Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
X-Request-ID
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
X-Ruxit-JS-Agent
Accept-CH-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-TtlSet
X-Vname
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Server-Name
X-ESI
X-FastCGI-Cache
Fastly-Restarts
Cache-Tag
X-Aws-Lambda-Call-Status
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-Vcap-Request-Id
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-D2id
X-Client-IP
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-Px
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
RTSS
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
X-Powered-By-Plesk
Access-Control-Request-Method
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-NF-Request-ID
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Goog-Hash
X-Server-Lifecycle-Phase
X-Origin-Cache
X-Kraken-Loop-Name
X-Instrumentation
X-Powered-CMS
AR-ATIME
AR-SID
AR-Request-ID
AR-PoweredBy
AR-CACHE
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Version
X-Middleton-Response
Response
X-LLID
Accept-Ch
X-Amz-Server-Side-Encryption
X-MSEdge-Ref
X-Kinsta-Cache
X-Edge-Location-Klb
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Nginx-Cache
X-Edge
TCN
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-TTL
X-Protected-By
X-RateLimit-Remaining
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-T
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
Content-MD5
S
Edge-Cache-Tag
Fastcgi-Cache
X-Language
SPIisLatency
SPRequestDuration
Front-End-Https
X-Ttl
X-Mid
Realpath
X-CST
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Pinterest-Version
X-Pinterest-Rid
X-DynaTrace
Pinterest-Generated-By
Server-Node
Filters
X-MCACHE
X-Frontend
X-Content
Server-Name
X-Ab
X-Ua-Browser
X-Ruxit-Js-Agent
X-Correlation-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Ser
X-HS-Hub-Id
X-NWS-LOG-UUID
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-ECACHE
X-Ezoic-Cdn
X-SharePointHealthScore
X-Cache-Key
SPRequestGuid
X-Template
X-Hits
X-Parallel-Accel
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Id
Alternate-Protocol
Fusion-Content-Source
Fusion-Component-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cache-Tags
X-Page-Id
X-B3-Sampled
X-Content-Options
Cleartype
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Host
MicrosoftSharePointTeamServices
Charset
X-Git-Hash
X-Www-Served-By
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Daa-Tunnel
X-Hostname
X-Amzn-Trace-Id
X-Content-Digest
X-Amz-Replication-Status
X-Fastly-Request-Id
Filterid
X-Varnish-Age
X-AppVersion
X-Activity-Id
X-Ratelimit-Limit
X-Az
X-FB-Debug
X-VCache
X-Upgrade-Enabled
Cross-Origin-Opener-Policy
X-Accel-Expires
X-Forwarded-Proto
X-Grace
X-N
X-Origin-Server
X-Rid
ServerID
X-Nginx-Upstream-Cache-Status
X-F-Cache
TP-L2-Cache
TP-Cache
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Mobile-URL
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-Request-Guid
X-Is-Crawler
X-Flags
X-LB-Cache
X-Server-ID
X-Whom
X-App-Environment
X-Seen-By
X-Varnish-Grace
Viewport
X-TT
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Type
X-Goog-Storage-Class
X-Goog-Generation
X-Tb
X-Distributor
Node
X-XRDS-LOCATION
X-FW-Static
Paypal-Debug-Id
DC
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-FW-Serve
Payment
X-FW-Type
X-App-Server
X-User-Agent
X-DataDome
Fastcgi-Useragent
Country
X-Wix-Request-Id
X-NGENIX-Cache
Accept-Charset
X-Cache-Control
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Cache-Rule
X-Logged-In
X-Webkit-CSP
X-Fastly-Request-ID
Version
Referer-Policy
X-Microsite
X-Drupal-Cache-Tags
X-Via-JSL
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
Amp-Access-Control-Allow-Source-Origin
X-Cluster-Name
X-Signature
X-B-Cache
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cache-Age
X-Contextid
Refresh
X-Varnish-Backend
X-Load-Cache
Cache-Status
X-Buckets
VIX-Pulpo-Node
X-Original-Request-Id
SD-X-WS
VIX-Pulpo-Upstream-Status
X-Response-Served-From
X-Node-Name
X-Vgn-Hpd-Reason
X-Page-View
X-Is-Bot
X-Rendered-As
X-Cache-Expired-At
X-Mobile
X-Jobs
X-Fastcgi-Cache
X-Proxy-Cache-Status
NGB
X-Debug
X-Real-IP
X-Cacheable-TTL
X-Revision
Access-Control-Request-Headers
X-Instance
X-B
X-Device-Type
X-UUID
X-Proxy
X-RemovedCookies
X-Rule
X-IPLB-Instance
X-ProcessESI
X-Cache-Action
X-Yottaa-Metrics
X-Tec-Api-Root
X-Tec-Api-Origin
Akamai-GRN
X-Tec-Api-Version
X-Yottaa-Optimizations
X-Drupal-Cache-Contexts
X-Debug-IsPreview
Surrogate-Key
X-Framework
X-Cache-Time
X-Debug-IsConnected
X-G
X-Air-Hostname
X-FW-Version
CF-IPCountry
X-Air-Source
X-Air-Trace-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
SID
X-XRDS-Location
X-Presslabs-Stats
DynaTrace
GEO-INFO
X-Azure-Ref
Liferay-Portal
X-Oneagent-Js-Injection
X-Accel-Buffering
X-Source
X-Ms-Request-Id
X-Ms-Version
X-APP-VERSION
Count-Hit
Uber-Trace-Id
Frame-Options
X-Nginx-Cache
X-PressLabs-Stats
X-Cache-Operation
X-CDN-Forward
X-RTag
MS-CV
Ms-Operation-Id
Healthy
X-Cache-NGX
X-EdgeConnect-Cache-Status
X-Zen-Fury
X-Cache-Hit
Xserver
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Backend-Name
X-Environment-Context
X-Tumblr-Pixel
X-L-Path
X-Mode
X-Varnish-Server
Cross-Origin-Window-Policy
Protected
Ec-Rule-Version
Countrycode
X-IPS-LoggedIn
X-Ratelimit-Remaining
X-RateLimit-Limit
X-Cache-TTL-Remaining
X-Forwarded-Host
X-Servername
X-Detected-As
X-SaId
X-Region
X-Rewrite-Enabled
X-Tid
X-JoinUs
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
Decoy-Debug-TTL
Apigw-Requestid
X-Routing-Service
X-Content-Age
X-Generation-Time
X-Debug-Cache
X-Extlb
X-Hosted-By
Decoy-Debug-Key
LB
X-Cache-Server
Decoy-Debug-Status
X-Proxied
Backend
X-Sql-Duration-Ms
X-Sql-Count
X-Zipkin-Id
X-Redis-Cache
X-Adobe-Content
X-Uri
X-Content-Powered-By
X-Cache-Grace
X-Adobe-Loc
X-Hyper-Cache
X-ApacheServer
Fastly-SSL
Eomportal-Instance
Country-Code
Mn-Server-Ip
X-ServerID
Url
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Site-Version
X-FB-TRIP-ID
X-Format
X-No-Session
X-Sorting-Hat-ShopId
X-Via-Fastly
X-PERF
X-Status
X-Varnish-Beresp-Grace
X-TIME
X-Sorting-Hat-PodId
X-Human
X-Shopify-Stage
Section-Io-Cache
X-Pubstack
X-Storage
X-Cluster-Node
Property-Id
TWC-Device-Class
TWC-Connection-Speed
X-UA-Device-Type
X-NCache
X-Origin-Hint
Cache-Tv-Group
X-PHP-Backend
X-ProxyCache-Key
X-ProxyCache-Status
X-NYM-Debug-Backend
X-Cache-Type
TWC-GeoIP-Country
X-Microcachable
X-Akamai-Edgescape
Webcakes-Region
Cache-Name
X-BYPASS-REASON
X-Server-W
X-OCL
Webcakes-App-Version
X-Section
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Origin-Date
TWC-Privacy
X-Access
X-Cache-Host
X-PCL
Webcakes-App-Name
WPO-Cache-Message
WPO-Cache-Status
CDN-PullZone
CDN-RequestCountryCode
X-Hl-Ver
CDN-RequestId
CDN-EdgeStorageId
CDN-Uid
CDN-CachedAt
Content-Disposition
X-SayCDN-TTL
X-R9-Blue-Green-Version
X-NewRelic-App-Data
X-Say-TTL
X-Say-Cacheable
X-Web-Node
CDN-Cache
X-Be
Content-Secure-Policy
X-Generated-By
Azure-SlotName
DB-Nickname
Azure-Version
Azure-SiteName
Azure-RegionName
X-Soup
Azure-InstanceId
X-Varnishpool
Selected-Fe
X-Proxy-Build
X-Trace-Id
X-Timing-Wait
X-Webkit-Csp
X-Azure-Ref-OriginShield
X-Ua
X-LSADC-Cache
OT-Force-Account-Verify
X-Cached-By
X-Nginx-Cache-Key
SRV
Source
X-SRV
Retry-After
Cache
X-Unique-Id
X-Bc-Bl
X-Dc
X-LAGOON
X-Auto-Login
X-Platform-Server
X-TT-LOGID
X-GEO
X-Cache-Remote
X-Akamai-Transformed
Mime-Version
X-Varnish-Hits
X-Xfnlog-Site
Cache-Hits
X-Cdn
X-Varnish-Hostname
X-Origin-CC
X-TNCMS
X-Loop
X-HTML-Minification-Powered-By
X-Origin-TTL
Xet-Cookie
Onion-Location
X-S-Maxage
X-Cache-Tags
ServedBy
HostName
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-3
X-App-Version
X-EC-Lua
Web-Mar-Node
X-Tumblr-Pixel-2
X-Request-Time
From-Origin
Webserver
X-AOL-HN
X-Proto
X-CSRF-Token
N-Cache
X-ECache
WP-Super-Cache
X-Endurance-Cache-Level
X-Tenant
X-Request-Host
X-FireWall-Port
X-VWS-Id
X-Time
X-Cache-Var
X-Cache-Var-Map
X-AWS-Id
X-LJ-Flow-ID
X-Correlation-ID
X-Origin-Response-Time
X-Time-Microsecs
X-Cache-Enabled
X-B3-SpanId
X-GG-Cache-Date
Nel
X-Handled-By
X-NWS-UUID-VERIFY
X-Edge-Location
X-S
X-S-Cookie
Meta-Geo-Continent
Mobile-Detection-Method
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Processor
Fastcgi-X-Cache-Version
Odigeo-Trace-Id
X-Rojux
BehaviorPad-Version
X-Vdms-Path
X-V-Cache
X-TIM-N
X-Vdms-Version
X-VG-WebCache
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-SRCache-Key
X-Slack-Backend
Pramga
DCR-Decision-By
DCR-Processing-Time-Ms
X-ScT
X-SD-PageType
X-Shop-Environment
A
X-Session-Fingerprint
Expiry
Redirect-Candidate
X-External-Request-Id
X-Application
X-Developer
X-Forwarded-Path
X-Ftr-Request-Id
X-Aed
X-Gen-Mode
X-Aicache-OS
X-ARC
X-Destination
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cluster
X-Connection-Hash
X-CF-Lambda-Fn
X-B-Cookie
X-Block-Status
X-D
X-A-Wwc
X-A-Dgt
Surrogated-Key
User-Cache-Control
V-Age
Sslversion
X-Orig-Expires
X-PAYTM-SRV-ID
X-Conf
Rendered-Blocks
X-ND-Cache
X-NAPM-TraceId
X-Hnp-Log
X-A-Dam
X-A-Dcw
X-Ig-Push-State
X-A-Ccd
Vix-Hermes-Req-Id
X-A
X-PBS-Appsvrname
X-Cache-NE
X-Mg-Request-UUID
X-Labrador-Cache-Channel
X-PHP-Host
CloudFront-Viewer-Country
X-MP-GENERATED-AT
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Time
Host-ID
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Owner
X-NodeID
Gh-Request-Id
X-Policy
Cmsid
CDCHOST
Cmstype
X-RCS-CacheZone
X-Location
X-Proxy-Upstream
Fastcgi-Cache-TTL
X-Li-Fabric
X-Cache-Date
X-Via-NSCOPI
X-Cdn-Srv
X-Cache-Bucket
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
True-Client-Country-4JS
Svr
X-Hash
X-Request-URI
X-Li-Pop
Origin
X-Geo-Header
X-Fastly-Cache
X-Gdpr
X-LI-UUID
X-Old-Content-Length
X-Adobe-Source
X-Reqid
X-Magnolia-Registration
X-Webstats-RespID
Fastly-Drupal-Html
X-Sucuri-ID
X-Viewer-Country
CacheControlHeader
X-Epic-Correlation-Id
X-Server-IP
X-Sucuri-Cache
AKAMAI
Arc-Country
Environment
X-Eu-Site
X-Esi-Check
X-Device-Os
Apple-News-Services-Parsed-Url
X-Developers
X-Envoy-Decorator-Operation
X-GeoIP-Country-Code
X-Backend-State
X-Gamma-Serve
X-Forwarded-Site
Apple-News-Services-Request-Url
X-VServer
X-Fetched-On
X-Qnm-Cache
X-Datadog-Trace-Id
X-CGP
X-Core-Mission
Apple-News-Services-Handled
X-Cdn-Origin
X-Cache-Id
X-Backend-TTL
X-Cache-Info
X-Branch-Name
X-Datadog-Sampling-Priority
X-Cache-Debug
X-Datadog-Parent-Id
X-Csrf-Jwt
Apple-News-Services-Host
X-Date
X-GeoIP-City
X-Sn-Servicetimems
X-VG-TLSProxy
X-Skip-Cache
X-Storefront-Renderer-Rendered
X-Origin-Expires
X-SVT-ORM-RULES
X-Accel-Expires-Debug
X-Rocket-Nginx-Serving-Static
X-Platform
X-Scheme
X-Req
X-Request-Start
X-Region-Sid
X-RateLimit-Remaining-Second
X-Served-From
X-RateLimit-Limit-Second
X-Men
X-SVT-ORM-VERSION
X-VarnishDD-TTL
X-HN
X-M-Log
X-Gzip
X-GeoIP-Region-Code
X-Generated-On
X-GeoIP
X-HS-Content-Campaign-Id
X-Varnish-Beresp-Status
X-TH-Server
X-Locale
X-TrackingId
X-UnsetCookies
X-Irp-Debug
X-Level-Front-Cache
X-M-Reqid
X-Core-Value
Web-Mar-Region
We-Hiring
Machine
Ha-Gx-Prefs
State
Locid
DSUID
HA-Ipaddr
L
Traceparent
L5d-Success-Class
Server-Info
Mail-Subject
Origin-EX
Origin-CC
PFcat
Server-Host
Ssr
X-Xrds-Location
X-Has-Esi
Release
Req-Svc-Chain
Is-Eu
X-FC-Vary-Parameters
X-NU-AKA-ACS-Version
X-Node-Id
X-Fastly-Backend
NM-Fastcgi-Cache
X-Is-Gdpr
X-DPWN-IS-SECURE
Memcached
TDXMobile
X-DefHash
X-JWT-State
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-DefElseHash
Thinkindot-Control
Fastly-SIE
X-Variation
X-Varnish-CookieHashed-On
X-Thinkindot-L3
X-Thanos
Fastly-SWR
X-Tx-Id
X-Varnish-CookieINHashed-On
X-Amzn-Remapped-Content-Length
S-Rt
Fastly-GeoIP-CountryCode
X-Worker
X-VC-Cache
X-Varnish-Remaining-TTL
X-BBC-Edge-Cache-Status
X-Origin
X-ATG-Version
X-Pod-Name
Adler-Geo
X-Sigma
X-Zone
Platform
X-Sigma-Backend
X-Rebelmouse-Cache-Control
X-Qloud-Router
Cf-Device-Type
X-Response-By
X-Rocket-Build-Number
X-Bip
X-Rebelmouse-Surrogate-Control
X-Varnish-Beresp-Ttl
X-Ua-Device
Magicmarker
X-CS
NGX
X-Loc
X-Mvc-Supplant-OutputCached
X-CLOUD-TRACE-CONTEXT
AMP-Access-Control-Allow-Source-Origin
X-Restarts
X-Http-Reason
X-Akamai-Request-ID2
X-NC
X-API-Version
X-Up
X-Cache-Config
Ms-Author-Via
X-Trace-ID
Kp-EeAlive
X-LB-ID
CDN
X-Generated-In
Pics-Label
X-CACHE-KEY
Datacenter
X-Tt-Logid
X-Action
X-DSS
X-Wix-Viewer-Type
X-RPS
X-DW
Env
Memory
X-DI
X-LB-NoCache
Edge-Cache
X-RPM
X-TraceId
Time
X-DB
X-RSL
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
Candidate-Md5Url
X-Varnish-Ttl
X-Refresh
X-Cache-Backend
WebServer
X-Edge-Pop
Accept-Language
X-Datadome
X-Vc
X-DC
GeoIp-Country-Code
X-Minions-Version
X-Via-Poph
X-Via-Popn
X-Optimistic-Header
X-Via-Popv
X-DynaTrace-JS-Agent
X-CacheTTL
On-Server
WWW-Authenticate
X-HA-Backend
Esi-Enabled
X-Esi
X-Servedbyhost
X-Srv
Locale
X-Urbn-Site-Id
X-Parent-Response-Time
X-Urbn-Context-Path
X-MSEdge-Flight
X-MSEdge-Features
Server-ID
X-Unique-ID
X-Newrelic-Synthetics
X-Varnish-Beresp-TTL
X-Cs
C-Via
X-Service
X-Ec-Fail
X-User
X-Ec-GeoHdr
X-ZONE
X-TA-CDN-Provider
X-TX-ID
X-VCL-Version
X-Cache-PHP
X-Cache-Ttl
X-LI-Proto
X-Fpc
X-App
X-URL
X-Dynatrace
X-Cache-Status-Check
Test
Cdnsip
Cdncip
X-Li-Proto
X-Render-Time
X-Webkit-Csp-Report-Only
X-AK-Request-ID
X-Traceid
X-Pass-Why
X-LiteSpeed-Cache-Control
X-FPC
X-WADP-Cache
X-Fmm-Version
Cluster
X-B3-Spanid
My-App
X-Clara-WADP
X-NODE
X-Webkit-CSP-Report-Only
Proxy-Connection
Geoip-Latitude
Tracecode
X-Vcl-Version
Resin-Trace
X-CUA
X-Mcache
Lfy
M-TraceId
X-CSRF-TOKEN
X-Var-Ttl
Server-Id
T-Server
X-From
Geo-Info
X-LiteSpeed-Tag
Fastly-Drupal-HTML
X-Clientip
Cf-Int-Pingora-Origin-Digest
X-Fragments
Lang
Hostname
X-AIR-PT
X-Info
X-Ha-Backend
Target-Params
X-Oss-Request-Id
X-Oss-Server-Time
UCS
Cache-Host
X-Oss-Storage-Class
HIT
DataCenter
X-ID
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Pad
X-NGINX-Cache
X-ServedByHost
X-B3-Traceid
Hit
GeoIP-Country-Code
S-Cnection
X-RAMCache
X-Dynatrace-Js-Agent
X-VC
X-Geo
MIME-Version
X-Cdn-Forward
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Via-PopH
X-Via-PopN
Tcn
Ohc-File-Size
X-Edge-POP
X-Via-PopV
X-Check-Cacheable
X-Httpd
X-Proxy-Cache-Info
X-Edge-Cache
X-ElasticPress-Query
Fastly-Backend-Name
ENV
X-Api-Version
X-Provided-By
Section-Io-Id
User-Agent
Section-Origin-Responded
Load-Balancing
Section-Io-Origin-Time-Seconds
X-Micro-Cache
Section-Io-Origin-Status
X-ServerName
Servername
Permissions-Policy
X-Release
X-Fastly-Backend-Reqs
X-BBC-Origin-Response-Status
X-Ucs
WZWS-RAY
X-Backend-Host
Producers
X-HS-Status
X-HostName
X-SB
X-Cache-CFC
X-UP
X-Lb-Id
X-GoCache-CacheStatus
Uri
FSS-Cache
X-BCube-Filmed-By
PICS-Label
X-Lb-Nocache
X-APP
ServerName
URI
X-TRACE-ID
X-RateLimit-Reset
X-Cdn-Request-ID
X-Nc
X-Swift-Error
Ohc-Cache-HIT
X-Platform-Cluster
EpKe-Alive
X-Platform-Router
Cneonction
Server-Ttl
X-Udemy-Cache-App-Namespace
X-Fastly-Cache-Hits
Cteonnt-Length
X-Platform-Processor
X-Pool
Cdn
X-Dw-Trace-Id
X-Acquia-Site
X-WA-Info
X-Akamai-ERPolicy
Path
X-Akamai-ERRuleID
X-Akamai-Request-ID
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Ec-Custom-Error
X-Acquia-Application-Trace
X-Newrelic-App-Data
CF-Cached-On
VNS-Age
Vha6-Origin
X-Apw-Access-Object
CountryCode
X-Apw-Hits
VNS-Cache
X-Apw-Access-Action
X-B3-ParentSpanId
X-Apw-Access-Token
X-Amz-Meta-Cb-Modifiedtime
X-Contensis-Viewer-Groups
X-Snapshot-Date
CPC-Age
CPC-Cache
Cache-Key
X-Yottaa-OS
X-Scale
X-WA
X-Cache-ASPX
X-Vcache
Cf-Ipcountry
Shield-Pop
X-Air-Pt
X-Cache-Ngx
Sid
Lb
X-IN-APIGATEWAYSSL
X-SIPLIST1
IsBot
X-Shopify-Generated-Cart-Token
X-Cache-Expires
X-Dispatcher-Number
X-IN-APIGATEWAY
X-Sentry-ID
X-Akamai-Pragma-Client-IP
Req-ID
X-UA
X-CacheKey
X-ES-SERVER
X-Logging-Id
X-Varnish-Authentication
Ngx
X-Te-Count
X-Te-Duration-Ms
X-Http-Duration-Ms
X-Http-Count
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Last-Modified