Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Request-ID
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-PC
X-TtlSet
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Server-Name
Fastly-Restarts
Cache-Tag
X-ESI
X-FastCGI-Cache
X-Aws-Lambda-Call-Status
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-Vcap-Request-Id
X-Amz-Rid
X-GitHub-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Aspnetmvc-Version
X-Cnection
X-Px
Accept-Ch
X-Navigation-Version
RTSS
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-NF-Request-ID
X-Goog-Hash
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Origin-Cache
X-Instrumentation
X-Powered-CMS
AR-PoweredBy
AR-ATIME
AR-SID
AR-CACHE
AR-Request-ID
X-Version
Display
X-Middleton-Display
X-Sol
Pagespeed
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-TTL
X-MSEdge-Ref
X-Kinsta-Cache
X-SRCache-Fetch-Status
X-Edge-Location-Klb
X-SRCache-Store-Status
Nginx-Cache
X-Edge
MRF-Tech
TCN
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Protected-By
X-T
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Content-MD5
X-RateLimit-Remaining
S
X-Forwarded-For
Edge-Cache-Tag
Fastcgi-Cache
X-Language
X-Mid
SPIisLatency
SPRequestDuration
Front-End-Https
Realpath
X-CST
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Pinterest-Version
Pinterest-Generated-By
Filters
X-Pinterest-Rid
Server-Node
X-DynaTrace
X-MCACHE
X-Frontend
Server-Name
X-Content
X-Ab
X-Ua-Browser
X-Correlation-Id
X-Ttl
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Ser
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-NWS-LOG-UUID
X-ECACHE
X-Ezoic-Cdn
X-SharePointHealthScore
X-Template
SPRequestGuid
X-Cache-Key
X-Hits
X-Parallel-Accel
Alternate-Protocol
X-Tt-Trace-Host
X-Tt-Trace-Tag
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Kong-Proxy-Latency
Cache-Tags
X-Kong-Upstream-Latency
X-Ruxit-Js-Agent
X-Page-Id
Charset
X-B3-Sampled
Cleartype
X-Content-Options
MicrosoftSharePointTeamServices
Host
X-Www-Served-By
X-Git-Hash
X-Geo-Country
X-Ratelimit-Limit
X-Debug-Info
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Hostname
X-Daa-Tunnel
X-Amz-Replication-Status
X-Content-Digest
X-Fastly-Request-Id
Filterid
X-Varnish-Age
X-Activity-Id
X-AppVersion
X-Az
X-VCache
X-Upgrade-Enabled
X-FB-Debug
X-Forwarded-Proto
X-Accel-Expires
Cross-Origin-Opener-Policy
X-Grace
X-Nginx-Upstream-Cache-Status
X-Rid
X-N
X-Origin-Server
Access-Control-Allow-Method
ServerID
TP-L2-Cache
X-F-Cache
TP-Cache
X-Mobile-URL
X-Is-Crawler
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Route-Name
X-Request-Guid
X-Flags
X-Server-ID
X-LB-Cache
X-Whom
X-TT
X-Varnish-Grace
Viewport
X-Type
X-Seen-By
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Tb
X-WebKit-CSP-Report-Only
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-FW-Dynamic
Payment
X-FW-Static
X-XRDS-LOCATION
X-Distributor
Node
X-FW-Hash
X-FW-Type
X-FW-Serve
X-FW-Server
X-App-Environment
DC
Paypal-Debug-Id
X-App-Server
X-User-Agent
Fastcgi-Useragent
X-DataDome
Country
Accept-Charset
X-Wix-Request-Id
X-NGENIX-Cache
X-Cache-Control
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Cache-Rule
X-Fastcgi-Cache
Version
X-Logged-In
X-Fastly-Request-ID
X-Via-JSL
X-Webkit-CSP
X-Microsite
X-Request-Handler-Origin-Region
X-Drupal-Cache-Tags
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Ratelimit-Reset
Amp-Access-Control-Allow-Source-Origin
Referer-Policy
X-Cluster-Name
X-Cache-Age
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-B-Cache
X-Buckets
Refresh
X-Signature
X-Browser-Type
X-Contextid
X-Varnish-Backend
X-Load-Cache
Cache-Status
VIX-Pulpo-Upstream-Status
X-Response-Served-From
X-Node-Name
X-Original-Request-Id
VIX-Pulpo-Node
SD-X-WS
X-Mobile
X-Page-View
X-Real-IP
X-Rendered-As
X-Is-Bot
X-Vgn-Hpd-Reason
X-Debug
X-B
Access-Control-Request-Headers
NGB
X-Proxy-Cache-Status
X-Cacheable-TTL
X-Cache-Expired-At
X-Device-Type
X-Instance
X-Rule
X-RemovedCookies
X-UUID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Jobs
X-ProcessESI
X-IPLB-Instance
Akamai-GRN
X-Tec-Api-Root
X-Drupal-Cache-Contexts
Surrogate-Key
X-Cache-Action
X-Revision
X-Tec-Api-Version
X-Tec-Api-Origin
X-Proxy
X-Framework
X-Debug-IsConnected
X-Cache-Time
X-Debug-IsPreview
X-FW-Version
X-G
X-Air-Hostname
X-TEC-API-VERSION
X-TEC-API-ROOT
CF-IPCountry
X-Air-Trace-Id
X-Air-Source
X-TEC-API-ORIGIN
X-XRDS-Location
SID
GEO-INFO
DynaTrace
X-Azure-Ref
X-PressLabs-Stats
Liferay-Portal
X-Ratelimit-Remaining
X-Oneagent-Js-Injection
X-Accel-Buffering
X-Nginx-Cache
X-APP-VERSION
X-Source
X-Ms-Version
X-Ms-Request-Id
X-Presslabs-Stats
Count-Hit
Uber-Trace-Id
Frame-Options
X-Cache-Operation
X-Cache-NGX
X-CDN-Forward
Ms-Operation-Id
MS-CV
X-RTag
Healthy
X-EdgeConnect-Cache-Status
X-Zen-Fury
Xserver
Countrycode
X-Cache-Hit
X-Varnish-Server
X-Backend-Name
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Environment-Context
X-L-Path
X-Tumblr-Pixel-0
X-Mode
Protected
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Region
X-Cache-TTL-Remaining
Ec-Rule-Version
X-Forwarded-Host
X-Servername
Meta-Geo
X-UPSTREAM-Address
X-RN-RSRV
X-Detected-As
X-SaId
X-JoinUs
X-Tid
X-Rewrite-Enabled
Backend
X-Debug-Cache
X-Sorting-Hat-ShopId
X-Content-Powered-By
X-Sql-Count
X-Content-Age
X-Sql-Duration-Ms
X-ShopId
X-Proxied
LB
X-Cache-Server
X-Generation-Time
X-Zipkin-Id
X-Hyper-Cache
X-Extlb
X-ShardId
X-Cache-Grace
X-Hosted-By
WPO-Cache-Status
Apigw-Requestid
X-Adobe-Loc
WPO-Cache-Message
X-Uri
Country-Code
X-Sorting-Hat-PodId
Decoy-Debug-Status
Decoy-Debug-Key
X-Alternate-Cache-Key
X-Adobe-Content
X-Routing-Service
Eomportal-Instance
X-Shopify-Stage
X-Redis-Cache
Decoy-Debug-TTL
X-No-Session
X-Origin-Date
X-NCache
Fastly-SSL
X-ApacheServer
X-Human
Mn-Server-Ip
Cache-Name
X-PERF
X-ServerID
X-Varnish-Beresp-Grace
X-Via-Fastly
X-Format
Section-Io-Cache
X-Status
X-Site-Version
X-Cache-Host
X-BYPASS-REASON
X-Server-W
X-NYM-Debug-Backend
Cache-Tv-Group
X-OCL
X-Storage
X-Akamai-Edgescape
Url
X-Microcachable
X-UA-Device-Type
X-PHP-Backend
X-Cluster-Node
X-Cache-Type
X-PCL
X-ProxyCache-Status
X-ProxyCache-Key
X-Access
X-Section
X-Pubstack
X-NewRelic-App-Data
Property-Id
CDN-RequestCountryCode
TWC-GeoIP-Country
TWC-GeoIP-LatLong
CDN-Cache
CDN-PullZone
X-Origin-Hint
CDN-RequestId
X-Web-Node
TWC-Connection-Speed
TWC-Device-Class
Selected-Fe
CDN-EdgeStorageId
X-SayCDN-TTL
X-Say-TTL
X-Hl-Ver
X-R9-Blue-Green-Version
X-Proxy-Build
X-Say-Cacheable
X-Timing-Wait
TWC-Privacy
TWC-Locale-Group
CDN-Uid
Webcakes-App-Version
Webcakes-Region
CDN-CachedAt
Webcakes-App-Name
Content-Disposition
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-InstanceId
X-Soup
X-Generated-By
Azure-RegionName
X-Be
X-Azure-Ref-OriginShield
DB-Nickname
Content-Secure-Policy
X-FB-TRIP-ID
X-Varnishpool
X-Webkit-Csp
X-Ua
X-LSADC-Cache
X-TIME
OT-Force-Account-Verify
X-RateLimit-Limit
X-Cached-By
X-Nginx-Cache-Key
X-Trace-Id
SRV
Source
X-SRV
X-Bc-Bl
Cache
Retry-After
X-Unique-Id
X-Dc
X-Auto-Login
X-LAGOON
X-TT-LOGID
X-GEO
X-Platform-Server
X-Cache-Remote
X-Akamai-Transformed
Xet-Cookie
X-Cdn
X-Xfnlog-Site
Cache-Hits
X-Varnish-Hits
Mime-Version
X-Origin-CC
X-Origin-TTL
X-TNCMS
X-Loop
X-Varnish-Hostname
X-HTML-Minification-Powered-By
Onion-Location
X-S-Maxage
HostName
ServedBy
X-Cache-Tags
X-Amz-Meta-S3cmd-Attrs
X-CSRF-Token
Upgrade-Insecure-Requests
X-Tumblr-Pixel-3
X-Time
X-Varnish-Cache-Hits
X-Tumblr-Pixel-2
X-App-Version
Web-Mar-Node
From-Origin
X-Request-Time
Webserver
X-Proto
X-EC-Lua
X-ECache
X-AOL-HN
WP-Super-Cache
X-Request-Host
X-Endurance-Cache-Level
X-Tenant
X-VWS-Id
N-Cache
X-Cache-Var-Map
X-AWS-Id
X-FireWall-Port
X-LJ-Flow-ID
X-Cache-Var
X-Time-Microsecs
X-GG-Cache-Date
X-B3-SpanId
X-Origin-Response-Time
X-Correlation-ID
Nel
X-Handled-By
X-Cache-Enabled
X-Edge-Location
X-A-Dam
X-A-Dcw
X-Planisys-CDN-Rules
Vix-Hermes-Req-Id
X-Session-Fingerprint
X-A-Ccd
X-NAPM-TraceId
X-Vdms-Path
X-A
X-A-Dgt
X-PBS-Appsvrname
X-Application
X-ARC
X-B-Cookie
X-SRCache-Key
X-Aicache-OS
X-Aed
X-Shop-Environment
X-Planisys-CDN-Cache
X-A-Wwc
X-Slack-Backend
V-Age
X-SD-PageType
Mobile-Detection-Method
Odigeo-Trace-Id
A
Xc-Version
Meta-Geo-Continent
BehaviorPad-Version
DCR-Processing-Time-Ms
Expiry
Fastcgi-X-Cache-Version
X-Rojux
Pramga
X-S
X-Planisys-CDN-TTL
X-Vdms-Version
X-ScT
User-Cache-Control
Surrogated-Key
X-VG-WebCache
Redirect-Candidate
Rendered-Blocks
Sslversion
X-S-Cookie
X-Block-Status
X-ND-Cache
X-Destination
X-TIM-N
X-Developer
X-External-Request-Id
X-CF-Lambda-Version
X-Cluster
X-Conf
X-Vtex-Processado-Em
X-D
X-Processor
X-Connection-Hash
X-CF-Lambda-Fn
X-Mg-Request-UUID
DCR-Decision-By
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
X-Ftr-Request-Id
X-Ig-Push-State
X-Cache-NE
X-Orig-Expires
X-Gen-Mode
X-Via-NSCOPI
X-Hnp-Log
X-Forwarded-Path
CloudFront-Viewer-Country
X-Labrador-Cache-Channel
X-NWS-UUID-VERIFY
X-Amz-Apigw-Id
X-MP-GENERATED-AT
X-PHP-Host
X-Amzn-RequestId
X-Gdpr
Fastcgi-Cache-TTL
X-Origin-Expires
DSUID
X-Mvc-Supplant-Cachable
Origin
X-Li-Pop
X-Hash
X-Origin-Time
Host-ID
Gh-Request-Id
X-Request-URI
X-Geo-Header
X-Backend-TTL
X-Fastly-Cache
X-Accel-Expires-Debug
X-NodeID
X-Ckpd-Fst-Backend
X-Nyt-Route
X-Cdn-Srv
X-RCS-CacheZone
X-Epic-Correlation-Id
X-Cache-Date
X-Location
X-Li-Fabric
X-Owner
X-LI-UUID
Svr
X-Forwarded-Site
X-Policy
X-Proxy-Upstream
X-Men
True-Client-Country-4JS
X-Date
X-Cache-Bucket
X-Old-Content-Length
State
Cmsid
X-Reqid
X-Sucuri-Cache
X-Sucuri-ID
X-SVT-ORM-VERSION
AKAMAI
X-Adobe-Source
X-Viewer-Country
X-Magnolia-Registration
X-Scheme
X-Server-IP
Fastly-Drupal-Html
Arc-Country
X-SVT-ORM-RULES
X-Webstats-RespID
CacheControlHeader
X-V-Cache
CDCHOST
Cmstype
Environment
X-HN
X-Storefront-Renderer-Rendered
X-Eu-Site
X-VG-TLSProxy
X-Rocket-Nginx-Serving-Static
X-Backend-State
X-HS-Content-Campaign-Id
X-Sn-Servicetimems
X-Origin
X-GeoIP-Country-Code
Wxu-Next-Commit
Web-Mar-Region
X-RateLimit-Limit-Second
We-Hiring
X-UnsetCookies
Wxu-Next-Hostname
X-Irp-Debug
X-Skip-Cache
X-Fastly-Backend
X-Level-Front-Cache
X-Branch-Name
X-Gzip
X-Csrf-Jwt
X-Core-Value
X-Core-Mission
X-TH-Server
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Gamma-Serve
X-Developers
X-TrackingId
X-Datadog-Trace-Id
X-Varnish-Beresp-Status
X-Generated-On
X-GeoIP-Region-Code
X-Cache-Id
X-Cache-Debug
X-RateLimit-Remaining-Second
X-GeoIP-City
X-Cdn-Origin
X-CGP
X-GeoIP
X-Envoy-Decorator-Operation
X-VarnishDD-TTL
X-Esi-Check
Wxu-Next-Region
X-Served-From
X-VServer
X-Req
X-Cache-Info
Origin-EX
PFcat
Server-Host
X-M-Reqid
Release
X-M-Log
Mail-Subject
Machine
Apple-News-Services-Parsed-Url
X-Request-Start
Apple-News-Services-Host
Apple-News-Services-Handled
Ha-Gx-Prefs
HA-Ipaddr
Locid
L5d-Success-Class
L
Apple-News-Services-Request-Url
X-Region-Sid
Origin-CC
Traceparent
X-Locale
X-Qnm-Cache
X-Xrds-Location
X-DefHash
X-DefElseHash
X-Rocket-Build-Number
X-Zone
X-Rebelmouse-Cache-Control
X-Thinkindot-L3
X-Varnish-CookieINHashed-On
Is-Eu
X-Thanos
X-VC-Cache
Req-Svc-Chain
X-Device-Os
X-DPWN-IS-SECURE
X-Worker
X-Pod-Name
X-FC-Vary-Parameters
X-Fetched-On
X-Platform
Cf-Device-Type
X-Rebelmouse-Surrogate-Control
Fastly-SWR
Fastly-SIE
X-Qloud-Router
X-Response-By
X-Varnish-Remaining-TTL
X-ATG-Version
X-Has-Esi
Ssr
X-Amzn-Remapped-Content-Length
X-Node-Id
TDXMobile
Platform
Server-Info
Fastly-GeoIP-CountryCode
X-Tx-Id
X-NU-AKA-ACS-Version
X-Bip
X-Is-Gdpr
Thinkindot-CacheControl
Thinkindot-Control
X-JWT-State
X-Variation
X-Sigma
S-Rt
X-Varnish-CookieHashed-On
Memcached
Adler-Geo
NM-Fastcgi-Cache
Thinkindot-CacheControl-Type
X-Sigma-Backend
X-BBC-Edge-Cache-Status
X-Trace-ID
X-Ua-Device
X-Varnish-Beresp-Ttl
X-Loc
X-Mvc-Supplant-OutputCached
AMP-Access-Control-Allow-Source-Origin
NGX
X-CLOUD-TRACE-CONTEXT
X-CS
X-Esi
X-Restarts
X-API-Version
Magicmarker
X-Up
X-NC
X-Http-Reason
X-Akamai-Request-ID2
X-LB-ID
X-Cache-Config
Kp-EeAlive
CDN
Pics-Label
X-Tt-Logid
X-Generated-In
X-CACHE-KEY
Ms-Author-Via
X-LB-NoCache
X-DB
X-DW
X-Cache-Backend
Memory
X-Action
Datacenter
X-DI
X-RPS
X-DSS
Env
X-RPM
X-Wix-Viewer-Type
X-TraceId
X-RSL
Time
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Ttl
WebServer
X-Refresh
X-DC
X-Via-Popv
X-Via-Poph
X-Via-Popn
Candidate-Md5Url
Edge-Cache
X-Optimistic-Header
X-Datadome
Accept-Language
X-Minions-Version
X-CacheTTL
X-Edge-Pop
X-DynaTrace-JS-Agent
X-Vc
On-Server
GeoIp-Country-Code
WWW-Authenticate
X-HA-Backend
X-Servedbyhost
Esi-Enabled
Locale
X-Srv
X-Urbn-Context-Path
X-Parent-Response-Time
X-Urbn-Site-Id
X-MSEdge-Features
X-MSEdge-Flight
Server-ID
X-Unique-ID
X-ZONE
X-Varnish-Beresp-TTL
X-Newrelic-Synthetics
X-Cs
X-Service
X-User
X-Ec-Fail
X-Webkit-Csp-Report-Only
X-Ec-GeoHdr
C-Via
X-TX-ID
X-TA-CDN-Provider
X-Cache-PHP
X-VCL-Version
X-App
X-Cache-Ttl
X-Fpc
X-LI-Proto
X-Traceid
X-Dynatrace
X-URL
Cdnsip
X-Cache-Status-Check
X-AK-Request-ID
Cdncip
X-Li-Proto
X-Render-Time
Test
X-Pass-Why
X-Clara-WADP
My-App
X-FPC
Cluster
X-LiteSpeed-Cache-Control
X-WADP-Cache
X-Fmm-Version
X-B3-Spanid
X-Webkit-CSP-Report-Only
X-NODE
Proxy-Connection
Tracecode
X-CUA
X-Var-Ttl
Geoip-Latitude
X-Vcl-Version
Resin-Trace
X-Mcache
X-From
T-Server
M-TraceId
Server-Id
Geo-Info
X-Fragments
Lang
Fastly-Drupal-HTML
Lfy
X-Clientip
Cf-Int-Pingora-Origin-Digest
X-AIR-PT
X-CSRF-TOKEN
X-Info
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-LiteSpeed-Tag
Target-Params
X-ID
X-Ha-Backend
GeoIP-Country-Code
X-Oss-Request-Id
UCS
X-Oss-Server-Time
Cache-Host
X-VC
DataCenter
HIT
X-Oss-Storage-Class
Hostname
Hit
X-ServedByHost
X-RAMCache
X-WP-CF-Super-Cache
X-Edge-POP
X-WP-CF-Super-Cache-Cache-Control
S-Cnection
X-Pad
X-Dynatrace-Js-Agent
X-Geo
X-Via-PopV
X-Via-PopH
X-Cdn-Forward
Ohc-File-Size
Tcn
X-Via-PopN
MIME-Version
X-Api-Version
X-Proxy-Cache-Info
Fastly-Backend-Name
X-Provided-By
ENV
Section-Io-Origin-Status
Permissions-Policy
Section-Origin-Responded
X-Httpd
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Micro-Cache
X-Edge-Cache
X-Check-Cacheable
X-NGINX-Cache
Load-Balancing
X-ElasticPress-Query
X-HS-Status
User-Agent
Producers
Servername
WZWS-RAY
X-Ucs
X-ServerName
X-Fastly-Backend-Reqs
X-Release
X-BBC-Origin-Response-Status
X-Backend-Host
X-HostName
PICS-Label
ServerName
X-Lb-Nocache
X-GoCache-CacheStatus
Uri
X-UP
X-BCube-Filmed-By
X-APP
URI
FSS-Cache
X-Cache-CFC
X-SB
X-FORWARDED-FOR
X-TRACE-ID
Cdn
X-Platform-Router
Cteonnt-Length
X-Platform-Processor
X-RateLimit-Reset
X-Lb-Id
X-Swift-Error
X-Platform-Cluster
Server-Ttl
EpKe-Alive
X-Nc
Cneonction
X-Fastly-Cache-Hits
X-Udemy-Cache-App-Namespace
Ohc-Cache-HIT
X-Cdn-Request-ID
X-Pool
X-Dw-Trace-Id
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-WA
X-Akamai-ERPolicy
X-Apw-Hits
X-Scale
X-Akamai-ERRuleID
X-Acquia-Site
Path
X-WA-Info
X-Akamai-Request-ID
X-Ec-Custom-Error
X-Vcache
X-Acquia-Purge-Tags
X-Apw-Access-Token
X-Snapshot-Date
VNS-Cache
X-Contensis-Viewer-Groups
X-Cache-ASPX
Cf-Ipcountry
VNS-Age
Vha6-Origin
Cache-Key
X-B3-ParentSpanId
CPC-Age
CPC-Cache
CF-Cached-On
Shield-Pop
X-Yottaa-OS
X-Apw-Access-Object
X-Newrelic-App-Data
X-Apw-Access-Action
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Ngx
X-Air-Pt
Sid
Lb
X-IN-APIGATEWAYSSL
X-SIPLIST1
X-CacheKey
X-Logging-Id
X-Shopify-Generated-Cart-Token
X-Cache-Expires
IsBot
GeoIP-Latitude
X-IN-APIGATEWAY
X-Dispatcher-Number
Ngx
X-Varnish-Authentication
X-Last-Modified
X-ES-SERVER
X-Http-Count
X-Te-Count
X-Http-Duration-Ms
CountryCode
Req-ID
X-Akamai-Pragma-Client-IP
X-Te-Duration-Ms
X-Wikidot-Backend
X-Sentry-ID
X-Wikidot-Static-Cache
X-UA