Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
Alt-Svc
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Akamai-Path-Stats
X-Dns-Prefetch-Control
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
X-Amz-Id-2
X-UA-Device
Host-Header
X-Proxy-Cache
X-Hacker
X-Rq
Grace
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Vhost
Ali-Swift-Global-Savetime
X-Dispatcher
X-LiteSpeed-Cache
X-Amz-Version-Id
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Server-Id
X-Node
Cf-Edge-Cache
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-CST
X-Backend-Server
X-Readtime
X-Akam-SW-Version
X-Cache-Lookup
X-Response-Time
Accept-CH
X-HW
X-Application-Context
Xkey
Content-Location
Rating
Accept-Ch
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
Accept-Ch-Lifetime
X-Trace
X-Country
X-Ruxit-JS-Agent
X-Url
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-Vname
X-PC
X-TtlSet
RTSS
X-Amz-Server-Side-Encryption
X-Varnish-TTL
Edge-Control
X-VARITI-CCR
Cache-Tag
X-Edge
X-Content-Type
X-B3-TraceId
X-FastCGI-Cache
X-Server-Name
X-Vcap-Request-Id
X-ESI
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Amz-Rid
X-Dw-Request-Base-Id
X-Px
X-ASPNET-VERSION
Public-Key-Pins
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Content-Security-Policy-Report-Only
X-Powered-By-Plesk
X-Middleton-Display
Display
Pagespeed
X-Sol
X-Ac
X-Abt-Application-Version
Verso
X-Client-IP
X-Element-Page-Cache
X-Version
Arr-Disable-Session-Affinity
X-RateLimit-Remaining
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Middleton-Response
Response
X-Goog-Hash
X-Cached
SPRequestDuration
Access-Control-Request-Method
SPIisLatency
X-Ttl
X-Kinsta-Cache
X-TTL
X-Edge-Location-Klb
SPRequestGuid
X-SharePointHealthScore
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
X-Powered-CMS
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Upstream
X-Instrumentation
X-Correlation-Id
Edge-Cache-Tag
X-LLID
X-WebKit-CSP-Report-Only
X-NWS-LOG-UUID
Content-MD5
X-Litespeed-Cache
X-Cache-Key
X-Forwarded-For
X-Id
X-ECACHE
Nginx-Cache
X-RateLimit-Limit
X-Shield-Request-Id
TCN
X-MSEdge-Ref
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Recruiting
Mrf-Cache-Status
MRF-Tech
S
X-T
X-Ruxit-Js-Agent
X-Daa-Tunnel
X-Content-Digest
X-B3-TraceId-Primal
X-Mg-S
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ua-Device
TP-L2-Cache
TP-Cache
X-Grace
X-Mcache
X-DataDome
X-Accel-Expires
X-DynaTrace
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Frontend
X-HS-Combine-CSS
Front-End-Https
X-Protected-By
Filters
X-Yandex-Sdch-Disable
Server-Node
X-Ezoic-Cdn
X-Request-Received
X-Request-Processing-Time
MicrosoftSharePointTeamServices
X-Ab
X-Content
X-Ua-Browser
X-PressLabs-Stats
X-Distributor
X-Origin-Server
X-Hits
Fastcgi-Cache
X-LB-Cache
X-ORACLE-DMS-ECID
MS-Author-Via
X-Geo-Country
X-ORACLE-DMS-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Mid
Charset
X-Amzn-Trace-Id
Host
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Webkit-Csp
Cache-Status
X-F-Cache
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Git-Hash
X-Page-Id
Cleartype
Realpath
X-Debug-Info
X-Seen-By
X-Az
X-AppVersion
X-Cache-Age
X-Activity-Id
Access-Control-Allow-Method
X-DIS-Request-ID
X-Ratelimit-Reset
X-Nginx-Upstream-Cache-Status
X-Www-Served-By
Permissions-Policy
Accept-Charset
X-Fastly-Request-Id
X-Webkit-CSP
Filterid
X-Server-ID
X-Aspnetmvc-Version
ServerID
Cache-Tags
X-Varnish-Age
X-Cluster-Name
X-Rid
X-FB-Debug
X-Content-Options
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Type
Retry-After
Server-Name
X-Midtier
X-Amz-Meta-S3cmd-Attrs
X-App-Environment
X-Varnish-Grace
X-Varnish-Backend
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Flags
X-Tb
X-Is-Crawler
X-B
Country
X-User-Agent
X-B-Cache
X-Signature
X-Wix-Request-Id
Viewport
X-Whom
X-TT
X-VCache
X-Drupal-Cache-Tags
Paypal-Debug-Id
DC
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Origin-Cache
Node
X-Goog-Stored-Content-Encoding
X-Language
X-Oracle-Dms-Ecid
X-Debug
Fastcgi-Useragent
X-Oracle-Dms-Rid
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-NWS-UUID-VERIFY
X-Logged-In
Protected
X-Mobile-URL
Payment
X-Amz-Replication-Status
X-Cache-NGX
X-Load-Cache
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-N
WPO-Cache-Status
X-Cache-Control
WPO-Cache-Message
X-XRDS-LOCATION
Count-Hit
Alternate-Protocol
X-XRDS-Location
Healthy
X-NGENIX-Cache
X-Contextid
X-Restarts
X-Node-Name
X-Via-JSL
X-Mobile
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Proxy
Content-Disposition
X-Response-Served-From
X-Original-Request-Id
X-MCACHE
SD-X-WS
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
X-Jobs
Url
Refresh
Akamai-GRN
X-G
X-Servername
X-Page-View
X-Real-IP
Uber-Trace-Id
X-UUID
X-Akamai-Request-ID2
X-Adobe-Content
X-Adobe-Loc
X-Cache-Time
X-Debug-IsPreview
X-Device-Type
X-Debug-IsConnected
X-Cache-TTL-Remaining
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Revision
X-Zen-Fury
X-Rendered-As
X-Cacheable-TTL
X-Varnish-Server
X-Mg-Request-UUID
X-Framework
X-Http-Reason
X-Is-Bot
X-Yottaa-Metrics
X-Cache-Grace
X-Proxy-Cache-Status
X-Drupal-Cache-Contexts
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-Datadome
X-L-Path
NGB
X-Instance
X-Environment-Context
X-Template
X-Hostname
X-HTML-Minification-Powered-By
X-IPLB-Instance
Frame-Options
Version
X-Ratelimit-Remaining
X-EdgeConnect-Cache-Status
Referer-Policy
X-Source
Countrycode
X-ECache
X-Fastly-Request-ID
MS-CV
Ms-Operation-Id
X-B3-Traceid
X-RTag
Liferay-Portal
Accept-Language
X-Oneagent-Js-Injection
X-NYM-Debug-Backend
X-App-Server
X-Cache-Rule
X-Trace-Id
X-Cache-Hit
X-Cache-Expired-At
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-Hosted-By
X-Tumblr-Pixel-0
Backend
X-Tumblr-Pixel-1
X-Tumblr-User
X-Unique-Id
X-IPS-LoggedIn
From-Origin
X-Vgn-Hpd-Reason
X-Nginx-Cache
X-APP-VERSION
X-COUNTRY
X-Status
X-ProcessESI
X-RemovedCookies
X-FW-Version
Meta-Geo
WP-Super-Cache
X-Cache-Server
X-RN-RSRV
Upgrade-Insecure-Requests
X-UPSTREAM-Address
Section-Io-Cache
Load-Balancing
X-Ratelimit-Limit
X-OCL
X-LJ-Flow-ID
X-PCL
Content-Secure-Policy
X-VWS-Id
X-AWS-Id
X-FB-TRIP-ID
X-No-Session
X-Content-Age
X-Cache-Enabled
X-Sql-Duration-Ms
X-Sql-Count
X-Section
X-UA-Device-Type
Mn-Server-Ip
X-PHP-Backend
X-Via-Fastly
S-Rt
CF-IPCountry
X-PHP-Host
X-Access
X-Ua
X-Be
X-Content-Powered-By
X-Region
X-Origin-Date
X-Redis-Cache
Apigw-Requestid
X-Labrador-Cache-Channel
X-Akamai-Edgescape
X-Mode
X-Nginx-Cache-Key
X-Human
X-Generated-By
X-PERF
X-ProxyCache-Key
X-Say-Cacheable
X-Request-Time
X-ProxyCache-Status
X-Platform-Server
X-Forwarded-Host
X-ApacheServer
X-AOL-HN
X-Adobe-Source
Locale
X-BYPASS-REASON
X-Cache-Tags
X-Format
X-Debug-Cache
X-Cms-Context
X-Say-TTL
X-Site-Version
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Version
Webcakes-Region
X-Server-W
X-Origin-Hint
X-Cluster-Node
TWC-Device-Class
TWC-Connection-Speed
X-Urbn-Context-Path
X-Storage
Eomportal-Instance
X-Urbn-Site-Id
X-Uri
Property-Id
X-Xfnlog-Site
X-VC-Cache
X-SayCDN-TTL
TWC-Locale-Group
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
Azure-SlotName
Azure-Version
Azure-SiteName
X-Cache-Type
Azure-RegionName
X-Storefront-Renderer-Rendered
X-Varnish-Cache-Hits
X-Proxied
X-Cache-Host
X-Locale
X-Generation-Time
Fastly-SSL
Azure-InstanceId
X-Tid
X-JoinUs
X-Hl-Ver
X-ServerID
X-SaId
X-NewRelic-App-Data
X-Routing-Service
X-GG-Cache-Date
X-GeoCountry
X-Web-Node
X-Extlb
X-Edge-Location
X-Fastcgi-Cache
X-Zipkin-Id
X-GeoCode
X-Detected-As
X-Varnishpool
X-Handled-By
X-Backend-Name
X-Proto
Webserver
CDN-PullZone
X-CDN-Forward
CDN-RequestId
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-CachedAt
X-Timing-Wait
Cache-Tv-Group
CDN-Uid
X-Proxy-Build
CDN-Cache
Selected-Fe
ServedBy
X-Dc
Fastly-Drupal-Html
Ec-Rule-Version
Web-Mar-Node
X-App-Version
X-LSADC-Cache
Onion-Location
X-IPLB-Request-ID
X-Magnolia-Registration
X-Cache-Action
X-GEO
X-Varnish-Hostname
Cache-Hits
X-Tt-Logid
X-Cached-By
SID
X-Envoy-Decorator-Operation
X-Cache-Operation
SRV
X-Cache-Remote
X-Cluster
X-Air-Hostname
X-Air-Source
Mime-Version
X-Hyper-Cache
X-Air-Trace-Id
LB
X-Varnish-Hits
X-Rewrite-Enabled
X-Cdn
X-Origin-CC
X-Origin-TTL
X-SRV
X-Soup
X-Rule
Xet-Cookie
X-Parallel-Accel
Cache
DB-Nickname
Xserver
Source
Server-Info
X-Microcachable
X-CSRF-Token
X-MP-GENERATED-AT
X-Accel-Buffering
X-Reqid
Country-Code
X-Pubstack
X-Xrds-Location
X-TA-CDN-Provider
X-Tumblr-Pixel-2
X-Via-NSCOPI
X-Buckets
X-Tx-Id
Decoy-Debug-Key
X-Skip-Cache
Decoy-Debug-Status
X-Tumblr-Pixel-3
Decoy-Debug-TTL
X-TT-LOGID
X-Origin-Response-Time
X-Cache-Status-Check
X-B3-SpanId
X-Endurance-Cache-Level
X-Time
X-Request-Host
X-D
Meta-Geo-Continent
Candidate-Md5Url
X-Ec-GeoHdr
X-B-Cookie
Mobile-Detection-Method
X-ARC
X-Geo-Header
X-Cache-NE
Cdncip
X-Processor
X-Ec-Fail
Rendered-Blocks
X-PAYTM-SRV-ID
X-Vdms-Path
A
Host-ID
X-Conf
NM-Fastcgi-Cache
MD5-Digest
X-Ig-Push-State
Odigeo-Trace-Id
X-Forwarded-Path
X-NAPM-TraceId
X-Connection-Hash
X-PBS-Appsvrname
Cache-Key
X-Epic-Correlation-Id
X-Hash
BehaviorPad-Version
X-Orig-Expires
X-External-Request-Id
X-BCube-Filmed-By
X-Cdn-Srv
Pramga
X-Application
X-S-Cookie
T-Server
Cmstype
XM
X-SplitTest
X-SRCache-Key
X-Vtex-Processado-Em
Cmsid
X-VG-WebCache
X-Rojux
X-User
X-S
X-CF-Lambda-Version
X-Vtex-Remote-Cache
DCR-Decision-By
X-Developer
X-Shop-Environment
X-A-Dgt
X-A-Dcw
X-SD-PageType
DCR-Processing-Time-Ms
X-A
Xc-Version
X-A-Ccd
X-ScT
X-A-Dam
X-A-Wwc
X-Destination
X-Aed
Cdnsip
Sslversion
Expiry
X-CF-Lambda-Fn
X-TIM-N
X-Amz-Apigw-Id
X-Session-Fingerprint
X-TrackingId
X-AK-Request-ID
Fastcgi-X-Cache-Version
X-Amzn-RequestId
X-Tenant
Datacenter
Surrogated-Key
Lang
X-Vdms-Version
X-Newrelic-Synthetics
X-Azure-Ref
Mail-Subject
X-DefHash
X-DefElseHash
X-Developers
Kp-EeAlive
X-Esi-Check
X-DPWN-IS-SECURE
X-Fetched-On
X-Core-Mission
Environment
X-Core-Value
Adler-Geo
X-Varnish-Beresp-Grace
Memcached
AKAMAI
X-CacheTTL
X-Ad-Defer-Variation
X-Rocket-Build-Number
Redirect-Candidate
X-SB
X-Scheme
State
Is-Eu
X-Bc-Bl
Server-Host
We-Hiring
X-Worker
X-Wix-Viewer-Type
X-SVT-ORM-VERSION
Wxu-Next-Commit
X-TNCMS
X-SVT-ORM-RULES
Wxu-Next-Hostname
X-Sigma
X-Sigma-Backend
Wxu-Next-Region
Producers
DynaTrace
X-Is-Gdpr
X-JWT-State
X-Cache-Id
X-Varnish-Remaining-TTL
X-Irp-Debug
X-HS-Content-Campaign-Id
X-GeoIP
X-Gzip
X-Has-Esi
X-Varnish-CookieINHashed-On
X-Loop
X-Origin
X-Origin-Expires
Platform
X-NodeID
X-Variation
X-Ms-Version
X-Ms-Request-Id
X-Varnish-CookieHashed-On
HostName
X-Ckpd-Fst-Backend
X-Clara-WADP
VNS-Cache
X-Aicache-OS
X-Cache-Bucket
X-Cache-Date
X-Cache-Info
X-Branch-Name
X-Block-Status
X-Cdn-Origin
X-BBC-Edge-Cache-Status
X-CGP
X-RCS-CacheZone
X-Nyt-Route
X-Origin-Time
X-Gdpr
VNS-Age
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Pool
X-Policy
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Amzn-Remapped-Content-Length
X-Request-URI
X-VG-TLSProxy
X-VServer
X-Thinkindot-L3
X-V-Cache
X-VarnishDD-TTL
X-Sn-Servicetimems
X-Slack-Backend
Fastly-Backend-Name
X-Rocket-Nginx-Serving-Static
X-Served-From
X-WADP-Cache
X-SIPLIST1
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Fmm-Version
X-Fastly-Cache
X-Forwarded-Site
X-Ftr-Request-Id
X-Gamma-Serve
X-Eu-Site
X-Ec-Custom-Error
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Device-Os
X-Dispatcher-Number
X-Gen-Mode
X-Generated-On
X-Mvc-Supplant-Cachable
X-Minions-Version
X-NCache
X-Node-Id
X-Planisys-CDN-Cache
X-Loc
X-Level-Front-Cache
X-GeoIP-City
X-HN
X-Hnp-Log
X-LAGOON
X-Csrf-Jwt
Thinkindot-Control
IsBot
L
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
L5d-Success-Class
Machine
Origin-EX
Origin-CC
Origin
NGX
Fastly-SIE
Fastly-GeoIP-CountryCode
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-Varnish-Ttl
X-AIR-PT
Vix-Hermes-Req-Id
Apple-News-Services-Request-Url
CDCHOST
Fastcgi-Cache-TTL
CPC-Cache
CPC-Age
CloudFront-Viewer-Country
PFcat
Apple-News-Services-Host
Traceparent
Svr
Thinkindot-CacheControl
User-Cache-Control
Ssr
Sever-Int
TDXMobile
Server-Hostname
Req-Svc-Chain
Release
V-Age
Thinkindot-CacheControl-Type
Server-Ext
Cache-Name
X-Cache-Backend
X-ZONE
X-Optimistic-Header
X-WA-Info
X-Platform
X-Auto-Login
DSUID
X-Owner
X-Micro-Cache
X-Wikidot-Static-Cache
Web-Mar-Region
Cluster
N-Cache
Gh-Request-Id
X-Pod-Name
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Scale
Ohc-File-Size
X-Wikidot-Backend
X-Viewer-Country
X-Via-Ucdn
X-R9-Blue-Green-Version
X-Correlation-ID
X-VC
X-EC-Lua
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Pics-Label
X-CS
CDN
X-URL
X-Refresh
GEO-INFO
Ngx.Var.Host
X-Httpd
Cache-Host
X-Server-IP
X-CACHE-KEY
Servername
Path
X-LB-NoCache
XkeyRZ
X-Proxy-CacheRZ
X-NC
X-Parent-Response-Time
X-Ah-Environment
Ms-Author-Via
X-Cache-ASPX
X-Contensis-Viewer-Groups
Env
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-Webstats-RespID
X-From
X-Srv
X-Tb-Optimization-Total-Bytes-Saved
X-Udemy-Cache-App-Namespace
X-Location
Memory
X-Varnish-Authentication
X-Via-Popv
X-RateLimit-Reset
X-Clientip
X-Generated-In
X-Edge-Pop
Time
X-Via-Poph
X-Via-Popn
Lb
X-TIME
Locid
X-TraceId
X-Amz-Meta-Cb-Modifiedtime
X-API-Version
Ohc-Cache-HIT
X-Men
X-Trace-ID
X-Response-By
X-Varnish-Beresp-TTL
Arc-Country
X-S-Maxage
ITXSESSIONID
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
X-Dmc
GeoIp-Country-Code
X-Old-Content-Length
X-Date
X-Accel-Expires-Debug
X-DB
X-RPM
Server-ID
X-RSL
X-DI
X-RPS
Client
X-HA-Backend
True-Client-IP
X-VCL-Version
X-DW
X-Vc
X-DSS
X-Cs
X-VHOST
X-Fpc
X-Tec-Api-Root
X-DC
X-Tec-Api-Version
X-DynaTrace-JS-Agent
X-Tec-Api-Origin
X-TRACE-ID
Geoip-Latitude
X-MSEdge-Features
X-MSEdge-Flight
X-Render-Time
X-Zone
X-Presslabs-Stats
X-GeoIP-Country-Code
X-Gateway-Request-Id
Hostname
X-Gateway-Cache-Status
X-Gateway-Cache-Key
Rip
X-Gateway-Skip-Cache
C-Via
X-GeoIP-Region-Code
X-Service
X-INCAP-ABP
X-Cache-Debug
X-FireWall-Port
Tube-Got-Results
Click-Count-Error
Click-Count-Action-Start
Tube-Get-Contents
Tube-Got-Eval
Tube-Return
FSS-Cache
X-M-Reqid
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Qnm-Cache
NtCoent-Length
X-M-Log
Powered-By
On-Server
Esi-Enabled
X-Webkit-Csp-Report-Only
X-Api-Version
X-TX-ID
X-B3-Spanid
X-PX
HIT
CacheControlHeader
X-Alfa-Service
Srv
X-TH-Server
X-Action
Tcn
Test
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
True-Client-Country-4JS
X-NGINX-Cache
X-FPC
X-Esi
X-Backend-TTL
X-Proxy-Cache-Hk
OT-Force-Account-Verify
X-Cdn-Request-ID
X-CSRF-TOKEN
X-HS-Status
X-Traceid
Cdn
Server-Id
Edge-Cache
X-Beluga-Cache-Status
GeoIP-Latitude
GeoIP-Country-Code
X-Vcl-Version
User-Agent
X-Check-Cacheable
X-Beluga-Response-Time
X-Beluga-Record
Geo-Info
X-Beluga-Status
X-Beluga-Node
X-Beluga-Trace
X-Akamai-Pragma-Client-IP
X-Pass-Why
X-Varnish-Beresp-Ttl
X-Req
DT-Hot-News
X-Origin-Upstream-Status
My-App
X-Via-PopN
X-Via-PopH
Uri
Srvid
Resin-Trace
X-App
Proxy-Connection
X-Via-PopV
X-Ha-Backend
X-CLOUD-TRACE-CONTEXT
Server-Ttl
MIME-Version
X-APP
Sid
Cf-Int-Pingora-Origin-Digest
M-TraceId
X-Thanos
X-Bip
True-Client-Ip
X-ServedByHost
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Up
Epwk-X-Cache
WebServer
X-Cdn-Forward
X-Backend-Host
X-Fastly-Backend-Reqs
X-Edge-POP
X-Request-Start
X-LB-ID
ENV
X-SERVER-NAME
X-Provided-By
Warning
X-B3-Traceid-Primal
X-FORWARDED-FOR
XServer
ServerName
X-Li-Pop
X-Geo
X-Li-Fabric
X-Lb-Nocache
X-LI-Proto
X-LI-UUID
X-CACHE-AGE
X-HostName
X-HITS
X-UnsetCookies
X-Webkit-CSP-Report-Only
X-Fetch-By
CF-Cached-On
X-ElasticPress-Query
X-Newrelic-App-Data
Section-Origin-Responded
X-Akamai-Request-ID
X-Dw-Trace-Id
PICS-Label
X-Serial
X-RAMCache
X-Vercel-Cache
X-Nc
Section-Io-Id
X-CF-Powered-By
Magicmarker
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Vercel-Id
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
WZWS-RAY
X-ND-Cache
X-Yottaa-OS
X-CMSURLCustom
X-Varnish-Beresp-Status
X-Time-Microsecs
X-Request-Url
X-Iplb-Request-Id
Dt-Hot-News
X-Iplb-Instance
Inserted-Into-Cache-At
X-Vcache
X-Cc-Via
X-IN-APIGATEWAY
D-Url-Rewrites
X-IN-APIGATEWAYSSL
Cdn-Requestid
Cdn-Uid
Servedby
Cdn-Pullzone
X-Air-Pt
Cdn-Requestcountrycode
Cdn-Edgestorageid
Cdn-Cache
Cdn-Cachedat
Wp-Super-Cache
Vha6-Origin
X-LiteSpeed-Tag
Canary
Hit
X-MiniProfiler-Ids
X-Snapshot-Date
Content-Script-Type
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
Content-Style-Type
CountryCode
X-BBC-Origin-Response-Status
X-Release
X-Request-URL
Cf-Device-Type
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Azure-Ref-OriginShield
X-CUA
X-Dist-Code
DataCenter
X-Wp-Cf-Super-Cache-Cache-Control