Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
P3p
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
X-Amz-Request-Id
Host-Header
X-Proxy-Cache
X-Akamai-Path-Stats
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Dns-Prefetch-Control
X-Server-Powered-By
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Device
X-Cache-Spec
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Server-Id
X-Pingback
X-CST
X-Aws-Lambda-Call-Status
Surrogate-Control
Request-Id
X-Backend-Server
Accept-CH
X-Akam-SW-Version
X-Readtime
Cf-Edge-Cache
X-Cache-Lookup
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
X-Url
Rating
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Trace
X-Country
Fastly-Restarts
X-MS-InvokeApp
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Rack-Cache
X-Vname
X-TtlSet
X-PC
Accept-Ch
X-Clacks-Overhead
X-Server-Name
Edge-Control
RTSS
X-Varnish-TTL
X-VARITI-CCR
X-ESI
X-B3-TraceId
Cache-Tag
X-Content-Type
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Dw-Request-Base-Id
X-Amz-Rid
Public-Key-Pins
X-Px
X-Cnection
X-Ac
X-D2id
X-Element-Page-Cache
X-Navigation-Version
Verso
X-RateLimit-Remaining
X-Edge
X-Abt-Application-Version
X-Client-IP
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Ser
X-Powered-By-Plesk
X-Cache-TTL
X-FastCGI-Cache
X-Version
Service-Worker-Allowed
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
X-Middleton-Response
Response
X-NF-Request-ID
X-Correlation-Id
Access-Control-Request-Method
X-Goog-Hash
X-TTL
SPRequestDuration
SPIisLatency
X-Kinsta-Cache
X-Ruxit-Js-Agent
X-Edge-Location-Klb
AR-SID
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Cached
X-Upstream
X-Webkit-Csp
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Powered-CMS
SPRequestGuid
X-Content-Security-Policy-Report-Only
X-SharePointHealthScore
X-LLID
X-NWS-LOG-UUID
X-Ttl
Edge-Cache-Tag
Nginx-Cache
X-RateLimit-Limit
X-Forwarded-For
X-Litespeed-Cache
Content-MD5
TCN
X-MSEdge-Ref
X-Id
X-Cache-Key
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
X-Daa-Tunnel
X-T
X-B3-TraceId-Primal
X-Recruiting
MS-Author-Via
S
X-Content-Digest
X-Mg-S
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ua-Device
X-ECACHE
MicrosoftSharePointTeamServices
X-Protected-By
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-SRCache-Fetch-Status
X-Accel-Expires
X-SRCache-Store-Status
X-Ezoic-Cdn
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Ua-Browser
X-Grace
X-Content
X-Ab
X-Request-Received
X-Request-Processing-Time
X-Frontend
Front-End-Https
X-Yandex-Sdch-Disable
Filters
Server-Node
X-PressLabs-Stats
X-DataDome
X-DynaTrace
X-Mid
X-ORACLE-DMS-ECID
TP-L2-Cache
TP-Cache
X-Server-ID
Fastcgi-Cache
X-ORACLE-DMS-RID
X-Origin-Server
X-Geo-Country
X-Distributor
X-Hits
X-WebKit-CSP-Report-Only
X-Ratelimit-Reset
X-Microsite
X-Request-Handler-Origin-Region
X-Amzn-Trace-Id
X-Debug-Info
Cleartype
X-MCACHE
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Page-Id
Host
Charset
X-Git-Hash
X-LB-Cache
X-F-Cache
X-DIS-Request-ID
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Forwarded-Proto
X-Www-Served-By
X-Cache-Age
ServerID
Access-Control-Allow-Method
X-Seen-By
Cache-Status
X-Activity-Id
X-AppVersion
X-Az
Realpath
X-Cluster-Name
X-Varnish-Age
Cache-Tags
Accept-Charset
X-XRDS-LOCATION
Filterid
X-Aspnetmvc-Version
X-Rid
X-Language
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Nginx-Upstream-Cache-Status
X-Type
Server-Name
X-Content-Options
X-App-Environment
Retry-After
X-Varnish-Grace
Country
X-Origin-Cache
X-Upgrade-Enabled
Viewport
X-Tb
Node
X-User-Agent
X-Whom
DC
Paypal-Debug-Id
X-Providence-Cookie
X-Route-Name
X-Wix-Request-Id
X-Signature
X-Is-Crawler
X-Request-Guid
X-Mobile-URL
X-NWS-UUID-VERIFY
X-Flags
X-Drupal-Cache-Tags
X-FB-Debug
X-B-Cache
X-Aspnet-Duration-Ms
X-Varnish-Backend
X-TT
X-VCache
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Oracle-Dms-Ecid
X-Fastly-Request-Id
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Oracle-Dms-Rid
Protected
Fastcgi-Useragent
X-B
X-N
X-Via-JSL
X-Amz-Replication-Status
X-Debug
X-Logged-In
X-Cache-NGX
Payment
X-Contextid
X-Fastly-Request-ID
X-Load-Cache
WPO-Cache-Status
X-Fastcgi-Cache
WPO-Cache-Message
Surrogate-Key
X-Amz-Meta-S3cmd-Attrs
X-Cache-Control
X-Template
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Static
Count-Hit
X-FW-Type
Permissions-Policy
X-Trace-Id
X-Node-Name
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Healthy
X-G
X-Original-Request-Id
X-Response-Served-From
SD-X-WS
X-Jobs
X-Proxy
X-Cache-Time
Refresh
X-Mobile
Akamai-GRN
Content-Disposition
X-Revision
X-XRDS-Location
X-Is-Bot
X-Rendered-As
X-Framework
X-Real-IP
X-Cacheable-TTL
X-UUID
X-Zen-Fury
X-Adobe-Content
X-Page-View
X-Proxy-Cache-Status
X-Akamai-Request-ID2
X-Adobe-Loc
Uber-Trace-Id
X-Cache-TTL-Remaining
Amp-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-Debug-IsConnected
X-Http-Reason
X-Debug-IsPreview
Access-Control-Request-Headers
X-Device-Type
NGB
X-Drupal-Cache-Contexts
X-Instance
Url
X-Mcache
VIX-Pulpo-Upstream-Status
X-Servername
VIX-Pulpo-Node
X-Hostname
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-IPLB-Instance
X-Cache-Grace
Version
X-Source
X-Restarts
X-Mg-Request-UUID
X-NGENIX-Cache
X-Varnish-Server
X-Datadome
X-ECache
X-L-Path
X-Environment-Context
X-Cache-Rule
From-Origin
X-B3-Traceid
Accept-Language
X-Vgn-Hpd-Reason
X-Cache-Hit
X-EdgeConnect-Cache-Status
Countrycode
X-Cache-Expired-At
X-Parallel-Accel
X-Oneagent-Js-Injection
Ms-Operation-Id
X-RTag
MS-CV
X-HTML-Minification-Powered-By
Referer-Policy
X-App-Server
Frame-Options
Liferay-Portal
X-Tumblr-User
X-Ratelimit-Remaining
X-NYM-Debug-Backend
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-FW-Version
X-Tumblr-Pixel-0
Cross-Origin-Window-Policy
Backend
X-IPS-LoggedIn
X-Nginx-Cache
Content-Secure-Policy
X-COUNTRY
X-RemovedCookies
X-ProcessESI
Section-Io-Cache
WP-Super-Cache
X-Midtier
X-Cache-Action
X-RN-RSRV
Upgrade-Insecure-Requests
X-UPSTREAM-Address
X-TT-LOGID
X-Hosted-By
CF-IPCountry
Meta-Geo
Cache-Tv-Group
X-Redis-Cache
X-Cache-Server
X-Detected-As
X-Content-Age
X-Generation-Time
X-FB-TRIP-ID
X-UA-Device-Type
X-Cache-Enabled
X-Web-Node
X-Ua
X-Region
Ec-Rule-Version
X-No-Session
X-Sql-Duration-Ms
X-Origin-Date
X-Alternate-Cache-Key
S-Rt
X-ShardId
Webcakes-Region
X-Akamai-Edgescape
X-Shopify-Stage
X-ShopId
TWC-Device-Class
X-Be
X-SayCDN-TTL
TWC-GeoIP-LatLong
X-Varnish-Cache-Hits
TWC-Locale-Group
X-Via-Fastly
X-Sql-Count
X-AOL-HN
X-Site-Version
X-Origin-Hint
TWC-GeoIP-Country
X-OCL
X-Sorting-Hat-ShopId
X-Server-W
X-Format
Azure-Version
X-Request-Time
X-Nginx-Cache-Key
X-Uri
TWC-Privacy
X-Say-TTL
X-Section
Webcakes-App-Name
X-Human
X-Access
Mn-Server-Ip
X-PHP-Backend
Azure-InstanceId
X-Say-Cacheable
X-PCL
Azure-RegionName
Property-Id
X-Generated-By
Azure-SlotName
Azure-SiteName
Webcakes-App-Version
X-Sorting-Hat-PodId
TWC-Connection-Speed
X-Mode
CDN-Uid
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
Fastly-SSL
CDN-RequestId
CDN-PullZone
CDN-Cache
X-Xfnlog-Site
CDN-CachedAt
CDN-EdgeStorageId
X-Storage
CDN-RequestCountryCode
X-Status
X-Cluster-Node
X-Cache-Tags
X-Content-Powered-By
X-Debug-Cache
X-Forwarded-Host
X-NewRelic-App-Data
X-Cache-Host
X-ProxyCache-Status
X-Adobe-Source
X-ProxyCache-Key
X-BYPASS-REASON
X-Platform-Server
Apigw-Requestid
Eomportal-Instance
X-Unique-Id
X-SaId
X-Routing-Service
X-ApacheServer
X-Backend-Name
X-Varnishpool
X-Hyper-Cache
X-Tid
X-ServerID
X-Handled-By
X-Proxied
X-JoinUs
X-Hl-Ver
X-Zipkin-Id
X-APP-VERSION
X-Cache-Type
X-PERF
X-Extlb
X-PHP-Host
X-Locale
X-Labrador-Cache-Channel
X-Proxy-Build
Selected-Fe
X-Dc
X-Timing-Wait
X-Webkit-CSP
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-Rule
X-GG-Cache-Date
X-Cache-Operation
ServedBy
X-VC-Cache
X-Storefront-Renderer-Rendered
X-Edge-Location
X-LSADC-Cache
X-Cms-Context
Webserver
X-App-Version
SID
X-Proto
X-Accel-Buffering
X-Cached-By
Web-Mar-Node
X-Rewrite-Enabled
X-Ratelimit-Limit
X-Cache-Remote
Fastly-Drupal-Html
Mime-Version
X-Soup
Load-Balancing
Onion-Location
X-GeoCountry
SRV
X-GeoCode
X-Varnish-Hostname
X-CDN-Forward
X-GEO
X-Reqid
Xserver
Country-Code
X-Buckets
X-Pubstack
Cache-Hits
X-TA-CDN-Provider
X-Cdn
X-Request-Host
X-Origin-CC
X-Origin-TTL
X-Cluster
X-Microcachable
X-Varnish-Hits
Server-Info
X-SRV
X-Envoy-Decorator-Operation
Decoy-Debug-Key
X-MP-GENERATED-AT
Decoy-Debug-Status
Decoy-Debug-TTL
X-CSRF-Token
X-Time
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Ms-Version
X-Ms-Request-Id
X-Magnolia-Registration
X-Air-Source
X-Air-Hostname
X-B3-SpanId
X-Air-Trace-Id
LB
X-Amzn-RequestId
Cache
Xet-Cookie
X-Amz-Apigw-Id
X-NCache
DB-Nickname
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Bc-Bl
DynaTrace
X-SD-PageType
X-A
X-A-Ccd
X-A-Dam
X-A-Dgt
X-ZONE
Lang
X-Application
X-ARC
X-B-Cookie
X-Aed
X-NAPM-TraceId
X-Shop-Environment
X-Session-Fingerprint
X-ScT
X-A-Wwc
X-Node-Id
X-A-Dcw
X-Orig-Expires
Odigeo-Trace-Id
Expiry
DCR-Processing-Time-Ms
DCR-Decision-By
Cmsid
Cmstype
NM-Fastcgi-Cache
Fastcgi-X-Cache-Version
MD5-Digest
Host-ID
X-Processor
Meta-Geo-Continent
X-Vtex-Processado-Em
Mobile-Detection-Method
Pramga
Cdnsip
X-Hash
T-Server
X-Rojux
X-HS-Content-Campaign-Id
X-Gzip
X-S
Surrogated-Key
Sslversion
BehaviorPad-Version
Cdncip
Rendered-Blocks
X-PBS-Appsvrname
A
X-PAYTM-SRV-ID
X-S-Cookie
X-AK-Request-ID
X-Core-Mission
X-TrackingId
X-User
X-Webstats-RespID
X-Connection-Hash
X-Vdms-Path
X-Ig-Push-State
X-VG-WebCache
X-Forwarded-Path
X-Vdms-Version
X-D
X-Fetched-On
X-Esi-Check
X-Ec-Fail
X-Epic-Correlation-Id
X-Ec-GeoHdr
Xc-Version
X-External-Request-Id
X-Destination
X-Developer
X-Device-Os
X-TIM-N
X-Conf
X-Ftr-Request-Id
X-SVT-ORM-RULES
X-Vtex-Remote-Cache
X-Geo-Header
X-Cache-Bucket
X-SRCache-Key
X-Cache-Id
X-CF-Lambda-Version
X-From
X-Cache-NE
X-SVT-ORM-VERSION
X-Varnish-Beresp-Grace
X-Tenant
X-Cdn-Srv
X-CF-Lambda-Fn
Source
X-CACHE-KEY
Cache-Name
X-R9-Blue-Green-Version
X-Gdpr
Release
X-Origin-Time
Memcached
Machine
X-Gen-Mode
Mail-Subject
X-Planisys-CDN-Cache
Platform
Origin-EX
Server-Host
Origin-CC
X-Planisys-CDN-TTL
X-Fmm-Version
X-Irp-Debug
X-JWT-State
X-Fastly-Cache
X-Is-Gdpr
X-Planisys-CDN-Rules
Producers
Thinkindot-CacheControl
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Nyt-Route
Wxu-Next-Region
Wxu-Next-Hostname
Web-Mar-Region
Wxu-Next-Commit
X-CacheTTL
X-Cache-Info
X-Block-Status
X-Mvc-Supplant-Cachable
X-Cache-Backend
X-Amzn-Remapped-Content-Length
X-Cache-Date
X-Location
X-Core-Value
We-Hiring
X-DPWN-IS-SECURE
X-Dispatcher-Number
X-Developers
X-Origin
X-Ec-Custom-Error
X-Origin-Expires
State
TDXMobile
X-Loop
Traceparent
User-Cache-Control
Thinkindot-Control
Thinkindot-CacheControl-Type
X-DefHash
X-DefElseHash
X-Origin-Response-Time
Fastly-GeoIP-CountryCode
X-Scheme
X-SB
AKAMAI
Adler-Geo
CDN
X-IPLB-Request-ID
X-Varnish-CookieINHashed-On
X-Sigma-Backend
X-Sigma
X-Server-IP
X-GeoIP
X-V-Cache
X-Rocket-Build-Number
X-Varnish-CookieHashed-On
X-Azure-Ref
X-Has-Esi
X-Worker
X-Wix-Viewer-Type
X-Variation
X-Slack-Backend
X-Varnish-Remaining-TTL
X-TNCMS
CloudFront-Viewer-Country
Is-Eu
X-VServer
X-Hnp-Log
X-Skip-Cache
X-WADP-Cache
AMP-Access-Control-Allow-Source-Origin
Environment
X-Thinkindot-L3
HostName
X-Varnish-Ttl
X-Minions-Version
X-Level-Front-Cache
X-LAGOON
X-BBC-Edge-Cache-Status
X-Branch-Name
X-Tx-Id
X-Datadog-Trace-Id
X-Sn-Servicetimems
X-Loc
X-Datadog-Parent-Id
X-Served-From
X-Cdn-Origin
X-Aicache-OS
X-NodeID
X-SIPLIST1
X-Generated-On
X-GeoIP-City
X-Datadog-Sampling-Priority
IsBot
X-HN
X-Via-Ucdn
X-Auto-Login
X-Region-Sid
NGX
N-Cache
X-Platform
Fastcgi-Cache-TTL
X-Proxy-Upstream
DSUID
X-Qloud-Router
Origin
Fastly-SIE
Fastly-SWR
X-Pool
L
Kp-EeAlive
X-Gamma-Serve
X-Policy
X-Pod-Name
X-Proxy-Cache-Info
Gh-Request-Id
Cluster
PFcat
Server-Hostname
Server-Ext
Apple-News-Services-Handled
X-Rebelmouse-Cache-Control
Sever-Int
X-VarnishDD-TTL
Ssr
X-Rebelmouse-Surrogate-Control
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
CDCHOST
X-Via-NSCOPI
X-Httpd
Redirect-Candidate
X-Forwarded-Site
Apple-News-Services-Request-Url
Req-Svc-Chain
X-VG-TLSProxy
X-Rocket-Nginx-Serving-Static
Ohc-File-Size
X-Optimistic-Header
X-Eu-Site
X-WP-CF-Super-Cache
X-Request-URI
X-Csrf-Jwt
X-WP-CF-Super-Cache-Cache-Control
V-Age
Vix-Hermes-Req-Id
X-Scale
X-CGP
Svr
X-RateLimit-Limit-Second
Ha-Gx-Prefs
HA-Ipaddr
X-Viewer-Country
L5d-Success-Class
X-RateLimit-Remaining-Second
X-Tec-Api-Root
X-Newrelic-Synthetics
X-CS
X-Tec-Api-Origin
X-Tec-Api-Version
X-VC
X-EC-Lua
Pics-Label
X-Refresh
Arc-Country
X-Tb-Optimization-Total-Bytes-Saved
Locid
X-Owner
X-Men
X-TraceId
X-NC
Candidate-Md5Url
Datacenter
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Response-By
X-Srv
X-Parent-Response-Time
X-Ad-Defer-Variation
X-Old-Content-Length
X-BCube-Filmed-By
Cache-Key
CPC-Cache
CPC-Age
X-Ah-Environment
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Mvc-Supplant-OutputCached
VNS-Age
X-DB
XM
X-DI
X-RPS
X-DSS
X-DW
X-Edge-Pop
VNS-Cache
X-SplitTest
X-RSL
X-RPM
X-Cache-Status-Check
Lb
Ms-Author-Via
X-Udemy-Cache-App-Namespace
Fastly-Backend-Name
X-Varnish-Authentication
Env
X-LB-NoCache
X-WA-Info
Time
Servername
GEO-INFO
Memory
X-Date
X-Accel-Expires-Debug
X-Akamai-Transformed
GeoIp-Country-Code
X-Via-Popv
X-GeoIP-Region-Code
X-Generated-In
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popn
X-GeoIP-Country-Code
X-Micro-Cache
X-Via-Poph
X-Tt-Logid
X-Xrds-Location
X-TIME
Path
X-HA-Backend
X-S-Maxage
Ohc-Cache-HIT
X-Cache-Debug
X-AIR-PT
Geoip-Latitude
ITXSESSIONID
X-API-Version
X-Servedbyhost
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Geo-Info
X-RateLimit-Reset
Ngx.Var.Host
CacheControlHeader
True-Client-IP
FSS-Cache
Client
Cache-Host
X-Api-Version
True-Client-Country-4JS
X-Vc
X-Varnish-Beresp-TTL
X-Action
X-TH-Server
X-VCL-Version
XkeyRZ
X-VHOST
X-Proxy-CacheRZ
X-Cs
X-Clientip
X-Backend-TTL
X-DC
X-Trace-ID
Server-ID
X-TX-ID
X-Presslabs-Stats
X-FireWall-Port
Hostname
X-Req
Edge-Cache
My-App
X-Fpc
Powered-By
X-FPC
NtCoent-Length
X-Webkit-Csp-Report-Only
X-Zone
X-Provided-By
X-Dmc
X-Pass-Why
X-B3-Spanid
X-PX
X-Origin-Upstream-Status
X-INCAP-ABP
X-Render-Time
X-MSEdge-Flight
Test
X-MSEdge-Features
X-Up
X-Traceid
X-Varnish-Beresp-Ttl
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-HS-Status
Server-Id
X-Cdn-Request-ID
C-Via
X-CSRF-TOKEN
X-Vcl-Version
X-LB-ID
X-Correlation-ID
X-Beluga-Node
X-Service
Tube-Return
Tube-Got-Results
X-Gateway-Request-Id
X-Webkit-CSP-Report-Only
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Beluga-Cache-Status
Tube-Got-Eval
Tube-Get-Contents
X-Beluga-Record
X-Beluga-Response-Time
Click-Count-Error
X-Beluga-Status
Rip
DataCenter
Click-Count-Action-Start
X-Beluga-Trace
X-M-Reqid
X-Gateway-Skip-Cache
User-Agent
X-DynaTrace-JS-Agent
OT-Force-Account-Verify
HIT
X-Li-Pop
X-Li-Fabric
X-LI-UUID
X-M-Log
X-ServedByHost
Esi-Enabled
Uri
Proxy-Connection
X-Qnm-Cache
X-UnsetCookies
Tcn
Srvid
X-Time-Microsecs
Resin-Trace
On-Server
X-Alfa-Service
X-Via-PopH
X-RAMCache
X-Ha-Backend
X-ND-Cache
X-Via-PopV
X-Via-PopN
X-URL
RATING
WZWS-RAY
X-CLOUD-TRACE-CONTEXT
X-Dynatrace
X-Geo
X-APP
GeoIP-Latitude
GeoIP-Country-Code
X-CUA
X-Cdn-Forward
Sid
X-Check-Cacheable
MIME-Version
X-Akamai-Pragma-Client-IP
X-Platform-Router
WebServer
X-Proxy-Cache-Hk
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-ATG-Version
Tracecode
X-Platform-Processor
X-LI-Proto
X-Fetch-By
X-CCDN-CacheTTL
Epwk-X-Cache
X-Fragments
X-Platform-Cluster
Srv
Target-Params
Cf-Device-Type
X-HostName
X-TRACE-ID
Fastly-Drupal-HTML
X-Fastly-Backend-Reqs
X-FC-Vary-Parameters
X-Fastly-Backend
X-Backend-Host
X-Var-Ttl
X-Sucuri-Cache
X-Lb-Nocache
ENV
ServerName
Lfy
X-Sucuri-ID
Cdn
X-Esi
X-Azure-Ref-OriginShield
X-Cache-Expires
Section-Io-Origin-Time-Seconds
X-B3-Traceid-Primal
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Status
X-Edge-Origin-Shield-Bytes
XServer
X-Varnish-Beresp-Status
X-Edge-POP
X-LiteSpeed-Cache-Control
X-MG-S
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Dw-Trace-Id
X-Newrelic-App-Data
X-App
CF-Cached-On
PICS-Label
X-NU-AKA-ACS-Version
X-Yottaa-OS
M-TraceId
Magicmarker
X-Li-Proto
X-ElasticPress-Query
X-Backend-State
Inserted-Into-Cache-At
X-Edge-Origin-Shield-Region
Dt-Hot-News
X-CF-Powered-By
D-Url-Rewrites
X-Acquia-Application-Trace
Wpo-Cache-Message
Wpo-Cache-Status
X-Acquia-Application-UUID
Server-Ttl
X-Nc
X-Serial
Cf-Ipcountry
X-Iplb-Instance
X-Iplb-Request-Id
X-Acquia-Site
X-Vcache
X-Acquia-Purge-Tags
Warning
Servedby
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Id
X-Vercel-Cache
X-B3-Parentspanid
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
X-IN-APIGATEWAYSSL
X-Release
X-Request-URL
X-BBC-Origin-Response-Status
CountryCode
Content-Script-Type
X-Th-Server
X-Back
Content-Style-Type
X-Dist-Code
X-Request-Url
X-Request-Start
X-Storefront-Renderer-Verified
X-IN-APIGATEWAY
X-Litespeed-Cache-Control
Cneonction
X-Snapshot-Date
Ngx
X-Cache-CFC