Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
CF-RAY
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
P3p
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Ua-Compatible
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
CONTENT-SECURITY-POLICY
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Dispatcher
X-Akamai-Path-Stats
EagleEye-TraceId
X-Nginx-Cache-Status
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Cache-Spec
X-WebKit-CSP
X-Device
Cf-Railgun
X-Page-Speed
Allow
X-Host
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
Surrogate-Control
X-CST
X-Backend-Server
Accept-CH
Request-Id
X-Akam-SW-Version
X-Readtime
X-HW
X-Cache-Lookup
X-Response-Time
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
X-Cloud-Trace-Context
Rating
X-Trace
Cf-Edge-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Mod-Pagespeed
X-Vname
X-PC
X-TtlSet
X-MS-InvokeApp
X-Rack-Cache
X-Server-Name
X-Varnish-TTL
X-Ruxit-JS-Agent
X-Clacks-Overhead
Edge-Control
RTSS
X-ESI
X-Content-Type
X-B3-TraceId
X-VARITI-CCR
X-Vcap-Request-Id
Cache-Tag
X-Px
X-Ac
X-Amz-Rid
Public-Key-Pins
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Cnection
X-Kinja
X-Dw-Request-Base-Id
X-Kinja-Revision
X-Kinja-Server
X-Amz-Server-Side-Encryption
X-Element-Page-Cache
X-RateLimit-Remaining
Accept-Ch
X-D2id
Verso
X-Navigation-Version
X-Cache-TTL
X-Webkit-Csp
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
Service-Worker-Allowed
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Ruxit-Js-Agent
X-Ser
X-GitHub-Request-Id
X-Version
Arr-Disable-Session-Affinity
X-Country-Code
X-Edge
X-TTL
Response
X-Middleton-Response
Access-Control-Request-Method
X-FastCGI-Cache
X-NF-Request-ID
X-Goog-Hash
X-Correlation-Id
X-Upstream
X-Kinsta-Cache
AR-SID
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Edge-Location-Klb
SPIisLatency
SPRequestDuration
X-Cached
X-RateLimit-Limit
X-LLID
X-NWS-LOG-UUID
X-Cache-Key
Nginx-Cache
X-Litespeed-Cache
X-Powered-CMS
X-Kraken-Loop-Name
Edge-Cache-Tag
X-Server-Lifecycle-Phase
X-Instrumentation
TCN
MS-Author-Via
X-Ttl
Mrf-Cache-Status
MRF-Tech
SPRequestGuid
X-SharePointHealthScore
X-Forwarded-For
X-MSEdge-Ref
Content-MD5
X-Aspnetmvc-Version
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-B3-TraceId-Primal
X-T
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-Ua-Device
X-Content-Digest
X-Protected-By
X-DataDome
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Frontend
X-HS-Content-Id
X-HS-Cache-Config
X-Ezoic-Cdn
X-HS-Hub-Id
X-Ab
Server-Node
X-Ua-Browser
X-Content
X-Request-Received
X-Request-Processing-Time
X-HS-Combine-CSS
Front-End-Https
MicrosoftSharePointTeamServices
X-Accel-Expires
Filters
X-Yandex-Sdch-Disable
X-Server-ID
X-ORACLE-DMS-ECID
X-Grace
X-ECACHE
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-Origin-Server
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-PressLabs-Stats
X-Aspnet-Version
X-Ratelimit-Reset
X-Distributor
X-Debug-Info
TP-L2-Cache
TP-Cache
X-Tt-Trace-Tag
X-Amzn-Trace-Id
X-Tt-Trace-Host
Charset
Cleartype
Host
X-Page-Id
X-F-Cache
X-Git-Hash
X-Www-Served-By
X-DIS-Request-ID
X-B3-Sampled
X-DynaTrace
Cross-Origin-Opener-Policy
X-Forwarded-Proto
Cache-Tags
Access-Control-Allow-Method
ServerID
X-LB-Cache
X-Cache-Age
X-Seen-By
X-Kong-Upstream-Latency
X-Request-Handler-Origin-Region
X-Language
X-Kong-Proxy-Latency
X-Microsite
X-MCACHE
X-Activity-Id
X-AppVersion
X-Cluster-Name
Server-Name
X-Az
Accept-Charset
X-Varnish-Age
Realpath
X-WebKit-CSP-Report-Only
Filterid
Cache-Status
X-Type
X-Rid
X-Content-Options
X-Fastcgi-Cache
X-XRDS-LOCATION
X-Mobile-URL
X-App-Environment
X-Origin-Cache
X-Via-JSL
X-Oracle-Dms-Ecid
X-Upgrade-Enabled
X-Varnish-Grace
Country
X-Oracle-Dms-Rid
Viewport
X-FB-Debug
X-User-Agent
X-Wix-Request-Id
Node
X-Signature
X-Whom
X-Is-Crawler
DC
Paypal-Debug-Id
X-Aspnet-Duration-Ms
X-B-Cache
X-Drupal-Cache-Tags
X-Providence-Cookie
X-Flags
X-Route-Name
X-Request-Guid
X-NWS-UUID-VERIFY
Protected
X-Tb
X-Nginx-Upstream-Cache-Status
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-TT
X-Goog-Storage-Class
X-VCache
Fastcgi-Useragent
Retry-After
X-Varnish-Backend
X-Fastly-Request-Id
X-Cache-NGX
X-Fastly-Request-ID
X-Contextid
Payment
X-B
X-Amz-Replication-Status
X-Debug
X-Template
X-Logged-In
X-N
WPO-Cache-Status
WPO-Cache-Message
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-Load-Cache
Surrogate-Key
X-Hostname
X-Cache-Control
X-Parallel-Accel
X-Node-Name
X-XRDS-Location
Count-Hit
Amp-Access-Control-Allow-Source-Origin
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Proxy
X-Browser-Type
X-Trace-Id
Akamai-GRN
Refresh
Healthy
X-Mobile
X-Cache-Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Jobs
X-Amz-Meta-S3cmd-Attrs
X-Is-Bot
X-Akamai-Request-ID2
Uber-Trace-Id
X-Real-IP
X-Rendered-As
X-Revision
X-UUID
X-Zen-Fury
X-Framework
X-Cache-TTL-Remaining
X-Http-Reason
X-Page-View
X-Cacheable-TTL
X-G
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Proxy-Cache-Status
NGB
Content-Disposition
X-Drupal-Cache-Contexts
Alternate-Protocol
X-Instance
X-Device-Type
X-Debug-IsConnected
X-Cache-Rule
Access-Control-Request-Headers
X-Debug-IsPreview
X-Adobe-Loc
X-Vgn-Hpd-Reason
X-IPLB-Instance
X-Adobe-Content
From-Origin
X-Source
X-B3-Traceid
Url
X-Servername
Version
X-Cache-Expired-At
X-Cache-Grace
X-Oneagent-Js-Injection
X-Mcache
Permissions-Policy
Accept-Language
X-Varnish-Server
X-Cache-Hit
Referer-Policy
X-L-Path
X-Environment-Context
X-Mg-Request-UUID
X-EdgeConnect-Cache-Status
Countrycode
X-Restarts
Ms-Operation-Id
X-App-Server
X-FW-Version
MS-CV
X-RTag
X-Cache-Action
X-NGENIX-Cache
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-ECache
X-COUNTRY
Backend
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
Liferay-Portal
X-NYM-Debug-Backend
X-RemovedCookies
X-Nginx-Cache
X-ProcessESI
X-Hyper-Cache
CF-IPCountry
Content-Secure-Policy
Frame-Options
X-HTML-Minification-Powered-By
Upgrade-Insecure-Requests
X-Rule
Meta-Geo
X-Redis-Cache
X-Ratelimit-Remaining
WP-Super-Cache
X-RN-RSRV
X-PCL
X-Cache-Server
Ec-Rule-Version
X-UPSTREAM-Address
X-OCL
X-Content-Age
X-Access
X-Generation-Time
X-Section
X-Detected-As
X-Cluster-Node
X-Ua
X-No-Session
Apigw-Requestid
Cache-Tv-Group
X-Format
X-Server-W
X-Be
X-Origin-Hint
S-Rt
X-PERF
X-Mode
X-Uri
X-Storage
X-Sql-Duration-Ms
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-SiteName
X-Urbn-Context-Path
X-Urbn-Site-Id
Fastly-SSL
X-Site-Version
X-Region
X-Sql-Count
X-Varnish-Cache-Hits
Locale
X-Cache-Enabled
Webcakes-App-Name
X-Unique-Id
X-FB-TRIP-ID
Mn-Server-Ip
X-Via-Fastly
TWC-Device-Class
Property-Id
TWC-Privacy
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Azure-Version
TWC-Locale-Group
X-Request-Time
Webcakes-App-Version
X-Human
X-PHP-Backend
Section-Io-Cache
X-Hosted-By
Webcakes-Region
X-ApacheServer
X-ProxyCache-Key
X-Nginx-Cache-Key
CDN-RequestCountryCode
X-Origin-Date
CDN-PullZone
X-UA-Device-Type
CDN-EdgeStorageId
X-ProxyCache-Status
CDN-CachedAt
CDN-RequestId
CDN-Cache
X-Generated-By
X-Content-Powered-By
X-Say-TTL
X-AOL-HN
X-Say-Cacheable
X-BYPASS-REASON
X-Cache-Type
X-SayCDN-TTL
X-Debug-Cache
X-Xfnlog-Site
CDN-Uid
Eomportal-Instance
X-Web-Node
X-Akamai-Edgescape
Webserver
X-Status
X-Cache-Host
X-Webkit-CSP
X-Cache-Tags
X-Proxied
X-SaId
X-ServerID
X-ShardId
X-Platform-Server
X-Alternate-Cache-Key
X-Forwarded-Host
X-Extlb
X-Backend-Name
X-Hl-Ver
X-ShopId
X-JoinUs
X-Routing-Service
X-Zipkin-Id
X-Varnishpool
X-Shopify-Stage
X-Tid
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Cache-Operation
X-Accel-Buffering
X-Timing-Wait
X-Adobe-Source
ServedBy
X-NewRelic-App-Data
X-Handled-By
X-Proxy-Build
Selected-Fe
X-Cache-Remote
X-TT-LOGID
X-Datadome
X-GG-Cache-Date
X-Locale
X-Rewrite-Enabled
X-Labrador-Cache-Channel
X-APP-VERSION
X-Dc
X-PHP-Host
Xserver
X-LJ-Flow-ID
X-VWS-Id
X-LSADC-Cache
SID
X-AWS-Id
SRV
X-Pubstack
X-App-Version
X-Soup
X-Buckets
X-Cached-By
X-VC-Cache
LB
X-CDN-Forward
X-Proto
X-Edge-Location
Web-Mar-Node
Country-Code
Decoy-Debug-Status
Decoy-Debug-Key
X-Reqid
X-Storefront-Renderer-Rendered
Decoy-Debug-TTL
Fastly-Drupal-Html
Mime-Version
X-Microcachable
X-Request-Host
X-Ratelimit-Limit
Onion-Location
X-GEO
X-Cms-Context
X-Origin-CC
X-Origin-TTL
X-Varnish-Hostname
X-Ms-Request-Id
X-TA-CDN-Provider
X-Ms-Version
Xet-Cookie
Cache-Hits
Server-Info
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-NCache
X-Tumblr-Pixel-2
X-Cluster
Load-Balancing
X-B3-SpanId
X-CSRF-Token
X-Tec-Api-Root
X-Bc-Bl
X-Varnish-Hits
X-Tec-Api-Origin
X-Tec-Api-Version
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Varnish-Beresp-Grace
X-Amzn-RequestId
X-Amz-Apigw-Id
Cache-Name
X-Midtier
X-R9-Blue-Green-Version
X-GeoCountry
DynaTrace
X-GeoCode
X-Origin-Response-Time
X-Azure-Ref
X-Endurance-Cache-Level
X-Envoy-Decorator-Operation
X-RCS-CacheZone
Odigeo-Trace-Id
Pramga
T-Server
Surrogated-Key
Sslversion
Rendered-Blocks
X-A
DCR-Processing-Time-Ms
DB-Nickname
BehaviorPad-Version
Cdncip
Cdnsip
Cmsid
Cmstype
A
DCR-Decision-By
Meta-Geo-Continent
Mobile-Detection-Method
Lang
Host-ID
Expiry
Fastcgi-X-Cache-Version
NM-Fastcgi-Cache
X-Esi-Check
X-Processor
X-PBS-Appsvrname
X-Rojux
X-S
X-ScT
X-S-Cookie
X-PAYTM-SRV-ID
X-Orig-Expires
X-LAGOON
X-Ig-Push-State
X-Men
X-NAPM-TraceId
X-NodeID
X-SD-PageType
X-Session-Fingerprint
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Webstats-RespID
X-Vdms-Path
X-User
X-SRCache-Key
X-Shop-Environment
X-Tenant
X-TIM-N
X-TrackingId
X-HS-Content-Campaign-Id
X-Hash
X-B-Cookie
X-ARC
X-Cache-Bucket
X-Cache-Id
X-Cdn-Srv
X-Cache-NE
X-Application
X-AK-Request-ID
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Forwarded-Path
X-External-Request-Id
X-From
X-Ftr-Request-Id
X-Gzip
X-Geo-Header
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-D
X-Conf
X-Destination
X-Developer
X-Ec-Fail
X-A-Ccd
X-Connection-Hash
X-SRV
X-Via-NSCOPI
X-JWT-State
X-Location
X-Mvc-Supplant-Cachable
X-Loop
X-Is-Gdpr
X-Has-Esi
X-Hnp-Log
X-Irp-Debug
X-Nyt-Route
Mail-Subject
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Request-URI
X-Rocket-Build-Number
X-Planisys-CDN-Cache
X-Origin-Time
X-Gen-Mode
Machine
X-Origin
Memcached
X-Gdpr
X-Clara-WADP
X-Core-Mission
X-Core-Value
X-Magnolia-Registration
X-Ckpd-Fst-Backend
X-Cache-Info
X-Amzn-Remapped-Content-Length
X-Block-Status
X-Cache-Backend
Web-Mar-Region
We-Hiring
X-Fastly-Cache
X-Fetched-On
X-Fmm-Version
Server-Host
State
Svr
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
Fastly-GeoIP-CountryCode
X-Old-Content-Length
X-VG-TLSProxy
X-Worker
X-Slack-Backend
X-Sigma-Backend
X-Sigma
Apple-News-Services-Host
X-Server-IP
X-Wix-Viewer-Type
X-WADP-Cache
AKAMAI
X-Viewer-Country
X-V-Cache
X-TNCMS
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tx-Id
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Environment
Wxu-Next-Region
X-Developers
Wxu-Next-Commit
Wxu-Next-Hostname
X-Scheme
X-SB
Apple-News-Services-Request-Url
X-DI
X-BBC-Edge-Cache-Status
X-Device-Os
X-DefHash
X-Pod-Name
X-DW
X-DefElseHash
X-DSS
X-DPWN-IS-SECURE
X-Branch-Name
X-Cache-Date
X-CGP
X-Csrf-Jwt
X-VServer
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Ec-Custom-Error
X-Datadog-Sampling-Priority
X-DB
X-Gamma-Serve
X-Srv
X-RSL
X-Origin-Expires
X-Auto-Login
X-Node-Id
X-Served-From
X-RPS
X-Platform
X-Region-Sid
X-RPM
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
X-Proxy-Upstream
X-Minions-Version
X-Skip-Cache
X-Forwarded-Site
X-Rocket-Nginx-Serving-Static
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Variation
X-Generated-On
X-Time
X-Level-Front-Cache
X-Thinkindot-L3
X-HN
X-GeoIP
HostName
X-Eu-Site
X-Pool
PFcat
Platform
Origin
N-Cache
L5d-Success-Class
Producers
Redirect-Candidate
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
TDXMobile
Req-Svc-Chain
Release
L
Kp-EeAlive
CDCHOST
CloudFront-Viewer-Country
Cache
Arc-Country
Adler-Geo
Cluster
Fastcgi-Cache-TTL
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Thinkindot-Control
Source
X-Aicache-OS
CDN
X-CS
Origin-EX
X-Loc
Locid
NGX
MD5-Digest
X-Httpd
X-Accel-Expires-Debug
X-GeoIP-City
X-Cdn-Origin
X-TIME
X-EC-Lua
DSUID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Sn-Servicetimems
Fastly-SWR
X-Qloud-Router
X-Proxy-Cache-Info
Ssr
X-Optimistic-Header
Fastly-SIE
X-Response-By
Origin-CC
AMP-Access-Control-Allow-Source-Origin
Traceparent
X-Date
X-Parent-Response-Time
X-TraceId
X-Akamai-Transformed
X-WP-CF-Super-Cache-Cache-Control
Pics-Label
X-GeoIP-Region-Code
X-NC
GEO-INFO
X-GeoIP-Country-Code
X-VC
X-CacheTTL
X-Owner
X-WP-CF-Super-Cache
X-ZONE
X-Dispatcher-Number
X-Udemy-Cache-App-Namespace
Server-Hostname
Server-Ext
X-Ah-Environment
X-Refresh
X-Scale
Sever-Int
X-LB-NoCache
X-Tt-Logid
X-Via-Ucdn
Servername
Ms-Author-Via
X-Mvc-Supplant-OutputCached
IsBot
Memory
X-Cache-Debug
X-API-Version
Time
X-Edge-Pop
X-SIPLIST1
X-Generated-In
Env
X-Tb-Optimization-Total-Bytes-Saved
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
X-Newrelic-Synthetics
Fusion-Template-Id
X-Wikidot-Static-Cache
CacheControlHeader
X-Wikidot-Backend
Geo-Info
X-Varnish-Ttl
X-Xrds-Location
Candidate-Md5Url
X-Via-Poph
X-Amz-Meta-Cb-Modifiedtime
X-TH-Server
Ohc-File-Size
X-BCube-Filmed-By
X-Via-Popn
X-Via-Popv
GeoIp-Country-Code
Cache-Key
True-Client-Country-4JS
Datacenter
X-Action
X-IPLB-Request-ID
VNS-Cache
X-S-Maxage
X-SplitTest
X-Cache-ASPX
X-Backend-TTL
CPC-Cache
X-Servedbyhost
X-Contensis-Viewer-Groups
CPC-Age
XM
X-Ad-Defer-Variation
X-HA-Backend
VNS-Age
X-RateLimit-Reset
Fastly-Backend-Name
X-Varnish-Authentication
FSS-Cache
Client
X-WA-Info
X-Presslabs-Stats
ITXSESSIONID
Geoip-Latitude
X-Micro-Cache
Server-ID
X-VCL-Version
X-Dynatrace
X-Provided-By
X-Vc
X-Varnish-Beresp-TTL
X-Req
Edge-Cache
X-VHOST
X-Cache-Status-Check
Path
X-CACHE-KEY
X-DC
X-AIR-PT
My-App
X-Trace-ID
X-Zone
X-Cs
Hostname
Cache-Host
Ohc-Cache-HIT
X-Pass-Why
X-Origin-Upstream-Status
X-Up
Ngx.Var.Host
X-TX-ID
DataCenter
X-FireWall-Port
Lb
True-Client-IP
X-Fpc
NtCoent-Length
X-Webkit-Csp-Report-Only
X-LB-ID
X-Proxy-CacheRZ
XkeyRZ
X-Clientip
X-Api-Version
Powered-By
X-Li-Fabric
OT-Force-Account-Verify
X-LI-UUID
X-Traceid
Test
X-Li-Pop
X-Varnish-Beresp-Ttl
X-FPC
X-NGINX-Cache
X-B3-Spanid
Cf-Int-Pingora-Origin-Digest
X-ND-Cache
X-UnsetCookies
X-CSRF-TOKEN
X-Correlation-ID
X-Beluga-Status
X-Beluga-Cache-Status
X-CUA
X-Webkit-CSP-Report-Only
User-Agent
X-Beluga-Node
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Trace
X-Time-Microsecs
X-Cdn-Request-ID
X-Vcl-Version
Resin-Trace
X-Dmc
Server-Id
X-RAMCache
X-MSEdge-Features
X-MSEdge-Flight
Cf-Device-Type
Proxy-Connection
X-Fragments
WZWS-RAY
Target-Params
Tracecode
X-Geo
X-CLOUD-TRACE-CONTEXT
X-Azure-Ref-OriginShield
Lfy
X-Ha-Backend
X-Sucuri-Cache
X-Fastly-Backend
X-ATG-Version
X-Render-Time
Uri
X-Var-Ttl
X-Sucuri-ID
X-B3-Traceid-Primal
X-Via-PopV
X-HS-Status
X-FC-Vary-Parameters
MIME-Version
X-Via-PopH
X-URL
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Via-PopN
C-Via
Sid
X-INCAP-ABP
Rip
GeoIP-Country-Code
Fastly-Drupal-HTML
GeoIP-Latitude
X-ServedByHost
X-PX
X-Alfa-Service
Tube-Got-Eval
Tube-Got-Results
ENV
X-Hcs-Proxy-Type
X-Gateway-Skip-Cache
Epwk-X-Cache
X-Gateway-Request-Id
X-DynaTrace-JS-Agent
X-Varnish-Beresp-Status
X-Li-Proto
X-Qnm-Cache
X-M-Reqid
X-Service
X-Gateway-Cache-Status
Tube-Return
Tube-Get-Contents
X-LI-Proto
X-NU-AKA-ACS-Version
Click-Count-Action-Start
Click-Count-Error
X-Gateway-Cache-Key
X-Proxy-Cache-Hk
X-CCDN-Origin-Time
X-M-Log
Srvid
X-CCDN-CacheTTL
X-Fetch-By
X-TRACE-ID
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
Esi-Enabled
X-Backend-State
Magicmarker
X-Fastly-Backend-Reqs
HIT
X-Backend-Host
X-Esi
X-Cdn-Forward
Cdn
X-Edge-POP
X-Cache-Expires
On-Server
XServer
X-Request-Start
X-Cache-CFC
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-LiteSpeed-Cache-Control
X-MG-S
Srv
Section-Io-Id
X-Lb-Nocache
X-Thanos
X-App
X-APP
Server-Ttl
Section-Io-Origin-Status
PICS-Label
ServerName
Tcn
X-Yottaa-OS
X-Bip
X-Newrelic-App-Data
CF-Cached-On
X-ElasticPress-Query
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
D-Url-Rewrites
X-Iplb-Instance
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Site
X-Iplb-Request-Id
Cf-Ipcountry
X-Vcache
Wpo-Cache-Message
Wpo-Cache-Status
Inserted-Into-Cache-At
X-Acquia-Purge-Tags
X-Serial
X-Nc
Warning
X-HostName
Servedby
X-Akamai-ERPolicy
X-Release
X-Storefront-Renderer-Verified
X-Dw-Trace-Id
X-Dist-Code
Content-Script-Type
X-Akamai-ERRuleID
Fastcgi-Cache-Ttl
X-Cache-Config
Ngx
True-Client-Ip
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
M-TraceId
X-Fastly-Cache-Hits
X-Akamai-Request-ID
Content-Style-Type
X-Th-Server
X-Request-URL
X-B3-Parentspanid
X-IN-APIGATEWAY
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL
CountryCode
X-Request-Url
X-Snapshot-Date
X-CF-Powered-By
X-LiteSpeed-Tag
X-Shopify-Generated-Cart-Token
X-Back
X-Swift-Error
Cneonction