Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Amz-Request-Id
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
X-Akamai-Path-Stats
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
X-WebKit-CSP
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Rating
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Url
X-Trace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-MS-InvokeApp
X-Mod-Pagespeed
X-Rack-Cache
X-Ruxit-JS-Agent
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-Server-Name
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-ESI
Accept-Ch
X-Content-Type
Cache-Tag
X-B3-TraceId
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-Amz-Rid
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cnection
X-Px
X-Ac
X-D2id
X-RateLimit-Remaining
X-Element-Page-Cache
X-Navigation-Version
Verso
X-Abt-Application-Version
X-Client-IP
X-Edge
X-Powered-By-Plesk
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Cache-TTL
X-Ser
X-Version
Service-Worker-Allowed
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
Access-Control-Request-Method
X-Correlation-Id
X-Goog-Hash
X-Ruxit-Js-Agent
X-Kinsta-Cache
SPRequestDuration
SPIisLatency
X-Webkit-Csp
X-Edge-Location-Klb
X-TTL
AR-SID
AR-PoweredBy
AR-Request-ID
AR-CACHE
AR-ATIME
X-Ttl
X-Upstream
X-Cached
X-NWS-LOG-UUID
X-RateLimit-Limit
X-LLID
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
SPRequestGuid
X-Powered-CMS
X-SharePointHealthScore
Edge-Cache-Tag
X-Litespeed-Cache
Nginx-Cache
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-Cache-Key
Content-MD5
TCN
X-MSEdge-Ref
Mrf-Cache-Status
MRF-Tech
X-Id
X-Shield-Request-Id
X-Daa-Tunnel
X-B3-TraceId-Primal
X-T
MS-Author-Via
X-Recruiting
S
X-Content-Digest
X-Mg-S
X-Ua-Device
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Protected-By
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Accel-Expires
X-HS-Cache-Config
X-Frontend
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Content
X-Grace
X-Ua-Browser
X-Ab
Front-End-Https
X-Request-Received
X-ECACHE
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Server-Node
X-DataDome
Filters
X-Server-ID
X-Mid
X-DynaTrace
Fastcgi-Cache
X-PressLabs-Stats
TP-Cache
TP-L2-Cache
X-Origin-Server
X-ORACLE-DMS-ECID
X-Geo-Country
X-Hits
X-Distributor
X-ORACLE-DMS-RID
X-Debug-Info
X-Microsite
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
X-Amzn-Trace-Id
X-Tt-Trace-Host
Charset
Cleartype
X-Tt-Trace-Tag
X-DIS-Request-ID
Host
X-Git-Hash
X-Page-Id
X-WebKit-CSP-Report-Only
X-F-Cache
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Pinterest-Rid
X-LB-Cache
Pinterest-Generated-By
Pinterest-Version
X-Www-Served-By
X-Forwarded-Proto
X-Cache-Age
X-MCACHE
Access-Control-Allow-Method
ServerID
X-Seen-By
X-AppVersion
Cache-Status
X-Az
Cache-Tags
X-Activity-Id
X-Cluster-Name
X-Aspnetmvc-Version
Realpath
X-Varnish-Age
Accept-Charset
Filterid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Language
X-Rid
X-XRDS-LOCATION
X-Content-Options
Server-Name
X-Type
X-Nginx-Upstream-Cache-Status
X-App-Environment
X-Oracle-Dms-Ecid
X-Varnish-Grace
Node
Retry-After
Country
X-Origin-Cache
Viewport
X-Tb
X-Upgrade-Enabled
X-Oracle-Dms-Rid
X-User-Agent
X-Mobile-URL
X-NWS-UUID-VERIFY
X-Whom
X-Aspnet-Duration-Ms
X-B-Cache
X-Drupal-Cache-Tags
X-FB-Debug
Paypal-Debug-Id
DC
X-Route-Name
X-Request-Guid
X-Signature
X-Providence-Cookie
X-Wix-Request-Id
X-Is-Crawler
X-Flags
X-TT
X-Varnish-Backend
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
Protected
X-Goog-Stored-Content-Length
X-VCache
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
Fastcgi-Useragent
X-Via-JSL
X-B
X-Fastly-Request-Id
X-N
X-Fastly-Request-ID
X-Fastcgi-Cache
X-Debug
X-Amz-Replication-Status
X-Cache-NGX
Payment
X-Logged-In
X-Contextid
X-Load-Cache
WPO-Cache-Status
WPO-Cache-Message
Surrogate-Key
X-Template
X-Amz-Meta-S3cmd-Attrs
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-FW-Type
X-Cache-Control
Count-Hit
X-FW-Serve
X-Node-Name
X-Browser-Type
X-Erf-Bev-Bev
Healthy
X-Trace-Id
X-Erf-Bev-Bev-Is-Generated
Permissions-Policy
X-XRDS-Location
Amp-Access-Control-Allow-Source-Origin
SD-X-WS
X-Original-Request-Id
X-G
X-Response-Served-From
Content-Disposition
X-Mcache
X-Jobs
Refresh
X-Cache-Time
X-Proxy
Akamai-GRN
Uber-Trace-Id
X-Zen-Fury
X-Real-IP
X-UUID
X-Is-Bot
X-Rendered-As
X-Cacheable-TTL
X-Hostname
X-Framework
X-Akamai-Request-ID2
X-Revision
X-Mobile
X-Http-Reason
X-Cache-TTL-Remaining
X-Proxy-Cache-Status
X-Adobe-Loc
X-Page-View
X-Adobe-Content
Access-Control-Request-Headers
VIX-Pulpo-Node
NGB
VIX-Pulpo-Upstream-Status
X-Instance
X-Debug-IsPreview
X-Device-Type
Alternate-Protocol
X-Debug-IsConnected
X-Drupal-Cache-Contexts
X-Yottaa-Optimizations
Url
X-Yottaa-Metrics
X-IPLB-Instance
X-Servername
X-ECache
X-Cache-Grace
X-Source
X-B3-Traceid
Version
From-Origin
X-Varnish-Server
X-Mg-Request-UUID
X-Cache-Rule
X-Restarts
X-NGENIX-Cache
X-Parallel-Accel
X-Environment-Context
X-Vgn-Hpd-Reason
X-L-Path
X-Oneagent-Js-Injection
Accept-Language
X-Cache-Hit
X-Cache-Expired-At
X-EdgeConnect-Cache-Status
Countrycode
Ms-Operation-Id
X-RTag
MS-CV
X-Datadome
Referer-Policy
X-HTML-Minification-Powered-By
X-App-Server
Frame-Options
Liferay-Portal
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-FW-Version
X-NYM-Debug-Backend
X-Tumblr-Pixel
Cross-Origin-Window-Policy
X-COUNTRY
Backend
X-IPS-LoggedIn
X-Nginx-Cache
X-Cache-Action
X-ProcessESI
X-RemovedCookies
Content-Secure-Policy
Section-Io-Cache
WP-Super-Cache
X-RN-RSRV
X-Redis-Cache
Upgrade-Insecure-Requests
X-UPSTREAM-Address
X-Cache-Server
Meta-Geo
CF-IPCountry
Cache-Tv-Group
X-Hosted-By
Ec-Rule-Version
X-Content-Age
X-Cache-Enabled
X-No-Session
X-APP-VERSION
X-Generation-Time
X-FB-TRIP-ID
X-PCL
X-Region
X-Ua
X-UA-Device-Type
X-Web-Node
X-Detected-As
X-OCL
X-Say-Cacheable
TWC-GeoIP-Country
X-Via-Fastly
X-Varnish-Cache-Hits
X-Request-Time
TWC-GeoIP-LatLong
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Apigw-Requestid
X-Uri
X-Say-TTL
S-Rt
X-Site-Version
X-Storage
X-Sql-Duration-Ms
TWC-Connection-Speed
X-Urbn-Context-Path
X-SayCDN-TTL
X-Section
X-Server-W
X-Urbn-Site-Id
X-PHP-Backend
TWC-Locale-Group
Webcakes-Region
X-Format
X-Generated-By
Webcakes-App-Version
X-Access
X-Cluster-Node
X-AOL-HN
X-Be
X-Sql-Count
Mn-Server-Ip
Locale
Fastly-SSL
Azure-Version
X-Origin-Date
Azure-SlotName
X-Origin-Hint
Property-Id
TWC-Privacy
Webcakes-App-Name
X-Human
X-Nginx-Cache-Key
X-Akamai-Edgescape
TWC-Device-Class
X-Mode
X-TT-LOGID
X-ProxyCache-Status
X-ProxyCache-Key
X-Adobe-Source
CDN-Cache
X-Unique-Id
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
CDN-CachedAt
CDN-PullZone
X-PERF
X-Debug-Cache
Eomportal-Instance
X-Forwarded-Host
X-Platform-Server
CDN-Uid
X-ShopId
CDN-RequestCountryCode
CDN-RequestId
CDN-EdgeStorageId
X-Hyper-Cache
X-Cache-Host
X-Content-Powered-By
X-Xfnlog-Site
X-ApacheServer
X-Cache-Tags
X-Alternate-Cache-Key
X-Status
X-ShardId
X-BYPASS-REASON
X-Ratelimit-Remaining
X-Cache-Type
X-Backend-Name
X-JoinUs
X-Midtier
X-Proxied
X-Handled-By
X-Varnishpool
X-ServerID
X-Extlb
X-Tid
X-SaId
X-Routing-Service
X-Hl-Ver
X-Webkit-CSP
X-NewRelic-App-Data
X-Zipkin-Id
X-Locale
X-PHP-Host
X-Labrador-Cache-Channel
Selected-Fe
X-Rule
X-Proxy-Build
X-Timing-Wait
X-LJ-Flow-ID
X-AWS-Id
ServedBy
X-Cache-Operation
X-VWS-Id
X-GG-Cache-Date
Webserver
X-VC-Cache
X-Dc
X-Edge-Location
X-Cms-Context
X-Storefront-Renderer-Rendered
X-LSADC-Cache
X-Accel-Buffering
X-Proto
X-Rewrite-Enabled
X-Cached-By
SID
SRV
X-Cache-Remote
X-Soup
Web-Mar-Node
X-App-Version
Fastly-Drupal-Html
Mime-Version
X-CDN-Forward
Xserver
Onion-Location
Load-Balancing
X-TA-CDN-Provider
X-Cdn
X-GeoCode
X-Pubstack
X-GeoCountry
X-Varnish-Hostname
X-Reqid
X-GEO
Cache-Hits
Country-Code
X-Buckets
X-Request-Host
X-Origin-CC
X-Origin-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Microcachable
X-Ratelimit-Limit
Decoy-Debug-TTL
X-Cluster
X-Varnish-Hits
Server-Info
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Ms-Request-Id
X-CSRF-Token
X-Ms-Version
X-Envoy-Decorator-Operation
X-SRV
X-Time
Xet-Cookie
LB
X-Magnolia-Registration
X-Air-Hostname
X-Amz-Apigw-Id
X-Air-Trace-Id
X-Air-Source
X-Amzn-RequestId
X-NCache
X-B3-SpanId
X-Bc-Bl
X-Endurance-Cache-Level
Cache
X-RCS-CacheZone
DB-Nickname
DynaTrace
X-Epic-Correlation-Id
X-Conf
X-Vtex-Remote-Cache
X-S
X-Ec-GeoHdr
X-Connection-Hash
X-AK-Request-ID
X-S-Cookie
X-Aed
X-ScT
X-Orig-Expires
X-Geo-Header
Lang
X-A-Wwc
X-A-Dgt
X-Vtex-Processado-Em
X-External-Request-Id
X-Core-Mission
X-SD-PageType
Host-ID
X-Session-Fingerprint
X-Shop-Environment
Xc-Version
X-Rojux
X-Processor
DCR-Processing-Time-Ms
A
X-B-Cookie
X-Cache-Id
DCR-Decision-By
X-Cache-Bucket
Cdncip
Cdnsip
BehaviorPad-Version
Cmsid
Cmstype
X-Cache-NE
Expiry
X-Gzip
X-CF-Lambda-Version
X-Ig-Push-State
Surrogated-Key
X-ARC
X-CF-Lambda-Fn
X-Webstats-RespID
Fastcgi-X-Cache-Version
X-Esi-Check
Sslversion
X-Cdn-Srv
X-Application
X-NAPM-TraceId
X-PBS-Appsvrname
Odigeo-Trace-Id
X-Ftr-Request-Id
T-Server
X-Vdms-Path
NM-Fastcgi-Cache
X-TIM-N
X-Node-Id
X-A-Ccd
X-Varnish-Beresp-Grace
X-SVT-ORM-VERSION
X-Tenant
X-Vdms-Version
X-PAYTM-SRV-ID
X-From
X-SRCache-Key
X-A
X-SVT-ORM-RULES
X-Hash
X-A-Dam
MD5-Digest
X-Forwarded-Path
X-User
Rendered-Blocks
X-Fetched-On
X-HS-Content-Campaign-Id
X-Ec-Fail
X-D
X-TrackingId
X-Device-Os
X-VG-WebCache
X-A-Dcw
X-Developer
Mobile-Detection-Method
X-Destination
Meta-Geo-Continent
Pramga
Cache-Name
Source
X-R9-Blue-Green-Version
X-Varnish-Ttl
X-ZONE
X-Mvc-Supplant-Cachable
X-Worker
Release
X-Location
Memcached
Wxu-Next-Hostname
Mail-Subject
Wxu-Next-Commit
We-Hiring
CloudFront-Viewer-Country
X-Origin-Response-Time
X-Planisys-CDN-TTL
Producers
X-Origin-Time
Is-Eu
X-Amzn-Remapped-Content-Length
Web-Mar-Region
Machine
X-Loop
Origin-EX
Fastly-GeoIP-CountryCode
X-Planisys-CDN-Cache
Wxu-Next-Region
Environment
Origin-CC
X-Planisys-CDN-Rules
Platform
Server-Host
X-Origin
X-Nyt-Route
X-Gdpr
X-Skip-Cache
X-NodeID
X-Slack-Backend
X-Dispatcher-Number
Traceparent
X-Is-Gdpr
X-Sigma-Backend
X-Tx-Id
X-Ec-Custom-Error
X-Hnp-Log
X-Gen-Mode
X-DPWN-IS-SECURE
TDXMobile
X-Thinkindot-L3
X-Fmm-Version
Thinkindot-CacheControl-Type
X-V-Cache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
X-Developers
X-DefHash
X-DefElseHash
X-Irp-Debug
Thinkindot-CacheControl
X-TNCMS
X-Varnish-Remaining-TTL
X-Has-Esi
X-Fastly-Cache
X-CacheTTL
X-Cache-Info
X-Azure-Ref
X-Wix-Viewer-Type
User-Cache-Control
X-JWT-State
Adler-Geo
X-Cache-Backend
X-Block-Status
X-Cache-Date
X-LAGOON
AKAMAI
X-Rocket-Build-Number
X-Ckpd-Fst-Backend
State
X-Core-Value
Thinkindot-Control
X-VServer
X-Sigma
X-Origin-Expires
X-GeoIP
X-Clara-WADP
X-WADP-Cache
X-SB
CDN
X-Server-IP
X-Scheme
Vix-Hermes-Req-Id
V-Age
X-GeoIP-City
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Gamma-Serve
X-Datadog-Trace-Id
X-HN
X-Eu-Site
X-Httpd
X-Forwarded-Site
X-Generated-On
X-Csrf-Jwt
X-Loc
X-Auto-Login
X-Aicache-OS
X-Level-Front-Cache
X-BBC-Edge-Cache-Status
X-CGP
X-Cdn-Origin
X-Branch-Name
X-Minions-Version
X-Rocket-Nginx-Serving-Static
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
HostName
Apple-News-Services-Host
Apple-News-Services-Handled
X-Proxy-Upstream
CDCHOST
Fastcgi-Cache-TTL
Fastly-SIE
X-Pool
DSUID
Cluster
X-Qloud-Router
X-RateLimit-Limit-Second
X-Via-NSCOPI
X-Viewer-Country
X-Sn-Servicetimems
X-VG-TLSProxy
X-VarnishDD-TTL
X-SIPLIST1
X-Served-From
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Request-URI
Fastly-SWR
X-Proxy-Cache-Info
X-Policy
X-IPLB-Request-ID
X-Via-Ucdn
PFcat
NGX
Redirect-Candidate
Svr
Server-Ext
Server-Hostname
Sever-Int
Req-Svc-Chain
Ssr
N-Cache
Origin
Kp-EeAlive
IsBot
Gh-Request-Id
Ha-Gx-Prefs
L
HA-Ipaddr
X-Pod-Name
L5d-Success-Class
X-Platform
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Ohc-File-Size
AMP-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Cache-Control
Arc-Country
X-Optimistic-Header
Locid
X-WP-CF-Super-Cache
X-Men
X-Scale
X-Owner
X-Parent-Response-Time
X-Srv
X-EC-Lua
X-Newrelic-Synthetics
X-CS
X-Response-By
Pics-Label
X-Refresh
X-NC
X-VC
X-Old-Content-Length
X-TraceId
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-KEY
X-DB
Candidate-Md5Url
X-Wikidot-Static-Cache
X-Ad-Defer-Variation
X-DI
X-Wikidot-Backend
X-RPM
X-Ah-Environment
X-DW
X-DSS
X-BCube-Filmed-By
Datacenter
X-RPS
X-RSL
Cache-Key
Ms-Author-Via
X-Udemy-Cache-App-Namespace
CPC-Cache
VNS-Age
VNS-Cache
X-SplitTest
XM
X-LB-NoCache
X-Mvc-Supplant-OutputCached
Env
X-Cache-ASPX
X-Contensis-Viewer-Groups
CPC-Age
Time
X-Accel-Expires-Debug
X-Date
Servername
X-Edge-Pop
Memory
GEO-INFO
X-Akamai-Transformed
X-Amz-Meta-Cb-Modifiedtime
X-WA-Info
X-Varnish-Authentication
X-GeoIP-Region-Code
X-Cache-Status-Check
Fastly-Backend-Name
X-GeoIP-Country-Code
X-Generated-In
X-TIME
Lb
X-Xrds-Location
X-Tt-Logid
X-Via-Poph
GeoIp-Country-Code
X-Via-Popv
X-Via-Popn
X-Cache-Debug
X-Micro-Cache
X-HA-Backend
Path
X-API-Version
X-Servedbyhost
ITXSESSIONID
X-AIR-PT
X-S-Maxage
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Source
Ohc-Cache-HIT
X-RateLimit-Reset
Geo-Info
CacheControlHeader
Client
Geoip-Latitude
X-VCL-Version
True-Client-Country-4JS
X-Action
X-Vc
Cache-Host
FSS-Cache
X-TH-Server
Ngx.Var.Host
True-Client-IP
X-Cs
X-VHOST
Server-ID
X-Backend-TTL
X-Api-Version
X-Varnish-Beresp-TTL
X-DC
X-Trace-ID
XkeyRZ
X-Proxy-CacheRZ
X-Clientip
X-Presslabs-Stats
Hostname
X-TX-ID
X-Req
Edge-Cache
X-FireWall-Port
X-Webkit-Csp-Report-Only
My-App
X-Fpc
Powered-By
X-Provided-By
X-Zone
X-FPC
X-PX
NtCoent-Length
X-B3-Spanid
X-Pass-Why
X-Origin-Upstream-Status
X-Varnish-Beresp-Ttl
X-Dmc
X-Up
X-Traceid
Test
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-Cdn-Request-ID
X-INCAP-ABP
X-MSEdge-Features
X-MSEdge-Flight
X-Render-Time
X-CSRF-TOKEN
X-LB-ID
X-Correlation-ID
X-Beluga-Status
X-Beluga-Response-Time
X-Webkit-CSP-Report-Only
DataCenter
X-Vcl-Version
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Node
Server-Id
User-Agent
C-Via
X-HS-Status
X-Beluga-Cache-Status
X-Li-Pop
X-Li-Fabric
X-Gateway-Cache-Key
X-LI-UUID
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Service
Tcn
Click-Count-Error
Tube-Get-Contents
Tube-Got-Results
Tube-Got-Eval
Click-Count-Action-Start
X-Gateway-Cache-Status
X-UnsetCookies
Proxy-Connection
Rip
OT-Force-Account-Verify
Tube-Return
X-M-Reqid
X-Ha-Backend
X-Via-PopN
X-Via-PopH
X-Via-PopV
Uri
X-URL
X-Time-Microsecs
X-RAMCache
X-DynaTrace-JS-Agent
HIT
X-M-Log
X-Qnm-Cache
WZWS-RAY
Esi-Enabled
X-ND-Cache
X-ServedByHost
X-Alfa-Service
Srvid
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
X-Geo
GeoIP-Country-Code
Resin-Trace
On-Server
X-CUA
GeoIP-Latitude
Sid
X-Check-Cacheable
MIME-Version
X-Akamai-Pragma-Client-IP
X-Platform-Cluster
X-CCDN-CacheTTL
X-Platform-Processor
X-CCDN-Origin-Time
Cf-Device-Type
X-Fetch-By
Srv
X-Platform-Router
Epwk-X-Cache
X-Hcs-Proxy-Type
X-LI-Proto
Target-Params
X-APP
X-Fragments
X-Proxy-Cache-Hk
Tracecode
X-ATG-Version
X-Cdn-Forward
X-TRACE-ID
Fastly-Drupal-HTML
X-Fastly-Backend
X-Backend-Host
X-FC-Vary-Parameters
X-Fastly-Backend-Reqs
Lfy
X-Var-Ttl
ENV
X-Sucuri-ID
X-Sucuri-Cache
X-Azure-Ref-OriginShield
X-Esi
Cdn
Section-Io-Id
X-Cache-Expires
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
XServer
ServerName
X-Lb-Nocache
WebServer
X-Varnish-Beresp-Status
X-B3-Traceid-Primal
X-Edge-POP
X-Srcache-Fetch-Status
X-HostName
X-MG-S
X-Srcache-Store-Status
X-LiteSpeed-Cache-Control
X-Backend-State
X-Newrelic-App-Data
X-Li-Proto
X-NU-AKA-ACS-Version
X-Yottaa-OS
Magicmarker
Inserted-Into-Cache-At
X-ElasticPress-Query
X-App
CF-Cached-On
PICS-Label
X-Edge-Origin-Shield-Bytes
X-CF-Powered-By
X-Edge-Origin-Shield-Region
M-TraceId
D-Url-Rewrites
X-Acquia-Application-UUID
Server-Ttl
Wpo-Cache-Status
Cf-Ipcountry
X-Nc
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Purge-Tags
X-Vcache
Wpo-Cache-Message
X-Serial
X-Iplb-Request-Id
X-Dw-Trace-Id
X-Iplb-Instance
Servedby
Warning
Fastcgi-Cache-Ttl
Dt-Hot-News
X-Wp-Cf-Super-Cache
X-Vercel-Cache
X-B3-Parentspanid
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Id
X-Fastly-Cache-Hits
X-IN-APIGATEWAYSSL
X-Release
X-Request-URL
X-BBC-Origin-Response-Status
CountryCode
Content-Script-Type
X-Th-Server
X-Back
Content-Style-Type
X-Dist-Code
X-Request-Url
X-Request-Start
X-Storefront-Renderer-Verified
X-IN-APIGATEWAY
X-Litespeed-Cache-Control
Cneonction
X-Snapshot-Date
Ngx
X-Cache-CFC