Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Request-Id
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
Report-To
X-Cache-Status
NEL
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
X-Envoy-Upstream-Service-Time
Status
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Turbo-Charged-By
X-Cache-Group
X-UA-Device
Keep-Alive
P3p
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-AH-Environment
X-Server-Powered-By
X-Robots-Tag
X-Hacker
X-Server
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-WebKit-CSP
X-Nginx-Cache-Status
X-LiteSpeed-Cache
X-Page-Speed
X-Request-ID
EagleEye-TraceId
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dispatcher
X-Device
Accept-CH
X-Cache-Spec
X-Host
Cf-Railgun
X-Server-Id
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
X-Dns-Prefetch-Control
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-Ruxit-JS-Agent
X-B3-TraceId
X-Cache-Lookup
Allow
X-Cloud-Trace-Context
X-Url
X-Trace
X-Aws-Lambda-Call-Status
Accept-Ch-Lifetime
X-Vname
X-PC
X-TtlSet
X-Content-Type
X-Ac
X-Clacks-Overhead
X-Server-Name
Fastly-Restarts
Edge-Control
X-Varnish-TTL
X-ESI
Cache-Tag
X-Mod-Pagespeed
X-Rack-Cache
X-VARITI-CCR
Service-Worker-Allowed
MS-Author-Via
X-Element-Page-Cache
Verso
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
Public-Key-Pins
X-Upstream
X-GitHub-Request-Id
X-Dw-Request-Base-Id
RTSS
X-Abt-Application-Version
X-Cnection
X-CST
X-Client-IP
X-FastCGI-Cache
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-D2id
X-Cache-TTL
X-Px
X-Cached
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
X-Country-Code
Access-Control-Request-Method
X-Goog-Hash
X-NF-Request-ID
X-TTL
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
AR-SID
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Middleton-Response
Response
X-Version
X-RateLimit-Remaining
X-Powered-CMS
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-LLID
Nginx-Cache
X-Edge-Location-Klb
X-Kinsta-Cache
X-Amz-Server-Side-Encryption
TCN
X-Origin-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Edge
X-Protected-By
X-T
X-Language
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Shield-Request-Id
Edge-Cache-Tag
X-Aspnetmvc-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Mg-S
X-Id
SPIisLatency
SPRequestDuration
S
X-Ser
Content-MD5
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Correlation-Id
X-Cache-Key
Fastcgi-Cache
Front-End-Https
X-NWS-LOG-UUID
X-Template
Realpath
X-Mid
Server-Node
X-Frontend
X-Request-Processing-Time
Filters
X-Recruiting
X-Request-Received
X-Ab
X-Ua-Browser
X-Yandex-Sdch-Disable
X-Content
X-HS-Hub-Id
Server-Name
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-MCACHE
X-Ruxit-Js-Agent
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace
X-Ezoic-Cdn
X-Hits
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Kong-Upstream-Latency
X-Server-ID
X-Daa-Tunnel
X-Parallel-Accel
X-Ttl
Cleartype
X-Tt-Trace-Host
X-Tt-Trace-Tag
Accept-Ch
Cache-Tags
X-Litespeed-Cache
X-Debug-Info
X-DataDome
X-Page-Id
X-B3-Sampled
Charset
X-ECACHE
Host
X-Geo-Country
X-Git-Hash
X-Www-Served-By
X-DIS-Request-ID
Cross-Origin-Opener-Policy
X-Ratelimit-Limit
X-Content-Digest
X-Content-Options
X-Amzn-Trace-Id
X-ASPNET-VERSION
X-Hostname
X-Grace
ServerID
X-F-Cache
X-Amz-Replication-Status
Filterid
Alternate-Protocol
X-Upgrade-Enabled
X-Accel-Expires
X-Fastcgi-Cache
X-FB-Debug
X-N
X-Varnish-Age
X-AppVersion
X-Activity-Id
X-Az
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-VCache
X-WebKit-CSP-Report-Only
X-LB-Cache
X-Forwarded-Proto
X-Mobile-URL
X-Nginx-Upstream-Cache-Status
X-Origin-Server
X-Distributor
X-Seen-By
X-Fastly-Request-Id
X-Rid
X-XRDS-LOCATION
X-Tb
Viewport
X-Type
X-App-Environment
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Flags
X-Goog-Generation
X-Request-Guid
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Type
X-Wix-Request-Id
X-FW-Hash
X-FW-Dynamic
X-Is-Crawler
X-GUploader-UploadID
X-Providence-Cookie
X-Route-Name
X-Whom
X-Goog-Stored-Content-Length
X-Aspnet-Duration-Ms
X-User-Agent
X-TT
Access-Control-Allow-Method
Country
DC
X-Varnish-Grace
Payment
Paypal-Debug-Id
Node
Fastcgi-Useragent
Accept-Charset
X-Ratelimit-Reset
TP-L2-Cache
TP-Cache
X-Fastly-Request-ID
X-Via-JSL
X-Cluster-Name
X-App-Server
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cache-Rule
X-Drupal-Cache-Tags
X-Webkit-Csp
X-Cache-Control
X-Signature
X-Buckets
X-B-Cache
Cache-Status
X-Contextid
Version
X-Cache-Age
X-Microsite
X-Request-Handler-Origin-Region
X-NGENIX-Cache
Amp-Access-Control-Allow-Source-Origin
Referer-Policy
X-Node-Name
X-Varnish-Backend
Refresh
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Load-Cache
NGB
VIX-Pulpo-Upstream-Status
X-TEC-API-ORIGIN
X-Mobile
X-Original-Request-Id
VIX-Pulpo-Node
SD-X-WS
X-Logged-In
X-Response-Served-From
X-Proxy-Cache-Status
X-Real-IP
X-Browser-Type
X-Vgn-Hpd-Reason
X-Erf-Bev-Bev
X-Is-Bot
X-Revision
X-Jobs
X-Rendered-As
X-Erf-Bev-Bev-Is-Generated
X-Page-View
X-Yottaa-Optimizations
X-Cache-Expired-At
X-Cache-Action
X-B
X-Cacheable-TTL
Access-Control-Request-Headers
X-Yottaa-Metrics
Surrogate-Key
X-Debug
X-IPLB-Instance
X-Instance
X-Rule
X-Framework
X-Proxy
Akamai-GRN
X-FW-Version
X-Drupal-Cache-Contexts
X-Device-Type
X-Cache-Time
X-Accel-Buffering
X-UUID
X-G
X-Debug-IsConnected
X-Debug-IsPreview
X-RemovedCookies
X-ProcessESI
CF-IPCountry
X-Cache-NGX
X-Origin-Upstream-Status
GEO-INFO
X-Presslabs-Stats
X-RateLimit-Limit
SID
Count-Hit
Uber-Trace-Id
X-Nginx-Cache
X-Oneagent-Js-Injection
Protected
X-Cache-Operation
X-APP-VERSION
X-Zen-Fury
X-Source
X-Air-Hostname
X-Air-Source
X-EdgeConnect-Cache-Status
X-Air-Trace-Id
X-XRDS-Location
WPO-Cache-Message
WPO-Cache-Status
X-Hyper-Cache
X-Servername
X-Cache-TTL-Remaining
X-Ms-Request-Id
X-Cache-Hit
X-Ms-Version
Ec-Rule-Version
X-PressLabs-Stats
DynaTrace
Liferay-Portal
X-Azure-Ref
X-Trace-Id
Retry-After
Backend
X-IPS-LoggedIn
Content-Disposition
X-RTag
MS-CV
Healthy
Ms-Operation-Id
X-Mode
X-Adobe-Content
Url
X-Adobe-Loc
X-Cache-Grace
Cross-Origin-Window-Policy
Frame-Options
X-CDN-Forward
X-Backend-Name
Countrycode
X-Ratelimit-Remaining
X-Tumblr-Pixel
X-Unique-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Redis-Cache
X-Environment-Context
Country-Code
X-Detected-As
Meta-Geo
Xserver
X-L-Path
X-NewRelic-App-Data
X-Uri
X-Tid
X-Rewrite-Enabled
X-RN-RSRV
X-UPSTREAM-Address
Decoy-Debug-TTL
Eomportal-Instance
X-Content-Age
X-Zipkin-Id
X-Proxied
X-ShopId
X-Routing-Service
Decoy-Debug-Key
X-ShardId
Decoy-Debug-Status
X-Alternate-Cache-Key
X-Sql-Count
X-Sorting-Hat-ShopId
X-Extlb
X-Format
X-Cache-Server
X-Sorting-Hat-PodId
X-Generated-By
X-Hosted-By
X-FB-TRIP-ID
X-Varnish-Server
X-Generation-Time
X-Sql-Duration-Ms
X-Shopify-Stage
X-Debug-Cache
X-OCL
Azure-SlotName
X-NYM-Debug-Backend
X-Origin-Date
X-PERF
Azure-Version
Azure-SiteName
X-PHP-Backend
X-Nginx-Cache-Key
X-PCL
CDN-CachedAt
X-ApacheServer
X-Forwarded-Host
X-Akamai-Edgescape
X-Access
X-Human
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
Cache-Name
X-NCache
CDN-Cache
Mn-Server-Ip
CDN-PullZone
CDN-EdgeStorageId
Apigw-Requestid
X-Region
X-Via-Fastly
TWC-Privacy
Webcakes-App-Name
X-ServerID
X-Web-Node
Azure-RegionName
Azure-InstanceId
Webcakes-App-Version
X-Cache-Host
X-UA-Device-Type
X-Status
X-Site-Version
X-Server-W
X-Pubstack
X-Cluster-Node
X-Origin-Hint
TWC-Locale-Group
Webcakes-Region
X-Say-Cacheable
Content-Secure-Policy
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
X-Say-TTL
X-Section
TWC-Device-Class
TWC-GeoIP-LatLong
X-SayCDN-TTL
Selected-Fe
X-ProxyCache-Status
Cache-Tv-Group
X-TIME
X-Cache-Type
X-BYPASS-REASON
X-Be
X-Storage
X-ProxyCache-Key
LB
X-Proxy-Build
X-No-Session
X-Microcachable
X-Cache-Remote
Fastly-SSL
X-Content-Powered-By
X-Timing-Wait
X-Soup
X-SaId
X-JoinUs
X-Hl-Ver
X-Varnishpool
X-Varnish-Beresp-Grace
X-Ua
X-R9-Blue-Green-Version
Section-Io-Cache
X-LSADC-Cache
X-Platform-Server
X-Cached-By
DB-Nickname
X-Cache-Tags
X-Xfnlog-Site
X-Bc-Bl
From-Origin
X-NWS-UUID-VERIFY
X-Akamai-Transformed
Upgrade-Insecure-Requests
Xet-Cookie
Mime-Version
ServedBy
X-Dc
X-AOL-HN
Cache
OT-Force-Account-Verify
X-Auto-Login
X-GEO
X-Varnish-Cache-Hits
X-Akamai-Request-ID2
X-TT-LOGID
X-ECache
X-Request-Time
X-Http-Reason
S-Rt
X-Origin-TTL
X-Cdn
X-Origin-CC
Source
HostName
WP-Super-Cache
SRV
X-Request-Host
X-Azure-Ref-OriginShield
X-LAGOON
X-Cache-Enabled
X-CSRF-Token
X-Varnish-Hits
X-Handled-By
Cache-Hits
X-Varnish-Hostname
X-TNCMS
X-Loop
Webserver
Onion-Location
Server-Info
X-Mg-Request-UUID
Accept-Language
X-S-Maxage
X-HTML-Minification-Powered-By
X-Adobe-Source
X-SRV
X-FireWall-Port
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Reqid
X-GG-Cache-Date
X-Tumblr-Pixel-3
Fastly-Drupal-Html
Nel
Web-Mar-Node
X-Tumblr-Pixel-2
X-Amz-Meta-S3cmd-Attrs
X-Origin-Response-Time
X-Locale
X-B3-SpanId
X-Magnolia-Registration
X-EC-Lua
X-Time
N-Cache
X-D
X-PHP-Host
X-Connection-Hash
X-Conf
X-Ckpd-Fst-Backend
X-CF-Lambda-Fn
X-Cluster
X-Labrador-Cache-Channel
X-CF-Lambda-Version
X-Developer
X-Forwarded-Path
X-External-Request-Id
X-Forwarded-Site
X-VG-WebCache
X-Ftr-Request-Id
X-Viewer-Country
X-Vtex-Processado-Em
A
X-Destination
X-Webstats-RespID
X-Shop-Environment
X-Epic-Correlation-Id
Xc-Version
X-Cache-Bucket
Vix-Hermes-Req-Id
V-Age
Fastcgi-X-Cache-Version
X-A
X-A-Ccd
Expiry
User-Cache-Control
Surrogated-Key
Odigeo-Trace-Id
Mobile-Detection-Method
Pramga
Rendered-Blocks
Sslversion
X-A-Dam
X-A-Dcw
X-Backend-TTL
X-B-Cookie
BehaviorPad-Version
X-Block-Status
X-Vdms-Version
X-ARC
X-Application
DCR-Decision-By
DCR-Processing-Time-Ms
X-A-Dgt
X-A-Wwc
X-Aed
X-Cache-NE
X-Vtex-Remote-Cache
X-Ig-Push-State
X-S
Meta-Geo-Continent
X-S-Cookie
X-Slack-Backend
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Orig-Expires
X-NAPM-TraceId
X-ND-Cache
X-Rojux
X-Men
X-Processor
X-Proxy-Upstream
X-Planisys-CDN-Cache
X-Tenant
X-Hnp-Log
X-TIM-N
X-PAYTM-SRV-ID
X-GeoIP-Region-Code
X-PBS-Appsvrname
X-GeoIP-Country-Code
X-SRCache-Key
X-Session-Fingerprint
X-Gen-Mode
X-ScT
X-Vdms-Path
X-V-Cache
X-SD-PageType
X-Req
X-Accel-Expires-Debug
X-Request-URI
X-Aicache-OS
X-Action
X-Sn-Servicetimems
X-Policy
X-RSL
X-Scheme
Svr
Origin-EX
Origin-CC
X-Server-IP
Origin
Traceparent
True-Client-Country-4JS
X-RPS
X-RPM
Wxu-Next-Region
Wxu-Next-Hostname
X-AWS-Id
Wxu-Next-Commit
X-Rocket-Nginx-Serving-Static
X-Origin
X-SVT-ORM-VERSION
X-HS-Content-Campaign-Id
X-Device-Os
X-DB
X-Date
X-Irp-Debug
X-SVT-ORM-RULES
X-VWS-Id
X-DI
X-Esi-Check
X-Fetched-On
X-Geo-Header
X-TH-Server
X-Gzip
X-DW
X-Hash
X-Core-Mission
X-LJ-Flow-ID
X-Gdpr
X-Cdn-Origin
X-Old-Content-Length
X-Cache-Info
X-Cache-Id
X-Origin-Expires
X-Cache-Date
X-Nyt-Route
X-Cache-Backend
Web-Mar-Region
X-Location
X-Mvc-Supplant-Cachable
X-Node-Id
X-Cdn-Srv
X-NodeID
X-Origin-Time
X-DSS
DSUID
Cmstype
Fastcgi-Cache-TTL
Fastly-GeoIP-CountryCode
Host-ID
AKAMAI
Cmsid
CDCHOST
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CacheControlHeader
Arc-Country
X-Proto
Gh-Request-Id
Machine
X-App-Version
X-Varnish-Ttl
X-Via-NSCOPI
X-Sigma-Backend
X-Platform
X-Datadog-Trace-Id
X-Region-Sid
X-DefElseHash
X-Sigma
X-Tx-Id
X-DPWN-IS-SECURE
X-Amzn-RequestId
X-Developers
X-Datadog-Parent-Id
X-DefHash
X-Csrf-Jwt
X-RateLimit-Remaining-Second
Adler-Geo
X-Time-Microsecs
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-Thinkindot-L3
X-Storefront-Renderer-Rendered
X-Correlation-ID
X-VC-Cache
X-CGP
X-Qloud-Router
X-Skip-Cache
X-Eu-Site
X-Amz-Apigw-Id
X-Is-Gdpr
X-Wix-Viewer-Type
X-HN
X-Has-Esi
X-JWT-State
X-Level-Front-Cache
X-Amzn-Remapped-Content-Length
X-Loc
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Rocket-Build-Number
X-GeoIP-City
X-Fastly-Backend
X-Fastly-Cache
X-Response-By
X-Owner
X-MP-GENERATED-AT
X-Served-From
X-Pod-Name
X-Generated-On
X-GeoIP
X-Worker
X-Restarts
X-Gamma-Serve
X-Edge-Location
X-Datadog-Sampling-Priority
X-Cache-Debug
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
CloudFront-Viewer-Country
Redirect-Candidate
Release
X-Varnish-CookieINHashed-On
Cf-Device-Type
HA-Ipaddr
Locid
Server-Host
Fastly-SIE
Fastly-SWR
Platform
We-Hiring
Ha-Gx-Prefs
PFcat
X-VG-TLSProxy
X-Varnish-CookieHashed-On
Mail-Subject
Edge-Cache
State
X-UnsetCookies
NM-Fastcgi-Cache
X-Branch-Name
L
Ssr
X-TrackingId
Is-Eu
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Variation
L5d-Success-Class
Thinkindot-CacheControl
Req-Svc-Chain
X-BBC-Edge-Cache-Status
X-VServer
X-ATG-Version
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
Environment
X-Xrds-Location
X-FC-Vary-Parameters
X-Core-Value
Memcached
Kp-EeAlive
X-Sucuri-ID
X-Sucuri-Cache
X-Minions-Version
X-Envoy-Decorator-Operation
X-TraceId
X-Srv
X-Ua-Device
X-NC
NGX
X-Mvc-Supplant-OutputCached
AMP-Access-Control-Allow-Source-Origin
X-Tb-Optimization-Total-Bytes-Saved
X-CLOUD-TRACE-CONTEXT
X-Zone
X-Generated-In
Env
X-LB-ID
CDN
X-CS
X-CacheTTL
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-LB-NoCache
X-API-Version
Magicmarker
X-Optimistic-Header
Ms-Author-Via
X-Trace-ID
X-Backend-State
X-Up
X-Varnish-Beresp-Ttl
X-Tt-Logid
X-Ec-GeoHdr
Pics-Label
X-User
X-Ec-Fail
X-Refresh
X-Cache-Var
X-Cache-Var-Map
X-TA-CDN-Provider
X-Edge-Pop
X-Request-Start
X-DC
WebServer
X-Via-Popn
Memory
X-Thanos
X-Via-Popv
X-Via-Poph
Time
X-Bip
X-Parent-Response-Time
X-Webkit-CSP
X-CACHE-KEY
Cdnsip
X-AK-Request-ID
X-HA-Backend
Cdncip
GeoIp-Country-Code
X-ZONE
X-Qnm-Cache
X-M-Log
X-M-Reqid
DataCenter
X-Servedbyhost
X-Cs
X-Varnish-Beresp-TTL
My-App
Cluster
X-Clara-WADP
X-Fmm-Version
X-WADP-Cache
X-Cache-Config
X-Esi
NtCoent-Length
Server-ID
X-MSEdge-Features
X-MSEdge-Flight
Candidate-Md5Url
X-CUA
X-Dynatrace
Datacenter
X-VCL-Version
Tracecode
T-Server
X-VC
X-Pass-Why
X-Traceid
Geoip-Latitude
Lang
X-Var-Ttl
X-From
X-Newrelic-Synthetics
X-Provided-By
X-DynaTrace-JS-Agent
X-TX-ID
X-Fragments
X-Cache-Ttl
Lfy
X-Fpc
X-Vc
X-B3-Spanid
Cf-Int-Pingora-Origin-Digest
WWW-Authenticate
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Webkit-Csp-Report-Only
X-LI-Proto
X-Li-Proto
Target-Params
X-FPC
On-Server
Esi-Enabled
X-Webkit-CSP-Report-Only
X-App
X-NODE
Proxy-Connection
Geo-Info
X-Vcl-Version
Permissions-Policy
X-RAMCache
X-Mcache
M-TraceId
Servername
X-Proxy-Cache-Info
Server-Id
X-Httpd
X-Service
C-Via
X-Cache-PHP
X-Datadome
X-RateLimit-Reset
Fastly-Drupal-HTML
Test
FSS-Cache
WZWS-RAY
X-Cache-Status-Check
X-Ha-Backend
Producers
X-Udemy-Cache-App-Namespace
X-CSRF-TOKEN
X-Api-Version
X-Render-Time
Resin-Trace
X-ID
X-SB
X-Pool
Hostname
X-ServedByHost
X-Ec-Custom-Error
X-LiteSpeed-Cache-Control
X-Platform-Router
X-Unique-ID
Hit
X-Platform-Cluster
X-Scale
GeoIP-Country-Code
X-Platform-Processor
X-Dynatrace-Js-Agent
X-URL
X-Geo
X-Akamai-Path-Stats
X-Via-PopH
X-Via-PopV
X-Dispatcher-Number
X-Edge-POP
X-Via-PopN
X-Cdn-Forward
MD5-Digest
X-Cms-Context
MIME-Version
X-SIPLIST1
IsBot
X-Edge-Cache
X-NGINX-Cache
X-Via-Ucdn
Uri
Server-Ext
Server-Hostname
X-Clientip
X-Fastly-Backend-Reqs
Sever-Int
X-HS-Status
X-Pad
ENV
X-ElasticPress-Query
X-Ucs
ServerName
X-Wikidot-Backend
X-Fetch-By
X-Lb-Nocache
X-Cache-CFC
X-Cache-Expires
PICS-Label
X-Acquia-Site
X-Wikidot-Static-Cache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-BBC-Origin-Response-Status
X-UP
X-Oss-Storage-Class
X-Oss-Server-Time
HIT
X-Check-Cacheable
X-GoCache-CacheStatus
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Id
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MG-S
UCS
Cneonction
Server-Ttl
Tcn
X-TRACE-ID
X-Fastly-Cache-Hits
S-Cnection
X-Cdn-Request-ID
URI
X-Lb-Id
X-Nc
X-GeoCode
Load-Balancing
X-Swift-Error
X-LiteSpeed-Tag
X-GeoCountry
Cache-Host
X-Dw-Trace-Id
Client
X-B3-ParentSpanId
X-Newrelic-App-Data
Path
X-Snapshot-Date
X-Varnish-Authentication
Wpo-Cache-Message
X-Vcache
X-Amz-Meta-Cb-Modifiedtime
GeoIP-Latitude
X-WA-Info
Ngx
Vha6-Origin
Cache-Key
Wpo-Cache-Status
X-Contensis-Viewer-Groups
Cf-Ipcountry
X-BCube-Filmed-By
X-Cache-ASPX
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Cteonnt-Length
CF-Cached-On
X-Ad-Defer-Variation
X-Cache-Ngx
X-HostName
X-Air-Pt
Sid
X-Midtier
X-Request-Url
XM
X-Yottaa-OS
CPC-Cache
VNS-Cache
VNS-Age
X-Dist-Code
Cdn
CPC-Age
X-UA
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
Req-ID
X-Micro-Cache
X-Sentry-ID
X-Info
X-Logging-Id
CountryCode
X-AIR-PT
X-Last-Modified
X-B3-Parentspanid
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
User-Agent
X-CacheKey
X-Akamai-Pragma-Client-IP
X-Akamai-Request-ID
X-Shopify-Generated-Cart-Token
Inserted-Into-Cache-At