Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
CF-RAY
Pragma
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
Alt-Svc
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
P3p
X-Drupal-Cache
X-DNS-Prefetch-Control
CF-Ray
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Iinfo
X-FRAME-OPTIONS
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-Akamai-Path-Stats
X-XSS-PROTECTION
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
X-Dns-Prefetch-Control
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-UA-Device
X-Amz-Id-2
Host-Header
X-Proxy-Cache
X-Hacker
X-Rq
X-Server-Powered-By
Grace
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Allow
EagleEye-TraceId
X-Ua-Compatible
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
CONTENT-SECURITY-POLICY
X-Device
X-WebKit-CSP
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
Cf-Edge-Cache
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-CST
X-Backend-Server
X-Readtime
X-Akam-SW-Version
X-Cache-Lookup
Accept-CH
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
Rating
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
Accept-Ch
X-Trace
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Country
X-Url
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-PC
X-Vname
X-TtlSet
X-Amz-Server-Side-Encryption
X-Varnish-TTL
RTSS
X-VARITI-CCR
Edge-Control
X-FastCGI-Cache
X-ESI
X-Server-Name
X-Edge
X-B3-TraceId
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Px
X-Use-Magma
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-D2id
X-Cnection
X-ASPNET-VERSION
X-Ser
X-Content-Security-Policy-Report-Only
X-Navigation-Version
X-Powered-By-Plesk
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Abt-Application-Version
X-Ac
Verso
X-Client-IP
X-Element-Page-Cache
X-Version
X-RateLimit-Remaining
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Ttl
Response
X-Cached
X-Litespeed-Cache
X-Middleton-Response
X-Goog-Hash
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
X-Kinsta-Cache
SPRequestGuid
X-SharePointHealthScore
X-Edge-Location-Klb
X-Server-Lifecycle-Phase
X-Powered-CMS
X-Kraken-Loop-Name
AR-Request-ID
X-Instrumentation
AR-SID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-WebKit-CSP-Report-Only
X-Upstream
X-TTL
X-LLID
Edge-Cache-Tag
X-Forwarded-For
X-NWS-LOG-UUID
X-Correlation-Id
X-ECACHE
Content-MD5
X-Cache-Key
Nginx-Cache
X-Id
X-RateLimit-Limit
X-Shield-Request-Id
TCN
X-MSEdge-Ref
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Recruiting
S
Mrf-Cache-Status
MRF-Tech
X-T
X-Daa-Tunnel
X-DataDome
X-Content-Digest
X-B3-TraceId-Primal
X-Mg-S
X-Ruxit-Js-Agent
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Mcache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TP-Cache
TP-L2-Cache
X-Grace
X-Accel-Expires
X-Ua-Device
X-DynaTrace
X-Frontend
X-HS-Hub-Id
X-Protected-By
Front-End-Https
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Filters
Server-Node
X-Yandex-Sdch-Disable
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Request-Received
X-Ezoic-Cdn
X-Ab
X-Content
X-Webkit-CSP
X-Ua-Browser
X-Distributor
X-Origin-Server
X-PressLabs-Stats
X-Hits
X-ORACLE-DMS-ECID
X-Server-ID
X-ORACLE-DMS-RID
Fastcgi-Cache
X-LB-Cache
MS-Author-Via
X-Geo-Country
X-Microsite
X-Request-Handler-Origin-Region
Charset
X-Cache-Age
X-Amzn-Trace-Id
Host
X-Mid
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Status
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-B3-Sampled
Cleartype
X-Git-Hash
X-Page-Id
X-F-Cache
Realpath
X-Seen-By
X-Debug-Info
X-Webkit-Csp
X-Fastly-Request-Id
X-Az
X-Activity-Id
X-AppVersion
Permissions-Policy
Access-Control-Allow-Method
X-Nginx-Upstream-Cache-Status
X-DIS-Request-ID
Accept-Charset
X-Www-Served-By
Filterid
X-Ratelimit-Reset
Cache-Tags
ServerID
X-FB-Debug
X-Content-Options
X-Varnish-Age
X-Rid
X-Cluster-Name
X-Midtier
Retry-After
X-Aspnetmvc-Version
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Type
Server-Name
X-Varnish-Backend
X-App-Environment
X-Varnish-Grace
X-User-Agent
Country
X-Tb
X-B
X-Request-Guid
X-Aspnet-Duration-Ms
X-Amz-Meta-S3cmd-Attrs
X-Flags
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
X-Whom
X-TT
X-Wix-Request-Id
X-Language
X-Signature
X-Drupal-Cache-Tags
X-B-Cache
Viewport
X-VCache
X-Origin-Cache
Paypal-Debug-Id
DC
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
Fastcgi-Useragent
X-Goog-Stored-Content-Length
Node
X-Goog-Stored-Content-Encoding
X-Debug
X-GUploader-UploadID
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-NWS-UUID-VERIFY
X-Oracle-Dms-Ecid
X-Load-Cache
X-Logged-In
X-Oracle-Dms-Rid
X-Amz-Replication-Status
Protected
Payment
Amp-Access-Control-Allow-Source-Origin
X-Cache-NGX
X-Mobile-URL
Surrogate-Key
X-N
X-Cache-Control
Count-Hit
Alternate-Protocol
WPO-Cache-Status
WPO-Cache-Message
X-NGENIX-Cache
X-Contextid
Healthy
X-Node-Name
X-Restarts
X-Mobile
X-XRDS-LOCATION
X-XRDS-Location
X-Via-JSL
X-Proxy
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Original-Request-Id
Content-Disposition
SD-X-WS
X-Response-Served-From
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Type
X-G
Refresh
X-Jobs
Url
X-Cache-Time
Uber-Trace-Id
X-Akamai-Request-ID2
X-Adobe-Content
X-Adobe-Loc
X-Revision
X-Page-View
X-UUID
X-Real-IP
X-Servername
X-MCACHE
Akamai-GRN
VIX-Pulpo-Node
X-Cache-TTL-Remaining
VIX-Pulpo-Upstream-Status
X-Http-Reason
X-Mg-Request-UUID
X-Rendered-As
X-Zen-Fury
X-Framework
X-Is-Bot
X-Debug-IsConnected
X-Device-Type
X-Cacheable-TTL
X-Debug-IsPreview
X-Varnish-Server
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Template
X-Cache-Grace
Access-Control-Request-Headers
X-Proxy-Cache-Status
X-Drupal-Cache-Contexts
Frame-Options
NGB
X-Instance
X-Hostname
X-L-Path
X-Environment-Context
X-IPLB-Instance
Version
Referer-Policy
X-HTML-Minification-Powered-By
X-Source
Countrycode
X-Ratelimit-Remaining
X-RTag
Ms-Operation-Id
MS-CV
X-EdgeConnect-Cache-Status
Accept-Language
X-Fastly-Request-ID
Liferay-Portal
X-ECache
X-B3-Traceid
X-NYM-Debug-Backend
X-App-Server
X-Cache-Rule
X-Oneagent-Js-Injection
X-Datadome
X-Cache-Hit
X-Cache-Expired-At
Cross-Origin-Window-Policy
X-Hosted-By
X-Trace-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Nginx-Cache
X-Tumblr-Pixel-1
X-Tumblr-User
Backend
From-Origin
X-Unique-Id
X-IPS-LoggedIn
X-Vgn-Hpd-Reason
X-RemovedCookies
X-ProcessESI
X-App-Version
X-Status
X-RN-RSRV
Section-Io-Cache
X-FW-Version
WP-Super-Cache
Load-Balancing
Meta-Geo
X-UPSTREAM-Address
X-OCL
X-AWS-Id
X-FB-TRIP-ID
X-Cache-Server
X-PCL
X-LJ-Flow-ID
X-VWS-Id
X-Content-Powered-By
X-COUNTRY
Content-Secure-Policy
X-No-Session
S-Rt
Mn-Server-Ip
X-Cache-Enabled
CF-IPCountry
X-AOL-HN
X-Content-Age
Apigw-Requestid
X-Akamai-Edgescape
Upgrade-Insecure-Requests
X-Region
X-Via-Fastly
X-Origin-Date
X-Sql-Duration-Ms
X-PHP-Backend
X-Redis-Cache
X-UA-Device-Type
X-PHP-Host
X-Mode
X-Sql-Count
X-Request-Time
X-Labrador-Cache-Channel
X-Adobe-Source
X-Access
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Uri
X-Varnish-Cache-Hits
TWC-Device-Class
X-VC-Cache
Webcakes-App-Name
X-PERF
Locale
X-ProxyCache-Status
X-Human
X-ProxyCache-Key
X-Storage
X-Platform-Server
TWC-GeoIP-LatLong
Eomportal-Instance
X-Say-Cacheable
X-Server-W
X-Be
Webcakes-App-Version
X-SayCDN-TTL
X-Section
Webcakes-Region
X-Cache-Tags
TWC-Privacy
X-Say-TTL
X-Debug-Cache
X-Cms-Context
X-Cluster-Node
TWC-Connection-Speed
X-Format
X-BYPASS-REASON
X-Origin-Hint
TWC-Locale-Group
TWC-GeoIP-Country
X-Xfnlog-Site
Property-Id
X-Site-Version
X-Nginx-Cache-Key
X-Forwarded-Host
X-ApacheServer
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Ratelimit-Limit
X-GeoCode
Azure-RegionName
X-GeoCountry
X-GG-Cache-Date
Azure-SlotName
X-Cache-Host
Azure-InstanceId
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Cache-Type
X-Detected-As
X-Extlb
X-JoinUs
X-Hl-Ver
Azure-SiteName
X-Zipkin-Id
X-Tid
X-Web-Node
Azure-Version
X-Varnishpool
X-Proxied
X-ServerID
X-NewRelic-App-Data
X-SaId
X-Locale
X-Routing-Service
X-Generation-Time
X-Generated-By
X-Handled-By
X-Backend-Name
X-Ua
X-Proto
Fastly-SSL
Webserver
X-Timing-Wait
X-Proxy-Build
Selected-Fe
X-CDN-Forward
CDN-RequestId
CDN-Cache
CDN-Uid
X-Dc
CDN-RequestCountryCode
X-APP-VERSION
CDN-CachedAt
CDN-PullZone
ServedBy
CDN-EdgeStorageId
Fastly-Drupal-Html
Web-Mar-Node
X-IPLB-Request-ID
Ec-Rule-Version
Cache-Tv-Group
X-LSADC-Cache
Onion-Location
X-Magnolia-Registration
X-GEO
X-Varnish-Hostname
X-Tt-Logid
X-Cache-Action
Cache-Hits
X-Cached-By
SID
X-Envoy-Decorator-Operation
X-Cache-Operation
LB
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Xrds-Location
X-Cluster
X-Cache-Remote
X-Hyper-Cache
X-Varnish-Hits
Mime-Version
SRV
X-Rewrite-Enabled
X-Origin-CC
X-Soup
Xet-Cookie
X-Origin-TTL
X-Rule
DB-Nickname
X-Cdn
X-Fastcgi-Cache
Cache
Server-Info
Source
Xserver
X-SRV
X-Microcachable
X-Parallel-Accel
X-CSRF-Token
X-Accel-Buffering
X-Reqid
X-Time
X-Pubstack
Country-Code
X-Via-NSCOPI
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Buckets
X-Skip-Cache
Decoy-Debug-Key
Decoy-Debug-TTL
X-Correlation-ID
X-B3-SpanId
X-Cache-Status-Check
Decoy-Debug-Status
X-TA-CDN-Provider
X-Endurance-Cache-Level
X-Request-Host
X-Origin-Response-Time
X-Newrelic-Synthetics
X-Processor
X-PAYTM-SRV-ID
X-BCube-Filmed-By
X-Tumblr-Pixel-3
Rendered-Blocks
X-PBS-Appsvrname
X-Orig-Expires
DynaTrace
Pramga
X-External-Request-Id
Lang
Cmsid
Cmstype
X-Ec-Fail
X-Ec-GeoHdr
Cdncip
Cdnsip
DCR-Decision-By
DCR-Processing-Time-Ms
X-Conf
X-Connection-Hash
X-D
Fastcgi-X-Cache-Version
Expiry
X-Developer
X-Destination
X-Epic-Correlation-Id
Candidate-Md5Url
X-Hash
X-CF-Lambda-Fn
X-Azure-Ref
NM-Fastcgi-Cache
X-Ig-Push-State
X-Cache-NE
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
X-B-Cookie
BehaviorPad-Version
Cache-Key
X-CF-Lambda-Version
X-Forwarded-Path
A
MD5-Digest
X-NAPM-TraceId
X-Session-Fingerprint
X-A-Wwc
X-Tx-Id
X-TIM-N
X-TrackingId
X-User
X-SRCache-Key
X-SplitTest
Datacenter
X-Shop-Environment
X-Aed
T-Server
X-A-Dgt
X-Vdms-Path
X-A-Ccd
Xc-Version
XM
X-A
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Vdms-Version
X-A-Dcw
X-VG-WebCache
X-A-Dam
Host-ID
X-Tenant
X-S
X-SD-PageType
X-Amzn-RequestId
X-ScT
X-Amz-Apigw-Id
X-S-Cookie
X-Rojux
X-ARC
Surrogated-Key
X-Application
Sslversion
X-AK-Request-ID
X-Varnish-Beresp-Grace
X-TT-LOGID
X-Wix-Viewer-Type
X-Bc-Bl
X-Worker
X-DPWN-IS-SECURE
X-Device-Os
X-Ckpd-Fst-Backend
X-Sigma
X-Rocket-Build-Number
X-Ms-Version
X-Cache-Id
Producers
X-Esi-Check
State
X-Sigma-Backend
X-NodeID
Server-Host
Wxu-Next-Commit
Wxu-Next-Hostname
We-Hiring
Is-Eu
X-Core-Mission
X-Core-Value
Kp-EeAlive
X-DefElseHash
Environment
Redirect-Candidate
Wxu-Next-Region
X-DefHash
HostName
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Cdn-Srv
X-SVT-ORM-VERSION
X-Gzip
X-GeoIP
X-Ad-Defer-Variation
X-Fetched-On
X-Scheme
X-HS-Content-Campaign-Id
X-CacheTTL
X-Origin
X-Origin-Expires
X-Irp-Debug
X-SVT-ORM-RULES
X-TNCMS
X-SB
Platform
Memcached
X-Geo-Header
Adler-Geo
X-Variation
Mail-Subject
X-Varnish-CookieHashed-On
X-Ms-Request-Id
X-V-Cache
X-Loop
X-AIR-PT
X-Cache-Bucket
X-Cache-Date
X-Cache-Info
X-CGP
X-Branch-Name
X-Cdn-Origin
X-Clara-WADP
X-Block-Status
X-BBC-Edge-Cache-Status
X-Rebelmouse-Cache-Control
VNS-Cache
X-RCS-CacheZone
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Rocket-Nginx-Serving-Static
X-Request-URI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Platform
X-Planisys-CDN-TTL
X-Policy
X-Pool
X-Qloud-Router
X-Served-From
X-SIPLIST1
X-Amzn-Remapped-Content-Length
Fastly-Backend-Name
X-Gdpr
X-Nyt-Route
X-Origin-Time
X-WADP-Cache
X-VServer
X-Sn-Servicetimems
X-Slack-Backend
X-Thinkindot-L3
X-VarnishDD-TTL
X-VG-TLSProxy
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Fmm-Version
X-Fastly-Cache
X-Forwarded-Site
X-Gamma-Serve
X-Gen-Mode
X-Eu-Site
X-Ec-Custom-Error
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Developers
X-Dispatcher-Number
X-Generated-On
X-GeoIP-City
X-Minions-Version
X-Loc
X-Mvc-Supplant-Cachable
X-NCache
X-Node-Id
X-Level-Front-Cache
X-LAGOON
X-HN
X-Has-Esi
X-Hnp-Log
X-Is-Gdpr
X-JWT-State
X-Csrf-Jwt
X-Aicache-OS
L5d-Success-Class
Machine
L
IsBot
HA-Ipaddr
N-Cache
NGX
PFcat
CPC-Age
Origin-CC
Origin
Ha-Gx-Prefs
Fastly-SWR
Apple-News-Services-Request-Url
CDCHOST
CPC-Cache
CloudFront-Viewer-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Fastly-SIE
AKAMAI
Fastly-GeoIP-CountryCode
Apple-News-Services-Handled
Release
Origin-EX
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
Ssr
Thinkindot-Control
Traceparent
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
VNS-Age
Sever-Int
Svr
Server-Ext
Req-Svc-Chain
Server-Hostname
X-ZONE
X-Owner
X-VC
Cluster
X-Auto-Login
Gh-Request-Id
Web-Mar-Region
Cache-Name
X-Ftr-Request-Id
X-Varnish-Ttl
X-Pod-Name
X-Proxy-Upstream
X-R9-Blue-Green-Version
X-WA-Info
X-Optimistic-Header
X-Viewer-Country
X-Proxy-Cache-Info
X-Micro-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Scale
X-Via-Ucdn
DSUID
Fastcgi-Cache-TTL
X-CS
X-WP-CF-Super-Cache-Cache-Control
Pics-Label
Ohc-File-Size
X-Cache-Backend
X-WP-CF-Super-Cache
X-EC-Lua
Cache-Host
X-Refresh
Ngx.Var.Host
GEO-INFO
X-RateLimit-Reset
X-URL
X-Server-IP
XkeyRZ
X-LB-NoCache
X-Httpd
X-Proxy-CacheRZ
CDN
Servername
X-CACHE-KEY
X-Srv
X-NC
X-Parent-Response-Time
Path
X-Ah-Environment
X-Mvc-Supplant-OutputCached
X-Udemy-Cache-App-Namespace
X-Servedbyhost
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
Time
X-Webstats-RespID
Env
X-From
X-Via-Popn
X-Clientip
X-Generated-In
X-Cache-ASPX
X-Via-Poph
X-Via-Popv
Memory
X-Edge-Pop
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Location
X-API-Version
Lb
X-TIME
X-S-Maxage
X-TraceId
Locid
X-Amz-Meta-Cb-Modifiedtime
Ohc-Cache-HIT
X-Dmc
ITXSESSIONID
X-Varnish-Beresp-TTL
X-Trace-ID
X-TRACE-ID
X-Akamai-Transformed
Arc-Country
X-Men
X-Response-By
X-Presslabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-Old-Content-Length
X-DynaTrace-JS-Agent
Server-ID
GeoIp-Country-Code
X-DB
X-HA-Backend
X-Render-Time
X-RSL
X-Date
X-Fpc
X-MSEdge-Features
X-VCL-Version
X-RPS
X-Accel-Expires-Debug
X-DW
X-DSS
X-Vc
X-RPM
True-Client-IP
X-MSEdge-Flight
X-DI
Client
X-VHOST
X-Cs
X-Tec-Api-Root
Geoip-Latitude
X-Service
X-DC
Rip
X-Tec-Api-Origin
X-Tec-Api-Version
X-INCAP-ABP
X-Gateway-Request-Id
X-Gateway-Skip-Cache
C-Via
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Zone
X-GeoIP-Country-Code
Tube-Return
X-FireWall-Port
Hostname
Tube-Got-Results
Click-Count-Error
X-GeoIP-Region-Code
Tube-Get-Contents
Click-Count-Action-Start
Tube-Got-Eval
X-M-Reqid
FSS-Cache
NtCoent-Length
Esi-Enabled
X-M-Log
On-Server
X-TX-ID
X-Qnm-Cache
X-Cache-Debug
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Powered-By
X-Api-Version
Srv
X-Webkit-Csp-Report-Only
HIT
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
X-B3-Spanid
X-PX
CacheControlHeader
Cdn
OT-Force-Account-Verify
True-Client-Country-4JS
X-HS-Status
Test
X-Proxy-Cache-Hk
X-Action
Tcn
X-TH-Server
X-Alfa-Service
X-NGINX-Cache
X-Backend-TTL
GeoIP-Latitude
GeoIP-Country-Code
X-FPC
X-Vcl-Version
X-CSRF-TOKEN
X-Cdn-Request-ID
X-Varnish-Beresp-Ttl
DT-Hot-News
X-Traceid
X-Beluga-Record
X-Beluga-Node
X-Beluga-Cache-Status
User-Agent
X-Check-Cacheable
X-Beluga-Response-Time
X-Beluga-Status
Edge-Cache
X-Beluga-Trace
Server-Id
Geo-Info
X-Akamai-Pragma-Client-IP
X-Pass-Why
X-Req
X-App
X-Origin-Upstream-Status
MIME-Version
Proxy-Connection
Server-Ttl
X-Via-PopN
Uri
X-Ha-Backend
X-Via-PopH
My-App
Srvid
X-Via-PopV
Resin-Trace
X-CLOUD-TRACE-CONTEXT
Sid
M-TraceId
X-Bip
X-Thanos
X-APP
Cf-Int-Pingora-Origin-Digest
True-Client-Ip
X-CCDN-Origin-Time
X-Up
X-Request-Start
X-CCDN-CacheTTL
Epwk-X-Cache
X-Hcs-Proxy-Type
X-ServedByHost
ENV
WebServer
X-Cdn-Forward
X-Edge-POP
X-Fastly-Backend-Reqs
X-LB-ID
X-Backend-Host
Warning
X-Esi
X-Provided-By
X-B3-Traceid-Primal
X-LI-Proto
X-Li-Fabric
X-Geo
X-Lb-Nocache
X-Li-Pop
ServerName
Magicmarker
X-Nc
XServer
X-LI-UUID
X-HostName
X-ElasticPress-Query
X-Vercel-Cache
X-Vercel-Id
PICS-Label
X-Akamai-Request-ID
Inserted-Into-Cache-At
X-CMSURLCustom
Canary
X-Varnish-Beresp-Status
X-Webkit-CSP-Report-Only
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Fetch-By
X-RAMCache
Section-Io-Origin-Status
Section-Io-Id
X-Newrelic-App-Data
CF-Cached-On
X-HITS
X-Serial
X-UnsetCookies
X-CF-Powered-By
X-Dw-Trace-Id
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
D-Url-Rewrites
X-IN-APIGATEWAYSSL
X-Time-Microsecs
WZWS-RAY
X-Request-Url
Dt-Hot-News
X-Cc-Via
X-ND-Cache
X-IN-APIGATEWAY
X-Iplb-Request-Id
X-Vcache
X-Iplb-Instance
X-Yottaa-OS
Cdn-Requestcountrycode
Cdn-Pullzone
Cdn-Edgestorageid
Cdn-Requestid
Cdn-Uid
Cdn-Cachedat
X-UA
X-Air-Pt
Cdn-Cache
Servedby
Wp-Super-Cache
X-LiteSpeed-Tag
X-MiniProfiler-Ids
X-Azure-Ref-OriginShield
Cf-Device-Type
X-CUA
Hit
DataCenter
X-Dist-Code
X-Snapshot-Date
X-Wp-Cf-Super-Cache-Cache-Control
X-Request-URL
Content-Style-Type
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
Content-Script-Type
CountryCode
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
Fastcgi-Cache-Ttl
X-BBC-Origin-Response-Status
X-Release
Vha6-Origin