Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
X-Akamai-Path-Stats
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-LiteSpeed-Cache
Allow
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
X-ASPNET-VERSION
Content-Location
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
Accept-Ch
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
RTSS
Edge-Control
X-Server-Name
X-Varnish-TTL
X-VARITI-CCR
X-ESI
Cache-Tag
X-Content-Type
X-B3-TraceId
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Amz-Rid
X-Exp-Variant
X-Dw-Request-Base-Id
Public-Key-Pins
X-Px
X-Cnection
X-Ac
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
Verso
X-Edge
X-FastCGI-Cache
X-Abt-Application-Version
X-Navigation-Version
X-Client-IP
X-Powered-By-Plesk
X-Ser
Display
X-Middleton-Display
X-Sol
Pagespeed
X-Cache-TTL
X-Version
X-Litespeed-Cache
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
X-Correlation-Id
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
SPRequestDuration
SPIisLatency
X-Kinsta-Cache
X-Edge-Location-Klb
X-TTL
AR-SID
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
X-Ttl
X-Webkit-Csp
X-Cached
X-Upstream
SPRequestGuid
X-SharePointHealthScore
X-LLID
X-Content-Security-Policy-Report-Only
X-Kraken-Loop-Name
X-NWS-LOG-UUID
X-Powered-CMS
X-Server-Lifecycle-Phase
X-RateLimit-Limit
X-Instrumentation
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-Forwarded-For
Nginx-Cache
X-Cache-Key
Content-MD5
X-MSEdge-Ref
TCN
X-Id
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
X-B3-TraceId-Primal
X-Daa-Tunnel
X-T
S
X-Recruiting
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Content-Digest
MS-Author-Via
X-Ua-Device
X-Mg-S
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Protected-By
X-SRCache-Store-Status
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-ECACHE
X-Frontend
X-Grace
X-DataDome
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
X-Content
X-Ab
X-Yandex-Sdch-Disable
Front-End-Https
X-Request-Received
Server-Node
Filters
X-Request-Processing-Time
X-Server-ID
TP-L2-Cache
TP-Cache
X-PressLabs-Stats
X-Origin-Server
Fastcgi-Cache
X-Mid
X-DynaTrace
X-Hits
X-Distributor
X-Geo-Country
X-Request-Handler-Origin-Region
X-Microsite
X-Amzn-Trace-Id
X-Debug-Info
X-ORACLE-DMS-ECID
Charset
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Page-Id
Cleartype
X-F-Cache
X-Git-Hash
Host
Cross-Origin-Opener-Policy
X-LB-Cache
X-DIS-Request-ID
X-B3-Sampled
X-ORACLE-DMS-RID
X-Ratelimit-Reset
Pinterest-Version
X-Pinterest-Rid
X-Forwarded-Proto
Pinterest-Generated-By
X-Cache-Age
X-Www-Served-By
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
ServerID
X-Seen-By
Cache-Status
X-Az
X-Activity-Id
X-AppVersion
Realpath
Cache-Tags
X-MCACHE
X-Aspnetmvc-Version
Accept-Charset
X-Cluster-Name
X-Oracle-Dms-Ecid
X-Varnish-Age
X-Oracle-Dms-Rid
Filterid
X-Rid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Nginx-Upstream-Cache-Status
X-Language
X-Content-Options
X-Type
X-App-Environment
Server-Name
X-Tb
X-Origin-Cache
Node
X-Upgrade-Enabled
X-User-Agent
X-Whom
Viewport
Retry-After
X-Varnish-Grace
Country
X-Signature
X-Is-Crawler
X-FB-Debug
X-Flags
X-Route-Name
X-Mobile-URL
X-Providence-Cookie
X-Wix-Request-Id
X-B-Cache
X-Drupal-Cache-Tags
X-Request-Guid
X-Aspnet-Duration-Ms
X-TT
X-Varnish-Backend
X-Goog-Stored-Content-Length
Paypal-Debug-Id
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-VCache
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
DC
X-NWS-UUID-VERIFY
X-XRDS-LOCATION
Fastcgi-Useragent
Protected
X-B
X-N
X-Via-JSL
X-Fastly-Request-Id
X-Debug
WPO-Cache-Message
X-Fastly-Request-ID
WPO-Cache-Status
X-Cache-NGX
X-Amz-Replication-Status
X-Logged-In
Payment
X-Contextid
X-Load-Cache
X-Mcache
X-Amz-Meta-S3cmd-Attrs
Surrogate-Key
X-XRDS-Location
Permissions-Policy
Count-Hit
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-FW-Static
X-Template
X-Node-Name
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Healthy
X-Fastcgi-Cache
X-Original-Request-Id
SD-X-WS
X-Response-Served-From
X-G
Content-Disposition
Akamai-GRN
X-Jobs
X-Cache-Time
X-Mobile
X-Is-Bot
X-Rendered-As
X-Trace-Id
X-Zen-Fury
X-Cacheable-TTL
X-Revision
X-Akamai-Request-ID2
X-Framework
X-Cache-TTL-Remaining
X-Http-Reason
X-UUID
X-Adobe-Content
X-Page-View
Uber-Trace-Id
Refresh
X-Real-IP
X-Proxy
X-Proxy-Cache-Status
X-Adobe-Loc
NGB
Access-Control-Request-Headers
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Alternate-Protocol
X-Instance
Url
X-Device-Type
X-Drupal-Cache-Contexts
X-Servername
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Debug-IsConnected
X-Hostname
X-Debug-IsPreview
X-Cache-Grace
X-IPLB-Instance
X-ECache
X-B3-Traceid
Version
X-Restarts
X-NGENIX-Cache
X-Mg-Request-UUID
X-Source
X-Varnish-Server
X-Environment-Context
X-L-Path
From-Origin
Accept-Language
X-Oneagent-Js-Injection
X-Cache-Rule
X-EdgeConnect-Cache-Status
X-Cache-Hit
X-Vgn-Hpd-Reason
Countrycode
X-HTML-Minification-Powered-By
X-Cache-Expired-At
X-Datadome
Ms-Operation-Id
X-RTag
MS-CV
X-Parallel-Accel
Frame-Options
Referer-Policy
X-App-Server
Liferay-Portal
X-NYM-Debug-Backend
Cross-Origin-Window-Policy
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FW-Version
X-IPS-LoggedIn
X-COUNTRY
Backend
X-Nginx-Cache
X-Midtier
Content-Secure-Policy
WP-Super-Cache
X-RN-RSRV
Cache-Tv-Group
X-Hosted-By
Upgrade-Insecure-Requests
X-Cache-Action
Section-Io-Cache
Meta-Geo
X-UPSTREAM-Address
X-PCL
X-Redis-Cache
X-Cache-Server
CF-IPCountry
X-Generation-Time
X-APP-VERSION
X-FB-TRIP-ID
X-Detected-As
X-Content-Age
X-OCL
X-Ua
X-UA-Device-Type
X-Cache-Enabled
X-Region
X-Web-Node
X-Section
Webcakes-App-Name
X-Sql-Duration-Ms
X-Storage
Apigw-Requestid
X-SayCDN-TTL
Property-Id
Webcakes-App-Version
X-Unique-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-AOL-HN
X-Be
TWC-Locale-Group
TWC-Privacy
X-Urbn-Context-Path
X-Sql-Count
X-Server-W
X-Cluster-Node
Azure-InstanceId
Ec-Rule-Version
X-No-Session
Mn-Server-Ip
X-Access
Fastly-SSL
X-Uri
X-Origin-Hint
Locale
X-Origin-Date
X-Varnish-Cache-Hits
X-Nginx-Cache-Key
X-Human
Azure-SiteName
Azure-RegionName
X-Akamai-Edgescape
Webcakes-Region
X-Format
Azure-SlotName
X-Urbn-Site-Id
Azure-Version
X-Request-Time
X-Say-Cacheable
X-Say-TTL
TWC-Connection-Speed
X-ProcessESI
X-RemovedCookies
X-Mode
X-Debug-Cache
X-Cache-Host
X-Sorting-Hat-ShopId
X-Cache-Tags
X-Shopify-Stage
X-ShardId
Eomportal-Instance
X-BYPASS-REASON
X-Sorting-Hat-PodId
CDN-Cache
CDN-RequestId
CDN-Uid
S-Rt
CDN-RequestCountryCode
CDN-PullZone
X-Forwarded-Host
CDN-CachedAt
CDN-EdgeStorageId
X-Adobe-Source
X-ShopId
X-ProxyCache-Status
X-ProxyCache-Key
X-Generated-By
X-Status
X-Site-Version
X-Ratelimit-Remaining
X-Xfnlog-Site
X-PHP-Backend
X-Platform-Server
X-Alternate-Cache-Key
X-Labrador-Cache-Channel
X-PHP-Host
X-Zipkin-Id
X-Webkit-CSP
X-Tid
X-ServerID
X-Routing-Service
X-Content-Powered-By
X-Extlb
X-PERF
X-Handled-By
X-NewRelic-App-Data
X-Proxied
X-ApacheServer
X-Backend-Name
X-Cache-Type
X-SaId
X-JoinUs
X-Hl-Ver
X-Via-Fastly
X-Locale
X-Varnishpool
X-VWS-Id
X-TT-LOGID
X-LJ-Flow-ID
X-Timing-Wait
Selected-Fe
X-Proxy-Build
X-AWS-Id
X-GG-Cache-Date
X-Hyper-Cache
Webserver
ServedBy
X-Edge-Location
X-VC-Cache
X-Cms-Context
X-Rule
X-Cache-Operation
X-Storefront-Renderer-Rendered
Fastly-Drupal-Html
Mime-Version
X-Proto
X-LSADC-Cache
X-Dc
Load-Balancing
Web-Mar-Node
X-Cached-By
SRV
X-Rewrite-Enabled
X-Accel-Buffering
X-GeoCode
X-GeoCountry
X-CDN-Forward
SID
X-App-Version
X-Soup
X-GEO
Onion-Location
X-Cache-Remote
X-TA-CDN-Provider
Xserver
X-Cdn
X-Varnish-Hostname
X-Pubstack
Cache-Hits
X-Reqid
Country-Code
X-Origin-CC
X-Origin-TTL
X-Request-Host
X-SRV
X-Buckets
X-Cluster
X-Ratelimit-Limit
Decoy-Debug-TTL
Decoy-Debug-Key
X-Varnish-Hits
Decoy-Debug-Status
Server-Info
X-MP-GENERATED-AT
X-Envoy-Decorator-Operation
X-Microcachable
X-CSRF-Token
Xet-Cookie
X-Tumblr-Pixel-2
X-Ms-Request-Id
X-Ms-Version
X-Tumblr-Pixel-3
X-Magnolia-Registration
LB
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Amzn-RequestId
DB-Nickname
Cache
X-Time
X-Amz-Apigw-Id
X-B3-SpanId
X-RCS-CacheZone
MD5-Digest
Meta-Geo-Continent
NM-Fastcgi-Cache
X-Vtex-Processado-Em
Rendered-Blocks
Sslversion
Xc-Version
Odigeo-Trace-Id
X-Vtex-Remote-Cache
Expiry
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
DCR-Decision-By
Cdncip
Cdnsip
Source
A
Surrogated-Key
BehaviorPad-Version
Lang
Cmstype
Cmsid
X-B-Cookie
X-SD-PageType
X-Session-Fingerprint
X-Esi-Check
X-External-Request-Id
X-Fetched-On
X-ScT
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Developer
X-SRCache-Key
X-Device-Os
X-Shop-Environment
X-Ec-Fail
X-S-Cookie
X-S
X-Processor
X-NAPM-TraceId
X-Node-Id
X-Orig-Expires
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Ftr-Request-Id
X-Forwarded-Path
X-Gzip
X-Rojux
X-Hash
X-Destination
X-D
X-Vdms-Path
X-Vdms-Version
X-Aed
X-AK-Request-ID
X-User
X-Application
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-VG-WebCache
X-ARC
X-Cache-Bucket
X-CF-Lambda-Fn
X-SVT-ORM-RULES
X-CF-Lambda-Version
X-Conf
X-Core-Mission
X-Connection-Hash
X-SVT-ORM-VERSION
X-Cdn-Srv
X-Cache-NE
X-Cache-Id
X-TrackingId
X-TIM-N
X-Tenant
T-Server
Mobile-Detection-Method
X-Tx-Id
X-IPLB-Request-ID
X-Bc-Bl
DynaTrace
X-NCache
X-Endurance-Cache-Level
X-Varnish-Beresp-Grace
X-Varnish-Ttl
X-Clara-WADP
X-CacheTTL
X-Cache-Info
X-R9-Blue-Green-Version
X-Ckpd-Fst-Backend
X-DefHash
X-Fastly-Cache
X-Fmm-Version
X-From
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Cache-Date
X-Dispatcher-Number
X-DefElseHash
X-Amzn-Remapped-Content-Length
Producers
Release
State
Pramga
Platform
Origin-CC
Origin-EX
Traceparent
User-Cache-Control
Wxu-Next-Region
X-Gdpr
X-Block-Status
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
Web-Mar-Region
X-Cache-Backend
X-GeoIP
X-TNCMS
X-V-Cache
X-Variation
X-Slack-Backend
X-Sigma-Backend
X-Rocket-Build-Number
X-Server-IP
X-Sigma
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Webstats-RespID
X-Wix-Viewer-Type
X-Worker
X-WADP-Cache
X-VServer
X-Varnish-Remaining-TTL
X-Via-Ucdn
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Is-Gdpr
X-JWT-State
X-LAGOON
X-Irp-Debug
X-Hnp-Log
X-Geo-Header
X-Has-Esi
X-Loop
X-Mvc-Supplant-Cachable
X-Origin-Response-Time
X-Origin-Time
X-Planisys-CDN-Cache
X-Origin-Expires
X-Origin
X-NodeID
X-Nyt-Route
X-Gen-Mode
X-Developers
Adler-Geo
Mail-Subject
Environment
Host-ID
Is-Eu
Fastly-GeoIP-CountryCode
Machine
X-Azure-Ref
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Sn-Servicetimems
X-Csrf-Jwt
X-Skip-Cache
DSUID
X-SB
X-Scheme
X-Served-From
X-SIPLIST1
X-ZONE
X-Thinkindot-L3
X-CGP
X-Cdn-Origin
Fastly-SWR
Fastcgi-Cache-TTL
CDN
X-Branch-Name
X-VG-TLSProxy
X-Auto-Login
X-BBC-Edge-Cache-Status
X-Eu-Site
Fastly-SIE
X-Forwarded-Site
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Minions-Version
HostName
X-Qloud-Router
X-Proxy-Upstream
X-Pod-Name
X-Platform
X-Policy
X-Pool
X-Proxy-Cache-Info
AKAMAI
X-Location
X-GeoIP-City
Memcached
CDCHOST
Ohc-File-Size
CloudFront-Viewer-Country
X-Aicache-OS
X-Httpd
Apple-News-Services-Request-Url
X-Request-URI
X-Loc
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cache-Name
X-Core-Value
Thinkindot-Control
Sever-Int
Gh-Request-Id
Thinkindot-CacheControl-Type
Ssr
Server-Ext
Server-Host
Ha-Gx-Prefs
HA-Ipaddr
Kp-EeAlive
NGX
L
IsBot
Vix-Hermes-Req-Id
V-Age
Req-Svc-Chain
Server-Hostname
N-Cache
Origin
X-Via-NSCOPI
X-Viewer-Country
TDXMobile
Thinkindot-CacheControl
Redirect-Candidate
L5d-Success-Class
X-Newrelic-Synthetics
PFcat
Cluster
X-Region-Sid
X-Gamma-Serve
X-WP-CF-Super-Cache
X-Optimistic-Header
X-Scale
X-Generated-On
X-Rocket-Nginx-Serving-Static
X-Owner
X-Level-Front-Cache
X-HN
Svr
X-VarnishDD-TTL
X-WP-CF-Super-Cache-Cache-Control
X-Wikidot-Static-Cache
Locid
Pics-Label
X-NC
X-Wikidot-Backend
X-Men
X-Refresh
Candidate-Md5Url
Cache-Key
Arc-Country
Datacenter
X-CS
X-Ad-Defer-Variation
X-Tb-Optimization-Total-Bytes-Saved
X-Parent-Response-Time
X-BCube-Filmed-By
X-CACHE-KEY
X-VC
XM
X-SplitTest
CPC-Cache
X-EC-Lua
Env
X-Response-By
X-Contensis-Viewer-Groups
X-Ah-Environment
X-Old-Content-Length
VNS-Age
CPC-Age
VNS-Cache
X-Cache-ASPX
X-Tt-Logid
GEO-INFO
X-TraceId
Ms-Author-Via
X-Tec-Api-Root
X-Tec-Api-Origin
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Version
X-DSS
X-LB-NoCache
X-DW
X-WA-Info
X-DI
X-RPM
Fastly-Backend-Name
X-RSL
X-DB
X-Srv
X-Varnish-Authentication
X-RPS
Servername
X-RateLimit-Reset
X-Udemy-Cache-App-Namespace
Memory
X-Date
X-Amz-Meta-Cb-Modifiedtime
X-Webkit-Csp-Report-Only
X-Micro-Cache
X-Accel-Expires-Debug
X-Cache-Status-Check
X-Mvc-Supplant-OutputCached
X-Edge-Pop
Time
Lb
X-TIME
X-Xrds-Location
X-Akamai-Transformed
X-Via-Popn
X-Via-Poph
Path
X-AIR-PT
X-Generated-In
X-GeoIP-Region-Code
X-Via-Popv
X-GeoIP-Country-Code
X-Servedbyhost
Ohc-Cache-HIT
X-Trace-ID
X-Cache-Debug
ITXSESSIONID
X-API-Version
X-HA-Backend
GeoIp-Country-Code
Client
FSS-Cache
X-DC
Cache-Host
Ngx.Var.Host
X-S-Maxage
X-VCL-Version
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
CacheControlHeader
Geoip-Latitude
X-Varnish-Beresp-TTL
X-Vc
True-Client-IP
X-VHOST
X-Cs
X-Proxy-CacheRZ
XkeyRZ
True-Client-Country-4JS
Geo-Info
X-Api-Version
X-Action
X-Clientip
X-TH-Server
Server-ID
Hostname
X-Backend-TTL
X-Presslabs-Stats
X-Fpc
X-Zone
X-FireWall-Port
Edge-Cache
X-Req
Powered-By
X-TX-ID
My-App
X-Dmc
X-Traceid
NtCoent-Length
X-PX
X-Pass-Why
X-B3-Spanid
X-FPC
X-INCAP-ABP
X-MSEdge-Features
Test
X-Provided-By
X-MSEdge-Flight
X-Render-Time
X-Origin-Upstream-Status
X-NGINX-Cache
C-Via
X-Up
X-Cdn-Request-ID
X-CSRF-TOKEN
X-Correlation-ID
X-Varnish-Beresp-Ttl
Cf-Int-Pingora-Origin-Digest
X-Gateway-Request-Id
X-Beluga-Status
X-Gateway-Skip-Cache
X-Beluga-Trace
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Node
X-Beluga-Cache-Status
X-Gateway-Cache-Key
X-LB-ID
Tube-Got-Eval
User-Agent
Tube-Get-Contents
Rip
Click-Count-Action-Start
Server-Id
X-Webkit-CSP-Report-Only
X-HS-Status
Tube-Got-Results
X-Gateway-Cache-Status
Click-Count-Error
Tube-Return
X-M-Reqid
X-Qnm-Cache
OT-Force-Account-Verify
X-Service
Proxy-Connection
X-M-Log
Esi-Enabled
X-Vcl-Version
Tcn
DataCenter
X-UnsetCookies
X-DynaTrace-JS-Agent
X-Ha-Backend
X-LI-UUID
X-Via-PopN
GeoIP-Country-Code
X-Li-Pop
GeoIP-Latitude
X-URL
HIT
Srvid
Resin-Trace
X-Via-PopV
Uri
X-Alfa-Service
X-Via-PopH
X-Li-Fabric
On-Server
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
WZWS-RAY
Sid
X-ServedByHost
X-ND-Cache
X-RAMCache
X-Time-Microsecs
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-CCDN-Origin-Time
X-LI-Proto
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Geo
X-APP
Epwk-X-Cache
X-CUA
X-Fetch-By
Srv
X-Proxy-Cache-Hk
Cdn
X-Cdn-Forward
X-TRACE-ID
X-Edge-POP
Cf-Device-Type
Tracecode
X-ATG-Version
X-Backend-Host
Target-Params
X-Fragments
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
MIME-Version
X-Fastly-Backend-Reqs
X-Edge-Origin-Shield-Bytes
X-Esi
X-Var-Ttl
ENV
Fastly-Drupal-HTML
X-Sucuri-ID
XServer
Lfy
X-FC-Vary-Parameters
ServerName
WebServer
X-B3-Traceid-Primal
X-App
X-Sucuri-Cache
X-Fastly-Backend
X-Lb-Nocache
X-Srcache-Fetch-Status
X-HostName
X-Edge-Origin-Shield-Region
X-Srcache-Store-Status
X-MG-S
X-Newrelic-App-Data
X-ElasticPress-Query
Warning
CF-Cached-On
X-Cache-Expires
M-TraceId
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
Server-Ttl
X-Yottaa-OS
X-Azure-Ref-OriginShield
Inserted-Into-Cache-At
X-Varnish-Beresp-Status
PICS-Label
Section-Io-Origin-Time-Seconds
X-Request-Url
X-Vcache
Magicmarker
X-Serial
X-Dw-Trace-Id
X-Nc
Cf-Ipcountry
X-NU-AKA-ACS-Version
D-Url-Rewrites
X-Backend-State
X-CF-Powered-By
X-Iplb-Request-Id
X-Iplb-Instance
X-LiteSpeed-Cache-Control
X-Li-Proto
Servedby
DT-Hot-News
X-Dynatrace-Js-Agent
True-Client-Ip
Dt-Hot-News
X-Vercel-Id
X-Vercel-Cache
Hit
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
Fastcgi-Cache-Ttl
X-Acquia-Application-UUID
Cneonction
Ngx
X-Snapshot-Date
X-Litespeed-Cache-Control
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Dist-Code
X-BBC-Origin-Response-Status
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
Content-Style-Type
Content-Script-Type
X-Release
CountryCode
X-Request-URL