Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
P3p
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Amz-Request-Id
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
X-Rq
Grace
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
X-Dispatcher
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
X-WebKit-CSP
Allow
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Aws-Lambda-Call-Status
X-CST
Surrogate-Control
Accept-CH
X-Server-Id
Request-Id
X-Backend-Server
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Accept-CH-Lifetime
Content-Location
Cf-Edge-Cache
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-Trace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-Rack-Cache
X-Ruxit-JS-Agent
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-Content-Type
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-B3-TraceId
X-Cdn-Fetch
X-Amz-Rid
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Dw-Request-Base-Id
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Cnection
X-Ac
X-Px
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Webkit-Csp
X-FastCGI-Cache
X-Sol
Pagespeed
X-Middleton-Display
Service-Worker-Allowed
Display
X-Edge
X-Ser
X-Version
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-Country-Code
X-Ruxit-Js-Agent
X-Middleton-Response
Response
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-Correlation-Id
X-Ttl
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Kinsta-Cache
X-Upstream
X-Edge-Location-Klb
SPIisLatency
SPRequestDuration
X-TTL
X-NWS-LOG-UUID
X-LLID
X-Cached
X-Powered-CMS
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
Edge-Cache-Tag
Nginx-Cache
X-RateLimit-Limit
SPRequestGuid
X-SharePointHealthScore
TCN
X-Cache-Key
X-Forwarded-For
X-Litespeed-Cache
Mrf-Cache-Status
MRF-Tech
X-MSEdge-Ref
Content-MD5
MS-Author-Via
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Id
X-T
X-Daa-Tunnel
X-Server-ID
X-Recruiting
S
X-Mg-S
X-Content-Digest
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-DataDome
X-Protected-By
X-Ua-Device
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ezoic-Cdn
X-Frontend
X-HS-Content-Id
X-HS-Cache-Config
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-Content
X-Ua-Browser
Server-Node
X-Ab
X-HS-Combine-CSS
X-Accel-Expires
Front-End-Https
X-Request-Processing-Time
X-Request-Received
X-ORACLE-DMS-ECID
X-Grace
X-Yandex-Sdch-Disable
Filters
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Mid
X-PressLabs-Stats
X-Hits
X-Origin-Server
X-Distributor
TP-L2-Cache
TP-Cache
X-Geo-Country
X-Ratelimit-Reset
X-Debug-Info
X-ECACHE
X-DynaTrace
Pinterest-Version
X-Tt-Trace-Tag
X-Pinterest-Rid
Pinterest-Generated-By
X-Tt-Trace-Host
X-Amzn-Trace-Id
Charset
Cleartype
X-Page-Id
X-DIS-Request-ID
X-Git-Hash
Host
X-B3-Sampled
Cross-Origin-Opener-Policy
X-F-Cache
X-Www-Served-By
X-LB-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Forwarded-Proto
X-Cache-Age
Access-Control-Allow-Method
ServerID
Cache-Tags
X-Seen-By
X-Az
X-Activity-Id
X-AppVersion
X-Language
X-Cluster-Name
Cache-Status
Realpath
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Accept-Charset
X-Varnish-Age
X-WebKit-CSP-Report-Only
Filterid
Server-Name
X-Aspnetmvc-Version
X-Rid
X-Content-Options
X-Type
X-App-Environment
X-Nginx-Upstream-Cache-Status
X-Upgrade-Enabled
Country
Viewport
X-Mobile-URL
X-Varnish-Grace
Node
X-User-Agent
X-Origin-Cache
X-FB-Debug
X-Tb
X-Flags
DC
X-Wix-Request-Id
X-XRDS-LOCATION
X-Whom
X-Drupal-Cache-Tags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-B-Cache
X-NWS-UUID-VERIFY
Paypal-Debug-Id
X-Is-Crawler
X-Signature
Retry-After
X-Oracle-Dms-Ecid
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-TT
Protected
X-VCache
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Oracle-Dms-Rid
X-Fastly-Request-Id
X-Varnish-Backend
Fastcgi-Useragent
X-Via-JSL
X-MCACHE
X-Cache-NGX
X-B
X-Amz-Replication-Status
Payment
X-Mcache
X-Contextid
X-Debug
X-Fastly-Request-ID
X-N
X-Logged-In
X-Fastcgi-Cache
X-Template
WPO-Cache-Status
WPO-Cache-Message
X-Load-Cache
X-XRDS-Location
Surrogate-Key
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Dynamic
X-Cache-Control
X-ECache
X-B3-Traceid
X-Trace-Id
Amp-Access-Control-Allow-Source-Origin
Count-Hit
X-Node-Name
X-Amz-Meta-S3cmd-Attrs
X-Hostname
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
Refresh
X-Proxy
Content-Disposition
Akamai-GRN
Healthy
X-UUID
X-Jobs
X-Real-IP
X-Rendered-As
X-G
X-Revision
X-Is-Bot
X-Cache-Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Uber-Trace-Id
X-Cache-TTL-Remaining
X-Akamai-Request-ID2
X-Page-View
X-Mobile
X-Zen-Fury
X-Cacheable-TTL
X-Framework
Alternate-Protocol
X-Adobe-Content
X-Adobe-Loc
X-Http-Reason
X-Yottaa-Optimizations
X-Proxy-Cache-Status
X-Device-Type
X-Drupal-Cache-Contexts
X-Debug-IsPreview
NGB
X-Yottaa-Metrics
X-Debug-IsConnected
X-Instance
Permissions-Policy
X-IPLB-Instance
Access-Control-Request-Headers
X-Parallel-Accel
Url
X-Servername
X-Cache-Rule
X-Source
From-Origin
X-Cache-Grace
Version
X-Varnish-Server
X-Vgn-Hpd-Reason
Accept-Language
X-Cache-Expired-At
X-L-Path
X-Environment-Context
X-Cache-Hit
X-Mg-Request-UUID
X-Oneagent-Js-Injection
Referer-Policy
X-NGENIX-Cache
X-EdgeConnect-Cache-Status
X-Restarts
Countrycode
MS-CV
X-RTag
Ms-Operation-Id
X-Ratelimit-Remaining
X-App-Server
X-FW-Version
Cross-Origin-Window-Policy
X-HTML-Minification-Powered-By
Liferay-Portal
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-Tumblr-User
X-Tumblr-Pixel
X-NYM-Debug-Backend
Frame-Options
Backend
X-RemovedCookies
X-Cache-Action
X-ProcessESI
CF-IPCountry
X-COUNTRY
Content-Secure-Policy
WP-Super-Cache
X-RN-RSRV
Section-Io-Cache
Meta-Geo
X-Nginx-Cache
X-UPSTREAM-Address
X-PCL
X-Redis-Cache
X-Hyper-Cache
X-OCL
Upgrade-Insecure-Requests
X-Cache-Server
X-Format
Apigw-Requestid
X-No-Session
X-Generation-Time
X-Cluster-Node
X-Content-Age
X-Access
X-Ua
X-FB-TRIP-ID
X-Cache-Enabled
X-Detected-As
X-Section
Ec-Rule-Version
Cache-Tv-Group
X-Sql-Duration-Ms
X-Storage
Mn-Server-Ip
X-Say-TTL
X-Akamai-Edgescape
X-SayCDN-TTL
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
X-AOL-HN
X-ApacheServer
X-Hosted-By
X-Human
X-Generated-By
X-Be
X-Say-Cacheable
TWC-Privacy
TWC-Locale-Group
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
X-Site-Version
Azure-InstanceId
X-Server-W
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
S-Rt
X-Sql-Count
X-Origin-Date
X-Via-Fastly
X-Varnish-Cache-Hits
X-PHP-Backend
X-Web-Node
Fastly-SSL
X-Region
X-UA-Device-Type
X-PERF
X-Request-Time
X-Mode
X-Origin-Hint
Eomportal-Instance
Locale
X-Nginx-Cache-Key
Webserver
X-Urbn-Site-Id
CDN-Cache
X-Debug-Cache
CDN-PullZone
CDN-Uid
X-ProxyCache-Status
CDN-RequestId
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Cache-Host
CDN-CachedAt
X-Rule
X-Xfnlog-Site
X-Platform-Server
X-Status
X-BYPASS-REASON
X-Unique-Id
X-Uri
X-Content-Powered-By
X-ProxyCache-Key
X-Cache-Tags
X-Urbn-Context-Path
X-Proxied
X-Forwarded-Host
X-APP-VERSION
X-Routing-Service
X-Alternate-Cache-Key
X-ServerID
X-Adobe-Source
X-Extlb
X-SaId
X-Backend-Name
X-Cache-Type
X-ShardId
X-JoinUs
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-TT-LOGID
X-ShopId
X-Varnishpool
X-Zipkin-Id
X-Tid
X-Shopify-Stage
X-Hl-Ver
X-Handled-By
X-Webkit-CSP
X-Proxy-Build
X-Datadome
ServedBy
X-Timing-Wait
Selected-Fe
X-GG-Cache-Date
X-PHP-Host
X-Locale
X-Labrador-Cache-Channel
X-Accel-Buffering
X-NewRelic-App-Data
X-Cache-Operation
X-Dc
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-Cache-Remote
X-VC-Cache
X-LSADC-Cache
X-Ratelimit-Limit
X-Rewrite-Enabled
Xserver
X-App-Version
X-Pubstack
X-TA-CDN-Provider
X-Cached-By
X-Soup
Fastly-Drupal-Html
X-Proto
Mime-Version
SID
X-CDN-Forward
X-Midtier
X-Edge-Location
X-Storefront-Renderer-Rendered
Web-Mar-Node
X-Buckets
X-GEO
SRV
X-Cms-Context
Country-Code
X-Reqid
Onion-Location
X-Request-Host
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Varnish-Hostname
X-Microcachable
Load-Balancing
X-Origin-CC
Cache-Hits
X-GeoCountry
X-GeoCode
X-Origin-TTL
Server-Info
LB
Xet-Cookie
X-Cluster
X-Ms-Request-Id
X-Ms-Version
X-Varnish-Hits
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-SRV
X-MP-GENERATED-AT
X-Magnolia-Registration
X-NCache
X-Air-Hostname
X-Bc-Bl
X-Air-Trace-Id
DynaTrace
X-CSRF-Token
X-Air-Source
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Envoy-Decorator-Operation
X-Varnish-Beresp-Grace
X-R9-Blue-Green-Version
Cache-Name
X-RCS-CacheZone
X-Origin-Response-Time
X-Endurance-Cache-Level
X-From
X-Gzip
Cdncip
X-Geo-Header
X-A-Dgt
X-Ftr-Request-Id
Meta-Geo-Continent
X-Hash
X-LAGOON
Cmstype
DB-Nickname
X-NAPM-TraceId
DCR-Decision-By
Cmsid
X-A-Ccd
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-A-Dcw
X-A-Dam
Cdnsip
X-External-Request-Id
X-Connection-Hash
X-Conf
X-D
A
X-B-Cookie
X-Cache-Bucket
X-CF-Lambda-Version
X-Cache-Id
X-Cache-NE
X-Cdn-Srv
X-CF-Lambda-Fn
X-Destination
X-Developer
X-NodeID
X-Esi-Check
X-Aed
X-A-Wwc
BehaviorPad-Version
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-ARC
X-Application
X-AK-Request-ID
X-Ec-Fail
X-Forwarded-Path
X-A
DCR-Processing-Time-Ms
Host-ID
X-Tenant
X-TIM-N
X-SRCache-Key
Surrogated-Key
T-Server
X-B3-SpanId
X-Vtex-Remote-Cache
Sslversion
X-TrackingId
X-Vdms-Version
Pramga
X-VG-WebCache
X-Vdms-Path
Rendered-Blocks
X-User
X-Vtex-Processado-Em
Lang
X-Session-Fingerprint
X-Shop-Environment
NM-Fastcgi-Cache
Expiry
X-Webstats-RespID
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Orig-Expires
Xc-Version
Mobile-Detection-Method
Fastcgi-X-Cache-Version
X-Processor
X-Azure-Ref
X-ScT
X-SD-PageType
X-S-Cookie
X-Rojux
X-S
Odigeo-Trace-Id
Source
X-Tx-Id
Platform
X-Block-Status
X-Cache-Backend
State
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
We-Hiring
Vix-Hermes-Req-Id
X-Amzn-Remapped-Content-Length
Server-Host
Svr
User-Cache-Control
Producers
X-Gdpr
X-Scheme
X-SB
X-Server-IP
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-Planisys-CDN-TTL
X-Origin-Expires
X-Origin-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Slack-Backend
X-SVT-ORM-RULES
X-Viewer-Country
X-VG-TLSProxy
X-WADP-Cache
X-Wix-Viewer-Type
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-SVT-ORM-VERSION
X-TNCMS
X-Variation
X-Varnish-CookieHashed-On
X-Origin
X-Nyt-Route
X-Device-Os
X-Developers
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Fastly-Cache
X-DefHash
X-DefElseHash
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Core-Mission
X-Core-Value
X-Fetched-On
X-Fmm-Version
X-Location
X-Loop
X-Mvc-Supplant-Cachable
X-Node-Id
X-JWT-State
X-Is-Gdpr
X-Gen-Mode
X-Has-Esi
X-Hnp-Log
X-Irp-Debug
X-Cache-Info
X-GeoIP
Apple-News-Services-Handled
AKAMAI
Adler-Geo
Cache
Apple-News-Services-Host
CDN
Environment
Fastly-GeoIP-CountryCode
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Time
Is-Eu
Memcached
Mail-Subject
Machine
X-Via-NSCOPI
X-Varnish-Ttl
X-ZONE
X-Sn-Servicetimems
X-Thinkindot-L3
X-Aicache-OS
X-Rebelmouse-Surrogate-Control
X-Qloud-Router
CloudFront-Viewer-Country
Cluster
X-Skip-Cache
X-Served-From
Arc-Country
X-Proxy-Upstream
X-Rebelmouse-Cache-Control
X-V-Cache
X-Branch-Name
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Cache-Date
X-VServer
X-Datadog-Sampling-Priority
X-Rocket-Nginx-Serving-Static
X-Httpd
X-Cdn-Origin
X-Auto-Login
X-Response-By
X-BBC-Edge-Cache-Status
X-Proxy-Cache-Info
X-Region-Sid
Fastcgi-Cache-TTL
X-Generated-On
Release
Redirect-Candidate
Req-Svc-Chain
X-Minions-Version
X-Forwarded-Site
X-Gamma-Serve
Kp-EeAlive
Locid
X-Men
X-GeoIP-City
N-Cache
X-Level-Front-Cache
X-Loc
Origin
Origin-EX
Origin-CC
MD5-Digest
Ssr
Traceparent
X-RateLimit-Remaining-Second
X-Request-URI
X-RateLimit-Limit-Second
Fastly-SWR
X-Policy
Fastly-SIE
V-Age
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Pool
X-Platform
X-Pod-Name
TDXMobile
Thinkindot-CacheControl
Gh-Request-Id
X-Parent-Response-Time
X-Optimistic-Header
X-Old-Content-Length
CDCHOST
X-CacheTTL
DSUID
L
Ha-Gx-Prefs
X-VarnishDD-TTL
X-HN
L5d-Success-Class
HA-Ipaddr
PFcat
X-Dispatcher-Number
NGX
X-TraceId
X-Csrf-Jwt
X-Eu-Site
HostName
X-CGP
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
IsBot
Server-Hostname
X-NC
AMP-Access-Control-Allow-Source-Origin
Server-Ext
X-Scale
X-Refresh
X-DB
X-WP-CF-Super-Cache
X-EC-Lua
X-SIPLIST1
X-Via-Ucdn
X-RSL
X-RPS
X-DSS
X-DW
Sever-Int
X-DI
X-WP-CF-Super-Cache-Cache-Control
X-RPM
X-TIME
Pics-Label
X-Srv
X-IPLB-Request-ID
X-CS
Memory
X-Owner
X-VC
X-Accel-Expires-Debug
Env
Time
X-Date
X-Tb-Optimization-Total-Bytes-Saved
Ohc-File-Size
X-Ah-Environment
X-Tt-Logid
X-Mvc-Supplant-OutputCached
X-Newrelic-Synthetics
X-GeoIP-Country-Code
X-LB-NoCache
X-GeoIP-Region-Code
X-Edge-Pop
Servername
X-Akamai-Transformed
GEO-INFO
X-Udemy-Cache-App-Namespace
Ms-Author-Via
Cache-Key
X-Amz-Meta-Cb-Modifiedtime
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Generated-In
Candidate-Md5Url
X-Cache-Debug
X-CACHE-KEY
X-Ad-Defer-Variation
X-BCube-Filmed-By
Datacenter
X-API-Version
VNS-Age
Geo-Info
X-SplitTest
GeoIp-Country-Code
XM
VNS-Cache
CPC-Cache
CPC-Age
X-Cache-ASPX
X-Contensis-Viewer-Groups
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
X-Xrds-Location
Fusion-Component-Id
X-Via-Popv
CacheControlHeader
X-S-Maxage
X-Via-Poph
X-WA-Info
X-Varnish-Authentication
ITXSESSIONID
Fastly-Backend-Name
X-Via-Popn
X-Servedbyhost
X-Cache-Status-Check
X-Micro-Cache
Path
Geoip-Latitude
True-Client-Country-4JS
X-Action
X-TH-Server
X-HA-Backend
Lb
X-RateLimit-Reset
X-Vc
X-Backend-TTL
X-Cs
Client
X-AIR-PT
X-VCL-Version
X-Varnish-Beresp-TTL
FSS-Cache
Cache-Host
Ohc-Cache-HIT
Hostname
X-VHOST
X-DC
Ngx.Var.Host
Server-ID
X-Trace-ID
True-Client-IP
X-Req
Edge-Cache
X-Provided-By
X-Presslabs-Stats
My-App
X-Api-Version
X-TX-ID
X-FireWall-Port
NtCoent-Length
X-Proxy-CacheRZ
XkeyRZ
X-Zone
X-Clientip
X-Dynatrace
X-B3-Spanid
X-Origin-Upstream-Status
Powered-By
X-FPC
X-Webkit-Csp-Report-Only
X-Fpc
X-Pass-Why
X-Up
X-NGINX-Cache
X-LB-ID
DataCenter
X-PX
X-CSRF-TOKEN
Test
X-Traceid
X-Varnish-Beresp-Ttl
Cf-Int-Pingora-Origin-Digest
X-Li-Pop
X-LI-UUID
X-Dmc
Server-Id
X-MSEdge-Features
X-MSEdge-Flight
X-Cdn-Request-ID
X-Li-Fabric
X-Correlation-ID
OT-Force-Account-Verify
X-Vcl-Version
X-INCAP-ABP
X-Beluga-Record
User-Agent
X-Beluga-Status
X-Beluga-Response-Time
X-Webkit-CSP-Report-Only
X-Beluga-Node
X-Beluga-Cache-Status
X-UnsetCookies
X-Beluga-Trace
X-ND-Cache
X-HS-Status
X-Render-Time
Proxy-Connection
X-Via-PopN
C-Via
X-Via-PopH
X-Time-Microsecs
X-Ha-Backend
Rip
X-Via-PopV
WZWS-RAY
X-CUA
Sid
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
Click-Count-Error
X-RAMCache
Click-Count-Action-Start
X-Service
Tube-Get-Contents
X-Fragments
X-Platform-Cluster
X-Platform-Router
X-Gateway-Request-Id
X-Gateway-Cache-Status
Cf-Device-Type
Tube-Got-Results
Tube-Got-Eval
Target-Params
X-URL
X-ServedByHost
X-Platform-Processor
Srvid
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Alfa-Service
Tube-Return
Tracecode
X-Geo
X-Azure-Ref-OriginShield
X-Sucuri-ID
GeoIP-Latitude
X-Var-Ttl
X-Sucuri-Cache
X-ATG-Version
Esi-Enabled
Uri
Resin-Trace
GeoIP-Country-Code
X-FC-Vary-Parameters
Lfy
HIT
X-Fastly-Backend
MIME-Version
X-Akamai-Pragma-Client-IP
X-M-Reqid
X-Qnm-Cache
X-Hcs-Proxy-Type
X-Proxy-Cache-Hk
X-Fetch-By
X-M-Log
X-LiteSpeed-Cache-Control
Epwk-X-Cache
On-Server
X-LI-Proto
X-CCDN-CacheTTL
Srv
X-CCDN-Origin-Time
X-Fastly-Backend-Reqs
X-TRACE-ID
X-Cdn-Forward
Fastly-Drupal-HTML
X-NU-AKA-ACS-Version
X-Backend-Host
X-Varnish-Beresp-Status
ENV
Magicmarker
X-Li-Proto
X-DynaTrace-JS-Agent
Cdn
X-Esi
X-App
X-Backend-State
ServerName
X-Lb-Nocache
X-APP
XServer
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Cache-Expires
X-ID
X-B3-Traceid-Primal
X-Edge-POP
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MG-S
X-Cache-CFC
CF-Cached-On
X-Request-Start
Server-Ttl
X-Newrelic-App-Data
X-Yottaa-OS
PICS-Label
Inserted-Into-Cache-At
X-ElasticPress-Query
Tcn
X-Thanos
Cf-Ipcountry
Wpo-Cache-Status
D-Url-Rewrites
Wpo-Cache-Message
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
X-Iplb-Instance
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Nc
X-Acquia-Site
X-Vercel-Cache
X-Serial
X-Iplb-Request-Id
X-Bip
X-Vcache
X-Vercel-Id
Warning
X-HostName
Servedby
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
X-Shopify-Generated-Cart-Token
X-Litespeed-Cache-Control
Cneonction
Ngx
X-Snapshot-Date
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Akamai-Request-ID
X-LiteSpeed-Tag
X-Swift-Error
X-B3-Parentspanid
X-Request-Url
X-Dist-Code
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
X-CF-Powered-By
Content-Style-Type
Content-Script-Type
X-Release
CountryCode
X-Dw-Trace-Id
X-Request-URL