Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Akamai-Path-Stats
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-UA-Device
X-Proxy-Cache
Host-Header
X-Hacker
X-Rq
Grace
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-LiteSpeed-Cache
X-Amz-Version-Id
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
X-CST
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
X-Cache-Lookup
X-Response-Time
Accept-CH
X-HW
X-Application-Context
Xkey
Content-Location
Rating
Accept-Ch
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
Accept-Ch-Lifetime
X-Trace
X-Country
X-Url
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-TtlSet
X-PC
X-Vname
RTSS
X-Amz-Server-Side-Encryption
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-FastCGI-Cache
X-Server-Name
Cache-Tag
X-Edge
X-B3-TraceId
X-Vcap-Request-Id
X-ESI
X-Content-Type
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-Dw-Request-Base-Id
X-Amz-Rid
X-Px
X-ASPNET-VERSION
Public-Key-Pins
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Content-Security-Policy-Report-Only
X-Powered-By-Plesk
X-Sol
X-Abt-Application-Version
X-Middleton-Display
Display
Pagespeed
X-Ac
Verso
X-RateLimit-Remaining
X-Client-IP
X-Element-Page-Cache
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
Response
X-Middleton-Response
X-Goog-Hash
X-Cached
SPIisLatency
Access-Control-Request-Method
SPRequestDuration
X-Ttl
X-Kinsta-Cache
X-SharePointHealthScore
X-Edge-Location-Klb
SPRequestGuid
X-TTL
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-SID
AR-Request-ID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Powered-CMS
X-Correlation-Id
X-Upstream
X-LLID
Edge-Cache-Tag
X-WebKit-CSP-Report-Only
X-Forwarded-For
X-NWS-LOG-UUID
X-Litespeed-Cache
Content-MD5
X-RateLimit-Limit
X-Cache-Key
X-Id
Nginx-Cache
X-ECACHE
X-Ruxit-Js-Agent
X-Shield-Request-Id
TCN
X-MSEdge-Ref
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Recruiting
MRF-Tech
Mrf-Cache-Status
S
X-T
X-Daa-Tunnel
X-Content-Digest
X-B3-TraceId-Primal
X-Mg-S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ua-Device
TP-Cache
TP-L2-Cache
X-Jurisdiction
X-Mcache
X-HP-Trace-Id
X-DataDome
X-HP-Webp
X-Grace
X-Accel-Expires
X-DynaTrace
X-Frontend
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Protected-By
Front-End-Https
X-Yandex-Sdch-Disable
Filters
MicrosoftSharePointTeamServices
X-Request-Received
Server-Node
X-Request-Processing-Time
X-Ab
X-Content
X-Ezoic-Cdn
X-Ua-Browser
X-PressLabs-Stats
X-Distributor
X-Origin-Server
X-Hits
Fastcgi-Cache
X-LB-Cache
X-Geo-Country
X-ORACLE-DMS-ECID
MS-Author-Via
X-ORACLE-DMS-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Amzn-Trace-Id
Charset
X-Tt-Trace-Host
X-Mid
X-Tt-Trace-Tag
X-Webkit-Csp
Host
X-B3-Sampled
X-F-Cache
X-Page-Id
X-Git-Hash
Cross-Origin-Opener-Policy
Cleartype
X-Forwarded-Proto
Cache-Status
Realpath
X-Debug-Info
X-Seen-By
X-Cache-Age
X-AppVersion
X-Activity-Id
X-Az
X-DIS-Request-ID
Access-Control-Allow-Method
X-Ratelimit-Reset
X-Nginx-Upstream-Cache-Status
Accept-Charset
X-Fastly-Request-Id
X-Www-Served-By
Permissions-Policy
X-Webkit-CSP
Filterid
X-Server-ID
ServerID
Cache-Tags
X-Aspnetmvc-Version
X-Varnish-Age
X-Content-Options
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Rid
X-Cluster-Name
X-FB-Debug
Retry-After
X-Type
Server-Name
X-Midtier
X-B
X-Is-Crawler
X-Tb
X-Route-Name
X-Request-Guid
X-Flags
X-Aspnet-Duration-Ms
X-Amz-Meta-S3cmd-Attrs
X-Providence-Cookie
Country
X-Varnish-Backend
X-App-Environment
X-TT
Viewport
X-Varnish-Grace
X-B-Cache
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-User-Agent
X-Signature
X-Origin-Cache
Paypal-Debug-Id
DC
X-Whom
X-VCache
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Node
Fastcgi-Useragent
X-Language
X-Debug
X-Oracle-Dms-Ecid
X-Upgrade-Enabled
X-Oracle-Dms-Rid
X-Oneagent-Js-Injection
X-Kong-Proxy-Latency
X-NWS-UUID-VERIFY
X-Kong-Upstream-Latency
X-Logged-In
X-Amz-Replication-Status
X-Mobile-URL
Protected
X-Cache-NGX
Amp-Access-Control-Allow-Source-Origin
Payment
X-N
Surrogate-Key
X-Load-Cache
WPO-Cache-Message
WPO-Cache-Status
X-Cache-Control
Count-Hit
X-XRDS-LOCATION
Alternate-Protocol
X-XRDS-Location
X-NGENIX-Cache
X-Contextid
Healthy
X-Restarts
X-Node-Name
X-Mobile
X-Via-JSL
X-Proxy
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
Content-Disposition
SD-X-WS
X-MCACHE
X-Response-Served-From
X-Original-Request-Id
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Type
Akamai-GRN
Url
X-Jobs
X-G
Refresh
X-Adobe-Loc
X-Page-View
X-Adobe-Content
X-Servername
X-Revision
X-UUID
X-Real-IP
X-Zen-Fury
X-Varnish-Server
X-Cache-Time
X-Akamai-Request-ID2
Uber-Trace-Id
X-Debug-IsConnected
X-Debug-IsPreview
X-Http-Reason
X-Is-Bot
X-Cacheable-TTL
X-Cache-TTL-Remaining
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Rendered-As
X-Mg-Request-UUID
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
Access-Control-Request-Headers
X-Device-Type
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Framework
X-Cache-Grace
X-L-Path
X-Environment-Context
NGB
X-Instance
X-Datadome
X-Hostname
Frame-Options
X-HTML-Minification-Powered-By
Version
X-Template
X-Fastly-Request-ID
X-IPLB-Instance
X-EdgeConnect-Cache-Status
X-Source
X-ECache
Ms-Operation-Id
X-B3-Traceid
Referer-Policy
MS-CV
X-RTag
Countrycode
Liferay-Portal
Accept-Language
X-NYM-Debug-Backend
X-Cache-Rule
X-App-Server
X-Ratelimit-Remaining
X-Trace-Id
X-Cache-Hit
X-Cache-Expired-At
Cross-Origin-Window-Policy
From-Origin
X-Tumblr-Pixel-0
X-Tumblr-User
X-Hosted-By
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Backend
X-Unique-Id
X-Nginx-Cache
X-Vgn-Hpd-Reason
X-IPS-LoggedIn
X-APP-VERSION
X-COUNTRY
X-ProcessESI
X-Status
X-RemovedCookies
X-RN-RSRV
Load-Balancing
WP-Super-Cache
X-FW-Version
Section-Io-Cache
X-UPSTREAM-Address
Meta-Geo
X-OCL
X-FB-TRIP-ID
X-Cache-Server
X-PCL
Upgrade-Insecure-Requests
Content-Secure-Policy
X-Request-Time
X-Region
X-Redis-Cache
X-Sql-Count
X-VWS-Id
X-Ua
X-Via-Fastly
X-Sql-Duration-Ms
X-PHP-Host
X-Section
X-LJ-Flow-ID
S-Rt
CF-IPCountry
Apigw-Requestid
X-Content-Powered-By
X-Access
X-AWS-Id
X-No-Session
X-Content-Age
X-Labrador-Cache-Channel
X-PHP-Backend
X-AOL-HN
X-Mode
X-Human
X-Generated-By
X-Forwarded-Host
X-Format
X-Nginx-Cache-Key
X-Origin-Date
X-Say-Cacheable
X-Platform-Server
X-PERF
X-Debug-Cache
X-Cms-Context
X-Adobe-Source
Mn-Server-Ip
Locale
Eomportal-Instance
X-Akamai-Edgescape
X-ApacheServer
X-Say-TTL
X-Cache-Enabled
X-Be
X-Sorting-Hat-ShopId
X-SayCDN-TTL
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
X-Varnish-Cache-Hits
X-Origin-Hint
Webcakes-Region
TWC-Device-Class
Property-Id
X-UA-Device-Type
X-Storage
X-Site-Version
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Xfnlog-Site
X-VC-Cache
X-Uri
X-Sorting-Hat-PodId
TWC-Connection-Speed
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Locale
X-Generation-Time
X-Server-W
X-BYPASS-REASON
X-Varnishpool
X-Edge-Location
X-Web-Node
X-Cluster-Node
X-Cache-Host
Azure-RegionName
Azure-SiteName
Fastly-SSL
Azure-InstanceId
X-Zipkin-Id
X-Cache-Tags
Azure-SlotName
X-Tid
X-NewRelic-App-Data
X-Cache-Type
X-JoinUs
X-SaId
X-ProxyCache-Status
X-Routing-Service
X-Proxied
X-GG-Cache-Date
Azure-Version
X-Storefront-Renderer-Rendered
X-Detected-As
X-Extlb
X-GeoCountry
X-GeoCode
X-ProxyCache-Key
X-Hl-Ver
X-Handled-By
X-Timing-Wait
X-Proxy-Build
Selected-Fe
X-Proto
X-Backend-Name
CDN-RequestCountryCode
CDN-RequestId
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
X-ServerID
CDN-CachedAt
Cache-Tv-Group
CDN-Uid
X-CDN-Forward
ServedBy
Webserver
Fastly-Drupal-Html
Ec-Rule-Version
X-Dc
X-App-Version
Web-Mar-Node
X-LSADC-Cache
Onion-Location
X-GEO
X-IPLB-Request-ID
X-Magnolia-Registration
X-Cache-Action
X-Ratelimit-Limit
Cache-Hits
X-Tt-Logid
X-Cached-By
X-Varnish-Hostname
SID
X-Envoy-Decorator-Operation
X-Cache-Operation
X-Air-Hostname
SRV
X-Cache-Remote
X-Hyper-Cache
X-Air-Source
Mime-Version
X-Air-Trace-Id
LB
X-Varnish-Hits
X-Cluster
X-Fastcgi-Cache
X-Rewrite-Enabled
X-Cdn
X-Origin-TTL
X-Soup
X-Origin-CC
X-SRV
X-Rule
X-Parallel-Accel
Xet-Cookie
Xserver
Cache
Source
X-Microcachable
DB-Nickname
X-Accel-Buffering
Server-Info
Country-Code
X-Xrds-Location
X-Pubstack
X-MP-GENERATED-AT
X-TA-CDN-Provider
X-Tumblr-Pixel-2
X-Reqid
X-Via-NSCOPI
X-CSRF-Token
X-Buckets
X-Skip-Cache
X-Tumblr-Pixel-3
Decoy-Debug-TTL
X-Tx-Id
Decoy-Debug-Status
Decoy-Debug-Key
X-Endurance-Cache-Level
X-Cache-Status-Check
X-TT-LOGID
X-Request-Host
X-B3-SpanId
X-Origin-Response-Time
Odigeo-Trace-Id
X-A-Wwc
BehaviorPad-Version
Cache-Key
X-PBS-Appsvrname
X-CF-Lambda-Fn
Fastcgi-X-Cache-Version
X-Epic-Correlation-Id
X-PAYTM-SRV-ID
DynaTrace
X-ARC
X-Ec-Fail
X-Processor
X-Aed
X-AK-Request-ID
X-Application
X-User
X-Orig-Expires
X-Ec-GeoHdr
X-S
X-Cdn-Srv
X-Connection-Hash
X-Shop-Environment
MD5-Digest
X-ScT
X-Ig-Push-State
X-Geo-Header
X-Cache-NE
X-Conf
X-BCube-Filmed-By
X-Session-Fingerprint
X-NAPM-TraceId
Pramga
X-B-Cookie
A
Mobile-Detection-Method
X-Forwarded-Path
Host-ID
Meta-Geo-Continent
X-External-Request-Id
Candidate-Md5Url
X-Vdms-Path
X-S-Cookie
X-Vdms-Version
X-Destination
X-Developer
Datacenter
Cmsid
Cmstype
Cdncip
DCR-Decision-By
Sslversion
X-Rojux
T-Server
X-SRCache-Key
X-D
XM
DCR-Processing-Time-Ms
Surrogated-Key
X-VG-WebCache
X-A
X-Tenant
X-A-Dcw
Expiry
X-Vtex-Processado-Em
X-A-Dam
X-Amzn-RequestId
Lang
X-Vtex-Remote-Cache
Cdnsip
X-A-Dgt
Xc-Version
Rendered-Blocks
X-Amz-Apigw-Id
X-TIM-N
X-A-Ccd
X-CF-Lambda-Version
X-SD-PageType
X-Newrelic-Synthetics
X-Azure-Ref
X-Device-Os
X-DefElseHash
X-Esi-Check
Environment
X-Cache-Id
X-Core-Mission
Adler-Geo
X-Core-Value
X-DefHash
X-Developers
X-Varnish-Beresp-Grace
X-DPWN-IS-SECURE
Is-Eu
X-Fetched-On
AKAMAI
X-Origin-Expires
Producers
X-TNCMS
Server-Host
X-Wix-Viewer-Type
Platform
X-Ad-Defer-Variation
NM-Fastcgi-Cache
X-V-Cache
X-Gzip
Wxu-Next-Region
Wxu-Next-Hostname
X-SplitTest
X-SB
X-Worker
X-Scheme
State
Redirect-Candidate
Wxu-Next-Commit
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Ckpd-Fst-Backend
X-TrackingId
X-JWT-State
X-Varnish-Remaining-TTL
X-Origin
X-HS-Content-Campaign-Id
X-Has-Esi
X-Hash
X-Loop
X-Is-Gdpr
X-Variation
X-Bc-Bl
X-Varnish-CookieHashed-On
X-NodeID
X-Varnish-CookieINHashed-On
X-Time
Vix-Hermes-Req-Id
X-CacheTTL
X-Cache-Info
VNS-Age
V-Age
User-Cache-Control
We-Hiring
X-BBC-Edge-Cache-Status
X-Block-Status
X-Aicache-OS
X-Cache-Bucket
X-Cdn-Origin
X-Cache-Date
VNS-Cache
X-Irp-Debug
X-Thinkindot-L3
X-Rebelmouse-Surrogate-Control
X-Gdpr
X-VarnishDD-TTL
X-Sigma
X-Nyt-Route
X-Served-From
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-RCS-CacheZone
X-Origin-Time
X-Rebelmouse-Cache-Control
X-Amzn-Remapped-Content-Length
Traceparent
X-SIPLIST1
X-VServer
X-Sn-Servicetimems
X-Slack-Backend
X-WADP-Cache
Fastly-Backend-Name
X-Sigma-Backend
X-Request-URI
X-Region-Sid
X-Rocket-Build-Number
X-VG-TLSProxy
X-Rocket-Nginx-Serving-Static
X-Qloud-Router
X-Pool
X-Generated-On
X-Gen-Mode
X-GeoIP
X-GeoIP-City
X-HN
X-Gamma-Serve
X-Ftr-Request-Id
X-Ec-Custom-Error
X-Dispatcher-Number
X-Fastly-Cache
X-Fmm-Version
X-Forwarded-Site
X-Hnp-Log
X-LAGOON
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Platform
X-Policy
X-Node-Id
X-NCache
X-Loc
X-Level-Front-Cache
X-Minions-Version
X-Ms-Request-Id
X-Ms-Version
X-Clara-WADP
Thinkindot-CacheControl-Type
CloudFront-Viewer-Country
Machine
CPC-Age
CPC-Cache
Mail-Subject
Memcached
Origin-CC
NGX
N-Cache
L
Kp-EeAlive
Fastly-SIE
Fastly-GeoIP-CountryCode
Fastcgi-Cache-TTL
Fastly-SWR
HostName
X-EC-Lua
IsBot
X-Varnish-Ttl
Origin-EX
Origin
Server-Hostname
Server-Ext
Req-Svc-Chain
CDCHOST
Apple-News-Services-Host
Sever-Int
Apple-News-Services-Handled
X-AIR-PT
Release
Apple-News-Services-Parsed-Url
Thinkindot-CacheControl
Thinkindot-Control
TDXMobile
PFcat
Svr
Apple-News-Services-Request-Url
X-Datadog-Parent-Id
X-Scale
X-Datadog-Sampling-Priority
X-Wikidot-Static-Cache
DSUID
X-Wikidot-Backend
Cache-Name
Ohc-File-Size
Gh-Request-Id
Cluster
Web-Mar-Region
X-Eu-Site
X-Datadog-Trace-Id
HA-Ipaddr
X-Mvc-Supplant-Cachable
X-R9-Blue-Green-Version
X-Csrf-Jwt
X-Branch-Name
X-Optimistic-Header
X-ZONE
Ssr
X-Cache-Backend
X-Owner
X-Auto-Login
X-Proxy-Cache-Info
X-Pod-Name
X-Via-Ucdn
Ha-Gx-Prefs
X-WA-Info
X-Proxy-Upstream
L5d-Success-Class
X-CGP
X-Viewer-Country
X-Correlation-ID
CDN
Pics-Label
X-WP-CF-Super-Cache
X-CS
X-Micro-Cache
X-WP-CF-Super-Cache-Cache-Control
X-VC
X-Refresh
X-Httpd
Ngx.Var.Host
GEO-INFO
X-Server-IP
X-CACHE-KEY
X-URL
X-Ah-Environment
X-TIME
Path
X-LB-NoCache
Cache-Host
X-NC
Servername
X-Parent-Response-Time
Ms-Author-Via
Env
X-Webstats-RespID
X-Cache-ASPX
X-Proxy-CacheRZ
XkeyRZ
X-Servedbyhost
X-Contensis-Viewer-Groups
X-From
X-Tb-Optimization-Total-Bytes-Saved
X-Srv
X-Udemy-Cache-App-Namespace
X-Varnish-Authentication
X-Via-Poph
X-Via-Popv
X-Mvc-Supplant-OutputCached
X-Location
X-Via-Popn
X-Edge-Pop
X-RateLimit-Reset
X-Clientip
Lb
Memory
Locid
X-API-Version
X-TraceId
X-Generated-In
X-Amz-Meta-Cb-Modifiedtime
Time
Ohc-Cache-HIT
ITXSESSIONID
X-S-Maxage
X-Trace-ID
X-Men
X-Varnish-Beresp-TTL
Arc-Country
X-Response-By
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
X-Old-Content-Length
GeoIp-Country-Code
X-VCL-Version
X-RPS
X-RPM
X-RSL
True-Client-IP
X-DI
X-DSS
Client
X-Dmc
X-HA-Backend
X-DW
X-Date
X-DB
X-Accel-Expires-Debug
X-Vc
Server-ID
X-VHOST
X-Cs
X-DC
Geoip-Latitude
X-Fpc
X-MSEdge-Features
X-MSEdge-Flight
X-Tec-Api-Root
X-Tec-Api-Origin
X-Render-Time
X-TRACE-ID
X-DynaTrace-JS-Agent
X-Tec-Api-Version
X-Zone
Rip
X-Service
X-Presslabs-Stats
C-Via
X-INCAP-ABP
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Hostname
X-FireWall-Port
Tube-Got-Eval
X-Gateway-Cache-Key
FSS-Cache
Tube-Return
X-Gateway-Cache-Status
Tube-Got-Results
X-Gateway-Skip-Cache
Click-Count-Action-Start
Tube-Get-Contents
X-Cache-Debug
X-Gateway-Request-Id
Click-Count-Error
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
X-M-Reqid
Fusion-Content-Id
On-Server
NtCoent-Length
Powered-By
X-Qnm-Cache
X-M-Log
X-Api-Version
X-Webkit-Csp-Report-Only
X-TX-ID
X-PX
CacheControlHeader
X-B3-Spanid
HIT
Esi-Enabled
X-CSRF-TOKEN
X-Alfa-Service
X-TH-Server
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
Tcn
True-Client-Country-4JS
Test
Srv
X-Action
X-NGINX-Cache
X-FPC
X-Cdn-Request-ID
X-Backend-TTL
X-Traceid
Cdn
User-Agent
GeoIP-Latitude
OT-Force-Account-Verify
X-Beluga-Cache-Status
X-Beluga-Record
X-HS-Status
X-Check-Cacheable
X-Proxy-Cache-Hk
Edge-Cache
X-Beluga-Trace
Server-Id
X-Beluga-Response-Time
X-Beluga-Status
X-Vcl-Version
X-Beluga-Node
X-Esi
Geo-Info
X-Akamai-Pragma-Client-IP
X-Pass-Why
X-Varnish-Beresp-Ttl
DT-Hot-News
X-Req
GeoIP-Country-Code
X-Origin-Upstream-Status
Uri
My-App
X-App
Srvid
X-Ha-Backend
X-Via-PopN
X-Via-PopH
Resin-Trace
Proxy-Connection
X-Via-PopV
X-CLOUD-TRACE-CONTEXT
Sid
M-TraceId
Server-Ttl
MIME-Version
Cf-Int-Pingora-Origin-Digest
X-APP
X-Bip
X-Up
X-Thanos
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Epwk-X-Cache
X-ServedByHost
X-Hcs-Proxy-Type
X-Cdn-Forward
WebServer
X-Fastly-Backend-Reqs
True-Client-Ip
X-LB-ID
X-Edge-POP
X-Backend-Host
ENV
Warning
X-Provided-By
X-Lb-Nocache
X-Geo
X-Li-Fabric
ServerName
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-B3-Traceid-Primal
XServer
X-Request-Start
X-CACHE-AGE
X-HostName
X-Vercel-Id
X-Fetch-By
X-Webkit-CSP-Report-Only
CF-Cached-On
X-UnsetCookies
X-ElasticPress-Query
X-Vercel-Cache
X-Dw-Trace-Id
X-Akamai-Request-ID
Section-Io-Origin-Time-Seconds
X-HITS
Section-Io-Origin-Status
Section-Io-Id
PICS-Label
X-RAMCache
X-Serial
Section-Origin-Responded
X-Newrelic-App-Data
X-Nc
X-CF-Powered-By
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
X-Vcache
X-Varnish-Beresp-Status
X-ND-Cache
Magicmarker
X-Yottaa-OS
X-IN-APIGATEWAY
X-Request-Url
Dt-Hot-News
X-Time-Microsecs
D-Url-Rewrites
X-Iplb-Instance
X-CMSURLCustom
X-Cc-Via
WZWS-RAY
Inserted-Into-Cache-At
X-Iplb-Request-Id
X-IN-APIGATEWAYSSL
Cdn-Pullzone
X-Air-Pt
Cdn-Cache
Cdn-Uid
Cdn-Cachedat
Cdn-Edgestorageid
Cdn-Requestid
Cdn-Requestcountrycode
Wp-Super-Cache
Servedby
X-BBC-Origin-Response-Status
Hit
Vha6-Origin
Canary
CountryCode
X-Release
X-Snapshot-Date
X-LiteSpeed-Tag
X-MiniProfiler-Ids
Content-Style-Type
X-CUA
DataCenter
X-Azure-Ref-OriginShield
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
X-Dist-Code
Cf-Device-Type
X-Back
X-Wp-Cf-Super-Cache
X-Th-Server
X-Storefront-Renderer-Verified
X-Request-URL
Content-Script-Type