Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
X-Akamai-Path-Stats
Host-Header
X-Proxy-Cache
X-UA-Device
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
Allow
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Cf-Edge-Cache
X-Cache-Lookup
X-HW
X-Response-Time
Xkey
X-Application-Context
X-ASPNET-VERSION
Content-Location
Rating
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
Accept-Ch
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
Edge-Control
RTSS
X-Server-Name
X-Varnish-TTL
X-VARITI-CCR
X-ESI
Cache-Tag
X-Content-Type
X-B3-TraceId
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Dw-Request-Base-Id
X-Amz-Rid
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
Public-Key-Pins
X-Px
X-Cnection
X-Ac
X-D2id
X-Element-Page-Cache
X-Navigation-Version
Verso
X-Edge
X-FastCGI-Cache
X-Client-IP
X-Abt-Application-Version
X-RateLimit-Remaining
X-Powered-By-Plesk
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Ser
X-Cache-TTL
X-Version
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-GitHub-Request-Id
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Correlation-Id
Access-Control-Request-Method
X-Goog-Hash
SPRequestDuration
SPIisLatency
X-Kinsta-Cache
X-Edge-Location-Klb
X-TTL
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
AR-SID
X-Ttl
X-Cached
X-Upstream
X-Content-Security-Policy-Report-Only
SPRequestGuid
X-SharePointHealthScore
X-Instrumentation
X-NWS-LOG-UUID
X-Kraken-Loop-Name
X-LLID
X-Server-Lifecycle-Phase
X-Powered-CMS
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-Litespeed-Cache
Nginx-Cache
X-Cache-Key
X-Forwarded-For
X-RateLimit-Limit
Content-MD5
X-MSEdge-Ref
TCN
X-Id
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Webkit-Csp
X-T
X-Recruiting
S
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Digest
X-TEC-API-ORIGIN
MS-Author-Via
X-Ua-Device
X-Mg-S
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Accel-Expires
X-ECACHE
X-Protected-By
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ezoic-Cdn
X-DataDome
X-Grace
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Content
X-Ua-Browser
X-Ab
X-Yandex-Sdch-Disable
Front-End-Https
Filters
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Server-ID
TP-Cache
TP-L2-Cache
X-PressLabs-Stats
X-Origin-Server
X-Mid
Fastcgi-Cache
X-Hits
X-DynaTrace
X-Geo-Country
X-Distributor
X-WebKit-CSP-Report-Only
X-Microsite
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
X-Debug-Info
X-Amzn-Trace-Id
Charset
X-Tt-Trace-Host
X-ORACLE-DMS-ECID
X-Tt-Trace-Tag
Cleartype
X-Page-Id
X-F-Cache
X-Git-Hash
X-LB-Cache
Host
X-B3-Sampled
X-ORACLE-DMS-RID
X-DIS-Request-ID
X-MCACHE
Cross-Origin-Opener-Policy
Pinterest-Version
X-Pinterest-Rid
X-Forwarded-Proto
Pinterest-Generated-By
X-Cache-Age
Access-Control-Allow-Method
X-Www-Served-By
ServerID
X-Seen-By
Cache-Status
X-AppVersion
X-Activity-Id
Realpath
X-Az
Accept-Charset
X-Aspnetmvc-Version
Cache-Tags
X-Oracle-Dms-Ecid
X-Cluster-Name
X-Varnish-Age
X-Oracle-Dms-Rid
Filterid
X-Rid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content-Options
X-Nginx-Upstream-Cache-Status
X-Language
X-Type
X-App-Environment
Server-Name
X-Tb
Node
Retry-After
X-Origin-Cache
X-Varnish-Grace
X-Whom
Country
X-User-Agent
X-Upgrade-Enabled
Viewport
X-FB-Debug
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
X-Signature
X-Flags
X-Mobile-URL
X-Drupal-Cache-Tags
X-Varnish-Backend
X-Aspnet-Duration-Ms
X-Route-Name
X-NWS-UUID-VERIFY
X-B-Cache
X-Wix-Request-Id
X-TT
X-GUploader-UploadID
X-VCache
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
DC
X-Goog-Generation
Paypal-Debug-Id
X-Goog-Storage-Class
X-Goog-Metageneration
Fastcgi-Useragent
Protected
X-XRDS-LOCATION
X-B
X-N
X-Via-JSL
X-Fastly-Request-Id
X-Debug
X-Fastly-Request-ID
WPO-Cache-Message
WPO-Cache-Status
X-Amz-Replication-Status
X-Logged-In
X-Cache-NGX
Payment
X-Contextid
X-Load-Cache
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
Surrogate-Key
Count-Hit
X-Cache-Control
Permissions-Policy
Amp-Access-Control-Allow-Source-Origin
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-FW-Type
Healthy
X-Template
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Node-Name
X-Fastcgi-Cache
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
X-G
Content-Disposition
X-Cache-Time
Akamai-GRN
X-Mobile
X-Mcache
X-Jobs
X-Framework
X-UUID
X-Is-Bot
X-Trace-Id
X-Zen-Fury
X-Cacheable-TTL
X-Akamai-Request-ID2
X-Revision
X-Rendered-As
Uber-Trace-Id
X-Real-IP
X-Proxy-Cache-Status
X-Http-Reason
X-Adobe-Loc
X-Adobe-Content
Refresh
X-Page-View
X-Proxy
X-Cache-TTL-Remaining
Access-Control-Request-Headers
Alternate-Protocol
Url
X-Debug-IsConnected
X-Instance
X-Debug-IsPreview
NGB
X-Device-Type
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Drupal-Cache-Contexts
X-Hostname
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Servername
X-Cache-Grace
X-IPLB-Instance
X-ECache
X-B3-Traceid
X-Mg-Request-UUID
X-Restarts
Version
X-NGENIX-Cache
X-Varnish-Server
X-Source
X-L-Path
X-Environment-Context
From-Origin
X-Oneagent-Js-Injection
Accept-Language
X-Cache-Rule
X-Cache-Hit
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
Countrycode
X-HTML-Minification-Powered-By
MS-CV
Ms-Operation-Id
X-RTag
X-Cache-Expired-At
X-Datadome
X-Parallel-Accel
X-Ratelimit-Remaining
Frame-Options
Referer-Policy
X-App-Server
X-NYM-Debug-Backend
Liferay-Portal
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel-0
X-FW-Version
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Backend
X-IPS-LoggedIn
X-COUNTRY
X-Nginx-Cache
X-Midtier
Content-Secure-Policy
WP-Super-Cache
Cache-Tv-Group
X-RN-RSRV
X-Hosted-By
Upgrade-Insecure-Requests
X-Cache-Action
X-UPSTREAM-Address
Section-Io-Cache
Meta-Geo
X-FB-TRIP-ID
X-OCL
X-UA-Device-Type
X-APP-VERSION
X-Web-Node
X-Ua
X-Detected-As
X-Content-Age
X-Cache-Enabled
X-Cache-Server
X-Redis-Cache
CF-IPCountry
X-Region
X-Generation-Time
X-PCL
X-Format
S-Rt
Locale
TWC-Device-Class
Fastly-SSL
Mn-Server-Ip
TWC-Connection-Speed
Property-Id
Webcakes-Region
X-Access
Apigw-Requestid
Azure-InstanceId
X-Akamai-Edgescape
X-Unique-Id
X-Cluster-Node
X-Be
X-AOL-HN
Azure-RegionName
Azure-SiteName
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
Webcakes-App-Name
Azure-SlotName
Azure-Version
Webcakes-App-Version
Ec-Rule-Version
X-PHP-Backend
X-Say-Cacheable
X-Say-TTL
X-ProcessESI
X-RemovedCookies
X-SayCDN-TTL
X-Uri
X-Request-Time
X-Server-W
X-Section
X-Varnish-Cache-Hits
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Sql-Duration-Ms
X-Storage
X-Origin-Hint
X-Human
X-Mode
X-Sql-Count
X-Origin-Date
X-No-Session
X-Nginx-Cache-Key
CDN-CachedAt
CDN-Cache
X-Adobe-Source
CDN-EdgeStorageId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
CDN-RequestId
X-Site-Version
X-ShardId
Eomportal-Instance
X-Xfnlog-Site
CDN-Uid
CDN-RequestCountryCode
X-Status
CDN-PullZone
X-ShopId
X-Debug-Cache
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-Cache-Tags
X-Content-Powered-By
X-Cache-Host
X-Platform-Server
X-Alternate-Cache-Key
X-Forwarded-Host
X-Generated-By
X-Routing-Service
X-Cache-Type
X-Tid
X-JoinUs
X-Hl-Ver
X-Proxied
X-PERF
X-Extlb
X-NewRelic-App-Data
X-ApacheServer
X-Webkit-CSP
X-Labrador-Cache-Channel
X-SaId
X-PHP-Host
X-ServerID
X-Zipkin-Id
X-Handled-By
X-Backend-Name
X-Varnishpool
X-Via-Fastly
X-Locale
X-AWS-Id
X-Timing-Wait
X-Proxy-Build
X-VWS-Id
Selected-Fe
X-TT-LOGID
X-LJ-Flow-ID
X-GG-Cache-Date
X-Cms-Context
X-VC-Cache
ServedBy
X-Hyper-Cache
Webserver
X-Edge-Location
X-Rule
X-Cache-Operation
X-Storefront-Renderer-Rendered
X-LSADC-Cache
X-Ratelimit-Limit
Mime-Version
X-Proto
Fastly-Drupal-Html
Load-Balancing
Web-Mar-Node
X-Cached-By
SRV
X-Dc
SID
X-Accel-Buffering
X-GeoCountry
X-CDN-Forward
X-GeoCode
X-Rewrite-Enabled
X-GEO
X-Soup
Onion-Location
X-App-Version
X-Cache-Remote
Xserver
X-Cdn
X-TA-CDN-Provider
X-Varnish-Hostname
X-Pubstack
Cache-Hits
X-Reqid
Country-Code
X-SRV
X-Buckets
X-Origin-TTL
X-Request-Host
X-Origin-CC
X-Cluster
Server-Info
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Varnish-Hits
X-Envoy-Decorator-Operation
X-MP-GENERATED-AT
X-Microcachable
X-CSRF-Token
X-Ms-Version
X-Magnolia-Registration
Xet-Cookie
X-Ms-Request-Id
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Air-Source
LB
X-Air-Trace-Id
X-Air-Hostname
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Time
Cache
DB-Nickname
X-Endurance-Cache-Level
X-B3-SpanId
X-Tx-Id
X-RCS-CacheZone
DCR-Processing-Time-Ms
Rendered-Blocks
Cmstype
Cmsid
Odigeo-Trace-Id
Sslversion
T-Server
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
NM-Fastcgi-Cache
Surrogated-Key
Mobile-Detection-Method
Fastcgi-X-Cache-Version
MD5-Digest
DCR-Decision-By
Lang
BehaviorPad-Version
Cdncip
Cdnsip
Meta-Geo-Continent
Expiry
Source
X-A-Dgt
A
X-Device-Os
X-S-Cookie
X-S
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-Rojux
X-Processor
X-Node-Id
X-NAPM-TraceId
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Shop-Environment
X-SRCache-Key
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Path
X-User
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Tenant
X-TIM-N
X-TrackingId
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Cdn-Srv
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Cache-Id
X-Cache-Bucket
X-AK-Request-ID
X-Aed
X-Application
X-ARC
X-B-Cookie
X-Core-Mission
X-D
X-Forwarded-Path
X-Fetched-On
X-Ftr-Request-Id
X-Gzip
X-Hash
X-External-Request-Id
X-Esi-Check
X-Developer
X-Destination
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-A-Wwc
X-Conf
X-Bc-Bl
DynaTrace
X-IPLB-Request-ID
X-NCache
CDN
X-Varnish-Beresp-Grace
X-Varnish-Ttl
X-Clara-WADP
X-Cache-Info
X-Ckpd-Fst-Backend
X-CacheTTL
X-Cache-Date
X-Cache-Backend
X-Core-Value
X-DefHash
X-Fastly-Cache
X-Fmm-Version
X-From
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Block-Status
X-Developers
X-Dispatcher-Number
X-DefElseHash
Wxu-Next-Hostname
Server-Host
State
TDXMobile
Release
Producers
Origin-EX
Platform
Pramga
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Wxu-Next-Commit
X-R9-Blue-Green-Version
Wxu-Next-Region
Web-Mar-Region
We-Hiring
Thinkindot-Control
Traceparent
User-Cache-Control
X-Amzn-Remapped-Content-Length
X-Geo-Header
X-Thinkindot-L3
X-TNCMS
X-V-Cache
X-Slack-Backend
X-Sigma-Backend
X-Rocket-Build-Number
X-Server-IP
X-Sigma
X-Variation
X-Varnish-CookieHashed-On
X-Webstats-RespID
X-Wix-Viewer-Type
X-Worker
X-WADP-Cache
X-VServer
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Via-Ucdn
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
X-Hnp-Log
X-Has-Esi
X-Gen-Mode
Origin-CC
X-GeoIP
X-LAGOON
X-Location
X-Origin-Response-Time
X-Origin-Time
X-Planisys-CDN-Cache
X-Origin-Expires
X-Origin
X-Mvc-Supplant-Cachable
X-NodeID
X-Nyt-Route
X-Gdpr
X-Loop
Machine
Mail-Subject
Is-Eu
Adler-Geo
Environment
Fastly-GeoIP-CountryCode
Memcached
Host-ID
X-Azure-Ref
HostName
Apple-News-Services-Parsed-Url
X-SIPLIST1
X-CGP
X-Skip-Cache
Fastly-SWR
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Csrf-Jwt
Apple-News-Services-Host
X-Cdn-Origin
X-GeoIP-City
X-BBC-Edge-Cache-Status
X-Platform
X-Auto-Login
X-Branch-Name
HA-Ipaddr
Apple-News-Services-Handled
Gh-Request-Id
AKAMAI
PFcat
X-Sn-Servicetimems
X-SB
X-Httpd
X-Forwarded-Site
DSUID
Ohc-File-Size
X-Viewer-Country
Cache-Name
CloudFront-Viewer-Country
X-Generated-On
X-HN
X-Gamma-Serve
CDCHOST
X-VG-TLSProxy
X-Via-NSCOPI
X-Minions-Version
Apple-News-Services-Request-Url
X-Served-From
X-ZONE
Fastcgi-Cache-TTL
X-Eu-Site
X-Level-Front-Cache
X-VarnishDD-TTL
X-Loc
Fastly-SIE
Ha-Gx-Prefs
Kp-EeAlive
L
L5d-Success-Class
X-Proxy-Upstream
X-RateLimit-Remaining-Second
X-Scheme
Ssr
X-Rebelmouse-Surrogate-Control
Vix-Hermes-Req-Id
NGX
X-RateLimit-Limit-Second
X-Qloud-Router
N-Cache
V-Age
X-Rebelmouse-Cache-Control
Origin
X-Proxy-Cache-Info
Sever-Int
X-Policy
X-Pod-Name
Req-Svc-Chain
Redirect-Candidate
X-Aicache-OS
Server-Hostname
Server-Ext
X-Request-URI
X-Pool
IsBot
X-Newrelic-Synthetics
X-Optimistic-Header
X-Scale
Cluster
X-Owner
X-Region-Sid
X-Rocket-Nginx-Serving-Static
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Svr
X-Refresh
X-Men
Datacenter
X-Tb-Optimization-Total-Bytes-Saved
Arc-Country
X-NC
X-CS
X-Parent-Response-Time
Candidate-Md5Url
Cache-Key
X-Wikidot-Static-Cache
X-Wikidot-Backend
Pics-Label
X-Ad-Defer-Variation
X-BCube-Filmed-By
Locid
X-VC
X-CACHE-KEY
X-Contensis-Viewer-Groups
CPC-Age
CPC-Cache
VNS-Cache
X-Cache-ASPX
X-Ah-Environment
X-SplitTest
X-Tt-Logid
X-Response-By
XM
X-Old-Content-Length
VNS-Age
GEO-INFO
X-EC-Lua
Env
Ms-Author-Via
X-TraceId
X-RSL
X-LB-NoCache
X-RPM
X-Srv
X-RPS
X-DSS
X-Varnish-Authentication
X-DB
AMP-Access-Control-Allow-Source-Origin
X-DI
X-Tec-Api-Version
X-Tec-Api-Root
Servername
X-Tec-Api-Origin
Fastly-Backend-Name
X-DW
X-WA-Info
X-Udemy-Cache-App-Namespace
X-Micro-Cache
Memory
Time
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Status-Check
X-Date
X-Mvc-Supplant-OutputCached
X-Accel-Expires-Debug
X-Edge-Pop
Lb
X-Akamai-Transformed
X-Xrds-Location
X-TIME
Path
X-Generated-In
X-Via-Poph
X-GeoIP-Country-Code
X-Servedbyhost
X-AIR-PT
X-Via-Popv
X-GeoIP-Region-Code
X-Via-Popn
Ohc-Cache-HIT
X-Cache-Debug
X-Trace-ID
ITXSESSIONID
X-HA-Backend
GeoIp-Country-Code
X-RateLimit-Reset
Ngx.Var.Host
Cache-Host
X-API-Version
Client
FSS-Cache
X-S-Maxage
X-VCL-Version
X-DC
Fusion-Component-Id
X-Api-Version
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
CacheControlHeader
True-Client-IP
X-Vc
X-Varnish-Beresp-TTL
Geoip-Latitude
XkeyRZ
X-VHOST
X-Proxy-CacheRZ
X-Cs
Server-ID
X-Clientip
X-Action
Geo-Info
True-Client-Country-4JS
X-TH-Server
X-Backend-TTL
Hostname
X-Presslabs-Stats
X-FireWall-Port
X-Fpc
X-Zone
Powered-By
X-Req
Edge-Cache
X-Webkit-Csp-Report-Only
X-TX-ID
NtCoent-Length
X-B3-Spanid
X-Traceid
X-PX
X-Dmc
My-App
X-Pass-Why
X-MSEdge-Features
X-MSEdge-Flight
X-INCAP-ABP
X-Provided-By
X-FPC
X-Render-Time
Test
X-Origin-Upstream-Status
X-NGINX-Cache
X-Up
C-Via
X-CSRF-TOKEN
X-Cdn-Request-ID
X-Correlation-ID
Cf-Int-Pingora-Origin-Digest
X-Varnish-Beresp-Ttl
X-Gateway-Cache-Status
X-Beluga-Record
X-LB-ID
X-DynaTrace-JS-Agent
X-Beluga-Status
X-Beluga-Node
X-Webkit-CSP-Report-Only
X-Beluga-Cache-Status
X-Gateway-Request-Id
X-Beluga-Trace
X-Beluga-Response-Time
User-Agent
Rip
Tube-Got-Eval
Click-Count-Error
Click-Count-Action-Start
Server-Id
X-Service
X-HS-Status
Tube-Return
Tube-Get-Contents
Tube-Got-Results
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-M-Reqid
Tcn
X-Vcl-Version
Esi-Enabled
Proxy-Connection
OT-Force-Account-Verify
X-M-Log
X-Qnm-Cache
DataCenter
X-Via-PopV
GeoIP-Country-Code
X-Via-PopN
Srvid
GeoIP-Latitude
X-Ha-Backend
X-Alfa-Service
Resin-Trace
On-Server
HIT
X-Via-PopH
Uri
X-Li-Pop
X-Li-Fabric
X-URL
X-LI-UUID
X-UnsetCookies
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
X-RAMCache
X-ServedByHost
X-Time-Microsecs
WZWS-RAY
Sid
X-ND-Cache
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-Geo
Epwk-X-Cache
X-APP
X-Proxy-Cache-Hk
X-Fetch-By
X-CUA
X-CCDN-CacheTTL
X-LI-Proto
Srv
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-TRACE-ID
X-Cdn-Forward
Cf-Device-Type
MIME-Version
X-Fragments
Target-Params
Tracecode
X-Edge-POP
X-Fastly-Backend-Reqs
X-Backend-Host
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
X-ATG-Version
Cdn
X-Edge-Origin-Shield-Bytes
X-Esi
X-Sucuri-ID
X-Sucuri-Cache
X-App
X-Var-Ttl
X-FC-Vary-Parameters
WebServer
X-Fastly-Backend
ServerName
ENV
X-B3-Traceid-Primal
XServer
Lfy
X-Lb-Nocache
Fastly-Drupal-HTML
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Edge-Origin-Shield-Region
X-MG-S
X-HostName
Section-Io-Origin-Time-Seconds
X-Yottaa-OS
M-TraceId
CF-Cached-On
PICS-Label
Section-Io-Id
X-Newrelic-App-Data
X-ElasticPress-Query
Warning
Section-Origin-Responded
Inserted-Into-Cache-At
X-Azure-Ref-OriginShield
X-Varnish-Beresp-Status
X-Cache-Expires
Server-Ttl
Section-Io-Origin-Status
D-Url-Rewrites
X-Iplb-Request-Id
X-Backend-State
X-Iplb-Instance
Cf-Ipcountry
X-NU-AKA-ACS-Version
X-Nc
X-Serial
X-Dw-Trace-Id
X-Li-Proto
X-Vcache
X-LiteSpeed-Cache-Control
Magicmarker
X-Request-Url
X-CF-Powered-By
DT-Hot-News
Servedby
Dt-Hot-News
X-Vercel-Cache
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
Fastcgi-Cache-Ttl
True-Client-Ip
X-Vercel-Id
Hit
X-Acquia-Application-UUID
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Snapshot-Date
Ngx
X-Litespeed-Cache-Control
Cneonction
X-Dist-Code
X-BBC-Origin-Response-Status
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
Content-Style-Type
Content-Script-Type
X-Release
CountryCode
X-Request-URL