Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Rq
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-WebKit-CSP
Allow
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
Surrogate-Control
Accept-CH
Request-Id
X-Backend-Server
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
Xkey
X-Application-Context
Accept-CH-Lifetime
Cf-Edge-Cache
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-Trace
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-MS-InvokeApp
X-Vname
X-TtlSet
X-PC
X-Rack-Cache
X-Ruxit-JS-Agent
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-VARITI-CCR
X-B3-TraceId
X-Content-Type
Cache-Tag
X-Vcap-Request-Id
X-Amz-Rid
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
Public-Key-Pins
X-Cnection
X-Dw-Request-Base-Id
X-Amz-Server-Side-Encryption
X-Ac
X-Px
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Webkit-Csp
X-FastCGI-Cache
X-Middleton-Display
Display
X-Sol
Service-Worker-Allowed
Pagespeed
X-Ser
X-Edge
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
X-Ruxit-Js-Agent
X-Middleton-Response
Response
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-Correlation-Id
X-Ttl
AR-PoweredBy
AR-CACHE
AR-SID
AR-ATIME
AR-Request-ID
X-Kinsta-Cache
X-Upstream
X-Edge-Location-Klb
SPIisLatency
SPRequestDuration
X-TTL
X-NWS-LOG-UUID
X-LLID
X-Cached
X-Powered-CMS
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Nginx-Cache
Edge-Cache-Tag
X-RateLimit-Limit
SPRequestGuid
X-SharePointHealthScore
TCN
X-Cache-Key
X-Forwarded-For
X-Litespeed-Cache
MRF-Tech
Mrf-Cache-Status
X-MSEdge-Ref
Content-MD5
MS-Author-Via
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Id
X-Daa-Tunnel
X-Recruiting
S
X-Mg-S
X-TEC-API-ORIGIN
X-Content-Digest
X-TEC-API-VERSION
X-TEC-API-ROOT
X-DataDome
X-Protected-By
X-Ua-Device
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Frontend
X-HS-Cache-Config
X-HS-Content-Id
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-Ua-Browser
X-HS-Combine-CSS
X-Content
Server-Node
X-Ab
X-Request-Received
X-Accel-Expires
Front-End-Https
X-Request-Processing-Time
X-Grace
X-Yandex-Sdch-Disable
X-ORACLE-DMS-ECID
Filters
X-ORACLE-DMS-RID
X-ECACHE
Fastcgi-Cache
X-Mid
X-Server-ID
X-PressLabs-Stats
X-Hits
X-Origin-Server
TP-L2-Cache
TP-Cache
X-Geo-Country
X-Distributor
X-Ratelimit-Reset
X-Debug-Info
X-DynaTrace
Pinterest-Version
X-Pinterest-Rid
X-Tt-Trace-Host
X-Tt-Trace-Tag
Pinterest-Generated-By
X-Amzn-Trace-Id
Charset
Cleartype
Host
X-Page-Id
X-F-Cache
X-DIS-Request-ID
X-Git-Hash
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Www-Served-By
X-LB-Cache
X-Forwarded-Proto
X-Microsite
X-Request-Handler-Origin-Region
Access-Control-Allow-Method
X-Cache-Age
ServerID
Cache-Tags
X-Seen-By
X-Activity-Id
X-Az
X-AppVersion
X-Cluster-Name
X-Language
X-Kong-Proxy-Latency
Realpath
Accept-Charset
X-Kong-Upstream-Latency
Cache-Status
X-Varnish-Age
X-WebKit-CSP-Report-Only
X-Aspnetmvc-Version
Filterid
Server-Name
X-Rid
X-Type
X-Content-Options
X-App-Environment
X-Nginx-Upstream-Cache-Status
X-Upgrade-Enabled
Country
X-Mobile-URL
X-Varnish-Grace
Viewport
X-Origin-Cache
X-Tb
X-User-Agent
Node
X-Request-Guid
DC
X-B-Cache
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Is-Crawler
X-FB-Debug
Paypal-Debug-Id
X-Route-Name
X-Flags
X-XRDS-LOCATION
X-Drupal-Cache-Tags
X-Whom
X-NWS-UUID-VERIFY
X-Wix-Request-Id
X-Signature
Retry-After
X-TT
Protected
X-VCache
X-Goog-Storage-Class
X-Goog-Metageneration
X-Oracle-Dms-Ecid
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
Fastcgi-Useragent
X-Via-JSL
X-Varnish-Backend
X-Fastly-Request-Id
X-Oracle-Dms-Rid
X-Oneagent-Js-Injection
X-MCACHE
X-Cache-NGX
X-B
X-Amz-Replication-Status
X-Mcache
Payment
X-Contextid
X-Debug
X-Logged-In
X-N
X-Fastly-Request-ID
X-Fastcgi-Cache
X-Template
WPO-Cache-Message
X-Load-Cache
WPO-Cache-Status
X-XRDS-Location
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
X-FW-Server
Surrogate-Key
X-FW-Static
X-FW-Type
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Count-Hit
X-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-Hostname
X-Node-Name
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
Akamai-GRN
Refresh
X-Proxy
Healthy
X-Is-Bot
X-G
Uber-Trace-Id
X-Cache-Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Jobs
Content-Disposition
X-Rendered-As
X-Revision
X-UUID
X-Real-IP
X-Mobile
X-Zen-Fury
X-Cacheable-TTL
X-Framework
X-Akamai-Request-ID2
X-Cache-TTL-Remaining
Alternate-Protocol
X-Page-View
X-Proxy-Cache-Status
X-Adobe-Loc
X-Device-Type
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Adobe-Content
X-Http-Reason
X-Yottaa-Metrics
NGB
X-Debug-IsPreview
X-Yottaa-Optimizations
Access-Control-Request-Headers
X-Instance
Permissions-Policy
X-IPLB-Instance
X-Parallel-Accel
Url
X-Servername
From-Origin
X-Source
X-Cache-Rule
Version
X-COUNTRY
X-Cache-Grace
X-Vgn-Hpd-Reason
X-ECache
X-Varnish-Server
X-B3-Traceid
Accept-Language
X-Cache-Expired-At
X-Environment-Context
X-L-Path
X-Cache-Hit
X-Mg-Request-UUID
Referer-Policy
X-EdgeConnect-Cache-Status
X-NGENIX-Cache
X-Restarts
Countrycode
Ms-Operation-Id
MS-CV
X-RTag
X-Ratelimit-Remaining
X-App-Server
X-FW-Version
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Tumblr-Pixel-0
Liferay-Portal
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-HTML-Minification-Powered-By
X-NYM-Debug-Backend
Frame-Options
X-Cache-Action
Backend
X-ProcessESI
X-RemovedCookies
X-APP-VERSION
CF-IPCountry
Content-Secure-Policy
WP-Super-Cache
X-Nginx-Cache
X-OCL
X-UPSTREAM-Address
X-PCL
X-Hyper-Cache
Meta-Geo
Section-Io-Cache
Upgrade-Insecure-Requests
X-RN-RSRV
X-Cache-Server
X-Redis-Cache
Ec-Rule-Version
X-No-Session
Apigw-Requestid
X-Section
X-Access
X-Detected-As
X-Cache-Enabled
X-Generation-Time
X-Cluster-Node
Cache-Tv-Group
X-Format
X-FB-TRIP-ID
X-Ua
Azure-Version
Azure-SlotName
X-Origin-Date
X-Sql-Count
X-Storage
Azure-InstanceId
X-Content-Age
X-Sql-Duration-Ms
Azure-RegionName
Azure-SiteName
TWC-Device-Class
X-AOL-HN
X-Akamai-Edgescape
X-Say-TTL
X-SayCDN-TTL
X-ApacheServer
X-Say-Cacheable
X-Human
X-Generated-By
X-Be
Webcakes-Region
Webcakes-App-Version
X-Origin-Hint
TWC-Connection-Speed
Property-Id
Mn-Server-Ip
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-Server-W
X-Region
X-Varnish-Cache-Hits
X-Via-Fastly
X-Mode
Fastly-SSL
X-Request-Time
X-Uri
X-UA-Device-Type
X-Web-Node
X-PHP-Backend
X-PERF
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
X-Unique-Id
CDN-CachedAt
CDN-Cache
Webserver
X-Nginx-Cache-Key
X-Rule
S-Rt
X-Urbn-Site-Id
Eomportal-Instance
CDN-Uid
X-Site-Version
X-Urbn-Context-Path
CDN-RequestId
X-ProxyCache-Status
X-Cache-Host
X-Status
Locale
X-Cache-Tags
X-Xfnlog-Site
X-Hosted-By
X-Debug-Cache
X-Content-Powered-By
X-Platform-Server
X-BYPASS-REASON
X-ProxyCache-Key
X-Tid
X-ServerID
X-Adobe-Source
X-Cache-Type
X-Extlb
X-Proxied
X-JoinUs
X-TT-LOGID
X-Hl-Ver
X-Varnishpool
X-Zipkin-Id
X-Backend-Name
X-SaId
X-Routing-Service
X-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Handled-By
X-ShardId
X-Forwarded-Host
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
ServedBy
X-Webkit-CSP
X-Datadome
Selected-Fe
X-Proxy-Build
X-Timing-Wait
X-GG-Cache-Date
X-PHP-Host
X-Labrador-Cache-Channel
X-NewRelic-App-Data
X-Cache-Operation
X-Locale
X-Accel-Buffering
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Cache-Remote
X-Dc
X-VC-Cache
X-Rewrite-Enabled
X-LSADC-Cache
X-Ratelimit-Limit
Xserver
X-Soup
X-TA-CDN-Provider
X-Pubstack
X-Proto
Mime-Version
SID
Fastly-Drupal-Html
Web-Mar-Node
X-CDN-Forward
X-Midtier
X-Cached-By
X-Edge-Location
X-Buckets
X-GEO
X-Storefront-Renderer-Rendered
SRV
X-Cms-Context
Country-Code
X-Reqid
LB
Decoy-Debug-Key
Onion-Location
Decoy-Debug-TTL
X-Request-Host
Decoy-Debug-Status
X-Microcachable
X-Varnish-Hostname
X-App-Version
Load-Balancing
X-GeoCode
X-GeoCountry
Cache-Hits
X-Origin-TTL
X-Origin-CC
Server-Info
Xet-Cookie
X-Ms-Request-Id
X-Ms-Version
X-Cluster
X-Varnish-Hits
X-Tumblr-Pixel-3
X-SRV
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Magnolia-Registration
X-NCache
X-Air-Hostname
X-Bc-Bl
X-Air-Trace-Id
DynaTrace
X-CSRF-Token
X-Air-Source
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-SpanId
X-Envoy-Decorator-Operation
X-R9-Blue-Green-Version
Cache-Name
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Varnish-Beresp-Grace
X-Origin-Response-Time
X-Geo-Header
X-Gzip
Cdncip
X-Ftr-Request-Id
Mobile-Detection-Method
Cdnsip
X-From
X-A-Ccd
DB-Nickname
Cmstype
DCR-Decision-By
X-NAPM-TraceId
DCR-Processing-Time-Ms
X-LAGOON
Cmsid
X-A-Dcw
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-A-Dam
X-Hash
X-External-Request-Id
X-Connection-Hash
X-Conf
A
X-D
X-B-Cookie
X-Cache-Bucket
X-CF-Lambda-Version
X-Cache-Id
X-Cache-NE
X-Cdn-Srv
X-CF-Lambda-Fn
X-ARC
X-Destination
X-Esi-Check
X-Epic-Correlation-Id
X-A-Wwc
BehaviorPad-Version
X-A-Dgt
X-Ec-GeoHdr
X-Ec-Fail
X-Developer
X-Application
X-AK-Request-ID
X-Aed
X-Forwarded-Path
X-Orig-Expires
X-User
Sslversion
Lang
Rendered-Blocks
X-TrackingId
X-TIM-N
X-SRCache-Key
Surrogated-Key
X-NodeID
X-Tenant
X-Vdms-Path
X-Vdms-Version
X-Webstats-RespID
NM-Fastcgi-Cache
Meta-Geo-Continent
Xc-Version
X-Azure-Ref
Odigeo-Trace-Id
Pramga
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
T-Server
Host-ID
X-PAYTM-SRV-ID
X-Rojux
X-PBS-Appsvrname
X-Processor
Expiry
Fastcgi-X-Cache-Version
X-S
X-S-Cookie
X-Session-Fingerprint
X-ScT
X-SD-PageType
X-A
X-Shop-Environment
Source
X-Tx-Id
X-Cache-Backend
Wxu-Next-Region
Platform
Wxu-Next-Commit
Wxu-Next-Hostname
We-Hiring
Vix-Hermes-Req-Id
V-Age
State
User-Cache-Control
X-Amzn-Remapped-Content-Length
Server-Host
Web-Mar-Region
Svr
Producers
X-Block-Status
X-Gdpr
X-Scheme
X-SB
X-Server-IP
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-Planisys-CDN-TTL
X-Origin-Expires
X-Origin-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Viewer-Country
X-VG-TLSProxy
X-WADP-Cache
X-Wix-Viewer-Type
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-TNCMS
X-V-Cache
X-Variation
X-Varnish-CookieHashed-On
X-Origin
X-Nyt-Route
X-Device-Os
X-Developers
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Fastly-Cache
X-DefHash
X-DefElseHash
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Core-Mission
X-Core-Value
X-Fetched-On
X-Fmm-Version
X-Location
X-Loop
X-Mvc-Supplant-Cachable
X-Node-Id
X-JWT-State
X-Is-Gdpr
X-Gen-Mode
X-Has-Esi
X-Hnp-Log
X-Irp-Debug
X-Cache-Info
X-GeoIP
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Environment
CDN
Apple-News-Services-Host
Apple-News-Services-Handled
X-Time
Cache
Adler-Geo
AKAMAI
Is-Eu
Fastly-GeoIP-CountryCode
Memcached
Mail-Subject
Machine
X-Varnish-Ttl
X-Via-NSCOPI
X-ZONE
Origin-CC
X-Rebelmouse-Cache-Control
Origin
X-Rebelmouse-Surrogate-Control
X-Generated-On
X-Aicache-OS
X-Qloud-Router
X-Proxy-Cache-Info
X-Pool
Arc-Country
X-Proxy-Upstream
X-Auto-Login
Origin-EX
X-Response-By
X-Thinkindot-L3
X-Datadog-Parent-Id
X-Rocket-Nginx-Serving-Static
N-Cache
X-Skip-Cache
X-Slack-Backend
X-VServer
X-Datadog-Sampling-Priority
CloudFront-Viewer-Country
X-BBC-Edge-Cache-Status
X-Datadog-Trace-Id
X-Forwarded-Site
X-Branch-Name
X-Gamma-Serve
Cluster
Ssr
Kp-EeAlive
Gh-Request-Id
X-Minions-Version
TDXMobile
X-GeoIP-City
MD5-Digest
X-Men
Locid
Release
Req-Svc-Chain
X-Httpd
X-Loc
X-Level-Front-Cache
Redirect-Candidate
Thinkindot-CacheControl
X-Served-From
Fastly-SIE
Fastly-SWR
Fastcgi-Cache-TTL
X-Platform
X-Policy
X-Pod-Name
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Thinkindot-CacheControl-Type
X-Request-URI
Traceparent
Thinkindot-Control
X-Parent-Response-Time
X-Region-Sid
X-Optimistic-Header
X-Old-Content-Length
Ha-Gx-Prefs
X-Csrf-Jwt
X-Eu-Site
X-CGP
PFcat
L5d-Success-Class
X-HN
X-VarnishDD-TTL
NGX
X-Dispatcher-Number
X-CacheTTL
L
HA-Ipaddr
DSUID
X-Cache-Date
X-Sn-Servicetimems
HostName
X-TraceId
X-Cdn-Origin
CDCHOST
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-RPS
Sever-Int
X-SIPLIST1
X-Via-Ucdn
Server-Hostname
X-RSL
AMP-Access-Control-Allow-Source-Origin
X-EC-Lua
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Owner
X-Scale
X-RPM
X-NC
IsBot
Server-Ext
X-Refresh
X-DB
X-DSS
X-DI
X-DW
X-TIME
Env
X-VC
Memory
X-Tb-Optimization-Total-Bytes-Saved
X-Date
Time
X-Accel-Expires-Debug
X-CS
Pics-Label
X-IPLB-Request-ID
X-Srv
Ohc-File-Size
X-Edge-Pop
X-Mvc-Supplant-OutputCached
X-GeoIP-Region-Code
Servername
X-Ah-Environment
X-LB-NoCache
X-Tt-Logid
X-GeoIP-Country-Code
X-Newrelic-Synthetics
X-Akamai-Transformed
X-Udemy-Cache-App-Namespace
Ms-Author-Via
GEO-INFO
X-BCube-Filmed-By
X-Generated-In
X-Ad-Defer-Variation
Cache-Key
X-Wikidot-Static-Cache
X-Cache-Debug
X-Amz-Meta-Cb-Modifiedtime
Candidate-Md5Url
X-Wikidot-Backend
Datacenter
X-CACHE-KEY
VNS-Cache
GeoIp-Country-Code
CPC-Cache
X-API-Version
X-SplitTest
Geo-Info
X-Contensis-Viewer-Groups
XM
CPC-Age
VNS-Age
X-Cache-ASPX
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Source
X-Xrds-Location
Fusion-Content-Source
Fusion-Component-Id
X-Via-Popn
Fastly-Backend-Name
X-WA-Info
X-Via-Poph
X-Varnish-Authentication
CacheControlHeader
X-Servedbyhost
X-S-Maxage
ITXSESSIONID
X-Via-Popv
X-Cache-Status-Check
True-Client-Country-4JS
X-HA-Backend
X-Action
X-TH-Server
X-Micro-Cache
Path
Geoip-Latitude
X-Vc
X-RateLimit-Reset
X-VCL-Version
X-AIR-PT
X-Backend-TTL
X-Cs
Client
Lb
Server-ID
Cache-Host
Ohc-Cache-HIT
FSS-Cache
Hostname
X-Varnish-Beresp-TTL
X-VHOST
X-Trace-ID
X-DC
X-Req
True-Client-IP
Ngx.Var.Host
Edge-Cache
X-Provided-By
X-Presslabs-Stats
My-App
X-Api-Version
NtCoent-Length
X-Zone
X-Clientip
X-TX-ID
X-FireWall-Port
X-Origin-Upstream-Status
X-Dynatrace
X-Webkit-Csp-Report-Only
X-Proxy-CacheRZ
X-Pass-Why
X-Fpc
Powered-By
X-Up
XkeyRZ
X-NGINX-Cache
DataCenter
X-LB-ID
X-Varnish-Beresp-Ttl
X-FPC
X-B3-Spanid
X-PX
X-CSRF-TOKEN
X-Traceid
Test
Cf-Int-Pingora-Origin-Digest
X-MSEdge-Features
X-LI-UUID
X-Cdn-Request-ID
X-Li-Fabric
X-Li-Pop
X-Dmc
X-MSEdge-Flight
X-Correlation-ID
OT-Force-Account-Verify
Server-Id
X-HS-Status
X-Webkit-CSP-Report-Only
X-ND-Cache
X-Render-Time
X-INCAP-ABP
X-UnsetCookies
X-Beluga-Trace
X-Vcl-Version
X-Beluga-Status
X-Beluga-Response-Time
User-Agent
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Record
X-Ha-Backend
X-CUA
X-Via-PopH
Proxy-Connection
X-Via-PopV
X-Via-PopN
Rip
C-Via
X-Time-Microsecs
WZWS-RAY
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
Sid
X-Gateway-Cache-Status
Cf-Device-Type
Srvid
X-Platform-Processor
Click-Count-Error
X-Platform-Cluster
Tube-Return
X-RAMCache
X-ServedByHost
Click-Count-Action-Start
Tube-Get-Contents
Tube-Got-Eval
X-Fragments
X-Gateway-Cache-Key
X-Platform-Router
Target-Params
Tube-Got-Results
X-Alfa-Service
Tracecode
X-URL
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Service
X-Geo
X-Azure-Ref-OriginShield
GeoIP-Country-Code
X-Fastly-Backend
X-ATG-Version
X-Var-Ttl
X-Sucuri-ID
X-Sucuri-Cache
X-FC-Vary-Parameters
Uri
HIT
GeoIP-Latitude
Resin-Trace
Esi-Enabled
Lfy
X-Akamai-Pragma-Client-IP
MIME-Version
X-Hcs-Proxy-Type
X-Qnm-Cache
X-CCDN-Origin-Time
X-Fetch-By
X-CCDN-CacheTTL
X-Proxy-Cache-Hk
Epwk-X-Cache
On-Server
X-LI-Proto
X-M-Reqid
X-M-Log
Srv
X-LiteSpeed-Cache-Control
X-Fastly-Backend-Reqs
X-Cdn-Forward
Fastly-Drupal-HTML
X-TRACE-ID
ENV
X-Backend-Host
X-Li-Proto
Magicmarker
X-DynaTrace-JS-Agent
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
Cdn
X-Esi
X-ID
X-App
Section-Io-Id
X-Backend-State
XServer
X-Lb-Nocache
ServerName
Section-Io-Origin-Status
X-Cache-Expires
X-Edge-POP
X-APP
Section-Io-Origin-Time-Seconds
X-B3-Traceid-Primal
Section-Origin-Responded
X-MG-S
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Tcn
X-ElasticPress-Query
Inserted-Into-Cache-At
CF-Cached-On
X-Cache-CFC
X-Newrelic-App-Data
X-Request-Start
Server-Ttl
X-Yottaa-OS
PICS-Label
D-Url-Rewrites
X-Vercel-Cache
X-Vercel-Id
Wpo-Cache-Status
X-Vcache
X-Iplb-Request-Id
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Iplb-Instance
X-Thanos
X-BBC-Origin-Response-Status
X-Bip
Wpo-Cache-Message
Cf-Ipcountry
X-Nc
X-Acquia-Site
X-Serial
Warning
Servedby
X-HostName
Fastcgi-Cache-Ttl
X-Dw-Trace-Id
CountryCode
X-Th-Server
X-Fastly-Cache-Hits
X-Back
X-Akamai-Request-ID
Content-Script-Type
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Storefront-Renderer-Verified
X-CF-Powered-By
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Litespeed-Cache-Control
X-Request-URL
Ngx
Cneonction
X-B3-Parentspanid
Content-Style-Type
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Tag
X-Swift-Error
X-Release
X-Request-Url
X-Dist-Code
X-Snapshot-Date