Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
P3p
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Akamai-Path-Stats
X-Backend
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
X-Pingback
Surrogate-Control
Request-Id
Cf-Edge-Cache
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
X-Cloud-Trace-Context
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Url
Accept-Ch
X-Country
Accept-Ch-Lifetime
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
RTSS
Edge-Control
X-VARITI-CCR
X-Server-Name
X-ESI
X-Amz-Server-Side-Encryption
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Amz-Rid
X-Px
Public-Key-Pins
X-FastCGI-Cache
X-Cnection
X-Edge
X-D2id
X-Ac
X-Ser
X-Navigation-Version
X-Element-Page-Cache
Verso
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-Middleton-Display
Pagespeed
Display
X-Sol
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-RateLimit-Remaining
Service-Worker-Allowed
X-Country-Code
X-Content-Security-Policy-Report-Only
Response
X-Middleton-Response
X-NF-Request-ID
X-Goog-Hash
Access-Control-Request-Method
X-Correlation-Id
SPRequestDuration
SPIisLatency
X-Ttl
X-Cached
X-Kinsta-Cache
AR-Request-ID
AR-SID
AR-PoweredBy
X-Edge-Location-Klb
AR-CACHE
AR-ATIME
X-SharePointHealthScore
SPRequestGuid
X-TTL
X-Powered-CMS
X-Upstream
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-LLID
Edge-Cache-Tag
X-NWS-LOG-UUID
X-Forwarded-For
X-Litespeed-Cache
Content-MD5
Nginx-Cache
X-Ruxit-Js-Agent
X-Id
X-Cache-Key
X-MSEdge-Ref
X-RateLimit-Limit
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
TCN
X-T
X-Recruiting
X-ECACHE
S
X-B3-TraceId-Primal
X-Daa-Tunnel
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Digest
X-WebKit-CSP-Report-Only
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Ua-Device
X-Accel-Expires
X-Grace
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Protected-By
X-Content
MicrosoftSharePointTeamServices
X-Ab
X-Ua-Browser
X-Frontend
MS-Author-Via
X-Ezoic-Cdn
X-DynaTrace
TP-L2-Cache
X-Request-Received
TP-Cache
X-Request-Processing-Time
Server-Node
X-Yandex-Sdch-Disable
Filters
Front-End-Https
X-DataDome
X-PressLabs-Stats
X-Origin-Server
X-Distributor
X-Server-ID
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Geo-Country
X-Hits
X-Mid
X-ORACLE-DMS-RID
X-Request-Handler-Origin-Region
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Microsite
X-LB-Cache
X-Amzn-Trace-Id
Charset
Cleartype
Host
X-Debug-Info
X-Webkit-Csp
X-Git-Hash
X-Ratelimit-Reset
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Fastly-Request-Id
X-Page-Id
X-F-Cache
X-Forwarded-Proto
X-Cache-Age
X-DIS-Request-ID
X-Mcache
Cache-Status
Realpath
X-Seen-By
Access-Control-Allow-Method
X-Www-Served-By
X-Az
X-Activity-Id
X-AppVersion
ServerID
Pinterest-Version
Pinterest-Generated-By
Accept-Charset
X-Pinterest-Rid
X-Webkit-CSP
Filterid
X-Varnish-Age
Cache-Tags
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Aspnetmvc-Version
X-Content-Options
X-Rid
X-Type
Retry-After
X-Language
X-FB-Debug
Server-Name
X-XRDS-LOCATION
X-App-Environment
Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Viewport
X-User-Agent
X-Tb
X-Varnish-Backend
X-Drupal-Cache-Tags
X-Varnish-Grace
X-Upgrade-Enabled
Paypal-Debug-Id
Node
DC
X-B-Cache
X-Signature
X-TT
X-Whom
X-Wix-Request-Id
X-Oracle-Dms-Ecid
X-Goog-Stored-Content-Encoding
Permissions-Policy
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Origin-Cache
X-VCache
X-B
X-Route-Name
X-Flags
X-Mobile-URL
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Aspnet-Duration-Ms
X-Oracle-Dms-Rid
X-MCACHE
X-Debug
X-NWS-UUID-VERIFY
Protected
X-Oneagent-Js-Injection
Fastcgi-Useragent
X-Amz-Replication-Status
X-Amz-Meta-S3cmd-Attrs
X-N
X-Logged-In
X-Cache-NGX
Payment
X-Load-Cache
WPO-Cache-Status
Surrogate-Key
WPO-Cache-Message
X-Via-JSL
X-Cache-Control
X-Contextid
Count-Hit
Healthy
X-Node-Name
X-Erf-Bev-Bev
Amp-Access-Control-Allow-Source-Origin
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-FW-Static
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Dynamic
X-FW-Hash
X-Mobile
X-Template
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-Midtier
X-Proxy
Akamai-GRN
Refresh
Content-Disposition
Alternate-Protocol
X-NGENIX-Cache
X-Restarts
X-Cache-Time
X-XRDS-Location
Url
X-G
X-Revision
X-Jobs
X-Zen-Fury
X-Cache-TTL-Remaining
X-UUID
X-Akamai-Request-ID2
X-Framework
X-Real-IP
Uber-Trace-Id
X-Is-Bot
X-Drupal-Cache-Contexts
X-Servername
X-Proxy-Cache-Status
X-Adobe-Content
X-Rendered-As
X-Adobe-Loc
X-Device-Type
VIX-Pulpo-Upstream-Status
NGB
X-Debug-IsPreview
X-Cacheable-TTL
VIX-Pulpo-Node
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Trace-Id
Access-Control-Request-Headers
X-Yottaa-Metrics
X-Instance
X-Http-Reason
X-Page-View
X-Cache-Grace
X-Ratelimit-Remaining
X-Mg-Request-UUID
X-Datadome
X-Varnish-Server
X-IPLB-Instance
X-Hostname
X-Environment-Context
Version
X-L-Path
X-Source
X-ECache
X-EdgeConnect-Cache-Status
X-B3-Traceid
X-HTML-Minification-Powered-By
Accept-Language
MS-CV
Countrycode
Ms-Operation-Id
X-RTag
Frame-Options
X-Fastly-Request-ID
From-Origin
X-Cache-Rule
X-Cache-Hit
X-Fastcgi-Cache
X-NYM-Debug-Backend
Referer-Policy
Liferay-Portal
X-Cache-Expired-At
X-App-Server
X-Vgn-Hpd-Reason
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
Backend
X-Tumblr-Pixel-0
X-Nginx-Cache
X-IPS-LoggedIn
X-FW-Version
X-COUNTRY
X-Hosted-By
Content-Secure-Policy
X-Unique-Id
X-Ratelimit-Limit
X-Cache-Server
Upgrade-Insecure-Requests
X-RN-RSRV
X-UPSTREAM-Address
Meta-Geo
X-Generation-Time
X-No-Session
X-Redis-Cache
X-PCL
X-Cache-Enabled
X-OCL
Section-Io-Cache
X-Ua
X-FB-TRIP-ID
Azure-Version
Azure-SlotName
X-Request-Time
X-Format
X-Origin-Hint
X-Server-W
X-PHP-Backend
Mn-Server-Ip
X-Uri
TWC-GeoIP-Country
Webcakes-App-Version
X-Varnish-Cache-Hits
Webcakes-App-Name
X-Be
WP-Super-Cache
TWC-GeoIP-LatLong
X-RemovedCookies
X-Akamai-Edgescape
X-UA-Device-Type
X-Cluster-Node
X-ProcessESI
S-Rt
TWC-Device-Class
Azure-RegionName
Azure-InstanceId
X-Region
Apigw-Requestid
X-Access
X-Via-Fastly
Azure-SiteName
TWC-Connection-Speed
Webcakes-Region
TWC-Privacy
X-AOL-HN
X-Section
Property-Id
X-Origin-Date
TWC-Locale-Group
X-NewRelic-App-Data
CF-IPCountry
X-Mode
X-Content-Age
X-BYPASS-REASON
X-PERF
X-Labrador-Cache-Channel
X-Alternate-Cache-Key
X-Cache-Host
X-Sql-Duration-Ms
X-PHP-Host
X-Site-Version
X-ApacheServer
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Sql-Count
X-Shopify-Stage
X-ShopId
X-SayCDN-TTL
X-ShardId
X-Status
X-Say-TTL
X-Urbn-Site-Id
X-Human
Eomportal-Instance
X-Locale
X-Nginx-Cache-Key
X-Urbn-Context-Path
X-ProxyCache-Key
X-ProxyCache-Status
X-Generated-By
X-Forwarded-Host
X-Debug-Cache
X-Say-Cacheable
X-Parallel-Accel
X-Xfnlog-Site
X-Storage
Locale
Fastly-SSL
X-Content-Powered-By
X-Web-Node
X-Cache-Tags
X-Adobe-Source
X-Zipkin-Id
X-Varnishpool
X-ServerID
X-Routing-Service
X-Hl-Ver
X-JoinUs
X-Proxied
X-SaId
X-Extlb
X-Backend-Name
X-APP-VERSION
X-Cache-Type
X-Detected-As
X-Tid
X-Cms-Context
X-VC-Cache
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
Cache-Tv-Group
X-Platform-Server
X-GG-Cache-Date
X-Handled-By
Ec-Rule-Version
X-Cache-Action
Load-Balancing
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Proxy-Build
CDN-RequestId
X-Timing-Wait
CDN-Uid
Selected-Fe
CDN-PullZone
CDN-Cache
CDN-CachedAt
X-App-Version
ServedBy
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Dc
X-GeoCode
X-GeoCountry
X-Proto
Web-Mar-Node
X-TT-LOGID
Fastly-Drupal-Html
X-LSADC-Cache
X-Hyper-Cache
Webserver
Onion-Location
SRV
X-Rule
X-Cache-Remote
X-Cached-By
X-GEO
Mime-Version
X-CDN-Forward
X-Cache-Operation
X-Varnish-Hostname
SID
Cache-Hits
X-Rewrite-Enabled
X-Soup
X-Cluster
X-Cdn
Xet-Cookie
Xserver
X-SRV
X-Pubstack
X-Origin-TTL
X-Accel-Buffering
X-Origin-CC
X-Varnish-Ttl
X-Magnolia-Registration
X-Varnish-Hits
X-Air-Hostname
X-IPLB-Request-ID
X-Envoy-Decorator-Operation
X-Air-Source
X-Reqid
X-Air-Trace-Id
Server-Info
Country-Code
X-Microcachable
X-TA-CDN-Provider
X-MP-GENERATED-AT
X-CSRF-Token
X-Buckets
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
DB-Nickname
LB
Cache
X-Request-Host
Source
X-Time
X-Amz-Apigw-Id
X-Newrelic-Synthetics
X-Ms-Version
X-Ms-Request-Id
X-B3-SpanId
X-Amzn-RequestId
X-Origin-Response-Time
X-Endurance-Cache-Level
X-Via-NSCOPI
X-SD-PageType
X-ScT
X-Session-Fingerprint
X-Shop-Environment
X-Tenant
Cmsid
X-SRCache-Key
X-S-Cookie
Cmstype
X-Processor
X-PBS-Appsvrname
X-CF-Lambda-Fn
Xc-Version
X-B-Cookie
X-TIM-N
X-Rojux
X-S
Cdnsip
X-Cache-Id
X-Cache-NE
X-Vtex-Processado-Em
X-Aed
X-Vdms-Path
X-VG-WebCache
X-Vdms-Version
A
BehaviorPad-Version
Cdncip
X-AK-Request-ID
X-TrackingId
X-Application
X-CF-Lambda-Version
X-Cdn-Srv
X-User
X-Vtex-Remote-Cache
X-A-Wwc
X-Ec-GeoHdr
X-Ec-Fail
Rendered-Blocks
Sslversion
X-Epic-Correlation-Id
X-Esi-Check
Pramga
X-Forwarded-Path
X-External-Request-Id
X-Developer
X-Destination
T-Server
X-A-Dam
X-Conf
X-A-Dcw
Surrogated-Key
X-A-Dgt
X-D
X-Connection-Hash
Odigeo-Trace-Id
X-Ftr-Request-Id
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-ARC
X-Hash
DCR-Processing-Time-Ms
X-NAPM-TraceId
X-A
X-PAYTM-SRV-ID
X-Orig-Expires
Expiry
X-Gzip
Meta-Geo-Continent
Mobile-Detection-Method
NM-Fastcgi-Cache
X-Geo-Header
MD5-Digest
Fastcgi-X-Cache-Version
Host-ID
Lang
DCR-Decision-By
X-A-Ccd
X-Tt-Logid
X-Skip-Cache
X-NCache
X-CACHE-KEY
X-RCS-CacheZone
X-Bc-Bl
X-Cache-Info
X-CacheTTL
X-Cache-Bucket
X-Cache-Backend
X-Amzn-Remapped-Content-Length
X-WADP-Cache
X-Via-Ucdn
X-Ckpd-Fst-Backend
X-DefElseHash
X-Varnish-Remaining-TTL
X-Core-Value
X-Core-Mission
X-Clara-WADP
X-Worker
Wxu-Next-Region
Mail-Subject
Memcached
Machine
Is-Eu
Fastly-GeoIP-CountryCode
Platform
Producers
Wxu-Next-Commit
Wxu-Next-Hostname
We-Hiring
State
Server-Host
X-DefHash
X-Developers
X-SB
X-Scheme
X-Rocket-Build-Number
X-Origin-Time
X-Nyt-Route
X-Origin-Expires
X-Server-IP
X-Sigma
X-V-Cache
X-Variation
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sigma-Backend
X-NodeID
X-Node-Id
X-Azure-Ref
X-Fastly-Cache
Environment
X-DPWN-IS-SECURE
X-Device-Os
X-Fetched-On
X-Fmm-Version
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Varnish-CookieINHashed-On
X-GeoIP
X-Gdpr
X-Varnish-CookieHashed-On
X-Origin
Adler-Geo
AKAMAI
X-Varnish-Beresp-Grace
Cache-Name
HostName
X-Generated-On
X-Eu-Site
X-Forwarded-Site
X-GeoIP-City
X-Gen-Mode
X-Gamma-Serve
X-Hnp-Log
X-Loc
X-Minions-Version
X-Planisys-CDN-Cache
X-Level-Front-Cache
X-LAGOON
X-Ec-Custom-Error
X-Httpd
X-HN
X-Datadog-Sampling-Priority
X-Branch-Name
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Block-Status
X-BBC-Edge-Cache-Status
X-Aicache-OS
X-Auto-Login
X-Cache-Date
Apple-News-Services-Host
X-Datadog-Parent-Id
X-Planisys-CDN-Rules
X-Datadog-Trace-Id
X-Csrf-Jwt
X-CGP
Apple-News-Services-Handled
X-Cdn-Origin
X-Dispatcher-Number
X-Platform
X-Wikidot-Backend
X-Wikidot-Static-Cache
Kp-EeAlive
X-Viewer-Country
X-VG-TLSProxy
X-Cache-Status-Check
X-Thinkindot-L3
X-VarnishDD-TTL
X-Has-Esi
X-Is-Gdpr
Cache-Key
Candidate-Md5Url
X-BCube-Filmed-By
X-Wix-Viewer-Type
X-TNCMS
X-JWT-State
X-Loop
X-Sn-Servicetimems
X-Slack-Backend
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Qloud-Router
X-Pool
X-Policy
X-R9-Blue-Green-Version
X-Pod-Name
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
DynaTrace
X-Served-From
X-SIPLIST1
X-Request-URI
X-Region-Sid
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Planisys-CDN-TTL
X-Rocket-Nginx-Serving-Static
Gh-Request-Id
Thinkindot-Control
Req-Svc-Chain
Thinkindot-CacheControl-Type
User-Cache-Control
V-Age
Redirect-Candidate
Web-Mar-Region
Release
Vix-Hermes-Req-Id
Fastcgi-Cache-TTL
Thinkindot-CacheControl
Ssr
Fastly-SWR
CloudFront-Viewer-Country
Svr
Ha-Gx-Prefs
TDXMobile
Cluster
Fastly-SIE
HA-Ipaddr
Datacenter
Traceparent
Origin-EX
X-Tx-Id
N-Cache
L5d-Success-Class
Origin-CC
Origin
CDCHOST
IsBot
L
PFcat
CDN
NGX
Server-Hostname
Sever-Int
X-Xrds-Location
GEO-INFO
X-Scale
X-VServer
X-Optimistic-Header
X-Ad-Defer-Variation
Server-Ext
CPC-Cache
X-SplitTest
VNS-Age
Ohc-File-Size
VNS-Cache
DSUID
CPC-Age
XM
X-Owner
X-CS
X-VC
X-Refresh
Fastly-Backend-Name
X-WA-Info
X-WP-CF-Super-Cache-Cache-Control
X-Webstats-RespID
X-Parent-Response-Time
X-From
Pics-Label
X-WP-CF-Super-Cache
X-ZONE
X-AIR-PT
AMP-Access-Control-Allow-Source-Origin
X-Micro-Cache
X-Location
X-EC-Lua
X-Tb-Optimization-Total-Bytes-Saved
X-Contensis-Viewer-Groups
Env
Locid
X-NC
X-Edge-Pop
X-Cache-ASPX
X-Ah-Environment
Lb
Ms-Author-Via
X-Men
Path
X-LB-NoCache
X-Udemy-Cache-App-Namespace
X-Varnish-Authentication
Arc-Country
X-Response-By
X-Srv
Servername
X-Mvc-Supplant-OutputCached
X-Via-Popv
Ngx.Var.Host
X-Servedbyhost
X-Via-Popn
Cache-Host
X-Generated-In
X-Old-Content-Length
X-Amz-Meta-Cb-Modifiedtime
X-Via-Poph
X-TraceId
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-TIME
X-DB
Time
X-DSS
X-RSL
X-Varnish-Beresp-TTL
X-HA-Backend
Memory
X-DW
X-RPS
X-RPM
X-DI
XkeyRZ
Ohc-Cache-HIT
X-Proxy-CacheRZ
X-Akamai-Transformed
X-S-Maxage
X-Accel-Expires-Debug
GeoIp-Country-Code
X-Date
X-API-Version
ITXSESSIONID
X-RateLimit-Reset
Client
X-Clientip
X-GeoIP-Region-Code
True-Client-IP
X-GeoIP-Country-Code
X-Cache-Debug
X-VCL-Version
X-Vc
X-Api-Version
X-Zone
FSS-Cache
Geoip-Latitude
X-Cs
X-VHOST
Server-ID
X-DC
X-Trace-ID
Fusion-Component-Id
X-URL
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
X-TX-ID
X-Correlation-ID
CacheControlHeader
X-Presslabs-Stats
X-Dmc
X-FireWall-Port
X-Fpc
Hostname
X-Render-Time
X-MSEdge-Features
X-MSEdge-Flight
NtCoent-Length
X-TH-Server
True-Client-Country-4JS
X-Action
X-Backend-TTL
Powered-By
X-Webkit-Csp-Report-Only
X-Traceid
X-INCAP-ABP
X-DynaTrace-JS-Agent
X-B3-Spanid
X-Gateway-Request-Id
C-Via
X-PX
X-Gateway-Skip-Cache
Rip
X-Service
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-M-Reqid
Edge-Cache
X-Qnm-Cache
Geo-Info
Tcn
X-Pass-Why
Esi-Enabled
X-FPC
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
Tube-Return
Test
Click-Count-Error
X-M-Log
X-Req
Click-Count-Action-Start
HIT
X-NGINX-Cache
X-TRACE-ID
X-CSRF-TOKEN
On-Server
Server-Id
My-App
X-Vcl-Version
X-Cdn-Request-ID
X-Origin-Upstream-Status
X-HS-Status
Uri
X-Beluga-Cache-Status
X-Beluga-Status
X-Alfa-Service
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Node
User-Agent
X-Webkit-CSP-Report-Only
OT-Force-Account-Verify
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-Proxy-Cache-Hk
Cf-Int-Pingora-Origin-Digest
X-Up
X-Provided-By
RATING
Proxy-Connection
Resin-Trace
GeoIP-Country-Code
GeoIP-Latitude
X-Via-PopN
Srvid
X-APP
X-Via-PopV
X-LB-ID
X-Via-PopH
X-Ha-Backend
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
Cdn
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Ttl
Srv
X-Cdn-Forward
WebServer
X-ServedByHost
Sid
X-RAMCache
M-TraceId
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-LI-Proto
X-LI-UUID
X-Li-Fabric
MIME-Version
X-Li-Pop
Epwk-X-Cache
X-UnsetCookies
X-Geo
DataCenter
X-HostName
X-Time-Microsecs
X-Backend-Host
ENV
X-Lb-Nocache
X-Fetch-By
ServerName
WZWS-RAY
X-ND-Cache
X-Esi
X-LiteSpeed-Cache-Control
Warning
X-Serial
X-Fastly-Backend-Reqs
X-CUA
Server-Ttl
X-App
X-Edge-POP
X-B3-Traceid-Primal
X-Dw-Trace-Id
Cf-Device-Type
XServer
Dt-Hot-News
X-MG-S
Fastly-Drupal-HTML
X-CF-Powered-By
X-Thanos
PICS-Label
X-Nc
X-HITS
DT-Hot-News
X-ATG-Version
Tracecode
X-Yottaa-OS
X-Newrelic-App-Data
X-Request-Url
X-ElasticPress-Query
X-Azure-Ref-OriginShield
Section-Io-Origin-Time-Seconds
X-Platform-Cluster
CF-Cached-On
Target-Params
Section-Io-Id
Section-Io-Origin-Status
X-Platform-Processor
X-Bip
X-Akamai-Request-ID
X-Fragments
Section-Origin-Responded
X-Platform-Router
X-Fastly-Backend
X-IN-APIGATEWAYSSL
Vha6-Origin
Inserted-Into-Cache-At
X-Var-Ttl
X-Iplb-Request-Id
X-FC-Vary-Parameters
X-LiteSpeed-Tag
X-Vcache
X-Sucuri-ID
X-IN-APIGATEWAY
X-Sucuri-Cache
X-Cc-Via
Lfy
X-Request-Start
X-Iplb-Instance
D-Url-Rewrites
Cf-Ipcountry
True-Client-Ip
Cdn-Requestcountrycode
Cdn-Cache
Cdn-Edgestorageid
Cdn-Cachedat
Cdn-Requestid
Servedby
Cdn-Uid
Wp-Super-Cache
Cdn-Pullzone
X-MiniProfiler-Ids
X-Vercel-Cache
X-Vercel-Id
X-Varnish-Beresp-Status
X-Dist-Code
X-BBC-Origin-Response-Status
X-Release
X-Snapshot-Date
Cneonction
X-Cache-Expires
X-NU-AKA-ACS-Version
Ngx
CountryCode
Content-Script-Type
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Request-URL
X-Storefront-Renderer-Verified
Content-Style-Type
X-Back
X-Th-Server
X-Wp-Cf-Super-Cache-Cache-Control