Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
Report-To
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
NEL
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-B3-TraceId
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Country
X-Cloud-Trace-Context
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-PC
X-TtlSet
X-Vname
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Server-Name
Fastly-Restarts
X-Aws-Lambda-Call-Status
Cache-Tag
X-FastCGI-Cache
X-VARITI-CCR
Service-Worker-Allowed
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-Vcap-Request-Id
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Px
RTSS
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Origin-Cache
AR-ATIME
X-Powered-CMS
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-SID
X-Version
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-Kinsta-Cache
X-Edge-Location-Klb
X-SRCache-Store-Status
Nginx-Cache
X-SRCache-Fetch-Status
Accept-Ch
X-Edge
X-TTL
X-RateLimit-Remaining
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
TCN
X-Protected-By
X-T
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Content-MD5
S
X-Aspnetmvc-Version
Edge-Cache-Tag
X-CST
X-Language
SPIisLatency
SPRequestDuration
Fastcgi-Cache
X-Mid
X-Ruxit-Js-Agent
Front-End-Https
Realpath
X-Recruiting
X-Request-Received
X-Request-Processing-Time
X-DynaTrace
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Filters
X-Ttl
Server-Node
X-MCACHE
X-Frontend
Server-Name
X-Ua-Browser
X-Content
X-Ab
X-Correlation-Id
X-HS-Hub-Id
X-Ser
X-HS-Cache-Config
X-HS-Content-Id
X-NWS-LOG-UUID
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-ECACHE
X-Cache-Key
X-SharePointHealthScore
SPRequestGuid
X-Ezoic-Cdn
X-Template
X-Hits
X-Parallel-Accel
Alternate-Protocol
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Kong-Upstream-Latency
Cache-Tags
X-Kong-Proxy-Latency
Fusion-Component-Id
X-Page-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Charset
Host
X-B3-Sampled
Cleartype
X-Www-Served-By
X-Git-Hash
X-Content-Options
X-Geo-Country
X-Debug-Info
X-DIS-Request-ID
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Ratelimit-Limit
X-Fastly-Request-Id
X-Content-Digest
X-Hostname
X-Amz-Replication-Status
X-Varnish-Age
Filterid
X-AppVersion
X-Activity-Id
X-Az
X-Accel-Expires
X-Upgrade-Enabled
Cross-Origin-Opener-Policy
X-VCache
X-Forwarded-Proto
X-Grace
X-FB-Debug
X-WebKit-CSP-Report-Only
X-N
X-Rid
ServerID
X-F-Cache
X-Origin-Server
Access-Control-Allow-Method
X-Nginx-Upstream-Cache-Status
TP-L2-Cache
TP-Cache
X-Mobile-URL
X-Is-Crawler
X-Request-Guid
X-Providence-Cookie
X-Flags
X-Route-Name
X-Aspnet-Duration-Ms
X-XRDS-LOCATION
X-LB-Cache
X-Whom
X-TT
X-Varnish-Grace
X-Type
X-Seen-By
Viewport
X-App-Environment
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Tb
X-FW-Hash
X-FW-Server
Payment
X-FW-Type
X-Distributor
X-FW-Static
X-FW-Dynamic
X-FW-Serve
Node
Paypal-Debug-Id
DC
X-Server-ID
X-User-Agent
X-App-Server
X-DataDome
Fastcgi-Useragent
Accept-Charset
Country
X-Wix-Request-Id
X-Oneagent-Js-Injection
X-Cache-Control
X-NGENIX-Cache
X-Origin-Upstream-Status
X-Cache-Rule
X-Litespeed-Cache
X-Fastcgi-Cache
Version
X-Ratelimit-Reset
X-Request-Handler-Origin-Region
X-Logged-In
X-Microsite
X-Tec-Api-Version
Referer-Policy
X-Tec-Api-Root
X-Drupal-Cache-Tags
X-Tec-Api-Origin
X-Via-JSL
X-Fastly-Request-ID
X-Webkit-Csp
X-Cluster-Name
X-Cache-Age
X-Signature
X-B-Cache
X-Webkit-CSP
Refresh
X-Buckets
X-Contextid
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Cache-Status
X-Varnish-Backend
X-Load-Cache
VIX-Pulpo-Upstream-Status
X-Response-Served-From
SD-X-WS
Amp-Access-Control-Allow-Source-Origin
VIX-Pulpo-Node
X-Original-Request-Id
X-Cache-Expired-At
X-Page-View
X-Rendered-As
X-Node-Name
X-Vgn-Hpd-Reason
X-Is-Bot
X-Real-IP
X-Mobile
X-Proxy-Cache-Status
X-Debug
X-Jobs
Access-Control-Request-Headers
NGB
X-Cacheable-TTL
X-IPLB-Instance
X-B
X-RemovedCookies
X-Proxy
X-Instance
X-Yottaa-Optimizations
X-Revision
X-Yottaa-Metrics
X-ProcessESI
X-Device-Type
X-Rule
X-UUID
X-Drupal-Cache-Contexts
Surrogate-Key
Akamai-GRN
X-Cache-Action
X-Cache-Time
X-Debug-IsPreview
X-Framework
X-Debug-IsConnected
X-G
X-FW-Version
CF-IPCountry
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
DynaTrace
X-Oracle-Dms-Rid
SID
X-Oracle-Dms-Ecid
X-XRDS-Location
X-Azure-Ref
X-Accel-Buffering
X-Presslabs-Stats
Liferay-Portal
GEO-INFO
X-PressLabs-Stats
X-Source
X-Ms-Version
Count-Hit
X-Ms-Request-Id
Uber-Trace-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Cache-Operation
X-Nginx-Cache
Frame-Options
X-Cache-NGX
X-APP-VERSION
Ms-Operation-Id
X-RTag
X-CDN-Forward
MS-CV
Healthy
X-Zen-Fury
X-EdgeConnect-Cache-Status
X-Cache-Hit
Xserver
Countrycode
Protected
X-L-Path
X-Varnish-Server
X-Backend-Name
X-Environment-Context
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Mode
Ec-Rule-Version
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Cache-TTL-Remaining
X-Region
X-Servername
X-Adobe-Content
X-Tid
Meta-Geo
X-Rewrite-Enabled
X-RN-RSRV
X-UPSTREAM-Address
Backend
X-Adobe-Loc
X-JoinUs
X-SaId
X-Detected-As
X-Forwarded-Host
X-RateLimit-Limit
X-Hyper-Cache
X-Generation-Time
LB
Decoy-Debug-Key
Decoy-Debug-Status
Section-Io-Cache
Country-Code
X-Uri
X-Cache-Server
X-Debug-Cache
X-Proxied
Decoy-Debug-TTL
X-Routing-Service
X-Content-Powered-By
Apigw-Requestid
X-Zipkin-Id
X-Sql-Count
X-Redis-Cache
X-Ratelimit-Remaining
X-Sql-Duration-Ms
X-Extlb
Cache-Name
Eomportal-Instance
X-Cache-Grace
X-Sorting-Hat-ShopId
X-NCache
X-No-Session
X-Origin-Date
X-ApacheServer
X-Alternate-Cache-Key
Fastly-SSL
Mn-Server-Ip
X-Format
X-PERF
X-PHP-Backend
X-ShopId
X-Hosted-By
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Via-Fastly
X-Human
X-FB-TRIP-ID
X-ServerID
Url
X-Content-Age
Property-Id
X-Proxy-Build
Selected-Fe
TWC-Device-Class
TWC-GeoIP-Country
X-ProxyCache-Key
TWC-Connection-Speed
X-ProxyCache-Status
Cache-Tv-Group
X-Storage
X-Status
X-Server-W
X-Pubstack
TWC-GeoIP-LatLong
TWC-Locale-Group
X-BYPASS-REASON
X-NewRelic-App-Data
X-Cache-Host
X-Cache-Type
X-Cluster-Node
X-Akamai-Edgescape
X-NYM-Debug-Backend
X-Origin-Hint
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Timing-Wait
X-Site-Version
X-Access
X-Varnish-Beresp-Grace
X-Microcachable
X-OCL
X-Section
X-UA-Device-Type
X-PCL
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
X-SayCDN-TTL
X-Say-Cacheable
CDN-PullZone
CDN-RequestCountryCode
X-Trace-Id
X-Hl-Ver
CDN-Uid
CDN-RequestId
Content-Disposition
X-Say-TTL
X-Web-Node
X-Varnishpool
X-R9-Blue-Green-Version
Azure-SiteName
Azure-InstanceId
X-Azure-Ref-OriginShield
Content-Secure-Policy
Azure-SlotName
X-TIME
X-Soup
Azure-RegionName
X-Generated-By
Azure-Version
X-Be
DB-Nickname
X-Ua
X-LSADC-Cache
WPO-Cache-Message
WPO-Cache-Status
OT-Force-Account-Verify
X-Nginx-Cache-Key
Retry-After
X-Dc
X-Cached-By
SRV
Source
X-Bc-Bl
X-Unique-Id
Cache
X-TT-LOGID
X-SRV
X-Platform-Server
X-Auto-Login
X-LAGOON
X-Cache-Remote
X-Xfnlog-Site
Cache-Hits
X-Varnish-Hits
X-Akamai-Transformed
X-GEO
X-Loop
X-Origin-CC
X-HTML-Minification-Powered-By
X-TNCMS
ServedBy
X-Cache-Tags
X-Origin-TTL
X-Varnish-Hostname
X-App-Version
Mime-Version
X-Cdn
X-S-Maxage
Onion-Location
X-Varnish-Cache-Hits
HostName
Upgrade-Insecure-Requests
From-Origin
X-Request-Time
Xet-Cookie
X-Amz-Meta-S3cmd-Attrs
X-CSRF-Token
Webserver
Web-Mar-Node
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-AOL-HN
X-Proto
X-EC-Lua
X-Time
WP-Super-Cache
X-Request-Host
N-Cache
X-Endurance-Cache-Level
X-Tenant
X-NWS-UUID-VERIFY
X-B3-SpanId
X-ECache
X-FireWall-Port
X-VWS-Id
X-Cache-Enabled
X-LJ-Flow-ID
X-AWS-Id
X-Handled-By
X-Time-Microsecs
X-GG-Cache-Date
X-Cache-Var-Map
X-Edge-Location
X-Origin-Response-Time
X-Cache-Var
A
BehaviorPad-Version
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-TIM-N
X-Vdms-Path
X-V-Cache
X-Ig-Push-State
X-SRCache-Key
X-SD-PageType
X-ScT
X-Cache-NE
X-Session-Fingerprint
X-Shop-Environment
X-CF-Lambda-Fn
X-Vdms-Version
X-Cluster
X-Vtex-Processado-Em
X-Forwarded-Path
X-Vtex-Remote-Cache
X-Gen-Mode
X-External-Request-Id
Xc-Version
X-Developer
X-Destination
X-Block-Status
X-VG-WebCache
X-Conf
X-Connection-Hash
X-Hnp-Log
X-D
X-Ftr-Request-Id
X-S-Cookie
X-PAYTM-SRV-ID
X-A-Wwc
Surrogated-Key
X-Aed
X-Aicache-OS
X-Processor
X-Planisys-CDN-TTL
Sslversion
X-A-Dgt
X-Planisys-CDN-Rules
X-A-Ccd
X-PBS-Appsvrname
X-A-Dam
X-A
Vix-Hermes-Req-Id
X-Planisys-CDN-Cache
V-Age
Rendered-Blocks
Redirect-Candidate
Expiry
Fastcgi-X-Cache-Version
X-S
DCR-Processing-Time-Ms
DCR-Decision-By
X-A-Dcw
X-NAPM-TraceId
X-ND-Cache
Meta-Geo-Continent
X-Application
Pramga
X-Rojux
X-Orig-Expires
X-ARC
Mobile-Detection-Method
Odigeo-Trace-Id
X-B-Cookie
User-Cache-Control
Nel
X-Mg-Request-UUID
X-Via-NSCOPI
X-Correlation-ID
X-PHP-Host
X-MP-GENERATED-AT
X-Magnolia-Registration
X-Adobe-Source
X-Labrador-Cache-Channel
X-Reqid
X-Amzn-RequestId
CloudFront-Viewer-Country
X-RCS-CacheZone
X-Amz-Apigw-Id
X-Request-URI
True-Client-Country-4JS
Wxu-Next-Region
Wxu-Next-Commit
Svr
Wxu-Next-Hostname
Origin
Host-ID
X-SVT-ORM-VERSION
Gh-Request-Id
Fastcgi-Cache-TTL
X-SVT-ORM-RULES
X-Sucuri-ID
X-Server-IP
X-Slack-Backend
X-Sucuri-Cache
X-Scheme
X-Origin-Time
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Cdn-Srv
X-Date
X-Fastly-Cache
X-Geo-Header
X-Gdpr
X-Hash
X-Forwarded-Site
X-Location
X-Men
X-Origin-Expires
DSUID
X-Accel-Expires-Debug
X-Policy
X-Old-Content-Length
X-Nyt-Route
X-Cache-Bucket
X-Mvc-Supplant-Cachable
X-NodeID
X-Proxy-Upstream
State
X-Webstats-RespID
X-Backend-TTL
X-Epic-Correlation-Id
Cmstype
Cmsid
Arc-Country
X-Viewer-Country
CacheControlHeader
AKAMAI
CDCHOST
Environment
X-Cache-Info
X-Backend-State
X-Branch-Name
X-Cache-Debug
X-Cache-Date
X-Cache-Id
Apple-News-Services-Parsed-Url
We-Hiring
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Req
Web-Mar-Region
X-VServer
X-GeoIP-Country-Code
Apple-News-Services-Host
Server-Info
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-CGP
X-Esi-Check
X-Eu-Site
X-Envoy-Decorator-Operation
X-HS-Content-Campaign-Id
X-Irp-Debug
X-HN
X-Fastly-Backend
X-Generated-On
X-GeoIP
X-Gzip
X-Fetched-On
X-VG-TLSProxy
X-Device-Os
X-Developers
X-Level-Front-Cache
X-Rocket-Nginx-Serving-Static
X-Origin
X-Request-Start
AMP-Access-Control-Allow-Source-Origin
X-Core-Mission
X-Core-Value
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Csrf-Jwt
X-GeoIP-Region-Code
X-Platform
X-Skip-Cache
L
HA-Ipaddr
Ha-Gx-Prefs
Server-Host
X-TH-Server
L5d-Success-Class
Locid
Origin-CC
X-VarnishDD-TTL
Origin-EX
PFcat
Machine
Mail-Subject
X-Served-From
Release
Ssr
X-UnsetCookies
X-TrackingId
Traceparent
X-GeoIP-City
X-Varnish-Beresp-Status
Fastly-Drupal-Html
X-M-Reqid
X-M-Log
X-Gamma-Serve
Memcached
X-Variation
X-Varnish-CookieINHashed-On
X-Has-Esi
Cf-Device-Type
X-Rocket-Build-Number
NM-Fastcgi-Cache
Is-Eu
X-Varnish-Remaining-TTL
X-Is-Gdpr
X-DPWN-IS-SECURE
X-Varnish-CookieHashed-On
Fastly-SWR
Fastly-SIE
X-JWT-State
X-DefHash
X-Sigma-Backend
X-Thinkindot-L3
X-Sigma
X-DefElseHash
X-FC-Vary-Parameters
S-Rt
X-Locale
X-Cdn-Origin
X-Pod-Name
X-Worker
X-Amzn-Remapped-Content-Length
Fastly-GeoIP-CountryCode
X-NU-AKA-ACS-Version
Req-Svc-Chain
X-Qloud-Router
X-Response-By
X-Rebelmouse-Surrogate-Control
X-Region-Sid
Thinkindot-Control
X-Rebelmouse-Cache-Control
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-BBC-Edge-Cache-Status
X-Owner
X-Sn-Servicetimems
X-Node-Id
Platform
X-Storefront-Renderer-Rendered
X-VC-Cache
X-Qnm-Cache
X-ATG-Version
Adler-Geo
X-Xrds-Location
X-Varnish-Beresp-Ttl
Magicmarker
X-Tx-Id
X-Http-Reason
NGX
X-Bip
X-Mvc-Supplant-OutputCached
X-Akamai-Request-ID2
X-Thanos
X-Loc
X-Zone
X-Ua-Device
X-API-Version
X-Restarts
X-TraceId
X-CLOUD-TRACE-CONTEXT
X-CS
X-NC
X-Up
Kp-EeAlive
X-LB-ID
X-Generated-In
X-Cache-Config
CDN
Pics-Label
X-CACHE-KEY
Time
Ms-Author-Via
X-LB-NoCache
X-DI
Memory
X-DB
Edge-Cache
X-Cache-Backend
X-Wix-Viewer-Type
X-Trace-ID
X-DSS
X-RSL
X-RPM
X-DW
X-RPS
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
X-Refresh
Env
X-Action
X-Optimistic-Header
Accept-Language
Datacenter
X-Edge-Pop
X-Via-Popn
X-Via-Poph
Candidate-Md5Url
X-Via-Popv
GeoIp-Country-Code
X-Varnish-Ttl
X-Minions-Version
X-CacheTTL
WebServer
NtCoent-Length
X-Datadome
X-Vc
X-Srv
X-DynaTrace-JS-Agent
On-Server
Locale
X-HA-Backend
X-Urbn-Site-Id
WWW-Authenticate
X-DC
X-Urbn-Context-Path
X-ZONE
X-Cs
X-MSEdge-Features
X-Servedbyhost
X-MSEdge-Flight
X-Esi
Esi-Enabled
X-Parent-Response-Time
X-Unique-ID
X-Ec-GeoHdr
X-TX-ID
Server-ID
X-User
X-Ec-Fail
X-Varnish-Beresp-TTL
C-Via
X-Service
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Cache-PHP
X-VCL-Version
X-App
X-Li-Proto
X-AK-Request-ID
X-Cache-Ttl
X-LI-Proto
Cdncip
Cdnsip
X-Dynatrace
X-URL
X-Webkit-Csp-Report-Only
X-Cache-Status-Check
X-Fpc
X-Clara-WADP
X-FPC
X-WADP-Cache
X-Render-Time
Cluster
My-App
X-Fmm-Version
Test
Geoip-Latitude
X-LiteSpeed-Cache-Control
X-Traceid
X-Vcl-Version
X-Var-Ttl
Geo-Info
X-CUA
X-B3-Spanid
Tracecode
Cf-Int-Pingora-Origin-Digest
Proxy-Connection
X-Pass-Why
X-Webkit-CSP-Report-Only
X-NODE
X-From
T-Server
Lfy
Fastly-Drupal-HTML
X-Mcache
X-CSRF-TOKEN
Resin-Trace
X-Fragments
Lang
Server-Id
M-TraceId
DataCenter
X-Clientip
X-Ha-Backend
X-LiteSpeed-Tag
Hostname
Target-Params
X-AIR-PT
X-Info
X-ServedByHost
X-Geo
X-ID
X-Oss-Storage-Class
X-WP-CF-Super-Cache
UCS
X-Oss-Server-Time
X-VC
Cache-Host
HIT
X-WP-CF-Super-Cache-Cache-Control
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
MIME-Version
X-NGINX-Cache
X-Pad
X-RAMCache
X-Via-PopH
GeoIP-Country-Code
S-Cnection
X-COUNTRY
X-Via-PopV
X-Via-PopN
Hit
X-Dynatrace-Js-Agent
X-Edge-POP
X-Httpd
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Proxy-Cache-Info
ENV
Tcn
X-Cdn-Forward
Section-Origin-Responded
Ohc-File-Size
Permissions-Policy
X-ElasticPress-Query
X-HS-Status
X-Api-Version
Producers
X-Micro-Cache
User-Agent
X-Edge-Cache
Servername
WZWS-RAY
Load-Balancing
X-Check-Cacheable
Fastly-Backend-Name
X-Provided-By
X-Cache-CFC
X-Release
X-Fastly-Backend-Reqs
X-SB
X-BBC-Origin-Response-Status
X-Backend-Host
FSS-Cache
X-Ucs
X-ServerName
X-HostName
X-Acquia-Application-UUID
X-Acquia-Site
X-Lb-Id
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-UP
X-GoCache-CacheStatus
X-Lb-Nocache
Wpo-Cache-Status
Wpo-Cache-Message
PICS-Label
X-Platform-Cluster
X-Platform-Processor
X-APP
X-Pool
URI
Uri
X-Udemy-Cache-App-Namespace
X-Platform-Router
X-BCube-Filmed-By
ServerName
X-TRACE-ID
Sid
X-RateLimit-Reset
X-Swift-Error
X-Ec-Custom-Error
Ohc-Cache-HIT
Cdn
Cteonnt-Length
EpKe-Alive
Cneonction
X-Scale
X-Fastly-Cache-Hits
X-Cdn-Request-ID
X-Nc
Server-Ttl
X-Dw-Trace-Id
X-Akamai-ERPolicy
Server-Hostname
MD5-Digest
X-Cache-Expires
X-Dispatcher-Number
IsBot
Server-Ext
Sever-Int
X-SIPLIST1
X-Akamai-ERRuleID
X-Apw-Access-Action
Shield-Pop
Path
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Snapshot-Date
CPC-Age
CPC-Cache
VNS-Age
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
VNS-Cache
X-WA-Info
X-WA
X-Amz-Meta-Cb-Modifiedtime
X-Yottaa-OS
CF-Cached-On
X-Litespeed-Cache-Control
X-Newrelic-App-Data
X-Vcache
Vha6-Origin
Cache-Key
X-B3-ParentSpanId
Cf-Ipcountry
Lb
X-Cache-Ngx
X-Air-Pt
X-IN-APIGATEWAYSSL
X-B3-Parentspanid
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAY
X-Wikidot-Backend
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
X-Akamai-Pragma-Client-IP
Req-ID
X-Sentry-ID
CountryCode
X-Te-Duration-Ms
X-UA
X-Wikidot-Static-Cache
Ngx
X-ES-SERVER
X-Last-Modified
X-Varnish-Authentication
X-CacheKey
X-Logging-Id
X-Akamai-Request-ID