Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-Request-ID
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
Report-To
X-Age
X-Backend
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Nginx-Cache-Status
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
NEL
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-Dns-Prefetch-Control
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Cache-Lookup
Accept-CH-Lifetime
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-TtlSet
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Server-Name
X-ESI
Fastly-Restarts
X-Aws-Lambda-Call-Status
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-FastCGI-Cache
X-Vcap-Request-Id
X-GitHub-Request-Id
X-MS-InvokeApp
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-D2id
X-Client-IP
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-Px
RTSS
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Navigation-Version
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Country-Code
X-Goog-Hash
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Powered-By-Plesk
X-Kinja-Build
X-NF-Request-ID
X-Powered-CMS
AR-ATIME
AR-PoweredBy
AR-SID
AR-CACHE
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
AR-Request-ID
X-Instrumentation
X-Origin-Cache
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Version
X-Middleton-Response
Response
X-TTL
X-MSEdge-Ref
X-Amz-Server-Side-Encryption
X-LLID
X-Kinsta-Cache
X-Edge-Location-Klb
TCN
Nginx-Cache
X-Edge
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-RateLimit-Remaining
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Protected-By
X-T
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Id
Accept-Ch
X-Mg-S
S
Edge-Cache-Tag
Content-MD5
X-CST
X-Ruxit-Js-Agent
X-Language
SPIisLatency
Fastcgi-Cache
SPRequestDuration
X-Mid
Realpath
Front-End-Https
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Recruiting
Filters
X-DynaTrace
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Frontend
X-Ab
X-Content
X-MCACHE
Server-Name
X-Ua-Browser
X-Ser
X-Ttl
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Cache-Key
X-Correlation-Id
X-HS-Combine-CSS
X-NWS-LOG-UUID
X-Ezoic-Cdn
X-Yandex-Sdch-Disable
X-Template
X-ECACHE
SPRequestGuid
X-SharePointHealthScore
X-Hits
X-Parallel-Accel
X-Tt-Trace-Tag
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
X-Kong-Upstream-Latency
Cache-Tags
Alternate-Protocol
X-Kong-Proxy-Latency
X-Page-Id
Charset
Host
Cleartype
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
X-B3-Sampled
X-Git-Hash
X-Www-Served-By
X-Content-Options
X-Hostname
X-Geo-Country
X-Webkit-Csp
X-Daa-Tunnel
X-DIS-Request-ID
X-Debug-Info
X-Amzn-Trace-Id
X-Content-Digest
X-Amz-Replication-Status
Filterid
X-Varnish-Age
X-Ratelimit-Limit
X-AppVersion
X-Az
X-Activity-Id
X-Upgrade-Enabled
Cross-Origin-Opener-Policy
X-FB-Debug
X-Grace
X-Accel-Expires
X-VCache
X-Nginx-Upstream-Cache-Status
X-Forwarded-Proto
X-N
ServerID
X-Origin-Server
X-Rid
X-F-Cache
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-XRDS-LOCATION
X-Mobile-URL
X-Fastly-Request-Id
TP-Cache
X-Aspnet-Duration-Ms
TP-L2-Cache
X-Route-Name
X-Is-Crawler
X-LB-Cache
X-Server-ID
X-Request-Guid
X-Providence-Cookie
X-Type
X-Flags
X-Whom
X-Fastcgi-Cache
X-Goog-Metageneration
Viewport
X-Goog-Storage-Class
X-GUploader-UploadID
X-Varnish-Grace
X-TT
X-App-Environment
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Seen-By
X-Tb
Payment
X-Distributor
DC
Node
Paypal-Debug-Id
X-User-Agent
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-Fastly-Request-ID
X-App-Server
Accept-Charset
Country
X-DataDome
X-Wix-Request-Id
X-Cache-Control
X-NGENIX-Cache
X-Litespeed-Cache
Fastcgi-Useragent
X-Cache-Rule
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Ratelimit-Reset
Version
X-Origin-Upstream-Status
X-Via-JSL
Referer-Policy
X-Logged-In
X-Request-Handler-Origin-Region
X-Drupal-Cache-Tags
X-Microsite
X-Cluster-Name
X-Buckets
X-Contextid
X-Cache-Age
X-B-Cache
X-Signature
Refresh
Cache-Status
X-Response-Served-From
VIX-Pulpo-Node
X-Node-Name
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Original-Request-Id
X-Mobile
X-Varnish-Backend
X-Load-Cache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Rendered-As
X-Real-IP
X-Vgn-Hpd-Reason
X-Cache-Expired-At
X-Is-Bot
X-Revision
X-Proxy-Cache-Status
NGB
Access-Control-Request-Headers
Amp-Access-Control-Allow-Source-Origin
X-Page-View
X-Jobs
X-B
X-Cacheable-TTL
X-UUID
X-RemovedCookies
X-Debug
X-IPLB-Instance
X-Cache-Action
X-ProcessESI
X-Proxy
X-Rule
X-Device-Type
X-Yottaa-Optimizations
X-Yottaa-Metrics
Akamai-GRN
X-Instance
X-Framework
X-Drupal-Cache-Contexts
Surrogate-Key
X-Cache-Time
X-G
X-Debug-IsPreview
X-Debug-IsConnected
X-FW-Version
CF-IPCountry
SID
X-Air-Hostname
X-Air-Trace-Id
X-Oracle-Dms-Rid
X-Air-Source
X-Oracle-Dms-Ecid
DynaTrace
X-PressLabs-Stats
X-Oneagent-Js-Injection
X-Accel-Buffering
X-Azure-Ref
X-Nginx-Cache
GEO-INFO
Count-Hit
Liferay-Portal
X-Source
Uber-Trace-Id
X-Ms-Version
X-Ms-Request-Id
X-Presslabs-Stats
X-Cache-NGX
X-Cache-Operation
X-XRDS-Location
Frame-Options
Ms-Operation-Id
X-RTag
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-CDN-Forward
MS-CV
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Zen-Fury
X-TEC-API-ORIGIN
Healthy
X-RateLimit-Limit
X-Cache-Hit
Protected
X-Environment-Context
X-Mode
Countrycode
Xserver
X-Backend-Name
X-L-Path
Ec-Rule-Version
X-IPS-LoggedIn
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel
X-Varnish-Server
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Cache-TTL-Remaining
LB
X-Ratelimit-Remaining
Backend
X-JoinUs
X-Region
X-Rewrite-Enabled
X-Hyper-Cache
X-SaId
X-UPSTREAM-Address
X-RN-RSRV
X-Tid
X-Detected-As
Meta-Geo
X-Zipkin-Id
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Debug-Cache
X-Cache-Server
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Content-Age
X-Uri
X-Shopify-Stage
X-Proxied
Eomportal-Instance
X-Forwarded-Host
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Country-Code
Apigw-Requestid
X-Routing-Service
X-Extlb
X-Format
X-Redis-Cache
X-Generation-Time
X-Status
X-Sql-Duration-Ms
X-Access
X-Adobe-Content
X-Adobe-Loc
Mn-Server-Ip
Content-Disposition
X-Site-Version
X-Cache-Grace
X-ApacheServer
X-PERF
X-Sql-Count
X-Hosted-By
X-Via-Fastly
WPO-Cache-Message
X-ServerID
X-PCL
X-Section
WPO-Cache-Status
Section-Io-Cache
X-Varnish-Beresp-Grace
X-Content-Powered-By
X-NCache
X-Microcachable
X-Human
X-OCL
X-PHP-Backend
X-No-Session
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Pubstack
TWC-Locale-Group
TWC-Privacy
Property-Id
Fastly-SSL
X-Proxy-Build
X-ProxyCache-Key
X-ProxyCache-Status
TWC-Connection-Speed
Selected-Fe
TWC-Device-Class
X-UA-Device-Type
CDN-CachedAt
X-Origin-Date
X-Cluster-Node
X-Cache-Type
CDN-EdgeStorageId
CDN-PullZone
X-FB-TRIP-ID
X-Storage
CDN-RequestCountryCode
X-Server-W
X-Cache-Host
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
CDN-RequestId
X-Timing-Wait
X-BYPASS-REASON
X-Origin-Hint
CDN-Cache
CDN-Uid
Url
X-Servername
X-Trace-Id
Cache-Tv-Group
Cache-Name
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
X-Soup
X-R9-Blue-Green-Version
X-NYM-Debug-Backend
X-Akamai-Edgescape
X-Varnishpool
X-Hl-Ver
X-NewRelic-App-Data
Azure-InstanceId
Content-Secure-Policy
Azure-SiteName
Azure-RegionName
X-Web-Node
X-Generated-By
Azure-SlotName
Azure-Version
X-Be
DB-Nickname
X-Webkit-CSP
X-LSADC-Cache
X-Ua
X-TIME
X-Azure-Ref-OriginShield
OT-Force-Account-Verify
X-Nginx-Cache-Key
X-Cached-By
Retry-After
X-Dc
X-TT-LOGID
X-Bc-Bl
SRV
X-Cache-Remote
X-Unique-Id
Source
X-Akamai-Transformed
X-Auto-Login
Cache
X-LAGOON
X-Xfnlog-Site
X-Platform-Server
X-Cdn
X-EC-Lua
X-Varnish-Hits
HostName
Upgrade-Insecure-Requests
Cache-Hits
X-GEO
X-Origin-CC
ServedBy
X-Origin-TTL
X-HTML-Minification-Powered-By
X-SRV
X-App-Version
X-Varnish-Hostname
X-Cache-Tags
X-S-Maxage
Onion-Location
X-CSRF-Token
Xet-Cookie
X-Varnish-Cache-Hits
X-TNCMS
X-Loop
X-Request-Time
X-Time
Mime-Version
X-Amz-Meta-S3cmd-Attrs
Web-Mar-Node
Webserver
X-Tumblr-Pixel-3
X-AOL-HN
X-Tumblr-Pixel-2
From-Origin
WP-Super-Cache
X-ECache
X-Request-Host
N-Cache
X-NWS-UUID-VERIFY
X-Tenant
X-FireWall-Port
X-Proto
X-Endurance-Cache-Level
X-B3-SpanId
X-LJ-Flow-ID
X-VWS-Id
Nel
X-Correlation-ID
X-AWS-Id
X-Cache-Enabled
X-Handled-By
X-Time-Microsecs
X-Origin-Response-Time
X-GG-Cache-Date
Expiry
Fastcgi-X-Cache-Version
X-A
Vix-Hermes-Req-Id
X-A-Ccd
A
X-A-Dam
BehaviorPad-Version
DCR-Decision-By
X-Session-Fingerprint
DCR-Processing-Time-Ms
V-Age
Rendered-Blocks
Redirect-Candidate
Pramga
Odigeo-Trace-Id
Mobile-Detection-Method
Sslversion
X-Vtex-Remote-Cache
User-Cache-Control
Xc-Version
Surrogated-Key
Meta-Geo-Continent
X-Backend-TTL
X-Hnp-Log
X-Gen-Mode
X-Ig-Push-State
X-NAPM-TraceId
X-SRCache-Key
X-TIM-N
X-Ftr-Request-Id
X-Developer
X-Epic-Correlation-Id
X-External-Request-Id
X-Forwarded-Path
X-ND-Cache
X-ScT
X-Slack-Backend
X-Processor
X-Rojux
X-S
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Destination
X-D
X-ARC
X-B-Cookie
X-S-Cookie
X-Cache-NE
X-Application
X-Aicache-OS
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Aed
X-Shop-Environment
X-CF-Lambda-Fn
X-Cluster
X-Conf
X-SD-PageType
X-Connection-Hash
X-Ckpd-Fst-Backend
X-CF-Lambda-Version
X-VG-WebCache
X-Vdms-Version
X-Vdms-Path
X-V-Cache
X-Vtex-Processado-Em
X-Block-Status
X-Edge-Location
X-Cache-Var
X-Cache-Var-Map
X-RCS-CacheZone
X-MP-GENERATED-AT
X-Reqid
X-Cache-Info
X-Cache-Date
X-Cache-Bucket
CloudFront-Viewer-Country
X-Cdn-Srv
X-Date
X-Forwarded-Site
X-Fastly-Cache
DSUID
X-PHP-Host
AMP-Access-Control-Allow-Source-Origin
Svr
True-Client-Country-4JS
State
Origin
Host-ID
Wxu-Next-Commit
Fastcgi-Cache-TTL
X-Gdpr
X-Accel-Expires-Debug
Wxu-Next-Region
Wxu-Next-Hostname
Gh-Request-Id
X-GeoIP-Country-Code
X-Server-IP
X-Amzn-RequestId
X-Scheme
X-Rocket-Nginx-Serving-Static
X-Request-URI
X-Amz-Apigw-Id
X-SVT-ORM-RULES
X-Webstats-RespID
X-Viewer-Country
X-VG-TLSProxy
X-SVT-ORM-VERSION
X-Proxy-Upstream
X-Policy
X-Location
X-Hash
X-GeoIP-Region-Code
X-Geo-Header
X-Men
X-NodeID
X-Origin-Time
X-Origin
X-Old-Content-Length
X-Nyt-Route
X-Labrador-Cache-Channel
X-Mvc-Supplant-Cachable
Arc-Country
Apple-News-Services-Request-Url
CacheControlHeader
CDCHOST
Cmsid
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Cmstype
X-Magnolia-Registration
AKAMAI
Apple-News-Services-Handled
S-Rt
X-Via-NSCOPI
X-Mg-Request-UUID
Environment
X-TH-Server
X-TrackingId
X-UnsetCookies
X-Varnish-Beresp-Status
X-Sucuri-ID
X-Sucuri-Cache
X-Backend-State
X-Skip-Cache
X-Storefront-Renderer-Rendered
X-Developers
X-Device-Os
X-Core-Mission
X-Eu-Site
X-Platform
Traceparent
X-Esi-Check
X-VarnishDD-TTL
X-Envoy-Decorator-Operation
Web-Mar-Region
We-Hiring
X-LI-UUID
X-BBC-Edge-Cache-Status
X-CGP
X-RateLimit-Limit-Second
X-Req
X-Datadog-Parent-Id
X-Region-Sid
HA-Ipaddr
X-RateLimit-Remaining-Second
X-Core-Value
X-Csrf-Jwt
X-Rocket-Build-Number
X-Datadog-Sampling-Priority
Fastly-GeoIP-CountryCode
X-Sigma
X-Sigma-Backend
X-Branch-Name
X-Served-From
X-Cache-Id
X-Cache-Debug
X-Datadog-Trace-Id
X-Fetched-On
X-Varnish-Beresp-Ttl
Origin-CC
X-HS-Content-Campaign-Id
X-Locale
Origin-EX
X-HN
Req-Svc-Chain
Release
PFcat
X-Irp-Debug
X-Level-Front-Cache
L
X-Li-Pop
Ha-Gx-Prefs
L5d-Success-Class
Machine
X-Li-Fabric
Mail-Subject
X-Origin-Expires
X-Gzip
X-Adobe-Source
Server-Host
X-Owner
X-Gamma-Serve
X-Generated-On
Ssr
X-Xrds-Location
X-Pod-Name
Locid
X-GeoIP
Magicmarker
TDXMobile
NM-Fastcgi-Cache
X-Request-Start
Memcached
X-Fastly-Backend
X-Akamai-Request-ID2
X-VServer
X-Cdn-Origin
X-GeoIP-City
Thinkindot-Control
Thinkindot-CacheControl
X-Amzn-Remapped-Content-Length
X-Thinkindot-L3
Server-Info
X-Node-Id
X-Sn-Servicetimems
X-ATG-Version
Thinkindot-CacheControl-Type
X-Ua-Device
X-Qnm-Cache
X-M-Log
Fastly-Drupal-Html
X-M-Reqid
X-Http-Reason
X-Loc
X-CS
X-NU-AKA-ACS-Version
X-DefElseHash
X-Qloud-Router
X-DefHash
X-Has-Esi
X-DPWN-IS-SECURE
X-JWT-State
X-Is-Gdpr
Adler-Geo
X-FC-Vary-Parameters
Fastly-SIE
X-Worker
X-Varnish-Remaining-TTL
Fastly-SWR
X-Varnish-CookieINHashed-On
NGX
X-Rebelmouse-Cache-Control
Is-Eu
Platform
X-Restarts
X-Varnish-CookieHashed-On
Cf-Device-Type
X-Bip
X-Rebelmouse-Surrogate-Control
X-Thanos
X-Response-By
X-Variation
X-Tx-Id
X-VC-Cache
X-Zone
X-Up
X-Mvc-Supplant-OutputCached
X-API-Version
Kp-EeAlive
X-LB-ID
X-TraceId
X-DW
X-DSS
X-Trace-ID
Pics-Label
X-RSL
X-Cache-Backend
X-LB-NoCache
Edge-Cache
X-DI
X-RPM
X-RPS
X-NC
X-Action
X-Generated-In
X-DB
Ms-Author-Via
CDN
X-Cache-Config
Time
X-Wix-Viewer-Type
Memory
Accept-Language
X-Srv
X-Minions-Version
X-Via-Poph
WebServer
Env
X-CacheTTL
X-Optimistic-Header
X-Via-Popv
X-Via-Popn
X-Refresh
X-Datadome
X-Edge-Pop
X-Varnish-Ttl
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
X-HA-Backend
Datacenter
NtCoent-Length
Candidate-Md5Url
Locale
GeoIp-Country-Code
X-Urbn-Context-Path
X-Urbn-Site-Id
X-CACHE-KEY
X-DC
X-ZONE
X-DynaTrace-JS-Agent
Server-ID
X-Vc
WWW-Authenticate
X-Esi
On-Server
X-MSEdge-Features
X-Servedbyhost
X-Unique-ID
X-User
Esi-Enabled
X-MSEdge-Flight
X-TX-ID
X-Ec-Fail
X-Ec-GeoHdr
X-Parent-Response-Time
X-CLOUD-TRACE-CONTEXT
X-Cs
X-TA-CDN-Provider
X-Service
C-Via
X-Cache-PHP
X-Varnish-Beresp-TTL
X-Newrelic-Synthetics
X-VCL-Version
X-App
Cdncip
Cdnsip
X-Cache-Ttl
X-AK-Request-ID
X-URL
My-App
X-Fpc
X-Webkit-Csp-Report-Only
X-WADP-Cache
X-Clara-WADP
X-Dynatrace
Test
X-LI-Proto
Cluster
X-Fmm-Version
X-Li-Proto
Proxy-Connection
X-Traceid
Geo-Info
Geoip-Latitude
X-Vcl-Version
X-FPC
X-Var-Ttl
X-Cache-Status-Check
Tracecode
X-CUA
X-B3-Spanid
X-Render-Time
X-NODE
X-Webkit-CSP-Report-Only
Cf-Int-Pingora-Origin-Digest
X-LiteSpeed-Cache-Control
X-Pass-Why
Fastly-Drupal-HTML
DataCenter
T-Server
Lfy
X-From
X-Mcache
M-TraceId
X-Fragments
Resin-Trace
Lang
X-VC
MIME-Version
Target-Params
Server-Id
X-CSRF-TOKEN
X-WP-CF-Super-Cache-Cache-Control
X-Ha-Backend
X-ID
X-Clientip
X-Geo
X-WP-CF-Super-Cache
Hostname
X-Oss-Storage-Class
X-Oss-Server-Time
X-ServedByHost
X-AIR-PT
HIT
X-Oss-Request-Id
X-LiteSpeed-Tag
GeoIP-Country-Code
X-Oss-Object-Type
X-Info
X-RAMCache
UCS
Hit
X-Oss-Hash-Crc64ecma
Cache-Host
X-Dynatrace-Js-Agent
X-Provided-By
S-Cnection
X-Pad
Section-Io-Origin-Time-Seconds
ENV
Section-Origin-Responded
X-Via-PopH
Section-Io-Id
X-Cdn-Forward
Section-Io-Origin-Status
X-Via-PopN
X-Edge-POP
X-Via-PopV
Permissions-Policy
X-Api-Version
X-Check-Cacheable
X-Httpd
X-Proxy-Cache-Info
X-Edge-Cache
X-NGINX-Cache
Ohc-File-Size
WZWS-RAY
Servername
X-ElasticPress-Query
X-Micro-Cache
Producers
X-BBC-Origin-Response-Status
X-ServerName
Fastly-Backend-Name
FSS-Cache
X-HS-Status
User-Agent
X-Ucs
X-Fastly-Backend-Reqs
X-SB
Load-Balancing
X-Platform-Cluster
X-Platform-Processor
X-GoCache-CacheStatus
X-Platform-Router
X-Cache-CFC
X-Pool
X-Acquia-Site
X-Udemy-Cache-App-Namespace
Uri
PICS-Label
X-Release
X-Backend-Host
X-Acquia-Purge-Tags
URI
X-UP
X-Acquia-Application-Trace
X-Lb-Nocache
X-Acquia-Application-UUID
ServerName
X-TRACE-ID
X-Ec-Custom-Error
X-BCube-Filmed-By
Tcn
X-RateLimit-Reset
EpKe-Alive
X-Swift-Error
Server-Ttl
Cteonnt-Length
Cneonction
X-Nc
X-Cdn-Request-ID
X-Fastly-Cache-Hits
Cdn
X-APP
X-Scale
X-Lb-Id
X-Dw-Trace-Id
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Snapshot-Date
X-Srcache-Store-Status
X-Dispatcher-Number
Shield-Pop
X-Cache-ASPX
X-Srcache-Fetch-Status
Wpo-Cache-Status
Cf-Ipcountry
X-Newrelic-App-Data
X-Vcache
Wpo-Cache-Message
X-Contensis-Viewer-Groups
X-Cache-Expires
CF-Cached-On
Ohc-Cache-HIT
X-B3-ParentSpanId
MD5-Digest
Path
X-Yottaa-OS
Vha6-Origin
Sid
X-Cache-Ngx
X-Air-Pt
X-HostName
X-Shopify-Generated-Cart-Token
X-Via-Ucdn
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL
Server-Ext
Server-Hostname
X-B3-Parentspanid
X-Akamai-Request-ID
X-IN-APIGATEWAY
Sever-Int
IsBot
X-SIPLIST1
X-Apw-Hits
X-Varnish-Authentication
X-WA-Info
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-WA
VNS-Age
CPC-Cache
X-Amz-Meta-Cb-Modifiedtime
Cache-Key
VNS-Cache
X-Logging-Id
CPC-Age
X-Http-Count
Ngx
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
X-Sentry-ID
CountryCode
X-CacheKey
X-UA
X-Akamai-Pragma-Client-IP
Req-ID
X-Last-Modified