Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Device
X-Dispatcher
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-Ruxit-JS-Agent
Rating
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Country
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
X-PC
X-TtlSet
X-Vname
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Server-Name
X-FastCGI-Cache
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Aws-Lambda-Call-Status
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-ORACLE-DMS-ECID
X-Cnection
X-ORACLE-DMS-RID
X-Px
RTSS
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
Accept-Ch
X-Origin-Cache
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
AR-SID
X-Powered-CMS
AR-Request-ID
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Version
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
X-TTL
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Protected-By
X-RateLimit-Remaining
TCN
X-T
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
S
Content-MD5
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-CST
X-Mid
SPRequestDuration
Front-End-Https
SPIisLatency
Realpath
X-Language
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Pinterest-Generated-By
Filters
X-Pinterest-Rid
Pinterest-Version
Server-Node
X-Ttl
X-MCACHE
Server-Name
X-Ua-Browser
X-Ab
X-Content
X-Frontend
X-DynaTrace
X-Correlation-Id
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-ECACHE
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Ser
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
X-Template
X-Hits
X-Parallel-Accel
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Deployment-Id
X-Cache-Key
Alternate-Protocol
Fusion-Source
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Kong-Upstream-Latency
X-Content-Options
X-Kong-Proxy-Latency
Cache-Tags
X-Page-Id
Charset
Host
X-B3-Sampled
Cleartype
X-Fastly-Request-Id
X-Www-Served-By
X-Git-Hash
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Daa-Tunnel
X-Webkit-CSP
X-Amzn-Trace-Id
X-Content-Digest
X-Ratelimit-Limit
X-Amz-Replication-Status
X-Varnish-Age
Filterid
X-Accel-Expires
X-Activity-Id
X-Az
X-AppVersion
X-Hostname
X-Forwarded-Proto
X-VCache
X-FB-Debug
X-Upgrade-Enabled
X-Grace
TP-Cache
TP-L2-Cache
X-Origin-Server
X-Rid
Cross-Origin-Opener-Policy
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-N
ServerID
X-F-Cache
X-XRDS-LOCATION
X-Nginx-Upstream-Cache-Status
X-LB-Cache
X-Mobile-URL
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Flags
X-Route-Name
X-Request-Guid
X-Whom
X-TT
X-Varnish-Grace
Viewport
X-App-Environment
X-Seen-By
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Tb
X-Type
X-Goog-Metageneration
X-Goog-Storage-Class
X-FW-Server
X-FW-Dynamic
X-FW-Hash
X-FW-Static
Node
X-Distributor
Payment
X-FW-Serve
X-FW-Type
X-Server-ID
DC
Paypal-Debug-Id
X-User-Agent
X-App-Server
Fastcgi-Useragent
Country
X-Oneagent-Js-Injection
Accept-Charset
X-NGENIX-Cache
X-Wix-Request-Id
X-Cache-Control
X-Origin-Upstream-Status
X-DataDome
X-Cache-Rule
X-Litespeed-Cache
X-Logged-In
Version
X-Request-Handler-Origin-Region
X-Microsite
X-Via-JSL
X-Drupal-Cache-Tags
Referer-Policy
X-Cache-Age
X-Ratelimit-Reset
X-Cluster-Name
X-Load-Cache
X-B-Cache
Refresh
X-Signature
X-Varnish-Backend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Cache-Status
X-Contextid
VIX-Pulpo-Upstream-Status
X-Buckets
X-Original-Request-Id
Amp-Access-Control-Allow-Source-Origin
VIX-Pulpo-Node
X-Response-Served-From
SD-X-WS
X-Real-IP
X-Vgn-Hpd-Reason
X-Mobile
X-Tec-Api-Root
X-Node-Name
X-Rendered-As
X-Tec-Api-Version
X-Is-Bot
X-Tec-Api-Origin
X-Page-View
X-Cache-Expired-At
X-B
Access-Control-Request-Headers
X-Jobs
NGB
X-Cacheable-TTL
X-Proxy-Cache-Status
X-Debug
X-ProcessESI
X-Revision
X-Rule
X-UUID
X-Proxy
X-IPLB-Instance
X-Yottaa-Metrics
X-Device-Type
X-RemovedCookies
X-Yottaa-Optimizations
X-Instance
Surrogate-Key
X-Fastly-Request-ID
X-Cache-Action
Akamai-GRN
X-Drupal-Cache-Contexts
X-Cache-Time
X-Debug-IsPreview
X-Debug-IsConnected
X-Framework
X-FW-Version
X-Fastcgi-Cache
X-G
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
CF-IPCountry
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
DynaTrace
X-Oracle-Dms-Rid
X-Azure-Ref
X-XRDS-Location
SID
Liferay-Portal
X-Oracle-Dms-Ecid
X-Presslabs-Stats
GEO-INFO
X-PressLabs-Stats
X-Source
X-Accel-Buffering
X-Ms-Request-Id
X-Ms-Version
Count-Hit
Uber-Trace-Id
Frame-Options
X-Nginx-Cache
Healthy
MS-CV
X-APP-VERSION
X-Cache-Operation
X-CDN-Forward
Ms-Operation-Id
X-RTag
X-EdgeConnect-Cache-Status
X-Cache-NGX
X-Zen-Fury
Xserver
Countrycode
X-L-Path
X-Cache-Hit
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Environment-Context
X-Tumblr-User
X-Varnish-Server
X-Tumblr-Pixel-1
X-Mode
X-Backend-Name
Cross-Origin-Window-Policy
Ec-Rule-Version
Protected
X-IPS-LoggedIn
X-Servername
X-Region
X-Forwarded-Host
X-Tid
X-Rewrite-Enabled
X-RN-RSRV
X-Cache-TTL-Remaining
X-SaId
Backend
X-JoinUs
Meta-Geo
X-Content-Powered-By
X-UPSTREAM-Address
X-Detected-As
X-Adobe-Loc
X-Adobe-Content
X-Cache-Server
X-Sql-Count
Apigw-Requestid
X-Uri
X-Extlb
X-Ratelimit-Remaining
X-Generation-Time
X-Proxied
X-Redis-Cache
X-Routing-Service
X-Debug-Cache
X-Sql-Duration-Ms
Decoy-Debug-TTL
Country-Code
X-Zipkin-Id
Decoy-Debug-Key
Decoy-Debug-Status
X-Hyper-Cache
X-Cache-Grace
X-Hosted-By
Cache-Name
X-NCache
X-Origin-Date
X-PERF
X-PHP-Backend
X-Human
X-ServerID
X-ShopId
X-Format
X-Via-Fastly
X-FB-TRIP-ID
X-Alternate-Cache-Key
X-No-Session
Mn-Server-Ip
Fastly-SSL
X-Shopify-Stage
X-ApacheServer
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Eomportal-Instance
X-ShardId
Url
Section-Io-Cache
Webcakes-Region
X-UA-Device-Type
X-Access
X-Site-Version
X-Storage
Webcakes-App-Name
X-Akamai-Edgescape
TWC-Privacy
TWC-Connection-Speed
Selected-Fe
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-BYPASS-REASON
X-Cache-Host
X-Varnish-Beresp-Grace
X-PCL
X-Origin-Hint
X-Proxy-Build
X-ProxyCache-Key
X-Pubstack
X-ProxyCache-Status
X-OCL
X-NYM-Debug-Backend
X-Timing-Wait
X-Cluster-Node
X-Cache-Type
X-NewRelic-App-Data
X-Server-W
X-Microcachable
X-Section
Cache-Tv-Group
Webcakes-App-Version
X-Status
X-Content-Age
X-Say-Cacheable
WPO-Cache-Status
WPO-Cache-Message
X-SayCDN-TTL
X-Web-Node
X-R9-Blue-Green-Version
X-Say-TTL
LB
X-Varnishpool
X-Hl-Ver
CDN-CachedAt
Azure-RegionName
Azure-InstanceId
CDN-Cache
X-RateLimit-Limit
X-Be
Azure-SiteName
Content-Secure-Policy
CDN-RequestCountryCode
X-Soup
DB-Nickname
CDN-Uid
CDN-RequestId
Azure-Version
X-TIME
Azure-SlotName
CDN-PullZone
CDN-EdgeStorageId
X-Ua
X-Generated-By
X-Azure-Ref-OriginShield
Content-Disposition
X-Trace-Id
X-LSADC-Cache
OT-Force-Account-Verify
SRV
X-Webkit-Csp
X-SRV
X-Nginx-Cache-Key
X-Dc
Source
X-Bc-Bl
X-Cached-By
X-Unique-Id
Cache
Retry-After
X-TT-LOGID
X-LAGOON
X-Auto-Login
X-Origin-CC
X-Origin-TTL
X-Cache-Remote
X-Platform-Server
X-Varnish-Hits
Xet-Cookie
Cache-Hits
Mime-Version
X-HTML-Minification-Powered-By
X-App-Version
X-Loop
X-Xfnlog-Site
X-Varnish-Hostname
X-Akamai-Transformed
X-GEO
X-TNCMS
Onion-Location
X-S-Maxage
X-Cache-Tags
ServedBy
X-Amz-Meta-S3cmd-Attrs
X-Cdn
HostName
Web-Mar-Node
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
Webserver
X-CSRF-Token
X-Request-Time
X-Proto
X-CLOUD-TRACE-CONTEXT
X-EC-Lua
From-Origin
X-AOL-HN
X-Time
N-Cache
WP-Super-Cache
X-Tenant
X-Endurance-Cache-Level
X-Request-Host
X-Cache-Var-Map
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-Cache-Var
X-ECache
X-Time-Microsecs
X-GG-Cache-Date
X-FireWall-Port
X-B3-SpanId
X-Edge-Location
X-Cache-Enabled
X-Origin-Response-Time
X-Mg-Request-UUID
X-Handled-By
BehaviorPad-Version
DCR-Decision-By
Surrogated-Key
DCR-Processing-Time-Ms
A
Expiry
Pramga
Sslversion
Redirect-Candidate
Odigeo-Trace-Id
Mobile-Detection-Method
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Rendered-Blocks
X-Destination
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Processor
X-Rojux
X-S
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-NAPM-TraceId
X-Ig-Push-State
X-ND-Cache
X-Orig-Expires
X-PAYTM-SRV-ID
X-S-Cookie
X-ScT
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Path
X-V-Cache
X-Session-Fingerprint
X-SD-PageType
X-Shop-Environment
X-SRCache-Key
X-TIM-N
X-Hnp-Log
X-Gen-Mode
X-Aicache-OS
X-Aed
X-Application
X-ARC
X-B-Cookie
X-A-Wwc
X-A-Dcw
Vix-Hermes-Req-Id
V-Age
X-A
X-A-Ccd
X-A-Dam
X-Block-Status
X-Cache-NE
X-Developer
X-D
X-External-Request-Id
X-Forwarded-Path
X-Ftr-Request-Id
X-Connection-Hash
X-Conf
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cluster
User-Cache-Control
X-A-Dgt
CloudFront-Viewer-Country
X-Correlation-ID
X-PHP-Host
X-NWS-UUID-VERIFY
Nel
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-Via-NSCOPI
X-MP-GENERATED-AT
Origin
X-Origin-Expires
X-Old-Content-Length
X-Cdn-Srv
CacheControlHeader
X-Origin-Time
Arc-Country
X-Webstats-RespID
X-Hash
Gh-Request-Id
X-Owner
X-Nyt-Route
CDCHOST
Fastcgi-Cache-TTL
Cmstype
X-Mvc-Supplant-Cachable
X-Men
X-Location
DSUID
X-Li-Pop
X-NodeID
X-Li-Fabric
X-Geo-Header
Cmsid
X-LI-UUID
X-Policy
X-Sucuri-ID
X-SVT-ORM-RULES
X-Sucuri-Cache
X-Magnolia-Registration
X-Accel-Expires-Debug
X-Slack-Backend
X-SVT-ORM-VERSION
True-Client-Country-4JS
Wxu-Next-Commit
X-Date
Wxu-Next-Hostname
Wxu-Next-Region
X-Zone
X-Epic-Correlation-Id
AKAMAI
X-Server-IP
X-Adobe-Source
Host-ID
X-Reqid
State
X-Cache-Bucket
X-Proxy-Upstream
X-Fastly-Cache
X-RCS-CacheZone
X-Forwarded-Site
X-Viewer-Country
X-Scheme
X-Request-URI
X-Gdpr
Svr
X-M-Reqid
X-M-Log
Server-Info
Fastly-Drupal-Html
Environment
X-Qnm-Cache
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-CACHE-KEY
Web-Mar-Region
X-Datadog-Trace-Id
X-Csrf-Jwt
X-Backend-State
X-Cache-Date
X-Cache-Debug
X-Cache-Info
X-Branch-Name
X-Core-Mission
X-Bip
X-Core-Value
X-CGP
X-Level-Front-Cache
X-Request-Start
X-Rocket-Nginx-Serving-Static
X-Served-From
X-Req
X-VServer
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-VG-TLSProxy
X-Skip-Cache
X-Varnish-Beresp-Status
X-VarnishDD-TTL
X-UnsetCookies
X-TrackingId
X-TH-Server
X-Thanos
X-Platform
X-Backend-TTL
X-Fastly-Backend
X-Fetched-On
AMP-Access-Control-Allow-Source-Origin
X-Eu-Site
X-Esi-Check
X-Device-Os
X-Envoy-Decorator-Operation
X-Generated-On
X-GeoIP
X-Irp-Debug
We-Hiring
X-HS-Content-Campaign-Id
X-HN
X-GeoIP-City
X-Gzip
X-Developers
X-Cache-Id
Locid
Machine
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
Mail-Subject
Ssr
PFcat
Release
Origin-EX
Origin-CC
Server-Host
Traceparent
L
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Locale
X-VC-Cache
Cf-Device-Type
NM-Fastcgi-Cache
X-Rebelmouse-Surrogate-Control
X-Origin
X-Region-Sid
X-DPWN-IS-SECURE
X-Response-By
Platform
X-Worker
X-Rocket-Build-Number
X-NU-AKA-ACS-Version
X-Node-Id
X-DefElseHash
Memcached
Fastly-SWR
X-Has-Esi
Fastly-SIE
Fastly-GeoIP-CountryCode
X-Is-Gdpr
X-Qloud-Router
X-Pod-Name
Adler-Geo
X-GeoIP-Country-Code
X-JWT-State
X-FC-Vary-Parameters
X-GeoIP-Region-Code
Is-Eu
X-Gamma-Serve
X-Rebelmouse-Cache-Control
X-DefHash
X-Storefront-Renderer-Rendered
TDXMobile
X-Sn-Servicetimems
X-Amzn-Remapped-Content-Length
X-Sigma
Thinkindot-CacheControl
X-Thinkindot-L3
Thinkindot-CacheControl-Type
X-ATG-Version
X-BBC-Edge-Cache-Status
Thinkindot-Control
X-Variation
X-Sigma-Backend
X-Varnish-CookieHashed-On
Req-Svc-Chain
X-Cdn-Origin
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Xrds-Location
X-Mvc-Supplant-OutputCached
NGX
X-Loc
X-Tx-Id
S-Rt
X-Ua-Device
X-NC
X-Cache-Config
Magicmarker
X-Varnish-Beresp-Ttl
X-CS
X-API-Version
X-TraceId
X-LB-ID
CDN
X-Up
X-Generated-In
X-Restarts
X-Http-Reason
Pics-Label
X-Akamai-Request-ID2
X-Datadome
X-Trace-ID
Datacenter
Time
X-Tt-Logid
Memory
Ms-Author-Via
Kp-EeAlive
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-RPM
Edge-Cache
X-RSL
Candidate-Md5Url
X-RPS
X-Optimistic-Header
X-Cache-Backend
X-DSS
X-DW
Env
X-Wix-Viewer-Type
X-LB-NoCache
X-DB
X-Edge-Pop
X-DI
X-Vc
Accept-Language
GeoIp-Country-Code
X-Varnish-Ttl
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Refresh
X-Action
WebServer
X-DynaTrace-JS-Agent
X-Minions-Version
On-Server
WWW-Authenticate
X-DC
Esi-Enabled
X-TA-CDN-Provider
X-CacheTTL
X-Parent-Response-Time
X-HA-Backend
X-Cs
X-Esi
X-Servedbyhost
X-Varnish-Beresp-TTL
X-Urbn-Context-Path
X-Dynatrace
Locale
X-Srv
X-Urbn-Site-Id
X-TX-ID
X-MSEdge-Features
C-Via
X-Service
X-Unique-ID
X-MSEdge-Flight
X-Newrelic-Synthetics
X-Ec-GeoHdr
X-Cache-PHP
X-Ec-Fail
X-User
Server-ID
X-ZONE
X-VCL-Version
X-App
X-LI-Proto
X-Cache-Ttl
X-Cache-Status-Check
X-Render-Time
X-LiteSpeed-Cache-Control
X-Li-Proto
X-URL
X-Fpc
Cdnsip
X-Webkit-Csp-Report-Only
Test
X-AK-Request-ID
X-FPC
Cdncip
X-Pass-Why
X-Traceid
X-Fmm-Version
X-Clara-WADP
X-B3-Spanid
X-WADP-Cache
Geoip-Latitude
X-Vcl-Version
Cluster
My-App
X-Webkit-CSP-Report-Only
Geo-Info
X-NODE
Proxy-Connection
X-Var-Ttl
X-CUA
Resin-Trace
Server-Id
Tracecode
X-Mcache
T-Server
Lfy
M-TraceId
X-From
X-AIR-PT
X-Info
X-CSRF-TOKEN
Tcn
X-Clientip
X-LiteSpeed-Tag
Cache-Host
UCS
X-Oss-Server-Time
Hostname
X-Oss-Request-Id
X-Oss-Storage-Class
Lang
X-Fragments
X-Oss-Hash-Crc64ecma
X-Ha-Backend
HIT
X-Oss-Object-Type
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
S-Cnection
DataCenter
X-ServedByHost
Target-Params
X-Geo
X-ID
X-Via-PopN
GeoIP-Country-Code
Hit
X-Via-PopH
X-Via-PopV
X-WP-CF-Super-Cache-Cache-Control
Ohc-File-Size
X-NGINX-Cache
X-Pad
X-RAMCache
X-COUNTRY
X-WP-CF-Super-Cache
X-HostName
X-VC
X-Dynatrace-Js-Agent
Fastly-Backend-Name
MIME-Version
X-Edge-POP
X-Cdn-Forward
X-ElasticPress-Query
X-Micro-Cache
User-Agent
ENV
X-Backend-Host
X-BBC-Origin-Response-Status
Section-Origin-Responded
X-Httpd
X-Proxy-Cache-Info
X-Release
X-Edge-Cache
X-Api-Version
Permissions-Policy
Section-Io-Origin-Time-Seconds
Load-Balancing
Section-Io-Id
X-Check-Cacheable
Section-Io-Origin-Status
X-Ucs
X-Fastly-Backend-Reqs
WZWS-RAY
X-Lb-Nocache
Producers
X-ServerName
Servername
X-HS-Status
X-BCube-Filmed-By
X-APP
X-Provided-By
URI
X-UP
X-Cache-CFC
X-SB
EpKe-Alive
ServerName
Uri
X-Lb-Id
PICS-Label
FSS-Cache
X-GoCache-CacheStatus
Sid
X-TRACE-ID
Lb
X-Platform-Processor
X-Platform-Router
X-Udemy-Cache-App-Namespace
X-Swift-Error
Server-Ttl
X-RateLimit-Reset
X-Pool
Cache-Key
CPC-Age
X-Platform-Cluster
CPC-Cache
X-Cdn-Request-ID
Path
X-B3-ParentSpanId
VNS-Age
Cteonnt-Length
VNS-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Nc
Ohc-Cache-HIT
X-WA
Cdn
X-Fastly-Cache-Hits
X-WA-Info
Cneonction
X-Dw-Trace-Id
X-Wikidot-Backend
X-Snapshot-Date
Shield-Pop
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-ES-SERVER
X-Wikidot-Static-Cache
X-Cache-ASPX
X-Akamai-Request-ID
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Contensis-Viewer-Groups
X-Ec-Custom-Error
X-Newrelic-App-Data
X-Acquia-Site
X-Scale
CF-Cached-On
Vha6-Origin
Cf-Ipcountry
X-Vcache
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Yottaa-OS
X-Air-Pt
X-Cache-Ngx
X-SIPLIST1
X-Cache-Expires
X-Shopify-Generated-Cart-Token
X-PJAX-URL
IsBot
X-Http-Duration-Ms
X-CacheKey
X-Sentry-ID
Pagetype
X-UA
Req-ID
X-Akamai-Pragma-Client-IP
Ngx
X-Logging-Id
X-Te-Count
X-Te-Duration-Ms
CountryCode
X-Http-Count
X-Cms-Context
X-Varnish-Authentication
X-Last-Modified