Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
P3p
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
Status
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Akamai-Path-Stats
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
Host-Header
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
X-CST
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Url
X-Ruxit-JS-Agent
Accept-Ch
X-Country
Accept-Ch-Lifetime
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-Vname
X-TtlSet
X-PC
RTSS
X-Varnish-TTL
X-Amz-Server-Side-Encryption
Edge-Control
X-VARITI-CCR
X-FastCGI-Cache
X-Server-Name
X-ESI
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Edge
X-Cdn-Fetch
X-Dw-Request-Base-Id
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Use-Magma
X-Px
X-Amz-Rid
X-ASPNET-VERSION
Public-Key-Pins
X-B3-TraceId
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Ac
X-Powered-By-Plesk
Verso
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Abt-Application-Version
X-RateLimit-Remaining
X-Element-Page-Cache
X-Client-IP
X-Content-Security-Policy-Report-Only
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Ttl
X-Litespeed-Cache
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Middleton-Response
Response
X-Goog-Hash
SPRequestDuration
Access-Control-Request-Method
SPIisLatency
X-Cached
X-Kinsta-Cache
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
AR-SID
AR-CACHE
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Powered-CMS
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Upstream
X-LLID
Edge-Cache-Tag
X-Forwarded-For
X-TTL
X-Correlation-Id
X-NWS-LOG-UUID
Content-MD5
Nginx-Cache
X-Cache-Key
X-Id
X-WebKit-CSP-Report-Only
X-RateLimit-Limit
X-Shield-Request-Id
X-MSEdge-Ref
TCN
X-TEC-API-ORIGIN
MRF-Tech
Mrf-Cache-Status
X-Recruiting
X-TEC-API-ROOT
X-TEC-API-VERSION
X-T
S
X-ECACHE
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Ruxit-Js-Agent
X-Content-Digest
X-Mg-S
X-DataDome
X-HP-Webp
X-Jurisdiction
X-SRCache-Store-Status
X-HP-Trace-Id
X-SRCache-Fetch-Status
X-Ua-Device
X-Grace
TP-Cache
X-Accel-Expires
TP-L2-Cache
X-DynaTrace
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Frontend
X-Request-Received
MicrosoftSharePointTeamServices
X-Request-Processing-Time
Server-Node
X-Yandex-Sdch-Disable
Front-End-Https
X-Ezoic-Cdn
X-Ab
Filters
X-Ua-Browser
X-Content
X-Protected-By
X-PressLabs-Stats
X-Mcache
X-Origin-Server
X-Distributor
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Hits
MS-Author-Via
Fastcgi-Cache
X-Geo-Country
X-LB-Cache
X-Request-Handler-Origin-Region
X-Mid
X-Microsite
X-Tt-Trace-Tag
Charset
X-Tt-Trace-Host
X-Amzn-Trace-Id
Host
Cleartype
X-Webkit-Csp
X-Debug-Info
X-F-Cache
X-Fastly-Request-Id
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-Git-Hash
X-Page-Id
X-B3-Sampled
Cache-Status
X-Cache-Age
X-Seen-By
Realpath
X-Activity-Id
X-AppVersion
X-Az
X-DIS-Request-ID
Access-Control-Allow-Method
X-Ratelimit-Reset
Accept-Charset
X-Www-Served-By
X-Webkit-CSP
X-Nginx-Upstream-Cache-Status
ServerID
X-Server-ID
Filterid
Permissions-Policy
X-Varnish-Age
Cache-Tags
X-Pinterest-Rid
Pinterest-Version
X-Aspnetmvc-Version
Pinterest-Generated-By
X-Cluster-Name
X-Rid
X-Content-Options
X-Type
X-FB-Debug
Retry-After
X-Varnish-Backend
Server-Name
Country
X-Varnish-Grace
Viewport
X-App-Environment
X-User-Agent
X-B-Cache
X-Signature
X-Providence-Cookie
X-Route-Name
X-Tb
X-Request-Guid
DC
Paypal-Debug-Id
X-Drupal-Cache-Tags
X-Is-Crawler
X-Wix-Request-Id
X-Flags
X-Aspnet-Duration-Ms
X-Amz-Meta-S3cmd-Attrs
X-TT
X-Whom
X-B
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-VCache
X-Goog-Generation
X-Language
Node
X-GUploader-UploadID
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Fastcgi-Useragent
X-Origin-Cache
X-XRDS-LOCATION
X-Debug
X-Mobile-URL
Protected
X-NWS-UUID-VERIFY
X-Midtier
X-N
X-Amz-Replication-Status
X-Cache-NGX
Payment
X-Logged-In
X-Load-Cache
Amp-Access-Control-Allow-Source-Origin
Surrogate-Key
WPO-Cache-Message
WPO-Cache-Status
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cache-Control
Count-Hit
X-Contextid
X-Via-JSL
X-MCACHE
X-Node-Name
Healthy
Alternate-Protocol
X-ECache
X-Restarts
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-B3-Traceid
X-Browser-Type
Content-Disposition
X-Proxy
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Type
X-FW-Dynamic
X-NGENIX-Cache
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
Refresh
X-Cache-Time
Akamai-GRN
Url
X-G
X-XRDS-Location
X-Jobs
X-Zen-Fury
X-Adobe-Loc
X-Akamai-Request-ID2
X-Adobe-Content
X-UUID
Uber-Trace-Id
X-Revision
X-Servername
X-Page-View
X-Cache-TTL-Remaining
X-Real-IP
X-Drupal-Cache-Contexts
VIX-Pulpo-Node
X-Framework
X-Is-Bot
X-Rendered-As
X-Http-Reason
VIX-Pulpo-Upstream-Status
X-Mg-Request-UUID
X-Debug-IsConnected
X-Debug-IsPreview
X-Cache-Grace
X-Instance
X-Cacheable-TTL
Access-Control-Request-Headers
X-Varnish-Server
X-Yottaa-Metrics
X-Device-Type
X-Proxy-Cache-Status
X-Template
X-Yottaa-Optimizations
NGB
X-IPLB-Instance
X-Environment-Context
X-Hostname
X-L-Path
X-EdgeConnect-Cache-Status
X-HTML-Minification-Powered-By
X-Source
Version
Frame-Options
Accept-Language
Ms-Operation-Id
MS-CV
X-RTag
Countrycode
Referer-Policy
Liferay-Portal
X-Oneagent-Js-Injection
X-Trace-Id
X-NYM-Debug-Backend
X-Fastly-Request-ID
X-Datadome
X-Cache-Rule
X-Cache-Hit
X-Cache-Expired-At
X-App-Server
X-Ratelimit-Remaining
From-Origin
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel-0
X-Vgn-Hpd-Reason
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Backend
X-IPS-LoggedIn
X-Hosted-By
X-Nginx-Cache
X-Unique-Id
X-APP-VERSION
X-FW-Version
Content-Secure-Policy
X-COUNTRY
X-RemovedCookies
Meta-Geo
X-Cache-Server
Load-Balancing
X-Ratelimit-Limit
Section-Io-Cache
X-Status
X-RN-RSRV
Upgrade-Insecure-Requests
X-UPSTREAM-Address
WP-Super-Cache
X-ProcessESI
CF-IPCountry
X-Ua
X-FB-TRIP-ID
X-Generation-Time
X-OCL
X-No-Session
X-PCL
X-Access
Apigw-Requestid
X-Be
Webcakes-Region
X-AOL-HN
Fastly-SSL
X-Origin-Date
X-Akamai-Edgescape
Webcakes-App-Version
X-Varnish-Cache-Hits
X-AWS-Id
X-Request-Time
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
X-Server-W
TWC-Privacy
X-Sql-Duration-Ms
X-Section
X-Sql-Count
X-Region
TWC-Device-Class
Property-Id
X-UA-Device-Type
X-Labrador-Cache-Channel
X-Format
Mn-Server-Ip
X-Cluster-Node
X-Origin-Hint
X-PHP-Backend
X-Redis-Cache
X-LJ-Flow-ID
X-VWS-Id
S-Rt
X-PHP-Host
X-Cache-Enabled
TWC-Connection-Speed
X-Content-Age
X-Mode
X-Cache-Host
X-BYPASS-REASON
X-Cache-Tags
X-Generated-By
X-Human
X-ApacheServer
X-Content-Powered-By
Locale
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Locale
Eomportal-Instance
X-Adobe-Source
X-PERF
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Uri
X-Via-Fastly
X-VC-Cache
X-Xfnlog-Site
X-Storage
X-Site-Version
X-ProxyCache-Key
X-Platform-Server
X-ProxyCache-Status
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Nginx-Cache-Key
X-Forwarded-Host
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-GeoCountry
X-GeoCode
X-Extlb
X-Cache-Type
X-Backend-Name
X-GG-Cache-Date
X-Detected-As
X-Handled-By
X-Routing-Service
X-ServerID
X-Varnishpool
X-Tid
X-Web-Node
X-Zipkin-Id
X-Hl-Ver
X-SaId
X-Proxied
X-JoinUs
X-Dc
X-Cms-Context
X-Storefront-Renderer-Rendered
X-Edge-Location
X-Debug-Cache
X-Proto
Cache-Tv-Group
X-Timing-Wait
Selected-Fe
X-Proxy-Build
Ec-Rule-Version
CDN-Uid
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-NewRelic-App-Data
CDN-RequestCountryCode
CDN-RequestId
CDN-PullZone
ServedBy
Fastly-Drupal-Html
X-CDN-Forward
Web-Mar-Node
X-Cache-Action
Onion-Location
X-LSADC-Cache
X-App-Version
X-GEO
Webserver
X-Cached-By
X-Magnolia-Registration
X-IPLB-Request-ID
X-Varnish-Hostname
SRV
Cache-Hits
X-Hyper-Cache
SID
X-Parallel-Accel
X-Cluster
X-Cache-Remote
X-Cache-Operation
X-Envoy-Decorator-Operation
X-Air-Trace-Id
X-Tt-Logid
X-Air-Hostname
X-Air-Source
Mime-Version
X-Rewrite-Enabled
X-Fastcgi-Cache
X-Cdn
X-Rule
X-Varnish-Hits
X-Soup
X-Origin-TTL
X-Origin-CC
Xserver
Xet-Cookie
X-Accel-Buffering
X-Pubstack
DB-Nickname
X-Microcachable
Cache
Server-Info
LB
X-Reqid
X-Tumblr-Pixel-3
X-TA-CDN-Provider
Source
X-MP-GENERATED-AT
X-CSRF-Token
Country-Code
X-SRV
X-Tumblr-Pixel-2
X-TT-LOGID
X-Xrds-Location
X-Buckets
X-Correlation-ID
Decoy-Debug-TTL
X-Via-NSCOPI
Decoy-Debug-Status
Decoy-Debug-Key
X-Tx-Id
X-Request-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Response-Time
X-Endurance-Cache-Level
X-Skip-Cache
Host-ID
Candidate-Md5Url
Odigeo-Trace-Id
Pramga
BehaviorPad-Version
A
Fastcgi-X-Cache-Version
Expiry
Cache-Key
Lang
Cdncip
Cmstype
Cmsid
NM-Fastcgi-Cache
Mobile-Detection-Method
DCR-Decision-By
MD5-Digest
X-Vtex-Remote-Cache
Meta-Geo-Continent
Cdnsip
X-Vtex-Processado-Em
Xc-Version
DCR-Processing-Time-Ms
X-SRCache-Key
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-External-Request-Id
X-Forwarded-Path
X-Geo-Header
X-Ec-Fail
X-Developer
X-Cache-Status-Check
X-Shop-Environment
X-Connection-Hash
X-D
X-Destination
X-Hash
X-Ig-Push-State
X-S
X-Session-Fingerprint
X-S-Cookie
X-SD-PageType
X-ScT
X-Rojux
X-Processor
X-NAPM-TraceId
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Conf
X-CF-Lambda-Version
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Vdms-Path
X-Vdms-Version
Sslversion
Surrogated-Key
X-VG-WebCache
T-Server
X-User
X-TrackingId
X-BCube-Filmed-By
X-B-Cookie
X-Cache-NE
X-Cdn-Srv
X-CF-Lambda-Fn
X-ARC
X-Tenant
X-Aed
X-TIM-N
X-AK-Request-ID
X-Application
Rendered-Blocks
X-A
Datacenter
DynaTrace
X-Ms-Version
X-Azure-Ref
X-Ms-Request-Id
X-Gzip
X-Has-Esi
Environment
Memcached
X-GeoIP
X-Fetched-On
X-Ftr-Request-Id
X-Gdpr
X-Origin-Expires
Kp-EeAlive
X-Is-Gdpr
X-JWT-State
X-NodeID
X-Irp-Debug
X-Origin
X-HS-Content-Campaign-Id
Is-Eu
X-Esi-Check
X-Nyt-Route
X-Newrelic-Synthetics
X-Cache-Backend
X-Cache-Id
X-CacheTTL
X-Core-Mission
Wxu-Next-Commit
Wxu-Next-Hostname
X-Ad-Defer-Variation
X-Amzn-Remapped-Content-Length
X-Bc-Bl
Wxu-Next-Region
State
X-Core-Value
Producers
X-DPWN-IS-SECURE
Platform
X-Origin-Time
X-Device-Os
X-Developers
X-DefElseHash
Server-Host
X-DefHash
X-B3-SpanId
X-Loop
X-Wix-Viewer-Type
X-Sigma
X-Sigma-Backend
Adler-Geo
X-Scheme
X-SB
X-Worker
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Variation
X-TNCMS
X-V-Cache
X-Rocket-Build-Number
AKAMAI
X-SplitTest
We-Hiring
Mail-Subject
XM
X-Time
X-Varnish-Beresp-Grace
X-AIR-PT
X-NCache
X-RCS-CacheZone
HostName
X-Csrf-Jwt
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-VServer
X-Datadog-Parent-Id
X-BBC-Edge-Cache-Status
X-Aicache-OS
Redirect-Candidate
X-Auto-Login
X-VG-TLSProxy
X-Via-Ucdn
X-Viewer-Country
X-Wikidot-Static-Cache
X-Cdn-Origin
X-VarnishDD-TTL
X-Branch-Name
CPC-Age
X-Cache-Info
CPC-Cache
X-Cache-Bucket
X-Block-Status
VNS-Age
X-Cache-Date
X-Wikidot-Backend
X-Clara-WADP
VNS-Cache
X-CGP
X-Ckpd-Fst-Backend
X-WADP-Cache
X-Fmm-Version
X-Rebelmouse-Surrogate-Control
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Region-Sid
X-Request-URI
X-Mvc-Supplant-Cachable
X-Node-Id
X-Rocket-Nginx-Serving-Static
X-Planisys-CDN-TTL
X-Platform
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Proxy-Cache-Info
X-Pool
X-Pod-Name
X-Policy
X-Loc
X-Level-Front-Cache
X-Forwarded-Site
X-Gamma-Serve
X-Gen-Mode
X-Rebelmouse-Cache-Control
X-Thinkindot-L3
X-Eu-Site
X-Fastly-Cache
X-Generated-On
X-Sn-Servicetimems
X-Hnp-Log
X-Served-From
X-LAGOON
X-HN
X-SIPLIST1
X-GeoIP-City
X-Slack-Backend
X-Dispatcher-Number
X-Ec-Custom-Error
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
Gh-Request-Id
Req-Svc-Chain
Fastly-SIE
Fastly-SWR
Traceparent
Ha-Gx-Prefs
HA-Ipaddr
Ssr
Machine
N-Cache
NGX
L5d-Success-Class
L
Svr
Origin
IsBot
Fastly-GeoIP-CountryCode
User-Cache-Control
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Server-Hostname
Apple-News-Services-Handled
X-Varnish-Ttl
Release
Server-Ext
CDCHOST
PFcat
Web-Mar-Region
Vix-Hermes-Req-Id
Fastcgi-Cache-TTL
V-Age
Origin-CC
Cluster
CloudFront-Viewer-Country
Sever-Int
Origin-EX
Cache-Name
X-Minions-Version
X-ZONE
X-WA-Info
Fastly-Backend-Name
X-Scale
X-R9-Blue-Green-Version
DSUID
X-Proxy-Upstream
Ohc-File-Size
X-Owner
GEO-INFO
CDN
X-Httpd
Pics-Label
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Optimistic-Header
X-Micro-Cache
X-Server-IP
X-Refresh
X-CS
X-Parent-Response-Time
X-VC
X-Srv
Path
X-EC-Lua
X-CACHE-KEY
X-NC
X-Contensis-Viewer-Groups
X-From
X-Webstats-RespID
X-LB-NoCache
X-Ah-Environment
X-Cache-ASPX
Cache-Host
X-Edge-Pop
Servername
Ngx.Var.Host
Ms-Author-Via
X-TIME
Lb
X-Servedbyhost
Env
X-Varnish-Authentication
X-Location
X-Mvc-Supplant-OutputCached
X-Varnish-Beresp-TTL
X-Proxy-CacheRZ
X-Udemy-Cache-App-Namespace
X-RateLimit-Reset
XkeyRZ
X-Tb-Optimization-Total-Bytes-Saved
X-Generated-In
Locid
X-Men
X-Response-By
X-Clientip
X-API-Version
X-Via-Popn
X-Via-Popv
X-Amz-Meta-Cb-Modifiedtime
X-Via-Poph
Arc-Country
X-TraceId
Ohc-Cache-HIT
X-Old-Content-Length
X-S-Maxage
GeoIp-Country-Code
Time
ITXSESSIONID
Memory
X-Akamai-Transformed
AMP-Access-Control-Allow-Source-Origin
X-Vc
X-Accel-Expires-Debug
X-RPS
X-RSL
X-HA-Backend
X-Date
True-Client-IP
X-RPM
X-Cs
X-DSS
Client
X-DI
X-DB
X-DW
X-Dmc
Geoip-Latitude
X-TRACE-ID
X-VHOST
X-Tec-Api-Root
X-Tec-Api-Origin
Server-ID
X-Render-Time
X-GeoIP-Country-Code
X-MSEdge-Features
X-GeoIP-Region-Code
X-Trace-ID
X-Tec-Api-Version
X-MSEdge-Flight
X-VCL-Version
X-DynaTrace-JS-Agent
X-URL
X-Zone
Hostname
X-Fpc
X-FireWall-Port
X-Cache-Debug
X-INCAP-ABP
X-Api-Version
FSS-Cache
X-Presslabs-Stats
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-DC
Rip
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Skip-Cache
C-Via
X-Gateway-Cache-Key
X-Service
X-B3-Spanid
X-M-Reqid
HIT
X-Qnm-Cache
X-Webkit-Csp-Report-Only
X-M-Log
NtCoent-Length
Powered-By
CacheControlHeader
X-TX-ID
On-Server
Esi-Enabled
X-TH-Server
Tube-Get-Contents
X-Action
Click-Count-Error
Tube-Got-Results
Click-Count-Action-Start
X-PX
Tube-Return
True-Client-Country-4JS
Tube-Got-Eval
X-Traceid
X-HS-Status
X-Alfa-Service
Tcn
Test
X-FPC
X-Backend-TTL
X-NGINX-Cache
Server-Id
X-CSRF-TOKEN
Edge-Cache
X-Check-Cacheable
X-Cdn-Request-ID
OT-Force-Account-Verify
X-Pass-Why
X-Edge-Origin-Shield-Region
Cdn
User-Agent
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Record
X-Beluga-Node
X-Edge-Origin-Shield-Bytes
X-Beluga-Cache-Status
X-Req
X-Proxy-Cache-Hk
X-Vcl-Version
Geo-Info
Srv
X-Akamai-Pragma-Client-IP
X-Origin-Upstream-Status
Proxy-Connection
X-Via-PopN
Uri
GeoIP-Country-Code
My-App
GeoIP-Latitude
X-Via-PopH
X-Via-PopV
Srvid
Resin-Trace
X-Ha-Backend
Cf-Int-Pingora-Origin-Digest
WebServer
X-CLOUD-TRACE-CONTEXT
MIME-Version
X-APP
M-TraceId
Sid
X-Up
X-App
X-Webkit-CSP-Report-Only
Epwk-X-Cache
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Provided-By
Server-Ttl
X-ServedByHost
DT-Hot-News
X-Varnish-Beresp-Ttl
X-LB-ID
X-Cdn-Forward
X-Thanos
ENV
X-Fastly-Backend-Reqs
X-Backend-Host
X-Bip
X-Li-Fabric
X-LI-Proto
X-Li-Pop
X-LI-UUID
X-Newrelic-App-Data
Warning
X-Esi
X-Request-Start
True-Client-Ip
X-B3-Traceid-Primal
X-Geo
X-Lb-Nocache
X-RAMCache
X-Fetch-By
X-Vercel-Id
X-Vercel-Cache
X-UnsetCookies
X-Edge-POP
X-Nc
XServer
ServerName
X-HostName
Dt-Hot-News
Section-Origin-Responded
PICS-Label
X-CF-Powered-By
X-Akamai-Request-ID
X-ElasticPress-Query
X-ND-Cache
X-Dw-Trace-Id
WZWS-RAY
X-Yottaa-OS
Section-Io-Id
Section-Io-Origin-Status
X-Request-Url
X-Serial
CF-Cached-On
X-Time-Microsecs
X-HITS
Section-Io-Origin-Time-Seconds
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
DataCenter
X-Iplb-Instance
X-Iplb-Request-Id
D-Url-Rewrites
Cf-Device-Type
X-Snapshot-Date
Magicmarker
X-CUA
X-Vcache
X-Cc-Via
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Inserted-Into-Cache-At
Servedby
Cdn-Uid
Wp-Super-Cache
Cdn-Requestid
Cdn-Cache
Cdn-Edgestorageid
Cdn-Requestcountrycode
Cdn-Cachedat
Cdn-Pullzone
X-Varnish-Beresp-Status
X-MiniProfiler-Ids
X-Wp-Cf-Super-Cache-Cache-Control
Vha6-Origin
X-LiteSpeed-Tag
X-FC-Vary-Parameters
Content-Script-Type
X-Sucuri-Cache
Content-Style-Type
X-Back
X-Th-Server
X-Sucuri-ID
CountryCode
X-BBC-Origin-Response-Status
X-Dist-Code
X-Azure-Ref-OriginShield
X-Var-Ttl
X-Platform-Router
X-Platform-Processor
Tracecode
X-ATG-Version
Target-Params
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Fastly-Backend
X-Release
X-Platform-Cluster
X-Storefront-Renderer-Verified
X-Fragments
X-Request-URL
X-Wp-Cf-Super-Cache