Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Akamai-Path-Stats
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Dns-Prefetch-Control
X-Age
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-AH-Environment
Host-Header
X-Amz-Id-2
X-Proxy-Cache
X-UA-Device
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Ua-Compatible
Allow
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
Cf-Edge-Cache
X-CST
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Url
X-Country
Fastly-Restarts
Accept-Ch
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-TtlSet
X-Vname
X-PC
RTSS
Edge-Control
X-Amz-Server-Side-Encryption
X-Varnish-TTL
X-VARITI-CCR
X-Server-Name
X-FastCGI-Cache
X-ESI
Cache-Tag
X-ASPNET-VERSION
X-Vcap-Request-Id
X-Content-Type
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
X-Dw-Request-Base-Id
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Px
X-Edge
X-Amz-Rid
Public-Key-Pins
X-B3-TraceId
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Ac
X-Sol
X-Powered-By-Plesk
X-Middleton-Display
Display
Pagespeed
X-Element-Page-Cache
Verso
X-Abt-Application-Version
X-Client-IP
X-Version
X-Ttl
Arr-Disable-Session-Affinity
X-Content-Security-Policy-Report-Only
X-Litespeed-Cache
X-Cache-TTL
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Middleton-Response
Response
X-Goog-Hash
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
X-Cached
X-Kinsta-Cache
X-Correlation-Id
SPRequestGuid
AR-PoweredBy
X-SharePointHealthScore
X-Edge-Location-Klb
AR-ATIME
AR-SID
AR-Request-ID
AR-CACHE
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Upstream
Edge-Cache-Tag
X-LLID
X-Forwarded-For
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
Content-MD5
X-Cache-Key
Nginx-Cache
X-Id
X-TTL
X-Shield-Request-Id
X-MSEdge-Ref
X-RateLimit-Limit
X-WebKit-CSP-Report-Only
X-ECACHE
TCN
Mrf-Cache-Status
MRF-Tech
X-TEC-API-VERSION
X-Recruiting
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-T
S
X-Content-Digest
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Mg-S
X-Ua-Device
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
TP-Cache
TP-L2-Cache
X-Grace
X-Accel-Expires
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-DynaTrace
X-HS-Cache-Config
X-Frontend
X-Request-Received
X-Ezoic-Cdn
X-Request-Processing-Time
MicrosoftSharePointTeamServices
X-Ua-Browser
X-Yandex-Sdch-Disable
Front-End-Https
Server-Node
X-Content
X-Ab
X-DataDome
X-Protected-By
X-Origin-Server
Filters
X-Distributor
MS-Author-Via
X-ORACLE-DMS-ECID
X-PressLabs-Stats
X-Hits
Fastcgi-Cache
X-ORACLE-DMS-RID
X-Geo-Country
X-Mid
X-Webkit-Csp
X-LB-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Tt-Trace-Host
X-Tt-Trace-Tag
Charset
X-Amzn-Trace-Id
Cleartype
Host
X-Mcache
X-Git-Hash
X-Debug-Info
X-F-Cache
X-Page-Id
Cross-Origin-Opener-Policy
X-B3-Sampled
X-Forwarded-Proto
Cache-Status
X-Cache-Age
X-Ratelimit-Reset
X-Seen-By
Realpath
X-Fastly-Request-Id
X-Webkit-CSP
X-DIS-Request-ID
X-Az
X-AppVersion
X-Activity-Id
X-Server-ID
Access-Control-Allow-Method
Accept-Charset
X-Www-Served-By
Filterid
ServerID
X-Aspnetmvc-Version
X-Nginx-Upstream-Cache-Status
X-Varnish-Age
Cache-Tags
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Cluster-Name
X-Rid
Permissions-Policy
X-Content-Options
X-Type
Retry-After
X-FB-Debug
X-Varnish-Backend
X-App-Environment
Country
X-User-Agent
Server-Name
X-Varnish-Grace
Viewport
X-Wix-Request-Id
X-Signature
X-Tb
X-Request-Guid
X-B-Cache
DC
X-Aspnet-Duration-Ms
X-Drupal-Cache-Tags
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
Paypal-Debug-Id
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Upgrade-Enabled
X-Whom
X-Goog-Generation
X-B
X-GUploader-UploadID
Node
X-MCACHE
X-Amz-Meta-S3cmd-Attrs
X-Language
X-Kong-Proxy-Latency
X-TT
X-VCache
X-Kong-Upstream-Latency
Fastcgi-Useragent
X-Origin-Cache
X-Debug
X-Mobile-URL
Protected
X-NWS-UUID-VERIFY
X-N
X-Oracle-Dms-Ecid
X-Logged-In
X-Amz-Replication-Status
X-Oracle-Dms-Rid
X-Cache-NGX
Payment
X-XRDS-LOCATION
Surrogate-Key
X-Load-Cache
Amp-Access-Control-Allow-Source-Origin
X-XRDS-Location
WPO-Cache-Message
WPO-Cache-Status
X-Midtier
X-Cache-Control
X-Via-JSL
Count-Hit
X-Contextid
Healthy
X-B3-Traceid
X-Node-Name
X-Restarts
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-NGENIX-Cache
X-Mobile
Alternate-Protocol
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-Proxy
Content-Disposition
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
Akamai-GRN
X-Ratelimit-Remaining
Refresh
X-G
X-Cache-Time
Url
X-Zen-Fury
X-Revision
X-Jobs
X-Adobe-Loc
X-Akamai-Request-ID2
X-Page-View
X-UUID
X-Framework
X-Adobe-Content
X-Servername
X-Cache-TTL-Remaining
Uber-Trace-Id
X-Debug-IsConnected
X-Cacheable-TTL
X-Cache-Grace
NGB
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Instance
X-Proxy-Cache-Status
X-Mg-Request-UUID
X-Http-Reason
X-Datadome
X-Real-IP
X-Is-Bot
X-Device-Type
X-Drupal-Cache-Contexts
X-Rendered-As
X-Debug-IsPreview
X-Template
X-Yottaa-Optimizations
X-Varnish-Server
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
X-Yottaa-Metrics
X-ECache
X-L-Path
X-Environment-Context
X-IPLB-Instance
X-Hostname
X-Source
Version
X-Trace-Id
X-EdgeConnect-Cache-Status
Frame-Options
X-Oneagent-Js-Injection
MS-CV
Ms-Operation-Id
X-RTag
Accept-Language
Referer-Policy
Liferay-Portal
X-Fastly-Request-ID
Countrycode
X-NYM-Debug-Backend
X-Cache-Hit
X-Cache-Rule
X-App-Server
From-Origin
X-Cache-Expired-At
Cross-Origin-Window-Policy
X-Vgn-Hpd-Reason
Backend
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-APP-VERSION
X-Tumblr-User
X-Tumblr-Pixel-1
X-COUNTRY
X-Hosted-By
X-IPS-LoggedIn
X-Ratelimit-Limit
X-Unique-Id
Content-Secure-Policy
X-FW-Version
Load-Balancing
Meta-Geo
CF-IPCountry
X-Status
X-Cache-Server
Upgrade-Insecure-Requests
X-UPSTREAM-Address
X-RN-RSRV
WP-Super-Cache
Section-Io-Cache
X-PCL
X-PHP-Host
X-Ua
X-Redis-Cache
X-Cache-Enabled
X-FB-TRIP-ID
X-Nginx-Cache
X-Labrador-Cache-Channel
X-No-Session
X-OCL
X-Generation-Time
X-Server-W
Webcakes-App-Name
Webcakes-App-Version
X-VWS-Id
X-Sql-Count
Apigw-Requestid
Azure-RegionName
Azure-InstanceId
X-Cluster-Node
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
X-Akamai-Edgescape
X-Access
TWC-Privacy
X-Origin-Date
X-Section
X-LJ-Flow-ID
X-Origin-Hint
X-Uri
Azure-SlotName
Property-Id
X-Varnish-Cache-Hits
X-Region
X-RemovedCookies
S-Rt
X-AOL-HN
X-Format
X-Via-Fastly
TWC-Connection-Speed
X-Be
Mn-Server-Ip
Azure-Version
X-Request-Time
Azure-SiteName
X-Sql-Duration-Ms
Fastly-SSL
TWC-Device-Class
X-AWS-Id
X-UA-Device-Type
X-ProcessESI
TWC-GeoIP-Country
X-Content-Age
X-Mode
X-Generated-By
X-Forwarded-Host
X-GG-Cache-Date
X-Locale
X-PHP-Backend
X-PERF
X-Debug-Cache
X-Human
X-Content-Powered-By
X-ApacheServer
X-Adobe-Source
Locale
X-BYPASS-REASON
X-Cache-Host
X-Cms-Context
X-Cache-Tags
X-Platform-Server
X-Nginx-Cache-Key
X-Xfnlog-Site
X-Urbn-Context-Path
X-Site-Version
X-Urbn-Site-Id
X-Storage
X-Say-TTL
X-SayCDN-TTL
X-VC-Cache
X-ProxyCache-Status
X-ProxyCache-Key
X-JoinUs
X-SaId
X-Say-Cacheable
X-Cache-Type
X-Zipkin-Id
X-Web-Node
X-Backend-Name
X-Extlb
X-Hl-Ver
X-Routing-Service
Eomportal-Instance
X-GeoCountry
X-GeoCode
X-Detected-As
X-Proxied
X-ServerID
X-Tid
X-Handled-By
X-Shopify-Stage
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Edge-Location
X-NewRelic-App-Data
Cache-Tv-Group
X-Varnishpool
CDN-RequestCountryCode
CDN-RequestId
X-Storefront-Renderer-Rendered
CDN-EdgeStorageId
X-Proto
CDN-Cache
CDN-CachedAt
Ec-Rule-Version
CDN-PullZone
CDN-Uid
Webserver
ServedBy
X-Dc
X-Cache-Action
Fastly-Drupal-Html
Selected-Fe
X-Timing-Wait
X-Proxy-Build
Web-Mar-Node
X-CDN-Forward
X-LSADC-Cache
Onion-Location
SRV
X-GEO
X-Parallel-Accel
X-Cached-By
X-Varnish-Hostname
X-Cache-Remote
X-App-Version
X-Hyper-Cache
Mime-Version
X-IPLB-Request-ID
Cache-Hits
X-Magnolia-Registration
X-Fastcgi-Cache
X-Cluster
X-Cache-Operation
X-Rule
SID
X-Cdn
X-Rewrite-Enabled
X-SRV
X-Tt-Logid
X-Soup
X-Origin-TTL
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Origin-CC
X-Varnish-Hits
X-Envoy-Decorator-Operation
Xserver
LB
X-Pubstack
X-Accel-Buffering
X-Reqid
X-TT-LOGID
Xet-Cookie
X-Microcachable
Cache
DB-Nickname
Country-Code
Server-Info
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Source
X-TA-CDN-Provider
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Amzn-RequestId
X-Request-Host
X-Amz-Apigw-Id
X-CSRF-Token
X-Origin-Response-Time
X-Buckets
X-Via-NSCOPI
X-B3-SpanId
X-Tx-Id
X-Endurance-Cache-Level
Pramga
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
T-Server
Candidate-Md5Url
Odigeo-Trace-Id
Cdnsip
X-Vdms-Version
Xc-Version
X-VG-WebCache
Sslversion
Surrogated-Key
Rendered-Blocks
Cmstype
X-Skip-Cache
Lang
MD5-Digest
Host-ID
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
Expiry
Meta-Geo-Continent
Cdncip
NM-Fastcgi-Cache
BehaviorPad-Version
A
Cmsid
Mobile-Detection-Method
DCR-Decision-By
Cache-Key
X-Cdn-Srv
X-Esi-Check
X-SD-PageType
X-External-Request-Id
X-ScT
X-S-Cookie
X-Epic-Correlation-Id
X-Session-Fingerprint
X-Destination
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-Forwarded-Path
X-Ftr-Request-Id
X-PAYTM-SRV-ID
X-Orig-Expires
X-PBS-Appsvrname
X-Processor
X-S
X-NAPM-TraceId
X-Ig-Push-State
X-Geo-Header
X-Gzip
X-Hash
X-HS-Content-Campaign-Id
X-D
X-Connection-Hash
X-A-Wwc
X-TIM-N
X-Aed
X-Tenant
X-AK-Request-ID
X-TrackingId
X-A-Dgt
X-Vdms-Path
X-User
X-A-Ccd
X-A-Dcw
X-Application
X-ARC
X-CF-Lambda-Version
X-Conf
X-SRCache-Key
X-Shop-Environment
X-CF-Lambda-Fn
X-Rojux
X-B-Cookie
X-BCube-Filmed-By
X-Cache-Id
X-Cache-NE
X-A
X-A-Dam
Datacenter
X-Newrelic-Synthetics
DynaTrace
X-Ms-Version
X-Ms-Request-Id
X-Cache-Status-Check
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Sigma-Backend
X-Sigma
X-NodeID
Is-Eu
X-CacheTTL
Kp-EeAlive
X-Nyt-Route
X-Node-Id
X-Core-Mission
X-DefElseHash
X-DefHash
X-Developers
X-TNCMS
X-Loop
X-Core-Value
X-Mvc-Supplant-Cachable
Environment
Machine
X-Cache-Info
X-Varnish-Ttl
State
X-Ad-Defer-Variation
Server-Host
Wxu-Next-Region
Wxu-Next-Hostname
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Wxu-Next-Commit
X-Rocket-Build-Number
Producers
X-SB
X-Origin-Time
X-Origin-Expires
Memcached
X-Cache-Bucket
X-Cache-Backend
X-Amzn-Remapped-Content-Length
Platform
X-Bc-Bl
X-V-Cache
Fastly-GeoIP-CountryCode
X-Fetched-On
X-Variation
X-Wix-Viewer-Type
X-Worker
X-WADP-Cache
X-Fastly-Cache
X-Via-Ucdn
X-Irp-Debug
X-Azure-Ref
X-Has-Esi
CPC-Age
X-SplitTest
XM
X-Gdpr
X-GeoIP
We-Hiring
VNS-Cache
CPC-Cache
Mail-Subject
VNS-Age
X-Is-Gdpr
X-Fmm-Version
X-Varnish-CookieHashed-On
X-DPWN-IS-SECURE
X-Varnish-CookieINHashed-On
X-Device-Os
X-Varnish-Remaining-TTL
Adler-Geo
AKAMAI
X-JWT-State
X-RCS-CacheZone
X-NCache
X-Pod-Name
X-Xrds-Location
X-Policy
X-Aicache-OS
X-Datadog-Trace-Id
X-Pool
X-Platform
X-Minions-Version
X-Qloud-Router
Vix-Hermes-Req-Id
X-Gen-Mode
V-Age
Web-Mar-Region
X-Gamma-Serve
X-Proxy-Upstream
X-Planisys-CDN-TTL
X-Dispatcher-Number
X-Proxy-Cache-Info
X-Planisys-CDN-Rules
X-Hnp-Log
X-HN
X-Level-Front-Cache
User-Cache-Control
X-Ec-Custom-Error
X-LAGOON
X-Eu-Site
X-Cdn-Origin
X-Httpd
X-Origin
X-Cache-Date
X-Csrf-Jwt
X-Time
X-Planisys-CDN-Cache
X-CGP
X-GeoIP-City
X-Auto-Login
X-BBC-Edge-Cache-Status
X-Loc
X-Branch-Name
X-Block-Status
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Rebelmouse-Surrogate-Control
Fastly-SIE
Fastly-SWR
X-Slack-Backend
X-Sn-Servicetimems
Fastcgi-Cache-TTL
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Gh-Request-Id
Ha-Gx-Prefs
X-Served-From
X-Scheme
Ohc-File-Size
L5d-Success-Class
L
HA-Ipaddr
IsBot
X-Thinkindot-L3
Cluster
X-VServer
X-Viewer-Country
X-VG-TLSProxy
X-Wikidot-Backend
X-Wikidot-Static-Cache
Redirect-Candidate
Fastly-Backend-Name
Apple-News-Services-Handled
Apple-News-Services-Host
CDCHOST
CloudFront-Viewer-Country
X-Varnish-Beresp-Grace
X-VarnishDD-TTL
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
N-Cache
X-SIPLIST1
Svr
Release
X-Rebelmouse-Cache-Control
TDXMobile
X-Region-Sid
PFcat
Req-Svc-Chain
X-Generated-On
Server-Hostname
X-Request-URI
Sever-Int
Server-Ext
Ssr
NGX
X-Rocket-Nginx-Serving-Static
Origin
Traceparent
Thinkindot-Control
Origin-EX
Origin-CC
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-EC-Lua
CDN
X-Scale
X-Micro-Cache
X-Owner
X-Forwarded-Site
X-R9-Blue-Green-Version
X-Server-IP
X-AIR-PT
X-ZONE
Cache-Name
HostName
X-Parent-Response-Time
X-CS
X-Optimistic-Header
Pics-Label
X-WA-Info
DSUID
X-Refresh
X-CACHE-KEY
GEO-INFO
X-From
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Contensis-Viewer-Groups
X-Webstats-RespID
Path
X-NC
X-Cache-ASPX
X-Ah-Environment
X-Tb-Optimization-Total-Bytes-Saved
Ms-Author-Via
X-TIME
X-VC
X-Varnish-Authentication
X-Location
X-Mvc-Supplant-OutputCached
Ngx.Var.Host
X-LB-NoCache
Cache-Host
X-Edge-Pop
Env
Servername
X-Udemy-Cache-App-Namespace
Locid
X-Servedbyhost
X-Proxy-CacheRZ
XkeyRZ
X-Correlation-ID
Lb
X-TraceId
X-Via-Popn
Arc-Country
X-Srv
X-Amz-Meta-Cb-Modifiedtime
X-Men
X-Via-Poph
X-Via-Popv
X-Response-By
Memory
Time
X-Generated-In
Ohc-Cache-HIT
X-Varnish-Beresp-TTL
ITXSESSIONID
X-API-Version
X-Old-Content-Length
GeoIp-Country-Code
X-Akamai-Transformed
X-Presslabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-Vc
X-HA-Backend
X-DW
X-RateLimit-Reset
X-Clientip
X-S-Maxage
X-Accel-Expires-Debug
True-Client-IP
X-RSL
X-DB
X-RPS
X-RPM
X-DI
Client
X-DSS
X-Date
X-VCL-Version
X-VHOST
Hostname
X-Cs
X-Trace-ID
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Server-ID
X-Tec-Api-Version
Geoip-Latitude
X-Tec-Api-Origin
X-Tec-Api-Root
X-DC
X-URL
X-Render-Time
X-Fpc
X-MSEdge-Flight
X-Dmc
X-Cache-Debug
X-MSEdge-Features
X-Api-Version
FSS-Cache
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-FireWall-Port
X-Zone
X-INCAP-ABP
X-DynaTrace-JS-Agent
X-TRACE-ID
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Webkit-Csp-Report-Only
X-Gateway-Skip-Cache
Rip
X-Gateway-Request-Id
CacheControlHeader
NtCoent-Length
Powered-By
X-Service
X-TX-ID
X-M-Reqid
X-NGINX-Cache
Tube-Got-Results
X-Qnm-Cache
Click-Count-Action-Start
Click-Count-Error
Tube-Return
X-TH-Server
X-B3-Spanid
X-Action
X-PX
Tube-Get-Contents
C-Via
Tube-Got-Eval
X-M-Log
Esi-Enabled
True-Client-Country-4JS
X-CSRF-TOKEN
HIT
Tcn
X-Backend-TTL
X-Traceid
Test
X-Cdn-Request-ID
On-Server
Edge-Cache
X-Alfa-Service
X-FPC
X-Pass-Why
X-Vcl-Version
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Cache-Status
User-Agent
X-Req
Geo-Info
OT-Force-Account-Verify
Server-Id
X-HS-Status
X-Beluga-Node
X-Check-Cacheable
X-Origin-Upstream-Status
X-Akamai-Pragma-Client-IP
X-Edge-Origin-Shield-Bytes
Cdn
X-Edge-Origin-Shield-Region
X-Proxy-Cache-Hk
Uri
My-App
Resin-Trace
X-Via-PopN
Proxy-Connection
GeoIP-Country-Code
X-Via-PopV
X-Via-PopH
X-Ha-Backend
GeoIP-Latitude
Cf-Int-Pingora-Origin-Digest
Srv
Srvid
X-CLOUD-TRACE-CONTEXT
Sid
X-Varnish-Beresp-Ttl
X-Up
X-APP
M-TraceId
X-Webkit-CSP-Report-Only
X-ServedByHost
X-LB-ID
X-App
MIME-Version
X-CCDN-Origin-Time
Epwk-X-Cache
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Provided-By
X-Cdn-Forward
WebServer
ENV
X-Fastly-Backend-Reqs
X-Backend-Host
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-LI-UUID
DT-Hot-News
X-Esi
Warning
ServerName
X-RAMCache
X-Fetch-By
XServer
X-B3-Traceid-Primal
X-UnsetCookies
X-Lb-Nocache
X-Edge-POP
X-Geo
X-Akamai-Request-ID
Server-Ttl
X-HostName
Dt-Hot-News
X-CF-Powered-By
X-Cc-Via
X-Request-Start
PICS-Label
X-Nc
X-HITS
X-ElasticPress-Query
True-Client-Ip
WZWS-RAY
X-Newrelic-App-Data
X-ND-Cache
X-Bip
X-Thanos
CF-Cached-On
X-Time-Microsecs
X-Yottaa-OS
X-Request-Url
X-Serial
Section-Io-Id
X-Dw-Trace-Id
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
DataCenter
CountryCode
X-IN-APIGATEWAYSSL
Cf-Device-Type
X-Iplb-Instance
X-Vercel-Id
X-Vercel-Cache
X-IN-APIGATEWAY
X-Iplb-Request-Id
X-Vcache
X-CUA
D-Url-Rewrites
Inserted-Into-Cache-At
Cdn-Pullzone
Cdn-Requestcountrycode
Cdn-Edgestorageid
Cdn-Cache
Wp-Super-Cache
Cdn-Uid
Cdn-Cachedat
Cdn-Requestid
Servedby
X-Azure-Ref-OriginShield
X-LiteSpeed-Tag
X-BBC-Origin-Response-Status
X-MiniProfiler-Ids
X-Platform-Router
X-Dist-Code
Content-Script-Type
X-Platform-Processor
X-Fragments
X-Storefront-Renderer-Verified
X-Back
Content-Style-Type
X-Platform-Cluster
Vha6-Origin
X-Release
X-Request-URL
X-Th-Server
X-Sucuri-Cache
X-Sucuri-ID
Tracecode
Target-Params
X-Var-Ttl
Fastcgi-Cache-Ttl
X-ATG-Version
X-Fastly-Backend
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
X-FC-Vary-Parameters