Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
X-LiteSpeed-Cache
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Server-Id
X-Host
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
Content-Location
Rating
X-Country
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
Allow
X-PC
X-Vname
X-TtlSet
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-FastCGI-Cache
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Language
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
MS-Author-Via
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Aws-Lambda-Call-Status
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Template
X-ORACLE-DMS-ECID
X-Cnection
X-ORACLE-DMS-RID
X-Origin-Cache
X-Px
Arr-Disable-Session-Affinity
X-Country-Code
RTSS
Access-Control-Request-Method
X-Navigation-Version
X-Goog-Hash
X-Powered-By-Plesk
X-NF-Request-ID
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
Accept-Ch
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Version
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Powered-CMS
X-Middleton-Display
X-Sol
Pagespeed
Display
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
AR-CACHE
X-Amz-Server-Side-Encryption
Response
X-Middleton-Response
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
X-LLID
X-Kinsta-Cache
X-Edge
X-Edge-Location-Klb
Nginx-Cache
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-TTL
X-RateLimit-Remaining
X-Protected-By
X-Shield-Request-Id
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
TCN
X-T
X-Buckets
X-Forwarded-For
S
X-Content-Security-Policy-Report-Only
X-Mg-S
Content-MD5
X-Id
X-Aspnetmvc-Version
X-Mid
Edge-Cache-Tag
Realpath
Fastcgi-Cache
X-CST
SPIisLatency
SPRequestDuration
Front-End-Https
X-MCACHE
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Pinterest-Version
X-Pinterest-Rid
Filters
X-Ttl
Pinterest-Generated-By
Server-Node
X-Ua-Browser
X-Content
X-Ab
X-DynaTrace
Server-Name
X-Frontend
X-NWS-LOG-UUID
X-Parallel-Accel
SPRequestGuid
X-SharePointHealthScore
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-Correlation-Id
X-Ezoic-Cdn
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-ECACHE
X-Hits
Alternate-Protocol
X-Ser
X-Cache-Key
X-Content-Options
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Page-Id
Cache-Tags
X-Kong-Upstream-Latency
X-Git-Hash
X-B3-Sampled
Host
X-Kong-Proxy-Latency
Charset
Cleartype
X-Fastly-Request-Id
X-Www-Served-By
X-Ruxit-Js-Agent
X-Accel-Expires
X-Daa-Tunnel
X-Geo-Country
X-DIS-Request-ID
X-Content-Digest
X-Amzn-Trace-Id
X-Amz-Replication-Status
Filterid
X-XRDS-LOCATION
X-Debug-Info
X-Varnish-Age
TP-L2-Cache
TP-Cache
X-Forwarded-Proto
X-Hostname
X-AppVersion
X-Activity-Id
X-Az
X-Upgrade-Enabled
X-FB-Debug
X-VCache
X-Rid
X-Origin-Server
X-Grace
Access-Control-Allow-Method
Cross-Origin-Opener-Policy
X-Ratelimit-Limit
X-N
X-LB-Cache
X-WebKit-CSP-Report-Only
X-Nginx-Upstream-Cache-Status
X-F-Cache
X-Mobile-URL
ServerID
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
X-Flags
X-Aspnet-Duration-Ms
X-Whom
X-TT
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Viewport
X-Varnish-Grace
X-Tb
X-App-Environment
Payment
X-Distributor
X-App-Server
X-FW-Static
Node
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-Origin-Upstream-Status
DC
X-Seen-By
Paypal-Debug-Id
X-Server-ID
X-Type
X-NGENIX-Cache
X-User-Agent
Fastcgi-Useragent
X-Cache-Control
Accept-Charset
Country
X-Logged-In
X-Microsite
X-Request-Handler-Origin-Region
X-Wix-Request-Id
X-Cache-Rule
X-Litespeed-Cache
X-Cache-Age
Version
X-Via-JSL
X-Webkit-CSP
Referer-Policy
X-DataDome
X-Browser-Type
X-Drupal-Cache-Tags
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Cluster-Name
X-Load-Cache
X-Node-Name
Refresh
X-B-Cache
X-Contextid
X-Signature
X-Mobile
X-Tec-Api-Root
X-Response-Served-From
SD-X-WS
X-Tec-Api-Version
Access-Control-Request-Headers
Amp-Access-Control-Allow-Source-Origin
X-Cache-Action
X-Original-Request-Id
X-Tec-Api-Origin
Cache-Status
X-Cacheable-TTL
X-Cache-Expired-At
X-Real-IP
X-Proxy-Cache-Status
X-Vgn-Hpd-Reason
X-Rendered-As
X-Page-View
X-IPLB-Instance
X-Jobs
X-Is-Bot
NGB
X-B
X-RemovedCookies
X-UUID
X-ProcessESI
X-Revision
X-Debug
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Instance
X-Device-Type
X-Yottaa-Metrics
X-Proxy
X-Yottaa-Optimizations
X-Rule
X-Fastly-Request-ID
X-G
X-Framework
X-Drupal-Cache-Contexts
Surrogate-Key
Akamai-GRN
X-Cache-Time
X-Debug-IsPreview
X-Debug-IsConnected
X-FW-Version
CF-IPCountry
X-Fastcgi-Cache
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
DynaTrace
SID
X-TEC-API-VERSION
X-Ratelimit-Reset
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Liferay-Portal
X-Azure-Ref
X-PressLabs-Stats
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Healthy
X-Presslabs-Stats
X-Nginx-Cache
GEO-INFO
Frame-Options
X-Ms-Version
X-Source
X-Ms-Request-Id
Count-Hit
MS-CV
X-Cache-Operation
X-RTag
Ms-Operation-Id
X-CDN-Forward
X-Oneagent-Js-Injection
Uber-Trace-Id
X-APP-VERSION
X-Accel-Buffering
X-EdgeConnect-Cache-Status
X-Cache-Hit
X-Environment-Context
X-L-Path
X-Tumblr-Pixel-1
Countrycode
Xserver
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-XRDS-Location
X-Varnish-Server
X-Zen-Fury
X-Region
Ec-Rule-Version
X-Backend-Name
X-Mode
Backend
X-Servername
Cross-Origin-Window-Policy
X-Forwarded-Host
X-Cache-NGX
X-Content-Powered-By
X-IPS-LoggedIn
Section-Io-Cache
X-Cache-Type
X-UPSTREAM-Address
X-Detected-As
X-JoinUs
X-SaId
X-Cache-TTL-Remaining
X-RN-RSRV
Protected
Meta-Geo
X-Generation-Time
X-Tid
Apigw-Requestid
Country-Code
X-Debug-Cache
X-Sql-Count
Decoy-Debug-Key
Decoy-Debug-Status
X-Proxied
X-Cache-Grace
Eomportal-Instance
Decoy-Debug-TTL
X-Rewrite-Enabled
X-Routing-Service
X-Alternate-Cache-Key
X-Cache-Server
X-Sql-Duration-Ms
X-Hosted-By
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Redis-Cache
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Grace
X-Uri
X-Zipkin-Id
X-ShopId
X-Human
X-Extlb
X-ShardId
Cache-Name
X-ProxyCache-Status
X-ApacheServer
X-Microcachable
X-ProxyCache-Key
Url
X-BYPASS-REASON
Mn-Server-Ip
X-No-Session
X-NCache
X-PHP-Backend
X-Origin-Date
X-ServerID
X-Soup
X-PERF
Cache-Tv-Group
Fastly-SSL
X-UA-Device-Type
X-FB-TRIP-ID
X-Status
X-Via-Fastly
X-Site-Version
X-Storage
TWC-Device-Class
X-Web-Node
TWC-GeoIP-Country
Property-Id
Selected-Fe
TWC-Connection-Speed
DB-Nickname
Webcakes-App-Version
X-Say-TTL
X-Format
X-Cache-Host
X-NYM-Debug-Backend
X-SayCDN-TTL
X-PCL
X-Server-W
X-Timing-Wait
X-OCL
X-Akamai-Edgescape
TWC-Privacy
TWC-Locale-Group
X-Proxy-Build
Webcakes-App-Name
X-Origin-Hint
X-Say-Cacheable
X-Adobe-Content
Webcakes-Region
TWC-GeoIP-LatLong
X-Adobe-Loc
X-NewRelic-App-Data
X-Access
X-Cluster-Node
X-Section
X-Varnishpool
Azure-SlotName
X-Pubstack
X-R9-Blue-Green-Version
OT-Force-Account-Verify
X-Hl-Ver
X-Content-Age
Azure-SiteName
Azure-Version
Azure-InstanceId
Azure-RegionName
X-RateLimit-Limit
X-Be
Content-Secure-Policy
X-LSADC-Cache
X-Hyper-Cache
X-Ua
SRV
CDN-RequestCountryCode
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestId
CDN-Uid
CDN-Cache
X-Azure-Ref-OriginShield
X-Generated-By
X-Webkit-Csp
X-TIME
Content-Disposition
X-Cached-By
Source
X-Trace-Id
X-Unique-Id
LB
X-Dc
Cache
WPO-Cache-Status
WPO-Cache-Message
X-Nginx-Cache-Key
X-Bc-Bl
X-Ratelimit-Remaining
X-App-Version
X-SRV
X-LAGOON
X-HTML-Minification-Powered-By
Retry-After
X-Varnish-Hits
X-Auto-Login
Cache-Hits
Xet-Cookie
X-Varnish-Hostname
X-Akamai-Transformed
X-TT-LOGID
X-GEO
X-Origin-TTL
X-Origin-CC
X-Loop
X-TNCMS
X-Amz-Meta-S3cmd-Attrs
Mime-Version
X-S-Maxage
Onion-Location
X-ECache
HostName
X-Platform-Server
X-CSRF-Token
Web-Mar-Node
X-Cache-Var-Map
X-Cache-Var
X-Xfnlog-Site
X-Tumblr-Pixel-3
X-Cdn
X-Tumblr-Pixel-2
X-CLOUD-TRACE-CONTEXT
X-Correlation-ID
X-Proto
Webserver
X-Time
X-Cache-Tags
X-Cache-Remote
Upgrade-Insecure-Requests
X-Time-Microsecs
X-Tenant
X-Endurance-Cache-Level
X-Edge-Location
X-Varnish-Cache-Hits
ServedBy
X-Request-Time
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-EC-Lua
X-GG-Cache-Date
N-Cache
X-AOL-HN
CloudFront-Viewer-Country
X-Mg-Request-UUID
X-Qnm-Cache
X-Request-Host
X-M-Log
X-M-Reqid
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Labrador-Cache-Channel
X-PHP-Host
From-Origin
X-B3-SpanId
X-FireWall-Port
WP-Super-Cache
X-Via-NSCOPI
BehaviorPad-Version
Surrogated-Key
Sslversion
A
Rendered-Blocks
X-TIM-N
X-SVT-ORM-VERSION
X-A
X-V-Cache
V-Age
User-Cache-Control
Pramga
L
Xc-Version
X-Vtex-Processado-Em
Origin
Odigeo-Trace-Id
Meta-Geo-Continent
X-Vtex-Remote-Cache
Fastcgi-X-Cache-Version
Expiry
X-Vdms-Version
X-Vdms-Path
Mobile-Detection-Method
DCR-Decision-By
X-VG-WebCache
DSUID
DCR-Processing-Time-Ms
CDCHOST
X-Session-Fingerprint
X-Forwarded-Path
X-Rojux
X-Processor
X-Ftr-Request-Id
X-External-Request-Id
X-Developer
X-Connection-Hash
X-D
X-S
X-Destination
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-NAPM-TraceId
X-ND-Cache
X-Origin-Response-Time
X-Orig-Expires
X-PAYTM-SRV-ID
X-Ig-Push-State
X-Gen-Mode
X-Hnp-Log
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-Conf
X-Cluster
X-A-Wwc
X-Aed
X-Shop-Environment
X-Application
X-A-Dgt
X-A-Dcw
X-SVT-ORM-RULES
X-SRCache-Key
X-Slack-Backend
X-A-Dam
X-SD-PageType
X-ARC
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cache-Date
X-Block-Status
X-B-Cookie
X-ScT
X-S-Cookie
X-A-Ccd
Redirect-Candidate
X-RCS-CacheZone
X-CACHE-KEY
Nel
X-Locale
X-Handled-By
X-MP-GENERATED-AT
X-Forwarded-Site
X-Fastly-Cache
Origin-CC
X-Device-Os
X-Epic-Correlation-Id
X-Fetched-On
X-Geo-Header
X-Varnish-Beresp-Status
Fastcgi-Cache-TTL
X-Li-Fabric
X-Li-Pop
X-HN
Gh-Request-Id
Origin-EX
Wxu-Next-Commit
X-Hash
X-Gdpr
Release
True-Client-Country-4JS
Traceparent
X-Cache-Bucket
Svr
X-Aicache-OS
Vix-Hermes-Req-Id
Wxu-Next-Hostname
Wxu-Next-Region
X-Accel-Expires-Debug
State
Ssr
X-Webstats-RespID
X-LI-UUID
PFcat
X-Core-Mission
X-VarnishDD-TTL
X-VServer
X-Cache-Info
X-Cdn-Srv
X-Date
Host-ID
X-Location
AKAMAI
X-Sucuri-Cache
X-Owner
Arc-Country
X-Origin-Expires
X-Origin-Time
X-Storefront-Renderer-Rendered
X-Policy
X-Served-From
X-Server-IP
X-Scheme
X-Rocket-Nginx-Serving-Static
X-Proxy-Upstream
X-Skip-Cache
CacheControlHeader
X-Sucuri-ID
Cmstype
Cmsid
X-NodeID
X-Nyt-Route
Server-Info
X-Men
X-Mvc-Supplant-Cachable
X-Old-Content-Length
Fastly-Drupal-Html
X-VC-Cache
Environment
X-NWS-UUID-VERIFY
AMP-Access-Control-Allow-Source-Origin
X-Req
X-Branch-Name
X-Cache-Debug
X-Reqid
X-Cache-Config
X-Rocket-Build-Number
X-Adobe-Source
X-Level-Front-Cache
X-Sigma-Backend
X-Sigma
X-Irp-Debug
X-VG-TLSProxy
X-ATG-Version
X-Request-Start
X-Region-Sid
X-Bip
X-Platform
X-Thinkindot-L3
X-GeoIP-City
X-Thanos
X-TH-Server
X-Esi-Check
X-Fastly-Backend
X-Gamma-Serve
X-GeoIP
X-TrackingId
X-Developers
X-Gzip
X-Sn-Servicetimems
X-Generated-On
X-Cdn-Origin
X-HS-Content-Campaign-Id
X-Node-Id
X-Core-Value
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Cache-Id
X-BBC-Edge-Cache-Status
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Viewer-Country
X-RateLimit-Limit-Second
Thinkindot-Control
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-UnsetCookies
X-RateLimit-Remaining-Second
HA-Ipaddr
Locid
Req-Svc-Chain
Ha-Gx-Prefs
X-Backend-State
Fastly-GeoIP-CountryCode
X-CGP
X-Csrf-Jwt
Server-Host
X-Eu-Site
X-Envoy-Decorator-Operation
Apple-News-Services-Host
L5d-Success-Class
X-Magnolia-Registration
Machine
Apple-News-Services-Handled
X-Cache-Enabled
We-Hiring
X-Request-URI
Web-Mar-Region
Mail-Subject
X-Zone
Platform
X-Response-By
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Varnish-Remaining-TTL
X-Loc
X-Varnish-CookieHashed-On
Fastly-SWR
NM-Fastcgi-Cache
NGX
Fastly-SIE
X-DPWN-IS-SECURE
X-JWT-State
X-Worker
X-Is-Gdpr
X-DefHash
X-Variation
X-Rebelmouse-Surrogate-Control
X-Origin
Cf-Device-Type
X-Rebelmouse-Cache-Control
X-Qloud-Router
Adler-Geo
X-Pod-Name
X-Amzn-Remapped-Content-Length
X-NU-AKA-ACS-Version
X-FC-Vary-Parameters
X-Has-Esi
Memcached
Is-Eu
X-Xrds-Location
X-Datadome
X-Tx-Id
X-Mvc-Supplant-OutputCached
X-Backend-TTL
X-Ua-Device
X-CS
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-LB-ID
X-NC
X-API-Version
X-Up
CDN
Candidate-Md5Url
Pics-Label
X-Generated-In
X-Varnish-Beresp-Ttl
Datacenter
X-TraceId
X-DynaTrace-JS-Agent
Magicmarker
S-Rt
X-Trace-ID
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
WWW-Authenticate
Kp-EeAlive
X-Vc
X-LB-NoCache
Env
X-Edge-Pop
On-Server
X-Restarts
NtCoent-Length
X-Optimistic-Header
WebServer
X-Via-Popn
Time
X-Via-Popv
Esi-Enabled
X-Via-Poph
X-Varnish-Ttl
GeoIp-Country-Code
Memory
X-Akamai-Request-ID2
X-Http-Reason
X-Cache-Backend
X-Refresh
X-DW
Edge-Cache
X-DB
X-Varnish-Beresp-TTL
X-RSL
X-RPM
X-RPS
X-TA-CDN-Provider
X-DI
X-Wix-Viewer-Type
X-Action
X-DSS
X-Srv
X-CacheTTL
X-Service
C-Via
X-DC
X-Dynatrace
X-Newrelic-Synthetics
X-Esi
X-Cs
X-Servedbyhost
X-Minions-Version
X-Cache-PHP
X-Parent-Response-Time
X-MSEdge-Features
X-ZONE
X-Unique-ID
X-MSEdge-Flight
Accept-Language
X-TX-ID
X-Render-Time
X-HA-Backend
X-Cache-Status-Check
Server-ID
X-Urbn-Site-Id
X-Li-Proto
Locale
X-Urbn-Context-Path
X-User
X-App
X-Ec-GeoHdr
X-Ec-Fail
X-FPC
X-Cache-Ttl
X-VCL-Version
Proxy-Connection
X-URL
X-B3-Spanid
X-Vcl-Version
Test
X-LI-Proto
X-Fpc
X-Webkit-Csp-Report-Only
X-Info
Server-Id
X-AIR-PT
X-Pass-Why
X-LiteSpeed-Cache-Control
X-Traceid
X-Clientip
X-NODE
X-Webkit-CSP-Report-Only
Tcn
X-AK-Request-ID
Cache-Host
X-Oss-Hash-Crc64ecma
HIT
Cdnsip
Cdncip
UCS
Geo-Info
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
Cluster
My-App
X-Fmm-Version
S-Cnection
X-WADP-Cache
Geoip-Latitude
M-TraceId
X-Clara-WADP
Fastly-Drupal-HTML
Tracecode
Cf-Int-Pingora-Origin-Digest
X-CUA
X-LiteSpeed-Tag
Resin-Trace
X-Var-Ttl
X-Ha-Backend
X-HostName
X-CSRF-TOKEN
X-ID
X-From
T-Server
X-Micro-Cache
Lfy
Fastly-Backend-Name
X-ServedByHost
User-Agent
Hostname
X-Release
X-Mcache
X-RAMCache
Lang
X-Fragments
X-Backend-Host
Section-Io-Id
X-BBC-Origin-Response-Status
GeoIP-Country-Code
X-Pad
Ohc-File-Size
Section-Io-Origin-Time-Seconds
X-Via-PopH
Section-Origin-Responded
X-Via-PopN
Hit
X-Via-PopV
Section-Io-Origin-Status
DataCenter
X-Dynatrace-Js-Agent
X-Geo
X-Cdn-Forward
Lb
Target-Params
X-WP-CF-Super-Cache-Cache-Control
X-Edge-POP
X-WP-CF-Super-Cache
X-BCube-Filmed-By
X-ElasticPress-Query
MIME-Version
X-APP
ENV
X-Check-Cacheable
X-VC
X-Edge-Cache
X-HS-Status
X-Api-Version
Load-Balancing
X-NGINX-Cache
X-Amz-Meta-Cb-Modifiedtime
VNS-Age
VNS-Cache
X-Ucs
Cache-Key
Servername
Uri
X-ServerName
X-UP
CPC-Cache
CPC-Age
X-Fastly-Backend-Reqs
Path
X-WA-Info
EpKe-Alive
URI
X-WA
X-ES-SERVER
X-Wikidot-Static-Cache
PICS-Label
X-Httpd
X-Proxy-Cache-Info
X-Wikidot-Backend
FSS-Cache
X-Fastly-Cache-Hits
Permissions-Policy
X-Lb-Nocache
X-GoCache-CacheStatus
X-TRACE-ID
X-Akamai-ERPolicy
WZWS-RAY
Pagetype
X-RateLimit-Reset
Cdn
X-B3-ParentSpanId
X-Provided-By
Cteonnt-Length
ServerName
Ohc-Cache-HIT
X-Lb-Id
X-Akamai-ERRuleID
Producers
X-PJAX-URL
X-Cms-Context
Cneonction
X-Cdn-Request-ID
Shield-Pop
X-Nc
X-Dw-Trace-Id
X-Acquia-Site
X-Cache-ASPX
X-Pool
Cf-Ipcountry
X-Via-Ucdn
X-Yottaa-OS
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Apw-Access-Action
X-SB
X-Hcs-Proxy-Type
X-Apw-Access-Object
Srv
X-Newrelic-App-Data
X-Akamai-Pragma-Client-IP
MD5-Digest
X-Apw-Hits
X-Acquia-Purge-Tags
Vha6-Origin
CF-Cached-On
Server-Ttl
X-Cache-CFC
X-Vcache
X-Swift-Error
X-CCDN-Origin-Time
X-Contensis-Viewer-Groups
X-CCDN-CacheTTL
X-Snapshot-Date
X-Apw-Access-Token
X-Cache-Ngx
Sid
X-Air-Pt
W
X-CacheKey
X-UA
Req-ID
Sever-Int
X-Platform-Router
X-Udemy-Cache-App-Namespace
X-SIPLIST1
X-Platform-Cluster
X-Logging-Id
X-B3-Parentspanid
Server-Hostname
X-Platform-Processor
X-Last-Modified
X-Te-Count
X-Te-Duration-Ms
X-Http-Duration-Ms
X-Http-Count
Ngx
X-Sentry-ID
X-VG-WebServer
X-Miniprofiler-Ids
Server-Ext
CountryCode
IsBot
X-Varnish-Authentication