Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
X-Request-ID
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
P3p
X-CDN
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
Report-To
X-Proxy-Cache
X-Server-Powered-By
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
NEL
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
Accept-Ch-Lifetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Country
Rating
X-B3-TraceId
X-Cloud-Trace-Context
X-Cache-Lookup
X-Trace
Accept-CH-Lifetime
X-Url
X-Ac
X-Content-Type
X-Vname
X-PC
X-TtlSet
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Server-Name
X-ESI
Fastly-Restarts
Cache-Tag
X-Aws-Lambda-Call-Status
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-Vcap-Request-Id
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Px
X-Navigation-Version
RTSS
Arr-Disable-Session-Affinity
X-Country-Code
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
Access-Control-Request-Method
X-Kinja
X-Exp-Id
X-NF-Request-ID
X-Powered-By-Plesk
Accept-Ch
X-Goog-Hash
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Origin-Cache
X-Powered-CMS
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-SID
AR-Request-ID
X-Version
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
X-TTL
X-LLID
X-Amz-Server-Side-Encryption
X-MSEdge-Ref
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Protected-By
TCN
X-T
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-RateLimit-Remaining
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
S
Content-MD5
Edge-Cache-Tag
X-Aspnetmvc-Version
X-CST
SPRequestDuration
SPIisLatency
Fastcgi-Cache
X-Language
X-Mid
Front-End-Https
Realpath
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Filters
Server-Node
X-MCACHE
X-Ua-Browser
X-Ab
X-Content
Server-Name
X-DynaTrace
X-Frontend
X-Correlation-Id
X-Ser
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-ECACHE
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-SharePointHealthScore
SPRequestGuid
X-Ttl
X-Ezoic-Cdn
X-Template
X-Hits
X-Parallel-Accel
X-Cache-Key
Alternate-Protocol
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
Fusion-Component-Id
Cache-Tags
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Page-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-B3-Sampled
Cleartype
Host
X-Www-Served-By
X-Git-Hash
Charset
X-Content-Options
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Fastly-Request-Id
X-Ratelimit-Limit
X-Content-Digest
X-Amz-Replication-Status
X-Varnish-Age
Filterid
X-Hostname
X-XRDS-LOCATION
X-AppVersion
X-Az
X-Activity-Id
X-Upgrade-Enabled
Cross-Origin-Opener-Policy
X-FB-Debug
X-Accel-Expires
X-VCache
X-Forwarded-Proto
X-Grace
X-N
ServerID
X-F-Cache
X-Origin-Server
X-WebKit-CSP-Report-Only
X-Rid
X-Nginx-Upstream-Cache-Status
TP-L2-Cache
Access-Control-Allow-Method
TP-Cache
X-Mobile-URL
X-Aspnet-Duration-Ms
X-LB-Cache
X-Request-Guid
X-Flags
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-Whom
X-TT
X-App-Environment
Viewport
X-Varnish-Grace
X-Seen-By
X-Tb
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Type
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Storage-Class
X-FW-Server
X-FW-Dynamic
X-Distributor
X-FW-Serve
X-FW-Type
Node
X-FW-Static
X-FW-Hash
Payment
X-Server-ID
Paypal-Debug-Id
DC
X-User-Agent
X-App-Server
Fastcgi-Useragent
Country
X-Wix-Request-Id
Accept-Charset
X-Cdn
X-Cache-Control
X-NGENIX-Cache
X-DataDome
X-Cache-Rule
X-Origin-Upstream-Status
X-Litespeed-Cache
X-Fastcgi-Cache
X-Ratelimit-Reset
Version
X-Via-JSL
X-Request-Handler-Origin-Region
X-Logged-In
X-Microsite
X-Drupal-Cache-Tags
Referer-Policy
X-Fastly-Request-ID
X-Tec-Api-Version
X-Webkit-Csp
X-Tec-Api-Root
X-Tec-Api-Origin
X-Cluster-Name
X-Cache-Age
X-Webkit-CSP
X-Signature
X-B-Cache
X-Browser-Type
Refresh
X-Contextid
X-Erf-Bev-Bev
Cache-Status
X-Erf-Bev-Bev-Is-Generated
X-Buckets
X-Load-Cache
X-Varnish-Backend
X-Response-Served-From
X-Node-Name
X-Original-Request-Id
SD-X-WS
X-Mobile
X-Page-View
X-Rendered-As
X-Real-IP
X-Vgn-Hpd-Reason
X-Cache-Expired-At
X-Is-Bot
X-Cacheable-TTL
X-Proxy-Cache-Status
X-Jobs
Access-Control-Request-Headers
X-Debug
X-B
NGB
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-IPLB-Instance
X-Proxy
X-ProcessESI
X-Device-Type
X-Revision
X-UUID
X-Rule
X-RemovedCookies
X-Cache-Action
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Drupal-Cache-Contexts
X-Instance
Akamai-GRN
Surrogate-Key
X-Cache-Time
X-Debug-IsConnected
X-Framework
X-Debug-IsPreview
X-G
Amp-Access-Control-Allow-Source-Origin
X-FW-Version
CF-IPCountry
SID
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-PressLabs-Stats
DynaTrace
X-Oracle-Dms-Rid
X-Azure-Ref
X-Oracle-Dms-Ecid
X-Accel-Buffering
X-Nginx-Cache
Liferay-Portal
X-Source
X-Ratelimit-Remaining
X-Ms-Version
GEO-INFO
X-Ms-Request-Id
X-TEC-API-VERSION
X-Oneagent-Js-Injection
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Count-Hit
X-Cache-Operation
Uber-Trace-Id
MS-CV
Ms-Operation-Id
X-Presslabs-Stats
Frame-Options
X-RTag
Healthy
X-Cache-NGX
X-Zen-Fury
X-EdgeConnect-Cache-Status
X-XRDS-Location
X-Cache-Hit
X-CDN-Forward
Countrycode
Protected
X-APP-VERSION
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Backend-Name
X-Mode
X-L-Path
X-Tumblr-Pixel
Xserver
X-Tumblr-User
X-Varnish-Server
X-Environment-Context
Ec-Rule-Version
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Cache-TTL-Remaining
X-Region
X-Forwarded-Host
X-Servername
Backend
X-Detected-As
X-RateLimit-Limit
X-UPSTREAM-Address
X-Hyper-Cache
Meta-Geo
X-Tid
X-Adobe-Content
X-RN-RSRV
X-Rewrite-Enabled
X-SaId
X-Adobe-Loc
X-JoinUs
Section-Io-Cache
X-Zipkin-Id
Country-Code
X-Routing-Service
X-Redis-Cache
X-Alternate-Cache-Key
X-Proxied
X-Cache-Server
X-Content-Age
X-Extlb
X-Debug-Cache
X-Hosted-By
X-Uri
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Sql-Count
Eomportal-Instance
X-Sql-Duration-Ms
X-Cache-Grace
X-Shopify-Stage
X-Generation-Time
X-ShardId
X-Content-Powered-By
X-ShopId
Decoy-Debug-TTL
Url
Apigw-Requestid
Decoy-Debug-Key
Decoy-Debug-Status
Mn-Server-Ip
X-PHP-Backend
X-Via-Fastly
X-Status
LB
X-FB-TRIP-ID
X-NCache
X-No-Session
X-Origin-Date
X-Human
X-Varnish-Beresp-Grace
X-Site-Version
X-ServerID
Cache-Name
Cache-Tv-Group
X-ProxyCache-Status
Property-Id
X-ProxyCache-Key
Selected-Fe
Fastly-SSL
X-Origin-Hint
X-Timing-Wait
X-Server-W
X-UA-Device-Type
TWC-Device-Class
X-Cache-Type
X-Microcachable
X-Proxy-Build
Webcakes-Region
X-Akamai-Edgescape
X-BYPASS-REASON
X-Cache-Host
X-Format
Webcakes-App-Name
TWC-GeoIP-Country
X-ApacheServer
X-NYM-Debug-Backend
TWC-GeoIP-LatLong
TWC-Locale-Group
X-PERF
TWC-Privacy
TWC-Connection-Speed
Webcakes-App-Version
Content-Disposition
X-Varnishpool
X-Web-Node
X-Access
X-OCL
X-Storage
X-R9-Blue-Green-Version
X-Hl-Ver
X-Trace-Id
X-NewRelic-App-Data
X-Pubstack
X-PCL
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-EdgeStorageId
CDN-CachedAt
X-Say-TTL
X-SayCDN-TTL
X-Section
CDN-Cache
X-Cluster-Node
X-Say-Cacheable
Azure-InstanceId
X-Soup
X-Be
Azure-Version
Azure-SiteName
Azure-RegionName
X-Generated-By
X-Azure-Ref-OriginShield
Azure-SlotName
Content-Secure-Policy
DB-Nickname
X-TIME
X-Ua
X-LSADC-Cache
WPO-Cache-Status
WPO-Cache-Message
OT-Force-Account-Verify
X-Nginx-Cache-Key
Retry-After
X-Dc
X-Cached-By
X-TT-LOGID
X-Bc-Bl
SRV
Source
Cache
X-SRV
X-Unique-Id
X-Auto-Login
X-App-Version
X-Platform-Server
X-Cache-Remote
X-LAGOON
X-Xfnlog-Site
HostName
Cache-Hits
X-Akamai-Transformed
X-Varnish-Hits
X-Origin-TTL
X-Cache-Tags
X-Loop
X-Varnish-Hostname
X-TNCMS
X-HTML-Minification-Powered-By
X-GEO
X-Origin-CC
Mime-Version
Onion-Location
X-CSRF-Token
ServedBy
X-S-Maxage
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Amz-Meta-S3cmd-Attrs
From-Origin
X-Request-Time
Xet-Cookie
X-Tumblr-Pixel-2
Webserver
Web-Mar-Node
X-Tumblr-Pixel-3
X-AOL-HN
X-Time
X-Proto
X-Request-Host
X-EC-Lua
WP-Super-Cache
N-Cache
X-B3-SpanId
X-Endurance-Cache-Level
X-Tenant
X-NWS-UUID-VERIFY
X-VWS-Id
X-ECache
X-AWS-Id
X-LJ-Flow-ID
X-Cache-Enabled
X-FireWall-Port
AMP-Access-Control-Allow-Source-Origin
X-Time-Microsecs
X-GG-Cache-Date
X-Handled-By
X-Origin-Response-Time
X-Edge-Location
X-Cache-Var
X-Cache-Var-Map
X-Hnp-Log
X-Vtex-Processado-Em
X-Gen-Mode
X-Ig-Push-State
X-ND-Cache
X-Vtex-Remote-Cache
X-Conf
X-Aicache-OS
X-Aed
Pramga
X-Application
X-ARC
Odigeo-Trace-Id
X-Block-Status
X-B-Cookie
Redirect-Candidate
Rendered-Blocks
Surrogated-Key
X-A-Ccd
X-A
X-A-Dam
Sslversion
X-A-Wwc
X-A-Dgt
X-A-Dcw
Mobile-Detection-Method
Meta-Geo-Continent
X-Destination
DCR-Decision-By
DCR-Processing-Time-Ms
X-Developer
BehaviorPad-Version
X-Forwarded-Path
X-External-Request-Id
A
X-D
Expiry
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-NE
X-Ckpd-Fst-Backend
X-Cluster
Fastcgi-X-Cache-Version
X-Connection-Hash
X-Ftr-Request-Id
X-NAPM-TraceId
X-Via-NSCOPI
X-Shop-Environment
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Rojux
X-Vdms-Version
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-VG-WebCache
X-TIM-N
X-Correlation-ID
X-V-Cache
X-Processor
Xc-Version
X-SRCache-Key
X-S
X-Vdms-Path
Nel
User-Cache-Control
X-Orig-Expires
X-SD-PageType
X-S-Cookie
X-Session-Fingerprint
X-ScT
X-Mg-Request-UUID
X-Slack-Backend
X-Amz-Apigw-Id
X-Amzn-RequestId
X-MP-GENERATED-AT
X-Reqid
X-Adobe-Source
CloudFront-Viewer-Country
X-Magnolia-Registration
X-Labrador-Cache-Channel
X-PHP-Host
AKAMAI
Cmsid
X-Scheme
Cmstype
X-Sucuri-ID
X-Date
X-SVT-ORM-RULES
X-Server-IP
Arc-Country
X-Cache-Date
X-SVT-ORM-VERSION
CDCHOST
X-Backend-TTL
CacheControlHeader
DSUID
Fastcgi-Cache-TTL
Host-ID
X-Cache-Bucket
Origin
X-Sucuri-Cache
X-Gdpr
X-LI-UUID
X-Cdn-Srv
X-Li-Pop
X-Li-Fabric
Wxu-Next-Hostname
Wxu-Next-Commit
X-Location
X-Webstats-RespID
X-Old-Content-Length
X-Nyt-Route
V-Age
Vix-Hermes-Req-Id
X-Men
X-Mvc-Supplant-Cachable
X-Fastly-Cache
Wxu-Next-Region
X-Proxy-Upstream
Gh-Request-Id
X-RCS-CacheZone
X-Forwarded-Site
X-Accel-Expires-Debug
X-Epic-Correlation-Id
X-Policy
X-Origin-Time
X-Origin-Expires
X-Hash
State
X-Geo-Header
Environment
X-Cache-Debug
X-Skip-Cache
X-TrackingId
X-VarnishDD-TTL
Web-Mar-Region
We-Hiring
X-Varnish-Beresp-Status
X-TH-Server
X-Sn-Servicetimems
X-Backend-State
X-Storefront-Renderer-Rendered
X-Branch-Name
X-Developers
X-GeoIP
X-GeoIP-City
X-Gzip
X-Generated-On
X-Platform
X-Req
X-Region-Sid
X-Gamma-Serve
X-HN
X-HS-Content-Campaign-Id
X-Origin
X-Rocket-Nginx-Serving-Static
X-NodeID
X-Locale
X-Level-Front-Cache
X-Irp-Debug
X-Viewer-Country
X-Fetched-On
X-Cache-Info
X-Served-From
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Csrf-Jwt
X-Core-Value
X-CGP
X-Core-Mission
X-Datadog-Trace-Id
X-VServer
X-Eu-Site
X-Request-Start
X-Fastly-Backend
X-Request-URI
X-Esi-Check
X-Device-Os
X-Envoy-Decorator-Operation
X-Cdn-Origin
X-Cache-Id
Origin-CC
Mail-Subject
Origin-EX
PFcat
Release
Machine
L5d-Success-Class
Server-Info
Fastly-Drupal-Html
Ha-Gx-Prefs
HA-Ipaddr
L
Server-Host
Locid
Svr
Traceparent
True-Client-Country-4JS
Ssr
X-CACHE-KEY
S-Rt
X-Qnm-Cache
X-Response-By
X-DefElseHash
Cf-Device-Type
X-DefHash
X-M-Reqid
Fastly-SIE
X-Thinkindot-L3
X-UnsetCookies
X-Rocket-Build-Number
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-M-Log
X-DPWN-IS-SECURE
X-NU-AKA-ACS-Version
X-FC-Vary-Parameters
X-Node-Id
X-JWT-State
X-Has-Esi
X-Is-Gdpr
X-Owner
Adler-Geo
Is-Eu
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Qloud-Router
X-VC-Cache
X-Pod-Name
X-Rebelmouse-Cache-Control
X-VG-TLSProxy
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Thinkindot-CacheControl
X-Sigma-Backend
Apple-News-Services-Handled
Thinkindot-CacheControl-Type
Fastly-GeoIP-CountryCode
TDXMobile
X-GeoIP-Region-Code
Platform
X-GeoIP-Country-Code
X-Amzn-Remapped-Content-Length
Req-Svc-Chain
X-BBC-Edge-Cache-Status
X-Worker
X-ATG-Version
X-Variation
Thinkindot-Control
X-Varnish-CookieHashed-On
X-Sigma
X-Varnish-CookieINHashed-On
NM-Fastcgi-Cache
Memcached
X-Varnish-Remaining-TTL
X-Xrds-Location
X-CS
X-Mvc-Supplant-OutputCached
X-Thanos
X-Bip
X-Loc
NGX
Magicmarker
X-Zone
X-Ua-Device
X-Http-Reason
X-Akamai-Request-ID2
X-Varnish-Beresp-Ttl
X-TraceId
X-CLOUD-TRACE-CONTEXT
X-LB-ID
X-Restarts
X-NC
X-Up
X-API-Version
X-Tx-Id
Kp-EeAlive
Pics-Label
CDN
X-Datadome
X-Cache-Config
X-DSS
X-DW
X-Wix-Viewer-Type
X-RPM
X-DI
X-DB
X-Trace-ID
Time
Ms-Author-Via
X-RPS
X-Action
X-Cache-Backend
X-RSL
Edge-Cache
X-Generated-In
Memory
X-Tb-Optimization-Total-Bytes-Saved
X-Optimistic-Header
X-Via-Popn
X-Edge-Pop
X-LB-NoCache
X-Via-Popv
X-Refresh
X-Via-Poph
Accept-Language
WebServer
Datacenter
X-Minions-Version
X-Varnish-Ttl
Env
GeoIp-Country-Code
NtCoent-Length
Candidate-Md5Url
X-CacheTTL
X-Tt-Logid
X-HA-Backend
X-DynaTrace-JS-Agent
X-Srv
On-Server
X-Vc
WWW-Authenticate
X-DC
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-ZONE
X-TX-ID
X-Varnish-Beresp-TTL
X-MSEdge-Flight
X-MSEdge-Features
Esi-Enabled
X-Esi
X-Parent-Response-Time
X-Servedbyhost
X-User
X-Dynatrace
Server-ID
X-Ec-GeoHdr
X-Unique-ID
X-Ec-Fail
X-Cs
X-Service
C-Via
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Li-Proto
X-Cache-PHP
X-App
Cdnsip
X-AK-Request-ID
Cdncip
X-FPC
X-Cache-Ttl
X-VCL-Version
X-URL
X-WADP-Cache
Cluster
My-App
X-Cache-Status-Check
X-Fmm-Version
X-Clara-WADP
Test
X-Fpc
X-LI-Proto
Geoip-Latitude
X-Vcl-Version
X-Render-Time
X-Webkit-Csp-Report-Only
X-LiteSpeed-Cache-Control
X-Traceid
X-CUA
Tracecode
Geo-Info
X-Var-Ttl
X-B3-Spanid
X-Webkit-CSP-Report-Only
X-NODE
Proxy-Connection
X-Pass-Why
DataCenter
T-Server
Lfy
X-From
Server-Id
Cf-Int-Pingora-Origin-Digest
Tcn
X-Mcache
Fastly-Drupal-HTML
X-Fragments
Resin-Trace
Lang
M-TraceId
X-VC
X-LiteSpeed-Tag
X-Clientip
X-ServedByHost
Target-Params
X-AIR-PT
X-Info
X-CSRF-TOKEN
X-Ha-Backend
X-Oss-Storage-Class
X-Oss-Request-Id
X-WP-CF-Super-Cache-Cache-Control
X-Oss-Hash-Crc64ecma
X-WP-CF-Super-Cache
X-Geo
UCS
HIT
X-Oss-Object-Type
X-Oss-Server-Time
X-ID
Cache-Host
MIME-Version
Hostname
X-RAMCache
GeoIP-Country-Code
Hit
S-Cnection
RATING
X-Cdn-Forward
X-Pad
X-Provided-By
X-Dynatrace-Js-Agent
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
X-Via-PopH
X-Edge-POP
X-HostName
X-Via-PopN
X-Via-PopV
Section-Io-Id
Ohc-File-Size
X-Httpd
Permissions-Policy
X-Proxy-Cache-Info
ENV
X-NGINX-Cache
X-HS-Status
X-Micro-Cache
X-Check-Cacheable
Fastly-Backend-Name
X-Api-Version
Producers
X-Edge-Cache
X-ElasticPress-Query
User-Agent
WZWS-RAY
Load-Balancing
Servername
X-BBC-Origin-Response-Status
X-Backend-Host
X-Ucs
X-Fastly-Backend-Reqs
X-SB
ServerName
X-Lb-Nocache
X-Cache-CFC
X-Release
X-ServerName
X-Udemy-Cache-App-Namespace
URI
X-GoCache-CacheStatus
PICS-Label
FSS-Cache
X-APP
X-Acquia-Purge-Tags
X-Acquia-Site
Uri
X-Pool
Wpo-Cache-Message
Wpo-Cache-Status
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-BCube-Filmed-By
X-UP
X-TRACE-ID
X-Lb-Id
X-Swift-Error
X-Platform-Router
X-Scale
X-Platform-Processor
X-Platform-Cluster
X-Fastly-Cache-Hits
X-RateLimit-Reset
Cdn
Ohc-Cache-HIT
EpKe-Alive
X-Ec-Custom-Error
Server-Ttl
X-Cdn-Request-ID
X-Nc
Cteonnt-Length
Cneonction
X-Dw-Trace-Id
X-Dispatcher-Number
X-IN-APIGATEWAY
X-SIPLIST1
X-IN-APIGATEWAYSSL
X-Cache-Expires
IsBot
X-Akamai-ERRuleID
X-Akamai-ERPolicy
MD5-Digest
Server-Ext
Sever-Int
Server-Hostname
X-B3-Parentspanid
X-Amz-Meta-Cb-Modifiedtime
Path
X-Apw-Access-Action
X-Apw-Access-Object
X-Vcache
VNS-Age
X-Contensis-Viewer-Groups
X-Cache-ASPX
Shield-Pop
X-Apw-Access-Token
X-Apw-Hits
CPC-Cache
CPC-Age
Cache-Key
Cf-Ipcountry
X-WA
X-Newrelic-App-Data
X-WA-Info
X-Snapshot-Date
VNS-Cache
CF-Cached-On
X-B3-ParentSpanId
X-Yottaa-OS
Vha6-Origin
Lb
X-Litespeed-Cache-Control
X-Air-Pt
Sid
X-Cache-Ngx
X-Http-Count
X-Http-Duration-Ms
Req-ID
X-Sentry-ID
X-Shopify-Generated-Cart-Token
X-ES-SERVER
CountryCode
X-Wikidot-Static-Cache
X-CacheKey
Ngx
X-Logging-Id
X-Last-Modified
X-UA
X-Akamai-Request-ID
X-Wikidot-Backend
X-Varnish-Authentication
X-Te-Duration-Ms
X-Akamai-Pragma-Client-IP
X-Te-Count