Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
ETag
Pragma
CF-RAY
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
CF-Ray
X-Cache-Status
X-Generator
X-Cacheable
X-Check
X-Request-ID
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
X-Akamai-Path-Stats
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-LiteSpeed-Cache
Allow
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-CST
X-Server-Id
X-Aws-Lambda-Call-Status
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-Server-Name
Edge-Control
RTSS
X-Varnish-TTL
X-VARITI-CCR
X-ESI
Accept-Ch
Cache-Tag
X-Content-Type
X-B3-TraceId
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Dw-Request-Base-Id
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-Ac
X-D2id
X-RateLimit-Remaining
X-Element-Page-Cache
X-Navigation-Version
X-Edge
Verso
X-Abt-Application-Version
X-Client-IP
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Powered-By-Plesk
X-Ser
X-Litespeed-Cache
X-Version
Arr-Disable-Session-Affinity
X-FastCGI-Cache
Service-Worker-Allowed
X-GitHub-Request-Id
X-Cache-TTL
X-Country-Code
Response
X-Middleton-Response
X-NF-Request-ID
X-Ttl
X-Correlation-Id
Access-Control-Request-Method
X-Goog-Hash
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-Edge-Location-Klb
X-Webkit-Csp
AR-PoweredBy
AR-Request-ID
AR-SID
AR-ATIME
AR-CACHE
X-Cached
X-Upstream
X-Content-Security-Policy-Report-Only
SPRequestGuid
X-SharePointHealthScore
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-LLID
X-Instrumentation
X-NWS-LOG-UUID
X-Powered-CMS
X-RateLimit-Limit
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-TTL
Nginx-Cache
X-Forwarded-For
X-Cache-Key
Content-MD5
TCN
X-Id
Mrf-Cache-Status
X-MSEdge-Ref
MRF-Tech
X-Shield-Request-Id
X-Daa-Tunnel
X-B3-TraceId-Primal
X-T
X-Recruiting
S
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Content-Digest
MS-Author-Via
X-Ua-Device
X-Mg-S
X-HP-Trace-Id
X-Jurisdiction
X-ECACHE
X-HP-Webp
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Protected-By
X-SRCache-Fetch-Status
X-Ezoic-Cdn
X-SRCache-Store-Status
X-Grace
X-Frontend
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-Ua-Browser
X-Request-Received
X-Request-Processing-Time
X-Ab
Front-End-Https
X-Content
X-Yandex-Sdch-Disable
Server-Node
X-Server-ID
Filters
TP-L2-Cache
TP-Cache
X-DataDome
X-Mid
Fastcgi-Cache
X-Origin-Server
X-DynaTrace
X-Hits
X-Distributor
X-Geo-Country
X-PressLabs-Stats
X-Microsite
X-Request-Handler-Origin-Region
X-Debug-Info
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cleartype
X-ORACLE-DMS-ECID
Host
X-Page-Id
X-Git-Hash
X-LB-Cache
Charset
X-F-Cache
X-DIS-Request-ID
Cross-Origin-Opener-Policy
X-B3-Sampled
X-ORACLE-DMS-RID
X-Ratelimit-Reset
X-Forwarded-Proto
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Www-Served-By
X-Cache-Age
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Seen-By
ServerID
Cache-Status
Realpath
X-Aspnetmvc-Version
X-AppVersion
Cache-Tags
Accept-Charset
X-Az
X-Activity-Id
X-MCACHE
X-Varnish-Age
X-Cluster-Name
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Filterid
X-Rid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Language
X-Content-Options
X-Nginx-Upstream-Cache-Status
X-Type
X-App-Environment
Server-Name
Retry-After
Node
X-Varnish-Grace
Country
Viewport
X-Upgrade-Enabled
X-Tb
X-Origin-Cache
X-FB-Debug
X-User-Agent
X-Whom
X-Wix-Request-Id
X-Route-Name
X-Signature
DC
X-Drupal-Cache-Tags
X-Mobile-URL
Paypal-Debug-Id
X-Varnish-Backend
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-B-Cache
X-Request-Guid
X-TT
X-NWS-UUID-VERIFY
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-VCache
Protected
Fastcgi-Useragent
X-XRDS-LOCATION
X-B
X-N
X-Fastly-Request-Id
X-Via-JSL
X-Fastly-Request-ID
X-Debug
X-Amz-Replication-Status
WPO-Cache-Message
WPO-Cache-Status
X-Cache-NGX
X-Logged-In
X-Fastcgi-Cache
Payment
X-Mcache
X-XRDS-Location
X-Contextid
X-Load-Cache
X-Amz-Meta-S3cmd-Attrs
Surrogate-Key
Permissions-Policy
Count-Hit
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Node-Name
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Static
X-Template
Healthy
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
SD-X-WS
X-G
X-Original-Request-Id
X-Response-Served-From
X-Cache-Time
X-Jobs
X-Mobile
Refresh
Content-Disposition
Akamai-GRN
X-Proxy
X-Rendered-As
X-Akamai-Request-ID2
X-Cacheable-TTL
X-Framework
X-Is-Bot
X-Trace-Id
Uber-Trace-Id
X-UUID
X-Zen-Fury
X-Revision
X-Real-IP
X-Hostname
X-Page-View
X-Http-Reason
X-Adobe-Content
X-Adobe-Loc
X-Proxy-Cache-Status
X-Cache-TTL-Remaining
X-Device-Type
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Instance
NGB
X-Debug-IsPreview
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Debug-IsConnected
Alternate-Protocol
Url
X-Yottaa-Metrics
X-Datadome
X-Yottaa-Optimizations
X-Servername
X-Cache-Grace
X-IPLB-Instance
X-ECache
X-B3-Traceid
Version
X-Restarts
X-Mg-Request-UUID
X-Source
X-NGENIX-Cache
X-Varnish-Server
X-L-Path
X-Environment-Context
X-Oneagent-Js-Injection
From-Origin
Accept-Language
X-Cache-Rule
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
X-Cache-Hit
Countrycode
X-Cache-Expired-At
Ms-Operation-Id
X-RTag
X-HTML-Minification-Powered-By
MS-CV
X-Parallel-Accel
Referer-Policy
Frame-Options
X-App-Server
X-NYM-Debug-Backend
Liferay-Portal
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
Cross-Origin-Window-Policy
X-FW-Version
X-IPS-LoggedIn
Backend
X-COUNTRY
X-Midtier
X-Nginx-Cache
Content-Secure-Policy
X-RemovedCookies
WP-Super-Cache
X-ProcessESI
X-Redis-Cache
Cache-Tv-Group
X-Cache-Server
Section-Io-Cache
X-RN-RSRV
Upgrade-Insecure-Requests
X-Hosted-By
X-UPSTREAM-Address
Meta-Geo
X-Cache-Action
X-Web-Node
CF-IPCountry
X-No-Session
X-Cache-Enabled
X-FB-TRIP-ID
X-Detected-As
X-UA-Device-Type
X-APP-VERSION
X-Content-Age
X-Region
Mn-Server-Ip
X-Cluster-Node
X-Format
Locale
X-Server-W
X-Be
X-SayCDN-TTL
X-Say-TTL
X-Request-Time
Property-Id
X-Say-Cacheable
S-Rt
X-Unique-Id
Ec-Rule-Version
Webcakes-Region
Azure-Version
Azure-SlotName
TWC-GeoIP-Country
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Device-Class
Azure-SiteName
X-Akamai-Edgescape
Fastly-SSL
TWC-Locale-Group
X-AOL-HN
X-Access
Apigw-Requestid
X-Urbn-Site-Id
Azure-RegionName
Azure-InstanceId
TWC-Connection-Speed
X-Section
X-Nginx-Cache-Key
X-Urbn-Context-Path
X-Sql-Count
X-Site-Version
X-PHP-Backend
X-Varnish-Cache-Hits
X-Via-Fastly
X-OCL
X-Origin-Date
X-Sql-Duration-Ms
X-Mode
X-Uri
X-Storage
X-Generated-By
X-Generation-Time
X-Origin-Hint
X-Human
X-PCL
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Adobe-Source
X-PERF
CDN-CachedAt
X-ProxyCache-Status
CDN-Uid
X-Ratelimit-Remaining
X-ProxyCache-Key
X-Platform-Server
CDN-RequestId
CDN-RequestCountryCode
CDN-Cache
X-ShopId
CDN-EdgeStorageId
CDN-PullZone
X-Xfnlog-Site
X-Sorting-Hat-PodId
X-Cache-Tags
X-ShardId
X-Content-Powered-By
X-Debug-Cache
X-Forwarded-Host
X-Cache-Host
X-Status
X-BYPASS-REASON
X-Alternate-Cache-Key
X-ApacheServer
X-JoinUs
X-SaId
X-Locale
X-Tid
X-NewRelic-App-Data
X-Hl-Ver
X-PHP-Host
X-Zipkin-Id
X-Labrador-Cache-Channel
X-Routing-Service
X-Cache-Type
X-Webkit-CSP
X-Proxied
X-Handled-By
X-Extlb
X-Varnishpool
X-ServerID
Eomportal-Instance
X-Ua
X-Backend-Name
X-Hyper-Cache
X-Proxy-Build
Selected-Fe
X-VWS-Id
X-AWS-Id
X-TT-LOGID
X-Timing-Wait
X-LJ-Flow-ID
X-VC-Cache
X-GG-Cache-Date
X-Cms-Context
ServedBy
Webserver
X-Edge-Location
X-Rule
X-Storefront-Renderer-Rendered
X-Cache-Operation
X-LSADC-Cache
Mime-Version
Fastly-Drupal-Html
X-Proto
X-Cached-By
X-Dc
Web-Mar-Node
SRV
Load-Balancing
X-CDN-Forward
X-GeoCountry
X-App-Version
SID
X-Accel-Buffering
X-GeoCode
X-Rewrite-Enabled
X-Cache-Remote
X-Soup
Onion-Location
X-GEO
X-Varnish-Hostname
X-TA-CDN-Provider
X-Cdn
Xserver
Cache-Hits
X-Pubstack
X-Reqid
Country-Code
X-Origin-CC
X-Origin-TTL
X-Request-Host
X-Buckets
X-SRV
X-Cluster
X-Ratelimit-Limit
X-Varnish-Hits
X-Microcachable
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Server-Info
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
Xet-Cookie
X-Envoy-Decorator-Operation
LB
X-CSRF-Token
X-Ms-Request-Id
X-Magnolia-Registration
X-Ms-Version
X-Air-Trace-Id
X-Time
X-Air-Hostname
X-Air-Source
X-Amz-Apigw-Id
DB-Nickname
X-Amzn-RequestId
Cache
X-Endurance-Cache-Level
X-B3-SpanId
X-RCS-CacheZone
X-NCache
X-Tx-Id
Cmsid
X-CF-Lambda-Version
X-Aed
X-Ftr-Request-Id
Odigeo-Trace-Id
X-Cache-Bucket
X-Hash
X-Cache-NE
A
DCR-Decision-By
X-Forwarded-Path
Cmstype
X-Gzip
X-CF-Lambda-Fn
X-Cdn-Srv
X-Geo-Header
X-Epic-Correlation-Id
DCR-Processing-Time-Ms
Source
X-Connection-Hash
X-Conf
X-ARC
X-Core-Mission
X-Destination
X-Developer
X-B-Cookie
X-D
X-Device-Os
X-Application
BehaviorPad-Version
X-Esi-Check
X-External-Request-Id
X-Fetched-On
DynaTrace
X-Ec-GeoHdr
Cdncip
Cdnsip
X-Ec-Fail
Xc-Version
X-AK-Request-ID
X-Node-Id
X-Shop-Environment
X-Session-Fingerprint
T-Server
Surrogated-Key
Lang
X-A-Wwc
X-SD-PageType
X-S
X-S-Cookie
X-Vtex-Remote-Cache
X-ScT
Sslversion
Mobile-Detection-Method
X-TIM-N
Pramga
MD5-Digest
X-TrackingId
X-User
Meta-Geo-Continent
Rendered-Blocks
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tenant
X-Rojux
Host-ID
X-A-Dam
X-Bc-Bl
X-Orig-Expires
X-Vtex-Processado-Em
X-A
X-Cache-Id
X-A-Ccd
Fastcgi-X-Cache-Version
X-NAPM-TraceId
Expiry
NM-Fastcgi-Cache
X-Vdms-Version
X-Vdms-Path
X-Ig-Push-State
X-IPLB-Request-ID
X-A-Dcw
X-A-Dgt
X-VG-WebCache
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Varnish-Beresp-Grace
X-Varnish-Ttl
X-Cache-Date
Producers
Origin-EX
Origin-CC
X-Cache-Backend
Platform
TDXMobile
We-Hiring
User-Cache-Control
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
Traceparent
Thinkindot-Control
Server-Host
Release
State
Thinkindot-CacheControl
X-Amzn-Remapped-Content-Length
Thinkindot-CacheControl-Type
X-Block-Status
X-Gen-Mode
X-Server-IP
X-Scheme
X-Sigma
X-Sigma-Backend
X-Skip-Cache
X-SB
X-Rocket-Build-Number
X-Origin-Time
X-Origin-Response-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Worker
X-Slack-Backend
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Via-Ucdn
X-VServer
X-WADP-Cache
X-Variation
X-Thinkindot-L3
X-Wix-Viewer-Type
X-Webstats-RespID
X-TNCMS
X-V-Cache
X-Origin-Expires
X-Origin
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Fastly-Cache
X-Fmm-Version
X-From
X-Dispatcher-Number
X-Developers
X-Ckpd-Fst-Backend
X-CacheTTL
X-Core-Value
X-DefElseHash
X-DefHash
X-Gdpr
X-GeoIP
X-Loop
X-LAGOON
X-Mvc-Supplant-Cachable
X-NodeID
X-Nyt-Route
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Cache-Info
X-Clara-WADP
X-R9-Blue-Green-Version
Memcached
Machine
CloudFront-Viewer-Country
Adler-Geo
AKAMAI
Environment
Is-Eu
Fastly-GeoIP-CountryCode
Cache-Name
Mail-Subject
X-Azure-Ref
X-Auto-Login
X-Datadog-Sampling-Priority
X-Location
X-Loc
X-Datadog-Parent-Id
DSUID
X-Minions-Version
X-Forwarded-Site
Cluster
X-BBC-Edge-Cache-Status
X-Sn-Servicetimems
X-Datadog-Trace-Id
X-SIPLIST1
CDCHOST
X-Aicache-OS
Apple-News-Services-Host
X-Viewer-Country
X-CGP
X-HN
HostName
X-GeoIP-City
X-Csrf-Jwt
X-Gamma-Serve
X-Generated-On
X-Httpd
X-Cdn-Origin
X-Via-NSCOPI
Apple-News-Services-Parsed-Url
X-Branch-Name
Apple-News-Services-Handled
X-VarnishDD-TTL
X-ZONE
X-VG-TLSProxy
X-Level-Front-Cache
Apple-News-Services-Request-Url
Fastcgi-Cache-TTL
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Server-Hostname
Server-Ext
Sever-Int
X-RateLimit-Remaining-Second
L5d-Success-Class
X-RateLimit-Limit-Second
Ssr
Req-Svc-Chain
X-Eu-Site
PFcat
CDN
N-Cache
NGX
X-Rocket-Nginx-Serving-Static
X-Request-URI
Redirect-Candidate
X-Region-Sid
Origin
Svr
L
X-Pool
Vix-Hermes-Req-Id
X-Platform
X-Policy
X-Pod-Name
Ohc-File-Size
Fastly-SIE
Fastly-SWR
Gh-Request-Id
V-Age
HA-Ipaddr
IsBot
Kp-EeAlive
X-Served-From
X-Qloud-Router
Ha-Gx-Prefs
X-Proxy-Cache-Info
X-Proxy-Upstream
X-Newrelic-Synthetics
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Owner
X-Optimistic-Header
X-Scale
X-Wikidot-Static-Cache
X-Refresh
X-Parent-Response-Time
X-NC
X-CS
X-Men
X-VC
Datacenter
X-Wikidot-Backend
Locid
Pics-Label
Cache-Key
Candidate-Md5Url
X-Tb-Optimization-Total-Bytes-Saved
X-BCube-Filmed-By
X-Ad-Defer-Variation
Arc-Country
X-CACHE-KEY
GEO-INFO
X-Tt-Logid
X-Contensis-Viewer-Groups
VNS-Age
CPC-Age
X-Cache-ASPX
X-Old-Content-Length
CPC-Cache
VNS-Cache
XM
X-SplitTest
X-Ah-Environment
Env
X-EC-Lua
X-Response-By
X-Cache-Status-Check
Ms-Author-Via
X-TraceId
X-Srv
X-DW
X-RPM
X-RPS
X-Tec-Api-Root
X-Tec-Api-Version
X-RSL
X-DSS
X-RateLimit-Reset
X-DB
X-Varnish-Authentication
X-Tec-Api-Origin
X-DI
X-WA-Info
X-LB-NoCache
Servername
X-Webkit-Csp-Report-Only
AMP-Access-Control-Allow-Source-Origin
X-Udemy-Cache-App-Namespace
X-Edge-Pop
Time
X-Micro-Cache
Fastly-Backend-Name
X-Mvc-Supplant-OutputCached
X-Amz-Meta-Cb-Modifiedtime
X-Accel-Expires-Debug
Memory
X-Date
Lb
X-Xrds-Location
X-Akamai-Transformed
X-TIME
X-Generated-In
X-AIR-PT
X-Via-Popn
X-Via-Popv
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Via-Poph
Path
X-Servedbyhost
Ohc-Cache-HIT
X-API-Version
X-S-Maxage
X-HA-Backend
X-Cache-Debug
ITXSESSIONID
GeoIp-Country-Code
X-Trace-ID
X-Presslabs-Stats
Cache-Host
Ngx.Var.Host
FSS-Cache
X-VCL-Version
X-DC
Client
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Deployment-Id
True-Client-IP
Geoip-Latitude
X-Varnish-Beresp-TTL
X-Vc
CacheControlHeader
X-Proxy-CacheRZ
X-Cs
XkeyRZ
X-VHOST
X-Action
X-Clientip
X-TH-Server
True-Client-Country-4JS
Server-ID
X-Api-Version
Geo-Info
X-Backend-TTL
Hostname
X-Fpc
X-Zone
X-FireWall-Port
Powered-By
X-Req
Edge-Cache
X-TX-ID
NtCoent-Length
X-Dmc
My-App
X-Traceid
X-B3-Spanid
X-PX
X-Pass-Why
X-MSEdge-Flight
X-Render-Time
X-MSEdge-Features
Test
X-Provided-By
X-FPC
X-INCAP-ABP
X-Origin-Upstream-Status
X-NGINX-Cache
C-Via
X-Cdn-Request-ID
X-CSRF-TOKEN
X-Up
Cf-Int-Pingora-Origin-Digest
X-Correlation-ID
X-Varnish-Beresp-Ttl
Tube-Got-Results
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-DynaTrace-JS-Agent
Tube-Return
Click-Count-Action-Start
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Trace
X-Beluga-Status
User-Agent
Server-Id
Rip
Tube-Get-Contents
Click-Count-Error
X-HS-Status
X-Webkit-CSP-Report-Only
Tube-Got-Eval
X-Gateway-Cache-Key
X-LB-ID
X-Service
X-M-Reqid
X-Vcl-Version
Esi-Enabled
X-Qnm-Cache
OT-Force-Account-Verify
Tcn
Proxy-Connection
X-M-Log
DataCenter
Srvid
X-UnsetCookies
HIT
On-Server
X-LI-UUID
GeoIP-Latitude
GeoIP-Country-Code
Uri
X-Li-Pop
X-Via-PopH
X-Li-Fabric
X-Alfa-Service
X-URL
X-Ha-Backend
Resin-Trace
X-Via-PopV
X-Via-PopN
X-CLOUD-TRACE-CONTEXT
X-Dynatrace
X-Time-Microsecs
X-ServedByHost
Sid
WZWS-RAY
X-ND-Cache
X-RAMCache
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
Srv
X-APP
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Epwk-X-Cache
X-CUA
X-Fetch-By
X-Geo
X-LI-Proto
X-Proxy-Cache-Hk
Cdn
X-CCDN-CacheTTL
X-TRACE-ID
X-Cdn-Forward
X-Edge-POP
X-Fastly-Backend-Reqs
X-Fragments
Target-Params
Tracecode
X-Platform-Router
X-Platform-Processor
X-Backend-Host
Cf-Device-Type
X-ATG-Version
MIME-Version
X-Platform-Cluster
X-Cache-Ttl
X-Esi
X-Edge-Origin-Shield-Bytes
XServer
WebServer
Lfy
X-Var-Ttl
X-Lb-Nocache
Fastly-Drupal-HTML
ServerName
X-Fastly-Backend
X-Sucuri-Cache
ENV
X-FC-Vary-Parameters
X-B3-Traceid-Primal
X-Sucuri-ID
X-App
X-Edge-Origin-Shield-Region
X-HostName
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MG-S
PICS-Label
X-ElasticPress-Query
M-TraceId
X-Yottaa-OS
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
Server-Ttl
Inserted-Into-Cache-At
Section-Io-Id
X-Azure-Ref-OriginShield
X-Varnish-Beresp-Status
X-Cache-Expires
CF-Cached-On
X-Newrelic-App-Data
Warning
X-LiteSpeed-Cache-Control
X-Backend-State
D-Url-Rewrites
X-Vcache
X-Request-Url
X-Iplb-Instance
X-NU-AKA-ACS-Version
X-Serial
X-Dw-Trace-Id
Cf-Ipcountry
X-Iplb-Request-Id
X-CF-Powered-By
X-Nc
X-Li-Proto
Magicmarker
Servedby
DT-Hot-News
X-UA
X-Back
X-Release
X-Litespeed-Cache-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Content-Style-Type
X-Vercel-Id
Hit
True-Client-Ip
Dt-Hot-News
Content-Script-Type
X-Fastly-Cache-Hits
X-Vercel-Cache
X-Th-Server
X-Acquia-Purge-Tags
Ngx
X-Snapshot-Date
X-Acquia-Site
X-Request-URL
Cneonction
X-Acquia-Application-UUID
Fastcgi-Cache-Ttl
CountryCode
X-Storefront-Renderer-Verified
X-Dist-Code
X-Acquia-Application-Trace
X-BBC-Origin-Response-Status