Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
X-Request-ID
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
Report-To
X-Age
X-Backend
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
NEL
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-EdgeConnect-MidMile-RTT
Rating
X-Ruxit-JS-Agent
X-Country
X-B3-TraceId
Accept-CH-Lifetime
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-PC
Allow
X-TtlSet
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-Mod-Pagespeed
X-Server-Name
X-ESI
Fastly-Restarts
X-Aws-Lambda-Call-Status
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-FastCGI-Cache
Verso
X-Element-Page-Cache
X-Upstream
X-Vcap-Request-Id
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
MS-Author-Via
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-Abt-Application-Version
X-D2id
X-Cnection
X-Px
X-Cache-TTL
RTSS
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-Navigation-Version
X-Goog-Hash
X-NF-Request-ID
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Instrumentation
X-Server-Lifecycle-Phase
X-Powered-CMS
X-Kraken-Loop-Name
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
AR-SID
X-Origin-Cache
X-Middleton-Display
X-Version
Pagespeed
X-Sol
Display
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-Kinsta-Cache
X-Edge-Location-Klb
TCN
Nginx-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-TTL
X-RateLimit-Remaining
X-Protected-By
X-T
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Id
X-Aspnetmvc-Version
X-Mg-S
Accept-Ch
S
Content-MD5
Edge-Cache-Tag
X-CST
X-Language
SPIisLatency
SPRequestDuration
Front-End-Https
X-Mid
X-DynaTrace
Fastcgi-Cache
Realpath
X-Ttl
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Recruiting
X-Frontend
Filters
Server-Name
X-MCACHE
X-Content
X-Ua-Browser
X-Ab
X-Ruxit-Js-Agent
X-Correlation-Id
X-Ser
X-Cache-Key
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-NWS-LOG-UUID
X-HS-Combine-CSS
X-Template
X-Ezoic-Cdn
X-ECACHE
X-SharePointHealthScore
SPRequestGuid
X-Hits
X-Parallel-Accel
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
Cache-Tags
X-Kong-Proxy-Latency
Alternate-Protocol
X-Kong-Upstream-Latency
X-Page-Id
X-B3-Sampled
Fusion-Component-Id
Fusion-Source
Cleartype
Host
Charset
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
X-Litespeed-Cache
X-Git-Hash
X-Www-Served-By
X-Content-Options
X-Webkit-Csp
X-Geo-Country
X-Debug-Info
X-Hostname
X-DIS-Request-ID
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Content-Digest
X-Amz-Replication-Status
X-Varnish-Age
Filterid
Cross-Origin-Opener-Policy
X-Ratelimit-Limit
X-FB-Debug
X-Accel-Expires
X-Grace
X-VCache
X-Upgrade-Enabled
X-Az
X-AppVersion
X-Activity-Id
X-N
X-F-Cache
X-Forwarded-Proto
X-Origin-Server
X-Rid
ServerID
X-Nginx-Upstream-Cache-Status
Access-Control-Allow-Method
X-Mobile-URL
X-Fastly-Request-Id
X-Aspnet-Duration-Ms
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-Flags
X-Providence-Cookie
TP-L2-Cache
TP-Cache
X-Server-ID
X-LB-Cache
X-Type
X-Whom
X-TT
Viewport
X-Varnish-Grace
X-Goog-Stored-Content-Length
X-Seen-By
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-App-Environment
X-Goog-Metageneration
X-Goog-Generation
X-Tb
Payment
X-WebKit-CSP-Report-Only
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
Node
X-FW-Static
X-Distributor
X-FW-Type
X-DataDome
Paypal-Debug-Id
X-User-Agent
DC
X-XRDS-LOCATION
X-App-Server
X-Fastly-Request-ID
Accept-Charset
Country
Fastcgi-Useragent
X-Wix-Request-Id
X-NGENIX-Cache
X-Cache-Control
X-Cache-Rule
X-Fastcgi-Cache
X-Origin-Upstream-Status
Version
X-Via-JSL
Referer-Policy
X-Drupal-Cache-Tags
X-Microsite
X-Request-Handler-Origin-Region
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cluster-Name
Amp-Access-Control-Allow-Source-Origin
X-Contextid
X-Logged-In
X-Cache-Age
X-Buckets
X-Tec-Api-Root
X-Tec-Api-Origin
X-Signature
X-Ratelimit-Reset
X-B-Cache
X-Tec-Api-Version
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Refresh
X-Browser-Type
Cache-Status
X-Original-Request-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Node-Name
SD-X-WS
X-Response-Served-From
X-Page-View
X-Cache-Expired-At
X-Load-Cache
X-Real-IP
X-Is-Bot
X-Varnish-Backend
X-Mobile
X-Rendered-As
X-Vgn-Hpd-Reason
X-B
Access-Control-Request-Headers
NGB
X-Debug
X-Proxy-Cache-Status
X-IPLB-Instance
X-Cacheable-TTL
X-Jobs
X-Revision
X-Device-Type
X-Instance
X-Cache-Action
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Proxy
Akamai-GRN
X-Drupal-Cache-Contexts
X-ProcessESI
X-UUID
X-RemovedCookies
Surrogate-Key
X-Cache-Time
X-Rule
X-Framework
X-G
X-Debug-IsPreview
X-FW-Version
X-Debug-IsConnected
CF-IPCountry
SID
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Presslabs-Stats
GEO-INFO
DynaTrace
X-Accel-Buffering
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Azure-Ref
X-Oneagent-Js-Injection
X-Nginx-Cache
X-Cache-NGX
Count-Hit
Liferay-Portal
X-Source
X-Ms-Version
X-Ms-Request-Id
Uber-Trace-Id
X-Cache-Operation
X-XRDS-Location
X-PressLabs-Stats
Frame-Options
X-CDN-Forward
X-Zen-Fury
X-EdgeConnect-Cache-Status
X-APP-VERSION
Ms-Operation-Id
MS-CV
Healthy
X-RTag
X-RateLimit-Limit
X-Cache-Hit
Protected
X-L-Path
X-Mode
Xserver
X-Environment-Context
Countrycode
X-Backend-Name
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Ec-Rule-Version
X-Varnish-Server
X-Cache-TTL-Remaining
LB
X-Ratelimit-Remaining
X-Hyper-Cache
Backend
X-Region
X-Tid
Meta-Geo
X-UPSTREAM-Address
X-Servername
X-Content-Age
X-Adobe-Loc
X-Detected-As
X-SaId
X-Adobe-Content
X-JoinUs
X-Rewrite-Enabled
X-Forwarded-Host
X-RN-RSRV
X-Shopify-Stage
X-Hosted-By
X-Extlb
Section-Io-Cache
Apigw-Requestid
WPO-Cache-Status
X-Alternate-Cache-Key
X-Cache-Server
X-Debug-Cache
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Format
X-Sql-Count
X-Sql-Duration-Ms
X-Redis-Cache
X-Uri
X-Zipkin-Id
WPO-Cache-Message
X-Sorting-Hat-ShopId
Country-Code
X-Proxied
X-Routing-Service
X-Cache-Grace
X-FB-TRIP-ID
X-Status
X-Access
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Eomportal-Instance
Mn-Server-Ip
Cache-Name
X-ApacheServer
Content-Disposition
Url
X-Site-Version
X-Generation-Time
X-No-Session
X-Section
X-PERF
X-Origin-Date
X-ServerID
X-Via-Fastly
X-NCache
X-Human
X-PHP-Backend
X-Varnish-Beresp-Grace
X-Microcachable
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
TWC-GeoIP-Country
X-PCL
Webcakes-App-Name
CDN-Uid
Property-Id
X-UA-Device-Type
CDN-Cache
X-Say-TTL
X-Timing-Wait
Webcakes-Region
TWC-Connection-Speed
X-SayCDN-TTL
Selected-Fe
TWC-Device-Class
CDN-EdgeStorageId
X-NYM-Debug-Backend
X-Cluster-Node
X-OCL
X-Cache-Type
X-ProxyCache-Key
X-Pubstack
X-Storage
X-Say-Cacheable
Fastly-SSL
CDN-RequestId
X-Cache-Host
X-ProxyCache-Status
X-Server-W
CDN-CachedAt
X-Origin-Hint
X-Akamai-Edgescape
X-BYPASS-REASON
CDN-RequestCountryCode
CDN-PullZone
X-Proxy-Build
TWC-Privacy
X-Content-Powered-By
X-Varnishpool
X-Soup
X-Be
X-NewRelic-App-Data
Cache-Tv-Group
X-Web-Node
X-Generated-By
Azure-SiteName
Azure-RegionName
X-R9-Blue-Green-Version
Azure-SlotName
Azure-InstanceId
X-Hl-Ver
Azure-Version
Content-Secure-Policy
DB-Nickname
X-LSADC-Cache
X-Webkit-CSP
X-TIME
X-Azure-Ref-OriginShield
X-Trace-Id
OT-Force-Account-Verify
X-Ua
X-Nginx-Cache-Key
Retry-After
X-Cached-By
X-TT-LOGID
Source
X-Bc-Bl
X-Unique-Id
SRV
Cache
X-Cache-Remote
X-Auto-Login
X-Dc
X-Platform-Server
X-Akamai-Transformed
X-GEO
X-SRV
X-LAGOON
X-Xfnlog-Site
X-Cdn
X-Varnish-Hits
HostName
ServedBy
Cache-Hits
X-EC-Lua
X-Origin-TTL
X-Cache-Tags
X-Origin-CC
Upgrade-Insecure-Requests
X-TNCMS
X-Varnish-Hostname
X-App-Version
Mime-Version
X-HTML-Minification-Powered-By
X-Loop
X-S-Maxage
X-CSRF-Token
X-Varnish-Cache-Hits
X-Time
From-Origin
X-Request-Time
X-AOL-HN
Onion-Location
Xet-Cookie
X-Request-Host
X-Tumblr-Pixel-2
WP-Super-Cache
Web-Mar-Node
X-Amz-Meta-S3cmd-Attrs
Webserver
X-Tumblr-Pixel-3
X-Xrds-Location
X-ECache
N-Cache
X-Proto
X-B3-SpanId
X-FireWall-Port
X-Cache-Enabled
X-NWS-UUID-VERIFY
X-Tenant
X-AWS-Id
Nel
X-VWS-Id
X-LJ-Flow-ID
X-Handled-By
X-Correlation-ID
Ms-Author-Via
X-Time-Microsecs
X-Origin-Response-Time
X-Endurance-Cache-Level
X-GG-Cache-Date
X-Vdms-Path
X-Application
X-Aicache-OS
X-Vdms-Version
X-B-Cookie
X-ARC
X-Block-Status
X-Ckpd-Fst-Backend
X-Cache-Var-Map
X-SRCache-Key
X-Slack-Backend
X-Cluster
X-Cache-Var
X-CF-Lambda-Fn
X-Aed
X-V-Cache
X-TIM-N
X-Cache-NE
X-Backend-TTL
X-A-Dgt
Redirect-Candidate
Pramga
Rendered-Blocks
Sslversion
A
Odigeo-Trace-Id
BehaviorPad-Version
Expiry
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Mobile-Detection-Method
Surrogated-Key
User-Cache-Control
X-A-Dam
X-Vtex-Processado-Em
X-VG-WebCache
X-A-Dcw
X-Conf
X-A-Ccd
X-Vtex-Remote-Cache
V-Age
Vix-Hermes-Req-Id
X-A
Xc-Version
X-A-Wwc
X-CF-Lambda-Version
X-Planisys-CDN-TTL
X-ScT
X-Processor
X-Gen-Mode
X-Ftr-Request-Id
X-Forwarded-Path
X-Planisys-CDN-Rules
X-S-Cookie
X-S
X-ND-Cache
X-NAPM-TraceId
X-Ig-Push-State
DCR-Decision-By
X-Hnp-Log
X-Rojux
X-Planisys-CDN-Cache
X-SD-PageType
X-Shop-Environment
X-D
X-Destination
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Edge-Location
X-Developer
X-Epic-Correlation-Id
X-External-Request-Id
X-Connection-Hash
X-Session-Fingerprint
X-Orig-Expires
X-RCS-CacheZone
X-Adobe-Source
X-MP-GENERATED-AT
X-Magnolia-Registration
Svr
Origin
True-Client-Country-4JS
X-Men
X-Mvc-Supplant-Cachable
Gh-Request-Id
X-Policy
X-Proxy-Upstream
DSUID
X-NodeID
Fastcgi-Cache-TTL
X-Origin-Expires
X-Old-Content-Length
State
X-Viewer-Country
X-Fastly-Cache
X-Cache-Bucket
X-Forwarded-Site
X-Server-IP
X-GeoIP-Country-Code
X-Cache-Info
X-Cdn-Srv
X-Date
X-SVT-ORM-RULES
X-Origin
X-SVT-ORM-VERSION
X-GeoIP-Region-Code
X-Scheme
X-Request-URI
X-Li-Pop
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Webstats-RespID
X-Rocket-Nginx-Serving-Static
X-VG-TLSProxy
X-Hash
X-Accel-Expires-Debug
X-Li-Fabric
X-LI-UUID
X-Cache-Date
X-Reqid
AKAMAI
CacheControlHeader
Arc-Country
Apple-News-Services-Parsed-Url
X-PHP-Host
X-Labrador-Cache-Channel
CDCHOST
Apple-News-Services-Request-Url
Cmsid
Apple-News-Services-Host
Cmstype
Apple-News-Services-Handled
CloudFront-Viewer-Country
X-Via-NSCOPI
Environment
X-Mg-Request-UUID
X-Device-Os
X-Envoy-Decorator-Operation
X-Eu-Site
X-Geo-Header
X-Gamma-Serve
X-Fetched-On
X-Fastly-Backend
X-Gdpr
X-Esi-Check
X-Csrf-Jwt
X-Branch-Name
Fastly-Drupal-Html
X-BBC-Edge-Cache-Status
S-Rt
Web-Mar-Region
X-Backend-State
X-Cache-Debug
X-Cache-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Core-Mission
X-Cdn-Origin
X-CGP
X-Developers
X-Irp-Debug
X-Storefront-Renderer-Rendered
X-Sucuri-Cache
X-Sucuri-ID
X-Sn-Servicetimems
X-Skip-Cache
X-Sigma
X-Sigma-Backend
X-TH-Server
X-TrackingId
X-Amz-Apigw-Id
X-VServer
X-VarnishDD-TTL
X-Varnish-Beresp-Status
X-UnsetCookies
X-Amzn-RequestId
X-Served-From
X-Rocket-Build-Number
We-Hiring
X-Locale
X-HN
X-Gzip
X-GeoIP-City
X-Varnish-Beresp-Ttl
X-Location
X-Nyt-Route
X-Region-Sid
X-Req
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Origin-Time
X-Owner
X-GeoIP
X-Platform
Locid
PFcat
L5d-Success-Class
Host-ID
HA-Ipaddr
Machine
Mail-Subject
Traceparent
Origin-CC
Origin-EX
Server-Info
Release
L
Ha-Gx-Prefs
Req-Svc-Chain
Fastly-GeoIP-CountryCode
Ssr
X-DefElseHash
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-Level-Front-Cache
X-JWT-State
Adler-Geo
X-DefHash
X-DPWN-IS-SECURE
X-Loc
X-Generated-On
Platform
X-FC-Vary-Parameters
Server-Host
X-Has-Esi
Memcached
X-Variation
Fastly-SIE
X-Http-Reason
Fastly-SWR
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Magicmarker
Cf-Device-Type
X-Varnish-Remaining-TTL
X-Akamai-Request-ID2
X-Response-By
X-Pod-Name
NM-Fastcgi-Cache
X-NU-AKA-ACS-Version
X-Qloud-Router
X-Core-Value
X-Request-Start
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Node-Id
Is-Eu
X-Tx-Id
X-ATG-Version
X-Trace-ID
X-VC-Cache
X-Qnm-Cache
X-Ua-Device
X-M-Reqid
X-M-Log
X-Worker
X-Restarts
Thinkindot-Control
TDXMobile
X-Thinkindot-L3
X-CS
X-Amzn-Remapped-Content-Length
Thinkindot-CacheControl-Type
AMP-Access-Control-Allow-Source-Origin
X-Thanos
X-Bip
NGX
Thinkindot-CacheControl
X-Zone
Kp-EeAlive
X-NC
X-LB-ID
X-Mvc-Supplant-OutputCached
X-Up
CDN
X-API-Version
X-Wix-Viewer-Type
X-DW
Edge-Cache
X-Cache-Config
X-LB-NoCache
X-Cache-Backend
X-RPM
X-RPS
X-Action
X-DB
X-DSS
X-DI
Pics-Label
X-Generated-In
X-RSL
X-TraceId
Memory
Accept-Language
Time
Env
Datacenter
X-Tb-Optimization-Total-Bytes-Saved
X-DC
WebServer
X-Minions-Version
X-Refresh
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-Optimistic-Header
X-CacheTTL
X-Varnish-Ttl
X-Tt-Logid
NtCoent-Length
X-Edge-Pop
X-HA-Backend
Candidate-Md5Url
X-Cache-Ttl
X-Srv
Locale
X-CACHE-KEY
X-Urbn-Context-Path
GeoIp-Country-Code
X-Urbn-Site-Id
X-ZONE
X-DynaTrace-JS-Agent
X-Servedbyhost
X-Esi
On-Server
X-Vc
X-MSEdge-Features
WWW-Authenticate
X-MSEdge-Flight
Server-ID
X-Datadome
X-User
X-Ec-Fail
X-Ec-GeoHdr
Esi-Enabled
X-Unique-ID
X-Cs
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-TA-CDN-Provider
X-TX-ID
X-Cache-PHP
X-Varnish-Beresp-TTL
C-Via
X-Service
X-VCL-Version
X-Webkit-CSP-Report-Only
X-Newrelic-Synthetics
Cdncip
Cdnsip
X-AK-Request-ID
X-Fpc
X-App
X-Traceid
X-LI-Proto
X-URL
Cluster
X-Clara-WADP
X-WADP-Cache
X-Li-Proto
X-Webkit-Csp-Report-Only
My-App
X-LiteSpeed-Cache-Control
X-Fmm-Version
Test
Proxy-Connection
X-Cache-Status-Check
Tracecode
X-Var-Ttl
X-CUA
X-FPC
X-B3-Spanid
X-Render-Time
Geoip-Latitude
X-NODE
Cf-Int-Pingora-Origin-Digest
X-From
Lfy
X-Vcl-Version
T-Server
X-Mcache
X-Pass-Why
Fastly-Drupal-HTML
X-Fragments
M-TraceId
Resin-Trace
Geo-Info
Lang
X-VC
DataCenter
X-Dynatrace
Server-Id
Target-Params
X-CSRF-TOKEN
X-Ha-Backend
X-WP-CF-Super-Cache-Cache-Control
X-LiteSpeed-Tag
X-Clientip
GeoIP-Country-Code
X-WP-CF-Super-Cache
X-ID
Hostname
MIME-Version
X-AIR-PT
HIT
X-Oss-Request-Id
X-Edge-POP
X-RAMCache
Hit
X-Oss-Object-Type
X-ServedByHost
X-Info
X-Oss-Server-Time
X-Oss-Storage-Class
Cache-Host
UCS
X-Oss-Hash-Crc64ecma
X-Dynatrace-Js-Agent
X-Geo
X-Provided-By
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
S-Cnection
X-Via-PopN
X-Via-PopV
X-Pad
X-Via-PopH
Permissions-Policy
X-Httpd
Section-Origin-Responded
Section-Io-Id
X-Cdn-Forward
X-Proxy-Cache-Info
X-RateLimit-Reset
Servername
X-Api-Version
Producers
WZWS-RAY
Ohc-File-Size
X-Check-Cacheable
X-Edge-Cache
X-NGINX-Cache
ENV
X-Fastly-Backend-Reqs
X-Ucs
X-Cache-CFC
X-HS-Status
X-ElasticPress-Query
X-BBC-Origin-Response-Status
X-ServerName
FSS-Cache
User-Agent
X-SB
X-Micro-Cache
Fastly-Backend-Name
Load-Balancing
X-UP
X-Platform-Processor
X-GoCache-CacheStatus
X-Platform-Cluster
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-Trace
X-Pool
X-Backend-Host
PICS-Label
X-Platform-Router
ServerName
Uri
X-Lb-Nocache
URI
X-Udemy-Cache-App-Namespace
X-Release
X-TRACE-ID
X-Cdn-Request-ID
Cteonnt-Length
X-Swift-Error
EpKe-Alive
X-Ec-Custom-Error
X-BCube-Filmed-By
X-Fastly-Cache-Hits
X-APP
X-Lb-Id
X-Scale
Tcn
X-Nc
Cdn
Server-Ttl
Cneonction
X-Dw-Trace-Id
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Newrelic-App-Data
X-SIPLIST1
X-Dispatcher-Number
Sever-Int
X-B3-ParentSpanId
X-Snapshot-Date
X-UA
X-Contensis-Viewer-Groups
Server-Hostname
Server-Ext
Path
X-Yottaa-OS
IsBot
MD5-Digest
Vha6-Origin
CF-Cached-On
X-Cache-Expires
Cf-Ipcountry
X-Vcache
X-B3-Parentspanid
Wpo-Cache-Status
X-Cache-ASPX
Ohc-Cache-HIT
Shield-Pop
Wpo-Cache-Message
X-Air-Pt
X-Cache-Ngx
X-HostName
Sid
GeoIP-Latitude
X-Akamai-Request-ID
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Shopify-Generated-Cart-Token
Cache-Key
X-Varnish-Authentication
X-WA-Info
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-WA
CPC-Cache
VNS-Age
X-Amz-Meta-Cb-Modifiedtime
CPC-Age
VNS-Cache
X-Apw-Hits
X-Logging-Id
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
Ngx
X-Sentry-ID
X-CacheKey
X-Akamai-Pragma-Client-IP
Req-ID
CountryCode
X-Last-Modified