Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-Request-ID
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
Report-To
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Pingback
NEL
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-TtlSet
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
X-Aws-Lambda-Call-Status
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-Vcap-Request-Id
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-Px
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
RTSS
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Use-Magma
X-NF-Request-ID
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Goog-Hash
X-Origin-Cache
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Powered-CMS
AR-CACHE
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Version
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
Accept-Ch
X-TTL
X-MSEdge-Ref
X-SRCache-Store-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-SRCache-Fetch-Status
X-Edge
Nginx-Cache
Mrf-Cache-Status
MRF-Tech
TCN
X-B3-TraceId-Primal
X-Protected-By
X-RateLimit-Remaining
X-HP-Webp
X-T
X-Jurisdiction
X-HP-Trace-Id
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Id
X-Mg-S
S
Content-MD5
Edge-Cache-Tag
X-Language
Fastcgi-Cache
SPIisLatency
SPRequestDuration
X-Mid
Front-End-Https
Realpath
X-CST
X-Recruiting
X-Request-Received
X-Request-Processing-Time
X-Pinterest-Rid
Pinterest-Version
X-DynaTrace
Pinterest-Generated-By
Filters
Server-Node
X-MCACHE
Server-Name
X-Frontend
X-Ab
X-Ua-Browser
X-Content
X-Ruxit-Js-Agent
X-Correlation-Id
X-Ttl
X-HS-Cache-Config
X-Ser
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-NWS-LOG-UUID
X-ECACHE
X-SharePointHealthScore
SPRequestGuid
X-Ezoic-Cdn
X-Cache-Key
X-Template
X-Hits
X-Parallel-Accel
Fusion-Deployment-Id
Alternate-Protocol
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
MicrosoftSharePointTeamServices
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Page-Id
Cleartype
Host
X-B3-Sampled
Charset
X-Content-Options
X-Www-Served-By
X-Git-Hash
X-Geo-Country
X-Debug-Info
X-DIS-Request-ID
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Hostname
X-Content-Digest
X-Amz-Replication-Status
X-Varnish-Age
X-Fastly-Request-Id
Filterid
X-AppVersion
X-Ratelimit-Limit
X-Activity-Id
X-Az
X-VCache
X-FB-Debug
X-Upgrade-Enabled
X-Accel-Expires
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Grace
X-XRDS-LOCATION
X-N
X-Nginx-Upstream-Cache-Status
X-Rid
X-Origin-Server
TP-Cache
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
TP-L2-Cache
ServerID
X-F-Cache
X-Mobile-URL
X-Route-Name
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Request-Guid
X-LB-Cache
X-Server-ID
X-Whom
X-TT
X-Varnish-Grace
Viewport
X-Type
X-App-Environment
X-Seen-By
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
X-Tb
X-FW-Dynamic
Node
X-Distributor
X-FW-Hash
X-FW-Serve
Payment
X-FW-Type
X-FW-Static
X-FW-Server
Paypal-Debug-Id
DC
X-User-Agent
X-App-Server
Fastcgi-Useragent
Accept-Charset
X-DataDome
Country
X-Wix-Request-Id
X-NGENIX-Cache
X-Cache-Control
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Fastcgi-Cache
X-Cache-Rule
X-Fastly-Request-ID
X-Webkit-Csp
Version
X-Logged-In
X-Webkit-CSP
X-Via-JSL
X-Microsite
X-Request-Handler-Origin-Region
X-Drupal-Cache-Tags
Referer-Policy
X-Ratelimit-Reset
X-Cluster-Name
X-Tec-Api-Version
X-Cache-Age
X-Tec-Api-Origin
X-Tec-Api-Root
X-Erf-Bev-Bev
X-B-Cache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Refresh
X-Signature
X-Buckets
X-Varnish-Backend
Cache-Status
X-Load-Cache
X-Contextid
X-Original-Request-Id
X-Node-Name
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Response-Served-From
SD-X-WS
X-Rendered-As
X-Page-View
X-Real-IP
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-Is-Bot
X-Mobile
X-Proxy-Cache-Status
X-Jobs
X-Debug
X-Cacheable-TTL
Access-Control-Request-Headers
Amp-Access-Control-Allow-Source-Origin
X-B
NGB
X-Yottaa-Metrics
X-Revision
X-Yottaa-Optimizations
X-UUID
X-ProcessESI
X-Rule
X-Device-Type
X-IPLB-Instance
X-Instance
X-RemovedCookies
X-Proxy
Akamai-GRN
X-Cache-Action
X-Drupal-Cache-Contexts
Surrogate-Key
X-Debug-IsConnected
X-Framework
X-Cache-Time
X-Debug-IsPreview
X-G
X-FW-Version
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
CF-IPCountry
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
SID
DynaTrace
X-PressLabs-Stats
X-Azure-Ref
X-TEC-API-VERSION
X-Accel-Buffering
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Oneagent-Js-Injection
Liferay-Portal
X-Nginx-Cache
X-Source
GEO-INFO
X-Ms-Version
X-Ms-Request-Id
Count-Hit
X-Presslabs-Stats
Uber-Trace-Id
X-XRDS-Location
Frame-Options
X-Cache-Operation
Healthy
X-RTag
X-Cache-NGX
Ms-Operation-Id
X-CDN-Forward
MS-CV
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Zen-Fury
Countrycode
X-Cache-Hit
Xserver
X-Backend-Name
X-Tumblr-User
X-L-Path
X-Environment-Context
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Varnish-Server
X-Mode
Protected
Ec-Rule-Version
Cross-Origin-Window-Policy
X-RateLimit-Limit
X-IPS-LoggedIn
X-Ratelimit-Remaining
X-Cache-TTL-Remaining
X-Forwarded-Host
X-Servername
X-Region
X-RN-RSRV
Backend
X-Rewrite-Enabled
X-JoinUs
X-Detected-As
X-Tid
X-UPSTREAM-Address
Meta-Geo
X-SaId
X-Extlb
Decoy-Debug-Key
Decoy-Debug-Status
X-Sql-Count
X-Generation-Time
X-Sql-Duration-Ms
X-Proxied
Country-Code
X-Content-Powered-By
X-Debug-Cache
Decoy-Debug-TTL
X-Adobe-Content
X-Cache-Grace
Section-Io-Cache
X-Hyper-Cache
X-Adobe-Loc
Apigw-Requestid
X-Alternate-Cache-Key
X-Cache-Server
Eomportal-Instance
X-Content-Age
X-Hosted-By
X-Shopify-Stage
X-Zipkin-Id
X-Routing-Service
X-Uri
X-ShardId
LB
X-ShopId
X-Sorting-Hat-ShopId
X-Redis-Cache
X-Sorting-Hat-PodId
Mn-Server-Ip
Cache-Name
X-NCache
X-Via-Fastly
X-Status
X-Format
X-Varnish-Beresp-Grace
X-PERF
X-ApacheServer
X-PHP-Backend
X-Origin-Date
X-Site-Version
X-FB-TRIP-ID
Url
X-ServerID
Fastly-SSL
X-Human
X-No-Session
TWC-Connection-Speed
TWC-Device-Class
X-Access
Selected-Fe
X-OCL
X-NYM-Debug-Backend
Cache-Tv-Group
X-PCL
X-Server-W
X-Microcachable
TWC-GeoIP-Country
Property-Id
X-Akamai-Edgescape
X-Cluster-Node
X-Cache-Type
X-Timing-Wait
X-Pubstack
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Storage
X-UA-Device-Type
X-Cache-Host
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-Section
Webcakes-Region
X-Origin-Hint
X-BYPASS-REASON
TWC-GeoIP-LatLong
Webcakes-App-Version
X-NewRelic-App-Data
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
CDN-RequestId
CDN-Uid
X-Hl-Ver
CDN-PullZone
X-SayCDN-TTL
X-Varnishpool
X-R9-Blue-Green-Version
X-Web-Node
X-Say-Cacheable
X-Say-TTL
Content-Disposition
CDN-RequestCountryCode
Azure-SiteName
Azure-SlotName
Azure-RegionName
X-Soup
X-Generated-By
X-Be
Azure-Version
X-Azure-Ref-OriginShield
WPO-Cache-Message
DB-Nickname
WPO-Cache-Status
Content-Secure-Policy
Azure-InstanceId
X-Ua
X-Trace-Id
X-TIME
X-LSADC-Cache
OT-Force-Account-Verify
X-Nginx-Cache-Key
X-Cached-By
Source
X-Dc
SRV
X-TT-LOGID
Retry-After
X-Bc-Bl
Cache
X-Unique-Id
X-LAGOON
X-Auto-Login
X-SRV
X-Platform-Server
X-Cache-Remote
X-Cdn
Cache-Hits
X-Varnish-Hits
X-Xfnlog-Site
X-Akamai-Transformed
X-App-Version
X-TNCMS
X-Loop
X-Varnish-Hostname
X-Origin-CC
X-Origin-TTL
HostName
X-HTML-Minification-Powered-By
X-GEO
Onion-Location
X-S-Maxage
X-Cache-Tags
ServedBy
Xet-Cookie
Mime-Version
X-CSRF-Token
X-Amz-Meta-S3cmd-Attrs
X-Time
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Request-Time
X-Tumblr-Pixel-3
Web-Mar-Node
X-Tumblr-Pixel-2
X-EC-Lua
From-Origin
Webserver
X-AOL-HN
X-Proto
WP-Super-Cache
X-Request-Host
N-Cache
X-ECache
X-Tenant
X-Endurance-Cache-Level
X-FireWall-Port
X-Cache-Var-Map
X-VWS-Id
X-B3-SpanId
X-Cache-Var
X-LJ-Flow-ID
X-AWS-Id
Nel
X-Cache-Enabled
X-Time-Microsecs
X-Correlation-ID
X-GG-Cache-Date
X-Edge-Location
X-Origin-Response-Time
X-Handled-By
X-NWS-UUID-VERIFY
Xc-Version
X-A-Wwc
X-SRCache-Key
X-Forwarded-Path
X-Vtex-Remote-Cache
X-Developer
X-External-Request-Id
X-Cache-NE
X-Slack-Backend
X-A-Dgt
X-Vtex-Processado-Em
X-A-Dcw
X-Ftr-Request-Id
X-Session-Fingerprint
X-VG-WebCache
X-Shop-Environment
X-Aed
X-Aicache-OS
X-V-Cache
X-Cluster
X-Conf
X-Ckpd-Fst-Backend
X-CF-Lambda-Version
X-Vdms-Version
X-Vdms-Path
X-Connection-Hash
X-D
X-SD-PageType
X-TIM-N
X-Application
X-Destination
X-ARC
X-B-Cookie
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-ScT
Expiry
Odigeo-Trace-Id
Mobile-Detection-Method
Pramga
X-ND-Cache
Rendered-Blocks
Redirect-Candidate
X-NAPM-TraceId
X-Processor
Meta-Geo-Continent
X-Orig-Expires
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
DCR-Decision-By
X-Planisys-CDN-Rules
Sslversion
Surrogated-Key
X-S-Cookie
X-S
X-Hnp-Log
X-A
X-A-Ccd
X-A-Dam
X-Gen-Mode
X-Mg-Request-UUID
X-Ig-Push-State
User-Cache-Control
X-Via-NSCOPI
BehaviorPad-Version
X-Rojux
V-Age
X-Block-Status
Vix-Hermes-Req-Id
A
CloudFront-Viewer-Country
X-Amz-Apigw-Id
X-Amzn-RequestId
X-MP-GENERATED-AT
X-PHP-Host
X-Labrador-Cache-Channel
X-Men
State
X-RCS-CacheZone
Svr
X-LI-UUID
X-Request-URI
True-Client-Country-4JS
X-Location
X-Mvc-Supplant-Cachable
Origin
X-Old-Content-Length
X-Origin-Expires
X-Origin-Time
Fastcgi-Cache-TTL
Gh-Request-Id
Host-ID
X-Li-Pop
X-Proxy-Upstream
X-Nyt-Route
X-Policy
X-NodeID
Wxu-Next-Hostname
X-Webstats-RespID
X-Accel-Expires-Debug
X-Forwarded-Site
X-Sucuri-ID
X-Fastly-Cache
X-SVT-ORM-RULES
X-Cache-Bucket
X-Cache-Date
X-Date
X-SVT-ORM-VERSION
X-Backend-TTL
X-Epic-Correlation-Id
X-Hash
Wxu-Next-Region
X-Viewer-Country
Wxu-Next-Commit
X-Geo-Header
X-Scheme
X-Sucuri-Cache
X-Gdpr
X-Server-IP
X-Li-Fabric
X-Cdn-Srv
CacheControlHeader
X-Reqid
Arc-Country
Cmsid
AKAMAI
AMP-Access-Control-Allow-Source-Origin
X-Adobe-Source
DSUID
X-Magnolia-Registration
Cmstype
CDCHOST
Environment
X-Developers
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Apple-News-Services-Parsed-Url
X-Eu-Site
Apple-News-Services-Host
X-Esi-Check
X-Datadog-Parent-Id
Apple-News-Services-Request-Url
X-Envoy-Decorator-Operation
X-Device-Os
X-Cache-Info
X-Branch-Name
X-Cache-Debug
X-Backend-State
X-Origin
X-VG-TLSProxy
X-Rocket-Nginx-Serving-Static
X-Cache-Id
X-GeoIP-Region-Code
X-Fastly-Backend
X-Core-Mission
X-CGP
X-GeoIP-Country-Code
X-Cdn-Origin
X-Csrf-Jwt
X-VServer
X-RateLimit-Remaining-Second
X-Region-Sid
X-RateLimit-Limit-Second
X-Qnm-Cache
X-TH-Server
X-Platform
X-Storefront-Renderer-Rendered
X-Req
X-Served-From
X-Skip-Cache
X-Sn-Servicetimems
X-M-Log
X-Request-Start
X-M-Reqid
X-Owner
X-TrackingId
X-GeoIP-City
X-Gzip
X-GeoIP
X-Generated-On
X-Fetched-On
X-Gamma-Serve
X-HN
X-HS-Content-Campaign-Id
X-Varnish-Beresp-Status
X-UnsetCookies
X-VarnishDD-TTL
X-Locale
X-Irp-Debug
X-Level-Front-Cache
Apple-News-Services-Handled
X-Core-Value
Release
Origin-EX
Server-Host
Ssr
We-Hiring
Traceparent
Origin-CC
Mail-Subject
HA-Ipaddr
Ha-Gx-Prefs
L
L5d-Success-Class
Machine
Locid
Web-Mar-Region
PFcat
Server-Info
Fastly-Drupal-Html
X-Xrds-Location
X-Amzn-Remapped-Content-Length
X-Varnish-CookieINHashed-On
X-FC-Vary-Parameters
X-Thanos
X-Worker
X-Sigma-Backend
X-Pod-Name
Thinkindot-CacheControl
X-DefHash
TDXMobile
X-DPWN-IS-SECURE
X-Qloud-Router
Is-Eu
Platform
Memcached
X-Varnish-CookieHashed-On
NM-Fastcgi-Cache
X-VC-Cache
X-Node-Id
X-NU-AKA-ACS-Version
X-Varnish-Remaining-TTL
X-Zone
X-Variation
X-Has-Esi
X-DefElseHash
Cf-Device-Type
X-Is-Gdpr
X-JWT-State
X-Thinkindot-L3
X-Sigma
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Response-By
X-Bip
Req-Svc-Chain
S-Rt
X-BBC-Edge-Cache-Status
Fastly-GeoIP-CountryCode
X-ATG-Version
Thinkindot-CacheControl-Type
Adler-Geo
X-Rocket-Build-Number
Thinkindot-Control
Fastly-SIE
Fastly-SWR
X-Ua-Device
X-Varnish-Beresp-Ttl
Magicmarker
X-Loc
X-Mvc-Supplant-OutputCached
NGX
X-CLOUD-TRACE-CONTEXT
X-CS
X-Tx-Id
X-Http-Reason
X-API-Version
X-Cache-Config
X-Up
X-LB-ID
X-Restarts
X-NC
X-Akamai-Request-ID2
X-TraceId
X-CACHE-KEY
Ms-Author-Via
X-Trace-ID
Kp-EeAlive
CDN
Pics-Label
X-Generated-In
X-Wix-Viewer-Type
Time
X-RSL
X-DW
X-DSS
X-DI
Memory
X-RPM
X-Cache-Backend
Edge-Cache
X-Action
X-RPS
X-LB-NoCache
X-DB
X-Tb-Optimization-Total-Bytes-Saved
WebServer
X-Refresh
Datacenter
X-Optimistic-Header
X-Via-Poph
Env
X-Via-Popn
Candidate-Md5Url
X-Via-Popv
NtCoent-Length
X-Varnish-Ttl
X-Edge-Pop
X-Tt-Logid
Accept-Language
X-Datadome
GeoIp-Country-Code
X-CacheTTL
X-Minions-Version
X-DynaTrace-JS-Agent
X-Srv
WWW-Authenticate
X-DC
On-Server
X-Vc
X-HA-Backend
Esi-Enabled
X-Esi
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-MSEdge-Features
Server-ID
X-Unique-ID
X-ZONE
X-TX-ID
X-Servedbyhost
X-MSEdge-Flight
X-Cs
X-Parent-Response-Time
X-Varnish-Beresp-TTL
C-Via
X-User
X-Service
X-Ec-GeoHdr
X-Ec-Fail
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Cache-PHP
X-VCL-Version
X-App
X-Li-Proto
X-Cache-Ttl
X-Dynatrace
X-URL
X-Fpc
X-LI-Proto
X-Webkit-Csp-Report-Only
Cdncip
X-Render-Time
Cdnsip
X-AK-Request-ID
Test
X-Cache-Status-Check
X-FPC
X-Traceid
X-LiteSpeed-Cache-Control
X-Fmm-Version
X-WADP-Cache
X-Vcl-Version
Geoip-Latitude
Cluster
Geo-Info
My-App
X-B3-Spanid
X-Clara-WADP
Proxy-Connection
X-NODE
X-Pass-Why
X-Webkit-CSP-Report-Only
X-Var-Ttl
X-CUA
Tracecode
Fastly-Drupal-HTML
X-Mcache
Resin-Trace
T-Server
Server-Id
X-From
M-TraceId
Cf-Int-Pingora-Origin-Digest
Lfy
DataCenter
Lang
X-Fragments
X-Clientip
X-Info
X-CSRF-TOKEN
X-AIR-PT
Target-Params
X-Geo
X-VC
UCS
X-Oss-Hash-Crc64ecma
X-ID
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-LiteSpeed-Tag
HIT
X-Ha-Backend
X-ServedByHost
Cache-Host
Hostname
MIME-Version
X-RAMCache
X-Pad
S-Cnection
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Hit
GeoIP-Country-Code
X-Dynatrace-Js-Agent
X-Via-PopH
Section-Io-Id
X-Edge-POP
X-Via-PopN
X-Via-PopV
ENV
Tcn
X-Cdn-Forward
Section-Io-Origin-Status
Ohc-File-Size
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Micro-Cache
X-HS-Status
Permissions-Policy
X-Proxy-Cache-Info
Fastly-Backend-Name
X-NGINX-Cache
X-Provided-By
X-Httpd
X-Check-Cacheable
User-Agent
X-Api-Version
X-Edge-Cache
Load-Balancing
X-ElasticPress-Query
Servername
X-Fastly-Backend-Reqs
X-Ucs
WZWS-RAY
Producers
X-ServerName
X-Backend-Host
X-BBC-Origin-Response-Status
X-Release
X-HostName
ServerName
X-GoCache-CacheStatus
PICS-Label
FSS-Cache
X-SB
X-APP
X-Cache-CFC
X-BCube-Filmed-By
Uri
URI
X-Lb-Nocache
X-UP
X-TRACE-ID
X-Lb-Id
X-Udemy-Cache-App-Namespace
Server-Ttl
Ohc-Cache-HIT
X-RateLimit-Reset
Cdn
X-Swift-Error
X-Pool
X-Acquia-Application-Trace
EpKe-Alive
X-Platform-Processor
X-Acquia-Application-UUID
Cteonnt-Length
X-Platform-Router
X-Nc
Cneonction
X-Platform-Cluster
X-Cdn-Request-ID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Fastly-Cache-Hits
X-Dw-Trace-Id
VNS-Cache
VNS-Age
X-Apw-Access-Action
Cache-Key
X-Apw-Access-Token
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Apw-Access-Object
X-Amz-Meta-Cb-Modifiedtime
X-Apw-Hits
X-Newrelic-App-Data
CF-Cached-On
X-Cache-ASPX
Shield-Pop
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-Yottaa-OS
X-B3-ParentSpanId
X-Scale
Vha6-Origin
X-Ec-Custom-Error
X-Vcache
Cf-Ipcountry
CPC-Cache
X-WA
X-WA-Info
Path
Wpo-Cache-Status
Wpo-Cache-Message
CPC-Age
Sid
X-Air-Pt
X-Cache-Ngx
Lb
MD5-Digest
Server-Ext
IsBot
X-Shopify-Generated-Cart-Token
X-Varnish-Authentication
X-CacheKey
Server-Hostname
Sever-Int
X-IN-APIGATEWAYSSL
X-SIPLIST1
X-IN-APIGATEWAY
X-Dispatcher-Number
X-B3-Parentspanid
X-Cache-Expires
X-UA
X-Akamai-Pragma-Client-IP
X-Sentry-ID
X-Te-Count
Ngx
X-Last-Modified
X-Http-Count
X-Logging-Id
X-ES-SERVER
X-Wikidot-Backend
X-Akamai-Request-ID
X-Te-Duration-Ms
Req-ID
CountryCode
X-Wikidot-Static-Cache
X-Http-Duration-Ms