Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-Ua-Compatible
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
X-Ruxit-JS-Agent
Rating
X-Country
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
X-PC
X-Vname
X-TtlSet
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-FastCGI-Cache
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-Aws-Lambda-Call-Status
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-GitHub-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Px
X-Navigation-Version
RTSS
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-Goog-Hash
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Kinja-Revision
Accept-Ch
X-Origin-Cache
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
AR-SID
X-Powered-CMS
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Version
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
Nginx-Cache
X-TTL
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Protected-By
X-RateLimit-Remaining
TCN
X-HP-Webp
X-T
X-HP-Trace-Id
X-Jurisdiction
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
S
Content-MD5
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
X-CST
SPRequestDuration
Front-End-Https
SPIisLatency
Realpath
X-Language
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Pinterest-Version
Filters
X-Ttl
X-Pinterest-Rid
Pinterest-Generated-By
Server-Node
X-MCACHE
X-Ua-Browser
Server-Name
X-Content
X-Ab
X-Correlation-Id
X-DynaTrace
X-Frontend
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Ser
X-SharePointHealthScore
SPRequestGuid
X-Ezoic-Cdn
X-Hits
X-ECACHE
X-Template
X-Parallel-Accel
Alternate-Protocol
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-Cache-Key
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
Cache-Tags
X-Kong-Proxy-Latency
X-Content-Options
X-Page-Id
X-B3-Sampled
Charset
Cleartype
Host
X-Www-Served-By
X-Git-Hash
X-Fastly-Request-Id
X-Server-ID
X-Geo-Country
X-Debug-Info
X-DIS-Request-ID
X-Daa-Tunnel
X-Webkit-CSP
X-Amzn-Trace-Id
X-Ratelimit-Limit
X-Content-Digest
X-Amz-Replication-Status
Filterid
X-Varnish-Age
X-Accel-Expires
X-AppVersion
X-Activity-Id
X-Hostname
X-Az
X-Forwarded-Proto
X-FB-Debug
X-VCache
X-Upgrade-Enabled
TP-Cache
TP-L2-Cache
X-Grace
X-Rid
X-WebKit-CSP-Report-Only
X-Origin-Server
Cross-Origin-Opener-Policy
Access-Control-Allow-Method
X-N
X-F-Cache
X-Nginx-Upstream-Cache-Status
ServerID
X-XRDS-LOCATION
X-Mobile-URL
X-LB-Cache
X-Aspnet-Duration-Ms
X-Flags
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-Whom
X-TT
X-App-Environment
Viewport
X-Varnish-Grace
X-GUploader-UploadID
X-Goog-Metageneration
X-Type
X-Goog-Generation
X-Seen-By
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Tb
X-Goog-Stored-Content-Length
Node
Payment
X-FW-Hash
X-FW-Type
X-FW-Server
X-Distributor
X-FW-Serve
X-FW-Static
X-FW-Dynamic
Paypal-Debug-Id
DC
X-App-Server
X-User-Agent
Fastcgi-Useragent
Accept-Charset
X-Oneagent-Js-Injection
X-NGENIX-Cache
Country
X-Cache-Control
X-Origin-Upstream-Status
X-Wix-Request-Id
X-DataDome
X-Cache-Rule
X-Litespeed-Cache
X-Logged-In
Version
X-Request-Handler-Origin-Region
X-Microsite
X-Via-JSL
X-Drupal-Cache-Tags
Referer-Policy
X-Cache-Age
X-Ratelimit-Reset
Refresh
X-Cluster-Name
X-Signature
X-Load-Cache
X-Varnish-Backend
X-B-Cache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Contextid
Cache-Status
X-Node-Name
VIX-Pulpo-Upstream-Status
Amp-Access-Control-Allow-Source-Origin
SD-X-WS
VIX-Pulpo-Node
X-Original-Request-Id
X-Buckets
X-Response-Served-From
X-Tec-Api-Origin
X-Tec-Api-Root
X-Mobile
X-Vgn-Hpd-Reason
X-Cache-Expired-At
X-Real-IP
X-Is-Bot
X-Rendered-As
X-Page-View
X-Tec-Api-Version
X-Debug
X-Proxy-Cache-Status
X-Jobs
X-Cacheable-TTL
X-B
NGB
Access-Control-Request-Headers
X-ProcessESI
X-IPLB-Instance
X-Instance
X-Device-Type
X-RemovedCookies
X-Proxy
X-Revision
X-Yottaa-Optimizations
X-UUID
X-Yottaa-Metrics
X-Rule
Akamai-GRN
Surrogate-Key
X-Fastly-Request-ID
X-Drupal-Cache-Contexts
X-Cache-Action
X-Debug-IsConnected
X-Debug-IsPreview
X-Framework
X-Cache-Time
X-FW-Version
X-G
X-Fastcgi-Cache
X-Air-Hostname
X-Air-Trace-Id
CF-IPCountry
X-Air-Source
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
DynaTrace
X-XRDS-Location
X-Oracle-Dms-Rid
Liferay-Portal
SID
X-Azure-Ref
X-Oracle-Dms-Ecid
X-Presslabs-Stats
X-PressLabs-Stats
GEO-INFO
X-Source
X-Accel-Buffering
X-Ms-Request-Id
X-Ms-Version
Count-Hit
Healthy
X-Nginx-Cache
Frame-Options
Uber-Trace-Id
Ms-Operation-Id
X-Cache-Operation
X-APP-VERSION
MS-CV
X-RTag
X-CDN-Forward
X-EdgeConnect-Cache-Status
X-Cache-NGX
X-Zen-Fury
Countrycode
Xserver
X-Varnish-Server
X-Tumblr-Pixel
X-Cache-Hit
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-L-Path
X-Environment-Context
X-Mode
X-Backend-Name
Protected
Ec-Rule-Version
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Forwarded-Host
X-Servername
X-Region
X-Cache-TTL-Remaining
X-Rewrite-Enabled
Backend
X-Detected-As
X-Tid
X-SaId
Meta-Geo
X-UPSTREAM-Address
X-RN-RSRV
X-JoinUs
X-Content-Powered-By
X-Adobe-Loc
X-Hosted-By
X-ShardId
Apigw-Requestid
X-Adobe-Content
X-Cache-Grace
Country-Code
X-Sql-Count
X-Uri
Eomportal-Instance
Decoy-Debug-TTL
X-Ratelimit-Remaining
Decoy-Debug-Status
X-Sql-Duration-Ms
X-Zipkin-Id
X-Proxied
X-Redis-Cache
X-Alternate-Cache-Key
X-Routing-Service
X-Shopify-Stage
X-Debug-Cache
X-ShopId
X-Extlb
X-Sorting-Hat-ShopId
X-Generation-Time
X-Cache-Server
X-Sorting-Hat-PodId
Decoy-Debug-Key
X-PHP-Backend
X-ApacheServer
X-ServerID
X-PERF
X-Hyper-Cache
Mn-Server-Ip
X-Via-Fastly
X-Site-Version
X-Varnish-Beresp-Grace
X-Human
X-FB-TRIP-ID
Cache-Name
Fastly-SSL
X-No-Session
X-Status
X-NCache
X-Format
X-Origin-Date
Url
Section-Io-Cache
X-Content-Age
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
TWC-Device-Class
X-UA-Device-Type
TWC-Connection-Speed
Cache-Tv-Group
X-Server-W
X-Storage
X-NewRelic-App-Data
X-Section
Selected-Fe
Property-Id
X-Timing-Wait
Webcakes-Region
X-PCL
X-Cache-Type
X-Access
X-Origin-Hint
X-Cluster-Node
X-Microcachable
X-NYM-Debug-Backend
X-OCL
X-BYPASS-REASON
X-Cache-Host
X-Proxy-Build
X-Akamai-Edgescape
X-Pubstack
X-ProxyCache-Status
X-ProxyCache-Key
X-Say-Cacheable
X-Hl-Ver
WPO-Cache-Status
X-R9-Blue-Green-Version
X-SayCDN-TTL
X-Say-TTL
WPO-Cache-Message
X-Web-Node
X-Varnishpool
LB
CDN-EdgeStorageId
CDN-CachedAt
Content-Disposition
CDN-PullZone
CDN-RequestCountryCode
Content-Secure-Policy
X-TIME
CDN-Uid
CDN-RequestId
X-RateLimit-Limit
X-Be
Azure-InstanceId
CDN-Cache
Azure-Version
Azure-SlotName
Azure-RegionName
DB-Nickname
X-Soup
Azure-SiteName
X-Generated-By
X-Azure-Ref-OriginShield
X-Trace-Id
X-Ua
X-LSADC-Cache
OT-Force-Account-Verify
SRV
X-Webkit-Csp
X-Dc
X-Cached-By
X-Nginx-Cache-Key
X-SRV
Source
X-Bc-Bl
Cache
X-Unique-Id
Retry-After
X-LAGOON
X-TT-LOGID
X-Auto-Login
X-Cache-Remote
X-Origin-TTL
X-Origin-CC
X-Platform-Server
Xet-Cookie
X-Varnish-Hits
Mime-Version
Cache-Hits
X-TNCMS
X-Akamai-Transformed
X-HTML-Minification-Powered-By
X-GEO
X-Xfnlog-Site
X-Varnish-Hostname
X-Loop
X-App-Version
Onion-Location
X-ECache
X-S-Maxage
X-Cache-Tags
X-Amz-Meta-S3cmd-Attrs
ServedBy
X-Cdn
HostName
X-Varnish-Cache-Hits
Web-Mar-Node
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Upgrade-Insecure-Requests
Webserver
X-Request-Time
X-CLOUD-TRACE-CONTEXT
X-CSRF-Token
X-Proto
X-EC-Lua
X-AOL-HN
From-Origin
X-Request-Host
X-Tenant
WP-Super-Cache
N-Cache
X-Endurance-Cache-Level
X-Time
X-VWS-Id
X-LJ-Flow-ID
X-Cache-Var
X-Cache-Var-Map
X-AWS-Id
X-GG-Cache-Date
X-Time-Microsecs
X-FireWall-Port
X-Cache-Enabled
X-Origin-Response-Time
X-Edge-Location
X-Mg-Request-UUID
X-Handled-By
X-Cache-NE
X-Block-Status
X-B-Cookie
Xc-Version
X-V-Cache
X-CF-Lambda-Fn
X-Processor
X-Ckpd-Fst-Backend
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebCache
X-Destination
X-PHP-Host
X-D
X-Connection-Hash
X-Cluster
X-External-Request-Id
X-Conf
X-Vdms-Path
X-Vdms-Version
X-CF-Lambda-Version
X-Aed
Rendered-Blocks
Redirect-Candidate
BehaviorPad-Version
Sslversion
Surrogated-Key
Pramga
Odigeo-Trace-Id
Expiry
DCR-Decision-By
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Mobile-Detection-Method
User-Cache-Control
V-Age
X-A-Wwc
X-Rojux
X-Labrador-Cache-Channel
X-Aicache-OS
X-Application
X-A-Dgt
X-A-Dcw
Vix-Hermes-Req-Id
A
X-A
X-A-Ccd
X-A-Dam
X-ARC
X-Developer
X-Slack-Backend
X-Shop-Environment
X-PAYTM-SRV-ID
X-Planisys-CDN-Rules
X-Ig-Push-State
X-B3-SpanId
X-Hnp-Log
X-SRCache-Key
X-Correlation-ID
CloudFront-Viewer-Country
X-Session-Fingerprint
X-SD-PageType
X-NAPM-TraceId
X-ND-Cache
X-PBS-Appsvrname
X-ScT
X-Planisys-CDN-Cache
X-S
X-TIM-N
X-Orig-Expires
Nel
X-Amzn-RequestId
X-Gen-Mode
X-Planisys-CDN-TTL
X-Ftr-Request-Id
X-Forwarded-Path
X-S-Cookie
X-Amz-Apigw-Id
X-Via-NSCOPI
X-NWS-UUID-VERIFY
DCR-Processing-Time-Ms
X-MP-GENERATED-AT
Wxu-Next-Commit
X-Origin-Expires
X-Nyt-Route
Wxu-Next-Hostname
X-Old-Content-Length
X-Owner
DSUID
Wxu-Next-Region
X-Scheme
Origin
State
Gh-Request-Id
Svr
True-Client-Country-4JS
Host-ID
X-Origin-Time
Fastcgi-Cache-TTL
X-Li-Pop
X-SVT-ORM-RULES
X-Policy
X-Geo-Header
X-Hash
X-Sucuri-ID
X-Date
X-Gdpr
X-Fastly-Cache
X-SVT-ORM-VERSION
X-Epic-Correlation-Id
X-Forwarded-Site
X-Viewer-Country
X-Webstats-RespID
X-Sucuri-Cache
X-Request-URI
X-LI-UUID
X-Location
X-Men
X-Mvc-Supplant-Cachable
X-RCS-CacheZone
X-Server-IP
X-Cache-Date
X-Cdn-Srv
X-Cache-Bucket
X-Li-Fabric
X-Proxy-Upstream
X-NodeID
X-Accel-Expires-Debug
CacheControlHeader
X-Reqid
Fastly-Drupal-Html
Arc-Country
CDCHOST
X-Zone
AKAMAI
Cmsid
X-Adobe-Source
X-Magnolia-Registration
Cmstype
Environment
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Locale
Server-Info
X-Developers
X-Esi-Check
X-Eu-Site
X-Envoy-Decorator-Operation
X-Fetched-On
X-Fastly-Backend
X-Gamma-Serve
X-Device-Os
X-Csrf-Jwt
X-Cache-Debug
X-Cache-Id
X-Branch-Name
X-Bip
X-Backend-State
X-Cache-Info
X-Cdn-Origin
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Core-Value
X-Core-Mission
X-CGP
X-Datadog-Trace-Id
X-HS-Content-Campaign-Id
X-TH-Server
X-Thanos
X-Storefront-Renderer-Rendered
X-Sn-Servicetimems
X-Served-From
X-Skip-Cache
X-TrackingId
X-UnsetCookies
X-VServer
X-Backend-TTL
X-VG-TLSProxy
X-VarnishDD-TTL
X-Varnish-Beresp-Status
X-Rocket-Nginx-Serving-Static
X-Request-Start
X-HN
X-Irp-Debug
X-Gzip
X-GeoIP-City
X-GeoIP
X-Level-Front-Cache
X-CACHE-KEY
X-Region-Sid
X-Req
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Limit-Second
X-Platform
X-Generated-On
X-RateLimit-Remaining-Second
Apple-News-Services-Handled
Traceparent
PFcat
L5d-Success-Class
Origin-CC
Origin-EX
Release
Apple-News-Services-Host
Locid
Server-Host
Ssr
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Mail-Subject
L
Machine
We-Hiring
Web-Mar-Region
Ha-Gx-Prefs
HA-Ipaddr
X-VC-Cache
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-GeoIP-Country-Code
X-FC-Vary-Parameters
Thinkindot-Control
X-Rocket-Build-Number
X-GeoIP-Region-Code
TDXMobile
Is-Eu
X-Rebelmouse-Cache-Control
Cf-Device-Type
X-DPWN-IS-SECURE
X-Qloud-Router
Memcached
Req-Svc-Chain
X-Rebelmouse-Surrogate-Control
X-Pod-Name
X-Sigma
X-DefElseHash
X-DefHash
X-Worker
X-Varnish-Remaining-TTL
X-BBC-Edge-Cache-Status
X-NU-AKA-ACS-Version
X-Sigma-Backend
Fastly-GeoIP-CountryCode
X-Thinkindot-L3
X-Amzn-Remapped-Content-Length
X-ATG-Version
X-JWT-State
X-Is-Gdpr
X-Origin
Adler-Geo
X-Varnish-CookieHashed-On
X-Response-By
X-Varnish-CookieINHashed-On
Fastly-SWR
Fastly-SIE
X-Variation
X-Node-Id
X-Has-Esi
Platform
NM-Fastcgi-Cache
X-Xrds-Location
X-Mvc-Supplant-OutputCached
X-Loc
X-Tx-Id
S-Rt
NGX
X-Ua-Device
X-NC
X-Cache-Config
X-API-Version
Magicmarker
X-CS
X-TraceId
Pics-Label
CDN
X-Akamai-Request-ID2
X-LB-ID
X-Generated-In
X-Up
X-Varnish-Beresp-Ttl
X-Http-Reason
X-Restarts
X-Datadome
Time
Kp-EeAlive
X-Trace-ID
Memory
X-Tt-Logid
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
NtCoent-Length
Edge-Cache
X-Cache-Backend
Datacenter
X-Wix-Viewer-Type
X-Edge-Pop
Candidate-Md5Url
X-DSS
X-Optimistic-Header
X-Action
X-LB-NoCache
Env
X-RSL
X-DB
X-RPS
X-RPM
X-DW
X-DI
X-Vc
Accept-Language
X-Via-Popv
X-Refresh
WebServer
X-Via-Poph
X-Varnish-Ttl
GeoIp-Country-Code
X-Via-Popn
X-DynaTrace-JS-Agent
X-Minions-Version
WWW-Authenticate
On-Server
X-Varnish-Beresp-TTL
X-CacheTTL
X-TA-CDN-Provider
X-DC
Esi-Enabled
X-Parent-Response-Time
X-Cs
X-HA-Backend
X-Servedbyhost
X-Esi
X-Srv
Locale
X-Dynatrace
X-Urbn-Context-Path
X-Urbn-Site-Id
C-Via
X-MSEdge-Flight
X-MSEdge-Features
X-TX-ID
X-Unique-ID
X-Service
X-Newrelic-Synthetics
X-Ec-GeoHdr
X-User
X-Ec-Fail
X-Cache-PHP
Server-ID
X-ZONE
X-VCL-Version
X-Li-Proto
X-Render-Time
X-LiteSpeed-Cache-Control
X-LI-Proto
X-App
X-Cache-Status-Check
X-FPC
X-Cache-Ttl
X-URL
X-B3-Spanid
X-AK-Request-ID
X-Fpc
Cdnsip
Test
Cdncip
X-Webkit-Csp-Report-Only
X-Traceid
X-Pass-Why
X-Vcl-Version
Geoip-Latitude
X-Clara-WADP
My-App
Cluster
Server-Id
X-Fmm-Version
X-WADP-Cache
X-Webkit-CSP-Report-Only
Geo-Info
X-NODE
Proxy-Connection
X-CUA
X-Var-Ttl
Resin-Trace
Tracecode
X-Mcache
X-CSRF-TOKEN
X-AIR-PT
X-Clientip
X-LiteSpeed-Tag
Tcn
X-Info
M-TraceId
Lfy
X-From
T-Server
DataCenter
Fastly-Drupal-HTML
X-Fragments
Hostname
X-Ha-Backend
Lang
Cf-Int-Pingora-Origin-Digest
UCS
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
HIT
X-Oss-Hash-Crc64ecma
Cache-Host
X-Oss-Storage-Class
X-Geo
S-Cnection
Target-Params
X-ID
X-ServedByHost
X-B3-Traceid
X-Via-PopH
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
GeoIP-Country-Code
Ohc-File-Size
Hit
X-NGINX-Cache
X-Via-PopN
X-HostName
X-Via-PopV
X-RAMCache
X-Pad
X-Dynatrace-Js-Agent
X-VC
Fastly-Backend-Name
X-Micro-Cache
MIME-Version
User-Agent
X-Edge-POP
X-Cdn-Forward
ENV
X-ElasticPress-Query
X-Httpd
Section-Io-Id
X-BBC-Origin-Response-Status
X-Edge-Cache
X-Proxy-Cache-Info
X-Check-Cacheable
X-Provided-By
X-Api-Version
Load-Balancing
X-Backend-Host
Section-Origin-Responded
Permissions-Policy
X-Release
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-UP
WZWS-RAY
Servername
X-HS-Status
X-Ucs
Producers
X-Lb-Nocache
X-Fastly-Backend-Reqs
X-BCube-Filmed-By
X-ServerName
X-APP
Uri
EpKe-Alive
X-GoCache-CacheStatus
X-Lb-Id
X-SB
PICS-Label
FSS-Cache
ServerName
URI
X-Cache-CFC
X-TRACE-ID
Sid
Lb
X-Pool
X-Udemy-Cache-App-Namespace
Server-Ttl
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Swift-Error
X-Fastly-Cache-Hits
CPC-Age
X-Nc
VNS-Age
X-B3-ParentSpanId
Cache-Key
Cdn
CPC-Cache
Ohc-Cache-HIT
X-WA-Info
X-WA
X-RateLimit-Reset
Cneonction
VNS-Cache
Cteonnt-Length
Path
X-Cdn-Request-ID
X-Amz-Meta-Cb-Modifiedtime
X-Dw-Trace-Id
Cf-Ipcountry
X-Akamai-ERRuleID
Vha6-Origin
X-ES-SERVER
X-Contensis-Viewer-Groups
Shield-Pop
X-Apw-Hits
X-Akamai-ERPolicy
X-Apw-Access-Token
X-Ec-Custom-Error
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Akamai-Request-ID
X-Newrelic-App-Data
X-Snapshot-Date
X-Apw-Access-Object
X-Apw-Access-Action
X-Scale
X-Cache-ASPX
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
CF-Cached-On
X-Acquia-Site
X-Acquia-Application-Trace
X-Yottaa-OS
X-Vcache
X-Air-Pt
X-Cache-Ngx
X-CacheKey
X-Sentry-ID
X-Cache-Expires
X-SIPLIST1
IsBot
X-Shopify-Generated-Cart-Token
X-Logging-Id
Req-ID
Ngx
X-PJAX-URL
CountryCode
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
X-Last-Modified
X-Akamai-Pragma-Client-IP
X-UA
X-Te-Duration-Ms
X-Varnish-Authentication
X-Cms-Context
Pagetype