Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
Access-Control-Allow-Origin
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
P3p
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
EagleId
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
Nel
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-Dispatcher
X-LiteSpeed-Cache
EagleEye-TraceId
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Allow
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Aws-Lambda-Call-Status
X-Server-Id
X-CST
Surrogate-Control
Accept-CH
Request-Id
X-Backend-Server
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
X-ASPNET-VERSION
Cf-Edge-Cache
Rating
X-Cloud-Trace-Context
X-Trace
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Vname
X-PC
X-TtlSet
X-MS-InvokeApp
X-Rack-Cache
X-Varnish-TTL
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-ESI
X-Content-Type
X-VARITI-CCR
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-Amz-Rid
X-Kinja-Revision
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Ac
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cnection
X-Amz-Server-Side-Encryption
X-Px
X-Element-Page-Cache
X-RateLimit-Remaining
Accept-Ch
X-D2id
Verso
X-Navigation-Version
X-Client-IP
X-Abt-Application-Version
X-Powered-By-Plesk
Service-Worker-Allowed
X-Cache-TTL
X-Middleton-Display
Display
X-Sol
Pagespeed
X-Ser
X-Litespeed-Cache
X-FastCGI-Cache
X-Version
X-Edge
X-Country-Code
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Response
X-Middleton-Response
Access-Control-Request-Method
X-NF-Request-ID
X-Ttl
X-Goog-Hash
X-Correlation-Id
X-Ruxit-Js-Agent
X-Kinsta-Cache
AR-PoweredBy
AR-CACHE
AR-Request-ID
AR-ATIME
AR-SID
X-Webkit-Csp
X-Upstream
X-Edge-Location-Klb
SPRequestDuration
SPIisLatency
X-RateLimit-Limit
X-NWS-LOG-UUID
X-Cached
X-LLID
X-Cache-Key
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
Nginx-Cache
Edge-Cache-Tag
X-TTL
TCN
X-SharePointHealthScore
SPRequestGuid
X-Forwarded-For
Mrf-Cache-Status
MRF-Tech
X-MSEdge-Ref
MS-Author-Via
Content-MD5
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Daa-Tunnel
X-T
X-B3-TraceId-Primal
X-Recruiting
S
X-DataDome
X-Mg-S
X-Content-Digest
X-Ua-Device
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Protected-By
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Frontend
X-Ezoic-Cdn
X-Content
X-Ua-Browser
X-Ab
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Server-Node
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
Front-End-Https
X-Request-Received
X-Request-Processing-Time
X-Accel-Expires
X-Grace
Filters
X-Server-ID
X-Mid
Fastcgi-Cache
X-PressLabs-Stats
X-ECACHE
X-Hits
X-Geo-Country
X-Origin-Server
X-ORACLE-DMS-ECID
TP-L2-Cache
X-Distributor
TP-Cache
X-ORACLE-DMS-RID
X-Debug-Info
Pinterest-Version
X-DynaTrace
X-Pinterest-Rid
Pinterest-Generated-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amzn-Trace-Id
Charset
Cleartype
Host
X-Page-Id
X-F-Cache
X-Ratelimit-Reset
X-Git-Hash
X-B3-Sampled
X-DIS-Request-ID
Cross-Origin-Opener-Policy
X-Www-Served-By
X-LB-Cache
X-Forwarded-Proto
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Age
Access-Control-Allow-Method
ServerID
Cache-Tags
X-Seen-By
X-Aspnetmvc-Version
X-Cluster-Name
X-Activity-Id
X-Az
X-AppVersion
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Language
Accept-Charset
Cache-Status
X-Varnish-Age
Server-Name
Realpath
Filterid
X-Rid
X-Type
X-Content-Options
X-App-Environment
X-Mobile-URL
X-WebKit-CSP-Report-Only
X-VCache
X-Varnish-Grace
Viewport
Node
Country
X-Fastly-Request-ID
X-Tb
X-Nginx-Upstream-Cache-Status
X-Wix-Request-Id
X-Origin-Cache
X-FB-Debug
X-Upgrade-Enabled
X-User-Agent
X-MCACHE
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Drupal-Cache-Tags
Paypal-Debug-Id
X-Signature
X-Whom
DC
X-Route-Name
X-Aspnet-Duration-Ms
X-B-Cache
X-NWS-UUID-VERIFY
Protected
X-TT
X-Via-JSL
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Retry-After
X-Varnish-Backend
Fastcgi-Useragent
X-XRDS-LOCATION
X-Cache-NGX
X-B
X-Fastcgi-Cache
Payment
X-Amz-Replication-Status
X-Contextid
X-Debug
X-XRDS-Location
X-Logged-In
WPO-Cache-Message
WPO-Cache-Status
X-N
X-Load-Cache
X-Template
X-FW-Type
X-FW-Dynamic
X-FW-Serve
X-FW-Static
X-FW-Hash
X-FW-Server
X-Fastly-Request-Id
X-Mcache
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Hostname
X-Node-Name
Count-Hit
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Amz-Meta-S3cmd-Attrs
X-Browser-Type
Akamai-GRN
X-Original-Request-Id
Healthy
SD-X-WS
X-Response-Served-From
Refresh
X-Proxy
X-Cache-TTL-Remaining
Content-Disposition
VIX-Pulpo-Upstream-Status
X-Revision
X-UUID
X-Akamai-Request-ID2
X-Zen-Fury
X-Rendered-As
X-Real-IP
X-Cache-Time
X-G
X-Is-Bot
X-Jobs
Uber-Trace-Id
VIX-Pulpo-Node
X-Framework
X-Page-View
X-Http-Reason
X-Cacheable-TTL
X-Parallel-Accel
X-Mobile
X-Debug-IsPreview
X-Debug-IsConnected
X-Device-Type
X-Proxy-Cache-Status
X-Adobe-Loc
X-Instance
X-Adobe-Content
X-Yottaa-Optimizations
Alternate-Protocol
X-Yottaa-Metrics
NGB
X-Drupal-Cache-Contexts
Access-Control-Request-Headers
X-Trace-Id
Url
X-IPLB-Instance
X-Cache-Rule
Permissions-Policy
From-Origin
X-ECache
X-Source
X-Servername
X-B3-Traceid
X-Vgn-Hpd-Reason
Version
X-Cache-Grace
X-Varnish-Server
X-Cache-Expired-At
X-Oneagent-Js-Injection
Accept-Language
X-Cache-Hit
X-Environment-Context
X-L-Path
X-Mg-Request-UUID
Referer-Policy
X-EdgeConnect-Cache-Status
X-Restarts
X-NGENIX-Cache
Countrycode
X-RTag
Ms-Operation-Id
MS-CV
X-FW-Version
Cross-Origin-Window-Policy
X-App-Server
X-IPS-LoggedIn
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Cache-Action
X-NYM-Debug-Backend
X-COUNTRY
Backend
X-HTML-Minification-Powered-By
Liferay-Portal
Frame-Options
X-Nginx-Cache
X-RemovedCookies
X-ProcessESI
CF-IPCountry
Content-Secure-Policy
WP-Super-Cache
X-Hyper-Cache
Section-Io-Cache
Meta-Geo
X-Section
X-UPSTREAM-Address
Upgrade-Insecure-Requests
X-RN-RSRV
X-Redis-Cache
X-Format
X-Access
X-Cache-Server
Cache-Tv-Group
X-Region
X-Cache-Enabled
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
Property-Id
Apigw-Requestid
Ec-Rule-Version
X-OCL
X-ApacheServer
X-PCL
X-PERF
X-Content-Age
X-FB-TRIP-ID
Webcakes-App-Name
X-Detected-As
X-Origin-Hint
X-No-Session
Mn-Server-Ip
TWC-Locale-Group
X-Generation-Time
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Ratelimit-Remaining
X-Cluster-Node
TWC-Privacy
X-Origin-Date
X-Status
X-Human
X-Web-Node
X-Hosted-By
X-PHP-Backend
Locale
X-Generated-By
X-Sql-Count
X-Be
X-Storage
X-UA-Device-Type
X-AOL-HN
X-Say-TTL
X-Server-W
X-Urbn-Site-Id
X-Via-Fastly
X-Uri
X-Request-Time
X-Varnish-Cache-Hits
X-Xfnlog-Site
S-Rt
X-Sql-Duration-Ms
X-Site-Version
X-SayCDN-TTL
X-Urbn-Context-Path
Azure-RegionName
Azure-SiteName
X-Say-Cacheable
Azure-Version
Azure-SlotName
Azure-InstanceId
X-Akamai-Edgescape
X-Rule
X-Mode
CDN-RequestId
CDN-Uid
X-Content-Powered-By
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
X-Webkit-CSP
CDN-EdgeStorageId
X-Cache-Type
Webserver
Fastly-SSL
X-Forwarded-Host
Eomportal-Instance
X-BYPASS-REASON
X-Cache-Tags
X-Cache-Host
CDN-Cache
X-Debug-Cache
X-ProxyCache-Key
X-Platform-Server
X-Nginx-Cache-Key
X-Unique-Id
X-ProxyCache-Status
X-ServerID
X-Zipkin-Id
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-SaId
X-Alternate-Cache-Key
X-Varnishpool
X-JoinUs
X-Hl-Ver
X-Adobe-Source
X-Ua
X-Tid
X-Extlb
X-Proxied
X-Routing-Service
X-Backend-Name
X-Handled-By
X-Timing-Wait
X-TT-LOGID
X-Proxy-Build
ServedBy
Selected-Fe
X-Accel-Buffering
X-PHP-Host
X-Locale
X-Labrador-Cache-Channel
X-Cache-Operation
X-GG-Cache-Date
X-APP-VERSION
X-Cache-Remote
X-AWS-Id
X-VWS-Id
Xserver
X-LJ-Flow-ID
X-App-Version
X-Rewrite-Enabled
X-VC-Cache
X-LSADC-Cache
SID
X-NewRelic-App-Data
X-CDN-Forward
X-Soup
X-Cached-By
X-Pubstack
SRV
X-Dc
Fastly-Drupal-Html
X-Edge-Location
Web-Mar-Node
X-Buckets
Mime-Version
X-TA-CDN-Provider
LB
X-Datadome
X-Storefront-Renderer-Rendered
X-Proto
X-GEO
X-Cms-Context
X-Reqid
Country-Code
Decoy-Debug-Key
X-Request-Host
Decoy-Debug-Status
Decoy-Debug-TTL
X-Microcachable
Onion-Location
X-Varnish-Hostname
X-Midtier
X-Ratelimit-Limit
Server-Info
X-Origin-CC
X-Origin-TTL
X-GeoCountry
X-GeoCode
Load-Balancing
Cache-Hits
X-Ms-Request-Id
X-Ms-Version
X-Cluster
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-NCache
X-CSRF-Token
X-B3-SpanId
X-Varnish-Hits
Xet-Cookie
DynaTrace
X-Bc-Bl
X-RCS-CacheZone
X-Envoy-Decorator-Operation
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Varnish-Beresp-Grace
X-Origin-Response-Time
X-Magnolia-Registration
Cache-Name
X-Endurance-Cache-Level
X-Tx-Id
X-Orig-Expires
X-NodeID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-PBS-Appsvrname
X-Connection-Hash
X-NAPM-TraceId
X-Conf
X-PAYTM-SRV-ID
BehaviorPad-Version
X-External-Request-Id
Meta-Geo-Continent
Mobile-Detection-Method
X-Esi-Check
Lang
Host-ID
X-Ftr-Request-Id
X-From
X-Forwarded-Path
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Developer
Rendered-Blocks
X-Destination
Sslversion
X-Developers
Pramga
NM-Fastcgi-Cache
X-Ec-Fail
Odigeo-Trace-Id
Surrogated-Key
Fastcgi-X-Cache-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-HS-Content-Campaign-Id
X-Hash
Apple-News-Services-Host
Apple-News-Services-Handled
X-Ig-Push-State
X-D
A
Cdncip
Cdnsip
DCR-Decision-By
DCR-Processing-Time-Ms
X-Geo-Header
Expiry
DB-Nickname
Cmstype
X-Gzip
T-Server
Cmsid
X-LAGOON
X-S
X-Vdms-Version
X-Vdms-Path
X-VG-WebCache
X-Time
X-A-Dgt
X-Azure-Ref
X-TrackingId
X-TIM-N
X-A-Ccd
X-Shop-Environment
X-A-Dam
X-SRCache-Key
X-A-Dcw
X-Tenant
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Cache-Id
X-AK-Request-ID
X-Application
X-ARC
X-B-Cookie
X-Cache-Bucket
X-Cache-NE
X-Aed
X-Webstats-RespID
X-SRV
X-A-Wwc
Xc-Version
X-Cdn-Srv
X-Session-Fingerprint
X-User
Wxu-Next-Region
X-Rojux
X-S-Cookie
X-SD-PageType
Wxu-Next-Hostname
Wxu-Next-Commit
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-A
X-ScT
X-Processor
X-R9-Blue-Green-Version
X-Via-NSCOPI
Locid
X-Fetched-On
We-Hiring
Machine
X-Fastly-Cache
Vix-Hermes-Req-Id
Memcached
Mail-Subject
X-Fmm-Version
Is-Eu
State
X-Sigma
X-Core-Value
X-WADP-Cache
X-Planisys-CDN-Cache
Web-Mar-Region
X-Wix-Viewer-Type
X-Planisys-CDN-Rules
V-Age
X-Request-URI
X-Pod-Name
Producers
X-Server-IP
X-Cache-Backend
X-DefElseHash
Server-Host
X-DefHash
X-Men
Platform
X-Node-Id
X-Cache-Info
User-Cache-Control
X-Block-Status
X-Ec-Custom-Error
X-Device-Os
X-DPWN-IS-SECURE
X-Loop
Fastly-GeoIP-CountryCode
X-Core-Mission
AKAMAI
Adler-Geo
X-TNCMS
X-Origin
X-Variation
X-V-Cache
X-Planisys-CDN-TTL
X-Clara-WADP
X-SB
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
X-Scheme
X-SVT-ORM-RULES
X-Slack-Backend
Source
X-SVT-ORM-VERSION
X-Gen-Mode
X-Hnp-Log
X-Sigma-Backend
X-Viewer-Country
X-Location
X-GeoIP
X-Rocket-Build-Number
Svr
X-Mvc-Supplant-Cachable
Environment
X-VG-TLSProxy
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Has-Esi
X-Ckpd-Fst-Backend
X-Origin-Expires
X-ZONE
X-Branch-Name
X-Datadog-Sampling-Priority
X-Cdn-Origin
X-Datadog-Parent-Id
X-Pool
X-Worker
CDCHOST
Ha-Gx-Prefs
HA-Ipaddr
X-VServer
X-Thinkindot-L3
X-Served-From
X-Skip-Cache
X-Sn-Servicetimems
L5d-Success-Class
PFcat
X-RateLimit-Remaining-Second
X-VarnishDD-TTL
L
MD5-Digest
X-RateLimit-Limit-Second
X-HN
X-CGP
X-Csrf-Jwt
X-Eu-Site
X-Rocket-Nginx-Serving-Static
X-Response-By
X-Httpd
X-Level-Front-Cache
X-Loc
X-Minions-Version
X-GeoIP-City
X-Generated-On
X-Forwarded-Site
X-Gamma-Serve
X-Gdpr
X-Nyt-Route
X-Old-Content-Length
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Origin-Time
X-Platform
X-Policy
X-Datadog-Trace-Id
X-Cache-Date
Origin-CC
Origin
N-Cache
Origin-EX
Redirect-Candidate
Ssr
Req-Svc-Chain
Release
Kp-EeAlive
Gh-Request-Id
Arc-Country
HostName
X-Srv
Cache
CloudFront-Viewer-Country
Fastly-SWR
Fastcgi-Cache-TTL
Cluster
TDXMobile
Fastly-SIE
Traceparent
X-Auto-Login
Thinkindot-CacheControl
X-Amzn-Remapped-Content-Length
X-Aicache-OS
Thinkindot-Control
X-BBC-Edge-Cache-Status
Thinkindot-CacheControl-Type
X-Parent-Response-Time
CDN
X-Tec-Api-Root
X-Tec-Api-Origin
X-CS
X-Tec-Api-Version
X-Optimistic-Header
X-CacheTTL
X-RPS
X-Dispatcher-Number
X-RSL
X-RPM
DSUID
X-DB
X-DI
NGX
X-DW
X-DSS
X-Owner
X-Scale
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-TraceId
X-NC
X-Date
X-EC-Lua
IsBot
Pics-Label
X-Accel-Expires-Debug
X-VC
X-Via-Ucdn
X-SIPLIST1
Server-Ext
Sever-Int
X-Refresh
Server-Hostname
X-Tb-Optimization-Total-Bytes-Saved
Time
X-Ah-Environment
Servername
X-Tt-Logid
Env
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-LB-NoCache
Memory
X-TIME
Ms-Author-Via
AMP-Access-Control-Allow-Source-Origin
GEO-INFO
X-Akamai-Transformed
X-Udemy-Cache-App-Namespace
X-API-Version
X-RateLimit-Reset
X-Wikidot-Backend
X-Cache-Debug
X-IPLB-Request-ID
X-Mvc-Supplant-OutputCached
Ohc-File-Size
X-Wikidot-Static-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Ad-Defer-Variation
X-BCube-Filmed-By
Candidate-Md5Url
Datacenter
X-Varnish-Ttl
Geo-Info
X-Newrelic-Synthetics
X-Edge-Pop
Cache-Key
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-Xrds-Location
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-Generated-In
X-Servedbyhost
CPC-Age
X-Contensis-Viewer-Groups
X-Cache-ASPX
CPC-Cache
VNS-Age
X-Via-Popn
XM
X-SplitTest
VNS-Cache
X-Via-Poph
X-Via-Popv
CacheControlHeader
X-WA-Info
Fastly-Backend-Name
ITXSESSIONID
X-Action
True-Client-Country-4JS
GeoIp-Country-Code
X-S-Maxage
X-Trace-ID
X-Varnish-Authentication
X-HA-Backend
X-TH-Server
X-Backend-TTL
X-Micro-Cache
Path
X-Cache-Status-Check
X-VCL-Version
X-DC
Client
Server-ID
X-Vc
FSS-Cache
X-CACHE-KEY
Geoip-Latitude
X-AIR-PT
X-VHOST
X-Varnish-Beresp-TTL
X-Webkit-Csp-Report-Only
Cache-Host
X-Req
Edge-Cache
X-Provided-By
X-Cs
Ngx.Var.Host
Lb
My-App
Hostname
X-Presslabs-Stats
Ohc-Cache-HIT
True-Client-IP
X-Fpc
X-Zone
X-Origin-Upstream-Status
X-Dynatrace
X-Pass-Why
X-Clientip
X-FireWall-Port
NtCoent-Length
X-Proxy-CacheRZ
XkeyRZ
X-Up
X-TX-ID
Powered-By
DataCenter
X-LB-ID
X-PX
X-Traceid
X-Api-Version
Test
X-Cdn-Request-ID
X-B3-Spanid
X-FPC
X-Varnish-Beresp-Ttl
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-Li-Fabric
X-LI-UUID
X-Li-Pop
X-CSRF-TOKEN
X-Correlation-ID
OT-Force-Account-Verify
X-Beluga-Response-Time
X-Beluga-Status
X-MSEdge-Flight
WZWS-RAY
X-Beluga-Cache-Status
X-Beluga-Node
User-Agent
X-UnsetCookies
X-Dmc
X-ND-Cache
X-Beluga-Trace
X-Webkit-CSP-Report-Only
X-Beluga-Record
X-MSEdge-Features
Proxy-Connection
X-Time-Microsecs
X-Render-Time
X-Vcl-Version
X-INCAP-ABP
Server-Id
X-CUA
X-CLOUD-TRACE-CONTEXT
Rip
GeoIP-Latitude
Tracecode
X-Via-PopV
Srvid
X-Via-PopH
C-Via
Target-Params
X-Fragments
GeoIP-Country-Code
X-Via-PopN
X-Ha-Backend
X-HS-Status
X-RAMCache
X-URL
X-Platform-Cluster
Cf-Device-Type
X-B3-Traceid-Primal
X-Platform-Router
X-Platform-Processor
X-Akamai-Pragma-Client-IP
X-Geo
X-Check-Cacheable
X-Azure-Ref-OriginShield
X-Gateway-Request-Id
X-Service
Sid
X-Var-Ttl
Uri
X-ATG-Version
X-Sucuri-ID
X-Sucuri-Cache
Resin-Trace
X-ServedByHost
X-Gateway-Skip-Cache
Tube-Got-Results
Tube-Got-Eval
Tube-Return
Lfy
X-Gateway-Cache-Status
X-Gateway-Cache-Key
Tube-Get-Contents
X-FC-Vary-Parameters
X-Fastly-Backend
Click-Count-Error
Click-Count-Action-Start
MIME-Version
X-M-Reqid
X-Hcs-Proxy-Type
X-M-Log
X-Qnm-Cache
X-CCDN-CacheTTL
Epwk-X-Cache
Esi-Enabled
X-CCDN-Origin-Time
X-Fetch-By
X-Alfa-Service
X-Proxy-Cache-Hk
X-LI-Proto
Fastly-Drupal-HTML
X-TRACE-ID
Cdn
X-Edge-POP
X-NU-AKA-ACS-Version
On-Server
HIT
X-Backend-Host
X-Li-Proto
Section-Origin-Responded
X-Varnish-Beresp-Status
X-DynaTrace-JS-Agent
X-Fastly-Backend-Reqs
Magicmarker
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
ENV
Srv
X-LiteSpeed-Cache-Control
X-Cache-Ttl
X-Esi
X-Backend-State
XServer
X-Cache-Expires
X-Cdn-Forward
X-App
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MG-S
X-Request-Start
X-Newrelic-App-Data
X-APP
PICS-Label
X-Yottaa-OS
CF-Cached-On
X-ElasticPress-Query
ServerName
Server-Ttl
X-Cache-CFC
Tcn
X-Lb-Nocache
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
Inserted-Into-Cache-At
X-Acquia-Application-UUID
D-Url-Rewrites
X-Acquia-Purge-Tags
X-Acquia-Site
X-Bip
X-Iplb-Instance
Cf-Ipcountry
X-Thanos
X-Nc
Wpo-Cache-Status
Wpo-Cache-Message
X-Serial
X-Iplb-Request-Id
X-HostName
Warning
Servedby
X-Vercel-Id
X-B3-Parentspanid
X-Vercel-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Fastcgi-Cache-Ttl
Hit
X-UA
True-Client-Ip
X-Fastly-Cache-Hits
Ngx
X-Back
X-LiteSpeed-Tag
X-Th-Server
X-Snapshot-Date
Content-Style-Type
Content-Script-Type
X-Request-Url
CountryCode
X-Dw-Trace-Id
X-Dist-Code
X-Shopify-Generated-Cart-Token
X-Request-URL
X-Litespeed-Cache-Control
X-Swift-Error
X-IN-APIGATEWAYSSL
X-Release
X-Akamai-Request-ID
X-Storefront-Renderer-Verified
X-CF-Powered-By
Cneonction
X-IN-APIGATEWAY