Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Request-ID
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Content-Type
X-Ac
X-TtlSet
X-Vname
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Server-Name
X-FastCGI-Cache
Fastly-Restarts
Cache-Tag
X-ESI
X-Aws-Lambda-Call-Status
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-GitHub-Request-Id
X-MS-InvokeApp
X-Vcap-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-Cache-TTL
X-Abt-Application-Version
X-D2id
X-Cnection
X-Px
RTSS
X-Country-Code
Accept-Ch
Arr-Disable-Session-Affinity
X-Navigation-Version
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Goog-Hash
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Origin-Cache
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
AR-SID
AR-CACHE
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-Powered-CMS
X-Version
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
X-B3-TraceId-Primal
TCN
Mrf-Cache-Status
MRF-Tech
X-Protected-By
X-RateLimit-Remaining
X-Jurisdiction
X-T
X-HP-Webp
X-HP-Trace-Id
X-Shield-Request-Id
X-Forwarded-For
X-Aspnetmvc-Version
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Content-MD5
S
Edge-Cache-Tag
X-Language
X-Mid
Fastcgi-Cache
SPIisLatency
SPRequestDuration
Front-End-Https
Realpath
X-CST
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
X-DynaTrace
Pinterest-Generated-By
Pinterest-Version
Server-Node
X-Pinterest-Rid
X-MCACHE
X-Frontend
X-Content
X-Ab
X-Ua-Browser
Server-Name
X-Correlation-Id
X-Ruxit-Js-Agent
X-Ttl
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Ser
X-NWS-LOG-UUID
X-ECACHE
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-SharePointHealthScore
SPRequestGuid
X-Template
X-Cache-Key
X-Hits
X-Parallel-Accel
Fusion-Deployment-Id
Alternate-Protocol
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cleartype
X-B3-Sampled
MicrosoftSharePointTeamServices
X-Content-Options
Host
Charset
X-Page-Id
X-Www-Served-By
X-Git-Hash
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Amzn-Trace-Id
X-Daa-Tunnel
X-Hostname
X-Amz-Replication-Status
X-Content-Digest
X-Fastly-Request-Id
X-Varnish-Age
Filterid
X-Ratelimit-Limit
X-Az
X-AppVersion
X-Activity-Id
X-VCache
X-Upgrade-Enabled
X-FB-Debug
X-Accel-Expires
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Nginx-Upstream-Cache-Status
X-N
X-Origin-Server
TP-Cache
X-Grace
TP-L2-Cache
X-F-Cache
ServerID
X-Rid
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Mobile-URL
X-Route-Name
X-Is-Crawler
X-Flags
X-Request-Guid
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Server-ID
X-LB-Cache
X-TT
Viewport
X-App-Environment
X-Seen-By
X-Whom
X-Type
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Tb
X-FW-Hash
X-FW-Dynamic
X-Distributor
X-FW-Serve
X-FW-Server
X-FW-Type
X-Varnish-Grace
X-FW-Static
X-XRDS-LOCATION
Paypal-Debug-Id
Payment
DC
Node
X-App-Server
X-User-Agent
X-DataDome
Fastcgi-Useragent
X-Oneagent-Js-Injection
X-Wix-Request-Id
Accept-Charset
Country
X-NGENIX-Cache
X-Litespeed-Cache
X-Cache-Control
X-Origin-Upstream-Status
X-Cache-Rule
X-Fastly-Request-ID
Version
X-Logged-In
X-Webkit-CSP
X-Microsite
X-Drupal-Cache-Tags
X-Via-JSL
X-Request-Handler-Origin-Region
Referer-Policy
X-Ratelimit-Reset
Amp-Access-Control-Allow-Source-Origin
X-Cache-Age
Refresh
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cluster-Name
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Signature
X-B-Cache
X-Buckets
Cache-Status
X-Load-Cache
X-Varnish-Backend
X-Contextid
X-Node-Name
X-Response-Served-From
SD-X-WS
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
VIX-Pulpo-Node
X-Vgn-Hpd-Reason
X-Cache-Expired-At
X-Rendered-As
X-Is-Bot
X-Mobile
X-Page-View
X-B
NGB
X-Fastcgi-Cache
X-Proxy-Cache-Status
X-Jobs
Access-Control-Request-Headers
X-Real-IP
X-Debug
X-Cacheable-TTL
X-ProcessESI
X-UUID
X-Proxy
X-Instance
X-Yottaa-Optimizations
X-RemovedCookies
X-Yottaa-Metrics
X-Revision
Akamai-GRN
X-Drupal-Cache-Contexts
X-IPLB-Instance
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Action
X-Rule
X-Debug-IsConnected
X-Debug-IsPreview
X-Device-Type
Surrogate-Key
X-FW-Version
X-Framework
X-G
X-Cache-Time
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
CF-IPCountry
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
SID
DynaTrace
X-XRDS-Location
GEO-INFO
X-Azure-Ref
X-PressLabs-Stats
X-Accel-Buffering
Liferay-Portal
X-Nginx-Cache
X-APP-VERSION
X-Source
X-Ms-Version
X-Ms-Request-Id
Count-Hit
X-Presslabs-Stats
X-Cache-Operation
Uber-Trace-Id
Frame-Options
Healthy
X-Cache-NGX
X-CDN-Forward
X-EdgeConnect-Cache-Status
X-RTag
Ms-Operation-Id
MS-CV
X-Zen-Fury
X-Cache-Hit
Xserver
X-L-Path
X-Mode
X-Environment-Context
X-Tumblr-Pixel
X-Varnish-Server
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
Ec-Rule-Version
Protected
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-RateLimit-Limit
Countrycode
X-Ratelimit-Remaining
X-Backend-Name
X-Cache-TTL-Remaining
X-Forwarded-Host
X-Servername
X-Region
X-Detected-As
X-RN-RSRV
X-SaId
X-Rewrite-Enabled
X-JoinUs
Meta-Geo
X-Tid
X-UPSTREAM-Address
Backend
LB
X-ShardId
Decoy-Debug-Key
Country-Code
X-Hosted-By
Apigw-Requestid
Decoy-Debug-Status
X-Adobe-Loc
Decoy-Debug-TTL
X-Hyper-Cache
X-Cache-Grace
Eomportal-Instance
X-Adobe-Content
X-Proxied
X-Extlb
X-Debug-Cache
X-Alternate-Cache-Key
X-Content-Age
X-Generation-Time
X-Routing-Service
X-Sql-Duration-Ms
X-Uri
X-Redis-Cache
X-Sql-Count
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Zipkin-Id
X-ShopId
X-Shopify-Stage
X-NCache
X-Site-Version
X-Status
Section-Io-Cache
Cache-Name
X-PHP-Backend
X-Format
Url
Fastly-SSL
WPO-Cache-Status
X-Varnish-Beresp-Grace
X-Content-Powered-By
WPO-Cache-Message
X-ApacheServer
X-FB-TRIP-ID
X-PERF
X-TIME
X-Human
X-Cache-Server
X-Via-Fastly
Cache-Tv-Group
Selected-Fe
TWC-Connection-Speed
X-Proxy-Build
Mn-Server-Ip
X-Pubstack
TWC-Device-Class
X-Storage
Property-Id
X-Section
X-Cache-Type
X-Timing-Wait
X-Cache-Host
X-OCL
X-Origin-Date
X-Origin-Hint
X-PCL
Webcakes-Region
X-NYM-Debug-Backend
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Microcachable
TWC-Privacy
X-No-Session
Webcakes-App-Name
X-Access
Webcakes-App-Version
X-NewRelic-App-Data
X-Web-Node
X-Varnishpool
X-Say-Cacheable
X-BYPASS-REASON
CDN-Cache
X-SayCDN-TTL
X-UA-Device-Type
X-Server-W
X-ProxyCache-Key
X-Cluster-Node
X-ProxyCache-Status
X-Akamai-Edgescape
X-R9-Blue-Green-Version
CDN-CachedAt
X-Say-TTL
CDN-RequestId
Content-Disposition
CDN-RequestCountryCode
CDN-PullZone
CDN-Uid
CDN-EdgeStorageId
Azure-RegionName
DB-Nickname
Azure-SlotName
X-Azure-Ref-OriginShield
Azure-Version
X-ServerID
X-Generated-By
Azure-SiteName
Content-Secure-Policy
X-Soup
Azure-InstanceId
X-Webkit-Csp
X-Be
X-Ua
X-LSADC-Cache
X-Hl-Ver
OT-Force-Account-Verify
X-Cached-By
X-Nginx-Cache-Key
X-Trace-Id
SRV
Source
X-SRV
X-Bc-Bl
Cache
Retry-After
X-Unique-Id
X-Auto-Login
X-Dc
X-LAGOON
X-GEO
X-Platform-Server
X-TT-LOGID
X-Cache-Remote
Mime-Version
Cache-Hits
X-Varnish-Hits
Xet-Cookie
X-Akamai-Transformed
X-Xfnlog-Site
X-Cdn
X-Loop
X-TNCMS
X-Origin-TTL
X-Origin-CC
X-HTML-Minification-Powered-By
ServedBy
Onion-Location
X-S-Maxage
X-Varnish-Hostname
X-Cache-Tags
X-Varnish-Cache-Hits
HostName
X-Tumblr-Pixel-3
X-App-Version
X-EC-Lua
Upgrade-Insecure-Requests
X-Tumblr-Pixel-2
X-Request-Time
Web-Mar-Node
X-Amz-Meta-S3cmd-Attrs
From-Origin
X-CSRF-Token
X-AOL-HN
WP-Super-Cache
Webserver
X-Request-Host
N-Cache
X-ECache
X-Endurance-Cache-Level
X-Tenant
X-Proto
X-Time
X-FireWall-Port
X-Cache-Var-Map
X-Cache-Var
X-Cache-Enabled
X-Time-Microsecs
X-GG-Cache-Date
X-B3-SpanId
Nel
X-Correlation-ID
X-Origin-Response-Time
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-NWS-UUID-VERIFY
X-Edge-Location
X-Handled-By
X-Vtex-Processado-Em
X-VG-WebCache
Rendered-Blocks
X-Vtex-Remote-Cache
Surrogated-Key
Sslversion
X-Vdms-Path
Redirect-Candidate
Meta-Geo-Continent
Expiry
DCR-Processing-Time-Ms
Odigeo-Trace-Id
Xc-Version
DCR-Decision-By
BehaviorPad-Version
A
Pramga
X-Vdms-Version
User-Cache-Control
Mobile-Detection-Method
Fastcgi-X-Cache-Version
X-Application
X-Forwarded-Path
X-External-Request-Id
X-Ftr-Request-Id
X-Gen-Mode
X-Hnp-Log
X-S-Cookie
X-Developer
X-Session-Fingerprint
X-Destination
X-SD-PageType
X-ScT
X-Ig-Push-State
X-NAPM-TraceId
X-Planisys-CDN-TTL
X-Processor
X-Rojux
X-S
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-ND-Cache
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-D
X-Connection-Hash
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Aed
X-TIM-N
X-A-Dam
Vix-Hermes-Req-Id
X-V-Cache
X-A
X-A-Ccd
X-SRCache-Key
X-Aicache-OS
X-Cluster
X-Slack-Backend
X-Shop-Environment
X-Conf
X-Ckpd-Fst-Backend
X-CF-Lambda-Version
X-ARC
X-B-Cookie
X-Block-Status
X-CF-Lambda-Fn
V-Age
X-Cache-NE
X-Mg-Request-UUID
X-Via-NSCOPI
X-Amzn-RequestId
X-PHP-Host
CloudFront-Viewer-Country
X-Labrador-Cache-Channel
X-Amz-Apigw-Id
X-Origin-Expires
X-Origin-Time
State
X-Old-Content-Length
Origin
X-NodeID
X-Nyt-Route
Host-ID
Fastcgi-Cache-TTL
X-Server-IP
DSUID
X-Scheme
X-Request-URI
X-RCS-CacheZone
Svr
X-Proxy-Upstream
X-LI-UUID
X-Forwarded-Site
X-Gdpr
X-Geo-Header
X-Fastly-Cache
X-Cache-Bucket
X-Cdn-Srv
X-Date
X-Cache-Date
X-Accel-Expires-Debug
Wxu-Next-Region
X-Li-Pop
Cmstype
X-Location
True-Client-Country-4JS
X-Li-Fabric
Wxu-Next-Hostname
Wxu-Next-Commit
X-Men
X-Owner
X-Epic-Correlation-Id
Arc-Country
X-Webstats-RespID
X-SVT-ORM-VERSION
Fastly-Drupal-Html
AKAMAI
Cmsid
X-Adobe-Source
X-Viewer-Country
X-SVT-ORM-RULES
X-Backend-TTL
X-Sucuri-ID
X-Sucuri-Cache
CDCHOST
X-Reqid
X-MP-GENERATED-AT
X-Magnolia-Registration
Environment
X-M-Reqid
Web-Mar-Region
X-HN
Apple-News-Services-Request-Url
X-GeoIP-Country-Code
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-Core-Value
X-Locale
X-Cdn-Origin
X-GeoIP-Region-Code
X-VServer
Traceparent
X-M-Log
X-Gzip
X-Device-Os
X-Envoy-Decorator-Operation
X-Esi-Check
X-Backend-State
X-Developers
Apple-News-Services-Host
X-Qnm-Cache
Apple-News-Services-Handled
X-Fastly-Backend
X-Fetched-On
X-Cache-Id
Apple-News-Services-Parsed-Url
X-Hash
X-Cache-Debug
X-Generated-On
X-Gamma-Serve
Server-Info
X-Cache-Info
X-VarnishDD-TTL
L
X-Region-Sid
X-Rocket-Nginx-Serving-Static
Locid
Machine
X-VG-TLSProxy
X-Policy
X-RateLimit-Limit-Second
X-Req
Gh-Request-Id
X-Skip-Cache
X-Sn-Servicetimems
X-Storefront-Renderer-Rendered
X-Origin
X-Served-From
X-TH-Server
CacheControlHeader
X-Core-Mission
X-RateLimit-Remaining-Second
Server-Host
X-TrackingId
Ssr
X-UnsetCookies
PFcat
Origin-CC
Origin-EX
X-Mvc-Supplant-Cachable
X-Varnish-Beresp-Status
Release
X-Xrds-Location
X-DefHash
X-NU-AKA-ACS-Version
X-Request-Start
X-DefElseHash
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Req-Svc-Chain
Fastly-GeoIP-CountryCode
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-JWT-State
X-Node-Id
X-Rebelmouse-Surrogate-Control
X-GeoIP
X-Qloud-Router
X-Varnish-CookieINHashed-On
X-GeoIP-City
X-Has-Esi
X-Platform
X-Pod-Name
X-BBC-Edge-Cache-Status
X-Thinkindot-L3
X-Eu-Site
X-Thanos
X-DPWN-IS-SECURE
X-Irp-Debug
X-Rebelmouse-Cache-Control
X-Worker
X-Variation
X-Is-Gdpr
X-Csrf-Jwt
X-ATG-Version
Platform
X-Amzn-Remapped-Content-Length
L5d-Success-Class
X-Bip
TDXMobile
Thinkindot-CacheControl
We-Hiring
X-VC-Cache
X-Zone
Thinkindot-Control
Thinkindot-CacheControl-Type
Is-Eu
Mail-Subject
Cf-Device-Type
X-CGP
X-Branch-Name
Fastly-SIE
Adler-Geo
X-Tx-Id
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
S-Rt
X-Ua-Device
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
X-Loc
Magicmarker
X-CS
Memcached
NGX
X-Response-By
X-Sigma
NM-Fastcgi-Cache
X-Rocket-Build-Number
X-Sigma-Backend
X-FC-Vary-Parameters
X-Trace-ID
AMP-Access-Control-Allow-Source-Origin
X-Mvc-Supplant-OutputCached
X-Http-Reason
X-NC
X-Up
X-Restarts
X-Cache-Config
X-API-Version
X-Akamai-Request-ID2
X-Esi
CDN
Pics-Label
X-CACHE-KEY
X-LB-ID
Ms-Author-Via
X-Tt-Logid
Datacenter
X-RPM
Kp-EeAlive
Env
X-RPS
X-Cache-Backend
X-Action
X-LB-NoCache
X-DB
X-RSL
X-DSS
X-Generated-In
X-DW
X-DI
Edge-Cache
X-Wix-Viewer-Type
X-TraceId
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
Time
X-Refresh
Memory
WebServer
Candidate-Md5Url
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-DC
X-Varnish-Ttl
X-Optimistic-Header
Accept-Language
X-Datadome
X-Edge-Pop
X-Minions-Version
X-DynaTrace-JS-Agent
X-CacheTTL
X-Vc
On-Server
GeoIp-Country-Code
X-HA-Backend
WWW-Authenticate
X-Servedbyhost
Esi-Enabled
X-Urbn-Context-Path
Locale
X-Srv
X-Parent-Response-Time
X-Urbn-Site-Id
X-MSEdge-Features
X-MSEdge-Flight
X-ZONE
X-Unique-ID
Server-ID
X-Cs
X-Newrelic-Synthetics
X-Varnish-Beresp-TTL
X-Ec-Fail
C-Via
X-Ec-GeoHdr
X-User
X-Service
X-TA-CDN-Provider
X-TX-ID
X-VCL-Version
X-Cache-PHP
X-Fpc
X-App
X-Cache-Ttl
X-Traceid
X-LI-Proto
X-URL
X-Dynatrace
Cdncip
Cdnsip
X-Cache-Status-Check
Test
X-Li-Proto
X-Render-Time
X-AK-Request-ID
X-Webkit-Csp-Report-Only
X-Pass-Why
X-Fmm-Version
My-App
X-B3-Spanid
X-FPC
X-Clara-WADP
X-LiteSpeed-Cache-Control
X-WADP-Cache
Cluster
X-NODE
X-Webkit-CSP-Report-Only
Proxy-Connection
X-Var-Ttl
Geoip-Latitude
Resin-Trace
X-Vcl-Version
X-CUA
Tracecode
X-Mcache
X-From
Server-Id
X-CSRF-TOKEN
M-TraceId
T-Server
Lfy
Geo-Info
Fastly-Drupal-HTML
Lang
X-Clientip
Hostname
X-Fragments
Cf-Int-Pingora-Origin-Digest
X-Info
X-AIR-PT
X-Ha-Backend
Target-Params
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-LiteSpeed-Tag
X-ID
DataCenter
Cache-Host
HIT
X-Oss-Server-Time
UCS
X-VC
S-Cnection
X-Pad
X-WP-CF-Super-Cache
X-RAMCache
GeoIP-Country-Code
X-ServedByHost
X-WP-CF-Super-Cache-Cache-Control
Hit
X-Dynatrace-Js-Agent
X-Geo
X-Edge-POP
X-Via-PopN
Ohc-File-Size
X-Via-PopH
X-Cdn-Forward
X-Via-PopV
Tcn
MIME-Version
X-Api-Version
ENV
Fastly-Backend-Name
Section-Io-Origin-Status
X-Provided-By
Section-Io-Origin-Time-Seconds
X-Check-Cacheable
X-ElasticPress-Query
Permissions-Policy
Section-Io-Id
X-Micro-Cache
User-Agent
X-Proxy-Cache-Info
X-Httpd
Load-Balancing
X-NGINX-Cache
Section-Origin-Responded
X-Edge-Cache
X-Release
Servername
WZWS-RAY
X-Backend-Host
X-ServerName
X-HS-Status
X-Ucs
X-BBC-Origin-Response-Status
Producers
X-Fastly-Backend-Reqs
X-HostName
X-APP
FSS-Cache
X-Lb-Nocache
X-Cache-CFC
X-SB
X-GoCache-CacheStatus
PICS-Label
ServerName
X-UP
X-BCube-Filmed-By
Uri
URI
X-TRACE-ID
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Pool
X-Udemy-Cache-App-Namespace
Ohc-Cache-HIT
Server-Ttl
X-RateLimit-Reset
X-Swift-Error
X-Lb-Id
Cteonnt-Length
X-Cdn-Request-ID
Cneonction
X-Nc
Cdn
EpKe-Alive
X-Fastly-Cache-Hits
X-Dw-Trace-Id
X-Vcache
X-Yottaa-OS
X-WA
X-Newrelic-App-Data
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Scale
X-Akamai-ERPolicy
Cf-Ipcountry
X-Contensis-Viewer-Groups
X-WA-Info
X-Akamai-Request-ID
X-Acquia-Application-Trace
X-Snapshot-Date
X-Akamai-ERRuleID
X-Ec-Custom-Error
X-Cache-ASPX
Path
CPC-Age
Cache-Key
Shield-Pop
CPC-Cache
VNS-Age
Vha6-Origin
CF-Cached-On
X-Amz-Meta-Cb-Modifiedtime
VNS-Cache
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-B3-ParentSpanId
Lb
X-Cache-Ngx
Sid
X-Air-Pt
X-IN-APIGATEWAYSSL
X-SIPLIST1
X-IN-APIGATEWAY
GeoIP-Latitude
X-Shopify-Generated-Cart-Token
IsBot
X-Cache-Expires
X-Dispatcher-Number
X-Te-Count
X-Sentry-ID
Ngx
X-CacheKey
X-UA
X-Akamai-Pragma-Client-IP
CountryCode
Req-ID
X-Http-Count
X-Http-Duration-Ms
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Last-Modified
X-ES-SERVER
X-Te-Duration-Ms
X-Logging-Id
X-Varnish-Authentication