Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Report-To
NEL
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
Feature-Policy
X-Iinfo
X-Request-ID
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-XSS-PROTECTION
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
P3p
X-Cache-Group
X-Turbo-Charged-By
EagleId
X-Backend
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Vhost
X-Amz-Version-Id
X-LiteSpeed-Cache
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Dispatcher
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
X-Host
Allow
X-Node
X-Akamai-Path-Stats
X-Pingback
X-Server-Id
Accept-CH
X-Backend-Server
Surrogate-Control
X-Aws-Lambda-Call-Status
Request-Id
X-CST
X-Akam-SW-Version
X-Readtime
X-HW
X-Cache-Lookup
X-Response-Time
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-Ua-Compatible
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Url
Cf-Edge-Cache
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-PC
X-TtlSet
X-Vname
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Server-Name
X-Rack-Cache
X-MS-InvokeApp
X-Clacks-Overhead
Edge-Control
RTSS
X-Content-Type
X-ESI
X-Varnish-TTL
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-Px
X-B3-TraceId
X-Ac
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Amz-Rid
X-Exp-Id
X-Kinja-Server
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cnection
X-Element-Page-Cache
Verso
X-D2id
X-Cache-TTL
X-Amz-Server-Side-Encryption
X-Navigation-Version
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
Service-Worker-Allowed
X-FastCGI-Cache
X-Webkit-Csp
X-Country-Code
Display
X-Middleton-Display
Pagespeed
X-GitHub-Request-Id
X-Sol
X-Ser
Arr-Disable-Session-Affinity
X-Ruxit-Js-Agent
X-Version
X-NF-Request-ID
Access-Control-Request-Method
Response
X-Middleton-Response
X-Goog-Hash
X-Edge
X-Upstream
X-Correlation-Id
AR-SID
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ttl
X-Cached
MS-Author-Via
X-TTL
X-LLID
X-Instrumentation
X-Kraken-Loop-Name
SPIisLatency
X-Server-Lifecycle-Phase
SPRequestDuration
Nginx-Cache
X-NWS-LOG-UUID
X-Powered-CMS
X-RateLimit-Limit
TCN
Edge-Cache-Tag
X-Cache-Key
MRF-Tech
Mrf-Cache-Status
X-Litespeed-Cache
X-MSEdge-Ref
X-Forwarded-For
X-SharePointHealthScore
SPRequestGuid
X-B3-TraceId-Primal
Content-MD5
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Id
X-Daa-Tunnel
X-Recruiting
S
X-Mg-S
X-Language
X-Protected-By
X-Content-Digest
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Ua-Device
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Frontend
X-DataDome
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Ua-Browser
X-Yandex-Sdch-Disable
X-Ab
X-Content
Server-Node
Front-End-Https
X-Request-Received
X-Request-Processing-Time
X-HS-Combine-CSS
X-Ezoic-Cdn
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Filters
X-TEC-API-VERSION
MicrosoftSharePointTeamServices
X-Grace
Fastcgi-Cache
X-Accel-Expires
X-Mid
X-Server-ID
X-Template
X-Geo-Country
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Ratelimit-Reset
X-Hits
X-Debug-Info
X-Origin-Server
TP-L2-Cache
TP-Cache
X-Distributor
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
X-ECACHE
Charset
Cleartype
Host
X-Page-Id
X-Git-Hash
X-DIS-Request-ID
X-F-Cache
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Www-Served-By
X-DynaTrace
X-PressLabs-Stats
Cache-Tags
ServerID
X-Kong-Proxy-Latency
X-LB-Cache
X-Kong-Upstream-Latency
X-Forwarded-Proto
Access-Control-Allow-Method
Server-Name
X-Seen-By
Realpath
X-Cache-Age
X-Cluster-Name
X-AppVersion
X-Activity-Id
X-Origin-Cache
X-WebKit-CSP-Report-Only
X-Az
X-MCACHE
X-Varnish-Age
X-Aspnetmvc-Version
Accept-Charset
X-Rid
Filterid
X-Type
X-Content-Options
X-Mobile-URL
Cache-Status
X-FB-Debug
X-Request-Handler-Origin-Region
X-Microsite
X-App-Environment
X-Upgrade-Enabled
X-Via-JSL
X-User-Agent
Node
Viewport
X-Varnish-Grace
Country
X-Tb
X-Wix-Request-Id
X-Route-Name
X-B-Cache
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Flags
X-Whom
DC
X-Drupal-Cache-Tags
X-Request-Guid
Paypal-Debug-Id
X-Signature
X-Is-Crawler
X-TT
X-NWS-UUID-VERIFY
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Oracle-Dms-Ecid
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-VCache
Fastcgi-Useragent
X-Oracle-Dms-Rid
X-Fastly-Request-Id
X-XRDS-LOCATION
Protected
X-Nginx-Upstream-Cache-Status
X-Varnish-Backend
Retry-After
X-Contextid
X-Amz-Replication-Status
Payment
X-Cache-NGX
X-B
X-Fastly-Request-ID
X-Fastcgi-Cache
X-N
X-Debug
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-FW-Type
X-Parallel-Accel
X-Logged-In
X-XRDS-Location
WPO-Cache-Message
X-Hostname
WPO-Cache-Status
X-Load-Cache
Surrogate-Key
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Node-Name
X-Buckets
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Mobile
Count-Hit
X-Original-Request-Id
X-Response-Served-From
SD-X-WS
X-Trace-Id
X-Proxy
Akamai-GRN
X-Cache-Time
X-Akamai-Request-ID2
VIX-Pulpo-Upstream-Status
Refresh
Uber-Trace-Id
X-G
X-Jobs
X-UUID
X-Zen-Fury
X-Revision
X-Rendered-As
X-IPLB-Instance
X-Real-IP
X-Is-Bot
VIX-Pulpo-Node
X-Cache-Rule
X-Framework
Healthy
X-Page-View
X-Http-Reason
X-Debug-IsPreview
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Cacheable-TTL
NGB
Alternate-Protocol
X-Instance
X-Device-Type
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Proxy-Cache-Status
X-Vgn-Hpd-Reason
Access-Control-Request-Headers
From-Origin
Content-Disposition
X-Cache-TTL-Remaining
X-Amz-Meta-S3cmd-Attrs
X-Adobe-Content
X-Adobe-Loc
X-Source
Url
X-Servername
X-ECache
X-Cache-Expired-At
Version
X-COUNTRY
X-Cache-Grace
Referer-Policy
Accept-Language
X-Cache-Hit
X-Varnish-Server
X-Oneagent-Js-Injection
X-Ratelimit-Remaining
X-App-Server
X-Cache-Action
X-FW-Version
X-Mcache
X-Environment-Context
X-L-Path
X-EdgeConnect-Cache-Status
X-Mg-Request-UUID
Countrycode
X-NGENIX-Cache
Cross-Origin-Window-Policy
Permissions-Policy
X-RTag
Ms-Operation-Id
MS-CV
X-Tumblr-User
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-Hyper-Cache
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Restarts
CF-IPCountry
Backend
X-Rule
Content-Secure-Policy
X-NYM-Debug-Backend
Ec-Rule-Version
Liferay-Portal
WP-Super-Cache
X-UPSTREAM-Address
X-OCL
X-RN-RSRV
X-Cache-Server
X-Unique-Id
X-Nginx-Cache
X-PCL
X-Redis-Cache
Meta-Geo
Upgrade-Insecure-Requests
X-Content-Age
X-No-Session
Frame-Options
Apigw-Requestid
X-Mode
X-Cache-Enabled
X-Access
X-Ua
Cache-Tv-Group
X-Format
X-Section
X-Cluster-Node
X-Detected-As
X-Generation-Time
X-FB-TRIP-ID
X-UA-Device-Type
X-Storage
X-Generated-By
X-Site-Version
Property-Id
X-Sql-Count
TWC-Device-Class
X-Web-Node
X-Via-Fastly
X-Urbn-Site-Id
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
X-Uri
TWC-GeoIP-Country
X-Hosted-By
X-Sql-Duration-Ms
Webcakes-App-Name
X-Varnish-Cache-Hits
X-Urbn-Context-Path
X-Origin-Date
Locale
Azure-SlotName
X-Be
X-Akamai-Edgescape
Webcakes-Region
Azure-SiteName
X-Request-Time
Azure-RegionName
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Server-W
Azure-InstanceId
X-PERF
Fastly-SSL
Mn-Server-Ip
Webcakes-App-Version
X-Human
X-AOL-HN
X-ApacheServer
X-Region
Azure-Version
X-PHP-Backend
X-Origin-Hint
TWC-Connection-Speed
Section-Io-Cache
X-Accel-Buffering
X-Cache-Operation
X-HTML-Minification-Powered-By
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
X-Content-Powered-By
CDN-RequestCountryCode
CDN-CachedAt
X-Cache-Tags
S-Rt
X-Xfnlog-Site
X-Platform-Server
X-BYPASS-REASON
CDN-Uid
X-Cache-Host
CDN-RequestId
X-Cache-Type
X-Forwarded-Host
X-Nginx-Cache-Key
X-ProxyCache-Key
X-Debug-Cache
X-ProxyCache-Status
X-SaId
X-Sorting-Hat-ShopId
X-Routing-Service
X-Tid
X-NewRelic-App-Data
X-JoinUs
X-Shopify-Stage
X-Hl-Ver
X-Sorting-Hat-PodId
X-Proxied
Eomportal-Instance
X-Varnishpool
X-Backend-Name
X-ShardId
X-Zipkin-Id
X-Extlb
X-ServerID
X-Status
X-ShopId
X-Alternate-Cache-Key
X-Timing-Wait
X-Cache-Remote
X-Webkit-CSP
ServedBy
Selected-Fe
X-Proxy-Build
X-Adobe-Source
X-APP-VERSION
X-Handled-By
X-Dc
Xserver
X-Rewrite-Enabled
X-Ratelimit-Limit
SRV
Webserver
X-Labrador-Cache-Channel
X-PHP-Host
X-GG-Cache-Date
X-Locale
LB
X-Soup
X-Pubstack
X-Datadome
X-LSADC-Cache
SID
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-VC-Cache
X-App-Version
X-Cached-By
Mime-Version
Country-Code
X-CDN-Forward
Fastly-Drupal-Html
X-TT-LOGID
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Request-Host
X-Microcachable
X-GEO
X-Reqid
Web-Mar-Node
X-Proto
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Origin-CC
X-Origin-TTL
X-Ms-Request-Id
Onion-Location
X-Ms-Version
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Server-Info
Xet-Cookie
X-Varnish-Hostname
X-TA-CDN-Provider
X-NCache
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-MP-GENERATED-AT
Cache-Hits
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-R9-Blue-Green-Version
X-TIME
DynaTrace
X-SRV
X-Cms-Context
X-Bc-Bl
X-Cluster
Cache-Name
X-Varnish-Hits
X-Azure-Ref
X-CSRF-Token
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Varnish-Beresp-Grace
DB-Nickname
X-RCS-CacheZone
X-Origin-Response-Time
X-Endurance-Cache-Level
Load-Balancing
Meta-Geo-Continent
Sslversion
Mobile-Detection-Method
X-GeoCountry
X-GeoCode
X-Epic-Correlation-Id
X-B-Cookie
Surrogated-Key
Cmsid
X-Magnolia-Registration
X-TrackingId
X-User
X-Ec-GeoHdr
Cdnsip
X-Esi-Check
X-External-Request-Id
X-Ec-Fail
X-Cache-Bucket
Odigeo-Trace-Id
X-CF-Lambda-Fn
X-Cdn-Srv
Pramga
X-Webstats-RespID
Xc-Version
X-D
X-Conf
A
X-Connection-Hash
X-Envoy-Decorator-Operation
X-CF-Lambda-Version
NM-Fastcgi-Cache
X-Cache-NE
X-VG-WebCache
X-B3-SpanId
X-A-Dcw
Cdncip
X-Vdms-Version
Rendered-Blocks
X-Vtex-Processado-Em
X-Developer
X-Destination
BehaviorPad-Version
X-Vtex-Remote-Cache
X-Cache-Id
X-Vdms-Path
X-Forwarded-Path
X-S-Cookie
X-ScT
X-S
X-Aed
X-Men
X-SD-PageType
Fastcgi-X-Cache-Version
X-Shop-Environment
X-AK-Request-ID
X-Session-Fingerprint
X-From
Lang
X-NAPM-TraceId
X-Rojux
X-A
X-PAYTM-SRV-ID
X-A-Ccd
X-A-Dam
X-Orig-Expires
X-PBS-Appsvrname
X-Processor
Host-ID
X-A-Wwc
X-NodeID
X-A-Dgt
Expiry
X-LAGOON
X-Tenant
X-TIM-N
X-ARC
DCR-Processing-Time-Ms
X-Via-NSCOPI
T-Server
X-SRCache-Key
X-Gzip
DCR-Decision-By
X-Geo-Header
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Application
X-Hash
X-Ftr-Request-Id
Cmstype
Environment
X-Tx-Id
Svr
Wxu-Next-Region
X-Ckpd-Fst-Backend
X-Clara-WADP
State
User-Cache-Control
We-Hiring
X-Cache-Backend
Ssr
Server-Host
X-Amzn-Remapped-Content-Length
Web-Mar-Region
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-Cache-Info
V-Age
Wxu-Next-Hostname
X-Accel-Expires-Debug
X-Is-Gdpr
X-Scheme
X-RSL
X-Server-IP
X-Sigma
X-Sigma-Backend
X-RPS
X-RPM
X-Origin-Expires
X-Origin
X-Origin-Time
X-Request-URI
X-Rocket-Build-Number
X-Slack-Backend
X-SVT-ORM-RULES
X-Viewer-Country
X-VG-TLSProxy
X-WADP-Cache
X-Wix-Viewer-Type
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-TNCMS
X-SVT-ORM-VERSION
X-V-Cache
X-Variation
X-Varnish-CookieHashed-On
X-Old-Content-Length
X-Nyt-Route
X-DPWN-IS-SECURE
X-DI
X-DSS
X-DW
X-Fastly-Cache
X-Device-Os
X-Developers
X-Date
X-Core-Value
X-DB
X-DefElseHash
X-DefHash
X-Fetched-On
X-Fmm-Version
X-Location
X-JWT-State
X-Loop
X-Mvc-Supplant-Cachable
X-Node-Id
Platform
X-Irp-Debug
X-Gen-Mode
X-Gdpr
X-GeoIP
X-Has-Esi
X-Hnp-Log
X-Core-Mission
X-Block-Status
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Fastly-GeoIP-CountryCode
AKAMAI
Memcached
Machine
Mail-Subject
Apple-News-Services-Host
Is-Eu
Adler-Geo
Apple-News-Services-Handled
GEO-INFO
X-Varnish-Ttl
CDN
X-TraceId
Cache
X-CGP
Arc-Country
X-Cdn-Origin
X-Policy
X-BBC-Edge-Cache-Status
X-Qloud-Router
X-Akamai-Transformed
Cluster
X-Proxy-Upstream
CloudFront-Viewer-Country
CDCHOST
X-Proxy-Cache-Info
X-Branch-Name
X-Pod-Name
X-Planisys-CDN-Rules
X-Forwarded-Site
X-Loc
Producers
X-Eu-Site
X-Level-Front-Cache
X-Httpd
X-GeoIP-City
X-HN
X-Generated-On
X-Minions-Version
X-VServer
X-Csrf-Jwt
X-Auto-Login
X-Planisys-CDN-TTL
Source
X-Planisys-CDN-Cache
X-VarnishDD-TTL
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Platform
X-Cache-Date
Req-Svc-Chain
Traceparent
X-Thinkindot-L3
X-Rocket-Nginx-Serving-Static
X-Response-By
L
L5d-Success-Class
Locid
N-Cache
Thinkindot-Control
X-Sn-Servicetimems
X-Served-From
X-RateLimit-Limit-Second
X-Tt-Logid
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Origin-CC
Kp-EeAlive
X-Aicache-OS
X-Rebelmouse-Cache-Control
Fastly-SIE
Fastcgi-Cache-TTL
PFcat
Origin-EX
X-RateLimit-Remaining-Second
HA-Ipaddr
Fastly-SWR
Gh-Request-Id
Release
Ha-Gx-Prefs
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Skip-Cache
Redirect-Candidate
Origin
Fusion-Component-Id
X-EC-Lua
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
NGX
X-Optimistic-Header
HostName
DSUID
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Gamma-Serve
X-SB
X-Parent-Response-Time
X-Midtier
X-Presslabs-Stats
X-NC
X-Owner
X-Ec-Custom-Error
X-WP-CF-Super-Cache-Cache-Control
X-Pool
AMP-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache
MD5-Digest
X-Tb-Optimization-Total-Bytes-Saved
Env
X-Cache-Debug
Pics-Label
X-API-Version
X-CS
X-ZONE
X-CacheTTL
X-Srv
X-Refresh
X-Mvc-Supplant-OutputCached
X-Ah-Environment
X-Dispatcher-Number
Servername
X-LB-NoCache
Time
X-Udemy-Cache-App-Namespace
X-Edge-Pop
CacheControlHeader
Memory
Ms-Author-Via
X-Newrelic-Synthetics
Sever-Int
X-Via-Ucdn
X-Generated-In
X-Time
X-Action
X-SIPLIST1
Server-Ext
X-TH-Server
X-Scale
Server-Hostname
True-Client-Country-4JS
IsBot
Geo-Info
X-Backend-TTL
GeoIp-Country-Code
X-VC
X-Vc
X-Xrds-Location
X-Via-Popn
X-Via-Poph
Ohc-File-Size
X-IPLB-Request-ID
X-Servedbyhost
X-Via-Popv
X-Wikidot-Static-Cache
X-Wikidot-Backend
FSS-Cache
X-S-Maxage
X-BCube-Filmed-By
X-Ad-Defer-Variation
Edge-Cache
X-Req
Geoip-Latitude
Client
Candidate-Md5Url
X-Amz-Meta-Cb-Modifiedtime
Cache-Key
X-CACHE-KEY
X-HA-Backend
Datacenter
X-RateLimit-Reset
X-Varnish-Beresp-TTL
X-SplitTest
VNS-Age
XM
My-App
X-Cs
CPC-Cache
X-Origin-Upstream-Status
X-VCL-Version
X-Cache-ASPX
X-Contensis-Viewer-Groups
VNS-Cache
CPC-Age
Fastly-Backend-Name
ITXSESSIONID
X-Provided-By
X-Varnish-Authentication
X-WA-Info
X-Dynatrace
X-Zone
X-VHOST
Hostname
DataCenter
X-Trace-ID
X-Micro-Cache
X-Up
Server-ID
X-DC
Path
X-Cache-Status-Check
X-LB-ID
X-AIR-PT
Ohc-Cache-HIT
Cache-Host
NtCoent-Length
X-FireWall-Port
X-TX-ID
OT-Force-Account-Verify
X-B3-Spanid
X-Pass-Why
X-Webkit-Csp-Report-Only
X-FPC
X-LI-UUID
True-Client-IP
X-Li-Pop
X-Fpc
X-Li-Fabric
Ngx.Var.Host
X-NGINX-Cache
X-ND-Cache
X-UnsetCookies
Test
X-CSRF-TOKEN
X-Varnish-Beresp-Ttl
X-Traceid
X-Clientip
X-Time-Microsecs
XkeyRZ
Lb
X-Proxy-CacheRZ
X-CUA
Cf-Int-Pingora-Origin-Digest
X-Fragments
X-RAMCache
Powered-By
Cf-Device-Type
Tracecode
X-Api-Version
Target-Params
X-Correlation-ID
X-Azure-Ref-OriginShield
X-Beluga-Status
X-Beluga-Trace
Proxy-Connection
X-FC-Vary-Parameters
X-Beluga-Node
X-Beluga-Response-Time
Lfy
X-Var-Ttl
X-ATG-Version
X-Cdn-Request-ID
X-Sucuri-Cache
X-Sucuri-ID
X-Fastly-Backend
X-Webkit-CSP-Report-Only
X-Vcl-Version
X-Beluga-Record
Server-Id
X-Beluga-Cache-Status
User-Agent
X-MSEdge-Flight
X-MSEdge-Features
X-Ha-Backend
X-Via-PopH
X-Via-PopV
Uri
X-Via-PopN
X-CLOUD-TRACE-CONTEXT
X-DynaTrace-JS-Agent
Sid
X-URL
X-Platform-Cluster
X-Qnm-Cache
X-INCAP-ABP
X-M-Log
X-M-Reqid
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Dmc
Resin-Trace
X-Platform-Router
X-ServedByHost
X-Li-Proto
X-Platform-Processor
X-Geo
WZWS-RAY
X-HS-Status
Magicmarker
GeoIP-Latitude
GeoIP-Country-Code
X-Cdn-Forward
X-Backend-State
X-Fastly-Backend-Reqs
X-Render-Time
MIME-Version
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
Srvid
C-Via
X-Alfa-Service
X-Request-Start
X-LI-Proto
X-Backend-Host
Epwk-X-Cache
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Fetch-By
Rip
X-Proxy-Cache-Hk
X-CCDN-Origin-Time
Fastly-Drupal-HTML
X-TRACE-ID
X-Service
ENV
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-Thanos
Click-Count-Action-Start
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
Click-Count-Error
Tube-Return
X-Bip
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-LiteSpeed-Cache-Control
X-Esi
X-ID
Cdn
X-Lb-Nocache
X-Cache-CFC
XServer
HIT
Esi-Enabled
X-App
WebServer
PICS-Label
X-Cache-Expires
X-B3-Traceid-Primal
ServerName
X-ElasticPress-Query
X-Edge-POP
Server-Ttl
X-Srcache-Store-Status
X-MG-S
X-Srcache-Fetch-Status
X-Cache-Config
Section-Io-Origin-Status
Section-Io-Id
Tcn
X-Yottaa-OS
CF-Cached-On
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Newrelic-App-Data
M-TraceId
On-Server
Cf-Ipcountry
D-Url-Rewrites
X-Vcache
Wpo-Cache-Message
Wpo-Cache-Status
X-BBC-Origin-Response-Status
Srv
X-Acquia-Application-Trace
X-Serial
X-Nc
X-Acquia-Site
Inserted-Into-Cache-At
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-HostName
Warning
Servedby
X-Request-URL
X-APP
X-Wp-Cf-Super-Cache
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache-Cache-Control
Content-Script-Type
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-B3-Parentspanid
CountryCode
X-Swift-Error
X-Litespeed-Cache-Control
Cneonction
X-Dist-Code
X-Snapshot-Date
Ngx
X-Release
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Tag
X-Akamai-ERRuleID
X-Storefront-Renderer-Verified
X-CF-Powered-By
X-Akamai-ERPolicy
X-Akamai-Request-ID
X-Th-Server
X-Dw-Trace-Id
X-Request-Url
Content-Style-Type
X-Back
Cteonnt-Length