Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Backend
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-TtlSet
X-Vname
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
X-FastCGI-Cache
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-Aws-Lambda-Call-Status
X-Upstream
X-MS-InvokeApp
X-GitHub-Request-Id
MS-Author-Via
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-Px
Accept-Ch
Arr-Disable-Session-Affinity
RTSS
X-Country-Code
X-Navigation-Version
Access-Control-Request-Method
X-Origin-Cache
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kraken-Loop-Name
X-Kinja
X-Instrumentation
X-Server-Lifecycle-Phase
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
AR-SID
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Powered-CMS
AR-Request-ID
X-Version
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Amz-Server-Side-Encryption
X-Middleton-Response
Response
X-MSEdge-Ref
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TTL
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
X-RateLimit-Remaining
Nginx-Cache
TCN
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Protected-By
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-T
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
S
X-Aspnetmvc-Version
X-Mg-S
X-Id
Content-MD5
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
Realpath
SPIisLatency
SPRequestDuration
X-Language
Front-End-Https
X-Recruiting
X-Request-Processing-Time
X-Request-Received
X-CST
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-MCACHE
Filters
X-DynaTrace
Server-Node
X-Content
X-Ab
X-Ua-Browser
X-Frontend
Server-Name
X-Correlation-Id
X-Ttl
X-HS-Content-Id
X-HS-Hub-Id
X-ECACHE
X-HS-Cache-Config
X-HS-Combine-CSS
X-NWS-LOG-UUID
X-SharePointHealthScore
SPRequestGuid
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-Ser
X-Cache-Key
X-Hits
X-Parallel-Accel
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-Template
Fusion-Content-Source
Alternate-Protocol
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
Cache-Tags
X-Content-Options
X-Kong-Proxy-Latency
Charset
X-Server-ID
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
Host
X-Page-Id
X-B3-Sampled
X-Git-Hash
Cleartype
X-Www-Served-By
X-DIS-Request-ID
X-Geo-Country
X-Debug-Info
X-Amzn-Trace-Id
X-Amz-Replication-Status
X-Hostname
X-Content-Digest
X-Daa-Tunnel
X-Fastly-Request-Id
X-Varnish-Age
X-Accel-Expires
Filterid
X-AppVersion
X-Az
X-Activity-Id
X-FB-Debug
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-Upgrade-Enabled
X-VCache
X-Rid
TP-L2-Cache
TP-Cache
X-Grace
Access-Control-Allow-Method
X-Origin-Server
X-Nginx-Upstream-Cache-Status
X-N
X-F-Cache
X-LB-Cache
ServerID
X-Mobile-URL
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-Flags
X-Request-Guid
X-Is-Crawler
X-Whom
X-TT
X-Ratelimit-Limit
X-Goog-Generation
X-Varnish-Grace
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-XRDS-LOCATION
X-Goog-Metageneration
Viewport
X-Tb
X-App-Environment
X-Goog-Storage-Class
X-GUploader-UploadID
X-WebKit-CSP-Report-Only
X-Type
X-FW-Type
Node
X-FW-Server
X-Distributor
X-FW-Serve
X-Seen-By
Payment
X-FW-Static
X-FW-Dynamic
X-FW-Hash
DC
X-App-Server
Paypal-Debug-Id
X-User-Agent
X-NGENIX-Cache
Fastcgi-Useragent
Country
Accept-Charset
X-Origin-Upstream-Status
X-Cache-Control
X-Litespeed-Cache
X-Wix-Request-Id
X-Cache-Rule
X-Fastcgi-Cache
X-Logged-In
X-Fastly-Request-ID
Version
X-Webkit-CSP
X-DataDome
X-Microsite
X-Cache-Age
X-Request-Handler-Origin-Region
X-Via-JSL
X-Oracle-Dms-Ecid
X-Drupal-Cache-Tags
Referer-Policy
X-Oracle-Dms-Rid
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
Amp-Access-Control-Allow-Source-Origin
X-Cluster-Name
Refresh
X-Signature
X-Contextid
X-B-Cache
Cache-Status
X-Load-Cache
X-Varnish-Backend
X-Mobile
X-Buckets
X-Node-Name
Access-Control-Request-Headers
X-Response-Served-From
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
SD-X-WS
X-Original-Request-Id
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-Page-View
X-Real-IP
X-Cacheable-TTL
X-Jobs
X-B
X-Rendered-As
X-Revision
X-UUID
X-Proxy-Cache-Status
X-ProcessESI
X-Is-Bot
X-Debug
X-Yottaa-Metrics
X-RemovedCookies
X-Cache-Action
X-Yottaa-Optimizations
X-Proxy
X-Rule
X-Instance
X-Device-Type
X-IPLB-Instance
X-G
X-Framework
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Surrogate-Key
NGB
X-Drupal-Cache-Contexts
X-Cache-Time
Akamai-GRN
X-Debug-IsConnected
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Debug-IsPreview
X-TEC-API-VERSION
X-Air-Trace-Id
X-Air-Hostname
CF-IPCountry
X-Air-Source
X-FW-Version
SID
X-Ratelimit-Reset
DynaTrace
X-PressLabs-Stats
GEO-INFO
Liferay-Portal
X-Azure-Ref
X-Nginx-Cache
X-Oneagent-Js-Injection
X-Source
Count-Hit
X-Accel-Buffering
X-Cache-Operation
X-Ms-Request-Id
X-Ms-Version
X-Presslabs-Stats
Healthy
Frame-Options
Uber-Trace-Id
Ms-Operation-Id
X-XRDS-Location
X-CDN-Forward
MS-CV
X-RTag
X-EdgeConnect-Cache-Status
X-RateLimit-Limit
X-APP-VERSION
X-Cache-NGX
Xserver
X-Tumblr-Pixel-0
X-L-Path
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Zen-Fury
X-Environment-Context
Countrycode
X-Varnish-Server
X-Backend-Name
X-Cache-Hit
X-Mode
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Region
X-IPS-LoggedIn
X-Servername
X-Forwarded-Host
Protected
X-Content-Powered-By
X-Cache-TTL-Remaining
Backend
Meta-Geo
X-UPSTREAM-Address
X-JoinUs
X-Tid
X-Rewrite-Enabled
X-RN-RSRV
X-Detected-As
X-Cache-Type
X-SaId
X-Cache-Server
Decoy-Debug-Key
X-Generation-Time
X-Extlb
X-Sql-Duration-Ms
X-Hosted-By
X-Human
Decoy-Debug-TTL
X-Alternate-Cache-Key
Section-Io-Cache
Decoy-Debug-Status
Country-Code
Apigw-Requestid
X-Routing-Service
X-Shopify-Stage
X-ShopId
X-Debug-Cache
X-Redis-Cache
Eomportal-Instance
X-Cache-Grace
X-Proxied
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Sql-Count
X-ShardId
X-Zipkin-Id
X-Uri
X-Varnish-Beresp-Grace
X-Via-Fastly
X-Microcachable
X-PHP-Backend
Cache-Name
X-UA-Device-Type
X-Origin-Date
X-ServerID
Fastly-SSL
X-PERF
X-ProxyCache-Status
X-ProxyCache-Key
X-FB-TRIP-ID
X-BYPASS-REASON
X-ApacheServer
X-Site-Version
Url
X-Format
Mn-Server-Ip
Cache-Tv-Group
X-Soup
X-NCache
X-Content-Age
X-Storage
X-Status
X-No-Session
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
Property-Id
Selected-Fe
TWC-Connection-Speed
Webcakes-App-Name
TWC-GeoIP-Country
X-Access
X-Pubstack
X-Cache-Host
X-Cluster-Node
X-Proxy-Build
X-Timing-Wait
X-Akamai-Edgescape
Webcakes-Region
X-Adobe-Content
X-Adobe-Loc
Webcakes-App-Version
X-PCL
X-SayCDN-TTL
X-Say-TTL
X-Origin-Hint
X-Section
X-Hyper-Cache
X-NYM-Debug-Backend
X-OCL
X-Server-W
X-Web-Node
X-Say-Cacheable
LB
Azure-SlotName
Azure-InstanceId
Azure-SiteName
DB-Nickname
X-R9-Blue-Green-Version
Azure-Version
Azure-RegionName
X-Varnishpool
X-Hl-Ver
CDN-RequestCountryCode
Content-Secure-Policy
CDN-Uid
X-Be
CDN-RequestId
CDN-Cache
X-NewRelic-App-Data
WPO-Cache-Status
WPO-Cache-Message
CDN-CachedAt
CDN-EdgeStorageId
OT-Force-Account-Verify
CDN-PullZone
Content-Disposition
X-Generated-By
X-Ua
X-Webkit-Csp
X-LSADC-Cache
X-Azure-Ref-OriginShield
X-TIME
SRV
X-Trace-Id
X-Cached-By
Cache
X-Nginx-Cache-Key
Source
X-Ratelimit-Remaining
X-TT-LOGID
X-Bc-Bl
X-Unique-Id
X-App-Version
X-LAGOON
Retry-After
X-Dc
Cache-Hits
X-SRV
X-Auto-Login
X-Origin-CC
X-GEO
X-Origin-TTL
Mime-Version
X-Varnish-Hits
Xet-Cookie
X-Cache-Remote
X-Platform-Server
X-Varnish-Hostname
X-HTML-Minification-Powered-By
X-Cdn
X-Akamai-Transformed
X-Loop
X-TNCMS
X-Xfnlog-Site
X-S-Maxage
HostName
Onion-Location
X-Amz-Meta-S3cmd-Attrs
X-CSRF-Token
X-Cache-Tags
ServedBy
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
Web-Mar-Node
Upgrade-Insecure-Requests
X-Time
Webserver
X-Proto
X-Request-Time
X-Cache-Var
X-EC-Lua
X-Cache-Var-Map
X-AOL-HN
X-Tenant
X-Xrds-Location
N-Cache
X-ECache
X-FireWall-Port
X-Time-Microsecs
X-Endurance-Cache-Level
WP-Super-Cache
From-Origin
X-VWS-Id
X-Request-Host
X-Edge-Location
X-AWS-Id
X-LJ-Flow-ID
X-GG-Cache-Date
X-B3-SpanId
X-Origin-Response-Time
Nel
CloudFront-Viewer-Country
X-Correlation-ID
X-Mg-Request-UUID
X-Via-NSCOPI
X-Cache-Enabled
X-B-Cookie
X-A-Ccd
X-Block-Status
X-A-Dam
X-A
X-ARC
X-Aed
X-A-Dgt
X-Aicache-OS
X-Application
X-A-Wwc
Pramga
Expiry
Fastcgi-X-Cache-Version
Meta-Geo-Continent
DSUID
DCR-Processing-Time-Ms
A
BehaviorPad-Version
DCR-Decision-By
Mobile-Detection-Method
Odigeo-Trace-Id
Surrogated-Key
User-Cache-Control
V-Age
Sslversion
Rendered-Blocks
Origin
X-Cache-Date
Redirect-Candidate
Vix-Hermes-Req-Id
X-Destination
Xc-Version
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-S-Cookie
X-S
X-Planisys-CDN-TTL
X-Processor
X-Rojux
X-Shop-Environment
X-Slack-Backend
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-Vtex-Processado-Em
X-V-Cache
X-TIM-N
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Connection-Hash
X-D
X-Vtex-Remote-Cache
X-Developer
X-Conf
X-Cluster
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-External-Request-Id
X-Forwarded-Path
X-ND-Cache
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-NAPM-TraceId
X-Ig-Push-State
X-Ftr-Request-Id
X-Gen-Mode
X-Hnp-Log
X-Cache-NE
X-A-Dcw
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-PHP-Host
X-M-Log
X-MP-GENERATED-AT
X-Qnm-Cache
X-Handled-By
X-M-Reqid
X-Skip-Cache
X-Owner
X-Epic-Correlation-Id
Gh-Request-Id
X-Cache-Info
Fastly-Drupal-Html
Ssr
X-Cdn-Srv
X-RCS-CacheZone
X-Sucuri-ID
X-Sucuri-Cache
Fastcgi-Cache-TTL
Host-ID
X-LI-UUID
X-Rocket-Nginx-Serving-Static
X-Location
X-Li-Pop
X-Request-URI
Origin-EX
Origin-CC
X-Men
X-Scheme
L
X-Cache-Bucket
X-Li-Fabric
X-Mvc-Supplant-Cachable
Release
X-Served-From
X-Server-IP
X-Hash
X-Geo-Header
Wxu-Next-Commit
X-Old-Content-Length
Cmstype
X-Varnish-Beresp-Status
AKAMAI
Wxu-Next-Hostname
Traceparent
X-NWS-UUID-VERIFY
X-Policy
X-VServer
X-Device-Os
True-Client-Country-4JS
X-Origin-Expires
X-Webstats-RespID
X-Fastly-Cache
X-Gdpr
CacheControlHeader
CDCHOST
X-NodeID
Cmsid
State
Svr
X-Forwarded-Site
X-Origin-Time
X-Nyt-Route
X-Core-Mission
Arc-Country
Wxu-Next-Region
X-Fetched-On
Environment
X-Magnolia-Registration
Server-Info
X-Reqid
X-Zone
X-Locale
X-Node-Id
X-Accel-Expires-Debug
Web-Mar-Region
X-Adobe-Source
X-Gzip
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Core-Value
X-Generated-On
X-Gamma-Serve
X-Datadog-Trace-Id
X-Date
X-Esi-Check
X-Envoy-Decorator-Operation
X-Developers
X-Eu-Site
X-Fastly-Backend
X-CGP
X-Cdn-Origin
X-BBC-Edge-Cache-Status
X-HS-Content-Campaign-Id
X-Backend-State
X-Irp-Debug
X-ATG-Version
X-HN
X-Bip
X-GeoIP-City
X-GeoIP
X-Cache-Id
X-Cache-Debug
X-Branch-Name
X-Level-Front-Cache
Server-Host
X-Sigma-Backend
Fastly-GeoIP-CountryCode
X-Sn-Servicetimems
X-Storefront-Renderer-Rendered
X-TH-Server
X-Sigma
Ha-Gx-Prefs
Machine
Locid
L5d-Success-Class
X-Platform
X-Thanos
X-Thinkindot-L3
X-VarnishDD-TTL
X-VG-TLSProxy
X-Viewer-Country
X-Backend-TTL
Apple-News-Services-Handled
Apple-News-Services-Host
X-TrackingId
X-UnsetCookies
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Rocket-Build-Number
HA-Ipaddr
PFcat
X-Proxy-Upstream
Thinkindot-CacheControl-Type
X-Region-Sid
Thinkindot-Control
Thinkindot-CacheControl
X-Request-Start
Req-Svc-Chain
TDXMobile
X-VC-Cache
X-Varnish-CookieHashed-On
Adler-Geo
X-FC-Vary-Parameters
X-Varnish-CookieINHashed-On
X-Variation
X-DefHash
X-DPWN-IS-SECURE
X-Pod-Name
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Worker
We-Hiring
X-DefElseHash
X-NU-AKA-ACS-Version
X-Qloud-Router
X-Varnish-Remaining-TTL
Cf-Device-Type
Mail-Subject
X-Req
Is-Eu
X-Has-Esi
Memcached
NGX
X-Is-Gdpr
X-Response-By
NM-Fastcgi-Cache
X-Amzn-Remapped-Content-Length
X-Loc
X-Rebelmouse-Cache-Control
X-JWT-State
X-RateLimit-Remaining-Second
X-Origin
X-Rebelmouse-Surrogate-Control
X-Tx-Id
Fastly-SWR
Fastly-SIE
Platform
X-RateLimit-Limit-Second
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Beresp-Ttl
X-Ua-Device
X-CS
X-Cache-Config
X-CLOUD-TRACE-CONTEXT
X-Mvc-Supplant-OutputCached
S-Rt
Magicmarker
X-API-Version
X-CACHE-KEY
X-Up
X-LB-ID
X-Datadome
X-Trace-ID
CDN
X-NC
X-Restarts
Kp-EeAlive
Ms-Author-Via
X-Generated-In
Pics-Label
Time
X-Http-Reason
X-Akamai-Request-ID2
Memory
Candidate-Md5Url
X-LB-NoCache
Env
Datacenter
X-TraceId
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popn
X-Via-Popv
X-DC
X-DW
NtCoent-Length
WebServer
X-RPM
X-Optimistic-Header
X-Varnish-Ttl
X-Via-Poph
X-RPS
X-RSL
X-DB
X-Cache-Backend
X-Action
X-DI
X-Edge-Pop
X-Wix-Viewer-Type
X-DSS
Edge-Cache
X-Tt-Logid
X-DynaTrace-JS-Agent
X-Vc
WWW-Authenticate
X-Refresh
On-Server
X-Srv
Esi-Enabled
GeoIp-Country-Code
X-TA-CDN-Provider
X-CacheTTL
X-Minions-Version
X-Parent-Response-Time
Accept-Language
X-Esi
X-HA-Backend
X-Servedbyhost
X-MSEdge-Features
X-Varnish-Beresp-TTL
X-MSEdge-Flight
X-Unique-ID
C-Via
X-Service
Server-ID
X-Cs
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Cache-PHP
X-ZONE
X-Newrelic-Synthetics
X-TX-ID
X-User
X-Ec-Fail
X-Ec-GeoHdr
X-VCL-Version
X-Webkit-CSP-Report-Only
X-Cache-Status-Check
X-Cache-Ttl
X-Traceid
X-Fpc
X-Dynatrace
X-LI-Proto
X-Render-Time
X-App
X-URL
X-Webkit-Csp-Report-Only
Test
X-Li-Proto
X-LiteSpeed-Cache-Control
Cdncip
Cdnsip
X-B3-Spanid
X-FPC
X-AK-Request-ID
Proxy-Connection
X-Pass-Why
X-NODE
X-Vcl-Version
X-Fmm-Version
My-App
X-WADP-Cache
Server-Id
X-Clara-WADP
X-Mcache
X-AIR-PT
Geoip-Latitude
X-Info
Tracecode
X-CUA
Resin-Trace
Cluster
M-TraceId
X-Clientip
X-Var-Ttl
X-From
X-LiteSpeed-Tag
Geo-Info
UCS
Lfy
Fastly-Drupal-HTML
T-Server
HIT
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Cache-Host
X-Oss-Server-Time
X-Oss-Request-Id
Cf-Int-Pingora-Origin-Digest
X-CSRF-TOKEN
S-Cnection
X-ID
Lang
GeoIP-Country-Code
X-Fragments
X-Ha-Backend
Hostname
DataCenter
Target-Params
Ohc-File-Size
X-WP-CF-Super-Cache-Cache-Control
X-Pad
Tcn
Hit
X-WP-CF-Super-Cache
X-ServedByHost
X-Dynatrace-Js-Agent
X-VC
X-Geo
X-Via-PopH
X-Via-PopV
X-RAMCache
X-Edge-POP
X-Via-PopN
X-ElasticPress-Query
User-Agent
Fastly-Backend-Name
MIME-Version
X-RateLimit-Reset
X-Cdn-Forward
X-Micro-Cache
X-HostName
X-BBC-Origin-Response-Status
X-Edge-Cache
X-Backend-Host
X-Api-Version
X-NGINX-Cache
Load-Balancing
X-Release
Section-Origin-Responded
ENV
Section-Io-Id
X-Check-Cacheable
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Httpd
X-Lb-Nocache
X-Ucs
Permissions-Policy
X-APP
X-BCube-Filmed-By
X-Proxy-Cache-Info
X-Fastly-Backend-Reqs
Servername
X-HS-Status
X-ServerName
X-Provided-By
EpKe-Alive
X-UP
X-GoCache-CacheStatus
Uri
ServerName
X-Nc
URI
FSS-Cache
Producers
PICS-Label
Lb
X-TRACE-ID
Cneonction
CPC-Cache
X-Pool
X-Lb-Id
CPC-Age
Cache-Key
X-SB
X-Swift-Error
Ohc-Cache-HIT
Cdn
Cteonnt-Length
X-WA-Info
WZWS-RAY
VNS-Cache
X-Cdn-Request-ID
X-Amz-Meta-Cb-Modifiedtime
Server-Ttl
X-Fastly-Cache-Hits
X-WA
Path
X-Udemy-Cache-App-Namespace
X-B3-ParentSpanId
VNS-Age
X-Cache-CFC
X-Dw-Trace-Id
X-Apw-Hits
X-ES-SERVER
X-Apw-Access-Token
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Newrelic-App-Data
Shield-Pop
X-Vcache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Ec-Custom-Error
X-Akamai-Request-ID
X-Yottaa-OS
X-Apw-Access-Action
X-Cache-ASPX
CF-Cached-On
Vha6-Origin
X-Acquia-Application-Trace
X-Snapshot-Date
Cf-Ipcountry
X-Contensis-Viewer-Groups
X-Acquia-Site
X-Acquia-Application-UUID
X-Apw-Access-Object
X-Acquia-Purge-Tags
X-Cache-Ngx
Sid
X-Air-Pt
X-Logging-Id
Pagetype
X-Shopify-Generated-Cart-Token
X-Scale
X-Sentry-ID
GeoIP-Latitude
Ngx
X-Cms-Context
X-Te-Duration-Ms
X-Varnish-Authentication
X-Te-Count
X-Http-Duration-Ms
X-Http-Count
X-UA
X-Akamai-Pragma-Client-IP
CountryCode
Req-ID
X-CacheKey
X-Last-Modified
X-PJAX-URL