Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Accept-Ranges
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
P3p
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Rq
Grace
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
X-LiteSpeed-Cache
X-Dispatcher
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
Allow
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
Surrogate-Control
Accept-CH
Request-Id
X-Backend-Server
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
Xkey
X-Application-Context
Accept-CH-Lifetime
Content-Location
Cf-Edge-Cache
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Url
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Vname
X-MS-InvokeApp
X-PC
X-TtlSet
X-Rack-Cache
X-Ruxit-JS-Agent
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-VARITI-CCR
X-Content-Type
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Amz-Rid
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Use-Magma
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cnection
X-Amz-Server-Side-Encryption
X-Ac
X-Px
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-FastCGI-Cache
X-Middleton-Display
Display
Service-Worker-Allowed
X-Sol
Pagespeed
X-Ser
X-Edge
X-Version
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-Country-Code
X-Ruxit-Js-Agent
X-Litespeed-Cache
Response
X-Middleton-Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
X-Correlation-Id
X-Ttl
X-Kinsta-Cache
AR-SID
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Upstream
X-Edge-Location-Klb
SPIisLatency
SPRequestDuration
X-Webkit-Csp
X-TTL
X-NWS-LOG-UUID
X-LLID
X-Cached
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
Edge-Cache-Tag
Nginx-Cache
X-RateLimit-Limit
TCN
SPRequestGuid
X-SharePointHealthScore
X-Cache-Key
X-Forwarded-For
Mrf-Cache-Status
MRF-Tech
X-MSEdge-Ref
Content-MD5
MS-Author-Via
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Recruiting
S
X-Mg-S
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Digest
X-Protected-By
X-Ua-Device
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Frontend
X-Ezoic-Cdn
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
MicrosoftSharePointTeamServices
X-Ua-Browser
Server-Node
X-Content
X-HS-Combine-CSS
X-Ab
X-DataDome
X-Accel-Expires
Front-End-Https
X-Request-Received
X-Request-Processing-Time
X-Grace
Filters
X-Yandex-Sdch-Disable
X-ECACHE
Fastcgi-Cache
X-Server-ID
X-Mid
X-ORACLE-DMS-ECID
X-Hits
X-ORACLE-DMS-RID
X-Origin-Server
TP-Cache
X-PressLabs-Stats
X-Geo-Country
X-Distributor
TP-L2-Cache
X-Ratelimit-Reset
X-Debug-Info
X-DynaTrace
X-Pinterest-Rid
X-Amzn-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Pinterest-Version
Pinterest-Generated-By
Charset
Cleartype
Host
X-DIS-Request-ID
X-F-Cache
X-Git-Hash
X-B3-Sampled
X-Page-Id
Cross-Origin-Opener-Policy
X-Www-Served-By
X-LB-Cache
X-Request-Handler-Origin-Region
X-Microsite
Access-Control-Allow-Method
X-Cache-Age
X-Forwarded-Proto
ServerID
Cache-Tags
X-Seen-By
X-Activity-Id
X-AppVersion
X-Az
X-Language
X-Cluster-Name
X-WebKit-CSP-Report-Only
X-Kong-Upstream-Latency
Accept-Charset
Realpath
Cache-Status
X-Kong-Proxy-Latency
X-Varnish-Age
X-MCACHE
X-Aspnetmvc-Version
Server-Name
Filterid
X-Rid
X-Oracle-Dms-Ecid
X-Content-Options
X-Type
X-Oracle-Dms-Rid
X-App-Environment
X-Upgrade-Enabled
X-Nginx-Upstream-Cache-Status
Viewport
X-Varnish-Grace
X-Origin-Cache
X-Mobile-URL
Country
X-Tb
Node
Paypal-Debug-Id
X-B-Cache
X-Whom
X-Wix-Request-Id
X-FB-Debug
X-Aspnet-Duration-Ms
X-XRDS-LOCATION
X-Drupal-Cache-Tags
X-Flags
X-Signature
X-Is-Crawler
X-Request-Guid
X-Providence-Cookie
X-User-Agent
X-Route-Name
DC
X-NWS-UUID-VERIFY
Retry-After
X-TT
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
Protected
X-Goog-Generation
X-VCache
X-Goog-Stored-Content-Encoding
X-Via-JSL
Fastcgi-Useragent
X-Varnish-Backend
X-Fastly-Request-ID
X-Oneagent-Js-Injection
X-Cache-NGX
X-B
X-Amz-Replication-Status
Payment
X-Contextid
X-Debug
X-N
X-Fastly-Request-Id
X-Fastcgi-Cache
X-Logged-In
X-Template
WPO-Cache-Message
X-Load-Cache
WPO-Cache-Status
X-XRDS-Location
X-FW-Server
X-FW-Type
Surrogate-Key
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Count-Hit
X-Mcache
X-Hostname
X-Node-Name
X-Amz-Meta-S3cmd-Attrs
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
Healthy
Akamai-GRN
X-Proxy
Refresh
X-Is-Bot
X-Jobs
Content-Disposition
VIX-Pulpo-Node
Uber-Trace-Id
X-Rendered-As
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-G
X-Revision
X-UUID
X-Zen-Fury
X-Cache-TTL-Remaining
X-Mobile
Alternate-Protocol
X-Page-View
X-Cacheable-TTL
X-Trace-Id
X-Akamai-Request-ID2
X-Real-IP
X-Yottaa-Optimizations
X-Debug-IsConnected
X-Http-Reason
X-Adobe-Content
NGB
X-Adobe-Loc
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Yottaa-Metrics
X-Framework
X-Proxy-Cache-Status
Access-Control-Request-Headers
X-Instance
X-Device-Type
Permissions-Policy
X-IPLB-Instance
X-Parallel-Accel
Url
X-Cache-Rule
X-Source
From-Origin
X-Servername
X-Cache-Grace
Version
X-Vgn-Hpd-Reason
X-ECache
X-Varnish-Server
X-B3-Traceid
Accept-Language
X-L-Path
X-Mg-Request-UUID
X-Cache-Hit
X-Cache-Expired-At
X-Environment-Context
X-EdgeConnect-Cache-Status
X-Restarts
X-NGENIX-Cache
Referer-Policy
MS-CV
X-RTag
Ms-Operation-Id
X-Ratelimit-Remaining
X-App-Server
X-FW-Version
Cross-Origin-Window-Policy
Countrycode
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Liferay-Portal
X-Tumblr-User
X-HTML-Minification-Powered-By
X-Datadome
X-IPS-LoggedIn
X-Cache-Action
Frame-Options
X-NYM-Debug-Backend
Backend
X-Nginx-Cache
X-RemovedCookies
X-APP-VERSION
X-ProcessESI
X-COUNTRY
CF-IPCountry
Content-Secure-Policy
WP-Super-Cache
X-PCL
X-Cache-Server
Upgrade-Insecure-Requests
X-RN-RSRV
X-OCL
X-Redis-Cache
Section-Io-Cache
X-Hyper-Cache
Meta-Geo
X-UPSTREAM-Address
X-Content-Age
X-Cluster-Node
X-Format
X-Detected-As
Apigw-Requestid
X-FB-TRIP-ID
Ec-Rule-Version
X-Cache-Enabled
X-No-Session
X-Generation-Time
X-Section
X-Ua
Cache-Tv-Group
X-Access
X-Storage
X-Sql-Duration-Ms
Azure-RegionName
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-Region
X-Say-TTL
X-Be
X-Request-Time
X-ApacheServer
X-AOL-HN
X-Say-Cacheable
X-Akamai-Edgescape
TWC-Device-Class
TWC-Connection-Speed
X-Generated-By
Azure-SiteName
Azure-InstanceId
Webserver
X-Human
X-Site-Version
Azure-SlotName
Azure-Version
X-Hosted-By
S-Rt
Property-Id
X-SayCDN-TTL
X-Server-W
Mn-Server-Ip
X-Sql-Count
X-Via-Fastly
X-Varnish-Cache-Hits
X-Uri
X-PERF
Fastly-SSL
X-Web-Node
X-UA-Device-Type
X-Region
X-Origin-Hint
X-Origin-Date
X-Mode
X-PHP-Backend
CDN-EdgeStorageId
CDN-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
CDN-RequestId
CDN-PullZone
CDN-RequestCountryCode
CDN-CachedAt
X-Cache-Tags
X-Nginx-Cache-Key
X-ProxyCache-Status
X-BYPASS-REASON
X-Cache-Host
X-ProxyCache-Key
X-Debug-Cache
Locale
X-Platform-Server
Eomportal-Instance
CDN-Uid
X-Status
X-Xfnlog-Site
X-Unique-Id
X-Content-Powered-By
X-Forwarded-Host
X-Tid
X-Cache-Type
X-Varnishpool
X-Proxied
X-SaId
X-Routing-Service
X-Alternate-Cache-Key
X-JoinUs
X-Extlb
X-TT-LOGID
X-Adobe-Source
X-ServerID
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-ShopId
X-Zipkin-Id
X-Handled-By
X-Hl-Ver
X-Backend-Name
X-Rule
X-Timing-Wait
ServedBy
X-Proxy-Build
Selected-Fe
X-Webkit-CSP
X-GG-Cache-Date
X-Labrador-Cache-Channel
X-Locale
X-PHP-Host
X-Cache-Operation
X-Accel-Buffering
X-NewRelic-App-Data
X-Cache-Remote
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-VC-Cache
X-LSADC-Cache
SID
X-Rewrite-Enabled
X-Ratelimit-Limit
Xserver
X-Dc
X-Cached-By
X-TA-CDN-Provider
X-Soup
X-Pubstack
Mime-Version
Fastly-Drupal-Html
X-Midtier
X-Proto
X-Edge-Location
X-CDN-Forward
X-Buckets
X-Storefront-Renderer-Rendered
Web-Mar-Node
SRV
X-GEO
X-Cms-Context
Country-Code
Onion-Location
X-Reqid
X-Request-Host
LB
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Microcachable
X-Varnish-Hostname
X-App-Version
X-GeoCountry
Cache-Hits
X-GeoCode
X-Origin-CC
X-Origin-TTL
Load-Balancing
Server-Info
Xet-Cookie
X-Ms-Version
X-Cluster
X-Ms-Request-Id
X-Tumblr-Pixel-3
X-Varnish-Hits
X-SRV
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-NCache
X-Air-Hostname
X-Air-Trace-Id
DynaTrace
X-B3-SpanId
X-Magnolia-Registration
X-Bc-Bl
X-Air-Source
X-CSRF-Token
X-Envoy-Decorator-Operation
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Endurance-Cache-Level
X-Varnish-Beresp-Grace
Cache-Name
X-Origin-Response-Time
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-A-Dcw
X-A-Dam
X-Ig-Push-State
Cdnsip
X-LAGOON
X-HS-Content-Campaign-Id
DB-Nickname
X-Orig-Expires
DCR-Processing-Time-Ms
X-A
X-PAYTM-SRV-ID
DCR-Decision-By
X-NodeID
Cmsid
Cmstype
X-NAPM-TraceId
X-A-Ccd
X-Geo-Header
X-Epic-Correlation-Id
X-Esi-Check
X-External-Request-Id
X-AK-Request-ID
X-Ec-GeoHdr
X-Ec-Fail
X-ARC
X-Application
A
X-Aed
X-A-Wwc
X-PBS-Appsvrname
X-Gzip
X-A-Dgt
X-Hash
Mobile-Detection-Method
BehaviorPad-Version
X-Forwarded-Path
X-From
X-Ftr-Request-Id
Cdncip
X-Rojux
Rendered-Blocks
X-Cdn-Srv
X-Vdms-Path
X-Vdms-Version
X-CF-Lambda-Fn
Lang
Host-ID
X-CF-Lambda-Version
X-User
Sslversion
Pramga
X-VG-WebCache
X-Webstats-RespID
NM-Fastcgi-Cache
Meta-Geo-Continent
Xc-Version
X-Azure-Ref
Odigeo-Trace-Id
X-Cache-NE
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-TIM-N
X-Tenant
X-S
X-S-Cookie
Fastcgi-X-Cache-Version
X-Cache-Bucket
X-B-Cookie
X-Destination
X-D
Expiry
X-Processor
X-ScT
X-SD-PageType
X-Cache-Id
T-Server
X-SRCache-Key
Surrogated-Key
X-Conf
X-Shop-Environment
X-Connection-Hash
X-Session-Fingerprint
X-Developer
X-Tx-Id
X-Cache-Backend
X-Block-Status
Wxu-Next-Region
State
Svr
Server-Host
Producers
Platform
User-Cache-Control
V-Age
Wxu-Next-Commit
Wxu-Next-Hostname
Web-Mar-Region
We-Hiring
Vix-Hermes-Req-Id
X-Amzn-Remapped-Content-Length
X-Gen-Mode
X-Sigma
X-Server-IP
X-Sigma-Backend
X-Slack-Backend
X-SVT-ORM-RULES
X-Scheme
X-SB
X-Planisys-CDN-Cache
X-Origin-Time
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Rocket-Build-Number
X-SVT-ORM-VERSION
X-TNCMS
X-Viewer-Country
X-VG-TLSProxy
X-WADP-Cache
X-Wix-Viewer-Type
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-TrackingId
X-V-Cache
X-Variation
X-Varnish-CookieHashed-On
X-Origin-Expires
X-Origin
X-Device-Os
X-Developers
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Fastly-Cache
X-DefHash
X-DefElseHash
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Core-Mission
X-Core-Value
X-Fetched-On
X-Fmm-Version
X-Loop
X-Location
X-Mvc-Supplant-Cachable
X-Node-Id
X-Nyt-Route
X-JWT-State
X-Is-Gdpr
X-Gdpr
X-Has-Esi
X-Hnp-Log
X-Irp-Debug
X-Cache-Info
X-GeoIP
Cache
Apple-News-Services-Request-Url
AKAMAI
Source
Apple-News-Services-Parsed-Url
Is-Eu
Apple-News-Services-Handled
Apple-News-Services-Host
Adler-Geo
Machine
CDN
Memcached
Environment
Fastly-GeoIP-CountryCode
X-Time
Mail-Subject
X-Via-NSCOPI
X-ZONE
X-Varnish-Ttl
X-Region-Sid
CloudFront-Viewer-Country
Cluster
X-Aicache-OS
X-Rebelmouse-Surrogate-Control
Arc-Country
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-BBC-Edge-Cache-Status
X-Cdn-Origin
X-VServer
X-Datadog-Parent-Id
X-Served-From
X-Thinkindot-L3
X-Skip-Cache
X-Sn-Servicetimems
X-Cache-Date
X-Datadog-Sampling-Priority
X-Rocket-Nginx-Serving-Static
X-Auto-Login
X-Proxy-Upstream
X-Httpd
X-Datadog-Trace-Id
X-Branch-Name
X-Response-By
Fastcgi-Cache-TTL
Req-Svc-Chain
Locid
Release
X-Gamma-Serve
X-Men
MD5-Digest
X-Forwarded-Site
X-Minions-Version
Redirect-Candidate
X-Generated-On
X-Level-Front-Cache
X-GeoIP-City
N-Cache
X-Loc
Origin
Origin-EX
Origin-CC
X-Proxy-Cache-Info
Kp-EeAlive
X-RateLimit-Remaining-Second
Traceparent
X-Request-URI
X-RateLimit-Limit-Second
Fastly-SWR
X-Pool
Fastly-SIE
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-Pod-Name
Ssr
X-Parent-Response-Time
X-Old-Content-Length
X-Optimistic-Header
X-Platform
X-Policy
CDCHOST
DSUID
X-Eu-Site
X-Csrf-Jwt
PFcat
L5d-Success-Class
X-HN
X-VarnishDD-TTL
X-Dispatcher-Number
NGX
X-CacheTTL
Gh-Request-Id
L
HA-Ipaddr
X-CGP
HostName
Ha-Gx-Prefs
X-Tec-Api-Root
X-CS
X-Tec-Api-Origin
X-Tec-Api-Version
AMP-Access-Control-Allow-Source-Origin
X-SIPLIST1
X-Via-Ucdn
X-TraceId
Server-Ext
X-NC
X-EC-Lua
X-Owner
Sever-Int
Server-Hostname
IsBot
X-Scale
X-RPS
X-DW
X-DSS
X-DI
X-WP-CF-Super-Cache-Cache-Control
X-RPM
X-WP-CF-Super-Cache
X-RSL
X-Refresh
X-DB
X-TIME
Pics-Label
X-IPLB-Request-ID
X-Srv
X-VC
X-Tb-Optimization-Total-Bytes-Saved
Time
X-Accel-Expires-Debug
Memory
Env
X-Date
Ohc-File-Size
X-GeoIP-Region-Code
Servername
X-Ah-Environment
X-Mvc-Supplant-OutputCached
X-LB-NoCache
X-Newrelic-Synthetics
X-GeoIP-Country-Code
X-Tt-Logid
GEO-INFO
Ms-Author-Via
X-Udemy-Cache-App-Namespace
X-Akamai-Transformed
Cache-Key
Candidate-Md5Url
X-BCube-Filmed-By
X-Edge-Pop
X-Wikidot-Backend
X-CACHE-KEY
X-Amz-Meta-Cb-Modifiedtime
X-Wikidot-Static-Cache
X-Cache-Debug
X-Ad-Defer-Variation
X-Generated-In
Datacenter
X-Cache-ASPX
X-SplitTest
X-Via-Poph
X-API-Version
VNS-Cache
VNS-Age
GeoIp-Country-Code
X-Contensis-Viewer-Groups
CPC-Age
CPC-Cache
X-Via-Popn
Geo-Info
X-Via-Popv
XM
Fusion-Component-Id
Fusion-Template-Id
X-Xrds-Location
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
X-Varnish-Authentication
X-Servedbyhost
ITXSESSIONID
Fastly-Backend-Name
X-HA-Backend
X-WA-Info
X-S-Maxage
CacheControlHeader
X-Cache-Status-Check
X-Action
Path
X-Presslabs-Stats
X-Micro-Cache
True-Client-Country-4JS
X-TH-Server
X-Trace-ID
X-RateLimit-Reset
X-Vc
X-Backend-TTL
X-AIR-PT
X-DC
Geoip-Latitude
X-VCL-Version
Client
FSS-Cache
Lb
Cache-Host
Server-ID
Ohc-Cache-HIT
Hostname
X-VHOST
X-Varnish-Beresp-TTL
X-Cs
Ngx.Var.Host
X-Req
Edge-Cache
True-Client-IP
X-Provided-By
My-App
X-Api-Version
X-Clientip
X-TX-ID
X-Zone
X-FireWall-Port
NtCoent-Length
X-Fpc
XkeyRZ
X-Proxy-CacheRZ
X-Origin-Upstream-Status
X-Dynatrace
X-Pass-Why
X-Up
X-Webkit-Csp-Report-Only
Powered-By
X-B3-Spanid
X-Traceid
X-PX
X-Varnish-Beresp-Ttl
DataCenter
X-LB-ID
X-FPC
X-CSRF-TOKEN
Test
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-Li-Pop
X-MSEdge-Flight
X-Dmc
X-Li-Fabric
X-LI-UUID
X-MSEdge-Features
X-Cdn-Request-ID
OT-Force-Account-Verify
X-Correlation-ID
X-UnsetCookies
X-Webkit-CSP-Report-Only
Server-Id
X-Render-Time
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Cache-Status
User-Agent
X-INCAP-ABP
X-ND-Cache
X-Vcl-Version
X-Beluga-Status
X-Beluga-Record
X-Beluga-Response-Time
X-HS-Status
Rip
X-Time-Microsecs
Proxy-Connection
WZWS-RAY
C-Via
X-CUA
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-Service
X-RAMCache
X-Alfa-Service
GeoIP-Latitude
X-Via-PopH
X-Via-PopN
X-Platform-Cluster
Tube-Get-Contents
X-URL
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Platform-Processor
Click-Count-Error
Tube-Return
X-ServedByHost
Target-Params
X-Via-PopV
X-Platform-Router
X-B3-Traceid-Primal
X-Ha-Backend
X-Gateway-Skip-Cache
X-Fragments
Tube-Got-Eval
Cf-Device-Type
Tracecode
Click-Count-Action-Start
Srvid
X-Gateway-Request-Id
Tube-Got-Results
X-Azure-Ref-OriginShield
X-Geo
X-Fastly-Backend
X-Sucuri-Cache
GeoIP-Country-Code
X-FC-Vary-Parameters
X-Sucuri-ID
X-ATG-Version
Esi-Enabled
Uri
Sid
X-Var-Ttl
Resin-Trace
Lfy
X-Akamai-Pragma-Client-IP
MIME-Version
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Fetch-By
X-CCDN-CacheTTL
X-LI-Proto
X-Proxy-Cache-Hk
X-M-Log
X-Qnm-Cache
Epwk-X-Cache
Srv
HIT
On-Server
X-Fastly-Backend-Reqs
X-DynaTrace-JS-Agent
X-M-Reqid
X-Cdn-Forward
X-TRACE-ID
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
X-Backend-Host
ENV
Magicmarker
X-Li-Proto
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Esi
Cdn
X-App
X-Backend-State
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-APP
Section-Io-Origin-Status
Section-Io-Id
XServer
X-Edge-POP
X-Cache-Expires
ServerName
X-Lb-Nocache
X-Srcache-Fetch-Status
X-MG-S
X-Srcache-Store-Status
CF-Cached-On
Tcn
X-Newrelic-App-Data
X-ElasticPress-Query
X-Cache-CFC
Inserted-Into-Cache-At
Server-Ttl
X-Request-Start
X-Yottaa-OS
CountryCode
PICS-Label
X-Thanos
Cf-Ipcountry
D-Url-Rewrites
Wpo-Cache-Message
X-Iplb-Instance
Wpo-Cache-Status
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Iplb-Request-Id
X-Serial
X-Vcache
X-Nc
X-Bip
Servedby
Warning
X-HostName
Hit
X-Fastly-Cache-Hits
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Cache
X-Vercel-Id
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
Cneonction
Ngx
X-IN-APIGATEWAY
X-B3-Parentspanid
X-Akamai-Request-ID
X-LiteSpeed-Tag
X-Swift-Error
X-Snapshot-Date
X-Request-Url
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
X-CF-Powered-By
Content-Style-Type
Content-Script-Type
X-Dist-Code
X-Release
X-Dw-Trace-Id
X-Request-URL