My-App
X-Webkit-CSP-Report-Only
Proxy-Connection
X-NODE
Tracecode
Resin-Trace
X-Vcl-Version
X-CUA
X-Var-Ttl
X-Mcache
M-TraceId
Lfy
T-Server
Server-Id
X-From
X-CSRF-TOKEN
Geo-Info
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
X-Fragments
X-Clientip
Hostname
X-Ha-Backend
X-LiteSpeed-Tag
Lang
X-Info
X-AIR-PT
Target-Params
X-Oss-Server-Time
DataCenter
HIT
X-Oss-Object-Type
Cache-Host
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-ID
X-Oss-Storage-Class
UCS
X-COUNTRY
X-Pad
X-Via-PopH
Hit
GeoIP-Country-Code
S-Cnection
X-Via-PopN
X-Via-PopV
X-NGINX-Cache
X-RAMCache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-ServedByHost
X-VC
X-Geo
X-Dynatrace-Js-Agent
MIME-Version
Tcn
Ohc-File-Size
X-Edge-POP
X-Cdn-Forward
X-PX
X-Httpd
X-Check-Cacheable
X-Proxy-Cache-Info
X-Provided-By
ENV
Fastly-Backend-Name
X-Edge-Cache
User-Agent
Permissions-Policy
X-Api-Version
Section-Io-Id
X-Micro-Cache
Section-Io-Origin-Status
Section-Origin-Responded
Load-Balancing
X-ElasticPress-Query
Section-Io-Origin-Time-Seconds
Producers
X-ServerName
X-Backend-Host
X-HS-Status
X-Ucs
X-Release
X-BBC-Origin-Response-Status
X-Fastly-Backend-Reqs
Servername
WZWS-RAY
X-HostName
ServerName
X-Lb-Id
X-UP
Uri
URI
PICS-Label
FSS-Cache
X-GoCache-CacheStatus
X-Cache-CFC
X-BCube-Filmed-By
X-APP
X-Lb-Nocache
X-SB
X-TRACE-ID
Ohc-Cache-HIT
X-Swift-Error
X-Platform-Cluster
X-RateLimit-Reset
X-Platform-Router
X-Platform-Processor
Cdn
EpKe-Alive
X-Fastly-Cache-Hits
X-Udemy-Cache-App-Namespace
X-Pool
Cneonction
X-Nc
Server-Ttl
X-Cdn-Request-ID
Cteonnt-Length
X-Dw-Trace-Id
X-WA
X-Akamai-ERRuleID
X-Scale
X-Akamai-ERPolicy
X-WA-Info
X-Acquia-Site
X-Akamai-Request-ID
X-Acquia-Application-Trace
X-Ec-Custom-Error
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
CPC-Age
VNS-Age
CF-Cached-On
Vha6-Origin
Cf-Ipcountry
X-Contensis-Viewer-Groups
X-Snapshot-Date
VNS-Cache
X-B3-ParentSpanId
X-Apw-Hits
X-Yottaa-OS
X-Apw-Access-Token
X-Apw-Access-Object
X-Amz-Meta-Cb-Modifiedtime
X-Apw-Access-Action
X-Cache-ASPX
Path
Cache-Key
Shield-Pop
X-Newrelic-App-Data
CPC-Cache
X-Vcache
Lb
Sid
X-Air-Pt
X-Cache-Ngx
X-Wikidot-Backend
X-Logging-Id
X-Sentry-ID
X-IN-APIGATEWAYSSL
X-SIPLIST1
X-IN-APIGATEWAY
X-Dispatcher-Number
IsBot
X-Cache-Expires
X-Shopify-Generated-Cart-Token
X-CacheKey
CountryCode
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
X-Varnish-Authentication
X-Last-Modified
X-UA
X-Wikidot-Static-Cache
X-Akamai-Pragma-Client-IP
Req-ID
Ngx
X-ES-SERVER