Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Check
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
EagleId
X-Akamai-Path-Stats
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
Host-Header
X-UA-Device
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
X-WebKit-CSP
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-CST
X-Aws-Lambda-Call-Status
X-Pingback
Request-Id
Surrogate-Control
X-Backend-Server
Cf-Edge-Cache
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Cache-Lookup
Accept-CH-Lifetime
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Content-Location
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Fastly-Restarts
X-MS-InvokeApp
X-Ruxit-JS-Agent
X-Rack-Cache
X-Mod-Pagespeed
Accept-Ch
X-PC
X-TtlSet
X-Vname
Accept-Ch-Lifetime
X-Clacks-Overhead
RTSS
X-Server-Name
Edge-Control
X-VARITI-CCR
X-ESI
X-Amz-Server-Side-Encryption
Cache-Tag
X-Varnish-TTL
X-Content-Type
X-Vcap-Request-Id
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Dw-Request-Base-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Amz-Rid
Public-Key-Pins
X-B3-TraceId
X-Px
X-Cnection
X-D2id
X-FastCGI-Cache
X-Edge
X-Ac
X-RateLimit-Remaining
X-Ser
X-Navigation-Version
X-Element-Page-Cache
Pagespeed
Display
X-Middleton-Display
X-Client-IP
Verso
X-Sol
X-Abt-Application-Version
X-Powered-By-Plesk
X-Ttl
X-Version
X-Cache-TTL
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Service-Worker-Allowed
X-Country-Code
X-Correlation-Id
X-Middleton-Response
Response
X-NF-Request-ID
X-Goog-Hash
Access-Control-Request-Method
X-Content-Security-Policy-Report-Only
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
X-Kinsta-Cache
AR-CACHE
AR-ATIME
AR-Request-ID
X-Edge-Location-Klb
AR-PoweredBy
AR-SID
SPRequestGuid
X-SharePointHealthScore
X-Cached
X-Powered-CMS
X-Upstream
Edge-Cache-Tag
X-Server-Lifecycle-Phase
X-LLID
X-Instrumentation
X-Kraken-Loop-Name
X-NWS-LOG-UUID
X-RateLimit-Limit
X-Litespeed-Cache
X-Forwarded-For
Nginx-Cache
X-Cache-Key
Content-MD5
X-Id
X-MSEdge-Ref
X-Shield-Request-Id
X-TTL
MRF-Tech
Mrf-Cache-Status
TCN
X-T
X-Recruiting
S
X-B3-TraceId-Primal
X-Daa-Tunnel
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Digest
X-ECACHE
X-Ua-Device
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Accel-Expires
X-DataDome
X-Grace
X-WebKit-CSP-Report-Only
X-Ezoic-Cdn
X-HS-Combine-CSS
MicrosoftSharePointTeamServices
X-Protected-By
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
MS-Author-Via
X-Frontend
X-DynaTrace
X-Ua-Browser
X-Ab
X-Content
X-Request-Processing-Time
X-Request-Received
X-Yandex-Sdch-Disable
TP-Cache
Server-Node
TP-L2-Cache
Front-End-Https
Filters
X-Server-ID
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-PressLabs-Stats
X-Mid
X-Geo-Country
X-Hits
X-ORACLE-DMS-ECID
X-Webkit-Csp
X-Microsite
X-Request-Handler-Origin-Region
X-LB-Cache
X-ORACLE-DMS-RID
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
Cleartype
X-Debug-Info
Host
X-F-Cache
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Git-Hash
X-Page-Id
X-Ratelimit-Reset
X-Forwarded-Proto
X-Cache-Age
X-DIS-Request-ID
Cache-Status
X-Seen-By
X-Www-Served-By
Access-Control-Allow-Method
Realpath
X-Pinterest-Rid
ServerID
X-AppVersion
X-Az
X-Activity-Id
Pinterest-Version
Pinterest-Generated-By
Accept-Charset
X-Aspnetmvc-Version
X-MCACHE
Cache-Tags
X-Varnish-Age
X-Fastly-Request-Id
Filterid
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Rid
X-Content-Options
X-Type
X-Language
Retry-After
X-FB-Debug
X-App-Environment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Oracle-Dms-Ecid
Country
X-Oracle-Dms-Rid
Server-Name
X-Varnish-Backend
X-Upgrade-Enabled
Node
Viewport
X-Tb
X-User-Agent
Paypal-Debug-Id
X-Mcache
X-Varnish-Grace
DC
X-Drupal-Cache-Tags
X-Signature
X-B-Cache
X-Wix-Request-Id
X-TT
X-Origin-Cache
X-Whom
X-Oneagent-Js-Injection
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Mobile-URL
X-Route-Name
X-VCache
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-XRDS-LOCATION
X-B
X-NWS-UUID-VERIFY
Protected
X-Debug
Permissions-Policy
Fastcgi-Useragent
X-Logged-In
X-Amz-Replication-Status
X-Amz-Meta-S3cmd-Attrs
X-Cache-NGX
X-N
WPO-Cache-Status
WPO-Cache-Message
X-Via-JSL
X-XRDS-Location
Payment
X-Load-Cache
Surrogate-Key
X-Cache-Control
X-Contextid
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
Count-Hit
X-Webkit-CSP
Healthy
X-Node-Name
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Template
X-Mobile
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
Akamai-GRN
Content-Disposition
Refresh
X-Proxy
Url
X-Restarts
X-Cache-Time
X-G
X-Jobs
X-Revision
X-Akamai-Request-ID2
Uber-Trace-Id
X-UUID
X-Zen-Fury
X-Framework
Alternate-Protocol
X-Cache-TTL-Remaining
NGB
X-Servername
X-NGENIX-Cache
X-Adobe-Loc
X-Drupal-Cache-Contexts
X-Rendered-As
VIX-Pulpo-Node
X-Is-Bot
X-Adobe-Content
X-Real-IP
X-Debug-IsPreview
VIX-Pulpo-Upstream-Status
X-Fastly-Request-ID
X-Cacheable-TTL
X-Debug-IsConnected
X-Proxy-Cache-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
Access-Control-Request-Headers
X-Cache-Grace
X-Device-Type
X-Http-Reason
X-Instance
X-Page-View
X-Hostname
X-Mg-Request-UUID
X-Trace-Id
X-ECache
X-Midtier
X-Varnish-Server
X-IPLB-Instance
Version
X-Environment-Context
X-L-Path
X-Source
X-EdgeConnect-Cache-Status
Accept-Language
X-HTML-Minification-Powered-By
X-Datadome
MS-CV
Ms-Operation-Id
X-RTag
X-Fastcgi-Cache
Frame-Options
From-Origin
X-Cache-Hit
X-Cache-Rule
Countrycode
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-NYM-Debug-Backend
Referer-Policy
Liferay-Portal
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Backend
X-Tumblr-User
X-APP-VERSION
X-COUNTRY
X-IPS-LoggedIn
X-FW-Version
X-Nginx-Cache
Content-Secure-Policy
X-Hosted-By
X-UPSTREAM-Address
X-Unique-Id
X-Parallel-Accel
Meta-Geo
Upgrade-Insecure-Requests
X-RN-RSRV
X-Cache-Server
X-FB-TRIP-ID
Section-Io-Cache
X-Redis-Cache
X-PCL
X-NewRelic-App-Data
X-Ua
X-No-Session
X-OCL
X-Cache-Enabled
X-Generation-Time
Apigw-Requestid
WP-Super-Cache
S-Rt
X-Origin-Hint
X-Origin-Date
X-Format
X-Via-Fastly
X-Varnish-Cache-Hits
X-ProcessESI
X-PHP-Backend
X-Cluster-Node
X-Be
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Access
X-AOL-HN
X-Akamai-Edgescape
X-Uri
TWC-GeoIP-LatLong
Mn-Server-Ip
Property-Id
TWC-Connection-Speed
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Request-Time
TWC-Device-Class
X-Server-W
X-UA-Device-Type
X-Region
X-Section
TWC-GeoIP-Country
X-RemovedCookies
Azure-InstanceId
TWC-Locale-Group
X-Mode
CF-IPCountry
X-Content-Age
X-Generated-By
X-Forwarded-Host
X-Locale
X-PERF
X-ProxyCache-Key
X-Debug-Cache
X-Nginx-Cache-Key
X-Cache-Host
Eomportal-Instance
Cache-Tv-Group
Locale
X-ApacheServer
X-ProxyCache-Status
X-BYPASS-REASON
X-Content-Powered-By
X-Say-TTL
Fastly-SSL
X-Xfnlog-Site
X-Sql-Count
X-Sql-Duration-Ms
X-PHP-Host
X-Labrador-Cache-Channel
X-Urbn-Site-Id
X-Urbn-Context-Path
X-SayCDN-TTL
X-Sorting-Hat-ShopId
X-Site-Version
X-Status
X-Ratelimit-Remaining
X-Storage
X-Say-Cacheable
X-Human
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-ShopId
X-JoinUs
X-Routing-Service
X-SaId
X-Hl-Ver
X-Cache-Type
X-Cache-Action
X-Backend-Name
X-Detected-As
X-Extlb
X-Tid
X-VC-Cache
X-Platform-Server
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Cms-Context
X-Cache-Tags
X-Varnishpool
Ec-Rule-Version
X-Web-Node
X-Zipkin-Id
X-Adobe-Source
X-ServerID
X-Proxied
X-Handled-By
X-GG-Cache-Date
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestId
CDN-EdgeStorageId
CDN-Cache
Load-Balancing
X-Timing-Wait
CDN-Uid
X-Proxy-Build
CDN-CachedAt
Selected-Fe
X-Storefront-Renderer-Rendered
X-Edge-Location
ServedBy
Webserver
X-Proto
SRV
X-GeoCode
X-GeoCountry
Web-Mar-Node
X-LSADC-Cache
X-Hyper-Cache
Mime-Version
X-CDN-Forward
Fastly-Drupal-Html
X-Rule
X-Dc
Onion-Location
X-Cached-By
X-Cache-Operation
X-TT-LOGID
X-Cache-Remote
X-GEO
X-Rewrite-Enabled
SID
X-Varnish-Hostname
X-Soup
X-App-Version
X-Cdn
Cache-Hits
X-SRV
X-Varnish-Ttl
Xserver
X-Cluster
X-Pubstack
X-Accel-Buffering
X-Origin-CC
X-Reqid
X-Origin-TTL
X-TA-CDN-Provider
X-Varnish-Hits
Country-Code
X-Envoy-Decorator-Operation
Xet-Cookie
X-Magnolia-Registration
X-Ratelimit-Limit
Server-Info
X-Air-Source
X-Air-Trace-Id
X-IPLB-Request-ID
LB
X-Air-Hostname
X-Microcachable
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Request-Host
DB-Nickname
X-Buckets
Cache
Source
X-Amz-Apigw-Id
X-Newrelic-Synthetics
X-Tt-Logid
X-Amzn-RequestId
X-Ms-Request-Id
X-Ms-Version
X-CSRF-Token
X-Endurance-Cache-Level
X-Tx-Id
X-B3-SpanId
Lang
Host-ID
Cdnsip
Cmsid
Fastcgi-X-Cache-Version
Xc-Version
Expiry
X-PBS-Appsvrname
DCR-Processing-Time-Ms
BehaviorPad-Version
A
X-Via-NSCOPI
Cdncip
X-Origin-Response-Time
X-S-Cookie
X-S
DCR-Decision-By
MD5-Digest
X-ScT
Cmstype
Sslversion
X-Connection-Hash
X-Conf
X-SRCache-Key
X-D
X-Destination
X-Shop-Environment
X-NAPM-TraceId
X-Tenant
X-Cdn-Srv
X-Cache-NE
X-CF-Lambda-Fn
X-TIM-N
X-CF-Lambda-Version
X-Session-Fingerprint
X-Developer
X-Ftr-Request-Id
X-Forwarded-Path
X-Geo-Header
X-Gzip
X-HS-Content-Campaign-Id
X-Hash
X-External-Request-Id
X-SD-PageType
X-Ec-GeoHdr
X-Ec-Fail
X-Epic-Correlation-Id
X-Processor
X-Esi-Check
X-Cache-Id
X-B-Cookie
X-VG-WebCache
X-PAYTM-SRV-ID
X-Rojux
X-Ig-Push-State
X-Vdms-Version
Surrogated-Key
Rendered-Blocks
Pramga
X-Vtex-Remote-Cache
Mobile-Detection-Method
X-Vtex-Processado-Em
NM-Fastcgi-Cache
Odigeo-Trace-Id
X-Vdms-Path
T-Server
X-AK-Request-ID
X-Aed
X-Application
X-TrackingId
X-ARC
X-Orig-Expires
X-User
X-A-Dam
X-A
X-A-Dcw
X-A-Dgt
X-A-Wwc
Meta-Geo-Continent
X-A-Ccd
X-RCS-CacheZone
X-NCache
X-Bc-Bl
X-Cache-Info
X-CacheTTL
X-Cache-Bucket
X-Cache-Backend
X-Amzn-Remapped-Content-Length
X-WADP-Cache
X-Ckpd-Fst-Backend
X-DefElseHash
X-DefHash
X-Core-Value
X-Core-Mission
X-Clara-WADP
X-Worker
Wxu-Next-Region
Mail-Subject
Memcached
Machine
Is-Eu
Fastly-GeoIP-CountryCode
Platform
Producers
Wxu-Next-Commit
Wxu-Next-Hostname
We-Hiring
State
Server-Host
X-Developers
X-Device-Os
X-Sigma
X-Sigma-Backend
X-Scheme
X-SB
X-Rocket-Build-Number
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Variation
X-V-Cache
X-Origin-Time
X-Origin-Expires
X-Fetched-On
X-Fmm-Version
X-Fastly-Cache
Environment
X-DPWN-IS-SECURE
X-Gdpr
X-GeoIP
X-NodeID
X-Nyt-Route
X-Node-Id
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Via-Ucdn
X-Origin
AKAMAI
Adler-Geo
X-Skip-Cache
Cache-Name
CDN
X-Varnish-Beresp-Grace
X-Time
X-Azure-Ref
Apple-News-Services-Handled
X-Request-URI
Apple-News-Services-Host
X-Branch-Name
X-Block-Status
X-Cache-Date
X-Server-IP
X-Httpd
X-Served-From
X-BBC-Edge-Cache-Status
X-Rocket-Nginx-Serving-Static
X-Cdn-Origin
X-Slack-Backend
X-VG-TLSProxy
Apple-News-Services-Request-Url
X-Gamma-Serve
X-Wikidot-Backend
Web-Mar-Region
X-Wikidot-Static-Cache
X-R9-Blue-Green-Version
X-VarnishDD-TTL
X-Sn-Servicetimems
X-CGP
X-Auto-Login
X-Thinkindot-L3
X-Aicache-OS
Apple-News-Services-Parsed-Url
X-SIPLIST1
X-Rebelmouse-Cache-Control
X-Planisys-CDN-Cache
X-Ec-Custom-Error
X-Dispatcher-Number
X-Planisys-CDN-Rules
X-Platform
X-Planisys-CDN-TTL
DynaTrace
X-Eu-Site
X-Gen-Mode
X-Forwarded-Site
X-Level-Front-Cache
X-Loc
X-Minions-Version
X-Hnp-Log
X-Pod-Name
X-Policy
X-Csrf-Jwt
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
CDCHOST
X-Rebelmouse-Surrogate-Control
X-LAGOON
X-Qloud-Router
X-Datadog-Parent-Id
X-Proxy-Cache-Info
X-Pool
X-Proxy-Upstream
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Region-Sid
X-Viewer-Country
Origin-CC
Origin-EX
Origin
Candidate-Md5Url
X-BCube-Filmed-By
Vix-Hermes-Req-Id
CloudFront-Viewer-Country
Req-Svc-Chain
X-TNCMS
Redirect-Candidate
X-Wix-Viewer-Type
Cache-Key
N-Cache
X-HN
Fastly-SWR
Gh-Request-Id
Fastly-SIE
Datacenter
Fastcgi-Cache-TTL
Ha-Gx-Prefs
HA-Ipaddr
Ohc-File-Size
Cluster
L5d-Success-Class
L
IsBot
X-Loop
PFcat
Traceparent
X-JWT-State
X-Generated-On
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
Svr
Kp-EeAlive
User-Cache-Control
Ssr
V-Age
X-Has-Esi
X-Is-Gdpr
X-Cache-Status-Check
Server-Ext
X-GeoIP-City
NGX
VNS-Age
XM
X-SplitTest
X-Webstats-RespID
X-Optimistic-Header
X-Owner
VNS-Cache
X-From
CPC-Cache
DSUID
CPC-Age
Sever-Int
Release
X-VServer
X-Scale
X-Ad-Defer-Variation
Server-Hostname
X-ZONE
HostName
X-CS
X-Location
Fastly-Backend-Name
Pics-Label
X-WA-Info
GEO-INFO
X-Parent-Response-Time
X-Refresh
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-KEY
X-NC
X-Micro-Cache
X-Contensis-Viewer-Groups
Env
X-WP-CF-Super-Cache
X-Ah-Environment
X-Cache-ASPX
Locid
X-WP-CF-Super-Cache-Cache-Control
X-TIME
Ms-Author-Via
X-EC-Lua
X-VC
X-Varnish-Authentication
X-Men
X-LB-NoCache
X-Response-By
X-Udemy-Cache-App-Namespace
Servername
Arc-Country
AMP-Access-Control-Allow-Source-Origin
X-AIR-PT
X-Amz-Meta-Cb-Modifiedtime
Memory
Time
Path
X-Edge-Pop
X-Old-Content-Length
X-Servedbyhost
X-Tec-Api-Version
X-Xrds-Location
Lb
X-Tec-Api-Root
X-Tec-Api-Origin
X-Generated-In
X-DB
Ngx.Var.Host
Cache-Host
X-DW
X-Mvc-Supplant-OutputCached
X-DSS
X-DI
X-Srv
X-Via-Popv
X-TraceId
X-RPM
X-RSL
X-Via-Popn
X-RPS
X-Via-Poph
Ohc-Cache-HIT
X-Date
GeoIp-Country-Code
X-HA-Backend
X-Akamai-Transformed
X-Presslabs-Stats
ITXSESSIONID
X-Accel-Expires-Debug
X-Vc
X-Trace-ID
X-Proxy-CacheRZ
X-Api-Version
X-RateLimit-Reset
XkeyRZ
X-S-Maxage
X-GeoIP-Country-Code
True-Client-IP
X-DC
X-Varnish-Beresp-TTL
X-VCL-Version
X-GeoIP-Region-Code
Client
FSS-Cache
X-API-Version
X-Cache-Debug
X-Clientip
X-VHOST
Hostname
X-Cs
Geoip-Latitude
Server-ID
Fusion-Deployment-Id
X-Zone
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-Fpc
CacheControlHeader
X-FireWall-Port
X-TH-Server
X-Action
X-Dmc
True-Client-Country-4JS
X-MSEdge-Flight
X-Render-Time
X-Traceid
X-Webkit-Csp-Report-Only
X-MSEdge-Features
X-Backend-TTL
Powered-By
X-TX-ID
X-INCAP-ABP
NtCoent-Length
X-PX
X-B3-Spanid
X-CSRF-TOKEN
X-Req
X-DynaTrace-JS-Agent
C-Via
Rip
Edge-Cache
Test
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Service
Geo-Info
Tcn
X-Gateway-Cache-Status
X-M-Reqid
X-NGINX-Cache
Tube-Return
Tube-Got-Results
X-Pass-Why
X-M-Log
X-Qnm-Cache
Esi-Enabled
Click-Count-Action-Start
X-HS-Status
X-FPC
My-App
Click-Count-Error
Tube-Got-Eval
Tube-Get-Contents
X-Cdn-Request-ID
X-Origin-Upstream-Status
X-Correlation-ID
HIT
X-Beluga-Record
User-Agent
X-Beluga-Node
X-Beluga-Status
X-Beluga-Cache-Status
X-Beluga-Response-Time
X-Beluga-Trace
X-Webkit-CSP-Report-Only
Server-Id
On-Server
X-Vcl-Version
X-Alfa-Service
X-Up
Cf-Int-Pingora-Origin-Digest
OT-Force-Account-Verify
X-Provided-By
X-Varnish-Beresp-Ttl
X-TRACE-ID
X-Via-PopN
Proxy-Connection
X-Via-PopV
X-Via-PopH
Srvid
X-Proxy-Cache-Hk
Uri
X-URL
Resin-Trace
X-Ha-Backend
GeoIP-Latitude
X-LB-ID
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
Sid
X-APP
GeoIP-Country-Code
X-Akamai-Pragma-Client-IP
X-Edge-Origin-Shield-Bytes
X-CCDN-CacheTTL
Epwk-X-Cache
Cdn
Srv
X-LI-UUID
X-Hcs-Proxy-Type
X-Edge-Origin-Shield-Region
X-RAMCache
X-UnsetCookies
X-ServedByHost
X-CCDN-Origin-Time
X-Li-Pop
X-Li-Fabric
X-LI-Proto
X-Geo
WebServer
X-Cdn-Forward
DataCenter
X-Time-Microsecs
Server-Ttl
X-ND-Cache
X-Fetch-By
X-Backend-Host
M-TraceId
WZWS-RAY
X-Esi
MIME-Version
Warning
X-Fastly-Backend-Reqs
X-B3-Traceid-Primal
ENV
Cf-Device-Type
X-CUA
X-Lb-Nocache
ServerName
X-Edge-POP
XServer
X-App
Fastly-Drupal-HTML
X-MG-S
X-HostName
X-HITS
X-Platform-Cluster
Section-Io-Id
X-Platform-Processor
Target-Params
X-Newrelic-App-Data
X-Platform-Router
CountryCode
X-Yottaa-OS
PICS-Label
X-Azure-Ref-OriginShield
X-Request-Url
X-ATG-Version
Tracecode
X-Fragments
CF-Cached-On
Section-Origin-Responded
X-ElasticPress-Query
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
DT-Hot-News
Inserted-Into-Cache-At
X-CF-Powered-By
Cf-Ipcountry
D-Url-Rewrites
X-Serial
Lfy
X-Thanos
X-Iplb-Instance
X-Iplb-Request-Id
X-Fastly-Backend
X-FC-Vary-Parameters
X-Sucuri-ID
X-Sucuri-Cache
X-Nc
X-LiteSpeed-Cache-Control
X-Vcache
X-Bip
X-Var-Ttl
X-Akamai-Request-ID
Dt-Hot-News
X-Dw-Trace-Id
Cdn-Cache
Cdn-Cachedat
X-Air-Pt
Cdn-Uid
Wp-Super-Cache
Cdn-Pullzone
Cdn-Requestcountrycode
Cdn-Edgestorageid
Servedby
Cdn-Requestid
X-Vercel-Id
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Vercel-Cache
True-Client-Ip
Hit
Vha6-Origin
X-Wp-Cf-Super-Cache-Cache-Control
Content-Script-Type
X-BBC-Origin-Response-Status
X-Release
X-Snapshot-Date
X-Varnish-Beresp-Status
X-Dist-Code
Ngx
Cneonction
X-Cache-Expires
Content-Style-Type
X-NU-AKA-ACS-Version
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Request-URL
X-Storefront-Renderer-Verified
X-Back
X-Th-Server
X-Wp-Cf-Super-Cache