Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Cache-Group
X-Akamai-Path-Stats
X-Turbo-Charged-By
Keep-Alive
X-Backend
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-AH-Environment
X-Proxy-Cache
Host-Header
X-UA-Device
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
Allow
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
X-Pingback
Surrogate-Control
Request-Id
Cf-Edge-Cache
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Url
Fastly-Restarts
Accept-Ch
X-Country
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-PC
X-Clacks-Overhead
X-Vname
X-TtlSet
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-Server-Name
X-Amz-Server-Side-Encryption
X-ESI
Cache-Tag
X-ASPNET-VERSION
X-Content-Type
X-B3-TraceId
X-Vcap-Request-Id
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Amz-Rid
X-Px
Public-Key-Pins
X-Edge
X-Cnection
X-D2id
X-Ser
X-Ac
X-Navigation-Version
X-Element-Page-Cache
Verso
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-RateLimit-Remaining
X-Version
X-Ttl
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Content-Security-Policy-Report-Only
X-Country-Code
Service-Worker-Allowed
X-Cache-TTL
X-NF-Request-ID
Response
X-Middleton-Response
X-Goog-Hash
X-Correlation-Id
Access-Control-Request-Method
SPIisLatency
SPRequestDuration
X-Cached
X-Kinsta-Cache
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-SID
X-Edge-Location-Klb
AR-ATIME
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-LLID
Edge-Cache-Tag
X-Upstream
X-Litespeed-Cache
X-NWS-LOG-UUID
X-Forwarded-For
X-Ruxit-Js-Agent
Content-MD5
X-Cache-Key
Nginx-Cache
X-TTL
X-MSEdge-Ref
X-Shield-Request-Id
X-Id
X-RateLimit-Limit
MRF-Tech
Mrf-Cache-Status
X-TEC-API-ROOT
X-TEC-API-VERSION
TCN
X-TEC-API-ORIGIN
X-T
X-Recruiting
S
X-ECACHE
X-B3-TraceId-Primal
X-Daa-Tunnel
X-Content-Digest
X-WebKit-CSP-Report-Only
X-Ua-Device
X-Mg-S
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-DataDome
X-Accel-Expires
X-Grace
TP-L2-Cache
TP-Cache
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-DynaTrace
X-HS-Content-Id
X-Ezoic-Cdn
X-Frontend
X-Content
X-Ab
X-Request-Processing-Time
X-Protected-By
X-Ua-Browser
X-Request-Received
Front-End-Https
Server-Node
X-Yandex-Sdch-Disable
Filters
X-Server-ID
MS-Author-Via
X-PressLabs-Stats
X-Origin-Server
X-Distributor
Fastcgi-Cache
X-Geo-Country
X-Hits
X-Mid
X-Webkit-Csp
X-LB-Cache
X-Microsite
X-ORACLE-DMS-ECID
X-Fastly-Request-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Request-Handler-Origin-Region
X-ORACLE-DMS-RID
X-Amzn-Trace-Id
Charset
Host
Cleartype
X-Debug-Info
X-Mcache
X-Git-Hash
X-F-Cache
X-Page-Id
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Ratelimit-Reset
X-Cache-Age
X-Seen-By
X-DIS-Request-ID
Cache-Status
Realpath
X-Webkit-CSP
Access-Control-Allow-Method
X-AppVersion
X-Www-Served-By
X-Activity-Id
X-Az
ServerID
Accept-Charset
Pinterest-Version
X-Aspnetmvc-Version
X-Pinterest-Rid
Pinterest-Generated-By
Filterid
X-Varnish-Age
X-Nginx-Upstream-Cache-Status
Cache-Tags
X-Cluster-Name
X-Content-Options
X-Rid
X-Type
Retry-After
X-FB-Debug
X-Oracle-Dms-Ecid
X-App-Environment
X-Language
X-Oracle-Dms-Rid
Country
Server-Name
X-Varnish-Backend
Permissions-Policy
Viewport
X-User-Agent
X-Tb
X-Varnish-Grace
X-Aspnet-Duration-Ms
DC
Node
X-Upgrade-Enabled
Paypal-Debug-Id
X-Flags
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Request-Guid
X-Oneagent-Js-Injection
X-Signature
X-Wix-Request-Id
X-B-Cache
X-Providence-Cookie
X-Route-Name
X-Drupal-Cache-Tags
X-Is-Crawler
X-Whom
X-TT
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-VCache
X-B
Fastcgi-Useragent
X-Mobile-URL
X-Origin-Cache
X-Debug
X-NWS-UUID-VERIFY
Protected
X-MCACHE
X-Amz-Meta-S3cmd-Attrs
X-Logged-In
X-N
X-Amz-Replication-Status
X-Cache-NGX
Payment
WPO-Cache-Message
WPO-Cache-Status
X-XRDS-LOCATION
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-XRDS-Location
X-Load-Cache
X-Via-JSL
X-Cache-Control
X-Contextid
Count-Hit
Healthy
X-Node-Name
X-Erf-Bev-Bev-Is-Generated
X-Midtier
X-Browser-Type
X-Erf-Bev-Bev
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-Mobile
X-FW-Static
X-Restarts
X-Original-Request-Id
X-Template
Alternate-Protocol
X-NGENIX-Cache
X-Response-Served-From
SD-X-WS
X-Proxy
Akamai-GRN
Refresh
Content-Disposition
X-G
X-Cache-Time
X-Zen-Fury
X-Revision
X-Jobs
Url
Uber-Trace-Id
X-Page-View
X-Framework
X-UUID
X-Akamai-Request-ID2
X-Adobe-Loc
X-Adobe-Content
X-Cache-TTL-Remaining
X-Real-IP
X-Servername
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
X-Cacheable-TTL
X-Debug-IsPreview
X-Debug-IsConnected
X-Is-Bot
X-Instance
X-Device-Type
X-Rendered-As
X-Http-Reason
VIX-Pulpo-Node
NGB
VIX-Pulpo-Upstream-Status
X-Cache-Grace
X-Yottaa-Optimizations
X-COUNTRY
X-Yottaa-Metrics
Access-Control-Request-Headers
X-Mg-Request-UUID
X-Hostname
X-Varnish-Server
X-Trace-Id
X-IPLB-Instance
X-ECache
X-B3-Traceid
X-HTML-Minification-Powered-By
X-Environment-Context
X-L-Path
X-Source
Version
X-EdgeConnect-Cache-Status
Ms-Operation-Id
Countrycode
MS-CV
Accept-Language
Frame-Options
X-RTag
X-Datadome
X-Ratelimit-Remaining
Liferay-Portal
X-Cache-Hit
X-NYM-Debug-Backend
Referer-Policy
From-Origin
X-Cache-Expired-At
X-Cache-Rule
X-Vgn-Hpd-Reason
X-App-Server
Cross-Origin-Window-Policy
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Fastly-Request-ID
X-Tumblr-Pixel-0
X-Tumblr-User
Backend
X-APP-VERSION
X-IPS-LoggedIn
X-FW-Version
X-Hosted-By
X-Ratelimit-Limit
Content-Secure-Policy
CF-IPCountry
X-Unique-Id
X-RN-RSRV
Meta-Geo
Upgrade-Insecure-Requests
Section-Io-Cache
X-UPSTREAM-Address
X-Cache-Server
X-Fastcgi-Cache
X-Nginx-Cache
X-Redis-Cache
X-Ua
X-FB-TRIP-ID
X-Cache-Enabled
X-No-Session
X-Generation-Time
WP-Super-Cache
X-Content-Age
X-PCL
X-OCL
Apigw-Requestid
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-RemovedCookies
X-Region
X-Request-Time
X-Section
X-ProcessESI
X-PHP-Backend
X-Origin-Date
X-Origin-Hint
X-Server-W
X-Sql-Count
X-Via-Fastly
X-Labrador-Cache-Channel
X-PHP-Host
X-Varnish-Cache-Hits
X-Uri
X-Sql-Duration-Ms
X-UA-Device-Type
X-Format
X-Cluster-Node
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
S-Rt
Property-Id
Fastly-SSL
Mn-Server-Ip
TWC-Locale-Group
TWC-Privacy
X-Akamai-Edgescape
X-AOL-HN
X-Be
X-Access
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
Azure-Version
TWC-GeoIP-LatLong
X-Mode
X-Nginx-Cache-Key
X-PERF
X-Locale
X-Human
X-Platform-Server
X-ProxyCache-Key
X-SayCDN-TTL
Locale
X-Say-Cacheable
X-ProxyCache-Status
X-Generated-By
X-Forwarded-Host
X-BYPASS-REASON
X-ApacheServer
Eomportal-Instance
X-Adobe-Source
X-Cache-Host
X-Cache-Tags
X-NewRelic-App-Data
X-Debug-Cache
X-Content-Powered-By
X-Cms-Context
X-Sorting-Hat-ShopId
X-Say-TTL
Load-Balancing
X-Xfnlog-Site
X-Urbn-Site-Id
X-Status
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Urbn-Context-Path
X-VC-Cache
X-ShopId
X-ShardId
X-Site-Version
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Storage
X-GG-Cache-Date
X-Cache-Type
X-JoinUs
X-Backend-Name
X-SaId
X-Detected-As
X-Handled-By
X-Hl-Ver
X-Varnishpool
X-ServerID
X-Web-Node
X-Tid
X-Extlb
X-Proxied
X-Zipkin-Id
X-Routing-Service
Cache-Tv-Group
Ec-Rule-Version
CDN-RequestCountryCode
CDN-Cache
X-Proxy-Build
X-Edge-Location
X-Timing-Wait
X-Storefront-Renderer-Rendered
CDN-CachedAt
CDN-RequestId
CDN-EdgeStorageId
CDN-PullZone
X-Cache-Action
CDN-Uid
Selected-Fe
X-Parallel-Accel
X-GeoCode
X-GeoCountry
X-Proto
ServedBy
Fastly-Drupal-Html
X-Dc
SRV
Web-Mar-Node
X-CDN-Forward
X-GEO
X-LSADC-Cache
Onion-Location
Mime-Version
Webserver
X-Hyper-Cache
X-Cached-By
X-Rule
X-Varnish-Hostname
X-Cache-Remote
X-App-Version
X-Cache-Operation
Cache-Hits
X-Rewrite-Enabled
X-Cdn
X-Soup
X-Cluster
X-SRV
X-IPLB-Request-ID
X-Magnolia-Registration
X-TT-LOGID
SID
X-Accel-Buffering
Xserver
X-Origin-TTL
X-Varnish-Hits
X-Origin-CC
Xet-Cookie
X-Air-Trace-Id
X-Envoy-Decorator-Operation
X-Air-Source
X-Pubstack
X-Air-Hostname
LB
X-Tt-Logid
X-Reqid
X-TA-CDN-Provider
X-Microcachable
Country-Code
Server-Info
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-Buckets
Cache
DB-Nickname
Decoy-Debug-Key
Decoy-Debug-TTL
Source
Decoy-Debug-Status
X-Request-Host
X-Amz-Apigw-Id
X-CSRF-Token
X-Newrelic-Synthetics
X-Amzn-RequestId
X-Tx-Id
X-B3-SpanId
X-Origin-Response-Time
X-Endurance-Cache-Level
X-Via-NSCOPI
X-Ec-Fail
X-A
X-Destination
X-Developer
X-Vdms-Path
X-Ec-GeoHdr
X-TIM-N
A
X-Ftr-Request-Id
Surrogated-Key
T-Server
X-Forwarded-Path
X-Esi-Check
X-External-Request-Id
X-Epic-Correlation-Id
X-ScT
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Application
X-TrackingId
X-SD-PageType
X-Cache-Id
X-B-Cookie
X-Cache-NE
X-ARC
X-AK-Request-ID
X-Aed
X-Ms-Request-Id
X-Session-Fingerprint
X-D
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Conf
X-Connection-Hash
X-A-Wwc
X-A-Ccd
Sslversion
X-VG-WebCache
DCR-Processing-Time-Ms
X-NAPM-TraceId
MD5-Digest
X-Vdms-Version
DCR-Decision-By
Cmstype
NM-Fastcgi-Cache
Mobile-Detection-Method
X-SRCache-Key
Cmsid
Host-ID
X-Shop-Environment
X-S
X-Rojux
X-PBS-Appsvrname
X-Processor
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-S-Cookie
X-Orig-Expires
Expiry
Lang
X-Ig-Push-State
Meta-Geo-Continent
X-HS-Content-Campaign-Id
BehaviorPad-Version
Odigeo-Trace-Id
X-User
X-Geo-Header
Xc-Version
X-Ms-Version
Pramga
Rendered-Blocks
X-Tenant
X-Gzip
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Cdnsip
X-Hash
Cdncip
X-Skip-Cache
X-Bc-Bl
Server-Host
State
Kp-EeAlive
Is-Eu
Mail-Subject
Memcached
X-Cache-Backend
Wxu-Next-Hostname
Wxu-Next-Commit
Platform
We-Hiring
Machine
X-Amzn-Remapped-Content-Length
Producers
X-Developers
X-Irp-Debug
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Via-Ucdn
X-WADP-Cache
X-Wix-Viewer-Type
X-SVT-ORM-RULES
X-SB
X-Worker
X-GeoIP
X-Loop
X-Mvc-Supplant-Cachable
X-Origin-Expires
X-Origin-Time
X-Varnish-Remaining-TTL
X-Rocket-Build-Number
X-Origin
X-Nyt-Route
X-Sigma-Backend
X-Sigma
X-Node-Id
X-NodeID
X-Scheme
X-SVT-ORM-VERSION
X-Core-Mission
X-Server-IP
X-Core-Value
X-DefElseHash
X-DefHash
X-V-Cache
X-TNCMS
X-Cache-Info
X-CacheTTL
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Variation
X-Device-Os
X-BCube-Filmed-By
Candidate-Md5Url
X-Gdpr
Cache-Key
X-Varnish-CookieINHashed-On
X-Fmm-Version
X-DPWN-IS-SECURE
X-Varnish-CookieHashed-On
X-Fastly-Cache
X-Fetched-On
X-Cache-Bucket
Wxu-Next-Region
Fastly-GeoIP-CountryCode
AKAMAI
Adler-Geo
X-Varnish-Ttl
DynaTrace
Environment
X-Cache-Status-Check
Datacenter
X-RCS-CacheZone
X-NCache
X-Azure-Ref
X-Time
CDN
X-Generated-On
X-GeoIP-City
X-Hnp-Log
X-Loc
X-Xrds-Location
X-Minions-Version
X-Level-Front-Cache
X-LAGOON
X-Gen-Mode
X-Httpd
X-HN
Ohc-File-Size
X-Cache-Date
X-Cdn-Origin
X-CGP
X-Branch-Name
X-Block-Status
X-Auto-Login
X-BBC-Edge-Cache-Status
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Eu-Site
X-Forwarded-Site
X-Ec-Custom-Error
X-Dispatcher-Number
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Gamma-Serve
X-Planisys-CDN-TTL
X-VServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Viewer-Country
X-VG-TLSProxy
Cache-Name
X-Varnish-Beresp-Grace
X-VarnishDD-TTL
X-Ad-Defer-Variation
X-RateLimit-Limit-Second
VNS-Cache
X-SplitTest
XM
VNS-Age
CPC-Cache
X-RateLimit-Remaining-Second
CPC-Age
X-Thinkindot-L3
GEO-INFO
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Qloud-Router
X-Policy
X-Pod-Name
X-Planisys-CDN-Rules
X-Aicache-OS
X-Platform
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
X-Slack-Backend
X-Sn-Servicetimems
X-Served-From
X-Rocket-Nginx-Serving-Static
X-Region-Sid
X-Request-URI
X-Planisys-CDN-Cache
X-Pool
Req-Svc-Chain
Apple-News-Services-Parsed-Url
Server-Ext
Apple-News-Services-Host
Server-Hostname
Release
Redirect-Candidate
User-Cache-Control
Origin-EX
PFcat
Apple-News-Services-Request-Url
Sever-Int
Apple-News-Services-Handled
V-Age
Thinkindot-CacheControl-Type
Thinkindot-Control
Traceparent
Thinkindot-CacheControl
TDXMobile
Web-Mar-Region
Ssr
Svr
Vix-Hermes-Req-Id
Origin
Origin-CC
IsBot
Fastly-SIE
L
Gh-Request-Id
L5d-Success-Class
Ha-Gx-Prefs
Cluster
CloudFront-Viewer-Country
CDCHOST
HA-Ipaddr
NGX
Fastly-SWR
N-Cache
Fastcgi-Cache-TTL
X-R9-Blue-Green-Version
Fastly-Backend-Name
X-Scale
DSUID
X-Owner
X-Optimistic-Header
X-WA-Info
X-AIR-PT
HostName
X-ZONE
X-From
X-Micro-Cache
X-Webstats-RespID
X-Refresh
X-Parent-Response-Time
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Pics-Label
X-CACHE-KEY
X-EC-Lua
X-NC
X-Cache-ASPX
X-Location
X-Contensis-Viewer-Groups
Env
X-Ah-Environment
Ms-Author-Via
X-TIME
X-VC
X-Tb-Optimization-Total-Bytes-Saved
X-CS
Servername
X-LB-NoCache
Locid
X-Varnish-Authentication
Path
X-Edge-Pop
X-Mvc-Supplant-OutputCached
X-Servedbyhost
Ngx.Var.Host
X-Amz-Meta-Cb-Modifiedtime
X-Response-By
X-TraceId
X-Men
Arc-Country
Cache-Host
X-Udemy-Cache-App-Namespace
Lb
X-Old-Content-Length
X-Generated-In
X-Srv
X-Proxy-CacheRZ
XkeyRZ
Ohc-Cache-HIT
X-RSL
Memory
X-Varnish-Beresp-TTL
ITXSESSIONID
Time
X-RPM
X-Via-Popv
X-DSS
X-DI
X-RPS
X-DW
X-Via-Popn
X-DB
GeoIp-Country-Code
X-Via-Poph
X-Vc
X-RateLimit-Reset
AMP-Access-Control-Allow-Source-Origin
Client
X-HA-Backend
X-Date
X-API-Version
X-S-Maxage
True-Client-IP
X-VCL-Version
X-Akamai-Transformed
X-Accel-Expires-Debug
X-Clientip
X-Cs
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Api-Version
Geoip-Latitude
X-VHOST
Hostname
X-Trace-ID
FSS-Cache
X-Tec-Api-Origin
Server-ID
X-DC
X-Tec-Api-Version
X-Cache-Debug
X-Tec-Api-Root
X-URL
X-Zone
X-Fpc
X-Dmc
X-Correlation-ID
X-Presslabs-Stats
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
X-Render-Time
X-MSEdge-Features
X-FireWall-Port
NtCoent-Length
CacheControlHeader
X-MSEdge-Flight
X-Webkit-Csp-Report-Only
Powered-By
X-Action
X-TH-Server
X-INCAP-ABP
True-Client-Country-4JS
X-TX-ID
X-DynaTrace-JS-Agent
X-NGINX-Cache
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Gateway-Cache-Status
Rip
X-PX
X-Gateway-Skip-Cache
X-Backend-TTL
X-B3-Spanid
X-Service
C-Via
X-Traceid
X-CSRF-TOKEN
X-M-Reqid
Esi-Enabled
Click-Count-Action-Start
Edge-Cache
Test
Tube-Return
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
HIT
X-M-Log
Tcn
Click-Count-Error
X-Qnm-Cache
X-TRACE-ID
X-FPC
X-Req
On-Server
X-Cdn-Request-ID
X-Pass-Why
X-Akamai-Pragma-Client-IP
OT-Force-Account-Verify
Server-Id
X-Alfa-Service
X-Beluga-Node
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Status
User-Agent
My-App
Uri
X-Beluga-Trace
X-HS-Status
Geo-Info
X-Webkit-CSP-Report-Only
X-Beluga-Cache-Status
X-Check-Cacheable
X-Origin-Upstream-Status
X-Via-PopV
X-Vcl-Version
X-Via-PopN
X-Ha-Backend
X-Via-PopH
Sid
X-Proxy-Cache-Hk
GeoIP-Country-Code
Cf-Int-Pingora-Origin-Digest
Srvid
X-Up
Resin-Trace
X-Edge-Origin-Shield-Bytes
GeoIP-Latitude
X-Provided-By
X-Edge-Origin-Shield-Region
X-CLOUD-TRACE-CONTEXT
WebServer
Cdn
X-Varnish-Beresp-Ttl
X-APP
Proxy-Connection
X-LB-ID
M-TraceId
X-CCDN-Origin-Time
Epwk-X-Cache
X-CCDN-CacheTTL
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-ServedByHost
X-Hcs-Proxy-Type
Srv
X-Cdn-Forward
X-UnsetCookies
X-App
X-Backend-Host
X-RAMCache
X-Fetch-By
X-Cache-Ttl
X-ID
X-LiteSpeed-Cache-Control
X-Esi
MIME-Version
Warning
DataCenter
X-Serial
XServer
X-ND-Cache
Server-Ttl
ENV
X-Lb-Nocache
WZWS-RAY
X-Edge-POP
X-Time-Microsecs
X-B3-Traceid-Primal
X-Fastly-Backend-Reqs
X-Geo
ServerName
X-MG-S
X-HostName
Dt-Hot-News
X-Thanos
X-Akamai-Request-ID
X-Bip
X-CF-Powered-By
PICS-Label
X-ElasticPress-Query
X-HITS
X-Request-Url
X-Newrelic-App-Data
Section-Io-Id
Section-Io-Origin-Status
DT-Hot-News
X-CUA
CF-Cached-On
Cf-Device-Type
X-Nc
Section-Io-Origin-Time-Seconds
X-Yottaa-OS
Section-Origin-Responded
X-Dw-Trace-Id
Fastly-Drupal-HTML
X-Request-Start
X-Fragments
Target-Params
X-LiteSpeed-Tag
Tracecode
X-Platform-Processor
X-Platform-Router
X-Fastly-Backend
X-Azure-Ref-OriginShield
True-Client-Ip
X-ATG-Version
X-Cc-Via
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-FC-Vary-Parameters
X-Platform-Cluster
X-Iplb-Instance
D-Url-Rewrites
X-Vcache
X-Iplb-Request-Id
X-Var-Ttl
X-Sucuri-Cache
X-Sucuri-ID
Inserted-Into-Cache-At
Cdn-Requestcountrycode
Cdn-Uid
Cdn-Edgestorageid
Cdn-Cache
Wp-Super-Cache
Cdn-Pullzone
Cdn-Requestid
Servedby
Cdn-Cachedat
Vha6-Origin
X-Release
Content-Style-Type
CountryCode
X-Th-Server
X-MiniProfiler-Ids
Content-Script-Type
X-Back
X-BBC-Origin-Response-Status
X-Storefront-Renderer-Verified
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Request-URL
X-Vercel-Cache
Lfy
X-Dist-Code
X-Vercel-Id
X-Wp-Cf-Super-Cache-Cache-Control