Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
X-LiteSpeed-Cache
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Content-Location
Rating
X-Country
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
X-TtlSet
X-PC
X-Vname
Allow
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Varnish-TTL
X-FastCGI-Cache
X-ESI
Fastly-Restarts
X-Server-Name
Cache-Tag
X-Rack-Cache
X-VARITI-CCR
Service-Worker-Allowed
X-Element-Page-Cache
Verso
X-Language
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
MS-Author-Via
X-Amz-Rid
Public-Key-Pins
X-Vcap-Request-Id
X-Aws-Lambda-Call-Status
X-Cached
X-Dw-Request-Base-Id
X-D2id
X-Abt-Application-Version
X-Client-IP
X-Cache-TTL
X-Template
X-Cnection
X-Origin-Cache
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Arr-Disable-Session-Affinity
X-Px
X-Country-Code
RTSS
X-Navigation-Version
Access-Control-Request-Method
X-Goog-Hash
X-Powered-By-Plesk
X-NF-Request-ID
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Accept-Ch
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Cdn-Fetch
X-Version
X-Powered-CMS
X-Middleton-Display
Pagespeed
Display
X-Sol
AR-ATIME
AR-SID
AR-CACHE
AR-Request-ID
AR-PoweredBy
X-Amz-Server-Side-Encryption
X-Middleton-Response
Response
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
X-LLID
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-TTL
X-Protected-By
X-Shield-Request-Id
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-T
TCN
X-Buckets
S
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-RateLimit-Remaining
Content-MD5
X-Id
X-Aspnetmvc-Version
Edge-Cache-Tag
X-Mid
Fastcgi-Cache
Realpath
SPRequestDuration
SPIisLatency
X-CST
Front-End-Https
X-MCACHE
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
Server-Node
X-Ttl
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Ua-Browser
X-Ab
X-Content
X-Correlation-Id
Server-Name
X-DynaTrace
X-NWS-LOG-UUID
X-Frontend
X-Parallel-Accel
SPRequestGuid
X-SharePointHealthScore
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Ezoic-Cdn
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Deployment-Id
X-HS-Combine-CSS
X-ECACHE
X-Yandex-Sdch-Disable
X-Hits
Alternate-Protocol
X-Ser
X-Content-Options
MicrosoftSharePointTeamServices
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Page-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Git-Hash
Charset
X-Fastly-Request-Id
Host
Cache-Tags
X-B3-Sampled
Cleartype
X-Www-Served-By
X-Cache-Key
X-Ruxit-Js-Agent
X-Accel-Expires
X-Daa-Tunnel
X-Geo-Country
X-Content-Digest
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Amz-Replication-Status
X-XRDS-LOCATION
Filterid
X-Debug-Info
X-Varnish-Age
TP-Cache
TP-L2-Cache
X-Hostname
X-Activity-Id
X-AppVersion
X-Az
X-Forwarded-Proto
X-FB-Debug
X-Upgrade-Enabled
X-Rid
X-VCache
X-Grace
Access-Control-Allow-Method
Cross-Origin-Opener-Policy
X-Origin-Server
X-N
X-Ratelimit-Limit
X-WebKit-CSP-Report-Only
X-Nginx-Upstream-Cache-Status
X-LB-Cache
X-F-Cache
X-Mobile-URL
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Request-Guid
X-Providence-Cookie
X-Flags
X-Route-Name
ServerID
X-Whom
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-TT
X-GUploader-UploadID
X-App-Environment
X-Varnish-Grace
X-Tb
Viewport
X-Distributor
X-FW-Dynamic
X-App-Server
X-FW-Static
X-Origin-Upstream-Status
X-FW-Hash
Node
X-FW-Type
Payment
X-FW-Server
X-FW-Serve
DC
X-Server-ID
Paypal-Debug-Id
X-Seen-By
X-NGENIX-Cache
X-Type
X-User-Agent
Fastcgi-Useragent
X-Cache-Control
Accept-Charset
Country
X-Logged-In
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Rule
X-Wix-Request-Id
X-Litespeed-Cache
X-Cache-Age
Version
X-Webkit-CSP
X-Via-JSL
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
X-Browser-Type
X-Erf-Bev-Bev
X-Drupal-Cache-Tags
Referer-Policy
X-DataDome
X-Load-Cache
Refresh
X-Cluster-Name
X-Node-Name
X-Mobile
X-B-Cache
X-Signature
X-Contextid
X-Response-Served-From
X-Original-Request-Id
Access-Control-Request-Headers
X-Cache-Action
SD-X-WS
X-IPLB-Instance
Cache-Status
X-Tec-Api-Version
X-Proxy-Cache-Status
X-Rendered-As
X-Tec-Api-Root
X-Tec-Api-Origin
X-Page-View
X-Jobs
X-Is-Bot
X-Cacheable-TTL
X-Real-IP
X-Revision
X-RemovedCookies
X-ProcessESI
X-B
VIX-Pulpo-Upstream-Status
NGB
X-Vgn-Hpd-Reason
X-Cache-Expired-At
VIX-Pulpo-Node
X-UUID
X-Debug
X-Yottaa-Optimizations
X-Proxy
X-Yottaa-Metrics
X-Rule
X-Device-Type
X-Instance
X-Fastly-Request-ID
X-Framework
X-Cache-Time
Surrogate-Key
X-G
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Debug-IsPreview
Akamai-GRN
X-Fastcgi-Cache
X-FW-Version
CF-IPCountry
Amp-Access-Control-Allow-Source-Origin
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
SID
X-Ratelimit-Reset
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Liferay-Portal
DynaTrace
X-PressLabs-Stats
X-Azure-Ref
Healthy
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Nginx-Cache
X-Presslabs-Stats
GEO-INFO
X-Source
Frame-Options
X-Ms-Version
X-Ms-Request-Id
Count-Hit
MS-CV
Ms-Operation-Id
X-Cache-Operation
X-Oneagent-Js-Injection
X-RTag
X-Accel-Buffering
Uber-Trace-Id
X-APP-VERSION
X-L-Path
X-Environment-Context
Countrycode
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-EdgeConnect-Cache-Status
X-CDN-Forward
X-Cache-Hit
Xserver
X-XRDS-Location
X-Varnish-Server
X-Backend-Name
X-Mode
X-Zen-Fury
Backend
X-Servername
X-Region
X-Forwarded-Host
Ec-Rule-Version
Cross-Origin-Window-Policy
X-Content-Powered-By
X-IPS-LoggedIn
X-Cache-NGX
Section-Io-Cache
X-Ratelimit-Remaining
Meta-Geo
Protected
X-RN-RSRV
X-UPSTREAM-Address
X-Detected-As
X-JoinUs
X-SaId
Decoy-Debug-Key
X-Cache-Type
X-Debug-Cache
Eomportal-Instance
X-Cache-Server
X-Tid
X-Uri
Apigw-Requestid
X-Alternate-Cache-Key
X-Cache-TTL-Remaining
Country-Code
Decoy-Debug-TTL
Decoy-Debug-Status
X-Zipkin-Id
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Rewrite-Enabled
X-ShopId
X-ShardId
X-Redis-Cache
X-Extlb
X-Varnish-Beresp-Grace
X-Sorting-Hat-ShopId
X-Cache-Grace
X-Sql-Duration-Ms
X-Human
X-Proxied
X-Sql-Count
X-Routing-Service
X-Generation-Time
X-Hosted-By
Cache-Tv-Group
X-BYPASS-REASON
X-Microcachable
X-FB-TRIP-ID
X-Origin-Date
Url
Cache-Name
X-UA-Device-Type
X-Site-Version
X-ProxyCache-Key
X-PHP-Backend
X-ServerID
X-Soup
X-Storage
X-ProxyCache-Status
X-No-Session
X-Via-Fastly
Fastly-SSL
X-Proxy-Build
X-PCL
DB-Nickname
X-PERF
X-OCL
X-ApacheServer
X-SayCDN-TTL
X-Timing-Wait
X-Server-W
X-NYM-Debug-Backend
X-Status
X-Web-Node
X-Cache-Host
X-Say-TTL
Selected-Fe
Mn-Server-Ip
X-Say-Cacheable
X-Adobe-Content
X-Akamai-Edgescape
X-NCache
X-Adobe-Loc
X-NewRelic-App-Data
Webcakes-App-Name
X-Content-Age
Webcakes-App-Version
X-Format
Webcakes-Region
TWC-Privacy
TWC-GeoIP-LatLong
Property-Id
TWC-Device-Class
OT-Force-Account-Verify
TWC-GeoIP-Country
X-Cluster-Node
TWC-Locale-Group
X-Varnishpool
X-Hl-Ver
Azure-InstanceId
X-R9-Blue-Green-Version
X-Pubstack
X-Origin-Hint
TWC-Connection-Speed
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-SlotName
X-Be
X-RateLimit-Limit
X-Section
X-Access
Content-Secure-Policy
X-Hyper-Cache
SRV
X-Ua
CDN-RequestCountryCode
CDN-Cache
CDN-RequestId
CDN-Uid
CDN-EdgeStorageId
CDN-PullZone
X-LSADC-Cache
CDN-CachedAt
X-Generated-By
X-Azure-Ref-OriginShield
Source
Content-Disposition
X-Cached-By
X-Webkit-Csp
X-TIME
X-Trace-Id
LB
X-SRV
X-Unique-Id
X-Dc
WPO-Cache-Status
WPO-Cache-Message
Cache
X-Nginx-Cache-Key
X-Bc-Bl
X-LAGOON
X-App-Version
X-HTML-Minification-Powered-By
Retry-After
Cache-Hits
X-GEO
X-Loop
X-Origin-CC
X-Origin-TTL
X-TT-LOGID
X-Varnish-Hostname
Xet-Cookie
X-Akamai-Transformed
X-Amz-Meta-S3cmd-Attrs
X-TNCMS
Onion-Location
X-S-Maxage
Mime-Version
X-Auto-Login
X-Varnish-Hits
X-Platform-Server
HostName
X-ECache
X-Tumblr-Pixel-3
X-Cache-Var
X-Cdn
Web-Mar-Node
X-Cache-Var-Map
X-CSRF-Token
X-Tumblr-Pixel-2
X-Proto
X-Cache-Tags
X-CACHE-KEY
X-Cache-Remote
X-Time
Webserver
X-Tenant
X-Endurance-Cache-Level
Upgrade-Insecure-Requests
X-Xfnlog-Site
X-Time-Microsecs
X-Varnish-Cache-Hits
X-Edge-Location
ServedBy
N-Cache
X-EC-Lua
X-AOL-HN
X-GG-Cache-Date
X-Request-Time
X-VWS-Id
X-AWS-Id
CloudFront-Viewer-Country
X-LJ-Flow-ID
X-Mg-Request-UUID
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-Request-Host
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
AMP-Access-Control-Allow-Source-Origin
X-Amzn-RequestId
X-PHP-Host
From-Origin
X-B3-SpanId
X-FireWall-Port
WP-Super-Cache
Redirect-Candidate
A
BehaviorPad-Version
Pramga
Mobile-Detection-Method
Odigeo-Trace-Id
Rendered-Blocks
X-Vtex-Remote-Cache
Xc-Version
Sslversion
X-Slack-Backend
X-SRCache-Key
CDCHOST
Surrogated-Key
DCR-Decision-By
X-Vdms-Path
DSUID
L
Expiry
X-Vdms-Version
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
X-V-Cache
X-SVT-ORM-RULES
Meta-Geo-Continent
X-Vtex-Processado-Em
X-SVT-ORM-VERSION
X-TIM-N
X-VG-WebCache
X-Shop-Environment
X-A
X-D
X-Destination
X-PBS-Appsvrname
X-Developer
X-Connection-Hash
X-Planisys-CDN-Cache
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Conf
X-External-Request-Id
X-Forwarded-Path
X-NAPM-TraceId
X-Ig-Push-State
X-Hnp-Log
X-Gen-Mode
X-Ftr-Request-Id
X-ND-Cache
X-PAYTM-SRV-ID
X-Origin-Response-Time
X-Orig-Expires
X-CF-Lambda-Fn
X-Cache-Date
X-A-Ccd
X-A-Dam
X-A-Dcw
X-S
V-Age
X-S-Cookie
User-Cache-Control
X-SD-PageType
X-ScT
X-Rojux
X-A-Dgt
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Block-Status
X-B-Cookie
X-Processor
X-A-Wwc
X-Aed
X-Application
X-Session-Fingerprint
X-ARC
Nel
X-Via-NSCOPI
X-Correlation-ID
X-Handled-By
X-MP-GENERATED-AT
X-Locale
X-Server-IP
Release
PFcat
X-Fetched-On
X-Geo-Header
X-VServer
X-Zone
Cmsid
X-Proxy-Upstream
Cmstype
X-Skip-Cache
X-LI-UUID
X-Cache-Bucket
Vix-Hermes-Req-Id
Host-ID
X-Served-From
X-RCS-CacheZone
X-Fastly-Cache
Origin-EX
X-Mvc-Supplant-Cachable
X-Forwarded-Site
Origin-CC
X-VarnishDD-TTL
X-Scheme
Origin
X-Gdpr
X-Aicache-OS
X-Varnish-Beresp-Status
X-Rocket-Nginx-Serving-Static
X-Accel-Expires-Debug
Gh-Request-Id
X-Hash
X-Core-Mission
X-NodeID
X-Nyt-Route
X-Old-Content-Length
X-Sucuri-ID
X-Cluster
Svr
X-Location
X-Li-Fabric
X-Li-Pop
X-Device-Os
Traceparent
True-Client-Country-4JS
X-Date
X-Origin-Time
X-Origin-Expires
X-Sucuri-Cache
X-Cache-NE
X-Owner
X-Epic-Correlation-Id
X-Storefront-Renderer-Rendered
X-HN
Ssr
AKAMAI
CacheControlHeader
Arc-Country
X-Cache-Info
State
X-Men
Server-Info
Environment
X-VC-Cache
X-NWS-UUID-VERIFY
Fastly-Drupal-Html
Web-Mar-Region
We-Hiring
Wxu-Next-Commit
X-Sigma-Backend
X-Sigma
X-ATG-Version
X-Policy
X-Platform
X-Cache-Id
X-Cache-Config
X-Branch-Name
X-Cdn-Origin
X-Cdn-Srv
X-Datadog-Trace-Id
X-Node-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Core-Value
X-Bip
X-BBC-Edge-Cache-Status
X-Rocket-Build-Number
X-Fastly-Backend
X-Varnish-Ttl
X-Adobe-Source
Wxu-Next-Region
X-Request-Start
X-Reqid
X-Region-Sid
X-Req
X-Sn-Servicetimems
X-Esi-Check
Wxu-Next-Hostname
Server-Host
X-Eu-Site
Fastly-GeoIP-CountryCode
X-Viewer-Country
Fastcgi-Cache-TTL
X-HS-Content-Campaign-Id
X-RateLimit-Limit-Second
X-Gamma-Serve
X-CGP
X-Cache-Enabled
X-Generated-On
X-Webstats-RespID
X-GeoIP
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
X-Backend-State
X-Gzip
X-Csrf-Jwt
X-Envoy-Decorator-Operation
X-GeoIP-City
Thinkindot-Control
Machine
X-VG-TLSProxy
X-TH-Server
X-Thanos
X-Thinkindot-L3
X-Level-Front-Cache
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Req-Svc-Chain
X-TrackingId
X-Request-URI
X-UnsetCookies
X-RateLimit-Remaining-Second
Mail-Subject
X-Irp-Debug
X-Magnolia-Registration
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-JWT-State
X-Is-Gdpr
X-DefHash
X-NU-AKA-ACS-Version
Apple-News-Services-Host
X-Developers
X-Loc
X-DefElseHash
Adler-Geo
Apple-News-Services-Handled
X-Origin
X-Rebelmouse-Cache-Control
NGX
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
Memcached
NM-Fastcgi-Cache
X-Varnish-CookieHashed-On
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
Platform
X-Variation
Is-Eu
Locid
X-Has-Esi
X-Response-By
X-Worker
Cf-Device-Type
X-Cache-Debug
X-Rebelmouse-Surrogate-Control
X-Qloud-Router
Fastly-SWR
X-Amzn-Remapped-Content-Length
Fastly-SIE
X-Xrds-Location
X-Pod-Name
X-Mvc-Supplant-OutputCached
X-Backend-TTL
X-Datadome
X-Ua-Device
X-Up
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-CLOUD-TRACE-CONTEXT
X-LB-ID
X-CS
X-NC
X-API-Version
X-Tx-Id
CDN
X-Generated-In
X-Varnish-Beresp-Ttl
Candidate-Md5Url
Datacenter
X-DynaTrace-JS-Agent
X-TraceId
S-Rt
Ms-Author-Via
X-Trace-ID
Pics-Label
X-Tb-Optimization-Total-Bytes-Saved
Kp-EeAlive
X-Restarts
Magicmarker
X-Via-Popv
NtCoent-Length
On-Server
X-Tt-Logid
WWW-Authenticate
Env
X-Vc
X-Edge-Pop
X-Via-Popn
X-Via-Poph
WebServer
X-LB-NoCache
X-Optimistic-Header
GeoIp-Country-Code
Esi-Enabled
Memory
Time
X-Akamai-Request-ID2
X-Http-Reason
X-DI
X-DW
X-DSS
X-Action
X-TA-CDN-Provider
X-Refresh
X-RPS
X-DB
X-RPM
X-RSL
X-Varnish-Beresp-TTL
X-Cache-Backend
X-Wix-Viewer-Type
Edge-Cache
X-CacheTTL
X-Dynatrace
C-Via
X-Service
X-DC
X-TX-ID
X-Cache-PHP
X-Minions-Version
X-Newrelic-Synthetics
X-Esi
X-Parent-Response-Time
X-Srv
X-Cs
X-HA-Backend
X-MSEdge-Features
X-MSEdge-Flight
X-Unique-ID
Accept-Language
X-Servedbyhost
X-Render-Time
X-Cache-Status-Check
Server-ID
X-ZONE
X-Li-Proto
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-FPC
X-Ec-GeoHdr
X-VCL-Version
X-User
X-App
X-Ec-Fail
X-Cache-Ttl
Proxy-Connection
X-URL
X-Vcl-Version
Server-Id
X-B3-Spanid
X-Info
X-Webkit-Csp-Report-Only
X-LI-Proto
X-Fpc
X-Pass-Why
Test
X-AIR-PT
X-LiteSpeed-Cache-Control
X-Traceid
X-Clientip
X-NODE
X-Webkit-CSP-Report-Only
HIT
X-Oss-Server-Time
Cache-Host
UCS
X-Oss-Request-Id
Geo-Info
X-Oss-Hash-Crc64ecma
X-AK-Request-ID
Cdnsip
Cdncip
Tcn
X-Oss-Object-Type
X-Oss-Storage-Class
X-Fmm-Version
X-Clara-WADP
M-TraceId
S-Cnection
Cluster
X-WADP-Cache
Geoip-Latitude
My-App
Fastly-Drupal-HTML
Resin-Trace
X-Var-Ttl
X-CUA
X-LiteSpeed-Tag
Tracecode
X-HostName
Cf-Int-Pingora-Origin-Digest
X-ServedByHost
X-Cdn-Forward
X-CSRF-TOKEN
User-Agent
X-Micro-Cache
X-ID
Fastly-Backend-Name
X-Ha-Backend
Lfy
T-Server
Hostname
GeoIP-Country-Code
Section-Origin-Responded
Lang
X-Fragments
X-Pad
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-RAMCache
X-Backend-Host
Section-Io-Id
X-Mcache
Ohc-File-Size
X-From
Hit
X-Release
Lb
X-Geo
X-Dynatrace-Js-Agent
DataCenter
X-Via-PopN
X-Via-PopH
X-BCube-Filmed-By
MIME-Version
X-Edge-POP
X-BBC-Origin-Response-Status
ENV
X-ElasticPress-Query
X-WP-CF-Super-Cache
X-APP
Target-Params
X-Via-PopV
X-Check-Cacheable
X-WP-CF-Super-Cache-Cache-Control
X-HS-Status
X-Edge-Cache
X-VC
Load-Balancing
X-Api-Version
X-NGINX-Cache
EpKe-Alive
X-Amz-Meta-Cb-Modifiedtime
Cache-Key
CPC-Age
X-ServerName
X-WA
Uri
PICS-Label
X-WA-Info
CPC-Cache
VNS-Age
VNS-Cache
Path
X-Ucs
X-Fastly-Backend-Reqs
URI
X-Lb-Nocache
X-ES-SERVER
FSS-Cache
Permissions-Policy
X-Wikidot-Backend
X-GoCache-CacheStatus
X-UP
ServerName
Servername
X-Fastly-Cache-Hits
X-Proxy-Cache-Info
X-Wikidot-Static-Cache
X-Httpd
X-TRACE-ID
Producers
X-B3-ParentSpanId
WZWS-RAY
X-Provided-By
Ohc-Cache-HIT
Pagetype
Cdn
Cteonnt-Length
X-Lb-Id
X-RateLimit-Reset
Shield-Pop
X-PJAX-URL
X-Cms-Context
X-Nc
Cneonction
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Cdn-Request-ID
X-Dw-Trace-Id
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Access-Object
Server-Ttl
X-Cache-CFC
X-Pool
X-SB
X-Via-Ucdn
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Vcache
X-CCDN-CacheTTL
X-Snapshot-Date
Vha6-Origin
X-Cache-ASPX
X-Akamai-Pragma-Client-IP
Srv
CF-Cached-On
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Contensis-Viewer-Groups
X-Swift-Error
MD5-Digest
X-Yottaa-OS
X-Newrelic-App-Data
Cf-Ipcountry
X-Air-Pt
X-Cache-Ngx
Sid
X-Last-Modified
Server-Ext
X-UA
Sever-Int
X-Udemy-Cache-App-Namespace
X-Logging-Id
X-VG-WebServer
X-CacheKey
X-Te-Count
X-SIPLIST1
CountryCode
IsBot
Server-Hostname
Ngx
W
X-Varnish-Authentication
X-Http-Count
X-B3-Parentspanid
Req-ID
X-Te-Duration-Ms
X-Sentry-ID
X-Http-Duration-Ms
X-Miniprofiler-Ids