Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Link
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Request-ID
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
Accept-Ch-Lifetime
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-Application-Context
Content-Location
Rating
X-Ua-Compatible
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Url
X-Trace
X-Ac
X-Content-Type
Accept-CH-Lifetime
X-Varnish-TTL
X-Vname
X-PC
X-TtlSet
Allow
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-ESI
X-Language
Cache-Tag
Fastly-Restarts
X-Server-Name
X-FastCGI-Cache
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-Template
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
MS-Author-Via
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Aws-Lambda-Call-Status
X-Abt-Application-Version
X-Cache-TTL
X-Origin-Cache
X-Cnection
X-Px
Arr-Disable-Session-Affinity
Accept-Ch
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-Goog-Hash
RTSS
X-Navigation-Version
X-NF-Request-ID
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Version
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Powered-CMS
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
Pagespeed
X-Sol
Display
X-Middleton-Display
AR-PoweredBy
X-Amz-Server-Side-Encryption
AR-SID
AR-ATIME
AR-CACHE
AR-Request-ID
X-Middleton-Response
Response
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-MSEdge-Ref
X-Buckets
X-LLID
X-Edge
X-Kinsta-Cache
X-Edge-Location-Klb
X-TTL
Nginx-Cache
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Shield-Request-Id
X-Protected-By
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-T
TCN
X-RateLimit-Remaining
S
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
Content-MD5
X-Mg-S
X-Id
X-MCACHE
X-Mid
Realpath
Edge-Cache-Tag
Fastcgi-Cache
SPIisLatency
SPRequestDuration
Front-End-Https
X-CST
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Server-Node
X-DynaTrace
X-Ab
X-Content
X-Ua-Browser
X-Correlation-Id
Server-Name
X-Frontend
X-Parallel-Accel
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
X-Ttl
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
SPRequestGuid
X-ECACHE
X-NWS-LOG-UUID
X-SharePointHealthScore
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Ezoic-Cdn
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
Alternate-Protocol
X-Hits
X-Cache-Key
X-Ser
X-Content-Options
X-Tt-Trace-Tag
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
X-Page-Id
X-B3-Sampled
Host
X-Kong-Upstream-Latency
X-Ruxit-Js-Agent
Cache-Tags
X-Kong-Proxy-Latency
Cleartype
Charset
X-Git-Hash
X-Www-Served-By
X-Accel-Expires
X-Daa-Tunnel
X-Geo-Country
X-DIS-Request-ID
X-Amz-Replication-Status
X-Content-Digest
Filterid
X-Amzn-Trace-Id
X-VCache
X-Varnish-Age
TP-Cache
X-Forwarded-Proto
TP-L2-Cache
X-Debug-Info
X-Activity-Id
X-AppVersion
X-Hostname
X-Fastly-Request-Id
X-Az
X-Upgrade-Enabled
X-FB-Debug
X-Rid
Access-Control-Allow-Method
X-N
X-Origin-Server
X-Grace
X-Nginx-Upstream-Cache-Status
Cross-Origin-Opener-Policy
X-LB-Cache
ServerID
X-XRDS-LOCATION
X-Mobile-URL
X-F-Cache
X-Request-Guid
X-Flags
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Server-ID
X-Whom
X-TT
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Origin-Upstream-Status
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Varnish-Grace
X-App-Environment
X-Ratelimit-Limit
Viewport
X-Tb
X-App-Server
X-Distributor
Payment
X-WebKit-CSP-Report-Only
Node
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Hash
X-FW-Static
X-NGENIX-Cache
X-Type
X-Seen-By
DC
Paypal-Debug-Id
X-Cache-Control
Fastcgi-Useragent
X-Microsite
X-Request-Handler-Origin-Region
X-User-Agent
Country
Accept-Charset
X-Litespeed-Cache
X-Logged-In
X-Fastcgi-Cache
X-Wix-Request-Id
X-Cache-Rule
X-Fastly-Request-ID
X-Webkit-CSP
X-Cache-Age
Version
X-DataDome
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Erf-Bev-Bev
X-Varnish-Backend
Referer-Policy
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Via-JSL
Amp-Access-Control-Allow-Source-Origin
X-Drupal-Cache-Tags
X-Load-Cache
X-Node-Name
Refresh
Cache-Status
X-Cluster-Name
X-Cache-Action
X-B-Cache
X-Original-Request-Id
X-Contextid
X-Response-Served-From
Access-Control-Request-Headers
X-Signature
SD-X-WS
X-Cache-Expired-At
X-Real-IP
X-Jobs
X-Rendered-As
X-IPLB-Instance
X-Proxy-Cache-Status
X-Vgn-Hpd-Reason
X-Is-Bot
X-Page-View
X-ProcessESI
NGB
X-B
X-UUID
X-Mobile
X-Revision
X-Cacheable-TTL
X-PressLabs-Stats
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Debug
X-RemovedCookies
X-Device-Type
X-Rule
Akamai-GRN
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Proxy
X-Instance
X-Cache-Time
Surrogate-Key
X-G
X-Tec-Api-Version
X-Drupal-Cache-Contexts
X-Tec-Api-Root
X-Tec-Api-Origin
X-Framework
X-Debug-IsPreview
X-Debug-IsConnected
CF-IPCountry
X-Air-Hostname
X-Air-Source
X-FW-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Air-Trace-Id
DynaTrace
SID
Liferay-Portal
X-XRDS-Location
X-Azure-Ref
Healthy
X-Ratelimit-Reset
X-Nginx-Cache
X-Oneagent-Js-Injection
X-CDN-Forward
X-Source
Frame-Options
X-Ms-Version
X-Ms-Request-Id
Count-Hit
Ms-Operation-Id
MS-CV
X-RTag
GEO-INFO
X-Cache-Operation
Xserver
X-Accel-Buffering
Uber-Trace-Id
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Cache-Hit
X-Varnish-Server
X-L-Path
X-Tumblr-User
X-Tumblr-Pixel
Countrycode
X-Environment-Context
X-Presslabs-Stats
X-Region
X-Zen-Fury
X-Backend-Name
X-Mode
X-Servername
X-Forwarded-Host
Ec-Rule-Version
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Nel
X-Content-Powered-By
Backend
X-Cache-NGX
Section-Io-Cache
X-Detected-As
X-Cache-Type
X-JoinUs
X-SaId
X-RN-RSRV
X-UPSTREAM-Address
Meta-Geo
X-Cache-Grace
DB-Nickname
Country-Code
Protected
Decoy-Debug-Key
X-Debug-Cache
Apigw-Requestid
Decoy-Debug-TTL
X-Extlb
X-Alternate-Cache-Key
Mn-Server-Ip
X-Cache-Server
Eomportal-Instance
X-Cache-TTL-Remaining
Decoy-Debug-Status
X-Hosted-By
X-Redis-Cache
X-Sorting-Hat-ShopId
X-Sql-Count
X-Sql-Duration-Ms
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Routing-Service
X-Status
X-Tid
X-Rewrite-Enabled
X-Zipkin-Id
X-Uri
X-Generation-Time
X-Proxied
Property-Id
X-Format
X-ServerID
Fastly-SSL
X-Varnish-Beresp-Grace
TWC-Connection-Speed
X-Storage
X-UA-Device-Type
Cache-Name
Cache-Tv-Group
TWC-GeoIP-LatLong
X-Origin-Hint
X-PERF
X-PHP-Backend
X-BYPASS-REASON
X-Origin-Date
X-No-Session
X-Human
X-Microcachable
X-NCache
X-ApacheServer
X-ProxyCache-Key
TWC-Privacy
TWC-Locale-Group
X-FB-TRIP-ID
TWC-GeoIP-Country
Url
Webcakes-App-Name
X-ProxyCache-Status
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
X-Via-Fastly
X-RateLimit-Limit
X-SayCDN-TTL
X-Say-TTL
X-Cache-Host
X-Server-W
X-Adobe-Loc
Selected-Fe
X-Adobe-Content
X-Say-Cacheable
X-Section
X-OCL
X-PCL
X-Proxy-Build
X-Web-Node
X-NYM-Debug-Backend
X-Access
X-Site-Version
X-Akamai-Edgescape
X-Soup
X-Timing-Wait
Azure-RegionName
Azure-SlotName
Azure-SiteName
X-Hl-Ver
X-Varnishpool
X-Cluster-Node
Azure-Version
X-NewRelic-App-Data
Azure-InstanceId
X-Content-Age
OT-Force-Account-Verify
X-Pubstack
Content-Secure-Policy
X-R9-Blue-Green-Version
SRV
X-Be
X-Webkit-Csp
X-Ua
X-LSADC-Cache
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
CDN-Uid
X-Azure-Ref-OriginShield
X-Hyper-Cache
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
X-Cached-By
X-Generated-By
Content-Disposition
Cache
Source
X-Unique-Id
X-App-Version
X-SRV
X-Ratelimit-Remaining
X-LAGOON
WPO-Cache-Message
X-Bc-Bl
X-Nginx-Cache-Key
WPO-Cache-Status
LB
X-HTML-Minification-Powered-By
X-TT-LOGID
X-Origin-TTL
Xet-Cookie
Cache-Hits
X-Origin-CC
X-Time
X-Auto-Login
X-Dc
X-Varnish-Hits
X-Amz-Meta-S3cmd-Attrs
X-Trace-Id
X-Varnish-Hostname
X-TIME
X-Loop
X-TNCMS
X-S-Maxage
X-GEO
Onion-Location
Retry-After
X-Cache-Var-Map
X-Akamai-Transformed
X-Cdn
Mime-Version
X-Cache-Var
X-Platform-Server
HostName
Web-Mar-Node
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Xfnlog-Site
X-Proto
X-CSRF-Token
X-Qnm-Cache
Webserver
X-Time-Microsecs
X-Endurance-Cache-Level
X-Cache-Remote
X-M-Log
X-Cache-Tags
X-Edge-Location
X-M-Reqid
X-Tenant
X-B3-SpanId
X-Varnish-Cache-Hits
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
N-Cache
X-GG-Cache-Date
Upgrade-Insecure-Requests
X-Request-Time
X-ECache
X-AOL-HN
X-Mg-Request-UUID
X-EC-Lua
X-Amzn-RequestId
X-PHP-Host
X-Correlation-ID
X-Request-Host
X-Amz-Apigw-Id
X-RCS-CacheZone
CloudFront-Viewer-Country
X-Labrador-Cache-Channel
ServedBy
X-Via-NSCOPI
X-FireWall-Port
X-SRCache-Key
X-Vdms-Version
X-Vdms-Path
X-Gen-Mode
V-Age
User-Cache-Control
X-Slack-Backend
Sslversion
Surrogated-Key
X-VG-WebCache
Wxu-Next-Commit
X-PAYTM-SRV-ID
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Planisys-CDN-Cache
X-A
Wxu-Next-Hostname
X-SD-PageType
X-PBS-Appsvrname
DCR-Decision-By
X-Vtex-Processado-Em
Rendered-Blocks
Fastcgi-X-Cache-Version
BehaviorPad-Version
X-SVT-ORM-RULES
X-S-Cookie
Expiry
X-Ig-Push-State
DCR-Processing-Time-Ms
DSUID
X-Hnp-Log
CDCHOST
Xc-Version
L
X-Vtex-Remote-Cache
X-Origin-Response-Time
Pramga
Redirect-Candidate
WP-Super-Cache
Origin
A
Meta-Geo-Continent
Mobile-Detection-Method
Odigeo-Trace-Id
X-A-Wwc
Wxu-Next-Region
X-Session-Fingerprint
X-ScT
X-CF-Lambda-Version
X-TIM-N
X-Orig-Expires
X-Shop-Environment
X-Ftr-Request-Id
X-SVT-ORM-VERSION
X-Planisys-CDN-Rules
X-Ckpd-Fst-Backend
X-Cluster
X-Forwarded-Path
X-External-Request-Id
X-Rojux
X-S
X-Developer
X-Destination
X-Conf
X-Connection-Hash
X-D
X-Cache-NE
X-CF-Lambda-Fn
X-Application
X-ND-Cache
X-V-Cache
X-Block-Status
X-B-Cookie
X-NAPM-TraceId
X-Planisys-CDN-TTL
X-ARC
X-Processor
X-Aed
X-Cache-Date
X-MP-GENERATED-AT
X-Hash
Locid
X-HN
X-Epic-Correlation-Id
X-Accel-Expires-Debug
X-Fastly-Cache
X-Aicache-OS
Fastcgi-Cache-TTL
X-Developers
Gh-Request-Id
X-VarnishDD-TTL
X-Date
X-Device-Os
X-Core-Mission
Origin-CC
Ssr
X-Forwarded-Site
X-Cdn-Srv
State
X-Cache-Debug
True-Client-Country-4JS
Traceparent
X-Geo-Header
X-VServer
X-Gdpr
X-Webstats-RespID
Origin-EX
PFcat
X-Cache-Bucket
Vix-Hermes-Req-Id
Release
X-Cache-Info
Host-ID
X-Fetched-On
X-Server-IP
X-Li-Pop
X-Sucuri-Cache
X-Men
Apple-News-Services-Host
Apple-News-Services-Handled
X-Skip-Cache
X-Li-Fabric
X-NodeID
X-Origin-Expires
X-Policy
From-Origin
X-Mvc-Supplant-Cachable
X-Proxy-Upstream
X-Origin-Time
Apple-News-Services-Parsed-Url
X-Storefront-Renderer-Rendered
CacheControlHeader
X-LI-UUID
X-Sucuri-ID
X-Rocket-Nginx-Serving-Static
Cmstype
Cmsid
X-Nyt-Route
X-Old-Content-Length
Apple-News-Services-Request-Url
Arc-Country
X-Location
X-VC-Cache
X-Zone
Environment
X-Handled-By
X-Locale
Server-Info
X-Owner
X-Served-From
X-Pod-Name
X-Request-URI
X-Adobe-Source
Fastly-Drupal-Html
X-HS-Content-Campaign-Id
X-Gamma-Serve
X-Sigma
We-Hiring
X-Platform
X-Cache-Config
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Reqid
X-Scheme
X-Rocket-Build-Number
X-TH-Server
X-Fastly-Backend
X-Esi-Check
X-Core-Value
X-Req
X-Node-Id
X-BBC-Edge-Cache-Status
X-Varnish-Beresp-Status
X-Branch-Name
X-Cache-Id
X-Thinkindot-L3
X-Cdn-Origin
X-TrackingId
X-ATG-Version
Web-Mar-Region
X-Envoy-Decorator-Operation
X-UnsetCookies
Server-Host
X-Viewer-Country
L5d-Success-Class
X-GeoIP-City
X-Gzip
Req-Svc-Chain
HA-Ipaddr
X-Eu-Site
X-Irp-Debug
X-CGP
X-Backend-State
X-Sn-Servicetimems
X-GeoIP
Thinkindot-CacheControl-Type
X-RateLimit-Limit-Second
Thinkindot-Control
AKAMAI
X-RateLimit-Remaining-Second
X-Sigma-Backend
Fastly-GeoIP-CountryCode
X-VG-TLSProxy
TDXMobile
Svr
Thinkindot-CacheControl
X-Csrf-Jwt
Mail-Subject
Ha-Gx-Prefs
X-Xrds-Location
X-NWS-UUID-VERIFY
X-CS
X-Cache-Enabled
X-Magnolia-Registration
X-FC-Vary-Parameters
Machine
X-Generated-On
X-Worker
Memcached
X-Tx-Id
Adler-Geo
X-Thanos
Is-Eu
X-Request-Start
AMP-Access-Control-Allow-Source-Origin
X-DPWN-IS-SECURE
X-Loc
X-Response-By
Fastly-SIE
Cf-Device-Type
X-DefElseHash
X-DefHash
Fastly-SWR
X-Level-Front-Cache
Platform
X-Amzn-Remapped-Content-Length
X-Variation
X-NU-AKA-ACS-Version
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Bip
X-Is-Gdpr
X-Varnish-Remaining-TTL
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Region-Sid
NGX
NM-Fastcgi-Cache
X-Has-Esi
X-Origin
X-CACHE-KEY
X-JWT-State
X-Ua-Device
Datacenter
X-Trace-ID
X-Qloud-Router
X-Mvc-Supplant-OutputCached
X-Backend-TTL
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Ttl
X-LB-ID
X-NC
X-GeoIP-Country-Code
Pics-Label
Candidate-Md5Url
X-API-Version
X-GeoIP-Region-Code
X-Up
X-Generated-In
CDN
Ms-Author-Via
Magicmarker
X-Datadome
WWW-Authenticate
X-Tb-Optimization-Total-Bytes-Saved
X-LB-NoCache
On-Server
X-Vc
S-Rt
X-DynaTrace-JS-Agent
X-Via-Popn
X-Via-Poph
X-Restarts
Time
Memory
Kp-EeAlive
X-DC
Esi-Enabled
Env
X-Via-Popv
WebServer
X-Tt-Logid
X-TraceId
X-Edge-Pop
X-Refresh
NtCoent-Length
X-Optimistic-Header
X-TA-CDN-Provider
X-Parent-Response-Time
X-CacheTTL
X-Wix-Viewer-Type
X-Service
C-Via
GeoIp-Country-Code
Edge-Cache
X-Cache-Backend
X-Http-Reason
X-Akamai-Request-ID2
X-Action
X-RPS
X-DI
X-DB
X-DW
X-Cache-PHP
X-RPM
X-DSS
X-Esi
X-Servedbyhost
X-RSL
X-Srv
X-Newrelic-Synthetics
X-Unique-ID
X-MSEdge-Features
X-Minions-Version
X-MSEdge-Flight
X-Varnish-Beresp-TTL
Server-ID
X-Webkit-Csp-Report-Only
X-HA-Backend
X-Cache-Status-Check
X-Render-Time
X-Dynatrace
X-TX-ID
Accept-Language
X-ZONE
X-Cs
X-VCL-Version
X-Cache-Ttl
X-Traceid
X-App
X-Varnish-Ttl
X-Fpc
X-LI-Proto
X-Urbn-Site-Id
X-Urbn-Context-Path
X-URL
Proxy-Connection
Locale
Test
X-Ec-Fail
X-Ec-GeoHdr
X-User
X-AIR-PT
X-Li-Proto
X-Info
X-LiteSpeed-Cache-Control
X-FPC
X-Clientip
X-Webkit-CSP-Report-Only
X-NODE
UCS
Server-Id
X-Vcl-Version
Tcn
HIT
Cache-Host
X-B3-Spanid
Geo-Info
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Pass-Why
X-AK-Request-ID
M-TraceId
Cdncip
S-Cnection
Cdnsip
X-Fmm-Version
X-WADP-Cache
X-Clara-WADP
X-LiteSpeed-Tag
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
Cluster
X-HostName
My-App
X-CSRF-TOKEN
X-Var-Ttl
X-Ha-Backend
X-ID
X-Micro-Cache
Tracecode
Fastly-Backend-Name
X-CUA
Resin-Trace
User-Agent
Geoip-Latitude
GeoIP-Country-Code
Hostname
X-Dynatrace-Js-Agent
Section-Io-Origin-Status
X-ServedByHost
Hit
Section-Io-Id
X-Pad
X-Release
Section-Io-Origin-Time-Seconds
Lfy
Section-Origin-Responded
X-Edge-POP
Ohc-File-Size
X-Backend-Host
T-Server
X-From
Lb
X-Geo
X-RAMCache
X-Via-PopV
X-BCube-Filmed-By
X-Via-PopN
X-BBC-Origin-Response-Status
MIME-Version
X-Via-PopH
Lang
ENV
X-Check-Cacheable
X-ElasticPress-Query
X-Fragments
X-APP
Target-Params
X-Edge-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-NGINX-Cache
Load-Balancing
X-Api-Version
X-HS-Status
X-Cdn-Forward
X-WA-Info
X-ServerName
Path
VNS-Cache
X-WA
EpKe-Alive
CPC-Age
X-Ucs
X-Fastly-Backend-Reqs
URI
CPC-Cache
Cache-Key
X-Amz-Meta-Cb-Modifiedtime
VNS-Age
Servername
X-ES-SERVER
X-VC
DataCenter
X-Wikidot-Static-Cache
Cteonnt-Length
X-GoCache-CacheStatus
X-Wikidot-Backend
Uri
X-Mcache
X-UP
X-Fastly-Cache-Hits
X-TRACE-ID
FSS-Cache
X-Httpd
X-Proxy-Cache-Info
PICS-Label
Permissions-Policy
Shield-Pop
WZWS-RAY
X-PJAX-URL
X-Cms-Context
Pagetype
X-Lb-Id
X-Lb-Nocache
X-RateLimit-Reset
Ohc-Cache-HIT
X-Nc
Cneonction
X-B3-ParentSpanId
X-Cdn-Request-ID
Cdn
X-Dw-Trace-Id
X-Apw-Access-Token
X-Udemy-Cache-App-Namespace
X-Apw-Hits
Producers
X-Apw-Access-Object
X-CCDN-Origin-Time
X-Contensis-Viewer-Groups
CF-Cached-On
X-Apw-Access-Action
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
ServerName
Server-Ttl
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Akamai-Pragma-Client-IP
X-Hcs-Proxy-Type
X-Snapshot-Date
X-Cache-ASPX
X-Acquia-Site
X-Acquia-Application-UUID
X-CCDN-CacheTTL
Srv
X-Via-Ucdn
MD5-Digest
Cf-Ipcountry
X-Yottaa-OS
X-Swift-Error
X-Newrelic-App-Data
Vha6-Origin
X-Provided-By
Sid
X-Cache-Ngx
X-Air-Pt
X-Last-Modified
IsBot
CountryCode
Req-ID
X-SB
GeoIP-Latitude
X-UA
X-CacheKey
X-Miniprofiler-Ids
X-Te-Duration-Ms
Sever-Int
Server-Hostname
X-VG-WebServer
X-Sentry-ID
X-B3-Parentspanid
W
Server-Ext
X-Logging-Id
Ngx
X-Varnish-Authentication
X-Te-Count
X-Http-Duration-Ms
X-Http-Count
X-SIPLIST1