Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-OneAgent-JS-Injection
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-Ruxit-JS-Agent
Rating
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Country
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-PC
X-TtlSet
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-FastCGI-Cache
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Aws-Lambda-Call-Status
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Px
X-Navigation-Version
RTSS
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Goog-Hash
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Exp-Variant
Accept-Ch
X-Origin-Cache
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Powered-CMS
AR-ATIME
AR-Request-ID
AR-SID
AR-PoweredBy
AR-CACHE
X-Version
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
X-TTL
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-RateLimit-Remaining
X-Protected-By
TCN
X-T
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Content-MD5
S
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-CST
X-Mid
SPRequestDuration
Front-End-Https
SPIisLatency
X-Language
Realpath
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Pinterest-Generated-By
Filters
X-Ttl
Pinterest-Version
X-Pinterest-Rid
Server-Node
X-MCACHE
X-Ua-Browser
Server-Name
X-Content
X-Ab
X-Frontend
X-DynaTrace
X-Correlation-Id
X-NWS-LOG-UUID
X-Ruxit-Js-Agent
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-ECACHE
X-Ser
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
X-Hits
X-Template
X-Parallel-Accel
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
Alternate-Protocol
Fusion-Component-Id
Fusion-Template-Id
X-Cache-Key
X-Tt-Trace-Tag
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
X-Content-Options
X-Kong-Upstream-Latency
Cache-Tags
X-Kong-Proxy-Latency
X-Page-Id
Charset
Cleartype
Host
X-B3-Sampled
X-Www-Served-By
X-Git-Hash
X-Fastly-Request-Id
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Daa-Tunnel
X-Webkit-CSP
X-Amzn-Trace-Id
X-Content-Digest
X-Ratelimit-Limit
X-Amz-Replication-Status
Filterid
X-Varnish-Age
X-Accel-Expires
X-Hostname
X-Activity-Id
X-AppVersion
X-Az
X-Forwarded-Proto
X-VCache
X-FB-Debug
X-Upgrade-Enabled
X-Grace
TP-Cache
TP-L2-Cache
X-WebKit-CSP-Report-Only
X-Origin-Server
Cross-Origin-Opener-Policy
X-Rid
X-N
Access-Control-Allow-Method
ServerID
X-Nginx-Upstream-Cache-Status
X-F-Cache
X-XRDS-LOCATION
X-Mobile-URL
X-LB-Cache
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Flags
X-Is-Crawler
X-TT
X-Whom
Viewport
X-App-Environment
X-Varnish-Grace
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Seen-By
X-GUploader-UploadID
X-Tb
X-Goog-Generation
X-Type
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Type
Payment
Node
X-Distributor
X-FW-Server
DC
Paypal-Debug-Id
X-Server-ID
X-App-Server
X-User-Agent
Fastcgi-Useragent
Country
X-NGENIX-Cache
Accept-Charset
X-Oneagent-Js-Injection
X-Origin-Upstream-Status
X-Wix-Request-Id
X-Cache-Control
X-DataDome
X-Cache-Rule
X-Litespeed-Cache
X-Logged-In
Version
X-Request-Handler-Origin-Region
X-Microsite
X-Via-JSL
X-Drupal-Cache-Tags
Referer-Policy
X-Cache-Age
X-Ratelimit-Reset
X-Varnish-Backend
X-B-Cache
X-Signature
X-Load-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Cluster-Name
Refresh
X-Contextid
Cache-Status
VIX-Pulpo-Node
X-Node-Name
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
Amp-Access-Control-Allow-Source-Origin
VIX-Pulpo-Upstream-Status
X-Buckets
X-Is-Bot
X-Tec-Api-Version
X-Cache-Expired-At
X-Rendered-As
X-Tec-Api-Root
X-Tec-Api-Origin
X-Vgn-Hpd-Reason
X-Real-IP
X-Mobile
X-Page-View
X-Proxy-Cache-Status
NGB
X-Jobs
X-B
X-Debug
X-Cacheable-TTL
Access-Control-Request-Headers
X-IPLB-Instance
X-Yottaa-Optimizations
X-Revision
X-Yottaa-Metrics
X-Device-Type
X-Rule
X-UUID
X-RemovedCookies
X-ProcessESI
X-Instance
X-Proxy
X-Cache-Action
X-Fastly-Request-ID
Akamai-GRN
X-Drupal-Cache-Contexts
Surrogate-Key
X-Debug-IsPreview
X-Framework
X-Debug-IsConnected
X-Cache-Time
X-Fastcgi-Cache
X-FW-Version
X-G
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
CF-IPCountry
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
DynaTrace
X-XRDS-Location
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Azure-Ref
Liferay-Portal
SID
X-Presslabs-Stats
GEO-INFO
X-PressLabs-Stats
X-Source
X-Accel-Buffering
X-Ms-Request-Id
X-Ms-Version
Count-Hit
Healthy
X-Nginx-Cache
Frame-Options
Uber-Trace-Id
MS-CV
Ms-Operation-Id
X-RTag
X-CDN-Forward
X-APP-VERSION
X-Cache-Operation
X-Cache-NGX
X-EdgeConnect-Cache-Status
X-Zen-Fury
Xserver
Countrycode
X-L-Path
X-Environment-Context
X-Tumblr-Pixel-1
X-Varnish-Server
X-Cache-Hit
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Mode
X-Backend-Name
Cross-Origin-Window-Policy
Protected
Ec-Rule-Version
X-IPS-LoggedIn
X-Region
X-Forwarded-Host
X-Servername
X-Cache-TTL-Remaining
X-UPSTREAM-Address
Backend
X-SaId
X-Rewrite-Enabled
X-Tid
X-RN-RSRV
X-Content-Powered-By
Meta-Geo
X-JoinUs
X-Detected-As
X-Sorting-Hat-ShopId
Eomportal-Instance
X-ShopId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Proxied
X-Hosted-By
X-ShardId
Apigw-Requestid
X-Sql-Duration-Ms
X-Sql-Count
X-Cache-Grace
X-Uri
X-Generation-Time
X-Redis-Cache
X-Extlb
Country-Code
X-Routing-Service
X-Adobe-Content
X-Adobe-Loc
X-Zipkin-Id
X-Cache-Server
Decoy-Debug-Status
X-Ratelimit-Remaining
Decoy-Debug-TTL
Decoy-Debug-Key
X-Debug-Cache
X-Site-Version
X-Status
X-Format
Mn-Server-Ip
X-Content-Age
X-PERF
X-FB-TRIP-ID
X-Via-Fastly
X-ApacheServer
X-Varnish-Beresp-Grace
X-Human
X-PHP-Backend
Cache-Name
X-No-Session
Fastly-SSL
X-ServerID
Url
X-Hyper-Cache
X-Origin-Date
X-NCache
Section-Io-Cache
X-Microcachable
Cache-Tv-Group
Webcakes-App-Version
X-Cache-Host
X-Cache-Type
X-BYPASS-REASON
X-ProxyCache-Status
X-Pubstack
X-ProxyCache-Key
X-Proxy-Build
X-Origin-Hint
X-PCL
X-Cluster-Node
X-OCL
X-NYM-Debug-Backend
X-Akamai-Edgescape
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Selected-Fe
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Access
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
Property-Id
X-Section
X-Timing-Wait
X-UA-Device-Type
X-Server-W
X-Storage
X-NewRelic-App-Data
X-SayCDN-TTL
X-Web-Node
WPO-Cache-Message
X-R9-Blue-Green-Version
X-Varnishpool
X-Say-TTL
X-Say-Cacheable
WPO-Cache-Status
X-Hl-Ver
LB
CDN-Cache
CDN-Uid
X-RateLimit-Limit
CDN-RequestId
CDN-EdgeStorageId
CDN-CachedAt
X-Soup
CDN-RequestCountryCode
Content-Secure-Policy
X-Be
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Content-Disposition
CDN-PullZone
Azure-RegionName
X-TIME
DB-Nickname
X-Generated-By
X-Ua
X-Trace-Id
X-Azure-Ref-OriginShield
X-LSADC-Cache
OT-Force-Account-Verify
X-Webkit-Csp
SRV
X-Dc
X-Cached-By
X-SRV
X-Nginx-Cache-Key
Source
X-Bc-Bl
X-Unique-Id
Cache
Retry-After
X-TT-LOGID
X-LAGOON
X-Auto-Login
X-Cache-Remote
X-Platform-Server
X-Origin-CC
X-Origin-TTL
Mime-Version
Cache-Hits
X-Varnish-Hits
Xet-Cookie
X-GEO
X-Xfnlog-Site
X-TNCMS
X-Loop
X-HTML-Minification-Powered-By
X-App-Version
X-Varnish-Hostname
X-Akamai-Transformed
X-S-Maxage
Onion-Location
ServedBy
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Cache-Tags
HostName
X-Varnish-Cache-Hits
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Web-Mar-Node
Upgrade-Insecure-Requests
X-EC-Lua
X-Proto
Webserver
X-Request-Time
X-CSRF-Token
X-CLOUD-TRACE-CONTEXT
From-Origin
X-AOL-HN
X-Tenant
X-Time
X-Request-Host
N-Cache
WP-Super-Cache
X-Endurance-Cache-Level
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Cache-Var-Map
X-Cache-Var
X-FireWall-Port
X-B3-SpanId
X-GG-Cache-Date
X-ECache
X-Time-Microsecs
X-Origin-Response-Time
X-Edge-Location
X-Cache-Enabled
X-Mg-Request-UUID
X-Handled-By
X-A-Dam
X-Block-Status
X-A
X-B-Cookie
X-A-Dcw
X-Application
X-Aed
X-A-Wwc
X-ARC
X-A-Dgt
X-Aicache-OS
Mobile-Detection-Method
Expiry
Fastcgi-X-Cache-Version
Meta-Geo-Continent
DCR-Processing-Time-Ms
DCR-Decision-By
Nel
A
BehaviorPad-Version
X-Cache-NE
Odigeo-Trace-Id
Surrogated-Key
User-Cache-Control
V-Age
Sslversion
Rendered-Blocks
Pramga
Redirect-Candidate
Vix-Hermes-Req-Id
X-Developer
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-Shop-Environment
X-S-Cookie
X-S
X-Planisys-CDN-TTL
X-Processor
X-Rojux
X-Slack-Backend
X-SRCache-Key
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-TIM-N
X-V-Cache
X-Vdms-Path
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-D
X-Destination
X-External-Request-Id
X-Connection-Hash
X-Conf
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cluster
X-Forwarded-Path
X-Ftr-Request-Id
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-ND-Cache
X-NAPM-TraceId
X-Gen-Mode
X-Hnp-Log
X-Ig-Push-State
X-CF-Lambda-Fn
X-A-Ccd
X-Amzn-RequestId
X-Correlation-ID
X-NWS-UUID-VERIFY
CloudFront-Viewer-Country
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-PHP-Host
X-Via-NSCOPI
X-MP-GENERATED-AT
X-Men
X-Location
X-Mvc-Supplant-Cachable
Cmsid
Gh-Request-Id
X-Li-Pop
X-LI-UUID
Cmstype
Wxu-Next-Commit
X-Old-Content-Length
X-Origin-Expires
DSUID
X-Owner
X-Policy
X-NodeID
X-Nyt-Route
X-Origin-Time
X-Hash
X-Cache-Bucket
X-Cache-Date
Svr
State
True-Client-Country-4JS
X-Zone
Wxu-Next-Hostname
Wxu-Next-Region
X-Accel-Expires-Debug
X-Cdn-Srv
X-Date
X-Geo-Header
X-Proxy-Upstream
Host-ID
X-Gdpr
X-Forwarded-Site
X-Epic-Correlation-Id
Origin
X-Fastly-Cache
X-Li-Fabric
Fastcgi-Cache-TTL
X-Adobe-Source
X-Sucuri-Cache
X-Reqid
X-Server-IP
AKAMAI
X-Sucuri-ID
X-SVT-ORM-RULES
X-Webstats-RespID
X-Viewer-Country
X-Magnolia-Registration
Fastly-Drupal-Html
X-Scheme
X-SVT-ORM-VERSION
Arc-Country
X-Request-URI
CDCHOST
CacheControlHeader
X-RCS-CacheZone
Environment
X-Locale
X-M-Reqid
X-Qnm-Cache
X-M-Log
Server-Info
X-Varnish-Beresp-Status
X-UnsetCookies
X-Request-Start
X-Cdn-Origin
X-Cache-Info
X-Platform
X-CGP
X-Core-Value
X-Core-Mission
X-Sn-Servicetimems
AMP-Access-Control-Allow-Source-Origin
X-Cache-Id
X-Cache-Debug
X-VServer
X-Skip-Cache
X-Served-From
X-Backend-TTL
X-Backend-State
X-Bip
X-VarnishDD-TTL
X-VG-TLSProxy
X-RateLimit-Remaining-Second
X-Branch-Name
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Generated-On
X-Req
X-Region-Sid
X-Gamma-Serve
X-Level-Front-Cache
X-GeoIP
X-GeoIP-City
X-HS-Content-Campaign-Id
X-HN
X-Storefront-Renderer-Rendered
X-Gzip
X-Fetched-On
X-RateLimit-Limit-Second
X-Device-Os
X-Rocket-Nginx-Serving-Static
X-Developers
X-TrackingId
X-Datadog-Sampling-Priority
X-Envoy-Decorator-Operation
X-Thanos
X-Fastly-Backend
X-TH-Server
X-Eu-Site
X-Esi-Check
X-Irp-Debug
X-Datadog-Trace-Id
Ssr
Apple-News-Services-Request-Url
Mail-Subject
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Traceparent
Apple-News-Services-Handled
Server-Host
Release
HA-Ipaddr
L
L5d-Success-Class
Ha-Gx-Prefs
Origin-CC
PFcat
Origin-EX
Machine
X-CACHE-KEY
Locid
Web-Mar-Region
We-Hiring
X-VC-Cache
X-DefHash
X-NU-AKA-ACS-Version
Platform
X-DefElseHash
X-Node-Id
Req-Svc-Chain
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-DPWN-IS-SECURE
X-Variation
X-Pod-Name
Fastly-SIE
X-JWT-State
NM-Fastcgi-Cache
X-Is-Gdpr
Is-Eu
Memcached
X-FC-Vary-Parameters
Fastly-SWR
Fastly-GeoIP-CountryCode
X-Rebelmouse-Surrogate-Control
X-GeoIP-Region-Code
X-Origin
X-GeoIP-Country-Code
Cf-Device-Type
X-Varnish-CookieINHashed-On
Adler-Geo
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Amzn-Remapped-Content-Length
X-Sigma
X-Sigma-Backend
X-ATG-Version
X-BBC-Edge-Cache-Status
X-Thinkindot-L3
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
Thinkindot-Control
X-Has-Esi
X-Worker
X-Response-By
X-Rocket-Build-Number
TDXMobile
X-Xrds-Location
X-Loc
S-Rt
X-Tx-Id
X-Mvc-Supplant-OutputCached
NGX
X-Ua-Device
X-Varnish-Beresp-Ttl
Magicmarker
X-Cache-Config
X-Up
X-CS
X-NC
X-API-Version
X-TraceId
X-Akamai-Request-ID2
CDN
X-Generated-In
Pics-Label
X-LB-ID
X-Http-Reason
X-Restarts
X-Datadome
Datacenter
Kp-EeAlive
Ms-Author-Via
Memory
X-Trace-ID
X-Tt-Logid
Time
X-Tb-Optimization-Total-Bytes-Saved
NtCoent-Length
X-DI
X-Optimistic-Header
X-DB
X-Edge-Pop
X-DSS
X-Action
X-RSL
X-Wix-Viewer-Type
X-RPS
X-Cache-Backend
Candidate-Md5Url
Env
X-DW
X-RPM
Edge-Cache
X-LB-NoCache
X-Vc
WebServer
X-Varnish-Ttl
X-Via-Popv
Accept-Language
X-Via-Popn
GeoIp-Country-Code
X-Via-Poph
X-Refresh
X-DynaTrace-JS-Agent
On-Server
X-Minions-Version
WWW-Authenticate
X-DC
X-TA-CDN-Provider
Esi-Enabled
X-CacheTTL
X-Parent-Response-Time
X-Esi
X-Servedbyhost
X-Varnish-Beresp-TTL
X-HA-Backend
X-Cs
X-Urbn-Context-Path
X-Srv
X-Urbn-Site-Id
Locale
X-Dynatrace
C-Via
X-MSEdge-Flight
X-Service
X-Unique-ID
Server-ID
X-MSEdge-Features
X-TX-ID
X-Newrelic-Synthetics
X-Ec-GeoHdr
X-User
X-Ec-Fail
X-Cache-PHP
X-ZONE
X-VCL-Version
X-Cache-Ttl
X-App
X-Li-Proto
X-LiteSpeed-Cache-Control
X-Fpc
X-Render-Time
X-LI-Proto
X-Cache-Status-Check
X-URL
X-FPC
X-Webkit-Csp-Report-Only
Test
Cdncip
X-AK-Request-ID
Cdnsip
X-Traceid
X-Pass-Why
Cluster
Geoip-Latitude
X-Fmm-Version
X-B3-Spanid
X-Vcl-Version
X-WADP-Cache
X-Clara-WADP
My-App
Geo-Info
X-NODE
Proxy-Connection
X-Webkit-CSP-Report-Only
Tracecode
X-CUA
Server-Id
Resin-Trace
X-Var-Ttl
X-Mcache
M-TraceId
X-AIR-PT
X-CSRF-TOKEN
T-Server
Tcn
X-Info
Lfy
X-Clientip
X-From
X-LiteSpeed-Tag
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Cf-Int-Pingora-Origin-Digest
Lang
Fastly-Drupal-HTML
HIT
Hostname
X-Oss-Request-Id
X-Fragments
X-Ha-Backend
UCS
X-Oss-Server-Time
X-Oss-Storage-Class
Cache-Host
Target-Params
X-ID
DataCenter
S-Cnection
X-ServedByHost
X-Geo
X-COUNTRY
X-WP-CF-Super-Cache-Cache-Control
GeoIP-Country-Code
X-WP-CF-Super-Cache
X-RAMCache
X-Via-PopV
X-Via-PopH
Ohc-File-Size
X-NGINX-Cache
X-HostName
X-Via-PopN
X-Pad
Hit
X-Dynatrace-Js-Agent
X-VC
X-Edge-POP
X-ElasticPress-Query
X-Micro-Cache
MIME-Version
X-Cdn-Forward
Fastly-Backend-Name
User-Agent
ENV
X-Proxy-Cache-Info
X-Httpd
X-Backend-Host
Permissions-Policy
X-BBC-Origin-Response-Status
Load-Balancing
X-Release
X-Api-Version
X-Provided-By
X-Edge-Cache
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Check-Cacheable
Section-Io-Id
Section-Io-Origin-Status
X-Lb-Nocache
Servername
X-APP
X-Fastly-Backend-Reqs
X-Ucs
X-BCube-Filmed-By
X-ServerName
WZWS-RAY
Producers
X-HS-Status
X-GoCache-CacheStatus
Uri
X-SB
X-Lb-Id
EpKe-Alive
URI
X-Cache-CFC
X-UP
PICS-Label
ServerName
FSS-Cache
Lb
X-TRACE-ID
Sid
Server-Ttl
CPC-Age
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Swift-Error
Cdn
X-Udemy-Cache-App-Namespace
X-Pool
X-RateLimit-Reset
Cache-Key
CPC-Cache
X-WA
Ohc-Cache-HIT
Cneonction
X-WA-Info
X-B3-ParentSpanId
X-Cdn-Request-ID
X-Nc
X-Fastly-Cache-Hits
VNS-Age
Cteonnt-Length
Path
X-Amz-Meta-Cb-Modifiedtime
VNS-Cache
X-Dw-Trace-Id
X-Wikidot-Backend
X-Ec-Custom-Error
X-Vcache
Shield-Pop
X-Akamai-Request-ID
X-Wikidot-Static-Cache
X-Yottaa-OS
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-Akamai-ERRuleID
X-Newrelic-App-Data
X-Akamai-ERPolicy
X-Snapshot-Date
X-Acquia-Site
CF-Cached-On
X-Cache-ASPX
Vha6-Origin
X-Scale
X-Contensis-Viewer-Groups
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-ES-SERVER
X-Acquia-Application-Trace
Cf-Ipcountry
X-Cache-Ngx
X-Air-Pt
X-IN-APIGATEWAYSSL
X-SIPLIST1
X-Shopify-Generated-Cart-Token
X-Varnish-Authentication
IsBot
X-Cache-Expires
X-IN-APIGATEWAY
X-Te-Count
X-Akamai-Pragma-Client-IP
X-UA
Ngx
X-Sentry-ID
CountryCode
Req-ID
X-CacheKey
X-Cms-Context
X-Te-Duration-Ms
X-Logging-Id
Pagetype
X-Http-Duration-Ms
X-PJAX-URL
X-Http-Count
X-Last-Modified