Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-Request-ID
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-PC
X-Vname
X-TtlSet
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Server-Name
X-FastCGI-Cache
Fastly-Restarts
Cache-Tag
X-Aws-Lambda-Call-Status
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-Px
RTSS
X-Navigation-Version
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-Country-Code
X-Powered-By-Plesk
X-Cdn-Fetch
X-Goog-Hash
X-Exp-Variant
X-Kinja
X-Use-Magma
X-NF-Request-ID
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Origin-Cache
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Powered-CMS
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Version
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
Accept-Ch
X-LLID
X-MSEdge-Ref
X-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
TCN
X-Protected-By
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-T
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-Aspnetmvc-Version
X-Id
X-Mg-S
Content-MD5
S
X-RateLimit-Remaining
Edge-Cache-Tag
Fastcgi-Cache
X-Language
SPIisLatency
SPRequestDuration
X-Mid
Front-End-Https
Realpath
X-CST
X-Recruiting
Filters
X-Request-Processing-Time
Pinterest-Generated-By
X-Request-Received
X-Pinterest-Rid
Pinterest-Version
Server-Node
X-DynaTrace
X-MCACHE
X-Frontend
Server-Name
X-Ua-Browser
X-Content
X-Ab
X-Correlation-Id
X-Ttl
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Ser
X-NWS-LOG-UUID
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-ECACHE
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Template
X-Cache-Key
X-Hits
X-Parallel-Accel
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Alternate-Protocol
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Kong-Proxy-Latency
X-Server-ID
X-Kong-Upstream-Latency
X-Content-Options
MicrosoftSharePointTeamServices
X-Page-Id
X-Ruxit-Js-Agent
Cache-Tags
Charset
X-B3-Sampled
Host
Cleartype
X-Www-Served-By
X-Git-Hash
X-Ratelimit-Limit
X-Geo-Country
X-Debug-Info
X-Daa-Tunnel
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Amz-Replication-Status
X-Hostname
X-Content-Digest
X-Fastly-Request-Id
X-Varnish-Age
Filterid
X-Az
X-AppVersion
X-Activity-Id
X-FB-Debug
X-VCache
X-Accel-Expires
Cross-Origin-Opener-Policy
X-Upgrade-Enabled
X-Forwarded-Proto
X-Grace
X-Nginx-Upstream-Cache-Status
X-N
X-Rid
X-Origin-Server
TP-L2-Cache
TP-Cache
Access-Control-Allow-Method
ServerID
X-F-Cache
X-Mobile-URL
X-Request-Guid
X-Route-Name
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-LB-Cache
X-TT
X-Whom
X-Seen-By
X-Varnish-Grace
X-App-Environment
X-Type
X-Tb
Viewport
X-WebKit-CSP-Report-Only
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Distributor
Node
X-FW-Type
X-FW-Static
X-XRDS-LOCATION
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
Payment
X-User-Agent
X-App-Server
DC
Paypal-Debug-Id
Fastcgi-Useragent
Accept-Charset
X-DataDome
X-Wix-Request-Id
Country
X-NGENIX-Cache
X-Cache-Control
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Cache-Rule
X-Fastly-Request-ID
Version
X-Logged-In
X-Via-JSL
X-Webkit-CSP
X-Drupal-Cache-Tags
X-Microsite
X-Request-Handler-Origin-Region
Referer-Policy
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Ratelimit-Reset
X-Cluster-Name
Amp-Access-Control-Allow-Source-Origin
X-Cache-Age
X-B-Cache
X-Signature
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Buckets
Cache-Status
X-Varnish-Backend
X-Contextid
X-Load-Cache
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
SD-X-WS
Refresh
X-Original-Request-Id
X-Response-Served-From
X-Cache-Expired-At
X-Node-Name
X-Vgn-Hpd-Reason
X-Page-View
X-Rendered-As
X-Is-Bot
X-B
X-Real-IP
NGB
Access-Control-Request-Headers
X-Proxy-Cache-Status
X-Debug
X-Jobs
X-Fastcgi-Cache
X-IPLB-Instance
X-Yottaa-Optimizations
X-Instance
X-UUID
X-Mobile
X-Revision
X-Yottaa-Metrics
X-Device-Type
X-Cacheable-TTL
X-Rule
X-Tec-Api-Version
X-Drupal-Cache-Contexts
Surrogate-Key
Akamai-GRN
X-Cache-Action
X-Tec-Api-Origin
X-Tec-Api-Root
X-Debug-IsPreview
X-Cache-Time
X-Debug-IsConnected
X-ProcessESI
X-RemovedCookies
X-Proxy
X-Air-Hostname
X-FW-Version
X-G
X-Framework
X-Air-Trace-Id
X-Air-Source
CF-IPCountry
Nel
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
SID
DynaTrace
GEO-INFO
X-Azure-Ref
X-PressLabs-Stats
X-Ratelimit-Remaining
Liferay-Portal
X-Accel-Buffering
X-Oneagent-Js-Injection
X-Nginx-Cache
X-Source
X-Ms-Request-Id
X-Ms-Version
X-Presslabs-Stats
Count-Hit
Uber-Trace-Id
X-XRDS-Location
X-Cache-Operation
Frame-Options
Healthy
X-CDN-Forward
Ms-Operation-Id
X-RTag
X-Cache-NGX
MS-CV
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-Zen-Fury
X-Cache-Hit
Countrycode
Xserver
X-Tumblr-Pixel-1
X-L-Path
X-Environment-Context
X-Backend-Name
X-Tumblr-User
X-Mode
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Varnish-Server
Cross-Origin-Window-Policy
Ec-Rule-Version
Protected
X-IPS-LoggedIn
X-Cache-TTL-Remaining
X-Region
X-Forwarded-Host
X-Servername
X-SaId
X-Detected-As
X-JoinUs
Backend
X-Tid
Meta-Geo
X-RN-RSRV
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Cache-Grace
X-Alternate-Cache-Key
Apigw-Requestid
X-Extlb
Decoy-Debug-Key
Country-Code
X-Generation-Time
X-Hosted-By
X-Debug-Cache
Decoy-Debug-Status
X-Adobe-Loc
Eomportal-Instance
Decoy-Debug-TTL
X-Content-Age
X-Adobe-Content
WPO-Cache-Message
X-Sql-Count
X-Sql-Duration-Ms
X-Zipkin-Id
X-Sorting-Hat-ShopId
X-Routing-Service
X-Sorting-Hat-PodId
X-Uri
X-Proxied
X-Shopify-Stage
X-ShardId
X-Content-Powered-By
X-ShopId
WPO-Cache-Status
X-Redis-Cache
Fastly-SSL
Mn-Server-Ip
X-ServerID
X-PHP-Backend
X-Hyper-Cache
Url
X-Cache-Server
X-Origin-Date
X-Status
X-Format
X-FB-TRIP-ID
Section-Io-Cache
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Cache-Tv-Group
X-Varnish-Beresp-Grace
TWC-Locale-Group
TWC-Connection-Speed
TWC-Privacy
Property-Id
X-OCL
X-Server-W
X-Access
X-Site-Version
Selected-Fe
TWC-Device-Class
X-Timing-Wait
X-Proxy-Build
X-ProxyCache-Key
X-ProxyCache-Status
X-Storage
X-Human
X-PERF
X-No-Session
X-NYM-Debug-Backend
X-PCL
X-Origin-Hint
X-Cluster-Node
X-Cache-Type
X-UA-Device-Type
X-Akamai-Edgescape
Webcakes-Region
X-Section
X-NCache
X-ApacheServer
X-Cache-Host
X-BYPASS-REASON
Cache-Name
Webcakes-App-Name
Webcakes-App-Version
X-NewRelic-App-Data
CDN-EdgeStorageId
CDN-CachedAt
X-Pubstack
CDN-RequestCountryCode
CDN-RequestId
CDN-Cache
X-SayCDN-TTL
X-Microcachable
X-Hl-Ver
LB
X-Say-Cacheable
X-Web-Node
X-Say-TTL
CDN-Uid
CDN-PullZone
Content-Disposition
X-Varnishpool
Azure-SlotName
Azure-SiteName
Azure-RegionName
Content-Secure-Policy
X-Azure-Ref-OriginShield
Azure-Version
X-Via-Fastly
X-Be
DB-Nickname
X-R9-Blue-Green-Version
Azure-InstanceId
X-Webkit-Csp
X-Soup
X-Generated-By
X-Ua
X-TIME
X-LSADC-Cache
OT-Force-Account-Verify
X-RateLimit-Limit
X-Cached-By
X-Trace-Id
SRV
X-Nginx-Cache-Key
X-SRV
X-Bc-Bl
X-TT-LOGID
Source
Cache
Retry-After
X-Unique-Id
X-LAGOON
X-Dc
X-Auto-Login
X-GEO
X-Platform-Server
X-Cache-Remote
X-Xfnlog-Site
X-Varnish-Hits
Xet-Cookie
X-Cdn
Mime-Version
X-Varnish-Hostname
X-Origin-TTL
X-Origin-CC
HostName
X-Loop
X-App-Version
X-HTML-Minification-Powered-By
X-TNCMS
Cache-Hits
Onion-Location
X-Akamai-Transformed
X-S-Maxage
X-Cache-Tags
X-CSRF-Token
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Cache-Hits
Web-Mar-Node
ServedBy
X-Tumblr-Pixel-3
X-Request-Time
X-Tumblr-Pixel-2
Upgrade-Insecure-Requests
X-Time
X-AOL-HN
X-EC-Lua
X-Proto
Webserver
WP-Super-Cache
N-Cache
X-Request-Host
X-ECache
X-Tenant
From-Origin
X-Endurance-Cache-Level
X-FireWall-Port
X-Cache-Var-Map
X-AWS-Id
X-VWS-Id
X-Cache-Var
X-LJ-Flow-ID
X-Correlation-ID
X-Xrds-Location
X-Time-Microsecs
X-Cache-Enabled
X-B3-SpanId
X-GG-Cache-Date
X-Origin-Response-Time
X-Edge-Location
X-NWS-UUID-VERIFY
X-Orig-Expires
X-Handled-By
X-Ig-Push-State
X-Hnp-Log
X-ND-Cache
X-NAPM-TraceId
Fastcgi-X-Cache-Version
X-Application
X-Aicache-OS
Sslversion
X-Aed
X-ARC
Rendered-Blocks
X-Block-Status
Redirect-Candidate
X-B-Cookie
Surrogated-Key
X-A-Wwc
User-Cache-Control
V-Age
Vix-Hermes-Req-Id
X-A
X-A-Ccd
X-A-Dgt
X-A-Dcw
X-A-Dam
Odigeo-Trace-Id
X-Cache-NE
DCR-Decision-By
DCR-Processing-Time-Ms
X-Developer
X-Destination
X-External-Request-Id
BehaviorPad-Version
X-Ftr-Request-Id
A
X-Forwarded-Path
Expiry
X-D
X-CF-Lambda-Fn
Meta-Geo-Continent
Mobile-Detection-Method
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Connection-Hash
X-Conf
X-Cluster
X-Gen-Mode
X-Planisys-CDN-Rules
X-Vdms-Path
X-V-Cache
X-Rojux
X-Vdms-Version
X-SRCache-Key
X-Vtex-Processado-Em
X-Via-NSCOPI
X-TIM-N
X-S
X-Session-Fingerprint
X-Shop-Environment
X-Slack-Backend
X-SD-PageType
X-ScT
X-Mg-Request-UUID
X-S-Cookie
X-Vtex-Remote-Cache
X-VG-WebCache
X-PAYTM-SRV-ID
X-Planisys-CDN-TTL
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Processor
Xc-Version
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-Amz-Apigw-Id
X-PHP-Host
X-MP-GENERATED-AT
X-Sucuri-ID
X-SVT-ORM-RULES
DSUID
Fastcgi-Cache-TTL
X-Origin-Expires
CDCHOST
CacheControlHeader
Cmsid
Wxu-Next-Commit
X-SVT-ORM-VERSION
Wxu-Next-Hostname
X-Sucuri-Cache
Wxu-Next-Region
X-Viewer-Country
State
Origin
X-Cache-Date
Pramga
X-Cache-Bucket
X-Accel-Expires-Debug
X-Cdn-Srv
X-Webstats-RespID
Gh-Request-Id
True-Client-Country-4JS
X-Epic-Correlation-Id
X-Backend-TTL
X-Date
Cmstype
X-LI-UUID
X-Location
X-Men
X-Li-Pop
X-Li-Fabric
X-Request-URI
X-RCS-CacheZone
X-Proxy-Upstream
X-Mvc-Supplant-Cachable
X-Old-Content-Length
X-Origin-Time
X-Nyt-Route
X-NodeID
X-Policy
Fastly-Drupal-Html
X-Hash
X-Magnolia-Registration
X-Gdpr
X-Adobe-Source
X-Forwarded-Site
X-Fastly-Cache
X-Server-IP
X-Reqid
CloudFront-Viewer-Country
Environment
X-Platform
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Esi-Check
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Envoy-Decorator-Operation
X-Developers
X-Gamma-Serve
X-Gzip
X-Fetched-On
X-Device-Os
X-Eu-Site
X-Origin
X-VG-TLSProxy
X-GeoIP-City
Web-Mar-Region
X-Owner
We-Hiring
X-Storefront-Renderer-Rendered
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Sn-Servicetimems
X-Cache-Info
X-Backend-State
X-CGP
X-Datadog-Parent-Id
X-UnsetCookies
X-HN
X-Req
X-TrackingId
X-Geo-Header
X-TH-Server
X-Csrf-Jwt
X-Core-Value
X-Core-Mission
X-VarnishDD-TTL
X-Fastly-Backend
X-GeoIP
X-Datadog-Trace-Id
X-Branch-Name
X-VServer
X-Scheme
X-RateLimit-Remaining-Second
X-Cache-Debug
X-HS-Content-Campaign-Id
X-Datadog-Sampling-Priority
X-Irp-Debug
X-Cache-Id
X-RateLimit-Limit-Second
X-Cdn-Origin
Server-Host
Locid
X-M-Log
L5d-Success-Class
L
X-Qnm-Cache
Mail-Subject
Origin-CC
Origin-EX
PFcat
Release
Ssr
X-M-Reqid
HA-Ipaddr
AKAMAI
Ha-Gx-Prefs
Arc-Country
Server-Info
Svr
Host-ID
Traceparent
X-Node-Id
X-NU-AKA-ACS-Version
X-Tx-Id
Cf-Device-Type
S-Rt
X-FC-Vary-Parameters
X-JWT-State
X-Has-Esi
X-Pod-Name
Adler-Geo
X-Is-Gdpr
X-Level-Front-Cache
X-Generated-On
X-Locale
X-Rebelmouse-Cache-Control
Fastly-GeoIP-CountryCode
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
Req-Svc-Chain
X-BBC-Edge-Cache-Status
X-Sigma-Backend
X-Sigma
X-Rocket-Nginx-Serving-Static
X-Rocket-Build-Number
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-DPWN-IS-SECURE
X-VC-Cache
X-Request-Start
X-Response-By
X-Thinkindot-L3
X-Thanos
X-Skip-Cache
X-Served-From
X-Zone
X-Variation
Thinkindot-Control
TDXMobile
X-Amzn-Remapped-Content-Length
NM-Fastcgi-Cache
Is-Eu
Fastly-SWR
Fastly-SIE
X-ATG-Version
Thinkindot-CacheControl-Type
Platform
Thinkindot-CacheControl
Memcached
X-DefHash
X-Bip
X-DefElseHash
Machine
X-Ua-Device
X-Trace-ID
X-CLOUD-TRACE-CONTEXT
AMP-Access-Control-Allow-Source-Origin
X-Mvc-Supplant-OutputCached
X-Loc
X-CS
X-Qloud-Router
Magicmarker
X-Varnish-Beresp-Ttl
NGX
X-NC
X-Up
X-Http-Reason
X-Akamai-Request-ID2
X-API-Version
X-LB-ID
X-Restarts
X-Cache-Config
Pics-Label
Ms-Author-Via
X-CACHE-KEY
Kp-EeAlive
X-Generated-In
CDN
Datacenter
Edge-Cache
Env
X-Cache-Backend
X-Wix-Viewer-Type
X-LB-NoCache
Time
X-TraceId
Memory
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-DI
X-DSS
X-RPS
X-Via-Popv
X-RPM
X-DB
X-Varnish-Ttl
X-Refresh
Candidate-Md5Url
X-DC
X-RSL
X-Action
WebServer
X-DW
X-Optimistic-Header
X-Via-Popn
X-Via-Poph
Accept-Language
X-Datadome
X-Tt-Logid
X-CacheTTL
X-Minions-Version
X-Edge-Pop
X-DynaTrace-JS-Agent
WWW-Authenticate
X-HA-Backend
On-Server
GeoIp-Country-Code
X-Vc
X-Esi
X-Servedbyhost
Esi-Enabled
X-Srv
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Unique-ID
Server-ID
X-ZONE
X-MSEdge-Features
X-MSEdge-Flight
X-Newrelic-Synthetics
X-Webkit-Csp-Report-Only
X-Parent-Response-Time
X-Varnish-Beresp-TTL
X-Cs
X-Ec-GeoHdr
X-User
X-Ec-Fail
X-Service
C-Via
X-TA-CDN-Provider
X-TX-ID
X-Cache-PHP
X-VCL-Version
X-Cache-Ttl
X-Traceid
X-LI-Proto
X-App
X-Fpc
X-Dynatrace
X-URL
Cdncip
X-AK-Request-ID
X-Li-Proto
Test
Cdnsip
X-Cache-Status-Check
X-Render-Time
X-Pass-Why
X-WADP-Cache
X-FPC
X-Fmm-Version
My-App
X-LiteSpeed-Cache-Control
X-Clara-WADP
X-B3-Spanid
X-Webkit-CSP-Report-Only
Proxy-Connection
X-NODE
X-Var-Ttl
Resin-Trace
X-CUA
Geoip-Latitude
Tracecode
X-Vcl-Version
Cluster
X-Mcache
T-Server
X-From
Lfy
Server-Id
M-TraceId
Geo-Info
X-Fragments
Lang
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
X-Clientip
X-AIR-PT
X-Info
X-CSRF-TOKEN
X-Oss-Object-Type
X-VC
HIT
X-LiteSpeed-Tag
UCS
GeoIP-Country-Code
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Cache-Host
X-ID
X-Ha-Backend
DataCenter
Target-Params
Hostname
X-WP-CF-Super-Cache-Cache-Control
X-ServedByHost
X-WP-CF-Super-Cache
X-RAMCache
S-Cnection
Hit
X-Edge-POP
X-Pad
X-Dynatrace-Js-Agent
X-Geo
X-Via-PopH
X-Via-PopN
X-Cdn-Forward
Tcn
X-Via-PopV
Ohc-File-Size
MIME-Version
X-Proxy-Cache-Info
X-Api-Version
X-Httpd
X-NGINX-Cache
Permissions-Policy
X-Edge-Cache
X-Provided-By
X-Micro-Cache
User-Agent
ENV
Fastly-Backend-Name
Load-Balancing
Section-Origin-Responded
X-ElasticPress-Query
X-HS-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Check-Cacheable
X-Ucs
Servername
Producers
WZWS-RAY
X-Fastly-Backend-Reqs
X-Backend-Host
X-BBC-Origin-Response-Status
X-Release
X-ServerName
X-HostName
X-BCube-Filmed-By
X-Cache-CFC
FSS-Cache
X-GoCache-CacheStatus
X-Lb-Nocache
PICS-Label
ServerName
X-SB
X-UP
URI
Uri
X-APP
X-TRACE-ID
Server-Ttl
Ohc-Cache-HIT
X-Swift-Error
Cdn
EpKe-Alive
Cteonnt-Length
X-Lb-Id
X-Platform-Cluster
X-RateLimit-Reset
X-Cdn-Request-ID
Cneonction
X-Fastly-Cache-Hits
X-Nc
X-Platform-Router
X-Udemy-Cache-App-Namespace
X-Platform-Processor
X-Dw-Trace-Id
X-Acquia-Purge-Tags
X-Amz-Meta-Cb-Modifiedtime
X-Scale
CPC-Cache
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Ec-Custom-Error
X-Pool
X-WA-Info
CPC-Age
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-WA
Path
Cf-Ipcountry
VNS-Cache
X-Cache-ASPX
Shield-Pop
X-Apw-Access-Token
X-Apw-Access-Object
X-Contensis-Viewer-Groups
X-Apw-Hits
X-Yottaa-OS
CF-Cached-On
X-B3-ParentSpanId
Vha6-Origin
VNS-Age
X-Snapshot-Date
X-Newrelic-App-Data
X-Vcache
X-Apw-Access-Action
Cache-Key
X-Cache-Ngx
Sid
X-Air-Pt
Lb
X-CacheKey
X-ES-SERVER
X-Shopify-Generated-Cart-Token
X-UA
X-Cache-Expires
X-IN-APIGATEWAYSSL
X-SIPLIST1
X-IN-APIGATEWAY
X-Dispatcher-Number
IsBot
X-Akamai-Request-ID
GeoIP-Latitude
Req-ID
X-Last-Modified
X-Sentry-ID
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
X-Logging-Id
CountryCode
X-Te-Duration-Ms
Ngx
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Varnish-Authentication
X-Akamai-Pragma-Client-IP