Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
CF-RAY
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
P3p
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Dispatcher
EagleEye-TraceId
X-Akamai-Path-Stats
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Cache-Spec
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Page-Speed
Allow
X-Host
X-Node
X-Pingback
X-Aws-Lambda-Call-Status
X-Server-Id
X-CST
Surrogate-Control
Accept-CH
X-Backend-Server
Request-Id
X-Akam-SW-Version
X-Readtime
X-HW
X-Cache-Lookup
X-Response-Time
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Cf-Edge-Cache
X-Url
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-MS-InvokeApp
X-Rack-Cache
X-Server-Name
X-Ruxit-JS-Agent
X-Clacks-Overhead
RTSS
Edge-Control
X-ESI
X-Varnish-TTL
X-Content-Type
X-B3-TraceId
X-VARITI-CCR
X-Vcap-Request-Id
Cache-Tag
X-Px
X-Use-Magma
X-Amz-Rid
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Ac
Public-Key-Pins
X-Cnection
X-Dw-Request-Base-Id
X-Amz-Server-Side-Encryption
X-Element-Page-Cache
Accept-Ch
X-D2id
Verso
X-RateLimit-Remaining
X-Navigation-Version
X-Abt-Application-Version
X-Cache-TTL
X-Client-IP
X-Powered-By-Plesk
Service-Worker-Allowed
X-Ruxit-Js-Agent
X-Ser
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Country-Code
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Version
X-Edge
X-FastCGI-Cache
Access-Control-Request-Method
X-Middleton-Response
X-NF-Request-ID
Response
X-Goog-Hash
X-Correlation-Id
AR-ATIME
AR-PoweredBy
AR-SID
X-Upstream
AR-CACHE
AR-Request-ID
X-Webkit-Csp
X-Kinsta-Cache
X-TTL
X-Edge-Location-Klb
X-Ttl
SPIisLatency
SPRequestDuration
X-Cached
X-NWS-LOG-UUID
X-LLID
X-Cache-Key
Nginx-Cache
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-RateLimit-Limit
X-Litespeed-Cache
X-Powered-CMS
Edge-Cache-Tag
TCN
MS-Author-Via
X-SharePointHealthScore
MRF-Tech
X-Forwarded-For
Mrf-Cache-Status
SPRequestGuid
X-MSEdge-Ref
Content-MD5
X-Id
X-Shield-Request-Id
X-B3-TraceId-Primal
X-Content-Security-Policy-Report-Only
X-T
X-Daa-Tunnel
X-Recruiting
S
X-Mg-S
X-Ua-Device
X-Protected-By
X-Content-Digest
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-DataDome
X-Frontend
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
Server-Node
X-Ab
X-Yandex-Sdch-Disable
X-Ua-Browser
X-Content
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
Front-End-Https
X-Grace
Filters
X-ORACLE-DMS-ECID
X-Server-ID
X-Accel-Expires
X-ECACHE
X-ORACLE-DMS-RID
X-Mid
Fastcgi-Cache
X-Geo-Country
X-Pinterest-Rid
X-Origin-Server
Pinterest-Generated-By
Pinterest-Version
X-PressLabs-Stats
TP-Cache
TP-L2-Cache
X-Distributor
X-Debug-Info
X-Hits
Charset
X-Tt-Trace-Host
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Ratelimit-Reset
Cleartype
Host
X-DIS-Request-ID
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Www-Served-By
X-Git-Hash
X-Page-Id
X-F-Cache
X-DynaTrace
X-Forwarded-Proto
Cache-Tags
X-LB-Cache
ServerID
Access-Control-Allow-Method
X-Cache-Age
X-Microsite
X-Kong-Upstream-Latency
X-Aspnetmvc-Version
X-Language
X-Kong-Proxy-Latency
X-Request-Handler-Origin-Region
X-Seen-By
X-Cluster-Name
Server-Name
X-Az
X-AppVersion
X-Activity-Id
X-Varnish-Age
Accept-Charset
Realpath
X-WebKit-CSP-Report-Only
Cache-Status
X-Rid
Filterid
X-Type
X-Content-Options
X-Mobile-URL
X-Fastcgi-Cache
X-App-Environment
X-Origin-Cache
X-Upgrade-Enabled
X-Oracle-Dms-Ecid
X-Via-JSL
X-Oracle-Dms-Rid
Node
Country
X-XRDS-LOCATION
X-FB-Debug
X-User-Agent
Viewport
X-Tb
X-MCACHE
X-Varnish-Grace
Paypal-Debug-Id
DC
X-Drupal-Cache-Tags
X-Whom
X-TT
X-Signature
X-Wix-Request-Id
Protected
X-B-Cache
X-NWS-UUID-VERIFY
X-Nginx-Upstream-Cache-Status
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Storage-Class
X-VCache
X-Varnish-Backend
Retry-After
X-Is-Crawler
X-Route-Name
X-Aspnet-Duration-Ms
X-Flags
X-Providence-Cookie
X-Request-Guid
X-Oneagent-Js-Injection
X-Cache-NGX
Fastcgi-Useragent
X-Fastly-Request-ID
X-Amz-Replication-Status
X-Fastly-Request-Id
Payment
X-B
X-Contextid
X-Debug
X-Template
X-N
X-Logged-In
X-Load-Cache
X-FW-Serve
X-FW-Dynamic
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Server
X-Webkit-CSP
WPO-Cache-Message
WPO-Cache-Status
Surrogate-Key
X-Hostname
X-Cache-Control
X-XRDS-Location
X-Parallel-Accel
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Node-Name
Count-Hit
X-Mcache
X-Erf-Bev-Bev
Amp-Access-Control-Allow-Source-Origin
X-Original-Request-Id
X-Response-Served-From
SD-X-WS
Akamai-GRN
Refresh
X-Proxy
Healthy
X-Cache-Time
X-Revision
X-Amz-Meta-S3cmd-Attrs
X-G
Uber-Trace-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Jobs
X-Mobile
X-Framework
X-Real-IP
X-Akamai-Request-ID2
X-Zen-Fury
X-UUID
X-Cache-TTL-Remaining
X-Device-Type
X-Yottaa-Optimizations
X-Proxy-Cache-Status
Content-Disposition
X-Is-Bot
X-Yottaa-Metrics
X-Rendered-As
X-Debug-IsPreview
X-Debug-IsConnected
NGB
X-Drupal-Cache-Contexts
X-Cacheable-TTL
Access-Control-Request-Headers
X-Http-Reason
X-Instance
X-Cache-Rule
X-Adobe-Content
From-Origin
X-Vgn-Hpd-Reason
X-Trace-Id
Alternate-Protocol
X-Adobe-Loc
X-IPLB-Instance
X-Source
X-Page-View
Url
X-B3-Traceid
Version
X-Servername
X-Cache-Expired-At
X-Cache-Grace
Permissions-Policy
X-Varnish-Server
Accept-Language
X-Cache-Hit
X-L-Path
Referer-Policy
X-Environment-Context
X-Mg-Request-UUID
X-EdgeConnect-Cache-Status
X-App-Server
X-FW-Version
X-RTag
Countrycode
X-Restarts
MS-CV
Ms-Operation-Id
Cross-Origin-Window-Policy
X-NGENIX-Cache
X-Cache-Action
X-IPS-LoggedIn
X-ECache
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-COUNTRY
Backend
Liferay-Portal
X-NYM-Debug-Backend
X-RemovedCookies
X-ProcessESI
X-Nginx-Cache
CF-IPCountry
Frame-Options
Content-Secure-Policy
X-Hyper-Cache
X-HTML-Minification-Powered-By
X-Rule
X-Cache-Server
WP-Super-Cache
Upgrade-Insecure-Requests
Meta-Geo
X-OCL
X-PCL
Ec-Rule-Version
X-UPSTREAM-Address
X-Ratelimit-Remaining
X-RN-RSRV
X-Section
X-FB-TRIP-ID
X-Ua
X-Redis-Cache
X-Access
X-Cluster-Node
X-Cache-Enabled
Cache-Tv-Group
X-Generation-Time
Apigw-Requestid
X-Format
X-No-Session
Webcakes-App-Version
X-ApacheServer
X-Server-W
X-Mode
S-Rt
Webcakes-Region
X-AOL-HN
X-Varnish-Cache-Hits
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-InstanceId
X-UA-Device-Type
X-Region
X-PERF
X-Storage
X-Via-Fastly
X-Uri
X-Origin-Hint
X-Akamai-Edgescape
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Request-Time
Property-Id
X-Unique-Id
TWC-Connection-Speed
X-Origin-Date
X-PHP-Backend
TWC-Device-Class
Azure-RegionName
Mn-Server-Ip
TWC-Locale-Group
Webcakes-App-Name
Section-Io-Cache
TWC-Privacy
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-Say-Cacheable
X-Status
X-Xfnlog-Site
X-Urbn-Context-Path
X-ProxyCache-Key
X-Human
X-Hosted-By
X-Generated-By
X-Nginx-Cache-Key
X-Be
X-Forwarded-Host
X-Say-TTL
X-ProxyCache-Status
X-SayCDN-TTL
CDN-Uid
X-Cache-Type
Eomportal-Instance
Fastly-SSL
Locale
X-Content-Powered-By
CDN-RequestId
CDN-RequestCountryCode
Webserver
X-Web-Node
CDN-PullZone
X-Debug-Cache
X-BYPASS-REASON
X-Site-Version
X-Urbn-Site-Id
X-Cache-Host
X-JoinUs
X-Platform-Server
X-Proxied
X-Hl-Ver
X-Extlb
X-Backend-Name
X-Cache-Tags
X-Detected-As
X-Routing-Service
X-SaId
X-Tid
X-Varnishpool
X-Zipkin-Id
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ServerID
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Content-Age
X-Accel-Buffering
X-Sql-Duration-Ms
X-Sql-Count
X-Cache-Operation
ServedBy
X-Adobe-Source
X-Proxy-Build
Selected-Fe
X-NewRelic-App-Data
X-Timing-Wait
X-TT-LOGID
X-Cache-Remote
X-Handled-By
X-GG-Cache-Date
X-PHP-Host
X-Labrador-Cache-Channel
X-Locale
X-Datadome
X-Rewrite-Enabled
X-APP-VERSION
X-Dc
Xserver
X-LSADC-Cache
SID
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-Soup
X-VC-Cache
SRV
X-Pubstack
X-App-Version
X-CDN-Forward
X-Buckets
LB
X-Cached-By
Country-Code
X-Edge-Location
X-Proto
X-Reqid
Web-Mar-Node
X-Storefront-Renderer-Rendered
Mime-Version
Fastly-Drupal-Html
X-Microcachable
X-Ratelimit-Limit
Decoy-Debug-Key
Onion-Location
Decoy-Debug-Status
X-Request-Host
Decoy-Debug-TTL
X-GEO
Server-Info
X-Cms-Context
X-Varnish-Hostname
X-Origin-CC
X-Origin-TTL
X-TA-CDN-Provider
X-Ms-Request-Id
X-Ms-Version
Xet-Cookie
Cache-Hits
X-Tumblr-Pixel-3
X-NCache
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-GeoCode
X-B3-SpanId
X-GeoCountry
Load-Balancing
X-CSRF-Token
X-Cluster
DynaTrace
X-Bc-Bl
X-Varnish-Hits
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Midtier
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
Cache-Name
X-Varnish-Beresp-Grace
X-R9-Blue-Green-Version
X-Envoy-Decorator-Operation
X-RCS-CacheZone
X-Azure-Ref
X-Endurance-Cache-Level
Cmstype
X-Hash
X-NAPM-TraceId
Cmsid
X-Orig-Expires
Cdnsip
X-NodeID
X-Men
DB-Nickname
X-Vdms-Path
Expiry
X-Ig-Push-State
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
DCR-Decision-By
X-HS-Content-Campaign-Id
Host-ID
Cdncip
X-Shop-Environment
X-Session-Fingerprint
A
X-SRCache-Key
X-Tenant
X-User
X-TrackingId
X-TIM-N
BehaviorPad-Version
X-SD-PageType
X-Rojux
X-Processor
X-PBS-Appsvrname
X-S
X-Gzip
X-ScT
X-S-Cookie
X-PAYTM-SRV-ID
Meta-Geo-Continent
X-Esi-Check
X-Cache-NE
X-Cdn-Srv
X-Webstats-RespID
Xc-Version
X-Cache-Id
X-Application
X-External-Request-Id
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebCache
X-Connection-Hash
X-D
X-Destination
X-AK-Request-ID
X-Aed
Rendered-Blocks
Sslversion
Surrogated-Key
T-Server
Pramga
Odigeo-Trace-Id
X-Epic-Correlation-Id
Mobile-Detection-Method
NM-Fastcgi-Cache
X-Geo-Header
X-A
X-Vdms-Version
X-From
X-Forwarded-Path
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-A-Dam
X-Ftr-Request-Id
Lang
X-Conf
X-SRV
X-Magnolia-Registration
X-Via-NSCOPI
X-Origin-Response-Time
X-Location
X-Node-Id
Platform
X-Mvc-Supplant-Cachable
X-Varnish-Ttl
Server-Host
X-LAGOON
Producers
X-Nyt-Route
X-Origin
Is-Eu
X-Request-URI
Fastly-GeoIP-CountryCode
X-Cache-Backend
Machine
X-Origin-Expires
X-Origin-Time
Mail-Subject
State
Svr
X-Core-Value
X-DefElseHash
X-DefHash
X-Device-Os
X-Core-Mission
X-Amzn-Remapped-Content-Length
X-Cache-Info
X-Ckpd-Fst-Backend
X-Clara-WADP
X-DPWN-IS-SECURE
We-Hiring
X-Gdpr
X-GeoIP
X-Rocket-Build-Number
X-Fmm-Version
X-Fetched-On
Vix-Hermes-Req-Id
V-Age
X-Fastly-Cache
X-Cache-Bucket
Memcached
X-Varnish-CookieHashed-On
X-Variation
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-V-Cache
Adler-Geo
X-Sigma-Backend
X-Tx-Id
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Viewer-Country
X-WADP-Cache
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Developers
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Wix-Viewer-Type
X-Worker
Apple-News-Services-Handled
Apple-News-Services-Host
X-Sigma
AKAMAI
Environment
X-Server-IP
X-SB
X-Scheme
Source
X-DI
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-VarnishDD-TTL
X-Eu-Site
X-Proxy-Upstream
X-Proxy-Cache-Info
X-DB
X-DW
X-DSS
X-RSL
X-Datadog-Parent-Id
X-Cdn-Origin
X-CGP
X-Response-By
X-Cache-Date
X-Branch-Name
X-Pod-Name
X-RPM
X-RPS
X-Pool
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Rebelmouse-Surrogate-Control
Locid
X-Region-Sid
X-Datadog-Trace-Id
X-Planisys-CDN-TTL
X-Level-Front-Cache
X-Loc
X-Thinkindot-L3
X-TNCMS
X-Is-Gdpr
X-JWT-State
X-Sn-Servicetimems
X-Loop
X-Old-Content-Length
X-Served-From
X-Skip-Cache
X-Block-Status
X-Minions-Version
X-Slack-Backend
X-Irp-Debug
X-Time
X-GeoIP-City
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Generated-On
X-Gamma-Serve
X-Gen-Mode
X-Has-Esi
HostName
X-Httpd
X-Rocket-Nginx-Serving-Static
X-Hnp-Log
X-Srv
X-HN
X-Policy
X-Platform
Origin-CC
Origin-EX
PFcat
Origin
X-Aicache-OS
L5d-Success-Class
User-Cache-Control
Redirect-Candidate
Release
Thinkindot-CacheControl-Type
Thinkindot-Control
Traceparent
Thinkindot-CacheControl
TDXMobile
Req-Svc-Chain
Web-Mar-Region
L
N-Cache
Kp-EeAlive
Fastcgi-Cache-TTL
Fastly-SIE
Cluster
CloudFront-Viewer-Country
X-BBC-Edge-Cache-Status
Arc-Country
CDCHOST
Fastly-SWR
X-Auto-Login
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
CDN
X-CS
Cache
X-Ec-Custom-Error
X-Forwarded-Site
X-EC-Lua
X-VServer
NGX
X-TIME
DSUID
X-Optimistic-Header
Ssr
MD5-Digest
X-Accel-Expires-Debug
X-Date
AMP-Access-Control-Allow-Source-Origin
X-TraceId
X-Parent-Response-Time
X-CacheTTL
X-GeoIP-Region-Code
GEO-INFO
X-GeoIP-Country-Code
X-Akamai-Transformed
X-WP-CF-Super-Cache-Cache-Control
X-ZONE
X-VC
Pics-Label
X-WP-CF-Super-Cache
X-Owner
X-Udemy-Cache-App-Namespace
X-SIPLIST1
X-Ah-Environment
Servername
X-Via-Ucdn
IsBot
X-Dispatcher-Number
X-Scale
X-Refresh
X-NC
X-LB-NoCache
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
Ms-Author-Via
Server-Hostname
Server-Ext
Env
X-Mvc-Supplant-OutputCached
X-Cache-Debug
X-Generated-In
Sever-Int
X-Edge-Pop
X-API-Version
Time
Memory
Fusion-Deployment-Id
X-Newrelic-Synthetics
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-Wikidot-Backend
Geo-Info
CacheControlHeader
X-Wikidot-Static-Cache
X-Xrds-Location
X-Servedbyhost
X-BCube-Filmed-By
True-Client-Country-4JS
X-Ad-Defer-Variation
X-Via-Popv
X-TH-Server
X-Via-Popn
X-Via-Poph
Datacenter
Ohc-File-Size
Cache-Key
X-Amz-Meta-Cb-Modifiedtime
Candidate-Md5Url
X-Action
X-IPLB-Request-ID
X-Backend-TTL
XM
CPC-Cache
X-SplitTest
VNS-Cache
GeoIp-Country-Code
VNS-Age
CPC-Age
X-S-Maxage
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-HA-Backend
X-RateLimit-Reset
Fastly-Backend-Name
ITXSESSIONID
X-WA-Info
Client
X-Presslabs-Stats
FSS-Cache
X-Varnish-Authentication
X-Dynatrace
X-Varnish-Beresp-TTL
Path
X-VCL-Version
Geoip-Latitude
X-Micro-Cache
Server-ID
X-Vc
Edge-Cache
X-Req
X-Provided-By
X-VHOST
X-Cache-Status-Check
X-CACHE-KEY
X-DC
X-AIR-PT
My-App
X-Trace-ID
X-Zone
Cache-Host
X-Cs
Hostname
Ohc-Cache-HIT
X-Origin-Upstream-Status
X-Pass-Why
X-Up
Ngx.Var.Host
X-Fpc
DataCenter
X-TX-ID
X-FireWall-Port
X-LB-ID
NtCoent-Length
True-Client-IP
Lb
X-Webkit-Csp-Report-Only
XkeyRZ
X-Traceid
X-Proxy-CacheRZ
X-Api-Version
X-FPC
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Varnish-Beresp-Ttl
X-Clientip
Powered-By
OT-Force-Account-Verify
Test
X-NGINX-Cache
X-B3-Spanid
Cf-Int-Pingora-Origin-Digest
X-UnsetCookies
X-CSRF-TOKEN
X-ND-Cache
X-Cdn-Request-ID
X-Correlation-ID
X-Beluga-Record
X-CUA
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Cache-Status
X-Webkit-CSP-Report-Only
X-Vcl-Version
X-Time-Microsecs
User-Agent
X-MSEdge-Features
Tracecode
Proxy-Connection
X-Fragments
Resin-Trace
X-RAMCache
X-Dmc
Cf-Device-Type
Target-Params
Server-Id
X-MSEdge-Flight
X-CLOUD-TRACE-CONTEXT
X-Geo
X-TRACE-ID
X-Azure-Ref-OriginShield
X-HS-Status
X-FC-Vary-Parameters
Uri
X-Fastly-Backend
X-URL
X-Platform-Cluster
WZWS-RAY
X-ATG-Version
X-Render-Time
X-Ha-Backend
MIME-Version
X-B3-Traceid-Primal
X-Via-PopH
Lfy
X-Sucuri-Cache
X-Sucuri-ID
X-Var-Ttl
X-Platform-Processor
X-Platform-Router
X-Via-PopV
X-Via-PopN
Srvid
X-ServedByHost
Sid
Rip
GeoIP-Country-Code
GeoIP-Latitude
C-Via
X-INCAP-ABP
X-PX
Fastly-Drupal-HTML
Epwk-X-Cache
Tube-Return
X-Service
X-Gateway-Cache-Key
X-CCDN-CacheTTL
X-Gateway-Cache-Status
X-DynaTrace-JS-Agent
X-Gateway-Request-Id
X-LI-Proto
X-Gateway-Skip-Cache
X-Qnm-Cache
X-NU-AKA-ACS-Version
X-CCDN-Origin-Time
X-Alfa-Service
ENV
Click-Count-Error
X-Proxy-Cache-Hk
Click-Count-Action-Start
X-Varnish-Beresp-Status
X-Li-Proto
Tube-Got-Eval
X-Hcs-Proxy-Type
X-Fetch-By
Tube-Get-Contents
Tube-Got-Results
X-M-Reqid
X-M-Log
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
Cdn
Esi-Enabled
X-Backend-Host
X-Fastly-Backend-Reqs
X-Backend-State
HIT
Magicmarker
X-Esi
X-Cdn-Forward
On-Server
X-Edge-POP
XServer
X-Cache-Expires
X-Request-Start
X-Cache-CFC
X-Srcache-Fetch-Status
X-MG-S
Srv
X-LiteSpeed-Cache-Control
X-Srcache-Store-Status
X-App
Server-Ttl
PICS-Label
X-Newrelic-App-Data
X-Lb-Nocache
X-Bip
ServerName
CF-Cached-On
X-Thanos
Section-Io-Origin-Status
Tcn
Section-Io-Id
X-ElasticPress-Query
Section-Io-Origin-Time-Seconds
X-Yottaa-OS
Section-Origin-Responded
X-HITS
Inserted-Into-Cache-At
X-Iplb-Instance
X-Nc
Cf-Ipcountry
X-Vcache
D-Url-Rewrites
X-APP
X-Acquia-Site
X-Serial
Wpo-Cache-Message
X-Acquia-Application-UUID
X-BBC-Origin-Response-Status
Wpo-Cache-Status
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Iplb-Request-Id
Servedby
Warning
X-HostName
X-Akamai-ERRuleID
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
True-Client-Ip
X-Fastly-Cache-Hits
X-Cache-Config
M-TraceId
Fastcgi-Cache-Ttl
X-Akamai-ERPolicy
X-Th-Server
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-B3-Parentspanid
X-Swift-Error
X-Litespeed-Cache-Control
Cneonction
X-Request-Url
X-Release
X-Snapshot-Date
Ngx
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Tag
X-Back
X-Dist-Code
X-Storefront-Renderer-Verified
X-CF-Powered-By
Content-Style-Type
Content-Script-Type
CountryCode
X-Akamai-Request-ID
X-Dw-Trace-Id
X-Request-URL