Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
X-Rq
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Server-Powered-By
X-Akamai-Path-Stats
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
X-LiteSpeed-Cache
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Nginx-Cache-Status
Allow
X-Cache-Spec
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-Response-Time
X-HW
Cf-Edge-Cache
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Trace
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Mod-Pagespeed
X-MS-InvokeApp
X-TtlSet
X-Rack-Cache
X-PC
X-Vname
X-Server-Name
X-Ruxit-JS-Agent
X-Clacks-Overhead
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-Content-Type
X-B3-TraceId
Accept-Ch
Cache-Tag
X-Vcap-Request-Id
X-ESI
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Amz-Rid
X-Amz-Server-Side-Encryption
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cnection
X-Ac
X-Px
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-Cache-TTL
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Ruxit-Js-Agent
X-Ser
Service-Worker-Allowed
X-Edge
X-Version
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Response
X-Middleton-Response
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-Correlation-Id
X-Webkit-Csp
X-Kinsta-Cache
AR-CACHE
AR-ATIME
AR-SID
X-TTL
AR-Request-ID
AR-PoweredBy
SPRequestDuration
SPIisLatency
X-Edge-Location-Klb
X-Upstream
X-Ttl
X-NWS-LOG-UUID
X-RateLimit-Limit
X-LLID
X-Cached
X-Cache-Key
X-Powered-CMS
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
Edge-Cache-Tag
X-Litespeed-Cache
SPRequestGuid
Nginx-Cache
X-SharePointHealthScore
TCN
X-Forwarded-For
Mrf-Cache-Status
MRF-Tech
X-MSEdge-Ref
Content-MD5
X-Id
MS-Author-Via
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Daa-Tunnel
X-T
X-B3-TraceId-Primal
X-Recruiting
S
X-Content-Digest
X-Mg-S
X-Ua-Device
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Protected-By
X-DataDome
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Frontend
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Accel-Expires
X-Content
Server-Node
X-Ab
X-Ua-Browser
Front-End-Https
X-Request-Received
X-Request-Processing-Time
X-Grace
X-Yandex-Sdch-Disable
Filters
X-Server-ID
X-ECACHE
X-Mid
Fastcgi-Cache
X-PressLabs-Stats
X-Hits
X-Origin-Server
X-DynaTrace
TP-Cache
TP-L2-Cache
X-Geo-Country
X-Distributor
X-ORACLE-DMS-ECID
X-Debug-Info
X-ORACLE-DMS-RID
X-Ratelimit-Reset
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Pinterest-Rid
X-Tt-Trace-Host
Charset
Pinterest-Generated-By
Pinterest-Version
Cleartype
Host
X-Page-Id
X-DIS-Request-ID
X-Git-Hash
X-F-Cache
X-Request-Handler-Origin-Region
X-B3-Sampled
X-Microsite
Cross-Origin-Opener-Policy
X-Www-Served-By
X-LB-Cache
Access-Control-Allow-Method
X-Forwarded-Proto
X-Cache-Age
ServerID
Cache-Tags
X-Seen-By
X-AppVersion
X-Activity-Id
X-Az
X-Aspnetmvc-Version
X-Oracle-Dms-Ecid
X-Cluster-Name
Cache-Status
Accept-Charset
X-WebKit-CSP-Report-Only
X-Varnish-Age
X-Oracle-Dms-Rid
Realpath
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Language
Filterid
X-Rid
Server-Name
X-Type
X-Content-Options
X-App-Environment
X-Nginx-Upstream-Cache-Status
X-Upgrade-Enabled
Country
Node
X-Fastly-Request-ID
Viewport
X-Oneagent-Js-Injection
X-Mobile-URL
X-User-Agent
X-MCACHE
X-Origin-Cache
X-Tb
X-NWS-UUID-VERIFY
X-Request-Guid
Paypal-Debug-Id
X-Route-Name
X-Wix-Request-Id
X-Varnish-Grace
Retry-After
X-Providence-Cookie
DC
X-Whom
X-Aspnet-Duration-Ms
X-Signature
X-B-Cache
X-FB-Debug
X-Drupal-Cache-Tags
X-Flags
X-Is-Crawler
X-TT
Protected
X-VCache
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Varnish-Backend
Fastcgi-Useragent
X-Via-JSL
X-XRDS-LOCATION
X-Cache-NGX
X-B
X-Fastcgi-Cache
X-Amz-Replication-Status
X-Debug
Payment
X-Contextid
X-XRDS-Location
X-N
X-Logged-In
X-Mcache
WPO-Cache-Status
X-Load-Cache
WPO-Cache-Message
Surrogate-Key
X-Template
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-FW-Type
X-FW-Static
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Request-Id
X-Cache-Control
Count-Hit
X-Amz-Meta-S3cmd-Attrs
X-Hostname
X-Node-Name
Healthy
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
Content-Disposition
Refresh
Akamai-GRN
X-Proxy
VIX-Pulpo-Node
X-Jobs
X-G
X-UUID
X-Rendered-As
X-Zen-Fury
X-Revision
X-Real-IP
X-Is-Bot
VIX-Pulpo-Upstream-Status
X-Cache-TTL-Remaining
X-Akamai-Request-ID2
X-Cacheable-TTL
X-Framework
X-Cache-Time
X-Page-View
X-Adobe-Content
X-Http-Reason
X-Mobile
X-Adobe-Loc
Uber-Trace-Id
X-Instance
X-Yottaa-Metrics
Permissions-Policy
Alternate-Protocol
X-Yottaa-Optimizations
X-Debug-IsPreview
X-Debug-IsConnected
NGB
X-Proxy-Cache-Status
X-Trace-Id
X-Drupal-Cache-Contexts
X-Device-Type
Access-Control-Request-Headers
Url
X-IPLB-Instance
X-Source
X-Servername
X-ECache
X-B3-Traceid
From-Origin
X-Parallel-Accel
X-Cache-Grace
X-Cache-Rule
Version
X-Vgn-Hpd-Reason
X-Varnish-Server
X-Mg-Request-UUID
Accept-Language
X-Cache-Hit
X-Environment-Context
X-L-Path
X-Restarts
X-Cache-Expired-At
X-NGENIX-Cache
X-EdgeConnect-Cache-Status
Countrycode
Referer-Policy
MS-CV
Ms-Operation-Id
X-RTag
X-App-Server
X-FW-Version
Cross-Origin-Window-Policy
X-HTML-Minification-Powered-By
X-Tumblr-Pixel
X-Tumblr-User
X-NYM-Debug-Backend
Liferay-Portal
Frame-Options
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-APP-VERSION
X-Tumblr-Pixel-1
X-COUNTRY
Backend
X-Cache-Action
X-Nginx-Cache
X-Datadome
Content-Secure-Policy
X-ProcessESI
X-RemovedCookies
CF-IPCountry
WP-Super-Cache
Meta-Geo
Section-Io-Cache
X-OCL
X-PCL
X-RN-RSRV
X-Cache-Server
X-Redis-Cache
X-UPSTREAM-Address
X-Detected-As
Upgrade-Insecure-Requests
X-Format
X-Generation-Time
X-Access
X-FB-TRIP-ID
X-No-Session
X-Content-Age
X-Section
X-Hyper-Cache
X-Cache-Enabled
Ec-Rule-Version
Fastly-SSL
X-Ua
Cache-Tv-Group
Apigw-Requestid
X-Hosted-By
X-Mode
Webserver
S-Rt
Webcakes-App-Name
X-Generated-By
Property-Id
Webcakes-App-Version
Locale
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
X-Be
X-ApacheServer
Webcakes-Region
TWC-Connection-Speed
TWC-Device-Class
X-Cluster-Node
Azure-Version
Azure-SiteName
Azure-SlotName
TWC-GeoIP-LatLong
X-AOL-HN
X-Origin-Date
Azure-InstanceId
X-Urbn-Site-Id
X-Uri
X-Via-Fastly
X-Human
X-Region
X-Storage
X-UA-Device-Type
X-Varnish-Cache-Hits
X-Web-Node
X-Ratelimit-Remaining
X-SayCDN-TTL
X-Request-Time
X-Say-Cacheable
X-Say-TTL
X-Urbn-Context-Path
Azure-RegionName
X-Sql-Count
X-Site-Version
X-PERF
X-PHP-Backend
X-Sql-Duration-Ms
X-Origin-Hint
X-Content-Powered-By
X-Akamai-Edgescape
CDN-Uid
CDN-RequestCountryCode
X-Status
X-Adobe-Source
CDN-PullZone
CDN-RequestId
X-ProxyCache-Key
Mn-Server-Ip
X-Platform-Server
X-Webkit-CSP
X-ProxyCache-Status
Eomportal-Instance
X-Nginx-Cache-Key
CDN-CachedAt
X-Server-W
CDN-EdgeStorageId
X-Debug-Cache
CDN-Cache
X-Xfnlog-Site
X-Cache-Tags
X-Cache-Host
X-Unique-Id
X-BYPASS-REASON
X-Forwarded-Host
X-Routing-Service
X-Sorting-Hat-ShopId
X-Tid
X-Proxied
X-Extlb
X-SaId
X-JoinUs
X-Varnishpool
X-Zipkin-Id
X-ShardId
X-ServerID
X-Cache-Type
X-ShopId
X-Alternate-Cache-Key
X-Handled-By
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Hl-Ver
X-Backend-Name
X-Rule
X-NewRelic-App-Data
X-GG-Cache-Date
X-Timing-Wait
X-TT-LOGID
X-Proxy-Build
X-Labrador-Cache-Channel
X-Locale
Selected-Fe
X-PHP-Host
ServedBy
X-Accel-Buffering
X-Cache-Operation
X-LJ-Flow-ID
X-VWS-Id
X-VC-Cache
X-AWS-Id
X-Cache-Remote
X-Midtier
X-LSADC-Cache
X-Rewrite-Enabled
SID
X-Edge-Location
Xserver
X-Cached-By
X-CDN-Forward
X-Soup
X-Dc
X-Cms-Context
X-Proto
SRV
X-Pubstack
X-TA-CDN-Provider
X-Storefront-Renderer-Rendered
Web-Mar-Node
Fastly-Drupal-Html
Mime-Version
X-Reqid
X-Buckets
X-GEO
Onion-Location
Country-Code
Decoy-Debug-TTL
X-Request-Host
X-GeoCountry
X-GeoCode
Decoy-Debug-Key
Decoy-Debug-Status
Load-Balancing
LB
X-Varnish-Hostname
X-Microcachable
X-Ratelimit-Limit
Cache-Hits
X-Origin-CC
X-Origin-TTL
Server-Info
X-Cluster
Xet-Cookie
X-App-Version
X-Tumblr-Pixel-3
X-Varnish-Hits
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Ms-Version
X-Ms-Request-Id
X-Envoy-Decorator-Operation
X-SRV
X-Magnolia-Registration
X-NCache
X-Amzn-RequestId
X-CSRF-Token
DynaTrace
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Amz-Apigw-Id
X-B3-SpanId
X-Bc-Bl
X-Endurance-Cache-Level
X-Tx-Id
X-RCS-CacheZone
X-TIM-N
X-User
X-Destination
X-Developer
X-D
X-CF-Lambda-Fn
X-Cdn-Srv
X-Cache-NE
X-CF-Lambda-Version
X-Conf
X-Connection-Hash
A
X-Ec-Fail
X-Ec-GeoHdr
X-Ftr-Request-Id
X-From
X-Geo-Header
X-VG-WebCache
X-TrackingId
X-SRCache-Key
X-Tenant
X-Forwarded-Path
X-Webstats-RespID
BehaviorPad-Version
X-Epic-Correlation-Id
X-Esi-Check
X-External-Request-Id
X-R9-Blue-Green-Version
X-Cache-Id
Host-ID
X-A
Lang
X-A-Ccd
X-A-Dam
X-A-Dgt
X-A-Dcw
Meta-Geo-Continent
Mobile-Detection-Method
Sslversion
Pramga
Odigeo-Trace-Id
Surrogated-Key
T-Server
NM-Fastcgi-Cache
X-A-Wwc
X-Aed
Cmstype
DB-Nickname
Cmsid
Cdnsip
X-Cache-Bucket
Cdncip
DCR-Decision-By
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-AK-Request-ID
Expiry
X-Application
X-B-Cookie
X-ARC
X-Gzip
X-Vtex-Processado-Em
X-Ig-Push-State
Rendered-Blocks
X-PBS-Appsvrname
X-HS-Content-Campaign-Id
X-NAPM-TraceId
X-Vdms-Path
X-Time
X-PAYTM-SRV-ID
X-LAGOON
X-ScT
X-SD-PageType
Cache-Name
X-NodeID
X-Orig-Expires
X-Varnish-Beresp-Grace
X-Origin-Response-Time
X-Vtex-Remote-Cache
X-Processor
Xc-Version
X-Shop-Environment
X-Session-Fingerprint
X-Rojux
X-S
X-Vdms-Version
X-S-Cookie
X-ZONE
X-Varnish-Ttl
Source
X-Azure-Ref
X-Origin
X-RateLimit-Remaining-Second
X-Origin-Expires
X-Amzn-Remapped-Content-Length
State
X-RateLimit-Limit-Second
X-Nyt-Route
X-SVT-ORM-RULES
X-Core-Mission
User-Cache-Control
X-SB
Server-Host
Vix-Hermes-Req-Id
We-Hiring
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Wxu-Next-Region
X-Planisys-CDN-TTL
X-Cache-Info
X-Request-URI
V-Age
Web-Mar-Region
X-Origin-Time
Wxu-Next-Commit
Wxu-Next-Hostname
X-Varnish-CookieHashed-On
Svr
X-Server-IP
X-WADP-Cache
X-Fastly-Cache
X-Node-Id
X-Scheme
X-Wix-Viewer-Type
X-Varnish-Remaining-TTL
X-Hnp-Log
X-Hash
X-Varnish-CookieINHashed-On
X-Fmm-Version
X-Viewer-Country
X-VG-TLSProxy
MD5-Digest
X-Variation
X-Worker
X-Has-Esi
X-Slack-Backend
X-Gdpr
X-Gen-Mode
X-DPWN-IS-SECURE
X-V-Cache
X-GeoIP
X-Ec-Custom-Error
X-Fetched-On
X-Ckpd-Fst-Backend
X-Device-Os
X-Location
X-Cache-Backend
X-Mvc-Supplant-Cachable
X-Loop
X-Clara-WADP
X-JWT-State
X-DefHash
Fastly-GeoIP-CountryCode
X-Developers
X-DefElseHash
X-Irp-Debug
X-Core-Value
X-Is-Gdpr
X-TNCMS
X-Block-Status
Platform
Machine
X-SVT-ORM-VERSION
Is-Eu
Environment
CDN
Apple-News-Services-Handled
Cache
Mail-Subject
Apple-News-Services-Host
Apple-News-Services-Request-Url
Adler-Geo
AKAMAI
Producers
Apple-News-Services-Parsed-Url
X-Eu-Site
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Sn-Servicetimems
X-Pool
TDXMobile
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Rocket-Build-Number
X-Via-NSCOPI
X-VarnishDD-TTL
X-Csrf-Jwt
Ssr
X-Forwarded-Site
Thinkindot-CacheControl
X-GeoIP-City
X-Platform
X-Cache-Date
X-BBC-Edge-Cache-Status
X-Pod-Name
X-Level-Front-Cache
Redirect-Candidate
X-CacheTTL
X-Minions-Version
X-Men
X-Dispatcher-Number
X-Policy
X-Proxy-Cache-Info
X-Region-Sid
Traceparent
X-Generated-On
X-Gamma-Serve
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Httpd
X-Proxy-Upstream
X-Qloud-Router
X-HN
X-Loc
X-Datadog-Trace-Id
Kp-EeAlive
X-CGP
L
PFcat
Gh-Request-Id
Fastly-SWR
Fastly-SIE
Req-Svc-Chain
X-Auto-Login
X-VServer
Fastcgi-Cache-TTL
Ha-Gx-Prefs
HA-Ipaddr
Origin-EX
Origin-CC
X-Skip-Cache
N-Cache
Release
Origin
Memcached
X-Sigma-Backend
L5d-Success-Class
X-Thinkindot-L3
Locid
X-Sigma
X-Aicache-OS
CloudFront-Viewer-Country
X-Rocket-Nginx-Serving-Static
CDCHOST
X-Cdn-Origin
Arc-Country
Cluster
X-Served-From
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
IsBot
X-Branch-Name
Server-Hostname
X-SIPLIST1
X-Optimistic-Header
Server-Ext
X-Parent-Response-Time
NGX
X-Old-Content-Length
Sever-Int
DSUID
X-Response-By
X-Scale
X-Via-Ucdn
X-EC-Lua
HostName
X-WP-CF-Super-Cache-Cache-Control
X-IPLB-Request-ID
X-RPM
X-DW
Pics-Label
X-Owner
X-DSS
X-DB
X-DI
X-RSL
X-WP-CF-Super-Cache
X-NC
X-CS
X-Srv
X-Refresh
X-RPS
X-TraceId
X-VC
Ohc-File-Size
Servername
X-Newrelic-Synthetics
X-Tt-Logid
Env
X-Date
X-Tb-Optimization-Total-Bytes-Saved
X-LB-NoCache
X-Accel-Expires-Debug
X-Ah-Environment
X-TIME
Ms-Author-Via
X-BCube-Filmed-By
X-Wikidot-Backend
X-Generated-In
X-GeoIP-Region-Code
X-Wikidot-Static-Cache
X-GeoIP-Country-Code
AMP-Access-Control-Allow-Source-Origin
Datacenter
X-Ad-Defer-Variation
Memory
X-Amz-Meta-Cb-Modifiedtime
Candidate-Md5Url
Time
X-Mvc-Supplant-OutputCached
Cache-Key
X-Udemy-Cache-App-Namespace
X-Akamai-Transformed
X-Edge-Pop
XM
VNS-Age
Geo-Info
CPC-Age
VNS-Cache
X-Cache-Debug
CPC-Cache
GEO-INFO
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Xrds-Location
X-WA-Info
X-API-Version
X-Servedbyhost
Fastly-Backend-Name
X-Via-Popv
X-Via-Popn
X-Via-Poph
ITXSESSIONID
X-SplitTest
X-Varnish-Authentication
X-Cache-Status-Check
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-S-Maxage
GeoIp-Country-Code
Path
X-HA-Backend
X-Micro-Cache
X-Trace-ID
CacheControlHeader
X-RateLimit-Reset
True-Client-Country-4JS
Client
X-Action
X-VCL-Version
X-AIR-PT
X-CACHE-KEY
X-DC
X-TH-Server
X-Backend-TTL
X-Vc
Cache-Host
Lb
Geoip-Latitude
Server-ID
Ohc-Cache-HIT
Hostname
X-VHOST
X-Cs
Ngx.Var.Host
FSS-Cache
True-Client-IP
X-Req
Edge-Cache
X-Presslabs-Stats
X-Varnish-Beresp-TTL
X-Api-Version
XkeyRZ
X-Fpc
X-Provided-By
X-Clientip
X-Proxy-CacheRZ
My-App
X-Webkit-Csp-Report-Only
X-FireWall-Port
Powered-By
NtCoent-Length
X-Pass-Why
X-TX-ID
X-Zone
X-Origin-Upstream-Status
X-Traceid
X-Varnish-Beresp-Ttl
X-PX
X-Up
X-B3-Spanid
X-CSRF-TOKEN
Test
X-FPC
X-LB-ID
Cf-Int-Pingora-Origin-Digest
DataCenter
X-NGINX-Cache
X-Cdn-Request-ID
X-Esi
X-MSEdge-Features
X-MSEdge-Flight
X-Dynatrace
X-Dmc
X-Correlation-ID
User-Agent
X-Render-Time
X-HS-Status
X-Li-Fabric
X-Li-Pop
X-Beluga-Cache-Status
X-Beluga-Node
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Response-Time
X-Beluga-Record
X-Webkit-CSP-Report-Only
X-LI-UUID
X-INCAP-ABP
X-UnsetCookies
Server-Id
OT-Force-Account-Verify
Rip
Proxy-Connection
WZWS-RAY
C-Via
X-Vcl-Version
X-ND-Cache
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-B3-Traceid-Primal
X-Via-PopH
X-Gateway-Cache-Key
X-Via-PopN
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Service
X-Time-Microsecs
X-URL
X-Alfa-Service
X-Gateway-Request-Id
GeoIP-Latitude
X-Ha-Backend
X-Via-PopV
X-RAMCache
Tube-Got-Eval
X-CUA
Tube-Get-Contents
Srvid
Tube-Got-Results
Click-Count-Error
Click-Count-Action-Start
Tube-Return
X-Geo
X-Fragments
GeoIP-Country-Code
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
Uri
X-ServedByHost
Tracecode
Sid
Target-Params
Cf-Device-Type
MIME-Version
X-Akamai-Pragma-Client-IP
X-CCDN-Origin-Time
X-Var-Ttl
X-CCDN-CacheTTL
Epwk-X-Cache
X-Hcs-Proxy-Type
HIT
On-Server
Esi-Enabled
X-DynaTrace-JS-Agent
Lfy
X-Fastly-Backend-Reqs
X-Fetch-By
Resin-Trace
X-ATG-Version
X-FC-Vary-Parameters
X-Fastly-Backend
X-Proxy-Cache-Hk
X-Azure-Ref-OriginShield
X-Sucuri-Cache
X-M-Log
X-M-Reqid
X-LI-Proto
Srv
X-Qnm-Cache
X-Sucuri-ID
X-TRACE-ID
Fastly-Drupal-HTML
X-Backend-Host
X-Edge-POP
ENV
X-Cdn-Forward
X-LiteSpeed-Cache-Control
Cdn
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
XServer
Section-Origin-Responded
Magicmarker
X-Cache-Expires
X-App
X-NU-AKA-ACS-Version
X-Li-Proto
X-Backend-State
X-Varnish-Beresp-Status
X-APP
Section-Io-Id
X-MG-S
X-Srcache-Store-Status
X-Srcache-Fetch-Status
PICS-Label
Inserted-Into-Cache-At
X-Yottaa-OS
X-Newrelic-App-Data
X-ElasticPress-Query
CF-Cached-On
ServerName
Tcn
X-Lb-Nocache
X-Serial
X-Iplb-Instance
Wpo-Cache-Message
X-Acquia-Application-Trace
X-Cache-CFC
X-Nc
Server-Ttl
D-Url-Rewrites
X-Request-Start
Cf-Ipcountry
X-Acquia-Site
X-Acquia-Purge-Tags
Wpo-Cache-Status
X-Iplb-Request-Id
X-Acquia-Application-UUID
X-Vcache
X-HostName
Warning
Servedby
True-Client-Ip
X-Vercel-Cache
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Hit
X-Vercel-Id
X-Swift-Error
X-Thanos
Fastcgi-Cache-Ttl
X-Shopify-Generated-Cart-Token
X-CF-Powered-By
Ngx
X-Dw-Trace-Id
Cneonction
Content-Script-Type
CountryCode
X-Snapshot-Date
X-Release
X-Request-Url
X-Dist-Code
Content-Style-Type
X-Back
X-IN-APIGATEWAYSSL
X-Request-URL
X-IN-APIGATEWAY
X-LiteSpeed-Tag
X-Bip
X-BBC-Origin-Response-Status
X-Th-Server
X-Litespeed-Cache-Control
X-Storefront-Renderer-Verified
X-B3-Parentspanid