Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-AH-Environment
X-Backend
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
Content-Location
Rating
X-Country
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
Allow
X-Vname
X-PC
X-TtlSet
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-FastCGI-Cache
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Aws-Lambda-Call-Status
X-Upstream
X-MS-InvokeApp
MS-Author-Via
X-GitHub-Request-Id
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Px
Arr-Disable-Session-Affinity
X-Origin-Cache
X-Country-Code
X-Navigation-Version
RTSS
X-Powered-By-Plesk
X-Goog-Hash
Access-Control-Request-Method
X-NF-Request-ID
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
Accept-Ch
X-Powered-CMS
X-Version
AR-CACHE
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
X-Language
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Amz-Server-Side-Encryption
X-Middleton-Response
Response
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-LLID
X-Kinsta-Cache
X-Edge
X-Edge-Location-Klb
Nginx-Cache
X-TTL
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Template
X-Protected-By
X-RateLimit-Remaining
X-Shield-Request-Id
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
TCN
X-T
X-Forwarded-For
X-Content-Security-Policy-Report-Only
S
X-Id
X-Mg-S
Content-MD5
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
Realpath
SPRequestDuration
SPIisLatency
X-CST
Front-End-Https
X-Recruiting
X-Request-Received
X-Ttl
X-Request-Processing-Time
X-MCACHE
Filters
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Server-Node
X-Content
X-Ab
X-Ua-Browser
X-DynaTrace
Server-Name
X-Frontend
X-NWS-LOG-UUID
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-SharePointHealthScore
SPRequestGuid
X-Correlation-Id
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-Parallel-Accel
X-ECACHE
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
X-Ser
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-Hits
Alternate-Protocol
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Key
X-Content-Options
MicrosoftSharePointTeamServices
X-Buckets
X-Page-Id
Cache-Tags
Charset
X-B3-Sampled
X-Kong-Upstream-Latency
Host
X-Git-Hash
Cleartype
X-Kong-Proxy-Latency
X-Fastly-Request-Id
X-Www-Served-By
X-Ruxit-Js-Agent
X-Geo-Country
X-DIS-Request-ID
X-Daa-Tunnel
X-Debug-Info
X-Accel-Expires
X-Content-Digest
X-Amz-Replication-Status
X-Amzn-Trace-Id
Filterid
X-XRDS-LOCATION
X-Varnish-Age
X-Az
X-Activity-Id
X-Ratelimit-Limit
X-FB-Debug
X-AppVersion
X-Hostname
X-Forwarded-Proto
TP-L2-Cache
X-Upgrade-Enabled
X-VCache
TP-Cache
X-N
X-Rid
X-Grace
Cross-Origin-Opener-Policy
X-Origin-Server
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Nginx-Upstream-Cache-Status
X-F-Cache
X-LB-Cache
ServerID
X-Mobile-URL
X-Route-Name
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Request-Guid
X-Aspnet-Duration-Ms
X-Whom
X-TT
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Varnish-Grace
Viewport
X-App-Environment
X-Tb
X-Type
X-FW-Static
X-FW-Type
Payment
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-Distributor
X-Seen-By
X-FW-Hash
Node
X-App-Server
DC
X-Server-ID
Paypal-Debug-Id
X-User-Agent
X-Origin-Upstream-Status
Fastcgi-Useragent
X-Cache-Control
Country
X-NGENIX-Cache
Accept-Charset
X-Wix-Request-Id
X-Cache-Rule
X-Logged-In
X-Litespeed-Cache
Version
X-Cache-Age
X-Microsite
X-Request-Handler-Origin-Region
X-Webkit-CSP
X-Via-JSL
X-DataDome
X-Drupal-Cache-Tags
Referer-Policy
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Cluster-Name
X-Varnish-Backend
Refresh
X-Contextid
X-Signature
X-B-Cache
Cache-Status
X-Node-Name
X-Load-Cache
X-Response-Served-From
X-Original-Request-Id
Access-Control-Request-Headers
SD-X-WS
X-Mobile
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Is-Bot
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-Jobs
X-Cacheable-TTL
X-Real-IP
X-Page-View
X-Rendered-As
X-Cache-Action
VIX-Pulpo-Upstream-Status
X-RemovedCookies
X-Revision
X-ProcessESI
X-IPLB-Instance
X-B
X-UUID
X-Proxy-Cache-Status
VIX-Pulpo-Node
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rule
X-Instance
X-Debug
X-Proxy
X-Ratelimit-Reset
X-Drupal-Cache-Contexts
Akamai-GRN
X-Device-Type
X-Cache-Time
X-Fastly-Request-ID
X-G
X-Framework
Surrogate-Key
NGB
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Version
X-Fastcgi-Cache
CF-IPCountry
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
DynaTrace
SID
Liferay-Portal
X-Azure-Ref
X-Oracle-Dms-Rid
X-PressLabs-Stats
X-Oracle-Dms-Ecid
X-Presslabs-Stats
X-Nginx-Cache
GEO-INFO
Healthy
Frame-Options
X-Cache-Operation
X-Source
X-Ms-Request-Id
X-Ms-Version
X-Oneagent-Js-Injection
X-Accel-Buffering
Count-Hit
X-CDN-Forward
MS-CV
Ms-Operation-Id
X-RTag
Uber-Trace-Id
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Environment-Context
X-L-Path
X-XRDS-Location
Countrycode
X-Tumblr-User
Xserver
X-Tumblr-Pixel-1
X-Cache-Hit
X-Cache-NGX
X-Zen-Fury
X-Varnish-Server
X-Backend-Name
X-Mode
X-Region
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Forwarded-Host
X-Servername
X-IPS-LoggedIn
X-Content-Powered-By
Protected
Backend
X-Cache-TTL-Remaining
X-Rewrite-Enabled
X-RN-RSRV
X-JoinUs
X-Detected-As
X-SaId
Meta-Geo
X-Cache-Type
X-UPSTREAM-Address
X-Cache-Server
Country-Code
X-Cache-Grace
Decoy-Debug-Key
X-Alternate-Cache-Key
Apigw-Requestid
Decoy-Debug-Status
X-Extlb
Eomportal-Instance
Decoy-Debug-TTL
Section-Io-Cache
X-Generation-Time
X-Proxied
X-Shopify-Stage
X-ShardId
X-Zipkin-Id
X-Tid
X-Sql-Count
X-Sql-Duration-Ms
X-Uri
X-Redis-Cache
X-Varnish-Beresp-Grace
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Routing-Service
X-ShopId
X-Hosted-By
X-Human
X-Status
Url
X-ServerID
X-Soup
X-Microcachable
Mn-Server-Ip
X-Storage
Cache-Name
X-UA-Device-Type
X-Format
X-FB-TRIP-ID
Fastly-SSL
X-ProxyCache-Status
X-Site-Version
X-Origin-Date
X-BYPASS-REASON
X-NCache
X-PHP-Backend
X-PERF
X-ProxyCache-Key
Cache-Tv-Group
X-ApacheServer
X-No-Session
Property-Id
Selected-Fe
TWC-Connection-Speed
X-Section
X-Timing-Wait
X-SayCDN-TTL
X-Say-TTL
X-NYM-Debug-Backend
X-Via-Fastly
X-Cluster-Node
X-Origin-Hint
TWC-GeoIP-LatLong
Webcakes-Region
X-Web-Node
X-Access
X-Adobe-Loc
X-Akamai-Edgescape
X-Say-Cacheable
X-Cache-Host
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Privacy
X-Proxy-Build
X-Server-W
Webcakes-App-Name
TWC-Device-Class
X-Adobe-Content
X-Content-Age
X-R9-Blue-Green-Version
X-Hyper-Cache
X-Varnishpool
X-PCL
X-OCL
X-Debug-Cache
X-Hl-Ver
OT-Force-Account-Verify
X-Pubstack
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
DB-Nickname
Content-Secure-Policy
X-RateLimit-Limit
X-TIME
X-Be
X-Ua
CDN-Cache
CDN-RequestId
X-LSADC-Cache
CDN-CachedAt
CDN-Uid
CDN-RequestCountryCode
CDN-EdgeStorageId
SRV
CDN-PullZone
LB
X-Azure-Ref-OriginShield
X-Generated-By
X-NewRelic-App-Data
X-Ratelimit-Remaining
WPO-Cache-Message
WPO-Cache-Status
X-Trace-Id
X-Webkit-Csp
Content-Disposition
X-Dc
X-Cached-By
Source
Cache
X-Nginx-Cache-Key
X-Unique-Id
X-Bc-Bl
X-LAGOON
X-SRV
X-App-Version
Retry-After
Cache-Hits
Xet-Cookie
X-TT-LOGID
X-Auto-Login
X-Origin-TTL
X-Origin-CC
X-GEO
X-HTML-Minification-Powered-By
Mime-Version
X-Varnish-Hits
X-Loop
X-TNCMS
X-Platform-Server
X-Varnish-Hostname
X-S-Maxage
X-ECache
HostName
Onion-Location
X-Amz-Meta-S3cmd-Attrs
X-Akamai-Transformed
X-Cache-Remote
X-Xfnlog-Site
X-CSRF-Token
X-Cdn
X-Tumblr-Pixel-3
X-Correlation-ID
X-Tumblr-Pixel-2
Web-Mar-Node
X-Cache-Tags
Upgrade-Insecure-Requests
Webserver
X-Varnish-Cache-Hits
X-Proto
ServedBy
X-Request-Time
X-Cache-Var-Map
X-Cache-Var
X-Endurance-Cache-Level
X-Time-Microsecs
X-Tenant
X-AOL-HN
N-Cache
X-EC-Lua
X-LJ-Flow-ID
X-VWS-Id
X-Time
X-Edge-Location
X-AWS-Id
From-Origin
WP-Super-Cache
X-Request-Host
X-GG-Cache-Date
X-FireWall-Port
CloudFront-Viewer-Country
X-Via-NSCOPI
X-Origin-Response-Time
X-Mg-Request-UUID
X-Amzn-RequestId
X-PHP-Host
X-Labrador-Cache-Channel
X-Amz-Apigw-Id
X-Ig-Push-State
X-SRCache-Key
X-Hnp-Log
User-Cache-Control
X-Gen-Mode
X-Ftr-Request-Id
V-Age
X-SVT-ORM-VERSION
X-D
X-Aed
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cluster
X-Cache-NE
A
X-ARC
X-B-Cookie
X-Block-Status
X-Cache-Date
X-Conf
X-Connection-Hash
X-External-Request-Id
X-A-Ccd
BehaviorPad-Version
X-Forwarded-Path
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Dgt
X-Destination
X-Developer
X-A
X-ND-Cache
X-Vtex-Remote-Cache
X-ScT
X-Vtex-Processado-Em
X-Qnm-Cache
X-VG-WebCache
Fastcgi-X-Cache-Version
X-S-Cookie
Expiry
X-Processor
Xc-Version
Pramga
X-S
X-SVT-ORM-RULES
X-Vdms-Version
Meta-Geo-Continent
X-Shop-Environment
X-Vdms-Path
X-V-Cache
X-Slack-Backend
X-Session-Fingerprint
Mobile-Detection-Method
Origin
X-SD-PageType
X-M-Reqid
X-M-Log
Odigeo-Trace-Id
Redirect-Candidate
X-Rojux
Surrogated-Key
X-Application
X-Orig-Expires
DCR-Processing-Time-Ms
DCR-Decision-By
X-Planisys-CDN-TTL
X-B3-SpanId
X-NAPM-TraceId
DSUID
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Planisys-CDN-Cache
Sslversion
X-TIM-N
Rendered-Blocks
Nel
X-Planisys-CDN-Rules
X-NWS-UUID-VERIFY
X-RCS-CacheZone
X-Handled-By
X-Cache-Enabled
X-MP-GENERATED-AT
Traceparent
State
L
Svr
True-Client-Country-4JS
X-Accel-Expires-Debug
Wxu-Next-Region
Release
Origin-EX
Wxu-Next-Hostname
Origin-CC
Wxu-Next-Commit
Ssr
X-Li-Pop
X-Origin-Time
X-Owner
X-Policy
X-Origin-Expires
Host-ID
X-NodeID
X-Nyt-Route
X-Old-Content-Length
X-Rocket-Nginx-Serving-Static
X-Webstats-RespID
X-Server-IP
X-Skip-Cache
X-Varnish-Beresp-Status
X-Served-From
X-Sucuri-Cache
X-Scheme
X-VServer
X-Sucuri-ID
X-Mvc-Supplant-Cachable
X-Men
X-Epic-Correlation-Id
X-Fastly-Cache
X-Fetched-On
X-Device-Os
X-Date
X-Cdn-Srv
X-Ckpd-Fst-Backend
X-Core-Mission
X-Forwarded-Site
X-Gdpr
X-Li-Fabric
X-LI-UUID
X-Location
X-Hash
Vix-Hermes-Req-Id
X-Geo-Header
X-Aicache-OS
X-Cache-Info
X-Cache-Bucket
CacheControlHeader
X-Zone
CDCHOST
X-Locale
Fastly-Drupal-Html
Fastcgi-Cache-TTL
X-CACHE-KEY
Gh-Request-Id
Arc-Country
Cmstype
Cmsid
Server-Info
AKAMAI
X-Magnolia-Registration
Environment
AMP-Access-Control-Allow-Source-Origin
X-Envoy-Decorator-Operation
X-Fastly-Backend
X-Gamma-Serve
X-Eu-Site
X-Generated-On
X-Esi-Check
X-GeoIP
X-Core-Value
X-Cache-Debug
X-Cache-Id
X-Branch-Name
X-Bip
X-Backend-State
X-BBC-Edge-Cache-Status
X-Cdn-Origin
X-CGP
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Csrf-Jwt
X-GeoIP-City
X-Developers
X-HS-Content-Campaign-Id
X-TH-Server
X-Thanos
X-Storefront-Renderer-Rendered
X-Sn-Servicetimems
X-Sigma
X-Sigma-Backend
X-Thinkindot-L3
X-TrackingId
X-Request-URI
X-Viewer-Country
X-VG-TLSProxy
X-VarnishDD-TTL
X-UnsetCookies
X-Rocket-Build-Number
X-Request-Start
X-Level-Front-Cache
X-VC-Cache
X-Irp-Debug
X-ATG-Version
X-HN
X-Node-Id
X-Platform
X-Region-Sid
X-Reqid
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Gzip
X-Req
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
Thinkindot-Control
We-Hiring
Apple-News-Services-Request-Url
Web-Mar-Region
Server-Host
Req-Svc-Chain
L5d-Success-Class
Ha-Gx-Prefs
HA-Ipaddr
Locid
Mail-Subject
PFcat
Fastly-GeoIP-CountryCode
Apple-News-Services-Parsed-Url
Machine
Apple-News-Services-Host
Apple-News-Services-Handled
X-Adobe-Source
X-Worker
Is-Eu
Adler-Geo
X-NU-AKA-ACS-Version
X-Loc
X-Origin
X-JWT-State
X-FC-Vary-Parameters
Cf-Device-Type
X-Has-Esi
X-Is-Gdpr
X-Pod-Name
NGX
Platform
X-Variation
X-Response-By
Fastly-SIE
Memcached
NM-Fastcgi-Cache
Fastly-SWR
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Rebelmouse-Surrogate-Control
X-Amzn-Remapped-Content-Length
X-Varnish-Remaining-TTL
X-DPWN-IS-SECURE
X-Backend-TTL
X-DefElseHash
X-DefHash
X-Datadome
X-Xrds-Location
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Cache-Config
X-Tx-Id
X-Mvc-Supplant-OutputCached
X-Ua-Device
X-CLOUD-TRACE-CONTEXT
X-NC
X-API-Version
X-LB-ID
X-CS
S-Rt
X-Varnish-Beresp-Ttl
Magicmarker
Pics-Label
X-TraceId
X-TA-CDN-Provider
CDN
X-Up
X-Generated-In
Kp-EeAlive
Datacenter
X-Trace-ID
X-Restarts
Candidate-Md5Url
X-Tt-Logid
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
X-Vc
X-Edge-Pop
Env
NtCoent-Length
Memory
Time
X-Http-Reason
X-Akamai-Request-ID2
X-LB-NoCache
X-DynaTrace-JS-Agent
X-DW
WWW-Authenticate
X-Via-Popn
X-RPM
X-Varnish-Ttl
X-Wix-Viewer-Type
X-DSS
X-DB
X-RPS
X-DI
Edge-Cache
X-Action
GeoIp-Country-Code
On-Server
X-Cache-Backend
X-Via-Popv
WebServer
X-RSL
X-Via-Poph
X-Refresh
X-Optimistic-Header
X-Varnish-Beresp-TTL
Esi-Enabled
X-Parent-Response-Time
X-Srv
X-DC
X-CacheTTL
Accept-Language
C-Via
X-Service
X-Minions-Version
X-Dynatrace
X-Cs
X-Esi
X-Servedbyhost
X-MSEdge-Flight
X-Unique-ID
X-MSEdge-Features
X-TX-ID
X-Cache-PHP
X-HA-Backend
X-Newrelic-Synthetics
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
Server-ID
X-ZONE
X-User
X-Li-Proto
X-Render-Time
X-Ec-Fail
X-Cache-Status-Check
X-Ec-GeoHdr
X-VCL-Version
X-Cache-Ttl
X-App
X-FPC
X-URL
X-B3-Spanid
X-Fpc
X-LI-Proto
Test
Server-Id
X-Webkit-Csp-Report-Only
X-Traceid
X-LiteSpeed-Cache-Control
Proxy-Connection
Cdncip
X-AK-Request-ID
Cdnsip
X-Vcl-Version
X-Info
X-AIR-PT
X-Webkit-CSP-Report-Only
X-NODE
X-Pass-Why
X-WADP-Cache
X-Clara-WADP
Tcn
X-Fmm-Version
Geoip-Latitude
Cluster
Geo-Info
My-App
X-Clientip
X-Mcache
X-Oss-Server-Time
Resin-Trace
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
UCS
X-CUA
X-Oss-Storage-Class
Tracecode
X-Var-Ttl
M-TraceId
X-Oss-Object-Type
Cache-Host
HIT
Fastly-Drupal-HTML
X-Ha-Backend
X-HostName
S-Cnection
Lfy
X-From
Cf-Int-Pingora-Origin-Digest
X-LiteSpeed-Tag
T-Server
X-CSRF-TOKEN
Lang
DataCenter
X-ID
X-ServedByHost
X-Fragments
Hostname
Ohc-File-Size
Hit
X-Via-PopN
GeoIP-Country-Code
X-Via-PopV
X-Pad
X-WP-CF-Super-Cache-Cache-Control
X-Via-PopH
X-WP-CF-Super-Cache
Target-Params
User-Agent
Fastly-Backend-Name
X-Micro-Cache
X-Dynatrace-Js-Agent
X-Geo
X-ElasticPress-Query
X-Release
X-Cdn-Forward
X-Edge-POP
MIME-Version
X-RAMCache
X-Backend-Host
ENV
X-BBC-Origin-Response-Status
X-Check-Cacheable
X-BCube-Filmed-By
X-Edge-Cache
X-Api-Version
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-VC
X-NGINX-Cache
Section-Origin-Responded
X-APP
Load-Balancing
Lb
Permissions-Policy
URI
X-ServerName
X-Proxy-Cache-Info
X-Httpd
X-Fastly-Backend-Reqs
Servername
X-HS-Status
X-Ucs
X-Lb-Nocache
X-UP
EpKe-Alive
X-Provided-By
X-Amz-Meta-Cb-Modifiedtime
Server-Ttl
Uri
Cache-Key
Path
FSS-Cache
Producers
PICS-Label
CPC-Cache
X-GoCache-CacheStatus
CPC-Age
VNS-Age
X-WA
ServerName
X-WA-Info
VNS-Cache
X-TRACE-ID
X-Udemy-Cache-App-Namespace
X-Lb-Id
WZWS-RAY
X-Nc
X-ES-SERVER
X-RateLimit-Reset
Cteonnt-Length
X-Cache-CFC
X-Wikidot-Backend
Cneonction
X-Wikidot-Static-Cache
X-B3-ParentSpanId
Cdn
Vha6-Origin
Ohc-Cache-HIT
X-Fastly-Cache-Hits
X-Cdn-Request-ID
X-SB
Sid
X-Pool
X-Dw-Trace-Id
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Platform-Processor
X-Acquia-Application-UUID
X-Platform-Router
Pagetype
Cf-Ipcountry
X-Akamai-ERPolicy
X-PJAX-URL
X-Apw-Access-Action
X-Vcache
X-Newrelic-App-Data
X-Acquia-Site
X-Cache-ASPX
X-Swift-Error
X-Apw-Access-Object
X-Yottaa-OS
X-Akamai-Request-ID
CF-Cached-On
X-Cms-Context
X-Ec-Custom-Error
X-Akamai-ERRuleID
Shield-Pop
X-Apw-Hits
X-Apw-Access-Token
X-Platform-Cluster
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-Air-Pt
X-Cache-Ngx
X-Shopify-Generated-Cart-Token
X-Last-Modified
X-Logging-Id
X-CacheKey
X-UA
X-Akamai-Pragma-Client-IP
X-Hcs-Proxy-Type
X-Varnish-Authentication
MD5-Digest
X-Via-Ucdn
X-Miniprofiler-Ids
Req-ID
CountryCode
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
Ngx
X-Sentry-ID
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Te-Duration-Ms