Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
CF-Ray
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Request-ID
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-LiteSpeed-Cache
X-Server
X-Amz-Id-2
Grace
X-Dns-Prefetch-Control
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
X-Amz-Version-Id
EagleEye-TraceId
X-Dispatcher
X-Device
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Host
X-Server-Id
X-Backend-Server
X-Node
Cf-Railgun
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
X-Language
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Application-Context
Content-Location
X-Template
Accept-Ch-Lifetime
Rating
X-Country
X-B3-TraceId
X-Ua-Compatible
X-Cloud-Trace-Context
X-Cache-Lookup
X-Ac
X-Url
Allow
X-Content-Type
X-Trace
Accept-CH-Lifetime
X-Buckets
X-TtlSet
X-Vname
X-PC
X-Mod-Pagespeed
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-ESI
Cache-Tag
Fastly-Restarts
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Server-Name
X-Element-Page-Cache
Verso
X-GitHub-Request-Id
X-MS-InvokeApp
X-Upstream
X-Amz-Rid
X-Vcap-Request-Id
MS-Author-Via
X-Dw-Request-Base-Id
Public-Key-Pins
Accept-Ch
X-D2id
X-Cached
X-Client-IP
X-Abt-Application-Version
X-Origin-Cache
X-Cache-TTL
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
X-Country-Code
X-Cnection
X-Powered-By-Plesk
X-Goog-Hash
X-Px
X-Navigation-Version
Access-Control-Request-Method
X-NF-Request-ID
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Version
X-Aws-Lambda-Call-Status
X-Amz-Server-Side-Encryption
RTSS
X-Powered-CMS
X-Sol
Display
X-Middleton-Display
Pagespeed
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Middleton-Response
Response
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-MSEdge-Ref
X-LLID
X-Edge
X-Kinsta-Cache
X-Edge-Location-Klb
X-CST
Nginx-Cache
X-Shield-Request-Id
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
AR-PoweredBy
AR-SID
AR-Request-ID
AR-CACHE
AR-ATIME
S
X-Jurisdiction
Content-MD5
X-HP-Trace-Id
X-HP-Webp
X-T
X-RateLimit-Remaining
X-Protected-By
X-Forwarded-For
X-Content-Security-Policy-Report-Only
TCN
X-Mg-S
X-Id
X-TTL
X-Mid
X-Aspnetmvc-Version
Fastcgi-Cache
X-MCACHE
X-Ttl
Realpath
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Front-End-Https
X-Parallel-Accel
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Filters
Server-Node
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Source
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Ua-Browser
X-Content
X-Ab
X-DynaTrace
X-SharePointHealthScore
SPRequestGuid
X-Correlation-Id
X-Ezoic-Cdn
Server-Name
Alternate-Protocol
X-NWS-LOG-UUID
X-Frontend
X-Accel-Expires
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Hits
X-Cache-Key
X-ECACHE
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Content-Options
Cache-Tags
MicrosoftSharePointTeamServices
X-Git-Hash
X-Page-Id
Host
Charset
X-Fastly-Request-Id
Cleartype
X-B3-Sampled
X-Server-ID
X-Www-Served-By
X-Geo-Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Ruxit-Js-Agent
X-Content-Digest
X-Ser
TP-Cache
X-Amz-Replication-Status
TP-L2-Cache
Filterid
X-Forwarded-Proto
X-VCache
X-Amzn-Trace-Id
X-Varnish-Age
X-Hostname
X-AppVersion
X-Activity-Id
X-Az
X-XRDS-LOCATION
X-Daa-Tunnel
X-DIS-Request-ID
X-Rid
X-Debug-Info
X-Origin-Server
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Grace
X-Request-Handler-Origin-Region
X-N
X-Microsite
X-Origin-Upstream-Status
X-LB-Cache
X-FB-Debug
X-WebKit-CSP-Report-Only
ServerID
X-Nginx-Upstream-Cache-Status
X-Mobile-URL
X-Request-Guid
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-NGENIX-Cache
X-Goog-Metageneration
X-Goog-Generation
X-F-Cache
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-TT
X-GUploader-UploadID
X-Whom
X-Goog-Stored-Content-Length
X-App-Environment
Cross-Origin-Opener-Policy
X-Varnish-Grace
X-App-Server
Viewport
X-Distributor
X-Tb
Payment
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Static
Paypal-Debug-Id
DC
X-FW-Type
X-Logged-In
X-Cache-Control
Node
Fastcgi-Useragent
X-Seen-By
X-Type
X-PressLabs-Stats
X-User-Agent
X-Cache-Age
Country
Accept-Charset
X-Ratelimit-Limit
X-Cache-Rule
X-Varnish-Backend
Version
X-DataDome
X-Node-Name
X-Erf-Bev-Bev
X-Webkit-CSP
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Load-Cache
X-Wix-Request-Id
X-Webkit-Csp
X-Tec-Api-Origin
X-Cache-Action
X-Tec-Api-Root
X-Tec-Api-Version
Refresh
X-Via-JSL
X-IPLB-Instance
Access-Control-Request-Headers
X-Response-Served-From
Referer-Policy
Cache-Status
X-Original-Request-Id
SD-X-WS
Amp-Access-Control-Allow-Source-Origin
X-Drupal-Cache-Tags
X-Real-IP
X-Jobs
X-Cacheable-TTL
X-ProcessESI
X-Cluster-Name
X-Debug
X-Contextid
X-Vgn-Hpd-Reason
X-Page-View
X-UUID
X-Proxy-Cache-Status
NGB
X-Rendered-As
X-RemovedCookies
X-Is-Bot
DynaTrace
Liferay-Portal
X-Yottaa-Optimizations
X-Revision
X-Device-Type
X-Drupal-Cache-Contexts
X-Rule
X-Yottaa-Metrics
X-Signature
X-Cache-Expired-At
X-Proxy
X-B-Cache
Surrogate-Key
X-Instance
X-Mobile
X-Framework
X-B
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Akamai-GRN
X-Fastly-Request-ID
X-Cache-Time
X-Debug-IsConnected
X-FW-Version
X-G
X-Fastcgi-Cache
X-Debug-IsPreview
X-Azure-Ref
CF-IPCountry
Healthy
X-Source
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-TEC-API-VERSION
X-Ms-Version
X-Ms-Request-Id
SID
Frame-Options
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Nginx-Cache
X-XRDS-Location
X-Cache-Hit
Ms-Operation-Id
X-RTag
MS-CV
X-APP-VERSION
Section-Io-Cache
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-CDN-Forward
X-Oneagent-Js-Injection
X-Tumblr-Pixel-0
Countrycode
X-Environment-Context
X-L-Path
X-Varnish-Server
Xserver
Count-Hit
GEO-INFO
X-Cache-Operation
X-Region
X-Servername
Uber-Trace-Id
X-EdgeConnect-Cache-Status
X-Forwarded-Host
X-Content-Powered-By
X-Backend-Name
X-Mode
X-Accel-Buffering
X-IPS-LoggedIn
Backend
Cross-Origin-Window-Policy
X-Litespeed-Cache
X-Adobe-Loc
X-Adobe-Content
X-Zen-Fury
Ec-Rule-Version
Meta-Geo
X-SaId
X-RN-RSRV
X-UPSTREAM-Address
X-JoinUs
X-Varnish-Beresp-Grace
Eomportal-Instance
X-Detected-As
X-Debug-Cache
X-Sorting-Hat-PodId
X-Cache-Grace
X-Shopify-Stage
X-Redis-Cache
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Cache-Server
X-Human
X-Microcachable
X-Cache-Type
X-Hosted-By
X-Generation-Time
X-Alternate-Cache-Key
X-NCache
X-Storage
X-FB-TRIP-ID
X-Cache-TTL-Remaining
Decoy-Debug-Key
X-Status
X-Via-Fastly
X-ProxyCache-Key
X-Site-Version
X-No-Session
X-Uri
Decoy-Debug-TTL
Country-Code
X-Sql-Count
X-ServerID
X-Sql-Duration-Ms
Cache-Name
X-ProxyCache-Status
Url
Apigw-Requestid
Decoy-Debug-Status
X-Origin-Date
X-PHP-Backend
X-BYPASS-REASON
Webcakes-Region
TWC-GeoIP-Country
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
Selected-Fe
TWC-Device-Class
TWC-GeoIP-LatLong
X-PCL
X-Cache-Host
Fastly-SSL
TWC-Connection-Speed
X-Proxy-Build
Mn-Server-Ip
X-SayCDN-TTL
X-Say-Cacheable
X-UA-Device-Type
X-Web-Node
X-Say-TTL
X-Timing-Wait
Property-Id
X-Format
X-Ratelimit-Reset
X-Origin-Hint
X-OCL
Cache-Tv-Group
OT-Force-Account-Verify
Protected
X-PERF
X-Section
X-Server-W
X-Proxied
X-Pubstack
X-R9-Blue-Green-Version
X-Routing-Service
X-Zipkin-Id
DB-Nickname
X-Extlb
X-ApacheServer
X-Hl-Ver
X-Varnishpool
X-NYM-Debug-Backend
X-Akamai-Edgescape
X-Access
Azure-RegionName
Azure-InstanceId
X-Azure-Ref-OriginShield
Azure-SiteName
Azure-SlotName
Azure-Version
X-Rewrite-Enabled
X-Cluster-Node
Source
X-Cache-NGX
X-RateLimit-Limit
X-Tid
X-LSADC-Cache
X-Be
Content-Secure-Policy
X-Soup
X-Ua
X-HTML-Minification-Powered-By
X-NewRelic-App-Data
X-Time
X-Content-Age
X-Cached-By
Content-Disposition
X-Cache-Var
X-Cache-Var-Map
X-Amz-Meta-S3cmd-Attrs
X-ECache
SRV
X-Dc
X-Presslabs-Stats
X-SRV
X-Generated-By
X-LAGOON
X-Unique-Id
Cache
X-TNCMS
X-Loop
X-Varnish-Hostname
CDN-Cache
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
X-Bc-Bl
CDN-RequestId
CDN-Uid
X-Varnish-Hits
X-Hyper-Cache
Retry-After
X-App-Version
Onion-Location
X-Auto-Login
X-Origin-TTL
X-S-Maxage
X-Origin-CC
X-Tumblr-Pixel-2
Webserver
X-Trace-Id
X-TT-LOGID
X-Tumblr-Pixel-3
X-GEO
X-Nginx-Cache-Key
X-Proto
Web-Mar-Node
Cache-Hits
Xet-Cookie
X-Qnm-Cache
X-Tenant
X-Endurance-Cache-Level
X-M-Log
X-M-Reqid
X-Akamai-Transformed
X-Cdn
X-Edge-Location
LB
X-Time-Microsecs
X-Platform-Server
X-VWS-Id
Mime-Version
X-GG-Cache-Date
X-AWS-Id
X-LJ-Flow-ID
CloudFront-Viewer-Country
X-Mg-Request-UUID
X-CSRF-Token
X-Amzn-RequestId
X-CACHE-KEY
X-Amz-Apigw-Id
HostName
N-Cache
X-Xfnlog-Site
X-Cache-Tags
X-Labrador-Cache-Channel
X-PHP-Host
X-RCS-CacheZone
X-Handled-By
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Locale
X-Storefront-Renderer-Rendered
WPO-Cache-Status
ServedBy
X-Adobe-Source
X-Origin-Response-Time
WPO-Cache-Message
X-TIME
X-Request-Time
X-AOL-HN
X-B3-SpanId
X-Cache-Remote
X-VC-Cache
X-SD-PageType
X-Connection-Hash
X-Conf
X-Orig-Expires
X-A-Dcw
X-Rojux
X-S-Cookie
X-ScT
X-S
Pramga
X-A
X-Processor
X-External-Request-Id
X-Forwarded-Path
X-CF-Lambda-Version
BehaviorPad-Version
X-Planisys-CDN-TTL
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Odigeo-Trace-Id
X-ND-Cache
X-Request-Host
A
X-A-Ccd
X-A-Dam
Meta-Geo-Continent
Mobile-Detection-Method
DCR-Decision-By
X-NAPM-TraceId
X-CF-Lambda-Fn
X-Ckpd-Fst-Backend
X-Slack-Backend
X-Cache-Date
State
X-Application
X-Vdms-Path
Fastcgi-X-Cache-Version
X-V-Cache
X-TIM-N
X-Ig-Push-State
X-Developer
X-D
X-Vdms-Version
Rendered-Blocks
X-Ftr-Request-Id
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-B-Cookie
X-ARC
Xc-Version
X-Reqid
X-Destination
X-VG-WebCache
X-ATG-Version
X-Cache-NE
DSUID
X-A-Wwc
X-SRCache-Key
Redirect-Candidate
X-SVT-ORM-RULES
DCR-Processing-Time-Ms
X-A-Dgt
X-Aed
Nel
Expiry
Surrogated-Key
X-Session-Fingerprint
X-SVT-ORM-VERSION
Origin
X-Shop-Environment
X-Via-NSCOPI
X-MP-GENERATED-AT
Server-Info
X-Correlation-ID
X-Gdpr
X-Men
Gh-Request-Id
AKAMAI
X-Location
Host-ID
X-Mvc-Supplant-Cachable
Datacenter
Fastcgi-Cache-TTL
X-Hash
X-Geo-Header
CacheControlHeader
X-Forwarded-Site
V-Age
X-Fetched-On
L
X-Nyt-Route
Release
X-Sucuri-ID
X-Accel-Expires-Debug
X-Sucuri-Cache
X-Device-Os
X-Skip-Cache
X-Server-IP
X-Scheme
X-Served-From
X-Cluster
X-Varnish-Beresp-Status
X-Core-Mission
X-Cache-Bucket
User-Cache-Control
X-Date
X-Block-Status
X-VG-TLSProxy
X-VServer
X-Cache-Info
X-Rocket-Nginx-Serving-Static
X-Hnp-Log
X-Policy
X-Proxy-Upstream
From-Origin
X-Owner
X-Origin-Expires
X-Origin-Time
Wxu-Next-Region
X-Epic-Correlation-Id
X-Gen-Mode
X-Fastly-Cache
Wxu-Next-Hostname
Wxu-Next-Commit
AMP-Access-Control-Allow-Source-Origin
Environment
PFcat
X-Cdn-Origin
X-GeoIP
X-Generated-On
X-GeoIP-City
Svr
Web-Mar-Region
Thinkindot-Control
X-Fastly-Backend
We-Hiring
Vix-Hermes-Req-Id
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Gamma-Serve
X-Bip
X-Developers
X-Aicache-OS
TDXMobile
X-Cache-Config
X-Rocket-Build-Number
X-Sn-Servicetimems
X-Sigma-Backend
X-Ratelimit-Remaining
X-Thanos
X-Thinkindot-L3
X-Sigma
X-Magnolia-Registration
X-Old-Content-Length
X-Platform
X-Region-Sid
X-Request-Start
X-TrackingId
X-VarnishDD-TTL
X-BBC-Edge-Cache-Status
Traceparent
X-Cache-Debug
X-Core-Value
X-TH-Server
Req-Svc-Chain
Origin-EX
X-Viewer-Country
Arc-Country
CDCHOST
Origin-CC
Apple-News-Services-Handled
X-Req
Fastly-GeoIP-CountryCode
Apple-News-Services-Host
X-Li-Pop
X-LI-UUID
Cmsid
Cmstype
X-Level-Front-Cache
X-Irp-Debug
Mail-Subject
X-HN
Machine
Locid
X-HS-Content-Campaign-Id
Candidate-Md5Url
X-Li-Fabric
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Pod-Name
X-Csrf-Jwt
X-Qloud-Router
X-Datadog-Parent-Id
X-RateLimit-Limit-Second
X-Esi-Check
X-Eu-Site
X-Has-Esi
X-Webstats-RespID
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Envoy-Decorator-Operation
X-Is-Gdpr
Fastly-SWR
X-Gzip
X-FC-Vary-Parameters
X-UnsetCookies
X-Request-URI
X-NU-AKA-ACS-Version
X-Loc
X-Worker
X-RateLimit-Remaining-Second
X-Datadog-Sampling-Priority
X-NodeID
Fastly-SIE
X-Datadog-Trace-Id
X-JWT-State
NGX
X-CGP
X-Branch-Name
X-Cache-Id
Server-Host
X-Backend-State
True-Client-Country-4JS
X-Amzn-Remapped-Content-Length
Memcached
Ha-Gx-Prefs
Cf-Device-Type
X-EC-Lua
HA-Ipaddr
L5d-Success-Class
X-Xrds-Location
Fastly-Drupal-Html
X-FireWall-Port
X-Variation
Sslversion
X-DefElseHash
X-Origin
X-Cdn-Srv
NM-Fastcgi-Cache
X-Node-Id
Platform
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-DefHash
Adler-Geo
X-Tx-Id
X-DPWN-IS-SECURE
WWW-Authenticate
Is-Eu
X-Zone
X-Response-By
Ssr
X-CLOUD-TRACE-CONTEXT
Esi-Enabled
X-CS
On-Server
X-API-Version
X-Mvc-Supplant-OutputCached
X-NC
CDN
X-LB-ID
X-Varnish-Beresp-Ttl
X-Tt-Logid
X-Vc
X-Up
WP-Super-Cache
Pics-Label
X-Generated-In
X-Refresh
Memory
C-Via
Time
Ms-Author-Via
X-Trace-ID
X-Service
X-Datadome
X-Edge-Pop
X-Cache-Enabled
X-LB-NoCache
X-Backend-TTL
X-Cache-PHP
NtCoent-Length
X-TA-CDN-Provider
X-DynaTrace-JS-Agent
X-TraceId
X-Via-Popn
X-Via-Popv
X-Via-Poph
X-Tb-Optimization-Total-Bytes-Saved
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Env
GeoIp-Country-Code
X-Varnish-Ttl
X-NWS-UUID-VERIFY
X-Dynatrace
X-Varnish-Beresp-TTL
X-Cache-Status-Check
Magicmarker
X-Parent-Response-Time
X-Render-Time
X-Optimistic-Header
X-DC
X-ZONE
X-Info
X-Esi
X-Cs
Kp-EeAlive
X-Ua-Device
X-CacheTTL
X-Restarts
X-Servedbyhost
X-Srv
WebServer
S-Rt
X-TX-ID
X-Unique-ID
X-AIR-PT
Edge-Cache
X-RSL
X-DSS
X-DW
X-RPM
X-DI
X-DB
X-Wix-Viewer-Type
X-Clientip
Server-ID
X-Cache-Backend
X-Action
X-MSEdge-Features
X-RPS
X-MSEdge-Flight
UCS
X-VCL-Version
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
HIT
Cache-Host
X-Oss-Request-Id
X-Li-Proto
Proxy-Connection
X-Cache-Ttl
X-FPC
X-Newrelic-Synthetics
X-App
X-Minions-Version
S-Cnection
Section-Origin-Responded
X-B3-Spanid
Lb
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-LiteSpeed-Cache-Control
X-URL
Test
Server-Id
X-Fpc
X-LI-Proto
X-Webkit-Csp-Report-Only
X-HA-Backend
X-Traceid
X-Micro-Cache
X-Vcl-Version
X-Akamai-Request-ID2
User-Agent
Fastly-Backend-Name
X-Http-Reason
X-Webkit-CSP-Report-Only
X-NODE
X-Backend-Host
Tcn
Geo-Info
X-User
X-Ec-GeoHdr
X-BCube-Filmed-By
X-Pad
Accept-Language
X-Release
X-Ec-Fail
X-Pass-Why
X-ES-SERVER
X-CSRF-TOKEN
Fastly-Drupal-HTML
X-LiteSpeed-Tag
X-APP
X-HostName
X-Check-Cacheable
Cf-Int-Pingora-Origin-Digest
Resin-Trace
Hostname
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
CPC-Cache
X-Ha-Backend
EpKe-Alive
CPC-Age
Cache-Key
X-BBC-Origin-Response-Status
X-ID
X-Amz-Meta-Cb-Modifiedtime
VNS-Cache
VNS-Age
X-ServedByHost
Path
GeoIP-Country-Code
Cdncip
X-WADP-Cache
X-Fmm-Version
X-Clara-WADP
M-TraceId
Cdnsip
X-Via-PopN
X-Via-PopV
Ohc-File-Size
X-Via-PopH
X-WA
Srv
X-Akamai-Pragma-Client-IP
Hit
X-AK-Request-ID
X-WA-Info
X-Geo
X-Dynatrace-Js-Agent
X-Cdn-Forward
Geoip-Latitude
My-App
Shield-Pop
X-Edge-POP
X-ElasticPress-Query
Pagetype
Cluster
X-Wikidot-Static-Cache
ENV
X-PJAX-URL
X-Wikidot-Backend
X-Cms-Context
MIME-Version
X-CCDN-Origin-Time
MD5-Digest
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Edge-Cache
Tracecode
X-HS-Status
Load-Balancing
X-Via-Ucdn
X-Var-Ttl
X-From
X-NGINX-Cache
Lfy
X-CUA
X-Api-Version
X-VG-WebServer
T-Server
X-Ucs
X-ServerName
X-Fastly-Cache-Hits
URI
X-UP
X-Fragments
Sever-Int
Server-Hostname
X-Fastly-Backend-Reqs
X-Cache-Expires
IsBot
W
Server-Ext
X-GoCache-CacheStatus
Lang
Servername
X-SIPLIST1
X-Lb-Id
X-Mcache
X-RAMCache
WZWS-RAY
Sid
X-TRACE-ID
X-Dw-Trace-Id
X-VC
Target-Params
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Cteonnt-Length
X-Nc
PICS-Label
Ohc-Cache-HIT
Cneonction
X-RateLimit-Reset
Cdn
X-Cdn-Request-ID
X-Provided-By
X-B3-ParentSpanId
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Access-Object
X-Cc-Via
X-Newrelic-App-Data
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-Trace
X-Via-CDN
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Swift-Error
X-Apw-Hits
Cf-Ipcountry
X-Akamai-Request-ID
HitType
Dnion-Transfer-Encoding
Vha6-Origin
CF-Cached-On
Server-Ttl
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-Yottaa-OS
X-Air-Pt
X-Cache-Ngx
X-Akamai-ERPolicy
X-Last-Modified
X-Akamai-ERRuleID
X-Http-Count
X-Te-Duration-Ms
X-Te-Count
X-Http-Duration-Ms
Uri
X-Sentry-ID
X-Logging-Id
X-HTML-Edge-Cache
X-CacheKey
Req-ID
X-UA
FSS-Cache
CountryCode
X-Miniprofiler-Ids
Ngx
X-Lb-Nocache
X-Varnish-Authentication
X-B3-Parentspanid