Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
X-Akamai-Path-Stats
EagleId
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Country
Fastly-Restarts
Accept-Ch
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
RTSS
Edge-Control
X-Server-Name
X-VARITI-CCR
X-ESI
X-Amz-Server-Side-Encryption
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-D2id
X-FastCGI-Cache
X-Edge
X-RateLimit-Remaining
X-Ac
X-Ser
X-Navigation-Version
X-Element-Page-Cache
Verso
X-Sol
X-Abt-Application-Version
X-Client-IP
Display
X-Middleton-Display
Pagespeed
X-Powered-By-Plesk
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-Middleton-Response
Response
X-NF-Request-ID
X-Ttl
Access-Control-Request-Method
X-Goog-Hash
X-Content-Security-Policy-Report-Only
SPRequestDuration
SPIisLatency
X-Correlation-Id
X-Kinsta-Cache
X-Cached
AR-SID
AR-CACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Edge-Location-Klb
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
Edge-Cache-Tag
X-LLID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Upstream
X-Kraken-Loop-Name
X-NWS-LOG-UUID
X-RateLimit-Limit
X-Litespeed-Cache
X-TTL
X-Ruxit-Js-Agent
X-Forwarded-For
Nginx-Cache
X-Cache-Key
Content-MD5
X-Id
X-MSEdge-Ref
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
TCN
X-T
X-Recruiting
X-B3-TraceId-Primal
S
X-Daa-Tunnel
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Content-Digest
X-ECACHE
X-Ua-Device
X-DataDome
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Accel-Expires
X-WebKit-CSP-Report-Only
X-Grace
X-Ezoic-Cdn
X-Protected-By
X-HS-Combine-CSS
MicrosoftSharePointTeamServices
X-HS-Content-Id
MS-Author-Via
X-HS-Hub-Id
X-HS-Cache-Config
X-Ua-Browser
X-Ab
X-Content
X-DynaTrace
X-Frontend
X-Request-Received
X-Request-Processing-Time
TP-L2-Cache
TP-Cache
Server-Node
X-Yandex-Sdch-Disable
Front-End-Https
Filters
X-Server-ID
X-PressLabs-Stats
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-ORACLE-DMS-ECID
X-Webkit-Csp
X-Microsite
X-Request-Handler-Origin-Region
X-ORACLE-DMS-RID
X-LB-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
Host
X-Debug-Info
Cleartype
X-F-Cache
Cross-Origin-Opener-Policy
X-Git-Hash
X-Page-Id
X-B3-Sampled
X-Forwarded-Proto
X-DIS-Request-ID
X-Cache-Age
X-Webkit-CSP
X-Www-Served-By
Cache-Status
Access-Control-Allow-Method
X-Seen-By
Realpath
X-Ratelimit-Reset
X-Activity-Id
X-AppVersion
X-Az
ServerID
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Accept-Charset
X-Aspnetmvc-Version
X-Mcache
X-Fastly-Request-Id
X-Varnish-Age
Cache-Tags
Filterid
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Content-Options
X-Rid
X-Type
X-Language
Retry-After
X-Oracle-Dms-Ecid
X-App-Environment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FB-Debug
Server-Name
Country
X-Oracle-Dms-Rid
Node
X-Tb
X-Upgrade-Enabled
Viewport
X-Varnish-Backend
X-User-Agent
X-MCACHE
DC
X-Drupal-Cache-Tags
X-Varnish-Grace
Paypal-Debug-Id
X-Whom
X-B-Cache
X-TT
X-Signature
X-Wix-Request-Id
X-Goog-Metageneration
X-Oneagent-Js-Injection
X-Mobile-URL
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Origin-Cache
X-Goog-Storage-Class
X-GUploader-UploadID
X-Route-Name
X-Request-Guid
X-VCache
X-XRDS-LOCATION
X-B
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-NWS-UUID-VERIFY
Protected
Permissions-Policy
X-Debug
Fastcgi-Useragent
X-Amz-Replication-Status
X-N
X-Logged-In
X-Amz-Meta-S3cmd-Attrs
X-Cache-NGX
WPO-Cache-Message
Payment
WPO-Cache-Status
X-Via-JSL
X-Load-Cache
Surrogate-Key
X-Contextid
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Count-Hit
Healthy
X-Node-Name
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-FW-Dynamic
X-Template
X-FW-Hash
X-FW-Serve
X-XRDS-Location
X-FW-Type
X-FW-Static
X-FW-Server
X-Mobile
X-Original-Request-Id
X-Response-Served-From
SD-X-WS
X-Proxy
Refresh
Content-Disposition
Akamai-GRN
X-Cache-Time
X-Jobs
X-G
X-Restarts
X-Revision
Url
X-Cache-TTL-Remaining
Alternate-Protocol
X-Fastly-Request-ID
X-UUID
Uber-Trace-Id
X-Framework
X-NGENIX-Cache
X-Akamai-Request-ID2
X-Real-IP
X-Zen-Fury
X-Is-Bot
X-Drupal-Cache-Contexts
VIX-Pulpo-Node
X-Servername
X-Proxy-Cache-Status
X-Rendered-As
X-Device-Type
X-Debug-IsPreview
X-Adobe-Content
X-Adobe-Loc
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
X-Debug-IsConnected
NGB
Access-Control-Request-Headers
X-Cache-Grace
X-Instance
X-Page-View
X-Http-Reason
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Hostname
X-Mg-Request-UUID
X-Varnish-Server
X-Trace-Id
X-Midtier
X-ECache
X-IPLB-Instance
X-B3-Traceid
X-Environment-Context
X-L-Path
Version
X-Source
X-EdgeConnect-Cache-Status
Accept-Language
X-HTML-Minification-Powered-By
MS-CV
Countrycode
X-RTag
Ms-Operation-Id
X-Fastcgi-Cache
Frame-Options
From-Origin
X-Cache-Hit
X-Cache-Rule
X-Cache-Expired-At
X-Vgn-Hpd-Reason
Liferay-Portal
X-NYM-Debug-Backend
Referer-Policy
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
Backend
X-Tumblr-Pixel
X-COUNTRY
X-Datadome
X-IPS-LoggedIn
X-FW-Version
X-Nginx-Cache
Content-Secure-Policy
X-Hosted-By
X-UPSTREAM-Address
Meta-Geo
Upgrade-Insecure-Requests
X-Parallel-Accel
X-Cache-Server
X-Unique-Id
X-RN-RSRV
X-APP-VERSION
X-Redis-Cache
X-OCL
Section-Io-Cache
X-PCL
X-No-Session
X-Generation-Time
X-FB-TRIP-ID
X-Cache-Enabled
X-Ua
X-NewRelic-App-Data
S-Rt
X-Cluster-Node
Webcakes-Region
X-Format
Webcakes-App-Name
TWC-Privacy
Azure-Version
Property-Id
X-AOL-HN
X-Be
X-Akamai-Edgescape
WP-Super-Cache
Mn-Server-Ip
X-Access
X-Via-Fastly
X-Section
Azure-RegionName
Azure-InstanceId
X-Uri
TWC-GeoIP-LatLong
X-UA-Device-Type
Azure-SiteName
X-RemovedCookies
X-Server-W
X-Region
X-ProcessESI
X-PHP-Backend
TWC-Connection-Speed
Webcakes-App-Version
Azure-SlotName
X-Origin-Hint
X-Varnish-Cache-Hits
X-Request-Time
Apigw-Requestid
TWC-GeoIP-Country
TWC-Device-Class
X-Origin-Date
TWC-Locale-Group
X-Mode
CF-IPCountry
X-Content-Age
X-Generated-By
X-Forwarded-Host
X-Locale
X-PERF
X-ProxyCache-Key
X-Debug-Cache
X-Nginx-Cache-Key
X-Cache-Host
Eomportal-Instance
Cache-Tv-Group
Locale
X-ApacheServer
X-ProxyCache-Status
X-BYPASS-REASON
X-Content-Powered-By
X-Say-TTL
Fastly-SSL
X-Xfnlog-Site
X-Sql-Count
X-Sql-Duration-Ms
X-PHP-Host
X-Labrador-Cache-Channel
X-Urbn-Site-Id
X-Urbn-Context-Path
X-SayCDN-TTL
X-Sorting-Hat-ShopId
X-Site-Version
X-Status
X-Ratelimit-Remaining
X-Storage
X-Say-Cacheable
X-Human
X-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShardId
X-Proxied
X-Routing-Service
X-Backend-Name
X-ServerID
X-SaId
X-JoinUs
X-Extlb
Ec-Rule-Version
X-Cache-Action
X-Cache-Type
X-Tid
X-Detected-As
X-Hl-Ver
X-Varnishpool
X-LJ-Flow-ID
X-Platform-Server
X-VC-Cache
X-AWS-Id
X-Cms-Context
X-Cache-Tags
X-VWS-Id
X-Web-Node
X-Zipkin-Id
X-Adobe-Source
X-GG-Cache-Date
X-Handled-By
Selected-Fe
X-Timing-Wait
Load-Balancing
X-Proxy-Build
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-CachedAt
CDN-Cache
X-Edge-Location
X-Storefront-Renderer-Rendered
ServedBy
X-Dc
Webserver
X-Proto
X-App-Version
SRV
X-GeoCountry
X-GeoCode
X-LSADC-Cache
Fastly-Drupal-Html
X-CDN-Forward
Web-Mar-Node
X-Hyper-Cache
X-Rule
Onion-Location
X-Cached-By
X-Cache-Operation
X-GEO
X-TT-LOGID
Mime-Version
X-Cache-Remote
X-Varnish-Hostname
X-Rewrite-Enabled
SID
X-Soup
Cache-Hits
X-Cdn
X-Varnish-Ttl
X-Cluster
Xserver
X-Pubstack
X-Accel-Buffering
Xet-Cookie
X-Origin-TTL
X-Origin-CC
X-Varnish-Hits
X-TA-CDN-Provider
X-Reqid
X-Ratelimit-Limit
X-Envoy-Decorator-Operation
X-SRV
Country-Code
X-Magnolia-Registration
Server-Info
X-Air-Trace-Id
LB
X-Microcachable
X-Air-Hostname
X-IPLB-Request-ID
X-Air-Source
X-MP-GENERATED-AT
X-Buckets
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Decoy-Debug-Status
X-CSRF-Token
Decoy-Debug-TTL
Decoy-Debug-Key
X-Request-Host
Cache
DB-Nickname
Source
X-Newrelic-Synthetics
X-Ms-Version
X-Ms-Request-Id
X-Tt-Logid
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Endurance-Cache-Level
X-Time
X-B3-SpanId
X-Tx-Id
X-HS-Content-Campaign-Id
Xc-Version
Cdncip
Host-ID
BehaviorPad-Version
A
X-Ig-Push-State
X-NAPM-TraceId
X-Rojux
X-Via-NSCOPI
Cdnsip
X-ScT
Expiry
X-S
X-S-Cookie
X-Origin-Response-Time
Cmstype
Cmsid
DCR-Processing-Time-Ms
Lang
DCR-Decision-By
Fastcgi-X-Cache-Version
Sslversion
X-Cdn-Srv
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Conf
X-TIM-N
X-Cache-Id
X-B-Cookie
X-AK-Request-ID
X-External-Request-Id
X-Application
X-ARC
X-TrackingId
X-Tenant
X-Processor
X-Ec-GeoHdr
X-Ec-Fail
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Esi-Check
X-Session-Fingerprint
X-Developer
X-D
X-Connection-Hash
X-SRCache-Key
X-Destination
X-Shop-Environment
X-SD-PageType
X-User
X-Epic-Correlation-Id
Rendered-Blocks
X-Hash
X-VG-WebCache
X-Gzip
Pramga
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
NM-Fastcgi-Cache
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Geo-Header
Surrogated-Key
X-A-Dam
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-Aed
X-A
X-Forwarded-Path
X-Vdms-Version
T-Server
X-Orig-Expires
X-Vdms-Path
X-Ftr-Request-Id
MD5-Digest
X-A-Dcw
X-NCache
X-RCS-CacheZone
X-Bc-Bl
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Cache-Info
X-CacheTTL
X-Core-Mission
X-Device-Os
X-DPWN-IS-SECURE
X-Developers
X-DefHash
X-Core-Value
X-DefElseHash
X-Cache-Bucket
X-Amzn-Remapped-Content-Length
Memcached
Platform
Mail-Subject
Machine
Is-Eu
Producers
Server-Host
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
We-Hiring
State
X-Cache-Backend
X-Fastly-Cache
X-SVT-ORM-VERSION
X-V-Cache
X-SVT-ORM-RULES
X-Sigma-Backend
X-Server-IP
X-Sigma
X-Variation
X-Varnish-CookieHashed-On
X-WADP-Cache
X-Worker
X-Via-Ucdn
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Scheme
X-SB
X-GeoIP
X-Irp-Debug
X-Gdpr
X-Fmm-Version
X-Fetched-On
X-Mvc-Supplant-Cachable
X-Node-Id
X-Origin-Expires
X-Rocket-Build-Number
X-Origin
X-Nyt-Route
X-NodeID
Fastly-GeoIP-CountryCode
X-Origin-Time
AKAMAI
Adler-Geo
Environment
X-Skip-Cache
X-Azure-Ref
Cache-Name
X-Varnish-Beresp-Grace
X-Gamma-Serve
X-Eu-Site
X-Ec-Custom-Error
X-Gen-Mode
X-Forwarded-Site
X-GeoIP-City
X-Loc
X-Minions-Version
DynaTrace
X-Level-Front-Cache
X-LAGOON
X-HN
X-Hnp-Log
X-Httpd
X-Generated-On
X-Datadog-Trace-Id
X-Branch-Name
X-Cache-Date
Apple-News-Services-Request-Url
X-Block-Status
X-BBC-Edge-Cache-Status
X-Aicache-OS
X-Auto-Login
Apple-News-Services-Parsed-Url
X-Cdn-Origin
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
HostName
X-Csrf-Jwt
Apple-News-Services-Handled
X-CGP
Apple-News-Services-Host
X-Dispatcher-Number
X-Planisys-CDN-Rules
X-Wikidot-Backend
X-Wikidot-Static-Cache
Kp-EeAlive
X-Viewer-Country
X-VG-TLSProxy
X-Sn-Servicetimems
X-Thinkindot-L3
X-VarnishDD-TTL
X-Has-Esi
X-Is-Gdpr
Cache-Key
Candidate-Md5Url
X-BCube-Filmed-By
X-Wix-Viewer-Type
X-TNCMS
X-JWT-State
X-Loop
X-Slack-Backend
X-SIPLIST1
X-Policy
X-Pool
X-Proxy-Cache-Info
X-Pod-Name
X-Platform
X-R9-Blue-Green-Version
X-Planisys-CDN-TTL
X-Proxy-Upstream
X-Qloud-Router
X-Region-Sid
X-Request-URI
X-Served-From
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Planisys-CDN-Cache
X-Rocket-Nginx-Serving-Static
Ssr
Cluster
Svr
Req-Svc-Chain
Release
PFcat
Redirect-Candidate
TDXMobile
Thinkindot-CacheControl
Traceparent
Vix-Hermes-Req-Id
User-Cache-Control
CloudFront-Viewer-Country
Web-Mar-Region
Thinkindot-CacheControl-Type
Thinkindot-Control
Origin-EX
X-Xrds-Location
Ha-Gx-Prefs
HA-Ipaddr
CDCHOST
Gh-Request-Id
Fastly-SWR
Fastcgi-Cache-TTL
Fastly-SIE
IsBot
L
Origin
Origin-CC
N-Cache
Ohc-File-Size
L5d-Success-Class
Datacenter
V-Age
X-Cache-Status-Check
NGX
Server-Ext
Server-Hostname
DSUID
X-Scale
GEO-INFO
X-Optimistic-Header
X-Owner
Sever-Int
X-VServer
VNS-Cache
X-SplitTest
XM
VNS-Age
CPC-Cache
X-Ad-Defer-Variation
CPC-Age
X-From
X-Webstats-RespID
CDN
X-ZONE
X-WP-CF-Super-Cache-Cache-Control
X-WA-Info
X-WP-CF-Super-Cache
X-CS
X-VC
Fastly-Backend-Name
X-Location
Pics-Label
X-Refresh
X-Parent-Response-Time
X-CACHE-KEY
X-Tb-Optimization-Total-Bytes-Saved
Locid
X-Ah-Environment
X-Micro-Cache
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-AIR-PT
X-EC-Lua
Ms-Author-Via
Arc-Country
X-Men
X-Response-By
X-LB-NoCache
X-Srv
Servername
X-NC
X-Varnish-Authentication
X-Edge-Pop
Env
X-RateLimit-Reset
AMP-Access-Control-Allow-Source-Origin
Path
X-Old-Content-Length
X-Udemy-Cache-App-Namespace
X-Servedbyhost
X-Mvc-Supplant-OutputCached
X-Amz-Meta-Cb-Modifiedtime
X-Tec-Api-Origin
Lb
X-Tec-Api-Root
X-Tec-Api-Version
X-TIME
X-TraceId
Time
X-Via-Popv
X-Via-Poph
X-Via-Popn
Ngx.Var.Host
X-RPS
X-RSL
X-RPM
Cache-Host
X-DB
X-DI
Memory
X-DW
X-Generated-In
X-DSS
Ohc-Cache-HIT
X-HA-Backend
X-Akamai-Transformed
ITXSESSIONID
X-Varnish-Beresp-TTL
X-Date
X-Accel-Expires-Debug
XkeyRZ
X-Proxy-CacheRZ
X-GeoIP-Region-Code
Client
X-API-Version
GeoIp-Country-Code
X-GeoIP-Country-Code
X-S-Maxage
FSS-Cache
X-Clientip
X-VCL-Version
X-Vc
X-Cache-Debug
True-Client-IP
X-Api-Version
X-VHOST
X-Cs
X-DC
Geoip-Latitude
X-Trace-ID
Server-ID
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-Zone
Fusion-Template-Id
Fusion-Source
X-Fpc
X-Presslabs-Stats
Hostname
X-Correlation-ID
CacheControlHeader
X-FireWall-Port
True-Client-Country-4JS
X-Dmc
X-TH-Server
X-Action
Powered-By
X-MSEdge-Features
X-Backend-TTL
X-Render-Time
X-MSEdge-Flight
X-Traceid
NtCoent-Length
X-Webkit-Csp-Report-Only
X-TX-ID
X-INCAP-ABP
X-B3-Spanid
X-PX
Tcn
X-DynaTrace-JS-Agent
Test
Geo-Info
X-Req
X-Gateway-Cache-Key
Edge-Cache
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Skip-Cache
Rip
X-Service
C-Via
X-TRACE-ID
X-NGINX-Cache
X-M-Reqid
X-Pass-Why
Tube-Return
X-Qnm-Cache
Tube-Get-Contents
HIT
X-CSRF-TOKEN
X-FPC
Click-Count-Error
Esi-Enabled
My-App
Tube-Got-Results
Tube-Got-Eval
X-M-Log
X-Cdn-Request-ID
Click-Count-Action-Start
X-Origin-Upstream-Status
X-HS-Status
On-Server
X-Beluga-Node
User-Agent
X-Beluga-Cache-Status
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-Webkit-CSP-Report-Only
X-Vcl-Version
Server-Id
X-Alfa-Service
X-Provided-By
Uri
OT-Force-Account-Verify
Cf-Int-Pingora-Origin-Digest
X-Up
X-Akamai-Pragma-Client-IP
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-Proxy-Cache-Hk
Srvid
Resin-Trace
X-Ha-Backend
GeoIP-Latitude
X-Check-Cacheable
X-LB-ID
GeoIP-Country-Code
Proxy-Connection
X-URL
X-Varnish-Beresp-Ttl
Cdn
X-CLOUD-TRACE-CONTEXT
Sid
X-APP
X-Edge-Origin-Shield-Bytes
X-CCDN-CacheTTL
Epwk-X-Cache
X-CCDN-Origin-Time
X-Li-Pop
X-UnsetCookies
X-RAMCache
X-ServedByHost
MIME-Version
Srv
X-Hcs-Proxy-Type
X-LI-UUID
X-Li-Fabric
X-LI-Proto
X-Edge-Origin-Shield-Region
WebServer
X-Cdn-Forward
DataCenter
X-Geo
X-Fetch-By
X-Backend-Host
ENV
X-Time-Microsecs
X-ND-Cache
M-TraceId
WZWS-RAY
Warning
X-Esi
XServer
X-App
X-Fastly-Backend-Reqs
ServerName
X-Lb-Nocache
X-B3-Traceid-Primal
Server-Ttl
X-Edge-POP
X-CUA
Cf-Device-Type
X-HostName
X-MG-S
Fastly-Drupal-HTML
X-HITS
X-Platform-Processor
CF-Cached-On
X-Platform-Cluster
X-Platform-Router
X-Newrelic-App-Data
X-Fragments
X-ElasticPress-Query
PICS-Label
DT-Hot-News
Target-Params
X-Dw-Trace-Id
X-LiteSpeed-Cache-Control
X-Nc
Section-Io-Id
X-ATG-Version
Section-Io-Origin-Status
X-Serial
Tracecode
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Azure-Ref-OriginShield
X-Yottaa-OS
X-Request-Url
Cf-Ipcountry
X-Iplb-Instance
X-Var-Ttl
Inserted-Into-Cache-At
D-Url-Rewrites
X-Fastly-Backend
X-FC-Vary-Parameters
True-Client-Ip
X-Akamai-Request-ID
X-Bip
X-Thanos
Dt-Hot-News
X-Sucuri-ID
Lfy
X-Vcache
X-CF-Powered-By
X-Sucuri-Cache
X-Iplb-Request-Id
Cdn-Uid
Cdn-Requestid
Cdn-Requestcountrycode
Cdn-Edgestorageid
Cdn-Cache
Wp-Super-Cache
Servedby
Cdn-Pullzone
Cdn-Cachedat
X-Vercel-Cache
X-Back
CountryCode
X-Cache-Expires
X-Vercel-Id
Content-Script-Type
X-IN-APIGATEWAYSSL
X-Request-Start
X-IN-APIGATEWAY
Vha6-Origin
X-Th-Server
Cneonction
Content-Style-Type
X-Storefront-Renderer-Verified
X-Request-URL
X-Varnish-Beresp-Status
X-Release
X-BBC-Origin-Response-Status
X-Dist-Code
Fastcgi-Cache-Ttl
X-NU-AKA-ACS-Version
X-Snapshot-Date
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
Ngx