Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Request-ID
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
Host-Header
X-Amz-Request-Id
X-Proxy-Cache
X-UA-Device
X-Amz-Id-2
X-Hacker
X-Rq
Grace
X-Dns-Prefetch-Control
X-Akamai-Path-Stats
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
Allow
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Url
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
Fastly-Restarts
X-Country
X-Mod-Pagespeed
X-MS-InvokeApp
X-TtlSet
X-PC
X-Rack-Cache
X-Vname
X-Ruxit-JS-Agent
X-Clacks-Overhead
X-Server-Name
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-VARITI-CCR
X-Content-Type
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
Accept-Ch
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Amz-Rid
X-Amz-Server-Side-Encryption
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cnection
X-Px
X-Ac
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-RateLimit-Remaining
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-Cache-TTL
X-Edge
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Ser
X-FastCGI-Cache
Service-Worker-Allowed
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
X-Ruxit-Js-Agent
Response
X-Middleton-Response
X-NF-Request-ID
Access-Control-Request-Method
X-Correlation-Id
X-Goog-Hash
X-Ttl
X-Kinsta-Cache
SPIisLatency
SPRequestDuration
AR-PoweredBy
AR-Request-ID
AR-CACHE
AR-ATIME
AR-SID
X-Edge-Location-Klb
X-Upstream
X-Webkit-Csp
X-TTL
X-NWS-LOG-UUID
X-Ua-Device
X-LLID
X-Cached
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-SharePointHealthScore
Edge-Cache-Tag
SPRequestGuid
Nginx-Cache
X-RateLimit-Limit
X-Cache-Key
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-Litespeed-Cache
TCN
X-MSEdge-Ref
Content-MD5
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
X-B3-TraceId-Primal
X-Daa-Tunnel
MS-Author-Via
X-Id
X-T
X-Recruiting
S
X-Content-Digest
X-Mg-S
X-DataDome
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Protected-By
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ezoic-Cdn
X-HS-Cache-Config
X-HS-Content-Id
X-Accel-Expires
X-HS-Hub-Id
X-HS-Combine-CSS
X-Ua-Browser
X-ECACHE
X-Frontend
MicrosoftSharePointTeamServices
X-Ab
X-Content
X-Request-Processing-Time
X-Grace
Server-Node
X-Request-Received
Front-End-Https
X-Yandex-Sdch-Disable
Filters
Fastcgi-Cache
X-Mid
X-Server-ID
X-DynaTrace
TP-Cache
X-Hits
TP-L2-Cache
X-Geo-Country
X-Origin-Server
X-ORACLE-DMS-ECID
X-Distributor
X-PressLabs-Stats
X-ORACLE-DMS-RID
X-Ratelimit-Reset
X-Debug-Info
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-WebKit-CSP-Report-Only
Cleartype
Charset
X-Page-Id
Host
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-DIS-Request-ID
X-Git-Hash
X-F-Cache
Cross-Origin-Opener-Policy
X-Microsite
X-B3-Sampled
X-Request-Handler-Origin-Region
X-LB-Cache
X-Www-Served-By
X-Forwarded-Proto
Access-Control-Allow-Method
ServerID
X-Cache-Age
X-Seen-By
Cache-Tags
Cache-Status
X-Az
X-Activity-Id
X-AppVersion
X-Varnish-Age
X-Cluster-Name
X-Kong-Upstream-Latency
Accept-Charset
X-Kong-Proxy-Latency
Realpath
X-Language
Filterid
X-MCACHE
X-Aspnetmvc-Version
X-Oracle-Dms-Ecid
Server-Name
X-Oracle-Dms-Rid
X-Rid
X-Content-Options
X-Type
X-Nginx-Upstream-Cache-Status
X-App-Environment
Country
Viewport
X-Varnish-Grace
Node
X-Tb
X-NWS-UUID-VERIFY
X-Upgrade-Enabled
Retry-After
X-Origin-Cache
X-Mobile-URL
X-XRDS-LOCATION
X-Signature
X-User-Agent
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-FB-Debug
X-B-Cache
X-Request-Guid
X-Route-Name
X-Flags
DC
X-Is-Crawler
Paypal-Debug-Id
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-TT
X-Whom
X-Varnish-Backend
X-Goog-Generation
X-VCache
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
Protected
X-Goog-Stored-Content-Encoding
Fastcgi-Useragent
X-Fastly-Request-Id
X-Via-JSL
X-B
X-Amz-Replication-Status
X-Cache-NGX
X-N
X-Debug
Payment
X-Contextid
X-Logged-In
X-Fastly-Request-ID
X-Fastcgi-Cache
X-Load-Cache
WPO-Cache-Status
WPO-Cache-Message
X-Template
Surrogate-Key
X-Mcache
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-FW-Type
X-Cache-Control
X-Amz-Meta-S3cmd-Attrs
Count-Hit
X-Node-Name
X-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-Erf-Bev-Bev
X-Browser-Type
Healthy
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Original-Request-Id
Permissions-Policy
SD-X-WS
Content-Disposition
Akamai-GRN
X-Proxy
Refresh
X-Akamai-Request-ID2
X-XRDS-Location
X-Revision
X-Is-Bot
X-Hostname
X-Zen-Fury
X-Cache-Time
X-G
X-Rendered-As
X-Jobs
X-Real-IP
X-UUID
X-Cache-TTL-Remaining
X-Page-View
Uber-Trace-Id
X-Cacheable-TTL
X-Mobile
X-Framework
X-Http-Reason
X-Adobe-Loc
X-Adobe-Content
Alternate-Protocol
X-Device-Type
X-Drupal-Cache-Contexts
X-Debug-IsPreview
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Instance
X-Debug-IsConnected
X-Proxy-Cache-Status
NGB
X-Yottaa-Metrics
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-IPLB-Instance
Url
X-Servername
X-Source
X-Cache-Grace
X-COUNTRY
From-Origin
Version
X-Cache-Rule
X-Varnish-Server
X-ECache
X-Vgn-Hpd-Reason
X-B3-Traceid
X-Mg-Request-UUID
X-Parallel-Accel
X-L-Path
X-Restarts
X-NGENIX-Cache
X-Environment-Context
Accept-Language
X-EdgeConnect-Cache-Status
X-Cache-Hit
X-Cache-Expired-At
X-Oneagent-Js-Injection
Referer-Policy
Countrycode
MS-CV
X-RTag
Ms-Operation-Id
X-App-Server
X-HTML-Minification-Powered-By
X-FW-Version
Frame-Options
X-Ratelimit-Remaining
Liferay-Portal
X-NYM-Debug-Backend
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-IPS-LoggedIn
Backend
X-Cache-Action
X-RemovedCookies
X-ProcessESI
X-APP-VERSION
Content-Secure-Policy
CF-IPCountry
WP-Super-Cache
X-Nginx-Cache
Section-Io-Cache
Upgrade-Insecure-Requests
Meta-Geo
X-Redis-Cache
X-UPSTREAM-Address
X-RN-RSRV
X-Cache-Server
X-Detected-As
X-Format
X-Access
X-No-Session
X-Ua
Ec-Rule-Version
X-Generation-Time
X-Cache-Enabled
Cache-Tv-Group
X-Hosted-By
X-OCL
X-Section
X-FB-TRIP-ID
X-Content-Age
X-PCL
X-Via-Fastly
Apigw-Requestid
X-Request-Time
X-Say-Cacheable
Fastly-SSL
X-Say-TTL
X-Uri
Azure-RegionName
X-Urbn-Context-Path
Azure-SlotName
X-AOL-HN
X-Human
Azure-SiteName
Azure-Version
X-Region
X-Cluster-Node
Azure-InstanceId
X-Be
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-Region
TWC-Device-Class
X-Site-Version
TWC-Locale-Group
X-Server-W
X-PHP-Backend
Webcakes-App-Name
X-Urbn-Site-Id
Webcakes-App-Version
TWC-Privacy
X-Sql-Count
X-Origin-Hint
S-Rt
X-Varnish-Cache-Hits
Property-Id
X-UA-Device-Type
Mn-Server-Ip
X-Web-Node
TWC-Connection-Speed
X-Origin-Date
X-Akamai-Edgescape
X-Sql-Duration-Ms
X-Generated-By
X-SayCDN-TTL
Locale
X-Datadome
X-Hyper-Cache
X-Mode
X-Cache-Host
X-ApacheServer
X-Adobe-Source
Eomportal-Instance
CDN-Uid
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
X-Cache-Tags
X-Debug-Cache
X-Nginx-Cache-Key
X-ProxyCache-Key
X-ProxyCache-Status
X-Storage
X-BYPASS-REASON
X-Xfnlog-Site
X-Forwarded-Host
X-PERF
X-Platform-Server
X-Status
CDN-CachedAt
X-Content-Powered-By
CDN-Cache
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Tid
X-Varnishpool
X-Extlb
X-ShopId
X-Zipkin-Id
X-ShardId
X-JoinUs
X-Hl-Ver
X-Handled-By
X-TT-LOGID
X-Proxied
X-Routing-Service
X-Backend-Name
X-ServerID
X-SaId
X-Cache-Type
X-Unique-Id
X-Rule
X-Locale
X-Timing-Wait
X-Proxy-Build
X-GG-Cache-Date
X-PHP-Host
X-Labrador-Cache-Channel
X-NewRelic-App-Data
X-Webkit-CSP
Selected-Fe
X-Midtier
ServedBy
X-Dc
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
Webserver
X-VC-Cache
X-Cache-Operation
X-Accel-Buffering
X-Cache-Remote
X-LSADC-Cache
X-Edge-Location
SID
X-Rewrite-Enabled
X-Proto
X-Cached-By
X-Cms-Context
X-Ratelimit-Limit
Web-Mar-Node
Mime-Version
SRV
Fastly-Drupal-Html
X-Storefront-Renderer-Rendered
X-Soup
X-CDN-Forward
Xserver
X-TA-CDN-Provider
X-Pubstack
Onion-Location
X-Buckets
X-Reqid
X-GEO
X-Varnish-Hostname
X-App-Version
X-GeoCountry
X-GeoCode
Load-Balancing
Country-Code
X-Request-Host
X-Cdn
X-Microcachable
Cache-Hits
Decoy-Debug-Status
Decoy-Debug-Key
X-Origin-CC
X-Origin-TTL
Decoy-Debug-TTL
LB
Server-Info
X-Cluster
X-Varnish-Hits
X-Ms-Request-Id
X-MP-GENERATED-AT
X-Ms-Version
Xet-Cookie
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-SRV
X-Magnolia-Registration
X-Envoy-Decorator-Operation
X-B3-SpanId
X-NCache
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-CSRF-Token
X-Tec-Api-Root
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Tec-Api-Origin
DynaTrace
X-Tec-Api-Version
X-Time
X-Bc-Bl
DB-Nickname
X-RCS-CacheZone
X-Endurance-Cache-Level
X-A-Dcw
Lang
Sslversion
T-Server
X-From
Cache-Name
X-Forwarded-Path
Host-ID
X-A-Wwc
X-A-Dgt
X-Esi-Check
X-External-Request-Id
X-Ftr-Request-Id
X-Geo-Header
Rendered-Blocks
Mobile-Detection-Method
X-Hash
Pramga
NM-Fastcgi-Cache
Meta-Geo-Continent
X-A
X-A-Dam
X-Gzip
X-Epic-Correlation-Id
X-PAYTM-SRV-ID
X-A-Ccd
Odigeo-Trace-Id
X-AK-Request-ID
X-Conf
Cmsid
X-Connection-Hash
X-D
Cmstype
Source
A
X-Cache-NE
Cdnsip
X-CF-Lambda-Fn
X-Cdn-Srv
X-CF-Lambda-Version
BehaviorPad-Version
DCR-Decision-By
X-Destination
X-ARC
X-B-Cookie
X-Ec-GeoHdr
X-Application
Cdncip
X-Ec-Fail
Fastcgi-X-Cache-Version
X-Cache-Id
DCR-Processing-Time-Ms
X-Cache-Bucket
X-Developer
Expiry
X-Aed
X-Origin-Response-Time
X-Vtex-Processado-Em
X-Processor
X-VG-WebCache
X-SRCache-Key
X-User
X-Orig-Expires
X-S-Cookie
X-S
X-Session-Fingerprint
X-Webstats-RespID
X-TrackingId
X-Vtex-Remote-Cache
X-Varnish-Beresp-Grace
X-R9-Blue-Green-Version
X-Tenant
X-Vdms-Version
X-PBS-Appsvrname
X-NAPM-TraceId
X-SD-PageType
X-ScT
X-Rojux
X-HS-Content-Campaign-Id
X-Vdms-Path
Xc-Version
X-TIM-N
X-Ig-Push-State
Surrogated-Key
X-Shop-Environment
X-Azure-Ref
X-Tx-Id
Cache
X-Fetched-On
X-TNCMS
Environment
X-Planisys-CDN-Rules
X-Varnish-Remaining-TTL
X-Block-Status
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Planisys-CDN-TTL
X-Amzn-Remapped-Content-Length
Mail-Subject
We-Hiring
Web-Mar-Region
Wxu-Next-Commit
X-Origin
Platform
X-SVT-ORM-RULES
State
Server-Host
User-Cache-Control
Producers
Wxu-Next-Hostname
Wxu-Next-Region
Machine
X-Rocket-Build-Number
X-Node-Id
X-Nyt-Route
X-Variation
X-Planisys-CDN-Cache
X-Sigma-Backend
X-V-Cache
X-Sigma
Memcached
Is-Eu
Apple-News-Services-Parsed-Url
X-Fastly-Cache
X-Fmm-Version
CDN
X-JWT-State
X-LAGOON
X-Scheme
X-Location
X-Slack-Backend
X-SB
X-WADP-Cache
X-Is-Gdpr
X-VG-TLSProxy
X-Origin-Expires
X-Has-Esi
X-Server-IP
X-Hnp-Log
X-Origin-Time
X-GeoIP
X-Gdpr
X-Gen-Mode
X-Irp-Debug
X-DPWN-IS-SECURE
X-Developers
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Adler-Geo
X-SVT-ORM-VERSION
Apple-News-Services-Request-Url
X-Ec-Custom-Error
X-Device-Os
X-Mvc-Supplant-Cachable
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Core-Mission
X-Loop
X-DefHash
X-Worker
X-Wix-Viewer-Type
Fastly-GeoIP-CountryCode
X-DefElseHash
X-Cache-Info
X-Core-Value
MD5-Digest
X-NodeID
X-ZONE
X-Varnish-Ttl
Kp-EeAlive
L
X-Datadog-Trace-Id
CloudFront-Viewer-Country
X-Viewer-Country
X-Request-URI
X-Sn-Servicetimems
X-VarnishDD-TTL
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Req-Svc-Chain
X-CGP
CDCHOST
X-Cdn-Origin
X-Httpd
Origin-EX
Origin
Origin-CC
X-Csrf-Jwt
X-Region-Sid
X-Eu-Site
X-Platform
X-Pod-Name
X-Gamma-Serve
X-Generated-On
X-GeoIP-City
X-Level-Front-Cache
X-HN
X-Minions-Version
X-Policy
X-Proxy-Cache-Info
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Svr
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Forwarded-Site
X-Qloud-Router
Cluster
Release
L5d-Success-Class
X-Loc
Locid
X-Pool
HA-Ipaddr
X-Dispatcher-Number
Gh-Request-Id
X-Aicache-OS
Ssr
X-Rocket-Nginx-Serving-Static
X-Served-From
Redirect-Candidate
X-Thinkindot-L3
X-VServer
V-Age
Vix-Hermes-Req-Id
N-Cache
PFcat
X-Skip-Cache
X-CacheTTL
Ha-Gx-Prefs
Thinkindot-Control
Traceparent
X-BBC-Edge-Cache-Status
Fastly-SIE
X-Branch-Name
X-Cache-Backend
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Auto-Login
Fastcgi-Cache-TTL
X-Cache-Date
Fastly-SWR
Arc-Country
Server-Hostname
X-Via-NSCOPI
IsBot
HostName
X-Men
X-Optimistic-Header
Sever-Int
X-Xrds-Location
Server-Ext
X-IPLB-Request-ID
X-Scale
NGX
X-EC-Lua
DSUID
X-Via-Ucdn
X-SIPLIST1
X-CS
X-TraceId
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Response-By
AMP-Access-Control-Allow-Source-Origin
X-Owner
X-Old-Content-Length
X-NC
X-Refresh
Ohc-File-Size
Pics-Label
X-VC
X-Srv
X-RSL
X-RPS
X-DW
X-RPM
X-Tb-Optimization-Total-Bytes-Saved
X-Parent-Response-Time
Time
Memory
X-DB
X-DSS
X-DI
X-Newrelic-Synthetics
X-Udemy-Cache-App-Namespace
X-Akamai-Transformed
X-Date
X-Ah-Environment
Candidate-Md5Url
X-Ad-Defer-Variation
X-Tt-Logid
Env
X-Wikidot-Backend
X-Edge-Pop
X-Wikidot-Static-Cache
X-Accel-Expires-Debug
Servername
X-CACHE-KEY
X-BCube-Filmed-By
X-LB-NoCache
X-Mvc-Supplant-OutputCached
Datacenter
Cache-Key
X-TIME
Ms-Author-Via
X-Generated-In
CPC-Cache
VNS-Cache
XM
X-SplitTest
GEO-INFO
VNS-Age
X-GeoIP-Region-Code
CPC-Age
X-GeoIP-Country-Code
X-Via-Popn
X-Cache-Status-Check
X-Cache-ASPX
X-Via-Popv
X-Cache-Debug
X-Via-Poph
X-Contensis-Viewer-Groups
Geo-Info
Fastly-Backend-Name
GeoIp-Country-Code
X-Amz-Meta-Cb-Modifiedtime
X-WA-Info
X-Micro-Cache
Path
X-Varnish-Authentication
X-API-Version
X-S-Maxage
X-Servedbyhost
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-AIR-PT
ITXSESSIONID
Geoip-Latitude
X-HA-Backend
Lb
CacheControlHeader
X-RateLimit-Reset
Ohc-Cache-HIT
X-Vc
X-Presslabs-Stats
X-Action
True-Client-Country-4JS
Cache-Host
X-VCL-Version
X-TH-Server
Client
Ngx.Var.Host
Server-ID
True-Client-IP
X-Backend-TTL
X-VHOST
X-Cs
Hostname
FSS-Cache
XkeyRZ
X-Proxy-CacheRZ
X-Varnish-Beresp-TTL
X-Api-Version
X-Trace-ID
X-DC
X-Req
X-Clientip
Edge-Cache
Powered-By
X-Provided-By
My-App
X-TX-ID
X-FireWall-Port
X-Fpc
X-Zone
X-Webkit-Csp-Report-Only
X-Pass-Why
X-NGINX-Cache
X-Origin-Upstream-Status
X-Varnish-Beresp-Ttl
X-FPC
X-B3-Spanid
X-PX
X-Up
NtCoent-Length
X-CSRF-TOKEN
Test
X-LB-ID
X-Dmc
X-MSEdge-Features
X-MSEdge-Flight
X-Traceid
Cf-Int-Pingora-Origin-Digest
DataCenter
X-Render-Time
X-HS-Status
X-INCAP-ABP
X-Cdn-Request-ID
X-Dynatrace
X-Correlation-ID
X-Beluga-Node
X-Beluga-Record
X-Beluga-Response-Time
X-Li-Pop
X-Li-Fabric
C-Via
Server-Id
X-Webkit-CSP-Report-Only
X-Beluga-Trace
Rip
X-Beluga-Cache-Status
X-UnsetCookies
X-Vcl-Version
X-Beluga-Status
X-LI-UUID
User-Agent
X-Gateway-Cache-Key
WZWS-RAY
X-Ha-Backend
X-ND-Cache
Srvid
Proxy-Connection
X-Gateway-Cache-Status
OT-Force-Account-Verify
Tube-Got-Eval
Tube-Got-Results
Click-Count-Action-Start
Tube-Get-Contents
X-Gateway-Skip-Cache
Tube-Return
Click-Count-Error
X-Gateway-Request-Id
X-Service
X-M-Reqid
X-CLOUD-TRACE-CONTEXT
X-Time-Microsecs
Resin-Trace
Esi-Enabled
HIT
X-URL
X-Via-PopN
X-ServedByHost
X-Qnm-Cache
X-Alfa-Service
X-Via-PopV
X-DynaTrace-JS-Agent
X-CUA
X-Via-PopH
X-RAMCache
X-M-Log
X-Geo
X-Check-Cacheable
Tcn
X-Fragments
On-Server
GeoIP-Country-Code
Uri
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
Cf-Device-Type
GeoIP-Latitude
Target-Params
Tracecode
Sid
X-Akamai-Pragma-Client-IP
MIME-Version
X-Proxy-Cache-Hk
Epwk-X-Cache
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Azure-Ref-OriginShield
X-Var-Ttl
Lfy
X-Fastly-Backend
X-FC-Vary-Parameters
X-Sucuri-Cache
X-ATG-Version
Srv
X-LI-Proto
X-Fetch-By
X-Sucuri-ID
X-Cdn-Forward
Fastly-Drupal-HTML
X-TRACE-ID
X-APP
ENV
X-Fastly-Backend-Reqs
X-Backend-Host
X-LiteSpeed-Cache-Control
Cdn
X-Esi
X-ID
X-Li-Proto
X-Lb-Nocache
X-NU-AKA-ACS-Version
X-Cache-Expires
X-B3-Traceid-Primal
X-Backend-State
XServer
X-App
WebServer
X-Varnish-Beresp-Status
ServerName
Magicmarker
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-Edge-POP
X-HostName
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-MG-S
PICS-Label
CF-Cached-On
Inserted-Into-Cache-At
X-ElasticPress-Query
X-Newrelic-App-Data
X-Yottaa-OS
X-Acquia-Application-UUID
X-Request-Start
D-Url-Rewrites
X-Acquia-Purge-Tags
X-Edge-Origin-Shield-Bytes
X-Vcache
X-Iplb-Request-Id
Wpo-Cache-Message
Wpo-Cache-Status
Cf-Ipcountry
X-Iplb-Instance
M-TraceId
X-Edge-Origin-Shield-Region
X-Acquia-Application-Trace
X-Nc
X-Cache-CFC
X-Serial
X-Acquia-Site
Server-Ttl
X-CF-Powered-By
Warning
Servedby
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Vercel-Cache
Vha6-Origin
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Id
X-Wp-Cf-Super-Cache
Content-Style-Type
X-IN-APIGATEWAY
X-B3-Parentspanid
X-Dist-Code
X-BBC-Origin-Response-Status
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
X-Snapshot-Date
Ngx
Cneonction
X-Request-Url
X-Release
X-Thanos
Content-Script-Type
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
X-Dw-Trace-Id
X-Bip
X-Swift-Error
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Tag
CountryCode
X-Request-URL