Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Akamai-Path-Stats
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Ua-Compatible
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-UA-Device
Host-Header
X-Proxy-Cache
X-Hacker
X-Rq
Grace
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-LiteSpeed-Cache
X-Amz-Version-Id
Allow
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-CST
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Cache-Lookup
X-Response-Time
X-HW
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Url
X-Country
Accept-Ch
Fastly-Restarts
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-Vname
X-PC
X-TtlSet
X-Amz-Server-Side-Encryption
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-FastCGI-Cache
X-ESI
X-Server-Name
Cache-Tag
X-Edge
X-Vcap-Request-Id
X-Content-Type
X-B3-TraceId
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Dw-Request-Base-Id
X-Px
X-Amz-Rid
X-ASPNET-VERSION
Public-Key-Pins
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Content-Security-Policy-Report-Only
X-Powered-By-Plesk
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Ac
X-Abt-Application-Version
Verso
X-Client-IP
X-Element-Page-Cache
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Ttl
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
Response
X-Middleton-Response
X-Goog-Hash
X-Cached
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
X-Kinsta-Cache
SPRequestGuid
X-SharePointHealthScore
X-Edge-Location-Klb
AR-Request-ID
X-Powered-CMS
AR-PoweredBy
AR-SID
AR-ATIME
AR-CACHE
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Upstream
X-Correlation-Id
X-LLID
Edge-Cache-Tag
X-WebKit-CSP-Report-Only
X-Forwarded-For
X-NWS-LOG-UUID
Content-MD5
X-Litespeed-Cache
X-TTL
X-Cache-Key
X-Id
X-ECACHE
X-Ruxit-Js-Agent
Nginx-Cache
X-RateLimit-Limit
X-Shield-Request-Id
TCN
X-MSEdge-Ref
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Recruiting
MRF-Tech
S
Mrf-Cache-Status
X-T
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Content-Digest
X-Mg-S
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ua-Device
TP-L2-Cache
TP-Cache
X-Grace
X-DataDome
X-Accel-Expires
X-DynaTrace
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Protected-By
Front-End-Https
Server-Node
MicrosoftSharePointTeamServices
Filters
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
X-Content
X-Ab
X-Distributor
X-Mcache
X-Origin-Server
X-PressLabs-Stats
X-Hits
Fastcgi-Cache
X-LB-Cache
X-ORACLE-DMS-ECID
X-Geo-Country
MS-Author-Via
X-ORACLE-DMS-RID
X-Microsite
X-Request-Handler-Origin-Region
X-Mid
Charset
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
Host
X-Webkit-Csp
X-Page-Id
Cleartype
Cache-Status
X-B3-Sampled
X-Forwarded-Proto
X-Git-Hash
Cross-Origin-Opener-Policy
X-F-Cache
Realpath
X-Debug-Info
X-Seen-By
X-Cache-Age
X-Az
X-AppVersion
X-Activity-Id
X-DIS-Request-ID
Access-Control-Allow-Method
X-Ratelimit-Reset
X-Nginx-Upstream-Cache-Status
Accept-Charset
X-Www-Served-By
X-Fastly-Request-Id
Permissions-Policy
X-Webkit-CSP
Filterid
X-Server-ID
X-Aspnetmvc-Version
Cache-Tags
ServerID
X-Varnish-Age
X-Content-Options
X-Cluster-Name
X-Rid
X-FB-Debug
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Type
Retry-After
Server-Name
X-Midtier
X-App-Environment
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Backend
X-Varnish-Grace
X-Aspnet-Duration-Ms
X-Flags
X-Tb
X-B
X-User-Agent
X-Is-Crawler
Country
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Signature
X-Whom
X-Drupal-Cache-Tags
X-B-Cache
X-TT
Viewport
X-Wix-Request-Id
DC
Paypal-Debug-Id
X-VCache
X-Origin-Cache
X-Goog-Metageneration
X-Goog-Generation
Node
X-Goog-Storage-Class
X-Oneagent-Js-Injection
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Language
Fastcgi-Useragent
X-Oracle-Dms-Ecid
X-Debug
X-Upgrade-Enabled
X-Oracle-Dms-Rid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NWS-UUID-VERIFY
X-Mobile-URL
X-Logged-In
Protected
X-Amz-Replication-Status
X-Cache-NGX
Payment
Amp-Access-Control-Allow-Source-Origin
X-N
X-Load-Cache
Surrogate-Key
X-MCACHE
WPO-Cache-Message
X-Cache-Control
WPO-Cache-Status
Count-Hit
X-XRDS-LOCATION
Alternate-Protocol
X-XRDS-Location
X-Contextid
Healthy
X-NGENIX-Cache
X-Restarts
X-Node-Name
X-Mobile
X-Via-JSL
X-Proxy
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
Content-Disposition
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Jobs
Akamai-GRN
Refresh
Url
X-G
X-Adobe-Content
X-Adobe-Loc
X-Real-IP
X-Zen-Fury
Uber-Trace-Id
X-Cache-Time
X-UUID
X-Servername
X-Akamai-Request-ID2
X-Page-View
X-Revision
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Framework
X-Http-Reason
X-Cache-TTL-Remaining
X-Mg-Request-UUID
X-Rendered-As
X-Varnish-Server
X-Is-Bot
X-Device-Type
X-Cacheable-TTL
X-Debug-IsConnected
X-Debug-IsPreview
X-Proxy-Cache-Status
X-Drupal-Cache-Contexts
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Grace
Access-Control-Request-Headers
X-Instance
X-Environment-Context
X-L-Path
X-Datadome
NGB
X-HTML-Minification-Powered-By
X-Hostname
Frame-Options
X-Ratelimit-Remaining
X-Template
Version
X-IPLB-Instance
X-Fastly-Request-ID
X-EdgeConnect-Cache-Status
X-Source
Referer-Policy
X-ECache
X-B3-Traceid
X-RTag
Ms-Operation-Id
MS-CV
Liferay-Portal
Accept-Language
Countrycode
X-NYM-Debug-Backend
X-App-Server
X-Cache-Rule
X-Trace-Id
X-Cache-Expired-At
X-Cache-Hit
Cross-Origin-Window-Policy
From-Origin
X-Tumblr-User
Backend
X-Tumblr-Pixel-0
X-Hosted-By
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Nginx-Cache
X-Vgn-Hpd-Reason
X-Unique-Id
X-IPS-LoggedIn
X-APP-VERSION
X-COUNTRY
X-ProcessESI
X-RemovedCookies
X-Status
X-Ratelimit-Limit
X-UPSTREAM-Address
X-FW-Version
Section-Io-Cache
WP-Super-Cache
Load-Balancing
X-Cache-Server
Upgrade-Insecure-Requests
Meta-Geo
X-RN-RSRV
X-OCL
X-FB-TRIP-ID
Content-Secure-Policy
X-LJ-Flow-ID
X-No-Session
X-AWS-Id
X-VWS-Id
X-PCL
S-Rt
X-Request-Time
X-Content-Powered-By
X-Section
X-Be
X-Access
X-Via-Fastly
X-Content-Age
X-Region
X-Sql-Count
Mn-Server-Ip
X-Redis-Cache
X-Origin-Date
X-Ua
Apigw-Requestid
X-PHP-Backend
CF-IPCountry
X-AOL-HN
X-Cache-Enabled
X-Labrador-Cache-Channel
X-PHP-Host
X-UA-Device-Type
X-Sql-Duration-Ms
X-Akamai-Edgescape
X-Mode
X-Platform-Server
X-PERF
X-Nginx-Cache-Key
X-ProxyCache-Key
X-ProxyCache-Status
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Human
X-Generated-By
X-BYPASS-REASON
X-ApacheServer
X-Adobe-Source
Locale
X-Cache-Tags
X-Cms-Context
X-Forwarded-Host
X-Format
X-Debug-Cache
X-Site-Version
X-Storage
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
Webcakes-Region
X-Cluster-Node
X-Varnish-Cache-Hits
X-Server-W
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Uri
X-Urbn-Site-Id
X-Urbn-Context-Path
X-VC-Cache
X-Xfnlog-Site
TWC-Device-Class
TWC-Connection-Speed
Property-Id
Eomportal-Instance
TWC-Privacy
X-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-GeoCountry
X-Hl-Ver
X-GeoCode
X-GG-Cache-Date
X-Extlb
X-JoinUs
X-Detected-As
X-Storefront-Renderer-Rendered
X-Edge-Location
X-Varnishpool
X-Web-Node
X-Routing-Service
X-SaId
X-Tid
X-ServerID
X-Proxied
X-Zipkin-Id
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Fastly-SSL
X-Cache-Type
X-Cache-Host
X-NewRelic-App-Data
X-Locale
X-Generation-Time
X-Proto
X-Backend-Name
X-Handled-By
X-Proxy-Build
X-Timing-Wait
Webserver
Selected-Fe
CDN-RequestId
CDN-RequestCountryCode
X-CDN-Forward
CDN-PullZone
CDN-Uid
ServedBy
CDN-EdgeStorageId
CDN-Cache
Cache-Tv-Group
CDN-CachedAt
Ec-Rule-Version
X-Dc
Fastly-Drupal-Html
X-App-Version
Web-Mar-Node
Onion-Location
X-LSADC-Cache
X-IPLB-Request-ID
X-GEO
X-Cache-Action
X-Magnolia-Registration
X-Varnish-Hostname
Cache-Hits
X-Cached-By
X-Tt-Logid
SID
X-Envoy-Decorator-Operation
X-Cache-Operation
Mime-Version
X-Air-Hostname
X-Air-Source
X-Hyper-Cache
X-Cache-Remote
SRV
X-Cluster
X-Air-Trace-Id
X-Varnish-Hits
LB
X-Fastcgi-Cache
X-Rewrite-Enabled
X-Cdn
X-SRV
X-Origin-TTL
X-Origin-CC
X-Soup
X-Rule
Xet-Cookie
X-Parallel-Accel
Cache
DB-Nickname
Xserver
X-Microcachable
Server-Info
Source
X-Reqid
X-Accel-Buffering
X-MP-GENERATED-AT
X-Pubstack
X-Xrds-Location
Country-Code
X-TA-CDN-Provider
X-Tumblr-Pixel-2
X-Via-NSCOPI
X-Buckets
X-CSRF-Token
X-Tumblr-Pixel-3
X-Skip-Cache
X-Tx-Id
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Cache-Status-Check
X-Endurance-Cache-Level
X-Request-Host
X-TT-LOGID
X-B3-SpanId
X-Origin-Response-Time
MD5-Digest
X-Forwarded-Path
X-ARC
X-External-Request-Id
X-Ig-Push-State
A
NM-Fastcgi-Cache
X-Geo-Header
Mobile-Detection-Method
X-Cache-NE
X-Application
X-B-Cookie
X-Hash
Odigeo-Trace-Id
BehaviorPad-Version
Cdncip
Cdnsip
X-Ec-GeoHdr
Candidate-Md5Url
X-PAYTM-SRV-ID
DynaTrace
X-Ec-Fail
X-PBS-Appsvrname
Rendered-Blocks
X-CF-Lambda-Fn
Cache-Key
X-NAPM-TraceId
Pramga
X-BCube-Filmed-By
X-Epic-Correlation-Id
X-Orig-Expires
X-Processor
X-Cdn-Srv
X-S
X-A
X-A-Ccd
Expiry
X-VG-WebCache
X-SplitTest
X-AK-Request-ID
X-Session-Fingerprint
X-A-Dcw
X-SD-PageType
X-Vtex-Remote-Cache
X-A-Dam
X-Vtex-Processado-Em
X-SRCache-Key
X-CF-Lambda-Version
X-Vdms-Path
X-User
X-Connection-Hash
X-Conf
Host-ID
X-TrackingId
X-TIM-N
X-Vdms-Version
Fastcgi-X-Cache-Version
X-Tenant
X-D
X-ScT
X-Shop-Environment
X-Amz-Apigw-Id
X-A-Wwc
T-Server
X-Amzn-RequestId
Surrogated-Key
Datacenter
Cmstype
Cmsid
Sslversion
X-Aed
XM
X-Developer
X-A-Dgt
X-S-Cookie
X-Destination
DCR-Processing-Time-Ms
Meta-Geo-Continent
Xc-Version
Lang
DCR-Decision-By
X-Rojux
X-Azure-Ref
X-Newrelic-Synthetics
X-Varnish-Beresp-Grace
X-Core-Mission
Is-Eu
Memcached
X-Core-Value
X-Fetched-On
Mail-Subject
X-Developers
X-Esi-Check
Environment
X-DefElseHash
X-DefHash
AKAMAI
X-Device-Os
X-DPWN-IS-SECURE
Adler-Geo
Kp-EeAlive
X-Ckpd-Fst-Backend
Redirect-Candidate
X-Scheme
X-Sigma
X-Sigma-Backend
Wxu-Next-Region
X-Wix-Viewer-Type
X-Worker
X-Ad-Defer-Variation
State
X-Rocket-Build-Number
X-SB
Wxu-Next-Hostname
X-SVT-ORM-RULES
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
We-Hiring
X-Variation
X-V-Cache
X-SVT-ORM-VERSION
Wxu-Next-Commit
X-TNCMS
X-Bc-Bl
Server-Host
X-JWT-State
X-Is-Gdpr
X-Cache-Id
X-Loop
Producers
X-Irp-Debug
X-HS-Content-Campaign-Id
X-CacheTTL
X-GeoIP
X-Gzip
X-Has-Esi
X-Ms-Version
X-Ms-Request-Id
X-Origin-Expires
Platform
X-NodeID
X-Origin
X-Time
X-Cache-Bucket
X-Aicache-OS
X-Cdn-Origin
X-BBC-Edge-Cache-Status
X-Clara-WADP
X-CGP
X-Cache-Info
X-Branch-Name
X-Block-Status
X-Cache-Date
X-RateLimit-Limit-Second
X-Gdpr
X-Nyt-Route
X-Amzn-Remapped-Content-Length
VNS-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Origin-Time
X-Pool
X-Policy
X-Qloud-Router
X-RateLimit-Remaining-Second
X-RCS-CacheZone
Fastly-Backend-Name
X-Region-Sid
X-Sn-Servicetimems
X-Slack-Backend
X-VG-TLSProxy
X-Thinkindot-L3
X-VarnishDD-TTL
X-SIPLIST1
X-VServer
X-Request-URI
X-Rocket-Nginx-Serving-Static
X-WADP-Cache
X-Served-From
X-Platform
X-Planisys-CDN-TTL
X-Forwarded-Site
X-Fmm-Version
X-Ftr-Request-Id
X-Gamma-Serve
X-Gen-Mode
X-Fastly-Cache
X-Eu-Site
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Dispatcher-Number
X-Ec-Custom-Error
X-Generated-On
X-GeoIP-City
X-NCache
X-Mvc-Supplant-Cachable
X-Node-Id
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Minions-Version
X-Loc
X-HN
X-Hnp-Log
X-LAGOON
X-Level-Front-Cache
X-Csrf-Jwt
Traceparent
X-AIR-PT
L5d-Success-Class
IsBot
HA-Ipaddr
Ha-Gx-Prefs
Machine
N-Cache
Origin-EX
Origin-CC
Origin
NGX
X-Varnish-Ttl
Fastly-SWR
Apple-News-Services-Request-Url
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
CloudFront-Viewer-Country
CPC-Age
Fastly-SIE
Fastly-GeoIP-CountryCode
Fastcgi-Cache-TTL
CPC-Cache
PFcat
L
Svr
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-Control
Sever-Int
X-EC-Lua
Ssr
User-Cache-Control
Server-Hostname
Release
Thinkindot-CacheControl
Vix-Hermes-Req-Id
Server-Ext
Req-Svc-Chain
V-Age
VNS-Age
X-WA-Info
X-Optimistic-Header
X-Pod-Name
X-Proxy-Cache-Info
X-Viewer-Country
X-ZONE
X-Wikidot-Static-Cache
X-Micro-Cache
X-Wikidot-Backend
Cache-Name
X-Via-Ucdn
X-Owner
X-Proxy-Upstream
Ohc-File-Size
Cluster
X-Scale
Gh-Request-Id
X-Cache-Backend
X-Auto-Login
DSUID
HostName
X-R9-Blue-Green-Version
Web-Mar-Region
X-Correlation-ID
Pics-Label
CDN
X-CS
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
GEO-INFO
Ngx.Var.Host
X-VC
X-Httpd
X-Refresh
X-Server-IP
Cache-Host
XkeyRZ
X-Proxy-CacheRZ
X-CACHE-KEY
X-TIME
X-LB-NoCache
X-Ah-Environment
Servername
X-Parent-Response-Time
X-NC
Path
Ms-Author-Via
X-Mvc-Supplant-OutputCached
X-Contensis-Viewer-Groups
X-Webstats-RespID
Env
X-From
X-Servedbyhost
X-Cache-ASPX
X-Srv
X-Tb-Optimization-Total-Bytes-Saved
X-Udemy-Cache-App-Namespace
X-Varnish-Authentication
X-Location
Time
Memory
X-Generated-In
X-Via-Popv
X-Clientip
X-Edge-Pop
X-Via-Poph
X-Via-Popn
X-RateLimit-Reset
Lb
X-API-Version
X-TraceId
Locid
X-Amz-Meta-Cb-Modifiedtime
Ohc-Cache-HIT
X-Response-By
X-Trace-ID
GeoIp-Country-Code
X-S-Maxage
X-Presslabs-Stats
ITXSESSIONID
Arc-Country
X-Men
X-Varnish-Beresp-TTL
AMP-Access-Control-Allow-Source-Origin
X-Vc
X-Old-Content-Length
X-Dmc
X-Akamai-Transformed
True-Client-IP
X-RPS
Server-ID
X-DB
X-RPM
X-Date
X-RSL
X-DI
X-DSS
X-DW
X-VCL-Version
X-HA-Backend
Client
X-Accel-Expires-Debug
X-VHOST
Hostname
X-Cs
X-TRACE-ID
X-Render-Time
X-DynaTrace-JS-Agent
X-Tec-Api-Version
X-Fpc
X-Tec-Api-Origin
X-Tec-Api-Root
X-MSEdge-Flight
X-DC
X-MSEdge-Features
Geoip-Latitude
X-URL
X-Zone
X-GeoIP-Country-Code
X-INCAP-ABP
C-Via
X-GeoIP-Region-Code
X-Gateway-Request-Id
X-Service
Rip
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
FSS-Cache
X-FireWall-Port
Tube-Got-Results
X-Cache-Debug
Click-Count-Action-Start
Click-Count-Error
Fusion-Deployment-Id
Fusion-Source
X-M-Reqid
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Esi-Enabled
X-Qnm-Cache
X-Webkit-Csp-Report-Only
NtCoent-Length
Powered-By
X-M-Log
X-Api-Version
On-Server
X-TX-ID
X-B3-Spanid
X-PX
CacheControlHeader
HIT
X-CSRF-TOKEN
X-Alfa-Service
Srv
X-TH-Server
Test
Tcn
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
X-Action
True-Client-Country-4JS
X-NGINX-Cache
X-Backend-TTL
X-Proxy-Cache-Hk
X-Cdn-Request-ID
OT-Force-Account-Verify
X-FPC
Cdn
X-Traceid
X-Check-Cacheable
Server-Id
X-Beluga-Status
X-Beluga-Trace
X-HS-Status
X-Beluga-Response-Time
GeoIP-Latitude
X-Beluga-Node
Geo-Info
X-Beluga-Cache-Status
User-Agent
Edge-Cache
X-Vcl-Version
X-Beluga-Record
X-Akamai-Pragma-Client-IP
X-Pass-Why
DT-Hot-News
X-Req
GeoIP-Country-Code
X-Varnish-Beresp-Ttl
X-Origin-Upstream-Status
Uri
Proxy-Connection
Srvid
X-App
My-App
X-Ha-Backend
Resin-Trace
X-Via-PopV
X-Via-PopH
X-Via-PopN
X-CLOUD-TRACE-CONTEXT
M-TraceId
Server-Ttl
X-APP
MIME-Version
Cf-Int-Pingora-Origin-Digest
Sid
X-Bip
X-ServedByHost
X-Up
Epwk-X-Cache
X-Hcs-Proxy-Type
X-Thanos
X-CCDN-Origin-Time
X-CCDN-CacheTTL
WebServer
X-Cdn-Forward
X-Request-Start
X-Fastly-Backend-Reqs
True-Client-Ip
X-LB-ID
ENV
X-Backend-Host
X-Edge-POP
X-Esi
Warning
X-Provided-By
X-Lb-Nocache
ServerName
X-Geo
X-LI-Proto
X-Li-Pop
X-LI-UUID
XServer
X-B3-Traceid-Primal
X-Li-Fabric
X-CACHE-AGE
X-HostName
X-Fetch-By
X-HITS
Section-Io-Origin-Status
CountryCode
PICS-Label
Section-Io-Id
X-Nc
X-Webkit-CSP-Report-Only
X-UnsetCookies
X-RAMCache
X-Newrelic-App-Data
X-Serial
X-Akamai-Request-ID
Section-Io-Origin-Time-Seconds
X-ElasticPress-Query
X-Dw-Trace-Id
X-CF-Powered-By
Magicmarker
X-Vercel-Id
X-Vercel-Cache
Section-Origin-Responded
CF-Cached-On
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
X-Iplb-Request-Id
X-Request-Url
WZWS-RAY
X-Iplb-Instance
Dt-Hot-News
X-Cc-Via
X-IN-APIGATEWAY
D-Url-Rewrites
X-Vcache
X-CMSURLCustom
Canary
X-Time-Microsecs
X-ND-Cache
X-Varnish-Beresp-Status
X-IN-APIGATEWAYSSL
X-Yottaa-OS
Inserted-Into-Cache-At
Servedby
Wp-Super-Cache
Cdn-Cache
Cdn-Cachedat
Cdn-Edgestorageid
Cdn-Requestcountrycode
Cdn-Pullzone
Cdn-Uid
Cdn-Requestid
X-Air-Pt
X-LiteSpeed-Tag
X-MiniProfiler-Ids
Vha6-Origin
X-Snapshot-Date
Hit
Content-Style-Type
X-Th-Server
X-Storefront-Renderer-Verified
X-Request-URL
X-Back
Content-Script-Type
X-BBC-Origin-Response-Status
X-Release
Cf-Device-Type
X-Dist-Code
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
Fastcgi-Cache-Ttl
X-Azure-Ref-OriginShield
DataCenter
X-CUA
X-Wp-Cf-Super-Cache-Cache-Control