Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
X-Amz-Request-Id
Host-Header
X-Proxy-Cache
X-Akamai-Path-Stats
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Dns-Prefetch-Control
X-Server-Powered-By
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-Pingback
X-CST
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
X-Url
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Country
Fastly-Restarts
X-MS-InvokeApp
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Rack-Cache
X-Vname
X-TtlSet
X-PC
Accept-Ch
X-Clacks-Overhead
X-Server-Name
Edge-Control
RTSS
X-Varnish-TTL
X-VARITI-CCR
X-ESI
X-B3-TraceId
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Amz-Rid
X-Dw-Request-Base-Id
X-Px
Public-Key-Pins
X-Cnection
X-Ac
X-RateLimit-Remaining
X-D2id
X-Element-Page-Cache
X-Navigation-Version
Verso
X-Edge
X-Abt-Application-Version
X-Client-IP
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Powered-By-Plesk
X-Ser
X-Cache-TTL
X-FastCGI-Cache
X-Version
Service-Worker-Allowed
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Correlation-Id
Access-Control-Request-Method
X-Goog-Hash
X-TTL
X-Kinsta-Cache
SPIisLatency
SPRequestDuration
X-Ruxit-Js-Agent
X-Edge-Location-Klb
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
AR-SID
X-Cached
X-Upstream
X-Webkit-Csp
X-RateLimit-Limit
X-Server-Lifecycle-Phase
X-LLID
X-Instrumentation
X-Kraken-Loop-Name
X-NWS-LOG-UUID
SPRequestGuid
X-SharePointHealthScore
X-Content-Security-Policy-Report-Only
X-Powered-CMS
X-Ttl
Edge-Cache-Tag
Nginx-Cache
X-Forwarded-For
X-Litespeed-Cache
X-MSEdge-Ref
Content-MD5
X-Id
MRF-Tech
Mrf-Cache-Status
X-Cache-Key
X-Shield-Request-Id
TCN
X-Daa-Tunnel
X-B3-TraceId-Primal
X-T
MS-Author-Via
X-Recruiting
S
X-Content-Digest
X-Mg-S
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ua-Device
X-ECACHE
X-Protected-By
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
X-Ua-Browser
X-Content
X-Grace
X-Ab
X-Request-Processing-Time
X-Request-Received
X-Yandex-Sdch-Disable
Front-End-Https
Filters
Server-Node
X-DataDome
X-ORACLE-DMS-ECID
X-PressLabs-Stats
X-DynaTrace
X-Mid
TP-Cache
TP-L2-Cache
X-Server-ID
Fastcgi-Cache
X-ORACLE-DMS-RID
X-Origin-Server
X-Geo-Country
X-Hits
X-Distributor
X-WebKit-CSP-Report-Only
X-Ratelimit-Reset
X-Microsite
X-Request-Handler-Origin-Region
X-Amzn-Trace-Id
X-Debug-Info
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cleartype
Charset
X-MCACHE
X-Git-Hash
X-Page-Id
Host
X-DIS-Request-ID
X-LB-Cache
X-F-Cache
Cross-Origin-Opener-Policy
X-B3-Sampled
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Www-Served-By
X-Forwarded-Proto
X-Cache-Age
ServerID
Access-Control-Allow-Method
X-Seen-By
Cache-Status
X-Az
X-Activity-Id
X-AppVersion
Realpath
Accept-Charset
Cache-Tags
X-Cluster-Name
X-Varnish-Age
X-XRDS-LOCATION
Filterid
X-Language
X-Rid
X-Aspnetmvc-Version
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Nginx-Upstream-Cache-Status
X-Type
X-Content-Options
Server-Name
X-App-Environment
Retry-After
X-Upgrade-Enabled
Country
X-Origin-Cache
X-Tb
Node
Viewport
X-Varnish-Grace
X-Whom
X-User-Agent
X-Drupal-Cache-Tags
X-Flags
X-B-Cache
X-FB-Debug
X-Route-Name
X-Signature
X-Wix-Request-Id
Paypal-Debug-Id
DC
X-NWS-UUID-VERIFY
X-Request-Guid
X-Mobile-URL
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Varnish-Backend
X-TT
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Storage-Class
X-Oracle-Dms-Ecid
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-VCache
X-Fastly-Request-Id
Fastcgi-Useragent
Protected
X-Oracle-Dms-Rid
X-B
X-N
X-Via-JSL
X-Debug
X-Amz-Replication-Status
X-Cache-NGX
X-Logged-In
Payment
X-Contextid
X-Fastly-Request-ID
WPO-Cache-Message
X-Fastcgi-Cache
X-Load-Cache
WPO-Cache-Status
Surrogate-Key
X-Amz-Meta-S3cmd-Attrs
X-Cache-Control
X-Template
Count-Hit
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Server
Permissions-Policy
X-FW-Serve
X-FW-Dynamic
X-Trace-Id
X-Node-Name
Healthy
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
X-G
Akamai-GRN
X-Proxy
X-Cache-Time
X-Jobs
X-Mobile
Content-Disposition
Refresh
X-Akamai-Request-ID2
X-Is-Bot
X-Revision
X-Framework
X-Rendered-As
X-Real-IP
X-Zen-Fury
X-XRDS-Location
X-Cacheable-TTL
X-UUID
Alternate-Protocol
X-Http-Reason
X-Cache-TTL-Remaining
X-Page-View
Amp-Access-Control-Allow-Source-Origin
X-Proxy-Cache-Status
X-Adobe-Loc
X-Adobe-Content
Uber-Trace-Id
X-Debug-IsPreview
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Instance
X-Debug-IsConnected
NGB
X-Device-Type
X-Mcache
Url
X-IPLB-Instance
X-Hostname
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Servername
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Grace
Version
X-Source
X-Mg-Request-UUID
X-Datadome
X-NGENIX-Cache
X-Restarts
X-Varnish-Server
X-ECache
From-Origin
X-B3-Traceid
X-L-Path
X-Cache-Rule
X-Environment-Context
Accept-Language
X-Cache-Hit
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-Oneagent-Js-Injection
Countrycode
X-Cache-Expired-At
X-Parallel-Accel
Ms-Operation-Id
MS-CV
X-RTag
Referer-Policy
X-HTML-Minification-Powered-By
Frame-Options
X-App-Server
Liferay-Portal
X-NYM-Debug-Backend
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Cross-Origin-Window-Policy
X-Tumblr-Pixel-0
X-FW-Version
Backend
X-IPS-LoggedIn
X-Nginx-Cache
Content-Secure-Policy
X-COUNTRY
X-RemovedCookies
X-ProcessESI
Section-Io-Cache
WP-Super-Cache
X-Midtier
X-Cache-Action
Cache-Tv-Group
Meta-Geo
X-RN-RSRV
X-Redis-Cache
CF-IPCountry
Upgrade-Insecure-Requests
X-Cache-Server
X-TT-LOGID
X-UPSTREAM-Address
X-Hosted-By
X-Region
Ec-Rule-Version
X-UA-Device-Type
X-Cache-Enabled
X-Content-Age
X-Detected-As
X-Ua
X-Web-Node
X-FB-TRIP-ID
X-No-Session
X-Generation-Time
Azure-SiteName
Azure-SlotName
X-Storage
Azure-Version
X-Sql-Duration-Ms
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Site-Version
X-Server-W
X-Section
X-SayCDN-TTL
X-Shopify-Stage
X-Sorting-Hat-ShopId
Azure-InstanceId
X-Say-TTL
X-Sql-Count
X-Sorting-Hat-PodId
Azure-RegionName
X-Request-Time
TWC-GeoIP-Country
X-Be
X-AOL-HN
X-Cluster-Node
TWC-Connection-Speed
X-Generated-By
X-Format
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Access
TWC-Privacy
X-Akamai-Edgescape
X-Human
X-Nginx-Cache-Key
Mn-Server-Ip
Property-Id
X-Uri
X-Urbn-Site-Id
X-Say-Cacheable
X-Urbn-Context-Path
Locale
X-PHP-Backend
X-PCL
X-Origin-Date
X-OCL
S-Rt
X-Origin-Hint
X-Varnish-Cache-Hits
X-Via-Fastly
Fastly-SSL
TWC-Device-Class
X-Mode
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-PullZone
X-Platform-Server
CDN-EdgeStorageId
X-ProxyCache-Status
X-ProxyCache-Key
CDN-Cache
X-PERF
Eomportal-Instance
X-Cache-Host
X-BYPASS-REASON
X-ApacheServer
X-Adobe-Source
X-Cache-Tags
X-Content-Powered-By
X-Forwarded-Host
X-NewRelic-App-Data
X-Debug-Cache
Apigw-Requestid
CDN-CachedAt
X-Status
X-Unique-Id
X-Xfnlog-Site
X-Hl-Ver
X-APP-VERSION
X-Zipkin-Id
X-JoinUs
X-SaId
X-Backend-Name
X-Cache-Type
X-Hyper-Cache
X-Extlb
X-Varnishpool
X-Handled-By
X-Tid
X-ServerID
X-Proxied
X-Routing-Service
X-Locale
X-PHP-Host
X-Labrador-Cache-Channel
X-Timing-Wait
X-Ratelimit-Remaining
X-Dc
X-Proxy-Build
Selected-Fe
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-Webkit-CSP
X-Rule
X-GG-Cache-Date
ServedBy
X-VC-Cache
X-Cache-Operation
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Cms-Context
X-LSADC-Cache
Webserver
X-App-Version
X-Proto
SID
X-Accel-Buffering
SRV
X-Cached-By
Web-Mar-Node
X-CDN-Forward
X-Rewrite-Enabled
X-Cache-Remote
Fastly-Drupal-Html
X-Soup
Mime-Version
Load-Balancing
Onion-Location
X-GeoCountry
X-GeoCode
Xserver
X-Varnish-Hostname
X-Reqid
X-GEO
Country-Code
Cache-Hits
X-Cdn
X-TA-CDN-Provider
X-Buckets
X-Pubstack
X-Request-Host
X-Origin-CC
X-Origin-TTL
X-Cluster
Decoy-Debug-TTL
Decoy-Debug-Status
X-Varnish-Hits
Decoy-Debug-Key
X-Microcachable
Server-Info
X-SRV
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Time
X-MP-GENERATED-AT
X-Ratelimit-Limit
X-Envoy-Decorator-Operation
X-CSRF-Token
X-Ms-Version
X-Magnolia-Registration
X-Ms-Request-Id
X-Air-Hostname
X-Air-Source
X-B3-SpanId
X-Air-Trace-Id
X-NCache
Xet-Cookie
X-Amzn-RequestId
Cache
X-Amz-Apigw-Id
LB
X-Endurance-Cache-Level
X-Bc-Bl
DynaTrace
X-RCS-CacheZone
DB-Nickname
DCR-Decision-By
Expiry
X-SVT-ORM-VERSION
X-Tenant
X-Forwarded-Path
X-VG-WebCache
DCR-Processing-Time-Ms
X-Vdms-Version
Cdnsip
BehaviorPad-Version
A
X-TIM-N
Fastcgi-X-Cache-Version
Cdncip
X-Fetched-On
Cmsid
X-Vdms-Path
X-TrackingId
Cmstype
Odigeo-Trace-Id
X-B-Cookie
X-S-Cookie
X-S
X-Device-Os
X-Cache-Bucket
X-ARC
X-Application
X-A-Dgt
X-A-Wwc
X-Aed
X-AK-Request-ID
X-Developer
X-Destination
X-Conf
X-Connection-Hash
X-Core-Mission
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Rojux
X-Cache-Id
X-Cache-NE
X-Cdn-Srv
X-A-Dcw
X-A-Dam
Meta-Geo-Continent
X-Epic-Correlation-Id
Mobile-Detection-Method
NM-Fastcgi-Cache
X-Ec-GeoHdr
MD5-Digest
X-SRCache-Key
Host-ID
Lang
X-SVT-ORM-RULES
X-Esi-Check
Pramga
Rendered-Blocks
X-SD-PageType
X-ScT
X-A
X-A-Ccd
T-Server
Surrogated-Key
X-Shop-Environment
X-Session-Fingerprint
X-Ec-Fail
Sslversion
X-External-Request-Id
X-User
X-PBS-Appsvrname
X-NAPM-TraceId
X-Orig-Expires
X-Ig-Push-State
X-Vtex-Remote-Cache
X-Webstats-RespID
X-Vtex-Processado-Em
X-Node-Id
X-Varnish-Beresp-Grace
X-Geo-Header
X-From
X-Hash
X-HS-Content-Campaign-Id
X-Processor
X-PAYTM-SRV-ID
Xc-Version
X-Gzip
X-Ftr-Request-Id
X-ZONE
X-R9-Blue-Green-Version
Source
X-CACHE-KEY
Cache-Name
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
TDXMobile
Server-Host
X-Nyt-Route
State
X-Server-IP
Release
Memcached
X-Slack-Backend
Mail-Subject
Machine
X-Has-Esi
Origin-EX
X-Skip-Cache
X-Hnp-Log
X-Sigma-Backend
Thinkindot-Control
Producers
Platform
X-Sigma
Wxu-Next-Hostname
X-Cache-Date
X-Cache-Info
X-Cache-Backend
X-Block-Status
AMP-Access-Control-Allow-Source-Origin
X-Developers
X-CacheTTL
X-Mvc-Supplant-Cachable
X-Core-Value
X-DefHash
X-Location
X-Azure-Ref
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Amzn-Remapped-Content-Length
X-Dispatcher-Number
Wxu-Next-Commit
Is-Eu
Web-Mar-Region
We-Hiring
Traceparent
User-Cache-Control
Wxu-Next-Region
X-Irp-Debug
X-SB
X-LAGOON
X-Scheme
X-DPWN-IS-SECURE
X-Is-Gdpr
X-JWT-State
X-Ec-Custom-Error
Origin-CC
X-Varnish-Remaining-TTL
Environment
X-VServer
X-Origin-Expires
X-Origin
CloudFront-Viewer-Country
X-Origin-Response-Time
X-Wix-Viewer-Type
X-Rocket-Build-Number
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Planisys-CDN-Cache
CDN
X-IPLB-Request-ID
X-WADP-Cache
X-Variation
X-Fastly-Cache
Fastly-GeoIP-CountryCode
X-Origin-Time
X-TNCMS
X-Fmm-Version
X-Thinkindot-L3
X-DefElseHash
Adler-Geo
X-Gen-Mode
AKAMAI
X-Loop
X-Worker
X-GeoIP
X-Planisys-CDN-Rules
X-Gdpr
X-Planisys-CDN-TTL
X-V-Cache
X-Varnish-Ttl
HostName
X-RateLimit-Remaining-Second
X-Policy
X-Rebelmouse-Cache-Control
X-Tx-Id
X-NodeID
X-Minions-Version
X-CGP
X-Generated-On
X-Branch-Name
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Cdn-Origin
X-Gamma-Serve
X-Platform
X-BBC-Edge-Cache-Status
X-Qloud-Router
IsBot
X-Aicache-OS
X-RateLimit-Limit-Second
X-Via-NSCOPI
X-VG-TLSProxy
X-VarnishDD-TTL
X-Pool
X-Level-Front-Cache
X-Auto-Login
X-Loc
X-Pod-Name
NGX
N-Cache
X-Sn-Servicetimems
X-Datadog-Parent-Id
X-Rocket-Nginx-Serving-Static
Origin
PFcat
Fastcgi-Cache-TTL
X-Region-Sid
X-Datadog-Sampling-Priority
Fastly-SIE
X-Datadog-Trace-Id
L5d-Success-Class
L
Kp-EeAlive
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
X-Eu-Site
Gh-Request-Id
X-HN
X-Csrf-Jwt
Apple-News-Services-Request-Url
CDCHOST
X-Forwarded-Site
Ssr
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Httpd
Apple-News-Services-Handled
X-Served-From
Sever-Int
X-Via-Ucdn
X-SIPLIST1
Req-Svc-Chain
DSUID
Redirect-Candidate
X-GeoIP-City
Cluster
X-Rebelmouse-Surrogate-Control
Server-Hostname
Server-Ext
V-Age
Ohc-File-Size
Vix-Hermes-Req-Id
X-Scale
X-Optimistic-Header
X-WP-CF-Super-Cache
X-Viewer-Country
Svr
X-WP-CF-Super-Cache-Cache-Control
X-Request-URI
X-CS
X-Tec-Api-Root
X-Tec-Api-Version
X-VC
X-Tec-Api-Origin
X-Newrelic-Synthetics
X-Refresh
X-NC
X-Men
Arc-Country
Locid
X-Tb-Optimization-Total-Bytes-Saved
X-Owner
X-EC-Lua
Pics-Label
X-TraceId
X-Parent-Response-Time
X-Old-Content-Length
X-Ad-Defer-Variation
X-Srv
Datacenter
X-Wikidot-Backend
X-BCube-Filmed-By
Candidate-Md5Url
Cache-Key
X-Wikidot-Static-Cache
X-Response-By
CPC-Cache
CPC-Age
X-DB
X-Cache-ASPX
GEO-INFO
VNS-Age
X-DI
X-Contensis-Viewer-Groups
X-Ah-Environment
X-Mvc-Supplant-OutputCached
VNS-Cache
X-Edge-Pop
X-SplitTest
X-RPS
X-RPM
X-RSL
X-DSS
X-DW
XM
Lb
Ms-Author-Via
X-Udemy-Cache-App-Namespace
X-Cache-Status-Check
X-Date
Env
X-WA-Info
Fastly-Backend-Name
X-Accel-Expires-Debug
X-LB-NoCache
Time
Servername
Memory
X-Varnish-Authentication
X-Generated-In
X-Akamai-Transformed
X-Via-Popn
X-Micro-Cache
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Via-Poph
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popv
GeoIp-Country-Code
X-Tt-Logid
X-Xrds-Location
X-TIME
Ohc-Cache-HIT
Path
X-AIR-PT
X-HA-Backend
X-Cache-Debug
X-S-Maxage
Geoip-Latitude
ITXSESSIONID
X-Servedbyhost
X-API-Version
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Geo-Info
Fusion-Deployment-Id
X-RateLimit-Reset
Fusion-Component-Id
Fusion-Content-Id
Cache-Host
Ngx.Var.Host
True-Client-IP
FSS-Cache
CacheControlHeader
Client
X-Api-Version
X-TH-Server
X-VCL-Version
X-Varnish-Beresp-TTL
True-Client-Country-4JS
X-Action
X-Vc
XkeyRZ
X-Proxy-CacheRZ
X-Cs
X-VHOST
X-Clientip
Server-ID
X-Trace-ID
X-Backend-TTL
X-DC
X-TX-ID
Hostname
X-FireWall-Port
X-Presslabs-Stats
X-Req
Edge-Cache
X-FPC
Powered-By
NtCoent-Length
X-Webkit-Csp-Report-Only
My-App
X-Fpc
Tcn
X-Provided-By
X-Zone
X-PX
X-B3-Spanid
X-Pass-Why
X-Dmc
X-Origin-Upstream-Status
X-Varnish-Beresp-Ttl
X-INCAP-ABP
X-Up
X-Render-Time
X-MSEdge-Features
X-Traceid
X-MSEdge-Flight
Test
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
C-Via
Server-Id
X-LB-ID
X-HS-Status
X-CSRF-TOKEN
X-Cdn-Request-ID
X-Vcl-Version
X-Correlation-ID
X-Webkit-CSP-Report-Only
Click-Count-Action-Start
Rip
Click-Count-Error
DataCenter
X-Beluga-Cache-Status
X-Beluga-Trace
X-Beluga-Status
X-Gateway-Request-Id
Tube-Got-Eval
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Service
X-Beluga-Response-Time
X-Beluga-Record
Tube-Get-Contents
Tube-Got-Results
X-M-Reqid
X-Gateway-Cache-Status
X-Beluga-Node
Tube-Return
User-Agent
X-DynaTrace-JS-Agent
Uri
Esi-Enabled
X-ServedByHost
X-M-Log
X-Li-Pop
X-UnsetCookies
X-Li-Fabric
OT-Force-Account-Verify
HIT
X-Qnm-Cache
X-LI-UUID
Proxy-Connection
Srvid
X-Time-Microsecs
X-Ha-Backend
WZWS-RAY
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Alfa-Service
X-RAMCache
X-ND-Cache
X-URL
On-Server
Resin-Trace
X-Geo
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
GeoIP-Country-Code
GeoIP-Latitude
X-APP
X-CUA
Sid
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
MIME-Version
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Target-Params
WebServer
X-CCDN-CacheTTL
X-LI-Proto
X-Fetch-By
X-Platform-Cluster
Epwk-X-Cache
Cf-Device-Type
Tracecode
X-Proxy-Cache-Hk
Srv
X-Platform-Processor
X-Fragments
X-ATG-Version
X-Platform-Router
X-HostName
X-Cdn-Forward
Fastly-Drupal-HTML
X-TRACE-ID
X-FC-Vary-Parameters
Lfy
ENV
X-Lb-Nocache
X-Sucuri-Cache
X-Fastly-Backend
X-Fastly-Backend-Reqs
X-Backend-Host
X-Sucuri-ID
X-Var-Ttl
ServerName
Cdn
X-Esi
X-Azure-Ref-OriginShield
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Cache-Expires
XServer
X-Varnish-Beresp-Status
X-Edge-Origin-Shield-Bytes
X-B3-Traceid-Primal
X-Edge-POP
X-MG-S
X-Srcache-Fetch-Status
X-LiteSpeed-Cache-Control
X-Srcache-Store-Status
X-Dw-Trace-Id
X-App
Inserted-Into-Cache-At
X-Backend-State
CF-Cached-On
M-TraceId
X-Yottaa-OS
Magicmarker
X-Li-Proto
PICS-Label
X-NU-AKA-ACS-Version
X-ElasticPress-Query
X-Edge-Origin-Shield-Region
X-Newrelic-App-Data
Dt-Hot-News
D-Url-Rewrites
X-CF-Powered-By
X-Acquia-Site
Wpo-Cache-Message
Wpo-Cache-Status
X-Acquia-Application-Trace
Server-Ttl
X-Nc
X-Serial
Cf-Ipcountry
X-Iplb-Instance
X-Iplb-Request-Id
X-Acquia-Purge-Tags
X-Vcache
X-Acquia-Application-UUID
Warning
Servedby
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Id
X-Vercel-Cache
X-B3-Parentspanid
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
X-IN-APIGATEWAYSSL
X-Release
X-Request-URL
X-BBC-Origin-Response-Status
CountryCode
Content-Script-Type
X-Th-Server
X-Back
Content-Style-Type
X-Dist-Code
X-Request-Url
X-Request-Start
X-Storefront-Renderer-Verified
X-IN-APIGATEWAY
X-Litespeed-Cache-Control
Cneonction
X-Snapshot-Date
Ngx
X-Cache-CFC