Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Accept-Ranges
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
P3p
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Ua-Compatible
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Dns-Prefetch-Control
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-Akamai-Path-Stats
X-LiteSpeed-Cache
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Cf-Railgun
Allow
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
Accept-CH
X-CST
Surrogate-Control
X-Backend-Server
Request-Id
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
X-ASPNET-VERSION
Cf-Edge-Cache
Rating
X-Cloud-Trace-Context
X-Trace
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
X-MS-InvokeApp
X-Ruxit-JS-Agent
X-Rack-Cache
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-Content-Type
X-VARITI-CCR
X-Vcap-Request-Id
Cache-Tag
X-B3-TraceId
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Amz-Rid
X-Cnection
Public-Key-Pins
X-Ac
X-Dw-Request-Base-Id
X-Px
X-Amz-Server-Side-Encryption
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Cache-TTL
X-Client-IP
X-Powered-By-Plesk
X-FastCGI-Cache
Service-Worker-Allowed
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Ser
X-GitHub-Request-Id
X-Country-Code
Arr-Disable-Session-Affinity
X-Version
X-Edge
X-Ruxit-Js-Agent
X-Middleton-Response
Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
X-Correlation-Id
X-Ttl
X-Upstream
X-Kinsta-Cache
AR-ATIME
AR-CACHE
AR-Request-ID
AR-SID
AR-PoweredBy
X-Edge-Location-Klb
SPIisLatency
SPRequestDuration
X-Webkit-Csp
X-Cached
X-TTL
X-LLID
X-NWS-LOG-UUID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Nginx-Cache
X-Powered-CMS
Edge-Cache-Tag
X-RateLimit-Limit
TCN
X-Cache-Key
X-SharePointHealthScore
MS-Author-Via
SPRequestGuid
X-Litespeed-Cache
X-Forwarded-For
Mrf-Cache-Status
MRF-Tech
X-MSEdge-Ref
Content-MD5
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-B3-TraceId-Primal
X-T
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-Content-Digest
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Protected-By
X-Ua-Device
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
X-Frontend
X-HS-Hub-Id
X-Ezoic-Cdn
X-HS-Cache-Config
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-Ua-Browser
Server-Node
X-DataDome
X-Content
X-Ab
Front-End-Https
X-Request-Processing-Time
X-ORACLE-DMS-ECID
X-HS-Combine-CSS
X-Request-Received
X-ORACLE-DMS-RID
X-Accel-Expires
X-Grace
Filters
Fastcgi-Cache
X-Mid
X-Server-ID
X-ECACHE
X-Hits
X-Geo-Country
X-Origin-Server
TP-Cache
X-Ratelimit-Reset
X-Distributor
TP-L2-Cache
X-Debug-Info
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-PressLabs-Stats
X-Amzn-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Charset
Cleartype
X-DynaTrace
X-Page-Id
Host
X-DIS-Request-ID
X-Git-Hash
X-B3-Sampled
Cross-Origin-Opener-Policy
X-F-Cache
X-Www-Served-By
X-Forwarded-Proto
X-LB-Cache
Cache-Tags
X-Cache-Age
ServerID
Access-Control-Allow-Method
X-Seen-By
X-Request-Handler-Origin-Region
X-Microsite
X-Language
X-Kong-Upstream-Latency
X-AppVersion
X-Activity-Id
X-Az
X-Kong-Proxy-Latency
Server-Name
X-Cluster-Name
X-WebKit-CSP-Report-Only
Accept-Charset
Realpath
X-Varnish-Age
X-Aspnetmvc-Version
Cache-Status
Filterid
X-MCACHE
X-Rid
X-Type
X-Content-Options
X-App-Environment
X-Mobile-URL
X-FB-Debug
X-Varnish-Grace
Viewport
Node
X-Upgrade-Enabled
X-Nginx-Upstream-Cache-Status
Country
X-User-Agent
X-Wix-Request-Id
X-Origin-Cache
X-Is-Crawler
Paypal-Debug-Id
X-Drupal-Cache-Tags
X-Flags
X-Aspnet-Duration-Ms
X-Request-Guid
X-Via-JSL
X-Providence-Cookie
DC
X-Route-Name
X-Tb
X-XRDS-LOCATION
X-NWS-UUID-VERIFY
X-B-Cache
X-Signature
X-Whom
X-Oracle-Dms-Ecid
X-Goog-Generation
Protected
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-GUploader-UploadID
X-TT
X-Goog-Stored-Content-Length
X-Oracle-Dms-Rid
X-VCache
Retry-After
Fastcgi-Useragent
X-Varnish-Backend
X-Fastly-Request-ID
X-Cache-NGX
X-Amz-Replication-Status
Payment
X-Contextid
X-B
X-Debug
X-Fastly-Request-Id
X-Fastcgi-Cache
X-Logged-In
X-Template
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
WPO-Cache-Status
X-FW-Server
WPO-Cache-Message
X-FW-Type
X-N
X-Load-Cache
X-XRDS-Location
Surrogate-Key
X-Cache-Control
X-Hostname
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
Count-Hit
X-Trace-Id
X-Node-Name
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Original-Request-Id
SD-X-WS
X-Response-Served-From
Akamai-GRN
X-Proxy
Refresh
Healthy
X-Amz-Meta-S3cmd-Attrs
X-Zen-Fury
X-Cache-Time
X-Akamai-Request-ID2
X-Mobile
Uber-Trace-Id
VIX-Pulpo-Upstream-Status
X-UUID
VIX-Pulpo-Node
X-Parallel-Accel
X-G
X-Rendered-As
X-Revision
X-Is-Bot
X-Jobs
X-Real-IP
X-Cache-TTL-Remaining
X-Http-Reason
X-Page-View
X-Mcache
X-Cacheable-TTL
X-Framework
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
X-Yottaa-Metrics
X-Device-Type
Alternate-Protocol
X-Yottaa-Optimizations
X-Instance
X-Debug-IsConnected
X-Debug-IsPreview
Content-Disposition
NGB
X-Adobe-Content
X-Adobe-Loc
Access-Control-Request-Headers
X-IPLB-Instance
X-Cache-Rule
Url
From-Origin
X-Source
X-Servername
X-Vgn-Hpd-Reason
X-COUNTRY
Permissions-Policy
X-Cache-Grace
Version
X-ECache
X-Cache-Expired-At
Accept-Language
X-Cache-Hit
X-Varnish-Server
Referer-Policy
X-L-Path
X-Environment-Context
X-Mg-Request-UUID
X-Oneagent-Js-Injection
X-EdgeConnect-Cache-Status
X-Ratelimit-Remaining
X-NGENIX-Cache
X-Restarts
X-FW-Version
X-App-Server
Ms-Operation-Id
X-RTag
MS-CV
Cross-Origin-Window-Policy
Countrycode
X-Cache-Action
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-IPS-LoggedIn
Backend
X-NYM-Debug-Backend
Liferay-Portal
Frame-Options
X-RemovedCookies
X-ProcessESI
X-HTML-Minification-Powered-By
CF-IPCountry
WP-Super-Cache
Content-Secure-Policy
X-Hyper-Cache
X-APP-VERSION
Section-Io-Cache
Upgrade-Insecure-Requests
X-PCL
X-OCL
X-UPSTREAM-Address
X-Redis-Cache
X-Nginx-Cache
X-Cache-Server
X-RN-RSRV
Meta-Geo
Ec-Rule-Version
X-Detected-As
X-FB-TRIP-ID
X-Generation-Time
X-Format
X-Ua
X-No-Session
X-Section
Cache-Tv-Group
Apigw-Requestid
X-Content-Age
X-Cluster-Node
X-Access
X-Cache-Enabled
X-Datadome
X-Rule
X-Say-TTL
X-Say-Cacheable
X-Hosted-By
X-SayCDN-TTL
X-Human
X-Server-W
X-Sql-Duration-Ms
X-Mode
X-Sql-Count
X-Site-Version
X-Generated-By
X-Be
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
Fastly-SSL
X-AOL-HN
X-Akamai-Edgescape
S-Rt
Locale
X-Storage
X-Request-Time
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
X-Origin-Hint
TWC-Connection-Speed
X-UA-Device-Type
X-ApacheServer
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
X-PERF
Mn-Server-Ip
X-Varnish-Cache-Hits
X-Via-Fastly
X-Web-Node
Property-Id
X-Uri
X-Urbn-Context-Path
X-Unique-Id
X-Urbn-Site-Id
CDN-Uid
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Xfnlog-Site
CDN-CachedAt
CDN-PullZone
X-Region
CDN-RequestId
X-Content-Powered-By
X-PHP-Backend
X-Origin-Date
X-Platform-Server
X-ProxyCache-Key
CDN-Cache
X-ProxyCache-Status
X-Nginx-Cache-Key
X-Forwarded-Host
X-Cache-Host
X-BYPASS-REASON
X-Cache-Tags
X-Cache-Type
X-Debug-Cache
Webserver
X-Status
X-Zipkin-Id
X-ServerID
X-Backend-Name
X-Varnishpool
Eomportal-Instance
X-Tid
X-SaId
X-Proxied
X-JoinUs
X-Hl-Ver
X-Extlb
X-Routing-Service
X-TT-LOGID
X-ShopId
X-ShardId
X-Adobe-Source
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Accel-Buffering
X-Proxy-Build
X-Timing-Wait
X-Cache-Operation
X-Handled-By
X-Webkit-CSP
ServedBy
Selected-Fe
X-GG-Cache-Date
X-Locale
X-Cache-Remote
X-Labrador-Cache-Channel
X-PHP-Host
X-AWS-Id
SID
X-VWS-Id
X-Rewrite-Enabled
X-LSADC-Cache
X-Ratelimit-Limit
X-LJ-Flow-ID
Xserver
X-VC-Cache
X-Pubstack
X-NewRelic-App-Data
X-Soup
X-Dc
X-Cached-By
X-Buckets
Fastly-Drupal-Html
SRV
Mime-Version
X-CDN-Forward
X-Proto
X-Edge-Location
Web-Mar-Node
LB
X-GEO
X-Reqid
X-Request-Host
X-Storefront-Renderer-Rendered
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-TA-CDN-Provider
Country-Code
X-Microcachable
Onion-Location
X-Cms-Context
X-App-Version
X-Varnish-Hostname
X-Origin-TTL
Server-Info
X-Origin-CC
Cache-Hits
X-Ms-Version
X-Ms-Request-Id
X-Midtier
Xet-Cookie
X-NCache
X-GeoCode
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-GeoCountry
Load-Balancing
X-Cluster
X-Varnish-Hits
DynaTrace
X-Bc-Bl
X-B3-SpanId
X-CSRF-Token
Cache-Name
X-SRV
X-Varnish-Beresp-Grace
X-R9-Blue-Green-Version
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Air-Source
X-Origin-Response-Time
X-Magnolia-Registration
X-RCS-CacheZone
X-Air-Trace-Id
X-Air-Hostname
X-Envoy-Decorator-Operation
X-Endurance-Cache-Level
BehaviorPad-Version
A
X-Webstats-RespID
X-ARC
Cdnsip
Cdncip
X-Orig-Expires
X-Vtex-Processado-Em
X-SRCache-Key
X-Esi-Check
X-Processor
X-Geo-Header
X-Cache-Id
X-Cache-NE
X-External-Request-Id
X-PBS-Appsvrname
X-User
X-Cdn-Srv
X-Gzip
X-PAYTM-SRV-ID
X-B-Cookie
Cmstype
X-Destination
NM-Fastcgi-Cache
Odigeo-Trace-Id
X-A-Dam
Mobile-Detection-Method
X-A-Dcw
Meta-Geo-Continent
X-A-Ccd
X-A
Sslversion
Surrogated-Key
T-Server
X-LAGOON
X-Ig-Push-State
Pramga
Rendered-Blocks
Lang
X-A-Dgt
DCR-Processing-Time-Ms
X-NodeID
Expiry
DCR-Decision-By
DB-Nickname
Cmsid
X-TrackingId
X-Hash
Fastcgi-X-Cache-Version
Host-ID
X-HS-Content-Campaign-Id
X-A-Wwc
X-Aed
X-NAPM-TraceId
X-AK-Request-ID
X-Developer
X-Application
X-Cache-Bucket
X-Forwarded-Path
X-Epic-Correlation-Id
X-Conf
X-Tenant
X-From
X-Ec-Fail
X-Connection-Hash
X-D
X-Vdms-Version
X-S-Cookie
X-TIM-N
X-Session-Fingerprint
X-Vtex-Remote-Cache
X-Shop-Environment
X-S
X-VG-WebCache
X-Vdms-Path
X-Ec-GeoHdr
X-ScT
X-SD-PageType
X-CF-Lambda-Version
X-Rojux
X-CF-Lambda-Fn
X-Ftr-Request-Id
Xc-Version
X-Tx-Id
X-Azure-Ref
X-Fastly-Cache
Environment
Apple-News-Services-Host
X-Node-Id
X-Developers
Wxu-Next-Hostname
X-Mvc-Supplant-Cachable
Wxu-Next-Commit
X-Hnp-Log
Fastly-GeoIP-CountryCode
Is-Eu
Wxu-Next-Region
X-Server-IP
X-Loop
Server-Host
X-Viewer-Country
User-Cache-Control
V-Age
Producers
X-JWT-State
X-DefHash
X-Is-Gdpr
Svr
Apple-News-Services-Parsed-Url
X-Irp-Debug
Apple-News-Services-Request-Url
Platform
X-Sigma
X-Sigma-Backend
Memcached
Mail-Subject
Machine
X-Location
X-VG-TLSProxy
Vix-Hermes-Req-Id
We-Hiring
Web-Mar-Region
X-Gdpr
X-Men
X-Core-Value
X-Planisys-CDN-Rules
X-Nyt-Route
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Worker
X-Varnish-CookieINHashed-On
X-Origin-Time
X-Varnish-Remaining-TTL
X-Wix-Viewer-Type
X-GeoIP
X-V-Cache
X-Fmm-Version
X-Cache-Info
X-DPWN-IS-SECURE
X-Clara-WADP
X-Block-Status
X-Slack-Backend
X-Ckpd-Fst-Backend
X-TNCMS
X-Varnish-Ttl
X-Rocket-Build-Number
X-Core-Mission
X-Varnish-CookieHashed-On
X-Amzn-Remapped-Content-Length
Apple-News-Services-Handled
X-Fetched-On
X-WADP-Cache
X-Gen-Mode
X-Has-Esi
X-Device-Os
X-SB
Source
X-DefElseHash
AKAMAI
Adler-Geo
X-Variation
X-Request-URI
CDN
X-Via-NSCOPI
X-Httpd
Thinkindot-Control
X-CGP
Traceparent
X-Cdn-Origin
X-BBC-Edge-Cache-Status
X-Aicache-OS
X-Auto-Login
X-Datadog-Parent-Id
X-HN
X-Csrf-Jwt
X-Datadog-Sampling-Priority
X-GeoIP-City
Thinkindot-CacheControl-Type
X-Generated-On
X-Cache-Backend
X-Branch-Name
X-Datadog-Trace-Id
X-Cache-Date
CDCHOST
X-RateLimit-Limit-Second
X-Qloud-Router
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Sn-Servicetimems
Thinkindot-CacheControl
X-Eu-Site
X-Platform
X-Pool
X-Policy
X-Response-By
X-SVT-ORM-RULES
X-Pod-Name
X-Thinkindot-L3
X-Ec-Custom-Error
X-Forwarded-Site
Locid
X-Served-From
X-Scheme
X-TIME
X-SVT-ORM-VERSION
X-Skip-Cache
X-Rocket-Nginx-Serving-Static
X-VServer
X-VarnishDD-TTL
X-Origin-Expires
X-Origin
PFcat
X-Loc
Origin-EX
Origin-CC
N-Cache
Origin
Redirect-Candidate
Release
State
TDXMobile
Ssr
X-Level-Front-Cache
Req-Svc-Chain
X-Minions-Version
L5d-Success-Class
Cluster
Fastcgi-Cache-TTL
CloudFront-Viewer-Country
X-Old-Content-Length
Arc-Country
Cache
Fastly-SIE
Fastly-SWR
Kp-EeAlive
L
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
X-Gamma-Serve
X-DI
X-DSS
X-DW
X-RPM
X-RSL
X-Srv
X-Time
X-DB
HostName
X-RPS
NGX
X-EC-Lua
MD5-Digest
X-Optimistic-Header
X-ZONE
X-Tec-Api-Root
X-Parent-Response-Time
X-Tec-Api-Version
X-TraceId
X-Tec-Api-Origin
X-Dispatcher-Number
X-NC
X-Owner
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Accel-Expires-Debug
X-CS
GEO-INFO
X-Date
DSUID
AMP-Access-Control-Allow-Source-Origin
X-Tb-Optimization-Total-Bytes-Saved
Server-Ext
X-Akamai-Transformed
IsBot
Server-Hostname
Pics-Label
X-Refresh
X-GeoIP-Region-Code
X-VC
X-Scale
Sever-Int
X-GeoIP-Country-Code
Env
X-SIPLIST1
X-Via-Ucdn
X-CacheTTL
Memory
X-Mvc-Supplant-OutputCached
Servername
Time
X-Edge-Pop
X-Ah-Environment
X-LB-NoCache
X-Newrelic-Synthetics
Ms-Author-Via
X-Udemy-Cache-App-Namespace
X-Tt-Logid
Ohc-File-Size
X-Cache-Debug
X-Wikidot-Backend
X-IPLB-Request-ID
X-API-Version
X-Wikidot-Static-Cache
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Template-Id
X-Presslabs-Stats
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-BCube-Filmed-By
Cache-Key
X-CACHE-KEY
X-Amz-Meta-Cb-Modifiedtime
Datacenter
Candidate-Md5Url
X-Ad-Defer-Variation
Geo-Info
GeoIp-Country-Code
X-Generated-In
CacheControlHeader
X-Xrds-Location
X-Via-Popv
X-Servedbyhost
CPC-Age
X-Via-Poph
VNS-Cache
X-Via-Popn
X-S-Maxage
VNS-Age
True-Client-Country-4JS
X-SplitTest
X-Action
XM
X-TH-Server
CPC-Cache
Fastly-Backend-Name
X-Contensis-Viewer-Groups
X-HA-Backend
ITXSESSIONID
Geoip-Latitude
X-Backend-TTL
X-Cache-ASPX
X-RateLimit-Reset
X-Vc
X-Micro-Cache
Path
X-Varnish-Authentication
Client
X-Cache-Status-Check
X-VCL-Version
X-WA-Info
FSS-Cache
X-DC
X-Varnish-Beresp-TTL
X-Provided-By
Edge-Cache
X-Dynatrace
Server-ID
X-AIR-PT
X-Req
Hostname
X-Cs
X-VHOST
My-App
X-Trace-ID
Cache-Host
X-Zone
Lb
True-Client-IP
Ngx.Var.Host
X-Pass-Why
Ohc-Cache-HIT
X-Origin-Upstream-Status
X-Up
X-TX-ID
X-FireWall-Port
NtCoent-Length
X-Fpc
DataCenter
XkeyRZ
X-Webkit-Csp-Report-Only
X-Api-Version
X-Proxy-CacheRZ
X-LB-ID
X-NGINX-Cache
X-FPC
X-PX
X-Varnish-Beresp-Ttl
X-Clientip
X-B3-Spanid
X-CSRF-TOKEN
Test
X-Cdn-Request-ID
X-Traceid
Powered-By
X-Li-Fabric
OT-Force-Account-Verify
X-LI-UUID
X-Li-Pop
Cf-Int-Pingora-Origin-Digest
X-UnsetCookies
X-ND-Cache
X-Correlation-ID
Server-Id
X-CUA
X-Beluga-Record
X-Beluga-Status
X-Beluga-Trace
X-MSEdge-Flight
X-Webkit-CSP-Report-Only
X-Beluga-Response-Time
X-MSEdge-Features
X-Vcl-Version
User-Agent
X-Beluga-Cache-Status
X-Time-Microsecs
X-Beluga-Node
Tracecode
X-Dmc
X-Fragments
WZWS-RAY
Cf-Device-Type
X-RAMCache
X-INCAP-ABP
Target-Params
Proxy-Connection
X-Render-Time
X-Azure-Ref-OriginShield
X-CLOUD-TRACE-CONTEXT
Srvid
Rip
X-HS-Status
X-Via-PopN
X-FC-Vary-Parameters
X-Ha-Backend
X-Via-PopH
X-Fastly-Backend
X-Via-PopV
X-ATG-Version
X-Sucuri-ID
X-Sucuri-Cache
Uri
X-URL
X-Var-Ttl
X-Platform-Router
Resin-Trace
X-Platform-Cluster
X-Platform-Processor
Lfy
X-ServedByHost
X-Akamai-Pragma-Client-IP
X-B3-Traceid-Primal
X-Geo
X-Check-Cacheable
Tube-Return
GeoIP-Latitude
X-Service
Tube-Got-Results
Tube-Got-Eval
Click-Count-Error
Sid
Click-Count-Action-Start
C-Via
GeoIP-Country-Code
Tube-Get-Contents
MIME-Version
X-Gateway-Skip-Cache
X-Gateway-Request-Id
Esi-Enabled
X-Hcs-Proxy-Type
Epwk-X-Cache
X-CCDN-Origin-Time
X-Qnm-Cache
X-Alfa-Service
X-Proxy-Cache-Hk
X-NU-AKA-ACS-Version
X-Gateway-Cache-Key
X-M-Reqid
X-Gateway-Cache-Status
X-Li-Proto
X-M-Log
X-Varnish-Beresp-Status
X-CCDN-CacheTTL
X-Fetch-By
X-LI-Proto
X-Cdn-Forward
X-DynaTrace-JS-Agent
Fastly-Drupal-HTML
X-TRACE-ID
X-Backend-Host
HIT
Section-Origin-Responded
Srv
X-Backend-State
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Fastly-Backend-Reqs
ENV
Section-Io-Id
Magicmarker
X-Esi
Cdn
On-Server
PICS-Label
X-Cache-CFC
XServer
ServerName
X-Lb-Nocache
X-App
X-Cache-Expires
X-Edge-POP
X-Request-Start
X-MG-S
X-Srcache-Fetch-Status
X-LiteSpeed-Cache-Control
X-Srcache-Store-Status
X-Bip
X-ElasticPress-Query
X-Thanos
X-Newrelic-App-Data
Tcn
X-Yottaa-OS
CF-Cached-On
Server-Ttl
X-APP
CountryCode
Wpo-Cache-Status
X-Acquia-Site
X-Vcache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
D-Url-Rewrites
Wpo-Cache-Message
X-Serial
X-Iplb-Request-Id
Inserted-Into-Cache-At
X-Iplb-Instance
X-Acquia-Purge-Tags
Cf-Ipcountry
X-BBC-Origin-Response-Status
X-Nc
Servedby
X-HostName
Warning
X-Shopify-Generated-Cart-Token
X-Fastly-Cache-Hits
Fastcgi-Cache-Ttl
X-Akamai-ERRuleID
X-Swift-Error
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-IN-APIGATEWAYSSL
Ngx
Cneonction
X-Cache-Config
X-Litespeed-Cache-Control
X-Snapshot-Date
X-Akamai-ERPolicy
X-Akamai-Request-ID
X-Request-Url
X-Dist-Code
X-Release
M-TraceId
X-Dw-Trace-Id
X-LiteSpeed-Tag
X-Storefront-Renderer-Verified
X-CF-Powered-By
X-Request-URL
X-Th-Server
X-Back
X-IN-APIGATEWAY
Content-Script-Type
Content-Style-Type
X-B3-Parentspanid