Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Country
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Cloud-Trace-Context
X-Ac
X-Content-Type
X-Vname
X-TtlSet
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-FastCGI-Cache
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-Aws-Lambda-Call-Status
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cnection
X-Px
X-Navigation-Version
RTSS
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-Goog-Hash
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
Accept-Ch
X-Origin-Cache
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
AR-SID
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Powered-CMS
X-Version
Display
X-Sol
X-Middleton-Display
Pagespeed
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
Nginx-Cache
X-TTL
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-RateLimit-Remaining
X-Protected-By
TCN
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-T
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
S
Content-MD5
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
X-CST
SPRequestDuration
SPIisLatency
Front-End-Https
X-Language
Realpath
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Pinterest-Version
Filters
X-Pinterest-Rid
Pinterest-Generated-By
X-Ttl
Server-Node
X-MCACHE
Server-Name
X-Ab
X-Content
X-Ua-Browser
X-DynaTrace
X-Frontend
X-NWS-LOG-UUID
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Correlation-Id
X-Ser
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
X-ECACHE
X-Hits
X-Template
X-Parallel-Accel
Fusion-Component-Id
X-Cache-Key
Fusion-Content-Id
Alternate-Protocol
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Kong-Proxy-Latency
X-Content-Options
MicrosoftSharePointTeamServices
Cache-Tags
X-Kong-Upstream-Latency
X-Page-Id
Host
X-B3-Sampled
Charset
Cleartype
X-Www-Served-By
X-Git-Hash
X-Fastly-Request-Id
X-Ruxit-Js-Agent
X-Geo-Country
X-DIS-Request-ID
X-Daa-Tunnel
X-Debug-Info
X-Amzn-Trace-Id
X-Webkit-CSP
X-Ratelimit-Limit
X-Content-Digest
X-Amz-Replication-Status
X-Varnish-Age
Filterid
X-XRDS-LOCATION
X-Accel-Expires
X-AppVersion
X-Activity-Id
X-Hostname
X-Az
X-Forwarded-Proto
X-VCache
X-FB-Debug
X-Upgrade-Enabled
X-Grace
TP-Cache
TP-L2-Cache
X-Origin-Server
X-WebKit-CSP-Report-Only
X-Rid
Cross-Origin-Opener-Policy
Access-Control-Allow-Method
X-Nginx-Upstream-Cache-Status
X-N
ServerID
X-F-Cache
X-Mobile-URL
X-LB-Cache
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Request-Guid
X-Flags
X-Route-Name
X-TT
X-Whom
X-Varnish-Grace
X-App-Environment
Viewport
X-Goog-Generation
X-GUploader-UploadID
X-Type
X-Seen-By
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Tb
Node
Payment
X-FW-Static
X-Distributor
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Dynamic
X-FW-Hash
X-Server-ID
Paypal-Debug-Id
DC
X-App-Server
X-User-Agent
Fastcgi-Useragent
Accept-Charset
X-NGENIX-Cache
Country
X-Origin-Upstream-Status
X-Wix-Request-Id
X-Cache-Control
X-DataDome
X-Cache-Rule
X-Litespeed-Cache
X-Logged-In
Version
X-Microsite
X-Request-Handler-Origin-Region
X-Via-JSL
X-Drupal-Cache-Tags
Referer-Policy
X-Cache-Age
X-Ratelimit-Reset
X-Cluster-Name
X-Varnish-Backend
X-Signature
X-B-Cache
X-Erf-Bev-Bev
X-Browser-Type
Refresh
X-Erf-Bev-Bev-Is-Generated
X-Load-Cache
X-Contextid
Cache-Status
X-Response-Served-From
X-Buckets
VIX-Pulpo-Node
X-Node-Name
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
Amp-Access-Control-Allow-Source-Origin
SD-X-WS
X-Tec-Api-Version
X-Tec-Api-Root
X-Mobile
X-Vgn-Hpd-Reason
X-Cache-Expired-At
X-Tec-Api-Origin
X-Page-View
X-Real-IP
X-Rendered-As
X-Is-Bot
X-Jobs
NGB
Access-Control-Request-Headers
X-Cacheable-TTL
X-Proxy-Cache-Status
X-Debug
X-B
X-UUID
X-Device-Type
X-Yottaa-Metrics
X-ProcessESI
X-Revision
X-Yottaa-Optimizations
X-Proxy
X-IPLB-Instance
X-Instance
X-RemovedCookies
X-Rule
Akamai-GRN
X-Fastly-Request-ID
Surrogate-Key
X-Cache-Action
X-Drupal-Cache-Contexts
X-Cache-Time
X-Debug-IsConnected
X-Debug-IsPreview
X-Framework
X-FW-Version
X-Fastcgi-Cache
X-G
X-Air-Trace-Id
X-Air-Source
CF-IPCountry
X-Air-Hostname
SID
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
DynaTrace
X-Azure-Ref
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Liferay-Portal
X-Presslabs-Stats
X-Nginx-Cache
GEO-INFO
X-PressLabs-Stats
X-Source
X-Accel-Buffering
X-Ms-Version
X-Ms-Request-Id
Count-Hit
X-Oneagent-Js-Injection
Uber-Trace-Id
Healthy
Frame-Options
X-APP-VERSION
X-RTag
MS-CV
X-Cache-Operation
X-CDN-Forward
Ms-Operation-Id
X-Cache-NGX
X-EdgeConnect-Cache-Status
X-XRDS-Location
X-Zen-Fury
Xserver
Countrycode
X-Environment-Context
X-L-Path
X-Cache-Hit
X-Varnish-Server
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Backend-Name
X-Mode
Cross-Origin-Window-Policy
Protected
Ec-Rule-Version
X-IPS-LoggedIn
X-Servername
X-Forwarded-Host
X-Region
X-Cache-TTL-Remaining
Meta-Geo
X-JoinUs
X-SaId
X-Tid
X-Rewrite-Enabled
X-Detected-As
X-RN-RSRV
X-UPSTREAM-Address
X-Content-Powered-By
Backend
X-Sql-Duration-Ms
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
Decoy-Debug-Status
X-Alternate-Cache-Key
X-Routing-Service
X-Proxied
X-Zipkin-Id
X-Generation-Time
X-Cache-Server
X-Redis-Cache
X-Hosted-By
X-Ratelimit-Remaining
X-Extlb
X-Debug-Cache
Decoy-Debug-TTL
Eomportal-Instance
X-Adobe-Content
X-Adobe-Loc
X-ShardId
X-Cache-Grace
X-ShopId
X-Uri
X-Sql-Count
Apigw-Requestid
Country-Code
Decoy-Debug-Key
X-Content-Age
X-PERF
X-NCache
X-Origin-Date
X-Human
X-PHP-Backend
Url
Fastly-SSL
Cache-Name
X-ServerID
X-Site-Version
Mn-Server-Ip
X-FB-TRIP-ID
X-ApacheServer
X-Hyper-Cache
X-Format
X-Varnish-Beresp-Grace
X-Status
X-No-Session
X-Via-Fastly
Section-Io-Cache
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-Country
Property-Id
X-NewRelic-App-Data
Selected-Fe
TWC-Connection-Speed
X-Access
TWC-GeoIP-LatLong
X-Akamai-Edgescape
X-PCL
X-Proxy-Build
X-Origin-Hint
X-OCL
X-Microcachable
X-NYM-Debug-Backend
X-ProxyCache-Key
X-ProxyCache-Status
X-Cache-Host
X-BYPASS-REASON
X-Cache-Type
X-Cluster-Node
X-Pubstack
Cache-Tv-Group
TWC-Device-Class
X-Section
X-UA-Device-Type
X-Server-W
X-Storage
X-Timing-Wait
X-Web-Node
X-Varnishpool
WPO-Cache-Status
WPO-Cache-Message
X-Say-TTL
X-Say-Cacheable
LB
X-Hl-Ver
X-R9-Blue-Green-Version
X-SayCDN-TTL
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
Azure-SlotName
CDN-EdgeStorageId
Content-Secure-Policy
X-Be
CDN-CachedAt
X-Soup
CDN-Cache
X-RateLimit-Limit
Azure-Version
Azure-InstanceId
DB-Nickname
Azure-SiteName
Azure-RegionName
Content-Disposition
X-TIME
X-Generated-By
X-Azure-Ref-OriginShield
X-Trace-Id
X-CLOUD-TRACE-CONTEXT
X-Ua
X-LSADC-Cache
OT-Force-Account-Verify
X-Webkit-Csp
SRV
X-Dc
X-Cached-By
X-Nginx-Cache-Key
Source
X-Bc-Bl
X-Unique-Id
Cache
Retry-After
X-LAGOON
X-TT-LOGID
X-SRV
X-Auto-Login
X-Origin-CC
X-Origin-TTL
X-Platform-Server
X-Cache-Remote
Cache-Hits
Xet-Cookie
X-Varnish-Hits
Mime-Version
HostName
X-Akamai-Transformed
X-GEO
X-HTML-Minification-Powered-By
X-Xfnlog-Site
X-Loop
X-TNCMS
X-Varnish-Hostname
X-App-Version
X-S-Maxage
Onion-Location
X-ECache
X-CSRF-Token
X-Cdn
X-Amz-Meta-S3cmd-Attrs
ServedBy
X-Cache-Tags
X-Correlation-ID
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Varnish-Cache-Hits
Web-Mar-Node
Upgrade-Insecure-Requests
X-EC-Lua
X-Proto
Webserver
X-Request-Time
From-Origin
X-AOL-HN
X-Endurance-Cache-Level
WP-Super-Cache
X-Tenant
X-Request-Host
N-Cache
X-Time
X-Cache-Var
X-AWS-Id
X-Cache-Var-Map
X-VWS-Id
X-LJ-Flow-ID
X-FireWall-Port
X-GG-Cache-Date
X-Time-Microsecs
X-Origin-Response-Time
X-Edge-Location
X-Cache-Enabled
X-Mg-Request-UUID
X-Handled-By
X-A-Ccd
X-Forwarded-Path
X-A
X-Ftr-Request-Id
X-External-Request-Id
X-Aed
X-Aicache-OS
X-Destination
X-Developer
X-Gen-Mode
X-Hnp-Log
X-NAPM-TraceId
X-ND-Cache
X-B3-SpanId
User-Cache-Control
V-Age
X-Ig-Push-State
A
Vix-Hermes-Req-Id
X-D
X-Connection-Hash
Nel
X-A-Dcw
X-Cache-NE
X-A-Dgt
X-Block-Status
X-Application
X-ARC
X-B-Cookie
Xc-Version
X-A-Dam
X-Conf
X-A-Wwc
DCR-Processing-Time-Ms
X-Vdms-Path
X-Cluster
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Vtex-Remote-Cache
Surrogated-Key
X-ScT
X-SD-PageType
X-Session-Fingerprint
X-Shop-Environment
DCR-Decision-By
Meta-Geo-Continent
X-Rojux
X-S
X-S-Cookie
X-PHP-Host
X-Slack-Backend
X-SRCache-Key
X-V-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Vdms-Version
X-TIM-N
CloudFront-Viewer-Country
Fastcgi-X-Cache-Version
X-VG-WebCache
Expiry
Mobile-Detection-Method
Odigeo-Trace-Id
X-Orig-Expires
X-PBS-Appsvrname
Rendered-Blocks
X-PAYTM-SRV-ID
Sslversion
Redirect-Candidate
X-Vtex-Processado-Em
X-Planisys-CDN-Cache
X-Via-NSCOPI
X-Planisys-CDN-TTL
X-NWS-UUID-VERIFY
X-Labrador-Cache-Channel
X-Processor
X-Planisys-CDN-Rules
BehaviorPad-Version
Pramga
X-MP-GENERATED-AT
True-Client-Country-4JS
Svr
Wxu-Next-Hostname
Wxu-Next-Region
State
Host-ID
Origin
Gh-Request-Id
Wxu-Next-Commit
Fastcgi-Cache-TTL
X-Li-Fabric
X-Policy
X-Proxy-Upstream
X-RCS-CacheZone
X-Owner
X-Origin-Time
X-Old-Content-Length
X-Origin-Expires
X-Request-URI
X-Scheme
X-SVT-ORM-VERSION
X-Viewer-Country
X-Webstats-RespID
X-SVT-ORM-RULES
X-Sucuri-ID
X-Server-IP
X-Sucuri-Cache
X-Nyt-Route
X-NodeID
X-Fastly-Cache
X-Forwarded-Site
X-Gdpr
X-Date
X-Cdn-Srv
X-Cache-Bucket
X-Cache-Date
X-Geo-Header
X-Hash
X-Men
X-Mvc-Supplant-Cachable
X-Location
X-LI-UUID
DSUID
X-Li-Pop
X-Accel-Expires-Debug
X-Epic-Correlation-Id
X-Reqid
Cmsid
Cmstype
X-Zone
CDCHOST
Fastly-Drupal-Html
Arc-Country
CacheControlHeader
AKAMAI
X-Magnolia-Registration
X-Adobe-Source
X-Locale
Environment
X-M-Log
Server-Info
X-Qnm-Cache
X-M-Reqid
X-Developers
X-Device-Os
X-Esi-Check
X-Fastly-Backend
X-Datadog-Trace-Id
X-Eu-Site
X-Fetched-On
X-Envoy-Decorator-Operation
X-CGP
X-Cache-Debug
X-Cache-Id
X-Branch-Name
X-Bip
X-Backend-State
X-Cache-Info
X-Cdn-Origin
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Core-Value
X-Core-Mission
X-Gamma-Serve
X-Datadog-Sampling-Priority
X-HS-Content-Campaign-Id
X-TH-Server
X-Thanos
X-Storefront-Renderer-Rendered
X-Sn-Servicetimems
X-Served-From
X-Skip-Cache
X-TrackingId
X-UnsetCookies
X-VServer
X-Backend-TTL
X-VG-TLSProxy
X-VarnishDD-TTL
X-Varnish-Beresp-Status
X-Rocket-Nginx-Serving-Static
X-Request-Start
X-HN
X-Irp-Debug
X-Gzip
X-GeoIP-City
X-GeoIP
X-Level-Front-Cache
X-CACHE-KEY
X-Region-Sid
X-Req
X-RateLimit-Limit-Second
X-Platform
AMP-Access-Control-Allow-Source-Origin
X-Generated-On
X-RateLimit-Remaining-Second
PFcat
L
L5d-Success-Class
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
We-Hiring
Apple-News-Services-Handled
Origin-CC
Ha-Gx-Prefs
Traceparent
Origin-EX
Apple-News-Services-Host
HA-Ipaddr
Machine
Locid
Release
Server-Host
Web-Mar-Region
Mail-Subject
Ssr
X-VC-Cache
X-Has-Esi
X-GeoIP-Country-Code
X-Varnish-Remaining-TTL
Fastly-SIE
Cf-Device-Type
Req-Svc-Chain
Fastly-GeoIP-CountryCode
Fastly-SWR
X-GeoIP-Region-Code
X-Worker
X-DefElseHash
X-Variation
X-DefHash
X-Varnish-CookieHashed-On
Platform
X-Varnish-CookieINHashed-On
Thinkindot-CacheControl-Type
X-DPWN-IS-SECURE
Thinkindot-CacheControl
TDXMobile
Thinkindot-Control
X-JWT-State
X-Amzn-Remapped-Content-Length
X-Rocket-Build-Number
X-Sigma
X-ATG-Version
X-Origin
NM-Fastcgi-Cache
X-Pod-Name
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Memcached
X-Qloud-Router
X-Response-By
X-NU-AKA-ACS-Version
X-Sigma-Backend
X-BBC-Edge-Cache-Status
X-Thinkindot-L3
Is-Eu
X-FC-Vary-Parameters
Adler-Geo
X-Node-Id
X-Is-Gdpr
X-Xrds-Location
S-Rt
X-Tx-Id
X-Loc
X-Mvc-Supplant-OutputCached
NGX
X-Ua-Device
X-NC
X-LB-ID
X-CS
X-API-Version
Magicmarker
X-Cache-Config
X-TraceId
X-Http-Reason
X-Varnish-Beresp-Ttl
X-Restarts
X-Generated-In
X-Akamai-Request-ID2
CDN
Pics-Label
X-Up
X-Datadome
Ms-Author-Via
Kp-EeAlive
X-Tt-Logid
Memory
Time
X-Trace-ID
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-DSS
X-DI
X-DW
X-Optimistic-Header
X-Cache-Backend
X-Wix-Viewer-Type
Edge-Cache
X-Action
X-RPS
X-RSL
X-RPM
X-DB
Datacenter
Candidate-Md5Url
Env
X-LB-NoCache
X-Edge-Pop
X-Vc
WebServer
X-Varnish-Ttl
GeoIp-Country-Code
X-Via-Popv
X-Refresh
Accept-Language
X-Via-Popn
X-Via-Poph
X-DynaTrace-JS-Agent
On-Server
X-Minions-Version
WWW-Authenticate
X-Varnish-Beresp-TTL
X-Srv
X-CacheTTL
Esi-Enabled
X-TA-CDN-Provider
X-DC
X-Parent-Response-Time
X-HA-Backend
X-Servedbyhost
X-Cs
X-Esi
Locale
X-Dynatrace
X-Urbn-Site-Id
X-Urbn-Context-Path
X-MSEdge-Flight
X-MSEdge-Features
C-Via
X-Service
X-Unique-ID
X-TX-ID
X-Newrelic-Synthetics
X-Cache-PHP
X-Ec-GeoHdr
X-User
Server-ID
X-Ec-Fail
X-ZONE
X-Li-Proto
X-FPC
X-LiteSpeed-Cache-Control
X-VCL-Version
X-Cache-Status-Check
X-Cache-Ttl
X-Render-Time
X-App
X-URL
X-B3-Spanid
Test
X-Vcl-Version
X-AK-Request-ID
X-Fpc
X-LI-Proto
Cdnsip
X-Webkit-Csp-Report-Only
Cdncip
X-Pass-Why
X-Traceid
Server-Id
My-App
X-Fmm-Version
X-WADP-Cache
Geoip-Latitude
Cluster
X-Clara-WADP
Geo-Info
Proxy-Connection
X-NODE
X-Webkit-CSP-Report-Only
X-Var-Ttl
X-CUA
Resin-Trace
Tracecode
X-Mcache
Lfy
T-Server
X-Clientip
X-Info
Tcn
M-TraceId
X-AIR-PT
X-From
X-LiteSpeed-Tag
DataCenter
Lang
HIT
Cache-Host
Fastly-Drupal-HTML
X-Oss-Object-Type
X-Oss-Request-Id
UCS
X-Oss-Server-Time
Cf-Int-Pingora-Origin-Digest
X-Oss-Hash-Crc64ecma
X-Ha-Backend
X-Oss-Storage-Class
X-Fragments
X-CSRF-TOKEN
X-ServedByHost
Target-Params
X-Geo
S-Cnection
X-ID
Hostname
X-WP-CF-Super-Cache-Cache-Control
X-HostName
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-WP-CF-Super-Cache
Hit
Ohc-File-Size
X-Pad
GeoIP-Country-Code
X-RAMCache
X-Dynatrace-Js-Agent
X-VC
Fastly-Backend-Name
X-Cdn-Forward
X-Micro-Cache
MIME-Version
ENV
User-Agent
X-Edge-POP
X-ElasticPress-Query
X-Check-Cacheable
X-Edge-Cache
X-BBC-Origin-Response-Status
X-Backend-Host
X-Provided-By
X-Httpd
Permissions-Policy
Section-Io-Id
X-Api-Version
Load-Balancing
X-NGINX-Cache
Section-Io-Origin-Status
X-Proxy-Cache-Info
Section-Origin-Responded
X-Release
Section-Io-Origin-Time-Seconds
X-Lb-Nocache
WZWS-RAY
X-UP
X-Ucs
X-Fastly-Backend-Reqs
X-ServerName
X-APP
Servername
Producers
X-BCube-Filmed-By
X-HS-Status
ServerName
X-SB
FSS-Cache
X-Cache-CFC
PICS-Label
URI
Uri
X-GoCache-CacheStatus
EpKe-Alive
Lb
X-TRACE-ID
X-Swift-Error
X-Lb-Id
X-Platform-Processor
X-RateLimit-Reset
Ohc-Cache-HIT
X-Platform-Router
Cache-Key
Cteonnt-Length
X-Udemy-Cache-App-Namespace
X-WA-Info
X-Platform-Cluster
CPC-Age
CPC-Cache
X-WA
Server-Ttl
Cneonction
X-Cdn-Request-ID
Cdn
X-Pool
X-Fastly-Cache-Hits
X-Amz-Meta-Cb-Modifiedtime
X-B3-ParentSpanId
X-Nc
Path
VNS-Age
VNS-Cache
X-Dw-Trace-Id
X-Akamai-Request-ID
X-Ec-Custom-Error
X-Akamai-ERRuleID
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Scale
X-Akamai-ERPolicy
X-Acquia-Application-UUID
X-Vcache
X-Apw-Hits
X-Apw-Access-Token
Shield-Pop
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-Apw-Access-Object
X-Apw-Access-Action
Cf-Ipcountry
X-ES-SERVER
X-Newrelic-App-Data
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Yottaa-OS
X-Cache-ASPX
CF-Cached-On
Vha6-Origin
X-Air-Pt
X-Cache-Ngx
Sid
X-SIPLIST1
Pagetype
X-PJAX-URL
X-Sentry-ID
X-Cms-Context
X-Shopify-Generated-Cart-Token
CountryCode
X-Cache-Expires
IsBot
Req-ID
X-Te-Duration-Ms
Ngx
X-Last-Modified
X-UA
X-Te-Count
X-Http-Duration-Ms
X-Logging-Id
X-Akamai-Pragma-Client-IP
X-Varnish-Authentication
X-Http-Count
X-CacheKey