Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
P3p
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
X-Backend
X-Akamai-Path-Stats
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-Dns-Prefetch-Control
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
Nel
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Nginx-Cache-Status
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
X-Pingback
Surrogate-Control
Request-Id
Cf-Edge-Cache
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
Rating
X-Trace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Url
Accept-Ch
X-Country
Accept-Ch-Lifetime
Fastly-Restarts
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
RTSS
Edge-Control
X-VARITI-CCR
X-Server-Name
X-ESI
X-Amz-Server-Side-Encryption
X-Varnish-TTL
X-B3-TraceId
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Amz-Rid
X-Px
Public-Key-Pins
X-Cnection
X-FastCGI-Cache
X-Edge
X-D2id
X-Ac
X-Ser
X-Navigation-Version
X-Element-Page-Cache
Verso
X-Abt-Application-Version
X-Client-IP
Pagespeed
X-Middleton-Display
Display
X-Sol
X-RateLimit-Remaining
X-Powered-By-Plesk
X-Version
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
Response
X-Middleton-Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
SPIisLatency
SPRequestDuration
X-Correlation-Id
X-Ttl
X-Cached
X-Kinsta-Cache
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
AR-CACHE
X-Edge-Location-Klb
SPRequestGuid
X-SharePointHealthScore
X-TTL
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Upstream
X-LLID
Edge-Cache-Tag
X-NWS-LOG-UUID
X-Forwarded-For
Content-MD5
X-Litespeed-Cache
Nginx-Cache
X-RateLimit-Limit
X-Ruxit-Js-Agent
X-Id
X-Cache-Key
X-MSEdge-Ref
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
X-T
X-Recruiting
X-ECACHE
S
X-B3-TraceId-Primal
TCN
X-Daa-Tunnel
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Digest
X-WebKit-CSP-Report-Only
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-DataDome
X-Ua-Device
X-Accel-Expires
X-Protected-By
X-Grace
X-Ezoic-Cdn
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
X-HS-Combine-CSS
X-HS-Cache-Config
X-Content
X-Frontend
X-Ab
MS-Author-Via
MicrosoftSharePointTeamServices
X-Request-Received
X-DynaTrace
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
X-Yandex-Sdch-Disable
Server-Node
Front-End-Https
Filters
X-PressLabs-Stats
X-Origin-Server
X-Distributor
X-Server-ID
Fastcgi-Cache
X-Geo-Country
X-ORACLE-DMS-ECID
X-Mid
X-Hits
X-ORACLE-DMS-RID
X-Tt-Trace-Tag
X-LB-Cache
X-Microsite
X-Tt-Trace-Host
X-Request-Handler-Origin-Region
X-Amzn-Trace-Id
Charset
Cleartype
Host
X-Webkit-Csp
X-B3-Sampled
X-Fastly-Request-Id
X-Ratelimit-Reset
X-Debug-Info
X-Page-Id
X-Git-Hash
X-F-Cache
X-Forwarded-Proto
X-Cache-Age
X-DIS-Request-ID
Cross-Origin-Opener-Policy
Realpath
X-Mcache
X-Seen-By
Cache-Status
X-Www-Served-By
Access-Control-Allow-Method
X-AppVersion
X-Az
X-Activity-Id
ServerID
X-Webkit-CSP
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Accept-Charset
Filterid
X-Varnish-Age
Cache-Tags
X-Nginx-Upstream-Cache-Status
X-Cluster-Name
X-Aspnetmvc-Version
X-Content-Options
X-Rid
X-Type
Retry-After
X-FB-Debug
X-App-Environment
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-Language
X-Kong-Proxy-Latency
Server-Name
Viewport
X-Tb
Country
X-User-Agent
X-Varnish-Backend
X-Drupal-Cache-Tags
X-Varnish-Grace
Node
Paypal-Debug-Id
DC
X-Upgrade-Enabled
X-Whom
X-Wix-Request-Id
X-TT
X-Origin-Cache
Permissions-Policy
X-Signature
X-Oracle-Dms-Ecid
X-B-Cache
X-Oracle-Dms-Rid
X-GUploader-UploadID
X-Request-Guid
X-Providence-Cookie
X-Route-Name
X-VCache
X-B
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Mobile-URL
X-Goog-Generation
X-Flags
X-MCACHE
X-NWS-UUID-VERIFY
X-Debug
Protected
X-Oneagent-Js-Injection
Fastcgi-Useragent
X-Amz-Replication-Status
X-Amz-Meta-S3cmd-Attrs
X-N
X-Cache-NGX
X-Logged-In
Payment
X-Load-Cache
WPO-Cache-Status
X-Via-JSL
Surrogate-Key
WPO-Cache-Message
X-Cache-Control
X-Contextid
Count-Hit
X-Node-Name
Healthy
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Amp-Access-Control-Allow-Source-Origin
X-FW-Static
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Mobile
X-Template
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
Akamai-GRN
Refresh
Content-Disposition
X-Proxy
X-Midtier
X-NGENIX-Cache
Alternate-Protocol
X-Restarts
X-Revision
Url
X-Cache-Time
X-XRDS-Location
X-G
X-Jobs
X-Zen-Fury
Uber-Trace-Id
X-Akamai-Request-ID2
X-Real-IP
X-Framework
X-Adobe-Loc
X-Proxy-Cache-Status
X-Cache-TTL-Remaining
X-Servername
NGB
VIX-Pulpo-Node
X-Adobe-Content
X-Cacheable-TTL
X-Debug-IsConnected
X-Debug-IsPreview
X-Device-Type
X-Is-Bot
X-Drupal-Cache-Contexts
X-UUID
VIX-Pulpo-Upstream-Status
X-Rendered-As
X-Trace-Id
X-Page-View
X-Http-Reason
X-Instance
X-Hostname
X-Cache-Grace
X-Mg-Request-UUID
Access-Control-Request-Headers
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Server
X-IPLB-Instance
Version
X-L-Path
X-Environment-Context
X-Source
X-EdgeConnect-Cache-Status
X-ECache
X-HTML-Minification-Powered-By
X-B3-Traceid
Accept-Language
Countrycode
MS-CV
Ms-Operation-Id
X-RTag
Frame-Options
X-Fastly-Request-ID
From-Origin
X-Datadome
X-Cache-Hit
X-Cache-Expired-At
X-NYM-Debug-Backend
Liferay-Portal
Referer-Policy
X-Fastcgi-Cache
X-Vgn-Hpd-Reason
X-App-Server
X-Ratelimit-Remaining
X-Cache-Rule
Cross-Origin-Window-Policy
X-Tumblr-User
X-Tumblr-Pixel
Backend
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-FW-Version
X-IPS-LoggedIn
X-Nginx-Cache
X-COUNTRY
Content-Secure-Policy
X-Hosted-By
X-Unique-Id
X-Cache-Server
X-UPSTREAM-Address
Meta-Geo
X-RN-RSRV
X-No-Session
X-Cache-Enabled
X-FB-TRIP-ID
X-Ua
Upgrade-Insecure-Requests
X-OCL
Section-Io-Cache
X-Redis-Cache
X-Generation-Time
X-PCL
X-Format
X-Section
TWC-GeoIP-Country
X-Akamai-Edgescape
X-Access
X-PHP-Backend
X-RemovedCookies
X-Region
Webcakes-App-Version
Webcakes-App-Name
X-Origin-Hint
Apigw-Requestid
X-Content-Age
X-Origin-Date
Webcakes-Region
X-Uri
S-Rt
Property-Id
X-Server-W
WP-Super-Cache
TWC-Locale-Group
X-Be
X-Via-Fastly
Mn-Server-Ip
X-Cluster-Node
TWC-GeoIP-LatLong
X-ProcessESI
TWC-Connection-Speed
TWC-Device-Class
X-UA-Device-Type
TWC-Privacy
X-Mode
CF-IPCountry
Azure-RegionName
Eomportal-Instance
X-Request-Time
Azure-SiteName
X-Say-Cacheable
X-Site-Version
Azure-SlotName
X-SayCDN-TTL
X-Say-TTL
Azure-InstanceId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Locale
X-Forwarded-Host
X-Shopify-Stage
X-ShopId
X-Status
X-PERF
X-Nginx-Cache-Key
X-ShardId
X-Debug-Cache
X-Storage
X-ApacheServer
X-Xfnlog-Site
X-Generated-By
Fastly-SSL
X-AOL-HN
Locale
X-Parallel-Accel
X-Sql-Count
X-Varnish-Cache-Hits
X-Cache-Host
X-Content-Powered-By
Azure-Version
X-Sql-Duration-Ms
X-Urbn-Context-Path
X-Labrador-Cache-Channel
X-PHP-Host
X-Urbn-Site-Id
X-Extlb
X-Detected-As
X-VC-Cache
X-BYPASS-REASON
X-APP-VERSION
X-NewRelic-App-Data
X-ProxyCache-Status
X-Web-Node
X-Varnishpool
X-AWS-Id
X-Zipkin-Id
X-Adobe-Source
X-Platform-Server
X-Cms-Context
X-Cache-Tags
X-LJ-Flow-ID
X-VWS-Id
X-Proxied
X-JoinUs
X-Human
X-ProxyCache-Key
X-Routing-Service
X-Tid
X-ServerID
X-SaId
X-Hl-Ver
X-Backend-Name
Cache-Tv-Group
X-Handled-By
Ec-Rule-Version
X-Cache-Action
CDN-PullZone
X-Proxy-Build
CDN-RequestId
CDN-Cache
CDN-EdgeStorageId
CDN-Uid
Load-Balancing
CDN-CachedAt
CDN-RequestCountryCode
Selected-Fe
X-Timing-Wait
X-Edge-Location
ServedBy
X-Cache-Type
X-Dc
X-Storefront-Renderer-Rendered
X-GG-Cache-Date
X-App-Version
X-CDN-Forward
SRV
X-Proto
Web-Mar-Node
X-GeoCode
X-TT-LOGID
X-GeoCountry
X-LSADC-Cache
Fastly-Drupal-Html
X-Ratelimit-Limit
Webserver
Onion-Location
X-Hyper-Cache
X-Rule
X-Cached-By
X-Cache-Remote
X-Cache-Operation
X-Varnish-Hostname
Mime-Version
SID
Cache-Hits
X-Rewrite-Enabled
X-GEO
X-Cluster
X-Cdn
Xet-Cookie
X-Soup
Xserver
X-Pubstack
X-Accel-Buffering
X-Varnish-Ttl
X-Magnolia-Registration
X-Varnish-Hits
X-Origin-CC
X-Origin-TTL
X-SRV
LB
X-Air-Trace-Id
X-Reqid
X-IPLB-Request-ID
X-Envoy-Decorator-Operation
X-Air-Hostname
X-Air-Source
Country-Code
X-Microcachable
Server-Info
X-TA-CDN-Provider
X-Tumblr-Pixel-3
X-Buckets
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-CSRF-Token
Cache
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
DB-Nickname
X-Request-Host
Source
X-Newrelic-Synthetics
X-Time
X-B3-SpanId
X-Ms-Request-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Ms-Version
X-Endurance-Cache-Level
X-Origin-Response-Time
DCR-Processing-Time-Ms
Cmstype
Cmsid
Expiry
Fastcgi-X-Cache-Version
Cdncip
Cdnsip
X-D
X-Cache-Id
X-AK-Request-ID
X-Aed
X-A-Wwc
Rendered-Blocks
Pramga
X-ARC
X-Application
X-A-Dgt
X-A-Dcw
Surrogated-Key
Sslversion
T-Server
X-A
X-A-Dam
X-A-Ccd
Odigeo-Trace-Id
X-Via-NSCOPI
X-Connection-Hash
X-Conf
Meta-Geo-Continent
MD5-Digest
BehaviorPad-Version
Lang
X-CF-Lambda-Version
A
X-Cache-NE
X-B-Cookie
X-Cdn-Srv
X-CF-Lambda-Fn
Mobile-Detection-Method
NM-Fastcgi-Cache
Host-ID
X-Geo-Header
X-Gzip
X-Hash
X-HS-Content-Campaign-Id
X-Tt-Logid
X-SD-PageType
DCR-Decision-By
X-Shop-Environment
X-Session-Fingerprint
X-ScT
X-Ig-Push-State
X-Destination
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-NAPM-TraceId
X-Processor
X-S-Cookie
X-S
X-Rojux
X-SRCache-Key
X-Tenant
X-Ec-GeoHdr
X-VG-WebCache
X-Vdms-Version
X-Ec-Fail
X-Vtex-Processado-Em
X-Developer
Xc-Version
X-Vtex-Remote-Cache
X-Esi-Check
X-External-Request-Id
X-Ftr-Request-Id
X-TIM-N
X-Forwarded-Path
X-TrackingId
X-Vdms-Path
X-User
X-Orig-Expires
X-Skip-Cache
X-Bc-Bl
X-NCache
X-RCS-CacheZone
X-Varnish-CookieHashed-On
X-Variation
Memcached
X-Varnish-CookieINHashed-On
X-V-Cache
Mail-Subject
X-Fastly-Cache
X-Core-Mission
Platform
X-Core-Value
X-Fmm-Version
X-Fetched-On
Machine
X-Varnish-Remaining-TTL
Environment
X-Device-Os
X-WADP-Cache
X-Worker
X-Developers
X-DPWN-IS-SECURE
X-Via-Ucdn
X-DefElseHash
Is-Eu
X-Epic-Correlation-Id
Fastly-GeoIP-CountryCode
X-DefHash
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Cache-Bucket
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Cache-Info
X-SB
X-Node-Id
X-Cache-Backend
X-Origin-Expires
X-Origin
X-Amzn-Remapped-Content-Length
X-Origin-Time
X-NodeID
X-Scheme
X-CacheTTL
State
X-Clara-WADP
X-Gdpr
Server-Host
X-Nyt-Route
X-Ckpd-Fst-Backend
We-Hiring
X-GeoIP
X-Server-IP
Wxu-Next-Hostname
Wxu-Next-Commit
Producers
Wxu-Next-Region
X-CACHE-KEY
X-Azure-Ref
AKAMAI
Adler-Geo
Cache-Name
HostName
X-Varnish-Beresp-Grace
Kp-EeAlive
X-Cdn-Origin
X-Served-From
X-Wikidot-Static-Cache
X-Cache-Date
X-Wikidot-Backend
DynaTrace
X-Rocket-Nginx-Serving-Static
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Rocket-Build-Number
X-CGP
X-Viewer-Country
X-Sigma
X-HN
X-Sn-Servicetimems
X-Auto-Login
X-Aicache-OS
X-VarnishDD-TTL
X-Thinkindot-L3
X-Slack-Backend
X-SIPLIST1
X-Branch-Name
X-Sigma-Backend
X-Block-Status
X-Rebelmouse-Cache-Control
X-BBC-Edge-Cache-Status
X-VG-TLSProxy
X-Datadog-Parent-Id
X-Minions-Version
X-Gamma-Serve
X-Forwarded-Site
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Eu-Site
X-Gen-Mode
X-Generated-On
X-Httpd
X-Hnp-Log
X-LAGOON
X-Level-Front-Cache
X-R9-Blue-Green-Version
X-GeoIP-City
X-Planisys-CDN-TTL
X-Platform
X-RateLimit-Limit-Second
X-Qloud-Router
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-RateLimit-Remaining-Second
Web-Mar-Region
Datacenter
X-Proxy-Upstream
X-Policy
X-Pod-Name
X-Dispatcher-Number
X-Proxy-Cache-Info
X-Tx-Id
X-Csrf-Jwt
X-Cache-Status-Check
Origin-EX
PFcat
N-Cache
Apple-News-Services-Handled
Apple-News-Services-Host
X-BCube-Filmed-By
Redirect-Candidate
Cache-Key
Req-Svc-Chain
Candidate-Md5Url
Release
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CDCHOST
Fastly-SIE
Fastcgi-Cache-TTL
CloudFront-Viewer-Country
Cluster
Fastly-SWR
Gh-Request-Id
L5d-Success-Class
IsBot
HA-Ipaddr
Ha-Gx-Prefs
X-Wix-Viewer-Type
Origin-CC
Thinkindot-CacheControl
X-Has-Esi
Traceparent
V-Age
X-Is-Gdpr
Thinkindot-Control
Thinkindot-CacheControl-Type
User-Cache-Control
X-JWT-State
TDXMobile
Vix-Hermes-Req-Id
X-TNCMS
X-Loop
Svr
CDN
CPC-Cache
CPC-Age
Sever-Int
X-SplitTest
L
X-Pool
VNS-Cache
Ssr
X-Owner
XM
VNS-Age
X-Optimistic-Header
X-Scale
NGX
GEO-INFO
Server-Ext
X-VServer
DSUID
X-Loc
X-Ad-Defer-Variation
Origin
Ohc-File-Size
Server-Hostname
X-Ec-Custom-Error
X-Xrds-Location
X-CS
X-VC
Fastly-Backend-Name
X-Refresh
X-From
X-WP-CF-Super-Cache-Cache-Control
Pics-Label
X-Parent-Response-Time
X-WP-CF-Super-Cache
X-WA-Info
X-Webstats-RespID
X-AIR-PT
X-ZONE
AMP-Access-Control-Allow-Source-Origin
X-Location
X-Micro-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-EC-Lua
Locid
X-LB-NoCache
X-Contensis-Viewer-Groups
X-Ah-Environment
X-NC
X-Cache-ASPX
X-Edge-Pop
Ms-Author-Via
X-Mvc-Supplant-OutputCached
X-Men
X-Srv
X-Varnish-Authentication
Env
Path
X-Response-By
X-Udemy-Cache-App-Namespace
Servername
Arc-Country
X-Via-Popn
X-Servedbyhost
X-Via-Poph
X-Via-Popv
X-Amz-Meta-Cb-Modifiedtime
Ngx.Var.Host
X-Generated-In
X-Old-Content-Length
X-TraceId
X-Tec-Api-Version
X-Tec-Api-Origin
Lb
X-Tec-Api-Root
X-TIME
Cache-Host
X-RPM
X-DB
X-DW
X-DI
X-HA-Backend
X-DSS
Time
X-RPS
X-Varnish-Beresp-TTL
Memory
X-RSL
XkeyRZ
X-Proxy-CacheRZ
Ohc-Cache-HIT
ITXSESSIONID
X-Accel-Expires-Debug
X-Date
X-API-Version
X-S-Maxage
X-Akamai-Transformed
GeoIp-Country-Code
X-RateLimit-Reset
X-Clientip
True-Client-IP
X-GeoIP-Region-Code
Client
X-GeoIP-Country-Code
FSS-Cache
X-VCL-Version
X-Api-Version
X-Cache-Debug
X-Vc
X-Zone
Geoip-Latitude
X-VHOST
X-Cs
Server-ID
X-DC
X-Trace-ID
Fusion-Source
X-URL
Tcn
X-TX-ID
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Deployment-Id
X-Correlation-ID
X-FireWall-Port
X-Dmc
X-Fpc
X-Presslabs-Stats
Hostname
CacheControlHeader
X-CLOUD-TRACE-CONTEXT
True-Client-Country-4JS
X-Render-Time
NtCoent-Length
X-Action
X-TH-Server
Powered-By
X-MSEdge-Flight
X-Backend-TTL
X-MSEdge-Features
X-Traceid
X-Webkit-Csp-Report-Only
X-INCAP-ABP
X-DynaTrace-JS-Agent
X-Gateway-Cache-Key
X-B3-Spanid
Rip
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-PX
X-Service
C-Via
X-Gateway-Cache-Status
X-M-Reqid
X-Req
X-M-Log
Tube-Got-Results
Tube-Got-Eval
Edge-Cache
Tube-Get-Contents
Esi-Enabled
HIT
Geo-Info
X-Qnm-Cache
Tube-Return
Test
Click-Count-Action-Start
Click-Count-Error
X-FPC
X-Pass-Why
X-TRACE-ID
X-NGINX-Cache
X-Cdn-Request-ID
X-Vcl-Version
X-CSRF-TOKEN
On-Server
My-App
X-Akamai-Pragma-Client-IP
X-Origin-Upstream-Status
X-Beluga-Status
Server-Id
X-Webkit-CSP-Report-Only
X-Beluga-Response-Time
X-Beluga-Trace
User-Agent
Uri
X-Beluga-Record
X-Beluga-Cache-Status
X-HS-Status
X-Beluga-Node
X-Check-Cacheable
X-Provided-By
X-Up
X-Proxy-Cache-Hk
X-Alfa-Service
Cf-Int-Pingora-Origin-Digest
OT-Force-Account-Verify
X-APP
Srvid
X-Edge-Origin-Shield-Bytes
Proxy-Connection
GeoIP-Country-Code
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Ha-Backend
Resin-Trace
GeoIP-Latitude
X-LB-ID
WebServer
X-Varnish-Beresp-Ttl
Cdn
X-Edge-Origin-Shield-Region
Sid
X-ServedByHost
X-Geo
ENV
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Epwk-X-Cache
X-CCDN-CacheTTL
M-TraceId
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-LI-UUID
X-RAMCache
Srv
X-UnsetCookies
MIME-Version
DataCenter
X-Cdn-Forward
X-Fetch-By
X-ND-Cache
X-LiteSpeed-Cache-Control
WZWS-RAY
X-Backend-Host
X-Time-Microsecs
Warning
X-Esi
X-Dw-Trace-Id
XServer
X-Serial
X-Fastly-Backend-Reqs
X-Newrelic-App-Data
X-App
X-Edge-POP
ServerName
X-Lb-Nocache
Server-Ttl
Cf-Device-Type
X-B3-Traceid-Primal
X-CUA
Fastly-Drupal-HTML
X-MG-S
Dt-Hot-News
X-HostName
CF-Cached-On
X-Fragments
X-Bip
X-Thanos
X-Akamai-Request-ID
X-ATG-Version
X-Azure-Ref-OriginShield
X-Platform-Processor
X-Platform-Router
X-ElasticPress-Query
X-Platform-Cluster
PICS-Label
X-HITS
X-CF-Powered-By
DT-Hot-News
Target-Params
X-Request-Url
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
X-Nc
Section-Io-Origin-Time-Seconds
X-Yottaa-OS
Tracecode
X-Iplb-Request-Id
X-LiteSpeed-Tag
X-Vcache
Inserted-Into-Cache-At
X-Sucuri-Cache
X-Sucuri-ID
X-Iplb-Instance
X-Var-Ttl
X-Request-Start
Cf-Ipcountry
X-IN-APIGATEWAYSSL
X-FC-Vary-Parameters
X-Fastly-Backend
Lfy
X-IN-APIGATEWAY
True-Client-Ip
X-Cc-Via
Vha6-Origin
D-Url-Rewrites
Cdn-Requestid
Cdn-Uid
Cdn-Pullzone
Cdn-Cachedat
Servedby
Cdn-Cache
Cdn-Requestcountrycode
Cdn-Edgestorageid
Wp-Super-Cache
X-Snapshot-Date
Ngx
CountryCode
Content-Script-Type
X-Th-Server
X-MiniProfiler-Ids
X-Varnish-Beresp-Status
X-Storefront-Renderer-Verified
Content-Style-Type
X-Back
X-Dist-Code
X-Request-URL
Cneonction
Fastcgi-Cache-Ttl
X-BBC-Origin-Response-Status
X-Release
X-NU-AKA-ACS-Version
X-Fastly-Cache-Hits
X-Vercel-Cache
X-Cache-Expires
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Vercel-Id