Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
X-Rq
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-LiteSpeed-Cache
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
Allow
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-CST
X-Aws-Lambda-Call-Status
X-Server-Id
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-Response-Time
X-HW
X-Application-Context
Xkey
Cf-Edge-Cache
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Trace
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-MS-InvokeApp
X-Rack-Cache
X-Vname
X-TtlSet
X-PC
X-Server-Name
Edge-Control
X-Clacks-Overhead
RTSS
X-Varnish-TTL
X-ESI
X-VARITI-CCR
X-B3-TraceId
X-Content-Type
Accept-Ch
Cache-Tag
X-Vcap-Request-Id
X-Amz-Rid
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Dw-Request-Base-Id
X-Amz-Server-Side-Encryption
X-Cnection
Public-Key-Pins
X-Ac
X-Px
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-Cache-TTL
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Ser
Service-Worker-Allowed
X-Edge
X-Version
X-FastCGI-Cache
X-Litespeed-Cache
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Response
X-Middleton-Response
Access-Control-Request-Method
X-NF-Request-ID
X-Correlation-Id
X-Goog-Hash
X-Ruxit-Js-Agent
X-Webkit-Csp
X-Kinsta-Cache
AR-SID
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-ATIME
SPRequestDuration
SPIisLatency
X-TTL
X-Edge-Location-Klb
X-Ttl
X-Upstream
X-RateLimit-Limit
X-LLID
X-NWS-LOG-UUID
X-Cached
X-Cache-Key
X-Powered-CMS
Edge-Cache-Tag
X-Kraken-Loop-Name
X-Instrumentation
SPRequestGuid
X-SharePointHealthScore
X-Server-Lifecycle-Phase
Nginx-Cache
TCN
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
Content-MD5
X-MSEdge-Ref
X-Id
MS-Author-Via
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-B3-TraceId-Primal
X-T
X-Daa-Tunnel
X-Recruiting
S
X-DataDome
X-Content-Digest
X-Mg-S
X-Ua-Device
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Protected-By
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-SRCache-Store-Status
X-Frontend
X-SRCache-Fetch-Status
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-Accel-Expires
X-HS-Hub-Id
Server-Node
X-Grace
X-Ab
X-Content
X-Ua-Browser
Front-End-Https
X-Yandex-Sdch-Disable
X-Request-Processing-Time
X-Request-Received
Filters
X-Server-ID
X-ECACHE
Fastcgi-Cache
X-PressLabs-Stats
X-Mid
X-Hits
TP-L2-Cache
X-Origin-Server
TP-Cache
X-Geo-Country
X-DynaTrace
X-Distributor
X-ORACLE-DMS-ECID
X-Debug-Info
X-ORACLE-DMS-RID
X-Amzn-Trace-Id
X-Pinterest-Rid
Charset
X-Tt-Trace-Tag
Pinterest-Generated-By
X-Tt-Trace-Host
Pinterest-Version
Cleartype
X-Page-Id
X-F-Cache
X-B3-Sampled
Host
X-Request-Handler-Origin-Region
Cross-Origin-Opener-Policy
X-Microsite
X-Ratelimit-Reset
X-Git-Hash
X-DIS-Request-ID
X-Www-Served-By
X-LB-Cache
X-Forwarded-Proto
Access-Control-Allow-Method
X-Cache-Age
ServerID
Cache-Tags
X-Seen-By
X-AppVersion
X-Az
X-Aspnetmvc-Version
X-Oracle-Dms-Ecid
X-Activity-Id
Accept-Charset
X-Cluster-Name
Cache-Status
X-Oracle-Dms-Rid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Age
Realpath
X-Language
Filterid
X-Content-Options
Server-Name
X-Rid
X-Type
X-Nginx-Upstream-Cache-Status
X-App-Environment
X-WebKit-CSP-Report-Only
X-Upgrade-Enabled
X-Mobile-URL
Node
X-User-Agent
X-Fastly-Request-ID
X-MCACHE
Viewport
Country
X-Varnish-Grace
X-Tb
X-Aspnet-Duration-Ms
X-Drupal-Cache-Tags
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-FB-Debug
X-Signature
X-Whom
X-Route-Name
X-B-Cache
X-Wix-Request-Id
X-Origin-Cache
Protected
X-TT
Retry-After
X-Goog-Stored-Content-Encoding
Paypal-Debug-Id
X-Goog-Generation
X-Goog-Metageneration
X-Varnish-Backend
X-GUploader-UploadID
DC
X-NWS-UUID-VERIFY
X-VCache
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Via-JSL
Fastcgi-Useragent
X-XRDS-LOCATION
X-Cache-NGX
X-B
X-Fastcgi-Cache
X-Amz-Replication-Status
Payment
X-Debug
X-Contextid
X-N
X-Logged-In
X-Mcache
X-XRDS-Location
WPO-Cache-Status
WPO-Cache-Message
X-Load-Cache
Surrogate-Key
X-Template
X-FW-Hash
X-FW-Type
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-FW-Serve
X-Fastly-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
Count-Hit
X-Amz-Meta-S3cmd-Attrs
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Node-Name
X-Response-Served-From
Healthy
X-Original-Request-Id
X-Hostname
SD-X-WS
Akamai-GRN
Content-Disposition
VIX-Pulpo-Upstream-Status
X-Akamai-Request-ID2
X-Is-Bot
VIX-Pulpo-Node
X-Rendered-As
X-Revision
X-UUID
X-Cache-Time
X-Zen-Fury
X-G
X-Jobs
X-Adobe-Loc
X-Http-Reason
Uber-Trace-Id
X-Cache-TTL-Remaining
X-Adobe-Content
Refresh
X-Page-View
X-Real-IP
X-Proxy
X-Trace-Id
NGB
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Device-Type
X-Instance
X-Cacheable-TTL
X-Framework
Alternate-Protocol
X-Debug-IsConnected
X-Debug-IsPreview
Permissions-Policy
Access-Control-Request-Headers
X-Mobile
X-IPLB-Instance
Url
X-ECache
X-Source
X-Servername
X-Parallel-Accel
X-Cache-Grace
X-B3-Traceid
From-Origin
Version
X-Cache-Rule
X-Vgn-Hpd-Reason
X-Varnish-Server
X-Oneagent-Js-Injection
X-Mg-Request-UUID
X-L-Path
Accept-Language
X-Environment-Context
X-Cache-Hit
X-Cache-Expired-At
X-Restarts
X-NGENIX-Cache
X-EdgeConnect-Cache-Status
Countrycode
Referer-Policy
MS-CV
X-RTag
Ms-Operation-Id
X-App-Server
X-Ah-Environment
Cross-Origin-Window-Policy
X-FW-Version
X-HTML-Minification-Powered-By
Frame-Options
X-NYM-Debug-Backend
X-IPS-LoggedIn
Liferay-Portal
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-COUNTRY
X-Cache-Action
Backend
X-Nginx-Cache
Content-Secure-Policy
CF-IPCountry
WP-Super-Cache
Section-Io-Cache
X-UPSTREAM-Address
Meta-Geo
X-OCL
X-PCL
X-RN-RSRV
Upgrade-Insecure-Requests
X-ProcessESI
X-APP-VERSION
Ec-Rule-Version
X-Generation-Time
X-Content-Age
X-RemovedCookies
X-Section
X-Access
Apigw-Requestid
X-Ua
Fastly-SSL
X-FB-TRIP-ID
X-Format
X-Detected-As
Cache-Tv-Group
X-Cache-Server
X-Cluster-Node
X-Cache-Enabled
X-Redis-Cache
TWC-Locale-Group
X-Urbn-Site-Id
X-Uri
X-No-Session
X-Urbn-Context-Path
TWC-Privacy
X-Akamai-Edgescape
Webcakes-App-Name
Webcakes-Region
Azure-RegionName
Azure-InstanceId
Webserver
Webcakes-App-Version
X-Hosted-By
X-Be
X-Mode
X-Web-Node
X-AOL-HN
X-Ratelimit-Remaining
S-Rt
Property-Id
Mn-Server-Ip
TWC-GeoIP-Country
X-Sql-Count
X-Origin-Date
X-Storage
TWC-GeoIP-LatLong
X-Region
X-Server-W
X-Request-Time
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
TWC-Device-Class
X-Sql-Duration-Ms
Locale
Azure-SiteName
Azure-Version
X-UA-Device-Type
X-Origin-Hint
X-Varnish-Cache-Hits
TWC-Connection-Speed
Azure-SlotName
CDN-RequestId
X-ApacheServer
X-Nginx-Cache-Key
X-Adobe-Source
CDN-Uid
CDN-PullZone
CDN-Cache
X-Site-Version
CDN-CachedAt
X-ProxyCache-Key
CDN-RequestCountryCode
CDN-EdgeStorageId
X-ProxyCache-Status
X-BYPASS-REASON
X-Human
X-Status
X-PHP-Backend
X-Unique-Id
X-Webkit-CSP
X-PERF
X-Generated-By
X-Forwarded-Host
X-Cache-Tags
X-Hyper-Cache
X-Debug-Cache
X-Xfnlog-Site
Eomportal-Instance
X-Platform-Server
X-Cache-Host
X-Handled-By
X-Sorting-Hat-ShopId
X-Routing-Service
X-Proxied
X-SaId
X-Sorting-Hat-PodId
X-Content-Powered-By
X-Cache-Type
X-Tid
X-Shopify-Stage
X-ShardId
X-ServerID
X-Extlb
X-ShopId
X-JoinUs
X-Zipkin-Id
X-Alternate-Cache-Key
X-Backend-Name
X-Rule
X-Varnishpool
X-Via-Fastly
X-Hl-Ver
X-NewRelic-App-Data
Selected-Fe
ServedBy
X-Proxy-Build
X-GG-Cache-Date
X-Labrador-Cache-Channel
X-Timing-Wait
X-PHP-Host
X-TT-LOGID
X-Locale
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-Cache-Operation
X-Accel-Buffering
X-Datadome
X-Cache-Remote
X-VC-Cache
X-Rewrite-Enabled
X-CDN-Forward
X-Cached-By
X-Midtier
SID
Xserver
X-Edge-Location
X-Pubstack
X-LSADC-Cache
X-Dc
X-Proto
SRV
Mime-Version
Web-Mar-Node
X-Cms-Context
Fastly-Drupal-Html
X-Storefront-Renderer-Rendered
X-TA-CDN-Provider
X-Soup
X-GEO
X-Reqid
X-Buckets
X-App-Version
Onion-Location
Country-Code
X-Request-Host
Decoy-Debug-Key
X-GeoCountry
Decoy-Debug-TTL
X-GeoCode
Load-Balancing
Decoy-Debug-Status
X-Varnish-Hostname
X-Ratelimit-Limit
X-Origin-TTL
LB
X-Origin-CC
Server-Info
Cache-Hits
X-Microcachable
Xet-Cookie
X-Cluster
X-Ms-Request-Id
X-Ms-Version
X-MP-GENERATED-AT
X-CSRF-Token
X-Varnish-Hits
X-Tumblr-Pixel-2
X-Envoy-Decorator-Operation
X-Tumblr-Pixel-3
X-SRV
X-Magnolia-Registration
X-Time
X-Air-Trace-Id
X-B3-SpanId
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Air-Hostname
DynaTrace
X-Bc-Bl
X-Air-Source
X-RCS-CacheZone
X-NCache
X-Endurance-Cache-Level
X-Epic-Correlation-Id
X-Esi-Check
X-From
X-Gzip
X-Ftr-Request-Id
X-Ec-GeoHdr
X-Forwarded-Path
X-External-Request-Id
X-Hash
X-HS-Content-Campaign-Id
X-Cache-Bucket
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A-Wwc
X-Aed
Expiry
X-AK-Request-ID
Fastcgi-X-Cache-Version
X-A
Host-ID
NM-Fastcgi-Cache
Sslversion
Odigeo-Trace-Id
Rendered-Blocks
Surrogated-Key
Mobile-Detection-Method
Lang
T-Server
Meta-Geo-Continent
X-Application
X-ARC
A
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cdn-Srv
X-Conf
X-Connection-Hash
X-Developer
X-Destination
X-D
X-Cache-NE
X-Cache-Id
Cmstype
DB-Nickname
DCR-Decision-By
DCR-Processing-Time-Ms
Cmsid
X-B-Cookie
BehaviorPad-Version
Cdncip
Cdnsip
X-Ec-Fail
X-LAGOON
X-Origin-Response-Time
X-Webstats-RespID
X-Tx-Id
X-TIM-N
X-S-Cookie
X-TrackingId
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-R9-Blue-Green-Version
X-Shop-Environment
X-Rojux
Xc-Version
X-Processor
X-Tenant
X-SRCache-Key
X-S
X-User
X-VG-WebCache
Pramga
X-SD-PageType
X-Vdms-Version
X-Ig-Push-State
X-Vdms-Path
X-Session-Fingerprint
X-Vtex-Processado-Em
X-ScT
X-Vtex-Remote-Cache
X-NodeID
X-NAPM-TraceId
X-Varnish-Beresp-Grace
X-ZONE
X-Azure-Ref
X-Varnish-Ttl
Source
X-WADP-Cache
X-Viewer-Country
X-VG-TLSProxy
X-Amzn-Remapped-Content-Length
Fastly-GeoIP-CountryCode
X-Wix-Viewer-Type
X-Worker
X-Ec-Custom-Error
State
X-Rocket-Build-Number
X-Node-Id
User-Cache-Control
X-Sigma
X-Sigma-Backend
Producers
X-SVT-ORM-VERSION
Server-Host
X-SVT-ORM-RULES
V-Age
Vix-Hermes-Req-Id
Wxu-Next-Region
X-Device-Os
X-Core-Mission
X-Cache-Info
Wxu-Next-Hostname
X-Fetched-On
We-Hiring
Web-Mar-Region
Wxu-Next-Commit
MD5-Digest
X-Clara-WADP
X-Origin
X-Nyt-Route
X-Gdpr
X-Origin-Expires
X-Origin-Time
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Fastly-Cache
X-Gen-Mode
X-Geo-Header
X-JWT-State
X-Is-Gdpr
X-Irp-Debug
X-Hnp-Log
X-Loop
X-GeoIP
X-Has-Esi
X-Mvc-Supplant-Cachable
X-Planisys-CDN-TTL
X-RateLimit-Limit-Second
X-V-Cache
X-TNCMS
X-Ckpd-Fst-Backend
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Cache-Backend
X-Slack-Backend
X-Core-Value
X-DPWN-IS-SECURE
X-Request-URI
X-RateLimit-Remaining-Second
X-Developers
X-DefHash
X-DefElseHash
X-Server-IP
X-Block-Status
X-Fmm-Version
Is-Eu
Adler-Geo
Cache
Environment
Mail-Subject
Apple-News-Services-Request-Url
Cache-Name
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Platform
X-BBC-Edge-Cache-Status
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Cache-Date
X-Proxy-Upstream
X-Csrf-Jwt
X-CGP
X-Cdn-Origin
X-Httpd
X-Dispatcher-Number
X-CacheTTL
Traceparent
X-Men
X-SB
X-Via-NSCOPI
Kp-EeAlive
L
Origin
X-GeoIP-City
X-Rebelmouse-Cache-Control
X-Sn-Servicetimems
X-Minions-Version
X-Scheme
X-Forwarded-Site
Origin-CC
Ssr
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Qloud-Router
X-Eu-Site
Origin-EX
Release
Req-Svc-Chain
Thinkindot-Control
AKAMAI
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
X-VServer
N-Cache
X-Thinkindot-L3
X-Proxy-Cache-Info
L5d-Success-Class
Svr
X-Pod-Name
X-Platform
X-Policy
Memcached
Locid
Machine
Fastly-SIE
Fastly-SWR
X-Rebelmouse-Surrogate-Control
CDCHOST
X-Aicache-OS
X-Location
X-Branch-Name
X-Auto-Login
Fastcgi-Cache-TTL
HostName
Redirect-Candidate
X-Loc
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
CDN
X-Gamma-Serve
X-Optimistic-Header
DSUID
CloudFront-Viewer-Country
X-Scale
NGX
X-Generated-On
X-VarnishDD-TTL
IsBot
PFcat
X-HN
X-Parent-Response-Time
X-SIPLIST1
Cluster
X-Skip-Cache
X-Served-From
X-Rocket-Nginx-Serving-Static
X-Response-By
X-Pool
X-Old-Content-Length
X-Region-Sid
Sever-Int
Server-Hostname
Server-Ext
X-Via-Ucdn
X-Level-Front-Cache
Arc-Country
X-EC-Lua
X-RPS
X-RSL
X-Refresh
X-RPM
X-CS
X-NC
X-IPLB-Request-ID
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Pics-Label
X-DB
X-DI
X-DW
X-Srv
X-DSS
X-VC
Ohc-File-Size
X-TraceId
X-Owner
X-Tb-Optimization-Total-Bytes-Saved
X-Newrelic-Synthetics
Env
X-LB-NoCache
X-Accel-Expires-Debug
X-Tt-Logid
X-Date
Servername
Ms-Author-Via
Candidate-Md5Url
X-Ad-Defer-Variation
X-BCube-Filmed-By
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Amz-Meta-Cb-Modifiedtime
Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-GeoIP-Region-Code
Datacenter
Time
X-Generated-In
X-Mvc-Supplant-OutputCached
X-GeoIP-Country-Code
Memory
X-Akamai-Transformed
X-RateLimit-Reset
X-Udemy-Cache-App-Namespace
CPC-Age
Geo-Info
X-Cache-ASPX
X-Cache-Debug
X-Contensis-Viewer-Groups
XM
CPC-Cache
X-Edge-Pop
GEO-INFO
VNS-Cache
VNS-Age
X-SplitTest
X-TIME
X-Xrds-Location
Fastly-Backend-Name
X-API-Version
X-Servedbyhost
ITXSESSIONID
X-Varnish-Authentication
X-Via-Popn
X-WA-Info
X-Via-Popv
X-Via-Poph
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
X-HA-Backend
GeoIp-Country-Code
X-Trace-ID
X-Micro-Cache
Path
CacheControlHeader
X-Webkit-Csp-Report-Only
X-Action
X-TH-Server
X-Cache-Status-Check
X-S-Maxage
Client
True-Client-Country-4JS
X-AIR-PT
X-DC
X-VCL-Version
X-CACHE-KEY
Server-ID
Ohc-Cache-HIT
X-Vc
Lb
Cache-Host
X-Backend-TTL
Geoip-Latitude
X-Cs
X-VHOST
FSS-Cache
X-Varnish-Beresp-TTL
Ngx.Var.Host
True-Client-IP
Hostname
X-Presslabs-Stats
Edge-Cache
X-Req
XkeyRZ
X-Api-Version
X-Proxy-CacheRZ
X-Fpc
My-App
X-Provided-By
X-Clientip
NtCoent-Length
X-Pass-Why
Powered-By
X-FireWall-Port
X-Origin-Upstream-Status
X-TX-ID
X-Zone
X-PX
X-Up
X-Traceid
X-B3-Spanid
Test
X-LB-ID
X-Varnish-Beresp-Ttl
X-FPC
X-NGINX-Cache
DataCenter
Cf-Int-Pingora-Origin-Digest
X-Cdn-Request-ID
X-CSRF-TOKEN
X-MSEdge-Flight
X-MSEdge-Features
X-Dynatrace
X-Dmc
X-Correlation-ID
X-INCAP-ABP
X-Beluga-Cache-Status
User-Agent
X-HS-Status
X-Render-Time
X-Beluga-Trace
X-Webkit-CSP-Report-Only
X-Beluga-Response-Time
X-Beluga-Status
X-UnsetCookies
X-Li-Fabric
X-Beluga-Record
X-Li-Pop
X-LI-UUID
X-Beluga-Node
X-Vcl-Version
WZWS-RAY
X-ND-Cache
Rip
Server-Id
C-Via
Proxy-Connection
OT-Force-Account-Verify
X-Check-Cacheable
X-CLOUD-TRACE-CONTEXT
X-CUA
X-Via-PopV
Tube-Got-Results
X-Via-PopH
X-Ha-Backend
X-Gateway-Request-Id
X-Time-Microsecs
Tube-Get-Contents
GeoIP-Latitude
X-Alfa-Service
GeoIP-Country-Code
Tube-Got-Eval
Tube-Return
X-Gateway-Skip-Cache
X-Via-PopN
X-B3-Traceid-Primal
Click-Count-Action-Start
X-Gateway-Cache-Key
Click-Count-Error
X-RAMCache
Srvid
X-URL
X-Gateway-Cache-Status
X-Geo
X-Service
Esi-Enabled
X-Fragments
X-ServedByHost
X-Platform-Cluster
Tracecode
Target-Params
X-Platform-Router
X-Platform-Processor
Sid
Cf-Device-Type
Uri
MIME-Version
X-Akamai-Pragma-Client-IP
HIT
X-Proxy-Cache-Hk
On-Server
X-ATG-Version
X-Fastly-Backend
Resin-Trace
X-Fastly-Backend-Reqs
X-FC-Vary-Parameters
X-CCDN-CacheTTL
Epwk-X-Cache
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-M-Reqid
X-Azure-Ref-OriginShield
X-Var-Ttl
Srv
X-Fetch-By
X-Sucuri-ID
X-Sucuri-Cache
X-DynaTrace-JS-Agent
Lfy
X-M-Log
X-Qnm-Cache
X-LI-Proto
Cdn
Fastly-Drupal-HTML
X-TRACE-ID
X-Edge-POP
X-Backend-Host
ENV
X-Cdn-Forward
X-Esi
X-LiteSpeed-Cache-Control
Section-Io-Origin-Time-Seconds
X-APP
Section-Io-Origin-Status
XServer
X-NU-AKA-ACS-Version
X-Li-Proto
X-App
Section-Io-Id
Section-Origin-Responded
X-Varnish-Beresp-Status
X-Cache-Expires
Magicmarker
X-Backend-State
X-Srcache-Store-Status
X-MG-S
X-Srcache-Fetch-Status
X-ElasticPress-Query
Inserted-Into-Cache-At
X-Newrelic-App-Data
ServerName
X-Yottaa-OS
Tcn
X-Lb-Nocache
PICS-Label
CF-Cached-On
D-Url-Rewrites
Wpo-Cache-Status
X-Acquia-Site
X-Acquia-Purge-Tags
X-Iplb-Request-Id
X-Vcache
X-Nc
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Cache-CFC
X-Request-Start
Wpo-Cache-Message
Cf-Ipcountry
Server-Ttl
X-Iplb-Instance
X-Serial
Warning
X-HostName
Servedby
X-LiteSpeed-Tag
X-Back
Fastcgi-Cache-Ttl
X-Shopify-Generated-Cart-Token
X-Fastly-Cache-Hits
X-Swift-Error
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Id
Hit
True-Client-Ip
X-Vercel-Cache
X-Bip
X-Thanos
Content-Style-Type
X-Wp-Cf-Super-Cache
X-Th-Server
X-Request-URL
X-Litespeed-Cache-Control
X-BBC-Origin-Response-Status
Cneonction
Ngx
X-Dist-Code
X-Snapshot-Date
X-CF-Powered-By
X-IN-APIGATEWAYSSL
X-Release
CountryCode
X-Request-Url
X-Storefront-Renderer-Verified
X-B3-Parentspanid
X-IN-APIGATEWAY
Content-Script-Type
X-Dw-Trace-Id