Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
Access-Control-Allow-Origin
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
EagleId
Request-Context
X-Age
X-Robots-Tag
X-Server
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
X-LiteSpeed-Cache
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Allow
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Aws-Lambda-Call-Status
X-Server-Id
X-CST
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Cf-Edge-Cache
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Trace
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-MS-InvokeApp
X-Rack-Cache
X-Varnish-TTL
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-ESI
X-Content-Type
X-VARITI-CCR
X-B3-TraceId
Accept-Ch
Cache-Tag
X-Vcap-Request-Id
X-Amz-Rid
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Ac
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cnection
X-Amz-Server-Side-Encryption
X-Px
X-RateLimit-Remaining
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-Client-IP
X-Abt-Application-Version
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-Sol
Pagespeed
Display
X-Middleton-Display
X-Ser
X-FastCGI-Cache
X-Version
X-Edge
X-Country-Code
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Response
X-Middleton-Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
X-Correlation-Id
X-Ruxit-Js-Agent
AR-PoweredBy
AR-SID
AR-CACHE
AR-Request-ID
AR-ATIME
X-Kinsta-Cache
X-Upstream
X-Webkit-Csp
X-TTL
X-Edge-Location-Klb
SPRequestDuration
SPIisLatency
X-Ttl
X-RateLimit-Limit
X-NWS-LOG-UUID
X-Cached
X-LLID
X-Cache-Key
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Nginx-Cache
X-Litespeed-Cache
Edge-Cache-Tag
TCN
SPRequestGuid
X-SharePointHealthScore
X-Forwarded-For
Mrf-Cache-Status
MRF-Tech
X-MSEdge-Ref
MS-Author-Via
Content-MD5
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Recruiting
X-DataDome
S
X-Mg-S
X-Content-Digest
X-Ua-Device
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Protected-By
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Frontend
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-Ua-Browser
X-Content
X-Ab
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
Server-Node
X-Yandex-Sdch-Disable
Front-End-Https
X-Accel-Expires
X-Request-Received
X-Request-Processing-Time
X-Grace
Filters
X-Server-ID
Fastcgi-Cache
X-Mid
X-PressLabs-Stats
X-ECACHE
X-Hits
X-Geo-Country
X-Origin-Server
X-ORACLE-DMS-ECID
X-Distributor
TP-L2-Cache
TP-Cache
X-ORACLE-DMS-RID
X-Debug-Info
X-DynaTrace
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
Host
Cleartype
X-Page-Id
X-Ratelimit-Reset
X-F-Cache
X-B3-Sampled
X-DIS-Request-ID
X-Git-Hash
Cross-Origin-Opener-Policy
X-Www-Served-By
X-Forwarded-Proto
X-Request-Handler-Origin-Region
X-LB-Cache
X-Microsite
Cache-Tags
Access-Control-Allow-Method
ServerID
X-Cache-Age
X-Seen-By
X-Aspnetmvc-Version
X-Oracle-Dms-Ecid
X-Az
X-Activity-Id
X-AppVersion
X-Cluster-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Oracle-Dms-Rid
Accept-Charset
X-Varnish-Age
Cache-Status
X-Language
Server-Name
Realpath
Filterid
X-Type
X-Rid
X-Content-Options
X-App-Environment
X-WebKit-CSP-Report-Only
X-Nginx-Upstream-Cache-Status
X-Mobile-URL
X-VCache
X-Fastly-Request-ID
X-Origin-Cache
Node
Viewport
X-Varnish-Grace
Country
X-Upgrade-Enabled
X-MCACHE
X-Tb
X-FB-Debug
X-Wix-Request-Id
X-User-Agent
X-Whom
X-Drupal-Cache-Tags
X-NWS-UUID-VERIFY
X-Flags
X-Signature
X-Route-Name
X-Is-Crawler
DC
X-Aspnet-Duration-Ms
X-B-Cache
X-Request-Guid
Paypal-Debug-Id
X-Providence-Cookie
X-Via-JSL
X-TT
Protected
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Retry-After
Fastcgi-Useragent
X-Varnish-Backend
X-XRDS-LOCATION
X-Cache-NGX
X-B
X-Fastcgi-Cache
X-Amz-Replication-Status
Payment
X-Contextid
X-Debug
X-XRDS-Location
X-Logged-In
X-Load-Cache
X-Template
WPO-Cache-Status
WPO-Cache-Message
X-N
X-FW-Hash
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-Fastly-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Mcache
Surrogate-Key
X-Cache-Control
X-Node-Name
X-Hostname
Count-Hit
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Amz-Meta-S3cmd-Attrs
Akamai-GRN
Healthy
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
X-Proxy
Refresh
Uber-Trace-Id
X-Rendered-As
X-Real-IP
X-Jobs
X-Revision
X-UUID
X-Zen-Fury
X-Akamai-Request-ID2
X-Cache-TTL-Remaining
X-Is-Bot
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Content-Disposition
X-G
X-Cache-Time
X-Http-Reason
X-Parallel-Accel
X-Framework
X-Mobile
X-Page-View
X-Cacheable-TTL
NGB
X-Yottaa-Optimizations
X-Adobe-Content
X-Adobe-Loc
X-Instance
X-Yottaa-Metrics
X-Proxy-Cache-Status
X-Debug-IsPreview
X-Device-Type
X-Drupal-Cache-Contexts
X-Debug-IsConnected
Alternate-Protocol
Access-Control-Request-Headers
X-Trace-Id
Url
X-IPLB-Instance
From-Origin
X-Servername
Permissions-Policy
X-Cache-Rule
X-ECache
X-Source
X-Vgn-Hpd-Reason
X-B3-Traceid
Version
X-Cache-Grace
X-Varnish-Server
Accept-Language
X-Cache-Expired-At
X-Oneagent-Js-Injection
X-Cache-Hit
X-Environment-Context
X-Mg-Request-UUID
X-L-Path
Referer-Policy
X-EdgeConnect-Cache-Status
X-Restarts
X-Ah-Environment
X-NGENIX-Cache
Countrycode
MS-CV
Ms-Operation-Id
X-RTag
X-App-Server
X-FW-Version
Cross-Origin-Window-Policy
X-Cache-Action
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-IPS-LoggedIn
Liferay-Portal
X-COUNTRY
Backend
X-NYM-Debug-Backend
X-HTML-Minification-Powered-By
Frame-Options
X-Nginx-Cache
X-RemovedCookies
X-ProcessESI
Content-Secure-Policy
WP-Super-Cache
CF-IPCountry
X-Hyper-Cache
Section-Io-Cache
Meta-Geo
X-UPSTREAM-Address
Upgrade-Insecure-Requests
X-Access
X-Redis-Cache
X-RN-RSRV
X-Cache-Server
X-OCL
X-Section
X-PCL
X-Format
TWC-GeoIP-LatLong
X-Origin-Hint
TWC-GeoIP-Country
X-Cache-Enabled
TWC-Locale-Group
TWC-Connection-Speed
X-Cluster-Node
Mn-Server-Ip
X-Detected-As
Property-Id
X-Generation-Time
TWC-Device-Class
Cache-Tv-Group
X-No-Session
X-PERF
X-Ratelimit-Remaining
X-ApacheServer
Webcakes-Region
X-FB-TRIP-ID
X-Content-Age
Ec-Rule-Version
Webcakes-App-Name
Webcakes-App-Version
X-Region
X-Ua
TWC-Privacy
Apigw-Requestid
Azure-SlotName
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Azure-Version
Fastly-SSL
X-AOL-HN
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Server-W
X-Request-Time
X-Be
X-Hosted-By
X-Generated-By
X-Human
X-Origin-Date
X-PHP-Backend
X-Site-Version
X-Sql-Count
X-Via-Fastly
X-Web-Node
X-Varnish-Cache-Hits
X-Uri
X-UA-Device-Type
X-Storage
X-Status
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Sql-Duration-Ms
X-Xfnlog-Site
S-Rt
X-Akamai-Edgescape
X-Rule
X-Mode
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-PullZone
X-Cache-Host
CDN-RequestCountryCode
X-ProxyCache-Status
Eomportal-Instance
X-ProxyCache-Key
X-Unique-Id
CDN-RequestId
CDN-Uid
X-Nginx-Cache-Key
X-Platform-Server
X-Forwarded-Host
X-Cache-Type
X-BYPASS-REASON
X-Cache-Tags
X-Debug-Cache
X-Content-Powered-By
X-Webkit-CSP
Webserver
X-Routing-Service
X-SaId
X-ServerID
X-ShardId
X-JoinUs
X-Alternate-Cache-Key
X-Hl-Ver
X-Proxied
X-Backend-Name
X-Extlb
X-ShopId
X-Varnishpool
X-Zipkin-Id
X-Shopify-Stage
X-Tid
X-Adobe-Source
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Handled-By
X-TT-LOGID
X-Proxy-Build
Selected-Fe
ServedBy
X-Timing-Wait
X-GG-Cache-Date
X-Locale
X-Cache-Operation
X-PHP-Host
X-APP-VERSION
X-Accel-Buffering
X-Labrador-Cache-Channel
X-Cache-Remote
X-VWS-Id
Xserver
X-LJ-Flow-ID
X-AWS-Id
X-LSADC-Cache
X-VC-Cache
X-Rewrite-Enabled
X-App-Version
SID
X-NewRelic-App-Data
X-CDN-Forward
X-Soup
X-Cached-By
X-Pubstack
X-Dc
SRV
Fastly-Drupal-Html
Mime-Version
X-Proto
Web-Mar-Node
X-Buckets
X-Edge-Location
X-TA-CDN-Provider
LB
X-Storefront-Renderer-Rendered
X-Datadome
Country-Code
X-Cms-Context
X-Reqid
X-GEO
Decoy-Debug-TTL
X-Request-Host
Decoy-Debug-Status
Decoy-Debug-Key
Onion-Location
X-Microcachable
X-Midtier
X-Varnish-Hostname
X-Ratelimit-Limit
X-Origin-CC
Server-Info
X-Origin-TTL
X-GeoCode
X-GeoCountry
Load-Balancing
Cache-Hits
X-Ms-Version
X-Ms-Request-Id
Xet-Cookie
X-Tumblr-Pixel-3
X-NCache
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Cluster
X-Varnish-Hits
X-CSRF-Token
X-B3-SpanId
X-Bc-Bl
X-RCS-CacheZone
DynaTrace
X-Air-Trace-Id
X-Air-Hostname
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Envoy-Decorator-Operation
X-Air-Source
X-R9-Blue-Green-Version
X-Magnolia-Registration
X-Tx-Id
X-Varnish-Beresp-Grace
X-Endurance-Cache-Level
Cache-Name
X-Origin-Response-Time
Pramga
X-VG-WebCache
A
Apple-News-Services-Handled
X-Geo-Header
Odigeo-Trace-Id
X-Ftr-Request-Id
Meta-Geo-Continent
Mobile-Detection-Method
NM-Fastcgi-Cache
X-Vdms-Version
Host-ID
Lang
X-Vdms-Path
X-Vtex-Processado-Em
Cdncip
X-Orig-Expires
BehaviorPad-Version
Rendered-Blocks
Cdnsip
X-LAGOON
Cmstype
DB-Nickname
DCR-Decision-By
Apple-News-Services-Request-Url
X-NodeID
Apple-News-Services-Host
Fastcgi-X-Cache-Version
X-Webstats-RespID
X-Vtex-Remote-Cache
Apple-News-Services-Parsed-Url
Xc-Version
DCR-Processing-Time-Ms
Expiry
X-Ig-Push-State
Cmsid
Wxu-Next-Commit
X-Shop-Environment
X-D
X-Destination
X-Session-Fingerprint
X-Developer
X-Hash
X-Connection-Hash
X-SRCache-Key
X-PAYTM-SRV-ID
X-HS-Content-Campaign-Id
X-CF-Lambda-Version
X-Conf
X-PBS-Appsvrname
X-Developers
X-Rojux
X-Forwarded-Path
X-Epic-Correlation-Id
X-Esi-Check
X-External-Request-Id
X-S
X-Ec-GeoHdr
X-Ec-Fail
X-SD-PageType
X-ScT
X-S-Cookie
X-CF-Lambda-Fn
X-Tenant
X-A
Wxu-Next-Region
X-A-Ccd
X-Gzip
X-A-Dam
Wxu-Next-Hostname
X-Processor
Surrogated-Key
Sslversion
X-User
X-TrackingId
T-Server
X-A-Dcw
X-A-Dgt
X-B-Cookie
X-ARC
X-Cache-Bucket
X-Cache-NE
X-Cdn-Srv
X-Application
X-AK-Request-ID
X-NAPM-TraceId
X-A-Wwc
X-TIM-N
X-Aed
X-From
X-Cache-Id
X-SRV
X-Azure-Ref
X-Time
X-Via-NSCOPI
X-SB
X-Scheme
X-JWT-State
Vix-Hermes-Req-Id
We-Hiring
X-Server-IP
X-Rocket-Build-Number
X-Cache-Info
X-Pod-Name
X-Cache-Backend
X-Block-Status
X-Amzn-Remapped-Content-Length
V-Age
User-Cache-Control
X-V-Cache
X-TNCMS
Producers
X-Variation
X-Varnish-CookieHashed-On
Platform
Server-Host
X-SVT-ORM-VERSION
X-Sigma-Backend
X-Sigma
X-Slack-Backend
Svr
X-SVT-ORM-RULES
State
X-Ckpd-Fst-Backend
X-Planisys-CDN-Rules
X-Men
X-Loop
X-Mvc-Supplant-Cachable
X-Fmm-Version
X-Node-Id
X-Fetched-On
X-Gdpr
X-Gen-Mode
X-Irp-Debug
X-Is-Gdpr
X-Hnp-Log
X-Has-Esi
X-Location
X-GeoIP
X-Fastly-Cache
X-Nyt-Route
X-Planisys-CDN-Cache
X-DefElseHash
X-Core-Value
X-Core-Mission
X-Planisys-CDN-TTL
X-Varnish-CookieINHashed-On
X-DefHash
X-Origin-Time
X-Origin-Expires
X-Origin
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Device-Os
X-Clara-WADP
Web-Mar-Region
Machine
Locid
AKAMAI
Adler-Geo
Mail-Subject
X-Request-URI
X-Wix-Viewer-Type
X-Varnish-Remaining-TTL
Fastly-GeoIP-CountryCode
Environment
X-Worker
Is-Eu
Memcached
X-WADP-Cache
X-VG-TLSProxy
X-Viewer-Country
Source
X-ZONE
X-Policy
X-Cdn-Origin
X-Platform
X-Pool
L5d-Success-Class
X-Csrf-Jwt
X-CGP
PFcat
X-Loc
X-Proxy-Cache-Info
HA-Ipaddr
X-Rebelmouse-Surrogate-Control
X-Branch-Name
Fastcgi-Cache-TTL
X-Qloud-Router
X-Cache-Date
X-Level-Front-Cache
X-Eu-Site
X-Httpd
X-Rebelmouse-Cache-Control
X-Datadog-Sampling-Priority
X-Old-Content-Length
Arc-Country
Cache
X-Gamma-Serve
X-VarnishDD-TTL
MD5-Digest
X-Minions-Version
L
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Datadog-Trace-Id
X-Forwarded-Site
X-Datadog-Parent-Id
X-GeoIP-City
X-Generated-On
X-BBC-Edge-Cache-Status
X-HN
CloudFront-Viewer-Country
Cluster
X-Proxy-Upstream
Gh-Request-Id
X-Thinkindot-L3
HostName
Req-Svc-Chain
Release
Fastly-SWR
CDCHOST
X-Served-From
Kp-EeAlive
Traceparent
Thinkindot-CacheControl
X-Skip-Cache
TDXMobile
X-Sn-Servicetimems
Thinkindot-CacheControl-Type
Ssr
X-VServer
Thinkindot-Control
Redirect-Candidate
Fastly-SIE
Ha-Gx-Prefs
X-Rocket-Nginx-Serving-Static
X-Response-By
X-Region-Sid
X-Auto-Login
Origin
X-Aicache-OS
N-Cache
Origin-EX
X-Srv
Origin-CC
X-Parent-Response-Time
X-Tec-Api-Root
CDN
X-CS
X-Tec-Api-Version
X-Tec-Api-Origin
X-Optimistic-Header
X-Dispatcher-Number
X-CacheTTL
NGX
X-DW
X-RSL
X-RPM
X-RPS
X-DI
X-DB
X-DSS
DSUID
X-VC
X-Scale
Sever-Int
X-EC-Lua
X-Via-Ucdn
X-SIPLIST1
X-TraceId
X-WP-CF-Super-Cache-Cache-Control
X-Accel-Expires-Debug
Pics-Label
X-Owner
Server-Hostname
X-NC
IsBot
X-Date
X-Refresh
Server-Ext
X-WP-CF-Super-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
X-LB-NoCache
Env
Memory
Servername
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Time
GEO-INFO
X-TIME
Ms-Author-Via
X-Udemy-Cache-App-Namespace
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
X-IPLB-Request-ID
X-Wikidot-Static-Cache
X-Mvc-Supplant-OutputCached
X-Wikidot-Backend
X-RateLimit-Reset
Ohc-File-Size
X-Cache-Debug
X-Amz-Meta-Cb-Modifiedtime
X-Edge-Pop
Cache-Key
Geo-Info
Datacenter
Candidate-Md5Url
X-Varnish-Ttl
X-Newrelic-Synthetics
X-API-Version
X-Ad-Defer-Variation
X-BCube-Filmed-By
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
X-Xrds-Location
Fusion-Content-Id
Fusion-Template-Id
X-Via-Popn
X-Via-Popv
X-Servedbyhost
VNS-Cache
VNS-Age
CPC-Age
CPC-Cache
X-Contensis-Viewer-Groups
X-Cache-ASPX
CacheControlHeader
XM
X-SplitTest
X-Generated-In
X-Via-Poph
Fastly-Backend-Name
X-HA-Backend
X-Action
True-Client-Country-4JS
X-TH-Server
GeoIp-Country-Code
X-WA-Info
X-S-Maxage
X-Trace-ID
X-Varnish-Authentication
ITXSESSIONID
X-Cache-Status-Check
X-DC
X-Micro-Cache
X-Backend-TTL
X-VCL-Version
Path
Client
Geoip-Latitude
FSS-Cache
Server-ID
X-AIR-PT
X-CACHE-KEY
X-Vc
X-Varnish-Beresp-TTL
X-Webkit-Csp-Report-Only
X-VHOST
Cache-Host
X-Req
Edge-Cache
X-Cs
X-Provided-By
My-App
Lb
Hostname
Ngx.Var.Host
X-Presslabs-Stats
Ohc-Cache-HIT
X-Fpc
X-Zone
True-Client-IP
X-Origin-Upstream-Status
X-Dynatrace
NtCoent-Length
XkeyRZ
X-Clientip
X-Api-Version
X-FireWall-Port
X-Pass-Why
X-Proxy-CacheRZ
X-Up
X-TX-ID
DataCenter
X-Traceid
X-LB-ID
X-PX
Powered-By
X-Varnish-Beresp-Ttl
Test
X-B3-Spanid
X-FPC
X-Cdn-Request-ID
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-Li-Fabric
X-LI-UUID
X-Li-Pop
X-CSRF-TOKEN
X-Correlation-ID
OT-Force-Account-Verify
X-ND-Cache
X-Beluga-Status
X-Beluga-Node
X-Beluga-Cache-Status
User-Agent
X-Beluga-Record
X-Beluga-Response-Time
X-MSEdge-Features
X-Beluga-Trace
X-UnsetCookies
X-Webkit-CSP-Report-Only
X-Dmc
X-MSEdge-Flight
WZWS-RAY
X-Render-Time
Proxy-Connection
Server-Id
X-INCAP-ABP
X-Time-Microsecs
X-Vcl-Version
X-CUA
X-CLOUD-TRACE-CONTEXT
Srvid
X-RAMCache
X-Via-PopN
X-Platform-Processor
X-Ha-Backend
X-Via-PopH
X-Platform-Router
GeoIP-Country-Code
X-B3-Traceid-Primal
Tracecode
Cf-Device-Type
GeoIP-Latitude
Rip
Target-Params
C-Via
X-Via-PopV
X-HS-Status
X-URL
X-Platform-Cluster
X-Fragments
X-Azure-Ref-OriginShield
X-Geo
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
Uri
X-ATG-Version
X-Gateway-Request-Id
X-FC-Vary-Parameters
X-Fastly-Backend
X-Gateway-Skip-Cache
Resin-Trace
Click-Count-Error
X-Sucuri-Cache
Lfy
Tube-Get-Contents
X-ServedByHost
X-Gateway-Cache-Status
Tube-Got-Eval
X-Gateway-Cache-Key
Tube-Return
X-Service
Click-Count-Action-Start
Sid
X-Sucuri-ID
X-Var-Ttl
Tube-Got-Results
MIME-Version
Esi-Enabled
X-Alfa-Service
X-M-Log
X-LI-Proto
X-M-Reqid
X-Qnm-Cache
X-Proxy-Cache-Hk
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Fetch-By
Epwk-X-Cache
X-CCDN-CacheTTL
Cdn
Fastly-Drupal-HTML
X-TRACE-ID
HIT
On-Server
X-Edge-POP
X-Backend-Host
Section-Io-Id
X-DynaTrace-JS-Agent
X-NU-AKA-ACS-Version
Section-Io-Origin-Status
Section-Origin-Responded
ENV
Section-Io-Origin-Time-Seconds
X-Fastly-Backend-Reqs
X-Varnish-Beresp-Status
Srv
X-Li-Proto
Magicmarker
X-Esi
X-LiteSpeed-Cache-Control
X-Backend-State
XServer
X-Cdn-Forward
X-Cache-Expires
X-App
X-MG-S
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Server-Ttl
X-ElasticPress-Query
ServerName
X-Request-Start
CF-Cached-On
X-Newrelic-App-Data
X-Lb-Nocache
PICS-Label
X-APP
Tcn
X-Cache-CFC
X-Yottaa-OS
Cf-Ipcountry
X-Iplb-Request-Id
Wpo-Cache-Status
X-Thanos
X-Bip
X-BBC-Origin-Response-Status
D-Url-Rewrites
Wpo-Cache-Message
X-Iplb-Instance
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
Inserted-Into-Cache-At
X-Nc
X-Serial
X-Acquia-Site
Servedby
Warning
X-HostName
X-Fastly-Cache-Hits
X-Back
Fastcgi-Cache-Ttl
Cneonction
Ngx
X-Wp-Cf-Super-Cache
X-Snapshot-Date
X-Dist-Code
X-Vercel-Cache
X-Vercel-Id
True-Client-Ip
Hit
X-Release
X-Request-Url
X-Wp-Cf-Super-Cache-Cache-Control
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-Akamai-Request-ID
X-Swift-Error
X-Request-URL
CountryCode
X-Shopify-Generated-Cart-Token
Content-Script-Type
Content-Style-Type
X-LiteSpeed-Tag
X-Litespeed-Cache-Control
X-IN-APIGATEWAY
X-B3-Parentspanid
X-CF-Powered-By
X-Th-Server
X-Storefront-Renderer-Verified