Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
P3p
X-CDN
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Accept-CH
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Accept-Ch-Lifetime
Rating
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
Accept-CH-Lifetime
X-Url
X-Ac
X-Content-Type
X-Vname
X-TtlSet
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-FastCGI-Cache
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Aws-Lambda-Call-Status
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-GitHub-Request-Id
X-MS-InvokeApp
X-Vcap-Request-Id
X-Amz-Rid
Public-Key-Pins
Accept-Ch
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Px
X-Navigation-Version
RTSS
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-NF-Request-ID
X-Powered-By-Plesk
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Goog-Hash
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Origin-Cache
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Powered-CMS
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-CACHE
X-Version
Display
X-Sol
Pagespeed
X-Middleton-Display
Response
X-Middleton-Response
X-TTL
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
Nginx-Cache
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Protected-By
X-T
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
TCN
X-Mg-S
X-Id
Content-MD5
S
X-RateLimit-Remaining
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
SPRequestDuration
SPIisLatency
Front-End-Https
Realpath
X-CST
X-Language
X-Recruiting
X-Request-Processing-Time
X-Request-Received
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Filters
X-MCACHE
Server-Node
X-Ua-Browser
X-Ab
X-Content
X-Correlation-Id
Server-Name
X-Frontend
X-NWS-LOG-UUID
X-ECACHE
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-DynaTrace
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Ttl
SPRequestGuid
X-SharePointHealthScore
X-Ser
X-Ezoic-Cdn
X-Template
X-Hits
X-Parallel-Accel
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Alternate-Protocol
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Content-Options
Cache-Tags
X-Page-Id
Host
X-B3-Sampled
Cleartype
X-Git-Hash
X-Www-Served-By
X-Fastly-Request-Id
Charset
X-Cache-Key
X-Ruxit-Js-Agent
X-Geo-Country
X-Daa-Tunnel
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Debug-Info
X-Webkit-CSP
X-Content-Digest
X-Ratelimit-Limit
X-Amz-Replication-Status
X-Varnish-Age
Filterid
X-XRDS-LOCATION
X-Accel-Expires
X-AppVersion
X-Activity-Id
X-Az
X-Forwarded-Proto
X-FB-Debug
X-VCache
X-Upgrade-Enabled
TP-L2-Cache
X-Grace
TP-Cache
X-Hostname
X-Rid
Cross-Origin-Opener-Policy
X-Origin-Server
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
ServerID
X-Nginx-Upstream-Cache-Status
X-F-Cache
X-N
X-Mobile-URL
X-LB-Cache
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Request-Guid
X-Route-Name
X-Whom
X-TT
X-App-Environment
Viewport
X-Varnish-Grace
X-Tb
X-Seen-By
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Distributor
Node
X-FW-Server
X-FW-Hash
X-Type
X-FW-Type
X-FW-Static
X-FW-Dynamic
X-FW-Serve
X-Server-ID
Payment
Paypal-Debug-Id
DC
X-App-Server
X-User-Agent
Fastcgi-Useragent
Accept-Charset
Country
X-NGENIX-Cache
X-Cache-Control
X-Wix-Request-Id
X-Origin-Upstream-Status
X-Cdn
X-Cache-Rule
X-Litespeed-Cache
X-Logged-In
Version
X-Via-JSL
Referer-Policy
X-DataDome
X-Drupal-Cache-Tags
X-Cache-Age
X-Ratelimit-Reset
X-Varnish-Backend
X-Load-Cache
X-Erf-Bev-Bev-Is-Generated
Refresh
X-Erf-Bev-Bev
X-Request-Handler-Origin-Region
X-B-Cache
X-Browser-Type
X-Cluster-Name
X-Signature
X-Microsite
Cache-Status
X-Contextid
X-Response-Served-From
SD-X-WS
X-Buckets
X-Node-Name
X-Original-Request-Id
X-Mobile
X-Is-Bot
X-Page-View
X-Rendered-As
X-Real-IP
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
X-Jobs
VIX-Pulpo-Upstream-Status
X-B
X-Cacheable-TTL
X-Debug
VIX-Pulpo-Node
Access-Control-Request-Headers
NGB
X-TEC-API-ORIGIN
X-Device-Type
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Proxy
X-IPLB-Instance
X-Instance
X-Revision
X-RemovedCookies
X-ProcessESI
X-UUID
X-Rule
X-Yottaa-Metrics
X-Fastly-Request-ID
Surrogate-Key
Akamai-GRN
X-Yottaa-Optimizations
X-Cache-Action
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Framework
X-Debug-IsConnected
X-Cache-Time
Amp-Access-Control-Allow-Source-Origin
X-G
X-Fastcgi-Cache
X-FW-Version
X-Air-Hostname
CF-IPCountry
X-Air-Trace-Id
X-Air-Source
X-PressLabs-Stats
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
SID
DynaTrace
Liferay-Portal
X-Oracle-Dms-Rid
X-Azure-Ref
X-Oracle-Dms-Ecid
X-Nginx-Cache
X-Accel-Buffering
X-Source
X-Ms-Request-Id
X-Ratelimit-Remaining
X-Ms-Version
Count-Hit
X-Oneagent-Js-Injection
Frame-Options
Healthy
X-CDN-Forward
Ms-Operation-Id
MS-CV
Uber-Trace-Id
GEO-INFO
X-RTag
X-Cache-Operation
X-Presslabs-Stats
X-EdgeConnect-Cache-Status
X-Zen-Fury
X-XRDS-Location
X-Cache-NGX
Countrycode
X-L-Path
X-Cache-Hit
X-APP-VERSION
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-Environment-Context
X-Tumblr-Pixel-0
Xserver
X-Varnish-Server
X-Backend-Name
X-Mode
Protected
Ec-Rule-Version
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Forwarded-Host
X-Region
X-Servername
X-Cache-TTL-Remaining
Meta-Geo
X-JoinUs
X-SaId
X-Detected-As
X-UPSTREAM-Address
X-RN-RSRV
Backend
X-Tid
X-Content-Powered-By
X-Rewrite-Enabled
X-ShardId
Country-Code
X-Zipkin-Id
X-Redis-Cache
X-Proxied
X-Hosted-By
X-Routing-Service
X-ShopId
X-Uri
X-Cache-Grace
X-Sorting-Hat-ShopId
X-Sql-Count
X-Sorting-Hat-PodId
X-Adobe-Content
X-Adobe-Loc
Eomportal-Instance
X-Generation-Time
X-Alternate-Cache-Key
X-Shopify-Stage
X-Cache-Server
X-Extlb
X-Debug-Cache
X-Sql-Duration-Ms
Apigw-Requestid
X-Hyper-Cache
Fastly-SSL
X-PHP-Backend
X-Via-Fastly
X-Varnish-Beresp-Grace
X-Origin-Date
X-No-Session
X-NCache
X-Human
X-ServerID
X-FB-TRIP-ID
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Mn-Server-Ip
X-Status
X-Site-Version
Cache-Name
Url
Section-Io-Cache
X-Content-Age
Property-Id
Selected-Fe
TWC-Device-Class
X-Proxy-Build
TWC-Connection-Speed
X-ProxyCache-Key
X-Cache-Type
X-Cache-Host
X-BYPASS-REASON
X-ProxyCache-Status
TWC-GeoIP-Country
TWC-Locale-Group
X-Akamai-Edgescape
X-NYM-Debug-Backend
X-Microcachable
X-ApacheServer
X-Origin-Hint
Webcakes-Region
TWC-Privacy
X-PERF
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-LatLong
Cache-Tv-Group
X-UA-Device-Type
X-Format
X-Server-W
X-Timing-Wait
X-Cluster-Node
X-SayCDN-TTL
WPO-Cache-Message
X-Pubstack
WPO-Cache-Status
X-OCL
X-Varnishpool
X-Access
X-PCL
X-Web-Node
X-Hl-Ver
X-R9-Blue-Green-Version
X-Storage
X-NewRelic-App-Data
X-Say-TTL
X-Section
X-Say-Cacheable
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
Azure-SiteName
CDN-PullZone
CDN-RequestId
Content-Secure-Policy
Azure-Version
Azure-SlotName
CDN-RequestCountryCode
X-Be
CDN-Uid
DB-Nickname
X-Soup
Content-Disposition
Azure-RegionName
Azure-InstanceId
X-RateLimit-Limit
LB
X-Generated-By
X-Azure-Ref-OriginShield
X-Ua
X-Trace-Id
X-LSADC-Cache
OT-Force-Account-Verify
X-Webkit-Csp
X-TIME
X-Cached-By
X-TT-LOGID
X-Dc
X-SRV
SRV
X-Nginx-Cache-Key
Source
X-Bc-Bl
Cache
Retry-After
X-Unique-Id
X-App-Version
X-Auto-Login
X-Platform-Server
X-Origin-CC
X-Origin-TTL
X-LAGOON
X-Cache-Remote
X-Varnish-Hits
Mime-Version
Cache-Hits
Xet-Cookie
HostName
X-TNCMS
X-Xfnlog-Site
X-Varnish-Hostname
X-Loop
X-Akamai-Transformed
X-HTML-Minification-Powered-By
Onion-Location
X-S-Maxage
X-GEO
X-CSRF-Token
X-Amz-Meta-S3cmd-Attrs
X-Time
X-Cache-Tags
ServedBy
Upgrade-Insecure-Requests
Web-Mar-Node
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Proto
X-CLOUD-TRACE-CONTEXT
X-Request-Time
Webserver
X-EC-Lua
From-Origin
X-AOL-HN
N-Cache
X-Request-Host
X-Endurance-Cache-Level
X-CACHE-KEY
X-Tenant
X-VWS-Id
X-Cache-Var
WP-Super-Cache
X-AWS-Id
X-LJ-Flow-ID
X-Cache-Var-Map
X-Time-Microsecs
X-FireWall-Port
X-B3-SpanId
X-GG-Cache-Date
X-ECache
AMP-Access-Control-Allow-Source-Origin
X-Origin-Response-Time
X-Edge-Location
X-Cache-Enabled
X-Mg-Request-UUID
X-Handled-By
X-D
Expiry
DCR-Processing-Time-Ms
DCR-Decision-By
Fastcgi-X-Cache-Version
Pramga
X-Session-Fingerprint
X-Shop-Environment
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
BehaviorPad-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Xc-Version
X-Developer
X-Forwarded-Path
X-External-Request-Id
X-Destination
A
X-TIM-N
X-SRCache-Key
X-V-Cache
X-Vdms-Path
Redirect-Candidate
X-Vdms-Version
X-Slack-Backend
Rendered-Blocks
X-Gen-Mode
X-Rojux
X-Processor
X-ARC
X-Application
X-Aed
X-Cluster
X-Aicache-OS
X-Planisys-CDN-TTL
X-B-Cookie
X-Planisys-CDN-Cache
X-CF-Lambda-Version
X-Hnp-Log
X-CF-Lambda-Fn
X-Planisys-CDN-Rules
X-Ckpd-Fst-Backend
X-Block-Status
X-Cache-NE
X-PAYTM-SRV-ID
X-S
X-ScT
X-A
X-NAPM-TraceId
X-Connection-Hash
User-Cache-Control
X-Ig-Push-State
X-PBS-Appsvrname
Surrogated-Key
X-ND-Cache
X-Conf
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Orig-Expires
X-Ftr-Request-Id
X-S-Cookie
X-A-Ccd
X-SD-PageType
X-A-Wwc
X-NWS-UUID-VERIFY
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-Via-NSCOPI
X-PHP-Host
X-Amz-Apigw-Id
CloudFront-Viewer-Country
X-Correlation-ID
Nel
X-MP-GENERATED-AT
X-Men
X-Location
X-Scheme
X-Cache-Date
Host-ID
X-Cache-Bucket
X-Server-IP
Gh-Request-Id
Fastcgi-Cache-TTL
X-Li-Fabric
X-Sucuri-Cache
Cmstype
X-Li-Pop
X-RCS-CacheZone
X-Cdn-Srv
DSUID
X-Hash
X-Mvc-Supplant-Cachable
X-Nyt-Route
Server-Info
Vix-Hermes-Req-Id
V-Age
X-Proxy-Upstream
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
Origin
X-Owner
X-Origin-Expires
State
X-Old-Content-Length
Cmsid
Sslversion
X-Accel-Expires-Debug
X-Origin-Time
X-Policy
X-LI-UUID
X-Forwarded-Site
AKAMAI
X-Epic-Correlation-Id
X-Geo-Header
X-Date
Fastly-Drupal-Html
X-Gdpr
X-Adobe-Source
X-Reqid
X-Webstats-RespID
X-Magnolia-Registration
X-SVT-ORM-VERSION
CacheControlHeader
X-SVT-ORM-RULES
X-VG-WebCache
X-Sucuri-ID
X-Fastly-Cache
CDCHOST
Arc-Country
X-M-Log
X-Locale
Environment
X-M-Reqid
X-Qnm-Cache
X-HS-Content-Campaign-Id
X-Fetched-On
X-Platform
X-Gamma-Serve
X-HN
X-GeoIP
X-GeoIP-City
X-Gzip
Traceparent
True-Client-Country-4JS
X-RateLimit-Remaining-Second
We-Hiring
X-Generated-On
X-RateLimit-Limit-Second
Web-Mar-Region
X-Backend-State
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Cache-Info
X-Cache-Id
X-Datadog-Parent-Id
X-Cdn-Origin
X-Level-Front-Cache
X-Core-Value
X-Csrf-Jwt
X-CGP
X-Cache-Debug
X-Branch-Name
X-Envoy-Decorator-Operation
X-Irp-Debug
X-Esi-Check
X-Eu-Site
X-NodeID
X-Core-Mission
X-Developers
X-Bip
X-Device-Os
X-Fastly-Backend
Svr
L
X-Rocket-Nginx-Serving-Static
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
Locid
X-Request-URI
Mail-Subject
Machine
X-Skip-Cache
X-Sn-Servicetimems
X-VarnishDD-TTL
X-Viewer-Country
X-VServer
X-Backend-TTL
X-Varnish-Beresp-Status
X-UnsetCookies
X-TH-Server
X-Thanos
X-TrackingId
Origin-CC
X-Served-From
X-Region-Sid
Origin-EX
Server-Host
X-Req
PFcat
Ssr
X-Request-Start
Release
X-VC-Cache
X-Datadome
X-Zone
Req-Svc-Chain
X-Rebelmouse-Surrogate-Control
Cf-Device-Type
X-Sigma-Backend
X-Varnish-CookieHashed-On
X-Storefront-Renderer-Rendered
Apple-News-Services-Request-Url
Thinkindot-Control
Apple-News-Services-Host
X-DPWN-IS-SECURE
X-Worker
X-JWT-State
X-Is-Gdpr
X-Variation
X-Qloud-Router
X-Thinkindot-L3
Apple-News-Services-Handled
TDXMobile
Adler-Geo
X-DefElseHash
X-DefHash
Apple-News-Services-Parsed-Url
Fastly-GeoIP-CountryCode
X-NU-AKA-ACS-Version
Memcached
X-ATG-Version
X-Node-Id
X-VG-TLSProxy
X-Rocket-Build-Number
X-Has-Esi
NM-Fastcgi-Cache
X-FC-Vary-Parameters
X-Response-By
X-Amzn-Remapped-Content-Length
X-BBC-Edge-Cache-Status
Thinkindot-CacheControl
Fastly-SIE
X-Rebelmouse-Cache-Control
Thinkindot-CacheControl-Type
X-Varnish-CookieINHashed-On
X-Sigma
Fastly-SWR
Is-Eu
Platform
X-Varnish-Remaining-TTL
X-Pod-Name
X-Origin
X-Xrds-Location
X-CS
X-Loc
X-Mvc-Supplant-OutputCached
X-GeoIP-Country-Code
NGX
X-GeoIP-Region-Code
S-Rt
X-Ua-Device
Magicmarker
X-LB-ID
X-Cache-Config
X-NC
X-API-Version
X-Up
X-Tx-Id
X-TraceId
X-Restarts
CDN
X-Akamai-Request-ID2
Pics-Label
X-Generated-In
X-Varnish-Beresp-Ttl
X-Http-Reason
Kp-EeAlive
X-Trace-ID
Memory
Time
Ms-Author-Via
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-RPM
X-DSS
X-DI
X-DW
X-RPS
X-Cache-Backend
X-Wix-Viewer-Type
Edge-Cache
X-Optimistic-Header
X-RSL
X-Action
X-DB
X-Via-Popn
X-Via-Poph
X-Via-Popv
Candidate-Md5Url
Datacenter
X-Edge-Pop
X-Dynatrace
X-Refresh
Accept-Language
GeoIp-Country-Code
X-Varnish-Ttl
WebServer
Env
X-LB-NoCache
X-Tt-Logid
X-DynaTrace-JS-Agent
WWW-Authenticate
X-Vc
On-Server
X-Minions-Version
X-Varnish-Beresp-TTL
X-DC
X-HA-Backend
X-CacheTTL
Esi-Enabled
X-TA-CDN-Provider
X-TX-ID
X-Parent-Response-Time
X-Esi
X-Urbn-Site-Id
X-Srv
Locale
X-Urbn-Context-Path
X-Unique-ID
X-Service
X-ZONE
C-Via
X-Servedbyhost
X-MSEdge-Flight
X-MSEdge-Features
X-Cs
Server-ID
X-Cache-PHP
X-User
X-Newrelic-Synthetics
X-Ec-Fail
X-Ec-GeoHdr
X-Li-Proto
Tcn
X-Render-Time
Geo-Info
X-App
X-Cache-Status-Check
X-VCL-Version
X-Cache-Ttl
X-FPC
X-LiteSpeed-Cache-Control
X-URL
Test
X-AK-Request-ID
X-Vcl-Version
X-Webkit-Csp-Report-Only
Cdncip
Cdnsip
X-Fpc
X-LI-Proto
X-Pass-Why
X-Traceid
Geoip-Latitude
Cluster
My-App
X-B3-Spanid
Server-Id
X-Fmm-Version
X-WADP-Cache
X-Clara-WADP
X-Webkit-CSP-Report-Only
X-NODE
Proxy-Connection
Resin-Trace
X-CUA
X-Var-Ttl
Tracecode
X-Mcache
X-Info
X-AIR-PT
X-From
X-LiteSpeed-Tag
M-TraceId
X-Clientip
T-Server
Lfy
X-HostName
DataCenter
Lang
Cf-Int-Pingora-Origin-Digest
X-Fragments
Fastly-Drupal-HTML
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Cache-Host
X-Oss-Server-Time
X-Oss-Storage-Class
HIT
X-ServedByHost
UCS
X-CSRF-TOKEN
X-VC
S-Cnection
X-Geo
X-Ha-Backend
Target-Params
X-ID
Hostname
X-Pad
Hit
Ohc-File-Size
X-WP-CF-Super-Cache-Cache-Control
X-RAMCache
X-WP-CF-Super-Cache
GeoIP-Country-Code
X-Dynatrace-Js-Agent
User-Agent
ENV
MIME-Version
X-Edge-POP
X-Via-PopN
X-Micro-Cache
X-Via-PopH
Fastly-Backend-Name
X-Check-Cacheable
X-Via-PopV
X-ElasticPress-Query
X-Cdn-Forward
X-Backend-Host
Permissions-Policy
X-Release
X-Httpd
X-NGINX-Cache
X-Provided-By
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-BBC-Origin-Response-Status
X-Api-Version
X-Lb-Nocache
X-Edge-Cache
X-Proxy-Cache-Info
Load-Balancing
X-BCube-Filmed-By
X-ServerName
X-Ucs
X-Fastly-Backend-Reqs
ServerName
X-HS-Status
X-APP
WZWS-RAY
Producers
X-SB
X-Swift-Error
Uri
X-UP
PICS-Label
FSS-Cache
URI
X-GoCache-CacheStatus
EpKe-Alive
Servername
X-Cache-CFC
Lb
X-TRACE-ID
X-Amz-Meta-Cb-Modifiedtime
X-Lb-Id
VNS-Cache
X-B3-ParentSpanId
Cdn
X-Udemy-Cache-App-Namespace
Cteonnt-Length
CPC-Age
X-RateLimit-Reset
Cache-Key
X-WA-Info
Ohc-Cache-HIT
X-Pool
X-Fastly-Cache-Hits
Cneonction
X-Cdn-Request-ID
X-WA
CPC-Cache
VNS-Age
Path
Server-Ttl
X-Nc
X-Dw-Trace-Id
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Akamai-ERRuleID
X-Platform-Processor
X-Platform-Router
X-Scale
X-Shopify-Generated-Cart-Token
X-Platform-Cluster
X-Ec-Custom-Error
X-Acquia-Site
X-ES-SERVER
X-Akamai-ERPolicy
X-Akamai-Request-ID
X-Acquia-Purge-Tags
Vha6-Origin
X-Cache-ASPX
Shield-Pop
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-Newrelic-App-Data
Cf-Ipcountry
X-Apw-Hits
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Yottaa-OS
X-Vcache
CF-Cached-On
Sid
X-Cache-Ngx
X-Air-Pt
X-Http-Count
X-Te-Count
X-Http-Duration-Ms
CountryCode
X-Cache-Expires
Ngx
X-Sentry-ID
X-PJAX-URL
Req-ID
X-Cms-Context
X-Last-Modified
X-Logging-Id
X-CacheKey
X-UA
Pagetype
X-Akamai-Pragma-Client-IP
X-Varnish-Authentication
X-Te-Duration-Ms