Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-Ua-Compatible
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
X-Ruxit-JS-Agent
Rating
X-Country
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
X-PC
X-TtlSet
X-Vname
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Server-Name
X-FastCGI-Cache
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Aws-Lambda-Call-Status
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-GitHub-Request-Id
X-MS-InvokeApp
X-Vcap-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Px
RTSS
X-Country-Code
X-Navigation-Version
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-Goog-Hash
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Kinja-Revision
Accept-Ch
X-Origin-Cache
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
AR-SID
X-Powered-CMS
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Version
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
Nginx-Cache
X-TTL
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Protected-By
X-RateLimit-Remaining
TCN
X-HP-Webp
X-T
X-HP-Trace-Id
X-Jurisdiction
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Id
S
X-Mg-S
Content-MD5
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
X-CST
SPRequestDuration
Front-End-Https
SPIisLatency
Realpath
X-Language
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Pinterest-Version
Filters
X-Ttl
X-Pinterest-Rid
Pinterest-Generated-By
Server-Node
X-MCACHE
X-Ua-Browser
Server-Name
X-Content
X-Ab
X-Frontend
X-DynaTrace
X-Correlation-Id
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Ser
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
X-Hits
X-ECACHE
X-Template
X-Parallel-Accel
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-Cache-Key
Fusion-Content-Id
Fusion-Source
Alternate-Protocol
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-Content-Options
Cache-Tags
X-Page-Id
Charset
Cleartype
X-B3-Sampled
Host
X-Git-Hash
X-Www-Served-By
X-Fastly-Request-Id
X-Server-ID
X-Geo-Country
X-Daa-Tunnel
X-Debug-Info
X-DIS-Request-ID
X-Webkit-CSP
X-Amzn-Trace-Id
X-Content-Digest
X-Ratelimit-Limit
X-Amz-Replication-Status
Filterid
X-Varnish-Age
X-Accel-Expires
X-Activity-Id
X-AppVersion
X-Az
X-Hostname
X-VCache
X-FB-Debug
X-Forwarded-Proto
X-Upgrade-Enabled
X-Grace
X-Origin-Server
X-WebKit-CSP-Report-Only
X-Rid
TP-Cache
TP-L2-Cache
Cross-Origin-Opener-Policy
X-N
Access-Control-Allow-Method
ServerID
X-Nginx-Upstream-Cache-Status
X-F-Cache
X-XRDS-LOCATION
X-LB-Cache
X-Mobile-URL
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-Request-Guid
X-Flags
X-Is-Crawler
X-Whom
Viewport
X-Varnish-Grace
X-App-Environment
X-TT
X-Goog-Stored-Content-Length
X-Seen-By
X-Tb
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Storage-Class
X-Type
Node
X-FW-Type
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-FW-Server
Payment
Paypal-Debug-Id
X-Distributor
DC
X-App-Server
X-User-Agent
Fastcgi-Useragent
Accept-Charset
X-Oneagent-Js-Injection
X-NGENIX-Cache
Country
X-Cache-Control
X-Origin-Upstream-Status
X-Wix-Request-Id
X-DataDome
X-Cache-Rule
X-Litespeed-Cache
X-Logged-In
Version
X-Request-Handler-Origin-Region
X-Microsite
X-Via-JSL
X-Drupal-Cache-Tags
Referer-Policy
X-Cache-Age
X-Ratelimit-Reset
Refresh
X-Cluster-Name
X-Signature
X-Load-Cache
X-Varnish-Backend
X-B-Cache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Contextid
Cache-Status
X-Original-Request-Id
X-Response-Served-From
X-Buckets
SD-X-WS
X-Node-Name
Amp-Access-Control-Allow-Source-Origin
X-Page-View
X-Is-Bot
X-Real-IP
X-Tec-Api-Origin
X-Tec-Api-Root
X-Rendered-As
X-Tec-Api-Version
X-Mobile
X-Cache-Expired-At
VIX-Pulpo-Upstream-Status
X-Debug
X-Proxy-Cache-Status
VIX-Pulpo-Node
X-Vgn-Hpd-Reason
NGB
X-B
X-Jobs
X-Rule
X-UUID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-RemovedCookies
X-Proxy
X-Device-Type
X-Instance
X-IPLB-Instance
X-ProcessESI
X-Cacheable-TTL
Access-Control-Request-Headers
X-Fastly-Request-ID
X-Drupal-Cache-Contexts
X-Revision
Surrogate-Key
Akamai-GRN
X-Debug-IsPreview
X-Debug-IsConnected
X-Framework
X-Cache-Time
X-Cache-Action
X-G
X-Fastcgi-Cache
X-FW-Version
X-Air-Hostname
CF-IPCountry
X-Air-Trace-Id
X-Air-Source
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
DynaTrace
X-Oracle-Dms-Ecid
SID
X-Azure-Ref
X-XRDS-Location
X-Oracle-Dms-Rid
Liferay-Portal
X-Presslabs-Stats
X-PressLabs-Stats
GEO-INFO
X-Accel-Buffering
X-Ms-Request-Id
X-Ms-Version
X-Source
Count-Hit
X-Nginx-Cache
Uber-Trace-Id
Healthy
Frame-Options
X-APP-VERSION
X-Cache-Operation
MS-CV
Ms-Operation-Id
X-RTag
X-CDN-Forward
X-Cache-NGX
X-EdgeConnect-Cache-Status
X-Zen-Fury
Xserver
Countrycode
X-Cache-Hit
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Varnish-Server
X-Environment-Context
X-Mode
X-L-Path
X-Backend-Name
Cross-Origin-Window-Policy
Protected
Ec-Rule-Version
X-IPS-LoggedIn
X-Region
X-Forwarded-Host
X-Servername
X-Cache-TTL-Remaining
X-SaId
X-JoinUs
X-RN-RSRV
X-Detected-As
Meta-Geo
Backend
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Content-Powered-By
X-Cache-Server
X-Hosted-By
X-Generation-Time
X-Proxied
X-Alternate-Cache-Key
X-Adobe-Loc
X-Debug-Cache
X-ShopId
X-Extlb
X-Adobe-Content
X-Routing-Service
Eomportal-Instance
X-Sorting-Hat-PodId
X-Ratelimit-Remaining
Decoy-Debug-TTL
X-ShardId
Decoy-Debug-Key
Decoy-Debug-Status
X-Sql-Duration-Ms
X-Sorting-Hat-ShopId
X-Sql-Count
X-Redis-Cache
X-Tid
X-Cache-Grace
X-Zipkin-Id
X-Shopify-Stage
Country-Code
X-Hyper-Cache
X-Site-Version
X-Uri
X-NCache
X-No-Session
X-Content-Age
X-Human
X-Status
Fastly-SSL
Mn-Server-Ip
X-Origin-Date
X-PERF
X-FB-TRIP-ID
X-ApacheServer
Cache-Name
X-PHP-Backend
X-Varnish-Beresp-Grace
X-Format
X-Via-Fastly
Apigw-Requestid
Url
Section-Io-Cache
X-Cluster-Node
X-Cache-Type
X-NewRelic-App-Data
Cache-Tv-Group
X-NYM-Debug-Backend
X-Microcachable
TWC-GeoIP-Country
X-BYPASS-REASON
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-Akamai-Edgescape
X-Access
X-OCL
X-Origin-Hint
X-ServerID
X-Server-W
X-Section
X-Storage
X-Timing-Wait
Property-Id
X-UA-Device-Type
TWC-GeoIP-LatLong
Selected-Fe
X-Proxy-Build
X-PCL
X-ProxyCache-Key
X-ProxyCache-Status
TWC-Device-Class
X-Pubstack
TWC-Connection-Speed
WPO-Cache-Message
X-Hl-Ver
X-Varnishpool
X-Web-Node
X-SayCDN-TTL
X-Say-TTL
WPO-Cache-Status
X-Say-Cacheable
X-Cache-Host
X-R9-Blue-Green-Version
LB
Azure-SlotName
Azure-SiteName
CDN-Uid
Azure-Version
CDN-RequestCountryCode
Azure-RegionName
Azure-InstanceId
Content-Disposition
X-Be
X-TIME
X-RateLimit-Limit
CDN-PullZone
CDN-RequestId
DB-Nickname
CDN-CachedAt
X-Soup
CDN-EdgeStorageId
CDN-Cache
X-Azure-Ref-OriginShield
X-Trace-Id
X-Ua
Content-Secure-Policy
X-Generated-By
X-LSADC-Cache
OT-Force-Account-Verify
X-Webkit-Csp
SRV
X-Cached-By
X-Dc
Source
X-Nginx-Cache-Key
X-SRV
X-Bc-Bl
X-Unique-Id
Cache
Retry-After
X-TT-LOGID
X-LAGOON
X-Auto-Login
X-Platform-Server
X-Origin-TTL
X-Origin-CC
X-Cache-Remote
Xet-Cookie
Cache-Hits
Mime-Version
X-Varnish-Hits
X-TNCMS
X-Loop
X-GEO
X-Akamai-Transformed
X-Varnish-Hostname
X-App-Version
X-Xfnlog-Site
X-HTML-Minification-Powered-By
X-ECache
X-S-Maxage
Onion-Location
X-Cdn
X-Amz-Meta-S3cmd-Attrs
ServedBy
X-Cache-Tags
HostName
X-Varnish-Cache-Hits
Web-Mar-Node
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Upgrade-Insecure-Requests
X-Proto
X-Request-Time
X-EC-Lua
Webserver
X-CLOUD-TRACE-CONTEXT
X-CSRF-Token
From-Origin
X-AOL-HN
N-Cache
X-Tenant
X-Request-Host
X-Endurance-Cache-Level
X-Time
WP-Super-Cache
X-Cache-Var-Map
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-Cache-Var
X-FireWall-Port
X-GG-Cache-Date
X-Time-Microsecs
X-Cache-Enabled
X-Edge-Location
X-Origin-Response-Time
X-Mg-Request-UUID
X-Handled-By
X-A-Dgt
X-CF-Lambda-Fn
Nel
X-Cache-NE
Xc-Version
X-A
X-Gen-Mode
X-Block-Status
X-A-Ccd
X-B-Cookie
X-Application
X-Connection-Hash
X-A-Dcw
X-Developer
X-ARC
X-D
X-Destination
X-Aicache-OS
X-Aed
X-CF-Lambda-Version
X-Forwarded-Path
X-Via-NSCOPI
X-A-Dam
X-Ckpd-Fst-Backend
X-Conf
X-External-Request-Id
X-Ftr-Request-Id
Surrogated-Key
Pramga
X-Amzn-RequestId
X-PAYTM-SRV-ID
Odigeo-Trace-Id
X-Hnp-Log
X-PHP-Host
Rendered-Blocks
X-TIM-N
BehaviorPad-Version
Redirect-Candidate
X-PBS-Appsvrname
Mobile-Detection-Method
X-Slack-Backend
Expiry
X-SRCache-Key
X-Rojux
Fastcgi-X-Cache-Version
X-Labrador-Cache-Channel
Meta-Geo-Continent
X-B3-SpanId
X-Shop-Environment
X-Processor
Sslversion
DCR-Decision-By
X-ScT
CloudFront-Viewer-Country
A
User-Cache-Control
X-Session-Fingerprint
X-Vtex-Processado-Em
X-SD-PageType
DCR-Processing-Time-Ms
X-Ig-Push-State
X-Vtex-Remote-Cache
X-NAPM-TraceId
X-ND-Cache
X-S-Cookie
X-A-Wwc
X-Amz-Apigw-Id
X-Orig-Expires
X-Vdms-Path
X-Vdms-Version
X-Correlation-ID
X-NWS-UUID-VERIFY
X-VG-WebCache
X-S
X-MP-GENERATED-AT
Vix-Hermes-Req-Id
V-Age
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
True-Client-Country-4JS
DSUID
Host-ID
Gh-Request-Id
Origin
State
Svr
Fastcgi-Cache-TTL
X-Li-Fabric
X-Origin-Time
X-Sucuri-ID
X-Sucuri-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Old-Content-Length
X-Origin-Expires
X-V-Cache
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Request-URI
X-Scheme
X-Server-IP
X-RCS-CacheZone
X-Proxy-Upstream
X-Planisys-CDN-TTL
X-Policy
X-Nyt-Route
X-NodeID
X-Fastly-Cache
X-Forwarded-Site
X-Gdpr
X-Epic-Correlation-Id
X-Date
X-Cache-Date
X-Cdn-Srv
X-Cluster
X-Geo-Header
X-Hash
X-Men
X-Mvc-Supplant-Cachable
X-Viewer-Country
X-Location
X-LI-UUID
X-Webstats-RespID
X-Li-Pop
X-Cache-Bucket
X-Accel-Expires-Debug
AKAMAI
X-Reqid
Fastly-Drupal-Html
X-Zone
CacheControlHeader
Cmsid
Arc-Country
CDCHOST
X-Magnolia-Registration
X-Adobe-Source
Cmstype
Server-Info
Environment
X-Locale
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Device-Os
X-Eu-Site
X-Gamma-Serve
X-Fetched-On
X-Fastly-Backend
X-Esi-Check
X-Envoy-Decorator-Operation
X-Csrf-Jwt
X-Cache-Id
X-Cache-Info
X-Cache-Debug
X-Branch-Name
X-Backend-State
X-Bip
X-Cdn-Origin
X-CGP
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Core-Value
X-Core-Mission
X-Developers
X-HS-Content-Campaign-Id
X-TH-Server
X-Thanos
X-Storefront-Renderer-Rendered
X-Sn-Servicetimems
X-Served-From
X-Skip-Cache
X-TrackingId
X-UnsetCookies
X-VServer
X-Backend-TTL
X-VG-TLSProxy
X-VarnishDD-TTL
X-Varnish-Beresp-Status
X-Rocket-Nginx-Serving-Static
AMP-Access-Control-Allow-Source-Origin
X-Irp-Debug
X-Level-Front-Cache
X-HN
X-Gzip
X-GeoIP
X-GeoIP-City
X-CACHE-KEY
X-Owner
X-Req
X-Request-Start
X-Region-Sid
X-RateLimit-Remaining-Second
X-Platform
X-Generated-On
X-RateLimit-Limit-Second
Server-Host
PFcat
Apple-News-Services-Request-Url
Ssr
Release
Ha-Gx-Prefs
Origin-EX
Origin-CC
Apple-News-Services-Handled
Traceparent
L
HA-Ipaddr
Machine
Locid
Apple-News-Services-Host
Web-Mar-Region
L5d-Success-Class
Apple-News-Services-Parsed-Url
We-Hiring
Mail-Subject
X-VC-Cache
X-Variation
Platform
X-DPWN-IS-SECURE
X-DefElseHash
X-Varnish-CookieHashed-On
X-Rebelmouse-Surrogate-Control
X-Varnish-Remaining-TTL
X-DefHash
X-Varnish-CookieINHashed-On
X-FC-Vary-Parameters
X-Thinkindot-L3
X-Response-By
X-Rocket-Build-Number
NM-Fastcgi-Cache
Is-Eu
Memcached
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Pod-Name
X-Sigma
X-NU-AKA-ACS-Version
X-JWT-State
X-Is-Gdpr
Fastly-GeoIP-CountryCode
Fastly-SIE
Fastly-SWR
X-Sigma-Backend
X-Node-Id
Cf-Device-Type
X-Has-Esi
Req-Svc-Chain
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-ATG-Version
Thinkindot-Control
X-BBC-Edge-Cache-Status
Adler-Geo
X-Origin
Thinkindot-CacheControl
TDXMobile
X-Amzn-Remapped-Content-Length
Thinkindot-CacheControl-Type
X-Worker
X-Xrds-Location
S-Rt
X-Tx-Id
X-Loc
X-Mvc-Supplant-OutputCached
NGX
X-Ua-Device
X-API-Version
Magicmarker
X-CS
X-NC
X-Cache-Config
X-TraceId
X-Generated-In
Pics-Label
X-Http-Reason
X-Up
X-LB-ID
X-Varnish-Beresp-Ttl
X-Restarts
X-Akamai-Request-ID2
X-Datadome
X-Trace-ID
Memory
CDN
X-Tt-Logid
Ms-Author-Via
Kp-EeAlive
Time
X-Tb-Optimization-Total-Bytes-Saved
NtCoent-Length
X-Edge-Pop
X-RPM
X-DW
Edge-Cache
Datacenter
Env
X-RSL
X-Cache-Backend
X-Optimistic-Header
X-RPS
X-DSS
X-DI
X-DB
Candidate-Md5Url
X-Action
X-Wix-Viewer-Type
X-LB-NoCache
X-Vc
X-Varnish-Ttl
Accept-Language
X-Refresh
GeoIp-Country-Code
X-Via-Popv
X-Via-Popn
WebServer
X-Via-Poph
X-DynaTrace-JS-Agent
X-Minions-Version
WWW-Authenticate
On-Server
X-Varnish-Beresp-TTL
X-DC
X-TA-CDN-Provider
Esi-Enabled
X-CacheTTL
X-Parent-Response-Time
X-Cs
X-Esi
X-HA-Backend
X-Servedbyhost
X-Urbn-Site-Id
X-Srv
X-Urbn-Context-Path
Locale
X-Dynatrace
X-TX-ID
C-Via
X-Unique-ID
X-MSEdge-Flight
X-MSEdge-Features
X-Service
X-Newrelic-Synthetics
X-Ec-GeoHdr
X-User
X-Ec-Fail
X-Cache-PHP
Server-ID
X-ZONE
X-VCL-Version
X-Cache-Status-Check
X-App
X-LI-Proto
X-Cache-Ttl
X-FPC
X-Li-Proto
X-LiteSpeed-Cache-Control
X-Render-Time
X-URL
X-B3-Spanid
Cdncip
Cdnsip
X-Webkit-Csp-Report-Only
Test
X-AK-Request-ID
X-Fpc
X-Traceid
X-Pass-Why
Cluster
X-Vcl-Version
Geoip-Latitude
My-App
Server-Id
X-WADP-Cache
X-Fmm-Version
X-Clara-WADP
Geo-Info
Proxy-Connection
X-NODE
X-Webkit-CSP-Report-Only
Resin-Trace
Tracecode
X-CUA
X-Var-Ttl
X-Mcache
X-LiteSpeed-Tag
X-Clientip
X-AIR-PT
X-CSRF-TOKEN
X-From
T-Server
Tcn
X-Info
Lfy
M-TraceId
DataCenter
X-Fragments
Fastly-Drupal-HTML
Hostname
Cf-Int-Pingora-Origin-Digest
X-Ha-Backend
Lang
UCS
X-Oss-Request-Id
Cache-Host
X-Oss-Object-Type
HIT
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
S-Cnection
X-Geo
X-ID
Target-Params
X-ServedByHost
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
GeoIP-Country-Code
X-HostName
X-Via-PopH
X-B3-Traceid
X-Via-PopN
X-Via-PopV
Hit
Ohc-File-Size
X-RAMCache
X-Pad
X-Dynatrace-Js-Agent
X-VC
X-NGINX-Cache
MIME-Version
X-Cdn-Forward
X-Micro-Cache
X-Edge-POP
User-Agent
Fastly-Backend-Name
X-ElasticPress-Query
ENV
Section-Io-Id
X-Httpd
X-Provided-By
Section-Io-Origin-Status
X-Api-Version
X-Proxy-Cache-Info
X-BBC-Origin-Response-Status
X-Backend-Host
X-Check-Cacheable
Load-Balancing
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Release
X-Edge-Cache
X-APP
X-Ucs
X-HS-Status
X-Fastly-Backend-Reqs
Producers
Permissions-Policy
WZWS-RAY
X-ServerName
X-UP
X-BCube-Filmed-By
Servername
X-Lb-Nocache
X-SB
X-Cache-CFC
EpKe-Alive
Uri
FSS-Cache
PICS-Label
X-Lb-Id
URI
X-GoCache-CacheStatus
ServerName
Lb
X-TRACE-ID
Sid
X-Platform-Cluster
X-Udemy-Cache-App-Namespace
Server-Ttl
X-Pool
X-Platform-Processor
X-Platform-Router
X-Swift-Error
X-Fastly-Cache-Hits
CPC-Cache
X-B3-ParentSpanId
Path
X-Amz-Meta-Cb-Modifiedtime
Cneonction
VNS-Age
CPC-Age
Cdn
X-WA
X-Nc
VNS-Cache
X-RateLimit-Reset
Cache-Key
Cteonnt-Length
X-WA-Info
Ohc-Cache-HIT
X-Cdn-Request-ID
X-Dw-Trace-Id
X-Cache-ASPX
Shield-Pop
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-ES-SERVER
X-Apw-Access-Token
X-Ec-Custom-Error
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Scale
X-Akamai-Request-ID
X-Apw-Access-Action
X-Apw-Hits
X-Contensis-Viewer-Groups
X-Apw-Access-Object
Cf-Ipcountry
X-Snapshot-Date
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Yottaa-OS
Vha6-Origin
X-Acquia-Site
CF-Cached-On
X-Newrelic-App-Data
X-Vcache
X-Air-Pt
X-Cache-Ngx
X-Akamai-Pragma-Client-IP
X-Shopify-Generated-Cart-Token
X-Cache-Expires
X-SIPLIST1
IsBot
X-UA
CountryCode
Req-ID
Ngx
X-Varnish-Authentication
X-Last-Modified
X-Http-Count
X-Te-Duration-Ms
X-Te-Count
X-Cms-Context
X-PJAX-URL
Pagetype
X-Sentry-ID
X-Logging-Id
X-Http-Duration-Ms
X-CacheKey