Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
X-Request-ID
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Accept-CH
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Accept-Ch-Lifetime
Rating
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
Accept-CH-Lifetime
X-Url
X-Ac
X-Content-Type
X-TtlSet
X-Vname
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-FastCGI-Cache
X-Server-Name
Fastly-Restarts
Cache-Tag
X-VARITI-CCR
Service-Worker-Allowed
X-Rack-Cache
Verso
X-Aws-Lambda-Call-Status
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Amz-Rid
Public-Key-Pins
Accept-Ch
X-Cached
X-Dw-Request-Base-Id
X-D2id
X-Client-IP
X-Abt-Application-Version
X-Cache-TTL
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cnection
X-Px
X-Navigation-Version
X-Country-Code
RTSS
Arr-Disable-Session-Affinity
X-Powered-By-Plesk
Access-Control-Request-Method
X-NF-Request-ID
X-Cdn-Fetch
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Goog-Hash
X-Kinja-Server
X-Origin-Cache
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
AR-CACHE
X-Powered-CMS
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-Version
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
X-TTL
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-RateLimit-Remaining
X-Protected-By
TCN
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-T
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
S
Content-MD5
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
SPIisLatency
SPRequestDuration
X-Language
Front-End-Https
X-CST
Realpath
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
X-Ttl
Server-Node
X-MCACHE
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Content
X-Ua-Browser
Server-Name
X-Ab
X-Frontend
X-DynaTrace
X-Correlation-Id
X-NWS-LOG-UUID
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Ser
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
X-ECACHE
X-Hits
X-Template
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
X-Parallel-Accel
X-Cache-Key
Alternate-Protocol
X-Tt-Trace-Tag
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
Cache-Tags
X-Content-Options
X-Page-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-B3-Sampled
Cleartype
Host
Charset
X-Fastly-Request-Id
X-Git-Hash
X-Ruxit-Js-Agent
X-Www-Served-By
X-Server-ID
X-Geo-Country
X-DIS-Request-ID
X-Daa-Tunnel
X-Debug-Info
X-Webkit-CSP
X-Amzn-Trace-Id
X-Ratelimit-Limit
X-Content-Digest
X-Amz-Replication-Status
Filterid
X-Varnish-Age
X-Accel-Expires
X-Hostname
X-Az
X-AppVersion
X-Activity-Id
X-FB-Debug
X-VCache
X-Forwarded-Proto
X-Upgrade-Enabled
TP-Cache
TP-L2-Cache
X-Origin-Server
X-WebKit-CSP-Report-Only
Cross-Origin-Opener-Policy
X-Grace
X-Rid
Access-Control-Allow-Method
X-Nginx-Upstream-Cache-Status
X-F-Cache
ServerID
X-N
X-XRDS-LOCATION
X-Mobile-URL
X-LB-Cache
X-Aspnet-Duration-Ms
X-Route-Name
X-Request-Guid
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-App-Environment
Viewport
X-TT
X-Varnish-Grace
X-Whom
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Tb
X-GUploader-UploadID
X-Seen-By
X-Goog-Stored-Content-Encoding
X-Type
X-Distributor
X-FW-Type
Payment
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Static
X-FW-Server
Paypal-Debug-Id
DC
X-App-Server
Node
X-User-Agent
Fastcgi-Useragent
Accept-Charset
Country
X-Origin-Upstream-Status
X-Cache-Control
X-Wix-Request-Id
X-DataDome
X-NGENIX-Cache
X-Cache-Rule
X-Litespeed-Cache
X-Logged-In
Version
X-Request-Handler-Origin-Region
X-Microsite
X-Via-JSL
X-Drupal-Cache-Tags
Referer-Policy
X-Cache-Age
X-Ratelimit-Reset
X-Load-Cache
X-B-Cache
X-Varnish-Backend
Refresh
X-Signature
X-Cluster-Name
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Contextid
Cache-Status
X-Node-Name
X-Response-Served-From
VIX-Pulpo-Node
SD-X-WS
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Root
X-Tec-Api-Origin
X-Is-Bot
X-Tec-Api-Version
X-Page-View
X-Rendered-As
X-Buckets
X-Mobile
X-Real-IP
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-Jobs
Access-Control-Request-Headers
X-Cacheable-TTL
X-Revision
X-Instance
X-Yottaa-Metrics
X-ProcessESI
X-Rule
X-Debug
X-Yottaa-Optimizations
X-IPLB-Instance
X-RemovedCookies
X-Proxy
X-UUID
X-Proxy-Cache-Status
X-Drupal-Cache-Contexts
X-Cache-Action
NGB
Akamai-GRN
Surrogate-Key
X-B
X-Fastly-Request-ID
X-Device-Type
X-Framework
X-Fastcgi-Cache
X-Cache-Time
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Version
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
CF-IPCountry
X-G
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
DynaTrace
X-Oracle-Dms-Rid
X-Azure-Ref
X-Oracle-Dms-Ecid
SID
Liferay-Portal
X-Presslabs-Stats
X-XRDS-Location
X-Nginx-Cache
GEO-INFO
X-PressLabs-Stats
X-Source
X-Accel-Buffering
X-Ms-Request-Id
X-Ms-Version
X-Oneagent-Js-Injection
Count-Hit
Frame-Options
Uber-Trace-Id
Healthy
Ms-Operation-Id
MS-CV
X-RTag
X-APP-VERSION
X-Cache-Operation
X-CDN-Forward
X-EdgeConnect-Cache-Status
X-Cache-NGX
X-Zen-Fury
Countrycode
X-L-Path
X-Environment-Context
X-Varnish-Server
Xserver
X-Cache-Hit
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Mode
X-Backend-Name
Ec-Rule-Version
Cross-Origin-Window-Policy
Protected
X-IPS-LoggedIn
X-Forwarded-Host
X-Region
X-Servername
X-Cache-TTL-Remaining
X-Detected-As
X-Tid
X-JoinUs
X-UPSTREAM-Address
X-Content-Powered-By
Meta-Geo
Backend
X-RN-RSRV
X-SaId
X-Rewrite-Enabled
X-Sql-Duration-Ms
X-Sorting-Hat-ShopId
X-Sql-Count
X-Uri
X-Proxied
X-ShopId
X-Generation-Time
Eomportal-Instance
X-ShardId
Country-Code
Apigw-Requestid
X-Ratelimit-Remaining
X-Hosted-By
X-Cache-Grace
Decoy-Debug-TTL
X-Extlb
Decoy-Debug-Key
Decoy-Debug-Status
X-Zipkin-Id
X-Sorting-Hat-PodId
X-Routing-Service
X-Cache-Server
X-Alternate-Cache-Key
X-Shopify-Stage
X-Redis-Cache
X-Status
X-Adobe-Loc
X-Adobe-Content
X-Hyper-Cache
X-Content-Age
Fastly-SSL
Mn-Server-Ip
X-Site-Version
Cache-Name
X-ServerID
X-ApacheServer
X-Format
X-FB-TRIP-ID
X-PERF
X-Human
X-No-Session
X-Origin-Date
X-Varnish-Beresp-Grace
X-PHP-Backend
Url
Section-Io-Cache
X-NCache
X-Proxy-Build
Selected-Fe
TWC-Connection-Speed
TWC-Device-Class
Webcakes-Region
TWC-GeoIP-Country
X-Origin-Hint
X-Cluster-Node
X-Via-Fastly
X-Storage
X-NYM-Debug-Backend
X-Microcachable
X-Access
Property-Id
X-Server-W
X-Section
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Cache-Host
X-UA-Device-Type
X-Cache-Type
TWC-GeoIP-LatLong
X-Pubstack
TWC-Locale-Group
X-Timing-Wait
X-NewRelic-App-Data
X-Akamai-Edgescape
X-BYPASS-REASON
X-ProxyCache-Key
X-OCL
X-PCL
X-Hl-Ver
X-Debug-Cache
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-Web-Node
X-Say-TTL
X-Say-Cacheable
X-Varnishpool
LB
X-SayCDN-TTL
WPO-Cache-Message
Cache-Tv-Group
WPO-Cache-Status
Azure-InstanceId
X-TIME
X-Soup
X-RateLimit-Limit
X-Be
Azure-Version
DB-Nickname
Azure-SlotName
Azure-SiteName
Azure-RegionName
Content-Secure-Policy
X-Azure-Ref-OriginShield
CDN-EdgeStorageId
CDN-RequestId
CDN-Uid
X-Generated-By
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-Cache
X-LSADC-Cache
X-Ua
Content-Disposition
X-Trace-Id
OT-Force-Account-Verify
SRV
X-Webkit-Csp
X-Dc
X-Cached-By
X-Nginx-Cache-Key
Source
X-Bc-Bl
X-Unique-Id
Cache
Retry-After
X-TT-LOGID
X-SRV
X-LAGOON
X-Auto-Login
X-Cache-Remote
X-Origin-CC
X-Origin-TTL
X-Platform-Server
Xet-Cookie
Cache-Hits
X-Varnish-Hits
Mime-Version
X-HTML-Minification-Powered-By
X-App-Version
X-Loop
X-Varnish-Hostname
X-TNCMS
X-Akamai-Transformed
X-Xfnlog-Site
Onion-Location
X-ECache
X-GEO
X-Amz-Meta-S3cmd-Attrs
X-Cdn
ServedBy
X-Cache-Tags
HostName
X-S-Maxage
X-Varnish-Cache-Hits
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Web-Mar-Node
Upgrade-Insecure-Requests
X-Proto
X-CSRF-Token
Webserver
X-Request-Time
X-EC-Lua
X-CLOUD-TRACE-CONTEXT
X-AOL-HN
From-Origin
X-Request-Host
X-Time
WP-Super-Cache
N-Cache
X-Tenant
X-AWS-Id
X-Cache-Var
X-VWS-Id
X-LJ-Flow-ID
X-Cache-Var-Map
X-FireWall-Port
X-GG-Cache-Date
X-Endurance-Cache-Level
X-Edge-Location
X-Cache-Enabled
X-Origin-Response-Time
X-Handled-By
X-Time-Microsecs
X-Mg-Request-UUID
Surrogated-Key
User-Cache-Control
V-Age
Sslversion
Rendered-Blocks
Pramga
Redirect-Candidate
Vix-Hermes-Req-Id
X-A
X-A-Wwc
X-Aed
X-Aicache-OS
X-A-Dgt
X-A-Dcw
X-A-Dam
X-SRCache-Key
Odigeo-Trace-Id
Mobile-Detection-Method
X-VG-WebCache
X-Vdms-Version
X-Vdms-Path
X-Vtex-Processado-Em
Nel
Xc-Version
X-Vtex-Remote-Cache
X-V-Cache
X-TIM-N
Expiry
Fastcgi-X-Cache-Version
Meta-Geo-Continent
DCR-Processing-Time-Ms
DCR-Decision-By
A
BehaviorPad-Version
X-Application
X-ARC
X-Hnp-Log
X-Ig-Push-State
X-NAPM-TraceId
X-S-Cookie
X-ScT
X-SD-PageType
X-Gen-Mode
X-ND-Cache
X-S
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Rojux
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-Orig-Expires
X-PAYTM-SRV-ID
X-Ftr-Request-Id
X-Forwarded-Path
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cluster
X-Cache-NE
X-Block-Status
X-Slack-Backend
X-B-Cookie
X-Shop-Environment
X-Conf
X-Session-Fingerprint
X-External-Request-Id
X-Developer
X-Destination
X-Connection-Hash
X-D
X-Processor
X-A-Ccd
CloudFront-Viewer-Country
X-Amz-Apigw-Id
X-B3-SpanId
X-Amzn-RequestId
X-Via-NSCOPI
X-Correlation-ID
X-NWS-UUID-VERIFY
X-MP-GENERATED-AT
X-RCS-CacheZone
Fastcgi-Cache-TTL
Gh-Request-Id
Host-ID
X-Origin-Time
X-Owner
X-Request-URI
X-Origin-Expires
DSUID
X-Server-IP
X-Cache-Date
X-Cdn-Srv
CDCHOST
X-Cache-Bucket
X-Ckpd-Fst-Backend
X-Scheme
Origin
X-Mvc-Supplant-Cachable
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Forwarded-Site
X-Fastly-Cache
X-Epic-Correlation-Id
X-Zone
X-Accel-Expires-Debug
X-Gdpr
X-Geo-Header
X-Location
X-Men
X-Date
CacheControlHeader
State
X-Hash
Svr
X-Nyt-Route
X-Policy
X-Sucuri-Cache
X-Sucuri-ID
X-Webstats-RespID
X-Adobe-Source
X-Viewer-Country
Fastly-Drupal-Html
X-Labrador-Cache-Channel
X-Magnolia-Registration
X-SVT-ORM-RULES
AKAMAI
X-SVT-ORM-VERSION
Arc-Country
X-PHP-Host
X-M-Log
X-Locale
X-Reqid
Server-Info
X-Qnm-Cache
X-M-Reqid
X-GeoIP
Traceparent
X-Varnish-Beresp-Status
X-HN
Ssr
X-Generated-On
X-Irp-Debug
X-Level-Front-Cache
X-GeoIP-City
We-Hiring
X-HS-Content-Campaign-Id
True-Client-Country-4JS
X-TrackingId
X-UnsetCookies
X-Fetched-On
X-Bip
X-Core-Mission
X-Core-Value
X-Backend-State
X-Backend-TTL
X-CGP
X-Cache-Info
AMP-Access-Control-Allow-Source-Origin
X-Cache-Debug
X-Csrf-Jwt
X-Developers
X-Li-Pop
X-VG-TLSProxy
X-Gamma-Serve
X-VarnishDD-TTL
X-VServer
X-Fastly-Backend
X-Device-Os
X-Envoy-Decorator-Operation
X-Eu-Site
Web-Mar-Region
X-Li-Fabric
HA-Ipaddr
Ha-Gx-Prefs
X-Sn-Servicetimems
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-LI-UUID
Machine
Locid
L5d-Success-Class
L
X-Region-Sid
X-Skip-Cache
Apple-News-Services-Request-Url
Cmstype
Cmsid
X-Served-From
Apple-News-Services-Parsed-Url
X-Rocket-Nginx-Serving-Static
X-Request-Start
Apple-News-Services-Handled
Apple-News-Services-Host
Mail-Subject
X-Storefront-Renderer-Rendered
X-CACHE-KEY
X-Thanos
Release
PFcat
X-TH-Server
X-NodeID
Origin-CC
Origin-EX
X-Cdn-Origin
X-Platform
X-Proxy-Upstream
X-Old-Content-Length
Environment
X-VC-Cache
X-Worker
X-Rocket-Build-Number
X-JWT-State
X-GeoIP-Country-Code
X-Sigma
X-Thinkindot-L3
X-GeoIP-Region-Code
X-Response-By
X-Sigma-Backend
X-Req
X-Gzip
X-Has-Esi
X-FC-Vary-Parameters
X-Qloud-Router
X-Pod-Name
X-NU-AKA-ACS-Version
X-Rebelmouse-Cache-Control
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Node-Id
X-Rebelmouse-Surrogate-Control
X-Esi-Check
X-Is-Gdpr
X-Datadog-Sampling-Priority
Fastly-SWR
Fastly-SIE
Fastly-GeoIP-CountryCode
Req-Svc-Chain
X-ATG-Version
Memcached
Server-Host
X-BBC-Edge-Cache-Status
X-Amzn-Remapped-Content-Length
Thinkindot-CacheControl
X-Branch-Name
X-Cache-Id
Thinkindot-CacheControl-Type
TDXMobile
Cf-Device-Type
Thinkindot-Control
X-Xrds-Location
X-Tx-Id
S-Rt
X-Variation
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-DPWN-IS-SECURE
X-Varnish-CookieHashed-On
Adler-Geo
X-Loc
X-Mvc-Supplant-OutputCached
NGX
X-Origin
Platform
Is-Eu
X-DefHash
NM-Fastcgi-Cache
X-DefElseHash
X-Ua-Device
X-CS
X-Cache-Config
Magicmarker
X-NC
X-API-Version
X-TraceId
X-Generated-In
CDN
X-LB-ID
Pics-Label
X-Up
X-Varnish-Beresp-Ttl
X-Restarts
X-Http-Reason
X-Datadome
X-Akamai-Request-ID2
Memory
X-Tt-Logid
Ms-Author-Via
X-Trace-ID
Time
Kp-EeAlive
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-RSL
X-LB-NoCache
Candidate-Md5Url
X-DSS
Datacenter
X-DI
X-DB
X-Cache-Backend
X-DW
X-RPM
X-Edge-Pop
X-RPS
X-Action
Env
Edge-Cache
X-Wix-Viewer-Type
X-Vc
X-Via-Popn
X-Optimistic-Header
WebServer
X-Varnish-Ttl
X-Via-Poph
X-Via-Popv
X-Refresh
GeoIp-Country-Code
Accept-Language
X-DynaTrace-JS-Agent
WWW-Authenticate
On-Server
X-Srv
X-Varnish-Beresp-TTL
X-Minions-Version
X-TA-CDN-Provider
X-CacheTTL
Esi-Enabled
X-DC
X-Parent-Response-Time
X-Cs
X-Servedbyhost
X-Esi
X-HA-Backend
X-Dynatrace
X-Urbn-Context-Path
X-MSEdge-Features
C-Via
X-MSEdge-Flight
Locale
X-Unique-ID
X-TX-ID
X-Urbn-Site-Id
X-Service
X-Newrelic-Synthetics
Server-ID
X-User
X-Ec-GeoHdr
X-Ec-Fail
X-Cache-PHP
X-ZONE
X-Cache-Ttl
X-VCL-Version
X-Render-Time
X-LiteSpeed-Cache-Control
X-FPC
X-Li-Proto
X-Cache-Status-Check
X-App
X-URL
X-B3-Spanid
Cdnsip
Cdncip
X-Webkit-Csp-Report-Only
X-AK-Request-ID
X-LI-Proto
Test
X-Fpc
X-Traceid
X-Pass-Why
My-App
X-Clara-WADP
X-WADP-Cache
X-Fmm-Version
Server-Id
Geoip-Latitude
Cluster
X-Vcl-Version
X-NODE
Geo-Info
Proxy-Connection
X-Webkit-CSP-Report-Only
Tracecode
Resin-Trace
X-CUA
X-Var-Ttl
X-Mcache
X-LiteSpeed-Tag
X-AIR-PT
X-Clientip
X-From
X-Info
Lfy
T-Server
Tcn
M-TraceId
X-CSRF-TOKEN
DataCenter
X-Oss-Object-Type
X-Ha-Backend
X-Oss-Hash-Crc64ecma
Cf-Int-Pingora-Origin-Digest
Lang
UCS
Cache-Host
X-Oss-Request-Id
Fastly-Drupal-HTML
HIT
X-Fragments
X-Oss-Server-Time
X-Oss-Storage-Class
Hostname
Target-Params
S-Cnection
X-Geo
X-ID
X-ServedByHost
Hit
Ohc-File-Size
X-HostName
X-RAMCache
X-Via-PopH
GeoIP-Country-Code
X-Pad
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Via-PopV
X-Via-PopN
X-Dynatrace-Js-Agent
X-VC
X-Edge-POP
X-ElasticPress-Query
MIME-Version
X-Cdn-Forward
X-Micro-Cache
Fastly-Backend-Name
ENV
User-Agent
X-Httpd
X-Proxy-Cache-Info
Permissions-Policy
X-NGINX-Cache
X-Release
X-BBC-Origin-Response-Status
X-Backend-Host
Load-Balancing
Section-Io-Origin-Status
Section-Origin-Responded
X-Provided-By
X-Edge-Cache
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Api-Version
X-Check-Cacheable
X-APP
X-Fastly-Backend-Reqs
X-BCube-Filmed-By
Servername
X-ServerName
X-Ucs
X-UP
WZWS-RAY
X-Lb-Nocache
X-HS-Status
Uri
Producers
X-GoCache-CacheStatus
X-SB
EpKe-Alive
ServerName
X-Cache-CFC
URI
FSS-Cache
PICS-Label
Lb
X-TRACE-ID
X-Platform-Cluster
CPC-Age
Server-Ttl
X-Platform-Router
Cache-Key
X-Platform-Processor
Sid
Cdn
X-Udemy-Cache-App-Namespace
X-RateLimit-Reset
X-Pool
X-Swift-Error
CPC-Cache
X-Nc
Cneonction
X-WA-Info
X-Amz-Meta-Cb-Modifiedtime
X-WA
X-Cdn-Request-ID
X-B3-ParentSpanId
X-Fastly-Cache-Hits
Ohc-Cache-HIT
X-Lb-Id
Path
Cteonnt-Length
VNS-Age
VNS-Cache
X-Dw-Trace-Id
X-Acquia-Site
X-Apw-Hits
X-Akamai-Request-ID
X-Newrelic-App-Data
X-Akamai-ERRuleID
X-Apw-Access-Action
X-Yottaa-OS
X-Apw-Access-Object
X-Wikidot-Static-Cache
X-Acquia-Purge-Tags
X-Wikidot-Backend
X-Akamai-ERPolicy
X-Vcache
Cf-Ipcountry
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Acquia-Application-UUID
Vha6-Origin
Shield-Pop
X-Snapshot-Date
CF-Cached-On
X-Apw-Access-Token
X-Ec-Custom-Error
X-Acquia-Application-Trace
X-ES-SERVER
X-Air-Pt
X-Cache-Ngx
X-SIPLIST1
X-Cache-Expires
IsBot
X-Varnish-Authentication
X-Scale
X-Shopify-Generated-Cart-Token
X-Http-Count
X-Akamai-Pragma-Client-IP
X-UA
Ngx
X-Sentry-ID
CountryCode
Req-ID
X-CacheKey
X-Cms-Context
X-Te-Count
X-Te-Duration-Ms
X-Http-Duration-Ms
Pagetype
X-PJAX-URL
X-Logging-Id
X-Last-Modified