Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
ETag
CF-RAY
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
Access-Control-Allow-Origin
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
CF-Ray
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
EagleId
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Dispatcher
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Nginx-Cache-Status
X-Cache-Spec
X-Device
X-OneAgent-JS-Injection
Allow
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-CST
X-Aws-Lambda-Call-Status
Surrogate-Control
Accept-CH
Request-Id
X-Server-Id
X-Backend-Server
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Content-Location
Accept-CH-Lifetime
X-ASPNET-VERSION
Cf-Edge-Cache
Rating
X-Cloud-Trace-Context
X-Url
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
X-Rack-Cache
X-Server-Name
X-Ruxit-JS-Agent
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-Content-Type
X-VARITI-CCR
X-B3-TraceId
Cache-Tag
X-Vcap-Request-Id
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Amz-Rid
X-Ac
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cnection
X-Px
X-Amz-Server-Side-Encryption
X-Element-Page-Cache
X-RateLimit-Remaining
Accept-Ch
X-D2id
Verso
X-Navigation-Version
X-Abt-Application-Version
X-Powered-By-Plesk
X-Client-IP
Service-Worker-Allowed
X-Cache-TTL
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Ser
X-Ruxit-Js-Agent
X-Version
X-Country-Code
X-Edge
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
Response
X-Middleton-Response
X-NF-Request-ID
Access-Control-Request-Method
X-FastCGI-Cache
X-Ttl
X-Goog-Hash
X-Correlation-Id
X-Kinsta-Cache
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Webkit-Csp
X-Upstream
X-Edge-Location-Klb
SPRequestDuration
SPIisLatency
X-RateLimit-Limit
X-LLID
X-NWS-LOG-UUID
X-Cached
X-Cache-Key
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Litespeed-Cache
X-Powered-CMS
Nginx-Cache
Edge-Cache-Tag
X-TTL
SPRequestGuid
TCN
X-SharePointHealthScore
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
MS-Author-Via
Content-MD5
X-MSEdge-Ref
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Server-ID
X-T
X-Recruiting
S
X-DataDome
X-Mg-S
X-Content-Digest
X-Ua-Device
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Protected-By
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Frontend
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-Content
X-Ab
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-HS-Cache-Config
X-Accel-Expires
Server-Node
Front-End-Https
X-HS-Combine-CSS
X-Grace
X-Request-Processing-Time
X-Request-Received
Filters
X-Mid
Fastcgi-Cache
X-ECACHE
X-Hits
X-Geo-Country
X-Origin-Server
X-ORACLE-DMS-ECID
X-Distributor
X-PressLabs-Stats
TP-L2-Cache
X-ORACLE-DMS-RID
TP-Cache
X-Debug-Info
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-DynaTrace
X-Tt-Trace-Host
X-Tt-Trace-Tag
Host
Cleartype
Charset
X-Amzn-Trace-Id
X-Page-Id
X-F-Cache
X-B3-Sampled
X-Ratelimit-Reset
X-DIS-Request-ID
X-Git-Hash
Cross-Origin-Opener-Policy
X-Www-Served-By
X-LB-Cache
X-Forwarded-Proto
X-Request-Handler-Origin-Region
X-Microsite
Access-Control-Allow-Method
X-Cache-Age
Cache-Tags
ServerID
X-Seen-By
X-Aspnetmvc-Version
X-Oracle-Dms-Ecid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cluster-Name
X-Oracle-Dms-Rid
Accept-Charset
X-Language
X-Az
X-Activity-Id
Server-Name
X-AppVersion
X-Varnish-Age
Cache-Status
Realpath
Filterid
X-Rid
X-Content-Options
X-Type
X-App-Environment
X-Mobile-URL
X-WebKit-CSP-Report-Only
X-VCache
X-Fastly-Request-ID
X-Fastcgi-Cache
Viewport
X-Varnish-Grace
Node
X-Wix-Request-Id
X-FB-Debug
X-User-Agent
Country
X-MCACHE
X-Nginx-Upstream-Cache-Status
X-Upgrade-Enabled
X-Tb
X-Origin-Cache
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Signature
X-NWS-UUID-VERIFY
X-Request-Guid
X-Drupal-Cache-Tags
X-Flags
X-B-Cache
X-Route-Name
X-Whom
X-Providence-Cookie
Protected
X-TT
Paypal-Debug-Id
DC
X-Via-JSL
X-GUploader-UploadID
Retry-After
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Oneagent-Js-Injection
X-Goog-Metageneration
X-Goog-Storage-Class
Fastcgi-Useragent
X-Varnish-Backend
X-XRDS-LOCATION
X-Cache-NGX
X-B
Payment
X-Amz-Replication-Status
X-Contextid
X-Debug
X-XRDS-Location
X-Logged-In
X-Template
WPO-Cache-Status
X-N
WPO-Cache-Message
X-FW-Server
X-Load-Cache
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
Surrogate-Key
X-Fastly-Request-Id
X-Mcache
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Hostname
X-Node-Name
Count-Hit
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Original-Request-Id
X-Response-Served-From
Healthy
SD-X-WS
X-Amz-Meta-S3cmd-Attrs
Refresh
VIX-Pulpo-Node
X-Is-Bot
X-Cache-TTL-Remaining
X-Rendered-As
X-Real-IP
Uber-Trace-Id
X-Zen-Fury
X-Jobs
X-Proxy
X-Akamai-Request-ID2
Akamai-GRN
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Revision
X-UUID
X-G
Content-Disposition
X-Cacheable-TTL
X-Page-View
X-Parallel-Accel
X-Http-Reason
X-Framework
X-Debug-IsConnected
X-Mobile
X-Drupal-Cache-Contexts
X-Adobe-Loc
X-Adobe-Content
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Device-Type
X-Proxy-Cache-Status
X-Debug-IsPreview
Alternate-Protocol
NGB
X-Instance
X-Trace-Id
Access-Control-Request-Headers
Url
X-IPLB-Instance
From-Origin
X-Cache-Rule
X-Source
X-Servername
X-ECache
X-Vgn-Hpd-Reason
Permissions-Policy
X-B3-Traceid
Version
X-Cache-Grace
X-Cache-Expired-At
X-Varnish-Server
Accept-Language
X-Cache-Hit
X-Environment-Context
X-Mg-Request-UUID
X-L-Path
Referer-Policy
Countrycode
X-EdgeConnect-Cache-Status
X-Restarts
X-NGENIX-Cache
X-FW-Version
MS-CV
Ms-Operation-Id
X-RTag
Cross-Origin-Window-Policy
X-App-Server
X-IPS-LoggedIn
X-Cache-Action
X-HTML-Minification-Powered-By
X-Tumblr-Pixel
X-COUNTRY
Backend
X-Tumblr-Pixel-1
Liferay-Portal
X-Tumblr-Pixel-0
X-Tumblr-User
Frame-Options
X-NYM-Debug-Backend
X-RemovedCookies
X-Nginx-Cache
X-ProcessESI
WP-Super-Cache
Content-Secure-Policy
X-Hyper-Cache
Section-Io-Cache
CF-IPCountry
X-Redis-Cache
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
Upgrade-Insecure-Requests
X-Ratelimit-Remaining
X-Origin-Hint
X-Cache-Server
X-PERF
X-Detected-As
X-PCL
X-No-Session
TWC-Privacy
X-Generation-Time
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
X-Region
X-Cluster-Node
X-Access
Webcakes-Region
TWC-Device-Class
X-Format
Ec-Rule-Version
X-Cache-Enabled
X-OCL
X-Content-Age
X-Section
X-ApacheServer
TWC-Connection-Speed
Property-Id
X-FB-TRIP-ID
Mn-Server-Ip
Apigw-Requestid
Azure-SiteName
X-SayCDN-TTL
Cache-Tv-Group
S-Rt
X-AOL-HN
X-Akamai-Edgescape
X-Server-W
X-Site-Version
Azure-Version
X-Sql-Duration-Ms
X-Status
X-Sql-Count
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-Storage
X-UA-Device-Type
X-Request-Time
X-Uri
X-Say-Cacheable
X-Rule
X-Xfnlog-Site
X-PHP-Backend
X-Web-Node
X-Via-Fastly
X-Human
X-Hosted-By
X-Mode
X-Generated-By
X-Origin-Date
X-Urbn-Context-Path
X-Say-TTL
X-Urbn-Site-Id
Locale
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
X-Be
X-Cache-Host
X-Forwarded-Host
Webserver
X-BYPASS-REASON
X-Nginx-Cache-Key
CDN-RequestId
CDN-Uid
CDN-RequestCountryCode
CDN-Cache
X-Varnish-Cache-Hits
X-Cache-Tags
X-ProxyCache-Status
X-ProxyCache-Key
X-Debug-Cache
Fastly-SSL
X-Content-Powered-By
X-Cache-Type
X-Webkit-CSP
X-Platform-Server
X-Unique-Id
X-JoinUs
X-Tid
X-Routing-Service
X-ShopId
X-Sorting-Hat-ShopId
X-Hl-Ver
X-Zipkin-Id
X-Ua
X-Adobe-Source
X-Sorting-Hat-PodId
X-ServerID
Eomportal-Instance
X-ShardId
X-Extlb
X-SaId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Proxied
X-Varnishpool
X-Backend-Name
ServedBy
Selected-Fe
X-TT-LOGID
X-Timing-Wait
X-Proxy-Build
X-Handled-By
X-PHP-Host
X-APP-VERSION
X-Accel-Buffering
X-GG-Cache-Date
X-Locale
X-Labrador-Cache-Channel
X-Cache-Operation
X-Cache-Remote
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
Xserver
X-Rewrite-Enabled
X-LSADC-Cache
X-VC-Cache
X-App-Version
SID
X-NewRelic-App-Data
X-Soup
X-CDN-Forward
X-Pubstack
X-Cached-By
X-Dc
SRV
Fastly-Drupal-Html
Mime-Version
Web-Mar-Node
X-Buckets
X-Edge-Location
X-TA-CDN-Provider
X-Storefront-Renderer-Rendered
LB
X-Datadome
X-Proto
X-GEO
X-Reqid
X-Cms-Context
Country-Code
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Request-Host
X-Microcachable
X-Midtier
X-Varnish-Hostname
X-Ratelimit-Limit
Onion-Location
X-Origin-CC
Server-Info
X-Origin-TTL
Cache-Hits
X-GeoCode
Load-Balancing
X-GeoCountry
X-Ms-Version
X-Ms-Request-Id
X-NCache
X-Cluster
X-B3-SpanId
X-CSRF-Token
X-Varnish-Hits
X-Tumblr-Pixel-3
Xet-Cookie
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Bc-Bl
DynaTrace
X-RCS-CacheZone
X-Envoy-Decorator-Operation
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Varnish-Beresp-Grace
Cache-Name
X-Tx-Id
X-Endurance-Cache-Level
X-Magnolia-Registration
X-Origin-Response-Time
Wxu-Next-Commit
X-SD-PageType
Wxu-Next-Hostname
Wxu-Next-Region
X-ScT
X-Session-Fingerprint
X-NodeID
X-Shop-Environment
X-NAPM-TraceId
X-S
X-Varnish-Ttl
X-Rojux
X-S-Cookie
X-A-Dcw
X-Tenant
X-Aed
X-Application
X-TIM-N
X-TrackingId
X-ARC
X-SRCache-Key
X-Amz-Apigw-Id
X-A-Dam
X-A-Ccd
T-Server
X-A-Dgt
X-Amzn-RequestId
X-A-Wwc
X-A
Rendered-Blocks
DB-Nickname
DCR-Decision-By
Cmstype
Cmsid
Cdnsip
Meta-Geo-Continent
DCR-Processing-Time-Ms
X-PAYTM-SRV-ID
Host-ID
X-PBS-Appsvrname
Fastcgi-X-Cache-Version
Expiry
Lang
Cdncip
Mobile-Detection-Method
X-Processor
A
Pramga
X-User
Sslversion
X-Orig-Expires
Odigeo-Trace-Id
Apple-News-Services-Handled
NM-Fastcgi-Cache
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Surrogated-Key
X-AK-Request-ID
X-Forwarded-Path
X-Connection-Hash
X-SRV
X-Conf
X-Time
X-CF-Lambda-Version
Xc-Version
X-From
X-D
X-Ig-Push-State
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Ec-Fail
X-Esi-Check
X-External-Request-Id
X-Destination
X-Developer
X-CF-Lambda-Fn
X-Ftr-Request-Id
X-Cache-Id
X-Vdms-Path
X-LAGOON
X-Vdms-Version
X-Cache-Bucket
X-VG-WebCache
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Webstats-RespID
X-Cache-NE
X-Gzip
X-B-Cookie
X-Hash
X-Via-NSCOPI
X-R9-Blue-Green-Version
X-Fastly-Cache
X-GeoIP
X-Origin-Expires
Is-Eu
X-Irp-Debug
X-Fmm-Version
X-Geo-Header
X-Origin
Machine
Locid
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Gen-Mode
Memcached
Mail-Subject
X-Fetched-On
State
X-Ckpd-Fst-Backend
Web-Mar-Region
X-Clara-WADP
We-Hiring
V-Age
Vix-Hermes-Req-Id
X-Cdn-Srv
X-Cache-Info
X-Block-Status
X-Loop
X-Cache-Backend
X-Planisys-CDN-Cache
X-Mvc-Supplant-Cachable
User-Cache-Control
X-Core-Mission
X-Developers
Producers
X-Device-Os
Platform
X-DPWN-IS-SECURE
X-DefHash
Server-Host
X-Node-Id
X-Core-Value
Svr
X-Men
X-DefElseHash
X-Ec-Custom-Error
X-Planisys-CDN-Rules
X-Variation
Adler-Geo
X-Varnish-CookieHashed-On
X-SB
X-Wix-Viewer-Type
X-V-Cache
X-Request-URI
Source
X-Varnish-CookieINHashed-On
X-Viewer-Country
X-WADP-Cache
X-Rocket-Build-Number
X-SVT-ORM-RULES
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-TNCMS
X-Scheme
X-SVT-ORM-VERSION
Environment
Fastly-GeoIP-CountryCode
X-Slack-Backend
X-Azure-Ref
X-Pod-Name
X-Planisys-CDN-TTL
X-Server-IP
X-Sigma
X-Sigma-Backend
X-ZONE
X-Cache-Date
X-Has-Esi
X-Aicache-OS
X-Location
X-VServer
X-Level-Front-Cache
X-Branch-Name
X-Minions-Version
X-BBC-Edge-Cache-Status
X-Amzn-Remapped-Content-Length
X-Loc
L5d-Success-Class
L
MD5-Digest
X-VarnishDD-TTL
X-Is-Gdpr
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Httpd
X-Forwarded-Site
X-Generated-On
X-GeoIP-City
X-Gdpr
X-Gamma-Serve
HostName
X-HN
X-Eu-Site
HA-Ipaddr
PFcat
Ha-Gx-Prefs
CDCHOST
X-Worker
X-JWT-State
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Srv
X-CGP
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Cdn-Origin
X-Thinkindot-L3
X-Qloud-Router
Req-Svc-Chain
X-Proxy-Upstream
X-Platform
Cache
Fastly-SIE
X-Nyt-Route
Fastly-SWR
X-Old-Content-Length
X-Policy
Release
Redirect-Candidate
Origin-CC
Origin
AKAMAI
Arc-Country
Origin-EX
Kp-EeAlive
X-Proxy-Cache-Info
X-Sn-Servicetimems
N-Cache
X-Pool
Ssr
X-Rebelmouse-Cache-Control
X-Origin-Time
X-Rocket-Nginx-Serving-Static
Thinkindot-Control
CloudFront-Viewer-Country
X-Served-From
Cluster
X-Skip-Cache
Thinkindot-CacheControl-Type
Traceparent
X-Region-Sid
Thinkindot-CacheControl
X-Rebelmouse-Surrogate-Control
X-Response-By
TDXMobile
X-Tec-Api-Version
X-CS
X-Tec-Api-Origin
CDN
X-Tec-Api-Root
X-Parent-Response-Time
NGX
X-CacheTTL
X-DW
DSUID
X-Dispatcher-Number
Gh-Request-Id
X-RPM
X-RPS
X-RSL
X-Auto-Login
X-DSS
X-Optimistic-Header
X-DI
X-DB
Fastcgi-Cache-TTL
X-Via-Ucdn
X-Owner
X-SIPLIST1
Sever-Int
X-Date
X-WP-CF-Super-Cache-Cache-Control
X-EC-Lua
X-WP-CF-Super-Cache
X-Refresh
X-Accel-Expires-Debug
X-VC
Pics-Label
Server-Ext
Server-Hostname
IsBot
X-TraceId
X-Scale
X-Tb-Optimization-Total-Bytes-Saved
X-LB-NoCache
X-NC
Servername
X-GeoIP-Region-Code
Time
X-Ah-Environment
Env
X-Tt-Logid
X-GeoIP-Country-Code
Memory
X-Udemy-Cache-App-Namespace
X-Akamai-Transformed
X-TIME
GEO-INFO
AMP-Access-Control-Allow-Source-Origin
Ms-Author-Via
X-Cache-Debug
Ohc-File-Size
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Mvc-Supplant-OutputCached
X-RateLimit-Reset
X-IPLB-Request-ID
Cache-Key
Candidate-Md5Url
X-Edge-Pop
X-BCube-Filmed-By
Geo-Info
Datacenter
X-Newrelic-Synthetics
X-Ad-Defer-Variation
X-API-Version
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-Xrds-Location
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Source
CacheControlHeader
VNS-Age
VNS-Cache
X-Servedbyhost
X-Cache-ASPX
X-SplitTest
X-Amz-Meta-Cb-Modifiedtime
X-Contensis-Viewer-Groups
CPC-Age
CPC-Cache
X-Via-Popn
X-Via-Poph
XM
X-Via-Popv
X-Generated-In
X-Varnish-Authentication
X-TH-Server
X-S-Maxage
X-WA-Info
X-HA-Backend
True-Client-Country-4JS
X-Action
ITXSESSIONID
GeoIp-Country-Code
X-Trace-ID
X-Presslabs-Stats
X-Backend-TTL
Client
X-DC
Path
X-Micro-Cache
Fastly-Backend-Name
X-VCL-Version
X-Cache-Status-Check
X-AIR-PT
Geoip-Latitude
FSS-Cache
X-Vc
Server-ID
X-CACHE-KEY
X-Varnish-Beresp-TTL
X-VHOST
Cache-Host
X-Req
Edge-Cache
X-Cs
X-Provided-By
Lb
Hostname
My-App
Ngx.Var.Host
Ohc-Cache-HIT
X-Zone
X-Fpc
True-Client-IP
X-Origin-Upstream-Status
X-Dynatrace
X-Webkit-Csp-Report-Only
XkeyRZ
X-Up
NtCoent-Length
X-Pass-Why
X-Clientip
X-Proxy-CacheRZ
X-TX-ID
X-LB-ID
Powered-By
X-PX
X-Webkit-CSP-Report-Only
X-Traceid
X-FireWall-Port
DataCenter
X-Api-Version
X-Varnish-Beresp-Ttl
Test
X-FPC
X-Cdn-Request-ID
X-B3-Spanid
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-Li-Pop
X-Li-Fabric
X-CSRF-TOKEN
X-LI-UUID
X-Correlation-ID
OT-Force-Account-Verify
X-Beluga-Cache-Status
User-Agent
X-MSEdge-Flight
X-Beluga-Node
WZWS-RAY
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Status
X-Dmc
X-Beluga-Trace
X-MSEdge-Features
X-UnsetCookies
X-ND-Cache
X-Time-Microsecs
X-Vcl-Version
X-INCAP-ABP
X-CUA
Server-Id
Proxy-Connection
X-Render-Time
X-CLOUD-TRACE-CONTEXT
X-URL
Cf-Device-Type
GeoIP-Country-Code
X-RAMCache
X-B3-Traceid-Primal
X-Platform-Router
GeoIP-Latitude
Target-Params
X-Via-PopV
X-Fragments
C-Via
Rip
X-Via-PopN
X-Via-PopH
Srvid
X-HS-Status
Tracecode
X-Ha-Backend
X-Platform-Cluster
X-Platform-Processor
X-Azure-Ref-OriginShield
X-Check-Cacheable
X-Geo
X-Akamai-Pragma-Client-IP
Lfy
Click-Count-Action-Start
X-FC-Vary-Parameters
X-ATG-Version
X-Sucuri-Cache
Resin-Trace
Sid
Uri
X-ServedByHost
Click-Count-Error
X-Sucuri-ID
X-Fastly-Backend
Tube-Return
X-Gateway-Cache-Key
X-Gateway-Request-Id
X-Var-Ttl
X-Gateway-Skip-Cache
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
X-Gateway-Cache-Status
X-Service
MIME-Version
X-CCDN-Origin-Time
Epwk-X-Cache
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Esi-Enabled
X-M-Reqid
X-M-Log
X-Fetch-By
X-Alfa-Service
X-Proxy-Cache-Hk
X-Qnm-Cache
X-LI-Proto
X-TRACE-ID
Fastly-Drupal-HTML
Cdn
HIT
On-Server
Magicmarker
X-Backend-Host
X-Li-Proto
ENV
X-NU-AKA-ACS-Version
X-Client-Ip
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Varnish-Beresp-Status
X-DynaTrace-JS-Agent
X-Fastly-Backend-Reqs
Section-Io-Origin-Status
Srv
Section-Io-Id
X-Cache-Ttl
X-LiteSpeed-Cache-Control
X-Esi
X-Edge-POP
X-Backend-State
X-Cdn-Forward
X-Cache-Expires
XServer
X-App
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-MG-S
X-Cache-CFC
Server-Ttl
X-Lb-Nocache
X-Request-Start
X-Newrelic-App-Data
CF-Cached-On
X-Yottaa-OS
ServerName
Tcn
X-APP
PICS-Label
X-ElasticPress-Query
X-Iplb-Request-Id
X-Acquia-Application-UUID
D-Url-Rewrites
Cf-Ipcountry
X-Iplb-Instance
X-Serial
Wpo-Cache-Status
X-Nc
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Bip
X-BBC-Origin-Response-Status
Inserted-Into-Cache-At
X-Acquia-Site
Wpo-Cache-Message
X-Thanos
Servedby
X-HostName
Warning
X-UA
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache-Cache-Control
Hit
True-Client-Ip
X-Wp-Cf-Super-Cache
X-B3-Parentspanid
X-IN-APIGATEWAY
Fastcgi-Cache-Ttl
X-IN-APIGATEWAYSSL
X-Th-Server
CountryCode
X-Shopify-Generated-Cart-Token
X-Dw-Trace-Id
X-Akamai-Request-ID
X-Swift-Error
X-Dist-Code
X-Release
X-Request-Url
Content-Script-Type
Content-Style-Type
Ngx
X-Request-URL
Cneonction
X-LiteSpeed-Tag
X-Snapshot-Date
X-Back
X-Storefront-Renderer-Verified
X-CF-Powered-By
X-Litespeed-Cache-Control